From fb15470b5477ca51f830a30acd4ac5d434141976 Mon Sep 17 00:00:00 2001
From: topscoder <86197446+topscoder@users.noreply.github.com>
Date: Mon, 13 May 2024 16:53:30 +0200
Subject: [PATCH] Regenerated with new updated severity classifications

---
 ...1598-8b8bc9dc7287ba3ce3345c56bcac0bb7.yaml |  4 +-
 ...1559-62059d6f1640212c35e5b3f8330daee1.yaml |  4 +-
 ...1102-dced04c5992536d443cadc0d8795aeb0.yaml |  4 +-
 ...1687-a9813318cd00104cf812206e64197a1c.yaml |  4 +-
 ...1810-24c78f38bf30593eb710d6e05f774c4e.yaml |  4 +-
 ...2108-83ae7383a40a2b386de5c8ed058c9c78.yaml |  4 +-
 ...2612-8889c549d7832d5315ef07e7a0f1de5e.yaml |  4 +-
 ...1012-5ffbaa4e2b1d5d3387454a24d1df8151.yaml |  4 +-
 ...1796-f505e5adff7df495d5e3883941625090.yaml |  4 +-
 ...2667-2250da6b6f83d2978f8b20e578c03ce4.yaml |  4 +-
 ...4208-1354435c4f5fd2cf36a77bfe4d9efd70.yaml |  4 +-
 ...6808-c74b3da5c9977a8515a2ae6aea10e45b.yaml |  4 +-
 ...0106-5248a5bd925434add7e3be51c0e47bf5.yaml |  4 +-
 ...0233-78c0fa7115ae86c26deccf0e5ec633a7.yaml |  4 +-
 ...1230-e46b887a41d8ee6fabb81ee3e309e2b3.yaml |  4 +-
 ...1244-a556f0ec8cc782b1df540c9037fded25.yaml |  4 +-
 ...1622-f773a7113074464a75bbe2d49bec8c41.yaml |  4 +-
 ...1893-5382cac551da0c76754442b2aa2316fe.yaml |  4 +-
 ...1894-6f396d18ad1fbb1948ad9473860ec9d1.yaml |  4 +-
 ...1897-be037ab5b01a52fa0b9478e50ded7b01.yaml |  4 +-
 ...2627-141c7f9cf7e30f994110491cc5e7c119.yaml |  4 +-
 ...2714-0b8de7e6634f1364f8cfc6fe68a06736.yaml |  4 +-
 ...2828-e6b40723167a263b6dd92aa26e882342.yaml |  4 +-
 ...3140-380df031c42ca1baae8054ba3ed4d998.yaml |  4 +-
 ...3239-2a9919a2db8ebb02104bc342de5cafa4.yaml |  4 +-
 ...3240-8fb46ccbfe8eb892f418af64a9d461a7.yaml |  4 +-
 ...3241-c96b02624922c50381a023e57cd89cf7.yaml |  4 +-
 ...3543-23b280de753c54a779bef1b8400aad8b.yaml |  4 +-
 ...3544-b9356af48d41602f5f193ab6f4ff8815.yaml | 10 ++--
 ...4014-54409f2bc5984d61c42ec97047d41adc.yaml | 12 ++--
 ...4139-bc3069fe10b3f1d27d4fca396970c629.yaml |  4 +-
 ...4153-172cb25c60ec97a4292f9de3be08e5ed.yaml |  4 +-
 ...4154-fb2282647c2ae8c5fc2f5ce43c10e3b4.yaml |  4 +-
 ...4165-f021202130cf5324996d350595ae862c.yaml |  4 +-
 ...4166-babd8720f51cdfc03ee525219e51d67f.yaml | 14 ++---
 ...4480-b962a43c022ee33e3f132497b433375e.yaml |  4 +-
 ...4481-c0b95532030c59fee6c1d3ae2a188201.yaml |  4 +-
 ...4483-7cba36ac5159d909041a39ae02e640fa.yaml |  4 +-
 ...4544-a4e5a5186ca39bcba5d872b9fb372cda.yaml |  4 +-
 ...4893-abd2276f34ac392ae9b6a69f93290abd.yaml | 10 ++--
 ...4894-7a8b8fa3bcccffed98e8c5f115c5183e.yaml |  6 +-
 ...5105-bea5bcb6ac9b66b08b05c172c3f9bc32.yaml |  4 +-
 ...5106-6d56121149ca7bd6af4818d9b53bdc87.yaml |  4 +-
 ...5229-95305525d7820973fed879d8dfc49664.yaml |  4 +-
 ...5710-ed09f8fa2b1f0c2f3b1b1ea2ddd6cf57.yaml |  4 +-
 ...6013-19e5f7c5a5cf8056d79bfab611f4ed1f.yaml |  4 +-
 ...6677-a3e785056d2140e268a5211287db4a52.yaml |  4 +-
 ...0197-03e041af34914994b5b4b3e20ec8ee2e.yaml |  4 +-
 ...0198-fbe96c78719e34780f9334cd4775f2cc.yaml |  4 +-
 ...0205-3f5c9085cc5ea3fa80320bca3cc4e85b.yaml |  4 +-
 ...0616-81cd7c7b4d1173a363d79c9374f22f96.yaml |  4 +-
 ...0617-0720f12ed328d9f8394eeb8c7b25a318.yaml |  4 +-
 ...0618-464fda924b91446d67088565fa366b6b.yaml |  4 +-
 ...0691-a8ccc8e656f57b6f03393d18f5ac6d44.yaml |  4 +-
 ...0837-6786949bf947df30c87362646165e5b3.yaml |  4 +-
 ...1061-4db82812dea0cad0cb375ee4495ca7c3.yaml |  4 +-
 ...1304-46747c4e682ceeb0ba7de6d44fbb5912.yaml |  4 +-
 ...1930-7ec18e3e7ba86c077b691dda2c9af2f0.yaml |  4 +-
 ...2068-9a47bc7022503d111499b3cff929ca66.yaml |  4 +-
 ...2392-f091fee54b5af87e393409f73df7398b.yaml |  4 +-
 ...4671-2556d7722d4548d9067588a035ce357f.yaml |  4 +-
 ...4733-574c183518fa14bb1a854e4b68f72a19.yaml |  4 +-
 ...4734-5defb55cded48a565a064567cc9f2fde.yaml |  4 +-
 ...5695-066a3076f693bdf1acf756f1b6327c5f.yaml | 10 ++--
 ...7175-58ddfbc8f08958c578758b38baef9c64.yaml |  4 +-
 ...7321-57636a2970a5968684b69eba7f56b3ea.yaml |  4 +-
 ...1030-6639b89672c29c6f168a2b79f92361c6.yaml |  4 +-
 ...3890-89ecd9115fcfef013346488bc602d8a5.yaml |  4 +-
 ...3891-e8698e8d301690dded028c942c072a23.yaml |  4 +-
 ...4140-4e90b64e5c0880980f44418deca3c91b.yaml | 14 ++---
 ...4168-ac62ca2ddae58ee9be23fe2a4d7fe3df.yaml |  4 +-
 ...4748-64ec2a96ce824196b74660ea295fa52d.yaml |  4 +-
 ...5158-0d1a8a5f1814698e05f7c343a752da34.yaml |  4 +-
 ...0682-38ee495a4defefe501f09623f3dfcb68.yaml |  4 +-
 ...1186-0852d9b8897d185217e138aaac4e2439.yaml |  4 +-
 ...3977-435be2da19b4391be47c1eff3c320bfa.yaml |  4 +-
 ...4257-2bb5d275fcf9ba493afcfa9fdcfc130b.yaml |  4 +-
 ...4518-e4bfbf2cbba7e1243929a6da3f0f2ec5.yaml |  4 +-
 ...4536-3074a73795d456075561a5d7473c924b.yaml |  4 +-
 ...4630-19c5c13179457ac1c8bd83d2fa6c9156.yaml |  4 +-
 ...4747-336c529affe134c8a71f1e7879ec0dcb.yaml |  4 +-
 ...4779-c426bf1b8239d541e948689bf4281f26.yaml |  4 +-
 ...4825-455782a485d876c2acfcbf2a3f64d156.yaml |  4 +-
 ...5294-eac8868d56d1c09282753a6f5e51eca0.yaml |  4 +-
 ...5295-2034cdfa4d915e35ef9771b3de5a3733.yaml |  4 +-
 ...5296-b64a64e861339d55f5a2f0ac25277a51.yaml |  4 +-
 ...5297-821019e522c0249cbe8769a0804c81b7.yaml |  4 +-
 ...0641-5ea2cc8533d8fd4f1c4801b0b4960d9d.yaml |  4 +-
 ...0700-5128144b38c4f8aac30be645fe67caaf.yaml |  4 +-
 ...0740-0bfa9343d868449c3d973f2c81052fe9.yaml |  4 +-
 ...0759-e3d831bb072ff08836a63c6a4ebecea3.yaml |  4 +-
 ...0760-7db34627f1b70dfb15b3a62077ab868f.yaml |  4 +-
 ...3129-148a48158ed2a590392455c4205415e9.yaml |  4 +-
 ...3130-3718fa429a69f29dc2387ac6b6099785.yaml |  4 +-
 ...3841-f6896d23342ecbcbdbcbfcb5cd72746c.yaml |  4 +-
 ...3850-e8b1937b8d22149355604761f9e2e597.yaml |  4 +-
 ...3851-6d0c9deb010be5b44d8bbfb44b8f1a81.yaml |  4 +-
 ...3852-170bc795059fb0d98227f8d8677e21e8.yaml |  4 +-
 ...3854-2c9dd1c9df5c34a137e9f118a0781a3d.yaml |  4 +-
 ...3855-e63ed950312b124c0d59757ed157173d.yaml |  4 +-
 ...3856-0aff17e28ef121a8c519ec81ffed16b1.yaml |  4 +-
 ...3857-1eca6946030b47a7e15dbf74278035b1.yaml |  4 +-
 ...3858-caeb5a0b48102c1758efb7acc2ae32c5.yaml |  4 +-
 ...3859-1def92176b2075addd1971f8bb11410a.yaml |  4 +-
 ...3860-ab5cb4980d96d0502a1385c5c51d0ea4.yaml |  4 +-
 ...3861-8cf1ee9f0e6e79fc8ffcfb9414ff6340.yaml |  4 +-
 ...3862-59015ab41c28db2b3674f30b01c20313.yaml |  4 +-
 ...3864-86bc0489b6564a6b791112624ecc4c24.yaml |  4 +-
 ...3865-530c76ddc7a277b970fa701ca1edf42b.yaml |  4 +-
 ...4106-a4aa366f217005e74322ff2bf7a0e182.yaml | 10 ++--
 ...4562-c050cce5edc786cc76c2f3dcee80f148.yaml |  4 +-
 ...4568-8e904d0aa5c673b4683d6e95c3e351f3.yaml |  4 +-
 ...4618-0bc66019a5442f087e2da571324acbb0.yaml |  4 +-
 ...4624-0b070c6bccd03db5dad9fdc1c059c617.yaml |  4 +-
 ...4646-ac814100e213d264685a18f0bee470c2.yaml |  4 +-
 ...4803-92f2fb442048282c27cd8fc5629a2db5.yaml |  4 +-
 ...4926-98258e7e3672ebda27bdfc41933c5290.yaml |  4 +-
 ...4955-596c399ca77f6898f5eb2e3e553223f2.yaml |  4 +-
 ...4956-c6bafdf6d7b65e0b18711ab77d0f0098.yaml |  4 +-
 ...5051-ea4a5a60afde85ede6fced3685c1e946.yaml |  4 +-
 ...5104-5f327ec92a2ed47a19cfa74c78839e26.yaml |  4 +-
 ...5106-9fb1e67eb818f983f8dbfc23b2a0c064.yaml |  4 +-
 ...5107-47f5d0213d6a55b30c759752f9fa351e.yaml |  4 +-
 ...5128-a9a5808c69ac6668bf195f6fcb5a5a1a.yaml |  4 +-
 ...5181-41d06e1c542cc99b348ba7db58f2c892.yaml |  4 +-
 ...5191-052601a64f3c278014382ca43022a402.yaml |  4 +-
 ...5192-a5b27966569a74533de04e9d976c99c9.yaml |  4 +-
 ...5193-e7674c99987b6c4c7435d1f976b8d7fb.yaml |  4 +-
 ...5207-c4a1c6ea67bd01790c36ea2fb1f58bd3.yaml |  4 +-
 ...5225-aeea609833832e1baa1f0bd27367ec6d.yaml |  4 +-
 ...5226-3d4fded5713d977453c4246e8903bc20.yaml |  4 +-
 ...5254-2e3f61534eb2162d57847e92682b9bbd.yaml |  4 +-
 ...5257-376edc97e45ef94c79a753de3d636245.yaml |  4 +-
 ...5265-9bc357ece2cde706b261987c1bf85bfa.yaml |  4 +-
 ...5286-fb94da76ff281a4e13dbc1c86ed0929d.yaml |  4 +-
 ...5304-18fe02250ff137adf75ad3081c09ea5f.yaml |  4 +-
 ...5307-33a2e7fa2283855eea0bc65fb87d66e5.yaml |  4 +-
 ...5328-96bfdb264056a59de7cf266b01d0316c.yaml |  4 +-
 ...0287-77b2d106f56be975fb3bb74f975f0127.yaml |  4 +-
 ...0895-1424f14be2dcb113b8417a6cefda326b.yaml |  4 +-
 ...0901-4ad999fa82a381d094bc99654eb86aca.yaml |  4 +-
 ...0009-af8b6c1405ca4fecbb6348cbb779bff6.yaml |  4 +-
 ...1068-d9b7779382ec9bca0dc96d41eb9855af.yaml |  4 +-
 ...1785-062f64c8e6a3f6d8894bd4ff8b102cb3.yaml |  4 +-
 ...1834-ad3b6e67373c173a68de7fe25df960c3.yaml |  4 +-
 ...2371-00db16fbca7a4f9a03bd9187fe606bf2.yaml |  4 +-
 ...2402-0422552738ed57c09ee0769345670612.yaml |  4 +-
 ...2403-44d43af8a00799ed8cf48db72cbbf122.yaml |  4 +-
 ...2404-43262c5eaf25f49cf932dd17aa5ab966.yaml |  4 +-
 ...2572-260d59850520222ae9e82cf8d0c5f77a.yaml |  4 +-
 ...2579-bdefbe0337f0d8136e413e9977ce9dce.yaml |  4 +-
 ...2633-4b2830a65cedd0c5dc26608a77f72c10.yaml |  4 +-
 ...2759-7bcea995c31208e7b3ae2001fc2e0fd5.yaml |  4 +-
 ...2912-d0e94011e5fe6201731b0911afc2291e.yaml |  4 +-
 ...2913-d4c7d6015d840d0227eb1573d5a3b347.yaml |  4 +-
 ...2916-8a88cbe198527237519cb3478f4555ce.yaml |  4 +-
 ...2920-8e79000a55d2a7778e1f3a653b09e17f.yaml |  4 +-
 ...3383-41bfd816790097549bf9b2c052568033.yaml |  4 +-
 ...3384-91015e7f81886f4b730bb4d9cace5ff4.yaml |  4 +-
 ...3414-568514847d2ecbfcd9be56c047f3a92a.yaml | 12 ++--
 ...3414-7849f4bf55847e7dee539697b18e4bc9.yaml |  4 +-
 ...3414-b7c464860f475ded8d2ed3cd59a1ad52.yaml |  4 +-
 ...3434-ba663052cd3e15a64b57c5574e6284ee.yaml |  4 +-
 ...4226-ab4d33853504febd7c01f9cee8c9c3d2.yaml |  4 +-
 ...4242-bf34e0d076673dbb1080a2742b54fd0c.yaml |  4 +-
 ...4264-d3827d64e2bdf966f3d9c111c132ea14.yaml |  4 +-
 ...4271-0638cf0d113b279b6ab4547692f6759f.yaml |  4 +-
 ...4272-a6ea9efcd2b00d833f3dd3cae90d9348.yaml |  4 +-
 ...4273-50d503ecab241e54444834a8beaebf25.yaml |  4 +-
 ...4283-ec063e4ec21933641631e905d4f64602.yaml |  4 +-
 ...4421-4e1daaf317e651c619a375744a295c28.yaml |  4 +-
 ...4422-9717160fae4fbf7e432e0ecf4fa6857d.yaml |  4 +-
 ...4874-c888a527d839638dab34ddfabb9982e5.yaml |  4 +-
 ...4921-668be2a6a44dad3bba943de0f544a515.yaml |  4 +-
 ...5177-ed4c279d09c7012524c7ccab923e2ae4.yaml |  4 +-
 ...5178-87df231a3fe89988f05561dc4a2eda17.yaml |  4 +-
 ...5325-552fdceb70e178ef12665118f36af7cf.yaml |  4 +-
 ...5327-fb045d9c371baeb404b4c5f1d77f622c.yaml |  4 +-
 ...5328-ca1107b3905cae6801d38dcd71b363a8.yaml |  4 +-
 ...5346-9088cbacca16ddb298ad417146be5fc5.yaml |  4 +-
 ...5349-46bf8ffa7005c6ec6cf07777085484d4.yaml |  4 +-
 ...5350-5b86c54747aa1057e36177e85fea660b.yaml |  4 +-
 ...5387-7987b5631645ef011c12aa6fb80cc221.yaml |  4 +-
 ...5469-f5f19df0291f0636aeea89c408a38887.yaml |  4 +-
 ...5856-187ba8ada5a41b0d7770ae8aebf496fa.yaml |  4 +-
 ...5913-ef0c35cfc8264d312ebd8c7577e88c19.yaml |  4 +-
 ...6312-2c3b5f42630b423898a1e16a09268499.yaml |  4 +-
 ...6506-f4ee9df210a60a8c7b3151780ca279b1.yaml |  4 +-
 ...6511-a88755371a7efc7dfaacf49c4e565b46.yaml |  4 +-
 ...6527-5f2c8752d84edabaa8bbd1589413f608.yaml |  4 +-
 ...6622-8cba549bfba1e71b314fc0d37ea95e7a.yaml |  4 +-
 ...6624-a72a870d8ea76185ed68595992193f58.yaml |  4 +-
 ...6625-0856197f54ebc4b1a325747e3d0ab80c.yaml |  4 +-
 ...6627-4fecc14512bd412ef7b458d7c2feb79a.yaml |  4 +-
 ...6628-437f867caa3099fbc234387a5d6249e0.yaml |  4 +-
 ...6629-ce05b3ae1fa8a55fc1f1267b8e05c4cc.yaml |  4 +-
 ...6630-01dd63a5f8faf96a00782f6bc3eb47be.yaml |  4 +-
 ...6633-53c3a2476763f7f2558688f9f26210ce.yaml |  4 +-
 ...6653-bc135ea3b74553b0fd14eafbe49bca73.yaml |  4 +-
 ...6713-72d88d4156b62bb9e1abe8555a4604f1.yaml |  4 +-
 ...6714-ecd06ad3b241a40ab31e78d6ecc1667e.yaml |  4 +-
 ...6715-a6e4580408df1cc0fd425db3d3f61102.yaml |  4 +-
 ...6716-944355331d4d9eab9649c96fbc1339dc.yaml |  4 +-
 ...6718-2f64e4cf69164182b2f4695a0a03f04b.yaml |  4 +-
 ...0236-ff8227d1909738ca97650b31fc8d45f5.yaml |  4 +-
 ...0237-62c0f4af115d106e4e2cbcfcbfb71c13.yaml |  4 +-
 ...0286-da11574313c0b78ab88b69a807dbc63e.yaml |  4 +-
 ...0731-74a3eb8891dcef7e1892db3c005e178d.yaml |  4 +-
 ...0736-4a9495cead71bfc76b3becea53804acd.yaml |  4 +-
 ...0023-c978227ed54be6d80dbe1ecf4f522c4f.yaml |  4 +-
 ...0026-347522eaa82eb43bdeab94627e4d0f98.yaml |  4 +-
 ...1407-eb8f98aa61e3c3db7506a6098f7ccbda.yaml | 14 ++---
 ...1408-7b51f983a57c524a14f0aa93885b9cf0.yaml |  4 +-
 ...1463-4fd8626c11bff94fd8a393ce1bb61f0e.yaml |  4 +-
 ...1464-c346700edac77f8ba964672619183f58.yaml |  4 +-
 ...1758-3b4a8aeeafcd7cd5d89d3f79fbd2340b.yaml |  4 +-
 ...1759-8d120ab408475ea52678a65c5972ac37.yaml |  4 +-
 ...1765-f4124706d0e19c3b0ecdc824e2dde79c.yaml |  4 +-
 ...1808-7727a5f68ed648a5191d57e52492a289.yaml |  4 +-
 ...1852-ccd9eb7d8d7c7fdd585ed7aff289426f.yaml |  4 +-
 ...1916-70ddedc5487f163b43d7ace431e3f2c6.yaml |  4 +-
 ...2008-d80662422b2866b3d65a5445924467ed.yaml |  4 +-
 ...2009-afeb8327fb03504a0b5ac79fd5a442f7.yaml |  4 +-
 ...2107-ff845ece92fe1b8afa1885550aee0170.yaml |  4 +-
 ...2109-75c70b1bb438dfcca6e33d6263e0e86e.yaml |  4 +-
 ...2200-6ea13de5e88a490bbeb3409f32172b66.yaml |  4 +-
 ...2201-7fdbdd031d5c39eb7f813226abb85c96.yaml |  4 +-
 ...2205-9b2541766ae2ed11a30c45f083c00914.yaml |  4 +-
 ...2287-38106c08054956ec9ec0eb985cd6a30a.yaml |  4 +-
 ...2501-47c8ae751ee325a323299c1e28df1079.yaml |  4 +-
 ...2640-5be3d6220be540ab529a6f616f5316f8.yaml |  4 +-
 ...2693-b73d87f96280b93d84cc00f272e356ef.yaml |  4 +-
 ...2696-7851eebfd119dbcb64d57949b00c8e79.yaml |  4 +-
 ...2697-f8b195ad87a5a50c5754f7800933e00c.yaml |  4 +-
 ...2699-0e39d853b3d4654c80796b1245bb017e.yaml |  4 +-
 ...2700-4fb52fd64080462536a5af2ab82cbace.yaml |  4 +-
 ...2701-fab081bdfce9f805f8a61feef8468916.yaml |  4 +-
 ...2703-72f73bf14c806744336e445356e6090f.yaml |  4 +-
 ...2706-a61b4c2ab615ad0f80b5138981abe8ce.yaml |  4 +-
 ...2709-9b7bc1f0f7f491c09d5edf25ce5f3958.yaml |  4 +-
 ...2710-507e2521f54c5e6ca19bac49a7a788fa.yaml |  4 +-
 ...2714-396371aecede5680b30f6adf18b9bebd.yaml |  4 +-
 ...3251-bc3ead94b2639f49d2a3b634baef9593.yaml |  4 +-
 ...3252-888312a64923f43849174a79d906913e.yaml |  4 +-
 ...3253-1ce0c9b4a51f3fdac3a650bd3678e546.yaml |  4 +-
 ...3254-b3f583df01b20215cf8c32eded7781af.yaml |  4 +-
 ...3256-5031bc59caa3037821df61e5a345c90f.yaml |  4 +-
 ...3261-4a78286f0fa257bf74920260dae5103f.yaml |  4 +-
 ...3262-a760bafd1cd95a91af8a27215ef05ba2.yaml |  4 +-
 ...3263-d7975313aa0a75118cad6d46dc36f4d3.yaml |  4 +-
 ...3477-58ad613c40728469546ff0c459432f85.yaml |  4 +-
 ...3479-32ca157e45a11cba9d0a4e52d697d9d8.yaml |  4 +-
 ...3487-123845e838da3a6daa580f3b2ed445cb.yaml |  4 +-
 ...3491-61fcaed16881b56993f1d78f9758c2b3.yaml |  4 +-
 ...3526-f3bf3aa52e1e30ba08101ace5617af2a.yaml |  4 +-
 ...3720-42f14cb098faa7900818b46106b42afa.yaml |  4 +-
 ...4240-8de4556487daff9f80ef882a72ac48a1.yaml |  4 +-
 ...4241-0edbba73cef4d5273525e9fdeb2bcb4c.yaml |  4 +-
 ...4625-0244633df1d46b9b703b5c746fbc6e51.yaml |  4 +-
 ...4626-356feecea26ff4c40d9fa77a244963ee.yaml |  4 +-
 ...4693-75fb06485693f13299e4aa42a8ec1d70.yaml |  4 +-
 ...4944-a103c2e3cc97ab522767ac0230b22480.yaml |  4 +-
 ...4954-085dcf91f1430534b15ba25ebc810709.yaml |  4 +-
 ...5672-bc1fc73bd669dca4197ffa756353cd75.yaml |  4 +-
 ...5711-eaff27608bcf6deda804f06712a1b098.yaml |  4 +-
 ...5916-3dc139e568d48b3719f09d74e5c6ac5a.yaml |  4 +-
 ...5978-67c99f9c8f327331a1d82c5ff5d685e7.yaml |  4 +-
 ...5988-996209252b43de8bc510aae02fc9d00b.yaml |  4 +-
 ...6280-dcf043d6af78599175beab95bc8309bb.yaml |  4 +-
 ...6281-c9ddd0481037c81ec76638f9cdd36097.yaml |  4 +-
 ...6342-b04c389a2c7db09e215c22221497896f.yaml |  4 +-
 ...6797-683c8ae1178fe6f9d3ed4e7dea6abbfa.yaml |  4 +-
 ...6837-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml | 14 ++---
 ...6991-2f795470b566b4d4e27fdf7c4b01f4e4.yaml |  4 +-
 ...6992-3ee736065c571005f3aa44af407146c3.yaml |  4 +-
 ...6993-8ed4f4b4804b54524ede760d18b29fad.yaml |  4 +-
 ...7129-e7c3ee180660fac9fead4fadabb98bef.yaml |  4 +-
 ...7233-23b973e4e6f56dde6b9f085e9af4fc06.yaml |  4 +-
 ...7276-acf04354988365754f4760bff4f381fb.yaml |  4 +-
 ...7279-b308d8dd463cbe3361a5a4c348d193ac.yaml |  4 +-
 ...7472-178ad27fec6356c0ff4786fef5ed9b55.yaml |  4 +-
 ...7475-db0677cd0c6ea98a43e8b2ad4b143537.yaml |  4 +-
 ...7476-272ee2a329a8d2a28bce41429783dc10.yaml |  4 +-
 ...7477-eb6226c8060abd8c26fc61f24da2a61e.yaml |  4 +-
 ...7478-b1f45416f5a631250c26ec095bcb39a3.yaml |  4 +-
 ...7479-ad055d1685348a8fa4aef50dfdf0211f.yaml |  4 +-
 ...7480-e976dbcc632c2ee3b143a7604910e2c0.yaml |  4 +-
 ...7481-0c860e72b162cc9055e799dc4f8c2b43.yaml |  4 +-
 ...7482-e4da0c9bf6d9952b4ed3e7efbc293bab.yaml |  4 +-
 ...0001-f364089fe838821aa5875cc23a9bf280.yaml |  4 +-
 ...0007-f98ba84845d04638f96a14d587800f12.yaml |  4 +-
 ...0008-3be3c98bb23ebc942163786ddfe2ad5d.yaml |  4 +-
 ...0016-95e54f65e6d0b56382227247b6627a71.yaml |  4 +-
 ...0018-a24ad83ed56eb98da964ec89f37324d1.yaml |  4 +-
 ...0023-802392d669a0739410b0400626ccc124.yaml |  4 +-
 ...0027-f260533813247786590cffbf5861c8f5.yaml |  4 +-
 ...0012-fa96cc0ae3ebc5f92e1c1a93f29e6a5e.yaml |  4 +-
 ...0013-f8694c41fb21641e443ef7de9264487a.yaml |  4 +-
 ...0016-b635a88aed40383d80b165aae1551858.yaml |  4 +-
 ...0377-fe5830586f1fe4c6f5f3c3dcee633ecb.yaml |  4 +-
 ...0378-4fd25d208fa1eb71c396970325cd56c1.yaml |  4 +-
 ...0380-251b86614cf3be75bb7b89fbf426f8a3.yaml |  4 +-
 ...0381-3f3bfd2ca93dfdb22d963aa7b5cb0c46.yaml |  4 +-
 ...0382-785672d467101767144e711ae7fe2d35.yaml |  4 +-
 ...0385-6a2ef437dbd84b379d13828c6767a7f7.yaml |  4 +-
 ...0392-ad9f5965c16c8246b424703d21435589.yaml |  4 +-
 ...0393-8e029958bdc3ff72cf62f3277afe0ddc.yaml |  4 +-
 ...0395-87b936573487d2a82b44f72e3ce646b8.yaml |  4 +-
 ...1232-93eb8e1633c7ed38fbc4ff339a075742.yaml |  4 +-
 ...5091-49a01bc79b6fdfb5a76a16441b827dc7.yaml |  4 +-
 ...5096-d80de73f9f6546e4a52cda1c1451f11a.yaml |  4 +-
 ...5099-91fc45f92059ad3dccdaddc100f38fa5.yaml |  4 +-
 ...5100-08107665cefdd5cc4f288c7614f8ef39.yaml |  4 +-
 ...5101-8195d0fd4f0b5ac7235f16224b2dcb18.yaml |  4 +-
 ...5103-d8d27a0f27f9a3ef698ef167496cc3cc.yaml |  4 +-
 ...5105-4673047ca29ad4630d7b8bb30f727df8.yaml |  4 +-
 ...1888-c3337fb47eeb04c822819fd17c433268.yaml |  4 +-
 ...1889-88c5b961644bad4c49d63ba50954d1ef.yaml |  4 +-
 ...2040-6234c54583fe97f4b335659ad6e8c2c3.yaml |  4 +-
 ...2274-15bbee0302a2c0acdbacef494a071dae.yaml |  4 +-
 ...2297-a2cc7daca48d70191ab86ec84c12d114.yaml |  4 +-
 ...2315-60056c59f58d08c739eaa4877baa7622.yaml |  4 +-
 ...2333-1d3a5e954dbca93e3fee328975ccc98e.yaml |  4 +-
 ...2550-20729b5326c844ceb8ab014ad17df6e2.yaml |  4 +-
 ...2558-9030229f25561b555ab5bd8cf6a1c26d.yaml |  4 +-
 ...2579-d6467913a640b127b20e07c49e842d3b.yaml |  4 +-
 ...2598-2b5c6ad57482cc18f3496406a2a98d3b.yaml |  4 +-
 ...2838-5ce9260c9b6d59d0d80e5fb0cb039b07.yaml |  4 +-
 ...2839-0b148460306247418981fb91f92502a9.yaml |  4 +-
 ...2995-1280f1445230b7ae1ede9b8d16dcfe7d.yaml |  4 +-
 ...3123-9324556ad1df2ab2ecb9b1f7e086b9b6.yaml |  4 +-
 ...3210-7983ddc66df9d17c37dd89bbc4e4f416.yaml |  4 +-
 ...3841-6d98c218699b93985ac97a3eec99201e.yaml |  4 +-
 ...3842-897a0fa8ed3a14f37db420497ce08cb5.yaml |  4 +-
 ...3844-ffaf15e9710e51e22815d7c14866275b.yaml |  4 +-
 ...3850-3a91d6c48afcaf4ec202f8da0ad11a12.yaml |  4 +-
 ...3870-94f4e4e5606b83b8d91c368a5ee77e4b.yaml |  4 +-
 ...3882-a2f350e1414d89ef0f2cdb91d69b4d0f.yaml |  4 +-
 ...3903-02d6de68e2eb0c0f7215999509c086c8.yaml |  4 +-
 ...4017-f35417e8a6d1f5736025e50e8ca1a9dc.yaml |  4 +-
 ...4163-80de44f32a39260a4242f01334cdbfd5.yaml |  4 +-
 ...4514-e94f4c2cbdc244ce8cd5d182c9382536.yaml |  4 +-
 ...4516-4f0f10f376030e01ed907ee127ea7f81.yaml |  4 +-
 ...4517-20bdedbec4b7794610e6cc496e884cca.yaml |  4 +-
 ...4518-96de724cebfb88ce342c3f1cd99b7f35.yaml |  4 +-
 ...4520-e4bec7dd7a04a9998930ce7422960fa5.yaml |  4 +-
 ...4521-d1ad636a904712d275c068316d9921ca.yaml |  4 +-
 ...4523-2dcf73eb82f83432e780c74c23beb2a4.yaml |  4 +-
 ...4524-75e8a53ab865623ebf98c15a4f6ef027.yaml |  4 +-
 ...4525-492078688f68b5c1a6aec5a98ed76f29.yaml |  4 +-
 ...4526-e5f4c0414a585004ed1f35745c5931f6.yaml |  4 +-
 ...4527-e9f65fad0edf93964d95edc6a82cf394.yaml |  4 +-
 ...4528-26cfa8bd44fa751562e056cb1d39d345.yaml |  4 +-
 ...4529-b3551195333886afba6c43fd173acb65.yaml |  4 +-
 ...4530-59446fd68b7784d882498e25f909137d.yaml |  4 +-
 ...4532-a274fd2664073f0162156778e8dac986.yaml |  4 +-
 ...4535-65f707df02fc4e71880af94936e28fe7.yaml |  4 +-
 ...4536-8a7ecb10c894553e29bd44217c769b5a.yaml |  4 +-
 ...4541-719947b7a1ac06fd82b24dd2b2c29f27.yaml |  4 +-
 ...4543-d6f933dccde3d9cca555af3f7b970f39.yaml |  4 +-
 ...4544-c4998932aa42fcf89b684f69330f53ac.yaml |  4 +-
 ...4545-7ddce7ee421f18bacb72f14e66ea1bcb.yaml |  4 +-
 ...4546-1bdd11fadd06cfdab7d4d06e095a85bd.yaml |  4 +-
 ...4547-fe69a0c777f01161eb85876f2a58c68c.yaml |  4 +-
 ...4550-382f2dc0e3689fe8f1bed64d23fca41f.yaml |  4 +-
 ...4551-4382e753da7c1d916f58a427140d32b1.yaml |  4 +-
 ...4552-a5f4f463543df4d2c732d202ef98faae.yaml |  4 +-
 ...4553-a406e3b1989f167ebfda1e3281f7073d.yaml |  4 +-
 ...4554-a491a4eb2f6511d2fd18eb2730601144.yaml |  4 +-
 ...4555-d99f0f471a2dd63c73902853b59daf4d.yaml |  4 +-
 ...4556-6d412503c15b02be74462a4b525012a6.yaml |  4 +-
 ...4557-9dadadc2ea66cec373bf71c20060be7b.yaml |  4 +-
 ...4559-fab645de2f6e6231ff6074be3c265848.yaml |  4 +-
 ...4563-2e334a9b30a8a16758bc7c2d1620372e.yaml |  4 +-
 ...4564-22471b3f81db400388be79d0e5d0cf32.yaml |  4 +-
 ...4566-011e0a807fc0a0f2b6240634cb1a2fc2.yaml |  4 +-
 ...4567-78372eee8a5b2f566eb2e73090f227ad.yaml |  4 +-
 ...4569-e248f5c6da990a6a809a8d58910d242b.yaml |  4 +-
 ...4571-495d298d6c0fc5fe1a9847d638c40959.yaml |  4 +-
 ...4574-a81e63270dce3acdb86d52d988c823c1.yaml |  4 +-
 ...4575-11d411cbc5ec47f84a5a874c5f4a706d.yaml |  4 +-
 ...4576-e0d816c541690f9c52144ee19295acfb.yaml |  4 +-
 ...4577-5595c7f205cd9ae7c0c1e3237881d78f.yaml |  4 +-
 ...4579-2d20c9ee33e7e10b4c0f0dcd5f256173.yaml |  4 +-
 ...4580-549e52f202fcfb1294c6d1e3496da00f.yaml |  4 +-
 ...4583-faf2b2d46d16f4cbc167cb1d3ca32849.yaml |  4 +-
 ...4584-e5c5d5728e5c08ed8fa4fe79d2c3e420.yaml |  4 +-
 ...4585-f4af8d356c8b91106f18b8295f1a09bd.yaml |  4 +-
 ...4586-40f4199a368e88456e06377e7668ed2b.yaml |  4 +-
 ...4587-25e2788cf757f6544d551ea3a1e2ff53.yaml |  4 +-
 ...4589-cf07672d5cc5a9d43b461f631786b4cf.yaml |  4 +-
 ...4593-11e0416c47cc399cafbb7b5feca59d4c.yaml |  4 +-
 ...4595-db7767ed937dfde97dcfb07b299497ed.yaml |  4 +-
 ...4596-894d5909f0af3672921ffb2138091248.yaml |  4 +-
 ...4599-d9ebf3668fe7cefc2f8b63111d50df87.yaml |  4 +-
 ...4600-fc176b004d2c6f19188839a3973c1a4d.yaml |  4 +-
 ...4601-530246c3333edec963a6035638964677.yaml |  4 +-
 ...4602-780fa31d43c1e72887f541f835fe2c28.yaml |  4 +-
 ...4604-882b62316645c3c4ca02d06b90f3ba4c.yaml |  4 +-
 ...4605-e5d3824dce2c042eb639b46cc57ff2d2.yaml |  4 +-
 ...4606-09e64e82ae55462158eeb5e726a22311.yaml |  4 +-
 ...4663-b970262dad30a7d484efebc698a4fbb7.yaml | 12 ++--
 ...4717-934f2b643137558d27d763ac97da6357.yaml |  4 +-
 ...4845-acb1c7356c04fc668153a6e512559aa7.yaml |  4 +-
 ...4846-2c78a721f8f6bce6bce705e149277edc.yaml |  4 +-
 ...4848-6ccf09aa4f6f92564c1ba185250a9b6d.yaml |  4 +-
 ...4854-aadc81f29bdd98e82b479da656b5f939.yaml |  4 +-
 ...4856-bc16d03e307b2f3d476c4281bda98567.yaml |  4 +-
 ...4939-84f324614693ea073f92a44e128e4cc4.yaml |  4 +-
 ...4944-3a7bd82599c0011e05818b715925a7ed.yaml |  4 +-
 ...5034-48e518f6131232316ecd7bce4c25cf68.yaml |  4 +-
 ...5072-eacb463d459e2bbbfb442e19685437c7.yaml |  4 +-
 ...5155-ef20cf055251e93d9b846f8776b699ac.yaml |  4 +-
 ...5180-e15109a3e2bca91cb9757f33e8ccceb0.yaml |  4 +-
 ...5182-a37629b8951d8dca9eaa0034808a75be.yaml |  4 +-
 ...5183-ff68da2306359b7fb7d2ec7bcba42c9a.yaml |  4 +-
 ...5184-c6f782f9040ea9a039305ec1ed2ddafa.yaml |  4 +-
 ...5185-1f86e582a713c3bd4333747ed30a9d68.yaml |  4 +-
 ...5186-e6b6d80807708af0a37d88bb4f8862c7.yaml |  4 +-
 ...5190-f1dda6bcbed7eecbc2cee8a7403b412e.yaml |  4 +-
 ...5204-f22677490a8449ed9a279a27d7c29df2.yaml |  4 +-
 ...5324-6eae0900047437ffd3af67b0a999c0ce.yaml |  4 +-
 ...5344-0c3f9f93e6c155cbea9171c4ea6c8a72.yaml |  4 +-
 ...5389-bdf28a131c7bd7c8afd4060cccc1802a.yaml |  4 +-
 ...5460-5e35179f25bd306b0effea20785c4fdf.yaml |  4 +-
 ...6242-5ac539645eb63c949c47fcaeea5bb661.yaml |  4 +-
 ...6315-85912756aaaf6a5c4da322cb7b750dd5.yaml |  4 +-
 ...6604-8402c61711992f819817934b35ca7a98.yaml |  4 +-
 ...7139-b47f4196237e18a984049178586c33fe.yaml |  4 +-
 ...7151-0943806ea17e69fbad3f9008b6d8edaf.yaml |  4 +-
 ...7153-1b866013a286b8267be128b4354cf380.yaml |  4 +-
 ...7240-ec82173ebd40f930fa2890b83a9358a8.yaml |  4 +-
 ...7956-a7d43e65e4e3ff48ff1d77822c4c9c14.yaml |  4 +-
 ...7957-fc1ea9d8e61023700e49f1688ac8b5c8.yaml |  4 +-
 ...7958-2269359ddd46edefa6d111262722719c.yaml |  4 +-
 ...7959-80f01f8956a520ccda68d02885c8eaae.yaml |  4 +-
 ...8087-a2564828601d8890d4d70eda1fefb7d7.yaml |  4 +-
 ...8364-ee3866229b628cfe3699728232f7f492.yaml |  4 +-
 ...8375-5951232c0f20a63b311a79c589b973af.yaml |  4 +-
 ...8584-ece1da78596879174efa10393f34846c.yaml |  4 +-
 ...8603-1c3b4e53e5b3379877d01d32e9f8b494.yaml |  4 +-
 ...8724-656dd25ede0c1a0fb3db612c85cade65.yaml |  4 +-
 ...8809-320ea2b9c0bedd9f6c8b24cfa2e671a3.yaml |  4 +-
 ...8810-491436cd325d5b03202c1b421dcad671.yaml |  4 +-
 ...8948-c40ba36e2109a35c573b2639a4d72291.yaml |  4 +-
 ...8949-0cbcc4f1288df0ee24dd7a2993f69c51.yaml |  4 +-
 ...8955-f5690c4ae22224ef33491e3a8f293f4d.yaml |  4 +-
 ...9031-c4855e013484cc5dd3a682addca483bd.yaml |  4 +-
 ...9033-263b6b337d75675e2802e70806ebeca8.yaml |  4 +-
 ...9035-440665cc216f121193f817a3884e395e.yaml |  4 +-
 ...9036-8a33514ce48c43037c771803b9a985c1.yaml |  4 +-
 ...9039-f4126d8b538ac1453cb97c3958cf463e.yaml |  4 +-
 ...9094-415af7715839a7a4186f1ea1fe3682a1.yaml |  4 +-
 ...9098-5a110fd311341876d97192705d1ff40f.yaml |  4 +-
 ...9099-13ab8a3f776049bebae928b8bd527987.yaml |  4 +-
 ...9174-d4b13be2a36ff961aada7107a748559a.yaml |  4 +-
 ...9176-be25df600efc2e679e203dcc1fd3ddd8.yaml |  4 +-
 ...9179-2008dfadd96c77e37701fc89701d0b2f.yaml |  4 +-
 ...9260-07b6f9539cc79b55c833c05dca993fdb.yaml |  4 +-
 ...9305-73c7b664803cc72f6ed74c19b2560471.yaml |  4 +-
 ...9308-039f1cb39ecb5839b4ea52ff55c41eac.yaml |  4 +-
 ...9309-961c6f8ac9568871bace8745083a3696.yaml |  4 +-
 ...9311-d30830ee183428306dfe29b862928edf.yaml |  4 +-
 ...9336-d22a628e60dd0e0e47e495ea9eb75413.yaml |  4 +-
 ...9337-a8ffd5b000a53e3a5bfd7f4581d6cb26.yaml |  4 +-
 ...9338-8b7ce3f62fb6e151f58953706865b9ed.yaml |  4 +-
 ...9339-124b0c02e423c613251c0019e72c2c54.yaml |  4 +-
 ...9340-aa2e0c1ddafa9b3b45d0cc288ae14d9b.yaml |  4 +-
 ...9368-29127228d14d384699d6b5442d961328.yaml |  4 +-
 ...9391-216bc7429720f3a1737645ac0bc074a0.yaml |  4 +-
 ...9393-b53860895277e266b1fcb14159c31da6.yaml |  4 +-
 ...9394-fab925188af5751f6804af30f809b504.yaml |  4 +-
 ...9395-9f4b30648930a231b8f2e1e9c1a6b6c8.yaml |  4 +-
 ...9397-f1ba708b36938f8403e7e3c932465c6c.yaml |  4 +-
 ...9399-181c4a45776e23b2e4688d3d65b94f78.yaml |  4 +-
 ...9400-b96d233c9f831b3a15126c8efb4195dc.yaml |  4 +-
 ...9401-fe81b0cd67440d8b6f9d1a6ebbe2565c.yaml |  4 +-
 ...9413-288abda2cfd9da64eaad068ba5d6f96e.yaml |  4 +-
 ...9437-40737c0a7a095d43140be7cd03a62330.yaml |  4 +-
 ...9441-ce24f7f3b0bffd6ade8af3419aeed5c0.yaml |  4 +-
 ...9442-412eb3ff2c6b3450ae105bf1638dee64.yaml |  4 +-
 ...9443-984a23521e50b74e0baafc6841353e19.yaml |  4 +-
 ...9444-5804085185dabeb708155bde523d6d27.yaml |  4 +-
 ...9454-e689aa17f6bf2fdc2c6603a9014c4c60.yaml |  4 +-
 ...9523-15ed4766d27c484c5517c27d81b8d51f.yaml |  4 +-
 ...9570-2c08e7ca2855464050481f48ae1d114f.yaml |  4 +-
 ...9735-21b56747ef932af6a293d705a4f1c993.yaml | 14 ++---
 ...0895-44ac07d5baafaaec1fde2cca5e220010.yaml |  4 +-
 ...0920-434911a5447ed5d05a669b67b9efd816.yaml |  4 +-
 ...0004-16949f85deca6c76da36cc5d46cabd06.yaml |  4 +-
 ...0090-6ef6064badb5d7b87c27535925053eda.yaml |  4 +-
 ...0095-cecf0eea6a928571e9c6c0b109812dde.yaml |  4 +-
 ...0100-57f7b5f0694f05830341c7de29cc9c44.yaml |  4 +-
 ...0105-6f9e9fe1fa78bdc8c8c67cbc00f8001f.yaml |  4 +-
 ...0111-89a35a79088c1cac6da4471e1521db2a.yaml |  4 +-
 ...0116-2a790c8bfc2f91a748cff8286de5f526.yaml |  4 +-
 ...0124-53a42a688a74a64b49721153f05dafd3.yaml |  4 +-
 ...0128-94b0b54aeb124f4c7a107e54a5615849.yaml |  4 +-
 ...1204-323a2528ecc021abe5c2c6bd363f0d32.yaml |  4 +-
 ...1366-5b2fbefb63fd7f965b09642c4ccecf5d.yaml |  4 +-
 ...1376-99e3e9aef74467dcee4f17ac700177de.yaml |  4 +-
 ...1383-887adced0648142cd9b714a8cbded6f3.yaml |  4 +-
 ...1384-f7325cb69c59d2a2951bb8ec98779e8d.yaml |  4 +-
 ...1385-86221a41117bb12070fda480ca17a28c.yaml |  4 +-
 ...1393-1e81e15f7eef3b25cd39002edd8c241e.yaml |  4 +-
 ...1394-e1df20c1816f9cf921b493870b0123b0.yaml |  4 +-
 ...1436-7a859a74f0e39d83ee989a269a737923.yaml |  4 +-
 ...1494-b8e3a07576df90727675ec278a1f9eb2.yaml |  4 +-
 ...1580-8319ea5020d449067d1800ef0c846413.yaml |  4 +-
 ...1784-b4ed5bad800bb63784fe65e3822d9b92.yaml |  4 +-
 ...1785-5eb51111eaa90d94b47d1fce5457ff77.yaml |  4 +-
 ...1879-0058c9636ab9a993ffe8aa9657a05d60.yaml |  4 +-
 ...0019-321e86531ce3a7401f2a887940f1ca1d.yaml |  4 +-
 ...0105-b1bcff9d2efb787a948b3f8018f345ae.yaml |  4 +-
 ...0106-55592f88afc85caec6c62b369547bd3e.yaml |  4 +-
 ...2040-b08c80c889936db0e80107b8d6e7f7c2.yaml |  4 +-
 ...2062-f1a34dd1cf3f3d82d7aaeb96b1997e29.yaml |  4 +-
 ...2069-74b60f27afca1a7a8208f5a85162c261.yaml |  4 +-
 ...2084-f8dda67401c83c106e4913ae42963922.yaml |  4 +-
 ...2089-66a96d7ee2557e873f3475f1e86dd229.yaml |  4 +-
 ...2194-50500b0da9551f89249fc057d52b16ad.yaml |  4 +-
 ...2195-ee67de5781e7fd9c2318027f775c66d6.yaml |  4 +-
 ...2199-66fd05b591a1b1e766cf1d8976a2f593.yaml |  4 +-
 ...2213-4042aa3076d5d5e05f92a43c0f9299ab.yaml |  4 +-
 ...2292-4a0b4f088a324947da6aaf5af5ea450e.yaml |  4 +-
 ...2293-0cab757218d53679bf548112d251d15c.yaml |  4 +-
 ...2315-cb38c4c6a570ec5691624654c5d4d34c.yaml |  4 +-
 ...2321-21f007f5ea27a69827ebd1e3bdac836f.yaml |  4 +-
 ...2324-8449cdb7230a3e1bb12d25a2395ff5c1.yaml |  4 +-
 ...2755-5b4876c37f7fd35309718a01d65b18f0.yaml |  4 +-
 ...2792-bf27f6ce9ebbfb831479a794b9f49858.yaml |  4 +-
 ...3173-262dd6c0036b365e35ff5544b3d1cf02.yaml |  4 +-
 ...3299-6a69a2fa108e4cf956a3388af5834004.yaml |  4 +-
 ...3300-380b3f09b95ab564acee2d8952a33e71.yaml |  4 +-
 ...3325-4ae9af0b470e9693506c7f0dea29cf9b.yaml |  4 +-
 ...3421-b63e841ec4f7ba03a92d7fcbed9249bc.yaml |  4 +-
 ...3429-a1f41447ffcf38fa9b963d8ece31aad9.yaml | 58 +++++++++----------
 ...3439-1ea3d08c9b81a694b2e0d96737c7ca52.yaml |  4 +-
 ...3986-e7c178a2471ea08f4ec99b9eb663cf05.yaml |  4 +-
 ...4010-2fb0bdf5e86e962a718dd05b2ce83f93.yaml |  4 +-
 ...4039-398e2e434c59ceafeecf5e603168a0d7.yaml |  4 +-
 ...4062-c5e29f3bae507d53468f7991a1fb1a3e.yaml |  4 +-
 ...4063-5661d46a0d0f62ecdca1f908938fc469.yaml |  4 +-
 ...4064-32b6d6a7715e88760b71f326a4a0a744.yaml |  4 +-
 ...4065-1bd3cf2ded386b4330f990e160e575a1.yaml |  4 +-
 ...4066-13393dad61452f7f4e21c0de558fed80.yaml |  4 +-
 ...4089-7bdbbcae3cce706a901ef3f3a6b92425.yaml |  4 +-
 ...4127-ce1d4ccc883e8bf5f82fe00f2d94fe35.yaml |  4 +-
 ...4139-ae9135d7bf1c7296c12f3a734a25c4bf.yaml |  4 +-
 ...4179-ddc63b74125a60840010b54470ac437e.yaml |  4 +-
 ...4337-259f1c198d6aae45fe01969db446735f.yaml |  4 +-
 ...4465-ffbdefeb8e9807045768193f5cbcf332.yaml |  4 +-
 ...4697-c101bbb0e470de09f2d621ebb65fb72c.yaml |  4 +-
 ...5057-3120d6067a3e5e251eec4212f4e5aeb5.yaml |  4 +-
 ...5308-cb7fe4a1f5c046460e4d69413b578527.yaml |  4 +-
 ...5483-ec43ca1bf1629851ca9458501102a544.yaml |  4 +-
 ...5484-9098123c91e037cb8b4722ce5e0246b6.yaml |  4 +-
 ...5485-86cd270f4cc1442525b2973b263a3c27.yaml |  4 +-
 ...5528-6f67eba72e7035f4406a73d70218218a.yaml |  4 +-
 ...5532-63f8abf1368e7fe90270064d672ae623.yaml |  4 +-
 ...5533-39efec1d687062290aa82ba498987905.yaml |  4 +-
 ...5535-1a21904a7af165ae2d206e73642b0122.yaml |  4 +-
 ...5622-6aea7b52579f172c9bf983e50b0b1bb7.yaml |  4 +-
 ...5623-313251dbeb7159d2f2f5a878dc3f4bb6.yaml |  4 +-
 ...5714-f7283f346fe85f39acdb5e20af5f97a4.yaml |  4 +-
 ...5715-edc700db5b7f85733c96d120d88dd36f.yaml |  4 +-
 ...5731-026d101570c060723759d89bd6e308cf.yaml |  4 +-
 ...5732-eaaace6cb938cd367aee5bb46ada2d9a.yaml |  4 +-
 ...5733-4e2310a226a845a4294681273e42b4e0.yaml |  4 +-
 ...5734-5dbdb3a08effff0e267b66b5070f04cc.yaml |  4 +-
 ...6238-43b0481b51b9c335093961e5a3ab3d80.yaml |  4 +-
 ...6535-b86d996fd3fb32f4d4a2741c181e0be2.yaml |  4 +-
 ...6738-4e5782f54b030eb5a442bdadb5799911.yaml |  4 +-
 ...6805-6ffded2a3fa64429e9ee95b7a8bf44d5.yaml |  4 +-
 ...6920-1a4e07a5bd173dbacaf88e7f59c17b91.yaml |  4 +-
 ...7357-3f3928c6559acc265ac4dc8abe8f4e68.yaml |  4 +-
 ...7386-e35ccf6a5d1ddada5f10422331d300df.yaml |  4 +-
 ...7527-1a5984e73d9bda9668de2c9f32433df9.yaml |  4 +-
 ...7682-c271e79e457792d8093dce56ebc058d7.yaml |  4 +-
 ...7791-72bbf06194176f982771d77cb4853bda.yaml |  4 +-
 ...7806-19a0491cf914c310a86ae542abd14b9a.yaml |  4 +-
 ...7989-c8253916783474b27e7325c9525aa970.yaml |  4 +-
 ...8350-7ebd0ae08ee9eace1c6d1e72c60c16e5.yaml |  4 +-
 ...9229-41d56c1ae043586e69a9cbdf8e53ac0a.yaml |  4 +-
 ...9230-05b396118a681cd132367b6e58e8468f.yaml |  4 +-
 ...9233-33bb20c48315e8c455839c78ef66e1b1.yaml |  4 +-
 ...9234-4612690a2b5b9e2adc467251d2200410.yaml |  4 +-
 ...9270-a669ab86f241324d8d2f2b22eaec997d.yaml |  4 +-
 ...9273-c568408b66270ee8858beb6b5337a826.yaml |  4 +-
 ...9293-5d289d7e578bce569fb34678a49e0c92.yaml |  4 +-
 ...9295-7d2288f1e4c8fb646fdb55a372b6200a.yaml |  4 +-
 ...9297-af430c9858b5bde975d56075509bcf57.yaml |  4 +-
 ...9299-3f14554541d5c07fa1b8df4c175de3d3.yaml |  4 +-
 ...9300-7f61d132e9ad7bb4333f632fb4ac561f.yaml |  4 +-
 ...9304-afb15d666e098434f8ebcb7a76b5d273.yaml |  4 +-
 ...9306-c5aaff2cbf4515e9a35f03f837f2957f.yaml |  4 +-
 ...9307-0677fc472ce6636d2560dd0fee27206d.yaml |  4 +-
 ...9308-6a35bf1797897f8d13c75911c491ac65.yaml |  4 +-
 ...9309-09e6dfe7f784e608ed0fba91188d7274.yaml |  4 +-
 ...9317-266ba42edca3ad9aefeac2a819615d83.yaml |  4 +-
 ...9320-6e42e23486d09ec34675722772aa1b90.yaml |  4 +-
 ...9322-1bd28f72c9296305fff71e613d0c8c82.yaml |  4 +-
 ...9329-5b6052811294a634af9b6d15efbb8d49.yaml | 12 ++--
 ...9331-81844f67a8cb300bf38ea9c090e351aa.yaml | 12 ++--
 ...9339-558dd2abba5a0995e4e08d93b33b9766.yaml |  4 +-
 ...9342-7a4c9972726e4955d433f6a7b81c1d28.yaml |  4 +-
 ...9343-79ab1b5d546d12b519823b2566724735.yaml |  4 +-
 ...9346-ab3c3e9805ecb63c9f5865d7cc04e6fb.yaml |  4 +-
 ...9347-2304e691feb866a99a567fd410649f69.yaml |  4 +-
 ...9353-1a55c20ce9650829e57b6e448599ddb2.yaml |  4 +-
 ...9355-5e2cda3c648eae11638d20b64a6ac7f2.yaml |  4 +-
 ...9356-f5789b694dfc2fa041ad362aac79382e.yaml |  4 +-
 ...9357-cff9e4a18682397642168ab27f023202.yaml |  4 +-
 ...9360-84290819179c80fad98664a6919a3707.yaml | 14 ++---
 ...9363-f7228bc923e4f7e6b922e94dc9e73ec2.yaml |  4 +-
 ...9373-bf5b301e59797812833300e7fc88f201.yaml |  4 +-
 ...9375-3a6771ca38d2c7d158262d9fbdbb7826.yaml |  4 +-
 ...9379-f87c4c6d53b29231a0f57635f4d257a4.yaml |  4 +-
 ...9380-6c9c7c812a4ff55c5f56daa5be2fd373.yaml |  4 +-
 ...9384-c81d2be092773595df7e11c3e43455e6.yaml |  4 +-
 ...9385-105cf32b00a014867c600a479b6d44a5.yaml |  4 +-
 ...9388-5973e024827e1b713c70489b0018d6d3.yaml |  4 +-
 ...9389-5ec6acde81c3a11c030c7e48fb82e3a0.yaml |  4 +-
 ...9390-9639beb38d5d1c45bea1fc0af8299ea1.yaml |  4 +-
 ...9391-6ef860020cf2393d29a3d4b7f6db6475.yaml |  4 +-
 ...9392-ccec5144654bab62438c0000b0cd001b.yaml |  4 +-
 ...9393-d7cc53ebc89a0251fb7abbabbb69e870.yaml |  4 +-
 ...9394-9ae9897b899214e88181a9313e35781d.yaml |  4 +-
 ...9395-4d92bacdb897e72bc7c9b888465bfb12.yaml |  4 +-
 ...9397-e2b3a3b43a72a2751316fff54c8d6a22.yaml |  4 +-
 ...9398-613714f5c2e87c49430822b55db25b79.yaml |  4 +-
 ...9399-cca20bceb29d548b71fff2c6b265d9c3.yaml |  4 +-
 ...9400-f1ed96d1b2d98c3026e1dd704ae2087a.yaml |  4 +-
 ...9402-7d8cf8e800d2870ca230bed514c737c3.yaml |  4 +-
 ...9405-59221c8c4cf4b83ed678f38b12740d87.yaml |  4 +-
 ...9407-68634c1a8c946edc4c46f0185186727b.yaml |  4 +-
 ...9408-7fd7a99aaec9de09c58a50b6b832a9fa.yaml |  4 +-
 ...9409-a800af3f915adeb03a4c49e2c0c22f5f.yaml |  4 +-
 ...9411-364140ec5050587d4743f8ad888c8004.yaml |  4 +-
 ...9412-b8b913c56ed39f29c61eb2552bb40930.yaml |  4 +-
 ...9416-fc97a63071c0bdeea490fe1b61f06d10.yaml |  4 +-
 ...9419-c23ce008dc2473271851552ad5775c2c.yaml |  4 +-
 ...9423-20fb78c96d003cc1a6ca252c0fdacd2e.yaml |  4 +-
 ...9428-5ab744233de8cca4ab1cbaa602802c09.yaml |  4 +-
 ...9433-7e1c6a231bffdfe14a3a2ce673d73608.yaml |  4 +-
 ...9434-10df21fe953fcd7c84f02b55e2e8260b.yaml |  4 +-
 ...9436-a4d9b1fab913268578f318671b68ca36.yaml |  4 +-
 ...9437-7c8cf3109f4d4b196459b75b96aa728e.yaml |  4 +-
 ...9438-c88811f07a28a64dae50ff3a4d1213f5.yaml |  4 +-
 ...9439-400e484570b51dd745ebe0689024ac48.yaml |  4 +-
 ...9442-3231c8774c4d66bff9d3f46fb317e754.yaml |  4 +-
 ...9443-5c23a6c70aea6e2ef9477919b8442851.yaml |  4 +-
 ...9444-62fcd76831b1e2041b5f8a95a5780c32.yaml |  4 +-
 ...9445-103ae57e192be7c58d97324e70895c9f.yaml |  4 +-
 ...9446-1ccd8092085adf5a5342024d683bb79b.yaml |  4 +-
 ...9447-e8e6f489ccaee4d00c096c7d8c466fc5.yaml |  4 +-
 ...9448-f386ff3f48b7d778335b6a97f6c41a43.yaml |  4 +-
 ...9449-02bdb4a60f8caf982b09839a595e4b9c.yaml |  4 +-
 ...9453-0e68c0b9eccc4d13ea9a31e72c5947b1.yaml |  4 +-
 ...9454-60f28a7307d8376de999213f19e8d5bb.yaml |  4 +-
 ...9455-5f432c656be335dcd6d93a860c52a8ba.yaml |  4 +-
 ...9457-41859e395573554f98122582c8a8f0c6.yaml |  4 +-
 ...9458-4fdb668b4072805be7b723dcf1d44abb.yaml |  4 +-
 ...9460-044e0b800aae833468f672b3d52648b9.yaml |  4 +-
 ...9461-18b2efc80a79b2c683b250abf8605dd3.yaml |  4 +-
 ...9462-d959830a068b86235ba87177aa38047a.yaml |  4 +-
 ...9465-61995cd0cadb8b6360d652af233c94df.yaml |  4 +-
 ...9468-426b7dfdb8bc5b0834ad851cf8e9ecfc.yaml |  4 +-
 ...9469-d1c8ca034f832b8e22c96845d2890940.yaml |  4 +-
 ...9493-de81b18a854ce81734a5dca6853e283e.yaml |  4 +-
 ...9494-76874a7b4a83992edc7c544ab3ce90f7.yaml |  4 +-
 ...9495-85ef6da03e1e6bb00fd985498d35a632.yaml |  4 +-
 ...9496-65920cbefe2613a05348e64d8746a7b6.yaml |  4 +-
 ...9497-79f632cd97a0ebb6e16d846a092aa9f0.yaml |  4 +-
 ...9498-efc5740c90ff0a59809e4e9849d0d149.yaml |  4 +-
 ...9500-4569fe83ce2bb42a6e266298e47ccef7.yaml |  4 +-
 ...9501-e655964abfea5d2b4e77a9418e2e0409.yaml |  4 +-
 ...9502-5d7be31521ee03a3c41d06e3d9d363f9.yaml |  4 +-
 ...9503-51ba94283b04aa5998cb156cf18689aa.yaml |  4 +-
 ...9504-a66c423ab6d157ff18cae8cbb8d16a15.yaml |  4 +-
 ...9505-a71d6df449db20ab9c26824728336769.yaml |  4 +-
 ...9506-188892e32d2c439c02d6eec7a4adfdb5.yaml |  4 +-
 ...9511-3b1d00a18f864c139ec613a9e0ffecf2.yaml |  4 +-
 ...9512-4ada8035109d6dc47e94b2c651edea20.yaml |  4 +-
 ...9513-4f94094a1cb01e1f7943775986788b65.yaml |  4 +-
 ...9516-61717663c17e62c7f08a76483f0eeff3.yaml |  4 +-
 ...9518-d21243f7c0461744fbee4b3ace491e32.yaml |  4 +-
 ...9519-7028a373145887022c971f45128fcdba.yaml |  4 +-
 ...9520-d51efaf8de0ecaf24f9a181bc5d20bee.yaml |  4 +-
 ...9523-2d450de1fce5683a098921397bf9fd03.yaml |  4 +-
 ...9524-5c7b076501be3d3c98666ffe30ae6a26.yaml |  4 +-
 ...9525-099ead226109d18c4bc71e3d4e743b55.yaml |  4 +-
 ...9527-c110f3311248c25cc2e6e53a20d9f8d7.yaml |  4 +-
 ...9528-52e4049030db45f1344545c480f7a4ef.yaml |  4 +-
 ...9531-0633b5d5c2288fd164f50f774a52dac5.yaml |  4 +-
 ...9532-f5fc5bca6e41d90a9454914bbfeeafc7.yaml |  4 +-
 ...9533-a3693c90a0060afc06ae1758aa95f75e.yaml |  4 +-
 ...9534-b91f6a56da52c114b3a84093ea345821.yaml |  4 +-
 ...9535-c5cd64fdc88a18d66954d78adc22f76d.yaml |  4 +-
 ...9536-b586a8ab64bee13c2ee807e747d50adb.yaml |  4 +-
 ...9537-862a8430206366dd5f1306f54a1da83a.yaml |  4 +-
 ...9538-c2a9c94ee32f4cfd4a8e1474373c16d3.yaml |  4 +-
 ...9539-503833e43a0634ab7984563e9c441bb9.yaml |  4 +-
 ...0765-7e99952543b7586dc6b3250a2122b0f9.yaml |  4 +-
 ...0769-6b1f692527a7829aa26f6946e0d77ddd.yaml |  4 +-
 ...0770-cf74b8fc2d5310123c3eee779bc13fa4.yaml |  4 +-
 ...0147-f1d9f474bbf4576d12894725bd74f389.yaml |  4 +-
 ...0152-885c0e7d869967a6d9428aa8fe4ebe55.yaml |  4 +-
 ...0112-8157d8b031515138cda4bb1e1c15680c.yaml |  4 +-
 ...0148-0cd25473d47849a11f534f0b196b97ae.yaml |  4 +-
 ...0705-b0d263ca65579d9d14b154cf891cd65e.yaml |  4 +-
 ...0706-2be7d29f9bb984978a5f99c0ed30a7ed.yaml |  4 +-
 ...0763-1b1736563be4cd48928200e2f20f46f4.yaml |  4 +-
 ...0867-e1b9583cb78e016115d982acbd157618.yaml |  4 +-
 ...0868-7567c31561b747bfa0cbc91d7005334d.yaml |  4 +-
 ...0869-28ac556db560c4dbe8e302546acf1314.yaml |  4 +-
 ...0870-a6e38c48f14b76ed761e5c6ec8e4f3ac.yaml |  4 +-
 ...0871-b628a5c29017f302cc9e3a317e522425.yaml |  4 +-
 ...0872-9c147c1fb503983534bc4ea0ae8ec8cf.yaml |  4 +-
 ...0873-ad22dd4e7945e819f768594bfd7f51a8.yaml |  4 +-
 ...0874-230f648691b91c6194be1f415c1bb8f9.yaml |  4 +-
 ...0875-434ae7a95fc78d705c7843354abb6396.yaml |  4 +-
 ...0876-01a81435c686a1247dfccda6d4fceb1e.yaml |  4 +-
 ...0877-b9526b8daaa2ae88bfa635ff810051bf.yaml |  4 +-
 ...0878-7382281cd5a556c25b2c10e2b81ec2b8.yaml |  4 +-
 ...0879-ac9a4353796cc2c432e6ec8cb3e235d2.yaml |  4 +-
 ...0880-96e3c232ce32c0e385509a8011930dfa.yaml |  4 +-
 ...0881-06e9ac1fc5b59d1b8d6fb6e9af4f3f0c.yaml |  4 +-
 ...0882-4201a049c4e3da0f1f472f8fab792578.yaml |  4 +-
 ...0883-268fe7ccb3ae756c66592ca513b99e93.yaml |  4 +-
 ...0884-492d26185e3f340adae3b16a9841dc89.yaml |  4 +-
 ...0885-eb8ded5298215dd0e82d0abb7c7916df.yaml |  4 +-
 ...0889-91308ce2ef066c70ca278e2e191864f4.yaml |  4 +-
 ...0891-be27c4b6992c035b340ec769cdb51351.yaml |  4 +-
 ...0892-b648d871623ad477887d3a2ad417ce75.yaml |  4 +-
 ...0893-a24d4eae978465f1c7539ec2afb5d89a.yaml |  4 +-
 ...0895-75c93ad74d45c10e07e436b9060dff63.yaml |  4 +-
 ...0896-da0195abc3fd621c83febd2fb7f0bcc9.yaml |  4 +-
 ...0897-9660e0224b9760d1af88fd4611d7d759.yaml |  4 +-
 ...0898-d59208c9d25614855049428d0906a55a.yaml |  4 +-
 ...0900-72e728e9748e016a77172519c9f57dce.yaml |  4 +-
 ...0901-e97ef8cef65f1238fc33971be91c7b6a.yaml |  4 +-
 ...0902-daafab6254624f5514eee093537d860d.yaml |  4 +-
 ...0903-f63791a8b82a8db6f6f51f822aa27ea8.yaml |  4 +-
 ...0911-da987af29928bc75b0d20d1e2162e5dd.yaml |  4 +-
 ...0912-ac061f34e871527fabbabb8afc45c209.yaml |  4 +-
 ...0914-373c3d1e9d0bf3f43f2574269f041f82.yaml |  4 +-
 ...0915-0ff521bb2f967b893b649e52f933e62e.yaml |  4 +-
 ...0918-2f3164fe48781902f2ffb82e4c682a7b.yaml |  4 +-
 ...0919-c1bbee5af74211de37a39642515f7de2.yaml |  4 +-
 ...0920-24f4d698ab0a491686fe5ba91eade3a1.yaml |  4 +-
 ...0925-12236d5bb8f3c06e72ec152e136c1986.yaml |  4 +-
 ...0928-1108320cabd88205cc0f43eb95edee22.yaml |  4 +-
 ...0929-e6b2b9642eaa28f30036533185d6907f.yaml |  4 +-
 ...0935-675cb8bcb438f10a9bd4c15d9cbed954.yaml |  4 +-
 ...0936-72b547593d28ba78083c2d30dcb45b59.yaml |  4 +-
 ...0939-2adf451d71caa92a7f7c155d4ef7aae4.yaml |  4 +-
 ...0940-d6a4a05c68d8a3214ff9eb4a728a2600.yaml |  4 +-
 ...0941-e253bc9eb60b3ba0170a2740ba27c2f4.yaml |  4 +-
 ...0942-f9c4a4753797c567682067fdd891aa71.yaml |  4 +-
 ...0943-11b8e915a665a007145e1d71a284462b.yaml |  4 +-
 ...0944-6df6e844abfccff24d48183d808487ab.yaml |  4 +-
 ...0945-39d9e91ebde9c4d0e5ed1e82b99b21f1.yaml |  4 +-
 ...0946-5b558ed2503b6bdcb6a02e6d5ffb6d95.yaml |  4 +-
 ...0947-e8e5df43b04b7f37f9a558b78548b1cb.yaml |  4 +-
 ...0949-3770a5a68072ae899f0f18af895e3c7e.yaml |  4 +-
 ...0950-28a2dfdb4b89718535fa7dedda6260e9.yaml |  4 +-
 ...0951-41d0ef3672db9c552872805c429ef89f.yaml |  4 +-
 ...0952-62f03cd88708d633c3bea1020189b887.yaml |  4 +-
 ...0953-27ec034aba5d4951c82cebc35f1cf5b5.yaml |  4 +-
 ...0959-2dab9495e3032fc043db0a21d11fd446.yaml |  4 +-
 ...0960-8435cd6b84481f3b14132a8d7f815c94.yaml |  4 +-
 ...0961-eec026409b2ce5ae4162f07361f714bc.yaml |  4 +-
 ...0962-c7d2eaa1bef247cc946f12a77351dbbb.yaml |  4 +-
 ...0963-1b90a29b0e05edb9e0100d5bac6dd543.yaml |  4 +-
 ...0964-266cec63957d7dffbe45528e32eb40a1.yaml |  4 +-
 ...0970-ce31848b731129452978ca83014199c1.yaml |  4 +-
 ...0974-656ffc00f499b97cc92334beba62fc4e.yaml |  4 +-
 ...0978-18c927eeaab747daf8dbc085388c3619.yaml |  4 +-
 ...0979-b1f4f06fa1d08e23be33495079a7bf7e.yaml |  4 +-
 ...0981-4f2a3c77ca82525aff6c0c722c03bbb8.yaml |  4 +-
 ...0982-e343250b5d78372d282c8933d6d57ce1.yaml |  4 +-
 ...0987-99d48d97197070fa6f8afc1ea6ec2bed.yaml |  4 +-
 ...0988-aa03d96ef5988adea4feb7a4e959e6b8.yaml |  4 +-
 ...0989-e628e638290643fc84f3ec2a1da56d28.yaml |  4 +-
 ...0991-348a1a0272fab4e16c4ec4e28b1cc2f1.yaml |  4 +-
 ...0992-f2983beb380d477fba46a5c5deed43dd.yaml |  4 +-
 ...0993-88013bc8aa189f38a19a59f4e02b7e1e.yaml |  4 +-
 ...0996-8105121190d01c38a4c87c0ee0fe8654.yaml |  4 +-
 ...0997-430614badd7183227eb02d22143e3a52.yaml |  4 +-
 ...0998-427c0efd9f4fe0120009a410add6694b.yaml |  4 +-
 ...1001-e52fe8ccbb854729b4cd4efd3c029a6b.yaml |  4 +-
 ...1004-a2b478ab05dc0dd0616e45e762ef893a.yaml | 12 ++--
 ...1008-916c5b9976a17729e06d1b6fb0458ebf.yaml |  4 +-
 ...1009-7137b8fac252650babdfc2fa8502b307.yaml |  4 +-
 ...1010-875ad9422b6c5059d922fea2bec00a1f.yaml |  4 +-
 ...1012-753b1cfc0cff5215c4137639d86b10b2.yaml |  4 +-
 ...1085-658febabd8f8ee9b00c71e69efcbac2c.yaml |  4 +-
 ...1160-7d31af080da908940b0bf5332e53662b.yaml |  4 +-
 ...1564-1793fc29de6c51f3e1cf00f2d46b91e7.yaml |  4 +-
 ...4566-531502c1a73b5136edeed41b3c25b40a.yaml |  4 +-
 ...4567-6dae0916c42cb6d2e594be15be242836.yaml |  4 +-
 ...4812-050d7cb19f5f214c16e87b6deb3805d1.yaml |  4 +-
 ...4827-c124fe326fda2227cda364e6977789ed.yaml |  4 +-
 ...4833-acc6eb8dd4e1bc540251436012892eb1.yaml |  4 +-
 ...5832-06eaa8e1425630a567e0b531b6144921.yaml |  4 +-
 ...5833-b4ae1cbd422cc707f6a60d7100bb98f1.yaml |  4 +-
 ...5834-189bad7014e697047ef9a98286efd4ba.yaml |  4 +-
 ...5837-3556353803358c712408f57b48c86c15.yaml |  4 +-
 ...6565-4a8d217f64c4cdfb18ee166f8cd3bec7.yaml |  4 +-
 ...6634-dda97c7f3b2cab605b5ded8dc805330d.yaml |  4 +-
 ...6635-f53eb1a5057e991c005e324155224f96.yaml |  4 +-
 ...6897-793575cb782549abec6279e8981305af.yaml |  4 +-
 ...7168-c9150acbdbbdbe684264580cb26cfc8d.yaml |  4 +-
 ...7169-68cd0d8404410b84b22d009411f84df8.yaml |  4 +-
 ...0038-13c50b13a503600e0189283b0a2ceddd.yaml |  4 +-
 ...0170-49f7af60a7d6ca8e6785ad7873768f2a.yaml | 12 ++--
 ...0227-26ee088c8368fd2a8bcecfc18ae8bb11.yaml |  4 +-
 ...0227-ab49cd0603fd2aad8bd2addfd19e8e37.yaml |  4 +-
 ...2000-719ff6e603e56a8355496bcf6077970d.yaml |  4 +-
 ...2010-c2edf18b1dc2c5d697f81727cd0bac3f.yaml |  4 +-
 ...2011-f04fb223e6bc1b82dc5e818d9e40fb20.yaml |  4 +-
 ...2020-ed4e4356cd22d0451cce02bf7c3fe0f8.yaml |  4 +-
 ...2022-ddf10b902ecdb6f3ecf20febec84cbe8.yaml |  4 +-
 ...2025-1b2dceeb5f112c4d4e1d47bb3fb62e6f.yaml |  4 +-
 ...2026-3faf59fe255a23ab6371375fbe88c459.yaml |  4 +-
 ...2027-9a2bf7d17126275dce9aeca280888e4f.yaml |  4 +-
 ...0991-d323b2ee541571a78879d377867cb57c.yaml |  4 +-
 ...1658-b300eab2789f0638494228aea0ada3b0.yaml |  4 +-
 ...2068-1b4409ad110c3c389ee584578fde5c3f.yaml |  4 +-
 ...2131-ded406378489866866417fd6ec210840.yaml |  4 +-
 ...2200-299e26f66452f89b69cd95a12049938a.yaml |  4 +-
 ...2651-c17200ba4236119c0958120e5b5ef5cb.yaml |  4 +-
 ...2946-c2574a7a9b79ad452c99c332f592fe5f.yaml |  4 +-
 ...2947-f615078fb53a8f47f20c6cb2792c121c.yaml |  4 +-
 ...2948-618eabaed47a418425ba258f61366c0d.yaml |  4 +-
 ...2949-c5c5fe7ae04b300c4245ab22359369aa.yaml |  4 +-
 ...2977-7d9c26b229d5c8003d8d09b623e0e129.yaml |  4 +-
 ...3138-c39e88fb98a263a4718fa22351cd75a3.yaml |  4 +-
 ...4126-e0584db35cbb9869be95ba6010b7c0f4.yaml |  4 +-
 ...4530-44c866df4156e18647ea081befd62b4f.yaml |  4 +-
 ...4718-07ca900da4dc5001e6cb25234fc6e73d.yaml |  4 +-
 ...4720-2bba5d9d8ab9c1e3d8162257b423cea8.yaml |  4 +-
 ...4721-c8fd14ca7da27ed4c689b2c4e745761c.yaml |  4 +-
 ...4724-77d0dd5a2fc10c56c574031709910e3c.yaml |  4 +-
 ...4726-c64e96aaac6f414a27f722db57e620e7.yaml |  4 +-
 ...4751-1a1e231870f2d36ae969bc3201047b95.yaml |  4 +-
 ...4842-43a98edb387e539611a5da070feef314.yaml |  4 +-
 ...4843-b8bed2657e8d7d4ab8d4bb6fbdc93698.yaml |  4 +-
 ...4844-398be83e4279f1a443c4d3cb2c5b8198.yaml |  4 +-
 ...4845-a6893186307907fca26272a54fd950bf.yaml |  4 +-
 ...4846-6c841a99daf37cae6f46cd0d753efccb.yaml |  4 +-
 ...4847-00968ba3e8c09884c42e4fbfc8959579.yaml |  4 +-
 ...4848-d1dc7536ba0bbf23ad7893c422769d48.yaml |  4 +-
 ...5375-251f38cefaa8d1370dc48f71e7aae210.yaml |  4 +-
 ...5812-84cb3311236885a9e904cbe429619629.yaml |  4 +-
 ...5867-933c9d4b3eacccddbe4abc821f273b41.yaml |  4 +-
 ...6815-718986dcd5947a1beb7efad526e28827.yaml |  4 +-
 ...6955-94786cf22c04d1dd0ce4fe28ab98e98a.yaml |  4 +-
 ...7059-95db80ffd1d934591e0e0a483a99236e.yaml |  4 +-
 ...7091-3dc787f0bf6215df748b832ffc87f8cd.yaml |  4 +-
 ...7092-7665a25ea15e9e9b2d624d595bf5298e.yaml |  4 +-
 ...7093-6afe85808d3f8414da9c4627bea64467.yaml |  4 +-
 ...7096-3504e7e5ce554ea17877d4ad4d619862.yaml |  4 +-
 ...7451-6435ffbe89f0f4a16cb704e9095f5d40.yaml |  4 +-
 ...7719-31a7c57e145b1990f031344b13acb01b.yaml |  4 +-
 ...7744-afd7cbc1a6da1a4ae770134f7fa61d59.yaml |  4 +-
 ...7753-888fd755a466f61b6b5975477e6bfb5b.yaml |  4 +-
 ...7780-167d9672411be44feb72a5175fd0987c.yaml | 14 ++---
 ...7869-fe1f1b8568ab900402e4ee21af348064.yaml |  4 +-
 ...8010-5d316e62377c24672c816fca478bdf84.yaml |  4 +-
 ...8011-9960c486a0af8a01fba712be84f42610.yaml |  4 +-
 ...8012-7afc53a437871814faec30b27e8447a5.yaml |  4 +-
 ...8015-7bc3b9cd6e8ea033c22ca8523f43d4e5.yaml |  4 +-
 ...8032-dc6aa910a851ae74e5606d96e36b1052.yaml |  4 +-
 ...8356-aca82f89029d85161f52ea200f7cad49.yaml |  4 +-
 ...8487-4e7aa84fdbb125f3fa6adbf786ab8d90.yaml |  4 +-
 ...8488-ec758abe67d8493d911d656fdfa690f2.yaml |  4 +-
 ...8492-008dc0e9968f6799131ae4b8b208b112.yaml |  4 +-
 ...8495-8536de3de245d6a4ab6eeac77e95e618.yaml |  4 +-
 ...8497-fbafef1583d66ee6ba3521f29ba434a8.yaml |  4 +-
 ...8499-d87695af989823f3f60bb3499466b104.yaml |  4 +-
 ...8501-70c3e0a35f7627ffa035ef5b1d41e423.yaml |  4 +-
 ...8502-6e4e8347273d5c0e2b6b13d913498882.yaml |  4 +-
 ...8503-f47b58aa7a47ddf3e1cee744a91d58ee.yaml |  4 +-
 ...8504-61a96d10635962decc1ce6046743090a.yaml |  4 +-
 ...8505-df50b4bafe4c4501f744155f1ffc2d55.yaml |  4 +-
 ...8506-7e729c66876df948651c9d3837d1f01c.yaml |  4 +-
 ...8507-0afdcc5a66b8604c315ccd15a101d49e.yaml |  4 +-
 ...8508-e810e3355fe67bdcfcad0632d29d1e56.yaml |  4 +-
 ...8510-aea09105f0f61d6ceb820ac11ed09e51.yaml |  4 +-
 ...8511-e7cf3375d8a38efd1be42356dbb74de4.yaml |  4 +-
 ...8512-62fd42906a2acfa6303c130d21470bd3.yaml |  4 +-
 ...8513-05079d9697e3f59f6cb3b3fffd76d6cd.yaml |  4 +-
 ...8515-4533ca9d47b3b4f7b077cc893cacad61.yaml |  4 +-
 ...8516-b2f000587e20cf237a45ef2d6036a9a0.yaml |  4 +-
 ...8518-6356cf8af8f87c1115ab1b364de5897a.yaml |  4 +-
 ...8519-f9650549fbf42fb03bc206714accabe1.yaml |  4 +-
 ...8520-2e7b0b07966525201b04f4b815659d00.yaml |  4 +-
 ...8521-a76e6fad4bf5d5ba93f81a78338ef54e.yaml |  4 +-
 ...8522-af90005e3634d51c613c584f0861c0a2.yaml |  4 +-
 ...8523-77b95b2fd3fc9982f02a243980235615.yaml |  4 +-
 ...8524-924ca2bb4d17021fd01ade1e50b5f40f.yaml |  4 +-
 ...8525-68c192a64ec1c6719c741f7b5a598887.yaml |  4 +-
 ...8526-61f56b8a3def3b7154a28f2e5a9ff0a6.yaml |  4 +-
 ...8527-b86bab5c8fb0747eadd8257097e9b226.yaml |  4 +-
 ...8528-3c928fa432700e9d8d2c446de566746a.yaml |  4 +-
 ...8531-942951937c68cc5db7a5bc776617ab05.yaml |  4 +-
 ...8533-94ba05091d5c1c002f96ded27dad7e5c.yaml |  4 +-
 ...8535-43890f1f23768c00ae2a757d58110ef2.yaml |  4 +-
 ...8536-bdfa460006d70b85bf4366e301016193.yaml |  4 +-
 ...8538-09a7bcc8ea30f2211fb747659d8fc0b2.yaml |  4 +-
 ...8539-078737c487b7cb7dd59dfa47479456c5.yaml |  4 +-
 ...8540-721a4bb5a70d51824521f6e59c15ccd0.yaml |  4 +-
 ...8541-0d6d2e1e75a3d7c24aa16b9420abf358.yaml |  4 +-
 ...8542-83e7004306bfbb58dbc0b94ba733c14a.yaml |  4 +-
 ...8544-378de5a4c8a761e6f865e9b293282366.yaml |  4 +-
 ...8546-a6cb60a315c6c7a94894e2123d4f4da7.yaml |  4 +-
 ...8547-a591950f40f9d0373366c6581aa5c23f.yaml |  4 +-
 ...8554-8f9bc8ffd93a472c3d732de50d85129c.yaml |  4 +-
 ...8556-1758588699ac13a0da770bd7cd456b77.yaml |  4 +-
 ...8559-6e2fc253c488c9fb6b9867ac9b52ef35.yaml |  4 +-
 ...8561-ce946f2b4359bb7fac48391b993074ae.yaml |  4 +-
 ...8563-9a3fa62818d09a4c2a4693cadbb72035.yaml |  4 +-
 ...8566-19953c61fa61f206c9ea957d11e2d617.yaml |  4 +-
 ...8567-655d94e53e4a588a8f5f35013abd45f6.yaml |  4 +-
 ...8570-84b6699e5f738c5aa2a22a553abe9531.yaml |  4 +-
 ...8576-a1a48fe23ddfed810a2068245669c30f.yaml |  4 +-
 ...8577-324bc23c2f374afaaf9c80c2964d5db4.yaml |  4 +-
 ...8578-10ee5b6870d72574cd2ceacdf76db39e.yaml |  4 +-
 ...8579-490cf4e76b6c86f1bd637de80c3840f0.yaml |  4 +-
 ...8580-235127c1445e6eee4f6de6fb13cf776e.yaml |  4 +-
 ...8582-f2aba70ce8a44005876e1620c7a6d111.yaml |  4 +-
 ...8585-4146040381375fe3470534dfb0d8c368.yaml |  4 +-
 ...8586-20a34e507c4fa6283c8c06e9c7d18117.yaml |  4 +-
 ...8593-c3cfc3a43625bfa414c3f27665757d46.yaml |  4 +-
 ...8597-8a2f1e9cb4e65657070d3644661c86c5.yaml |  4 +-
 ...8598-e6cabe992a07b751187d2c7299c53fb6.yaml |  4 +-
 ...8600-633d0b293826c4a61b61e1d3210e0346.yaml |  4 +-
 ...8601-1cb146595e5a6af092ba6cf697572ca5.yaml |  4 +-
 ...8602-1c6e8ef696086c4cf5cf1464c84048ce.yaml |  4 +-
 ...8606-45a743f5d162595c13c7d51a595d52ef.yaml |  4 +-
 ...8607-ed2bbae23b6c0e2ec39d5d24fb1592c1.yaml |  4 +-
 ...8608-ad069f3a56279cbff65458936b83abde.yaml |  4 +-
 ...8609-b42951305c8f37d90390c15daed2c5f3.yaml |  4 +-
 ...8610-83aff6544a7c919044e1d77f749ea1cb.yaml |  4 +-
 ...8611-57123cd71067e91d2b8fed604519bb45.yaml |  4 +-
 ...8613-68ca9f8a242a5c678fbfe7eb11cba349.yaml |  4 +-
 ...8614-738043af82effea7b721b2ac598247ee.yaml |  4 +-
 ...8615-703cbb2bd8ca38850245b92d6dc648dc.yaml |  4 +-
 ...8634-f7df930f39831ca9c998366434d0f175.yaml |  4 +-
 ...0053-362c09e706e4df3c312dbda6ffdf171c.yaml |  4 +-
 ...0054-dd0f7c53e188e7bf56ca28fcdda5f28e.yaml |  4 +-
 ...0055-3ecd0cc847951c575bdce3ab52ae1765.yaml |  4 +-
 ...0056-f899587161f02b977d621dc3afe7bca7.yaml |  4 +-
 ...0090-6765f94f6a40bfeac4a799a7a22b461e.yaml |  4 +-
 ...0108-1d7d7c5febd898bd86b248bdd1c64ad3.yaml |  4 +-
 ...2136-b396ad7ddae66e7db7a5d4c1747eea0d.yaml |  4 +-
 ...2168-cb489cb39876b1f1dad08fd79397698a.yaml | 14 ++---
 ...2169-791eff0c2052bc2e9edb50c4e621f28e.yaml |  4 +-
 ...2187-245c40ef7971bdcc79b4668a4d4b1ccf.yaml |  4 +-
 ...2195-ae474b19622d960a9a30327a508a7a8c.yaml |  4 +-
 ...2222-a980d40221670f484b92312f4acbd125.yaml |  4 +-
 ...2224-4f2124ce38e5b11836dd224eb87f80c1.yaml |  4 +-
 ...2243-d3aee972ef803bd73b594546fe5f08d6.yaml |  4 +-
 ...2285-237f33dd283cbe8ba991ef6c6d099f49.yaml |  4 +-
 ...5488-54dec93948946561e928da0b2ec5342b.yaml |  4 +-
 ...5489-39916ed0568dcf6437aaa303323a2034.yaml |  4 +-
 ...5490-e104142bc1fb6f9114a1a8ff34f8d8a2.yaml |  4 +-
 ...5492-bcdd353c7595eb2f2eb76b75cc1e43b8.yaml |  4 +-
 ...5610-fd782d56e4b98d3f89d6bafb5ab8e0f0.yaml |  4 +-
 ...5611-23c7538b5ae837a8600364853bf7a88b.yaml |  4 +-
 ...5612-ccba560ddddde5bfcc32d210efed4a87.yaml |  4 +-
 ...6096-367d3a73f5196cd91ac495a3ac0b62f5.yaml |  4 +-
 ...6097-d853b0e423f8ed0a8520b3730f92bb07.yaml |  4 +-
 ...6098-0ae464a32aa65e97054ff65a6cd1aac7.yaml |  4 +-
 ...6102-b501e58c10633b07f2bbf5ed16ac706e.yaml |  4 +-
 ...6103-180f313b58923b98a121e2e279750680.yaml |  4 +-
 ...6570-61f3e3f11790d6bb7105200ca41924cd.yaml |  4 +-
 ...6571-ab348c720a0710e52e24c076c92c0cb1.yaml |  4 +-
 ...6572-2a026b3abf7a570fa9c1168601d16d6c.yaml |  4 +-
 ...6573-9f041e8fa181897986208bfc1b4d15f9.yaml |  4 +-
 ...6574-d349201003f1e073b123310455ca065d.yaml |  4 +-
 ...6575-71386814122d58a47245526972d56d40.yaml |  4 +-
 ...6576-346d51a39433f3f2e66028061115352b.yaml |  4 +-
 ...6577-56b6a95b36a0bf98a099f526d08412cb.yaml |  4 +-
 ...6578-882cb2013f62250b85eee3042b3892e0.yaml |  4 +-
 ...6814-149dcf7cdb4497ad56e6c587550c43ab.yaml |  4 +-
 ...6817-7c8aa1bb9118332e4c00a1f8fbc13540.yaml |  4 +-
 ...6818-0a8a35fbbc78dd50ed9a1fd51d25c173.yaml |  4 +-
 ...6819-25c3fb96e305a88e28c455667db0b60d.yaml |  4 +-
 ...6954-8dce3163a90bed75fd5b9e557a28f3b3.yaml |  4 +-
 ...7723-e3f24a45c97373cce269e0ae75379f47.yaml |  4 +-
 ...8099-8475202b9f0509bc3f7f733c6c0c1b7b.yaml |  4 +-
 ...8875-b85e6f076cf78bc83dad21e66d70a2d9.yaml |  4 +-
 ...9061-2059eacfa2b817cc7e2dee40b1d8ccd8.yaml |  4 +-
 ...9063-b31baacf3424b6f807916c83cd50d239.yaml |  4 +-
 ...9064-fa8a087263ff15310b12026bf0398947.yaml |  4 +-
 ...9065-e8d59ad5e812b7bb724e8a40d7c112fd.yaml |  4 +-
 ...9337-c99fdfdd6f51accf3ed6f44f28e23a84.yaml |  4 +-
 ...9418-b810e04fd2ee9ba72626a776c33f0a7b.yaml |  4 +-
 ...9419-8eccd870a6d15f799494bf58d6a610b0.yaml |  4 +-
 ...9429-b6feac7a7902db970215a4fc933d4825.yaml |  4 +-
 ...9603-b2a0f64728c134eb1a214207f2b340c0.yaml |  4 +-
 ...0511-ad6eca81b2e556f270b3ae3f5090cf96.yaml |  4 +-
 ...0546-6542eb9293767f9620f37e7f59fd2a40.yaml |  4 +-
 ...0547-d244aad713442e8917ed457759893c6e.yaml |  4 +-
 ...0576-bf648a28f236904436ac42427351efb1.yaml |  4 +-
 ...0577-7149f44d871608d660e807410983089b.yaml |  4 +-
 ...0587-caa94527ec89b606495dedb1b363e9ed.yaml |  4 +-
 ...0602-865ecb5d1f3a9d92057b3c2510337cb0.yaml |  4 +-
 ...0603-363cf849a90f39fbc05b59e8ab91a270.yaml |  4 +-
 ...0642-3af842e4b028602d05da06af8493bf21.yaml |  4 +-
 ...0172-ac32959f74b06f08f41c35d9de9637f2.yaml |  4 +-
 ...0504-660c79b80e87c9453730e77d4013c8f0.yaml |  4 +-
 ...0506-3d637613552d802b9173bc064749bb1c.yaml |  4 +-
 ...2000-33bf8f8eb63499d2436cf7f9e5a448fa.yaml |  4 +-
 ...2005-53f4d866310c8c093dd280b48d69df62.yaml |  4 +-
 ...2006-3c224c321d9ba7c36132b340a7d491de.yaml |  4 +-
 ...0102-451f562a663eda2ff6d506be6cf980bd.yaml |  4 +-
 ...0233-a6054d32c09f0a33057b0746bec92f89.yaml |  4 +-
 ...0234-08b6d9dc73cde56d748bcfad89022c1b.yaml |  4 +-
 ...0301-81a1379b5306a9cfccfcaaf08bd3abdb.yaml |  4 +-
 ...0309-d2ced4606aa87805c35fba9cf8d5be3f.yaml |  4 +-
 ...0310-c62e1a09b5d25064f2b824e42c65ea26.yaml |  4 +-
 ...0371-0533a60780cf9a211a23b93d336f2dae.yaml |  4 +-
 ...0752-42f689e89098e402a672dac5ec8f6c89.yaml |  4 +-
 ...1105-66eb7f5c446de79e267dceb74a880097.yaml |  4 +-
 ...1244-9d3718684afa0305d0420944743522e1.yaml |  4 +-
 ...1366-cfd6c4a67043af04f9e4f98a73eab3fa.yaml |  4 +-
 ...1485-c0b1d947b4291937f57429344da7ac74.yaml |  4 +-
 ...1486-cd59c1c91da7bd7850f2d8eefef7525f.yaml |  4 +-
 ...1579-0167f45d0f324e4791bf42a58fe0f3d4.yaml |  4 +-
 ...2636-8a1c6c8c0e2f1e2277e0443f4946d572.yaml |  4 +-
 ...2895-8cfb86a7329c0d8dd964b15f121c0465.yaml |  4 +-
 ...3136-a3c4d74b63323bef472fb10b591d6314.yaml |  4 +-
 ...3137-ee6754b66c3dcc79f507ad42121825d8.yaml |  4 +-
 ...3832-adf6fd1cec72a101892ceb2db93bece6.yaml |  4 +-
 ...4028-70d9b727752f76af972d40070c1204ab.yaml |  4 +-
 ...4071-381d6cb0faea51f097b85258ee0a1587.yaml |  4 +-
 ...4846-962810e9bfe68aabdf565feb933a98a3.yaml |  4 +-
 ...6164-209b175b2921345ce72870696dcb5d5d.yaml |  4 +-
 ...6173-6d3b26eeb9dd4b508b1794df4cfed998.yaml |  4 +-
 ...6175-d5338c51a39110eb82434918065d2ccd.yaml |  4 +-
 ...6204-877bab778ddda7032844b19d4fdbee7a.yaml |  4 +-
 ...6206-e9caa2ebc5663770aed9ca1501187910.yaml |  4 +-
 ...6285-656244efbeeadce5c71da45e29bb9a67.yaml |  4 +-
 ...6966-6943b3fa4f51347e8c8fc20d043e8814.yaml |  4 +-
 ...6967-e2709c74f557b8f05efa6466674d741e.yaml |  4 +-
 ...7138-1318af711c3fe0fec9bc7d351421ab5e.yaml |  4 +-
 ...7140-05b1f0bb86ade4c6c32252e799c74986.yaml |  4 +-
 ...7583-87d8a616e4f6cf2eb5659e011debac27.yaml |  4 +-
 ...7584-c154f039f669a6109ec8e5a85b87164a.yaml |  4 +-
 ...7585-5c10da7a2c723b79d143625ddb915594.yaml |  4 +-
 ...7586-34c60f50f8424840987ed5ec10c2ec3b.yaml |  4 +-
 ...7866-c040e1b7f1d715ec00a05b885aa3bea9.yaml |  4 +-
 ...7884-d1ded0c2f1b1f7a73c6770c120be62b6.yaml |  4 +-
 ...7947-2c0772cee08d9dbe384d352f3239ef5e.yaml |  4 +-
 ...8017-f81d8e9ecaded3d70e2eeaa0f98dacf3.yaml |  4 +-
 ...8018-ffb6abfc1462cb6dac9fb7d1f9f94e2a.yaml |  4 +-
 ...8019-c799988a889ed03a659b8598e8dac08b.yaml |  4 +-
 ...8373-df4750e020fd99b1db3b233a3a40020d.yaml |  4 +-
 ...8379-d8cb62391dd6a20fc4b59fa893c8943a.yaml |  4 +-
 ...8460-39656d176cfde17eb173675dd34ae675.yaml |  4 +-
 ...8872-8b25a4024805d97b0bbe39b2b083bd09.yaml |  4 +-
 ...8919-74293ce2d79dd2a7920de3a46ed52f1d.yaml |  4 +-
 ...9287-e6738d3799e5a12b0457c2f4dc805c15.yaml |  4 +-
 ...9370-3ea36d65c6ea5b35072fe01e09307dfa.yaml |  4 +-
 ...9487-8605cf70b09f39b80921d3235eaa5a54.yaml | 12 ++--
 ...9488-8b266025d0f3695c542ad07de2e9b34c.yaml | 12 ++--
 ...9564-139542bed79cb071600ed5c3c1e9d45c.yaml |  4 +-
 ...9796-561eff22a0971cf174004fe156be75cb.yaml |  4 +-
 ...0101-99e4e1e27563f717d9f8c278b33423ac.yaml |  4 +-
 ...0149-da357866cfc2e11d1d8ab076887b6560.yaml |  4 +-
 ...0152-b56f368057104a536902fcd79d840f4c.yaml |  4 +-
 ...0153-5a29aa05e41b6793e5d21a4fcf5c84c5.yaml |  4 +-
 ...0154-27c270156b5cf78eb4bb31035b7f5db8.yaml |  4 +-
 ...0155-a8309537878561527873c9aaba1b29f6.yaml |  4 +-
 ...0231-f066ce4a5d628014aa8c478503783258.yaml |  4 +-
 ...0368-1f1264fb01a80102a1939e77505f347e.yaml |  4 +-
 ...0462-0c697c5c96080eeecc8327290c3e4bbc.yaml |  4 +-
 ...0838-8f9fba5d47d60ee8f1aec9a71b4f7e8a.yaml |  4 +-
 ...0963-2c888a383975451b85f071f96c07a849.yaml |  4 +-
 ...0964-523f9782716d9d1f6a85039ec487ef5a.yaml |  4 +-
 ...0966-ae7ec62fe186e1a7a30df795c82f42a1.yaml |  4 +-
 ...0967-c7addb8e32d754a1c27b6eb5611849e7.yaml |  4 +-
 ...0968-e989541539b3897cd4ab2d9eb3394079.yaml |  4 +-
 ...0971-c1356627585be8298fc5154daa83bb1f.yaml |  4 +-
 ...0972-df1246639b8669a251f2bf76a6725ade.yaml |  4 +-
 ...0974-e2ad97f33f7abd91ea501d6e3cf80275.yaml |  4 +-
 ...0977-4e93731af3497ed66d721b94ba1ecb7d.yaml |  4 +-
 ...0978-c459c6390d6920d9836ff6f1ec3a05e1.yaml |  4 +-
 ...0979-6e59234554b04ec8d40e5e3ef21541b6.yaml |  4 +-
 ...0982-315158d01f8d35cf2208dddc8f7964b3.yaml |  4 +-
 ...0983-6bed45cc7ffa2c1423965f9f86a13b79.yaml |  4 +-
 ...0986-a56a7a539382d6f88ae2afe6cc65c72c.yaml |  4 +-
 ...0988-82c5164bc77f066c7a8d33b886720225.yaml |  4 +-
 ...1001-ee36904a88935929b3b15a0e036819ac.yaml |  4 +-
 ...1002-8bc92a63825b5e282b7e5f164f2d0274.yaml |  4 +-
 ...1006-7d2d77fb555165867755ecf651af34c0.yaml |  4 +-
 ...1012-aed7ae7e4d2ac15e64bf03771c3aeb20.yaml |  4 +-
 ...1013-7ec2393a2db75328cb78362c45e273f6.yaml |  4 +-
 ...1014-1cf8853774794c9a185058bff3041a9d.yaml |  4 +-
 ...5212-49034c31f1dba0715c18246f4dd38cde.yaml |  4 +-
 ...5213-d77dd6f710585ae9ffaedbfddc152d76.yaml |  4 +-
 ...5214-3bc3a29ed4f22f4e728217981dd51f12.yaml |  4 +-
 ...5284-eaace189d52939bb1c67d181a1aa5e03.yaml |  4 +-
 ...5285-807cd0a33bfd97782e746e860be1d566.yaml |  4 +-
 ...5286-363e85a87b5e31a1dda22e9466545bd8.yaml |  4 +-
 ...5288-79116f6e6f3436dd311270ae51db9449.yaml |  4 +-
 ...5292-034ab84e882013699ca86030c39bb7c1.yaml |  4 +-
 ...5293-567c0bab82561630aea9403749f896f8.yaml |  4 +-
 ...5311-0574327d2925f2e5b1baa6cdafa54603.yaml |  4 +-
 ...5312-92b868ab957b2d6b33921f7b3f3c0643.yaml |  4 +-
 ...5316-436125bac0484b579189e9f21786e904.yaml |  4 +-
 ...5361-e95762dedf29574050fd40fac42c78ac.yaml |  4 +-
 ...5362-3ba8578c9b517b602d4e446e82ee6f17.yaml |  4 +-
 ...5363-485a36eabec5f4b9943990f0033b308d.yaml |  4 +-
 ...5364-ddb8a7f2865d6d7dbea16193f41bd919.yaml |  4 +-
 ...5366-c384382f7d3c6321e1b275243f5d2c28.yaml |  4 +-
 ...5367-f4fb22207f3c1928cb95d88c1e1f82b7.yaml |  4 +-
 ...5368-e8f7e29f1dbade4dd38e32bd0037d5fe.yaml |  4 +-
 ...5369-acbdf42f0c9734064513cf6368d19553.yaml |  4 +-
 ...5372-0cd68afb7b6d648c1cc92eb32c923eff.yaml |  4 +-
 ...5373-5e7c4bc77fb9b2b637c41f55c55733f0.yaml |  4 +-
 ...5374-801a0dacfdb031773ac30c73693f41e6.yaml |  4 +-
 ...5651-1955d2bf9e3369181a1e0d457e568aab.yaml |  4 +-
 ...5652-854c79af36aba0da3346494de4eaf39a.yaml |  4 +-
 ...5654-9052f6be826c55f21c5dca387bdd8f58.yaml |  4 +-
 ...5655-2f71afc8c2d9293f41fbc23cbef8e12e.yaml |  4 +-
 ...5656-c4fa0744bf528288e2b344cf15e3e525.yaml |  4 +-
 ...5657-ff98de6f26943739c7dc560ade3e2c7d.yaml |  4 +-
 ...5658-c4c0b94844e7f594c58f973ae84c6505.yaml |  4 +-
 ...5659-2fca652bdc1152658ff99e932f826e15.yaml |  4 +-
 ...5660-aeeb6c4c51959fc6de4f70bfbf031f53.yaml |  4 +-
 ...5661-9a185bb7031cc9ee6aedfd50f633a1fb.yaml |  4 +-
 ...5662-40faedf6e59dffdfc7f0e36dcf3aadb5.yaml |  4 +-
 ...5663-6e94975f5a72379b4c113015c234f26e.yaml |  4 +-
 ...5664-3f9a61f980dbe211de3420fd4e108af4.yaml |  4 +-
 ...5665-c26b1839d934a6c01fe10cd6a0d67c39.yaml |  4 +-
 ...5666-3e7642452405a4b08d52483d238d4dd9.yaml |  4 +-
 ...5667-913904da9b37e5de5dab8db2c48cdd1a.yaml |  4 +-
 ...5668-b32bcea1f07567d61bc53250e86795f7.yaml |  4 +-
 ...5669-9859097987f0e7ca79e11ace81cfa3fa.yaml |  4 +-
 ...5670-c3498fe08662af21fd3da077be763084.yaml |  4 +-
 ...5671-78f758aca2b7adcaf11ee6e697616163.yaml |  4 +-
 ...5672-6a9d80e8fa30f682db502c67279e3ece.yaml |  4 +-
 ...5673-0cfb154efea7a6cd97d79b7c9bd11b19.yaml |  4 +-
 ...5695-15e650b4ee038f777984c647938b664a.yaml |  4 +-
 ...5776-88414da74c1432faaa821c60e30d70e4.yaml |  4 +-
 ...6001-4c3c497ff4bf73b3f95e774197f4a725.yaml |  4 +-
 ...6002-aae33717a53aff7e44346754fe498f79.yaml |  4 +-
 ...6194-3ea0e1871dec257bfd7cde582f2ade2e.yaml |  4 +-
 ...6357-6c3ed40b4545418647bb281d1735150e.yaml |  4 +-
 ...6465-4ba37fc25b6b62478d53951a81386aeb.yaml |  4 +-
 ...6466-4f5e1d138ae43eaa500111874f55d52e.yaml |  4 +-
 ...6468-0e4fc74efc949999cf345512b761619e.yaml |  4 +-
 ...6469-3bc9ed0b3cbfe53ac89e5748fc0bf57c.yaml |  4 +-
 ...6943-dac7bdda4e28b985a7da6425e9bc4314.yaml |  4 +-
 ...6944-e00b98ac8c54622a944850cb2d386b43.yaml |  4 +-
 ...7280-ea56b6fc3599b19cc9355c178eadf7c8.yaml |  4 +-
 ...7543-2e6e6e36243681b3cf144f17aaebf064.yaml |  4 +-
 ...8729-55d5b1ab7109cbfd7cdac31ba9a767d2.yaml |  4 +-
 ...9020-fb28659ef74c6816e9ff94aaba73e076.yaml |  4 +-
 ...9034-88fcfbe0235fbfcf5894d075044bc4db.yaml |  4 +-
 ...9172-95115eb6cd7773daea0c3290d4bc4306.yaml |  4 +-
 ...9844-90d37fd2fba0470460729c814dc702e8.yaml |  4 +-
 ...9864-875e2588a6c7f11db1b0d18dfa5a3b24.yaml |  4 +-
 ...0034-19dc9eaf0f82c574889586e002e668f6.yaml |  4 +-
 ...0104-0dc6cfa3fba0c385fc2da9ea78090e2f.yaml |  4 +-
 ...0673-913680c7cc113c5e372d717a86269c4e.yaml |  4 +-
 ...0864-4c0f6a08d37bb188811061a17ff42cfa.yaml |  4 +-
 ...0866-b584bc3add37b438ea9f7d52a53c499d.yaml |  4 +-
 ...0869-4bc78371b9a6176130f5ed1b3336f728.yaml |  4 +-
 ...1557-0dd2df3f5b8d5d1265b1558506e0a48b.yaml |  4 +-
 ...1590-bc7687f3a38eb76862d41bf156e272e2.yaml |  4 +-
 ...1591-b9705619b7c26905bbb7df74ccb4fdad.yaml |  4 +-
 ...1871-aeb1af030c75596a2eb738838b5e8bf8.yaml |  4 +-
 ...2239-96e25e69c7f878ae73c7f29f99c97760.yaml |  4 +-
 ...2346-27f647997621b679fa1b99cbf345bdbe.yaml |  4 +-
 ...2516-3395165ceb6b70322e35bead04697388.yaml |  4 +-
 ...2517-53a30d941da402857e0ee8cdb2011b69.yaml |  4 +-
 ...2566-fe0f4f4fb6e560c8f83991dc7a6212ad.yaml |  4 +-
 ...2570-70cdf6a74f267301ff9a7a0c0a03da5b.yaml |  4 +-
 ...2826-068331b2d9acf141050172c5e67910ff.yaml |  4 +-
 ...2934-ca875a69734817c022d2b5742d18b09a.yaml |  4 +-
 ...3344-d25b2870a2ba1a71b2f08074d958c754.yaml |  4 +-
 ...3413-5164636d32af20648741053f5b9caab7.yaml |  4 +-
 ...3414-7116f21024cd4d3ec70934c93595bec9.yaml |  4 +-
 ...3478-faaf1948155c5f302388ba2e8f465a89.yaml |  4 +-
 ...3505-e18c42540e73da21df0e80ed6910311c.yaml |  4 +-
 ...3570-b24e50f88d059b7df802d8ab2740b6f0.yaml |  4 +-
 ...4205-092d91aed0440af0f2ea67a8f6a61ea3.yaml |  4 +-
 ...4216-03cfd10aef3dc88159ec608d4ac8800f.yaml |  4 +-
 ...4328-4ad519606c4e4a0ac9ad3558c99fc1da.yaml |  4 +-
 ...4364-827bc1bb21b15b99a01d332b7037ec11.yaml |  4 +-
 ...4467-d26dfd7d1dd47d6fd5993a9ac9d20c15.yaml |  4 +-
 ...4679-a7def05240ca9e7abb72b7c9c9771694.yaml |  4 +-
 ...4681-b61c46947c98daf3d7e5aee079c69c53.yaml |  4 +-
 ...4682-a4fd26323192935dbbcbf3b0527f2fd4.yaml |  4 +-
 ...4784-beee0c1304e0da531df84f8029d7259b.yaml |  4 +-
 ...4785-c94ec523ba103bad6a372ee7e463bd4f.yaml |  4 +-
 ...4786-424aba97fb32ef1aa4a45220d2d79ae0.yaml |  4 +-
 ...4787-63a6ae12fc77467bfccad91ea4a943d2.yaml |  4 +-
 ...4790-ba4f93258decf77226fa4331245d3364.yaml |  4 +-
 ...4791-6dd0e2469be8342859a9ccb068065a86.yaml |  4 +-
 ...4795-d02abc95243fe34c87855a6ca2a95d58.yaml |  4 +-
 ...4796-f255a0d01d888b1ab68c9fee4e439ae8.yaml |  4 +-
 ...4797-93b42b89f073fbc75b7062f5d47b5b66.yaml |  4 +-
 ...4798-9568a93cf21f83223317ab5745dc29b8.yaml |  4 +-
 ...4799-86d0c991bc6dd85c8051863807fe1299.yaml |  4 +-
 ...4945-00490e9d02fc53f4fe0fd6d4af30aaaa.yaml |  4 +-
 ...4948-3385cb8b008c9eac317535d656ebf7b2.yaml |  4 +-
 ...4949-71e8880d940289fc5d83f840f7f72d23.yaml |  4 +-
 ...4950-18d01dbad64386da194504c3f5ffe26e.yaml |  4 +-
 ...5109-15adc07dcc170bd663dc3c1e94fa94e1.yaml |  4 +-
 ...5110-0ed606409f522ba3351ac7659014c32c.yaml |  4 +-
 ...5112-9024f709636fd6877d65d2f3b4c1635e.yaml |  4 +-
 ...5113-3b5f66bc28ba8ff54368e43564c0ea04.yaml |  4 +-
 ...5114-5fa24ba82d6b7dec5ee5fc8a5b73d9f8.yaml |  4 +-
 ...5115-55f3de8c0899443e80983275ca038b9f.yaml |  4 +-
 ...5116-58ad5ca81c9faa1c9bf4e8d6a87f5f2f.yaml |  4 +-
 ...5238-b4c6a4aeabe2851a3af8facd90e9e06e.yaml |  4 +-
 ...5317-d69efeae16b0ba8318e8a9d732208aec.yaml |  4 +-
 ...5323-05dc7f00a65d6d066b60c74e22d18787.yaml |  4 +-
 ...5324-c5d0a251b677b3b951be5050c3700b32.yaml |  4 +-
 ...5327-342fee676d86d87109d08378d8dcd0b0.yaml |  4 +-
 ...5328-af8e3b1753f58bd7e46c4cccec8f000f.yaml |  4 +-
 ...5329-5bda221acefc04e8d84a3c6e2be5c30e.yaml |  4 +-
 ...5643-01d841cc481bc716c0f7b858b4f11c39.yaml |  4 +-
 ...5645-379056d331237206cad69e45d8d3007e.yaml |  4 +-
 ...5647-01e6da1e967018241a8f36efe6fd50ba.yaml |  4 +-
 ...5649-243ee6cead272cdb6dc2ad831bc4986e.yaml |  4 +-
 ...5660-7700c6b035beec7a0abef5d3cdd6b1cf.yaml |  4 +-
 ...5713-b87197a613662b55350c2f2781a87102.yaml |  4 +-
 ...5769-8f10a7f44536cd7d542d4c451e6c6b46.yaml |  4 +-
 ...5770-35ff0530e249316fdf7a2ba6a6ea24d8.yaml |  4 +-
 ...5777-65fb11931177bab0fee70a7467cb7286.yaml |  4 +-
 ...5778-9404e968e946456749ff0111b0225ba5.yaml |  4 +-
 ...5779-a977aa9a4c9e6ea956efab1274f3c128.yaml |  4 +-
 ...5781-281277016a09cf7dcda0f71c2e15f07f.yaml |  4 +-
 ...5817-19a8a46d3531a17a737d3cfe8d4f708e.yaml |  4 +-
 ...5827-697b3f7f41c78660c9aef82a5b73a231.yaml |  4 +-
 ...5828-a5333a81df962bfc4dc1ef98d3ece12b.yaml |  4 +-
 ...5830-1189677e87fccd5ba86b3b7c8e3828fd.yaml |  4 +-
 ...5831-95fcd32657de195d1ff10c3dd6c72f1b.yaml |  4 +-
 ...5832-354f6d128f8dd6bd63a76dae47bd8628.yaml |  4 +-
 ...5834-52ad3a4045cbc52c94981ea4e45a3cca.yaml |  4 +-
 ...5835-1fb46247dc51fca766c3b6cc15fb0753.yaml |  4 +-
 ...5836-1e6683ba97d940c27fa31053738ff471.yaml |  4 +-
 ...5837-3d333cad26fc8b3d5422c9b862bc540d.yaml |  4 +-
 ...5840-d27b9b5016915435f37e3d3e6a022f76.yaml |  4 +-
 ...5841-9534faef8d85288ee99452de6c7c430a.yaml |  4 +-
 ...5842-40be5fedd5539e32999075c425fecfed.yaml |  4 +-
 ...5864-d4f39f41edde6809c1e3f1995c35c774.yaml |  4 +-
 ...5865-49ba2e496df198082592a83af2dd4d61.yaml |  4 +-
 ...5866-11611891705bb620b2fbc93feb153c11.yaml |  4 +-
 ...5868-5c818a45f2a9dcd466f195a8752dd840.yaml |  4 +-
 ...5869-b9eb31c713b27c04fd47230e22de33c0.yaml |  4 +-
 ...5870-67f647f4edf0dc956943ef2a579b4258.yaml |  4 +-
 ...5872-9e304c0c2d27a9a5e4112a85cbe97828.yaml |  4 +-
 ...5873-7bf1226ebc8c449ae85cc65e327ee63d.yaml |  4 +-
 ...5889-7381977dcbbf38890f97270b77e9814a.yaml |  4 +-
 ...5896-164e2c0c315709a0cb3bf1d13c08e3b1.yaml |  4 +-
 ...6117-1cfd262b55edc365cf2f57c5e6d1da2e.yaml |  4 +-
 ...6118-4ee123ab64de9526a768d6e54f2c4b2d.yaml |  4 +-
 ...6217-46c3b494b5cc3ea133b4b6c9ec9dce06.yaml |  4 +-
 ...6222-77ce3568929dc53b56e0c4f8840c178b.yaml |  4 +-
 ...6223-85dfbc95d4932a9f83bfee5a6b2585d0.yaml |  4 +-
 ...6251-e1335c6f9c71ba603c44dff8a99e9a32.yaml | 14 ++---
 ...6289-c3c6968289de386f0f53996017935a1d.yaml |  4 +-
 ...6332-fee563db4bd1e05c4270644fa9c809a1.yaml |  4 +-
 ...6520-d9419931966f7a4ced3c49a3cc9a6932.yaml |  4 +-
 ...6522-0598f02cdb42ad5878825a4305d0cd60.yaml |  4 +-
 ...6523-9691566897b1cf3f102fa4ca66fa2b90.yaml |  4 +-
 ...6524-192f3751511f8b242f0945f1aac116aa.yaml |  4 +-
 ...6525-d4f973711f83e484b1ab150d8a07fcda.yaml |  4 +-
 ...6780-628434356b9e4de217bb4ae54139a78f.yaml |  4 +-
 ...6781-ff109dde1d54495dd369e80dd2dbfb9f.yaml |  4 +-
 ...6931-9153236cbe43b83fd86d1f43d04bc623.yaml |  4 +-
 ...7070-2fc40f0eebe24b9548355cb63270c890.yaml |  4 +-
 ...7071-1ed96ac73f1ecde8fe792ec7cdde085c.yaml |  4 +-
 ...7213-01553cdc4d088a5ffa18c2b6b9ad5640.yaml |  4 +-
 ...7229-8395989e9f463aede02be6293faac97f.yaml |  4 +-
 ...7230-95f9bc03677a083bf89832ea0c794033.yaml | 16 ++---
 ...7231-161c93480bad1a6fddf7935d08286cca.yaml | 16 ++---
 ...7233-91fd3dac9c4d5ede970602c4fc325980.yaml |  4 +-
 ...7236-2d2ac3176c43972722599e2c20bf65f9.yaml |  4 +-
 ...7237-97d25b3e88007081f13d8a53fc8698cf.yaml |  4 +-
 ...7239-5c3c1a4d657c9a945c9b03f1e7ed6d15.yaml |  4 +-
 ...7384-6786cc650f667a015a2cad75459e0a89.yaml |  4 +-
 ...7385-61c977fb1adb33ac70d098207834a351.yaml |  4 +-
 ...7386-5cb88706cc3e4d4bdffd38343a9f038a.yaml |  4 +-
 ...7671-f48a9fb689f8698b971abbab7d25b506.yaml |  4 +-
 ...7672-12b542c9c6e5694670c0b26901250872.yaml |  4 +-
 ...7674-7aa910c9023680190c934154781b69ae.yaml |  4 +-
 ...8668-57f78642fa9cede94bd35b0316b99b78.yaml |  4 +-
 ...8834-f9c4b5a4e9087a30d794272cce966354.yaml |  4 +-
 ...9109-dcbc26c1e59709ba0a55cede543653d5.yaml |  4 +-
 ...9110-e5552ad191b551e3319c3d216b7466cf.yaml |  4 +-
 ...9111-c9f41d227d49a467420a82298376145f.yaml |  4 +-
 ...9112-0974ad31ae0ff4ed4780871fa5a19327.yaml |  4 +-
 ...9198-1e95de3e52134f8f88956ec119bc2d88.yaml |  4 +-
 ...9541-5ff88083e32bfbabf7c17c2a2829921d.yaml |  4 +-
 ...9542-e612ae5fb8c05a8c56c1d21cf4568559.yaml |  4 +-
 ...9915-65fec51a84e4dae8b6ac8a6f543cb922.yaml |  4 +-
 ...9979-6dc10d5c3a8a61c313df3cbcf576a1b8.yaml |  4 +-
 ...9980-3042e18a6deb29dac6c8bd45ef1b1544.yaml |  4 +-
 ...9984-f324ead36f3eeb3ed11630cd0ba7e8ed.yaml |  4 +-
 ...0041-3ea050ab19cdfec8097a097615a833a6.yaml |  4 +-
 ...0042-4975b9673fe108360602d6969c234af1.yaml |  4 +-
 ...0043-38e1681925de50501e0141995c16e341.yaml |  4 +-
 ...0141-ce8dd1af11ff660941fa17a3827331a2.yaml |  4 +-
 ...0173-6bd4ae57c5ef629c5bc1d004189d96b3.yaml |  4 +-
 ...0180-3fb1358d568dc8245a52a721b92fb318.yaml |  4 +-
 ...0181-e5141ff592bd9997e23b1aad269872cc.yaml |  4 +-
 ...0182-7acb842ebb36fed3d48b7a27908aad70.yaml |  4 +-
 ...0203-727d4fbf362548e62940ac117a3d3c3a.yaml |  4 +-
 ...0204-6f78bc0495c69824a3ef08a95ff8b518.yaml |  4 +-
 ...0209-17f6998fdf35be8a6349776a3309aedc.yaml | 14 ++---
 ...0210-f5204789b3d63c1e5dd223fef5d1ac5d.yaml | 14 ++---
 ...0211-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml | 12 ++--
 ...0212-be3f332add5d9ce678efc86e37a29e03.yaml | 12 ++--
 ...0361-6d5548494ee66c8a74f29f22d03a7935.yaml |  4 +-
 ...5141-3c68c1399fad8442e05257bec4405849.yaml |  4 +-
 ...5142-30dc0670053ac012aae9f0b808f32600.yaml | 14 ++---
 ...5143-42ff6519960f311906ae3110cd3f6c64.yaml |  4 +-
 ...5149-8f53c25a7439725994fa29007a578b4d.yaml |  4 +-
 ...5152-a3fbd1fe770668e38f708933d8dad89a.yaml | 12 ++--
 ...5920-8ab11785066028af40a069df806e2ad0.yaml |  4 +-
 ...5924-a78ee203ec03252165376f049d05071b.yaml |  4 +-
 ...5962-808251beac3177b1d028049231c161e6.yaml |  4 +-
 ...5963-4ecc6299ecfad3b8f439662203eb02a8.yaml |  4 +-
 ...5970-c52de35daf5b13bbf0e8777d574ea5fc.yaml |  4 +-
 ...5972-c1ecb14191a04d9e43d6e6f80f13e749.yaml |  4 +-
 ...5973-236e1bbcc1e74385f1fd59662dd67917.yaml |  4 +-
 ...5974-89931846724982da840bead82e16369b.yaml |  4 +-
 ...5979-7e5b3599be6904a958ea6b2b094ad05a.yaml |  4 +-
 ...5983-891ca23ffb08d94e6434e60528a16c74.yaml |  4 +-
 ...5992-6ee5c39e29212bcfe2590b9e64dd32ec.yaml |  4 +-
 ...5993-299c560ce9cc99513d88a13d89852030.yaml |  4 +-
 ...6011-597ddaaf7d3e092f9fab20618eafe4bf.yaml |  4 +-
 ...6027-fc588495329f4334ef4deb847bcc6bbe.yaml |  4 +-
 ...6029-d03a7182da2d0e0b179ec3d956910e32.yaml |  4 +-
 ...6030-64d4110e0f9003166c73a24b6fad0a3d.yaml |  4 +-
 ...6112-d6132019cfaa7b420b3260f07bd086fb.yaml |  4 +-
 ...6117-8f81c40c56a58242ce344610c4f30138.yaml |  4 +-
 ...6267-ced2dcf72a4e26ecb3f884cfc4438e2f.yaml |  4 +-
 ...6703-618ad32a66dd6a63ff6bcc4f51e7ca7b.yaml |  4 +-
 ...7299-497a0a1ea8afe0e920601e57f5c6ccaa.yaml |  4 +-
 ...7411-fe2d4839032c7d1700f5ad488d4dc88f.yaml |  4 +-
 ...7412-e1c57fbc348dfda4a7e2fa9073819ee6.yaml |  4 +-
 ...7413-0e52d08abcfaa24832dc556c46587054.yaml |  4 +-
 ...8942-b2845f73d8f9f13ca71ed2d0d53cc21a.yaml |  4 +-
 ...8943-29c63f4f8f43d522bbc3e34ee2af25b8.yaml |  4 +-
 ...9168-42f5857c1a1a9fe3bd07b32288faed9d.yaml |  4 +-
 ...9567-26f35acb3c0f14eb0fe591953d190a10.yaml |  4 +-
 ...9568-64248c162e0a07dde805cd870763a3a0.yaml |  4 +-
 ...9575-899f848126483b240dc44a4870e7bfef.yaml |  4 +-
 ...9787-21896796785dd6864271e535041a630e.yaml |  4 +-
 ...9909-a0dbcf6f52eae1325b0e855594e29c09.yaml |  4 +-
 ...9913-84da1bcb85beb132b593a5fff336db83.yaml |  4 +-
 ...0195-ac28c6a1f49fbad1719d7e09c0190565.yaml |  4 +-
 ...0257-69db74f4852004f23d22f9fcc0555117.yaml |  4 +-
 ...0385-3833fde53c02f881d8b11d577a449782.yaml |  4 +-
 ...0568-15159729e5663620758ffbfa0eee6068.yaml |  4 +-
 ...1025-67be7dda8922a0b90c62a801231990f1.yaml |  4 +-
 ...1026-f3aa50bf420b4235c2de996ef5d37967.yaml |  4 +-
 ...1030-773aca706a31e2409dfb4bd8f1fa9e33.yaml |  4 +-
 ...1508-5b689436673a442f720046bb44c5bd16.yaml |  4 +-
 ...1510-1090bbe0593e4ecda3fb75c3e6d7bf93.yaml |  4 +-
 ...1512-74e3a5823f9cf5e58e6b984ee0054047.yaml |  4 +-
 ...1516-dd80fd1aa8e8ecdfc56af18872d295e2.yaml |  4 +-
 ...1673-a7b9bf475d14b8ef039f5657643818f1.yaml |  4 +-
 ...1727-8cd31768dc61f0033829ab9bfd911338.yaml |  4 +-
 ...1731-2e52fc4f7a8504883023eba2284cc957.yaml |  4 +-
 ...1732-c35f9ed6b93a44d06dd09e34e66b7586.yaml |  4 +-
 ...1738-84e8025814ede80f77a1696e5326822b.yaml | 12 ++--
 ...2074-0088814ed74fd156e9ee132de51ef1d2.yaml | 12 ++--
 ...2074-1ebbd9b3a9a4deb3ba553d086f3295e1.yaml |  4 +-
 ...2075-3ca2d0288841fb102eec504b49f4dc79.yaml |  4 +-
 ...2076-384cfba7d4e3422564ffd94f08c53230.yaml |  4 +-
 ...2077-6bf1979859a94fbe33542b88abb0e15d.yaml |  4 +-
 ...2104-84ddf5342f72d908358cc5325eb7e319.yaml |  4 +-
 ...2675-a32c5004dd8e3051476b1d2ace4665f9.yaml |  4 +-
 ...2696-731244d7e48d469d8250ca7d6169422e.yaml |  4 +-
 ...3126-68b5f15989ca60b284d4dce6601af76b.yaml |  4 +-
 ...3487-a08c651ad045a182d61e4a734b04e24d.yaml |  4 +-
 ...3641-8de354ee8a09f1e40abb305d774cf1ed.yaml |  4 +-
 ...3642-7df5e5754fb5a3c3ef39f58481635571.yaml |  4 +-
 ...3643-86d73827337d8244a557bb98a9e7b2f5.yaml |  4 +-
 ...3864-5f7ca58c2ad3d25f19da443baa193352.yaml |  4 +-
 ...3865-c04510d8ae6604902066b55cfed338f7.yaml |  4 +-
 ...3892-6844db7940c370d06922bd9c5958a18b.yaml |  4 +-
 ...4959-63f488767eed871fd699454a474174aa.yaml |  4 +-
 ...4962-45a46be6bf0ef23f92774359273b99be.yaml |  4 +-
 ...5020-151a3d01fba73eb2e03af896af5366b4.yaml |  4 +-
 ...5038-fbe96ae280b99abe5e90ec130aefb23d.yaml |  4 +-
 ...5364-a1ee8803b42d3b197599b6095f91fefd.yaml |  4 +-
 ...5535-e6c806cffb708ac14203b6a177746aad.yaml |  4 +-
 ...5537-eef4fef4e9f3255888f8b403eb0a1916.yaml |  4 +-
 ...0406-8f2ebff96481ee5356699783e44b68ea.yaml |  4 +-
 ...0625-3f2e88483cb032a762f3e5f925264d0f.yaml |  4 +-
 ...0626-fbfa55f46b34cda37b3af16eb142622e.yaml |  4 +-
 ...0627-57de8ad14c220bdfc73bc2840b43e6e3.yaml |  4 +-
 ...0628-97711fb53683ab26635f9b3f2754784c.yaml |  4 +-
 ...0633-c794524768b79fbeacb43dc638d96e23.yaml |  4 +-
 ...0634-b165aaaa725c1983b238dd197ed1a7e5.yaml |  4 +-
 ...3762-c2ba29e0e5ecaebf723467e306a8b7e0.yaml |  4 +-
 ...4145-846117b538ab9ba30f69a12efe0f9e57.yaml |  4 +-
 ...4315-94d04ee1ef58708b41d6145bfcae5eba.yaml |  4 +-
 ...4699-285685ddf3c4cea5af33e325a30ef210.yaml |  4 +-
 ...4948-6be16d4dc7a3396a4e2044185bf46f84.yaml |  4 +-
 ...5375-ee95b664445938e62cfbf4d8ed5ffe44.yaml |  4 +-
 ...5378-4aff32f6f1228de170ce7ff458bf1831.yaml |  4 +-
 ...5379-f904152cc56225725583f8016fc8d925.yaml |  4 +-
 ...5380-75c0e8fcf83cb7fcc7b1f70f65a50a8b.yaml |  4 +-
 ...6596-f9bf203df336a8e0915eb488a89feed1.yaml |  4 +-
 ...6672-a98e82a7c384a33ad5d0d42365168f67.yaml |  4 +-
 ...7344-16f2bcb5cfa3d079c1a300d23d7f7166.yaml |  4 +-
 ...7356-6ecc3e1b29dcd6c7c18d4d37331ca11a.yaml |  4 +-
 ...8038-8d7f0213118d2e7594c423ff47139a2f.yaml |  4 +-
 ...8649-a2161b786ba8d84bdb2a3d032cd3b972.yaml |  4 +-
 ...8650-ad1820dedb4cef27ae24befa1b1daeac.yaml |  4 +-
 ...9171-d66601db34445c53f772431589140096.yaml |  4 +-
 ...9172-303b76a4a36e60deb08e9b0d0435d79c.yaml |  4 +-
 ...9303-f9f8b8101f4a39f1a6ed5a0936c6104f.yaml |  4 +-
 ...5012-83ef28839c75055ae7537f111049194c.yaml |  4 +-
 ...5037-7961a00c8fec25ebf767309437be3781.yaml |  4 +-
 ...5135-47b41bc2712a70e4aff6fb8649c1924a.yaml |  4 +-
 ...5235-d557c696333289ec8d8f662866e89376.yaml |  4 +-
 ...5489-7f88047eb913450e01c938cb65d8b8a9.yaml |  4 +-
 ...5748-8269712f8aa3f2f54a5b3b611a3288b4.yaml |  4 +-
 ...5749-0fc41c225cd6f2ddbf5e247314d75c25.yaml |  4 +-
 ...5773-4160c9c4da480f4b3c030b1d1b582ea6.yaml |  4 +-
 ...5932-a0918f22ac918ae4fe62db47bcca205c.yaml |  4 +-
 ...5934-7d84c9a9ee6bf717c602d3a38e459b86.yaml |  4 +-
 ...5935-2239ca03e49ffeb792ff8f7c625fd4da.yaml |  4 +-
 ...5942-c41810e93c0c7c558cec6a9a4900b3a7.yaml |  4 +-
 ...5943-1c54e12a9145a5f1f1d234c85ecbc8fc.yaml |  4 +-
 ...5944-03e434d9ea9a280060b3548276610903.yaml |  4 +-
 ...5945-ec458e7be91893393a96a7bb4f01d557.yaml | 16 ++---
 ...5946-a64ce08453bed39084d8a2cea93a9117.yaml |  4 +-
 ...5950-10a6f997b77b37003eabf2a216fdeced.yaml |  4 +-
 ...6156-7e2ae7bf2efb6bc23e281ebe6c72a235.yaml |  4 +-
 ...6170-bcd9ca517989975e14b7cf4813bc0e1b.yaml |  4 +-
 ...6172-72b80dd4bc94210ab9dd3b1876e438ee.yaml |  4 +-
 ...6173-7a3eb0e4a2da32f4626463054bad7fe1.yaml |  4 +-
 ...6174-5f51f32d184bdb8a5475d2d0cf4a68e5.yaml |  4 +-
 ...6503-b0b49bce1c15ad148a5058e1154b417c.yaml |  4 +-
 ...6656-74062d3bc6524d681fbfe5faf76c4ab5.yaml |  4 +-
 ...6666-c1fc6421a52e6ac7d9b0f476667cd29a.yaml | 14 ++---
 ...6667-506d872307a475af76e6ae5402a1e474.yaml |  4 +-
 ...6669-8bb122c471113121afc3ab2c199c2c7d.yaml |  4 +-
 ...6670-ff2527cc6b81652aecd5a77ac2a8b673.yaml |  4 +-
 ...6701-28f8218d0cd81907d78e413554e9b440.yaml |  4 +-
 ...6702-c5f769a2ad53c678c35d169acd9dd76e.yaml |  4 +-
 ...6703-727d2f92da48e178eefceef10fd279f0.yaml |  4 +-
 ...6704-547ae69e23e79945ee41118869bf3151.yaml |  4 +-
 ...6707-473adc971897213907d43bcafc37522c.yaml |  4 +-
 ...6708-a746469ba08e7ad3eaafd923d2717c92.yaml | 12 ++--
 ...6709-f10892c912aef9cf076885d5c4fde1a7.yaml |  4 +-
 ...6711-51e019b787984ebb59dc9257a3fe25a4.yaml |  4 +-
 ...6717-171d068f6ec1f7c5f7f36a222d7d8329.yaml |  4 +-
 ...6721-72ccbc519dc7d87cb6145ad667cfc553.yaml | 12 ++--
 ...6722-b1162d19127bf06b82fd09bfd50f373f.yaml |  4 +-
 ...6725-728e240a198c7c451039858fc71e171c.yaml | 12 ++--
 ...6729-6009aafd4759ca9a9de1f0b928158a27.yaml |  4 +-
 ...4046-3c2c8b06162030c304a3d8608d66a5c9.yaml |  4 +-
 ...4047-bb9587c8922bec5591eb7af4043b1550.yaml |  4 +-
 ...5391-2b0533cd6930889b564dac0001232de1.yaml |  4 +-
 ...5392-74d2043a574ab69cbbb11dda595211e3.yaml |  4 +-
 ...5530-e049cf9cff2a64ed7bf022044d018fad.yaml |  4 +-
 ...5579-d6f22dc7688630789d302268152d865d.yaml |  4 +-
 ...5611-a0f089d6e873fbb7be028eaafb4cd0fc.yaml |  4 +-
 ...5642-802c4864b87b89e6df06fc16568188de.yaml |  4 +-
 ...5650-5d5eee8781ce2674b2c2c40cb2fcc273.yaml |  4 +-
 ...5651-94d6413af5bdd7c5410cee1dbb9ba3ce.yaml |  4 +-
 ...5766-44e9876427663f96d92e4c3c678955d5.yaml |  4 +-
 ...5767-880b88155b22c7b6bb28fecc96be5e0e.yaml |  4 +-
 ...5768-52ad0bdca5afebb4c884c4a9d304e243.yaml |  4 +-
 ...6010-79a6d64a3a134f3b86c4ab9063f7bbeb.yaml |  4 +-
 ...6166-6ff8db6967b717d0cf958b73dfda5c1c.yaml |  4 +-
 ...6167-843fe9a3debf8db188ba99413c342e16.yaml |  4 +-
 ...6849-8d38cd4f2bf680c2b1b244824fc691f8.yaml |  4 +-
 ...6850-6125bda092f086c6d166ad135d42c4ef.yaml |  4 +-
 ...7055-d16f5d5a117e59e23a5a604664dfe044.yaml |  4 +-
 ...7228-83141551066454cfa3570b7b645030aa.yaml |  4 +-
 ...7239-a48a527c714ec711ca739eed07091779.yaml |  4 +-
 ...8417-39bc2edd346e28405d70531e51a8164a.yaml |  4 +-
 ...8435-5d65a7992972ebe63734d1fdf7ce6dcd.yaml |  4 +-
 ...8436-f7a999ea17927c5e9ebebc775b43318c.yaml |  4 +-
 ...8498-4e01c0b287f81a38f8a747fdacd53194.yaml |  4 +-
 ...8594-0b4ef9eb693a7e87ce6cfca4623c180a.yaml |  4 +-
 ...8596-07270c625770ea55406700bd4faf8963.yaml |  4 +-
 ...8615-b4ca6e1dc02a9ba7306fb5b7361185cc.yaml |  4 +-
 ...8658-edec211af3b7dbc24681331832d822e4.yaml |  4 +-
 ...8799-bea1167e010c002491bae397468a7fde.yaml |  4 +-
 ...9003-010a08c8c856a2f4fe4e778e18ce7576.yaml |  4 +-
 ...9019-52e9c784ee926500b6a7a44692c6aef8.yaml |  4 +-
 ...9334-493dd00fbad457efffd98380feee37ad.yaml |  4 +-
 ...9335-9f00578ac1259c4fd1c8b9de9165324f.yaml |  4 +-
 ...9371-297cb3aa5bbfd9cc7b8af82349a82915.yaml |  4 +-
 ...9394-a0cf0c70320b9077a478823de4b5e05c.yaml |  4 +-
 ...9454-eab40a7edf5f2e1a98131d79813fdf48.yaml |  4 +-
 ...9455-8f8b97c7d5c0b9ba282a6dfa6a5c0131.yaml |  4 +-
 ...9456-1d190b0241a92bf4c0712f3b939e7393.yaml |  4 +-
 ...9457-750b74705bdff8d7fe8b29d226f6a7fb.yaml |  4 +-
 ...9458-4ebf8466ab7647227779ddf8d6ac3494.yaml |  4 +-
 ...9459-7ec9f64a1c57f6403dfdbff51a32f9cb.yaml |  4 +-
 ...9514-ce70b843af38d7c69c95be8ff1b26205.yaml |  4 +-
 ...0652-e5ace19f8910dfb41dd382bdef641807.yaml |  4 +-
 ...0678-9d10b05b216e9b3725f77f2e756c3bb4.yaml |  4 +-
 ...0714-5159dc207c489f95e16ee89d4e708b82.yaml |  4 +-
 ...0746-178d99b6f6579f15b7e84dce26c43816.yaml |  4 +-
 ...0779-a97999937eba2822f909f308d3c02136.yaml |  4 +-
 ...0781-388ffda3d201191cb375824a74d92ffc.yaml |  4 +-
 ...0782-b0e0ed74ea2c963635231dd123335584.yaml |  4 +-
 ...0792-20fec9c706022c27227f812437225b4b.yaml |  4 +-
 ...0831-d6eff878d5e751e7448431e370bd1e18.yaml |  4 +-
 ...0846-1aa0482b62398dab21c7b36e9908a28d.yaml |  4 +-
 ...0851-99e41ed657ab27362dc617dd94edb65f.yaml |  4 +-
 ...0865-3a746fc902e2b6559213043452550064.yaml | 10 ++--
 ...0866-d907690c5c767a972864a779d8ced723.yaml | 12 ++--
 ...0867-db2d8a1251fb5f78024e34146e92e4d0.yaml | 12 ++--
 ...3150-c05da70d5ed77ea30636d59ab804aaa2.yaml |  4 +-
 ...3174-9156a008e8a44bce922b7f9ab6484346.yaml |  4 +-
 ...3209-c7b7a15003ffbb80a100eb159e64a8bf.yaml |  4 +-
 ...3227-f8e9e8a25542e313c19a4d2c9a30bf10.yaml |  4 +-
 ...4123-2a2fe738939a9e67d5cb46ca54ca2af9.yaml |  4 +-
 ...4125-fa320a52a4bd2b6a6f52aad5ce1ea74d.yaml |  4 +-
 ...4126-cc4dabd01e1338fc09aa2ef444904587.yaml |  4 +-
 ...4127-7f32d3ac2f0177d9329a7490c025ed06.yaml |  4 +-
 ...4128-7cd66621baa98ee6c1094c3629ee5b9c.yaml |  4 +-
 ...4129-293ee203790c9494dd9271c2d0887ade.yaml |  4 +-
 ...4130-0680dcfefb929cf836c59db202cd40da.yaml |  4 +-
 ...4131-4459115a144ee37cdfb4079325938d4b.yaml |  4 +-
 ...4132-0f314421e3eb6001edc6ef983cf272a2.yaml |  4 +-
 ...4134-b14574939a93e002a63be522534dc429.yaml |  4 +-
 ...4135-b3f06bebea4c15ec9085029db00fb9fa.yaml |  4 +-
 ...4136-f08697abe75fa6ac28d5ec1f1d0bb149.yaml |  4 +-
 ...4137-73117910b29a1c368fce71745504290c.yaml |  4 +-
 ...4138-f5d87ece59db37936b3fb9bdb05376cd.yaml |  4 +-
 ...4140-492664286a6eb9d8fced88f47715604a.yaml |  4 +-
 ...4142-60796296d5bd5b2c076a796a73e81fc7.yaml |  4 +-
 ...4143-3129a6f1429e82e60a76e088cdf26794.yaml |  4 +-
 ...4145-07fde43240c3cfe047c463512be535e6.yaml |  4 +-
 ...4147-c1b0a376f2ef6bdd72b49e73751ed117.yaml |  4 +-
 ...4149-4dd145dc4bcaa7b143713cd5ced149a0.yaml |  4 +-
 ...4151-1184e292a35a8344c32cddb99a8fcb99.yaml |  4 +-
 ...4153-5e0b93fe3a022a24343b38fe5a2f7283.yaml |  4 +-
 ...4154-2dfa0b8f134cf415442ecf4c309e85d2.yaml |  4 +-
 ...4155-892437eb68b329dd17b3be2557272f56.yaml |  4 +-
 ...4156-ef09ee87048a20a553f4804a48eb6952.yaml |  4 +-
 ...4157-79fb0bcc374a70f9a1181c9553d664f5.yaml |  4 +-
 ...4158-175f5f197d39e1751001f35acbaf01df.yaml |  4 +-
 ...4159-a1fcf6f91e16b2992432e60b1b4c9234.yaml |  4 +-
 ...4160-dfaadc66129d4ea285875cfb5037ccde.yaml |  4 +-
 ...4161-7361a0798b6e7d91e3483a810ae46200.yaml |  4 +-
 ...4162-35d0076e41c66587aa55b1dff00355a9.yaml |  4 +-
 ...4163-d52a1b2d96a87813163020667b1d0ea9.yaml |  4 +-
 ...4164-c1844c535b6764f33ccae986eaa4a431.yaml |  4 +-
 ...4168-7ddd7913775f2842bdb03b5dd83ed7fe.yaml |  4 +-
 ...4173-a4378f0df660425c1f67e7a182915736.yaml |  4 +-
 ...4174-e75e8a53a3e5f421e8dff4ebc1472f1b.yaml |  4 +-
 ...4176-df91ebe73a45ac966511f7792447be75.yaml |  4 +-
 ...4178-167e61af371a8f35ae376105d3215900.yaml |  4 +-
 ...4179-f1a649593702eb632f6f553b9ae25e5a.yaml |  4 +-
 ...4181-982f78919d6ffdbae69689e67e460d30.yaml |  4 +-
 ...4182-d8208bd4e60d421585f9ef9118f52dc1.yaml |  4 +-
 ...4183-0f7d324b49374ff1264595834ad272cb.yaml |  4 +-
 ...4185-b9268ddd3338fe184d978d9f6b4b6b66.yaml |  4 +-
 ...4186-1a3c55b78621c5a0f1132cb6e90ef267.yaml |  4 +-
 ...4199-46151945d00d6bf25de490ff58da7c2c.yaml |  4 +-
 ...4200-19cf3f1ecae01908df4ff2c886d4fa04.yaml |  4 +-
 ...4201-98c8e6a6d80acb851afcee0bde588eea.yaml |  4 +-
 ...4202-5721e5b5b859df336ecc013b38726f93.yaml |  4 +-
 ...4203-5e6768e991caa45e72cc5f93d69cc8a5.yaml |  4 +-
 ...4204-2f027571e136822dc3132e7a5b6f47eb.yaml |  4 +-
 ...4205-88f2e8b62006d8f70eead27b7d5c23f7.yaml |  4 +-
 ...4206-95ed8c023906e2f70f01592d99282d0b.yaml |  4 +-
 ...4209-fce354233cc8042e718d5365b3a58e08.yaml |  4 +-
 ...4211-c52e6603b19e1ddbfb9c023a9a70f51b.yaml |  4 +-
 ...4216-e4cd9a4bbacdbb2aa88bdc0cb49786e1.yaml |  4 +-
 ...4219-bceae5f53d1ac07f2efbd28988c0d5d9.yaml | 12 ++--
 ...4220-09bb804f266b350634cb031ea62ca641.yaml | 10 ++--
 ...4221-9fbb2aba0f1c281c62bcad50b683f582.yaml |  4 +-
 ...4224-1cdb0a1c4888e43e483d5ba8e84b6d9c.yaml |  4 +-
 ...4228-d2e2b4003ef24e75b8d453ad2f0582ba.yaml |  4 +-
 ...4229-1e16eec4b6ae009a904a8e7f17b7b28d.yaml |  4 +-
 ...4230-1d56115c5756336039596f3db2afcf11.yaml |  4 +-
 ...4231-3ea0fac767d2ae2ce8f2f4784f535988.yaml |  4 +-
 ...4238-d1bbc50d843df9b465aead854697cdc8.yaml |  4 +-
 ...4242-78ff72d9346255abccb5396c4cac06cb.yaml |  4 +-
 ...4243-3ff23277c9ba98ae052e3b9f7bce2ce5.yaml |  4 +-
 ...4246-295565d6c00c49b75df12a1f75ae3147.yaml | 18 +++---
 ...4247-8399de040479bedb6b313106c99e1459.yaml |  4 +-
 ...4248-70e9f9d703b7871b412f99e0b65bc826.yaml |  4 +-
 ...4249-3640b3daf83d6cd1e2aa52d4c7a270ac.yaml |  4 +-
 ...4250-3950561f5b69ad2aadeaa54bf293ca85.yaml |  4 +-
 ...4252-47d3ad7250426f9e950984c71ba1d1f7.yaml |  4 +-
 ...4253-f47e6eae64c804173012f23d96ac47f1.yaml |  4 +-
 ...4254-c719c1fa9d94cb4a4d6e24f4ded47412.yaml |  4 +-
 ...4255-73185f41beb88e54f54a80787c1d789a.yaml |  4 +-
 ...4256-76b99567dc5d8693687703220a992b79.yaml |  4 +-
 ...4257-ca0593eecf48a43d195a057ed533a1b4.yaml |  4 +-
 ...4258-b5aa1e2113ade8542174b19f6a7b50fe.yaml |  4 +-
 ...4259-f95a6103756f27e103bcf366ca12c670.yaml |  4 +-
 ...4260-f08da3e42125c87db99ab45bab5c3734.yaml |  4 +-
 ...4261-70fc895faebcf1fe7c1137deedd632a4.yaml |  4 +-
 ...4262-bd64f1f16c4920e8819a833f00007e5e.yaml |  4 +-
 ...4263-e94aceaf63920aa3eb4b9932eb00b35a.yaml |  4 +-
 ...4264-257c0e2f02ca2973a1b0fbc7bb05b9d9.yaml |  4 +-
 ...4265-b6405ae9eaca03d55059021293cdb417.yaml |  4 +-
 ...4266-3835c81a3b054f8f577b5a29958ca111.yaml |  4 +-
 ...4267-85a1c6e007a9a1b0879129219d595f5f.yaml |  4 +-
 ...4268-c3fb6f2c99d4c5f13096c4775a849201.yaml |  4 +-
 ...4269-85fafc88eba7f097874b28a387304352.yaml |  4 +-
 ...4270-9e56ce0a564cde270ffad1e5997baa50.yaml |  4 +-
 ...4271-b3de31ba898622222026a1275ef3dc05.yaml |  4 +-
 ...4273-dddec61512fe66c6bc2775d423f59680.yaml |  4 +-
 ...4277-509b534cfaeb00eddb901be35d0a9812.yaml |  4 +-
 ...4279-981460190387e68d2f348e5da885ce72.yaml |  4 +-
 ...4280-0446faf7e8a09fe554612052c4885eba.yaml |  4 +-
 ...4281-7cb2e46e237585083f0f410d32da724a.yaml |  4 +-
 ...4289-e2053d18b4d79ba0e416f265a7be2f35.yaml |  4 +-
 ...4290-41bea91ce3336d6adb86e1ea410b9aef.yaml |  4 +-
 ...4292-bc1bf66d22152db23406f67a4e5cfee9.yaml | 14 ++---
 ...4294-295363837d1454c8802423d79b02460d.yaml |  4 +-
 ...4295-212daaad6857839ca091cc2dcc90e7c8.yaml |  4 +-
 ...4296-6ed86de0b04577fc056eab4066eb09a3.yaml |  4 +-
 ...4301-106707c65ee1208d448d3a7f0350d84b.yaml |  4 +-
 ...4302-dc95c582cdcd23384ad1f3f9c0a3bd57.yaml |  4 +-
 ...4303-f73561aa7a756a9f3e5287e2a9bf11ee.yaml |  4 +-
 ...4305-798f3fd97aa989f25f329926174d2a78.yaml |  4 +-
 ...4307-9c814d5a9ddaae393720aa3fbf301f85.yaml |  4 +-
 ...4308-93461439abae08e1620c6e9fa8825bb9.yaml |  4 +-
 ...4309-a7639c71f3241814b9c95f17c5919356.yaml |  4 +-
 ...4310-c4eb24a39e4ca07448358eb29c4b844d.yaml |  4 +-
 ...4311-937a14986e699492c9c7f6e0e211e4a4.yaml |  4 +-
 ...4312-0a730b29011862fa99f3ba28ddcb0a8c.yaml |  4 +-
 ...4313-93817db5fd5a790f9a8413665f75bc03.yaml |  4 +-
 ...4315-5b936937c8c0c4c278a2b778b73bea89.yaml |  4 +-
 ...4317-328e4f3efad73259f1eb9967e17030cd.yaml |  4 +-
 ...4319-84b15db6be01953ae7e773bc858c3601.yaml |  4 +-
 ...4322-067d3779b4dc783cbbb0a5aaab128700.yaml |  4 +-
 ...4323-dd9c5510a5d40b29d6b46c88b274a46a.yaml |  4 +-
 ...4324-ab1f48347ef68d08de8af611ca6f7153.yaml |  4 +-
 ...4327-82c66bd49c9670a47844ee08f2e1dfec.yaml |  4 +-
 ...4328-d5419bc1feddd2eafb9324b9b87684d7.yaml |  4 +-
 ...4329-578845e46f5e10ee10237d1397f1fce9.yaml |  4 +-
 ...4330-9051aa7c81fdec9135cd53a28b43a964.yaml |  4 +-
 ...4331-ed5e303cb61bf4126d5ebc5c9cfb7c58.yaml |  4 +-
 ...4332-a168ad5542ffc3cded569dbf621954d3.yaml |  4 +-
 ...4334-4c925e8fe2ce8185ac5a57769f1ea714.yaml |  4 +-
 ...4336-019716f1cdfed62fc1f8666dedb59747.yaml |  4 +-
 ...4337-a38e11881f3b1727628c06798dde0846.yaml |  4 +-
 ...4338-ff2c0144dd3f14c012ac895bb24d6c4c.yaml |  4 +-
 ...4339-ba3ebdc8660c704b12fdc576b67a35b8.yaml |  4 +-
 ...4340-cf0e8508a150a92dcb38be8ebc42b5eb.yaml |  4 +-
 ...4341-cfbef53d87854aaa058c431289304e79.yaml |  4 +-
 ...4343-8961ac80ff2f49ea02524bf55be03a91.yaml |  4 +-
 ...4344-8a961b077a643c6dcf8e7dd2b515541b.yaml |  4 +-
 ...4345-85ac26fe1ed37dc881dfc2a5252c3fa6.yaml |  4 +-
 ...4347-f424267505cbcf902cf4e60fa01acaf4.yaml |  4 +-
 ...4348-5f3c1d80f50fc6780cc9be3d160231a8.yaml |  4 +-
 ...4354-da9748807dbda454b45fa581681ad9a2.yaml |  4 +-
 ...4355-f2f204b71c27258d8bc3636a9cf0d080.yaml |  4 +-
 ...4356-92f8dddef0caee0f45322f38c33da40e.yaml |  4 +-
 ...4357-84b774dce1ed446fe61865bc9717d231.yaml |  4 +-
 ...4360-d1fe830178bd836f853d2f1e8ea1327c.yaml |  4 +-
 ...4362-d029a01fd5b93450433108c7576996d9.yaml |  4 +-
 ...4365-9a1ea12529e15f0a017ce8f0e47401f6.yaml | 14 ++---
 ...4366-2cf825b0502a2430e12833bc820c6234.yaml | 14 ++---
 ...4367-416feeed72e481e9c6ade025bb1108e9.yaml |  4 +-
 ...4369-7c4b664dcbab81960496a17b3a66e44c.yaml |  4 +-
 ...4377-967efd081266df53c7d5c10295955cd0.yaml |  4 +-
 ...4378-9b6d789ab9054bec8f3668e533e7af06.yaml |  4 +-
 ...4381-b156b450e510844126aa5b98c430cad1.yaml |  4 +-
 ...4382-39ab4c2294aa56f29beb5a701f23e19b.yaml |  4 +-
 ...4383-363421e443d86bf6a03f6199bd5c6045.yaml |  4 +-
 ...4386-d123d567f469bf81fa1efe0cec4fc6a4.yaml |  4 +-
 ...4390-32ce162d5a195b7dc3b119d3f49907dd.yaml |  4 +-
 ...4391-652b592a23d9d8ef3233d28a405d4909.yaml |  4 +-
 ...4392-3e4694078ceef16f755ef9eb324edfcb.yaml |  4 +-
 ...4393-8912ce3f5c5896ec3ae73a9aecfa4081.yaml |  4 +-
 ...4394-6fbfd79bf661b65b2359132741b885f3.yaml |  4 +-
 ...4395-d936ad16c92f96a8d361e8354b08642f.yaml |  4 +-
 ...4396-3c35d6ca8d97eaaa9d359ed4e523fe3c.yaml |  4 +-
 ...4397-f8764dadc75611aef7a1572c7ab006f8.yaml |  4 +-
 ...4398-6368f485fdfbfa4bcc6e9fc96c77a440.yaml |  4 +-
 ...4399-ca1b64ffb0ccae02fca2d23bb2d6ec12.yaml |  4 +-
 ...4400-426286a65b9c6cb22be8026fc66ac3eb.yaml |  4 +-
 ...4401-4e4e50f7a420b0e140281c805ef6a928.yaml |  4 +-
 ...4402-f4d44f135652b4f97e23ce29c089eca6.yaml |  4 +-
 ...4403-7d9cfe7c7d057a8bbf5fcb3c72a54c2b.yaml |  4 +-
 ...4404-4e8e6308af14cc738d0cb86b4562e1c4.yaml |  4 +-
 ...4405-217c5fbd6c523ea432120eff4f82682f.yaml |  4 +-
 ...4408-8edd86c32f445ba8a5cfcf66f80c6f54.yaml |  4 +-
 ...4410-10fa074ce14cd8aff4840b1abbaf6c83.yaml |  4 +-
 ...4412-8c8ea74da9222b97df27e5eb58a8262e.yaml |  4 +-
 ...4413-376e635d9c344dbb946b8ae2b1699cff.yaml |  4 +-
 ...4414-3976419442f6726cc8fee397bc7f22ee.yaml |  4 +-
 ...4415-62d375a0ef3c9366ba6ad68911a5c603.yaml |  4 +-
 ...4416-fe66522b1a62142749b36d39c6b2760b.yaml |  4 +-
 ...4418-c1380d1b7ef910c0603f14abaf611a7b.yaml |  4 +-
 ...4420-9285c0881d2d0d11de4e3b3a24768c84.yaml |  4 +-
 ...4421-b6b5ac51737dc25240c45d0d6e3809e0.yaml |  4 +-
 ...4423-f1749872ec46f0f647fe9218c75359fd.yaml |  4 +-
 ...4424-dc229c244bcfffc7d06d63944e8371c4.yaml |  4 +-
 ...4425-49cfc8c3d99725c4ecb38a0e0b05420f.yaml |  4 +-
 ...4427-6cc6a3d6d739a61d420343f25551dbad.yaml |  4 +-
 ...4428-6c5c77255a84fb41b6fdd26d0fd10783.yaml |  4 +-
 ...4429-826b0e6fc8bdc77439da0a867a102476.yaml |  4 +-
 ...4430-076ba2e4af7ca8a46ce67983592fc4f6.yaml |  4 +-
 ...4433-dad17a0f7cc6bf4dce65968822857b48.yaml |  4 +-
 ...4435-480067fff73f218a897f527d009097f5.yaml | 10 ++--
 ...4439-e8da5022574661b62f1a47c50584d384.yaml |  4 +-
 ...4440-df5624fcfc60e06a94f15a6af052be53.yaml |  4 +-
 ...4441-56fc7e10ac8b22881c3f0ca008407e33.yaml |  4 +-
 ...4443-8b9fbd031d6f59226821b7faa24713d4.yaml |  4 +-
 ...4444-9af4513a0f46be16e18750162e487d0e.yaml |  4 +-
 ...4445-e422a5cf5dae135dafe01672b0f3ffbc.yaml |  4 +-
 ...4447-fdc1c524e165c5f1685c267f450ebcb9.yaml |  4 +-
 ...4448-5015ecbd471db4975c3b73948587d93d.yaml |  4 +-
 ...4450-7433993cea900124b0f7230cf232b44d.yaml |  4 +-
 ...4451-b68fe278807d5bbe8b9f9515e0348d4e.yaml |  4 +-
 ...4452-3b7846f9454db2dd18a15d1689f18426.yaml |  4 +-
 ...4453-7df4ba3c146c5caf3d402ff70333f208.yaml |  4 +-
 ...4454-cb10630ddc7da513be3fbc863f316ce2.yaml |  4 +-
 ...4455-805b776aa99780dfe83d45b24c67ce87.yaml |  4 +-
 ...4456-a72cf1044ce793e721c265e19c02178a.yaml |  4 +-
 ...4457-d3ba4c3e62ed9f2cd7ab1df9d9c7321d.yaml |  4 +-
 ...4458-8198c675532e8f307d66f6e19540bf63.yaml |  4 +-
 ...4459-72fdd3a89359bcd594b4d65638469ed8.yaml |  4 +-
 ...4460-c5dca15da955e97b5160cc77880cc971.yaml |  4 +-
 ...4461-050ac633edcdd8103878bb1a391274ca.yaml |  4 +-
 ...4462-2e53d704a68a2528570d9bc04622f7a7.yaml |  4 +-
 ...4463-46069454c6ba944e642bfecf69aa0fc3.yaml |  4 +-
 ...4464-2b8463e6867dce79ddd40af4dd9780fd.yaml |  4 +-
 ...4465-db3802f450d9e0fa899a4b52caf267f5.yaml |  4 +-
 ...4466-6172c422eaf36f3edbfde89320e25329.yaml |  4 +-
 ...4468-e97645e174e90e9260a0b981384daa6e.yaml |  4 +-
 ...4470-57f13a889e0cffca9cc00946f63d375b.yaml |  4 +-
 ...4471-315a019742ffab737ef11e333f6ddf51.yaml |  4 +-
 ...4472-3a52346bbe93c0a607f0387208360f6f.yaml | 16 ++---
 ...4473-28ec3275d51e7b8c31fce132b1bffc74.yaml |  4 +-
 ...4476-ba89c7968306258a1d45a93c7b938ec5.yaml |  4 +-
 ...4478-0e3f0bd6a580d466d037adb8757f5f4f.yaml |  4 +-
 ...4479-ae76e34d6e644abc4667be59d0e2e0dc.yaml |  4 +-
 ...4480-895b9710054cceeb59eef3658e032c99.yaml |  4 +-
 ...4481-3bc0607c56016206aa45fc2de8e660d1.yaml |  4 +-
 ...4482-83b73a058cb79d602447680b268132d1.yaml |  4 +-
 ...4483-18f92d3237c36d8e0be4fe5c61fd453f.yaml |  4 +-
 ...4484-40c9df59c7e3df119c2dd5f1035b5b7e.yaml |  4 +-
 ...4485-1e506d7d0a79883a044afbbb48ac382a.yaml |  4 +-
 ...4486-84af63ce54f1aff066c5cbc0224ece1e.yaml |  4 +-
 ...4489-d660fb4211ca4d5aa389748791b62abb.yaml |  4 +-
 ...4490-20b7ddc5d1ffcbeda215596162f60f8b.yaml |  4 +-
 ...4491-beab7dee3648c51c868a41f9c4244298.yaml |  4 +-
 ...4492-87c27569f8277885aabdf5403aebae34.yaml |  4 +-
 ...4494-e6c4489ab4760cc2610080b31e1c8d78.yaml |  4 +-
 ...4497-26c15735f9b04a66bec91df3a0d7b981.yaml |  4 +-
 ...4500-c1a5d94e24ff3bf97db23d2e01bc94ca.yaml |  4 +-
 ...4502-cf16a38393f700cdb2be76a3ca5de2f2.yaml |  4 +-
 ...4503-77fadf9a7971f3244b33864c9a81256e.yaml |  4 +-
 ...4504-ad546711ae594c4c52f6942c35b5d00b.yaml |  4 +-
 ...4505-12ca01b6bd94ae75bcfa758e16b20678.yaml |  4 +-
 ...4506-4fef6f3c1b2c07adc38d4a7abbb8304a.yaml |  4 +-
 ...4508-4c7bbe6117155e4a798748fa2ed8fb9c.yaml |  4 +-
 ...4509-d058005189aafe6324b373d8ff03e3df.yaml |  4 +-
 ...4511-4e655e8637363048266492f0b32a6610.yaml |  4 +-
 ...4512-5db7f2428ab16ac575d716a8cfad3c32.yaml |  4 +-
 ...4513-2d5c4c1875b8b7afff532ee362cb19b6.yaml |  4 +-
 ...4514-4c347b72fa44728662f7bf8d25a3a220.yaml |  4 +-
 ...4515-9226076d86703169a8ae6d270bd5adc3.yaml |  4 +-
 ...4516-b3f5b694f8149f7215285f5a07a42c03.yaml |  4 +-
 ...4517-aaa45d66679ac35ae0d003ff8a8e5f48.yaml |  4 +-
 ...4518-994b2a0046a121a24de62a7ef6f747b0.yaml |  4 +-
 ...4519-8e0a508178120443600d129a2e7dbdba.yaml |  4 +-
 ...4520-3f8c7e452acf0c92c2be04758743dd87.yaml |  4 +-
 ...4521-fe8e75c60168f65685f1418c9d95c3e6.yaml |  4 +-
 ...4523-1924e010841990f8a5472d7ce0d4475a.yaml |  4 +-
 ...4524-b9cdb37818419e5c667c4243ff011f5d.yaml |  4 +-
 ...4525-49026b84d0c7a958dfce935cb3d41d0b.yaml |  4 +-
 ...4526-2420cc8c52f0171d8c5b49b0e53cd69a.yaml |  4 +-
 ...4528-e7db547069bdcddc296155dd435cd330.yaml |  4 +-
 ...4529-be71c57d44785349cf4b236716cff6b0.yaml |  4 +-
 ...4530-7358f712002614260dfd68c7ec8f6f4a.yaml |  4 +-
 ...4531-8a3943e3e4b63a520dbb0168b24f856a.yaml |  4 +-
 ...4533-488c9d125819772b803e742156124a9a.yaml |  4 +-
 ...4534-86d1730d65ed535523c7e0c21cf9f29e.yaml |  4 +-
 ...4535-4241318cd929615a02a622c5e7416212.yaml |  4 +-
 ...4538-538fbd9fdeb83d5c5aab2ed683914a16.yaml |  4 +-
 ...4539-c725a8bb61c1af435931beba79cf59e0.yaml |  4 +-
 ...4540-da919374ddf5731e45e304b65e085880.yaml |  4 +-
 ...4541-4fd129ac95b2130cc2038525d8a627da.yaml |  4 +-
 ...4543-4ce88d432edfef73000dd57a527803fa.yaml |  4 +-
 ...4544-c70486d9239c270e7b09b18c9bd29bfc.yaml |  4 +-
 ...4545-752b08f32f0cfee54f18be53421a36cb.yaml |  4 +-
 ...4546-3b363f50f63e2252e93a4eaf65f7fc9e.yaml |  4 +-
 ...4547-fe19c96913ad86b413d30430f8f6dd54.yaml |  4 +-
 ...4548-a4f62ab934de0d3b7e3d119485cf9183.yaml |  4 +-
 ...4549-66b82cf9b546b0dbf96942572438d94e.yaml |  4 +-
 ...4550-47bfe206cfaf86d87b1c99f3c44195fd.yaml |  4 +-
 ...4552-d3d0ad8926aafa9beab7b5840f982076.yaml |  4 +-
 ...4553-85e4c9b56c88bebde438fcf37c31b92a.yaml |  4 +-
 ...4554-0b2d1a45be009b6e70cf642e2a8cf8b0.yaml |  4 +-
 ...4555-93b21f556464132da5e236e1e43ab9a3.yaml |  4 +-
 ...4556-59026d3a8bc5d6798f6f8303efbe2f34.yaml |  4 +-
 ...4557-c02cfcdd0ba606abb55e36d23c78177d.yaml |  4 +-
 ...4559-1954398156051d3ad0f2e33b45b08e3a.yaml |  4 +-
 ...4561-604205ec49f025926385a1b0eaceae3d.yaml |  4 +-
 ...4563-968d2b25d7330f5b3338dbe58174f4a6.yaml |  4 +-
 ...4564-357b47caf5db9e0098a5f7a1e50f8dc7.yaml |  4 +-
 ...4565-14d0e5668206cef97d18962e8ae7b83f.yaml |  4 +-
 ...4566-ddc4061947d45933e373a65e6831e3d2.yaml |  4 +-
 ...4567-79a115d0225d5e6109d2bfb5d804fc26.yaml |  4 +-
 ...4568-6b33e64acf4e555f0136d2c33ebedb80.yaml |  4 +-
 ...4569-f08aff12bfc66296ae4f842e638dd13b.yaml |  4 +-
 ...4571-eea7979a3adae6620386ae2fd9256411.yaml |  4 +-
 ...4572-96fff1abfd750f8db5e7b15f8178a35a.yaml |  4 +-
 ...4574-cc890ca86d59bec43888764af28bac9a.yaml |  4 +-
 ...4575-f6bb81d744ef9464f6fccc27a671bc84.yaml |  4 +-
 ...4576-3253e2e7de1175aa67f3d6d5696567c5.yaml |  4 +-
 ...4577-604cc742b0731a1b0e3b91222daa2367.yaml |  4 +-
 ...4580-58b47ebea36b65f50bab513dec8fd081.yaml |  4 +-
 ...4581-2eb580b3f81928dc01b4da13b3317526.yaml |  4 +-
 ...4582-eae5f7c2210c1cdf959e29a045115865.yaml |  4 +-
 ...4586-178341479b86e6771bea046e08788d1c.yaml |  4 +-
 ...4587-ab94523f6e880edfade4cc9deca8c597.yaml |  4 +-
 ...4588-d6a49c02628ddcb69bd8644362723660.yaml |  4 +-
 ...4590-0f75bb052c76ac287df6a3cedb6cbaf7.yaml |  4 +-
 ...4591-bfb136ecd8a5fcaea8f121127bb1d532.yaml |  4 +-
 ...4592-9903b310d82da078ab37bcb7e6aa7858.yaml |  4 +-
 ...4593-b0f7eacb55c0790170a8a4009593c548.yaml |  4 +-
 ...4594-b8c86f67e83059075ac727a634aa1bcf.yaml |  4 +-
 ...4596-0b4cf00934e898c124e66c8a24ee9c38.yaml |  4 +-
 ...4597-43a1e8131c5398f64ddb0148cb86b0fc.yaml |  4 +-
 ...4598-cc8d3237ec9d31d7a17e75a3773f4b59.yaml |  4 +-
 ...4600-0b351fbbceddd3af3b8762c10e45e612.yaml |  4 +-
 ...4601-88bd79040ab3368b09f14c252d140de8.yaml |  4 +-
 ...4603-1d382a2cbfe1692803bdc9f5974b02e1.yaml |  4 +-
 ...4604-1fa01304932da158500562eabc5ce5d0.yaml |  4 +-
 ...4606-3850f9fd40f943ca2e9ea3445b1f1e23.yaml |  4 +-
 ...4607-dcf3d519c235997890c41f1336f203e6.yaml |  4 +-
 ...4608-08ccf69c17927ada744879c1923c390b.yaml |  4 +-
 ...4609-85d2798dcbad09cd3df8222f6cc3a39d.yaml |  4 +-
 ...4610-1bcc8deaed7a36dfed3699cc2606446d.yaml |  4 +-
 ...4611-ff335b153bdda68f2c4ef086e30eeef7.yaml |  4 +-
 ...4612-4c5051d5f52547e43ba1e2683a220c8c.yaml |  4 +-
 ...4613-71955a966b82cf2219c81131b80c408e.yaml |  4 +-
 ...4614-edbb23e6d1dd3c6d3b98a72a827de16d.yaml |  4 +-
 ...4615-bcff2870cae12c5758ea4c72282891f6.yaml |  4 +-
 ...4616-ae230608473cfc56a303443ba2385f1d.yaml |  4 +-
 ...4618-737595c2ea3449d9afc6f182f87c2e0c.yaml |  4 +-
 ...4619-186c3d28d4f62e262c488a190cb41115.yaml |  4 +-
 ...4620-b9227c21bfafb1eba2c9f59a2176e5a7.yaml |  4 +-
 ...4621-863ed304215cd2e175d9703d88e6083d.yaml |  4 +-
 ...4622-2335d22fc63434a5bcaa426b8fe660ca.yaml |  4 +-
 ...4623-8cc533b05aae8f8735d3033cbbcc92b8.yaml |  4 +-
 ...4625-ba6ce63fd5cf470afef6a6aae7117079.yaml |  4 +-
 ...4626-6e87e05f951d4532dd6f6de3b88ad77d.yaml |  4 +-
 ...4627-7e1dd5ec2f3ce921814a97005e4bdef0.yaml |  4 +-
 ...4628-14d5ec39f3f717cd0febca936a2aa6ce.yaml |  4 +-
 ...4629-c5997f1fef9873598e392fd29a23db70.yaml |  4 +-
 ...4630-13e0cdd00039aa83908edb26fc9e840c.yaml |  4 +-
 ...4631-87cd3b8d44051ebe8fa42c56e4d1cbb3.yaml |  4 +-
 ...4633-c70d49119f4b9f186615bc657f763711.yaml |  4 +-
 ...4634-6fb42790ec406c67546f572fbaa70d56.yaml |  4 +-
 ...4636-6bab7e18a95398e2980bac2c1ae0a9ae.yaml |  4 +-
 ...4637-97a8bbca52a057b5fde67edd446b89ce.yaml |  4 +-
 ...4640-6a7d0f10989c55df0c2d186c1333c6d5.yaml |  4 +-
 ...4641-fe4c9ec6c5f12eda6f85dea0f4ee153f.yaml |  4 +-
 ...4642-62e4e20027880ffdd76d60900f6cc1c9.yaml |  4 +-
 ...4643-5b50465ae2f78659823d6ff4bd2ffc8a.yaml |  4 +-
 ...4644-a060d1379e872ddbb3c1744a92296936.yaml |  4 +-
 ...4645-97d71a5a3da44a42d764845b5a062c1f.yaml |  4 +-
 ...4646-792631ba5cdfc566598ea26dfe895270.yaml |  4 +-
 ...4647-555fd231d361b91b6b7b333e844c48cf.yaml |  4 +-
 ...4651-c07bb721e301a0dbb891c103a2081934.yaml |  4 +-
 ...4653-13b25bc0903a03574dd9d52d17a8d7fb.yaml |  4 +-
 ...4654-5acef1bfe4bd1454c852e9b74429a91a.yaml |  4 +-
 ...4656-12ff7814319c3fed879573cad73d612b.yaml |  4 +-
 ...4657-1c092eb4ba33ccf4bb9feb95671821cb.yaml |  4 +-
 ...4658-bd06eea54f94d4f00b121a93f672de21.yaml |  4 +-
 ...4659-d5a9675642b3846bb1039f5b8393297a.yaml |  4 +-
 ...4660-d9d7cdc24ee2887d8625dc92279b0527.yaml |  4 +-
 ...4662-4860564c39627d424628b36fd20f6fbc.yaml |  4 +-
 ...4663-9d4cfba6200e394cef32d487f65ab9e2.yaml |  4 +-
 ...4664-b9006062d746b8caf6ca2e15e2892f35.yaml |  4 +-
 ...4665-f81f2c3fb0fd545df0470702817f5fe2.yaml |  4 +-
 ...4667-11813679c9659f7e86b27269316b1760.yaml |  4 +-
 ...4669-ccaa11bd28c41ea215a8627a09fdb85f.yaml |  4 +-
 ...4670-d3f53759db6cbb2a0f47408beaf6dbd0.yaml |  4 +-
 ...4671-efba52660b6ae40494c76473deb3b9d9.yaml |  4 +-
 ...4672-2eb3196d201c69c1b619f7192e23dfa3.yaml |  4 +-
 ...4673-b36315e23ade129c61fb07a902fc54b7.yaml |  4 +-
 ...4678-6bc3c65cb1ca8d7f84584a1599bace9a.yaml |  4 +-
 ...4680-f6c6555824d98b71401c19c502cb055d.yaml |  4 +-
 ...4681-d66fba0caf4197da913cda06e8bae43e.yaml |  4 +-
 ...4682-02f969afa585249fd7cbd8abedb25b46.yaml |  4 +-
 ...4683-f85537b61e94963bbc9d5c86e5b9998c.yaml |  4 +-
 ...4684-b4f2d824d6b4e83932e04d871f8fc11c.yaml |  4 +-
 ...4686-4cdd67f3f418a30581118cbbb5c2e501.yaml |  4 +-
 ...4687-075f9c166c068dd8df28c57bf8d8a51a.yaml |  4 +-
 ...4688-dc42737b07ffe9283fc25fc1965481dd.yaml |  4 +-
 ...4689-59cabb7b5299e919e0e9798126655ebf.yaml |  4 +-
 ...4690-4a26e6944326e51fbc6f1bb093dd580e.yaml |  4 +-
 ...4691-91489b941b180b4987354a4aee0df6e3.yaml |  4 +-
 ...4693-5017a561b2bec42e777a79d3e7f73798.yaml |  4 +-
 ...4694-59401ea9ce38d0433cad6f039547d860.yaml |  4 +-
 ...4696-9b6bff957c02c5adaec64684fd5bd810.yaml |  4 +-
 ...4699-91ba8b6ec0e7e434577621e62a4faeec.yaml |  4 +-
 ...4700-ee384374dcb64224451204e7db1b00fc.yaml |  4 +-
 ...4701-8979f6505c90c68150042fb786bf639e.yaml |  4 +-
 ...4702-7716b5ad1739bacc35b966f53febea57.yaml |  4 +-
 ...4704-cb748c9c9efa655b709ed263bb18ce58.yaml |  4 +-
 ...4705-3484031578b48515a252a1136c0592de.yaml |  4 +-
 ...4706-28d16d6b1cef547447e4d705dcc2a1cb.yaml |  4 +-
 ...4707-a63938534e67d796e6484c84d1211d1e.yaml |  4 +-
 ...4708-1ab755d3e95de25c386caeb2d042c3d1.yaml |  4 +-
 ...4709-fa8d9c6fc1b3f748c9c03e858b8946b9.yaml |  4 +-
 ...4710-92919ce0eb17b0cea216462cfde732e2.yaml |  4 +-
 ...4712-93e983f709a0a8202ff094d785febb7b.yaml |  4 +-
 ...4713-d10884d848b4b49b542895ed8b750487.yaml | 14 ++---
 ...4714-490b87f43f2fe349a60db708b8fdfe27.yaml |  4 +-
 ...4716-b99ab0aa7e8eaa169d59d870ba15e44f.yaml |  4 +-
 ...4718-021b10291895f49c72c52c95a60965eb.yaml |  4 +-
 ...4720-10faa8f7dbe39946fc1591dc4a29cfc1.yaml |  4 +-
 ...4721-8187837c8e502d478100e3984ca296fb.yaml |  4 +-
 ...4723-0b686c4cb6f413d46dafa7ed933109c6.yaml |  4 +-
 ...4724-953e4421c93547e97fe8ff565f4ade18.yaml |  4 +-
 ...4726-bac170dcd3835d8bbf7c00e58b6af261.yaml |  4 +-
 ...4727-a56a10763fef9c6c1ee5edbd42a68314.yaml |  4 +-
 ...4728-cce20befda4e7caf1b066f754d7a6624.yaml |  4 +-
 ...4729-5de20b622f7b3426c6426e4d509bd26e.yaml |  4 +-
 ...4732-f6e79c74546c68ce5cae314ffc286a54.yaml |  4 +-
 ...4733-477f1ad4dc386cbc51b27ed2633fd23f.yaml |  4 +-
 ...4734-bd35c1f22ebbbba8b36bd6df988b805a.yaml |  4 +-
 ...4736-b62cd969ddcf5b8e9b0c69558a4a4184.yaml |  4 +-
 ...4737-0bc93e8d9149869cc1871c88dbbfb381.yaml |  4 +-
 ...4738-426067a3112463f4371753090e35be9b.yaml |  4 +-
 ...4740-a9f74f94f7fdfe42f50099f4c0f55e53.yaml |  4 +-
 ...4743-e54fc04abf0b5b0662339153e1522a1e.yaml |  4 +-
 ...4744-14cc2ff52c2662c5bebf9121075ccf4f.yaml |  4 +-
 ...4745-0b3e32c5343e2d92c6dd937071e516b1.yaml |  4 +-
 ...4747-cc60724a02e2069155463638fe585163.yaml |  4 +-
 ...4748-6ebfe44ebffa047243d43e4d8e8b6f78.yaml |  4 +-
 ...4750-8bca0401c2687aab215b4ddd44231c26.yaml |  4 +-
 ...4751-207f8d3483b6bc918c2a6bbcc21fd35b.yaml |  4 +-
 ...4752-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml | 14 ++---
 ...4753-b5ff51b3c591b9026f1ed0c5c634aabc.yaml |  4 +-
 ...4754-b48bd5a9b387deec2652bf65a2f60d36.yaml |  4 +-
 ...4755-a4073afeed9945d540c4483af566c48e.yaml |  4 +-
 ...4756-a51f4e9f249cf27f338341ad1f220702.yaml |  4 +-
 ...4758-ed713a06b3f7e4b3455b2dcdb9972457.yaml |  4 +-
 ...4759-732f3abc36bb4bb116e7c8687f86e2aa.yaml |  4 +-
 ...4760-a843323be037daf5f3b8528ace16935d.yaml |  4 +-
 ...4761-4c143b0897524c6ae94ca24b5d894e6a.yaml |  4 +-
 ...4763-a8d322ee7f2a3aae906b690c8d232e76.yaml |  4 +-
 ...4768-c9743e9890778c464db472a56cb6fc0e.yaml |  4 +-
 ...4769-e32cc6e85c9fbac88c9c7b48d1277259.yaml |  4 +-
 ...4770-bcf6a8a116341bcac1e69fe2f154a5e2.yaml |  4 +-
 ...4771-2a97538728d15bbfb55e66c4649885a4.yaml |  4 +-
 ...4772-439ba91c06350a9c8bb984e5dff1a4a4.yaml |  4 +-
 ...4773-bc9258a94f7c2dba9bd7d9f332571167.yaml |  4 +-
 ...4774-88a3c1a86120c49f8c7acdd40fc0ba9b.yaml |  4 +-
 ...4777-e36d961a443fc07bfdc5e0b939b3e6e6.yaml |  4 +-
 ...4778-1ff709162f10c9c6eac55480ea55c5a7.yaml |  4 +-
 ...4782-4ccd73756d3ff800ac0459f5347027d3.yaml |  4 +-
 ...4785-a9ade0513aa1dccbdad4ffd99dcceb42.yaml |  4 +-
 ...4786-ee37641121dd5ca3e58a921bd679af5c.yaml |  4 +-
 ...4787-f12b94e3ed29f6a01de55ac0eaeeefde.yaml |  4 +-
 ...4788-5fc1378196caf660cea9b35242972f9a.yaml |  4 +-
 ...4789-49a588fa69586f2484ce1bba5358bbd9.yaml |  4 +-
 ...4791-4e85b966f722637fb8ba38d8dce7367a.yaml |  4 +-
 ...4793-ce2aa47cca210105b9ad928ad1c57540.yaml |  4 +-
 ...4794-1f71cd156c1c7a7919178911b00bc151.yaml |  4 +-
 ...4796-77e642ff24948f5be818c3b7338e42ce.yaml |  4 +-
 ...4800-076d6aabf5652856b3ecd43b1d4071c7.yaml |  4 +-
 ...4803-ed27c4cd836ec804d97b971161525852.yaml |  4 +-
 ...4804-3ada0767be249ce4ccbdfd9339b2ad7e.yaml |  4 +-
 ...4807-c1a62af10487c310f7866304f28fe56c.yaml |  4 +-
 ...4809-aa4a0e71714152916ddf88945c46dfa0.yaml |  4 +-
 ...4810-b1c130064cba38fde3b249c93cb244d8.yaml |  4 +-
 ...4811-2bd96fa6fc397c3dffcc3e90ed6550f2.yaml |  4 +-
 ...4812-7f5e21acda03d1d7fde69a880719d61b.yaml |  4 +-
 ...4813-a5068346d1e00e358b18b96ff80d8028.yaml |  4 +-
 ...4815-89760f3ab457772708d08bbbb7ce1092.yaml |  4 +-
 ...4817-a8cfb826ae3cd1e60648ab483d0a35aa.yaml |  4 +-
 ...4819-4f011bf5e0985256ce0dc243eb8712f9.yaml |  4 +-
 ...4820-f3802a1bd27cc43cf9c93101d4cbaed4.yaml |  4 +-
 ...4821-a663013695ba225f715bd4ecd0b647ba.yaml |  4 +-
 ...4822-17f69747f5418f0c498184d7a40cd5d8.yaml |  4 +-
 ...4823-2a20c012892057123c0688f9b3a4ff38.yaml |  4 +-
 ...4825-ef34cbe0110e2c6603d8d105d71a9566.yaml |  4 +-
 ...4826-2c26192ebe7847230519e6e8ccb48b5f.yaml |  4 +-
 ...4828-f33817d1f67c73c0784fb9213086394b.yaml |  4 +-
 ...4829-4fea783b4afcd4b123f2e73a82fb91f6.yaml |  4 +-
 ...4830-86962de7248a9bc1e25d4d3ee2951f2c.yaml |  4 +-
 ...4832-0da88a23adab8991ac9273c6a18e2665.yaml |  4 +-
 ...4833-2209fd73f482335c124e2a704dbac383.yaml |  4 +-
 ...4834-0779481b7f80c0411ff97013b26aee05.yaml |  4 +-
 ...4835-21c7f53627abc5f5c7e2ab4c4c0be8ef.yaml |  4 +-
 ...4837-d2daaa3d964f6f32895fca6e21e6cab6.yaml |  4 +-
 ...4840-301d4c247a680f6ce86b39ab492df068.yaml |  4 +-
 ...4841-7344a2ea198088e725e4c36ccf66d66c.yaml |  4 +-
 ...4845-300fd59e3797ac35e26fb3e33490ca99.yaml |  4 +-
 ...4846-7561b8c1f99227b7381d59264fa6815d.yaml |  4 +-
 ...4847-81580e623be1bd11eb139b9bedb99985.yaml |  4 +-
 ...4848-66ac5cf55cb601e1e04c93898023eadb.yaml |  4 +-
 ...4850-888c0d96bb5c45a5559094f92be9b42d.yaml |  4 +-
 ...4854-c050d4c8a8366a715e53188fca3792c1.yaml |  4 +-
 ...4855-68e029abe789ad7c1ac8726ecdc73f1e.yaml |  4 +-
 ...4856-13647ac0f5697b4e3d7374c8bbd8f571.yaml |  4 +-
 ...4858-11d8ae615e422011cdb2e654cf3c2a37.yaml |  4 +-
 ...4860-a6117f5c5b129c85596c75822f81da17.yaml |  4 +-
 ...4861-498d9280bb627df5ee0fc3435bab6bb8.yaml |  4 +-
 ...4862-1ae4dd533f16291d906e419f9b6a90b5.yaml |  4 +-
 ...4864-0ad53ed111e4c9bd0fa768a28b64118e.yaml |  4 +-
 ...4865-386512462e991dca6695af0141e48ca0.yaml |  4 +-
 ...4866-f5497363e91c49e85823434d8464dab9.yaml |  4 +-
 ...4869-a984dcb982c3439de2d89b2a845332c4.yaml |  4 +-
 ...4870-c21f1786e3abdb7c657091d8024583d5.yaml |  4 +-
 ...4871-a48251c3741e5bdda10cc3847e3d84b2.yaml |  4 +-
 ...4877-f00ee035f691e855432693cfeab4496d.yaml |  4 +-
 ...4880-b305b8b934fd913e3c8bf40e033b8b8e.yaml |  4 +-
 ...4882-173ff175ba6504a9e007b9120074cdb1.yaml |  4 +-
 ...4883-d4b97461c23d3e553d4dc5a4ed959427.yaml |  4 +-
 ...4884-437b9be662132aed2b43b674efcda98c.yaml |  4 +-
 ...4888-680976f321c5a9425e00ce5d5ee1cc42.yaml |  4 +-
 ...4889-8af21f8f0c6e953daf8df61c5c7a078e.yaml |  4 +-
 ...4891-e1d6d92659e9b697c29f278d3aacc568.yaml |  4 +-
 ...4895-a97afd1d52e8ec7c0950d3b4bfa966dc.yaml |  4 +-
 ...4896-b4c4ff584d962e0bfb58568b73a5ecd3.yaml |  4 +-
 ...4897-e650ec648b3137d2000a4e41f6b87363.yaml |  4 +-
 ...4898-3f51c790e689dcb447adc1ee79fee545.yaml |  4 +-
 ...4899-5a607f07c740543865789590cbca6639.yaml |  4 +-
 ...4900-406776aa8100e59355ccb6cf6b38aab0.yaml |  4 +-
 ...4901-cb74790ba4bbb7de85dca1c3cb33c74c.yaml |  4 +-
 ...4902-2dfca9afbcd5108da5d0b371a8c3da93.yaml |  4 +-
 ...4903-eca8e288e4dc717ec25c774372f69b42.yaml |  4 +-
 ...4904-51d2a215a7382b06f6f66c19158d7560.yaml |  4 +-
 ...4905-0ac820af26b82917a9384c67560e13a6.yaml |  4 +-
 ...4911-d8f6d24ae9aefabd89bc3732379fc08a.yaml |  4 +-
 ...4912-99547d0fc21ffda2676b791122585c77.yaml |  4 +-
 ...4918-da6dd99d1493b082c05d60ab888f9ef0.yaml |  4 +-
 ...4919-38cfa7354fceb66defa5b11a8b1426c0.yaml |  4 +-
 ...4920-d0adb6ab141d87bc7e2689c3386228f9.yaml |  4 +-
 ...4922-45d861039b945e03d43af50c9dafa301.yaml |  4 +-
 ...4928-b1810213664dbc480df9bda4d5950322.yaml |  4 +-
 ...4930-9ae477d5648cc901734eab0eec621bd2.yaml |  4 +-
 ...4936-388ae826ccb91352f7d4e90d33114225.yaml |  4 +-
 ...4942-15bf765de2821299511e8bf3105d6965.yaml |  4 +-
 ...4944-c65dc1c886e5406e004d2361f156725f.yaml |  4 +-
 ...4950-f70ed327fff0a742246ce2b66447d100.yaml |  4 +-
 ...4951-12b3926da3c13269ad9e1faadb8734ac.yaml |  4 +-
 ...4952-88bf9af12ef5e38595f378ad9f2dcf87.yaml |  4 +-
 ...4958-30f045a25a21ac539fd3f995d744abbd.yaml |  4 +-
 ...4959-f523c60311785f4d77bdd4f2724550c9.yaml |  4 +-
 ...4960-1ea0fe6e846ccbee16701a333d122fbe.yaml |  4 +-
 ...4961-3384b3561233822afc35f30b762beb0e.yaml |  4 +-
 ...4962-7723e642214a4cc19dd0a90f922c5611.yaml | 12 ++--
 ...4964-5f623b9be5a2d2349866b91146be2f95.yaml |  4 +-
 ...4965-2357694d03c405e4b8e1df1be34f5e9f.yaml |  4 +-
 ...4968-deca81735cc88aee9510bee96ebea3f5.yaml |  4 +-
 ...4969-cf4fa8f0c990098bbe171db8d667a080.yaml |  4 +-
 ...4970-cae2253667a3a6e475a01cd76266d7d9.yaml |  4 +-
 ...4971-56eaa7b8dc455f22f829544599237693.yaml |  4 +-
 ...4972-e7103d15c56bf4b3a7eff2cebe3d9729.yaml |  4 +-
 ...4974-e33771324145cc65657e7a62ea2644b5.yaml |  4 +-
 ...4975-0a3b3d0ea7c2929f39d0e12eda2eee2b.yaml |  4 +-
 ...4981-133afc4fd6bf43efcd46913bc74537a5.yaml |  4 +-
 ...4986-cf1bd6ff01752966d1624646c80166a0.yaml |  4 +-
 ...4988-b26100fb2d07199c87c48d6d1e20e10e.yaml |  4 +-
 ...4992-456677c70a49bc1c088cafa5c6ef9da9.yaml |  4 +-
 ...4994-0bef183926021b3705ecb7e440cd2280.yaml |  4 +-
 ...4995-fb9f6e5f6b739b217a3c9294b96be3ec.yaml |  4 +-
 ...5002-6007b8b9442eb6013d2d90e94b8a6f90.yaml |  4 +-
 ...5004-0ca7c41649d0f082ad6681a5a0217ff7.yaml |  4 +-
 ...5005-01f666d1348f15c58dad4eff11007661.yaml |  4 +-
 ...5007-5efd9ccd23023c6687750d4699e0bae0.yaml |  4 +-
 ...5010-6dabd7288f9bf1aa4314c1230eb61170.yaml |  4 +-
 ...5013-ac09455e90923727a5127092ab5cf052.yaml |  4 +-
 ...5014-fdc54b4c35b7d9b62d80ce198388bdcb.yaml |  4 +-
 ...5018-c42befeaabe8cc2f04b4d79fa9968af7.yaml |  4 +-
 ...5021-2442f509b4c40ac50640a6c02e5c1509.yaml |  4 +-
 ...5023-221fa8b539336ea57a6760f06055d98c.yaml |  4 +-
 ...5026-c914118ffbfe0c8c975fe93b917507cf.yaml |  4 +-
 ...5029-9424f0d1add83019568a32a2d432a588.yaml |  4 +-
 ...5030-fb606eac6f1cd09b63793985561a9ded.yaml |  4 +-
 ...5037-814d85e88dab797899057f8e016cf74f.yaml |  4 +-
 ...5042-6d7c8242c157e79033d5cce1ebd197e9.yaml |  4 +-
 ...5045-d214d99e51223f558d7540a78be5f43a.yaml |  4 +-
 ...5046-61e330316e7097e0d9e2b13495d29a1f.yaml |  4 +-
 ...5048-48b0aa896289cd47d761dfb701222bb0.yaml |  4 +-
 ...5049-32e884b82485fb448af167a249e58037.yaml |  4 +-
 ...5050-3996e754fae7512574e32b3cc63b1ef7.yaml |  4 +-
 ...5051-53ff289b27bc5f383393c1a07c0f7797.yaml |  4 +-
 ...5052-42e2e881f29393c821ce6d432bf2a46a.yaml |  4 +-
 ...5053-ed25dc4554a62fa61ab6134b2e367cf7.yaml |  4 +-
 ...5054-8c686690daafe251c11d3b5105b46fb5.yaml |  4 +-
 ...5056-2955aefdf1cefad709d8b720d6db9ca9.yaml |  4 +-
 ...5057-31af361d998f1bee646666eb75e8dde6.yaml |  4 +-
 ...5058-073c84bcdcba646c59175dbb887b7a95.yaml |  4 +-
 ...5059-8a3bfba63e8785572c67f2c51b59a6d0.yaml |  4 +-
 ...5060-828427f0b9437525d7829a16b68575dc.yaml |  4 +-
 ...5064-d561f3d81e84a307c0bd1e31854171e0.yaml |  4 +-
 ...5066-88ca4a7bd7c66c74cd477716cd98c157.yaml |  4 +-
 ...5068-b2d6fe0a5065d0107b2198e03dfa4409.yaml |  4 +-
 ...5069-e5651ec96e6ca99165a7dcf4611fe4ad.yaml |  4 +-
 ...5073-498ee45b8c7fc3083e30dce9b4fdf901.yaml |  4 +-
 ...5075-b4ec89e0637e2a12e7606215722e4f54.yaml |  4 +-
 ...5076-36566c3afb06b969f751eee41300c71b.yaml |  4 +-
 ...5082-1f9ac7c68fe8ba8939533494bdaf6f2c.yaml |  4 +-
 ...5084-9b156b803761678f004bbe691278814c.yaml | 10 ++--
 ...5088-a8343a6c54d23e35a66b54c79a6e406e.yaml |  4 +-
 ...5090-422a760ab8a04278c237785bf5be638b.yaml |  4 +-
 ...5093-45cc93dab6d9a9c50a4569ff06d10d7a.yaml |  4 +-
 ...5094-fbd8ecc6dba160d0b0ce8ccb8069b0ff.yaml |  4 +-
 ...5097-d4cabd09aa67db7f89a13839c46aab51.yaml |  4 +-
 ...5105-0f70db17156622f62eb6b0301d900f5d.yaml |  4 +-
 ...5106-aa2d32a6da076063dc14a9036390d1fe.yaml |  4 +-
 ...5107-457136e7a482f19e1fb7eda420cd0512.yaml |  4 +-
 ...5108-28eb2dd9b394a6991989e0316614fa07.yaml |  4 +-
 ...5109-3fb7396e595eda0e4c64d906babd7ea9.yaml |  4 +-
 ...5117-230dca5ad7a4f65f364511571d38f472.yaml |  4 +-
 ...5119-b320e1c5f0dacab6b03f963021265f72.yaml |  4 +-
 ...5120-dcded48546674d8a7147bd7b9ee5af2d.yaml | 10 ++--
 ...6609-33e169ef58595c551d71b2a0f254c1a0.yaml |  4 +-
 ...6754-25ab8b4cfcb0262dc70ad0a958834bfd.yaml |  4 +-
 ...7349-45f3255db2b21cf02cfd20c83ca9648c.yaml |  4 +-
 ...8121-2d9ff787627cd2e1924f86a1568cd815.yaml |  4 +-
 ...3124-1e3e94ac66c9cccf9af54623829f9f1e.yaml |  4 +-
 ...3133-66e7875aa9a79f68060a917eb8074082.yaml |  4 +-
 ...1567-bdf53bf0d4580f34f6ebb2e5285d2f9e.yaml |  4 +-
 ...2789-749a7702ffa607983798f5d2868f83ea.yaml |  4 +-
 ...2790-487085694140471bbcc32f33541e46e2.yaml |  4 +-
 ...3849-db1fed2fca8e80d33156bce8fe1dd724.yaml |  4 +-
 ...3850-41374c7f8d145b4ed7aa35f41d920496.yaml |  4 +-
 ...3851-cdd44eb1f0b901b8f5061171a068c613.yaml |  4 +-
 ...3852-4411dec3eca9ec1ccdcf332ed790a4a3.yaml |  4 +-
 ...4619-febc39f061d4ea440e6c2d9bf3acdb4c.yaml |  4 +-
 ...4625-f55c5d00698b3df2b8933d7fd6999c2a.yaml |  4 +-
 ...4626-5a577e1325bef2936221483c67cddb03.yaml |  4 +-
 ...4627-451bef3a18327362fa560f933f5185ec.yaml |  4 +-
 ...4628-a3f7dace6308a168799f4b5efdcbf0fc.yaml |  4 +-
 ...4629-526f9a50eb94365c6edf2a44fc6ceed7.yaml |  4 +-
 ...4631-90997fecd42d62efb670daec1cf651f8.yaml |  4 +-
 ...4632-896998a582295bc584998dec0e35768b.yaml |  4 +-
 ...4633-ba80b860d4e6bf99a76e42ede7281809.yaml |  4 +-
 ...4634-6e0c27e6aa8bbd23ae1645c9db38ce34.yaml |  4 +-
 ...4636-a267ad47aaacbda283b13d30d0de08e1.yaml |  4 +-
 ...4637-a197637cb7c671923c50bb35a3955a77.yaml |  4 +-
 ...4638-6aa900a875605d12f51c36a7aee68e0c.yaml |  4 +-
 ...4639-010922f26f33a94ab231b7f0fdab049f.yaml |  4 +-
 ...4641-c6c1e0bf86c779c9f71689d63880acf1.yaml |  4 +-
 ...4645-8bf5f589d084befe53d71ebadbbe38a9.yaml |  4 +-
 ...4668-d45b3048f23bdc5676881ea128b4fe4b.yaml |  4 +-
 ...4675-8b8a23561a8628021b8646bf3571f1c0.yaml |  4 +-
 ...4676-bb95d05f96d844686568bca3576c4dd9.yaml |  4 +-
 ...6823-958209cd1cdd4ea5cb260b87d6b618da.yaml |  4 +-
 ...6826-8a54587701c521af8ba2b5105bfe686a.yaml |  4 +-
 ...6827-707e5bb3cb201f78de35f00133c00922.yaml |  4 +-
 ...6828-aab671eab1f3a35319bc119c20a62b84.yaml |  4 +-
 ...6829-992cb2db66581f66b70df8df6297f14c.yaml |  4 +-
 ...6830-8a14e10c4e61da2c2574a977cb4dd78d.yaml |  4 +-
 ...6832-de418588fa621f09a7aaad7d1520c591.yaml |  4 +-
 ...6833-d08e992a9c86b0410a9dd2a576aeae42.yaml |  4 +-
 ...6839-99651f4102212266ab89ea9f71ca952d.yaml |  4 +-
 ...6841-9e36292a7ac47d63600972695d9e0b66.yaml |  4 +-
 ...6843-3b1c84fb06bbfd928bb6bd8a2dc656bc.yaml |  4 +-
 ...6844-a4b9301f609713ae947856e0a785959d.yaml |  4 +-
 ...6845-c63c09dfe0443988600f74c6f35feaf4.yaml |  4 +-
 ...6846-07056c447bdab5ad6a1bdd36170bd91a.yaml |  4 +-
 ...6847-852d49969bf0838b042595dfd6400dc8.yaml |  4 +-
 ...6848-1588d8e6d7413910cf24de603f48ae6c.yaml |  4 +-
 ...6849-7512032bfe4cd740c20bf708ea302987.yaml |  4 +-
 ...6850-e76a25dd6d02a9976e1a45024d852c58.yaml |  4 +-
 ...6851-098a7c1e7e4a3294c0b3e783c9234d81.yaml |  4 +-
 ...6852-1ca57b94b0c3924da7aeb6a7b470fb34.yaml |  4 +-
 ...6854-5b1c2add49d2a47b01ab11a65c17a099.yaml |  4 +-
 ...6854-770cacdb7e6dbbed594d0162d09eaa1e.yaml |  4 +-
 ...6855-a730585b1aab8262e7f092340f9d0036.yaml |  4 +-
 ...6857-ebb1ebcf4f2c8c10213c00b9f2126830.yaml |  4 +-
 ...6858-f27a4c95db01a4a56d77711f77220046.yaml |  4 +-
 ...6861-d096551cc11e027298b83171a2a3683a.yaml |  4 +-
 ...6863-ce3f05ae5116fef07efba37ae58297b9.yaml |  4 +-
 ...6866-e4f1d5f5dc814ad4d0bdfba0ea143852.yaml |  4 +-
 ...6867-23d65a0c7f78efb0a00d9004db77bb73.yaml |  4 +-
 ...6870-69aedfc905a5a0f0e668841416c424fd.yaml |  4 +-
 ...6871-622602817799a1869bfcc5c18c23392a.yaml |  4 +-
 ...6872-05a7a0498d570dab847e4a9ab6951cdd.yaml |  4 +-
 ...6873-13327063860a0ee0e2e86f1e87898320.yaml |  4 +-
 ...6874-992243a3e82e516c6ec6b7febbf82953.yaml |  4 +-
 ...6884-62786f2608f27a539a0474c4d2ebfa59.yaml |  4 +-
 ...6885-a479da98606812ed965dd3889c1983c1.yaml |  4 +-
 ...6887-7493b4e361e65fc33d302e9a8676eef5.yaml |  4 +-
 ...6889-cdde9db33caece636f624a4e888cbf55.yaml |  4 +-
 ...6893-7cfb9c8a38b02b5d1f8df2ea212c2f3b.yaml |  4 +-
 ...6896-a5038f440967c1bd1e883ce46373e9e5.yaml |  4 +-
 ...6898-4023135654a032018b1b7ca568ed38d7.yaml |  4 +-
 ...6905-ecadda5bda84d8a0b69e1131abec5fcf.yaml |  4 +-
 ...6908-1ac9ed75dda676d9de3cd3380fd4d32a.yaml |  4 +-
 ...6910-e587e1665fb732b10014cf1110ac13b4.yaml |  4 +-
 ...6911-2faa74d51969fb024a7d850a91d6917b.yaml |  4 +-
 ...6912-d6ab389c616dfd2cb30cbd7db8473c95.yaml |  4 +-
 ...6913-8eae6b3d481165727afe77f464d11a2d.yaml |  4 +-
 ...6915-da13e940921b9b4b286d3e79be1e9d85.yaml |  4 +-
 ...6916-a5da2259e66916eeb957e15e5b2a199e.yaml |  4 +-
 ...8314-97e559b0ee0d8f7ed9a23afb1d3a5dfd.yaml |  4 +-
 ...8324-41e16d89dcc64533542d0355200f7979.yaml |  4 +-
 ...8342-fa85581f8faec8e54a152a5a0efaf823.yaml |  4 +-
 ...8344-51d48891356faa4b5ee750ea40af7e8d.yaml |  4 +-
 ...8346-a5ce2d4f9e1b1bb323f57b01146d769b.yaml |  4 +-
 ...8360-76cc9ef157cda8ab12c517a7c91088af.yaml |  4 +-
 ...9201-65fb786a832ae70556835ff6a5bf2139.yaml |  4 +-
 ...9203-a7765f598fd1a7f35b5c80f721d18a4c.yaml |  4 +-
 ...9317-f89ee1fe18d2f93346e76054105f5916.yaml | 14 ++---
 ...9328-77686428a77d266ce22bfe59b8ab3fea.yaml |  4 +-
 ...9329-dbbebd9fd091a5f8a7900f65f6287602.yaml |  4 +-
 ...9332-24e7ccbee7ca416ae56183733be3750e.yaml |  4 +-
 ...9334-4b6c5be1fe7b22ce9d31baa1ab6b6513.yaml |  4 +-
 ...9335-17d9d2647ecfd4b0be797349f3817c27.yaml |  4 +-
 ...9336-10474b54f82207cb48d47efc5316fa08.yaml |  4 +-
 ...9337-c57a50def1ef305a4e8acb9063bb5142.yaml |  4 +-
 ...9338-7b501f3b3223dc999faba6ed8169a765.yaml |  4 +-
 ...9340-eae4213a5c0782ae01f44dd9c21edcbb.yaml |  4 +-
 ...9343-c8b3ba4607788e0f441ac762600baab2.yaml |  4 +-
 ...9344-c6a3bc41ee8a2ee4ea6023cb51c1bb30.yaml |  4 +-
 ...9345-06dfe81bc3a355cd7801ee39e75e5076.yaml |  4 +-
 ...9346-071e46b1422bc01b590261a3c5a56383.yaml |  4 +-
 ...9347-47381a600b8cc2173f5be6a0287dc5d1.yaml |  4 +-
 ...9348-a6e9d3ad722034f3a564750baa53887c.yaml |  4 +-
 ...9349-6674d09f375c0a0c6100b633268f7e7c.yaml |  4 +-
 ...9351-b6ce71d23b8bb3b641046b5238bd95ce.yaml |  4 +-
 ...9352-ede5967c43f0c429d90aef07bf32832d.yaml |  4 +-
 ...9353-3cf0c7158d6fa6e72389913fb8e96f48.yaml |  4 +-
 ...9355-738cbcde2d8ae9b069d1cee10adc6b90.yaml |  4 +-
 ...9356-a29cb4528fb3dd359faf1d68a8cf9ee1.yaml |  4 +-
 ...9357-58a6911fd3193aa0bffa110e873b9369.yaml |  4 +-
 ...4074-f7ea807ec289aa8d8be34a1208e9ebb9.yaml |  4 +-
 ...4096-16fc618536c8b0d70612472b29c155c9.yaml |  4 +-
 ...4134-d8e9444efeb93debc442fb77c567fbad.yaml |  4 +-
 ...1836-b1767ac6c4058810b3f215f7aa0668ab.yaml |  4 +-
 ...4208-e3d531049fbe8d4cfc0687a776a83ff1.yaml |  4 +-
 ...4222-ac056be778ddfca7dda3b1e72c3f8315.yaml |  4 +-
 ...4225-f55d9ddf38ced2af39de4e46518b9654.yaml |  4 +-
 ...2358-e81493486edc65b51a46933e4d69c1ae.yaml |  4 +-
 ...2361-b66a39c48610a87259a172e4f5cf2fee.yaml |  4 +-
 ...2362-9912c297cff35bf8bf01c7b24d0db7f5.yaml |  4 +-
 ...2364-6c87924dbb6c43a2f1ddf339475f1f21.yaml |  4 +-
 ...2365-536f8f709fcfc0e34ccf2b79f3c436d7.yaml |  4 +-
 ...2367-51f425b2b47157be5d941492e7da4019.yaml |  4 +-
 ...4330-e259392e4e0f5c005c71447bf33a289e.yaml | 14 ++---
 ...4331-ad74c1853755393f0d665754f820d681.yaml | 14 ++---
 ...4332-28b13ccb507cfeb174aa819fc3235b5f.yaml |  4 +-
 ...3353-3e9db5ca5f74e03bc884849a472e7363.yaml |  4 +-
 ...4337-05a9cfff31ff66f2865f7b47e03322c5.yaml | 12 ++--
 ...4338-e5012481eb3358496d9e8266284a0c72.yaml |  4 +-
 ...3408-f8c9b929aeaeb9c8fafdde93d3c6755f.yaml |  4 +-
 ...3409-41c658cc02437ea28ef89a50228368a2.yaml |  4 +-
 ...4347-c176f376f5ace8dd8c28eea850150499.yaml |  4 +-
 ...4349-dc3e0c6c532d55735bad2ab0a9b29d39.yaml |  4 +-
 ...4352-91fa130b7c3ea6431b231102505db7d5.yaml |  4 +-
 ...4354-fe4487fc151c051d39c023720ae70292.yaml |  4 +-
 ...4364-a81ba5cd5b7c78f82a652995b8b78367.yaml |  4 +-
 ...4366-a3f1f9f4718f614e268d95c106a320c2.yaml |  4 +-
 ...4367-ec6ef7f01d456e74c1ef5bcee54d14d6.yaml |  4 +-
 ...4368-6555d944c0da7a05c7a9f7417ba389b0.yaml |  4 +-
 ...4370-3262dd8277294ea89d83139475cd5b78.yaml |  4 +-
 ...4371-18ba5164adc930f4c13bf8eac8771529.yaml |  4 +-
 ...4372-e783401602a498d4131896498c1a16c5.yaml |  4 +-
 ...4373-1bccfaa95263e0cba6cdbff0fea9a636.yaml |  4 +-
 ...4376-4e4599c0d5b0830c29196e68a72f1714.yaml |  4 +-
 ...4378-34686e9b40a6d9c4dcc8e1fbb6d4343b.yaml |  4 +-
 ...4379-fdd08f1e50818f896e8c8a898740f26b.yaml |  4 +-
 ...4382-623ee8a736cc9ca7598f1fcb6de572f9.yaml |  4 +-
 ...4383-f945b2013c9f8db455b1c19cba6e241e.yaml |  4 +-
 ...4388-92760ee1af263e3e31758b506a58ef85.yaml |  4 +-
 ...4401-28932f902044dea62ee1c6a2f1f7a4c4.yaml |  4 +-
 ...4428-9dec9c9b266000df591dc3dcef1e7d84.yaml |  4 +-
 ...4779-d0a082141e820d78d2c62d7167bca620.yaml |  4 +-
 ...5729-a2596cd818b9e76da96ce78707638a4c.yaml |  4 +-
 ...0134-b59e16af89b52cabb8769776994f8e59.yaml |  4 +-
 ...0141-bbd390969a32b30a2e60ec6fbae2e10c.yaml |  4 +-
 ...0163-3928f6f30c541722320412a9e71021b8.yaml |  4 +-
 ...0164-590623a5d7befa81a3dd4c5d938153e0.yaml |  4 +-
 ...0180-1cb4591e0480a2550d32c48672d101ca.yaml |  4 +-
 ...0182-b13bd75954a4a1908d54b2904726ac6a.yaml |  4 +-
 ...0186-40a15a1270025c5cb430a29eea6824ae.yaml |  4 +-
 ...0190-f2687a211e25f95aa3e0981921986366.yaml |  4 +-
 ...0205-7a46739bfced50470df5ec8fce622b5b.yaml |  4 +-
 ...0209-0c15ed5f69fa39b17ef98a0065e40d8c.yaml |  4 +-
 ...0210-6cbcd9de8a0bffdfb0e1ab93c491bf62.yaml |  4 +-
 ...0211-90c7f750404de09cdcd8955a310ab0ab.yaml |  4 +-
 ...0215-16223cc2976f7faa5fb929bf7546e0a0.yaml |  4 +-
 ...0215-5dc88e8bebac4fb35e29ff329ac029fd.yaml |  4 +-
 ...0215-9c997af79b10bc0805f0be2e95bc48ad.yaml |  4 +-
 ...0228-b04ad422f3446dde9c13618b34ff98a5.yaml |  4 +-
 ...0230-e5558e0a5f22ef3f76543aa9614d9789.yaml |  4 +-
 ...0232-c0cb327a973fcb4e19ac20c22cf757a3.yaml |  4 +-
 ...0233-b38eda58adcd55c816f6214da161bc56.yaml |  4 +-
 ...0254-e1ad6d026d68d47f5c4c4162b3b2d312.yaml |  4 +-
 ...0255-b872392d30229399db8513dcb00793fb.yaml |  4 +-
 ...0267-d9b7905c602159e1d431254ae8993ca0.yaml |  4 +-
 ...0287-dab92fc7cb3e34a6cce738aec497ec2e.yaml |  4 +-
 ...0316-5bf9d91713d8c35818245877f73557be.yaml | 10 ++--
 ...0328-127d546d7f94ec42c9601b4f8349bbdc.yaml |  4 +-
 ...0360-e9ce7b3589ea1d2e769d3fe233efa510.yaml |  4 +-
 ...0363-6420c7d64b9445ffc9ff5c8ed72e1368.yaml |  4 +-
 ...0364-f91654e07624f568e772537007d8ac97.yaml |  4 +-
 ...0376-ef13d8f60909d5e2009ffdcbdc23e29a.yaml |  4 +-
 ...0383-de4b42af1ef3e90d957d2f6f01c968f1.yaml |  4 +-
 ...0388-205de06070622aab10eb1bdf566b37c2.yaml |  4 +-
 ...0389-1b5cbc1452a8c85b5da51d915487aec1.yaml |  4 +-
 ...0404-2c15d4e93f6f6d616a273e49657a41e3.yaml |  4 +-
 ...0410-1be66c0880c6c44fa345977c011d45e4.yaml |  4 +-
 ...0411-d9dc418339bf1c25423bb7e18f222c8e.yaml |  4 +-
 ...0412-c1e85ed5dbff1aadf024b8bce56884f9.yaml | 10 ++--
 ...0418-8aead4340d12e591a0e0e1fb46dd9226.yaml |  4 +-
 ...0420-a93b511e834ddd2e10f787cf551e0214.yaml |  4 +-
 ...0423-6daeff7e508f05aeef343934c15a7178.yaml |  4 +-
 ...0439-b5e4b4063141fbe3f98d4c057142e54f.yaml |  4 +-
 ...0440-b60d38a6f27b4184d7cf8b134a701e36.yaml |  4 +-
 ...0446-decbeaef5c23a80c05557edd9e92444e.yaml |  4 +-
 ...0448-b6fdd6c618695aebb9014f9dd705ea55.yaml |  4 +-
 ...0450-800833211422a31fa0bc329389e6ba63.yaml |  4 +-
 ...0478-6a54d7f93d8962555c63afb66d95fb68.yaml |  4 +-
 ...0493-54ef8279e490c1378421576f13667db9.yaml |  4 +-
 ...0499-63d4ee9917fcafc47225c3c77377bf2f.yaml |  4 +-
 ...0535-cc85fecce61e81ebcfd16fc13ed35220.yaml |  4 +-
 ...0537-14a7ffa14fbeefc172000dc0caefb552.yaml |  4 +-
 ...0541-9447e0c2ffa1a53245e3f3fb0bac226a.yaml |  4 +-
 ...0590-cad2b6b8af5079972fa1531cce991f4d.yaml |  4 +-
 ...0592-e1d4b31d2e512648b34fb410fc6ac542.yaml |  4 +-
 ...0598-a833ece3f343246705571f6788efd405.yaml |  4 +-
 ...0626-b5af9134a0dd9c46b02e9a0fe6e4c234.yaml |  4 +-
 ...0633-50aa046ee7fe3b1495c79cf309977bf9.yaml | 16 ++---
 ...0642-557dc76e2c2294cd33c5721f9ecf01e7.yaml |  4 +-
 ...0649-404d802e6aee5b15a871049b9ffff69a.yaml |  4 +-
 ...0653-f044be0e1e4c22699ad8261226bc2dd0.yaml |  4 +-
 ...0659-52c19ba3b4c4a4e86f87839bb901d71b.yaml |  4 +-
 ...0661-55f4a1b139d90fca33a89ff564faba6b.yaml |  4 +-
 ...0662-d07cf22ef8f576e671dbb7b3eafdf13a.yaml |  4 +-
 ...0663-1d90f05eb3de7b1b2997cada03edccfe.yaml |  4 +-
 ...0674-54befb9e4a40b2daeebffb4c52b40b61.yaml |  4 +-
 ...0684-1663017756a06282bb3d18d015739d82.yaml |  4 +-
 ...0687-bb8040f6049d728dd727ac789ea87332.yaml |  4 +-
 ...0700-d24630671f65fdbbb367bb893bfade3c.yaml |  4 +-
 ...0701-1d87fdeb396f4600b280560afe2112ee.yaml |  4 +-
 ...0702-4aabb12734f76649f5626710ac0ad1d9.yaml |  4 +-
 ...0703-8ac9cdbd4cf7676c20528abcd5d7ef87.yaml |  4 +-
 ...0706-8bf5f3c88eae040df5c93bb90ba373a1.yaml |  4 +-
 ...0707-a5ae13191d707f6528df2db00d64b11b.yaml |  4 +-
 ...0728-823ea976111689a9bb4045475cc60c43.yaml |  4 +-
 ...0737-c38399df1330c2dfd449ee16ef7996a9.yaml |  4 +-
 ...0750-4086b1cacdc76d37665a053863a25b12.yaml |  4 +-
 ...0765-d8800c16823f2094a6d5c651646d84fa.yaml |  4 +-
 ...0770-d02f0d7121f40075980c3a177c578c3f.yaml | 12 ++--
 ...0783-72a5beaa06012eefbccaf7bb2be8aca6.yaml |  4 +-
 ...0814-f2c3929c09b259d783ad3e308478fb8e.yaml |  4 +-
 ...0826-259e85ddeb38f519130917626241cfb2.yaml |  4 +-
 ...0840-d9a381f55de2cbcc100fd4387b57379e.yaml |  4 +-
 ...0863-b7954fa43e16eb8eb1a34f4e676a00e3.yaml |  4 +-
 ...0873-feb8ea008986699e99b1ae18448b79c3.yaml |  4 +-
 ...0874-7b54be45a2f07bfa9d249dae96b2b8a9.yaml |  4 +-
 ...0875-0afb6b2d10846bc66cf5079f2d5cff9d.yaml |  4 +-
 ...0876-cf20fa8408c9425d9c1e30f3c5cdbbda.yaml |  4 +-
 ...0884-d50bca474bfff7b87f9bd013b925f56e.yaml |  4 +-
 ...0887-61a927bc340bb105a879f38c8d71f797.yaml |  4 +-
 ...0889-b97c4bb0c30e63e1bfc74807877230de.yaml |  4 +-
 ...0898-edf371c1f05d5a891d28a3a64c575117.yaml |  4 +-
 ...0899-54aadf8fe607e5a163f75b88f9bb6921.yaml |  4 +-
 ...0901-085734e6e575cc721d044070dab37117.yaml | 10 ++--
 ...0948-484dd45c6c89790208a6369cc9e3257b.yaml |  4 +-
 ...0958-cf0f772efb4c9beac6971570b02c3073.yaml |  4 +-
 ...0969-7ae1e981db663479bebe95d4fc6e1fb9.yaml |  4 +-
 ...0993-158366fe9b5b0baf92dc531e125fc491.yaml |  4 +-
 ...0994-198731eb0d140b29cd1b351f123496f9.yaml |  4 +-
 ...1001-c8a533331a66588a41e484e2593bc634.yaml |  4 +-
 ...1006-a9aa77a954191266292b06f87ea42806.yaml |  4 +-
 ...1008-a9a32f74174df8c480433ef7ce05b39d.yaml |  4 +-
 ...1009-7a3ab4b4d26a299b96225464ccb1d356.yaml |  4 +-
 ...1010-73c8c687b5d5c2441c948ce0feefccb9.yaml |  4 +-
 ...1020-e2d12fb1743cf7c34146fef09c867ef4.yaml |  4 +-
 ...1023-39c09063986ff422c9e20ab8b773f550.yaml |  4 +-
 ...1027-7e7d3fe35e3640caa3a72acaf61512d5.yaml |  4 +-
 ...1028-8e950dd64eb760b48f921b3528ca5c9f.yaml |  4 +-
 ...1029-6f5594aa21d74ab20f466ec04157beee.yaml |  4 +-
 ...1046-02a51eb116d83b932887ff5f7b3fb4a8.yaml |  4 +-
 ...1051-399a0cfb0032357f26f899d011d7490f.yaml |  4 +-
 ...1062-f1d890dd18142758b1c8cdecbd50795b.yaml |  4 +-
 ...1063-5e0fa9fcba55bce0a7d159ec1d8e3486.yaml |  4 +-
 ...1088-9a80eb4e9ae6ba3b2c9128c9152fe450.yaml |  4 +-
 ...1089-4f2b194ecb7432206d5e63b6f9923644.yaml |  4 +-
 ...1090-50f3d46f270e4758bbe32a2e3166c5bc.yaml |  4 +-
 ...1092-7b33af13dcbb1f6cea4e6cd4849f85c9.yaml |  4 +-
 ...1093-2e08f88f4d646fb37132bf634ea9d86a.yaml |  4 +-
 ...1094-5ff51e8e3d70f359c04a37d7bd2f99bd.yaml |  4 +-
 ...1095-115be693fa2aef7e78774bec69a9ed0c.yaml |  4 +-
 ...1103-501a1f4c716dcfc5dbf27f3bb41b2666.yaml |  4 +-
 ...1104-de64ee696bec8d009d778000d64252b8.yaml |  4 +-
 ...1112-ad0620cb04a8c4743efa183697178556.yaml |  4 +-
 ...1113-4d590f8cfc3cb04affd33a6ac18e5217.yaml |  4 +-
 ...1123-7f6d3b4e502f3e87f036376c050085cb.yaml |  4 +-
 ...1153-7b9f5b71ec8719bf9a8cb5694942faa9.yaml |  4 +-
 ...1156-01ed1eb8aac2e68ae5c276ba61ed6aed.yaml |  4 +-
 ...1167-3dadecf90476b3cb59a265c7ae6d0c01.yaml |  4 +-
 ...1168-1af02924d8ed846b859206c9bcd93941.yaml |  4 +-
 ...1169-0b2658951b7cfc28db2aef3263c845a3.yaml |  4 +-
 ...1182-1302cc789091d34c6db79147cc295acd.yaml |  4 +-
 ...1203-1c3db202ed4136234a7dba357e335f3e.yaml |  4 +-
 ...1208-d6ddc334180239abe617a7bb4b11e74b.yaml |  4 +-
 ...1217-f62cbc07d0c97caefc6751d0180dc663.yaml |  4 +-
 ...1228-3e83969edc359576afe93a3a140053fe.yaml |  4 +-
 ...1251-1c2da71dac8a1ffb07f1c87e262b5e0e.yaml |  4 +-
 ...1255-b7e40dcc40f790ccf1ceff5a8722305f.yaml |  4 +-
 ...1265-8d9d8e003ce03da674f1adc87ce55135.yaml |  4 +-
 ...1266-1ddfe592d879bc70e98e16d6c917ddd6.yaml |  4 +-
 ...1269-02b84b42a8b3e6e7dc009b5046e38b5a.yaml |  4 +-
 ...1273-70ada96da95be698f6717e6048a6ec59.yaml |  4 +-
 ...1275-1bdbe0eed23754132ebb7324a7cbafe1.yaml |  4 +-
 ...1281-b9e46f23f1c3c438cdb8dc39395715de.yaml |  4 +-
 ...1282-1defc4b79b3e0026fa5b8dc78f8c4d1d.yaml |  4 +-
 ...1294-d08f135748c79437965679674f4da9c2.yaml |  4 +-
 ...1298-f48a8e9c9fcbd8cc7a0d7249289e3206.yaml |  4 +-
 ...1299-74a8ac0075a235e0a0c14b0719aab19b.yaml |  4 +-
 ...1301-d8df0d0d76816bab3218aaeebd329b4b.yaml |  4 +-
 ...1303-dba115ec2b96e48bab904dedd2103380.yaml |  4 +-
 ...1320-330b086d5a163173ce80e7bcf35592b2.yaml |  4 +-
 ...1321-4764645e6471ac58214ba2ea5f55bde8.yaml |  4 +-
 ...1322-943971993cbe3a7f3e1700395fdc37bf.yaml |  4 +-
 ...1323-3cce740c3da6d548d8d19689826c4cf1.yaml |  4 +-
 ...1324-bb6d2bf0f5a8a794df5c5f921c8ed2d6.yaml |  4 +-
 ...1326-96b39b472ca8eccbec11e47f253c80b8.yaml |  4 +-
 ...1327-c27095e826fc99d4e3ff59487183eb49.yaml |  4 +-
 ...1334-ed930301ff6966bb2b42fba1c213a244.yaml |  4 +-
 ...1335-315a1c5d119a58cae4d57802c27a1504.yaml |  4 +-
 ...1336-3a426a819fa4af21ed44f2fbb809eae0.yaml |  4 +-
 ...1338-667161af8562bbf0616cde527e940c70.yaml |  4 +-
 ...1386-d882958bab372a69d811837406b3986e.yaml | 16 ++---
 ...1387-42ee0da57f529d4a1f0ef2f4cdec544f.yaml |  4 +-
 ...1391-850cdc2bb11e2c84c49d36aadc35f92a.yaml |  4 +-
 ...1393-8e8d26048a256bd2a6af10c450c287bb.yaml |  4 +-
 ...1394-cde70bc716e26c33fb792a26b5c7f5b0.yaml |  4 +-
 ...1395-7ed4275b69b36875b8deb7c4de847800.yaml |  4 +-
 ...1396-074326e7470f284764101e6fc9e53f79.yaml |  4 +-
 ...1398-47882f7a2bc08ac13c7e58b547c2a0c7.yaml |  4 +-
 ...1407-9ff0528f3bdcbc7bc2a574ec76b7073c.yaml |  4 +-
 ...1408-fa15faecec3c0097e1e35ec5d5e47da4.yaml |  4 +-
 ...1409-0f884ba817e82a09c51444fd8fb9e0c3.yaml |  4 +-
 ...1421-e286b3a8935bca8a0217c3e2e8d64e5c.yaml |  4 +-
 ...1422-46244fdcad0724fd77e42ba287d7514a.yaml |  4 +-
 ...1424-e8eee7b13f0d955b5b5dd5ba7908051b.yaml |  4 +-
 ...1456-7a1aa0c88530968ed1b5b646f3180462.yaml |  4 +-
 ...1469-6a2b5867f4b2cb8b9df53b8ba2dbfdc3.yaml |  4 +-
 ...1472-eab47af35bd14f792c9512e4731e4999.yaml |  4 +-
 ...1506-2a429e3083a4c7d371b1df483f6771d1.yaml |  4 +-
 ...1512-92ee91cf72a43dfa2c90a26dd4e9aac0.yaml |  4 +-
 ...1538-acd2f33fed5535f04cc63cbd673f8668.yaml |  4 +-
 ...1540-4f73853f1fed7601f5de786bcd020099.yaml |  4 +-
 ...1541-93c0b4806bb82af1f99b4d0c878535e6.yaml |  4 +-
 ...1542-fd9a8180717056f9f1f968f01ca33f0b.yaml |  4 +-
 ...1549-3b9b22b591de089c72309692f7ac4907.yaml |  4 +-
 ...1556-f5c3047a64378a59b5a46efb892afcac.yaml |  4 +-
 ...1557-19a7dd3894c625a145c40adc74330444.yaml |  4 +-
 ...1558-c8c8f457de7ea311efa222b66a51a434.yaml |  4 +-
 ...1559-e96b7ac8a29e8b231c1f7265734f9442.yaml |  4 +-
 ...1560-f5cc690dc04197cd95b8aba840195297.yaml |  4 +-
 ...1562-de18c34baf9718449b89d0d38543217b.yaml |  4 +-
 ...1564-fd28c2a8a8ece88ce28c75cf84e47383.yaml |  4 +-
 ...1566-88df46a6830158391aaf7619c151706b.yaml |  4 +-
 ...1568-68a19dcbafa893fee0f134b5b9682816.yaml |  4 +-
 ...1569-fad10c5df0d12e13e57389567502ed4b.yaml |  4 +-
 ...1570-83711b9f4415eeef12b96843272e6f77.yaml |  4 +-
 ...1573-fcada36c51980400d6b77ffead4b0c1b.yaml |  4 +-
 ...1576-12a42b489a4f41309029bce2b7df59b4.yaml |  4 +-
 ...1577-5741da0b171618ff87448def21553be2.yaml |  4 +-
 ...1578-ca85fcbf44c8f529ecdfa95b175d7b9b.yaml |  4 +-
 ...1582-39407bfbd26cec40aa785db15ec93f9b.yaml |  4 +-
 ...1589-4490549b2215d97aa7dcad6a865e6752.yaml |  4 +-
 ...1593-fcfe12c9ab0b540a8002a6b623d72f95.yaml |  4 +-
 ...1594-7ac6b90fc34536c09d99f508147f9181.yaml |  4 +-
 ...1603-04389ec3013ce0dc7cd91731fa525c48.yaml |  4 +-
 ...1605-f8b327a38c9f793227404396765e7078.yaml |  4 +-
 ...1608-6b8f7b7b7105323e383724ec1fbf543e.yaml |  4 +-
 ...1610-0f1cce8b3f6cc44f06846edd384bb3d3.yaml |  4 +-
 ...1611-8f6754331835c0e520f1fdc12e539318.yaml |  4 +-
 ...1612-65f94ea0710a1cc5f2df8da6f9883ee7.yaml |  4 +-
 ...1618-55f7bc7dbafb42aecc9f8ebab372d604.yaml |  4 +-
 ...1624-b7b0638727516de291f017e208e485cf.yaml |  4 +-
 ...1625-0e6d3f2d08066d7cff85e87321056d7c.yaml |  4 +-
 ...1626-c6abae1f3b36418b8b7ce31e542cc230.yaml |  4 +-
 ...1627-a1936a4a25a96962401af7be405882a8.yaml |  4 +-
 ...1628-5acab9ad0ccb5e44fc932f6fa0ba244a.yaml |  4 +-
 ...1643-c350cdbcabbf0c6c2cbe275725809f83.yaml |  4 +-
 ...1644-2ea25ed58e645deebc4c9ee26219463e.yaml |  4 +-
 ...1645-e8c6c87a94f00d5eab313cc9a401818b.yaml |  4 +-
 ...1646-b3837018bee9dc0f25b1197bd329be87.yaml |  4 +-
 ...1647-02ff6e8f4c50ebc35c46ebd6a0282258.yaml |  4 +-
 ...1653-db671b595a6de4259366a24bfd717a43.yaml |  4 +-
 ...1654-f3750481cefda659186282ffd61f21aa.yaml | 18 +++---
 ...1656-0fb4e97ee7da5e51631d72f53857a9d4.yaml | 16 ++---
 ...1657-25e01eb0a9bc2abfaf531fab30be9b46.yaml | 14 ++---
 ...1658-2fbd93f620678f9df8d36f97616c7078.yaml |  4 +-
 ...1672-151d3e08592a36d4136c6e83ca9b4d33.yaml |  4 +-
 ...1683-96de88df50c13b090e6e70188ce8bb28.yaml |  4 +-
 ...1684-bee7ee097d9c2854b2e0df3652ff1065.yaml |  4 +-
 ...1685-22c242de8477403c11aa170395108645.yaml |  4 +-
 ...1686-8eccbee0dd1899147fba577f29a00bda.yaml |  4 +-
 ...1687-810ed483cc25df9feef2344d7fe0063d.yaml |  4 +-
 ...1688-c6243b9dee6460614115df8351692603.yaml |  4 +-
 ...1689-8247dd9e5bbd39d391956bd6159727f9.yaml |  4 +-
 ...1690-8825e85de759f44127189c61a2caf509.yaml |  4 +-
 ...1691-3eb72b31a7a3f042d44188428aa0f9df.yaml |  4 +-
 ...1694-663fd6040ba08a6cf95a5d56aa372c7d.yaml |  4 +-
 ...1695-1bd642d2e3ff9973b88e9924e704fbb7.yaml |  4 +-
 ...1709-36c982ede7470d2e3e88a740557c4530.yaml |  4 +-
 ...1710-49498beeab40d799abe54105f37dda52.yaml |  4 +-
 ...1712-38a3278b44badbc6201e3e06953e0d59.yaml |  4 +-
 ...1717-e1e48d10961945b3a2fc571529bab9c7.yaml |  4 +-
 ...1749-de57c9c6347745d9dac6d12ee00f13b8.yaml |  4 +-
 ...1750-309733b2329b1a831e5f4ba1b62b19a8.yaml |  4 +-
 ...1755-5b6d277a829fbd531e952b54c0a495ad.yaml |  4 +-
 ...1757-4b545f99e277a5b533a4828fddfdf3e6.yaml |  4 +-
 ...1758-d4ee747485499e50fea0ef44831d0b48.yaml |  4 +-
 ...1759-1b62450f818e2ba095ee733915545ce8.yaml |  4 +-
 ...1760-eeca82a89fbac0124d669de2f8301089.yaml |  4 +-
 ...1761-cf9cb4b184f662090fa6c012e4b5ad99.yaml |  4 +-
 ...1763-e67b32cb7aae592e15f89a10718ce09e.yaml |  4 +-
 ...1764-13481b1ed77fd504fee89b917516fad5.yaml |  4 +-
 ...1765-c27aea985311d8d430509d848af8ed00.yaml |  4 +-
 ...1772-4ebbec62da7dd4744569d093e5a7ca36.yaml |  4 +-
 ...1776-889f2c95b741c5e0897bda79fd4658fe.yaml |  4 +-
 ...1777-e71ba64e3ce13e58bab0fc3eb80546e8.yaml |  4 +-
 ...1779-558370c6db6c7d4d1eb32adfed3a020b.yaml |  4 +-
 ...1780-53e03067c5c0bd571562823dadf2dc1b.yaml |  4 +-
 ...1781-03debccd2847f0f3861af391ac774ecf.yaml |  4 +-
 ...1787-85bcd61b96548b75a4bebce0af8ade18.yaml |  4 +-
 ...1788-b3c283ecfc25af9f10f9c937f229f24c.yaml |  4 +-
 ...1790-2d0401b900eef6498675d312d5732e7a.yaml |  4 +-
 ...1791-a27299fafee4147eee6143e446c0d4ac.yaml |  4 +-
 ...1792-acd84f5e4cde82a402d1c05f1e4adf06.yaml |  4 +-
 ...1793-dfb92d2f2c245aee84f9cb4e282df3aa.yaml |  4 +-
 ...1800-c1088d4a7272923461f43cf76023c143.yaml |  4 +-
 ...1814-04d32a3642a2c96352c83010608db77d.yaml |  4 +-
 ...1818-d6476ba9d1f9af74d842dc5c3e1d7008.yaml |  4 +-
 ...1826-6efe820f12fb9f3137c56cee070730c7.yaml |  4 +-
 ...1827-1f8d84e6699c9f64cbbc8919147cefef.yaml |  4 +-
 ...1828-4eea95bcbc22121deeeb133b73467001.yaml |  4 +-
 ...1829-bad18eab263a0541b49dc3dae830d379.yaml |  4 +-
 ...1830-179da13f00bd0c1a7dc169b4d93d8c60.yaml |  4 +-
 ...1831-3910ec4d645c60375887481edfe719b7.yaml |  4 +-
 ...1842-fc3bbad32864e7b45f7b03bfa40e7ab6.yaml |  4 +-
 ...1844-d34327d1e992d219d0a1381df1c090fa.yaml |  4 +-
 ...1846-daddd512be0305b66a7c59d444cececf.yaml |  4 +-
 ...1847-f7a5929579e2eeff4b02eaa7e1b6a770.yaml |  4 +-
 ...1885-b77d972bfa12e86d544c2057da2d9c61.yaml |  4 +-
 ...1889-981beced4302bc1ed44f59f5bbd895e2.yaml |  4 +-
 ...1894-b5996763218808f5db38a6126c890df9.yaml |  4 +-
 ...1895-49a29c208dcdf8c767e242ee9b07c664.yaml |  4 +-
 ...1896-52197fd3d372d9ca3330b7fb6abe6c1e.yaml |  4 +-
 ...1900-d08d0840632760096f6b8acd75a58e66.yaml |  4 +-
 ...1912-681d5f2f15a561b04bf2e029cc02c5b4.yaml |  4 +-
 ...1913-544ee7aee750c4df26fe7f3c5d3e9353.yaml |  4 +-
 ...1914-800e55dd995f58ca489269cf15bde8aa.yaml |  4 +-
 ...1915-fd55f9f1199bb3c6e4b47c897716c4d9.yaml |  4 +-
 ...1918-4c6e2168599e221f42c1bf26fb04cbf7.yaml |  4 +-
 ...1933-ac850d5730363d3bbd84ae6609135f15.yaml |  4 +-
 ...1939-f31b01af0e36d70ece981a2da79389f8.yaml |  4 +-
 ...1945-699697d906ce98da7e0a75001998e24b.yaml |  4 +-
 ...1952-1ab98d23b8f5715db32cf93509d555f7.yaml |  4 +-
 ...1956-7c4f098f276bb438e8b06c67cf08748e.yaml |  4 +-
 ...1957-1af6a7823a6a8a142bc89c08631d8f4b.yaml |  4 +-
 ...1960-51cc7451392ec09a8c7688f9ed5f409c.yaml |  4 +-
 ...1961-7adc7eb8c094a09a98664c4579c84eb8.yaml |  4 +-
 ...1964-73a4ba5237a6c747115a7db7e60454a1.yaml |  4 +-
 ...1967-cb362ac834e4e127112e662b8e597a11.yaml |  4 +-
 ...1969-1fd788f4344858c60db9f8c8da73d2ed.yaml |  4 +-
 ...1971-5b2ed76d9224d230598bdf2cc0cffcbc.yaml |  4 +-
 ...1990-2628ec35fd0d634f503face1acac9f3d.yaml |  4 +-
 ...1994-056a681add2c2e01374393f870550b92.yaml |  4 +-
 ...1995-7ed5021e959e36c29209eaf63566fdb5.yaml |  4 +-
 ...2001-34871fd2757b31ede448958147d678fa.yaml |  4 +-
 ...2039-86ee984a5b2cc7b4ab97dc8a4e8b06c6.yaml |  4 +-
 ...2040-22707a3d55e78cedf2f7dfb41d94bfbd.yaml |  4 +-
 ...2041-475d1ffae41ddc61dae5fe3b295751d5.yaml |  4 +-
 ...2046-1187996edf4177af89ef3ea40b60db53.yaml |  4 +-
 ...2050-2cf1a19662092e1fd3d184af328e1b57.yaml |  4 +-
 ...2071-6c06bc58e8c431cd39158598c7d3df3c.yaml |  4 +-
 ...2072-27463f760012793e1526cf6e69e5e624.yaml |  4 +-
 ...2080-a7ff75affe3888f63fffbde3a81a35a3.yaml |  4 +-
 ...2083-d5d7eb75824b8adafca40c78e85d9d96.yaml |  4 +-
 ...2089-b332e32a470aff42684e131c72a2c94a.yaml |  4 +-
 ...2091-182ea68949b1ee6faae255d4de23157d.yaml |  4 +-
 ...2093-783792bc349c3286b30c741d65b88b21.yaml |  4 +-
 ...2099-c27b32abd810b7ccfab57cf684c27b3d.yaml |  4 +-
 ...2100-328db48b412bf150c51734d4e256b1dc.yaml |  4 +-
 ...2101-31bb9a1a6021af8a029348a6ecc96852.yaml |  4 +-
 ...2114-7bb51482172811e3c51edf370ad2cde3.yaml |  4 +-
 ...2118-fb3335fd014953747fe67771d5c2fe67.yaml |  4 +-
 ...2123-1045ae974bdd8bcaee8ec5d4a243aff7.yaml |  4 +-
 ...2133-9d80c6cd84258efd69f77a8f06dc55b8.yaml |  4 +-
 ...2144-fdec704444e3056cbaed479252db31c8.yaml |  4 +-
 ...2148-ae77789cf095ebe5a3c15cc04f8354ae.yaml |  4 +-
 ...2149-af6a5ec90875038596d2be175f9973f4.yaml |  4 +-
 ...2151-1a94885b829a17aaf2fa1ae77773a27a.yaml |  4 +-
 ...2152-79f880a7e6c6b5f19edddfee4238c580.yaml |  4 +-
 ...1661-96bf3f16564c1ae9e8c567dffc5576d2.yaml |  4 +-
 ...1662-b2f452da67fdef518c0ca5b8fbefe3fc.yaml |  4 +-
 ...1664-94ffba477783a49fe859db6d419a4e64.yaml |  4 +-
 ...2169-4168c6f35e53b3bb6cbc2cd944aa14e6.yaml |  4 +-
 ...2170-4a64b780bf144c05e7e8310b30ac549a.yaml |  4 +-
 ...2172-9ed1e670781ff936317a3cc7c1d9dd47.yaml |  4 +-
 ...2184-cbb68fdfa6e0c8d1d1dcc60eddde34f0.yaml |  4 +-
 ...2186-ae1d09ace0c5a27260a5b15fa0f15e71.yaml |  4 +-
 ...2194-560fba5c90dc74d38384277269b51dae.yaml |  4 +-
 ...2215-ed46e202f3a956c555880fedcaa0b829.yaml |  4 +-
 ...2219-610d128e626440e80c8a487da8ac96e5.yaml |  4 +-
 ...2222-8d4bf28803761cae038f398e0f1dd848.yaml |  4 +-
 ...2233-b587c5b6b45c195ebb12bd5f55ed780d.yaml |  4 +-
 ...2239-e78bafbef882a9c48928d514c06bbb3b.yaml |  4 +-
 ...2241-3f695144fde56e5e68c9d7f131f8380c.yaml |  4 +-
 ...2245-e218b5d377826292a46ae91919228725.yaml |  4 +-
 ...2256-a42d8ff7a7669fd14fcfc52a34b52ce7.yaml |  4 +-
 ...2261-13d6d07ad8433fc4c13ab399af9c2000.yaml |  4 +-
 ...2267-b001a479011d319ceac5f48bfd2e6d39.yaml |  4 +-
 ...2268-dcb0952ba59e4cf6e5088fb4c3d3565e.yaml |  4 +-
 ...2269-b4286607d776cde455809a59a67464fa.yaml |  4 +-
 ...2271-570d7dad3e17c051e824f46c008efb18.yaml |  4 +-
 ...2271-8927f27721e1d8b23d2e73cb09a3c9b9.yaml |  4 +-
 ...2275-d194b7c99710bb89f1ee39dafcb5d71b.yaml |  4 +-
 ...2278-7420b38eef61601a8533cd300d3acef6.yaml |  4 +-
 ...2299-6b99b25706bc10b6938889b6d61c2c79.yaml |  4 +-
 ...2305-356d13b6974d8f1c305ed39531dbff42.yaml |  4 +-
 ...2311-3a24a068d1ed9da16159938c4295f7f7.yaml |  4 +-
 ...3179-ae016ddc716d42a85477445c62a5e437.yaml |  4 +-
 ...3183-a5138dbd3ab5f7be9499c9facaa915f6.yaml | 12 ++--
 ...2325-d4a44b7e5865ae371b4706ab716f5f69.yaml |  4 +-
 ...2328-13464676c956740d86ef6b835803b913.yaml |  4 +-
 ...2340-a9e063bb904bfdeb89be1c3d634b4901.yaml |  4 +-
 ...2350-453fdd29f3b3ed3425776068af53e39d.yaml |  4 +-
 ...2351-5dcfc5ea6f05d00ca9432dc6e06a959a.yaml |  4 +-
 ...2352-afbbe261546ed611413e53ceb7e989bf.yaml |  4 +-
 ...2354-ee247de60df1bfe0f1ecd93cf598296f.yaml |  4 +-
 ...2355-2508566224c9697f712ccd556a0ee74e.yaml |  4 +-
 ...2356-2203cb02480ab13ddbd56959a93d1555.yaml |  4 +-
 ...2361-a04496fc12c107641a2dfaedc56869ca.yaml |  4 +-
 ...2370-53237b2a666711b5ed5327cacfdd45f6.yaml |  4 +-
 ...2371-4d3dbfcfc5bd83e1f32cd6ab14a72545.yaml |  4 +-
 ...2372-c5709fba92c5e77b429d3d6d877dbdaa.yaml |  4 +-
 ...2374-2a22d89645a206ec3980a097270f17eb.yaml |  4 +-
 ...2375-bbd0071d59903fe2f31999b2357a095e.yaml |  4 +-
 ...2377-0ac5cc81243c959ab88705244a2988b3.yaml |  4 +-
 ...2379-429ff280452993df8646f6def7c9d328.yaml |  4 +-
 ...2381-46393c1e973f37162a617bc152661e74.yaml |  4 +-
 ...2382-f700ae3c5b4e92d34fddc6f86f957267.yaml |  4 +-
 ...2384-eadc3f836bcbd93a1ac6bfbe3a4ccd12.yaml |  4 +-
 ...2387-bd2f40761a0dbf1803fa7290e415ab2f.yaml |  4 +-
 ...2388-83f22a47dbd6befc1b5b2de701a66592.yaml |  4 +-
 ...2389-17e239a9a613785a57f9dff8c47dabbc.yaml |  4 +-
 ...2391-0d2429a44660b0fd9009cfc551d51d85.yaml |  4 +-
 ...3911-ea71ac2a34dc7248e02bdf91d9e86e30.yaml |  4 +-
 ...2392-3e06725c467ed0bbc52c31de7579bce8.yaml |  4 +-
 ...2395-61c13420e3dc8f41c004527b0a6dcd7f.yaml |  4 +-
 ...3975-6ca6c33ebd7ae06f9203f7a1178920a1.yaml | 12 ++--
 ...3976-87857021bf0d6b4f9e9f9a7926fd73da.yaml |  4 +-
 ...3979-9cac9db84fd0e9e4554d820862a40ccc.yaml |  4 +-
 ...2398-287b97d3800f658fb6c7787e238d09c5.yaml |  4 +-
 ...3980-2f087270cc2f0766f3522e85859f5682.yaml |  4 +-
 ...3987-a9651b358db184ef2f9f80cf3ecfa474.yaml | 12 ++--
 ...3988-832185af76432ae76d6be1580f0d17e2.yaml | 10 ++--
 ...2405-c232fc614c70c66e672cbac2a32ca9cd.yaml |  4 +-
 ...2407-8d1c748e2defc5d91fbb1dd267386d44.yaml |  4 +-
 ...2409-0c31a10cc87b13f4ea6563dcb29fd71f.yaml |  4 +-
 ...2410-bb563e95b48b650f94219f11430dd39c.yaml |  4 +-
 ...2411-5181665927ed9da562e36af3ea3ec2fb.yaml |  4 +-
 ...2412-94bc27f855a1b3e71ba6782c8361e04d.yaml |  4 +-
 ...2413-125fc22aa1fac173aaf79b805fc0dafc.yaml |  4 +-
 ...2423-6ebbfbf7f4ff52ef90502e505dd10d64.yaml |  4 +-
 ...2424-d6efc23acaa92418f6d5991825096389.yaml |  4 +-
 ...2425-7fd62997a96edc06785da25d5644aff0.yaml |  4 +-
 ...2426-d35fe59b43f4760392f4ec7a5eaa4ede.yaml |  4 +-
 ...2430-9c4cf933125615aec48f1e67f49080b2.yaml |  4 +-
 ...2431-6811835f1b3b62a667088ec060a91ec5.yaml |  4 +-
 ...2432-cbb1fea9bfad5a9264ec67a1ffb3cfd0.yaml |  4 +-
 ...2433-1e202ba9a2d031ffbc5309780a3c635a.yaml |  4 +-
 ...2434-2d86b7b96a584b0abcc7bac3e11b4cae.yaml |  4 +-
 ...2435-acdadfe8e1df89f0c7d26ae29b23fa05.yaml |  4 +-
 ...2436-31395bccdb490b805531cabc85d6de58.yaml |  4 +-
 ...2438-4787aca2f4649ac09a5532468944b982.yaml |  4 +-
 ...2441-ed507e8efb229061c654187b47c114b4.yaml |  4 +-
 ...2442-21742813963970be1b852e62999d105e.yaml |  4 +-
 ...2443-76c5ff841d2dc96506f10e16c9ef0103.yaml |  4 +-
 ...2444-2124b535b772d79cc24446b949f6de44.yaml |  4 +-
 ...2445-3cc251560d3b16f1b023b3769603bce5.yaml |  4 +-
 ...2448-69e740cf6c8c1abbdc55bae92d3a061a.yaml |  4 +-
 ...2449-0292116775ef708600542a7e8f86fd65.yaml |  4 +-
 ...4664-83059d16d11e2fca8e78916d3d8e8973.yaml |  4 +-
 ...2473-669b73ac27d820ad91a32920ca859ce3.yaml |  4 +-
 ...2515-292e0cc17029954da0392c71fc757409.yaml |  4 +-
 ...2516-8a58bcfdfe2c7ef0990c9f0e6222a7d9.yaml |  4 +-
 ...2517-a4b84494f2ca0459161168fd007453cd.yaml |  4 +-
 ...2518-93d3f42fb72b82260168d21150301cb3.yaml |  4 +-
 ...2532-fafa2caced18a7c0c4666d573df5d9d1.yaml |  4 +-
 ...2540-7c00a992b189dd605d955a517ab5ff4b.yaml |  4 +-
 ...2541-cac3c9ade2b34b60466d535155587563.yaml |  4 +-
 ...2542-474821f1bfc79c7314fe0d7eec328e34.yaml |  4 +-
 ...2554-47f4114397364fc89b3a25b4215574b4.yaml |  4 +-
 ...2555-2209fd38d31d7045610e08e5a8e2302b.yaml |  4 +-
 ...2556-f9bc7cdb6ab2ec4c7db8c04c4f500136.yaml |  4 +-
 ...2559-da98de7f074ffd80f7cb587c569cdd12.yaml |  4 +-
 ...5602-6e39ce305d8fc46246730df95c49bc5a.yaml |  4 +-
 ...5603-e066c5d256834fe1f65bdb778f74e19e.yaml |  4 +-
 ...5604-c09dba9091d0ee592d0a0d23f17cab8b.yaml |  4 +-
 ...5605-fde55a7ed22dac34f683215367ee2443.yaml |  4 +-
 ...5606-46ca57fda9611a4d8d3fe3eb2317d1ac.yaml |  4 +-
 ...5607-21b5e2cc1773e8a375d4b06283f1f75c.yaml |  4 +-
 ...5609-7da4dea81c55210aa215efa50cd5e1a7.yaml |  4 +-
 ...5610-1bbd8f2ed08db0b77690cb0df76fdffe.yaml |  4 +-
 ...5611-0e3b2109a8f3c98e6d7b288936c49e4a.yaml |  4 +-
 ...5612-0c7da527d5c5020bdc519d1c19025768.yaml |  4 +-
 ...5613-d173f6ac48d7132b733f53a51a70ac65.yaml |  4 +-
 ...5618-983af3d35ec99acfdee458670c0dbf30.yaml |  4 +-
 ...2563-14663e06b0c267ee32922b2e7b917924.yaml |  4 +-
 ...5649-5e2a21e34446161fac44e66bf2f9139e.yaml |  4 +-
 ...2567-7cb4dee16a7431d0aa1859c958e33f53.yaml |  4 +-
 ...2574-7f939cb3e37ce54ad131378445cfa889.yaml |  4 +-
 ...2575-daeaf69e03551f5a39540769cb2822ca.yaml |  4 +-
 ...5810-4b35d32175d8c6a60caf01bbc915cbc9.yaml |  4 +-
 ...5811-f437ea7631a9816d78b50dbf1934085a.yaml |  4 +-
 ...5812-a687f130dc4fb0dc3fa1596936a6c928.yaml |  4 +-
 ...5858-c3dca1d1ef3a946c9ddf3e33caa00021.yaml | 12 ++--
 ...5858-f9078038dec7d199edb0413f76661495.yaml | 12 ++--
 ...5860-bc55ea7b509124d1a77831d4400c5030.yaml | 14 ++---
 ...5912-73081b1f6f4e13a9e6e969eba5e746fc.yaml | 12 ++--
 ...2593-3d5b724b4980f24cb96bdfad9d38ad3d.yaml |  4 +-
 ...5952-e3ab5ea87cccc6d9dbd7e7c3ec127075.yaml |  4 +-
 ...2628-1a5f08a913b9e66bca4a1d7c16d1cb52.yaml |  4 +-
 ...2629-4f0560b0cde9af506953920ade591947.yaml |  4 +-
 ...2635-4cdab5a4c9d1ef359c9ea3e65c6cdb07.yaml |  4 +-
 ...6366-a74fb6f00e03de1d4dc066ebae34f69d.yaml |  4 +-
 ...6375-414da17bdb4a780711966608cd7b68aa.yaml |  4 +-
 ...2654-94f85d394521a13053659cf48cf14634.yaml | 12 ++--
 ...2657-fb02750d498a9fe091fa40a841ae2cde.yaml |  4 +-
 ...2658-b804d82967d372f1edcb1ab799e70f37.yaml |  4 +-
 ...2695-3deace4984f0c809f54b31e2e6aaea40.yaml |  4 +-
 ...2696-211f53d8b1b52b0d7d117c8d6be4a364.yaml |  4 +-
 ...2709-402db9fc1f91d6a610e9186418e3f339.yaml |  4 +-
 ...2710-b5b3c8eb6791ecd6029bb9d46ed89ac0.yaml |  4 +-
 ...2711-8f60c3b6446189e3058b9237676dd33f.yaml |  4 +-
 ...2716-a11c0611909385052cd0aaeced3bbff4.yaml |  4 +-
 ...2717-dbd794ea76909c06feaaa4b067d9c221.yaml |  4 +-
 ...2718-14278d198b70b2e64cd570f29581f83a.yaml |  4 +-
 ...7231-2a14d3fb0a465f1cdb9f64f93f69aedd.yaml |  4 +-
 ...7235-50f3815a7306e514f6cb6f2669b958ed.yaml |  4 +-
 ...2737-3d60381961999c332401ff6c0d1b2fcd.yaml |  4 +-
 ...2762-70956e63e550605d8f25a09facb07794.yaml |  4 +-
 ...7628-11c10e4dc5f28f5f7b4e3c822488409f.yaml |  4 +-
 ...2763-9c5f430746b739fbae6902b53c806e7a.yaml |  4 +-
 ...2775-b95feef4ddcb37164d4f7af73136c4f2.yaml |  4 +-
 ...7844-261f8d0d96a6973bf1fe24c56cd5b3ec.yaml |  4 +-
 ...7845-c591f3e0b0e6607bb02f8ca1122eb1cd.yaml |  4 +-
 ...7848-afec02ed4fb861008e492afadabc92bd.yaml |  4 +-
 ...7852-d8468ce3a3b28bab55fbd9d9d45afc3e.yaml |  4 +-
 ...7853-53bd8ee68daf44e8898790dff3d4d891.yaml |  4 +-
 ...7854-a2c4b877b0651ff620e8169263705757.yaml |  4 +-
 ...7855-e08a52f680b625be47e9beebec7b3154.yaml |  4 +-
 ...7856-b5b013b649a98c215832bbde298896e0.yaml |  4 +-
 ...7859-c95f7d5b525da0435460cefad8d11b57.yaml |  4 +-
 ...2799-9029119eb68fd27e882d54dbd4a742cd.yaml |  4 +-
 ...2823-ed137f483ea3e94091bee5b4d772d058.yaml |  4 +-
 ...2863-c09b3bbf7fa2f9da4c4d07cfecb5595a.yaml |  4 +-
 ...2864-14a6574b6d9fc13262269a727d440dc3.yaml |  4 +-
 ...8700-37be249d4dba046bd5576085cbb2729e.yaml |  4 +-
 ...2887-47415a21e09795154df1ff35281901c5.yaml |  4 +-
 ...2903-a2ca90e41d2e5160436c08c965469eba.yaml |  4 +-
 ...2926-30d61c53466fa58934f9b72c5790a166.yaml |  4 +-
 ...2934-e9ae67bcdb286ec58db8997d8a78829a.yaml |  4 +-
 ...2935-d213e2e9594308f580bdffdb06a3d065.yaml |  4 +-
 ...2936-eef599f42089077d3f1367aba810ab3a.yaml |  4 +-
 ...2937-f12c6444f5c306cf6d2f74b5d9b1f8a0.yaml |  4 +-
 ...2940-193e887d8efbd63f7ee64b85c4a576a5.yaml |  4 +-
 ...9406-092e64b42de134fb4233d6bec85b9415.yaml |  4 +-
 ...9408-4039c397e350c84a436243d9a4f3eab1.yaml |  4 +-
 ...2941-5b8cbfd6e3ba79c4725fe838c412c514.yaml |  4 +-
 ...9410-43b828ba6ca06e13c96e8d6957a25d26.yaml |  4 +-
 ...9413-3ba7758def7bb999accbbcf70be2e182.yaml |  4 +-
 ...9414-218762f76a47ddcb2051ebcd055069c7.yaml |  4 +-
 ...9418-d2a99368cddd63664c69600c9b7c92a3.yaml |  4 +-
 ...9419-af2ae774d22378ee0a69d1768e15e475.yaml |  4 +-
 ...2942-e4fb6d249b711115cf1c72af2ed8bb4d.yaml |  4 +-
 ...9420-8078b4f9949ef9f89bc0fb06a9571b7f.yaml |  4 +-
 ...9422-2e3506811e52ec17c7634c4366161915.yaml |  4 +-
 ...9425-d9b04ea1292b41be830780f6e6d01550.yaml |  4 +-
 ...9428-596c1534922e10c637aff8c9e7564a21.yaml |  4 +-
 ...9429-989eb9c3cbf3a8a65b24266fa6fa3458.yaml |  4 +-
 ...2943-581efb108579060acb9ef33538e40085.yaml |  4 +-
 ...9430-63d2a51e3e8824195c3d41033688aedc.yaml |  4 +-
 ...9431-47c8baaa723b461feba125f5d75cdf5b.yaml |  4 +-
 ...9432-0c5b7f509db51c1a7230bd37febd24a9.yaml |  4 +-
 ...9433-7af5a8d75570b9733bf6f036d3311f98.yaml |  4 +-
 ...9436-429616022004f10edfb6da5df655ced8.yaml |  4 +-
 ...9437-9ea1bb5d162409cd77ba612423f2f166.yaml |  4 +-
 ...9438-6df2df1f538663a4b281d00b01155047.yaml |  4 +-
 ...9439-8d331ddadf2ec92c698925fb701e1625.yaml |  4 +-
 ...2944-0c91dc81841b4946dcdd188b1f4f59d9.yaml |  4 +-
 ...9440-bffa3ebfd0f8f4eee0788789721093cc.yaml |  4 +-
 ...9442-28a0fb0e5795f11d3d7f2a955c95e65c.yaml |  4 +-
 ...9443-164126146e9a645f77469a8e4602aa76.yaml |  4 +-
 ...9445-66e44ffd73c4157b210becf5e5234e8e.yaml |  4 +-
 ...9446-d41f2371740382f5fe12f9b2729e260d.yaml |  4 +-
 ...9447-4e07fbfa9287b3d698591e747048b894.yaml |  4 +-
 ...9448-013a3c9fa700970f10b7bbed788f507b.yaml |  4 +-
 ...9449-6dff8ad57b57f849baa2c45d3ecc2834.yaml |  4 +-
 ...9450-de7a5d3d23cd7a255b8c43340d197b1b.yaml |  4 +-
 ...9451-7625842be5b20a912d85c30fab35389d.yaml |  4 +-
 ...9454-27610b5571a30e556b64bf5b8d096808.yaml |  4 +-
 ...9489-783f372f4644686742e160ed2c3ab92d.yaml |  4 +-
 ...9495-e90caa361b62564e08e191aa073473cd.yaml |  4 +-
 ...2958-8e5d590ef949dabd3bb7265d663cdfbb.yaml |  4 +-
 ...2981-2ee20ef00c8dffbd5ed7b6a797548996.yaml |  4 +-
 ...2983-dff51ecf68a2a27471cd48bde63ce4a2.yaml |  4 +-
 ...3021-46b167768e3cac0676fa19e5201075cc.yaml |  4 +-
 ...3024-600b942b044271afb765e6ae63286c52.yaml |  4 +-
 ...3025-1ad3a36baf4c9ef732b67d8d092f21e4.yaml |  4 +-
 ...0337-853440dc6a0bac372d49c0a52406c979.yaml |  4 +-
 ...3036-c3ee6aa7cf2263de71bab964716588bf.yaml |  4 +-
 ...0533-6a51878e913acce27812b845eba68b33.yaml |  4 +-
 ...0536-dcbc0003781c6decb5bf6d916532822b.yaml |  4 +-
 ...0544-b58caf3062d49a3b707b9a414cc1dfaa.yaml |  4 +-
 ...3069-4626cb693582f4ef4c3fd754ef5fda3a.yaml |  4 +-
 ...3070-213c6c67e9f7d7367e5fa5ff895afa34.yaml |  4 +-
 ...3074-53fef4883b3ae390bd3ce74f9e9ddf6a.yaml |  4 +-
 ...3076-5fc74cc66f5330c5bc45fdae1ec9ced1.yaml |  4 +-
 ...3082-14052cb4248c1d727995c47dc9e235be.yaml |  4 +-
 ...3096-f6fedef4900f687723635382ff2bb4d5.yaml |  4 +-
 ...3097-fdd4bded1dfa98b42ec68b8794019fbd.yaml |  4 +-
 ...3098-02f07014b96a3edb2c7f1b16bbe0bd90.yaml |  4 +-
 ...0998-61ef4484d482c37a0de9af18fac5edf6.yaml |  4 +-
 ...3124-cf17a017c60d948b78f758c0612d102b.yaml |  4 +-
 ...3125-9d01a3c1450589963802e2c82f79a1da.yaml |  4 +-
 ...3126-912300bb987f9b62927bac6bd20872ca.yaml |  4 +-
 ...3128-11d8842f155c393e0c8cf7dd8d4ce45b.yaml |  4 +-
 ...3131-967dff727dbc42b5a7eb2d15c9e083d4.yaml |  4 +-
 ...3132-733ee63acd3da1891d75d0f23730ff92.yaml |  4 +-
 ...3135-40b96ba14c189bc5294c696f541a5a2a.yaml |  4 +-
 ...3136-d503115e692639756bb3a2ffdde34c03.yaml |  4 +-
 ...3137-aa1aed011557ee5dc2bfa06501123a9e.yaml |  4 +-
 ...3139-c0079d75a97eeffbdeb6d0d0f4759f91.yaml |  4 +-
 ...3141-17f9d007266f9a0cab0ee55eb44edcc9.yaml |  4 +-
 ...3142-9eff154e275679aff481294211504cad.yaml |  4 +-
 ...3144-aaccf9d8425eddd13e4ac4f8c70f1e50.yaml |  4 +-
 ...1475-eee72fcaef7d6d7710f8503cc05b2365.yaml |  4 +-
 ...3149-ece3289501587998363581768a050e75.yaml |  4 +-
 ...3150-31292a415c3bd76b8562016d2514c1b7.yaml |  4 +-
 ...3151-990bebfd04ffccf7784d9ed7851bc9ac.yaml |  4 +-
 ...3154-ed2236ee570598966dd60e4e75f31def.yaml | 14 ++---
 ...3194-5ad44d8edf07e29935fd9f2a379a8bdf.yaml |  4 +-
 ...3194-98e27e4b860cdb80f775d8dcf8849471.yaml |  4 +-
 ...3208-f1ab2ba9aab33ab61ed9ab0dbb6a8c74.yaml |  4 +-
 ...3220-c25a227d2616b1e266b27ae90761f594.yaml |  4 +-
 ...2280-3f7130e05b74b1e5f65b8d9e77a1373e.yaml |  4 +-
 ...3237-13a0eed39cd76523725bdb9ac6f8ad2f.yaml |  4 +-
 ...3240-de62fa1091876ce7733352db2cec2f12.yaml |  4 +-
 ...3243-e5b4ec8d38e3122f17a3232664bd3572.yaml |  4 +-
 ...3244-dc21ebc00161a8071a291b6ff6e22872.yaml |  4 +-
 ...3246-5b5598cebbb5b08b875d9ea03d9a72bc.yaml |  4 +-
 ...3247-cefe6e830adb746b2199d03b92e9b0d3.yaml |  4 +-
 ...3249-4e6e2faa30d1cb67b640ff4b64c7c434.yaml |  4 +-
 ...2587-62e712c4c51e2629997a1a286dd08453.yaml |  4 +-
 ...2776-0ce7e54d96c7e37996c0287c3e487a8b.yaml |  4 +-
 ...2970-eeb643b56c37992255be8d889b1e9ae2.yaml |  4 +-
 ...3300-e23a8ff0f941885439bb6eaa6879d8d2.yaml |  4 +-
 ...3302-bf15f8f75324665dbab0a976954762a4.yaml |  4 +-
 ...3191-2ee541e9c869c15a8b871966c41047ce.yaml |  4 +-
 ...3201-83cdeca9a177bee255e863b7e36aae57.yaml |  4 +-
 ...3334-3fc9a3fcf79cc1897ce2e887e3d3f73c.yaml |  4 +-
 ...3336-6be2333e24bb1c10a3a6c889899366b0.yaml |  4 +-
 ...3342-aec751941690d89755638c950f64d01d.yaml |  4 +-
 ...3343-dda12396183ee405a0b6804083230616.yaml | 14 ++---
 ...3350-e445dff1dbcdaa9bae7b0592b35676e6.yaml |  4 +-
 ...3361-80c655d3d796ab546d2bd2d7a2a197bc.yaml |  4 +-
 ...3366-90e136f1c49e3c12cb6162b882a23711.yaml | 12 ++--
 ...3374-219e356df9406ff61a0cdb8030ff8ed2.yaml |  4 +-
 ...3380-c7389b248c40364239ac72c9e1e9985e.yaml |  4 +-
 ...3383-18ceaed7f43455d18367a3a1c3285ab3.yaml |  4 +-
 ...3384-674e9e8ffc19e4d579a57273137742ea.yaml |  4 +-
 ...3391-3c6cc9490d009d5c5e5a38130b58bb8c.yaml |  4 +-
 ...3392-e4bd7eea0fd05e8e2fe20b6f0c6b7046.yaml |  4 +-
 ...3393-7b65c39ddbda37096522c90c94a9d953.yaml |  4 +-
 ...3394-92aa647881d350b340f99ec0dcdafcc3.yaml |  4 +-
 ...3943-629a86e61ae281b9190188a5f16e6d8f.yaml |  4 +-
 ...3395-c8d77620d025f09aeefa4638ee5b37e1.yaml |  4 +-
 ...3960-aa18dc73a5ad2f3458b2829a667a4dbe.yaml |  4 +-
 ...3969-5dac27116865bf3a33881aeb2e87a891.yaml |  4 +-
 ...3970-51577bdf9a059e7edb1dda702623d2b6.yaml |  4 +-
 ...3987-05c2167f7f1f78fa58c980d418931b2c.yaml | 12 ++--
 ...3400-76570c8af26fd8add3788aed77d646fa.yaml |  4 +-
 ...3401-8d874ea95f55c0ec9bb8e08a17ec4807.yaml |  4 +-
 ...3402-5a93acfe5c571ac99fbd0be363e6f484.yaml |  4 +-
 ...3408-7fe1343755ae3216e2612ce9dec35f72.yaml |  4 +-
 ...4148-8eae7ffaabe0ed4cfdd5b1537b7b4d67.yaml |  4 +-
 ...4154-ac9050df076297964363495b9c075e7f.yaml |  4 +-
 ...3416-4578c261077bba561117707849a7d191.yaml |  4 +-
 ...3417-1b6d42c938576bb7e9892a86129f9bc5.yaml |  4 +-
 ...3418-6e8d8a68dd9873805b5f71eb69761022.yaml |  4 +-
 ...3425-d27196962105bff471a16f16aa617461.yaml |  4 +-
 ...3426-46e70ce2d5b65ea57e5b89cf696f0367.yaml |  4 +-
 ...3427-34e1ea4c84115991aa9040d8463cc384.yaml |  4 +-
 ...4344-ea695aba033f5eaa6e1bbebc4ad1cb3b.yaml |  4 +-
 ...4347-cb8528ea228de7c195be74b03a1cf056.yaml |  4 +-
 ...3441-a6ad4e1a267f3d946e1e2e12d5bebc25.yaml |  4 +-
 ...3451-8e787a46ad14cecfaea14ee098f61614.yaml |  4 +-
 ...3462-4f5affe3e6d10944ac86113d1e4881da.yaml |  4 +-
 ...4648-5c305c85e58387c07315e703af6d187a.yaml |  4 +-
 ...4650-ddd0e9486fe68ad8ba91d2369f80747b.yaml |  4 +-
 ...4654-a5a6d2493729bf3090ce1785835756c3.yaml |  4 +-
 ...4656-ab0d8c25a4b5735f6b566693ae1e6b91.yaml |  4 +-
 ...4658-300ac7058f885b1b1ecbf0131074eaf1.yaml |  4 +-
 ...3469-d368d355a42efc82f9add75ee0c1d079.yaml |  4 +-
 ...3477-bff7cd3ae66179edd6f79145d30bd8a6.yaml | 16 ++---
 ...4839-11efe70fd2ae23707bfcf341a18862cb.yaml |  4 +-
 ...4853-b4bab111be528a55d6c4bef04962870e.yaml |  4 +-
 ...4868-d03a599615f97ee32ed6c9f069046608.yaml |  4 +-
 ...3490-d8db32c50c0bea30a973b5af0530e9fa.yaml |  4 +-
 ...3494-6f528eadb66a9354628a303cdece4106.yaml | 14 ++---
 ...3506-38bcc8fc23f5e64dd2298c12f27f47b2.yaml |  4 +-
 ...5235-ec9c194a00305798df823bbd977744c9.yaml |  4 +-
 ...5242-535595f4b0854a5ba3ef769bc0a6d8a1.yaml |  4 +-
 ...5277-9fa773be7e5cdf580182e19b1f6e77fb.yaml |  4 +-
 ...3536-9572375f1a63fe71cfefeb901690b502.yaml |  4 +-
 ...3537-226373864d57cc20f7f59dea62a55c3b.yaml |  4 +-
 ...3538-200b5675cd7f93f9a3a59f8b16a025dd.yaml |  4 +-
 ...3539-16fe73a759651a7d3bcefdb3b3d57eae.yaml | 14 ++---
 ...3558-7ae4217671bcb5c8f6efe46ca1b8db85.yaml |  4 +-
 ...3568-ca0bad06790922b16f5da17ee6db4bb8.yaml |  4 +-
 ...5725-f00922a5d35b3c6ca276e64048795ab0.yaml |  4 +-
 ...5726-371f210cfb55319010fd16b3a7c4efca.yaml |  4 +-
 ...5730-40341532c7f84f3b54f6d735c45b3460.yaml |  4 +-
 ...5882-95b4227a0d3d41c249f2bf8ed2c425e5.yaml |  4 +-
 ...3601-af386a5b7a4c4897059c13e07ba6a1c2.yaml |  4 +-
 ...3609-e01c69283b147d24245068f3ebce49d9.yaml |  4 +-
 ...3610-c5989c384ff1fa34fed277024ca7c660.yaml |  4 +-
 ...3618-d06ebbe7f6b16be606d476a52581f74c.yaml |  4 +-
 ...3622-21019b02ab939e1588f34c6a653e9f06.yaml |  4 +-
 ...6282-3a32aa7a18d47ef0f7438986ced63310.yaml |  4 +-
 ...6284-6dc63a693616ad13933a53bb0a4503d9.yaml |  4 +-
 ...6285-31f526f5fc6023df268597ecb0e81e2e.yaml |  4 +-
 ...6288-dc8ff7d3332154eb2062f549788da3cc.yaml |  4 +-
 ...6292-acd433b1de86848d8124ba9bb8ed6ee0.yaml |  4 +-
 ...6296-adf2d29be020721f57ebc8e5c323f1bc.yaml |  4 +-
 ...3631-c6fe3e98ca720b92fad33bdf271aacdd.yaml |  4 +-
 ...3632-809d63af1f69964de8a6d451fb63eac3.yaml |  4 +-
 ...6340-845e9efdcaa8e86ee95dfb613d1c9636.yaml |  4 +-
 ...6341-d1f3834e2f95aaed2e601e83a20e5d59.yaml |  4 +-
 ...6346-b87b09efd2ae58c86dc8e5fdf3e23221.yaml |  4 +-
 ...6347-56be40d6cceb101df1647cdc9530b1ac.yaml |  4 +-
 ...6352-2f992f86ff54d554aa2e677bbff33be5.yaml |  4 +-
 ...6355-c452417a821be37f2cab44c35d2fb224.yaml |  4 +-
 ...6356-b758c0c37fd1d990bf9268c1c848eb10.yaml |  4 +-
 ...6358-d05a6b8d7f246d51e5c6639ab5b124d6.yaml |  4 +-
 ...6365-c67d4649ea18743c5c7a2e3701c4b78b.yaml |  4 +-
 ...6373-498c92520d857cb30ad7df8aa299fc2f.yaml |  4 +-
 ...6375-02e92fc9d8edd2a31ef37844cc4fdd57.yaml |  4 +-
 ...6378-f7eaf9b938a6df4b39be6616b2432caf.yaml |  4 +-
 ...6379-10647c17dbf9c37ea854931ce84957f9.yaml |  4 +-
 ...6383-9c32419221ff25df45de1a2bef4b454c.yaml |  4 +-
 ...6386-aed64fd523c0d1b492fdf86a110cd8b5.yaml |  4 +-
 ...6388-099d72d33b89027185d04eec96bd1d04.yaml |  4 +-
 ...6389-83e4f665f1af2e601634717e68062856.yaml |  4 +-
 ...6394-f99fe05b2429bd9e4943506324d48d85.yaml |  4 +-
 ...6401-6cf5df1f5906c35e420af33d77451aff.yaml |  4 +-
 ...6404-7a3d9d99e440e4df9bd78305e509f883.yaml |  4 +-
 ...6405-f4919b10c6f7c2a14e1c7d5b8a3f99cb.yaml |  4 +-
 ...6417-27fde2e6c4a806f7a102ac0a7cda9a14.yaml |  4 +-
 ...6418-6293b091bc766206bb45c5e76ab63e4c.yaml |  4 +-
 ...6425-03b179e5beb399c252262dca2e1c2a47.yaml |  4 +-
 ...6428-f5bd530013958004252bd14d740d1932.yaml |  4 +-
 ...3677-21d84dd234ad676a469c1b281a9da497.yaml |  4 +-
 ...3679-884840a442619cbc5a7daf95f85cb6cb.yaml |  4 +-
 ...6791-0b90da005dc4b695e711677701780a3d.yaml |  4 +-
 ...6798-57d7eb4c0bda23c172922977bec66f98.yaml |  4 +-
 ...3688-c453f0ecd6a4881debc7f71c36086298.yaml |  4 +-
 ...3689-8afa46038c928522e1a939b693fa3626.yaml |  4 +-
 ...3690-535ebdfe2ca4cb1641e4a25814726229.yaml |  4 +-
 ...3694-d016ddea2985e3c1ec3f3ed31d67329b.yaml |  4 +-
 ...3720-2ce3da9cb13ca01fe4975c718c0361d4.yaml |  4 +-
 ...7328-4dec1d95d84aa9956ba49479ab4962de.yaml |  4 +-
 ...7330-363aa4459971c85215990cb3c8eb5496.yaml |  4 +-
 ...7335-6fde6e46382738cc90cbede415252e23.yaml |  4 +-
 ...7338-d5a23abb517a497649fa5fae9ebed1d6.yaml |  4 +-
 ...7339-a2ba0d175d26a5652fc4c3dde4656860.yaml |  4 +-
 ...7342-d3a3435dfd803c8984d494bbdacab67a.yaml |  4 +-
 ...3739-d89cd4d50e467aee5b89a046ed25a308.yaml |  4 +-
 ...7402-a3cdd5fc08475bf0155bcdf233d6ccac.yaml |  4 +-
 ...7403-473bd673aad6ebbb1666b1cd91242034.yaml |  4 +-
 ...7404-d039001c0af8cb5076be473a89522a72.yaml |  4 +-
 ...7405-367b17bcc7fd153764ffbb7e174fed0a.yaml |  4 +-
 ...7405-415ed972729f96565976948d92875199.yaml |  4 +-
 ...7407-e067b113a87087f2914c0d765908e157.yaml |  4 +-
 ...7411-31a8072de701550e4edcf2604b9e23bf.yaml |  4 +-
 ...7412-fdec0718eabbae53872d03fa70d141a9.yaml |  4 +-
 ...3747-1b89b5eb4288496d851956ba01f7ee38.yaml |  4 +-
 ...3750-3b38633cbeac82c001940cb4aed44709.yaml |  4 +-
 ...3753-c206b1ef471fcab481cc325e40071db1.yaml |  4 +-
 ...7599-bd26ccd939104e13f73f569b312459d6.yaml | 12 ++--
 ...7601-54bc1daf26907dc59a5c7876a142ff1b.yaml | 12 ++--
 ...7603-1951707b594e6f4a4e8e4243b43c9841.yaml | 12 ++--
 ...3762-127ab045dd12eca20b1f05cdaef8b291.yaml | 14 ++---
 ...3762-ed8996a111dbc40e1e02c2318552499b.yaml |  4 +-
 ...3763-3ae6c1779315005d2af44a96ee77af2d.yaml | 14 ++---
 ...3763-bd1638a89aa7173589958124d15f2afb.yaml |  4 +-
 ...3764-b7888b843ebf167b77c4d303a6db54de.yaml |  4 +-
 ...3768-221016fc8948bfb930fdcdca33f79836.yaml |  4 +-
 ...3769-8e5a5c6c98d5ff17214ae536b2646317.yaml |  4 +-
 ...3776-2624b69820d22e5b5127f2b411babf77.yaml |  4 +-
 ...3794-39f38e457d08269c0a24a582767d3dfd.yaml |  4 +-
 ...8055-df308cf6b44530f23e6aa9e16f45633a.yaml |  4 +-
 ...8057-9e3753c62120a17f21550a2c92d7d0fe.yaml |  4 +-
 ...8058-26e6e5cc3851b03fa772529952303fc4.yaml |  4 +-
 ...8061-80eb51ecba5ec678d038fbafb9f76a3a.yaml |  4 +-
 ...8067-09740a555ab133389f0f6571fce0ae84.yaml |  4 +-
 ...8068-0bf76c13f5d059f24c33a04b1579ea8d.yaml |  4 +-
 ...8073-1f2a06a643f40ca267bd342499fdc692.yaml |  4 +-
 ...8074-5c2247e17c791b6fdfbffdac85a13840.yaml |  4 +-
 ...8079-897959e22c40ecc199bf5dc5042856a0.yaml |  4 +-
 ...8085-353927ae64af5c6eafc196b5f94afe9a.yaml |  4 +-
 ...8086-9485da9dcc7a2c1f998297394d9f2737.yaml |  4 +-
 ...8093-52b9b171189fecca507b9059a4e2fc92.yaml |  4 +-
 ...8095-37fc83c506180cf381ac5dfbd233eafb.yaml |  4 +-
 ...8104-4f4db8cd21765548f8ac243b07d65419.yaml |  4 +-
 ...3811-7bd73acb3e7a0bf377aeb77c95eb6b8a.yaml |  4 +-
 ...8135-b019cad8ad64e7103a4ef60d49f6dea3.yaml |  4 +-
 ...8137-4570eda0c03b7f7b441d2c3a25dcd80e.yaml |  4 +-
 ...8139-29636b68c2f3ab161e7a045474b91034.yaml |  4 +-
 ...8139-54337cab42839ec3b613ba98b54eca17.yaml |  4 +-
 ...8140-83717a76e7400e087835909cd79a400f.yaml |  4 +-
 ...8141-1a3d5e6e024266b84857a352fd89d5d4.yaml |  4 +-
 ...8144-5fc70b9a54a47a4a18b6ce16ce7c23ba.yaml |  4 +-
 ...3822-6fc6438dcbfd4ff68526e6d482fa74a2.yaml |  4 +-
 ...3823-2f0c52f572204949d9dfa707ba4715b5.yaml |  4 +-
 ...3824-d5f34e92eea10518421633a7bf6a6987.yaml |  4 +-
 ...3828-66fc8c140dcc821532233cac0866d8de.yaml |  4 +-
 ...3829-335b776cd554e8913d4f10e98e262ec0.yaml |  4 +-
 ...3830-3e7f60a3df49d0f7fb4057d158598ecf.yaml |  4 +-
 ...3831-eab309830ae20eeb18b4936d022eab3a.yaml |  4 +-
 ...3832-2b23e7bc36f5649501747aa394af6972.yaml |  4 +-
 ...3833-7e3662ab11c3565756d75a405c4e3374.yaml |  4 +-
 ...3834-44fe84770decd19120a8d913bc09bfe5.yaml |  4 +-
 ...3835-03920cd9ca5ff22b06a994a5f8a5fb1c.yaml |  4 +-
 ...3836-714e1a158166a33a7b439bd28dcdaa32.yaml |  4 +-
 ...3836-c4ddc0489c7fc6327da43ce100fae835.yaml |  4 +-
 ...3837-15a33f4bb5e2d06a85f82ec34f8865fa.yaml |  4 +-
 ...3838-94f3a814c03c449b36cb253d7f80d949.yaml |  4 +-
 ...3839-5b728c0f0ab67d66edeb4ee534a33e19.yaml |  4 +-
 ...3840-a6981c5b5578853614f986e96039441b.yaml |  4 +-
 ...8454-a98db6a35902de5cbf34db4eed4ead5f.yaml |  4 +-
 ...8456-a9cc73f9037d9cdf674a96fc1a0c0e0f.yaml |  4 +-
 ...8460-b3b2af8cc00699a0018afcc81e707f41.yaml |  4 +-
 ...8461-1695c167f694fa63c272f7b2c5254e2e.yaml |  4 +-
 ...3848-f267d62c47f700236f07eb0616a44f03.yaml |  4 +-
 ...3849-7f2ad53d025d64620bae59b467d70f5b.yaml |  4 +-
 ...3850-ef26eea08cd48a0673b556bc7ad08135.yaml |  4 +-
 ...3852-a514896a8210fef61861b6a5fb93d0c5.yaml |  4 +-
 ...3855-540d765197d5d77b942283129699e946.yaml |  4 +-
 ...3856-d103dcd12252c06ef076f4cb74df842f.yaml |  4 +-
 ...3858-d2f186fae58d1b5afd77fc5306fc26bf.yaml |  4 +-
 ...3860-240ee5ac158ce434b1247f54a6208c44.yaml |  4 +-
 ...3861-c3f3aac4022202f47e3ad7f05ff237dd.yaml |  4 +-
 ...3862-435e5a4b20bcaf9d0c9ffb3797d6604e.yaml |  4 +-
 ...3865-9e9c8555eaf480676d3bf05dbd493869.yaml |  4 +-
 ...8703-2cfa41593b5c54dbbe7f94408a704c8b.yaml |  4 +-
 ...8704-73f794bdb6d5d5ebc6d4220191ef5dda.yaml |  4 +-
 ...3879-6b187667244750832b7e539032f73d81.yaml |  4 +-
 ...3880-6e0c5ff8c6831d302f08813c9570b138.yaml |  4 +-
 ...3881-509c39acb39a633805d6b569fc41a485.yaml |  4 +-
 ...3882-da896910a5cacf8279e4d7de14e16a7d.yaml |  4 +-
 ...3883-24b1f52e6cf57fe2a2edbecda487edee.yaml |  4 +-
 ...3891-4d29004b4f45680a61808cd7f630a100.yaml |  4 +-
 ...3892-ef86ab7f523579cf61ae7ca65b0017ce.yaml |  4 +-
 ...3897-9760015c4d350e201fad6b9179af7df3.yaml |  4 +-
 ...8971-c0fe1fee8a4f48d20fef6e8a451cadaa.yaml |  4 +-
 ...8974-46fa110da1e59fdc31ecff31d6e6ec62.yaml |  4 +-
 ...3898-9d26ce45ae3e2b9cd30cf1aaa62ddd92.yaml |  4 +-
 ...3899-f6f5e5b83dd05b47087018ab93dc70c8.yaml |  4 +-
 ...3904-89e45ac29496786a2f26bbad510d04b9.yaml |  4 +-
 ...3906-9f2fa558a3b450f42672af408bb3b106.yaml |  4 +-
 ...3907-c0684cce94d057969c2bd8df09557f34.yaml |  4 +-
 ...3909-5f015fc98ebe61708b30f8e106c0dca9.yaml |  4 +-
 ...3911-e4dfba623e207111ac2894d0b05e0171.yaml |  4 +-
 ...3912-f2f2b27ba49b35955a269b199809763e.yaml |  4 +-
 ...3919-38ff57a3a79c762236aaaeaffc92c374.yaml |  4 +-
 ...3922-bada82132f6cbfd33d5760be8742a9cb.yaml |  4 +-
 ...3923-e8ed3a408ffed7b696f1556afff0400c.yaml |  4 +-
 ...3925-0b4ca30f3ad4ec80ff7de93b32a4ae21.yaml |  4 +-
 ...3926-cbceddd57d7051d45761e4fa44eca556.yaml |  4 +-
 ...3930-3ca2c37cf2bcc2a6f7bd7d384d01930f.yaml |  4 +-
 ...3935-038cd4d7f3a85c2e02153b9f3d732338.yaml |  4 +-
 ...3936-3251ec6afe785e3bef31ff4841e744c5.yaml |  4 +-
 ...3937-cdfd3455a6f46d912895a672ab21e1b5.yaml |  4 +-
 ...3946-cfe5fa3015f2fc55d2b05163019ba81a.yaml |  4 +-
 ...3961-6547c1d240217acd0e74acb8773a56d3.yaml |  4 +-
 ...3981-64ebdeacfb7857f81240b567b724e6b3.yaml |  4 +-
 ...3983-8648ead24f8ede303ab8621f146c3147.yaml |  4 +-
 ...3984-91cbfc58418f178a67da5f57d5fe8aa8.yaml |  4 +-
 ...3985-affad12bbe06868aff921eeaa6373196.yaml |  4 +-
 ...3986-8a4ffb5cbc3cc45c48f96fc0d6e8fdac.yaml |  4 +-
 ...3987-85a882f3a47555e7fcebe3d512a6eae9.yaml |  4 +-
 ...3991-7457dd966d0c4c8ae20cdc84ea24da94.yaml |  4 +-
 ...3999-39e0cd9a1bb57b7c976fa340879a57c5.yaml |  4 +-
 ...4000-bbc1707c7a5ee3103ec07e525a958c37.yaml |  4 +-
 ...4004-2930d925944c874731b469b90d98e5da.yaml |  4 +-
 ...4005-40014647f15550cd9dd8d5556a2d8ae1.yaml |  4 +-
 ...4010-f33065d14f70bf7433189e427d984bdc.yaml |  4 +-
 ...0128-585b04156d64682d18676fed41ed4dfa.yaml |  4 +-
 ...0131-67889b4ef1ae0d338be85daad64d3e7e.yaml |  4 +-
 ...0132-bd3f97a6db76b6dcae059be482b558f5.yaml |  4 +-
 ...4016-2594adb9a7b091439405e835629ab066.yaml | 12 ++--
 ...4017-58678de90c143fa9b35140b23ca7ba6c.yaml | 10 ++--
 ...0191-ddabc756c7ddb5aa3f2db005373f60ba.yaml |  4 +-
 ...0192-7796a6543f11d887deb3ec9c31928648.yaml |  4 +-
 ...0195-bc6751aa5110381a68bfe443bb0b5c6b.yaml |  4 +-
 ...0200-180565f2bb1ffb1d14acebaf2b798b98.yaml |  4 +-
 ...0203-13af69fc3b4639d4eee1c5f8765f3113.yaml |  4 +-
 ...0203-9036eb8b1e0f76afba77e37799b01f92.yaml |  4 +-
 ...0203-bcf8e746293c2a8c7e07a4dcb5e63f07.yaml |  4 +-
 ...0203-fc8048569d06ebc90ac21a7212b76518.yaml |  4 +-
 ...4021-ca60ddb788ce2ba7421ade305d793252.yaml |  4 +-
 ...0211-6377ab76651d16deea08b67670c91822.yaml |  4 +-
 ...0213-d8076a607a4a2cad3434e6393a4159d1.yaml |  4 +-
 ...0215-e4bedac25bcf1a2f58f7010119167cc3.yaml |  4 +-
 ...0216-cf8da83f0f83eb1a574fe335e5527411.yaml |  4 +-
 ...0217-a281a6daee68ba362dc7d77d71441ffb.yaml |  4 +-
 ...0218-299542a4c8b3958179820e8901ce5f1d.yaml |  4 +-
 ...0219-0f224f68bb34d36af769db2549696ba9.yaml |  4 +-
 ...4022-ffa9b508bdc94d69f110d4734885da09.yaml |  4 +-
 ...0223-347f040de616333a1a9814dd7bc708c0.yaml |  4 +-
 ...4023-d5d38bc96ea3d80c250cd1535165fc1d.yaml |  4 +-
 ...4024-44a36b31780ae752545fe7f279378677.yaml |  4 +-
 ...4028-1385e98bb73a78a4b3298f9d107fe144.yaml |  4 +-
 ...4030-64b8d0d829a31289bbb915ba2b2eb077.yaml |  4 +-
 ...0311-7d46d3a81ec6bb63cad62cde0afab07a.yaml |  4 +-
 ...0312-78446893c956fc1d75ddd7c2d7c876e7.yaml |  4 +-
 ...4042-b4cb9ba45757222ec6c9dc1b2fa44488.yaml |  4 +-
 ...4043-32ed4b36d9532730d50e66214a30b7fa.yaml |  4 +-
 ...4047-96ff12fd53b9282c4a2c4aeb674ac66e.yaml |  4 +-
 ...4060-b03939b1629e023f1100df8dea055a3b.yaml |  4 +-
 ...0632-b1ced039ec3e12066bd1cc12c97938c8.yaml |  4 +-
 ...0671-cd934d4abb39f62a28c7ae7b5501f68f.yaml |  4 +-
 ...0672-f0281688d74f818cfad7334eba1cc561.yaml |  4 +-
 ...0686-f890a87599d700193f94857dcecd8b3d.yaml |  4 +-
 ...0687-883ac125446954bc56b63a659310e326.yaml |  4 +-
 ...0692-6fb4ed5587f0486cce5c1d786ad4230e.yaml |  4 +-
 ...0694-6c5199d39eb82de60e28b6acd63ef12d.yaml |  4 +-
 ...0695-ea58f8019f8858d1a6e5612496c6cdb0.yaml |  4 +-
 ...0696-73ae88fd78bf0becac09b57aa5f8c767.yaml |  4 +-
 ...0697-2f1a45c352b73e0646091d728f0d1831.yaml |  4 +-
 ...0699-146da8f6895b52d2f71daced48bc4bb3.yaml |  4 +-
 ...0700-e2fa4c8a4519773eef901f4abb2bc665.yaml | 12 ++--
 ...0702-53dce218cb6cdf713c943d61cbe1c885.yaml |  4 +-
 ...0963-dcd836cebf0e20586e7baffdfe54c10c.yaml |  4 +-
 ...0968-942a0a0ff8bd16dd5a3f3bf1e155403a.yaml |  4 +-
 ...0975-baea03495f30d429cbcc479e7010d90b.yaml |  4 +-
 ...4101-67cbbeb086472c18cc998dc3852acd0d.yaml |  4 +-
 ...4102-14fedf42454dd570b7c4db0f006340a9.yaml |  4 +-
 ...4102-34cb9813e7e0af12dde3e7fb63dcabc4.yaml |  4 +-
 ...4103-67ad0ff7411e0b10941fca10e62b3adc.yaml |  4 +-
 ...4107-a6b4638155101fd9dca73e44a2714579.yaml |  4 +-
 ...4108-519740287ea130c472e2b41307bc4416.yaml |  4 +-
 ...4109-f7ab3183d6a1c8faf8c7fa4cce5c285d.yaml |  4 +-
 ...4110-a2935a109cadc5c6b15de3c6e258096e.yaml |  4 +-
 ...4112-aa821804338bfa52c597bf95613d3cbf.yaml |  4 +-
 ...1132-26aceda847c1eb3f25bb17474245905f.yaml |  4 +-
 ...1134-65a9527890576df98e6c12dd65024410.yaml |  4 +-
 ...1136-dbe0cc2eb5dbae77d4244d0de7839b9b.yaml |  4 +-
 ...4114-cb7c43df76e71bb6d20f5f4c8a5d90eb.yaml |  4 +-
 ...4115-b0561191aff3bb3e5af8336a71c1ffcc.yaml |  4 +-
 ...4119-6ccadf7e1366ca3249cc5950850c4bdc.yaml |  4 +-
 ...4124-76f3b72582acb97747f26a7d73d169e0.yaml |  4 +-
 ...1315-f68243f27ec6cdc816f3b8c11a5b90ea.yaml |  4 +-
 ...4142-cf862152b16dd1f39286055ed51b17b7.yaml |  4 +-
 ...4148-41a31043d8f2b87b33721864ecd51995.yaml |  4 +-
 ...4150-cadc46493e5e64619719bfd06035e262.yaml | 12 ++--
 ...4151-a3fa9aa05831cbe48f93e588aa23d79b.yaml | 12 ++--
 ...4152-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml | 12 ++--
 ...4153-4f98def5aafbaedc907582ddf709a1ef.yaml | 12 ++--
 ...4154-82c2c907402b124f31a2f373f11be562.yaml |  4 +-
 ...4155-cad4f56715717797069f7a87850b72f0.yaml | 12 ++--
 ...1554-4c2a731e32a3d9201839b73fb37eef51.yaml |  4 +-
 ...4156-8a640d3ed297a8a63d17c701796646c2.yaml | 12 ++--
 ...4157-aa986981c75263be7a2313fe5bb981c0.yaml | 12 ++--
 ...4158-9ac93e930052c6b551d522a1a37f90fe.yaml | 12 ++--
 ...4159-53c528c4b38bd34834da864bf5436a73.yaml | 12 ++--
 ...4160-b3fb140ad00234395ef28e4892077821.yaml | 12 ++--
 ...1608-488a5177633c5d61ff8bef1899fcdb13.yaml |  4 +-
 ...4161-757bd659f9146e7fed02497d3559c2e8.yaml | 12 ++--
 ...1612-2474a94365b10412bcdef71534b7cdd2.yaml |  4 +-
 ...1615-9bc085475e51bc522ac86c43319af153.yaml |  4 +-
 ...1616-e05fa458a1f240ccb4e1b67dcb2e1cc1.yaml |  4 +-
 ...1619-285b140dd354e7b55f93f22538da9394.yaml |  4 +-
 ...4162-c747e3cc597300516c2ada9764e8c1be.yaml | 12 ++--
 ...1620-2163947a7faebedb99b02ea382f621f0.yaml |  4 +-
 ...4163-9c0847af71db5cbde2297c6d8117181e.yaml | 12 ++--
 ...1634-7f361b8e267eec159cd338045858bebf.yaml |  4 +-
 ...1638-4332f8cf6f6916ee73d377911664daa1.yaml |  4 +-
 ...4164-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml | 12 ++--
 ...1640-6d6e0436ccffe0043617b48128024cf4.yaml |  4 +-
 ...1643-7dc4797d3de860817ed6ac2d09e72ea4.yaml |  4 +-
 ...4165-f4eafb52aedd774a77d6abb99f32e10c.yaml | 12 ++--
 ...1650-d5a15b7cded52d19f32afbdd2169bb8f.yaml |  4 +-
 ...1652-cbf15a410baf5df5c6e73ec81eccde3a.yaml |  4 +-
 ...1655-6736c43448ceec0a8c35031a10886cda.yaml |  4 +-
 ...1656-b870ae481ac77b6b40f8ab9a7e8f35ed.yaml |  4 +-
 ...4166-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml | 12 ++--
 ...1685-4954ab56551b4ce703a0899a0107deda.yaml |  4 +-
 ...1685-f7bbd778de1c9c53d31f5ab55d2c4192.yaml |  4 +-
 ...4169-f5d278de8a6f52f6b1d00da3aecdfc57.yaml |  4 +-
 ...1692-236c93e0abdcaccaa98b96d0eb756aaf.yaml |  4 +-
 ...1695-0cc0200594a7eced582455e86333c795.yaml |  4 +-
 ...1698-cd6ae30437be0309f27d9b8ec11e2caa.yaml |  4 +-
 ...1781-10b89b9db07084a443cbeed71b129af6.yaml |  4 +-
 ...1785-04b351a32ea4d9e14665cfe5ee1edb27.yaml |  4 +-
 ...1786-a5de647c0bebb3ff3775ad99edcea819.yaml |  4 +-
 ...1788-c15a76ab76b6bacb9d3a014790c1e98c.yaml |  4 +-
 ...1790-23b8ee7d3cf1c8b343f01dee0e6b0127.yaml |  4 +-
 ...1791-87d13bf13b6be6962a557c3627b3cfe7.yaml |  4 +-
 ...1805-761ad1a5f416d5f845100fe45755bedf.yaml |  4 +-
 ...1831-c8baa9ed85af66dd4a921b8f2c5af1ac.yaml |  4 +-
 ...1839-ff3790cb0753cd7ef435623008e69310.yaml |  4 +-
 ...4196-447bef3440e263d45c541524d37bf6b4.yaml |  4 +-
 ...4197-3ca395cf4457963d99cc7df0953a3124.yaml |  4 +-
 ...1978-8e8dcc759eccd2518e9fba14e695c093.yaml |  4 +-
 ...4198-bde0dbf50dee086cf6c52ee659134929.yaml |  4 +-
 ...1980-a43440257ec4eba085c1ac2ce540e1bf.yaml |  4 +-
 ...4199-89d3c8a11ff10e6756f75032f0181833.yaml |  4 +-
 ...1995-e82a3788d5ee1ba0ec33b3e0db2276c0.yaml |  4 +-
 ...1996-f93d99515ef4e6bdea2dd530448d23e4.yaml |  4 +-
 ...4200-29259c5b25c72133b49fdd41585cc3d7.yaml |  4 +-
 ...4207-cb1c5b7fa2f66db14c90c48d844c8b70.yaml |  4 +-
 ...4216-53813c475afa70818392401295ac8091.yaml |  4 +-
 ...4217-18bb670f149f3ce453ab41abb0ba94e6.yaml |  4 +-
 ...4226-24b6c342cef1d8274544190481da6dc0.yaml |  4 +-
 ...4227-882bdd3fdb6681642f156a22924c9a36.yaml | 10 ++--
 ...4230-5cdc77b83509c234be9fd2621b4d50a6.yaml |  4 +-
 ...4236-defc78f281b1b753471f78628f828031.yaml |  4 +-
 ...4237-2ff5131571517bfee0f572e860d19db4.yaml |  4 +-
 ...4242-8f14563b89ae2fb865ea87d5f251bc48.yaml |  4 +-
 ...4243-9741c51413af2327faa27cd2e2fade6e.yaml |  4 +-
 ...2459-617785fa7c971048a906a08d626203c0.yaml |  4 +-
 ...2460-1b0051f6cdacf52fc28a89570f274917.yaml |  4 +-
 ...2461-8c3657d5aee544c7f980b9786567d40a.yaml |  4 +-
 ...2462-aea3cbfb921c1d1330c879b8f85a35d1.yaml |  4 +-
 ...2479-33c4d0a0f515bd1cedf9cdcf55231d10.yaml |  4 +-
 ...2485-1a1fe1dc5dd307bb721b18dad6e53951.yaml |  4 +-
 ...2494-ed79806268ad8e12ebf6df82f872530a.yaml |  4 +-
 ...4256-20b8b7b7f0087daadf58f3d74ba2a999.yaml |  4 +-
 ...4260-012d37d1a0419e2b4d417ad1bf8624b8.yaml |  4 +-
 ...4265-77c6557ed6d5a269f424f3a44bdb8307.yaml |  4 +-
 ...4266-66ff52bda667dbc0abbc88dbfecf89ff.yaml |  4 +-
 ...4268-c9f14b3efd68aaad972afe4c5e7676c3.yaml |  4 +-
 ...2699-e3ac7cfb196d6042fdf4cb82d4ed4384.yaml |  4 +-
 ...2880-e720f99baaecf49f6cf9a7d54ee9d187.yaml |  4 +-
 ...2884-41ebdf42bbd34392f33d2e300bcf1f22.yaml |  4 +-
 ...4290-dfe9d916adc4339b514e6f246a1ff502.yaml |  4 +-
 ...4297-8757d0b374234a37718f99a73c9ea57a.yaml |  4 +-
 ...4299-7746f8e1b3332b64c44418f10c52b872.yaml |  4 +-
 ...4302-84f16791aafe87d42cf363331892fb65.yaml |  4 +-
 ...4309-914f38027718514db2df33bcbfa5d9b6.yaml |  4 +-
 ...4323-b8c54b7d77df783a3aa06fe35c635411.yaml |  4 +-
 ...4324-41a8bca5b4e509ff5992617799743aa0.yaml |  4 +-
 ...4327-1a3ebcec002fbbf2625550387d2d42c9.yaml |  4 +-
 ...4330-607d97f75ca23282557e4dc2fc682915.yaml |  4 +-
 ...3450-04699771b766f0fc714834ca199fc5ab.yaml |  4 +-
 ...3453-08963ed44b1cea3058d5d701a7dc7bd5.yaml |  4 +-
 ...3458-f9f9f8843b8a77c541ca723acfae2e44.yaml |  4 +-
 ...3459-d6b551c8eebbc07aebd60fb21b086030.yaml |  4 +-
 ...3461-0d198fa5a9097295a41f947e62ed164f.yaml |  4 +-
 ...3462-fbcd8cab0390c5423cc4977a1f1be996.yaml |  4 +-
 ...3463-8d1ec64befa71150df8d15ca9a46e658.yaml |  4 +-
 ...3469-e740d0f5f3811a1aac1ce94a356e0d8f.yaml |  4 +-
 ...3471-2326f2ccfd7003acca183b6e98abdbd2.yaml |  4 +-
 ...3472-e081d559a96dc283eb19909827c9469c.yaml |  4 +-
 ...3476-f8057967039523304998e4a1e27c496f.yaml |  4 +-
 ...3480-9fb8bc0ed140e27215d75f6096a9ee6f.yaml |  4 +-
 ...3481-bf87097eab97d5618311a5d6293581ee.yaml |  4 +-
 ...3482-5da504c8dee91299e78459069ad88795.yaml |  4 +-
 ...3488-739c3b6a5da1b82e1034ec2752c5a42f.yaml |  4 +-
 ...3491-2b7649bf0d1b33f22a628883cdb8312a.yaml |  4 +-
 ...3497-5f3b219095913ca0ac8eaef4013782dc.yaml |  4 +-
 ...4351-72e98d054dd35c38c2ccedc1b3e556e3.yaml |  4 +-
 ...4352-9b3e1e16f60897007a08c1914eadf98c.yaml |  4 +-
 ...4355-1a6e413024d8d1ae95c30f6878f11970.yaml |  4 +-
 ...4356-381f90bef3e067367c93c00d3b2f3da3.yaml |  4 +-
 ...4358-462fb716ec2f0ec4e2f418a785fb1df8.yaml |  4 +-
 ...4359-74b1a71215563001aea36d2a3bce8f35.yaml |  4 +-
 ...4360-ee3fe625ab8f88885d07211e8987b8d5.yaml |  4 +-
 ...4362-babd847e079fcdd7a546f8f906593529.yaml |  4 +-
 ...4370-bc5e61b065b355ecda981dfb9a91839d.yaml |  4 +-
 ...4371-4d7353aae0306a1d0c2e5c68f3406ced.yaml |  4 +-
 ...4372-1da82cb5548de3f68423707825b69043.yaml |  4 +-
 ...4373-6435ac4f9788a7cece5b6014e8487e16.yaml |  4 +-
 ...4381-ff57e42e57104b9d5c57fd329587cf27.yaml |  4 +-
 ...4384-4203dc94ef5199d201031e3f384724b9.yaml |  4 +-
 ...4385-7737e8caafd57ae5760281e5e46a68d7.yaml |  4 +-
 ...4391-b3d167dc589e1f7c398305699f98be68.yaml |  4 +-
 ...4392-176b60254015c7171bdde001bfef506b.yaml |  4 +-
 ...4393-e18789f54f5a5fe13b8ddacd79d408fc.yaml |  4 +-
 ...4394-ffe84a5da8ea35eb24ec280a71f71719.yaml |  4 +-
 ...4410-4e977ded44741d82f1c08a16943badd0.yaml |  4 +-
 ...4431-4a8f4a33d3fd03ddfa522524f9449c10.yaml |  4 +-
 ...4431-6bedb1579a7e4736e9514fa8e953db76.yaml |  4 +-
 ...4442-1e89a13fba73865588209c9be692cd21.yaml |  4 +-
 ...4448-81dceb70d6b123bc1dd5fda793f142c3.yaml |  4 +-
 ...4449-6d5213a5628e216eb9e2a763fb4762ea.yaml |  4 +-
 ...4451-f793e64947f92282a534916c8b501137.yaml |  4 +-
 ...4453-d875c7330364cd8c2a286deccf313956.yaml |  4 +-
 ...4576-246a1b75793883d17dc885e0bfc6e4bc.yaml |  4 +-
 ...4578-4dd1db9fbfcd7d8c0bd7134fb7dd4c2e.yaml |  4 +-
 ...4458-957e4d84091168909dcf10979c3f829e.yaml |  4 +-
 ...4580-69fd4d1a3d07810924c63e0b65d11e51.yaml |  4 +-
 ...4582-b0a5bbc946df09d6c3b0cc9fe2eebc81.yaml |  4 +-
 ...4585-48cb81f29289d3dff74b9ff9eb6ca258.yaml |  4 +-
 ...4586-d9ed7ea48d292aeb09b5a69dca626c8b.yaml |  4 +-
 ...4459-10f63d314e85015ce49d2337fc605c93.yaml |  4 +-
 ...4590-f34299764af595ef815c30af6bd496f7.yaml |  4 +-
 ...4591-ba0f1a7c1e75b12eba4e62626fd27944.yaml |  4 +-
 ...4594-395ce3ec44ad4bf8f5ea06caea1ca7c5.yaml |  4 +-
 ...4595-4ff6298b795b2324bce636d08965d81d.yaml |  4 +-
 ...4460-5a9c4861ed09ce785a6f69836ddbac67.yaml |  4 +-
 ...4625-e785890064729677b76cdb50e8ed4af9.yaml |  4 +-
 ...4626-97aa7aa2977bb6f3604b4b418beecdeb.yaml |  4 +-
 ...4627-0a5cc290bf065b9d61dd8d6424548f9c.yaml |  4 +-
 ...4628-2d4f6a1b39a4cc9b06569630fa151900.yaml |  4 +-
 ...4629-719aecac015dde0f14f4cf5400965308.yaml |  4 +-
 ...4630-564f40d4fe0ef114f55053468e52e333.yaml | 12 ++--
 ...4631-0bb8bade373073a31c7eae43154f4462.yaml |  4 +-
 ...4631-3a92cf2d3b454c13398f20f7a203cccd.yaml |  4 +-
 ...4632-8bc6ce24c222c874630a145ef16e8d93.yaml |  4 +-
 ...4632-ab2b677573aede58b8661a8c8b875adf.yaml |  4 +-
 ...4633-4a463e7ba518b96c1fea8ec0461b05e3.yaml |  4 +-
 ...4634-829eb8aa5088a8dfbd751ae2143f350b.yaml |  4 +-
 ...4464-ef2ccc3b2c02ce044d17cf1db08c67d1.yaml |  4 +-
 ...4465-ea22f32ac37f9f8e0f263b4584b31b1a.yaml |  4 +-
 ...4466-638d34b4766f8e2a63bed27bf53ab9d8.yaml |  4 +-
 ...4467-7932b82c356f203f76bc21fa22bfac04.yaml |  4 +-
 ...4468-30317bfce905faf2637e9a9df56ecb43.yaml |  4 +-
 ...4469-4ae0743589a43c31ae78715c1bb792c2.yaml |  4 +-
 ...4470-46456613c7a836ce3b1a8f48d3151f77.yaml |  4 +-
 ...4471-9da0817673d4e46e6fd57b591efba31c.yaml |  4 +-
 ...4472-1523648bd0f24adc2a26d45bbae47ace.yaml |  4 +-
 ...4473-6ec64fa1d5347bc867f5cb9d59094e81.yaml |  4 +-
 ...4473-d17eaa15397a887312aedfb1919c156f.yaml |  4 +-
 ...4734-840d0f5e27379db8cc72bc8207e84fc7.yaml |  4 +-
 ...4735-da7f33487455bd9ca64c5f5b0b3257c0.yaml |  4 +-
 ...4736-6c023e252025477e682e7148561b6604.yaml |  4 +-
 ...4737-873b15a500e300080bf17fdd62b04ccc.yaml |  4 +-
 ...4738-d94e06192974b1fb1b08b2e10b17630f.yaml |  4 +-
 ...4739-bcb8383c6f8589761d6cb6fb2a6e00e4.yaml |  4 +-
 ...4474-f32c6b2b7d3eb58c4682087aa288b3f1.yaml |  4 +-
 ...4740-20e49640b2d172fe60c3e66f7c5c2961.yaml |  4 +-
 ...4741-c6bb0e4c31a358c9eb072ecaccea302f.yaml |  4 +-
 ...4742-c74241ceba44be19e7ba6e8fb09c27d6.yaml |  4 +-
 ...4743-da0336a411f4f619331fc9d86a24bec5.yaml |  4 +-
 ...4475-934106ff95d7bc443b715a08222f1f73.yaml |  4 +-
 ...4476-c202e0ac545cb4289f68113596303c38.yaml |  4 +-
 ...4477-4f470840b5c22d9fdd8f597a9956aef0.yaml |  4 +-
 ...4478-7115ada113c9b929bcb0dd07d0bf9d4f.yaml |  4 +-
 ...4479-88443ca5df44ae2bdc297b09180bef0c.yaml |  4 +-
 ...4480-a875d85b1acd34789210b1b8be6e7c70.yaml |  4 +-
 ...4481-3816de1a2f06ca9d6d7c8b9dfb0a51bf.yaml |  4 +-
 ...4482-4b6f3787781ed281c4bf315d7815f11d.yaml |  4 +-
 ...4483-474fa03f5b39570acd09bb99c310528b.yaml |  4 +-
 ...4484-164f540fc7a38170dc136b3ff3864ea3.yaml |  4 +-
 ...4485-c7b94497207a62b415298f2f46cd674e.yaml |  4 +-
 ...4486-d785c662ffdd5bb603cbd342128e597d.yaml |  4 +-
 ...4487-6139caeaed9293c95d17b26944e3e8d5.yaml |  4 +-
 ...4488-022d6e4b68c3750efdb62382e3088ee3.yaml |  4 +-
 ...4489-0a19ecfdd9174c31fe37388d883b8078.yaml |  4 +-
 ...4491-c5db9aebd1fc40e9e4c7b7eca92c3a88.yaml |  4 +-
 ...4496-17d0dd4ca47cd3783ad012601e5033f4.yaml |  2 +-
 ...4497-ebb8de96320f3c64a91f6dbb13b596fa.yaml |  4 +-
 ...4501-aef5861873c712667e57c762ed3ff81e.yaml |  4 +-
 ...5066-e20e9bcb00e5e945a6bb2c24c79d65cf.yaml |  4 +-
 ...5069-24fe066591faebd7c14b911941c41812.yaml |  4 +-
 ...4507-cb472ca260be89964a7f7e562d3b7648.yaml |  4 +-
 ...5070-9b415d0d3fdf05f04e00c8b364d66a56.yaml |  4 +-
 ...5073-c4daa9433506094793f25873e18663b9.yaml |  4 +-
 ...5074-f8b3cfa96a6263fb75e4e2e3d0d2b588.yaml |  4 +-
 ...5075-2764a8f5acae96c89d7440a05722c172.yaml |  4 +-
 ...5077-a02d18d0740894600f021e06a20fd2de.yaml |  4 +-
 ...5078-78588e22a79e99f07ccbdc69fa52af87.yaml |  4 +-
 ...4508-5ccba34100497998aa68e15dc82c8875.yaml |  4 +-
 ...5080-5c12b38e55523c2abb1229db17d7b69c.yaml |  4 +-
 ...5081-93ed6654d55bf39f7e0ea24a9224f858.yaml |  4 +-
 ...5082-1b12a289a671c54e3c29dcf0a118316b.yaml |  4 +-
 ...5082-3b610f84d98a5bc8d0e6aaa3b08f5054.yaml |  4 +-
 ...5082-4032a78ffdb0269b83ac44db0e50cdc3.yaml |  4 +-
 ...5082-4ef1f0520c09d9782f1be91688816f9a.yaml |  4 +-
 ...5082-6e7fd75d5000c1a779cde51d0f7b0d94.yaml |  4 +-
 ...5082-805e4862296df1b32dd279bbfd5412a7.yaml |  4 +-
 ...5082-ce7addd0eabe078cf96d1fb6e8d32578.yaml |  4 +-
 ...5083-51b25af2629d0400d7625bb870546310.yaml |  4 +-
 ...4509-65043d39bf222f68f6c9850d424ae1bf.yaml |  4 +-
 ...4512-e128c0c0167442ae481665888471e921.yaml |  4 +-
 ...4519-873b35008af518fb3d54c42d47368243.yaml |  4 +-
 ...5348-3b7bdb3a8404e199e1deb34a5f3502a4.yaml |  4 +-
 ...5349-0eda30de3bc2dbaa94da2af30caf268c.yaml |  4 +-
 ...5350-4a300ce6f6f831fce9cb1c19680cdfa4.yaml |  4 +-
 ...5351-eef54adf293c01cfcd3711ba2746f5e0.yaml |  4 +-
 ...5352-f626e9df68cec35c776cf1191c5c3f5d.yaml |  4 +-
 ...5353-4177059b270800f6cdd2567297565b05.yaml |  4 +-
 ...5355-a48d0e7d0d0abab8208c9ac988b86701.yaml |  4 +-
 ...5361-cbd2f40afcea324b1b6628d63c264b5b.yaml |  4 +-
 ...5363-f2c966f060ba4e0ec53591e455e174f0.yaml |  4 +-
 ...5364-c5b846fbda39bbc2b213c6450fb38da1.yaml |  4 +-
 ...5368-5d3b862e6e4baaf71b24925f067433ca.yaml |  4 +-
 ...5369-4de563d96c4862070b39ddbeaaf2aa52.yaml |  4 +-
 ...5373-9ab73d918da016b8bea0197df7034889.yaml |  4 +-
 ...5374-c1c98038e2071b40fa92b1876951feb1.yaml |  4 +-
 ...5375-4857da40460f492fd61121c6a3d9ad96.yaml |  4 +-
 ...5377-7ae73592996d92a88095adedd13bc8f2.yaml |  4 +-
 ...4542-950a80cc7b38cd4c46587704ae88fbc4.yaml |  4 +-
 ...4544-d7a376bac039b7fcdb01d011343f232a.yaml |  4 +-
 ...4545-efa61bc9a560990c025c5047443643f6.yaml |  4 +-
 ...4546-47ec4d19442547ad0d7289d6f4804147.yaml |  4 +-
 ...4547-47ed991bbc14dda7a2d912876312ff28.yaml |  4 +-
 ...4551-0a49b86c658b566e0874b7c8c6fd8f9c.yaml |  4 +-
 ...4555-738fbfc3eb4f88850a59e7c7149f1534.yaml |  4 +-
 ...4562-bee37332f6e8a8436cc61a9d140d558a.yaml |  4 +-
 ...4570-a631956fae26932cfe37dec9f8eea277.yaml |  4 +-
 ...4571-7d9695bdca873940197ea6a55e88c78a.yaml |  4 +-
 ...4576-05c1130a0be4b028fb1b748819924a55.yaml |  4 +-
 ...4577-aeef249fc57afd724305e4aa12ba4e2c.yaml |  4 +-
 ...4578-bb335261eec45408126dfda83cd4c302.yaml |  4 +-
 ...4580-227a5c7ee9b9e5c6c608ba88b684ac16.yaml |  4 +-
 ...5803-41cad88ff79d9f1a300cb623d000ffea.yaml |  4 +-
 ...5805-319371b7283fd7e2cb3c7db7ca64946f.yaml |  4 +-
 ...5807-fe1c7e5641b372bf56ee629133d6f4e5.yaml |  4 +-
 ...5811-767aeb59e47dca848d0413b31cb3f81a.yaml |  4 +-
 ...5811-db46aef04d74b6695e5a22627a3163f0.yaml |  4 +-
 ...5812-21d6fb0129ec0276cbb256583b4e5048.yaml |  4 +-
 ...5813-dfec65d3ffe11067030127a9c011404a.yaml | 12 ++--
 ...5814-7d771013dd99d35b0d7273344b75ad3f.yaml |  4 +-
 ...5816-6edbfbf441adea692ef285720c58a9cd.yaml |  4 +-
 ...5817-673bbf1cbb44b5f720028f2010c7e907.yaml |  4 +-
 ...5818-8e499ffbdb5eeef7ac0a6adb29663778.yaml |  4 +-
 ...5819-3a1e41088675792a5f4e28fc34263cd0.yaml |  4 +-
 ...5820-8e805369c6f828c8254ff169ce6c85f4.yaml |  4 +-
 ...5821-3c7165ed170542d9a48b7ebd75bdcfa2.yaml |  4 +-
 ...5826-04bb16712ffe510bd42325a97d792814.yaml |  4 +-
 ...5827-9390ac5e66dccc4c03531e3f70a3187f.yaml |  4 +-
 ...5829-9a16f7dd8fd77a0633f39e5cb1c0fe95.yaml |  4 +-
 ...5832-7b1133cf795e5004c4eb6459afb4af96.yaml |  4 +-
 ...5835-da56011233283b841dd7c13f7f29d7e9.yaml |  4 +-
 ...5836-6855332cd5767d389db903e31b1c4f88.yaml |  4 +-
 ...5839-054cca949d3d20e70e41393d4d7ba0fa.yaml |  4 +-
 ...5839-d23e433446769426d4aae17f6fe2a04a.yaml |  4 +-
 ...5840-ade8d23b5006403a0ff80adcff26f453.yaml |  4 +-
 ...5843-f451ba2e71b9d178f196c4bee4c708ef.yaml |  4 +-
 ...5844-a4e88b3da711b27ab40f6efd4bb4e5fa.yaml |  4 +-
 ...5845-01aa5492a4b5bc7532a3a46a182927f8.yaml |  4 +-
 ...5846-bf2853efc06d31fecebbff0926f79cc8.yaml |  4 +-
 ...5847-475773ebaa71f55189abb950928342c8.yaml |  4 +-
 ...5848-e13fa86cb5f0a76818b71a18a333569e.yaml |  4 +-
 ...5849-860fdeef59df60170db304dfbf6f0b2b.yaml |  4 +-
 ...5850-3dfe4a41b3f6685dbbc11ea86f232a73.yaml |  4 +-
 ...5851-2207307382a7e5b71273a639c041b28d.yaml |  4 +-
 ...5852-14ef39181771488f76a78ebc7f182128.yaml |  4 +-
 ...6175-48cf291038d407d0c14437de80bf836d.yaml | 12 ++--
 ...4619-4f0e3223d5ea7b01c767c6e564ea2ada.yaml |  4 +-
 ...4622-4d7cf09bd61a740d1d041e4a547bb223.yaml |  4 +-
 ...4623-fada6798d03eaae704cdbb04f45c1dff.yaml |  4 +-
 ...4624-ee05a64bbaf03a516917796674375367.yaml |  4 +-
 ...4625-de60bb7a2d8edb4c8b70880b7d8f6006.yaml |  4 +-
 ...4626-d66ad8d87de6007b46efcadeba262d7e.yaml |  4 +-
 ...4627-178a0b2872232b9ff07f79c6391e0625.yaml |  4 +-
 ...4628-51e05e1842b40dddcacbdfa060eb58f3.yaml |  4 +-
 ...4629-c1072dc6be25d5ca69ffa07a2d068093.yaml |  4 +-
 ...4648-68309fb63b5db886058ca866de7b117b.yaml |  4 +-
 ...4649-2124f2372d43d33c582fb413bf11d2cf.yaml |  4 +-
 ...4650-77bff58a02745412cca836e0af8ecf6c.yaml |  4 +-
 ...4651-421ff303fd144872eafd938e0ed53208.yaml |  4 +-
 ...4652-5826ca6dc34aaca6ed2393f60977f5a4.yaml |  4 +-
 ...4653-601f7b212435b0908f5157de31e9c323.yaml |  4 +-
 ...4654-99e94192bf6d19eb379533764c917cb6.yaml |  4 +-
 ...4655-229b28e3351ab434cc4be3a1c3322160.yaml |  4 +-
 ...4656-1085089f2339a1b75325ca6667c1e32b.yaml |  4 +-
 ...4657-52f3f56cac58e66f1b3bbe271591fbea.yaml |  4 +-
 ...4658-cd17a32212236705de6be45ec4d31053.yaml |  4 +-
 ...4661-b224632750bfc8c01cfd4c8878280cb5.yaml |  4 +-
 ...4663-44b1b2f0eb9245a5807308d2327328e8.yaml |  4 +-
 ...4664-c7884dbfd12febc95a975f955686dac3.yaml |  4 +-
 ...4666-d5d53242307fbcb60f1d07b6a75cb319.yaml |  4 +-
 ...4667-507b936e6df45800b9063c2207c957aa.yaml |  4 +-
 ...4668-e2ec209c741fed7cc95066eb8c9d077f.yaml |  4 +-
 ...4669-add895115f53c9c7df4b8eacc636e203.yaml |  4 +-
 ...4670-ca93f191e3639f84afcc1a9b1fea599a.yaml |  4 +-
 ...4671-4706d1b1438785969ae30d4549fd166c.yaml |  4 +-
 ...4672-02744bc958048e60b6fe8becee3f2311.yaml |  4 +-
 ...4673-bc63c69c92e0f2828459114bbefab4b4.yaml |  4 +-
 ...4674-747cb2b72097d91ef1564458b7d2e373.yaml |  4 +-
 ...4675-cfdb8d7325e93947d2061002a4b258f4.yaml |  4 +-
 ...4676-8b5e55916d6d52550d91a97ed666547f.yaml |  4 +-
 ...4677-8015d391de62b785680b52c5ead73093.yaml |  4 +-
 ...4678-d10130ec70ac5e95df8a68d13ca495cb.yaml |  4 +-
 ...4679-e7037db773bf01752d04e36ac2a2c9a0.yaml |  4 +-
 ...6796-04585caadf98109f09006297093db829.yaml |  4 +-
 ...4680-b4cd17df95bd140cf7c61464c7525ad6.yaml |  4 +-
 ...6800-eaef067d144406da863b2f1698405be1.yaml |  4 +-
 ...6804-8972c0084426af137e3ac2a4f9b562c5.yaml |  4 +-
 ...6807-9c2789fd4f31da6a3e682d3cde6291b3.yaml |  4 +-
 ...6815-f546949dea525a0c95c8895c66b00552.yaml |  4 +-
 ...6816-7075591051dde0bd8bf5f75302619dd9.yaml |  4 +-
 ...6817-b142fb65f777c01f09af0b6a529becd3.yaml |  4 +-
 ...6819-bbd95e8edaa114935e8c46570e7cf3d6.yaml |  4 +-
 ...4682-6dc5d6d271c910589d9f7947458f0df6.yaml |  4 +-
 ...6821-0f6f97ec8d1cc89cf7cec3ff35c09656.yaml |  4 +-
 ...6822-4d6bafb19843bc6d71a91327064ee112.yaml |  4 +-
 ...6838-05e6db992de66a60c66b532d0b52e5c0.yaml |  4 +-
 ...6840-497602ea4705020cbc78a0b19d427eba.yaml |  4 +-
 ...6844-32884b4069e08a6e3a456b6d9b5e62d6.yaml |  4 +-
 ...6845-cabe168b618270b5c6e54c5ab98ed27e.yaml |  4 +-
 ...6848-586527cb70d024f19104907acee04683.yaml |  4 +-
 ...6849-90c5798f111069225c0a9b9bba314556.yaml |  4 +-
 ...6850-1f6ddf0ce56b9b9d3d870c2c339aeff1.yaml |  4 +-
 ...6852-fe0115e4206583520304b505b1843190.yaml |  4 +-
 ...6854-e9635d2750ec3cdec7963e531110e8e5.yaml |  4 +-
 ...6855-03f17f31cd71196d3e8108e1dfd1705d.yaml |  4 +-
 ...6859-9cd804229a710db23428eb806db45e23.yaml |  4 +-
 ...6860-ed44a5e289d05299409a4dd60c060b57.yaml |  4 +-
 ...6861-7d4c259ea0aa11707d8270b3e5db8568.yaml |  4 +-
 ...6863-54c83422727dbe8ec911e59f2a60998f.yaml |  4 +-
 ...6867-09395db7be64b2d03b62fa45ed0398d7.yaml |  4 +-
 ...4697-c25b123faba0bdec0e1756161a7f2a1e.yaml |  4 +-
 ...4698-faa5c662684f3e34d87e4c432d1f9f4a.yaml |  4 +-
 ...4699-6833c69669f3b6c1ff537772ca9a9c7f.yaml |  4 +-
 ...4706-c0043e4e0fc4abc274a0b7326af041c1.yaml |  4 +-
 ...7137-87a2603e70828cd5276b845c0ebcc6ab.yaml |  4 +-
 ...4714-9b4ecfa65ce2bd75653c853011940f82.yaml |  4 +-
 ...7142-957e023e162fd65b104346c605f19c7a.yaml |  4 +-
 ...4715-8afca71d6fa766e9a24060d9214388e1.yaml |  4 +-
 ...7150-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml | 12 ++--
 ...7151-cd695a94c9ddf898661512e7b5a151f2.yaml |  4 +-
 ...7155-5a964b37d1f769e559a3b5969ea09bec.yaml |  4 +-
 ...7157-0b1be450ec6216c739b3d0139ea02732.yaml |  4 +-
 ...7158-58928e38edbab233a84020a472a44caa.yaml |  4 +-
 ...4716-3f71ab9bea10d44c97baaae5fd797060.yaml |  4 +-
 ...7160-f8238c64411cb9dd2c01251b0ae0655a.yaml |  4 +-
 ...7163-83d9cd71e386193f00255f0781416f64.yaml |  4 +-
 ...7167-d47618ad7b3ff873ed22aa3e5efab3e0.yaml |  4 +-
 ...4717-4e10d6d81d87afd9b8cf214ddcd496ad.yaml |  4 +-
 ...7170-ba7ba7554cf607d5d507c2c2d4751a5b.yaml |  4 +-
 ...7171-80529a3b54852ed1b40d1078928149a9.yaml |  4 +-
 ...7173-78c3981cb87a9d312796397fd5fb8a1d.yaml |  4 +-
 ...7176-69e238d5564cebaab229183900098117.yaml |  4 +-
 ...7179-d0ac90c02958fd486fae19ccf9cfd8db.yaml |  4 +-
 ...4718-76176e7d0b3c59c6f85d0f00865be579.yaml |  4 +-
 ...7182-63a838c07fa7f4dbcc749cd4ec305acf.yaml |  4 +-
 ...7183-b62755f81eca9dc431fe91f1c1c5e844.yaml |  4 +-
 ...7420-32de7cdd0bd82a27d1f9a9185ff54e70.yaml |  4 +-
 ...7421-41830c974de1f3419028654a94a429d1.yaml |  4 +-
 ...7423-21fdda375898746027e6f9dda342b8cd.yaml |  4 +-
 ...7425-e36fdcdf09b5a64eac64f879dc48947d.yaml |  4 +-
 ...7426-17731af892dc35dbe7d98abcc5958a1a.yaml |  4 +-
 ...7427-aa680f4ce8dad5699d078d5a407ddd10.yaml |  4 +-
 ...7428-e44a87677c68a494baa8ed72b523a10f.yaml |  4 +-
 ...7430-be2315835d7b2267c9fa00b942855a61.yaml |  4 +-
 ...7432-568ee8060d1c0b8a7ff761ffdaf606b0.yaml |  4 +-
 ...7434-9d9c7f9cf0e3be8bd05b705703e8905b.yaml |  4 +-
 ...7435-57987a7ef285cce42daf7bbeebe78cfc.yaml |  4 +-
 ...7436-3cae7fcdb0832a80c22b613ce2425d20.yaml |  4 +-
 ...7437-02b515a3d90192b157fb5edc5ea88a55.yaml |  4 +-
 ...7438-d11c386e86541e81dcae4e94a2860a10.yaml |  4 +-
 ...7442-8d1c622642cdaf2469921f84335dfe12.yaml |  4 +-
 ...7445-7d6d3ed82fbce25bd8d4d72adc5dbb85.yaml |  4 +-
 ...4745-64194ddc20aa7461447b4d03da264c07.yaml |  4 +-
 ...4747-048a39e7d237e8f103e054f25cf72eb4.yaml |  4 +-
 ...4749-bb6c1374b9c3f1f7e4fbd5d4ecd1156f.yaml |  4 +-
 ...4750-6ee9ba365ca511bfc329f7df63da810e.yaml |  4 +-
 ...4751-367b7f8831e5629ea2336d98cf86a14a.yaml |  4 +-
 ...4752-59655d2ccadb8aa0cfd1aeca8138f97d.yaml |  4 +-
 ...4753-6cf87515d30763cb39f9dddd78a854d6.yaml |  4 +-
 ...4754-97fb5b5839a832ac7ff02fb0d708c5d7.yaml |  4 +-
 ...4756-8e4fe58479cedd644fbbd3b418e0b682.yaml |  4 +-
 ...4757-b3a8e8167569aa6cba2a5950875c8b0e.yaml |  4 +-
 ...4758-7e3117bf0f4e61f1c6678c5ed0029bc5.yaml |  4 +-
 ...7587-48d179450e001d6e5bb006bf4ba5d2a6.yaml |  4 +-
 ...7588-8c2e6071ee4d4b147b6cf4ef074e12d8.yaml |  4 +-
 ...7589-7f12ff16273eb990bb45ef4156cd86e1.yaml |  4 +-
 ...4759-f31fcdd6accb0c61ba4b73c6a548d97d.yaml |  4 +-
 ...7593-fdaa7c7a6a16dd831123dd45077162f8.yaml |  4 +-
 ...7595-8c03b52626997e166cccabfb7426db2b.yaml |  4 +-
 ...7596-5a62a90392d8e5e62d1e1ad4b9531478.yaml |  4 +-
 ...7598-39af241a774d2dcd3cc32b6204b6cb7b.yaml |  4 +-
 ...7599-48a8d2f0d5a63315df776c831690e09c.yaml |  4 +-
 ...4760-5e1a23f981a78be569054daae1a85203.yaml |  4 +-
 ...7602-63379065ec53581cef23820054e2a064.yaml |  4 +-
 ...7604-4fe952dc4f33b2225826338b2a3f9203.yaml |  4 +-
 ...7605-c4be63bba4a89fa3e83779737577feda.yaml |  4 +-
 ...7606-e46a5a03ceb7f18070858cdd9f1f8b5c.yaml |  4 +-
 ...7607-650d3965dc4c579880213651d87a4777.yaml |  4 +-
 ...7608-f442fd7af4f1450884ccd37204471581.yaml |  4 +-
 ...4761-689bba03a0123069bb521d413df5bf54.yaml |  4 +-
 ...7610-5bcd1f7720b268a32568c458d817b9bf.yaml |  4 +-
 ...7611-4ebc9d9cf2e6c0b8863f7b05c2ec1bcd.yaml |  4 +-
 ...7613-e91e697ef1f971cda16c40acfd5a2dfb.yaml |  4 +-
 ...4762-41bbba0b761effafe973f064cede1988.yaml |  4 +-
 ...4763-8616181357e5ec901fe630838e957487.yaml |  4 +-
 ...4764-f7783b1b95259bfc99e8cabc59fcdb30.yaml |  4 +-
 ...4765-4d83bba8058d5550f9120708c18d4b23.yaml |  4 +-
 ...4775-0c1c0e5907f82c480480fd236d7507d7.yaml |  4 +-
 ...4776-16f9ec159f7aada4bb87cabf3c4d9411.yaml |  4 +-
 ...4777-0063be3832ab01645d83916172a49901.yaml |  4 +-
 ...4777-1c682460ea1b975e2214df2ecfd2a316.yaml |  4 +-
 ...4777-3cdf082bedfada27b24599e0f1cfd2ca.yaml |  4 +-
 ...4777-4162fc0aa9f89a19a3b0d9a16f341e8b.yaml |  4 +-
 ...4777-548b1bf05be2eb1395c8483d4525a9fd.yaml |  4 +-
 ...4777-56e13ca8937773de3612c03bb63c62f7.yaml |  4 +-
 ...4777-5baab614c3a64c60d1e33947fef5d35a.yaml |  4 +-
 ...4777-9fb1ec0e705e68a81b6b6afdf66e55e5.yaml |  4 +-
 ...4777-b9a97b0935a5ed2529aec7b450e17238.yaml |  4 +-
 ...4777-dac296fb931bf261709dca85eb4e38f9.yaml |  4 +-
 ...4777-ee646c363ad3189cf7438d75312013e3.yaml |  4 +-
 ...4777-f8952c598fe28f01e932d940cff08de2.yaml |  4 +-
 ...4781-3091ac7532eaab098f714acca62716d7.yaml |  4 +-
 ...4782-b375402f4d94456be8a455efbe0b59a8.yaml |  4 +-
 ...4783-b830431516693664401f38e9ff6fdd82.yaml |  4 +-
 ...4784-9b8d61323342cf7cc549ce8c8f2716e5.yaml |  4 +-
 ...4785-24e6c274146f1f712f8edfca9e42b8b8.yaml |  4 +-
 ...4786-cb800bf450a42c7a99ab39154ac260ab.yaml |  4 +-
 ...4787-7fb1bb76537e399dfae9ca2dc54c6a8c.yaml |  4 +-
 ...4788-ed0ef3463be2d5aaf2ed1f44e5427cec.yaml |  4 +-
 ...4789-0ee2773c0417239ca9eb51cc09f9c94f.yaml |  4 +-
 ...4790-1f645d98bf29f7b2e378ac42457eb0cd.yaml |  4 +-
 ...4791-ba63b488e2407e68ac5be6c07d4b813b.yaml |  4 +-
 ...4792-95eff066a45135b12edbc92f481f5d74.yaml |  4 +-
 ...4793-c371054500c25911223fb4e88ae17274.yaml |  4 +-
 ...4795-603a30eceae4e23d58fec3225b0d2f29.yaml |  4 +-
 ...4824-8bfdb58ec24e0630da2bd7f7847728ae.yaml |  4 +-
 ...4825-d3ed4033e1c7b404f15d64bf377cadc7.yaml |  4 +-
 ...4826-6284e6441b25b9ea2f8b947793590242.yaml |  4 +-
 ...4827-d83c363445764249cee1964637302b09.yaml |  4 +-
 ...4828-263cb8027fbba6881585c49ec8985e2c.yaml |  4 +-
 ...4829-de70b1243fed8f47eec92e24941c2439.yaml |  4 +-
 ...4830-cc7679b7eedbbcc9700c025bd91811bc.yaml |  4 +-
 ...4831-f1d7c5edd451960671d8bd82cadc646e.yaml |  4 +-
 ...4832-dff478252e53a4d48eba850e27632073.yaml |  4 +-
 ...4833-7b03e9c7a48a7a487481072b229c74d2.yaml |  4 +-
 ...4833-7eee22ee9d7eafb911cff5c522c34cc9.yaml |  4 +-
 ...4834-e983f7dc1644cbc367524173b0bfd556.yaml |  4 +-
 ...4835-b594ed2c30b3954ae4ee7c97ed6645b0.yaml |  4 +-
 ...4836-27fbae7541522bd11e17939b8913ef50.yaml |  4 +-
 ...4837-1cb9694a410b975eefa3459fd9bd670b.yaml |  4 +-
 ...4838-ac790c964325ea0370bae2df48218a78.yaml |  4 +-
 ...4872-a49761e8700910d2b10517900bb96f1c.yaml |  4 +-
 ...4888-7f2753bfc2a0c6bb0434db7d475ab03d.yaml | 12 ++--
 ...4905-1aa8a227283e43da0f41a656224571d0.yaml |  4 +-
 ...4931-f5711bcfafc45228fc0a872f3e3fae05.yaml |  4 +-
 ...4932-faa8cb9cb5e4fa47467175ce98c14091.yaml |  4 +-
 ...4937-0c52b9ced5fad811a9c32501960e026a.yaml |  4 +-
 ...4946-0259b7e0abb7a82246638a669050bc8a.yaml |  4 +-
 ...4948-473a1cc0b0ec6c93a83a85cc6eeee218.yaml |  4 +-
 ...4949-76eba8cd8a4e862710149dc77a310969.yaml |  4 +-
 ...4950-218c9a934953359a2e2d8f63be0a287c.yaml | 12 ++--
 ...4954-8c1942cb96af03432bec152c3b3fb8a0.yaml |  4 +-
 ...0033-c8829397a00680f2b905cec73a59a77f.yaml |  4 +-
 ...0034-d9a90b73211e016b68ca1b3072e7a420.yaml |  4 +-
 ...0059-87cb25b1c7747f5af4e409cfd05ed832.yaml |  4 +-
 ...0060-a609881cbf31d06f5f3320cc98e71e76.yaml |  4 +-
 ...0061-e8b437aec6c6d5cf835be562d11e2a03.yaml |  4 +-
 ...0062-c623741b8b5dbd96eac005af1ef14987.yaml |  4 +-
 ...0063-6c1c86676b3f6a00f366fd4021465d09.yaml |  4 +-
 ...0064-a04fa743a93c3af81940f7c153cec33e.yaml |  4 +-
 ...0065-5c4c3c093dd69f631ab63d22386e6148.yaml |  4 +-
 ...0066-c4c4cf320f9d5a30f314d45c9905f1fd.yaml |  4 +-
 ...0067-2049615ded6008298be273ad480dccbb.yaml |  4 +-
 ...0068-bfa3bdf21b692d54c0876a9ef34f70f6.yaml |  4 +-
 ...0069-75529ea91935af94487230f89ef485d5.yaml |  4 +-
 ...0070-7dc366f5379f56890e8af348e04eb10f.yaml |  4 +-
 ...0071-e352fc57a2782b7212eb2f2b84743eba.yaml |  4 +-
 ...0072-e8bc31ae76ca92a9ee7834937815ba80.yaml |  4 +-
 ...0073-119ed13ee8d9c38858fd75fb1eb0a4cd.yaml |  4 +-
 ...0074-78c7195ce152d6d5bdeab7f38e20a1db.yaml |  4 +-
 ...0075-b196a1a5480d68e35f21f441524da412.yaml |  4 +-
 ...0076-6f48b6d420d1eeb4f46e78496cf4eb1b.yaml |  4 +-
 ...0078-3cd33ca20c9c9eda3e3eb14910cde0f4.yaml |  4 +-
 ...0079-33080b0d5149a7811a842330fcd02a9a.yaml |  4 +-
 ...0080-03f52e4edfa7408cb52c9d72fc195004.yaml |  4 +-
 ...0081-5d2c8f0682b9df406ab0b4c99151d03e.yaml |  4 +-
 ...0082-0afedca0afb43a5850c9c8a9aae6b215.yaml |  4 +-
 ...0087-ee107d9cd894fe54bb677ea3e5052c7f.yaml |  4 +-
 ...0088-94a65bcd2f84366f6216e3f9b19f7582.yaml |  4 +-
 ...0094-21d62382cf0e1f6a821aaecd2963e3e4.yaml |  4 +-
 ...0095-13ec2bdc85df7c3571b35167e7c009d7.yaml |  4 +-
 ...0096-74ccbff13cedef341c14f509a30bb49c.yaml |  4 +-
 ...0097-b852d5115d07ebbb3d6948d1d5619495.yaml |  4 +-
 ...0098-f2a5202240be9077b802b53424bd6267.yaml |  4 +-
 ...0143-fbdeefe8fdc61a2e9093fee1505ec5f9.yaml |  4 +-
 ...0144-828638ea1963a58b890deaf22836b2cd.yaml |  4 +-
 ...0145-dbff9a993e10a4f80cd4718f67303541.yaml |  4 +-
 ...0146-f4ee020375ee3d79fbe799a7df61d461.yaml |  4 +-
 ...0147-5ba06f6e9e576d3b96edab291a35b673.yaml |  4 +-
 ...0148-9266ca4886b0c646b2489433a5137061.yaml |  4 +-
 ...0149-a32e0707f724d294df7bedd19626586f.yaml |  4 +-
 ...0150-8f88ca251b34c3f9441215db0d0eb986.yaml |  4 +-
 ...0151-17199c68a13d9adf35ea73d24856f5f8.yaml |  4 +-
 ...0152-f8b65cf3e0a27eff31bc4c61ee628d1e.yaml |  4 +-
 ...0153-eaecffa52785ff552863c4cf8f09811c.yaml |  4 +-
 ...0154-164be8fbabac441285f1a369205bd8e3.yaml |  4 +-
 ...0156-7195efc84ea5b8977b30b3313bab7ab8.yaml |  4 +-
 ...0157-c43c8e4dbb43df481e0c6cf7578539a9.yaml |  4 +-
 ...0162-a426d8604178ea06fd441814d816d538.yaml |  4 +-
 ...0165-e82bd49c08eee13d3a8a750e759d2e98.yaml |  4 +-
 ...0166-b143f95f119acbc330075f594bca9125.yaml |  4 +-
 ...0167-318af4e7ad8fddddeacf6d8489b19638.yaml |  4 +-
 ...0168-d767c0b5d303daf65b04ebec294c7e3f.yaml |  4 +-
 ...0169-fe0f3dd2df39b34940cdb1e352238936.yaml |  4 +-
 ...0170-1ab07ec0caa3cd50e192c36d8dc28388.yaml |  4 +-
 ...0171-cf29ff4800b24e4ea96e524c408240d8.yaml |  4 +-
 ...0172-1856c5e867bf1d120f63e6e0b7edcd33.yaml |  4 +-
 ...0173-c470f8f5625ce2e9f7a4e073bc31fb3b.yaml |  4 +-
 ...0174-05c834cda01a386b0744c30fe4c1b224.yaml |  4 +-
 ...0175-32a522f1c04399b883d41fab9d9aff30.yaml |  4 +-
 ...0176-0df72c1ea599347d49ac94e58a15317d.yaml |  4 +-
 ...0177-98df1be3acb90063bf3d77ddbcd92918.yaml |  4 +-
 ...0178-633a7d922fc914b18ddc7d21035ab39d.yaml |  4 +-
 ...0212-aedd5bdd6732fba44f64193c96bef864.yaml |  4 +-
 ...0220-38e29be67779459d45a16e8dcf062abc.yaml |  4 +-
 ...0230-c77161a5bde1c663570a6c8d07d1524e.yaml |  4 +-
 ...0231-2f369022c90ab11184f498c7e18175e1.yaml |  4 +-
 ...0233-0bd5595821e6e021ded7947ef04d5401.yaml |  4 +-
 ...0234-97e524444c79464d138f78b1bdccb0af.yaml |  4 +-
 ...0252-ab86f3a4c1a5f2be4ec7926458a9f257.yaml |  4 +-
 ...0253-2a7a5a205e77ded07268b829f167efa8.yaml |  4 +-
 ...0254-c2be66a7e8a99421d368476b2dea75ed.yaml |  4 +-
 ...0255-dead64d1305225210f2390b6b61b5201.yaml |  4 +-
 ...0259-63e8aaca3bf1d75703f616e718360745.yaml |  4 +-
 ...0260-33420cd1d54a09491bc3d21e0f948bd1.yaml |  4 +-
 ...0261-5aea692cc96187a31807c0f2f26416eb.yaml |  4 +-
 ...0262-5f97cab1c787955760a43df34e0be9d5.yaml |  4 +-
 ...0263-aea7c598ba9d4fa4ffd8fc15ef6dd40c.yaml |  4 +-
 ...0267-5829eead4c96879234a4f24b2d7f9ad4.yaml |  4 +-
 ...0268-e462c11578c3d7efd1d373387e69d961.yaml |  4 +-
 ...0270-f801c1aeb4734b7133d474f559fadcb5.yaml |  4 +-
 ...0271-7e2bbcff98524a357bbf2e605454a087.yaml |  4 +-
 ...0272-1873bca252baceb5719ad4cfda8c952f.yaml |  4 +-
 ...0272-2d88339f87e8f539294930b47234f049.yaml |  4 +-
 ...0273-fe4470deb32fffc7ae711831b5c4f60c.yaml |  4 +-
 ...0274-89a1787cccb90fd10317497361aed1fe.yaml |  4 +-
 ...0275-c10b1142778769e9493bfb35c88879e4.yaml |  4 +-
 ...0276-d8d38e7154b358bc9b031a2ad78ce806.yaml |  4 +-
 ...0277-6351a80c46e754ccfc255c93464a7133.yaml |  4 +-
 ...0278-db82d66ee6f616f5c7fafadef247b8d1.yaml |  4 +-
 ...0279-1749acb4ff55d423ebb0f0a82a7c5808.yaml |  4 +-
 ...0280-d246c52e9d4725c7b245a84d679cf9a0.yaml |  4 +-
 ...0282-3989a9901d352d6a2f1182e6cf00355e.yaml |  4 +-
 ...0293-d708fed52a98da33c7b5f777938fb90a.yaml |  4 +-
 ...0294-0b95cfad1999ef6bac1ef79ebeeb624d.yaml |  4 +-
 ...0295-1d6b909d9b4a86a23d05301fe792416a.yaml |  4 +-
 ...0328-88444b55ba593f6267560d3998cc950b.yaml |  4 +-
 ...0329-7df4e23827630859e3a047cf49f19af4.yaml |  4 +-
 ...0333-6880997a756b467547a9370c60ac6681.yaml |  4 +-
 ...0335-4a71f65ecef18d04fe003f6a65b7d9e2.yaml |  4 +-
 ...0336-aef6ec9f420d3aef577ad115ead987ef.yaml |  4 +-
 ...0340-250d58918649c83e91a9349c1cb1cbf0.yaml |  4 +-
 ...0360-6c261a297dbcd9991a82748059272596.yaml |  4 +-
 ...0362-be668a1f67bf2032bc65bfbd87433e2e.yaml |  4 +-
 ...0363-29145e5db5dd5627b3607ea1e36f49b2.yaml |  4 +-
 ...0364-ba00ab2a2755c54cd7d0683aa28f5913.yaml |  4 +-
 ...0365-ecc9ca2eedeba9a7eb9cef5703953450.yaml |  4 +-
 ...0366-58b316530bd9635132dfd03a76f490ff.yaml |  4 +-
 ...0367-fa96acbf0fe29f0b0c48fe458fac9bfe.yaml |  4 +-
 ...0368-daa26206b4813de7be1eac00b5b9eaa0.yaml |  4 +-
 ...0369-1dba374d8f67142177f857791fc4897a.yaml |  4 +-
 ...0370-ea35e08ef79a30cf67846c992e562b69.yaml |  4 +-
 ...0371-db16305504754334b65159ac40ded503.yaml |  4 +-
 ...0372-a14026f64e5ecc9508ff272952e95205.yaml |  4 +-
 ...0373-e6a664a291db10911439b7200ec5f058.yaml |  4 +-
 ...0374-081112230905e11fac17a07fd3185d02.yaml |  4 +-
 ...0375-4e96720039ccc700f05ab77c703ff32b.yaml |  4 +-
 ...0376-6f075010900e43673686fc0d208260ff.yaml |  4 +-
 ...0377-53a6ab0ca5df0931f86a3cb0e36625b5.yaml |  4 +-
 ...0378-f9a2a8b78b336f59f7555c63172782ec.yaml |  4 +-
 ...0379-2d33cf6aadd9c85f7e657c07e30320a8.yaml |  4 +-
 ...0380-50401a72166a704fa2626edd9085598a.yaml |  4 +-
 ...0381-6a1e5a3fb07b5d9291ff1e62a0f08cd2.yaml |  4 +-
 ...0388-1fdf26dc57df471e3029b947067853d6.yaml |  4 +-
 ...0389-a7620f303af6467e51bdd4f84801b80c.yaml |  4 +-
 ...0395-9fdc305e956b483dd32edefc410a0147.yaml |  4 +-
 ...0399-fddf50b89fd6e037cc6266b73dceb03a.yaml |  4 +-
 ...0402-357fbb3649272b57b08a032d33621319.yaml |  4 +-
 ...0404-9bcf64c7dbe781ab40d3670dc81b8e8c.yaml |  4 +-
 ...0418-0c9e1bdf3a0788fe28746e6155355583.yaml |  4 +-
 ...0419-a7ddbb09fcd7198bac10f4c61d87a90f.yaml |  4 +-
 ...0422-6ee3ff55725bf2e5894fc0e814f92fd5.yaml |  4 +-
 ...0424-3b3f96c33b07ec89b36c294dbf4ced51.yaml |  4 +-
 ...0429-bc7de59ba516744b35b1924de01c50d6.yaml |  4 +-
 ...0431-466048d1971518e0b30eb580a52cc9ff.yaml |  4 +-
 ...0439-69c9678050af93b08d000bd2cd1bbedb.yaml |  4 +-
 ...0446-3f9ac076d173ecd9afccb09cd7195bfc.yaml |  4 +-
 ...0447-dd26803b22794f717e5726511579315e.yaml |  4 +-
 ...0467-129be45dc62378c19cbd82aa0287c865.yaml |  4 +-
 ...0477-eb2326275a758827f7cb2f8622cad6ce.yaml |  4 +-
 ...0487-fd075b6c9853246b5cc33cafcab17a0c.yaml |  4 +-
 ...0489-09f92d564944a33a7811dc40429fdb32.yaml |  4 +-
 ...0490-14de97dccf48252d3b3ac5a2e5d0250f.yaml |  4 +-
 ...0491-1a925f12b1905f4ad4c8d17bba7bb15a.yaml |  4 +-
 ...0492-1735d30fe988ff978861d4dbdb0c640e.yaml |  4 +-
 ...0520-8ca33f13028f0931d0d1467c7211048d.yaml |  4 +-
 ...0526-b16694416bb8375e384e3d9eb2224580.yaml |  4 +-
 ...0535-28e3179254b4fd139125a16ede646345.yaml |  4 +-
 ...0536-8e3ce96babe760c2cb16640799a8d0b9.yaml |  4 +-
 ...0537-95618d186dc4c7ea88896374745039e9.yaml |  4 +-
 ...0538-a735151e1a4f287ab4567ad75cce9a30.yaml |  4 +-
 ...0539-bb81738a1483724d89303a6a2b8b759f.yaml |  4 +-
 ...0540-876486fa06bffb3829a9c77f08f98e1b.yaml |  4 +-
 ...0541-2dfa9da72134b3fee9c376ecca6fe446.yaml |  4 +-
 ...0542-7a94ec5884e06f0a302f2bb4d1ea7e80.yaml |  4 +-
 ...0543-fa4a6ca6cb5f0ed29a506220c9fcc52b.yaml |  4 +-
 ...0544-1b107fac39fc60c6674fcf9f0d2a0f84.yaml |  4 +-
 ...0545-da8a9590fd2919ac3b910c3614df54d5.yaml |  4 +-
 ...0546-a7309b89079395b33b2cb7915ba03d32.yaml |  4 +-
 ...0548-243f75a6da65f6edc93ed6a1b9eaec80.yaml |  4 +-
 ...0551-f45bff66b36c1cb9f233929a488ca421.yaml |  4 +-
 ...0553-608358cb0a02728075caac1560a96687.yaml |  4 +-
 ...0554-f4c35f9c74d06655cf517936ec3bc387.yaml |  4 +-
 ...0556-9dbce4bd062a39cef5c1a852c279047e.yaml |  4 +-
 ...0559-6238c45309a73e1d06001135fffb48d2.yaml |  4 +-
 ...0579-f373bbafc03e475d3ffabbbd84f90eda.yaml |  4 +-
 ...0583-06ebadedd58b7ae3403fa022e6ae3a90.yaml |  4 +-
 ...0584-30ce892560143a1889e7a76a4e09b69d.yaml |  4 +-
 ...0585-f74b8b0e3c6cf42f9c7d68f58857b310.yaml |  4 +-
 ...0586-c08b2158511f440bda6243887c732dc7.yaml |  4 +-
 ...0589-074f8cb869df86a1b6d64a4a39d460b8.yaml |  4 +-
 ...0604-af40b53dc8c1c75f92915027f96fff8f.yaml |  4 +-
 ...0605-9eab813e12b4ac048e7bde30bc6ba691.yaml |  4 +-
 ...0619-d320263520ce22890af78fdf485478ad.yaml |  4 +-
 ...0630-d15c506a6326f67745ff7867b3d43cbf.yaml |  4 +-
 ...0631-286f920ff3d0f48835cc5b28e8181446.yaml |  4 +-
 ...0660-c9194ffc50bb3f8abe6f00ef14c4cdc5.yaml |  4 +-
 ...0684-3831d6e441ebd610665743a8c0a63dc7.yaml |  4 +-
 ...0688-1e853b05728a99a8747a224a5333ce69.yaml |  4 +-
 ...0689-5ca6c532bc755bf0bf6cce4098713b54.yaml |  4 +-
 ...0691-bd74a2b3418b2ca97de6f6d3609c3ea2.yaml |  4 +-
 ...0692-f16e74cd433857af6e0b58aa13a15fac.yaml |  4 +-
 ...0693-867cb44fcfb4a79db1df0d5c41aba304.yaml |  4 +-
 ...0694-cb9d0b1e1071125567f9f9731a764d07.yaml |  4 +-
 ...0695-2f98768ab3ca0c5e24ef32eeb6e8633c.yaml |  4 +-
 ...0708-7ec1193c499ff8ca62486bd031ee3b72.yaml |  4 +-
 ...0709-1cd960c12693f517a3ddc1f2dd996093.yaml |  4 +-
 ...0710-547f6d438086b7c901daed3b548b280c.yaml |  4 +-
 ...0711-414ea88c3052f2317af7072cb92eace3.yaml |  4 +-
 ...0712-84c888c9934970f66e3e629431140250.yaml |  4 +-
 ...0713-30f703a8acc3080fb74debd07614d86d.yaml |  4 +-
 ...0715-893145b250531536b2c0fa0f1e330f2c.yaml |  4 +-
 ...0716-0b0e708bccfb3aa959792527101f43e8.yaml |  4 +-
 ...0717-be4129faca04d80ed9ac385cd5b2bcc3.yaml |  4 +-
 ...0718-98f5671f8000cd41848d0242c4d503d1.yaml |  4 +-
 ...0719-094fc0c37d514333a53dda18143a300a.yaml |  4 +-
 ...0720-d79b94a0512e6933bbccf753fd89114f.yaml |  4 +-
 ...0731-18a9792159e3a4315eefb0545c165734.yaml |  4 +-
 ...0749-59a12b62de2e9aeb74cd74615dde1cd6.yaml |  4 +-
 ...0764-3c52a879e5c7f6b209aeea9f28acf059.yaml |  4 +-
 ...0765-123e18f5d341b41bb59091344f2c4c88.yaml |  4 +-
 ...0768-f27c37237edad62fdf365ba901d07da8.yaml |  4 +-
 ...0772-2e5b9dabe10dfc18a46871d43fa96491.yaml |  4 +-
 ...0820-be510149fd1b62e5b5bb38762ffb0573.yaml |  4 +-
 ...0823-4871efeec934efc06ef8f938e4a88d59.yaml |  4 +-
 ...0844-04f146ec33992e5efff05a0bd40f659f.yaml |  4 +-
 ...0865-af4d8c78cfc5d18ffd2467d3a5581338.yaml |  4 +-
 ...0873-437b56ebf4aacc7667a38732c9abf4be.yaml |  4 +-
 ...0874-f10af2927781e57c830660efc5735cb4.yaml |  4 +-
 ...0875-8f211e542f6f3ea8f0872b9525089564.yaml |  4 +-
 ...0889-0ca0bd9c39bf258c51c77483b135b8f5.yaml |  4 +-
 ...0890-051c86487ea054ab8374342c3d7fd783.yaml |  4 +-
 ...0891-295c71d391fe6f97f05c0f5bc739be92.yaml |  4 +-
 ...0892-84478af058257dde74ad587387b8e0c5.yaml |  4 +-
 ...0893-49fe99f51fd3a93a572d1c7ee54d4741.yaml |  4 +-
 ...0894-fe4c4bb2122cdad1871934e83ec97820.yaml |  4 +-
 ...0895-d4baf5319f8e6cff227085b65be4db6a.yaml |  4 +-
 ...0900-55621d6fc615b8d4a345ef4a0a4b8e73.yaml |  4 +-
 ...0911-88b0cb27fd508341f3181a16f7fa23a3.yaml |  4 +-
 ...0924-d9e5ab172446fd3be8d4dddf9dcfa63e.yaml |  4 +-
 ...0955-4ab5b9d0741d36fdeb0d5b8e06672d39.yaml |  4 +-
 ...0958-25a10466c42d47292b8a71c862e9a26a.yaml | 14 ++---
 ...0993-380d905325ab5069c99a7e476a1a4f89.yaml |  4 +-
 ...1016-18457ce0add8e02185ec82dfe3cc1c14.yaml |  4 +-
 ...1019-0aa92148d99c1bca8d88494c39b853c4.yaml |  4 +-
 ...1021-65248f15aa94ab7dabcc81cdc7d86180.yaml |  4 +-
 ...1022-48db89bfccb085b8a9e9bacdc76c0af1.yaml |  4 +-
 ...1023-a77598a8619865ebfa5a440835fd61e6.yaml |  4 +-
 ...1024-2f2d8b93ad701e19ec6f3207f936eef8.yaml |  4 +-
 ...1025-1057cae23f85520832f9b7c2f9fe55c7.yaml |  4 +-
 ...1026-eb91f445c10e82b7c3e98be1062a0e24.yaml |  4 +-
 ...1027-051ffefc51104be6bb17d2b5cf41b941.yaml |  4 +-
 ...1069-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml | 12 ++--
 ...1090-4f005a53f32a91b958c425e9676f1ab9.yaml |  4 +-
 ...1110-04f24d8a77ed9613e08490a191c4df98.yaml |  4 +-
 ...1119-4393e503b4c5e360e86d4cf75de99b91.yaml | 12 ++--
 ...1120-c518ac9593781d65f764a219f04b0aec.yaml |  4 +-
 ...1121-3d832eae81d276110b2fb05b6aea23b7.yaml |  4 +-
 ...1122-fece4721182fa2d84ab761adf04133ca.yaml |  4 +-
 ...1124-00935a43a6eeac3216e5733aff1322b8.yaml |  4 +-
 ...1125-9346f7a9d2f3883e949e211cd3195670.yaml |  4 +-
 ...1126-6baff9c0f37923203f19e1b9ed3bec89.yaml |  4 +-
 ...1129-0b46297c5a1cfd566b6a7dde332d02ec.yaml |  4 +-
 ...1155-2f7ae6b5d7fdabeafa201dc90bcb50c1.yaml |  4 +-
 ...1159-1609915cce06136e2f0af7da1d5a5d40.yaml |  4 +-
 ...1166-0a55a8c44319eebd91a4589219732011.yaml |  4 +-
 ...1166-50ee1df3b648d8ffe7c8bf72d2de42cd.yaml |  4 +-
 ...1169-1ec906f849b052ad86a65e59b4ad588d.yaml |  4 +-
 ...1196-5ab0380f0225cb3f813fd2faf9e0804b.yaml |  4 +-
 ...1207-5f2adc5ca6dedc40903aa1f1e563d920.yaml |  4 +-
 ...1208-15a164b8d7acefaa3a7ae7d37647554e.yaml |  4 +-
 ...1259-28e170e893975e3ad314a1e6dd206e77.yaml |  4 +-
 ...1273-bce590a02f073327d2ec7a566a982db1.yaml |  4 +-
 ...1274-ea2779881d033f74603b414138c61a0a.yaml |  4 +-
 ...1323-53951cc6c6fc3a1b6dbee499dbf71331.yaml |  4 +-
 ...1325-fe922fd0e38d640f64cea8429582a5c0.yaml |  4 +-
 ...1333-9a0b6c64179538a07b644a9798c3ccee.yaml |  4 +-
 ...1334-2a1f9d077aaf4e3fadb41e60e62e6854.yaml |  4 +-
 ...1335-dea1282ba49458404fbdca77bb502b69.yaml |  4 +-
 ...1336-7fabd60d3b2198be95329f47bacc886f.yaml |  4 +-
 ...1337-76ac5b6d638212e0347ed800db5531d1.yaml |  4 +-
 ...1338-a0e3ff5d3be6b2d76d2f97e392703cee.yaml |  4 +-
 ...1339-0fee961f47a5a9afb9a972a5a5342a98.yaml |  4 +-
 ...1347-6aade0ab1cd3e84f1c328d12c13c28e5.yaml |  4 +-
 ...1374-a159294bbf51e0b7e5b555bc0921d9bf.yaml |  4 +-
 ...1375-528f5db23cd029b151a95682806084f9.yaml |  4 +-
 ...1381-9ba2b29c37ba8aee356eadac5eafa36d.yaml |  4 +-
 ...1400-042678d5382067c26f9d9ead263e484c.yaml |  4 +-
 ...1403-13c73556a747c83cbb4df9719464f4fd.yaml |  4 +-
 ...1404-0e821b289513241b63396beff87653b4.yaml |  4 +-
 ...1406-1671dddc3e7743782d8ec72b0e2ab60c.yaml |  4 +-
 ...1408-0641eb85b540308df0a59914e6860d1d.yaml |  4 +-
 ...1414-30df02f445ade717ac7c0e2991062171.yaml |  4 +-
 ...1420-83c0864a3df9b4d7703e76d7c2b55658.yaml |  4 +-
 ...1425-5c29a3cc888c2b8f4800d87269906f2c.yaml |  4 +-
 ...1426-b470f5de6fb2ae7a347b8e6eaf7d8ee9.yaml |  4 +-
 ...1427-be54fbb88b07e1793c0aea3459743537.yaml |  4 +-
 ...1469-ba0174f27e21e2789733491b8587f8b7.yaml |  4 +-
 ...1470-90a088835020a5c787dfade0eee8a2e0.yaml |  4 +-
 ...1471-10b51d35ae6aafbea477ae24a9c22ccc.yaml |  4 +-
 ...1509-99958bc5af6b387619c59f0368c5fbd3.yaml |  4 +-
 ...1525-dc0678502bda1f209b1b74a11263e93c.yaml |  4 +-
 ...1549-e9f3d7aebb0ed7cd4a6a52dea34e70b2.yaml |  4 +-
 ...1554-e5b4920cbbb8f5f8f7e1a259b30101c9.yaml |  4 +-
 ...1575-3c9418584b935e41a1f48b31c0a5f181.yaml |  4 +-
 ...1597-e9eec5a929c2311a5540a7010e91443f.yaml | 18 +++---
 ...1602-6098ffaf0f2018e72b2fddb1b0994b64.yaml |  4 +-
 ...1614-050cddb029ad5e41b8d75ac57910a3a4.yaml |  4 +-
 ...1615-6cf0838d8f56929452bab2f8ff3f1bd8.yaml |  4 +-
 ...1649-711d5e4371b5307e83aafa75e094a16d.yaml |  4 +-
 ...1651-f715c92150b63b8634910eb743badf7e.yaml |  4 +-
 ...1660-5ef5a5a8c6cb4692922673fc79eb4970.yaml |  4 +-
 ...1661-7d1a4c06854607da91f0cfd973b64e55.yaml |  4 +-
 ...1669-13e2a2185dde6af6bd269d22e183dd35.yaml |  4 +-
 ...1839-cad557e1501fb237a72952936969ee8d.yaml |  4 +-
 ...1840-31672843b36374c6d9bc9abf980ac503.yaml |  4 +-
 ...1843-5821b8bbdf52273dc284ba9fb20cfb12.yaml |  4 +-
 ...1844-b1c3c2103a95130385060251902a6b08.yaml |  4 +-
 ...1861-377e66001fb8e84db9266941f39f3e9d.yaml |  4 +-
 ...1865-874a492260299c7a5afa8a7cc7cbcac9.yaml |  4 +-
 ...1868-9ffefef754ef7b05c84f3b0ba93de0df.yaml |  4 +-
 ...1869-bda0e76aad71129453d100395876792d.yaml |  4 +-
 ...1874-69231840a822d24bacb2d776a5d46cf4.yaml |  4 +-
 ...1888-50115b9c428a5ad33912876ac3e59d68.yaml |  4 +-
 ...1889-01ea85ddd8a050d4ed49539de0e44b17.yaml |  4 +-
 ...1895-c31135ea82eaff9efa9c5f32111bb6e0.yaml |  4 +-
 ...1905-44f42e89daa3749af5c9d461caa7bbaa.yaml |  4 +-
 ...1911-388e6ad87200512eea2e328c413a87c2.yaml |  4 +-
 ...1913-47ea06b51e4d84465dbdc7ce5332226e.yaml |  4 +-
 ...1917-d2b59825f91765366d354ae0bca502ca.yaml |  4 +-
 ...1928-dca77da230ccc48431ba72fffaf1572c.yaml |  4 +-
 ...1929-fc23a4effa46a10b3b1c7e7c56d41874.yaml |  4 +-
 ...1930-cda6fd724330a43ee464ed21db562f0f.yaml |  4 +-
 ...1931-e73d249d01ad89f85ce6653e71044320.yaml |  4 +-
 ...1938-880d7d40699b96b833547889085219bd.yaml |  4 +-
 ...1977-ffbb08b3382f9c076d19dfa65caa3e3a.yaml |  4 +-
 ...1982-daaaa272b2f5cd2cb1ddbf8cf5560d23.yaml |  4 +-
 ...2009-977a0355e694b9d265545981130653f2.yaml |  4 +-
 ...2026-9fd302216733e7b16fde39fa0da8b2af.yaml |  4 +-
 ...2029-a5227115c16c80c1d90e0210cfd39bd1.yaml |  4 +-
 ...2031-cfb712440be870231ef705d9454b409e.yaml |  4 +-
 ...2066-0716e418df849204967cfc79352f5ba7.yaml |  4 +-
 ...2079-514e5589e35f6de5b251e63d9ba1561e.yaml |  4 +-
 ...2082-0caf8903231ef8666af5245315083b74.yaml |  4 +-
 ...2083-9de5506c980e28c9e55c18a88ab23a5f.yaml |  4 +-
 ...2084-7daa2f9a38772e28d5c088d50297e34a.yaml |  4 +-
 ...2085-ec83c952597cd4d48032e81f82ee4086.yaml |  4 +-
 ...2086-b8c50e487b4b0337b88f73b897d2ea2b.yaml |  4 +-
 ...2111-62f024d1a6544d8128f328de7ec4ed81.yaml |  4 +-
 ...2113-c98cc11ba230cb93eea39872b453bb99.yaml |  4 +-
 ...2114-3c32e113f430e95dd1bba8970b964bc4.yaml |  4 +-
 ...2143-165d37e436f1584c4d3db5b3ec68fd79.yaml |  4 +-
 ...2168-4c56b6bb234842fef87202ea54089581.yaml |  4 +-
 ...2169-1b628b6e919f163c78dec1ae22685875.yaml |  4 +-
 ...2170-dbd78c6bc37635ee7558d00a91a8165a.yaml |  4 +-
 ...2171-e1ab43eefd1268f41af50d790136abb5.yaml |  4 +-
 ...2172-948fbb4659b9489d63a6dcbbe5ab82b2.yaml |  4 +-
 ...2173-ee566a4e5dfcb43b5aa7224c7fc505bf.yaml |  4 +-
 ...2174-6a3c999f177d3f3a9005f7b86b4e26cb.yaml |  4 +-
 ...2178-6d0e53ee77e3c1fef450b5cd709f1ad9.yaml |  4 +-
 ...2179-ae1b1a51b391401549de89991091def2.yaml |  4 +-
 ...2188-29c3e0ef4de33c7a54c9e5adeed782a1.yaml |  4 +-
 ...2189-b3370369626f0cd7746a33baa8f9c6f9.yaml |  4 +-
 ...2201-263813b94544d66ca6de0f83221d4012.yaml |  4 +-
 ...2223-0769a7de02fdecf0755ac761d0a440c1.yaml |  4 +-
 ...2224-70a47ff6f5488e7468e76cf5273bfb81.yaml |  4 +-
 ...2225-437f4f4319341eb71e66802d9a46e647.yaml |  4 +-
 ...2229-bd5ef70cad456cfb810c3a196f6a2a81.yaml |  4 +-
 ...2237-64ddeafe0a6eb1f3dc3db9049ece872d.yaml |  4 +-
 ...2249-86ba8169e30edfd0fbeaaac7e702dfce.yaml |  4 +-
 ...2252-9576bd28245508413e199ad3d8acfb19.yaml |  4 +-
 ...2254-b309eae3300d9042c3f3d6f98d0437a7.yaml |  4 +-
 ...2261-dd3770633c5e3f81d160a943bc75a752.yaml | 10 ++--
 ...2677-12bc7ed9ac4b4df7c9585c5a1693f987.yaml |  4 +-
 ...2679-91762f25ca1ba53290ed2c419bfe3a07.yaml |  4 +-
 ...2680-43886ab11181377f0791e69c2c423b63.yaml |  4 +-
 ...2683-cc0d4514b7c79b3cb4d1496328155c24.yaml |  4 +-
 ...2684-a6ba6de400353cbaf7c7146b43b770d6.yaml |  4 +-
 ...2685-4f38551b81bcc12b9f18d5f308341508.yaml |  4 +-
 ...2690-0b18a98b24cbdb105ec0fbddf0f9fc1f.yaml |  4 +-
 ...2696-a7668a1f316cb3a4a10463e8f1f4e787.yaml |  4 +-
 ...2698-9be84376d34a812060ad8aba2e71f1f0.yaml |  4 +-
 ...2699-09213ac628577f10fc1f9d7850e68118.yaml |  4 +-
 ...2701-e077433f57a559397a844ed63a88920a.yaml |  4 +-
 ...2702-5e80d211739bf78fc6d29ff73646a991.yaml |  4 +-
 ...2707-01c7f6a7ff2da57d8e46e6c08e382c32.yaml |  4 +-
 ...2708-e82a5c99393c73fafe048a1ee03cc574.yaml |  4 +-
 ...2711-c94bdab6658e87ec5036df9af1fd3f36.yaml |  4 +-
 ...2712-71cf8d6f1781f11cff9af8b811c7f0b2.yaml |  4 +-
 ...2713-5096ea0bd77ac20a45ea75149ea1f0e9.yaml |  4 +-
 ...2715-c4c58ad76c633d16084174a989d36082.yaml |  4 +-
 ...2716-6bf95a000c0173a075e212bc6eeb873d.yaml |  4 +-
 ...2717-527f36f790da1a74645e814e4fe52934.yaml |  4 +-
 ...2720-e52be0435f55047670368cd34b580535.yaml |  4 +-
 ...2721-edd20f1acfb98b2d0a1653edfc88a6dc.yaml |  4 +-
 ...2275-054a823a88fd659044cb1d5f3fc034a5.yaml |  4 +-
 ...2280-85863960848d10abf7509addf7ced106.yaml |  4 +-
 ...2284-fb8070a3ea093b2b03c1a0de45c253ff.yaml |  4 +-
 ...2286-f0b0a230f7453036382fc231a8391538.yaml | 10 ++--
 ...2287-f0869bd6c833a2dcca8d781669a8f39f.yaml |  4 +-
 ...2288-08e36a5e429e15172c47a461c7457404.yaml |  4 +-
 ...2299-301e81e7a190a838bf006476907547b4.yaml |  4 +-
 ...2300-6c834138798466361126510722b04f6a.yaml |  4 +-
 ...2302-730361678b13f8f0736a72594b63e5d4.yaml |  4 +-
 ...2304-f2c467fe9ec6884b9a3fd8b065881ed3.yaml |  4 +-
 ...2305-1c63696c8009b48d027fd7d86fee0dcb.yaml |  4 +-
 ...2320-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml | 12 ++--
 ...2321-2c53b255c00d529e8b580e9b919c837b.yaml | 12 ++--
 ...2324-5bdb93ed09679c782c93a7aa96190eff.yaml | 10 ++--
 ...2333-faac6d1ff1697000b9b14ca585be6ab0.yaml | 14 ++---
 ...3490-2bb4b724bd1a7da8929a5d331260d484.yaml |  4 +-
 ...2351-4b446531318d71c375cbec3251c138e5.yaml |  4 +-
 ...2353-8ecff4070b265868b558d6084036a925.yaml |  4 +-
 ...2354-a6450bbcf1d391d632396e4291c55731.yaml |  4 +-
 ...2359-648072cf9e5d6b428e895ff9cc55e265.yaml |  4 +-
 ...2362-03747b0c7844da2a502c367644e13831.yaml | 12 ++--
 ...3639-b093b4fe361511a13e571267d2dc54e9.yaml |  4 +-
 ...3640-aca127a8ed0bd7922687fe103f18d74f.yaml |  4 +-
 ...3641-de9e079bb83ef0de7a86b06c72e28cbc.yaml |  4 +-
 ...3642-cacc6911c40efb999d1fe86f0d0191d6.yaml |  4 +-
 ...3643-aab60d7e635c7cb328946a00c5cb0802.yaml |  4 +-
 ...3644-1700178605ea1a028eb5734d4a1eaad7.yaml |  4 +-
 ...3645-f6463e889774b4038473eb08cfdfa039.yaml |  4 +-
 ...3647-f7d812f744f4c9ca71f204033cc41839.yaml |  4 +-
 ...3648-2aa015126a1a525f86550f7ae828f7a6.yaml |  4 +-
 ...3650-8f1eedab61ce04ff36cedd6b1737dcab.yaml |  4 +-
 ...3651-49a8bd4f442f3ed7ef68fc2e1242b1b6.yaml |  4 +-
 ...3652-3959344c0c7e5999442d4341d93fe901.yaml |  4 +-
 ...3653-ef3286d81d94e9b713e6b4a272249cba.yaml |  4 +-
 ...3654-74a58305bbc22438aab63e645d576e4d.yaml |  4 +-
 ...3655-ebaaeb684636cb787d78e7b3c484407e.yaml |  4 +-
 ...3657-cabb923e0e757cd8efc2802197c2fa24.yaml |  4 +-
 ...3660-04f298147815233cd89825cce559844d.yaml |  4 +-
 ...3663-3b5c9ebf6b5cbb215fd772c13336a403.yaml |  4 +-
 ...3664-8451bc0b3344f88890ab58dfe6424c23.yaml |  4 +-
 ...3665-7bfb92cd98981d6d2231287741115d7d.yaml |  4 +-
 ...3667-558e7a9aa7fa3c2ac2fdb51e4f62875d.yaml |  4 +-
 ...3668-560e75b141006ad846ab2e105e9e507e.yaml |  4 +-
 ...3669-089c7908dc4fffc678d9e3d75fcc62a9.yaml |  4 +-
 ...3670-cedfa6f88d2bc9a6561954401e5a9b61.yaml |  4 +-
 ...3672-85f432bf2dbf8ba147f83f3469bc9104.yaml |  4 +-
 ...3673-c8c3c4e396d486583b9e49a37e519b53.yaml |  4 +-
 ...3674-40022e8f0d8dd6d5dda3b842e2bc95ed.yaml |  4 +-
 ...3675-19694fc6eba31e53a1ac14bdaf6f6028.yaml |  4 +-
 ...3676-2ff1bc044255f45b7cf3b45392cb2e17.yaml |  4 +-
 ...3678-6fafcaccee81c5d3208247d34dd3565c.yaml |  4 +-
 ...3679-37413a766ec0b67c1d3586422811e23c.yaml |  4 +-
 ...3681-6e8db758b1055e1e1edd16d20fa3c329.yaml |  4 +-
 ...3682-276fdddefb69d404e325809486a9c5a4.yaml |  4 +-
 ...3683-e6a4bf4b7def7461fd0f2bf14330f22c.yaml |  4 +-
 ...3684-b238fd34b5c3e924a09fd674d5421611.yaml |  4 +-
 ...3685-248c17eb0194783cca6065d1efba6689.yaml |  4 +-
 ...3686-065f57f30aadd88480dc295cfdb7429a.yaml |  4 +-
 ...3687-de2bc693a1c312889ab71164989a7177.yaml |  4 +-
 ...3688-362e89b41145042eb5431e45e53b6db2.yaml |  4 +-
 ...3699-941ae6e3f270ab1852f33bed4b21e75f.yaml |  4 +-
 ...3700-edb6cbfc2b955228bcb748bd996c120c.yaml |  4 +-
 ...3701-c3d61b837adb4506fbea73b489e751f0.yaml |  4 +-
 ...3702-8c52e6f03af939f0f311c40af30d7f63.yaml |  4 +-
 ...3703-2638501c4f697eb3fd2442b86e278a44.yaml |  4 +-
 ...3706-5585b9de0a3cacd6beb8b8edc279fcc3.yaml |  4 +-
 ...3707-da04799a8ee55b9edffd7e84cb258c78.yaml |  4 +-
 ...3708-4f85b81befb670bebb2829a27d7eeb09.yaml |  4 +-
 ...3709-d8720ff7be23b66bec0bd659c201c502.yaml |  4 +-
 ...3710-c57529c85cbb2380b599b6f25e5d1cbd.yaml |  4 +-
 ...3714-a75e8600265672ffbfe8fc90d6a06636.yaml |  4 +-
 ...3715-bd931f434035df45531eaa63d35d55b4.yaml |  4 +-
 ...3717-cb4e42488e82603fdda3ed8a6057c4fa.yaml |  4 +-
 ...3718-06f0f6d997d3961c4576d91935933f05.yaml |  4 +-
 ...3720-569c4e32e955a5a711d57f73a7ff1bf2.yaml |  4 +-
 ...3721-df593141a2030e92d8b8a063fe09a284.yaml |  4 +-
 ...3722-08485cb22c15bc9351789c0be0e79565.yaml |  4 +-
 ...3723-8b5e824a12086cc74066614f2e4e51cc.yaml |  4 +-
 ...3725-d28bd5fd4f3450ea3f311605e6d65b1d.yaml |  4 +-
 ...3727-309fdaa44a67ee8c05b1363fafbc2e7a.yaml |  4 +-
 ...3728-d86c9fbec6faeed6e24c9e1120c7e0c6.yaml |  4 +-
 ...3729-7f4172230ab5f4cfd3c2df5f07ea6d4e.yaml |  4 +-
 ...3732-764235f1dad8997c7feda04c94cf2850.yaml |  4 +-
 ...3733-277494a31c77da0ae18248d4fccbad90.yaml |  4 +-
 ...3734-e37188c1de6df4d33488960fa6e214fa.yaml |  4 +-
 ...3745-6d4992572a9f9bd5311ba2254f8b32c1.yaml |  4 +-
 ...3746-5bb6026096b7bf370409b664b0a819cb.yaml |  4 +-
 ...3747-88e0ecb64f4709b7a4173b13eb85c3b6.yaml |  4 +-
 ...3748-d432b5b11d667b6f9fe5cd55370cdb88.yaml |  4 +-
 ...3785-d864c9b876d3aee646e414b358c69b64.yaml |  4 +-
 ...3786-fb9e76e2a53a99a1061be745850fe380.yaml |  4 +-
 ...3788-38be090459bf4011b3b41398d60796a6.yaml |  4 +-
 ...3789-d025df7fa9c98e92f3b558a7323cb34f.yaml |  4 +-
 ...3790-79c1e1544a74f2c87544fd2e816d236c.yaml |  4 +-
 ...3793-66aaa6f41f27e2a7e948bc3c3424d334.yaml |  4 +-
 ...3794-42f2aed82645b4c22a964230d4cf5c0e.yaml |  4 +-
 ...3798-9cf47a9aaadc1341f9d7d43e1e7e02f2.yaml |  4 +-
 ...3799-0fb85e5ea92cfc0152cd39c07cc97431.yaml |  4 +-
 ...3800-0445de609fc885d2b170effe241e7510.yaml |  4 +-
 ...3806-73efd5c8bcd4c1bfe4df6f8b395749d7.yaml |  4 +-
 ...3807-2c9039886374ff786c4c2e679732fd8d.yaml |  4 +-
 ...3808-eca4f2076644e75e750957ea6e558bad.yaml |  4 +-
 ...3809-4d66daf76c1a504d8951d5442d44e0d6.yaml |  4 +-
 ...3810-f526a0fb0a181d070234f458832b61bd.yaml |  4 +-
 ...3811-2cf2ecadfdb85fc26b2f2d1670a74a60.yaml |  4 +-
 ...3812-71e56d0f97e8b4d7649e09ad58dd5927.yaml |  4 +-
 ...3813-dd53e1988ec5b5d25424d4247fd55d9d.yaml |  4 +-
 ...3815-1179313cfd258782fb4aa71495304bc0.yaml |  4 +-
 ...3816-e71a52c7f200dba2edfeb838eff9f8f3.yaml |  4 +-
 ...3817-03f092a688a4fa72580d80fe6ada5bb3.yaml |  4 +-
 ...3818-e5cd3f1b72f8c188bcce67a3cd5ccf0a.yaml |  4 +-
 ...3819-1b30aff662020c0b4f39f0c4b04b2958.yaml |  4 +-
 ...3820-93365cd3a26ee2a497f31876bb4917f2.yaml |  4 +-
 ...3821-a73b50da5126e009aa2afaa408141c1f.yaml |  4 +-
 ...3823-d8eaeaf9f69a4b2de6a788086b60bfc0.yaml |  4 +-
 ...3824-808f401d9d8c5d86d169e876e53df971.yaml |  4 +-
 ...3826-64cea71514683366dc6b4c2ffb6a6e72.yaml |  4 +-
 ...3827-e258e8570aa5a2a07663517678c9341e.yaml |  4 +-
 ...3828-2349a7bd555a58451ac9e6f7145fe711.yaml |  4 +-
 ...3829-9a422d0a1f5b287c75a0c4e8af0a5fc9.yaml |  4 +-
 ...3831-37317046e94cf4102e2b78af213fc732.yaml |  4 +-
 ...3832-f48aa8ce150f50f9f99d4d22650a952e.yaml |  4 +-
 ...3833-e9fd5a8f4cb940c05dfbd60e736ab50a.yaml |  4 +-
 ...3861-573c28c014e533996385e54c5801eb5e.yaml |  4 +-
 ...3862-4703f57dd95a665cc36f6d5726f726bb.yaml |  4 +-
 ...3863-537feb2660b274ef93e595158af0eec1.yaml |  4 +-
 ...3864-1f531b026c2443d4ba9e4c6118234d6d.yaml |  4 +-
 ...3866-6b38cc619c1f1d13c6fce974aa8b5a90.yaml |  4 +-
 ...3867-f3522c3cb0ccfb1220b311f9a238555b.yaml |  4 +-
 ...3868-bdd35485646018dc29c3dede2e0cfc31.yaml |  4 +-
 ...3870-cfda816b6240f8a3b82f71453a31052b.yaml |  4 +-
 ...3871-63f1bf4087d9427b6d24f67f8ffe6d66.yaml |  4 +-
 ...3872-91afdd80e105f88c419657c28ec390b7.yaml |  4 +-
 ...3873-3b3faa72335204be9fd1e5395bb7377e.yaml |  4 +-
 ...3874-cb44b891144850987aa067ef65bfd80b.yaml |  4 +-
 ...3875-bc281b421f8fff950362929962ab0019.yaml |  4 +-
 ...3876-bf60bab5b44140ba04d1559cd2178f30.yaml |  4 +-
 ...3877-62705338d1951d661bb8e5bc23d5b61e.yaml |  4 +-
 ...3878-5237dfae31b24b8180bcd6193ab8bd7f.yaml |  4 +-
 ...3880-9084030bbc61cd11a5b8832a564811a7.yaml |  4 +-
 ...3881-ae8255f2994549b36706bb9a56ad3c0f.yaml |  4 +-
 ...3882-1a33452c961e3444957f4bc07615cf79.yaml |  4 +-
 ...3883-cf0e16a0243bc8e5fbe7907a0ee34454.yaml |  4 +-
 ...3884-0ba2d63b51e45936904968ed820d3fb0.yaml |  4 +-
 ...3885-62b74eeb9a66bc4a3cf51fa299ef8a9e.yaml |  4 +-
 ...3888-f745637cf5ff648ecffd79a7f071d200.yaml |  4 +-
 ...3889-c39c9d651b411fa109fee2b8c3a1d9b8.yaml |  4 +-
 ...3891-dd78e64b2b479493968a1e6217c98447.yaml |  4 +-
 ...3892-d65055d7026996d94428cd7d953a60fd.yaml |  4 +-
 ...3893-3a84f9286ec25d34a996b5cb4ee829c4.yaml |  4 +-
 ...3894-65bd3240ae8121decf63d5f24c3d008f.yaml |  4 +-
 ...3896-e9eaa7084ed183eefbf2977e6f156e8c.yaml |  4 +-
 ...3898-487e89618ab2c9b35b3c1576f9f20c5d.yaml |  4 +-
 ...3970-32eb01ee606ecc19d89dc769776b1c92.yaml |  4 +-
 ...3972-243adc14e5399e777d2255721eb66201.yaml |  4 +-
 ...3975-cb184c0a5bf632bde9de97505ce638ee.yaml |  4 +-
 ...3977-73dd9496dc7942d3595fe6b58faa41a3.yaml |  4 +-
 ...3978-11a9c2fdd6ced3454ae2f484273892ee.yaml |  4 +-
 ...3980-d4435c597b00bf3290ee73c887974569.yaml |  4 +-
 ...3981-22b31e4572f874fba75c72ff00d007de.yaml |  4 +-
 ...3982-f018dd006c86a273640a9091528e99af.yaml |  4 +-
 ...3987-4d9fd3b2756396c2e2474f36f3b3ed72.yaml |  4 +-
 ...3988-3b65f76db2b87c51279c14c330d16347.yaml |  4 +-
 ...3989-49f8b17fd3f7202d469cd36057801698.yaml |  4 +-
 ...2399-f3d365dcf43ab1e2b6ca241869ef39d2.yaml |  4 +-
 ...3990-42471f956508e099a58e2e33212c947e.yaml |  4 +-
 ...3991-e064d299c84a7a932db5e1b086223b4a.yaml |  4 +-
 ...3994-1243017811fac8a9f67c1c02c6c11406.yaml |  4 +-
 ...3995-500071d87ecb0967bf74f13aaaaabbd7.yaml |  4 +-
 ...3996-a51251f0d703aa8b0485bf4eda435396.yaml |  4 +-
 ...3998-89a7d7a1b88043a7292e56fadd9f32f2.yaml |  4 +-
 ...3999-49a596fa960c73e741b497015244d412.yaml |  4 +-
 ...4001-1520c53880fff07e37200c6f21a3681b.yaml |  4 +-
 ...4002-9f08d8940e734966b92051cba3f5ff32.yaml |  4 +-
 ...4003-690de1b98dd30a46cb8901aa5c2f16aa.yaml |  4 +-
 ...4004-e990d85401ec922ea084ebafd475f1d6.yaml |  4 +-
 ...4005-44d79c88f80918a39ad3735f87916ce8.yaml |  4 +-
 ...4006-d03335b5fcf3342ce30e3d6994089bf1.yaml |  4 +-
 ...4009-4fc88bb474bb1a0cdd35b01d04f15578.yaml |  4 +-
 ...2401-1b8adc4375e4968834c6e9a5908156bc.yaml |  4 +-
 ...2404-8a9c908ec048eb5db70aedddafa15d74.yaml |  4 +-
 ...2406-75fa36bac06fa043ebc71b72e7bf53b3.yaml | 14 ++---
 ...2407-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml | 12 ++--
 ...2414-b65c2cbf689ff5e6c36de8e6ea88fb1d.yaml |  4 +-
 ...2415-80701456edd5634e54dde4f94f03d86e.yaml |  4 +-
 ...2433-6fe67f9ebf1fd28c0850e6428387bc2e.yaml |  4 +-
 ...2435-e95a6a45d70dd7149f957cc2dea209d3.yaml |  4 +-
 ...2436-97602b372ac2dff313ee6b7601be8c2a.yaml |  4 +-
 ...4372-a772a1bfbb77e4750a15c026120428cc.yaml |  4 +-
 ...4374-639d631ea2d71e82d52ba35e11baa85c.yaml |  4 +-
 ...4375-0881f47c3594ae8da08c18a925e96922.yaml |  4 +-
 ...4376-9bd31a69895b603beba548b13ee3a848.yaml |  4 +-
 ...4378-bc0cf3a754a6fbdff0b7d35751f27209.yaml |  4 +-
 ...4379-55c8be1b98f905c0f97aa18a603d7cea.yaml |  4 +-
 ...4381-b2640c0e1d9759721b91219a63bf25ee.yaml |  4 +-
 ...4382-eab3c1f0807691261d40289ccf106a32.yaml |  4 +-
 ...4383-03657cd383df53489c98f2c2003d74b0.yaml |  4 +-
 ...4385-0b903181e53a3afd2853d8a217d8de8d.yaml |  4 +-
 ...4386-4cb7b1b325a065f19e4694c97bc6e095.yaml |  4 +-
 ...4387-fbacd93e40e029ab5294ff6e4faadc80.yaml |  4 +-
 ...4389-f60d70179169d7470d698c285c73d2aa.yaml |  4 +-
 ...2439-73550b54c3b3918e019ec5d1a646e218.yaml |  4 +-
 ...4390-b205c6392eb0136cf0df5ea96fc73a56.yaml |  4 +-
 ...4391-acf9697c1a09f246be4d3f2a957b0449.yaml |  4 +-
 ...4393-cf48a696f82d0831c89a84db8271161e.yaml |  4 +-
 ...4394-bd8810c05731a418d8d9a50b27d4228d.yaml |  4 +-
 ...4396-12086c6161e4cc7ce0b879de54cf11f6.yaml |  4 +-
 ...4397-33be367e25256f8164e300b3a7daf9ad.yaml |  4 +-
 ...4398-8e2fcddafd26ffe986aba71521006509.yaml |  4 +-
 ...4399-15e84b289a1503987417bb5a8a9db81a.yaml |  4 +-
 ...2440-183bcbf1ecc01c4bcdfd0244c1054c88.yaml |  4 +-
 ...4400-94366e72b8b16247e4525177a190a390.yaml |  4 +-
 ...4401-f7f88d86922c2be2737227c4eb89350c.yaml |  4 +-
 ...4402-4f49b393f88ca9ff4cbed10f183193ed.yaml |  4 +-
 ...4403-40b2967e127caf7495ebfc36b3279860.yaml |  4 +-
 ...4406-8a828053bf646bd38f0facf7c997017f.yaml |  4 +-
 ...4408-b6af58199f4bb361c122e5469834d6a6.yaml |  4 +-
 ...4410-7505baf43f2a97f13623d8a9e01f067a.yaml |  4 +-
 ...4411-aec5b406433b53e4f92df5e66d0bb478.yaml |  4 +-
 ...4412-446660b2783c8caadc3d9d08f86fa99d.yaml |  4 +-
 ...4416-1d838507fd655633d89fdd3f677085f8.yaml |  4 +-
 ...4418-e0a3631cbe633a42d5989c02ecf7206b.yaml |  4 +-
 ...4419-50b07daf945144cbfd99133630410da2.yaml |  4 +-
 ...2448-3e54e940d7f7e91b150b3a2075b3abc6.yaml |  4 +-
 ...2450-d03e7c1b36748ce86c160cf6fe252332.yaml |  4 +-
 ...2452-bafdacae26c88640cb6e30b25ba66a73.yaml |  4 +-
 ...2470-9327431607715dc8ad5049b0a62ebe4f.yaml |  4 +-
 ...2482-f2d03c372af597128c556a16b6de11cf.yaml |  4 +-
 ...2484-3662e536f344cad7ead518a87b44f9b9.yaml |  4 +-
 ...2489-38876a8a5fbfd61cde5369e484f937f2.yaml |  4 +-
 ...2490-6cfb5c63bbc7af6b76f9e01d4d2fe2ac.yaml |  4 +-
 ...2492-9ee0bf881f08cd3cb60239af7879852d.yaml |  4 +-
 ...2493-3222e9d54de5c7b5bf110a40b9d38190.yaml |  4 +-
 ...2494-d934ac1748b53a01cebaf8d5ba82ca90.yaml |  4 +-
 ...2495-c5e8439f52a72fc808844ece6ad38bdd.yaml |  4 +-
 ...2496-6b34c883ba2362a8ae8903a4773f143d.yaml |  4 +-
 ...2497-e9ae8122ab019b9f575d632976e78882.yaml |  4 +-
 ...2498-b5e2905f3fa25ed5a268cff184f71b6b.yaml |  4 +-
 ...2500-c0501d6ec7222ce135cf1060e0209955.yaml |  4 +-
 ...5021-bb190962067ba33976cc3f88e434b44c.yaml |  4 +-
 ...5022-c2cbb8ef0136e2fd003d5d3fa4115b69.yaml |  4 +-
 ...5023-ea72a950c1ec7c195be94a36b1f4a88b.yaml |  4 +-
 ...5024-00aaf3a917048a24cf4188f68658ad92.yaml |  4 +-
 ...5027-c2f2835d90a3f3c6d22ed640d7b5a35a.yaml |  4 +-
 ...5028-bc617b508aff51ac43ff170f5e7c19e9.yaml |  4 +-
 ...5031-4270b682ebfb5d58e498fa26615a2af8.yaml |  4 +-
 ...5032-8d6a1c8b6a0bd1e0976b28104afac768.yaml |  4 +-
 ...5037-66b0b9e68fee422256033ff3686e7914.yaml |  4 +-
 ...5039-1123677072a0d47589707f79eb0e7e54.yaml |  4 +-
 ...5040-6211c1f22472d646cc232f92f882834f.yaml |  4 +-
 ...5042-bca2d75657a1c7a6e99c08d66b7b4e2e.yaml |  4 +-
 ...5043-c974ccf1587cec2eccea9add62a9571f.yaml |  4 +-
 ...5044-68edca1ac76c8646936a8dc6a3f4659d.yaml |  4 +-
 ...5045-202c703bcd7494b0db3a9f2aa3a2b6de.yaml |  4 +-
 ...5046-110726f45fe770f212d1aee89f3bb57f.yaml |  4 +-
 ...5047-fb36faa4bab8a0d1c4868c63043ddd1b.yaml |  4 +-
 ...5048-36f733a53254d69782057e16be93c1ec.yaml |  4 +-
 ...5049-f239cdbdbea64adf739686a8765fc6ab.yaml |  4 +-
 ...5050-2b8f19b8c01bfb1b9a5352e232b91e8f.yaml |  4 +-
 ...5052-0cfa07456732530e831220894e1919de.yaml |  4 +-
 ...5059-9bcf1b21f2afb149521c1b2b2eae8a87.yaml |  4 +-
 ...5060-3d269a7750029141d9d3783312ca3377.yaml |  4 +-
 ...5061-a749224e64254fa4b744badbc098456b.yaml |  4 +-
 ...5062-18e973bad98be5b94dffe02819323b60.yaml |  4 +-
 ...5063-9f2f326dd2b99a9ab7152b99b148e34c.yaml |  4 +-
 ...5064-f030486cf056eab3637611e650524a05.yaml |  4 +-
 ...5068-f5a034fa03b4780f360af411f657fb5a.yaml |  4 +-
 ...2527-2fe05eeb0f074422838b91d061a270ed.yaml |  4 +-
 ...2529-a61a2dfac8b16f216b2c313ed531d97e.yaml |  4 +-
 ...5442-230d51cfd302c1eecd4d3a3387befab9.yaml |  4 +-
 ...5444-1a072d8df8f66c1d4b2649edb7db538a.yaml |  4 +-
 ...5445-c93f15f45e4694eec856b57673b454f8.yaml |  4 +-
 ...5446-9a4a86b73d09899b1f2fa163f3660f75.yaml |  4 +-
 ...5448-63705f2cf5933c3d0b8cb680facff791.yaml |  4 +-
 ...5451-20277bf2aad5677f3f9bd4eac5f630c9.yaml |  4 +-
 ...5452-a3fcccf439bdac9208ecc47d006e929e.yaml |  4 +-
 ...5454-5d1bfbb84afa64ba47c235dccca370e2.yaml |  4 +-
 ...5455-7a725b90d4cc282b22e04990737c3b98.yaml |  4 +-
 ...5456-e9d4c2285e81f24a0ebb73201d5c6506.yaml |  4 +-
 ...5457-ed271342f2446f50a4b4b39df1d986d6.yaml |  4 +-
 ...5458-dfc5edcffb51809997c1a8d53e1c44ad.yaml |  4 +-
 ...5459-67558508f8127f6d47b6b0749495c9d6.yaml |  4 +-
 ...2546-e3973fedf7a8f63d43b3386884883485.yaml |  4 +-
 ...5460-70088a82bdb29c81346c08fa9d47c687.yaml |  4 +-
 ...5461-c33e053383feb22bc4a0a09a68717fb4.yaml |  4 +-
 ...5462-4c313c7653b942a477e04e3a6c17f18a.yaml |  4 +-
 ...5464-f7f846ee6a2643596409a73557db5ac2.yaml |  4 +-
 ...5465-d4c59ee10654dc665fe7870643db894a.yaml |  4 +-
 ...5469-3d0e7652c5954cde6070c6634683929c.yaml |  4 +-
 ...2547-a766deff845672c22971718a646cf246.yaml |  4 +-
 ...5477-fcbd76097c62e0d5592f5bd058f1a16f.yaml |  4 +-
 ...5479-4f7a95f2553b4e4ec80b6d04a6fbc8bb.yaml |  4 +-
 ...2548-fcd65c8735954219062dc7bc27977dbf.yaml |  4 +-
 ...5483-4b7a2f690ab23a9c56fa493203cfb340.yaml |  4 +-
 ...5484-d3f480cf02dc331ee92b8ba5f6c29338.yaml |  4 +-
 ...5485-adbb6fa0fc2db14e16c1a1b09c0380c9.yaml |  4 +-
 ...5486-7379020b548b14b7be62b539ae5d76a2.yaml |  4 +-
 ...5488-498a64542dbb51a5eba70d23bf7af5b7.yaml |  4 +-
 ...2549-a8cea4062eea92bba71d4c0d54416fa2.yaml |  4 +-
 ...5490-1c50317ba4f62105b747a16f1bd9f458.yaml |  4 +-
 ...5491-7438f6c5de0164c1ebbfea6f43fc0dba.yaml |  4 +-
 ...2555-fc8e4381ea5ebd79c418e0830ad7aa41.yaml |  4 +-
 ...2556-666b2fb2c881bde28dcf6538f4e79c83.yaml |  4 +-
 ...2557-2d27e10efdfec8fc58acf4cf64107b4a.yaml |  4 +-
 ...2558-181f8727807ba64411fbc27b7d06a7f7.yaml |  4 +-
 ...2561-24e92d0b5bd4d59ca9bd929ad9b17b1d.yaml |  4 +-
 ...2562-b4794af8b89126f30163809c87b8527e.yaml |  4 +-
 ...5699-86f850e8e3017abf354eb04e885cbf48.yaml |  4 +-
 ...5702-ac00155c6073a79243073e436990a17b.yaml |  4 +-
 ...5704-d58b2eb7209b77e10a0a7be6a3ad7570.yaml |  4 +-
 ...5705-fc6f44579727101979a58b50043c9f62.yaml |  4 +-
 ...5710-7abc665e21c65fbf0435b861d32be85d.yaml |  4 +-
 ...5712-7173b1dd80c7cb39c8dbdccb921d11e8.yaml |  4 +-
 ...5715-2b733e03ac956657b279c0c2e7178248.yaml |  4 +-
 ...5716-4e902ac20277ef72a0ba4b9fef3685d6.yaml |  4 +-
 ...2578-e74780b7e51cbe82d58b11a6033838ff.yaml |  4 +-
 ...5781-5edfe37e0774673d507ae94c41a64138.yaml |  4 +-
 ...5782-bb6a55b0c6e726b2a2ecec4b50c8f7ea.yaml |  4 +-
 ...5783-3ff2a2ae71a0269c8c6a199dba440423.yaml |  4 +-
 ...5784-e6b604fdb9cd729f08feb0319847d447.yaml |  4 +-
 ...5785-872e77979f08b8dfa6cf8411f0e84c8f.yaml |  4 +-
 ...5786-6ae4507849a8e19efb73377acf163d95.yaml |  4 +-
 ...5787-3f433c20605e0478560f661cae839ad8.yaml |  4 +-
 ...5789-0bb4c4e55d3bd7066abf4b3e5c409eb3.yaml |  4 +-
 ...2579-6001aefe4ed5d867371bbaa565b1d288.yaml |  4 +-
 ...5790-7bd424eb93435e30d87b1474845a32ce.yaml |  4 +-
 ...5791-ed8d60dbc212a2488ceb5fdf43131cd0.yaml |  4 +-
 ...5792-55fba5060ceecf0350eb52f214341712.yaml |  4 +-
 ...5793-3ca3d61f633582fe10aacbed8816c6e5.yaml |  4 +-
 ...5794-2b837a9bfbedcec8d35d48ea5080f6cf.yaml |  4 +-
 ...5795-2344762ab01ebc08578d7b685bed6e58.yaml |  4 +-
 ...5796-2820cb8fd83fcd8f6cd4181103e215ab.yaml |  4 +-
 ...5797-c05c9af186400589f780a92d671602c2.yaml |  4 +-
 ...5798-76ca7c77b83fa68f077aef4f9085d916.yaml |  4 +-
 ...5799-583b3f0f882e9563f461b70129fd6f7b.yaml |  4 +-
 ...2580-3184746777b9e1e2355cf98fc7ddb576.yaml |  4 +-
 ...5800-c75d16ff72ec9720f6fa40f4e6a40b23.yaml |  4 +-
 ...2584-5498e556e2216200fd56232f5d1a8034.yaml | 14 ++---
 ...2592-98163a520e2e6ad1b536bf4759e7aff4.yaml |  4 +-
 ...5958-0a74f9768178c52be7335a4414a065a0.yaml |  4 +-
 ...5959-7c93e57058800cc97d4580d0e8797ab3.yaml |  4 +-
 ...5962-73da8bcc97724050406ff5bdd6471c84.yaml |  4 +-
 ...5963-23c92f364f22c50ebf1609484d67aa5e.yaml |  4 +-
 ...5964-8a9da35b1949b285490ef29120cda9a5.yaml |  4 +-
 ...5965-accdbc7387e8cd352346b508525444ba.yaml |  4 +-
 ...5966-4e2e155c281ae60022e2ed5429179c85.yaml |  4 +-
 ...5967-05f8485e11de79d6aa39de126de0f4e7.yaml |  4 +-
 ...5969-41d911400ca8ace536dfd110ed4dbc79.yaml |  4 +-
 ...5969-9baae5fb51d9dd1141e1931574d9d7be.yaml | 14 ++---
 ...5972-71669f91f6c03ce43a9b92fdae9360cb.yaml |  4 +-
 ...5977-0fbf5aeb9219f7fac5b857b809c640a1.yaml |  4 +-
 ...5978-c17395d57aa530c1ca072f07b2b709c1.yaml |  4 +-
 ...5979-c6bd3ba187d60fb65a038a39af19f9cc.yaml |  4 +-
 ...5981-3c4ad527262d00d607d5c7466a5e3a23.yaml |  4 +-
 ...5982-a8a2129053b6265336aaeb65bc0c164a.yaml |  4 +-
 ...5983-11a5b3d7c20edce1773adda5ec308996.yaml |  4 +-
 ...5984-9a176796080675b246543fba168c027a.yaml |  4 +-
 ...5986-96955fd433f50860fcfbf43e30334f40.yaml |  4 +-
 ...5989-b1fa67bf969fdb68e71efc5cd730124e.yaml | 12 ++--
 ...2599-8871ef770441f03d651279dadfcbfd9f.yaml |  4 +-
 ...5990-3a1a2462f10e12efaa2197ad33a42396.yaml |  4 +-
 ...5992-2ace3607ba6999f91533535a3a2816d7.yaml |  4 +-
 ...5993-e7e948bfa89ef889d57ad4a644f6ffc0.yaml |  4 +-
 ...2600-59797dde213a6367a6157622c3715782.yaml |  4 +-
 ...6008-8a2fdef7cc698ec15988b37831ded08d.yaml |  4 +-
 ...2601-55c5d66fcb1a0e14740f101ab90eeba9.yaml |  4 +-
 ...6010-6481182e7ac4b130cac34d43758d1847.yaml |  4 +-
 ...6012-4fd05a735543332a71cc4808699480af.yaml |  4 +-
 ...6013-30299c84e4a810a5d91c885ccad19e9f.yaml |  4 +-
 ...6015-f938f1ab4ea9e7929903077ead3a87cb.yaml |  4 +-
 ...6016-ace70e46c2c11dce25895020e8f9ce37.yaml |  4 +-
 ...6017-fe5cb5dd50547aaa395139fc837a5f8f.yaml |  4 +-
 ...2606-131875d333b38df6cd9a906f0f1d6d15.yaml |  4 +-
 ...2607-1f2e03d503f5681dd8b4d168bb6a5e29.yaml |  4 +-
 ...2608-03e8fea4abe393774ca83cec29070e62.yaml |  4 +-
 ...2627-e448c9e4b5c0c1a44cb7637de9906bfd.yaml |  4 +-
 ...6325-6a99396550744ae560a5320a1b153079.yaml |  4 +-
 ...2634-eceee40ae071bd0838ed35de0f0e77bb.yaml |  4 +-
 ...2636-054cd3c24ebffa75be93ee2056e1824c.yaml |  4 +-
 ...6515-59c7d1a679853ce7b01d642a9cdae84d.yaml |  4 +-
 ...6516-c4cb405587c7aac808cc9a0330f4a287.yaml |  4 +-
 ...6517-2f94c3f833650d494dcd027c8f5b2a1d.yaml |  4 +-
 ...6519-fed0833f3ebebd240e7a0f4e9421be22.yaml |  4 +-
 ...6520-f8ef60664eb207643cf086f83584b3db.yaml |  4 +-
 ...6521-67ada1785c1a67660530280a293c0d89.yaml |  4 +-
 ...6522-0e94306a43ae08419eb38c17f3bdf17f.yaml |  4 +-
 ...6523-4b4ac88975e8590a6a5fd0cf4302a336.yaml |  4 +-
 ...6525-3a87cd2c194cd815db2ec636b84e643a.yaml |  4 +-
 ...6527-7341f9a401e387eb541b7f0ce957b3d9.yaml |  4 +-
 ...6528-644c7cae519f04e689e17393d43159b0.yaml |  4 +-
 ...6533-c592d86340244bb94d180507b23fa5a8.yaml |  4 +-
 ...6534-f62d90a1456165ae9d04c07d4bf69a25.yaml |  4 +-
 ...6536-a7c9f85c93718ea45a6837bae9a163d3.yaml |  4 +-
 ...6537-7a7c093f97491b5547b10f0abf94cd54.yaml |  4 +-
 ...6538-66589665af0b647ad01185928e32cee5.yaml |  4 +-
 ...6539-eec11cac81b9e7efcb35b893f28148cb.yaml |  4 +-
 ...6541-caf355595af5171fa75c6b8b0c04dfb1.yaml |  4 +-
 ...2655-5530cad0a9767bd88d96d829bf733779.yaml |  4 +-
 ...2684-ca9ee22d1cc41a724720db8fe33326bf.yaml |  4 +-
 ...2688-6bee4ceb90dc1010814fe03431f27200.yaml | 12 ++--
 ...2706-cc96636e9196394b50c931f7bad41740.yaml |  4 +-
 ...2707-3337ca8e284defa05fd45bda9b3ec176.yaml |  4 +-
 ...2709-9da08dd717e53fc804ec0889b3c45692.yaml |  4 +-
 ...2711-cdfdacefadee3ac15d930a67722d11e2.yaml |  4 +-
 ...2714-7690dbacbae8cf712fa24f47448d84aa.yaml |  4 +-
 ...2715-6f02fa76246cc8d01472e29b6032ad8f.yaml |  4 +-
 ...2716-ea3614c57e168b5cbba1a64665aa3e41.yaml |  4 +-
 ...2719-3dc309d6eba7a3765b70c365b5153ae1.yaml |  4 +-
 ...2735-f995ec2617f1d8e01a76eb96ebc10f06.yaml |  4 +-
 ...2736-a69ac85c2f382d8b82f7f44fd083ec69.yaml |  4 +-
 ...7412-0eeb168325aaf2fd5bb4eb1250e0882d.yaml |  4 +-
 ...7413-bfcfe2a24b673f9c7c3adba8fe6586b3.yaml |  4 +-
 ...7415-c8fa2e9308164baca50265fff2c3437b.yaml |  4 +-
 ...7416-09af6d4d8c4435a3e0935a8eb5df6c7f.yaml |  4 +-
 ...7419-6d87a6f7248c4528f7d5ef6ed7c11eba.yaml |  4 +-
 ...2742-96bcbe0539bed3ce58849487848c2a2e.yaml |  4 +-
 ...7422-b9cea09f7ed512cb1aad12f24e857815.yaml |  4 +-
 ...7424-4b89abc62fd406d908566683e2dcbf5a.yaml |  4 +-
 ...7425-f63b97efbb567f61e36df93bf47a02fe.yaml |  4 +-
 ...7426-9efb6c4b18285974b32863549d5c9405.yaml |  4 +-
 ...7427-f670252b93de10e17e15c533cbe48519.yaml |  4 +-
 ...7428-6c042e8ea6605a500a8eb10aee943be3.yaml |  4 +-
 ...7429-e541a07e8afe605f1bf04dc95e06d38b.yaml |  4 +-
 ...7432-9de482ee3d956ce585f6bd7d5fa3f9c1.yaml |  4 +-
 ...7439-bf579b9a08de0f44c24def81bc3a2891.yaml |  4 +-
 ...2744-d1b821dbb873ab8f28cd2cb8f033062c.yaml |  4 +-
 ...7440-f2d9478a61ae546bc6c42d7e589dc8be.yaml |  4 +-
 ...7443-be0ba3aacccf6ba5116887341d902b74.yaml |  4 +-
 ...7451-c57f6caa20d50f7b5d4102cef52235b3.yaml |  4 +-
 ...7452-0ad7f5a9c3342b7aeba5a03db14c71d0.yaml |  4 +-
 ...7453-057556914142c489ed57ccffe54665f7.yaml |  4 +-
 ...7454-9454be14498ff26da96354e9b5fc82b2.yaml |  4 +-
 ...7456-99f1c42a705f1b7c13a404d5bf315c5f.yaml |  4 +-
 ...7460-e62ea330281841ac90814f51a2e6e358.yaml |  4 +-
 ...2757-2724145ee24f5785e7f7e4619d00fbc8.yaml |  4 +-
 ...7605-20b79e43dd02b60a0996dbe99e7ba439.yaml |  4 +-
 ...7608-f595c203a77330422dba7245cce84dcd.yaml |  4 +-
 ...7609-0822b2c02c49629a19bf084eb6d8580a.yaml |  4 +-
 ...2761-ee6d7181de7e06427ee243be8abb06fb.yaml |  4 +-
 ...7610-73d72f655c3b804018b0ad6a3a400257.yaml |  4 +-
 ...7612-68354cec14dcc6c8c5561bd362f6a851.yaml |  4 +-
 ...7614-20fefc27d9160f7f5b2c386f22a44380.yaml |  4 +-
 ...7617-ff8293f84b21b2955bef22aebfa62b32.yaml |  4 +-
 ...7618-9a7bc6474013942cb9ad4b06ba961bd0.yaml |  4 +-
 ...7620-9376ca64ef0c10c441ff62358957edd7.yaml |  4 +-
 ...7621-a521128c60a3e4447b1ae62129a4837e.yaml |  4 +-
 ...7622-a6e719c0412296476082fdb1b971690e.yaml |  4 +-
 ...7624-47522a4a3dc3a65ace6791fdc8ad2676.yaml |  4 +-
 ...7625-db3e14a64935e9816ff1fc8cb2d49569.yaml |  4 +-
 ...7626-a63f1210dd076ac1af75bbdfb4936df5.yaml |  4 +-
 ...7627-b8484e4bbe43b173d4b67998a26e2ce3.yaml |  4 +-
 ...7628-50ade2845c53f4bbe684ddfabd1bfd64.yaml |  4 +-
 ...7629-a344469158b924b0533b76919c9daf70.yaml |  4 +-
 ...7630-2d63f6e8d357472c9ca1e82cb0bc121b.yaml |  4 +-
 ...7631-3824f011eab5214f502db246222a2a64.yaml |  4 +-
 ...7634-a725115e3c0edf17f7d3885d6b810646.yaml |  4 +-
 ...2764-02fac00b4da69e9fe78fc7130f860fe9.yaml |  4 +-
 ...2767-12fc948c06bbe2558fcf0a602f5f480e.yaml | 12 ++--
 ...2781-20bfb39c28e57afafa73126a681ef707.yaml |  4 +-
 ...7923-4131547f48ef03f81376294e8bfec1f9.yaml | 12 ++--
 ...7925-7d646a32d0c4bc3814bc480ca69d5434.yaml | 12 ++--
 ...7926-5f7a0857cd225d8f715faf1ad377962f.yaml |  4 +-
 ...2795-6a2386cdcd3910d335805b9ddf952385.yaml |  4 +-
 ...2796-b285571aa8961228c020fb748a563a39.yaml |  4 +-
 ...2802-8461759ea5a4f2c3230ae2ba89953371.yaml |  4 +-
 ...2805-4b6c9f5939660218c2639c17b2048a97.yaml |  4 +-
 ...2811-c8b00e3a8ae7ee111daecc90a5a50970.yaml |  4 +-
 ...2812-c5b5b783e98de972c2044e0acdd3ca83.yaml |  4 +-
 ...2813-4790b4ad8b25152cb39533647a69d638.yaml | 12 ++--
 ...8154-0046efcaf372ceea3cbda093fc9866d7.yaml | 12 ++--
 ...8165-133f9da4970886f2c6daa016271571ae.yaml |  4 +-
 ...8168-97c1ceb18f16975e668ed8d0bd718768.yaml |  4 +-
 ...8169-35d6cb483985201ac59c669cec20a881.yaml |  4 +-
 ...8170-42bbb29a21ceaaa3011864640412a5ea.yaml |  4 +-
 ...8174-9babf2cf45788c102d8f9d4588bf3e93.yaml |  4 +-
 ...2833-1589d579faac8c7d72195578a8342786.yaml |  4 +-
 ...2836-84e13e367dca55445350e25af8c4c3b9.yaml |  4 +-
 ...8367-8f7f33ee1e4675fee4c38d5051fea8e5.yaml |  4 +-
 ...2841-4a9af0a7a0f9267c64d43cbcc0f6e60e.yaml |  4 +-
 ...8414-da0d789e3ff0c2c8ea9e944c14348b70.yaml |  4 +-
 ...8415-d432100581e1c6943b259719e2daead5.yaml |  4 +-
 ...8416-cf02434258a49a4a00aa24a96c05817d.yaml |  4 +-
 ...8417-9d49312a2bc1a33dff873907673334c5.yaml |  4 +-
 ...8422-1e549d9fdcaec4289273d20aedde9604.yaml |  4 +-
 ...8423-81c4580372e23b6ce41423bd5b13253e.yaml |  4 +-
 ...2843-194154b98ea167d5243ca3bc6185dc5f.yaml |  4 +-
 ...8491-a6e5defdd0b61862c997e167d9ee2576.yaml |  4 +-
 ...8492-7f3bbc96f4be604cf6114ca81b08ca3f.yaml |  4 +-
 ...8494-fa3064d32c24f2074e60835d6d0ebe62.yaml |  4 +-
 ...8496-702ceb7e56323b84fbe97e278b8eb74c.yaml |  4 +-
 ...8499-96440e1a43df69d4a2a108bd78a1d55e.yaml |  4 +-
 ...8532-0c8164317d8680b32c0889f7b19b5e0b.yaml |  4 +-
 ...8533-e859444e797e41b8d664b82e23a899ba.yaml |  4 +-
 ...8534-f2a0a0a17a439c3fab0b66d207898f19.yaml |  4 +-
 ...8535-7e792191472cdad1fee49805adc5397c.yaml |  4 +-
 ...8536-296dca83f7d30b213a3d42f8baefd9aa.yaml |  4 +-
 ...8619-87e4105fcd662623c87dc5371d2bcde2.yaml |  4 +-
 ...8620-589eb0de3c09a1f6b4b85bf3ecf20784.yaml |  4 +-
 ...8621-a81a5bf9125eeee92e00bfdaa83c90ee.yaml | 14 ++---
 ...8622-97f7a332ae5645762ec8464bbe228dfc.yaml |  4 +-
 ...8659-e15e05d52edf8dfda475d35365b1fa33.yaml |  4 +-
 ...8660-6f97964629a2d8890727a9938703cfc3.yaml |  4 +-
 ...8661-92d1ed4c27e6f1a39ae5c39770d54c23.yaml |  4 +-
 ...8663-f2bfced9bfd91f1f83f4f10d9e2a4e2c.yaml |  4 +-
 ...8664-6028fbb33888953a639d7f4fdb105b84.yaml |  4 +-
 ...8687-3f03bc4b4b5619e488422c5b9dbcc730.yaml | 14 ++---
 ...8689-1f7578af7b08d6f0682dfe557a69cb45.yaml |  4 +-
 ...2869-dcbc79daa691cad653de67a9ff1a5707.yaml |  4 +-
 ...8690-1bed895aa03e840b8e1fbdc433b64dc4.yaml |  4 +-
 ...8692-0f680b0fba849d5d9ea4bc12dadd3c2e.yaml |  4 +-
 ...8693-843692451d0aaf769ef716bbf02853d2.yaml |  4 +-
 ...8695-9d9f04adbd773a74d47487580aa614ff.yaml |  4 +-
 ...8748-3199c52f1f975758dfffb8998d727e53.yaml |  4 +-
 ...8751-60ae23854ab0f767b1c82b0fb6a8dc96.yaml |  4 +-
 ...2877-a29260605777cb6f82b580e66c46fcb9.yaml |  4 +-
 ...8773-bf1fcb74e30994cb355bab78b549e730.yaml |  4 +-
 ...8774-f9cb3c789647691d2de33bca14ad9edd.yaml |  4 +-
 ...8775-4b1052f9f0f7a36afef9bbca9c94d0af.yaml |  4 +-
 ...8778-fd43c9edc7bf436e03f5d59fcc9642f0.yaml |  4 +-
 ...8783-45a6c5ecbb4131cfd2ebe25ca43d9a26.yaml |  4 +-
 ...8785-6f2bfa44316597918db6902f22101641.yaml |  4 +-
 ...8788-fb290f4001663ab9b3572ec6c32d0eb5.yaml |  4 +-
 ...8790-f7b0dea7fdc53cc395c11a147701c107.yaml |  4 +-
 ...8931-77f1b741caca90f6e233d10f62410685.yaml |  4 +-
 ...8932-f7b23b7f219bdfa01165ca96135e1423.yaml |  4 +-
 ...8933-a26164aedf80b474ee438ebcd8be6953.yaml |  4 +-
 ...8934-c18b0aa1f2de13dec1ee3b9448c0e5ba.yaml |  4 +-
 ...8988-1f532de1970706b80de4de5a54d3380e.yaml |  4 +-
 ...2899-5a9c8ffeceece98dba6df9f5a0d59a78.yaml |  4 +-
 ...8990-800d496f51d819e5732256fbd162712b.yaml |  4 +-
 ...8991-79edec65d658aad88495c54f54d3669a.yaml |  4 +-
 ...9093-216a466c53c0f9dbd8311fa0afa66753.yaml |  4 +-
 ...9094-16f12614c7a820b2ff0d5295346d446f.yaml |  4 +-
 ...9095-73c59415c469f5d4853f326fdd664c56.yaml |  4 +-
 ...9096-0bc37b5f5d5498d8771db41a1e16a982.yaml |  4 +-
 ...9097-69bbdafafddf73eabec5b44d29b3cf8b.yaml |  4 +-
 ...9099-1ea409fe86fe5baf6c5d95a328e05b6b.yaml |  4 +-
 ...9102-440a978024c68b2f27be0eeba3cb55c2.yaml |  4 +-
 ...2916-05f450dd8aa4062aa24fbf2823c60c4a.yaml |  4 +-
 ...9170-e5a8f42155cebe6939f0ccac8621a6a2.yaml |  4 +-
 ...9173-7e41870e8c673b23f19244598ea8ebcd.yaml |  4 +-
 ...9174-8f9a4b2e27aff6f1c97baa2ca96cfe9f.yaml |  4 +-
 ...9197-13e3b44160360e3746c78b8d29452ac0.yaml | 16 ++---
 ...9237-f208b8c044d71b8d44e9868aaf03997a.yaml |  4 +-
 ...9239-4813c58962647ae4a6f05165adf752a7.yaml |  4 +-
 ...9387-fcb2137e4fd0eeb6eaa0769932ceae96.yaml |  4 +-
 ...9422-0bafef3453580e19c740978e87d842b6.yaml |  4 +-
 ...9423-5b5a80245567937203123aecaa90cc27.yaml |  4 +-
 ...9428-bfcc2c70b2c01ba809a238ca61e5f88c.yaml |  4 +-
 ...9429-2612ae00d02e310a6680f563b8b56eab.yaml |  4 +-
 ...9431-9583c7a118279761c36edb998dbf641d.yaml |  4 +-
 ...9433-b1770f9eb849f830c90d98a4a92d2baf.yaml |  4 +-
 ...9434-b4a1c53e99884a28029186adce52a970.yaml |  4 +-
 ...9435-c5c657b48dcb3ae9c728f121d2d0aa85.yaml |  4 +-
 ...9436-60b8d6d9997cb1264cf24cce0caa381a.yaml |  4 +-
 ...9437-6869d4da7d1da9e6712437e8840c161b.yaml |  4 +-
 ...9438-96b2063a0950eb9d73bc44532d96a2af.yaml |  4 +-
 ...2964-b7ed33471f1469ef97fb3b870c3b3d8e.yaml |  4 +-
 ...2967-c3680e3206f99027fb5f3986ae69948a.yaml |  4 +-
 ...2987-755ac9508c7a76c31cd7d0edf80b8b6e.yaml |  4 +-
 ...2995-4ad4d0b506ee721748cb73d977e55c9e.yaml |  4 +-
 ...2996-67e0a9fec932f5d791c2a1af30baf3c7.yaml |  4 +-
 ...3023-5c5967c0bbcbea315d0f076aa78401d0.yaml |  4 +-
 ...0476-e5b5400c624e25843b2372f9abb89d26.yaml |  4 +-
 ...0477-5b09bbfafab13caa853913e46666c79b.yaml |  4 +-
 ...0479-f7de3a4183d7c85f1508bd7bcbb56139.yaml |  4 +-
 ...0480-8b501a3e440ee475a390c14b78d1469e.yaml |  4 +-
 ...0482-e83a61f4951a190bf506663021152379.yaml |  4 +-
 ...0486-3715092a367ddcdb9354396fe5cef26a.yaml |  4 +-
 ...0488-947aab9c660d0a41bcf7e37fa45491b8.yaml |  4 +-
 ...0490-28d8e466f42a7ea620fa3fe2f98c9634.yaml |  4 +-
 ...0492-ae760478256ed9e96e189f019a687210.yaml |  4 +-
 ...0495-6ecaac8965c567964f683839f3212253.yaml |  4 +-
 ...0500-7a378944e613d1b359a5928a9883a2f4.yaml | 10 ++--
 ...3051-903fd5007a29b9028410d0ffded470cf.yaml |  4 +-
 ...3053-2ef42991bf5a3f6fe661eaa83837878d.yaml |  4 +-
 ...3063-cb1e1ee6d4a86d7ed0a6cb77ed172c33.yaml |  4 +-
 ...0745-88404ad5e8128c3699e3c229a21a2eba.yaml |  4 +-
 ...0746-aa0b3a997f2af2400ed5816a52c96615.yaml |  4 +-
 ...0748-afa229bd02db847384791980963680d0.yaml |  4 +-
 ...0749-a4c0765b0c52463caf31b82bc7711eb8.yaml |  4 +-
 ...0750-ad88df41b076143465006e1296e02fd7.yaml |  4 +-
 ...0751-bab2d740e6550ac0744f9a04322bcfe9.yaml |  4 +-
 ...0752-c96e975122963919f6930b9c017e5991.yaml |  4 +-
 ...0777-ebdf981fa373e4823561a65bb577a1a2.yaml | 10 ++--
 ...0778-bb853e4203fd77e0eccd7981cc19970b.yaml |  4 +-
 ...0780-0fd2b55ebd627169d7e7b82b7b9c0e52.yaml |  4 +-
 ...0783-517aef4b1533709bdbf95e8d657f10e6.yaml |  4 +-
 ...0784-3b8474b2759e8c9d48abfea5292a608c.yaml |  4 +-
 ...0786-1772bca649ab5b99b71eb70af7333d0b.yaml |  4 +-
 ...0872-9d98910f079017bb745e5dfdd7b3a383.yaml |  4 +-
 ...0873-8438c9473d07feba9507b08f7b2ca394.yaml |  4 +-
 ...0874-b434181ec4dda3f7c495c50067c97199.yaml |  4 +-
 ...0875-6608e81097680e6fc28899a61a6c4d0d.yaml |  4 +-
 ...0876-00d2f835919a4763491bb6e0afc99ba1.yaml |  4 +-
 ...1073-a2374460bb7e70d55eb2c8c43ce8140b.yaml |  4 +-
 ...1079-13d220693e087642304f87b309abc136.yaml |  4 +-
 ...1080-f213f0cf0f29187e1d444e194fee045d.yaml |  4 +-
 ...1091-5127fd9a578ab8f75789be1aab665dea.yaml |  4 +-
 ...1092-49c0957ce7beb86c6cd3610ef85cd2a3.yaml |  4 +-
 ...1212-572e59930dcc24f750ce3dae22510652.yaml |  4 +-
 ...1213-f10d7adc04b5a73f4d72dd21d3e9038b.yaml |  4 +-
 ...1214-10b5f73ced4f4ae8f40389dd6e188b1c.yaml |  4 +-
 ...1215-90f8bc64469472ae0cd3174d5b6a7976.yaml |  4 +-
 ...1217-2ccf4a97a0b2b289a9997f10c05da014.yaml |  4 +-
 ...1218-4d37b5938e435e55d1b784b692eb0059.yaml |  4 +-
 ...1219-ce4d8c6c1d15b00a6a80a41c19c0a53f.yaml |  4 +-
 ...1221-2f2309313c5bda581e3b02314b8c850b.yaml |  4 +-
 ...1228-514273203d780a9cda87e275d81e2d5f.yaml |  4 +-
 ...1232-d8a9eea8aa488b4edc83d1161c57f57d.yaml |  4 +-
 ...1234-2da3bb827430b38a292fe600fab2f658.yaml |  4 +-
 ...1236-dd27ae18a86029fffd366285509782e0.yaml |  4 +-
 ...3124-495b1b12b50b14325e42d32d8b21fb76.yaml |  4 +-
 ...3125-eef58a96354df2086d4576efe4313ff1.yaml |  4 +-
 ...3126-5676c8d193c6c7c7c19f827a6027fe03.yaml |  4 +-
 ...3129-7d73c621a5e8b7d0767350621fede4eb.yaml |  4 +-
 ...3130-cd46d97404c66642d7eaa5afb0766ece.yaml |  4 +-
 ...3131-4acb0dd741daeb068a56799abff8a41c.yaml |  4 +-
 ...3154-ca565e6cb88aa754dd01e131a2eefadc.yaml |  4 +-
 ...3155-75f34276d9b10d0195d546eabefff833.yaml |  4 +-
 ...3170-01793590016afb66f5a418a945e41a09.yaml |  4 +-
 ...3175-a8d129ffa611a0e2860f9a0cb3ae87ba.yaml |  4 +-
 ...2094-c787c6531ee0637047c0b6f0c28238e9.yaml |  4 +-
 ...2095-024b2767e265d1c0c5a095406c0967d5.yaml |  4 +-
 ...2102-d611c750b72176ae3a8cea6f7095bd28.yaml |  4 +-
 ...2103-da386ce90f0520e508b80fb1a2e2a0c2.yaml |  4 +-
 ...3211-6cf9abd0a55631980f6943dc1552464b.yaml |  4 +-
 ...2110-427edef992d7f7fdd62c26fd579e2341.yaml |  4 +-
 ...2116-03278634b9340d2d49106fefa161e7cd.yaml |  4 +-
 ...2118-5727788917ca5dc70c5a2a8fc41d6ea0.yaml |  4 +-
 ...2119-7fa8eef52402bb269ab6eda7703db35e.yaml |  4 +-
 ...2120-2719d6731668b9065520117203a3303c.yaml |  4 +-
 ...2121-8d3590a739a7dcd2c4eca80910f2eb77.yaml |  4 +-
 ...2126-f2eb2411647af07955e8ded396c4583e.yaml |  4 +-
 ...2127-63aab415fe29b03c8068882fbb1507f4.yaml |  4 +-
 ...2128-6c67c1bd228e1520f2b8d5bf20bbed3b.yaml |  4 +-
 ...2129-3220945a9ad1b5aa7c5c294cafd443a6.yaml |  4 +-
 ...3213-da10288b29dd37bfe67b8eab58492860.yaml |  4 +-
 ...2130-e487dc2fff22059c80c2edae74cd9a80.yaml |  4 +-
 ...3219-6c5fd9bdbd84a5f94cf449613dea61df.yaml | 12 ++--
 ...2237-8d422c3c7895b2b4d7494cb28df2efe5.yaml |  4 +-
 ...2237-9132b473713ba452ca61cd28b37b6336.yaml |  4 +-
 ...2238-e3e7d2debbf761854054ecabf536826d.yaml |  4 +-
 ...2239-a392159f37a0ade5203b528da67d0e66.yaml |  4 +-
 ...2240-27976922dece0aca2bde50f6320bde6f.yaml |  4 +-
 ...3225-5fb9bec95a707650ef979fd037b97227.yaml |  4 +-
 ...3226-2b836e0762bdbf59a8ee2eb5384418f5.yaml |  4 +-
 ...2291-c8bc852e0f629926f8c3b976dbc68f47.yaml |  4 +-
 ...2292-5010f538683e4ce673730780a1277a01.yaml |  4 +-
 ...2293-c3986a6ffb844160a08c3a8660d4bd5e.yaml |  4 +-
 ...2294-0a7db26507a2752830d796f872bfc74f.yaml |  4 +-
 ...2295-38d608cacdc80db417ded65078eef410.yaml |  4 +-
 ...2299-82dd4087673f4e5c2cbc42c8ad11ddcf.yaml |  4 +-
 ...3244-42b4c4c9ef55b9cbba64c1b7340638c8.yaml |  4 +-
 ...3245-6ffb854c265938eec5a761ac2ea74cda.yaml |  4 +-
 ...3248-54afcc25e30c13f6fd81531108a460de.yaml |  4 +-
 ...2496-cfab52d3443d4e82a03b0d2f0889ab4f.yaml |  4 +-
 ...2498-2e8ccf164adc8951aa826c00f9317ffc.yaml |  4 +-
 ...2505-6046df75d04ba248b7035ff17b16ffc4.yaml |  4 +-
 ...2506-efbea6db4c4deaef4b1a0846e33065cf.yaml |  4 +-
 ...2507-05692bb82558cd77ced2449a9947331d.yaml |  4 +-
 ...2508-6221ac90696b9d40486e73f6a756b92e.yaml |  4 +-
 ...2511-946e2c8cf66089d544e720fc4e253df1.yaml |  4 +-
 ...2513-c2ccbf305342f3ecbc58cb5dfedcc25d.yaml |  4 +-
 ...2515-5914d2a62c6e9fda2e52358bd6a051ee.yaml |  4 +-
 ...2519-313015abf6a4029981fb303ae0c8c403.yaml |  4 +-
 ...2520-d5eec60f27d6879accd492bf02988af0.yaml |  4 +-
 ...2574-f1d5eaff1a5d538327565db0438aa59a.yaml |  4 +-
 ...2575-eb2fd42fe2d2e213e39c0b11404601e5.yaml |  4 +-
 ...2576-f129897036a69e5c156d976b88efd3ed.yaml |  4 +-
 ...2577-539276d00e4422db414565e796e54c45.yaml |  4 +-
 ...2578-468f187fbaef8b522a9247e1a677ec05.yaml |  4 +-
 ...2579-53da943f73d7c6e6cd21ccb312450cb4.yaml |  4 +-
 ...2580-f70dd0265071b25825ed4ac0daac6966.yaml |  4 +-
 ...2581-3243534248880dc4d13208e428d3bdd1.yaml |  4 +-
 ...2582-147a2c380c511ff89f6007b5ad85a430.yaml |  4 +-
 ...2584-994e6758795c8c6e11e9f43c7bd4ac1c.yaml |  4 +-
 ...2585-eea2926eb15d95f90b3df3b2873dbe1c.yaml |  4 +-
 ...2586-97e81ce09ae72195c5b04d7f6a992589.yaml |  4 +-
 ...2591-416f60ea7c83625605d6748aec7fe39d.yaml |  4 +-
 ...2595-6c441629c885cb1da3fc16e4bca4f23b.yaml |  4 +-
 ...2596-910100abea99ef6c374051083d0fe4ff.yaml |  4 +-
 ...2599-13830cbd72a32fb533758edb07ec60b9.yaml |  4 +-
 ...2600-50ad7e6a87a7ec0f76525597202c2f2f.yaml |  4 +-
 ...2601-437e935b70b10e1a496119f3d8fbac5b.yaml |  4 +-
 ...2624-20e7688da466978fa975c03a8c97cece.yaml |  4 +-
 ...2738-bce2c57392aa12eefee039fe25226280.yaml |  4 +-
 ...2741-2cc77b5ea4b45b7ee724687c14467261.yaml |  4 +-
 ...2743-62fe87d4141e78303e17a76d693266f0.yaml |  4 +-
 ...2746-36407f459596fb4be9dff24b707a16b5.yaml |  4 +-
 ...3279-7f9e6cd367e17f5d58e3f74e4dd23702.yaml |  4 +-
 ...2793-7d14368de367a2adadf4a2871484c186.yaml |  4 +-
 ...2795-0250c115051a0a19911ae4becfbbb8c8.yaml |  4 +-
 ...2796-971d7261bd1edf88014f77f83ee8b436.yaml |  4 +-
 ...2798-4ae509b53172b618cff3a0afd6c091e5.yaml |  4 +-
 ...3295-0115c4f456db0247c3530a55e2dfe13e.yaml |  4 +-
 ...2957-a68d2dddb296088b38bf42abce9933d3.yaml |  4 +-
 ...2958-f083409bbde8131959cd560116eb8b78.yaml |  4 +-
 ...2959-4afe438c3219ba223c08f05567ce5890.yaml | 14 ++---
 ...2959-57ce58b6230c68936a87b493b14f2285.yaml | 12 ++--
 ...2962-636baab4ac31da3f60a0d64060238890.yaml |  4 +-
 ...2963-8943f00b83bb9af4ef7c839b2bef305e.yaml |  4 +-
 ...3208-5b40ee65b1caa7d96e4e60846451b515.yaml |  4 +-
 ...3209-b91a2480651782f3bb16ba3659354dba.yaml |  4 +-
 ...3210-f0470adcfca34e53051811d10184b858.yaml |  4 +-
 ...3211-2cdd87e3f80dc46e464c425f1498ee45.yaml |  4 +-
 ...3213-0da2272f6fad3d314fe055d518112eb5.yaml |  4 +-
 ...3215-8d570fcab536c9b0d9a14e0fe3f1fda7.yaml |  4 +-
 ...3216-11d5ca6aae21b29aac64f7355ab7d838.yaml |  4 +-
 ...3328-1b076d88024e9e8fa50fb517fb49e6d5.yaml |  4 +-
 ...3310-d8d7674d520927a7ad2ed94f66363231.yaml |  4 +-
 ...3311-27391e149ab2871748f52ce997dd4e34.yaml |  4 +-
 ...3317-d1c23493ccad67b72beabba59496692f.yaml |  4 +-
 ...3318-1a8df042079c3b5a71f5229720de76a0.yaml |  4 +-
 ...3322-64fa318eea101296cd3a97fbe96ebb75.yaml |  4 +-
 ...3323-ab42ec9d60829884112a87fe093b6c61.yaml |  4 +-
 ...3328-249f3208e9e6f6c1af58b4828d3f6027.yaml |  4 +-
 ...3329-b832c46935cda704a801fdf109478436.yaml |  4 +-
 ...3330-9f39bbe8da0a79b61b743c5fac55c881.yaml |  4 +-
 ...3331-d801fbca464a51e293e83c92692f388d.yaml |  4 +-
 ...3333-83ba977a44de14ef1ffafdedd6dd629e.yaml | 12 ++--
 ...3342-d95100aaa0c0f9fcb84493d4239628ac.yaml |  4 +-
 ...3343-3d14b08568400569a677dd320c2e823a.yaml |  4 +-
 ...3344-c35094b437e27c460747dae02d21159c.yaml |  4 +-
 ...3365-e6a704ce234334d9f31ac517092f1bb0.yaml |  4 +-
 ...3369-e7894ec8416d5b9bca834efe054366ef.yaml |  4 +-
 ...3372-30c4f098df3ec040d50017f604f86e26.yaml |  4 +-
 ...3387-01d1d88da52813ba88f89d4ae266435f.yaml |  4 +-
 ...3392-20e2ffcefe24845b4b4e6344c91c5c95.yaml |  4 +-
 ...3922-287536d4e13889455f637b6c851d2004.yaml |  4 +-
 ...3923-06cd0f178ae533c7b94126d052d17b3f.yaml | 12 ++--
 ...3923-d566c0816c38ea6ca24760850c1eaf4a.yaml | 14 ++---
 ...3924-1d1308e4009a475d471dafd71ee14d32.yaml |  4 +-
 ...3927-bce926ab22529c16e0539f0acc228409.yaml |  4 +-
 ...3928-beccbd5d983b56da7098c3b6df8c3b57.yaml |  4 +-
 ...3929-3b5f830cc2d293978dbe39244d121ee0.yaml |  4 +-
 ...3994-971075c7b5684cf126577f8a88b91254.yaml |  4 +-
 ...3995-e07e7d71dc600bc27e4f1c11c365c393.yaml |  4 +-
 ...3996-a8def04824c95aa61e5602395bc3c9b4.yaml |  4 +-
 ...3998-f48220ff86f125e37c7a8dfee9752f3b.yaml |  4 +-
 ...3999-3025abb89074bfece497106ff98a8953.yaml | 12 ++--
 ...4003-e7840c043e4c24ed6e535dc7a65aee86.yaml |  4 +-
 ...4004-615764f544ee769c8562683adf2e3c22.yaml |  4 +-
 ...4006-0caf4f2b6437a679adbb5b527c6703b2.yaml |  4 +-
 ...4007-5c72e030a59da55164488a0121d8367a.yaml |  4 +-
 ...4009-0e6b771f58abc47bc1cd00cdb88a6b13.yaml |  4 +-
 ...4013-29bc9c14cc220941303188c45b9daf29.yaml |  4 +-
 ...4018-69235207b58aed8fe2c8ecd662e7a82c.yaml |  4 +-
 ...4019-66d45612d48c50a420406488ffbcd2d8.yaml |  4 +-
 ...3403-d335e6c8c52890984157995f488f49da.yaml |  4 +-
 ...4030-3faec85547682ca0daca65d7bcfe4f48.yaml | 12 ++--
 ...3412-8ab353496a7495d9f3fe5d5531e368eb.yaml |  4 +-
 ...4168-1540a4d1322834c5a338a51354b58ee1.yaml |  4 +-
 ...4170-d9e29420afd04acd93625f8acad7ad8f.yaml |  4 +-
 ...4172-adeb22f24ece0b4bc846eeeff12f100f.yaml |  4 +-
 ...4173-ffdf4101e49b7fe440cdcd6bd244561e.yaml |  4 +-
 ...4179-1d9266ecaa07d410393e4d47b4c9954f.yaml |  4 +-
 ...4183-4b751d7bee414741f3c79461b74b4584.yaml |  4 +-
 ...4186-924d818a306e9e6b06f3cb1274c2304e.yaml |  4 +-
 ...4187-cfbef64f1e1fba4c3a45a9c3c672157f.yaml |  4 +-
 ...3435-e95622a863397746d0d019b16e681085.yaml |  4 +-
 ...4368-c02729e12026bce3dd84d6631a92ade6.yaml |  4 +-
 ...4369-46799564b7a9d79d9f58df7d68a85824.yaml |  4 +-
 ...4372-376bf43456853b74eb2f520d8ce53233.yaml |  4 +-
 ...4376-a483253d605901e000058299d42af1c9.yaml |  4 +-
 ...4377-2e12d42eb302e6a61f201e211fa0da28.yaml |  4 +-
 ...4381-919cf6f31f29222aa869aeeb40e21222.yaml |  4 +-
 ...4382-e63e30ec60f147aa93db545efe75d6f6.yaml |  4 +-
 ...4383-df9102694b36792bdabf02d0dae189bc.yaml |  4 +-
 ...4385-554b3becffafc2d7533a6574bfe4f7de.yaml |  4 +-
 ...4387-903a37844bea1fdaf4cd48ec6980337e.yaml |  4 +-
 ...3447-3ac7913de6e3ab3bdc9b5e42fbbe516c.yaml |  4 +-
 ...3459-4f3805308ff329789ed39fb1a7c50453.yaml |  4 +-
 ...3492-2cc21eace9abb2004f2ff03d1c79dbc9.yaml |  4 +-
 ...3499-11a45c98dd2f844970dab94e4b84b3d9.yaml |  4 +-
 ...3501-e2849c772d6e6f64d56860e36e54564f.yaml |  4 +-
 ...5037-c3e49cc5a301ec2fc03ff611d9afd783.yaml |  4 +-
 ...5040-349038bfb8ad974ae4bba5615712f5b9.yaml |  4 +-
 ...5041-99ed4f84114970decbe599553d25ef62.yaml |  4 +-
 ...5045-c3880379f0826cf949058267ed182aec.yaml |  4 +-
 ...5046-a835e225538d98a6a0f49f942c25b6a5.yaml |  4 +-
 ...5048-de725b70e5d07ce131e255467578f038.yaml |  4 +-
 ...5049-3b50ede48b2cfc5cc49521992d3d9653.yaml |  4 +-
 ...5050-500730a31af9acbaf8945d735529d69e.yaml |  4 +-
 ...5090-99f4448a717d374af03d744cdc0eb9ad.yaml |  4 +-
 ...5093-f9e11f76930ee22e20526313ed9f389b.yaml |  4 +-
 ...5094-1c68ed9adb5cb9e4bd046ceebf588774.yaml |  4 +-
 ...5095-bbbaa8f4798af45f432fee689b1a5feb.yaml |  4 +-
 ...3510-3fbce7126258b6f86e3d8d39cbcb69cc.yaml |  4 +-
 ...3575-acd3eef162930a0876122d4b56734acd.yaml |  4 +-
 ...5776-5558112c84605e9bc74e93c1eb9fbe3b.yaml |  4 +-
 ...5776-71b25caf3907e04060e0d61d5bb4a2e5.yaml |  4 +-
 ...5777-362ad579ac93dd9d0975339b992aaf7d.yaml |  4 +-
 ...5779-05c88cf821e14c133b503ea979e12c4d.yaml |  4 +-
 ...5875-f66a440cd899e10b9d3c84e8064d84c8.yaml |  4 +-
 ...5876-249dbfd7183b6684ad412dc7f00e598b.yaml |  4 +-
 ...5878-ff2f93ef83cef5530210b6c4053efbfa.yaml |  4 +-
 ...5879-b89386d59e4ac2c68e4b5b1c7b8ceed1.yaml |  4 +-
 ...5881-3df49792a8ece76a8d711abde91f5cbd.yaml |  4 +-
 ...5882-55664802ca8a80e3857f1283c80160e1.yaml |  4 +-
 ...5910-88a3fac791c3551827ed85f785e74c8c.yaml |  4 +-
 ...5911-4493ed5056e4671039baf554adba702c.yaml |  4 +-
 ...5914-c710e29aeb4a754ea209ddfa89b2e510.yaml |  4 +-
 ...5915-f291a0b96ba11ad5b48df58ad86c38db.yaml |  4 +-
 ...5916-477398bcb43958a50c7a7519798e0391.yaml |  4 +-
 ...5918-8a651f3bc7f119f869db333cd8567d87.yaml |  4 +-
 ...3601-4c2b5bad649e24fd03a9941d8a2a227e.yaml |  4 +-
 ...3636-0a72b6924fec36fec1dd6c3deccd8793.yaml |  4 +-
 ...6381-5296c4f305bae7ac7b64bb4111846d67.yaml |  4 +-
 ...6382-9fd777f73c4ef625b6fdbf9d8363a65e.yaml |  4 +-
 ...3645-ec6c4566c5b89e861708c86d4c662f99.yaml |  4 +-
 ...3647-2c744f500a4cb530f5a915c698c40d99.yaml |  4 +-
 ...3650-5ef4178486944c845329dc8d7715fea8.yaml |  4 +-
 ...6503-5e63735b86336209453cce97844f636d.yaml |  4 +-
 ...6504-47cb3cea5c7ee929fdb9a30f97cd8b93.yaml |  4 +-
 ...6505-9b10289c81ee712ffc41aaeeec7d52b6.yaml |  4 +-
 ...6508-74041a1cd73f08568e0ec3ed47a172de.yaml |  4 +-
 ...6510-804968d490234b5a152e19bbec2ea599.yaml |  4 +-
 ...6512-d7fca3e11b3b0863de2f43ab6c4390c1.yaml |  4 +-
 ...6516-1f34156a3d4672d58e020bb5b55f0b64.yaml |  4 +-
 ...6518-f768e79079373c221f74efaccdcb8674.yaml |  4 +-
 ...6519-325c2ee814ddc7331db5383ec03956d1.yaml |  4 +-
 ...6520-a85ca9a2b7f246b28c6ccf181717216e.yaml |  4 +-
 ...6526-373dd0a06bd13b32d55487814dbab124.yaml |  4 +-
 ...6527-ebe4222fc5927e1301c1b27600c1ee1b.yaml |  4 +-
 ...6529-a2b34dc7c637e9503c30ea45277c4ce7.yaml |  4 +-
 ...6530-401b607f5d2e6f27bfcb5e6df2983f64.yaml |  4 +-
 ...6531-65871570265ff3cbf8c9f9629c5ab326.yaml |  4 +-
 ...3667-2a0968e3dc51c0d6442ac11d19f9e211.yaml |  4 +-
 ...6677-f2cabdaf778fd02d270ecff63ff16022.yaml |  4 +-
 ...6678-d7e80e6f1bf77fdb58c4ef0772ba692b.yaml |  4 +-
 ...6679-d75adb1e1a8470a2c11b41a61ac1c215.yaml |  4 +-
 ...6680-165f51757c849b44f8513611b7cd23ef.yaml |  4 +-
 ...6681-ad516406623ae6ecf9dab15916a4b830.yaml |  4 +-
 ...6683-c23d0468fa1aa29e9cff4258e8e5f1b7.yaml |  4 +-
 ...6684-144ed0d6a5cb015106c17c6c273b534a.yaml |  4 +-
 ...6688-401f06c28c1cd430ed4024172948f5b4.yaml |  4 +-
 ...6692-a7963745ff69e39eb4bbcfe48cff5818.yaml |  4 +-
 ...6694-3b5accdca91dd653d9fdbf15959cc447.yaml |  4 +-
 ...6695-80e328ca936017b96ab31fe4d42f9f3e.yaml |  4 +-
 ...3677-e3fb45d4e1d6f55f124a91bc17024113.yaml |  4 +-
 ...3706-3d9f543216228e07e8805addbdc60815.yaml |  4 +-
 ...3707-f60eec61fd032c9a9193cb04ba124ce1.yaml |  4 +-
 ...3708-161c9677e95eb847dc432eddc65db142.yaml | 12 ++--
 ...3713-602df06e81e9929680d21f57b3d3e3d7.yaml |  4 +-
 ...3721-00703f6574c6499c4c754c18b06e2fac.yaml |  4 +-
 ...7388-6da6015396d12ad265b2f5a24810c5e3.yaml |  4 +-
 ...7389-6104fab3d6323129ecb2671e037b46ea.yaml |  4 +-
 ...7394-422c4f76899e03c0666b1907832b3ab3.yaml |  4 +-
 ...3746-3492aa2f8ff8d594f214ebc3c0f6df74.yaml |  4 +-
 ...7866-49120404cfb8d5621438564fe9eb32bd.yaml |  4 +-
 ...7867-efe780e12c2c72ceb89cb957cd97aaac.yaml |  4 +-
 ...7869-476134bec82a295d4478418acb3a1fc0.yaml |  4 +-
 ...7870-ac9e437a3a3be183da02189f782c1fad.yaml |  4 +-
 ...7872-c19f8aaf85e78b37bfb8827bc7a43d0f.yaml |  4 +-
 ...7874-3400f4eb6ff8887592360d9448530f42.yaml |  4 +-
 ...7886-4a61498f6efba74cb49bf8c1a7045be1.yaml |  4 +-
 ...7887-f1f206bccc7ec9ca4ed21059b6547361.yaml |  4 +-
 ...7890-d5de86927ffadedc80433179f0132f85.yaml |  4 +-
 ...7966-1e01dff414d04212c3c6453a2d281edc.yaml |  4 +-
 ...7970-2569de726bff5107260fe23150979031.yaml |  4 +-
 ...7971-e39ea928bd894c6c2a483c3234cd1111.yaml |  4 +-
 ...7976-5344d2a9421d4134e013b9ef9543b210.yaml |  4 +-
 ...7980-c6eebad0122883aa540363f1389d9ced.yaml |  4 +-
 ...7983-47deea3f06e73d1d92fa8e2918f9b61e.yaml |  4 +-
 ...7986-5f0a636903de630172f072592f6edff3.yaml |  4 +-
 ...7987-c5fe48358feae544a0b21efff11ac6fd.yaml |  4 +-
 ...7989-a80bdd8568c61aa45e987adfac4d1b71.yaml |  4 +-
 ...7993-8b316c2c5c57a5bec4fddd68dace9cd3.yaml |  4 +-
 ...7994-6866d09139386202bbed5983be370086.yaml |  4 +-
 ...7999-719fa4e7b6c83ab485c9d95f46e8edb7.yaml |  4 +-
 ...8000-8629a041445673190f74e67cf1a4f264.yaml | 58 +++++++++----------
 ...3814-1ced58320fa56965f50860e215f3e06d.yaml |  4 +-
 ...8383-a96c597219ed29fc68772417c5a3093c.yaml |  4 +-
 ...8386-740df732c021f2878fae481d2ff89873.yaml |  4 +-
 ...8387-7666fb1e1d2345dc70da7aee12ac3253.yaml |  4 +-
 ...8391-a3ea3eadba50d012fd5181689a40ff84.yaml |  4 +-
 ...8393-706995907d69bd14e09ce77802032800.yaml |  4 +-
 ...8394-bfeb7be408c868527d6e4e4ae715a094.yaml |  4 +-
 ...8395-bb2e17c35167609647005349850505d1.yaml |  4 +-
 ...8397-ea5c3acfd64b155268d32c3228d1c82f.yaml |  4 +-
 ...8475-a9d63cf96793705be5a47f94a1b589be.yaml |  4 +-
 ...8476-0b15ae4e67ed167e4179722b43d42dc7.yaml |  4 +-
 ...8477-800d1ab574434819322506f176feb04a.yaml |  4 +-
 ...8479-5d0daee3984605beba0293322e7ea274.yaml |  4 +-
 ...8480-37d5b7622ee837d13b79238620e127af.yaml |  4 +-
 ...8482-107104bc14e921090e757f0c5c64d34d.yaml |  4 +-
 ...8483-417113d5b23fd45edbcf8209f3cff8e9.yaml |  4 +-
 ...8513-3bdb0d0ea9cf8219d34566c6858ae4f8.yaml |  4 +-
 ...8516-4a822bfcb4b13bd5154ea0a206a03b5b.yaml |  4 +-
 ...8517-b7300a2ec84dffd7f0d27ca9d7ff574b.yaml |  4 +-
 ...8518-2504b2285582e1e86e6e013779bb055f.yaml |  4 +-
 ...8519-373c4ea18f9baeef2872a78ab527c078.yaml |  4 +-
 ...8521-4f6c9e5f134bc3a7357c0b3f26384141.yaml |  4 +-
 ...9157-cdc0a1afbf2cc009eea0f7deda8a5515.yaml |  4 +-
 ...9161-78755e457e479cae23d5dca42eeac5db.yaml |  4 +-
 ...9305-c1cf31deca47ab06031c32c6f87e918a.yaml |  4 +-
 ...9307-e3ee06b08069cc90d373b87f289545a0.yaml |  4 +-
 ...9309-b40b112aba812047c066895073435f9d.yaml |  4 +-
 ...9310-5a8b95e9d623c8f7e9c70ff9c8a761a0.yaml |  4 +-
 ...9312-bb65f92eeb63b478b2f218d634d42a06.yaml |  4 +-
 ...9313-e6b2cb8bfdcceb721cbe5b7ffbe02c9a.yaml |  4 +-
 ...3956-54fd19cb983e5e5bd13d627c9c0487ab.yaml |  4 +-
 ...3957-54c49ed92754fe9b72ea28cef486ac0b.yaml |  4 +-
 ...3958-be653cd14bcab55a461716f49e0f0156.yaml |  4 +-
 ...3977-c451f687ef3559dbeeebe92c1e87ed44.yaml | 12 ++--
 ...9919-c41eb0b63074858e7a2ad3fb4237d823.yaml |  4 +-
 ...9920-fc89ed1d43552a7a477f16e3ec9d6e29.yaml |  4 +-
 ...9921-1a6bdad9f927d9cadf5b74b8297f6ad5.yaml |  4 +-
 ...9922-855366bc54f67a90854fe071e412ecdb.yaml |  4 +-
 ...9924-99f94d5f6f5961794646e333f2e12898.yaml |  4 +-
 ...9926-90c77c994b57286cd58b89b0a94442a5.yaml |  4 +-
 ...3996-0786d35a357f001d251a3bbf5eef2d35.yaml |  4 +-
 ...9987-9b48b8479f4c58ab28f6369c437cd823.yaml |  4 +-
 ...9988-506b320d59fe9094f7b88764f2b3b6fd.yaml |  4 +-
 ...3999-1209e60c33aa42384c4d16b88f0a5ed8.yaml |  4 +-
 ...9990-001a8dbb2842e703a09732c4c42c632c.yaml |  4 +-
 ...9992-c1f8f105aad937fe6b4d3f7e729e9b4d.yaml |  4 +-
 ...9993-01583a85c3bb765e7b9d1e3e575dd138.yaml |  4 +-
 ...9994-744209b23a7e6299f52186bba738be87.yaml |  4 +-
 ...9996-124a6a229ba4bdf103aa1881e7bf0b04.yaml |  4 +-
 ...9998-6bcabc3b4e69486405e1172846710922.yaml |  4 +-
 ...9999-42b34351cf4116e30de29d20e17168cb.yaml |  4 +-
 ...0002-21b746fb77ead6544f6c7dbfa1edc718.yaml |  4 +-
 ...0003-b61b6ac3b97f0d01cb8ed1723488895c.yaml |  4 +-
 ...0004-9c485cf198874e1abdd12011232fd4df.yaml | 14 ++---
 ...0005-3e264890774be501312d562a2e66b9a4.yaml |  4 +-
 ...0007-62cb33b4f205d311d390e62fba25cd36.yaml |  4 +-
 ...0068-62768c2e4740e3e20150e0c67af690b3.yaml |  4 +-
 ...4019-c3c6f65072fe37bbbc2ef7dbe119003d.yaml |  4 +-
 ...0197-652d56be5b505867587dc16b9cc45713.yaml |  4 +-
 ...0200-9f65d6fc085d85b53357bd33fa3d4834.yaml | 14 ++---
 ...0203-8aaee0ca0357561b8fb5f4652479c99b.yaml |  4 +-
 ...0204-aa05d3117d6e609391e83e8b970f2625.yaml |  4 +-
 ...0206-aab17c6b24a2dfba03255d9a47e0c674.yaml |  4 +-
 ...0207-6f7b5cdd2c06fd389f02600d38bca12e.yaml |  4 +-
 ...0209-a3e9ff26d980a2a3e39533f0b78e5d83.yaml |  4 +-
 ...4021-4092810de68e3fe8831c5002fea9ea96.yaml |  4 +-
 ...0213-d3b5c660c8e70bcaeca06e534455619d.yaml |  4 +-
 ...0215-9c1a7ab296fd9381f729867ce6c145d6.yaml |  4 +-
 ...0219-c85d6be596b55b91d137e8053b85f064.yaml |  4 +-
 ...4022-ab1eb5a48a622a49086f766ee1ce86ba.yaml |  4 +-
 ...4023-64408a501c37fbcf42b9db6bc5338336.yaml |  4 +-
 ...0326-cb9adf9824210ad3d3e7d6f714b65556.yaml |  4 +-
 ...0327-0c5c03e535c02675bf0d5fbe19ae065d.yaml |  4 +-
 ...0328-d0bff2c3c4777b0c5230adf64beddf0b.yaml |  4 +-
 ...0329-0e96d2ec3c953050a17aaa45bf8227cd.yaml |  4 +-
 ...0331-9ea3c82ee3ff18eecbc44a826a19457f.yaml |  4 +-
 ...0334-b127fca718a0b357c2daf67816c8cec2.yaml |  4 +-
 ...0335-38c76ee17f970b2f9f7455a9aafdaf8f.yaml |  4 +-
 ...4035-38f522639c782f75ecbda00625777030.yaml |  4 +-
 ...4040-1c5c778d8970e8a4e068e0dd69740d62.yaml |  4 +-
 ...0552-642950df2f7522b38841579e45f2fa32.yaml |  4 +-
 ...0557-1aa0e79be369c61efc2c0807922659cb.yaml |  4 +-
 ...0560-53afece9446695901fc03dfbb692e04f.yaml |  4 +-
 ...4059-00e848a455a7983930f44875cace1026.yaml |  4 +-
 ...4060-41758ee37f85a4ada05dbd855bba9b0b.yaml |  4 +-
 ...0603-7a420ee74601bcf08094df0c89e9ad5e.yaml |  4 +-
 ...0604-b9008bcb5ccd36f2981a1df579798a3b.yaml |  4 +-
 ...0605-8a6899bd3b3c6951efcee5344ca06fff.yaml |  4 +-
 ...0606-b7ae92a9935669b4053689b9e0cbb221.yaml |  4 +-
 ...0664-183ebb9bdb87985c4ca10ea8af8836ec.yaml |  4 +-
 ...0665-67ad930884b5b87d29530a8be64ff268.yaml |  4 +-
 ...0668-b2cea8a198e9a575447977f949754486.yaml |  4 +-
 ...0669-4783eb0d865a9f683c0f42594f272a3d.yaml |  4 +-
 ...0670-6663c4e8258a97ca80d8e61f0b37ac68.yaml |  4 +-
 ...0672-c9799f12c2184eb30d64cc5143268b5b.yaml |  4 +-
 ...0674-2b45864828a1aff6937ee7dc2951db60.yaml |  4 +-
 ...0675-8417ca6ea2b385ef6685bba03ed8d8b5.yaml |  4 +-
 ...0676-423f90da633eb79297c96d8f0abf8be5.yaml |  4 +-
 ...0677-673a5e282a31715aadad077526dcf5b4.yaml |  4 +-
 ...0678-675d927de3b1b53ecaa9209929290da6.yaml |  4 +-
 ...0680-a3fa83da79405e5abf7cb2c0fd1ed37b.yaml |  4 +-
 ...0681-b86dfb6f9dd8aa205cbc3842be669c7a.yaml |  4 +-
 ...4109-3c9dac2ddd3bec2b9b5eb5b21c8ec91e.yaml |  4 +-
 ...1127-92de377343f9b56c26e4f5ac1766852a.yaml |  4 +-
 ...1128-1c48d6771b0e3d17023908b8bdc75005.yaml |  4 +-
 ...1132-9d69b5dedc1dea8d291f6cedb75f3be2.yaml |  4 +-
 ...1133-eed5959a62db993b12da83da9d803446.yaml |  4 +-
 ...1136-5a0364c13a90f16b0ef1e911c302d0f2.yaml |  4 +-
 ...1239-09573bbd55ffbde9d233ad38438e8f66.yaml |  4 +-
 ...1240-8930cf2379d26f27d4dfc818449f89c9.yaml |  4 +-
 ...1241-3d8dd9beb9e2d1b17d8d01ef045ea5d3.yaml |  4 +-
 ...1242-ed4eb2c4883d6e7594e77a8d9e41fb0a.yaml |  4 +-
 ...4140-51b67c232457e0e4e3e29917fed2f232.yaml |  4 +-
 ...4141-0d112b75baa32165ac17ae118d62fed2.yaml |  4 +-
 ...4142-7705126a4ed4d1dc1d9561088cab0d7f.yaml |  4 +-
 ...4153-137251846c7319666c4983642238e856.yaml |  4 +-
 ...4160-669481af47f05337ab733ec932b4b377.yaml |  4 +-
 ...1649-c5037c5f6ce141975f7a422878dcc1cf.yaml |  4 +-
 ...1656-267d7435385a9582ef7c8199e8931303.yaml |  4 +-
 ...1657-ca4ae9210ad5c6416e62ede162724557.yaml |  4 +-
 ...1661-714adebc0f79250fa11c7babb8af735a.yaml |  4 +-
 ...1664-e1e05c3d687b12217db0b7b57b7d94d7.yaml |  4 +-
 ...1665-941ef3ed4e3d287ad92a76b5c6b10f89.yaml |  4 +-
 ...1666-9bd703646402672c6e3df139cb8847d8.yaml |  4 +-
 ...1671-d3760060833c9e24b772fab4457401bf.yaml |  4 +-
 ...1683-4150b6c5ffc14f9f916be876839f27fe.yaml |  4 +-
 ...1685-1b283946c80a7878d62493f2e843e97b.yaml |  4 +-
 ...1687-5354899032ab4aab5f7e436527798ae7.yaml |  4 +-
 ...1688-cf39fd16fb8f788c8db751f0dadfb29c.yaml |  4 +-
 ...1690-6b2cae5676cc752aa89b0a0ababa3a92.yaml |  4 +-
 ...1695-d12af8e80ae1c421ffa919ff53dc2e47.yaml |  4 +-
 ...1728-dd783793d1579786f0da18d50db26b6a.yaml |  4 +-
 ...1729-572ada3e2b5cfd266bbe4d55b671ea76.yaml |  4 +-
 ...1731-a18a9d03d5ff2c74e7d4dd874ea75ae5.yaml |  4 +-
 ...1733-0adc72a8beddf445761ccd2b42cda0f5.yaml |  4 +-
 ...1734-027f8eecce0a5762cf1bc3cc2ca92e8d.yaml |  4 +-
 ...1735-4eac7176009c682727808e01e866ef23.yaml |  4 +-
 ...1736-8758f22404dd62cde026b1679050e44a.yaml |  4 +-
 ...1737-861a2a6e66a953eb50c087718b438c88.yaml |  4 +-
 ...1797-9e153a23809280911bab79339940a337.yaml |  4 +-
 ...1800-52d99f3d726c6a2b0f9591cf7e9202f7.yaml |  4 +-
 ...1802-9a23102fb64a765611d796440b87f458.yaml |  4 +-
 ...1803-bb0ef31fb16bd70576b63c47a36e1c9e.yaml |  4 +-
 ...1804-53fb886a588d15854380c3b94bdeab19.yaml | 12 ++--
 ...1805-27ee53c7765f3cc7ca36cbf7ac963e20.yaml | 10 ++--
 ...1847-18ae8fd1e9cb93487e81ac53ef4e167a.yaml |  4 +-
 ...1848-24a3397fbf299aff4ecd7a231ef53936.yaml |  4 +-
 ...1849-a6ade812b7794f2ce71092e01b3f3441.yaml |  4 +-
 ...1855-6c7076324759f17d9672657f46020f5a.yaml |  4 +-
 ...1857-b512f326cf614df599ebd00014aea201.yaml |  4 +-
 ...1859-b3374ece5f330b0776522f2f5130afbd.yaml |  4 +-
 ...1862-6cdecc6c25d61ef54d3cce62a39d5781.yaml |  4 +-
 ...1865-55b1133e21935d007c80035f80fa6446.yaml |  4 +-
 ...1866-41e70074e724b3d58c82d2325b25db5e.yaml |  4 +-
 ...1869-bd68d113848e70b56a089eb9f2977075.yaml |  4 +-
 ...1870-53abed64d2c7da6e29618b2b45471eff.yaml |  4 +-
 ...1873-cef3df52a6e193270f584096ae2ab14a.yaml |  4 +-
 ...1875-169725f2f4440d7e4d2c8758f176453b.yaml |  4 +-
 ...1948-bd04f483d63aabca8f2d0d86dcbe84f9.yaml |  4 +-
 ...1949-7c92e9b689e3db3a0760660dea080463.yaml |  4 +-
 ...1951-85898493501c4d75829911d4553b254e.yaml |  4 +-
 ...1955-e5a55bdcc25518bd7b994104c01d9391.yaml |  4 +-
 ...4213-669be7a13bf58d1940739fe39615ab4b.yaml |  4 +-
 ...4238-0dc878d77e3a3194c72fdd6ba3814c5b.yaml |  4 +-
 ...4239-ce5b36195b53746aaff59fc078e530e9.yaml |  4 +-
 ...4242-cb4a0a7493c7105139c64a6aefea1dd1.yaml |  4 +-
 ...4243-1e47a59c0ad1f7f985e2120ccff4f8d1.yaml |  4 +-
 ...4245-6173b7b86957899221b3529556dc4a8a.yaml |  4 +-
 ...4253-67e61488b97755fd204f3e38d91bbcf2.yaml |  4 +-
 ...4254-584e49f9f9bb47c562f3e0a8463d6240.yaml |  4 +-
 ...4271-27268d0b59c1274c726da2859a7e1b6d.yaml |  4 +-
 ...4274-6fc26492de3e14b8a03318635a942d46.yaml |  4 +-
 ...4276-08a30537532865cd761666366968e42d.yaml |  4 +-
 ...4277-be08bf68983d62c13cc53ac7ac785641.yaml |  4 +-
 ...4282-735922333648d19765f3918bee1c33f6.yaml |  4 +-
 ...4283-7ebfb915654b21bb1907517d4349fa05.yaml |  4 +-
 ...4289-619a199c4aef0c8ec4b0e45c8c920810.yaml |  4 +-
 ...4293-1a67baf6167d3af7ea57dc54d855070a.yaml |  4 +-
 ...4297-0ce6b6a0e9e78d060d6ca04414281584.yaml |  4 +-
 ...4298-93f5b1d9d41a68948272932dc6addd39.yaml |  4 +-
 ...4300-9ab53108097247c27c02dfd755c3ffcf.yaml |  4 +-
 ...4311-739af30ba304d3e19c7edf50976bcb67.yaml |  4 +-
 ...4314-23d1479acb7980e0e80c8871beec9664.yaml |  4 +-
 ...3493-f56dc5bbdc913e57ded42347de5ef8aa.yaml |  4 +-
 ...3610-fc6e5379eaab092cc08185fd85a10348.yaml |  4 +-
 ...4372-e320d6afe142ff2886379823eb8759ba.yaml |  4 +-
 ...4374-b5b3726a38a0d1a56eeda75879ed92d9.yaml |  4 +-
 ...4376-0bd471365f33bde2fc9b3cf18367b907.yaml |  4 +-
 ...4386-daec7d39bacac9f0d791f41eb89b64b4.yaml | 14 ++---
 ...4388-fb01f61580a3daa6743e2536b3904a23.yaml |  4 +-
 ...4390-ffda73ee0ac47c439700ae8ebfad208d.yaml |  4 +-
 ...4402-de6bb81e5776b8853821078d5af9e37e.yaml | 14 ++---
 ...4142-a7d769783ca2c437e9a1a4760da51769.yaml |  4 +-
 ...4145-843f515046670d7a382e75e7e4f584c1.yaml |  4 +-
 ...4148-3e0d971821f286a488f83631df3f9e8f.yaml |  4 +-
 ...4149-825f1e0aa5ff97544f2d8803cf6504ca.yaml |  4 +-
 ...4228-a274b1ec9586c121ed58c6cb9eda6a2b.yaml |  4 +-
 ...4229-54520ac61a70e176cb0b123fca675fcd.yaml |  4 +-
 ...4423-5dfd39caa2a4a17a9d81b2bcb48fe7a9.yaml |  4 +-
 ...4230-584864f4cdfe17f88fd042ba6424f8ca.yaml |  4 +-
 ...4234-87f838d84fa79999236dcd79f1342013.yaml |  4 +-
 ...4239-92ee681763fb9cdadb89c1275ea24df6.yaml |  4 +-
 ...4242-c5c3a05f327c9f5ee9273cd2dd422a24.yaml |  4 +-
 ...4244-b1493cf8f77a9e357e523e1844c8f281.yaml |  4 +-
 ...4258-d4b2be233d46cfcba65da98993b34434.yaml |  4 +-
 ...4262-3d078edbe634b7f5d57ec87a78fa8d02.yaml |  4 +-
 ...4263-6685df96c78b040fc19a70ee58d84842.yaml |  4 +-
 ...4264-19cdc4c29e421f2a623449d500d3da59.yaml |  4 +-
 ...4265-3c0e91d24d36a9cd6d874ce52fecf15c.yaml |  4 +-
 ...4266-01ec13470a183f703d9497a5409e83a8.yaml |  4 +-
 ...4472-90e033d103f597ab6ef613db20a319e8.yaml |  4 +-
 ...4477-6e286583f72963c211e1187360769087.yaml |  4 +-
 ...4478-0a2ecbcc02c5fdd93dc20fd7c66c9f62.yaml |  4 +-
 ...4479-9a1755a05c804d6305bb91e5146a62c4.yaml |  4 +-
 ...4460-3e6fcba7da4eb2d07480c9678c589c91.yaml |  4 +-
 ...4469-be030cdf4529b191ea63fd886a20439f.yaml |  4 +-
 ...4482-9d2a99598a00b93d061f40c1f9bcc177.yaml |  4 +-
 ...4984-a8af060628ffa49f9121f24c1f544243.yaml |  4 +-
 ...4985-848807325cc6df7207551325cd628ce9.yaml |  4 +-
 ...4986-af9a5eb02914599951c2e164f6765355.yaml |  4 +-
 ...4987-a2f77566f40955cc7451f648aaec112c.yaml |  4 +-
 ...4988-5bdecbba58ada95bd7bc5fd2be57ef44.yaml |  4 +-
 ...4990-10360815e5a20aeed5671b4b975451a1.yaml |  4 +-
 ...4500-32b3fdbe7b7f22c46479a3e9393eb06a.yaml |  4 +-
 ...5000-0436bd17a7ce2057f085dec6812cf1d3.yaml |  4 +-
 ...5001-80f967b027a6da96dccfd0c385ae1ac0.yaml |  4 +-
 ...5002-009b7c3c01cbc1b8e5b1583fe598205f.yaml |  4 +-
 ...5008-2958b08ce41d2a089d276808ef68e4bc.yaml |  4 +-
 ...5010-036ea79db83fe96391d5364e9f6a5d01.yaml |  4 +-
 ...4502-5ebef968ecfba23771708b1d7c8b6112.yaml |  4 +-
 ...5045-23aac587b81f89d6096ca89681943380.yaml |  4 +-
 ...5046-86e875acdb3922f4740414dff44b0215.yaml |  4 +-
 ...5049-803fd151825baa056b93685e93955a54.yaml |  4 +-
 ...5050-9fc3c2f298b108af257176fa3092141b.yaml |  4 +-
 ...5051-7348256da9fa27f63ea541c99917352a.yaml |  4 +-
 ...5053-0eba82d1fba78dd21145988eca694adc.yaml |  4 +-
 ...5055-8b6490d616c3b0afd9a25ca2623da6a2.yaml |  4 +-
 ...5056-d517a1f1b39fbb25ce31405c236e39dc.yaml |  4 +-
 ...5057-c0963c297f9f408e178419f30ee7e022.yaml |  4 +-
 ...5059-f295e8a8427ef02d3b3be1982f4ae5fa.yaml |  4 +-
 ...5067-be653a8d2bee2421f88f0e6d66ccc0f3.yaml |  4 +-
 ...5069-ff831311ec70debdd240fd0dff910b29.yaml |  4 +-
 ...5072-feb8c11c4ef0641488804a4e83e4b8c9.yaml |  4 +-
 ...5073-9cb69a500db940ecfdbb3ba869c26c38.yaml |  4 +-
 ...5074-9c6b12242aa8d580a35fa22bad685fff.yaml |  4 +-
 ...5101-72807f145d4d787ee0d78e0f3adf0196.yaml |  4 +-
 ...5110-d090aa5f37413bd2a82801bde518653e.yaml |  4 +-
 ...4514-d3e919ff7a9e64072ba58c94844a6e21.yaml |  4 +-
 ...4520-4f8b60559007de9693d6bd6dbd7b9937.yaml |  4 +-
 ...5271-1a920eb903d024c035ef8c5bd825169f.yaml |  4 +-
 ...5272-beb09afd16c7dbf0c14aa5a401d0f673.yaml |  4 +-
 ...5275-b8ab2dfdf20e4fafe82ff439f5e1b3cf.yaml |  4 +-
 ...4536-decd0181d7e39da44fe0e5d9af5455c7.yaml |  4 +-
 ...5604-c4a2060e848f8147ede668274113eb5f.yaml |  4 +-
 ...5607-93d2bfa4a5e5debcba57e4ef188367d5.yaml |  4 +-
 ...5608-66eed7c58e1298fa04981c6c1b2ea3cc.yaml |  4 +-
 ...5609-788f2a7e634374198c6c99e174e2830a.yaml |  4 +-
 ...5628-95716c495ba3e1d4d76a3b64760b338f.yaml |  4 +-
 ...5630-f65c67e968e15596bef3448601bb7b39.yaml |  4 +-
 ...5631-63e26d4ba1974966e333b4b151a2c5df.yaml |  4 +-
 ...5633-828d5e38dbe1047738a24a003f9a3134.yaml |  4 +-
 ...5635-dd8a374519ab8fd8464df00ba9945d8b.yaml |  4 +-
 ...5636-f9b95c5df8218e5c27a0db54debfd7c6.yaml |  4 +-
 ...5640-44f7bceac9641de69745cf2de93af035.yaml |  4 +-
 ...5644-62cbd308ef66719516de2026de43669c.yaml |  4 +-
 ...5646-d7c844e32ca0ede6715df38694de53b3.yaml |  4 +-
 ...5652-894688b32a41816c9ef521e84f097274.yaml |  4 +-
 ...5657-fad17491d46d93aa052a2c5d2ff91e1e.yaml |  4 +-
 ...5658-4671c56fe35cfb879a2471b3343a30c7.yaml |  4 +-
 ...5747-9d391b643840d9b9d7ead6e546f2d7b1.yaml |  4 +-
 ...5751-45f2df14510cef20714306c6b2b6f810.yaml |  4 +-
 ...5754-95ad70daa5a42e22046c057a639de555.yaml |  4 +-
 ...5755-ed89c8160fc54a5150ed5e4f427981e4.yaml |  4 +-
 ...5758-cd1cf1735f71561e3ab5315052ee03d0.yaml |  4 +-
 ...5760-b26f381c9f7354f3462011430c6f3516.yaml |  4 +-
 ...5764-4634b65a3b88602069115a32b9310bb1.yaml |  4 +-
 ...5765-028f2396fc3224cdf799828543a80de4.yaml |  4 +-
 ...5766-b01ef863c43e07a65402f06b0d7b0757.yaml |  4 +-
 ...5767-27310a1dc2397e2cac54db00506a62d4.yaml |  4 +-
 ...5768-cd42ea5f361eb592a86690da9944867b.yaml |  4 +-
 ...5829-72d17698c8eeb0073ce356c8f5c5e968.yaml |  4 +-
 ...5830-2cc161db9aab9dca8c45963425559bbc.yaml |  4 +-
 ...5832-352c9721f769a69dbdfdbca5d48088a2.yaml |  4 +-
 ...5833-8668394708fedca0791c9dce209e6c21.yaml |  4 +-
 ...5835-04c216a7711f03f2d76acb6a4f7b0e8c.yaml |  4 +-
 ...5837-b8296fd7e9d3d8c36b36cd4afd336fd3.yaml |  4 +-
 ...4597-64166b21a8975f062b52f4886bce7163.yaml |  4 +-
 ...4598-49bd4bae2777384dde2f9b06bf68d410.yaml |  4 +-
 ...4599-9c882237ff7863bee4225b027eaf1086.yaml |  4 +-
 ...4600-9d0741a170ac5d20bebb10f83abadeaa.yaml |  4 +-
 ...6066-b53850514eba837c1bf2ca4cf00a35b7.yaml |  4 +-
 ...6068-4589a6370d5dbea689df46df9c5577a1.yaml |  4 +-
 ...6069-2689d661f3ccd51f254bc58895e1f11d.yaml |  4 +-
 ...6079-c4ac8ff1dfd268623baae850718c4ab2.yaml |  4 +-
 ...6080-5543057e7022cfec9b8ae11fa6f72d5e.yaml |  4 +-
 ...6082-ae16dab4cf6e57b86cebb9a4da6eafa8.yaml |  4 +-
 ...6083-7de52979e23084c59771c8210cf92e97.yaml |  4 +-
 ...6084-d61c42f727c04f01365911b7fc14a3d5.yaml |  4 +-
 ...6088-667e350f42b763781ac08f9d6c648e0b.yaml |  4 +-
 ...6091-44b23b8882e9805e87909dc573565952.yaml |  4 +-
 ...6093-ed6d1649ba9976ebdf4a57c36e036026.yaml |  4 +-
 ...6146-e85a48bb53d03fe4f0288a0ec1595649.yaml |  4 +-
 ...6147-3d30a7e8f0b8f6bc4309468a15c7f314.yaml |  4 +-
 ...6148-f655e8b1894773f9d99ee26fcaeba800.yaml |  4 +-
 ...6149-c842576ba599cc503a47eb67c0e70851.yaml |  4 +-
 ...6154-a6097b32439b60cacd59d47b3a1c8c61.yaml |  4 +-
 ...6192-5f27ace6d76e064e4061fdf808767b2d.yaml |  4 +-
 ...6195-8cd08637ffa8c2d1ca3b360f63505422.yaml |  4 +-
 ...6196-109bcc0df2db9108727b125f1715f024.yaml |  4 +-
 ...6197-aaf49aa53f803817d024c6faf4d05d87.yaml |  4 +-
 ...6199-feb2ed9a776f1da5d8e1058653f64bda.yaml |  4 +-
 ...4620-b3c2fa102dc78b18cc1d35e379c8dc7a.yaml |  4 +-
 ...6200-4d6efde8bb592c906d33a37bc632b9bf.yaml |  4 +-
 ...6201-cbd733c7ebdd096e6d282497c4c8eb45.yaml |  4 +-
 ...6203-2e06d0c89a5dc3c234768757cec7f855.yaml |  4 +-
 ...6205-c12fe9671d21c1c91257ccad7444bd6a.yaml |  4 +-
 ...6206-7c87e8f104753303f633f63d1aeebd8d.yaml |  4 +-
 ...6210-59d95b9687e55d617dd1230a739e9c20.yaml |  4 +-
 ...6211-42a6391e7ed0fe5a4ef825a270130c8a.yaml |  4 +-
 ...6212-1bacae6a1e466eb95d42535d2732f49e.yaml |  4 +-
 ...4626-75b95cd57aa6f181317402e50b5298ac.yaml |  4 +-
 ...4627-cc5f050077abe9bc4430ea7311dee63b.yaml |  4 +-
 ...4636-34d2a65b3d8097e555cf3aab3134db2d.yaml |  4 +-
 ...4637-a6bc1c4f18d7c787b94d2c3a536d60d6.yaml |  4 +-
 ...4643-bbc7fa54925890b55e253bb27ea68d3f.yaml |  4 +-
 ...4646-9431aa52549a30a720033bb06c5049ca.yaml |  4 +-
 ...4648-a0746efee95fbf7d166096b25b7d8be2.yaml |  4 +-
 ...6605-0f483e5b57556e64c6fcbf6984188e67.yaml |  4 +-
 ...6606-f021a9b99ee30b184dab1f6f57a36751.yaml |  4 +-
 ...6607-e3f695a2140d0d6b1618f7ffa872601f.yaml |  4 +-
 ...6608-bd8336f3b7891bca7cf2acd9eb9176f8.yaml |  4 +-
 ...6609-033552000c57d4d0e9b8f1077c9a1953.yaml |  4 +-
 ...6610-b2aa6adf9a3ecfeb3a1e73b7feaface1.yaml |  4 +-
 ...6612-dee11a999eea8acc0c1d0780e652bd48.yaml |  4 +-
 ...6613-2e36e1fd5443dd09871a6501069bddbb.yaml |  4 +-
 ...6615-0ab200e48d96a6ca5d84cfe7a3d18007.yaml |  4 +-
 ...6628-12dbefa5509a29120cd218ac3cfa3bd8.yaml |  4 +-
 ...6631-bc983a8f571310dd96f9e038e97c3ba7.yaml |  4 +-
 ...6632-de64d2f517270fa27d42f881da4c6d98.yaml |  4 +-
 ...6633-782e75e9ade7cd09f2f9dfc0e07ecdf7.yaml |  4 +-
 ...6635-255ea4aa4e6fb6ceab7bcf43313eab50.yaml |  4 +-
 ...6637-177a143182cd744b54e19a39a4cfbfd2.yaml |  4 +-
 ...6639-31e1dd2369472619e89b67df12c89fa8.yaml |  4 +-
 ...6640-9a2c39e647de10bdf5506fe83c7446b4.yaml |  4 +-
 ...6641-3884d9a5a5a83b7a3dc7015b6e93594e.yaml |  4 +-
 ...6642-c3f117930fe59986e129269f444e98be.yaml |  4 +-
 ...6644-98193019af2a73f9695ff639de4023e0.yaml |  4 +-
 ...6782-549edad2ce245fbc28f77db9aee80ff6.yaml |  4 +-
 ...6783-f8654e70b61d2e52e5f038a5f0414371.yaml |  4 +-
 ...6784-13f1e3e1ecb400323f6ac6db56c9c266.yaml |  4 +-
 ...6784-145fd589f9d6e521c8599d0e3d4550d9.yaml |  4 +-
 ...6821-c051ed74380d85e155152ed23876ff43.yaml |  4 +-
 ...6823-d16be1a4a8c6ae781f11c50d01685d10.yaml |  4 +-
 ...6824-fe295018c777f28527f026c1db66229d.yaml |  4 +-
 ...4686-c2b458a87e9095667109688e878e4bb7.yaml |  4 +-
 ...4691-8558d7a24f00d0b4c6ef650bca69a892.yaml |  4 +-
 ...4716-cd5bfb58064b9745ccbd3f1f59ac312b.yaml |  4 +-
 ...7177-dc961a43bf6645987863e2268d4c98e4.yaml |  4 +-
 ...4718-bb75a2fa99f691c300cd6cf18948e14d.yaml |  4 +-
 ...7181-147226d7fc59bc73ef79b60eb67e7365.yaml |  4 +-
 ...7183-fa1fef40b905a2c3c8c8c056ae496c09.yaml |  4 +-
 ...7184-11e3031fc351fbc9a833e9b97e46b6a6.yaml |  4 +-
 ...7187-8fa029836e390a41910a91e1df99c734.yaml |  4 +-
 ...7188-290105b1777b3869c2f6dcc0140c3419.yaml |  4 +-
 ...4719-3af100998fbed69cbdecde044b4ff026.yaml |  4 +-
 ...7190-2c1fdb69500dc831bd46062ddc0d2b02.yaml |  4 +-
 ...7223-b5b7bc46aa5c73951c7934c79faf05ff.yaml |  4 +-
 ...7225-258545baa917b7571f477b428889162e.yaml |  4 +-
 ...7226-43333653570b3a1b8a29a02f94914583.yaml |  4 +-
 ...7227-3329f436b3e9299453177bb21ca6d4b2.yaml |  4 +-
 ...7228-ba96af4ca3ffeaa3bcc3879d978146cb.yaml |  4 +-
 ...7229-34bed79fb50712c291365a8ff729b6f4.yaml |  4 +-
 ...4723-ce4e21b72cfe20823efba4862db87109.yaml |  4 +-
 ...7231-2dbf94e1363346187fd0d9415f21a87d.yaml |  4 +-
 ...7236-1ae1b0bb4039a24aa303fbc722996071.yaml |  4 +-
 ...7239-6956ece992f5fba93947f810cb6c0062.yaml |  4 +-
 ...4724-3e761f82934df2ab4021a24d8a5d3f17.yaml | 14 ++---
 ...7240-4965c11c4afc77625d19c06034b78a11.yaml |  4 +-
 ...7241-f86a366b83ee22a3c8a02c83ac209077.yaml |  4 +-
 ...7242-28b0382bdb3605846c741b0b29e57d1e.yaml |  4 +-
 ...7243-13034f6a839e821ee8d8b6496142d778.yaml |  4 +-
 ...7245-16ea15328c267590894ffee4442a84eb.yaml |  4 +-
 ...4725-f09df8170b914522627f58aeacdfb8a8.yaml |  4 +-
 ...4726-b6be8c11fad37e887646a283e9c47ba4.yaml |  4 +-
 ...4728-60eda95192a20425ef3765da3a807a07.yaml |  4 +-
 ...7504-b58bfdaaa39d4e7d694c40523cac0a71.yaml |  4 +-
 ...7505-ed7ec795a9e5769e2593c8bc7106e945.yaml |  4 +-
 ...7506-624a2aa57869ce0516a56db0d2b7ba1e.yaml |  4 +-
 ...7509-fd2527f160b6f8cee6c4ddf5aa4628c1.yaml |  4 +-
 ...7511-8f29322bf5d9ac8d382567725e776aae.yaml |  4 +-
 ...7512-bc43f57bd35ee24fbcd374ea171e9e72.yaml |  4 +-
 ...7513-3587db01a7a28244ee4173daa03a691b.yaml |  4 +-
 ...7514-68ab25be74477c215ab2a821dbee384e.yaml |  4 +-
 ...7515-99cc5f18cba37431e326c7c04591a219.yaml |  4 +-
 ...7516-4f664c5f9a6ed3cf0ca52dbb21a8c73c.yaml |  4 +-
 ...7523-ef92930a59c0704397081e4543f7586d.yaml |  4 +-
 ...7525-5b36fd20286674ebec29c5f8c3b598c9.yaml |  4 +-
 ...7526-9c920cf674baacb0579f3b1f4946e20e.yaml |  4 +-
 ...7527-267f0e0e2934a72d1de6f6f1105dcde9.yaml |  4 +-
 ...7528-7b1e0db7c2338cbba544192fa7f81810.yaml |  4 +-
 ...7530-20764e34dd96746ac27cacdf816c512f.yaml |  4 +-
 ...7533-c8561a6d177892f154af9b7c10500c01.yaml |  4 +-
 ...7544-b5350d73ee034ae7067ab3d2b696ae06.yaml |  4 +-
 ...7545-6d25ab79e6e7aca51a4387e7aae24c9c.yaml |  4 +-
 ...7546-78ddb3e5efc137c9989117bb477a197f.yaml |  4 +-
 ...7549-19e34a16c1a810dff7996ec5d94f691f.yaml |  4 +-
 ...7550-37dbc4d1c954090682035935efde0d58.yaml |  4 +-
 ...7554-2e3087c002dc76b9a7567526587e8736.yaml |  4 +-
 ...7557-5a91aad28267261ebd2de3c8343f1995.yaml |  4 +-
 ...7558-4d3c4e1a467914ea53537050432b3938.yaml |  4 +-
 ...7646-3efeefb310fc267db6d3c82c2278b44a.yaml |  4 +-
 ...7647-99d724e78c6e3ca9e817c7ab41561c22.yaml |  4 +-
 ...7648-405b16e90fe11a6da428eb58c52f2070.yaml |  4 +-
 ...7653-276bf528dcf846639fd31e2f34582a53.yaml |  4 +-
 ...7654-192e415b611335b3538e5f2af9fbc394.yaml |  4 +-
 ...7656-33bea64d5937abef2b137f0af05c7eb5.yaml |  4 +-
 ...7657-66d0aaa8dc75cc7c0b323f4705b3d63d.yaml |  4 +-
 ...7658-17ad0651e8a5c8de6d9430b66387dde0.yaml |  4 +-
 ...7659-dcfc7774787e2e0bae54fdcbcdce15a5.yaml |  4 +-
 ...7660-aa1854785cf9c11ed11fbc4dacf9e3b9.yaml |  4 +-
 ...7661-93d3ba9b108e1112ee15e322299a4fea.yaml |  4 +-
 ...7662-af9b404439d9589515c5ec4e6d7f1ef0.yaml |  4 +-
 ...7669-cdefed7ec787c02fefebf6f17656a114.yaml |  4 +-
 ...7679-fc19ca606bef9f853ea0565c4043c5ce.yaml |  4 +-
 ...7680-d88df7a254a138ad74fa62f540e9ec2c.yaml |  4 +-
 ...7681-c27f182f563d1fb6d07ba79eda84b6fe.yaml |  4 +-
 ...7682-878f413ec190d0a95a0db0404871c06a.yaml |  4 +-
 ...7683-5e2f11a884ccbe34c9944f9c84b1340e.yaml |  4 +-
 ...7689-a2f2e6465cf5db9cbb966e235c714c1c.yaml |  4 +-
 ...7691-e884ca510b37335b1134220e4cc6625b.yaml |  4 +-
 ...7692-31993563048effdc0827881e9344d84c.yaml |  4 +-
 ...7693-b8421311d76851450148e6c1e68c8aa3.yaml |  4 +-
 ...7698-010c2fa504f8e0c5ce7acdd2e0b14e5d.yaml |  4 +-
 ...4772-8fcdb0b13a5576b5ff2b34a21c31cbb9.yaml |  4 +-
 ...4773-40cf6c93cbbc13dcb57a60ba2f57fb5f.yaml |  4 +-
 ...4774-9872ae4cefad3c4ed3119e4c32d1b891.yaml |  4 +-
 ...4775-5ef4900200b4415e3b14a42418354f64.yaml |  4 +-
 ...7754-7b26661f47c6a54bac357fc46b5b57fd.yaml |  4 +-
 ...7755-c121370e7ba5758271f409501c03a844.yaml |  4 +-
 ...7756-9ad568f26d284db1bbd80573c9ce9895.yaml |  4 +-
 ...7757-cbc652a67aafb71a7a53197a032b3a41.yaml |  4 +-
 ...7759-6fb60bc9485708489fdd72c16e1fb82c.yaml |  4 +-
 ...4776-a9a638b4142268e1bac6a40ef293c66b.yaml |  4 +-
 ...7760-6092ac059aadb6e2fb447935fafb717a.yaml |  4 +-
 ...7761-0a3a5e7befa978af91189dd0693b7678.yaml |  4 +-
 ...7762-808772ef0715e55e48845eb09fe27708.yaml |  4 +-
 ...7763-440ba93423360c612c2bdc92f81276f2.yaml |  4 +-
 ...7764-2fe97b6a7d11daeda44ed66f389013e0.yaml |  4 +-
 ...7770-f83868d3a00a9fcf53648bc46fb152f1.yaml |  4 +-
 ...7772-2e2946ff7ceba7ce385ae21a430029fb.yaml |  4 +-
 ...7774-b9a10340d1ee615f8f2aaccc216ca7f7.yaml |  4 +-
 ...7776-0cc0c3f4bf4487c2d84931d62250a698.yaml |  4 +-
 ...7777-03ab94cbc5738569e6dbfc88111c85a5.yaml | 14 ++---
 ...7778-def2f7014de695ca135f23616af5b3ad.yaml |  4 +-
 ...7780-78a77e4a1a5aa34cbb515f8d429a5d22.yaml |  4 +-
 ...7781-c88aacc0c258c2583886d5df08f00e4f.yaml |  4 +-
 ...7784-be4d0822a09dabbfb60c56eb78326475.yaml |  4 +-
 ...7786-9e79ec7559a564921e41d0c7103ccb78.yaml |  4 +-
 ...4779-ef952e49d818ad8d9f5105858ddc8b74.yaml |  4 +-
 ...7793-4ba662d6b707785ba4b6d4f4f14b8096.yaml |  4 +-
 ...7805-34721fea6a2d4e3ec618e5f696ce767f.yaml |  4 +-
 ...7807-68962a84ced90a9ac882bf37153f6810.yaml |  4 +-
 ...7808-7c19600be6bfdb748bd3e60c37bbe32a.yaml |  4 +-
 ...7809-cdf9a047d5c0c62c170cfb4f220b5807.yaml |  4 +-
 ...7810-61e6a79f794c5261dca1b1de62bb1bb1.yaml |  4 +-
 ...7811-881cc93528fb94be5fa214f77b12a3dc.yaml |  4 +-
 ...7812-414a4199455e61f63d4f1a06e321a38b.yaml |  4 +-
 ...7813-e9bfeb55edc6f8bed127152a2312d037.yaml |  4 +-
 ...7814-0d15cc8e701957684f6f3b30c5023ccf.yaml |  4 +-
 ...7815-1c0f40dcfb4caae9a4327cd7172a7b18.yaml |  4 +-
 ...7816-3ebd40bb61580d15dfcd12d2fb7e83aa.yaml |  4 +-
 ...7817-1c709780f30cba2883c1f114a8ebe301.yaml |  4 +-
 ...7820-00aa1f64cb2e6c80b8a5546f8e6d1be0.yaml |  4 +-
 ...7821-c754ba54f7d343b7382e51da7c21880e.yaml |  4 +-
 ...7822-50550f19ed80806cbfb18739f79665ee.yaml |  4 +-
 ...7823-27f44594eb9e99ef9e1059fc3d01b99d.yaml |  4 +-
 ...7826-a27c4dd18076acddac4a93fd8d6716aa.yaml |  4 +-
 ...7827-a83b5885cc29169b3a804ccaa82ed3fd.yaml |  4 +-
 ...7828-12a5a8360002b901fa077eaf0cb0a07a.yaml |  4 +-
 ...7829-5e36e98c6255c04628e65e3d6f66d61f.yaml |  4 +-
 ...4783-7b378f7b5f801637805b2f7c350d9359.yaml |  4 +-
 ...7830-a6d4da7080e5e33e606a2bdd628cb1b5.yaml |  4 +-
 ...7831-697b1f32d4ef6920c80a41e74d1c7116.yaml |  4 +-
 ...7832-aa754ad2c8b3fd090579a6c1c7b9d91c.yaml |  4 +-
 ...7833-69bd71812f8b19e052624d1ea9f84cfd.yaml |  4 +-
 ...7834-d813a33aa115d1d1e87017777577752a.yaml |  4 +-
 ...7835-a088cd6d5872bf40384c1e2afa0283ab.yaml |  4 +-
 ...7838-c2bf3837de0efe09eb976b0292e9ae9c.yaml |  4 +-
 ...7839-9daff448e161c27a1010bad80a987a15.yaml |  4 +-
 ...7840-204d25ca766e5be5a84be69d8f92acaa.yaml |  4 +-
 ...7842-457555c66db611fbfa678adc71e787e6.yaml |  4 +-
 ...7843-1319960b548fb4b068018632e6f16db7.yaml |  4 +-
 ...7846-37948e20cc8aeb00d7f629d9bf7d79ee.yaml |  4 +-
 ...7847-fd0b6587604276cef3b941ba57f9f4bd.yaml |  4 +-
 ...7849-9c222eb6bd53905ec6dff84bf0b52c03.yaml |  4 +-
 ...7850-efd8e3487b0ad4544e466658a022b655.yaml |  4 +-
 ...7851-c6a7ed723d2b968d4f9df70823302086.yaml |  4 +-
 ...7852-da040359bca67615913785734db30059.yaml |  4 +-
 ...7853-6ae7e30bc28b46b135c2064dc2c025e6.yaml |  4 +-
 ...7854-b5b52d178ac9e73e1f7151b15d18b267.yaml |  4 +-
 ...7869-026833d334ad1214ad9b4e4b3b4251a9.yaml |  4 +-
 ...7871-d34228fe0ea5aea58ceb8ad3c32ed940.yaml |  4 +-
 ...7872-ee5b4c2ac22e2de04acc625e8a8d31f3.yaml |  4 +-
 ...7873-c4cf1ef74f307e3d974c13ea6edd24eb.yaml |  4 +-
 ...7874-7bfb8a8c7905e357c4c4b5df9d93b6e7.yaml |  4 +-
 ...7877-14db06c015099db1b01fba0887a78991.yaml |  4 +-
 ...4792-87909a557eede328b649d626c4448f38.yaml |  4 +-
 ...4795-43c13d89c14426ecb661544b7d24f058.yaml |  4 +-
 ...4796-cba7d92a9ae2afc427a931dcb7ec0c7f.yaml |  4 +-
 ...4797-6341ec05f42eea92884ac2a29b84c8c0.yaml |  4 +-
 ...4798-48546947f3dbea6a3d1c0687b8db90bb.yaml |  4 +-
 ...4799-d255ee9fa48bc6c366622d018f796d6c.yaml |  4 +-
 ...4800-76c4f32766bf14b6bbf96fbeaaac68ab.yaml |  4 +-
 ...4805-728966d9c09b57c99055d67de463c279.yaml |  4 +-
 ...4808-8e3b2acb0664262c6a53a39a282fbea3.yaml |  4 +-
 ...4810-932d8591d976abf910e4179bc489f078.yaml |  4 +-
 ...4810-c74224b712fc0c2fb7b3dedfadd9ee64.yaml |  4 +-
 ...4811-392e3e13340828fa089ab176edcbfb0e.yaml |  4 +-
 ...4820-e8a960f3022a61734bef50d7f60e4d17.yaml |  4 +-
 ...4823-9a466e34216ffe71aad25917ff6bfb32.yaml |  4 +-
 ...4827-3a0b06a228abc56684c0fecc37877b4c.yaml |  4 +-
 ...8272-20311a33f3f379efbba8f0342b6a65da.yaml |  4 +-
 ...8273-2c9e7a14e26b36ebcb4ba9bbe208df94.yaml |  4 +-
 ...8274-7255e5fa9e3ec3cf7fa69588c79329ad.yaml |  4 +-
 ...8275-61b7e681fc2aebd347be4e6d876bf4f7.yaml | 14 ++---
 ...8277-86c50499cb2301a82786d4f168d5a72c.yaml |  4 +-
 ...8280-f1b98a2e76b778879a86c711e73365c4.yaml |  4 +-
 ...8287-3832b3b7c5502757f733258a03de8f45.yaml |  4 +-
 ...8289-a4a103535f33f8f1f9687c4a0228f8b0.yaml |  4 +-
 ...8300-bf9717887c7854e5283687233b3eaf88.yaml |  4 +-
 ...8317-5b28a734c59e3ed66297833eac37980a.yaml |  4 +-
 ...8319-12219750d7664db4408ea75c73fa706d.yaml |  4 +-
 ...8320-f4526bcdafc950c9e06f1e8880692066.yaml |  4 +-
 ...8321-779279c30a67e49a16a563a554fb708b.yaml |  4 +-
 ...8324-de2f88d15a1b5aecd6a16f406646e9a9.yaml |  4 +-
 ...8327-07b010f0b7d81d013a7b9731f936031d.yaml |  4 +-
 ...8329-67c3c53f919818b53462cf301e3b0e2a.yaml |  4 +-
 ...8332-7bbbf63e0874145284bff009623a4860.yaml |  4 +-
 ...8333-9c19725e7330d8a4aba8b2ac8de32961.yaml |  4 +-
 ...8336-ecb72206512391b63853fcec98ca443c.yaml |  4 +-
 ...4838-a54fbae2de8a8e13d0527ba702d34945.yaml |  4 +-
 ...4839-69657f4112d937c57fc4155d562b7525.yaml |  4 +-
 ...4840-7b6a78f327e3069338279750b3f26ae1.yaml |  4 +-
 ...4841-50baee01b43a26ee8e4d58a0c9e6da8f.yaml |  4 +-
 ...4842-aa4bf5d698c5cb8e5401cc2cfa4e07c6.yaml |  4 +-
 ...4858-51cc1e2fa9b76200d8c0e1cffbbd6dc5.yaml |  4 +-
 ...4861-0fbaccf0dcc3983d2d26c8ef7aee1143.yaml |  4 +-
 ...4862-a9fb42c2dd47680db83577cec894ace4.yaml |  4 +-
 ...8737-3b9f3653c0029d132688d85fbc757af3.yaml |  4 +-
 ...8739-23f358a9d40cae78b36e38b231af07ae.yaml |  4 +-
 ...8740-308ac408c3111d0f21a07a5be08fe876.yaml |  4 +-
 ...8741-9f74a97e65247db4961da7465a48826a.yaml |  4 +-
 ...8742-c66ec1dc83585f4762c2bc3e6a57c02b.yaml |  4 +-
 ...8747-38cbe872337aaa11f53f5f047e11de00.yaml |  4 +-
 ...8749-80c6230c139aaee435c35c9df894dae1.yaml |  4 +-
 ...8750-e26003fb15eb8dfdd3862b141bc3094e.yaml |  4 +-
 ...8751-c5af09461da9c502c3934cc475901e6e.yaml |  4 +-
 ...8757-f12b5bbfc5d1dcce9a91a5751dceea95.yaml |  4 +-
 ...8759-7ba0ab8627448e04a3557ed6ccce144f.yaml |  4 +-
 ...8760-320a6f011d285ddb19c436d57e994504.yaml | 12 ++--
 ...8761-fd87adc782adc661fc2721ea4df8055a.yaml | 14 ++---
 ...8762-dfd0d896b1397455913caf7f911dd62c.yaml | 12 ++--
 ...8764-ca496e63542b74a88b0b8dd7fd0ebb0c.yaml |  4 +-
 ...8765-b24c287a46f17f82649a53242631be85.yaml |  4 +-
 ...8766-20391a519d77c31bd1c976dfdc89ed20.yaml |  4 +-
 ...8770-7c5c2b955a800f0567ad6425eb1a8e69.yaml |  4 +-
 ...8774-99da104892c6f75f32c9288294b2b02d.yaml |  4 +-
 ...8776-85fcd9779448a368c2c74d702cd2f30d.yaml |  4 +-
 ...8777-bdfd3cb15fc22fa823679d0ba1d3fc73.yaml |  4 +-
 ...8779-de737cfbceda5a83bf3527f7e7cd5395.yaml |  4 +-
 ...8780-525630ec5598f74dd721d94a531fba2f.yaml |  4 +-
 ...4887-51944a4f6212afc8f585f1bcea51f2d6.yaml |  4 +-
 ...4888-0fc896a4acc44efa8900b336ff580b9b.yaml |  4 +-
 ...4889-f19f31f075dbc06538f36ae8e36c55d3.yaml |  4 +-
 ...4890-c27c21f00fd5cfc7fcc406cc847e2987.yaml |  4 +-
 ...4893-b80148cb4f7c1ba75ee55b0181d810f7.yaml |  4 +-
 ...9149-d34575a4acf043c178e1c507a8583e51.yaml |  4 +-
 ...9150-56a618b5c71170cabc6b19e08404193b.yaml |  4 +-
 ...9151-fc53f712d57ef35888a981283b03a790.yaml |  4 +-
 ...9152-1adc9982ddc5e20d6e411f5dbc1caf02.yaml |  4 +-
 ...9154-82603c2847e2ca1ee15bc23d829fbc4a.yaml |  4 +-
 ...9156-e6ae143c6a0d21493b73e68beda81a51.yaml |  4 +-
 ...9157-308319ee878eb47d99190ad100843184.yaml |  4 +-
 ...9158-c2e6ea5d855361966f47fc5dcb8b0259.yaml |  4 +-
 ...4916-ec75720f681f6e8a0dfa73dc2af48726.yaml |  4 +-
 ...9160-69291e6d8dee217b57f3dde758dcad0f.yaml |  4 +-
 ...9161-ce76e5efada5037a3e4a2325d3d70d7f.yaml |  4 +-
 ...9165-0f5e9e59b2ad6fbf734b7cc14c76890d.yaml |  4 +-
 ...9166-a37d3498c6bbcc050576781692b33c90.yaml |  4 +-
 ...9167-95d14048da02f26059f2e07a39b028ec.yaml |  4 +-
 ...9168-b9ebb0412655a1be395c1fd4d44393e3.yaml |  4 +-
 ...9169-b6c1a6adb8481fecb3d92549d2f5a5bd.yaml |  4 +-
 ...4917-ec4b1b9fc14ecc8856f3a0b0d90e5205.yaml |  4 +-
 ...9173-22fe25cfef73eeb94b97da8f9108cc4a.yaml |  4 +-
 ...9174-12fb9fdf8190804b70dbaba2fb2c9085.yaml |  4 +-
 ...9175-44b3ba415f16865ebb1bd98068348f19.yaml |  4 +-
 ...9177-c6789a8c4ddf7f4894074b67cbbeecc0.yaml |  4 +-
 ...9178-a27af52ed355aaf16d2ba0f06827a926.yaml |  4 +-
 ...9179-7d0df8a0008135defe46e0244de6dafd.yaml |  4 +-
 ...9180-0a33d637c29ba75c2b509bcefbd3461e.yaml |  4 +-
 ...9181-0d45a6acc266b9099e698fb6465812c3.yaml |  4 +-
 ...9182-802be145d30a4aee303b74232b95831e.yaml |  4 +-
 ...9184-39f54e5675da547fbcee34c5030b35da.yaml |  4 +-
 ...9188-5fc14f2bf72ff01c08c1f94583d480b0.yaml |  4 +-
 ...9189-28f21eddf2463cba2cb6b77e1419e5f9.yaml |  4 +-
 ...4919-c1259d5d6340f1a9bb2b4b54cbfddf23.yaml |  4 +-
 ...9190-f94ad2e40424de33128764065d19c984.yaml |  4 +-
 ...9191-d52f1aa2c59f42390d8192c949633ea4.yaml |  4 +-
 ...9192-a9a1d45bfcbca6c173ea125c110bda5d.yaml |  4 +-
 ...9193-614c612f12b893f0f92f502ce23d7035.yaml |  4 +-
 ...9195-a5430dc528533c2edeaccbfbb9028a8f.yaml |  4 +-
 ...4924-c7c8e86fe8e5b4d368e1042cf3070ec8.yaml |  4 +-
 ...4925-03e1e5461591c1057ed60beb9b3bae79.yaml |  4 +-
 ...4938-1a98182627ada5df6f3381c144225d78.yaml |  4 +-
 ...4941-b5f79719a2f0199ef2281b12f3375388.yaml |  4 +-
 ...4943-df6b45b19424e9077c2131a407f92c61.yaml |  4 +-
 ...4944-24dc0fb35229c989c41ed2754572ea29.yaml |  4 +-
 ...4945-885fb17b6662f56f045b926c01f35175.yaml |  4 +-
 ...4947-327db16d1bb219d0ce7124ea14eed0f3.yaml |  4 +-
 ...4948-47a69422b8abe1dcc847b3db9997fa97.yaml |  4 +-
 ...4950-706745fef06bc5b6b3083d2b8e19d2e9.yaml |  4 +-
 ...4960-09629550fe11748b689836fcea30749f.yaml |  4 +-
 ...4961-fa365da8fb7be5a7c14e80d68226de79.yaml |  4 +-
 ...4962-73b8394a2820dad4a75a3855507d242d.yaml |  4 +-
 ...4963-4ece1b2368b1b6541fd5808b6263c140.yaml |  4 +-
 ...4968-7251846dd87f32952c517012f5416bb3.yaml |  4 +-
 ...4970-04f39942fc16c2a7c2f6145e385c8d07.yaml |  4 +-
 ...4971-5614f511e973e614fd375402d8486642.yaml |  4 +-
 ...9742-d0405f3a6546530ea0089cf284177266.yaml |  4 +-
 ...9743-669f088fb31a1c784e368a7e51016243.yaml |  4 +-
 ...9745-1777236d571c6ec2a8def6ba8c1b858a.yaml |  4 +-
 ...9746-e22a3c007f773a45322f383ac43c3a2c.yaml |  4 +-
 ...9747-bcd6b988167c1612bb5048004783e4f5.yaml |  4 +-
 ...9754-d1e689eb00e15a822c5a4bc69f8d4926.yaml |  4 +-
 ...9755-1c97daee437b7051f2d3a3601380f79a.yaml |  4 +-
 ...9756-0b82fadb36c481a1a5ef36694d259943.yaml |  4 +-
 ...9757-44e9c5f94ff15d80337fbc26acc2f9ad.yaml |  4 +-
 ...9758-bba48b2b3db8c722b3183d512e2cbe2e.yaml |  4 +-
 ...9764-662b0d4e06b53c4127af628452071119.yaml |  4 +-
 ...9767-a18213c9c980e2ab86f946c3cc789f65.yaml |  4 +-
 ...9768-40b17fbc397976bb918c3ad479c78a68.yaml |  4 +-
 ...9770-a70d444a7f2c0c5012e01420603941d1.yaml |  4 +-
 ...9777-61ed528306912302d784398edae3cbb2.yaml |  4 +-
 ...9813-6e313c2d32fa44151bb5398004b93815.yaml |  4 +-
 ...9814-5e582ef605e9fe0c0d1cac86ea21ae85.yaml |  4 +-
 ...9817-40dad92f1e274f70a2212adefbc68e38.yaml |  4 +-
 ...9818-d242d8704b7ccc1eaddd7fe775c62763.yaml |  4 +-
 ...9819-bb8100b665f7be766e2f2566af0a9770.yaml |  4 +-
 ...9820-b240c0fd3b8e35e0e7b7374ee39360eb.yaml |  4 +-
 ...9823-48cb8d5c20069dd21ff6f85ee4f57b84.yaml |  4 +-
 ...9825-f1943d1009d5a9a5f1799b0883b7d043.yaml |  4 +-
 ...9828-8f2275f20711e7ff52e234ab96188172.yaml |  4 +-
 ...9829-cb03fd3d39a18ba5fc9dfbdcafc632b1.yaml |  4 +-
 ...9830-349353b08ad0d6204581635fb97a9527.yaml |  4 +-
 ...9831-bb05c43d4858d2cd6e99aeda4ad6534f.yaml |  4 +-
 ...9832-27b5597908113501f4beb8489633cce4.yaml |  4 +-
 ...9833-e57055214b95f532f53777eeb789b4ce.yaml |  4 +-
 ...9835-757377e3d1b7b4a16326ff93c76bfa77.yaml |  4 +-
 ...9836-5f63dbab28102f21dce668e1dd09a569.yaml |  4 +-
 ...9837-b2367564b8e810af49ec2f68b7f40f1d.yaml |  4 +-
 ...9838-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml | 12 ++--
 ...9839-0e249eccad21574e2f41d6b727c12756.yaml | 12 ++--
 ...9841-d9b7d332948d93ec19ade23944fe8ee3.yaml |  4 +-
 ...9842-28d27bb70102b6a3ff9c97ba43afec20.yaml |  4 +-
 ...9845-05abcb4b1243c795ddc0ecd996fc16e3.yaml |  4 +-
 ...9846-2ba7e464285026388de6685dba844dbc.yaml |  4 +-
 ...9847-c19853d6227a07842c1d1043daa343e2.yaml |  4 +-
 ...9848-b53f2739c791cac0974587f72b226309.yaml |  4 +-
 ...9849-30441a12301c990d7aaae2342a03a490.yaml |  4 +-
 ...9850-1697fb18453f32ca7e1c0790f12f9bda.yaml |  4 +-
 ...9851-e4179682cad3bde3b1674a51f6f83b60.yaml |  4 +-
 ...9852-62cee29d32c85b3a5dc1219c65c05aa1.yaml |  4 +-
 ...9856-9c331f426cf6396a6a2c802b7f7eeb8d.yaml |  4 +-
 ...9858-325931d9fc1c27761908e3875605b580.yaml |  4 +-
 ...9859-fe796847eb830527572fd03364591cba.yaml |  4 +-
 ...9860-4c439a45b0012520f242bad12e03107a.yaml |  4 +-
 ...9861-fb9c081792eb804457cb99e8fe8f106d.yaml |  4 +-
 ...4994-ab57e6fe4cbafa10ab5f9c2c276102ac.yaml |  4 +-
 ...4995-6520a4a851336aa904cc04b7b33623a5.yaml |  4 +-
 ...4999-c7a804f58a12769a69ea7efb7fd135b4.yaml |  4 +-
 ...5001-797d8c237b397ae53a63dd9186307bf3.yaml |  4 +-
 ...5005-4113301795a9f6abc828e53db152bc61.yaml |  4 +-
 ...0368-700e36ec39fe3e8c88c494279e29f4d3.yaml |  4 +-
 ...0369-046fbaec2a225aa81dc9d68e003387fa.yaml |  4 +-
 ...0370-43cb177771740873ed7f858ac79c4db6.yaml |  4 +-
 ...0371-51ed12a9f2c55cf6d27dee66a25ab3d5.yaml |  4 +-
 ...0373-d805d4a834d45dbc023ff957c63ddbf7.yaml |  4 +-
 ...0374-4532b4dbcf2e547347daa5207db523f5.yaml |  4 +-
 ...0375-1cc23bdae3a780fc80463f59518007e6.yaml |  4 +-
 ...0377-2583c8c1dd1479446cbf085c6134c883.yaml |  4 +-
 ...5041-61b51e0560f095cce3544140b3170777.yaml |  4 +-
 ...5048-eff7610d5a81227a5c58edb7e81bb7b8.yaml |  4 +-
 ...5049-1a4de07092fc301c92fce8ed74ad446d.yaml |  4 +-
 ...5050-5c2752426bec20e3d652e4f604fa0685.yaml |  4 +-
 ...5051-1c049cc07d2d3d3aff9e887e6aede6d7.yaml |  4 +-
 ...5057-e408b7193fb2b136537798455a49df5e.yaml |  4 +-
 ...5062-c499c5763cb0c8fadcbd79a7862db8b4.yaml |  4 +-
 ...5063-d5afc9936d3ec0ef2f1ebf204d2b6f90.yaml |  4 +-
 ...5071-1db1c2d5f1fad40eb6b6cd9715e502a3.yaml |  4 +-
 ...5073-0e32b41ab13a7d99daea1bd1091ef1a3.yaml |  4 +-
 ...5076-a3ba5f2761ca9302a85775ee3b727b37.yaml |  4 +-
 ...5082-8c87a28bec934dcd5364cbdca924c771.yaml |  4 +-
 ...0822-07141f22dbd69d711616f0823783fd10.yaml |  4 +-
 ...0823-72b05538a975fe47e341442f2bdeeabf.yaml |  4 +-
 ...0824-a841f648b0bdbeeaa745d6da10e2cfec.yaml |  4 +-
 ...0825-ff7d4698a1b99dc4dd381f78e045f0a7.yaml |  4 +-
 ...0826-34dac14ec559cdbb5998de7d415317dc.yaml |  4 +-
 ...0827-35886a1535b89d1815cbc273329902f1.yaml |  4 +-
 ...0828-74982fb1ee6ee7e80b9e6c7f6db4f09f.yaml |  4 +-
 ...0829-c0866523c68fe7ee32f439546ea1ce87.yaml |  4 +-
 ...0830-54eacca3ec158df026692c600567e01e.yaml |  4 +-
 ...0831-f3d1f4048a78d100d7199aa687dd970a.yaml |  4 +-
 ...0832-26e086c596fe6398b20ed3be8129cc9d.yaml |  4 +-
 ...0833-aaee16898f3cb4f4d7a9fcaef31839c3.yaml |  4 +-
 ...0834-a56026625ece44a82e5e6eba005e9ec0.yaml |  4 +-
 ...0836-418ebe6c7dbfef34adbdede493bce943.yaml |  4 +-
 ...0837-e2d3306782ffc6dc1c4428ce58ed053c.yaml |  4 +-
 ...0838-65a7e9e5db9a5af53a8c05db52ac919a.yaml |  4 +-
 ...0840-701997e59be83cd9ba4ad233278f4aaf.yaml |  4 +-
 ...0841-31c57dd6605d62ca0d6cd98ec04a3787.yaml |  4 +-
 ...0842-4e3d792205a2fddf6adf72e5213cb0d5.yaml |  4 +-
 ...0843-030658ba5cc0f002fdffef84e42ae14b.yaml |  4 +-
 ...0844-2f15c2e1797d3dce53478e732579afa9.yaml |  4 +-
 ...0845-7539302587926b426117aef883b56a59.yaml |  4 +-
 ...0846-d2f77ed0cac474a6437fa2cee0cecb6e.yaml |  4 +-
 ...0847-2ddf644540fef01e3b57f8fb75bbef89.yaml |  4 +-
 ...0848-e8f10c1130d647962cf4e7ae1be8e563.yaml |  4 +-
 ...0849-aa33e37a5a268fafeb4ae3c73aa43c7a.yaml |  4 +-
 ...5085-95d0775d6527d5eae5d7126ad333b363.yaml |  4 +-
 ...0850-5d14f17d0a9567bc2e5e172cd96c2e2f.yaml |  4 +-
 ...0851-fb1f94792250765f89467bf81e536614.yaml |  4 +-
 ...0852-3617ec07999a872e306f9b352b63ebdd.yaml |  4 +-
 ...0853-796ca63acc83e02954fe943ab729646a.yaml |  4 +-
 ...0854-24ebe2280a642d19c25498acc13aa5f7.yaml |  4 +-
 ...0855-c47827133b1c48070f46a59d37c27728.yaml |  4 +-
 ...0856-156cbee34f493f34443d5f3b942f355c.yaml |  4 +-
 ...0857-2d0f997ee92e7b6c06625a4a937305f5.yaml |  4 +-
 ...0859-1ed0f12e4f8286a9294dfd9901458db7.yaml |  4 +-
 ...5086-54ab7472cf90fa30b87c2b5f7b48020b.yaml |  4 +-
 ...0860-1dec4b557f1e0bf62d3ecb5bf357937d.yaml |  4 +-
 ...5087-f28d0839e906933601f8e3530cfcec02.yaml |  4 +-
 ...0874-ed883dae9c66c1836affaf918e96286d.yaml |  4 +-
 ...0875-6892cd1d0b697581c7511a564b22d2f3.yaml |  4 +-
 ...0876-8085a553b4ae6877292f03c349db3efa.yaml |  4 +-
 ...0877-44c408e8dae2b7e08323b9972af77572.yaml |  4 +-
 ...0879-405731b58f15425302771df60a27b5be.yaml |  4 +-
 ...0880-376f3b7be651ac6251ca8825ec683915.yaml |  4 +-
 ...0881-304412fedec296474e9a664baa039b40.yaml |  4 +-
 ...0884-393e2e191f65056b760ec314dc828cfa.yaml |  4 +-
 ...0885-589dfcdba354fa240bd819df50a6a8aa.yaml |  4 +-
 ...0886-873e76363814bb4471e426a80a606dee.yaml |  4 +-
 ...0887-bdeaf570096cf99a20e12f37d41beaeb.yaml |  4 +-
 ...0889-4a6425bd134427fc325c845997202a57.yaml |  4 +-
 ...0891-f34776806e968812940c4c4d5f82b503.yaml |  4 +-
 ...0896-22ec989ac05e231b0a72ec153f660e8e.yaml |  4 +-
 ...0897-6e4ac4275a14e860f6690b3cd168f08e.yaml |  4 +-
 ...0898-da89f8a86000f654eccfee96ffe3f6a3.yaml |  4 +-
 ...0899-b8512840012a562de1323a1815a4b21e.yaml |  4 +-
 ...0903-dc74f0149670643ede0c882a9a3fc584.yaml |  4 +-
 ...0904-79decf1a0edb8491c84a287af6c9aee1.yaml |  4 +-
 ...0905-896c32b149ebcd3122663a40d0461f18.yaml |  4 +-
 ...5096-ec9f1feec044e5447ec3ac663c7a05af.yaml |  4 +-
 ...5098-c8dbdfc73ab33e8afe0f3263d7ef0673.yaml |  4 +-
 ...5099-dd02ae8823de431da5d5d52246acd7ff.yaml |  4 +-
 ...5105-f4c2701ff75483ce690141623ec5eff4.yaml |  4 +-
 ...5108-2b77677bf3f1770d1f2637876cb7abee.yaml |  4 +-
 ...5109-d9f0423766ca387f95476b5cd1e1b1e4.yaml |  4 +-
 ...5110-127715120e5f598c6f6d3ae7380f9898.yaml |  4 +-
 ...5114-6f26e9f01d61af85a0a5abec46c6e923.yaml |  4 +-
 ...5116-1a055ae19ed953176d3ae4b152c78d6b.yaml |  4 +-
 ...5119-292cb08d9cd5bb1cf7550652732f7a0a.yaml |  4 +-
 ...5120-549345c10b291ab93f71309abaa38002.yaml |  4 +-
 ...5121-66174d632ca5e11403564d89ab52d0f1.yaml |  4 +-
 ...5124-6c1bbce4c7a429a52d508c4dfbc689a9.yaml |  4 +-
 ...5125-2abba35343647b8a829e092f6dec80ee.yaml |  4 +-
 ...5126-da29ae9abf29175dd27fb6efb7642506.yaml |  4 +-
 ...5127-cedcad8fb42c104219ce15d5179e2ec0.yaml |  4 +-
 ...5128-91e768f9e801d14e24ca5019cd490f0a.yaml |  4 +-
 ...5134-d3595d30820755045dbe80d57c0f600c.yaml |  4 +-
 ...5135-0591772600d7345412c5914adc415e3f.yaml |  4 +-
 ...1356-12b01b43b57b8f272157206cf06dc3ef.yaml |  4 +-
 ...1357-9549871153d587a10461e3eb973b5757.yaml |  4 +-
 ...1361-081b4b5984322d0654bd5e7e3e37d073.yaml |  4 +-
 ...1362-b8cf7f35198731bb7bfb27771c37478a.yaml |  4 +-
 ...5137-01f45554766c9d4c4656369fac530065.yaml |  4 +-
 ...1370-b8a0ef29774cb506ae49e9736f363d94.yaml |  4 +-
 ...1371-5ca89842f69cd4e87dbd74d08645e3d9.yaml |  4 +-
 ...1372-cc04fc647a83c5a0bf41904a11665f19.yaml |  4 +-
 ...1374-3b122e7dd636f2979e4419665efeeeb4.yaml |  4 +-
 ...1376-c6a13766dfee309169a154d6bf63adc3.yaml |  4 +-
 ...1396-9ac7de23b3d67dbdcd278f6e1494759d.yaml |  4 +-
 ...1397-07a16aaf94526ab4a5492ec25d7bc965.yaml |  4 +-
 ...1398-1c74e3df9173084b9bb7ea805c234e58.yaml |  4 +-
 ...1399-9a6e06a6f52e0f7856e09ef8ac51eff2.yaml |  4 +-
 ...1401-8495527ac09a59599c4f06adeea443c8.yaml |  4 +-
 ...1403-bb149be73e11ebe0c3b568543b54c91e.yaml |  4 +-
 ...1404-b91180f6c8ba3f8d6ff100d044a9837c.yaml |  4 +-
 ...1410-31c57eb5baf7bb0acd957fca651b5df2.yaml |  4 +-
 ...1413-7ac0863d03c3cdd406341dca9d25711a.yaml |  4 +-
 ...1414-514cd5f6862b902abdfe45e0c2ceab5f.yaml |  4 +-
 ...1415-57ba3dbc250a048ad4a278836ea777a0.yaml |  4 +-
 ...1417-f64345cda7b5204d1b37828da4e7e5ea.yaml |  4 +-
 ...1418-cbde558e3503539352816240255a9c09.yaml |  4 +-
 ...1421-61bd18cfe47ff36978c91845f9ffc1e4.yaml |  4 +-
 ...1422-5178d59b66e68e951d4f7950c9fe1897.yaml |  4 +-
 ...1424-248f6a7272fbf1cbf24050ac1a199f58.yaml |  4 +-
 ...1470-219b72efe5cc6f0e217f743d6fbc88d5.yaml |  4 +-
 ...1471-1e6a2a2317e6c0646d9912b475c2283c.yaml |  4 +-
 ...1474-4be3fece7979d31adacbce90e5c628f3.yaml |  4 +-
 ...1477-ab3814e3ae070036041f3fc37ac29f36.yaml |  4 +-
 ...1479-26189f152df8893b52731b2bdd16e94e.yaml |  4 +-
 ...1480-6a4904a703851349707d8d3d078c2123.yaml |  4 +-
 ...1482-f1ab4812b24f2e95426a9a9673c2032b.yaml |  4 +-
 ...1485-e6cf650c13f11df4cb2b334fe314415e.yaml |  4 +-
 ...1492-a5beaca14051398b5a8cac72b33e8606.yaml |  4 +-
 ...1493-90dc0d96ef7711389c28489eadab8c4d.yaml |  4 +-
 ...1494-e78a0243a637937a0520333d07ecbb4e.yaml |  4 +-
 ...1495-17db65035566800d21b599e4302d577c.yaml |  4 +-
 ...1496-90191aff4f4fd94ead6048a6f9309bb7.yaml |  4 +-
 ...1497-2fa400cde48ebbb1e062c53ea041ad86.yaml |  4 +-
 ...1498-df5510828b9908f177a3676bf0d29efa.yaml |  4 +-
 ...1499-40b2ce035ef569465fd6e4b21f17410c.yaml |  4 +-
 ...1500-9ed7e89f3675608a54d511e5410f33f1.yaml |  4 +-
 ...1504-1c6832c32d7ec7d1a800137a443af3a0.yaml |  4 +-
 ...1506-d88f90595d62f553e29356fc831883af.yaml |  4 +-
 ...1507-be8ed34a1e61e6308ab867606f425e64.yaml |  4 +-
 ...1511-a64fce4b936462ae9966af0a7b1ddcf3.yaml |  4 +-
 ...1513-51cc9e8778ef47abd167df4053287906.yaml |  4 +-
 ...1514-de7d8d5a0d1dee1ddf8eeecb2547d31f.yaml |  4 +-
 ...1516-3fa1d19f6ab4b3b413035e0d19283cea.yaml |  4 +-
 ...1517-13cb55c1f508982488cee2289cc6f8a4.yaml |  4 +-
 ...1519-6360ed6ca296565a491121426d09e439.yaml |  4 +-
 ...1520-a720a32e95724b99f716e58fddc9c585.yaml |  4 +-
 ...1523-7afdbaf504234dadcc9587b5a57a9cbb.yaml |  4 +-
 ...1524-20aadb46b84139edf712ada2a54996af.yaml |  4 +-
 ...1526-7d02fb68117844792850ad968e93d6a6.yaml |  4 +-
 ...1527-e9e7f1f63804b5a7bd339f4d7bcd16e9.yaml |  4 +-
 ...1532-88a06d86ce607df4ff6b1b9039ea93cb.yaml |  4 +-
 ...1534-997d1000e8574991f2c13cb7aa2ef7b7.yaml |  4 +-
 ...1536-f99e157b145b06140fa576ea488dbce3.yaml |  4 +-
 ...1537-b6e9ca61c7913b93778f0505c3d8b45b.yaml |  4 +-
 ...1541-389e4423679f1c467a852761b85f3cfd.yaml |  4 +-
 ...1545-27d8b6ae177490f4dc5980ca233d4dfe.yaml |  4 +-
 ...1546-b658c34d6189136c251e0b8d8e225774.yaml |  4 +-
 ...1547-239bba6a118f3c2dcf8340e2790b882b.yaml |  4 +-
 ...1548-5644317bfa18cf11b8235cb40790b4ed.yaml |  4 +-
 ...5161-cc4b9c34f1deaedc9df4457eb9089929.yaml |  4 +-
 ...5162-0aceb58e1789a00f8987ade1ad5f4576.yaml |  4 +-
 ...5163-f48e8a5fbf1e696f1cc387a7e678c77c.yaml |  4 +-
 ...5164-a2e597896da84d8e5ead12576f9d50bb.yaml |  4 +-
 ...1666-a1b975d388fb5bea73a488037353b7d6.yaml |  4 +-
 ...1669-e4183cf6c320dd4a4188939a38d36eca.yaml |  4 +-
 ...1670-211b4e2e29da3a6c7a3f6f46fc11c764.yaml |  4 +-
 ...1671-a3e402dfd0b7363889b8931013656dea.yaml |  4 +-
 ...1673-1162e5c3375a29dda16c38290874b6a7.yaml |  4 +-
 ...1674-3b7a2e7b6f89f58e23d11ffebc1efd41.yaml |  4 +-
 ...1675-1cbbbacebab6eafbabdd1ea3e6ed8c33.yaml |  4 +-
 ...1677-157cdd8bc992e58c6e6f6337bc97b4c2.yaml |  4 +-
 ...1678-5e9722517850435a4c6751ba68e3f182.yaml |  4 +-
 ...1679-9cbc81546b21a100994e807b3ec7d261.yaml |  4 +-
 ...1680-24df3873e0b9065e19944f2b69074a09.yaml |  4 +-
 ...1682-be854f0427cbc7550be4b51c5093b09f.yaml |  4 +-
 ...1684-a21c37325364d975a3c7e649a4cca551.yaml |  4 +-
 ...1685-a6734b6686a1620a7fb5250d66545fe3.yaml |  4 +-
 ...1689-b2f775a90d3415bc2313e385ff781703.yaml |  4 +-
 ...1691-bb1322086ee5fb78a847811248987555.yaml |  4 +-
 ...1692-704e8a4e646ad70dffa4b5a4a231b7e5.yaml |  4 +-
 ...1693-2317e44c2f1aa246df478fdf378e128f.yaml |  4 +-
 ...1695-f3431b49cff580f3171934059274a2a5.yaml |  4 +-
 ...5177-902c45e06d6e22c072a9fbbf19901e92.yaml |  4 +-
 ...5181-9f99c3916170112c6519a28e2f1378e6.yaml |  4 +-
 ...5199-ae8fa6f84b5149157cb1430a27dde4d8.yaml |  4 +-
 ...5200-d7435fb5e236cc613a20b63eff30b011.yaml |  4 +-
 ...5201-a514048fb251bf33fbe7f38a2147dc40.yaml |  4 +-
 ...5205-e958f1600aa0e32635d67ccd172b77c5.yaml |  4 +-
 ...5209-9fa7c4fbd0089213898129a94fb855e3.yaml |  4 +-
 ...2117-639feb49244de37ebd2501828b79541b.yaml |  4 +-
 ...2118-af96d1868fb4ef94535942e6a7a96e89.yaml |  4 +-
 ...5212-5d770457008ba85c2ccd6a7b3ee7247f.yaml |  4 +-
 ...2124-e835818e3176559c0f65d870084d0fe9.yaml |  4 +-
 ...2125-f282e15c376140f7b66d206f8f96f3e6.yaml |  4 +-
 ...2131-02e1028b272d28de63335e7341b29e10.yaml |  4 +-
 ...2132-bc021f50f994b63de0e089ca7983044c.yaml |  4 +-
 ...2133-9cd32e924e90d865dad41a30260e1347.yaml |  4 +-
 ...2134-9764fa1268021fb445ed7c1cafd9a12b.yaml |  4 +-
 ...2135-b4ff9a96de0f409f95e972962d7a3e6d.yaml |  4 +-
 ...2142-803648dc94dbeaf482d25b8433d5ee7f.yaml |  4 +-
 ...2175-2e0473e7d7a7731e63b2d6908a232799.yaml |  4 +-
 ...2177-cf6efc26f721b1dd6c09ef244ad0a9a5.yaml |  4 +-
 ...2178-78aa7f4c0fd135cd902e3c93c245e07f.yaml |  4 +-
 ...2180-dafddc9bea1e241db1766d412621b738.yaml |  4 +-
 ...2182-6f4ecb36b96c9dd745bf20e36b1a7043.yaml |  4 +-
 ...2186-85987e7f67f649cd4fc002f1b0337124.yaml |  4 +-
 ...2189-9f41ca20cf9aa5ad6ef84f69ddb6f680.yaml |  4 +-
 ...2191-b0923245191ee8b19827587a90615915.yaml |  4 +-
 ...2192-3c962311490d35eba5d44b2a55482b65.yaml |  4 +-
 ...2193-99586092e2e0a8d37b070fc12b9ea29f.yaml |  4 +-
 ...2194-d5fb85be1bce7f68e1b15520cd177f7a.yaml |  4 +-
 ...2195-f4bf91007a25d09c25ce2d7dd70ab2fa.yaml |  4 +-
 ...2197-d53d7fc7db0d940484e982ea2d1a452b.yaml |  4 +-
 ...2198-9e0ed51792e9270a576ac0d1dc550b71.yaml |  4 +-
 ...2199-ec1e17ee6b9dff2a9b24906383f33988.yaml |  4 +-
 ...2201-bc684639838d61cf579a672d96063b79.yaml |  4 +-
 ...2202-bd39f2dcd48837d67c4b40b69f78df98.yaml |  4 +-
 ...2203-746dbfeca03bdbf3d2fc4d83e4a0ed40.yaml |  4 +-
 ...2204-2c6114a75a15d3b058a7dc1004291c25.yaml |  4 +-
 ...2205-c00b8bf14565edfcbae67925492b03f1.yaml |  4 +-
 ...2206-130eab166dc7b7692723d0cf797df7b0.yaml |  4 +-
 ...2207-0df580dacb0df6a2ca5f274d2d7147c5.yaml |  4 +-
 ...2210-84ccfe3dbfa257fc01b0e4c65174ef35.yaml |  4 +-
 ...2211-ab18ce3ab5c885047a8f794ed3023e87.yaml |  4 +-
 ...2214-0a3c0452d5847fbc8bf97c2978948097.yaml |  4 +-
 ...2217-8f3437550e10d6083b697e38767da0b0.yaml |  4 +-
 ...2219-3ddf708feedcea3e47167b185d508195.yaml |  4 +-
 ...2220-6589f8f5c2b9c61e1e02d46bf871ed81.yaml |  4 +-
 ...2224-b6ad60014841f75188893319dd4470b9.yaml |  4 +-
 ...2227-88cd9d196e2b824c736badcdf2c60486.yaml |  4 +-
 ...2228-843511a1c7a253d8815f1011e5416ca7.yaml |  4 +-
 ...2229-ca80be8d82d9f4b7b474971b5f658d56.yaml |  4 +-
 ...2230-672dfc933502a4edaa8116764ba522b6.yaml |  4 +-
 ...2231-1fe649382158471b98650df856d70fee.yaml |  4 +-
 ...2232-0927d29209569b3fa6ca414e42a83816.yaml |  4 +-
 ...2234-2b5138240155c353b3e1835e93054ec3.yaml |  4 +-
 ...5228-5a06b4b0b81af48987e3d90166388572.yaml |  4 +-
 ...5229-4c337287b3ea29b58d22de863f5e59bf.yaml |  4 +-
 ...5230-4951c2f84359ebbaf9ae45fa01138a5f.yaml |  4 +-
 ...5231-423344ebaf15b72d32ea50cd38a95167.yaml |  4 +-
 ...5232-a57182d433f774a0b7467b555b805817.yaml |  4 +-
 ...5233-238d49dd6e9480e47ebe9505e3055120.yaml |  4 +-
 ...5234-f9f7aa614950622531a31e76990cf4c8.yaml |  4 +-
 ...5235-7f87928645d2c31cf00fa75d4b3905c3.yaml |  4 +-
 ...5237-e0d43cef694a102644215555aaaf71de.yaml |  4 +-
 ...5241-d3213062fc9b1a2c7b785c61361d34fc.yaml |  4 +-
 ...5243-16cbd69900a20c2a15cc998b66c6e30e.yaml |  4 +-
 ...5250-12eb7534db6d3a6b596836d9096b1dfc.yaml |  4 +-
 ...5251-a7efe3d7340eefdf74e75d3be0901882.yaml |  4 +-
 ...5252-64d859df68bf3f0a0838ef413ae7d21e.yaml |  4 +-
 ...5291-0fe998643673fbc89bdce1d6f1c4acbf.yaml |  4 +-
 ...5292-dea0414e4a9baf8defc1d9528b3ab197.yaml |  4 +-
 ...5295-ec95efd2e63d9d89b0c3d769bde2a40b.yaml |  4 +-
 ...5307-9580adf700b409fcf11b1b8ce6a8f986.yaml |  4 +-
 ...5308-a5c381dc4cbdb7060fc30ca87a13ef99.yaml |  4 +-
 ...5314-04bca0e78f8b136ea82b1c4e9e1fafd4.yaml |  4 +-
 ...5315-8f06cbf2f40450a7e41adaa2e12c5c0e.yaml |  4 +-
 ...5334-2196f2a72b0d78d150ae68d55da0fd92.yaml |  4 +-
 ...5335-469ce07115e491efc4cb1c8371dce59b.yaml |  4 +-
 ...5336-93a89e746de1b01ce58a8098e6937879.yaml |  4 +-
 ...5337-76bb7b1a62378179c2a3a748f3a4ef7c.yaml |  4 +-
 ...5338-7ba8529af3436a78498f1c21893b7e85.yaml |  4 +-
 ...5343-c01322d993d29040f70fca990f38339c.yaml |  4 +-
 ...5352-89ce07ac930dc51991979cb98280bbb8.yaml |  4 +-
 ...5355-d27639e06760fb0c9830c5a72e87ab5f.yaml |  4 +-
 ...5357-b915266e3686714da03f11dc90c6893b.yaml |  4 +-
 ...5362-65a9626411491f24b8c3f89e82e2b81b.yaml |  4 +-
 ...5381-b1bb95f8c4ff39f12ce42050633fe6ba.yaml |  4 +-
 ...5385-e1ad7ec25f4d848d78b5d1ca911d7ff1.yaml |  4 +-
 ...5386-8cbb632e23e9fd1207c7a31fa3fa33cd.yaml |  4 +-
 ...5387-1389f4413b4c34ddc59ef4e67e6f0a3f.yaml |  4 +-
 ...5411-1d54b8b23176b36e6deb663d5a8ceaf5.yaml |  4 +-
 ...5412-09c9edd801d535f8b0dc361310e2bb14.yaml |  4 +-
 ...5413-21bae7dd0ccc10547daf0010edb807de.yaml |  4 +-
 ...5414-fedbaf9b75c3966253ac9d4ff4472b7e.yaml |  4 +-
 ...5415-21adcc5933f66f0dc2a717df7e950d3b.yaml |  4 +-
 ...5416-a0259835bb015f0f8ae0efa060f9f185.yaml |  4 +-
 ...5417-e27d960770a662cb31ee7005dde8fb3c.yaml |  4 +-
 ...5419-7e168d2cbd20b0d5ec60c962781efa94.yaml |  4 +-
 ...5425-91dbc533a6be524b4d3d9619ad71cbbc.yaml |  4 +-
 ...5428-f917f02f001372c0ed6a2cbacd402eae.yaml |  4 +-
 ...5429-2e8c881d695b74f611068f96c80b3487.yaml |  4 +-
 ...5430-ec203a9e69230c2878eb1812f2101d77.yaml |  4 +-
 ...5431-74c124627aef7bceecd485cb551c158e.yaml |  4 +-
 ...5432-179abbcb3a9b789dc00b8e0d8f532b6a.yaml |  4 +-
 ...5433-5b0c7f3f3f3d8554824f38539044b215.yaml |  4 +-
 ...5434-d47a1b6b1cff7517a2e9c1cfb877c153.yaml |  4 +-
 ...5435-7138d2ba8421f62a9d8f037aab75e745.yaml |  4 +-
 ...5436-67a5e177b639db224cce52014e47431a.yaml |  4 +-
 ...5437-eac77b73e6b9904c178e050ff0c75895.yaml |  4 +-
 ...5438-b5617dec0fcbbbc761aa88231d94be83.yaml |  4 +-
 ...5439-6068fa535a8253f59a90a4115ac59459.yaml |  4 +-
 ...5448-7ae915288e9c3c74b018a1157e470354.yaml |  4 +-
 ...5458-4e81e30f96ac2459f5d1b33071468659.yaml |  4 +-
 ...5464-08b8cede6b6ee0e0f3a91f475dfd1447.yaml |  4 +-
 ...5465-bee21ffa7faff706d4db361bca23b6c3.yaml |  4 +-
 ...5466-aaaf4480d575f84ecd3c01a63e4a0287.yaml |  4 +-
 ...5467-fcc1cf4316d93103b20ebe799631fe04.yaml |  4 +-
 ...5468-5e71c24603564ca342c0b82fb64d9b20.yaml |  4 +-
 ...5469-7907c4688f5f43998579c328082a69f9.yaml |  4 +-
 ...5470-12af00d20d6054e6e52d985c87c55f02.yaml |  4 +-
 ...5504-2bca208b2748ce062cd1cca09cfae994.yaml |  4 +-
 ...5506-6bb3656a861d0a80040f9af45e87952f.yaml |  4 +-
 ...5507-a73f55993da6bf41bdb201284b107f4f.yaml |  4 +-
 ...5509-b9ee2994c48a1ce98dffc9faf5d855b8.yaml |  4 +-
 ...5525-83eca41cb757159390f58937921ee2df.yaml |  4 +-
 ...5530-7e83efd5775fb18032b0a614d3a4dbf4.yaml |  4 +-
 ...5533-196434d911f0f2030523284b9ab4ed7d.yaml |  4 +-
 ...5565-0d3480d611d68322f3807ad912f13fa3.yaml |  4 +-
 ...5566-c3292186ff6270827e326f6eecd76002.yaml |  4 +-
 ...5567-01bea8ce6854ad71bd30075dcae56490.yaml |  4 +-
 ...5577-d6f90ea934e0ed467a2133d2d162346d.yaml |  4 +-
 ...5583-49548450e8e603c888246b4324b9abfb.yaml |  4 +-
 ...5604-9f49ea16b14f6c2511df8453564cbeeb.yaml |  4 +-
 ...5605-c2468d3ae2dd3b63e789f3e42f85078a.yaml |  4 +-
 ...5606-dacff2143dd0506c8bdad1a273f67459.yaml |  4 +-
 ...5613-a39aab4c2ab62bbbd835d18cf4082e05.yaml |  4 +-
 ...5614-b4a41681eefe755efd70571167096dd9.yaml |  4 +-
 ...5615-05ead7ef23623d246fc2b9a535b5761b.yaml |  4 +-
 ...5618-2885ef88741e4fead832f53749584e1b.yaml |  4 +-
 ...5621-f125bb3227f74edc5c60e8c9d6eb9da3.yaml |  4 +-
 ...5638-4281d6cbf86b1cb2ecab3675e42347ac.yaml |  4 +-
 ...5639-50a35a271362419338fef58cbfdfbd44.yaml |  4 +-
 ...5644-e4f7324bab65bcd3d88d8e669baede29.yaml |  4 +-
 ...5645-74effda90864a740ff398e9c12c52b1c.yaml |  4 +-
 ...5651-b9f4dda3ee3f676f0c301784c74a1eb5.yaml |  4 +-
 ...5658-76a5d195529e4a00633fd456330950cc.yaml |  4 +-
 ...5659-8e5650d777bfcceefcb0d09b97742288.yaml |  4 +-
 ...5660-359a63479caac5270f841c962366bff8.yaml |  4 +-
 ...5661-0445d2e77118d710e79ad9b8b4807a1f.yaml |  4 +-
 ...5662-6e76234b4d1dbafb645996466faffb64.yaml |  4 +-
 ...5663-433814dea51a33a792f1c14558ec0d69.yaml |  4 +-
 ...5664-597aa63a54783e43984bca6c0a5bda16.yaml |  4 +-
 ...5665-b7d244a1858960d6b7b8f5a6b3a02579.yaml |  4 +-
 ...5666-5600898416ea4451dceafd9acde6424d.yaml |  4 +-
 ...5667-20d48d249a9d91a3d81b3c5c649e28eb.yaml |  4 +-
 ...5668-35617caa27e1534d5543f128d4268283.yaml |  4 +-
 ...5669-b18da97ec3842241538c439eaed13219.yaml |  4 +-
 ...5672-8be88bbbbf187ed081686352f66fd170.yaml |  4 +-
 ...5674-95ff4ff837620d6ea480a2d73422a590.yaml |  4 +-
 ...5691-fdf2ccd0e27bd38fe570f70f1b82c105.yaml |  4 +-
 ...5703-a045ed71aa954e6a2d839e45661eb192.yaml |  4 +-
 ...5704-95b40623fcd88a0f55eead954c03a159.yaml |  4 +-
 ...5705-0ade74287dacdefe3e19153b1abafe0f.yaml |  4 +-
 ...5706-768fa7749718c2471763f91755f4694f.yaml |  4 +-
 ...5707-afa388cb5079dcd3f29d050e7cf600e7.yaml |  4 +-
 ...5708-2e27bbe1226fc43e3aceee610de45550.yaml |  4 +-
 ...5709-b5c74375abda0734f64c322204bc8108.yaml |  4 +-
 ...5710-6d13564fb4f4f025b03f3bb2e7eff230.yaml |  4 +-
 ...5711-50be407197651ee72b3d338a1eac693d.yaml |  4 +-
 ...5712-d08dba75a00314181a7ea312016fdabc.yaml |  4 +-
 ...5713-00f8b2060d8c742440ee6fd7c2090104.yaml |  4 +-
 ...5714-6bb233f728b21686bbc5b5d256c952f1.yaml |  4 +-
 ...5715-2c3170861d7bd02e32a5482d1f26ddd0.yaml |  4 +-
 ...5737-9cffec44ea772b6c67672a3ffd4bf0f4.yaml |  4 +-
 ...5738-4b9b30de695a6c7d318c6f418b6450d0.yaml |  4 +-
 ...5740-e11138180e51155554e951dfca6551c2.yaml |  4 +-
 ...5741-eda45ed9fd55d54d8bc8631b38650581.yaml |  4 +-
 ...5742-078c8808dfcbfebd119f13a67915c352.yaml |  4 +-
 ...5743-a6d339b3bc08ee880c9c68cfd52a0937.yaml |  4 +-
 ...5744-3937fc851cb1ff4a5bb8e086fcf8881e.yaml |  4 +-
 ...5745-ccb9140dfd14809f1b9eb83224f5c145.yaml |  4 +-
 ...5757-91cfe4c5d855055ec913db3b32084f9f.yaml |  4 +-
 ...5761-106e6826f0718372efc6e503171c8663.yaml | 12 ++--
 ...5762-3978ba038f6fabf500896400bafac46f.yaml |  4 +-
 ...5774-4187eb8bb2c5fe78d6c93246f1bd60b8.yaml |  4 +-
 ...5798-c365c40f61838d38a40469cd2e67b28b.yaml |  4 +-
 ...5809-248e31ef2c55014a53d3afdb1f6ae07b.yaml |  4 +-
 ...5815-940c3e462fa88340681bbbfe05c2ceb9.yaml |  4 +-
 ...5817-f3d8bdcc3c7e14d05b34d12f8fc7e52b.yaml |  4 +-
 ...5819-0b5a4c4a0addd6f794e40840ce70fde3.yaml |  4 +-
 ...5820-25a9f7730c5842083500e9e166082efc.yaml |  4 +-
 ...5822-230e494196dc43c26e1062437fc400cf.yaml |  4 +-
 ...5823-0439b5ba8ec01f6ad565e8fbfefdff7e.yaml |  4 +-
 ...5823-75dc3c235e29287a43892beb13ca3ae4.yaml |  4 +-
 ...5860-cecbfeb5d8e878e2a09fb45c42f38adc.yaml |  4 +-
 ...5874-838e3be64c22dc1203b2c46a22794d70.yaml |  4 +-
 ...5882-54815dfa4753d9cdf9883b354532f577.yaml | 14 ++---
 ...5886-a04852934ccd4497c8403afda3917aa6.yaml | 14 ++---
 ...5905-5c8e28251cab5b1205b7a87c4a2a1426.yaml |  4 +-
 ...5911-5c48a008fb4b7cf800ee3deda45c5f7c.yaml |  4 +-
 ...5922-427e946f25b6c94eeb7fca443cbb0fb9.yaml |  4 +-
 ...5931-58b37148ce0bdaa5522c3559b2f37ff0.yaml |  4 +-
 ...5939-5185077331b584e736df6ae601c45310.yaml |  4 +-
 ...5940-e4874305a11ba506fee5f820a68e7e63.yaml |  4 +-
 ...5942-62fa04687cc3a59a6c68564d31d19c75.yaml |  4 +-
 ...5943-84ca5039f02eeb82650dbead88aee202.yaml |  4 +-
 ...5953-fdd08ff4357466d1ef831234fd4686a2.yaml |  4 +-
 ...5955-73e00ca7db916ed6c728c1ea942e0577.yaml |  4 +-
 ...5956-1044e73f9f4c90a4318631b027811f47.yaml |  4 +-
 ...5980-e0096662f4021341254048a6332cbd3c.yaml |  4 +-
 ...6000-f3aaaced779e642f2bb1c29db02ea02e.yaml |  4 +-
 ...6005-34378358cea5d52c68afc57717376111.yaml | 14 ++---
 ...6009-caff8f6f354132f41c0e30a99b04fa75.yaml |  4 +-
 ...6035-be6b3b7884ff27a71c7f24387abeb572.yaml |  4 +-
 ...6037-60704a9704a6bd75205a7bd8179ee4be.yaml |  4 +-
 ...6048-c13a04653b2bd4332fed19d99c861058.yaml |  4 +-
 ...6067-8d7a863f5c4efdd21d67e64b56b84820.yaml |  4 +-
 ...6077-5ed7439fdc6a179319e68a6091db0e8d.yaml |  4 +-
 ...6081-1d70e5d002efa976ab87b56edcf9f0b9.yaml |  4 +-
 ...6082-ace575e194919fed8a75c5778dd0bfab.yaml |  4 +-
 ...6090-27287fd1e5df71f58411b21feefa43bc.yaml |  4 +-
 ...6091-fd1e677494c37ae823f0277f9b7da0c4.yaml |  4 +-
 ...6113-84e23826180e38f8c23713de5476118f.yaml | 12 ++--
 ...6114-cf9463289c46f678c704f21fa0d76e71.yaml | 12 ++--
 ...6120-2711228331aed4ad8d57b410230e7202.yaml |  4 +-
 ...6133-956616cf620f8b1a830cdf6f68014a5e.yaml |  4 +-
 ...6136-f18de85deaea25c6fbd01540999d6426.yaml |  4 +-
 ...6139-54b8dea2a513397d549565f2d6307194.yaml |  4 +-
 ...6141-00a2a2e9797fc1a0dfdb2c0093e34725.yaml |  4 +-
 ...6155-933559cdad5a8cb46fa09f456890e810.yaml |  4 +-
 ...6158-537515ca49a9f4b41a11d36cd380e6f4.yaml | 14 ++---
 ...6163-1dcb303214a4e16964564ee6c958b8e1.yaml |  4 +-
 ...6165-00fcc0e6d0a51f0c0f6ca9266dccfbaf.yaml |  4 +-
 ...6187-68293564bc63bf678c3143661b510396.yaml |  4 +-
 ...6196-07cf727b65166fc33c537ed10a4a1542.yaml |  4 +-
 ...6219-631d4cb99a459c16e4abfaa250ae1a0d.yaml |  4 +-
 ...6220-3e3dbd541f7f8bdbabf98ab3f7d5763f.yaml |  4 +-
 ...6222-f4e8b028120d672af95b84876878fcae.yaml |  4 +-
 ...6225-63222bd033aa9c6bf238fe6f7d23725d.yaml |  4 +-
 ...6242-187d65743de5f807e3a3561c30924b2f.yaml | 12 ++--
 ...6244-68358961295abb7462ad91426e0c3310.yaml | 12 ++--
 ...6289-7dfff8c4900f7bbdbc49f6aa2df77488.yaml |  4 +-
 ...6290-fb48c2712fa8a78f7a012c1644582d5a.yaml |  4 +-
 ...6294-9df0586fa1f03eb4aff1b246f09e907b.yaml |  4 +-
 ...6295-81727806f0ca35ac1a1911812f8bc5ed.yaml |  4 +-
 ...6327-f19b67578553b4899e4857d2a0013f9e.yaml |  4 +-
 ...6369-96488db43481ee059de402cf95554483.yaml |  4 +-
 ...6373-ab0a99467dd011ce171b426da9ac5ab8.yaml |  4 +-
 ...6384-ec4121cea31885fa26a199486b7f74e3.yaml |  4 +-
 ...6446-447e8d03dfe04fdb92ac705bfa6b054a.yaml |  4 +-
 ...6447-3d6ad1520c77aad1133699654b17aff7.yaml |  4 +-
 ...6449-8d379cb370e88332eb6d842ed734aa6a.yaml |  4 +-
 ...6456-1f98c7de637a490b84e9178dba93c59d.yaml |  4 +-
 ...6485-a517ff8b627b981a1fe850768f04bf42.yaml |  4 +-
 ...6486-da3f3594c596e882f29a46f5eb088351.yaml |  4 +-
 ...6488-dca1a97a6a5540d73d22b80fbffbb729.yaml |  4 +-
 ...6494-a4bcc5ba22f6cf25dbecf393d91d5f77.yaml |  4 +-
 ...6496-a2bc40be2dd87e9dcd0977a6fdf140d6.yaml |  4 +-
 ...6497-6b95e055e3edeffca7582f29e2098070.yaml |  4 +-
 ...6498-5e5f3cf37fc64d7bac2aaac542661852.yaml |  4 +-
 ...6500-9868f32ae613992060ba083e76a3d3bf.yaml |  4 +-
 ...6524-bed91f2c82382c1fad6f81b58becdcb8.yaml |  4 +-
 ...6525-55933111032f4be98ad6ab7b8ab899fc.yaml |  4 +-
 ...6526-00301543cb972104eceace7da89e80f4.yaml |  4 +-
 ...6528-37ebb1547ffcf7ee914afd4ab2a7338e.yaml |  4 +-
 ...6529-0e6778305a28eacf186b54844a0e5ea0.yaml |  4 +-
 ...6530-4f1dddafa18fba59ec7aef53cc2b0d3d.yaml |  4 +-
 ...6541-3108293e567a66e53a5d8bbabea561b6.yaml |  4 +-
 ...6556-94b50ea832a6fb6b13dcb5407b94970f.yaml |  4 +-
 ...6558-0ced1508729f529a88bdefd2f552e467.yaml |  4 +-
 ...6561-f05edbcd117bd78991a113d104243207.yaml |  4 +-
 ...6583-7e3d963887f74672e4d9f1a2c2d7ff76.yaml |  4 +-
 ...6591-4f73bdbdeaed18569d9edce85c2c628c.yaml |  4 +-
 ...6594-3394a8c6bca4050b8fcb857b11ee3b36.yaml |  4 +-
 ...6598-54778688cb39f84f341e249c6ffef279.yaml |  4 +-
 ...6620-9886017b189939b50d12738a1b1a19c5.yaml |  4 +-
 ...6624-0c813c83aee456b071e95980f729e012.yaml |  4 +-
 ...6626-628e944f1865bad285b75e5824e5bb82.yaml |  4 +-
 ...6627-7b9a92238f85900b8c03567a6a71f188.yaml |  4 +-
 ...6632-5f5be8778a8041dd72149d1e03212c77.yaml | 12 ++--
 ...6635-009566ddcb125b1bb12196db82871dc9.yaml |  4 +-
 ...6636-c16c01b270f8ba46731b798dbc4b70f0.yaml |  4 +-
 ...6637-8450871a53e20b19adaa61e1434e59d8.yaml |  4 +-
 ...6638-53d09e4ac030b1b8d99973338cf6e155.yaml |  4 +-
 ...6645-035b152afda993b6317a93d2886e872e.yaml |  4 +-
 ...6684-912a26e9536c81b126d2560cabd51139.yaml |  4 +-
 ...6694-b957cb5f454b449f583a6eef42317102.yaml |  4 +-
 ...6695-c8a7f0039447f90c8cdf2d5bac0144d4.yaml |  4 +-
 ...6700-9a25bf02d1d516ebfa83ea0a4af36e6d.yaml |  4 +-
 ...6701-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml | 12 ++--
 ...6732-d90dc94bb51dfa2f24514c386a4ae9c2.yaml |  4 +-
 ...6733-00ca2c99ad053400f72b1ad04cedfa49.yaml |  4 +-
 ...6738-98aaf1a94b96eeb1d120f5b84c22c6ea.yaml |  4 +-
 ...6742-d0a21350c57dcbddba5f33bc0580065b.yaml |  4 +-
 ...6744-e37e5d73321c4c6eb17ee3379b565090.yaml |  4 +-
 ...6747-a94721f1db6a21d7268903bae3160d03.yaml | 14 ++---
 ...6776-d37560ff6c6a3603574d27509821e565.yaml |  4 +-
 ...6781-058a642e0573877c079f2c954605d344.yaml |  4 +-
 ...6782-d0f1f9dc5f8553a777fe29b0dbac4733.yaml |  4 +-
 ...6783-b64173f040b81fec7a1fc17ca0c0ce07.yaml |  4 +-
 ...6785-baeb593e80daf8c0e9aa6de629d61f7e.yaml |  4 +-
 ...6798-a69ba668991cc895684ef6a2a0130022.yaml |  4 +-
 ...6801-915f28ed1e0ddfda2fff50d4304f5401.yaml |  4 +-
 ...6805-e0ef3d1097adeccc2f12bfdbdbab9d9c.yaml |  4 +-
 ...6806-55749978c55c3ff34eeaa5813711f342.yaml |  4 +-
 ...6807-616c8823c1cd69f1db936287f2d1fa7d.yaml |  4 +-
 ...6808-d7b2973ce1bce5f224e9a3aa96df9db7.yaml |  4 +-
 ...6809-8199a4f2b40a6eabf0daf50bba86ea3b.yaml |  4 +-
 ...6825-8ce49b249ec2d999d67fd390598bddc7.yaml | 12 ++--
 ...6826-d89b8d067839983b7d38b29c3f8dcaaa.yaml |  4 +-
 ...6827-79c84a24ae01cae4e07f5d580bc271de.yaml |  4 +-
 ...6842-987b044c3bb6f7d497d7cc053aa32728.yaml |  4 +-
 ...6843-1a89597b1bd6bb139b0cbb0c2a6cdcf9.yaml |  4 +-
 ...6846-d3109a73b6d87d8103efae9f126590cb.yaml |  4 +-
 ...6854-b2885ea30200f7cd94ec6f28c25609a5.yaml |  4 +-
 ...6855-e8a21df86ab8f777d41e6648745d6563.yaml |  4 +-
 ...6875-95f3dcaa4b86abab69cc1c0fd09f80aa.yaml |  4 +-
 ...6877-a371f0288a138d0c57e459d338c39157.yaml |  4 +-
 ...6878-40d20dcfc0a9c20d06ce00b51231e085.yaml |  4 +-
 ...6880-1390282d7da53f6dd62f69c33ae3d8da.yaml |  4 +-
 ...6883-6a4b9abd38157d4627731558a0b86be9.yaml |  4 +-
 ...6884-459b18886f45ada6d060921939e88905.yaml |  4 +-
 ...6892-c34557dbe7e75a157fffc6005c83f4ba.yaml |  4 +-
 ...6922-801d1a90cceafe559a3466d4f67a8f10.yaml |  4 +-
 ...6924-8372eec64ff21987a44ee27a8993e766.yaml |  4 +-
 ...6925-7222dd54a342eb0ec1d2eb49f0d0425a.yaml |  4 +-
 ...6933-116a3711d1ab72d436ec5c35678ceddf.yaml |  4 +-
 ...6934-b0fbe8ed2bd5ede12fc8dff6720e9fab.yaml |  4 +-
 ...6938-c7a8bc13237071ee5b2f66d58803bacf.yaml |  4 +-
 ...6941-fa11673c89d7f49c85f8e69d02b295a6.yaml |  4 +-
 ...6953-150204c3648be383cc7b37e155a5d6bc.yaml |  4 +-
 ...6954-de1ce77814c2edc391436dd273126a1e.yaml |  4 +-
 ...6957-31bfcad1a946ead477cc4d9cae0f33ff.yaml |  4 +-
 ...6958-c3b5c2246526b047e580623567471684.yaml |  4 +-
 ...6959-9bf910117bdf6862d3ee1c26c92e6b91.yaml |  4 +-
 ...6964-92efa25c2b07bccd1145767fcc736dac.yaml |  4 +-
 ...6965-33493821da381511f179da2cf195b351.yaml |  4 +-
 ...6967-85f6ac4895a90413fa74a9e82058c7a0.yaml |  4 +-
 ...6969-4c45cf0c9392dc7bd44f9128bee077ba.yaml |  4 +-
 ...6971-5143c97c48d7dbc931ae167f87839db5.yaml |  4 +-
 ...6979-2d6698f89f32609adbc6e12eed98ca62.yaml |  4 +-
 ...6981-2a19a88ce4a92a9c8fbf2df45764b32f.yaml |  4 +-
 ...6982-6d61e0b46b881d3a5609918a45b30992.yaml |  4 +-
 ...6983-a8aacb001d1b5ea46e16ff44cb2daa72.yaml |  4 +-
 ...6985-3a0831746763e4cc6e13a3b507a11959.yaml |  4 +-
 ...6986-1f31c2ba6ee46d152a9920d8ef0adb22.yaml |  4 +-
 ...6988-411de6e419140a33390e4cf84e25eb26.yaml |  4 +-
 ...6990-17ab37dbc7beb458edc5925614c59dfa.yaml |  4 +-
 ...6991-255053b922939496ac6eb4ab1dee395c.yaml |  4 +-
 ...6993-134091eb792475d128936c227b127601.yaml |  4 +-
 ...6994-7ec69e14aaa720fc8a2decec00730012.yaml |  4 +-
 ...6996-3558264fbd3bd3c84b28ca0ff40cd986.yaml |  4 +-
 ...6999-7a55c80cef31b1897125e271418538f4.yaml |  4 +-
 ...7002-69b19f14e2d5ec73b6d0b29b5ce933ea.yaml |  4 +-
 ...7019-c03b6eeac707e2faa28a70a9e28fd5e0.yaml |  4 +-
 ...7029-6576cec6cc72bf932987474c7e82dbd1.yaml |  4 +-
 ...7030-fd0ae4740c5dfc4422b8f4b3f77edf83.yaml |  4 +-
 ...7044-c7afeb04136868c455da71b1177f088f.yaml |  4 +-
 ...7048-06b7c4127350d50d75ab6e5a40c02f95.yaml |  4 +-
 ...7064-d5f51941abb9e332fec6da6716857cba.yaml |  4 +-
 ...7068-4e625904aaffe65e8919040e5c5d03d6.yaml |  4 +-
 ...7069-750d46ec675a067e58f6ca5aa716c8bb.yaml |  4 +-
 ...7070-9a66ad8b0967001fd55d0d45f6e42869.yaml |  4 +-
 ...7071-1092f82974f0d44c05422ba456183db5.yaml |  4 +-
 ...7082-e69997328ca18e69bd3343eedbb036ad.yaml |  4 +-
 ...7084-d7a48a2145831cedc1837e88079bf034.yaml |  4 +-
 ...7085-9a645fa828e0b867db978ce345a20000.yaml |  4 +-
 ...7086-4d2ea21aa8044b97f6f856b2ca032bba.yaml |  4 +-
 ...7088-71268622d169b66d5da459dba61f1b1c.yaml |  4 +-
 ...7089-99ad02b61917183fbf0c75dc39e4e9c8.yaml |  4 +-
 ...7115-891807496f9388f784feeff012bb9ac8.yaml |  4 +-
 ...7154-870c7bd1810589217dfd341e2045182a.yaml |  4 +-
 ...7167-8ee86188c71251e99a8f09d6e9fff31b.yaml |  4 +-
 ...7168-bf3890ad3455b3c44beacb3bebc6b11a.yaml |  4 +-
 ...7198-d64722e01dc579e8e1b721ed84873800.yaml |  4 +-
 ...7199-54a6c2fc6f1decd20e0ec9cd229454ec.yaml | 14 ++---
 ...7201-5c5b5355efecc468361938b2443e7783.yaml |  4 +-
 ...7202-e34616bfa39928844a257bee23d26881.yaml |  4 +-
 ...7203-280e3b3d0994374de6814f38b2990648.yaml |  4 +-
 ...7225-001b828c3c08777c5f66954153002511.yaml |  4 +-
 ...7230-4fbe78a27e0a415c3958fe330e75a188.yaml |  4 +-
 ...7231-a8c0b404c2334a1ce94afe05ce1ef335.yaml |  4 +-
 ...7233-9b85cc5dac11e87b56eb1483e446220f.yaml |  4 +-
 ...7239-49ce77ee7ff4dfc9b11f4efe4714eccb.yaml |  4 +-
 ...7246-b60f7befa67eb443974e00d882b10881.yaml |  4 +-
 ...7251-ec6e68cb23a447be8fad62b8d99d082d.yaml |  4 +-
 ...7253-6ceb62cda68f33df94c6d2d8223676b0.yaml |  4 +-
 ...0201-c7b36bc8204aa5070cf82a1f950c7e42.yaml |  4 +-
 ...0203-b7d7504fc6882ec831aaed54e5e753c7.yaml |  4 +-
 ...0212-82dd6e10056d4e2acdde095ee3c87000.yaml |  4 +-
 ...0216-cc3e06da44808e338c8d593b5ba332ad.yaml |  4 +-
 ...0233-83c99024de6733ef722985ade6213db3.yaml | 12 ++--
 ...0235-4534912fcab3ecf2a9fe501762efc225.yaml | 14 ++---
 ...0236-2c733617d0e1924a092044fd73aaa5a5.yaml | 14 ++---
 ...0237-9a365d69136d08070aadedc43ca85c95.yaml | 14 ++---
 ...0248-15118c222c3d3efe10e0b60b12d7cf6e.yaml |  4 +-
 ...0254-982e9cfa43c440d5e945696eaf09286b.yaml |  4 +-
 ...0255-f594e103526836b64061a1f68427567d.yaml |  4 +-
 ...0256-97fda38a75735b5bdc9de194b151a883.yaml |  4 +-
 ...0326-63b73f38de8e42ff42c365ddf35b05de.yaml |  4 +-
 ...0326-d5a4a92d920eb71aaeb7667326f31fb1.yaml |  4 +-
 ...0334-9ac2eb6aa79c6ee262cfc473810b750d.yaml |  4 +-
 ...0365-4e867da6f1b40e5f079dbf8385eca830.yaml |  4 +-
 ...0367-8b1647a7cae04c475a434c97e40430f4.yaml |  4 +-
 ...0369-e79dfaa6d6a126465f94617b43a94699.yaml |  4 +-
 ...0370-0b7d0113722a4b24cdf6bdf7adba767c.yaml |  4 +-
 ...0371-8cd4e41bc9637a2e580f2b8d0e6a5222.yaml |  4 +-
 ...0372-56d2c56931ff57a31974c2c98619fbfb.yaml |  4 +-
 ...0376-c1aa3c18402d6565768dc2655ac439f3.yaml |  4 +-
 ...0377-a12053c70cb8a7dc00df12e53f227856.yaml |  4 +-
 ...0378-e074a411b9f033a38afc60d73e72553d.yaml |  4 +-
 ...0381-948461229b764fced19a13ef5ba11252.yaml |  4 +-
 ...0382-563c86924064bbeed4e8a4af90017e06.yaml |  4 +-
 ...0384-55265bc94a3e60f3cd5f796b692a1dbf.yaml |  4 +-
 ...0385-5f87f741e48b627a6080cd7b2aa94d46.yaml |  4 +-
 ...0399-1cb42f62394546a329e0486aa05cce34.yaml |  4 +-
 ...0405-fd93b73cf46336153d1b2692824ed6b3.yaml |  4 +-
 ...0420-f49ac78d75e6d3fb0dc3afda46d041dc.yaml |  4 +-
 ...0428-5f88cf9fcaa2bf2f8f88d764e30b12bd.yaml |  4 +-
 ...0438-a01bc9677b84a6e36d4cf67ad2a5dc30.yaml |  4 +-
 ...0442-a8dfb144a96e09ab6fe557b583b0e2e1.yaml |  4 +-
 ...0445-c3136cf32a8ee994d42daa37c82bd5e1.yaml |  4 +-
 ...0447-a516963ffdc1c41b00bc8d54c0948a03.yaml |  4 +-
 ...0448-e5a323ffcfde2fc677ad46470b3d50f7.yaml |  4 +-
 ...0449-a33517bbb57428ced1cfd6968a2c3a6b.yaml |  4 +-
 ...0506-2a3ca00c5df2d9ec07efb3c8b755e2fe.yaml |  4 +-
 ...0508-6738f168d7a8aa50cafb43b72d6946b9.yaml |  4 +-
 ...0516-aba156d650d00c8cf56ce115df0a8a51.yaml |  4 +-
 ...0559-d68b3bd827fa2538356da72861992193.yaml |  4 +-
 ...0561-36882e902da34c7275792dd2c6fee99b.yaml |  4 +-
 ...0566-0489a9c545313d7845eb08297287eaa5.yaml |  4 +-
 ...0585-1a9b2b84b94bf133577af40ec3afb2be.yaml |  4 +-
 ...0586-c945e86e64bc195e431c6da83e2cc2c3.yaml |  4 +-
 ...0593-020ad3f8f39e050397b159e81ed4f1b3.yaml |  4 +-
 ...0594-f3efba04fcdce6cec3efa7cec92aedc6.yaml |  4 +-
 ...0595-d4c78d8203546198e179a467ececd0d8.yaml |  4 +-
 ...0596-1dd9869669e4a7c4f20b2235d2df68c5.yaml |  4 +-
 ...0597-f98418e2a88f3c300252df6d0a548031.yaml |  4 +-
 ...0598-1af00ca27a5fbf01cb83385e2b154d55.yaml |  4 +-
 ...0602-bff9375a673f8d2d232dddd7e1d5201a.yaml |  4 +-
 ...0604-2c9cfaa1b4268406a1d78df84c0cb895.yaml |  4 +-
 ...0608-b10ae50c79331d4dcb069789ed2ad609.yaml |  4 +-
 ...0611-af6803b7659222cbe48ed01e4976d1d1.yaml |  4 +-
 ...0612-96403daec96064716d990b4ed68fc604.yaml |  4 +-
 ...0614-9dd081367b7c3b91dad73b336bd866df.yaml |  4 +-
 ...0615-6cd803f0fa2a9a46d6f2307a3acf4872.yaml |  4 +-
 ...0616-bd26cb20f513a11738059a698b560137.yaml |  4 +-
 ...0617-01c368446b8700dac5340c9b9ddef1fe.yaml |  4 +-
 ...0618-875a676a20644f9b257dd61453cbe7b9.yaml |  4 +-
 ...0621-ce6741d54beed2d67ba4497c046c28fc.yaml |  4 +-
 ...0625-b0586fa88a487c798158f25ead9b6004.yaml |  4 +-
 ...0626-bfd48818a8f8d2ed09939883a8a76d0e.yaml |  4 +-
 ...0629-ff847df8e45ccd8c8631d5e2f3e5787c.yaml |  4 +-
 ...0630-2565b37cf24425d8b3b9a64e0058d4a4.yaml |  4 +-
 ...0631-3f2cad5626e189b4a9fbbf4f777a78e7.yaml |  4 +-
 ...0656-fb622d8a3e8e58dd4ad557e902dc2f9e.yaml |  4 +-
 ...0657-75603149f92181c053a67aa413d7458b.yaml |  4 +-
 ...0658-2f6907ee5c2cac6fd791f40374c04e13.yaml |  4 +-
 ...0659-da73522010deacccd257b4e9a1315635.yaml |  4 +-
 ...0662-f5917cabea5f4d2844b07d04e1880958.yaml |  4 +-
 ...0664-12cfc5e2c42c1035bf0a62b514ef0564.yaml |  4 +-
 ...0668-f22c4e2a2ebc3ea71e41c368cf894811.yaml |  4 +-
 ...0673-d7741f047915382e7e65e25c2ecaf00c.yaml |  4 +-
 ...0678-eee696eab23205a2046e2b67a8b48808.yaml |  4 +-
 ...0679-15626a5f31201ec9a6bcc2f5d39038c5.yaml |  4 +-
 ...0685-6eed35694a75496bc23819374091960c.yaml |  4 +-
 ...0688-380fec032d7d63f91e53bba15b6960ee.yaml |  4 +-
 ...0689-30ced7d36e2903b8ecf83d1c6ae8e869.yaml |  4 +-
 ...0691-7d0952eb6cd34263da0c111b4d2da259.yaml |  4 +-
 ...0697-6cad3fdbb1d6f65f827e62fa999a9d63.yaml |  4 +-
 ...0698-72000fe0c780a49eca561c11357809c0.yaml |  4 +-
 ...0699-780696e15f2e9c20283c58547979c77d.yaml |  4 +-
 ...0700-0cd1e08a1b0cf9639f9192490f465d8f.yaml |  4 +-
 ...0703-7e2dc330bdadb62eadfb9a21217d5798.yaml |  4 +-
 ...0719-713789bc3ffbd71b9430af55e34d0b0b.yaml |  4 +-
 ...0766-aa0d08f997d780bef53fffda596a65a2.yaml |  4 +-
 ...0779-8100bca7f40bd5eec7ce73b26e775600.yaml |  4 +-
 ...0780-47817571e00845c157bd7b162b48263f.yaml |  4 +-
 ...0786-d482e085c2e103ed9accb9a0cd94ae4d.yaml |  4 +-
 ...0791-89b2790236539e015ae4e5bc957d832c.yaml |  4 +-
 ...0792-cdab814f5acb52d3219d4930f7ee1f81.yaml |  4 +-
 ...0797-1fba8e9934d599624fea9971897c6598.yaml |  4 +-
 ...0820-654c8b4c06cccd2b893fe7f42cd13fff.yaml |  4 +-
 ...0823-2f36bf28ff455df3f6e5bee8596dc834.yaml |  4 +-
 ...0824-d0e696248d665e9f0a517c6587bde743.yaml |  4 +-
 ...0825-bebe54861e63e8c1edcba180c7d233b2.yaml |  4 +-
 ...0826-5f28fbeb41c87c1968016458f52b73af.yaml |  4 +-
 ...0828-4eaf37cfdef1b74dc7b626ac3436d2c6.yaml |  4 +-
 ...0829-6fee77f4c30ccce8c47c0e8979fa4163.yaml |  4 +-
 ...0834-0fb47ccc27ee413d414cd8b0ba979166.yaml |  4 +-
 ...0835-a2114fc45474e481aea36dcc9b5f1c4d.yaml |  4 +-
 ...0836-6a28dfe4469613c00410a3afcd856457.yaml |  4 +-
 ...0837-91833325e07473e81e8f172735b05fa1.yaml |  4 +-
 ...0838-dbb7ef50cd218fd39017d67c755de559.yaml |  4 +-
 ...0844-7d2e01fb5142e419d7f12bc8417804ab.yaml |  4 +-
 ...0869-f64da1b37b4c50e68b9872eff4ca509b.yaml |  4 +-
 ...0871-31a5f54f51f59ec02334f6066d4afc3a.yaml |  4 +-
 ...0873-498902087f55cd027211cbff49f69fac.yaml |  4 +-
 ...0895-2c9be73a62038f3d8273efbfe3ddeeff.yaml |  4 +-
 ...0896-a48a705bfc66279fa96d49ee01ec64a4.yaml |  4 +-
 ...0897-b00000526bce4d638ca8288e0858fb40.yaml |  4 +-
 ...0898-9273f5ba0fae5fff2a4a50e2ed96c406.yaml |  4 +-
 ...0900-e41adc177b897ccc45ae52e5f4de56b3.yaml |  4 +-
 ...0902-9feb5154944f3d4b90bd9e0974af5d4e.yaml |  4 +-
 ...0903-61ee64923a0fe1e6df3a4bb79ec27733.yaml |  4 +-
 ...0904-fccc44e164a0cbb0e0c232ae976cbb5f.yaml |  4 +-
 ...0907-6e45966d9ef8042467981ba9a26f57f6.yaml |  4 +-
 ...0908-504571f3f4f99ae23a7efdf0aa6a64d7.yaml |  4 +-
 ...0913-d1fe516e72277a6efd50d79a0cef3b2d.yaml |  4 +-
 ...0951-04f6cc7c3ad39880573726a5f936d0a4.yaml |  4 +-
 ...0952-4ba36f479c72328d41a5d7367a3a95ba.yaml |  4 +-
 ...0954-c784400f0eb0916fb123587bb1f7a008.yaml |  4 +-
 ...0956-4cd083213286b4e4a8589cde5bcde660.yaml |  4 +-
 ...0957-c1749d6ed9c579e061b6c82357a7d855.yaml |  4 +-
 ...0961-9b450d4afbc0c12b819c42370b2e9a09.yaml |  4 +-
 ...0963-b6900545e2e4c40eddb286d1788c8880.yaml |  4 +-
 ...0966-76ebe4a4bfefd9bdb89c2aafde46a61c.yaml |  4 +-
 ...0973-f5225829b9851280f9730cc7388f8c93.yaml |  4 +-
 ...0977-e56f591ae1b5802507934b44dcafdc98.yaml |  4 +-
 ...0983-326d3f5baee82478e64ca11a4a66dbf4.yaml |  4 +-
 ...0984-4d89ea84ae0150939c78e1551488e87a.yaml |  4 +-
 ...1038-a0f8dbe86bd25cb76ecd0536100264a1.yaml |  4 +-
 ...1041-785b1c3458487127cc883fbac1f1ef7f.yaml |  4 +-
 ...1042-4750f217b4fbd830bf2a4ee2b5c1530d.yaml |  4 +-
 ...1043-2f9298ab3f6a9cf7ac470aa68de57def.yaml |  4 +-
 ...1046-813e33d3439eeca37bb846e820e1b423.yaml |  4 +-
 ...1047-92df025ccfa89a1351393b8f44caea90.yaml | 14 ++---
 ...1049-4086933ae9a93ef9f0adb45c61ef5080.yaml |  4 +-
 ...1050-67ac2a423d1da6f86cbac7c3e9485c2b.yaml |  4 +-
 ...1051-3b8bb6063c635c2a8333462322de6a1f.yaml |  4 +-
 ...1053-2f07eb6c891e38765db750c63d86a120.yaml |  4 +-
 ...1054-a2e4cd3309d1f111f649373058fb4d50.yaml |  4 +-
 ...1055-6a1e6967396b1126582c6ee0a5fede17.yaml |  4 +-
 ...1057-a09c2c9abc79ca137e522820700cc3d7.yaml |  4 +-
 ...1058-e42a9ef463fb91cd20488d17488f8aed.yaml |  4 +-
 ...1061-3e71b451d444e56f20cac2bd5a92795e.yaml |  4 +-
 ...1068-64f66ce5bf8a7c60ba469ac77d7c053d.yaml |  4 +-
 ...1069-b1d3b6bac2cc1e1f3e245ca1837d27ff.yaml |  4 +-
 ...1070-c33a17581ea3c88326cc98d137f0e313.yaml |  4 +-
 ...1073-3171c38b67df36d18560a0a3bce363f3.yaml |  4 +-
 ...1074-73d0b7fc0e78937e14e64656fc0eec81.yaml |  4 +-
 ...1078-e8c4ecddb52fde1de74da4b2c7a57560.yaml |  4 +-
 ...1079-64b00495d7288bbf7260545472f9a87a.yaml |  4 +-
 ...1080-ac5ea49d172b7aeae239859f4682fe56.yaml |  4 +-
 ...1081-f9ee3cd75d7f36da24c7816038266548.yaml |  4 +-
 ...1083-aa5a6a671fb5da473aaf8781afbfa3bd.yaml |  4 +-
 ...1089-4f4ea79c6be4308e1d54d5b19b226c52.yaml |  4 +-
 ...1090-0f06a0233bd37a56c0b489be748f0408.yaml |  4 +-
 ...1091-433406de2bcd419520bb9dde58f80311.yaml |  4 +-
 ...1092-9e24f5f31aefd98727b13ebb0dfe3151.yaml |  4 +-
 ...1093-37d8f4614be006df7ea5c5c8ccf22b6a.yaml |  4 +-
 ...1095-c4ae84dae7d5de9c58b9c493377ad809.yaml |  4 +-
 ...1106-91995026ff620283dce0ded1573ce367.yaml |  4 +-
 ...1108-f9def0ceb1a6b24330f85d2a5c68b378.yaml |  4 +-
 ...1109-3472d41d965a1eba1565dbf3f6f91c0c.yaml |  4 +-
 ...1110-2e10545dd7017e6f584fc20c4f8e8985.yaml |  4 +-
 ...1118-f884e1e5931aac898c331db3ff9b0a47.yaml |  4 +-
 ...1119-788617c7c507dc55ce43d126204f73e2.yaml |  4 +-
 ...1120-13f75b4807aa41447c76b6287198f0e6.yaml | 14 ++---
 ...1121-019da25ecceb2c42293b8bf9c83a7180.yaml |  4 +-
 ...1122-470fcf5d296c10b95ff256d3ed543789.yaml |  4 +-
 ...1123-8aeb2b8f9fd8f5408bc5cbce23cde23a.yaml |  4 +-
 ...1124-0518a583283f442e889b7000a0f04a7c.yaml |  4 +-
 ...1125-42040b470560c747a13bf2788592d50b.yaml |  4 +-
 ...1126-5610b8d447f64bccab677eca7d6526f5.yaml |  4 +-
 ...1127-3fbde3febf513db2a577aee06321eb0b.yaml |  4 +-
 ...1128-7feda050b3f384761620a931ffec2f7f.yaml |  4 +-
 ...1129-f0ac080b3744a919181119313b1bddf9.yaml |  4 +-
 ...1130-2d87227c0a1b8cce209867e1a3357d5b.yaml |  4 +-
 ...1133-015631a41e17e7c68847b5f1f1c1e6e5.yaml |  4 +-
 ...1157-005e163e7b395198e1ed48634c687240.yaml |  4 +-
 ...1158-5a3c975faaff05174a403394f594d251.yaml |  4 +-
 ...1159-2109981df34c3c3e10e9a3ff3ab51437.yaml |  4 +-
 ...1160-e2f4a51da7010a4270e848488a346f79.yaml |  4 +-
 ...1165-a6227d9d923140efcf18978d7c277e53.yaml |  4 +-
 ...1166-23084d0a675ec1fe2de5f06c696330cf.yaml |  4 +-
 ...1171-200d6c881afb4e097be1558e49c07780.yaml |  4 +-
 ...1172-1a4b02751bb2128579758045cc80caa1.yaml |  4 +-
 ...1173-b7e69e83c8c59004ad0e6d101ab301ac.yaml |  4 +-
 ...1176-164d8e023bea2a9cf66601d6c8d87f66.yaml |  4 +-
 ...1177-dabe11ac9a89ef7717da39d4e9cb7dcc.yaml |  4 +-
 ...1178-12303619a441af1cb4218513536dee14.yaml |  4 +-
 ...1203-ed938d6748a55c68d3afc00fc2604d10.yaml |  4 +-
 ...1204-dc129067ca38c26e19992abcd62ec625.yaml |  4 +-
 ...1205-5b8de369a947d5ef9762408c0a15df35.yaml |  4 +-
 ...1206-827537b84b4ae3840c51006c12ccc5df.yaml |  4 +-
 ...1218-5837868c169d6f2b8a500d8da35501e2.yaml |  4 +-
 ...1219-455ef09d7d7d2085e1e76af071d802ad.yaml |  4 +-
 ...1229-ebdc4e179afbae0e73d5291d7befe15e.yaml |  4 +-
 ...1234-f3fab83347fba28adb4199c2198991f2.yaml |  4 +-
 ...1235-3c3007d2c808c5107195ff3e0b9f940c.yaml |  4 +-
 ...1236-84d7b8eee39d9201723ad33de86e3865.yaml |  4 +-
 ...1237-5adfa5eb8fa56a7df3a28304be530aa5.yaml |  4 +-
 ...1238-e064b41fe8a39fcee76359d8531bca53.yaml |  4 +-
 ...1239-998f619282ed25afacc39847ff214ad0.yaml |  4 +-
 ...1242-53bbdc5768caf77b3864368c8b4ad9d8.yaml |  4 +-
 ...1273-750a764136a41cb3d1ef7fa35a4e6897.yaml |  4 +-
 ...1274-7598877f4e713405d9e74bfad63425fb.yaml |  4 +-
 ...1276-8e520f19b2730c335f2344f32b135ff7.yaml |  4 +-
 ...1277-1fa0a5990488e25fdbc5ceea9aa094d8.yaml |  4 +-
 ...1278-7e2aa27b61aaa1e5ca65bdc32112a6a9.yaml |  4 +-
 ...1279-fce0c7de1ac72dbab0de3f1d5f219540.yaml |  4 +-
 ...1282-83be75cbe83d286de0e56bf13cde5945.yaml |  4 +-
 ...1285-f83002599a8aabe9f476ac830785a4d7.yaml |  4 +-
 ...1288-84ecfe35530dba1d6d850c87907091be.yaml |  4 +-
 ...1290-96ed0838fd20f84264d3c063e2ba926e.yaml |  4 +-
 ...1291-7d6d564d16561c7bab08d495e46b51fb.yaml |  4 +-
 ...1293-44eea350bc1338780b2a377c7a4acfdc.yaml |  4 +-
 ...1296-4f15003c85cf67398b6ba79713bb96a7.yaml |  4 +-
 ...1307-305aa37d733d46f38e2d556cd38a63ea.yaml |  4 +-
 ...1310-6b050fdad6f07dfeb11a710487994604.yaml |  4 +-
 ...1311-7310ba3269deb60929ca945cac8767e0.yaml |  4 +-
 ...1315-e39757704ab66d7ab58f6ee33ac96e65.yaml |  4 +-
 ...1316-2581131a04f529b6a1d76a0e92f4b955.yaml | 14 ++---
 ...1317-566fe474170295f900e413573209c71a.yaml |  4 +-
 ...1318-49fc80b8d756a56dfe95c5a6032f1087.yaml |  4 +-
 ...1319-4df3cdb7c674def16735b8e037827c43.yaml |  4 +-
 ...1320-98364cc3fafc257904edef9d7b1a931a.yaml |  4 +-
 ...1322-a3e8c0ce1e12ba9e5616261592070d69.yaml |  4 +-
 ...1323-6440d16b09a3de3d5784ee99cd71888c.yaml |  4 +-
 ...1326-045b6020dfc1ed99134f3177a28e643d.yaml |  4 +-
 ...1327-0b6d48f80755becad907191d56a4faea.yaml |  4 +-
 ...1328-d7690abd96f47b63d2e6b2b27468ddeb.yaml |  4 +-
 ...1331-97f6d832d77568cb83cbfd8ed5696c11.yaml |  4 +-
 ...1333-05afb40274ed6e7e7ee85f9181367788.yaml |  4 +-
 ...1337-b8c540477ad8f7b59e43be9ed6a57e18.yaml |  4 +-
 ...1340-88f9434afbf3660fe0710b500aa999f9.yaml |  4 +-
 ...1341-4d70d402016d1f4b86f60918b22119da.yaml |  4 +-
 ...1348-efcaa0147762fa54393728f49e9affeb.yaml |  4 +-
 ...1349-70a205acd44742a9f8e261e79a40ad0f.yaml |  4 +-
 ...1352-095d7ac917f72e37e9bb35fbb61b06e5.yaml |  4 +-
 ...1357-7cb2639ce12fe262360726f38fcd9d92.yaml |  4 +-
 ...1358-974e69c005824474ea421d11c0a2e8fa.yaml |  4 +-
 ...1363-5c300627494a1ad1099275af163a3e49.yaml |  4 +-
 ...1364-6b5638f86300bb8cb925bbc8ddae3c32.yaml |  4 +-
 ...1366-e3b2d19a0133da498045d08d6862f535.yaml |  4 +-
 ...1368-73f67eef9808ee2307cc661b7742b37f.yaml |  4 +-
 ...1370-7a445b6bbe1f19472fb82aa1ab2d7a3a.yaml |  4 +-
 ...1371-ffa89e4112fdba734a5ff64b0534aeff.yaml |  4 +-
 ...1377-14492d14fdb2635abb58842e5c9c262d.yaml |  4 +-
 ...1379-9f77fe459a0e5283ffcbf11ae93f5733.yaml |  4 +-
 ...1380-459e9e8ff0ce6dbbd756036aacf40336.yaml |  4 +-
 ...1382-8665b291868b7068ace3fa9c23d3b9d6.yaml |  4 +-
 ...1386-26c3585e6e7fad9c8d3a82c1982ff984.yaml |  4 +-
 ...1388-3787d9c397d58c6e8f2c674f16ffe8c1.yaml |  4 +-
 ...1389-ca8deb8cc99a7e80212ae873b89f0b6b.yaml |  4 +-
 ...1390-134f2819e254034a77fb510bfe9b93c9.yaml |  4 +-
 ...1391-54120e3f5fb914e9169ba2eee6152b5b.yaml |  4 +-
 ...1392-68cc06979ff8bb95723bb04a557ffaae.yaml |  4 +-
 ...1393-3546c72d408f5a6ead5d764bba6d4ef6.yaml |  4 +-
 ...1396-a06dc2822d205c30829a39942b5c0aee.yaml |  4 +-
 ...1397-b8980aa84f8cc55308551be159a27546.yaml |  4 +-
 ...1398-b7beb3a7782030a0bf8580cffcb377f0.yaml |  4 +-
 ...1400-50358f3970bdc1205a29969915a6519c.yaml |  4 +-
 ...1401-81e5332e3881680e9eac9f42ea7f36ca.yaml |  4 +-
 ...1408-ce05c14849e5f32e89c54867b5580301.yaml |  4 +-
 ...1409-0e94d67e78f08a20056789a0d440afe2.yaml |  4 +-
 ...1411-328a1085ce78b77ac077833dbb3621ab.yaml |  4 +-
 ...1413-4ab49877e45f4a964303177554e78a85.yaml |  4 +-
 ...1414-824dccfdb78b425ce34b0edfaef506c4.yaml |  4 +-
 ...1416-a64ff7d479ea82b36b6d5de70a97fbae.yaml |  4 +-
 ...1419-421c48e1cd35997d3959562c69cf5279.yaml |  4 +-
 ...1421-cbef84b88c0a2eb6e68bde27c710114f.yaml |  4 +-
 ...1422-9260b43e6ac9e5101461f0e5b3ca5c55.yaml |  4 +-
 ...1424-b1b366ca92b9c54e2c2fcc9208d3c99a.yaml |  4 +-
 ...1425-ebf721c6b992d7c7bdcbf869b188ed93.yaml |  4 +-
 ...1426-e5cbcd667f6374a7cacb1531a9b3233c.yaml |  4 +-
 ...1428-f4f911fdf61cb94da9a5aa199fbba441.yaml |  4 +-
 ...1429-88c402ced2fc7c5811d5e082ac94297b.yaml |  4 +-
 ...1434-7678a4c43bf3743b099ecbdc547aa500.yaml |  4 +-
 ...1438-47760446230886f970132bba81795035.yaml |  4 +-
 ...1445-ffddbf496e7aaec02b6e7ddf918beed0.yaml |  4 +-
 ...1447-5adaf21161b5d5d8e7d95c715efbd0e3.yaml |  4 +-
 ...1448-6150ea7134cb72d73e6e7ce3f51ab46c.yaml |  4 +-
 ...1449-2278ff8679ddb3e8d29bcac77bb31452.yaml |  4 +-
 ...1450-373cd634451823c6ebf5fcda405d8cd5.yaml |  4 +-
 ...1458-f7fd1f97dac21964944e06746d183317.yaml |  4 +-
 ...1461-fc5e0217c3dc9969d4594ab0394109b5.yaml |  4 +-
 ...1463-ffbfea6a2970df28e2afd4173682647a.yaml |  4 +-
 ...1464-7278c1d5f51388c1851434ad959c1788.yaml |  4 +-
 ...1465-c4f6d0a939cffb23c47ad426a3f0d45f.yaml |  4 +-
 ...1466-6b0cd31bdd2edf441adfecb677828dc9.yaml |  4 +-
 ...1467-9449b2c65db0c3fbbcb51d4c753869a4.yaml |  4 +-
 ...1468-49fe6661a7e83dfa08fd330a80312c71.yaml |  4 +-
 ...1487-8e81f52602da7d34f1be2c2a8e304501.yaml |  4 +-
 ...1492-739e325811d595a476c8a9d5ed5b690b.yaml |  4 +-
 ...1496-ec1b9ba6cd34426926dd05163ef9cdaf.yaml |  4 +-
 ...1497-6f08ab84e1cb8caf7e2c6c058fbbbb3c.yaml |  4 +-
 ...1498-70c45809c8b9b14259a0bbce1a7bc3da.yaml |  4 +-
 ...1499-911f38a48744ee0cba908ae42a0febe1.yaml |  4 +-
 ...1500-7df172b3edf3e84909e57255e5af7560.yaml |  4 +-
 ...1502-78fae6f744a75ffe299dd93a24365b9f.yaml |  4 +-
 ...1505-9f9b469ed3c99cc2601f251ee6ef9e63.yaml |  4 +-
 ...1506-4856ea4fa23608af898ff19809065029.yaml |  4 +-
 ...1507-889847d33809b1d03070e688df75ac6b.yaml |  4 +-
 ...1508-7c8990ed736a3cb5113e28a3af38b444.yaml |  4 +-
 ...1510-edf5537839b9111e9296303d5a76a556.yaml |  4 +-
 ...1516-bf5cbdf8020a636cc9f21e15a59d9023.yaml |  4 +-
 ...1519-6819e71a564d878e4f4419dfc409235b.yaml |  4 +-
 ...1521-52d465c21905272814a823dbfaac019a.yaml |  4 +-
 ...1533-a3c60d763b55ba109d8e7ef5cc4b73cf.yaml |  4 +-
 ...1534-7832435d7568bbf632e364a36f5e57e1.yaml |  4 +-
 ...1535-ea7c82866444834be834917feb8c07e7.yaml |  4 +-
 ...1536-cbede89175ad7b3a47d5ac8fb29d35bb.yaml |  4 +-
 ...1537-8bd60d8d3ae1eb23eefce0f380d89e1c.yaml |  4 +-
 ...1538-125b5a46ac07b4fbf1d6669e65082c22.yaml |  4 +-
 ...1541-b108894447f4647f7c71dc35d7e7ee8f.yaml |  4 +-
 ...1559-8eaf2fbb99993016796df5f74fcedae5.yaml |  4 +-
 ...1562-792043f233fdfdf73c23cd58a8394e1e.yaml |  4 +-
 ...1564-8bdef51e6a9551cb787f034110fc0fe2.yaml |  4 +-
 ...1566-b6235d62fa0b8b99245758e77840a37a.yaml |  4 +-
 ...1568-d2de41ee5b97d7c9433fd01d3f1c9751.yaml |  4 +-
 ...1570-88e8a642963113f357e180145695e08e.yaml |  4 +-
 ...1571-348b2d2c08f931f9d2b3643ac2152b3a.yaml |  4 +-
 ...1572-bd4d77259e44439674b77141abd7a906.yaml |  4 +-
 ...1582-73bf56678d08f13f561affd2573b6e8a.yaml |  4 +-
 ...1584-8fa6b82859e5d82c0a64a9973f57957b.yaml |  4 +-
 ...1585-80129a218b0d8978bbb5382fd0cace63.yaml |  4 +-
 ...1586-24a60434e502bd4fe3a3e9f654b441e8.yaml |  4 +-
 ...1590-05c61ba0f98849485be0002b6c76289c.yaml |  4 +-
 ...1637-b160f2225fa61e39751381696b9f32c3.yaml |  4 +-
 ...1641-0a2080d70a92fba8a8847abac6eea304.yaml |  4 +-
 ...1645-8b372eebc313c06900867e460f19a6e4.yaml |  4 +-
 ...1649-dd16da990120154a69703f2e9dcba084.yaml |  4 +-
 ...1650-2f5fc8a76419fe6bea249f884a02d85d.yaml |  4 +-
 ...1652-bf5e4013e055d945f3801300e58d2936.yaml |  4 +-
 ...1653-c408e44047c03520c426eb804c18a88a.yaml |  4 +-
 ...1660-7b68da6e2373d2ac5c585efcf03c710b.yaml |  4 +-
 ...1664-41e0b9bc5daa86f41c29f0c4deb81563.yaml |  4 +-
 ...1668-9abc850c93257e8269e3f6780cf7c973.yaml |  4 +-
 ...1679-1003d8c4cbec4c692768d02c2deb833d.yaml |  4 +-
 ...1680-5332275b2ed1bab71594c8fbd6d44f11.yaml |  4 +-
 ...1684-89238e69360283d59cda9a307dc44ad9.yaml |  4 +-
 ...1685-d57b4e44c91b72a924430dae58b27aa4.yaml |  4 +-
 ...1686-179df283f6f4faa0dd973e427dd4bc30.yaml |  4 +-
 ...1687-5cee27767ae5190db018a1cdcac6e39b.yaml |  4 +-
 ...1688-60fd57f03f391911c0b737f75f701788.yaml |  4 +-
 ...1690-fcef50fc4ab0d04c6eb8673c640961fc.yaml |  4 +-
 ...1691-9f787a2ef36698ab9d958e79e9a7609e.yaml |  4 +-
 ...1692-facd15a60590ce98592dd0da5f942c33.yaml |  4 +-
 ...1693-3992d1400a14226b637a309e355d88df.yaml |  4 +-
 ...1697-b9bdab270fe39bf9e158152b28713054.yaml |  4 +-
 ...1710-1b768170ce1555d79635fdd71ff99339.yaml |  4 +-
 ...1712-1ad6aee2c1707dc46ec5695ab78feced.yaml |  4 +-
 ...1716-7fb9197171618e79a095c113a75de482.yaml |  4 +-
 ...1719-a742d112c80df865f27dc03fd5bad80a.yaml | 12 ++--
 ...1720-1ab35ec2ada14325b98997bb858be8c8.yaml |  4 +-
 ...1723-dee8b4970935a0806a128f5493b5e0f3.yaml |  4 +-
 ...1730-b5d8ae30fccbde3a30e869d152e37902.yaml |  4 +-
 ...1731-176d59252e2a1ced83fc8440cad1b0f5.yaml |  4 +-
 ...1732-b2a85d8fd51446e550fee890b46b39fe.yaml |  4 +-
 ...1733-82ccd5e1aeac71fd905aec731ee6d6b0.yaml |  4 +-
 ...1745-3fcde9cc662e3ad45e20c993057641fd.yaml |  4 +-
 ...1746-9fed5404f994e2e62aad7f01b29dde3c.yaml |  4 +-
 ...1751-ee13651f12379100949dbc5d6ec901e8.yaml |  4 +-
 ...1752-bbb0e39e4c65975737c298f09a794bf6.yaml |  4 +-
 ...1754-9980c05da6f848a401a8e11f20123173.yaml |  4 +-
 ...1756-fc1bee3fb68d7c35aad200db5adf3590.yaml |  4 +-
 ...1758-c713f885667125d83707da22fe966bb2.yaml |  4 +-
 ...1759-5e4d2604a5e90cd0dc912e39171976ad.yaml |  4 +-
 ...1761-50ffb87c6ba7528dcf0d0be367e8a965.yaml |  4 +-
 ...1763-0f9348eac96a42ea06d72213f997cb8e.yaml |  4 +-
 ...1767-07a77988897e3af64d686b49eda84d8d.yaml |  4 +-
 ...1770-85f58ceac5f2aff68a6dbc6ee57ae093.yaml |  4 +-
 ...1771-e9ad128afe18da7565a18caa795c2ef0.yaml |  4 +-
 ...1772-6182145f7b993029088ccd0a82af0476.yaml |  4 +-
 ...1773-3f477473c5a3237b1cf487ce20b4000a.yaml |  4 +-
 ...1775-b5ffaf80d661d564c9b660398c6daa12.yaml |  4 +-
 ...1776-6038d8499b4a66981281a09913dec32b.yaml |  4 +-
 ...1778-338378bbb7402de89fbb870142f8402e.yaml |  4 +-
 ...1779-1c83a92e446554fa5dca6a3142ee08a1.yaml |  4 +-
 ...1787-45ed5bc2a620f7b73012888c5d094ada.yaml |  4 +-
 ...1789-4cb0701b6db05c073e2060623ec2f204.yaml |  4 +-
 ...1790-8d9637ff6f7495cd146495e0fed931b5.yaml |  4 +-
 ...1791-291a48e25bfa003aa951458172971d46.yaml |  4 +-
 ...1792-8c74a48bb6b992ea1d77056b8703ebf9.yaml |  4 +-
 ...1793-16c74e447f178d9a81be3266e07ecdda.yaml |  4 +-
 ...1795-fc942581b6d806c7e158aaa084482451.yaml |  4 +-
 ...1796-d97caddab7bd05fd7de5182cc29d4629.yaml |  4 +-
 ...1797-dea805289f838218c2f4999e6fa41c84.yaml |  4 +-
 ...1799-aec7b68517be6133995e008e368392d0.yaml |  4 +-
 ...1802-1d3dbd02fa5b7205872c8a687215c897.yaml |  4 +-
 ...1805-16bf911b12f5300e0830fe4fc1eb1ed0.yaml |  4 +-
 ...1806-0698a66e8bb0aa2a8b088a7a1889cbc2.yaml |  4 +-
 ...1807-65c990e02c196c01529c8a603f8098c6.yaml |  4 +-
 ...1808-5f9c4587b984a64216df76781ce699a0.yaml |  4 +-
 ...1809-70ab06ad0d2802465de5c71330534e85.yaml |  4 +-
 ...1840-9af98782950e2bb2fdcec622ba259511.yaml |  4 +-
 ...1841-86b92217e832cff4cd144076070304be.yaml |  4 +-
 ...1842-83ebb5cd5f6dc281ececf75915c27b14.yaml |  4 +-
 ...1843-5a61a27c8209633543dc7131ccce0c7b.yaml |  4 +-
 ...1844-83c485f2e43507746d6f598a094e8632.yaml |  4 +-
 ...1846-36493737cc718a786fc3dabd10944cc2.yaml |  4 +-
 ...1849-11af501cd400c11d4471a7dd2fad2f1e.yaml |  4 +-
 ...1850-9eed014edec42d5cd4860053e291ce89.yaml |  4 +-
 ...1851-67b32c2b2aa638ff335d272cd6273e53.yaml |  4 +-
 ...1854-61d212d2e307b78bf3e793271bc28e50.yaml |  4 +-
 ...1857-3a32b3729ec435ff7a8be0b786f133fc.yaml |  4 +-
 ...1858-e6650062a97ccf46abe2dbd6696321ce.yaml |  4 +-
 ...1859-091efbe9d1188b98a534caa4402e018b.yaml |  4 +-
 ...1860-1198314be1810779166a4e03d8729a10.yaml |  4 +-
 ...1861-52d5b418dd2173338819829d8805e340.yaml |  4 +-
 ...1862-754ce0f32f23ec71660fa4b4da98462b.yaml |  4 +-
 ...1870-7af76cb753c181fa25d318d1a52543d2.yaml |  4 +-
 ...1872-3e24dfff2b5771f43f4fe5ad4a241e28.yaml |  4 +-
 ...1893-7e74a978e0fcd8ce34e332a78ac6415d.yaml |  4 +-
 ...1894-a36b6c8064388eb19a8195201a1f8d8d.yaml |  4 +-
 ...1895-86218768d044c8a0a41ad3c63743810a.yaml |  4 +-
 ...1896-1064e143eb72cf1f7f6e0379aeb06d2d.yaml |  4 +-
 ...1897-b56d867b606b433de9a6f7e49a5d4259.yaml |  4 +-
 ...1904-55dfb8067a9d9a28485a43b25b96a7c4.yaml |  4 +-
 ...1905-96ab3b40e77e6543e8b3a6fdd1944579.yaml |  4 +-
 ...1945-2b5549b3c83c7777a1b6e0311c345bd4.yaml |  4 +-
 ...1946-81d04df7ff5b0fa9ae3cc7f6b2f9eb6d.yaml |  4 +-
 ...1948-860548571db1d3ac7f3a8905c5f28f8d.yaml |  4 +-
 ...1950-26d0ee067e8dc6608c7e062864b37750.yaml |  4 +-
 ...1951-bbfdb718b30267886c66b70ab8a80fee.yaml |  4 +-
 ...1957-86bbc19d9e21d4915eb630a058d87bcf.yaml |  4 +-
 ...1959-cf2b6bb9f998ed8bc8db5b63bcf57bd0.yaml |  4 +-
 ...1960-9d840efd84947ddae0da773e8bea6c66.yaml |  4 +-
 ...1974-c8bc0703f7a40b6110052093d1b42354.yaml |  4 +-
 ...1977-49049729ee40c19e1754ddd17e7749a5.yaml |  4 +-
 ...1978-5ca6e072da0718d54bf45a16b11714b0.yaml |  4 +-
 ...1982-70efeee5b28a1c15fdfabb1bea0a8d31.yaml |  4 +-
 ...1984-3f304f35d6ee539a7dae259777309bd7.yaml |  4 +-
 ...1985-59892014ec81eb27e2ab381aff54e186.yaml |  4 +-
 ...1986-da8ac31a9cff4acdc3e67efcf5be4751.yaml |  4 +-
 ...1987-e2f5ffd9a4d18c5b5627131fa4317643.yaml |  4 +-
 ...1989-c564c36d083131df8b70721d4380612a.yaml |  4 +-
 ...1990-03faf5c8e4483bcb72677008477fdf8f.yaml |  4 +-
 ...1991-7db9573a3e8af958ed29c7bf6f04dd8e.yaml |  4 +-
 ...1993-3d89fb86525a43be8c098b0f455b9af2.yaml |  4 +-
 ...1994-cc02f6870e1e296858d0d36136b32112.yaml |  4 +-
 ...1995-0d0a2f550b1652e990ebb3d0da6393ae.yaml |  4 +-
 ...1996-24ae12d6b29ac4b2b659477fd814db52.yaml |  4 +-
 ...1997-a6cbba6a06f8c16a716b48b44610ad62.yaml |  4 +-
 ...1999-7faa2f91e19a5cd476ef97768ff54f4e.yaml |  4 +-
 ...2000-7dae15c1486a66b7dbaca3afb1f366c1.yaml |  4 +-
 ...2006-c9946499e4c79e58a3887d0481784464.yaml |  4 +-
 ...2008-033ec25d9b806257f1f1c6f477525749.yaml |  4 +-
 ...2018-b55e1b34aba62c4a9df9aec2a27f5d8a.yaml |  4 +-
 ...2025-bf0f79649962d2d1514ad595e16e29b6.yaml |  4 +-
 ...2026-0585d1bea582d0ee6fb87cab95609406.yaml |  4 +-
 ...2027-426ec193e6b1f2e068f34932123c6dcd.yaml |  4 +-
 ...2028-03413c94281e9bdcb28cf85f17f56cbd.yaml |  4 +-
 ...2030-a7ecc95184b3ade18a4afbbf2cc86f31.yaml |  4 +-
 ...2031-f10237083d4fb8765ca105c0d369da21.yaml |  4 +-
 ...2039-36fca09be33f968137213dd9d8d406cb.yaml |  4 +-
 ...2042-a391f7553cca71ac204345c2d728e50d.yaml |  4 +-
 ...2043-561149d23bc984dc77ee30065a13dd2f.yaml |  4 +-
 ...2047-7a76232802e20b0ab3fa4ab939317696.yaml |  4 +-
 ...2079-92680d6145a8b866d3fbe1493fdcbbd3.yaml |  4 +-
 ...2081-3ced01544afaf258ab773262adacbb46.yaml |  4 +-
 ...2084-7648aa79e50b7fbff0359c4b0f9eb60d.yaml |  4 +-
 ...2085-d1cffa60eaefa9d562794ce4c0d0f8a6.yaml |  4 +-
 ...2086-d69e956d6cb0947d53013e6316065cae.yaml |  4 +-
 ...2091-214593575ac1d3e95584c0521e8c5928.yaml |  4 +-
 ...2101-f991f9853892bf031ebb72c811af6b0f.yaml |  4 +-
 ...2102-473ae39f2c9b117fd21ddfea3f742daa.yaml |  4 +-
 ...2108-9158a4f23cb6df7f396a1ff79ad04a19.yaml |  4 +-
 ...2111-33af423ffa646dbaa07cc6063b09bc62.yaml |  4 +-
 ...2115-b383deabc0a5d3fd85420cbb993138a3.yaml |  4 +-
 ...2117-97ebb96fdd3db87faf02d7c0a7e706c7.yaml |  4 +-
 ...2118-87dbe2addf6a62fa336594e2b679e9d7.yaml |  4 +-
 ...2120-25aa395084f363ecfd02447bcee9b684.yaml |  4 +-
 ...2121-5ecb61edb8f014ffed25792497a59fa8.yaml |  4 +-
 ...2124-9b9cbf166c5c9952b460a90920fbb492.yaml |  4 +-
 ...2125-6b955e7831b4476315ace7bb8d5f3ecb.yaml |  4 +-
 ...2126-46672cc6093b70f0f99b8c9c1af2d835.yaml |  4 +-
 ...2127-37e749759243317adc52896293ee760e.yaml |  4 +-
 ...2128-880737228fe55f5d920474a43f87af97.yaml |  4 +-
 ...2129-23e0e7010272bc0edbef97452d9c2437.yaml |  4 +-
 ...2130-3712f3d2b17172eb0c737744e9767b9d.yaml |  4 +-
 ...2131-ca90bdb25f0c955406427bf755373f05.yaml |  4 +-
 ...2132-825ff2ff95290127035d7fc582cf6f47.yaml |  4 +-
 ...2136-13b1426aee2c11f321401f7155b3cd3d.yaml |  4 +-
 ...2137-f92fdb8def6ac7c07ce14435754a7ffa.yaml |  4 +-
 ...2138-93b41408a78e1823934fe3d9ee7379d0.yaml |  4 +-
 ...2139-e3418f180f0cc9cfc471a66e2f29ee79.yaml |  4 +-
 ...2140-6a22eab260469991c892609c3554e5c2.yaml |  4 +-
 ...2141-b79883c3437a6dd7938862f157254782.yaml |  4 +-
 ...2142-909eee3c64db045125d6a0e9ea1350a2.yaml |  4 +-
 ...2143-74e928a44773876c1faeda39f648c8c1.yaml |  4 +-
 ...2144-71c8544bfd8e2585abc3fe4c509dc5e8.yaml |  4 +-
 ...2159-4d80f38d93d7f5f929f7caeb5348b571.yaml |  4 +-
 ...2165-e3109d7817fd480896a3a3bc464556af.yaml |  4 +-
 ...2170-12bc74e09861e7d74d799801df685593.yaml |  4 +-
 ...2172-504399029097a5e86b5ba9c9da19637b.yaml | 12 ++--
 ...1743-dd16f95f6d8f39d62500d48f9193456c.yaml |  4 +-
 ...1744-e101fa87e9e9a3f0059378f1f396b6c6.yaml |  4 +-
 ...1745-ae9a6b8dc34a1a7bd8079dc738c03df9.yaml |  4 +-
 ...1747-1ecaadeb4176f89b0523e2b0bb90c06a.yaml |  4 +-
 ...1748-fad6995dafdb43e5ee26d12d1d4dc9b6.yaml |  4 +-
 ...1751-9593057fd73362b3675fc833e6f4bac6.yaml |  4 +-
 ...2181-46443215df27c06259cb9cb549f79f5d.yaml |  4 +-
 ...2183-c8eb6bc5db7f4876cb01e7f978c6ef1d.yaml |  4 +-
 ...2185-1453924550bc29c555e5d4ba1d470f33.yaml |  4 +-
 ...2186-6fe1ccb7efc24357409ad5ff0b713ab1.yaml |  4 +-
 ...2187-435ab56c3c78663cfa598710697f9daf.yaml |  4 +-
 ...2189-88c1256a33fa14ef83ca4797e8fc907d.yaml |  4 +-
 ...2202-7b1460489673c879f7bd7cd256d22891.yaml |  4 +-
 ...2203-6b109b8afc142f70c57afa63265ae2e5.yaml |  4 +-
 ...2210-712959520f4dede71b7a2d9e44002c33.yaml |  4 +-
 ...2134-905c45437d6ba639495cb537666e1306.yaml |  4 +-
 ...2135-bb5370676c8e655ad72a3791cdb04f1e.yaml |  4 +-
 ...2137-437bae7c2a82ed4347741e0e69e1ae61.yaml |  4 +-
 ...2140-b32ca2d76fc3293d68526cfa723e6bfe.yaml |  4 +-
 ...2141-47d88a978c6902943e13680f899b8407.yaml |  4 +-
 ...2146-62957aaeb6104548f77744232edc7490.yaml |  4 +-
 ...2147-20e967f496e19df1e9123f3c23d87252.yaml |  4 +-
 ...2150-20c420e00e7776a25487d5218d4e77bb.yaml |  4 +-
 ...2151-bd9f222927714cfcc0530ce81d7d73ca.yaml |  4 +-
 ...2152-d62fba94114c42d1399d83bf9ba0a989.yaml |  4 +-
 ...2153-56e0af85bfab5155d836999c55aea415.yaml |  4 +-
 ...2156-c34456b0a354174a8b99c79db450a526.yaml |  4 +-
 ...2158-635219c62d7cd225129022aedb4232a9.yaml |  4 +-
 ...2159-c2e59525aa8afa93502c3fb0824f336b.yaml |  4 +-
 ...2161-48f754f17606d4479811452c8745b0f0.yaml |  4 +-
 ...2220-978cbd8cd586092e7c39e28ce0b70684.yaml |  4 +-
 ...2222-7909b368603f8e81e96e69064ab1be28.yaml |  4 +-
 ...2226-eb48e0d7cc280c7a495d24563f61a7d5.yaml |  4 +-
 ...2283-c21b3a23e799a524e3a35bb5025290a6.yaml |  4 +-
 ...2290-521091f698c90705cd994fe26c1eef68.yaml |  4 +-
 ...2292-0c05bed3e63ebe0076e41774e5d167dd.yaml |  4 +-
 ...2295-21d5c5e61124efe0fdb8d063c0f79f9f.yaml |  4 +-
 ...2296-63b258c691616cbc41ef567bfa0329d4.yaml |  4 +-
 ...2297-3af00e1da087fccdad50b389a0a1a76d.yaml |  4 +-
 ...2298-7aade2b2966b32522e64422bd2ebd245.yaml |  4 +-
 ...2302-79d3f2b9565b075a8be7591881880990.yaml |  4 +-
 ...2303-8e2647d10010d639fca262268ba703d9.yaml |  4 +-
 ...2306-b9040953fd9d7380144b780f2d4080d6.yaml |  4 +-
 ...2310-f48987de7fcf2018d5328a03cdd21065.yaml |  4 +-
 ...2237-fe65855ff8de2259da21136e19e15ee9.yaml |  4 +-
 ...2238-3bfe779738faac39c2783a057e7fba45.yaml |  4 +-
 ...2239-b898553c18a3c26f0a1b011522df0006.yaml |  4 +-
 ...2249-dd731c24df053ea79b95f5153fe19979.yaml |  4 +-
 ...2250-85070818b2a0ed18993539089f99013d.yaml |  4 +-
 ...2252-e42d0569342324174ad2b7b5b34acfd1.yaml |  4 +-
 ...2255-65769acec1aefbf22b461433a4ab976c.yaml |  4 +-
 ...2256-31709e141c457255c2ab0ae7529088be.yaml |  4 +-
 ...2258-5ab78d017180c321a2a306a692c78211.yaml |  4 +-
 ...2273-f0d72e9f2bbc50f42260a8f158b94cfc.yaml |  4 +-
 ...2278-d0c7733d559f41b4b35373b971b25453.yaml |  4 +-
 ...2280-b4d70a86acec874506b4ab2dcb06e399.yaml |  4 +-
 ...2286-f0d3919ed390e73df44ed1542e1a826f.yaml |  4 +-
 ...2287-f1c3c3df1834bde215592ceeafa99ec0.yaml |  4 +-
 ...2289-97dd2eef8600f91fddf3cdf090566811.yaml |  4 +-
 ...2290-83e91dab60d5a445ab0bd5d25903d462.yaml |  4 +-
 ...2293-5d6957b18909422bd5f841b070340ee6.yaml |  4 +-
 ...2294-471be969472b8d0ef26e1ed1be3ca7b8.yaml |  4 +-
 ...2296-730408927df5a002660d3bc7f56fa1f5.yaml |  4 +-
 ...2298-6af7c3d9958b5f30ac2537a2fdf59735.yaml |  4 +-
 ...2303-2411b4426d78f7ca35565f6c5d4b0e5b.yaml |  4 +-
 ...2304-b8a793584d2186fb4e0aa8046771e551.yaml |  4 +-
 ...2305-42392b45ae66f65286752e395147b8a3.yaml |  4 +-
 ...2306-ea2d65615410e5461dba977dc309841e.yaml |  4 +-
 ...2308-1b9ddc8767486e6841efc7560084f93c.yaml |  4 +-
 ...2309-f1e3da63f99b2cc6fa2a68c3535839bf.yaml | 14 ++---
 ...2310-12c0516e02b16dc0e022502178a348b1.yaml |  4 +-
 ...2311-c75774e4c2c9b9851693b07aeb2b25ad.yaml |  4 +-
 ...2324-fe85729fdce83d2abcd870326a089bf5.yaml |  4 +-
 ...2327-13ea368d9bd0647c7fbc9fa83359351c.yaml |  4 +-
 ...2328-458c0d6ab63df27e3e21cbe7fc77cfd2.yaml |  4 +-
 ...2334-1024fb2bb768926b2f10b7f06d6c4de1.yaml |  4 +-
 ...2335-3da99f6ccd8b569aa4895183dacec31a.yaml |  4 +-
 ...2336-c446e0b00a3a4561bee5779481d638d6.yaml |  4 +-
 ...2341-8913b61e532a835b143f97f633aefd8d.yaml |  4 +-
 ...2342-4875a2fe8d20d1fa49a472eba79255a0.yaml |  4 +-
 ...2343-003889b218e2b00be9012c017586c0d2.yaml |  4 +-
 ...2344-907496c3b43ef59b87d499ec04fd4467.yaml |  4 +-
 ...2345-16b2d22f9ed4777d1430ed12968eaafe.yaml |  4 +-
 ...2346-61cc715601cb540fc69b978e74da1091.yaml |  4 +-
 ...2347-4d6ff8c8afd1310bcbc6da555c1c2ca4.yaml |  4 +-
 ...2348-dd93174b0504049ccc03e08eec846159.yaml |  4 +-
 ...2349-4eb5559b22a18e9337a5880d5e2f32aa.yaml |  4 +-
 ...3500-73e0ed91223d9a0bf611aaf9c6ef87bb.yaml |  4 +-
 ...3501-b6e604dc0c4bb898e75726aff1be1de2.yaml |  4 +-
 ...3502-dd54abc9fa7f2f5d5c6010fa1c8c3d7f.yaml |  4 +-
 ...3504-208c19b89658d8f67c58a70365a86a8d.yaml |  4 +-
 ...3505-68faa1f3e16f9348cbcda9eee2cb1dfc.yaml |  4 +-
 ...3505-6fd235aefa59090c5fd7d5db3ca17c7f.yaml |  4 +-
 ...3506-6e954d80cfdd10ddfc11dcc5cbf99755.yaml |  4 +-
 ...3507-124137503555ee97714094a30a8333d0.yaml |  4 +-
 ...3511-53696e5218de6a7c32a3a9109583afd7.yaml |  4 +-
 ...3513-f53efc19e67fc15708f7aff7dc031f4c.yaml |  4 +-
 ...3514-935ebeacc0c73d89223e844fd2aaeaeb.yaml |  4 +-
 ...3516-3049339e7a57ef7848a40fe1f1e47b95.yaml |  4 +-
 ...3517-b0ee79ee6bfacccc5c859ba67a33f0de.yaml |  4 +-
 ...3518-ac40665ad4ef3b69656a095a1b2358ab.yaml |  4 +-
 ...3521-7145c40ff1e0db4687c083ce378fc607.yaml |  4 +-
 ...3523-0f93fc1c537d4354bd5e942ea05347cf.yaml |  4 +-
 ...3524-2498bc224a94ac1ba539a681f69b7ef6.yaml |  4 +-
 ...2369-fdd365ece4b9b292b937aee693d1c5a6.yaml |  4 +-
 ...3825-5d739fff0b557fdd4318a7044651d1e4.yaml |  4 +-
 ...2384-c5f695dbb7b3e9a0ae3b6a589e6824c0.yaml |  4 +-
 ...2392-10dffc5e6c324ec1dc8ebf67decddde7.yaml |  4 +-
 ...2395-b71f43cf539320adcdf753a5632e031f.yaml |  4 +-
 ...2399-ee8591e5f3f55c96d9835c88a6740c39.yaml |  4 +-
 ...2401-a7d2f24ba1d738c469db3701e7d249a6.yaml |  4 +-
 ...2402-7585bdd855a3ce213df577df1a0cf7c5.yaml |  4 +-
 ...2404-cca7855a039dbac1182b0b2fae34c3b0.yaml |  4 +-
 ...2417-a3ab87ca43ceb26b3f09e3ed0047a2de.yaml |  4 +-
 ...2423-467ae4d6a0b8db0e5b6c781618b2d3ee.yaml |  4 +-
 ...2428-ffd9211fd118d563cf07134a00f95502.yaml |  4 +-
 ...2436-85706ca0d20495fdfed005cc638cab53.yaml |  4 +-
 ...2439-c957720e1b76962412e197bc09cb35e8.yaml |  4 +-
 ...2444-b76f091c58ac292a18fb46e2a8af44ec.yaml |  4 +-
 ...2456-e96409adbbb169ea331189d4d409f4de.yaml |  4 +-
 ...2457-b0b1da93e1bc1134b2188925015af3dc.yaml |  4 +-
 ...2458-54dc33c4a20161d9ec4e865b2de44997.yaml |  4 +-
 ...2459-58b2abf7cb460597ca6a6d20fc9fbdcc.yaml |  4 +-
 ...2460-778205eb09884149dafbca785f8423fc.yaml |  4 +-
 ...2468-f70dc70f946daa66696d6fbc7263d880.yaml |  4 +-
 ...4704-d42480a2d6aa4bbbab085fa708ce9549.yaml |  4 +-
 ...4707-62e4a961ffac0b881f8af1cc15505b69.yaml |  4 +-
 ...4709-71a9b86af5e18a20f6a7538c29ad1df9.yaml |  4 +-
 ...2471-c4af1e64fbcb95f3b91e16ac0f449bf5.yaml |  4 +-
 ...4710-59dd174ba212cc11295537a27e4487d1.yaml |  4 +-
 ...4711-f4f0c2c884affbdbf175616a0bb1ff76.yaml |  4 +-
 ...4712-132f29f7cba1678c467fb85b9d9b820e.yaml |  4 +-
 ...4713-8b6ee3af1a9508cfbedefd1fe07951b6.yaml |  4 +-
 ...4714-8140a3945a877628cd9d34a767c59437.yaml |  4 +-
 ...4717-362ca4d6e33d614fc53fac12799f63e4.yaml |  4 +-
 ...4718-453cdccb9ec27998718a08f552017bc2.yaml |  4 +-
 ...4719-33149871db85e014a52f28e4a7d38f17.yaml |  4 +-
 ...2474-b00282494ef0f9932dc7277c14e145b9.yaml |  4 +-
 ...2475-1071684e8b4fbe11ac61e0256dfaba92.yaml |  4 +-
 ...2476-e5433fd914f5f7bdfa5093c95eaa7f18.yaml |  4 +-
 ...2477-16a0db053a94923b7846b57810e1f6c8.yaml |  4 +-
 ...4796-2b95a61584d1fb1af349c6d1aaeab17d.yaml |  4 +-
 ...4799-26df4386152f6b2123dc8be12dc2c025.yaml |  4 +-
 ...4801-881bf0ba98d7fd08888e0831b881248d.yaml |  4 +-
 ...4803-c2d16b936c79c5f7cc118ed34032bc44.yaml |  4 +-
 ...4804-d1c63a8bf0beafb1c82149091059ec86.yaml |  4 +-
 ...4805-65d839a96475e08e7231c85cc5b59ef7.yaml |  4 +-
 ...4831-7346b5c5cde69749b42ec0dfced7a750.yaml |  4 +-
 ...4833-857593f7e35e0afc65d726bb57f2b738.yaml |  4 +-
 ...4834-a16906c099275dafdc8327b1b913b90b.yaml |  4 +-
 ...4835-b9712f471d4d13ca925287df646b0e0b.yaml |  4 +-
 ...4836-aafc1366408bf54fb9b81d829a07db37.yaml |  4 +-
 ...4837-bb1647b449a57413306bcf1ebbfb2090.yaml | 12 ++--
 ...4838-600afe426493b29bf5509da4cbb82add.yaml |  4 +-
 ...4839-b00e5b46c74081e9862bff90f3aaef92.yaml |  4 +-
 ...4840-a5718896caa8539c5806c104b13a2ecf.yaml |  4 +-
 ...4841-073e94466d93432fc20ff7757afbfb89.yaml |  4 +-
 ...4848-061a0160582ddd92c54f532180e67c97.yaml |  4 +-
 ...4850-bf3863997447d609f7f8dc8d30e7d4d2.yaml |  4 +-
 ...4865-b33caca512f21869a1112d26d070a67d.yaml |  4 +-
 ...4868-2d5254568244460078b2f5ebf11d2614.yaml |  4 +-
 ...4871-9f5f23c716774bbd462d447842ecf871.yaml |  4 +-
 ...4880-783d77b98a5b328f4a28ee2d5345a1f8.yaml |  4 +-
 ...4885-b2ee5069c05c98988181a6b0620a514c.yaml |  4 +-
 ...4886-3ec6520097de3a68210e828e99c83fad.yaml |  4 +-
 ...4888-1ed8420474aea4653c484035b79e8e05.yaml |  4 +-
 ...4889-bef2b57812116d5514b05222293f3067.yaml |  4 +-
 ...2491-b041552e80a8d76e86ae11341bcea94f.yaml |  4 +-
 ...2492-1e3008e9a413fca6d1323b62a2743a7d.yaml |  4 +-
 ...4928-c0ae11bcf65a3a05752255a9835cc822.yaml |  4 +-
 ...4930-b4d222d7f6fbba49026992c33a4f820f.yaml |  4 +-
 ...4931-c52273b2cf56d5474ff79f10bc5133f6.yaml |  4 +-
 ...4934-fa47ef3a071af26f7cb8467307b46f4c.yaml |  4 +-
 ...2499-a40320a58f3885e7d8eeeafc625b97f0.yaml |  4 +-
 ...2500-be833eb15318e91b50173179ef1ced63.yaml |  4 +-
 ...2503-f6158c89533171b67393d05399849800.yaml |  4 +-
 ...2504-a19b0ea5f3c4659620b13f7e795adf29.yaml |  4 +-
 ...2507-600dd698b59252da2334c219e30a3a4b.yaml |  4 +-
 ...2509-e67596c37a8f5cfdbaa53a0b072da6d5.yaml |  4 +-
 ...5092-87df5cc36f24c1b7dd693537f9d2db36.yaml |  4 +-
 ...5093-96454af8a6ce5f0b120ae58c0cde8af3.yaml |  4 +-
 ...5094-14d59d1dd0d6c11dea03161b864cfb49.yaml |  4 +-
 ...5097-a904a832d065a78b4632aa6c156ad613.yaml |  4 +-
 ...5098-d431a2f9901a2f7f0f42332dd7577612.yaml |  4 +-
 ...5099-9b90abd6d830325819c48ecc09f52c5d.yaml |  4 +-
 ...5101-87058e9c1b26afbdd8a6e1c7e1f576f5.yaml |  4 +-
 ...2513-15be6de4677a81d9742115b7d4dbf93c.yaml |  4 +-
 ...2536-0412effdb25dc1c079b5ac901ba8eb41.yaml |  4 +-
 ...2538-48da01905911b9839c3e0f5a4a5539b0.yaml |  4 +-
 ...2539-0a02674a461ee92c9bdab38333dc64d2.yaml |  4 +-
 ...2542-22880b987be0b07f46689049fd2458ff.yaml |  4 +-
 ...2543-954c99838450703e2f9d2a807b32e669.yaml |  4 +-
 ...5592-2c732f7d3e8ac28c93dbfa9cd10c3d81.yaml |  4 +-
 ...5593-320cc739be80667a41b7c33bc9c3ac5f.yaml |  4 +-
 ...5594-94a42c523ccdb6324d7b897f6e9c739d.yaml |  4 +-
 ...5596-ccf7ae7c58d11c91be50450cab57d66e.yaml |  4 +-
 ...5597-c2f057b1286b0479a330a6cf26c60c67.yaml |  4 +-
 ...5598-c2bef3c139a7a3ae094de8e562cf6429.yaml |  4 +-
 ...2578-245098f6b0653f99e8181fe1d0b4d9ec.yaml |  4 +-
 ...2579-421ea02f0f2faaa78ee159ebbd1f2ea2.yaml |  4 +-
 ...2580-d18e40088a787bdccb931530c8848277.yaml |  4 +-
 ...2583-40c38cbf6914f34e30e735daee9d90f9.yaml |  4 +-
 ...5902-65d716f9ae4f07532a2c4f0b876ee91a.yaml |  4 +-
 ...5907-2da7a3f2515edfb050506d62d2d86fdd.yaml |  4 +-
 ...5908-a0b0c399b7514c70fcf0e05e68ca4408.yaml |  4 +-
 ...5909-1196705650803cf1c8c204bb4b542a25.yaml |  4 +-
 ...5912-aa8a8d1534c979b4a72d9c8bec09fbff.yaml |  4 +-
 ...5915-f9cd598e625ead7b114953b55ded2f31.yaml |  4 +-
 ...5916-0fa49314c689285a17b374209d3a5887.yaml |  4 +-
 ...5917-c10fda9bfdd3663d875e2a0fc2207f2e.yaml |  4 +-
 ...5918-bb8913e248b8c353b00d004e9ca5f930.yaml |  4 +-
 ...5919-d21e7c2b8075bc32648e9e728716b83f.yaml |  4 +-
 ...5920-84f2aef7f11acfd2b73b896d3ef7cd04.yaml |  4 +-
 ...5922-bf0e4365c0a80682381fd05937032a09.yaml |  4 +-
 ...5924-0a08727c9a8cc242989bfe2a49030a2a.yaml |  4 +-
 ...5926-bcfdb3c82ae0485dc6fcdad4aba69c36.yaml |  4 +-
 ...5932-ca722f2c2467f4f9c95321209d16faa6.yaml |  4 +-
 ...5934-240756f87690e8bd859858034bc8c975.yaml |  4 +-
 ...5936-dc226a4fd8674625d0b38158fd388bcd.yaml |  4 +-
 ...6019-57cd30237a115f155e6a16a851952284.yaml |  4 +-
 ...2603-0bea880f7043c5054d61f7e9d6ba4d2f.yaml |  4 +-
 ...2623-b4aa2ee32c8d094c0d7d3b9c1a221104.yaml |  4 +-
 ...2650-d621d242ab564fd8e6e924445af60a72.yaml |  4 +-
 ...2654-f02efca96aea9cf0bcb75d72789d8419.yaml |  4 +-
 ...2655-a2edba0b6f9194a358b22756bbd79a75.yaml |  4 +-
 ...2656-9fe142798845207512b358a2cd4c8c4d.yaml |  4 +-
 ...2661-3fe433fa04cbd74a4139a79417d6ceaa.yaml |  4 +-
 ...2662-a4e1a6eed6af75293ee8acc33aa5bb7f.yaml |  4 +-
 ...2664-5f4d629f81f40ae82d44c4c8c94e12ba.yaml |  4 +-
 ...2665-07fd6d4168c19a2706208ce105fc7279.yaml |  4 +-
 ...2666-9196735e9e9fe6dd44235b7e0a53bb60.yaml |  4 +-
 ...2688-1fc5887f904fbbe1b31241f4769801b5.yaml |  4 +-
 ...2693-c53a6d31c98dcde7fc34b4079f07942b.yaml |  4 +-
 ...2702-5d017f957b0d5736d3f04d80942cf97a.yaml |  4 +-
 ...7188-59a7cb3ce7ab42429819a5af71285080.yaml |  4 +-
 ...7189-877e1c3b42118075385c29c980e6d4e6.yaml |  4 +-
 ...7190-43eedc047028750edf0998930243bbd6.yaml |  4 +-
 ...7191-5621a7def81227d66a22e352451dbd2f.yaml |  4 +-
 ...7194-7524f5b14f92599cfeabd0dc20123b14.yaml |  4 +-
 ...7195-b5016fe0cbf526aff24bd66f2a8d0464.yaml |  4 +-
 ...2729-e70c973ee52c3a8cad3d00694281c5e4.yaml |  4 +-
 ...2732-6d39c5dd9e079ccbe9ac0c1a99d74a94.yaml |  4 +-
 ...2733-8e1e2ed917edbc0807da4afd84ddc7ed.yaml |  4 +-
 ...2734-1c83761e8850a90348fc378dc1547a09.yaml |  4 +-
 ...2735-7f9f186670238d7e784b2f81e1301181.yaml |  4 +-
 ...2736-dd7568e4d3ea5ea32920ba4a6563336b.yaml |  4 +-
 ...2738-8536531e312b5b608fd436fcd26ad3ab.yaml | 10 ++--
 ...2744-13599838064c197e9952281d09390ec7.yaml |  4 +-
 ...2750-dc46778586f851feacb609ba4df93bd9.yaml |  4 +-
 ...2751-b68fc6d974fd5ff5ec00e24e4a23388f.yaml |  4 +-
 ...2752-324d03958cfaceefa9e17d53cf4690e2.yaml |  4 +-
 ...2761-cc71ce3f07c7a7f6d2e0e309f25463b5.yaml |  4 +-
 ...2765-7f5926ab268dbc1681fd3a5de983583a.yaml |  4 +-
 ...2781-4227a0d8303b8be51d7b7784befed50f.yaml |  4 +-
 ...2783-b5027c0ff3d1a1043ee2d2b4a208d677.yaml |  4 +-
 ...2785-cd4c918fd5ff72f1664fbf0ef99c4299.yaml |  4 +-
 ...2786-e18fa2425147eac664779a4e7540108b.yaml |  4 +-
 ...2787-40e8b36488a6eac28e891fecfb75c2fd.yaml |  4 +-
 ...2788-3ed56e73a3a43b54020334fdf48e4e7f.yaml |  4 +-
 ...2789-47a1a7c3503abffa7dc09bb7e0a3a05e.yaml |  4 +-
 ...2790-8dd7019aa8a80d139d621978f8455f94.yaml |  4 +-
 ...2791-4069751e80b8d8e6ebfbb3d8b76ab1b9.yaml |  4 +-
 ...2792-ea8fafa1914b33a7541d6d71c9272dbd.yaml |  4 +-
 ...2794-b24d1d3e12abe16b131b78c39c76f1e6.yaml |  4 +-
 ...7949-56de812058629ef41442e0db5d74e172.yaml |  4 +-
 ...7950-20f2364245cca99badf62beb26ca57f1.yaml |  4 +-
 ...7951-410043251186f9da5efcd4c944487f1e.yaml |  4 +-
 ...7953-d5383d4e717242611eb588cd04425c5a.yaml |  4 +-
 ...7955-90f8c1652860b9223ed16176900d2afd.yaml |  4 +-
 ...7960-61d643ab5e58be99a89f898a95037035.yaml |  4 +-
 ...7963-2b1c5b57df30a34984198b5c1016c519.yaml |  4 +-
 ...7964-79737b0e5975df19862e5152b14611f3.yaml |  4 +-
 ...7965-6ab516426049dc622ee1b94cc628b61c.yaml |  4 +-
 ...7966-63d1e14f304a4cf01bbcbf655abc19a8.yaml |  4 +-
 ...7969-d82977967e8370fff3f7aa446912e4fd.yaml |  4 +-
 ...2797-72b3ee0aa0ee9a6370b95e5e332c6b93.yaml |  4 +-
 ...7970-492dc981351dd6fd004e149962bdd870.yaml |  4 +-
 ...7972-815613664281ce9641a420b93ff49909.yaml |  4 +-
 ...2798-af78f3c1214fac33b65ff5feb5cc1cdc.yaml |  4 +-
 ...7985-0e504336a10f995a3d5ffd0688becb4a.yaml |  4 +-
 ...7988-c849c5ba3c9b4616d8436c9196e9a011.yaml |  4 +-
 ...7989-950a4b8c92825a575ac3cedca47edcba.yaml |  4 +-
 ...2799-234019268f52489cd57bd03c8706abb6.yaml |  4 +-
 ...7990-fb202acb909978e8641eabe44749f8ea.yaml |  4 +-
 ...7991-1e4fd26a738e660824e15332d3d7697a.yaml |  4 +-
 ...7993-be21de51738bde44b4ff85eb79707aec.yaml |  4 +-
 ...7994-27280f97d7c2f094c66e491abb0e38cf.yaml |  4 +-
 ...7995-77d3a7baf2067b9573aef8e72c5d2033.yaml |  4 +-
 ...7996-643403eb7ff5706c9caf1f0a5a756401.yaml |  4 +-
 ...7997-f7c4402196deebd8e7afa93ed50fb9fe.yaml |  4 +-
 ...8003-fc3a86631dfc485c0a87a802663d412e.yaml |  4 +-
 ...8004-21f9461e5270818af4357d314ab90f57.yaml |  4 +-
 ...2801-248ab13a1cecf5e500d9ad5e3403c1b5.yaml |  4 +-
 ...2803-8951eb99c398a311cfe985bad4ff4e0c.yaml |  4 +-
 ...2830-f897c75665f54f7b712469c3a1014b0b.yaml |  4 +-
 ...2831-2ac1b11dfdd4d8aec9aef19739eee675.yaml |  4 +-
 ...2836-46d7cdc90f6e4788d19f634ed2b57174.yaml |  4 +-
 ...2837-45fa634ab986eb98d5523af1f02322fd.yaml |  4 +-
 ...2838-7d701d3a30fca3143559ca73fdb370ec.yaml |  4 +-
 ...2839-3bb3b1b877c8539475d5edd92db3636e.yaml |  4 +-
 ...2840-6039d2569df090d7d3093a78e0441287.yaml |  4 +-
 ...2841-46f9477f32da89d305905e8493b5f75e.yaml |  4 +-
 ...2842-b4ee9cff24049609b5e28a42cf47dee5.yaml |  4 +-
 ...2845-757fc98134d873ee7c2bce4cfa1cf695.yaml |  4 +-
 ...2846-364c4ddc9c54073c09edf9a8678d0eaa.yaml |  4 +-
 ...2847-8e67911649c9d62ea26bf9814db29d96.yaml |  4 +-
 ...2864-deb298ce4863a239756c2bf229347f46.yaml |  4 +-
 ...2867-77904fe78351f83bbdf488cb644ca3d1.yaml |  4 +-
 ...2868-00621ef6c76184f88ccca1414d74fac7.yaml |  4 +-
 ...2871-eb721251db16f750bb7b6d9b4bcc4dbd.yaml |  4 +-
 ...8850-ab25c765042411f076e2c34c06b3fa2a.yaml |  4 +-
 ...2888-55e2a4b9a97cda212301452238552f00.yaml |  4 +-
 ...2889-fbce84a8ee57be3789217c9b7a75a712.yaml |  4 +-
 ...2890-6b17719b7745b3293d6a68a531034051.yaml |  4 +-
 ...2906-74ed56a742e6bfe4ae7f688057f0e58c.yaml |  4 +-
 ...2907-0fe1889336697580123eb1971e124832.yaml |  4 +-
 ...2908-62601b5430c03a6d792da3905efea1b8.yaml |  4 +-
 ...9089-414dd30601a3a8e396da28322c360c9c.yaml |  4 +-
 ...9090-f6ef0668f114bdc3d35c493842c984d6.yaml |  4 +-
 ...9095-c2ad47353175f44f004de63cfd387b37.yaml |  4 +-
 ...9096-df39b25c059b85a56edd3d99d606296d.yaml |  4 +-
 ...9097-103b877d6c6654d012dcfb8c68378ae3.yaml |  4 +-
 ...9098-d827c61ecd6e1b49bd9f088b6451ceb2.yaml |  4 +-
 ...9103-406a8beae5e2073e89eddace606a906a.yaml |  4 +-
 ...9104-64923c9a5ffa9c7e5e2ff84955e346c3.yaml |  4 +-
 ...9105-2aa273895136d445a6cf0ea6a1d06c8e.yaml |  4 +-
 ...9107-19c52dd7e875a0e50693de27a767788f.yaml |  4 +-
 ...9111-d10ca8810c9a238a95e8c428f2cea03d.yaml |  4 +-
 ...9112-ac3cdb02dfa19f5b0080855ac08f88be.yaml |  4 +-
 ...9114-c1281bc3be6489439619d6a7c7e1abac.yaml |  4 +-
 ...9115-0f96dcc46121deff356e0d1a5d840b39.yaml |  4 +-
 ...9118-d8b5bd57572fb9305d66b7bd52b02101.yaml |  4 +-
 ...9122-768117af17895fd2573e769996b5a89f.yaml |  4 +-
 ...9124-1c25b9d9b10bd77a049e735bb0a8965a.yaml |  4 +-
 ...9129-453edd08020fcb6cf7997bc23916e6f1.yaml |  4 +-
 ...9134-f0ebaf7908d2916224db8f5d1ff59d88.yaml |  4 +-
 ...9135-98b35360d65753a713db3a25c694f42c.yaml |  4 +-
 ...9136-edd8e3c62f3b71f626ad36553a59802b.yaml |  4 +-
 ...9140-9d05bf270be054dfc1695e62a3911511.yaml |  4 +-
 ...9141-6736ec787d23e7bd8e0a13fc8e0e88d8.yaml |  4 +-
 ...9143-8f38e1cb39832821632517021044a8d0.yaml |  4 +-
 ...2919-ae54bb23e01b89e4ec06d2fb932844c4.yaml |  4 +-
 ...9220-ba28eba12a04215286d701e542084879.yaml |  4 +-
 ...2923-ff7e8af2c4256f9a091a352140252d3e.yaml |  4 +-
 ...2924-20f6bee077964f1739b79a57d0927952.yaml |  4 +-
 ...2925-49f8c3ec41639ad41107106a61b3b652.yaml |  4 +-
 ...2936-49b75b404a9ba001add19a1df795abd7.yaml |  4 +-
 ...2946-925ecf8dc9bb2b2baefb9be7dfe4e0e0.yaml |  4 +-
 ...2948-46a2cdc68c7e07f12ed856fe3a47afc0.yaml |  4 +-
 ...2949-6ae6ba71c1c511094e234e44db33e39b.yaml |  4 +-
 ...2954-8fe65facf4fd0cb40e8b7fae00de182d.yaml |  4 +-
 ...2956-6d7a079131a28ced1afc399eed5de96c.yaml |  4 +-
 ...2958-59d35e08e05da774933855f91366b645.yaml |  4 +-
 ...2962-68d0e40bde0f989b020b573553c376d1.yaml |  4 +-
 ...2963-e23aa6f9657419fe19f8c4bed7c9e59d.yaml |  4 +-
 ...2967-6d00e8bb2297cf89cd61e97ee33f9584.yaml |  4 +-
 ...2968-f0134606fede470163532ed054b5ffbb.yaml |  4 +-
 ...2972-1afdb113a8eb638275401757c0567e46.yaml |  4 +-
 ...9761-1387aa003d8d347fdc448b66fea447f4.yaml |  4 +-
 ...9762-aedb89e2581210acfc64d10b1fcd7670.yaml |  4 +-
 ...9763-a210c90325ac6434534abb97976ad7c8.yaml |  4 +-
 ...9764-49b132283a9d5d5c8363ef530fb522a7.yaml |  4 +-
 ...9765-098bdb5ff12e782e87bacda8082a6346.yaml |  4 +-
 ...9766-2d2a726dfea1c83cf2d93df104a8c8d5.yaml |  4 +-
 ...9768-069688784bb13290b6aea0da4a233825.yaml |  4 +-
 ...9769-6a48e7c9d0ebe158b3f7430c9e7962df.yaml |  4 +-
 ...9771-e474bd135ff4b7c6170c11705966b7d8.yaml |  4 +-
 ...9772-c4c3dacc97e2d49842f4e491e4abe511.yaml |  4 +-
 ...9775-d5fd81597164f2848144dc46b48d8bc3.yaml |  4 +-
 ...9776-3bc30bc01f7305f10a41312e9c39291f.yaml |  4 +-
 ...9788-5b013c9961d2008bd8c1b51839f147f0.yaml |  4 +-
 ...9789-5fad00879c22741100673bb27b7a3e06.yaml |  4 +-
 ...9793-ef3aa6c6954785fff0d13c0cd6f5cb85.yaml |  4 +-
 ...9795-babf60986b5038101853937d0a274e12.yaml |  4 +-
 ...9796-ac9cb365e503376aa31ed761706bf88b.yaml |  4 +-
 ...9797-0ddb5ade9834993cf7b74808814bcc80.yaml |  4 +-
 ...9798-b4bd8b09c6fbcb29788bc8bbefcbcdc0.yaml |  4 +-
 ...9799-b0298fb4feee8bd9ed9da9efccd4ef90.yaml |  4 +-
 ...9801-5800bdb88427729dfe9beda3923c95e4.yaml |  4 +-
 ...9802-749aff0fcc167e558bca750035ba1596.yaml |  4 +-
 ...9803-783b91bae7d265f558a1870f59bc1ef0.yaml |  4 +-
 ...9804-0cc8ff0d29654f0f83c0bf1830dddb43.yaml |  4 +-
 ...9807-6970693f733e5a846cb7f76630b73d22.yaml |  4 +-
 ...9811-ced2048e66568ff23a7c9306db5ed20b.yaml |  4 +-
 ...9812-ada9bfaee2bdcdae8c612fda04e8585f.yaml |  4 +-
 ...9813-ef918f495b11d984490181ededbf81f0.yaml |  4 +-
 ...9814-776b8b2ca961da26b6b406dc75d9298e.yaml |  4 +-
 ...9815-f5fc5ba02aa4560ef332189f36172c97.yaml |  4 +-
 ...9816-4246ff71c6ef488c4b4e4889ffbb362f.yaml |  4 +-
 ...9817-c364b3be5ae879c7f6b82ff2d4ab8d09.yaml |  4 +-
 ...9818-e39a71ad2e4c4fe07f9341861c3e2c8f.yaml |  4 +-
 ...9819-450b5eb205eb4e03e4e00eea052c76d9.yaml |  4 +-
 ...9820-439e5eee55387eb3328692c215048cd9.yaml |  4 +-
 ...9906-cd3ec729b30fa6c24f2c8dc5202be75f.yaml |  4 +-
 ...9908-baef1d0e01440a39ac30bd5826a2469a.yaml |  4 +-
 ...9909-d60ef1067dd86b18895f878c5b5156fd.yaml |  4 +-
 ...9910-7156ef80890822c55e70bd957b9a6411.yaml |  4 +-
 ...9911-e068f616c0efa424554358743fa4c2b1.yaml |  4 +-
 ...9912-9fca0dd0c7f34e6a746c8a219eb28b95.yaml |  4 +-
 ...9913-57be4142bba97742b3c54d88f289eda5.yaml |  4 +-
 ...9914-b90da7474429ff0560b494c992f7386d.yaml |  4 +-
 ...9917-313b605e10bb673c24b20248a65978eb.yaml |  4 +-
 ...9921-a442b3cb4140cc0565b34b0085780b5e.yaml |  4 +-
 ...9922-3adbda03e672466ae4cf2477d48f1715.yaml |  4 +-
 ...9925-2f1e25e867c081cf048f4dbc7240dbff.yaml |  4 +-
 ...9926-898754090db0c7c53df1a53b0a6b37dc.yaml |  4 +-
 ...9927-b1e2122cdc23a9d17ef80227bd4601b9.yaml |  4 +-
 ...9929-678114ef3e2b187e51ff0be3e7f2cb83.yaml |  4 +-
 ...9930-306b847d2e6035c47912eb7c67152660.yaml |  4 +-
 ...9932-407035e57e51b9b24244b7b6677f36c6.yaml |  4 +-
 ...9933-1b71c9c29fdfc5dbc008529fa648dbe1.yaml |  4 +-
 ...9934-b5ac41047b1437d9d41eb11c7b522d30.yaml |  4 +-
 ...9935-e224a4cb8b7e311ea14d699136e59c51.yaml |  4 +-
 ...9936-026772a7c84514935eb2f122e1212bd7.yaml |  4 +-
 ...3005-c82aa7ec69ca20e438896d99f7ba7b77.yaml |  4 +-
 ...0177-34bbbe6df5443652a8ecc2885cf36469.yaml |  4 +-
 ...0178-7a5d96cd355dcc2c5701c024f2ba7043.yaml |  4 +-
 ...0179-8b94055b335b8fd181b35e0e5b73b692.yaml |  4 +-
 ...3018-b90105c25730b4d746a6acc92069913e.yaml |  4 +-
 ...0180-5e1243e1e25d813c82b94fbe494798e2.yaml |  4 +-
 ...0181-95d961d91144502a2fa4a99f5da6e669.yaml |  4 +-
 ...0182-54345d40684c0a52baa3c3ff4f72b60d.yaml |  4 +-
 ...0183-eb66f71390c85b359c35c7747a93043f.yaml |  4 +-
 ...0184-a665c3284fcafde64dfe52ce15a964ef.yaml |  4 +-
 ...0185-e0e7d7ae87e3b7c89bbdeabc1a752e7d.yaml |  4 +-
 ...0186-58cf3685b6d061649f14b9a15a1de69b.yaml |  4 +-
 ...0192-565c3a27c2a7060808c53a2711e80a32.yaml |  4 +-
 ...0193-dada2db55c799a5508c295a160b1fcaf.yaml |  4 +-
 ...0197-5b5631c6755ba3e58cfcfbe9ec90f71c.yaml |  4 +-
 ...3020-91917d1d663ea184f4f2f69e04c99474.yaml |  4 +-
 ...3021-ff23d770fb11fdc3c77523a1486cf3a6.yaml |  4 +-
 ...3022-65f544c282d9d1cc0fbf1f6438a4d682.yaml |  4 +-
 ...0222-fe13beada39d84f2847878b7d4da45e8.yaml |  4 +-
 ...0228-59d8f9139af0fff2996b4a871907966d.yaml |  4 +-
 ...0229-87bce74e2816b9152b22f0db777f7371.yaml |  4 +-
 ...3023-59df5359f3dd97e1bd86b18fcb289b4e.yaml |  4 +-
 ...0231-ab754796885789e2785d22756395f374.yaml |  4 +-
 ...0232-007d55abdcc3037b38fa1f4866ebcef6.yaml |  4 +-
 ...0234-dee36755177c71d5de078f0f334f5c8c.yaml |  4 +-
 ...0235-2428c4eb87b4651b0b610c5b37e29f17.yaml |  4 +-
 ...0236-1fcba72eb855bf7a2b762f45f8e9327d.yaml |  4 +-
 ...0237-63a1aadd7fd62f660af4d37169d1f541.yaml |  4 +-
 ...0238-534d85fc0380423c37750b4f71b369b0.yaml |  4 +-
 ...0239-51be17f4121e81eef8733d9b91f0a025.yaml |  4 +-
 ...0240-dc0d3deddd939ceb7da2b7a2e45dc103.yaml |  4 +-
 ...0241-4ca548e170bb0185c3dab51f55775413.yaml |  4 +-
 ...0242-23ce5fe03a72b8b92f4c0373c289ac85.yaml |  4 +-
 ...0243-8904938c0e9840b0a2511b1de74ee529.yaml |  4 +-
 ...0244-62fad85c6fa5b7fb3d8634d94c62f43f.yaml |  4 +-
 ...0245-2701fe0e6794c06d119a81cdcc54c2d8.yaml |  4 +-
 ...3027-7fcf2911100968a88895e890aa0259dd.yaml |  4 +-
 ...3030-05ea715911776cce9345bba9207f2978.yaml |  4 +-
 ...0422-8305b529a6785da6470d8457740ff920.yaml |  4 +-
 ...0423-9167001bdde424000d6bf79c1d596a20.yaml |  4 +-
 ...0426-70740ef575420bdce3307b7d6efb0e97.yaml |  4 +-
 ...0429-ac7ff3acb8eeb83f868977100c1901f2.yaml |  4 +-
 ...0430-2021aef7227818f1c21db36c31bdbd79.yaml |  4 +-
 ...0432-f176e53a42ca2011d6f5c8a03ade6f30.yaml |  4 +-
 ...0433-050701771ca0e37751fe39d80669e4d1.yaml |  4 +-
 ...0434-0f98500a56d8bff1fd15d46c8720db00.yaml |  4 +-
 ...0436-a85aa1b9a47ecb9d1b901a00495b06ae.yaml |  4 +-
 ...0437-c115c2b38773f756d29db80a784da83d.yaml |  4 +-
 ...0438-2ff60d0958c013f69d2bb2b8a6cd708d.yaml |  4 +-
 ...0440-9036b0b68d189e2a08606b1361a322c6.yaml |  4 +-
 ...0443-7cf1733a0fcabc72e1599e5c6fa6e184.yaml |  4 +-
 ...0444-c982dae5e8a9922c1cd4de17c56c6264.yaml |  4 +-
 ...0445-d0db52345c07a6211225ddd6537e55c1.yaml |  4 +-
 ...0446-6323dfe519d667ba98cb2cb3a674b49d.yaml |  4 +-
 ...0448-d94ab49d4d8adfed309a34be052981f9.yaml |  4 +-
 ...0450-e82baab8930846897895cd56a53f4176.yaml |  4 +-
 ...0451-682168a7f6b8d8c54e16ca072c08d0b8.yaml |  4 +-
 ...0452-1320225def4406c9e713cc329abaeb70.yaml |  4 +-
 ...0459-77df5424b8737ee4b8f9f9f20e1fee34.yaml |  4 +-
 ...0463-3174ef274fa543dfe91589efb1d4f079.yaml |  4 +-
 ...0464-9590c9a713d41dcccd250e79c2d68a75.yaml |  4 +-
 ...0465-822954310f58c5920d9c99a5b8f20e8a.yaml |  4 +-
 ...0466-405af1244e8e91b41a724bfd16213a75.yaml |  4 +-
 ...0467-86a5e7d3d7ed00baf83310ad8f227a5e.yaml |  4 +-
 ...0470-982ffbf6beec794e0b1ae79fe9b1aaa9.yaml |  4 +-
 ...0477-db671eee30eadb2b3e6d738cfc02d4cf.yaml |  4 +-
 ...0478-5eb89c28ff961004bce910abdba4c1a6.yaml |  4 +-
 ...0483-dfaf8f13c7a5730a90b10c23bd27623b.yaml |  4 +-
 ...0484-f0986ec848116bdaf85ff2fe79a684cc.yaml |  4 +-
 ...0485-b7d8017025d96230e362095b35be8556.yaml |  4 +-
 ...0486-15ea5684525ea85792493d1e42c50ee1.yaml |  4 +-
 ...0487-48b15a3295f54b70d085f78d5d278b00.yaml |  4 +-
 ...0488-1c48bf4d484ac338c2e58423c802cdcb.yaml |  4 +-
 ...0489-55c899bce76676ae0bd2f27011d06ab7.yaml |  4 +-
 ...0491-865589c83192a271d43a839d1c2dd482.yaml |  4 +-
 ...0494-60929a68cddca1a94650b63066730255.yaml |  4 +-
 ...0495-32c41bb49a17f6a6d495a0dfbe10790b.yaml |  4 +-
 ...0496-7e6a3b2c412bc3d13ddc87f480a49f5e.yaml |  4 +-
 ...0497-00eeb6c21c5d722501b60770e277f490.yaml |  4 +-
 ...0499-aa8353adb3620cf0044ffd866cd1ea46.yaml |  4 +-
 ...0500-c805577cc74fac959884880eefb7ff71.yaml |  4 +-
 ...0501-9ecbfebe7e10d279275667a070df122b.yaml |  4 +-
 ...0504-12373fb4bdec1cf1197ea716e420bdce.yaml |  4 +-
 ...0505-dd67ce4e359afe3a28fa3105db87a235.yaml |  4 +-
 ...0507-bc5e92508a73c7bd5e881af5254740d1.yaml |  4 +-
 ...0508-e2b770c20c0fc55c7a4f89e727dd45de.yaml |  4 +-
 ...0509-eb3ea92b0c5a4b0e8e1f707fd264374b.yaml |  4 +-
 ...0512-38f8a2f1ccb6fa8679c01ae474dc43d3.yaml |  4 +-
 ...0513-8781e1672be1a467451ab0b40e4c7713.yaml |  4 +-
 ...0515-644174d3b6cb573b8ad1e776e7aafb01.yaml |  4 +-
 ...0517-3f5afe1c06de95e459f12d16b7792b0b.yaml |  4 +-
 ...0519-6765d661ee89fff8539766bb02e51a4e.yaml |  4 +-
 ...0520-894cd49c8916bb82c60619f3c2cf8165.yaml |  4 +-
 ...0524-8b4bc04c0594b1b6d09d20b68880906b.yaml |  4 +-
 ...0525-b4011099159d4b47f74f5b5034151fc1.yaml |  4 +-
 ...0528-08f37baf7169a857040ffc59c0868398.yaml |  4 +-
 ...0529-8e6b1c0313de5c2d10a529693b2cd5e4.yaml |  4 +-
 ...3053-42f191921072c4fed5defc1af6bdccae.yaml |  4 +-
 ...0530-8661844c33fd37e07467aee782d9dedc.yaml |  4 +-
 ...0531-ca8f431f36e53f60c13e3a9b6d7eff7f.yaml |  4 +-
 ...0533-64461a08e8c73126cafa25fcfb24f7b4.yaml |  4 +-
 ...0534-7ca52430035acd6a97700e0a1293791e.yaml |  4 +-
 ...0535-bdcfb7f870a9c9d99dad2a66d5149c6d.yaml |  4 +-
 ...0537-0c0c3155e7f5976c6ad290b0d35fa570.yaml |  4 +-
 ...0538-5457d1ce3892ed5603310b359ae787b8.yaml |  4 +-
 ...0539-8712cc1632e225c594b19df34ae596ee.yaml |  4 +-
 ...3054-ed94652247c936f26c87589210c8b78f.yaml |  4 +-
 ...0543-41404190c9a7f512053b049611a997bf.yaml |  4 +-
 ...0544-6ab5c2b9e9da3c807bbb85a9044847fe.yaml |  4 +-
 ...0548-931565033fc7a18f04b3f4a474f02d5f.yaml |  4 +-
 ...0549-6077f7a94c87d9a1b005a233e3c6fd5d.yaml |  4 +-
 ...3055-2304b21574018f9296b7348b5813fb8e.yaml |  4 +-
 ...0552-2bf5272ec6d886fad7b7b1d47db7c04d.yaml |  4 +-
 ...0553-f762f226f7d0453e8c9973d68200bc39.yaml |  4 +-
 ...0554-ab9e9f7a6a475ad09ac9f13cde54db19.yaml |  4 +-
 ...0555-507dc7ea634baa930020adb83f291cb6.yaml |  4 +-
 ...0556-fcb752a84e136c08d10cbe281ed9acb9.yaml |  4 +-
 ...0557-d882520450a9e95c908e1ad71ca03592.yaml |  4 +-
 ...0559-8be8bdb7ee929f691ca61327631de08d.yaml |  4 +-
 ...3060-eca3d823dd426887bd9194913fe758fe.yaml |  4 +-
 ...3061-4d5b5eea5b0d303e259444505b764438.yaml |  4 +-
 ...3064-cebe60a1cf2dde46346583e6502d2df4.yaml |  4 +-
 ...3067-68254971cbcf2fc6d5bd7c51c76b34c5.yaml |  4 +-
 ...3068-f388cd40277e7ac72bbf02fcf8235c63.yaml |  4 +-
 ...3071-e066b94b3267fad45f35322be08f0f07.yaml |  4 +-
 ...3072-f830b550290522c771fc5d5f581ec239.yaml |  4 +-
 ...3074-c24b6fa8b7a5214338fb56e211d63730.yaml |  4 +-
 ...3075-bbfbe8576da0ded63051e9606f0a7198.yaml |  4 +-
 ...3097-2964883e1950fef80d801f06f14eb92b.yaml |  4 +-
 ...3107-11a2580b3d0abb5ce4a2d1b75225b077.yaml |  4 +-
 ...1077-bc2f6ff7db9bb1af0cb3049e6fc69b8c.yaml |  4 +-
 ...1089-74239a2c7d59745dfff630629648ba8b.yaml |  4 +-
 ...1094-8cd6ae2b6361cbc9077a21e229786a98.yaml |  4 +-
 ...1098-0732f852b649541967c753671f29b37b.yaml |  4 +-
 ...1099-ce1baa6ffb742e3e4c86c030e2aaf287.yaml |  4 +-
 ...1101-bec7b3aa816a59f17fd4e32834f42e90.yaml |  4 +-
 ...1102-0b0d398d1a79ae77845de8705631a4db.yaml |  4 +-
 ...1104-ecee6fe6f960c3e32d930eed8f81ac9e.yaml |  4 +-
 ...1108-a5c9dfe234305fe9b3c82a7200b4785c.yaml |  4 +-
 ...1114-e51458c52ee75e442332748b235c894d.yaml |  4 +-
 ...1116-2dba3f9d9e05a82800f2a05f03266828.yaml |  4 +-
 ...1117-beebd9357e523ac8ce9429685a86283c.yaml |  4 +-
 ...1118-06564215bf3fbac51cfe3cf6be605864.yaml |  4 +-
 ...1119-abc7b516295a7f19088f575460d378b0.yaml |  4 +-
 ...1120-d39f34ed184a71d23a5de1e368d430bb.yaml |  4 +-
 ...1121-f0164790773e35acb9b1d44f4c95382b.yaml |  4 +-
 ...1229-a2af19cf083e10d02f6ef64bbfb896ec.yaml |  4 +-
 ...1230-0cf023eb74228b9523fd8b71152bf7de.yaml |  4 +-
 ...1232-b4a06dd8a8b5f551ef3c31a46e092a4e.yaml |  4 +-
 ...1233-7848dbbabd9f06e0c602290bde397eb1.yaml |  4 +-
 ...1234-5f2b7d6e36647de882c9475f5d8d8b2a.yaml |  4 +-
 ...1236-1e54d333594befa754c49d164d26005e.yaml |  4 +-
 ...1240-17700405f02a76d34273fd6f63bdac56.yaml |  4 +-
 ...1241-3bfe2176ab2d6339c4363df34b9c843f.yaml |  4 +-
 ...1242-08c2f711dab885b1524ebbd7b0782f00.yaml |  4 +-
 ...1243-20d94fa7cbaa795926bd10e9c360bcb7.yaml |  4 +-
 ...1244-fe10205699bf88a71e4460031e80e0cf.yaml |  4 +-
 ...1248-bcb990d5b998ea9f0d9516d80108b489.yaml |  4 +-
 ...1252-a59e139d7834d1f343a41f6f77f479a9.yaml |  4 +-
 ...1257-064670bf29900df44464bedf16a7db27.yaml |  4 +-
 ...1258-08841c16939c6ce6bfc6679725ea1281.yaml |  4 +-
 ...1260-44337a15956fb6efe76c43a84f40d4df.yaml |  4 +-
 ...1261-e3632f2772b0c1ed9b46e568946ebc5c.yaml |  4 +-
 ...1266-b59d3f14536598579f52eca567b11500.yaml |  4 +-
 ...1267-af1c4837148181f6207e66eb6c3b9ff3.yaml |  4 +-
 ...1270-74c47f2edddbb589b4230d596bf5f1e4.yaml |  4 +-
 ...1273-32e7faa52a05f68e7c002ae73c9e64c8.yaml |  4 +-
 ...1274-8d8dc52792f8d60124d8fa4fa4f53a0c.yaml |  4 +-
 ...1275-e40a3e8ea03e0231ec1106a753934528.yaml |  4 +-
 ...1276-466267eb695f096848ba3c66efa093ba.yaml |  4 +-
 ...1278-5830898462cdce464207b0d4b8cd2848.yaml |  4 +-
 ...1280-211d17907ac598fe9fa7fe583c9712b5.yaml |  4 +-
 ...1281-2552c36873674cea120ccc38e69f7427.yaml |  4 +-
 ...1283-eb7c2afb91d54b1e8be36c66e317f588.yaml |  4 +-
 ...1284-ef5a725ea594e708f6f726a1ed538862.yaml |  4 +-
 ...1286-20a2e4a6290983370284d76170f55741.yaml |  4 +-
 ...1287-33bc7d755c896ae147d69853031aefe1.yaml |  4 +-
 ...1291-4a6b08579b21c259b0bca4ce2e0b2904.yaml |  4 +-
 ...1292-467a5580ac1383352cd27bfadc2d264b.yaml |  4 +-
 ...1294-a561a450756c85ce3eedf88a4f646811.yaml |  4 +-
 ...1296-6afeb2ce393f64d78e2ee60294c65cf9.yaml |  4 +-
 ...1300-731324aeee016bb6f029892372fbf4ce.yaml |  4 +-
 ...1304-d57f8fd6151dd1d65a65a746b8a04b7a.yaml |  4 +-
 ...1306-6bd5ec9d4799550acfbe6978f43129c9.yaml |  4 +-
 ...1307-d90e5ac159925d0ab3971b3b6d358c41.yaml |  4 +-
 ...1308-5f94fd73fc44e0e8d375d47e5fc1e6c1.yaml |  4 +-
 ...1344-7876e3e9a0cea227500debf5d1a1674e.yaml |  4 +-
 ...1345-d78cf00c59cb04a1784e89b4d96527fd.yaml |  4 +-
 ...1346-2b7b5dc8c00ef5d0c5596161adf932c4.yaml |  4 +-
 ...1347-6e8a9152de2bbc5b83be5ce9d45091f1.yaml |  4 +-
 ...1348-f50a0c6a3334b6a9833d56ea2fa95097.yaml |  4 +-
 ...1349-827f2e843a499f08614a8388df30f388.yaml |  4 +-
 ...1350-a0dc813b81ea3eaaf35abcdfd0e51d08.yaml |  4 +-
 ...1352-bbb33bf45ae299a4c2e1d54441bd6458.yaml |  4 +-
 ...1355-9ed3ad19217255e206c74e32650683d5.yaml |  4 +-
 ...1356-e27368e4785bcd7f22809f69244573f8.yaml |  4 +-
 ...1357-dd1f48796d4f00ba40c7555318c798d9.yaml |  4 +-
 ...1358-aa9afd9a4b3e913533a4ca30d7c2f62e.yaml |  4 +-
 ...1359-9460e33e1600fa49d2559c8b2959f093.yaml |  4 +-
 ...1361-c7b13d17993dc7e235bed80189f9bc22.yaml |  4 +-
 ...1366-1cf2042a7f76cab8ad8de631e6023745.yaml |  4 +-
 ...1367-4f22cc4c7f59ad21868eda159380a421.yaml |  4 +-
 ...1368-6a8cda00f1080a3aa286a272f860fd12.yaml |  4 +-
 ...1370-9466631ad739782449cdf9fdc36419ff.yaml |  4 +-
 ...1375-867cda99b5370418b92599a3b962874f.yaml |  4 +-
 ...1386-086335e3764d29c07c7d7cc4e2750c93.yaml | 12 ++--
 ...1387-90c4cbfb7712449319d9759e0ded5087.yaml |  4 +-
 ...1421-4a55514451127aed8c9fafcd15f7c892.yaml |  4 +-
 ...1423-6194829f785c406e2e428c86316d96c5.yaml |  4 +-
 ...1430-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml | 12 ++--
 ...1432-bf0fefcefc90da6dc2662202215f7095.yaml |  4 +-
 ...1435-6ac56b73dfbde68009426ab1366ff6c2.yaml | 14 ++---
 ...3161-a2e686465d8672ec5bf29632e66237cf.yaml |  4 +-
 ...3162-fc806cfd6ed4dc072c39a0980e8091bc.yaml |  4 +-
 ...3167-675e6b4bb186a17f8fbe362e07f780dc.yaml |  4 +-
 ...3188-f46955793d003bf5208172175382fed1.yaml |  4 +-
 ...1925-0ef9782b82fa8d84264b6b12b21ce750.yaml |  4 +-
 ...1926-330ef9633d0984d1501cc01b4833593f.yaml |  4 +-
 ...1927-73c1cd9e5bfe098bfeb3d4b81b96f05b.yaml |  4 +-
 ...1928-f8df3f710c2acd675329722d570c9bc9.yaml |  4 +-
 ...1929-87fe64aef58d57af2256ba27b8518630.yaml |  4 +-
 ...1930-1cdee5629acdb013a2031fc71ce18e3f.yaml |  4 +-
 ...1931-e66b394b6ca847ce34ca3e1d63c12c27.yaml |  4 +-
 ...1937-8e9a9f02c6675b20e9272fbaa352217c.yaml |  4 +-
 ...3197-20984fc62bd28bb51dbd02e6ae5eacfc.yaml |  4 +-
 ...3199-3d06eee6979cba3a65776c3770040194.yaml |  4 +-
 ...3206-793865077bcac4ea4b5fe53bac436ec4.yaml |  4 +-
 ...2078-351dfe17aa9c41d161fbfba3138330fd.yaml |  4 +-
 ...2079-8cb4e5d28c572c7b2415f308b23aba3c.yaml |  4 +-
 ...3208-c87a07214ae94f7db769181aa46e6e3e.yaml |  4 +-
 ...2080-f19084b39601e7bc7ba34fa7ad78104e.yaml |  4 +-
 ...2081-7ec734b1370cfa2c11baf0ce838e63f7.yaml |  4 +-
 ...2083-27956200aea3cb3bd27e1108bb27c97b.yaml |  4 +-
 ...2087-0c6025826e5726423a84ca94ebcaa441.yaml |  4 +-
 ...2098-6868a3f667554717afcb5780d663774e.yaml |  4 +-
 ...3210-1f71e71cd24bceed84937a152a603cb2.yaml |  4 +-
 ...3211-2b72a770047348328de1929b10696b75.yaml |  4 +-
 ...2110-83be4877901e862ff402253df3e3d6d7.yaml | 14 ++---
 ...2125-32308cb2a86eba1af06f28c633448e1e.yaml |  4 +-
 ...2126-25e251a3406c9b35d33175212bd58aef.yaml |  4 +-
 ...2127-4976580f662d856b0ec790e30c784e5a.yaml |  4 +-
 ...3213-b595d6fc7446c3f09ff44c55f79ffecc.yaml | 14 ++---
 ...2132-4eab0b03120e29e0608c25e79fc1f7b1.yaml |  4 +-
 ...2134-fdb7464284f0e3f92d05bc404992df2d.yaml |  4 +-
 ...2135-51b13cbe3f0c79746e5808bdafa8107c.yaml |  4 +-
 ...2136-1fb9c20f2dc722c53163029233b7680b.yaml |  4 +-
 ...2137-580004f61a42f3e8c462a7bbd946dd47.yaml |  4 +-
 ...2139-f7d71098b8867ed535059e5ab72f5309.yaml |  4 +-
 ...3214-9456cea40ce6ea28f05bb2ff20b05594.yaml | 12 ++--
 ...2140-61f36ff0df93fb03b2b83d8b189aa894.yaml |  4 +-
 ...2142-965d06634426ae72a55053fa07ab23f9.yaml |  4 +-
 ...2143-5bb8fe4f6089667dd51c2e2e1a9444ca.yaml |  4 +-
 ...2144-4cfd2c744e2f57cb62950af3a51becf5.yaml |  4 +-
 ...2146-5012da2be4de20cb472aea0abf71670b.yaml |  4 +-
 ...2147-97d382f4c9bc6b17c25a76a092e5b852.yaml |  4 +-
 ...2148-700d1cfad4bd0fa3b320c8b805e07813.yaml |  4 +-
 ...3216-b989c8fa7ed8639e2ece01754bff0c0b.yaml |  4 +-
 ...3217-6bec264de722325d8055d26873b10d23.yaml |  4 +-
 ...3233-f9cdd85e870155975fbf07ebd6c11543.yaml |  4 +-
 ...3237-c180a9b603d8380fb7d1168376590f63.yaml |  4 +-
 ...3239-769f278ef7d8854e596567a95f8b276a.yaml |  4 +-
 ...3240-3445f10edb771a060415612c26e8b8f1.yaml |  4 +-
 ...3241-8ecac7c0d333dc76f1706559fa2ff22f.yaml |  4 +-
 ...2428-164235cec7e149cb5686d35550cc5b45.yaml |  4 +-
 ...2429-012dc707b39ddca593987305dcc50476.yaml |  4 +-
 ...3243-087ab6a6409aed64b5c6d0e8d25ec639.yaml |  4 +-
 ...2430-910b5f5663169fdea4f0325e6cf734a0.yaml |  4 +-
 ...2431-da2b51f042521776402cd06473b8ac45.yaml |  4 +-
 ...2432-01230d7023712cf52d185f89bc18a400.yaml |  4 +-
 ...3244-cefa3854b69334bef3c2d36906bda58c.yaml |  4 +-
 ...3245-af797cbd3361f1f4f2cd0edf1a785a5a.yaml |  4 +-
 ...2453-30d5fcaaf29f4724e74da8c497e40f5f.yaml |  4 +-
 ...2454-169d659b2a655a618a75f90fea3adcb4.yaml |  4 +-
 ...2456-c26f84b3b737dca9d0e2ab2c400f43b7.yaml |  4 +-
 ...2457-c23e4efbffee4d6fedc761f6f4283de6.yaml |  4 +-
 ...2506-0f0d0d2c6b89a442a33118c19c04ca9f.yaml |  4 +-
 ...2508-f509147c445359dac8de4743426be1bb.yaml |  4 +-
 ...2509-f77ac51d7f87288e232b2c219c40d8d5.yaml |  4 +-
 ...2514-8119e5403d3a32487dee582a940781b5.yaml |  4 +-
 ...2515-688329ccf7bb0b49cbf94f9e95fe056a.yaml |  4 +-
 ...2516-4ff702381866f61703ebf71fe12af15e.yaml |  4 +-
 ...2517-b81dbbcc402e93364fc6c79f5c55b224.yaml |  4 +-
 ...2518-fe3ee4088bc486320d241799be9d47af.yaml |  4 +-
 ...2519-e977a8524d61ac2824626ef17aa0bef1.yaml |  4 +-
 ...2520-5207af68b5cb6f829d0bffea5881c5d4.yaml |  4 +-
 ...2522-4690da6a9cd43936031eeb63dbe5ba89.yaml |  4 +-
 ...2524-2862da944ba4b374cef11881cc898ccb.yaml |  4 +-
 ...2525-755306c8577963b7e9a15f996cc38136.yaml |  4 +-
 ...2526-52d571dc3064574a067b92facc54ed54.yaml |  4 +-
 ...2529-179886cc2bdc18bcdb57983a57be1a6f.yaml |  4 +-
 ...2530-f4692d4ecdfbe84f92ac77014c0e0a83.yaml |  4 +-
 ...2532-43f4c20972d989cec8564607e81e3507.yaml |  4 +-
 ...2534-b107934a8aab930d1fab2cf0f27d13f6.yaml |  4 +-
 ...2536-28c3e191fb5a4aac43fb323a1cacb211.yaml |  4 +-
 ...2539-91e729c82f2d9f67d872d81509700a6c.yaml |  4 +-
 ...2540-39995b4a98bd80010d8be7d8f66f2d38.yaml |  4 +-
 ...2548-4f768a2e6ed5431813ce2815c2416c7e.yaml |  4 +-
 ...2551-ac1431b1561b6c549c99a1b7125f3596.yaml |  4 +-
 ...2552-460e4d77e94c99909f00493d8717ec60.yaml |  4 +-
 ...2553-683819db80183ccca71d3fa32fe3879a.yaml |  4 +-
 ...2554-aa7769527923a5d7ef3aff0dbf4c6e9e.yaml |  4 +-
 ...2556-268b053a1bfe487ee9a98a976d059155.yaml |  4 +-
 ...2560-d93a6b7f14b256d2a3a93d0625fdf894.yaml |  4 +-
 ...2561-9ebf12f531ac825152bdbeecae0483e1.yaml |  4 +-
 ...2564-cd3ebd9e5b8349096037121f145eb200.yaml |  4 +-
 ...2565-41d7dedc3e3a9c3e6b69d336c29a1195.yaml |  4 +-
 ...2566-88ba893aacf7da3ba8fb038d6bba0a0b.yaml |  4 +-
 ...2567-63e9460ae343812c425f6b6a9cf8cd2b.yaml |  4 +-
 ...2569-f9974cc25b2b5474809876c63c837de9.yaml |  4 +-
 ...2571-deed3fa156af1c41e337b8275419b59f.yaml |  4 +-
 ...2573-dc87f7ad02889b2fba3b573d8f507b49.yaml |  4 +-
 ...2575-e12b4eb0afaf97081bdd86d34fb980c9.yaml |  4 +-
 ...2577-c8761ad8d517d60679bd97ecd8a6c050.yaml |  4 +-
 ...2579-901a8544f8fe096e9fdc9630ea2bd15f.yaml |  4 +-
 ...2580-f99c7ac14f9b6aff3ca4eaa0306e77ee.yaml |  4 +-
 ...2581-fa0a09e9f8b4c6d9a874ba45527ab6cd.yaml |  4 +-
 ...2584-d844d4bb69ae6b349312f77792834a3c.yaml |  4 +-
 ...2589-40a18728cfe568ff4c836d2215f1bab4.yaml |  4 +-
 ...2590-668f9a8a460ad561a2838627b58d495b.yaml |  4 +-
 ...2591-8a00d4110806870e5118fa117a1c5da6.yaml |  4 +-
 ...2592-261bb3f8fcb24ed57cf7abcc44aedfa4.yaml |  4 +-
 ...2594-76e71bc12b464dcb30907399a9d0eccf.yaml |  4 +-
 ...2596-eeffd2576729af4c20ea0d0989cea07e.yaml |  4 +-
 ...2597-ccfe47d5faf99f962197429daac2a562.yaml |  4 +-
 ...2598-4012f134749539452de47052e41b95bf.yaml |  4 +-
 ...2601-a738a6df1d7af94fbdfc3f2ebe12ab82.yaml |  4 +-
 ...2602-a3fe0d186555bfccf2ee6cc4060fb41e.yaml |  4 +-
 ...3261-4c7136348e958aecb57a2e8c3842e1af.yaml |  4 +-
 ...3265-223f6e5ecb381f112c575b56d5d37f09.yaml |  4 +-
 ...3266-5289bbf92c9bdc3c3c0e4f0086563240.yaml |  4 +-
 ...3267-7fcbda1cfae66ee74a18ccdfe4753dbb.yaml |  4 +-
 ...2675-87d943234d9fd7c1b966ece253dc1110.yaml |  4 +-
 ...2677-6243447eedf5d12aac34558af1ea267e.yaml |  4 +-
 ...2678-8c789a924b584ff9b2a3b88bc5b7e816.yaml |  4 +-
 ...2679-31aeecdc666490a1580c3359e75e5fff.yaml |  4 +-
 ...2680-f93c186c199b2993e134631be68ea0a1.yaml |  4 +-
 ...2681-332edd099b0a24d5cedbd6ff5e1c921f.yaml |  4 +-
 ...2682-c0add8aac27f340c1c289e5c63a1598d.yaml |  4 +-
 ...2684-f59ad0e4ed3c2f1220e9486cbde45cae.yaml |  4 +-
 ...2687-75a6b15f48d4510d78d2b82a83179681.yaml |  4 +-
 ...2688-9d13f1d3852ef39a0de552cc88d8fec7.yaml |  4 +-
 ...2689-51018cf0109648dade76eaf03756855f.yaml |  4 +-
 ...2690-cad14760637700672da85dda380a58c3.yaml |  4 +-
 ...2691-7734e62aac4f36040cb75f80a344eeea.yaml |  4 +-
 ...2696-d3e0f1a758bd59446de5b7d7cf2ab987.yaml |  4 +-
 ...2697-3b452da100c4d01a4273d3119ce13da9.yaml |  4 +-
 ...2701-26e6b2b2c87cae333c1a6a8f12b3eb26.yaml |  4 +-
 ...2704-a84b96611f097506467644350038a82b.yaml |  4 +-
 ...2705-3e021672a349a4fa909b6c3fa423b85d.yaml |  4 +-
 ...2706-a0061c960a93fff2adc1360d0d280001.yaml |  4 +-
 ...2707-bd950fa0617ccb3a0edff5978b31a09b.yaml |  4 +-
 ...2710-c0cb61dd6fecf2d07db617deb2e20095.yaml |  4 +-
 ...2711-4696541fdc76b8ee098f38a67fea2a75.yaml |  4 +-
 ...2714-74f803f6a35ab9fee5ff5f4a7905da8e.yaml |  4 +-
 ...2717-49f4f7442b45f88ffafdd0b100d2831c.yaml |  4 +-
 ...2718-d8bfc01f0d93fad4fb2e1a339254a3ed.yaml |  4 +-
 ...2719-980a1e8d0e2c9d6875260534aa15c2ab.yaml |  4 +-
 ...2722-058f94a7273615ab6b78bfcaa4aea16c.yaml |  4 +-
 ...2723-18a7728320d1ae3570e8bc349a822d19.yaml |  4 +-
 ...2725-078909fc07244cccae3451c5f9a6996f.yaml |  4 +-
 ...2727-9fc19dd6fd6294d34dede89f8670266f.yaml |  4 +-
 ...3275-5ea4e509f820ba7667284a234b2ed4c9.yaml |  4 +-
 ...2775-83ccb1e8ea2bc379358acbb752bc4542.yaml |  4 +-
 ...2776-2f1276a08770749aab26a12f9e94025f.yaml |  4 +-
 ...2777-ef0878d0c845446e359ff8868f1f69d3.yaml |  4 +-
 ...2778-2613b63d2aee689ccf6be1c1b97a178f.yaml |  4 +-
 ...2779-c13eb59a9d6116b65835e8ca21a2d0eb.yaml |  4 +-
 ...2782-77f47958ca9f6f3aca917f2faa21c35a.yaml |  4 +-
 ...2783-afe32fcbbc30cab4f3e35a08cf6d7b9b.yaml |  4 +-
 ...2784-2606febac98b5b77708f94f9707ab5ad.yaml |  4 +-
 ...2787-a8ed8c08b34ae95a0c525696512c70ee.yaml |  4 +-
 ...2791-b940c9ab9a01a68eea4a5776ab2199d7.yaml |  4 +-
 ...2792-ec5f1fa417ea6d6d86b4d82ac0f5e65d.yaml |  4 +-
 ...2797-e30e15a9c4996773efb6051e3f90c9c4.yaml |  4 +-
 ...2799-f26d5492f0770f1b4f41cabb1dbfd120.yaml |  4 +-
 ...3280-c3fe9adbef48906de6288ff04a6a51a9.yaml |  4 +-
 ...2801-7bdd14c359e34ad7380502271a0ac656.yaml |  4 +-
 ...2802-bcaba1132a8ac1a695b97d03ca9be0db.yaml |  4 +-
 ...2804-7ef847bd47bcec43447f7d6368de1312.yaml |  4 +-
 ...2805-7cc4115eca0cf9c161547f1b88d6e0eb.yaml |  4 +-
 ...2807-a4d2edadf2ab61a5bc7487773709b53f.yaml |  4 +-
 ...2810-d937680a60653a1af5b2a6c9c069ec41.yaml |  4 +-
 ...2812-4a1b15e037b0e674a6b8abd0386af8e9.yaml |  4 +-
 ...2813-c380050a7e76482fb19d38cf49fcde28.yaml |  4 +-
 ...2814-bf4905bcfa1e978b4bbdcf9e3f9b15d3.yaml |  4 +-
 ...2815-ab9e9f1fd2829128e3bb4bce435b5cf7.yaml |  4 +-
 ...2817-916825c2b82546703e1e58fc1213738b.yaml |  4 +-
 ...2818-4f95fbf5d542e431aaee4d569011a0a0.yaml |  4 +-
 ...2819-36e8e0f9a5511d98ca66f925304a3a33.yaml |  4 +-
 ...2820-ea8ebad551118883e1feafe80a786b1f.yaml |  4 +-
 ...2821-79e3222cd5781d3ee2de3dbd9ec9763f.yaml |  4 +-
 ...2822-153f878c481a2d3c062b001804128554.yaml |  4 +-
 ...2824-8c8032347c8a676583142ccf856ffd1b.yaml |  4 +-
 ...2826-0d1db255d715c554771e21ce6d36684e.yaml |  4 +-
 ...2828-cb1263fe7cf23ae55fdda5b42af76fdf.yaml |  4 +-
 ...2829-c639be60406ab3b6aefe17af97aa1a3c.yaml |  4 +-
 ...2831-7e7c2d3094ebf66ce262024cc34ea145.yaml |  4 +-
 ...2832-64bb9b276a0e4073663c51a2aaebe19f.yaml |  4 +-
 ...2833-53b64c2cc89e0070db555cf593bc5061.yaml |  4 +-
 ...2835-2178e4e9767ddbb5794b39d1005e082d.yaml |  4 +-
 ...2836-1691930e201b6c9ce529fab20806ab3a.yaml |  4 +-
 ...3285-511ef268c5ca19fe7d62dddd9e13f37e.yaml |  4 +-
 ...3287-0f5c5f0145a23c33dd91c0c052718e6c.yaml |  4 +-
 ...3293-aeff462ac51a8748cbda344eafd679be.yaml |  4 +-
 ...2948-cb6fa6f6958986304e8bc18c130022ba.yaml |  4 +-
 ...2949-2143d39c6a447e17fa955c9d29e9190e.yaml |  4 +-
 ...3295-89a71e03ca88d2c02f3be0f2c0d21756.yaml |  4 +-
 ...2951-cb8a70925c9490ee47d5d493a807b6ac.yaml |  4 +-
 ...2954-f3852e2e998f0a9723c8ace5e7ebc48d.yaml |  4 +-
 ...2955-61c688c55eb7ee42da571c3fb1a2e6d3.yaml |  4 +-
 ...2956-8e63763711ef860c6f3f1ec391c10df2.yaml |  4 +-
 ...2957-72add1c0a6273b20aaa451b8bcfd56cd.yaml |  4 +-
 ...2959-0e449c9a497e53b142f5674fb22e2a1f.yaml |  4 +-
 ...2960-cec3580e3bef11008dce66e6706b0fc0.yaml |  4 +-
 ...2961-db7f8fed7cd5746da95374c4a1d925a5.yaml |  4 +-
 ...3307-7bd8b052dc6ab5494250ef14b3571b9d.yaml |  4 +-
 ...3308-c9c8b6f666802b2f51aa7a2059e8cf31.yaml |  4 +-
 ...3309-236ec29d3a581237ffdca9038176da82.yaml |  4 +-
 ...3333-c900b7eac90dcb368c77b66b5bee17b3.yaml |  4 +-
 ...3337-01e0b89afcfee7ee0b87257825f06c59.yaml |  4 +-
 ...3338-f731e8529b33108bde99e03616dec459.yaml |  4 +-
 ...3340-72c77f134254f33afbd956d2661ee799.yaml |  4 +-
 ...3341-c1fa4ca90d68aef3b1e407c4bbb8f6e9.yaml |  4 +-
 ...3342-b16f008700574256ab90c1f92968c3fa.yaml |  4 +-
 ...3343-74e59a3e9ea29768b5d0afa832d7eb55.yaml |  4 +-
 ...3344-d1fde79ddb6f5cce29eedf02f3d4b354.yaml |  4 +-
 ...3537-10655f6004e5353e2b6a2b5ad40ac777.yaml |  4 +-
 ...3539-0c1df7bc0f650153d4deab14ee137704.yaml |  4 +-
 ...3540-a2599bd3c91638fd59172f5a65248fdd.yaml |  4 +-
 ...3541-c71bf414dec349bec3e4220e85ee81e5.yaml |  4 +-
 ...3542-4ff3f91a93b3247cebd7620836598b68.yaml |  4 +-
 ...3545-854e0c6e8605c626361126b016b08a27.yaml |  4 +-
 ...3546-e261de97ae518fadfa674900f6884131.yaml |  4 +-
 ...3547-9fc89469f8a530afdf83c67ae386fe4e.yaml |  4 +-
 ...3549-e2b6dedf58550635a9af3b0cb010148d.yaml |  4 +-
 ...3550-923b7799c6c4b8b6606ee152480bc325.yaml |  4 +-
 ...3555-2b061e047e658e61d8ebbd4e7e809bba.yaml |  4 +-
 ...3556-4a822947b182a8ad769234c031d65105.yaml |  4 +-
 ...3557-778530516424ce1a3968690bf84c44c4.yaml |  4 +-
 ...3558-69dc88dae2977364ee23f133476679d5.yaml |  4 +-
 ...3561-bf873db96785a26a3145cbfaa5b26d6e.yaml |  4 +-
 ...3563-38fb7f7c173d005d7a2c4887d0346c93.yaml |  4 +-
 ...3564-8a9cd0a3b3bf0281b86f1864c19141dc.yaml |  4 +-
 ...3565-ea61aaf0b841c4447233caa711d245e0.yaml |  4 +-
 ...3566-5b3434af05805f54d95301c9d2bfe97f.yaml |  4 +-
 ...3568-c32e665e9be4b817092efeaf96853d74.yaml |  4 +-
 ...3570-a94be3f467ceacb837ea20db05393018.yaml |  4 +-
 ...3572-fdbe6ed30963d2d89b9e4d6d9ea6d03d.yaml |  4 +-
 ...3573-ad0ff157f5be17af68fa4347894dd5e7.yaml |  4 +-
 ...3574-d6b6bc643ec1ba18798cef4b6b37fe69.yaml |  4 +-
 ...3576-e4bdb79e642b57f61de774ae24d8a0ad.yaml |  4 +-
 ...3586-f6467ad8511f5004bea6f7b6c2cbc45b.yaml |  4 +-
 ...3587-80ad6ff6a41f2684b99adffd0cc6275a.yaml |  4 +-
 ...3588-a5afc25e9a9bba6762e73f63456f868e.yaml |  4 +-
 ...3589-7229f0a7ed96aafb75936c9e304ee19f.yaml |  4 +-
 ...3590-fdf5e229c491f2ee061576794ec1d5c1.yaml |  4 +-
 ...3591-b86559278d78c8a80909bf3088ee795a.yaml |  4 +-
 ...3593-a4a6f5b9e735cb14d76827d4a578ff1c.yaml |  4 +-
 ...3594-9dd9621e217d263471711af1462b33c0.yaml |  4 +-
 ...3595-5ad76356f82ec882d88e003164818843.yaml |  4 +-
 ...3596-2e12923b4994409fb95da9b1bf700385.yaml |  4 +-
 ...3597-00fe1d8fca57ad1440836b41da0ce6fd.yaml |  4 +-
 ...3598-498bbeebfd7d1067e2db21072dfc82ff.yaml |  4 +-
 ...3627-b0c570c63a16100d4cac08a03560c9a1.yaml |  4 +-
 ...3628-ad605f98f0b12012c381eafdf54cfada.yaml |  4 +-
 ...3629-272755bdeeb1adc01a4352f800652c09.yaml |  4 +-
 ...3630-e66a7b75dd0639134f09eee91026a929.yaml |  4 +-
 ...3631-7188ef26349164dd23042500cdbf31b3.yaml |  4 +-
 ...3635-a073e10124aebcae7675d30da8592a4c.yaml |  4 +-
 ...3636-f6874af8a1671c63716fd288efc17414.yaml |  4 +-
 ...3639-104344c0b7a013be4ee55f379fbf7b52.yaml |  4 +-
 ...3640-f9b0e5543d8b6fde32af392e9a980e57.yaml |  4 +-
 ...3641-38fb53416dee6ab7b6bba5cadf55c4c5.yaml |  4 +-
 ...3642-dd776d5a9d71139420b6706ccdb1e25f.yaml |  4 +-
 ...3643-b02147be7bebef844df5583704a48a3c.yaml |  4 +-
 ...3648-7675af1bd6eb113efdfef786b75aea68.yaml |  4 +-
 ...3649-75f9430e21b1ffadf43723a73937595b.yaml |  4 +-
 ...3652-c20c39f747c7f70cb8ab495d6417a431.yaml |  4 +-
 ...3684-2aaf513c887290d1b06e4a97482b6da3.yaml |  4 +-
 ...3685-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml | 14 ++---
 ...3686-37917ea4c5b30e9a2f479f087050ff0a.yaml | 14 ++---
 ...3692-0b26b05fd72223ab78d0eb64dadbd40a.yaml |  4 +-
 ...3693-065fb6634c2979f9a8dbb1a289a68a9b.yaml |  4 +-
 ...3694-e224c1cc32d6c05f266106ae47b5db38.yaml |  4 +-
 ...3695-c912d868bff6df29fc1013dc04c342d0.yaml |  4 +-
 ...3696-7559c037fdee829f7bf9775d464accd0.yaml |  4 +-
 ...3697-d3779debb6d6eb8ad0d25988128d76ec.yaml |  4 +-
 ...3907-15e90fc31ab3dfba5bcef7edbbc05f6d.yaml |  4 +-
 ...3908-bc4814d8e32bebe97767bb786c515063.yaml |  4 +-
 ...3909-238730b48c414c2efa3f90f95ede4e1a.yaml |  4 +-
 ...3910-317667951b7644dbd1a4529b628afac3.yaml |  4 +-
 ...3911-c85a39b22a9266777e8fa557a3826f56.yaml |  4 +-
 ...3912-2f3fe53a50f6ba1e34fffa48d4d3ffac.yaml |  4 +-
 ...3913-5b3901e02ad2424b1793990cd718f093.yaml |  4 +-
 ...3914-ba61abda2c1a03aab77d7d30f615bf9e.yaml |  4 +-
 ...3915-b42518648b89a6c8b5bea17f9a27b0ef.yaml |  4 +-
 ...3916-4e988801588842dadfebdadb774a426e.yaml |  4 +-
 ...3918-d5f5796dec9da2bb7306be7b46162089.yaml |  4 +-
 ...3919-3b2e242a0e8c63c5936cb035e1688322.yaml |  4 +-
 ...3920-9547ac03aa22594531f4f7ecb05105d2.yaml |  4 +-
 ...3921-1f09731ddd1d1af88db90bbc4fec3ba8.yaml |  4 +-
 ...3923-2850eb23becb886717557cbcc134de27.yaml |  4 +-
 ...3925-48e682e482ecb4079ded015fff88c4de.yaml |  4 +-
 ...3926-e3f2fb4bebde6fbab715925584422191.yaml |  4 +-
 ...3927-43352935e72ef2b8411f13007515e249.yaml |  4 +-
 ...3929-9461e6fbc59ff2af30e33bb31e92efcb.yaml |  4 +-
 ...3931-8564c9ce49cff70553493d3be285f932.yaml |  4 +-
 ...3932-1b2984fc633af00dfb52c6ca6adba0af.yaml |  4 +-
 ...3934-43b8fe08466d27ab3e4146e678872b9a.yaml |  4 +-
 ...3935-063d32b817099e0883314c45f9a14882.yaml |  4 +-
 ...3936-2a1202a3beb6f69088b7b47e3927398f.yaml |  4 +-
 ...3937-87e99280c7fbf3c8ad55c6ac46aa584a.yaml |  4 +-
 ...3938-74b3b474a158916fea4c408dcdc1f32e.yaml |  4 +-
 ...3940-eb5eba3fb055e3f1a65941e7a11b92d0.yaml |  4 +-
 ...3941-db0b66a5d47c2843954a651061f51619.yaml |  4 +-
 ...3942-cff018203a21cbec2137aca8bbff35f1.yaml |  4 +-
 ...3943-4d6b9908316d738d104a51fdd9ba9967.yaml |  4 +-
 ...3944-31cb28ae35765828074fe75a48e7d24a.yaml |  4 +-
 ...3945-fd2502bc424033ec4b34f2309e987add.yaml |  4 +-
 ...3948-a75aed58343a47e8c366c92bf6c30f08.yaml |  4 +-
 ...3949-e69e5ad6d5e1c350a8e72b9f067b0efd.yaml |  4 +-
 ...3950-e83ff3d04c646c58cf810db301109219.yaml |  4 +-
 ...3951-8d6f7061c576076509b8f92171f21824.yaml |  4 +-
 ...3952-df4c2356c55ce196a7dc2c935ff36c73.yaml |  4 +-
 ...3953-e75bbb3acde201345699c9ea2b1c0b80.yaml |  4 +-
 ...3954-a2a9df8b3604a4aa48635001d225e7fd.yaml |  4 +-
 ...3955-81558dbfc1c686b52278115bcc212692.yaml |  4 +-
 ...3956-a100f718edfa547990462b4c8b9cca8f.yaml |  4 +-
 ...4366-39af102f2f1fef516b0141731bd29ae6.yaml |  4 +-
 ...4370-7aa0e1773e8e5c34cf563aa138c0d2da.yaml |  4 +-
 ...4371-ac531ca44d844146efaf8a60c7e71d41.yaml |  4 +-
 ...4372-de3ad2c14ae092820725df486681b852.yaml |  4 +-
 ...4374-e8533877c8cc904267c19512d475d608.yaml |  4 +-
 ...4375-2681315eb5322b6e8d1489c4efcc7445.yaml |  4 +-
 ...4376-48efc81cbefdf18882ef324fd2ff057b.yaml |  4 +-
 ...4377-278430bfff21cdcd8521969c19275f0f.yaml |  4 +-
 ...4380-d06ae0bd2926a035277d571533319f2e.yaml |  4 +-
 ...4381-269c54556a1ca81f568118ffc940071f.yaml |  4 +-
 ...4384-9a44744af3993590fe3bf014b0ad32e9.yaml |  4 +-
 ...4386-599f329db78aa16926991b18378d93d9.yaml |  4 +-
 ...4387-b3367042bf6f7f08c7f7fe623f66bded.yaml |  4 +-
 ...4388-52a132f231403e0d19dffecc858bc7bc.yaml |  4 +-
 ...4389-de2cc205752867abbe773a0b92ad0ea7.yaml |  4 +-
 ...4390-81e36fcfaba8f47f8b0cb1d0a7f67af8.yaml |  4 +-
 ...4412-00bc7306212a1f1532879484863c8f21.yaml |  4 +-
 ...4413-1e57a0095a9d05c5ba61b4bee5ed304a.yaml |  4 +-
 ...3489-8639b20a2b1f76694c89791c1b2d91eb.yaml |  4 +-
 ...3490-96587021500f654fee1593a976493ca2.yaml |  4 +-
 ...3491-1fa869ed52b230924c8c94b2bfb591af.yaml |  4 +-
 ...3494-a94f9a8cf90bb953afc0d4af139b3df4.yaml |  4 +-
 ...3499-c5f80f50585482477dae3983763ad356.yaml |  4 +-
 ...3500-7b0e7eea2756aa9a3fb9bd9d76ac83fe.yaml |  4 +-
 ...3517-7c56383fa31fa34806b79179038f9c39.yaml |  4 +-
 ...3520-b77c5c4f0c4cc702e5668e3bdfcce6f7.yaml |  4 +-
 ...3546-766e921c63902196b3dd14a962737125.yaml |  4 +-
 ...3550-61bcaa4eb5a8e67da44b4e8cf864a6f5.yaml |  4 +-
 ...3553-b38686638c5362ebcaa7af99aefa8146.yaml |  4 +-
 ...3554-d92c57db44864e6e406520d1e97fd01f.yaml |  4 +-
 ...3560-ecf4e36c0bf9bffe5d8065599df28f54.yaml |  4 +-
 ...3581-4d573fe9c428ad3a04750d4555eab402.yaml |  4 +-
 ...3585-5c801a046ddb1fac8004d7794f007242.yaml |  4 +-
 ...3588-7da918d3fc3e2e8630ac4c982d69874d.yaml |  4 +-
 ...3591-dc2ceae7a9d01dd85dd05b54d27673ad.yaml |  4 +-
 ...3595-388546e2e07357a0226d8ddb30b48362.yaml |  4 +-
 ...3598-7ccdd8fc797e3fab9fea1a77280ae2aa.yaml |  4 +-
 ...3599-74ceb3dd0e91d385e16d6cd94c463dea.yaml |  4 +-
 ...3601-3172cfdf5fc8b7e358c053d42d06583b.yaml |  4 +-
 ...3606-a0b780503648451776551c0d1ff9b442.yaml |  4 +-
 ...3607-5e68a3cd88ecb3d8410d3d1d23bfef75.yaml |  4 +-
 ...3628-3155b6afdeb6949fabf56095cff40791.yaml |  4 +-
 ...3637-d46f40f2ab613d8e339074ed1d986191.yaml |  4 +-
 ...3645-298ee3ac56fa2818652ccdcf0f94081c.yaml |  4 +-
 ...3647-285480d3186a91d1e0ed6c347ab46652.yaml |  4 +-
 ...3650-b81f70d3babfec3365a985059b1ef475.yaml |  4 +-
 ...3662-76fc4346fbb39fa45316aca65b7d5177.yaml |  4 +-
 ...3664-5decd5b15e9e99b50c1cb7b49d2f0314.yaml |  4 +-
 ...3665-149aa3cdb8f6dba02a1015d8c51445b9.yaml |  4 +-
 ...3670-fb54b510af0f0d5e8604602a7c9ddbef.yaml |  4 +-
 ...3672-08de41cb2b0c0b28a5deead53bb308d8.yaml |  4 +-
 ...3674-1f04a4a11c02a582deff94a7681096d8.yaml |  4 +-
 ...3675-f2cad193bfdf87038af8a439971f7167.yaml |  4 +-
 ...3677-80866fdc72be2b54c095a4fd7f7db5e4.yaml |  4 +-
 ...3680-0e079d604a8bf155d8a2cb48193c6100.yaml |  4 +-
 ...3682-cb4f2a317f426735af573c79456925c6.yaml | 12 ++--
 ...3692-c512399e58b223011a17608d4b51ac26.yaml |  4 +-
 ...3703-630df0c98158fef2598199d5ff83a48f.yaml |  4 +-
 ...3722-174bf1d87b8761ea6f77723705dffc85.yaml |  4 +-
 ...3724-ab2437d4d93bac74a9eb7aad2f952033.yaml |  4 +-
 ...3725-c6ebd7f92a6a9f141b0c9e1fd40276a5.yaml |  4 +-
 ...3728-eeb15b3523994497219c24e4ab9f075e.yaml |  4 +-
 ...3730-3097ab413126701a31b2c663342da851.yaml |  4 +-
 ...3732-88d4547a92050d1b28fb4357c26c8ac0.yaml |  4 +-
 ...3743-966b2e78a79b5d63896247b963e8d55a.yaml |  4 +-
 ...3747-bc2b1b1b8cc260b904b43a53b27b1dc7.yaml |  4 +-
 ...3752-f264ee9267574176bc2aef0a4dad14ac.yaml |  4 +-
 ...3755-d0c53aa3e05b1c3e9ba3c621e2806fb1.yaml |  4 +-
 ...3807-68e18ce0101bb6035f701d461eb70415.yaml |  4 +-
 ...3808-98b3c6ab8f905b035d160d1673b90dca.yaml |  4 +-
 ...3809-10147d7844868b2801a0e636a99a05eb.yaml |  4 +-
 ...3818-670002c777730edbb2cb892efe1340bc.yaml |  4 +-
 ...3819-8abead7c575d5ff9d8bcc0c1daac4379.yaml |  4 +-
 ...3828-995df7f208463f40decef18bc20c7cae.yaml |  4 +-
 ...3831-82e1dbec0eac00504fe2d5c8d1c53a7b.yaml |  4 +-
 ...3849-902cce6bbff4fff8307b6fb241b9a8f3.yaml |  4 +-
 ...3868-0a3b78fadad1468caa114f49c5837f3b.yaml |  4 +-
 ...3869-5b09804fb0f54f039756dc2dbfaca10d.yaml |  4 +-
 ...3883-62c7b160f34bc3f3dc184557c1c06a9e.yaml |  4 +-
 ...3885-a48eaf0c735b82aaff5677d4812dc0a7.yaml |  4 +-
 ...3889-fffeaa1f78027e80b8c9ac73b2739073.yaml |  4 +-
 ...3890-554f77c669d0419c047d6805cc30482d.yaml |  4 +-
 ...3891-72139ddfa4b65d7bc5dd06dc24f01748.yaml |  4 +-
 ...3893-f4bbfecaa3b9697ac9c466359f202f2b.yaml |  4 +-
 ...3895-e6aa8433ac2636bbe0e1dd25466b1760.yaml |  4 +-
 ...3897-74192cf75d7a306906b056f839712e82.yaml |  4 +-
 ...3915-0b02214c516fa5bc85822569a5b642f2.yaml |  4 +-
 ...3916-f58e0fb779a935f032e6158130723d4e.yaml |  4 +-
 ...3918-1e104d6bab1fb28ec84c0ed01b4f6113.yaml |  4 +-
 ...3920-466a1f62f3b9e3cbc883b22ebc0c11de.yaml |  4 +-
 ...3923-c20cb20ff14b1ed9f84a7525784a41bc.yaml |  4 +-
 ...3929-f50e7448551c79441add3846b2a5874b.yaml |  4 +-
 ...3936-aa24420637d5fac56ca63b2271fa8b9f.yaml |  4 +-
 ...3939-b0853238e27436d970fc9e4c9b697d95.yaml |  4 +-
 ...3942-44e1f2ffb01f5ea3ea36f27a7c236058.yaml |  4 +-
 ...3952-e81a4620e336feb8f24131c8ad7dbdcc.yaml |  4 +-
 ...3954-f95f25f2a333f8597e744c121fcbe5fe.yaml |  4 +-
 ...3956-d5266edec4a9e9c793fa60a9c89f4ac5.yaml |  4 +-
 ...3974-430f35a9a91f48c97c43930a9ef1c8e0.yaml |  4 +-
 ...3985-27f5aa34f1beb8f61eb1e953a98567c3.yaml |  4 +-
 ...3988-4db0da089db1959632856d530ba9ce1d.yaml |  4 +-
 ...3989-885b11bd05584acc3850df4149714f79.yaml |  4 +-
 ...3990-01300894d57947b3560cabf2dbbcd115.yaml |  4 +-
 ...3991-092f1fde35361407c0c7db51482b885d.yaml |  4 +-
 ...3994-1b5a3539f272e50644f8022d37b4430b.yaml |  4 +-
 ...4000-820928972f49f35fc134f49ec2dd204c.yaml |  4 +-
 ...4003-da6c348f533c2442c083b7568ed9771b.yaml |  4 +-
 ...4014-7b33ec746697457281bd9e42aec2f348.yaml |  4 +-
 ...4033-411b1116f71957083ea7a80c47e56945.yaml |  4 +-
 ...4034-2d42369e26f63aede3d7de3de1ae9995.yaml |  4 +-
 ...4035-931f5de56d92dfa4c2d39579eb08aff8.yaml |  4 +-
 ...4036-f499e4efa4d99d7d76254d2c3b103977.yaml |  4 +-
 ...4085-2b530454070b0701fff7ade24fa23420.yaml |  4 +-
 ...4092-27d3cbadcfb0487ad424f81cd866c990.yaml |  4 +-
 ...4107-74f6871329004558f0dbc4c0f34288a7.yaml |  4 +-
 ...4135-2f5edb5bb8d4702a159f34742943af0d.yaml |  4 +-
 ...4156-622d5312417c1581aa63ff2faa690a9c.yaml |  4 +-
 ...4158-924efae616f0032d8047ad716d24a484.yaml |  4 +-
 ...4185-4a3c747c05de1c383de7ec2aa84fdb32.yaml |  4 +-
 ...4193-c2d76074465a6dcb60332d83861a2a8f.yaml |  4 +-
 ...4203-17011bf78eb7cb3c3509ef0727f15b97.yaml |  4 +-
 ...4209-19fda0443580ba364718d6332aa05bd3.yaml |  4 +-
 ...4233-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml | 14 ++---
 ...4234-0f097e6e2a639803a729d611f2124080.yaml |  4 +-
 ...4265-5f2ebf4302880b4451790eb5366fdd55.yaml |  4 +-
 ...4275-24bb86aa2326eca80531d492521a5d29.yaml |  4 +-
 ...4277-35cfad6b28404a58bea291114a1dac41.yaml |  4 +-
 ...4280-5442adae59d3e3922670d74f56222668.yaml |  4 +-
 ...4281-56c2ef2b70cad0dbe9025809ba135de2.yaml |  4 +-
 ...4290-579cd3fc5c2399656d85cbe343c14eef.yaml |  4 +-
 ...4316-55354669981e5b8e2367ee7fd327c426.yaml |  4 +-
 ...4324-d27fa19d4b96ffbe2e62694bb7f786a1.yaml |  4 +-
 ...4329-1eee2854f94957b31e7d0d2d3c4c5271.yaml |  4 +-
 ...4334-21942b6e9d955d0155ca56bc416fed6c.yaml |  4 +-
 ...4335-3cd75b090f3018ee840ae18474ab15b1.yaml |  4 +-
 ...4339-dea28b24d7e53b89e98cd471b0652d7a.yaml |  4 +-
 ...4372-0aea1b28544eff7de492a84d0e135b73.yaml |  4 +-
 ...4383-e1512d94164bf44f71f33d2c22c01840.yaml |  4 +-
 ...4386-c5cb3504c5d5a8aca1e1480362831116.yaml |  4 +-
 ...4397-5b6638dc9ccd4becc08f9931fb9023fa.yaml |  4 +-
 ...4398-9cd02c8d638c4cb01b2d319013b9422d.yaml |  4 +-
 ...4411-3155835b4a53204a1664eff58384d4a4.yaml |  4 +-
 ...4417-8f62194e57a27510760b3cae99e669fe.yaml |  4 +-
 ...4430-dd8649decc08f39c4790db22c44b5be7.yaml |  4 +-
 ...4433-8279425e8ad5b9257ee709bdcae15c73.yaml |  4 +-
 ...4441-ed9d6de2b2caf08fa88d82aee7a4dacf.yaml |  4 +-
 ...4446-32b155c617c0c335f9330107a2737ef9.yaml |  4 +-
 ...4448-e9df6b62593e703fd734b693ccc67b68.yaml |  4 +-
 ...4449-fd0c27ea93cffb5177b96e76bbc2aa5f.yaml |  4 +-
 ...4481-145ab093189c598c1d7c84674ba9b14b.yaml |  4 +-
 ...4487-56a40035beb7c39c52fc3da1e76c20df.yaml |  4 +-
 ...4490-4f3dfe26281afe74af18534af8dcf024.yaml | 16 ++---
 ...4542-7485c7376b8dcdbe05490b2d21b9e0de.yaml |  4 +-
 ...4567-52e89cc1870832c0bf35fd7b63eefddc.yaml |  4 +-
 ...4574-a96bb943a1852ea0b2e688a3b3910413.yaml |  4 +-
 ...4605-f5d920633ee9565486368ab785adab3b.yaml |  4 +-
 ...4630-b7edfb498be50e4270697b56ff65997c.yaml |  4 +-
 ...ator-5be710df65d6bc92f524c90909df2f99.yaml |  4 +-
 ...lery-e9ae08724abba099d4b3758d3e5c0730.yaml |  4 +-
 ...hare-862c51605ec18beb1576064976f304a2.yaml |  4 +-
 ...ayer-98fa09468510e4f3d608da204df8d702.yaml |  4 +-
 ...ewer-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tats-ea643024832757f9f2006e750b2fb2aa.yaml |  4 +-
 ...tion-dc23dda4be9febbbe1e1b634c133ec2a.yaml |  4 +-
 ...load-2961759aa56e979f7c4730d8320eec28.yaml |  4 +-
 ...load-b935aac9392ea74d48c16c20e8b0b995.yaml |  4 +-
 ...olio-2961759aa56e979f7c4730d8320eec28.yaml |  4 +-
 ...olio-b935aac9392ea74d48c16c20e8b0b995.yaml |  4 +-
 ...ider-2961759aa56e979f7c4730d8320eec28.yaml |  4 +-
 ...ider-ae8b89aaa7a588f83d4c4781cadfd7d8.yaml |  4 +-
 ...ider-b935aac9392ea74d48c16c20e8b0b995.yaml |  4 +-
 ...hout-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...thor-c3b408a5f882549523fb91707173e697.yaml |  4 +-
 ...ages-498e3e358d7cb9235d23b7fd787ad310.yaml |  4 +-
 ...rter-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...sibe-d4ff7ccda72ef3d478471c54ece0f540.yaml |  4 +-
 ...lity-c41141bd67c49cd259895cd7c78b521d.yaml |  4 +-
 ...cker-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cons-c6ab36823a7ccb132d76b57507e4ea5c.yaml |  4 +-
 ...ions-eb03f1b5d95ef0a7d7a29907029d610c.yaml |  4 +-
 ...ocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...duct-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ment-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...port-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...elds-c99833151ca554dccf2540548a5b3a40.yaml |  4 +-
 ...laid-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tion-a7284d3f83c86c028a5b0cebbf2cf2ad.yaml |  4 +-
 ...inwp-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...time-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dget-1ccff55ca83ceb7924ebbc45fc9187e7.yaml |  4 +-
 ...rter-2021111b9f6ef5ab3859ee3ee5bee180.yaml |  4 +-
 ...rgpd-a8caff9400eec85f908551f99981c4c5.yaml |  4 +-
 ...ages-f95a4bd79444a6bb4c86f62647865224.yaml |  4 +-
 ...ders-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...book-8ffb6f085ca0e1f89a621d273438f0fc.yaml |  4 +-
 ...tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...menu-57689f801f3390e9106eb400e17d855b.yaml |  4 +-
 ...menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ixel-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...n-wp-0eddba28d26b374b7f8490ca46c51c29.yaml |  4 +-
 ...ixel-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lder-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lder-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...oser-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-api-60d12634c1b8de8d81af0efb8a90411b.yaml |  4 +-
 ...this-4df8f94a1b3a10a0e93c979447a9e37d.yaml |  4 +-
 ...this-63618d1b2772f81d989c25189b57727a.yaml |  4 +-
 ...oxly-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dget-b022913a2c1b91275126aaf3b57a5b27.yaml |  4 +-
 ...ogin-8e89a9166eb8a31b3f0788c884713593.yaml |  4 +-
 ...team-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...eiro-b56b643a394756ad5a6e6d10ca73e89c.yaml |  4 +-
 ...nify-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lugg-9a9ae078aa8492b142c833f71cc23292.yaml |  4 +-
 ...r-wp-32ccd5e0c657d764432d8a2599e1ffbc.yaml |  4 +-
 ...r-wp-97317cfba5a4e1ac31624c57d27d0191.yaml |  4 +-
 ...ager-0f106f68230dd3847df5cac404354f2e.yaml |  4 +-
 ...ager-b07982a67f16a7148433f4d658429720.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-c848309da304f217f6ed4776631e8c6d.yaml |  4 +-
 ...tics-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...7-db-09b9a87909e1abd2b1771c596b468a9f.yaml |  4 +-
 ...-pro-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...elds-74d01cddad4cc8a47fb2dbd74bd23ca7.yaml |  4 +-
 ...-pro-877a1559edb434fbb6761e8bcd1aaf40.yaml |  4 +-
 ...ield-f0cdadcff316feb53fd77aca416bb2f6.yaml |  4 +-
 ...acer-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-aa979abd3b3cb9b7bb1cd2ef795b502b.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...nter-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-0b8752438dda7aa69e32a586e9110978.yaml |  4 +-
 ...ager-a17b58f6876bd5740a12242958831995.yaml |  4 +-
 ...tewp-3205ac6df5d6745a5d1c210179723168.yaml |  4 +-
 ...gate-6748230cb5270a84b852b5bff3631f4d.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...more-0d10f95dc02c34323ca2661d596c206b.yaml |  4 +-
 ...more-28696fa61d6f901911f226ee59d9bc21.yaml |  4 +-
 ...more-d42fbc843251d5f50991be5b8b42b3d6.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-pro-a0309fc6dada5d85650b4762bb282066.yaml |  4 +-
 ...-pro-e17e90463e6889aa07cbb8b7927771be.yaml |  4 +-
 ...ubot-515bfb8e519273db685ebdf46ba27554.yaml |  4 +-
 ...page-4c92870ff7a0f182a44699dda7bffd35.yaml |  4 +-
 ...ndar-9e62074ce42abae7e7fbef8d4e799261.yaml |  4 +-
 ...odes-154de88e6cddd165b6ff204a5922a0ba.yaml |  4 +-
 ...odes-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...odes-bbd2aa17be72216554254e2d8e755d19.yaml |  4 +-
 ...pack-6b8b57f1101c92df559274dfef436538.yaml |  4 +-
 ...pack-bc257f9f7078df85b51c2e5181af811d.yaml |  4 +-
 ...pack-f0ea860f14b0b0ca566ac38e74715e9c.yaml |  4 +-
 ...lery-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tion-7757d5b35907f5f49944633dfa8351f2.yaml |  4 +-
 ...tion-baaba4f56b4f175e80057b4999371a96.yaml |  4 +-
 ...wall-d6e02747846dc962e1ab5d119bbf94ea.yaml |  4 +-
 ...lkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tion-090eaec5db6a3b5e9520804055acdec3.yaml |  4 +-
 ...gram-87c10838d1b8a43254afbf05b7f964c2.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...izer-aff79341750b1cf6ce299e2e5a87675c.yaml |  4 +-
 ...ular-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hing-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...e-it-9d4c7c94456d7936525f7973a9574896.yaml |  4 +-
 ...menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ters-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ugin-d4f178ca51b9a3854e944ff01429b4d0.yaml |  4 +-
 ...spam-6dd6322d887c160ebd9dfa555a077a3f.yaml |  4 +-
 ...opup-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-txt-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erts-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ctus-34166a606544203d0a234746ff259ddd.yaml |  4 +-
 ...ctus-5efe3bb103834ebca4e7ce81f7b0fd92.yaml |  4 +-
 ...font-81f4538f2765df23f8b4f561b33039aa.yaml |  4 +-
 ...-log-e186fa859c9eb38cc8ef0cb73e6a43b4.yaml |  4 +-
 ...ript-1487ac20915c63a985fc090bb178b2a8.yaml |  4 +-
 ...ript-3a24ca5d79101db2344acd5815fa20cf.yaml |  4 +-
 ...tion-79139d2e0a7eb5022bea3408ba7847f1.yaml |  4 +-
 ...base-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...orms-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ages-7deebe50bd92a2450bb0ab52d4fabce8.yaml |  4 +-
 ...-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lery-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...orms-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-gwa-1baba58fdf15d4d0a7d4d7886ec16e9b.yaml |  4 +-
 ...-net-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ents-d7661df8620c7b906e4301d69849100f.yaml |  4 +-
 ...alex-00e15cae549764aa48f28dd7ae0bb1cd.yaml |  4 +-
 ...-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ebox-a5bc98329e35c128c91f3ce8a71c6a41.yaml |  4 +-
 ...-box-5174039d89c7d18d794fb10cf1a282f0.yaml |  4 +-
 ...-box-c5104058a36ba87cb65f65ec0059bc5e.yaml |  4 +-
 ...oads-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hing-e548c20619f1bf8ad1418368ebd16e42.yaml |  4 +-
 ...r-wp-90dcee7cddc408bda7d7da416498432f.yaml |  4 +-
 ...stic-d7479b175a0668ffbe5af726e8c140b2.yaml |  4 +-
 ...ckup-e30a273c4e2ac5b93368dcb61feeb896.yaml |  4 +-
 ...uler-2042c2ccb1432ca181653532b126746f.yaml |  4 +-
 ...ways-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...only-de02ae500f9a57c33a0ee01cf27ee98f.yaml |  4 +-
 ...ress-1f87f7a2adf09634e0df0bd21922373b.yaml |  4 +-
 ...ress-50e1ba859aba6574e04bc19be7d2a72d.yaml |  4 +-
 ...pics-e9ae76ec6425c2521c80399f801c780e.yaml |  4 +-
 ...ions-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...sion-811048b3ad2eacb5c29f4e0546b22dd5.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...weet-d6f0e617de1a3c82f777a89829211e90.yaml |  4 +-
 ...dons-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...some-1c7d78d4a78d0f2d3396fece72367d31.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-txt-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ring-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rity-607c512f0481cf565f88f66597dbe101.yaml |  4 +-
 ...rity-98d2f4e2c6a41f3ef336107b39e46630.yaml |  4 +-
 ...rity-bc0054c93edc82fecefb873208e2d77c.yaml |  4 +-
 ...rity-ed72aeba76ce6c9e43fa074b4806ae70.yaml |  4 +-
 ...tton-c390ab25927b32a9c95c398ffd819321.yaml |  4 +-
 ...tact-61a7db517f3679fdc65455e830f0b650.yaml |  4 +-
 ...ator-2817b00f145ff05ea405982ca6e4d8ab.yaml |  4 +-
 ...ider-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...orms-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ogin-c30d74ab3c1dc1a9e7b14ed816c12f35.yaml |  4 +-
 ...hina-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ster-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pare-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...nion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...page-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pack-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dget-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ckup-81a6f5ecaf1c598cd2e1db2f58c01ff9.yaml |  4 +-
 ...erce-9c98e07f9de6c1ac362dea3f4f9b98af.yaml |  4 +-
 ...tson-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...essx-fa751f89fc374e558e8d01ea059343f2.yaml |  4 +-
 ...ices-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...king-279486597ac6d210058519567f6297ca.yaml |  4 +-
 ...king-2f651d26ae436687bdff9a8abab4a173.yaml |  4 +-
 ...king-6a265db2a9121f4da4875337b8e6751f.yaml |  4 +-
 ...ndar-88138db1d1aea177c6151b845da287ff.yaml |  4 +-
 ...ndar-88cc9361682247d3851fe23cf11de139.yaml |  4 +-
 ...form-ce69ee3276348a391868ff2589e7f8b7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...king-8e84c6d55a38a50c9e90b28855791a03.yaml |  4 +-
 ...okit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...helf-6ab8d1e005858a4b8a6347eda74e7ac7.yaml |  4 +-
 ...erce-f91c2602522656e11d82af368c387634.yaml |  4 +-
 ...lder-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ages-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ents-2954406cfff461fdbbd41cca0f0b5dbf.yaml |  4 +-
 ...ents-37fef8959e103795e5217ab4860bd85a.yaml |  4 +-
 ...ents-3a30cbb34610b918136a671069241bbf.yaml |  4 +-
 ...lkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erio-25ee6eba4f05265a07353f4c20de2e87.yaml |  4 +-
 ...ling-5394ed5bbbdcf7b65cff8921a9a68e7e.yaml |  4 +-
 ...orms-f47477188afe1a9a9b869f9c5c6fafbb.yaml |  4 +-
 ...rizy-2ea9b11139987a1bb9095ad4e4be45bc.yaml |  4 +-
 ...nder-48dead1c8e1154d67ccc9e390d285269.yaml |  4 +-
 ...ager-f85f5bca86f0fe8e61b822a458c1b11f.yaml |  4 +-
 ...form-122921564a68def720b196881ac65cfb.yaml |  4 +-
 ...orms-4f1bcfb6c80585124e17859286f212d2.yaml |  4 +-
 ...-acf-6f39f76c23209b8f553defb1d25caa0d.yaml |  4 +-
 ...orms-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...elds-cff8c4e5924684eb6753231ae69511fb.yaml |  4 +-
 ...bers-aa1e46c69c06ec911dde69a16f67cb87.yaml |  4 +-
 ...view-3d4fe5743b4cfd3fb11de9a33d55f7f3.yaml |  4 +-
 ...ress-533ee8fa484df21d792f06431e1c5c50.yaml |  4 +-
 ...ress-863062f7cb6b2bf7365f623cc8d292ad.yaml |  4 +-
 ...ress-af97e64423b75225062fc5e60d8e5fa3.yaml |  4 +-
 ...ress-b60bae014d152f2a394bd09bd7490303.yaml |  4 +-
 ...ress-d0fd9cc44e353f2e6039b73677016f83.yaml |  4 +-
 ...edia-098044594b04ab841c349ed64a192c47.yaml |  4 +-
 ...edia-af05e39beae4ccc85b4b7733a1dfc389.yaml |  4 +-
 ...edia-c87d935ed7b249bf9a1f11f3472af3e0.yaml |  4 +-
 ...edia-d489286ed41649bac6a4b978b2c38ed0.yaml |  4 +-
 ...edia-dc0051edab31221e49ae9364dcda380b.yaml |  4 +-
 ...post-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...load-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lete-24cf0801a4963f154c38e24267fc828d.yaml |  4 +-
 ...tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...heet-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...oast-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...bute-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ator-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ents-246b8b56564018f48400096509996111.yaml |  4 +-
 ...ents-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rity-5dceb192e7c190761b3c97b152cbfe74.yaml |  4 +-
 ...tton-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ages-0c97fc31b35102d21ddbee9abbb4d9fd.yaml |  4 +-
 ...form-139d1504f66cd87031fd329a5f49ab94.yaml |  4 +-
 ...orms-768674b25e725613816286a9dc3c4233.yaml |  4 +-
 ...-pro-af5db143583f026b4ec13d0e53264642.yaml |  4 +-
 ...ndar-05d1ff035c1fc3b076e51a7b5c7af2a9.yaml |  4 +-
 ...lder-fdb6580a9b4fe182559a2e3ed6c65f0e.yaml |  4 +-
 ...tory-aefc22c7a60a7d5e0b05b0ef2a479b2b.yaml |  4 +-
 ...nced-df1f9aa06bdcfa30c9c48b598c66ff46.yaml |  4 +-
 ...tion-8a7e1f1e76c1a5624370361e3f4014b1.yaml |  4 +-
 ...acle-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lift-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...erce-691ef5f746f46ce4f71b48e893324dcb.yaml |  4 +-
 ...-url-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pops-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hang-755b5e97b09ddabb36f708e4895b834c.yaml |  4 +-
 ...ools-c59a23b4a74b5a776a9442e033941d2d.yaml |  4 +-
 ...rify-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...xton-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...elds-5f06348f7bb36613ac049dfd554c46bc.yaml |  4 +-
 ...ping-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...yler-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...zoho-22168446272a333f9aeaf32a63eb65ac.yaml |  4 +-
 ...quiz-5ad18bbfeb4c12a137de8b17b7553a5c.yaml |  4 +-
 ...quiz-bb66f4ac76af234c75b6841b7c13994a.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...itle-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lder-08b024925f5d1dcafa4385a333501904.yaml |  4 +-
 ...tbot-8142bc3541567011d52df62ad2e24883.yaml |  4 +-
 ...haty-54240ff4b4cecbac0ff14d99813212f2.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pace-d8f2805c892cce30b8ee704118111dfd.yaml |  4 +-
 ...tton-f34bb308bdc8bf0abc4007f19af318c1.yaml |  4 +-
 ...ddon-cbd9c033d999d7b582bab8aeab6cd501.yaml |  4 +-
 ...olas-9b88069f10fdb904873358d79983304f.yaml |  4 +-
 ...ogin-5ac185ae82fe98b391f7b0249d150337.yaml |  4 +-
 ...cons-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-top-07e8e438f9983a0ea397db3cccfb2a0b.yaml |  4 +-
 ...-top-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ugin-45e600351b047339fd78ec95bb2976bd.yaml |  4 +-
 ...volt-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...icky-8edea37489d7d07897482f68884c7200.yaml |  4 +-
 ...nger-1c07181abecff4187bed7fdcd8d1afe4.yaml |  4 +-
 ...nger-5c3ee68d8799e2236b3bc1333dfd2f35.yaml |  4 +-
 ...ners-9a8cd1490d53fe02691b7245088ba1a4.yaml |  4 +-
 ...view-664f9708c952ef16850b76782a119235.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-c148c7298cbf640c64f29d57d3ad5df1.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...itor-3030bade61470958bdc416b0e2c89b83.yaml |  4 +-
 ...view-9a51dd537aff6d05f9d6a7c50a359270.yaml |  4 +-
 ...ales-0a55644b51a5df02f2cc7d960c48224c.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ture-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...d-to-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...date-2e35c0afd479ebddda5688f51cb87b9d.yaml |  4 +-
 ...shop-23022d4d8e20d83e1b4a708870cdf48e.yaml |  4 +-
 ...shop-dececf152f183ba1e4159b4797e96e29.yaml |  4 +-
 ...gets-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...mons-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ions-db180c33b0677e46a0a6bb8bb9ad8a71.yaml |  4 +-
 ...orms-7651cce817269ea91d5fbe788e52194b.yaml |  4 +-
 ...sion-8ba7976e3e4bdeede76b4a3300e51140.yaml |  4 +-
 ...dule-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-add-2fc7a8d84b84e65f1ccfb4b2642e31b7.yaml |  4 +-
 ...lder-e751943c96e8083bbd38ea46395e441a.yaml |  4 +-
 ...stic-3f35ac18f9207e0d36c74b4e353744ff.yaml |  4 +-
 ...stic-8496d75762eb7cc39ecc911adbe09233.yaml |  4 +-
 ...fdb7-4804713458840c235ae2e000980eb782.yaml |  4 +-
 ...aker-60c3cd16f2597496a4651e0715286bc1.yaml |  4 +-
 ...ugin-bfef76276701b6af6e198a50eb02c42f.yaml |  4 +-
 ...o-db-681fa4a6fa6cb7b76b53c0bb6085cace.yaml |  4 +-
 ...mail-441ea60f05f966e781a45c27f0c1432d.yaml |  4 +-
 ...mail-c9506f63ff82213ed0ffcd809196c6f9.yaml |  4 +-
 ...list-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ople-2961759aa56e979f7c4730d8320eec28.yaml |  4 +-
 ...ople-500d22096689e74a2a7a6d680b428339.yaml |  4 +-
 ...ople-b935aac9392ea74d48c16c20e8b0b995.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...bars-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ctor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lide-d36d80c800d370d4009d1b192f222cc5.yaml |  4 +-
 ...g-v2-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...udio-573a62057c81ca4962d570ce03558e74.yaml |  4 +-
 ...cker-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lery-adf21f96bc20b891592eb95e06429f24.yaml |  4 +-
 ...lery-f0c828ee470540e4c37a94d5e7637488.yaml |  4 +-
 ...olor-aaa55eb82dbd089503acfbd59b1c1516.yaml |  4 +-
 ...osts-5edac4e24aea010bac0d630a89afdf47.yaml |  4 +-
 ...ents-5f9367f594e64f78f39747766e36b5a7.yaml |  4 +-
 ...neda-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-bar-daa176383a0d1a1f03b0870eb52cd5ab.yaml |  4 +-
 ...mber-62e533687797ef0b9325ac92a155944b.yaml |  4 +-
 ...-day-8219532133f7917d1e83bbff3f75f37b.yaml |  4 +-
 ...-day-95e1c7301e20b06d93d00a27ff0164ee.yaml |  4 +-
 ...lder-fc7104705e7470f1c2f9c7438b20c375.yaml |  4 +-
 ...-box-ac3838985ebca1d5500d58f039c66d50.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tter-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hter-3b77b21efbe327e0220e81411dd8c94e.yaml |  4 +-
 ...ider-c49e2e06de0a40bb63220fc2a17c181a.yaml |  4 +-
 ...ency-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...odes-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-26658d0497122e0a7345c841c1d21163.yaml |  4 +-
 ...orms-b5107e8a16fdf42082a09176739d6a43.yaml |  4 +-
 ...uite-f70de88be0d0ac1b3e5a362aa6fdf31c.yaml |  4 +-
 ...corp-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...inks-a4a1da4d7b74087a323eb167fd7b89be.yaml |  4 +-
 ...inks-b5323eb3191a74d0ae4ca412560414da.yaml |  4 +-
 ...e-ui-cc0bb9dcf67e5af12d7fa45c43bf04f1.yaml |  4 +-
 ...ypes-dc2b0f4dde9149582362d961339fc430.yaml |  4 +-
 ...tcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-12554d58fa3f58e451e08d638496a899.yaml |  4 +-
 ...erce-c4c5307df5e11c4cb59893ef8ef58c8a.yaml |  4 +-
 ...erce-d87bb9dcf525660329cf7bc1593d3596.yaml |  4 +-
 ...ogin-aa4710021e6cea364e343185a5562523.yaml |  4 +-
 ...-key-ebb0aac77c202e0b9298617914b34a43.yaml |  4 +-
 ...ider-225f7f3db7dcaeda4fe6b0e7795cf610.yaml |  4 +-
 ...ions-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...trwa-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...mode-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...mode-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ntor-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...stic-22fbc746f561f8f03289b13752af9220.yaml |  4 +-
 ...wser-e2758e6d7a956b70bbb3456d32eb61ef.yaml |  4 +-
 ...ield-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ndor-8cf78197e7d698f2f23c8fbd16dab60a.yaml |  4 +-
 ...-day-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ents-349bcd84d9f8de30085279d049beebc1.yaml |  4 +-
 ...site-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...osts-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ally-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ipes-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hive-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...auto-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tter-26f3ee9e0b5d3d296c77f279bcf1dce7.yaml |  4 +-
 ...ayer-1da0a6197b1106904178e0b8178f3b2f.yaml |  4 +-
 ...stem-9badde4161dcfe466c75ad211f71fa17.yaml |  4 +-
 ...stic-4de4b5fb4c51e07373cc17e285c57285.yaml |  4 +-
 ...stic-739db2cc0c9500d655d27c730225e398.yaml |  4 +-
 ...erce-5db488a5ce4a9b749eec8867f89dee42.yaml |  4 +-
 ...rist-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...tend-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...stem-10705e3d714d3c8649004193cb95f340.yaml |  4 +-
 ...lder-aabb704338c74a997901edf2f42d1b76.yaml |  4 +-
 ...stem-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...code-53c85ef54b387a398b144244c40bd611.yaml |  4 +-
 ...form-4667942accde23610dd8e0b089b22f23.yaml |  4 +-
 ...load-1963440e9d46a424a870f14bf4b601ac.yaml |  4 +-
 ...ager-02ae4a0720867671dd11925e4a221a75.yaml |  4 +-
 ...ager-03366e13fcca1db85a35f2268a00796c.yaml |  4 +-
 ...ager-0fbbdf117a58185e2bf8aba144015927.yaml |  4 +-
 ...ager-3654cd4919a2027fb17d521b494ff35a.yaml |  4 +-
 ...ager-7367ffe725d32472b793d84e3d0fe0d9.yaml |  4 +-
 ...ager-8c46bf632b1c3634dd29de610dae2727.yaml |  4 +-
 ...ager-b1861af38d12189832b1b119b32a79ef.yaml |  4 +-
 ...ager-da52023c7620366d69c94922efd73968.yaml |  4 +-
 ...ager-de94c31f4187177567b889a40327a1d3.yaml |  4 +-
 ...ager-edb73da37a786109cf2a1c2cf12e6eb7.yaml |  4 +-
 ...itor-2f1f33bfd002c22ab758b0590571cc4a.yaml |  4 +-
 ...itor-95ac055a4400e480693a1f956a7737eb.yaml |  4 +-
 ...itor-fa3ec4c554fb01ca3485de73728dd008.yaml |  4 +-
 ...rm-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-0921939ba9d36b3bc7ef6782c794b5c5.yaml |  4 +-
 ...blog-d1894aa72265b74c9b59e10ca93f4375.yaml |  4 +-
 ...dash-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...oxes-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...text-746ab5fca61ed161758f284f4d55f254.yaml |  4 +-
 ...suit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ting-a4b85243ad36c1329732b5275f246278.yaml |  4 +-
 ...bers-58dabace517bb3fd14d9bc2e6628a726.yaml |  4 +-
 ...page-2d87c0364307edea9fea6b2a2be6834f.yaml |  4 +-
 ...page-fd184e22776918171b2daf7b166b3579.yaml |  4 +-
 ...post-517e55dfe7f60b7457c238ed215d0a10.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...post-2d87c0364307edea9fea6b2a2be6834f.yaml |  4 +-
 ...post-e4d1ad7c2888a8ba91b50fa79c134af9.yaml |  4 +-
 ...ator-22105b80b6b00742d7d1393ced18465f.yaml |  4 +-
 ...ator-988ed918d003525e19a036e7fba12cab.yaml |  4 +-
 ...swer-515c6f7cdb52a3563e73406fbbc7b42a.yaml |  4 +-
 ...edia-8b0729074646bdcd5148e643a832f062.yaml |  4 +-
 ...font-e3c56661b9733debd3e6fea53555b839.yaml |  4 +-
 ...lery-b558d2c101e0c756483bb33734bc9369.yaml |  4 +-
 ...lery-bf282437cadf1ae50cc09a36bacba2a9.yaml |  4 +-
 ...rify-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pets-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...soon-a73a6cac5bd5a80c6a22adb8c250c687.yaml |  4 +-
 ...soon-ea0ca66e9eeeaa433f8d74bce5e52c45.yaml |  4 +-
 ...ebox-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rify-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...load-61b9b26895ba1396cd862550f59dfb02.yaml |  4 +-
 ...lery-28fafed38b204e7345a98c45e56c485e.yaml |  4 +-
 ...-pro-9bee1adcf88eccf5bdf4a140784b69db.yaml |  4 +-
 ...nups-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cart-db5362134a2d7eadd5e40de928930826.yaml |  4 +-
 ...soon-f58f1d8f11140c3bf88a5bed98434fc1.yaml |  4 +-
 ...ount-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ayer-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dash-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...inks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cons-65f22b1513e1da3131ee1c2793b0624c.yaml |  4 +-
 ...cons-9cfadb72ed62a1496ef5a1550e74d7ca.yaml |  4 +-
 ...cons-eb06b36db83cd57ff46c8ecced75bb58.yaml |  4 +-
 ...cons-f326c6f978051192fcd3f58deac7c7e7.yaml |  4 +-
 ...ress-7046ef2cfb73e30aa27cd120b026bf95.yaml |  4 +-
 ...ebar-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...able-365c4967f8ed82c8fe8be419a127bb67.yaml |  4 +-
 ...ials-6fa4b95e95d113650666ff28a08a093d.yaml |  4 +-
 ...feed-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...iews-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...iews-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...king-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...page-98fa09468510e4f3d608da204df8d702.yaml |  4 +-
 ...cart-3bc18d019b91d2de29e8f02de7016b9b.yaml |  4 +-
 ...happ-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...enmo-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lery-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...care-029b8e032e0fc0a8b295cb9989f4bc4f.yaml |  4 +-
 ...ddon-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-1f2c4e6dec405aef3fd5e6566d223430.yaml |  4 +-
 ...ntor-5ccd429722cafafb64349730f5cc0669.yaml |  4 +-
 ...rlms-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...logy-e298d4cd6c60e1657aca279370a259b7.yaml |  4 +-
 ...lery-5969d2a7887ae66d8279d64632cb1bda.yaml |  4 +-
 ...ndle-8e9ca596ac830dab2177a8b85d591379.yaml |  4 +-
 ...oter-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-log-628e104d3a4b1ff3a2f651b79f8f25d3.yaml |  4 +-
 ...tter-72825f3aadd86474681e72f8f4d9931a.yaml |  4 +-
 ...bers-13af706509ed275951fca2f87c67ca91.yaml |  4 +-
 ...cker-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-pro-ee48551d5debb82650756b153a85ffe4.yaml |  4 +-
 ...orms-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-ee48551d5debb82650756b153a85ffe4.yaml |  4 +-
 ...ewer-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...r-bi-30c71081d6f65fd865fd605bc8ca0520.yaml |  4 +-
 ...ress-e1343ff86b6c5b93b675136f5cf7bf16.yaml |  4 +-
 ...form-d2114b88fcc067766472c75899b7fa23.yaml |  4 +-
 ...oard-b76f995a16535082b5686ca7f787e057.yaml |  4 +-
 ...itor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-1015b09d99817c2106e43f3451c30ac1.yaml |  4 +-
 ...lite-9319000e1757d81a7b4d434242e3b0b6.yaml |  4 +-
 ...eway-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...llet-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...mico-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...r-wd-f5b60cb69c042e53c0624a4896969936.yaml |  4 +-
 ...ndar-204a4a5eb1bb83f22931c8d30c356316.yaml |  4 +-
 ...ndar-c4cddbbbf9510f7f05b91c86dc3dade6.yaml |  4 +-
 ...kets-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...nner-eb93d0fd8aabb59ccf2ece6d36890f6a.yaml |  4 +-
 ...tify-5dad00a11bede1ceffdac71757dc57c7.yaml |  4 +-
 ...ment-d1b60cf010a4c4b99d620cf0f040e27a.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...plus-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...easy-2f7fd4d18b200014ffe6ce74713f97bf.yaml |  4 +-
 ...easy-df8b0e3e82913bd73f66e923babf0341.yaml |  4 +-
 ...tbox-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ites-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ntor-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...shop-3e4167472cc19aa7d5c770b7ff08e85b.yaml |  4 +-
 ...dget-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tify-a6e54ba491e72f796e7b6e74aa4dfebc.yaml |  4 +-
 ...edia-090b5ab75971c1cf3354717d50e20576.yaml |  4 +-
 ...body-98fa09468510e4f3d608da204df8d702.yaml |  4 +-
 ...olio-05d549bbf43422565845abd53d01ba98.yaml |  4 +-
 ...ckup-d1f60a6312b998075106906482a83fc4.yaml |  4 +-
 ...lery-358b0cd776c979c59cab288ffb33dfa2.yaml |  4 +-
 ...gner-29abd196b81aad745cf652b3ba722e02.yaml |  4 +-
 ...data-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...q-wd-37ac09d863363372a10edf05c9e9e76f.yaml |  4 +-
 ...ager-45db54965982ed46b91f5576d8c56bfa.yaml |  4 +-
 ...ager-7a87807daec2011fba4e64fcc9f8c9ff.yaml |  4 +-
 ...ager-8cda9bfd3e2c450e7c2c0a786c763ffc.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...t-wp-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tics-cf309d1aebaaa67d40cb82a03fbd96af.yaml |  4 +-
 ...lkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...eeds-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-6358c61bb5cba311cb2b24aa2921d29a.yaml |  4 +-
 ...lery-5556a133daa1113e5966da5001155a19.yaml |  4 +-
 ...cial-274b8b119cea9c35028782c46e1417bd.yaml |  4 +-
 ...uite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cout-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ator-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dweb-57aa4255793b420daa78a4aa19aedeff.yaml |  4 +-
 ...ress-1790bee47ee796caaff632f15b4d5f1f.yaml |  4 +-
 ...ress-e50a4295f2c4d9bb583975552d8db6c3.yaml |  4 +-
 ...erce-39c8c0331c249c6c886fabcd8bbe5a6c.yaml |  4 +-
 ...ager-bd5e0701ad8f9d787d4f03d3c90929d9.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ount-942278840325a3151a90aba61723bd9e.yaml |  4 +-
 ...list-65e3ebcdd517173ee2482f46a1239a5c.yaml |  4 +-
 ...-all-951a6c1e508507cf69c6b78271828a61.yaml |  4 +-
 ...code-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...agem-ba981dbbf1ea06bbf2969e39bd0742cb.yaml |  4 +-
 ...lery-5a8f9f4e46e4e9903571445b91cbd00c.yaml |  4 +-
 ...lery-a6b7b9dbed28e3619b6105ab67bf1f0c.yaml |  4 +-
 ...lery-bf1b5f8a23a62c1a6be7914495f430b8.yaml |  4 +-
 ...lery-daf27b66517334d1a8886ba5982e7461.yaml |  4 +-
 ...ator-8041e4418d6dd5832b9d268c12d84f0f.yaml |  4 +-
 ...tton-974e55fea877636d350ce5211a9f2278.yaml |  4 +-
 ...inks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...eets-1e72c31c8795449e9c06e927fb97a2d9.yaml |  4 +-
 ...eams-765a9fd486d65b41296bb2e40f26d4d3.yaml |  4 +-
 ...show-d0db0236c8bb93bbd9849f985e9c57df.yaml |  4 +-
 ...mbed-797a8ec8d14a7095c1401c88381f0455.yaml |  4 +-
 ...utes-f0a4fb1ab5ad45a43505bfb864975940.yaml |  4 +-
 ...-pro-c2b59c8389d71cf87b7fb1296201832f.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ders-346a08b5e01ce0a0fe29178ae41386f7.yaml |  4 +-
 ...iwyg-6d24ca924659d60813d0c9beab91c29b.yaml |  4 +-
 ...pler-a0f4536ea7bd1323c1b7b95c9e4b018e.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tbox-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tore-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lery-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lery-ea2db66e943b1038a7ee25bf53b0dcc6.yaml |  4 +-
 ...ores-2d57f425ae40c364bab73a19021c28f3.yaml |  4 +-
 ...ield-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...aker-bac514b6f0b1f8c0997d58523192fc7a.yaml |  4 +-
 ...aker-f99ce34ee4393dd151b2436ea69250e6.yaml |  4 +-
 ...ibes-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...orms-d46aeb2acb3fb066be1f4ef24cb7b7ca.yaml |  4 +-
 ...lder-860302baac60a4494cef29bab34e785b.yaml |  4 +-
 ...form-d7ca1dd38546745c43c763574d903819.yaml |  4 +-
 ...able-6c309d4fe4a7c00ec9f13abe6fdd70cc.yaml |  4 +-
 ...able-aed9f1a9cf9e76b014fa4ceef2236366.yaml |  4 +-
 ...able-b198b20134bc1a80b2134b7e32b1d9f4.yaml |  4 +-
 ...ting-b49deb95fc00559c0721d2c968358861.yaml |  4 +-
 ...edge-ecf9407059e3582708411befde00831c.yaml |  4 +-
 ...ator-0b29757be7c9544b9f5309f3b1be1e0d.yaml |  4 +-
 ...ator-950d0fecfa65a978eebec0d58fd1e9bc.yaml |  4 +-
 ...ator-a6cb8bb474a298f0d13061a17830eac9.yaml |  4 +-
 ...pier-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-05da59639245e73e5006b3b27fd29b5e.yaml |  4 +-
 ...ress-1ea57d4028638a993e3a1865c1c429fb.yaml |  4 +-
 ...ress-28cc3b436a054be9278bf9f654cf7298.yaml |  4 +-
 ...ress-4392c790af392965f4ef8691acb00317.yaml |  4 +-
 ...make-47ea4a03f1b0e77aad4910db22ee3336.yaml |  4 +-
 ...port-7c89a34e4a8d83c3780278094a4e89a3.yaml |  4 +-
 ...itor-442cb89e3902ba64d65dffe5c1dfe1c2.yaml |  4 +-
 ...itor-61e60e72ae19f21a2374d506ca4c56c0.yaml |  4 +-
 ...itor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...sers-9934720aa2c12ee56875eafe6d4b5c05.yaml |  4 +-
 ...d-pm-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dmin-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dash-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...gner-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...spam-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tcha-7c2f84ceedf786d66412b2ddd9745e29.yaml |  4 +-
 ...ebar-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ebar-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...gage-b1b7cfcecf2de0389a1fca46f626041b.yaml |  4 +-
 ...n-on-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ayer-4ec113a2f6c7cc34cbdb0b48aa39a566.yaml |  4 +-
 ...ager-9f4658b745b189d37014521dd6a95fe4.yaml |  4 +-
 ...king-779d1e87dc368b31bfafa7f1aaae4f82.yaml |  4 +-
 ...r-wp-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rsal-f581daf73a2ae47926782b6731f30bca.yaml |  4 +-
 ...bank-12287cbd7ce878e9fd3267a0e01cf78a.yaml |  4 +-
 ...bank-26bba1e52907934fbc2f76bbe8677ffb.yaml |  4 +-
 ...bank-4ba873ea604974c0a71c72511e63ccc8.yaml |  4 +-
 ...bank-bb9ff775c7105fbb3a95361f39741664.yaml |  4 +-
 ...-box-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ages-7029424562dcabc51ba988c294ceda39.yaml |  4 +-
 ...ages-e236a1e5d3fb64e88e0ebd90fb6e2c1d.yaml |  4 +-
 ...ugin-db5c08fdc8b62ebeda31a66adc0254db.yaml |  4 +-
 ...olio-e03fc6f95e1cd7a63c181eae0df5daef.yaml |  4 +-
 ...ideo-4499af25b68b47ad188a0b7fb55c9dba.yaml |  4 +-
 ...ideo-f4a5dffea18f1f7d8c2a38499c203636.yaml |  4 +-
 ...tton-c617abebc11fcaba875f8bc2aad4995e.yaml |  4 +-
 ...tion-808442071b530e99e27528108f7402f0.yaml |  4 +-
 ...ntry-5e536ce02840d623d389b9ee218020ac.yaml |  4 +-
 ...feed-00a6e702537059b82f7d21b3c6087796.yaml |  4 +-
 ...ents-fd5091b9ca6d56c1bb46823f06a6b82d.yaml |  4 +-
 ...ting-df4cd9fee3d0d59fcdf3318f36c11feb.yaml |  4 +-
 ...ting-ff4f16d3b72060599b9ed34018f0f5e7.yaml |  4 +-
 ...sent-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tree-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...shup-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tory-ba7c20e930a8487a26eac0cfe90c0f74.yaml |  4 +-
 ...lues-328e4fc27caed74ff806a419cfdcc0b7.yaml |  4 +-
 ...ions-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...fter-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...arch-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...elds-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...asap-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ries-95f3b505db0bb5acbcaf86e1dd39e4eb.yaml |  4 +-
 ...arch-76fd12ad8b7b78037046699e5ffa0377.yaml |  4 +-
 ...port-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ller-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...deat-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...iral-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-01178f6672a2045cbc07066e22c4b9ed.yaml |  4 +-
 ...ress-4c07ee1f8d9ca7766b852300f804ffcc.yaml |  4 +-
 ...s-mu-1622f7025c888065199677a7f8c3a0a4.yaml |  4 +-
 ...ator-18429af9c071c8309e034a7d4d00a8e6.yaml |  4 +-
 ...ator-202ca74fdc1ed676814ee60bc8ef09cc.yaml |  4 +-
 ...ator-c7a8789e2e14665dec08cabfa7ba8238.yaml |  4 +-
 ...ator-e0be71e8989abd7e932a8db49d3c409c.yaml |  4 +-
 ...eady-42f393afcc63e1048ce48bee1feb1c00.yaml |  4 +-
 ...pets-3b1e2a032a6f302e2ccd9d18f56d17aa.yaml |  4 +-
 ...ator-1f82fcaacb5a6d3e18b98a66c9d7e3ab.yaml |  4 +-
 ...tmls-0c5d9c3d25fdcac52f9189c83dcf8aeb.yaml |  4 +-
 ...tmls-dad4d79fe3688c4dbc2389dd7cd7a0c1.yaml |  4 +-
 ...edia-3d97f53ad1e035f606fd358779aba41f.yaml |  4 +-
 ...edia-f89c8645dfcff6d7c8daa63e313b40dd.yaml |  4 +-
 ...orms-77f0a0f1e7db36263a8aa9ab981e047e.yaml |  4 +-
 ...orms-af26d379855801f026d0f678221b9f09.yaml |  4 +-
 ...orms-f9a5aabd053da65d5b8f27e85e3ac8c7.yaml |  4 +-
 ...ocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hogg-6b4accb527f76b2e4224aaf45a24e723.yaml |  4 +-
 ...ents-36c5b3d7d876a774f8fd4aa153e32524.yaml |  4 +-
 ...olio-0e5cb6701f47f915bf3484f8aa48343f.yaml |  4 +-
 ...olio-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...olio-51cfef8c45760573f4f3cc1655e5ab39.yaml |  4 +-
 ...bers-89d1ae974c3297f3be00b2900b223ee4.yaml |  4 +-
 ...bers-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...nial-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...side-9d901cc0b99cacc346adcfb2e44aed31.yaml |  4 +-
 ...thor-9b2b2cc106e50e817ce608f745dbdaed.yaml |  4 +-
 ...ions-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...berg-08c53afd34ffbbd3059a2b6b66bcb1c4.yaml |  4 +-
 ...berg-dea122a140ad8ae54d1e3b79712b8d73.yaml |  4 +-
 ...ider-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...e-gb-b0dcd475ee39f280da0df0dd6993e407.yaml |  4 +-
 ...e-gb-def48545fc7b8f7aba56c88a829527ec.yaml |  4 +-
 ...dons-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...dons-c9ff001e2ccdd465207fe5710fbe6c52.yaml |  4 +-
 ...xcan-3db14e51e4cd401655d11f7aea7dbad4.yaml |  4 +-
 ...heck-fa8bb26d319a4e03fd0e1e3bc361d9db.yaml |  4 +-
 ...pful-fdcfcbc977d2772beb04b8279c53f48d.yaml |  4 +-
 ...-faq-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...y_wp-9d0b835dc24461b5e3c8d9cb0d3fe615.yaml |  4 +-
 ...y_wp-e1e09568d086f8fa80d5f87a6742ffc7.yaml |  4 +-
 ...oles-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ypot-4c06879b605c0ddf9d3252fe12dff25c.yaml |  4 +-
 ...tent-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ting-5485a109494b4df54da4337a9efe8523.yaml |  4 +-
 ...xtra-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ayer-2ea89aa92910e09e4a0699a93e6b8771.yaml |  4 +-
 ...ayer-c399c93eb04d9720bd4e74a57c352087.yaml |  4 +-
 ...oser-b0e3fd5d9174b5eba29a79c0cda84c9b.yaml |  4 +-
 ...menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ools-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...eimg-aa275ed39ac05dab3dd3b7cb9e8afc6d.yaml |  4 +-
 ...dget-2f83ea3f51d28fac6369a0c731ce68eb.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ense-772b71a2d81ce555d5c9a0a38892bb34.yaml |  4 +-
 ...r-wd-0bbe2e9ad1b1c0a623ea6abfedb5595e.yaml |  4 +-
 ...crop-20671ddf0d01a43586266ad4cb142fcf.yaml |  4 +-
 ...dget-d5648214fbd82ebd55682a43fc8f813e.yaml |  4 +-
 ...zoom-5721436cde7e78cb58601bb592cde002.yaml |  4 +-
 ...ment-824d93c3c9858047a50ed1387d69356d.yaml |  4 +-
 ...brew-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-pro-ab0d13d34dc4621d3f125a7e5e405bf1.yaml |  4 +-
 ...-pro-c78abe8c9dafca582dd0f5c66a5e2eb9.yaml |  4 +-
 ...-pro-d5e71f9286573633246d95fe18c6dc87.yaml |  4 +-
 ...-pro-e4eee191046305a40d967ee1ba037cbb.yaml |  4 +-
 ...-pro-f7a99c10e9aa1ac19e91036f274d28b1.yaml |  4 +-
 ...uard-ca5a202b7756a1fb685216ed26367b36.yaml |  4 +-
 ...lery-ec29185ed2f65e10921961a5788cf99a.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...feed-0dd37aac0a819da40009a99efded6eee.yaml |  4 +-
 ...dget-c4bb8ef855ed7d5677231037db6f41b0.yaml |  4 +-
 ...dget-d922f6e78e39c496155eaa17b9a13762.yaml |  4 +-
 ...dget-da62044dc6f8ab5a6043df4bc628475e.yaml |  4 +-
 ...rive-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rm-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ctor-4f39f823882301049a61a7a769c354a9.yaml |  4 +-
 ...osts-b1a9125711cb68f9ebd1c9d6ec3312c5.yaml |  4 +-
 ...-bar-43e66df1f9172a258f7b4833c10ba64c.yaml |  4 +-
 ...maps-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...body-162fd1b80a689c044d519624e2cd6bbb.yaml |  4 +-
 ...inks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ents-d27b7d21b5912a09ea3805333b4f7140.yaml |  4 +-
 ...ouch-5a4ceeb56cff119df02b4014ab6dd0d9.yaml |  4 +-
 ...rder-5fce0179ad5dd3fa3f22de628e08db06.yaml |  4 +-
 ...cker-c2d506865b475e467cd410bd4ff9f703.yaml |  4 +-
 ...cker-d1d5e763ed41a49986eaf738181a98d5.yaml |  4 +-
 ...lite-718a86b8fb614bfca1d835a5b1869915.yaml |  4 +-
 ...sync-8253ee833cb2687572180cd975dbf588.yaml |  4 +-
 ...tion-34076a9fa6889f09a1439513a52a8cc3.yaml |  4 +-
 ...mize-529055d3bc8d484bb022631bf8a543b2.yaml |  4 +-
 ...olio-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ions-9f87cf742669dcbf6cbaabec0f8d8908.yaml |  4 +-
 ...pack-0e86932241c6ad3f70627e02c54dbc31.yaml |  4 +-
 ...pack-9df4fd409a4edbb8572536db3f6715d1.yaml |  4 +-
 ...pack-d4b5db96e8a4cb8dde234da2c8c95905.yaml |  4 +-
 ...pack-fe6364297dbbdebcc849affd9cb5e248.yaml |  4 +-
 ...lkit-95537a5037076723ccef81d1fba789fa.yaml |  4 +-
 ...ager-988317a2aa68c393854967dc4677ab3f.yaml |  4 +-
 ...rdwp-dc882a54ee21adad00f3c37faa34411b.yaml |  4 +-
 ...reer-00ad079b8c94204c38afc1d934554333.yaml |  4 +-
 ...-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ents-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tics-6d795e6331799c55a6d3f3098ce86d6b.yaml |  4 +-
 ...-api-5e1efa6ead2e9d16598b6140024797d0.yaml |  4 +-
 ...-api-9d1887b8622dac2bd15f04e82a194689.yaml |  4 +-
 ...lery-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ator-da0185c8881b7837eb3ff9bef5017584.yaml |  4 +-
 ...port-46afaecae6249c4e331df87e2126a4cd.yaml |  4 +-
 ...ring-6adbed160e9381bd43ab920e4f4c10a6.yaml |  4 +-
 ...oser-6fd5ee2a697c02149752bc647f98085f.yaml |  4 +-
 ...ocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...prox-f629f1cbd9fba0b088aac877e4dc575f.yaml |  4 +-
 ...ings-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...news-ab596007425584b1e79f9f5a75499083.yaml |  4 +-
 ...nter-154e2db41f3251206c18f35c16e169dc.yaml |  4 +-
 ...base-41532dfb555f5a1e79f8f55e8febf84a.yaml |  4 +-
 ...gine-23b35e5f653977b412c0dc708b752a30.yaml |  4 +-
 ...load-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ions-4283f13fe6bc4a6b024bd09e02f40c1e.yaml |  4 +-
 ...cher-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ages-cdbf7ebff8c4d1a9b90da71e4a3d5b8e.yaml |  4 +-
 ...asic-4888a583f0c17ec03ad6204f11cf19b4.yaml |  4 +-
 ...mbed-5b2a6f112dc7d70910b36648c4b4675a.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ider-4c62f9807e53925857a04839b7f811f3.yaml |  4 +-
 ...ider-782d2a5a9a3b36ec02deacd0cc03dd91.yaml |  4 +-
 ...ider-9212eb6af9b06f0daa962811d04b3aed.yaml |  4 +-
 ...load-7a66706d231bb588b40ed996e42c0254.yaml |  4 +-
 ...ider-20c21b977e576c86cae60978b4cded07.yaml |  4 +-
 ...ider-4bda697ca3ea7c8fca810d0d8ce167ae.yaml |  4 +-
 ...ghts-f78d7ba708259da0523cabc0cbdbd7c5.yaml |  4 +-
 ...eads-bfe41c446963ca7621a719dd7519ca70.yaml |  4 +-
 ...rker-2729f42afbb3a34107349dbe43cc49c6.yaml |  4 +-
 ...-pro-8ad67d1554931a18fcf5c6d8fecb94f0.yaml |  4 +-
 ...n-wp-6cdc10306b381cbc45add2c281d72434.yaml |  4 +-
 ...ager-e199f05b41749995376359e6d56e2316.yaml |  4 +-
 ...ress-99975e67153f43d6158ad376c50faa87.yaml |  4 +-
 ...ress-a3c23b348d99ad97eeba5901637fc834.yaml |  4 +-
 ...ages-10dd9a3434e3d079623a841e75c86c90.yaml |  4 +-
 ...ages-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lery-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...plus-09ecd7b1a7d7c81f548e33bf4bc7b580.yaml |  4 +-
 ...tion-f623978da0d0e7e73c44c7f970c44b06.yaml |  4 +-
 ...rary-263f0665c552df560e61f28530fa511b.yaml |  4 +-
 ...ayer-afdb73f09e63d9d93a801e87dd86e9bc.yaml |  4 +-
 ...plus-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ices-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-3fe9089ec5b0f3ad95a1bd0baa9d49ae.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ents-41a63082135d50f0e8bf2d19791a60a3.yaml |  4 +-
 ...gets-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ator-1593b88b276363eaaec5e0cb5dde84ae.yaml |  4 +-
 ...user-7c535e169c75c3005c5d2941f3e6968b.yaml |  4 +-
 ...izer-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...down-1bbaae2a7a498b205fb902506cd09f7f.yaml |  4 +-
 ...ajax-08c2b329300ceeb5ec4ee1c1cf18abf3.yaml |  4 +-
 ...ress-62395a250bd2c0c27cc1d46d95105e15.yaml |  4 +-
 ...ider-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-46180ef43d3becfddd0144fed7922297.yaml |  4 +-
 ...ress-0d7d13b3763620f659067ef0ef4a2ecc.yaml |  4 +-
 ...odes-e9fde878e95431546f5a6d5b49c1a171.yaml |  4 +-
 ...nail-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...play-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...list-acb7010b85ecf2daba49fdd1b1643bd9.yaml |  4 +-
 ...r-wp-27461955b32dd7d4c16736c7fbdc5771.yaml |  4 +-
 ...r-wp-b15c16122e094141ccb76dd4bc1e2cd2.yaml |  4 +-
 ...e-sm-45f25702e8ca4952a8a482198d36d226.yaml |  4 +-
 ...ress-bc4f6148886fd30cd6ed07bbbfa6c2c3.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-bbbf9046b8721bc306a1868ce9ab75b5.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-c7fec950a07b33ca805efa5f4526bb87.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-da3f36dbc6e00ae538ec7700a4a5da0a.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...hild-5c361cd216288a792b3417e2eea8c64b.yaml |  4 +-
 ...hild-de951cb1c07b8f1a00e6e15f2067e75c.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-bbbf9046b8721bc306a1868ce9ab75b5.yaml |  4 +-
 ...sion-c7fec950a07b33ca805efa5f4526bb87.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-08e41a2e706bfd45d56edb520c5805b5.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...sion-853763a7a24f0714b558d69285e810e8.yaml |  4 +-
 ...sion-7cce7a2633974d7472d47a5e1fdbaed0.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-276d9e37b697911176c96dd2534c5db7.yaml |  4 +-
 ...rker-13b8a58f1828f2c64647f6e908737c8f.yaml |  4 +-
 ...rker-22c2313f6ddd97279a9a6e05569e552c.yaml |  4 +-
 ...rter-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...arer-6b3f6a43a6261f36339646ed344d5b53.yaml |  4 +-
 ...ator-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dons-963646e7d7bb88af1ad24a0f5a61ee55.yaml |  4 +-
 ...dons-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ider-b6500312e7eff76638bb1a536f1d8f8c.yaml |  4 +-
 ...ider-ec15f998366a90597f3ae6005cf6d8b3.yaml |  4 +-
 ...stem-296c49b1bc6f342e92d02be77b2dbe14.yaml |  4 +-
 ...atex-c72bfd99ca891cab28a20713d4d5fa8e.yaml |  4 +-
 ...tons-47fd93f8dbf38d292961db96282356d5.yaml |  4 +-
 ...load-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dget-f41b10488dd7d69ac4748b8c313105e4.yaml |  4 +-
 ...acao-d9141583a795a1e4a70084cd717fd9ac.yaml |  4 +-
 ...oads-dd0bbd05ca9ba09666d0154a80a50eb1.yaml |  4 +-
 ...port-3faf0e242f65e17c979c6f608e04b73e.yaml |  4 +-
 ...stic-6d746a5f0aa53afdd212e69305550ec1.yaml |  4 +-
 ...mage-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...uler-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...resh-19904e18d7847af1a770f2d024bfee5b.yaml |  4 +-
 ...-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...view-1e5ebadce2a1ab9a5fd9a23d7bb80d5b.yaml |  4 +-
 ...ment-9f9a85cc7dcde674a13dc865058427ba.yaml |  4 +-
 ...orum-bb8b3412160ee9a77c9d2e3d86221321.yaml |  4 +-
 ...orum-f35fe23400199bbe42a795d71f9a637a.yaml |  4 +-
 ...cart-56a0c79ebe574b006dcddb57a105ed57.yaml |  4 +-
 ...mode-39eb4a9ab67b19c7b3e7b850c04221af.yaml |  4 +-
 ...mode-a7b78f7a058348bb841c19e95bd21064.yaml |  4 +-
 ...tion-0e334f8b94041fdfb0dbd420bf6d8572.yaml |  4 +-
 ...tion-2c78335d8d426bf0b25d79bcc3a1ab65.yaml |  4 +-
 ...tion-7f9d8f2c0da9df1ec2dd98d448e2220f.yaml |  4 +-
 ...rity-de7221543e5e73690e1a713271a64c51.yaml |  4 +-
 ...book-9db01b7b537550571e5aaebf6e7d1ee5.yaml |  4 +-
 ...n-on-18ed21ba8d359bbdba46edad48e67bc5.yaml |  4 +-
 ...oftp-23e0e48f6d4b609b278b4fbd54ac10a1.yaml |  4 +-
 ...oftp-d10118590b8b4520a15b5f492941e4d0.yaml |  4 +-
 ...ider-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ider-e13785deba801d5052c18262b9c1ec9f.yaml |  4 +-
 ...erce-2d6d4e818a96c6e23f130697cfe95544.yaml |  4 +-
 ...menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ator-9d62e328d915f4bc5d1fc97fbe0f1bbc.yaml |  4 +-
 ...look-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...orms-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ting-e54ab178e0430008f60d1b3ffa4fc240.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ages-b073725ff3ce84124c4fbaa39058dd12.yaml |  4 +-
 ...ayer-f2f737655d264b31c43ad2bd812bd2dc.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ment-5ac91f4d7709824d7d324fcc63da5897.yaml |  4 +-
 ...-box-7dc2950e20e339de0e3c41a3a14e05fa.yaml |  4 +-
 ...main-3a3edd25e4fa2cd1428645e4e1a051ab.yaml |  4 +-
 ...lock-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-3e61760bac7d3dbcc4ad9810884d474f.yaml |  4 +-
 ...erce-20415f311fdf676cb6dd436c829d557f.yaml |  4 +-
 ...ndar-72451557ba7e0e914a18e1ce213f28d7.yaml |  4 +-
 ...ndar-a6b03d82501be09605ec3648f082c81b.yaml |  4 +-
 ...rder-46d83256b62bdfe4aa6f310ac82e97af.yaml |  4 +-
 ...ment-f493de201064a7faaee262b5cd71afb2.yaml |  4 +-
 ...rder-6e16524bd1d2a580c4988808ba69289d.yaml |  4 +-
 ...rder-a5940bfb7c2779df0f2c0ab2e0cfe4dd.yaml |  4 +-
 ...y-wp-e034d0793fa530375c47c930a890a44e.yaml |  4 +-
 ...ceai-40ddfa284deb87a97d4ffba35198f3b4.yaml |  4 +-
 ...able-8dbe7a3817fde028be9e786330407154.yaml |  4 +-
 ...able-93938fbe21973f374f80c1d00bd023f7.yaml |  4 +-
 ...cred-ab40c276cb9902f9d5e1087da672b8cb.yaml |  4 +-
 ...cred-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-api-fdae69d4ebb419ff6e97487d1fa22ced.yaml |  4 +-
 ...ents-ef9b3c704d7fced594c5120e1a6fbd70.yaml |  4 +-
 ...ions-e721e32fa48eebd873371f94b4b26240.yaml |  4 +-
 ...odes-ac14ec5ad7742e553d78dac3325ff055.yaml |  4 +-
 ...item-48dc2938fe186fc758ec2763ee6f0d79.yaml |  4 +-
 ...grid-5d20fde6dfb97e9f5d07e3e446eb155e.yaml |  4 +-
 ...sher-04eafceaed46e98686bbc255ebb274ab.yaml |  4 +-
 ...rove-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...stic-5a374355ec4537f847bbfe7d5d9419bb.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...nect-ca36ed6adf848cc827e64a29f8ea5b4f.yaml |  4 +-
 ...lery-39cf49efc2cfacf8bc667751cb10cb94.yaml |  4 +-
 ...lery-d5553776b8e5331d8ec0787313ee2d60.yaml |  4 +-
 ...hoto-b45eecf36500371522a7a91600b79df4.yaml |  4 +-
 ...ting-c141b8b973ee71335be586680efd9177.yaml |  4 +-
 ...lery-fd1e125ffdeff47afb4a084c2351b847.yaml |  4 +-
 ...exus-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...able-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...orms-624315d392127da9cdbb25a9ce0695f6.yaml |  4 +-
 ...orms-7c7b836ffaa221f1b27ae77d75f66b3c.yaml |  4 +-
 ...orms-c27b108510956c02768a728e2ce3fea8.yaml |  4 +-
 ...wall-bfe7f25b364c1c551aace9e3b8962033.yaml |  4 +-
 ...-ses-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ions-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pack-bd4439ed9a58ebca35ee43480cc063fc.yaml |  4 +-
 ...ader-f1f1da3dcd767a5d11f1b776e491f57d.yaml |  4 +-
 ...erce-268f07777e79e9582f2676bd74ffb8e4.yaml |  4 +-
 ...erce-94af6b10fc464ad700fcc3825517ff11.yaml |  4 +-
 ...ngot-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...chat-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ions-ffea4c38dbbf6eb29f1bb344ee6bae12.yaml |  4 +-
 ...xtra-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ogin-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rder-96bf5a76ba4653bdf89616d82d0bf5c1.yaml |  4 +-
 ...lity-079b2f2c54a8b1fed68b5c27dcb96254.yaml |  4 +-
 ...ours-02f013b54b4f3674afd49b3afca90a89.yaml |  4 +-
 ...ours-55a39ce22d26293084937266d25d08be.yaml |  4 +-
 ...nsea-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...anda-e524be4e74a799805187c5341f4ea89f.yaml |  4 +-
 ...irex-487b45c8da9cac09ef28c95c49514ba6.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-2c636c041261dbec5d7ba4cab181df88.yaml |  4 +-
 ...hart-7dc1fbd7e7abf281f194a7d7c03c76ee.yaml |  4 +-
 ...case-fa0b498c03b490f6a302c8923c66045e.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dule-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...wich-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ator-56d5619e454c2de075a4d59b6b36a2ce.yaml |  4 +-
 ...ayer-3368388a3eaf6ed2424923ab628b316b.yaml |  4 +-
 ...rict-4d8ef6bd985f2d34f506708108c9100b.yaml |  4 +-
 ...tion-4ed0ed5324b5c3f087d2833d0484d7f4.yaml |  4 +-
 ...-pro-410910e3bde9f58e737907bb1681caa1.yaml |  4 +-
 ...-pro-84d2d3378640513504438262d898e022.yaml |  4 +-
 ...-pro-c3048e5abe91e890bbce0cc632e75565.yaml |  4 +-
 ...rama-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rier-ce718587b1801a7c7537a48edc0e7766.yaml |  4 +-
 ...base-74dfc45ecae7de304e8f9080bdfdb51d.yaml |  4 +-
 ...ager-d0bbc9ae1fbf2d240bae5f6283bcefb6.yaml |  4 +-
 ...sion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...bric-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tium-2de2a309a48a2066b54fa1a1b79cdf95.yaml |  4 +-
 ...tium-4f11f74ab70050e21f6862beb40d9a96.yaml |  4 +-
 ...tium-62269eb67796cbb2339d6188b5db837c.yaml |  4 +-
 ...tium-6717ed512d0f6dcb712096abdaea80dd.yaml |  4 +-
 ...tium-92d0e7bc94b44754e236b3eab5ba21b3.yaml |  4 +-
 ...tium-d89f421b57194b2722cbd6095ba6fda5.yaml |  4 +-
 ...tium-e5b14dd6b8ce0a1e923582746cd9e67d.yaml |  4 +-
 ...rint-40ad9a6c734da3962dc8243739e3141d.yaml |  4 +-
 ...wser-c6589434b15992ea6614e8eb940f49fe.yaml |  4 +-
 ...-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-sms-f6e0611408f1fa46e8d9b7f9c0374cb8.yaml |  4 +-
 ...erce-f53b59e3d01b975c6802657d08b4d293.yaml |  4 +-
 ...lery-02d4095d603887ea90170c039ddd4ef1.yaml |  4 +-
 ...lery-03f9356825118ca4016abd782e8ac0fc.yaml |  4 +-
 ...lery-3c5bac80199ef30099a13588ec30b8cb.yaml |  4 +-
 ...lery-44b42ab3cc67f2808aca4c4c544fe3ed.yaml |  4 +-
 ...lery-52e7ff3acb78cedfa1cc6fc74cf893bd.yaml |  4 +-
 ...lery-78fe6306f76d32a87cb79d1ed7a18344.yaml |  4 +-
 ...lery-d2f0c79f766915ada458669bedb0c203.yaml |  4 +-
 ...lery-7aee34ffd65481adae802a1b67540af3.yaml |  4 +-
 ...lery-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...sive-b4a8b8c1c6aa3303fd49306d6d3da366.yaml |  4 +-
 ...lery-f15ed32464b8a833a76a0b7a1fe8248d.yaml |  4 +-
 ...ocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-pro-a89413a448da960907f201f2e284d495.yaml |  4 +-
 ...post-230333f7152338c0e847a31fb3c9a2dd.yaml |  4 +-
 ...tics-067e897c25e69073ab36a1703c7f28be.yaml |  4 +-
 ...ayer-0dd50401fc253eb4ff30c00f51c39236.yaml |  4 +-
 ...tral-8d3ea868911a052c015f14b1fed79fc4.yaml |  4 +-
 ...rses-b95250d725c58e5f77c57b6de18a5532.yaml |  4 +-
 ...-box-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pods-dd09b82c04b588417962747e8b977772.yaml |  4 +-
 ...addy-7743d4aab2210fca5895ae50928bc6f9.yaml |  4 +-
 ...lang-79eabca00926846a970481cb6b7e83aa.yaml |  4 +-
 ...lder-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-xyz-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lder-18e611cf48e8f4ad6e3b9384220c5457.yaml |  4 +-
 ...ages-e6cb47157cb35f90dcc06e51f4ec2619.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lery-70beb78ba7fd734dda35bda551cb0775.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ator-e3c761c4e430d07f3cc55d6f4fc67c86.yaml |  4 +-
 ...lery-1b225faa6149f90c544fb3acb706af2f.yaml |  4 +-
 ...grid-2709ba16ebba4320ded81fce12f3563d.yaml |  4 +-
 ...mate-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...gner-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-09c17ceea6b1acc60dc27557a0b8ba88.yaml |  4 +-
 ...usel-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...smtp-5cce32cc2992a89ca752b62e96a78a05.yaml |  4 +-
 ...pets-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ness-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...iews-741838efe1987dc0902314663618d34f.yaml |  4 +-
 ...rect-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...port-9efe0fb93db4e83b6512c73eb733e094.yaml |  4 +-
 ...atic-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rkit-0af70d46a8f7d1d575b47f6ceaa9d723.yaml |  4 +-
 ...ress-307c020a7d3d97fddb5823725bc2bdc1.yaml |  4 +-
 ...hois-5aab035ef042ccd7141d869c2750d5bc.yaml |  4 +-
 ...arch-6b177b37379772051433776316566ccd.yaml |  4 +-
 ...arch-a45e2a89638ef475d44955daca9531ef.yaml |  4 +-
 ...arch-b2c299a9a1dfd6a544071cd299a840b8.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-6be8b4c15f4802607f2237b86373c965.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-50f488111dad00bdb113f7022a4a0420.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...arch-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...oles-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ands-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ency-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lter-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ches-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cing-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...list-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ward-d0af10e9ac4884ae3c68f9f3c40fdad7.yaml |  4 +-
 ...ndar-c5888a6adf3b7c4a7f3becae44174450.yaml |  4 +-
 ...hoto-1c7062bfa495ccd866c7cbbbfe4462e3.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...stic-b8b87309673e04154a00de1091b89e07.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...over-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-c7e173848fb257299994b18731636ed4.yaml |  4 +-
 ...blog-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-dev-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ocks-52b32717fd3d0ae5a10aa7d3c77cb89f.yaml |  4 +-
 ...duct-a3db779bffaf01ac0439d97b043e7b9e.yaml |  4 +-
 ...-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lder-960773bb26ec71f2b5c7ab22a6dcda0e.yaml |  4 +-
 ...lder-dc37f981ae3cabe96f1627086e8e54ca.yaml |  4 +-
 ...-pro-960773bb26ec71f2b5c7ab22a6dcda0e.yaml |  4 +-
 ...oads-dcaafd0f02c38e487ed1a8a26307e284.yaml |  4 +-
 ...page-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dmin-3008a63f18e7f2e88b5013011c2e866b.yaml |  4 +-
 ...page-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ress-5eb9664c4cfc97621e70ca6044316a22.yaml |  4 +-
 ...ress-de2d50a00641894476c3c991e151cbfe.yaml |  4 +-
 ...nd-a-8f0eb841fe57a3d4a24e95c0d9fd6f34.yaml |  4 +-
 ...ader-de57d40696cbfcd8ffe966c8ed179267.yaml |  4 +-
 ...te-x-92923e233ad137b6c565b0d9cb5490bf.yaml |  4 +-
 ...bely-fea58c2fffc9b2ea6b58c47efd69a713.yaml |  4 +-
 ...ense-910562f88b7ea3f43ef082aba4fd2945.yaml |  4 +-
 ...tore-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...form-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ents-b05b3a24d162881cbb5011a114d7958e.yaml |  4 +-
 ...ents-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...menu-be53691c287fd0615412e7fc76d56676.yaml |  4 +-
 ...next-0ab1239b54a9d197b2df31bb69f5b07b.yaml |  4 +-
 ...next-1f3365288c8ad41d2a38dadca302de5e.yaml |  4 +-
 ...next-d42a5f37bc2973237f5bd33bf937988e.yaml |  4 +-
 ...next-d5c9a981371783e864a000bed9ff14a0.yaml |  4 +-
 ...next-e1a43bd038bea91c9d042110dd2e93ec.yaml |  4 +-
 ...code-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ayer-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...bear-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dget-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-715775220a5d0726abf3cb0c44398e2b.yaml |  4 +-
 ...ideo-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...maze-8a160378fcef72b726e178d76f962841.yaml |  4 +-
 ...ntly-8309716d7ccc4397ca213e945a98f0a4.yaml |  4 +-
 ...urwp-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tion-00ed26bc99082a5e2bf7869b142812b5.yaml |  4 +-
 ...tion-08ab49e654c5fb6f0db2079823b53c43.yaml |  4 +-
 ...tion-1217e0d32488feda5672b5f2f6f6be10.yaml |  4 +-
 ...tion-28a102683d2de6c72760dd7d0e2159c9.yaml |  4 +-
 ...tion-3d292d211ef84b695362922dc8bdf57d.yaml |  4 +-
 ...tion-5f79866291aaa54e9869bd9b8bbe5231.yaml |  4 +-
 ...tion-60528de5f76e38fabee103931a1b735a.yaml |  4 +-
 ...tion-6321b133726d239355f81b9be99d916b.yaml |  4 +-
 ...tion-8392879a309371134897c994ca4719c8.yaml |  4 +-
 ...tion-97d82c7c3e0d924cc99e2436cf7939dd.yaml |  4 +-
 ...tion-a8b98bbbec0875de2bde4d3647cd15e1.yaml |  4 +-
 ...tion-aa77b46ba67be3115863377f556c5a4e.yaml |  4 +-
 ...tion-cccbe637c2ca5b40eb7fbe65c1b79317.yaml |  4 +-
 ...tion-d5ca64507af2d41a9a4ef9ba365317c0.yaml |  4 +-
 ...tion-d9b1627f6db7a7b3f667f9603a20aaf3.yaml |  4 +-
 ...tion-fc35edd680a0ec79497d3d82a4143e86.yaml |  4 +-
 ...tion-cb361e2e4a8f09fdba16ef55d82e4742.yaml |  4 +-
 ...work-fd34b68ddff550331d533d0325717761.yaml |  4 +-
 ...nssi-2c5ab69854e1511d339bef7563a27b08.yaml |  4 +-
 ...nssi-2df9887091a9e43477c93a8f95a59867.yaml |  4 +-
 ...mium-2c5ab69854e1511d339bef7563a27b08.yaml |  4 +-
 ...load-fc6507793e849585ffa987ba2f9e1c71.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntre-2f8f397bcad4eb939787697b135e157a.yaml |  4 +-
 ...ntre-3a45dc282f560e731773a059f5e7ca5d.yaml |  4 +-
 ...ntre-5c0349ca079e747f13053866a0f9f7b4.yaml |  4 +-
 ...ntre-eb6a95dc8c6a4d6036eb6038576d5022.yaml |  4 +-
 ...mies-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dash-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...load-7d8fc6eda80cc32678a794e07adb8263.yaml |  4 +-
 ...-ons-c4bc19656917f2d34b4812810b207db1.yaml |  4 +-
 ...-ons-e6d62601d9fb0272cdf0ccd211481dcd.yaml |  4 +-
 ...dget-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tbox-7b55e5afda1f744808ef7891452f6863.yaml |  4 +-
 ...box2-87b6d9e5131d99ef758c739f3a95c342.yaml |  4 +-
 ...poll-7eb5e40a54b7b7c228b5d29ef47daaf0.yaml |  4 +-
 ...utes-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-86b13954ec743e9dcd370ce47777c030.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tent-69f3351aa6a5162d89a81a8e42b30fee.yaml |  4 +-
 ...cess-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tent-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-7045891b02879797f89361d3201b5ab1.yaml |  4 +-
 ...ress-a008c3a52fa94300e9ec331bd11a1546.yaml |  4 +-
 ...oups-df796716cdd12b786f639a85872402ce.yaml |  4 +-
 ...gine-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...iewx-d13b6e0194ead1aa761a79dc4de31982.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...assa-a1f3ce23c26813a2d0636e6681a66fe2.yaml |  4 +-
 ...mode-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...oper-25222fc492113823793e49be1ec42e70.yaml |  4 +-
 ...dons-0482c6a15acfe9611a210ed128b0e569.yaml |  4 +-
 ...dons-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ages-e82724cb73e8d739a7e74ba12a2c0b77.yaml |  4 +-
 ...rsvp-72cd99005222b05f8d3ba5703b3d3c18.yaml |  4 +-
 ...post-702f90b8bb07e6c13ea1a4bcd70721ac.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...zing-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...line-b2a2498dae5be84f29d9989669186b97.yaml |  4 +-
 ...base-5f21cea7a9aedb5442f3d8dbb7f2496a.yaml |  4 +-
 ...lery-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ideo-83c44f74fb6f267a714fb43018452c84.yaml |  4 +-
 ...ideo-98fa09468510e4f3d608da204df8d702.yaml |  4 +-
 ...ayer-73b7b4fd6adbc8f05bd6aa0607d34105.yaml |  4 +-
 ...-svg-de5739613e14a996b46539b30ca9beab.yaml |  4 +-
 ...stem-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...free-0f6c840a3fb64dbbf3be23d21800f577.yaml |  4 +-
 ...lite-0f6c840a3fb64dbbf3be23d21800f577.yaml |  4 +-
 ...ader-987ba48a8effbae5bcbbbe65d3a7dff9.yaml |  4 +-
 ...-bar-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ment-3f1c3ad85ad1a49bfdfa7d4e3b840987.yaml |  4 +-
 ...ence-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hare-63d0d67aa5aba2dddaa9648ffc434152.yaml |  4 +-
 ...tion-3cb680b76cd76f74dd3e1108311fe7fe.yaml |  4 +-
 ...gins-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...inja-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...safe-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hoto-655bb3b8d4438b69c94c0ae63c754913.yaml |  4 +-
 ...rm-7-9b9891b7d15de10b021b57247a686e05.yaml |  4 +-
 ...ails-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-2b3a10a2b0c01a20025a0d9db118f2df.yaml |  4 +-
 ...ress-446bb803ccb7ab54ba9c587af27ed178.yaml |  4 +-
 ...ding-e894a6552613ace9ff7694fe7f0247a5.yaml |  4 +-
 ...ster-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...math-10c02e3884689b63f9593289046d6bbb.yaml |  4 +-
 ...list-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ency-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...zard-c65adcc35ac4040261ad16030af10bc8.yaml |  4 +-
 ...ator-99d9f69262b565cb98ac9182ded6ba39.yaml |  4 +-
 ...wser-a799081d34c432defddee7667cec19dc.yaml |  4 +-
 ...rank-f8142d6147ba8985e902d3e3c7f8c24d.yaml |  4 +-
 ...info-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...itor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-bio-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-ed44e679b80b227382994fd698507bde.yaml |  4 +-
 ...mage-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...unts-dd581bb2f106d38c2b413e5d4d1b0414.yaml |  4 +-
 ...iles-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...sync-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...rier-43ca0b6b0ea70acc9611835de771b2f8.yaml |  4 +-
 ...erce-204abbaf4719b0c465697b2d07725668.yaml |  4 +-
 ...erce-c95fb7e9995eb1cfa4e559bcf8a93b02.yaml |  4 +-
 ...date-237f09cf608b33e2d885ba45327a8a92.yaml |  4 +-
 ...date-baf7113ec23d15f1819896037517b713.yaml |  4 +-
 ...mate-aad87c0bfd109df2ae9940475ba0f22b.yaml |  4 +-
 ...mate-e188a014b244e93ae49b1e82bb73babe.yaml |  4 +-
 ...-url-e61dc6652abcb067051b61e901442c72.yaml |  4 +-
 ...iser-edd7c00369ad56e0646da80d37cfae3b.yaml |  4 +-
 ...pand-f122002b6d51991b7a2676304d17940e.yaml |  4 +-
 ...ange-5dcc472de5e4f87aebcc632749f7aaa7.yaml |  4 +-
 ...ager-0f6c840a3fb64dbbf3be23d21800f577.yaml |  4 +-
 ...data-740c2a0d357fce3bff875d5d58b6f9d4.yaml |  4 +-
 ...itor-5814be735a5f5cee00bab9378ee0cbea.yaml |  4 +-
 ...ndar-6cfd85b37acb634912f405192489654f.yaml |  4 +-
 ...dget-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ests-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ideo-ec78e7994dbd34ffd9cacf3cd9b3ffa4.yaml |  4 +-
 ...ship-db5dfd04511983fc7ceb561728d3d97d.yaml |  4 +-
 ...sage-b85cfdf152cc4ae0e3deb547dc1b6d6a.yaml |  4 +-
 ...dder-47569f4c91357650e1a29f2c2f2817fe.yaml |  4 +-
 ...tton-ab84cffde93b8e75b3b5fbb96c93d333.yaml |  4 +-
 ...emap-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ider-c8de5b2d5272ca0aa0591b883e38753b.yaml |  4 +-
 ...ager-a60c5d49ef21710901095695504b7608.yaml |  4 +-
 ...tons-40fcf644d2fbb45e473e3839f27d17b7.yaml |  4 +-
 ...hips-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...r-wp-0564976f3c6b024a77575f33f874aa48.yaml |  4 +-
 ...cker-6007724142dc6c51f92be093926036d0.yaml |  4 +-
 ...lock-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...poll-cf17297c2e5d307d7deaa74f22821404.yaml |  4 +-
 ...ates-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rect-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cewp-17722d2484373a19ea1df8b15b8f0eea.yaml |  4 +-
 ...deck-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...prox-5b04e98d5ed9360b3ebe4e58880d2319.yaml |  4 +-
 ...tory-b04b6aa85a76ebddc71c9e203d10773d.yaml |  4 +-
 ...tory-d5d65492c7b3878ca773e2f63b4a08a2.yaml |  4 +-
 ...mage-d1752e9520f041ace82927039ac74f84.yaml |  4 +-
 ...hare-9fb99305b4730cdc01315914158330a9.yaml |  4 +-
 ...lery-3930a563943aaf08712d2221306b606c.yaml |  4 +-
 ...lery-44893e4f1aa00774102d61f70312168f.yaml |  4 +-
 ...lery-4dd9a3ba0bea201c247a65cf330c4a19.yaml |  4 +-
 ...lery-f45ce441ba6fd10c3e2bec3c1e3949b8.yaml |  4 +-
 ...ages-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ideo-eacbf719bf265fc7ee4ac85dd80a065a.yaml |  4 +-
 ...tkit-43e0cd9b2e64838710c022fed726ad02.yaml |  4 +-
 ...gnal-c0dc18b21bfa2b86d77830cf4a915b55.yaml |  4 +-
 ...mail-9b2a41c17f324bc427373274ec0c74e7.yaml |  4 +-
 ...heme-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ible-64658b8ae4088e2d2245fcf0b29be320.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tags-941b5bba10cb296e00cbfe0b3138a5d9.yaml |  4 +-
 ...-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...er-g-78405f03bea86dc35a1c5e66198ba314.yaml |  4 +-
 ...tage-fad318487dd970b284385e44520c85d8.yaml |  4 +-
 ...cket-219e55994660c3c36e84474ca074be21.yaml |  4 +-
 ...tton-de24827a638a2efce744c6eade7a73f3.yaml |  4 +-
 ...grid-ee08b0491d28739787eab972fee61b21.yaml |  4 +-
 ...mark-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-c95ffe646d0a761b10647658a7c40d15.yaml |  4 +-
 ...ress-8f924182750ff29f56bd3ee7a3546db5.yaml |  4 +-
 ...ment-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-2363aa1bcf8789d416b82d1e475636e8.yaml |  4 +-
 ...ager-68171971cc36274d03be6fb322c19104.yaml |  4 +-
 ...ager-b4c26568b976acff74ff99cb773e576a.yaml |  4 +-
 ...rrow-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...kout-bfb97206bbfb6336668e50882960e16f.yaml |  4 +-
 ...ache-226c23fcac1339a85375c1a4fa7531e2.yaml |  4 +-
 ...ndar-1e97950fcbacf9ecbb58beed5fdc2b28.yaml |  4 +-
 ...book-69ea852e8d20e1b9095ff76a5199f22b.yaml |  4 +-
 ...book-8a173d0b76b8837ebc37d42174f4f25c.yaml |  4 +-
 ...eeds-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-a5194bfa9db34596e371b3fb9a988aa4.yaml |  4 +-
 ...ices-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rect-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-zen-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...iews-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-pro-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tats-c67af2c20174cb06fdec04d2bad87d02.yaml |  4 +-
 ...ntor-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...stax-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lder-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...r-le-fc1b2b62341494b2d9cc5ef165563a2a.yaml |  4 +-
 ...erce-1b9679a4f42d9c30f3b2de1ebd1889b6.yaml |  4 +-
 ...hief-6329046104e43f1ec0f867ede19cab78.yaml |  4 +-
 ...rm-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cast-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ents-925029dc31c55bdce33ed22d851b35e1.yaml |  4 +-
 ...ator-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...nded-67118eb3397203867c13f43462b990f9.yaml |  4 +-
 ...ibe2-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ules-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...maps-100f897c38dafe938e9af02c79c8f1ff.yaml |  4 +-
 ...apps-da1b2a8c96719ab9e52f2e44ede96439.yaml |  4 +-
 ...izer-d2b942d377993c80a764418d9e08cf38.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ayer-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...e-wp-100f897c38dafe938e9af02c79c8f1ff.yaml |  4 +-
 ...r-wp-100f897c38dafe938e9af02c79c8f1ff.yaml |  4 +-
 ...oard-4b0cb38b99185f75f96c68ddb4fd5800.yaml |  4 +-
 ...oard-b10ddb53a1d55359331e1cfb5b98fd64.yaml |  4 +-
 ...tics-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...aker-ad612424551c0ee261f169ba5954843e.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pert-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-neo-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...iers-85d0c53e63bad002a594a7c01a2ede3c.yaml |  4 +-
 ...hter-860aeeaea687dc364b79673a2290695e.yaml |  4 +-
 ...ator-fd97a9eb267d56f526d35e401fac2886.yaml |  4 +-
 ...plus-59af9a4b87c64d3fc5a5f77eb6d682d2.yaml |  4 +-
 ...some-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...osts-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...oups-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-pro-3c71f53ddfca3bc25fb132db1aac667a.yaml |  4 +-
 ...-pro-4c984e9d1c9a129101e93a0ae80c8a9c.yaml |  4 +-
 ...rder-c638d03db9f642ea8657e9efadb89fe3.yaml |  4 +-
 ...rder-f5ae27bdecf9c7ab3666827aa6121937.yaml |  4 +-
 ...izer-15b5b7552cd59d4fe58cc4180bb081ff.yaml |  4 +-
 ...izer-b27ee90d1fddd4df887e8806bf4e7ee4.yaml |  4 +-
 ...free-bc1021396d5f2f9f59d1b9e8308f6b42.yaml |  4 +-
 ...case-f54e3a0500b97b96852bb8d2c3a17f16.yaml |  4 +-
 ...tion-cc2369bd97072a25359057b15b301ff4.yaml |  4 +-
 ...exty-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ndar-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lder-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...odes-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...ders-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...reas-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...itor-eb3be0c0cf31ccd39967171afebb18b6.yaml |  4 +-
 ...rter-96a6eb43348a230ce62c16f4c805f2b0.yaml |  4 +-
 ...form-3134d0e942033e6ac2b7d54901e657a7.yaml |  4 +-
 ...rpts-bab8c0d44e1c325d945380a6221bd569.yaml |  4 +-
 ...stem-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...chat-3713d3bbe5441b73f08676feaf2b85ec.yaml |  4 +-
 ...able-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...npro-7246f496264a94e15a1d8c35393cc7dd.yaml |  4 +-
 ...tate-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lery-d4668154e14e969595c9de23505f40d2.yaml |  4 +-
 ...tion-32a996c823f220857a5611dc8238f0fc.yaml |  4 +-
 ...onts-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...code-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...p-10-4b2149909b70a0a5dde344497a2540e6.yaml |  4 +-
 ...p-10-aebc987297daa60ebc9f62d4c873ab22.yaml |  4 +-
 ...p-10-d6080d1f6e6aba862d174924fa49080e.yaml |  4 +-
 ...eets-0d742014c6c6d4f612dc93a0d8ee844f.yaml |  4 +-
 ...ager-d699893673e058c723134b07631ea093.yaml |  4 +-
 ...nner-0335e77335774af60e62b59ea8bf3dff.yaml |  4 +-
 ...nner-38e522344d31819f399f7be27a471788.yaml |  4 +-
 ...nzly-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ight-23bff824abe3c334624b92f8ce9d99b5.yaml |  4 +-
 ...outs-6ab0ff32728ffec64a0e21f4658b6bb5.yaml |  4 +-
 ...-map-94fb995c7fcb31381238e0489629c885.yaml |  4 +-
 ...ress-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...etto-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...3ds2-54a8519739469e9488888f770d59f330.yaml |  4 +-
 ...3ds2-98fdced366cbe609ca2059360fd4aeb3.yaml |  4 +-
 ...erce-6a7609985d974c1a4f6bfca880ceff9a.yaml |  4 +-
 ...erce-83fc5c78890dc3902a4d33e267bdeee6.yaml |  4 +-
 ...gets-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...utor-c52e67edc9fcaef058b0a6422fbb16e8.yaml |  4 +-
 ...chat-1b6d6a3b10f19ccd74a4ee734a0f0ee6.yaml |  4 +-
 ...chat-f2bbc682244e8a496bf0cb76f67467d1.yaml |  4 +-
 ...heel-79a6c6928e7e7b780f5e2d2e60aa16c6.yaml |  4 +-
 ...aper-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ider-bb937d8b80c96bf28d192769190e5a64.yaml |  4 +-
 ...meta-dc78477c8100a1cf79517cd718961ced.yaml |  4 +-
 ...call-953b50610487338e685a5cf5fb66996e.yaml |  4 +-
 ...ypes-0a99c8d6ca146b58134b86cdf1bd1b53.yaml |  4 +-
 ...ting-929d1756f21a22cbefc18ee9e80a95fd.yaml |  4 +-
 ...lder-d5ab4dadd75fec9af134144e666ff1a3.yaml |  4 +-
 ...lite-33a470e219d30f02e24dacca366cf3a9.yaml |  4 +-
 ...berg-baf6f9647aa6e6045c6bf5dfb25901ae.yaml |  4 +-
 ...berg-fbe34f85c5c0e3a0ed7be431ce9a9754.yaml |  4 +-
 ...tion-06c61feebda6eda56577372883413c6b.yaml |  4 +-
 ...tion-2b8dbf4f0e346913342b93011c311311.yaml |  4 +-
 ...ocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...llow-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-343d05bc9d208789b5e376940d559b37.yaml |  4 +-
 ...berg-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...feed-8056d85f33dbcf3eacb36ae8419af314.yaml |  4 +-
 ...stic-705a4f41d4e1aa767a8f267fa3454855.yaml |  4 +-
 ...mber-0e4c98f58a3149e9a232e9c95d40a56b.yaml |  4 +-
 ...mber-0f6437cf628a3bd90ee26c228a1c0006.yaml |  4 +-
 ...mber-242a068db50aca331a847418abd23c68.yaml |  4 +-
 ...mber-255674fc07ae81595ebffe932a85af22.yaml |  4 +-
 ...mber-7333037ca30b5f74ef217bf9466f85b1.yaml |  4 +-
 ...mber-7db7009418abd13063c2d118e09483f4.yaml |  4 +-
 ...mber-a52442145dbdbdaec9bfaa19c0573b9d.yaml |  4 +-
 ...mber-cb65508cd745e36647cf4ef3930d3944.yaml |  4 +-
 ...mber-e44d6ae66963d07b80fddcfb06cf2f83.yaml |  4 +-
 ...-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ogue-0aceb6e391e9a8017538f79a192451fd.yaml |  4 +-
 ...ogue-7cfd32fcdabda7adb9a40d5e10f1b10f.yaml |  4 +-
 ...ogue-7d8c18514116a3d9cb2fadc12704ae7f.yaml |  4 +-
 ...ogue-f9aadb3cdc138771a95f01e67d7ac253.yaml |  4 +-
 ...lder-2efc0981a055a3e602c4cd88e853b098.yaml |  4 +-
 ...cons-baba5d57c66f94a59676f999b229ed40.yaml |  4 +-
 ...ymce-f63b14eb213bbc6239ffa4f4e582cbbd.yaml |  4 +-
 ...ight-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dons-86920ea2244bf931a0a9455591658b64.yaml |  4 +-
 ...dons-97e102e48e3400c8c2827b76216fe5ac.yaml |  4 +-
 ...eter-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dons-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lkit-05449252a81a55fa1aedbb41d626d3a8.yaml |  4 +-
 ...page-c8d3a5bffd1b0c28a6e17cfdad5deb52.yaml |  4 +-
 ...ions-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ting-d853e52fe1d33267e0c81c91100de86c.yaml |  4 +-
 ...devs-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pups-f4a8622061e5460b0d2e3667b1d15b03.yaml |  4 +-
 ...bute-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...plus-1eca727a0c6686a8bab81174d47e18f7.yaml |  4 +-
 ...plus-4bbd3789375ef8b0ef3fbe16cd0df54c.yaml |  4 +-
 ...plus-dfc59073972648e0153f8a7cda52c6bd.yaml |  4 +-
 ...zard-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tify-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...shop-030644f38346879c8062677144e765a1.yaml |  4 +-
 ...shop-1e7c916b690d74cb7822c04675caf429.yaml |  4 +-
 ...shop-27b0c9418a17896ce00c7f804b61f8d8.yaml |  4 +-
 ...shop-536d118f42dde4ae5564cdbfac7489ee.yaml |  4 +-
 ...shop-559ca835d1ba91752b5fda135b9252b7.yaml |  4 +-
 ...font-ce93f109973b52b249a7106eb15a123c.yaml |  4 +-
 ...-log-60c68d204f0a8a653bebafe6c6059142.yaml |  4 +-
 ...tory-9be06bea648875a81d4dd1ca47dd3d3b.yaml |  4 +-
 ...tory-d5d36dd3296371bddd49874e159fc4e0.yaml |  4 +-
 ...enus-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...meta-27ff799b988fb677dadaedc3ce5f35d5.yaml |  4 +-
 ...ager-2a280bf41720079c39a3d0371323f56e.yaml |  4 +-
 ...ager-baba7e4c328e9317fa2b2839a155f748.yaml |  4 +-
 ...otes-e04c0fd89ca49cf41266e90f8d4a7135.yaml |  4 +-
 ...iles-2fc467eab8e252aba51501d739ddcb42.yaml |  4 +-
 ...tion-d2e28c2323c53d6e9cc43d245f41b33e.yaml |  4 +-
 ...ager-a0b7b51da946e56980c587504bc9c3d1.yaml |  4 +-
 ...itor-19fa35bb35a821be90be40a4df1f6407.yaml |  4 +-
 ...oise-b99ce0637c979eb1d01fd84441afddba.yaml |  4 +-
 ...ltra-3e0e02d0ef91eed396842fb253ab425c.yaml |  4 +-
 ...ltra-741cff403a911873546d8451aea6b8dc.yaml |  4 +-
 ...ltra-d475119af8f003a2c6e0eb9a10044dee.yaml |  4 +-
 ...ress-a000811d6a7f224f2863a66f08bbbdef.yaml |  4 +-
 ...it14-64fc1c1aeafb0b67c8b714966bfc2dcb.yaml |  4 +-
 ...back-e460da3b1111d5e40e60d6fa9f63a75a.yaml |  4 +-
 ...tics-7f3d4ae07c7ffdb4fa4da20576013347.yaml |  4 +-
 ...tics-820c42b11e0167933dfc728bc7134cba.yaml |  4 +-
 ...tion-1b1edb5a0481b6f1c207bb5bde4a4999.yaml |  4 +-
 ...quiz-2dc0412984b0bc2f2e238ad04ba47e6a.yaml |  4 +-
 ...ator-98fa09468510e4f3d608da204df8d702.yaml |  4 +-
 ...ator-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-pdf-a674e9a5d2840820506909b7c50b3d92.yaml |  4 +-
 ...tion-eb64a1dd7efbf5edcd293e2db2a6feb2.yaml |  4 +-
 ...dseo-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ntor-3bd671f811e3dbd6eac29209e9039fd8.yaml |  4 +-
 ...info-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...maps-41e6c56837296bd4311fa3f480bdbffa.yaml |  4 +-
 ...tics-57b54adcb0ab1b8bfd870b37f7db6b68.yaml |  4 +-
 ...tics-c591eeb2c7d14c7927ba6447beaabc1b.yaml |  4 +-
 ...lder-101912c034e5833d5a8cc53836ca2a9d.yaml |  4 +-
 ...lder-666310311f6b757b5edf8f0953dbd9e0.yaml |  4 +-
 ...iews-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ator-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...sync-7396a7e456a789122fb4ba49d41fa089.yaml |  4 +-
 ...ider-ae05ec43cb054e1a5de163d4a7addf3a.yaml |  4 +-
 ...ache-8a10bd5b823c6c28d5929375c43a3ded.yaml |  4 +-
 ...ache-cf834d46bd9b982d7dc5819942daefcd.yaml |  4 +-
 ...ache-f9f79bf204290d6d3c8b8009bb85feff.yaml |  4 +-
 ...ache-fa0b9f9e638380f9e9ab2db59f133c49.yaml |  4 +-
 ...zoho-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...list-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...rvey-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...core-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...uard-54e8332ab2042b90448af1c552f2e323.yaml |  4 +-
 ...ssup-f20cc872feace3e3660ec95d470c9be3.yaml |  4 +-
 ...watu-38df56fa1dc5330e530e8cc53cb9a80a.yaml |  4 +-
 ...ider-826769e27edbc5a7e8c99a41d2b44f99.yaml |  4 +-
 ...case-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...tory-c91fc0c595c28d56281ceceb582f95ca.yaml |  4 +-
 ...ment-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...thor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...list-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...odes-8911dada79ef696f6a6182ef72e3da28.yaml |  4 +-
 ...rect-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...elle-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...c4bp-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...arch-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...feed-692a59847419e00f01e0e2c7d8867aaa.yaml |  4 +-
 ...maps-913aecbb55aeada0646124d3b1f7ac2e.yaml |  4 +-
 ...tals-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erce-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...chat-e6c1637e24e361150992210212c2ee7c.yaml |  4 +-
 ...ator-424714e0619eb7899a426abc7531d5d4.yaml |  4 +-
 ...meet-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...docs-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...mail-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...epos-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...auge-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rm-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-api-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...iews-648a32c4399962c7e8df779124e03350.yaml |  4 +-
 ...osts-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ages-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tags-d2fc1c819ff763ffa1233f51f7546ae8.yaml |  4 +-
 ...uote-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...otes-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hart-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ship-f3d781217508c2a98509cd1c1ad7df6d.yaml |  4 +-
 ...-aim-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...mers-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ucts-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ever-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...oods-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...kout-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ways-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...kout-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...nced-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...sage-4ea02dc94cad5b57a77c42e7c7c8d042.yaml |  4 +-
 ...sage-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...itor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ield-5e5aa6772ed81579447472ccdd176622.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tory-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...edit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ules-b3abc33ac5c0eee824c171ffc996d70e.yaml |  4 +-
 ...ules-d3067d7741f8700134e947d8ed10ad79.yaml |  4 +-
 ...book-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cost-67ed94f8d8db54b41e53c8a3a1c3d065.yaml |  4 +-
 ...rate-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...iana-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cial-121f872296f7b7ce0005b54c410bc320.yaml |  4 +-
 ...heel-3ef982ad02fa7fc67bd896ba5c9c238f.yaml |  4 +-
 ...antx-775b75e12971ef700fb478179dfd07a1.yaml |  4 +-
 ...step-3be6a8dd2db55478dab854bd989a4208.yaml |  4 +-
 ...late-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ment-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...mate-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...mate-ace737eb3d27f2ecec85cbe6fb6964e9.yaml |  4 +-
 ...ider-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...code-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rpay-d60970bed3416d1d0688f40201a3d447.yaml |  4 +-
 ...remo-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ddon-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...mode-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...shta-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...kout-e718f73216a4ec4310297c0a9de0ac63.yaml |  4 +-
 ...cing-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...show-2961759aa56e979f7c4730d8320eec28.yaml |  4 +-
 ...erce-57d45ec0a5be7d9e2195cf95b8c7f148.yaml |  4 +-
 ...erce-754810521866facb83b95cb8c9ef612b.yaml |  4 +-
 ...erce-774e498835f1c205f8e5e4fbdea2e637.yaml |  4 +-
 ...erce-96783cf4f584cdb85a4c3bf872b8f294.yaml |  4 +-
 ...cart-e28866aa63369c2f108c411b915f57f5.yaml |  4 +-
 ...ster-ef09f842dc72675ee253130a4cf363a3.yaml |  4 +-
 ...ager-ebcec202e20e94c78709b42424b149aa.yaml |  4 +-
 ...form-24628850cd8464ffd20b56d41e476477.yaml |  4 +-
 ...erce-c2df943b1eb079c6b9fb4ba610f1737e.yaml |  4 +-
 ...uiry-f62206ccce82eddd9f38650d3ec27d0d.yaml |  4 +-
 ...ucts-2961759aa56e979f7c4730d8320eec28.yaml |  4 +-
 ...ucts-b935aac9392ea74d48c16c20e8b0b995.yaml |  4 +-
 ...king-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...king-552bb0df3849cc75dcf6d19f97ba3b05.yaml |  4 +-
 ...ents-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-32cfeb3b1e33f847bf448188352666fd.yaml |  4 +-
 ...ager-367546d5612217d94f1a8cf076937dba.yaml |  4 +-
 ...ager-95abb58d27d0cf8744e0e12e5ec2a346.yaml |  4 +-
 ...erce-d12b3c547439468c334a187596dd5c5f.yaml |  4 +-
 ...lery-2961759aa56e979f7c4730d8320eec28.yaml |  4 +-
 ...lery-b935aac9392ea74d48c16c20e8b0b995.yaml |  4 +-
 ...erce-e456b215f29a4067fb78fdf79a4f6d54.yaml |  4 +-
 ...e-es-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tant-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rter-0a7c54bda59de606bfaad194d1e6aebd.yaml |  4 +-
 ...ways-b3d7ce698d96885aab2b92e8488d08ec.yaml |  4 +-
 ...-tag-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pack-7ee31b33feb435cadd87c62f79cebfe3.yaml |  4 +-
 ...pack-ab678c0df2a17e9783905e758a6050b6.yaml |  4 +-
 ...pack-bea7c217c1714d6e73035b13fbfa872c.yaml |  4 +-
 ...pack-f91c2602522656e11d82af368c387634.yaml |  4 +-
 ...post-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...plug-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lips-94f5b565df6f54587e7f38dd2d74f17d.yaml |  4 +-
 ...arch-f2d13e82f4916c94ee541da275776204.yaml |  4 +-
 ...ents-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...play-2961759aa56e979f7c4730d8320eec28.yaml |  4 +-
 ...view-2961759aa56e979f7c4730d8320eec28.yaml |  4 +-
 ...view-666b088d7e486f0731500dc6b44206fb.yaml |  4 +-
 ...ices-4f8b1165a8fd4674c47b694bb6769361.yaml |  4 +-
 ...duct-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ions-38d794189585526f4580cbcbd32cd51a.yaml |  4 +-
 ...duct-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ices-f863836bfdeb95471721235ad3d4953e.yaml |  4 +-
 ...izer-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...sell-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...uare-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rary-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ello-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lery-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ence-2fe978140d6bb192dbe8f6347a246620.yaml |  4 +-
 ...dget-a672faba2cf5fa34711e0d654497c3c5.yaml |  4 +-
 ...itor-573f32cd1b90d92ebe8ccd29c90cebc9.yaml |  4 +-
 ...ll-2-82484b577e47d68881c7ffa118db364c.yaml |  4 +-
 ...opup-38f6be428d034f5c009a03a3e9513d4f.yaml |  4 +-
 ...-seo-729af181e052b537a824f590788c4026.yaml |  4 +-
 ...-seo-828cafaa2f518b65826b98ac79418f2d.yaml |  4 +-
 ...-seo-edb5aff062fcd8aac278362a1ce01bce.yaml |  4 +-
 ...ring-62254c40802e5286c6fd0b29e99ea8df.yaml |  4 +-
 ...able-d94ecce4e6207ecfb48491b051e2c22d.yaml |  4 +-
 ...read-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...stro-06578949edf7886954089bf5ea02f690.yaml |  4 +-
 ...lity-ad7eb7a1c6f0dd20fda9c7137924de5c.yaml |  4 +-
 ...sure-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...port-5fbee904a26db0083f1a4d8da7695a16.yaml |  4 +-
 ...-pro-5fbee904a26db0083f1a4d8da7695a16.yaml |  4 +-
 ...tify-66b6d0074514ae9bf7d808b0d7b9a6e2.yaml |  4 +-
 ...pbox-7765fb8469b9b88a34d6b432871e62d3.yaml |  4 +-
 ...stem-041adfd3c39d4b3580e02b6803d8c84d.yaml |  4 +-
 ...test-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lish-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...atic-47dfd7659803e2a498c5473e1e3ec44c.yaml |  4 +-
 ...edic-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-faq-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...itup-bb87858762b8ce23abd3059540eaff9b.yaml |  4 +-
 ...lite-2a0c0ac8cd49182e6cdc6ee30b392712.yaml |  4 +-
 ...ents-fc8825d6c61c86ccb18ee45ace94f66b.yaml |  4 +-
 ...lery-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...gbot-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rber-ae6491998df759b28d14cdb429fd6751.yaml |  4 +-
 ...rbox-4c3b7c4b9ee3cb503e7f1c307a295ea7.yaml |  4 +-
 ...dule-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ider-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ctor-d40e32a5b0b2b53caa45979ec9bf9c5b.yaml |  4 +-
 ...eals-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rses-33d299e06297ee744f8b2ab0f31bf14e.yaml |  4 +-
 ...rses-97452a6bc86602fd42828322e14bf1a4.yaml |  4 +-
 ...cker-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ulus-df02c18fa8558df79345e6d025074ade.yaml |  4 +-
 ...mode-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...cess-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ckup-72a1bd2cf4b65d84a10506cf15cba770.yaml |  4 +-
 ...ckup-89f1af83c5f7816ee1b237c0d204c470.yaml |  4 +-
 ...ckup-f1bef4e2b058a613299e0bc52fb82835.yaml |  4 +-
 ...ging-54ecced4ec6b955678ac66c0d0f02ad3.yaml |  4 +-
 ...ypes-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dmin-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...wers-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...emap-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rack-6d5c3a6b6510902181c0fc950daad824.yaml |  4 +-
 ...erce-47355e6b7ab75ca2f167e153c73e9cb8.yaml |  4 +-
 ...rter-b87c02ac90f7b6f2632497368ebe2ad8.yaml |  4 +-
 ...erce-f774eebe4f23829fc94b7eafdba5ce4e.yaml |  4 +-
 ...ents-3c60189d6f13a72d771cf945af5deabf.yaml |  4 +-
 ...lery-0a9f08b24926b461870620f84309d060.yaml |  4 +-
 ...lery-4b99edd00f6941b4dd18ce780651f43a.yaml |  4 +-
 ...lery-53e584ae34c9d1aad8bceb6896eca3e1.yaml |  4 +-
 ...lery-609b7c2d6b7906e24d1cf69e810126a4.yaml |  4 +-
 ...lery-f0840392ae02502b377a0491bc44f08d.yaml |  4 +-
 ...-pay-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cted-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...late-2961759aa56e979f7c4730d8320eec28.yaml |  4 +-
 ...sers-2c7df8a6a41b0cfad78e17028e8be6b9.yaml |  4 +-
 ...aily-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ners-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ents-725f7191ecab88079bfff1263c7f0b6b.yaml |  4 +-
 ...inks-8503267448a714d1d5d099f1366cd0ea.yaml |  4 +-
 ...inks-acbe4c57371265432a7073cce828c9b8.yaml |  4 +-
 ...roup-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...2ban-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ache-8db2ce4fbc6df6bbc133a98c76aaa326.yaml |  4 +-
 ...ache-308394f6b31625a7b3cc64b85e9f4dc2.yaml |  4 +-
 ...ache-434e9952fd09ca91a230586603143cbf.yaml |  4 +-
 ...ache-5f9f7bf290ea80a41025c30b0ffd1db1.yaml |  4 +-
 ...ache-b07a02f9d4db7fe492ff4a4ebc6a38ba.yaml |  4 +-
 ...ache-f28e9e3f4825fae9f836906b103e0875.yaml |  4 +-
 ...ager-e29d6db8a3a02793b21f4d3bff2f8cc9.yaml |  4 +-
 ...load-c865a729c4dbcf73f4c0bf83297ccf74.yaml |  4 +-
 ...-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...file-b37c0d0d71a59763b804ee0d533397e0.yaml |  4 +-
 ...file-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ance-d47084b590cbc795c568485d3590251a.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ugin-73f135de232fc553a1861c313e9ab548.yaml |  4 +-
 ...ugin-a5532d15dce91adaa57b29acc9d33bb8.yaml |  4 +-
 ...maps-5938cf4c59a1d8ebf45c155344fba09e.yaml |  4 +-
 ...view-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tify-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-eb9d1a9f33f022abcf9d4898480aa085.yaml |  4 +-
 ...show-47a30f13a712f0b51de3660787ce6dab.yaml |  4 +-
 ...ager-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...izer-8b089becf530f93c37bff15846437ba4.yaml |  4 +-
 ...oice-e02e4d31cf49a5cf3437bdef98608b60.yaml |  4 +-
 ...ager-ad1a7b10885844b515902d55c9660f2d.yaml |  4 +-
 ...ager-f05562fc94116db3e2f5dd9c7a1bb0d7.yaml |  4 +-
 ...arch-06bec6e8b710a7efd7b4113567911744.yaml |  4 +-
 ...arch-0757689ccb9eb2501cdd998e2d1228fe.yaml |  4 +-
 ...arch-493970b9d6651de9fd021a267048266d.yaml |  4 +-
 ...arch-e1e8b509fbe86c6565ac6936dc65e181.yaml |  4 +-
 ...info-0d9b0b8cf0e1e0917d4472d07a7d609b.yaml |  4 +-
 ...link-f68af0f4ef5270237a2dac4a79c88b36.yaml |  4 +-
 ...info-524d5feb3bdf1faf2643f61f231563b9.yaml |  4 +-
 ...ream-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-css-378840583bbe122d719ad92f2c75681f.yaml |  4 +-
 ...-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...show-5088078af30c234ceab9ea2c99baf901.yaml |  4 +-
 ...show-99ce085e8b4d878765e949a7f07f6195.yaml |  4 +-
 ...mpts-03550082734f798d8bdd156b8cc8a2c2.yaml |  4 +-
 ...-bio-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ress-614cced2da1395e72b78e478d2060077.yaml |  4 +-
 ...port-1006dbdfc9efb098ea5160eab40a333c.yaml |  4 +-
 ...port-5b3f76eca7d765ff7782b4367d966247.yaml |  4 +-
 ...e-tv-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cher-e5e442420905170833a6af8d927d5a01.yaml |  4 +-
 ...ging-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...ging-d4ae66d5784ee57fd8bb24dc427e9062.yaml |  4 +-
 ...ging-e516ec301b4cffad1129ddeea6a2940a.yaml |  4 +-
 ...smtp-1f2e61c0dd580a01c313ec65237451a6.yaml |  4 +-
 ...tion-acbdf3cc478f1988c5c3adc520bf6766.yaml |  4 +-
 ...tion-dc3b48b4dca1bdc6da00b0dd6c2512e9.yaml |  4 +-
 ...size-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...menu-c6355382690553750aa0f80495721ab6.yaml |  4 +-
 ...bers-927acdfb36c0f4e522e79fd5612163d3.yaml |  4 +-
 ...mory-e5755ab6ce28e69bf31d165e7430384a.yaml |  4 +-
 ...over-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lter-320c57cb813e49326995b9fd67784965.yaml |  4 +-
 ...teor-e8d8c624f6e6d23d2dff82c9385b3265.yaml |  4 +-
 ...ayer-4c9bbb5092eaa29d7b825a0537618beb.yaml |  4 +-
 ...ctor-f753e4eb4ef42bb2c3d71aa325c61612.yaml |  4 +-
 ...lisa-4a1f8595afbd88494aea9ace0d288d1b.yaml |  4 +-
 ...nput-5efd2ce0ed5c8f6b3ada49f2773bc973.yaml |  4 +-
 ...pier-600f23cea45d49c9fbecd578c78ad87f.yaml |  4 +-
 ...ocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-bar-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ages-1f2c3201ce6430a901ea9b9ce7fb0cee.yaml |  4 +-
 ...inks-e9f11c328847b06004cf712b0d79f902.yaml |  4 +-
 ...bell-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-oer-3eb3affb644d24e715bf8fc2c2551c12.yaml |  4 +-
 ...fers-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ours-acd8ba84e60cbc0f092ddfff82c451e8.yaml |  4 +-
 ...ypal-f591ec3fd6349f415ea113a1e0a8f96c.yaml |  4 +-
 ...ogin-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...plus-b6b6c7434231029039b20df85b5959db.yaml |  4 +-
 ...ects-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...iwik-011e9219619a7fcb5d0b0fb47e00200b.yaml |  4 +-
 ...card-25b6bae2090d69c4b65ae56919567a18.yaml |  4 +-
 ...lock-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lone-2d87c0364307edea9fea6b2a2be6834f.yaml |  4 +-
 ...-pdf-e97d01552bb2ae8d753dbf0013cb0c0b.yaml |  4 +-
 ...ndly-07ab0ae27a6f3fee8bb775502300d8a3.yaml |  4 +-
 ...ndly-82ee0ecca0569c5ee6149d011bc22c2e.yaml |  4 +-
 ...plus-d5107af4decc8fb0ccbe36135deb72d1.yaml |  4 +-
 ...ages-dc7758f91293ce9c92573a1104c733de.yaml |  4 +-
 ...adio-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-ads-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tbox-892de5c9148c6f8df52be6ed544382d2.yaml |  4 +-
 ...ider-44dea4f7c7575cbbd8f534048f1c0dce.yaml |  4 +-
 ...ider-568c91e024801d5d2e19e257aa73eeab.yaml |  4 +-
 ...ator-49339be9905399af5760c326a04d9feb.yaml |  4 +-
 ...rter-7725287d44cd6757cf277fdd17b26ca6.yaml |  4 +-
 ...ever-9183c93b61003074c2d21915934372a5.yaml |  4 +-
 ...osts-f11abc39d7b4372ca1d0f7ca1556eb9b.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lter-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-log-908a2c5a645886182a7c18816c5cda70.yaml |  4 +-
 ...-log-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...scan-c9a2376716cf70bca17532d4183c4633.yaml |  4 +-
 ...izer-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ages-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...inal-a0116eeab00e009fd4fa3d22d8f45407.yaml |  4 +-
 ...ugin-3019f115da4ce05058864e5dcdcaacab.yaml |  4 +-
 ...ogle-0df69cb46add8b6c0a7b0f63ee7a53a7.yaml |  4 +-
 ...stat-04e23ac1b6365010d31ca471e4c11f32.yaml |  4 +-
 ...stat-b3e91448e22115e9d095b2a1e488e5df.yaml |  4 +-
 ...stat-f8bccfc95e7537d4400b0b6737b24e5f.yaml |  4 +-
 ...port-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...-sms-7216efc8a277e31e7bc37bcee5ad9a4b.yaml |  4 +-
 ...shit-2b972fb379a3ef9946c652caaa66df2d.yaml |  4 +-
 ...shit-3baba46cc5a286838f8fb9a60b0d6094.yaml |  4 +-
 ...oxes-e6b578c644b8dec6cfd9f0e734409896.yaml |  4 +-
 ...alia-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tics-1510080b156a41f0be0cec87e4c71c9d.yaml |  4 +-
 ...tics-268f3c8028825c46a53ec35cc9415801.yaml |  4 +-
 ...tics-6600d372243624aa436749b499ef6260.yaml |  4 +-
 ...tics-c6fa1f77c447ad70ead1d031770de1e9.yaml |  4 +-
 ...tics-e9a7d43315eb08a5c15f9831030945e8.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hema-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ache-0063bb4beaa99595ff7d4e40026fb686.yaml |  4 +-
 ...ache-5536ba6a87acebd391c60f6bc2e48bf9.yaml |  4 +-
 ...stem-43205c5c452a1868decf3021c2397818.yaml |  4 +-
 ...stem-fac707dbaf41d85badb955071bceca40.yaml |  4 +-
 ...tool-fe7166fce08ea1c027bfc2808eb6d8de.yaml |  4 +-
 ...sium-f25290eae54007b679e22d13b90a23ce.yaml |  4 +-
 ...-pro-22fdef306e2010977a36342bab3a6db5.yaml |  4 +-
 ...lder-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cket-96b4fb44cfb3ecbb2e1732d4d6ba46bb.yaml |  4 +-
 ...ffer-95f254edf062c496895c196beac952e1.yaml |  4 +-
 ...uite-ed03689d193897df0f01e218797bc0ef.yaml |  4 +-
 ...usel-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...usel-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dule-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...news-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pbar-633e46af2038cc804c4d8333e35d9bb7.yaml |  4 +-
 ...gine-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...core-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rter-75438814e26aeaea61aafcd29b551852.yaml |  4 +-
 ...rter-9112916c5852d2f0b814be06e90dc90b.yaml |  4 +-
 ...tend-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...tend-52f719767f15ee080cb75a30bc027c64.yaml |  4 +-
 ...oups-bf634e73fd86b893cfe39f853485f27b.yaml |  4 +-
 ...ault-adc5003f671700d129ab7c75b33ee75d.yaml |  4 +-
 ...ider-1c782b4e649e4631f30e49b11990c278.yaml |  4 +-
 ...ider-edc2879e6dbbc4290d65d5576c4e456b.yaml |  4 +-
 ...tbox-92e1a581ed538c56c551dca01e319f17.yaml |  4 +-
 ...aded-4a0f27da648b505730f70f317974fdf7.yaml |  4 +-
 ...heet-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...heck-d62c21a080a1bd7668ca5e7c3c2401ec.yaml |  4 +-
 ...form-d691c077b0b5b8af36c29715d058c65d.yaml |  4 +-
 ...kbox-88e8ba621a8292f361dd4b3feafab680.yaml |  4 +-
 ...ller-597c6e67a31af6c6a7a2d601240421fb.yaml |  4 +-
 ...ager-fa459b52ecf85365dc55ab67da949392.yaml |  4 +-
 ...ries-bd3c8934fd0962d780c7ee3f1bf2f569.yaml |  4 +-
 ...ntor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...book-596940e1ffaab74a13bdb327bf203eca.yaml |  4 +-
 ...rect-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...scuz-a97759482458c44cbd86520addf0e715.yaml |  4 +-
 ...lite-0425ae56a9fab522c188634fc2eda86f.yaml |  4 +-
 ...lite-316c95f4f3b5891fdd91af058dfb9524.yaml |  4 +-
 ...lite-3d5a86cd8278e1869b165a5be40a3baa.yaml |  4 +-
 ...nels-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...tapi-4c6d6429665eac8877ce0e75f13992a4.yaml |  4 +-
 ...form-6647340253053f9bdb1fb3f23b4abe85.yaml |  4 +-
 ...pgsi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...pgsi-c60ee47fa89a26e43f0b2e6590ebf383.yaml |  4 +-
 ...onal-c60ee47fa89a26e43f0b2e6590ebf383.yaml |  4 +-
 ...late-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...uote-5e98c4735eb20663ca1067da327e8606.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...iler-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...wpml-b794db11782c303b2a81b056287603af.yaml |  4 +-
 ...tion-18e8b80c2622db130ba5596fe32dcfee.yaml |  4 +-
 ...ptin-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ille-94445150de831d7b0c3c55471e2a0bcf.yaml |  4 +-
 ...aner-7f379444fd295591b6061598a142cc5d.yaml |  4 +-
 ...ogin-33ba7ead1d6b53a7bacd0ee1d3cec66a.yaml |  4 +-
 ...ogin-e87c9f8090be1d89c33f679b357f6df8.yaml |  4 +-
 ...ress-40c66d343981decaf1c11e2239adae6e.yaml |  4 +-
 ...divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...inwp-3df45b218aba0e53ba0ae72e9699b2ef.yaml |  4 +-
 ...tore-11e9b1d880ea6b9e7b3f23d21ed1379c.yaml |  4 +-
 ...tore-5bf4618f3f911336450f68ac829f8ebb.yaml |  4 +-
 ...tore-b070ea085481a5d7bd82f5fd3f416fd0.yaml |  4 +-
 ...wpvr-18966e8228314b8165d39d48519f43cc.yaml |  4 +-
 ...form-cf0536ededa77239ac982d05d856b3db.yaml |  4 +-
 ...p-vc-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...utes-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ters-0dc627cd120008e5a66c81e20ce78b02.yaml |  4 +-
 ...ters-149048c8f49646b7cbdd6843761e070a.yaml |  4 +-
 ...cart-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ards-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ches-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tton-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ools-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ugin-f004ce2a754ccfc5988e2e69aed45af9.yaml |  4 +-
 ...ting-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...nder-92e334f7eff847d619a107f5b6ee2b7d.yaml |  4 +-
 ...tion-8e47416ac2dba104b5166ffbff80d7af.yaml |  4 +-
 ...pare-e5eb957a437ccd71daf2e9f56a4559b2.yaml |  4 +-
 ...uote-cd76dd48c85b587e87acb07c80de397a.yaml |  4 +-
 ...list-2ae81b909e77b01f5f9d53fd011b14fb.yaml |  4 +-
 ...poll-348e9954cde1ddefaa405cdbf442ab7b.yaml |  4 +-
 ...mbed-50a6dff0cb336807f517358763e4184a.yaml |  4 +-
 ...ayer-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tory-3ecd9d29be301ddeb0777372578c9ed3.yaml |  4 +-
 ...mage-581a16776001d26901f68412e72a12c5.yaml |  4 +-
 ...-crm-b829e9e3bc2e932b44b01c6e5d51daac.yaml |  4 +-
 ...-crm-e62802506f71c3511e6c8f20c3c5bc64.yaml |  4 +-
 ...spam-da9b182fa6fe344911bcf311918bd2c9.yaml |  4 +-
 ...rect-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...wall-4dd3cd282a5e0a6020901679d8114797.yaml |  4 +-
 ...star-a3ed9e76b0fc321cc4d7c1cb9261a2e1.yaml |  4 +-
 ...ance-9c1002d331f3bfe836a243fd7707a431.yaml |  4 +-
 ...asic-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...-mag-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...-new-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...root-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...aple-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...tore-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...heme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml |  4 +-
 ...kita-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...ster-972c6f275cedbc5b8ff06bc4a592ad76.yaml |  4 +-
 ...eska-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...ence-0e4a8af0dcec83139d2c5869dc07116c.yaml |  4 +-
 ...mela-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...plus-da3e281a5f70bba201afb2a0076933cd.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...dian-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...elle-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...ival-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...vada-4a05ae911598dc28de7b72c0be044356.yaml |  4 +-
 ...anix-153b374358a4469baf0dcf3e128485d7.yaml |  4 +-
 ...bani-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rate-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...ngle-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...laze-902eeda285eff78838cf6ebbc45afd69.yaml |  4 +-
 ...oger-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...heme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml |  4 +-
 ...rand-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tbox-de6a8f71d54a21ca8a8ec790aa7c8445.yaml |  4 +-
 ...risk-2ab21e22bdca9635ce4e964a4031d548.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...cope-30fe39ec377fc6748bfe3566282b5413.yaml |  4 +-
 ...rovy-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...heme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml |  4 +-
 ...erfy-0cc827bd1e5b71473ebe52fdbadbc377.yaml |  4 +-
 ...erfy-70111aaef33d8dec5c55f5b989914270.yaml |  4 +-
 ...erfy-d814bf89eef506e207923233b9147995.yaml |  4 +-
 ...erfy-f287f6d03ce957fcb674730856528833.yaml |  4 +-
 ...plus-ead8215e6f4d6c583e6aa46b74460457.yaml |  4 +-
 ...spot-a1557c2cdb71bc0d86215f36aee8a08b.yaml |  4 +-
 ...tion-fb64a0398d930ef57cb315100ba26973.yaml |  4 +-
 ...dore-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...rona-6fd6dbbc58f038d409e478e2b51e5038.yaml |  4 +-
 ...ress-99dafceb50253393d9ffc3281335a6c4.yaml |  4 +-
 ...rius-d78e7652648c0b8a881a39d5a0a824ec.yaml |  4 +-
 ...lace-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...urvo-d59f1cca77e5c81eb993686d3bfbe443.yaml |  4 +-
 ...deal-52cc2ef9a6c2df75495af02a2e660264.yaml |  4 +-
 ...tion-6bdfdbb30005886703826f665471e962.yaml |  4 +-
 ...isho-6c37ed5f01e697fababa0d98a125cf7e.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...sion-033d028c8d102a833af4770e22a7e5b6.yaml |  4 +-
 ...divi-aabb704338c74a997901edf2f42d1b76.yaml |  4 +-
 ...doko-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...late-042613decef34429d197e1051e8a6f20.yaml |  4 +-
 ...late-e1c40eb25b51b97676a5f939865df658.yaml |  4 +-
 ...ebiz-153b374358a4469baf0dcf3e128485d7.yaml |  4 +-
 ...obiz-153b374358a4469baf0dcf3e128485d7.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...-sec-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...asta-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tion-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...hten-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...nade-a255ef8b2471d464b72404fea528ca4b.yaml |  4 +-
 ...clid-a6caef4d4eacfb6278b4d425ef54c643.yaml |  4 +-
 ...nice-cca0a1d963a9d045f5815fda1ac1ee73.yaml |  4 +-
 ...noia-457ebe36f8d645741bdfd0b59a49af7e.yaml |  4 +-
 ...erse-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...icit-3af6c2ccbc49fd7ac785ee1caf9ff348.yaml |  4 +-
 ...pose-f1706f372daa69509bea2f9b5da810d7.yaml |  4 +-
 ...xtra-aabb704338c74a997901edf2f42d1b76.yaml |  4 +-
 ...lici-83462ab31c23510cbb4ed4293c5a8d88.yaml |  4 +-
 ...ndus-cfc50a0804539ff785925571caba914b.yaml |  4 +-
 ...aphy-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...tful-80477eee43f78931347fee8d51f74e47.yaml |  4 +-
 ...golo-1089e240eda4d80561f1b8e6010e3ce7.yaml |  4 +-
 ...sium-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tate-437a2bdda5608892f1a5bb69f6ded0f0.yaml |  4 +-
 ...tapo-59597a1103eb0e1b65ccc3450fe7b191.yaml |  4 +-
 ...erce-59597a1103eb0e1b65ccc3450fe7b191.yaml |  4 +-
 ...reer-24ed2c04cbd73f5247d8f86d829c0936.yaml |  4 +-
 ...tart-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...zept-0f4251fd59b25576860e082b19c2ffec.yaml |  4 +-
 ...more-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...gpro-a7a54e981c91a31a82ea2b30647ffe08.yaml |  4 +-
 ...ment-0cec5a6d0e834430dc98d58d37f70832.yaml |  4 +-
 ...idia-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...heme-01c4d40fcdab41e37ee61c249a61b9a0.yaml |  4 +-
 ...zuma-4261580e84ae15728409e95c26688958.yaml |  4 +-
 ...aper-6aa028e953687ecd485553c1a3a1d760.yaml |  4 +-
 ...base-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...okke-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tore-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...ovum-153b374358a4469baf0dcf3e128485d7.yaml |  4 +-
 ...heme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml |  4 +-
 ...ines-420826a18f17be957cec476d8ddba661.yaml |  4 +-
 ...some-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...ount-d272edd7bf2202319b532fbee6ccf813.yaml |  4 +-
 ...olio-8ef9471efc371c6e5352e86a4f1c97cf.yaml |  4 +-
 ...form-097b177de58f6e0ab66eb9ddb05e4182.yaml |  4 +-
 ...unte-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...rosa-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...urus-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...heme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml |  4 +-
 ...heme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml |  4 +-
 ...te-7-7c80a51dbc178dbba0958056b8c3f2e8.yaml |  4 +-
 ...tate-b65ead0bf4d8e59d495a3f91f757b324.yaml |  4 +-
 ...lity-3985d2776b3f2339d3a1cdb855d509b4.yaml |  4 +-
 ...heme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml |  4 +-
 ...gent-288eb500b515d4e74eb8cc4150e440e6.yaml |  4 +-
 ...olve-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...pple-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...heme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml |  4 +-
 ...hifa-8f0fce172385265946ed4e8ec3bfed88.yaml |  4 +-
 ...kala-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...alem-25d9dfe9dcb2d90be01a548affeb688f.yaml |  4 +-
 ...ient-29b864084c574899fcc996f9b322577a.yaml |  4 +-
 ...rlet-828e17b05d92c010fb7f9a4a0922569b.yaml |  4 +-
 ...llme-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...elio-fbaa72caee7c30faff8212706be987c1.yaml |  4 +-
 ...less-6490c018ab51d9b822f80c44c2a4f77f.yaml |  4 +-
 ...tbox-0dec1530fa29f0f3dd02117fbaf12b9a.yaml |  4 +-
 ...uban-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...chid-f668ff84aa12e9412717100f16882a82.yaml |  4 +-
 ...ance-36a65684d72ca90db400bc9a48e4b1a7.yaml |  4 +-
 ...tart-9ef0d273482df03c9ba3dcd5e27ac8b5.yaml |  4 +-
 ...urce-03c4d8dd500314f942cf4bffdc3e3289.yaml |  4 +-
 ...arky-186cdb2704350d8646ad5a58aed89581.yaml |  4 +-
 ...list-48124923f45f6ff808c33e2b8fa204cd.yaml |  4 +-
 ...ulor-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...illa-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...ozen-0aa9e3593c86e4ffacf4528cd86f4af3.yaml |  4 +-
 ...list-887e51b7ac6ae9ebfb1f0b6b57330b90.yaml |  4 +-
 ...tory-e1d105a5373862135dae31af977cf05f.yaml |  4 +-
 ...gger-816c00d91c21f41afdfc82cbe3dd6a68.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...cher-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...nday-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...e100-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...ency-18e29f581b2b637530caba059b3180e6.yaml |  4 +-
 ...eler-10e06b5ef925da2edfec94c00c6ef59a.yaml |  4 +-
 ...eler-47edf7b573f3606ae6a648dd78bee5ee.yaml |  4 +-
 ...eler-4e8adfcb068bf53ba8223d2136f425a4.yaml |  4 +-
 ...even-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...akit-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...cale-5e5f5586f8a04fc7c1bb725c8fd2a8ff.yaml |  4 +-
 ...lvet-cebcf5c5e3b1d8025e7b39f8bd391a13.yaml |  4 +-
 ...llar-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...like-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...vmag-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...news-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...ibar-8720a886474e9b973346fa40eca70f76.yaml |  4 +-
 ...fice-b256df5c032ca82a00290c7b34a523e2.yaml |  4 +-
 ...tify-5a02b0682e7d4b10352df50fd089e856.yaml |  4 +-
 ...oose-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...erra-b9563d9e100a8de4aef6c2ddb59436a7.yaml |  4 +-
 ...tore-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...llax-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...baby-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...tics-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...lite-b05621ef791a4dad965a137ebf6fa48c.yaml |  4 +-
 ...oner-4fb619246fc5d2000cab608496d82ce7.yaml |  4 +-
 ...oner-d7ec4a32cfcc6080d759cea90bff42d1.yaml |  4 +-
 ...ress-08c53afd34ffbbd3059a2b6b66bcb1c4.yaml |  4 +-
 ...ress-3d37583bb3d8fb0c908af6e42a91b161.yaml |  4 +-
 ...ress-591e0bc07a94ed14670e3a9711a55f6c.yaml |  4 +-
 ...ress-5bece4b7e128b93c7ba7c67e9587fa70.yaml |  4 +-
 ...ress-86b363b18abd64f68bd3504e771d1304.yaml |  4 +-
 ...ress-86d97cfb2c6c1dcbecff85883c6518a3.yaml |  4 +-
 ...ress-8ab2154abe7c34e01ae356ee17e67c3a.yaml |  4 +-
 ...ress-91b67be1988bc2723c174da3440c9a3b.yaml |  4 +-
 ...ress-9e82b6889ee804643ded805eecd26873.yaml |  4 +-
 ...ress-b72b325374b1f5f1e06c0d338207c783.yaml |  4 +-
 ...ress-c9365112ff2c7a32ee6ceb41759e0ba7.yaml |  4 +-
 ...ress-ed4cb69f49b56e0f42af418819975107.yaml |  4 +-
 ...ress-fffa14ca79a3dd45e05f299cc50d704f.yaml |  4 +-
 9859 files changed, 20646 insertions(+), 20650 deletions(-)

diff --git a/nuclei-templates/2003/CVE-2003-1598-8b8bc9dc7287ba3ce3345c56bcac0bb7.yaml b/nuclei-templates/2003/CVE-2003-1598-8b8bc9dc7287ba3ce3345c56bcac0bb7.yaml
index ffc5232d85..a6eb6a6eea 100644
--- a/nuclei-templates/2003/CVE-2003-1598-8b8bc9dc7287ba3ce3345c56bcac0bb7.yaml
+++ b/nuclei-templates/2003/CVE-2003-1598-8b8bc9dc7287ba3ce3345c56bcac0bb7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 0.72 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2003-1598
   metadata:
     shodan-query: 'vuln:CVE-2003-1598'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2004/CVE-2004-1559-62059d6f1640212c35e5b3f8330daee1.yaml b/nuclei-templates/2004/CVE-2004-1559-62059d6f1640212c35e5b3f8330daee1.yaml
index 4137d84096..227ac1b48d 100644
--- a/nuclei-templates/2004/CVE-2004-1559-62059d6f1640212c35e5b3f8330daee1.yaml
+++ b/nuclei-templates/2004/CVE-2004-1559-62059d6f1640212c35e5b3f8330daee1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 1.2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2004-1559
   metadata:
     shodan-query: 'vuln:CVE-2004-1559'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2005/CVE-2005-1102-dced04c5992536d443cadc0d8795aeb0.yaml b/nuclei-templates/2005/CVE-2005-1102-dced04c5992536d443cadc0d8795aeb0.yaml
index ee248027a5..f69b11ac4b 100644
--- a/nuclei-templates/2005/CVE-2005-1102-dced04c5992536d443cadc0d8795aeb0.yaml
+++ b/nuclei-templates/2005/CVE-2005-1102-dced04c5992536d443cadc0d8795aeb0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 1.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2005-1102
   metadata:
     shodan-query: 'vuln:CVE-2005-1102'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2005/CVE-2005-1687-a9813318cd00104cf812206e64197a1c.yaml b/nuclei-templates/2005/CVE-2005-1687-a9813318cd00104cf812206e64197a1c.yaml
index 0714016bb0..9d8a5c7f88 100644
--- a/nuclei-templates/2005/CVE-2005-1687-a9813318cd00104cf812206e64197a1c.yaml
+++ b/nuclei-templates/2005/CVE-2005-1687-a9813318cd00104cf812206e64197a1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 1.5.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2005-1687
   metadata:
     shodan-query: 'vuln:CVE-2005-1687'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2005/CVE-2005-1810-24c78f38bf30593eb710d6e05f774c4e.yaml b/nuclei-templates/2005/CVE-2005-1810-24c78f38bf30593eb710d6e05f774c4e.yaml
index 88827f361e..5c313f792e 100644
--- a/nuclei-templates/2005/CVE-2005-1810-24c78f38bf30593eb710d6e05f774c4e.yaml
+++ b/nuclei-templates/2005/CVE-2005-1810-24c78f38bf30593eb710d6e05f774c4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 1.5.1.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2005-1810
   metadata:
     shodan-query: 'vuln:CVE-2005-1810'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2005/CVE-2005-2108-83ae7383a40a2b386de5c8ed058c9c78.yaml b/nuclei-templates/2005/CVE-2005-2108-83ae7383a40a2b386de5c8ed058c9c78.yaml
index 7949580345..531b091a4d 100644
--- a/nuclei-templates/2005/CVE-2005-2108-83ae7383a40a2b386de5c8ed058c9c78.yaml
+++ b/nuclei-templates/2005/CVE-2005-2108-83ae7383a40a2b386de5c8ed058c9c78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 1.5.1.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2005-2108
   metadata:
     shodan-query: 'vuln:CVE-2005-2108'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2005/CVE-2005-2612-8889c549d7832d5315ef07e7a0f1de5e.yaml b/nuclei-templates/2005/CVE-2005-2612-8889c549d7832d5315ef07e7a0f1de5e.yaml
index 05c154dbe3..1bbe7769e7 100644
--- a/nuclei-templates/2005/CVE-2005-2612-8889c549d7832d5315ef07e7a0f1de5e.yaml
+++ b/nuclei-templates/2005/CVE-2005-2612-8889c549d7832d5315ef07e7a0f1de5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 1.5.2 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2005-2612
   metadata:
     shodan-query: 'vuln:CVE-2005-2612'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2006/CVE-2006-1012-5ffbaa4e2b1d5d3387454a24d1df8151.yaml b/nuclei-templates/2006/CVE-2006-1012-5ffbaa4e2b1d5d3387454a24d1df8151.yaml
index 84c7b1ca80..ba9dab247f 100644
--- a/nuclei-templates/2006/CVE-2006-1012-5ffbaa4e2b1d5d3387454a24d1df8151.yaml
+++ b/nuclei-templates/2006/CVE-2006-1012-5ffbaa4e2b1d5d3387454a24d1df8151.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 1.5.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2006-1012
   metadata:
     shodan-query: 'vuln:CVE-2006-1012'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2006/CVE-2006-1796-f505e5adff7df495d5e3883941625090.yaml b/nuclei-templates/2006/CVE-2006-1796-f505e5adff7df495d5e3883941625090.yaml
index bbd0b4c032..180d777387 100644
--- a/nuclei-templates/2006/CVE-2006-1796-f505e5adff7df495d5e3883941625090.yaml
+++ b/nuclei-templates/2006/CVE-2006-1796-f505e5adff7df495d5e3883941625090.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2006-1796
   metadata:
     shodan-query: 'vuln:CVE-2006-1796'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2006/CVE-2006-2667-2250da6b6f83d2978f8b20e578c03ce4.yaml b/nuclei-templates/2006/CVE-2006-2667-2250da6b6f83d2978f8b20e578c03ce4.yaml
index fa999ae823..cf8074cfaa 100644
--- a/nuclei-templates/2006/CVE-2006-2667-2250da6b6f83d2978f8b20e578c03ce4.yaml
+++ b/nuclei-templates/2006/CVE-2006-2667-2250da6b6f83d2978f8b20e578c03ce4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.0.3 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2006-2667
   metadata:
     shodan-query: 'vuln:CVE-2006-2667'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2006/CVE-2006-4208-1354435c4f5fd2cf36a77bfe4d9efd70.yaml b/nuclei-templates/2006/CVE-2006-4208-1354435c4f5fd2cf36a77bfe4d9efd70.yaml
index bcdf7e4038..1c6e51663e 100644
--- a/nuclei-templates/2006/CVE-2006-4208-1354435c4f5fd2cf36a77bfe4d9efd70.yaml
+++ b/nuclei-templates/2006/CVE-2006-4208-1354435c4f5fd2cf36a77bfe4d9efd70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Skippy WP-DB Backup (Legacy Plugin) <= 1.7 - Authenticated (Admin+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Directory traversal vulnerability in wp-db-backup.php in the Skippy WP-DB-Backup legacy plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-db-backup.php/"
     google-query: inurl:"/wp-content/plugins/wp-db-backup.php/"
     shodan-query: 'vuln:CVE-2006-4208'
-  tags: cve,wordpress,wp-plugin,wp-db-backup.php,medium
+  tags: cve,wordpress,wp-plugin,wp-db-backup.php,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2006/CVE-2006-6808-c74b3da5c9977a8515a2ae6aea10e45b.yaml b/nuclei-templates/2006/CVE-2006-6808-c74b3da5c9977a8515a2ae6aea10e45b.yaml
index e142c2c7ce..72dca3ab8b 100644
--- a/nuclei-templates/2006/CVE-2006-6808-c74b3da5c9977a8515a2ae6aea10e45b.yaml
+++ b/nuclei-templates/2006/CVE-2006-6808-c74b3da5c9977a8515a2ae6aea10e45b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.0.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.  NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2006-6808
   metadata:
     shodan-query: 'vuln:CVE-2006-6808'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-0106-5248a5bd925434add7e3be51c0e47bf5.yaml b/nuclei-templates/2007/CVE-2007-0106-5248a5bd925434add7e3be51c0e47bf5.yaml
index fa4468b7af..b9cbb1be56 100644
--- a/nuclei-templates/2007/CVE-2007-0106-5248a5bd925434add7e3be51c0e47bf5.yaml
+++ b/nuclei-templates/2007/CVE-2007-0106-5248a5bd925434add7e3be51c0e47bf5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.0.5 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-0106
   metadata:
     shodan-query: 'vuln:CVE-2007-0106'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-0233-78c0fa7115ae86c26deccf0e5ec633a7.yaml b/nuclei-templates/2007/CVE-2007-0233-78c0fa7115ae86c26deccf0e5ec633a7.yaml
index dabe0f6b85..0a9c1fbc97 100644
--- a/nuclei-templates/2007/CVE-2007-0233-78c0fa7115ae86c26deccf0e5ec633a7.yaml
+++ b/nuclei-templates/2007/CVE-2007-0233-78c0fa7115ae86c26deccf0e5ec633a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.0.7 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.  NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-0233
   metadata:
     shodan-query: 'vuln:CVE-2007-0233'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-1230-e46b887a41d8ee6fabb81ee3e309e2b3.yaml b/nuclei-templates/2007/CVE-2007-1230-e46b887a41d8ee6fabb81ee3e309e2b3.yaml
index 7f75aa73ef..3a1977a711 100644
--- a/nuclei-templates/2007/CVE-2007-1230-e46b887a41d8ee6fabb81ee3e309e2b3.yaml
+++ b/nuclei-templates/2007/CVE-2007-1230-e46b887a41d8ee6fabb81ee3e309e2b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-1230
   metadata:
     shodan-query: 'vuln:CVE-2007-1230'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-1244-a556f0ec8cc782b1df540c9037fded25.yaml b/nuclei-templates/2007/CVE-2007-1244-a556f0ec8cc782b1df540c9037fded25.yaml
index 6821251b79..fafa0425b1 100644
--- a/nuclei-templates/2007/CVE-2007-1244-a556f0ec8cc782b1df540c9037fded25.yaml
+++ b/nuclei-templates/2007/CVE-2007-1244-a556f0ec8cc782b1df540c9037fded25.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php.  NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-1244
   metadata:
     shodan-query: 'vuln:CVE-2007-1244'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-1622-f773a7113074464a75bbe2d49bec8c41.yaml b/nuclei-templates/2007/CVE-2007-1622-f773a7113074464a75bbe2d49bec8c41.yaml
index e198cf0cb2..22aa22bd55 100644
--- a/nuclei-templates/2007/CVE-2007-1622-f773a7113074464a75bbe2d49bec8c41.yaml
+++ b/nuclei-templates/2007/CVE-2007-1622-f773a7113074464a75bbe2d49bec8c41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-1622
   metadata:
     shodan-query: 'vuln:CVE-2007-1622'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-1893-5382cac551da0c76754442b2aa2316fe.yaml b/nuclei-templates/2007/CVE-2007-1893-5382cac551da0c76754442b2aa2316fe.yaml
index 856ddd0acc..07fd38f883 100644
--- a/nuclei-templates/2007/CVE-2007-1893-5382cac551da0c76754442b2aa2316fe.yaml
+++ b/nuclei-templates/2007/CVE-2007-1893-5382cac551da0c76754442b2aa2316fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.1.3 -  Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-1893
   metadata:
     shodan-query: 'vuln:CVE-2007-1893'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-1894-6f396d18ad1fbb1948ad9473860ec9d1.yaml b/nuclei-templates/2007/CVE-2007-1894-6f396d18ad1fbb1948ad9473860ec9d1.yaml
index 82ac5fd245..be3a49403f 100644
--- a/nuclei-templates/2007/CVE-2007-1894-6f396d18ad1fbb1948ad9473860ec9d1.yaml
+++ b/nuclei-templates/2007/CVE-2007-1894-6f396d18ad1fbb1948ad9473860ec9d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-1894
   metadata:
     shodan-query: 'vuln:CVE-2007-1894'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-1897-be037ab5b01a52fa0b9478e50ded7b01.yaml b/nuclei-templates/2007/CVE-2007-1897-be037ab5b01a52fa0b9478e50ded7b01.yaml
index cc75cbde1c..5443170ff1 100644
--- a/nuclei-templates/2007/CVE-2007-1897-be037ab5b01a52fa0b9478e50ded7b01.yaml
+++ b/nuclei-templates/2007/CVE-2007-1897-be037ab5b01a52fa0b9478e50ded7b01.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.1.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-1897
   metadata:
     shodan-query: 'vuln:CVE-2007-1897'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-2627-141c7f9cf7e30f994110491cc5e7c119.yaml b/nuclei-templates/2007/CVE-2007-2627-141c7f9cf7e30f994110491cc5e7c119.yaml
index a926be47d8..2bf9feeda9 100644
--- a/nuclei-templates/2007/CVE-2007-2627-141c7f9cf7e30f994110491cc5e7c119.yaml
+++ b/nuclei-templates/2007/CVE-2007-2627-141c7f9cf7e30f994110491cc5e7c119.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-2627
   metadata:
     shodan-query: 'vuln:CVE-2007-2627'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-2714-0b8de7e6634f1364f8cfc6fe68a06736.yaml b/nuclei-templates/2007/CVE-2007-2714-0b8de7e6634f1364f8cfc6fe68a06736.yaml
index d632c253b9..6846d63df9 100644
--- a/nuclei-templates/2007/CVE-2007-2714-0b8de7e6634f1364f8cfc6fe68a06736.yaml
+++ b/nuclei-templates/2007/CVE-2007-2714-0b8de7e6634f1364f8cfc6fe68a06736.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Akismet Spam Protection < 2.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Akismet Spam Protection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _wp_http_referer’ parameter in versions before 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for  attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/akismet/"
     google-query: inurl:"/wp-content/plugins/akismet/"
     shodan-query: 'vuln:CVE-2007-2714'
-  tags: cve,wordpress,wp-plugin,akismet,medium
+  tags: cve,wordpress,wp-plugin,akismet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-2828-e6b40723167a263b6dd92aa26e882342.yaml b/nuclei-templates/2007/CVE-2007-2828-e6b40723167a263b6dd92aa26e882342.yaml
index ee167faa62..7ef1f9a09f 100644
--- a/nuclei-templates/2007/CVE-2007-2828-e6b40723167a263b6dd92aa26e882342.yaml
+++ b/nuclei-templates/2007/CVE-2007-2828-e6b40723167a263b6dd92aa26e882342.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdSense-Deluxe <= 0.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adsense-deluxe/"
     google-query: inurl:"/wp-content/plugins/adsense-deluxe/"
     shodan-query: 'vuln:CVE-2007-2828'
-  tags: cve,wordpress,wp-plugin,adsense-deluxe,high
+  tags: cve,wordpress,wp-plugin,adsense-deluxe,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-3140-380df031c42ca1baae8054ba3ed4d998.yaml b/nuclei-templates/2007/CVE-2007-3140-380df031c42ca1baae8054ba3ed4d998.yaml
index 82fdd56ddd..d7581b04d0 100644
--- a/nuclei-templates/2007/CVE-2007-3140-380df031c42ca1baae8054ba3ed4d998.yaml
+++ b/nuclei-templates/2007/CVE-2007-3140-380df031c42ca1baae8054ba3ed4d998.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-3140
   metadata:
     shodan-query: 'vuln:CVE-2007-3140'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-3239-2a9919a2db8ebb02104bc342de5cafa4.yaml b/nuclei-templates/2007/CVE-2007-3239-2a9919a2db8ebb02104bc342de5cafa4.yaml
index a0708f5fb1..0f148176c7 100644
--- a/nuclei-templates/2007/CVE-2007-3239-2a9919a2db8ebb02104bc342de5cafa4.yaml
+++ b/nuclei-templates/2007/CVE-2007-3239-2a9919a2db8ebb02104bc342de5cafa4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AndyBlue Theme < 1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php.  NOTE: this can be leveraged for PHP code execution in an administrative session.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/andyblue/"
     google-query: inurl:"/wp-content/themes/andyblue/"
     shodan-query: 'vuln:CVE-2007-3239'
-  tags: cve,wordpress,wp-theme,andyblue,medium
+  tags: cve,wordpress,wp-theme,andyblue,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-3240-8fb46ccbfe8eb892f418af64a9d461a7.yaml b/nuclei-templates/2007/CVE-2007-3240-8fb46ccbfe8eb892f418af64a9d461a7.yaml
index ba397ebdf5..e4ebde30c2 100644
--- a/nuclei-templates/2007/CVE-2007-3240-8fb46ccbfe8eb892f418af64a9d461a7.yaml
+++ b/nuclei-templates/2007/CVE-2007-3240-8fb46ccbfe8eb892f418af64a9d461a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vistered Little (Unspecified Version) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Vistered Little theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the the URI (REQUEST_URI) that accesses index.php in all known versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Vistered-Little/"
     google-query: inurl:"/wp-content/themes/Vistered-Little/"
     shodan-query: 'vuln:CVE-2007-3240'
-  tags: cve,wordpress,wp-theme,Vistered-Little,medium
+  tags: cve,wordpress,wp-theme,Vistered-Little,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-3241-c96b02624922c50381a023e57cd89cf7.yaml b/nuclei-templates/2007/CVE-2007-3241-c96b02624922c50381a023e57cd89cf7.yaml
index c9c59b3af9..bf5f09472c 100644
--- a/nuclei-templates/2007/CVE-2007-3241-c96b02624922c50381a023e57cd89cf7.yaml
+++ b/nuclei-templates/2007/CVE-2007-3241-c96b02624922c50381a023e57cd89cf7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cordobo Green Park (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/cordobo-green-park/"
     google-query: inurl:"/wp-content/themes/cordobo-green-park/"
     shodan-query: 'vuln:CVE-2007-3241'
-  tags: cve,wordpress,wp-theme,cordobo-green-park,medium
+  tags: cve,wordpress,wp-theme,cordobo-green-park,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-3543-23b280de753c54a779bef1b8400aad8b.yaml b/nuclei-templates/2007/CVE-2007-3543-23b280de753c54a779bef1b8400aad8b.yaml
index d24b86a13d..d552b7927e 100644
--- a/nuclei-templates/2007/CVE-2007-3543-23b280de753c54a779bef1b8400aad8b.yaml
+++ b/nuclei-templates/2007/CVE-2007-3543-23b280de753c54a779bef1b8400aad8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.2 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-3543
   metadata:
     shodan-query: 'vuln:CVE-2007-3543'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-3544-b9356af48d41602f5f193ab6f4ff8815.yaml b/nuclei-templates/2007/CVE-2007-3544-b9356af48d41602f5f193ab6f4ff8815.yaml
index 32496a2cfe..5f15084afb 100644
--- a/nuclei-templates/2007/CVE-2007-3544-b9356af48d41602f5f193ab6f4ff8815.yaml
+++ b/nuclei-templates/2007/CVE-2007-3544-b9356af48d41602f5f193ab6f4ff8815.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.2.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-3544
   metadata:
     shodan-query: 'vuln:CVE-2007-3544'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
@@ -32,9 +32,9 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - compare_versions(version_by_generator, '<= 1.2.3')
-          - compare_versions(version_by_js, '<= 1.2.3')
-          - compare_versions(version_by_css, '<= 1.2.3')
+          - compare_versions(version_by_generator, '<= 2.2.1')
+          - compare_versions(version_by_js, '<= 2.2.1')
+          - compare_versions(version_by_css, '<= 2.2.1')
 
       - type: status
         status:
diff --git a/nuclei-templates/2007/CVE-2007-4014-54409f2bc5984d61c42ec97047d41adc.yaml b/nuclei-templates/2007/CVE-2007-4014-54409f2bc5984d61c42ec97047d41adc.yaml
index 2d3e3c5ef3..013328f344 100644
--- a/nuclei-templates/2007/CVE-2007-4014-54409f2bc5984d61c42ec97047d41adc.yaml
+++ b/nuclei-templates/2007/CVE-2007-4014-54409f2bc5984d61c42ec97047d41adc.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2007-4014
   metadata:
-    fofa-query: "wp-content/themes/blixed/"
-    google-query: inurl:"/wp-content/themes/blixed/"
+    fofa-query: "wp-content/themes/blix/"
+    google-query: inurl:"/wp-content/themes/blix/"
     shodan-query: 'vuln:CVE-2007-4014'
-  tags: cve,wordpress,wp-theme,blixed,medium
+  tags: cve,wordpress,wp-theme,blix,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/blixed/style.css"
+      - "{{BaseURL}}/wp-content/themes/blix/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "blixed"
+          - "blix"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.0')
\ No newline at end of file
+          - compare_versions(version, '<= 0.9.1')
\ No newline at end of file
diff --git a/nuclei-templates/2007/CVE-2007-4139-bc3069fe10b3f1d27d4fca396970c629.yaml b/nuclei-templates/2007/CVE-2007-4139-bc3069fe10b3f1d27d4fca396970c629.yaml
index 901e76f545..d6c3eefd02 100644
--- a/nuclei-templates/2007/CVE-2007-4139-bc3069fe10b3f1d27d4fca396970c629.yaml
+++ b/nuclei-templates/2007/CVE-2007-4139-bc3069fe10b3f1d27d4fca396970c629.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Temporary Uploads editing functionality (wp-admin/includes/upload.php) in WordPress 2.2.1, allows remote attackers to inject arbitrary web script or HTML via the style parameter to wp-admin/upload.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-4139
   metadata:
     shodan-query: 'vuln:CVE-2007-4139'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-4153-172cb25c60ec97a4292f9de3be08e5ed.yaml b/nuclei-templates/2007/CVE-2007-4153-172cb25c60ec97a4292f9de3be08e5ed.yaml
index 2811bd5c0a..450c77f213 100644
--- a/nuclei-templates/2007/CVE-2007-4153-172cb25c60ec97a4292f9de3be08e5ed.yaml
+++ b/nuclei-templates/2007/CVE-2007-4153-172cb25c60ec97a4292f9de3be08e5ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.2.1 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php.  NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-4153
   metadata:
     shodan-query: 'vuln:CVE-2007-4153'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-4154-fb2282647c2ae8c5fc2f5ce43c10e3b4.yaml b/nuclei-templates/2007/CVE-2007-4154-fb2282647c2ae8c5fc2f5ce43c10e3b4.yaml
index 1148430e63..8d58b69581 100644
--- a/nuclei-templates/2007/CVE-2007-4154-fb2282647c2ae8c5fc2f5ce43c10e3b4.yaml
+++ b/nuclei-templates/2007/CVE-2007-4154-fb2282647c2ae8c5fc2f5ce43c10e3b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.2.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-4154
   metadata:
     shodan-query: 'vuln:CVE-2007-4154'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-4165-f021202130cf5324996d350595ae862c.yaml b/nuclei-templates/2007/CVE-2007-4165-f021202130cf5324996d350595ae862c.yaml
index 4d0218c46b..47826cf42c 100644
--- a/nuclei-templates/2007/CVE-2007-4165-f021202130cf5324996d350595ae862c.yaml
+++ b/nuclei-templates/2007/CVE-2007-4165-f021202130cf5324996d350595ae862c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blue Memories <= 1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/blue-memories/"
     google-query: inurl:"/wp-content/themes/blue-memories/"
     shodan-query: 'vuln:CVE-2007-4165'
-  tags: cve,wordpress,wp-theme,blue-memories,medium
+  tags: cve,wordpress,wp-theme,blue-memories,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-4166-babd8720f51cdfc03ee525219e51d67f.yaml b/nuclei-templates/2007/CVE-2007-4166-babd8720f51cdfc03ee525219e51d67f.yaml
index ffb063fae9..d1587f564b 100644
--- a/nuclei-templates/2007/CVE-2007-4166-babd8720f51cdfc03ee525219e51d67f.yaml
+++ b/nuclei-templates/2007/CVE-2007-4166-babd8720f51cdfc03ee525219e51d67f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unnamed < 1.2.17.1 and Unnamed SE < 1.0.3  - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme before 1.2.17.1, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165.  NOTE: some of these details are obtained from third party information.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2007-4166
   metadata:
-    fofa-query: "wp-content/themes/unnamed/"
-    google-query: inurl:"/wp-content/themes/unnamed/"
+    fofa-query: "wp-content/themes/unnamed-se/"
+    google-query: inurl:"/wp-content/themes/unnamed-se/"
     shodan-query: 'vuln:CVE-2007-4166'
-  tags: cve,wordpress,wp-theme,unnamed,medium
+  tags: cve,wordpress,wp-theme,unnamed-se,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/unnamed/style.css"
+      - "{{BaseURL}}/wp-content/themes/unnamed-se/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "unnamed"
+          - "unnamed-se"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.2.17')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.2')
\ No newline at end of file
diff --git a/nuclei-templates/2007/CVE-2007-4480-b962a43c022ee33e3f132497b433375e.yaml b/nuclei-templates/2007/CVE-2007-4480-b962a43c022ee33e3f132497b433375e.yaml
index 79a8129023..82567c6032 100644
--- a/nuclei-templates/2007/CVE-2007-4480-b962a43c022ee33e3f132497b433375e.yaml
+++ b/nuclei-templates/2007/CVE-2007-4480-b962a43c022ee33e3f132497b433375e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sirius <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/sirius/"
     google-query: inurl:"/wp-content/themes/sirius/"
     shodan-query: 'vuln:CVE-2007-4480'
-  tags: cve,wordpress,wp-theme,sirius,medium
+  tags: cve,wordpress,wp-theme,sirius,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-4481-c0b95532030c59fee6c1d3ae2a188201.yaml b/nuclei-templates/2007/CVE-2007-4481-c0b95532030c59fee6c1d3ae2a188201.yaml
index 01ac98896c..caa6ab6342 100644
--- a/nuclei-templates/2007/CVE-2007-4481-c0b95532030c59fee6c1d3ae2a188201.yaml
+++ b/nuclei-templates/2007/CVE-2007-4481-c0b95532030c59fee6c1d3ae2a188201.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blix 0.9.1 and Blix 0.9.1 Rus - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/blix/"
     google-query: inurl:"/wp-content/themes/blix/"
     shodan-query: 'vuln:CVE-2007-4481'
-  tags: cve,wordpress,wp-theme,blix,medium
+  tags: cve,wordpress,wp-theme,blix,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-4483-7cba36ac5159d909041a39ae02e640fa.yaml b/nuclei-templates/2007/CVE-2007-4483-7cba36ac5159d909041a39ae02e640fa.yaml
index 6390591a5f..0f0e819878 100644
--- a/nuclei-templates/2007/CVE-2007-4483-7cba36ac5159d909041a39ae02e640fa.yaml
+++ b/nuclei-templates/2007/CVE-2007-4483-7cba36ac5159d909041a39ae02e640fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Classic <= 1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/classic/"
     google-query: inurl:"/wp-content/themes/classic/"
     shodan-query: 'vuln:CVE-2007-4483'
-  tags: cve,wordpress,wp-theme,classic,medium
+  tags: cve,wordpress,wp-theme,classic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-4544-a4e5a5186ca39bcba5d872b9fb372cda.yaml b/nuclei-templates/2007/CVE-2007-4544-a4e5a5186ca39bcba5d872b9fb372cda.yaml
index 64f86eba0b..1123b076e7 100644
--- a/nuclei-templates/2007/CVE-2007-4544-a4e5a5186ca39bcba5d872b9fb372cda.yaml
+++ b/nuclei-templates/2007/CVE-2007-4544-a4e5a5186ca39bcba5d872b9fb372cda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress MU <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-4544
   metadata:
     shodan-query: 'vuln:CVE-2007-4544'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-4893-abd2276f34ac392ae9b6a69f93290abd.yaml b/nuclei-templates/2007/CVE-2007-4893-abd2276f34ac392ae9b6a69f93290abd.yaml
index 5838ac5962..a0c3a9d961 100644
--- a/nuclei-templates/2007/CVE-2007-4893-abd2276f34ac392ae9b6a69f93290abd.yaml
+++ b/nuclei-templates/2007/CVE-2007-4893-abd2276f34ac392ae9b6a69f93290abd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-4893
   metadata:
     shodan-query: 'vuln:CVE-2007-4893'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
@@ -32,9 +32,9 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - compare_versions(version_by_generator, '< 1.2.5a')
-          - compare_versions(version_by_js, '< 1.2.5a')
-          - compare_versions(version_by_css, '< 1.2.5a')
+          - compare_versions(version_by_generator, '<= 2.2.2')
+          - compare_versions(version_by_js, '<= 2.2.2')
+          - compare_versions(version_by_css, '<= 2.2.2')
 
       - type: status
         status:
diff --git a/nuclei-templates/2007/CVE-2007-4894-7a8b8fa3bcccffed98e8c5f115c5183e.yaml b/nuclei-templates/2007/CVE-2007-4894-7a8b8fa3bcccffed98e8c5f115c5183e.yaml
index a7f968f93f..6e645e3c8a 100644
--- a/nuclei-templates/2007/CVE-2007-4894-7a8b8fa3bcccffed98e8c5f115c5183e.yaml
+++ b/nuclei-templates/2007/CVE-2007-4894-7a8b8fa3bcccffed98e8c5f115c5183e.yaml
@@ -32,9 +32,9 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - compare_versions(version_by_generator, '< 1.2.5')
-          - compare_versions(version_by_js, '< 1.2.5')
-          - compare_versions(version_by_css, '< 1.2.5')
+          - compare_versions(version_by_generator, '< 2.2.3')
+          - compare_versions(version_by_js, '< 2.2.3')
+          - compare_versions(version_by_css, '< 2.2.3')
 
       - type: status
         status:
diff --git a/nuclei-templates/2007/CVE-2007-5105-bea5bcb6ac9b66b08b05c172c3f9bc32.yaml b/nuclei-templates/2007/CVE-2007-5105-bea5bcb6ac9b66b08b05c172c3f9bc32.yaml
index 02bd103431..06c393da77 100644
--- a/nuclei-templates/2007/CVE-2007-5105-bea5bcb6ac9b66b08b05c172c3f9bc32.yaml
+++ b/nuclei-templates/2007/CVE-2007-5105-bea5bcb6ac9b66b08b05c172c3f9bc32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-5105
   metadata:
     shodan-query: 'vuln:CVE-2007-5105'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-5106-6d56121149ca7bd6af4818d9b53bdc87.yaml b/nuclei-templates/2007/CVE-2007-5106-6d56121149ca7bd6af4818d9b53bdc87.yaml
index e083a23b72..59c63e2b67 100644
--- a/nuclei-templates/2007/CVE-2007-5106-6d56121149ca7bd6af4818d9b53bdc87.yaml
+++ b/nuclei-templates/2007/CVE-2007-5106-6d56121149ca7bd6af4818d9b53bdc87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-5106
   metadata:
     shodan-query: 'vuln:CVE-2007-5106'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-5229-95305525d7820973fed879d8dfc49664.yaml b/nuclei-templates/2007/CVE-2007-5229-95305525d7820973fed879d8dfc49664.yaml
index d161d701a0..abf02ce399 100644
--- a/nuclei-templates/2007/CVE-2007-5229-95305525d7820973fed879d8dfc49664.yaml
+++ b/nuclei-templates/2007/CVE-2007-5229-95305525d7820973fed879d8dfc49664.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FeedBurner FeedSmith <= 2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedburner-feedsmith/"
     google-query: inurl:"/wp-content/plugins/feedburner-feedsmith/"
     shodan-query: 'vuln:CVE-2007-5229'
-  tags: cve,wordpress,wp-plugin,feedburner-feedsmith,high
+  tags: cve,wordpress,wp-plugin,feedburner-feedsmith,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-5710-ed09f8fa2b1f0c2f3b1b1ea2ddd6cf57.yaml b/nuclei-templates/2007/CVE-2007-5710-ed09f8fa2b1f0c2f3b1b1ea2ddd6cf57.yaml
index 40969adff1..e39c990e25 100644
--- a/nuclei-templates/2007/CVE-2007-5710-ed09f8fa2b1f0c2f3b1b1ea2ddd6cf57.yaml
+++ b/nuclei-templates/2007/CVE-2007-5710-ed09f8fa2b1f0c2f3b1b1ea2ddd6cf57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-5710
   metadata:
     shodan-query: 'vuln:CVE-2007-5710'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-6013-19e5f7c5a5cf8056d79bfab611f4ed1f.yaml b/nuclei-templates/2007/CVE-2007-6013-19e5f7c5a5cf8056d79bfab611f4ed1f.yaml
index 908ab1dbc8..cc0e7fde71 100644
--- a/nuclei-templates/2007/CVE-2007-6013-19e5f7c5a5cf8056d79bfab611f4ed1f.yaml
+++ b/nuclei-templates/2007/CVE-2007-6013-19e5f7c5a5cf8056d79bfab611f4ed1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core 1.5 - 2.3.1 - Authorization Bypass
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2007-6013
   metadata:
     shodan-query: 'vuln:CVE-2007-6013'
-  tags: cve,wordpress,wp-core,critical
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2007/CVE-2007-6677-a3e785056d2140e268a5211287db4a52.yaml b/nuclei-templates/2007/CVE-2007-6677-a3e785056d2140e268a5211287db4a52.yaml
index bbbed10fea..75246f27ff 100644
--- a/nuclei-templates/2007/CVE-2007-6677-a3e785056d2140e268a5211287db4a52.yaml
+++ b/nuclei-templates/2007/CVE-2007-6677-a3e785056d2140e268a5211287db4a52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Peter’s Random Anti-Spam Image <= 1.0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 1.0.6 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/peters-random-anti-spam-image/"
     google-query: inurl:"/wp-content/plugins/peters-random-anti-spam-image/"
     shodan-query: 'vuln:CVE-2007-6677'
-  tags: cve,wordpress,wp-plugin,peters-random-anti-spam-image,medium
+  tags: cve,wordpress,wp-plugin,peters-random-anti-spam-image,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-0197-03e041af34914994b5b4b3e20ec8ee2e.yaml b/nuclei-templates/2008/CVE-2008-0197-03e041af34914994b5b4b3e20ec8ee2e.yaml
index 4117c54494..6b9c5bbbd1 100644
--- a/nuclei-templates/2008/CVE-2008-0197-03e041af34914994b5b4b3e20ec8ee2e.yaml
+++ b/nuclei-templates/2008/CVE-2008-0197-03e041af34914994b5b4b3e20ec8ee2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-ContactForm <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-ContactForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, and (7) wpcf_msg parameters or the SRC attribute of an IFRAME element in versions up to, and including, 1.5 alpha due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-contactform/"
     google-query: inurl:"/wp-content/plugins/wp-contactform/"
     shodan-query: 'vuln:CVE-2008-0197'
-  tags: cve,wordpress,wp-plugin,wp-contactform,medium
+  tags: cve,wordpress,wp-plugin,wp-contactform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-0198-fbe96c78719e34780f9334cd4775f2cc.yaml b/nuclei-templates/2008/CVE-2008-0198-fbe96c78719e34780f9334cd4775f2cc.yaml
index ed0ed17a5a..a36fbf7416 100644
--- a/nuclei-templates/2008/CVE-2008-0198-fbe96c78719e34780f9334cd4775f2cc.yaml
+++ b/nuclei-templates/2008/CVE-2008-0198-fbe96c78719e34780f9334cd4775f2cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-ContactForm <= 1.5.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-contactform/"
     google-query: inurl:"/wp-content/plugins/wp-contactform/"
     shodan-query: 'vuln:CVE-2008-0198'
-  tags: cve,wordpress,wp-plugin,wp-contactform,high
+  tags: cve,wordpress,wp-plugin,wp-contactform,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-0205-3f5c9085cc5ea3fa80320bca3cc4e85b.yaml b/nuclei-templates/2008/CVE-2008-0205-3f5c9085cc5ea3fa80320bca3cc4e85b.yaml
index e323a2ac09..6550a4d56f 100644
--- a/nuclei-templates/2008/CVE-2008-0205-3f5c9085cc5ea3fa80320bca3cc4e85b.yaml
+++ b/nuclei-templates/2008/CVE-2008-0205-3f5c9085cc5ea3fa80320bca3cc4e85b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Math Comment Spam Protection <= 2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/math-comment-spam-protection/"
     google-query: inurl:"/wp-content/plugins/math-comment-spam-protection/"
     shodan-query: 'vuln:CVE-2008-0205'
-  tags: cve,wordpress,wp-plugin,math-comment-spam-protection,high
+  tags: cve,wordpress,wp-plugin,math-comment-spam-protection,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-0616-81cd7c7b4d1173a363d79c9374f22f96.yaml b/nuclei-templates/2008/CVE-2008-0616-81cd7c7b4d1173a363d79c9374f22f96.yaml
index 4002884533..b22f34469d 100644
--- a/nuclei-templates/2008/CVE-2008-0616-81cd7c7b4d1173a363d79c9374f22f96.yaml
+++ b/nuclei-templates/2008/CVE-2008-0616-81cd7c7b4d1173a363d79c9374f22f96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DMSGuestbook <= 1.7.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.  NOTE: it is not clear whether this issue crosses privilege boundaries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dmsguestbook/"
     google-query: inurl:"/wp-content/plugins/dmsguestbook/"
     shodan-query: 'vuln:CVE-2008-0616'
-  tags: cve,wordpress,wp-plugin,dmsguestbook,high
+  tags: cve,wordpress,wp-plugin,dmsguestbook,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-0617-0720f12ed328d9f8394eeb8c7b25a318.yaml b/nuclei-templates/2008/CVE-2008-0617-0720f12ed328d9f8394eeb8c7b25a318.yaml
index 4253c4084d..e65d56904a 100644
--- a/nuclei-templates/2008/CVE-2008-0617-0720f12ed328d9f8394eeb8c7b25a318.yaml
+++ b/nuclei-templates/2008/CVE-2008-0617-0720f12ed328d9f8394eeb8c7b25a318.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DMSGuestbook < 1.9.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dmsguestbook/"
     google-query: inurl:"/wp-content/plugins/dmsguestbook/"
     shodan-query: 'vuln:CVE-2008-0617'
-  tags: cve,wordpress,wp-plugin,dmsguestbook,medium
+  tags: cve,wordpress,wp-plugin,dmsguestbook,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-0618-464fda924b91446d67088565fa366b6b.yaml b/nuclei-templates/2008/CVE-2008-0618-464fda924b91446d67088565fa366b6b.yaml
index b1291b78cb..24981ba2d6 100644
--- a/nuclei-templates/2008/CVE-2008-0618-464fda924b91446d67088565fa366b6b.yaml
+++ b/nuclei-templates/2008/CVE-2008-0618-464fda924b91446d67088565fa366b6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DMSGuestbook < 1.9.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dmsguestbook/"
     google-query: inurl:"/wp-content/plugins/dmsguestbook/"
     shodan-query: 'vuln:CVE-2008-0618'
-  tags: cve,wordpress,wp-plugin,dmsguestbook,medium
+  tags: cve,wordpress,wp-plugin,dmsguestbook,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-0691-a8ccc8e656f57b6f03393d18f5ac6d44.yaml b/nuclei-templates/2008/CVE-2008-0691-a8ccc8e656f57b6f03393d18f5ac6d44.yaml
index ca63e8e98b..14d0ad45a3 100644
--- a/nuclei-templates/2008/CVE-2008-0691-a8ccc8e656f57b6f03393d18f5ac6d44.yaml
+++ b/nuclei-templates/2008/CVE-2008-0691-a8ccc8e656f57b6f03393d18f5ac6d44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Footnotes <= 2.2 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-footnotes/"
     google-query: inurl:"/wp-content/plugins/wp-footnotes/"
     shodan-query: 'vuln:CVE-2008-0691'
-  tags: cve,wordpress,wp-plugin,wp-footnotes,medium
+  tags: cve,wordpress,wp-plugin,wp-footnotes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-0837-6786949bf947df30c87362646165e5b3.yaml b/nuclei-templates/2008/CVE-2008-0837-6786949bf947df30c87362646165e5b3.yaml
index 6b6df11713..c6bf97171e 100644
--- a/nuclei-templates/2008/CVE-2008-0837-6786949bf947df30c87362646165e5b3.yaml
+++ b/nuclei-templates/2008/CVE-2008-0837-6786949bf947df30c87362646165e5b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Search Unleashed <= 0.2.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/search-unleashed/"
     google-query: inurl:"/wp-content/plugins/search-unleashed/"
     shodan-query: 'vuln:CVE-2008-0837'
-  tags: cve,wordpress,wp-plugin,search-unleashed,medium
+  tags: cve,wordpress,wp-plugin,search-unleashed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-1061-4db82812dea0cad0cb375ee4495ca7c3.yaml b/nuclei-templates/2008/CVE-2008-1061-4db82812dea0cad0cb375ee4495ca7c3.yaml
index 036a281e68..968261e96c 100644
--- a/nuclei-templates/2008/CVE-2008-1061-4db82812dea0cad0cb375ee4495ca7c3.yaml
+++ b/nuclei-templates/2008/CVE-2008-1061-4db82812dea0cad0cb375ee4495ca7c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sniplets < 1.2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sniplets/"
     google-query: inurl:"/wp-content/plugins/sniplets/"
     shodan-query: 'vuln:CVE-2008-1061'
-  tags: cve,wordpress,wp-plugin,sniplets,medium
+  tags: cve,wordpress,wp-plugin,sniplets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-1304-46747c4e682ceeb0ba7de6d44fbb5912.yaml b/nuclei-templates/2008/CVE-2008-1304-46747c4e682ceeb0ba7de6d44fbb5912.yaml
index 2795468950..ca2e4960d7 100644
--- a/nuclei-templates/2008/CVE-2008-1304-46747c4e682ceeb0ba7de6d44fbb5912.yaml
+++ b/nuclei-templates/2008/CVE-2008-1304-46747c4e682ceeb0ba7de6d44fbb5912.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2008-1304
   metadata:
     shodan-query: 'vuln:CVE-2008-1304'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-1930-7ec18e3e7ba86c077b691dda2c9af2f0.yaml b/nuclei-templates/2008/CVE-2008-1930-7ec18e3e7ba86c077b691dda2c9af2f0.yaml
index 85ea9a4810..0d5d9832d5 100644
--- a/nuclei-templates/2008/CVE-2008-1930-7ec18e3e7ba86c077b691dda2c9af2f0.yaml
+++ b/nuclei-templates/2008/CVE-2008-1930-7ec18e3e7ba86c077b691dda2c9af2f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.5.1 - Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2008-1930
   metadata:
     shodan-query: 'vuln:CVE-2008-1930'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-2068-9a47bc7022503d111499b3cff929ca66.yaml b/nuclei-templates/2008/CVE-2008-2068-9a47bc7022503d111499b3cff929ca66.yaml
index 1f543f9dd6..2919440413 100644
--- a/nuclei-templates/2008/CVE-2008-2068-9a47bc7022503d111499b3cff929ca66.yaml
+++ b/nuclei-templates/2008/CVE-2008-2068-9a47bc7022503d111499b3cff929ca66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2008-2068
   metadata:
     shodan-query: 'vuln:CVE-2008-2068'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-2392-f091fee54b5af87e393409f73df7398b.yaml b/nuclei-templates/2008/CVE-2008-2392-f091fee54b5af87e393409f73df7398b.yaml
index eb6429265a..a52018b806 100644
--- a/nuclei-templates/2008/CVE-2008-2392-f091fee54b5af87e393409f73df7398b.yaml
+++ b/nuclei-templates/2008/CVE-2008-2392-f091fee54b5af87e393409f73df7398b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.5.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2008-2392
   metadata:
     shodan-query: 'vuln:CVE-2008-2392'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-4671-2556d7722d4548d9067588a035ce357f.yaml b/nuclei-templates/2008/CVE-2008-4671-2556d7722d4548d9067588a035ce357f.yaml
index 634f217a23..99dae667cf 100644
--- a/nuclei-templates/2008/CVE-2008-4671-2556d7722d4548d9067588a035ce357f.yaml
+++ b/nuclei-templates/2008/CVE-2008-4671-2556d7722d4548d9067588a035ce357f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress MU < 2.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2008-4671
   metadata:
     shodan-query: 'vuln:CVE-2008-4671'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-4733-574c183518fa14bb1a854e4b68f72a19.yaml b/nuclei-templates/2008/CVE-2008-4733-574c183518fa14bb1a854e4b68f72a19.yaml
index 30fe9e2aaf..5b762238b0 100644
--- a/nuclei-templates/2008/CVE-2008-4733-574c183518fa14bb1a854e4b68f72a19.yaml
+++ b/nuclei-templates/2008/CVE-2008-4733-574c183518fa14bb1a854e4b68f72a19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Comment Remix <= 1.4.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-comment-remix/"
     google-query: inurl:"/wp-content/plugins/wp-comment-remix/"
     shodan-query: 'vuln:CVE-2008-4733'
-  tags: cve,wordpress,wp-plugin,wp-comment-remix,high
+  tags: cve,wordpress,wp-plugin,wp-comment-remix,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-4734-5defb55cded48a565a064567cc9f2fde.yaml b/nuclei-templates/2008/CVE-2008-4734-5defb55cded48a565a064567cc9f2fde.yaml
index 7b96ec341a..95477be220 100644
--- a/nuclei-templates/2008/CVE-2008-4734-5defb55cded48a565a064567cc9f2fde.yaml
+++ b/nuclei-templates/2008/CVE-2008-4734-5defb55cded48a565a064567cc9f2fde.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Comment Remix < 1.4.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcr_hidden_form_input parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-comment-remix/"
     google-query: inurl:"/wp-content/plugins/wp-comment-remix/"
     shodan-query: 'vuln:CVE-2008-4734'
-  tags: cve,wordpress,wp-plugin,wp-comment-remix,high
+  tags: cve,wordpress,wp-plugin,wp-comment-remix,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-5695-066a3076f693bdf1acf756f1b6327c5f.yaml b/nuclei-templates/2008/CVE-2008-5695-066a3076f693bdf1acf756f1b6327c5f.yaml
index cdb88a6578..798d98ec9e 100644
--- a/nuclei-templates/2008/CVE-2008-5695-066a3076f693bdf1acf756f1b6327c5f.yaml
+++ b/nuclei-templates/2008/CVE-2008-5695-066a3076f693bdf1acf756f1b6327c5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.3.3 & WordPress MU < 1.3.2 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2008-5695
   metadata:
     shodan-query: 'vuln:CVE-2008-5695'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
@@ -32,9 +32,9 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - compare_versions(version_by_generator, '<= 1.3.1')
-          - compare_versions(version_by_js, '<= 1.3.1')
-          - compare_versions(version_by_css, '<= 1.3.1')
+          - compare_versions(version_by_generator, '<= 2.3.2')
+          - compare_versions(version_by_js, '<= 2.3.2')
+          - compare_versions(version_by_css, '<= 2.3.2')
 
       - type: status
         status:
diff --git a/nuclei-templates/2008/CVE-2008-7175-58ddfbc8f08958c578758b38baef9c64.yaml b/nuclei-templates/2008/CVE-2008-7175-58ddfbc8f08958c578758b38baef9c64.yaml
index 73f75c0020..17b8824bbd 100644
--- a/nuclei-templates/2008/CVE-2008-7175-58ddfbc8f08958c578758b38baef9c64.yaml
+++ b/nuclei-templates/2008/CVE-2008-7175-58ddfbc8f08958c578758b38baef9c64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGEN Gallery Plugin <= 0.96 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2013-0291-DELETEME/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2013-0291-DELETEME/"
     shodan-query: 'vuln:CVE-2008-7175'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2013-0291-DELETEME,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2013-0291-DELETEME,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2008/CVE-2008-7321-57636a2970a5968684b69eba7f56b3ea.yaml b/nuclei-templates/2008/CVE-2008-7321-57636a2970a5968684b69eba7f56b3ea.yaml
index 8663852f47..e4666ab51d 100644
--- a/nuclei-templates/2008/CVE-2008-7321-57636a2970a5968684b69eba7f56b3ea.yaml
+++ b/nuclei-templates/2008/CVE-2008-7321-57636a2970a5968684b69eba7f56b3ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TubePress < 1.6.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TubePress plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tubepress/"
     google-query: inurl:"/wp-content/plugins/tubepress/"
     shodan-query: 'vuln:CVE-2008-7321'
-  tags: cve,wordpress,wp-plugin,tubepress,medium
+  tags: cve,wordpress,wp-plugin,tubepress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2009/CVE-2009-1030-6639b89672c29c6f168a2b79f92361c6.yaml b/nuclei-templates/2009/CVE-2009-1030-6639b89672c29c6f168a2b79f92361c6.yaml
index 8410e0a7db..dfbee3eaa5 100644
--- a/nuclei-templates/2009/CVE-2009-1030-6639b89672c29c6f168a2b79f92361c6.yaml
+++ b/nuclei-templates/2009/CVE-2009-1030-6639b89672c29c6f168a2b79f92361c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress MU < 2.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2009-1030
   metadata:
     shodan-query: 'vuln:CVE-2009-1030'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2009/CVE-2009-3890-89ecd9115fcfef013346488bc602d8a5.yaml b/nuclei-templates/2009/CVE-2009-3890-89ecd9115fcfef013346488bc602d8a5.yaml
index 9f8e6b0d35..8d96352423 100644
--- a/nuclei-templates/2009/CVE-2009-3890-89ecd9115fcfef013346488bc602d8a5.yaml
+++ b/nuclei-templates/2009/CVE-2009-3890-89ecd9115fcfef013346488bc602d8a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.8.5 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2009-3890
   metadata:
     shodan-query: 'vuln:CVE-2009-3890'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2009/CVE-2009-3891-e8698e8d301690dded028c942c072a23.yaml b/nuclei-templates/2009/CVE-2009-3891-e8698e8d301690dded028c942c072a23.yaml
index f4287662ea..5a76de69a0 100644
--- a/nuclei-templates/2009/CVE-2009-3891-e8698e8d301690dded028c942c072a23.yaml
+++ b/nuclei-templates/2009/CVE-2009-3891-e8698e8d301690dded028c942c072a23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 2.8.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2009-3891
   metadata:
     shodan-query: 'vuln:CVE-2009-3891'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2009/CVE-2009-4140-4e90b64e5c0880980f44418deca3c91b.yaml b/nuclei-templates/2009/CVE-2009-4140-4e90b64e5c0880980f44418deca3c91b.yaml
index a979bb940e..816d301dff 100644
--- a/nuclei-templates/2009/CVE-2009-4140-4e90b64e5c0880980f44418deca3c91b.yaml
+++ b/nuclei-templates/2009/CVE-2009-4140-4e90b64e5c0880980f44418deca3c91b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Various Affected Software (Various Versions) - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2009-4140
   metadata:
-    fofa-query: "wp-content/plugins/piwik-pro/"
-    google-query: inurl:"/wp-content/plugins/piwik-pro/"
+    fofa-query: "wp-content/plugins/woopra/"
+    google-query: inurl:"/wp-content/plugins/woopra/"
     shodan-query: 'vuln:CVE-2009-4140'
-  tags: cve,wordpress,wp-plugin,piwik-pro,high
+  tags: cve,wordpress,wp-plugin,woopra,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/piwik-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/woopra/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "piwik-pro"
+          - "woopra"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '>= 0.2.35', '<= 0.4.3')
\ No newline at end of file
+          - compare_versions(version, '<= 1.4.3.1')
\ No newline at end of file
diff --git a/nuclei-templates/2009/CVE-2009-4168-ac62ca2ddae58ee9be23fe2a4d7fe3df.yaml b/nuclei-templates/2009/CVE-2009-4168-ac62ca2ddae58ee9be23fe2a4d7fe3df.yaml
index 4322181746..55727ad021 100644
--- a/nuclei-templates/2009/CVE-2009-4168-ac62ca2ddae58ee9be23fe2a4d7fe3df.yaml
+++ b/nuclei-templates/2009/CVE-2009-4168-ac62ca2ddae58ee9be23fe2a4d7fe3df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Cumulus <= 1.22 - Cross-Site Scripting via tagcloud
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cumulus/"
     google-query: inurl:"/wp-content/plugins/wp-cumulus/"
     shodan-query: 'vuln:CVE-2009-4168'
-  tags: cve,wordpress,wp-plugin,wp-cumulus,medium
+  tags: cve,wordpress,wp-plugin,wp-cumulus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2009/CVE-2009-4748-64ec2a96ce824196b74660ea295fa52d.yaml b/nuclei-templates/2009/CVE-2009-4748-64ec2a96ce824196b74660ea295fa52d.yaml
index a7d6896da7..6ce5c056b7 100644
--- a/nuclei-templates/2009/CVE-2009-4748-64ec2a96ce824196b74660ea295fa52d.yaml
+++ b/nuclei-templates/2009/CVE-2009-4748-64ec2a96ce824196b74660ea295fa52d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     my-category-order <= 2.8.7 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-category-order/"
     google-query: inurl:"/wp-content/plugins/my-category-order/"
     shodan-query: 'vuln:CVE-2009-4748'
-  tags: cve,wordpress,wp-plugin,my-category-order,medium
+  tags: cve,wordpress,wp-plugin,my-category-order,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2009/CVE-2009-5158-0d1a8a5f1814698e05f7c343a752da34.yaml b/nuclei-templates/2009/CVE-2009-5158-0d1a8a5f1814698e05f7c343a752da34.yaml
index d26ec9a77f..e2f3de9ce3 100644
--- a/nuclei-templates/2009/CVE-2009-5158-0d1a8a5f1814698e05f7c343a752da34.yaml
+++ b/nuclei-templates/2009/CVE-2009-5158-0d1a8a5f1814698e05f7c343a752da34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Analyticator <= 5.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analyticator/"
     google-query: inurl:"/wp-content/plugins/google-analyticator/"
     shodan-query: 'vuln:CVE-2009-5158'
-  tags: cve,wordpress,wp-plugin,google-analyticator,medium
+  tags: cve,wordpress,wp-plugin,google-analyticator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-0682-38ee495a4defefe501f09623f3dfcb68.yaml b/nuclei-templates/2010/CVE-2010-0682-38ee495a4defefe501f09623f3dfcb68.yaml
index fa2dec207c..c50c511b78 100644
--- a/nuclei-templates/2010/CVE-2010-0682-38ee495a4defefe501f09623f3dfcb68.yaml
+++ b/nuclei-templates/2010/CVE-2010-0682-38ee495a4defefe501f09623f3dfcb68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.9.2 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2010-0682
   metadata:
     shodan-query: 'vuln:CVE-2010-0682'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-1186-0852d9b8897d185217e138aaac4e2439.yaml b/nuclei-templates/2010/CVE-2010-1186-0852d9b8897d185217e138aaac4e2439.yaml
index f46f5d1471..be90418d4a 100644
--- a/nuclei-templates/2010/CVE-2010-1186-0852d9b8897d185217e138aaac4e2439.yaml
+++ b/nuclei-templates/2010/CVE-2010-1186-0852d9b8897d185217e138aaac4e2439.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Gallery Plugin – NextGEN Gallery <= 1.5.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2010-1186'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-3977-435be2da19b4391be47c1eff3c320bfa.yaml b/nuclei-templates/2010/CVE-2010-3977-435be2da19b4391be47c1eff3c320bfa.yaml
index 846d9d9b88..97515305b8 100644
--- a/nuclei-templates/2010/CVE-2010-3977-435be2da19b4391be47c1eff3c320bfa.yaml
+++ b/nuclei-templates/2010/CVE-2010-3977-435be2da19b4391be47c1eff3c320bfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CformsII <=11.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cformsII(cforms 2) WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cforms2/"
     google-query: inurl:"/wp-content/plugins/cforms2/"
     shodan-query: 'vuln:CVE-2010-3977'
-  tags: cve,wordpress,wp-plugin,cforms2,medium
+  tags: cve,wordpress,wp-plugin,cforms2,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-4257-2bb5d275fcf9ba493afcfa9fdcfc130b.yaml b/nuclei-templates/2010/CVE-2010-4257-2bb5d275fcf9ba493afcfa9fdcfc130b.yaml
index 43916761bd..904f46610f 100644
--- a/nuclei-templates/2010/CVE-2010-4257-2bb5d275fcf9ba493afcfa9fdcfc130b.yaml
+++ b/nuclei-templates/2010/CVE-2010-4257-2bb5d275fcf9ba493afcfa9fdcfc130b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 3.0.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2010-4257
   metadata:
     shodan-query: 'vuln:CVE-2010-4257'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-4518-e4bfbf2cbba7e1243929a6da3f0f2ec5.yaml b/nuclei-templates/2010/CVE-2010-4518-e4bfbf2cbba7e1243929a6da3f0f2ec5.yaml
index 11ba62ff52..2cefa234bf 100644
--- a/nuclei-templates/2010/CVE-2010-4518-e4bfbf2cbba7e1243929a6da3f0f2ec5.yaml
+++ b/nuclei-templates/2010/CVE-2010-4518-e4bfbf2cbba7e1243929a6da3f0f2ec5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Safe Search <= 0.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-safe-search/"
     google-query: inurl:"/wp-content/plugins/wp-safe-search/"
     shodan-query: 'vuln:CVE-2010-4518'
-  tags: cve,wordpress,wp-plugin,wp-safe-search,medium
+  tags: cve,wordpress,wp-plugin,wp-safe-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-4536-3074a73795d456075561a5d7473c924b.yaml b/nuclei-templates/2010/CVE-2010-4536-3074a73795d456075561a5d7473c924b.yaml
index ddeca63f2e..309d80504c 100644
--- a/nuclei-templates/2010/CVE-2010-4536-3074a73795d456075561a5d7473c924b.yaml
+++ b/nuclei-templates/2010/CVE-2010-4536-3074a73795d456075561a5d7473c924b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 3.0.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2010-4536
   metadata:
     shodan-query: 'vuln:CVE-2010-4536'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-4630-19c5c13179457ac1c8bd83d2fa6c9156.yaml b/nuclei-templates/2010/CVE-2010-4630-19c5c13179457ac1c8bd83d2fa6c9156.yaml
index 2e834a4083..5ab66edc88 100644
--- a/nuclei-templates/2010/CVE-2010-4630-19c5c13179457ac1c8bd83d2fa6c9156.yaml
+++ b/nuclei-templates/2010/CVE-2010-4630-19c5c13179457ac1c8bd83d2fa6c9156.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Survey And Quiz Tool < 1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-survey-and-quiz-tool/"
     google-query: inurl:"/wp-content/plugins/wp-survey-and-quiz-tool/"
     shodan-query: 'vuln:CVE-2010-4630'
-  tags: cve,wordpress,wp-plugin,wp-survey-and-quiz-tool,medium
+  tags: cve,wordpress,wp-plugin,wp-survey-and-quiz-tool,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-4747-336c529affe134c8a71f1e7879ec0dcb.yaml b/nuclei-templates/2010/CVE-2010-4747-336c529affe134c8a71f1e7879ec0dcb.yaml
index 3933b99364..bb264a6d42 100644
--- a/nuclei-templates/2010/CVE-2010-4747-336c529affe134c8a71f1e7879ec0dcb.yaml
+++ b/nuclei-templates/2010/CVE-2010-4747-336c529affe134c8a71f1e7879ec0dcb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Processing Embed <= 0.5.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-processing-embed/"
     google-query: inurl:"/wp-content/plugins/wordpress-processing-embed/"
     shodan-query: 'vuln:CVE-2010-4747'
-  tags: cve,wordpress,wp-plugin,wordpress-processing-embed,medium
+  tags: cve,wordpress,wp-plugin,wordpress-processing-embed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-4779-c426bf1b8239d541e948689bf4281f26.yaml b/nuclei-templates/2010/CVE-2010-4779-c426bf1b8239d541e948689bf4281f26.yaml
index 1b12c2ba8f..39d9c7965f 100644
--- a/nuclei-templates/2010/CVE-2010-4779-c426bf1b8239d541e948689bf4281f26.yaml
+++ b/nuclei-templates/2010/CVE-2010-4779-c426bf1b8239d541e948689bf4281f26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPtouch < 1.9.20 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wptouch/"
     google-query: inurl:"/wp-content/plugins/wptouch/"
     shodan-query: 'vuln:CVE-2010-4779'
-  tags: cve,wordpress,wp-plugin,wptouch,medium
+  tags: cve,wordpress,wp-plugin,wptouch,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-4825-455782a485d876c2acfcbf2a3f64d156.yaml b/nuclei-templates/2010/CVE-2010-4825-455782a485d876c2acfcbf2a3f64d156.yaml
index 875bd4f392..0d8c4327a9 100644
--- a/nuclei-templates/2010/CVE-2010-4825-455782a485d876c2acfcbf2a3f64d156.yaml
+++ b/nuclei-templates/2010/CVE-2010-4825-455782a485d876c2acfcbf2a3f64d156.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Peadig's Twitter Feed: Embedded Timeline WordPress Plugin <= 2.2 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 2.2 and below for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-twitter-feed/"
     google-query: inurl:"/wp-content/plugins/wp-twitter-feed/"
     shodan-query: 'vuln:CVE-2010-4825'
-  tags: cve,wordpress,wp-plugin,wp-twitter-feed,high
+  tags: cve,wordpress,wp-plugin,wp-twitter-feed,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-5294-eac8868d56d1c09282753a6f5e51eca0.yaml b/nuclei-templates/2010/CVE-2010-5294-eac8868d56d1c09282753a6f5e51eca0.yaml
index d0c4829d27..1a6dab2ac8 100644
--- a/nuclei-templates/2010/CVE-2010-5294-eac8868d56d1c09282753a6f5e51eca0.yaml
+++ b/nuclei-templates/2010/CVE-2010-5294-eac8868d56d1c09282753a6f5e51eca0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2010-5294
   metadata:
     shodan-query: 'vuln:CVE-2010-5294'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-5295-2034cdfa4d915e35ef9771b3de5a3733.yaml b/nuclei-templates/2010/CVE-2010-5295-2034cdfa4d915e35ef9771b3de5a3733.yaml
index b5278ab7d3..7c049856ea 100644
--- a/nuclei-templates/2010/CVE-2010-5295-2034cdfa4d915e35ef9771b3de5a3733.yaml
+++ b/nuclei-templates/2010/CVE-2010-5295-2034cdfa4d915e35ef9771b3de5a3733.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2010-5295
   metadata:
     shodan-query: 'vuln:CVE-2010-5295'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-5296-b64a64e861339d55f5a2f0ac25277a51.yaml b/nuclei-templates/2010/CVE-2010-5296-b64a64e861339d55f5a2f0ac25277a51.yaml
index 77bdf4a4d8..3ada72e383 100644
--- a/nuclei-templates/2010/CVE-2010-5296-b64a64e861339d55f5a2f0ac25277a51.yaml
+++ b/nuclei-templates/2010/CVE-2010-5296-b64a64e861339d55f5a2f0ac25277a51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.0.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2010-5296
   metadata:
     shodan-query: 'vuln:CVE-2010-5296'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2010/CVE-2010-5297-821019e522c0249cbe8769a0804c81b7.yaml b/nuclei-templates/2010/CVE-2010-5297-821019e522c0249cbe8769a0804c81b7.yaml
index b554bf80c9..d32500fcdd 100644
--- a/nuclei-templates/2010/CVE-2010-5297-821019e522c0249cbe8769a0804c81b7.yaml
+++ b/nuclei-templates/2010/CVE-2010-5297-821019e522c0249cbe8769a0804c81b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.0.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2010-5297
   metadata:
     shodan-query: 'vuln:CVE-2010-5297'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-0641-5ea2cc8533d8fd4f1c4801b0b4960d9d.yaml b/nuclei-templates/2011/CVE-2011-0641-5ea2cc8533d8fd4f1c4801b0b4960d9d.yaml
index f9678168b9..ece5e6dfc7 100644
--- a/nuclei-templates/2011/CVE-2011-0641-5ea2cc8533d8fd4f1c4801b0b4960d9d.yaml
+++ b/nuclei-templates/2011/CVE-2011-0641-5ea2cc8533d8fd4f1c4801b0b4960d9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     StatPressCN <= 1.9.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) what1, (2) what2, (3) what3, (4) what4, and (5) what5 parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/statpresscn/"
     google-query: inurl:"/wp-content/plugins/statpresscn/"
     shodan-query: 'vuln:CVE-2011-0641'
-  tags: cve,wordpress,wp-plugin,statpresscn,medium
+  tags: cve,wordpress,wp-plugin,statpresscn,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-0700-5128144b38c4f8aac30be645fe67caaf.yaml b/nuclei-templates/2011/CVE-2011-0700-5128144b38c4f8aac30be645fe67caaf.yaml
index 841f35e50b..62968dee49 100644
--- a/nuclei-templates/2011/CVE-2011-0700-5128144b38c4f8aac30be645fe67caaf.yaml
+++ b/nuclei-templates/2011/CVE-2011-0700-5128144b38c4f8aac30be645fe67caaf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 3.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2011-0700
   metadata:
     shodan-query: 'vuln:CVE-2011-0700'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-0740-0bfa9343d868449c3d973f2c81052fe9.yaml b/nuclei-templates/2011/CVE-2011-0740-0bfa9343d868449c3d973f2c81052fe9.yaml
index f75e9815e9..05bb3ec656 100644
--- a/nuclei-templates/2011/CVE-2011-0740-0bfa9343d868449c3d973f2c81052fe9.yaml
+++ b/nuclei-templates/2011/CVE-2011-0740-0bfa9343d868449c3d973f2c81052fe9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Feed Reader <= 0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rss-feed-reader/"
     google-query: inurl:"/wp-content/plugins/rss-feed-reader/"
     shodan-query: 'vuln:CVE-2011-0740'
-  tags: cve,wordpress,wp-plugin,rss-feed-reader,medium
+  tags: cve,wordpress,wp-plugin,rss-feed-reader,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-0759-e3d831bb072ff08836a63c6a4ebecea3.yaml b/nuclei-templates/2011/CVE-2011-0759-e3d831bb072ff08836a63c6a4ebecea3.yaml
index a652379e28..b208af25d8 100644
--- a/nuclei-templates/2011/CVE-2011-0759-e3d831bb072ff08836a63c6a4ebecea3.yaml
+++ b/nuclei-templates/2011/CVE-2011-0759-e3d831bb072ff08836a63c6a4ebecea3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-reCAPTCHA <= 2.9.8.2 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recaptcha/"
     google-query: inurl:"/wp-content/plugins/wp-recaptcha/"
     shodan-query: 'vuln:CVE-2011-0759'
-  tags: cve,wordpress,wp-plugin,wp-recaptcha,high
+  tags: cve,wordpress,wp-plugin,wp-recaptcha,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-0760-7db34627f1b70dfb15b3a62077ab868f.yaml b/nuclei-templates/2011/CVE-2011-0760-7db34627f1b70dfb15b3a62077ab868f.yaml
index 1e476da313..6d7f70b485 100644
--- a/nuclei-templates/2011/CVE-2011-0760-7db34627f1b70dfb15b3a62077ab868f.yaml
+++ b/nuclei-templates/2011/CVE-2011-0760-7db34627f1b70dfb15b3a62077ab868f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Related Posts <= 1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp-relatedposts.php in the WP Related Posts plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the (1) wp_relatedposts_title, (2) wp_relatedposts_num, or (3) wp_relatedposts_type parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-related-posts/"
     google-query: inurl:"/wp-content/plugins/wp-related-posts/"
     shodan-query: 'vuln:CVE-2011-0760'
-  tags: cve,wordpress,wp-plugin,wp-related-posts,high
+  tags: cve,wordpress,wp-plugin,wp-related-posts,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3129-148a48158ed2a590392455c4205415e9.yaml b/nuclei-templates/2011/CVE-2011-3129-148a48158ed2a590392455c4205415e9.yaml
index b7410f5f74..cddd09a02c 100644
--- a/nuclei-templates/2011/CVE-2011-3129-148a48158ed2a590392455c4205415e9.yaml
+++ b/nuclei-templates/2011/CVE-2011-3129-148a48158ed2a590392455c4205415e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 3.1.2 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2011-3129
   metadata:
     shodan-query: 'vuln:CVE-2011-3129'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3130-3718fa429a69f29dc2387ac6b6099785.yaml b/nuclei-templates/2011/CVE-2011-3130-3718fa429a69f29dc2387ac6b6099785.yaml
index a81399dd25..94d2f61150 100644
--- a/nuclei-templates/2011/CVE-2011-3130-3718fa429a69f29dc2387ac6b6099785.yaml
+++ b/nuclei-templates/2011/CVE-2011-3130-3718fa429a69f29dc2387ac6b6099785.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 3.1.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2011-3130
   metadata:
     shodan-query: 'vuln:CVE-2011-3130'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3841-f6896d23342ecbcbdbcbfcb5cd72746c.yaml b/nuclei-templates/2011/CVE-2011-3841-f6896d23342ecbcbdbcbfcb5cd72746c.yaml
index 7809c8ecae..62dd0dce40 100644
--- a/nuclei-templates/2011/CVE-2011-3841-f6896d23342ecbcbdbcbfcb5cd72746c.yaml
+++ b/nuclei-templates/2011/CVE-2011-3841-f6896d23342ecbcbdbcbfcb5cd72746c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Symposium <= 11.11.26 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-symposium/"
     google-query: inurl:"/wp-content/plugins/wp-symposium/"
     shodan-query: 'vuln:CVE-2011-3841'
-  tags: cve,wordpress,wp-plugin,wp-symposium,medium
+  tags: cve,wordpress,wp-plugin,wp-symposium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3850-e8b1937b8d22149355604761f9e2e597.yaml b/nuclei-templates/2011/CVE-2011-3850-e8b1937b8d22149355604761f9e2e597.yaml
index 399f8840a0..78765b3517 100644
--- a/nuclei-templates/2011/CVE-2011-3850-e8b1937b8d22149355604761f9e2e597.yaml
+++ b/nuclei-templates/2011/CVE-2011-3850-e8b1937b8d22149355604761f9e2e597.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Atahualpa < 3.6.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/atahualpa/"
     google-query: inurl:"/wp-content/themes/atahualpa/"
     shodan-query: 'vuln:CVE-2011-3850'
-  tags: cve,wordpress,wp-theme,atahualpa,medium
+  tags: cve,wordpress,wp-theme,atahualpa,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3851-6d0c9deb010be5b44d8bbfb44b8f1a81.yaml b/nuclei-templates/2011/CVE-2011-3851-6d0c9deb010be5b44d8bbfb44b8f1a81.yaml
index f66dbc652d..8ac45cccc9 100644
--- a/nuclei-templates/2011/CVE-2011-3851-6d0c9deb010be5b44d8bbfb44b8f1a81.yaml
+++ b/nuclei-templates/2011/CVE-2011-3851-6d0c9deb010be5b44d8bbfb44b8f1a81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     News <= 0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/news/"
     google-query: inurl:"/wp-content/themes/news/"
     shodan-query: 'vuln:CVE-2011-3851'
-  tags: cve,wordpress,wp-theme,news,medium
+  tags: cve,wordpress,wp-theme,news,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3852-170bc795059fb0d98227f8d8677e21e8.yaml b/nuclei-templates/2011/CVE-2011-3852-170bc795059fb0d98227f8d8677e21e8.yaml
index 339205c3e4..0287e709e6 100644
--- a/nuclei-templates/2011/CVE-2011-3852-170bc795059fb0d98227f8d8677e21e8.yaml
+++ b/nuclei-templates/2011/CVE-2011-3852-170bc795059fb0d98227f8d8677e21e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Evolve < 1.2.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/evolve/"
     google-query: inurl:"/wp-content/themes/evolve/"
     shodan-query: 'vuln:CVE-2011-3852'
-  tags: cve,wordpress,wp-theme,evolve,medium
+  tags: cve,wordpress,wp-theme,evolve,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3854-2c9dd1c9df5c34a137e9f118a0781a3d.yaml b/nuclei-templates/2011/CVE-2011-3854-2c9dd1c9df5c34a137e9f118a0781a3d.yaml
index cfbfd9988c..a07fecb325 100644
--- a/nuclei-templates/2011/CVE-2011-3854-2c9dd1c9df5c34a137e9f118a0781a3d.yaml
+++ b/nuclei-templates/2011/CVE-2011-3854-2c9dd1c9df5c34a137e9f118a0781a3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ZenLite <= 4.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/zenlite/"
     google-query: inurl:"/wp-content/themes/zenlite/"
     shodan-query: 'vuln:CVE-2011-3854'
-  tags: cve,wordpress,wp-theme,zenlite,medium
+  tags: cve,wordpress,wp-theme,zenlite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3855-e63ed950312b124c0d59757ed157173d.yaml b/nuclei-templates/2011/CVE-2011-3855-e63ed950312b124c0d59757ed157173d.yaml
index 2c5c1e28e9..928740ba2f 100644
--- a/nuclei-templates/2011/CVE-2011-3855-e63ed950312b124c0d59757ed157173d.yaml
+++ b/nuclei-templates/2011/CVE-2011-3855-e63ed950312b124c0d59757ed157173d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     F8 Lite <= 4.2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/f8-lite/"
     google-query: inurl:"/wp-content/themes/f8-lite/"
     shodan-query: 'vuln:CVE-2011-3855'
-  tags: cve,wordpress,wp-theme,f8-lite,medium
+  tags: cve,wordpress,wp-theme,f8-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3856-0aff17e28ef121a8c519ec81ffed16b1.yaml b/nuclei-templates/2011/CVE-2011-3856-0aff17e28ef121a8c519ec81ffed16b1.yaml
index eb0b6be1b4..526dd45a6a 100644
--- a/nuclei-templates/2011/CVE-2011-3856-0aff17e28ef121a8c519ec81ffed16b1.yaml
+++ b/nuclei-templates/2011/CVE-2011-3856-0aff17e28ef121a8c519ec81ffed16b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elegant Grunge <= 1.0.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/elegant-grunge/"
     google-query: inurl:"/wp-content/themes/elegant-grunge/"
     shodan-query: 'vuln:CVE-2011-3856'
-  tags: cve,wordpress,wp-theme,elegant-grunge,medium
+  tags: cve,wordpress,wp-theme,elegant-grunge,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3857-1eca6946030b47a7e15dbf74278035b1.yaml b/nuclei-templates/2011/CVE-2011-3857-1eca6946030b47a7e15dbf74278035b1.yaml
index 6ba4d9cb8d..4fbaf7d715 100644
--- a/nuclei-templates/2011/CVE-2011-3857-1eca6946030b47a7e15dbf74278035b1.yaml
+++ b/nuclei-templates/2011/CVE-2011-3857-1eca6946030b47a7e15dbf74278035b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Antisnews <= 1.09 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/antisnews/"
     google-query: inurl:"/wp-content/themes/antisnews/"
     shodan-query: 'vuln:CVE-2011-3857'
-  tags: cve,wordpress,wp-theme,antisnews,medium
+  tags: cve,wordpress,wp-theme,antisnews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3858-caeb5a0b48102c1758efb7acc2ae32c5.yaml b/nuclei-templates/2011/CVE-2011-3858-caeb5a0b48102c1758efb7acc2ae32c5.yaml
index 0b7cbcdc91..56d6b03b71 100644
--- a/nuclei-templates/2011/CVE-2011-3858-caeb5a0b48102c1758efb7acc2ae32c5.yaml
+++ b/nuclei-templates/2011/CVE-2011-3858-caeb5a0b48102c1758efb7acc2ae32c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pixiv Custom < 2.1.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/pixiv-custom/"
     google-query: inurl:"/wp-content/themes/pixiv-custom/"
     shodan-query: 'vuln:CVE-2011-3858'
-  tags: cve,wordpress,wp-theme,pixiv-custom,medium
+  tags: cve,wordpress,wp-theme,pixiv-custom,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3859-1def92176b2075addd1971f8bb11410a.yaml b/nuclei-templates/2011/CVE-2011-3859-1def92176b2075addd1971f8bb11410a.yaml
index bc1c197b9e..f94b4120a2 100644
--- a/nuclei-templates/2011/CVE-2011-3859-1def92176b2075addd1971f8bb11410a.yaml
+++ b/nuclei-templates/2011/CVE-2011-3859-1def92176b2075addd1971f8bb11410a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Trending < 0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/trending/"
     google-query: inurl:"/wp-content/themes/trending/"
     shodan-query: 'vuln:CVE-2011-3859'
-  tags: cve,wordpress,wp-theme,trending,medium
+  tags: cve,wordpress,wp-theme,trending,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3860-ab5cb4980d96d0502a1385c5c51d0ea4.yaml b/nuclei-templates/2011/CVE-2011-3860-ab5cb4980d96d0502a1385c5c51d0ea4.yaml
index d58912fabf..6fdcee112f 100644
--- a/nuclei-templates/2011/CVE-2011-3860-ab5cb4980d96d0502a1385c5c51d0ea4.yaml
+++ b/nuclei-templates/2011/CVE-2011-3860-ab5cb4980d96d0502a1385c5c51d0ea4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cover WP <= 1.6.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/cover-wp/"
     google-query: inurl:"/wp-content/themes/cover-wp/"
     shodan-query: 'vuln:CVE-2011-3860'
-  tags: cve,wordpress,wp-theme,cover-wp,medium
+  tags: cve,wordpress,wp-theme,cover-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3861-8cf1ee9f0e6e79fc8ffcfb9414ff6340.yaml b/nuclei-templates/2011/CVE-2011-3861-8cf1ee9f0e6e79fc8ffcfb9414ff6340.yaml
index 15c248fa3a..6dec1b4ae6 100644
--- a/nuclei-templates/2011/CVE-2011-3861-8cf1ee9f0e6e79fc8ffcfb9414ff6340.yaml
+++ b/nuclei-templates/2011/CVE-2011-3861-8cf1ee9f0e6e79fc8ffcfb9414ff6340.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Web Minimalist 200901 <= 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Web Minimalist 200901 theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the PATH_INFO to index.php in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/web-minimalist-200901/"
     google-query: inurl:"/wp-content/themes/web-minimalist-200901/"
     shodan-query: 'vuln:CVE-2011-3861'
-  tags: cve,wordpress,wp-theme,web-minimalist-200901,medium
+  tags: cve,wordpress,wp-theme,web-minimalist-200901,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3862-59015ab41c28db2b3674f30b01c20313.yaml b/nuclei-templates/2011/CVE-2011-3862-59015ab41c28db2b3674f30b01c20313.yaml
index ba198a7fd9..428d859cd0 100644
--- a/nuclei-templates/2011/CVE-2011-3862-59015ab41c28db2b3674f30b01c20313.yaml
+++ b/nuclei-templates/2011/CVE-2011-3862-59015ab41c28db2b3674f30b01c20313.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Morning Coffee < 3.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Morning Coffee theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the PATH_INFO to index.php in versions up to 3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/morning-coffee/"
     google-query: inurl:"/wp-content/themes/morning-coffee/"
     shodan-query: 'vuln:CVE-2011-3862'
-  tags: cve,wordpress,wp-theme,morning-coffee,medium
+  tags: cve,wordpress,wp-theme,morning-coffee,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3864-86bc0489b6564a6b791112624ecc4c24.yaml b/nuclei-templates/2011/CVE-2011-3864-86bc0489b6564a6b791112624ecc4c24.yaml
index f0457cf4eb..55737f3b85 100644
--- a/nuclei-templates/2011/CVE-2011-3864-86bc0489b6564a6b791112624ecc4c24.yaml
+++ b/nuclei-templates/2011/CVE-2011-3864-86bc0489b6564a6b791112624ecc4c24.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Erudite <= 2.7.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/the-erudite/"
     google-query: inurl:"/wp-content/themes/the-erudite/"
     shodan-query: 'vuln:CVE-2011-3864'
-  tags: cve,wordpress,wp-theme,the-erudite,medium
+  tags: cve,wordpress,wp-theme,the-erudite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-3865-530c76ddc7a277b970fa701ca1edf42b.yaml b/nuclei-templates/2011/CVE-2011-3865-530c76ddc7a277b970fa701ca1edf42b.yaml
index 42620fb1c1..52e060e1ec 100644
--- a/nuclei-templates/2011/CVE-2011-3865-530c76ddc7a277b970fa701ca1edf42b.yaml
+++ b/nuclei-templates/2011/CVE-2011-3865-530c76ddc7a277b970fa701ca1edf42b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Black-Letterhead <= 1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/black-letterhead/"
     google-query: inurl:"/wp-content/themes/black-letterhead/"
     shodan-query: 'vuln:CVE-2011-3865'
-  tags: cve,wordpress,wp-theme,black-letterhead,medium
+  tags: cve,wordpress,wp-theme,black-letterhead,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-4106-a4aa366f217005e74322ff2bf7a0e182.yaml b/nuclei-templates/2011/CVE-2011-4106-a4aa366f217005e74322ff2bf7a0e182.yaml
index 8944ba564f..1beae8691e 100644
--- a/nuclei-templates/2011/CVE-2011-4106-a4aa366f217005e74322ff2bf7a0e182.yaml
+++ b/nuclei-templates/2011/CVE-2011-4106-a4aa366f217005e74322ff2bf7a0e182.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2011-4106
   metadata:
-    fofa-query: "wp-content/plugins/category-list-portfolio-page/"
-    google-query: inurl:"/wp-content/plugins/category-list-portfolio-page/"
+    fofa-query: "wp-content/plugins/simple-post-thumbnails/"
+    google-query: inurl:"/wp-content/plugins/simple-post-thumbnails/"
     shodan-query: 'vuln:CVE-2011-4106'
-  tags: cve,wordpress,wp-plugin,category-list-portfolio-page,critical
+  tags: cve,wordpress,wp-plugin,simple-post-thumbnails,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/category-list-portfolio-page/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/simple-post-thumbnails/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "category-list-portfolio-page"
+          - "simple-post-thumbnails"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2011/CVE-2011-4562-c050cce5edc786cc76c2f3dcee80f148.yaml b/nuclei-templates/2011/CVE-2011-4562-c050cce5edc786cc76c2f3dcee80f148.yaml
index 69c43a3a27..109b3843b0 100644
--- a/nuclei-templates/2011/CVE-2011-4562-c050cce5edc786cc76c2f3dcee80f148.yaml
+++ b/nuclei-templates/2011/CVE-2011-4562-c050cce5edc786cc76c2f3dcee80f148.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirection <= 2.2.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirection/"
     google-query: inurl:"/wp-content/plugins/redirection/"
     shodan-query: 'vuln:CVE-2011-4562'
-  tags: cve,wordpress,wp-plugin,redirection,medium
+  tags: cve,wordpress,wp-plugin,redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-4568-8e904d0aa5c673b4683d6e95c3e351f3.yaml b/nuclei-templates/2011/CVE-2011-4568-8e904d0aa5c673b4683d6e95c3e351f3.yaml
index 7449aef015..c3ba07697e 100644
--- a/nuclei-templates/2011/CVE-2011-4568-8e904d0aa5c673b4683d6e95c3e351f3.yaml
+++ b/nuclei-templates/2011/CVE-2011-4568-8e904d0aa5c673b4683d6e95c3e351f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player <= 1.2.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:CVE-2011-4568'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-4618-0bc66019a5442f087e2da571324acbb0.yaml b/nuclei-templates/2011/CVE-2011-4618-0bc66019a5442f087e2da571324acbb0.yaml
index 7877be67ef..e82fdf62b6 100644
--- a/nuclei-templates/2011/CVE-2011-4618-0bc66019a5442f087e2da571324acbb0.yaml
+++ b/nuclei-templates/2011/CVE-2011-4618-0bc66019a5442f087e2da571324acbb0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Text Widget <= 2.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-text-widget/"
     google-query: inurl:"/wp-content/plugins/advanced-text-widget/"
     shodan-query: 'vuln:CVE-2011-4618'
-  tags: cve,wordpress,wp-plugin,advanced-text-widget,medium
+  tags: cve,wordpress,wp-plugin,advanced-text-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-4624-0b070c6bccd03db5dad9fdc1c059c617.yaml b/nuclei-templates/2011/CVE-2011-4624-0b070c6bccd03db5dad9fdc1c059c617.yaml
index b965ec2ad3..6a2e4d1f3d 100644
--- a/nuclei-templates/2011/CVE-2011-4624-0b070c6bccd03db5dad9fdc1c059c617.yaml
+++ b/nuclei-templates/2011/CVE-2011-4624-0b070c6bccd03db5dad9fdc1c059c617.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 1.57 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flash-album-gallery/"
     google-query: inurl:"/wp-content/plugins/flash-album-gallery/"
     shodan-query: 'vuln:CVE-2011-4624'
-  tags: cve,wordpress,wp-plugin,flash-album-gallery,medium
+  tags: cve,wordpress,wp-plugin,flash-album-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-4646-ac814100e213d264685a18f0bee470c2.yaml b/nuclei-templates/2011/CVE-2011-4646-ac814100e213d264685a18f0bee470c2.yaml
index 65af440c6b..2052e1fcc4 100644
--- a/nuclei-templates/2011/CVE-2011-4646-ac814100e213d264685a18f0bee470c2.yaml
+++ b/nuclei-templates/2011/CVE-2011-4646-ac814100e213d264685a18f0bee470c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-PostRatings <= 1.61 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-postratings/"
     google-query: inurl:"/wp-content/plugins/wp-postratings/"
     shodan-query: 'vuln:CVE-2011-4646'
-  tags: cve,wordpress,wp-plugin,wp-postratings,high
+  tags: cve,wordpress,wp-plugin,wp-postratings,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-4803-92f2fb442048282c27cd8fc5629a2db5.yaml b/nuclei-templates/2011/CVE-2011-4803-92f2fb442048282c27cd8fc5629a2db5.yaml
index 7d63ff3b7f..789d3bb938 100644
--- a/nuclei-templates/2011/CVE-2011-4803-92f2fb442048282c27cd8fc5629a2db5.yaml
+++ b/nuclei-templates/2011/CVE-2011-4803-92f2fb442048282c27cd8fc5629a2db5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPtouch <= 1.9.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wptouch/"
     google-query: inurl:"/wp-content/plugins/wptouch/"
     shodan-query: 'vuln:CVE-2011-4803'
-  tags: cve,wordpress,wp-plugin,wptouch,high
+  tags: cve,wordpress,wp-plugin,wptouch,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-4926-98258e7e3672ebda27bdfc41933c5290.yaml b/nuclei-templates/2011/CVE-2011-4926-98258e7e3672ebda27bdfc41933c5290.yaml
index f48053e941..336ca0d95b 100644
--- a/nuclei-templates/2011/CVE-2011-4926-98258e7e3672ebda27bdfc41933c5290.yaml
+++ b/nuclei-templates/2011/CVE-2011-4926-98258e7e3672ebda27bdfc41933c5290.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Adminimize <= 1.7.21 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adminimize/"
     google-query: inurl:"/wp-content/plugins/adminimize/"
     shodan-query: 'vuln:CVE-2011-4926'
-  tags: cve,wordpress,wp-plugin,adminimize,medium
+  tags: cve,wordpress,wp-plugin,adminimize,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-4955-596c399ca77f6898f5eb2e3e553223f2.yaml b/nuclei-templates/2011/CVE-2011-4955-596c399ca77f6898f5eb2e3e553223f2.yaml
index a2da93381e..57b5c83c00 100644
--- a/nuclei-templates/2011/CVE-2011-4955-596c399ca77f6898f5eb2e3e553223f2.yaml
+++ b/nuclei-templates/2011/CVE-2011-4955-596c399ca77f6898f5eb2e3e553223f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     bSuite <= 5 alpha 2 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bsuite/"
     google-query: inurl:"/wp-content/plugins/bsuite/"
     shodan-query: 'vuln:CVE-2011-4955'
-  tags: cve,wordpress,wp-plugin,bsuite,medium
+  tags: cve,wordpress,wp-plugin,bsuite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-4956-c6bafdf6d7b65e0b18711ab77d0f0098.yaml b/nuclei-templates/2011/CVE-2011-4956-c6bafdf6d7b65e0b18711ab77d0f0098.yaml
index df4dda5268..d4df1d1a04 100644
--- a/nuclei-templates/2011/CVE-2011-4956-c6bafdf6d7b65e0b18711ab77d0f0098.yaml
+++ b/nuclei-templates/2011/CVE-2011-4956-c6bafdf6d7b65e0b18711ab77d0f0098.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2011-4956
   metadata:
     shodan-query: 'vuln:CVE-2011-4956'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5051-ea4a5a60afde85ede6fced3685c1e946.yaml b/nuclei-templates/2011/CVE-2011-5051-ea4a5a60afde85ede6fced3685c1e946.yaml
index 5fd675199e..b760d91476 100644
--- a/nuclei-templates/2011/CVE-2011-5051-ea4a5a60afde85ede6fced3685c1e946.yaml
+++ b/nuclei-templates/2011/CVE-2011-5051-ea4a5a60afde85ede6fced3685c1e946.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Symposium < 11.12.24 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-symposium/"
     google-query: inurl:"/wp-content/plugins/wp-symposium/"
     shodan-query: 'vuln:CVE-2011-5051'
-  tags: cve,wordpress,wp-plugin,wp-symposium,high
+  tags: cve,wordpress,wp-plugin,wp-symposium,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5104-5f327ec92a2ed47a19cfa74c78839e26.yaml b/nuclei-templates/2011/CVE-2011-5104-5f327ec92a2ed47a19cfa74c78839e26.yaml
index 1e86513cbf..8123f4c60e 100644
--- a/nuclei-templates/2011/CVE-2011-5104-5f327ec92a2ed47a19cfa74c78839e26.yaml
+++ b/nuclei-templates/2011/CVE-2011-5104-5f327ec92a2ed47a19cfa74c78839e26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP eCommerce < 3.8.7.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter.  NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-e-commerce/"
     google-query: inurl:"/wp-content/plugins/wp-e-commerce/"
     shodan-query: 'vuln:CVE-2011-5104'
-  tags: cve,wordpress,wp-plugin,wp-e-commerce,medium
+  tags: cve,wordpress,wp-plugin,wp-e-commerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5106-9fb1e67eb818f983f8dbfc23b2a0c064.yaml b/nuclei-templates/2011/CVE-2011-5106-9fb1e67eb818f983f8dbfc23b2a0c064.yaml
index cb1bf07e90..a74a6c5a04 100644
--- a/nuclei-templates/2011/CVE-2011-5106-9fb1e67eb818f983f8dbfc23b2a0c064.yaml
+++ b/nuclei-templates/2011/CVE-2011-5106-9fb1e67eb818f983f8dbfc23b2a0c064.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flexible-custom-post-type/"
     google-query: inurl:"/wp-content/plugins/flexible-custom-post-type/"
     shodan-query: 'vuln:CVE-2011-5106'
-  tags: cve,wordpress,wp-plugin,flexible-custom-post-type,medium
+  tags: cve,wordpress,wp-plugin,flexible-custom-post-type,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5107-47f5d0213d6a55b30c759752f9fa351e.yaml b/nuclei-templates/2011/CVE-2011-5107-47f5d0213d6a55b30c759752f9fa351e.yaml
index 7338f200d7..8df8c83922 100644
--- a/nuclei-templates/2011/CVE-2011-5107-47f5d0213d6a55b30c759752f9fa351e.yaml
+++ b/nuclei-templates/2011/CVE-2011-5107-47f5d0213d6a55b30c759752f9fa351e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Alert Before Your Post <= 0.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alert-before-your-post/"
     google-query: inurl:"/wp-content/plugins/alert-before-your-post/"
     shodan-query: 'vuln:CVE-2011-5107'
-  tags: cve,wordpress,wp-plugin,alert-before-your-post,medium
+  tags: cve,wordpress,wp-plugin,alert-before-your-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5128-a9a5808c69ac6668bf195f6fcb5a5a1a.yaml b/nuclei-templates/2011/CVE-2011-5128-a9a5808c69ac6668bf195f6fcb5a5a1a.yaml
index 82a17a3853..d90eadc159 100644
--- a/nuclei-templates/2011/CVE-2011-5128-a9a5808c69ac6668bf195f6fcb5a5a1a.yaml
+++ b/nuclei-templates/2011/CVE-2011-5128-a9a5808c69ac6668bf195f6fcb5a5a1a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Adminimize < 1.7.22 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adminimize/"
     google-query: inurl:"/wp-content/plugins/adminimize/"
     shodan-query: 'vuln:CVE-2011-5128'
-  tags: cve,wordpress,wp-plugin,adminimize,medium
+  tags: cve,wordpress,wp-plugin,adminimize,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5181-41d06e1c542cc99b348ba7db58f2c892.yaml b/nuclei-templates/2011/CVE-2011-5181-41d06e1c542cc99b348ba7db58f2c892.yaml
index 0019e5e206..ee63ed94a4 100644
--- a/nuclei-templates/2011/CVE-2011-5181-41d06e1c542cc99b348ba7db58f2c892.yaml
+++ b/nuclei-templates/2011/CVE-2011-5181-41d06e1c542cc99b348ba7db58f2c892.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clickdesk-live-support-chat-plugin/"
     google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat-plugin/"
     shodan-query: 'vuln:CVE-2011-5181'
-  tags: cve,wordpress,wp-plugin,clickdesk-live-support-chat-plugin,medium
+  tags: cve,wordpress,wp-plugin,clickdesk-live-support-chat-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5191-052601a64f3c278014382ca43022a402.yaml b/nuclei-templates/2011/CVE-2011-5191-052601a64f3c278014382ca43022a402.yaml
index 3eca3f964b..a342c2e469 100644
--- a/nuclei-templates/2011/CVE-2011-5191-052601a64f3c278014382ca43022a402.yaml
+++ b/nuclei-templates/2011/CVE-2011-5191-052601a64f3c278014382ca43022a402.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pretty Link Lite < 1.5.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pretty-link-lite/"
     google-query: inurl:"/wp-content/plugins/pretty-link-lite/"
     shodan-query: 'vuln:CVE-2011-5191'
-  tags: cve,wordpress,wp-plugin,pretty-link-lite,medium
+  tags: cve,wordpress,wp-plugin,pretty-link-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5192-a5b27966569a74533de04e9d976c99c9.yaml b/nuclei-templates/2011/CVE-2011-5192-a5b27966569a74533de04e9d976c99c9.yaml
index b6c4e17bee..5ee1a0fe9b 100644
--- a/nuclei-templates/2011/CVE-2011-5192-a5b27966569a74533de04e9d976c99c9.yaml
+++ b/nuclei-templates/2011/CVE-2011-5192-a5b27966569a74533de04e9d976c99c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pretty Link Lite < 1.5.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pretty-link-lite/"
     google-query: inurl:"/wp-content/plugins/pretty-link-lite/"
     shodan-query: 'vuln:CVE-2011-5192'
-  tags: cve,wordpress,wp-plugin,pretty-link-lite,medium
+  tags: cve,wordpress,wp-plugin,pretty-link-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5193-e7674c99987b6c4c7435d1f976b8d7fb.yaml b/nuclei-templates/2011/CVE-2011-5193-e7674c99987b6c4c7435d1f976b8d7fb.yaml
index 91a54484a4..d96a8f6c12 100644
--- a/nuclei-templates/2011/CVE-2011-5193-e7674c99987b6c4c7435d1f976b8d7fb.yaml
+++ b/nuclei-templates/2011/CVE-2011-5193-e7674c99987b6c4c7435d1f976b8d7fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WHOIS <= 1.4.2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-whois-search/"
     google-query: inurl:"/wp-content/plugins/wordpress-whois-search/"
     shodan-query: 'vuln:CVE-2011-5193'
-  tags: cve,wordpress,wp-plugin,wordpress-whois-search,medium
+  tags: cve,wordpress,wp-plugin,wordpress-whois-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5207-c4a1c6ea67bd01790c36ea2fb1f58bd3.yaml b/nuclei-templates/2011/CVE-2011-5207-c4a1c6ea67bd01790c36ea2fb1f58bd3.yaml
index 17cfe4bdfc..dea02f7266 100644
--- a/nuclei-templates/2011/CVE-2011-5207-c4a1c6ea67bd01790c36ea2fb1f58bd3.yaml
+++ b/nuclei-templates/2011/CVE-2011-5207-c4a1c6ea67bd01790c36ea2fb1f58bd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TheCartPress eCommerce Shopping Cart <= 1.1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thecartpress/"
     google-query: inurl:"/wp-content/plugins/thecartpress/"
     shodan-query: 'vuln:CVE-2011-5207'
-  tags: cve,wordpress,wp-plugin,thecartpress,medium
+  tags: cve,wordpress,wp-plugin,thecartpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5225-aeea609833832e1baa1f0bd27367ec6d.yaml b/nuclei-templates/2011/CVE-2011-5225-aeea609833832e1baa1f0bd27367ec6d.yaml
index 90598dc53a..3d9f969003 100644
--- a/nuclei-templates/2011/CVE-2011-5225-aeea609833832e1baa1f0bd27367ec6d.yaml
+++ b/nuclei-templates/2011/CVE-2011-5225-aeea609833832e1baa1f0bd27367ec6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Sentinel <= 1.0.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-sentinel/"
     google-query: inurl:"/wp-content/plugins/wordpress-sentinel/"
     shodan-query: 'vuln:CVE-2011-5225'
-  tags: cve,wordpress,wp-plugin,wordpress-sentinel,medium
+  tags: cve,wordpress,wp-plugin,wordpress-sentinel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5226-3d4fded5713d977453c4246e8903bc20.yaml b/nuclei-templates/2011/CVE-2011-5226-3d4fded5713d977453c4246e8903bc20.yaml
index 576b24c851..8a5eb17304 100644
--- a/nuclei-templates/2011/CVE-2011-5226-3d4fded5713d977453c4246e8903bc20.yaml
+++ b/nuclei-templates/2011/CVE-2011-5226-3d4fded5713d977453c4246e8903bc20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Sentinel <= 1.0.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots.
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-sentinel/"
     google-query: inurl:"/wp-content/plugins/wordpress-sentinel/"
     shodan-query: 'vuln:CVE-2011-5226'
-  tags: cve,wordpress,wp-plugin,wordpress-sentinel,high
+  tags: cve,wordpress,wp-plugin,wordpress-sentinel,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5254-2e3f61534eb2162d57847e92682b9bbd.yaml b/nuclei-templates/2011/CVE-2011-5254-2e3f61534eb2162d57847e92682b9bbd.yaml
index 932cb22cb5..a3183f02f6 100644
--- a/nuclei-templates/2011/CVE-2011-5254-2e3f61534eb2162d57847e92682b9bbd.yaml
+++ b/nuclei-templates/2011/CVE-2011-5254-2e3f61534eb2162d57847e92682b9bbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Connections Business Directory < 0.7.1.6 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Connections plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 0.7.1.5 due to insufficient authorization checks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/connections/"
     google-query: inurl:"/wp-content/plugins/connections/"
     shodan-query: 'vuln:CVE-2011-5254'
-  tags: cve,wordpress,wp-plugin,connections,medium
+  tags: cve,wordpress,wp-plugin,connections,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5257-376edc97e45ef94c79a753de3d636245.yaml b/nuclei-templates/2011/CVE-2011-5257-376edc97e45ef94c79a753de3d636245.yaml
index b0b0cbeb62..4fa9e0ec63 100644
--- a/nuclei-templates/2011/CVE-2011-5257-376edc97e45ef94c79a753de3d636245.yaml
+++ b/nuclei-templates/2011/CVE-2011-5257-376edc97e45ef94c79a753de3d636245.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Classipress <= 3.1.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/classipress/"
     google-query: inurl:"/wp-content/themes/classipress/"
     shodan-query: 'vuln:CVE-2011-5257'
-  tags: cve,wordpress,wp-theme,classipress,medium
+  tags: cve,wordpress,wp-theme,classipress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5265-9bc357ece2cde706b261987c1bf85bfa.yaml b/nuclei-templates/2011/CVE-2011-5265-9bc357ece2cde706b261987c1bf85bfa.yaml
index 533761c0dc..560092e1d9 100644
--- a/nuclei-templates/2011/CVE-2011-5265-9bc357ece2cde706b261987c1bf85bfa.yaml
+++ b/nuclei-templates/2011/CVE-2011-5265-9bc357ece2cde706b261987c1bf85bfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Featurific For WordPress <= 1.6.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.  NOTE: this has been disputed by a third party.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/featurific-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/featurific-for-wordpress/"
     shodan-query: 'vuln:CVE-2011-5265'
-  tags: cve,wordpress,wp-plugin,featurific-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,featurific-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5286-fb94da76ff281a4e13dbc1c86ed0929d.yaml b/nuclei-templates/2011/CVE-2011-5286-fb94da76ff281a4e13dbc1c86ed0929d.yaml
index 30ae0f08bb..c5b0f1a93a 100644
--- a/nuclei-templates/2011/CVE-2011-5286-fb94da76ff281a4e13dbc1c86ed0929d.yaml
+++ b/nuclei-templates/2011/CVE-2011-5286-fb94da76ff281a4e13dbc1c86ed0929d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Slider < 7.4.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-slider/"
     google-query: inurl:"/wp-content/plugins/social-slider/"
     shodan-query: 'vuln:CVE-2011-5286'
-  tags: cve,wordpress,wp-plugin,social-slider,high
+  tags: cve,wordpress,wp-plugin,social-slider,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5304-18fe02250ff137adf75ad3081c09ea5f.yaml b/nuclei-templates/2011/CVE-2011-5304-18fe02250ff137adf75ad3081c09ea5f.yaml
index c5abb6541e..34eb30ee22 100644
--- a/nuclei-templates/2011/CVE-2011-5304-18fe02250ff137adf75ad3081c09ea5f.yaml
+++ b/nuclei-templates/2011/CVE-2011-5304-18fe02250ff137adf75ad3081c09ea5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SodaHead Polls < 2.0.4 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) the poll_id parameter to customizer.php or (2) the customize parameter to poll.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sodahead-polls/"
     google-query: inurl:"/wp-content/plugins/sodahead-polls/"
     shodan-query: 'vuln:CVE-2011-5304'
-  tags: cve,wordpress,wp-plugin,sodahead-polls,medium
+  tags: cve,wordpress,wp-plugin,sodahead-polls,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5307-33a2e7fa2283855eea0bc65fb87d66e5.yaml b/nuclei-templates/2011/CVE-2011-5307-33a2e7fa2283855eea0bc65fb87d66e5.yaml
index 8b08ead6d1..7eb79ab82b 100644
--- a/nuclei-templates/2011/CVE-2011-5307-33a2e7fa2283855eea0bc65fb87d66e5.yaml
+++ b/nuclei-templates/2011/CVE-2011-5307-33a2e7fa2283855eea0bc65fb87d66e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photosmash Plugin < 1.0.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin before 1.0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photosmash-galleries/"
     google-query: inurl:"/wp-content/plugins/photosmash-galleries/"
     shodan-query: 'vuln:CVE-2011-5307'
-  tags: cve,wordpress,wp-plugin,photosmash-galleries,medium
+  tags: cve,wordpress,wp-plugin,photosmash-galleries,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2011/CVE-2011-5328-96bfdb264056a59de7cf266b01d0316c.yaml b/nuclei-templates/2011/CVE-2011-5328-96bfdb264056a59de7cf266b01d0316c.yaml
index a347911e11..a464f0146a 100644
--- a/nuclei-templates/2011/CVE-2011-5328-96bfdb264056a59de7cf266b01d0316c.yaml
+++ b/nuclei-templates/2011/CVE-2011-5328-96bfdb264056a59de7cf266b01d0316c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Access Manager < 1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The user-access-manager plugin before 1.2 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-access-manager/"
     google-query: inurl:"/wp-content/plugins/user-access-manager/"
     shodan-query: 'vuln:CVE-2011-5328'
-  tags: cve,wordpress,wp-plugin,user-access-manager,high
+  tags: cve,wordpress,wp-plugin,user-access-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-0287-77b2d106f56be975fb3bb74f975f0127.yaml b/nuclei-templates/2012/CVE-2012-0287-77b2d106f56be975fb3bb74f975f0127.yaml
index 835d8b3bb7..ab957601ce 100644
--- a/nuclei-templates/2012/CVE-2012-0287-77b2d106f56be975fb3bb74f975f0127.yaml
+++ b/nuclei-templates/2012/CVE-2012-0287-77b2d106f56be975fb3bb74f975f0127.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 3.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2012-0287
   metadata:
     shodan-query: 'vuln:CVE-2012-0287'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-0895-1424f14be2dcb113b8417a6cefda326b.yaml b/nuclei-templates/2012/CVE-2012-0895-1424f14be2dcb113b8417a6cefda326b.yaml
index 804eb30ff5..c5b4c6f01f 100644
--- a/nuclei-templates/2012/CVE-2012-0895-1424f14be2dcb113b8417a6cefda326b.yaml
+++ b/nuclei-templates/2012/CVE-2012-0895-1424f14be2dcb113b8417a6cefda326b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Count per Day <= 3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Count per Day plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘map’ parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/count-per-day/"
     google-query: inurl:"/wp-content/plugins/count-per-day/"
     shodan-query: 'vuln:CVE-2012-0895'
-  tags: cve,wordpress,wp-plugin,count-per-day,medium
+  tags: cve,wordpress,wp-plugin,count-per-day,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-0901-4ad999fa82a381d094bc99654eb86aca.yaml b/nuclei-templates/2012/CVE-2012-0901-4ad999fa82a381d094bc99654eb86aca.yaml
index e2b648ca1e..434e7cdc1c 100644
--- a/nuclei-templates/2012/CVE-2012-0901-4ad999fa82a381d094bc99654eb86aca.yaml
+++ b/nuclei-templates/2012/CVE-2012-0901-4ad999fa82a381d094bc99654eb86aca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YouSayToo auto-publishing plugin <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yousaytoo-auto-publishing-plugin/"
     google-query: inurl:"/wp-content/plugins/yousaytoo-auto-publishing-plugin/"
     shodan-query: 'vuln:CVE-2012-0901'
-  tags: cve,wordpress,wp-plugin,yousaytoo-auto-publishing-plugin,medium
+  tags: cve,wordpress,wp-plugin,yousaytoo-auto-publishing-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-10009-af8b6c1405ca4fecbb6348cbb779bff6.yaml b/nuclei-templates/2012/CVE-2012-10009-af8b6c1405ca4fecbb6348cbb779bff6.yaml
index 7c5311e031..4d1ade20af 100644
--- a/nuclei-templates/2012/CVE-2012-10009-af8b6c1405ca4fecbb6348cbb779bff6.yaml
+++ b/nuclei-templates/2012/CVE-2012-10009-af8b6c1405ca4fecbb6348cbb779bff6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     404like <= 1.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The 404Like plugin for WordPress is vulnerable to SQL Injection via the searchWord parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/404like/"
     google-query: inurl:"/wp-content/plugins/404like/"
     shodan-query: 'vuln:CVE-2012-10009'
-  tags: cve,wordpress,wp-plugin,404like,high
+  tags: cve,wordpress,wp-plugin,404like,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-1068-d9b7779382ec9bca0dc96d41eb9855af.yaml b/nuclei-templates/2012/CVE-2012-1068-d9b7779382ec9bca0dc96d41eb9855af.yaml
index b05d764584..2ad9cc0088 100644
--- a/nuclei-templates/2012/CVE-2012-1068-d9b7779382ec9bca0dc96d41eb9855af.yaml
+++ b/nuclei-templates/2012/CVE-2012-1068-d9b7779382ec9bca0dc96d41eb9855af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-RecentComments <= 2.0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recentcomments/"
     google-query: inurl:"/wp-content/plugins/wp-recentcomments/"
     shodan-query: 'vuln:CVE-2012-1068'
-  tags: cve,wordpress,wp-plugin,wp-recentcomments,medium
+  tags: cve,wordpress,wp-plugin,wp-recentcomments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-1785-062f64c8e6a3f6d8894bd4ff8b102cb3.yaml b/nuclei-templates/2012/CVE-2012-1785-062f64c8e6a3f6d8894bd4ff8b102cb3.yaml
index 9fc381c45e..3fb3a8f7c2 100644
--- a/nuclei-templates/2012/CVE-2012-1785-062f64c8e6a3f6d8894bd4ff8b102cb3.yaml
+++ b/nuclei-templates/2012/CVE-2012-1785-062f64c8e6a3f6d8894bd4ff8b102cb3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Videopack (formerly Video Embed & Thumbnail Generator) < 2.0 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Videopack (formerly Video Embed & Thumbnail Generator) plugin for WordPress is vulnerable to remote code execution in versions up to 2.0 due to insufficient input validation on data supplied to the runCom() function that executes code. This makes it possible for attackers to run arbitrary code on the system.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-embed-thumbnail-generator/"
     google-query: inurl:"/wp-content/plugins/video-embed-thumbnail-generator/"
     shodan-query: 'vuln:CVE-2012-1785'
-  tags: cve,wordpress,wp-plugin,video-embed-thumbnail-generator,high
+  tags: cve,wordpress,wp-plugin,video-embed-thumbnail-generator,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-1834-ad3b6e67373c173a68de7fe25df960c3.yaml b/nuclei-templates/2012/CVE-2012-1834-ad3b6e67373c173a68de7fe25df960c3.yaml
index 7374910bb0..c28b34ef97 100644
--- a/nuclei-templates/2012/CVE-2012-1834-ad3b6e67373c173a68de7fe25df960c3.yaml
+++ b/nuclei-templates/2012/CVE-2012-1834-ad3b6e67373c173a68de7fe25df960c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CMS Tree Page View < 0.8.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cms-tree-page-view/"
     google-query: inurl:"/wp-content/plugins/cms-tree-page-view/"
     shodan-query: 'vuln:CVE-2012-1834'
-  tags: cve,wordpress,wp-plugin,cms-tree-page-view,medium
+  tags: cve,wordpress,wp-plugin,cms-tree-page-view,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2371-00db16fbca7a4f9a03bd9187fe606bf2.yaml b/nuclei-templates/2012/CVE-2012-2371-00db16fbca7a4f9a03bd9187fe606bf2.yaml
index eac47863d5..8f879aeb29 100644
--- a/nuclei-templates/2012/CVE-2012-2371-00db16fbca7a4f9a03bd9187fe606bf2.yaml
+++ b/nuclei-templates/2012/CVE-2012-2371-00db16fbca7a4f9a03bd9187fe606bf2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-FaceThumb < 0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-facethumb/"
     google-query: inurl:"/wp-content/plugins/wp-facethumb/"
     shodan-query: 'vuln:CVE-2012-2371'
-  tags: cve,wordpress,wp-plugin,wp-facethumb,medium
+  tags: cve,wordpress,wp-plugin,wp-facethumb,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2402-0422552738ed57c09ee0769345670612.yaml b/nuclei-templates/2012/CVE-2012-2402-0422552738ed57c09ee0769345670612.yaml
index e46d438134..84447f4bd4 100644
--- a/nuclei-templates/2012/CVE-2012-2402-0422552738ed57c09ee0769345670612.yaml
+++ b/nuclei-templates/2012/CVE-2012-2402-0422552738ed57c09ee0769345670612.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.3.2 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2012-2402
   metadata:
     shodan-query: 'vuln:CVE-2012-2402'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2403-44d43af8a00799ed8cf48db72cbbf122.yaml b/nuclei-templates/2012/CVE-2012-2403-44d43af8a00799ed8cf48db72cbbf122.yaml
index 4602f0842c..10e52328b6 100644
--- a/nuclei-templates/2012/CVE-2012-2403-44d43af8a00799ed8cf48db72cbbf122.yaml
+++ b/nuclei-templates/2012/CVE-2012-2403-44d43af8a00799ed8cf48db72cbbf122.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2012-2403
   metadata:
     shodan-query: 'vuln:CVE-2012-2403'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2404-43262c5eaf25f49cf932dd17aa5ab966.yaml b/nuclei-templates/2012/CVE-2012-2404-43262c5eaf25f49cf932dd17aa5ab966.yaml
index be089b3337..4d75d00cf5 100644
--- a/nuclei-templates/2012/CVE-2012-2404-43262c5eaf25f49cf932dd17aa5ab966.yaml
+++ b/nuclei-templates/2012/CVE-2012-2404-43262c5eaf25f49cf932dd17aa5ab966.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 3.3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2012-2404
   metadata:
     shodan-query: 'vuln:CVE-2012-2404'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2572-260d59850520222ae9e82cf8d0c5f77a.yaml b/nuclei-templates/2012/CVE-2012-2572-260d59850520222ae9e82cf8d0c5f77a.yaml
index 464c1826d9..a6b4ebe614 100644
--- a/nuclei-templates/2012/CVE-2012-2572-260d59850520222ae9e82cf8d0c5f77a.yaml
+++ b/nuclei-templates/2012/CVE-2012-2572-260d59850520222ae9e82cf8d0c5f77a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThreeWP Email Reflector < 1.16 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/threewp-email-reflector/"
     google-query: inurl:"/wp-content/plugins/threewp-email-reflector/"
     shodan-query: 'vuln:CVE-2012-2572'
-  tags: cve,wordpress,wp-plugin,threewp-email-reflector,medium
+  tags: cve,wordpress,wp-plugin,threewp-email-reflector,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2579-bdefbe0337f0d8136e413e9977ce9dce.yaml b/nuclei-templates/2012/CVE-2012-2579-bdefbe0337f0d8136e413e9977ce9dce.yaml
index 23036c240d..f328837148 100644
--- a/nuclei-templates/2012/CVE-2012-2579-bdefbe0337f0d8136e413e9977ce9dce.yaml
+++ b/nuclei-templates/2012/CVE-2012-2579-bdefbe0337f0d8136e413e9977ce9dce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SimpleMail <= 1.0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-simplemail/"
     google-query: inurl:"/wp-content/plugins/wp-simplemail/"
     shodan-query: 'vuln:CVE-2012-2579'
-  tags: cve,wordpress,wp-plugin,wp-simplemail,medium
+  tags: cve,wordpress,wp-plugin,wp-simplemail,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2633-4b2830a65cedd0c5dc26608a77f72c10.yaml b/nuclei-templates/2012/CVE-2012-2633-4b2830a65cedd0c5dc26608a77f72c10.yaml
index 4fe650bb83..34b3b04f42 100644
--- a/nuclei-templates/2012/CVE-2012-2633-4b2830a65cedd0c5dc26608a77f72c10.yaml
+++ b/nuclei-templates/2012/CVE-2012-2633-4b2830a65cedd0c5dc26608a77f72c10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WassUp Real Time Analytics < 1.8.3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wassup/"
     google-query: inurl:"/wp-content/plugins/wassup/"
     shodan-query: 'vuln:CVE-2012-2633'
-  tags: cve,wordpress,wp-plugin,wassup,medium
+  tags: cve,wordpress,wp-plugin,wassup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2759-7bcea995c31208e7b3ae2001fc2e0fd5.yaml b/nuclei-templates/2012/CVE-2012-2759-7bcea995c31208e7b3ae2001fc2e0fd5.yaml
index af593b2b66..7d0293f1df 100644
--- a/nuclei-templates/2012/CVE-2012-2759-7bcea995c31208e7b3ae2001fc2e0fd5.yaml
+++ b/nuclei-templates/2012/CVE-2012-2759-7bcea995c31208e7b3ae2001fc2e0fd5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login With Ajax <= 3.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-ajax/"
     google-query: inurl:"/wp-content/plugins/login-with-ajax/"
     shodan-query: 'vuln:CVE-2012-2759'
-  tags: cve,wordpress,wp-plugin,login-with-ajax,medium
+  tags: cve,wordpress,wp-plugin,login-with-ajax,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2912-d0e94011e5fe6201731b0911afc2291e.yaml b/nuclei-templates/2012/CVE-2012-2912-d0e94011e5fe6201731b0911afc2291e.yaml
index 858470e8ea..4150bad533 100644
--- a/nuclei-templates/2012/CVE-2012-2912-d0e94011e5fe6201731b0911afc2291e.yaml
+++ b/nuclei-templates/2012/CVE-2012-2912-d0e94011e5fe6201731b0911afc2291e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LeagueManager <= 3.7 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaguemanager/"
     google-query: inurl:"/wp-content/plugins/leaguemanager/"
     shodan-query: 'vuln:CVE-2012-2912'
-  tags: cve,wordpress,wp-plugin,leaguemanager,medium
+  tags: cve,wordpress,wp-plugin,leaguemanager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2913-d4c7d6015d840d0227eb1573d5a3b347.yaml b/nuclei-templates/2012/CVE-2012-2913-d4c7d6015d840d0227eb1573d5a3b347.yaml
index 3ea61d4476..f62b287b5a 100644
--- a/nuclei-templates/2012/CVE-2012-2913-d4c7d6015d840d0227eb1573d5a3b347.yaml
+++ b/nuclei-templates/2012/CVE-2012-2913-d4c7d6015d840d0227eb1573d5a3b347.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin before 2.3.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaflet-maps-marker/"
     google-query: inurl:"/wp-content/plugins/leaflet-maps-marker/"
     shodan-query: 'vuln:CVE-2012-2913'
-  tags: cve,wordpress,wp-plugin,leaflet-maps-marker,medium
+  tags: cve,wordpress,wp-plugin,leaflet-maps-marker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2916-8a88cbe198527237519cb3478f4555ce.yaml b/nuclei-templates/2012/CVE-2012-2916-8a88cbe198527237519cb3478f4555ce.yaml
index 91e4915feb..b1a3ea0dc3 100644
--- a/nuclei-templates/2012/CVE-2012-2916-8a88cbe198527237519cb3478f4555ce.yaml
+++ b/nuclei-templates/2012/CVE-2012-2916-8a88cbe198527237519cb3478f4555ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sabre < 1.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sabre/"
     google-query: inurl:"/wp-content/plugins/sabre/"
     shodan-query: 'vuln:CVE-2012-2916'
-  tags: cve,wordpress,wp-plugin,sabre,medium
+  tags: cve,wordpress,wp-plugin,sabre,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-2920-8e79000a55d2a7778e1f3a653b09e17f.yaml b/nuclei-templates/2012/CVE-2012-2920-8e79000a55d2a7778e1f3a653b09e17f.yaml
index 74f0aff1ca..0c2f64f2ce 100644
--- a/nuclei-templates/2012/CVE-2012-2920-8e79000a55d2a7778e1f3a653b09e17f.yaml
+++ b/nuclei-templates/2012/CVE-2012-2920-8e79000a55d2a7778e1f3a653b09e17f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Photo <= 0.9.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-photo/"
     google-query: inurl:"/wp-content/plugins/user-photo/"
     shodan-query: 'vuln:CVE-2012-2920'
-  tags: cve,wordpress,wp-plugin,user-photo,medium
+  tags: cve,wordpress,wp-plugin,user-photo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-3383-41bfd816790097549bf9b2c052568033.yaml b/nuclei-templates/2012/CVE-2012-3383-41bfd816790097549bf9b2c052568033.yaml
index b51feed27d..a87fe01c70 100644
--- a/nuclei-templates/2012/CVE-2012-3383-41bfd816790097549bf9b2c052568033.yaml
+++ b/nuclei-templates/2012/CVE-2012-3383-41bfd816790097549bf9b2c052568033.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2012-3383
   metadata:
     shodan-query: 'vuln:CVE-2012-3383'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-3384-91015e7f81886f4b730bb4d9cace5ff4.yaml b/nuclei-templates/2012/CVE-2012-3384-91015e7f81886f4b730bb4d9cace5ff4.yaml
index 64e326de16..e670772800 100644
--- a/nuclei-templates/2012/CVE-2012-3384-91015e7f81886f4b730bb4d9cace5ff4.yaml
+++ b/nuclei-templates/2012/CVE-2012-3384-91015e7f81886f4b730bb4d9cace5ff4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.4.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2012-3384
   metadata:
     shodan-query: 'vuln:CVE-2012-3384'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-3414-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/2012/CVE-2012-3414-568514847d2ecbfcd9be56c047f3a92a.yaml
index 086ea6a520..9a29315d80 100644
--- a/nuclei-templates/2012/CVE-2012-3414-568514847d2ecbfcd9be56c047f3a92a.yaml
+++ b/nuclei-templates/2012/CVE-2012-3414-568514847d2ecbfcd9be56c047f3a92a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SWFUpload <= 2.2.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2012-3414
   metadata:
-    fofa-query: "wp-content/plugins/wp-ecommerce-cvs-importer/"
-    google-query: inurl:"/wp-content/plugins/wp-ecommerce-cvs-importer/"
+    fofa-query: "wp-content/plugins/pica-photo-gallery/"
+    google-query: inurl:"/wp-content/plugins/pica-photo-gallery/"
     shodan-query: 'vuln:CVE-2012-3414'
-  tags: cve,wordpress,wp-plugin,wp-ecommerce-cvs-importer,medium
+  tags: cve,wordpress,wp-plugin,pica-photo-gallery,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-cvs-importer/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/pica-photo-gallery/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "wp-ecommerce-cvs-importer"
+          - "pica-photo-gallery"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2012/CVE-2012-3414-7849f4bf55847e7dee539697b18e4bc9.yaml b/nuclei-templates/2012/CVE-2012-3414-7849f4bf55847e7dee539697b18e4bc9.yaml
index d135a9917e..aef370e355 100644
--- a/nuclei-templates/2012/CVE-2012-3414-7849f4bf55847e7dee539697b18e4bc9.yaml
+++ b/nuclei-templates/2012/CVE-2012-3414-7849f4bf55847e7dee539697b18e4bc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 3.3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2012-3414
   metadata:
     shodan-query: 'vuln:CVE-2012-3414'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-3414-b7c464860f475ded8d2ed3cd59a1ad52.yaml b/nuclei-templates/2012/CVE-2012-3414-b7c464860f475ded8d2ed3cd59a1ad52.yaml
index 8744fc0e42..8ae6bd2142 100644
--- a/nuclei-templates/2012/CVE-2012-3414-b7c464860f475ded8d2ed3cd59a1ad52.yaml
+++ b/nuclei-templates/2012/CVE-2012-3414-b7c464860f475ded8d2ed3cd59a1ad52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGen Gallery <= 1.9.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NextGen Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via swfupload.swf in versions up to, and including,  1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2012-3414'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-3434-ba663052cd3e15a64b57c5574e6284ee.yaml b/nuclei-templates/2012/CVE-2012-3434-ba663052cd3e15a64b57c5574e6284ee.yaml
index 9d306fbab0..6ecbfc15e5 100644
--- a/nuclei-templates/2012/CVE-2012-3434-ba663052cd3e15a64b57c5574e6284ee.yaml
+++ b/nuclei-templates/2012/CVE-2012-3434-ba663052cd3e15a64b57c5574e6284ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Count Per Day <= 3.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/count-per-day/"
     google-query: inurl:"/wp-content/plugins/count-per-day/"
     shodan-query: 'vuln:CVE-2012-3434'
-  tags: cve,wordpress,wp-plugin,count-per-day,medium
+  tags: cve,wordpress,wp-plugin,count-per-day,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4226-ab4d33853504febd7c01f9cee8c9c3d2.yaml b/nuclei-templates/2012/CVE-2012-4226-ab4d33853504febd7c01f9cee8c9c3d2.yaml
index 1ef7df9bcb..557c305f99 100644
--- a/nuclei-templates/2012/CVE-2012-4226-ab4d33853504febd7c01f9cee8c9c3d2.yaml
+++ b/nuclei-templates/2012/CVE-2012-4226-ab4d33853504febd7c01f9cee8c9c3d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Post Widget <= 1.9.1 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3) New category field to wordpress/ or (4) query string to wordpress/.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-post-widget/"
     google-query: inurl:"/wp-content/plugins/quick-post-widget/"
     shodan-query: 'vuln:CVE-2012-4226'
-  tags: cve,wordpress,wp-plugin,quick-post-widget,medium
+  tags: cve,wordpress,wp-plugin,quick-post-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4242-bf34e0d076673dbb1080a2742b54fd0c.yaml b/nuclei-templates/2012/CVE-2012-4242-bf34e0d076673dbb1080a2742b54fd0c.yaml
index 42ed39541c..8b963f67b6 100644
--- a/nuclei-templates/2012/CVE-2012-4242-bf34e0d076673dbb1080a2742b54fd0c.yaml
+++ b/nuclei-templates/2012/CVE-2012-4242-bf34e0d076673dbb1080a2742b54fd0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MF Gig Calendar <= 0.9.4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin < 0.9.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mf-gig-calendar/"
     google-query: inurl:"/wp-content/plugins/mf-gig-calendar/"
     shodan-query: 'vuln:CVE-2012-4242'
-  tags: cve,wordpress,wp-plugin,mf-gig-calendar,medium
+  tags: cve,wordpress,wp-plugin,mf-gig-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4264-d3827d64e2bdf966f3d9c111c132ea14.yaml b/nuclei-templates/2012/CVE-2012-4264-d3827d64e2bdf966f3d9c111c132ea14.yaml
index 7566cd9521..a43cdd8d45 100644
--- a/nuclei-templates/2012/CVE-2012-4264-d3827d64e2bdf966f3d9c111c132ea14.yaml
+++ b/nuclei-templates/2012/CVE-2012-4264-d3827d64e2bdf966f3d9c111c132ea14.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-wp-security/"
     google-query: inurl:"/wp-content/plugins/better-wp-security/"
     shodan-query: 'vuln:CVE-2012-4264'
-  tags: cve,wordpress,wp-plugin,better-wp-security,medium
+  tags: cve,wordpress,wp-plugin,better-wp-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4271-0638cf0d113b279b6ab4547692f6759f.yaml b/nuclei-templates/2012/CVE-2012-4271-0638cf0d113b279b6ab4547692f6759f.yaml
index 7fff00a79f..74ebdcb1a7 100644
--- a/nuclei-templates/2012/CVE-2012-4271-0638cf0d113b279b6ab4547692f6759f.yaml
+++ b/nuclei-templates/2012/CVE-2012-4271-0638cf0d113b279b6ab4547692f6759f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bad Behavior < 2.0.47 & 2.2.0 - 2.2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bad-behavior/"
     google-query: inurl:"/wp-content/plugins/bad-behavior/"
     shodan-query: 'vuln:CVE-2012-4271'
-  tags: cve,wordpress,wp-plugin,bad-behavior,medium
+  tags: cve,wordpress,wp-plugin,bad-behavior,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4272-a6ea9efcd2b00d833f3dd3cae90d9348.yaml b/nuclei-templates/2012/CVE-2012-4272-a6ea9efcd2b00d833f3dd3cae90d9348.yaml
index 9472482eac..b2fa758456 100644
--- a/nuclei-templates/2012/CVE-2012-4272-a6ea9efcd2b00d833f3dd3cae90d9348.yaml
+++ b/nuclei-templates/2012/CVE-2012-4272-a6ea9efcd2b00d833f3dd3cae90d9348.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     2 Click Social Media Buttons <= 0.33 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest".
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/2-click-socialmedia-buttons/"
     google-query: inurl:"/wp-content/plugins/2-click-socialmedia-buttons/"
     shodan-query: 'vuln:CVE-2012-4272'
-  tags: cve,wordpress,wp-plugin,2-click-socialmedia-buttons,medium
+  tags: cve,wordpress,wp-plugin,2-click-socialmedia-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4273-50d503ecab241e54444834a8beaebf25.yaml b/nuclei-templates/2012/CVE-2012-4273-50d503ecab241e54444834a8beaebf25.yaml
index 93411f8c82..d4100e67f2 100644
--- a/nuclei-templates/2012/CVE-2012-4273-50d503ecab241e54444834a8beaebf25.yaml
+++ b/nuclei-templates/2012/CVE-2012-4273-50d503ecab241e54444834a8beaebf25.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     2 Click Social Media Buttons < 0.34 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/2-click-socialmedia-buttons/"
     google-query: inurl:"/wp-content/plugins/2-click-socialmedia-buttons/"
     shodan-query: 'vuln:CVE-2012-4273'
-  tags: cve,wordpress,wp-plugin,2-click-socialmedia-buttons,medium
+  tags: cve,wordpress,wp-plugin,2-click-socialmedia-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4283-ec063e4ec21933641631e905d4f64602.yaml b/nuclei-templates/2012/CVE-2012-4283-ec063e4ec21933641631e905d4f64602.yaml
index 1b8a080b9f..679e761969 100644
--- a/nuclei-templates/2012/CVE-2012-4283-ec063e4ec21933641631e905d4f64602.yaml
+++ b/nuclei-templates/2012/CVE-2012-4283-ec063e4ec21933641631e905d4f64602.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login With Ajax < 3.0.4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-ajax/"
     google-query: inurl:"/wp-content/plugins/login-with-ajax/"
     shodan-query: 'vuln:CVE-2012-4283'
-  tags: cve,wordpress,wp-plugin,login-with-ajax,medium
+  tags: cve,wordpress,wp-plugin,login-with-ajax,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4421-4e1daaf317e651c619a375744a295c28.yaml b/nuclei-templates/2012/CVE-2012-4421-4e1daaf317e651c619a375744a295c28.yaml
index 62303c93c4..12cd4d27a0 100644
--- a/nuclei-templates/2012/CVE-2012-4421-4e1daaf317e651c619a375744a295c28.yaml
+++ b/nuclei-templates/2012/CVE-2012-4421-4e1daaf317e651c619a375744a295c28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.4.2 - Missing Authorization Checks on create_post
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2012-4421
   metadata:
     shodan-query: 'vuln:CVE-2012-4421'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4422-9717160fae4fbf7e432e0ecf4fa6857d.yaml b/nuclei-templates/2012/CVE-2012-4422-9717160fae4fbf7e432e0ecf4fa6857d.yaml
index 209139cf70..994b39e951 100644
--- a/nuclei-templates/2012/CVE-2012-4422-9717160fae4fbf7e432e0ecf4fa6857d.yaml
+++ b/nuclei-templates/2012/CVE-2012-4422-9717160fae4fbf7e432e0ecf4fa6857d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: low
+  severity: high
   description: >
     wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2012-4422
   metadata:
     shodan-query: 'vuln:CVE-2012-4422'
-  tags: cve,wordpress,wp-core,low
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4874-c888a527d839638dab34ddfabb9982e5.yaml b/nuclei-templates/2012/CVE-2012-4874-c888a527d839638dab34ddfabb9982e5.yaml
index 41cf1c7890..9bdb4a156f 100644
--- a/nuclei-templates/2012/CVE-2012-4874-c888a527d839638dab34ddfabb9982e5.yaml
+++ b/nuclei-templates/2012/CVE-2012-4874-c888a527d839638dab34ddfabb9982e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_handleimagesupload function in versions up to, and including, 1.8.9.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/"
     google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/"
     shodan-query: 'vuln:CVE-2012-4874'
-  tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,high
+  tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-4921-668be2a6a44dad3bba943de0f544a515.yaml b/nuclei-templates/2012/CVE-2012-4921-668be2a6a44dad3bba943de0f544a515.yaml
index 7f2663f2fd..5eb99447fc 100644
--- a/nuclei-templates/2012/CVE-2012-4921-668be2a6a44dad3bba943de0f544a515.yaml
+++ b/nuclei-templates/2012/CVE-2012-4921-668be2a6a44dad3bba943de0f544a515.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DVS Custom Notification <= 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dvs-custom-notification/"
     google-query: inurl:"/wp-content/plugins/dvs-custom-notification/"
     shodan-query: 'vuln:CVE-2012-4921'
-  tags: cve,wordpress,wp-plugin,dvs-custom-notification,high
+  tags: cve,wordpress,wp-plugin,dvs-custom-notification,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5177-ed4c279d09c7012524c7ccab923e2ae4.yaml b/nuclei-templates/2012/CVE-2012-5177-ed4c279d09c7012524c7ccab923e2ae4.yaml
index 27cfc0c6ed..fab1747892 100644
--- a/nuclei-templates/2012/CVE-2012-5177-ed4c279d09c7012524c7ccab923e2ae4.yaml
+++ b/nuclei-templates/2012/CVE-2012-5177-ed4c279d09c7012524c7ccab923e2ae4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce < 1.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2012-5177'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
+  tags: cve,wordpress,wp-plugin,usc-e-shop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5178-87df231a3fe89988f05561dc4a2eda17.yaml b/nuclei-templates/2012/CVE-2012-5178-87df231a3fe89988f05561dc4a2eda17.yaml
index e5d214d664..a76123bc29 100644
--- a/nuclei-templates/2012/CVE-2012-5178-87df231a3fe89988f05561dc4a2eda17.yaml
+++ b/nuclei-templates/2012/CVE-2012-5178-87df231a3fe89988f05561dc4a2eda17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce < 1.2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2012-5178'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5325-552fdceb70e178ef12665118f36af7cf.yaml b/nuclei-templates/2012/CVE-2012-5325-552fdceb70e178ef12665118f36af7cf.yaml
index 19bba6b682..53171e78dc 100644
--- a/nuclei-templates/2012/CVE-2012-5325-552fdceb70e178ef12665118f36af7cf.yaml
+++ b/nuclei-templates/2012/CVE-2012-5325-552fdceb70e178ef12665118f36af7cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcode Redirect <= 1.0.01 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-redirect/"
     google-query: inurl:"/wp-content/plugins/shortcode-redirect/"
     shodan-query: 'vuln:CVE-2012-5325'
-  tags: cve,wordpress,wp-plugin,shortcode-redirect,medium
+  tags: cve,wordpress,wp-plugin,shortcode-redirect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5327-fb045d9c371baeb404b4c5f1d77f622c.yaml b/nuclei-templates/2012/CVE-2012-5327-fb045d9c371baeb404b4c5f1d77f622c.yaml
index be372505fa..d02f4dfecb 100644
--- a/nuclei-templates/2012/CVE-2012-5327-fb045d9c371baeb404b4c5f1d77f622c.yaml
+++ b/nuclei-templates/2012/CVE-2012-5327-fb045d9c371baeb404b4c5f1d77f622c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mingle Forum <= 1.0.32.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mingle-forum/"
     google-query: inurl:"/wp-content/plugins/mingle-forum/"
     shodan-query: 'vuln:CVE-2012-5327'
-  tags: cve,wordpress,wp-plugin,mingle-forum,high
+  tags: cve,wordpress,wp-plugin,mingle-forum,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5328-ca1107b3905cae6801d38dcd71b363a8.yaml b/nuclei-templates/2012/CVE-2012-5328-ca1107b3905cae6801d38dcd71b363a8.yaml
index a6716385ac..3b7e064a91 100644
--- a/nuclei-templates/2012/CVE-2012-5328-ca1107b3905cae6801d38dcd71b363a8.yaml
+++ b/nuclei-templates/2012/CVE-2012-5328-ca1107b3905cae6801d38dcd71b363a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mingle Forum <= 1.0.32.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mingle-forum/"
     google-query: inurl:"/wp-content/plugins/mingle-forum/"
     shodan-query: 'vuln:CVE-2012-5328'
-  tags: cve,wordpress,wp-plugin,mingle-forum,high
+  tags: cve,wordpress,wp-plugin,mingle-forum,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5346-9088cbacca16ddb298ad417146be5fc5.yaml b/nuclei-templates/2012/CVE-2012-5346-9088cbacca16ddb298ad417146be5fc5.yaml
index 68e85f496f..55792b97a8 100644
--- a/nuclei-templates/2012/CVE-2012-5346-9088cbacca16ddb298ad417146be5fc5.yaml
+++ b/nuclei-templates/2012/CVE-2012-5346-9088cbacca16ddb298ad417146be5fc5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Live.php <= 1.2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.  NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-livephp/"
     google-query: inurl:"/wp-content/plugins/wp-livephp/"
     shodan-query: 'vuln:CVE-2012-5346'
-  tags: cve,wordpress,wp-plugin,wp-livephp,medium
+  tags: cve,wordpress,wp-plugin,wp-livephp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5349-46bf8ffa7005c6ec6cf07777085484d4.yaml b/nuclei-templates/2012/CVE-2012-5349-46bf8ffa7005c6ec6cf07777085484d4.yaml
index af916ca8eb..a19b6f9cbd 100644
--- a/nuclei-templates/2012/CVE-2012-5349-46bf8ffa7005c6ec6cf07777085484d4.yaml
+++ b/nuclei-templates/2012/CVE-2012-5349-46bf8ffa7005c6ec6cf07777085484d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pay With Tweet <= 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pay-with-tweet/"
     google-query: inurl:"/wp-content/plugins/pay-with-tweet/"
     shodan-query: 'vuln:CVE-2012-5349'
-  tags: cve,wordpress,wp-plugin,pay-with-tweet,medium
+  tags: cve,wordpress,wp-plugin,pay-with-tweet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5350-5b86c54747aa1057e36177e85fea660b.yaml b/nuclei-templates/2012/CVE-2012-5350-5b86c54747aa1057e36177e85fea660b.yaml
index 8aa456d1e0..ffb47fcc57 100644
--- a/nuclei-templates/2012/CVE-2012-5350-5b86c54747aa1057e36177e85fea660b.yaml
+++ b/nuclei-templates/2012/CVE-2012-5350-5b86c54747aa1057e36177e85fea660b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pay With Tweet <= 1.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pay-with-tweet/"
     google-query: inurl:"/wp-content/plugins/pay-with-tweet/"
     shodan-query: 'vuln:CVE-2012-5350'
-  tags: cve,wordpress,wp-plugin,pay-with-tweet,high
+  tags: cve,wordpress,wp-plugin,pay-with-tweet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5387-7987b5631645ef011c12aa6fb80cc221.yaml b/nuclei-templates/2012/CVE-2012-5387-7987b5631645ef011c12aa6fb80cc221.yaml
index b252f81576..7a95c9aad1 100644
--- a/nuclei-templates/2012/CVE-2012-5387-7987b5631645ef011c12aa6fb80cc221.yaml
+++ b/nuclei-templates/2012/CVE-2012-5387-7987b5631645ef011c12aa6fb80cc221.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     White Label CMS < 1.5.1 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/white-label-cms/"
     google-query: inurl:"/wp-content/plugins/white-label-cms/"
     shodan-query: 'vuln:CVE-2012-5387'
-  tags: cve,wordpress,wp-plugin,white-label-cms,high
+  tags: cve,wordpress,wp-plugin,white-label-cms,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5469-f5f19df0291f0636aeea89c408a38887.yaml b/nuclei-templates/2012/CVE-2012-5469-f5f19df0291f0636aeea89c408a38887.yaml
index d33deeccce..be2adb1f2a 100644
--- a/nuclei-templates/2012/CVE-2012-5469-f5f19df0291f0636aeea89c408a38887.yaml
+++ b/nuclei-templates/2012/CVE-2012-5469-f5f19df0291f0636aeea89c408a38887.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Portable phpMyAdmin <= 1.3.0 - Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Portable phpMyAdmin plugin before 1.3.0 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/portable-phpmyadmin/"
     google-query: inurl:"/wp-content/plugins/portable-phpmyadmin/"
     shodan-query: 'vuln:CVE-2012-5469'
-  tags: cve,wordpress,wp-plugin,portable-phpmyadmin,high
+  tags: cve,wordpress,wp-plugin,portable-phpmyadmin,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5856-187ba8ada5a41b0d7770ae8aebf496fa.yaml b/nuclei-templates/2012/CVE-2012-5856-187ba8ada5a41b0d7770ae8aebf496fa.yaml
index 6a6cd9eb83..c53a007b50 100644
--- a/nuclei-templates/2012/CVE-2012-5856-187ba8ada5a41b0d7770ae8aebf496fa.yaml
+++ b/nuclei-templates/2012/CVE-2012-5856-187ba8ada5a41b0d7770ae8aebf496fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uk Cookie <= 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uk-cookie/"
     google-query: inurl:"/wp-content/plugins/uk-cookie/"
     shodan-query: 'vuln:CVE-2012-5856'
-  tags: cve,wordpress,wp-plugin,uk-cookie,medium
+  tags: cve,wordpress,wp-plugin,uk-cookie,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-5913-ef0c35cfc8264d312ebd8c7577e88c19.yaml b/nuclei-templates/2012/CVE-2012-5913-ef0c35cfc8264d312ebd8c7577e88c19.yaml
index b247d15c33..9d966984fd 100644
--- a/nuclei-templates/2012/CVE-2012-5913-ef0c35cfc8264d312ebd8c7577e88c19.yaml
+++ b/nuclei-templates/2012/CVE-2012-5913-ef0c35cfc8264d312ebd8c7577e88c19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Integrator <= 1.32 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-integrator/"
     google-query: inurl:"/wp-content/plugins/wp-integrator/"
     shodan-query: 'vuln:CVE-2012-5913'
-  tags: cve,wordpress,wp-plugin,wp-integrator,medium
+  tags: cve,wordpress,wp-plugin,wp-integrator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6312-2c3b5f42630b423898a1e16a09268499.yaml b/nuclei-templates/2012/CVE-2012-6312-2c3b5f42630b423898a1e16a09268499.yaml
index bcbac5d75f..ae6262339c 100644
--- a/nuclei-templates/2012/CVE-2012-6312-2c3b5f42630b423898a1e16a09268499.yaml
+++ b/nuclei-templates/2012/CVE-2012-6312-2c3b5f42630b423898a1e16a09268499.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Lead Form < 0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-lead-form/"
     google-query: inurl:"/wp-content/plugins/video-lead-form/"
     shodan-query: 'vuln:CVE-2012-6312'
-  tags: cve,wordpress,wp-plugin,video-lead-form,medium
+  tags: cve,wordpress,wp-plugin,video-lead-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6506-f4ee9df210a60a8c7b3151780ca279b1.yaml b/nuclei-templates/2012/CVE-2012-6506-f4ee9df210a60a8c7b3151780ca279b1.yaml
index e1e6f88330..a609ef748e 100644
--- a/nuclei-templates/2012/CVE-2012-6506-f4ee9df210a60a8c7b3151780ca279b1.yaml
+++ b/nuclei-templates/2012/CVE-2012-6506-f4ee9df210a60a8c7b3151780ca279b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zingiri Web Shop Plugin <= 2.4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zingiri-web-shop/"
     google-query: inurl:"/wp-content/plugins/zingiri-web-shop/"
     shodan-query: 'vuln:CVE-2012-6506'
-  tags: cve,wordpress,wp-plugin,zingiri-web-shop,medium
+  tags: cve,wordpress,wp-plugin,zingiri-web-shop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6511-a88755371a7efc7dfaacf49c4e565b46.yaml b/nuclei-templates/2012/CVE-2012-6511-a88755371a7efc7dfaacf49c4e565b46.yaml
index 4ac9541ed4..c87a6f1e3f 100644
--- a/nuclei-templates/2012/CVE-2012-6511-a88755371a7efc7dfaacf49c4e565b46.yaml
+++ b/nuclei-templates/2012/CVE-2012-6511-a88755371a7efc7dfaacf49c4e565b46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Organizer <= 1.2.1 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/organizer/"
     google-query: inurl:"/wp-content/plugins/organizer/"
     shodan-query: 'vuln:CVE-2012-6511'
-  tags: cve,wordpress,wp-plugin,organizer,medium
+  tags: cve,wordpress,wp-plugin,organizer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6527-5f2c8752d84edabaa8bbd1589413f608.yaml b/nuclei-templates/2012/CVE-2012-6527-5f2c8752d84edabaa8bbd1589413f608.yaml
index 9d3dfc5b8e..ef39204492 100644
--- a/nuclei-templates/2012/CVE-2012-6527-5f2c8752d84edabaa8bbd1589413f608.yaml
+++ b/nuclei-templates/2012/CVE-2012-6527-5f2c8752d84edabaa8bbd1589413f608.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Calendar < 1.10.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-calendar/"
     google-query: inurl:"/wp-content/plugins/my-calendar/"
     shodan-query: 'vuln:CVE-2012-6527'
-  tags: cve,wordpress,wp-plugin,my-calendar,medium
+  tags: cve,wordpress,wp-plugin,my-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6622-8cba549bfba1e71b314fc0d37ea95e7a.yaml b/nuclei-templates/2012/CVE-2012-6622-8cba549bfba1e71b314fc0d37ea95e7a.yaml
index 785bbb593c..89303ef010 100644
--- a/nuclei-templates/2012/CVE-2012-6622-8cba549bfba1e71b314fc0d37ea95e7a.yaml
+++ b/nuclei-templates/2012/CVE-2012-6622-8cba549bfba1e71b314fc0d37ea95e7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Forum Server <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Forum Server plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action in versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This can also be exploited via CSRF by unauthenticated users due to missing nonce validation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forum-server/"
     google-query: inurl:"/wp-content/plugins/forum-server/"
     shodan-query: 'vuln:CVE-2012-6622'
-  tags: cve,wordpress,wp-plugin,forum-server,medium
+  tags: cve,wordpress,wp-plugin,forum-server,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6624-a72a870d8ea76185ed68595992193f58.yaml b/nuclei-templates/2012/CVE-2012-6624-a72a870d8ea76185ed68595992193f58.yaml
index 5ca0891a6c..8a8a83c464 100644
--- a/nuclei-templates/2012/CVE-2012-6624-a72a870d8ea76185ed68595992193f58.yaml
+++ b/nuclei-templates/2012/CVE-2012-6624-a72a870d8ea76185ed68595992193f58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Soundcloud Is Gold <= 2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/soundcloud-is-gold/"
     google-query: inurl:"/wp-content/plugins/soundcloud-is-gold/"
     shodan-query: 'vuln:CVE-2012-6624'
-  tags: cve,wordpress,wp-plugin,soundcloud-is-gold,medium
+  tags: cve,wordpress,wp-plugin,soundcloud-is-gold,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6625-0856197f54ebc4b1a325747e3d0ab80c.yaml b/nuclei-templates/2012/CVE-2012-6625-0856197f54ebc4b1a325747e3d0ab80c.yaml
index bf278ab91d..b4e94e7363 100644
--- a/nuclei-templates/2012/CVE-2012-6625-0856197f54ebc4b1a325747e3d0ab80c.yaml
+++ b/nuclei-templates/2012/CVE-2012-6625-0856197f54ebc4b1a325747e3d0ab80c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Forum Server < 1.7.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forum-server/"
     google-query: inurl:"/wp-content/plugins/forum-server/"
     shodan-query: 'vuln:CVE-2012-6625'
-  tags: cve,wordpress,wp-plugin,forum-server,high
+  tags: cve,wordpress,wp-plugin,forum-server,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6627-4fecc14512bd412ef7b458d7c2feb79a.yaml b/nuclei-templates/2012/CVE-2012-6627-4fecc14512bd412ef7b458d7c2feb79a.yaml
index cb655a3eb1..824657193c 100644
--- a/nuclei-templates/2012/CVE-2012-6627-4fecc14512bd412ef7b458d7c2feb79a.yaml
+++ b/nuclei-templates/2012/CVE-2012-6627-4fecc14512bd412ef7b458d7c2feb79a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter Manager < 1.0.2 - Cross-Site Scripting via test_mail.php
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin before 1.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletter-manager/"
     google-query: inurl:"/wp-content/plugins/newsletter-manager/"
     shodan-query: 'vuln:CVE-2012-6627'
-  tags: cve,wordpress,wp-plugin,newsletter-manager,medium
+  tags: cve,wordpress,wp-plugin,newsletter-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6628-437f867caa3099fbc234387a5d6249e0.yaml b/nuclei-templates/2012/CVE-2012-6628-437f867caa3099fbc234387a5d6249e0.yaml
index 3cebd8b10d..ecc6d32546 100644
--- a/nuclei-templates/2012/CVE-2012-6628-437f867caa3099fbc234387a5d6249e0.yaml
+++ b/nuclei-templates/2012/CVE-2012-6628-437f867caa3099fbc234387a5d6249e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter Manager < 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campName to admin/create_campaign.php or (2) admin/edit_campaign.php, (3) xyz_em_email parameter to admin/edit_email.php, (4) xyz_em_exportbatchSize parameter to import_export.php, or (5) pagination limit in the Newsletter Manager options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletter-manager/"
     google-query: inurl:"/wp-content/plugins/newsletter-manager/"
     shodan-query: 'vuln:CVE-2012-6628'
-  tags: cve,wordpress,wp-plugin,newsletter-manager,medium
+  tags: cve,wordpress,wp-plugin,newsletter-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6629-ce05b3ae1fa8a55fc1f1267b8e05c4cc.yaml b/nuclei-templates/2012/CVE-2012-6629-ce05b3ae1fa8a55fc1f1267b8e05c4cc.yaml
index 5c73a7d5f5..30cecb1762 100644
--- a/nuclei-templates/2012/CVE-2012-6629-ce05b3ae1fa8a55fc1f1267b8e05c4cc.yaml
+++ b/nuclei-templates/2012/CVE-2012-6629-ce05b3ae1fa8a55fc1f1267b8e05c4cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter Manager < 1.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin before 1.4 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletter-manager/"
     google-query: inurl:"/wp-content/plugins/newsletter-manager/"
     shodan-query: 'vuln:CVE-2012-6629'
-  tags: cve,wordpress,wp-plugin,newsletter-manager,high
+  tags: cve,wordpress,wp-plugin,newsletter-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6630-01dd63a5f8faf96a00782f6bc3eb47be.yaml b/nuclei-templates/2012/CVE-2012-6630-01dd63a5f8faf96a00782f6bc3eb47be.yaml
index df269c46a3..1775e1d1ea 100644
--- a/nuclei-templates/2012/CVE-2012-6630-01dd63a5f8faf96a00782f6bc3eb47be.yaml
+++ b/nuclei-templates/2012/CVE-2012-6630-01dd63a5f8faf96a00782f6bc3eb47be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Categories <= 1.1.1 - Unauthenticated Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter to media-library-categories/add.php or (2) q parameter to media-library-categories/view.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-categories/"
     google-query: inurl:"/wp-content/plugins/media-library-categories/"
     shodan-query: 'vuln:CVE-2012-6630'
-  tags: cve,wordpress,wp-plugin,media-library-categories,medium
+  tags: cve,wordpress,wp-plugin,media-library-categories,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6633-53c3a2476763f7f2558688f9f26210ce.yaml b/nuclei-templates/2012/CVE-2012-6633-53c3a2476763f7f2558688f9f26210ce.yaml
index 98233eca06..2a16aee844 100644
--- a/nuclei-templates/2012/CVE-2012-6633-53c3a2476763f7f2558688f9f26210ce.yaml
+++ b/nuclei-templates/2012/CVE-2012-6633-53c3a2476763f7f2558688f9f26210ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 3.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2012-6633
   metadata:
     shodan-query: 'vuln:CVE-2012-6633'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6653-bc135ea3b74553b0fd14eafbe49bca73.yaml b/nuclei-templates/2012/CVE-2012-6653-bc135ea3b74553b0fd14eafbe49bca73.yaml
index 1353235d45..caf16d9191 100644
--- a/nuclei-templates/2012/CVE-2012-6653-bc135ea3b74553b0fd14eafbe49bca73.yaml
+++ b/nuclei-templates/2012/CVE-2012-6653-bc135ea3b74553b0fd14eafbe49bca73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All Video Gallery  <= 1.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The All Video Gallery plugin for WordPress is vulnerable to blind SQL Injection via the ‘ vid’ and 'pid' parameters in versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-video-gallery/"
     google-query: inurl:"/wp-content/plugins/all-video-gallery/"
     shodan-query: 'vuln:CVE-2012-6653'
-  tags: cve,wordpress,wp-plugin,all-video-gallery,high
+  tags: cve,wordpress,wp-plugin,all-video-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6713-72d88d4156b62bb9e1abe8555a4604f1.yaml b/nuclei-templates/2012/CVE-2012-6713-72d88d4156b62bb9e1abe8555a4604f1.yaml
index 9125001d14..b4500ddcb8 100644
--- a/nuclei-templates/2012/CVE-2012-6713-72d88d4156b62bb9e1abe8555a4604f1.yaml
+++ b/nuclei-templates/2012/CVE-2012-6713-72d88d4156b62bb9e1abe8555a4604f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Job Manager <= 0.7.18 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Job Manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.7.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-manager/"
     google-query: inurl:"/wp-content/plugins/job-manager/"
     shodan-query: 'vuln:CVE-2012-6713'
-  tags: cve,wordpress,wp-plugin,job-manager,medium
+  tags: cve,wordpress,wp-plugin,job-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6714-ecd06ad3b241a40ab31e78d6ecc1667e.yaml b/nuclei-templates/2012/CVE-2012-6714-ecd06ad3b241a40ab31e78d6ecc1667e.yaml
index 8bf5823720..e384c9860f 100644
--- a/nuclei-templates/2012/CVE-2012-6714-ecd06ad3b241a40ab31e78d6ecc1667e.yaml
+++ b/nuclei-templates/2012/CVE-2012-6714-ecd06ad3b241a40ab31e78d6ecc1667e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Count per Day Plugin < 3.2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/count-per-day/"
     google-query: inurl:"/wp-content/plugins/count-per-day/"
     shodan-query: 'vuln:CVE-2012-6714'
-  tags: cve,wordpress,wp-plugin,count-per-day,medium
+  tags: cve,wordpress,wp-plugin,count-per-day,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6715-a6e4580408df1cc0fd425db3d3f61102.yaml b/nuclei-templates/2012/CVE-2012-6715-a6e4580408df1cc0fd425db3d3f61102.yaml
index 2e92acc419..26758d97a3 100644
--- a/nuclei-templates/2012/CVE-2012-6715-a6e4580408df1cc0fd425db3d3f61102.yaml
+++ b/nuclei-templates/2012/CVE-2012-6715-a6e4580408df1cc0fd425db3d3f61102.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FormBuilder <= 0.90 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The formbuilder plugin before 0.91 for WordPress has XSS via a Referer header.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formbuilder/"
     google-query: inurl:"/wp-content/plugins/formbuilder/"
     shodan-query: 'vuln:CVE-2012-6715'
-  tags: cve,wordpress,wp-plugin,formbuilder,medium
+  tags: cve,wordpress,wp-plugin,formbuilder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6716-944355331d4d9eab9649c96fbc1339dc.yaml b/nuclei-templates/2012/CVE-2012-6716-944355331d4d9eab9649c96fbc1339dc.yaml
index f2d1bc76e0..03af92889f 100644
--- a/nuclei-templates/2012/CVE-2012-6716-944355331d4d9eab9649c96fbc1339dc.yaml
+++ b/nuclei-templates/2012/CVE-2012-6716-944355331d4d9eab9649c96fbc1339dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager < 5.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The  Events Manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2012-6716'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2012/CVE-2012-6718-2f64e4cf69164182b2f4695a0a03f04b.yaml b/nuclei-templates/2012/CVE-2012-6718-2f64e4cf69164182b2f4695a0a03f04b.yaml
index e6d9188bb5..98af07b215 100644
--- a/nuclei-templates/2012/CVE-2012-6718-2f64e4cf69164182b2f4695a0a03f04b.yaml
+++ b/nuclei-templates/2012/CVE-2012-6718-2f64e4cf69164182b2f4695a0a03f04b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sharebar <= 1.2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sharebar plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sharebar/"
     google-query: inurl:"/wp-content/plugins/sharebar/"
     shodan-query: 'vuln:CVE-2012-6718'
-  tags: cve,wordpress,wp-plugin,sharebar,medium
+  tags: cve,wordpress,wp-plugin,sharebar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-0236-ff8227d1909738ca97650b31fc8d45f5.yaml b/nuclei-templates/2013/CVE-2013-0236-ff8227d1909738ca97650b31fc8d45f5.yaml
index 49aeb0dbaf..c2b0919100 100644
--- a/nuclei-templates/2013/CVE-2013-0236-ff8227d1909738ca97650b31fc8d45f5.yaml
+++ b/nuclei-templates/2013/CVE-2013-0236-ff8227d1909738ca97650b31fc8d45f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.5.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2013-0236
   metadata:
     shodan-query: 'vuln:CVE-2013-0236'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-0237-62c0f4af115d106e4e2cbcfcbfb71c13.yaml b/nuclei-templates/2013/CVE-2013-0237-62c0f4af115d106e4e2cbcfcbfb71c13.yaml
index 08c7ec32a3..741e7728a7 100644
--- a/nuclei-templates/2013/CVE-2013-0237-62c0f4af115d106e4e2cbcfcbfb71c13.yaml
+++ b/nuclei-templates/2013/CVE-2013-0237-62c0f4af115d106e4e2cbcfcbfb71c13.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.5.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2013-0237
   metadata:
     shodan-query: 'vuln:CVE-2013-0237'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-0286-da11574313c0b78ab88b69a807dbc63e.yaml b/nuclei-templates/2013/CVE-2013-0286-da11574313c0b78ab88b69a807dbc63e.yaml
index c820f64bd6..2231ad709f 100644
--- a/nuclei-templates/2013/CVE-2013-0286-da11574313c0b78ab88b69a807dbc63e.yaml
+++ b/nuclei-templates/2013/CVE-2013-0286-da11574313c0b78ab88b69a807dbc63e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pinboard <= 1.1.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Pinboard 1.1.10 theme for Wordpress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/pinboard/"
     google-query: inurl:"/wp-content/themes/pinboard/"
     shodan-query: 'vuln:CVE-2013-0286'
-  tags: cve,wordpress,wp-theme,pinboard,medium
+  tags: cve,wordpress,wp-theme,pinboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-0731-74a3eb8891dcef7e1892db3c005e178d.yaml b/nuclei-templates/2013/CVE-2013-0731-74a3eb8891dcef7e1892db3c005e178d.yaml
index f5a4b22fbc..f4f0f7bd79 100644
--- a/nuclei-templates/2013/CVE-2013-0731-74a3eb8891dcef7e1892db3c005e178d.yaml
+++ b/nuclei-templates/2013/CVE-2013-0731-74a3eb8891dcef7e1892db3c005e178d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailUp newsletter sign-up form < 1.3.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie.  NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mailup/"
     google-query: inurl:"/wp-content/plugins/wp-mailup/"
     shodan-query: 'vuln:CVE-2013-0731'
-  tags: cve,wordpress,wp-plugin,wp-mailup,medium
+  tags: cve,wordpress,wp-plugin,wp-mailup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-0736-4a9495cead71bfc76b3becea53804acd.yaml b/nuclei-templates/2013/CVE-2013-0736-4a9495cead71bfc76b3becea53804acd.yaml
index d22764f519..7e09035a19 100644
--- a/nuclei-templates/2013/CVE-2013-0736-4a9495cead71bfc76b3becea53804acd.yaml
+++ b/nuclei-templates/2013/CVE-2013-0736-4a9495cead71bfc76b3becea53804acd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mingle Forum <= 1.0.34 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mingle-forum/"
     google-query: inurl:"/wp-content/plugins/mingle-forum/"
     shodan-query: 'vuln:CVE-2013-0736'
-  tags: cve,wordpress,wp-plugin,mingle-forum,high
+  tags: cve,wordpress,wp-plugin,mingle-forum,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-10023-c978227ed54be6d80dbe1ecf4f522c4f.yaml b/nuclei-templates/2013/CVE-2013-10023-c978227ed54be6d80dbe1ecf4f522c4f.yaml
index c433c2f3c8..c2a2661b0f 100644
--- a/nuclei-templates/2013/CVE-2013-10023-c978227ed54be6d80dbe1ecf4f522c4f.yaml
+++ b/nuclei-templates/2013/CVE-2013-10023-c978227ed54be6d80dbe1ecf4f522c4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Editorial Calendar <= 2.6 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Editorial Calendar plugin for WordPress is vulnerable to SQL Injection via post start and end dates in all versions up to, and including, 2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with admin-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/editorial-calendar/"
     google-query: inurl:"/wp-content/plugins/editorial-calendar/"
     shodan-query: 'vuln:CVE-2013-10023'
-  tags: cve,wordpress,wp-plugin,editorial-calendar,high
+  tags: cve,wordpress,wp-plugin,editorial-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-10026-347522eaa82eb43bdeab94627e4d0f98.yaml b/nuclei-templates/2013/CVE-2013-10026-347522eaa82eb43bdeab94627e4d0f98.yaml
index ea0cdace2e..517f0fa8b2 100644
--- a/nuclei-templates/2013/CVE-2013-10026-347522eaa82eb43bdeab94627e4d0f98.yaml
+++ b/nuclei-templates/2013/CVE-2013-10026-347522eaa82eb43bdeab94627e4d0f98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Subscribe List <= 2.0.9 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mail Subscribe List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sml_name' and 'sml_email' parameters in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-subscribe-list/"
     google-query: inurl:"/wp-content/plugins/mail-subscribe-list/"
     shodan-query: 'vuln:CVE-2013-10026'
-  tags: cve,wordpress,wp-plugin,mail-subscribe-list,medium
+  tags: cve,wordpress,wp-plugin,mail-subscribe-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-1407-eb8f98aa61e3c3db7506a6098f7ccbda.yaml b/nuclei-templates/2013/CVE-2013-1407-eb8f98aa61e3c3db7506a6098f7ccbda.yaml
index 60175aa264..484d5d82b2 100644
--- a/nuclei-templates/2013/CVE-2013-1407-eb8f98aa61e3c3db7506a6098f7ccbda.yaml
+++ b/nuclei-templates/2013/CVE-2013-1407-eb8f98aa61e3c3db7506a6098f7ccbda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4) user_email, or (5) booking_comment parameter to an event with registration enabled; or the (6) _wpnonce parameter to wp-admin/edit.php.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2013-1407
   metadata:
-    fofa-query: "wp-content/plugins/events-manager-pro/"
-    google-query: inurl:"/wp-content/plugins/events-manager-pro/"
+    fofa-query: "wp-content/plugins/events-manager/"
+    google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2013-1407'
-  tags: cve,wordpress,wp-plugin,events-manager-pro,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/events-manager-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "events-manager-pro"
+          - "events-manager"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 2.2.9')
\ No newline at end of file
+          - compare_versions(version, '< 5.3.5')
\ No newline at end of file
diff --git a/nuclei-templates/2013/CVE-2013-1408-7b51f983a57c524a14f0aa93885b9cf0.yaml b/nuclei-templates/2013/CVE-2013-1408-7b51f983a57c524a14f0aa93885b9cf0.yaml
index bbe98c1ac0..24cf7af9d2 100644
--- a/nuclei-templates/2013/CVE-2013-1408-7b51f983a57c524a14f0aa93885b9cf0.yaml
+++ b/nuclei-templates/2013/CVE-2013-1408-7b51f983a57c524a14f0aa93885b9cf0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailPoet Newsletters <= 2.2 - Multiple SQL Injections
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wysija-newsletters/"
     google-query: inurl:"/wp-content/plugins/wysija-newsletters/"
     shodan-query: 'vuln:CVE-2013-1408'
-  tags: cve,wordpress,wp-plugin,wysija-newsletters,high
+  tags: cve,wordpress,wp-plugin,wysija-newsletters,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-1463-4fd8626c11bff94fd8a393ce1bb61f0e.yaml b/nuclei-templates/2013/CVE-2013-1463-4fd8626c11bff94fd8a393ce1bb61f0e.yaml
index d6cf15a168..078f5092f6 100644
--- a/nuclei-templates/2013/CVE-2013-1463-4fd8626c11bff94fd8a393ce1bb61f0e.yaml
+++ b/nuclei-templates/2013/CVE-2013-1463-4fd8626c11bff94fd8a393ce1bb61f0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Table Reloaded <= 1.9.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-table-reloaded/"
     google-query: inurl:"/wp-content/plugins/wp-table-reloaded/"
     shodan-query: 'vuln:CVE-2013-1463'
-  tags: cve,wordpress,wp-plugin,wp-table-reloaded,medium
+  tags: cve,wordpress,wp-plugin,wp-table-reloaded,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-1464-c346700edac77f8ba964672619183f58.yaml b/nuclei-templates/2013/CVE-2013-1464-c346700edac77f8ba964672619183f58.yaml
index 4c5bb79a6d..40e39919b7 100644
--- a/nuclei-templates/2013/CVE-2013-1464-c346700edac77f8ba964672619183f58.yaml
+++ b/nuclei-templates/2013/CVE-2013-1464-c346700edac77f8ba964672619183f58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Audio Player <= 2.0.4.5 - Cross-Site Scripting via playerID Parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/audio-player/"
     google-query: inurl:"/wp-content/plugins/audio-player/"
     shodan-query: 'vuln:CVE-2013-1464'
-  tags: cve,wordpress,wp-plugin,audio-player,medium
+  tags: cve,wordpress,wp-plugin,audio-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-1758-3b4a8aeeafcd7cd5d89d3f79fbd2340b.yaml b/nuclei-templates/2013/CVE-2013-1758-3b4a8aeeafcd7cd5d89d3f79fbd2340b.yaml
index e79ba69ffc..b533458ffc 100644
--- a/nuclei-templates/2013/CVE-2013-1758-3b4a8aeeafcd7cd5d89d3f79fbd2340b.yaml
+++ b/nuclei-templates/2013/CVE-2013-1758-3b4a8aeeafcd7cd5d89d3f79fbd2340b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Marekkis Watermark-Plugin <= 0.9.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php.  NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/marekkis-watermark/"
     google-query: inurl:"/wp-content/plugins/marekkis-watermark/"
     shodan-query: 'vuln:CVE-2013-1758'
-  tags: cve,wordpress,wp-plugin,marekkis-watermark,medium
+  tags: cve,wordpress,wp-plugin,marekkis-watermark,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-1759-8d120ab408475ea52678a65c5972ac37.yaml b/nuclei-templates/2013/CVE-2013-1759-8d120ab408475ea52678a65c5972ac37.yaml
index 495ac98265..5f0a44e01d 100644
--- a/nuclei-templates/2013/CVE-2013-1759-8d120ab408475ea52678a65c5972ac37.yaml
+++ b/nuclei-templates/2013/CVE-2013-1759-8d120ab408475ea52678a65c5972ac37.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Logo Slideshow < 1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-logo-slideshow/"
     google-query: inurl:"/wp-content/plugins/responsive-logo-slideshow/"
     shodan-query: 'vuln:CVE-2013-1759'
-  tags: cve,wordpress,wp-plugin,responsive-logo-slideshow,medium
+  tags: cve,wordpress,wp-plugin,responsive-logo-slideshow,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-1765-f4124706d0e19c3b0ecdc824e2dde79c.yaml b/nuclei-templates/2013/CVE-2013-1765-f4124706d0e19c3b0ecdc824e2dde79c.yaml
index e9ee531661..39fac8845f 100644
--- a/nuclei-templates/2013/CVE-2013-1765-f4124706d0e19c3b0ecdc824e2dde79c.yaml
+++ b/nuclei-templates/2013/CVE-2013-1765-f4124706d0e19c3b0ecdc824e2dde79c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Flv <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerready parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-flv/"
     google-query: inurl:"/wp-content/plugins/smart-flv/"
     shodan-query: 'vuln:CVE-2013-1765'
-  tags: cve,wordpress,wp-plugin,smart-flv,medium
+  tags: cve,wordpress,wp-plugin,smart-flv,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-1808-7727a5f68ed648a5191d57e52492a289.yaml b/nuclei-templates/2013/CVE-2013-1808-7727a5f68ed648a5191d57e52492a289.yaml
index e661b9d9dc..7c7a391154 100644
--- a/nuclei-templates/2013/CVE-2013-1808-7727a5f68ed648a5191d57e52492a289.yaml
+++ b/nuclei-templates/2013/CVE-2013-1808-7727a5f68ed648a5191d57e52492a289.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zendesk Chat < 1.2.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.  NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zopim-live-chat/"
     google-query: inurl:"/wp-content/plugins/zopim-live-chat/"
     shodan-query: 'vuln:CVE-2013-1808'
-  tags: cve,wordpress,wp-plugin,zopim-live-chat,medium
+  tags: cve,wordpress,wp-plugin,zopim-live-chat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-1852-ccd9eb7d8d7c7fdd585ed7aff289426f.yaml b/nuclei-templates/2013/CVE-2013-1852-ccd9eb7d8d7c7fdd585ed7aff289426f.yaml
index 475c24d9a4..56479517c9 100644
--- a/nuclei-templates/2013/CVE-2013-1852-ccd9eb7d8d7c7fdd585ed7aff289426f.yaml
+++ b/nuclei-templates/2013/CVE-2013-1852-ccd9eb7d8d7c7fdd585ed7aff289426f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LeagueManager < 3.8.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaguemanager/"
     google-query: inurl:"/wp-content/plugins/leaguemanager/"
     shodan-query: 'vuln:CVE-2013-1852'
-  tags: cve,wordpress,wp-plugin,leaguemanager,high
+  tags: cve,wordpress,wp-plugin,leaguemanager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-1916-70ddedc5487f163b43d7ace431e3f2c6.yaml b/nuclei-templates/2013/CVE-2013-1916-70ddedc5487f163b43d7ace431e3f2c6.yaml
index 4feb16ef84..61eed9bf81 100644
--- a/nuclei-templates/2013/CVE-2013-1916-70ddedc5487f163b43d7ace431e3f2c6.yaml
+++ b/nuclei-templates/2013/CVE-2013-1916-70ddedc5487f163b43d7ace431e3f2c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Photo <= 0.9.4 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-photo/"
     google-query: inurl:"/wp-content/plugins/user-photo/"
     shodan-query: 'vuln:CVE-2013-1916'
-  tags: cve,wordpress,wp-plugin,user-photo,high
+  tags: cve,wordpress,wp-plugin,user-photo,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2008-d80662422b2866b3d65a5445924467ed.yaml b/nuclei-templates/2013/CVE-2013-2008-d80662422b2866b3d65a5445924467ed.yaml
index 3c83560fa9..e9b2187c6f 100644
--- a/nuclei-templates/2013/CVE-2013-2008-d80662422b2866b3d65a5445924467ed.yaml
+++ b/nuclei-templates/2013/CVE-2013-2008-d80662422b2866b3d65a5445924467ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Super Cache Plugin <= 1.3 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Super Cache Plugin 1.3 has XSS via several vulnerable parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-super-cache/"
     google-query: inurl:"/wp-content/plugins/wp-super-cache/"
     shodan-query: 'vuln:CVE-2013-2008'
-  tags: cve,wordpress,wp-plugin,wp-super-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-super-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2009-afeb8327fb03504a0b5ac79fd5a442f7.yaml b/nuclei-templates/2013/CVE-2013-2009-afeb8327fb03504a0b5ac79fd5a442f7.yaml
index b1c7ef3b98..c9a922c7f2 100644
--- a/nuclei-templates/2013/CVE-2013-2009-afeb8327fb03504a0b5ac79fd5a442f7.yaml
+++ b/nuclei-templates/2013/CVE-2013-2009-afeb8327fb03504a0b5ac79fd5a442f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Super Cache <= 1.2 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Super Cache plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.2. This allows unauthenticated attackers to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-super-cache/"
     google-query: inurl:"/wp-content/plugins/wp-super-cache/"
     shodan-query: 'vuln:CVE-2013-2009'
-  tags: cve,wordpress,wp-plugin,wp-super-cache,high
+  tags: cve,wordpress,wp-plugin,wp-super-cache,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2107-ff845ece92fe1b8afa1885550aee0170.yaml b/nuclei-templates/2013/CVE-2013-2107-ff845ece92fe1b8afa1885550aee0170.yaml
index c72662444c..fee7140a7b 100644
--- a/nuclei-templates/2013/CVE-2013-2107-ff845ece92fe1b8afa1885550aee0170.yaml
+++ b/nuclei-templates/2013/CVE-2013-2107-ff845ece92fe1b8afa1885550aee0170.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail On Update < 5.3.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php.  NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-on-update/"
     google-query: inurl:"/wp-content/plugins/mail-on-update/"
     shodan-query: 'vuln:CVE-2013-2107'
-  tags: cve,wordpress,wp-plugin,mail-on-update,high
+  tags: cve,wordpress,wp-plugin,mail-on-update,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2109-75c70b1bb438dfcca6e33d6263e0e86e.yaml b/nuclei-templates/2013/CVE-2013-2109-75c70b1bb438dfcca6e33d6263e0e86e.yaml
index b404c51351..1b541fb655 100644
--- a/nuclei-templates/2013/CVE-2013-2109-75c70b1bb438dfcca6e33d6263e0e86e.yaml
+++ b/nuclei-templates/2013/CVE-2013-2109-75c70b1bb438dfcca6e33d6263e0e86e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Cleanfix Plugin < 5.0.0 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     WordPress plugin wp-cleanfix has Remote Code Execution
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cleanfix/"
     google-query: inurl:"/wp-content/plugins/wp-cleanfix/"
     shodan-query: 'vuln:CVE-2013-2109'
-  tags: cve,wordpress,wp-plugin,wp-cleanfix,high
+  tags: cve,wordpress,wp-plugin,wp-cleanfix,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2200-6ea13de5e88a490bbeb3409f32172b66.yaml b/nuclei-templates/2013/CVE-2013-2200-6ea13de5e88a490bbeb3409f32172b66.yaml
index 78f2c06168..fe50e11e81 100644
--- a/nuclei-templates/2013/CVE-2013-2200-6ea13de5e88a490bbeb3409f32172b66.yaml
+++ b/nuclei-templates/2013/CVE-2013-2200-6ea13de5e88a490bbeb3409f32172b66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.5.2 -  Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2013-2200
   metadata:
     shodan-query: 'vuln:CVE-2013-2200'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2201-7fdbdd031d5c39eb7f813226abb85c96.yaml b/nuclei-templates/2013/CVE-2013-2201-7fdbdd031d5c39eb7f813226abb85c96.yaml
index f57052ef26..faee5b2481 100644
--- a/nuclei-templates/2013/CVE-2013-2201-7fdbdd031d5c39eb7f813226abb85c96.yaml
+++ b/nuclei-templates/2013/CVE-2013-2201-7fdbdd031d5c39eb7f813226abb85c96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.5.2 - Cross-Site Scripting via Multiple Vectors
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2013-2201
   metadata:
     shodan-query: 'vuln:CVE-2013-2201'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2205-9b2541766ae2ed11a30c45f083c00914.yaml b/nuclei-templates/2013/CVE-2013-2205-9b2541766ae2ed11a30c45f083c00914.yaml
index a8a528878f..3539683169 100644
--- a/nuclei-templates/2013/CVE-2013-2205-9b2541766ae2ed11a30c45f083c00914.yaml
+++ b/nuclei-templates/2013/CVE-2013-2205-9b2541766ae2ed11a30c45f083c00914.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.5.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2013-2205
   metadata:
     shodan-query: 'vuln:CVE-2013-2205'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2287-38106c08054956ec9ec0eb985cd6a30a.yaml b/nuclei-templates/2013/CVE-2013-2287-38106c08054956ec9ec0eb985cd6a30a.yaml
index ecfb9c5b1e..fef896edd6 100644
--- a/nuclei-templates/2013/CVE-2013-2287-38106c08054956ec9ec0eb985cd6a30a.yaml
+++ b/nuclei-templates/2013/CVE-2013-2287-38106c08054956ec9ec0eb985cd6a30a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uploader <= 1.0.4 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uploader/"
     google-query: inurl:"/wp-content/plugins/uploader/"
     shodan-query: 'vuln:CVE-2013-2287'
-  tags: cve,wordpress,wp-plugin,uploader,medium
+  tags: cve,wordpress,wp-plugin,uploader,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2501-47c8ae751ee325a323299c1e28df1079.yaml b/nuclei-templates/2013/CVE-2013-2501-47c8ae751ee325a323299c1e28df1079.yaml
index 76e4756869..24a3881600 100644
--- a/nuclei-templates/2013/CVE-2013-2501-47c8ae751ee325a323299c1e28df1079.yaml
+++ b/nuclei-templates/2013/CVE-2013-2501-47c8ae751ee325a323299c1e28df1079.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Terillion Reviews < 1.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/terillion-reviews/"
     google-query: inurl:"/wp-content/plugins/terillion-reviews/"
     shodan-query: 'vuln:CVE-2013-2501'
-  tags: cve,wordpress,wp-plugin,terillion-reviews,medium
+  tags: cve,wordpress,wp-plugin,terillion-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2640-5be3d6220be540ab529a6f616f5316f8.yaml b/nuclei-templates/2013/CVE-2013-2640-5be3d6220be540ab529a6f616f5316f8.yaml
index dedaed944a..55071256c5 100644
--- a/nuclei-templates/2013/CVE-2013-2640-5be3d6220be540ab529a6f616f5316f8.yaml
+++ b/nuclei-templates/2013/CVE-2013-2640-5be3d6220be540ab529a6f616f5316f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailUp newsletter sign-up form < 1.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mailup/"
     google-query: inurl:"/wp-content/plugins/wp-mailup/"
     shodan-query: 'vuln:CVE-2013-2640'
-  tags: cve,wordpress,wp-plugin,wp-mailup,medium
+  tags: cve,wordpress,wp-plugin,wp-mailup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2693-b73d87f96280b93d84cc00f272e356ef.yaml b/nuclei-templates/2013/CVE-2013-2693-b73d87f96280b93d84cc00f272e356ef.yaml
index eeb9c2602e..8599fab834 100644
--- a/nuclei-templates/2013/CVE-2013-2693-b73d87f96280b93d84cc00f272e356ef.yaml
+++ b/nuclei-templates/2013/CVE-2013-2693-b73d87f96280b93d84cc00f272e356ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Print <= 2.51 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-print/"
     google-query: inurl:"/wp-content/plugins/wp-print/"
     shodan-query: 'vuln:CVE-2013-2693'
-  tags: cve,wordpress,wp-plugin,wp-print,high
+  tags: cve,wordpress,wp-plugin,wp-print,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2696-7851eebfd119dbcb64d57949b00c8e79.yaml b/nuclei-templates/2013/CVE-2013-2696-7851eebfd119dbcb64d57949b00c8e79.yaml
index f8ef37fa6f..a74241393a 100644
--- a/nuclei-templates/2013/CVE-2013-2696-7851eebfd119dbcb64d57949b00c8e79.yaml
+++ b/nuclei-templates/2013/CVE-2013-2696-7851eebfd119dbcb64d57949b00c8e79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Webmaster < 8.2.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-webmaster/"
     google-query: inurl:"/wp-content/plugins/all-in-one-webmaster/"
     shodan-query: 'vuln:CVE-2013-2696'
-  tags: cve,wordpress,wp-plugin,all-in-one-webmaster,high
+  tags: cve,wordpress,wp-plugin,all-in-one-webmaster,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2697-f8b195ad87a5a50c5754f7800933e00c.yaml b/nuclei-templates/2013/CVE-2013-2697-f8b195ad87a5a50c5754f7800933e00c.yaml
index 15ffe5d1ba..92cfb03317 100644
--- a/nuclei-templates/2013/CVE-2013-2697-f8b195ad87a5a50c5754f7800933e00c.yaml
+++ b/nuclei-templates/2013/CVE-2013-2697-f8b195ad87a5a50c5754f7800933e00c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-DownloadManager Plugin < 1.61 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-download-manager/"
     google-query: inurl:"/wp-content/plugins/wp-download-manager/"
     shodan-query: 'vuln:CVE-2013-2697'
-  tags: cve,wordpress,wp-plugin,wp-download-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2699-0e39d853b3d4654c80796b1245bb017e.yaml b/nuclei-templates/2013/CVE-2013-2699-0e39d853b3d4654c80796b1245bb017e.yaml
index 087397de48..c2115d7069 100644
--- a/nuclei-templates/2013/CVE-2013-2699-0e39d853b3d4654c80796b1245bb017e.yaml
+++ b/nuclei-templates/2013/CVE-2013-2699-0e39d853b3d4654c80796b1245bb017e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     underConstruction < 1.09 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/underconstruction/"
     google-query: inurl:"/wp-content/plugins/underconstruction/"
     shodan-query: 'vuln:CVE-2013-2699'
-  tags: cve,wordpress,wp-plugin,underconstruction,high
+  tags: cve,wordpress,wp-plugin,underconstruction,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2700-4fb52fd64080462536a5af2ab82cbace.yaml b/nuclei-templates/2013/CVE-2013-2700-4fb52fd64080462536a5af2ab82cbace.yaml
index 47e5883de4..2a627fbdfd 100644
--- a/nuclei-templates/2013/CVE-2013-2700-4fb52fd64080462536a5af2ab82cbace.yaml
+++ b/nuclei-templates/2013/CVE-2013-2700-4fb52fd64080462536a5af2ab82cbace.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP125 <= 1.4.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp125/"
     google-query: inurl:"/wp-content/plugins/wp125/"
     shodan-query: 'vuln:CVE-2013-2700'
-  tags: cve,wordpress,wp-plugin,wp125,high
+  tags: cve,wordpress,wp-plugin,wp125,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2701-fab081bdfce9f805f8a61feef8468916.yaml b/nuclei-templates/2013/CVE-2013-2701-fab081bdfce9f805f8a61feef8468916.yaml
index 8686ad7a7d..6fc8eab4d1 100644
--- a/nuclei-templates/2013/CVE-2013-2701-fab081bdfce9f805f8a61feef8468916.yaml
+++ b/nuclei-templates/2013/CVE-2013-2701-fab081bdfce9f805f8a61feef8468916.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Sharing Toolkit <= 2.1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Social Sharing Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-sharing-toolkit/"
     google-query: inurl:"/wp-content/plugins/social-sharing-toolkit/"
     shodan-query: 'vuln:CVE-2013-2701'
-  tags: cve,wordpress,wp-plugin,social-sharing-toolkit,high
+  tags: cve,wordpress,wp-plugin,social-sharing-toolkit,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2703-72f73bf14c806744336e445356e6090f.yaml b/nuclei-templates/2013/CVE-2013-2703-72f73bf14c806744336e445356e6090f.yaml
index f3393e6813..27d935fa3d 100644
--- a/nuclei-templates/2013/CVE-2013-2703-72f73bf14c806744336e445356e6090f.yaml
+++ b/nuclei-templates/2013/CVE-2013-2703-72f73bf14c806744336e445356e6090f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Facebook Members < 5.0.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-members/"
     google-query: inurl:"/wp-content/plugins/facebook-members/"
     shodan-query: 'vuln:CVE-2013-2703'
-  tags: cve,wordpress,wp-plugin,facebook-members,high
+  tags: cve,wordpress,wp-plugin,facebook-members,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2706-a61b4c2ab615ad0f80b5138981abe8ce.yaml b/nuclei-templates/2013/CVE-2013-2706-a61b4c2ab615ad0f80b5138981abe8ce.yaml
index 2e975ac08c..f25f1f0c3d 100644
--- a/nuclei-templates/2013/CVE-2013-2706-a61b4c2ab615ad0f80b5138981abe8ce.yaml
+++ b/nuclei-templates/2013/CVE-2013-2706-a61b4c2ab615ad0f80b5138981abe8ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stream Video Player <= 1.4.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stream-video-player/"
     google-query: inurl:"/wp-content/plugins/stream-video-player/"
     shodan-query: 'vuln:CVE-2013-2706'
-  tags: cve,wordpress,wp-plugin,stream-video-player,high
+  tags: cve,wordpress,wp-plugin,stream-video-player,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2709-9b7bc1f0f7f491c09d5edf25ce5f3958.yaml b/nuclei-templates/2013/CVE-2013-2709-9b7bc1f0f7f491c09d5edf25ce5f3958.yaml
index b8ca0b8659..4a76a7fc87 100644
--- a/nuclei-templates/2013/CVE-2013-2709-9b7bc1f0f7f491c09d5edf25ce5f3958.yaml
+++ b/nuclei-templates/2013/CVE-2013-2709-9b7bc1f0f7f491c09d5edf25ce5f3958.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FourSquare Checkins < 1.3 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foursquare-checkins/"
     google-query: inurl:"/wp-content/plugins/foursquare-checkins/"
     shodan-query: 'vuln:CVE-2013-2709'
-  tags: cve,wordpress,wp-plugin,foursquare-checkins,high
+  tags: cve,wordpress,wp-plugin,foursquare-checkins,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2710-507e2521f54c5e6ca19bac49a7a788fa.yaml b/nuclei-templates/2013/CVE-2013-2710-507e2521f54c5e6ca19bac49a7a788fa.yaml
index 3855aa550a..ac2471ce23 100644
--- a/nuclei-templates/2013/CVE-2013-2710-507e2521f54c5e6ca19bac49a7a788fa.yaml
+++ b/nuclei-templates/2013/CVE-2013-2710-507e2521f54c5e6ca19bac49a7a788fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contextual Related Posts <= 1.8.6 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contextual-related-posts/"
     google-query: inurl:"/wp-content/plugins/contextual-related-posts/"
     shodan-query: 'vuln:CVE-2013-2710'
-  tags: cve,wordpress,wp-plugin,contextual-related-posts,high
+  tags: cve,wordpress,wp-plugin,contextual-related-posts,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-2714-396371aecede5680b30f6adf18b9bebd.yaml b/nuclei-templates/2013/CVE-2013-2714-396371aecede5680b30f6adf18b9bebd.yaml
index b22b335372..1c98118aa0 100644
--- a/nuclei-templates/2013/CVE-2013-2714-396371aecede5680b30f6adf18b9bebd.yaml
+++ b/nuclei-templates/2013/CVE-2013-2714-396371aecede5680b30f6adf18b9bebd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     podPress <= 8.8.10.17 - Cross-Site Scripting via playerID
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.17 (and possibly more) could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podpress/"
     google-query: inurl:"/wp-content/plugins/podpress/"
     shodan-query: 'vuln:CVE-2013-2714'
-  tags: cve,wordpress,wp-plugin,podpress,medium
+  tags: cve,wordpress,wp-plugin,podpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3251-bc3ead94b2639f49d2a3b634baef9593.yaml b/nuclei-templates/2013/CVE-2013-3251-bc3ead94b2639f49d2a3b634baef9593.yaml
index 00b1af6e2f..29991fe2e8 100644
--- a/nuclei-templates/2013/CVE-2013-3251-bc3ead94b2639f49d2a3b634baef9593.yaml
+++ b/nuclei-templates/2013/CVE-2013-3251-bc3ead94b2639f49d2a3b634baef9593.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     qTranslate <= 2.5.39 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qtranslate/"
     google-query: inurl:"/wp-content/plugins/qtranslate/"
     shodan-query: 'vuln:CVE-2013-3251'
-  tags: cve,wordpress,wp-plugin,qtranslate,high
+  tags: cve,wordpress,wp-plugin,qtranslate,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3252-888312a64923f43849174a79d906913e.yaml b/nuclei-templates/2013/CVE-2013-3252-888312a64923f43849174a79d906913e.yaml
index b567619a34..404200952d 100644
--- a/nuclei-templates/2013/CVE-2013-3252-888312a64923f43849174a79d906913e.yaml
+++ b/nuclei-templates/2013/CVE-2013-3252-888312a64923f43849174a79d906913e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-PostViews < 1.63 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-postviews/"
     google-query: inurl:"/wp-content/plugins/wp-postviews/"
     shodan-query: 'vuln:CVE-2013-3252'
-  tags: cve,wordpress,wp-plugin,wp-postviews,high
+  tags: cve,wordpress,wp-plugin,wp-postviews,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3253-1ce0c9b4a51f3fdac3a650bd3678e546.yaml b/nuclei-templates/2013/CVE-2013-3253-1ce0c9b4a51f3fdac3a650bd3678e546.yaml
index e3989abefd..c5b27a8e7d 100644
--- a/nuclei-templates/2013/CVE-2013-3253-1ce0c9b4a51f3fdac3a650bd3678e546.yaml
+++ b/nuclei-templates/2013/CVE-2013-3253-1ce0c9b4a51f3fdac3a650bd3678e546.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Xhanch – My Twitter <= 2.7.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xhanch-my-twitter/"
     google-query: inurl:"/wp-content/plugins/xhanch-my-twitter/"
     shodan-query: 'vuln:CVE-2013-3253'
-  tags: cve,wordpress,wp-plugin,xhanch-my-twitter,high
+  tags: cve,wordpress,wp-plugin,xhanch-my-twitter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3254-b3f583df01b20215cf8c32eded7781af.yaml b/nuclei-templates/2013/CVE-2013-3254-b3f583df01b20215cf8c32eded7781af.yaml
index 08ccff5ebd..9a096ea7cc 100644
--- a/nuclei-templates/2013/CVE-2013-3254-b3f583df01b20215cf8c32eded7781af.yaml
+++ b/nuclei-templates/2013/CVE-2013-3254-b3f583df01b20215cf8c32eded7781af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Photo Album Plus < 5.0.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-photo-album-plus/"
     google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/"
     shodan-query: 'vuln:CVE-2013-3254'
-  tags: cve,wordpress,wp-plugin,wp-photo-album-plus,medium
+  tags: cve,wordpress,wp-plugin,wp-photo-album-plus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3256-5031bc59caa3037821df61e5a345c90f.yaml b/nuclei-templates/2013/CVE-2013-3256-5031bc59caa3037821df61e5a345c90f.yaml
index db0eaa2ee9..44d848d4b0 100644
--- a/nuclei-templates/2013/CVE-2013-3256-5031bc59caa3037821df61e5a345c90f.yaml
+++ b/nuclei-templates/2013/CVE-2013-3256-5031bc59caa3037821df61e5a345c90f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SexyBookmarks <= 6.1.4.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings."
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sexybookmarks/"
     google-query: inurl:"/wp-content/plugins/sexybookmarks/"
     shodan-query: 'vuln:CVE-2013-3256'
-  tags: cve,wordpress,wp-plugin,sexybookmarks,high
+  tags: cve,wordpress,wp-plugin,sexybookmarks,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3261-4a78286f0fa257bf74920260dae5103f.yaml b/nuclei-templates/2013/CVE-2013-3261-4a78286f0fa257bf74920260dae5103f.yaml
index 608fd019fb..7db2cc741d 100644
--- a/nuclei-templates/2013/CVE-2013-3261-4a78286f0fa257bf74920260dae5103f.yaml
+++ b/nuclei-templates/2013/CVE-2013-3261-4a78286f0fa257bf74920260dae5103f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.72 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flash-album-gallery/"
     google-query: inurl:"/wp-content/plugins/flash-album-gallery/"
     shodan-query: 'vuln:CVE-2013-3261'
-  tags: cve,wordpress,wp-plugin,flash-album-gallery,medium
+  tags: cve,wordpress,wp-plugin,flash-album-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3262-a760bafd1cd95a91af8a27215ef05ba2.yaml b/nuclei-templates/2013/CVE-2013-3262-a760bafd1cd95a91af8a27215ef05ba2.yaml
index b222a48cfc..bbaf2e0929 100644
--- a/nuclei-templates/2013/CVE-2013-3262-a760bafd1cd95a91af8a27215ef05ba2.yaml
+++ b/nuclei-templates/2013/CVE-2013-3262-a760bafd1cd95a91af8a27215ef05ba2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor < 3.3.6.2 - Cross-Site Scripting via p Parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:CVE-2013-3262'
-  tags: cve,wordpress,wp-plugin,download-monitor,medium
+  tags: cve,wordpress,wp-plugin,download-monitor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3263-d7975313aa0a75118cad6d46dc36f4d3.yaml b/nuclei-templates/2013/CVE-2013-3263-d7975313aa0a75118cad6d46dc36f4d3.yaml
index ade064735c..d5543e8ad3 100644
--- a/nuclei-templates/2013/CVE-2013-3263-d7975313aa0a75118cad6d46dc36f4d3.yaml
+++ b/nuclei-templates/2013/CVE-2013-3263-d7975313aa0a75118cad6d46dc36f4d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Ultimate Email Marketer <= 1.2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.2.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-email-marketer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-email-marketer/"
     shodan-query: 'vuln:CVE-2013-3263'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-email-marketer,medium
+  tags: cve,wordpress,wp-plugin,wp-ultimate-email-marketer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3477-58ad613c40728469546ff0c459432f85.yaml b/nuclei-templates/2013/CVE-2013-3477-58ad613c40728469546ff0c459432f85.yaml
index 9c98a26ced..653732e7cb 100644
--- a/nuclei-templates/2013/CVE-2013-3477-58ad613c40728469546ff0c459432f85.yaml
+++ b/nuclei-templates/2013/CVE-2013-3477-58ad613c40728469546ff0c459432f85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Related Posts by Zemanta <= 1.3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/related-posts-by-zemanta/"
     google-query: inurl:"/wp-content/plugins/related-posts-by-zemanta/"
     shodan-query: 'vuln:CVE-2013-3477'
-  tags: cve,wordpress,wp-plugin,related-posts-by-zemanta,high
+  tags: cve,wordpress,wp-plugin,related-posts-by-zemanta,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3479-32ca157e45a11cba9d0a4e52d697d9d8.yaml b/nuclei-templates/2013/CVE-2013-3479-32ca157e45a11cba9d0a4e52d697d9d8.yaml
index 36b6b75afa..5eaaa01e00 100644
--- a/nuclei-templates/2013/CVE-2013-3479-32ca157e45a11cba9d0a4e52d697d9d8.yaml
+++ b/nuclei-templates/2013/CVE-2013-3479-32ca157e45a11cba9d0a4e52d697d9d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShareThis <= 7.0.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/share-this/"
     google-query: inurl:"/wp-content/plugins/share-this/"
     shodan-query: 'vuln:CVE-2013-3479'
-  tags: cve,wordpress,wp-plugin,share-this,high
+  tags: cve,wordpress,wp-plugin,share-this,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3487-123845e838da3a6daa580f3b2ed445cb.yaml b/nuclei-templates/2013/CVE-2013-3487-123845e838da3a6daa580f3b2ed445cb.yaml
index 5ad070d172..6edaead515 100644
--- a/nuclei-templates/2013/CVE-2013-3487-123845e838da3a6daa580f3b2ed445cb.yaml
+++ b/nuclei-templates/2013/CVE-2013-3487-123845e838da3a6daa580f3b2ed445cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BulletProof Security <= .48.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletproof-security/"
     google-query: inurl:"/wp-content/plugins/bulletproof-security/"
     shodan-query: 'vuln:CVE-2013-3487'
-  tags: cve,wordpress,wp-plugin,bulletproof-security,medium
+  tags: cve,wordpress,wp-plugin,bulletproof-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3491-61fcaed16881b56993f1d78f9758c2b3.yaml b/nuclei-templates/2013/CVE-2013-3491-61fcaed16881b56993f1d78f9758c2b3.yaml
index 9a67da1976..6131716b97 100644
--- a/nuclei-templates/2013/CVE-2013-3491-61fcaed16881b56993f1d78f9758c2b3.yaml
+++ b/nuclei-templates/2013/CVE-2013-3491-61fcaed16881b56993f1d78f9758c2b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sharebar <= 1.4.2 -  Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.4.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sharebar/"
     google-query: inurl:"/wp-content/plugins/sharebar/"
     shodan-query: 'vuln:CVE-2013-3491'
-  tags: cve,wordpress,wp-plugin,sharebar,medium
+  tags: cve,wordpress,wp-plugin,sharebar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3526-f3bf3aa52e1e30ba08101ace5617af2a.yaml b/nuclei-templates/2013/CVE-2013-3526-f3bf3aa52e1e30ba08101ace5617af2a.yaml
index 3f8b9b821b..7ad0fdcd04 100644
--- a/nuclei-templates/2013/CVE-2013-3526-f3bf3aa52e1e30ba08101ace5617af2a.yaml
+++ b/nuclei-templates/2013/CVE-2013-3526-f3bf3aa52e1e30ba08101ace5617af2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Traffic Analyzer < 3.4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.4.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/trafficanalyzer/"
     google-query: inurl:"/wp-content/plugins/trafficanalyzer/"
     shodan-query: 'vuln:CVE-2013-3526'
-  tags: cve,wordpress,wp-plugin,trafficanalyzer,medium
+  tags: cve,wordpress,wp-plugin,trafficanalyzer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-3720-42f14cb098faa7900818b46106b42afa.yaml b/nuclei-templates/2013/CVE-2013-3720-42f14cb098faa7900818b46106b42afa.yaml
index 6310e5e93d..f3ca631f53 100644
--- a/nuclei-templates/2013/CVE-2013-3720-42f14cb098faa7900818b46106b42afa.yaml
+++ b/nuclei-templates/2013/CVE-2013-3720-42f14cb098faa7900818b46106b42afa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feedweb < 1.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Feedweb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_post_id' parameter in versions up to 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedweb/"
     google-query: inurl:"/wp-content/plugins/feedweb/"
     shodan-query: 'vuln:CVE-2013-3720'
-  tags: cve,wordpress,wp-plugin,feedweb,medium
+  tags: cve,wordpress,wp-plugin,feedweb,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-4240-8de4556487daff9f80ef882a72ac48a1.yaml b/nuclei-templates/2013/CVE-2013-4240-8de4556487daff9f80ef882a72ac48a1.yaml
index 62a2aaece9..69754925fe 100644
--- a/nuclei-templates/2013/CVE-2013-4240-8de4556487daff9f80ef882a72ac48a1.yaml
+++ b/nuclei-templates/2013/CVE-2013-4240-8de4556487daff9f80ef882a72ac48a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HMS Testimonials <= 2.0.10 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hms-testimonials/"
     google-query: inurl:"/wp-content/plugins/hms-testimonials/"
     shodan-query: 'vuln:CVE-2013-4240'
-  tags: cve,wordpress,wp-plugin,hms-testimonials,high
+  tags: cve,wordpress,wp-plugin,hms-testimonials,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-4241-0edbba73cef4d5273525e9fdeb2bcb4c.yaml b/nuclei-templates/2013/CVE-2013-4241-0edbba73cef4d5273525e9fdeb2bcb4c.yaml
index 957dee4648..87bfddd411 100644
--- a/nuclei-templates/2013/CVE-2013-4241-0edbba73cef4d5273525e9fdeb2bcb4c.yaml
+++ b/nuclei-templates/2013/CVE-2013-4241-0edbba73cef4d5273525e9fdeb2bcb4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HMS Testimonials < 2.0.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hms-testimonials/"
     google-query: inurl:"/wp-content/plugins/hms-testimonials/"
     shodan-query: 'vuln:CVE-2013-4241'
-  tags: cve,wordpress,wp-plugin,hms-testimonials,medium
+  tags: cve,wordpress,wp-plugin,hms-testimonials,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-4625-0244633df1d46b9b703b5c746fbc6e51.yaml b/nuclei-templates/2013/CVE-2013-4625-0244633df1d46b9b703b5c746fbc6e51.yaml
index c75016a193..7d779584ba 100644
--- a/nuclei-templates/2013/CVE-2013-4625-0244633df1d46b9b703b5c746fbc6e51.yaml
+++ b/nuclei-templates/2013/CVE-2013-4625-0244633df1d46b9b703b5c746fbc6e51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicator/"
     google-query: inurl:"/wp-content/plugins/duplicator/"
     shodan-query: 'vuln:CVE-2013-4625'
-  tags: cve,wordpress,wp-plugin,duplicator,medium
+  tags: cve,wordpress,wp-plugin,duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-4626-356feecea26ff4c40d9fa77a244963ee.yaml b/nuclei-templates/2013/CVE-2013-4626-356feecea26ff4c40d9fa77a244963ee.yaml
index 37e500d5ec..58b105d15a 100644
--- a/nuclei-templates/2013/CVE-2013-4626-356feecea26ff4c40d9fa77a244963ee.yaml
+++ b/nuclei-templates/2013/CVE-2013-4626-356feecea26ff4c40d9fa77a244963ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BackWPup < 3.0.13 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backwpup/"
     google-query: inurl:"/wp-content/plugins/backwpup/"
     shodan-query: 'vuln:CVE-2013-4626'
-  tags: cve,wordpress,wp-plugin,backwpup,medium
+  tags: cve,wordpress,wp-plugin,backwpup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-4693-75fb06485693f13299e4aa42a8ec1d70.yaml b/nuclei-templates/2013/CVE-2013-4693-75fb06485693f13299e4aa42a8ec1d70.yaml
index 90a9869d0e..45316adf03 100644
--- a/nuclei-templates/2013/CVE-2013-4693-75fb06485693f13299e4aa42a8ec1d70.yaml
+++ b/nuclei-templates/2013/CVE-2013-4693-75fb06485693f13299e4aa42a8ec1d70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Xorbin Digital Flash Clock < 1.0 - DOM Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress Xorbin Digital Flash Clock 1.0 has XSS via 'widgetUrl' parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xorbin-digital-flash-clock/"
     google-query: inurl:"/wp-content/plugins/xorbin-digital-flash-clock/"
     shodan-query: 'vuln:CVE-2013-4693'
-  tags: cve,wordpress,wp-plugin,xorbin-digital-flash-clock,medium
+  tags: cve,wordpress,wp-plugin,xorbin-digital-flash-clock,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-4944-a103c2e3cc97ab522767ac0230b22480.yaml b/nuclei-templates/2013/CVE-2013-4944-a103c2e3cc97ab522767ac0230b22480.yaml
index ba0db5bc2f..0d498dcd44 100644
--- a/nuclei-templates/2013/CVE-2013-4944-a103c2e3cc97ab522767ac0230b22480.yaml
+++ b/nuclei-templates/2013/CVE-2013-4944-a103c2e3cc97ab522767ac0230b22480.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress Extended Friendship Request < 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php.  NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-extended-friendship-request/"
     google-query: inurl:"/wp-content/plugins/buddypress-extended-friendship-request/"
     shodan-query: 'vuln:CVE-2013-4944'
-  tags: cve,wordpress,wp-plugin,buddypress-extended-friendship-request,medium
+  tags: cve,wordpress,wp-plugin,buddypress-extended-friendship-request,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-4954-085dcf91f1430534b15ba25ebc810709.yaml b/nuclei-templates/2013/CVE-2013-4954-085dcf91f1430534b15ba25ebc810709.yaml
index cf0cb7dbac..a67142373c 100644
--- a/nuclei-templates/2013/CVE-2013-4954-085dcf91f1430534b15ba25ebc810709.yaml
+++ b/nuclei-templates/2013/CVE-2013-4954-085dcf91f1430534b15ba25ebc810709.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pie Register <= 1.30 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action.  NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pie-register/"
     google-query: inurl:"/wp-content/plugins/pie-register/"
     shodan-query: 'vuln:CVE-2013-4954'
-  tags: cve,wordpress,wp-plugin,pie-register,medium
+  tags: cve,wordpress,wp-plugin,pie-register,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-5672-bc1fc73bd669dca4197ffa756353cd75.yaml b/nuclei-templates/2013/CVE-2013-5672-bc1fc73bd669dca4197ffa756353cd75.yaml
index 79485560b2..6a32f10d86 100644
--- a/nuclei-templates/2013/CVE-2013-5672-bc1fc73bd669dca4197ffa756353cd75.yaml
+++ b/nuclei-templates/2013/CVE-2013-5672-bc1fc73bd669dca4197ffa756353cd75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial < 2.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an iNIC_testimonial_save_listing_template action; (3) add a widget template via an iNIC_testimonial_save_widget action; insert cross-site scripting (XSS) sequences via the (4) project_name, (5) project_url, (6) client_name, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, or (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, or (18) widget_template parameter to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/indianic-testimonial/"
     google-query: inurl:"/wp-content/plugins/indianic-testimonial/"
     shodan-query: 'vuln:CVE-2013-5672'
-  tags: cve,wordpress,wp-plugin,indianic-testimonial,high
+  tags: cve,wordpress,wp-plugin,indianic-testimonial,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-5711-eaff27608bcf6deda804f06712a1b098.yaml b/nuclei-templates/2013/CVE-2013-5711-eaff27608bcf6deda804f06712a1b098.yaml
index 672cf327d3..c1d5c4f25e 100644
--- a/nuclei-templates/2013/CVE-2013-5711-eaff27608bcf6deda804f06712a1b098.yaml
+++ b/nuclei-templates/2013/CVE-2013-5711-eaff27608bcf6deda804f06712a1b098.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Design Approval System <= 3.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin before 3.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/design-approval-system/"
     google-query: inurl:"/wp-content/plugins/design-approval-system/"
     shodan-query: 'vuln:CVE-2013-5711'
-  tags: cve,wordpress,wp-plugin,design-approval-system,medium
+  tags: cve,wordpress,wp-plugin,design-approval-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-5916-3dc139e568d48b3719f09d74e5c6ac5a.yaml b/nuclei-templates/2013/CVE-2013-5916-3dc139e568d48b3719f09d74e5c6ac5a.yaml
index db24a79758..dbed9cb117 100644
--- a/nuclei-templates/2013/CVE-2013-5916-3dc139e568d48b3719f09d74e5c6ac5a.yaml
+++ b/nuclei-templates/2013/CVE-2013-5916-3dc139e568d48b3719f09d74e5c6ac5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bradesco Gateway <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bradesco-gateway/"
     google-query: inurl:"/wp-content/plugins/bradesco-gateway/"
     shodan-query: 'vuln:CVE-2013-5916'
-  tags: cve,wordpress,wp-plugin,bradesco-gateway,medium
+  tags: cve,wordpress,wp-plugin,bradesco-gateway,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-5978-67c99f9c8f327331a1d82c5ff5d685e7.yaml b/nuclei-templates/2013/CVE-2013-5978-67c99f9c8f327331a1d82c5ff5d685e7.yaml
index 25b5d95cf7..d7494000a2 100644
--- a/nuclei-templates/2013/CVE-2013-5978-67c99f9c8f327331a1d82c5ff5d685e7.yaml
+++ b/nuclei-templates/2013/CVE-2013-5978-67c99f9c8f327331a1d82c5ff5d685e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cart66-lite/"
     google-query: inurl:"/wp-content/plugins/cart66-lite/"
     shodan-query: 'vuln:CVE-2013-5978'
-  tags: cve,wordpress,wp-plugin,cart66-lite,medium
+  tags: cve,wordpress,wp-plugin,cart66-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-5988-996209252b43de8bc510aae02fc9d00b.yaml b/nuclei-templates/2013/CVE-2013-5988-996209252b43de8bc510aae02fc9d00b.yaml
index 5714e03268..cd54d7c493 100644
--- a/nuclei-templates/2013/CVE-2013-5988-996209252b43de8bc510aae02fc9d00b.yaml
+++ b/nuclei-templates/2013/CVE-2013-5988-996209252b43de8bc510aae02fc9d00b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO <= 2.0.3 - Cross-Site Scripting via Search Parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:CVE-2013-5988'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-6280-dcf043d6af78599175beab95bc8309bb.yaml b/nuclei-templates/2013/CVE-2013-6280-dcf043d6af78599175beab95bc8309bb.yaml
index 842bec096f..86dbf3cd4c 100644
--- a/nuclei-templates/2013/CVE-2013-6280-dcf043d6af78599175beab95bc8309bb.yaml
+++ b/nuclei-templates/2013/CVE-2013-6280-dcf043d6af78599175beab95bc8309bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Sharing Toolkit < 2.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-sharing-toolkit/"
     google-query: inurl:"/wp-content/plugins/social-sharing-toolkit/"
     shodan-query: 'vuln:CVE-2013-6280'
-  tags: cve,wordpress,wp-plugin,social-sharing-toolkit,medium
+  tags: cve,wordpress,wp-plugin,social-sharing-toolkit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-6281-c9ddd0481037c81ec76638f9cdd36097.yaml b/nuclei-templates/2013/CVE-2013-6281-c9ddd0481037c81ec76638f9cdd36097.yaml
index 402b0b40b8..7d9b8aee76 100644
--- a/nuclei-templates/2013/CVE-2013-6281-c9ddd0481037c81ec76638f9cdd36097.yaml
+++ b/nuclei-templates/2013/CVE-2013-6281-c9ddd0481037c81ec76638f9cdd36097.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     dhtmlxSpreadsheet <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The dhtmlxSpreadsheet plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.0 via the 'page' parameter due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dhtmlxspreadsheet/"
     google-query: inurl:"/wp-content/plugins/dhtmlxspreadsheet/"
     shodan-query: 'vuln:CVE-2013-6281'
-  tags: cve,wordpress,wp-plugin,dhtmlxspreadsheet,medium
+  tags: cve,wordpress,wp-plugin,dhtmlxspreadsheet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-6342-b04c389a2c7db09e215c22221497896f.yaml b/nuclei-templates/2013/CVE-2013-6342-b04c389a2c7db09e215c22221497896f.yaml
index 729f682565..5db602c97f 100644
--- a/nuclei-templates/2013/CVE-2013-6342-b04c389a2c7db09e215c22221497896f.yaml
+++ b/nuclei-templates/2013/CVE-2013-6342-b04c389a2c7db09e215c22221497896f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tweet Blender <= 4.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin before 4.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tweet-blender/"
     google-query: inurl:"/wp-content/plugins/tweet-blender/"
     shodan-query: 'vuln:CVE-2013-6342'
-  tags: cve,wordpress,wp-plugin,tweet-blender,medium
+  tags: cve,wordpress,wp-plugin,tweet-blender,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-6797-683c8ae1178fe6f9d3ed4e7dea6abbfa.yaml b/nuclei-templates/2013/CVE-2013-6797-683c8ae1178fe6f9d3ed4e7dea6abbfa.yaml
index 55acbb308f..26b404662c 100644
--- a/nuclei-templates/2013/CVE-2013-6797-683c8ae1178fe6f9d3ed4e7dea6abbfa.yaml
+++ b/nuclei-templates/2013/CVE-2013-6797-683c8ae1178fe6f9d3ed4e7dea6abbfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blue Wrench Video Widget < 2.0.0 - Cross-Site Request Forgery and to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, allowing the injection of arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blue-wrench-videos-widget/"
     google-query: inurl:"/wp-content/plugins/blue-wrench-videos-widget/"
     shodan-query: 'vuln:CVE-2013-6797'
-  tags: cve,wordpress,wp-plugin,blue-wrench-videos-widget,high
+  tags: cve,wordpress,wp-plugin,blue-wrench-videos-widget,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-6837-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/2013/CVE-2013-6837-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml
index fea3717870..3eefc1a235 100644
--- a/nuclei-templates/2013/CVE-2013-6837-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml
+++ b/nuclei-templates/2013/CVE-2013-6837-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2013-6837
   metadata:
-    fofa-query: "wp-content/plugins/random-image-gallery-with-pretty-photo-zoom/"
-    google-query: inurl:"/wp-content/plugins/random-image-gallery-with-pretty-photo-zoom/"
+    fofa-query: "wp-content/plugins/mklasens-photobox/"
+    google-query: inurl:"/wp-content/plugins/mklasens-photobox/"
     shodan-query: 'vuln:CVE-2013-6837'
-  tags: cve,wordpress,wp-plugin,random-image-gallery-with-pretty-photo-zoom,medium
+  tags: cve,wordpress,wp-plugin,mklasens-photobox,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/random-image-gallery-with-pretty-photo-zoom/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/mklasens-photobox/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "random-image-gallery-with-pretty-photo-zoom"
+          - "mklasens-photobox"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 7.5')
\ No newline at end of file
+          - compare_versions(version, '<= *')
\ No newline at end of file
diff --git a/nuclei-templates/2013/CVE-2013-6991-2f795470b566b4d4e27fdf7c4b01f4e4.yaml b/nuclei-templates/2013/CVE-2013-6991-2f795470b566b4d4e27fdf7c4b01f4e4.yaml
index 2c3da6811a..122deeff9e 100644
--- a/nuclei-templates/2013/CVE-2013-6991-2f795470b566b4d4e27fdf7c4b01f4e4.yaml
+++ b/nuclei-templates/2013/CVE-2013-6991-2f795470b566b4d4e27fdf7c4b01f4e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Cron Dashboard < 1.1.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cron-dashboard/"
     google-query: inurl:"/wp-content/plugins/wp-cron-dashboard/"
     shodan-query: 'vuln:CVE-2013-6991'
-  tags: cve,wordpress,wp-plugin,wp-cron-dashboard,medium
+  tags: cve,wordpress,wp-plugin,wp-cron-dashboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-6992-3ee736065c571005f3aa44af407146c3.yaml b/nuclei-templates/2013/CVE-2013-6992-3ee736065c571005f3aa44af407146c3.yaml
index cff61b16ab..0fa3754669 100644
--- a/nuclei-templates/2013/CVE-2013-6992-3ee736065c571005f3aa44af407146c3.yaml
+++ b/nuclei-templates/2013/CVE-2013-6992-3ee736065c571005f3aa44af407146c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AskApache Firefox Adsense <= 3.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/askapache-firefox-adsense/"
     google-query: inurl:"/wp-content/plugins/askapache-firefox-adsense/"
     shodan-query: 'vuln:CVE-2013-6992'
-  tags: cve,wordpress,wp-plugin,askapache-firefox-adsense,high
+  tags: cve,wordpress,wp-plugin,askapache-firefox-adsense,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-6993-8ed4f4b4804b54524ede760d18b29fad.yaml b/nuclei-templates/2013/CVE-2013-6993-8ed4f4b4804b54524ede760d18b29fad.yaml
index fa2f8ad8b0..aee9f067cd 100644
--- a/nuclei-templates/2013/CVE-2013-6993-8ed4f4b4804b54524ede760d18b29fad.yaml
+++ b/nuclei-templates/2013/CVE-2013-6993-8ed4f4b4804b54524ede760d18b29fad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ad-minister <= 0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ad-minister plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.6 via the key parameter in a delete action to wp-admin/tools.php due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ad-minister/"
     google-query: inurl:"/wp-content/plugins/ad-minister/"
     shodan-query: 'vuln:CVE-2013-6993'
-  tags: cve,wordpress,wp-plugin,ad-minister,medium
+  tags: cve,wordpress,wp-plugin,ad-minister,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7129-e7c3ee180660fac9fead4fadabb98bef.yaml b/nuclei-templates/2013/CVE-2013-7129-e7c3ee180660fac9fead4fadabb98bef.yaml
index 1d2141360d..b9132a6a93 100644
--- a/nuclei-templates/2013/CVE-2013-7129-e7c3ee180660fac9fead4fadabb98bef.yaml
+++ b/nuclei-templates/2013/CVE-2013-7129-e7c3ee180660fac9fead4fadabb98bef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bloog <= 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Blooog-v1.1/"
     google-query: inurl:"/wp-content/themes/Blooog-v1.1/"
     shodan-query: 'vuln:CVE-2013-7129'
-  tags: cve,wordpress,wp-theme,Blooog-v1.1,medium
+  tags: cve,wordpress,wp-theme,Blooog-v1.1,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7233-23b973e4e6f56dde6b9f085e9af4fc06.yaml b/nuclei-templates/2013/CVE-2013-7233-23b973e4e6f56dde6b9f085e9af4fc06.yaml
index 23d94418ba..28a64d0679 100644
--- a/nuclei-templates/2013/CVE-2013-7233-23b973e4e6f56dde6b9f085e9af4fc06.yaml
+++ b/nuclei-templates/2013/CVE-2013-7233-23b973e4e6f56dde6b9f085e9af4fc06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 2.1 - Cross-Site Request Forgery to Denial of Service
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2013-7233
   metadata:
     shodan-query: 'vuln:CVE-2013-7233'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7276-acf04354988365754f4760bff4f381fb.yaml b/nuclei-templates/2013/CVE-2013-7276-acf04354988365754f4760bff4f381fb.yaml
index 8f5068f05c..bd12a3be36 100644
--- a/nuclei-templates/2013/CVE-2013-7276-acf04354988365754f4760bff4f381fb.yaml
+++ b/nuclei-templates/2013/CVE-2013-7276-acf04354988365754f4760bff4f381fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Recommend to a friend <= 2.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recommend-a-friend/"
     google-query: inurl:"/wp-content/plugins/recommend-a-friend/"
     shodan-query: 'vuln:CVE-2013-7276'
-  tags: cve,wordpress,wp-plugin,recommend-a-friend,medium
+  tags: cve,wordpress,wp-plugin,recommend-a-friend,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7279-b308d8dd463cbe3361a5a4c348d193ac.yaml b/nuclei-templates/2013/CVE-2013-7279-b308d8dd463cbe3361a5a4c348d193ac.yaml
index ff09b04cde..679ea216f2 100644
--- a/nuclei-templates/2013/CVE-2013-7279-b308d8dd463cbe3361a5a4c348d193ac.yaml
+++ b/nuclei-templates/2013/CVE-2013-7279-b308d8dd463cbe3361a5a4c348d193ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     S3 Video <= 0.982 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/s3-video/"
     google-query: inurl:"/wp-content/plugins/s3-video/"
     shodan-query: 'vuln:CVE-2013-7279'
-  tags: cve,wordpress,wp-plugin,s3-video,medium
+  tags: cve,wordpress,wp-plugin,s3-video,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7472-178ad27fec6356c0ff4786fef5ed9b55.yaml b/nuclei-templates/2013/CVE-2013-7472-178ad27fec6356c0ff4786fef5ed9b55.yaml
index 0b0542a9f5..83889e34ee 100644
--- a/nuclei-templates/2013/CVE-2013-7472-178ad27fec6356c0ff4786fef5ed9b55.yaml
+++ b/nuclei-templates/2013/CVE-2013-7472-178ad27fec6356c0ff4786fef5ed9b55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Count per Day < 3.2.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/count-per-day/"
     google-query: inurl:"/wp-content/plugins/count-per-day/"
     shodan-query: 'vuln:CVE-2013-7472'
-  tags: cve,wordpress,wp-plugin,count-per-day,medium
+  tags: cve,wordpress,wp-plugin,count-per-day,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7475-db0677cd0c6ea98a43e8b2ad4b143537.yaml b/nuclei-templates/2013/CVE-2013-7475-db0677cd0c6ea98a43e8b2ad4b143537.yaml
index 921f35cfd6..3a60d2c379 100644
--- a/nuclei-templates/2013/CVE-2013-7475-db0677cd0c6ea98a43e8b2ad4b143537.yaml
+++ b/nuclei-templates/2013/CVE-2013-7475-db0677cd0c6ea98a43e8b2ad4b143537.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by BestWebSoft <= 3.51 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.51 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. CVE-2013-10022 may be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-plugin/"
     google-query: inurl:"/wp-content/plugins/contact-form-plugin/"
     shodan-query: 'vuln:CVE-2013-7475'
-  tags: cve,wordpress,wp-plugin,contact-form-plugin,medium
+  tags: cve,wordpress,wp-plugin,contact-form-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7476-272ee2a329a8d2a28bce41429783dc10.yaml b/nuclei-templates/2013/CVE-2013-7476-272ee2a329a8d2a28bce41429783dc10.yaml
index 8bbfdd1f96..a5ceeb12b6 100644
--- a/nuclei-templates/2013/CVE-2013-7476-272ee2a329a8d2a28bce41429783dc10.yaml
+++ b/nuclei-templates/2013/CVE-2013-7476-272ee2a329a8d2a28bce41429783dc10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Fields < 1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-fields/"
     google-query: inurl:"/wp-content/plugins/simple-fields/"
     shodan-query: 'vuln:CVE-2013-7476'
-  tags: cve,wordpress,wp-plugin,simple-fields,high
+  tags: cve,wordpress,wp-plugin,simple-fields,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7477-eb6226c8060abd8c26fc61f24da2a61e.yaml b/nuclei-templates/2013/CVE-2013-7477-eb6226c8060abd8c26fc61f24da2a61e.yaml
index c56e60ca01..1c5e38ecb6 100644
--- a/nuclei-templates/2013/CVE-2013-7477-eb6226c8060abd8c26fc61f24da2a61e.yaml
+++ b/nuclei-templates/2013/CVE-2013-7477-eb6226c8060abd8c26fc61f24da2a61e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 5.5.1 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 5.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2013-7477'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7478-b1f45416f5a631250c26ec095bcb39a3.yaml b/nuclei-templates/2013/CVE-2013-7478-b1f45416f5a631250c26ec095bcb39a3.yaml
index e47353567e..7b42c926f9 100644
--- a/nuclei-templates/2013/CVE-2013-7478-b1f45416f5a631250c26ec095bcb39a3.yaml
+++ b/nuclei-templates/2013/CVE-2013-7478-b1f45416f5a631250c26ec095bcb39a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager < 5.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2013-7478'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7479-ad055d1685348a8fa4aef50dfdf0211f.yaml b/nuclei-templates/2013/CVE-2013-7479-ad055d1685348a8fa4aef50dfdf0211f.yaml
index 1027cce2af..a6d6287c3e 100644
--- a/nuclei-templates/2013/CVE-2013-7479-ad055d1685348a8fa4aef50dfdf0211f.yaml
+++ b/nuclei-templates/2013/CVE-2013-7479-ad055d1685348a8fa4aef50dfdf0211f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager < 5.3.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2013-7479'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7480-e976dbcc632c2ee3b143a7604910e2c0.yaml b/nuclei-templates/2013/CVE-2013-7480-e976dbcc632c2ee3b143a7604910e2c0.yaml
index 7164c1cb75..1ecc360998 100644
--- a/nuclei-templates/2013/CVE-2013-7480-e976dbcc632c2ee3b143a7604910e2c0.yaml
+++ b/nuclei-templates/2013/CVE-2013-7480-e976dbcc632c2ee3b143a7604910e2c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 5.3.6 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2013-7480'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7481-0c860e72b162cc9055e799dc4f8c2b43.yaml b/nuclei-templates/2013/CVE-2013-7481-0c860e72b162cc9055e799dc4f8c2b43.yaml
index 449fe9ae47..5ae7e32bb9 100644
--- a/nuclei-templates/2013/CVE-2013-7481-0c860e72b162cc9055e799dc4f8c2b43.yaml
+++ b/nuclei-templates/2013/CVE-2013-7481-0c860e72b162cc9055e799dc4f8c2b43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form By BestWebSoft<= 3.34 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form By BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.34 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-plugin/"
     google-query: inurl:"/wp-content/plugins/contact-form-plugin/"
     shodan-query: 'vuln:CVE-2013-7481'
-  tags: cve,wordpress,wp-plugin,contact-form-plugin,medium
+  tags: cve,wordpress,wp-plugin,contact-form-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2013/CVE-2013-7482-e4da0c9bf6d9952b4ed3e7efbc293bab.yaml b/nuclei-templates/2013/CVE-2013-7482-e4da0c9bf6d9952b4ed3e7efbc293bab.yaml
index bffebd02ff..fbcb54a327 100644
--- a/nuclei-templates/2013/CVE-2013-7482-e4da0c9bf6d9952b4ed3e7efbc293bab.yaml
+++ b/nuclei-templates/2013/CVE-2013-7482-e4da0c9bf6d9952b4ed3e7efbc293bab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ReFlex Gallery < 1.4.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The reflex-gallery plugin before 1.4.3 for WordPress has XSS via Edit Content URL field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reflex-gallery/"
     google-query: inurl:"/wp-content/plugins/reflex-gallery/"
     shodan-query: 'vuln:CVE-2013-7482'
-  tags: cve,wordpress,wp-plugin,reflex-gallery,medium
+  tags: cve,wordpress,wp-plugin,reflex-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-100001-f364089fe838821aa5875cc23a9bf280.yaml b/nuclei-templates/2014/CVE-2014-100001-f364089fe838821aa5875cc23a9bf280.yaml
index f744a4ea5d..569709c3fe 100644
--- a/nuclei-templates/2014/CVE-2014-100001-f364089fe838821aa5875cc23a9bf280.yaml
+++ b/nuclei-templates/2014/CVE-2014-100001-f364089fe838821aa5875cc23a9bf280.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Plugin LiveOptim <= 1.1.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/liveoptim/"
     google-query: inurl:"/wp-content/plugins/liveoptim/"
     shodan-query: 'vuln:CVE-2014-100001'
-  tags: cve,wordpress,wp-plugin,liveoptim,high
+  tags: cve,wordpress,wp-plugin,liveoptim,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-100007-f98ba84845d04638f96a14d587800f12.yaml b/nuclei-templates/2014/CVE-2014-100007-f98ba84845d04638f96a14d587800f12.yaml
index 614fbc398c..b07268b322 100644
--- a/nuclei-templates/2014/CVE-2014-100007-f98ba84845d04638f96a14d587800f12.yaml
+++ b/nuclei-templates/2014/CVE-2014-100007-f98ba84845d04638f96a14d587800f12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HK Exif Tags <= 1.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hk-exif-tags/"
     google-query: inurl:"/wp-content/plugins/hk-exif-tags/"
     shodan-query: 'vuln:CVE-2014-100007'
-  tags: cve,wordpress,wp-plugin,hk-exif-tags,medium
+  tags: cve,wordpress,wp-plugin,hk-exif-tags,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-100008-3be3c98bb23ebc942163786ddfe2ad5d.yaml b/nuclei-templates/2014/CVE-2014-100008-3be3c98bb23ebc942163786ddfe2ad5d.yaml
index 345929ecfa..9180f36e57 100644
--- a/nuclei-templates/2014/CVE-2014-100008-3be3c98bb23ebc942163786ddfe2ad5d.yaml
+++ b/nuclei-templates/2014/CVE-2014-100008-3be3c98bb23ebc942163786ddfe2ad5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Multi Hotel <= 2.2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-multihotel/"
     google-query: inurl:"/wp-content/plugins/js-multihotel/"
     shodan-query: 'vuln:CVE-2014-100008'
-  tags: cve,wordpress,wp-plugin,js-multihotel,medium
+  tags: cve,wordpress,wp-plugin,js-multihotel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-100016-95e54f65e6d0b56382227247b6627a71.yaml b/nuclei-templates/2014/CVE-2014-100016-95e54f65e6d0b56382227247b6627a71.yaml
index 8809b4537f..b01613d8af 100644
--- a/nuclei-templates/2014/CVE-2014-100016-95e54f65e6d0b56382227247b6627a71.yaml
+++ b/nuclei-templates/2014/CVE-2014-100016-95e54f65e6d0b56382227247b6627a71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photocrati <= 4.8.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/photocrati-theme/"
     google-query: inurl:"/wp-content/themes/photocrati-theme/"
     shodan-query: 'vuln:CVE-2014-100016'
-  tags: cve,wordpress,wp-theme,photocrati-theme,medium
+  tags: cve,wordpress,wp-theme,photocrati-theme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-100018-a24ad83ed56eb98da964ec89f37324d1.yaml b/nuclei-templates/2014/CVE-2014-100018-a24ad83ed56eb98da964ec89f37324d1.yaml
index d74531177d..97ce693778 100644
--- a/nuclei-templates/2014/CVE-2014-100018-a24ad83ed56eb98da964ec89f37324d1.yaml
+++ b/nuclei-templates/2014/CVE-2014-100018-a24ad83ed56eb98da964ec89f37324d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unconfirmed < 1.2.5 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unconfirmed/"
     google-query: inurl:"/wp-content/plugins/unconfirmed/"
     shodan-query: 'vuln:CVE-2014-100018'
-  tags: cve,wordpress,wp-plugin,unconfirmed,high
+  tags: cve,wordpress,wp-plugin,unconfirmed,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-100023-802392d669a0739410b0400626ccc124.yaml b/nuclei-templates/2014/CVE-2014-100023-802392d669a0739410b0400626ccc124.yaml
index 5721a41b9b..2a716963ad 100644
--- a/nuclei-templates/2014/CVE-2014-100023-802392d669a0739410b0400626ccc124.yaml
+++ b/nuclei-templates/2014/CVE-2014-100023-802392d669a0739410b0400626ccc124.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     mTouch Quiz < 3.0.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mtouch-quiz/"
     google-query: inurl:"/wp-content/plugins/mtouch-quiz/"
     shodan-query: 'vuln:CVE-2014-100023'
-  tags: cve,wordpress,wp-plugin,mtouch-quiz,medium
+  tags: cve,wordpress,wp-plugin,mtouch-quiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-100027-f260533813247786590cffbf5861c8f5.yaml b/nuclei-templates/2014/CVE-2014-100027-f260533813247786590cffbf5861c8f5.yaml
index 2c7c2276ec..489784ec5b 100644
--- a/nuclei-templates/2014/CVE-2014-100027-f260533813247786590cffbf5861c8f5.yaml
+++ b/nuclei-templates/2014/CVE-2014-100027-f260533813247786590cffbf5861c8f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL in versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2014-100027'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,medium
+  tags: cve,wordpress,wp-plugin,wp-slimstat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10012-fa96cc0ae3ebc5f92e1c1a93f29e6a5e.yaml b/nuclei-templates/2014/CVE-2014-10012-fa96cc0ae3ebc5f92e1c1a93f29e6a5e.yaml
index 7a25a6023d..fb941843b7 100644
--- a/nuclei-templates/2014/CVE-2014-10012-fa96cc0ae3ebc5f92e1c1a93f29e6a5e.yaml
+++ b/nuclei-templates/2014/CVE-2014-10012-fa96cc0ae3ebc5f92e1c1a93f29e6a5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 3.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/"
     google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/"
     shodan-query: 'vuln:CVE-2014-10012'
-  tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,medium
+  tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10013-f8694c41fb21641e443ef7de9264487a.yaml b/nuclei-templates/2014/CVE-2014-10013-f8694c41fb21641e443ef7de9264487a.yaml
index 122d56a255..33d88ad762 100644
--- a/nuclei-templates/2014/CVE-2014-10013-f8694c41fb21641e443ef7de9264487a.yaml
+++ b/nuclei-templates/2014/CVE-2014-10013-f8694c41fb21641e443ef7de9264487a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 3.0 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/"
     google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/"
     shodan-query: 'vuln:CVE-2014-10013'
-  tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,medium
+  tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10016-b635a88aed40383d80b165aae1551858.yaml b/nuclei-templates/2014/CVE-2014-10016-b635a88aed40383d80b165aae1551858.yaml
index c8b812d30d..5f590e9bc4 100644
--- a/nuclei-templates/2014/CVE-2014-10016-b635a88aed40383d80b165aae1551858.yaml
+++ b/nuclei-templates/2014/CVE-2014-10016-b635a88aed40383d80b165aae1551858.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 1.3.12 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_delivery_method action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2014-10016'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
+  tags: cve,wordpress,wp-plugin,usc-e-shop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10377-fe5830586f1fe4c6f5f3c3dcee633ecb.yaml b/nuclei-templates/2014/CVE-2014-10377-fe5830586f1fe4c6f5f3c3dcee633ecb.yaml
index f819b5f266..b44a79507a 100644
--- a/nuclei-templates/2014/CVE-2014-10377-fe5830586f1fe4c6f5f3c3dcee633ecb.yaml
+++ b/nuclei-templates/2014/CVE-2014-10377-fe5830586f1fe4c6f5f3c3dcee633ecb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     cformsII <= 13.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The cforms II(2) plugin before 13.2 for WordPress has XSS in lib_ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cforms2/"
     google-query: inurl:"/wp-content/plugins/cforms2/"
     shodan-query: 'vuln:CVE-2014-10377'
-  tags: cve,wordpress,wp-plugin,cforms2,medium
+  tags: cve,wordpress,wp-plugin,cforms2,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10378-4fd25d208fa1eb71c396970325cd56c1.yaml b/nuclei-templates/2014/CVE-2014-10378-4fd25d208fa1eb71c396970325cd56c1.yaml
index 4c42473b6b..bd62c9e6c5 100644
--- a/nuclei-templates/2014/CVE-2014-10378-4fd25d208fa1eb71c396970325cd56c1.yaml
+++ b/nuclei-templates/2014/CVE-2014-10378-4fd25d208fa1eb71c396970325cd56c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast Duplicate Post <= 2.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Yoast Duplicate Post plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-post/"
     google-query: inurl:"/wp-content/plugins/duplicate-post/"
     shodan-query: 'vuln:CVE-2014-10378'
-  tags: cve,wordpress,wp-plugin,duplicate-post,medium
+  tags: cve,wordpress,wp-plugin,duplicate-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10380-251b86614cf3be75bb7b89fbf426f8a3.yaml b/nuclei-templates/2014/CVE-2014-10380-251b86614cf3be75bb7b89fbf426f8a3.yaml
index d9a56316e7..25d193166c 100644
--- a/nuclei-templates/2014/CVE-2014-10380-251b86614cf3be75bb7b89fbf426f8a3.yaml
+++ b/nuclei-templates/2014/CVE-2014-10380-251b86614cf3be75bb7b89fbf426f8a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder – User Profile & User Registration Forms < 1.1.66 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder/"
     google-query: inurl:"/wp-content/plugins/profile-builder/"
     shodan-query: 'vuln:CVE-2014-10380'
-  tags: cve,wordpress,wp-plugin,profile-builder,medium
+  tags: cve,wordpress,wp-plugin,profile-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10381-3f3bfd2ca93dfdb22d963aa7b5cb0c46.yaml b/nuclei-templates/2014/CVE-2014-10381-3f3bfd2ca93dfdb22d963aa7b5cb0c46.yaml
index 7891b808a7..e1571ff0b0 100644
--- a/nuclei-templates/2014/CVE-2014-10381-3f3bfd2ca93dfdb22d963aa7b5cb0c46.yaml
+++ b/nuclei-templates/2014/CVE-2014-10381-3f3bfd2ca93dfdb22d963aa7b5cb0c46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Domain Whitelist <= 1.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The User Domain Whitelist plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,  1.4. This is due to missing or incorrect nonce validation on the displayAdminPage() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-domain-whitelist/"
     google-query: inurl:"/wp-content/plugins/user-domain-whitelist/"
     shodan-query: 'vuln:CVE-2014-10381'
-  tags: cve,wordpress,wp-plugin,user-domain-whitelist,high
+  tags: cve,wordpress,wp-plugin,user-domain-whitelist,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10382-785672d467101767144e711ae7fe2d35.yaml b/nuclei-templates/2014/CVE-2014-10382-785672d467101767144e711ae7fe2d35.yaml
index a61d4e25b6..f07a45bf05 100644
--- a/nuclei-templates/2014/CVE-2014-10382-785672d467101767144e711ae7fe2d35.yaml
+++ b/nuclei-templates/2014/CVE-2014-10382-785672d467101767144e711ae7fe2d35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Featured Comments < 1.2.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feature-comments/"
     google-query: inurl:"/wp-content/plugins/feature-comments/"
     shodan-query: 'vuln:CVE-2014-10382'
-  tags: cve,wordpress,wp-plugin,feature-comments,high
+  tags: cve,wordpress,wp-plugin,feature-comments,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10385-6a2ef437dbd84b379d13828c6767a7f7.yaml b/nuclei-templates/2014/CVE-2014-10385-6a2ef437dbd84b379d13828c6767a7f7.yaml
index 44575cb00b..d33ab084b7 100644
--- a/nuclei-templates/2014/CVE-2014-10385-6a2ef437dbd84b379d13828c6767a7f7.yaml
+++ b/nuclei-templates/2014/CVE-2014-10385-6a2ef437dbd84b379d13828c6767a7f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Memphis Documents Library <= 2.6.16 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/memphis-documents-library/"
     google-query: inurl:"/wp-content/plugins/memphis-documents-library/"
     shodan-query: 'vuln:CVE-2014-10385'
-  tags: cve,wordpress,wp-plugin,memphis-documents-library,medium
+  tags: cve,wordpress,wp-plugin,memphis-documents-library,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10392-ad9f5965c16c8246b424703d21435589.yaml b/nuclei-templates/2014/CVE-2014-10392-ad9f5965c16c8246b424703d21435589.yaml
index 40546ee614..2a041c7fb8 100644
--- a/nuclei-templates/2014/CVE-2014-10392-ad9f5965c16c8246b424703d21435589.yaml
+++ b/nuclei-templates/2014/CVE-2014-10392-ad9f5965c16c8246b424703d21435589.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cforms <= 10.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cforms plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 10.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cforms/"
     google-query: inurl:"/wp-content/plugins/cforms/"
     shodan-query: 'vuln:CVE-2014-10392'
-  tags: cve,wordpress,wp-plugin,cforms,medium
+  tags: cve,wordpress,wp-plugin,cforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10393-8e029958bdc3ff72cf62f3277afe0ddc.yaml b/nuclei-templates/2014/CVE-2014-10393-8e029958bdc3ff72cf62f3277afe0ddc.yaml
index 5ca1843523..ad7d8b4d15 100644
--- a/nuclei-templates/2014/CVE-2014-10393-8e029958bdc3ff72cf62f3277afe0ddc.yaml
+++ b/nuclei-templates/2014/CVE-2014-10393-8e029958bdc3ff72cf62f3277afe0ddc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     cformsII <= 10.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The cforms2 plugin before 10.5 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cforms/"
     google-query: inurl:"/wp-content/plugins/cforms/"
     shodan-query: 'vuln:CVE-2014-10393'
-  tags: cve,wordpress,wp-plugin,cforms,medium
+  tags: cve,wordpress,wp-plugin,cforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-10395-87b936573487d2a82b44f72e3ce646b8.yaml b/nuclei-templates/2014/CVE-2014-10395-87b936573487d2a82b44f72e3ce646b8.yaml
index f060b794b4..5de96685d4 100644
--- a/nuclei-templates/2014/CVE-2014-10395-87b936573487d2a82b44f72e3ce646b8.yaml
+++ b/nuclei-templates/2014/CVE-2014-10395-87b936573487d2a82b44f72e3ce646b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Polls CP < 1.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Polls CP plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-polls/"
     google-query: inurl:"/wp-content/plugins/cp-polls/"
     shodan-query: 'vuln:CVE-2014-10395'
-  tags: cve,wordpress,wp-plugin,cp-polls,medium
+  tags: cve,wordpress,wp-plugin,cp-polls,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-1232-93eb8e1633c7ed38fbc4ff339a075742.yaml b/nuclei-templates/2014/CVE-2014-1232-93eb8e1633c7ed38fbc4ff339a075742.yaml
index 6a57634748..7f5e7444f9 100644
--- a/nuclei-templates/2014/CVE-2014-1232-93eb8e1633c7ed38fbc4ff339a075742.yaml
+++ b/nuclei-templates/2014/CVE-2014-1232-93eb8e1633c7ed38fbc4ff339a075742.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Foliopress WYSIWYG < 2.6.8.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foliopress-wysiwyg/"
     google-query: inurl:"/wp-content/plugins/foliopress-wysiwyg/"
     shodan-query: 'vuln:CVE-2014-1232'
-  tags: cve,wordpress,wp-plugin,foliopress-wysiwyg,medium
+  tags: cve,wordpress,wp-plugin,foliopress-wysiwyg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-125091-49a01bc79b6fdfb5a76a16441b827dc7.yaml b/nuclei-templates/2014/CVE-2014-125091-49a01bc79b6fdfb5a76a16441b827dc7.yaml
index e704ad3db8..b0ebe92766 100644
--- a/nuclei-templates/2014/CVE-2014-125091-49a01bc79b6fdfb5a76a16441b827dc7.yaml
+++ b/nuclei-templates/2014/CVE-2014-125091-49a01bc79b6fdfb5a76a16441b827dc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Polls CP <= 1.0.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Polls CP plugin for WordPress is vulnerable to SQL Injection via the 'lu' parameter in all versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-polls/"
     google-query: inurl:"/wp-content/plugins/cp-polls/"
     shodan-query: 'vuln:CVE-2014-125091'
-  tags: cve,wordpress,wp-plugin,cp-polls,high
+  tags: cve,wordpress,wp-plugin,cp-polls,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-125096-d80de73f9f6546e4a52cda1c1451f11a.yaml b/nuclei-templates/2014/CVE-2014-125096-d80de73f9f6546e4a52cda1c1451f11a.yaml
index ea5b2ba388..f12a3e2d80 100644
--- a/nuclei-templates/2014/CVE-2014-125096-d80de73f9f6546e4a52cda1c1451f11a.yaml
+++ b/nuclei-templates/2014/CVE-2014-125096-d80de73f9f6546e4a52cda1c1451f11a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Manager <= 1.5.12 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘delete’ parameter in versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancy-gallery/"
     google-query: inurl:"/wp-content/plugins/fancy-gallery/"
     shodan-query: 'vuln:CVE-2014-125096'
-  tags: cve,wordpress,wp-plugin,fancy-gallery,medium
+  tags: cve,wordpress,wp-plugin,fancy-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-125099-91fc45f92059ad3dccdaddc100f38fa5.yaml b/nuclei-templates/2014/CVE-2014-125099-91fc45f92059ad3dccdaddc100f38fa5.yaml
index bf31a7acf8..7ac861969a 100644
--- a/nuclei-templates/2014/CVE-2014-125099-91fc45f92059ad3dccdaddc100f38fa5.yaml
+++ b/nuclei-templates/2014/CVE-2014-125099-91fc45f92059ad3dccdaddc100f38fa5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     I Recommend This <= 3.7.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The I Recommend This plugin for WordPress is vulnerable to SQL Injection via the 'post_type' attribute called via the plugin's shortcode in versions up to, and including, 3.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/i-recommend-this/"
     google-query: inurl:"/wp-content/plugins/i-recommend-this/"
     shodan-query: 'vuln:CVE-2014-125099'
-  tags: cve,wordpress,wp-plugin,i-recommend-this,high
+  tags: cve,wordpress,wp-plugin,i-recommend-this,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-125100-08107665cefdd5cc4f288c7614f8ef39.yaml b/nuclei-templates/2014/CVE-2014-125100-08107665cefdd5cc4f288c7614f8ef39.yaml
index 7eb25599c5..4d2a36825b 100644
--- a/nuclei-templates/2014/CVE-2014-125100-08107665cefdd5cc4f288c7614f8ef39.yaml
+++ b/nuclei-templates/2014/CVE-2014-125100-08107665cefdd5cc4f288c7614f8ef39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Job Board by BestWebSoft <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mail Subscribe List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bwsmn_form_email' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-board/"
     google-query: inurl:"/wp-content/plugins/job-board/"
     shodan-query: 'vuln:CVE-2014-125100'
-  tags: cve,wordpress,wp-plugin,job-board,medium
+  tags: cve,wordpress,wp-plugin,job-board,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-125101-8195d0fd4f0b5ac7235f16224b2dcb18.yaml b/nuclei-templates/2014/CVE-2014-125101-8195d0fd4f0b5ac7235f16224b2dcb18.yaml
index a0e1bdeee6..3f3c5395d9 100644
--- a/nuclei-templates/2014/CVE-2014-125101-8195d0fd4f0b5ac7235f16224b2dcb18.yaml
+++ b/nuclei-templates/2014/CVE-2014-125101-8195d0fd4f0b5ac7235f16224b2dcb18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Portfolio Gallery – Photo Gallery <= 1.1.8 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Portfolio Gallery – Photo Gallery for WordPress is vulnerable to SQL Injection via the 'search_events_by_title' parameter in versions up to, and including, 1.1.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/portfolio-gallery/"
     google-query: inurl:"/wp-content/plugins/portfolio-gallery/"
     shodan-query: 'vuln:CVE-2014-125101'
-  tags: cve,wordpress,wp-plugin,portfolio-gallery,high
+  tags: cve,wordpress,wp-plugin,portfolio-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-125103-d8d27a0f27f9a3ef698ef167496cc3cc.yaml b/nuclei-templates/2014/CVE-2014-125103-d8d27a0f27f9a3ef698ef167496cc3cc.yaml
index 7fe15e193a..9ff2e0c046 100644
--- a/nuclei-templates/2014/CVE-2014-125103-d8d27a0f27f9a3ef698ef167496cc3cc.yaml
+++ b/nuclei-templates/2014/CVE-2014-125103-d8d27a0f27f9a3ef698ef167496cc3cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BestWebSoft's Twitter <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  BestWebSoft's Twitter  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twitter-plugin/"
     google-query: inurl:"/wp-content/plugins/twitter-plugin/"
     shodan-query: 'vuln:CVE-2014-125103'
-  tags: cve,wordpress,wp-plugin,twitter-plugin,medium
+  tags: cve,wordpress,wp-plugin,twitter-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-125105-4673047ca29ad4630d7b8bb30f727df8.yaml b/nuclei-templates/2014/CVE-2014-125105-4673047ca29ad4630d7b8bb30f727df8.yaml
index 8874aa3fb3..7b0268bfcd 100644
--- a/nuclei-templates/2014/CVE-2014-125105-4673047ca29ad4630d7b8bb30f727df8.yaml
+++ b/nuclei-templates/2014/CVE-2014-125105-4673047ca29ad4630d7b8bb30f727df8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broken Link Checker < 1.10.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Broken Link Checker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘exclusion_list’ parameter in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/broken-link-checker/"
     google-query: inurl:"/wp-content/plugins/broken-link-checker/"
     shodan-query: 'vuln:CVE-2014-125105'
-  tags: cve,wordpress,wp-plugin,broken-link-checker,medium
+  tags: cve,wordpress,wp-plugin,broken-link-checker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-1888-c3337fb47eeb04c822819fd17c433268.yaml b/nuclei-templates/2014/CVE-2014-1888-c3337fb47eeb04c822819fd17c433268.yaml
index 9f015239c2..cb1956ac07 100644
--- a/nuclei-templates/2014/CVE-2014-1888-c3337fb47eeb04c822819fd17c433268.yaml
+++ b/nuclei-templates/2014/CVE-2014-1888-c3337fb47eeb04c822819fd17c433268.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress <= 1.9.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress/"
     google-query: inurl:"/wp-content/plugins/buddypress/"
     shodan-query: 'vuln:CVE-2014-1888'
-  tags: cve,wordpress,wp-plugin,buddypress,medium
+  tags: cve,wordpress,wp-plugin,buddypress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-1889-88c5b961644bad4c49d63ba50954d1ef.yaml b/nuclei-templates/2014/CVE-2014-1889-88c5b961644bad4c49d63ba50954d1ef.yaml
index 5ec58a85bc..95a1b0fdea 100644
--- a/nuclei-templates/2014/CVE-2014-1889-88c5b961644bad4c49d63ba50954d1ef.yaml
+++ b/nuclei-templates/2014/CVE-2014-1889-88c5b961644bad4c49d63ba50954d1ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress <= 1.9.1 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. An attacker could exploit this vulnerability to modify the name, description, avatar and settings of groups.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress/"
     google-query: inurl:"/wp-content/plugins/buddypress/"
     shodan-query: 'vuln:CVE-2014-1889'
-  tags: cve,wordpress,wp-plugin,buddypress,medium
+  tags: cve,wordpress,wp-plugin,buddypress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2040-6234c54583fe97f4b335659ad6e8c2c3.yaml b/nuclei-templates/2014/CVE-2014-2040-6234c54583fe97f4b335659ad6e8c2c3.yaml
index 5d9d0a3616..0e278b9b29 100644
--- a/nuclei-templates/2014/CVE-2014-2040-6234c54583fe97f4b335659ad6e8c2c3.yaml
+++ b/nuclei-templates/2014/CVE-2014-2040-6234c54583fe97f4b335659ad6e8c2c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media File Renamer < 1.9.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-file-renamer/"
     google-query: inurl:"/wp-content/plugins/media-file-renamer/"
     shodan-query: 'vuln:CVE-2014-2040'
-  tags: cve,wordpress,wp-plugin,media-file-renamer,medium
+  tags: cve,wordpress,wp-plugin,media-file-renamer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2274-15bbee0302a2c0acdbacef494a071dae.yaml b/nuclei-templates/2014/CVE-2014-2274-15bbee0302a2c0acdbacef494a071dae.yaml
index b83d20cb5e..1a635b36af 100644
--- a/nuclei-templates/2014/CVE-2014-2274-15bbee0302a2c0acdbacef494a071dae.yaml
+++ b/nuclei-templates/2014/CVE-2014-2274-15bbee0302a2c0acdbacef494a071dae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Subscribe To Comments Reloaded <= 140129 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/subscribe-to-comments-reloaded/"
     google-query: inurl:"/wp-content/plugins/subscribe-to-comments-reloaded/"
     shodan-query: 'vuln:CVE-2014-2274'
-  tags: cve,wordpress,wp-plugin,subscribe-to-comments-reloaded,high
+  tags: cve,wordpress,wp-plugin,subscribe-to-comments-reloaded,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2297-a2cc7daca48d70191ab86ec84c12d114.yaml b/nuclei-templates/2014/CVE-2014-2297-a2cc7daca48d70191ab86ec84c12d114.yaml
index 954c959949..2a3adedfdb 100644
--- a/nuclei-templates/2014/CVE-2014-2297-a2cc7daca48d70191ab86ec84c12d114.yaml
+++ b/nuclei-templates/2014/CVE-2014-2297-a2cc7daca48d70191ab86ec84c12d114.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.29.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/"
     google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/"
     shodan-query: 'vuln:CVE-2014-2297'
-  tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,medium
+  tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2315-60056c59f58d08c739eaa4877baa7622.yaml b/nuclei-templates/2014/CVE-2014-2315-60056c59f58d08c739eaa4877baa7622.yaml
index 57b589702a..2db25ab49c 100644
--- a/nuclei-templates/2014/CVE-2014-2315-60056c59f58d08c739eaa4877baa7622.yaml
+++ b/nuclei-templates/2014/CVE-2014-2315-60056c59f58d08c739eaa4877baa7622.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thank You Counter Button <= 1.9.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.9.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thanks-you-counter-button/"
     google-query: inurl:"/wp-content/plugins/thanks-you-counter-button/"
     shodan-query: 'vuln:CVE-2014-2315'
-  tags: cve,wordpress,wp-plugin,thanks-you-counter-button,medium
+  tags: cve,wordpress,wp-plugin,thanks-you-counter-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2333-1d3a5e954dbca93e3fee328975ccc98e.yaml b/nuclei-templates/2014/CVE-2014-2333-1d3a5e954dbca93e3fee328975ccc98e.yaml
index 4ed4c52309..027d3d3390 100644
--- a/nuclei-templates/2014/CVE-2014-2333-1d3a5e954dbca93e3fee328975ccc98e.yaml
+++ b/nuclei-templates/2014/CVE-2014-2333-1d3a5e954dbca93e3fee328975ccc98e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lazyest Gallery < 1.1.21 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lazyest-gallery/"
     google-query: inurl:"/wp-content/plugins/lazyest-gallery/"
     shodan-query: 'vuln:CVE-2014-2333'
-  tags: cve,wordpress,wp-plugin,lazyest-gallery,medium
+  tags: cve,wordpress,wp-plugin,lazyest-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2550-20729b5326c844ceb8ab014ad17df6e2.yaml b/nuclei-templates/2014/CVE-2014-2550-20729b5326c844ceb8ab014ad17df6e2.yaml
index 24f05acc8f..69870b2b15 100644
--- a/nuclei-templates/2014/CVE-2014-2550-20729b5326c844ceb8ab014ad17df6e2.yaml
+++ b/nuclei-templates/2014/CVE-2014-2550-20729b5326c844ceb8ab014ad17df6e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] < 1.0.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/disable-comments/"
     google-query: inurl:"/wp-content/plugins/disable-comments/"
     shodan-query: 'vuln:CVE-2014-2550'
-  tags: cve,wordpress,wp-plugin,disable-comments,high
+  tags: cve,wordpress,wp-plugin,disable-comments,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2558-9030229f25561b555ab5bd8cf6a1c26d.yaml b/nuclei-templates/2014/CVE-2014-2558-9030229f25561b555ab5bd8cf6a1c26d.yaml
index c6be77c7cc..135945c31e 100644
--- a/nuclei-templates/2014/CVE-2014-2558-9030229f25561b555ab5bd8cf6a1c26d.yaml
+++ b/nuclei-templates/2014/CVE-2014-2558-9030229f25561b555ab5bd8cf6a1c26d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Gallery < 1.7.9.2 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/file-gallery/"
     google-query: inurl:"/wp-content/plugins/file-gallery/"
     shodan-query: 'vuln:CVE-2014-2558'
-  tags: cve,wordpress,wp-plugin,file-gallery,high
+  tags: cve,wordpress,wp-plugin,file-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2579-d6467913a640b127b20e07c49e842d3b.yaml b/nuclei-templates/2014/CVE-2014-2579-d6467913a640b127b20e07c49e842d3b.yaml
index 337e2f1ac0..29816fb20e 100644
--- a/nuclei-templates/2014/CVE-2014-2579-d6467913a640b127b20e07c49e842d3b.yaml
+++ b/nuclei-templates/2014/CVE-2014-2579-d6467913a640b127b20e07c49e842d3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.1.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php.  NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin.  NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xcloner-backup-and-restore/"
     google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/"
     shodan-query: 'vuln:CVE-2014-2579'
-  tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,critical
+  tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2598-2b5c6ad57482cc18f3496406a2a98d3b.yaml b/nuclei-templates/2014/CVE-2014-2598-2b5c6ad57482cc18f3496406a2a98d3b.yaml
index faf95c8560..85bb716a24 100644
--- a/nuclei-templates/2014/CVE-2014-2598-2b5c6ad57482cc18f3496406a2a98d3b.yaml
+++ b/nuclei-templates/2014/CVE-2014-2598-2b5c6ad57482cc18f3496406a2a98d3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Page/Post Redirect Plugin < 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-pagepost-redirect-plugin/"
     google-query: inurl:"/wp-content/plugins/quick-pagepost-redirect-plugin/"
     shodan-query: 'vuln:CVE-2014-2598'
-  tags: cve,wordpress,wp-plugin,quick-pagepost-redirect-plugin,high
+  tags: cve,wordpress,wp-plugin,quick-pagepost-redirect-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2838-5ce9260c9b6d59d0d80e5fb0cb039b07.yaml b/nuclei-templates/2014/CVE-2014-2838-5ce9260c9b6d59d0d80e5fb0cb039b07.yaml
index 2a0fbc11d5..4f79b6cda3 100644
--- a/nuclei-templates/2014/CVE-2014-2838-5ce9260c9b6d59d0d80e5fb0cb039b07.yaml
+++ b/nuclei-templates/2014/CVE-2014-2838-5ce9260c9b6d59d0d80e5fb0cb039b07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Star Rating <= 1.9.22 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 1.9.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-star-rating/"
     google-query: inurl:"/wp-content/plugins/gd-star-rating/"
     shodan-query: 'vuln:CVE-2014-2838'
-  tags: cve,wordpress,wp-plugin,gd-star-rating,high
+  tags: cve,wordpress,wp-plugin,gd-star-rating,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2839-0b148460306247418981fb91f92502a9.yaml b/nuclei-templates/2014/CVE-2014-2839-0b148460306247418981fb91f92502a9.yaml
index 27e4b77998..d231ab74c8 100644
--- a/nuclei-templates/2014/CVE-2014-2839-0b148460306247418981fb91f92502a9.yaml
+++ b/nuclei-templates/2014/CVE-2014-2839-0b148460306247418981fb91f92502a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Star Rating <= 1.9.22 - Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in the GD Star Rating plugin 1.9.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-star-rating/"
     google-query: inurl:"/wp-content/plugins/gd-star-rating/"
     shodan-query: 'vuln:CVE-2014-2839'
-  tags: cve,wordpress,wp-plugin,gd-star-rating,high
+  tags: cve,wordpress,wp-plugin,gd-star-rating,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-2995-1280f1445230b7ae1ede9b8d16dcfe7d.yaml b/nuclei-templates/2014/CVE-2014-2995-1280f1445230b7ae1ede9b8d16dcfe7d.yaml
index 2e443311ba..76642c45e8 100644
--- a/nuclei-templates/2014/CVE-2014-2995-1280f1445230b7ae1ede9b8d16dcfe7d.yaml
+++ b/nuclei-templates/2014/CVE-2014-2995-1280f1445230b7ae1ede9b8d16dcfe7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Twitget <= 3.3.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_consumer_key parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twitget/"
     google-query: inurl:"/wp-content/plugins/twitget/"
     shodan-query: 'vuln:CVE-2014-2995'
-  tags: cve,wordpress,wp-plugin,twitget,medium
+  tags: cve,wordpress,wp-plugin,twitget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-3123-9324556ad1df2ab2ecb9b1f7e086b9b6.yaml b/nuclei-templates/2014/CVE-2014-3123-9324556ad1df2ab2ecb9b1f7e086b9b6.yaml
index 4afd803454..57eecf6073 100644
--- a/nuclei-templates/2014/CVE-2014-3123-9324556ad1df2ab2ecb9b1f7e086b9b6.yaml
+++ b/nuclei-templates/2014/CVE-2014-3123-9324556ad1df2ab2ecb9b1f7e086b9b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextCellent Gallery  < 1.9.18 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextcellent-gallery-nextgen-legacy/"
     google-query: inurl:"/wp-content/plugins/nextcellent-gallery-nextgen-legacy/"
     shodan-query: 'vuln:CVE-2014-3123'
-  tags: cve,wordpress,wp-plugin,nextcellent-gallery-nextgen-legacy,medium
+  tags: cve,wordpress,wp-plugin,nextcellent-gallery-nextgen-legacy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-3210-7983ddc66df9d17c37dd89bbc4e4f416.yaml b/nuclei-templates/2014/CVE-2014-3210-7983ddc66df9d17c37dd89bbc4e4f416.yaml
index e26dda6dcd..f940ae4fe2 100644
--- a/nuclei-templates/2014/CVE-2014-3210-7983ddc66df9d17c37dd89bbc4e4f416.yaml
+++ b/nuclei-templates/2014/CVE-2014-3210-7983ddc66df9d17c37dd89bbc4e4f416.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pinpoint Booking System – #1 WordPress Booking Plugin < 1.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-system/"
     google-query: inurl:"/wp-content/plugins/booking-system/"
     shodan-query: 'vuln:CVE-2014-3210'
-  tags: cve,wordpress,wp-plugin,booking-system,high
+  tags: cve,wordpress,wp-plugin,booking-system,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-3841-6d98c218699b93985ac97a3eec99201e.yaml b/nuclei-templates/2014/CVE-2014-3841-6d98c218699b93985ac97a3eec99201e.yaml
index dac3d11379..fe29fde935 100644
--- a/nuclei-templates/2014/CVE-2014-3841-6d98c218699b93985ac97a3eec99201e.yaml
+++ b/nuclei-templates/2014/CVE-2014-3841-6d98c218699b93985ac97a3eec99201e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Bank – Contact Form Builder for WordPress <= 2.0.19 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration.  NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-bank/"
     google-query: inurl:"/wp-content/plugins/contact-bank/"
     shodan-query: 'vuln:CVE-2014-3841'
-  tags: cve,wordpress,wp-plugin,contact-bank,medium
+  tags: cve,wordpress,wp-plugin,contact-bank,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-3842-897a0fa8ed3a14f37db420497ce08cb5.yaml b/nuclei-templates/2014/CVE-2014-3842-897a0fa8ed3a14f37db420497ce08cb5.yaml
index cae50b2d43..0166c187ae 100644
--- a/nuclei-templates/2014/CVE-2014-3842-897a0fa8ed3a14f37db420497ce08cb5.yaml
+++ b/nuclei-templates/2014/CVE-2014-3842-897a0fa8ed3a14f37db420497ce08cb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iMember360is 3.8.012 - 3.9.001 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imember360/"
     google-query: inurl:"/wp-content/plugins/imember360/"
     shodan-query: 'vuln:CVE-2014-3842'
-  tags: cve,wordpress,wp-plugin,imember360,medium
+  tags: cve,wordpress,wp-plugin,imember360,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-3844-ffaf15e9710e51e22815d7c14866275b.yaml b/nuclei-templates/2014/CVE-2014-3844-ffaf15e9710e51e22815d7c14866275b.yaml
index fe306dbb52..1eaf43b7b2 100644
--- a/nuclei-templates/2014/CVE-2014-3844-ffaf15e9710e51e22815d7c14866275b.yaml
+++ b/nuclei-templates/2014/CVE-2014-3844-ffaf15e9710e51e22815d7c14866275b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TinyMCE Color Picker <= 1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tinymce-colorpicker/"
     google-query: inurl:"/wp-content/plugins/tinymce-colorpicker/"
     shodan-query: 'vuln:CVE-2014-3844'
-  tags: cve,wordpress,wp-plugin,tinymce-colorpicker,medium
+  tags: cve,wordpress,wp-plugin,tinymce-colorpicker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-3850-3a91d6c48afcaf4ec202f8da0ad11a12.yaml b/nuclei-templates/2014/CVE-2014-3850-3a91d6c48afcaf4ec202f8da0ad11a12.yaml
index 422b777c7f..7806689664 100644
--- a/nuclei-templates/2014/CVE-2014-3850-3a91d6c48afcaf4ec202f8da0ad11a12.yaml
+++ b/nuclei-templates/2014/CVE-2014-3850-3a91d6c48afcaf4ec202f8da0ad11a12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Member Approval <= 131109 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/member-approval/"
     google-query: inurl:"/wp-content/plugins/member-approval/"
     shodan-query: 'vuln:CVE-2014-3850'
-  tags: cve,wordpress,wp-plugin,member-approval,medium
+  tags: cve,wordpress,wp-plugin,member-approval,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-3870-94f4e4e5606b83b8d91c368a5ee77e4b.yaml b/nuclei-templates/2014/CVE-2014-3870-94f4e4e5606b83b8d91c368a5ee77e4b.yaml
index 5f72d5be13..3bae6553f0 100644
--- a/nuclei-templates/2014/CVE-2014-3870-94f4e4e5606b83b8d91c368a5ee77e4b.yaml
+++ b/nuclei-templates/2014/CVE-2014-3870-94f4e4e5606b83b8d91c368a5ee77e4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     bib2html <= 0.9.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bib2html/"
     google-query: inurl:"/wp-content/plugins/bib2html/"
     shodan-query: 'vuln:CVE-2014-3870'
-  tags: cve,wordpress,wp-plugin,bib2html,medium
+  tags: cve,wordpress,wp-plugin,bib2html,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-3882-a2f350e1414d89ef0f2cdb91d69b4d0f.yaml b/nuclei-templates/2014/CVE-2014-3882-a2f350e1414d89ef0f2cdb91d69b4d0f.yaml
index 9e487014f1..dd63061c47 100644
--- a/nuclei-templates/2014/CVE-2014-3882-a2f350e1414d89ef0f2cdb91d69b4d0f.yaml
+++ b/nuclei-templates/2014/CVE-2014-3882-a2f350e1414d89ef0f2cdb91d69b4d0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login rebuilder < 1.2.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Login rebuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.2.0. This is due to missing nonce validation on the properties() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-rebuilder/"
     google-query: inurl:"/wp-content/plugins/login-rebuilder/"
     shodan-query: 'vuln:CVE-2014-3882'
-  tags: cve,wordpress,wp-plugin,login-rebuilder,high
+  tags: cve,wordpress,wp-plugin,login-rebuilder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-3903-02d6de68e2eb0c0f7215999509c086c8.yaml b/nuclei-templates/2014/CVE-2014-3903-02d6de68e2eb0c0f7215999509c086c8.yaml
index 5fbca37e0f..473cd47716 100644
--- a/nuclei-templates/2014/CVE-2014-3903-02d6de68e2eb0c0f7215999509c086c8.yaml
+++ b/nuclei-templates/2014/CVE-2014-3903-02d6de68e2eb0c0f7215999509c086c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cakifo 1.0 - 1.6.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/cakifo/"
     google-query: inurl:"/wp-content/themes/cakifo/"
     shodan-query: 'vuln:CVE-2014-3903'
-  tags: cve,wordpress,wp-theme,cakifo,medium
+  tags: cve,wordpress,wp-theme,cakifo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4017-f35417e8a6d1f5736025e50e8ca1a9dc.yaml b/nuclei-templates/2014/CVE-2014-4017-f35417e8a6d1f5736025e50e8ca1a9dc.yaml
index 810a5d79fe..fcd3b1a3c9 100644
--- a/nuclei-templates/2014/CVE-2014-4017-f35417e8a6d1f5736025e50e8ca1a9dc.yaml
+++ b/nuclei-templates/2014/CVE-2014-4017-f35417e8a6d1f5736025e50e8ca1a9dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conversion Ninja (Unspecified Version) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/conversionninja/"
     google-query: inurl:"/wp-content/plugins/conversionninja/"
     shodan-query: 'vuln:CVE-2014-4017'
-  tags: cve,wordpress,wp-plugin,conversionninja,medium
+  tags: cve,wordpress,wp-plugin,conversionninja,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4163-80de44f32a39260a4242f01334cdbfd5.yaml b/nuclei-templates/2014/CVE-2014-4163-80de44f32a39260a4242f01334cdbfd5.yaml
index b7157ae446..cd5c1227e4 100644
--- a/nuclei-templates/2014/CVE-2014-4163-80de44f32a39260a4242f01334cdbfd5.yaml
+++ b/nuclei-templates/2014/CVE-2014-4163-80de44f32a39260a4242f01334cdbfd5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Featured Comments < 1.2.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feature-comments/"
     google-query: inurl:"/wp-content/plugins/feature-comments/"
     shodan-query: 'vuln:CVE-2014-4163'
-  tags: cve,wordpress,wp-plugin,feature-comments,high
+  tags: cve,wordpress,wp-plugin,feature-comments,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4514-e94f4c2cbdc244ce8cd5d182c9382536.yaml b/nuclei-templates/2014/CVE-2014-4514-e94f4c2cbdc244ce8cd5d182c9382536.yaml
index dc5c0a50b1..07c7768134 100644
--- a/nuclei-templates/2014/CVE-2014-4514-e94f4c2cbdc244ce8cd5d182c9382536.yaml
+++ b/nuclei-templates/2014/CVE-2014-4514-e94f4c2cbdc244ce8cd5d182c9382536.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 < 3.7.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alipay/"
     google-query: inurl:"/wp-content/plugins/alipay/"
     shodan-query: 'vuln:CVE-2014-4514'
-  tags: cve,wordpress,wp-plugin,alipay,medium
+  tags: cve,wordpress,wp-plugin,alipay,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4516-4f0f10f376030e01ed907ee127ea7f81.yaml b/nuclei-templates/2014/CVE-2014-4516-4f0f10f376030e01ed907ee127ea7f81.yaml
index a4b6cd59a5..83f8bbe854 100644
--- a/nuclei-templates/2014/CVE-2014-4516-4f0f10f376030e01ed907ee127ea7f81.yaml
+++ b/nuclei-templates/2014/CVE-2014-4516-4f0f10f376030e01ed907ee127ea7f81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BIC Media Widget <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bic-media/"
     google-query: inurl:"/wp-content/plugins/bic-media/"
     shodan-query: 'vuln:CVE-2014-4516'
-  tags: cve,wordpress,wp-plugin,bic-media,medium
+  tags: cve,wordpress,wp-plugin,bic-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4517-20bdedbec4b7794610e6cc496e884cca.yaml b/nuclei-templates/2014/CVE-2014-4517-20bdedbec4b7794610e6cc496e884cca.yaml
index 4cfc7806d1..752dd017c4 100644
--- a/nuclei-templates/2014/CVE-2014-4517-20bdedbec4b7794610e6cc496e884cca.yaml
+++ b/nuclei-templates/2014/CVE-2014-4517-20bdedbec4b7794610e6cc496e884cca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CBI Referral Manager <= 1.2.1 Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cbi-referral-manager/"
     google-query: inurl:"/wp-content/plugins/cbi-referral-manager/"
     shodan-query: 'vuln:CVE-2014-4517'
-  tags: cve,wordpress,wp-plugin,cbi-referral-manager,medium
+  tags: cve,wordpress,wp-plugin,cbi-referral-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4518-96de724cebfb88ce342c3f1cd99b7f35.yaml b/nuclei-templates/2014/CVE-2014-4518-96de724cebfb88ce342c3f1cd99b7f35.yaml
index e5e7c52e8f..6241b4809c 100644
--- a/nuclei-templates/2014/CVE-2014-4518-96de724cebfb88ce342c3f1cd99b7f35.yaml
+++ b/nuclei-templates/2014/CVE-2014-4518-96de724cebfb88ce342c3f1cd99b7f35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by ContactMe.com <= 2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contactme/"
     google-query: inurl:"/wp-content/plugins/contactme/"
     shodan-query: 'vuln:CVE-2014-4518'
-  tags: cve,wordpress,wp-plugin,contactme,medium
+  tags: cve,wordpress,wp-plugin,contactme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4520-e4bec7dd7a04a9998930ce7422960fa5.yaml b/nuclei-templates/2014/CVE-2014-4520-e4bec7dd7a04a9998930ce7422960fa5.yaml
index 269bb7cbdf..4fea4e94cd 100644
--- a/nuclei-templates/2014/CVE-2014-4520-e4bec7dd7a04a9998930ce7422960fa5.yaml
+++ b/nuclei-templates/2014/CVE-2014-4520-e4bec7dd7a04a9998930ce7422960fa5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DMCA WaterMarker < 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dmca-watermarker/"
     google-query: inurl:"/wp-content/plugins/dmca-watermarker/"
     shodan-query: 'vuln:CVE-2014-4520'
-  tags: cve,wordpress,wp-plugin,dmca-watermarker,medium
+  tags: cve,wordpress,wp-plugin,dmca-watermarker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4521-d1ad636a904712d275c068316d9921ca.yaml b/nuclei-templates/2014/CVE-2014-4521-d1ad636a904712d275c068316d9921ca.yaml
index 25660163ce..91b481b2cb 100644
--- a/nuclei-templates/2014/CVE-2014-4521-d1ad636a904712d275c068316d9921ca.yaml
+++ b/nuclei-templates/2014/CVE-2014-4521-d1ad636a904712d275c068316d9921ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     dsIDXpress < 2.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dsidxpress/"
     google-query: inurl:"/wp-content/plugins/dsidxpress/"
     shodan-query: 'vuln:CVE-2014-4521'
-  tags: cve,wordpress,wp-plugin,dsidxpress,medium
+  tags: cve,wordpress,wp-plugin,dsidxpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4523-2dcf73eb82f83432e780c74c23beb2a4.yaml b/nuclei-templates/2014/CVE-2014-4523-2dcf73eb82f83432e780c74c23beb2a4.yaml
index 1edc986162..6fc20db6af 100644
--- a/nuclei-templates/2014/CVE-2014-4523-2dcf73eb82f83432e780c74c23beb2a4.yaml
+++ b/nuclei-templates/2014/CVE-2014-4523-2dcf73eb82f83432e780c74c23beb2a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Career Opening <= 0.4 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-career-openings/"
     google-query: inurl:"/wp-content/plugins/easy-career-openings/"
     shodan-query: 'vuln:CVE-2014-4523'
-  tags: cve,wordpress,wp-plugin,easy-career-openings,medium
+  tags: cve,wordpress,wp-plugin,easy-career-openings,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4524-75e8a53ab865623ebf98c15a4f6ef027.yaml b/nuclei-templates/2014/CVE-2014-4524-75e8a53ab865623ebf98c15a4f6ef027.yaml
index fa89807df1..3f708a38cd 100644
--- a/nuclei-templates/2014/CVE-2014-4524-75e8a53ab865623ebf98c15a4f6ef027.yaml
+++ b/nuclei-templates/2014/CVE-2014-4524-75e8a53ab865623ebf98c15a4f6ef027.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Easy Post Types < 1.4.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Easy Post Types plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ref' parameter found in the classes/custom-image/media.php file in versions up to 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-post-types/"
     google-query: inurl:"/wp-content/plugins/easy-post-types/"
     shodan-query: 'vuln:CVE-2014-4524'
-  tags: cve,wordpress,wp-plugin,easy-post-types,medium
+  tags: cve,wordpress,wp-plugin,easy-post-types,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4525-492078688f68b5c1a6aec5a98ed76f29.yaml b/nuclei-templates/2014/CVE-2014-4525-492078688f68b5c1a6aec5a98ed76f29.yaml
index 567a6c04a2..354a175172 100644
--- a/nuclei-templates/2014/CVE-2014-4525-492078688f68b5c1a6aec5a98ed76f29.yaml
+++ b/nuclei-templates/2014/CVE-2014-4525-492078688f68b5c1a6aec5a98ed76f29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP eBay Product Feeds < 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ebay-feeds-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/ebay-feeds-for-wordpress/"
     shodan-query: 'vuln:CVE-2014-4525'
-  tags: cve,wordpress,wp-plugin,ebay-feeds-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,ebay-feeds-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4526-e5f4c0414a585004ed1f35745c5931f6.yaml b/nuclei-templates/2014/CVE-2014-4526-e5f4c0414a585004ed1f35745c5931f6.yaml
index 2f312a4760..90f12bacc3 100644
--- a/nuclei-templates/2014/CVE-2014-4526-e5f4c0414a585004ed1f35745c5931f6.yaml
+++ b/nuclei-templates/2014/CVE-2014-4526-e5f4c0414a585004ed1f35745c5931f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     efence <= 1.3.2 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/efence/"
     google-query: inurl:"/wp-content/plugins/efence/"
     shodan-query: 'vuln:CVE-2014-4526'
-  tags: cve,wordpress,wp-plugin,efence,medium
+  tags: cve,wordpress,wp-plugin,efence,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4527-e9f65fad0edf93964d95edc6a82cf394.yaml b/nuclei-templates/2014/CVE-2014-4527-e9f65fad0edf93964d95edc6a82cf394.yaml
index 5de299e09d..54e47c2b71 100644
--- a/nuclei-templates/2014/CVE-2014-4527-e9f65fad0edf93964d95edc6a82cf394.yaml
+++ b/nuclei-templates/2014/CVE-2014-4527-e9f65fad0edf93964d95edc6a82cf394.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EnvialoSimple: Email Marketing y Newsletters < 1.98 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/"
     google-query: inurl:"/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/"
     shodan-query: 'vuln:CVE-2014-4527'
-  tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,medium
+  tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4528-26cfa8bd44fa751562e056cb1d39d345.yaml b/nuclei-templates/2014/CVE-2014-4528-26cfa8bd44fa751562e056cb1d39d345.yaml
index cc9fdfe1bd..fd8dc2be54 100644
--- a/nuclei-templates/2014/CVE-2014-4528-26cfa8bd44fa751562e056cb1d39d345.yaml
+++ b/nuclei-templates/2014/CVE-2014-4528-26cfa8bd44fa751562e056cb1d39d345.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bugs Go Viral : Facebook Promotion Generator <= 1.3.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fbpromotions/"
     google-query: inurl:"/wp-content/plugins/fbpromotions/"
     shodan-query: 'vuln:CVE-2014-4528'
-  tags: cve,wordpress,wp-plugin,fbpromotions,medium
+  tags: cve,wordpress,wp-plugin,fbpromotions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4529-b3551195333886afba6c43fd173acb65.yaml b/nuclei-templates/2014/CVE-2014-4529-b3551195333886afba6c43fd173acb65.yaml
index 4e114f47d7..86af7aefed 100644
--- a/nuclei-templates/2014/CVE-2014-4529-b3551195333886afba6c43fd173acb65.yaml
+++ b/nuclei-templates/2014/CVE-2014-4529-b3551195333886afba6c43fd173acb65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flash Photo Gallery <= 0.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flash-photo-gallery/"
     google-query: inurl:"/wp-content/plugins/flash-photo-gallery/"
     shodan-query: 'vuln:CVE-2014-4529'
-  tags: cve,wordpress,wp-plugin,flash-photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,flash-photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4530-59446fd68b7784d882498e25f909137d.yaml b/nuclei-templates/2014/CVE-2014-4530-59446fd68b7784d882498e25f909137d.yaml
index 1936ce8e85..74aa01c98e 100644
--- a/nuclei-templates/2014/CVE-2014-4530-59446fd68b7784d882498e25f909137d.yaml
+++ b/nuclei-templates/2014/CVE-2014-4530-59446fd68b7784d882498e25f909137d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flog <= 0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The flog plugin 0.1 for WordPress has XSS via the url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flog/"
     google-query: inurl:"/wp-content/plugins/flog/"
     shodan-query: 'vuln:CVE-2014-4530'
-  tags: cve,wordpress,wp-plugin,flog,medium
+  tags: cve,wordpress,wp-plugin,flog,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4532-a274fd2664073f0162156778e8dac986.yaml b/nuclei-templates/2014/CVE-2014-4532-a274fd2664073f0162156778e8dac986.yaml
index 9a7024f17d..ad612a4ab4 100644
--- a/nuclei-templates/2014/CVE-2014-4532-a274fd2664073f0162156778e8dac986.yaml
+++ b/nuclei-templates/2014/CVE-2014-4532-a274fd2664073f0162156778e8dac986.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GarageSale < 1.2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in templates/printAdminUsersList_Footer.tpl.php in the GarageSale plugin before 1.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/garagesale/"
     google-query: inurl:"/wp-content/plugins/garagesale/"
     shodan-query: 'vuln:CVE-2014-4532'
-  tags: cve,wordpress,wp-plugin,garagesale,medium
+  tags: cve,wordpress,wp-plugin,garagesale,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4535-65f707df02fc4e71880af94936e28fe7.yaml b/nuclei-templates/2014/CVE-2014-4535-65f707df02fc4e71880af94936e28fe7.yaml
index 6e18378a3e..c6b843eba3 100644
--- a/nuclei-templates/2014/CVE-2014-4535-65f707df02fc4e71880af94936e28fe7.yaml
+++ b/nuclei-templates/2014/CVE-2014-4535-65f707df02fc4e71880af94936e28fe7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import Legacy Media <= 0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-legacy-media/"
     google-query: inurl:"/wp-content/plugins/import-legacy-media/"
     shodan-query: 'vuln:CVE-2014-4535'
-  tags: cve,wordpress,wp-plugin,import-legacy-media,medium
+  tags: cve,wordpress,wp-plugin,import-legacy-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4536-8a7ecb10c894553e29bd44217c769b5a.yaml b/nuclei-templates/2014/CVE-2014-4536-8a7ecb10c894553e29bd44217c769b5a.yaml
index 1476fbe8a4..6e4665f7a5 100644
--- a/nuclei-templates/2014/CVE-2014-4536-8a7ecb10c894553e29bd44217c769b5a.yaml
+++ b/nuclei-templates/2014/CVE-2014-4536-8a7ecb10c894553e29bd44217c769b5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/infusionsoft/"
     google-query: inurl:"/wp-content/plugins/infusionsoft/"
     shodan-query: 'vuln:CVE-2014-4536'
-  tags: cve,wordpress,wp-plugin,infusionsoft,medium
+  tags: cve,wordpress,wp-plugin,infusionsoft,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4541-719947b7a1ac06fd82b24dd2b2c29f27.yaml b/nuclei-templates/2014/CVE-2014-4541-719947b7a1ac06fd82b24dd2b2c29f27.yaml
index 30fa1ed260..74f28bcae9 100644
--- a/nuclei-templates/2014/CVE-2014-4541-719947b7a1ac06fd82b24dd2b2c29f27.yaml
+++ b/nuclei-templates/2014/CVE-2014-4541-719947b7a1ac06fd82b24dd2b2c29f27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OMFG Mobile Pro <= 1.1.26 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/omfg-mobile/"
     google-query: inurl:"/wp-content/plugins/omfg-mobile/"
     shodan-query: 'vuln:CVE-2014-4541'
-  tags: cve,wordpress,wp-plugin,omfg-mobile,medium
+  tags: cve,wordpress,wp-plugin,omfg-mobile,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4543-d6f933dccde3d9cca555af3f7b970f39.yaml b/nuclei-templates/2014/CVE-2014-4543-d6f933dccde3d9cca555af3f7b970f39.yaml
index f6f36d53f2..520277d610 100644
--- a/nuclei-templates/2014/CVE-2014-4543-d6f933dccde3d9cca555af3f7b970f39.yaml
+++ b/nuclei-templates/2014/CVE-2014-4543-d6f933dccde3d9cca555af3f7b970f39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pay Per Media Player <= 1.24 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, or (10) size parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pay-per-media-player/"
     google-query: inurl:"/wp-content/plugins/pay-per-media-player/"
     shodan-query: 'vuln:CVE-2014-4543'
-  tags: cve,wordpress,wp-plugin,pay-per-media-player,medium
+  tags: cve,wordpress,wp-plugin,pay-per-media-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4544-c4998932aa42fcf89b684f69330f53ac.yaml b/nuclei-templates/2014/CVE-2014-4544-c4998932aa42fcf89b684f69330f53ac.yaml
index fe639eb4db..ffba7ba7bf 100644
--- a/nuclei-templates/2014/CVE-2014-4544-c4998932aa42fcf89b684f69330f53ac.yaml
+++ b/nuclei-templates/2014/CVE-2014-4544-c4998932aa42fcf89b684f69330f53ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podcast Channels <= 0.20 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podcast-channels/"
     google-query: inurl:"/wp-content/plugins/podcast-channels/"
     shodan-query: 'vuln:CVE-2014-4544'
-  tags: cve,wordpress,wp-plugin,podcast-channels,medium
+  tags: cve,wordpress,wp-plugin,podcast-channels,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4545-7ddce7ee421f18bacb72f14e66ea1bcb.yaml b/nuclei-templates/2014/CVE-2014-4545-7ddce7ee421f18bacb72f14e66ea1bcb.yaml
index e9b51604e7..63a2eed88d 100644
--- a/nuclei-templates/2014/CVE-2014-4545-7ddce7ee421f18bacb72f14e66ea1bcb.yaml
+++ b/nuclei-templates/2014/CVE-2014-4545-7ddce7ee421f18bacb72f14e66ea1bcb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pro Quoter Plugin <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/proquoter/"
     google-query: inurl:"/wp-content/plugins/proquoter/"
     shodan-query: 'vuln:CVE-2014-4545'
-  tags: cve,wordpress,wp-plugin,proquoter,medium
+  tags: cve,wordpress,wp-plugin,proquoter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4546-1bdd11fadd06cfdab7d4d06e095a85bd.yaml b/nuclei-templates/2014/CVE-2014-4546-1bdd11fadd06cfdab7d4d06e095a85bd.yaml
index dfa2077c47..a11e440841 100644
--- a/nuclei-templates/2014/CVE-2014-4546-1bdd11fadd06cfdab7d4d06e095a85bd.yaml
+++ b/nuclei-templates/2014/CVE-2014-4546-1bdd11fadd06cfdab7d4d06e095a85bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rezgo Online Booking < 1.4.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the response parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rezgo/"
     google-query: inurl:"/wp-content/plugins/rezgo/"
     shodan-query: 'vuln:CVE-2014-4546'
-  tags: cve,wordpress,wp-plugin,rezgo,medium
+  tags: cve,wordpress,wp-plugin,rezgo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4547-fe69a0c777f01161eb85876f2a58c68c.yaml b/nuclei-templates/2014/CVE-2014-4547-fe69a0c777f01161eb85876f2a58c68c.yaml
index df1ae11a79..d8dd513393 100644
--- a/nuclei-templates/2014/CVE-2014-4547-fe69a0c777f01161eb85876f2a58c68c.yaml
+++ b/nuclei-templates/2014/CVE-2014-4547-fe69a0c777f01161eb85876f2a58c68c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rezgo Online Booking < 1.8.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rezgo/"
     google-query: inurl:"/wp-content/plugins/rezgo/"
     shodan-query: 'vuln:CVE-2014-4547'
-  tags: cve,wordpress,wp-plugin,rezgo,medium
+  tags: cve,wordpress,wp-plugin,rezgo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4550-382f2dc0e3689fe8f1bed64d23fca41f.yaml b/nuclei-templates/2014/CVE-2014-4550-382f2dc0e3689fe8f1bed64d23fca41f.yaml
index 24833d91f5..b6f48f90f6 100644
--- a/nuclei-templates/2014/CVE-2014-4550-382f2dc0e3689fe8f1bed64d23fca41f.yaml
+++ b/nuclei-templates/2014/CVE-2014-4550-382f2dc0e3689fe8f1bed64d23fca41f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcode Ninja <= 1.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-ninja/"
     google-query: inurl:"/wp-content/plugins/shortcode-ninja/"
     shodan-query: 'vuln:CVE-2014-4550'
-  tags: cve,wordpress,wp-plugin,shortcode-ninja,medium
+  tags: cve,wordpress,wp-plugin,shortcode-ninja,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4551-4382e753da7c1d916f58a427140d32b1.yaml b/nuclei-templates/2014/CVE-2014-4551-4382e753da7c1d916f58a427140d32b1.yaml
index 272afe46e2..25c3b1aea4 100644
--- a/nuclei-templates/2014/CVE-2014-4551-4382e753da7c1d916f58a427140d32b1.yaml
+++ b/nuclei-templates/2014/CVE-2014-4551-4382e753da7c1d916f58a427140d32b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Connect <= 0.10.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in diagnostics/test.php in the Social Connect plugin 0.10.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the testing parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-connect/"
     google-query: inurl:"/wp-content/plugins/social-connect/"
     shodan-query: 'vuln:CVE-2014-4551'
-  tags: cve,wordpress,wp-plugin,social-connect,medium
+  tags: cve,wordpress,wp-plugin,social-connect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4552-a5f4f463543df4d2c732d202ef98faae.yaml b/nuclei-templates/2014/CVE-2014-4552-a5f4f463543df4d2c732d202ef98faae.yaml
index 58ec826c88..8fa9008013 100644
--- a/nuclei-templates/2014/CVE-2014-4552-a5f4f463543df4d2c732d202ef98faae.yaml
+++ b/nuclei-templates/2014/CVE-2014-4552-a5f4f463543df4d2c732d202ef98faae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spotlight <= 4.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spotlightyour/"
     google-query: inurl:"/wp-content/plugins/spotlightyour/"
     shodan-query: 'vuln:CVE-2014-4552'
-  tags: cve,wordpress,wp-plugin,spotlightyour,medium
+  tags: cve,wordpress,wp-plugin,spotlightyour,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4553-a406e3b1989f167ebfda1e3281f7073d.yaml b/nuclei-templates/2014/CVE-2014-4553-a406e3b1989f167ebfda1e3281f7073d.yaml
index 2379a8ae99..f6285d2396 100644
--- a/nuclei-templates/2014/CVE-2014-4553-a406e3b1989f167ebfda1e3281f7073d.yaml
+++ b/nuclei-templates/2014/CVE-2014-4553-a406e3b1989f167ebfda1e3281f7073d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-RSS-Spreadshirt-3DCube-Gallery <= 1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin through version 1.3 for WordPress allows remote attackers to execute arbitrary web script or HTML via url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spreadshirt-rss-3d-cube-flash-gallery/"
     google-query: inurl:"/wp-content/plugins/spreadshirt-rss-3d-cube-flash-gallery/"
     shodan-query: 'vuln:CVE-2014-4553'
-  tags: cve,wordpress,wp-plugin,spreadshirt-rss-3d-cube-flash-gallery,medium
+  tags: cve,wordpress,wp-plugin,spreadshirt-rss-3d-cube-flash-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4554-a491a4eb2f6511d2fd18eb2730601144.yaml b/nuclei-templates/2014/CVE-2014-4554-a491a4eb2f6511d2fd18eb2730601144.yaml
index a06653dcf1..0cdaa5a889 100644
--- a/nuclei-templates/2014/CVE-2014-4554-a491a4eb2f6511d2fd18eb2730601144.yaml
+++ b/nuclei-templates/2014/CVE-2014-4554-a491a4eb2f6511d2fd18eb2730601144.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SS Downloads <= 1.4.4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ss-downloads/"
     google-query: inurl:"/wp-content/plugins/ss-downloads/"
     shodan-query: 'vuln:CVE-2014-4554'
-  tags: cve,wordpress,wp-plugin,ss-downloads,medium
+  tags: cve,wordpress,wp-plugin,ss-downloads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4555-d99f0f471a2dd63c73902853b59daf4d.yaml b/nuclei-templates/2014/CVE-2014-4555-d99f0f471a2dd63c73902853b59daf4d.yaml
index e1829c5bb6..2c0c849021 100644
--- a/nuclei-templates/2014/CVE-2014-4555-d99f0f471a2dd63c73902853b59daf4d.yaml
+++ b/nuclei-templates/2014/CVE-2014-4555-d99f0f471a2dd63c73902853b59daf4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Style It <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/style-it/"
     google-query: inurl:"/wp-content/plugins/style-it/"
     shodan-query: 'vuln:CVE-2014-4555'
-  tags: cve,wordpress,wp-plugin,style-it,medium
+  tags: cve,wordpress,wp-plugin,style-it,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4556-6d412503c15b02be74462a4b525012a6.yaml b/nuclei-templates/2014/CVE-2014-4556-6d412503c15b02be74462a4b525012a6.yaml
index a3cdcd9b4a..4f150de148 100644
--- a/nuclei-templates/2014/CVE-2014-4556-6d412503c15b02be74462a4b525012a6.yaml
+++ b/nuclei-templates/2014/CVE-2014-4556-6d412503c15b02be74462a4b525012a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eShop Swipe plugin <= 3.7.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/swipe-hq-checkout-for-eshop/"
     google-query: inurl:"/wp-content/plugins/swipe-hq-checkout-for-eshop/"
     shodan-query: 'vuln:CVE-2014-4556'
-  tags: cve,wordpress,wp-plugin,swipe-hq-checkout-for-eshop,medium
+  tags: cve,wordpress,wp-plugin,swipe-hq-checkout-for-eshop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4557-9dadadc2ea66cec373bf71c20060be7b.yaml b/nuclei-templates/2014/CVE-2014-4557-9dadadc2ea66cec373bf71c20060be7b.yaml
index c8aa3955be..1058582403 100644
--- a/nuclei-templates/2014/CVE-2014-4557-9dadadc2ea66cec373bf71c20060be7b.yaml
+++ b/nuclei-templates/2014/CVE-2014-4557-9dadadc2ea66cec373bf71c20060be7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jigoshop Swipe plugin <= 3.1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for Jigoshop (swipe-hq-checkout-for-jigoshop) plugin 3.1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/swipe-hq-checkout-for-jigoshop/"
     google-query: inurl:"/wp-content/plugins/swipe-hq-checkout-for-jigoshop/"
     shodan-query: 'vuln:CVE-2014-4557'
-  tags: cve,wordpress,wp-plugin,swipe-hq-checkout-for-jigoshop,medium
+  tags: cve,wordpress,wp-plugin,swipe-hq-checkout-for-jigoshop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4559-fab645de2f6e6231ff6074be3c265848.yaml b/nuclei-templates/2014/CVE-2014-4559-fab645de2f6e6231ff6074be3c265848.yaml
index 3d4fc0408e..96f7468c2d 100644
--- a/nuclei-templates/2014/CVE-2014-4559-fab645de2f6e6231ff6074be3c265848.yaml
+++ b/nuclei-templates/2014/CVE-2014-4559-fab645de2f6e6231ff6074be3c265848.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP e-Commerce Swipe plugin <= 3.1.0 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/swipehq-payment-gateway-wp-e-commerce/"
     google-query: inurl:"/wp-content/plugins/swipehq-payment-gateway-wp-e-commerce/"
     shodan-query: 'vuln:CVE-2014-4559'
-  tags: cve,wordpress,wp-plugin,swipehq-payment-gateway-wp-e-commerce,medium
+  tags: cve,wordpress,wp-plugin,swipehq-payment-gateway-wp-e-commerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4563-2e334a9b30a8a16758bc7c2d1620372e.yaml b/nuclei-templates/2014/CVE-2014-4563-2e334a9b30a8a16758bc7c2d1620372e.yaml
index a8c73ef2e3..778a47faa5 100644
--- a/nuclei-templates/2014/CVE-2014-4563-2e334a9b30a8a16758bc7c2d1620372e.yaml
+++ b/nuclei-templates/2014/CVE-2014-4563-2e334a9b30a8a16758bc7c2d1620372e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cloak & Encrypt < 3.8.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak & Encrypt (url-cloak-encrypt) plugin < 3.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/url-cloak-encrypt/"
     google-query: inurl:"/wp-content/plugins/url-cloak-encrypt/"
     shodan-query: 'vuln:CVE-2014-4563'
-  tags: cve,wordpress,wp-plugin,url-cloak-encrypt,medium
+  tags: cve,wordpress,wp-plugin,url-cloak-encrypt,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4564-22471b3f81db400388be79d0e5d0cf32.yaml b/nuclei-templates/2014/CVE-2014-4564-22471b3f81db400388be79d0e5d0cf32.yaml
index 249629889b..8d74f4d6af 100644
--- a/nuclei-templates/2014/CVE-2014-4564-22471b3f81db400388be79d0e5d0cf32.yaml
+++ b/nuclei-templates/2014/CVE-2014-4564-22471b3f81db400388be79d0e5d0cf32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Validated <= 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/validated/"
     google-query: inurl:"/wp-content/plugins/validated/"
     shodan-query: 'vuln:CVE-2014-4564'
-  tags: cve,wordpress,wp-plugin,validated,medium
+  tags: cve,wordpress,wp-plugin,validated,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4566-011e0a807fc0a0f2b6240634cb1a2fc2.yaml b/nuclei-templates/2014/CVE-2014-4566-011e0a807fc0a0f2b6240634cb1a2fc2.yaml
index a0cef18284..6dceafc3b7 100644
--- a/nuclei-templates/2014/CVE-2014-4566-011e0a807fc0a0f2b6240634cb1a2fc2.yaml
+++ b/nuclei-templates/2014/CVE-2014-4566-011e0a807fc0a0f2b6240634cb1a2fc2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     verwei.se – WordPress – Twitter <= 1.0 2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php in the "verwei.se - WordPress - Twitter" (verweise-wordpress-twitter) plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/verweise-wordpress-twitter/"
     google-query: inurl:"/wp-content/plugins/verweise-wordpress-twitter/"
     shodan-query: 'vuln:CVE-2014-4566'
-  tags: cve,wordpress,wp-plugin,verweise-wordpress-twitter,medium
+  tags: cve,wordpress,wp-plugin,verweise-wordpress-twitter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4567-78372eee8a5b2f566eb2e73090f227ad.yaml b/nuclei-templates/2014/CVE-2014-4567-78372eee8a5b2f566eb2e73090f227ad.yaml
index 71ee61a414..cbc28dcc07 100644
--- a/nuclei-templates/2014/CVE-2014-4567-78372eee8a5b2f566eb2e73090f227ad.yaml
+++ b/nuclei-templates/2014/CVE-2014-4567-78372eee8a5b2f566eb2e73090f227ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML5 Webcam Microphone Recorder Forms < 1.55 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-comments-webcam-recorder/"
     google-query: inurl:"/wp-content/plugins/video-comments-webcam-recorder/"
     shodan-query: 'vuln:CVE-2014-4567'
-  tags: cve,wordpress,wp-plugin,video-comments-webcam-recorder,medium
+  tags: cve,wordpress,wp-plugin,video-comments-webcam-recorder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4569-e248f5c6da990a6a809a8d58910d242b.yaml b/nuclei-templates/2014/CVE-2014-4569-e248f5c6da990a6a809a8d58910d242b.yaml
index ed8f5c734c..374b03edf9 100644
--- a/nuclei-templates/2014/CVE-2014-4569-e248f5c6da990a6a809a8d58910d242b.yaml
+++ b/nuclei-templates/2014/CVE-2014-4569-e248f5c6da990a6a809a8d58910d242b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broadcast Live Video – Live Streaming < 4.27.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/"
     google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/"
     shodan-query: 'vuln:CVE-2014-4569'
-  tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,medium
+  tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4571-495d298d6c0fc5fe1a9847d638c40959.yaml b/nuclei-templates/2014/CVE-2014-4571-495d298d6c0fc5fe1a9847d638c40959.yaml
index 297d197543..a6973a83e3 100644
--- a/nuclei-templates/2014/CVE-2014-4571-495d298d6c0fc5fe1a9847d638c40959.yaml
+++ b/nuclei-templates/2014/CVE-2014-4571-495d298d6c0fc5fe1a9847d638c40959.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VN Calendar <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vn-calendar/"
     google-query: inurl:"/wp-content/plugins/vn-calendar/"
     shodan-query: 'vuln:CVE-2014-4571'
-  tags: cve,wordpress,wp-plugin,vn-calendar,medium
+  tags: cve,wordpress,wp-plugin,vn-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4574-a81e63270dce3acdb86d52d988c823c1.yaml b/nuclei-templates/2014/CVE-2014-4574-a81e63270dce3acdb86d52d988c823c1.yaml
index b5dd70b724..95c3dc8843 100644
--- a/nuclei-templates/2014/CVE-2014-4574-a81e63270dce3acdb86d52d988c823c1.yaml
+++ b/nuclei-templates/2014/CVE-2014-4574-a81e63270dce3acdb86d52d988c823c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebEngage Feedback, Survey and Notification < 2.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in resize.php in the WebEngage plugin before 2.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the height parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webengage/"
     google-query: inurl:"/wp-content/plugins/webengage/"
     shodan-query: 'vuln:CVE-2014-4574'
-  tags: cve,wordpress,wp-plugin,webengage,medium
+  tags: cve,wordpress,wp-plugin,webengage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4575-11d411cbc5ec47f84a5a874c5f4a706d.yaml b/nuclei-templates/2014/CVE-2014-4575-11d411cbc5ec47f84a5a874c5f4a706d.yaml
index a215d109dc..1c10131876 100644
--- a/nuclei-templates/2014/CVE-2014-4575-11d411cbc5ec47f84a5a874c5f4a706d.yaml
+++ b/nuclei-templates/2014/CVE-2014-4575-11d411cbc5ec47f84a5a874c5f4a706d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WikiPop <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wikipop/"
     google-query: inurl:"/wp-content/plugins/wikipop/"
     shodan-query: 'vuln:CVE-2014-4575'
-  tags: cve,wordpress,wp-plugin,wikipop,medium
+  tags: cve,wordpress,wp-plugin,wikipop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4576-e0d816c541690f9c52144ee19295acfb.yaml b/nuclei-templates/2014/CVE-2014-4576-e0d816c541690f9c52144ee19295acfb.yaml
index dfdd1573b4..e46a6169b2 100644
--- a/nuclei-templates/2014/CVE-2014-4576-e0d816c541690f9c52144ee19295acfb.yaml
+++ b/nuclei-templates/2014/CVE-2014-4576-e0d816c541690f9c52144ee19295acfb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Social Login <= 2.1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-social-login/"
     google-query: inurl:"/wp-content/plugins/wordpress-social-login/"
     shodan-query: 'vuln:CVE-2014-4576'
-  tags: cve,wordpress,wp-plugin,wordpress-social-login,medium
+  tags: cve,wordpress,wp-plugin,wordpress-social-login,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4577-5595c7f205cd9ae7c0c1e3237881d78f.yaml b/nuclei-templates/2014/CVE-2014-4577-5595c7f205cd9ae7c0c1e3237881d78f.yaml
index f2d7840fc3..85a7e962c1 100644
--- a/nuclei-templates/2014/CVE-2014-4577-5595c7f205cd9ae7c0c1e3237881d78f.yaml
+++ b/nuclei-templates/2014/CVE-2014-4577-5595c7f205cd9ae7c0c1e3237881d78f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP AmASIN – The Amazon Affiliate Shop <= 0.9.6 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/"
     google-query: inurl:"/wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/"
     shodan-query: 'vuln:CVE-2014-4577'
-  tags: cve,wordpress,wp-plugin,wp-amasin-the-amazon-affiliate-shop,high
+  tags: cve,wordpress,wp-plugin,wp-amasin-the-amazon-affiliate-shop,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4579-2d20c9ee33e7e10b4c0f0dcd5f256173.yaml b/nuclei-templates/2014/CVE-2014-4579-2d20c9ee33e7e10b4c0f0dcd5f256173.yaml
index c939d7fbf2..e58403c03c 100644
--- a/nuclei-templates/2014/CVE-2014-4579-2d20c9ee33e7e10b4c0f0dcd5f256173.yaml
+++ b/nuclei-templates/2014/CVE-2014-4579-2d20c9ee33e7e10b4c0f0dcd5f256173.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointments Scheduler <= 1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in js/test.php in the Appointments Scheduler plugin 1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-appointments-schedules/"
     google-query: inurl:"/wp-content/plugins/wp-appointments-schedules/"
     shodan-query: 'vuln:CVE-2014-4579'
-  tags: cve,wordpress,wp-plugin,wp-appointments-schedules,medium
+  tags: cve,wordpress,wp-plugin,wp-appointments-schedules,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4580-549e52f202fcfb1294c6d1e3496da00f.yaml b/nuclei-templates/2014/CVE-2014-4580-549e52f202fcfb1294c6d1e3496da00f.yaml
index ded2d4c490..aeec2ba9cf 100644
--- a/nuclei-templates/2014/CVE-2014-4580-549e52f202fcfb1294c6d1e3496da00f.yaml
+++ b/nuclei-templates/2014/CVE-2014-4580-549e52f202fcfb1294c6d1e3496da00f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP BlipBot <= 3.0.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP BlipBot for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'BlipBotID' parameter in versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-blipbot/"
     google-query: inurl:"/wp-content/plugins/wp-blipbot/"
     shodan-query: 'vuln:CVE-2014-4580'
-  tags: cve,wordpress,wp-plugin,wp-blipbot,medium
+  tags: cve,wordpress,wp-plugin,wp-blipbot,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4583-faf2b2d46d16f4cbc167cb1d3ca32849.yaml b/nuclei-templates/2014/CVE-2014-4583-faf2b2d46d16f4cbc167cb1d3ca32849.yaml
index 9ea1816c10..4cb3694f87 100644
--- a/nuclei-templates/2014/CVE-2014-4583-faf2b2d46d16f4cbc167cb1d3ca32849.yaml
+++ b/nuclei-templates/2014/CVE-2014-4583-faf2b2d46d16f4cbc167cb1d3ca32849.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Contact <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) order_direction, (3) limit_start, (4) id, or (5) order parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-contact-sidebar-widget/"
     google-query: inurl:"/wp-content/plugins/wp-contact-sidebar-widget/"
     shodan-query: 'vuln:CVE-2014-4583'
-  tags: cve,wordpress,wp-plugin,wp-contact-sidebar-widget,medium
+  tags: cve,wordpress,wp-plugin,wp-contact-sidebar-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4584-e5c5d5728e5c08ed8fa4fe79d2c3e420.yaml b/nuclei-templates/2014/CVE-2014-4584-e5c5d5728e5c08ed8fa4fe79d2c3e420.yaml
index dd8b338cc5..089e4aa499 100644
--- a/nuclei-templates/2014/CVE-2014-4584-e5c5d5728e5c08ed8fa4fe79d2c3e420.yaml
+++ b/nuclei-templates/2014/CVE-2014-4584-e5c5d5728e5c08ed8fa4fe79d2c3e420.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Easybooking <= 1.0.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easybooking/"
     google-query: inurl:"/wp-content/plugins/wp-easybooking/"
     shodan-query: 'vuln:CVE-2014-4584'
-  tags: cve,wordpress,wp-plugin,wp-easybooking,medium
+  tags: cve,wordpress,wp-plugin,wp-easybooking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4585-f4af8d356c8b91106f18b8295f1a09bd.yaml b/nuclei-templates/2014/CVE-2014-4585-f4af8d356c8b91106f18b8295f1a09bd.yaml
index 20f278c6a7..82099c6e3f 100644
--- a/nuclei-templates/2014/CVE-2014-4585-f4af8d356c8b91106f18b8295f1a09bd.yaml
+++ b/nuclei-templates/2014/CVE-2014-4585-f4af8d356c8b91106f18b8295f1a09bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Facethumb <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to index.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-facethumb/"
     google-query: inurl:"/wp-content/plugins/wp-facethumb/"
     shodan-query: 'vuln:CVE-2014-4585'
-  tags: cve,wordpress,wp-plugin,wp-facethumb,medium
+  tags: cve,wordpress,wp-plugin,wp-facethumb,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4586-40f4199a368e88456e06377e7668ed2b.yaml b/nuclei-templates/2014/CVE-2014-4586-40f4199a368e88456e06377e7668ed2b.yaml
index 20c1d3c3ab..032dc85dc1 100644
--- a/nuclei-templates/2014/CVE-2014-4586-40f4199a368e88456e06377e7668ed2b.yaml
+++ b/nuclei-templates/2014/CVE-2014-4586-40f4199a368e88456e06377e7668ed2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wp-football <= 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an "action" action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-football/"
     google-query: inurl:"/wp-content/plugins/wp-football/"
     shodan-query: 'vuln:CVE-2014-4586'
-  tags: cve,wordpress,wp-plugin,wp-football,medium
+  tags: cve,wordpress,wp-plugin,wp-football,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4587-25e2788cf757f6544d551ea3a1e2ff53.yaml b/nuclei-templates/2014/CVE-2014-4587-25e2788cf757f6544d551ea3a1e2ff53.yaml
index 7f9b078933..cc5e508603 100644
--- a/nuclei-templates/2014/CVE-2014-4587-25e2788cf757f6544d551ea3a1e2ff53.yaml
+++ b/nuclei-templates/2014/CVE-2014-4587-25e2788cf757f6544d551ea3a1e2ff53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Guestmap <= 1.8 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-guestmap/"
     google-query: inurl:"/wp-content/plugins/wp-guestmap/"
     shodan-query: 'vuln:CVE-2014-4587'
-  tags: cve,wordpress,wp-plugin,wp-guestmap,medium
+  tags: cve,wordpress,wp-plugin,wp-guestmap,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4589-cf07672d5cc5a9d43b461f631786b4cf.yaml b/nuclei-templates/2014/CVE-2014-4589-cf07672d5cc5a9d43b461f631786b4cf.yaml
index 2d5bf92a69..220da848ff 100644
--- a/nuclei-templates/2014/CVE-2014-4589-cf07672d5cc5a9d43b461f631786b4cf.yaml
+++ b/nuclei-templates/2014/CVE-2014-4589-cf07672d5cc5a9d43b461f631786b4cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Silverlight Media Player <= 0.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-media-player/"
     google-query: inurl:"/wp-content/plugins/wp-media-player/"
     shodan-query: 'vuln:CVE-2014-4589'
-  tags: cve,wordpress,wp-plugin,wp-media-player,medium
+  tags: cve,wordpress,wp-plugin,wp-media-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4593-11e0416c47cc399cafbb7b5feca59d4c.yaml b/nuclei-templates/2014/CVE-2014-4593-11e0416c47cc399cafbb7b5feca59d4c.yaml
index 2df1fb3e2e..34e60038b8 100644
--- a/nuclei-templates/2014/CVE-2014-4593-11e0416c47cc399cafbb7b5feca59d4c.yaml
+++ b/nuclei-templates/2014/CVE-2014-4593-11e0416c47cc399cafbb7b5feca59d4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Plugin Manager (wppm) <= 1.6.4.b - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wppm/"
     google-query: inurl:"/wp-content/plugins/wppm/"
     shodan-query: 'vuln:CVE-2014-4593'
-  tags: cve,wordpress,wp-plugin,wppm,medium
+  tags: cve,wordpress,wp-plugin,wppm,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4595-db7767ed937dfde97dcfb07b299497ed.yaml b/nuclei-templates/2014/CVE-2014-4595-db7767ed937dfde97dcfb07b299497ed.yaml
index 4dd1a5cb8a..de46ab0773 100644
--- a/nuclei-templates/2014/CVE-2014-4595-db7767ed937dfde97dcfb07b299497ed.yaml
+++ b/nuclei-templates/2014/CVE-2014-4595-db7767ed937dfde97dcfb07b299497ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Restful <= 0.1 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_temp or (3) oauth_callback_temp parameter to html_api_login.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-restful/"
     google-query: inurl:"/wp-content/plugins/wp-restful/"
     shodan-query: 'vuln:CVE-2014-4595'
-  tags: cve,wordpress,wp-plugin,wp-restful,medium
+  tags: cve,wordpress,wp-plugin,wp-restful,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4596-894d5909f0af3672921ffb2138091248.yaml b/nuclei-templates/2014/CVE-2014-4596-894d5909f0af3672921ffb2138091248.yaml
index dce20ceb68..4dea2fbbc0 100644
--- a/nuclei-templates/2014/CVE-2014-4596-894d5909f0af3672921ffb2138091248.yaml
+++ b/nuclei-templates/2014/CVE-2014-4596-894d5909f0af3672921ffb2138091248.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Snap App <= 1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpsnapapp/"
     google-query: inurl:"/wp-content/plugins/wpsnapapp/"
     shodan-query: 'vuln:CVE-2014-4596'
-  tags: cve,wordpress,wp-plugin,wpsnapapp,medium
+  tags: cve,wordpress,wp-plugin,wpsnapapp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4599-d9ebf3668fe7cefc2f8b63111d50df87.yaml b/nuclei-templates/2014/CVE-2014-4599-d9ebf3668fe7cefc2f8b63111d50df87.yaml
index 92308b506d..cf6bdbe903 100644
--- a/nuclei-templates/2014/CVE-2014-4599-d9ebf3668fe7cefc2f8b63111d50df87.yaml
+++ b/nuclei-templates/2014/CVE-2014-4599-d9ebf3668fe7cefc2f8b63111d50df87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Business Directory <= 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ttisbdir/"
     google-query: inurl:"/wp-content/plugins/wp-ttisbdir/"
     shodan-query: 'vuln:CVE-2014-4599'
-  tags: cve,wordpress,wp-plugin,wp-ttisbdir,medium
+  tags: cve,wordpress,wp-plugin,wp-ttisbdir,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4600-fc176b004d2c6f19188839a3973c1a4d.yaml b/nuclei-templates/2014/CVE-2014-4600-fc176b004d2c6f19188839a3973c1a4d.yaml
index 73f8bc65f0..fad7d6349f 100644
--- a/nuclei-templates/2014/CVE-2014-4600-fc176b004d2c6f19188839a3973c1a4d.yaml
+++ b/nuclei-templates/2014/CVE-2014-4600-fc176b004d2c6f19188839a3973c1a4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Ultimate Email Marketer <= 1.1.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Ultimate Email Marketer  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'listname' & 'contact' parameters in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-email-marketer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-email-marketer/"
     shodan-query: 'vuln:CVE-2014-4600'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-email-marketer,medium
+  tags: cve,wordpress,wp-plugin,wp-ultimate-email-marketer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4601-530246c3333edec963a6035638964677.yaml b/nuclei-templates/2014/CVE-2014-4601-530246c3333edec963a6035638964677.yaml
index ca16471bed..1dc7aa103b 100644
--- a/nuclei-templates/2014/CVE-2014-4601-530246c3333edec963a6035638964677.yaml
+++ b/nuclei-templates/2014/CVE-2014-4601-530246c3333edec963a6035638964677.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wu-Rating <= 1.0 12319 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the v parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wu-rating/"
     google-query: inurl:"/wp-content/plugins/wu-rating/"
     shodan-query: 'vuln:CVE-2014-4601'
-  tags: cve,wordpress,wp-plugin,wu-rating,medium
+  tags: cve,wordpress,wp-plugin,wu-rating,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4602-780fa31d43c1e72887f541f835fe2c28.yaml b/nuclei-templates/2014/CVE-2014-4602-780fa31d43c1e72887f541f835fe2c28.yaml
index 634c72ac40..7cb0a3b0be 100644
--- a/nuclei-templates/2014/CVE-2014-4602-780fa31d43c1e72887f541f835fe2c28.yaml
+++ b/nuclei-templates/2014/CVE-2014-4602-780fa31d43c1e72887f541f835fe2c28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XEN Carousel <= 0.12.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-admin.js.php in the XEN Carousel plugin 0.12.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) ajaxpath parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xen-carousel/"
     google-query: inurl:"/wp-content/plugins/xen-carousel/"
     shodan-query: 'vuln:CVE-2014-4602'
-  tags: cve,wordpress,wp-plugin,xen-carousel,medium
+  tags: cve,wordpress,wp-plugin,xen-carousel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4604-882b62316645c3c4ca02d06b90f3ba4c.yaml b/nuclei-templates/2014/CVE-2014-4604-882b62316645c3c4ca02d06b90f3ba4c.yaml
index b5082bc223..b35445b9a3 100644
--- a/nuclei-templates/2014/CVE-2014-4604-882b62316645c3c4ca02d06b90f3ba4c.yaml
+++ b/nuclei-templates/2014/CVE-2014-4604-882b62316645c3c4ca02d06b90f3ba4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Your Text Manager <= 0.3.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ytmpw parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/your-text-manager/"
     google-query: inurl:"/wp-content/plugins/your-text-manager/"
     shodan-query: 'vuln:CVE-2014-4604'
-  tags: cve,wordpress,wp-plugin,your-text-manager,medium
+  tags: cve,wordpress,wp-plugin,your-text-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4605-e5d3824dce2c042eb639b46cc57ff2d2.yaml b/nuclei-templates/2014/CVE-2014-4605-e5d3824dce2c042eb639b46cc57ff2d2.yaml
index c3efe3c1f7..b46dacfe1d 100644
--- a/nuclei-templates/2014/CVE-2014-4605-e5d3824dce2c042eb639b46cc57ff2d2.yaml
+++ b/nuclei-templates/2014/CVE-2014-4605-e5d3824dce2c042eb639b46cc57ff2d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ZdStatistics <= 2.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in cal/test.php in the ZdStatistics (zdstats) plugin 2.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zdstats/"
     google-query: inurl:"/wp-content/plugins/zdstats/"
     shodan-query: 'vuln:CVE-2014-4605'
-  tags: cve,wordpress,wp-plugin,zdstats,medium
+  tags: cve,wordpress,wp-plugin,zdstats,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4606-09e64e82ae55462158eeb5e726a22311.yaml b/nuclei-templates/2014/CVE-2014-4606-09e64e82ae55462158eeb5e726a22311.yaml
index 500ab2d32a..077802442b 100644
--- a/nuclei-templates/2014/CVE-2014-4606-09e64e82ae55462158eeb5e726a22311.yaml
+++ b/nuclei-templates/2014/CVE-2014-4606-09e64e82ae55462158eeb5e726a22311.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zeenshare <= 1.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php in the ZeenShare plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the zs_sid parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zeenshare/"
     google-query: inurl:"/wp-content/plugins/zeenshare/"
     shodan-query: 'vuln:CVE-2014-4606'
-  tags: cve,wordpress,wp-plugin,zeenshare,medium
+  tags: cve,wordpress,wp-plugin,zeenshare,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4663-b970262dad30a7d484efebc698a4fbb7.yaml b/nuclei-templates/2014/CVE-2014-4663-b970262dad30a7d484efebc698a4fbb7.yaml
index a14a6d5c23..b409e9c46a 100644
--- a/nuclei-templates/2014/CVE-2014-4663-b970262dad30a7d484efebc698a4fbb7.yaml
+++ b/nuclei-templates/2014/CVE-2014-4663-b970262dad30a7d484efebc698a4fbb7.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2014-4663
   metadata:
-    fofa-query: "wp-content/plugins/wordthumb/"
-    google-query: inurl:"/wp-content/plugins/wordthumb/"
+    fofa-query: "wp-content/plugins/timthumb/"
+    google-query: inurl:"/wp-content/plugins/timthumb/"
     shodan-query: 'vuln:CVE-2014-4663'
-  tags: cve,wordpress,wp-plugin,wordthumb,critical
+  tags: cve,wordpress,wp-plugin,timthumb,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wordthumb/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/timthumb/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wordthumb"
+          - "timthumb"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.07')
\ No newline at end of file
+          - compare_versions(version, '<= 2.8.13')
\ No newline at end of file
diff --git a/nuclei-templates/2014/CVE-2014-4717-934f2b643137558d27d763ac97da6357.yaml b/nuclei-templates/2014/CVE-2014-4717-934f2b643137558d27d763ac97da6357.yaml
index 45be76a07f..7c34be16c4 100644
--- a/nuclei-templates/2014/CVE-2014-4717-934f2b643137558d27d763ac97da6357.yaml
+++ b/nuclei-templates/2014/CVE-2014-4717-934f2b643137558d27d763ac97da6357.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Share Buttons Adder <= 4.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple Share Buttons Adder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4. This is due to missing nonce validation on simple-share-buttons-adder page. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'ssba_share_text' parameter through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-share-buttons-adder/"
     google-query: inurl:"/wp-content/plugins/simple-share-buttons-adder/"
     shodan-query: 'vuln:CVE-2014-4717'
-  tags: cve,wordpress,wp-plugin,simple-share-buttons-adder,high
+  tags: cve,wordpress,wp-plugin,simple-share-buttons-adder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4845-acb1c7356c04fc668153a6e512559aa7.yaml b/nuclei-templates/2014/CVE-2014-4845-acb1c7356c04fc668153a6e512559aa7.yaml
index 6aa5bcd455..0231a687d7 100644
--- a/nuclei-templates/2014/CVE-2014-4845-acb1c7356c04fc668153a6e512559aa7.yaml
+++ b/nuclei-templates/2014/CVE-2014-4845-acb1c7356c04fc668153a6e512559aa7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BannerMan <= 0.2.4 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bannerman/"
     google-query: inurl:"/wp-content/plugins/bannerman/"
     shodan-query: 'vuln:CVE-2014-4845'
-  tags: cve,wordpress,wp-plugin,bannerman,medium
+  tags: cve,wordpress,wp-plugin,bannerman,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4846-2c78a721f8f6bce6bce705e149277edc.yaml b/nuclei-templates/2014/CVE-2014-4846-2c78a721f8f6bce6bce705e149277edc.yaml
index beb1daccff..cad9a7816f 100644
--- a/nuclei-templates/2014/CVE-2014-4846-2c78a721f8f6bce6bce705e149277edc.yaml
+++ b/nuclei-templates/2014/CVE-2014-4846-2c78a721f8f6bce6bce705e149277edc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ml-slider/"
     google-query: inurl:"/wp-content/plugins/ml-slider/"
     shodan-query: 'vuln:CVE-2014-4846'
-  tags: cve,wordpress,wp-plugin,ml-slider,medium
+  tags: cve,wordpress,wp-plugin,ml-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4848-6ccf09aa4f6f92564c1ba185250a9b6d.yaml b/nuclei-templates/2014/CVE-2014-4848-6ccf09aa4f6f92564c1ba185250a9b6d.yaml
index bb72ba54c8..d610357cd2 100644
--- a/nuclei-templates/2014/CVE-2014-4848-6ccf09aa4f6f92564c1ba185250a9b6d.yaml
+++ b/nuclei-templates/2014/CVE-2014-4848-6ccf09aa4f6f92564c1ba185250a9b6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blogstand Banner <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Blogstand Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing nonce validation on the bs-banner page. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'bs_blog_id' parameter through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blogstand-smart-banner/"
     google-query: inurl:"/wp-content/plugins/blogstand-smart-banner/"
     shodan-query: 'vuln:CVE-2014-4848'
-  tags: cve,wordpress,wp-plugin,blogstand-smart-banner,high
+  tags: cve,wordpress,wp-plugin,blogstand-smart-banner,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4854-aadc81f29bdd98e82b479da656b5f939.yaml b/nuclei-templates/2014/CVE-2014-4854-aadc81f29bdd98e82b479da656b5f939.yaml
index a1c70bdca2..8780b1f60e 100644
--- a/nuclei-templates/2014/CVE-2014-4854-aadc81f29bdd98e82b479da656b5f939.yaml
+++ b/nuclei-templates/2014/CVE-2014-4854-aadc81f29bdd98e82b479da656b5f939.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Construction Mode <= 1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-construction-mode/"
     google-query: inurl:"/wp-content/plugins/wp-construction-mode/"
     shodan-query: 'vuln:CVE-2014-4854'
-  tags: cve,wordpress,wp-plugin,wp-construction-mode,medium
+  tags: cve,wordpress,wp-plugin,wp-construction-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4856-bc16d03e307b2f3d476c4281bda98567.yaml b/nuclei-templates/2014/CVE-2014-4856-bc16d03e307b2f3d476c4281bda98567.yaml
index b5e5a89964..6f5cd1dbd5 100644
--- a/nuclei-templates/2014/CVE-2014-4856-bc16d03e307b2f3d476c4281bda98567.yaml
+++ b/nuclei-templates/2014/CVE-2014-4856-bc16d03e307b2f3d476c4281bda98567.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crowdsignal Dashboard <= 2.0.24 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/polldaddy/"
     google-query: inurl:"/wp-content/plugins/polldaddy/"
     shodan-query: 'vuln:CVE-2014-4856'
-  tags: cve,wordpress,wp-plugin,polldaddy,medium
+  tags: cve,wordpress,wp-plugin,polldaddy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4939-84f324614693ea073f92a44e128e4cc4.yaml b/nuclei-templates/2014/CVE-2014-4939-84f324614693ea073f92a44e128e4cc4.yaml
index 703650b528..1541aab079 100644
--- a/nuclei-templates/2014/CVE-2014-4939-84f324614693ea073f92a44e128e4cc4.yaml
+++ b/nuclei-templates/2014/CVE-2014-4939-84f324614693ea073f92a44e128e4cc4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enl-newsletter/"
     google-query: inurl:"/wp-content/plugins/enl-newsletter/"
     shodan-query: 'vuln:CVE-2014-4939'
-  tags: cve,wordpress,wp-plugin,enl-newsletter,high
+  tags: cve,wordpress,wp-plugin,enl-newsletter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-4944-3a7bd82599c0011e05818b715925a7ed.yaml b/nuclei-templates/2014/CVE-2014-4944-3a7bd82599c0011e05818b715925a7ed.yaml
index e0591dd503..48f647464c 100644
--- a/nuclei-templates/2014/CVE-2014-4944-3a7bd82599c0011e05818b715925a7ed.yaml
+++ b/nuclei-templates/2014/CVE-2014-4944-3a7bd82599c0011e05818b715925a7ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BSK PDF Manager <= 1.4 - Authenticated SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bsk-pdf-manager/"
     google-query: inurl:"/wp-content/plugins/bsk-pdf-manager/"
     shodan-query: 'vuln:CVE-2014-4944'
-  tags: cve,wordpress,wp-plugin,bsk-pdf-manager,critical
+  tags: cve,wordpress,wp-plugin,bsk-pdf-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5034-48e518f6131232316ecd7bce4c25cf68.yaml b/nuclei-templates/2014/CVE-2014-5034-48e518f6131232316ecd7bce4c25cf68.yaml
index 888a284ecc..f49d28e8ed 100644
--- a/nuclei-templates/2014/CVE-2014-5034-48e518f6131232316ecd7bce4c25cf68.yaml
+++ b/nuclei-templates/2014/CVE-2014-5034-48e518f6131232316ecd7bce4c25cf68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brute Force Login Protection <= 1.5.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module up to and including 1.5.1 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brute-force-login-protection/"
     google-query: inurl:"/wp-content/plugins/brute-force-login-protection/"
     shodan-query: 'vuln:CVE-2014-5034'
-  tags: cve,wordpress,wp-plugin,brute-force-login-protection,high
+  tags: cve,wordpress,wp-plugin,brute-force-login-protection,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5072-eacb463d459e2bbbfb442e19685437c7.yaml b/nuclei-templates/2014/CVE-2014-5072-eacb463d459e2bbbfb442e19685437c7.yaml
index ddeaf23f6c..d9fd238a4b 100644
--- a/nuclei-templates/2014/CVE-2014-5072-eacb463d459e2bbbfb442e19685437c7.yaml
+++ b/nuclei-templates/2014/CVE-2014-5072-eacb463d459e2bbbfb442e19685437c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Activity Log <= 1.2.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-security-audit-log/"
     google-query: inurl:"/wp-content/plugins/wp-security-audit-log/"
     shodan-query: 'vuln:CVE-2014-5072'
-  tags: cve,wordpress,wp-plugin,wp-security-audit-log,high
+  tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5155-ef20cf055251e93d9b846f8776b699ac.yaml b/nuclei-templates/2014/CVE-2014-5155-ef20cf055251e93d9b846f8776b699ac.yaml
index 6d3f2ffd51..5b5e5dfc59 100644
--- a/nuclei-templates/2014/CVE-2014-5155-ef20cf055251e93d9b846f8776b699ac.yaml
+++ b/nuclei-templates/2014/CVE-2014-5155-ef20cf055251e93d9b846f8776b699ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme My Login <= 6.3.9 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Theme My Login plugin for WordPress is vulnerable to Local File Inclusion in versions before 6.3.10 via the login_template attribute found in the theme-my-login shortcode. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-my-login/"
     google-query: inurl:"/wp-content/plugins/theme-my-login/"
     shodan-query: 'vuln:CVE-2014-5155'
-  tags: cve,wordpress,wp-plugin,theme-my-login,high
+  tags: cve,wordpress,wp-plugin,theme-my-login,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5180-e15109a3e2bca91cb9757f33e8ccceb0.yaml b/nuclei-templates/2014/CVE-2014-5180-e15109a3e2bca91cb9757f33e8ccceb0.yaml
index 504847ad8f..1706f36832 100644
--- a/nuclei-templates/2014/CVE-2014-5180-e15109a3e2bca91cb9757f33e8ccceb0.yaml
+++ b/nuclei-templates/2014/CVE-2014-5180-e15109a3e2bca91cb9757f33e8ccceb0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HDW Player Plugin (Video Player & Video Gallery) <= 2.4.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hdw-player-video-player-video-gallery/"
     google-query: inurl:"/wp-content/plugins/hdw-player-video-player-video-gallery/"
     shodan-query: 'vuln:CVE-2014-5180'
-  tags: cve,wordpress,wp-plugin,hdw-player-video-player-video-gallery,critical
+  tags: cve,wordpress,wp-plugin,hdw-player-video-player-video-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5182-a37629b8951d8dca9eaa0034808a75be.yaml b/nuclei-templates/2014/CVE-2014-5182-a37629b8951d8dca9eaa0034808a75be.yaml
index 09b4dc80cb..edccd1d99a 100644
--- a/nuclei-templates/2014/CVE-2014-5182-a37629b8951d8dca9eaa0034808a75be.yaml
+++ b/nuclei-templates/2014/CVE-2014-5182-a37629b8951d8dca9eaa0034808a75be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YAWPP (Yet Another WordPress Petition Plugin) <= 1.2.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Multiple SQL injection vulnerabilities in the yawpp plugin 1.2.1 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yawpp/"
     google-query: inurl:"/wp-content/plugins/yawpp/"
     shodan-query: 'vuln:CVE-2014-5182'
-  tags: cve,wordpress,wp-plugin,yawpp,high
+  tags: cve,wordpress,wp-plugin,yawpp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5183-ff68da2306359b7fb7d2ec7bcba42c9a.yaml b/nuclei-templates/2014/CVE-2014-5183-ff68da2306359b7fb7d2ec7bcba42c9a.yaml
index db8d2cbefc..f8a99e46b6 100644
--- a/nuclei-templates/2014/CVE-2014-5183-ff68da2306359b7fb7d2ec7bcba42c9a.yaml
+++ b/nuclei-templates/2014/CVE-2014-5183-ff68da2306359b7fb7d2ec7bcba42c9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Retail Menus <= 4.0.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-retail-menus/"
     google-query: inurl:"/wp-content/plugins/simple-retail-menus/"
     shodan-query: 'vuln:CVE-2014-5183'
-  tags: cve,wordpress,wp-plugin,simple-retail-menus,high
+  tags: cve,wordpress,wp-plugin,simple-retail-menus,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5184-c6f782f9040ea9a039305ec1ed2ddafa.yaml b/nuclei-templates/2014/CVE-2014-5184-c6f782f9040ea9a039305ec1ed2ddafa.yaml
index 4dea09c129..ea88af11da 100644
--- a/nuclei-templates/2014/CVE-2014-5184-c6f782f9040ea9a039305ec1ed2ddafa.yaml
+++ b/nuclei-templates/2014/CVE-2014-5184-c6f782f9040ea9a039305ec1ed2ddafa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     stripShow Plugin <= 2.5.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stripshow/"
     google-query: inurl:"/wp-content/plugins/stripshow/"
     shodan-query: 'vuln:CVE-2014-5184'
-  tags: cve,wordpress,wp-plugin,stripshow,high
+  tags: cve,wordpress,wp-plugin,stripshow,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5185-1f86e582a713c3bd4333747ed30a9d68.yaml b/nuclei-templates/2014/CVE-2014-5185-1f86e582a713c3bd4333747ed30a9d68.yaml
index 297fbabd20..2261fef7ed 100644
--- a/nuclei-templates/2014/CVE-2014-5185-1f86e582a713c3bd4333747ed30a9d68.yaml
+++ b/nuclei-templates/2014/CVE-2014-5185-1f86e582a713c3bd4333747ed30a9d68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quartz <= 1.01.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quartz/"
     google-query: inurl:"/wp-content/plugins/quartz/"
     shodan-query: 'vuln:CVE-2014-5185'
-  tags: cve,wordpress,wp-plugin,quartz,high
+  tags: cve,wordpress,wp-plugin,quartz,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5186-e6b6d80807708af0a37d88bb4f8862c7.yaml b/nuclei-templates/2014/CVE-2014-5186-e6b6d80807708af0a37d88bb4f8862c7.yaml
index e1986b6642..4e9abc119c 100644
--- a/nuclei-templates/2014/CVE-2014-5186-e6b6d80807708af0a37d88bb4f8862c7.yaml
+++ b/nuclei-templates/2014/CVE-2014-5186-e6b6d80807708af0a37d88bb4f8862c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All Video Gallery Plugin for WordPress <= 1.2 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-video-gallery/"
     google-query: inurl:"/wp-content/plugins/all-video-gallery/"
     shodan-query: 'vuln:CVE-2014-5186'
-  tags: cve,wordpress,wp-plugin,all-video-gallery,high
+  tags: cve,wordpress,wp-plugin,all-video-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5190-f1dda6bcbed7eecbc2cee8a7403b412e.yaml b/nuclei-templates/2014/CVE-2014-5190-f1dda6bcbed7eecbc2cee8a7403b412e.yaml
index a7c093657c..2aebf4a46f 100644
--- a/nuclei-templates/2014/CVE-2014-5190-f1dda6bcbed7eecbc2cee8a7403b412e.yaml
+++ b/nuclei-templates/2014/CVE-2014-5190-f1dda6bcbed7eecbc2cee8a7403b412e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SI CAPTCHA Anti-Spam < 2.7.6 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/si-captcha-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/si-captcha-for-wordpress/"
     shodan-query: 'vuln:CVE-2014-5190'
-  tags: cve,wordpress,wp-plugin,si-captcha-for-wordpress,high
+  tags: cve,wordpress,wp-plugin,si-captcha-for-wordpress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5204-f22677490a8449ed9a279a27d7c29df2.yaml b/nuclei-templates/2014/CVE-2014-5204-f22677490a8449ed9a279a27d7c29df2.yaml
index b9b3be9d8a..0161b6cd12 100644
--- a/nuclei-templates/2014/CVE-2014-5204-f22677490a8449ed9a279a27d7c29df2.yaml
+++ b/nuclei-templates/2014/CVE-2014-5204-f22677490a8449ed9a279a27d7c29df2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.9.2 - Cross-Site Request Forgery Protection Bypass
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2014-5204
   metadata:
     shodan-query: 'vuln:CVE-2014-5204'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5324-6eae0900047437ffd3af67b0a999c0ce.yaml b/nuclei-templates/2014/CVE-2014-5324-6eae0900047437ffd3af67b0a999c0ce.yaml
index 731ba6e21e..c427556278 100644
--- a/nuclei-templates/2014/CVE-2014-5324-6eae0900047437ffd3af67b0a999c0ce.yaml
+++ b/nuclei-templates/2014/CVE-2014-5324-6eae0900047437ffd3af67b0a999c0ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend File Manager Plugin < 3.6 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Frontend File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _template_uploader.php file in versions up to, and including, 3.5. This makes it possible for authenticated attackers, with author-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nmedia-user-file-uploader/"
     google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/"
     shodan-query: 'vuln:CVE-2014-5324'
-  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,high
+  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5344-0c3f9f93e6c155cbea9171c4ea6c8a72.yaml b/nuclei-templates/2014/CVE-2014-5344-0c3f9f93e6c155cbea9171c4ea6c8a72.yaml
index b6232ac5eb..add2bd6653 100644
--- a/nuclei-templates/2014/CVE-2014-5344-0c3f9f93e6c155cbea9171c4ea6c8a72.yaml
+++ b/nuclei-templates/2014/CVE-2014-5344-0c3f9f93e6c155cbea9171c4ea6c8a72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps < 2.3.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mobiloud-mobile-app-plugin/"
     google-query: inurl:"/wp-content/plugins/mobiloud-mobile-app-plugin/"
     shodan-query: 'vuln:CVE-2014-5344'
-  tags: cve,wordpress,wp-plugin,mobiloud-mobile-app-plugin,medium
+  tags: cve,wordpress,wp-plugin,mobiloud-mobile-app-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5389-bdf28a131c7bd7c8afd4060cccc1802a.yaml b/nuclei-templates/2014/CVE-2014-5389-bdf28a131c7bd7c8afd4060cccc1802a.yaml
index 05a471cbbf..2d230afb59 100644
--- a/nuclei-templates/2014/CVE-2014-5389-bdf28a131c7bd7c8afd4060cccc1802a.yaml
+++ b/nuclei-templates/2014/CVE-2014-5389-bdf28a131c7bd7c8afd4060cccc1802a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Audit <= 1.6.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-audit/"
     google-query: inurl:"/wp-content/plugins/content-audit/"
     shodan-query: 'vuln:CVE-2014-5389'
-  tags: cve,wordpress,wp-plugin,content-audit,high
+  tags: cve,wordpress,wp-plugin,content-audit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-5460-5e35179f25bd306b0effea20785c4fdf.yaml b/nuclei-templates/2014/CVE-2014-5460-5e35179f25bd306b0effea20785c4fdf.yaml
index 03355c20a1..8027867d2b 100644
--- a/nuclei-templates/2014/CVE-2014-5460-5e35179f25bd306b0effea20785c4fdf.yaml
+++ b/nuclei-templates/2014/CVE-2014-5460-5e35179f25bd306b0effea20785c4fdf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow Gallery < 1.4.7 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-gallery/"
     shodan-query: 'vuln:CVE-2014-5460'
-  tags: cve,wordpress,wp-plugin,slideshow-gallery,high
+  tags: cve,wordpress,wp-plugin,slideshow-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-6242-5ac539645eb63c949c47fcaeea5bb661.yaml b/nuclei-templates/2014/CVE-2014-6242-5ac539645eb63c949c47fcaeea5bb661.yaml
index 725368afbb..d7678d06fc 100644
--- a/nuclei-templates/2014/CVE-2014-6242-5ac539645eb63c949c47fcaeea5bb661.yaml
+++ b/nuclei-templates/2014/CVE-2014-6242-5ac539645eb63c949c47fcaeea5bb661.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One WP Security & Firewall <= 3.8.2 - Authenticated Access or Cross-Site Request Forgery leading to SQL Injection via orderby, order Parameters
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php.  NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/"
     shodan-query: 'vuln:CVE-2014-6242'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-6315-85912756aaaf6a5c4da322cb7b750dd5.yaml b/nuclei-templates/2014/CVE-2014-6315-85912756aaaf6a5c4da322cb7b750dd5.yaml
index 99942368dc..a46b783768 100644
--- a/nuclei-templates/2014/CVE-2014-6315-85912756aaaf6a5c4da322cb7b750dd5.yaml
+++ b/nuclei-templates/2014/CVE-2014-6315-85912756aaaf6a5c4da322cb7b750dd5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.1.30 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: low
+  severity: medium
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2014-6315'
-  tags: cve,wordpress,wp-plugin,photo-gallery,low
+  tags: cve,wordpress,wp-plugin,photo-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-6604-8402c61711992f819817934b35ca7a98.yaml b/nuclei-templates/2014/CVE-2014-6604-8402c61711992f819817934b35ca7a98.yaml
index 1921f38711..52c39a095a 100644
--- a/nuclei-templates/2014/CVE-2014-6604-8402c61711992f819817934b35ca7a98.yaml
+++ b/nuclei-templates/2014/CVE-2014-6604-8402c61711992f819817934b35ca7a98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Subscribe2 – Form, Email Subscribers & Newsletters <= 10.15 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REMOTE_ADDR  value in versions up to, and including, 10.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber, or higher privileges access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/subscribe2/"
     google-query: inurl:"/wp-content/plugins/subscribe2/"
     shodan-query: 'vuln:CVE-2014-6604'
-  tags: cve,wordpress,wp-plugin,subscribe2,medium
+  tags: cve,wordpress,wp-plugin,subscribe2,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-7139-b47f4196237e18a984049178586c33fe.yaml b/nuclei-templates/2014/CVE-2014-7139-b47f4196237e18a984049178586c33fe.yaml
index 08096228d5..0c2a417129 100644
--- a/nuclei-templates/2014/CVE-2014-7139-b47f4196237e18a984049178586c33fe.yaml
+++ b/nuclei-templates/2014/CVE-2014-7139-b47f4196237e18a984049178586c33fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form DB <= 2.8.19 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.20 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php. A partial patch was released in version 2.8.16 but the problem was not fully resolved until 2.8.20.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7-to-database-extension/"
     google-query: inurl:"/wp-content/plugins/contact-form-7-to-database-extension/"
     shodan-query: 'vuln:CVE-2014-7139'
-  tags: cve,wordpress,wp-plugin,contact-form-7-to-database-extension,medium
+  tags: cve,wordpress,wp-plugin,contact-form-7-to-database-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-7151-0943806ea17e69fbad3f9008b6d8edaf.yaml b/nuclei-templates/2014/CVE-2014-7151-0943806ea17e69fbad3f9008b6d8edaf.yaml
index 53e5db55b3..9d546a1892 100644
--- a/nuclei-templates/2014/CVE-2014-7151-0943806ea17e69fbad3f9008b6d8edaf.yaml
+++ b/nuclei-templates/2014/CVE-2014-7151-0943806ea17e69fbad3f9008b6d8edaf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms Lite – WordPress Contact Form builder < 3.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the x-forms-express plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/x-forms-express/"
     google-query: inurl:"/wp-content/plugins/x-forms-express/"
     shodan-query: 'vuln:CVE-2014-7151'
-  tags: cve,wordpress,wp-plugin,x-forms-express,medium
+  tags: cve,wordpress,wp-plugin,x-forms-express,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-7153-1b866013a286b8267be128b4354cf380.yaml b/nuclei-templates/2014/CVE-2014-7153-1b866013a286b8267be128b4354cf380.yaml
index a0a8fd1d12..3c0f35534d 100644
--- a/nuclei-templates/2014/CVE-2014-7153-1b866013a286b8267be128b4354cf380.yaml
+++ b/nuclei-templates/2014/CVE-2014-7153-1b866013a286b8267be128b4354cf380.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Gallery - Responsive Photo Gallery <= 1.0.7 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin <= 1.0.7 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-images/"
     google-query: inurl:"/wp-content/plugins/gallery-images/"
     shodan-query: 'vuln:CVE-2014-7153'
-  tags: cve,wordpress,wp-plugin,gallery-images,high
+  tags: cve,wordpress,wp-plugin,gallery-images,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-7240-ec82173ebd40f930fa2890b83a9358a8.yaml b/nuclei-templates/2014/CVE-2014-7240-ec82173ebd40f930fa2890b83a9358a8.yaml
index 41e7ebf0b7..096a1d776e 100644
--- a/nuclei-templates/2014/CVE-2014-7240-ec82173ebd40f930fa2890b83a9358a8.yaml
+++ b/nuclei-templates/2014/CVE-2014-7240-ec82173ebd40f930fa2890b83a9358a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Contact Form Solution <= 1.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-contact-form-solution/"
     google-query: inurl:"/wp-content/plugins/easy-contact-form-solution/"
     shodan-query: 'vuln:CVE-2014-7240'
-  tags: cve,wordpress,wp-plugin,easy-contact-form-solution,medium
+  tags: cve,wordpress,wp-plugin,easy-contact-form-solution,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-7956-a7d43e65e4e3ff48ff1d77822c4c9c14.yaml b/nuclei-templates/2014/CVE-2014-7956-a7d43e65e4e3ff48ff1d77822c4c9c14.yaml
index 882063fe49..3b611f9a2e 100644
--- a/nuclei-templates/2014/CVE-2014-7956-a7d43e65e4e3ff48ff1d77822c4c9c14.yaml
+++ b/nuclei-templates/2014/CVE-2014-7956-a7d43e65e4e3ff48ff1d77822c4c9c14.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pods <= 2.4.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pods/"
     google-query: inurl:"/wp-content/plugins/pods/"
     shodan-query: 'vuln:CVE-2014-7956'
-  tags: cve,wordpress,wp-plugin,pods,medium
+  tags: cve,wordpress,wp-plugin,pods,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-7957-fc1ea9d8e61023700e49f1688ac8b5c8.yaml b/nuclei-templates/2014/CVE-2014-7957-fc1ea9d8e61023700e49f1688ac8b5c8.yaml
index 1ba3bda702..d1b5974192 100644
--- a/nuclei-templates/2014/CVE-2014-7957-fc1ea9d8e61023700e49f1688ac8b5c8.yaml
+++ b/nuclei-templates/2014/CVE-2014-7957-fc1ea9d8e61023700e49f1688ac8b5c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pods <= 2.4.3 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable "roles and capabilities" in a toggle action in the pods-components page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pods/"
     google-query: inurl:"/wp-content/plugins/pods/"
     shodan-query: 'vuln:CVE-2014-7957'
-  tags: cve,wordpress,wp-plugin,pods,critical
+  tags: cve,wordpress,wp-plugin,pods,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-7958-2269359ddd46edefa6d111262722719c.yaml b/nuclei-templates/2014/CVE-2014-7958-2269359ddd46edefa6d111262722719c.yaml
index 250ff738a1..ad40e4d5de 100644
--- a/nuclei-templates/2014/CVE-2014-7958-2269359ddd46edefa6d111262722719c.yaml
+++ b/nuclei-templates/2014/CVE-2014-7958-2269359ddd46edefa6d111262722719c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BulletProof Security < .51.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     CVE-2014-7958: Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletproof-security/"
     google-query: inurl:"/wp-content/plugins/bulletproof-security/"
     shodan-query: 'vuln:CVE-2014-7958'
-  tags: cve,wordpress,wp-plugin,bulletproof-security,medium
+  tags: cve,wordpress,wp-plugin,bulletproof-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-7959-80f01f8956a520ccda68d02885c8eaae.yaml b/nuclei-templates/2014/CVE-2014-7959-80f01f8956a520ccda68d02885c8eaae.yaml
index 61c0f2dac8..5c69b98b07 100644
--- a/nuclei-templates/2014/CVE-2014-7959-80f01f8956a520ccda68d02885c8eaae.yaml
+++ b/nuclei-templates/2014/CVE-2014-7959-80f01f8956a520ccda68d02885c8eaae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BulletProof Security < .51.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletproof-security/"
     google-query: inurl:"/wp-content/plugins/bulletproof-security/"
     shodan-query: 'vuln:CVE-2014-7959'
-  tags: cve,wordpress,wp-plugin,bulletproof-security,high
+  tags: cve,wordpress,wp-plugin,bulletproof-security,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8087-a2564828601d8890d4d70eda1fefb7d7.yaml b/nuclei-templates/2014/CVE-2014-8087-a2564828601d8890d4d70eda1fefb7d7.yaml
index 562a4902ab..ccf3a544fe 100644
--- a/nuclei-templates/2014/CVE-2014-8087-a2564828601d8890d4d70eda1fefb7d7.yaml
+++ b/nuclei-templates/2014/CVE-2014-8087-a2564828601d8890d4d70eda1fefb7d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     post highlights 2.0 - 2.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the post highlights plugin versions 2.0 through 2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-highlights/"
     google-query: inurl:"/wp-content/plugins/post-highlights/"
     shodan-query: 'vuln:CVE-2014-8087'
-  tags: cve,wordpress,wp-plugin,post-highlights,medium
+  tags: cve,wordpress,wp-plugin,post-highlights,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8364-ee3866229b628cfe3699728232f7f492.yaml b/nuclei-templates/2014/CVE-2014-8364-ee3866229b628cfe3699728232f7f492.yaml
index 1dc0af8a2c..9e8d3fb9cd 100644
--- a/nuclei-templates/2014/CVE-2014-8364-ee3866229b628cfe3699728232f7f492.yaml
+++ b/nuclei-templates/2014/CVE-2014-8364-ee3866229b628cfe3699728232f7f492.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Spreadsheet (wpSS) <= 0.62 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpSS/"
     google-query: inurl:"/wp-content/plugins/wpSS/"
     shodan-query: 'vuln:CVE-2014-8364'
-  tags: cve,wordpress,wp-plugin,wpSS,medium
+  tags: cve,wordpress,wp-plugin,wpSS,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8375-5951232c0f20a63b311a79c589b973af.yaml b/nuclei-templates/2014/CVE-2014-8375-5951232c0f20a63b311a79c589b973af.yaml
index 5f1b8bc23a..ad102a345c 100644
--- a/nuclei-templates/2014/CVE-2014-8375-5951232c0f20a63b311a79c589b973af.yaml
+++ b/nuclei-templates/2014/CVE-2014-8375-5951232c0f20a63b311a79c589b973af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GB Gallery Slideshow <= 1.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gb-gallery-slideshow/"
     google-query: inurl:"/wp-content/plugins/gb-gallery-slideshow/"
     shodan-query: 'vuln:CVE-2014-8375'
-  tags: cve,wordpress,wp-plugin,gb-gallery-slideshow,high
+  tags: cve,wordpress,wp-plugin,gb-gallery-slideshow,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8584-ece1da78596879174efa10393f34846c.yaml b/nuclei-templates/2014/CVE-2014-8584-ece1da78596879174efa10393f34846c.yaml
index 6f7f2eda5a..389ab37a5f 100644
--- a/nuclei-templates/2014/CVE-2014-8584-ece1da78596879174efa10393f34846c.yaml
+++ b/nuclei-templates/2014/CVE-2014-8584-ece1da78596879174efa10393f34846c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SpiderVPlayer <= 1.5.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/player/"
     google-query: inurl:"/wp-content/plugins/player/"
     shodan-query: 'vuln:CVE-2014-8584'
-  tags: cve,wordpress,wp-plugin,player,medium
+  tags: cve,wordpress,wp-plugin,player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8603-1c3b4e53e5b3379877d01d32e9f8b494.yaml b/nuclei-templates/2014/CVE-2014-8603-1c3b4e53e5b3379877d01d32e9f8b494.yaml
index 0e99045d42..b57921c905 100644
--- a/nuclei-templates/2014/CVE-2014-8603-1c3b4e53e5b3379877d01d32e9f8b494.yaml
+++ b/nuclei-templates/2014/CVE-2014-8603-1c3b4e53e5b3379877d01d32e9f8b494.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG['tarcompress'], (5) $_CONFIG['filename'], (6) $_CONFIG['exfile_tar'], (7) $_CONFIG[sqldump], (8) $_CONFIG['mysql_host'], (9) $_CONFIG['mysql_pass'], (10) $_CONFIG['mysql_user'], (11) $database_name, or (12) $sqlfile variable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xcloner-backup-and-restore/"
     google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/"
     shodan-query: 'vuln:CVE-2014-8603'
-  tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,high
+  tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8724-656dd25ede0c1a0fb3db612c85cade65.yaml b/nuclei-templates/2014/CVE-2014-8724-656dd25ede0c1a0fb3db612c85cade65.yaml
index 6b3e0e53d3..f616d07685 100644
--- a/nuclei-templates/2014/CVE-2014-8724-656dd25ede0c1a0fb3db612c85cade65.yaml
+++ b/nuclei-templates/2014/CVE-2014-8724-656dd25ede0c1a0fb3db612c85cade65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     W3 Total Cache <= 0.9.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w3-total-cache/"
     google-query: inurl:"/wp-content/plugins/w3-total-cache/"
     shodan-query: 'vuln:CVE-2014-8724'
-  tags: cve,wordpress,wp-plugin,w3-total-cache,medium
+  tags: cve,wordpress,wp-plugin,w3-total-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8809-320ea2b9c0bedd9f6c8b24cfa2e671a3.yaml b/nuclei-templates/2014/CVE-2014-8809-320ea2b9c0bedd9f6c8b24cfa2e671a3.yaml
index 8156d4c903..7f57834e61 100644
--- a/nuclei-templates/2014/CVE-2014-8809-320ea2b9c0bedd9f6c8b24cfa2e671a3.yaml
+++ b/nuclei-templates/2014/CVE-2014-8809-320ea2b9c0bedd9f6c8b24cfa2e671a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Symposium <= 14.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-symposium/"
     google-query: inurl:"/wp-content/plugins/wp-symposium/"
     shodan-query: 'vuln:CVE-2014-8809'
-  tags: cve,wordpress,wp-plugin,wp-symposium,medium
+  tags: cve,wordpress,wp-plugin,wp-symposium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8810-491436cd325d5b03202c1b421dcad671.yaml b/nuclei-templates/2014/CVE-2014-8810-491436cd325d5b03202c1b421dcad671.yaml
index a86551ce70..b1ac209ae3 100644
--- a/nuclei-templates/2014/CVE-2014-8810-491436cd325d5b03202c1b421dcad671.yaml
+++ b/nuclei-templates/2014/CVE-2014-8810-491436cd325d5b03202c1b421dcad671.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Symposium < 14.11 - Authenticated SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-symposium/"
     google-query: inurl:"/wp-content/plugins/wp-symposium/"
     shodan-query: 'vuln:CVE-2014-8810'
-  tags: cve,wordpress,wp-plugin,wp-symposium,critical
+  tags: cve,wordpress,wp-plugin,wp-symposium,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8948-c40ba36e2109a35c573b2639a4d72291.yaml b/nuclei-templates/2014/CVE-2014-8948-c40ba36e2109a35c573b2639a4d72291.yaml
index ba80fe0212..82f21b57dd 100644
--- a/nuclei-templates/2014/CVE-2014-8948-c40ba36e2109a35c573b2639a4d72291.yaml
+++ b/nuclei-templates/2014/CVE-2014-8948-c40ba36e2109a35c573b2639a4d72291.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iMember360 3.8.0.12 - 3.9.001 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter.  NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imember360/"
     google-query: inurl:"/wp-content/plugins/imember360/"
     shodan-query: 'vuln:CVE-2014-8948'
-  tags: cve,wordpress,wp-plugin,imember360,high
+  tags: cve,wordpress,wp-plugin,imember360,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8949-0cbcc4f1288df0ee24dd7a2993f69c51.yaml b/nuclei-templates/2014/CVE-2014-8949-0cbcc4f1288df0ee24dd7a2993f69c51.yaml
index 85b58ad238..711bd81dc9 100644
--- a/nuclei-templates/2014/CVE-2014-8949-0cbcc4f1288df0ee24dd7a2993f69c51.yaml
+++ b/nuclei-templates/2014/CVE-2014-8949-0cbcc4f1288df0ee24dd7a2993f69c51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iMember360 3.8.012 - 3.9.001 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter.  NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code.  NOTE: it is not clear whether this issue itself crosses privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imember360/"
     google-query: inurl:"/wp-content/plugins/imember360/"
     shodan-query: 'vuln:CVE-2014-8949'
-  tags: cve,wordpress,wp-plugin,imember360,high
+  tags: cve,wordpress,wp-plugin,imember360,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-8955-f5690c4ae22224ef33491e3a8f293f4d.yaml b/nuclei-templates/2014/CVE-2014-8955-f5690c4ae22224ef33491e3a8f293f4d.yaml
index ab09324afa..abae0ed344 100644
--- a/nuclei-templates/2014/CVE-2014-8955-f5690c4ae22224ef33491e3a8f293f4d.yaml
+++ b/nuclei-templates/2014/CVE-2014-8955-f5690c4ae22224ef33491e3a8f293f4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Clean and Simple < 4.4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/"
     google-query: inurl:"/wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/"
     shodan-query: 'vuln:CVE-2014-8955'
-  tags: cve,wordpress,wp-plugin,clean-and-simple-contact-form-by-meg-nicholas,medium
+  tags: cve,wordpress,wp-plugin,clean-and-simple-contact-form-by-meg-nicholas,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9031-c4855e013484cc5dd3a682addca483bd.yaml b/nuclei-templates/2014/CVE-2014-9031-c4855e013484cc5dd3a682addca483bd.yaml
index 04cbd9cbe7..baba438586 100644
--- a/nuclei-templates/2014/CVE-2014-9031-c4855e013484cc5dd3a682addca483bd.yaml
+++ b/nuclei-templates/2014/CVE-2014-9031-c4855e013484cc5dd3a682addca483bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.0.1 - Cross-Site Scripting via Shortcode Brackets
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2014-9031
   metadata:
     shodan-query: 'vuln:CVE-2014-9031'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9033-263b6b337d75675e2802e70806ebeca8.yaml b/nuclei-templates/2014/CVE-2014-9033-263b6b337d75675e2802e70806ebeca8.yaml
index 1a85323169..5e13f62d3b 100644
--- a/nuclei-templates/2014/CVE-2014-9033-263b6b337d75675e2802e70806ebeca8.yaml
+++ b/nuclei-templates/2014/CVE-2014-9033-263b6b337d75675e2802e70806ebeca8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.0.1 - Cross-Site Request Forgery to Authentication Takeover
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2014-9033
   metadata:
     shodan-query: 'vuln:CVE-2014-9033'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9035-440665cc216f121193f817a3884e395e.yaml b/nuclei-templates/2014/CVE-2014-9035-440665cc216f121193f817a3884e395e.yaml
index 7dcb252ce2..d3f71c4fb2 100644
--- a/nuclei-templates/2014/CVE-2014-9035-440665cc216f121193f817a3884e395e.yaml
+++ b/nuclei-templates/2014/CVE-2014-9035-440665cc216f121193f817a3884e395e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2014-9035
   metadata:
     shodan-query: 'vuln:CVE-2014-9035'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9036-8a33514ce48c43037c771803b9a985c1.yaml b/nuclei-templates/2014/CVE-2014-9036-8a33514ce48c43037c771803b9a985c1.yaml
index d623aee298..11b09231c4 100644
--- a/nuclei-templates/2014/CVE-2014-9036-8a33514ce48c43037c771803b9a985c1.yaml
+++ b/nuclei-templates/2014/CVE-2014-9036-8a33514ce48c43037c771803b9a985c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.0.1 - Cross-Site Scripting via CSS
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2014-9036
   metadata:
     shodan-query: 'vuln:CVE-2014-9036'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9039-f4126d8b538ac1453cb97c3958cf463e.yaml b/nuclei-templates/2014/CVE-2014-9039-f4126d8b538ac1453cb97c3958cf463e.yaml
index 60e3e26bed..44b89252c8 100644
--- a/nuclei-templates/2014/CVE-2014-9039-f4126d8b538ac1453cb97c3958cf463e.yaml
+++ b/nuclei-templates/2014/CVE-2014-9039-f4126d8b538ac1453cb97c3958cf463e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.0.1 Cross-Site Request Forgery to Password Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2014-9039
   metadata:
     shodan-query: 'vuln:CVE-2014-9039'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9094-415af7715839a7a4186f1ea1fe3682a1.yaml b/nuclei-templates/2014/CVE-2014-9094-415af7715839a7a4186f1ea1fe3682a1.yaml
index 430eb93156..4ed76d71d1 100644
--- a/nuclei-templates/2014/CVE-2014-9094-415af7715839a7a4186f1ea1fe3682a1.yaml
+++ b/nuclei-templates/2014/CVE-2014-9094-415af7715839a7a4186f1ea1fe3682a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DZS Video Gallery < 7.95 -  Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dzs-videogallery/"
     google-query: inurl:"/wp-content/plugins/dzs-videogallery/"
     shodan-query: 'vuln:CVE-2014-9094'
-  tags: cve,wordpress,wp-plugin,dzs-videogallery,medium
+  tags: cve,wordpress,wp-plugin,dzs-videogallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9098-5a110fd311341876d97192705d1ff40f.yaml b/nuclei-templates/2014/CVE-2014-9098-5a110fd311341876d97192705d1ff40f.yaml
index 343c79ce8c..634814e709 100644
--- a/nuclei-templates/2014/CVE-2014-9098-5a110fd311341876d97192705d1ff40f.yaml
+++ b/nuclei-templates/2014/CVE-2014-9098-5a110fd311341876d97192705d1ff40f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WORDPRESS VIDEO GALLERY <= 2.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contus-video-gallery/"
     google-query: inurl:"/wp-content/plugins/contus-video-gallery/"
     shodan-query: 'vuln:CVE-2014-9098'
-  tags: cve,wordpress,wp-plugin,contus-video-gallery,medium
+  tags: cve,wordpress,wp-plugin,contus-video-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9099-13ab8a3f776049bebae928b8bd527987.yaml b/nuclei-templates/2014/CVE-2014-9099-13ab8a3f776049bebae928b8bd527987.yaml
index 032597bc1a..7248725e4e 100644
--- a/nuclei-templates/2014/CVE-2014-9099-13ab8a3f776049bebae928b8bd527987.yaml
+++ b/nuclei-templates/2014/CVE-2014-9099-13ab8a3f776049bebae928b8bd527987.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WhyDoWork AdSense <= 1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/whydowork-adsense/"
     google-query: inurl:"/wp-content/plugins/whydowork-adsense/"
     shodan-query: 'vuln:CVE-2014-9099'
-  tags: cve,wordpress,wp-plugin,whydowork-adsense,high
+  tags: cve,wordpress,wp-plugin,whydowork-adsense,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9174-d4b13be2a36ff961aada7107a748559a.yaml b/nuclei-templates/2014/CVE-2014-9174-d4b13be2a36ff961aada7107a748559a.yaml
index 5ed9003231..610d33fa88 100644
--- a/nuclei-templates/2014/CVE-2014-9174-d4b13be2a36ff961aada7107a748559a.yaml
+++ b/nuclei-templates/2014/CVE-2014-9174-d4b13be2a36ff961aada7107a748559a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: low
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" (manual_ua_code_field) field in the General Settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/"
     shodan-query: 'vuln:CVE-2014-9174'
-  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,low
+  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9176-be25df600efc2e679e203dcc1fd3ddd8.yaml b/nuclei-templates/2014/CVE-2014-9176-be25df600efc2e679e203dcc1fd3ddd8.yaml
index d33dc47214..033397e6a8 100644
--- a/nuclei-templates/2014/CVE-2014-9176-be25df600efc2e679e203dcc1fd3ddd8.yaml
+++ b/nuclei-templates/2014/CVE-2014-9176-be25df600efc2e679e203dcc1fd3ddd8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     InstaSqueeze Sexy Squeeze Pages (All Known Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The InstaSqueeze Sexy Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter to lp/index.php in all known versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instasqueeze/"
     google-query: inurl:"/wp-content/plugins/instasqueeze/"
     shodan-query: 'vuln:CVE-2014-9176'
-  tags: cve,wordpress,wp-plugin,instasqueeze,medium
+  tags: cve,wordpress,wp-plugin,instasqueeze,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9179-2008dfadd96c77e37701fc89701d0b2f.yaml b/nuclei-templates/2014/CVE-2014-9179-2008dfadd96c77e37701fc89701d0b2f.yaml
index bc71a65ed1..ddfd05644c 100644
--- a/nuclei-templates/2014/CVE-2014-9179-2008dfadd96c77e37701fc89701d0b2f.yaml
+++ b/nuclei-templates/2014/CVE-2014-9179-2008dfadd96c77e37701fc89701d0b2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SupportEzzy Ticket System Plugin <= 1.2.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportezzy/"
     google-query: inurl:"/wp-content/plugins/supportezzy/"
     shodan-query: 'vuln:CVE-2014-9179'
-  tags: cve,wordpress,wp-plugin,supportezzy,medium
+  tags: cve,wordpress,wp-plugin,supportezzy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9260-07b6f9539cc79b55c833c05dca993fdb.yaml b/nuclei-templates/2014/CVE-2014-9260-07b6f9539cc79b55c833c05dca993fdb.yaml
index 54a47a4b5c..765719be59 100644
--- a/nuclei-templates/2014/CVE-2014-9260-07b6f9539cc79b55c833c05dca993fdb.yaml
+++ b/nuclei-templates/2014/CVE-2014-9260-07b6f9539cc79b55c833c05dca993fdb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2014-9260'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9305-73c7b664803cc72f6ed74c19b2560471.yaml b/nuclei-templates/2014/CVE-2014-9305-73c7b664803cc72f6ed74c19b2560471.yaml
index 274bea14af..3ad74d1c04 100644
--- a/nuclei-templates/2014/CVE-2014-9305-73c7b664803cc72f6ed74c19b2560471.yaml
+++ b/nuclei-templates/2014/CVE-2014-9305-73c7b664803cc72f6ed74c19b2560471.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cart66 Lite :: WordPress Ecommerce < 1.5.2 -  SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cart66-lite/"
     google-query: inurl:"/wp-content/plugins/cart66-lite/"
     shodan-query: 'vuln:CVE-2014-9305'
-  tags: cve,wordpress,wp-plugin,cart66-lite,high
+  tags: cve,wordpress,wp-plugin,cart66-lite,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9308-039f1cb39ecb5839b4ea52ff55c41eac.yaml b/nuclei-templates/2014/CVE-2014-9308-039f1cb39ecb5839b4ea52ff55c41eac.yaml
index 5b0e29e1d3..f0a5c8e577 100644
--- a/nuclei-templates/2014/CVE-2014-9308-039f1cb39ecb5839b4ea52ff55c41eac.yaml
+++ b/nuclei-templates/2014/CVE-2014-9308-039f1cb39ecb5839b4ea52ff55c41eac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shopping Cart & eCommerce Store < 3.0.16 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.16 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easycart/"
     google-query: inurl:"/wp-content/plugins/wp-easycart/"
     shodan-query: 'vuln:CVE-2014-9308'
-  tags: cve,wordpress,wp-plugin,wp-easycart,high
+  tags: cve,wordpress,wp-plugin,wp-easycart,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9309-961c6f8ac9568871bace8745083a3696.yaml b/nuclei-templates/2014/CVE-2014-9309-961c6f8ac9568871bace8745083a3696.yaml
index 40b24e4501..0485901251 100644
--- a/nuclei-templates/2014/CVE-2014-9309-961c6f8ac9568871bace8745083a3696.yaml
+++ b/nuclei-templates/2014/CVE-2014-9309-961c6f8ac9568871bace8745083a3696.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable Form Builder <= 1.07.11 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Formidable Form Builder plugin for WordPress is vulnerable to blind SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.07.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidable/"
     google-query: inurl:"/wp-content/plugins/formidable/"
     shodan-query: 'vuln:CVE-2014-9309'
-  tags: cve,wordpress,wp-plugin,formidable,high
+  tags: cve,wordpress,wp-plugin,formidable,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9311-d30830ee183428306dfe29b862928edf.yaml b/nuclei-templates/2014/CVE-2014-9311-d30830ee183428306dfe29b862928edf.yaml
index 5b3933bb46..840b4c9441 100644
--- a/nuclei-templates/2014/CVE-2014-9311-d30830ee183428306dfe29b862928edf.yaml
+++ b/nuclei-templates/2014/CVE-2014-9311-d30830ee183428306dfe29b862928edf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Social Sharing, Related Posts & Analytics – Shareaholic < 7.6.1.0 - Authenticated (Subscriber+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shareaholic/"
     google-query: inurl:"/wp-content/plugins/shareaholic/"
     shodan-query: 'vuln:CVE-2014-9311'
-  tags: cve,wordpress,wp-plugin,shareaholic,medium
+  tags: cve,wordpress,wp-plugin,shareaholic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9336-d22a628e60dd0e0e47e495ea9eb75413.yaml b/nuclei-templates/2014/CVE-2014-9336-d22a628e60dd0e0e47e495ea9eb75413.yaml
index 37f4a74aec..fb81af2753 100644
--- a/nuclei-templates/2014/CVE-2014-9336-d22a628e60dd0e0e47e495ea9eb75413.yaml
+++ b/nuclei-templates/2014/CVE-2014-9336-d22a628e60dd0e0e47e495ea9eb75413.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iTwitter <= 0.04 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/itwitter/"
     google-query: inurl:"/wp-content/plugins/itwitter/"
     shodan-query: 'vuln:CVE-2014-9336'
-  tags: cve,wordpress,wp-plugin,itwitter,medium
+  tags: cve,wordpress,wp-plugin,itwitter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9337-a8ffd5b000a53e3a5bfd7f4581d6cb26.yaml b/nuclei-templates/2014/CVE-2014-9337-a8ffd5b000a53e3a5bfd7f4581d6cb26.yaml
index f4535330a4..3125502ed8 100644
--- a/nuclei-templates/2014/CVE-2014-9337-a8ffd5b000a53e3a5bfd7f4581d6cb26.yaml
+++ b/nuclei-templates/2014/CVE-2014-9337-a8ffd5b000a53e3a5bfd7f4581d6cb26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mikiurl Wordpress Eklentisi <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) twitter_kullanici or (2) twitter_sifre parameter in a kaydet action in the mikiurl.php page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mikiurl-wordpress-eklentisi/"
     google-query: inurl:"/wp-content/plugins/mikiurl-wordpress-eklentisi/"
     shodan-query: 'vuln:CVE-2014-9337'
-  tags: cve,wordpress,wp-plugin,mikiurl-wordpress-eklentisi,medium
+  tags: cve,wordpress,wp-plugin,mikiurl-wordpress-eklentisi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9338-8b7ce3f62fb6e151f58953706865b9ed.yaml b/nuclei-templates/2014/CVE-2014-9338-8b7ce3f62fb6e151f58953706865b9ed.yaml
index e04a734736..c0ead9658c 100644
--- a/nuclei-templates/2014/CVE-2014-9338-8b7ce3f62fb6e151f58953706865b9ed.yaml
+++ b/nuclei-templates/2014/CVE-2014-9338-8b7ce3f62fb6e151f58953706865b9ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     O2tweet <= 0.0.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) o2t_username or (2) o2t_tags parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/o2tweet/"
     google-query: inurl:"/wp-content/plugins/o2tweet/"
     shodan-query: 'vuln:CVE-2014-9338'
-  tags: cve,wordpress,wp-plugin,o2tweet,high
+  tags: cve,wordpress,wp-plugin,o2tweet,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9339-124b0c02e423c613251c0019e72c2c54.yaml b/nuclei-templates/2014/CVE-2014-9339-124b0c02e423c613251c0019e72c2c54.yaml
index 60c4407bbf..0ca368be2b 100644
--- a/nuclei-templates/2014/CVE-2014-9339-124b0c02e423c613251c0019e72c2c54.yaml
+++ b/nuclei-templates/2014/CVE-2014-9339-124b0c02e423c613251c0019e72c2c54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spnbabble <= 1.4.1 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the spnbabble.php page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spnbabble/"
     google-query: inurl:"/wp-content/plugins/spnbabble/"
     shodan-query: 'vuln:CVE-2014-9339'
-  tags: cve,wordpress,wp-plugin,spnbabble,high
+  tags: cve,wordpress,wp-plugin,spnbabble,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9340-aa2e0c1ddafa9b3b45d0cc288ae14d9b.yaml b/nuclei-templates/2014/CVE-2014-9340-aa2e0c1ddafa9b3b45d0cc288ae14d9b.yaml
index 6281fd9be8..bb9a84a919 100644
--- a/nuclei-templates/2014/CVE-2014-9340-aa2e0c1ddafa9b3b45d0cc288ae14d9b.yaml
+++ b/nuclei-templates/2014/CVE-2014-9340-aa2e0c1ddafa9b3b45d0cc288ae14d9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpCommentTwit Plugin <= 0.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpcommenttwit/"
     google-query: inurl:"/wp-content/plugins/wpcommenttwit/"
     shodan-query: 'vuln:CVE-2014-9340'
-  tags: cve,wordpress,wp-plugin,wpcommenttwit,medium
+  tags: cve,wordpress,wp-plugin,wpcommenttwit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9368-29127228d14d384699d6b5442d961328.yaml b/nuclei-templates/2014/CVE-2014-9368-29127228d14d384699d6b5442d961328.yaml
index 7c676dc44b..4e837985de 100644
--- a/nuclei-templates/2014/CVE-2014-9368-29127228d14d384699d6b5442d961328.yaml
+++ b/nuclei-templates/2014/CVE-2014-9368-29127228d14d384699d6b5442d961328.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     twitterDash <= 2.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The twitterDash plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the twitterDash.php page. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'username_twitterDash' parameter through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twitterdash/"
     google-query: inurl:"/wp-content/plugins/twitterdash/"
     shodan-query: 'vuln:CVE-2014-9368'
-  tags: cve,wordpress,wp-plugin,twitterdash,high
+  tags: cve,wordpress,wp-plugin,twitterdash,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9391-216bc7429720f3a1737645ac0bc074a0.yaml b/nuclei-templates/2014/CVE-2014-9391-216bc7429720f3a1737645ac0bc074a0.yaml
index 78f1e54900..0d3e8b0225 100644
--- a/nuclei-templates/2014/CVE-2014-9391-216bc7429720f3a1737645ac0bc074a0.yaml
+++ b/nuclei-templates/2014/CVE-2014-9391-216bc7429720f3a1737645ac0bc074a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     gSlideShow <= 0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The gSlideShow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.1. This is due to missing nonce validation in the gslideshow.php file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via the 'transistion_time', 'rss', and 'display_time' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gslideshow/"
     google-query: inurl:"/wp-content/plugins/gslideshow/"
     shodan-query: 'vuln:CVE-2014-9391'
-  tags: cve,wordpress,wp-plugin,gslideshow,high
+  tags: cve,wordpress,wp-plugin,gslideshow,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9393-b53860895277e266b1fcb14159c31da6.yaml b/nuclei-templates/2014/CVE-2014-9393-b53860895277e266b1fcb14159c31da6.yaml
index 01dbdae56b..75f88ce99a 100644
--- a/nuclei-templates/2014/CVE-2014-9393-b53860895277e266b1fcb14159c31da6.yaml
+++ b/nuclei-templates/2014/CVE-2014-9393-b53860895277e266b1fcb14159c31da6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post to Twitter <= 0.7 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) idptt_twitter_username or (2) idptt_tweet_prefix parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-to-twitter/"
     google-query: inurl:"/wp-content/plugins/post-to-twitter/"
     shodan-query: 'vuln:CVE-2014-9393'
-  tags: cve,wordpress,wp-plugin,post-to-twitter,high
+  tags: cve,wordpress,wp-plugin,post-to-twitter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9394-fab925188af5751f6804af30f809b504.yaml b/nuclei-templates/2014/CVE-2014-9394-fab925188af5751f6804af30f809b504.yaml
index 0e5a1976b8..f43d2cb69c 100644
--- a/nuclei-templates/2014/CVE-2014-9394-fab925188af5751f6804af30f809b504.yaml
+++ b/nuclei-templates/2014/CVE-2014-9394-fab925188af5751f6804af30f809b504.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PWGRandom <= 1.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrandom_title or (2) pwgrandom_category parameter in the pwgrandom page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pwgrandom/"
     google-query: inurl:"/wp-content/plugins/pwgrandom/"
     shodan-query: 'vuln:CVE-2014-9394'
-  tags: cve,wordpress,wp-plugin,pwgrandom,high
+  tags: cve,wordpress,wp-plugin,pwgrandom,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9395-9f4b30648930a231b8f2e1e9c1a6b6c8.yaml b/nuclei-templates/2014/CVE-2014-9395-9f4b30648930a231b8f2e1e9c1a6b6c8.yaml
index f31e1d6b63..dd73aa250b 100644
--- a/nuclei-templates/2014/CVE-2014-9395-9f4b30648930a231b8f2e1e9c1a6b6c8.yaml
+++ b/nuclei-templates/2014/CVE-2014-9395-9f4b30648930a231b8f2e1e9c1a6b6c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simplelife Plugin <= 1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simplelife/"
     google-query: inurl:"/wp-content/plugins/simplelife/"
     shodan-query: 'vuln:CVE-2014-9395'
-  tags: cve,wordpress,wp-plugin,simplelife,medium
+  tags: cve,wordpress,wp-plugin,simplelife,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9397-f1ba708b36938f8403e7e3c932465c6c.yaml b/nuclei-templates/2014/CVE-2014-9397-f1ba708b36938f8403e7e3c932465c6c.yaml
index 5687a44274..e357b78b53 100644
--- a/nuclei-templates/2014/CVE-2014-9397-f1ba708b36938f8403e7e3c932465c6c.yaml
+++ b/nuclei-templates/2014/CVE-2014-9397-f1ba708b36938f8403e7e3c932465c6c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Twimp WP <= 0.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the message_format parameter in the twimp-wp.php page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twimp-wp/"
     google-query: inurl:"/wp-content/plugins/twimp-wp/"
     shodan-query: 'vuln:CVE-2014-9397'
-  tags: cve,wordpress,wp-plugin,twimp-wp,high
+  tags: cve,wordpress,wp-plugin,twimp-wp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9399-181c4a45776e23b2e4688d3d65b94f78.yaml b/nuclei-templates/2014/CVE-2014-9399-181c4a45776e23b2e4688d3d65b94f78.yaml
index 0d9480423e..ff819d1a3c 100644
--- a/nuclei-templates/2014/CVE-2014-9399-181c4a45776e23b2e4688d3d65b94f78.yaml
+++ b/nuclei-templates/2014/CVE-2014-9399-181c4a45776e23b2e4688d3d65b94f78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TweetScribe <= 1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the tweetscribe_username parameter in a save action in the tweetscribe.php page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tweetscribe/"
     google-query: inurl:"/wp-content/plugins/tweetscribe/"
     shodan-query: 'vuln:CVE-2014-9399'
-  tags: cve,wordpress,wp-plugin,tweetscribe,high
+  tags: cve,wordpress,wp-plugin,tweetscribe,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9400-b96d233c9f831b3a15126c8efb4195dc.yaml b/nuclei-templates/2014/CVE-2014-9400-b96d233c9f831b3a15126c8efb4195dc.yaml
index 02b352568a..fbb5e5aa6d 100644
--- a/nuclei-templates/2014/CVE-2014-9400-b96d233c9f831b3a15126c8efb4195dc.yaml
+++ b/nuclei-templates/2014/CVE-2014-9400-b96d233c9f831b3a15126c8efb4195dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Unique Article Header Image <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plugin 1.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) gt_default_header or (2) gt_homepage_header parameter in the wp-unique-header.php page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-unique-article-header-image/"
     google-query: inurl:"/wp-content/plugins/wp-unique-article-header-image/"
     shodan-query: 'vuln:CVE-2014-9400'
-  tags: cve,wordpress,wp-plugin,wp-unique-article-header-image,high
+  tags: cve,wordpress,wp-plugin,wp-unique-article-header-image,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9401-fe81b0cd67440d8b6f9d1a6ebbe2565c.yaml b/nuclei-templates/2014/CVE-2014-9401-fe81b0cd67440d8b6f9d1a6ebbe2565c.yaml
index f38c4249e4..08bfe9de82 100644
--- a/nuclei-templates/2014/CVE-2014-9401-fe81b0cd67440d8b6f9d1a6ebbe2565c.yaml
+++ b/nuclei-templates/2014/CVE-2014-9401-fe81b0cd67440d8b6f9d1a6ebbe2565c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Limit Posts Automatically <= 0.7 - Cross-Site Request Forgery leading to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and earlier for WordPress allows remote attackers to  in the wp-limit-posts-automatically.php page to wp-admin/options-general.php.
     The WP Limit Posts Automatically plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.7.  This makes it possible for unauthenticated attackers to hijack the authentication of administrators for requests that conduct cross-site scripting attacks via the lpa_post_letters parameter.  This is performed via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
@@ -18,7 +18,7 @@ info:
     fofa-query: "wp-content/plugins/wp-limit-posts-automatically/"
     google-query: inurl:"/wp-content/plugins/wp-limit-posts-automatically/"
     shodan-query: 'vuln:CVE-2014-9401'
-  tags: cve,wordpress,wp-plugin,wp-limit-posts-automatically,high
+  tags: cve,wordpress,wp-plugin,wp-limit-posts-automatically,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9413-288abda2cfd9da64eaad068ba5d6f96e.yaml b/nuclei-templates/2014/CVE-2014-9413-288abda2cfd9da64eaad068ba5d6f96e.yaml
index 24ef12d13f..2e81a0999f 100644
--- a/nuclei-templates/2014/CVE-2014-9413-288abda2cfd9da64eaad068ba5d6f96e.yaml
+++ b/nuclei-templates/2014/CVE-2014-9413-288abda2cfd9da64eaad068ba5d6f96e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IP Ban <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ip_list, (2) user_agent_list, or (3) redirect_url parameter in the simple-ip-ban page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-ip-ban/"
     google-query: inurl:"/wp-content/plugins/simple-ip-ban/"
     shodan-query: 'vuln:CVE-2014-9413'
-  tags: cve,wordpress,wp-plugin,simple-ip-ban,high
+  tags: cve,wordpress,wp-plugin,simple-ip-ban,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9437-40737c0a7a095d43140be7cd03a62330.yaml b/nuclei-templates/2014/CVE-2014-9437-40737c0a7a095d43140be7cd03a62330.yaml
index 2316283499..bfe03d384b 100644
--- a/nuclei-templates/2014/CVE-2014-9437-40737c0a7a095d43140be7cd03a62330.yaml
+++ b/nuclei-templates/2014/CVE-2014-9437-40737c0a7a095d43140be7cd03a62330.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sliding Social Icons <= 1.61 - Cross-Site Request Forgery and Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sliding-social-icons/"
     google-query: inurl:"/wp-content/plugins/sliding-social-icons/"
     shodan-query: 'vuln:CVE-2014-9437'
-  tags: cve,wordpress,wp-plugin,sliding-social-icons,high
+  tags: cve,wordpress,wp-plugin,sliding-social-icons,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9441-ce24f7f3b0bffd6ade8af3419aeed5c0.yaml b/nuclei-templates/2014/CVE-2014-9441-ce24f7f3b0bffd6ade8af3419aeed5c0.yaml
index 1bae391e0e..0d344ed1d7 100644
--- a/nuclei-templates/2014/CVE-2014-9441-ce24f7f3b0bffd6ade8af3419aeed5c0.yaml
+++ b/nuclei-templates/2014/CVE-2014-9441-ce24f7f3b0bffd6ade8af3419aeed5c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lightbox Photo Gallery <= 1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lightbox-photo-gallery/"
     google-query: inurl:"/wp-content/plugins/lightbox-photo-gallery/"
     shodan-query: 'vuln:CVE-2014-9441'
-  tags: cve,wordpress,wp-plugin,lightbox-photo-gallery,high
+  tags: cve,wordpress,wp-plugin,lightbox-photo-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9442-412eb3ff2c6b3450ae105bf1638dee64.yaml b/nuclei-templates/2014/CVE-2014-9442-412eb3ff2c6b3450ae105bf1638dee64.yaml
index 627bce047a..6ee1fb2d01 100644
--- a/nuclei-templates/2014/CVE-2014-9442-412eb3ff2c6b3450ae105bf1638dee64.yaml
+++ b/nuclei-templates/2014/CVE-2014-9442-412eb3ff2c6b3450ae105bf1638dee64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cart66-lite/"
     google-query: inurl:"/wp-content/plugins/cart66-lite/"
     shodan-query: 'vuln:CVE-2014-9442'
-  tags: cve,wordpress,wp-plugin,cart66-lite,high
+  tags: cve,wordpress,wp-plugin,cart66-lite,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9443-984a23521e50b74e0baafc6841353e19.yaml b/nuclei-templates/2014/CVE-2014-9443-984a23521e50b74e0baafc6841353e19.yaml
index 908e595914..0127ba1271 100644
--- a/nuclei-templates/2014/CVE-2014-9443-984a23521e50b74e0baafc6841353e19.yaml
+++ b/nuclei-templates/2014/CVE-2014-9443-984a23521e50b74e0baafc6841353e19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/relevanssi/"
     google-query: inurl:"/wp-content/plugins/relevanssi/"
     shodan-query: 'vuln:CVE-2014-9443'
-  tags: cve,wordpress,wp-plugin,relevanssi,medium
+  tags: cve,wordpress,wp-plugin,relevanssi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9444-5804085185dabeb708155bde523d6d27.yaml b/nuclei-templates/2014/CVE-2014-9444-5804085185dabeb708155bde523d6d27.yaml
index 70943bde3e..74b0936c8b 100644
--- a/nuclei-templates/2014/CVE-2014-9444-5804085185dabeb708155bde523d6d27.yaml
+++ b/nuclei-templates/2014/CVE-2014-9444-5804085185dabeb708155bde523d6d27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend Uploader < 0.9.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin before 0.9.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/frontend-uploader/"
     google-query: inurl:"/wp-content/plugins/frontend-uploader/"
     shodan-query: 'vuln:CVE-2014-9444'
-  tags: cve,wordpress,wp-plugin,frontend-uploader,medium
+  tags: cve,wordpress,wp-plugin,frontend-uploader,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9454-e689aa17f6bf2fdc2c6603a9014c4c60.yaml b/nuclei-templates/2014/CVE-2014-9454-e689aa17f6bf2fdc2c6603a9014c4c60.yaml
index 8e1fe82de5..43da7fe83e 100644
--- a/nuclei-templates/2014/CVE-2014-9454-e689aa17f6bf2fdc2c6603a9014c4c60.yaml
+++ b/nuclei-templates/2014/CVE-2014-9454-e689aa17f6bf2fdc2c6603a9014c4c60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Sticky Footer <= 1.3.2 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-sticky-footer/"
     google-query: inurl:"/wp-content/plugins/simple-sticky-footer/"
     shodan-query: 'vuln:CVE-2014-9454'
-  tags: cve,wordpress,wp-plugin,simple-sticky-footer,high
+  tags: cve,wordpress,wp-plugin,simple-sticky-footer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9523-15ed4766d27c484c5517c27d81b8d51f.yaml b/nuclei-templates/2014/CVE-2014-9523-15ed4766d27c484c5517c27d81b8d51f.yaml
index 5f22cbd1a3..9166a7d814 100644
--- a/nuclei-templates/2014/CVE-2014-9523-15ed4766d27c484c5517c27d81b8d51f.yaml
+++ b/nuclei-templates/2014/CVE-2014-9523-15ed4766d27c484c5517c27d81b8d51f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Our Team Showcase < 1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/our-team-enhanced/"
     google-query: inurl:"/wp-content/plugins/our-team-enhanced/"
     shodan-query: 'vuln:CVE-2014-9523'
-  tags: cve,wordpress,wp-plugin,our-team-enhanced,medium
+  tags: cve,wordpress,wp-plugin,our-team-enhanced,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9570-2c08e7ca2855464050481f48ae1d114f.yaml b/nuclei-templates/2014/CVE-2014-9570-2c08e7ca2855464050481f48ae1d114f.yaml
index da1e30cac9..5e91dd671f 100644
--- a/nuclei-templates/2014/CVE-2014-9570-2c08e7ca2855464050481f48ae1d114f.yaml
+++ b/nuclei-templates/2014/CVE-2014-9570-2c08e7ca2855464050481f48ae1d114f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Security <= 1.1.5 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'datefilter' parameter found on the access_log page to wp-admin/users.php and the 'simple_security_ip_blacklist[]' parameter found in the add_blacklist_ip action on the ip_blacklist page to wp-admin/users.php in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-security/"
     google-query: inurl:"/wp-content/plugins/simple-security/"
     shodan-query: 'vuln:CVE-2014-9570'
-  tags: cve,wordpress,wp-plugin,simple-security,medium
+  tags: cve,wordpress,wp-plugin,simple-security,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2014/CVE-2014-9735-21b56747ef932af6a293d705a4f1c993.yaml b/nuclei-templates/2014/CVE-2014-9735-21b56747ef932af6a293d705a4f1c993.yaml
index b7134c5199..11fb5eef53 100644
--- a/nuclei-templates/2014/CVE-2014-9735-21b56747ef932af6a293d705a4f1c993.yaml
+++ b/nuclei-templates/2014/CVE-2014-9735-21b56747ef932af6a293d705a4f1c993.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors. Several WordPress themes utilize revslider which makes them vulnerable as well.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2014-9735
   metadata:
-    fofa-query: "wp-content/plugins/revslider/"
-    google-query: inurl:"/wp-content/plugins/revslider/"
+    fofa-query: "wp-content/plugins/showbizpro/"
+    google-query: inurl:"/wp-content/plugins/showbizpro/"
     shodan-query: 'vuln:CVE-2014-9735'
-  tags: cve,wordpress,wp-plugin,revslider,critical
+  tags: cve,wordpress,wp-plugin,showbizpro,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/revslider/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/showbizpro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "revslider"
+          - "showbizpro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 3.0.96')
\ No newline at end of file
+          - compare_versions(version, '< 1.7.1')
\ No newline at end of file
diff --git a/nuclei-templates/2015/CVE-2015-0895-44ac07d5baafaaec1fde2cca5e220010.yaml b/nuclei-templates/2015/CVE-2015-0895-44ac07d5baafaaec1fde2cca5e220010.yaml
index 878dbb1d72..5cae730d98 100644
--- a/nuclei-templates/2015/CVE-2015-0895-44ac07d5baafaaec1fde2cca5e220010.yaml
+++ b/nuclei-templates/2015/CVE-2015-0895-44ac07d5baafaaec1fde2cca5e220010.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One WP Security & Firewall <= 3.8.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: low
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/"
     shodan-query: 'vuln:CVE-2015-0895'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,low
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-0920-434911a5447ed5d05a669b67b9efd816.yaml b/nuclei-templates/2015/CVE-2015-0920-434911a5447ed5d05a669b67b9efd816.yaml
index 652707d30f..4acfad3931 100644
--- a/nuclei-templates/2015/CVE-2015-0920-434911a5447ed5d05a669b67b9efd816.yaml
+++ b/nuclei-templates/2015/CVE-2015-0920-434911a5447ed5d05a669b67b9efd816.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Banner Effect Header <= 1.2.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/banner-effect-header/"
     google-query: inurl:"/wp-content/plugins/banner-effect-header/"
     shodan-query: 'vuln:CVE-2015-0920'
-  tags: cve,wordpress,wp-plugin,banner-effect-header,high
+  tags: cve,wordpress,wp-plugin,banner-effect-header,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1000004-16949f85deca6c76da36cc5d46cabd06.yaml b/nuclei-templates/2015/CVE-2015-1000004-16949f85deca6c76da36cc5d46cabd06.yaml
index 6cc3c0e27e..fa2b4cc47e 100644
--- a/nuclei-templates/2015/CVE-2015-1000004-16949f85deca6c76da36cc5d46cabd06.yaml
+++ b/nuclei-templates/2015/CVE-2015-1000004-16949f85deca6c76da36cc5d46cabd06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     filedownload plugin <= 1.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The filedownload plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filedownload/"
     google-query: inurl:"/wp-content/plugins/filedownload/"
     shodan-query: 'vuln:CVE-2015-1000004'
-  tags: cve,wordpress,wp-plugin,filedownload,medium
+  tags: cve,wordpress,wp-plugin,filedownload,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-10090-6ef6064badb5d7b87c27535925053eda.yaml b/nuclei-templates/2015/CVE-2015-10090-6ef6064badb5d7b87c27535925053eda.yaml
index 6c0d7c5bca..402d0c8ff0 100644
--- a/nuclei-templates/2015/CVE-2015-10090-6ef6064badb5d7b87c27535925053eda.yaml
+++ b/nuclei-templates/2015/CVE-2015-10090-6ef6064badb5d7b87c27535925053eda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Landing Pages <= 1.8.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/landing-pages/"
     google-query: inurl:"/wp-content/plugins/landing-pages/"
     shodan-query: 'vuln:CVE-2015-10090'
-  tags: cve,wordpress,wp-plugin,landing-pages,medium
+  tags: cve,wordpress,wp-plugin,landing-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-10095-cecf0eea6a928571e9c6c0b109812dde.yaml b/nuclei-templates/2015/CVE-2015-10095-cecf0eea6a928571e9c6c0b109812dde.yaml
index 5eeaec94e1..381b23cf48 100644
--- a/nuclei-templates/2015/CVE-2015-10095-cecf0eea6a928571e9c6c0b109812dde.yaml
+++ b/nuclei-templates/2015/CVE-2015-10095-cecf0eea6a928571e9c6c0b109812dde.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     woo-popup <= 1.2.2 - Reflecte Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The woo-popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-popup/"
     google-query: inurl:"/wp-content/plugins/woo-popup/"
     shodan-query: 'vuln:CVE-2015-10095'
-  tags: cve,wordpress,wp-plugin,woo-popup,medium
+  tags: cve,wordpress,wp-plugin,woo-popup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-10100-57f7b5f0694f05830341c7de29cc9c44.yaml b/nuclei-templates/2015/CVE-2015-10100-57f7b5f0694f05830341c7de29cc9c44.yaml
index 23bcf72c99..4801febebe 100644
--- a/nuclei-templates/2015/CVE-2015-10100-57f7b5f0694f05830341c7de29cc9c44.yaml
+++ b/nuclei-templates/2015/CVE-2015-10100-57f7b5f0694f05830341c7de29cc9c44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dynamic Widgets <= 1.5.10 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Dynamic Widgets Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.5.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2015-10100-1/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2015-10100-1/"
     shodan-query: 'vuln:CVE-2015-10100'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2015-10100-1,high
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2015-10100-1,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-10105-6f9e9fe1fa78bdc8c8c67cbc00f8001f.yaml b/nuclei-templates/2015/CVE-2015-10105-6f9e9fe1fa78bdc8c8c67cbc00f8001f.yaml
index 815b20fd9a..28094d72df 100644
--- a/nuclei-templates/2015/CVE-2015-10105-6f9e9fe1fa78bdc8c8c67cbc00f8001f.yaml
+++ b/nuclei-templates/2015/CVE-2015-10105-6f9e9fe1fa78bdc8c8c67cbc00f8001f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IP Blacklist Cloud <= 3.42 - Authenticated (Admin+) Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The IP Blacklist Cloud plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 3.42 via the 'filename' parameter. This allows authenticated attackers, with administrative privileges, to read arbitrary files on the server that may contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ip-blacklist-cloud/"
     google-query: inurl:"/wp-content/plugins/ip-blacklist-cloud/"
     shodan-query: 'vuln:CVE-2015-10105'
-  tags: cve,wordpress,wp-plugin,ip-blacklist-cloud,medium
+  tags: cve,wordpress,wp-plugin,ip-blacklist-cloud,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-10111-89a35a79088c1cac6da4471e1521db2a.yaml b/nuclei-templates/2015/CVE-2015-10111-89a35a79088c1cac6da4471e1521db2a.yaml
index a4064b12f6..31a6382d1c 100644
--- a/nuclei-templates/2015/CVE-2015-10111-89a35a79088c1cac6da4471e1521db2a.yaml
+++ b/nuclei-templates/2015/CVE-2015-10111-89a35a79088c1cac6da4471e1521db2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Watu Quiz <= 2.6.7 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Watu Quiz plugin for WordPress is vulnerable to SQL Injection via the 'quiz' parameter in versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/watu/"
     google-query: inurl:"/wp-content/plugins/watu/"
     shodan-query: 'vuln:CVE-2015-10111'
-  tags: cve,wordpress,wp-plugin,watu,high
+  tags: cve,wordpress,wp-plugin,watu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-10116-2a790c8bfc2f91a748cff8286de5f526.yaml b/nuclei-templates/2015/CVE-2015-10116-2a790c8bfc2f91a748cff8286de5f526.yaml
index 99f160ac75..c84386e543 100644
--- a/nuclei-templates/2015/CVE-2015-10116-2a790c8bfc2f91a748cff8286de5f526.yaml
+++ b/nuclei-templates/2015/CVE-2015-10116-2a790c8bfc2f91a748cff8286de5f526.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Favicon by RealFaviconGenerator <= 1.2.12 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Favicon by RealFaviconGenerator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘json_result_url’ parameter in versions before 1.2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/favicon-by-realfavicongenerator/"
     google-query: inurl:"/wp-content/plugins/favicon-by-realfavicongenerator/"
     shodan-query: 'vuln:CVE-2015-10116'
-  tags: cve,wordpress,wp-plugin,favicon-by-realfavicongenerator,high
+  tags: cve,wordpress,wp-plugin,favicon-by-realfavicongenerator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-10124-53a42a688a74a64b49721153f05dafd3.yaml b/nuclei-templates/2015/CVE-2015-10124-53a42a688a74a64b49721153f05dafd3.yaml
index 19dd67452a..8f9ed078f4 100644
--- a/nuclei-templates/2015/CVE-2015-10124-53a42a688a74a64b49721153f05dafd3.yaml
+++ b/nuclei-templates/2015/CVE-2015-10124-53a42a688a74a64b49721153f05dafd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Most Popular Posts Widget <= 0.8 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Most Popular Posts Widget plugin for WordPress is vulnerable to SQL Injection via the 'PostID' variable in versions up to, and including, 0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/most-popular-posts-widget-lite/"
     google-query: inurl:"/wp-content/plugins/most-popular-posts-widget-lite/"
     shodan-query: 'vuln:CVE-2015-10124'
-  tags: cve,wordpress,wp-plugin,most-popular-posts-widget-lite,high
+  tags: cve,wordpress,wp-plugin,most-popular-posts-widget-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-10128-94b0b54aeb124f4c7a107e54a5615849.yaml b/nuclei-templates/2015/CVE-2015-10128-94b0b54aeb124f4c7a107e54a5615849.yaml
index dcdd0b3d4b..8d2384e5fe 100644
--- a/nuclei-templates/2015/CVE-2015-10128-94b0b54aeb124f4c7a107e54a5615849.yaml
+++ b/nuclei-templates/2015/CVE-2015-10128-94b0b54aeb124f4c7a107e54a5615849.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal PrettyPhoto <= 1.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Royal PrettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rt-prettyphoto/"
     google-query: inurl:"/wp-content/plugins/rt-prettyphoto/"
     shodan-query: 'vuln:CVE-2015-10128'
-  tags: cve,wordpress,wp-plugin,rt-prettyphoto,medium
+  tags: cve,wordpress,wp-plugin,rt-prettyphoto,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1204-323a2528ecc021abe5c2c6bd363f0d32.yaml b/nuclei-templates/2015/CVE-2015-1204-323a2528ecc021abe5c2c6bd363f0d32.yaml
index 01dcd75dfc..238e72b529 100644
--- a/nuclei-templates/2015/CVE-2015-1204-323a2528ecc021abe5c2c6bd363f0d32.yaml
+++ b/nuclei-templates/2015/CVE-2015-1204-323a2528ecc021abe5c2c6bd363f0d32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics <= 3.9.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2015-1204'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,medium
+  tags: cve,wordpress,wp-plugin,wp-slimstat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1366-5b2fbefb63fd7f965b09642c4ccecf5d.yaml b/nuclei-templates/2015/CVE-2015-1366-5b2fbefb63fd7f965b09642c4ccecf5d.yaml
index e4f662be22..af2667b17b 100644
--- a/nuclei-templates/2015/CVE-2015-1366-5b2fbefb63fd7f965b09642c4ccecf5d.yaml
+++ b/nuclei-templates/2015/CVE-2015-1366-5b2fbefb63fd7f965b09642c4ccecf5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pixabay Images <= 2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pixabay-images/"
     google-query: inurl:"/wp-content/plugins/pixabay-images/"
     shodan-query: 'vuln:CVE-2015-1366'
-  tags: cve,wordpress,wp-plugin,pixabay-images,medium
+  tags: cve,wordpress,wp-plugin,pixabay-images,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1376-99e3e9aef74467dcee4f17ac700177de.yaml b/nuclei-templates/2015/CVE-2015-1376-99e3e9aef74467dcee4f17ac700177de.yaml
index 25e1c372c8..105cc12174 100644
--- a/nuclei-templates/2015/CVE-2015-1376-99e3e9aef74467dcee4f17ac700177de.yaml
+++ b/nuclei-templates/2015/CVE-2015-1376-99e3e9aef74467dcee4f17ac700177de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pixabay Images <= 2.3 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pixabay-images/"
     google-query: inurl:"/wp-content/plugins/pixabay-images/"
     shodan-query: 'vuln:CVE-2015-1376'
-  tags: cve,wordpress,wp-plugin,pixabay-images,high
+  tags: cve,wordpress,wp-plugin,pixabay-images,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1383-887adced0648142cd9b714a8cbded6f3.yaml b/nuclei-templates/2015/CVE-2015-1383-887adced0648142cd9b714a8cbded6f3.yaml
index 6238bb7cd1..95a08c12e1 100644
--- a/nuclei-templates/2015/CVE-2015-1383-887adced0648142cd9b714a8cbded6f3.yaml
+++ b/nuclei-templates/2015/CVE-2015-1383-887adced0648142cd9b714a8cbded6f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Geo Mashup < 1.8.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geo-mashup/"
     google-query: inurl:"/wp-content/plugins/geo-mashup/"
     shodan-query: 'vuln:CVE-2015-1383'
-  tags: cve,wordpress,wp-plugin,geo-mashup,medium
+  tags: cve,wordpress,wp-plugin,geo-mashup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1384-f7325cb69c59d2a2951bb8ec98779e8d.yaml b/nuclei-templates/2015/CVE-2015-1384-f7325cb69c59d2a2951bb8ec98779e8d.yaml
index 8e77db8653..1a6c4b66f0 100644
--- a/nuclei-templates/2015/CVE-2015-1384-f7325cb69c59d2a2951bb8ec98779e8d.yaml
+++ b/nuclei-templates/2015/CVE-2015-1384-f7325cb69c59d2a2951bb8ec98779e8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Banner Effect Header < 1.2.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid parameter in the BannerEffectOptions page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/banner-effect-header/"
     google-query: inurl:"/wp-content/plugins/banner-effect-header/"
     shodan-query: 'vuln:CVE-2015-1384'
-  tags: cve,wordpress,wp-plugin,banner-effect-header,medium
+  tags: cve,wordpress,wp-plugin,banner-effect-header,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1385-86221a41117bb12070fda480ca17a28c.yaml b/nuclei-templates/2015/CVE-2015-1385-86221a41117bb12070fda480ca17a28c.yaml
index 475471f5d7..3a133e2a41 100644
--- a/nuclei-templates/2015/CVE-2015-1385-86221a41117bb12070fda480ca17a28c.yaml
+++ b/nuclei-templates/2015/CVE-2015-1385-86221a41117bb12070fda480ca17a28c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPress <= 6.0.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpress/"
     google-query: inurl:"/wp-content/plugins/powerpress/"
     shodan-query: 'vuln:CVE-2015-1385'
-  tags: cve,wordpress,wp-plugin,powerpress,medium
+  tags: cve,wordpress,wp-plugin,powerpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1393-1e81e15f7eef3b25cd39002edd8c241e.yaml b/nuclei-templates/2015/CVE-2015-1393-1e81e15f7eef3b25cd39002edd8c241e.yaml
index d9f63c9ae3..4b7bd0034c 100644
--- a/nuclei-templates/2015/CVE-2015-1393-1e81e15f7eef3b25cd39002edd8c241e.yaml
+++ b/nuclei-templates/2015/CVE-2015-1393-1e81e15f7eef3b25cd39002edd8c241e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.2.10 - Authenticated SQL Injection via asc_or_desc Parameter
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2015-1393'
-  tags: cve,wordpress,wp-plugin,photo-gallery,high
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1394-e1df20c1816f9cf921b493870b0123b0.yaml b/nuclei-templates/2015/CVE-2015-1394-e1df20c1816f9cf921b493870b0123b0.yaml
index 3b9f5f2f49..b1236114e8 100644
--- a/nuclei-templates/2015/CVE-2015-1394-e1df20c1816f9cf921b493870b0123b0.yaml
+++ b/nuclei-templates/2015/CVE-2015-1394-e1df20c1816f9cf921b493870b0123b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.2.10 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2015-1394'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1436-7a859a74f0e39d83ee989a269a737923.yaml b/nuclei-templates/2015/CVE-2015-1436-7a859a74f0e39d83ee989a269a737923.yaml
index 48543e843d..9b3e1bbbd7 100644
--- a/nuclei-templates/2015/CVE-2015-1436-7a859a74f0e39d83ee989a269a737923.yaml
+++ b/nuclei-templates/2015/CVE-2015-1436-7a859a74f0e39d83ee989a269a737923.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easing Slider <= 2.2.0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easing Slider plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.2.0.6 via the edit parameter due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easing-slider/"
     google-query: inurl:"/wp-content/plugins/easing-slider/"
     shodan-query: 'vuln:CVE-2015-1436'
-  tags: cve,wordpress,wp-plugin,easing-slider,medium
+  tags: cve,wordpress,wp-plugin,easing-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1494-b8e3a07576df90727675ec278a1f9eb2.yaml b/nuclei-templates/2015/CVE-2015-1494-b8e3a07576df90727675ec278a1f9eb2.yaml
index 609506d35e..688b1a0ab0 100644
--- a/nuclei-templates/2015/CVE-2015-1494-b8e3a07576df90727675ec278a1f9eb2.yaml
+++ b/nuclei-templates/2015/CVE-2015-1494-b8e3a07576df90727675ec278a1f9eb2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FancyBox for WordPress <= 3.0.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfw[padding] parameter and exploited in the wild in February 2015.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancybox-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/fancybox-for-wordpress/"
     shodan-query: 'vuln:CVE-2015-1494'
-  tags: cve,wordpress,wp-plugin,fancybox-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,fancybox-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1580-8319ea5020d449067d1800ef0c846413.yaml b/nuclei-templates/2015/CVE-2015-1580-8319ea5020d449067d1800ef0c846413.yaml
index 57538fedf1..012f16943f 100644
--- a/nuclei-templates/2015/CVE-2015-1580-8319ea5020d449067d1800ef0c846413.yaml
+++ b/nuclei-templates/2015/CVE-2015-1580-8319ea5020d449067d1800ef0c846413.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirection Page <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirection-page/"
     google-query: inurl:"/wp-content/plugins/redirection-page/"
     shodan-query: 'vuln:CVE-2015-1580'
-  tags: cve,wordpress,wp-plugin,redirection-page,high
+  tags: cve,wordpress,wp-plugin,redirection-page,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1784-b4ed5bad800bb63784fe65e3822d9b92.yaml b/nuclei-templates/2015/CVE-2015-1784-b4ed5bad800bb63784fe65e3822d9b92.yaml
index 5fa96ec79a..492aeecf3a 100644
--- a/nuclei-templates/2015/CVE-2015-1784-b4ed5bad800bb63784fe65e3822d9b92.yaml
+++ b/nuclei-templates/2015/CVE-2015-1784-b4ed5bad800bb63784fe65e3822d9b92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2015-1784'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1785-5eb51111eaa90d94b47d1fce5457ff77.yaml b/nuclei-templates/2015/CVE-2015-1785-5eb51111eaa90d94b47d1fce5457ff77.yaml
index 355d6f1afd..9c0eb4addf 100644
--- a/nuclei-templates/2015/CVE-2015-1785-5eb51111eaa90d94b47d1fce5457ff77.yaml
+++ b/nuclei-templates/2015/CVE-2015-1785-5eb51111eaa90d94b47d1fce5457ff77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2015-1785'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-1879-0058c9636ab9a993ffe8aa9657a05d60.yaml b/nuclei-templates/2015/CVE-2015-1879-0058c9636ab9a993ffe8aa9657a05d60.yaml
index 33f088f6e1..f0100f3b67 100644
--- a/nuclei-templates/2015/CVE-2015-1879-0058c9636ab9a993ffe8aa9657a05d60.yaml
+++ b/nuclei-templates/2015/CVE-2015-1879-0058c9636ab9a993ffe8aa9657a05d60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Doc Embedder <= 2.5.18 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-document-embedder/"
     google-query: inurl:"/wp-content/plugins/google-document-embedder/"
     shodan-query: 'vuln:CVE-2015-1879'
-  tags: cve,wordpress,wp-plugin,google-document-embedder,medium
+  tags: cve,wordpress,wp-plugin,google-document-embedder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-20019-321e86531ce3a7401f2a887940f1ca1d.yaml b/nuclei-templates/2015/CVE-2015-20019-321e86531ce3a7401f2a887940f1ca1d.yaml
index 7c286fb35d..041e0aed9e 100644
--- a/nuclei-templates/2015/CVE-2015-20019-321e86531ce3a7401f2a887940f1ca1d.yaml
+++ b/nuclei-templates/2015/CVE-2015-20019-321e86531ce3a7401f2a887940f1ca1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content text slider on post < 6.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-text-slider-on-post/"
     google-query: inurl:"/wp-content/plugins/content-text-slider-on-post/"
     shodan-query: 'vuln:CVE-2015-20019'
-  tags: cve,wordpress,wp-plugin,content-text-slider-on-post,medium
+  tags: cve,wordpress,wp-plugin,content-text-slider-on-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-20105-b1bcff9d2efb787a948b3f8018f345ae.yaml b/nuclei-templates/2015/CVE-2015-20105-b1bcff9d2efb787a948b3f8018f345ae.yaml
index 61ea0f6401..6328520d13 100644
--- a/nuclei-templates/2015/CVE-2015-20105-b1bcff9d2efb787a948b3f8018f345ae.yaml
+++ b/nuclei-templates/2015/CVE-2015-20105-b1bcff9d2efb787a948b3f8018f345ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ClickBank Affiliate Ads < 1.31 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The ClickBank Affiliate Ads WordPress plugin before 1.31 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clickbank-ads-clickbank-widget/"
     google-query: inurl:"/wp-content/plugins/clickbank-ads-clickbank-widget/"
     shodan-query: 'vuln:CVE-2015-20105'
-  tags: cve,wordpress,wp-plugin,clickbank-ads-clickbank-widget,high
+  tags: cve,wordpress,wp-plugin,clickbank-ads-clickbank-widget,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-20106-55592f88afc85caec6c62b369547bd3e.yaml b/nuclei-templates/2015/CVE-2015-20106-55592f88afc85caec6c62b369547bd3e.yaml
index 3f6b9fa492..59ec700545 100644
--- a/nuclei-templates/2015/CVE-2015-20106-55592f88afc85caec6c62b369547bd3e.yaml
+++ b/nuclei-templates/2015/CVE-2015-20106-55592f88afc85caec6c62b369547bd3e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ClickBank Affiliate Ads <= 1.20 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clickbank-ads-clickbank-widget/"
     google-query: inurl:"/wp-content/plugins/clickbank-ads-clickbank-widget/"
     shodan-query: 'vuln:CVE-2015-20106'
-  tags: cve,wordpress,wp-plugin,clickbank-ads-clickbank-widget,medium
+  tags: cve,wordpress,wp-plugin,clickbank-ads-clickbank-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2040-b08c80c889936db0e80107b8d6e7f7c2.yaml b/nuclei-templates/2015/CVE-2015-2040-b08c80c889936db0e80107b8d6e7f7c2.yaml
index 7098bee6fe..8d25f4c481 100644
--- a/nuclei-templates/2015/CVE-2015-2040-b08c80c889936db0e80107b8d6e7f7c2.yaml
+++ b/nuclei-templates/2015/CVE-2015-2040-b08c80c889936db0e80107b8d6e7f7c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form DB <= 2.8.26 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7-to-database-extension/"
     google-query: inurl:"/wp-content/plugins/contact-form-7-to-database-extension/"
     shodan-query: 'vuln:CVE-2015-2040'
-  tags: cve,wordpress,wp-plugin,contact-form-7-to-database-extension,medium
+  tags: cve,wordpress,wp-plugin,contact-form-7-to-database-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2062-f1a34dd1cf3f3d82d7aaeb96b1997e29.yaml b/nuclei-templates/2015/CVE-2015-2062-f1a34dd1cf3f3d82d7aaeb96b1997e29.yaml
index e32c3fba5e..4c85279daf 100644
--- a/nuclei-templates/2015/CVE-2015-2062-f1a34dd1cf3f3d82d7aaeb96b1997e29.yaml
+++ b/nuclei-templates/2015/CVE-2015-2062-f1a34dd1cf3f3d82d7aaeb96b1997e29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Slider – Image Slider – Slideshow for WordPress < 2.7.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Responsive Slider – Image Slider – Slideshow for WordPress plugin for WordPress is vulnerable to multiple SQL Injection attacks via the ‘removeslide’ parameter in versions before 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-image/"
     google-query: inurl:"/wp-content/plugins/slider-image/"
     shodan-query: 'vuln:CVE-2015-2062'
-  tags: cve,wordpress,wp-plugin,slider-image,high
+  tags: cve,wordpress,wp-plugin,slider-image,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2069-74b60f27afca1a7a8208f5a85162c261.yaml b/nuclei-templates/2015/CVE-2015-2069-74b60f27afca1a7a8208f5a85162c261.yaml
index 9438f2bd30..884a61e9f1 100644
--- a/nuclei-templates/2015/CVE-2015-2069-74b60f27afca1a7a8208f5a85162c261.yaml
+++ b/nuclei-templates/2015/CVE-2015-2069-74b60f27afca1a7a8208f5a85162c261.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 2.2.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:CVE-2015-2069'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2084-f8dda67401c83c106e4913ae42963922.yaml b/nuclei-templates/2015/CVE-2015-2084-f8dda67401c83c106e4913ae42963922.yaml
index a983bd3036..46cd241899 100644
--- a/nuclei-templates/2015/CVE-2015-2084-f8dda67401c83c106e4913ae42963922.yaml
+++ b/nuclei-templates/2015/CVE-2015-2084-f8dda67401c83c106e4913ae42963922.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Icons <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-icons/"
     google-query: inurl:"/wp-content/plugins/easy-social-icons/"
     shodan-query: 'vuln:CVE-2015-2084'
-  tags: cve,wordpress,wp-plugin,easy-social-icons,high
+  tags: cve,wordpress,wp-plugin,easy-social-icons,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2089-66a96d7ee2557e873f3475f1e86dd229.yaml b/nuclei-templates/2015/CVE-2015-2089-66a96d7ee2557e873f3475f1e86dd229.yaml
index 95ad6b00ad..7ee4550f1c 100644
--- a/nuclei-templates/2015/CVE-2015-2089-66a96d7ee2557e873f3475f1e86dd229.yaml
+++ b/nuclei-templates/2015/CVE-2015-2089-66a96d7ee2557e873f3475f1e86dd229.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CrossSlide jQuery Plugin <= 2.0.5 - Multiple Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crossslide-jquery-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/crossslide-jquery-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2015-2089'
-  tags: cve,wordpress,wp-plugin,crossslide-jquery-plugin-for-wordpress,high
+  tags: cve,wordpress,wp-plugin,crossslide-jquery-plugin-for-wordpress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2194-50500b0da9551f89249fc057d52b16ad.yaml b/nuclei-templates/2015/CVE-2015-2194-50500b0da9551f89249fc057d52b16ad.yaml
index 0feab9b220..f023d24ddc 100644
--- a/nuclei-templates/2015/CVE-2015-2194-50500b0da9551f89249fc057d52b16ad.yaml
+++ b/nuclei-templates/2015/CVE-2015-2194-50500b0da9551f89249fc057d52b16ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fusion <= 3.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/fusion-delisted/"
     google-query: inurl:"/wp-content/themes/fusion-delisted/"
     shodan-query: 'vuln:CVE-2015-2194'
-  tags: cve,wordpress,wp-theme,fusion-delisted,high
+  tags: cve,wordpress,wp-theme,fusion-delisted,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2195-ee67de5781e7fd9c2318027f775c66d6.yaml b/nuclei-templates/2015/CVE-2015-2195-ee67de5781e7fd9c2318027f775c66d6.yaml
index bf6e25594b..c4aea4aa58 100644
--- a/nuclei-templates/2015/CVE-2015-2195-ee67de5781e7fd9c2318027f775c66d6.yaml
+++ b/nuclei-templates/2015/CVE-2015-2195-ee67de5781e7fd9c2318027f775c66d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Media Cleaner <= 2.2.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-media-cleaner/"
     google-query: inurl:"/wp-content/plugins/wp-media-cleaner/"
     shodan-query: 'vuln:CVE-2015-2195'
-  tags: cve,wordpress,wp-plugin,wp-media-cleaner,medium
+  tags: cve,wordpress,wp-plugin,wp-media-cleaner,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2199-66fd05b591a1b1e766cf1d8976a2f593.yaml b/nuclei-templates/2015/CVE-2015-2199-66fd05b591a1b1e766cf1d8976a2f593.yaml
index 1936ee5798..eb01df5e29 100644
--- a/nuclei-templates/2015/CVE-2015-2199-66fd05b591a1b1e766cf1d8976a2f593.yaml
+++ b/nuclei-templates/2015/CVE-2015-2199-66fd05b591a1b1e766cf1d8976a2f593.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WonderPlugin Audio Player <= 2.0 - Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wonderplugin-audio/"
     google-query: inurl:"/wp-content/plugins/wonderplugin-audio/"
     shodan-query: 'vuln:CVE-2015-2199'
-  tags: cve,wordpress,wp-plugin,wonderplugin-audio,high
+  tags: cve,wordpress,wp-plugin,wonderplugin-audio,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2213-4042aa3076d5d5e05f92a43c0f9299ab.yaml b/nuclei-templates/2015/CVE-2015-2213-4042aa3076d5d5e05f92a43c0f9299ab.yaml
index b21227732c..8aa8034075 100644
--- a/nuclei-templates/2015/CVE-2015-2213-4042aa3076d5d5e05f92a43c0f9299ab.yaml
+++ b/nuclei-templates/2015/CVE-2015-2213-4042aa3076d5d5e05f92a43c0f9299ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.2.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-2213
   metadata:
     shodan-query: 'vuln:CVE-2015-2213'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2292-4a0b4f088a324947da6aaf5af5ea450e.yaml b/nuclei-templates/2015/CVE-2015-2292-4a0b4f088a324947da6aaf5af5ea450e.yaml
index 5b88ab03a6..aff1643250 100644
--- a/nuclei-templates/2015/CVE-2015-2292-4a0b4f088a324947da6aaf5af5ea450e.yaml
+++ b/nuclei-templates/2015/CVE-2015-2292-4a0b4f088a324947da6aaf5af5ea450e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO <= 1.7.3.3 - Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php.  NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-seo/"
     google-query: inurl:"/wp-content/plugins/wordpress-seo/"
     shodan-query: 'vuln:CVE-2015-2292'
-  tags: cve,wordpress,wp-plugin,wordpress-seo,high
+  tags: cve,wordpress,wp-plugin,wordpress-seo,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2293-0cab757218d53679bf548112d251d15c.yaml b/nuclei-templates/2015/CVE-2015-2293-0cab757218d53679bf548112d251d15c.yaml
index 7cb476c257..026099972d 100644
--- a/nuclei-templates/2015/CVE-2015-2293-0cab757218d53679bf548112d251d15c.yaml
+++ b/nuclei-templates/2015/CVE-2015-2293-0cab757218d53679bf548112d251d15c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO <= 1.7.3.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-seo/"
     google-query: inurl:"/wp-content/plugins/wordpress-seo/"
     shodan-query: 'vuln:CVE-2015-2293'
-  tags: cve,wordpress,wp-plugin,wordpress-seo,high
+  tags: cve,wordpress,wp-plugin,wordpress-seo,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2315-cb38c4c6a570ec5691624654c5d4d34c.yaml b/nuclei-templates/2015/CVE-2015-2315-cb38c4c6a570ec5691624654c5d4d34c.yaml
index 36837acd25..a04e63d643 100644
--- a/nuclei-templates/2015/CVE-2015-2315-cb38c4c6a570ec5691624654c5d4d34c.yaml
+++ b/nuclei-templates/2015/CVE-2015-2315-cb38c4c6a570ec5691624654c5d4d34c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPML < 3.1.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpml/"
     google-query: inurl:"/wp-content/plugins/wpml/"
     shodan-query: 'vuln:CVE-2015-2315'
-  tags: cve,wordpress,wp-plugin,wpml,medium
+  tags: cve,wordpress,wp-plugin,wpml,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2321-21f007f5ea27a69827ebd1e3bdac836f.yaml b/nuclei-templates/2015/CVE-2015-2321-21f007f5ea27a69827ebd1e3bdac836f.yaml
index 7ffacc80a9..bb42e3d97e 100644
--- a/nuclei-templates/2015/CVE-2015-2321-21f007f5ea27a69827ebd1e3bdac836f.yaml
+++ b/nuclei-templates/2015/CVE-2015-2321-21f007f5ea27a69827ebd1e3bdac836f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Job Manager - < 0.7.23 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-manager/"
     google-query: inurl:"/wp-content/plugins/job-manager/"
     shodan-query: 'vuln:CVE-2015-2321'
-  tags: cve,wordpress,wp-plugin,job-manager,medium
+  tags: cve,wordpress,wp-plugin,job-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2324-8449cdb7230a3e1bb12d25a2395ff5c1.yaml b/nuclei-templates/2015/CVE-2015-2324-8449cdb7230a3e1bb12d25a2395ff5c1.yaml
index bb396e53c8..db5288f6dc 100644
--- a/nuclei-templates/2015/CVE-2015-2324-8449cdb7230a3e1bb12d25a2395ff5c1.yaml
+++ b/nuclei-templates/2015/CVE-2015-2324-8449cdb7230a3e1bb12d25a2395ff5c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.2.12 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2015-2324'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2755-5b4876c37f7fd35309718a01d65b18f0.yaml b/nuclei-templates/2015/CVE-2015-2755-5b4876c37f7fd35309718a01d65b18f0.yaml
index 3cdc7f38fa..a460c3c33e 100644
--- a/nuclei-templates/2015/CVE-2015-2755-5b4876c37f7fd35309718a01d65b18f0.yaml
+++ b/nuclei-templates/2015/CVE-2015-2755-5b4876c37f7fd35309718a01d65b18f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AB Google Map Travel (AB-MAP) < 4.0 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ab-google-map-travel/"
     google-query: inurl:"/wp-content/plugins/ab-google-map-travel/"
     shodan-query: 'vuln:CVE-2015-2755'
-  tags: cve,wordpress,wp-plugin,ab-google-map-travel,high
+  tags: cve,wordpress,wp-plugin,ab-google-map-travel,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-2792-bf27f6ce9ebbfb831479a794b9f49858.yaml b/nuclei-templates/2015/CVE-2015-2792-bf27f6ce9ebbfb831479a794b9f49858.yaml
index 574364d063..b29232f4ce 100644
--- a/nuclei-templates/2015/CVE-2015-2792-bf27f6ce9ebbfb831479a794b9f49858.yaml
+++ b/nuclei-templates/2015/CVE-2015-2792-bf27f6ce9ebbfb831479a794b9f49858.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPML < 3.1.8 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitepress-multilingual-cms/"
     google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/"
     shodan-query: 'vuln:CVE-2015-2792'
-  tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,medium
+  tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-3173-262dd6c0036b365e35ff5544b3d1cf02.yaml b/nuclei-templates/2015/CVE-2015-3173-262dd6c0036b365e35ff5544b3d1cf02.yaml
index c4ceba8abb..0c08d78ba9 100644
--- a/nuclei-templates/2015/CVE-2015-3173-262dd6c0036b365e35ff5544b3d1cf02.yaml
+++ b/nuclei-templates/2015/CVE-2015-3173-262dd6c0036b365e35ff5544b3d1cf02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Content Type Manager <= 0.9.8.5 - Authenticated (Admin+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Custom Content Type Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 0.9.8.5 via the "Visibility Control" settings which passes values through eval. This makes it possible for  authenticated attackers to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-content-type-manager/"
     google-query: inurl:"/wp-content/plugins/custom-content-type-manager/"
     shodan-query: 'vuln:CVE-2015-3173'
-  tags: cve,wordpress,wp-plugin,custom-content-type-manager,high
+  tags: cve,wordpress,wp-plugin,custom-content-type-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-3299-6a69a2fa108e4cf956a3388af5834004.yaml b/nuclei-templates/2015/CVE-2015-3299-6a69a2fa108e4cf956a3388af5834004.yaml
index a01851ac9d..3069e68e2d 100644
--- a/nuclei-templates/2015/CVE-2015-3299-6a69a2fa108e4cf956a3388af5834004.yaml
+++ b/nuclei-templates/2015/CVE-2015-3299-6a69a2fa108e4cf956a3388af5834004.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Floating Social Bar <= 1.1.6 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/floating-social-bar/"
     google-query: inurl:"/wp-content/plugins/floating-social-bar/"
     shodan-query: 'vuln:CVE-2015-3299'
-  tags: cve,wordpress,wp-plugin,floating-social-bar,medium
+  tags: cve,wordpress,wp-plugin,floating-social-bar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-3300-380b3f09b95ab564acee2d8952a33e71.yaml b/nuclei-templates/2015/CVE-2015-3300-380b3f09b95ab564acee2d8952a33e71.yaml
index 088ef2943d..6e35f00d30 100644
--- a/nuclei-templates/2015/CVE-2015-3300-380b3f09b95ab564acee2d8952a33e71.yaml
+++ b/nuclei-templates/2015/CVE-2015-3300-380b3f09b95ab564acee2d8952a33e71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thecartpress/"
     google-query: inurl:"/wp-content/plugins/thecartpress/"
     shodan-query: 'vuln:CVE-2015-3300'
-  tags: cve,wordpress,wp-plugin,thecartpress,medium
+  tags: cve,wordpress,wp-plugin,thecartpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-3325-4ae9af0b470e9693506c7f0dea29cf9b.yaml b/nuclei-templates/2015/CVE-2015-3325-4ae9af0b470e9693506c7f0dea29cf9b.yaml
index 42fa974cb0..630115a82e 100644
--- a/nuclei-templates/2015/CVE-2015-3325-4ae9af0b470e9693506c7f0dea29cf9b.yaml
+++ b/nuclei-templates/2015/CVE-2015-3325-4ae9af0b470e9693506c7f0dea29cf9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Symposium < 15.4 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-symposium/"
     google-query: inurl:"/wp-content/plugins/wp-symposium/"
     shodan-query: 'vuln:CVE-2015-3325'
-  tags: cve,wordpress,wp-plugin,wp-symposium,medium
+  tags: cve,wordpress,wp-plugin,wp-symposium,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-3421-b63e841ec4f7ba03a92d7fcbed9249bc.yaml b/nuclei-templates/2015/CVE-2015-3421-b63e841ec4f7ba03a92d7fcbed9249bc.yaml
index eaa58e0ec0..6c2af42364 100644
--- a/nuclei-templates/2015/CVE-2015-3421-b63e841ec4f7ba03a92d7fcbed9249bc.yaml
+++ b/nuclei-templates/2015/CVE-2015-3421-b63e841ec4f7ba03a92d7fcbed9249bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eShop <= 6.3.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eshop/"
     google-query: inurl:"/wp-content/plugins/eshop/"
     shodan-query: 'vuln:CVE-2015-3421'
-  tags: cve,wordpress,wp-plugin,eshop,medium
+  tags: cve,wordpress,wp-plugin,eshop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-3429-a1f41447ffcf38fa9b963d8ece31aad9.yaml b/nuclei-templates/2015/CVE-2015-3429-a1f41447ffcf38fa9b963d8ece31aad9.yaml
index 912c844102..761d4b0155 100644
--- a/nuclei-templates/2015/CVE-2015-3429-a1f41447ffcf38fa9b963d8ece31aad9.yaml
+++ b/nuclei-templates/2015/CVE-2015-3429-a1f41447ffcf38fa9b963d8ece31aad9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Twenty Fifteen Theme <= 1.1 & WordPress Core < 4.2.2 - Cross-Site Scripting via example.html
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.
   reference:
@@ -14,47 +14,45 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2015-3429
   metadata:
+    fofa-query: "wp-content/themes/twentyfifteen/"
+    google-query: inurl:"/wp-content/themes/twentyfifteen/"
     shodan-query: 'vuln:CVE-2015-3429'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-theme,twentyfifteen,high
 
 http:
   - method: GET
-    path:
-      - "{{BaseURL}}"
-      - "{{BaseURL}}/wp-admin/install.php"
-      - "{{BaseURL}}/feed/"
-      - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked
-
     redirects: true
-    max-redirects: 2
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.1')
-          - compare_versions(version_by_js, '>= 4.2', '<= 4.2.1')
-          - compare_versions(version_by_css, '>= 4.2', '<= 4.2.1')
-
-      - type: status
-        status:
-          - 200
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/themes/twentyfifteen/style.css"
 
     extractors:
       - type: regex
-        name: version_by_generator
+        name: version
+        part: body
         group: 1
+        internal: true
         regex:
-          - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)'
+          - "(?mi)Version: ([0-9.]+)"
 
       - type: regex
-        name: version_by_js
+        name: version
+        part: body
         group: 1
         regex:
-          - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b'
+          - "(?mi)Version: ([0-9.]+)"
 
-      - type: regex
-        name: version_by_css
-        group: 1
-        regex:
-          - 'install\.min\.css\?ver=((\d+\.?)+)\b'
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "twentyfifteen"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/nuclei-templates/2015/CVE-2015-3439-1ea3d08c9b81a694b2e0d96737c7ca52.yaml b/nuclei-templates/2015/CVE-2015-3439-1ea3d08c9b81a694b2e0d96737c7ca52.yaml
index a2e7c82523..8a32934655 100644
--- a/nuclei-templates/2015/CVE-2015-3439-1ea3d08c9b81a694b2e0d96737c7ca52.yaml
+++ b/nuclei-templates/2015/CVE-2015-3439-1ea3d08c9b81a694b2e0d96737c7ca52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.1.2 - Cross-Site Scripting via Ephox in Plupload
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-3439
   metadata:
     shodan-query: 'vuln:CVE-2015-3439'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-3986-e7c178a2471ea08f4ec99b9eb663cf05.yaml b/nuclei-templates/2015/CVE-2015-3986-e7c178a2471ea08f4ec99b9eb663cf05.yaml
index 08f4707bd5..6b1c53d5cf 100644
--- a/nuclei-templates/2015/CVE-2015-3986-e7c178a2471ea08f4ec99b9eb663cf05.yaml
+++ b/nuclei-templates/2015/CVE-2015-3986-e7c178a2471ea08f4ec99b9eb663cf05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TheCartPress eCommerce Shopping Cart <= 1.5.3.6 Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thecartpress/"
     google-query: inurl:"/wp-content/plugins/thecartpress/"
     shodan-query: 'vuln:CVE-2015-3986'
-  tags: cve,wordpress,wp-plugin,thecartpress,high
+  tags: cve,wordpress,wp-plugin,thecartpress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4010-2fb0bdf5e86e962a718dd05b2ce83f93.yaml b/nuclei-templates/2015/CVE-2015-4010-2fb0bdf5e86e962a718dd05b2ce83f93.yaml
index 1dd8efd231..89c0e60106 100644
--- a/nuclei-templates/2015/CVE-2015-4010-2fb0bdf5e86e962a718dd05b2ce83f93.yaml
+++ b/nuclei-templates/2015/CVE-2015-4010-2fb0bdf5e86e962a718dd05b2ce83f93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Encrypted Contact Form < 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/encrypted-contact-form/"
     google-query: inurl:"/wp-content/plugins/encrypted-contact-form/"
     shodan-query: 'vuln:CVE-2015-4010'
-  tags: cve,wordpress,wp-plugin,encrypted-contact-form,medium
+  tags: cve,wordpress,wp-plugin,encrypted-contact-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4039-398e2e434c59ceafeecf5e603168a0d7.yaml b/nuclei-templates/2015/CVE-2015-4039-398e2e434c59ceafeecf5e603168a0d7.yaml
index 6a6ad99aff..c92a83221d 100644
--- a/nuclei-templates/2015/CVE-2015-4039-398e2e434c59ceafeecf5e603168a0d7.yaml
+++ b/nuclei-templates/2015/CVE-2015-4039-398e2e434c59ceafeecf5e603168a0d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Membership <= 1.2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-membership/"
     google-query: inurl:"/wp-content/plugins/wp-membership/"
     shodan-query: 'vuln:CVE-2015-4039'
-  tags: cve,wordpress,wp-plugin,wp-membership,medium
+  tags: cve,wordpress,wp-plugin,wp-membership,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4062-c5e29f3bae507d53468f7991a1fb1a3e.yaml b/nuclei-templates/2015/CVE-2015-4062-c5e29f3bae507d53468f7991a1fb1a3e.yaml
index c00c15aa81..e0677137e6 100644
--- a/nuclei-templates/2015/CVE-2015-4062-c5e29f3bae507d53468f7991a1fb1a3e.yaml
+++ b/nuclei-templates/2015/CVE-2015-4062-c5e29f3bae507d53468f7991a1fb1a3e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NewStatPress <= 0.9.8 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newstatpress/"
     google-query: inurl:"/wp-content/plugins/newstatpress/"
     shodan-query: 'vuln:CVE-2015-4062'
-  tags: cve,wordpress,wp-plugin,newstatpress,high
+  tags: cve,wordpress,wp-plugin,newstatpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4063-5661d46a0d0f62ecdca1f908938fc469.yaml b/nuclei-templates/2015/CVE-2015-4063-5661d46a0d0f62ecdca1f908938fc469.yaml
index c0b3d30070..b8f2613730 100644
--- a/nuclei-templates/2015/CVE-2015-4063-5661d46a0d0f62ecdca1f908938fc469.yaml
+++ b/nuclei-templates/2015/CVE-2015-4063-5661d46a0d0f62ecdca1f908938fc469.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NewStatPress <= 0.9.8 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newstatpress/"
     google-query: inurl:"/wp-content/plugins/newstatpress/"
     shodan-query: 'vuln:CVE-2015-4063'
-  tags: cve,wordpress,wp-plugin,newstatpress,medium
+  tags: cve,wordpress,wp-plugin,newstatpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4064-32b6d6a7715e88760b71f326a4a0a744.yaml b/nuclei-templates/2015/CVE-2015-4064-32b6d6a7715e88760b71f326a4a0a744.yaml
index ba71364ffd..a5ff346f45 100644
--- a/nuclei-templates/2015/CVE-2015-4064-32b6d6a7715e88760b71f326a4a0a744.yaml
+++ b/nuclei-templates/2015/CVE-2015-4064-32b6d6a7715e88760b71f326a4a0a744.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Landing Pages <= 1.8.4 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/landing-pages/"
     google-query: inurl:"/wp-content/plugins/landing-pages/"
     shodan-query: 'vuln:CVE-2015-4064'
-  tags: cve,wordpress,wp-plugin,landing-pages,high
+  tags: cve,wordpress,wp-plugin,landing-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4065-1bd3cf2ded386b4330f990e160e575a1.yaml b/nuclei-templates/2015/CVE-2015-4065-1bd3cf2ded386b4330f990e160e575a1.yaml
index fe3750d00c..7ffdabbf46 100644
--- a/nuclei-templates/2015/CVE-2015-4065-1bd3cf2ded386b4330f990e160e575a1.yaml
+++ b/nuclei-templates/2015/CVE-2015-4065-1bd3cf2ded386b4330f990e160e575a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Landing Pages <= 1.8.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/landing-pages/"
     google-query: inurl:"/wp-content/plugins/landing-pages/"
     shodan-query: 'vuln:CVE-2015-4065'
-  tags: cve,wordpress,wp-plugin,landing-pages,medium
+  tags: cve,wordpress,wp-plugin,landing-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4066-13393dad61452f7f4e21c0de558fed80.yaml b/nuclei-templates/2015/CVE-2015-4066-13393dad61452f7f4e21c0de558fed80.yaml
index f9e14bc0b3..2b52b788f8 100644
--- a/nuclei-templates/2015/CVE-2015-4066-13393dad61452f7f4e21c0de558fed80.yaml
+++ b/nuclei-templates/2015/CVE-2015-4066-13393dad61452f7f4e21c0de558fed80.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GigPress <= 2.3.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gigpress/"
     google-query: inurl:"/wp-content/plugins/gigpress/"
     shodan-query: 'vuln:CVE-2015-4066'
-  tags: cve,wordpress,wp-plugin,gigpress,high
+  tags: cve,wordpress,wp-plugin,gigpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4089-7bdbbcae3cce706a901ef3f3a6b92425.yaml b/nuclei-templates/2015/CVE-2015-4089-7bdbbcae3cce706a901ef3f3a6b92425.yaml
index 470b64d536..3433f219d7 100644
--- a/nuclei-templates/2015/CVE-2015-4089-7bdbbcae3cce706a901ef3f3a6b92425.yaml
+++ b/nuclei-templates/2015/CVE-2015-4089-7bdbbcae3cce706a901ef3f3a6b92425.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache < 0.8.3.5 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2015-4089'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4127-ce1d4ccc883e8bf5f82fe00f2d94fe35.yaml b/nuclei-templates/2015/CVE-2015-4127-ce1d4ccc883e8bf5f82fe00f2d94fe35.yaml
index 49aaf85f51..e807056404 100644
--- a/nuclei-templates/2015/CVE-2015-4127-ce1d4ccc883e8bf5f82fe00f2d94fe35.yaml
+++ b/nuclei-templates/2015/CVE-2015-4127-ce1d4ccc883e8bf5f82fe00f2d94fe35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Church Admin < 0.810 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/church-admin/"
     google-query: inurl:"/wp-content/plugins/church-admin/"
     shodan-query: 'vuln:CVE-2015-4127'
-  tags: cve,wordpress,wp-plugin,church-admin,medium
+  tags: cve,wordpress,wp-plugin,church-admin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4139-ae9135d7bf1c7296c12f3a734a25c4bf.yaml b/nuclei-templates/2015/CVE-2015-4139-ae9135d7bf1c7296c12f3a734a25c4bf.yaml
index 57289c1dfe..4576befef7 100644
--- a/nuclei-templates/2015/CVE-2015-4139-ae9135d7bf1c7296c12f3a734a25c4bf.yaml
+++ b/nuclei-templates/2015/CVE-2015-4139-ae9135d7bf1c7296c12f3a734a25c4bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Smiley <= 1.4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-smiley/"
     google-query: inurl:"/wp-content/plugins/wp-smiley/"
     shodan-query: 'vuln:CVE-2015-4139'
-  tags: cve,wordpress,wp-plugin,wp-smiley,medium
+  tags: cve,wordpress,wp-plugin,wp-smiley,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4179-ddc63b74125a60840010b54470ac437e.yaml b/nuclei-templates/2015/CVE-2015-4179-ddc63b74125a60840010b54470ac437e.yaml
index 877296a732..04097e4685 100644
--- a/nuclei-templates/2015/CVE-2015-4179-ddc63b74125a60840010b54470ac437e.yaml
+++ b/nuclei-templates/2015/CVE-2015-4179-ddc63b74125a60840010b54470ac437e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Codestyling Localization <= 1.99.30 - Cross-Site Request Forgery to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress allow RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/codestyling-localization/"
     google-query: inurl:"/wp-content/plugins/codestyling-localization/"
     shodan-query: 'vuln:CVE-2015-4179'
-  tags: cve,wordpress,wp-plugin,codestyling-localization,high
+  tags: cve,wordpress,wp-plugin,codestyling-localization,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4337-259f1c198d6aae45fe01969db446735f.yaml b/nuclei-templates/2015/CVE-2015-4337-259f1c198d6aae45fe01969db446735f.yaml
index e7fad06290..ed1f7bac03 100644
--- a/nuclei-templates/2015/CVE-2015-4337-259f1c198d6aae45fe01969db446735f.yaml
+++ b/nuclei-templates/2015/CVE-2015-4337-259f1c198d6aae45fe01969db446735f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xcloner-backup-and-restore/"
     google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/"
     shodan-query: 'vuln:CVE-2015-4337'
-  tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,medium
+  tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4465-ffbdefeb8e9807045768193f5cbcf332.yaml b/nuclei-templates/2015/CVE-2015-4465-ffbdefeb8e9807045768193f5cbcf332.yaml
index 0d1e8bde9f..38b6dcc175 100644
--- a/nuclei-templates/2015/CVE-2015-4465-ffbdefeb8e9807045768193f5cbcf332.yaml
+++ b/nuclei-templates/2015/CVE-2015-4465-ffbdefeb8e9807045768193f5cbcf332.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     zM Ajax Login & Register <= 1.0.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zm-ajax-login-register/"
     google-query: inurl:"/wp-content/plugins/zm-ajax-login-register/"
     shodan-query: 'vuln:CVE-2015-4465'
-  tags: cve,wordpress,wp-plugin,zm-ajax-login-register,medium
+  tags: cve,wordpress,wp-plugin,zm-ajax-login-register,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-4697-c101bbb0e470de09f2d621ebb65fb72c.yaml b/nuclei-templates/2015/CVE-2015-4697-c101bbb0e470de09f2d621ebb65fb72c.yaml
index 77c2b0b675..1e505854f7 100644
--- a/nuclei-templates/2015/CVE-2015-4697-c101bbb0e470de09f2d621ebb65fb72c.yaml
+++ b/nuclei-templates/2015/CVE-2015-4697-c101bbb0e470de09f2d621ebb65fb72c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Analyticator <= 6.4.9.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analyticator/"
     google-query: inurl:"/wp-content/plugins/google-analyticator/"
     shodan-query: 'vuln:CVE-2015-4697'
-  tags: cve,wordpress,wp-plugin,google-analyticator,high
+  tags: cve,wordpress,wp-plugin,google-analyticator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5057-3120d6067a3e5e251eec4212f4e5aeb5.yaml b/nuclei-templates/2015/CVE-2015-5057-3120d6067a3e5e251eec4212f4e5aeb5.yaml
index 9d2e850560..b8a3dfe4a8 100644
--- a/nuclei-templates/2015/CVE-2015-5057-3120d6067a3e5e251eec4212f4e5aeb5.yaml
+++ b/nuclei-templates/2015/CVE-2015-5057-3120d6067a3e5e251eec4212f4e5aeb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broken Link Checker <= 1.10.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/broken-link-checker/"
     google-query: inurl:"/wp-content/plugins/broken-link-checker/"
     shodan-query: 'vuln:CVE-2015-5057'
-  tags: cve,wordpress,wp-plugin,broken-link-checker,medium
+  tags: cve,wordpress,wp-plugin,broken-link-checker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5308-cb7fe4a1f5c046460e4d69413b578527.yaml b/nuclei-templates/2015/CVE-2015-5308-cb7fe4a1f5c046460e4d69413b578527.yaml
index b60af91d32..3a4bb50b4a 100644
--- a/nuclei-templates/2015/CVE-2015-5308-cb7fe4a1f5c046460e4d69413b578527.yaml
+++ b/nuclei-templates/2015/CVE-2015-5308-cb7fe4a1f5c046460e4d69413b578527.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wp-championship < 5.9 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-championship/"
     google-query: inurl:"/wp-content/plugins/wp-championship/"
     shodan-query: 'vuln:CVE-2015-5308'
-  tags: cve,wordpress,wp-plugin,wp-championship,high
+  tags: cve,wordpress,wp-plugin,wp-championship,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5483-ec43ca1bf1629851ca9458501102a544.yaml b/nuclei-templates/2015/CVE-2015-5483-ec43ca1bf1629851ca9458501102a544.yaml
index b6b6d752dd..1580a1ff21 100644
--- a/nuclei-templates/2015/CVE-2015-5483-ec43ca1bf1629851ca9458501102a544.yaml
+++ b/nuclei-templates/2015/CVE-2015-5483-ec43ca1bf1629851ca9458501102a544.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Private Only <= 3.5.1 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/private-only/"
     google-query: inurl:"/wp-content/plugins/private-only/"
     shodan-query: 'vuln:CVE-2015-5483'
-  tags: cve,wordpress,wp-plugin,private-only,high
+  tags: cve,wordpress,wp-plugin,private-only,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5484-9098123c91e037cb8b4722ce5e0246b6.yaml b/nuclei-templates/2015/CVE-2015-5484-9098123c91e037cb8b4722ce5e0246b6.yaml
index b0dcf7efa7..80ecd6d678 100644
--- a/nuclei-templates/2015/CVE-2015-5484-9098123c91e037cb8b4722ce5e0246b6.yaml
+++ b/nuclei-templates/2015/CVE-2015-5484-9098123c91e037cb8b4722ce5e0246b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plotly < 1.0.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-plotly/"
     google-query: inurl:"/wp-content/plugins/wp-plotly/"
     shodan-query: 'vuln:CVE-2015-5484'
-  tags: cve,wordpress,wp-plugin,wp-plotly,medium
+  tags: cve,wordpress,wp-plugin,wp-plotly,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5485-86cd270f4cc1442525b2973b263a3c27.yaml b/nuclei-templates/2015/CVE-2015-5485-86cd270f4cc1442525b2973b263a3c27.yaml
index 93d2ef3a21..24fe5e80b0 100644
--- a/nuclei-templates/2015/CVE-2015-5485-86cd270f4cc1442525b2973b263a3c27.yaml
+++ b/nuclei-templates/2015/CVE-2015-5485-86cd270f4cc1442525b2973b263a3c27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Events Calendar: Eventbrite Tickets < 3.10.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Reflected Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-events-calendar-eventbrite-tickets/"
     google-query: inurl:"/wp-content/plugins/the-events-calendar-eventbrite-tickets/"
     shodan-query: 'vuln:CVE-2015-5485'
-  tags: cve,wordpress,wp-plugin,the-events-calendar-eventbrite-tickets,medium
+  tags: cve,wordpress,wp-plugin,the-events-calendar-eventbrite-tickets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5528-6f67eba72e7035f4406a73d70218218a.yaml b/nuclei-templates/2015/CVE-2015-5528-6f67eba72e7035f4406a73d70218218a.yaml
index a045b07fde..9b65d4e547 100644
--- a/nuclei-templates/2015/CVE-2015-5528-6f67eba72e7035f4406a73d70218218a.yaml
+++ b/nuclei-templates/2015/CVE-2015-5528-6f67eba72e7035f4406a73d70218218a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Floating Social Bar < 1.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/floating-social-bar/"
     google-query: inurl:"/wp-content/plugins/floating-social-bar/"
     shodan-query: 'vuln:CVE-2015-5528'
-  tags: cve,wordpress,wp-plugin,floating-social-bar,medium
+  tags: cve,wordpress,wp-plugin,floating-social-bar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5532-63f8abf1368e7fe90270064d672ae623.yaml b/nuclei-templates/2015/CVE-2015-5532-63f8abf1368e7fe90270064d672ae623.yaml
index f895f37415..2ef67f2206 100644
--- a/nuclei-templates/2015/CVE-2015-5532-63f8abf1368e7fe90270064d672ae623.yaml
+++ b/nuclei-templates/2015/CVE-2015-5532-63f8abf1368e7fe90270064d672ae623.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro < 1.8.4.3 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:CVE-2015-5532'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5533-39efec1d687062290aa82ba498987905.yaml b/nuclei-templates/2015/CVE-2015-5533-39efec1d687062290aa82ba498987905.yaml
index 9392900cd0..09f7ce3d4f 100644
--- a/nuclei-templates/2015/CVE-2015-5533-39efec1d687062290aa82ba498987905.yaml
+++ b/nuclei-templates/2015/CVE-2015-5533-39efec1d687062290aa82ba498987905.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Count per Day <= 3.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php.  NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/count-per-day/"
     google-query: inurl:"/wp-content/plugins/count-per-day/"
     shodan-query: 'vuln:CVE-2015-5533'
-  tags: cve,wordpress,wp-plugin,count-per-day,high
+  tags: cve,wordpress,wp-plugin,count-per-day,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5535-1a21904a7af165ae2d206e73642b0122.yaml b/nuclei-templates/2015/CVE-2015-5535-1a21904a7af165ae2d206e73642b0122.yaml
index 47cd723998..000b989b62 100644
--- a/nuclei-templates/2015/CVE-2015-5535-1a21904a7af165ae2d206e73642b0122.yaml
+++ b/nuclei-templates/2015/CVE-2015-5535-1a21904a7af165ae2d206e73642b0122.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     qTranslate <= 2.5.39 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the qtranslate page to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qtranslate/"
     google-query: inurl:"/wp-content/plugins/qtranslate/"
     shodan-query: 'vuln:CVE-2015-5535'
-  tags: cve,wordpress,wp-plugin,qtranslate,medium
+  tags: cve,wordpress,wp-plugin,qtranslate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5622-6aea7b52579f172c9bf983e50b0b1bb7.yaml b/nuclei-templates/2015/CVE-2015-5622-6aea7b52579f172c9bf983e50b0b1bb7.yaml
index 95986be58e..aa0a6a1718 100644
--- a/nuclei-templates/2015/CVE-2015-5622-6aea7b52579f172c9bf983e50b0b1bb7.yaml
+++ b/nuclei-templates/2015/CVE-2015-5622-6aea7b52579f172c9bf983e50b0b1bb7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-5622
   metadata:
     shodan-query: 'vuln:CVE-2015-5622'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5623-313251dbeb7159d2f2f5a878dc3f4bb6.yaml b/nuclei-templates/2015/CVE-2015-5623-313251dbeb7159d2f2f5a878dc3f4bb6.yaml
index 1dfbe95486..d5134aac32 100644
--- a/nuclei-templates/2015/CVE-2015-5623-313251dbeb7159d2f2f5a878dc3f4bb6.yaml
+++ b/nuclei-templates/2015/CVE-2015-5623-313251dbeb7159d2f2f5a878dc3f4bb6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.2.3 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-5623
   metadata:
     shodan-query: 'vuln:CVE-2015-5623'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5714-f7283f346fe85f39acdb5e20af5f97a4.yaml b/nuclei-templates/2015/CVE-2015-5714-f7283f346fe85f39acdb5e20af5f97a4.yaml
index cc858ac706..adb8cd3806 100644
--- a/nuclei-templates/2015/CVE-2015-5714-f7283f346fe85f39acdb5e20af5f97a4.yaml
+++ b/nuclei-templates/2015/CVE-2015-5714-f7283f346fe85f39acdb5e20af5f97a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.3.1 - Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-5714
   metadata:
     shodan-query: 'vuln:CVE-2015-5714'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5715-edc700db5b7f85733c96d120d88dd36f.yaml b/nuclei-templates/2015/CVE-2015-5715-edc700db5b7f85733c96d120d88dd36f.yaml
index b175267b22..f1c91a5250 100644
--- a/nuclei-templates/2015/CVE-2015-5715-edc700db5b7f85733c96d120d88dd36f.yaml
+++ b/nuclei-templates/2015/CVE-2015-5715-edc700db5b7f85733c96d120d88dd36f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.3.1 - Authorization Bypass to Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-5715
   metadata:
     shodan-query: 'vuln:CVE-2015-5715'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5731-026d101570c060723759d89bd6e308cf.yaml b/nuclei-templates/2015/CVE-2015-5731-026d101570c060723759d89bd6e308cf.yaml
index 23c87123ae..9ca0567667 100644
--- a/nuclei-templates/2015/CVE-2015-5731-026d101570c060723759d89bd6e308cf.yaml
+++ b/nuclei-templates/2015/CVE-2015-5731-026d101570c060723759d89bd6e308cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.2.4 - Cross-Site Request Forgery to Post Lockage
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-5731
   metadata:
     shodan-query: 'vuln:CVE-2015-5731'
-  tags: cve,wordpress,wp-core,critical
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5732-eaaace6cb938cd367aee5bb46ada2d9a.yaml b/nuclei-templates/2015/CVE-2015-5732-eaaace6cb938cd367aee5bb46ada2d9a.yaml
index 5cc5b9b0a2..611492c627 100644
--- a/nuclei-templates/2015/CVE-2015-5732-eaaace6cb938cd367aee5bb46ada2d9a.yaml
+++ b/nuclei-templates/2015/CVE-2015-5732-eaaace6cb938cd367aee5bb46ada2d9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.2.4 - Cross-Site Scripting via Widget Title
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-5732
   metadata:
     shodan-query: 'vuln:CVE-2015-5732'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5733-4e2310a226a845a4294681273e42b4e0.yaml b/nuclei-templates/2015/CVE-2015-5733-4e2310a226a845a4294681273e42b4e0.yaml
index cf353fb0c4..c31bd244e3 100644
--- a/nuclei-templates/2015/CVE-2015-5733-4e2310a226a845a4294681273e42b4e0.yaml
+++ b/nuclei-templates/2015/CVE-2015-5733-4e2310a226a845a4294681273e42b4e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.2.4 - Stored Cross-Site Scripting via accessibility-helper Title
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-5733
   metadata:
     shodan-query: 'vuln:CVE-2015-5733'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-5734-5dbdb3a08effff0e267b66b5070f04cc.yaml b/nuclei-templates/2015/CVE-2015-5734-5dbdb3a08effff0e267b66b5070f04cc.yaml
index 0c50cf0843..18803af519 100644
--- a/nuclei-templates/2015/CVE-2015-5734-5dbdb3a08effff0e267b66b5070f04cc.yaml
+++ b/nuclei-templates/2015/CVE-2015-5734-5dbdb3a08effff0e267b66b5070f04cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.2.4 - Cross-Site Scripting in Theme Preview
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-5734
   metadata:
     shodan-query: 'vuln:CVE-2015-5734'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-6238-43b0481b51b9c335093961e5a3ab3d80.yaml b/nuclei-templates/2015/CVE-2015-6238-43b0481b51b9c335093961e5a3ab3d80.yaml
index b250ed1fa3..8872d235c3 100644
--- a/nuclei-templates/2015/CVE-2015-6238-43b0481b51b9c335093961e5a3ab3d80.yaml
+++ b/nuclei-templates/2015/CVE-2015-6238-43b0481b51b9c335093961e5a3ab3d80.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Analyticator <= 6.4.9.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analyticator/"
     google-query: inurl:"/wp-content/plugins/google-analyticator/"
     shodan-query: 'vuln:CVE-2015-6238'
-  tags: cve,wordpress,wp-plugin,google-analyticator,medium
+  tags: cve,wordpress,wp-plugin,google-analyticator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-6535-b86d996fd3fb32f4d4a2741c181e0be2.yaml b/nuclei-templates/2015/CVE-2015-6535-b86d996fd3fb32f4d4a2741c181e0be2.yaml
index 9fc0eebe89..8c993b2361 100644
--- a/nuclei-templates/2015/CVE-2015-6535-b86d996fd3fb32f4d4a2741c181e0be2.yaml
+++ b/nuclei-templates/2015/CVE-2015-6535-b86d996fd3fb32f4d4a2741c181e0be2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YouTube Embed <= 3.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-embed/"
     google-query: inurl:"/wp-content/plugins/youtube-embed/"
     shodan-query: 'vuln:CVE-2015-6535'
-  tags: cve,wordpress,wp-plugin,youtube-embed,medium
+  tags: cve,wordpress,wp-plugin,youtube-embed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-6738-4e5782f54b030eb5a442bdadb5799911.yaml b/nuclei-templates/2015/CVE-2015-6738-4e5782f54b030eb5a442bdadb5799911.yaml
index 1159bc9d62..b85577e002 100644
--- a/nuclei-templates/2015/CVE-2015-6738-4e5782f54b030eb5a442bdadb5799911.yaml
+++ b/nuclei-templates/2015/CVE-2015-6738-4e5782f54b030eb5a442bdadb5799911.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iFrame <= 4.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onload’ attribute found in the iFrame shortcode in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iframe/"
     google-query: inurl:"/wp-content/plugins/iframe/"
     shodan-query: 'vuln:CVE-2015-6738'
-  tags: cve,wordpress,wp-plugin,iframe,medium
+  tags: cve,wordpress,wp-plugin,iframe,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-6805-6ffded2a3fa64429e9ee95b7a8bf44d5.yaml b/nuclei-templates/2015/CVE-2015-6805-6ffded2a3fa64429e9ee95b7a8bf44d5.yaml
index 335bf13d18..6470a885e7 100644
--- a/nuclei-templates/2015/CVE-2015-6805-6ffded2a3fa64429e9ee95b7a8bf44d5.yaml
+++ b/nuclei-templates/2015/CVE-2015-6805-6ffded2a3fa64429e9ee95b7a8bf44d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MDC Private Message <= 1.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mdc-private-message/"
     google-query: inurl:"/wp-content/plugins/mdc-private-message/"
     shodan-query: 'vuln:CVE-2015-6805'
-  tags: cve,wordpress,wp-plugin,mdc-private-message,medium
+  tags: cve,wordpress,wp-plugin,mdc-private-message,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-6920-1a4e07a5bd173dbacaf88e7f59c17b91.yaml b/nuclei-templates/2015/CVE-2015-6920-1a4e07a5bd173dbacaf88e7f59c17b91.yaml
index beba00c3a1..5e18e6b048 100644
--- a/nuclei-templates/2015/CVE-2015-6920-1a4e07a5bd173dbacaf88e7f59c17b91.yaml
+++ b/nuclei-templates/2015/CVE-2015-6920-1a4e07a5bd173dbacaf88e7f59c17b91.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     sourceAFRICA <= 0.1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sourceafrica/"
     google-query: inurl:"/wp-content/plugins/sourceafrica/"
     shodan-query: 'vuln:CVE-2015-6920'
-  tags: cve,wordpress,wp-plugin,sourceafrica,medium
+  tags: cve,wordpress,wp-plugin,sourceafrica,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-7357-3f3928c6559acc265ac4dc8abe8f4e68.yaml b/nuclei-templates/2015/CVE-2015-7357-3f3928c6559acc265ac4dc8abe8f4e68.yaml
index 6bcfcc6146..5a23acd0d9 100644
--- a/nuclei-templates/2015/CVE-2015-7357-3f3928c6559acc265ac4dc8abe8f4e68.yaml
+++ b/nuclei-templates/2015/CVE-2015-7357-3f3928c6559acc265ac4dc8abe8f4e68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     uDesign Theme 2.3.0 - 2.7.9 - Unauthenticated DOM Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/u-design/"
     google-query: inurl:"/wp-content/themes/u-design/"
     shodan-query: 'vuln:CVE-2015-7357'
-  tags: cve,wordpress,wp-theme,u-design,medium
+  tags: cve,wordpress,wp-theme,u-design,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-7386-e35ccf6a5d1ddada5f10422331d300df.yaml b/nuclei-templates/2015/CVE-2015-7386-e35ccf6a5d1ddada5f10422331d300df.yaml
index 03e40ab6d1..f81777084c 100644
--- a/nuclei-templates/2015/CVE-2015-7386-e35ccf6a5d1ddada5f10422331d300df.yaml
+++ b/nuclei-templates/2015/CVE-2015-7386-e35ccf6a5d1ddada5f10422331d300df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery – Photo Albums Plugin < 1.3.47 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-media-gallery/"
     google-query: inurl:"/wp-content/plugins/easy-media-gallery/"
     shodan-query: 'vuln:CVE-2015-7386'
-  tags: cve,wordpress,wp-plugin,easy-media-gallery,medium
+  tags: cve,wordpress,wp-plugin,easy-media-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-7527-1a5984e73d9bda9668de2c9f32433df9.yaml b/nuclei-templates/2015/CVE-2015-7527-1a5984e73d9bda9668de2c9f32433df9.yaml
index 50bdbb9d14..cd421ed446 100644
--- a/nuclei-templates/2015/CVE-2015-7527-1a5984e73d9bda9668de2c9f32433df9.yaml
+++ b/nuclei-templates/2015/CVE-2015-7527-1a5984e73d9bda9668de2c9f32433df9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cool Video Gallery <= 1.9 - Authenticated Command Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cool-video-gallery/"
     google-query: inurl:"/wp-content/plugins/cool-video-gallery/"
     shodan-query: 'vuln:CVE-2015-7527'
-  tags: cve,wordpress,wp-plugin,cool-video-gallery,high
+  tags: cve,wordpress,wp-plugin,cool-video-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-7682-c271e79e457792d8093dce56ebc058d7.yaml b/nuclei-templates/2015/CVE-2015-7682-c271e79e457792d8093dce56ebc058d7.yaml
index 7b10cbb5d1..74cebd2088 100644
--- a/nuclei-templates/2015/CVE-2015-7682-c271e79e457792d8093dce56ebc058d7.yaml
+++ b/nuclei-templates/2015/CVE-2015-7682-c271e79e457792d8093dce56ebc058d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pie Register – User Registration Forms < 2.0.19 - Authenticated SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pie-register/"
     google-query: inurl:"/wp-content/plugins/pie-register/"
     shodan-query: 'vuln:CVE-2015-7682'
-  tags: cve,wordpress,wp-plugin,pie-register,medium
+  tags: cve,wordpress,wp-plugin,pie-register,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-7791-72bbf06194176f982771d77cb4853bda.yaml b/nuclei-templates/2015/CVE-2015-7791-72bbf06194176f982771d77cb4853bda.yaml
index 47cf7a3034..670aad6913 100644
--- a/nuclei-templates/2015/CVE-2015-7791-72bbf06194176f982771d77cb4853bda.yaml
+++ b/nuclei-templates/2015/CVE-2015-7791-72bbf06194176f982771d77cb4853bda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce < 1.5.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2015-7791'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-7806-19a0491cf914c310a86ae542abd14b9a.yaml b/nuclei-templates/2015/CVE-2015-7806-19a0491cf914c310a86ae542abd14b9a.yaml
index 7e132adbbe..2795465c2f 100644
--- a/nuclei-templates/2015/CVE-2015-7806-19a0491cf914c310a86ae542abd14b9a.yaml
+++ b/nuclei-templates/2015/CVE-2015-7806-19a0491cf914c310a86ae542abd14b9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Manager <= 1.7.2 - Authenticated Remote Command Execution
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-form-manager/"
     google-query: inurl:"/wp-content/plugins/wordpress-form-manager/"
     shodan-query: 'vuln:CVE-2015-7806'
-  tags: cve,wordpress,wp-plugin,wordpress-form-manager,critical
+  tags: cve,wordpress,wp-plugin,wordpress-form-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-7989-c8253916783474b27e7325c9525aa970.yaml b/nuclei-templates/2015/CVE-2015-7989-c8253916783474b27e7325c9525aa970.yaml
index 40f3ebed65..d7ab2f0d86 100644
--- a/nuclei-templates/2015/CVE-2015-7989-c8253916783474b27e7325c9525aa970.yaml
+++ b/nuclei-templates/2015/CVE-2015-7989-c8253916783474b27e7325c9525aa970.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.3.1 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2015-7989
   metadata:
     shodan-query: 'vuln:CVE-2015-7989'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-8350-7ebd0ae08ee9eace1c6d1e72c60c16e5.yaml b/nuclei-templates/2015/CVE-2015-8350-7ebd0ae08ee9eace1c6d1e72c60c16e5.yaml
index 774a9fccaa..67045f2fbb 100644
--- a/nuclei-templates/2015/CVE-2015-8350-7ebd0ae08ee9eace1c6d1e72c60c16e5.yaml
+++ b/nuclei-templates/2015/CVE-2015-8350-7ebd0ae08ee9eace1c6d1e72c60c16e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Calls to Action < 2.5.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cta/"
     google-query: inurl:"/wp-content/plugins/cta/"
     shodan-query: 'vuln:CVE-2015-8350'
-  tags: cve,wordpress,wp-plugin,cta,medium
+  tags: cve,wordpress,wp-plugin,cta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9229-41d56c1ae043586e69a9cbdf8e53ac0a.yaml b/nuclei-templates/2015/CVE-2015-9229-41d56c1ae043586e69a9cbdf8e53ac0a.yaml
index 2b758afd3e..8fef2c3fd2 100644
--- a/nuclei-templates/2015/CVE-2015-9229-41d56c1ae043586e69a9cbdf8e53ac0a.yaml
+++ b/nuclei-templates/2015/CVE-2015-9229-41d56c1ae043586e69a9cbdf8e53ac0a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Gallery Plugin – NextGEN Gallery <= 2.1.15 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2015-9229'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9230-05b396118a681cd132367b6e58e8468f.yaml b/nuclei-templates/2015/CVE-2015-9230-05b396118a681cd132367b6e58e8468f.yaml
index dd3cfcd498..ad267aa26a 100644
--- a/nuclei-templates/2015/CVE-2015-9230-05b396118a681cd132367b6e58e8468f.yaml
+++ b/nuclei-templates/2015/CVE-2015-9230-05b396118a681cd132367b6e58e8468f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BulletProof Security < .52.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletproof-security/"
     google-query: inurl:"/wp-content/plugins/bulletproof-security/"
     shodan-query: 'vuln:CVE-2015-9230'
-  tags: cve,wordpress,wp-plugin,bulletproof-security,medium
+  tags: cve,wordpress,wp-plugin,bulletproof-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9233-33bb20c48315e8c455839c78ef66e1b1.yaml b/nuclei-templates/2015/CVE-2015-9233-33bb20c48315e8c455839c78ef66e1b1.yaml
index 3605524ca3..9ad9e04efe 100644
--- a/nuclei-templates/2015/CVE-2015-9233-33bb20c48315e8c455839c78ef66e1b1.yaml
+++ b/nuclei-templates/2015/CVE-2015-9233-33bb20c48315e8c455839c78ef66e1b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CP Contact Form with PayPal < 1.1.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-contact-form-with-paypal/"
     google-query: inurl:"/wp-content/plugins/cp-contact-form-with-paypal/"
     shodan-query: 'vuln:CVE-2015-9233'
-  tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,high
+  tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9234-4612690a2b5b9e2adc467251d2200410.yaml b/nuclei-templates/2015/CVE-2015-9234-4612690a2b5b9e2adc467251d2200410.yaml
index c8602d5813..d448fe2ffd 100644
--- a/nuclei-templates/2015/CVE-2015-9234-4612690a2b5b9e2adc467251d2200410.yaml
+++ b/nuclei-templates/2015/CVE-2015-9234-4612690a2b5b9e2adc467251d2200410.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CP Contact Form with PayPal < 1.1.6 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The CP Contact Form with PayPal plugin for WordPress is vulnerable to SQL Injection via the 'cp_contactformpp_id' parameter  found in the 'cp_contactformpp.php' file in versions up to 1.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-contact-form-with-paypal/"
     google-query: inurl:"/wp-content/plugins/cp-contact-form-with-paypal/"
     shodan-query: 'vuln:CVE-2015-9234'
-  tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,high
+  tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9270-a669ab86f241324d8d2f2b22eaec997d.yaml b/nuclei-templates/2015/CVE-2015-9270-a669ab86f241324d8d2f2b22eaec997d.yaml
index e42b612650..a533e81570 100644
--- a/nuclei-templates/2015/CVE-2015-9270-a669ab86f241324d8d2f2b22eaec997d.yaml
+++ b/nuclei-templates/2015/CVE-2015-9270-a669ab86f241324d8d2f2b22eaec997d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Holiday Calendar < 1.11.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-holiday-calendar/"
     google-query: inurl:"/wp-content/plugins/the-holiday-calendar/"
     shodan-query: 'vuln:CVE-2015-9270'
-  tags: cve,wordpress,wp-plugin,the-holiday-calendar,medium
+  tags: cve,wordpress,wp-plugin,the-holiday-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9273-c568408b66270ee8858beb6b5337a826.yaml b/nuclei-templates/2015/CVE-2015-9273-c568408b66270ee8858beb6b5337a826.yaml
index e449b55714..27123fd7cd 100644
--- a/nuclei-templates/2015/CVE-2015-9273-c568408b66270ee8858beb6b5337a826.yaml
+++ b/nuclei-templates/2015/CVE-2015-9273-c568408b66270ee8858beb6b5337a826.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics < 4.1.6.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2015-9273'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,medium
+  tags: cve,wordpress,wp-plugin,wp-slimstat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9293-5d289d7e578bce569fb34678a49e0c92.yaml b/nuclei-templates/2015/CVE-2015-9293-5d289d7e578bce569fb34678a49e0c92.yaml
index afdd5dd8ae..6c3679a9db 100644
--- a/nuclei-templates/2015/CVE-2015-9293-5d289d7e578bce569fb34678a49e0c92.yaml
+++ b/nuclei-templates/2015/CVE-2015-9293-5d289d7e578bce569fb34678a49e0c92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One WP Security & Firewall <= 3.9.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/"
     shodan-query: 'vuln:CVE-2015-9293'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9295-7d2288f1e4c8fb646fdb55a372b6200a.yaml b/nuclei-templates/2015/CVE-2015-9295-7d2288f1e4c8fb646fdb55a372b6200a.yaml
index e792425641..845cd4f5c1 100644
--- a/nuclei-templates/2015/CVE-2015-9295-7d2288f1e4c8fb646fdb55a372b6200a.yaml
+++ b/nuclei-templates/2015/CVE-2015-9295-7d2288f1e4c8fb646fdb55a372b6200a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by BestWebSoft <= 3.95 - ReflectedCross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.95 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-plugin/"
     google-query: inurl:"/wp-content/plugins/contact-form-plugin/"
     shodan-query: 'vuln:CVE-2015-9295'
-  tags: cve,wordpress,wp-plugin,contact-form-plugin,medium
+  tags: cve,wordpress,wp-plugin,contact-form-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9297-af430c9858b5bde975d56075509bcf57.yaml b/nuclei-templates/2015/CVE-2015-9297-af430c9858b5bde975d56075509bcf57.yaml
index 9786ae95e2..26fe85f72a 100644
--- a/nuclei-templates/2015/CVE-2015-9297-af430c9858b5bde975d56075509bcf57.yaml
+++ b/nuclei-templates/2015/CVE-2015-9297-af430c9858b5bde975d56075509bcf57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 5.5.7.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The events-manager plugin before 5.6 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2015-9297'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9299-3f14554541d5c07fa1b8df4c175de3d3.yaml b/nuclei-templates/2015/CVE-2015-9299-3f14554541d5c07fa1b8df4c175de3d3.yaml
index 6d1e1b34a2..0df50ef4fc 100644
--- a/nuclei-templates/2015/CVE-2015-9299-3f14554541d5c07fa1b8df4c175de3d3.yaml
+++ b/nuclei-templates/2015/CVE-2015-9299-3f14554541d5c07fa1b8df4c175de3d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager < 5.5.7.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS via the dbem_event_reapproved_email_body parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2015-9299'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9300-7f61d132e9ad7bb4333f632fb4ac561f.yaml b/nuclei-templates/2015/CVE-2015-9300-7f61d132e9ad7bb4333f632fb4ac561f.yaml
index 536099c96b..cac86bc712 100644
--- a/nuclei-templates/2015/CVE-2015-9300-7f61d132e9ad7bb4333f632fb4ac561f.yaml
+++ b/nuclei-templates/2015/CVE-2015-9300-7f61d132e9ad7bb4333f632fb4ac561f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager < 5.5.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2015-9300'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9304-afb15d666e098434f8ebcb7a76b5d273.yaml b/nuclei-templates/2015/CVE-2015-9304-afb15d666e098434f8ebcb7a76b5d273.yaml
index 34c746d5f4..bad0ce35b7 100644
--- a/nuclei-templates/2015/CVE-2015-9304-afb15d666e098434f8ebcb7a76b5d273.yaml
+++ b/nuclei-templates/2015/CVE-2015-9304-afb15d666e098434f8ebcb7a76b5d273.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 1.3.17 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2015-9304'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9306-c5aaff2cbf4515e9a35f03f837f2957f.yaml b/nuclei-templates/2015/CVE-2015-9306-c5aaff2cbf4515e9a35f03f837f2957f.yaml
index f572d3045e..d023a76048 100644
--- a/nuclei-templates/2015/CVE-2015-9306-c5aaff2cbf4515e9a35f03f837f2957f.yaml
+++ b/nuclei-templates/2015/CVE-2015-9306-c5aaff2cbf4515e9a35f03f837f2957f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Drag And drop All Import : WP Ultimate CSV Importer < 3.8.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/"
     shodan-query: 'vuln:CVE-2015-9306'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,medium
+  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9307-0677fc472ce6636d2560dd0fee27206d.yaml b/nuclei-templates/2015/CVE-2015-9307-0677fc472ce6636d2560dd0fee27206d.yaml
index 979ac548b7..60230f16a4 100644
--- a/nuclei-templates/2015/CVE-2015-9307-0677fc472ce6636d2560dd0fee27206d.yaml
+++ b/nuclei-templates/2015/CVE-2015-9307-0677fc472ce6636d2560dd0fee27206d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Map Plugin < 2.3.10 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Google Map plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-map-plugin/"
     google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/"
     shodan-query: 'vuln:CVE-2015-9307'
-  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,high
+  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9308-6a35bf1797897f8d13c75911c491ac65.yaml b/nuclei-templates/2015/CVE-2015-9308-6a35bf1797897f8d13c75911c491ac65.yaml
index c47190a834..9566ad23cc 100644
--- a/nuclei-templates/2015/CVE-2015-9308-6a35bf1797897f8d13c75911c491ac65.yaml
+++ b/nuclei-templates/2015/CVE-2015-9308-6a35bf1797897f8d13c75911c491ac65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Map Plugin < 2.3.10 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Google Map plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-map-plugin/"
     google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/"
     shodan-query: 'vuln:CVE-2015-9308'
-  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,high
+  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9309-09e6dfe7f784e608ed0fba91188d7274.yaml b/nuclei-templates/2015/CVE-2015-9309-09e6dfe7f784e608ed0fba91188d7274.yaml
index d081fa55fe..3b1a10cfe5 100644
--- a/nuclei-templates/2015/CVE-2015-9309-09e6dfe7f784e608ed0fba91188d7274.yaml
+++ b/nuclei-templates/2015/CVE-2015-9309-09e6dfe7f784e608ed0fba91188d7274.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Map Plugin < 2.3.10 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Google Map plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-map-plugin/"
     google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/"
     shodan-query: 'vuln:CVE-2015-9309'
-  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,high
+  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9317-266ba42edca3ad9aefeac2a819615d83.yaml b/nuclei-templates/2015/CVE-2015-9317-266ba42edca3ad9aefeac2a819615d83.yaml
index db27d82976..b115fa1beb 100644
--- a/nuclei-templates/2015/CVE-2015-9317-266ba42edca3ad9aefeac2a819615d83.yaml
+++ b/nuclei-templates/2015/CVE-2015-9317-266ba42edca3ad9aefeac2a819615d83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support – WordPress HelpDesk & Support Plugin < 3.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2015-9317'
-  tags: cve,wordpress,wp-plugin,awesome-support,medium
+  tags: cve,wordpress,wp-plugin,awesome-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9320-6e42e23486d09ec34675722772aa1b90.yaml b/nuclei-templates/2015/CVE-2015-9320-6e42e23486d09ec34675722772aa1b90.yaml
index 685c1de260..159f805ce2 100644
--- a/nuclei-templates/2015/CVE-2015-9320-6e42e23486d09ec34675722772aa1b90.yaml
+++ b/nuclei-templates/2015/CVE-2015-9320-6e42e23486d09ec34675722772aa1b90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Option Tree <= 2.5.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/option-tree/"
     google-query: inurl:"/wp-content/plugins/option-tree/"
     shodan-query: 'vuln:CVE-2015-9320'
-  tags: cve,wordpress,wp-plugin,option-tree,medium
+  tags: cve,wordpress,wp-plugin,option-tree,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9322-1bd28f72c9296305fff71e613d0c8c82.yaml b/nuclei-templates/2015/CVE-2015-9322-1bd28f72c9296305fff71e613d0c8c82.yaml
index 0de7df40b0..ac7b258c9d 100644
--- a/nuclei-templates/2015/CVE-2015-9322-1bd28f72c9296305fff71e613d0c8c82.yaml
+++ b/nuclei-templates/2015/CVE-2015-9322-1bd28f72c9296305fff71e613d0c8c82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Erident Custom Login and Dashboard <= 3.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Erident Custom Login and Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting via the ‘er_options_up[dashboard_data_left]’ parameter in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erident-custom-login-and-dashboard/"
     google-query: inurl:"/wp-content/plugins/erident-custom-login-and-dashboard/"
     shodan-query: 'vuln:CVE-2015-9322'
-  tags: cve,wordpress,wp-plugin,erident-custom-login-and-dashboard,high
+  tags: cve,wordpress,wp-plugin,erident-custom-login-and-dashboard,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9329-5b6052811294a634af9b6d15efbb8d49.yaml b/nuclei-templates/2015/CVE-2015-9329-5b6052811294a634af9b6d15efbb8d49.yaml
index 6b5f688e1a..8bf8a52f3c 100644
--- a/nuclei-templates/2015/CVE-2015-9329-5b6052811294a634af9b6d15efbb8d49.yaml
+++ b/nuclei-templates/2015/CVE-2015-9329-5b6052811294a634af9b6d15efbb8d49.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2015-9329
   metadata:
-    fofa-query: "wp-content/plugins/wp-all-import-pro/"
-    google-query: inurl:"/wp-content/plugins/wp-all-import-pro/"
+    fofa-query: "wp-content/plugins/wp-all-import/"
+    google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2015-9329'
-  tags: cve,wordpress,wp-plugin,wp-all-import-pro,medium
+  tags: cve,wordpress,wp-plugin,wp-all-import,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-all-import-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wp-all-import-pro"
+          - "wp-all-import"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 4.1.1')
\ No newline at end of file
+          - compare_versions(version, '<= 3.2.4')
\ No newline at end of file
diff --git a/nuclei-templates/2015/CVE-2015-9331-81844f67a8cb300bf38ea9c090e351aa.yaml b/nuclei-templates/2015/CVE-2015-9331-81844f67a8cb300bf38ea9c090e351aa.yaml
index f74d0b8ae3..a08580db8f 100644
--- a/nuclei-templates/2015/CVE-2015-9331-81844f67a8cb300bf38ea9c090e351aa.yaml
+++ b/nuclei-templates/2015/CVE-2015-9331-81844f67a8cb300bf38ea9c090e351aa.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2015-9331
   metadata:
-    fofa-query: "wp-content/plugins/wp-all-import-pro/"
-    google-query: inurl:"/wp-content/plugins/wp-all-import-pro/"
+    fofa-query: "wp-content/plugins/wp-all-import/"
+    google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2015-9331'
-  tags: cve,wordpress,wp-plugin,wp-all-import-pro,high
+  tags: cve,wordpress,wp-plugin,wp-all-import,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-all-import-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wp-all-import-pro"
+          - "wp-all-import"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 4.1.1')
\ No newline at end of file
+          - compare_versions(version, '< 3.2.4')
\ No newline at end of file
diff --git a/nuclei-templates/2015/CVE-2015-9339-558dd2abba5a0995e4e08d93b33b9766.yaml b/nuclei-templates/2015/CVE-2015-9339-558dd2abba5a0995e4e08d93b33b9766.yaml
index 6d7fbca716..a18ee4b5b8 100644
--- a/nuclei-templates/2015/CVE-2015-9339-558dd2abba5a0995e4e08d93b33b9766.yaml
+++ b/nuclei-templates/2015/CVE-2015-9339-558dd2abba5a0995e4e08d93b33b9766.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Upload < 2.7.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-upload/"
     google-query: inurl:"/wp-content/plugins/wp-file-upload/"
     shodan-query: 'vuln:CVE-2015-9339'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,high
+  tags: cve,wordpress,wp-plugin,wp-file-upload,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9342-7a4c9972726e4955d433f6a7b81c1d28.yaml b/nuclei-templates/2015/CVE-2015-9342-7a4c9972726e4955d433f6a7b81c1d28.yaml
index 2879d286b1..c22b322a0d 100644
--- a/nuclei-templates/2015/CVE-2015-9342-7a4c9972726e4955d433f6a7b81c1d28.yaml
+++ b/nuclei-templates/2015/CVE-2015-9342-7a4c9972726e4955d433f6a7b81c1d28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Rollback < 1.2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-rollback plugin before 1.2.3 for WordPress has Cross-Site Scripting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rollback/"
     google-query: inurl:"/wp-content/plugins/wp-rollback/"
     shodan-query: 'vuln:CVE-2015-9342'
-  tags: cve,wordpress,wp-plugin,wp-rollback,medium
+  tags: cve,wordpress,wp-plugin,wp-rollback,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9343-79ab1b5d546d12b519823b2566724735.yaml b/nuclei-templates/2015/CVE-2015-9343-79ab1b5d546d12b519823b2566724735.yaml
index 218c72e465..1d4adaaa29 100644
--- a/nuclei-templates/2015/CVE-2015-9343-79ab1b5d546d12b519823b2566724735.yaml
+++ b/nuclei-templates/2015/CVE-2015-9343-79ab1b5d546d12b519823b2566724735.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rollback < 1.2.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wp-rollback plugin before 1.2.3 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rollback/"
     google-query: inurl:"/wp-content/plugins/wp-rollback/"
     shodan-query: 'vuln:CVE-2015-9343'
-  tags: cve,wordpress,wp-plugin,wp-rollback,high
+  tags: cve,wordpress,wp-plugin,wp-rollback,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9346-ab3c3e9805ecb63c9f5865d7cc04e6fb.yaml b/nuclei-templates/2015/CVE-2015-9346-ab3c3e9805ecb63c9f5865d7cc04e6fb.yaml
index 5ad9cbb9eb..3a498a7317 100644
--- a/nuclei-templates/2015/CVE-2015-9346-ab3c3e9805ecb63c9f5865d7cc04e6fb.yaml
+++ b/nuclei-templates/2015/CVE-2015-9346-ab3c3e9805ecb63c9f5865d7cc04e6fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Polls CP < 1.0.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The cp-polls plugin before 1.0.5 for WordPress has XSS via the 'name' parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-polls/"
     google-query: inurl:"/wp-content/plugins/cp-polls/"
     shodan-query: 'vuln:CVE-2015-9346'
-  tags: cve,wordpress,wp-plugin,cp-polls,medium
+  tags: cve,wordpress,wp-plugin,cp-polls,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9347-2304e691feb866a99a567fd410649f69.yaml b/nuclei-templates/2015/CVE-2015-9347-2304e691feb866a99a567fd410649f69.yaml
index 83f22678bf..c616819db3 100644
--- a/nuclei-templates/2015/CVE-2015-9347-2304e691feb866a99a567fd410649f69.yaml
+++ b/nuclei-templates/2015/CVE-2015-9347-2304e691feb866a99a567fd410649f69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plotly <= 1.0.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Plotly plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-plotly/"
     google-query: inurl:"/wp-content/plugins/wp-plotly/"
     shodan-query: 'vuln:CVE-2015-9347'
-  tags: cve,wordpress,wp-plugin,wp-plotly,medium
+  tags: cve,wordpress,wp-plugin,wp-plotly,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9353-1a55c20ce9650829e57b6e448599ddb2.yaml b/nuclei-templates/2015/CVE-2015-9353-1a55c20ce9650829e57b6e448599ddb2.yaml
index 9050dd7224..9a6a27fa42 100644
--- a/nuclei-templates/2015/CVE-2015-9353-1a55c20ce9650829e57b6e448599ddb2.yaml
+++ b/nuclei-templates/2015/CVE-2015-9353-1a55c20ce9650829e57b6e448599ddb2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GigPress <= 2.3.10 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gigpress/"
     google-query: inurl:"/wp-content/plugins/gigpress/"
     shodan-query: 'vuln:CVE-2015-9353'
-  tags: cve,wordpress,wp-plugin,gigpress,high
+  tags: cve,wordpress,wp-plugin,gigpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9355-5e2cda3c648eae11638d20b64a6ac7f2.yaml b/nuclei-templates/2015/CVE-2015-9355-5e2cda3c648eae11638d20b64a6ac7f2.yaml
index e9cc4c224c..60c60610b4 100644
--- a/nuclei-templates/2015/CVE-2015-9355-5e2cda3c648eae11638d20b64a6ac7f2.yaml
+++ b/nuclei-templates/2015/CVE-2015-9355-5e2cda3c648eae11638d20b64a6ac7f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Two Factor Authentication < 1.1.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/two-factor-authentication/"
     google-query: inurl:"/wp-content/plugins/two-factor-authentication/"
     shodan-query: 'vuln:CVE-2015-9355'
-  tags: cve,wordpress,wp-plugin,two-factor-authentication,medium
+  tags: cve,wordpress,wp-plugin,two-factor-authentication,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9356-f5789b694dfc2fa041ad362aac79382e.yaml b/nuclei-templates/2015/CVE-2015-9356-f5789b694dfc2fa041ad362aac79382e.yaml
index 2b1ee1bbfd..d30b883914 100644
--- a/nuclei-templates/2015/CVE-2015-9356-f5789b694dfc2fa041ad362aac79382e.yaml
+++ b/nuclei-templates/2015/CVE-2015-9356-f5789b694dfc2fa041ad362aac79382e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Viper GuestBook <= 1.3.15 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Viper GuestBook plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping on a query arg. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-vipergb/"
     google-query: inurl:"/wp-content/plugins/wp-vipergb/"
     shodan-query: 'vuln:CVE-2015-9356'
-  tags: cve,wordpress,wp-plugin,wp-vipergb,medium
+  tags: cve,wordpress,wp-plugin,wp-vipergb,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9357-cff9e4a18682397642168ab27f023202.yaml b/nuclei-templates/2015/CVE-2015-9357-cff9e4a18682397642168ab27f023202.yaml
index 36b3206b6b..6f5a1ce957 100644
--- a/nuclei-templates/2015/CVE-2015-9357-cff9e4a18682397642168ab27f023202.yaml
+++ b/nuclei-templates/2015/CVE-2015-9357-cff9e4a18682397642168ab27f023202.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Akismet <= 3.1.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The akismet plugin before 3.1.5 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/akismet/"
     google-query: inurl:"/wp-content/plugins/akismet/"
     shodan-query: 'vuln:CVE-2015-9357'
-  tags: cve,wordpress,wp-plugin,akismet,medium
+  tags: cve,wordpress,wp-plugin,akismet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9360-84290819179c80fad98664a6919a3707.yaml b/nuclei-templates/2015/CVE-2015-9360-84290819179c80fad98664a6919a3707.yaml
index d93061a949..b3bef0a250 100644
--- a/nuclei-templates/2015/CVE-2015-9360-84290819179c80fad98664a6919a3707.yaml
+++ b/nuclei-templates/2015/CVE-2015-9360-84290819179c80fad98664a6919a3707.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UpdraftPlus <= 1.9.63 and UpdraftPlus (paid) <= 2.9.63 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The UpdraftPlus free plugin before 1.9.64 (and UpdraftPlus paid before 2.9.64) are vulnerable to Cross-Site Scripting via add_query_arg() and remove_query_arg().
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2015-9360
   metadata:
-    fofa-query: "wp-content/plugins/updraftplus/"
-    google-query: inurl:"/wp-content/plugins/updraftplus/"
+    fofa-query: "wp-content/plugins/updraftplus-pro/"
+    google-query: inurl:"/wp-content/plugins/updraftplus-pro/"
     shodan-query: 'vuln:CVE-2015-9360'
-  tags: cve,wordpress,wp-plugin,updraftplus,medium
+  tags: cve,wordpress,wp-plugin,updraftplus-pro,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/updraftplus-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "updraftplus"
+          - "updraftplus-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.9.64')
\ No newline at end of file
+          - compare_versions(version, '< 2.9.64')
\ No newline at end of file
diff --git a/nuclei-templates/2015/CVE-2015-9363-f7228bc923e4f7e6b922e94dc9e73ec2.yaml b/nuclei-templates/2015/CVE-2015-9363-f7228bc923e4f7e6b922e94dc9e73ec2.yaml
index 178a74f7b9..ab7a2b492f 100644
--- a/nuclei-templates/2015/CVE-2015-9363-f7228bc923e4f7e6b922e94dc9e73ec2.yaml
+++ b/nuclei-templates/2015/CVE-2015-9363-f7228bc923e4f7e6b922e94dc9e73ec2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iThemes Exchange < 1.12.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ithemes-exchange/"
     google-query: inurl:"/wp-content/plugins/ithemes-exchange/"
     shodan-query: 'vuln:CVE-2015-9363'
-  tags: cve,wordpress,wp-plugin,ithemes-exchange,medium
+  tags: cve,wordpress,wp-plugin,ithemes-exchange,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9373-bf5b301e59797812833300e7fc88f201.yaml b/nuclei-templates/2015/CVE-2015-9373-bf5b301e59797812833300e7fc88f201.yaml
index 9dd4482629..44b87397e4 100644
--- a/nuclei-templates/2015/CVE-2015-9373-bf5b301e59797812833300e7fc88f201.yaml
+++ b/nuclei-templates/2015/CVE-2015-9373-bf5b301e59797812833300e7fc88f201.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PayPal Pro Add-on for iThemes Exchange < 1.1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exchange-addon-paypal-pro/"
     google-query: inurl:"/wp-content/plugins/exchange-addon-paypal-pro/"
     shodan-query: 'vuln:CVE-2015-9373'
-  tags: cve,wordpress,wp-plugin,exchange-addon-paypal-pro,medium
+  tags: cve,wordpress,wp-plugin,exchange-addon-paypal-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9375-3a6771ca38d2c7d158262d9fbdbb7826.yaml b/nuclei-templates/2015/CVE-2015-9375-3a6771ca38d2c7d158262d9fbdbb7826.yaml
index e1722e38bf..cc198027ce 100644
--- a/nuclei-templates/2015/CVE-2015-9375-3a6771ca38d2c7d158262d9fbdbb7826.yaml
+++ b/nuclei-templates/2015/CVE-2015-9375-3a6771ca38d2c7d158262d9fbdbb7826.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exchange Addon Table Rate Shipping < 1.1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exchange-addon-table-rate-shipping/"
     google-query: inurl:"/wp-content/plugins/exchange-addon-table-rate-shipping/"
     shodan-query: 'vuln:CVE-2015-9375'
-  tags: cve,wordpress,wp-plugin,exchange-addon-table-rate-shipping,medium
+  tags: cve,wordpress,wp-plugin,exchange-addon-table-rate-shipping,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9379-f87c4c6d53b29231a0f57635f4d257a4.yaml b/nuclei-templates/2015/CVE-2015-9379-f87c4c6d53b29231a0f57635f4d257a4.yaml
index 9749d6bbb9..bd25a1e91a 100644
--- a/nuclei-templates/2015/CVE-2015-9379-f87c4c6d53b29231a0f57635f4d257a4.yaml
+++ b/nuclei-templates/2015/CVE-2015-9379-f87c4c6d53b29231a0f57635f4d257a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iThemes Builder Style Manager < 0.7.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg().
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/builder-style-manager/"
     google-query: inurl:"/wp-content/plugins/builder-style-manager/"
     shodan-query: 'vuln:CVE-2015-9379'
-  tags: cve,wordpress,wp-plugin,builder-style-manager,medium
+  tags: cve,wordpress,wp-plugin,builder-style-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9380-6c9c7c812a4ff55c5f56daa5be2fd373.yaml b/nuclei-templates/2015/CVE-2015-9380-6c9c7c812a4ff55c5f56daa5be2fd373.yaml
index a0fcb964c4..7b84b56093 100644
--- a/nuclei-templates/2015/CVE-2015-9380-6c9c7c812a4ff55c5f56daa5be2fd373.yaml
+++ b/nuclei-templates/2015/CVE-2015-9380-6c9c7c812a4ff55c5f56daa5be2fd373.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.2.41 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Photo Gallery plugin before 1.2.42 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2015-9380'
-  tags: cve,wordpress,wp-plugin,photo-gallery,high
+  tags: cve,wordpress,wp-plugin,photo-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9384-c81d2be092773595df7e11c3e43455e6.yaml b/nuclei-templates/2015/CVE-2015-9384-c81d2be092773595df7e11c3e43455e6.yaml
index d6fe5efef0..0e9edc83b3 100644
--- a/nuclei-templates/2015/CVE-2015-9384-c81d2be092773595df7e11c3e43455e6.yaml
+++ b/nuclei-templates/2015/CVE-2015-9384-c81d2be092773595df7e11c3e43455e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevant – Related, Featured, Latest, and Popular Posts by BestWebSoft <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Relevant Related Posts plugin up to and including version 1.0.7 for WordPress is vulnerable to stored cross-site scripting via the rltdpstsplgn_options parameter. This makes it possible for authenticated attackers, with administrator-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/relevant/"
     google-query: inurl:"/wp-content/plugins/relevant/"
     shodan-query: 'vuln:CVE-2015-9384'
-  tags: cve,wordpress,wp-plugin,relevant,medium
+  tags: cve,wordpress,wp-plugin,relevant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9385-105cf32b00a014867c600a479b6d44a5.yaml b/nuclei-templates/2015/CVE-2015-9385-105cf32b00a014867c600a479b6d44a5.yaml
index ff92b29de5..161ab61eca 100644
--- a/nuclei-templates/2015/CVE-2015-9385-105cf32b00a014867c600a479b6d44a5.yaml
+++ b/nuclei-templates/2015/CVE-2015-9385-105cf32b00a014867c600a479b6d44a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quotes and Tips by BestWebSoft < 1.20 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The quotes-and-tips plugin before 1.20 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quotes-and-tips/"
     google-query: inurl:"/wp-content/plugins/quotes-and-tips/"
     shodan-query: 'vuln:CVE-2015-9385'
-  tags: cve,wordpress,wp-plugin,quotes-and-tips,medium
+  tags: cve,wordpress,wp-plugin,quotes-and-tips,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9388-5973e024827e1b713c70489b0018d6d3.yaml b/nuclei-templates/2015/CVE-2015-9388-5973e024827e1b713c70489b0018d6d3.yaml
index 876ceb2574..4376cd937c 100644
--- a/nuclei-templates/2015/CVE-2015-9388-5973e024827e1b713c70489b0018d6d3.yaml
+++ b/nuclei-templates/2015/CVE-2015-9388-5973e024827e1b713c70489b0018d6d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     mTouch Quiz <= 3.1.2 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mtouch-quiz/"
     google-query: inurl:"/wp-content/plugins/mtouch-quiz/"
     shodan-query: 'vuln:CVE-2015-9388'
-  tags: cve,wordpress,wp-plugin,mtouch-quiz,high
+  tags: cve,wordpress,wp-plugin,mtouch-quiz,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9389-5ec6acde81c3a11c030c7e48fb82e3a0.yaml b/nuclei-templates/2015/CVE-2015-9389-5ec6acde81c3a11c030c7e48fb82e3a0.yaml
index 93bab91ba3..3e7f28eee0 100644
--- a/nuclei-templates/2015/CVE-2015-9389-5ec6acde81c3a11c030c7e48fb82e3a0.yaml
+++ b/nuclei-templates/2015/CVE-2015-9389-5ec6acde81c3a11c030c7e48fb82e3a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     mTouch Quiz <= 3.1.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The mTouch Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the quiz name in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a victim access the quiz.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mtouch-quiz/"
     google-query: inurl:"/wp-content/plugins/mtouch-quiz/"
     shodan-query: 'vuln:CVE-2015-9389'
-  tags: cve,wordpress,wp-plugin,mtouch-quiz,medium
+  tags: cve,wordpress,wp-plugin,mtouch-quiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9390-9639beb38d5d1c45bea1fc0af8299ea1.yaml b/nuclei-templates/2015/CVE-2015-9390-9639beb38d5d1c45bea1fc0af8299ea1.yaml
index 5c67ccb074..ec091c7046 100644
--- a/nuclei-templates/2015/CVE-2015-9390-9639beb38d5d1c45bea1fc0af8299ea1.yaml
+++ b/nuclei-templates/2015/CVE-2015-9390-9639beb38d5d1c45bea1fc0af8299ea1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Management Xtended <= 2.4.0 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-management-xtended/"
     google-query: inurl:"/wp-content/plugins/admin-management-xtended/"
     shodan-query: 'vuln:CVE-2015-9390'
-  tags: cve,wordpress,wp-plugin,admin-management-xtended,medium
+  tags: cve,wordpress,wp-plugin,admin-management-xtended,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9391-6ef860020cf2393d29a3d4b7f6db6475.yaml b/nuclei-templates/2015/CVE-2015-9391-6ef860020cf2393d29a3d4b7f6db6475.yaml
index 5580120225..24df0bf3c2 100644
--- a/nuclei-templates/2015/CVE-2015-9391-6ef860020cf2393d29a3d4b7f6db6475.yaml
+++ b/nuclei-templates/2015/CVE-2015-9391-6ef860020cf2393d29a3d4b7f6db6475.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YAWPP (Yet Another WordPress Petition Plugin) <= 1.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yawpp/"
     google-query: inurl:"/wp-content/plugins/yawpp/"
     shodan-query: 'vuln:CVE-2015-9391'
-  tags: cve,wordpress,wp-plugin,yawpp,medium
+  tags: cve,wordpress,wp-plugin,yawpp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9392-ccec5144654bab62438c0000b0cd001b.yaml b/nuclei-templates/2015/CVE-2015-9392-ccec5144654bab62438c0000b0cd001b.yaml
index 317b62feb1..9e3b8bb541 100644
--- a/nuclei-templates/2015/CVE-2015-9392-ccec5144654bab62438c0000b0cd001b.yaml
+++ b/nuclei-templates/2015/CVE-2015-9392-ccec5144654bab62438c0000b0cd001b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting via p_name parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-ultra/"
     google-query: inurl:"/wp-content/plugins/users-ultra/"
     shodan-query: 'vuln:CVE-2015-9392'
-  tags: cve,wordpress,wp-plugin,users-ultra,medium
+  tags: cve,wordpress,wp-plugin,users-ultra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9393-d7cc53ebc89a0251fb7abbabbb69e870.yaml b/nuclei-templates/2015/CVE-2015-9393-d7cc53ebc89a0251fb7abbabbb69e870.yaml
index 2ffe07f10b..54c6e3f09b 100644
--- a/nuclei-templates/2015/CVE-2015-9393-d7cc53ebc89a0251fb7abbabbb69e870.yaml
+++ b/nuclei-templates/2015/CVE-2015-9393-d7cc53ebc89a0251fb7abbabbb69e870.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-ultra/"
     google-query: inurl:"/wp-content/plugins/users-ultra/"
     shodan-query: 'vuln:CVE-2015-9393'
-  tags: cve,wordpress,wp-plugin,users-ultra,medium
+  tags: cve,wordpress,wp-plugin,users-ultra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9394-9ae9897b899214e88181a9313e35781d.yaml b/nuclei-templates/2015/CVE-2015-9394-9ae9897b899214e88181a9313e35781d.yaml
index b5b932c379..5b000429f7 100644
--- a/nuclei-templates/2015/CVE-2015-9394-9ae9897b899214e88181a9313e35781d.yaml
+++ b/nuclei-templates/2015/CVE-2015-9394-9ae9897b899214e88181a9313e35781d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-ultra/"
     google-query: inurl:"/wp-content/plugins/users-ultra/"
     shodan-query: 'vuln:CVE-2015-9394'
-  tags: cve,wordpress,wp-plugin,users-ultra,high
+  tags: cve,wordpress,wp-plugin,users-ultra,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9395-4d92bacdb897e72bc7c9b888465bfb12.yaml b/nuclei-templates/2015/CVE-2015-9395-4d92bacdb897e72bc7c9b888465bfb12.yaml
index d2addb5059..44feaa3721 100644
--- a/nuclei-templates/2015/CVE-2015-9395-4d92bacdb897e72bc7c9b888465bfb12.yaml
+++ b/nuclei-templates/2015/CVE-2015-9395-4d92bacdb897e72bc7c9b888465bfb12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Users Ultra Membership Plugin <= 1.5.63 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via ajax actions, by exploiting following WP ajax actions  SQL injections attacks can be performed:
     `edit_video`, `delete_photo`, `delete_gallery`, `delete_video`, `reload_photos`, `edit_gallery`, `edit_gallery_confirm`, `edit_photo`, `edit_photo_confirm`, `edit_video_confirm`, `set_as_main_photo`, `sort_photo_list`,`sort_gallery_list`, `reload_videos`
@@ -20,7 +20,7 @@ info:
     fofa-query: "wp-content/plugins/users-ultra/"
     google-query: inurl:"/wp-content/plugins/users-ultra/"
     shodan-query: 'vuln:CVE-2015-9395'
-  tags: cve,wordpress,wp-plugin,users-ultra,high
+  tags: cve,wordpress,wp-plugin,users-ultra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9397-e2b3a3b43a72a2751316fff54c8d6a22.yaml b/nuclei-templates/2015/CVE-2015-9397-e2b3a3b43a72a2751316fff54c8d6a22.yaml
index 463f1aefe7..462748d2c7 100644
--- a/nuclei-templates/2015/CVE-2015-9397-e2b3a3b43a72a2751316fff54c8d6a22.yaml
+++ b/nuclei-templates/2015/CVE-2015-9397-e2b3a3b43a72a2751316fff54c8d6a22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GoCodes <= 1.3.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gocodes/"
     google-query: inurl:"/wp-content/plugins/gocodes/"
     shodan-query: 'vuln:CVE-2015-9397'
-  tags: cve,wordpress,wp-plugin,gocodes,medium
+  tags: cve,wordpress,wp-plugin,gocodes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9398-613714f5c2e87c49430822b55db25b79.yaml b/nuclei-templates/2015/CVE-2015-9398-613714f5c2e87c49430822b55db25b79.yaml
index 92f9a779bd..ee248b8e69 100644
--- a/nuclei-templates/2015/CVE-2015-9398-613714f5c2e87c49430822b55db25b79.yaml
+++ b/nuclei-templates/2015/CVE-2015-9398-613714f5c2e87c49430822b55db25b79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GoCodes <= 1.3.5 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The GoCodes plugin for WordPress is vulnerable to blind SQL Injection via the ‘gcid’ parameter in versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for editor-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gocodes/"
     google-query: inurl:"/wp-content/plugins/gocodes/"
     shodan-query: 'vuln:CVE-2015-9398'
-  tags: cve,wordpress,wp-plugin,gocodes,high
+  tags: cve,wordpress,wp-plugin,gocodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9399-cca20bceb29d548b71fff2c6b265d9c3.yaml b/nuclei-templates/2015/CVE-2015-9399-cca20bceb29d548b71fff2c6b265d9c3.yaml
index 4cf8c468b2..12e1e38ad4 100644
--- a/nuclei-templates/2015/CVE-2015-9399-cca20bceb29d548b71fff2c6b265d9c3.yaml
+++ b/nuclei-templates/2015/CVE-2015-9399-cca20bceb29d548b71fff2c6b265d9c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Stats-Dashboard <= 2.9.4 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-stats-dashboard/"
     google-query: inurl:"/wp-content/plugins/wp-stats-dashboard/"
     shodan-query: 'vuln:CVE-2015-9399'
-  tags: cve,wordpress,wp-plugin,wp-stats-dashboard,high
+  tags: cve,wordpress,wp-plugin,wp-stats-dashboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9400-f1ed96d1b2d98c3026e1dd704ae2087a.yaml b/nuclei-templates/2015/CVE-2015-9400-f1ed96d1b2d98c3026e1dd704ae2087a.yaml
index 675e3c7317..39472956f0 100644
--- a/nuclei-templates/2015/CVE-2015-9400-f1ed96d1b2d98c3026e1dd704ae2087a.yaml
+++ b/nuclei-templates/2015/CVE-2015-9400-f1ed96d1b2d98c3026e1dd704ae2087a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Meta Robots <= 2.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-meta-robots/"
     google-query: inurl:"/wp-content/plugins/wordpress-meta-robots/"
     shodan-query: 'vuln:CVE-2015-9400'
-  tags: cve,wordpress,wp-plugin,wordpress-meta-robots,high
+  tags: cve,wordpress,wp-plugin,wordpress-meta-robots,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9402-7d8cf8e800d2870ca230bed514c737c3.yaml b/nuclei-templates/2015/CVE-2015-9402-7d8cf8e800d2870ca230bed514c737c3.yaml
index b4e3049ec5..66783f3c18 100644
--- a/nuclei-templates/2015/CVE-2015-9402-7d8cf8e800d2870ca230bed514c737c3.yaml
+++ b/nuclei-templates/2015/CVE-2015-9402-7d8cf8e800d2870ca230bed514c737c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.5.58 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-ultra/"
     google-query: inurl:"/wp-content/plugins/users-ultra/"
     shodan-query: 'vuln:CVE-2015-9402'
-  tags: cve,wordpress,wp-plugin,users-ultra,high
+  tags: cve,wordpress,wp-plugin,users-ultra,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9405-59221c8c4cf4b83ed678f38b12740d87.yaml b/nuclei-templates/2015/CVE-2015-9405-59221c8c4cf4b83ed678f38b12740d87.yaml
index 6a3160b9ea..5c84021ae6 100644
--- a/nuclei-templates/2015/CVE-2015-9405-59221c8c4cf4b83ed678f38b12740d87.yaml
+++ b/nuclei-templates/2015/CVE-2015-9405-59221c8c4cf4b83ed678f38b12740d87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Matomo Integration (WP-Piwik) < 1.0.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-piwik plugin before 1.0.5 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-piwik/"
     google-query: inurl:"/wp-content/plugins/wp-piwik/"
     shodan-query: 'vuln:CVE-2015-9405'
-  tags: cve,wordpress,wp-plugin,wp-piwik,medium
+  tags: cve,wordpress,wp-plugin,wp-piwik,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9407-68634c1a8c946edc4c46f0185186727b.yaml b/nuclei-templates/2015/CVE-2015-9407-68634c1a8c946edc4c46f0185186727b.yaml
index 3565109c31..b8b0799160 100644
--- a/nuclei-templates/2015/CVE-2015-9407-68634c1a8c946edc4c46f0185186727b.yaml
+++ b/nuclei-templates/2015/CVE-2015-9407-68634c1a8c946edc4c46f0185186727b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XPinner Lite <= 2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS via several parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xpinner-lite/"
     google-query: inurl:"/wp-content/plugins/xpinner-lite/"
     shodan-query: 'vuln:CVE-2015-9407'
-  tags: cve,wordpress,wp-plugin,xpinner-lite,medium
+  tags: cve,wordpress,wp-plugin,xpinner-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9408-7fd7a99aaec9de09c58a50b6b832a9fa.yaml b/nuclei-templates/2015/CVE-2015-9408-7fd7a99aaec9de09c58a50b6b832a9fa.yaml
index de7897f849..dcf1ffafd7 100644
--- a/nuclei-templates/2015/CVE-2015-9408-7fd7a99aaec9de09c58a50b6b832a9fa.yaml
+++ b/nuclei-templates/2015/CVE-2015-9408-7fd7a99aaec9de09c58a50b6b832a9fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     xPinner Lite <= 2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xpinner-lite/"
     google-query: inurl:"/wp-content/plugins/xpinner-lite/"
     shodan-query: 'vuln:CVE-2015-9408'
-  tags: cve,wordpress,wp-plugin,xpinner-lite,high
+  tags: cve,wordpress,wp-plugin,xpinner-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9409-a800af3f915adeb03a4c49e2c0c22f5f.yaml b/nuclei-templates/2015/CVE-2015-9409-a800af3f915adeb03a4c49e2c0c22f5f.yaml
index fbc8fa05f5..c0d5af3e2a 100644
--- a/nuclei-templates/2015/CVE-2015-9409-a800af3f915adeb03a4c49e2c0c22f5f.yaml
+++ b/nuclei-templates/2015/CVE-2015-9409-a800af3f915adeb03a4c49e2c0c22f5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ALO EasyMail Newsletter <= 2.6.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alo-easymail/"
     google-query: inurl:"/wp-content/plugins/alo-easymail/"
     shodan-query: 'vuln:CVE-2015-9409'
-  tags: cve,wordpress,wp-plugin,alo-easymail,high
+  tags: cve,wordpress,wp-plugin,alo-easymail,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9411-364140ec5050587d4743f8ad888c8004.yaml b/nuclei-templates/2015/CVE-2015-9411-364140ec5050587d4743f8ad888c8004.yaml
index 2db3074bee..da78fc8a83 100644
--- a/nuclei-templates/2015/CVE-2015-9411-364140ec5050587d4743f8ad888c8004.yaml
+++ b/nuclei-templates/2015/CVE-2015-9411-364140ec5050587d4743f8ad888c8004.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Replyable – Subscribe to Comments and Reply by Email < 1.4.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Postmatic plugin before 1.4.6 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/postmatic/"
     google-query: inurl:"/wp-content/plugins/postmatic/"
     shodan-query: 'vuln:CVE-2015-9411'
-  tags: cve,wordpress,wp-plugin,postmatic,medium
+  tags: cve,wordpress,wp-plugin,postmatic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9412-b8b913c56ed39f29c61eb2552bb40930.yaml b/nuclei-templates/2015/CVE-2015-9412-b8b913c56ed39f29c61eb2552bb40930.yaml
index 15a0c3c9c9..3258d3f62a 100644
--- a/nuclei-templates/2015/CVE-2015-9412-b8b913c56ed39f29c61eb2552bb40930.yaml
+++ b/nuclei-templates/2015/CVE-2015-9412-b8b913c56ed39f29c61eb2552bb40930.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Slider Plugin < 3.2.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-slider/"
     google-query: inurl:"/wp-content/plugins/royal-slider/"
     shodan-query: 'vuln:CVE-2015-9412'
-  tags: cve,wordpress,wp-plugin,royal-slider,medium
+  tags: cve,wordpress,wp-plugin,royal-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9416-fc97a63071c0bdeea490fe1b61f06d10.yaml b/nuclei-templates/2015/CVE-2015-9416-fc97a63071c0bdeea490fe1b61f06d10.yaml
index 3ce3ff92a6..79220069ba 100644
--- a/nuclei-templates/2015/CVE-2015-9416-fc97a63071c0bdeea490fe1b61f06d10.yaml
+++ b/nuclei-templates/2015/CVE-2015-9416-fc97a63071c0bdeea490fe1b61f06d10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPML 2.9.3-3.2.6 - Cross-Site Scripting in Accept-Language Header
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitepress-multilingual-cms/"
     google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/"
     shodan-query: 'vuln:CVE-2015-9416'
-  tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,medium
+  tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9419-c23ce008dc2473271851552ad5775c2c.yaml b/nuclei-templates/2015/CVE-2015-9419-c23ce008dc2473271851552ad5775c2c.yaml
index 840eb07e4f..1dd9d7e765 100644
--- a/nuclei-templates/2015/CVE-2015-9419-c23ce008dc2473271851552ad5775c2c.yaml
+++ b/nuclei-templates/2015/CVE-2015-9419-c23ce008dc2473271851552ad5775c2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Captain Slider <= 1.0.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Captain Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ctslider’ parameter in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/captain-slider/"
     google-query: inurl:"/wp-content/plugins/captain-slider/"
     shodan-query: 'vuln:CVE-2015-9419'
-  tags: cve,wordpress,wp-plugin,captain-slider,medium
+  tags: cve,wordpress,wp-plugin,captain-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9423-20fb78c96d003cc1a6ca252c0fdacd2e.yaml b/nuclei-templates/2015/CVE-2015-9423-20fb78c96d003cc1a6ca252c0fdacd2e.yaml
index bdf1860965..f5d962ca9e 100644
--- a/nuclei-templates/2015/CVE-2015-9423-20fb78c96d003cc1a6ca252c0fdacd2e.yaml
+++ b/nuclei-templates/2015/CVE-2015-9423-20fb78c96d003cc1a6ca252c0fdacd2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PlugNedit Adaptive Editor < 6.2.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has Cross-Site Scripting via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters due to insufficient input sanitization and output escaping. This makes it possible for Subscriber-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/plugnedit/"
     google-query: inurl:"/wp-content/plugins/plugnedit/"
     shodan-query: 'vuln:CVE-2015-9423'
-  tags: cve,wordpress,wp-plugin,plugnedit,medium
+  tags: cve,wordpress,wp-plugin,plugnedit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9428-5ab744233de8cca4ab1cbaa602802c09.yaml b/nuclei-templates/2015/CVE-2015-9428-5ab744233de8cca4ab1cbaa602802c09.yaml
index cb4cb521b0..7b985d3df2 100644
--- a/nuclei-templates/2015/CVE-2015-9428-5ab744233de8cca4ab1cbaa602802c09.yaml
+++ b/nuclei-templates/2015/CVE-2015-9428-5ab744233de8cca4ab1cbaa602802c09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages < 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wplegalpages/"
     google-query: inurl:"/wp-content/plugins/wplegalpages/"
     shodan-query: 'vuln:CVE-2015-9428'
-  tags: cve,wordpress,wp-plugin,wplegalpages,medium
+  tags: cve,wordpress,wp-plugin,wplegalpages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9433-7e1c6a231bffdfe14a3a2ce673d73608.yaml b/nuclei-templates/2015/CVE-2015-9433-7e1c6a231bffdfe14a3a2ce673d73608.yaml
index d5760c9dc5..16536d3d93 100644
--- a/nuclei-templates/2015/CVE-2015-9433-7e1c6a231bffdfe14a3a2ce673d73608.yaml
+++ b/nuclei-templates/2015/CVE-2015-9433-7e1c6a231bffdfe14a3a2ce673d73608.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Social Bookmarking Light < 1.7.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-social-bookmarking-light/"
     google-query: inurl:"/wp-content/plugins/wp-social-bookmarking-light/"
     shodan-query: 'vuln:CVE-2015-9433'
-  tags: cve,wordpress,wp-plugin,wp-social-bookmarking-light,medium
+  tags: cve,wordpress,wp-plugin,wp-social-bookmarking-light,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9434-10df21fe953fcd7c84f02b55e2e8260b.yaml b/nuclei-templates/2015/CVE-2015-9434-10df21fe953fcd7c84f02b55e2e8260b.yaml
index 1c0a57e313..1633fd95a8 100644
--- a/nuclei-templates/2015/CVE-2015-9434-10df21fe953fcd7c84f02b55e2e8260b.yaml
+++ b/nuclei-templates/2015/CVE-2015-9434-10df21fe953fcd7c84f02b55e2e8260b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Logo Carousel < 1.7.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings' tab or tab_flags_order parameters in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated  attackers requires contributor or higher role user authentication to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kiwi-logo-carousel/"
     google-query: inurl:"/wp-content/plugins/kiwi-logo-carousel/"
     shodan-query: 'vuln:CVE-2015-9434'
-  tags: cve,wordpress,wp-plugin,kiwi-logo-carousel,medium
+  tags: cve,wordpress,wp-plugin,kiwi-logo-carousel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9436-a4d9b1fab913268578f318671b68ca36.yaml b/nuclei-templates/2015/CVE-2015-9436-a4d9b1fab913268578f318671b68ca36.yaml
index ac77747e03..71b22fe4d5 100644
--- a/nuclei-templates/2015/CVE-2015-9436-a4d9b1fab913268578f318671b68ca36.yaml
+++ b/nuclei-templates/2015/CVE-2015-9436-a4d9b1fab913268578f318671b68ca36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dynamic Widgets <= 1.5.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dynamic-widgets/"
     google-query: inurl:"/wp-content/plugins/dynamic-widgets/"
     shodan-query: 'vuln:CVE-2015-9436'
-  tags: cve,wordpress,wp-plugin,dynamic-widgets,medium
+  tags: cve,wordpress,wp-plugin,dynamic-widgets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9437-7c8cf3109f4d4b196459b75b96aa728e.yaml b/nuclei-templates/2015/CVE-2015-9437-7c8cf3109f4d4b196459b75b96aa728e.yaml
index f4ea78afde..83a4f81a58 100644
--- a/nuclei-templates/2015/CVE-2015-9437-7c8cf3109f4d4b196459b75b96aa728e.yaml
+++ b/nuclei-templates/2015/CVE-2015-9437-7c8cf3109f4d4b196459b75b96aa728e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dynamic Widgets <= 1.5.10 - Refletced Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dynamic-widgets/"
     google-query: inurl:"/wp-content/plugins/dynamic-widgets/"
     shodan-query: 'vuln:CVE-2015-9437'
-  tags: cve,wordpress,wp-plugin,dynamic-widgets,medium
+  tags: cve,wordpress,wp-plugin,dynamic-widgets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9438-c88811f07a28a64dae50ff3a4d1213f5.yaml b/nuclei-templates/2015/CVE-2015-9438-c88811f07a28a64dae50ff3a4d1213f5.yaml
index 56149f449d..9a9aab4b06 100644
--- a/nuclei-templates/2015/CVE-2015-9438-c88811f07a28a64dae50ff3a4d1213f5.yaml
+++ b/nuclei-templates/2015/CVE-2015-9438-c88811f07a28a64dae50ff3a4d1213f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Display Widgets <= 2.03 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/display-widgets/"
     google-query: inurl:"/wp-content/plugins/display-widgets/"
     shodan-query: 'vuln:CVE-2015-9438'
-  tags: cve,wordpress,wp-plugin,display-widgets,medium
+  tags: cve,wordpress,wp-plugin,display-widgets,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9439-400e484570b51dd745ebe0689024ac48.yaml b/nuclei-templates/2015/CVE-2015-9439-400e484570b51dd745ebe0689024ac48.yaml
index 1f1147341f..d1d3054c45 100644
--- a/nuclei-templates/2015/CVE-2015-9439-400e484570b51dd745ebe0689024ac48.yaml
+++ b/nuclei-templates/2015/CVE-2015-9439-400e484570b51dd745ebe0689024ac48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AddThis Sharing Buttons <= 5.0.12 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addthis/"
     google-query: inurl:"/wp-content/plugins/addthis/"
     shodan-query: 'vuln:CVE-2015-9439'
-  tags: cve,wordpress,wp-plugin,addthis,medium
+  tags: cve,wordpress,wp-plugin,addthis,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9442-3231c8774c4d66bff9d3f46fb317e754.yaml b/nuclei-templates/2015/CVE-2015-9442-3231c8774c4d66bff9d3f46fb317e754.yaml
index e608b69138..55ea88b3b8 100644
--- a/nuclei-templates/2015/CVE-2015-9442-3231c8774c4d66bff9d3f46fb317e754.yaml
+++ b/nuclei-templates/2015/CVE-2015-9442-3231c8774c4d66bff9d3f46fb317e754.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avenir-soft Direct Download <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/avenirsoft-directdownload/"
     google-query: inurl:"/wp-content/plugins/avenirsoft-directdownload/"
     shodan-query: 'vuln:CVE-2015-9442'
-  tags: cve,wordpress,wp-plugin,avenirsoft-directdownload,medium
+  tags: cve,wordpress,wp-plugin,avenirsoft-directdownload,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9443-5c23a6c70aea6e2ef9477919b8442851.yaml b/nuclei-templates/2015/CVE-2015-9443-5c23a6c70aea6e2ef9477919b8442851.yaml
index 748645486d..03498483e5 100644
--- a/nuclei-templates/2015/CVE-2015-9443-5c23a6c70aea6e2ef9477919b8442851.yaml
+++ b/nuclei-templates/2015/CVE-2015-9443-5c23a6c70aea6e2ef9477919b8442851.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Accurate Form Data <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accurate-form-data-real-time-form-validation/"
     google-query: inurl:"/wp-content/plugins/accurate-form-data-real-time-form-validation/"
     shodan-query: 'vuln:CVE-2015-9443'
-  tags: cve,wordpress,wp-plugin,accurate-form-data-real-time-form-validation,high
+  tags: cve,wordpress,wp-plugin,accurate-form-data-real-time-form-validation,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9444-62fcd76831b1e2041b5f8a95a5780c32.yaml b/nuclei-templates/2015/CVE-2015-9444-62fcd76831b1e2041b5f8a95a5780c32.yaml
index dd53c6da79..c20fbdbbe7 100644
--- a/nuclei-templates/2015/CVE-2015-9444-62fcd76831b1e2041b5f8a95a5780c32.yaml
+++ b/nuclei-templates/2015/CVE-2015-9444-62fcd76831b1e2041b5f8a95a5780c32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Altos Connect <= 1.3.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/altos-connect/"
     google-query: inurl:"/wp-content/plugins/altos-connect/"
     shodan-query: 'vuln:CVE-2015-9444'
-  tags: cve,wordpress,wp-plugin,altos-connect,medium
+  tags: cve,wordpress,wp-plugin,altos-connect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9445-103ae57e192be7c58d97324e70895c9f.yaml b/nuclei-templates/2015/CVE-2015-9445-103ae57e192be7c58d97324e70895c9f.yaml
index 997aa25521..70ea02f1ba 100644
--- a/nuclei-templates/2015/CVE-2015-9445-103ae57e192be7c58d97324e70895c9f.yaml
+++ b/nuclei-templates/2015/CVE-2015-9445-103ae57e192be7c58d97324e70895c9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unite Gallery Lite <= 1.4.6 - Cross-Site Request Forgery & Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unite-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/unite-gallery-lite/"
     shodan-query: 'vuln:CVE-2015-9445'
-  tags: cve,wordpress,wp-plugin,unite-gallery-lite,high
+  tags: cve,wordpress,wp-plugin,unite-gallery-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9446-1ccd8092085adf5a5342024d683bb79b.yaml b/nuclei-templates/2015/CVE-2015-9446-1ccd8092085adf5a5342024d683bb79b.yaml
index 835b66ea72..985652f847 100644
--- a/nuclei-templates/2015/CVE-2015-9446-1ccd8092085adf5a5342024d683bb79b.yaml
+++ b/nuclei-templates/2015/CVE-2015-9446-1ccd8092085adf5a5342024d683bb79b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unite Gallery Lite < 1.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unite-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/unite-gallery-lite/"
     shodan-query: 'vuln:CVE-2015-9446'
-  tags: cve,wordpress,wp-plugin,unite-gallery-lite,high
+  tags: cve,wordpress,wp-plugin,unite-gallery-lite,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9447-e8e6f489ccaee4d00c096c7d8c466fc5.yaml b/nuclei-templates/2015/CVE-2015-9447-e8e6f489ccaee4d00c096c7d8c466fc5.yaml
index e2af475d8a..4f607e9cf5 100644
--- a/nuclei-templates/2015/CVE-2015-9447-e8e6f489ccaee4d00c096c7d8c466fc5.yaml
+++ b/nuclei-templates/2015/CVE-2015-9447-e8e6f489ccaee4d00c096c7d8c466fc5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unite Gallery Lite < 1.5 - Cross-Site Request Forgery and SQL Injection
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unite-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/unite-gallery-lite/"
     shodan-query: 'vuln:CVE-2015-9447'
-  tags: cve,wordpress,wp-plugin,unite-gallery-lite,high
+  tags: cve,wordpress,wp-plugin,unite-gallery-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9448-f386ff3f48b7d778335b6a97f6c41a43.yaml b/nuclei-templates/2015/CVE-2015-9448-f386ff3f48b7d778335b6a97f6c41a43.yaml
index d994261451..26cf1cf40a 100644
--- a/nuclei-templates/2015/CVE-2015-9448-f386ff3f48b7d778335b6a97f6c41a43.yaml
+++ b/nuclei-templates/2015/CVE-2015-9448-f386ff3f48b7d778335b6a97f6c41a43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SendPress Newsletters < 1.2 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sendpress/"
     google-query: inurl:"/wp-content/plugins/sendpress/"
     shodan-query: 'vuln:CVE-2015-9448'
-  tags: cve,wordpress,wp-plugin,sendpress,high
+  tags: cve,wordpress,wp-plugin,sendpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9449-02bdb4a60f8caf982b09839a595e4b9c.yaml b/nuclei-templates/2015/CVE-2015-9449-02bdb4a60f8caf982b09839a595e4b9c.yaml
index ffdb91c020..3909d5b622 100644
--- a/nuclei-templates/2015/CVE-2015-9449-02bdb4a60f8caf982b09839a595e4b9c.yaml
+++ b/nuclei-templates/2015/CVE-2015-9449-02bdb4a60f8caf982b09839a595e4b9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Microblog Poster < 1.6.2 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/microblog-poster/"
     google-query: inurl:"/wp-content/plugins/microblog-poster/"
     shodan-query: 'vuln:CVE-2015-9449'
-  tags: cve,wordpress,wp-plugin,microblog-poster,high
+  tags: cve,wordpress,wp-plugin,microblog-poster,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9453-0e68c0b9eccc4d13ea9a31e72c5947b1.yaml b/nuclei-templates/2015/CVE-2015-9453-0e68c0b9eccc4d13ea9a31e72c5947b1.yaml
index 13f056d522..184a17292b 100644
--- a/nuclei-templates/2015/CVE-2015-9453-0e68c0b9eccc4d13ea9a31e72c5947b1.yaml
+++ b/nuclei-templates/2015/CVE-2015-9453-0e68c0b9eccc4d13ea9a31e72c5947b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broken Link Manager < 0.6.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/broken-link-manager/"
     google-query: inurl:"/wp-content/plugins/broken-link-manager/"
     shodan-query: 'vuln:CVE-2015-9453'
-  tags: cve,wordpress,wp-plugin,broken-link-manager,medium
+  tags: cve,wordpress,wp-plugin,broken-link-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9454-60f28a7307d8376de999213f19e8d5bb.yaml b/nuclei-templates/2015/CVE-2015-9454-60f28a7307d8376de999213f19e8d5bb.yaml
index ae13957637..99d34e3b11 100644
--- a/nuclei-templates/2015/CVE-2015-9454-60f28a7307d8376de999213f19e8d5bb.yaml
+++ b/nuclei-templates/2015/CVE-2015-9454-60f28a7307d8376de999213f19e8d5bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smooth Slider < 2.7 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Smooth Slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smooth-slider/"
     google-query: inurl:"/wp-content/plugins/smooth-slider/"
     shodan-query: 'vuln:CVE-2015-9454'
-  tags: cve,wordpress,wp-plugin,smooth-slider,high
+  tags: cve,wordpress,wp-plugin,smooth-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9455-5f432c656be335dcd6d93a860c52a8ba.yaml b/nuclei-templates/2015/CVE-2015-9455-5f432c656be335dcd6d93a860c52a8ba.yaml
index ea5a4001d9..2ae3c51eda 100644
--- a/nuclei-templates/2015/CVE-2015-9455-5f432c656be335dcd6d93a860c52a8ba.yaml
+++ b/nuclei-templates/2015/CVE-2015-9455-5f432c656be335dcd6d93a860c52a8ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress Activity Plus <= 1.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-activity-plus/"
     google-query: inurl:"/wp-content/plugins/buddypress-activity-plus/"
     shodan-query: 'vuln:CVE-2015-9455'
-  tags: cve,wordpress,wp-plugin,buddypress-activity-plus,high
+  tags: cve,wordpress,wp-plugin,buddypress-activity-plus,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9457-41859e395573554f98122582c8a8f0c6.yaml b/nuclei-templates/2015/CVE-2015-9457-41859e395573554f98122582c8a8f0c6.yaml
index f3f9d025a4..c25edec7b3 100644
--- a/nuclei-templates/2015/CVE-2015-9457-41859e395573554f98122582c8a8f0c6.yaml
+++ b/nuclei-templates/2015/CVE-2015-9457-41859e395573554f98122582c8a8f0c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pretty Links – Link Management, Branding, Tracking & Sharing Plugin <= 1.6.7 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pretty-link/"
     google-query: inurl:"/wp-content/plugins/pretty-link/"
     shodan-query: 'vuln:CVE-2015-9457'
-  tags: cve,wordpress,wp-plugin,pretty-link,high
+  tags: cve,wordpress,wp-plugin,pretty-link,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9458-4fdb668b4072805be7b723dcf1d44abb.yaml b/nuclei-templates/2015/CVE-2015-9458-4fdb668b4072805be7b723dcf1d44abb.yaml
index 70a23674f7..e2a1685060 100644
--- a/nuclei-templates/2015/CVE-2015-9458-4fdb668b4072805be7b723dcf1d44abb.yaml
+++ b/nuclei-templates/2015/CVE-2015-9458-4fdb668b4072805be7b723dcf1d44abb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO SearchTerms Tagging 2 <=1.535 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/searchterms-tagging-2/"
     google-query: inurl:"/wp-content/plugins/searchterms-tagging-2/"
     shodan-query: 'vuln:CVE-2015-9458'
-  tags: cve,wordpress,wp-plugin,searchterms-tagging-2,high
+  tags: cve,wordpress,wp-plugin,searchterms-tagging-2,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9460-044e0b800aae833468f672b3d52648b9.yaml b/nuclei-templates/2015/CVE-2015-9460-044e0b800aae833468f672b3d52648b9.yaml
index 08d854c6cf..c7e370659e 100644
--- a/nuclei-templates/2015/CVE-2015-9460-044e0b800aae833468f672b3d52648b9.yaml
+++ b/nuclei-templates/2015/CVE-2015-9460-044e0b800aae833468f672b3d52648b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pinpoint Booking System – #1 WordPress Booking Plugin < 2.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-system/"
     google-query: inurl:"/wp-content/plugins/booking-system/"
     shodan-query: 'vuln:CVE-2015-9460'
-  tags: cve,wordpress,wp-plugin,booking-system,high
+  tags: cve,wordpress,wp-plugin,booking-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9461-18b2efc80a79b2c683b250abf8605dd3.yaml b/nuclei-templates/2015/CVE-2015-9461-18b2efc80a79b2c683b250abf8605dd3.yaml
index 7439375eb0..140476e8ae 100644
--- a/nuclei-templates/2015/CVE-2015-9461-18b2efc80a79b2c683b250abf8605dd3.yaml
+++ b/nuclei-templates/2015/CVE-2015-9461-18b2efc80a79b2c683b250abf8605dd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Filterable Portfolio < 1.9 - Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-filterable-portfolio/"
     google-query: inurl:"/wp-content/plugins/awesome-filterable-portfolio/"
     shodan-query: 'vuln:CVE-2015-9461'
-  tags: cve,wordpress,wp-plugin,awesome-filterable-portfolio,high
+  tags: cve,wordpress,wp-plugin,awesome-filterable-portfolio,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9462-d959830a068b86235ba87177aa38047a.yaml b/nuclei-templates/2015/CVE-2015-9462-d959830a068b86235ba87177aa38047a.yaml
index 15f7a68574..2bd7fb2cfa 100644
--- a/nuclei-templates/2015/CVE-2015-9462-d959830a068b86235ba87177aa38047a.yaml
+++ b/nuclei-templates/2015/CVE-2015-9462-d959830a068b86235ba87177aa38047a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Filterable Portfolio < 1.9 - Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-filterable-portfolio/"
     google-query: inurl:"/wp-content/plugins/awesome-filterable-portfolio/"
     shodan-query: 'vuln:CVE-2015-9462'
-  tags: cve,wordpress,wp-plugin,awesome-filterable-portfolio,high
+  tags: cve,wordpress,wp-plugin,awesome-filterable-portfolio,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9465-61995cd0cadb8b6360d652af233c94df.yaml b/nuclei-templates/2015/CVE-2015-9465-61995cd0cadb8b6360d652af233c94df.yaml
index 97a77ed8c3..2a5961805d 100644
--- a/nuclei-templates/2015/CVE-2015-9465-61995cd0cadb8b6360d652af233c94df.yaml
+++ b/nuclei-templates/2015/CVE-2015-9465-61995cd0cadb8b6360d652af233c94df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yasr – Yet Another Stars Rating < 0.9.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-stars-rating/"
     google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/"
     shodan-query: 'vuln:CVE-2015-9465'
-  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,high
+  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9468-426b7dfdb8bc5b0834ad851cf8e9ecfc.yaml b/nuclei-templates/2015/CVE-2015-9468-426b7dfdb8bc5b0834ad851cf8e9ecfc.yaml
index 6149bb1138..42f9ab8a26 100644
--- a/nuclei-templates/2015/CVE-2015-9468-426b7dfdb8bc5b0834ad851cf8e9ecfc.yaml
+++ b/nuclei-templates/2015/CVE-2015-9468-426b7dfdb8bc5b0834ad851cf8e9ecfc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broken Link Manager <= 0.4.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/broken-link-manager/"
     google-query: inurl:"/wp-content/plugins/broken-link-manager/"
     shodan-query: 'vuln:CVE-2015-9468'
-  tags: cve,wordpress,wp-plugin,broken-link-manager,medium
+  tags: cve,wordpress,wp-plugin,broken-link-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9469-d1c8ca034f832b8e22c96845d2890940.yaml b/nuclei-templates/2015/CVE-2015-9469-d1c8ca034f832b8e22c96845d2890940.yaml
index ba5a55dd5a..0ebb951607 100644
--- a/nuclei-templates/2015/CVE-2015-9469-d1c8ca034f832b8e22c96845d2890940.yaml
+++ b/nuclei-templates/2015/CVE-2015-9469-d1c8ca034f832b8e22c96845d2890940.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Grabber <= 1.0 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-grabber/"
     google-query: inurl:"/wp-content/plugins/content-grabber/"
     shodan-query: 'vuln:CVE-2015-9469'
-  tags: cve,wordpress,wp-plugin,content-grabber,medium
+  tags: cve,wordpress,wp-plugin,content-grabber,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9493-de81b18a854ce81734a5dca6853e283e.yaml b/nuclei-templates/2015/CVE-2015-9493-de81b18a854ce81734a5dca6853e283e.yaml
index 42bdf7d67a..7463c1d06a 100644
--- a/nuclei-templates/2015/CVE-2015-9493-de81b18a854ce81734a5dca6853e283e.yaml
+++ b/nuclei-templates/2015/CVE-2015-9493-de81b18a854ce81734a5dca6853e283e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Wish List < 1.4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-wish-list/"
     google-query: inurl:"/wp-content/plugins/my-wish-list/"
     shodan-query: 'vuln:CVE-2015-9493'
-  tags: cve,wordpress,wp-plugin,my-wish-list,medium
+  tags: cve,wordpress,wp-plugin,my-wish-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9494-76874a7b4a83992edc7c544ab3ce90f7.yaml b/nuclei-templates/2015/CVE-2015-9494-76874a7b4a83992edc7c544ab3ce90f7.yaml
index 23ee9bc359..db7c9c40f5 100644
--- a/nuclei-templates/2015/CVE-2015-9494-76874a7b4a83992edc7c544ab3ce90f7.yaml
+++ b/nuclei-templates/2015/CVE-2015-9494-76874a7b4a83992edc7c544ab3ce90f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Kinds < 1.3.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/indieweb-post-kinds/"
     google-query: inurl:"/wp-content/plugins/indieweb-post-kinds/"
     shodan-query: 'vuln:CVE-2015-9494'
-  tags: cve,wordpress,wp-plugin,indieweb-post-kinds,medium
+  tags: cve,wordpress,wp-plugin,indieweb-post-kinds,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9495-85ef6da03e1e6bb00fd985498d35a632.yaml b/nuclei-templates/2015/CVE-2015-9495-85ef6da03e1e6bb00fd985498d35a632.yaml
index 3d8a9e926e..41e5577420 100644
--- a/nuclei-templates/2015/CVE-2015-9495-85ef6da03e1e6bb00fd985498d35a632.yaml
+++ b/nuclei-templates/2015/CVE-2015-9495-85ef6da03e1e6bb00fd985498d35a632.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Syndication Links < 1.0.3 - DOM-based Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Syndication Links plugin for WordPress is vulnerable to DOM-based Cross-Site Scripting via the genericons/example.html anchor identifier in versions up to 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/syndication-links/"
     google-query: inurl:"/wp-content/plugins/syndication-links/"
     shodan-query: 'vuln:CVE-2015-9495'
-  tags: cve,wordpress,wp-plugin,syndication-links,medium
+  tags: cve,wordpress,wp-plugin,syndication-links,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9496-65920cbefe2613a05348e64d8746a7b6.yaml b/nuclei-templates/2015/CVE-2015-9496-65920cbefe2613a05348e64d8746a7b6.yaml
index 87d0908731..b36a6fa0f1 100644
--- a/nuclei-templates/2015/CVE-2015-9496-65920cbefe2613a05348e64d8746a7b6.yaml
+++ b/nuclei-templates/2015/CVE-2015-9496-65920cbefe2613a05348e64d8746a7b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freshmail for WordPress <= 1.5.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/freshmail-newsletter/"
     google-query: inurl:"/wp-content/plugins/freshmail-newsletter/"
     shodan-query: 'vuln:CVE-2015-9496'
-  tags: cve,wordpress,wp-plugin,freshmail-newsletter,high
+  tags: cve,wordpress,wp-plugin,freshmail-newsletter,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9497-79f632cd97a0ebb6e16d846a092aa9f0.yaml b/nuclei-templates/2015/CVE-2015-9497-79f632cd97a0ebb6e16d846a092aa9f0.yaml
index bfd2e35bae..c8c5a4d84e 100644
--- a/nuclei-templates/2015/CVE-2015-9497-79f632cd97a0ebb6e16d846a092aa9f0.yaml
+++ b/nuclei-templates/2015/CVE-2015-9497-79f632cd97a0ebb6e16d846a092aa9f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ad Inserter – Ad Manager & AdSense Ads < 1.5.3 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ad-inserter/"
     google-query: inurl:"/wp-content/plugins/ad-inserter/"
     shodan-query: 'vuln:CVE-2015-9497'
-  tags: cve,wordpress,wp-plugin,ad-inserter,high
+  tags: cve,wordpress,wp-plugin,ad-inserter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9498-efc5740c90ff0a59809e4e9849d0d149.yaml b/nuclei-templates/2015/CVE-2015-9498-efc5740c90ff0a59809e4e9849d0d149.yaml
index 5d9e04028d..26917f5b6d 100644
--- a/nuclei-templates/2015/CVE-2015-9498-efc5740c90ff0a59809e4e9849d0d149.yaml
+++ b/nuclei-templates/2015/CVE-2015-9498-efc5740c90ff0a59809e4e9849d0d149.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPS Hide Login <= 1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wps-hide-login/"
     google-query: inurl:"/wp-content/plugins/wps-hide-login/"
     shodan-query: 'vuln:CVE-2015-9498'
-  tags: cve,wordpress,wp-plugin,wps-hide-login,high
+  tags: cve,wordpress,wp-plugin,wps-hide-login,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9500-4569fe83ce2bb42a6e266298e47ccef7.yaml b/nuclei-templates/2015/CVE-2015-9500-4569fe83ce2bb42a6e266298e47ccef7.yaml
index b4d49afce3..799e75667c 100644
--- a/nuclei-templates/2015/CVE-2015-9500-4569fe83ce2bb42a6e266298e47ccef7.yaml
+++ b/nuclei-templates/2015/CVE-2015-9500-4569fe83ce2bb42a6e266298e47ccef7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exquisite - Ultimate Newspaper Theme <= 1.3.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/exquisite-wp/"
     google-query: inurl:"/wp-content/themes/exquisite-wp/"
     shodan-query: 'vuln:CVE-2015-9500'
-  tags: cve,wordpress,wp-theme,exquisite-wp,medium
+  tags: cve,wordpress,wp-theme,exquisite-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9501-e655964abfea5d2b4e77a9418e2e0409.yaml b/nuclei-templates/2015/CVE-2015-9501-e655964abfea5d2b4e77a9418e2e0409.yaml
index 1f5c6954ec..b1ba0eb977 100644
--- a/nuclei-templates/2015/CVE-2015-9501-e655964abfea5d2b4e77a9418e2e0409.yaml
+++ b/nuclei-templates/2015/CVE-2015-9501-e655964abfea5d2b4e77a9418e2e0409.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Artificial Intelligence < 1.2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/artificial-intelligence/"
     google-query: inurl:"/wp-content/themes/artificial-intelligence/"
     shodan-query: 'vuln:CVE-2015-9501'
-  tags: cve,wordpress,wp-theme,artificial-intelligence,medium
+  tags: cve,wordpress,wp-theme,artificial-intelligence,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9502-5d7be31521ee03a3c41d06e3d9d363f9.yaml b/nuclei-templates/2015/CVE-2015-9502-5d7be31521ee03a3c41d06e3d9d363f9.yaml
index 9aa69e974d..51fc8579e9 100644
--- a/nuclei-templates/2015/CVE-2015-9502-5d7be31521ee03a3c41d06e3d9d363f9.yaml
+++ b/nuclei-templates/2015/CVE-2015-9502-5d7be31521ee03a3c41d06e3d9d363f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auberge < 1.4.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/auberge/"
     google-query: inurl:"/wp-content/themes/auberge/"
     shodan-query: 'vuln:CVE-2015-9502'
-  tags: cve,wordpress,wp-theme,auberge,medium
+  tags: cve,wordpress,wp-theme,auberge,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9503-51ba94283b04aa5998cb156cf18689aa.yaml b/nuclei-templates/2015/CVE-2015-9503-51ba94283b04aa5998cb156cf18689aa.yaml
index ec68605655..51111b86a4 100644
--- a/nuclei-templates/2015/CVE-2015-9503-51ba94283b04aa5998cb156cf18689aa.yaml
+++ b/nuclei-templates/2015/CVE-2015-9503-51ba94283b04aa5998cb156cf18689aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern <= 1.4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/modern/"
     google-query: inurl:"/wp-content/themes/modern/"
     shodan-query: 'vuln:CVE-2015-9503'
-  tags: cve,wordpress,wp-theme,modern,medium
+  tags: cve,wordpress,wp-theme,modern,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9504-a66c423ab6d157ff18cae8cbb8d16a15.yaml b/nuclei-templates/2015/CVE-2015-9504-a66c423ab6d157ff18cae8cbb8d16a15.yaml
index 6f1328eefa..21e598c7c1 100644
--- a/nuclei-templates/2015/CVE-2015-9504-a66c423ab6d157ff18cae8cbb8d16a15.yaml
+++ b/nuclei-templates/2015/CVE-2015-9504-a66c423ab6d157ff18cae8cbb8d16a15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weekly News < 2.2.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/weeklynews/"
     google-query: inurl:"/wp-content/themes/weeklynews/"
     shodan-query: 'vuln:CVE-2015-9504'
-  tags: cve,wordpress,wp-theme,weeklynews,medium
+  tags: cve,wordpress,wp-theme,weeklynews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9505-a71d6df449db20ab9c26824728336769.yaml b/nuclei-templates/2015/CVE-2015-9505-a71d6df449db20ab9c26824728336769.yaml
index f1c7646d56..6e4762ca77 100644
--- a/nuclei-templates/2015/CVE-2015-9505-a71d6df449db20ab9c26824728336769.yaml
+++ b/nuclei-templates/2015/CVE-2015-9505-a71d6df449db20ab9c26824728336769.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.3.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-digital-downloads/"
     google-query: inurl:"/wp-content/plugins/easy-digital-downloads/"
     shodan-query: 'vuln:CVE-2015-9505'
-  tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium
+  tags: cve,wordpress,wp-plugin,easy-digital-downloads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9506-188892e32d2c439c02d6eec7a4adfdb5.yaml b/nuclei-templates/2015/CVE-2015-9506-188892e32d2c439c02d6eec7a4adfdb5.yaml
index ec68665e15..2f6abac932 100644
--- a/nuclei-templates/2015/CVE-2015-9506-188892e32d2c439c02d6eec7a4adfdb5.yaml
+++ b/nuclei-templates/2015/CVE-2015-9506-188892e32d2c439c02d6eec7a4adfdb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Amazon S3 <= 2.1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-amazon-s3/"
     google-query: inurl:"/wp-content/plugins/edd-amazon-s3/"
     shodan-query: 'vuln:CVE-2015-9506'
-  tags: cve,wordpress,wp-plugin,edd-amazon-s3,medium
+  tags: cve,wordpress,wp-plugin,edd-amazon-s3,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9511-3b1d00a18f864c139ec613a9e0ffecf2.yaml b/nuclei-templates/2015/CVE-2015-9511-3b1d00a18f864c139ec613a9e0ffecf2.yaml
index 9f09fa8ccd..3ba14ca17d 100644
--- a/nuclei-templates/2015/CVE-2015-9511-3b1d00a18f864c139ec613a9e0ffecf2.yaml
+++ b/nuclei-templates/2015/CVE-2015-9511-3b1d00a18f864c139ec613a9e0ffecf2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Conditional Success Redirects < 1.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-conditional-success-redirects/"
     google-query: inurl:"/wp-content/plugins/edd-conditional-success-redirects/"
     shodan-query: 'vuln:CVE-2015-9511'
-  tags: cve,wordpress,wp-plugin,edd-conditional-success-redirects,medium
+  tags: cve,wordpress,wp-plugin,edd-conditional-success-redirects,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9512-4ada8035109d6dc47e94b2c651edea20.yaml b/nuclei-templates/2015/CVE-2015-9512-4ada8035109d6dc47e94b2c651edea20.yaml
index 405c9fa7eb..95199b796b 100644
--- a/nuclei-templates/2015/CVE-2015-9512-4ada8035109d6dc47e94b2c651edea20.yaml
+++ b/nuclei-templates/2015/CVE-2015-9512-4ada8035109d6dc47e94b2c651edea20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads (Various Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads Plugin for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-digital-downloads/"
     google-query: inurl:"/wp-content/plugins/easy-digital-downloads/"
     shodan-query: 'vuln:CVE-2015-9512'
-  tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium
+  tags: cve,wordpress,wp-plugin,easy-digital-downloads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9513-4f94094a1cb01e1f7943775986788b65.yaml b/nuclei-templates/2015/CVE-2015-9513-4f94094a1cb01e1f7943775986788b65.yaml
index c9492b548e..bf47145f27 100644
--- a/nuclei-templates/2015/CVE-2015-9513-4f94094a1cb01e1f7943775986788b65.yaml
+++ b/nuclei-templates/2015/CVE-2015-9513-4f94094a1cb01e1f7943775986788b65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Favorites <= 1.0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-favorites/"
     google-query: inurl:"/wp-content/plugins/edd-favorites/"
     shodan-query: 'vuln:CVE-2015-9513'
-  tags: cve,wordpress,wp-plugin,edd-favorites,medium
+  tags: cve,wordpress,wp-plugin,edd-favorites,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9516-61717663c17e62c7f08a76483f0eeff3.yaml b/nuclei-templates/2015/CVE-2015-9516-61717663c17e62c7f08a76483f0eeff3.yaml
index 46cc92060e..1faac25c80 100644
--- a/nuclei-templates/2015/CVE-2015-9516-61717663c17e62c7f08a76483f0eeff3.yaml
+++ b/nuclei-templates/2015/CVE-2015-9516-61717663c17e62c7f08a76483f0eeff3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Invoices <= 1.0.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-invoices/"
     google-query: inurl:"/wp-content/plugins/edd-invoices/"
     shodan-query: 'vuln:CVE-2015-9516'
-  tags: cve,wordpress,wp-plugin,edd-invoices,medium
+  tags: cve,wordpress,wp-plugin,edd-invoices,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9518-d21243f7c0461744fbee4b3ace491e32.yaml b/nuclei-templates/2015/CVE-2015-9518-d21243f7c0461744fbee4b3ace491e32.yaml
index 92f8ed799a..7ba4cfbd42 100644
--- a/nuclei-templates/2015/CVE-2015-9518-d21243f7c0461744fbee4b3ace491e32.yaml
+++ b/nuclei-templates/2015/CVE-2015-9518-d21243f7c0461744fbee4b3ace491e32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – PDF Invoices < 1.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-invoices/"
     google-query: inurl:"/wp-content/plugins/edd-invoices/"
     shodan-query: 'vuln:CVE-2015-9518'
-  tags: cve,wordpress,wp-plugin,edd-invoices,medium
+  tags: cve,wordpress,wp-plugin,edd-invoices,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9519-7028a373145887022c971f45128fcdba.yaml b/nuclei-templates/2015/CVE-2015-9519-7028a373145887022c971f45128fcdba.yaml
index e19674979c..46c9330d1d 100644
--- a/nuclei-templates/2015/CVE-2015-9519-7028a373145887022c971f45128fcdba.yaml
+++ b/nuclei-templates/2015/CVE-2015-9519-7028a373145887022c971f45128fcdba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – PDF Stamper <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-pdf-stamper/"
     google-query: inurl:"/wp-content/plugins/edd-pdf-stamper/"
     shodan-query: 'vuln:CVE-2015-9519'
-  tags: cve,wordpress,wp-plugin,edd-pdf-stamper,medium
+  tags: cve,wordpress,wp-plugin,edd-pdf-stamper,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9520-d51efaf8de0ecaf24f9a181bc5d20bee.yaml b/nuclei-templates/2015/CVE-2015-9520-d51efaf8de0ecaf24f9a181bc5d20bee.yaml
index 4b7d645749..99a3af5c1c 100644
--- a/nuclei-templates/2015/CVE-2015-9520-d51efaf8de0ecaf24f9a181bc5d20bee.yaml
+++ b/nuclei-templates/2015/CVE-2015-9520-d51efaf8de0ecaf24f9a181bc5d20bee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Per Product Emails < 1.0.9  - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Per Product Emails extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-per-product-emails/"
     google-query: inurl:"/wp-content/plugins/edd-per-product-emails/"
     shodan-query: 'vuln:CVE-2015-9520'
-  tags: cve,wordpress,wp-plugin,edd-per-product-emails,medium
+  tags: cve,wordpress,wp-plugin,edd-per-product-emails,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9523-2d450de1fce5683a098921397bf9fd03.yaml b/nuclei-templates/2015/CVE-2015-9523-2d450de1fce5683a098921397bf9fd03.yaml
index 42a2d50f59..feff36c75a 100644
--- a/nuclei-templates/2015/CVE-2015-9523-2d450de1fce5683a098921397bf9fd03.yaml
+++ b/nuclei-templates/2015/CVE-2015-9523-2d450de1fce5683a098921397bf9fd03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Recommended Products <= 1.2.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recommended-products-edd/"
     google-query: inurl:"/wp-content/plugins/recommended-products-edd/"
     shodan-query: 'vuln:CVE-2015-9523'
-  tags: cve,wordpress,wp-plugin,recommended-products-edd,medium
+  tags: cve,wordpress,wp-plugin,recommended-products-edd,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9524-5c7b076501be3d3c98666ffe30ae6a26.yaml b/nuclei-templates/2015/CVE-2015-9524-5c7b076501be3d3c98666ffe30ae6a26.yaml
index 7c0b3ddf92..b5610aa856 100644
--- a/nuclei-templates/2015/CVE-2015-9524-5c7b076501be3d3c98666ffe30ae6a26.yaml
+++ b/nuclei-templates/2015/CVE-2015-9524-5c7b076501be3d3c98666ffe30ae6a26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Recount Earnings <= 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. The standalone extension was not patched and a patched version was instead integrated into EDD Core.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-recount-earnings/"
     google-query: inurl:"/wp-content/plugins/edd-recount-earnings/"
     shodan-query: 'vuln:CVE-2015-9524'
-  tags: cve,wordpress,wp-plugin,edd-recount-earnings,medium
+  tags: cve,wordpress,wp-plugin,edd-recount-earnings,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9525-099ead226109d18c4bc71e3d4e743b55.yaml b/nuclei-templates/2015/CVE-2015-9525-099ead226109d18c4bc71e3d4e743b55.yaml
index 80e2855cac..6100b34dda 100644
--- a/nuclei-templates/2015/CVE-2015-9525-099ead226109d18c4bc71e3d4e743b55.yaml
+++ b/nuclei-templates/2015/CVE-2015-9525-099ead226109d18c4bc71e3d4e743b55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Recurring Payments <= 2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-recurring-payments/"
     google-query: inurl:"/wp-content/plugins/edd-recurring-payments/"
     shodan-query: 'vuln:CVE-2015-9525'
-  tags: cve,wordpress,wp-plugin,edd-recurring-payments,medium
+  tags: cve,wordpress,wp-plugin,edd-recurring-payments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9527-c110f3311248c25cc2e6e53a20d9f8d7.yaml b/nuclei-templates/2015/CVE-2015-9527-c110f3311248c25cc2e6e53a20d9f8d7.yaml
index fbd39bbb7a..a361d6fbc9 100644
--- a/nuclei-templates/2015/CVE-2015-9527-c110f3311248c25cc2e6e53a20d9f8d7.yaml
+++ b/nuclei-templates/2015/CVE-2015-9527-c110f3311248c25cc2e6e53a20d9f8d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Simple Shipping <= 2.1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-shipping-edd/"
     google-query: inurl:"/wp-content/plugins/simple-shipping-edd/"
     shodan-query: 'vuln:CVE-2015-9527'
-  tags: cve,wordpress,wp-plugin,simple-shipping-edd,medium
+  tags: cve,wordpress,wp-plugin,simple-shipping-edd,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9528-52e4049030db45f1344545c480f7a4ef.yaml b/nuclei-templates/2015/CVE-2015-9528-52e4049030db45f1344545c480f7a4ef.yaml
index a260d2edbf..4cfdcfb7ba 100644
--- a/nuclei-templates/2015/CVE-2015-9528-52e4049030db45f1344545c480f7a4ef.yaml
+++ b/nuclei-templates/2015/CVE-2015-9528-52e4049030db45f1344545c480f7a4ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Software Licensing < 3.2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-software-licensing/"
     google-query: inurl:"/wp-content/plugins/edd-software-licensing/"
     shodan-query: 'vuln:CVE-2015-9528'
-  tags: cve,wordpress,wp-plugin,edd-software-licensing,medium
+  tags: cve,wordpress,wp-plugin,edd-software-licensing,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9531-0633b5d5c2288fd164f50f774a52dac5.yaml b/nuclei-templates/2015/CVE-2015-9531-0633b5d5c2288fd164f50f774a52dac5.yaml
index 99583d8f28..8ad4a38cf4 100644
--- a/nuclei-templates/2015/CVE-2015-9531-0633b5d5c2288fd164f50f774a52dac5.yaml
+++ b/nuclei-templates/2015/CVE-2015-9531-0633b5d5c2288fd164f50f774a52dac5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Wish Lists < 1.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-wish-lists/"
     google-query: inurl:"/wp-content/plugins/edd-wish-lists/"
     shodan-query: 'vuln:CVE-2015-9531'
-  tags: cve,wordpress,wp-plugin,edd-wish-lists,medium
+  tags: cve,wordpress,wp-plugin,edd-wish-lists,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9532-f5fc5bca6e41d90a9454914bbfeeafc7.yaml b/nuclei-templates/2015/CVE-2015-9532-f5fc5bca6e41d90a9454914bbfeeafc7.yaml
index 04de571698..4003cfbd68 100644
--- a/nuclei-templates/2015/CVE-2015-9532-f5fc5bca6e41d90a9454914bbfeeafc7.yaml
+++ b/nuclei-templates/2015/CVE-2015-9532-f5fc5bca6e41d90a9454914bbfeeafc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads (EDD) Digital Store < 1.3.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/digital-store/"
     google-query: inurl:"/wp-content/themes/digital-store/"
     shodan-query: 'vuln:CVE-2015-9532'
-  tags: cve,wordpress,wp-theme,digital-store,medium
+  tags: cve,wordpress,wp-theme,digital-store,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9533-a3693c90a0060afc06ae1758aa95f75e.yaml b/nuclei-templates/2015/CVE-2015-9533-a3693c90a0060afc06ae1758aa95f75e.yaml
index 923928f60e..9c20d31e4e 100644
--- a/nuclei-templates/2015/CVE-2015-9533-a3693c90a0060afc06ae1758aa95f75e.yaml
+++ b/nuclei-templates/2015/CVE-2015-9533-a3693c90a0060afc06ae1758aa95f75e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lattice < 1.1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/lattice/"
     google-query: inurl:"/wp-content/themes/lattice/"
     shodan-query: 'vuln:CVE-2015-9533'
-  tags: cve,wordpress,wp-theme,lattice,medium
+  tags: cve,wordpress,wp-theme,lattice,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9534-b91f6a56da52c114b3a84093ea345821.yaml b/nuclei-templates/2015/CVE-2015-9534-b91f6a56da52c114b3a84093ea345821.yaml
index 31ee398f5d..120937047b 100644
--- a/nuclei-templates/2015/CVE-2015-9534-b91f6a56da52c114b3a84093ea345821.yaml
+++ b/nuclei-templates/2015/CVE-2015-9534-b91f6a56da52c114b3a84093ea345821.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads - Quota < 1.2.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Quota theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/themes/quota/"
     google-query: inurl:"/wp-content/themes/quota/"
     shodan-query: 'vuln:CVE-2015-9534'
-  tags: cve,wordpress,wp-theme,quota,medium
+  tags: cve,wordpress,wp-theme,quota,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9535-c5cd64fdc88a18d66954d78adc22f76d.yaml b/nuclei-templates/2015/CVE-2015-9535-c5cd64fdc88a18d66954d78adc22f76d.yaml
index 9c671f7663..4c5a9fdb1e 100644
--- a/nuclei-templates/2015/CVE-2015-9535-c5cd64fdc88a18d66954d78adc22f76d.yaml
+++ b/nuclei-templates/2015/CVE-2015-9535-c5cd64fdc88a18d66954d78adc22f76d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Shoppette Theme < 1.0.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. *Shoppette theme patched in 1.0.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/shoppette/"
     google-query: inurl:"/wp-content/themes/shoppette/"
     shodan-query: 'vuln:CVE-2015-9535'
-  tags: cve,wordpress,wp-theme,shoppette,medium
+  tags: cve,wordpress,wp-theme,shoppette,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9536-b586a8ab64bee13c2ee807e747d50adb.yaml b/nuclei-templates/2015/CVE-2015-9536-b586a8ab64bee13c2ee807e747d50adb.yaml
index 0a05b945aa..eb865b50e9 100644
--- a/nuclei-templates/2015/CVE-2015-9536-b586a8ab64bee13c2ee807e747d50adb.yaml
+++ b/nuclei-templates/2015/CVE-2015-9536-b586a8ab64bee13c2ee807e747d50adb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads (EDD) Twenty-Twelve < 1.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/twenty-twelve-edd/"
     google-query: inurl:"/wp-content/themes/twenty-twelve-edd/"
     shodan-query: 'vuln:CVE-2015-9536'
-  tags: cve,wordpress,wp-theme,twenty-twelve-edd,medium
+  tags: cve,wordpress,wp-theme,twenty-twelve-edd,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9537-862a8430206366dd5f1306f54a1da83a.yaml b/nuclei-templates/2015/CVE-2015-9537-862a8430206366dd5f1306f54a1da83a.yaml
index 24480916f5..248e3834c6 100644
--- a/nuclei-templates/2015/CVE-2015-9537-862a8430206366dd5f1306f54a1da83a.yaml
+++ b/nuclei-templates/2015/CVE-2015-9537-862a8430206366dd5f1306f54a1da83a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGen Gallery <= 2.1.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2015-9537'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9538-c2a9c94ee32f4cfd4a8e1474373c16d3.yaml b/nuclei-templates/2015/CVE-2015-9538-c2a9c94ee32f4cfd4a8e1474373c16d3.yaml
index c64729f47a..e5c1bc387a 100644
--- a/nuclei-templates/2015/CVE-2015-9538-c2a9c94ee32f4cfd4a8e1474373c16d3.yaml
+++ b/nuclei-templates/2015/CVE-2015-9538-c2a9c94ee32f4cfd4a8e1474373c16d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGen Gallery <= 2.1.10 - Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2015-9538'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2015/CVE-2015-9539-503833e43a0634ab7984563e9c441bb9.yaml b/nuclei-templates/2015/CVE-2015-9539-503833e43a0634ab7984563e9c441bb9.yaml
index 4e3899b2aa..449dd7313d 100644
--- a/nuclei-templates/2015/CVE-2015-9539-503833e43a0634ab7984563e9c441bb9.yaml
+++ b/nuclei-templates/2015/CVE-2015-9539-503833e43a0634ab7984563e9c441bb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fast Secure Contact Form <= 4.0.37 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/si-contact-form/"
     google-query: inurl:"/wp-content/plugins/si-contact-form/"
     shodan-query: 'vuln:CVE-2015-9539'
-  tags: cve,wordpress,wp-plugin,si-contact-form,medium
+  tags: cve,wordpress,wp-plugin,si-contact-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-0765-7e99952543b7586dc6b3250a2122b0f9.yaml b/nuclei-templates/2016/CVE-2016-0765-7e99952543b7586dc6b3250a2122b0f9.yaml
index 739c32b915..bbc163a881 100644
--- a/nuclei-templates/2016/CVE-2016-0765-7e99952543b7586dc6b3250a2122b0f9.yaml
+++ b/nuclei-templates/2016/CVE-2016-0765-7e99952543b7586dc6b3250a2122b0f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eShop <= 6.3.14 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eshop/"
     google-query: inurl:"/wp-content/plugins/eshop/"
     shodan-query: 'vuln:CVE-2016-0765'
-  tags: cve,wordpress,wp-plugin,eshop,medium
+  tags: cve,wordpress,wp-plugin,eshop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-0769-6b1f692527a7829aa26f6946e0d77ddd.yaml b/nuclei-templates/2016/CVE-2016-0769-6b1f692527a7829aa26f6946e0d77ddd.yaml
index 1559b96db0..0dbda293aa 100644
--- a/nuclei-templates/2016/CVE-2016-0769-6b1f692527a7829aa26f6946e0d77ddd.yaml
+++ b/nuclei-templates/2016/CVE-2016-0769-6b1f692527a7829aa26f6946e0d77ddd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eShop <= 6.3.14 - Multiple SQL Injections
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eshop/"
     google-query: inurl:"/wp-content/plugins/eshop/"
     shodan-query: 'vuln:CVE-2016-0769'
-  tags: cve,wordpress,wp-plugin,eshop,high
+  tags: cve,wordpress,wp-plugin,eshop,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-0770-cf74b8fc2d5310123c3eee779bc13fa4.yaml b/nuclei-templates/2016/CVE-2016-0770-cf74b8fc2d5310123c3eee779bc13fa4.yaml
index bf57d3b474..50f3afeeba 100644
--- a/nuclei-templates/2016/CVE-2016-0770-cf74b8fc2d5310123c3eee779bc13fa4.yaml
+++ b/nuclei-templates/2016/CVE-2016-0770-cf74b8fc2d5310123c3eee779bc13fa4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Connections Business Directory < 8.5.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/connections/"
     google-query: inurl:"/wp-content/plugins/connections/"
     shodan-query: 'vuln:CVE-2016-0770'
-  tags: cve,wordpress,wp-plugin,connections,medium
+  tags: cve,wordpress,wp-plugin,connections,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-1000147-f1d9f474bbf4576d12894725bd74f389.yaml b/nuclei-templates/2016/CVE-2016-1000147-f1d9f474bbf4576d12894725bd74f389.yaml
index 5035e4032e..1afc994202 100644
--- a/nuclei-templates/2016/CVE-2016-1000147-f1d9f474bbf4576d12894725bd74f389.yaml
+++ b/nuclei-templates/2016/CVE-2016-1000147-f1d9f474bbf4576d12894725bd74f389.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Recipes Writer <= 1.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Reflected XSS in wordpress plugin recipes-writer v1.0.4
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recipes-writer/"
     google-query: inurl:"/wp-content/plugins/recipes-writer/"
     shodan-query: 'vuln:CVE-2016-1000147'
-  tags: cve,wordpress,wp-plugin,recipes-writer,medium
+  tags: cve,wordpress,wp-plugin,recipes-writer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-1000152-885c0e7d869967a6d9428aa8fe4ebe55.yaml b/nuclei-templates/2016/CVE-2016-1000152-885c0e7d869967a6d9428aa8fe4ebe55.yaml
index fa029ccb63..c2126a0387 100644
--- a/nuclei-templates/2016/CVE-2016-1000152-885c0e7d869967a6d9428aa8fe4ebe55.yaml
+++ b/nuclei-templates/2016/CVE-2016-1000152-885c0e7d869967a6d9428aa8fe4ebe55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Contact Form Builder < 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Reflected XSS in wordpress plugin tidio-form v1.0
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tidio-form/"
     google-query: inurl:"/wp-content/plugins/tidio-form/"
     shodan-query: 'vuln:CVE-2016-1000152'
-  tags: cve,wordpress,wp-plugin,tidio-form,medium
+  tags: cve,wordpress,wp-plugin,tidio-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10112-8157d8b031515138cda4bb1e1c15680c.yaml b/nuclei-templates/2016/CVE-2016-10112-8157d8b031515138cda4bb1e1c15680c.yaml
index 548d4c07a1..10c773d13d 100644
--- a/nuclei-templates/2016/CVE-2016-10112-8157d8b031515138cda4bb1e1c15680c.yaml
+++ b/nuclei-templates/2016/CVE-2016-10112-8157d8b031515138cda4bb1e1c15680c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 2.6.8 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:CVE-2016-10112'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10148-0cd25473d47849a11f534f0b196b97ae.yaml b/nuclei-templates/2016/CVE-2016-10148-0cd25473d47849a11f534f0b196b97ae.yaml
index a7aab53377..7e8533086d 100644
--- a/nuclei-templates/2016/CVE-2016-10148-0cd25473d47849a11f534f0b196b97ae.yaml
+++ b/nuclei-templates/2016/CVE-2016-10148-0cd25473d47849a11f534f0b196b97ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.6 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-10148
   metadata:
     shodan-query: 'vuln:CVE-2016-10148'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10705-b0d263ca65579d9d14b154cf891cd65e.yaml b/nuclei-templates/2016/CVE-2016-10705-b0d263ca65579d9d14b154cf891cd65e.yaml
index 0ebac63b62..9a457c003c 100644
--- a/nuclei-templates/2016/CVE-2016-10705-b0d263ca65579d9d14b154cf891cd65e.yaml
+++ b/nuclei-templates/2016/CVE-2016-10705-b0d263ca65579d9d14b154cf891cd65e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack <= 4.0.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetpack/"
     google-query: inurl:"/wp-content/plugins/jetpack/"
     shodan-query: 'vuln:CVE-2016-10705'
-  tags: cve,wordpress,wp-plugin,jetpack,medium
+  tags: cve,wordpress,wp-plugin,jetpack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10706-2be7d29f9bb984978a5f99c0ed30a7ed.yaml b/nuclei-templates/2016/CVE-2016-10706-2be7d29f9bb984978a5f99c0ed30a7ed.yaml
index 48325122df..c5a99b2b72 100644
--- a/nuclei-templates/2016/CVE-2016-10706-2be7d29f9bb984978a5f99c0ed30a7ed.yaml
+++ b/nuclei-templates/2016/CVE-2016-10706-2be7d29f9bb984978a5f99c0ed30a7ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack <= 4.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetpack/"
     google-query: inurl:"/wp-content/plugins/jetpack/"
     shodan-query: 'vuln:CVE-2016-10706'
-  tags: cve,wordpress,wp-plugin,jetpack,medium
+  tags: cve,wordpress,wp-plugin,jetpack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10763-1b1736563be4cd48928200e2f20f46f4.yaml b/nuclei-templates/2016/CVE-2016-10763-1b1736563be4cd48928200e2f20f46f4.yaml
index ed67c1f376..e2eb84c8da 100644
--- a/nuclei-templates/2016/CVE-2016-10763-1b1736563be4cd48928200e2f20f46f4.yaml
+++ b/nuclei-templates/2016/CVE-2016-10763-1b1736563be4cd48928200e2f20f46f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CampTix Event Ticketing < 1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/camptix/"
     google-query: inurl:"/wp-content/plugins/camptix/"
     shodan-query: 'vuln:CVE-2016-10763'
-  tags: cve,wordpress,wp-plugin,camptix,medium
+  tags: cve,wordpress,wp-plugin,camptix,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10867-e1b9583cb78e016115d982acbd157618.yaml b/nuclei-templates/2016/CVE-2016-10867-e1b9583cb78e016115d982acbd157618.yaml
index e3454d5a73..0da106bcbb 100644
--- a/nuclei-templates/2016/CVE-2016-10867-e1b9583cb78e016115d982acbd157618.yaml
+++ b/nuclei-templates/2016/CVE-2016-10867-e1b9583cb78e016115d982acbd157618.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One WP Security & Firewall <= 4.0.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/"
     shodan-query: 'vuln:CVE-2016-10867'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10868-7567c31561b747bfa0cbc91d7005334d.yaml b/nuclei-templates/2016/CVE-2016-10868-7567c31561b747bfa0cbc91d7005334d.yaml
index aabab4d3b6..bfceeb70ae 100644
--- a/nuclei-templates/2016/CVE-2016-10868-7567c31561b747bfa0cbc91d7005334d.yaml
+++ b/nuclei-templates/2016/CVE-2016-10868-7567c31561b747bfa0cbc91d7005334d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One WP Security & Firewall <= 4.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/"
     shodan-query: 'vuln:CVE-2016-10868'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10869-28ac556db560c4dbe8e302546acf1314.yaml b/nuclei-templates/2016/CVE-2016-10869-28ac556db560c4dbe8e302546acf1314.yaml
index d2d2fa0d73..80d5c42efc 100644
--- a/nuclei-templates/2016/CVE-2016-10869-28ac556db560c4dbe8e302546acf1314.yaml
+++ b/nuclei-templates/2016/CVE-2016-10869-28ac556db560c4dbe8e302546acf1314.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress <= 4.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-plugin/"
     google-query: inurl:"/wp-content/plugins/contact-form-plugin/"
     shodan-query: 'vuln:CVE-2016-10869'
-  tags: cve,wordpress,wp-plugin,contact-form-plugin,medium
+  tags: cve,wordpress,wp-plugin,contact-form-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10870-a6e38c48f14b76ed761e5c6ec8e4f3ac.yaml b/nuclei-templates/2016/CVE-2016-10870-a6e38c48f14b76ed761e5c6ec8e4f3ac.yaml
index 01ad49f82d..3c7b9144ce 100644
--- a/nuclei-templates/2016/CVE-2016-10870-a6e38c48f14b76ed761e5c6ec8e4f3ac.yaml
+++ b/nuclei-templates/2016/CVE-2016-10870-a6e38c48f14b76ed761e5c6ec8e4f3ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Language Translator <= 5.0.05 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The google-language-translator plugin before 5.0.06 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-language-translator/"
     google-query: inurl:"/wp-content/plugins/google-language-translator/"
     shodan-query: 'vuln:CVE-2016-10870'
-  tags: cve,wordpress,wp-plugin,google-language-translator,medium
+  tags: cve,wordpress,wp-plugin,google-language-translator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10871-b628a5c29017f302cc9e3a317e522425.yaml b/nuclei-templates/2016/CVE-2016-10871-b628a5c29017f302cc9e3a317e522425.yaml
index d77f745a7a..60e8574260 100644
--- a/nuclei-templates/2016/CVE-2016-10871-b628a5c29017f302cc9e3a317e522425.yaml
+++ b/nuclei-templates/2016/CVE-2016-10871-b628a5c29017f302cc9e3a317e522425.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailChimp for WordPress <= 4.0.10 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-for-wp/"
     google-query: inurl:"/wp-content/plugins/mailchimp-for-wp/"
     shodan-query: 'vuln:CVE-2016-10871'
-  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10872-9c147c1fb503983534bc4ea0ae8ec8cf.yaml b/nuclei-templates/2016/CVE-2016-10872-9c147c1fb503983534bc4ea0ae8ec8cf.yaml
index 87d737168e..ffc2c34e70 100644
--- a/nuclei-templates/2016/CVE-2016-10872-9c147c1fb503983534bc4ea0ae8ec8cf.yaml
+++ b/nuclei-templates/2016/CVE-2016-10872-9c147c1fb503983534bc4ea0ae8ec8cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 1.3.39 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2016-10872'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10873-ad22dd4e7945e819f768594bfd7f51a8.yaml b/nuclei-templates/2016/CVE-2016-10873-ad22dd4e7945e819f768594bfd7f51a8.yaml
index fecfd94ba7..32b0497434 100644
--- a/nuclei-templates/2016/CVE-2016-10873-ad22dd4e7945e819f768594bfd7f51a8.yaml
+++ b/nuclei-templates/2016/CVE-2016-10873-ad22dd4e7945e819f768594bfd7f51a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Database Backup <= 4.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-database-backup plugin before 4.3.3 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-backup/"
     google-query: inurl:"/wp-content/plugins/wp-database-backup/"
     shodan-query: 'vuln:CVE-2016-10873'
-  tags: cve,wordpress,wp-plugin,wp-database-backup,medium
+  tags: cve,wordpress,wp-plugin,wp-database-backup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10874-230f648691b91c6194be1f415c1bb8f9.yaml b/nuclei-templates/2016/CVE-2016-10874-230f648691b91c6194be1f415c1bb8f9.yaml
index 17c938e7f1..eb6e56e54f 100644
--- a/nuclei-templates/2016/CVE-2016-10874-230f648691b91c6194be1f415c1bb8f9.yaml
+++ b/nuclei-templates/2016/CVE-2016-10874-230f648691b91c6194be1f415c1bb8f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Database Backup <= 4.3.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-backup/"
     google-query: inurl:"/wp-content/plugins/wp-database-backup/"
     shodan-query: 'vuln:CVE-2016-10874'
-  tags: cve,wordpress,wp-plugin,wp-database-backup,high
+  tags: cve,wordpress,wp-plugin,wp-database-backup,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10875-434ae7a95fc78d705c7843354abb6396.yaml b/nuclei-templates/2016/CVE-2016-10875-434ae7a95fc78d705c7843354abb6396.yaml
index 486573697d..f333d8029c 100644
--- a/nuclei-templates/2016/CVE-2016-10875-434ae7a95fc78d705c7843354abb6396.yaml
+++ b/nuclei-templates/2016/CVE-2016-10875-434ae7a95fc78d705c7843354abb6396.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Database Backup <= 4.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-database-backup plugin before 4.3.1 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-backup/"
     google-query: inurl:"/wp-content/plugins/wp-database-backup/"
     shodan-query: 'vuln:CVE-2016-10875'
-  tags: cve,wordpress,wp-plugin,wp-database-backup,medium
+  tags: cve,wordpress,wp-plugin,wp-database-backup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10876-01a81435c686a1247dfccda6d4fceb1e.yaml b/nuclei-templates/2016/CVE-2016-10876-01a81435c686a1247dfccda6d4fceb1e.yaml
index 65f1451ae9..2fb9504e5a 100644
--- a/nuclei-templates/2016/CVE-2016-10876-01a81435c686a1247dfccda6d4fceb1e.yaml
+++ b/nuclei-templates/2016/CVE-2016-10876-01a81435c686a1247dfccda6d4fceb1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Database Backup <= 4.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-backup/"
     google-query: inurl:"/wp-content/plugins/wp-database-backup/"
     shodan-query: 'vuln:CVE-2016-10876'
-  tags: cve,wordpress,wp-plugin,wp-database-backup,high
+  tags: cve,wordpress,wp-plugin,wp-database-backup,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10877-b9526b8daaa2ae88bfa635ff810051bf.yaml b/nuclei-templates/2016/CVE-2016-10877-b9526b8daaa2ae88bfa635ff810051bf.yaml
index ca0f9632f4..6a19eeffe9 100644
--- a/nuclei-templates/2016/CVE-2016-10877-b9526b8daaa2ae88bfa635ff810051bf.yaml
+++ b/nuclei-templates/2016/CVE-2016-10877-b9526b8daaa2ae88bfa635ff810051bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Editor <= 1.2.6.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-editor/"
     google-query: inurl:"/wp-content/plugins/wp-editor/"
     shodan-query: 'vuln:CVE-2016-10877'
-  tags: cve,wordpress,wp-plugin,wp-editor,medium
+  tags: cve,wordpress,wp-plugin,wp-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10878-7382281cd5a556c25b2c10e2b81ec2b8.yaml b/nuclei-templates/2016/CVE-2016-10878-7382281cd5a556c25b2c10e2b81ec2b8.yaml
index 8f4a01eacc..733cdd3a9a 100644
--- a/nuclei-templates/2016/CVE-2016-10878-7382281cd5a556c25b2c10e2b81ec2b8.yaml
+++ b/nuclei-templates/2016/CVE-2016-10878-7382281cd5a556c25b2c10e2b81ec2b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Map Plugin <= 3.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-map-plugin/"
     google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/"
     shodan-query: 'vuln:CVE-2016-10878'
-  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium
+  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10879-ac9a4353796cc2c432e6ec8cb3e235d2.yaml b/nuclei-templates/2016/CVE-2016-10879-ac9a4353796cc2c432e6ec8cb3e235d2.yaml
index 8a5bdcf960..01681523b1 100644
--- a/nuclei-templates/2016/CVE-2016-10879-ac9a4353796cc2c432e6ec8cb3e235d2.yaml
+++ b/nuclei-templates/2016/CVE-2016-10879-ac9a4353796cc2c432e6ec8cb3e235d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3CX Free Live Chat <= 6.2.03 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Live Chat Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in versions up to, and including, 6.2.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:CVE-2016-10879'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10880-96e3c232ce32c0e385509a8011930dfa.yaml b/nuclei-templates/2016/CVE-2016-10880-96e3c232ce32c0e385509a8011930dfa.yaml
index cc1306528b..e0a87e0790 100644
--- a/nuclei-templates/2016/CVE-2016-10880-96e3c232ce32c0e385509a8011930dfa.yaml
+++ b/nuclei-templates/2016/CVE-2016-10880-96e3c232ce32c0e385509a8011930dfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Doc Embedder <= 2.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The google-document-embedder plugin before 2.6.1 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-document-embedder/"
     google-query: inurl:"/wp-content/plugins/google-document-embedder/"
     shodan-query: 'vuln:CVE-2016-10880'
-  tags: cve,wordpress,wp-plugin,google-document-embedder,medium
+  tags: cve,wordpress,wp-plugin,google-document-embedder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10881-06e9ac1fc5b59d1b8d6fb6e9af4f3f0c.yaml b/nuclei-templates/2016/CVE-2016-10881-06e9ac1fc5b59d1b8d6fb6e9af4f3f0c.yaml
index a7c4315ca4..473132c6ad 100644
--- a/nuclei-templates/2016/CVE-2016-10881-06e9ac1fc5b59d1b8d6fb6e9af4f3f0c.yaml
+++ b/nuclei-templates/2016/CVE-2016-10881-06e9ac1fc5b59d1b8d6fb6e9af4f3f0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Doc Embedder <= 2.6.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The google-document-embedder plugin before 2.6.2 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-document-embedder/"
     google-query: inurl:"/wp-content/plugins/google-document-embedder/"
     shodan-query: 'vuln:CVE-2016-10881'
-  tags: cve,wordpress,wp-plugin,google-document-embedder,medium
+  tags: cve,wordpress,wp-plugin,google-document-embedder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10882-4201a049c4e3da0f1f472f8fab792578.yaml b/nuclei-templates/2016/CVE-2016-10882-4201a049c4e3da0f1f472f8fab792578.yaml
index bc63d1fff8..4d2d92d34e 100644
--- a/nuclei-templates/2016/CVE-2016-10882-4201a049c4e3da0f1f472f8fab792578.yaml
+++ b/nuclei-templates/2016/CVE-2016-10882-4201a049c4e3da0f1f472f8fab792578.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Doc Embedder <= 2.6.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Google Doc Embedder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.1. This makes it possible for unauthenticated attackers to conduct attacks such as cross-site scripting via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-document-embedder/"
     google-query: inurl:"/wp-content/plugins/google-document-embedder/"
     shodan-query: 'vuln:CVE-2016-10882'
-  tags: cve,wordpress,wp-plugin,google-document-embedder,high
+  tags: cve,wordpress,wp-plugin,google-document-embedder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10883-268fe7ccb3ae756c66592ca513b99e93.yaml b/nuclei-templates/2016/CVE-2016-10883-268fe7ccb3ae756c66592ca513b99e93.yaml
index 3193a09ed2..8b58e28f8e 100644
--- a/nuclei-templates/2016/CVE-2016-10883-268fe7ccb3ae756c66592ca513b99e93.yaml
+++ b/nuclei-templates/2016/CVE-2016-10883-268fe7ccb3ae756c66592ca513b99e93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple add pages or posts < 1.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-add-pages-or-posts/"
     google-query: inurl:"/wp-content/plugins/simple-add-pages-or-posts/"
     shodan-query: 'vuln:CVE-2016-10883'
-  tags: cve,wordpress,wp-plugin,simple-add-pages-or-posts,high
+  tags: cve,wordpress,wp-plugin,simple-add-pages-or-posts,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10884-492d26185e3f340adae3b16a9841dc89.yaml b/nuclei-templates/2016/CVE-2016-10884-492d26185e3f340adae3b16a9841dc89.yaml
index 41f56b57db..600268ea56 100644
--- a/nuclei-templates/2016/CVE-2016-10884-492d26185e3f340adae3b16a9841dc89.yaml
+++ b/nuclei-templates/2016/CVE-2016-10884-492d26185e3f340adae3b16a9841dc89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership <= 3.3.2 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple Membership plugin for WordPress is vulnerable to multiple Cross-Site Request Forgery attacks in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to gain administrative access and perform otherwise restricted actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership/"
     google-query: inurl:"/wp-content/plugins/simple-membership/"
     shodan-query: 'vuln:CVE-2016-10884'
-  tags: cve,wordpress,wp-plugin,simple-membership,high
+  tags: cve,wordpress,wp-plugin,simple-membership,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10885-eb8ded5298215dd0e82d0abb7c7916df.yaml b/nuclei-templates/2016/CVE-2016-10885-eb8ded5298215dd0e82d0abb7c7916df.yaml
index 99007972ba..f803ba023e 100644
--- a/nuclei-templates/2016/CVE-2016-10885-eb8ded5298215dd0e82d0abb7c7916df.yaml
+++ b/nuclei-templates/2016/CVE-2016-10885-eb8ded5298215dd0e82d0abb7c7916df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Editor < 1.2.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.2.6. This is due to missing or incorrect nonce validation on the save_settings() function, in addition to a few other functions. This makes it possible for unauthenticated attackers to modify the plugin's settings and upload files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-editor/"
     google-query: inurl:"/wp-content/plugins/wp-editor/"
     shodan-query: 'vuln:CVE-2016-10885'
-  tags: cve,wordpress,wp-plugin,wp-editor,high
+  tags: cve,wordpress,wp-plugin,wp-editor,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10889-91308ce2ef066c70ca278e2e191864f4.yaml b/nuclei-templates/2016/CVE-2016-10889-91308ce2ef066c70ca278e2e191864f4.yaml
index 8d0bee3c1f..29e708608c 100644
--- a/nuclei-templates/2016/CVE-2016-10889-91308ce2ef066c70ca278e2e191864f4.yaml
+++ b/nuclei-templates/2016/CVE-2016-10889-91308ce2ef066c70ca278e2e191864f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion & SQL injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2016-10889'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,critical
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10891-be27c4b6992c035b340ec769cdb51351.yaml b/nuclei-templates/2016/CVE-2016-10891-be27c4b6992c035b340ec769cdb51351.yaml
index 27b77ce233..e5b4355b7c 100644
--- a/nuclei-templates/2016/CVE-2016-10891-be27c4b6992c035b340ec769cdb51351.yaml
+++ b/nuclei-templates/2016/CVE-2016-10891-be27c4b6992c035b340ec769cdb51351.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Activity Log < 2.3.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The aryo-activity-log plugin before 2.3.3 for WordPress has XSS in the search_data parameter in the aryo-activity-log/classes/class-aal-activity-log-list-table.php file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aryo-activity-log/"
     google-query: inurl:"/wp-content/plugins/aryo-activity-log/"
     shodan-query: 'vuln:CVE-2016-10891'
-  tags: cve,wordpress,wp-plugin,aryo-activity-log,medium
+  tags: cve,wordpress,wp-plugin,aryo-activity-log,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10892-b648d871623ad477887d3a2ad417ce75.yaml b/nuclei-templates/2016/CVE-2016-10892-b648d871623ad477887d3a2ad417ce75.yaml
index 13e2675663..3f839718e7 100644
--- a/nuclei-templates/2016/CVE-2016-10892-b648d871623ad477887d3a2ad417ce75.yaml
+++ b/nuclei-templates/2016/CVE-2016-10892-b648d871623ad477887d3a2ad417ce75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chained Quiz Plugin < 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 0.9.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chained-quiz/"
     google-query: inurl:"/wp-content/plugins/chained-quiz/"
     shodan-query: 'vuln:CVE-2016-10892'
-  tags: cve,wordpress,wp-plugin,chained-quiz,medium
+  tags: cve,wordpress,wp-plugin,chained-quiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10893-a24d4eae978465f1c7539ec2afb5d89a.yaml b/nuclei-templates/2016/CVE-2016-10893-a24d4eae978465f1c7539ec2afb5d89a.yaml
index 594c1b68e5..9bdddb5073 100644
--- a/nuclei-templates/2016/CVE-2016-10893-a24d4eae978465f1c7539ec2afb5d89a.yaml
+++ b/nuclei-templates/2016/CVE-2016-10893-a24d4eae978465f1c7539ec2afb5d89a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crayon Syntax Highlighter < 2.8.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crayon-syntax-highlighter/"
     google-query: inurl:"/wp-content/plugins/crayon-syntax-highlighter/"
     shodan-query: 'vuln:CVE-2016-10893'
-  tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,medium
+  tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10895-75c93ad74d45c10e07e436b9060dff63.yaml b/nuclei-templates/2016/CVE-2016-10895-75c93ad74d45c10e07e436b9060dff63.yaml
index 07e9ff1d0b..1d37519b0b 100644
--- a/nuclei-templates/2016/CVE-2016-10895-75c93ad74d45c10e07e436b9060dff63.yaml
+++ b/nuclei-templates/2016/CVE-2016-10895-75c93ad74d45c10e07e436b9060dff63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Option Tree <= 2.5.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/option-tree/"
     google-query: inurl:"/wp-content/plugins/option-tree/"
     shodan-query: 'vuln:CVE-2016-10895'
-  tags: cve,wordpress,wp-plugin,option-tree,medium
+  tags: cve,wordpress,wp-plugin,option-tree,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10896-da0195abc3fd621c83febd2fb7f0bcc9.yaml b/nuclei-templates/2016/CVE-2016-10896-da0195abc3fd621c83febd2fb7f0bcc9.yaml
index 49fd105678..e67a084c78 100644
--- a/nuclei-templates/2016/CVE-2016-10896-da0195abc3fd621c83febd2fb7f0bcc9.yaml
+++ b/nuclei-templates/2016/CVE-2016-10896-da0195abc3fd621c83febd2fb7f0bcc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Redirection <= 4.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SEO Redirection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-redirection/"
     google-query: inurl:"/wp-content/plugins/seo-redirection/"
     shodan-query: 'vuln:CVE-2016-10896'
-  tags: cve,wordpress,wp-plugin,seo-redirection,medium
+  tags: cve,wordpress,wp-plugin,seo-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10897-9660e0224b9760d1af88fd4611d7d759.yaml b/nuclei-templates/2016/CVE-2016-10897-9660e0224b9760d1af88fd4611d7d759.yaml
index 1c582f8275..56a11a9008 100644
--- a/nuclei-templates/2016/CVE-2016-10897-9660e0224b9760d1af88fd4611d7d759.yaml
+++ b/nuclei-templates/2016/CVE-2016-10897-9660e0224b9760d1af88fd4611d7d759.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sermon Browser <= 0.45.15 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sermon Browser plugin for WordPress is vulnerable to multiple Cross-Site Scripting in versions up to, and including, 0.45.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sermon-browser/"
     google-query: inurl:"/wp-content/plugins/sermon-browser/"
     shodan-query: 'vuln:CVE-2016-10897'
-  tags: cve,wordpress,wp-plugin,sermon-browser,medium
+  tags: cve,wordpress,wp-plugin,sermon-browser,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10898-d59208c9d25614855049428d0906a55a.yaml b/nuclei-templates/2016/CVE-2016-10898-d59208c9d25614855049428d0906a55a.yaml
index edf397e8c8..99604e1474 100644
--- a/nuclei-templates/2016/CVE-2016-10898-d59208c9d25614855049428d0906a55a.yaml
+++ b/nuclei-templates/2016/CVE-2016-10898-d59208c9d25614855049428d0906a55a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Total Security <= 3.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The total-security plugin before 3.4.1 for WordPress has XSS via several parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/total-security/"
     google-query: inurl:"/wp-content/plugins/total-security/"
     shodan-query: 'vuln:CVE-2016-10898'
-  tags: cve,wordpress,wp-plugin,total-security,medium
+  tags: cve,wordpress,wp-plugin,total-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10900-72e728e9748e016a77172519c9f57dce.yaml b/nuclei-templates/2016/CVE-2016-10900-72e728e9748e016a77172519c9f57dce.yaml
index 8b46363680..caeb11d12a 100644
--- a/nuclei-templates/2016/CVE-2016-10900-72e728e9748e016a77172519c9f57dce.yaml
+++ b/nuclei-templates/2016/CVE-2016-10900-72e728e9748e016a77172519c9f57dce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uji Countdown <= 2.0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Uji Countdown plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uji-countdown/"
     google-query: inurl:"/wp-content/plugins/uji-countdown/"
     shodan-query: 'vuln:CVE-2016-10900'
-  tags: cve,wordpress,wp-plugin,uji-countdown,medium
+  tags: cve,wordpress,wp-plugin,uji-countdown,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10901-e97ef8cef65f1238fc33971be91c7b6a.yaml b/nuclei-templates/2016/CVE-2016-10901-e97ef8cef65f1238fc33971be91c7b6a.yaml
index 553306498f..b92acf8d74 100644
--- a/nuclei-templates/2016/CVE-2016-10901-e97ef8cef65f1238fc33971be91c7b6a.yaml
+++ b/nuclei-templates/2016/CVE-2016-10901-e97ef8cef65f1238fc33971be91c7b6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Reviews < 3.0.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Customer Reviews Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3_debug_code' parameter in versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-customer-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-customer-reviews/"
     shodan-query: 'vuln:CVE-2016-10901'
-  tags: cve,wordpress,wp-plugin,wp-customer-reviews,medium
+  tags: cve,wordpress,wp-plugin,wp-customer-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10902-daafab6254624f5514eee093537d860d.yaml b/nuclei-templates/2016/CVE-2016-10902-daafab6254624f5514eee093537d860d.yaml
index 2ff6166022..72a9ef084d 100644
--- a/nuclei-templates/2016/CVE-2016-10902-daafab6254624f5514eee093537d860d.yaml
+++ b/nuclei-templates/2016/CVE-2016-10902-daafab6254624f5514eee093537d860d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Customer Reviews <= 3.0.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Customer Reviews Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing nonce validation on the  'update_options' function. This makes it possible for unauthenticated attackers modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-customer-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-customer-reviews/"
     shodan-query: 'vuln:CVE-2016-10902'
-  tags: cve,wordpress,wp-plugin,wp-customer-reviews,high
+  tags: cve,wordpress,wp-plugin,wp-customer-reviews,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10903-f63791a8b82a8db6f6f51f822aa27ea8.yaml b/nuclei-templates/2016/CVE-2016-10903-f63791a8b82a8db6f6f51f822aa27ea8.yaml
index 957ce558da..9c5addd6b5 100644
--- a/nuclei-templates/2016/CVE-2016-10903-f63791a8b82a8db6f6f51f822aa27ea8.yaml
+++ b/nuclei-templates/2016/CVE-2016-10903-f63791a8b82a8db6f6f51f822aa27ea8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GoDaddy Email Marketing < 1.1.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The GoDaddy Email Marketing plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.1.4. This is due to missing or incorrect nonce validation in the page_load function. This makes it possible for unauthenticated attackers to caused all the data associate with the plugin to be deleted via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/godaddy-email-marketing-sign-up-forms/"
     google-query: inurl:"/wp-content/plugins/godaddy-email-marketing-sign-up-forms/"
     shodan-query: 'vuln:CVE-2016-10903'
-  tags: cve,wordpress,wp-plugin,godaddy-email-marketing-sign-up-forms,high
+  tags: cve,wordpress,wp-plugin,godaddy-email-marketing-sign-up-forms,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10911-da987af29928bc75b0d20d1e2162e5dd.yaml b/nuclei-templates/2016/CVE-2016-10911-da987af29928bc75b0d20d1e2162e5dd.yaml
index e5bd71b4e5..39d4a9ce41 100644
--- a/nuclei-templates/2016/CVE-2016-10911-da987af29928bc75b0d20d1e2162e5dd.yaml
+++ b/nuclei-templates/2016/CVE-2016-10911-da987af29928bc75b0d20d1e2162e5dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder – User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder/"
     google-query: inurl:"/wp-content/plugins/profile-builder/"
     shodan-query: 'vuln:CVE-2016-10911'
-  tags: cve,wordpress,wp-plugin,profile-builder,medium
+  tags: cve,wordpress,wp-plugin,profile-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10912-ac061f34e871527fabbabb8afc45c209.yaml b/nuclei-templates/2016/CVE-2016-10912-ac061f34e871527fabbabb8afc45c209.yaml
index 58d445ee88..0cf8a13c50 100644
--- a/nuclei-templates/2016/CVE-2016-10912-ac061f34e871527fabbabb8afc45c209.yaml
+++ b/nuclei-templates/2016/CVE-2016-10912-ac061f34e871527fabbabb8afc45c209.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Universal Analytics <= 1.3.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Universal Analytics plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/universal-analytics/"
     google-query: inurl:"/wp-content/plugins/universal-analytics/"
     shodan-query: 'vuln:CVE-2016-10912'
-  tags: cve,wordpress,wp-plugin,universal-analytics,medium
+  tags: cve,wordpress,wp-plugin,universal-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10914-373c3d1e9d0bf3f43f2574269f041f82.yaml b/nuclei-templates/2016/CVE-2016-10914-373c3d1e9d0bf3f43f2574269f041f82.yaml
index 7343ff323c..5710748aaa 100644
--- a/nuclei-templates/2016/CVE-2016-10914-373c3d1e9d0bf3f43f2574269f041f82.yaml
+++ b/nuclei-templates/2016/CVE-2016-10914-373c3d1e9d0bf3f43f2574269f041f82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add From Server <= 3.3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-from-server/"
     google-query: inurl:"/wp-content/plugins/add-from-server/"
     shodan-query: 'vuln:CVE-2016-10914'
-  tags: cve,wordpress,wp-plugin,add-from-server,high
+  tags: cve,wordpress,wp-plugin,add-from-server,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10915-0ff521bb2f967b893b649e52f933e62e.yaml b/nuclei-templates/2016/CVE-2016-10915-0ff521bb2f967b893b649e52f933e62e.yaml
index 5cb8e1da04..25318f66f0 100644
--- a/nuclei-templates/2016/CVE-2016-10915-0ff521bb2f967b893b649e52f933e62e.yaml
+++ b/nuclei-templates/2016/CVE-2016-10915-0ff521bb2f967b893b649e52f933e62e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup by Supsystic < 1.7.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/popup-by-supsystic/"
     shodan-query: 'vuln:CVE-2016-10915'
-  tags: cve,wordpress,wp-plugin,popup-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,popup-by-supsystic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10918-2f3164fe48781902f2ffb82e4c682a7b.yaml b/nuclei-templates/2016/CVE-2016-10918-2f3164fe48781902f2ffb82e4c682a7b.yaml
index a9ea42caa7..819a36aa28 100644
--- a/nuclei-templates/2016/CVE-2016-10918-2f3164fe48781902f2ffb82e4c682a7b.yaml
+++ b/nuclei-templates/2016/CVE-2016-10918-2f3164fe48781902f2ffb82e4c682a7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by Supsystic <= 1.8.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.5. This is due to missing or incorrect nonce validation on the 'updateAttachment' action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/gallery-by-supsystic/"
     shodan-query: 'vuln:CVE-2016-10918'
-  tags: cve,wordpress,wp-plugin,gallery-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,gallery-by-supsystic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10919-c1bbee5af74211de37a39642515f7de2.yaml b/nuclei-templates/2016/CVE-2016-10919-c1bbee5af74211de37a39642515f7de2.yaml
index b4421bf789..da7b8fa654 100644
--- a/nuclei-templates/2016/CVE-2016-10919-c1bbee5af74211de37a39642515f7de2.yaml
+++ b/nuclei-templates/2016/CVE-2016-10919-c1bbee5af74211de37a39642515f7de2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WassUp Real Time Analytics < 1.9.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wassup/"
     google-query: inurl:"/wp-content/plugins/wassup/"
     shodan-query: 'vuln:CVE-2016-10919'
-  tags: cve,wordpress,wp-plugin,wassup,medium
+  tags: cve,wordpress,wp-plugin,wassup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10920-24f4d698ab0a491686fe5ba91eade3a1.yaml b/nuclei-templates/2016/CVE-2016-10920-24f4d698ab0a491686fe5ba91eade3a1.yaml
index ec429eef66..a14c574552 100644
--- a/nuclei-templates/2016/CVE-2016-10920-24f4d698ab0a491686fe5ba91eade3a1.yaml
+++ b/nuclei-templates/2016/CVE-2016-10920-24f4d698ab0a491686fe5ba91eade3a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GNUCommerce < 0.5.7-BETA - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gnucommerce/"
     google-query: inurl:"/wp-content/plugins/gnucommerce/"
     shodan-query: 'vuln:CVE-2016-10920'
-  tags: cve,wordpress,wp-plugin,gnucommerce,medium
+  tags: cve,wordpress,wp-plugin,gnucommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10925-12236d5bb8f3c06e72ec152e136c1986.yaml b/nuclei-templates/2016/CVE-2016-10925-12236d5bb8f3c06e72ec152e136c1986.yaml
index 089812b87d..6348e506c4 100644
--- a/nuclei-templates/2016/CVE-2016-10925-12236d5bb8f3c06e72ec152e136c1986.yaml
+++ b/nuclei-templates/2016/CVE-2016-10925-12236d5bb8f3c06e72ec152e136c1986.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LoginWP < 2.9.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/peters-login-redirect/"
     google-query: inurl:"/wp-content/plugins/peters-login-redirect/"
     shodan-query: 'vuln:CVE-2016-10925'
-  tags: cve,wordpress,wp-plugin,peters-login-redirect,medium
+  tags: cve,wordpress,wp-plugin,peters-login-redirect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10928-1108320cabd88205cc0f43eb95edee22.yaml b/nuclei-templates/2016/CVE-2016-10928-1108320cabd88205cc0f43eb95edee22.yaml
index 5df44f9d7f..f41239a8ca 100644
--- a/nuclei-templates/2016/CVE-2016-10928-1108320cabd88205cc0f43eb95edee22.yaml
+++ b/nuclei-templates/2016/CVE-2016-10928-1108320cabd88205cc0f43eb95edee22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OneLogin SAML SSO < 2.2.0 - Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/onelogin-saml-sso/"
     google-query: inurl:"/wp-content/plugins/onelogin-saml-sso/"
     shodan-query: 'vuln:CVE-2016-10928'
-  tags: cve,wordpress,wp-plugin,onelogin-saml-sso,high
+  tags: cve,wordpress,wp-plugin,onelogin-saml-sso,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10929-e6b2b9642eaa28f30036533185d6907f.yaml b/nuclei-templates/2016/CVE-2016-10929-e6b2b9642eaa28f30036533185d6907f.yaml
index 76b8497b0c..d18e395497 100644
--- a/nuclei-templates/2016/CVE-2016-10929-e6b2b9642eaa28f30036533185d6907f.yaml
+++ b/nuclei-templates/2016/CVE-2016-10929-e6b2b9642eaa28f30036533185d6907f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced AJAX Page Loader < 2.7.7 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Advanced AJAX Page Loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-ajax-page-loader/"
     google-query: inurl:"/wp-content/plugins/advanced-ajax-page-loader/"
     shodan-query: 'vuln:CVE-2016-10929'
-  tags: cve,wordpress,wp-plugin,advanced-ajax-page-loader,high
+  tags: cve,wordpress,wp-plugin,advanced-ajax-page-loader,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10935-675cb8bcb438f10a9bd4c15d9cbed954.yaml b/nuclei-templates/2016/CVE-2016-10935-675cb8bcb438f10a9bd4c15d9cbed954.yaml
index 6a4601b836..3ab2a1beb0 100644
--- a/nuclei-templates/2016/CVE-2016-10935-675cb8bcb438f10a9bd4c15d9cbed954.yaml
+++ b/nuclei-templates/2016/CVE-2016-10935-675cb8bcb438f10a9bd4c15d9cbed954.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce – Store Exporter <= 1.8.3 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The WooCommerce – Store Exporter plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the woo_ce_admin_init function hooked via 'init' in versions up to, and including 1.8.3. This makes it possible for unauthenticated attackers to perform actions like exporting data that may contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-exporter/"
     google-query: inurl:"/wp-content/plugins/woocommerce-exporter/"
     shodan-query: 'vuln:CVE-2016-10935'
-  tags: cve,wordpress,wp-plugin,woocommerce-exporter,critical
+  tags: cve,wordpress,wp-plugin,woocommerce-exporter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10936-72b547593d28ba78083c2d30dcb45b59.yaml b/nuclei-templates/2016/CVE-2016-10936-72b547593d28ba78083c2d30dcb45b59.yaml
index f458dba875..441a50a084 100644
--- a/nuclei-templates/2016/CVE-2016-10936-72b547593d28ba78083c2d30dcb45b59.yaml
+++ b/nuclei-templates/2016/CVE-2016-10936-72b547593d28ba78083c2d30dcb45b59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Polls <= 2.73 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-polls/"
     google-query: inurl:"/wp-content/plugins/wp-polls/"
     shodan-query: 'vuln:CVE-2016-10936'
-  tags: cve,wordpress,wp-plugin,wp-polls,medium
+  tags: cve,wordpress,wp-plugin,wp-polls,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10939-2adf451d71caa92a7f7c155d4ef7aae4.yaml b/nuclei-templates/2016/CVE-2016-10939-2adf451d71caa92a7f7c155d4ef7aae4.yaml
index 834b2d9164..553bad9c46 100644
--- a/nuclei-templates/2016/CVE-2016-10939-2adf451d71caa92a7f7c155d4ef7aae4.yaml
+++ b/nuclei-templates/2016/CVE-2016-10939-2adf451d71caa92a7f7c155d4ef7aae4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Xtreme Locator Dealer Locator Plugin <= 3.0.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The xtremelocator plugin 3.0.1 for WordPress has SQL injection via the id parameter for high-privilege (admin+) users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xtremelocator/"
     google-query: inurl:"/wp-content/plugins/xtremelocator/"
     shodan-query: 'vuln:CVE-2016-10939'
-  tags: cve,wordpress,wp-plugin,xtremelocator,high
+  tags: cve,wordpress,wp-plugin,xtremelocator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10940-d6a4a05c68d8a3214ff9eb4a728a2600.yaml b/nuclei-templates/2016/CVE-2016-10940-d6a4a05c68d8a3214ff9eb4a728a2600.yaml
index 243cccbd68..05e6cf60a2 100644
--- a/nuclei-templates/2016/CVE-2016-10940-d6a4a05c68d8a3214ff9eb4a728a2600.yaml
+++ b/nuclei-templates/2016/CVE-2016-10940-d6a4a05c68d8a3214ff9eb4a728a2600.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ZM Gallery <= 1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zm-gallery/"
     google-query: inurl:"/wp-content/plugins/zm-gallery/"
     shodan-query: 'vuln:CVE-2016-10940'
-  tags: cve,wordpress,wp-plugin,zm-gallery,high
+  tags: cve,wordpress,wp-plugin,zm-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10941-e253bc9eb60b3ba0170a2740ba27c2f4.yaml b/nuclei-templates/2016/CVE-2016-10941-e253bc9eb60b3ba0170a2740ba27c2f4.yaml
index ad74cb601e..143c937a28 100644
--- a/nuclei-templates/2016/CVE-2016-10941-e253bc9eb60b3ba0170a2740ba27c2f4.yaml
+++ b/nuclei-templates/2016/CVE-2016-10941-e253bc9eb60b3ba0170a2740ba27c2f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Podcast Publisher < 2.3.16 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2016-10941'
-  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,high
+  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10942-f9c4a4753797c567682067fdd891aa71.yaml b/nuclei-templates/2016/CVE-2016-10942-f9c4a4753797c567682067fdd891aa71.yaml
index 18811246ed..0c504e5364 100644
--- a/nuclei-templates/2016/CVE-2016-10942-f9c4a4753797c567682067fdd891aa71.yaml
+++ b/nuclei-templates/2016/CVE-2016-10942-f9c4a4753797c567682067fdd891aa71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Podcast Publisher < 2.3.16 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2016-10942'
-  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,high
+  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10943-11b8e915a665a007145e1d71a284462b.yaml b/nuclei-templates/2016/CVE-2016-10943-11b8e915a665a007145e1d71a284462b.yaml
index a7ac83365d..d8b03e7e8f 100644
--- a/nuclei-templates/2016/CVE-2016-10943-11b8e915a665a007145e1d71a284462b.yaml
+++ b/nuclei-templates/2016/CVE-2016-10943-11b8e915a665a007145e1d71a284462b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ZX_CSV Upload <= 1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zx-csv-upload/"
     google-query: inurl:"/wp-content/plugins/zx-csv-upload/"
     shodan-query: 'vuln:CVE-2016-10943'
-  tags: cve,wordpress,wp-plugin,zx-csv-upload,high
+  tags: cve,wordpress,wp-plugin,zx-csv-upload,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10944-6df6e844abfccff24d48183d808487ab.yaml b/nuclei-templates/2016/CVE-2016-10944-6df6e844abfccff24d48183d808487ab.yaml
index 793bd2192e..21cdc3cbb3 100644
--- a/nuclei-templates/2016/CVE-2016-10944-6df6e844abfccff24d48183d808487ab.yaml
+++ b/nuclei-templates/2016/CVE-2016-10944-6df6e844abfccff24d48183d808487ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multisite Post Duplicator <= 1.7.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The multisite-post-duplicator plugin for WordPress has wp-admin/tools.php?page=mpd CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multisite-post-duplicator/"
     google-query: inurl:"/wp-content/plugins/multisite-post-duplicator/"
     shodan-query: 'vuln:CVE-2016-10944'
-  tags: cve,wordpress,wp-plugin,multisite-post-duplicator,high
+  tags: cve,wordpress,wp-plugin,multisite-post-duplicator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10945-39d9e91ebde9c4d0e5ed1e82b99b21f1.yaml b/nuclei-templates/2016/CVE-2016-10945-39d9e91ebde9c4d0e5ed1e82b99b21f1.yaml
index 8782a62589..cf8eee69fd 100644
--- a/nuclei-templates/2016/CVE-2016-10945-39d9e91ebde9c4d0e5ed1e82b99b21f1.yaml
+++ b/nuclei-templates/2016/CVE-2016-10945-39d9e91ebde9c4d0e5ed1e82b99b21f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Platform 4 <= 1.1.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Platform 4 theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation in the 'includes/library.options.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/platform/"
     google-query: inurl:"/wp-content/themes/platform/"
     shodan-query: 'vuln:CVE-2016-10945'
-  tags: cve,wordpress,wp-theme,platform,high
+  tags: cve,wordpress,wp-theme,platform,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10946-5b558ed2503b6bdcb6a02e6d5ffb6d95.yaml b/nuclei-templates/2016/CVE-2016-10946-5b558ed2503b6bdcb6a02e6d5ffb6d95.yaml
index 7d8c80b6fb..671522c493 100644
--- a/nuclei-templates/2016/CVE-2016-10946-5b558ed2503b6bdcb6a02e6d5ffb6d95.yaml
+++ b/nuclei-templates/2016/CVE-2016-10946-5b558ed2503b6bdcb6a02e6d5ffb6d95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp-D3 < 2.4.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wp-d3 plugin before 2.4.1 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-d3/"
     google-query: inurl:"/wp-content/plugins/wp-d3/"
     shodan-query: 'vuln:CVE-2016-10946'
-  tags: cve,wordpress,wp-plugin,wp-d3,high
+  tags: cve,wordpress,wp-plugin,wp-d3,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10947-e8e5df43b04b7f37f9a558b78548b1cb.yaml b/nuclei-templates/2016/CVE-2016-10947-e8e5df43b04b7f37f9a558b78548b1cb.yaml
index ec9c9edbf4..89a1d052db 100644
--- a/nuclei-templates/2016/CVE-2016-10947-e8e5df43b04b7f37f9a558b78548b1cb.yaml
+++ b/nuclei-templates/2016/CVE-2016-10947-e8e5df43b04b7f37f9a558b78548b1cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Indexer <= 3.0.6.1 - Authenticated (Super Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-indexer/"
     google-query: inurl:"/wp-content/plugins/post-indexer/"
     shodan-query: 'vuln:CVE-2016-10947'
-  tags: cve,wordpress,wp-plugin,post-indexer,high
+  tags: cve,wordpress,wp-plugin,post-indexer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10949-3770a5a68072ae899f0f18af895e3c7e.yaml b/nuclei-templates/2016/CVE-2016-10949-3770a5a68072ae899f0f18af895e3c7e.yaml
index ba4aafd735..abc528fc43 100644
--- a/nuclei-templates/2016/CVE-2016-10949-3770a5a68072ae899f0f18af895e3c7e.yaml
+++ b/nuclei-templates/2016/CVE-2016-10949-3770a5a68072ae899f0f18af895e3c7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevanssi Premium < 1.14.6.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/relevanssi-premium/"
     google-query: inurl:"/wp-content/plugins/relevanssi-premium/"
     shodan-query: 'vuln:CVE-2016-10949'
-  tags: cve,wordpress,wp-plugin,relevanssi-premium,high
+  tags: cve,wordpress,wp-plugin,relevanssi-premium,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10950-28a2dfdb4b89718535fa7dedda6260e9.yaml b/nuclei-templates/2016/CVE-2016-10950-28a2dfdb4b89718535fa7dedda6260e9.yaml
index 65ecf73e8c..8f56726a8f 100644
--- a/nuclei-templates/2016/CVE-2016-10950-28a2dfdb4b89718535fa7dedda6260e9.yaml
+++ b/nuclei-templates/2016/CVE-2016-10950-28a2dfdb4b89718535fa7dedda6260e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Optimizer, Resizer and CDN – Sirv < 1.3.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sirv/"
     google-query: inurl:"/wp-content/plugins/sirv/"
     shodan-query: 'vuln:CVE-2016-10950'
-  tags: cve,wordpress,wp-plugin,sirv,high
+  tags: cve,wordpress,wp-plugin,sirv,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10951-41d0ef3672db9c552872805c429ef89f.yaml b/nuclei-templates/2016/CVE-2016-10951-41d0ef3672db9c552872805c429ef89f.yaml
index 904cdc2e9e..65c2f01081 100644
--- a/nuclei-templates/2016/CVE-2016-10951-41d0ef3672db9c552872805c429ef89f.yaml
+++ b/nuclei-templates/2016/CVE-2016-10951-41d0ef3672db9c552872805c429ef89f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FireStorm Shopping Cart eCommerce Plugin <= 2.07.02 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fs-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/fs-shopping-cart/"
     shodan-query: 'vuln:CVE-2016-10951'
-  tags: cve,wordpress,wp-plugin,fs-shopping-cart,high
+  tags: cve,wordpress,wp-plugin,fs-shopping-cart,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10952-62f03cd88708d633c3bea1020189b887.yaml b/nuclei-templates/2016/CVE-2016-10952-62f03cd88708d633c3bea1020189b887.yaml
index 2336c6575b..f7016a8a41 100644
--- a/nuclei-templates/2016/CVE-2016-10952-62f03cd88708d633c3bea1020189b887.yaml
+++ b/nuclei-templates/2016/CVE-2016-10952-62f03cd88708d633c3bea1020189b887.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quotes Collection < 2.0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quotes-collection/"
     google-query: inurl:"/wp-content/plugins/quotes-collection/"
     shodan-query: 'vuln:CVE-2016-10952'
-  tags: cve,wordpress,wp-plugin,quotes-collection,medium
+  tags: cve,wordpress,wp-plugin,quotes-collection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10953-27ec034aba5d4951c82cebc35f1cf5b5.yaml b/nuclei-templates/2016/CVE-2016-10953-27ec034aba5d4951c82cebc35f1cf5b5.yaml
index 35bfb115b0..b22ec4ff03 100644
--- a/nuclei-templates/2016/CVE-2016-10953-27ec034aba5d4951c82cebc35f1cf5b5.yaml
+++ b/nuclei-templates/2016/CVE-2016-10953-27ec034aba5d4951c82cebc35f1cf5b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Headway < 3.8.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Headway theme before 3.8.9 for WordPress has XSS via the license key field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/headway/"
     google-query: inurl:"/wp-content/themes/headway/"
     shodan-query: 'vuln:CVE-2016-10953'
-  tags: cve,wordpress,wp-theme,headway,medium
+  tags: cve,wordpress,wp-theme,headway,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10959-2dab9495e3032fc043db0a21d11fd446.yaml b/nuclei-templates/2016/CVE-2016-10959-2dab9495e3032fc043db0a21d11fd446.yaml
index fa4844440f..68f65ec47f 100644
--- a/nuclei-templates/2016/CVE-2016-10959-2dab9495e3032fc043db0a21d11fd446.yaml
+++ b/nuclei-templates/2016/CVE-2016-10959-2dab9495e3032fc043db0a21d11fd446.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Estatik <= 2.3.0 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/estatik/"
     google-query: inurl:"/wp-content/plugins/estatik/"
     shodan-query: 'vuln:CVE-2016-10959'
-  tags: cve,wordpress,wp-plugin,estatik,high
+  tags: cve,wordpress,wp-plugin,estatik,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10960-8435cd6b84481f3b14132a8d7f815c94.yaml b/nuclei-templates/2016/CVE-2016-10960-8435cd6b84481f3b14132a8d7f815c94.yaml
index b4729cf25a..e023f5e613 100644
--- a/nuclei-templates/2016/CVE-2016-10960-8435cd6b84481f3b14132a8d7f815c94.yaml
+++ b/nuclei-templates/2016/CVE-2016-10960-8435cd6b84481f3b14132a8d7f815c94.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wSecure Lite < 2.4 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wsecure/"
     google-query: inurl:"/wp-content/plugins/wsecure/"
     shodan-query: 'vuln:CVE-2016-10960'
-  tags: cve,wordpress,wp-plugin,wsecure,high
+  tags: cve,wordpress,wp-plugin,wsecure,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10961-eec026409b2ce5ae4162f07361f714bc.yaml b/nuclei-templates/2016/CVE-2016-10961-eec026409b2ce5ae4162f07361f714bc.yaml
index 9a180b63ed..730f0cf94f 100644
--- a/nuclei-templates/2016/CVE-2016-10961-eec026409b2ce5ae4162f07361f714bc.yaml
+++ b/nuclei-templates/2016/CVE-2016-10961-eec026409b2ce5ae4162f07361f714bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ColorWay <= 3.4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/colorway/"
     google-query: inurl:"/wp-content/themes/colorway/"
     shodan-query: 'vuln:CVE-2016-10961'
-  tags: cve,wordpress,wp-theme,colorway,medium
+  tags: cve,wordpress,wp-theme,colorway,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10962-c7d2eaa1bef247cc946f12a77351dbbb.yaml b/nuclei-templates/2016/CVE-2016-10962-c7d2eaa1bef247cc946f12a77351dbbb.yaml
index 4bf0223ed9..b2f7051f5e 100644
--- a/nuclei-templates/2016/CVE-2016-10962-c7d2eaa1bef247cc946f12a77351dbbb.yaml
+++ b/nuclei-templates/2016/CVE-2016-10962-c7d2eaa1bef247cc946f12a77351dbbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram <= 1.9.18 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icegram/"
     google-query: inurl:"/wp-content/plugins/icegram/"
     shodan-query: 'vuln:CVE-2016-10962'
-  tags: cve,wordpress,wp-plugin,icegram,high
+  tags: cve,wordpress,wp-plugin,icegram,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10963-1b90a29b0e05edb9e0100d5bac6dd543.yaml b/nuclei-templates/2016/CVE-2016-10963-1b90a29b0e05edb9e0100d5bac6dd543.yaml
index 4167283d79..1d2a1c6d01 100644
--- a/nuclei-templates/2016/CVE-2016-10963-1b90a29b0e05edb9e0100d5bac6dd543.yaml
+++ b/nuclei-templates/2016/CVE-2016-10963-1b90a29b0e05edb9e0100d5bac6dd543.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram <= 1.9.18 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The icegram plugin before 1.9.19 for WordPress has XSS in 'message' parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icegram/"
     google-query: inurl:"/wp-content/plugins/icegram/"
     shodan-query: 'vuln:CVE-2016-10963'
-  tags: cve,wordpress,wp-plugin,icegram,medium
+  tags: cve,wordpress,wp-plugin,icegram,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10964-266cec63957d7dffbe45528e32eb40a1.yaml b/nuclei-templates/2016/CVE-2016-10964-266cec63957d7dffbe45528e32eb40a1.yaml
index 9308f67841..2da1bf18ab 100644
--- a/nuclei-templates/2016/CVE-2016-10964-266cec63957d7dffbe45528e32eb40a1.yaml
+++ b/nuclei-templates/2016/CVE-2016-10964-266cec63957d7dffbe45528e32eb40a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     dwnldr < 1.01 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dwnldr/"
     google-query: inurl:"/wp-content/plugins/dwnldr/"
     shodan-query: 'vuln:CVE-2016-10964'
-  tags: cve,wordpress,wp-plugin,dwnldr,medium
+  tags: cve,wordpress,wp-plugin,dwnldr,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10970-ce31848b731129452978ca83014199c1.yaml b/nuclei-templates/2016/CVE-2016-10970-ce31848b731129452978ca83014199c1.yaml
index e5943112e7..5a0972d73d 100644
--- a/nuclei-templates/2016/CVE-2016-10970-ce31848b731129452978ca83014199c1.yaml
+++ b/nuclei-templates/2016/CVE-2016-10970-ce31848b731129452978ca83014199c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SupportFlow <= 0.6 - Cross-Site Scripting via a ticket excerpt.
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportflow/"
     google-query: inurl:"/wp-content/plugins/supportflow/"
     shodan-query: 'vuln:CVE-2016-10970'
-  tags: cve,wordpress,wp-plugin,supportflow,medium
+  tags: cve,wordpress,wp-plugin,supportflow,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10974-656ffc00f499b97cc92334beba62fc4e.yaml b/nuclei-templates/2016/CVE-2016-10974-656ffc00f499b97cc92334beba62fc4e.yaml
index 6feae928f3..4fe1d13aeb 100644
--- a/nuclei-templates/2016/CVE-2016-10974-656ffc00f499b97cc92334beba62fc4e.yaml
+++ b/nuclei-templates/2016/CVE-2016-10974-656ffc00f499b97cc92334beba62fc4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fluid Responsive Slideshow < 2.2.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF bug with Reflected XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluid-responsive-slideshow/"
     google-query: inurl:"/wp-content/plugins/fluid-responsive-slideshow/"
     shodan-query: 'vuln:CVE-2016-10974'
-  tags: cve,wordpress,wp-plugin,fluid-responsive-slideshow,high
+  tags: cve,wordpress,wp-plugin,fluid-responsive-slideshow,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10978-18c927eeaab747daf8dbc085388c3619.yaml b/nuclei-templates/2016/CVE-2016-10978-18c927eeaab747daf8dbc085388c3619.yaml
index f2ed169445..d6b11d69a5 100644
--- a/nuclei-templates/2016/CVE-2016-10978-18c927eeaab747daf8dbc085388c3619.yaml
+++ b/nuclei-templates/2016/CVE-2016-10978-18c927eeaab747daf8dbc085388c3619.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tag Miner (Automatic Tag Extraction) < 1.1.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fossura-tag-miner/"
     google-query: inurl:"/wp-content/plugins/fossura-tag-miner/"
     shodan-query: 'vuln:CVE-2016-10978'
-  tags: cve,wordpress,wp-plugin,fossura-tag-miner,high
+  tags: cve,wordpress,wp-plugin,fossura-tag-miner,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10979-b1f4f06fa1d08e23be33495079a7bf7e.yaml b/nuclei-templates/2016/CVE-2016-10979-b1f4f06fa1d08e23be33495079a7bf7e.yaml
index ff5cc2eb2f..d064941aa9 100644
--- a/nuclei-templates/2016/CVE-2016-10979-b1f4f06fa1d08e23be33495079a7bf7e.yaml
+++ b/nuclei-templates/2016/CVE-2016-10979-b1f4f06fa1d08e23be33495079a7bf7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tag Miner (Automatic Tag Extraction) < 1.1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fossura-tag-miner/"
     google-query: inurl:"/wp-content/plugins/fossura-tag-miner/"
     shodan-query: 'vuln:CVE-2016-10979'
-  tags: cve,wordpress,wp-plugin,fossura-tag-miner,medium
+  tags: cve,wordpress,wp-plugin,fossura-tag-miner,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10981-4f2a3c77ca82525aff6c0c722c03bbb8.yaml b/nuclei-templates/2016/CVE-2016-10981-4f2a3c77ca82525aff6c0c722c03bbb8.yaml
index a3769aa1ec..88b326a828 100644
--- a/nuclei-templates/2016/CVE-2016-10981-4f2a3c77ca82525aff6c0c722c03bbb8.yaml
+++ b/nuclei-templates/2016/CVE-2016-10981-4f2a3c77ca82525aff6c0c722c03bbb8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kento Post View Counter <= 2.8 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kento-post-view-counter/"
     google-query: inurl:"/wp-content/plugins/kento-post-view-counter/"
     shodan-query: 'vuln:CVE-2016-10981'
-  tags: cve,wordpress,wp-plugin,kento-post-view-counter,medium
+  tags: cve,wordpress,wp-plugin,kento-post-view-counter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10982-e343250b5d78372d282c8933d6d57ce1.yaml b/nuclei-templates/2016/CVE-2016-10982-e343250b5d78372d282c8933d6d57ce1.yaml
index 2125a9d0e5..d010e42a94 100644
--- a/nuclei-templates/2016/CVE-2016-10982-e343250b5d78372d282c8933d6d57ce1.yaml
+++ b/nuclei-templates/2016/CVE-2016-10982-e343250b5d78372d282c8933d6d57ce1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kento Post View Counter <= 2.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kento-post-view-counter/"
     google-query: inurl:"/wp-content/plugins/kento-post-view-counter/"
     shodan-query: 'vuln:CVE-2016-10982'
-  tags: cve,wordpress,wp-plugin,kento-post-view-counter,high
+  tags: cve,wordpress,wp-plugin,kento-post-view-counter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10987-99d48d97197070fa6f8afc1ea6ec2bed.yaml b/nuclei-templates/2016/CVE-2016-10987-99d48d97197070fa6f8afc1ea6ec2bed.yaml
index d09a7e4712..060c34b780 100644
--- a/nuclei-templates/2016/CVE-2016-10987-99d48d97197070fa6f8afc1ea6ec2bed.yaml
+++ b/nuclei-templates/2016/CVE-2016-10987-99d48d97197070fa6f8afc1ea6ec2bed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     افزونه پیامک ووکامرس Persian WooCommerce SMS < 3.3.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The persian-woocommerce-sms plugin before 3.3.3 for WordPress has ps_sms_numbers XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/persian-woocommerce-sms/"
     google-query: inurl:"/wp-content/plugins/persian-woocommerce-sms/"
     shodan-query: 'vuln:CVE-2016-10987'
-  tags: cve,wordpress,wp-plugin,persian-woocommerce-sms,medium
+  tags: cve,wordpress,wp-plugin,persian-woocommerce-sms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10988-aa03d96ef5988adea4feb7a4e959e6b8.yaml b/nuclei-templates/2016/CVE-2016-10988-aa03d96ef5988adea4feb7a4e959e6b8.yaml
index b3c0c156cf..eb702adb27 100644
--- a/nuclei-templates/2016/CVE-2016-10988-aa03d96ef5988adea4feb7a4e959e6b8.yaml
+++ b/nuclei-templates/2016/CVE-2016-10988-aa03d96ef5988adea4feb7a4e959e6b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     leenk.me < 2.6.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leenkme/"
     google-query: inurl:"/wp-content/plugins/leenkme/"
     shodan-query: 'vuln:CVE-2016-10988'
-  tags: cve,wordpress,wp-plugin,leenkme,medium
+  tags: cve,wordpress,wp-plugin,leenkme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10989-e628e638290643fc84f3ec2a1da56d28.yaml b/nuclei-templates/2016/CVE-2016-10989-e628e638290643fc84f3ec2a1da56d28.yaml
index a311588159..a35a35555c 100644
--- a/nuclei-templates/2016/CVE-2016-10989-e628e638290643fc84f3ec2a1da56d28.yaml
+++ b/nuclei-templates/2016/CVE-2016-10989-e628e638290643fc84f3ec2a1da56d28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     leenk.me <= 2.5.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leenkme/"
     google-query: inurl:"/wp-content/plugins/leenkme/"
     shodan-query: 'vuln:CVE-2016-10989'
-  tags: cve,wordpress,wp-plugin,leenkme,high
+  tags: cve,wordpress,wp-plugin,leenkme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10991-348a1a0272fab4e16c4ec4e28b1cc2f1.yaml b/nuclei-templates/2016/CVE-2016-10991-348a1a0272fab4e16c4ec4e28b1cc2f1.yaml
index 0149e52553..3f242f447a 100644
--- a/nuclei-templates/2016/CVE-2016-10991-348a1a0272fab4e16c4ec4e28b1cc2f1.yaml
+++ b/nuclei-templates/2016/CVE-2016-10991-348a1a0272fab4e16c4ec4e28b1cc2f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IMDB Profile Widget < 1.0.9 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The IMDB Profile Widget plugin for WordPress is vulnerable to Local File Inclusion in versions up to 1.0.9 via the 'url' parameter found in the 'pic' file. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imdb-widget/"
     google-query: inurl:"/wp-content/plugins/imdb-widget/"
     shodan-query: 'vuln:CVE-2016-10991'
-  tags: cve,wordpress,wp-plugin,imdb-widget,high
+  tags: cve,wordpress,wp-plugin,imdb-widget,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10992-f2983beb380d477fba46a5c5deed43dd.yaml b/nuclei-templates/2016/CVE-2016-10992-f2983beb380d477fba46a5c5deed43dd.yaml
index 1d6b723432..250e20069e 100644
--- a/nuclei-templates/2016/CVE-2016-10992-f2983beb380d477fba46a5c5deed43dd.yaml
+++ b/nuclei-templates/2016/CVE-2016-10992-f2983beb380d477fba46a5c5deed43dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Music Store <= 1.0.41 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/music-store/"
     google-query: inurl:"/wp-content/plugins/music-store/"
     shodan-query: 'vuln:CVE-2016-10992'
-  tags: cve,wordpress,wp-plugin,music-store,medium
+  tags: cve,wordpress,wp-plugin,music-store,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10993-88013bc8aa189f38a19a59f4e02b7e1e.yaml b/nuclei-templates/2016/CVE-2016-10993-88013bc8aa189f38a19a59f4e02b7e1e.yaml
index cc86e62e37..5e1bc26c94 100644
--- a/nuclei-templates/2016/CVE-2016-10993-88013bc8aa189f38a19a59f4e02b7e1e.yaml
+++ b/nuclei-templates/2016/CVE-2016-10993-88013bc8aa189f38a19a59f4e02b7e1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ScoreMe <= 2016-04-01 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/scoreme/"
     google-query: inurl:"/wp-content/themes/scoreme/"
     shodan-query: 'vuln:CVE-2016-10993'
-  tags: cve,wordpress,wp-theme,scoreme,medium
+  tags: cve,wordpress,wp-theme,scoreme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10996-8105121190d01c38a4c87c0ee0fe8654.yaml b/nuclei-templates/2016/CVE-2016-10996-8105121190d01c38a4c87c0ee0fe8654.yaml
index cc89909178..aaac7ff2e7 100644
--- a/nuclei-templates/2016/CVE-2016-10996-8105121190d01c38a4c87c0ee0fe8654.yaml
+++ b/nuclei-templates/2016/CVE-2016-10996-8105121190d01c38a4c87c0ee0fe8654.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder by OptinMonster <= 1.1.4.5 - Remote Code Execution
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The OptinMonster plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.4.5 via the  shortcode() function. This allows unauthenticated attackers to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/optinmonster/"
     google-query: inurl:"/wp-content/plugins/optinmonster/"
     shodan-query: 'vuln:CVE-2016-10996'
-  tags: cve,wordpress,wp-plugin,optinmonster,medium
+  tags: cve,wordpress,wp-plugin,optinmonster,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10997-430614badd7183227eb02d22143e3a52.yaml b/nuclei-templates/2016/CVE-2016-10997-430614badd7183227eb02d22143e3a52.yaml
index 17e6ba7255..825581ea24 100644
--- a/nuclei-templates/2016/CVE-2016-10997-430614badd7183227eb02d22143e3a52.yaml
+++ b/nuclei-templates/2016/CVE-2016-10997-430614badd7183227eb02d22143e3a52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beauty & Clean <= 1.0.8 - Cross-Site Request Forgery & Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php. This can also be exploited without using CSRF tactics.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/beauty-premium/"
     google-query: inurl:"/wp-content/themes/beauty-premium/"
     shodan-query: 'vuln:CVE-2016-10997'
-  tags: cve,wordpress,wp-theme,beauty-premium,high
+  tags: cve,wordpress,wp-theme,beauty-premium,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-10998-427c0efd9f4fe0120009a410add6694b.yaml b/nuclei-templates/2016/CVE-2016-10998-427c0efd9f4fe0120009a410add6694b.yaml
index e9371ac312..1620d2c83b 100644
--- a/nuclei-templates/2016/CVE-2016-10998-427c0efd9f4fe0120009a410add6694b.yaml
+++ b/nuclei-templates/2016/CVE-2016-10998-427c0efd9f4fe0120009a410add6694b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ocim MP3 (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ocim-mp3/"
     google-query: inurl:"/wp-content/plugins/ocim-mp3/"
     shodan-query: 'vuln:CVE-2016-10998'
-  tags: cve,wordpress,wp-plugin,ocim-mp3,medium
+  tags: cve,wordpress,wp-plugin,ocim-mp3,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-11001-e52fe8ccbb854729b4cd4efd3c029a6b.yaml b/nuclei-templates/2016/CVE-2016-11001-e52fe8ccbb854729b4cd4efd3c029a6b.yaml
index fefe78fb9d..cd1836656d 100644
--- a/nuclei-templates/2016/CVE-2016-11001-e52fe8ccbb854729b4cd4efd3c029a6b.yaml
+++ b/nuclei-templates/2016/CVE-2016-11001-e52fe8ccbb854729b4cd4efd3c029a6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Submitted Posts < 20160215 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-submitted-posts/"
     google-query: inurl:"/wp-content/plugins/user-submitted-posts/"
     shodan-query: 'vuln:CVE-2016-11001'
-  tags: cve,wordpress,wp-plugin,user-submitted-posts,high
+  tags: cve,wordpress,wp-plugin,user-submitted-posts,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-11004-a2b478ab05dc0dd0616e45e762ef893a.yaml b/nuclei-templates/2016/CVE-2016-11004-a2b478ab05dc0dd0616e45e762ef893a.yaml
index b52c671d08..ed85aece94 100644
--- a/nuclei-templates/2016/CVE-2016-11004-a2b478ab05dc0dd0616e45e762ef893a.yaml
+++ b/nuclei-templates/2016/CVE-2016-11004-a2b478ab05dc0dd0616e45e762ef893a.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2016-11004
   metadata:
-    fofa-query: "wp-content/plugins/bloom/"
-    google-query: inurl:"/wp-content/plugins/bloom/"
+    fofa-query: "wp-content/plugins/monarch/"
+    google-query: inurl:"/wp-content/plugins/monarch/"
     shodan-query: 'vuln:CVE-2016-11004'
-  tags: cve,wordpress,wp-plugin,bloom,high
+  tags: cve,wordpress,wp-plugin,monarch,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/bloom/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/monarch/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "bloom"
+          - "monarch"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.1.0')
\ No newline at end of file
+          - compare_versions(version, '<= 1.2.6')
\ No newline at end of file
diff --git a/nuclei-templates/2016/CVE-2016-11008-916c5b9976a17729e06d1b6fb0458ebf.yaml b/nuclei-templates/2016/CVE-2016-11008-916c5b9976a17729e06d1b6fb0458ebf.yaml
index d67691f565..e0b1084470 100644
--- a/nuclei-templates/2016/CVE-2016-11008-916c5b9976a17729e06d1b6fb0458ebf.yaml
+++ b/nuclei-templates/2016/CVE-2016-11008-916c5b9976a17729e06d1b6fb0458ebf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-Invoice – Web Invoice and Billing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpi_gateway_base::process_payment() function when using the wpi_paypal payment gateway handler in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to update the meta data of previously invoiced users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-invoice/"
     google-query: inurl:"/wp-content/plugins/wp-invoice/"
     shodan-query: 'vuln:CVE-2016-11008'
-  tags: cve,wordpress,wp-plugin,wp-invoice,medium
+  tags: cve,wordpress,wp-plugin,wp-invoice,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-11009-7137b8fac252650babdfc2fa8502b307.yaml b/nuclei-templates/2016/CVE-2016-11009-7137b8fac252650babdfc2fa8502b307.yaml
index b5a76a830b..45386271c6 100644
--- a/nuclei-templates/2016/CVE-2016-11009-7137b8fac252650babdfc2fa8502b307.yaml
+++ b/nuclei-templates/2016/CVE-2016-11009-7137b8fac252650babdfc2fa8502b307.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-Invoice – Web Invoice and Billing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpi_gateway_base::process_payment() function when using the wpi_interkassa payment gateway handler in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to update the meta data of previously invoiced users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-invoice/"
     google-query: inurl:"/wp-content/plugins/wp-invoice/"
     shodan-query: 'vuln:CVE-2016-11009'
-  tags: cve,wordpress,wp-plugin,wp-invoice,medium
+  tags: cve,wordpress,wp-plugin,wp-invoice,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-11010-875ad9422b6c5059d922fea2bec00a1f.yaml b/nuclei-templates/2016/CVE-2016-11010-875ad9422b6c5059d922fea2bec00a1f.yaml
index 10d8ca37f3..ac54ace343 100644
--- a/nuclei-templates/2016/CVE-2016-11010-875ad9422b6c5059d922fea2bec00a1f.yaml
+++ b/nuclei-templates/2016/CVE-2016-11010-875ad9422b6c5059d922fea2bec00a1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-Invoice – Web Invoice and Billing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpi_gateway_base::process_payment() function when using the wpi_twocheckout payment gateway handler in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to update the meta data of previously invoiced users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-invoice/"
     google-query: inurl:"/wp-content/plugins/wp-invoice/"
     shodan-query: 'vuln:CVE-2016-11010'
-  tags: cve,wordpress,wp-plugin,wp-invoice,medium
+  tags: cve,wordpress,wp-plugin,wp-invoice,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-11012-753b1cfc0cff5215c4137639d86b10b2.yaml b/nuclei-templates/2016/CVE-2016-11012-753b1cfc0cff5215c4137639d86b10b2.yaml
index 001af1da2a..f84ce31930 100644
--- a/nuclei-templates/2016/CVE-2016-11012-753b1cfc0cff5215c4137639d86b10b2.yaml
+++ b/nuclei-templates/2016/CVE-2016-11012-753b1cfc0cff5215c4137639d86b10b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sola Support Tickets < 3.13 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sola-support-tickets/"
     google-query: inurl:"/wp-content/plugins/sola-support-tickets/"
     shodan-query: 'vuln:CVE-2016-11012'
-  tags: cve,wordpress,wp-plugin,sola-support-tickets,medium
+  tags: cve,wordpress,wp-plugin,sola-support-tickets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-11085-658febabd8f8ee9b00c71e69efcbac2c.yaml b/nuclei-templates/2016/CVE-2016-11085-658febabd8f8ee9b00c71e69efcbac2c.yaml
index 32f9c8d013..6cda2e749d 100644
--- a/nuclei-templates/2016/CVE-2016-11085-658febabd8f8ee9b00c71e69efcbac2c.yaml
+++ b/nuclei-templates/2016/CVE-2016-11085-658febabd8f8ee9b00c71e69efcbac2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 4.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7.8. This is due to missing or incorrect nonce validation in the php/qmn_options_questions_tab.php file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2016-11085'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,high
+  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-1160-7d31af080da908940b0bf5332e53662b.yaml b/nuclei-templates/2016/CVE-2016-1160-7d31af080da908940b0bf5332e53662b.yaml
index f457b04791..5a23ce8462 100644
--- a/nuclei-templates/2016/CVE-2016-1160-7d31af080da908940b0bf5332e53662b.yaml
+++ b/nuclei-templates/2016/CVE-2016-1160-7d31af080da908940b0bf5332e53662b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Favorite Posts <= 1.6.5 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-favorite-posts/"
     google-query: inurl:"/wp-content/plugins/wp-favorite-posts/"
     shodan-query: 'vuln:CVE-2016-1160'
-  tags: cve,wordpress,wp-plugin,wp-favorite-posts,medium
+  tags: cve,wordpress,wp-plugin,wp-favorite-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-1564-1793fc29de6c51f3e1cf00f2d46b91e7.yaml b/nuclei-templates/2016/CVE-2016-1564-1793fc29de6c51f3e1cf00f2d46b91e7.yaml
index f3f37ad1d3..9fa8e0687c 100644
--- a/nuclei-templates/2016/CVE-2016-1564-1793fc29de6c51f3e1cf00f2d46b91e7.yaml
+++ b/nuclei-templates/2016/CVE-2016-1564-1793fc29de6c51f3e1cf00f2d46b91e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.4.1 - Cross-Site Scripting via Theme Names
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-1564
   metadata:
     shodan-query: 'vuln:CVE-2016-1564'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-4566-531502c1a73b5136edeed41b3c25b40a.yaml b/nuclei-templates/2016/CVE-2016-4566-531502c1a73b5136edeed41b3c25b40a.yaml
index a602002322..a742b2e524 100644
--- a/nuclei-templates/2016/CVE-2016-4566-531502c1a73b5136edeed41b3c25b40a.yaml
+++ b/nuclei-templates/2016/CVE-2016-4566-531502c1a73b5136edeed41b3c25b40a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.5.2 - Cross-Site Scripting via plupload.flash.swf
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-4566
   metadata:
     shodan-query: 'vuln:CVE-2016-4566'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-4567-6dae0916c42cb6d2e594be15be242836.yaml b/nuclei-templates/2016/CVE-2016-4567-6dae0916c42cb6d2e594be15be242836.yaml
index 91664da567..689af8d24e 100644
--- a/nuclei-templates/2016/CVE-2016-4567-6dae0916c42cb6d2e594be15be242836.yaml
+++ b/nuclei-templates/2016/CVE-2016-4567-6dae0916c42cb6d2e594be15be242836.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.5.2 - Cross-Site Scripting via MediaElement.js
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-4567
   metadata:
     shodan-query: 'vuln:CVE-2016-4567'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-4812-050d7cb19f5f214c16e87b6deb3805d1.yaml b/nuclei-templates/2016/CVE-2016-4812-050d7cb19f5f214c16e87b6deb3805d1.yaml
index 7e6b665d97..b5880e0c51 100644
--- a/nuclei-templates/2016/CVE-2016-4812-050d7cb19f5f214c16e87b6deb3805d1.yaml
+++ b/nuclei-templates/2016/CVE-2016-4812-050d7cb19f5f214c16e87b6deb3805d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Markdown on Save Improved <= 2.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/markdown-on-save-improved/"
     google-query: inurl:"/wp-content/plugins/markdown-on-save-improved/"
     shodan-query: 'vuln:CVE-2016-4812'
-  tags: cve,wordpress,wp-plugin,markdown-on-save-improved,medium
+  tags: cve,wordpress,wp-plugin,markdown-on-save-improved,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-4827-c124fe326fda2227cda364e6977789ed.yaml b/nuclei-templates/2016/CVE-2016-4827-c124fe326fda2227cda364e6977789ed.yaml
index 0bb40eac64..e73dd7078e 100644
--- a/nuclei-templates/2016/CVE-2016-4827-c124fe326fda2227cda364e6977789ed.yaml
+++ b/nuclei-templates/2016/CVE-2016-4827-c124fe326fda2227cda364e6977789ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 1.8.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2016-4827'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
+  tags: cve,wordpress,wp-plugin,usc-e-shop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-4833-acc6eb8dd4e1bc540251436012892eb1.yaml b/nuclei-templates/2016/CVE-2016-4833-acc6eb8dd4e1bc540251436012892eb1.yaml
index ffe48165a3..287c482a49 100644
--- a/nuclei-templates/2016/CVE-2016-4833-acc6eb8dd4e1bc540251436012892eb1.yaml
+++ b/nuclei-templates/2016/CVE-2016-4833-acc6eb8dd4e1bc540251436012892eb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nofollow Links <= 1.0.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nofollow-links/"
     google-query: inurl:"/wp-content/plugins/nofollow-links/"
     shodan-query: 'vuln:CVE-2016-4833'
-  tags: cve,wordpress,wp-plugin,nofollow-links,medium
+  tags: cve,wordpress,wp-plugin,nofollow-links,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-5832-06eaa8e1425630a567e0b531b6144921.yaml b/nuclei-templates/2016/CVE-2016-5832-06eaa8e1425630a567e0b531b6144921.yaml
index 23452996b3..0229b4987b 100644
--- a/nuclei-templates/2016/CVE-2016-5832-06eaa8e1425630a567e0b531b6144921.yaml
+++ b/nuclei-templates/2016/CVE-2016-5832-06eaa8e1425630a567e0b531b6144921.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.5.3 - Cross-Site Scripting via Customizer
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-5832
   metadata:
     shodan-query: 'vuln:CVE-2016-5832'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-5833-b4ae1cbd422cc707f6a60d7100bb98f1.yaml b/nuclei-templates/2016/CVE-2016-5833-b4ae1cbd422cc707f6a60d7100bb98f1.yaml
index 571b5697dc..bcf34faa89 100644
--- a/nuclei-templates/2016/CVE-2016-5833-b4ae1cbd422cc707f6a60d7100bb98f1.yaml
+++ b/nuclei-templates/2016/CVE-2016-5833-b4ae1cbd422cc707f6a60d7100bb98f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name #2
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-5833
   metadata:
     shodan-query: 'vuln:CVE-2016-5833'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-5834-189bad7014e697047ef9a98286efd4ba.yaml b/nuclei-templates/2016/CVE-2016-5834-189bad7014e697047ef9a98286efd4ba.yaml
index e298564a44..931bb29e1b 100644
--- a/nuclei-templates/2016/CVE-2016-5834-189bad7014e697047ef9a98286efd4ba.yaml
+++ b/nuclei-templates/2016/CVE-2016-5834-189bad7014e697047ef9a98286efd4ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-5834
   metadata:
     shodan-query: 'vuln:CVE-2016-5834'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-5837-3556353803358c712408f57b48c86c15.yaml b/nuclei-templates/2016/CVE-2016-5837-3556353803358c712408f57b48c86c15.yaml
index d238dbbcf0..1472b08422 100644
--- a/nuclei-templates/2016/CVE-2016-5837-3556353803358c712408f57b48c86c15.yaml
+++ b/nuclei-templates/2016/CVE-2016-5837-3556353803358c712408f57b48c86c15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.5.3 - Authorization Bypass to Remove Category Attribute
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-5837
   metadata:
     shodan-query: 'vuln:CVE-2016-5837'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-6565-4a8d217f64c4cdfb18ee166f8cd3bec7.yaml b/nuclei-templates/2016/CVE-2016-6565-4a8d217f64c4cdfb18ee166f8cd3bec7.yaml
index f34415fb6d..61d2543fe0 100644
--- a/nuclei-templates/2016/CVE-2016-6565-4a8d217f64c4cdfb18ee166f8cd3bec7.yaml
+++ b/nuclei-templates/2016/CVE-2016-6565-4a8d217f64c4cdfb18ee166f8cd3bec7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGen Gallery <= 2.1.56 - Remote File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2016-6565'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-6634-dda97c7f3b2cab605b5ded8dc805330d.yaml b/nuclei-templates/2016/CVE-2016-6634-dda97c7f3b2cab605b5ded8dc805330d.yaml
index 0abb7419fe..4e3a682c1b 100644
--- a/nuclei-templates/2016/CVE-2016-6634-dda97c7f3b2cab605b5ded8dc805330d.yaml
+++ b/nuclei-templates/2016/CVE-2016-6634-dda97c7f3b2cab605b5ded8dc805330d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.5 - Cross-Site Scripting via Network Settings Page
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-6634
   metadata:
     shodan-query: 'vuln:CVE-2016-6634'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-6635-f53eb1a5057e991c005e324155224f96.yaml b/nuclei-templates/2016/CVE-2016-6635-f53eb1a5057e991c005e324155224f96.yaml
index 46d039602c..acacef9e65 100644
--- a/nuclei-templates/2016/CVE-2016-6635-f53eb1a5057e991c005e324155224f96.yaml
+++ b/nuclei-templates/2016/CVE-2016-6635-f53eb1a5057e991c005e324155224f96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.5 - Cross-Site Request Forgery  via wp_ajax_wp_compression_test
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-6635
   metadata:
     shodan-query: 'vuln:CVE-2016-6635'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-6897-793575cb782549abec6279e8981305af.yaml b/nuclei-templates/2016/CVE-2016-6897-793575cb782549abec6279e8981305af.yaml
index 73249c30f2..322fbe6b51 100644
--- a/nuclei-templates/2016/CVE-2016-6897-793575cb782549abec6279e8981305af.yaml
+++ b/nuclei-templates/2016/CVE-2016-6897-793575cb782549abec6279e8981305af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-6897
   metadata:
     shodan-query: 'vuln:CVE-2016-6897'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-7168-c9150acbdbbdbe684264580cb26cfc8d.yaml b/nuclei-templates/2016/CVE-2016-7168-c9150acbdbbdbe684264580cb26cfc8d.yaml
index 6964cb9513..74d4111e96 100644
--- a/nuclei-templates/2016/CVE-2016-7168-c9150acbdbbdbe684264580cb26cfc8d.yaml
+++ b/nuclei-templates/2016/CVE-2016-7168-c9150acbdbbdbe684264580cb26cfc8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.6.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-7168
   metadata:
     shodan-query: 'vuln:CVE-2016-7168'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2016/CVE-2016-7169-68cd0d8404410b84b22d009411f84df8.yaml b/nuclei-templates/2016/CVE-2016-7169-68cd0d8404410b84b22d009411f84df8.yaml
index efd4503f6b..154f022fcc 100644
--- a/nuclei-templates/2016/CVE-2016-7169-68cd0d8404410b84b22d009411f84df8.yaml
+++ b/nuclei-templates/2016/CVE-2016-7169-68cd0d8404410b84b22d009411f84df8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.6.1 - Authenticated Directory Traversal to Arbitrary File Access
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2016-7169
   metadata:
     shodan-query: 'vuln:CVE-2016-7169'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1000038-13c50b13a503600e0189283b0a2ceddd.yaml b/nuclei-templates/2017/CVE-2017-1000038-13c50b13a503600e0189283b0a2ceddd.yaml
index 715c058f38..82917386a5 100644
--- a/nuclei-templates/2017/CVE-2017-1000038-13c50b13a503600e0189283b0a2ceddd.yaml
+++ b/nuclei-templates/2017/CVE-2017-1000038-13c50b13a503600e0189283b0a2ceddd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevanssi – A Better Search <= 3.5.7.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/relevanssi/"
     google-query: inurl:"/wp-content/plugins/relevanssi/"
     shodan-query: 'vuln:CVE-2017-1000038'
-  tags: cve,wordpress,wp-plugin,relevanssi,medium
+  tags: cve,wordpress,wp-plugin,relevanssi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1000170-49f7af60a7d6ca8e6785ad7873768f2a.yaml b/nuclei-templates/2017/CVE-2017-1000170-49f7af60a7d6ca8e6785ad7873768f2a.yaml
index 186b0c72a7..42beae3c95 100644
--- a/nuclei-templates/2017/CVE-2017-1000170-49f7af60a7d6ca8e6785ad7873768f2a.yaml
+++ b/nuclei-templates/2017/CVE-2017-1000170-49f7af60a7d6ca8e6785ad7873768f2a.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2017-1000170
   metadata:
-    fofa-query: "wp-content/plugins/better-search-tmc/"
-    google-query: inurl:"/wp-content/plugins/better-search-tmc/"
+    fofa-query: "wp-content/plugins/delightful-downloads/"
+    google-query: inurl:"/wp-content/plugins/delightful-downloads/"
     shodan-query: 'vuln:CVE-2017-1000170'
-  tags: cve,wordpress,wp-plugin,better-search-tmc,high
+  tags: cve,wordpress,wp-plugin,delightful-downloads,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/better-search-tmc/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/delightful-downloads/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "better-search-tmc"
+          - "delightful-downloads"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.0.52')
\ No newline at end of file
+          - compare_versions(version, '<= 2.1.5')
\ No newline at end of file
diff --git a/nuclei-templates/2017/CVE-2017-1000227-26ee088c8368fd2a8bcecfc18ae8bb11.yaml b/nuclei-templates/2017/CVE-2017-1000227-26ee088c8368fd2a8bcecfc18ae8bb11.yaml
index f3dff93584..feb453e213 100644
--- a/nuclei-templates/2017/CVE-2017-1000227-26ee088c8368fd2a8bcecfc18ae8bb11.yaml
+++ b/nuclei-templates/2017/CVE-2017-1000227-26ee088c8368fd2a8bcecfc18ae8bb11.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salutation < 3.0.16 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/salutation-wp/"
     google-query: inurl:"/wp-content/themes/salutation-wp/"
     shodan-query: 'vuln:CVE-2017-1000227'
-  tags: cve,wordpress,wp-theme,salutation-wp,medium
+  tags: cve,wordpress,wp-theme,salutation-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1000227-ab49cd0603fd2aad8bd2addfd19e8e37.yaml b/nuclei-templates/2017/CVE-2017-1000227-ab49cd0603fd2aad8bd2addfd19e8e37.yaml
index f2ca970734..8ab4754606 100644
--- a/nuclei-templates/2017/CVE-2017-1000227-ab49cd0603fd2aad8bd2addfd19e8e37.yaml
+++ b/nuclei-templates/2017/CVE-2017-1000227-ab49cd0603fd2aad8bd2addfd19e8e37.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salutation Responsive WordPress Theme < 3.0.16 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/parallelus-salutation/"
     google-query: inurl:"/wp-content/themes/parallelus-salutation/"
     shodan-query: 'vuln:CVE-2017-1000227'
-  tags: cve,wordpress,wp-theme,parallelus-salutation,medium
+  tags: cve,wordpress,wp-theme,parallelus-salutation,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1002000-719ff6e603e56a8355496bcf6077970d.yaml b/nuclei-templates/2017/CVE-2017-1002000-719ff6e603e56a8355496bcf6077970d.yaml
index 8919f78f99..f7519b4e3a 100644
--- a/nuclei-templates/2017/CVE-2017-1002000-719ff6e603e56a8355496bcf6077970d.yaml
+++ b/nuclei-templates/2017/CVE-2017-1002000-719ff6e603e56a8355496bcf6077970d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     How to Create an App for Android iPhone Easytouch <= 3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mobile-friendly-app-builder-by-easytouch/"
     google-query: inurl:"/wp-content/plugins/mobile-friendly-app-builder-by-easytouch/"
     shodan-query: 'vuln:CVE-2017-1002000'
-  tags: cve,wordpress,wp-plugin,mobile-friendly-app-builder-by-easytouch,medium
+  tags: cve,wordpress,wp-plugin,mobile-friendly-app-builder-by-easytouch,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1002010-c2edf18b1dc2c5d697f81727cd0bac3f.yaml b/nuclei-templates/2017/CVE-2017-1002010-c2edf18b1dc2c5d697f81727cd0bac3f.yaml
index d186d1b01f..01b493cf62 100644
--- a/nuclei-templates/2017/CVE-2017-1002010-c2edf18b1dc2c5d697f81727cd0bac3f.yaml
+++ b/nuclei-templates/2017/CVE-2017-1002010-c2edf18b1dc2c5d697f81727cd0bac3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Membership Simplified <= 1.58 Beta - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/membership-simplified-for-oap-members-only/"
     google-query: inurl:"/wp-content/plugins/membership-simplified-for-oap-members-only/"
     shodan-query: 'vuln:CVE-2017-1002010'
-  tags: cve,wordpress,wp-plugin,membership-simplified-for-oap-members-only,high
+  tags: cve,wordpress,wp-plugin,membership-simplified-for-oap-members-only,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1002011-f04fb223e6bc1b82dc5e818d9e40fb20.yaml b/nuclei-templates/2017/CVE-2017-1002011-f04fb223e6bc1b82dc5e818d9e40fb20.yaml
index fcfa7d54f3..a959af1452 100644
--- a/nuclei-templates/2017/CVE-2017-1002011-f04fb223e6bc1b82dc5e818d9e40fb20.yaml
+++ b/nuclei-templates/2017/CVE-2017-1002011-f04fb223e6bc1b82dc5e818d9e40fb20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Gallery with Slideshow Plugin <= 1.5.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-gallery-with-slideshow/"
     google-query: inurl:"/wp-content/plugins/image-gallery-with-slideshow/"
     shodan-query: 'vuln:CVE-2017-1002011'
-  tags: cve,wordpress,wp-plugin,image-gallery-with-slideshow,medium
+  tags: cve,wordpress,wp-plugin,image-gallery-with-slideshow,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1002020-ed4e4356cd22d0451cce02bf7c3fe0f8.yaml b/nuclei-templates/2017/CVE-2017-1002020-ed4e4356cd22d0451cce02bf7c3fe0f8.yaml
index e4cfa0fca9..659d40df02 100644
--- a/nuclei-templates/2017/CVE-2017-1002020-ed4e4356cd22d0451cce02bf7c3fe0f8.yaml
+++ b/nuclei-templates/2017/CVE-2017-1002020-ed4e4356cd22d0451cce02bf7c3fe0f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Surveys 1.01.8 - Authenticated SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/surveys/"
     google-query: inurl:"/wp-content/plugins/surveys/"
     shodan-query: 'vuln:CVE-2017-1002020'
-  tags: cve,wordpress,wp-plugin,surveys,critical
+  tags: cve,wordpress,wp-plugin,surveys,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1002022-ddf10b902ecdb6f3ecf20febec84cbe8.yaml b/nuclei-templates/2017/CVE-2017-1002022-ddf10b902ecdb6f3ecf20febec84cbe8.yaml
index 05435d450a..2d75d6681a 100644
--- a/nuclei-templates/2017/CVE-2017-1002022-ddf10b902ecdb6f3ecf20febec84cbe8.yaml
+++ b/nuclei-templates/2017/CVE-2017-1002022-ddf10b902ecdb6f3ecf20febec84cbe8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     surveys <= 1.01.8 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The surveys plugin for WordPress is vulnerable to generic SQL Injection via the ‘action’ parameter in versions up to, and including, 1.01.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/surveys/"
     google-query: inurl:"/wp-content/plugins/surveys/"
     shodan-query: 'vuln:CVE-2017-1002022'
-  tags: cve,wordpress,wp-plugin,surveys,high
+  tags: cve,wordpress,wp-plugin,surveys,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1002025-1b2dceeb5f112c4d4e1d47bb3fb62e6f.yaml b/nuclei-templates/2017/CVE-2017-1002025-1b2dceeb5f112c4d4e1d47bb3fb62e6f.yaml
index b1d93b0cd0..1a90ee76b2 100644
--- a/nuclei-templates/2017/CVE-2017-1002025-1b2dceeb5f112c4d4e1d47bb3fb62e6f.yaml
+++ b/nuclei-templates/2017/CVE-2017-1002025-1b2dceeb5f112c4d4e1d47bb3fb62e6f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Edit Delete Listing Module <= 1.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-edit-delete-listing-for-member-module/"
     google-query: inurl:"/wp-content/plugins/add-edit-delete-listing-for-member-module/"
     shodan-query: 'vuln:CVE-2017-1002025'
-  tags: cve,wordpress,wp-plugin,add-edit-delete-listing-for-member-module,high
+  tags: cve,wordpress,wp-plugin,add-edit-delete-listing-for-member-module,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1002026-3faf59fe255a23ab6371375fbe88c459.yaml b/nuclei-templates/2017/CVE-2017-1002026-3faf59fe255a23ab6371375fbe88c459.yaml
index 41ee33b872..eb540f35e7 100644
--- a/nuclei-templates/2017/CVE-2017-1002026-3faf59fe255a23ab6371375fbe88c459.yaml
+++ b/nuclei-templates/2017/CVE-2017-1002026-3faf59fe255a23ab6371375fbe88c459.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Expresso Free <= 3.1.37.11.L - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-espresso-free/"
     google-query: inurl:"/wp-content/plugins/event-espresso-free/"
     shodan-query: 'vuln:CVE-2017-1002026'
-  tags: cve,wordpress,wp-plugin,event-espresso-free,high
+  tags: cve,wordpress,wp-plugin,event-espresso-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-1002027-9a2bf7d17126275dce9aeca280888e4f.yaml b/nuclei-templates/2017/CVE-2017-1002027-9a2bf7d17126275dce9aeca280888e4f.yaml
index 260f8a169e..b85e6278e6 100644
--- a/nuclei-templates/2017/CVE-2017-1002027-9a2bf7d17126275dce9aeca280888e4f.yaml
+++ b/nuclei-templates/2017/CVE-2017-1002027-9a2bf7d17126275dce9aeca280888e4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RK Responsive Contact Form <= 1.0.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Vulnerability in wordpress plugin rk-responsive-contact-form v1.0.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rk-responsive-contact-form/"
     google-query: inurl:"/wp-content/plugins/rk-responsive-contact-form/"
     shodan-query: 'vuln:CVE-2017-1002027'
-  tags: cve,wordpress,wp-plugin,rk-responsive-contact-form,high
+  tags: cve,wordpress,wp-plugin,rk-responsive-contact-form,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-10991-d323b2ee541571a78879d377867cb57c.yaml b/nuclei-templates/2017/CVE-2017-10991-d323b2ee541571a78879d377867cb57c.yaml
index c2791ca6c1..2c3665d1c8 100644
--- a/nuclei-templates/2017/CVE-2017-10991-d323b2ee541571a78879d377867cb57c.yaml
+++ b/nuclei-templates/2017/CVE-2017-10991-d323b2ee541571a78879d377867cb57c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 12.0.9 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:CVE-2017-10991'
-  tags: cve,wordpress,wp-plugin,wp-statistics,medium
+  tags: cve,wordpress,wp-plugin,wp-statistics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-11658-b300eab2789f0638494228aea0ada3b0.yaml b/nuclei-templates/2017/CVE-2017-11658-b300eab2789f0638494228aea0ada3b0.yaml
index 828b848dd2..3e83afbbbd 100644
--- a/nuclei-templates/2017/CVE-2017-11658-b300eab2789f0638494228aea0ada3b0.yaml
+++ b/nuclei-templates/2017/CVE-2017-11658-b300eab2789f0638494228aea0ada3b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Rocket <= 2.10.3 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     In the WP Rocket plugin 2.10.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rocket/"
     google-query: inurl:"/wp-content/plugins/wp-rocket/"
     shodan-query: 'vuln:CVE-2017-11658'
-  tags: cve,wordpress,wp-plugin,wp-rocket,high
+  tags: cve,wordpress,wp-plugin,wp-rocket,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-12068-1b4409ad110c3c389ee584578fde5c3f.yaml b/nuclei-templates/2017/CVE-2017-12068-1b4409ad110c3c389ee584578fde5c3f.yaml
index 73d1a5dcff..9f2e5c3bbe 100644
--- a/nuclei-templates/2017/CVE-2017-12068-1b4409ad110c3c389ee584578fde5c3f.yaml
+++ b/nuclei-templates/2017/CVE-2017-12068-1b4409ad110c3c389ee584578fde5c3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event List <= 0.7.9 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-list/"
     google-query: inurl:"/wp-content/plugins/event-list/"
     shodan-query: 'vuln:CVE-2017-12068'
-  tags: cve,wordpress,wp-plugin,event-list,medium
+  tags: cve,wordpress,wp-plugin,event-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-12131-ded406378489866866417fd6ec210840.yaml b/nuclei-templates/2017/CVE-2017-12131-ded406378489866866417fd6ec210840.yaml
index 25cf13b217..1bd5e7a0c0 100644
--- a/nuclei-templates/2017/CVE-2017-12131-ded406378489866866417fd6ec210840.yaml
+++ b/nuclei-templates/2017/CVE-2017-12131-ded406378489866866417fd6ec210840.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Testimonials <= 3.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-testimonials/"
     google-query: inurl:"/wp-content/plugins/easy-testimonials/"
     shodan-query: 'vuln:CVE-2017-12131'
-  tags: cve,wordpress,wp-plugin,easy-testimonials,medium
+  tags: cve,wordpress,wp-plugin,easy-testimonials,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-12200-299e26f66452f89b69cd95a12049938a.yaml b/nuclei-templates/2017/CVE-2017-12200-299e26f66452f89b69cd95a12049938a.yaml
index e5eb60f4ab..b2f184f880 100644
--- a/nuclei-templates/2017/CVE-2017-12200-299e26f66452f89b69cd95a12049938a.yaml
+++ b/nuclei-templates/2017/CVE-2017-12200-299e26f66452f89b69cd95a12049938a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Product Catalog <= 4.2.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-product-catalogue/"
     google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/"
     shodan-query: 'vuln:CVE-2017-12200'
-  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,medium
+  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-12651-c17200ba4236119c0958120e5b5ef5cb.yaml b/nuclei-templates/2017/CVE-2017-12651-c17200ba4236119c0958120e5b5ef5cb.yaml
index 3b81e2cc2e..82fb306e08 100644
--- a/nuclei-templates/2017/CVE-2017-12651-c17200ba4236119c0958120e5b5ef5cb.yaml
+++ b/nuclei-templates/2017/CVE-2017-12651-c17200ba4236119c0958120e5b5ef5cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Loginizer <= 1.3.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/loginizer/"
     google-query: inurl:"/wp-content/plugins/loginizer/"
     shodan-query: 'vuln:CVE-2017-12651'
-  tags: cve,wordpress,wp-plugin,loginizer,high
+  tags: cve,wordpress,wp-plugin,loginizer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-12946-c2574a7a9b79ad452c99c332f592fe5f.yaml b/nuclei-templates/2017/CVE-2017-12946-c2574a7a9b79ad452c99c332f592fe5f.yaml
index 7b9fe14487..6103e045d4 100644
--- a/nuclei-templates/2017/CVE-2017-12946-c2574a7a9b79ad452c99c332f592fe5f.yaml
+++ b/nuclei-templates/2017/CVE-2017-12946-c2574a7a9b79ad452c99c332f592fe5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Modal < 2.1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-modal/"
     google-query: inurl:"/wp-content/plugins/easy-modal/"
     shodan-query: 'vuln:CVE-2017-12946'
-  tags: cve,wordpress,wp-plugin,easy-modal,high
+  tags: cve,wordpress,wp-plugin,easy-modal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-12947-f615078fb53a8f47f20c6cb2792c121c.yaml b/nuclei-templates/2017/CVE-2017-12947-f615078fb53a8f47f20c6cb2792c121c.yaml
index f4df3f4b05..e5970da05b 100644
--- a/nuclei-templates/2017/CVE-2017-12947-f615078fb53a8f47f20c6cb2792c121c.yaml
+++ b/nuclei-templates/2017/CVE-2017-12947-f615078fb53a8f47f20c6cb2792c121c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Modal < 2.1.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-modal/"
     google-query: inurl:"/wp-content/plugins/easy-modal/"
     shodan-query: 'vuln:CVE-2017-12947'
-  tags: cve,wordpress,wp-plugin,easy-modal,high
+  tags: cve,wordpress,wp-plugin,easy-modal,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-12948-618eabaed47a418425ba258f61366c0d.yaml b/nuclei-templates/2017/CVE-2017-12948-618eabaed47a418425ba258f61366c0d.yaml
index d9e32d1755..54b6482af7 100644
--- a/nuclei-templates/2017/CVE-2017-12948-618eabaed47a418425ba258f61366c0d.yaml
+++ b/nuclei-templates/2017/CVE-2017-12948-618eabaed47a418425ba258f61366c0d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PressForward <= 5.2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Core\Admin\PFTemplater.php in the PressForward plugin 5.2.3 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pressforward/"
     google-query: inurl:"/wp-content/plugins/pressforward/"
     shodan-query: 'vuln:CVE-2017-12948'
-  tags: cve,wordpress,wp-plugin,pressforward,medium
+  tags: cve,wordpress,wp-plugin,pressforward,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-12949-c5c5fe7ae04b300c4245ab22359369aa.yaml b/nuclei-templates/2017/CVE-2017-12949-c5c5fe7ae04b300c4245ab22359369aa.yaml
index e817beb22c..d986f88adf 100644
--- a/nuclei-templates/2017/CVE-2017-12949-c5c5fe7ae04b300c4245ab22359369aa.yaml
+++ b/nuclei-templates/2017/CVE-2017-12949-c5c5fe7ae04b300c4245ab22359369aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Podcast Publisher <= 2.5.3 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2017-12949'
-  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,high
+  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-12977-7d9c26b229d5c8003d8d09b623e0e129.yaml b/nuclei-templates/2017/CVE-2017-12977-7d9c26b229d5c8003d8d09b623e0e129.yaml
index 408791c755..af0d41591d 100644
--- a/nuclei-templates/2017/CVE-2017-12977-7d9c26b229d5c8003d8d09b623e0e129.yaml
+++ b/nuclei-templates/2017/CVE-2017-12977-7d9c26b229d5c8003d8d09b623e0e129.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.3.50 - Authenticated SQL Injection via tag_id Parameter
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2017-12977'
-  tags: cve,wordpress,wp-plugin,photo-gallery,high
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-13138-c39e88fb98a263a4718fa22351cd75a3.yaml b/nuclei-templates/2017/CVE-2017-13138-c39e88fb98a263a4718fa22351cd75a3.yaml
index 5745383b03..516b9486c7 100644
--- a/nuclei-templates/2017/CVE-2017-13138-c39e88fb98a263a4718fa22351cd75a3.yaml
+++ b/nuclei-templates/2017/CVE-2017-13138-c39e88fb98a263a4718fa22351cd75a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bridge - Creative Multipurpose WordPress Theme < 11.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/bridge/"
     google-query: inurl:"/wp-content/themes/bridge/"
     shodan-query: 'vuln:CVE-2017-13138'
-  tags: cve,wordpress,wp-theme,bridge,medium
+  tags: cve,wordpress,wp-theme,bridge,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14126-e0584db35cbb9869be95ba6010b7c0f4.yaml b/nuclei-templates/2017/CVE-2017-14126-e0584db35cbb9869be95ba6010b7c0f4.yaml
index 46bcfac6b5..fbf10cc75c 100644
--- a/nuclei-templates/2017/CVE-2017-14126-e0584db35cbb9869be95ba6010b7c0f4.yaml
+++ b/nuclei-templates/2017/CVE-2017-14126-e0584db35cbb9869be95ba6010b7c0f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Participants Database <= 1.7.5.9 - Unauthorized Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Participants Database plugin for WordPress is vulnerable to Cross-Site Scripting via the 'Name' paremeter in versions up to, and including, 1.7.5.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/participants-database/"
     google-query: inurl:"/wp-content/plugins/participants-database/"
     shodan-query: 'vuln:CVE-2017-14126'
-  tags: cve,wordpress,wp-plugin,participants-database,medium
+  tags: cve,wordpress,wp-plugin,participants-database,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14530-44c866df4156e18647ea081befd62b4f.yaml b/nuclei-templates/2017/CVE-2017-14530-44c866df4156e18647ea081befd62b4f.yaml
index 3249d98740..92c6c10627 100644
--- a/nuclei-templates/2017/CVE-2017-14530-44c866df4156e18647ea081befd62b4f.yaml
+++ b/nuclei-templates/2017/CVE-2017-14530-44c866df4156e18647ea081befd62b4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crony Cronjob Manager < 0.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crony/"
     google-query: inurl:"/wp-content/plugins/crony/"
     shodan-query: 'vuln:CVE-2017-14530'
-  tags: cve,wordpress,wp-plugin,crony,high
+  tags: cve,wordpress,wp-plugin,crony,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14718-07ca900da4dc5001e6cb25234fc6e73d.yaml b/nuclei-templates/2017/CVE-2017-14718-07ca900da4dc5001e6cb25234fc6e73d.yaml
index 02ea8df378..ade2493510 100644
--- a/nuclei-templates/2017/CVE-2017-14718-07ca900da4dc5001e6cb25234fc6e73d.yaml
+++ b/nuclei-templates/2017/CVE-2017-14718-07ca900da4dc5001e6cb25234fc6e73d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.8.2 - Cross-Site Scripting via Javascript: and Data: URLs
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-14718
   metadata:
     shodan-query: 'vuln:CVE-2017-14718'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14720-2bba5d9d8ab9c1e3d8162257b423cea8.yaml b/nuclei-templates/2017/CVE-2017-14720-2bba5d9d8ab9c1e3d8162257b423cea8.yaml
index 0dcf6697b9..a10366e3fe 100644
--- a/nuclei-templates/2017/CVE-2017-14720-2bba5d9d8ab9c1e3d8162257b423cea8.yaml
+++ b/nuclei-templates/2017/CVE-2017-14720-2bba5d9d8ab9c1e3d8162257b423cea8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.8.2 - Cross-Site Scripting via Template Name
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-14720
   metadata:
     shodan-query: 'vuln:CVE-2017-14720'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14721-c8fd14ca7da27ed4c689b2c4e745761c.yaml b/nuclei-templates/2017/CVE-2017-14721-c8fd14ca7da27ed4c689b2c4e745761c.yaml
index dee172b1c7..1a83aa270c 100644
--- a/nuclei-templates/2017/CVE-2017-14721-c8fd14ca7da27ed4c689b2c4e745761c.yaml
+++ b/nuclei-templates/2017/CVE-2017-14721-c8fd14ca7da27ed4c689b2c4e745761c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.8.2 - Stored Cross-Site Scripting via Plugin Names
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-14721
   metadata:
     shodan-query: 'vuln:CVE-2017-14721'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14724-77d0dd5a2fc10c56c574031709910e3c.yaml b/nuclei-templates/2017/CVE-2017-14724-77d0dd5a2fc10c56c574031709910e3c.yaml
index 209631fafa..a9b9d2c7a7 100644
--- a/nuclei-templates/2017/CVE-2017-14724-77d0dd5a2fc10c56c574031709910e3c.yaml
+++ b/nuclei-templates/2017/CVE-2017-14724-77d0dd5a2fc10c56c574031709910e3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.8.2 - Cross-Site Scripting in oEmbed
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-14724
   metadata:
     shodan-query: 'vuln:CVE-2017-14724'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14726-c64e96aaac6f414a27f722db57e620e7.yaml b/nuclei-templates/2017/CVE-2017-14726-c64e96aaac6f414a27f722db57e620e7.yaml
index c5fb6b4730..84cd667b88 100644
--- a/nuclei-templates/2017/CVE-2017-14726-c64e96aaac6f414a27f722db57e620e7.yaml
+++ b/nuclei-templates/2017/CVE-2017-14726-c64e96aaac6f414a27f722db57e620e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.8.2 - Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-14726
   metadata:
     shodan-query: 'vuln:CVE-2017-14726'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14751-1a1e231870f2d36ae969bc3201047b95.yaml b/nuclei-templates/2017/CVE-2017-14751-1a1e231870f2d36ae969bc3201047b95.yaml
index 53190701b9..974784aa93 100644
--- a/nuclei-templates/2017/CVE-2017-14751-1a1e231870f2d36ae969bc3201047b95.yaml
+++ b/nuclei-templates/2017/CVE-2017-14751-1a1e231870f2d36ae969bc3201047b95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Jobs < 1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-jobs/"
     google-query: inurl:"/wp-content/plugins/wp-jobs/"
     shodan-query: 'vuln:CVE-2017-14751'
-  tags: cve,wordpress,wp-plugin,wp-jobs,medium
+  tags: cve,wordpress,wp-plugin,wp-jobs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14842-43a98edb387e539611a5da070feef314.yaml b/nuclei-templates/2017/CVE-2017-14842-43a98edb387e539611a5da070feef314.yaml
index 85cf90163b..0a9fbf7bb7 100644
--- a/nuclei-templates/2017/CVE-2017-14842-43a98edb387e539611a5da070feef314.yaml
+++ b/nuclei-templates/2017/CVE-2017-14842-43a98edb387e539611a5da070feef314.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SMSmaster – Multipurpose SMS Gateway for Wordpress (All Versions) - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smsmaster/"
     google-query: inurl:"/wp-content/plugins/smsmaster/"
     shodan-query: 'vuln:CVE-2017-14842'
-  tags: cve,wordpress,wp-plugin,smsmaster,high
+  tags: cve,wordpress,wp-plugin,smsmaster,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14843-b8bed2657e8d7d4ab8d4bb6fbdc93698.yaml b/nuclei-templates/2017/CVE-2017-14843-b8bed2657e8d7d4ab8d4bb6fbdc93698.yaml
index 861c9f9caf..ba8aec5a89 100644
--- a/nuclei-templates/2017/CVE-2017-14843-b8bed2657e8d7d4ab8d4bb6fbdc93698.yaml
+++ b/nuclei-templates/2017/CVE-2017-14843-b8bed2657e8d7d4ab8d4bb6fbdc93698.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mojoomla School Management System (Unspecified Version) - Authenticated (Student+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Mojoomla School Management System plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in unknown versions due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with student-level access to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/school-management/"
     google-query: inurl:"/wp-content/plugins/school-management/"
     shodan-query: 'vuln:CVE-2017-14843'
-  tags: cve,wordpress,wp-plugin,school-management,high
+  tags: cve,wordpress,wp-plugin,school-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14844-398be83e4279f1a443c4d3cb2c5b8198.yaml b/nuclei-templates/2017/CVE-2017-14844-398be83e4279f1a443c4d3cb2c5b8198.yaml
index 5006b84bb2..2c16fcd5db 100644
--- a/nuclei-templates/2017/CVE-2017-14844-398be83e4279f1a443c4d3cb2c5b8198.yaml
+++ b/nuclei-templates/2017/CVE-2017-14844-398be83e4279f1a443c4d3cb2c5b8198.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPGYM - Wordpress Gym Management System (Unknown Version) - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gym-management/"
     google-query: inurl:"/wp-content/plugins/gym-management/"
     shodan-query: 'vuln:CVE-2017-14844'
-  tags: cve,wordpress,wp-plugin,gym-management,high
+  tags: cve,wordpress,wp-plugin,gym-management,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14845-a6893186307907fca26272a54fd950bf.yaml b/nuclei-templates/2017/CVE-2017-14845-a6893186307907fca26272a54fd950bf.yaml
index 34cbca5287..06204024a2 100644
--- a/nuclei-templates/2017/CVE-2017-14845-a6893186307907fca26272a54fd950bf.yaml
+++ b/nuclei-templates/2017/CVE-2017-14845-a6893186307907fca26272a54fd950bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPCHURCH - Church Management System for Wordpress Theme < 13-07-2019 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/church-management/"
     google-query: inurl:"/wp-content/plugins/church-management/"
     shodan-query: 'vuln:CVE-2017-14845'
-  tags: cve,wordpress,wp-plugin,church-management,high
+  tags: cve,wordpress,wp-plugin,church-management,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14846-6c841a99daf37cae6f46cd0d753efccb.yaml b/nuclei-templates/2017/CVE-2017-14846-6c841a99daf37cae6f46cd0d753efccb.yaml
index 585f5d8c8e..18be2f534a 100644
--- a/nuclei-templates/2017/CVE-2017-14846-6c841a99daf37cae6f46cd0d753efccb.yaml
+++ b/nuclei-templates/2017/CVE-2017-14846-6c841a99daf37cae6f46cd0d753efccb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mojoomla Hospital Management System for WordPress Theme < 22-05-2018 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hospital-management/"
     google-query: inurl:"/wp-content/plugins/hospital-management/"
     shodan-query: 'vuln:CVE-2017-14846'
-  tags: cve,wordpress,wp-plugin,hospital-management,high
+  tags: cve,wordpress,wp-plugin,hospital-management,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14847-00968ba3e8c09884c42e4fbfc8959579.yaml b/nuclei-templates/2017/CVE-2017-14847-00968ba3e8c09884c42e4fbfc8959579.yaml
index d2ee2b0b4b..44915ae062 100644
--- a/nuclei-templates/2017/CVE-2017-14847-00968ba3e8c09884c42e4fbfc8959579.yaml
+++ b/nuclei-templates/2017/CVE-2017-14847-00968ba3e8c09884c42e4fbfc8959579.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPAMS - Apartment Management System for wordpress Theme < 17-07-2019 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/apartment-management/"
     google-query: inurl:"/wp-content/plugins/apartment-management/"
     shodan-query: 'vuln:CVE-2017-14847'
-  tags: cve,wordpress,wp-plugin,apartment-management,high
+  tags: cve,wordpress,wp-plugin,apartment-management,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-14848-d1dc7536ba0bbf23ad7893c422769d48.yaml b/nuclei-templates/2017/CVE-2017-14848-d1dc7536ba0bbf23ad7893c422769d48.yaml
index f185c79033..6c04d39ca5 100644
--- a/nuclei-templates/2017/CVE-2017-14848-d1dc7536ba0bbf23ad7893c422769d48.yaml
+++ b/nuclei-templates/2017/CVE-2017-14848-d1dc7536ba0bbf23ad7893c422769d48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPHRM - Human Resource Management System < 1.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/wphrm/"
     google-query: inurl:"/wp-content/themes/wphrm/"
     shodan-query: 'vuln:CVE-2017-14848'
-  tags: cve,wordpress,wp-theme,wphrm,high
+  tags: cve,wordpress,wp-theme,wphrm,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-15375-251f38cefaa8d1370dc48f71e7aae210.yaml b/nuclei-templates/2017/CVE-2017-15375-251f38cefaa8d1370dc48f71e7aae210.yaml
index 1e7f25bc58..185278db64 100644
--- a/nuclei-templates/2017/CVE-2017-15375-251f38cefaa8d1370dc48f71e7aae210.yaml
+++ b/nuclei-templates/2017/CVE-2017-15375-251f38cefaa8d1370dc48f71e7aae210.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPJobBoard <= 4.5.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpjobboard/"
     google-query: inurl:"/wp-content/plugins/wpjobboard/"
     shodan-query: 'vuln:CVE-2017-15375'
-  tags: cve,wordpress,wp-plugin,wpjobboard,medium
+  tags: cve,wordpress,wp-plugin,wpjobboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-15812-84cb3311236885a9e904cbe429619629.yaml b/nuclei-templates/2017/CVE-2017-15812-84cb3311236885a9e904cbe429619629.yaml
index 5566f94126..0887185491 100644
--- a/nuclei-templates/2017/CVE-2017-15812-84cb3311236885a9e904cbe429619629.yaml
+++ b/nuclei-templates/2017/CVE-2017-15812-84cb3311236885a9e904cbe429619629.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Appointments < 1.12.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings value in the admin panel.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-appointments/"
     google-query: inurl:"/wp-content/plugins/easy-appointments/"
     shodan-query: 'vuln:CVE-2017-15812'
-  tags: cve,wordpress,wp-plugin,easy-appointments,medium
+  tags: cve,wordpress,wp-plugin,easy-appointments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-15867-933c9d4b3eacccddbe4abc821f273b41.yaml b/nuclei-templates/2017/CVE-2017-15867-933c9d4b3eacccddbe4abc821f273b41.yaml
index 16489b87fa..c7de3763a3 100644
--- a/nuclei-templates/2017/CVE-2017-15867-933c9d4b3eacccddbe4abc821f273b41.yaml
+++ b/nuclei-templates/2017/CVE-2017-15867-933c9d4b3eacccddbe4abc821f273b41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Login History Plugin <= 1.5.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-login-history/"
     google-query: inurl:"/wp-content/plugins/user-login-history/"
     shodan-query: 'vuln:CVE-2017-15867'
-  tags: cve,wordpress,wp-plugin,user-login-history,medium
+  tags: cve,wordpress,wp-plugin,user-login-history,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-16815-718986dcd5947a1beb7efad526e28827.yaml b/nuclei-templates/2017/CVE-2017-16815-718986dcd5947a1beb7efad526e28827.yaml
index 4401183b8a..82d86f5e57 100644
--- a/nuclei-templates/2017/CVE-2017-16815-718986dcd5947a1beb7efad526e28827.yaml
+++ b/nuclei-templates/2017/CVE-2017-16815-718986dcd5947a1beb7efad526e28827.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicator <= 1.2.28 – Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicator/"
     google-query: inurl:"/wp-content/plugins/duplicator/"
     shodan-query: 'vuln:CVE-2017-16815'
-  tags: cve,wordpress,wp-plugin,duplicator,medium
+  tags: cve,wordpress,wp-plugin,duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-16955-94786cf22c04d1dd0ce4fe28ab98e98a.yaml b/nuclei-templates/2017/CVE-2017-16955-94786cf22c04d1dd0ce4fe28ab98e98a.yaml
index 8ae516601f..23861fd0b9 100644
--- a/nuclei-templates/2017/CVE-2017-16955-94786cf22c04d1dd0ce4fe28ab98e98a.yaml
+++ b/nuclei-templates/2017/CVE-2017-16955-94786cf22c04d1dd0ce4fe28ab98e98a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     InLinks <= 1.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/inlinks/"
     google-query: inurl:"/wp-content/plugins/inlinks/"
     shodan-query: 'vuln:CVE-2017-16955'
-  tags: cve,wordpress,wp-plugin,inlinks,high
+  tags: cve,wordpress,wp-plugin,inlinks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-17059-95db80ffd1d934591e0e0a483a99236e.yaml b/nuclei-templates/2017/CVE-2017-17059-95db80ffd1d934591e0e0a483a99236e.yaml
index 43c0d504a2..3a61d11baf 100644
--- a/nuclei-templates/2017/CVE-2017-17059-95db80ffd1d934591e0e0a483a99236e.yaml
+++ b/nuclei-templates/2017/CVE-2017-17059-95db80ffd1d934591e0e0a483a99236e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     amtyThumb posts <= 8.2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. An attempt to patch this vulnerability was made with 8.2.0, however, it is still exploitable by users who are logged-in.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amty-thumb-recent-post/"
     google-query: inurl:"/wp-content/plugins/amty-thumb-recent-post/"
     shodan-query: 'vuln:CVE-2017-17059'
-  tags: cve,wordpress,wp-plugin,amty-thumb-recent-post,medium
+  tags: cve,wordpress,wp-plugin,amty-thumb-recent-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-17091-3dc787f0bf6215df748b832ffc87f8cd.yaml b/nuclei-templates/2017/CVE-2017-17091-3dc787f0bf6215df748b832ffc87f8cd.yaml
index 188f2c4f63..20e37bcfb1 100644
--- a/nuclei-templates/2017/CVE-2017-17091-3dc787f0bf6215df748b832ffc87f8cd.yaml
+++ b/nuclei-templates/2017/CVE-2017-17091-3dc787f0bf6215df748b832ffc87f8cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.9.1 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-17091
   metadata:
     shodan-query: 'vuln:CVE-2017-17091'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-17092-7665a25ea15e9e9b2d624d595bf5298e.yaml b/nuclei-templates/2017/CVE-2017-17092-7665a25ea15e9e9b2d624d595bf5298e.yaml
index e39beb8ae2..a1b75686ec 100644
--- a/nuclei-templates/2017/CVE-2017-17092-7665a25ea15e9e9b2d624d595bf5298e.yaml
+++ b/nuclei-templates/2017/CVE-2017-17092-7665a25ea15e9e9b2d624d595bf5298e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.9.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-17092
   metadata:
     shodan-query: 'vuln:CVE-2017-17092'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-17093-6afe85808d3f8414da9c4627bea64467.yaml b/nuclei-templates/2017/CVE-2017-17093-6afe85808d3f8414da9c4627bea64467.yaml
index ba9b912e78..02ea8962ea 100644
--- a/nuclei-templates/2017/CVE-2017-17093-6afe85808d3f8414da9c4627bea64467.yaml
+++ b/nuclei-templates/2017/CVE-2017-17093-6afe85808d3f8414da9c4627bea64467.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.9.1- Stored Cross-Site Scripting via Language
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-17093
   metadata:
     shodan-query: 'vuln:CVE-2017-17093'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-17096-3504e7e5ce554ea17877d4ad4d619862.yaml b/nuclei-templates/2017/CVE-2017-17096-3504e7e5ce554ea17877d4ad4d619862.yaml
index dcccc0b139..b51964b4b6 100644
--- a/nuclei-templates/2017/CVE-2017-17096-3504e7e5ce554ea17877d4ad4d619862.yaml
+++ b/nuclei-templates/2017/CVE-2017-17096-3504e7e5ce554ea17877d4ad4d619862.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Cards <= 0.9.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-cards/"
     google-query: inurl:"/wp-content/plugins/content-cards/"
     shodan-query: 'vuln:CVE-2017-17096'
-  tags: cve,wordpress,wp-plugin,content-cards,medium
+  tags: cve,wordpress,wp-plugin,content-cards,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-17451-6435ffbe89f0f4a16cb704e9095f5d40.yaml b/nuclei-templates/2017/CVE-2017-17451-6435ffbe89f0f4a16cb704e9095f5d40.yaml
index 69b2f0f49e..831628f051 100644
--- a/nuclei-templates/2017/CVE-2017-17451-6435ffbe89f0f4a16cb704e9095f5d40.yaml
+++ b/nuclei-templates/2017/CVE-2017-17451-6435ffbe89f0f4a16cb704e9095f5d40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mailster < 1.5.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Mailster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mes' parameter found in the 'view/subscription/unsubscribe2.php' file in versions up to 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mailster/"
     google-query: inurl:"/wp-content/plugins/wp-mailster/"
     shodan-query: 'vuln:CVE-2017-17451'
-  tags: cve,wordpress,wp-plugin,wp-mailster,medium
+  tags: cve,wordpress,wp-plugin,wp-mailster,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-17719-31a7c57e145b1990f031344b13acb01b.yaml b/nuclei-templates/2017/CVE-2017-17719-31a7c57e145b1990f031344b13acb01b.yaml
index 67679bf002..66368287ff 100644
--- a/nuclei-templates/2017/CVE-2017-17719-31a7c57e145b1990f031344b13acb01b.yaml
+++ b/nuclei-templates/2017/CVE-2017-17719-31a7c57e145b1990f031344b13acb01b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Concours <= 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-concours/"
     google-query: inurl:"/wp-content/plugins/wp-concours/"
     shodan-query: 'vuln:CVE-2017-17719'
-  tags: cve,wordpress,wp-plugin,wp-concours,medium
+  tags: cve,wordpress,wp-plugin,wp-concours,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-17744-afd7cbc1a6da1a4ae770134f7fa61d59.yaml b/nuclei-templates/2017/CVE-2017-17744-afd7cbc1a6da1a4ae770134f7fa61d59.yaml
index dccb8fdbfe..6759e0a0c2 100644
--- a/nuclei-templates/2017/CVE-2017-17744-afd7cbc1a6da1a4ae770134f7fa61d59.yaml
+++ b/nuclei-templates/2017/CVE-2017-17744-afd7cbc1a6da1a4ae770134f7fa61d59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Map <= 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-map/"
     google-query: inurl:"/wp-content/plugins/custom-map/"
     shodan-query: 'vuln:CVE-2017-17744'
-  tags: cve,wordpress,wp-plugin,custom-map,medium
+  tags: cve,wordpress,wp-plugin,custom-map,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-17753-888fd755a466f61b6b5975477e6bfb5b.yaml b/nuclei-templates/2017/CVE-2017-17753-888fd755a466f61b6b5975477e6bfb5b.yaml
index 6edc383863..289c51a39b 100644
--- a/nuclei-templates/2017/CVE-2017-17753-888fd755a466f61b6b5975477e6bfb5b.yaml
+++ b/nuclei-templates/2017/CVE-2017-17753-888fd755a466f61b6b5975477e6bfb5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CSV Import Export <= 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/csv-import-export/"
     google-query: inurl:"/wp-content/plugins/csv-import-export/"
     shodan-query: 'vuln:CVE-2017-17753'
-  tags: cve,wordpress,wp-plugin,csv-import-export,medium
+  tags: cve,wordpress,wp-plugin,csv-import-export,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-17780-167d9672411be44feb72a5175fd0987c.yaml b/nuclei-templates/2017/CVE-2017-17780-167d9672411be44feb72a5175fd0987c.yaml
index e4bac94c39..760fe77299 100644
--- a/nuclei-templates/2017/CVE-2017-17780-167d9672411be44feb72a5175fd0987c.yaml
+++ b/nuclei-templates/2017/CVE-2017-17780-167d9672411be44feb72a5175fd0987c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2017-17780
   metadata:
-    fofa-query: "wp-content/plugins/mediaburst-email-to-sms/"
-    google-query: inurl:"/wp-content/plugins/mediaburst-email-to-sms/"
+    fofa-query: "wp-content/plugins/fscf-sms/"
+    google-query: inurl:"/wp-content/plugins/fscf-sms/"
     shodan-query: 'vuln:CVE-2017-17780'
-  tags: cve,wordpress,wp-plugin,mediaburst-email-to-sms,medium
+  tags: cve,wordpress,wp-plugin,fscf-sms,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/mediaburst-email-to-sms/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/fscf-sms/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "mediaburst-email-to-sms"
+          - "fscf-sms"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.0.3')
\ No newline at end of file
+          - compare_versions(version, '<= 2.1.2')
\ No newline at end of file
diff --git a/nuclei-templates/2017/CVE-2017-17869-fe1f1b8568ab900402e4ee21af348064.yaml b/nuclei-templates/2017/CVE-2017-17869-fe1f1b8568ab900402e4ee21af348064.yaml
index bbd4ac6f0d..ba5aac354e 100644
--- a/nuclei-templates/2017/CVE-2017-17869-fe1f1b8568ab900402e4ee21af348064.yaml
+++ b/nuclei-templates/2017/CVE-2017-17869-fe1f1b8568ab900402e4ee21af348064.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     mgl-instagram-gallery Plugin (Unknown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mgl-instagram-gallery/"
     google-query: inurl:"/wp-content/plugins/mgl-instagram-gallery/"
     shodan-query: 'vuln:CVE-2017-17869'
-  tags: cve,wordpress,wp-plugin,mgl-instagram-gallery,medium
+  tags: cve,wordpress,wp-plugin,mgl-instagram-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18010-5d316e62377c24672c816fca478bdf84.yaml b/nuclei-templates/2017/CVE-2017-18010-5d316e62377c24672c816fca478bdf84.yaml
index d17806ee62..26f59e3980 100644
--- a/nuclei-templates/2017/CVE-2017-18010-5d316e62377c24672c816fca478bdf84.yaml
+++ b/nuclei-templates/2017/CVE-2017-18010-5d316e62377c24672c816fca478bdf84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Marketing SMS and Newsletters Forms < 2.0.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-marketing-for-wp/"
     google-query: inurl:"/wp-content/plugins/smart-marketing-for-wp/"
     shodan-query: 'vuln:CVE-2017-18010'
-  tags: cve,wordpress,wp-plugin,smart-marketing-for-wp,medium
+  tags: cve,wordpress,wp-plugin,smart-marketing-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18011-9960c486a0af8a01fba712be84f42610.yaml b/nuclei-templates/2017/CVE-2017-18011-9960c486a0af8a01fba712be84f42610.yaml
index 40d671a075..538bbf872b 100644
--- a/nuclei-templates/2017/CVE-2017-18011-9960c486a0af8a01fba712be84f42610.yaml
+++ b/nuclei-templates/2017/CVE-2017-18011-9960c486a0af8a01fba712be84f42610.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Affiliate Ads for Clickbank Products < 1.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Affiliate Ads for Clickbank Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'border_color' parameter found in the text_ads_ajax.php file in versions up to to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliate-ads-builder-for-clickbank-products/"
     google-query: inurl:"/wp-content/plugins/affiliate-ads-builder-for-clickbank-products/"
     shodan-query: 'vuln:CVE-2017-18011'
-  tags: cve,wordpress,wp-plugin,affiliate-ads-builder-for-clickbank-products,medium
+  tags: cve,wordpress,wp-plugin,affiliate-ads-builder-for-clickbank-products,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18012-7afc53a437871814faec30b27e8447a5.yaml b/nuclei-templates/2017/CVE-2017-18012-7afc53a437871814faec30b27e8447a5.yaml
index b68d676135..b294bdb660 100644
--- a/nuclei-templates/2017/CVE-2017-18012-7afc53a437871814faec30b27e8447a5.yaml
+++ b/nuclei-templates/2017/CVE-2017-18012-7afc53a437871814faec30b27e8447a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Z-URL Preview <= 1.6.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/z-url-preview/"
     google-query: inurl:"/wp-content/plugins/z-url-preview/"
     shodan-query: 'vuln:CVE-2017-18012'
-  tags: cve,wordpress,wp-plugin,z-url-preview,medium
+  tags: cve,wordpress,wp-plugin,z-url-preview,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18015-7bc3b9cd6e8ea033c22ca8523f43d4e5.yaml b/nuclei-templates/2017/CVE-2017-18015-7bc3b9cd6e8ea033c22ca8523f43d4e5.yaml
index 0232a15f79..662393217d 100644
--- a/nuclei-templates/2017/CVE-2017-18015-7bc3b9cd6e8ea033c22ca8523f43d4e5.yaml
+++ b/nuclei-templates/2017/CVE-2017-18015-7bc3b9cd6e8ea033c22ca8523f43d4e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Share This Image < 1.04 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/share-this-image/"
     google-query: inurl:"/wp-content/plugins/share-this-image/"
     shodan-query: 'vuln:CVE-2017-18015'
-  tags: cve,wordpress,wp-plugin,share-this-image,medium
+  tags: cve,wordpress,wp-plugin,share-this-image,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18032-dc6aa910a851ae74e5606d96e36b1052.yaml b/nuclei-templates/2017/CVE-2017-18032-dc6aa910a851ae74e5606d96e36b1052.yaml
index f1483af695..3521b3e71d 100644
--- a/nuclei-templates/2017/CVE-2017-18032-dc6aa910a851ae74e5606d96e36b1052.yaml
+++ b/nuclei-templates/2017/CVE-2017-18032-dc6aa910a851ae74e5606d96e36b1052.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 2.9.51 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2017-18032'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18356-aca82f89029d85161f52ea200f7cad49.yaml b/nuclei-templates/2017/CVE-2017-18356-aca82f89029d85161f52ea200f7cad49.yaml
index a3c1edb597..1266c4eac3 100644
--- a/nuclei-templates/2017/CVE-2017-18356-aca82f89029d85161f52ea200f7cad49.yaml
+++ b/nuclei-templates/2017/CVE-2017-18356-aca82f89029d85161f52ea200f7cad49.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 3.2.3 - Authenticated PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:CVE-2017-18356'
-  tags: cve,wordpress,wp-plugin,woocommerce,high
+  tags: cve,wordpress,wp-plugin,woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18487-4e7aa84fdbb125f3fa6adbf786ab8d90.yaml b/nuclei-templates/2017/CVE-2017-18487-4e7aa84fdbb125f3fa6adbf786ab8d90.yaml
index bdd9ecde60..887c24599d 100644
--- a/nuclei-templates/2017/CVE-2017-18487-4e7aa84fdbb125f3fa6adbf786ab8d90.yaml
+++ b/nuclei-templates/2017/CVE-2017-18487-4e7aa84fdbb125f3fa6adbf786ab8d90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdPush <= 1.43 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AdPush plugin for WordPress is vulnerable to multiple Cross-Site Scripting in versions up to, and including, 1.43 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adsense-plugin/"
     google-query: inurl:"/wp-content/plugins/adsense-plugin/"
     shodan-query: 'vuln:CVE-2017-18487'
-  tags: cve,wordpress,wp-plugin,adsense-plugin,medium
+  tags: cve,wordpress,wp-plugin,adsense-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18488-ec758abe67d8493d911d656fdfa690f2.yaml b/nuclei-templates/2017/CVE-2017-18488-ec758abe67d8493d911d656fdfa690f2.yaml
index e522c8b871..0d88de232c 100644
--- a/nuclei-templates/2017/CVE-2017-18488-ec758abe67d8493d911d656fdfa690f2.yaml
+++ b/nuclei-templates/2017/CVE-2017-18488-ec758abe67d8493d911d656fdfa690f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup Guard <= 1.1.46 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup/"
     google-query: inurl:"/wp-content/plugins/backup/"
     shodan-query: 'vuln:CVE-2017-18488'
-  tags: cve,wordpress,wp-plugin,backup,medium
+  tags: cve,wordpress,wp-plugin,backup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18492-008dc0e9968f6799131ae4b8b208b112.yaml b/nuclei-templates/2017/CVE-2017-18492-008dc0e9968f6799131ae4b8b208b112.yaml
index 236a310445..a95b2d23f7 100644
--- a/nuclei-templates/2017/CVE-2017-18492-008dc0e9968f6799131ae4b8b208b112.yaml
+++ b/nuclei-templates/2017/CVE-2017-18492-008dc0e9968f6799131ae4b8b208b112.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form to DB <= 1.5.6 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form to DB plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-db/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-db/"
     shodan-query: 'vuln:CVE-2017-18492'
-  tags: cve,wordpress,wp-plugin,contact-form-to-db,medium
+  tags: cve,wordpress,wp-plugin,contact-form-to-db,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18495-8536de3de245d6a4ab6eeac77e95e618.yaml b/nuclei-templates/2017/CVE-2017-18495-8536de3de245d6a4ab6eeac77e95e618.yaml
index eb94f1bfb1..4d5abc3bc6 100644
--- a/nuclei-templates/2017/CVE-2017-18495-8536de3de245d6a4ab6eeac77e95e618.yaml
+++ b/nuclei-templates/2017/CVE-2017-18495-8536de3de245d6a4ab6eeac77e95e618.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clockwork SMS Notfications < 2.4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The gravity-forms-sms-notifications plugin before 2.4.2 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mediaburst-email-to-sms/"
     google-query: inurl:"/wp-content/plugins/mediaburst-email-to-sms/"
     shodan-query: 'vuln:CVE-2017-18495'
-  tags: cve,wordpress,wp-plugin,mediaburst-email-to-sms,medium
+  tags: cve,wordpress,wp-plugin,mediaburst-email-to-sms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18497-fbafef1583d66ee6ba3521f29ba434a8.yaml b/nuclei-templates/2017/CVE-2017-18497-fbafef1583d66ee6ba3521f29ba434a8.yaml
index 41c323f59a..6715bc8e6d 100644
--- a/nuclei-templates/2017/CVE-2017-18497-fbafef1583d66ee6ba3521f29ba434a8.yaml
+++ b/nuclei-templates/2017/CVE-2017-18497-fbafef1583d66ee6ba3521f29ba434a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms <= 3.2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The liveforms plugin before 3.4.0 for WordPress has XSS via several parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/liveforms/"
     google-query: inurl:"/wp-content/plugins/liveforms/"
     shodan-query: 'vuln:CVE-2017-18497'
-  tags: cve,wordpress,wp-plugin,liveforms,medium
+  tags: cve,wordpress,wp-plugin,liveforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18499-d87695af989823f3f60bb3499466b104.yaml b/nuclei-templates/2017/CVE-2017-18499-d87695af989823f3f60bb3499466b104.yaml
index 6212850003..9768c2f317 100644
--- a/nuclei-templates/2017/CVE-2017-18499-d87695af989823f3f60bb3499466b104.yaml
+++ b/nuclei-templates/2017/CVE-2017-18499-d87695af989823f3f60bb3499466b104.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership <= 3.5.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Membership plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.5.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership/"
     google-query: inurl:"/wp-content/plugins/simple-membership/"
     shodan-query: 'vuln:CVE-2017-18499'
-  tags: cve,wordpress,wp-plugin,simple-membership,medium
+  tags: cve,wordpress,wp-plugin,simple-membership,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18501-70c3e0a35f7627ffa035ef5b1d41e423.yaml b/nuclei-templates/2017/CVE-2017-18501-70c3e0a35f7627ffa035ef5b1d41e423.yaml
index 1258f1bfd4..f2e07674f5 100644
--- a/nuclei-templates/2017/CVE-2017-18501-70c3e0a35f7627ffa035ef5b1d41e423.yaml
+++ b/nuclei-templates/2017/CVE-2017-18501-70c3e0a35f7627ffa035ef5b1d41e423.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Login by BestWebSoft <= 0.1 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Login by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-login-bws/"
     google-query: inurl:"/wp-content/plugins/social-login-bws/"
     shodan-query: 'vuln:CVE-2017-18501'
-  tags: cve,wordpress,wp-plugin,social-login-bws,medium
+  tags: cve,wordpress,wp-plugin,social-login-bws,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18502-6e4e8347273d5c0e2b6b13d913498882.yaml b/nuclei-templates/2017/CVE-2017-18502-6e4e8347273d5c0e2b6b13d913498882.yaml
index 3be3068de4..f79950817e 100644
--- a/nuclei-templates/2017/CVE-2017-18502-6e4e8347273d5c0e2b6b13d913498882.yaml
+++ b/nuclei-templates/2017/CVE-2017-18502-6e4e8347273d5c0e2b6b13d913498882.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Subscriber by BestWebSoft <= 1.3.4 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/subscriber/"
     google-query: inurl:"/wp-content/plugins/subscriber/"
     shodan-query: 'vuln:CVE-2017-18502'
-  tags: cve,wordpress,wp-plugin,subscriber,medium
+  tags: cve,wordpress,wp-plugin,subscriber,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18503-f47b58aa7a47ddf3e1cee744a91d58ee.yaml b/nuclei-templates/2017/CVE-2017-18503-f47b58aa7a47ddf3e1cee744a91d58ee.yaml
index fb8a5db958..b05834c705 100644
--- a/nuclei-templates/2017/CVE-2017-18503-f47b58aa7a47ddf3e1cee744a91d58ee.yaml
+++ b/nuclei-templates/2017/CVE-2017-18503-f47b58aa7a47ddf3e1cee744a91d58ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Twitter Cards Meta – Best Twitter Card Plugin for WordPress < 2.5.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS via several parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twitter-cards-meta/"
     google-query: inurl:"/wp-content/plugins/twitter-cards-meta/"
     shodan-query: 'vuln:CVE-2017-18503'
-  tags: cve,wordpress,wp-plugin,twitter-cards-meta,medium
+  tags: cve,wordpress,wp-plugin,twitter-cards-meta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18504-61a96d10635962decc1ce6046743090a.yaml b/nuclei-templates/2017/CVE-2017-18504-61a96d10635962decc1ce6046743090a.yaml
index 4073e0a1c9..090a837e6c 100644
--- a/nuclei-templates/2017/CVE-2017-18504-61a96d10635962decc1ce6046743090a.yaml
+++ b/nuclei-templates/2017/CVE-2017-18504-61a96d10635962decc1ce6046743090a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Twitter Cards Meta <= 2.4.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Twitter Cards Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.5. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to gain administrative privileges and execute otherwise restricted actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twitter-cards-meta/"
     google-query: inurl:"/wp-content/plugins/twitter-cards-meta/"
     shodan-query: 'vuln:CVE-2017-18504'
-  tags: cve,wordpress,wp-plugin,twitter-cards-meta,high
+  tags: cve,wordpress,wp-plugin,twitter-cards-meta,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18505-df50b4bafe4c4501f744155f1ffc2d55.yaml b/nuclei-templates/2017/CVE-2017-18505-df50b4bafe4c4501f744155f1ffc2d55.yaml
index 8834d15cfc..2de60046ec 100644
--- a/nuclei-templates/2017/CVE-2017-18505-df50b4bafe4c4501f744155f1ffc2d55.yaml
+++ b/nuclei-templates/2017/CVE-2017-18505-df50b4bafe4c4501f744155f1ffc2d55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BestWebSoft's Twitter < 2.55 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BestWebSoft's Twitter plugin before 2.55 for WordPress has XSS via several parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twitter-plugin/"
     google-query: inurl:"/wp-content/plugins/twitter-plugin/"
     shodan-query: 'vuln:CVE-2017-18505'
-  tags: cve,wordpress,wp-plugin,twitter-plugin,medium
+  tags: cve,wordpress,wp-plugin,twitter-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18506-7e729c66876df948651c9d3837d1f01c.yaml b/nuclei-templates/2017/CVE-2017-18506-7e729c66876df948651c9d3837d1f01c.yaml
index 5dce88991c..5ba07332f5 100644
--- a/nuclei-templates/2017/CVE-2017-18506-7e729c66876df948651c9d3837d1f01c.yaml
+++ b/nuclei-templates/2017/CVE-2017-18506-7e729c66876df948651c9d3837d1f01c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce PDF Invoices & Packing Slips <= 2.0.12 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/"
     google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/"
     shodan-query: 'vuln:CVE-2017-18506'
-  tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18507-0afdcc5a66b8604c315ccd15a101d49e.yaml b/nuclei-templates/2017/CVE-2017-18507-0afdcc5a66b8604c315ccd15a101d49e.yaml
index 5a395fff65..feffce7bce 100644
--- a/nuclei-templates/2017/CVE-2017-18507-0afdcc5a66b8604c315ccd15a101d49e.yaml
+++ b/nuclei-templates/2017/CVE-2017-18507-0afdcc5a66b8604c315ccd15a101d49e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Live Chat Support <= 7.1.04 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:CVE-2017-18507'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18508-e810e3355fe67bdcfcad0632d29d1e56.yaml b/nuclei-templates/2017/CVE-2017-18508-e810e3355fe67bdcfcad0632d29d1e56.yaml
index 395942cd15..4ccfdf4541 100644
--- a/nuclei-templates/2017/CVE-2017-18508-e810e3355fe67bdcfcad0632d29d1e56.yaml
+++ b/nuclei-templates/2017/CVE-2017-18508-e810e3355fe67bdcfcad0632d29d1e56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Live Chat Support <= 7.1.02 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:CVE-2017-18508'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18510-aea09105f0f61d6ceb820ac11ed09e51.yaml b/nuclei-templates/2017/CVE-2017-18510-aea09105f0f61d6ceb820ac11ed09e51.yaml
index cc381ed895..751c45289d 100644
--- a/nuclei-templates/2017/CVE-2017-18510-aea09105f0f61d6ceb820ac11ed09e51.yaml
+++ b/nuclei-templates/2017/CVE-2017-18510-aea09105f0f61d6ceb820ac11ed09e51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Sidebars <= 3.0.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-sidebars/"
     google-query: inurl:"/wp-content/plugins/custom-sidebars/"
     shodan-query: 'vuln:CVE-2017-18510'
-  tags: cve,wordpress,wp-plugin,custom-sidebars,high
+  tags: cve,wordpress,wp-plugin,custom-sidebars,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18511-e7cf3375d8a38efd1be42356dbb74de4.yaml b/nuclei-templates/2017/CVE-2017-18511-e7cf3375d8a38efd1be42356dbb74de4.yaml
index 76ef3a45ea..25eb47f0cd 100644
--- a/nuclei-templates/2017/CVE-2017-18511-e7cf3375d8a38efd1be42356dbb74de4.yaml
+++ b/nuclei-templates/2017/CVE-2017-18511-e7cf3375d8a38efd1be42356dbb74de4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Sidebars <= 3.0.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-sidebars/"
     google-query: inurl:"/wp-content/plugins/custom-sidebars/"
     shodan-query: 'vuln:CVE-2017-18511'
-  tags: cve,wordpress,wp-plugin,custom-sidebars,high
+  tags: cve,wordpress,wp-plugin,custom-sidebars,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18512-62fd42906a2acfa6303c130d21470bd3.yaml b/nuclei-templates/2017/CVE-2017-18512-62fd42906a2acfa6303c130d21470bd3.yaml
index 66565eeec6..4b39cecb9d 100644
--- a/nuclei-templates/2017/CVE-2017-18512-62fd42906a2acfa6303c130d21470bd3.yaml
+++ b/nuclei-templates/2017/CVE-2017-18512-62fd42906a2acfa6303c130d21470bd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter by Supsystic < 1.1.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletter-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/newsletter-by-supsystic/"
     shodan-query: 'vuln:CVE-2017-18512'
-  tags: cve,wordpress,wp-plugin,newsletter-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,newsletter-by-supsystic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18513-05079d9697e3f59f6cb3b3fffd76d6cd.yaml b/nuclei-templates/2017/CVE-2017-18513-05079d9697e3f59f6cb3b3fffd76d6cd.yaml
index 92c4861d1c..8b0eee7bc3 100644
--- a/nuclei-templates/2017/CVE-2017-18513-05079d9697e3f59f6cb3b3fffd76d6cd.yaml
+++ b/nuclei-templates/2017/CVE-2017-18513-05079d9697e3f59f6cb3b3fffd76d6cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Menu <= 3.1.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-menu/"
     google-query: inurl:"/wp-content/plugins/responsive-menu/"
     shodan-query: 'vuln:CVE-2017-18513'
-  tags: cve,wordpress,wp-plugin,responsive-menu,high
+  tags: cve,wordpress,wp-plugin,responsive-menu,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18515-4533ca9d47b3b4f7b077cc893cacad61.yaml b/nuclei-templates/2017/CVE-2017-18515-4533ca9d47b3b4f7b077cc893cacad61.yaml
index ef63da1d23..14268c6533 100644
--- a/nuclei-templates/2017/CVE-2017-18515-4533ca9d47b3b4f7b077cc893cacad61.yaml
+++ b/nuclei-templates/2017/CVE-2017-18515-4533ca9d47b3b4f7b077cc893cacad61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 12.0.7 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:CVE-2017-18515'
-  tags: cve,wordpress,wp-plugin,wp-statistics,high
+  tags: cve,wordpress,wp-plugin,wp-statistics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18516-b2f000587e20cf237a45ef2d6036a9a0.yaml b/nuclei-templates/2017/CVE-2017-18516-b2f000587e20cf237a45ef2d6036a9a0.yaml
index 8c4aed3192..6aa55098a4 100644
--- a/nuclei-templates/2017/CVE-2017-18516-b2f000587e20cf237a45ef2d6036a9a0.yaml
+++ b/nuclei-templates/2017/CVE-2017-18516-b2f000587e20cf237a45ef2d6036a9a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BestWebSoft's LinkedIn < 1.0.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BestWebSoft's LinkedIn plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bws-linkedin/"
     google-query: inurl:"/wp-content/plugins/bws-linkedin/"
     shodan-query: 'vuln:CVE-2017-18516'
-  tags: cve,wordpress,wp-plugin,bws-linkedin,medium
+  tags: cve,wordpress,wp-plugin,bws-linkedin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18518-6356cf8af8f87c1115ab1b364de5897a.yaml b/nuclei-templates/2017/CVE-2017-18518-6356cf8af8f87c1115ab1b364de5897a.yaml
index a2fe41af74..a6f6b1c8b0 100644
--- a/nuclei-templates/2017/CVE-2017-18518-6356cf8af8f87c1115ab1b364de5897a.yaml
+++ b/nuclei-templates/2017/CVE-2017-18518-6356cf8af8f87c1115ab1b364de5897a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SMTP by BestWebSoft <= 1.0.9 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SMTP by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bws-smtp/"
     google-query: inurl:"/wp-content/plugins/bws-smtp/"
     shodan-query: 'vuln:CVE-2017-18518'
-  tags: cve,wordpress,wp-plugin,bws-smtp,medium
+  tags: cve,wordpress,wp-plugin,bws-smtp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18519-f9650549fbf42fb03bc206714accabe1.yaml b/nuclei-templates/2017/CVE-2017-18519-f9650549fbf42fb03bc206714accabe1.yaml
index 6b2cb8801e..857da74ed2 100644
--- a/nuclei-templates/2017/CVE-2017-18519-f9650549fbf42fb03bc206714accabe1.yaml
+++ b/nuclei-templates/2017/CVE-2017-18519-f9650549fbf42fb03bc206714accabe1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Customer Area <= 7.4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-area/"
     google-query: inurl:"/wp-content/plugins/customer-area/"
     shodan-query: 'vuln:CVE-2017-18519'
-  tags: cve,wordpress,wp-plugin,customer-area,medium
+  tags: cve,wordpress,wp-plugin,customer-area,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18520-2e7b0b07966525201b04f4b815659d00.yaml b/nuclei-templates/2017/CVE-2017-18520-2e7b0b07966525201b04f4b815659d00.yaml
index 88b499df97..374db76b69 100644
--- a/nuclei-templates/2017/CVE-2017-18520-2e7b0b07966525201b04f4b815659d00.yaml
+++ b/nuclei-templates/2017/CVE-2017-18520-2e7b0b07966525201b04f4b815659d00.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Democracy Poll < 5.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/democracy-poll/"
     google-query: inurl:"/wp-content/plugins/democracy-poll/"
     shodan-query: 'vuln:CVE-2017-18520'
-  tags: cve,wordpress,wp-plugin,democracy-poll,medium
+  tags: cve,wordpress,wp-plugin,democracy-poll,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18521-a76e6fad4bf5d5ba93f81a78338ef54e.yaml b/nuclei-templates/2017/CVE-2017-18521-a76e6fad4bf5d5ba93f81a78338ef54e.yaml
index 0a9b9861c2..61a8d8fd32 100644
--- a/nuclei-templates/2017/CVE-2017-18521-a76e6fad4bf5d5ba93f81a78338ef54e.yaml
+++ b/nuclei-templates/2017/CVE-2017-18521-a76e6fad4bf5d5ba93f81a78338ef54e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Democracy Poll <= 5.3.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/democracy-poll/"
     google-query: inurl:"/wp-content/plugins/democracy-poll/"
     shodan-query: 'vuln:CVE-2017-18521'
-  tags: cve,wordpress,wp-plugin,democracy-poll,high
+  tags: cve,wordpress,wp-plugin,democracy-poll,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18522-af90005e3634d51c613c584f0861c0a2.yaml b/nuclei-templates/2017/CVE-2017-18522-af90005e3634d51c613c584f0861c0a2.yaml
index 7b38029371..a6312c9721 100644
--- a/nuclei-templates/2017/CVE-2017-18522-af90005e3634d51c613c584f0861c0a2.yaml
+++ b/nuclei-templates/2017/CVE-2017-18522-af90005e3634d51c613c584f0861c0a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EELV Newsletter < 4.6.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eelv-newsletter/"
     google-query: inurl:"/wp-content/plugins/eelv-newsletter/"
     shodan-query: 'vuln:CVE-2017-18522'
-  tags: cve,wordpress,wp-plugin,eelv-newsletter,medium
+  tags: cve,wordpress,wp-plugin,eelv-newsletter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18523-77b95b2fd3fc9982f02a243980235615.yaml b/nuclei-templates/2017/CVE-2017-18523-77b95b2fd3fc9982f02a243980235615.yaml
index 904e56f240..c39a646de2 100644
--- a/nuclei-templates/2017/CVE-2017-18523-77b95b2fd3fc9982f02a243980235615.yaml
+++ b/nuclei-templates/2017/CVE-2017-18523-77b95b2fd3fc9982f02a243980235615.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EELV Newsletter <= 4.6.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The EELV Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.0. This is due to missing or incorrect nonce validation in the 'eelv-newsletter/trunk/lettreinfo.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eelv-newsletter/"
     google-query: inurl:"/wp-content/plugins/eelv-newsletter/"
     shodan-query: 'vuln:CVE-2017-18523'
-  tags: cve,wordpress,wp-plugin,eelv-newsletter,high
+  tags: cve,wordpress,wp-plugin,eelv-newsletter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18524-924ca2bb4d17021fd01ade1e50b5f40f.yaml b/nuclei-templates/2017/CVE-2017-18524-924ca2bb4d17021fd01ade1e50b5f40f.yaml
index 646fe22929..36ddbeaf61 100644
--- a/nuclei-templates/2017/CVE-2017-18524-924ca2bb4d17021fd01ade1e50b5f40f.yaml
+++ b/nuclei-templates/2017/CVE-2017-18524-924ca2bb4d17021fd01ade1e50b5f40f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Football Pool < 2.6.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/football-pool/"
     google-query: inurl:"/wp-content/plugins/football-pool/"
     shodan-query: 'vuln:CVE-2017-18524'
-  tags: cve,wordpress,wp-plugin,football-pool,medium
+  tags: cve,wordpress,wp-plugin,football-pool,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18525-68c192a64ec1c6719c741f7b5a598887.yaml b/nuclei-templates/2017/CVE-2017-18525-68c192a64ec1c6719c741f7b5a598887.yaml
index e679314d0d..20f7da5b99 100644
--- a/nuclei-templates/2017/CVE-2017-18525-68c192a64ec1c6719c741f7b5a598887.yaml
+++ b/nuclei-templates/2017/CVE-2017-18525-68c192a64ec1c6719c741f7b5a598887.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Max Mega Menu <= 2.3.8 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The megamenu plugin before 2.4 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/megamenu/"
     google-query: inurl:"/wp-content/plugins/megamenu/"
     shodan-query: 'vuln:CVE-2017-18525'
-  tags: cve,wordpress,wp-plugin,megamenu,medium
+  tags: cve,wordpress,wp-plugin,megamenu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18526-61f56b8a3def3b7154a28f2e5a9ff0a6.yaml b/nuclei-templates/2017/CVE-2017-18526-61f56b8a3def3b7154a28f2e5a9ff0a6.yaml
index 6904837c50..078c4d2b9b 100644
--- a/nuclei-templates/2017/CVE-2017-18526-61f56b8a3def3b7154a28f2e5a9ff0a6.yaml
+++ b/nuclei-templates/2017/CVE-2017-18526-61f56b8a3def3b7154a28f2e5a9ff0a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     moreAds SE <= 1.4.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The moreAds SE plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on the 'i' parameter. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/moreads-se/"
     google-query: inurl:"/wp-content/plugins/moreads-se/"
     shodan-query: 'vuln:CVE-2017-18526'
-  tags: cve,wordpress,wp-plugin,moreads-se,medium
+  tags: cve,wordpress,wp-plugin,moreads-se,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18527-b86bab5c8fb0747eadd8257097e9b226.yaml b/nuclei-templates/2017/CVE-2017-18527-b86bab5c8fb0747eadd8257097e9b226.yaml
index e9f1780731..cf926e5741 100644
--- a/nuclei-templates/2017/CVE-2017-18527-b86bab5c8fb0747eadd8257097e9b226.yaml
+++ b/nuclei-templates/2017/CVE-2017-18527-b86bab5c8fb0747eadd8257097e9b226.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pagination by BestWebSoft <= 1.0.6 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Pagination by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagination/"
     google-query: inurl:"/wp-content/plugins/pagination/"
     shodan-query: 'vuln:CVE-2017-18527'
-  tags: cve,wordpress,wp-plugin,pagination,medium
+  tags: cve,wordpress,wp-plugin,pagination,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18528-3c928fa432700e9d8d2c446de566746a.yaml b/nuclei-templates/2017/CVE-2017-18528-3c928fa432700e9d8d2c446de566746a.yaml
index f5bb926439..32f92da4da 100644
--- a/nuclei-templates/2017/CVE-2017-18528-3c928fa432700e9d8d2c446de566746a.yaml
+++ b/nuclei-templates/2017/CVE-2017-18528-3c928fa432700e9d8d2c446de566746a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin <= 1.9.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-print/"
     google-query: inurl:"/wp-content/plugins/pdf-print/"
     shodan-query: 'vuln:CVE-2017-18528'
-  tags: cve,wordpress,wp-plugin,pdf-print,medium
+  tags: cve,wordpress,wp-plugin,pdf-print,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18531-942951937c68cc5db7a5bc776617ab05.yaml b/nuclei-templates/2017/CVE-2017-18531-942951937c68cc5db7a5bc776617ab05.yaml
index a1390e607c..e403519d22 100644
--- a/nuclei-templates/2017/CVE-2017-18531-942951937c68cc5db7a5bc776617ab05.yaml
+++ b/nuclei-templates/2017/CVE-2017-18531-942951937c68cc5db7a5bc776617ab05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Raygun4WP <= 1.8.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/raygun4wp/"
     google-query: inurl:"/wp-content/plugins/raygun4wp/"
     shodan-query: 'vuln:CVE-2017-18531'
-  tags: cve,wordpress,wp-plugin,raygun4wp,medium
+  tags: cve,wordpress,wp-plugin,raygun4wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18533-94ba05091d5c1c002f96ded27dad7e5c.yaml b/nuclei-templates/2017/CVE-2017-18533-94ba05091d5c1c002f96ded27dad7e5c.yaml
index f5cbb1b105..27fc18aa09 100644
--- a/nuclei-templates/2017/CVE-2017-18533-94ba05091d5c1c002f96ded27dad7e5c.yaml
+++ b/nuclei-templates/2017/CVE-2017-18533-94ba05091d5c1c002f96ded27dad7e5c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rimons Twitter Widget <= 1.2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Rimons Twitter Widget plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rimons-twitter-widget/"
     google-query: inurl:"/wp-content/plugins/rimons-twitter-widget/"
     shodan-query: 'vuln:CVE-2017-18533'
-  tags: cve,wordpress,wp-plugin,rimons-twitter-widget,medium
+  tags: cve,wordpress,wp-plugin,rimons-twitter-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18535-43890f1f23768c00ae2a757d58110ef2.yaml b/nuclei-templates/2017/CVE-2017-18535-43890f1f23768c00ae2a757d58110ef2.yaml
index 54686f287c..5ac7b26e17 100644
--- a/nuclei-templates/2017/CVE-2017-18535-43890f1f23768c00ae2a757d58110ef2.yaml
+++ b/nuclei-templates/2017/CVE-2017-18535-43890f1f23768c00ae2a757d58110ef2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SmokeSignal <= 1.2.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The smokesignal plugin before 1.2.7 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smokesignal/"
     google-query: inurl:"/wp-content/plugins/smokesignal/"
     shodan-query: 'vuln:CVE-2017-18535'
-  tags: cve,wordpress,wp-plugin,smokesignal,medium
+  tags: cve,wordpress,wp-plugin,smokesignal,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18536-bdfa460006d70b85bf4366e301016193.yaml b/nuclei-templates/2017/CVE-2017-18536-bdfa460006d70b85bf4366e301016193.yaml
index 2dd4c5dce9..427d1d4a8e 100644
--- a/nuclei-templates/2017/CVE-2017-18536-bdfa460006d70b85bf4366e301016193.yaml
+++ b/nuclei-templates/2017/CVE-2017-18536-bdfa460006d70b85bf4366e301016193.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stop User Enumeration <= 1.3.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stop User Enumeration plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stop-user-enumeration/"
     google-query: inurl:"/wp-content/plugins/stop-user-enumeration/"
     shodan-query: 'vuln:CVE-2017-18536'
-  tags: cve,wordpress,wp-plugin,stop-user-enumeration,medium
+  tags: cve,wordpress,wp-plugin,stop-user-enumeration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18538-09a7bcc8ea30f2211fb747659d8fc0b2.yaml b/nuclei-templates/2017/CVE-2017-18538-09a7bcc8ea30f2211fb747659d8fc0b2.yaml
index 21282f2808..9293f54bf4 100644
--- a/nuclei-templates/2017/CVE-2017-18538-09a7bcc8ea30f2211fb747659d8fc0b2.yaml
+++ b/nuclei-templates/2017/CVE-2017-18538-09a7bcc8ea30f2211fb747659d8fc0b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebLibrarian < 3.4.8.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front-end short codes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weblibrarian/"
     google-query: inurl:"/wp-content/plugins/weblibrarian/"
     shodan-query: 'vuln:CVE-2017-18538'
-  tags: cve,wordpress,wp-plugin,weblibrarian,medium
+  tags: cve,wordpress,wp-plugin,weblibrarian,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18539-078737c487b7cb7dd59dfa47479456c5.yaml b/nuclei-templates/2017/CVE-2017-18539-078737c487b7cb7dd59dfa47479456c5.yaml
index ab3478be83..745dd3d178 100644
--- a/nuclei-templates/2017/CVE-2017-18539-078737c487b7cb7dd59dfa47479456c5.yaml
+++ b/nuclei-templates/2017/CVE-2017-18539-078737c487b7cb7dd59dfa47479456c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebLibrarian < 3.4.8.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weblibrarian/"
     google-query: inurl:"/wp-content/plugins/weblibrarian/"
     shodan-query: 'vuln:CVE-2017-18539'
-  tags: cve,wordpress,wp-plugin,weblibrarian,medium
+  tags: cve,wordpress,wp-plugin,weblibrarian,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18540-721a4bb5a70d51824521f6e59c15ccd0.yaml b/nuclei-templates/2017/CVE-2017-18540-721a4bb5a70d51824521f6e59c15ccd0.yaml
index 93ea18b212..4e5603cb52 100644
--- a/nuclei-templates/2017/CVE-2017-18540-721a4bb5a70d51824521f6e59c15ccd0.yaml
+++ b/nuclei-templates/2017/CVE-2017-18540-721a4bb5a70d51824521f6e59c15ccd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebLibrarian < 3.4.8.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weblibrarian/"
     google-query: inurl:"/wp-content/plugins/weblibrarian/"
     shodan-query: 'vuln:CVE-2017-18540'
-  tags: cve,wordpress,wp-plugin,weblibrarian,medium
+  tags: cve,wordpress,wp-plugin,weblibrarian,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18541-0d6d2e1e75a3d7c24aa16b9420abf358.yaml b/nuclei-templates/2017/CVE-2017-18541-0d6d2e1e75a3d7c24aa16b9420abf358.yaml
index 6097072a9b..96052fa217 100644
--- a/nuclei-templates/2017/CVE-2017-18541-0d6d2e1e75a3d7c24aa16b9420abf358.yaml
+++ b/nuclei-templates/2017/CVE-2017-18541-0d6d2e1e75a3d7c24aa16b9420abf358.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XO Security < 1.5.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The xo-security plugin before 1.5.3 for WordPress has XSS via 'password' parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xo-security/"
     google-query: inurl:"/wp-content/plugins/xo-security/"
     shodan-query: 'vuln:CVE-2017-18541'
-  tags: cve,wordpress,wp-plugin,xo-security,medium
+  tags: cve,wordpress,wp-plugin,xo-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18542-83e7004306bfbb58dbc0b94ba733c14a.yaml b/nuclei-templates/2017/CVE-2017-18542-83e7004306bfbb58dbc0b94ba733c14a.yaml
index 3baed514fb..405438162d 100644
--- a/nuclei-templates/2017/CVE-2017-18542-83e7004306bfbb58dbc0b94ba733c14a.yaml
+++ b/nuclei-templates/2017/CVE-2017-18542-83e7004306bfbb58dbc0b94ba733c14a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Help Center by BestWebSoft <= 1.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Help Center by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zendesk-help-center/"
     google-query: inurl:"/wp-content/plugins/zendesk-help-center/"
     shodan-query: 'vuln:CVE-2017-18542'
-  tags: cve,wordpress,wp-plugin,zendesk-help-center,medium
+  tags: cve,wordpress,wp-plugin,zendesk-help-center,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18544-378de5a4c8a761e6f865e9b293282366.yaml b/nuclei-templates/2017/CVE-2017-18544-378de5a4c8a761e6f865e9b293282366.yaml
index 5a33837980..089581be2d 100644
--- a/nuclei-templates/2017/CVE-2017-18544-378de5a4c8a761e6f865e9b293282366.yaml
+++ b/nuclei-templates/2017/CVE-2017-18544-378de5a4c8a761e6f865e9b293282366.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Invite Anyone < 1.3.16 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Invite Anyone plugin before 1.3.16 for WordPress has admin-panel CSRF. The plugin’s setting pages had a vulnerability found in the nonce, which is used to prevent CSRF, but when the settings are saved there was no check to a validate if a nonce was included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/invite-anyone/"
     google-query: inurl:"/wp-content/plugins/invite-anyone/"
     shodan-query: 'vuln:CVE-2017-18544'
-  tags: cve,wordpress,wp-plugin,invite-anyone,high
+  tags: cve,wordpress,wp-plugin,invite-anyone,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18546-a6cb60a315c6c7a94894e2123d4f4da7.yaml b/nuclei-templates/2017/CVE-2017-18546-a6cb60a315c6c7a94894e2123d4f4da7.yaml
index 31edaedaa2..0f454adbd4 100644
--- a/nuclei-templates/2017/CVE-2017-18546-a6cb60a315c6c7a94894e2123d4f4da7.yaml
+++ b/nuclei-templates/2017/CVE-2017-18546-a6cb60a315c6c7a94894e2123d4f4da7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jayj Quicktag < 1.3.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jayj-quicktag/"
     google-query: inurl:"/wp-content/plugins/jayj-quicktag/"
     shodan-query: 'vuln:CVE-2017-18546'
-  tags: cve,wordpress,wp-plugin,jayj-quicktag,high
+  tags: cve,wordpress,wp-plugin,jayj-quicktag,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18547-a591950f40f9d0373366c6581aa5c23f.yaml b/nuclei-templates/2017/CVE-2017-18547-a591950f40f9d0373366c6581aa5c23f.yaml
index fde8f07a5e..666c38d9ab 100644
--- a/nuclei-templates/2017/CVE-2017-18547-a591950f40f9d0373366c6581aa5c23f.yaml
+++ b/nuclei-templates/2017/CVE-2017-18547-a591950f40f9d0373366c6581aa5c23f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nelio AB Testing < 4.6.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nelio-ab-testing/"
     google-query: inurl:"/wp-content/plugins/nelio-ab-testing/"
     shodan-query: 'vuln:CVE-2017-18547'
-  tags: cve,wordpress,wp-plugin,nelio-ab-testing,high
+  tags: cve,wordpress,wp-plugin,nelio-ab-testing,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18554-8f9bc8ffd93a472c3d732de50d85129c.yaml b/nuclei-templates/2017/CVE-2017-18554-8f9bc8ffd93a472c3d732de50d85129c.yaml
index 0a320497bb..27dd81a206 100644
--- a/nuclei-templates/2017/CVE-2017-18554-8f9bc8ffd93a472c3d732de50d85129c.yaml
+++ b/nuclei-templates/2017/CVE-2017-18554-8f9bc8ffd93a472c3d732de50d85129c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Analytics Tracker <= 1.1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Analytics Tracker plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/analytics-tracker/"
     google-query: inurl:"/wp-content/plugins/analytics-tracker/"
     shodan-query: 'vuln:CVE-2017-18554'
-  tags: cve,wordpress,wp-plugin,analytics-tracker,medium
+  tags: cve,wordpress,wp-plugin,analytics-tracker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18556-1758588699ac13a0da770bd7cd456b77.yaml b/nuclei-templates/2017/CVE-2017-18556-1758588699ac13a0da770bd7cd456b77.yaml
index cf4c8e94d7..1328faba39 100644
--- a/nuclei-templates/2017/CVE-2017-18556-1758588699ac13a0da770bd7cd456b77.yaml
+++ b/nuclei-templates/2017/CVE-2017-18556-1758588699ac13a0da770bd7cd456b77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Analytics <= 1.7.0 -  Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Analytics plugin is vulnerable to multiple Cross-Site Scripting vulnerabilities in versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bws-google-analytics/"
     google-query: inurl:"/wp-content/plugins/bws-google-analytics/"
     shodan-query: 'vuln:CVE-2017-18556'
-  tags: cve,wordpress,wp-plugin,bws-google-analytics,medium
+  tags: cve,wordpress,wp-plugin,bws-google-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18559-6e2fc253c488c9fb6b9867ac9b52ef35.yaml b/nuclei-templates/2017/CVE-2017-18559-6e2fc253c488c9fb6b9867ac9b52ef35.yaml
index 5e83c1d025..dd885b6261 100644
--- a/nuclei-templates/2017/CVE-2017-18559-6e2fc253c488c9fb6b9867ac9b52ef35.yaml
+++ b/nuclei-templates/2017/CVE-2017-18559-6e2fc253c488c9fb6b9867ac9b52ef35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     cformsII <= 14.13.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The cformsII plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 14.13.2 due to insufficient input sanitization and output escaping on the 'switchform', 'pickform', and 'noSub' parameters. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cforms2/"
     google-query: inurl:"/wp-content/plugins/cforms2/"
     shodan-query: 'vuln:CVE-2017-18559'
-  tags: cve,wordpress,wp-plugin,cforms2,medium
+  tags: cve,wordpress,wp-plugin,cforms2,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18561-ce946f2b4359bb7fac48391b993074ae.yaml b/nuclei-templates/2017/CVE-2017-18561-ce946f2b4359bb7fac48391b993074ae.yaml
index a8f1c36ef8..5d2243add7 100644
--- a/nuclei-templates/2017/CVE-2017-18561-ce946f2b4359bb7fac48391b993074ae.yaml
+++ b/nuclei-templates/2017/CVE-2017-18561-ce946f2b4359bb7fac48391b993074ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Embed Images in Comments < 0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The embed-comment-images plugin before 0.6 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embed-comment-images/"
     google-query: inurl:"/wp-content/plugins/embed-comment-images/"
     shodan-query: 'vuln:CVE-2017-18561'
-  tags: cve,wordpress,wp-plugin,embed-comment-images,medium
+  tags: cve,wordpress,wp-plugin,embed-comment-images,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18563-9a3fa62818d09a4c2a4693cadbb72035.yaml b/nuclei-templates/2017/CVE-2017-18563-9a3fa62818d09a4c2a4693cadbb72035.yaml
index e718a99f39..20655630f8 100644
--- a/nuclei-templates/2017/CVE-2017-18563-9a3fa62818d09a4c2a4693cadbb72035.yaml
+++ b/nuclei-templates/2017/CVE-2017-18563-9a3fa62818d09a4c2a4693cadbb72035.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSVP and Event Management Plugin <= 2.3.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rsvp/"
     google-query: inurl:"/wp-content/plugins/rsvp/"
     shodan-query: 'vuln:CVE-2017-18563'
-  tags: cve,wordpress,wp-plugin,rsvp,medium
+  tags: cve,wordpress,wp-plugin,rsvp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18566-19953c61fa61f206c9ea957d11e2d617.yaml b/nuclei-templates/2017/CVE-2017-18566-19953c61fa61f206c9ea957d11e2d617.yaml
index 18ceae6c05..6874f46a08 100644
--- a/nuclei-templates/2017/CVE-2017-18566-19953c61fa61f206c9ea957d11e2d617.yaml
+++ b/nuclei-templates/2017/CVE-2017-18566-19953c61fa61f206c9ea957d11e2d617.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Role <= 1.5.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Role plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-role/"
     google-query: inurl:"/wp-content/plugins/user-role/"
     shodan-query: 'vuln:CVE-2017-18566'
-  tags: cve,wordpress,wp-plugin,user-role,medium
+  tags: cve,wordpress,wp-plugin,user-role,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18567-655d94e53e4a588a8f5f35013abd45f6.yaml b/nuclei-templates/2017/CVE-2017-18567-655d94e53e4a588a8f5f35013abd45f6.yaml
index c2ee865091..bf0dbe1c5b 100644
--- a/nuclei-templates/2017/CVE-2017-18567-655d94e53e4a588a8f5f35013abd45f6.yaml
+++ b/nuclei-templates/2017/CVE-2017-18567-655d94e53e4a588a8f5f35013abd45f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-all-import plugin before 3.4.6 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2017-18567'
-  tags: cve,wordpress,wp-plugin,wp-all-import,medium
+  tags: cve,wordpress,wp-plugin,wp-all-import,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18570-84b6699e5f738c5aa2a22a553abe9531.yaml b/nuclei-templates/2017/CVE-2017-18570-84b6699e5f738c5aa2a22a553abe9531.yaml
index 326ac9735b..d0b229a2c9 100644
--- a/nuclei-templates/2017/CVE-2017-18570-84b6699e5f738c5aa2a22a553abe9531.yaml
+++ b/nuclei-templates/2017/CVE-2017-18570-84b6699e5f738c5aa2a22a553abe9531.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     cformsII <= 14.12.3 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The cformsII plugin for WordPress is vulnerable to generic SQL Injection via Delete Entries or Download Entries in versions up to, and including, 14.12.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for highly-privileged attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cforms2/"
     google-query: inurl:"/wp-content/plugins/cforms2/"
     shodan-query: 'vuln:CVE-2017-18570'
-  tags: cve,wordpress,wp-plugin,cforms2,high
+  tags: cve,wordpress,wp-plugin,cforms2,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18576-a1a48fe23ddfed810a2068245669c30f.yaml b/nuclei-templates/2017/CVE-2017-18576-a1a48fe23ddfed810a2068245669c30f.yaml
index 072f77bd72..abd9d03bee 100644
--- a/nuclei-templates/2017/CVE-2017-18576-a1a48fe23ddfed810a2068245669c30f.yaml
+++ b/nuclei-templates/2017/CVE-2017-18576-a1a48fe23ddfed810a2068245669c30f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Notifier <= 1.2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-notifier/"
     google-query: inurl:"/wp-content/plugins/event-notifier/"
     shodan-query: 'vuln:CVE-2017-18576'
-  tags: cve,wordpress,wp-plugin,event-notifier,medium
+  tags: cve,wordpress,wp-plugin,event-notifier,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18577-324bc23c2f374afaaf9c80c2964d5db4.yaml b/nuclei-templates/2017/CVE-2017-18577-324bc23c2f374afaaf9c80c2964d5db4.yaml
index 0a2c9e664b..c293cc97ce 100644
--- a/nuclei-templates/2017/CVE-2017-18577-324bc23c2f374afaaf9c80c2964d5db4.yaml
+++ b/nuclei-templates/2017/CVE-2017-18577-324bc23c2f374afaaf9c80c2964d5db4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mailchimp For WP <= 4.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-for-wp/"
     google-query: inurl:"/wp-content/plugins/mailchimp-for-wp/"
     shodan-query: 'vuln:CVE-2017-18577'
-  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18578-10ee5b6870d72574cd2ceacdf76db39e.yaml b/nuclei-templates/2017/CVE-2017-18578-10ee5b6870d72574cd2ceacdf76db39e.yaml
index ca27e8378e..e46734930e 100644
--- a/nuclei-templates/2017/CVE-2017-18578-10ee5b6870d72574cd2ceacdf76db39e.yaml
+++ b/nuclei-templates/2017/CVE-2017-18578-10ee5b6870d72574cd2ceacdf76db39e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crafty Social Buttons < 1.5.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS via several parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crafty-social-buttons/"
     google-query: inurl:"/wp-content/plugins/crafty-social-buttons/"
     shodan-query: 'vuln:CVE-2017-18578'
-  tags: cve,wordpress,wp-plugin,crafty-social-buttons,medium
+  tags: cve,wordpress,wp-plugin,crafty-social-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18579-490cf4e76b6c86f1bd637de80c3840f0.yaml b/nuclei-templates/2017/CVE-2017-18579-490cf4e76b6c86f1bd637de80c3840f0.yaml
index 5de24da59e..46d14e23df 100644
--- a/nuclei-templates/2017/CVE-2017-18579-490cf4e76b6c86f1bd637de80c3840f0.yaml
+++ b/nuclei-templates/2017/CVE-2017-18579-490cf4e76b6c86f1bd637de80c3840f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Corner Ad < 1.0.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The corner-ad plugin before 1.0.8 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/corner-ad/"
     google-query: inurl:"/wp-content/plugins/corner-ad/"
     shodan-query: 'vuln:CVE-2017-18579'
-  tags: cve,wordpress,wp-plugin,corner-ad,medium
+  tags: cve,wordpress,wp-plugin,corner-ad,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18580-235127c1445e6eee4f6de6fb13cf776e.yaml b/nuclei-templates/2017/CVE-2017-18580-235127c1445e6eee4f6de6fb13cf776e.yaml
index fb4bf1f859..02dc5af471 100644
--- a/nuclei-templates/2017/CVE-2017-18580-235127c1445e6eee4f6de6fb13cf776e.yaml
+++ b/nuclei-templates/2017/CVE-2017-18580-235127c1445e6eee4f6de6fb13cf776e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Shortcodes Plugin — Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2017-18580'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,high
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18582-f2aba70ce8a44005876e1620c7a6d111.yaml b/nuclei-templates/2017/CVE-2017-18582-f2aba70ce8a44005876e1620c7a6d111.yaml
index 05efaa585a..517a3b657a 100644
--- a/nuclei-templates/2017/CVE-2017-18582-f2aba70ce8a44005876e1620c7a6d111.yaml
+++ b/nuclei-templates/2017/CVE-2017-18582-f2aba70ce8a44005876e1620c7a6d111.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Time Sheets < 1.5.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/time-sheets/"
     google-query: inurl:"/wp-content/plugins/time-sheets/"
     shodan-query: 'vuln:CVE-2017-18582'
-  tags: cve,wordpress,wp-plugin,time-sheets,medium
+  tags: cve,wordpress,wp-plugin,time-sheets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18585-4146040381375fe3470534dfb0d8c368.yaml b/nuclei-templates/2017/CVE-2017-18585-4146040381375fe3470534dfb0d8c368.yaml
index 9e7fe7c50b..00997cd830 100644
--- a/nuclei-templates/2017/CVE-2017-18585-4146040381375fe3470534dfb0d8c368.yaml
+++ b/nuclei-templates/2017/CVE-2017-18585-4146040381375fe3470534dfb0d8c368.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Posts in Page <= 1.2.4 - Authenticated Directory Traversal leading to Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Posts in Page plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 1.2.4 via the [ic_add_posts template] shortcode. This allows contributor-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/posts-in-page/"
     google-query: inurl:"/wp-content/plugins/posts-in-page/"
     shodan-query: 'vuln:CVE-2017-18585'
-  tags: cve,wordpress,wp-plugin,posts-in-page,high
+  tags: cve,wordpress,wp-plugin,posts-in-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18586-20a34e507c4fa6283c8c06e9c7d18117.yaml b/nuclei-templates/2017/CVE-2017-18586-20a34e507c4fa6283c8c06e9c7d18117.yaml
index ce6ea93748..6154f9be8f 100644
--- a/nuclei-templates/2017/CVE-2017-18586-20a34e507c4fa6283c8c06e9c7d18117.yaml
+++ b/nuclei-templates/2017/CVE-2017-18586-20a34e507c4fa6283c8c06e9c7d18117.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Insert Pages < 3.2.4 - Authenticated Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Insert Pages plugin for WordPress is vulnerable to directory traversal via custom template paths in versions before 3.2.4.  This allows editor-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insert-pages/"
     google-query: inurl:"/wp-content/plugins/insert-pages/"
     shodan-query: 'vuln:CVE-2017-18586'
-  tags: cve,wordpress,wp-plugin,insert-pages,medium
+  tags: cve,wordpress,wp-plugin,insert-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18593-c3cfc3a43625bfa414c3f27665757d46.yaml b/nuclei-templates/2017/CVE-2017-18593-c3cfc3a43625bfa414c3f27665757d46.yaml
index f48ca655e9..3d7598714c 100644
--- a/nuclei-templates/2017/CVE-2017-18593-c3cfc3a43625bfa414c3f27665757d46.yaml
+++ b/nuclei-templates/2017/CVE-2017-18593-c3cfc3a43625bfa414c3f27665757d46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UpdraftPlus <= 1.13.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/updraftplus/"
     google-query: inurl:"/wp-content/plugins/updraftplus/"
     shodan-query: 'vuln:CVE-2017-18593'
-  tags: cve,wordpress,wp-plugin,updraftplus,medium
+  tags: cve,wordpress,wp-plugin,updraftplus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18597-8a2f1e9cb4e65657070d3644661c86c5.yaml b/nuclei-templates/2017/CVE-2017-18597-8a2f1e9cb4e65657070d3644661c86c5.yaml
index 1379910645..ee384dfda7 100644
--- a/nuclei-templates/2017/CVE-2017-18597-8a2f1e9cb4e65657070d3644661c86c5.yaml
+++ b/nuclei-templates/2017/CVE-2017-18597-8a2f1e9cb4e65657070d3644661c86c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JTRT Responsive Tables < 4.1.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The JTRT Responsive Tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jtrt-responsive-tables/"
     google-query: inurl:"/wp-content/plugins/jtrt-responsive-tables/"
     shodan-query: 'vuln:CVE-2017-18597'
-  tags: cve,wordpress,wp-plugin,jtrt-responsive-tables,high
+  tags: cve,wordpress,wp-plugin,jtrt-responsive-tables,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18598-e6cabe992a07b751187d2c7299c53fb6.yaml b/nuclei-templates/2017/CVE-2017-18598-e6cabe992a07b751187d2c7299c53fb6.yaml
index c64e93faf9..c25c2b948f 100644
--- a/nuclei-templates/2017/CVE-2017-18598-e6cabe992a07b751187d2c7299c53fb6.yaml
+++ b/nuclei-templates/2017/CVE-2017-18598-e6cabe992a07b751187d2c7299c53fb6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qards (Unspecified Version) - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qards/"
     google-query: inurl:"/wp-content/plugins/qards/"
     shodan-query: 'vuln:CVE-2017-18598'
-  tags: cve,wordpress,wp-plugin,qards,medium
+  tags: cve,wordpress,wp-plugin,qards,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18600-633d0b293826c4a61b61e1d3210e0346.yaml b/nuclei-templates/2017/CVE-2017-18600-633d0b293826c4a61b61e1d3210e0346.yaml
index 507606344c..a3acadab23 100644
--- a/nuclei-templates/2017/CVE-2017-18600-633d0b293826c4a61b61e1d3210e0346.yaml
+++ b/nuclei-templates/2017/CVE-2017-18600-633d0b293826c4a61b61e1d3210e0346.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium WordPress Form Builder <= 3.2.31 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formcraft3/"
     google-query: inurl:"/wp-content/plugins/formcraft3/"
     shodan-query: 'vuln:CVE-2017-18600'
-  tags: cve,wordpress,wp-plugin,formcraft3,medium
+  tags: cve,wordpress,wp-plugin,formcraft3,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18601-1cb146595e5a6af092ba6cf697572ca5.yaml b/nuclei-templates/2017/CVE-2017-18601-1cb146595e5a6af092ba6cf697572ca5.yaml
index aa12c97db9..d7084e8e6b 100644
--- a/nuclei-templates/2017/CVE-2017-18601-1cb146595e5a6af092ba6cf697572ca5.yaml
+++ b/nuclei-templates/2017/CVE-2017-18601-1cb146595e5a6af092ba6cf697572ca5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IBPS Online Exam <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The examapp plugin 1.0 for WordPress has XSS via exam input text fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/examapp/"
     google-query: inurl:"/wp-content/plugins/examapp/"
     shodan-query: 'vuln:CVE-2017-18601'
-  tags: cve,wordpress,wp-plugin,examapp,medium
+  tags: cve,wordpress,wp-plugin,examapp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18602-1c6e8ef696086c4cf5cf1464c84048ce.yaml b/nuclei-templates/2017/CVE-2017-18602-1c6e8ef696086c4cf5cf1464c84048ce.yaml
index c9fa1ed07a..f5fc7442c6 100644
--- a/nuclei-templates/2017/CVE-2017-18602-1c6e8ef696086c4cf5cf1464c84048ce.yaml
+++ b/nuclei-templates/2017/CVE-2017-18602-1c6e8ef696086c4cf5cf1464c84048ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IBPS Online Exam Plugin for WordPress <= 1.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/examapp/"
     google-query: inurl:"/wp-content/plugins/examapp/"
     shodan-query: 'vuln:CVE-2017-18602'
-  tags: cve,wordpress,wp-plugin,examapp,high
+  tags: cve,wordpress,wp-plugin,examapp,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18606-45a743f5d162595c13c7d51a595d52ef.yaml b/nuclei-templates/2017/CVE-2017-18606-45a743f5d162595c13c7d51a595d52ef.yaml
index b373b289fa..a78ceaab15 100644
--- a/nuclei-templates/2017/CVE-2017-18606-45a743f5d162595c13c7d51a595d52ef.yaml
+++ b/nuclei-templates/2017/CVE-2017-18606-45a743f5d162595c13c7d51a595d52ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 5.1.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via avada_portfolio_category_slug parameter saved by the save_permalink_settings() function called via 'admin_init' in versions up to 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2017-18606'
-  tags: cve,wordpress,wp-theme,Avada,medium
+  tags: cve,wordpress,wp-theme,Avada,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18607-ed2bbae23b6c0e2ec39d5d24fb1592c1.yaml b/nuclei-templates/2017/CVE-2017-18607-ed2bbae23b6c0e2ec39d5d24fb1592c1.yaml
index f628533fd6..c1e3615d3f 100644
--- a/nuclei-templates/2017/CVE-2017-18607-ed2bbae23b6c0e2ec39d5d24fb1592c1.yaml
+++ b/nuclei-templates/2017/CVE-2017-18607-ed2bbae23b6c0e2ec39d5d24fb1592c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 5.1.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Avada theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.4. This is due to missing nonce validation on the fusion_builder_importer() function. This makes it possible for unauthenticated attackers to trigger the importer and upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2017-18607'
-  tags: cve,wordpress,wp-theme,Avada,high
+  tags: cve,wordpress,wp-theme,Avada,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18608-ad069f3a56279cbff65458936b83abde.yaml b/nuclei-templates/2017/CVE-2017-18608-ad069f3a56279cbff65458936b83abde.yaml
index 56193a5f8e..0f9bbd4e2f 100644
--- a/nuclei-templates/2017/CVE-2017-18608-ad069f3a56279cbff65458936b83abde.yaml
+++ b/nuclei-templates/2017/CVE-2017-18608-ad069f3a56279cbff65458936b83abde.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spot.IM Comments < 4.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spotim-comments/"
     google-query: inurl:"/wp-content/plugins/spotim-comments/"
     shodan-query: 'vuln:CVE-2017-18608'
-  tags: cve,wordpress,wp-plugin,spotim-comments,medium
+  tags: cve,wordpress,wp-plugin,spotim-comments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18609-b42951305c8f37d90390c15daed2c5f3.yaml b/nuclei-templates/2017/CVE-2017-18609-b42951305c8f37d90390c15daed2c5f3.yaml
index eccaec7fc7..91645eeafd 100644
--- a/nuclei-templates/2017/CVE-2017-18609-b42951305c8f37d90390c15daed2c5f3.yaml
+++ b/nuclei-templates/2017/CVE-2017-18609-b42951305c8f37d90390c15daed2c5f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via custom-write-panel-id Parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/magic-fields/"
     google-query: inurl:"/wp-content/plugins/magic-fields/"
     shodan-query: 'vuln:CVE-2017-18609'
-  tags: cve,wordpress,wp-plugin,magic-fields,medium
+  tags: cve,wordpress,wp-plugin,magic-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18610-83aff6544a7c919044e1d77f749ea1cb.yaml b/nuclei-templates/2017/CVE-2017-18610-83aff6544a7c919044e1d77f749ea1cb.yaml
index c7c0b94990..a64a21fd42 100644
--- a/nuclei-templates/2017/CVE-2017-18610-83aff6544a7c919044e1d77f749ea1cb.yaml
+++ b/nuclei-templates/2017/CVE-2017-18610-83aff6544a7c919044e1d77f749ea1cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via RCCWP_CreateCustomFieldPage.php custom-group-id parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/magic-fields/"
     google-query: inurl:"/wp-content/plugins/magic-fields/"
     shodan-query: 'vuln:CVE-2017-18610'
-  tags: cve,wordpress,wp-plugin,magic-fields,medium
+  tags: cve,wordpress,wp-plugin,magic-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18611-57123cd71067e91d2b8fed604519bb45.yaml b/nuclei-templates/2017/CVE-2017-18611-57123cd71067e91d2b8fed604519bb45.yaml
index d01885a2c6..b345101b37 100644
--- a/nuclei-templates/2017/CVE-2017-18611-57123cd71067e91d2b8fed604519bb45.yaml
+++ b/nuclei-templates/2017/CVE-2017-18611-57123cd71067e91d2b8fed604519bb45.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via RCCWP_CreateCustomFieldPage.php custom-field-css parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/magic-fields/"
     google-query: inurl:"/wp-content/plugins/magic-fields/"
     shodan-query: 'vuln:CVE-2017-18611'
-  tags: cve,wordpress,wp-plugin,magic-fields,medium
+  tags: cve,wordpress,wp-plugin,magic-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18613-68ca9f8a242a5c678fbfe7eb11cba349.yaml b/nuclei-templates/2017/CVE-2017-18613-68ca9f8a242a5c678fbfe7eb11cba349.yaml
index ddc3aeb980..3916d24b5f 100644
--- a/nuclei-templates/2017/CVE-2017-18613-68ca9f8a242a5c678fbfe7eb11cba349.yaml
+++ b/nuclei-templates/2017/CVE-2017-18613-68ca9f8a242a5c678fbfe7eb11cba349.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Trust Form <= 2.0.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/trust-form/"
     google-query: inurl:"/wp-content/plugins/trust-form/"
     shodan-query: 'vuln:CVE-2017-18613'
-  tags: cve,wordpress,wp-plugin,trust-form,medium
+  tags: cve,wordpress,wp-plugin,trust-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18614-738043af82effea7b721b2ac598247ee.yaml b/nuclei-templates/2017/CVE-2017-18614-738043af82effea7b721b2ac598247ee.yaml
index 740a005ac6..0dafb070d4 100644
--- a/nuclei-templates/2017/CVE-2017-18614-738043af82effea7b721b2ac598247ee.yaml
+++ b/nuclei-templates/2017/CVE-2017-18614-738043af82effea7b721b2ac598247ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kama Click Counter <= 3.4.9 - Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kama-clic-counter/"
     google-query: inurl:"/wp-content/plugins/kama-clic-counter/"
     shodan-query: 'vuln:CVE-2017-18614'
-  tags: cve,wordpress,wp-plugin,kama-clic-counter,high
+  tags: cve,wordpress,wp-plugin,kama-clic-counter,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18615-703cbb2bd8ca38850245b92d6dc648dc.yaml b/nuclei-templates/2017/CVE-2017-18615-703cbb2bd8ca38850245b92d6dc648dc.yaml
index 8f3fb5f868..d848aac9c1 100644
--- a/nuclei-templates/2017/CVE-2017-18615-703cbb2bd8ca38850245b92d6dc648dc.yaml
+++ b/nuclei-templates/2017/CVE-2017-18615-703cbb2bd8ca38850245b92d6dc648dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kama Click Counter <= 3.4.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Kama Click Counter plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthorized attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kama-clic-counter/"
     google-query: inurl:"/wp-content/plugins/kama-clic-counter/"
     shodan-query: 'vuln:CVE-2017-18615'
-  tags: cve,wordpress,wp-plugin,kama-clic-counter,medium
+  tags: cve,wordpress,wp-plugin,kama-clic-counter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-18634-f7df930f39831ca9c998366434d0f175.yaml b/nuclei-templates/2017/CVE-2017-18634-f7df930f39831ca9c998366434d0f175.yaml
index 6d58ec2433..341b2b2925 100644
--- a/nuclei-templates/2017/CVE-2017-18634-f7df930f39831ca9c998366434d0f175.yaml
+++ b/nuclei-templates/2017/CVE-2017-18634-f7df930f39831ca9c998366434d0f175.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newspaper - News & WooCommerce WordPress Theme < 6.7.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Newspaper/"
     google-query: inurl:"/wp-content/themes/Newspaper/"
     shodan-query: 'vuln:CVE-2017-18634'
-  tags: cve,wordpress,wp-theme,Newspaper,medium
+  tags: cve,wordpress,wp-theme,Newspaper,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-20053-362c09e706e4df3c312dbda6ffdf171c.yaml b/nuclei-templates/2017/CVE-2017-20053-362c09e706e4df3c312dbda6ffdf171c.yaml
index 88dd043c7e..9026bac515 100644
--- a/nuclei-templates/2017/CVE-2017-20053-362c09e706e4df3c312dbda6ffdf171c.yaml
+++ b/nuclei-templates/2017/CVE-2017-20053-362c09e706e4df3c312dbda6ffdf171c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Manager <= 1.4.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-manager/"
     google-query: inurl:"/wp-content/plugins/contact-form-manager/"
     shodan-query: 'vuln:CVE-2017-20053'
-  tags: cve,wordpress,wp-plugin,contact-form-manager,high
+  tags: cve,wordpress,wp-plugin,contact-form-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-20054-dd0f7c53e188e7bf56ca28fcdda5f28e.yaml b/nuclei-templates/2017/CVE-2017-20054-dd0f7c53e188e7bf56ca28fcdda5f28e.yaml
index e306f94bd8..633baa9dfb 100644
--- a/nuclei-templates/2017/CVE-2017-20054-dd0f7c53e188e7bf56ca28fcdda5f28e.yaml
+++ b/nuclei-templates/2017/CVE-2017-20054-dd0f7c53e188e7bf56ca28fcdda5f28e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Manager <= 1.4.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-manager/"
     google-query: inurl:"/wp-content/plugins/contact-form-manager/"
     shodan-query: 'vuln:CVE-2017-20054'
-  tags: cve,wordpress,wp-plugin,contact-form-manager,medium
+  tags: cve,wordpress,wp-plugin,contact-form-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-20055-3ecd0cc847951c575bdce3ab52ae1765.yaml b/nuclei-templates/2017/CVE-2017-20055-3ecd0cc847951c575bdce3ab52ae1765.yaml
index 1d4a4e2de2..4b7b901bf7 100644
--- a/nuclei-templates/2017/CVE-2017-20055-3ecd0cc847951c575bdce3ab52ae1765.yaml
+++ b/nuclei-templates/2017/CVE-2017-20055-3ecd0cc847951c575bdce3ab52ae1765.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Plugin <= 4.0.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.2 is able to address this issue. It is recommended to upgrade the affected component.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-lite/"
     google-query: inurl:"/wp-content/plugins/contact-form-lite/"
     shodan-query: 'vuln:CVE-2017-20055'
-  tags: cve,wordpress,wp-plugin,contact-form-lite,medium
+  tags: cve,wordpress,wp-plugin,contact-form-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-20056-f899587161f02b977d621dc3afe7bca7.yaml b/nuclei-templates/2017/CVE-2017-20056-f899587161f02b977d621dc3afe7bca7.yaml
index 441653fb9d..1dfcd217ba 100644
--- a/nuclei-templates/2017/CVE-2017-20056-f899587161f02b977d621dc3afe7bca7.yaml
+++ b/nuclei-templates/2017/CVE-2017-20056-f899587161f02b977d621dc3afe7bca7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Login Log <= 2.2.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Login Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column_name’ parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Subscriber+ level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-login-log/"
     google-query: inurl:"/wp-content/plugins/user-login-log/"
     shodan-query: 'vuln:CVE-2017-20056'
-  tags: cve,wordpress,wp-plugin,user-login-log,medium
+  tags: cve,wordpress,wp-plugin,user-login-log,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-20090-6765f94f6a40bfeac4a799a7a22b461e.yaml b/nuclei-templates/2017/CVE-2017-20090-6765f94f6a40bfeac4a799a7a22b461e.yaml
index 0b0f085d69..5c972ce350 100644
--- a/nuclei-templates/2017/CVE-2017-20090-6765f94f6a40bfeac4a799a7a22b461e.yaml
+++ b/nuclei-templates/2017/CVE-2017-20090-6765f94f6a40bfeac4a799a7a22b461e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Global Content Blocks <= 2.1.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/global-content-blocks/"
     google-query: inurl:"/wp-content/plugins/global-content-blocks/"
     shodan-query: 'vuln:CVE-2017-20090'
-  tags: cve,wordpress,wp-plugin,global-content-blocks,high
+  tags: cve,wordpress,wp-plugin,global-content-blocks,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-20108-1d7d7c5febd898bd86b248bdd1c64ad3.yaml b/nuclei-templates/2017/CVE-2017-20108-1d7d7c5febd898bd86b248bdd1c64ad3.yaml
index d82b27cf74..a2a9f90e82 100644
--- a/nuclei-templates/2017/CVE-2017-20108-1d7d7c5febd898bd86b248bdd1c64ad3.yaml
+++ b/nuclei-templates/2017/CVE-2017-20108-1d7d7c5febd898bd86b248bdd1c64ad3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Table <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'easy_table_plugin_option' parameters in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-table/"
     google-query: inurl:"/wp-content/plugins/easy-table/"
     shodan-query: 'vuln:CVE-2017-20108'
-  tags: cve,wordpress,wp-plugin,easy-table,medium
+  tags: cve,wordpress,wp-plugin,easy-table,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-2136-b396ad7ddae66e7db7a5d4c1747eea0d.yaml b/nuclei-templates/2017/CVE-2017-2136-b396ad7ddae66e7db7a5d4c1747eea0d.yaml
index b4379d500b..a05bc583dd 100644
--- a/nuclei-templates/2017/CVE-2017-2136-b396ad7ddae66e7db7a5d4c1747eea0d.yaml
+++ b/nuclei-templates/2017/CVE-2017-2136-b396ad7ddae66e7db7a5d4c1747eea0d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 12.0.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:CVE-2017-2136'
-  tags: cve,wordpress,wp-plugin,wp-statistics,medium
+  tags: cve,wordpress,wp-plugin,wp-statistics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-2168-cb489cb39876b1f1dad08fd79397698a.yaml b/nuclei-templates/2017/CVE-2017-2168-cb489cb39876b1f1dad08fd79397698a.yaml
index bb7b30c5fd..66f0b38c7f 100644
--- a/nuclei-templates/2017/CVE-2017-2168-cb489cb39876b1f1dad08fd79397698a.yaml
+++ b/nuclei-templates/2017/CVE-2017-2168-cb489cb39876b1f1dad08fd79397698a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Booking System – Booking Calendar < 1.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2017-2168
   metadata:
-    fofa-query: "wp-content/plugins/wp-booking-system/"
-    google-query: inurl:"/wp-content/plugins/wp-booking-system/"
+    fofa-query: "wp-content/plugins/wp-booking-system-premium/"
+    google-query: inurl:"/wp-content/plugins/wp-booking-system-premium/"
     shodan-query: 'vuln:CVE-2017-2168'
-  tags: cve,wordpress,wp-plugin,wp-booking-system,medium
+  tags: cve,wordpress,wp-plugin,wp-booking-system-premium,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-booking-system/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-booking-system-premium/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wp-booking-system"
+          - "wp-booking-system-premium"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.4')
\ No newline at end of file
+          - compare_versions(version, '< 3.7')
\ No newline at end of file
diff --git a/nuclei-templates/2017/CVE-2017-2169-791eff0c2052bc2e9edb50c4e621f28e.yaml b/nuclei-templates/2017/CVE-2017-2169-791eff0c2052bc2e9edb50c4e621f28e.yaml
index f7a49146bc..b669893869 100644
--- a/nuclei-templates/2017/CVE-2017-2169-791eff0c2052bc2e9edb50c4e621f28e.yaml
+++ b/nuclei-templates/2017/CVE-2017-2169-791eff0c2052bc2e9edb50c4e621f28e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MaxButtons <= 6.18 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maxbuttons/"
     google-query: inurl:"/wp-content/plugins/maxbuttons/"
     shodan-query: 'vuln:CVE-2017-2169'
-  tags: cve,wordpress,wp-plugin,maxbuttons,medium
+  tags: cve,wordpress,wp-plugin,maxbuttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-2187-245c40ef7971bdcc79b4668a4d4b1ccf.yaml b/nuclei-templates/2017/CVE-2017-2187-245c40ef7971bdcc79b4668a4d4b1ccf.yaml
index 4d168a7e51..900bee6315 100644
--- a/nuclei-templates/2017/CVE-2017-2187-245c40ef7971bdcc79b4668a4d4b1ccf.yaml
+++ b/nuclei-templates/2017/CVE-2017-2187-245c40ef7971bdcc79b4668a4d4b1ccf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Live Chat Support <= 7.0.06 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:CVE-2017-2187'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-2195-ae474b19622d960a9a30327a508a7a8c.yaml b/nuclei-templates/2017/CVE-2017-2195-ae474b19622d960a9a30327a508a7a8c.yaml
index 92b582d5a2..647d66f16d 100644
--- a/nuclei-templates/2017/CVE-2017-2195-ae474b19622d960a9a30327a508a7a8c.yaml
+++ b/nuclei-templates/2017/CVE-2017-2195-ae474b19622d960a9a30327a508a7a8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multi Feed Reader <= 2.2.3 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multi-feed-reader/"
     google-query: inurl:"/wp-content/plugins/multi-feed-reader/"
     shodan-query: 'vuln:CVE-2017-2195'
-  tags: cve,wordpress,wp-plugin,multi-feed-reader,high
+  tags: cve,wordpress,wp-plugin,multi-feed-reader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-2222-a980d40221670f484b92312f4acbd125.yaml b/nuclei-templates/2017/CVE-2017-2222-a980d40221670f484b92312f4acbd125.yaml
index e04e24196b..7512730c3a 100644
--- a/nuclei-templates/2017/CVE-2017-2222-a980d40221670f484b92312f4acbd125.yaml
+++ b/nuclei-templates/2017/CVE-2017-2222-a980d40221670f484b92312f4acbd125.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Members < 3.1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-Members plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 3.1.8 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-members/"
     google-query: inurl:"/wp-content/plugins/wp-members/"
     shodan-query: 'vuln:CVE-2017-2222'
-  tags: cve,wordpress,wp-plugin,wp-members,medium
+  tags: cve,wordpress,wp-plugin,wp-members,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-2224-4f2124ce38e5b11836dd224eb87f80c1.yaml b/nuclei-templates/2017/CVE-2017-2224-4f2124ce38e5b11836dd224eb87f80c1.yaml
index a5d9fe672a..35238c1c31 100644
--- a/nuclei-templates/2017/CVE-2017-2224-4f2124ce38e5b11836dd224eb87f80c1.yaml
+++ b/nuclei-templates/2017/CVE-2017-2224-4f2124ce38e5b11836dd224eb87f80c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventCalendar < 1.0.94 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EventCalendar plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 1.0.94 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-calendar-wd/"
     google-query: inurl:"/wp-content/plugins/event-calendar-wd/"
     shodan-query: 'vuln:CVE-2017-2224'
-  tags: cve,wordpress,wp-plugin,event-calendar-wd,medium
+  tags: cve,wordpress,wp-plugin,event-calendar-wd,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-2243-d3aee972ef803bd73b594546fe5f08d6.yaml b/nuclei-templates/2017/CVE-2017-2243-d3aee972ef803bd73b594546fe5f08d6.yaml
index ef3841b96d..cc96cd1670 100644
--- a/nuclei-templates/2017/CVE-2017-2243-d3aee972ef803bd73b594546fe5f08d6.yaml
+++ b/nuclei-templates/2017/CVE-2017-2243-d3aee972ef803bd73b594546fe5f08d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Lightbox & Gallery <= 1.7.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-lightbox/"
     google-query: inurl:"/wp-content/plugins/responsive-lightbox/"
     shodan-query: 'vuln:CVE-2017-2243'
-  tags: cve,wordpress,wp-plugin,responsive-lightbox,medium
+  tags: cve,wordpress,wp-plugin,responsive-lightbox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-2285-237f33dd283cbe8ba991ef6c6d099f49.yaml b/nuclei-templates/2017/CVE-2017-2285-237f33dd283cbe8ba991ef6c6d099f49.yaml
index 56366adae4..0b86c6d9fb 100644
--- a/nuclei-templates/2017/CVE-2017-2285-237f33dd283cbe8ba991ef6c6d099f49.yaml
+++ b/nuclei-templates/2017/CVE-2017-2285-237f33dd283cbe8ba991ef6c6d099f49.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Custom CSS and JS <= 3.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-css-js/"
     google-query: inurl:"/wp-content/plugins/custom-css-js/"
     shodan-query: 'vuln:CVE-2017-2285'
-  tags: cve,wordpress,wp-plugin,custom-css-js,medium
+  tags: cve,wordpress,wp-plugin,custom-css-js,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-5488-54dec93948946561e928da0b2ec5342b.yaml b/nuclei-templates/2017/CVE-2017-5488-54dec93948946561e928da0b2ec5342b.yaml
index 1fd6c30f48..8196d649aa 100644
--- a/nuclei-templates/2017/CVE-2017-5488-54dec93948946561e928da0b2ec5342b.yaml
+++ b/nuclei-templates/2017/CVE-2017-5488-54dec93948946561e928da0b2ec5342b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.1 - Cross-Site Scripting via Name and Version Header of Plugin
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-5488
   metadata:
     shodan-query: 'vuln:CVE-2017-5488'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-5489-39916ed0568dcf6437aaa303323a2034.yaml b/nuclei-templates/2017/CVE-2017-5489-39916ed0568dcf6437aaa303323a2034.yaml
index ceea447a5a..4fec01d497 100644
--- a/nuclei-templates/2017/CVE-2017-5489-39916ed0568dcf6437aaa303323a2034.yaml
+++ b/nuclei-templates/2017/CVE-2017-5489-39916ed0568dcf6437aaa303323a2034.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.1 - Cross-Site Request Forgery via Uploading Flash File
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-5489
   metadata:
     shodan-query: 'vuln:CVE-2017-5489'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-5490-e104142bc1fb6f9114a1a8ff34f8d8a2.yaml b/nuclei-templates/2017/CVE-2017-5490-e104142bc1fb6f9114a1a8ff34f8d8a2.yaml
index 5a57b581c9..faa1075c30 100644
--- a/nuclei-templates/2017/CVE-2017-5490-e104142bc1fb6f9114a1a8ff34f8d8a2.yaml
+++ b/nuclei-templates/2017/CVE-2017-5490-e104142bc1fb6f9114a1a8ff34f8d8a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.1 - Stored Cross-Site Scripting via theme directory name
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-5490
   metadata:
     shodan-query: 'vuln:CVE-2017-5490'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-5492-bcdd353c7595eb2f2eb76b75cc1e43b8.yaml b/nuclei-templates/2017/CVE-2017-5492-bcdd353c7595eb2f2eb76b75cc1e43b8.yaml
index 229a88b521..a6f98b1d43 100644
--- a/nuclei-templates/2017/CVE-2017-5492-bcdd353c7595eb2f2eb76b75cc1e43b8.yaml
+++ b/nuclei-templates/2017/CVE-2017-5492-bcdd353c7595eb2f2eb76b75cc1e43b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.1 - Cross-Site Request Forgery via Widget Editing
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-5492
   metadata:
     shodan-query: 'vuln:CVE-2017-5492'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-5610-fd782d56e4b98d3f89d6bafb5ab8e0f0.yaml b/nuclei-templates/2017/CVE-2017-5610-fd782d56e4b98d3f89d6bafb5ab8e0f0.yaml
index 7a58c04ab8..78c19e7a58 100644
--- a/nuclei-templates/2017/CVE-2017-5610-fd782d56e4b98d3f89d6bafb5ab8e0f0.yaml
+++ b/nuclei-templates/2017/CVE-2017-5610-fd782d56e4b98d3f89d6bafb5ab8e0f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.2 - Authorization Bypass to Term Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-5610
   metadata:
     shodan-query: 'vuln:CVE-2017-5610'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-5611-23c7538b5ae837a8600364853bf7a88b.yaml b/nuclei-templates/2017/CVE-2017-5611-23c7538b5ae837a8600364853bf7a88b.yaml
index 23068667d9..8e6d69d7fd 100644
--- a/nuclei-templates/2017/CVE-2017-5611-23c7538b5ae837a8600364853bf7a88b.yaml
+++ b/nuclei-templates/2017/CVE-2017-5611-23c7538b5ae837a8600364853bf7a88b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.2 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-5611
   metadata:
     shodan-query: 'vuln:CVE-2017-5611'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-5612-ccba560ddddde5bfcc32d210efed4a87.yaml b/nuclei-templates/2017/CVE-2017-5612-ccba560ddddde5bfcc32d210efed4a87.yaml
index d0e7764f32..197125c42f 100644
--- a/nuclei-templates/2017/CVE-2017-5612-ccba560ddddde5bfcc32d210efed4a87.yaml
+++ b/nuclei-templates/2017/CVE-2017-5612-ccba560ddddde5bfcc32d210efed4a87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-5612
   metadata:
     shodan-query: 'vuln:CVE-2017-5612'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6096-367d3a73f5196cd91ac495a3ac0b62f5.yaml b/nuclei-templates/2017/CVE-2017-6096-367d3a73f5196cd91ac495a3ac0b62f5.yaml
index 0e09ece526..fadb12b522 100644
--- a/nuclei-templates/2017/CVE-2017-6096-367d3a73f5196cd91ac495a3ac0b62f5.yaml
+++ b/nuclei-templates/2017/CVE-2017-6096-367d3a73f5196cd91ac495a3ac0b62f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via filter_list parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6096'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6097-d853b0e423f8ed0a8520b3730f92bb07.yaml b/nuclei-templates/2017/CVE-2017-6097-d853b0e423f8ed0a8520b3730f92bb07.yaml
index 94c033e30a..9c812670ff 100644
--- a/nuclei-templates/2017/CVE-2017-6097-d853b0e423f8ed0a8520b3730f92bb07.yaml
+++ b/nuclei-templates/2017/CVE-2017-6097-d853b0e423f8ed0a8520b3730f92bb07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via camp_id parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6097'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6098-0ae464a32aa65e97054ff65a6cd1aac7.yaml b/nuclei-templates/2017/CVE-2017-6098-0ae464a32aa65e97054ff65a6cd1aac7.yaml
index c7ae8a66e7..cb3a3ac88b 100644
--- a/nuclei-templates/2017/CVE-2017-6098-0ae464a32aa65e97054ff65a6cd1aac7.yaml
+++ b/nuclei-templates/2017/CVE-2017-6098-0ae464a32aa65e97054ff65a6cd1aac7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via list_id parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6098'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6102-b501e58c10633b07f2bbf5ed16ac706e.yaml b/nuclei-templates/2017/CVE-2017-6102-b501e58c10633b07f2bbf5ed16ac706e.yaml
index c407c7004c..a3fa0caf77 100644
--- a/nuclei-templates/2017/CVE-2017-6102-b501e58c10633b07f2bbf5ed16ac706e.yaml
+++ b/nuclei-templates/2017/CVE-2017-6102-b501e58c10633b07f2bbf5ed16ac706e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rockhoist Badges <= 1.2.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Persistent XSS in wordpress plugin rockhoist-badges v1.2.2 via badge description and title fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rockhoist-badges/"
     google-query: inurl:"/wp-content/plugins/rockhoist-badges/"
     shodan-query: 'vuln:CVE-2017-6102'
-  tags: cve,wordpress,wp-plugin,rockhoist-badges,medium
+  tags: cve,wordpress,wp-plugin,rockhoist-badges,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6103-180f313b58923b98a121e2e279750680.yaml b/nuclei-templates/2017/CVE-2017-6103-180f313b58923b98a121e2e279750680.yaml
index 27c14b5687..b27a641a40 100644
--- a/nuclei-templates/2017/CVE-2017-6103-180f313b58923b98a121e2e279750680.yaml
+++ b/nuclei-templates/2017/CVE-2017-6103-180f313b58923b98a121e2e279750680.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AnyVar <= 0.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1 via var_name parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anyvar/"
     google-query: inurl:"/wp-content/plugins/anyvar/"
     shodan-query: 'vuln:CVE-2017-6103'
-  tags: cve,wordpress,wp-plugin,anyvar,medium
+  tags: cve,wordpress,wp-plugin,anyvar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6570-61f3e3f11790d6bb7105200ca41924cd.yaml b/nuclei-templates/2017/CVE-2017-6570-61f3e3f11790d6bb7105200ca41924cd.yaml
index e82c775e56..b5fab6cc81 100644
--- a/nuclei-templates/2017/CVE-2017-6570-61f3e3f11790d6bb7105200ca41924cd.yaml
+++ b/nuclei-templates/2017/CVE-2017-6570-61f3e3f11790d6bb7105200ca41924cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via id parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6570'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6571-ab348c720a0710e52e24c076c92c0cb1.yaml b/nuclei-templates/2017/CVE-2017-6571-ab348c720a0710e52e24c076c92c0cb1.yaml
index 4df55f7ad8..8b2eb51bbb 100644
--- a/nuclei-templates/2017/CVE-2017-6571-ab348c720a0710e52e24c076c92c0cb1.yaml
+++ b/nuclei-templates/2017/CVE-2017-6571-ab348c720a0710e52e24c076c92c0cb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via id parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6571'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6572-2a026b3abf7a570fa9c1168601d16d6c.yaml b/nuclei-templates/2017/CVE-2017-6572-2a026b3abf7a570fa9c1168601d16d6c.yaml
index 29c47620e8..b7f24be82d 100644
--- a/nuclei-templates/2017/CVE-2017-6572-2a026b3abf7a570fa9c1168601d16d6c.yaml
+++ b/nuclei-templates/2017/CVE-2017-6572-2a026b3abf7a570fa9c1168601d16d6c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via filter_list parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6572'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6573-9f041e8fa181897986208bfc1b4d15f9.yaml b/nuclei-templates/2017/CVE-2017-6573-9f041e8fa181897986208bfc1b4d15f9.yaml
index 1cb423c9a6..43e24869c8 100644
--- a/nuclei-templates/2017/CVE-2017-6573-9f041e8fa181897986208bfc1b4d15f9.yaml
+++ b/nuclei-templates/2017/CVE-2017-6573-9f041e8fa181897986208bfc1b4d15f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via id parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6573'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6574-d349201003f1e073b123310455ca065d.yaml b/nuclei-templates/2017/CVE-2017-6574-d349201003f1e073b123310455ca065d.yaml
index d915ad15a8..6c52ef963a 100644
--- a/nuclei-templates/2017/CVE-2017-6574-d349201003f1e073b123310455ca065d.yaml
+++ b/nuclei-templates/2017/CVE-2017-6574-d349201003f1e073b123310455ca065d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta Plugin <= 1.0 - SQL Injection via filter_list
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6574'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6575-71386814122d58a47245526972d56d40.yaml b/nuclei-templates/2017/CVE-2017-6575-71386814122d58a47245526972d56d40.yaml
index 5fce1345e6..7cebbc0353 100644
--- a/nuclei-templates/2017/CVE-2017-6575-71386814122d58a47245526972d56d40.yaml
+++ b/nuclei-templates/2017/CVE-2017-6575-71386814122d58a47245526972d56d40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via member_id parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6575'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6576-346d51a39433f3f2e66028061115352b.yaml b/nuclei-templates/2017/CVE-2017-6576-346d51a39433f3f2e66028061115352b.yaml
index 3f7f0cbe67..6356cf52d3 100644
--- a/nuclei-templates/2017/CVE-2017-6576-346d51a39433f3f2e66028061115352b.yaml
+++ b/nuclei-templates/2017/CVE-2017-6576-346d51a39433f3f2e66028061115352b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via id parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6576'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6577-56b6a95b36a0bf98a099f526d08412cb.yaml b/nuclei-templates/2017/CVE-2017-6577-56b6a95b36a0bf98a099f526d08412cb.yaml
index 123e44114f..54ddfe24a2 100644
--- a/nuclei-templates/2017/CVE-2017-6577-56b6a95b36a0bf98a099f526d08412cb.yaml
+++ b/nuclei-templates/2017/CVE-2017-6577-56b6a95b36a0bf98a099f526d08412cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via list_id parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6577'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6578-882cb2013f62250b85eee3042b3892e0.yaml b/nuclei-templates/2017/CVE-2017-6578-882cb2013f62250b85eee3042b3892e0.yaml
index 760d0b9343..9659d81177 100644
--- a/nuclei-templates/2017/CVE-2017-6578-882cb2013f62250b85eee3042b3892e0.yaml
+++ b/nuclei-templates/2017/CVE-2017-6578-882cb2013f62250b85eee3042b3892e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Masta <= 1.0 - SQL Injection via subscriber_email parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-masta/"
     google-query: inurl:"/wp-content/plugins/mail-masta/"
     shodan-query: 'vuln:CVE-2017-6578'
-  tags: cve,wordpress,wp-plugin,mail-masta,high
+  tags: cve,wordpress,wp-plugin,mail-masta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6814-149dcf7cdb4497ad56e6c587550c43ab.yaml b/nuclei-templates/2017/CVE-2017-6814-149dcf7cdb4497ad56e6c587550c43ab.yaml
index bf80256bd3..2297339c65 100644
--- a/nuclei-templates/2017/CVE-2017-6814-149dcf7cdb4497ad56e6c587550c43ab.yaml
+++ b/nuclei-templates/2017/CVE-2017-6814-149dcf7cdb4497ad56e6c587550c43ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.3 - Cross-Site Scripting via Media Metadata
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-6814
   metadata:
     shodan-query: 'vuln:CVE-2017-6814'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6817-7c8aa1bb9118332e4c00a1f8fbc13540.yaml b/nuclei-templates/2017/CVE-2017-6817-7c8aa1bb9118332e4c00a1f8fbc13540.yaml
index 91bb61ab5e..6a86cc6ee9 100644
--- a/nuclei-templates/2017/CVE-2017-6817-7c8aa1bb9118332e4c00a1f8fbc13540.yaml
+++ b/nuclei-templates/2017/CVE-2017-6817-7c8aa1bb9118332e4c00a1f8fbc13540.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.3 - Authenticated Cross-Site Scripting in Youtube URL Embeds
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-6817
   metadata:
     shodan-query: 'vuln:CVE-2017-6817'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6818-0a8a35fbbc78dd50ed9a1fd51d25c173.yaml b/nuclei-templates/2017/CVE-2017-6818-0a8a35fbbc78dd50ed9a1fd51d25c173.yaml
index dcc3a22fac..b2f959f7e4 100644
--- a/nuclei-templates/2017/CVE-2017-6818-0a8a35fbbc78dd50ed9a1fd51d25c173.yaml
+++ b/nuclei-templates/2017/CVE-2017-6818-0a8a35fbbc78dd50ed9a1fd51d25c173.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.3 - Cross-Site Scripting via Taxonomy names
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-6818
   metadata:
     shodan-query: 'vuln:CVE-2017-6818'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6819-25c3fb96e305a88e28c455667db0b60d.yaml b/nuclei-templates/2017/CVE-2017-6819-25c3fb96e305a88e28c455667db0b60d.yaml
index 101f5f37b2..206e25c99f 100644
--- a/nuclei-templates/2017/CVE-2017-6819-25c3fb96e305a88e28c455667db0b60d.yaml
+++ b/nuclei-templates/2017/CVE-2017-6819-25c3fb96e305a88e28c455667db0b60d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.3 - Cross-Site Request Forgery via Press This
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-6819
   metadata:
     shodan-query: 'vuln:CVE-2017-6819'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-6954-8dce3163a90bed75fd5b9e557a28f3b3.yaml b/nuclei-templates/2017/CVE-2017-6954-8dce3163a90bed75fd5b9e557a28f3b3.yaml
index a4158a0c00..131830e60b 100644
--- a/nuclei-templates/2017/CVE-2017-6954-8dce3163a90bed75fd5b9e557a28f3b3.yaml
+++ b/nuclei-templates/2017/CVE-2017-6954-8dce3163a90bed75fd5b9e557a28f3b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress Docs <= 1.9.2 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-docs/"
     google-query: inurl:"/wp-content/plugins/buddypress-docs/"
     shodan-query: 'vuln:CVE-2017-6954'
-  tags: cve,wordpress,wp-plugin,buddypress-docs,medium
+  tags: cve,wordpress,wp-plugin,buddypress-docs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-7723-e3f24a45c97373cce269e0ae75379f47.yaml b/nuclei-templates/2017/CVE-2017-7723-e3f24a45c97373cce269e0ae75379f47.yaml
index 7c8c491318..7b4d5f8969 100644
--- a/nuclei-templates/2017/CVE-2017-7723-e3f24a45c97373cce269e0ae75379f47.yaml
+++ b/nuclei-templates/2017/CVE-2017-7723-e3f24a45c97373cce269e0ae75379f47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy WP SMTP <= 1.2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-wp-smtp/"
     google-query: inurl:"/wp-content/plugins/easy-wp-smtp/"
     shodan-query: 'vuln:CVE-2017-7723'
-  tags: cve,wordpress,wp-plugin,easy-wp-smtp,medium
+  tags: cve,wordpress,wp-plugin,easy-wp-smtp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-8099-8475202b9f0509bc3f7f733c6c0c1b7b.yaml b/nuclei-templates/2017/CVE-2017-8099-8475202b9f0509bc3f7f733c6c0c1b7b.yaml
index 3c4bd39c0f..f77efbd45d 100644
--- a/nuclei-templates/2017/CVE-2017-8099-8475202b9f0509bc3f7f733c6c0c1b7b.yaml
+++ b/nuclei-templates/2017/CVE-2017-8099-8475202b9f0509bc3f7f733c6c0c1b7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WHIZZ < 1.1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WHIZZ plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.1.1. This is due to missing nonce validation on several different functions. This makes it possible for unauthenticated attackers to delete WordPress users and change the plugin's status via forged requests granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/whizz/"
     google-query: inurl:"/wp-content/plugins/whizz/"
     shodan-query: 'vuln:CVE-2017-8099'
-  tags: cve,wordpress,wp-plugin,whizz,high
+  tags: cve,wordpress,wp-plugin,whizz,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-8875-b85e6f076cf78bc83dad21e66d70a2d9.yaml b/nuclei-templates/2017/CVE-2017-8875-b85e6f076cf78bc83dad21e66d70a2d9.yaml
index 41ab84b02f..b3f865e512 100644
--- a/nuclei-templates/2017/CVE-2017-8875-b85e6f076cf78bc83dad21e66d70a2d9.yaml
+++ b/nuclei-templates/2017/CVE-2017-8875-b85e6f076cf78bc83dad21e66d70a2d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clean Login <= 1.10.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Clean Login for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.3. This is due to missing or incorrect nonce validation on the clean_login_options() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Note this vulnerability was not patched in version 1.8 as stated in the CVE record.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clean-login/"
     google-query: inurl:"/wp-content/plugins/clean-login/"
     shodan-query: 'vuln:CVE-2017-8875'
-  tags: cve,wordpress,wp-plugin,clean-login,high
+  tags: cve,wordpress,wp-plugin,clean-login,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-9061-2059eacfa2b817cc7e2dee40b1d8ccd8.yaml b/nuclei-templates/2017/CVE-2017-9061-2059eacfa2b817cc7e2dee40b1d8ccd8.yaml
index 4f158a66d8..f2c3bef504 100644
--- a/nuclei-templates/2017/CVE-2017-9061-2059eacfa2b817cc7e2dee40b1d8ccd8.yaml
+++ b/nuclei-templates/2017/CVE-2017-9061-2059eacfa2b817cc7e2dee40b1d8ccd8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.5 - Stored Cross-Site Scripting via filenames
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-9061
   metadata:
     shodan-query: 'vuln:CVE-2017-9061'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-9063-b31baacf3424b6f807916c83cd50d239.yaml b/nuclei-templates/2017/CVE-2017-9063-b31baacf3424b6f807916c83cd50d239.yaml
index e34860230f..70c7ca2b6b 100644
--- a/nuclei-templates/2017/CVE-2017-9063-b31baacf3424b6f807916c83cd50d239.yaml
+++ b/nuclei-templates/2017/CVE-2017-9063-b31baacf3424b6f807916c83cd50d239.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.5 - Cross-Site Scripting via Customizer
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-9063
   metadata:
     shodan-query: 'vuln:CVE-2017-9063'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-9064-fa8a087263ff15310b12026bf0398947.yaml b/nuclei-templates/2017/CVE-2017-9064-fa8a087263ff15310b12026bf0398947.yaml
index f833da1bf8..82c5caf415 100644
--- a/nuclei-templates/2017/CVE-2017-9064-fa8a087263ff15310b12026bf0398947.yaml
+++ b/nuclei-templates/2017/CVE-2017-9064-fa8a087263ff15310b12026bf0398947.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.5 - Cross-Site Request Forgery Filesystem Credential Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-9064
   metadata:
     shodan-query: 'vuln:CVE-2017-9064'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-9065-e8d59ad5e812b7bb724e8a40d7c112fd.yaml b/nuclei-templates/2017/CVE-2017-9065-e8d59ad5e812b7bb724e8a40d7c112fd.yaml
index d53dbccc2f..6105c9c1ef 100644
--- a/nuclei-templates/2017/CVE-2017-9065-e8d59ad5e812b7bb724e8a40d7c112fd.yaml
+++ b/nuclei-templates/2017/CVE-2017-9065-e8d59ad5e812b7bb724e8a40d7c112fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.7.5 - Authorization Bypass Allowing Post Meta Updates
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2017-9065
   metadata:
     shodan-query: 'vuln:CVE-2017-9065'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-9337-c99fdfdd6f51accf3ed6f44f28e23a84.yaml b/nuclei-templates/2017/CVE-2017-9337-c99fdfdd6f51accf3ed6f44f28e23a84.yaml
index 501d887972..2d6adb6739 100644
--- a/nuclei-templates/2017/CVE-2017-9337-c99fdfdd6f51accf3ed6f44f28e23a84.yaml
+++ b/nuclei-templates/2017/CVE-2017-9337-c99fdfdd6f51accf3ed6f44f28e23a84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Markdown on Save Improved <= 2.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/markdown-on-save-improved/"
     google-query: inurl:"/wp-content/plugins/markdown-on-save-improved/"
     shodan-query: 'vuln:CVE-2017-9337'
-  tags: cve,wordpress,wp-plugin,markdown-on-save-improved,medium
+  tags: cve,wordpress,wp-plugin,markdown-on-save-improved,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-9418-b810e04fd2ee9ba72626a776c33f0a7b.yaml b/nuclei-templates/2017/CVE-2017-9418-b810e04fd2ee9ba72626a776c33f0a7b.yaml
index f9233ffc4c..3ba76438f5 100644
--- a/nuclei-templates/2017/CVE-2017-9418-b810e04fd2ee9ba72626a776c33f0a7b.yaml
+++ b/nuclei-templates/2017/CVE-2017-9418-b810e04fd2ee9ba72626a776c33f0a7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Testimonials <= 3.4.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-testimonials/"
     google-query: inurl:"/wp-content/plugins/wp-testimonials/"
     shodan-query: 'vuln:CVE-2017-9418'
-  tags: cve,wordpress,wp-plugin,wp-testimonials,high
+  tags: cve,wordpress,wp-plugin,wp-testimonials,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-9419-8eccd870a6d15f799494bf58d6a610b0.yaml b/nuclei-templates/2017/CVE-2017-9419-8eccd870a6d15f799494bf58d6a610b0.yaml
index 8b2f19f5be..1b24455948 100644
--- a/nuclei-templates/2017/CVE-2017-9419-8eccd870a6d15f799494bf58d6a610b0.yaml
+++ b/nuclei-templates/2017/CVE-2017-9419-8eccd870a6d15f799494bf58d6a610b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Fields Search <= 0.3.28 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-fields-search/"
     google-query: inurl:"/wp-content/plugins/wp-custom-fields-search/"
     shodan-query: 'vuln:CVE-2017-9419'
-  tags: cve,wordpress,wp-plugin,wp-custom-fields-search,medium
+  tags: cve,wordpress,wp-plugin,wp-custom-fields-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-9429-b6feac7a7902db970215a4fc933d4825.yaml b/nuclei-templates/2017/CVE-2017-9429-b6feac7a7902db970215a4fc933d4825.yaml
index f23ded3c4e..d6a46151fa 100644
--- a/nuclei-templates/2017/CVE-2017-9429-b6feac7a7902db970215a4fc933d4825.yaml
+++ b/nuclei-templates/2017/CVE-2017-9429-b6feac7a7902db970215a4fc933d4825.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event List < 0.7.9 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Event List plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions before 0.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-list/"
     google-query: inurl:"/wp-content/plugins/event-list/"
     shodan-query: 'vuln:CVE-2017-9429'
-  tags: cve,wordpress,wp-plugin,event-list,high
+  tags: cve,wordpress,wp-plugin,event-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2017/CVE-2017-9603-b2a0f64728c134eb1a214207f2b340c0.yaml b/nuclei-templates/2017/CVE-2017-9603-b2a0f64728c134eb1a214207f2b340c0.yaml
index 98b5c450a0..5243228784 100644
--- a/nuclei-templates/2017/CVE-2017-9603-b2a0f64728c134eb1a214207f2b340c0.yaml
+++ b/nuclei-templates/2017/CVE-2017-9603-b2a0f64728c134eb1a214207f2b340c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Jobs < 1.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-jobs/"
     google-query: inurl:"/wp-content/plugins/wp-jobs/"
     shodan-query: 'vuln:CVE-2017-9603'
-  tags: cve,wordpress,wp-plugin,wp-jobs,high
+  tags: cve,wordpress,wp-plugin,wp-jobs,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-0511-ad6eca81b2e556f270b3ae3f5090cf96.yaml b/nuclei-templates/2018/CVE-2018-0511-ad6eca81b2e556f270b3ae3f5090cf96.yaml
index 41d73ecd8c..b0544b4d39 100644
--- a/nuclei-templates/2018/CVE-2018-0511-ad6eca81b2e556f270b3ae3f5090cf96.yaml
+++ b/nuclei-templates/2018/CVE-2018-0511-ad6eca81b2e556f270b3ae3f5090cf96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Retina 2x <= 5.2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-retina-2x/"
     google-query: inurl:"/wp-content/plugins/wp-retina-2x/"
     shodan-query: 'vuln:CVE-2018-0511'
-  tags: cve,wordpress,wp-plugin,wp-retina-2x,medium
+  tags: cve,wordpress,wp-plugin,wp-retina-2x,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-0546-6542eb9293767f9620f37e7f59fd2a40.yaml b/nuclei-templates/2018/CVE-2018-0546-6542eb9293767f9620f37e7f59fd2a40.yaml
index 6d1365c0cb..4e6b076869 100644
--- a/nuclei-templates/2018/CVE-2018-0546-6542eb9293767f9620f37e7f59fd2a40.yaml
+++ b/nuclei-templates/2018/CVE-2018-0546-6542eb9293767f9620f37e7f59fd2a40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP All Import <= 3.4.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2018-0546'
-  tags: cve,wordpress,wp-plugin,wp-all-import,medium
+  tags: cve,wordpress,wp-plugin,wp-all-import,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-0547-d244aad713442e8917ed457759893c6e.yaml b/nuclei-templates/2018/CVE-2018-0547-d244aad713442e8917ed457759893c6e.yaml
index 4a44311dc2..0eb46da817 100644
--- a/nuclei-templates/2018/CVE-2018-0547-d244aad713442e8917ed457759893c6e.yaml
+++ b/nuclei-templates/2018/CVE-2018-0547-d244aad713442e8917ed457759893c6e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP All Import <= 3.4.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2018-0547'
-  tags: cve,wordpress,wp-plugin,wp-all-import,medium
+  tags: cve,wordpress,wp-plugin,wp-all-import,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-0576-bf648a28f236904436ac42427351efb1.yaml b/nuclei-templates/2018/CVE-2018-0576-bf648a28f236904436ac42427351efb1.yaml
index 85fed4677c..4b2ee0f03c 100644
--- a/nuclei-templates/2018/CVE-2018-0576-bf648a28f236904436ac42427351efb1.yaml
+++ b/nuclei-templates/2018/CVE-2018-0576-bf648a28f236904436ac42427351efb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 5.8.1.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2018-0576'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-0577-7149f44d871608d660e807410983089b.yaml b/nuclei-templates/2018/CVE-2018-0577-7149f44d871608d660e807410983089b.yaml
index 20e970aa11..e8947b241c 100644
--- a/nuclei-templates/2018/CVE-2018-0577-7149f44d871608d660e807410983089b.yaml
+++ b/nuclei-templates/2018/CVE-2018-0577-7149f44d871608d660e807410983089b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP MAPS – Easiest & Most Advanced WordPress Plugin for Google Maps < 4.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-map-plugin/"
     google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/"
     shodan-query: 'vuln:CVE-2018-0577'
-  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium
+  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-0587-caa94527ec89b606495dedb1b363e9ed.yaml b/nuclei-templates/2018/CVE-2018-0587-caa94527ec89b606495dedb1b363e9ed.yaml
index ee05b8f6bd..3f1b3880dd 100644
--- a/nuclei-templates/2018/CVE-2018-0587-caa94527ec89b606495dedb1b363e9ed.yaml
+++ b/nuclei-templates/2018/CVE-2018-0587-caa94527ec89b606495dedb1b363e9ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member < 2.0.4 - Authenticated Unrestricted File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to unrestricted file uploads in versions prior to version 2.0.4. This makes it possible for authenticated attackers to upload arbitrary image files via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2018-0587'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-0602-865ecb5d1f3a9d92057b3c2510337cb0.yaml b/nuclei-templates/2018/CVE-2018-0602-865ecb5d1f3a9d92057b3c2510337cb0.yaml
index 0f72b0e947..e3334f741d 100644
--- a/nuclei-templates/2018/CVE-2018-0602-865ecb5d1f3a9d92057b3c2510337cb0.yaml
+++ b/nuclei-templates/2018/CVE-2018-0602-865ecb5d1f3a9d92057b3c2510337cb0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Subscribers & Newsletters <= 3.4.12 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2018-0602'
-  tags: cve,wordpress,wp-plugin,email-subscribers,medium
+  tags: cve,wordpress,wp-plugin,email-subscribers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-0603-363cf849a90f39fbc05b59e8ab91a270.yaml b/nuclei-templates/2018/CVE-2018-0603-363cf849a90f39fbc05b59e8ab91a270.yaml
index b88cca2307..ec5f742a77 100644
--- a/nuclei-templates/2018/CVE-2018-0603-363cf849a90f39fbc05b59e8ab91a270.yaml
+++ b/nuclei-templates/2018/CVE-2018-0603-363cf849a90f39fbc05b59e8ab91a270.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Reviews <= 2.15.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-reviews/"
     google-query: inurl:"/wp-content/plugins/site-reviews/"
     shodan-query: 'vuln:CVE-2018-0603'
-  tags: cve,wordpress,wp-plugin,site-reviews,medium
+  tags: cve,wordpress,wp-plugin,site-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-0642-3af842e4b028602d05da06af8493bf21.yaml b/nuclei-templates/2018/CVE-2018-0642-3af842e4b028602d05da06af8493bf21.yaml
index 05531c61ee..66e8f509b6 100644
--- a/nuclei-templates/2018/CVE-2018-0642-3af842e4b028602d05da06af8493bf21.yaml
+++ b/nuclei-templates/2018/CVE-2018-0642-3af842e4b028602d05da06af8493bf21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player 6.1.2 - 6.6.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:CVE-2018-0642'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-1000172-ac32959f74b06f08f41c35d9de9637f2.yaml b/nuclei-templates/2018/CVE-2018-1000172-ac32959f74b06f08f41c35d9de9637f2.yaml
index 34c59d8bd0..b9b3c5f6b2 100644
--- a/nuclei-templates/2018/CVE-2018-1000172-ac32959f74b06f08f41c35d9de9637f2.yaml
+++ b/nuclei-templates/2018/CVE-2018-1000172-ac32959f74b06f08f41c35d9de9637f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGEN Gallery <= 2.2.44 - Cross-Site Scripting via image alt and title text
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2018-1000172'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-1000504-660c79b80e87c9453730e77d4013c8f0.yaml b/nuclei-templates/2018/CVE-2018-1000504-660c79b80e87c9453730e77d4013c8f0.yaml
index c02108bedf..f810384941 100644
--- a/nuclei-templates/2018/CVE-2018-1000504-660c79b80e87c9453730e77d4013c8f0.yaml
+++ b/nuclei-templates/2018/CVE-2018-1000504-660c79b80e87c9453730e77d4013c8f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirection <= 2.7.3 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirection/"
     google-query: inurl:"/wp-content/plugins/redirection/"
     shodan-query: 'vuln:CVE-2018-1000504'
-  tags: cve,wordpress,wp-plugin,redirection,high
+  tags: cve,wordpress,wp-plugin,redirection,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-1000506-3d637613552d802b9173bc064749bb1c.yaml b/nuclei-templates/2018/CVE-2018-1000506-3d637613552d802b9173bc064749bb1c.yaml
index bb95954878..8faaf17a83 100644
--- a/nuclei-templates/2018/CVE-2018-1000506-3d637613552d802b9173bc064749bb1c.yaml
+++ b/nuclei-templates/2018/CVE-2018-1000506-3d637613552d802b9173bc064749bb1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metronet Tag Manager < 1.2.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Metronet Tag Manager version 1.2.7 contains a Cross site Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must following a link. This vulnerability appears to have been fixed in 1.2.9.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metronet-tag-manager/"
     google-query: inurl:"/wp-content/plugins/metronet-tag-manager/"
     shodan-query: 'vuln:CVE-2018-1000506'
-  tags: cve,wordpress,wp-plugin,metronet-tag-manager,high
+  tags: cve,wordpress,wp-plugin,metronet-tag-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-1002000-33bf8f8eb63499d2436cf7f9e5a448fa.yaml b/nuclei-templates/2018/CVE-2018-1002000-33bf8f8eb63499d2436cf7f9e5a448fa.yaml
index a129eed1c9..5fed5531ea 100644
--- a/nuclei-templates/2018/CVE-2018-1002000-33bf8f8eb63499d2436cf7f9e5a448fa.yaml
+++ b/nuclei-templates/2018/CVE-2018-1002000-33bf8f8eb63499d2436cf7f9e5a448fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Arigato Autoresponder and Newsletter <= 2.5.1.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bft-autoresponder/"
     google-query: inurl:"/wp-content/plugins/bft-autoresponder/"
     shodan-query: 'vuln:CVE-2018-1002000'
-  tags: cve,wordpress,wp-plugin,bft-autoresponder,high
+  tags: cve,wordpress,wp-plugin,bft-autoresponder,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-1002005-53f4d866310c8c093dd280b48d69df62.yaml b/nuclei-templates/2018/CVE-2018-1002005-53f4d866310c8c093dd280b48d69df62.yaml
index 4c764fc177..8e198e1a99 100644
--- a/nuclei-templates/2018/CVE-2018-1002005-53f4d866310c8c093dd280b48d69df62.yaml
+++ b/nuclei-templates/2018/CVE-2018-1002005-53f4d866310c8c093dd280b48d69df62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bft-autoresponder/"
     google-query: inurl:"/wp-content/plugins/bft-autoresponder/"
     shodan-query: 'vuln:CVE-2018-1002005'
-  tags: cve,wordpress,wp-plugin,bft-autoresponder,medium
+  tags: cve,wordpress,wp-plugin,bft-autoresponder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-1002006-3c224c321d9ba7c36132b340a7d491de.yaml b/nuclei-templates/2018/CVE-2018-1002006-3c224c321d9ba7c36132b340a7d491de.yaml
index c5e7615c4e..b69dbf35f4 100644
--- a/nuclei-templates/2018/CVE-2018-1002006-3c224c321d9ba7c36132b340a7d491de.yaml
+++ b/nuclei-templates/2018/CVE-2018-1002006-3c224c321d9ba7c36132b340a7d491de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bft-autoresponder/"
     google-query: inurl:"/wp-content/plugins/bft-autoresponder/"
     shodan-query: 'vuln:CVE-2018-1002006'
-  tags: cve,wordpress,wp-plugin,bft-autoresponder,medium
+  tags: cve,wordpress,wp-plugin,bft-autoresponder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-10102-451f562a663eda2ff6d506be6cf980bd.yaml b/nuclei-templates/2018/CVE-2018-10102-451f562a663eda2ff6d506be6cf980bd.yaml
index 7af422f1fb..b9bfd35a33 100644
--- a/nuclei-templates/2018/CVE-2018-10102-451f562a663eda2ff6d506be6cf980bd.yaml
+++ b/nuclei-templates/2018/CVE-2018-10102-451f562a663eda2ff6d506be6cf980bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.9.5 - Authenticated Stored Cross-Site Scripting via Generator Tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2018-10102
   metadata:
     shodan-query: 'vuln:CVE-2018-10102'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-10233-a6054d32c09f0a33057b0746bec92f89.yaml b/nuclei-templates/2018/CVE-2018-10233-a6054d32c09f0a33057b0746bec92f89.yaml
index a9c19fed38..bd809329f3 100644
--- a/nuclei-templates/2018/CVE-2018-10233-a6054d32c09f0a33057b0746bec92f89.yaml
+++ b/nuclei-templates/2018/CVE-2018-10233-a6054d32c09f0a33057b0746bec92f89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.6 - Multiple Cross-Site Request Forgery Issues
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2018-10233'
-  tags: cve,wordpress,wp-plugin,ultimate-member,high
+  tags: cve,wordpress,wp-plugin,ultimate-member,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-10234-08b6d9dc73cde56d748bcfad89022c1b.yaml b/nuclei-templates/2018/CVE-2018-10234-08b6d9dc73cde56d748bcfad89022c1b.yaml
index 4146885397..8d8beeaecc 100644
--- a/nuclei-templates/2018/CVE-2018-10234-08b6d9dc73cde56d748bcfad89022c1b.yaml
+++ b/nuclei-templates/2018/CVE-2018-10234-08b6d9dc73cde56d748bcfad89022c1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.10 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options&section=account page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2018-10234'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-10301-81a1379b5306a9cfccfcaaf08bd3abdb.yaml b/nuclei-templates/2018/CVE-2018-10301-81a1379b5306a9cfccfcaaf08bd3abdb.yaml
index 74b7933bce..2067705c08 100644
--- a/nuclei-templates/2018/CVE-2018-10301-81a1379b5306a9cfccfcaaf08bd3abdb.yaml
+++ b/nuclei-templates/2018/CVE-2018-10301-81a1379b5306a9cfccfcaaf08bd3abdb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WD Instagram Feed Premium <= 1.3.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-instagram-feed/"
     google-query: inurl:"/wp-content/plugins/wordpress-instagram-feed/"
     shodan-query: 'vuln:CVE-2018-10301'
-  tags: cve,wordpress,wp-plugin,wordpress-instagram-feed,medium
+  tags: cve,wordpress,wp-plugin,wordpress-instagram-feed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-10309-d2ced4606aa87805c35fba9cf8d5be3f.yaml b/nuclei-templates/2018/CVE-2018-10309-d2ced4606aa87805c35fba9cf8d5be3f.yaml
index f8cb88a125..b2cee78fc3 100644
--- a/nuclei-templates/2018/CVE-2018-10309-d2ced4606aa87805c35fba9cf8d5be3f.yaml
+++ b/nuclei-templates/2018/CVE-2018-10309-d2ced4606aa87805c35fba9cf8d5be3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Cookie Consent < 1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-cookie-consent/"
     google-query: inurl:"/wp-content/plugins/responsive-cookie-consent/"
     shodan-query: 'vuln:CVE-2018-10309'
-  tags: cve,wordpress,wp-plugin,responsive-cookie-consent,medium
+  tags: cve,wordpress,wp-plugin,responsive-cookie-consent,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-10310-c62e1a09b5d25064f2b824e42c65ea26.yaml b/nuclei-templates/2018/CVE-2018-10310-c62e1a09b5d25064f2b824e42c65ea26.yaml
index 84808c7c3e..ced981fbf7 100644
--- a/nuclei-templates/2018/CVE-2018-10310-c62e1a09b5d25064f2b824e42c65ea26.yaml
+++ b/nuclei-templates/2018/CVE-2018-10310-c62e1a09b5d25064f2b824e42c65ea26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Catapult UK Cookie Consent <= 2.3.9 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uk-cookie-consent/"
     google-query: inurl:"/wp-content/plugins/uk-cookie-consent/"
     shodan-query: 'vuln:CVE-2018-10310'
-  tags: cve,wordpress,wp-plugin,uk-cookie-consent,medium
+  tags: cve,wordpress,wp-plugin,uk-cookie-consent,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-10371-0533a60780cf9a211a23b93d336f2dae.yaml b/nuclei-templates/2018/CVE-2018-10371-0533a60780cf9a211a23b93d336f2dae.yaml
index 7388d7f422..93ca44ecd2 100644
--- a/nuclei-templates/2018/CVE-2018-10371-0533a60780cf9a211a23b93d336f2dae.yaml
+++ b/nuclei-templates/2018/CVE-2018-10371-0533a60780cf9a211a23b93d336f2dae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WF Cookie Consent <= 1.1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wf-cookie-consent/"
     google-query: inurl:"/wp-content/plugins/wf-cookie-consent/"
     shodan-query: 'vuln:CVE-2018-10371'
-  tags: cve,wordpress,wp-plugin,wf-cookie-consent,medium
+  tags: cve,wordpress,wp-plugin,wf-cookie-consent,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-10752-42f689e89098e402a672dac5ec8f6c89.yaml b/nuclei-templates/2018/CVE-2018-10752-42f689e89098e402a672dac5ec8f6c89.yaml
index c4310adf7a..392e527130 100644
--- a/nuclei-templates/2018/CVE-2018-10752-42f689e89098e402a672dac5ec8f6c89.yaml
+++ b/nuclei-templates/2018/CVE-2018-10752-42f689e89098e402a672dac5ec8f6c89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tagregator <= 0.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tagregator/"
     google-query: inurl:"/wp-content/plugins/tagregator/"
     shodan-query: 'vuln:CVE-2018-10752'
-  tags: cve,wordpress,wp-plugin,tagregator,medium
+  tags: cve,wordpress,wp-plugin,tagregator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-11105-66eb7f5c446de79e267dceb74a880097.yaml b/nuclei-templates/2018/CVE-2018-11105-66eb7f5c446de79e267dceb74a880097.yaml
index b048ad54b2..7b32d833e2 100644
--- a/nuclei-templates/2018/CVE-2018-11105-66eb7f5c446de79e267dceb74a880097.yaml
+++ b/nuclei-templates/2018/CVE-2018-11105-66eb7f5c446de79e267dceb74a880097.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3CX Live Chat <= 8.0.07 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:CVE-2018-11105'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-11244-9d3718684afa0305d0420944743522e1.yaml b/nuclei-templates/2018/CVE-2018-11244-9d3718684afa0305d0420944743522e1.yaml
index 8edb11d860..46acb25ebd 100644
--- a/nuclei-templates/2018/CVE-2018-11244-9d3718684afa0305d0420944743522e1.yaml
+++ b/nuclei-templates/2018/CVE-2018-11244-9d3718684afa0305d0420944743522e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BBE < 1.53 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/bbe/"
     google-query: inurl:"/wp-content/themes/bbe/"
     shodan-query: 'vuln:CVE-2018-11244'
-  tags: cve,wordpress,wp-theme,bbe,medium
+  tags: cve,wordpress,wp-theme,bbe,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-11366-cfd6c4a67043af04f9e4f98a73eab3fa.yaml b/nuclei-templates/2018/CVE-2018-11366-cfd6c4a67043af04f9e4f98a73eab3fa.yaml
index 33875cdc56..dde41a664b 100644
--- a/nuclei-templates/2018/CVE-2018-11366-cfd6c4a67043af04f9e4f98a73eab3fa.yaml
+++ b/nuclei-templates/2018/CVE-2018-11366-cfd6c4a67043af04f9e4f98a73eab3fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/loginizer/"
     google-query: inurl:"/wp-content/plugins/loginizer/"
     shodan-query: 'vuln:CVE-2018-11366'
-  tags: cve,wordpress,wp-plugin,loginizer,medium
+  tags: cve,wordpress,wp-plugin,loginizer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-11485-c0b1d947b4291937f57429344da7ac74.yaml b/nuclei-templates/2018/CVE-2018-11485-c0b1d947b4291937f57429344da7ac74.yaml
index 39a7302e8e..9d2cfb4fe7 100644
--- a/nuclei-templates/2018/CVE-2018-11485-c0b1d947b4291937f57429344da7ac74.yaml
+++ b/nuclei-templates/2018/CVE-2018-11485-c0b1d947b4291937f57429344da7ac74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advance Search for WooCommerce < 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-advance-search/"
     google-query: inurl:"/wp-content/plugins/woo-advance-search/"
     shodan-query: 'vuln:CVE-2018-11485'
-  tags: cve,wordpress,wp-plugin,woo-advance-search,medium
+  tags: cve,wordpress,wp-plugin,woo-advance-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-11486-cd59c1c91da7bd7850f2d8eefef7525f.yaml b/nuclei-templates/2018/CVE-2018-11486-cd59c1c91da7bd7850f2d8eefef7525f.yaml
index 7d5301569c..b974d03a9c 100644
--- a/nuclei-templates/2018/CVE-2018-11486-cd59c1c91da7bd7850f2d8eefef7525f.yaml
+++ b/nuclei-templates/2018/CVE-2018-11486-cd59c1c91da7bd7850f2d8eefef7525f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advance Search for WooCommerce <= 1.0.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-advance-search/"
     google-query: inurl:"/wp-content/plugins/woo-advance-search/"
     shodan-query: 'vuln:CVE-2018-11486'
-  tags: cve,wordpress,wp-plugin,woo-advance-search,medium
+  tags: cve,wordpress,wp-plugin,woo-advance-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-11579-0167f45d0f324e4791bf42a58fe0f3d4.yaml b/nuclei-templates/2018/CVE-2018-11579-0167f45d0f324e4791bf42a58fe0f3d4.yaml
index de1da11d84..dd1537e6ec 100644
--- a/nuclei-templates/2018/CVE-2018-11579-0167f45d0f324e4791bf42a58fe0f3d4.yaml
+++ b/nuclei-templates/2018/CVE-2018-11579-0167f45d0f324e4791bf42a58fe0f3d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woocommerce Category Banner Management <= 1.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/banner-management-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/banner-management-for-woocommerce/"
     shodan-query: 'vuln:CVE-2018-11579'
-  tags: cve,wordpress,wp-plugin,banner-management-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,banner-management-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-12636-8a1c6c8c0e2f1e2277e0443f4946d572.yaml b/nuclei-templates/2018/CVE-2018-12636-8a1c6c8c0e2f1e2277e0443f4946d572.yaml
index 7bca40340b..459dcbc339 100644
--- a/nuclei-templates/2018/CVE-2018-12636-8a1c6c8c0e2f1e2277e0443f4946d572.yaml
+++ b/nuclei-templates/2018/CVE-2018-12636-8a1c6c8c0e2f1e2277e0443f4946d572.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iThemes Security <= 7.0.2 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-wp-security/"
     google-query: inurl:"/wp-content/plugins/better-wp-security/"
     shodan-query: 'vuln:CVE-2018-12636'
-  tags: cve,wordpress,wp-plugin,better-wp-security,high
+  tags: cve,wordpress,wp-plugin,better-wp-security,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-12895-8cfb86a7329c0d8dd964b15f121c0465.yaml b/nuclei-templates/2018/CVE-2018-12895-8cfb86a7329c0d8dd964b15f121c0465.yaml
index 574b8e47de..2f0d68e119 100644
--- a/nuclei-templates/2018/CVE-2018-12895-8cfb86a7329c0d8dd964b15f121c0465.yaml
+++ b/nuclei-templates/2018/CVE-2018-12895-8cfb86a7329c0d8dd964b15f121c0465.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.9.7 - Authenticated Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2018-12895
   metadata:
     shodan-query: 'vuln:CVE-2018-12895'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-13136-a3c4d74b63323bef472fb10b591d6314.yaml b/nuclei-templates/2018/CVE-2018-13136-a3c4d74b63323bef472fb10b591d6314.yaml
index 1af94e3301..33865a028f 100644
--- a/nuclei-templates/2018/CVE-2018-13136-a3c4d74b63323bef472fb10b591d6314.yaml
+++ b/nuclei-templates/2018/CVE-2018-13136-a3c4d74b63323bef472fb10b591d6314.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.17 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2018-13136'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-13137-ee6754b66c3dcc79f507ad42121825d8.yaml b/nuclei-templates/2018/CVE-2018-13137-ee6754b66c3dcc79f507ad42121825d8.yaml
index 4a145b78cd..3553743616 100644
--- a/nuclei-templates/2018/CVE-2018-13137-ee6754b66c3dcc79f507ad42121825d8.yaml
+++ b/nuclei-templates/2018/CVE-2018-13137-ee6754b66c3dcc79f507ad42121825d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 5.9.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2018-13137'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-13832-adf6fd1cec72a101892ceb2db93bece6.yaml b/nuclei-templates/2018/CVE-2018-13832-adf6fd1cec72a101892ceb2db93bece6.yaml
index 55653e7fe5..9c2bcd8171 100644
--- a/nuclei-templates/2018/CVE-2018-13832-adf6fd1cec72a101892ceb2db93bece6.yaml
+++ b/nuclei-templates/2018/CVE-2018-13832-adf6fd1cec72a101892ceb2db93bece6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One Favicon <= 4.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-favicon/"
     google-query: inurl:"/wp-content/plugins/all-in-one-favicon/"
     shodan-query: 'vuln:CVE-2018-13832'
-  tags: cve,wordpress,wp-plugin,all-in-one-favicon,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-favicon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-14028-70d9b727752f76af972d40070c1204ab.yaml b/nuclei-templates/2018/CVE-2018-14028-70d9b727752f76af972d40070c1204ab.yaml
index 0f87a36608..ebcf3cec40 100644
--- a/nuclei-templates/2018/CVE-2018-14028-70d9b727752f76af972d40070c1204ab.yaml
+++ b/nuclei-templates/2018/CVE-2018-14028-70d9b727752f76af972d40070c1204ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.4.3 - Authenticated(Administrator+) PHP File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In all current versions of WordPress Core before 6.4.3, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins. Please note that this requires administrator or super administrator permissions(on multisite installations) and only impacts heavily locked-down installations where even these users cannot install new plugins. CVE-2024-31210 may be a duplicate of this issue.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2018-14028
   metadata:
     shodan-query: 'vuln:CVE-2018-14028'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-14071-381d6cb0faea51f097b85258ee0a1587.yaml b/nuclei-templates/2018/CVE-2018-14071-381d6cb0faea51f097b85258ee0a1587.yaml
index 3d7d0a2257..c155673f08 100644
--- a/nuclei-templates/2018/CVE-2018-14071-381d6cb0faea51f097b85258ee0a1587.yaml
+++ b/nuclei-templates/2018/CVE-2018-14071-381d6cb0faea51f097b85258ee0a1587.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Geo Mashup - < 1.10.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geo-mashup/"
     google-query: inurl:"/wp-content/plugins/geo-mashup/"
     shodan-query: 'vuln:CVE-2018-14071'
-  tags: cve,wordpress,wp-plugin,geo-mashup,medium
+  tags: cve,wordpress,wp-plugin,geo-mashup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-14846-962810e9bfe68aabdf565feb933a98a3.yaml b/nuclei-templates/2018/CVE-2018-14846-962810e9bfe68aabdf565feb933a98a3.yaml
index 258745010d..a6baf5498c 100644
--- a/nuclei-templates/2018/CVE-2018-14846-962810e9bfe68aabdf565feb933a98a3.yaml
+++ b/nuclei-templates/2018/CVE-2018-14846-962810e9bfe68aabdf565feb933a98a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multi Step Form <= 1.2.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mondula Multi Step Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fw_wizard_save’ action in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The following parameters are affected: 
     data[wizard][steps][0][title]
@@ -27,7 +27,7 @@ info:
     fofa-query: "wp-content/plugins/multi-step-form/"
     google-query: inurl:"/wp-content/plugins/multi-step-form/"
     shodan-query: 'vuln:CVE-2018-14846'
-  tags: cve,wordpress,wp-plugin,multi-step-form,medium
+  tags: cve,wordpress,wp-plugin,multi-step-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-16164-209b175b2921345ce72870696dcb5d5d.yaml b/nuclei-templates/2018/CVE-2018-16164-209b175b2921345ce72870696dcb5d5d.yaml
index 6326a8f5e6..a47b4c1fa6 100644
--- a/nuclei-templates/2018/CVE-2018-16164-209b175b2921345ce72870696dcb5d5d.yaml
+++ b/nuclei-templates/2018/CVE-2018-16164-209b175b2921345ce72870696dcb5d5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventCalendar <= 1.1.21 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-calendar-wd/"
     google-query: inurl:"/wp-content/plugins/event-calendar-wd/"
     shodan-query: 'vuln:CVE-2018-16164'
-  tags: cve,wordpress,wp-plugin,event-calendar-wd,medium
+  tags: cve,wordpress,wp-plugin,event-calendar-wd,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-16173-6d3b26eeb9dd4b508b1794df4cfed998.yaml b/nuclei-templates/2018/CVE-2018-16173-6d3b26eeb9dd4b508b1794df4cfed998.yaml
index d9fb7ac021..fadf7fc22f 100644
--- a/nuclei-templates/2018/CVE-2018-16173-6d3b26eeb9dd4b508b1794df4cfed998.yaml
+++ b/nuclei-templates/2018/CVE-2018-16173-6d3b26eeb9dd4b508b1794df4cfed998.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 3.0.12 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2018-16173'
-  tags: cve,wordpress,wp-plugin,learnpress,medium
+  tags: cve,wordpress,wp-plugin,learnpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-16175-d5338c51a39110eb82434918065d2ccd.yaml b/nuclei-templates/2018/CVE-2018-16175-d5338c51a39110eb82434918065d2ccd.yaml
index a9ceb7e705..6f788a0551 100644
--- a/nuclei-templates/2018/CVE-2018-16175-d5338c51a39110eb82434918065d2ccd.yaml
+++ b/nuclei-templates/2018/CVE-2018-16175-d5338c51a39110eb82434918065d2ccd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 3.0.12 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2018-16175'
-  tags: cve,wordpress,wp-plugin,learnpress,high
+  tags: cve,wordpress,wp-plugin,learnpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-16204-877bab778ddda7032844b19d4fdbee7a.yaml b/nuclei-templates/2018/CVE-2018-16204-877bab778ddda7032844b19d4fdbee7a.yaml
index 508898201e..d3bc890e93 100644
--- a/nuclei-templates/2018/CVE-2018-16204-877bab778ddda7032844b19d4fdbee7a.yaml
+++ b/nuclei-templates/2018/CVE-2018-16204-877bab778ddda7032844b19d4fdbee7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XML Sitemaps <= 4.0.9 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-sitemap-generator/"
     google-query: inurl:"/wp-content/plugins/google-sitemap-generator/"
     shodan-query: 'vuln:CVE-2018-16204'
-  tags: cve,wordpress,wp-plugin,google-sitemap-generator,medium
+  tags: cve,wordpress,wp-plugin,google-sitemap-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-16206-e9caa2ebc5663770aed9ca1501187910.yaml b/nuclei-templates/2018/CVE-2018-16206-e9caa2ebc5663770aed9ca1501187910.yaml
index ff20a8c8eb..40b99db86b 100644
--- a/nuclei-templates/2018/CVE-2018-16206-e9caa2ebc5663770aed9ca1501187910.yaml
+++ b/nuclei-templates/2018/CVE-2018-16206-e9caa2ebc5663770aed9ca1501187910.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     spam-byebye <= 2.2.1 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spam-byebye/"
     google-query: inurl:"/wp-content/plugins/spam-byebye/"
     shodan-query: 'vuln:CVE-2018-16206'
-  tags: cve,wordpress,wp-plugin,spam-byebye,medium
+  tags: cve,wordpress,wp-plugin,spam-byebye,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-16285-656244efbeeadce5c71da45e29bb9a67.yaml b/nuclei-templates/2018/CVE-2018-16285-656244efbeeadce5c71da45e29bb9a67.yaml
index caab77e7c0..413f5204be 100644
--- a/nuclei-templates/2018/CVE-2018-16285-656244efbeeadce5c71da45e29bb9a67.yaml
+++ b/nuclei-templates/2018/CVE-2018-16285-656244efbeeadce5c71da45e29bb9a67.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UserPro <= 4.9.23 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userpro/"
     google-query: inurl:"/wp-content/plugins/userpro/"
     shodan-query: 'vuln:CVE-2018-16285'
-  tags: cve,wordpress,wp-plugin,userpro,medium
+  tags: cve,wordpress,wp-plugin,userpro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-16966-6943b3fa4f51347e8c8fc20d043e8814.yaml b/nuclei-templates/2018/CVE-2018-16966-6943b3fa4f51347e8c8fc20d043e8814.yaml
index 58eaa5e9ab..ae75ac530c 100644
--- a/nuclei-templates/2018/CVE-2018-16966-6943b3fa4f51347e8c8fc20d043e8814.yaml
+++ b/nuclei-templates/2018/CVE-2018-16966-6943b3fa4f51347e8c8fc20d043e8814.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Manager <= 3.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     There is a CSRF vulnerability in the File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-manager/"
     google-query: inurl:"/wp-content/plugins/wp-file-manager/"
     shodan-query: 'vuln:CVE-2018-16966'
-  tags: cve,wordpress,wp-plugin,wp-file-manager,high
+  tags: cve,wordpress,wp-plugin,wp-file-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-16967-e2709c74f557b8f05efa6466674d741e.yaml b/nuclei-templates/2018/CVE-2018-16967-e2709c74f557b8f05efa6466674d741e.yaml
index 0ac513ef7e..250bbf6b20 100644
--- a/nuclei-templates/2018/CVE-2018-16967-e2709c74f557b8f05efa6466674d741e.yaml
+++ b/nuclei-templates/2018/CVE-2018-16967-e2709c74f557b8f05efa6466674d741e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Manager <= 3.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     There is an XSS vulnerability in the File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-manager/"
     google-query: inurl:"/wp-content/plugins/wp-file-manager/"
     shodan-query: 'vuln:CVE-2018-16967'
-  tags: cve,wordpress,wp-plugin,wp-file-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-file-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-17138-1318af711c3fe0fec9bc7d351421ab5e.yaml b/nuclei-templates/2018/CVE-2018-17138-1318af711c3fe0fec9bc7d351421ab5e.yaml
index ac3597a64c..eb06b409ad 100644
--- a/nuclei-templates/2018/CVE-2018-17138-1318af711c3fe0fec9bc7d351421ab5e.yaml
+++ b/nuclei-templates/2018/CVE-2018-17138-1318af711c3fe0fec9bc7d351421ab5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jibu Pro <= 1.7 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jibu-pro/"
     google-query: inurl:"/wp-content/plugins/jibu-pro/"
     shodan-query: 'vuln:CVE-2018-17138'
-  tags: cve,wordpress,wp-plugin,jibu-pro,medium
+  tags: cve,wordpress,wp-plugin,jibu-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-17140-05b1f0bb86ade4c6c32252e799c74986.yaml b/nuclei-templates/2018/CVE-2018-17140-05b1f0bb86ade4c6c32252e799c74986.yaml
index 0667ed9484..4d856ca5e8 100644
--- a/nuclei-templates/2018/CVE-2018-17140-05b1f0bb86ade4c6c32252e799c74986.yaml
+++ b/nuclei-templates/2018/CVE-2018-17140-05b1f0bb86ade4c6c32252e799c74986.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quizlord <= 2.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quizlord/"
     google-query: inurl:"/wp-content/plugins/quizlord/"
     shodan-query: 'vuln:CVE-2018-17140'
-  tags: cve,wordpress,wp-plugin,quizlord,medium
+  tags: cve,wordpress,wp-plugin,quizlord,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-17583-87d8a616e4f6cf2eb5659e011debac27.yaml b/nuclei-templates/2018/CVE-2018-17583-87d8a616e4f6cf2eb5659e011debac27.yaml
index 0c586d87a8..b22fbc6ef8 100644
--- a/nuclei-templates/2018/CVE-2018-17583-87d8a616e4f6cf2eb5659e011debac27.yaml
+++ b/nuclei-templates/2018/CVE-2018-17583-87d8a616e4f6cf2eb5659e011debac27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via the rules[0][content] parameter in a wpfc_save_exclude_pages action
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2018-17583'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-17584-c154f039f669a6109ec8e5a85b87164a.yaml b/nuclei-templates/2018/CVE-2018-17584-c154f039f669a6109ec8e5a85b87164a.yaml
index bc54070056..e8fc50e0a1 100644
--- a/nuclei-templates/2018/CVE-2018-17584-c154f039f669a6109ec8e5a85b87164a.yaml
+++ b/nuclei-templates/2018/CVE-2018-17584-c154f039f669a6109ec8e5a85b87164a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 0.8.8.5 - Cross-Site Request Forgery via page to wpfastestcacheoptions
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2018-17584'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-17585-5c10da7a2c723b79d143625ddb915594.yaml b/nuclei-templates/2018/CVE-2018-17585-5c10da7a2c723b79d143625ddb915594.yaml
index 9c32688447..df69db7627 100644
--- a/nuclei-templates/2018/CVE-2018-17585-5c10da7a2c723b79d143625ddb915594.yaml
+++ b/nuclei-templates/2018/CVE-2018-17585-5c10da7a2c723b79d143625ddb915594.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via wpFastestCachePage options, wpFastestCachePreload_number or wpFastestCacheLanguage parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2018-17585'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-17586-34c60f50f8424840987ed5ec10c2ec3b.yaml b/nuclei-templates/2018/CVE-2018-17586-34c60f50f8424840987ed5ec10c2ec3b.yaml
index aa0ba67b77..e14f5989da 100644
--- a/nuclei-templates/2018/CVE-2018-17586-34c60f50f8424840987ed5ec10c2ec3b.yaml
+++ b/nuclei-templates/2018/CVE-2018-17586-34c60f50f8424840987ed5ec10c2ec3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via rules[0][content] parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2018-17586'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-17866-c040e1b7f1d715ec00a05b885aa3bea9.yaml b/nuclei-templates/2018/CVE-2018-17866-c040e1b7f1d715ec00a05b885aa3bea9.yaml
index 7577fbe548..4904debfca 100644
--- a/nuclei-templates/2018/CVE-2018-17866-c040e1b7f1d715ec00a05b885aa3bea9.yaml
+++ b/nuclei-templates/2018/CVE-2018-17866-c040e1b7f1d715ec00a05b885aa3bea9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.27 - Multiple Cross-Site Scripting vulnerabilities
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2018-17866'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-17884-d1ded0c2f1b1f7a73c6770c120be62b6.yaml b/nuclei-templates/2018/CVE-2018-17884-d1ded0c2f1b1f7a73c6770c120be62b6.yaml
index 39f592c03c..a737b84bcb 100644
--- a/nuclei-templates/2018/CVE-2018-17884-d1ded0c2f1b1f7a73c6770c120be62b6.yaml
+++ b/nuclei-templates/2018/CVE-2018-17884-d1ded0c2f1b1f7a73c6770c120be62b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gwolle Guestbook <= 2.5.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gwolle-gb/"
     google-query: inurl:"/wp-content/plugins/gwolle-gb/"
     shodan-query: 'vuln:CVE-2018-17884'
-  tags: cve,wordpress,wp-plugin,gwolle-gb,medium
+  tags: cve,wordpress,wp-plugin,gwolle-gb,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-17947-2c0772cee08d9dbe384d352f3239ef5e.yaml b/nuclei-templates/2018/CVE-2018-17947-2c0772cee08d9dbe384d352f3239ef5e.yaml
index 1a752a6da5..c0d8e29279 100644
--- a/nuclei-templates/2018/CVE-2018-17947-2c0772cee08d9dbe384d352f3239ef5e.yaml
+++ b/nuclei-templates/2018/CVE-2018-17947-2c0772cee08d9dbe384d352f3239ef5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Snazzy Maps <= 1.1.4 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/snazzy-maps/"
     google-query: inurl:"/wp-content/plugins/snazzy-maps/"
     shodan-query: 'vuln:CVE-2018-17947'
-  tags: cve,wordpress,wp-plugin,snazzy-maps,medium
+  tags: cve,wordpress,wp-plugin,snazzy-maps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-18017-f81d8e9ecaded3d70e2eeaa0f98dacf3.yaml b/nuclei-templates/2018/CVE-2018-18017-f81d8e9ecaded3d70e2eeaa0f98dacf3.yaml
index e5e9024301..03869b84af 100644
--- a/nuclei-templates/2018/CVE-2018-18017-f81d8e9ecaded3d70e2eeaa0f98dacf3.yaml
+++ b/nuclei-templates/2018/CVE-2018-18017-f81d8e9ecaded3d70e2eeaa0f98dacf3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow Gallery <= 1.6.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-gallery/"
     shodan-query: 'vuln:CVE-2018-18017'
-  tags: cve,wordpress,wp-plugin,slideshow-gallery,medium
+  tags: cve,wordpress,wp-plugin,slideshow-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-18018-ffb6abfc1462cb6dac9fb7d1f9f94e2a.yaml b/nuclei-templates/2018/CVE-2018-18018-ffb6abfc1462cb6dac9fb7d1f9f94e2a.yaml
index 9e73be5d71..72eea9313c 100644
--- a/nuclei-templates/2018/CVE-2018-18018-ffb6abfc1462cb6dac9fb7d1f9f94e2a.yaml
+++ b/nuclei-templates/2018/CVE-2018-18018-ffb6abfc1462cb6dac9fb7d1f9f94e2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow Gallery <= 1.6.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-gallery/"
     shodan-query: 'vuln:CVE-2018-18018'
-  tags: cve,wordpress,wp-plugin,slideshow-gallery,high
+  tags: cve,wordpress,wp-plugin,slideshow-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-18019-c799988a889ed03a659b8598e8dac08b.yaml b/nuclei-templates/2018/CVE-2018-18019-c799988a889ed03a659b8598e8dac08b.yaml
index a8f66860bf..dd4890fd7e 100644
--- a/nuclei-templates/2018/CVE-2018-18019-c799988a889ed03a659b8598e8dac08b.yaml
+++ b/nuclei-templates/2018/CVE-2018-18019-c799988a889ed03a659b8598e8dac08b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow Gallery <= 1.6.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-gallery/"
     shodan-query: 'vuln:CVE-2018-18019'
-  tags: cve,wordpress,wp-plugin,slideshow-gallery,medium
+  tags: cve,wordpress,wp-plugin,slideshow-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-18373-df4750e020fd99b1db3b233a3a40020d.yaml b/nuclei-templates/2018/CVE-2018-18373-df4750e020fd99b1db3b233a3a40020d.yaml
index a7588b2026..41d1bdffde 100644
--- a/nuclei-templates/2018/CVE-2018-18373-df4750e020fd99b1db3b233a3a40020d.yaml
+++ b/nuclei-templates/2018/CVE-2018-18373-df4750e020fd99b1db3b233a3a40020d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Support Board for WordPress <= 1.2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportboard/"
     google-query: inurl:"/wp-content/plugins/supportboard/"
     shodan-query: 'vuln:CVE-2018-18373'
-  tags: cve,wordpress,wp-plugin,supportboard,medium
+  tags: cve,wordpress,wp-plugin,supportboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-18379-d8cb62391dd6a20fc4b59fa893c8943a.yaml b/nuclei-templates/2018/CVE-2018-18379-d8cb62391dd6a20fc4b59fa893c8943a.yaml
index 7a24a51b59..c9fdfa0921 100644
--- a/nuclei-templates/2018/CVE-2018-18379-d8cb62391dd6a20fc4b59fa893c8943a.yaml
+++ b/nuclei-templates/2018/CVE-2018-18379-d8cb62391dd6a20fc4b59fa893c8943a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Pro <= 2.0.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2018-18379'
-  tags: cve,wordpress,wp-plugin,elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,elementor-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-18460-39656d176cfde17eb173675dd34ae675.yaml b/nuclei-templates/2018/CVE-2018-18460-39656d176cfde17eb173675dd34ae675.yaml
index 46f5165e97..012ca85b2a 100644
--- a/nuclei-templates/2018/CVE-2018-18460-39656d176cfde17eb173675dd34ae675.yaml
+++ b/nuclei-templates/2018/CVE-2018-18460-39656d176cfde17eb173675dd34ae675.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Live Chat Support <= 8.0.15 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:CVE-2018-18460'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-18872-8b25a4024805d97b0bbe39b2b083bd09.yaml b/nuclei-templates/2018/CVE-2018-18872-8b25a4024805d97b0bbe39b2b083bd09.yaml
index 3f1b5e1796..3bfbb25a73 100644
--- a/nuclei-templates/2018/CVE-2018-18872-8b25a4024805d97b0bbe39b2b083bd09.yaml
+++ b/nuclei-templates/2018/CVE-2018-18872-8b25a4024805d97b0bbe39b2b083bd09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calendar <= 1.3.10 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calendar/"
     google-query: inurl:"/wp-content/plugins/calendar/"
     shodan-query: 'vuln:CVE-2018-18872'
-  tags: cve,wordpress,wp-plugin,calendar,medium
+  tags: cve,wordpress,wp-plugin,calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-18919-74293ce2d79dd2a7920de3a46ed52f1d.yaml b/nuclei-templates/2018/CVE-2018-18919-74293ce2d79dd2a7920de3a46ed52f1d.yaml
index baa3921755..fb5504f7ba 100644
--- a/nuclei-templates/2018/CVE-2018-18919-74293ce2d79dd2a7920de3a46ed52f1d.yaml
+++ b/nuclei-templates/2018/CVE-2018-18919-74293ce2d79dd2a7920de3a46ed52f1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Editor.md – The Perfect WordPress Markdown Editor < 10.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Editor.md plugin before 10.0.4 for WordPress allows XSS via the comment area.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-editormd/"
     google-query: inurl:"/wp-content/plugins/wp-editormd/"
     shodan-query: 'vuln:CVE-2018-18919'
-  tags: cve,wordpress,wp-plugin,wp-editormd,medium
+  tags: cve,wordpress,wp-plugin,wp-editormd,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-19287-e6738d3799e5a12b0457c2f4dc805c15.yaml b/nuclei-templates/2018/CVE-2018-19287-e6738d3799e5a12b0457c2f4dc805c15.yaml
index a1491bf5eb..61a0a3b935 100644
--- a/nuclei-templates/2018/CVE-2018-19287-e6738d3799e5a12b0457c2f4dc805c15.yaml
+++ b/nuclei-templates/2018/CVE-2018-19287-e6738d3799e5a12b0457c2f4dc805c15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 3.3.17 - Cross-Site Scripting via begin_date, end_date, or form_id Parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2018-19287'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-19370-3ea36d65c6ea5b35072fe01e09307dfa.yaml b/nuclei-templates/2018/CVE-2018-19370-3ea36d65c6ea5b35072fe01e09307dfa.yaml
index b14490f4fe..90e1ffc41f 100644
--- a/nuclei-templates/2018/CVE-2018-19370-3ea36d65c6ea5b35072fe01e09307dfa.yaml
+++ b/nuclei-templates/2018/CVE-2018-19370-3ea36d65c6ea5b35072fe01e09307dfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO <= 9.1.0 - Race Condition to Remote Code Execution
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-seo/"
     google-query: inurl:"/wp-content/plugins/wordpress-seo/"
     shodan-query: 'vuln:CVE-2018-19370'
-  tags: cve,wordpress,wp-plugin,wordpress-seo,medium
+  tags: cve,wordpress,wp-plugin,wordpress-seo,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-19487-8605cf70b09f39b80921d3235eaa5a54.yaml b/nuclei-templates/2018/CVE-2018-19487-8605cf70b09f39b80921d3235eaa5a54.yaml
index bd35a854e4..789e7950c6 100644
--- a/nuclei-templates/2018/CVE-2018-19487-8605cf70b09f39b80921d3235eaa5a54.yaml
+++ b/nuclei-templates/2018/CVE-2018-19487-8605cf70b09f39b80921d3235eaa5a54.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2018-19487
   metadata:
-    fofa-query: "wp-content/plugins/jobcareer/"
-    google-query: inurl:"/wp-content/plugins/jobcareer/"
+    fofa-query: "wp-content/plugins/wp-jobhunt/"
+    google-query: inurl:"/wp-content/plugins/wp-jobhunt/"
     shodan-query: 'vuln:CVE-2018-19487'
-  tags: cve,wordpress,wp-plugin,jobcareer,medium
+  tags: cve,wordpress,wp-plugin,wp-jobhunt,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/jobcareer/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-jobhunt/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "jobcareer"
+          - "wp-jobhunt"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.4')
\ No newline at end of file
+          - compare_versions(version, '< 2.4')
\ No newline at end of file
diff --git a/nuclei-templates/2018/CVE-2018-19488-8b266025d0f3695c542ad07de2e9b34c.yaml b/nuclei-templates/2018/CVE-2018-19488-8b266025d0f3695c542ad07de2e9b34c.yaml
index f9bcfc8a93..562a6283be 100644
--- a/nuclei-templates/2018/CVE-2018-19488-8b266025d0f3695c542ad07de2e9b34c.yaml
+++ b/nuclei-templates/2018/CVE-2018-19488-8b266025d0f3695c542ad07de2e9b34c.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2018-19488
   metadata:
-    fofa-query: "wp-content/plugins/jobcareer/"
-    google-query: inurl:"/wp-content/plugins/jobcareer/"
+    fofa-query: "wp-content/plugins/wp-jobhunt/"
+    google-query: inurl:"/wp-content/plugins/wp-jobhunt/"
     shodan-query: 'vuln:CVE-2018-19488'
-  tags: cve,wordpress,wp-plugin,jobcareer,high
+  tags: cve,wordpress,wp-plugin,wp-jobhunt,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/jobcareer/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-jobhunt/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "jobcareer"
+          - "wp-jobhunt"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 2.4.1')
\ No newline at end of file
+          - compare_versions(version, '< 2.4')
\ No newline at end of file
diff --git a/nuclei-templates/2018/CVE-2018-19564-139542bed79cb071600ed5c3c1e9d45c.yaml b/nuclei-templates/2018/CVE-2018-19564-139542bed79cb071600ed5c3c1e9d45c.yaml
index 9b184344f5..219d6e8768 100644
--- a/nuclei-templates/2018/CVE-2018-19564-139542bed79cb071600ed5c3c1e9d45c.yaml
+++ b/nuclei-templates/2018/CVE-2018-19564-139542bed79cb071600ed5c3c1e9d45c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Testimonials <= 3.5.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Stored XSS was discovered in the Easy Testimonials plugin 3.5.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-testimonials/"
     google-query: inurl:"/wp-content/plugins/easy-testimonials/"
     shodan-query: 'vuln:CVE-2018-19564'
-  tags: cve,wordpress,wp-plugin,easy-testimonials,medium
+  tags: cve,wordpress,wp-plugin,easy-testimonials,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-19796-561eff22a0971cf174004fe156be75cb.yaml b/nuclei-templates/2018/CVE-2018-19796-561eff22a0971cf174004fe156be75cb.yaml
index 2accd63b2e..c554c66af0 100644
--- a/nuclei-templates/2018/CVE-2018-19796-561eff22a0971cf174004fe156be75cb.yaml
+++ b/nuclei-templates/2018/CVE-2018-19796-561eff22a0971cf174004fe156be75cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 3.3.19 - Authenticated Open Redirect
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2018-19796'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20101-99e4e1e27563f717d9f8c278b33423ac.yaml b/nuclei-templates/2018/CVE-2018-20101-99e4e1e27563f717d9f8c278b33423ac.yaml
index 5cd5e983c8..bd27a1ef7b 100644
--- a/nuclei-templates/2018/CVE-2018-20101-99e4e1e27563f717d9f8c278b33423ac.yaml
+++ b/nuclei-templates/2018/CVE-2018-20101-99e4e1e27563f717d9f8c278b33423ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import users from CSV with meta <= 1.12 - Import Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2018-20101'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20149-da357866cfc2e11d1d8ab076887b6560.yaml b/nuclei-templates/2018/CVE-2018-20149-da357866cfc2e11d1d8ab076887b6560.yaml
index faf558a52d..6e4ecec5f2 100644
--- a/nuclei-templates/2018/CVE-2018-20149-da357866cfc2e11d1d8ab076887b6560.yaml
+++ b/nuclei-templates/2018/CVE-2018-20149-da357866cfc2e11d1d8ab076887b6560.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.0.1 - Stored Cross-Site Scripting via File Uploads
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2018-20149
   metadata:
     shodan-query: 'vuln:CVE-2018-20149'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20152-b56f368057104a536902fcd79d840f4c.yaml b/nuclei-templates/2018/CVE-2018-20152-b56f368057104a536902fcd79d840f4c.yaml
index 5ae7f55db5..fb8ee5cfd1 100644
--- a/nuclei-templates/2018/CVE-2018-20152-b56f368057104a536902fcd79d840f4c.yaml
+++ b/nuclei-templates/2018/CVE-2018-20152-b56f368057104a536902fcd79d840f4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.0.1 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2018-20152
   metadata:
     shodan-query: 'vuln:CVE-2018-20152'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20153-5a29aa05e41b6793e5d21a4fcf5c84c5.yaml b/nuclei-templates/2018/CVE-2018-20153-5a29aa05e41b6793e5d21a4fcf5c84c5.yaml
index c231c49144..100d343630 100644
--- a/nuclei-templates/2018/CVE-2018-20153-5a29aa05e41b6793e5d21a4fcf5c84c5.yaml
+++ b/nuclei-templates/2018/CVE-2018-20153-5a29aa05e41b6793e5d21a4fcf5c84c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.0.1 - Authenticated Stored Cross-Site Scripting via Comments
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2018-20153
   metadata:
     shodan-query: 'vuln:CVE-2018-20153'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20154-27c270156b5cf78eb4bb31035b7f5db8.yaml b/nuclei-templates/2018/CVE-2018-20154-27c270156b5cf78eb4bb31035b7f5db8.yaml
index 9bed508691..8361fd3d81 100644
--- a/nuclei-templates/2018/CVE-2018-20154-27c270156b5cf78eb4bb31035b7f5db8.yaml
+++ b/nuclei-templates/2018/CVE-2018-20154-27c270156b5cf78eb4bb31035b7f5db8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Maintenance Mode <= 2.0.6 - Authenticated Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/"
     shodan-query: 'vuln:CVE-2018-20154'
-  tags: cve,wordpress,wp-plugin,wp-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,wp-maintenance-mode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20155-a8309537878561527873c9aaba1b29f6.yaml b/nuclei-templates/2018/CVE-2018-20155-a8309537878561527873c9aaba1b29f6.yaml
index 87221c8127..b264158c00 100644
--- a/nuclei-templates/2018/CVE-2018-20155-a8309537878561527873c9aaba1b29f6.yaml
+++ b/nuclei-templates/2018/CVE-2018-20155-a8309537878561527873c9aaba1b29f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Maintenance Mode <= 2.0.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/"
     shodan-query: 'vuln:CVE-2018-20155'
-  tags: cve,wordpress,wp-plugin,wp-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,wp-maintenance-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20231-f066ce4a5d628014aa8c478503783258.yaml b/nuclei-templates/2018/CVE-2018-20231-f066ce4a5d628014aa8c478503783258.yaml
index c9aa6a4e8e..e905fc8ecf 100644
--- a/nuclei-templates/2018/CVE-2018-20231-f066ce4a5d628014aa8c478503783258.yaml
+++ b/nuclei-templates/2018/CVE-2018-20231-f066ce4a5d628014aa8c478503783258.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Two Factor Authentication <= 1.3.12 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/two-factor-authentication/"
     google-query: inurl:"/wp-content/plugins/two-factor-authentication/"
     shodan-query: 'vuln:CVE-2018-20231'
-  tags: cve,wordpress,wp-plugin,two-factor-authentication,high
+  tags: cve,wordpress,wp-plugin,two-factor-authentication,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20368-1f1264fb01a80102a1939e77505f347e.yaml b/nuclei-templates/2018/CVE-2018-20368-1f1264fb01a80102a1939e77505f347e.yaml
index 3404320e7e..6630e4e0c3 100644
--- a/nuclei-templates/2018/CVE-2018-20368-1f1264fb01a80102a1939e77505f347e.yaml
+++ b/nuclei-templates/2018/CVE-2018-20368-1f1264fb01a80102a1939e77505f347e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Master Slider plugin for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-slider/"
     google-query: inurl:"/wp-content/plugins/master-slider/"
     shodan-query: 'vuln:CVE-2018-20368'
-  tags: cve,wordpress,wp-plugin,master-slider,medium
+  tags: cve,wordpress,wp-plugin,master-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20462-0c697c5c96080eeecc8327290c3e4bbc.yaml b/nuclei-templates/2018/CVE-2018-20462-0c697c5c96080eeecc8327290c3e4bbc.yaml
index a1ca425d20..72ab35ddeb 100644
--- a/nuclei-templates/2018/CVE-2018-20462-0c697c5c96080eeecc8327290c3e4bbc.yaml
+++ b/nuclei-templates/2018/CVE-2018-20462-0c697c5c96080eeecc8327290c3e4bbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JSmol2WP <= 1.07 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jsmol2wp/"
     google-query: inurl:"/wp-content/plugins/jsmol2wp/"
     shodan-query: 'vuln:CVE-2018-20462'
-  tags: cve,wordpress,wp-plugin,jsmol2wp,medium
+  tags: cve,wordpress,wp-plugin,jsmol2wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20838-8f9fba5d47d60ee8f1aec9a71b4f7e8a.yaml b/nuclei-templates/2018/CVE-2018-20838-8f9fba5d47d60ee8f1aec9a71b4f7e8a.yaml
index de6a8057ae..7ba9e2cd0d 100644
--- a/nuclei-templates/2018/CVE-2018-20838-8f9fba5d47d60ee8f1aec9a71b4f7e8a.yaml
+++ b/nuclei-templates/2018/CVE-2018-20838-8f9fba5d47d60ee8f1aec9a71b4f7e8a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AMP for WP <= 0.9.97.20 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accelerated-mobile-pages/"
     google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/"
     shodan-query: 'vuln:CVE-2018-20838'
-  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,medium
+  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20963-2c888a383975451b85f071f96c07a849.yaml b/nuclei-templates/2018/CVE-2018-20963-2c888a383975451b85f071f96c07a849.yaml
index 612edf40c0..26c63c7148 100644
--- a/nuclei-templates/2018/CVE-2018-20963-2c888a383975451b85f071f96c07a849.yaml
+++ b/nuclei-templates/2018/CVE-2018-20963-2c888a383975451b85f071f96c07a849.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Email <= 1.2.65 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-email/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-email/"
     shodan-query: 'vuln:CVE-2018-20963'
-  tags: cve,wordpress,wp-plugin,contact-form-to-email,medium
+  tags: cve,wordpress,wp-plugin,contact-form-to-email,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20964-523f9782716d9d1f6a85039ec487ef5a.yaml b/nuclei-templates/2018/CVE-2018-20964-523f9782716d9d1f6a85039ec487ef5a.yaml
index cc1937dc02..ffb1fd8571 100644
--- a/nuclei-templates/2018/CVE-2018-20964-523f9782716d9d1f6a85039ec487ef5a.yaml
+++ b/nuclei-templates/2018/CVE-2018-20964-523f9782716d9d1f6a85039ec487ef5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Email <= 1.2.65 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-email/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-email/"
     shodan-query: 'vuln:CVE-2018-20964'
-  tags: cve,wordpress,wp-plugin,contact-form-to-email,high
+  tags: cve,wordpress,wp-plugin,contact-form-to-email,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20966-ae7ec62fe186e1a7a30df795c82f42a1.yaml b/nuclei-templates/2018/CVE-2018-20966-ae7ec62fe186e1a7a30df795c82f42a1.yaml
index 29777fdbe8..5027f77f29 100644
--- a/nuclei-templates/2018/CVE-2018-20966-ae7ec62fe186e1a7a30df795c82f42a1.yaml
+++ b/nuclei-templates/2018/CVE-2018-20966-ae7ec62fe186e1a7a30df795c82f42a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 3.7.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2018-20966'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20967-c7addb8e32d754a1c27b6eb5611849e7.yaml b/nuclei-templates/2018/CVE-2018-20967-c7addb8e32d754a1c27b6eb5611849e7.yaml
index bc3cb70b51..549fa0496c 100644
--- a/nuclei-templates/2018/CVE-2018-20967-c7addb8e32d754a1c27b6eb5611849e7.yaml
+++ b/nuclei-templates/2018/CVE-2018-20967-c7addb8e32d754a1c27b6eb5611849e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Drag And drop All Import : WP Ultimate CSV Importer <= 5.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/"
     shodan-query: 'vuln:CVE-2018-20967'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high
+  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20968-e989541539b3897cd4ab2d9eb3394079.yaml b/nuclei-templates/2018/CVE-2018-20968-e989541539b3897cd4ab2d9eb3394079.yaml
index 8318c5fb05..a549e0f491 100644
--- a/nuclei-templates/2018/CVE-2018-20968-e989541539b3897cd4ab2d9eb3394079.yaml
+++ b/nuclei-templates/2018/CVE-2018-20968-e989541539b3897cd4ab2d9eb3394079.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export WordPress Data with Advanced Filters <= 1.4.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Export WordPress Data with Advanced Filters plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the export_module() function. This makes it possible for unauthenticated attackers to export module data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-exporter/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-exporter/"
     shodan-query: 'vuln:CVE-2018-20968'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-exporter,high
+  tags: cve,wordpress,wp-plugin,wp-ultimate-exporter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20971-c1356627585be8298fc5154daa83bb1f.yaml b/nuclei-templates/2018/CVE-2018-20971-c1356627585be8298fc5154daa83bb1f.yaml
index 9f7f22d94d..ce02780c35 100644
--- a/nuclei-templates/2018/CVE-2018-20971-c1356627585be8298fc5154daa83bb1f.yaml
+++ b/nuclei-templates/2018/CVE-2018-20971-c1356627585be8298fc5154daa83bb1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Church Admin < 1.2550 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/church-admin/"
     google-query: inurl:"/wp-content/plugins/church-admin/"
     shodan-query: 'vuln:CVE-2018-20971'
-  tags: cve,wordpress,wp-plugin,church-admin,high
+  tags: cve,wordpress,wp-plugin,church-admin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20972-df1246639b8669a251f2bf76a6725ade.yaml b/nuclei-templates/2018/CVE-2018-20972-df1246639b8669a251f2bf76a6725ade.yaml
index ac20061b09..1b17e3da35 100644
--- a/nuclei-templates/2018/CVE-2018-20972-df1246639b8669a251f2bf76a6725ade.yaml
+++ b/nuclei-templates/2018/CVE-2018-20972-df1246639b8669a251f2bf76a6725ade.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Companion Auto Update <= 3.2.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Companion Auto Update plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the cau_frontend function. This makes it possible for unauthenticated attackers to include local files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/companion-auto-update/"
     google-query: inurl:"/wp-content/plugins/companion-auto-update/"
     shodan-query: 'vuln:CVE-2018-20972'
-  tags: cve,wordpress,wp-plugin,companion-auto-update,high
+  tags: cve,wordpress,wp-plugin,companion-auto-update,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20974-e2ad97f33f7abd91ea501d6e3cf80275.yaml b/nuclei-templates/2018/CVE-2018-20974-e2ad97f33f7abd91ea501d6e3cf80275.yaml
index 9335a7beee..d25f33004b 100644
--- a/nuclei-templates/2018/CVE-2018-20974-e2ad97f33f7abd91ea501d6e3cf80275.yaml
+++ b/nuclei-templates/2018/CVE-2018-20974-e2ad97f33f7abd91ea501d6e3cf80275.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Job Manager <= 1.0.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The JS Job Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-jobs/"
     google-query: inurl:"/wp-content/plugins/js-jobs/"
     shodan-query: 'vuln:CVE-2018-20974'
-  tags: cve,wordpress,wp-plugin,js-jobs,high
+  tags: cve,wordpress,wp-plugin,js-jobs,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20977-4e93731af3497ed66d721b94ba1ecb7d.yaml b/nuclei-templates/2018/CVE-2018-20977-4e93731af3497ed66d721b94ba1ecb7d.yaml
index 92ea50901e..3bfa1c5c5d 100644
--- a/nuclei-templates/2018/CVE-2018-20977-4e93731af3497ed66d721b94ba1ecb7d.yaml
+++ b/nuclei-templates/2018/CVE-2018-20977-4e93731af3497ed66d721b94ba1ecb7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schema - All In One Schema Rich Snippets <= 1.4.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-schemaorg-rich-snippets/"
     google-query: inurl:"/wp-content/plugins/all-in-one-schemaorg-rich-snippets/"
     shodan-query: 'vuln:CVE-2018-20977'
-  tags: cve,wordpress,wp-plugin,all-in-one-schemaorg-rich-snippets,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-schemaorg-rich-snippets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20978-c459c6390d6920d9836ff6f1ec3a05e1.yaml b/nuclei-templates/2018/CVE-2018-20978-c459c6390d6920d9836ff6f1ec3a05e1.yaml
index 9254359055..4023729889 100644
--- a/nuclei-templates/2018/CVE-2018-20978-c459c6390d6920d9836ff6f1ec3a05e1.yaml
+++ b/nuclei-templates/2018/CVE-2018-20978-c459c6390d6920d9836ff6f1ec3a05e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import any XML or CSV File to WordPress <= 3.4.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-all-import plugin before 3.4.7 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2018-20978'
-  tags: cve,wordpress,wp-plugin,wp-all-import,medium
+  tags: cve,wordpress,wp-plugin,wp-all-import,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20979-6e59234554b04ec8d40e5e3ef21541b6.yaml b/nuclei-templates/2018/CVE-2018-20979-6e59234554b04ec8d40e5e3ef21541b6.yaml
index a428981f9b..796e4f18f6 100644
--- a/nuclei-templates/2018/CVE-2018-20979-6e59234554b04ec8d40e5e3ef21541b6.yaml
+++ b/nuclei-templates/2018/CVE-2018-20979-6e59234554b04ec8d40e5e3ef21541b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form 7 <= 5.0.3 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form 7 plugin for WordPress is vulnerable to authorization bypass due to capability_type mishandling in register_post_type in versions up to, and including, 5.0.3. This makes it possible for authenticated attackers with contributor level privileges and above to modify contact forms and potential supply paths to sensitive files that make sensitive information disclosure possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7/"
     google-query: inurl:"/wp-content/plugins/contact-form-7/"
     shodan-query: 'vuln:CVE-2018-20979'
-  tags: cve,wordpress,wp-plugin,contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20982-315158d01f8d35cf2208dddc8f7964b3.yaml b/nuclei-templates/2018/CVE-2018-20982-315158d01f8d35cf2208dddc8f7964b3.yaml
index a052380cab..6485631656 100644
--- a/nuclei-templates/2018/CVE-2018-20982-315158d01f8d35cf2208dddc8f7964b3.yaml
+++ b/nuclei-templates/2018/CVE-2018-20982-315158d01f8d35cf2208dddc8f7964b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Assistant <= 2.73 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-assistant/"
     google-query: inurl:"/wp-content/plugins/media-library-assistant/"
     shodan-query: 'vuln:CVE-2018-20982'
-  tags: cve,wordpress,wp-plugin,media-library-assistant,medium
+  tags: cve,wordpress,wp-plugin,media-library-assistant,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20983-6bed45cc7ffa2c1423965f9f86a13b79.yaml b/nuclei-templates/2018/CVE-2018-20983-6bed45cc7ffa2c1423965f9f86a13b79.yaml
index 2ce5e88fbe..68d3ee9d0e 100644
--- a/nuclei-templates/2018/CVE-2018-20983-6bed45cc7ffa2c1423965f9f86a13b79.yaml
+++ b/nuclei-templates/2018/CVE-2018-20983-6bed45cc7ffa2c1423965f9f86a13b79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Perfect Images <= 5.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-retina-2x plugin before 5.2.3 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-retina-2x/"
     google-query: inurl:"/wp-content/plugins/wp-retina-2x/"
     shodan-query: 'vuln:CVE-2018-20983'
-  tags: cve,wordpress,wp-plugin,wp-retina-2x,medium
+  tags: cve,wordpress,wp-plugin,wp-retina-2x,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20986-a56a7a539382d6f88ae2afe6cc65c72c.yaml b/nuclei-templates/2018/CVE-2018-20986-a56a7a539382d6f88ae2afe6cc65c72c.yaml
index 3a12475813..9e278ac111 100644
--- a/nuclei-templates/2018/CVE-2018-20986-a56a7a539382d6f88ae2afe6cc65c72c.yaml
+++ b/nuclei-templates/2018/CVE-2018-20986-a56a7a539382d6f88ae2afe6cc65c72c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields <= 5.7.7 - Author+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-custom-fields/"
     google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
     shodan-query: 'vuln:CVE-2018-20986'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-20988-82c5164bc77f066c7a8d33b886720225.yaml b/nuclei-templates/2018/CVE-2018-20988-82c5164bc77f066c7a8d33b886720225.yaml
index c619fcab67..6f94a5c32b 100644
--- a/nuclei-templates/2018/CVE-2018-20988-82c5164bc77f066c7a8d33b886720225.yaml
+++ b/nuclei-templates/2018/CVE-2018-20988-82c5164bc77f066c7a8d33b886720225.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Forms <= 0.93 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpgform/"
     google-query: inurl:"/wp-content/plugins/wpgform/"
     shodan-query: 'vuln:CVE-2018-20988'
-  tags: cve,wordpress,wp-plugin,wpgform,high
+  tags: cve,wordpress,wp-plugin,wpgform,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-21001-ee36904a88935929b3b15a0e036819ac.yaml b/nuclei-templates/2018/CVE-2018-21001-ee36904a88935929b3b15a0e036819ac.yaml
index e0cc55afe5..3e91b2a9a2 100644
--- a/nuclei-templates/2018/CVE-2018-21001-ee36904a88935929b3b15a0e036819ac.yaml
+++ b/nuclei-templates/2018/CVE-2018-21001-ee36904a88935929b3b15a0e036819ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AnyComment <= 0.0.32 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AnyComment plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.0.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anycomment/"
     google-query: inurl:"/wp-content/plugins/anycomment/"
     shodan-query: 'vuln:CVE-2018-21001'
-  tags: cve,wordpress,wp-plugin,anycomment,medium
+  tags: cve,wordpress,wp-plugin,anycomment,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-21002-8bc92a63825b5e282b7e5f164f2d0274.yaml b/nuclei-templates/2018/CVE-2018-21002-8bc92a63825b5e282b7e5f164f2d0274.yaml
index c50cefe3dc..669fd9cb28 100644
--- a/nuclei-templates/2018/CVE-2018-21002-8bc92a63825b5e282b7e5f164f2d0274.yaml
+++ b/nuclei-templates/2018/CVE-2018-21002-8bc92a63825b5e282b7e5f164f2d0274.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Help Desk – Best Help Desk & Support Plugin <= 2.0.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The JS Help Desk plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to gain otherwise unauthorized access to administrative privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-support-ticket/"
     google-query: inurl:"/wp-content/plugins/js-support-ticket/"
     shodan-query: 'vuln:CVE-2018-21002'
-  tags: cve,wordpress,wp-plugin,js-support-ticket,high
+  tags: cve,wordpress,wp-plugin,js-support-ticket,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-21006-7d2d77fb555165867755ecf651af34c0.yaml b/nuclei-templates/2018/CVE-2018-21006-7d2d77fb555165867755ecf651af34c0.yaml
index 9dcf661a63..55cb3ffcce 100644
--- a/nuclei-templates/2018/CVE-2018-21006-7d2d77fb555165867755ecf651af34c0.yaml
+++ b/nuclei-templates/2018/CVE-2018-21006-7d2d77fb555165867755ecf651af34c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     bbPress Move Topics <= 1.1.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The bbp-move-topics plugin before 1.1.5 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbp-move-topics/"
     google-query: inurl:"/wp-content/plugins/bbp-move-topics/"
     shodan-query: 'vuln:CVE-2018-21006'
-  tags: cve,wordpress,wp-plugin,bbp-move-topics,high
+  tags: cve,wordpress,wp-plugin,bbp-move-topics,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-21012-aed7ae7e4d2ac15e64bf03771c3aeb20.yaml b/nuclei-templates/2018/CVE-2018-21012-aed7ae7e4d2ac15e64bf03771c3aeb20.yaml
index 4d953d59fb..b62f9d417d 100644
--- a/nuclei-templates/2018/CVE-2018-21012-aed7ae7e4d2ac15e64bf03771c3aeb20.yaml
+++ b/nuclei-templates/2018/CVE-2018-21012-aed7ae7e4d2ac15e64bf03771c3aeb20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CF7 Invisible reCAPTCHA < 1.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CF7 Invisible reCAPTCHA plugin before 1.3.2 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-invisible-recaptcha/"
     google-query: inurl:"/wp-content/plugins/cf7-invisible-recaptcha/"
     shodan-query: 'vuln:CVE-2018-21012'
-  tags: cve,wordpress,wp-plugin,cf7-invisible-recaptcha,medium
+  tags: cve,wordpress,wp-plugin,cf7-invisible-recaptcha,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-21013-7ec2393a2db75328cb78362c45e273f6.yaml b/nuclei-templates/2018/CVE-2018-21013-7ec2393a2db75328cb78362c45e273f6.yaml
index f078b9492e..ab7bc21b7b 100644
--- a/nuclei-templates/2018/CVE-2018-21013-7ec2393a2db75328cb78362c45e273f6.yaml
+++ b/nuclei-templates/2018/CVE-2018-21013-7ec2393a2db75328cb78362c45e273f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Swape - App Showcase & App Store WordPress Theme < 1.2.1 - Missing Authorization to Arbitrary Options Update
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The "Swape - App Showcase & App Store WordPress Theme" theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'call_upper_load_settings' AJAX action in versions up to 1.2.1. This makes it possible for unauthenticated attackers to modify arbitrary site options which can be used to create new administrative user accounts and achieve privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/swape/"
     google-query: inurl:"/wp-content/themes/swape/"
     shodan-query: 'vuln:CVE-2018-21013'
-  tags: cve,wordpress,wp-theme,swape,critical
+  tags: cve,wordpress,wp-theme,swape,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-21014-1cf8853774794c9a185058bff3041a9d.yaml b/nuclei-templates/2018/CVE-2018-21014-1cf8853774794c9a185058bff3041a9d.yaml
index 58e462b2b7..7352a8ae02 100644
--- a/nuclei-templates/2018/CVE-2018-21014-1cf8853774794c9a185058bff3041a9d.yaml
+++ b/nuclei-templates/2018/CVE-2018-21014-1cf8853774794c9a185058bff3041a9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyBoss Media <= 3.2.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BuddyBoss Media plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the album description input field in versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyboss-media/"
     google-query: inurl:"/wp-content/plugins/buddyboss-media/"
     shodan-query: 'vuln:CVE-2018-21014'
-  tags: cve,wordpress,wp-plugin,buddyboss-media,medium
+  tags: cve,wordpress,wp-plugin,buddyboss-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5212-49034c31f1dba0715c18246f4dd38cde.yaml b/nuclei-templates/2018/CVE-2018-5212-49034c31f1dba0715c18246f4dd38cde.yaml
index 40c723df39..27571aedd8 100644
--- a/nuclei-templates/2018/CVE-2018-5212-49034c31f1dba0715c18246f4dd38cde.yaml
+++ b/nuclei-templates/2018/CVE-2018-5212-49034c31f1dba0715c18246f4dd38cde.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Download Monitor < 3.5.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-download-monitor/"
     google-query: inurl:"/wp-content/plugins/simple-download-monitor/"
     shodan-query: 'vuln:CVE-2018-5212'
-  tags: cve,wordpress,wp-plugin,simple-download-monitor,medium
+  tags: cve,wordpress,wp-plugin,simple-download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5213-d77dd6f710585ae9ffaedbfddc152d76.yaml b/nuclei-templates/2018/CVE-2018-5213-d77dd6f710585ae9ffaedbfddc152d76.yaml
index bb77a96dbd..03b181b1b9 100644
--- a/nuclei-templates/2018/CVE-2018-5213-d77dd6f710585ae9ffaedbfddc152d76.yaml
+++ b/nuclei-templates/2018/CVE-2018-5213-d77dd6f710585ae9ffaedbfddc152d76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Download Monitor < 3.5.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-download-monitor/"
     google-query: inurl:"/wp-content/plugins/simple-download-monitor/"
     shodan-query: 'vuln:CVE-2018-5213'
-  tags: cve,wordpress,wp-plugin,simple-download-monitor,medium
+  tags: cve,wordpress,wp-plugin,simple-download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5214-3bc3a29ed4f22f4e728217981dd51f12.yaml b/nuclei-templates/2018/CVE-2018-5214-3bc3a29ed4f22f4e728217981dd51f12.yaml
index 3045987bfb..fa6e18865d 100644
--- a/nuclei-templates/2018/CVE-2018-5214-3bc3a29ed4f22f4e728217981dd51f12.yaml
+++ b/nuclei-templates/2018/CVE-2018-5214-3bc3a29ed4f22f4e728217981dd51f12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Link to Facebook <= 2.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Add Link to Facebook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘al2fb_facebook_id’ parameter in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-link-to-facebook/"
     google-query: inurl:"/wp-content/plugins/add-link-to-facebook/"
     shodan-query: 'vuln:CVE-2018-5214'
-  tags: cve,wordpress,wp-plugin,add-link-to-facebook,medium
+  tags: cve,wordpress,wp-plugin,add-link-to-facebook,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5284-eaace189d52939bb1c67d181a1aa5e03.yaml b/nuclei-templates/2018/CVE-2018-5284-eaace189d52939bb1c67d181a1aa5e03.yaml
index efadbdfcef..ae2ce7c973 100644
--- a/nuclei-templates/2018/CVE-2018-5284-eaace189d52939bb1c67d181a1aa5e03.yaml
+++ b/nuclei-templates/2018/CVE-2018-5284-eaace189d52939bb1c67d181a1aa5e03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageInject <= 1.15 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-inject/"
     google-query: inurl:"/wp-content/plugins/wp-inject/"
     shodan-query: 'vuln:CVE-2018-5284'
-  tags: cve,wordpress,wp-plugin,wp-inject,medium
+  tags: cve,wordpress,wp-plugin,wp-inject,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5285-807cd0a33bfd97782e746e860be1d566.yaml b/nuclei-templates/2018/CVE-2018-5285-807cd0a33bfd97782e746e860be1d566.yaml
index 39d48eb218..151d9f1c54 100644
--- a/nuclei-templates/2018/CVE-2018-5285-807cd0a33bfd97782e746e860be1d566.yaml
+++ b/nuclei-templates/2018/CVE-2018-5285-807cd0a33bfd97782e746e860be1d566.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageInject <= 1.15 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-inject/"
     google-query: inurl:"/wp-content/plugins/wp-inject/"
     shodan-query: 'vuln:CVE-2018-5285'
-  tags: cve,wordpress,wp-plugin,wp-inject,high
+  tags: cve,wordpress,wp-plugin,wp-inject,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5286-363e85a87b5e31a1dda22e9466545bd8.yaml b/nuclei-templates/2018/CVE-2018-5286-363e85a87b5e31a1dda22e9466545bd8.yaml
index b0453f3f9a..e702ecb104 100644
--- a/nuclei-templates/2018/CVE-2018-5286-363e85a87b5e31a1dda22e9466545bd8.yaml
+++ b/nuclei-templates/2018/CVE-2018-5286-363e85a87b5e31a1dda22e9466545bd8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Rating System <= 2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-rating-system/"
     google-query: inurl:"/wp-content/plugins/gd-rating-system/"
     shodan-query: 'vuln:CVE-2018-5286'
-  tags: cve,wordpress,wp-plugin,gd-rating-system,medium
+  tags: cve,wordpress,wp-plugin,gd-rating-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5288-79116f6e6f3436dd311270ae51db9449.yaml b/nuclei-templates/2018/CVE-2018-5288-79116f6e6f3436dd311270ae51db9449.yaml
index 838733a154..2e75945ac9 100644
--- a/nuclei-templates/2018/CVE-2018-5288-79116f6e6f3436dd311270ae51db9449.yaml
+++ b/nuclei-templates/2018/CVE-2018-5288-79116f6e6f3436dd311270ae51db9449.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Rating System <= 2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-rating-system/"
     google-query: inurl:"/wp-content/plugins/gd-rating-system/"
     shodan-query: 'vuln:CVE-2018-5288'
-  tags: cve,wordpress,wp-plugin,gd-rating-system,medium
+  tags: cve,wordpress,wp-plugin,gd-rating-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5292-034ab84e882013699ca86030c39bb7c1.yaml b/nuclei-templates/2018/CVE-2018-5292-034ab84e882013699ca86030c39bb7c1.yaml
index 2a4e4209de..5b73306f89 100644
--- a/nuclei-templates/2018/CVE-2018-5292-034ab84e882013699ca86030c39bb7c1.yaml
+++ b/nuclei-templates/2018/CVE-2018-5292-034ab84e882013699ca86030c39bb7c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Rating System <= 2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-rating-system/"
     google-query: inurl:"/wp-content/plugins/gd-rating-system/"
     shodan-query: 'vuln:CVE-2018-5292'
-  tags: cve,wordpress,wp-plugin,gd-rating-system,medium
+  tags: cve,wordpress,wp-plugin,gd-rating-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5293-567c0bab82561630aea9403749f896f8.yaml b/nuclei-templates/2018/CVE-2018-5293-567c0bab82561630aea9403749f896f8.yaml
index ddffaf9afb..ee2355f7b3 100644
--- a/nuclei-templates/2018/CVE-2018-5293-567c0bab82561630aea9403749f896f8.yaml
+++ b/nuclei-templates/2018/CVE-2018-5293-567c0bab82561630aea9403749f896f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Rating System <= 2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-rating-system/"
     google-query: inurl:"/wp-content/plugins/gd-rating-system/"
     shodan-query: 'vuln:CVE-2018-5293'
-  tags: cve,wordpress,wp-plugin,gd-rating-system,medium
+  tags: cve,wordpress,wp-plugin,gd-rating-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5311-0574327d2925f2e5b1baa6cdafa54603.yaml b/nuclei-templates/2018/CVE-2018-5311-0574327d2925f2e5b1baa6cdafa54603.yaml
index 1af06d9665..37afba00d2 100644
--- a/nuclei-templates/2018/CVE-2018-5311-0574327d2925f2e5b1baa6cdafa54603.yaml
+++ b/nuclei-templates/2018/CVE-2018-5311-0574327d2925f2e5b1baa6cdafa54603.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Custom Auto Excerpt < 2.4.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-custom-auto-excerpt/"
     google-query: inurl:"/wp-content/plugins/easy-custom-auto-excerpt/"
     shodan-query: 'vuln:CVE-2018-5311'
-  tags: cve,wordpress,wp-plugin,easy-custom-auto-excerpt,medium
+  tags: cve,wordpress,wp-plugin,easy-custom-auto-excerpt,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5312-92b868ab957b2d6b33921f7b3f3c0643.yaml b/nuclei-templates/2018/CVE-2018-5312-92b868ab957b2d6b33921f7b3f3c0643.yaml
index f88c44cfa8..aad9cf7daf 100644
--- a/nuclei-templates/2018/CVE-2018-5312-92b868ab957b2d6b33921f7b3f3c0643.yaml
+++ b/nuclei-templates/2018/CVE-2018-5312-92b868ab957b2d6b33921f7b3f3c0643.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Tabs – Responsive Tabs Plugin for WordPress <= 1.8.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Responsive Tabs Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-expand-tabs-free/"
     google-query: inurl:"/wp-content/plugins/wp-expand-tabs-free/"
     shodan-query: 'vuln:CVE-2018-5312'
-  tags: cve,wordpress,wp-plugin,wp-expand-tabs-free,medium
+  tags: cve,wordpress,wp-plugin,wp-expand-tabs-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5316-436125bac0484b579189e9f21786e904.yaml b/nuclei-templates/2018/CVE-2018-5316-436125bac0484b579189e9f21786e904.yaml
index 065b6e179c..b4d6708412 100644
--- a/nuclei-templates/2018/CVE-2018-5316-436125bac0484b579189e9f21786e904.yaml
+++ b/nuclei-templates/2018/CVE-2018-5316-436125bac0484b579189e9f21786e904.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SagePay Server Gateway for WooCommerce < 1.0.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sagepay-server-gateway-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/sagepay-server-gateway-for-woocommerce/"
     shodan-query: 'vuln:CVE-2018-5316'
-  tags: cve,wordpress,wp-plugin,sagepay-server-gateway-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,sagepay-server-gateway-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5361-e95762dedf29574050fd40fac42c78ac.yaml b/nuclei-templates/2018/CVE-2018-5361-e95762dedf29574050fd40fac42c78ac.yaml
index b6c7a4b3de..9f5e4ce85c 100644
--- a/nuclei-templates/2018/CVE-2018-5361-e95762dedf29574050fd40fac42c78ac.yaml
+++ b/nuclei-templates/2018/CVE-2018-5361-e95762dedf29574050fd40fac42c78ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpglobus/"
     google-query: inurl:"/wp-content/plugins/wpglobus/"
     shodan-query: 'vuln:CVE-2018-5361'
-  tags: cve,wordpress,wp-plugin,wpglobus,high
+  tags: cve,wordpress,wp-plugin,wpglobus,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5362-3ba8578c9b517b602d4e446e82ee6f17.yaml b/nuclei-templates/2018/CVE-2018-5362-3ba8578c9b517b602d4e446e82ee6f17.yaml
index e3b46a835a..500c1dfa66 100644
--- a/nuclei-templates/2018/CVE-2018-5362-3ba8578c9b517b602d4e446e82ee6f17.yaml
+++ b/nuclei-templates/2018/CVE-2018-5362-3ba8578c9b517b602d4e446e82ee6f17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[post_type][page]
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpglobus/"
     google-query: inurl:"/wp-content/plugins/wpglobus/"
     shodan-query: 'vuln:CVE-2018-5362'
-  tags: cve,wordpress,wp-plugin,wpglobus,medium
+  tags: cve,wordpress,wp-plugin,wpglobus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5363-485a36eabec5f4b9943990f0033b308d.yaml b/nuclei-templates/2018/CVE-2018-5363-485a36eabec5f4b9943990f0033b308d.yaml
index 8f1a6a2532..47c9affa27 100644
--- a/nuclei-templates/2018/CVE-2018-5363-485a36eabec5f4b9943990f0033b308d.yaml
+++ b/nuclei-templates/2018/CVE-2018-5363-485a36eabec5f4b9943990f0033b308d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[enabled_languages]
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpglobus/"
     google-query: inurl:"/wp-content/plugins/wpglobus/"
     shodan-query: 'vuln:CVE-2018-5363'
-  tags: cve,wordpress,wp-plugin,wpglobus,medium
+  tags: cve,wordpress,wp-plugin,wpglobus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5364-ddb8a7f2865d6d7dbea16193f41bd919.yaml b/nuclei-templates/2018/CVE-2018-5364-ddb8a7f2865d6d7dbea16193f41bd919.yaml
index e39953011c..5ed64571de 100644
--- a/nuclei-templates/2018/CVE-2018-5364-ddb8a7f2865d6d7dbea16193f41bd919.yaml
+++ b/nuclei-templates/2018/CVE-2018-5364-ddb8a7f2865d6d7dbea16193f41bd919.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[browser_redirect][redirect_by_language]
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpglobus/"
     google-query: inurl:"/wp-content/plugins/wpglobus/"
     shodan-query: 'vuln:CVE-2018-5364'
-  tags: cve,wordpress,wp-plugin,wpglobus,medium
+  tags: cve,wordpress,wp-plugin,wpglobus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5366-c384382f7d3c6321e1b275243f5d2c28.yaml b/nuclei-templates/2018/CVE-2018-5366-c384382f7d3c6321e1b275243f5d2c28.yaml
index 8d4ec69c63..35e8380c5f 100644
--- a/nuclei-templates/2018/CVE-2018-5366-c384382f7d3c6321e1b275243f5d2c28.yaml
+++ b/nuclei-templates/2018/CVE-2018-5366-c384382f7d3c6321e1b275243f5d2c28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[more_languages]
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpglobus/"
     google-query: inurl:"/wp-content/plugins/wpglobus/"
     shodan-query: 'vuln:CVE-2018-5366'
-  tags: cve,wordpress,wp-plugin,wpglobus,medium
+  tags: cve,wordpress,wp-plugin,wpglobus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5367-f4fb22207f3c1928cb95d88c1e1f82b7.yaml b/nuclei-templates/2018/CVE-2018-5367-f4fb22207f3c1928cb95d88c1e1f82b7.yaml
index 5ea3a678ce..5ce4700681 100644
--- a/nuclei-templates/2018/CVE-2018-5367-f4fb22207f3c1928cb95d88c1e1f82b7.yaml
+++ b/nuclei-templates/2018/CVE-2018-5367-f4fb22207f3c1928cb95d88c1e1f82b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[post_type][post]
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpglobus/"
     google-query: inurl:"/wp-content/plugins/wpglobus/"
     shodan-query: 'vuln:CVE-2018-5367'
-  tags: cve,wordpress,wp-plugin,wpglobus,medium
+  tags: cve,wordpress,wp-plugin,wpglobus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5368-e8f7e29f1dbade4dd38e32bd0037d5fe.yaml b/nuclei-templates/2018/CVE-2018-5368-e8f7e29f1dbade4dd38e32bd0037d5fe.yaml
index 31892d2a6b..866ef30fbf 100644
--- a/nuclei-templates/2018/CVE-2018-5368-e8f7e29f1dbade4dd38e32bd0037d5fe.yaml
+++ b/nuclei-templates/2018/CVE-2018-5368-e8f7e29f1dbade4dd38e32bd0037d5fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SrbTransLatin <= 1.46 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/srbtranslatin/"
     google-query: inurl:"/wp-content/plugins/srbtranslatin/"
     shodan-query: 'vuln:CVE-2018-5368'
-  tags: cve,wordpress,wp-plugin,srbtranslatin,high
+  tags: cve,wordpress,wp-plugin,srbtranslatin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5369-acbdf42f0c9734064513cf6368d19553.yaml b/nuclei-templates/2018/CVE-2018-5369-acbdf42f0c9734064513cf6368d19553.yaml
index ec1fb6be9e..5d2f56070d 100644
--- a/nuclei-templates/2018/CVE-2018-5369-acbdf42f0c9734064513cf6368d19553.yaml
+++ b/nuclei-templates/2018/CVE-2018-5369-acbdf42f0c9734064513cf6368d19553.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SrbTransLatin – SrbTransLatin <= 1.46 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/srbtranslatin/"
     google-query: inurl:"/wp-content/plugins/srbtranslatin/"
     shodan-query: 'vuln:CVE-2018-5369'
-  tags: cve,wordpress,wp-plugin,srbtranslatin,medium
+  tags: cve,wordpress,wp-plugin,srbtranslatin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5372-0cd68afb7b6d648c1cc92eb32c923eff.yaml b/nuclei-templates/2018/CVE-2018-5372-0cd68afb7b6d648c1cc92eb32c923eff.yaml
index e1c2e5d721..f47f53e589 100644
--- a/nuclei-templates/2018/CVE-2018-5372-0cd68afb7b6d648c1cc92eb32c923eff.yaml
+++ b/nuclei-templates/2018/CVE-2018-5372-0cd68afb7b6d648c1cc92eb32c923eff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial Slider < 1.2.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-slider/"
     google-query: inurl:"/wp-content/plugins/testimonial-slider/"
     shodan-query: 'vuln:CVE-2018-5372'
-  tags: cve,wordpress,wp-plugin,testimonial-slider,high
+  tags: cve,wordpress,wp-plugin,testimonial-slider,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5373-5e7c4bc77fb9b2b637c41f55c55733f0.yaml b/nuclei-templates/2018/CVE-2018-5373-5e7c4bc77fb9b2b637c41f55c55733f0.yaml
index 0d663c2ef0..71bfc2536b 100644
--- a/nuclei-templates/2018/CVE-2018-5373-5e7c4bc77fb9b2b637c41f55c55733f0.yaml
+++ b/nuclei-templates/2018/CVE-2018-5373-5e7c4bc77fb9b2b637c41f55c55733f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smooth Slider < 2.8.7 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smooth-slider/"
     google-query: inurl:"/wp-content/plugins/smooth-slider/"
     shodan-query: 'vuln:CVE-2018-5373'
-  tags: cve,wordpress,wp-plugin,smooth-slider,high
+  tags: cve,wordpress,wp-plugin,smooth-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5374-801a0dacfdb031773ac30c73693f41e6.yaml b/nuclei-templates/2018/CVE-2018-5374-801a0dacfdb031773ac30c73693f41e6.yaml
index 797899562f..64a3535dcd 100644
--- a/nuclei-templates/2018/CVE-2018-5374-801a0dacfdb031773ac30c73693f41e6.yaml
+++ b/nuclei-templates/2018/CVE-2018-5374-801a0dacfdb031773ac30c73693f41e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dbox 3D Slider Lite <= 1.2.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dbox-slider-lite/"
     google-query: inurl:"/wp-content/plugins/dbox-slider-lite/"
     shodan-query: 'vuln:CVE-2018-5374'
-  tags: cve,wordpress,wp-plugin,dbox-slider-lite,high
+  tags: cve,wordpress,wp-plugin,dbox-slider-lite,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5651-1955d2bf9e3369181a1e0d457e568aab.yaml b/nuclei-templates/2018/CVE-2018-5651-1955d2bf9e3369181a1e0d457e568aab.yaml
index 9b9f3f8ba4..598d5d020e 100644
--- a/nuclei-templates/2018/CVE-2018-5651-1955d2bf9e3369181a1e0d457e568aab.yaml
+++ b/nuclei-templates/2018/CVE-2018-5651-1955d2bf9e3369181a1e0d457e568aab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Markdown Editor (Formerly Dark Mode) < 1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dark-mode/"
     google-query: inurl:"/wp-content/plugins/dark-mode/"
     shodan-query: 'vuln:CVE-2018-5651'
-  tags: cve,wordpress,wp-plugin,dark-mode,medium
+  tags: cve,wordpress,wp-plugin,dark-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5652-854c79af36aba0da3346494de4eaf39a.yaml b/nuclei-templates/2018/CVE-2018-5652-854c79af36aba0da3346494de4eaf39a.yaml
index d2269ad143..bbee7d3d0b 100644
--- a/nuclei-templates/2018/CVE-2018-5652-854c79af36aba0da3346494de4eaf39a.yaml
+++ b/nuclei-templates/2018/CVE-2018-5652-854c79af36aba0da3346494de4eaf39a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Markdown Editor (Formerly Dark Mode) < 1.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dark-mode/"
     google-query: inurl:"/wp-content/plugins/dark-mode/"
     shodan-query: 'vuln:CVE-2018-5652'
-  tags: cve,wordpress,wp-plugin,dark-mode,medium
+  tags: cve,wordpress,wp-plugin,dark-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5654-9052f6be826c55f21c5dca387bdd8f58.yaml b/nuclei-templates/2018/CVE-2018-5654-9052f6be826c55f21c5dca387bdd8f58.yaml
index 6bf8dbf086..717b193642 100644
--- a/nuclei-templates/2018/CVE-2018-5654-9052f6be826c55f21c5dca387bdd8f58.yaml
+++ b/nuclei-templates/2018/CVE-2018-5654-9052f6be826c55f21c5dca387bdd8f58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weblizar Pin Feeds < 1.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weblizar-pinterest-feeds/"
     google-query: inurl:"/wp-content/plugins/weblizar-pinterest-feeds/"
     shodan-query: 'vuln:CVE-2018-5654'
-  tags: cve,wordpress,wp-plugin,weblizar-pinterest-feeds,medium
+  tags: cve,wordpress,wp-plugin,weblizar-pinterest-feeds,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5655-2f71afc8c2d9293f41fbc23cbef8e12e.yaml b/nuclei-templates/2018/CVE-2018-5655-2f71afc8c2d9293f41fbc23cbef8e12e.yaml
index 06bc4d6da0..0dab10a027 100644
--- a/nuclei-templates/2018/CVE-2018-5655-2f71afc8c2d9293f41fbc23cbef8e12e.yaml
+++ b/nuclei-templates/2018/CVE-2018-5655-2f71afc8c2d9293f41fbc23cbef8e12e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weblizar Pin Feeds < 1.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weblizar-pinterest-feeds/"
     google-query: inurl:"/wp-content/plugins/weblizar-pinterest-feeds/"
     shodan-query: 'vuln:CVE-2018-5655'
-  tags: cve,wordpress,wp-plugin,weblizar-pinterest-feeds,medium
+  tags: cve,wordpress,wp-plugin,weblizar-pinterest-feeds,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5656-c4fa0744bf528288e2b344cf15e3e525.yaml b/nuclei-templates/2018/CVE-2018-5656-c4fa0744bf528288e2b344cf15e3e525.yaml
index 03561c3845..99aa319d91 100644
--- a/nuclei-templates/2018/CVE-2018-5656-c4fa0744bf528288e2b344cf15e3e525.yaml
+++ b/nuclei-templates/2018/CVE-2018-5656-c4fa0744bf528288e2b344cf15e3e525.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weblizar Pin Feeds < 1.1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weblizar-pinterest-feeds/"
     google-query: inurl:"/wp-content/plugins/weblizar-pinterest-feeds/"
     shodan-query: 'vuln:CVE-2018-5656'
-  tags: cve,wordpress,wp-plugin,weblizar-pinterest-feeds,high
+  tags: cve,wordpress,wp-plugin,weblizar-pinterest-feeds,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5657-ff98de6f26943739c7dc560ade3e2c7d.yaml b/nuclei-templates/2018/CVE-2018-5657-ff98de6f26943739c7dc560ade3e2c7d.yaml
index 4ce498192e..710cc805c2 100644
--- a/nuclei-templates/2018/CVE-2018-5657-ff98de6f26943739c7dc560ade3e2c7d.yaml
+++ b/nuclei-templates/2018/CVE-2018-5657-ff98de6f26943739c7dc560ade3e2c7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon <= 1.1.18 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2018-5657'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5658-c4c0b94844e7f594c58f973ae84c6505.yaml b/nuclei-templates/2018/CVE-2018-5658-c4c0b94844e7f594c58f973ae84c6505.yaml
index 9df231ed49..903e48f6f2 100644
--- a/nuclei-templates/2018/CVE-2018-5658-c4c0b94844e7f594c58f973ae84c6505.yaml
+++ b/nuclei-templates/2018/CVE-2018-5658-c4c0b94844e7f594c58f973ae84c6505.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2018-5658'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5659-2fca652bdc1152658ff99e932f826e15.yaml b/nuclei-templates/2018/CVE-2018-5659-2fca652bdc1152658ff99e932f826e15.yaml
index 1f12fb9bff..2948c2786e 100644
--- a/nuclei-templates/2018/CVE-2018-5659-2fca652bdc1152658ff99e932f826e15.yaml
+++ b/nuclei-templates/2018/CVE-2018-5659-2fca652bdc1152658ff99e932f826e15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon < 1.1.19 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2018-5659'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5660-aeeb6c4c51959fc6de4f70bfbf031f53.yaml b/nuclei-templates/2018/CVE-2018-5660-aeeb6c4c51959fc6de4f70bfbf031f53.yaml
index c22f8f6713..31275fecd9 100644
--- a/nuclei-templates/2018/CVE-2018-5660-aeeb6c4c51959fc6de4f70bfbf031f53.yaml
+++ b/nuclei-templates/2018/CVE-2018-5660-aeeb6c4c51959fc6de4f70bfbf031f53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via coming-soon_sub_title parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_sub_title parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2018-5660'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5661-9a185bb7031cc9ee6aedfd50f633a1fb.yaml b/nuclei-templates/2018/CVE-2018-5661-9a185bb7031cc9ee6aedfd50f633a1fb.yaml
index b37d3db639..50dba87254 100644
--- a/nuclei-templates/2018/CVE-2018-5661-9a185bb7031cc9ee6aedfd50f633a1fb.yaml
+++ b/nuclei-templates/2018/CVE-2018-5661-9a185bb7031cc9ee6aedfd50f633a1fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via logo_width parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_width parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2018-5661'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5662-40faedf6e59dffdfc7f0e36dcf3aadb5.yaml b/nuclei-templates/2018/CVE-2018-5662-40faedf6e59dffdfc7f0e36dcf3aadb5.yaml
index c3fdc7ed3a..2f73fb2ac6 100644
--- a/nuclei-templates/2018/CVE-2018-5662-40faedf6e59dffdfc7f0e36dcf3aadb5.yaml
+++ b/nuclei-templates/2018/CVE-2018-5662-40faedf6e59dffdfc7f0e36dcf3aadb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via counter_title parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2018-5662'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5663-6e94975f5a72379b4c113015c234f26e.yaml b/nuclei-templates/2018/CVE-2018-5663-6e94975f5a72379b4c113015c234f26e.yaml
index f92704f181..ca81943420 100644
--- a/nuclei-templates/2018/CVE-2018-5663-6e94975f5a72379b4c113015c234f26e.yaml
+++ b/nuclei-templates/2018/CVE-2018-5663-6e94975f5a72379b4c113015c234f26e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via button_text_link parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2018-5663'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5664-3f9a61f980dbe211de3420fd4e108af4.yaml b/nuclei-templates/2018/CVE-2018-5664-3f9a61f980dbe211de3420fd4e108af4.yaml
index c5074a5f17..e87dc40a61 100644
--- a/nuclei-templates/2018/CVE-2018-5664-3f9a61f980dbe211de3420fd4e108af4.yaml
+++ b/nuclei-templates/2018/CVE-2018-5664-3f9a61f980dbe211de3420fd4e108af4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via social_icon_1 parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php social_icon_1 parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2018-5664'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5665-c26b1839d934a6c01fe10cd6a0d67c39.yaml b/nuclei-templates/2018/CVE-2018-5665-c26b1839d934a6c01fe10cd6a0d67c39.yaml
index 1353933b63..2f44e929ff 100644
--- a/nuclei-templates/2018/CVE-2018-5665-c26b1839d934a6c01fe10cd6a0d67c39.yaml
+++ b/nuclei-templates/2018/CVE-2018-5665-c26b1839d934a6c01fe10cd6a0d67c39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via logo_height parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2018-5665'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5666-3e7642452405a4b08d52483d238d4dd9.yaml b/nuclei-templates/2018/CVE-2018-5666-3e7642452405a4b08d52483d238d4dd9.yaml
index da3793f10d..f46a838010 100644
--- a/nuclei-templates/2018/CVE-2018-5666-3e7642452405a4b08d52483d238d4dd9.yaml
+++ b/nuclei-templates/2018/CVE-2018-5666-3e7642452405a4b08d52483d238d4dd9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via bg_color parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2018-5666'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5667-913904da9b37e5de5dab8db2c48cdd1a.yaml b/nuclei-templates/2018/CVE-2018-5667-913904da9b37e5de5dab8db2c48cdd1a.yaml
index d6c0c0f68f..7ed55ddcbe 100644
--- a/nuclei-templates/2018/CVE-2018-5667-913904da9b37e5de5dab8db2c48cdd1a.yaml
+++ b/nuclei-templates/2018/CVE-2018-5667-913904da9b37e5de5dab8db2c48cdd1a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Read and Understood <= 2.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/read-and-understood/"
     google-query: inurl:"/wp-content/plugins/read-and-understood/"
     shodan-query: 'vuln:CVE-2018-5667'
-  tags: cve,wordpress,wp-plugin,read-and-understood,medium
+  tags: cve,wordpress,wp-plugin,read-and-understood,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5668-b32bcea1f07567d61bc53250e86795f7.yaml b/nuclei-templates/2018/CVE-2018-5668-b32bcea1f07567d61bc53250e86795f7.yaml
index 4550cfeece..f4fe96f794 100644
--- a/nuclei-templates/2018/CVE-2018-5668-b32bcea1f07567d61bc53250e86795f7.yaml
+++ b/nuclei-templates/2018/CVE-2018-5668-b32bcea1f07567d61bc53250e86795f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Read and Understood < 2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/read-and-understood/"
     google-query: inurl:"/wp-content/plugins/read-and-understood/"
     shodan-query: 'vuln:CVE-2018-5668'
-  tags: cve,wordpress,wp-plugin,read-and-understood,medium
+  tags: cve,wordpress,wp-plugin,read-and-understood,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5669-9859097987f0e7ca79e11ace81cfa3fa.yaml b/nuclei-templates/2018/CVE-2018-5669-9859097987f0e7ca79e11ace81cfa3fa.yaml
index 6c8c5d64c3..ee767a5dbe 100644
--- a/nuclei-templates/2018/CVE-2018-5669-9859097987f0e7ca79e11ace81cfa3fa.yaml
+++ b/nuclei-templates/2018/CVE-2018-5669-9859097987f0e7ca79e11ace81cfa3fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Read and Understood < 2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/read-and-understood/"
     google-query: inurl:"/wp-content/plugins/read-and-understood/"
     shodan-query: 'vuln:CVE-2018-5669'
-  tags: cve,wordpress,wp-plugin,read-and-understood,high
+  tags: cve,wordpress,wp-plugin,read-and-understood,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5670-c3498fe08662af21fd3da077be763084.yaml b/nuclei-templates/2018/CVE-2018-5670-c3498fe08662af21fd3da077be763084.yaml
index bf21daebaa..95961d26e6 100644
--- a/nuclei-templates/2018/CVE-2018-5670-c3498fe08662af21fd3da077be763084.yaml
+++ b/nuclei-templates/2018/CVE-2018-5670-c3498fe08662af21fd3da077be763084.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-calendar/"
     google-query: inurl:"/wp-content/plugins/booking-calendar/"
     shodan-query: 'vuln:CVE-2018-5670'
-  tags: cve,wordpress,wp-plugin,booking-calendar,medium
+  tags: cve,wordpress,wp-plugin,booking-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5671-78f758aca2b7adcaf11ee6e697616163.yaml b/nuclei-templates/2018/CVE-2018-5671-78f758aca2b7adcaf11ee6e697616163.yaml
index 9f3e9f386f..6b30b461db 100644
--- a/nuclei-templates/2018/CVE-2018-5671-78f758aca2b7adcaf11ee6e697616163.yaml
+++ b/nuclei-templates/2018/CVE-2018-5671-78f758aca2b7adcaf11ee6e697616163.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-calendar/"
     google-query: inurl:"/wp-content/plugins/booking-calendar/"
     shodan-query: 'vuln:CVE-2018-5671'
-  tags: cve,wordpress,wp-plugin,booking-calendar,medium
+  tags: cve,wordpress,wp-plugin,booking-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5672-6a9d80e8fa30f682db502c67279e3ece.yaml b/nuclei-templates/2018/CVE-2018-5672-6a9d80e8fa30f682db502c67279e3ece.yaml
index 46586b6160..1a64221974 100644
--- a/nuclei-templates/2018/CVE-2018-5672-6a9d80e8fa30f682db502c67279e3ece.yaml
+++ b/nuclei-templates/2018/CVE-2018-5672-6a9d80e8fa30f682db502c67279e3ece.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-calendar/"
     google-query: inurl:"/wp-content/plugins/booking-calendar/"
     shodan-query: 'vuln:CVE-2018-5672'
-  tags: cve,wordpress,wp-plugin,booking-calendar,medium
+  tags: cve,wordpress,wp-plugin,booking-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5673-0cfb154efea7a6cd97d79b7c9bd11b19.yaml b/nuclei-templates/2018/CVE-2018-5673-0cfb154efea7a6cd97d79b7c9bd11b19.yaml
index 4b7e8236b9..96fdc90ad2 100644
--- a/nuclei-templates/2018/CVE-2018-5673-0cfb154efea7a6cd97d79b7c9bd11b19.yaml
+++ b/nuclei-templates/2018/CVE-2018-5673-0cfb154efea7a6cd97d79b7c9bd11b19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-calendar/"
     google-query: inurl:"/wp-content/plugins/booking-calendar/"
     shodan-query: 'vuln:CVE-2018-5673'
-  tags: cve,wordpress,wp-plugin,booking-calendar,high
+  tags: cve,wordpress,wp-plugin,booking-calendar,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5695-15e650b4ee038f777984c647938b664a.yaml b/nuclei-templates/2018/CVE-2018-5695-15e650b4ee038f777984c647938b664a.yaml
index d60eb1eb58..e5a962c50d 100644
--- a/nuclei-templates/2018/CVE-2018-5695-15e650b4ee038f777984c647938b664a.yaml
+++ b/nuclei-templates/2018/CVE-2018-5695-15e650b4ee038f777984c647938b664a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Job Board <= 4.4.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpjobboard/"
     google-query: inurl:"/wp-content/plugins/wpjobboard/"
     shodan-query: 'vuln:CVE-2018-5695'
-  tags: cve,wordpress,wp-plugin,wpjobboard,high
+  tags: cve,wordpress,wp-plugin,wpjobboard,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-5776-88414da74c1432faaa821c60e30d70e4.yaml b/nuclei-templates/2018/CVE-2018-5776-88414da74c1432faaa821c60e30d70e4.yaml
index ab25ddf90c..b31a3effde 100644
--- a/nuclei-templates/2018/CVE-2018-5776-88414da74c1432faaa821c60e30d70e4.yaml
+++ b/nuclei-templates/2018/CVE-2018-5776-88414da74c1432faaa821c60e30d70e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 4.9.2 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2018-5776
   metadata:
     shodan-query: 'vuln:CVE-2018-5776'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-6001-4c3c497ff4bf73b3f95e774197f4a725.yaml b/nuclei-templates/2018/CVE-2018-6001-4c3c497ff4bf73b3f95e774197f4a725.yaml
index 2b64235101..238ee15286 100644
--- a/nuclei-templates/2018/CVE-2018-6001-4c3c497ff4bf73b3f95e774197f4a725.yaml
+++ b/nuclei-templates/2018/CVE-2018-6001-4c3c497ff4bf73b3f95e774197f4a725.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Soundy Audio Playlist <= 4.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Soundy Audio Playlist plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6. This is due to missing or incorrect nonce validation on the 'soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter)' function. This makes it possible for unauthenticated attackers to leverage  arbitrary script code and execute via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/soundy-audio-playlist/"
     google-query: inurl:"/wp-content/plugins/soundy-audio-playlist/"
     shodan-query: 'vuln:CVE-2018-6001'
-  tags: cve,wordpress,wp-plugin,soundy-audio-playlist,medium
+  tags: cve,wordpress,wp-plugin,soundy-audio-playlist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-6002-aae33717a53aff7e44346754fe498f79.yaml b/nuclei-templates/2018/CVE-2018-6002-aae33717a53aff7e44346754fe498f79.yaml
index 01a47ff70e..8c0c4d9193 100644
--- a/nuclei-templates/2018/CVE-2018-6002-aae33717a53aff7e44346754fe498f79.yaml
+++ b/nuclei-templates/2018/CVE-2018-6002-aae33717a53aff7e44346754fe498f79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Soundy Background Music <= 3.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/soundy-background-music/"
     google-query: inurl:"/wp-content/plugins/soundy-background-music/"
     shodan-query: 'vuln:CVE-2018-6002'
-  tags: cve,wordpress,wp-plugin,soundy-background-music,medium
+  tags: cve,wordpress,wp-plugin,soundy-background-music,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-6194-3ea0e1871dec257bfd7cde582f2ade2e.yaml b/nuclei-templates/2018/CVE-2018-6194-3ea0e1871dec257bfd7cde582f2ade2e.yaml
index dedb3ad69d..b92d6154a5 100644
--- a/nuclei-templates/2018/CVE-2018-6194-3ea0e1871dec257bfd7cde582f2ade2e.yaml
+++ b/nuclei-templates/2018/CVE-2018-6194-3ea0e1871dec257bfd7cde582f2ade2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Splashing Images < 2.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-splashing-images/"
     google-query: inurl:"/wp-content/plugins/wp-splashing-images/"
     shodan-query: 'vuln:CVE-2018-6194'
-  tags: cve,wordpress,wp-plugin,wp-splashing-images,medium
+  tags: cve,wordpress,wp-plugin,wp-splashing-images,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-6357-6c3ed40b4545418647bb281d1735150e.yaml b/nuclei-templates/2018/CVE-2018-6357-6c3ed40b4545418647bb281d1735150e.yaml
index c68b38fec4..1c6ebcd9f0 100644
--- a/nuclei-templates/2018/CVE-2018-6357-6c3ed40b4545418647bb281d1735150e.yaml
+++ b/nuclei-templates/2018/CVE-2018-6357-6c3ed40b4545418647bb281d1735150e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Widget by Acurax <= 3.2.5 - Cross-Site Request Forgery leading to Cross-Site Scripting via the recordsArray Parameter
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acurax-social-media-widget/"
     google-query: inurl:"/wp-content/plugins/acurax-social-media-widget/"
     shodan-query: 'vuln:CVE-2018-6357'
-  tags: cve,wordpress,wp-plugin,acurax-social-media-widget,high
+  tags: cve,wordpress,wp-plugin,acurax-social-media-widget,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-6465-4ba37fc25b6b62478d53951a81386aeb.yaml b/nuclei-templates/2018/CVE-2018-6465-4ba37fc25b6b62478d53951a81386aeb.yaml
index 7943da663c..e0100a5833 100644
--- a/nuclei-templates/2018/CVE-2018-6465-4ba37fc25b6b62478d53951a81386aeb.yaml
+++ b/nuclei-templates/2018/CVE-2018-6465-4ba37fc25b6b62478d53951a81386aeb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PropertyHive < 1.4.15 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/propertyhive/"
     google-query: inurl:"/wp-content/plugins/propertyhive/"
     shodan-query: 'vuln:CVE-2018-6465'
-  tags: cve,wordpress,wp-plugin,propertyhive,medium
+  tags: cve,wordpress,wp-plugin,propertyhive,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-6466-4f5e1d138ae43eaa500111874f55d52e.yaml b/nuclei-templates/2018/CVE-2018-6466-4f5e1d138ae43eaa500111874f55d52e.yaml
index fd40b9a666..d59045d39b 100644
--- a/nuclei-templates/2018/CVE-2018-6466-4f5e1d138ae43eaa500111874f55d52e.yaml
+++ b/nuclei-templates/2018/CVE-2018-6466-4f5e1d138ae43eaa500111874f55d52e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     flickrRSS <= 5.3.1 - Cross-Site Scripting via flickrRSS_set
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flickr-rss/"
     google-query: inurl:"/wp-content/plugins/flickr-rss/"
     shodan-query: 'vuln:CVE-2018-6466'
-  tags: cve,wordpress,wp-plugin,flickr-rss,medium
+  tags: cve,wordpress,wp-plugin,flickr-rss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-6468-0e4fc74efc949999cf345512b761619e.yaml b/nuclei-templates/2018/CVE-2018-6468-0e4fc74efc949999cf345512b761619e.yaml
index e2072f2809..a838697ed5 100644
--- a/nuclei-templates/2018/CVE-2018-6468-0e4fc74efc949999cf345512b761619e.yaml
+++ b/nuclei-templates/2018/CVE-2018-6468-0e4fc74efc949999cf345512b761619e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     flickrRSS <= 5.3.1 - Cross-Site Scripting via flickrRSS_id
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flickr-rss/"
     google-query: inurl:"/wp-content/plugins/flickr-rss/"
     shodan-query: 'vuln:CVE-2018-6468'
-  tags: cve,wordpress,wp-plugin,flickr-rss,medium
+  tags: cve,wordpress,wp-plugin,flickr-rss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-6469-3bc9ed0b3cbfe53ac89e5748fc0bf57c.yaml b/nuclei-templates/2018/CVE-2018-6469-3bc9ed0b3cbfe53ac89e5748fc0bf57c.yaml
index a18523497e..86f62c0d01 100644
--- a/nuclei-templates/2018/CVE-2018-6469-3bc9ed0b3cbfe53ac89e5748fc0bf57c.yaml
+++ b/nuclei-templates/2018/CVE-2018-6469-3bc9ed0b3cbfe53ac89e5748fc0bf57c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     flickrRSS <= 5.3.1 - Cross-Site Scripting via flickrRSS_tags
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flickr-rss/"
     google-query: inurl:"/wp-content/plugins/flickr-rss/"
     shodan-query: 'vuln:CVE-2018-6469'
-  tags: cve,wordpress,wp-plugin,flickr-rss,medium
+  tags: cve,wordpress,wp-plugin,flickr-rss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-6943-dac7bdda4e28b985a7da6425e9bc4314.yaml b/nuclei-templates/2018/CVE-2018-6943-dac7bdda4e28b985a7da6425e9bc4314.yaml
index 8f0308ff03..64dafc793a 100644
--- a/nuclei-templates/2018/CVE-2018-6943-dac7bdda4e28b985a7da6425e9bc4314.yaml
+++ b/nuclei-templates/2018/CVE-2018-6943-dac7bdda4e28b985a7da6425e9bc4314.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2018-6943'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-6944-e00b98ac8c54622a944850cb2d386b43.yaml b/nuclei-templates/2018/CVE-2018-6944-e00b98ac8c54622a944850cb2d386b43.yaml
index ef2b0a2d4c..1b6598e8ca 100644
--- a/nuclei-templates/2018/CVE-2018-6944-e00b98ac8c54622a944850cb2d386b43.yaml
+++ b/nuclei-templates/2018/CVE-2018-6944-e00b98ac8c54622a944850cb2d386b43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2018-6944'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-7280-ea56b6fc3599b19cc9355c178eadf7c8.yaml b/nuclei-templates/2018/CVE-2018-7280-ea56b6fc3599b19cc9355c178eadf7c8.yaml
index 3503fa2e48..5136d21ff2 100644
--- a/nuclei-templates/2018/CVE-2018-7280-ea56b6fc3599b19cc9355c178eadf7c8.yaml
+++ b/nuclei-templates/2018/CVE-2018-7280-ea56b6fc3599b19cc9355c178eadf7c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2018-7280'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-7543-2e6e6e36243681b3cf144f17aaebf064.yaml b/nuclei-templates/2018/CVE-2018-7543-2e6e6e36243681b3cf144f17aaebf064.yaml
index 671162fd9a..618d6b04a1 100644
--- a/nuclei-templates/2018/CVE-2018-7543-2e6e6e36243681b3cf144f17aaebf064.yaml
+++ b/nuclei-templates/2018/CVE-2018-7543-2e6e6e36243681b3cf144f17aaebf064.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicator <= 1.2.32 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicator/"
     google-query: inurl:"/wp-content/plugins/duplicator/"
     shodan-query: 'vuln:CVE-2018-7543'
-  tags: cve,wordpress,wp-plugin,duplicator,medium
+  tags: cve,wordpress,wp-plugin,duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-8729-55d5b1ab7109cbfd7cdac31ba9a767d2.yaml b/nuclei-templates/2018/CVE-2018-8729-55d5b1ab7109cbfd7cdac31ba9a767d2.yaml
index 569e4e443f..f1f7e16d00 100644
--- a/nuclei-templates/2018/CVE-2018-8729-55d5b1ab7109cbfd7cdac31ba9a767d2.yaml
+++ b/nuclei-templates/2018/CVE-2018-8729-55d5b1ab7109cbfd7cdac31ba9a767d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Activity Log <= 2.4.0 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aryo-activity-log/"
     google-query: inurl:"/wp-content/plugins/aryo-activity-log/"
     shodan-query: 'vuln:CVE-2018-8729'
-  tags: cve,wordpress,wp-plugin,aryo-activity-log,medium
+  tags: cve,wordpress,wp-plugin,aryo-activity-log,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-9020-fb28659ef74c6816e9ff94aaba73e076.yaml b/nuclei-templates/2018/CVE-2018-9020-fb28659ef74c6816e9ff94aaba73e076.yaml
index 3ca95c646c..ab9c41b66d 100644
--- a/nuclei-templates/2018/CVE-2018-9020-fb28659ef74c6816e9ff94aaba73e076.yaml
+++ b/nuclei-templates/2018/CVE-2018-9020-fb28659ef74c6816e9ff94aaba73e076.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 5.8.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2018-9020'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-9034-88fcfbe0235fbfcf5894d075044bc4db.yaml b/nuclei-templates/2018/CVE-2018-9034-88fcfbe0235fbfcf5894d075044bc4db.yaml
index acbd773efc..3461ad7d59 100644
--- a/nuclei-templates/2018/CVE-2018-9034-88fcfbe0235fbfcf5894d075044bc4db.yaml
+++ b/nuclei-templates/2018/CVE-2018-9034-88fcfbe0235fbfcf5894d075044bc4db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevanssi <= 4.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/relevanssi/"
     google-query: inurl:"/wp-content/plugins/relevanssi/"
     shodan-query: 'vuln:CVE-2018-9034'
-  tags: cve,wordpress,wp-plugin,relevanssi,medium
+  tags: cve,wordpress,wp-plugin,relevanssi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-9172-95115eb6cd7773daea0c3290d4bc4306.yaml b/nuclei-templates/2018/CVE-2018-9172-95115eb6cd7773daea0c3290d4bc4306.yaml
index d14d392c45..ef4bf18967 100644
--- a/nuclei-templates/2018/CVE-2018-9172-95115eb6cd7773daea0c3290d4bc4306.yaml
+++ b/nuclei-templates/2018/CVE-2018-9172-95115eb6cd7773daea0c3290d4bc4306.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-upload/"
     google-query: inurl:"/wp-content/plugins/wp-file-upload/"
     shodan-query: 'vuln:CVE-2018-9172'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,medium
+  tags: cve,wordpress,wp-plugin,wp-file-upload,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-9844-90d37fd2fba0470460729c814dc702e8.yaml b/nuclei-templates/2018/CVE-2018-9844-90d37fd2fba0470460729c814dc702e8.yaml
index 0a7462dea0..abe683377e 100644
--- a/nuclei-templates/2018/CVE-2018-9844-90d37fd2fba0470460729c814dc702e8.yaml
+++ b/nuclei-templates/2018/CVE-2018-9844-90d37fd2fba0470460729c814dc702e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-upload/"
     google-query: inurl:"/wp-content/plugins/wp-file-upload/"
     shodan-query: 'vuln:CVE-2018-9844'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,medium
+  tags: cve,wordpress,wp-plugin,wp-file-upload,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2018/CVE-2018-9864-875e2588a6c7f11db1b0d18dfa5a3b24.yaml b/nuclei-templates/2018/CVE-2018-9864-875e2588a6c7f11db1b0d18dfa5a3b24.yaml
index af0a7509d4..555535c497 100644
--- a/nuclei-templates/2018/CVE-2018-9864-875e2588a6c7f11db1b0d18dfa5a3b24.yaml
+++ b/nuclei-templates/2018/CVE-2018-9864-875e2588a6c7f11db1b0d18dfa5a3b24.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Live Chat Support <= 8.0.05 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:CVE-2018-9864'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-1010034-19dc9eaf0f82c574889586e002e668f6.yaml b/nuclei-templates/2019/CVE-2019-1010034-19dc9eaf0f82c574889586e002e668f6.yaml
index cdcf77536b..b9848bd58d 100644
--- a/nuclei-templates/2019/CVE-2019-1010034-19dc9eaf0f82c574889586e002e668f6.yaml
+++ b/nuclei-templates/2019/CVE-2019-1010034-19dc9eaf0f82c574889586e002e668f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Web Librarian <= 3.5.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Deepwoods Software WebLibrarian 3.5.4 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" (defined at database_code.php line 1018) is vulnerable to a boolean-based blind sql injection. This function call can be triggered by any user logged-in with at least Volunteer role or manage_circulation capabilities. PoC : /wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weblibrarian/"
     google-query: inurl:"/wp-content/plugins/weblibrarian/"
     shodan-query: 'vuln:CVE-2019-1010034'
-  tags: cve,wordpress,wp-plugin,weblibrarian,high
+  tags: cve,wordpress,wp-plugin,weblibrarian,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-1010104-0dc6cfa3fba0c385fc2da9ea78090e2f.yaml b/nuclei-templates/2019/CVE-2019-1010104-0dc6cfa3fba0c385fc2da9ea78090e2f.yaml
index 8be50656ce..f7b7473bf8 100644
--- a/nuclei-templates/2019/CVE-2019-1010104-0dc6cfa3fba0c385fc2da9ea78090e2f.yaml
+++ b/nuclei-templates/2019/CVE-2019-1010104-0dc6cfa3fba0c385fc2da9ea78090e2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Chat <= 4.14 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: like_escape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-chat/"
     google-query: inurl:"/wp-content/plugins/quick-chat/"
     shodan-query: 'vuln:CVE-2019-1010104'
-  tags: cve,wordpress,wp-plugin,quick-chat,high
+  tags: cve,wordpress,wp-plugin,quick-chat,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-10673-913680c7cc113c5e372d717a86269c4e.yaml b/nuclei-templates/2019/CVE-2019-10673-913680c7cc113c5e372d717a86269c4e.yaml
index 015c886920..d1c4d18aaf 100644
--- a/nuclei-templates/2019/CVE-2019-10673-913680c7cc113c5e372d717a86269c4e.yaml
+++ b/nuclei-templates/2019/CVE-2019-10673-913680c7cc113c5e372d717a86269c4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.39 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress "password forget" form.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2019-10673'
-  tags: cve,wordpress,wp-plugin,ultimate-member,high
+  tags: cve,wordpress,wp-plugin,ultimate-member,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-10864-4c0f6a08d37bb188811061a17ff42cfa.yaml b/nuclei-templates/2019/CVE-2019-10864-4c0f6a08d37bb188811061a17ff42cfa.yaml
index 28fa1c0744..58a116ff32 100644
--- a/nuclei-templates/2019/CVE-2019-10864-4c0f6a08d37bb188811061a17ff42cfa.yaml
+++ b/nuclei-templates/2019/CVE-2019-10864-4c0f6a08d37bb188811061a17ff42cfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 12.6.3 - Referer Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:CVE-2019-10864'
-  tags: cve,wordpress,wp-plugin,wp-statistics,medium
+  tags: cve,wordpress,wp-plugin,wp-statistics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-10866-b584bc3add37b438ea9f7d52a53c499d.yaml b/nuclei-templates/2019/CVE-2019-10866-b584bc3add37b438ea9f7d52a53c499d.yaml
index 9d7ecf0aa6..e0036aad92 100644
--- a/nuclei-templates/2019/CVE-2019-10866-b584bc3add37b438ea9f7d52a53c499d.yaml
+++ b/nuclei-templates/2019/CVE-2019-10866-b584bc3add37b438ea9f7d52a53c499d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Maker by 10Web <= 1.13.2 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-maker/"
     google-query: inurl:"/wp-content/plugins/form-maker/"
     shodan-query: 'vuln:CVE-2019-10866'
-  tags: cve,wordpress,wp-plugin,form-maker,high
+  tags: cve,wordpress,wp-plugin,form-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-10869-4bc78371b9a6176130f5ed1b3336f728.yaml b/nuclei-templates/2019/CVE-2019-10869-4bc78371b9a6176130f5ed1b3336f728.yaml
index 69352137f1..295a474413 100644
--- a/nuclei-templates/2019/CVE-2019-10869-4bc78371b9a6176130f5ed1b3336f728.yaml
+++ b/nuclei-templates/2019/CVE-2019-10869-4bc78371b9a6176130f5ed1b3336f728.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms - File Uploads <= 3.0.22 - Unauthenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms-uploads/"
     google-query: inurl:"/wp-content/plugins/ninja-forms-uploads/"
     shodan-query: 'vuln:CVE-2019-10869'
-  tags: cve,wordpress,wp-plugin,ninja-forms-uploads,high
+  tags: cve,wordpress,wp-plugin,ninja-forms-uploads,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-11557-0dd2df3f5b8d5d1265b1558506e0a48b.yaml b/nuclei-templates/2019/CVE-2019-11557-0dd2df3f5b8d5d1265b1558506e0a48b.yaml
index ef98b2cf35..b4e968886a 100644
--- a/nuclei-templates/2019/CVE-2019-11557-0dd2df3f5b8d5d1265b1558506e0a48b.yaml
+++ b/nuclei-templates/2019/CVE-2019-11557-0dd2df3f5b8d5d1265b1558506e0a48b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WDContactFormBuilder <= 1.0.68 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-builder/"
     google-query: inurl:"/wp-content/plugins/contact-form-builder/"
     shodan-query: 'vuln:CVE-2019-11557'
-  tags: cve,wordpress,wp-plugin,contact-form-builder,high
+  tags: cve,wordpress,wp-plugin,contact-form-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-11590-bc7687f3a38eb76862d41bf156e272e2.yaml b/nuclei-templates/2019/CVE-2019-11590-bc7687f3a38eb76862d41bf156e272e2.yaml
index cc63d96439..6fd4fe55f4 100644
--- a/nuclei-templates/2019/CVE-2019-11590-bc7687f3a38eb76862d41bf156e272e2.yaml
+++ b/nuclei-templates/2019/CVE-2019-11590-bc7687f3a38eb76862d41bf156e272e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Maker by 10Web <= 1.13.4 - Cross-Site Request Forgery to Local File Inclusion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-maker/"
     google-query: inurl:"/wp-content/plugins/form-maker/"
     shodan-query: 'vuln:CVE-2019-11590'
-  tags: cve,wordpress,wp-plugin,form-maker,high
+  tags: cve,wordpress,wp-plugin,form-maker,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-11591-b9705619b7c26905bbb7df74ccb4fdad.yaml b/nuclei-templates/2019/CVE-2019-11591-b9705619b7c26905bbb7df74ccb4fdad.yaml
index 914f004f7c..5aaa140351 100644
--- a/nuclei-templates/2019/CVE-2019-11591-b9705619b7c26905bbb7df74ccb4fdad.yaml
+++ b/nuclei-templates/2019/CVE-2019-11591-b9705619b7c26905bbb7df74ccb4fdad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by WD <= 1.13.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-maker/"
     google-query: inurl:"/wp-content/plugins/contact-form-maker/"
     shodan-query: 'vuln:CVE-2019-11591'
-  tags: cve,wordpress,wp-plugin,contact-form-maker,high
+  tags: cve,wordpress,wp-plugin,contact-form-maker,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-11871-aeb1af030c75596a2eb738838b5e8bf8.yaml b/nuclei-templates/2019/CVE-2019-11871-aeb1af030c75596a2eb738838b5e8bf8.yaml
index cf7c233b36..f446c31aca 100644
--- a/nuclei-templates/2019/CVE-2019-11871-aeb1af030c75596a2eb738838b5e8bf8.yaml
+++ b/nuclei-templates/2019/CVE-2019-11871-aeb1af030c75596a2eb738838b5e8bf8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Field Suite <= 2.5.14 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-field-suite/"
     google-query: inurl:"/wp-content/plugins/custom-field-suite/"
     shodan-query: 'vuln:CVE-2019-11871'
-  tags: cve,wordpress,wp-plugin,custom-field-suite,medium
+  tags: cve,wordpress,wp-plugin,custom-field-suite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-12239-96e25e69c7f878ae73c7f29f99c97760.yaml b/nuclei-templates/2019/CVE-2019-12239-96e25e69c7f878ae73c7f29f99c97760.yaml
index 7d56051cf2..78493e1495 100644
--- a/nuclei-templates/2019/CVE-2019-12239-96e25e69c7f878ae73c7f29f99c97760.yaml
+++ b/nuclei-templates/2019/CVE-2019-12239-96e25e69c7f878ae73c7f29f99c97760.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Booking System Free version < 1.5.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-booking-system/"
     google-query: inurl:"/wp-content/plugins/wp-booking-system/"
     shodan-query: 'vuln:CVE-2019-12239'
-  tags: cve,wordpress,wp-plugin,wp-booking-system,critical
+  tags: cve,wordpress,wp-plugin,wp-booking-system,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-12346-27f647997621b679fa1b99cbf345bdbe.yaml b/nuclei-templates/2019/CVE-2019-12346-27f647997621b679fa1b99cbf345bdbe.yaml
index 750b24b76c..fd202cf1b1 100644
--- a/nuclei-templates/2019/CVE-2019-12346-27f647997621b679fa1b99cbf345bdbe.yaml
+++ b/nuclei-templates/2019/CVE-2019-12346-27f647997621b679fa1b99cbf345bdbe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SAML Single Sign On – SAML SSO Login < 4.8.73 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-saml-20-single-sign-on/"
     google-query: inurl:"/wp-content/plugins/miniorange-saml-20-single-sign-on/"
     shodan-query: 'vuln:CVE-2019-12346'
-  tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,medium
+  tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-12516-3395165ceb6b70322e35bead04697388.yaml b/nuclei-templates/2019/CVE-2019-12516-3395165ceb6b70322e35bead04697388.yaml
index bcdcbf4942..21642f4629 100644
--- a/nuclei-templates/2019/CVE-2019-12516-3395165ceb6b70322e35bead04697388.yaml
+++ b/nuclei-templates/2019/CVE-2019-12516-3395165ceb6b70322e35bead04697388.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SlickQuiz <= 1.3.7.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI.  This makes it possible for Subscriber-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slickquiz/"
     google-query: inurl:"/wp-content/plugins/slickquiz/"
     shodan-query: 'vuln:CVE-2019-12516'
-  tags: cve,wordpress,wp-plugin,slickquiz,high
+  tags: cve,wordpress,wp-plugin,slickquiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-12517-53a30d941da402857e0ee8cdb2011b69.yaml b/nuclei-templates/2019/CVE-2019-12517-53a30d941da402857e0ee8cdb2011b69.yaml
index 501f0e9501..879ed54231 100644
--- a/nuclei-templates/2019/CVE-2019-12517-53a30d941da402857e0ee8cdb2011b69.yaml
+++ b/nuclei-templates/2019/CVE-2019-12517-53a30d941da402857e0ee8cdb2011b69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SlickQuiz <= 1.3.7.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slickquiz/"
     google-query: inurl:"/wp-content/plugins/slickquiz/"
     shodan-query: 'vuln:CVE-2019-12517'
-  tags: cve,wordpress,wp-plugin,slickquiz,medium
+  tags: cve,wordpress,wp-plugin,slickquiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-12566-fe0f4f4fb6e560c8f83991dc7a6212ad.yaml b/nuclei-templates/2019/CVE-2019-12566-fe0f4f4fb6e560c8f83991dc7a6212ad.yaml
index 11b8ad3b9f..5f2cbe5add 100644
--- a/nuclei-templates/2019/CVE-2019-12566-fe0f4f4fb6e560c8f83991dc7a6212ad.yaml
+++ b/nuclei-templates/2019/CVE-2019-12566-fe0f4f4fb6e560c8f83991dc7a6212ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 12.6.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:CVE-2019-12566'
-  tags: cve,wordpress,wp-plugin,wp-statistics,medium
+  tags: cve,wordpress,wp-plugin,wp-statistics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-12570-70cdf6a74f267301ff9a7a0c0a03da5b.yaml b/nuclei-templates/2019/CVE-2019-12570-70cdf6a74f267301ff9a7a0c0a03da5b.yaml
index c662bd04c8..d0565b6b02 100644
--- a/nuclei-templates/2019/CVE-2019-12570-70cdf6a74f267301ff9a7a0c0a03da5b.yaml
+++ b/nuclei-templates/2019/CVE-2019-12570-70cdf6a74f267301ff9a7a0c0a03da5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Server Status by Hostname/IP <= 4.6 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/server-status-by-hostnameip/"
     google-query: inurl:"/wp-content/plugins/server-status-by-hostnameip/"
     shodan-query: 'vuln:CVE-2019-12570'
-  tags: cve,wordpress,wp-plugin,server-status-by-hostnameip,high
+  tags: cve,wordpress,wp-plugin,server-status-by-hostnameip,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-12826-068331b2d9acf141050172c5e67910ff.yaml b/nuclei-templates/2019/CVE-2019-12826-068331b2d9acf141050172c5e67910ff.yaml
index 48ac62e0a5..e3bd58548e 100644
--- a/nuclei-templates/2019/CVE-2019-12826-068331b2d9acf141050172c5e67910ff.yaml
+++ b/nuclei-templates/2019/CVE-2019-12826-068331b2d9acf141050172c5e67910ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Widget Logic < 5.10.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-logic/"
     google-query: inurl:"/wp-content/plugins/widget-logic/"
     shodan-query: 'vuln:CVE-2019-12826'
-  tags: cve,wordpress,wp-plugin,widget-logic,high
+  tags: cve,wordpress,wp-plugin,widget-logic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-12934-ca875a69734817c022d2b5742d18b09a.yaml b/nuclei-templates/2019/CVE-2019-12934-ca875a69734817c022d2b5742d18b09a.yaml
index 4e0a3315fd..08cb623375 100644
--- a/nuclei-templates/2019/CVE-2019-12934-ca875a69734817c022d2b5742d18b09a.yaml
+++ b/nuclei-templates/2019/CVE-2019-12934-ca875a69734817c022d2b5742d18b09a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Code Highlight.js <= 0.6.2 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Code Highlight.js plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on the hljs_settings_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-code-highlightjs/"
     google-query: inurl:"/wp-content/plugins/wp-code-highlightjs/"
     shodan-query: 'vuln:CVE-2019-12934'
-  tags: cve,wordpress,wp-plugin,wp-code-highlightjs,high
+  tags: cve,wordpress,wp-plugin,wp-code-highlightjs,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-13344-d25b2870a2ba1a71b2f08074d958c754.yaml b/nuclei-templates/2019/CVE-2019-13344-d25b2870a2ba1a71b2f08074d958c754.yaml
index 0acec8ca86..08c76855ce 100644
--- a/nuclei-templates/2019/CVE-2019-13344-d25b2870a2ba1a71b2f08074d958c754.yaml
+++ b/nuclei-templates/2019/CVE-2019-13344-d25b2870a2ba1a71b2f08074d958c754.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Like Button <= 1.6.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-like-button/"
     google-query: inurl:"/wp-content/plugins/wp-like-button/"
     shodan-query: 'vuln:CVE-2019-13344'
-  tags: cve,wordpress,wp-plugin,wp-like-button,medium
+  tags: cve,wordpress,wp-plugin,wp-like-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-13413-5164636d32af20648741053f5b9caab7.yaml b/nuclei-templates/2019/CVE-2019-13413-5164636d32af20648741053f5b9caab7.yaml
index babf0c6933..3eaac432ca 100644
--- a/nuclei-templates/2019/CVE-2019-13413-5164636d32af20648741053f5b9caab7.yaml
+++ b/nuclei-templates/2019/CVE-2019-13413-5164636d32af20648741053f5b9caab7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rencontre – Dating Site <= 3.1.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Rencontre – Dating Site plugin for WordPress is vulnerable to SQL Injection via a few parameters found in the inc/rencontre_widget.php file, such as the 'region' parameter, in versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rencontre/"
     google-query: inurl:"/wp-content/plugins/rencontre/"
     shodan-query: 'vuln:CVE-2019-13413'
-  tags: cve,wordpress,wp-plugin,rencontre,high
+  tags: cve,wordpress,wp-plugin,rencontre,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-13414-7116f21024cd4d3ec70934c93595bec9.yaml b/nuclei-templates/2019/CVE-2019-13414-7116f21024cd4d3ec70934c93595bec9.yaml
index 1b0890da3a..4d7307add2 100644
--- a/nuclei-templates/2019/CVE-2019-13414-7116f21024cd4d3ec70934c93595bec9.yaml
+++ b/nuclei-templates/2019/CVE-2019-13414-7116f21024cd4d3ec70934c93595bec9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rencontre – Dating Site <= 3.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Rencontre – Dating Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters found in the inc/rencontre_widget.php file such as 'pays' in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rencontre/"
     google-query: inurl:"/wp-content/plugins/rencontre/"
     shodan-query: 'vuln:CVE-2019-13414'
-  tags: cve,wordpress,wp-plugin,rencontre,medium
+  tags: cve,wordpress,wp-plugin,rencontre,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-13478-faaf1948155c5f302388ba2e8f465a89.yaml b/nuclei-templates/2019/CVE-2019-13478-faaf1948155c5f302388ba2e8f465a89.yaml
index df4d9ae37a..ff3bc38906 100644
--- a/nuclei-templates/2019/CVE-2019-13478-faaf1948155c5f302388ba2e8f465a89.yaml
+++ b/nuclei-templates/2019/CVE-2019-13478-faaf1948155c5f302388ba2e8f465a89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via term descriptions in versions up to, and including, 11.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with post editor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-seo/"
     google-query: inurl:"/wp-content/plugins/wordpress-seo/"
     shodan-query: 'vuln:CVE-2019-13478'
-  tags: cve,wordpress,wp-plugin,wordpress-seo,medium
+  tags: cve,wordpress,wp-plugin,wordpress-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-13505-e18c42540e73da21df0e80ed6910311c.yaml b/nuclei-templates/2019/CVE-2019-13505-e18c42540e73da21df0e80ed6910311c.yaml
index e44d2c0a29..dd190a823e 100644
--- a/nuclei-templates/2019/CVE-2019-13505-e18c42540e73da21df0e80ed6910311c.yaml
+++ b/nuclei-templates/2019/CVE-2019-13505-e18c42540e73da21df0e80ed6910311c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/appointment-hour-booking/"
     google-query: inurl:"/wp-content/plugins/appointment-hour-booking/"
     shodan-query: 'vuln:CVE-2019-13505'
-  tags: cve,wordpress,wp-plugin,appointment-hour-booking,medium
+  tags: cve,wordpress,wp-plugin,appointment-hour-booking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-13570-b24e50f88d059b7df802d8ab2740b6f0.yaml b/nuclei-templates/2019/CVE-2019-13570-b24e50f88d059b7df802d8ab2740b6f0.yaml
index 3b56535086..8bec58ca93 100644
--- a/nuclei-templates/2019/CVE-2019-13570-b24e50f88d059b7df802d8ab2740b6f0.yaml
+++ b/nuclei-templates/2019/CVE-2019-13570-b24e50f88d059b7df802d8ab2740b6f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdRotate – Ad manager & AdSense Ads <= 5.2 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adrotate/"
     google-query: inurl:"/wp-content/plugins/adrotate/"
     shodan-query: 'vuln:CVE-2019-13570'
-  tags: cve,wordpress,wp-plugin,adrotate,high
+  tags: cve,wordpress,wp-plugin,adrotate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14205-092d91aed0440af0f2ea67a8f6a61ea3.yaml b/nuclei-templates/2019/CVE-2019-14205-092d91aed0440af0f2ea67a8f6a61ea3.yaml
index 9597a5745e..3c8002b181 100644
--- a/nuclei-templates/2019/CVE-2019-14205-092d91aed0440af0f2ea67a8f6a61ea3.yaml
+++ b/nuclei-templates/2019/CVE-2019-14205-092d91aed0440af0f2ea67a8f6a61ea3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Adaptive Images for WordPress <= 0.6.66 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adaptive-images/"
     google-query: inurl:"/wp-content/plugins/adaptive-images/"
     shodan-query: 'vuln:CVE-2019-14205'
-  tags: cve,wordpress,wp-plugin,adaptive-images,high
+  tags: cve,wordpress,wp-plugin,adaptive-images,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14216-03cfd10aef3dc88159ec608d4ac8800f.yaml b/nuclei-templates/2019/CVE-2019-14216-03cfd10aef3dc88159ec608d4ac8800f.yaml
index 105e0d0a78..e0882a7b7b 100644
--- a/nuclei-templates/2019/CVE-2019-14216-03cfd10aef3dc88159ec608d4ac8800f.yaml
+++ b/nuclei-templates/2019/CVE-2019-14216-03cfd10aef3dc88159ec608d4ac8800f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SVG Icons <= 3.2.2 - Cross-Site Request Forgery to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.2 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/svg-vector-icon-plugin/"
     google-query: inurl:"/wp-content/plugins/svg-vector-icon-plugin/"
     shodan-query: 'vuln:CVE-2019-14216'
-  tags: cve,wordpress,wp-plugin,svg-vector-icon-plugin,high
+  tags: cve,wordpress,wp-plugin,svg-vector-icon-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14328-4ad519606c4e4a0ac9ad3558c99fc1da.yaml b/nuclei-templates/2019/CVE-2019-14328-4ad519606c4e4a0ac9ad3558c99fc1da.yaml
index c6b01f9e5a..fe355accdd 100644
--- a/nuclei-templates/2019/CVE-2019-14328-4ad519606c4e4a0ac9ad3558c99fc1da.yaml
+++ b/nuclei-templates/2019/CVE-2019-14328-4ad519606c4e4a0ac9ad3558c99fc1da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership <= 3.8.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership/"
     google-query: inurl:"/wp-content/plugins/simple-membership/"
     shodan-query: 'vuln:CVE-2019-14328'
-  tags: cve,wordpress,wp-plugin,simple-membership,high
+  tags: cve,wordpress,wp-plugin,simple-membership,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14364-827bc1bb21b15b99a01d332b7037ec11.yaml b/nuclei-templates/2019/CVE-2019-14364-827bc1bb21b15b99a01d332b7037ec11.yaml
index 9553064951..ef9265d3d5 100644
--- a/nuclei-templates/2019/CVE-2019-14364-827bc1bb21b15b99a01d332b7037ec11.yaml
+++ b/nuclei-templates/2019/CVE-2019-14364-827bc1bb21b15b99a01d332b7037ec11.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Subscribers & Newsletters <= 4.1.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2019-14364'
-  tags: cve,wordpress,wp-plugin,email-subscribers,medium
+  tags: cve,wordpress,wp-plugin,email-subscribers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14467-d26dfd7d1dd47d6fd5993a9ac9d20c15.yaml b/nuclei-templates/2019/CVE-2019-14467-d26dfd7d1dd47d6fd5993a9ac9d20c15.yaml
index 3a52bacbc7..6afdff976c 100644
--- a/nuclei-templates/2019/CVE-2019-14467-d26dfd7d1dd47d6fd5993a9ac9d20c15.yaml
+++ b/nuclei-templates/2019/CVE-2019-14467-d26dfd7d1dd47d6fd5993a9ac9d20c15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Photo Gallery <= 1.0 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-photo-gallery/"
     google-query: inurl:"/wp-content/plugins/social-photo-gallery/"
     shodan-query: 'vuln:CVE-2019-14467'
-  tags: cve,wordpress,wp-plugin,social-photo-gallery,high
+  tags: cve,wordpress,wp-plugin,social-photo-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14679-a7def05240ca9e7abb72b7c9c9771694.yaml b/nuclei-templates/2019/CVE-2019-14679-a7def05240ca9e7abb72b7c9c9771694.yaml
index e4532769e0..1282d52dc9 100644
--- a/nuclei-templates/2019/CVE-2019-14679-a7def05240ca9e7abb72b7c9c9771694.yaml
+++ b/nuclei-templates/2019/CVE-2019-14679-a7def05240ca9e7abb72b7c9c9771694.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pricing Table Plugin  - < 2.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     WordPress Pricing Table Plugin Plugin 2.2 has a Cross-Site Request Forgery vulnerability via in the core/views/arprice_import_export.php in the plugin's Import/Export admin page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/arprice-responsive-pricing-table/"
     google-query: inurl:"/wp-content/plugins/arprice-responsive-pricing-table/"
     shodan-query: 'vuln:CVE-2019-14679'
-  tags: cve,wordpress,wp-plugin,arprice-responsive-pricing-table,high
+  tags: cve,wordpress,wp-plugin,arprice-responsive-pricing-table,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14681-b61c46947c98daf3d7e5aee079c69c53.yaml b/nuclei-templates/2019/CVE-2019-14681-b61c46947c98daf3d7e5aee079c69c53.yaml
index 5b4f553a03..d2e29de5bb 100644
--- a/nuclei-templates/2019/CVE-2019-14681-b61c46947c98daf3d7e5aee079c69c53.yaml
+++ b/nuclei-templates/2019/CVE-2019-14681-b61c46947c98daf3d7e5aee079c69c53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Deny All Firewall <= 1.1.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/deny-all-firewall/"
     google-query: inurl:"/wp-content/plugins/deny-all-firewall/"
     shodan-query: 'vuln:CVE-2019-14681'
-  tags: cve,wordpress,wp-plugin,deny-all-firewall,high
+  tags: cve,wordpress,wp-plugin,deny-all-firewall,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14682-a4fd26323192935dbbcbf3b0527f2fd4.yaml b/nuclei-templates/2019/CVE-2019-14682-a4fd26323192935dbbcbf3b0527f2fd4.yaml
index 1dbc35469f..051590bae7 100644
--- a/nuclei-templates/2019/CVE-2019-14682-a4fd26323192935dbbcbf3b0527f2fd4.yaml
+++ b/nuclei-templates/2019/CVE-2019-14682-a4fd26323192935dbbcbf3b0527f2fd4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ACF Better Search <= 3.3.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acf-better-search/"
     google-query: inurl:"/wp-content/plugins/acf-better-search/"
     shodan-query: 'vuln:CVE-2019-14682'
-  tags: cve,wordpress,wp-plugin,acf-better-search,high
+  tags: cve,wordpress,wp-plugin,acf-better-search,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14784-beee0c1304e0da531df84f8029d7259b.yaml b/nuclei-templates/2019/CVE-2019-14784-beee0c1304e0da531df84f8029d7259b.yaml
index b6ba769e04..83f458f756 100644
--- a/nuclei-templates/2019/CVE-2019-14784-beee0c1304e0da531df84f8029d7259b.yaml
+++ b/nuclei-templates/2019/CVE-2019-14784-beee0c1304e0da531df84f8029d7259b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "CP Contact Form with PayPal" plugin before 1.3.02 for WordPress has XSS in CSS edition.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-contact-form-with-paypal/"
     google-query: inurl:"/wp-content/plugins/cp-contact-form-with-paypal/"
     shodan-query: 'vuln:CVE-2019-14784'
-  tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,medium
+  tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14785-c94ec523ba103bad6a372ee7e463bd4f.yaml b/nuclei-templates/2019/CVE-2019-14785-c94ec523ba103bad6a372ee7e463bd4f.yaml
index c7f8cf44c8..c9969cea78 100644
--- a/nuclei-templates/2019/CVE-2019-14785-c94ec523ba103bad6a372ee7e463bd4f.yaml
+++ b/nuclei-templates/2019/CVE-2019-14785-c94ec523ba103bad6a372ee7e463bd4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-contact-form-with-paypal/"
     google-query: inurl:"/wp-content/plugins/cp-contact-form-with-paypal/"
     shodan-query: 'vuln:CVE-2019-14785'
-  tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,medium
+  tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14786-424aba97fb32ef1aa4a45220d2d79ae0.yaml b/nuclei-templates/2019/CVE-2019-14786-424aba97fb32ef1aa4a45220d2d79ae0.yaml
index 671281efca..2bd0e3e229 100644
--- a/nuclei-templates/2019/CVE-2019-14786-424aba97fb32ef1aa4a45220d2d79ae0.yaml
+++ b/nuclei-templates/2019/CVE-2019-14786-424aba97fb32ef1aa4a45220d2d79ae0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rank Math SEO <= 1.0.27 - Authenticated Settings Reset via reset-cmb Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-by-rank-math/"
     google-query: inurl:"/wp-content/plugins/seo-by-rank-math/"
     shodan-query: 'vuln:CVE-2019-14786'
-  tags: cve,wordpress,wp-plugin,seo-by-rank-math,medium
+  tags: cve,wordpress,wp-plugin,seo-by-rank-math,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14787-63a6ae12fc77467bfccad91ea4a943d2.yaml b/nuclei-templates/2019/CVE-2019-14787-63a6ae12fc77467bfccad91ea4a943d2.yaml
index 7dc55a1cdf..f30c6d4339 100644
--- a/nuclei-templates/2019/CVE-2019-14787-63a6ae12fc77467bfccad91ea4a943d2.yaml
+++ b/nuclei-templates/2019/CVE-2019-14787-63a6ae12fc77467bfccad91ea4a943d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletters <= 4.6.18 - Cross-Site Scripting via contentarea Parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletters-lite/"
     google-query: inurl:"/wp-content/plugins/newsletters-lite/"
     shodan-query: 'vuln:CVE-2019-14787'
-  tags: cve,wordpress,wp-plugin,newsletters-lite,medium
+  tags: cve,wordpress,wp-plugin,newsletters-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14790-ba4f93258decf77226fa4331245d3364.yaml b/nuclei-templates/2019/CVE-2019-14790-ba4f93258decf77226fa4331245d3364.yaml
index fde99e78b4..789f652f03 100644
--- a/nuclei-templates/2019/CVE-2019-14790-ba4f93258decf77226fa4331245d3364.yaml
+++ b/nuclei-templates/2019/CVE-2019-14790-ba4f93258decf77226fa4331245d3364.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Limb Gallery – Create Beautiful Image & Video Galleries <= 1.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The limb-gallery (aka Limb Gallery) plugin < 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/limb-gallery/"
     google-query: inurl:"/wp-content/plugins/limb-gallery/"
     shodan-query: 'vuln:CVE-2019-14790'
-  tags: cve,wordpress,wp-plugin,limb-gallery,medium
+  tags: cve,wordpress,wp-plugin,limb-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14791-6dd0e2469be8342859a9ccb068065a86.yaml b/nuclei-templates/2019/CVE-2019-14791-6dd0e2469be8342859a9ccb068065a86.yaml
index 7267a1f636..a987c0c5cc 100644
--- a/nuclei-templates/2019/CVE-2019-14791-6dd0e2469be8342859a9ccb068065a86.yaml
+++ b/nuclei-templates/2019/CVE-2019-14791-6dd0e2469be8342859a9ccb068065a86.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Booking Calendar < 1.3.19 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/appointment-booking-calendar/"
     google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/"
     shodan-query: 'vuln:CVE-2019-14791'
-  tags: cve,wordpress,wp-plugin,appointment-booking-calendar,medium
+  tags: cve,wordpress,wp-plugin,appointment-booking-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14795-d02abc95243fe34c87855a6ca2a95d58.yaml b/nuclei-templates/2019/CVE-2019-14795-d02abc95243fe34c87855a6ca2a95d58.yaml
index 1a2e5e10c5..66d6822c2f 100644
--- a/nuclei-templates/2019/CVE-2019-14795-d02abc95243fe34c87855a6ca2a95d58.yaml
+++ b/nuclei-templates/2019/CVE-2019-14795-d02abc95243fe34c87855a6ca2a95d58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Toggle The Title <= 1.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/toggle-the-title/"
     google-query: inurl:"/wp-content/plugins/toggle-the-title/"
     shodan-query: 'vuln:CVE-2019-14795'
-  tags: cve,wordpress,wp-plugin,toggle-the-title,medium
+  tags: cve,wordpress,wp-plugin,toggle-the-title,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14796-f255a0d01d888b1ab68c9fee4e439ae8.yaml b/nuclei-templates/2019/CVE-2019-14796-f255a0d01d888b1ab68c9fee4e439ae8.yaml
index b6eae59079..089262d430 100644
--- a/nuclei-templates/2019/CVE-2019-14796-f255a0d01d888b1ab68c9fee4e439ae8.yaml
+++ b/nuclei-templates/2019/CVE-2019-14796-f255a0d01d888b1ab68c9fee4e439ae8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woocommerce Products Price Bulk Edit <= 2.0 - Cross-Site Scripting via show_products_page_limit parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Woocommerce Products Price Bulk Edit plugin for WordPress is vulnerable to Cross-Site Scripting via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mq-woocommerce-products-price-bulk-edit/"
     google-query: inurl:"/wp-content/plugins/mq-woocommerce-products-price-bulk-edit/"
     shodan-query: 'vuln:CVE-2019-14796'
-  tags: cve,wordpress,wp-plugin,mq-woocommerce-products-price-bulk-edit,medium
+  tags: cve,wordpress,wp-plugin,mq-woocommerce-products-price-bulk-edit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14797-93b42b89f073fbc75b7062f5d47b5b66.yaml b/nuclei-templates/2019/CVE-2019-14797-93b42b89f073fbc75b7062f5d47b5b66.yaml
index 327b8a5484..f421ce041a 100644
--- a/nuclei-templates/2019/CVE-2019-14797-93b42b89f073fbc75b7062f5d47b5b66.yaml
+++ b/nuclei-templates/2019/CVE-2019-14797-93b42b89f073fbc75b7062f5d47b5b66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.5.22 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2019-14797'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14798-9568a93cf21f83223317ab5745dc29b8.yaml b/nuclei-templates/2019/CVE-2019-14798-9568a93cf21f83223317ab5745dc29b8.yaml
index cdcd7d7749..ad9e91becc 100644
--- a/nuclei-templates/2019/CVE-2019-14798-9568a93cf21f83223317ab5745dc29b8.yaml
+++ b/nuclei-templates/2019/CVE-2019-14798-9568a93cf21f83223317ab5745dc29b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.5.24 - Authenticated Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2019-14798'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14799-86d0c991bc6dd85c8051863807fe1299.yaml b/nuclei-templates/2019/CVE-2019-14799-86d0c991bc6dd85c8051863807fe1299.yaml
index 816f1d4a84..10844bfcb0 100644
--- a/nuclei-templates/2019/CVE-2019-14799-86d0c991bc6dd85c8051863807fe1299.yaml
+++ b/nuclei-templates/2019/CVE-2019-14799-86d0c991bc6dd85c8051863807fe1299.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:CVE-2019-14799'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14945-00490e9d02fc53f4fe0fd6d4af30aaaa.yaml b/nuclei-templates/2019/CVE-2019-14945-00490e9d02fc53f4fe0fd6d4af30aaaa.yaml
index 6aae05a8e0..8460d5a688 100644
--- a/nuclei-templates/2019/CVE-2019-14945-00490e9d02fc53f4fe0fd6d4af30aaaa.yaml
+++ b/nuclei-templates/2019/CVE-2019-14945-00490e9d02fc53f4fe0fd6d4af30aaaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.53 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ultimate-member plugin before 2.0.54 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2019-14945'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14948-3385cb8b008c9eac317535d656ebf7b2.yaml b/nuclei-templates/2019/CVE-2019-14948-3385cb8b008c9eac317535d656ebf7b2.yaml
index 8e3ace34a2..d8abd93122 100644
--- a/nuclei-templates/2019/CVE-2019-14948-3385cb8b008c9eac317535d656ebf7b2.yaml
+++ b/nuclei-templates/2019/CVE-2019-14948-3385cb8b008c9eac317535d656ebf7b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PPOM for WooCommerce <= 18.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-addon/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/"
     shodan-query: 'vuln:CVE-2019-14948'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-addon,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-product-addon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14949-71e8880d940289fc5d83f840f7f72d23.yaml b/nuclei-templates/2019/CVE-2019-14949-71e8880d940289fc5d83f840f7f72d23.yaml
index fd0b356148..9f12548af8 100644
--- a/nuclei-templates/2019/CVE-2019-14949-71e8880d940289fc5d83f840f7f72d23.yaml
+++ b/nuclei-templates/2019/CVE-2019-14949-71e8880d940289fc5d83f840f7f72d23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Database Backup <= 5.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-database-backup plugin before 5.1.2 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-backup/"
     google-query: inurl:"/wp-content/plugins/wp-database-backup/"
     shodan-query: 'vuln:CVE-2019-14949'
-  tags: cve,wordpress,wp-plugin,wp-database-backup,medium
+  tags: cve,wordpress,wp-plugin,wp-database-backup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-14950-18d01dbad64386da194504c3f5ffe26e.yaml b/nuclei-templates/2019/CVE-2019-14950-18d01dbad64386da194504c3f5ffe26e.yaml
index 6c3048b90f..c3d51e41bf 100644
--- a/nuclei-templates/2019/CVE-2019-14950-18d01dbad64386da194504c3f5ffe26e.yaml
+++ b/nuclei-templates/2019/CVE-2019-14950-18d01dbad64386da194504c3f5ffe26e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Live Chat Support <= 8.0.27 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:CVE-2019-14950'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15109-15adc07dcc170bd663dc3c1e94fa94e1.yaml b/nuclei-templates/2019/CVE-2019-15109-15adc07dcc170bd663dc3c1e94fa94e1.yaml
index 6c75fbbca5..79da8d04c1 100644
--- a/nuclei-templates/2019/CVE-2019-15109-15adc07dcc170bd663dc3c1e94fa94e1.yaml
+++ b/nuclei-templates/2019/CVE-2019-15109-15adc07dcc170bd663dc3c1e94fa94e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Events Calendar <= 4.8.1 - Cross-Site Scripting via tribe_paged Parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-events-calendar/"
     google-query: inurl:"/wp-content/plugins/the-events-calendar/"
     shodan-query: 'vuln:CVE-2019-15109'
-  tags: cve,wordpress,wp-plugin,the-events-calendar,medium
+  tags: cve,wordpress,wp-plugin,the-events-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15110-0ed606409f522ba3351ac7659014c32c.yaml b/nuclei-templates/2019/CVE-2019-15110-0ed606409f522ba3351ac7659014c32c.yaml
index 5302d5c420..1c47da4b00 100644
--- a/nuclei-templates/2019/CVE-2019-15110-0ed606409f522ba3351ac7659014c32c.yaml
+++ b/nuclei-templates/2019/CVE-2019-15110-0ed606409f522ba3351ac7659014c32c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Front End Profile <= 0.2.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Front End Profile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘save-fields.php’ file in versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-front-end-profile/"
     google-query: inurl:"/wp-content/plugins/wp-front-end-profile/"
     shodan-query: 'vuln:CVE-2019-15110'
-  tags: cve,wordpress,wp-plugin,wp-front-end-profile,medium
+  tags: cve,wordpress,wp-plugin,wp-front-end-profile,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15112-9024f709636fd6877d65d2f3b4c1635e.yaml b/nuclei-templates/2019/CVE-2019-15112-9024f709636fd6877d65d2f3b4c1635e.yaml
index f448d59876..ffa88f0c17 100644
--- a/nuclei-templates/2019/CVE-2019-15112-9024f709636fd6877d65d2f3b4c1635e.yaml
+++ b/nuclei-templates/2019/CVE-2019-15112-9024f709636fd6877d65d2f3b4c1635e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Slimstat <= 4.8 - Unauthenticated Stored Cross-Site Scripting from Visitors
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-slimstat plugin before 4.8.1 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2019-15112'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,medium
+  tags: cve,wordpress,wp-plugin,wp-slimstat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15113-3b5f66bc28ba8ff54368e43564c0ea04.yaml b/nuclei-templates/2019/CVE-2019-15113-3b5f66bc28ba8ff54368e43564c0ea04.yaml
index a4f80cf334..d24e878ac4 100644
--- a/nuclei-templates/2019/CVE-2019-15113-3b5f66bc28ba8ff54368e43564c0ea04.yaml
+++ b/nuclei-templates/2019/CVE-2019-15113-3b5f66bc28ba8ff54368e43564c0ea04.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Companion Sitemap Generator – HTML & XML <= 3.6.6 - Cross-Site Request Forgery and Local File Inclusion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Companion Sitemap Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.6. This makes it possible for unauthenticated attackers to modify the plugin settings or include any local file with a PHP extension via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/companion-sitemap-generator/"
     google-query: inurl:"/wp-content/plugins/companion-sitemap-generator/"
     shodan-query: 'vuln:CVE-2019-15113'
-  tags: cve,wordpress,wp-plugin,companion-sitemap-generator,high
+  tags: cve,wordpress,wp-plugin,companion-sitemap-generator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15114-5fa24ba82d6b7dec5ee5fc8a5b73d9f8.yaml b/nuclei-templates/2019/CVE-2019-15114-5fa24ba82d6b7dec5ee5fc8a5b73d9f8.yaml
index a15076f099..986e0b3038 100644
--- a/nuclei-templates/2019/CVE-2019-15114-5fa24ba82d6b7dec5ee5fc8a5b73d9f8.yaml
+++ b/nuclei-templates/2019/CVE-2019-15114-5fa24ba82d6b7dec5ee5fc8a5b73d9f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FormCraft <= 1.2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formcraft-form-builder/"
     google-query: inurl:"/wp-content/plugins/formcraft-form-builder/"
     shodan-query: 'vuln:CVE-2019-15114'
-  tags: cve,wordpress,wp-plugin,formcraft-form-builder,high
+  tags: cve,wordpress,wp-plugin,formcraft-form-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15115-55f3de8c0899443e80983275ca038b9f.yaml b/nuclei-templates/2019/CVE-2019-15115-55f3de8c0899443e80983275ca038b9f.yaml
index 4f6d053674..bc5f700b74 100644
--- a/nuclei-templates/2019/CVE-2019-15115-55f3de8c0899443e80983275ca038b9f.yaml
+++ b/nuclei-templates/2019/CVE-2019-15115-55f3de8c0899443e80983275ca038b9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LoginWP <= 2.9.1 - Multiple Cross-Site Request Forgery vulnerabilities
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/peters-login-redirect/"
     google-query: inurl:"/wp-content/plugins/peters-login-redirect/"
     shodan-query: 'vuln:CVE-2019-15115'
-  tags: cve,wordpress,wp-plugin,peters-login-redirect,high
+  tags: cve,wordpress,wp-plugin,peters-login-redirect,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15116-58ad5ca81c9faa1c9bf4e8d6a87f5f2f.yaml b/nuclei-templates/2019/CVE-2019-15116-58ad5ca81c9faa1c9bf4e8d6a87f5f2f.yaml
index a2766d4a95..48ac5b16bf 100644
--- a/nuclei-templates/2019/CVE-2019-15116-58ad5ca81c9faa1c9bf4e8d6a87f5f2f.yaml
+++ b/nuclei-templates/2019/CVE-2019-15116-58ad5ca81c9faa1c9bf4e8d6a87f5f2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.9.15 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-digital-downloads/"
     google-query: inurl:"/wp-content/plugins/easy-digital-downloads/"
     shodan-query: 'vuln:CVE-2019-15116'
-  tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium
+  tags: cve,wordpress,wp-plugin,easy-digital-downloads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15238-b4c6a4aeabe2851a3af8facd90e9e06e.yaml b/nuclei-templates/2019/CVE-2019-15238-b4c6a4aeabe2851a3af8facd90e9e06e.yaml
index bdc3efafe1..45f06c6605 100644
--- a/nuclei-templates/2019/CVE-2019-15238-b4c6a4aeabe2851a3af8facd90e9e06e.yaml
+++ b/nuclei-templates/2019/CVE-2019-15238-b4c6a4aeabe2851a3af8facd90e9e06e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cforms2/"
     google-query: inurl:"/wp-content/plugins/cforms2/"
     shodan-query: 'vuln:CVE-2019-15238'
-  tags: cve,wordpress,wp-plugin,cforms2,high
+  tags: cve,wordpress,wp-plugin,cforms2,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15317-d69efeae16b0ba8318e8a9d732208aec.yaml b/nuclei-templates/2019/CVE-2019-15317-d69efeae16b0ba8318e8a9d732208aec.yaml
index 0d472a4092..40ca62fd27 100644
--- a/nuclei-templates/2019/CVE-2019-15317-d69efeae16b0ba8318e8a9d732208aec.yaml
+++ b/nuclei-templates/2019/CVE-2019-15317-d69efeae16b0ba8318e8a9d732208aec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.4.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The give plugin before 2.4.7 for WordPress has XSS via a donor name.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2019-15317'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15323-05dc7f00a65d6d066b60c74e22d18787.yaml b/nuclei-templates/2019/CVE-2019-15323-05dc7f00a65d6d066b60c74e22d18787.yaml
index 0534c32255..fccc6eb1d4 100644
--- a/nuclei-templates/2019/CVE-2019-15323-05dc7f00a65d6d066b60c74e22d18787.yaml
+++ b/nuclei-templates/2019/CVE-2019-15323-05dc7f00a65d6d066b60c74e22d18787.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ad Inserter <= 2.4.19 - Authenticated Path Traversal
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ad-inserter plugin before 2.4.20 for WordPress has path traversal.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ad-inserter/"
     google-query: inurl:"/wp-content/plugins/ad-inserter/"
     shodan-query: 'vuln:CVE-2019-15323'
-  tags: cve,wordpress,wp-plugin,ad-inserter,high
+  tags: cve,wordpress,wp-plugin,ad-inserter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15324-c5d0a251b677b3b951be5050c3700b32.yaml b/nuclei-templates/2019/CVE-2019-15324-c5d0a251b677b3b951be5050c3700b32.yaml
index b2412eae2a..c8fd41c302 100644
--- a/nuclei-templates/2019/CVE-2019-15324-c5d0a251b677b3b951be5050c3700b32.yaml
+++ b/nuclei-templates/2019/CVE-2019-15324-c5d0a251b677b3b951be5050c3700b32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ad-inserter/"
     google-query: inurl:"/wp-content/plugins/ad-inserter/"
     shodan-query: 'vuln:CVE-2019-15324'
-  tags: cve,wordpress,wp-plugin,ad-inserter,high
+  tags: cve,wordpress,wp-plugin,ad-inserter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15327-342fee676d86d87109d08378d8dcd0b0.yaml b/nuclei-templates/2019/CVE-2019-15327-342fee676d86d87109d08378d8dcd0b0.yaml
index 77ac9192d9..80a03bf311 100644
--- a/nuclei-templates/2019/CVE-2019-15327-342fee676d86d87109d08378d8dcd0b0.yaml
+++ b/nuclei-templates/2019/CVE-2019-15327-342fee676d86d87109d08378d8dcd0b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import and export users and customers <= 1.14.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2019-15327'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15328-af8e3b1753f58bd7e46c4cccec8f000f.yaml b/nuclei-templates/2019/CVE-2019-15328-af8e3b1753f58bd7e46c4cccec8f000f.yaml
index de6b845777..fd1bc4ef0a 100644
--- a/nuclei-templates/2019/CVE-2019-15328-af8e3b1753f58bd7e46c4cccec8f000f.yaml
+++ b/nuclei-templates/2019/CVE-2019-15328-af8e3b1753f58bd7e46c4cccec8f000f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import and export users and customers <= 1.14.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2019-15328'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15329-5bda221acefc04e8d84a3c6e2be5c30e.yaml b/nuclei-templates/2019/CVE-2019-15329-5bda221acefc04e8d84a3c6e2be5c30e.yaml
index 7280656da6..35d67abae5 100644
--- a/nuclei-templates/2019/CVE-2019-15329-5bda221acefc04e8d84a3c6e2be5c30e.yaml
+++ b/nuclei-templates/2019/CVE-2019-15329-5bda221acefc04e8d84a3c6e2be5c30e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import and export users and customers <= 1.14.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2019-15329'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15643-01d841cc481bc716c0f7b858b4f11c39.yaml b/nuclei-templates/2019/CVE-2019-15643-01d841cc481bc716c0f7b858b4f11c39.yaml
index b6735c8c9d..e6180fb0bf 100644
--- a/nuclei-templates/2019/CVE-2019-15643-01d841cc481bc716c0f7b858b4f11c39.yaml
+++ b/nuclei-templates/2019/CVE-2019-15643-01d841cc481bc716c0f7b858b4f11c39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Faqs <= 1.8.21 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-faqs/"
     google-query: inurl:"/wp-content/plugins/ultimate-faqs/"
     shodan-query: 'vuln:CVE-2019-15643'
-  tags: cve,wordpress,wp-plugin,ultimate-faqs,medium
+  tags: cve,wordpress,wp-plugin,ultimate-faqs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15645-379056d331237206cad69e45d8d3007e.yaml b/nuclei-templates/2019/CVE-2019-15645-379056d331237206cad69e45d8d3007e.yaml
index 6adf4e23e4..c75d8cb0e0 100644
--- a/nuclei-templates/2019/CVE-2019-15645-379056d331237206cad69e45d8d3007e.yaml
+++ b/nuclei-templates/2019/CVE-2019-15645-379056d331237206cad69e45d8d3007e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zoho-salesiq/"
     google-query: inurl:"/wp-content/plugins/zoho-salesiq/"
     shodan-query: 'vuln:CVE-2019-15645'
-  tags: cve,wordpress,wp-plugin,zoho-salesiq,high
+  tags: cve,wordpress,wp-plugin,zoho-salesiq,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15647-01e6da1e967018241a8f36efe6fd50ba.yaml b/nuclei-templates/2019/CVE-2019-15647-01e6da1e967018241a8f36efe6fd50ba.yaml
index b9aee38f47..a9812175c4 100644
--- a/nuclei-templates/2019/CVE-2019-15647-01e6da1e967018241a8f36efe6fd50ba.yaml
+++ b/nuclei-templates/2019/CVE-2019-15647-01e6da1e967018241a8f36efe6fd50ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg < 1.3.5 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/groundhogg/"
     google-query: inurl:"/wp-content/plugins/groundhogg/"
     shodan-query: 'vuln:CVE-2019-15647'
-  tags: cve,wordpress,wp-plugin,groundhogg,high
+  tags: cve,wordpress,wp-plugin,groundhogg,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15649-243ee6cead272cdb6dc2ad831bc4986e.yaml b/nuclei-templates/2019/CVE-2019-15649-243ee6cead272cdb6dc2ad831bc4986e.yaml
index 6abc1275af..ff31d4ca37 100644
--- a/nuclei-templates/2019/CVE-2019-15649-243ee6cead272cdb6dc2ad831bc4986e.yaml
+++ b/nuclei-templates/2019/CVE-2019-15649-243ee6cead272cdb6dc2ad831bc4986e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Insert or Embed Articulate Content into WordPress < 4.2999 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/"
     google-query: inurl:"/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/"
     shodan-query: 'vuln:CVE-2019-15649'
-  tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,high
+  tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15660-7700c6b035beec7a0abef5d3cdd6b1cf.yaml b/nuclei-templates/2019/CVE-2019-15660-7700c6b035beec7a0abef5d3cdd6b1cf.yaml
index 942cd95261..1ba5f12cd3 100644
--- a/nuclei-templates/2019/CVE-2019-15660-7700c6b035beec7a0abef5d3cdd6b1cf.yaml
+++ b/nuclei-templates/2019/CVE-2019-15660-7700c6b035beec7a0abef5d3cdd6b1cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Members <= 3.2.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wp-members plugin before 3.2.8.1 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-members/"
     google-query: inurl:"/wp-content/plugins/wp-members/"
     shodan-query: 'vuln:CVE-2019-15660'
-  tags: cve,wordpress,wp-plugin,wp-members,high
+  tags: cve,wordpress,wp-plugin,wp-members,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15713-b87197a613662b55350c2f2781a87102.yaml b/nuclei-templates/2019/CVE-2019-15713-b87197a613662b55350c2f2781a87102.yaml
index ab28ec6063..dbea5fd3a8 100644
--- a/nuclei-templates/2019/CVE-2019-15713-b87197a613662b55350c2f2781a87102.yaml
+++ b/nuclei-templates/2019/CVE-2019-15713-b87197a613662b55350c2f2781a87102.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The my-calendar plugin before 3.1.10 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-calendar/"
     google-query: inurl:"/wp-content/plugins/my-calendar/"
     shodan-query: 'vuln:CVE-2019-15713'
-  tags: cve,wordpress,wp-plugin,my-calendar,medium
+  tags: cve,wordpress,wp-plugin,my-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15769-8f10a7f44536cd7d542d4c451e6c6b46.yaml b/nuclei-templates/2019/CVE-2019-15769-8f10a7f44536cd7d542d4c451e6c6b46.yaml
index a24fbc6b5a..64a5faf4c3 100644
--- a/nuclei-templates/2019/CVE-2019-15769-8f10a7f44536cd7d542d4c451e6c6b46.yaml
+++ b/nuclei-templates/2019/CVE-2019-15769-8f10a7f44536cd7d542d4c451e6c6b46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HandL UTM Grabber / Tracker <= 2.6.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/handl-utm-grabber/"
     google-query: inurl:"/wp-content/plugins/handl-utm-grabber/"
     shodan-query: 'vuln:CVE-2019-15769'
-  tags: cve,wordpress,wp-plugin,handl-utm-grabber,high
+  tags: cve,wordpress,wp-plugin,handl-utm-grabber,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15770-35ff0530e249316fdf7a2ba6a6ea24d8.yaml b/nuclei-templates/2019/CVE-2019-15770-35ff0530e249316fdf7a2ba6a6ea24d8.yaml
index 621d5b0fcc..622360cb94 100644
--- a/nuclei-templates/2019/CVE-2019-15770-35ff0530e249316fdf7a2ba6a6ea24d8.yaml
+++ b/nuclei-templates/2019/CVE-2019-15770-35ff0530e249316fdf7a2ba6a6ea24d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Address Book < 1.6.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-address-book/"
     google-query: inurl:"/wp-content/plugins/woo-address-book/"
     shodan-query: 'vuln:CVE-2019-15770'
-  tags: cve,wordpress,wp-plugin,woo-address-book,high
+  tags: cve,wordpress,wp-plugin,woo-address-book,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15777-65fb11931177bab0fee70a7467cb7286.yaml b/nuclei-templates/2019/CVE-2019-15777-65fb11931177bab0fee70a7467cb7286.yaml
index 90fbf55bcd..903feb00fd 100644
--- a/nuclei-templates/2019/CVE-2019-15777-65fb11931177bab0fee70a7467cb7286.yaml
+++ b/nuclei-templates/2019/CVE-2019-15777-65fb11931177bab0fee70a7467cb7286.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP DSGVO Tools (GDPR) <= 2.2.18 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shapepress-dsgvo/"
     google-query: inurl:"/wp-content/plugins/shapepress-dsgvo/"
     shodan-query: 'vuln:CVE-2019-15777'
-  tags: cve,wordpress,wp-plugin,shapepress-dsgvo,medium
+  tags: cve,wordpress,wp-plugin,shapepress-dsgvo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15778-9404e968e946456749ff0111b0225ba5.yaml b/nuclei-templates/2019/CVE-2019-15778-9404e968e946456749ff0111b0225ba5.yaml
index d9e02cc536..3d9f21980a 100644
--- a/nuclei-templates/2019/CVE-2019-15778-9404e968e946456749ff0111b0225ba5.yaml
+++ b/nuclei-templates/2019/CVE-2019-15778-9404e968e946456749ff0111b0225ba5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Additional Variation Images Gallery for WooCommerce <= 1.1.28 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-variation-gallery/"
     google-query: inurl:"/wp-content/plugins/woo-variation-gallery/"
     shodan-query: 'vuln:CVE-2019-15778'
-  tags: cve,wordpress,wp-plugin,woo-variation-gallery,medium
+  tags: cve,wordpress,wp-plugin,woo-variation-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15779-a977aa9a4c9e6ea956efab1274f3c128.yaml b/nuclei-templates/2019/CVE-2019-15779-a977aa9a4c9e6ea956efab1274f3c128.yaml
index 6975718045..2eb62deac3 100644
--- a/nuclei-templates/2019/CVE-2019-15779-a977aa9a4c9e6ea956efab1274f3c128.yaml
+++ b/nuclei-templates/2019/CVE-2019-15779-a977aa9a4c9e6ea956efab1274f3c128.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Feed Gallery <= 2.4.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insta-gallery/"
     google-query: inurl:"/wp-content/plugins/insta-gallery/"
     shodan-query: 'vuln:CVE-2019-15779'
-  tags: cve,wordpress,wp-plugin,insta-gallery,high
+  tags: cve,wordpress,wp-plugin,insta-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15781-281277016a09cf7dcda0f71c2e15f07f.yaml b/nuclei-templates/2019/CVE-2019-15781-281277016a09cf7dcda0f71c2e15f07f.yaml
index 2423e93cc6..29fb6eaafb 100644
--- a/nuclei-templates/2019/CVE-2019-15781-281277016a09cf7dcda0f71c2e15f07f.yaml
+++ b/nuclei-templates/2019/CVE-2019-15781-281277016a09cf7dcda0f71c2e15f07f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social LikeBox & Feed <= 2.8.4 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-by-weblizar/"
     google-query: inurl:"/wp-content/plugins/facebook-by-weblizar/"
     shodan-query: 'vuln:CVE-2019-15781'
-  tags: cve,wordpress,wp-plugin,facebook-by-weblizar,high
+  tags: cve,wordpress,wp-plugin,facebook-by-weblizar,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15817-19a8a46d3531a17a737d3cfe8d4f708e.yaml b/nuclei-templates/2019/CVE-2019-15817-19a8a46d3531a17a737d3cfe8d4f708e.yaml
index 816c9cf8ff..9d797eb4f1 100644
--- a/nuclei-templates/2019/CVE-2019-15817-19a8a46d3531a17a737d3cfe8d4f708e.yaml
+++ b/nuclei-templates/2019/CVE-2019-15817-19a8a46d3531a17a737d3cfe8d4f708e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Property Listings <= 3.3.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The easy-property-listings plugin before 3.4 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-property-listings/"
     google-query: inurl:"/wp-content/plugins/easy-property-listings/"
     shodan-query: 'vuln:CVE-2019-15817'
-  tags: cve,wordpress,wp-plugin,easy-property-listings,medium
+  tags: cve,wordpress,wp-plugin,easy-property-listings,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15827-697b3f7f41c78660c9aef82a5b73a231.yaml b/nuclei-templates/2019/CVE-2019-15827-697b3f7f41c78660c9aef82a5b73a231.yaml
index 31f1f67a52..aee749670d 100644
--- a/nuclei-templates/2019/CVE-2019-15827-697b3f7f41c78660c9aef82a5b73a231.yaml
+++ b/nuclei-templates/2019/CVE-2019-15827-697b3f7f41c78660c9aef82a5b73a231.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OneSignal Web Push Notifications <=1.17.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/onesignal-free-web-push-notifications/"
     google-query: inurl:"/wp-content/plugins/onesignal-free-web-push-notifications/"
     shodan-query: 'vuln:CVE-2019-15827'
-  tags: cve,wordpress,wp-plugin,onesignal-free-web-push-notifications,medium
+  tags: cve,wordpress,wp-plugin,onesignal-free-web-push-notifications,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15828-a5333a81df962bfc4dc1ef98d3ece12b.yaml b/nuclei-templates/2019/CVE-2019-15828-a5333a81df962bfc4dc1ef98d3ece12b.yaml
index 4fdde61378..21a01f31ee 100644
--- a/nuclei-templates/2019/CVE-2019-15828-a5333a81df962bfc4dc1ef98d3ece12b.yaml
+++ b/nuclei-templates/2019/CVE-2019-15828-a5333a81df962bfc4dc1ef98d3ece12b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     One Click SSL <= 1.4.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/one-click-ssl/"
     google-query: inurl:"/wp-content/plugins/one-click-ssl/"
     shodan-query: 'vuln:CVE-2019-15828'
-  tags: cve,wordpress,wp-plugin,one-click-ssl,high
+  tags: cve,wordpress,wp-plugin,one-click-ssl,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15830-1189677e87fccd5ba86b3b7c8e3828fd.yaml b/nuclei-templates/2019/CVE-2019-15830-1189677e87fccd5ba86b3b7c8e3828fd.yaml
index 78d2f83e54..e209fc24f1 100644
--- a/nuclei-templates/2019/CVE-2019-15830-1189677e87fccd5ba86b3b7c8e3828fd.yaml
+++ b/nuclei-templates/2019/CVE-2019-15830-1189677e87fccd5ba86b3b7c8e3828fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram <= 1.10.28.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icegram/"
     google-query: inurl:"/wp-content/plugins/icegram/"
     shodan-query: 'vuln:CVE-2019-15830'
-  tags: cve,wordpress,wp-plugin,icegram,medium
+  tags: cve,wordpress,wp-plugin,icegram,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15831-95fcd32657de195d1ff10c3dd6c72f1b.yaml b/nuclei-templates/2019/CVE-2019-15831-95fcd32657de195d1ff10c3dd6c72f1b.yaml
index c2a1f4bcde..4219dbe02c 100644
--- a/nuclei-templates/2019/CVE-2019-15831-95fcd32657de195d1ff10c3dd6c72f1b.yaml
+++ b/nuclei-templates/2019/CVE-2019-15831-95fcd32657de195d1ff10c3dd6c72f1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visitor Traffic Real Time Statistics <= 1.12 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/"
     google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/"
     shodan-query: 'vuln:CVE-2019-15831'
-  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,high
+  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15832-354f6d128f8dd6bd63a76dae47bd8628.yaml b/nuclei-templates/2019/CVE-2019-15832-354f6d128f8dd6bd63a76dae47bd8628.yaml
index b1536e9678..197dba8bdc 100644
--- a/nuclei-templates/2019/CVE-2019-15832-354f6d128f8dd6bd63a76dae47bd8628.yaml
+++ b/nuclei-templates/2019/CVE-2019-15832-354f6d128f8dd6bd63a76dae47bd8628.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visitor Traffic Real Time Statistics <= 1.13 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/"
     google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/"
     shodan-query: 'vuln:CVE-2019-15832'
-  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,high
+  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15834-52ad3a4045cbc52c94981ea4e45a3cca.yaml b/nuclei-templates/2019/CVE-2019-15834-52ad3a4045cbc52c94981ea4e45a3cca.yaml
index ef553f5d53..74a13fb5ec 100644
--- a/nuclei-templates/2019/CVE-2019-15834-52ad3a4045cbc52c94981ea4e45a3cca.yaml
+++ b/nuclei-templates/2019/CVE-2019-15834-52ad3a4045cbc52c94981ea4e45a3cca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebP Converter for Media – Convert WebP and AVIF & Optimize Images <= 1.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WebP Converter for Media – Convert WebP and AVIF & Optimize Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webp-converter-for-media/"
     google-query: inurl:"/wp-content/plugins/webp-converter-for-media/"
     shodan-query: 'vuln:CVE-2019-15834'
-  tags: cve,wordpress,wp-plugin,webp-converter-for-media,high
+  tags: cve,wordpress,wp-plugin,webp-converter-for-media,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15835-1fb46247dc51fca766c3b6cc15fb0753.yaml b/nuclei-templates/2019/CVE-2019-15835-1fb46247dc51fca766c3b6cc15fb0753.yaml
index 3486e17a80..7474945dfb 100644
--- a/nuclei-templates/2019/CVE-2019-15835-1fb46247dc51fca766c3b6cc15fb0753.yaml
+++ b/nuclei-templates/2019/CVE-2019-15835-1fb46247dc51fca766c3b6cc15fb0753.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Better Permalinks < 3.0.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-better-permalinks/"
     google-query: inurl:"/wp-content/plugins/wp-better-permalinks/"
     shodan-query: 'vuln:CVE-2019-15835'
-  tags: cve,wordpress,wp-plugin,wp-better-permalinks,high
+  tags: cve,wordpress,wp-plugin,wp-better-permalinks,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15836-1e6683ba97d940c27fa31053738ff471.yaml b/nuclei-templates/2019/CVE-2019-15836-1e6683ba97d940c27fa31053738ff471.yaml
index 5c8afa2daf..8a37345043 100644
--- a/nuclei-templates/2019/CVE-2019-15836-1e6683ba97d940c27fa31053738ff471.yaml
+++ b/nuclei-templates/2019/CVE-2019-15836-1e6683ba97d940c27fa31053738ff471.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Ultimate Recipe < 3.12.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-recipe/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-recipe/"
     shodan-query: 'vuln:CVE-2019-15836'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-recipe,medium
+  tags: cve,wordpress,wp-plugin,wp-ultimate-recipe,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15837-3d333cad26fc8b3d5422c9b862bc540d.yaml b/nuclei-templates/2019/CVE-2019-15837-3d333cad26fc8b3d5422c9b862bc540d.yaml
index f6871a2853..13e8514881 100644
--- a/nuclei-templates/2019/CVE-2019-15837-3d333cad26fc8b3d5422c9b862bc540d.yaml
+++ b/nuclei-templates/2019/CVE-2019-15837-3d333cad26fc8b3d5422c9b862bc540d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebP Express <= 0.14.10 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The webp-express plugin before 0.14.8 for WordPress has stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webp-express/"
     google-query: inurl:"/wp-content/plugins/webp-express/"
     shodan-query: 'vuln:CVE-2019-15837'
-  tags: cve,wordpress,wp-plugin,webp-express,medium
+  tags: cve,wordpress,wp-plugin,webp-express,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15840-d27b9b5016915435f37e3d3e6a022f76.yaml b/nuclei-templates/2019/CVE-2019-15840-d27b9b5016915435f37e3d3e6a022f76.yaml
index a9483b091a..3532c88bbd 100644
--- a/nuclei-templates/2019/CVE-2019-15840-d27b9b5016915435f37e3d3e6a022f76.yaml
+++ b/nuclei-templates/2019/CVE-2019-15840-d27b9b5016915435f37e3d3e6a022f76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Facebook for WooCommerce <= 1.9.12 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/facebook-for-woocommerce/"
     shodan-query: 'vuln:CVE-2019-15840'
-  tags: cve,wordpress,wp-plugin,facebook-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,facebook-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15841-9534faef8d85288ee99452de6c7c430a.yaml b/nuclei-templates/2019/CVE-2019-15841-9534faef8d85288ee99452de6c7c430a.yaml
index 4583cb8874..92df8be34f 100644
--- a/nuclei-templates/2019/CVE-2019-15841-9534faef8d85288ee99452de6c7c430a.yaml
+++ b/nuclei-templates/2019/CVE-2019-15841-9534faef8d85288ee99452de6c7c430a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Facebook for WooCommerce <= 1.9.12 - Cross-Site Request Forgery allowing Option Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/facebook-for-woocommerce/"
     shodan-query: 'vuln:CVE-2019-15841'
-  tags: cve,wordpress,wp-plugin,facebook-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,facebook-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15842-40be5fedd5539e32999075c425fecfed.yaml b/nuclei-templates/2019/CVE-2019-15842-40be5fedd5539e32999075c425fecfed.yaml
index 20d797881f..919014ec09 100644
--- a/nuclei-templates/2019/CVE-2019-15842-40be5fedd5539e32999075c425fecfed.yaml
+++ b/nuclei-templates/2019/CVE-2019-15842-40be5fedd5539e32999075c425fecfed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy restaurant menu manager <= 1.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-pdf-restaurant-menu-upload/"
     google-query: inurl:"/wp-content/plugins/easy-pdf-restaurant-menu-upload/"
     shodan-query: 'vuln:CVE-2019-15842'
-  tags: cve,wordpress,wp-plugin,easy-pdf-restaurant-menu-upload,medium
+  tags: cve,wordpress,wp-plugin,easy-pdf-restaurant-menu-upload,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15864-d4f39f41edde6809c1e3f1995c35c774.yaml b/nuclei-templates/2019/CVE-2019-15864-d4f39f41edde6809c1e3f1995c35c774.yaml
index cea7fc47d0..8e7029a9aa 100644
--- a/nuclei-templates/2019/CVE-2019-15864-d4f39f41edde6809c1e3f1995c35c774.yaml
+++ b/nuclei-templates/2019/CVE-2019-15864-d4f39f41edde6809c1e3f1995c35c774.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Breadcrumbs by menu < 1.0.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/breadcrumbs-by-menu/"
     google-query: inurl:"/wp-content/plugins/breadcrumbs-by-menu/"
     shodan-query: 'vuln:CVE-2019-15864'
-  tags: cve,wordpress,wp-plugin,breadcrumbs-by-menu,medium
+  tags: cve,wordpress,wp-plugin,breadcrumbs-by-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15865-49ba2e496df198082592a83af2dd4d61.yaml b/nuclei-templates/2019/CVE-2019-15865-49ba2e496df198082592a83af2dd4d61.yaml
index acf4b780ff..75902a1f34 100644
--- a/nuclei-templates/2019/CVE-2019-15865-49ba2e496df198082592a83af2dd4d61.yaml
+++ b/nuclei-templates/2019/CVE-2019-15865-49ba2e496df198082592a83af2dd4d61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Breadcrumbs by menu <= 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Breadcrumbs by menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/breadcrumbs-by-menu/"
     google-query: inurl:"/wp-content/plugins/breadcrumbs-by-menu/"
     shodan-query: 'vuln:CVE-2019-15865'
-  tags: cve,wordpress,wp-plugin,breadcrumbs-by-menu,high
+  tags: cve,wordpress,wp-plugin,breadcrumbs-by-menu,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15866-11611891705bb620b2fbc93feb153c11.yaml b/nuclei-templates/2019/CVE-2019-15866-11611891705bb620b2fbc93feb153c11.yaml
index d4a0c611cd..038f7ffae8 100644
--- a/nuclei-templates/2019/CVE-2019-15866-11611891705bb620b2fbc93feb153c11.yaml
+++ b/nuclei-templates/2019/CVE-2019-15866-11611891705bb620b2fbc93feb153c11.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crelly Slider <= 1.3.4 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crelly-slider/"
     google-query: inurl:"/wp-content/plugins/crelly-slider/"
     shodan-query: 'vuln:CVE-2019-15866'
-  tags: cve,wordpress,wp-plugin,crelly-slider,high
+  tags: cve,wordpress,wp-plugin,crelly-slider,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15868-5c818a45f2a9dcd466f195a8752dd840.yaml b/nuclei-templates/2019/CVE-2019-15868-5c818a45f2a9dcd466f195a8752dd840.yaml
index 9cdc59f748..b9f00a131b 100644
--- a/nuclei-templates/2019/CVE-2019-15868-5c818a45f2a9dcd466f195a8752dd840.yaml
+++ b/nuclei-templates/2019/CVE-2019-15868-5c818a45f2a9dcd466f195a8752dd840.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Affiliates Manager <= 2.6.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 2.6.6. This makes it possible for unauthenticated attackers to perform unspecified modifications to the plugin settings granted they can trick a site administrator into performing an action such as clicking on a link.  The impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliates-manager/"
     google-query: inurl:"/wp-content/plugins/affiliates-manager/"
     shodan-query: 'vuln:CVE-2019-15868'
-  tags: cve,wordpress,wp-plugin,affiliates-manager,high
+  tags: cve,wordpress,wp-plugin,affiliates-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15869-b9eb31c713b27c04fd47230e22de33c0.yaml b/nuclei-templates/2019/CVE-2019-15869-b9eb31c713b27c04fd47230e22de33c0.yaml
index c6351d8984..b303ebacab 100644
--- a/nuclei-templates/2019/CVE-2019-15869-b9eb31c713b27c04fd47230e22de33c0.yaml
+++ b/nuclei-templates/2019/CVE-2019-15869-b9eb31c713b27c04fd47230e22de33c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobCareer | Job Board Responsive WordPress Theme <= 2.5.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JobCareer theme before 2.5.1 for WordPress has stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jobcareer/"
     google-query: inurl:"/wp-content/plugins/jobcareer/"
     shodan-query: 'vuln:CVE-2019-15869'
-  tags: cve,wordpress,wp-plugin,jobcareer,medium
+  tags: cve,wordpress,wp-plugin,jobcareer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15870-67f647f4edf0dc956943ef2a579b4258.yaml b/nuclei-templates/2019/CVE-2019-15870-67f647f4edf0dc956943ef2a579b4258.yaml
index 1c2c3aa23d..9fd838aa95 100644
--- a/nuclei-templates/2019/CVE-2019-15870-67f647f4edf0dc956943ef2a579b4258.yaml
+++ b/nuclei-templates/2019/CVE-2019-15870-67f647f4edf0dc956943ef2a579b4258.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CarSpot – Dealership Wordpress Classified Theme < 2.1.7 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/carspot/"
     google-query: inurl:"/wp-content/themes/carspot/"
     shodan-query: 'vuln:CVE-2019-15870'
-  tags: cve,wordpress,wp-theme,carspot,medium
+  tags: cve,wordpress,wp-theme,carspot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15872-9e304c0c2d27a9a5e4112a85cbe97828.yaml b/nuclei-templates/2019/CVE-2019-15872-9e304c0c2d27a9a5e4112a85cbe97828.yaml
index 272ab5a182..dbb56136dd 100644
--- a/nuclei-templates/2019/CVE-2019-15872-9e304c0c2d27a9a5e4112a85cbe97828.yaml
+++ b/nuclei-templates/2019/CVE-2019-15872-9e304c0c2d27a9a5e4112a85cbe97828.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LoginPress <= 1.1.15 - Authenticated SQL Injection via Settings Import
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The LoginPress plugin for WordPress is vulnerable to blind SQL Injection via Settings Import in versions up to, and including, 1.1.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/loginpress/"
     google-query: inurl:"/wp-content/plugins/loginpress/"
     shodan-query: 'vuln:CVE-2019-15872'
-  tags: cve,wordpress,wp-plugin,loginpress,high
+  tags: cve,wordpress,wp-plugin,loginpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15873-7bf1226ebc8c449ae85cc65e327ee63d.yaml b/nuclei-templates/2019/CVE-2019-15873-7bf1226ebc8c449ae85cc65e327ee63d.yaml
index 4ffd7ddb68..f9d7d8ceec 100644
--- a/nuclei-templates/2019/CVE-2019-15873-7bf1226ebc8c449ae85cc65e327ee63d.yaml
+++ b/nuclei-templates/2019/CVE-2019-15873-7bf1226ebc8c449ae85cc65e327ee63d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid – User Profiles, Memberships, Groups and Communities < 2.8.6 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2019-15873'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15889-7381977dcbbf38890f97270b77e9814a.yaml b/nuclei-templates/2019/CVE-2019-15889-7381977dcbbf38890f97270b77e9814a.yaml
index 43f12dc670..6ef4551d63 100644
--- a/nuclei-templates/2019/CVE-2019-15889-7381977dcbbf38890f97270b77e9814a.yaml
+++ b/nuclei-templates/2019/CVE-2019-15889-7381977dcbbf38890f97270b77e9814a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 2.9.93 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Download Manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2019-15889'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-15896-164e2c0c315709a0cb3bf1d13c08e3b1.yaml b/nuclei-templates/2019/CVE-2019-15896-164e2c0c315709a0cb3bf1d13c08e3b1.yaml
index 644da67616..d84eb44d3e 100644
--- a/nuclei-templates/2019/CVE-2019-15896-164e2c0c315709a0cb3bf1d13c08e3b1.yaml
+++ b/nuclei-templates/2019/CVE-2019-15896-164e2c0c315709a0cb3bf1d13c08e3b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LMS by LifterLMS <= 3.35.0 - Stored Cross-Site Scripting via Import
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lifterlms/"
     google-query: inurl:"/wp-content/plugins/lifterlms/"
     shodan-query: 'vuln:CVE-2019-15896'
-  tags: cve,wordpress,wp-plugin,lifterlms,critical
+  tags: cve,wordpress,wp-plugin,lifterlms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16117-1cfd262b55edc365cf2f57c5e6d1da2e.yaml b/nuclei-templates/2019/CVE-2019-16117-1cfd262b55edc365cf2f57c5e6d1da2e.yaml
index ad425bdd02..2284ab6584 100644
--- a/nuclei-templates/2019/CVE-2019-16117-1cfd262b55edc365cf2f57c5e6d1da2e.yaml
+++ b/nuclei-templates/2019/CVE-2019-16117-1cfd262b55edc365cf2f57c5e6d1da2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2019-16117'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16118-4ee123ab64de9526a768d6e54f2c4b2d.yaml b/nuclei-templates/2019/CVE-2019-16118-4ee123ab64de9526a768d6e54f2c4b2d.yaml
index fc84469533..30fa7252b7 100644
--- a/nuclei-templates/2019/CVE-2019-16118-4ee123ab64de9526a768d6e54f2c4b2d.yaml
+++ b/nuclei-templates/2019/CVE-2019-16118-4ee123ab64de9526a768d6e54f2c4b2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.5.34 -  Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2019-16118'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16217-46c3b494b5cc3ea133b4b6c9ec9dce06.yaml b/nuclei-templates/2019/CVE-2019-16217-46c3b494b5cc3ea133b4b6c9ec9dce06.yaml
index 94a8738643..9d94c7c8d5 100644
--- a/nuclei-templates/2019/CVE-2019-16217-46c3b494b5cc3ea133b4b6c9ec9dce06.yaml
+++ b/nuclei-templates/2019/CVE-2019-16217-46c3b494b5cc3ea133b4b6c9ec9dce06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.2.3 - Cross-Site Scripting via Media Uploads
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-16217
   metadata:
     shodan-query: 'vuln:CVE-2019-16217'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16222-77ce3568929dc53b56e0c4f8840c178b.yaml b/nuclei-templates/2019/CVE-2019-16222-77ce3568929dc53b56e0c4f8840c178b.yaml
index bae578a3e6..e5e8d57d59 100644
--- a/nuclei-templates/2019/CVE-2019-16222-77ce3568929dc53b56e0c4f8840c178b.yaml
+++ b/nuclei-templates/2019/CVE-2019-16222-77ce3568929dc53b56e0c4f8840c178b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.2.3 - Stored Cross-Site Scripting via Comments via URLs
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-16222
   metadata:
     shodan-query: 'vuln:CVE-2019-16222'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16223-85dfbc95d4932a9f83bfee5a6b2585d0.yaml b/nuclei-templates/2019/CVE-2019-16223-85dfbc95d4932a9f83bfee5a6b2585d0.yaml
index b6b566571d..700f42a561 100644
--- a/nuclei-templates/2019/CVE-2019-16223-85dfbc95d4932a9f83bfee5a6b2585d0.yaml
+++ b/nuclei-templates/2019/CVE-2019-16223-85dfbc95d4932a9f83bfee5a6b2585d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.2.3 - Authenticated Cross-Site Scripting via Post Previews
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress before 5.2.3 allows XSS in post previews by authenticated users.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-16223
   metadata:
     shodan-query: 'vuln:CVE-2019-16223'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16251-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/2019/CVE-2019-16251-e1335c6f9c71ba603c44dff8a99e9a32.yaml
index be20aca7e8..94125c6600 100644
--- a/nuclei-templates/2019/CVE-2019-16251-e1335c6f9c71ba603c44dff8a99e9a32.yaml
+++ b/nuclei-templates/2019/CVE-2019-16251-e1335c6f9c71ba603c44dff8a99e9a32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2019-16251
   metadata:
-    fofa-query: "wp-content/plugins/yith-woocommerce-bulk-product-editing/"
-    google-query: inurl:"/wp-content/plugins/yith-woocommerce-bulk-product-editing/"
+    fofa-query: "wp-content/plugins/yith-woocommerce-social-login/"
+    google-query: inurl:"/wp-content/plugins/yith-woocommerce-social-login/"
     shodan-query: 'vuln:CVE-2019-16251'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-bulk-product-editing,medium
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-social-login,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-bulk-product-editing/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-social-login/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "yith-woocommerce-bulk-product-editing"
+          - "yith-woocommerce-social-login"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.2.13')
\ No newline at end of file
+          - compare_versions(version, '<= 1.3.4')
\ No newline at end of file
diff --git a/nuclei-templates/2019/CVE-2019-16289-c3c6968289de386f0f53996017935a1d.yaml b/nuclei-templates/2019/CVE-2019-16289-c3c6968289de386f0f53996017935a1d.yaml
index 3088c9b34e..b41389f5c4 100644
--- a/nuclei-templates/2019/CVE-2019-16289-c3c6968289de386f0f53996017935a1d.yaml
+++ b/nuclei-templates/2019/CVE-2019-16289-c3c6968289de386f0f53996017935a1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woody Ad Snippets <= 2.2.8 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The insert-php (aka Woody ad snippets) plugin before 2.2.9 for WordPress allows authenticated XSS via the winp_item parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insert-php/"
     google-query: inurl:"/wp-content/plugins/insert-php/"
     shodan-query: 'vuln:CVE-2019-16289'
-  tags: cve,wordpress,wp-plugin,insert-php,medium
+  tags: cve,wordpress,wp-plugin,insert-php,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16332-fee563db4bd1e05c4270644fa9c809a1.yaml b/nuclei-templates/2019/CVE-2019-16332-fee563db4bd1e05c4270644fa9c809a1.yaml
index 858ccfcaf4..f38b6a7da4 100644
--- a/nuclei-templates/2019/CVE-2019-16332-fee563db4bd1e05c4270644fa9c809a1.yaml
+++ b/nuclei-templates/2019/CVE-2019-16332-fee563db4bd1e05c4270644fa9c809a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     API Bearer Auth < 20190907 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/api-bearer-auth/"
     google-query: inurl:"/wp-content/plugins/api-bearer-auth/"
     shodan-query: 'vuln:CVE-2019-16332'
-  tags: cve,wordpress,wp-plugin,api-bearer-auth,medium
+  tags: cve,wordpress,wp-plugin,api-bearer-auth,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16520-d9419931966f7a4ced3c49a3cc9a6932.yaml b/nuclei-templates/2019/CVE-2019-16520-d9419931966f7a4ced3c49a3cc9a6932.yaml
index 164ec1ea96..2741ab4eba 100644
--- a/nuclei-templates/2019/CVE-2019-16520-d9419931966f7a4ced3c49a3cc9a6932.yaml
+++ b/nuclei-templates/2019/CVE-2019-16520-d9419931966f7a4ced3c49a3cc9a6932.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One SEO Pack <= 3.2.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:CVE-2019-16520'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16522-0598f02cdb42ad5878825a4305d0cd60.yaml b/nuclei-templates/2019/CVE-2019-16522-0598f02cdb42ad5878825a4305d0cd60.yaml
index ea2eac13f7..661f4e4216 100644
--- a/nuclei-templates/2019/CVE-2019-16522-0598f02cdb42ad5878825a4305d0cd60.yaml
+++ b/nuclei-templates/2019/CVE-2019-16522-0598f02cdb42ad5878825a4305d0cd60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EU Cookie Law <= 3.1.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eu-cookie-law/"
     google-query: inurl:"/wp-content/plugins/eu-cookie-law/"
     shodan-query: 'vuln:CVE-2019-16522'
-  tags: cve,wordpress,wp-plugin,eu-cookie-law,medium
+  tags: cve,wordpress,wp-plugin,eu-cookie-law,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16523-9691566897b1cf3f102fa4ca66fa2b90.yaml b/nuclei-templates/2019/CVE-2019-16523-9691566897b1cf3f102fa4ca66fa2b90.yaml
index 487eaca256..8a65c44e3c 100644
--- a/nuclei-templates/2019/CVE-2019-16523-9691566897b1cf3f102fa4ca66fa2b90.yaml
+++ b/nuclei-templates/2019/CVE-2019-16523-9691566897b1cf3f102fa4ca66fa2b90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 5.9.5 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2019-16523'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16524-192f3751511f8b242f0945f1aac116aa.yaml b/nuclei-templates/2019/CVE-2019-16524-192f3751511f8b242f0945f1aac116aa.yaml
index 8ac6701053..9b5f0d512d 100644
--- a/nuclei-templates/2019/CVE-2019-16524-192f3751511f8b242f0945f1aac116aa.yaml
+++ b/nuclei-templates/2019/CVE-2019-16524-192f3751511f8b242f0945f1aac116aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Fancybox <= 1.8.17 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-fancybox/"
     google-query: inurl:"/wp-content/plugins/easy-fancybox/"
     shodan-query: 'vuln:CVE-2019-16524'
-  tags: cve,wordpress,wp-plugin,easy-fancybox,medium
+  tags: cve,wordpress,wp-plugin,easy-fancybox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16525-d4f973711f83e484b1ab150d8a07fcda.yaml b/nuclei-templates/2019/CVE-2019-16525-d4f973711f83e484b1ab150d8a07fcda.yaml
index 11207f49f4..e93eb30882 100644
--- a/nuclei-templates/2019/CVE-2019-16525-d4f973711f83e484b1ab150d8a07fcda.yaml
+++ b/nuclei-templates/2019/CVE-2019-16525-d4f973711f83e484b1ab150d8a07fcda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Checklist <= 1.1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/checklist/"
     google-query: inurl:"/wp-content/plugins/checklist/"
     shodan-query: 'vuln:CVE-2019-16525'
-  tags: cve,wordpress,wp-plugin,checklist,medium
+  tags: cve,wordpress,wp-plugin,checklist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16780-628434356b9e4de217bb4ae54139a78f.yaml b/nuclei-templates/2019/CVE-2019-16780-628434356b9e4de217bb4ae54139a78f.yaml
index b86fe96d16..7a283231d3 100644
--- a/nuclei-templates/2019/CVE-2019-16780-628434356b9e4de217bb4ae54139a78f.yaml
+++ b/nuclei-templates/2019/CVE-2019-16780-628434356b9e4de217bb4ae54139a78f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.3.1 - Stored Cross-Site Scripting via Block Editor
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-16780
   metadata:
     shodan-query: 'vuln:CVE-2019-16780'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16781-ff109dde1d54495dd369e80dd2dbfb9f.yaml b/nuclei-templates/2019/CVE-2019-16781-ff109dde1d54495dd369e80dd2dbfb9f.yaml
index 24fec89b11..5ed0fef17a 100644
--- a/nuclei-templates/2019/CVE-2019-16781-ff109dde1d54495dd369e80dd2dbfb9f.yaml
+++ b/nuclei-templates/2019/CVE-2019-16781-ff109dde1d54495dd369e80dd2dbfb9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-16781
   metadata:
     shodan-query: 'vuln:CVE-2019-16781'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-16931-9153236cbe43b83fd86d1f43d04bc623.yaml b/nuclei-templates/2019/CVE-2019-16931-9153236cbe43b83fd86d1f43d04bc623.yaml
index 64dd76d3db..5a1dde1838 100644
--- a/nuclei-templates/2019/CVE-2019-16931-9153236cbe43b83fd86d1f43d04bc623.yaml
+++ b/nuclei-templates/2019/CVE-2019-16931-9153236cbe43b83fd86d1f43d04bc623.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visualizer: Tables and Charts Manager for WordPress <= 3.3.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visualizer/"
     google-query: inurl:"/wp-content/plugins/visualizer/"
     shodan-query: 'vuln:CVE-2019-16931'
-  tags: cve,wordpress,wp-plugin,visualizer,medium
+  tags: cve,wordpress,wp-plugin,visualizer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17070-2fc40f0eebe24b9548355cb63270c890.yaml b/nuclei-templates/2019/CVE-2019-17070-2fc40f0eebe24b9548355cb63270c890.yaml
index cf9404a1c1..20ab563d61 100644
--- a/nuclei-templates/2019/CVE-2019-17070-2fc40f0eebe24b9548355cb63270c890.yaml
+++ b/nuclei-templates/2019/CVE-2019-17070-2fc40f0eebe24b9548355cb63270c890.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LIQUID SPEECH BALLOON < 1.0.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/liquid-speech-balloon/"
     google-query: inurl:"/wp-content/plugins/liquid-speech-balloon/"
     shodan-query: 'vuln:CVE-2019-17070'
-  tags: cve,wordpress,wp-plugin,liquid-speech-balloon,medium
+  tags: cve,wordpress,wp-plugin,liquid-speech-balloon,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17071-1ed96ac73f1ecde8fe792ec7cdde085c.yaml b/nuclei-templates/2019/CVE-2019-17071-1ed96ac73f1ecde8fe792ec7cdde085c.yaml
index 2c8e4cc010..410d06e353 100644
--- a/nuclei-templates/2019/CVE-2019-17071-1ed96ac73f1ecde8fe792ec7cdde085c.yaml
+++ b/nuclei-templates/2019/CVE-2019-17071-1ed96ac73f1ecde8fe792ec7cdde085c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Client Dash <= 2.2.0 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Client Dash plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator permissions to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/client-dash/"
     google-query: inurl:"/wp-content/plugins/client-dash/"
     shodan-query: 'vuln:CVE-2019-17071'
-  tags: cve,wordpress,wp-plugin,client-dash,medium
+  tags: cve,wordpress,wp-plugin,client-dash,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17213-01553cdc4d088a5ffa18c2b6b9ad5640.yaml b/nuclei-templates/2019/CVE-2019-17213-01553cdc4d088a5ffa18c2b6b9ad5640.yaml
index c055f0824b..cce7e92ef8 100644
--- a/nuclei-templates/2019/CVE-2019-17213-01553cdc4d088a5ffa18c2b6b9ad5640.yaml
+++ b/nuclei-templates/2019/CVE-2019-17213-01553cdc4d088a5ffa18c2b6b9ad5640.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebARX <= 1.3.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webarx/"
     google-query: inurl:"/wp-content/plugins/webarx/"
     shodan-query: 'vuln:CVE-2019-17213'
-  tags: cve,wordpress,wp-plugin,webarx,medium
+  tags: cve,wordpress,wp-plugin,webarx,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17229-8395989e9f463aede02be6293faac97f.yaml b/nuclei-templates/2019/CVE-2019-17229-8395989e9f463aede02be6293faac97f.yaml
index a22ab40451..8029fe701c 100644
--- a/nuclei-templates/2019/CVE-2019-17229-8395989e9f463aede02be6293faac97f.yaml
+++ b/nuclei-templates/2019/CVE-2019-17229-8395989e9f463aede02be6293faac97f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Motors – Car Dealer, Classifieds & Listing <= 1.4.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/motors-car-dealership-classified-listings/"
     google-query: inurl:"/wp-content/plugins/motors-car-dealership-classified-listings/"
     shodan-query: 'vuln:CVE-2019-17229'
-  tags: cve,wordpress,wp-plugin,motors-car-dealership-classified-listings,medium
+  tags: cve,wordpress,wp-plugin,motors-car-dealership-classified-listings,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17230-95f9bc03677a083bf89832ea0c794033.yaml b/nuclei-templates/2019/CVE-2019-17230-95f9bc03677a083bf89832ea0c794033.yaml
index 15158b4ed1..f8e6b25c4c 100644
--- a/nuclei-templates/2019/CVE-2019-17230-95f9bc03677a083bf89832ea0c794033.yaml
+++ b/nuclei-templates/2019/CVE-2019-17230-95f9bc03677a083bf89832ea0c794033.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2019-17230
   metadata:
-    fofa-query: "wp-content/themes/onetone/"
-    google-query: inurl:"/wp-content/themes/onetone/"
+    fofa-query: "wp-content/plugins/onetone-companion/"
+    google-query: inurl:"/wp-content/plugins/onetone-companion/"
     shodan-query: 'vuln:CVE-2019-17230'
-  tags: cve,wordpress,wp-theme,onetone,critical
+  tags: cve,wordpress,wp-plugin,onetone-companion,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/onetone/style.css"
+      - "{{BaseURL}}/wp-content/plugins/onetone-companion/readme.txt"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Version: ([0-9.]+)"
+          - "(?mi)Stable tag: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Version: ([0-9.]+)"
+          - "(?mi)Stable tag: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "onetone"
+          - "onetone-companion"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.0.6')
\ No newline at end of file
+          - compare_versions(version, '<= 1.1.1')
\ No newline at end of file
diff --git a/nuclei-templates/2019/CVE-2019-17231-161c93480bad1a6fddf7935d08286cca.yaml b/nuclei-templates/2019/CVE-2019-17231-161c93480bad1a6fddf7935d08286cca.yaml
index f147192bde..3e61d6f4e5 100644
--- a/nuclei-templates/2019/CVE-2019-17231-161c93480bad1a6fddf7935d08286cca.yaml
+++ b/nuclei-templates/2019/CVE-2019-17231-161c93480bad1a6fddf7935d08286cca.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.2
     cve-id: CVE-2019-17231
   metadata:
-    fofa-query: "wp-content/themes/onetone/"
-    google-query: inurl:"/wp-content/themes/onetone/"
+    fofa-query: "wp-content/plugins/onetone-companion/"
+    google-query: inurl:"/wp-content/plugins/onetone-companion/"
     shodan-query: 'vuln:CVE-2019-17231'
-  tags: cve,wordpress,wp-theme,onetone,high
+  tags: cve,wordpress,wp-plugin,onetone-companion,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/onetone/style.css"
+      - "{{BaseURL}}/wp-content/plugins/onetone-companion/readme.txt"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Version: ([0-9.]+)"
+          - "(?mi)Stable tag: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Version: ([0-9.]+)"
+          - "(?mi)Stable tag: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "onetone"
+          - "onetone-companion"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.0.6')
\ No newline at end of file
+          - compare_versions(version, '<= 1.1.1')
\ No newline at end of file
diff --git a/nuclei-templates/2019/CVE-2019-17233-91fd3dac9c4d5ede970602c4fc325980.yaml b/nuclei-templates/2019/CVE-2019-17233-91fd3dac9c4d5ede970602c4fc325980.yaml
index bfb0ab73bb..ac08ce770a 100644
--- a/nuclei-templates/2019/CVE-2019-17233-91fd3dac9c4d5ede970602c4fc325980.yaml
+++ b/nuclei-templates/2019/CVE-2019-17233-91fd3dac9c4d5ede970602c4fc325980.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate FAQ <= 1.8.24 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-faqs/"
     google-query: inurl:"/wp-content/plugins/ultimate-faqs/"
     shodan-query: 'vuln:CVE-2019-17233'
-  tags: cve,wordpress,wp-plugin,ultimate-faqs,medium
+  tags: cve,wordpress,wp-plugin,ultimate-faqs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17236-2d2ac3176c43972722599e2c20bf65f9.yaml b/nuclei-templates/2019/CVE-2019-17236-2d2ac3176c43972722599e2c20bf65f9.yaml
index 19c67d32ca..66eeb8381b 100644
--- a/nuclei-templates/2019/CVE-2019-17236-2d2ac3176c43972722599e2c20bf65f9.yaml
+++ b/nuclei-templates/2019/CVE-2019-17236-2d2ac3176c43972722599e2c20bf65f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IgniteUp – Coming Soon and Maintenance Mode <= 3.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/igniteup/"
     google-query: inurl:"/wp-content/plugins/igniteup/"
     shodan-query: 'vuln:CVE-2019-17236'
-  tags: cve,wordpress,wp-plugin,igniteup,medium
+  tags: cve,wordpress,wp-plugin,igniteup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17237-97d25b3e88007081f13d8a53fc8698cf.yaml b/nuclei-templates/2019/CVE-2019-17237-97d25b3e88007081f13d8a53fc8698cf.yaml
index a4082c8338..4c9f1adc14 100644
--- a/nuclei-templates/2019/CVE-2019-17237-97d25b3e88007081f13d8a53fc8698cf.yaml
+++ b/nuclei-templates/2019/CVE-2019-17237-97d25b3e88007081f13d8a53fc8698cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IgniteUp – Coming Soon and Maintenance Mode <= 3.4.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/igniteup/"
     google-query: inurl:"/wp-content/plugins/igniteup/"
     shodan-query: 'vuln:CVE-2019-17237'
-  tags: cve,wordpress,wp-plugin,igniteup,high
+  tags: cve,wordpress,wp-plugin,igniteup,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17239-5c3c1a4d657c9a945c9b03f1e7ed6d15.yaml b/nuclei-templates/2019/CVE-2019-17239-5c3c1a4d657c9a945c9b03f1e7ed6d15.yaml
index c6897a4f8b..be793e2d23 100644
--- a/nuclei-templates/2019/CVE-2019-17239-5c3c1a4d657c9a945c9b03f1e7ed6d15.yaml
+++ b/nuclei-templates/2019/CVE-2019-17239-5c3c1a4d657c9a945c9b03f1e7ed6d15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Plugins and Themes from Dashboard <= 1.5.0 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-plugins-dashboard/"
     google-query: inurl:"/wp-content/plugins/download-plugins-dashboard/"
     shodan-query: 'vuln:CVE-2019-17239'
-  tags: cve,wordpress,wp-plugin,download-plugins-dashboard,medium
+  tags: cve,wordpress,wp-plugin,download-plugins-dashboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17384-6786cc650f667a015a2cad75459e0a89.yaml b/nuclei-templates/2019/CVE-2019-17384-6786cc650f667a015a2cad75459e0a89.yaml
index e928002e62..8334b0edec 100644
--- a/nuclei-templates/2019/CVE-2019-17384-6786cc650f667a015a2cad75459e0a89.yaml
+++ b/nuclei-templates/2019/CVE-2019-17384-6786cc650f667a015a2cad75459e0a89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Animate It <= 2.3.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The animate-it plugin before 2.3.6 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/animate-it/"
     google-query: inurl:"/wp-content/plugins/animate-it/"
     shodan-query: 'vuln:CVE-2019-17384'
-  tags: cve,wordpress,wp-plugin,animate-it,medium
+  tags: cve,wordpress,wp-plugin,animate-it,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17385-61c977fb1adb33ac70d098207834a351.yaml b/nuclei-templates/2019/CVE-2019-17385-61c977fb1adb33ac70d098207834a351.yaml
index 7919acba44..9534b337e9 100644
--- a/nuclei-templates/2019/CVE-2019-17385-61c977fb1adb33ac70d098207834a351.yaml
+++ b/nuclei-templates/2019/CVE-2019-17385-61c977fb1adb33ac70d098207834a351.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Animate It <= 2.3.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The animate-it plugin before 2.3.6 for WordPress has XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/animate-it/"
     google-query: inurl:"/wp-content/plugins/animate-it/"
     shodan-query: 'vuln:CVE-2019-17385'
-  tags: cve,wordpress,wp-plugin,animate-it,medium
+  tags: cve,wordpress,wp-plugin,animate-it,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17386-5cb88706cc3e4d4bdffd38343a9f038a.yaml b/nuclei-templates/2019/CVE-2019-17386-5cb88706cc3e4d4bdffd38343a9f038a.yaml
index e71b04ac27..814a481e1f 100644
--- a/nuclei-templates/2019/CVE-2019-17386-5cb88706cc3e4d4bdffd38343a9f038a.yaml
+++ b/nuclei-templates/2019/CVE-2019-17386-5cb88706cc3e4d4bdffd38343a9f038a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Animate It <= 2.3.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/animate-it/"
     google-query: inurl:"/wp-content/plugins/animate-it/"
     shodan-query: 'vuln:CVE-2019-17386'
-  tags: cve,wordpress,wp-plugin,animate-it,high
+  tags: cve,wordpress,wp-plugin,animate-it,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17671-f48a9fb689f8698b971abbab7d25b506.yaml b/nuclei-templates/2019/CVE-2019-17671-f48a9fb689f8698b971abbab7d25b506.yaml
index 7c6f5f480f..6229960cae 100644
--- a/nuclei-templates/2019/CVE-2019-17671-f48a9fb689f8698b971abbab7d25b506.yaml
+++ b/nuclei-templates/2019/CVE-2019-17671-f48a9fb689f8698b971abbab7d25b506.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.2.4 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-17671
   metadata:
     shodan-query: 'vuln:CVE-2019-17671'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17672-12b542c9c6e5694670c0b26901250872.yaml b/nuclei-templates/2019/CVE-2019-17672-12b542c9c6e5694670c0b26901250872.yaml
index a09c4872f4..f3f50ab958 100644
--- a/nuclei-templates/2019/CVE-2019-17672-12b542c9c6e5694670c0b26901250872.yaml
+++ b/nuclei-templates/2019/CVE-2019-17672-12b542c9c6e5694670c0b26901250872.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.2.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-17672
   metadata:
     shodan-query: 'vuln:CVE-2019-17672'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-17674-7aa910c9023680190c934154781b69ae.yaml b/nuclei-templates/2019/CVE-2019-17674-7aa910c9023680190c934154781b69ae.yaml
index 15f0509d05..5a0167df7c 100644
--- a/nuclei-templates/2019/CVE-2019-17674-7aa910c9023680190c934154781b69ae.yaml
+++ b/nuclei-templates/2019/CVE-2019-17674-7aa910c9023680190c934154781b69ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.2.4 - Authenticated Stored Cross-Site Scripting via Customizer
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-17674
   metadata:
     shodan-query: 'vuln:CVE-2019-17674'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-18668-57f78642fa9cede94bd35b0316b99b78.yaml b/nuclei-templates/2019/CVE-2019-18668-57f78642fa9cede94bd35b0316b99b78.yaml
index 47a8eb340c..432ff04750 100644
--- a/nuclei-templates/2019/CVE-2019-18668-57f78642fa9cede94bd35b0316b99b78.yaml
+++ b/nuclei-templates/2019/CVE-2019-18668-57f78642fa9cede94bd35b0316b99b78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Currency Switcher <= 2.11.1 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/currency-switcher-woocommerce/"
     google-query: inurl:"/wp-content/plugins/currency-switcher-woocommerce/"
     shodan-query: 'vuln:CVE-2019-18668'
-  tags: cve,wordpress,wp-plugin,currency-switcher-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,currency-switcher-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-18834-f9c4b5a4e9087a30d794272cce966354.yaml b/nuclei-templates/2019/CVE-2019-18834-f9c4b5a4e9087a30d794272cce966354.yaml
index cc9455d5e8..bef78001bb 100644
--- a/nuclei-templates/2019/CVE-2019-18834-f9c4b5a4e9087a30d794272cce966354.yaml
+++ b/nuclei-templates/2019/CVE-2019-18834-f9c4b5a4e9087a30d794272cce966354.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Subscriptions < 2.6.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-subscriptions/"
     google-query: inurl:"/wp-content/plugins/woocommerce-subscriptions/"
     shodan-query: 'vuln:CVE-2019-18834'
-  tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19109-dcbc26c1e59709ba0a55cede543653d5.yaml b/nuclei-templates/2019/CVE-2019-19109-dcbc26c1e59709ba0a55cede543653d5.yaml
index d522af0c8c..a939a47590 100644
--- a/nuclei-templates/2019/CVE-2019-19109-dcbc26c1e59709ba0a55cede543653d5.yaml
+++ b/nuclei-templates/2019/CVE-2019-19109-dcbc26c1e59709ba0a55cede543653d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 1.6.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2019-19109'
-  tags: cve,wordpress,wp-plugin,wpforo,high
+  tags: cve,wordpress,wp-plugin,wpforo,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19110-e5552ad191b551e3319c3d216b7466cf.yaml b/nuclei-templates/2019/CVE-2019-19110-e5552ad191b551e3319c3d216b7466cf.yaml
index 5151f94ad1..683722da96 100644
--- a/nuclei-templates/2019/CVE-2019-19110-e5552ad191b551e3319c3d216b7466cf.yaml
+++ b/nuclei-templates/2019/CVE-2019-19110-e5552ad191b551e3319c3d216b7466cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 1.6.5 - Cross-Site Scripting via s parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2019-19110'
-  tags: cve,wordpress,wp-plugin,wpforo,medium
+  tags: cve,wordpress,wp-plugin,wpforo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19111-c9f41d227d49a467420a82298376145f.yaml b/nuclei-templates/2019/CVE-2019-19111-c9f41d227d49a467420a82298376145f.yaml
index 290cbccbd3..968eb8703f 100644
--- a/nuclei-templates/2019/CVE-2019-19111-c9f41d227d49a467420a82298376145f.yaml
+++ b/nuclei-templates/2019/CVE-2019-19111-c9f41d227d49a467420a82298376145f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 1.6.5 - Cross-Site Scripting via langid parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2019-19111'
-  tags: cve,wordpress,wp-plugin,wpforo,medium
+  tags: cve,wordpress,wp-plugin,wpforo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19112-0974ad31ae0ff4ed4780871fa5a19327.yaml b/nuclei-templates/2019/CVE-2019-19112-0974ad31ae0ff4ed4780871fa5a19327.yaml
index 40980faa58..1e0f313932 100644
--- a/nuclei-templates/2019/CVE-2019-19112-0974ad31ae0ff4ed4780871fa5a19327.yaml
+++ b/nuclei-templates/2019/CVE-2019-19112-0974ad31ae0ff4ed4780871fa5a19327.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 1.6.5 - Cross-Site Scripting via wpf-dw-td-value class
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2019-19112'
-  tags: cve,wordpress,wp-plugin,wpforo,medium
+  tags: cve,wordpress,wp-plugin,wpforo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19198-1e95de3e52134f8f88956ec119bc2d88.yaml b/nuclei-templates/2019/CVE-2019-19198-1e95de3e52134f8f88956ec119bc2d88.yaml
index 6cdb2f559d..aaf58bdeb0 100644
--- a/nuclei-templates/2019/CVE-2019-19198-1e95de3e52134f8f88956ec119bc2d88.yaml
+++ b/nuclei-templates/2019/CVE-2019-19198-1e95de3e52134f8f88956ec119bc2d88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scoutnet Kalender <= 1.1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Scoutnet Kalender plugin 1.1.0 and before for WordPress allows XSS via 'info' field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scoutnet-kalender/"
     google-query: inurl:"/wp-content/plugins/scoutnet-kalender/"
     shodan-query: 'vuln:CVE-2019-19198'
-  tags: cve,wordpress,wp-plugin,scoutnet-kalender,medium
+  tags: cve,wordpress,wp-plugin,scoutnet-kalender,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19541-5ff88083e32bfbabf7c17c2a2829921d.yaml b/nuclei-templates/2019/CVE-2019-19541-5ff88083e32bfbabf7c17c2a2829921d.yaml
index bfb146654e..19e9860aba 100644
--- a/nuclei-templates/2019/CVE-2019-19541-5ff88083e32bfbabf7c17c2a2829921d.yaml
+++ b/nuclei-templates/2019/CVE-2019-19541-5ff88083e32bfbabf7c17c2a2829921d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ListingPro theme before v2.0.14.5 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/listingpro/"
     google-query: inurl:"/wp-content/themes/listingpro/"
     shodan-query: 'vuln:CVE-2019-19541'
-  tags: cve,wordpress,wp-theme,listingpro,medium
+  tags: cve,wordpress,wp-theme,listingpro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19542-e612ae5fb8c05a8c56c1d21cf4568559.yaml b/nuclei-templates/2019/CVE-2019-19542-e612ae5fb8c05a8c56c1d21cf4568559.yaml
index 112ab37618..142f9476a9 100644
--- a/nuclei-templates/2019/CVE-2019-19542-e612ae5fb8c05a8c56c1d21cf4568559.yaml
+++ b/nuclei-templates/2019/CVE-2019-19542-e612ae5fb8c05a8c56c1d21cf4568559.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ListingPro theme before v2.0.14.5 for WordPress has Persistent XSS via the Good For field on the new listing submit page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/listingpro/"
     google-query: inurl:"/wp-content/themes/listingpro/"
     shodan-query: 'vuln:CVE-2019-19542'
-  tags: cve,wordpress,wp-theme,listingpro,medium
+  tags: cve,wordpress,wp-theme,listingpro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19915-65fec51a84e4dae8b6ac8a6f543cb922.yaml b/nuclei-templates/2019/CVE-2019-19915-65fec51a84e4dae8b6ac8a6f543cb922.yaml
index 4b05b1f8cc..44e66fbab8 100644
--- a/nuclei-templates/2019/CVE-2019-19915-65fec51a84e4dae8b6ac8a6f543cb922.yaml
+++ b/nuclei-templates/2019/CVE-2019-19915-65fec51a84e4dae8b6ac8a6f543cb922.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     301 Redirects - Easy Redirect Manager <= 2.40 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eps-301-redirects/"
     google-query: inurl:"/wp-content/plugins/eps-301-redirects/"
     shodan-query: 'vuln:CVE-2019-19915'
-  tags: cve,wordpress,wp-plugin,eps-301-redirects,medium
+  tags: cve,wordpress,wp-plugin,eps-301-redirects,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19979-6dc10d5c3a8a61c313df3cbcf576a1b8.yaml b/nuclei-templates/2019/CVE-2019-19979-6dc10d5c3a8a61c313df3cbcf576a1b8.yaml
index f9534672d4..908995f8b7 100644
--- a/nuclei-templates/2019/CVE-2019-19979-6dc10d5c3a8a61c313df3cbcf576a1b8.yaml
+++ b/nuclei-templates/2019/CVE-2019-19979-6dc10d5c3a8a61c313df3cbcf576a1b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-maintenance/"
     google-query: inurl:"/wp-content/plugins/wp-maintenance/"
     shodan-query: 'vuln:CVE-2019-19979'
-  tags: cve,wordpress,wp-plugin,wp-maintenance,high
+  tags: cve,wordpress,wp-plugin,wp-maintenance,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19980-3042e18a6deb29dac6c8bd45ef1b1544.yaml b/nuclei-templates/2019/CVE-2019-19980-3042e18a6deb29dac6c8bd45ef1b1544.yaml
index f1d67e92b4..b09525184f 100644
--- a/nuclei-templates/2019/CVE-2019-19980-3042e18a6deb29dac6c8bd45ef1b1544.yaml
+++ b/nuclei-templates/2019/CVE-2019-19980-3042e18a6deb29dac6c8bd45ef1b1544.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization to Test Email
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2019-19980'
-  tags: cve,wordpress,wp-plugin,email-subscribers,medium
+  tags: cve,wordpress,wp-plugin,email-subscribers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-19984-f324ead36f3eeb3ed11630cd0ba7e8ed.yaml b/nuclei-templates/2019/CVE-2019-19984-f324ead36f3eeb3ed11630cd0ba7e8ed.yaml
index 42af331f32..4b56d0a1ad 100644
--- a/nuclei-templates/2019/CVE-2019-19984-f324ead36f3eeb3ed11630cd0ba7e8ed.yaml
+++ b/nuclei-templates/2019/CVE-2019-19984-f324ead36f3eeb3ed11630cd0ba7e8ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Subscribers & Newsletters <= 4.2.2 -  Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2019-19984'
-  tags: cve,wordpress,wp-plugin,email-subscribers,medium
+  tags: cve,wordpress,wp-plugin,email-subscribers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20041-3ea050ab19cdfec8097a097615a833a6.yaml b/nuclei-templates/2019/CVE-2019-20041-3ea050ab19cdfec8097a097615a833a6.yaml
index a92e1de5b9..cf7d4a97d7 100644
--- a/nuclei-templates/2019/CVE-2019-20041-3ea050ab19cdfec8097a097615a833a6.yaml
+++ b/nuclei-templates/2019/CVE-2019-20041-3ea050ab19cdfec8097a097615a833a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript&colon; substring.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-20041
   metadata:
     shodan-query: 'vuln:CVE-2019-20041'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20042-4975b9673fe108360602d6969c234af1.yaml b/nuclei-templates/2019/CVE-2019-20042-4975b9673fe108360602d6969c234af1.yaml
index 1883705796..6f488158ab 100644
--- a/nuclei-templates/2019/CVE-2019-20042-4975b9673fe108360602d6969c234af1.yaml
+++ b/nuclei-templates/2019/CVE-2019-20042-4975b9673fe108360602d6969c234af1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-20042
   metadata:
     shodan-query: 'vuln:CVE-2019-20042'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20043-38e1681925de50501e0141995c16e341.yaml b/nuclei-templates/2019/CVE-2019-20043-38e1681925de50501e0141995c16e341.yaml
index 3b86abe8fb..8a8510aa67 100644
--- a/nuclei-templates/2019/CVE-2019-20043-38e1681925de50501e0141995c16e341.yaml
+++ b/nuclei-templates/2019/CVE-2019-20043-38e1681925de50501e0141995c16e341.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.3.1 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-20043
   metadata:
     shodan-query: 'vuln:CVE-2019-20043'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20141-ce8dd1af11ff660941fa17a3827331a2.yaml b/nuclei-templates/2019/CVE-2019-20141-ce8dd1af11ff660941fa17a3827331a2.yaml
index 461b124009..e464a81c91 100644
--- a/nuclei-templates/2019/CVE-2019-20141-ce8dd1af11ff660941fa17a3827331a2.yaml
+++ b/nuclei-templates/2019/CVE-2019-20141-ce8dd1af11ff660941fa17a3827331a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Neon - Bootstrap Admin Theme <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/neon/"
     google-query: inurl:"/wp-content/themes/neon/"
     shodan-query: 'vuln:CVE-2019-20141'
-  tags: cve,wordpress,wp-theme,neon,medium
+  tags: cve,wordpress,wp-theme,neon,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20173-6bd4ae57c5ef629c5bc1d004189d96b3.yaml b/nuclei-templates/2019/CVE-2019-20173-6bd4ae57c5ef629c5bc1d004189d96b3.yaml
index cef428ec43..8599206e3f 100644
--- a/nuclei-templates/2019/CVE-2019-20173-6bd4ae57c5ef629c5bc1d004189d96b3.yaml
+++ b/nuclei-templates/2019/CVE-2019-20173-6bd4ae57c5ef629c5bc1d004189d96b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login by Auth0 3.11.0 - 3.11.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auth0/"
     google-query: inurl:"/wp-content/plugins/auth0/"
     shodan-query: 'vuln:CVE-2019-20173'
-  tags: cve,wordpress,wp-plugin,auth0,medium
+  tags: cve,wordpress,wp-plugin,auth0,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20180-3fb1358d568dc8245a52a721b92fb318.yaml b/nuclei-templates/2019/CVE-2019-20180-3fb1358d568dc8245a52a721b92fb318.yaml
index 14227d2900..4903654510 100644
--- a/nuclei-templates/2019/CVE-2019-20180-3fb1358d568dc8245a52a721b92fb318.yaml
+++ b/nuclei-templates/2019/CVE-2019-20180-3fb1358d568dc8245a52a721b92fb318.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TablePress <= 1.14 - Authenticated (Author+) CSV Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The TablePress plugin for WordPress is vulnerable to CSV Injection in versions up to and including 1.14 via the tablepress[data] value. This makes it possible for attackers with author level access and above to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. This vulnerability is not likely to be exploited in the wild due to its high complexity and many modern day protections, however, it could have a significant impact if exploited successfully at it's worst impact. Please note that while the CVE record says this issue was patched in 1.10, our team confirmed it was still exploitable in 1.14. The has been patched in version 2.0 of TablePress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tablepress/"
     google-query: inurl:"/wp-content/plugins/tablepress/"
     shodan-query: 'vuln:CVE-2019-20180'
-  tags: cve,wordpress,wp-plugin,tablepress,high
+  tags: cve,wordpress,wp-plugin,tablepress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20181-e5141ff592bd9997e23b1aad269872cc.yaml b/nuclei-templates/2019/CVE-2019-20181-e5141ff592bd9997e23b1aad269872cc.yaml
index 04ec1addd0..2b19beff1d 100644
--- a/nuclei-templates/2019/CVE-2019-20181-e5141ff592bd9997e23b1aad269872cc.yaml
+++ b/nuclei-templates/2019/CVE-2019-20181-e5141ff592bd9997e23b1aad269872cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support – WordPress HelpDesk & Support Plugin <= 6.0.13 - Cross-Site Scripting via post_title
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The awesome-support plugin 6.0.13 and below for WordPress allows XSS via the post_title parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2019-20181'
-  tags: cve,wordpress,wp-plugin,awesome-support,medium
+  tags: cve,wordpress,wp-plugin,awesome-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20182-7acb842ebb36fed3d48b7a27908aad70.yaml b/nuclei-templates/2019/CVE-2019-20182-7acb842ebb36fed3d48b7a27908aad70.yaml
index 0fae05959e..e5378eb6e3 100644
--- a/nuclei-templates/2019/CVE-2019-20182-7acb842ebb36fed3d48b7a27908aad70.yaml
+++ b/nuclei-templates/2019/CVE-2019-20182-7acb842ebb36fed3d48b7a27908aad70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FooGallery <= 1.8.12 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter. Please note this requires administrative privileges to exploit.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foogallery/"
     google-query: inurl:"/wp-content/plugins/foogallery/"
     shodan-query: 'vuln:CVE-2019-20182'
-  tags: cve,wordpress,wp-plugin,foogallery,medium
+  tags: cve,wordpress,wp-plugin,foogallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20203-727d4fbf362548e62940ac117a3d3c3a.yaml b/nuclei-templates/2019/CVE-2019-20203-727d4fbf362548e62940ac117a3d3c3a.yaml
index ebf1d9416d..a34f3ce3a6 100644
--- a/nuclei-templates/2019/CVE-2019-20203-727d4fbf362548e62940ac117a3d3c3a.yaml
+++ b/nuclei-templates/2019/CVE-2019-20203-727d4fbf362548e62940ac117a3d3c3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Postie <= 1.9.40 - Post Submission Spoofing & Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/postie/"
     google-query: inurl:"/wp-content/plugins/postie/"
     shodan-query: 'vuln:CVE-2019-20203'
-  tags: cve,wordpress,wp-plugin,postie,medium
+  tags: cve,wordpress,wp-plugin,postie,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20204-6f78bc0495c69824a3ef08a95ff8b518.yaml b/nuclei-templates/2019/CVE-2019-20204-6f78bc0495c69824a3ef08a95ff8b518.yaml
index 72213f9039..d0e936706d 100644
--- a/nuclei-templates/2019/CVE-2019-20204-6f78bc0495c69824a3ef08a95ff8b518.yaml
+++ b/nuclei-templates/2019/CVE-2019-20204-6f78bc0495c69824a3ef08a95ff8b518.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Postie <= 1.9.40 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/postie/"
     google-query: inurl:"/wp-content/plugins/postie/"
     shodan-query: 'vuln:CVE-2019-20204'
-  tags: cve,wordpress,wp-plugin,postie,medium
+  tags: cve,wordpress,wp-plugin,postie,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-20209-17f6998fdf35be8a6349776a3309aedc.yaml b/nuclei-templates/2019/CVE-2019-20209-17f6998fdf35be8a6349776a3309aedc.yaml
index b10bea605e..5eb47c366d 100644
--- a/nuclei-templates/2019/CVE-2019-20209-17f6998fdf35be8a6349776a3309aedc.yaml
+++ b/nuclei-templates/2019/CVE-2019-20209-17f6998fdf35be8a6349776a3309aedc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CTHthemes CityBook < 2.3.4, TownHub < 1.0.6, EasyBook < 1.2.2 Themes - Authenticated Post Deleition via IDOR
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow unspecified authenticated users to delete any page/post/listing via insecure Direct Object Reference (IDOR)
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2019-20209
   metadata:
-    fofa-query: "wp-content/themes/easybook/"
-    google-query: inurl:"/wp-content/themes/easybook/"
+    fofa-query: "wp-content/themes/citybook/"
+    google-query: inurl:"/wp-content/themes/citybook/"
     shodan-query: 'vuln:CVE-2019-20209'
-  tags: cve,wordpress,wp-theme,easybook,high
+  tags: cve,wordpress,wp-theme,citybook,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/easybook/style.css"
+      - "{{BaseURL}}/wp-content/themes/citybook/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "easybook"
+          - "citybook"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.2.2')
\ No newline at end of file
+          - compare_versions(version, '< 2.3.4')
\ No newline at end of file
diff --git a/nuclei-templates/2019/CVE-2019-20210-f5204789b3d63c1e5dd223fef5d1ac5d.yaml b/nuclei-templates/2019/CVE-2019-20210-f5204789b3d63c1e5dd223fef5d1ac5d.yaml
index 007ee764bf..b5adb62611 100644
--- a/nuclei-templates/2019/CVE-2019-20210-f5204789b3d63c1e5dd223fef5d1ac5d.yaml
+++ b/nuclei-templates/2019/CVE-2019-20210-f5204789b3d63c1e5dd223fef5d1ac5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CTHthemes CityBook Theme < 2.3.4, TownHub Theme < 1.0.6, EasyBook Theme < 1.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2019-20210
   metadata:
-    fofa-query: "wp-content/themes/easybook/"
-    google-query: inurl:"/wp-content/themes/easybook/"
+    fofa-query: "wp-content/themes/citybook/"
+    google-query: inurl:"/wp-content/themes/citybook/"
     shodan-query: 'vuln:CVE-2019-20210'
-  tags: cve,wordpress,wp-theme,easybook,medium
+  tags: cve,wordpress,wp-theme,citybook,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/easybook/style.css"
+      - "{{BaseURL}}/wp-content/themes/citybook/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "easybook"
+          - "citybook"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.2.2')
\ No newline at end of file
+          - compare_versions(version, '< 2.3.4')
\ No newline at end of file
diff --git a/nuclei-templates/2019/CVE-2019-20211-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml b/nuclei-templates/2019/CVE-2019-20211-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml
index ef0fe47042..b331258451 100644
--- a/nuclei-templates/2019/CVE-2019-20211-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml
+++ b/nuclei-templates/2019/CVE-2019-20211-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.2
     cve-id: CVE-2019-20211
   metadata:
-    fofa-query: "wp-content/themes/easybook/"
-    google-query: inurl:"/wp-content/themes/easybook/"
+    fofa-query: "wp-content/themes/citybook/"
+    google-query: inurl:"/wp-content/themes/citybook/"
     shodan-query: 'vuln:CVE-2019-20211'
-  tags: cve,wordpress,wp-theme,easybook,high
+  tags: cve,wordpress,wp-theme,citybook,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/easybook/style.css"
+      - "{{BaseURL}}/wp-content/themes/citybook/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "easybook"
+          - "citybook"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.2.1')
\ No newline at end of file
+          - compare_versions(version, '<= 2.3.3')
\ No newline at end of file
diff --git a/nuclei-templates/2019/CVE-2019-20212-be3f332add5d9ce678efc86e37a29e03.yaml b/nuclei-templates/2019/CVE-2019-20212-be3f332add5d9ce678efc86e37a29e03.yaml
index 36d182ba65..f988c3626e 100644
--- a/nuclei-templates/2019/CVE-2019-20212-be3f332add5d9ce678efc86e37a29e03.yaml
+++ b/nuclei-templates/2019/CVE-2019-20212-be3f332add5d9ce678efc86e37a29e03.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.2
     cve-id: CVE-2019-20212
   metadata:
-    fofa-query: "wp-content/themes/easybook/"
-    google-query: inurl:"/wp-content/themes/easybook/"
+    fofa-query: "wp-content/themes/citybook/"
+    google-query: inurl:"/wp-content/themes/citybook/"
     shodan-query: 'vuln:CVE-2019-20212'
-  tags: cve,wordpress,wp-theme,easybook,high
+  tags: cve,wordpress,wp-theme,citybook,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/easybook/style.css"
+      - "{{BaseURL}}/wp-content/themes/citybook/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "easybook"
+          - "citybook"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.2.1')
\ No newline at end of file
+          - compare_versions(version, '<= 2.3.3')
\ No newline at end of file
diff --git a/nuclei-templates/2019/CVE-2019-20361-6d5548494ee66c8a74f29f22d03a7935.yaml b/nuclei-templates/2019/CVE-2019-20361-6d5548494ee66c8a74f29f22d03a7935.yaml
index 63e2b2bf12..5e9def9c13 100644
--- a/nuclei-templates/2019/CVE-2019-20361-6d5548494ee66c8a74f29f22d03a7935.yaml
+++ b/nuclei-templates/2019/CVE-2019-20361-6d5548494ee66c8a74f29f22d03a7935.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2019-20361'
-  tags: cve,wordpress,wp-plugin,email-subscribers,high
+  tags: cve,wordpress,wp-plugin,email-subscribers,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-25141-3c68c1399fad8442e05257bec4405849.yaml b/nuclei-templates/2019/CVE-2019-25141-3c68c1399fad8442e05257bec4405849.yaml
index cf9885e6cd..890e9a6524 100644
--- a/nuclei-templates/2019/CVE-2019-25141-3c68c1399fad8442e05257bec4405849.yaml
+++ b/nuclei-templates/2019/CVE-2019-25141-3c68c1399fad8442e05257bec4405849.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-wp-smtp/"
     google-query: inurl:"/wp-content/plugins/easy-wp-smtp/"
     shodan-query: 'vuln:CVE-2019-25141'
-  tags: cve,wordpress,wp-plugin,easy-wp-smtp,critical
+  tags: cve,wordpress,wp-plugin,easy-wp-smtp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-25142-30dc0670053ac012aae9f0b808f32600.yaml b/nuclei-templates/2019/CVE-2019-25142-30dc0670053ac012aae9f0b808f32600.yaml
index 5cd16917fa..399a0c5168 100644
--- a/nuclei-templates/2019/CVE-2019-25142-30dc0670053ac012aae9f0b808f32600.yaml
+++ b/nuclei-templates/2019/CVE-2019-25142-30dc0670053ac012aae9f0b808f32600.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2019-25142
   metadata:
-    fofa-query: "wp-content/themes/mesmerize/"
-    google-query: inurl:"/wp-content/themes/mesmerize/"
+    fofa-query: "wp-content/themes/materialis/"
+    google-query: inurl:"/wp-content/themes/materialis/"
     shodan-query: 'vuln:CVE-2019-25142'
-  tags: cve,wordpress,wp-theme,mesmerize,high
+  tags: cve,wordpress,wp-theme,materialis,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/mesmerize/style.css"
+      - "{{BaseURL}}/wp-content/themes/materialis/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "mesmerize"
+          - "materialis"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.6.89')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.172')
\ No newline at end of file
diff --git a/nuclei-templates/2019/CVE-2019-25143-42ff6519960f311906ae3110cd3f6c64.yaml b/nuclei-templates/2019/CVE-2019-25143-42ff6519960f311906ae3110cd3f6c64.yaml
index 6dd6a3c1ea..b173859a93 100644
--- a/nuclei-templates/2019/CVE-2019-25143-42ff6519960f311906ae3110cd3f6c64.yaml
+++ b/nuclei-templates/2019/CVE-2019-25143-42ff6519960f311906ae3110cd3f6c64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GDPR Cookie Compliance <= 4.0.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gdpr-cookie-compliance/"
     google-query: inurl:"/wp-content/plugins/gdpr-cookie-compliance/"
     shodan-query: 'vuln:CVE-2019-25143'
-  tags: cve,wordpress,wp-plugin,gdpr-cookie-compliance,medium
+  tags: cve,wordpress,wp-plugin,gdpr-cookie-compliance,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-25149-8f53c25a7439725994fa29007a578b4d.yaml b/nuclei-templates/2019/CVE-2019-25149-8f53c25a7439725994fa29007a578b4d.yaml
index 5fc518bea5..c6661b1b9e 100644
--- a/nuclei-templates/2019/CVE-2019-25149-8f53c25a7439725994fa29007a578b4d.yaml
+++ b/nuclei-templates/2019/CVE-2019-25149-8f53c25a7439725994fa29007a578b4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-images-ape/"
     google-query: inurl:"/wp-content/plugins/gallery-images-ape/"
     shodan-query: 'vuln:CVE-2019-25149'
-  tags: cve,wordpress,wp-plugin,gallery-images-ape,high
+  tags: cve,wordpress,wp-plugin,gallery-images-ape,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-25152-a3fbd1fe770668e38f708933d8dad89a.yaml b/nuclei-templates/2019/CVE-2019-25152-a3fbd1fe770668e38f708933d8dad89a.yaml
index 8c8db70417..2d91a9ccd6 100644
--- a/nuclei-templates/2019/CVE-2019-25152-a3fbd1fe770668e38f708933d8dad89a.yaml
+++ b/nuclei-templates/2019/CVE-2019-25152-a3fbd1fe770668e38f708933d8dad89a.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.2
     cve-id: CVE-2019-25152
   metadata:
-    fofa-query: "wp-content/plugins/woocommerce-abandoned-cart-pro/"
-    google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart-pro/"
+    fofa-query: "wp-content/plugins/woocommerce-abandoned-cart/"
+    google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart/"
     shodan-query: 'vuln:CVE-2019-25152'
-  tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart-pro,high
+  tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/woocommerce-abandoned-cart-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/woocommerce-abandoned-cart/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "woocommerce-abandoned-cart-pro"
+          - "woocommerce-abandoned-cart"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 7.12.0')
\ No newline at end of file
+          - compare_versions(version, '< 5.2.0')
\ No newline at end of file
diff --git a/nuclei-templates/2019/CVE-2019-5920-8ab11785066028af40a069df806e2ad0.yaml b/nuclei-templates/2019/CVE-2019-5920-8ab11785066028af40a069df806e2ad0.yaml
index 863de121e1..6a70229093 100644
--- a/nuclei-templates/2019/CVE-2019-5920-8ab11785066028af40a069df806e2ad0.yaml
+++ b/nuclei-templates/2019/CVE-2019-5920-8ab11785066028af40a069df806e2ad0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FormCraft <= 1.2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formcraft-form-builder/"
     google-query: inurl:"/wp-content/plugins/formcraft-form-builder/"
     shodan-query: 'vuln:CVE-2019-5920'
-  tags: cve,wordpress,wp-plugin,formcraft-form-builder,high
+  tags: cve,wordpress,wp-plugin,formcraft-form-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5924-a78ee203ec03252165376f049d05071b.yaml b/nuclei-templates/2019/CVE-2019-5924-a78ee203ec03252165376f049d05071b.yaml
index 8d388b133e..58e143de0c 100644
--- a/nuclei-templates/2019/CVE-2019-5924-a78ee203ec03252165376f049d05071b.yaml
+++ b/nuclei-templates/2019/CVE-2019-5924-a78ee203ec03252165376f049d05071b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Forms < 2.6.26 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-forms/"
     google-query: inurl:"/wp-content/plugins/smart-forms/"
     shodan-query: 'vuln:CVE-2019-5924'
-  tags: cve,wordpress,wp-plugin,smart-forms,high
+  tags: cve,wordpress,wp-plugin,smart-forms,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5962-808251beac3177b1d028049231c161e6.yaml b/nuclei-templates/2019/CVE-2019-5962-808251beac3177b1d028049231c161e6.yaml
index 3156a2731a..2063e536ad 100644
--- a/nuclei-templates/2019/CVE-2019-5962-808251beac3177b1d028049231c161e6.yaml
+++ b/nuclei-templates/2019/CVE-2019-5962-808251beac3177b1d028049231c161e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zoho SalesIQ <= 1.0.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zoho-salesiq/"
     google-query: inurl:"/wp-content/plugins/zoho-salesiq/"
     shodan-query: 'vuln:CVE-2019-5962'
-  tags: cve,wordpress,wp-plugin,zoho-salesiq,medium
+  tags: cve,wordpress,wp-plugin,zoho-salesiq,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5963-4ecc6299ecfad3b8f439662203eb02a8.yaml b/nuclei-templates/2019/CVE-2019-5963-4ecc6299ecfad3b8f439662203eb02a8.yaml
index e6ef62ecbe..8402d3374f 100644
--- a/nuclei-templates/2019/CVE-2019-5963-4ecc6299ecfad3b8f439662203eb02a8.yaml
+++ b/nuclei-templates/2019/CVE-2019-5963-4ecc6299ecfad3b8f439662203eb02a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zoho-salesiq/"
     google-query: inurl:"/wp-content/plugins/zoho-salesiq/"
     shodan-query: 'vuln:CVE-2019-5963'
-  tags: cve,wordpress,wp-plugin,zoho-salesiq,high
+  tags: cve,wordpress,wp-plugin,zoho-salesiq,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5970-c52de35daf5b13bbf0e8777d574ea5fc.yaml b/nuclei-templates/2019/CVE-2019-5970-c52de35daf5b13bbf0e8777d574ea5fc.yaml
index 8fe856ed85..8918df519e 100644
--- a/nuclei-templates/2019/CVE-2019-5970-c52de35daf5b13bbf0e8777d574ea5fc.yaml
+++ b/nuclei-templates/2019/CVE-2019-5970-c52de35daf5b13bbf0e8777d574ea5fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Attendance Manager <= 0.5.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/attendance-manager/"
     google-query: inurl:"/wp-content/plugins/attendance-manager/"
     shodan-query: 'vuln:CVE-2019-5970'
-  tags: cve,wordpress,wp-plugin,attendance-manager,medium
+  tags: cve,wordpress,wp-plugin,attendance-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5972-c1ecb14191a04d9e43d6e6f80f13e749.yaml b/nuclei-templates/2019/CVE-2019-5972-c1ecb14191a04d9e43d6e6f80f13e749.yaml
index e727a25e3e..c97201e476 100644
--- a/nuclei-templates/2019/CVE-2019-5972-c1ecb14191a04d9e43d6e6f80f13e749.yaml
+++ b/nuclei-templates/2019/CVE-2019-5972-c1ecb14191a04d9e43d6e6f80f13e749.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Online Lesson Booking <= 0.8.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/online-lesson-booking-system/"
     google-query: inurl:"/wp-content/plugins/online-lesson-booking-system/"
     shodan-query: 'vuln:CVE-2019-5972'
-  tags: cve,wordpress,wp-plugin,online-lesson-booking-system,medium
+  tags: cve,wordpress,wp-plugin,online-lesson-booking-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5973-236e1bbcc1e74385f1fd59662dd67917.yaml b/nuclei-templates/2019/CVE-2019-5973-236e1bbcc1e74385f1fd59662dd67917.yaml
index e2107782e1..69d803df60 100644
--- a/nuclei-templates/2019/CVE-2019-5973-236e1bbcc1e74385f1fd59662dd67917.yaml
+++ b/nuclei-templates/2019/CVE-2019-5973-236e1bbcc1e74385f1fd59662dd67917.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Online Lesson Booking <= 0.8.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to hijack the authentication of administrators via several vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/online-lesson-booking-system/"
     google-query: inurl:"/wp-content/plugins/online-lesson-booking-system/"
     shodan-query: 'vuln:CVE-2019-5973'
-  tags: cve,wordpress,wp-plugin,online-lesson-booking-system,high
+  tags: cve,wordpress,wp-plugin,online-lesson-booking-system,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5974-89931846724982da840bead82e16369b.yaml b/nuclei-templates/2019/CVE-2019-5974-89931846724982da840bead82e16369b.yaml
index 68edc45400..53e9a42814 100644
--- a/nuclei-templates/2019/CVE-2019-5974-89931846724982da840bead82e16369b.yaml
+++ b/nuclei-templates/2019/CVE-2019-5974-89931846724982da840bead82e16369b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery – Photo Contest Plugin for WordPress <= 10.4.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:CVE-2019-5974'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5979-7e5b3599be6904a958ea6b2b094ad05a.yaml b/nuclei-templates/2019/CVE-2019-5979-7e5b3599be6904a958ea6b2b094ad05a.yaml
index 504b382369..f681360ee0 100644
--- a/nuclei-templates/2019/CVE-2019-5979-7e5b3599be6904a958ea6b2b094ad05a.yaml
+++ b/nuclei-templates/2019/CVE-2019-5979-7e5b3599be6904a958ea6b2b094ad05a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Personalized WooCommerce Cart Page <= 2.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/personalize-woocommerce-cart-page/"
     google-query: inurl:"/wp-content/plugins/personalize-woocommerce-cart-page/"
     shodan-query: 'vuln:CVE-2019-5979'
-  tags: cve,wordpress,wp-plugin,personalize-woocommerce-cart-page,high
+  tags: cve,wordpress,wp-plugin,personalize-woocommerce-cart-page,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5983-891ca23ffb08d94e6434e60528a16c74.yaml b/nuclei-templates/2019/CVE-2019-5983-891ca23ffb08d94e6434e60528a16c74.yaml
index feee34c841..274fa28860 100644
--- a/nuclei-templates/2019/CVE-2019-5983-891ca23ffb08d94e6434e60528a16c74.yaml
+++ b/nuclei-templates/2019/CVE-2019-5983-891ca23ffb08d94e6434e60528a16c74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML5 Maps <= 1.6.5.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-maps/"
     google-query: inurl:"/wp-content/plugins/html5-maps/"
     shodan-query: 'vuln:CVE-2019-5983'
-  tags: cve,wordpress,wp-plugin,html5-maps,high
+  tags: cve,wordpress,wp-plugin,html5-maps,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5992-6ee5c39e29212bcfe2590b9e64dd32ec.yaml b/nuclei-templates/2019/CVE-2019-5992-6ee5c39e29212bcfe2590b9e64dd32ec.yaml
index a075d0fed1..e362e7b578 100644
--- a/nuclei-templates/2019/CVE-2019-5992-6ee5c39e29212bcfe2590b9e64dd32ec.yaml
+++ b/nuclei-templates/2019/CVE-2019-5992-6ee5c39e29212bcfe2590b9e64dd32ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Ultra Simple Paypal Shopping Cart <= 4.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultra-simple-paypal-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/wp-ultra-simple-paypal-shopping-cart/"
     shodan-query: 'vuln:CVE-2019-5992'
-  tags: cve,wordpress,wp-plugin,wp-ultra-simple-paypal-shopping-cart,high
+  tags: cve,wordpress,wp-plugin,wp-ultra-simple-paypal-shopping-cart,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-5993-299c560ce9cc99513d88a13d89852030.yaml b/nuclei-templates/2019/CVE-2019-5993-299c560ce9cc99513d88a13d89852030.yaml
index 57e6a602bc..e8bacfc2a3 100644
--- a/nuclei-templates/2019/CVE-2019-5993-299c560ce9cc99513d88a13d89852030.yaml
+++ b/nuclei-templates/2019/CVE-2019-5993-299c560ce9cc99513d88a13d89852030.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Category Specific RSS Feed Subscription <= 2.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/category-specific-rss-feed-menu/"
     google-query: inurl:"/wp-content/plugins/category-specific-rss-feed-menu/"
     shodan-query: 'vuln:CVE-2019-5993'
-  tags: cve,wordpress,wp-plugin,category-specific-rss-feed-menu,high
+  tags: cve,wordpress,wp-plugin,category-specific-rss-feed-menu,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-6011-597ddaaf7d3e092f9fab20618eafe4bf.yaml b/nuclei-templates/2019/CVE-2019-6011-597ddaaf7d3e092f9fab20618eafe4bf.yaml
index 3145895d79..57a6c5abf2 100644
--- a/nuclei-templates/2019/CVE-2019-6011-597ddaaf7d3e092f9fab20618eafe4bf.yaml
+++ b/nuclei-templates/2019/CVE-2019-6011-597ddaaf7d3e092f9fab20618eafe4bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDataTables Lite plugin <= 2.0.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdatatables/"
     google-query: inurl:"/wp-content/plugins/wpdatatables/"
     shodan-query: 'vuln:CVE-2019-6011'
-  tags: cve,wordpress,wp-plugin,wpdatatables,medium
+  tags: cve,wordpress,wp-plugin,wpdatatables,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-6027-fc588495329f4334ef4deb847bcc6bbe.yaml b/nuclei-templates/2019/CVE-2019-6027-fc588495329f4334ef4deb847bcc6bbe.yaml
index 0d9ada9dc7..7687a96ccf 100644
--- a/nuclei-templates/2019/CVE-2019-6027-fc588495329f4334ef4deb847bcc6bbe.yaml
+++ b/nuclei-templates/2019/CVE-2019-6027-fc588495329f4334ef4deb847bcc6bbe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Spell Check <= 7.1.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-spell-check/"
     google-query: inurl:"/wp-content/plugins/wp-spell-check/"
     shodan-query: 'vuln:CVE-2019-6027'
-  tags: cve,wordpress,wp-plugin,wp-spell-check,high
+  tags: cve,wordpress,wp-plugin,wp-spell-check,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-6029-d03a7182da2d0e0b179ec3d956910e32.yaml b/nuclei-templates/2019/CVE-2019-6029-d03a7182da2d0e0b179ec3d956910e32.yaml
index 1ee199a9bd..20bafb6959 100644
--- a/nuclei-templates/2019/CVE-2019-6029-d03a7182da2d0e0b179ec3d956910e32.yaml
+++ b/nuclei-templates/2019/CVE-2019-6029-d03a7182da2d0e0b179ec3d956910e32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Body Class <= 0.6.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-body-class/"
     google-query: inurl:"/wp-content/plugins/wp-custom-body-class/"
     shodan-query: 'vuln:CVE-2019-6029'
-  tags: cve,wordpress,wp-plugin,wp-custom-body-class,medium
+  tags: cve,wordpress,wp-plugin,wp-custom-body-class,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-6030-64d4110e0f9003166c73a24b6fad0a3d.yaml b/nuclei-templates/2019/CVE-2019-6030-64d4110e0f9003166c73a24b6fad0a3d.yaml
index 962ca77b45..624d80394b 100644
--- a/nuclei-templates/2019/CVE-2019-6030-64d4110e0f9003166c73a24b6fad0a3d.yaml
+++ b/nuclei-templates/2019/CVE-2019-6030-64d4110e0f9003166c73a24b6fad0a3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Body Class <= 0.6.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-body-class/"
     google-query: inurl:"/wp-content/plugins/wp-custom-body-class/"
     shodan-query: 'vuln:CVE-2019-6030'
-  tags: cve,wordpress,wp-plugin,wp-custom-body-class,high
+  tags: cve,wordpress,wp-plugin,wp-custom-body-class,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-6112-d6132019cfaa7b420b3260f07bd086fb.yaml b/nuclei-templates/2019/CVE-2019-6112-d6132019cfaa7b420b3260f07bd086fb.yaml
index 8bd36143d2..b5a100233f 100644
--- a/nuclei-templates/2019/CVE-2019-6112-d6132019cfaa7b420b3260f07bd086fb.yaml
+++ b/nuclei-templates/2019/CVE-2019-6112-d6132019cfaa7b420b3260f07bd086fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sell Media <= 2.4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sell-media/"
     google-query: inurl:"/wp-content/plugins/sell-media/"
     shodan-query: 'vuln:CVE-2019-6112'
-  tags: cve,wordpress,wp-plugin,sell-media,medium
+  tags: cve,wordpress,wp-plugin,sell-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-6117-8f81c40c56a58242ce344610c4f30138.yaml b/nuclei-templates/2019/CVE-2019-6117-8f81c40c56a58242ce344610c4f30138.yaml
index c0872a9834..d440bbbf2f 100644
--- a/nuclei-templates/2019/CVE-2019-6117-8f81c40c56a58242ce344610c4f30138.yaml
+++ b/nuclei-templates/2019/CVE-2019-6117-8f81c40c56a58242ce344610c4f30138.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Images Ape <= 1.6.14 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-images-ape/"
     google-query: inurl:"/wp-content/plugins/gallery-images-ape/"
     shodan-query: 'vuln:CVE-2019-6117'
-  tags: cve,wordpress,wp-plugin,gallery-images-ape,medium
+  tags: cve,wordpress,wp-plugin,gallery-images-ape,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-6267-ced2dcf72a4e26ecb3f884cfc4438e2f.yaml b/nuclei-templates/2019/CVE-2019-6267-ced2dcf72a4e26ecb3f884cfc4438e2f.yaml
index 0233b1edaa..ae22626555 100644
--- a/nuclei-templates/2019/CVE-2019-6267-ced2dcf72a4e26ecb3f884cfc4438e2f.yaml
+++ b/nuclei-templates/2019/CVE-2019-6267-ced2dcf72a4e26ecb3f884cfc4438e2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Redirect Manager <= 2.18.18 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Premium WP Suite Easy Redirect Manager plugin 2.18.18 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-redirect-manager/"
     google-query: inurl:"/wp-content/plugins/easy-redirect-manager/"
     shodan-query: 'vuln:CVE-2019-6267'
-  tags: cve,wordpress,wp-plugin,easy-redirect-manager,medium
+  tags: cve,wordpress,wp-plugin,easy-redirect-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-6703-618ad32a66dd6a63ff6bcc4f51e7ca7b.yaml b/nuclei-templates/2019/CVE-2019-6703-618ad32a66dd6a63ff6bcc4f51e7ca7b.yaml
index ffcc124bc3..5d07fcc32c 100644
--- a/nuclei-templates/2019/CVE-2019-6703-618ad32a66dd6a63ff6bcc4f51e7ca7b.yaml
+++ b/nuclei-templates/2019/CVE-2019-6703-618ad32a66dd6a63ff6bcc4f51e7ca7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Total Donations <= 2.0.5 - Missing Authorization to Arbitrary Options Update
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/total-donations/"
     google-query: inurl:"/wp-content/plugins/total-donations/"
     shodan-query: 'vuln:CVE-2019-6703'
-  tags: cve,wordpress,wp-plugin,total-donations,critical
+  tags: cve,wordpress,wp-plugin,total-donations,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-7299-497a0a1ea8afe0e920601e57f5c6ccaa.yaml b/nuclei-templates/2019/CVE-2019-7299-497a0a1ea8afe0e920601e57f5c6ccaa.yaml
index aed62ad05c..75a38eef7f 100644
--- a/nuclei-templates/2019/CVE-2019-7299-497a0a1ea8afe0e920601e57f5c6ccaa.yaml
+++ b/nuclei-templates/2019/CVE-2019-7299-497a0a1ea8afe0e920601e57f5c6ccaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/"
     google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/"
     shodan-query: 'vuln:CVE-2019-7299'
-  tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,medium
+  tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-7411-fe2d4839032c7d1700f5ad488d4dc88f.yaml b/nuclei-templates/2019/CVE-2019-7411-fe2d4839032c7d1700f5ad488d4dc88f.yaml
index 343e7056c4..dd3364520d 100644
--- a/nuclei-templates/2019/CVE-2019-7411-fe2d4839032c7d1700f5ad488d4dc88f.yaml
+++ b/nuclei-templates/2019/CVE-2019-7411-fe2d4839032c7d1700f5ad488d4dc88f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Launcher: Coming Soon & Maintenance Mode < 1.0.11 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher plugin before 1.0.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: (1) Title, (2) Favicon, (3) Meta Description, (4) Subscribe Form (Name field label, Last name field label, Email field label), (5) Contact Form (Name field label and Email field label), and (6) Social Links (Facebook Page URL, Twitter Page URL, Instagram Page URL, YouTube Page URL, Linkedin Page URL, Google+ Page URL, RSS URL).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/launcher/"
     google-query: inurl:"/wp-content/plugins/launcher/"
     shodan-query: 'vuln:CVE-2019-7411'
-  tags: cve,wordpress,wp-plugin,launcher,medium
+  tags: cve,wordpress,wp-plugin,launcher,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-7412-e1c57fbc348dfda4a7e2fa9073819ee6.yaml b/nuclei-templates/2019/CVE-2019-7412-e1c57fbc348dfda4a7e2fa9073819ee6.yaml
index d596283ae8..a9bd8ed49d 100644
--- a/nuclei-templates/2019/CVE-2019-7412-e1c57fbc348dfda4a7e2fa9073819ee6.yaml
+++ b/nuclei-templates/2019/CVE-2019-7412-e1c57fbc348dfda4a7e2fa9073819ee6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PS PHPCaptcha <= 1.1.0 - Authenticated Denial of Service
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PS PHPCaptcha pluginfor WordPress is vulnerable to Denial of Service in versions up to, and including, 1.1.0. This is due to improper sanitization of user inputted values. This makes it possible for authenticated attackers to slow and or completely freeze the vulnerable service.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ps-phpcaptcha/"
     google-query: inurl:"/wp-content/plugins/ps-phpcaptcha/"
     shodan-query: 'vuln:CVE-2019-7412'
-  tags: cve,wordpress,wp-plugin,ps-phpcaptcha,medium
+  tags: cve,wordpress,wp-plugin,ps-phpcaptcha,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-7413-0e52d08abcfaa24832dc556c46587054.yaml b/nuclei-templates/2019/CVE-2019-7413-0e52d08abcfaa24832dc556c46587054.yaml
index ef202736c8..3babf9301e 100644
--- a/nuclei-templates/2019/CVE-2019-7413-0e52d08abcfaa24832dc556c46587054.yaml
+++ b/nuclei-templates/2019/CVE-2019-7413-0e52d08abcfaa24832dc556c46587054.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Parallax Scroll <= 2.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within the PHP filename.)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adamrob-parallax-scroll/"
     google-query: inurl:"/wp-content/plugins/adamrob-parallax-scroll/"
     shodan-query: 'vuln:CVE-2019-7413'
-  tags: cve,wordpress,wp-plugin,adamrob-parallax-scroll,medium
+  tags: cve,wordpress,wp-plugin,adamrob-parallax-scroll,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-8942-b2845f73d8f9f13ca71ed2d0d53cc21a.yaml b/nuclei-templates/2019/CVE-2019-8942-b2845f73d8f9f13ca71ed2d0d53cc21a.yaml
index c8e5602d87..55f1119366 100644
--- a/nuclei-templates/2019/CVE-2019-8942-b2845f73d8f9f13ca71ed2d0d53cc21a.yaml
+++ b/nuclei-templates/2019/CVE-2019-8942-b2845f73d8f9f13ca71ed2d0d53cc21a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.0.1 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-8942
   metadata:
     shodan-query: 'vuln:CVE-2019-8942'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-8943-29c63f4f8f43d522bbc3e34ee2af25b8.yaml b/nuclei-templates/2019/CVE-2019-8943-29c63f4f8f43d522bbc3e34ee2af25b8.yaml
index 631254a14e..9b523216e2 100644
--- a/nuclei-templates/2019/CVE-2019-8943-29c63f4f8f43d522bbc3e34ee2af25b8.yaml
+++ b/nuclei-templates/2019/CVE-2019-8943-29c63f4f8f43d522bbc3e34ee2af25b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 5.0.3 - Path Traversal and Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-8943
   metadata:
     shodan-query: 'vuln:CVE-2019-8943'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-9168-42f5857c1a1a9fe3bd07b32288faed9d.yaml b/nuclei-templates/2019/CVE-2019-9168-42f5857c1a1a9fe3bd07b32288faed9d.yaml
index 6c08f63a31..117e831161 100644
--- a/nuclei-templates/2019/CVE-2019-9168-42f5857c1a1a9fe3bd07b32288faed9d.yaml
+++ b/nuclei-templates/2019/CVE-2019-9168-42f5857c1a1a9fe3bd07b32288faed9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 3.5.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:CVE-2019-9168'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-9567-26f35acb3c0f14eb0fe591953d190a10.yaml b/nuclei-templates/2019/CVE-2019-9567-26f35acb3c0f14eb0fe591953d190a10.yaml
index 344f6bb7d3..65ef56a0b5 100644
--- a/nuclei-templates/2019/CVE-2019-9567-26f35acb3c0f14eb0fe591953d190a10.yaml
+++ b/nuclei-templates/2019/CVE-2019-9567-26f35acb3c0f14eb0fe591953d190a10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forminator Plugin <= 1.5.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forminator/"
     google-query: inurl:"/wp-content/plugins/forminator/"
     shodan-query: 'vuln:CVE-2019-9567'
-  tags: cve,wordpress,wp-plugin,forminator,medium
+  tags: cve,wordpress,wp-plugin,forminator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-9568-64248c162e0a07dde805cd870763a3a0.yaml b/nuclei-templates/2019/CVE-2019-9568-64248c162e0a07dde805cd870763a3a0.yaml
index 6802a3a492..6b477e2192 100644
--- a/nuclei-templates/2019/CVE-2019-9568-64248c162e0a07dde805cd870763a3a0.yaml
+++ b/nuclei-templates/2019/CVE-2019-9568-64248c162e0a07dde805cd870763a3a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forminator Plugin <= 1.5.3.1 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forminator/"
     google-query: inurl:"/wp-content/plugins/forminator/"
     shodan-query: 'vuln:CVE-2019-9568'
-  tags: cve,wordpress,wp-plugin,forminator,medium
+  tags: cve,wordpress,wp-plugin,forminator,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-9575-899f848126483b240dc44a4870e7bfef.yaml b/nuclei-templates/2019/CVE-2019-9575-899f848126483b240dc44a4870e7bfef.yaml
index 95e6449911..f8158e12ac 100644
--- a/nuclei-templates/2019/CVE-2019-9575-899f848126483b240dc44a4870e7bfef.yaml
+++ b/nuclei-templates/2019/CVE-2019-9575-899f848126483b240dc44a4870e7bfef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 6.2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quiz And Survey Master plugin 6.2.1 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2019-9575'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-9787-21896796785dd6864271e535041a630e.yaml b/nuclei-templates/2019/CVE-2019-9787-21896796785dd6864271e535041a630e.yaml
index 6cb02e3176..9846c25b52 100644
--- a/nuclei-templates/2019/CVE-2019-9787-21896796785dd6864271e535041a630e.yaml
+++ b/nuclei-templates/2019/CVE-2019-9787-21896796785dd6864271e535041a630e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.1.1 - Cross-Site Request Forgery to Cross-Site Scripting via Comments
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2019-9787
   metadata:
     shodan-query: 'vuln:CVE-2019-9787'
-  tags: cve,wordpress,wp-core,critical
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-9909-a0dbcf6f52eae1325b0e855594e29c09.yaml b/nuclei-templates/2019/CVE-2019-9909-a0dbcf6f52eae1325b0e855594e29c09.yaml
index 44e56280bc..b964d6377a 100644
--- a/nuclei-templates/2019/CVE-2019-9909-a0dbcf6f52eae1325b0e855594e29c09.yaml
+++ b/nuclei-templates/2019/CVE-2019-9909-a0dbcf6f52eae1325b0e855594e29c09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.3.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2019-9909'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2019/CVE-2019-9913-84da1bcb85beb132b593a5fff336db83.yaml b/nuclei-templates/2019/CVE-2019-9913-84da1bcb85beb132b593a5fff336db83.yaml
index 18badadbd2..e4d7083788 100644
--- a/nuclei-templates/2019/CVE-2019-9913-84da1bcb85beb132b593a5fff336db83.yaml
+++ b/nuclei-templates/2019/CVE-2019-9913-84da1bcb85beb132b593a5fff336db83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Live Chat Support <= 8.0.17 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:CVE-2019-9913'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-10195-ac28c6a1f49fbad1719d7e09c0190565.yaml b/nuclei-templates/2020/CVE-2020-10195-ac28c6a1f49fbad1719d7e09c0190565.yaml
index 709c9c4202..3b7f2fecf7 100644
--- a/nuclei-templates/2020/CVE-2020-10195-ac28c6a1f49fbad1719d7e09c0190565.yaml
+++ b/nuclei-templates/2020/CVE-2020-10195-ac28c6a1f49fbad1719d7e09c0190565.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder <= 3.63 - Authenticated Settings Modification, Configuration Disclosure, and User Data Export
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-builder/"
     google-query: inurl:"/wp-content/plugins/popup-builder/"
     shodan-query: 'vuln:CVE-2020-10195'
-  tags: cve,wordpress,wp-plugin,popup-builder,medium
+  tags: cve,wordpress,wp-plugin,popup-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-10257-69db74f4852004f23d22f9fcc0555117.yaml b/nuclei-templates/2020/CVE-2020-10257-69db74f4852004f23d22f9fcc0555117.yaml
index da94100cb4..45be86ec62 100644
--- a/nuclei-templates/2020/CVE-2020-10257-69db74f4852004f23d22f9fcc0555117.yaml
+++ b/nuclei-templates/2020/CVE-2020-10257-69db74f4852004f23d22f9fcc0555117.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeREX Addons (Various Versions) - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The ThemeREX Addons plugin for WordPress is vulnerable to Improper Access Control in various versions. This is due to the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter. This makes it possible for unauthenticated attackers to execute functions like wp_insert_user, allowing attackers the ability to inject administrative user accounts and take over sites.
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/trx_addons/"
     google-query: inurl:"/wp-content/plugins/trx_addons/"
     shodan-query: 'vuln:CVE-2020-10257'
-  tags: cve,wordpress,wp-plugin,trx_addons,critical
+  tags: cve,wordpress,wp-plugin,trx_addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-10385-3833fde53c02f881d8b11d577a449782.yaml b/nuclei-templates/2020/CVE-2020-10385-3833fde53c02f881d8b11d577a449782.yaml
index e809d17fae..71339735ad 100644
--- a/nuclei-templates/2020/CVE-2020-10385-3833fde53c02f881d8b11d577a449782.yaml
+++ b/nuclei-templates/2020/CVE-2020-10385-3833fde53c02f881d8b11d577a449782.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by WPForms <= 1.5.8.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforms-lite/"
     google-query: inurl:"/wp-content/plugins/wpforms-lite/"
     shodan-query: 'vuln:CVE-2020-10385'
-  tags: cve,wordpress,wp-plugin,wpforms-lite,medium
+  tags: cve,wordpress,wp-plugin,wpforms-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-10568-15159729e5663620758ffbfa0eee6068.yaml b/nuclei-templates/2020/CVE-2020-10568-15159729e5663620758ffbfa0eee6068.yaml
index ce23fe6d9e..4bfe7fa709 100644
--- a/nuclei-templates/2020/CVE-2020-10568-15159729e5663620758ffbfa0eee6068.yaml
+++ b/nuclei-templates/2020/CVE-2020-10568-15159729e5663620758ffbfa0eee6068.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPML < 4.3.7 - Cross-Site Request Forgery Bypass
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The sitepress-multilingual-cms (WPML) plugin before 4.3.7 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitepress-multilingual-cms/"
     google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/"
     shodan-query: 'vuln:CVE-2020-10568'
-  tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,high
+  tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11025-67be7dda8922a0b90c62a801231990f1.yaml b/nuclei-templates/2020/CVE-2020-11025-67be7dda8922a0b90c62a801231990f1.yaml
index 81cccabe56..8c2eee1911 100644
--- a/nuclei-templates/2020/CVE-2020-11025-67be7dda8922a0b90c62a801231990f1.yaml
+++ b/nuclei-templates/2020/CVE-2020-11025-67be7dda8922a0b90c62a801231990f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.4.1 - Authenticated Cross-Site Scripting via Customizer
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2020-11025
   metadata:
     shodan-query: 'vuln:CVE-2020-11025'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11026-f3aa50bf420b4235c2de996ef5d37967.yaml b/nuclei-templates/2020/CVE-2020-11026-f3aa50bf420b4235c2de996ef5d37967.yaml
index b78869349d..952db936ce 100644
--- a/nuclei-templates/2020/CVE-2020-11026-f3aa50bf420b4235c2de996ef5d37967.yaml
+++ b/nuclei-templates/2020/CVE-2020-11026-f3aa50bf420b4235c2de996ef5d37967.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.4.1 - Authenticated (Author+) Cross-Site Scripting via File Uploads
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2020-11026
   metadata:
     shodan-query: 'vuln:CVE-2020-11026'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11030-773aca706a31e2409dfb4bd8f1fa9e33.yaml b/nuclei-templates/2020/CVE-2020-11030-773aca706a31e2409dfb4bd8f1fa9e33.yaml
index 06b9740ede..49742921c4 100644
--- a/nuclei-templates/2020/CVE-2020-11030-773aca706a31e2409dfb4bd8f1fa9e33.yaml
+++ b/nuclei-templates/2020/CVE-2020-11030-773aca706a31e2409dfb4bd8f1fa9e33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.4.1 - Cross-Site Scripting in the Block Editor
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2020-11030
   metadata:
     shodan-query: 'vuln:CVE-2020-11030'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11508-5b689436673a442f720046bb44c5bd16.yaml b/nuclei-templates/2020/CVE-2020-11508-5b689436673a442f720046bb44c5bd16.yaml
index 7329af8bef..9da5d93d07 100644
--- a/nuclei-templates/2020/CVE-2020-11508-5b689436673a442f720046bb44c5bd16.yaml
+++ b/nuclei-templates/2020/CVE-2020-11508-5b689436673a442f720046bb44c5bd16.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Landing Page – Squeeze Page – Responsive Landing Page Builder Free – WP Lead Plus X <= 0.98 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/"
     google-query: inurl:"/wp-content/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/"
     shodan-query: 'vuln:CVE-2020-11508'
-  tags: cve,wordpress,wp-plugin,free-sales-funnel-squeeze-pages-landing-page-builder-templates-make,medium
+  tags: cve,wordpress,wp-plugin,free-sales-funnel-squeeze-pages-landing-page-builder-templates-make,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11510-1090bbe0593e4ecda3fb75c3e6d7bf93.yaml b/nuclei-templates/2020/CVE-2020-11510-1090bbe0593e4ecda3fb75c3e6d7bf93.yaml
index fa442fee21..2df74a35a9 100644
--- a/nuclei-templates/2020/CVE-2020-11510-1090bbe0593e4ecda3fb75c3e6d7bf93.yaml
+++ b/nuclei-templates/2020/CVE-2020-11510-1090bbe0593e4ecda3fb75c3e6d7bf93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Versions below 3.2.6.9 allow an attacker to publish or trash any existing post or page, or even set it to a nonexistent status, at which point it would no longer appear on the site or be accessible from wp-admin, and could only be recovered by modifying its status in the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2020-11510'
-  tags: cve,wordpress,wp-plugin,learnpress,high
+  tags: cve,wordpress,wp-plugin,learnpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11512-74e3a5823f9cf5e58e6b984ee0054047.yaml b/nuclei-templates/2020/CVE-2020-11512-74e3a5823f9cf5e58e6b984ee0054047.yaml
index 98ede6a501..670af95900 100644
--- a/nuclei-templates/2020/CVE-2020-11512-74e3a5823f9cf5e58e6b984ee0054047.yaml
+++ b/nuclei-templates/2020/CVE-2020-11512-74e3a5823f9cf5e58e6b984ee0054047.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IMPress for IDX Broker <= 2.6.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/idx-broker-platinum/"
     google-query: inurl:"/wp-content/plugins/idx-broker-platinum/"
     shodan-query: 'vuln:CVE-2020-11512'
-  tags: cve,wordpress,wp-plugin,idx-broker-platinum,medium
+  tags: cve,wordpress,wp-plugin,idx-broker-platinum,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11516-dd80fd1aa8e8ecdfc56af18872d295e2.yaml b/nuclei-templates/2020/CVE-2020-11516-dd80fd1aa8e8ecdfc56af18872d295e2.yaml
index 2460376796..7932bbd87b 100644
--- a/nuclei-templates/2020/CVE-2020-11516-dd80fd1aa8e8ecdfc56af18872d295e2.yaml
+++ b/nuclei-templates/2020/CVE-2020-11516-dd80fd1aa8e8ecdfc56af18872d295e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form 7 Datepicker <= 2.6.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If an administrator creates or modifies a contact form, the JavaScript will be executed in their browser, which can then be used to create new administrative users or perform other actions using the administrator's session.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7-datepicker/"
     google-query: inurl:"/wp-content/plugins/contact-form-7-datepicker/"
     shodan-query: 'vuln:CVE-2020-11516'
-  tags: cve,wordpress,wp-plugin,contact-form-7-datepicker,medium
+  tags: cve,wordpress,wp-plugin,contact-form-7-datepicker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11673-a7b9bf475d14b8ef039f5657643818f1.yaml b/nuclei-templates/2020/CVE-2020-11673-a7b9bf475d14b8ef039f5657643818f1.yaml
index fc33b4c395..6a7cacbd6d 100644
--- a/nuclei-templates/2020/CVE-2020-11673-a7b9bf475d14b8ef039f5657643818f1.yaml
+++ b/nuclei-templates/2020/CVE-2020-11673-a7b9bf475d14b8ef039f5657643818f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TS Poll – Best Poll Plugin for WordPress <1.3.4 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The TS Poll – Best Poll Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'wp_ajax_nopriv' function in versions up to, and including, 1.3.4. This makes it possible for unauthenticated attackers to to manipulate polls, e.g., delete, clone, or view a hidden poll.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/poll-wp/"
     google-query: inurl:"/wp-content/plugins/poll-wp/"
     shodan-query: 'vuln:CVE-2020-11673'
-  tags: cve,wordpress,wp-plugin,poll-wp,critical
+  tags: cve,wordpress,wp-plugin,poll-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11727-8cd31768dc61f0033829ab9bfd911338.yaml b/nuclei-templates/2020/CVE-2020-11727-8cd31768dc61f0033829ab9bfd911338.yaml
index 38d0401897..be1c514d0e 100644
--- a/nuclei-templates/2020/CVE-2020-11727-8cd31768dc61f0033829ab9bfd911338.yaml
+++ b/nuclei-templates/2020/CVE-2020-11727-8cd31768dc61f0033829ab9bfd911338.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-order-export-lite/"
     google-query: inurl:"/wp-content/plugins/woo-order-export-lite/"
     shodan-query: 'vuln:CVE-2020-11727'
-  tags: cve,wordpress,wp-plugin,woo-order-export-lite,medium
+  tags: cve,wordpress,wp-plugin,woo-order-export-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11731-2e52fc4f7a8504883023eba2284cc957.yaml b/nuclei-templates/2020/CVE-2020-11731-2e52fc4f7a8504883023eba2284cc957.yaml
index c36976e9e7..4969fb0a28 100644
--- a/nuclei-templates/2020/CVE-2020-11731-2e52fc4f7a8504883023eba2284cc957.yaml
+++ b/nuclei-templates/2020/CVE-2020-11731-2e52fc4f7a8504883023eba2284cc957.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Assistant <= 2.81 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-assistant/"
     google-query: inurl:"/wp-content/plugins/media-library-assistant/"
     shodan-query: 'vuln:CVE-2020-11731'
-  tags: cve,wordpress,wp-plugin,media-library-assistant,medium
+  tags: cve,wordpress,wp-plugin,media-library-assistant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11732-c35f9ed6b93a44d06dd09e34e66b7586.yaml b/nuclei-templates/2020/CVE-2020-11732-c35f9ed6b93a44d06dd09e34e66b7586.yaml
index 511e7fe926..96b651c154 100644
--- a/nuclei-templates/2020/CVE-2020-11732-c35f9ed6b93a44d06dd09e34e66b7586.yaml
+++ b/nuclei-templates/2020/CVE-2020-11732-c35f9ed6b93a44d06dd09e34e66b7586.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Assistant <= 2.81 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-assistant/"
     google-query: inurl:"/wp-content/plugins/media-library-assistant/"
     shodan-query: 'vuln:CVE-2020-11732'
-  tags: cve,wordpress,wp-plugin,media-library-assistant,high
+  tags: cve,wordpress,wp-plugin,media-library-assistant,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-11738-84e8025814ede80f77a1696e5326822b.yaml b/nuclei-templates/2020/CVE-2020-11738-84e8025814ede80f77a1696e5326822b.yaml
index 6fb194315b..a334f42271 100644
--- a/nuclei-templates/2020/CVE-2020-11738-84e8025814ede80f77a1696e5326822b.yaml
+++ b/nuclei-templates/2020/CVE-2020-11738-84e8025814ede80f77a1696e5326822b.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2020-11738
   metadata:
-    fofa-query: "wp-content/plugins/duplicator-pro/"
-    google-query: inurl:"/wp-content/plugins/duplicator-pro/"
+    fofa-query: "wp-content/plugins/duplicator/"
+    google-query: inurl:"/wp-content/plugins/duplicator/"
     shodan-query: 'vuln:CVE-2020-11738'
-  tags: cve,wordpress,wp-plugin,duplicator-pro,high
+  tags: cve,wordpress,wp-plugin,duplicator,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/duplicator-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "duplicator-pro"
+          - "duplicator"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 3.8.7.1')
\ No newline at end of file
+          - compare_versions(version, '< 1.3.28')
\ No newline at end of file
diff --git a/nuclei-templates/2020/CVE-2020-12074-0088814ed74fd156e9ee132de51ef1d2.yaml b/nuclei-templates/2020/CVE-2020-12074-0088814ed74fd156e9ee132de51ef1d2.yaml
index 0261a14957..a5d7e4ec61 100644
--- a/nuclei-templates/2020/CVE-2020-12074-0088814ed74fd156e9ee132de51ef1d2.yaml
+++ b/nuclei-templates/2020/CVE-2020-12074-0088814ed74fd156e9ee132de51ef1d2.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2020-12074
   metadata:
-    fofa-query: "wp-content/plugins/product-reviews-import-export-for-woocommerce/"
-    google-query: inurl:"/wp-content/plugins/product-reviews-import-export-for-woocommerce/"
+    fofa-query: "wp-content/plugins/order-import-export-for-woocommerce/"
+    google-query: inurl:"/wp-content/plugins/order-import-export-for-woocommerce/"
     shodan-query: 'vuln:CVE-2020-12074'
-  tags: cve,wordpress,wp-plugin,product-reviews-import-export-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,order-import-export-for-woocommerce,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/product-reviews-import-export-for-woocommerce/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/order-import-export-for-woocommerce/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "product-reviews-import-export-for-woocommerce"
+          - "order-import-export-for-woocommerce"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.3.3')
\ No newline at end of file
+          - compare_versions(version, '< 1.6.1')
\ No newline at end of file
diff --git a/nuclei-templates/2020/CVE-2020-12074-1ebbd9b3a9a4deb3ba553d086f3295e1.yaml b/nuclei-templates/2020/CVE-2020-12074-1ebbd9b3a9a4deb3ba553d086f3295e1.yaml
index cae14f7f9f..79cbfa4f7b 100644
--- a/nuclei-templates/2020/CVE-2020-12074-1ebbd9b3a9a4deb3ba553d086f3295e1.yaml
+++ b/nuclei-templates/2020/CVE-2020-12074-1ebbd9b3a9a4deb3ba553d086f3295e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Import Export for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.7.4 due to missing capability checks on the woocommerce_csv_import_request AJAX action. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to import products for WooCommerce.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-import-export-for-woo/"
     google-query: inurl:"/wp-content/plugins/product-import-export-for-woo/"
     shodan-query: 'vuln:CVE-2020-12074'
-  tags: cve,wordpress,wp-plugin,product-import-export-for-woo,medium
+  tags: cve,wordpress,wp-plugin,product-import-export-for-woo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-12075-3ca2d0288841fb102eec504b49f4dc79.yaml b/nuclei-templates/2020/CVE-2020-12075-3ca2d0288841fb102eec504b49f4dc79.yaml
index 80fc78d71e..8a0ea47642 100644
--- a/nuclei-templates/2020/CVE-2020-12075-3ca2d0288841fb102eec504b49f4dc79.yaml
+++ b/nuclei-templates/2020/CVE-2020-12075-3ca2d0288841fb102eec504b49f4dc79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Data Tables Generator by Supsystic <= 1.9.91 - Missing Authorization on AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/"
     shodan-query: 'vuln:CVE-2020-12075'
-  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-12076-384cfba7d4e3422564ffd94f08c53230.yaml b/nuclei-templates/2020/CVE-2020-12076-384cfba7d4e3422564ffd94f08c53230.yaml
index a0d9ada892..596f90f5c6 100644
--- a/nuclei-templates/2020/CVE-2020-12076-384cfba7d4e3422564ffd94f08c53230.yaml
+++ b/nuclei-templates/2020/CVE-2020-12076-384cfba7d4e3422564ffd94f08c53230.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Data Tables Generator by Supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/"
     shodan-query: 'vuln:CVE-2020-12076'
-  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-12077-6bf1979859a94fbe33542b88abb0e15d.yaml b/nuclei-templates/2020/CVE-2020-12077-6bf1979859a94fbe33542b88abb0e15d.yaml
index bf64b37ea8..b1e97861f9 100644
--- a/nuclei-templates/2020/CVE-2020-12077-6bf1979859a94fbe33542b88abb0e15d.yaml
+++ b/nuclei-templates/2020/CVE-2020-12077-6bf1979859a94fbe33542b88abb0e15d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MapPress Maps for WordPress <=2.53.8 - Authenticated Map Creation/Deletion to Stored Cross-Site Scripting & Remote Code Execution
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/"
     shodan-query: 'vuln:CVE-2020-12077'
-  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-12104-84ddf5342f72d908358cc5325eb7e319.yaml b/nuclei-templates/2020/CVE-2020-12104-84ddf5342f72d908358cc5325eb7e319.yaml
index 482cb08953..eeb1f23ac7 100644
--- a/nuclei-templates/2020/CVE-2020-12104-84ddf5342f72d908358cc5325eb7e319.yaml
+++ b/nuclei-templates/2020/CVE-2020-12104-84ddf5342f72d908358cc5325eb7e319.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress WP-Advanced-Search <= 3.3.6 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-advanced-search/"
     google-query: inurl:"/wp-content/plugins/wp-advanced-search/"
     shodan-query: 'vuln:CVE-2020-12104'
-  tags: cve,wordpress,wp-plugin,wp-advanced-search,high
+  tags: cve,wordpress,wp-plugin,wp-advanced-search,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-12675-a32c5004dd8e3051476b1d2ace4665f9.yaml b/nuclei-templates/2020/CVE-2020-12675-a32c5004dd8e3051476b1d2ace4665f9.yaml
index 270f7d7a08..3af8a2d76e 100644
--- a/nuclei-templates/2020/CVE-2020-12675-a32c5004dd8e3051476b1d2ace4665f9.yaml
+++ b/nuclei-templates/2020/CVE-2020-12675-a32c5004dd8e3051476b1d2ace4665f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MapPress Maps <= 2.54.5 - Remote Code Execution via Improper Capability Checks in AJAX Calls
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/"
     shodan-query: 'vuln:CVE-2020-12675'
-  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,high
+  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-12696-731244d7e48d469d8250ca7d6169422e.yaml b/nuclei-templates/2020/CVE-2020-12696-731244d7e48d469d8250ca7d6169422e.yaml
index 3cab62b23b..c0dad45da9 100644
--- a/nuclei-templates/2020/CVE-2020-12696-731244d7e48d469d8250ca7d6169422e.yaml
+++ b/nuclei-templates/2020/CVE-2020-12696-731244d7e48d469d8250ca7d6169422e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iframe <= 4.4 - Authenticated Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iframe plugin before 4.5 for WordPress does not sanitize a URL.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iframe/"
     google-query: inurl:"/wp-content/plugins/iframe/"
     shodan-query: 'vuln:CVE-2020-12696'
-  tags: cve,wordpress,wp-plugin,iframe,medium
+  tags: cve,wordpress,wp-plugin,iframe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-13126-68b5f15989ca60b284d4dce6601af76b.yaml b/nuclei-templates/2020/CVE-2020-13126-68b5f15989ca60b284d4dce6601af76b.yaml
index 5040e3552a..8bfd193886 100644
--- a/nuclei-templates/2020/CVE-2020-13126-68b5f15989ca60b284d4dce6601af76b.yaml
+++ b/nuclei-templates/2020/CVE-2020-13126-68b5f15989ca60b284d4dce6601af76b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2020-13126'
-  tags: cve,wordpress,wp-plugin,elementor-pro,critical
+  tags: cve,wordpress,wp-plugin,elementor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-13487-a08c651ad045a182d61e4a734b04e24d.yaml b/nuclei-templates/2020/CVE-2020-13487-a08c651ad045a182d61e4a734b04e24d.yaml
index 761f3f7c3e..1235ae1158 100644
--- a/nuclei-templates/2020/CVE-2020-13487-a08c651ad045a182d61e4a734b04e24d.yaml
+++ b/nuclei-templates/2020/CVE-2020-13487-a08c651ad045a182d61e4a734b04e24d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     bbPress <= 2.6.4 -  Authenticated (Admin+) Stored Cross-Site Scripting via the forums list table
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbpress/"
     google-query: inurl:"/wp-content/plugins/bbpress/"
     shodan-query: 'vuln:CVE-2020-13487'
-  tags: cve,wordpress,wp-plugin,bbpress,medium
+  tags: cve,wordpress,wp-plugin,bbpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-13641-8de354ee8a09f1e40abb305d774cf1ed.yaml b/nuclei-templates/2020/CVE-2020-13641-8de354ee8a09f1e40abb305d774cf1ed.yaml
index 964f29608d..cc6db545fd 100644
--- a/nuclei-templates/2020/CVE-2020-13641-8de354ee8a09f1e40abb305d774cf1ed.yaml
+++ b/nuclei-templates/2020/CVE-2020-13641-8de354ee8a09f1e40abb305d774cf1ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real-Time Find and Replace <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/real-time-find-and-replace/"
     google-query: inurl:"/wp-content/plugins/real-time-find-and-replace/"
     shodan-query: 'vuln:CVE-2020-13641'
-  tags: cve,wordpress,wp-plugin,real-time-find-and-replace,high
+  tags: cve,wordpress,wp-plugin,real-time-find-and-replace,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-13642-7df5e5754fb5a3c3ef39f58481635571.yaml b/nuclei-templates/2020/CVE-2020-13642-7df5e5754fb5a3c3ef39f58481635571.yaml
index 9de402298c..f57d35600e 100644
--- a/nuclei-templates/2020/CVE-2020-13642-7df5e5754fb5a3c3ef39f58481635571.yaml
+++ b/nuclei-templates/2020/CVE-2020-13642-7df5e5754fb5a3c3ef39f58481635571.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/siteorigin-panels/"
     google-query: inurl:"/wp-content/plugins/siteorigin-panels/"
     shodan-query: 'vuln:CVE-2020-13642'
-  tags: cve,wordpress,wp-plugin,siteorigin-panels,high
+  tags: cve,wordpress,wp-plugin,siteorigin-panels,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-13643-86d73827337d8244a557bb98a9e7b2f5.yaml b/nuclei-templates/2020/CVE-2020-13643-86d73827337d8244a557bb98a9e7b2f5.yaml
index f56349c112..88b236031a 100644
--- a/nuclei-templates/2020/CVE-2020-13643-86d73827337d8244a557bb98a9e7b2f5.yaml
+++ b/nuclei-templates/2020/CVE-2020-13643-86d73827337d8244a557bb98a9e7b2f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/siteorigin-panels/"
     google-query: inurl:"/wp-content/plugins/siteorigin-panels/"
     shodan-query: 'vuln:CVE-2020-13643'
-  tags: cve,wordpress,wp-plugin,siteorigin-panels,high
+  tags: cve,wordpress,wp-plugin,siteorigin-panels,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-13864-5f7ca58c2ad3d25f19da443baa193352.yaml b/nuclei-templates/2020/CVE-2020-13864-5f7ca58c2ad3d25f19da443baa193352.yaml
index 91eaa18e80..e7a56c77b6 100644
--- a/nuclei-templates/2020/CVE-2020-13864-5f7ca58c2ad3d25f19da443baa193352.yaml
+++ b/nuclei-templates/2020/CVE-2020-13864-5f7ca58c2ad3d25f19da443baa193352.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 2.9.8 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor Website Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2020-13864'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-13865-c04510d8ae6604902066b55cfed338f7.yaml b/nuclei-templates/2020/CVE-2020-13865-c04510d8ae6604902066b55cfed338f7.yaml
index 30107b095f..bddb598b76 100644
--- a/nuclei-templates/2020/CVE-2020-13865-c04510d8ae6604902066b55cfed338f7.yaml
+++ b/nuclei-templates/2020/CVE-2020-13865-c04510d8ae6604902066b55cfed338f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 2.9.8 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor Website Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2020-13865'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-13892-6844db7940c370d06922bd9c5958a18b.yaml b/nuclei-templates/2020/CVE-2020-13892-6844db7940c370d06922bd9c5958a18b.yaml
index 92368dfe1a..566401fcb2 100644
--- a/nuclei-templates/2020/CVE-2020-13892-6844db7940c370d06922bd9c5958a18b.yaml
+++ b/nuclei-templates/2020/CVE-2020-13892-6844db7940c370d06922bd9c5958a18b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SportsPress <= 2.7.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SportsPress plugin before 2.7.2 for WordPress allows XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sportspress/"
     google-query: inurl:"/wp-content/plugins/sportspress/"
     shodan-query: 'vuln:CVE-2020-13892'
-  tags: cve,wordpress,wp-plugin,sportspress,medium
+  tags: cve,wordpress,wp-plugin,sportspress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-14959-63f488767eed871fd699454a474174aa.yaml b/nuclei-templates/2020/CVE-2020-14959-63f488767eed871fd699454a474174aa.yaml
index 55abf99d44..3306bec5b5 100644
--- a/nuclei-templates/2020/CVE-2020-14959-63f488767eed871fd699454a474174aa.yaml
+++ b/nuclei-templates/2020/CVE-2020-14959-63f488767eed871fd699454a474174aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Testimonials <= 3.5.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-testimonials/"
     google-query: inurl:"/wp-content/plugins/easy-testimonials/"
     shodan-query: 'vuln:CVE-2020-14959'
-  tags: cve,wordpress,wp-plugin,easy-testimonials,medium
+  tags: cve,wordpress,wp-plugin,easy-testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-14962-45a46be6bf0ef23f92774359273b99be.yaml b/nuclei-templates/2020/CVE-2020-14962-45a46be6bf0ef23f92774359273b99be.yaml
index 0a429dd859..9be9e0dd12 100644
--- a/nuclei-templates/2020/CVE-2020-14962-45a46be6bf0ef23f92774359273b99be.yaml
+++ b/nuclei-templates/2020/CVE-2020-14962-45a46be6bf0ef23f92774359273b99be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Final Tiles Gallery <= 3.4.18 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/final-tiles-grid-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/final-tiles-grid-gallery-lite/"
     shodan-query: 'vuln:CVE-2020-14962'
-  tags: cve,wordpress,wp-plugin,final-tiles-grid-gallery-lite,medium
+  tags: cve,wordpress,wp-plugin,final-tiles-grid-gallery-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-15020-151a3d01fba73eb2e03af896af5366b4.yaml b/nuclei-templates/2020/CVE-2020-15020-151a3d01fba73eb2e03af896af5366b4.yaml
index a2887457b7..8269dcc9e3 100644
--- a/nuclei-templates/2020/CVE-2020-15020-151a3d01fba73eb2e03af896af5366b4.yaml
+++ b/nuclei-templates/2020/CVE-2020-15020-151a3d01fba73eb2e03af896af5366b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 2.9.13 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2020-15020'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-15038-fbe96ae280b99abe5e90ec130aefb23d.yaml b/nuclei-templates/2020/CVE-2020-15038-fbe96ae280b99abe5e90ec130aefb23d.yaml
index 20131c8d45..b2a49a1e9f 100644
--- a/nuclei-templates/2020/CVE-2020-15038-fbe96ae280b99abe5e90ec130aefb23d.yaml
+++ b/nuclei-templates/2020/CVE-2020-15038-fbe96ae280b99abe5e90ec130aefb23d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon Page by SeedProd <= 5.1.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SeedProd Coming Soon plugin before 5.1.2 for WordPress allows XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coming-soon/"
     google-query: inurl:"/wp-content/plugins/coming-soon/"
     shodan-query: 'vuln:CVE-2020-15038'
-  tags: cve,wordpress,wp-plugin,coming-soon,medium
+  tags: cve,wordpress,wp-plugin,coming-soon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-15364-a1ee8803b42d3b197599b6095f91fefd.yaml b/nuclei-templates/2020/CVE-2020-15364-a1ee8803b42d3b197599b6095f91fefd.yaml
index b62b8782c5..342fac4ff9 100644
--- a/nuclei-templates/2020/CVE-2020-15364-a1ee8803b42d3b197599b6095f91fefd.yaml
+++ b/nuclei-templates/2020/CVE-2020-15364-a1ee8803b42d3b197599b6095f91fefd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nexos - Real Estate WordPress Theme < 1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/nexos/"
     google-query: inurl:"/wp-content/themes/nexos/"
     shodan-query: 'vuln:CVE-2020-15364'
-  tags: cve,wordpress,wp-theme,nexos,medium
+  tags: cve,wordpress,wp-theme,nexos,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-15535-e6c806cffb708ac14203b6a177746aad.yaml b/nuclei-templates/2020/CVE-2020-15535-e6c806cffb708ac14203b6a177746aad.yaml
index b4cbd455b6..8468468c3a 100644
--- a/nuclei-templates/2020/CVE-2020-15535-e6c806cffb708ac14203b6a177746aad.yaml
+++ b/nuclei-templates/2020/CVE-2020-15535-e6c806cffb708ac14203b6a177746aad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Car Rental System <= 1.3 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/car/"
     google-query: inurl:"/wp-content/plugins/car/"
     shodan-query: 'vuln:CVE-2020-15535'
-  tags: cve,wordpress,wp-plugin,car,medium
+  tags: cve,wordpress,wp-plugin,car,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-15537-eef4fef4e9f3255888f8b403eb0a1916.yaml b/nuclei-templates/2020/CVE-2020-15537-eef4fef4e9f3255888f8b403eb0a1916.yaml
index c883554ba1..184eb9572a 100644
--- a/nuclei-templates/2020/CVE-2020-15537-eef4fef4e9f3255888f8b403eb0a1916.yaml
+++ b/nuclei-templates/2020/CVE-2020-15537-eef4fef4e9f3255888f8b403eb0a1916.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vanguard - Marketplace Digital Products PHP7 <= 2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vanguard/"
     google-query: inurl:"/wp-content/plugins/vanguard/"
     shodan-query: 'vuln:CVE-2020-15537'
-  tags: cve,wordpress,wp-plugin,vanguard,medium
+  tags: cve,wordpress,wp-plugin,vanguard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-20406-8f2ebff96481ee5356699783e44b68ea.yaml b/nuclei-templates/2020/CVE-2020-20406-8f2ebff96481ee5356699783e44b68ea.yaml
index 0e13102a08..4663baae0e 100644
--- a/nuclei-templates/2020/CVE-2020-20406-8f2ebff96481ee5356699783e44b68ea.yaml
+++ b/nuclei-templates/2020/CVE-2020-20406-8f2ebff96481ee5356699783e44b68ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 2.9.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2020-20406'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-20625-3f2e88483cb032a762f3e5f925264d0f.yaml b/nuclei-templates/2020/CVE-2020-20625-3f2e88483cb032a762f3e5f925264d0f.yaml
index f21518c53d..dc48c01482 100644
--- a/nuclei-templates/2020/CVE-2020-20625-3f2e88483cb032a762f3e5f925264d0f.yaml
+++ b/nuclei-templates/2020/CVE-2020-20625-3f2e88483cb032a762f3e5f925264d0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sliced Invoices < 3.8.4 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Sliced Invoices plugin for WordPress 3.8.3 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sliced-invoices/"
     google-query: inurl:"/wp-content/plugins/sliced-invoices/"
     shodan-query: 'vuln:CVE-2020-20625'
-  tags: cve,wordpress,wp-plugin,sliced-invoices,high
+  tags: cve,wordpress,wp-plugin,sliced-invoices,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-20626-fbfa55f46b34cda37b3af16eb142622e.yaml b/nuclei-templates/2020/CVE-2020-20626-fbfa55f46b34cda37b3af16eb142622e.yaml
index 94cb4e1dfc..fe44078866 100644
--- a/nuclei-templates/2020/CVE-2020-20626-fbfa55f46b34cda37b3af16eb142622e.yaml
+++ b/nuclei-templates/2020/CVE-2020-20626-fbfa55f46b34cda37b3af16eb142622e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lara Google Analytics <= 2.0.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lara-google-analytics/"
     google-query: inurl:"/wp-content/plugins/lara-google-analytics/"
     shodan-query: 'vuln:CVE-2020-20626'
-  tags: cve,wordpress,wp-plugin,lara-google-analytics,medium
+  tags: cve,wordpress,wp-plugin,lara-google-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-20627-57de8ad14c220bdfc73bc2840b43e6e3.yaml b/nuclei-templates/2020/CVE-2020-20627-57de8ad14c220bdfc73bc2840b43e6e3.yaml
index 6f5d1fef3b..6cdaf22660 100644
--- a/nuclei-templates/2020/CVE-2020-20627-57de8ad14c220bdfc73bc2840b43e6e3.yaml
+++ b/nuclei-templates/2020/CVE-2020-20627-57de8ad14c220bdfc73bc2840b43e6e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.5.9 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2020-20627'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-20628-97711fb53683ab26635f9b3f2754784c.yaml b/nuclei-templates/2020/CVE-2020-20628-97711fb53683ab26635f9b3f2754784c.yaml
index 02247a5fe2..506b59a37f 100644
--- a/nuclei-templates/2020/CVE-2020-20628-97711fb53683ab26635f9b3f2754784c.yaml
+++ b/nuclei-templates/2020/CVE-2020-20628-97711fb53683ab26635f9b3f2754784c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP GDPR <= 2.1.1 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-gdpr-core/"
     google-query: inurl:"/wp-content/plugins/wp-gdpr-core/"
     shodan-query: 'vuln:CVE-2020-20628'
-  tags: cve,wordpress,wp-plugin,wp-gdpr-core,medium
+  tags: cve,wordpress,wp-plugin,wp-gdpr-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-20633-c794524768b79fbeacb43dc638d96e23.yaml b/nuclei-templates/2020/CVE-2020-20633-c794524768b79fbeacb43dc638d96e23.yaml
index f16d3156b2..7d0eecb2b0 100644
--- a/nuclei-templates/2020/CVE-2020-20633-c794524768b79fbeacb43dc638d96e23.yaml
+++ b/nuclei-templates/2020/CVE-2020-20633-c794524768b79fbeacb43dc638d96e23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GDPR Cookie Consent & Compliance Notice <= 1.8.2 - Authenticated Stored Cross-Site Scripting and Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookie-law-info/"
     google-query: inurl:"/wp-content/plugins/cookie-law-info/"
     shodan-query: 'vuln:CVE-2020-20633'
-  tags: cve,wordpress,wp-plugin,cookie-law-info,medium
+  tags: cve,wordpress,wp-plugin,cookie-law-info,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-20634-b165aaaa725c1983b238dd197ed1a7e5.yaml b/nuclei-templates/2020/CVE-2020-20634-b165aaaa725c1983b238dd197ed1a7e5.yaml
index 54f0687701..ce0e0d91c6 100644
--- a/nuclei-templates/2020/CVE-2020-20634-b165aaaa725c1983b238dd197ed1a7e5.yaml
+++ b/nuclei-templates/2020/CVE-2020-20634-b165aaaa725c1983b238dd197ed1a7e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 2.9.5 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2020-20634'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-23762-c2ba29e0e5ecaebf723467e306a8b7e0.yaml b/nuclei-templates/2020/CVE-2020-23762-c2ba29e0e5ecaebf723467e306a8b7e0.yaml
index be3d8e0747..900079d56a 100644
--- a/nuclei-templates/2020/CVE-2020-23762-c2ba29e0e5ecaebf723467e306a8b7e0.yaml
+++ b/nuclei-templates/2020/CVE-2020-23762-c2ba29e0e5ecaebf723467e306a8b7e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Larsens Calender <= 1.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "tite" column on the "Eintrage hinzufugen" tab.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/larsens-calender/"
     google-query: inurl:"/wp-content/plugins/larsens-calender/"
     shodan-query: 'vuln:CVE-2020-23762'
-  tags: cve,wordpress,wp-plugin,larsens-calender,medium
+  tags: cve,wordpress,wp-plugin,larsens-calender,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-24145-846117b538ab9ba30f69a12efe0f9e57.yaml b/nuclei-templates/2020/CVE-2020-24145-846117b538ab9ba30f69a12efe0f9e57.yaml
index 7c08e1f409..41186f7b52 100644
--- a/nuclei-templates/2020/CVE-2020-24145-846117b538ab9ba30f69a12efe0f9e57.yaml
+++ b/nuclei-templates/2020/CVE-2020-24145-846117b538ab9ba30f69a12efe0f9e57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CM Download Manager <= 2.7.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CM Download Manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.7.0 via a crafted deletescreenshot action due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cm-download-manager/"
     google-query: inurl:"/wp-content/plugins/cm-download-manager/"
     shodan-query: 'vuln:CVE-2020-24145'
-  tags: cve,wordpress,wp-plugin,cm-download-manager,medium
+  tags: cve,wordpress,wp-plugin,cm-download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-24315-94d04ee1ef58708b41d6145bfcae5eba.yaml b/nuclei-templates/2020/CVE-2020-24315-94d04ee1ef58708b41d6145bfcae5eba.yaml
index efff60e52e..619b5037f8 100644
--- a/nuclei-templates/2020/CVE-2020-24315-94d04ee1ef58708b41d6145bfcae5eba.yaml
+++ b/nuclei-templates/2020/CVE-2020-24315-94d04ee1ef58708b41d6145bfcae5eba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Poll <= 36 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Poll Plugin for WordPress is vulnerable to blind SQL Injection via the 'pollid' parameter in versions up to, and including, 36 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cardoza-wordpress-poll/"
     google-query: inurl:"/wp-content/plugins/cardoza-wordpress-poll/"
     shodan-query: 'vuln:CVE-2020-24315'
-  tags: cve,wordpress,wp-plugin,cardoza-wordpress-poll,high
+  tags: cve,wordpress,wp-plugin,cardoza-wordpress-poll,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-24699-285685ddf3c4cea5af33e325a30ef210.yaml b/nuclei-templates/2020/CVE-2020-24699-285685ddf3c4cea5af33e325a30ef210.yaml
index bef24e85ec..ee2a70936d 100644
--- a/nuclei-templates/2020/CVE-2020-24699-285685ddf3c4cea5af33e325a30ef210.yaml
+++ b/nuclei-templates/2020/CVE-2020-24699-285685ddf3c4cea5af33e325a30ef210.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chamber Dashboard Business Directory < 3.3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chamber-dashboard-business-directory/"
     google-query: inurl:"/wp-content/plugins/chamber-dashboard-business-directory/"
     shodan-query: 'vuln:CVE-2020-24699'
-  tags: cve,wordpress,wp-plugin,chamber-dashboard-business-directory,medium
+  tags: cve,wordpress,wp-plugin,chamber-dashboard-business-directory,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-24948-6be16d4dc7a3396a4e2044185bf46f84.yaml b/nuclei-templates/2020/CVE-2020-24948-6be16d4dc7a3396a4e2044185bf46f84.yaml
index c205c2ffda..0792aec116 100644
--- a/nuclei-templates/2020/CVE-2020-24948-6be16d4dc7a3396a4e2044185bf46f84.yaml
+++ b/nuclei-templates/2020/CVE-2020-24948-6be16d4dc7a3396a4e2044185bf46f84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Autoptimize <= 2.7.6 - Authenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autoptimize/"
     google-query: inurl:"/wp-content/plugins/autoptimize/"
     shodan-query: 'vuln:CVE-2020-24948'
-  tags: cve,wordpress,wp-plugin,autoptimize,high
+  tags: cve,wordpress,wp-plugin,autoptimize,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-25375-ee95b664445938e62cfbf4d8ed5ffe44.yaml b/nuclei-templates/2020/CVE-2020-25375-ee95b664445938e62cfbf4d8ed5ffe44.yaml
index 1c6c9c8ce0..6df222284d 100644
--- a/nuclei-templates/2020/CVE-2020-25375-ee95b664445938e62cfbf4d8ed5ffe44.yaml
+++ b/nuclei-templates/2020/CVE-2020-25375-ee95b664445938e62cfbf4d8ed5ffe44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP smart CRM & Invoices FREE <= 1.8.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-smart-crm-invoices-free/"
     google-query: inurl:"/wp-content/plugins/wp-smart-crm-invoices-free/"
     shodan-query: 'vuln:CVE-2020-25375'
-  tags: cve,wordpress,wp-plugin,wp-smart-crm-invoices-free,medium
+  tags: cve,wordpress,wp-plugin,wp-smart-crm-invoices-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-25378-4aff32f6f1228de170ce7ff458bf1831.yaml b/nuclei-templates/2020/CVE-2020-25378-4aff32f6f1228de170ce7ff458bf1831.yaml
index 5067581d8b..fd49389910 100644
--- a/nuclei-templates/2020/CVE-2020-25378-4aff32f6f1228de170ce7ff458bf1831.yaml
+++ b/nuclei-templates/2020/CVE-2020-25378-4aff32f6f1228de170ce7ff458bf1831.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Floating Menu <= 1.4.0 - Cross-Site Scripting via id Parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-floating-menu/"
     google-query: inurl:"/wp-content/plugins/wp-floating-menu/"
     shodan-query: 'vuln:CVE-2020-25378'
-  tags: cve,wordpress,wp-plugin,wp-floating-menu,medium
+  tags: cve,wordpress,wp-plugin,wp-floating-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-25379-f904152cc56225725583f8016fc8d925.yaml b/nuclei-templates/2020/CVE-2020-25379-f904152cc56225725583f8016fc8d925.yaml
index 1ff0bc10e6..2552ef9bc5 100644
--- a/nuclei-templates/2020/CVE-2020-25379-f904152cc56225725583f8016fc8d925.yaml
+++ b/nuclei-templates/2020/CVE-2020-25379-f904152cc56225725583f8016fc8d925.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Recall Products <= 0.8 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recall-products/"
     google-query: inurl:"/wp-content/plugins/recall-products/"
     shodan-query: 'vuln:CVE-2020-25379'
-  tags: cve,wordpress,wp-plugin,recall-products,high
+  tags: cve,wordpress,wp-plugin,recall-products,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-25380-75c0e8fcf83cb7fcc7b1f70f65a50a8b.yaml b/nuclei-templates/2020/CVE-2020-25380-75c0e8fcf83cb7fcc7b1f70f65a50a8b.yaml
index 5027ab4b02..bc5bc760e8 100644
--- a/nuclei-templates/2020/CVE-2020-25380-75c0e8fcf83cb7fcc7b1f70f65a50a8b.yaml
+++ b/nuclei-templates/2020/CVE-2020-25380-75c0e8fcf83cb7fcc7b1f70f65a50a8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Recall Products <= 0.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recall-products/"
     google-query: inurl:"/wp-content/plugins/recall-products/"
     shodan-query: 'vuln:CVE-2020-25380'
-  tags: cve,wordpress,wp-plugin,recall-products,medium
+  tags: cve,wordpress,wp-plugin,recall-products,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-26596-f9bf203df336a8e0915eb488a89feed1.yaml b/nuclei-templates/2020/CVE-2020-26596-f9bf203df336a8e0915eb488a89feed1.yaml
index 9c1981aec2..15f1153030 100644
--- a/nuclei-templates/2020/CVE-2020-26596-f9bf203df336a8e0915eb488a89feed1.yaml
+++ b/nuclei-templates/2020/CVE-2020-26596-f9bf203df336a8e0915eb488a89feed1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Pro <= 3.0.5 - Authenticated Remote Code Execution in Dynamic OOO Widget
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2020-26596'
-  tags: cve,wordpress,wp-plugin,elementor-pro,high
+  tags: cve,wordpress,wp-plugin,elementor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-26672-a98e82a7c384a33ad5d0d42365168f67.yaml b/nuclei-templates/2020/CVE-2020-26672-a98e82a7c384a33ad5d0d42365168f67.yaml
index 2917bad1f3..df04aee3db 100644
--- a/nuclei-templates/2020/CVE-2020-26672-a98e82a7c384a33ad5d0d42365168f67.yaml
+++ b/nuclei-templates/2020/CVE-2020-26672-a98e82a7c384a33ad5d0d42365168f67.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial Rotator <= 3.0.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-rotator/"
     google-query: inurl:"/wp-content/plugins/testimonial-rotator/"
     shodan-query: 'vuln:CVE-2020-26672'
-  tags: cve,wordpress,wp-plugin,testimonial-rotator,medium
+  tags: cve,wordpress,wp-plugin,testimonial-rotator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-27344-16f2bcb5cfa3d079c1a300d23d7f7166.yaml b/nuclei-templates/2020/CVE-2020-27344-16f2bcb5cfa3d079c1a300d23d7f7166.yaml
index 908c5fb666..db10729103 100644
--- a/nuclei-templates/2020/CVE-2020-27344-16f2bcb5cfa3d079c1a300d23d7f7166.yaml
+++ b/nuclei-templates/2020/CVE-2020-27344-16f2bcb5cfa3d079c1a300d23d7f7166.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CM Download Manager <= 2.7.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CM Download Manager plugin for WordPress is vulnerable to Authenticated Stored Cross-Site Scripting via the ‘filename’ parameter in versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping. This makes it possible for highly privileged attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cm-download-manager/"
     google-query: inurl:"/wp-content/plugins/cm-download-manager/"
     shodan-query: 'vuln:CVE-2020-27344'
-  tags: cve,wordpress,wp-plugin,cm-download-manager,medium
+  tags: cve,wordpress,wp-plugin,cm-download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-27356-6ecc3e1b29dcd6c7c18d4d37331ca11a.yaml b/nuclei-templates/2020/CVE-2020-27356-6ecc3e1b29dcd6c7c18d4d37331ca11a.yaml
index 730c0e21cf..e916c7097a 100644
--- a/nuclei-templates/2020/CVE-2020-27356-6ecc3e1b29dcd6c7c18d4d37331ca11a.yaml
+++ b/nuclei-templates/2020/CVE-2020-27356-6ecc3e1b29dcd6c7c18d4d37331ca11a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Debug Meta Data <= 1.1.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Debug Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on the a user's user-agent HTTP header value. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/debug-meta-data/"
     google-query: inurl:"/wp-content/plugins/debug-meta-data/"
     shodan-query: 'vuln:CVE-2020-27356'
-  tags: cve,wordpress,wp-plugin,debug-meta-data,medium
+  tags: cve,wordpress,wp-plugin,debug-meta-data,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-28038-8d7f0213118d2e7594c423ff47139a2f.yaml b/nuclei-templates/2020/CVE-2020-28038-8d7f0213118d2e7594c423ff47139a2f.yaml
index 50c5825f24..f5ec3308b4 100644
--- a/nuclei-templates/2020/CVE-2020-28038-8d7f0213118d2e7594c423ff47139a2f.yaml
+++ b/nuclei-templates/2020/CVE-2020-28038-8d7f0213118d2e7594c423ff47139a2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.5.2 - Stored Cross-Site Scripting via post slugs
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress before 5.5.2 allows stored XSS via post slugs.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2020-28038
   metadata:
     shodan-query: 'vuln:CVE-2020-28038'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-28649-a2161b786ba8d84bdb2a3d032cd3b972.yaml b/nuclei-templates/2020/CVE-2020-28649-a2161b786ba8d84bdb2a3d032cd3b972.yaml
index c4641433bd..ca60ef4ee9 100644
--- a/nuclei-templates/2020/CVE-2020-28649-a2161b786ba8d84bdb2a3d032cd3b972.yaml
+++ b/nuclei-templates/2020/CVE-2020-28649-a2161b786ba8d84bdb2a3d032cd3b972.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Child Theme Creator by Orbisius <= 1.5.1 - Cross-Site Request Forgery to Arbitrary File Modification and Creation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file that makes it possible for attackers to modify arbitrary files and create new files to achieve remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/orbisius-child-theme-creator/"
     google-query: inurl:"/wp-content/plugins/orbisius-child-theme-creator/"
     shodan-query: 'vuln:CVE-2020-28649'
-  tags: cve,wordpress,wp-plugin,orbisius-child-theme-creator,high
+  tags: cve,wordpress,wp-plugin,orbisius-child-theme-creator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-28650-ad1820dedb4cef27ae24befa1b1daeac.yaml b/nuclei-templates/2020/CVE-2020-28650-ad1820dedb4cef27ae24befa1b1daeac.yaml
index 5705ffb481..96ddffc7e4 100644
--- a/nuclei-templates/2020/CVE-2020-28650-ad1820dedb4cef27ae24befa1b1daeac.yaml
+++ b/nuclei-templates/2020/CVE-2020-28650-ad1820dedb4cef27ae24befa1b1daeac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBakery Page Builder for WordPress <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPBakery plugin for WordPress, in versions 6.4 and below, was designed with a flaw that could give users with contributor and author level roles the ability to inject malicious JavaScript into pages and posts. This flaw also gave these users the ability to edit other users’ posts. The plugin explicitly disabled any default post HTML filtering checks in the saveAjaxFe function using kses_remove_filters();. This meant that any user with access to the WPBakery builder could inject HTML and JavaScript anywhere in a post using the page builder.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js_composer/"
     google-query: inurl:"/wp-content/plugins/js_composer/"
     shodan-query: 'vuln:CVE-2020-28650'
-  tags: cve,wordpress,wp-plugin,js_composer,medium
+  tags: cve,wordpress,wp-plugin,js_composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-29171-d66601db34445c53f772431589140096.yaml b/nuclei-templates/2020/CVE-2020-29171-d66601db34445c53f772431589140096.yaml
index f3f8cc9df8..f37e22005f 100644
--- a/nuclei-templates/2020/CVE-2020-29171-d66601db34445c53f772431589140096.yaml
+++ b/nuclei-templates/2020/CVE-2020-29171-d66601db34445c53f772431589140096.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One WP Security & Firewall <= 4.4.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/"
     shodan-query: 'vuln:CVE-2020-29171'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-29172-303b76a4a36e60deb08e9b0d0435d79c.yaml b/nuclei-templates/2020/CVE-2020-29172-303b76a4a36e60deb08e9b0d0435d79c.yaml
index dcc1955c5f..3e0ed7aacc 100644
--- a/nuclei-templates/2020/CVE-2020-29172-303b76a4a36e60deb08e9b0d0435d79c.yaml
+++ b/nuclei-templates/2020/CVE-2020-29172-303b76a4a36e60deb08e9b0d0435d79c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LiteSpeed Cache <= 3.6 - Authenticated Stored Cross-Site Scripting via IP setting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/litespeed-cache/"
     google-query: inurl:"/wp-content/plugins/litespeed-cache/"
     shodan-query: 'vuln:CVE-2020-29172'
-  tags: cve,wordpress,wp-plugin,litespeed-cache,medium
+  tags: cve,wordpress,wp-plugin,litespeed-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-29303-f9f8b8101f4a39f1a6ed5a0936c6104f.yaml b/nuclei-templates/2020/CVE-2020-29303-f9f8b8101f4a39f1a6ed5a0936c6104f.yaml
index 2da4462bab..020366e3b0 100644
--- a/nuclei-templates/2020/CVE-2020-29303-f9f8b8101f4a39f1a6ed5a0936c6104f.yaml
+++ b/nuclei-templates/2020/CVE-2020-29303-f9f8b8101f4a39f1a6ed5a0936c6104f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DirectoriesPro Plugin by SabaiApps <= 1.3.45 - Cross-Site Scripting via _drts_form_build_id, _t_ Parameters
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directories/"
     google-query: inurl:"/wp-content/plugins/directories/"
     shodan-query: 'vuln:CVE-2020-29303'
-  tags: cve,wordpress,wp-plugin,directories,medium
+  tags: cve,wordpress,wp-plugin,directories,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35012-83ef28839c75055ae7537f111049194c.yaml b/nuclei-templates/2020/CVE-2020-35012-83ef28839c75055ae7537f111049194c.yaml
index 57bb8086ac..19f65cfd4c 100644
--- a/nuclei-templates/2020/CVE-2020-35012-83ef28839c75055ae7537f111049194c.yaml
+++ b/nuclei-templates/2020/CVE-2020-35012-83ef28839c75055ae7537f111049194c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 5.9.7.3 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2020-35012'
-  tags: cve,wordpress,wp-plugin,events-manager,high
+  tags: cve,wordpress,wp-plugin,events-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35037-7961a00c8fec25ebf767309437be3781.yaml b/nuclei-templates/2020/CVE-2020-35037-7961a00c8fec25ebf767309437be3781.yaml
index db6767f567..eb2fdfe2a2 100644
--- a/nuclei-templates/2020/CVE-2020-35037-7961a00c8fec25ebf767309437be3781.yaml
+++ b/nuclei-templates/2020/CVE-2020-35037-7961a00c8fec25ebf767309437be3781.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 5.9.7.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2020-35037'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35135-47b41bc2712a70e4aff6fb8649c1924a.yaml b/nuclei-templates/2020/CVE-2020-35135-47b41bc2712a70e4aff6fb8649c1924a.yaml
index fb3dddeb93..9cf5feac74 100644
--- a/nuclei-templates/2020/CVE-2020-35135-47b41bc2712a70e4aff6fb8649c1924a.yaml
+++ b/nuclei-templates/2020/CVE-2020-35135-47b41bc2712a70e4aff6fb8649c1924a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Category Excluder <= 1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ultimate Category Excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-category-excluder/"
     google-query: inurl:"/wp-content/plugins/ultimate-category-excluder/"
     shodan-query: 'vuln:CVE-2020-35135'
-  tags: cve,wordpress,wp-plugin,ultimate-category-excluder,high
+  tags: cve,wordpress,wp-plugin,ultimate-category-excluder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35235-d557c696333289ec8d8f662866e89376.yaml b/nuclei-templates/2020/CVE-2020-35235-d557c696333289ec8d8f662866e89376.yaml
index 2ce5c5d603..e1365dfb67 100644
--- a/nuclei-templates/2020/CVE-2020-35235-d557c696333289ec8d8f662866e89376.yaml
+++ b/nuclei-templates/2020/CVE-2020-35235-d557c696333289ec8d8f662866e89376.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Secure File Manager < 2.8.2 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/secure-file-manager/"
     google-query: inurl:"/wp-content/plugins/secure-file-manager/"
     shodan-query: 'vuln:CVE-2020-35235'
-  tags: cve,wordpress,wp-plugin,secure-file-manager,high
+  tags: cve,wordpress,wp-plugin,secure-file-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35489-7f88047eb913450e01c938cb65d8b8a9.yaml b/nuclei-templates/2020/CVE-2020-35489-7f88047eb913450e01c938cb65d8b8a9.yaml
index 9c541d8daf..a0fe630063 100644
--- a/nuclei-templates/2020/CVE-2020-35489-7f88047eb913450e01c938cb65d8b8a9.yaml
+++ b/nuclei-templates/2020/CVE-2020-35489-7f88047eb913450e01c938cb65d8b8a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form 7 <= 5.3.1 - Arbitrary File Upload via Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads in versions up to 5.3.2. This is due to the fact that the plugin allows filenames to contain special characters which may make extension filter evasion possible on certain configurations. Our team was not able to reproduce this issue which leads us to believe there is a high attack complexity or special configuration requirement.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7/"
     google-query: inurl:"/wp-content/plugins/contact-form-7/"
     shodan-query: 'vuln:CVE-2020-35489'
-  tags: cve,wordpress,wp-plugin,contact-form-7,high
+  tags: cve,wordpress,wp-plugin,contact-form-7,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35748-8269712f8aa3f2f54a5b3b611a3288b4.yaml b/nuclei-templates/2020/CVE-2020-35748-8269712f8aa3f2f54a5b3b611a3288b4.yaml
index 72197c8971..47e2d68087 100644
--- a/nuclei-templates/2020/CVE-2020-35748-8269712f8aa3f2f54a5b3b611a3288b4.yaml
+++ b/nuclei-templates/2020/CVE-2020-35748-8269712f8aa3f2f54a5b3b611a3288b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:CVE-2020-35748'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35749-0fc41c225cd6f2ddbf5e247314d75c25.yaml b/nuclei-templates/2020/CVE-2020-35749-0fc41c225cd6f2ddbf5e247314d75c25.yaml
index ae1a4f33ac..a49cc0c065 100644
--- a/nuclei-templates/2020/CVE-2020-35749-0fc41c225cd6f2ddbf5e247314d75c25.yaml
+++ b/nuclei-templates/2020/CVE-2020-35749-0fc41c225cd6f2ddbf5e247314d75c25.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Job Board <= 2.9.3 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-job-board/"
     google-query: inurl:"/wp-content/plugins/simple-job-board/"
     shodan-query: 'vuln:CVE-2020-35749'
-  tags: cve,wordpress,wp-plugin,simple-job-board,high
+  tags: cve,wordpress,wp-plugin,simple-job-board,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35773-4160c9c4da480f4b3c030b1d1b582ea6.yaml b/nuclei-templates/2020/CVE-2020-35773-4160c9c4da480f4b3c030b1d1b582ea6.yaml
index 6a93cdc66e..42c3068d93 100644
--- a/nuclei-templates/2020/CVE-2020-35773-4160c9c4da480f4b3c030b1d1b582ea6.yaml
+++ b/nuclei-templates/2020/CVE-2020-35773-4160c9c4da480f4b3c030b1d1b582ea6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Offline Or Coming Soon Or Maintenance Mode <= 1.4.2 - Cross-Site Request Forgery and Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Site Offline Or Coming Soon Or Maintenance Mode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-offline/"
     google-query: inurl:"/wp-content/plugins/site-offline/"
     shodan-query: 'vuln:CVE-2020-35773'
-  tags: cve,wordpress,wp-plugin,site-offline,high
+  tags: cve,wordpress,wp-plugin,site-offline,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35932-a0918f22ac918ae4fe62db47bcca205c.yaml b/nuclei-templates/2020/CVE-2020-35932-a0918f22ac918ae4fe62db47bcca205c.yaml
index 2ebab18053..53ccdc76f6 100644
--- a/nuclei-templates/2020/CVE-2020-35932-a0918f22ac918ae4fe62db47bcca205c.yaml
+++ b/nuclei-templates/2020/CVE-2020-35932-a0918f22ac918ae4fe62db47bcca205c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter <= 6.8.1 - Authenticated PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletter/"
     google-query: inurl:"/wp-content/plugins/newsletter/"
     shodan-query: 'vuln:CVE-2020-35932'
-  tags: cve,wordpress,wp-plugin,newsletter,high
+  tags: cve,wordpress,wp-plugin,newsletter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35934-7d84c9a9ee6bf717c602d3a38e459b86.yaml b/nuclei-templates/2020/CVE-2020-35934-7d84c9a9ee6bf717c602d3a38e459b86.yaml
index 1edb44b078..5e96b69117 100644
--- a/nuclei-templates/2020/CVE-2020-35934-7d84c9a9ee6bf717c602d3a38e459b86.yaml
+++ b/nuclei-templates/2020/CVE-2020-35934-7d84c9a9ee6bf717c602d3a38e459b86.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Access Manager <= 6.6.1 - Authenticated Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-access-manager/"
     google-query: inurl:"/wp-content/plugins/advanced-access-manager/"
     shodan-query: 'vuln:CVE-2020-35934'
-  tags: cve,wordpress,wp-plugin,advanced-access-manager,medium
+  tags: cve,wordpress,wp-plugin,advanced-access-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35935-2239ca03e49ffeb792ff8f7c625fd4da.yaml b/nuclei-templates/2020/CVE-2020-35935-2239ca03e49ffeb792ff8f7c625fd4da.yaml
index 9c4344063a..e03c2b617e 100644
--- a/nuclei-templates/2020/CVE-2020-35935-2239ca03e49ffeb792ff8f7c625fd4da.yaml
+++ b/nuclei-templates/2020/CVE-2020-35935-2239ca03e49ffeb792ff8f7c625fd4da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Access Manager <= 6.6.1 - Authenticated Authorization Bypass and Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-access-manager/"
     google-query: inurl:"/wp-content/plugins/advanced-access-manager/"
     shodan-query: 'vuln:CVE-2020-35935'
-  tags: cve,wordpress,wp-plugin,advanced-access-manager,high
+  tags: cve,wordpress,wp-plugin,advanced-access-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35942-c41810e93c0c7c558cec6a9a4900b3a7.yaml b/nuclei-templates/2020/CVE-2020-35942-c41810e93c0c7c558cec6a9a4900b3a7.yaml
index ee0c74b290..f971368084 100644
--- a/nuclei-templates/2020/CVE-2020-35942-c41810e93c0c7c558cec6a9a4900b3a7.yaml
+++ b/nuclei-templates/2020/CVE-2020-35942-c41810e93c0c7c558cec6a9a4900b3a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2020-35942'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35943-1c54e12a9145a5f1f1d234c85ecbc8fc.yaml b/nuclei-templates/2020/CVE-2020-35943-1c54e12a9145a5f1f1d234c85ecbc8fc.yaml
index 9b6c9d53ca..df2269da1e 100644
--- a/nuclei-templates/2020/CVE-2020-35943-1c54e12a9145a5f1f1d234c85ecbc8fc.yaml
+++ b/nuclei-templates/2020/CVE-2020-35943-1c54e12a9145a5f1f1d234c85ecbc8fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2020-35943'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35944-03e434d9ea9a280060b3548276610903.yaml b/nuclei-templates/2020/CVE-2020-35944-03e434d9ea9a280060b3548276610903.yaml
index 8795591f74..2061bca78a 100644
--- a/nuclei-templates/2020/CVE-2020-35944-03e434d9ea9a280060b3548276610903.yaml
+++ b/nuclei-templates/2020/CVE-2020-35944-03e434d9ea9a280060b3548276610903.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagelayer/"
     google-query: inurl:"/wp-content/plugins/pagelayer/"
     shodan-query: 'vuln:CVE-2020-35944'
-  tags: cve,wordpress,wp-plugin,pagelayer,high
+  tags: cve,wordpress,wp-plugin,pagelayer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35945-ec458e7be91893393a96a7bb4f01d557.yaml b/nuclei-templates/2020/CVE-2020-35945-ec458e7be91893393a96a7bb4f01d557.yaml
index fde99b7182..46c0bf6959 100644
--- a/nuclei-templates/2020/CVE-2020-35945-ec458e7be91893393a96a7bb4f01d557.yaml
+++ b/nuclei-templates/2020/CVE-2020-35945-ec458e7be91893393a96a7bb4f01d557.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elegant Themes (Multiple Versions) - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side rather than server side.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2020-35945
   metadata:
-    fofa-query: "wp-content/plugins/divi-builder/"
-    google-query: inurl:"/wp-content/plugins/divi-builder/"
+    fofa-query: "wp-content/themes/extra/"
+    google-query: inurl:"/wp-content/themes/extra/"
     shodan-query: 'vuln:CVE-2020-35945'
-  tags: cve,wordpress,wp-plugin,divi-builder,high
+  tags: cve,wordpress,wp-theme,extra,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/divi-builder/readme.txt"
+      - "{{BaseURL}}/wp-content/themes/extra/style.css"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "divi-builder"
+          - "extra"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2020/CVE-2020-35946-a64ce08453bed39084d8a2cea93a9117.yaml b/nuclei-templates/2020/CVE-2020-35946-a64ce08453bed39084d8a2cea93a9117.yaml
index b662a7ddf3..9ee7b323a7 100644
--- a/nuclei-templates/2020/CVE-2020-35946-a64ce08453bed39084d8a2cea93a9117.yaml
+++ b/nuclei-templates/2020/CVE-2020-35946-a64ce08453bed39084d8a2cea93a9117.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO Pack <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:CVE-2020-35946'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-35950-10a6f997b77b37003eabf2a216fdeced.yaml b/nuclei-templates/2020/CVE-2020-35950-10a6f997b77b37003eabf2a216fdeced.yaml
index 89533938c9..9d8baa50f3 100644
--- a/nuclei-templates/2020/CVE-2020-35950-10a6f997b77b37003eabf2a216fdeced.yaml
+++ b/nuclei-templates/2020/CVE-2020-35950-10a6f997b77b37003eabf2a216fdeced.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.152 - Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xcloner-backup-and-restore/"
     google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/"
     shodan-query: 'vuln:CVE-2020-35950'
-  tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,critical
+  tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36156-7e2ae7bf2efb6bc23e281ebe6c72a235.yaml b/nuclei-templates/2020/CVE-2020-36156-7e2ae7bf2efb6bc23e281ebe6c72a235.yaml
index 5ab163c30a..a9ed809e21 100644
--- a/nuclei-templates/2020/CVE-2020-36156-7e2ae7bf2efb6bc23e281ebe6c72a235.yaml
+++ b/nuclei-templates/2020/CVE-2020-36156-7e2ae7bf2efb6bc23e281ebe6c72a235.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.1.11 - Authenticated Privilege Escalation via Profile Update
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2020-36156'
-  tags: cve,wordpress,wp-plugin,ultimate-member,critical
+  tags: cve,wordpress,wp-plugin,ultimate-member,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36170-bcd9ca517989975e14b7cf4813bc0e1b.yaml b/nuclei-templates/2020/CVE-2020-36170-bcd9ca517989975e14b7cf4813bc0e1b.yaml
index 05e8ae09cb..8e5dc5155a 100644
--- a/nuclei-templates/2020/CVE-2020-36170-bcd9ca517989975e14b7cf4813bc0e1b.yaml
+++ b/nuclei-templates/2020/CVE-2020-36170-bcd9ca517989975e14b7cf4813bc0e1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.1.12 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2020-36170'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36172-72b80dd4bc94210ab9dd3b1876e438ee.yaml b/nuclei-templates/2020/CVE-2020-36172-72b80dd4bc94210ab9dd3b1876e438ee.yaml
index 166992bcb2..4c39f9139d 100644
--- a/nuclei-templates/2020/CVE-2020-36172-72b80dd4bc94210ab9dd3b1876e438ee.yaml
+++ b/nuclei-templates/2020/CVE-2020-36172-72b80dd4bc94210ab9dd3b1876e438ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields <= 5.8.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-custom-fields/"
     google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
     shodan-query: 'vuln:CVE-2020-36172'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36173-7a3eb0e4a2da32f4626463054bad7fe1.yaml b/nuclei-templates/2020/CVE-2020-36173-7a3eb0e4a2da32f4626463054bad7fe1.yaml
index 0c6d08ea20..820de64fd7 100644
--- a/nuclei-templates/2020/CVE-2020-36173-7a3eb0e4a2da32f4626463054bad7fe1.yaml
+++ b/nuclei-templates/2020/CVE-2020-36173-7a3eb0e4a2da32f4626463054bad7fe1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2020-36173'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36174-5f51f32d184bdb8a5475d2d0cf4a68e5.yaml b/nuclei-templates/2020/CVE-2020-36174-5f51f32d184bdb8a5475d2d0cf4a68e5.yaml
index aabcd61a7f..11ed4d6843 100644
--- a/nuclei-templates/2020/CVE-2020-36174-5f51f32d184bdb8a5475d2d0cf4a68e5.yaml
+++ b/nuclei-templates/2020/CVE-2020-36174-5f51f32d184bdb8a5475d2d0cf4a68e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Cross-Site Request Forgery to Plugin Installation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. This makes it possible for attackers to install arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2020-36174'
-  tags: cve,wordpress,wp-plugin,ninja-forms,high
+  tags: cve,wordpress,wp-plugin,ninja-forms,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36503-b0b49bce1c15ad148a5058e1154b417c.yaml b/nuclei-templates/2020/CVE-2020-36503-b0b49bce1c15ad148a5058e1154b417c.yaml
index 895064ce70..91bcd1e736 100644
--- a/nuclei-templates/2020/CVE-2020-36503-b0b49bce1c15ad148a5058e1154b417c.yaml
+++ b/nuclei-templates/2020/CVE-2020-36503-b0b49bce1c15ad148a5058e1154b417c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Connections Business Directory <= 9.6 - Authenticated CSV Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/connections/"
     google-query: inurl:"/wp-content/plugins/connections/"
     shodan-query: 'vuln:CVE-2020-36503'
-  tags: cve,wordpress,wp-plugin,connections,high
+  tags: cve,wordpress,wp-plugin,connections,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36656-74062d3bc6524d681fbfe5faf76c4ab5.yaml b/nuclei-templates/2020/CVE-2020-36656-74062d3bc6524d681fbfe5faf76c4ab5.yaml
index 9ffb239b14..f8c7a7f3f5 100644
--- a/nuclei-templates/2020/CVE-2020-36656-74062d3bc6524d681fbfe5faf76c4ab5.yaml
+++ b/nuclei-templates/2020/CVE-2020-36656-74062d3bc6524d681fbfe5faf76c4ab5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spectra – WordPress Gutenberg Blocks <= 1.14.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.14.11 due to insufficient sanitizing of input in Gutenberg blocks. This makes it possible for contributors, or higher privileged users, to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/"
     shodan-query: 'vuln:CVE-2020-36656'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36666-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/2020/CVE-2020-36666-c1fc6421a52e6ac7d9b0f476667cd29a.yaml
index b394c2b816..44a338c5e0 100644
--- a/nuclei-templates/2020/CVE-2020-36666-c1fc6421a52e6ac7d9b0f476667cd29a.yaml
+++ b/nuclei-templates/2020/CVE-2020-36666-c1fc6421a52e6ac7d9b0f476667cd29a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Multiple plugins by the vendor E-plugins are vulnerable to privilege escalation due to insufficient restriction on several functions called via AJAX actions that set a user's role based on supplied role information. This makes it possible authenticated, subscriber-level and above attackers to elevate their privileges to that of an administrator.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2020-36666
   metadata:
-    fofa-query: "wp-content/plugins/hotel-listing/"
-    google-query: inurl:"/wp-content/plugins/hotel-listing/"
+    fofa-query: "wp-content/plugins/final-user-wp-frontend-user-profiles/"
+    google-query: inurl:"/wp-content/plugins/final-user-wp-frontend-user-profiles/"
     shodan-query: 'vuln:CVE-2020-36666'
-  tags: cve,wordpress,wp-plugin,hotel-listing,high
+  tags: cve,wordpress,wp-plugin,final-user-wp-frontend-user-profiles,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/hotel-listing/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/final-user-wp-frontend-user-profiles/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "hotel-listing"
+          - "final-user-wp-frontend-user-profiles"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.3.7')
\ No newline at end of file
+          - compare_versions(version, '< 1.2.2')
\ No newline at end of file
diff --git a/nuclei-templates/2020/CVE-2020-36667-506d872307a475af76e6ae5402a1e474.yaml b/nuclei-templates/2020/CVE-2020-36667-506d872307a475af76e6ae5402a1e474.yaml
index 0b75123543..8269ce9199 100644
--- a/nuclei-templates/2020/CVE-2020-36667-506d872307a475af76e6ae5402a1e474.yaml
+++ b/nuclei-templates/2020/CVE-2020-36667-506d872307a475af76e6ae5402a1e474.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup/"
     google-query: inurl:"/wp-content/plugins/backup/"
     shodan-query: 'vuln:CVE-2020-36667'
-  tags: cve,wordpress,wp-plugin,backup,medium
+  tags: cve,wordpress,wp-plugin,backup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36669-8bb122c471113121afc3ab2c199c2c7d.yaml b/nuclei-templates/2020/CVE-2020-36669-8bb122c471113121afc3ab2c199c2c7d.yaml
index fdf0f80379..b1097c51be 100644
--- a/nuclei-templates/2020/CVE-2020-36669-8bb122c471113121afc3ab2c199c2c7d.yaml
+++ b/nuclei-templates/2020/CVE-2020-36669-8bb122c471113121afc3ab2c199c2c7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JetBackup – WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup/"
     google-query: inurl:"/wp-content/plugins/backup/"
     shodan-query: 'vuln:CVE-2020-36669'
-  tags: cve,wordpress,wp-plugin,backup,high
+  tags: cve,wordpress,wp-plugin,backup,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36670-ff2527cc6b81652aecd5a77ac2a8b673.yaml b/nuclei-templates/2020/CVE-2020-36670-ff2527cc6b81652aecd5a77ac2a8b673.yaml
index 678aecc4d2..34273e9258 100644
--- a/nuclei-templates/2020/CVE-2020-36670-ff2527cc6b81652aecd5a77ac2a8b673.yaml
+++ b/nuclei-templates/2020/CVE-2020-36670-ff2527cc6b81652aecd5a77ac2a8b673.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2020-36670'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36701-28f8218d0cd81907d78e413554e9b440.yaml b/nuclei-templates/2020/CVE-2020-36701-28f8218d0cd81907d78e413554e9b440.yaml
index 8b5b448430..2b1c5a77a7 100644
--- a/nuclei-templates/2020/CVE-2020-36701-28f8218d0cd81907d78e413554e9b440.yaml
+++ b/nuclei-templates/2020/CVE-2020-36701-28f8218d0cd81907d78e413554e9b440.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: KingComposer < 2.9.4 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kingcomposer/"
     google-query: inurl:"/wp-content/plugins/kingcomposer/"
     shodan-query: 'vuln:CVE-2020-36701'
-  tags: cve,wordpress,wp-plugin,kingcomposer,high
+  tags: cve,wordpress,wp-plugin,kingcomposer,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36702-c5f769a2ad53c678c35d169acd9dd76e.yaml b/nuclei-templates/2020/CVE-2020-36702-c5f769a2ad53c678c35d169acd9dd76e.yaml
index 0d01283234..340c23843d 100644
--- a/nuclei-templates/2020/CVE-2020-36702-c5f769a2ad53c678c35d169acd9dd76e.yaml
+++ b/nuclei-templates/2020/CVE-2020-36702-c5f769a2ad53c678c35d169acd9dd76e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spectra – WordPress Gutenberg Blocks <= 1.14.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/"
     shodan-query: 'vuln:CVE-2020-36702'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36703-727d2f92da48e178eefceef10fd279f0.yaml b/nuclei-templates/2020/CVE-2020-36703-727d2f92da48e178eefceef10fd279f0.yaml
index 66f441aed5..b8d2651217 100644
--- a/nuclei-templates/2020/CVE-2020-36703-727d2f92da48e178eefceef10fd279f0.yaml
+++ b/nuclei-templates/2020/CVE-2020-36703-727d2f92da48e178eefceef10fd279f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2020-36703'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36704-547ae69e23e79945ee41118869bf3151.yaml b/nuclei-templates/2020/CVE-2020-36704-547ae69e23e79945ee41118869bf3151.yaml
index 89cc078bf4..9d6827e2e9 100644
--- a/nuclei-templates/2020/CVE-2020-36704-547ae69e23e79945ee41118869bf3151.yaml
+++ b/nuclei-templates/2020/CVE-2020-36704-547ae69e23e79945ee41118869bf3151.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fruitful < 3.8.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/fruitful/"
     google-query: inurl:"/wp-content/themes/fruitful/"
     shodan-query: 'vuln:CVE-2020-36704'
-  tags: cve,wordpress,wp-theme,fruitful,medium
+  tags: cve,wordpress,wp-theme,fruitful,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36707-473adc971897213907d43bcafc37522c.yaml b/nuclei-templates/2020/CVE-2020-36707-473adc971897213907d43bcafc37522c.yaml
index 99f59dd1f6..71a11fe7ac 100644
--- a/nuclei-templates/2020/CVE-2020-36707-473adc971897213907d43bcafc37522c.yaml
+++ b/nuclei-templates/2020/CVE-2020-36707-473adc971897213907d43bcafc37522c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and perform otherwise unauthorized access and actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nifty-coming-soon-and-under-construction-page/"
     google-query: inurl:"/wp-content/plugins/nifty-coming-soon-and-under-construction-page/"
     shodan-query: 'vuln:CVE-2020-36707'
-  tags: cve,wordpress,wp-plugin,nifty-coming-soon-and-under-construction-page,high
+  tags: cve,wordpress,wp-plugin,nifty-coming-soon-and-under-construction-page,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36708-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/2020/CVE-2020-36708-a746469ba08e7ad3eaafd923d2717c92.yaml
index 257288de50..0be4ba7966 100644
--- a/nuclei-templates/2020/CVE-2020-36708-a746469ba08e7ad3eaafd923d2717c92.yaml
+++ b/nuclei-templates/2020/CVE-2020-36708-a746469ba08e7ad3eaafd923d2717c92.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2020-36708
   metadata:
-    fofa-query: "wp-content/themes/allegiant/"
-    google-query: inurl:"/wp-content/themes/allegiant/"
+    fofa-query: "wp-content/themes/pixova-lite/"
+    google-query: inurl:"/wp-content/themes/pixova-lite/"
     shodan-query: 'vuln:CVE-2020-36708'
-  tags: cve,wordpress,wp-theme,allegiant,critical
+  tags: cve,wordpress,wp-theme,pixova-lite,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/allegiant/style.css"
+      - "{{BaseURL}}/wp-content/themes/pixova-lite/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "allegiant"
+          - "pixova-lite"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.2.2')
\ No newline at end of file
+          - compare_versions(version, '<= 2.0.5')
\ No newline at end of file
diff --git a/nuclei-templates/2020/CVE-2020-36709-f10892c912aef9cf076885d5c4fde1a7.yaml b/nuclei-templates/2020/CVE-2020-36709-f10892c912aef9cf076885d5c4fde1a7.yaml
index be5cab68a3..90b0c0191a 100644
--- a/nuclei-templates/2020/CVE-2020-36709-f10892c912aef9cf076885d5c4fde1a7.yaml
+++ b/nuclei-templates/2020/CVE-2020-36709-f10892c912aef9cf076885d5c4fde1a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: KingComposer < 2.9.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kingcomposer/"
     google-query: inurl:"/wp-content/plugins/kingcomposer/"
     shodan-query: 'vuln:CVE-2020-36709'
-  tags: cve,wordpress,wp-plugin,kingcomposer,medium
+  tags: cve,wordpress,wp-plugin,kingcomposer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36711-51e019b787984ebb59dc9257a3fe25a4.yaml b/nuclei-templates/2020/CVE-2020-36711-51e019b787984ebb59dc9257a3fe25a4.yaml
index ac8591577d..ceec23709c 100644
--- a/nuclei-templates/2020/CVE-2020-36711-51e019b787984ebb59dc9257a3fe25a4.yaml
+++ b/nuclei-templates/2020/CVE-2020-36711-51e019b787984ebb59dc9257a3fe25a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada  <= 6.2.2 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2020-36711'
-  tags: cve,wordpress,wp-theme,Avada,medium
+  tags: cve,wordpress,wp-theme,Avada,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36717-171d068f6ec1f7c5f7f36a222d7d8329.yaml b/nuclei-templates/2020/CVE-2020-36717-171d068f6ec1f7c5f7f36a222d7d8329.yaml
index 9752805a65..03005451f7 100644
--- a/nuclei-templates/2020/CVE-2020-36717-171d068f6ec1f7c5f7f36a222d7d8329.yaml
+++ b/nuclei-templates/2020/CVE-2020-36717-171d068f6ec1f7c5f7f36a222d7d8329.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kali Forms <= 2.1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kali-forms/"
     google-query: inurl:"/wp-content/plugins/kali-forms/"
     shodan-query: 'vuln:CVE-2020-36717'
-  tags: cve,wordpress,wp-plugin,kali-forms,high
+  tags: cve,wordpress,wp-plugin,kali-forms,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36721-72ccbc519dc7d87cb6145ad667cfc553.yaml b/nuclei-templates/2020/CVE-2020-36721-72ccbc519dc7d87cb6145ad667cfc553.yaml
index 6f0c38f6c7..f0aeaca5cd 100644
--- a/nuclei-templates/2020/CVE-2020-36721-72ccbc519dc7d87cb6145ad667cfc553.yaml
+++ b/nuclei-templates/2020/CVE-2020-36721-72ccbc519dc7d87cb6145ad667cfc553.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2020-36721
   metadata:
-    fofa-query: "wp-content/themes/newspaper-x/"
-    google-query: inurl:"/wp-content/themes/newspaper-x/"
+    fofa-query: "wp-content/themes/activello/"
+    google-query: inurl:"/wp-content/themes/activello/"
     shodan-query: 'vuln:CVE-2020-36721'
-  tags: cve,wordpress,wp-theme,newspaper-x,medium
+  tags: cve,wordpress,wp-theme,activello,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/newspaper-x/style.css"
+      - "{{BaseURL}}/wp-content/themes/activello/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "newspaper-x"
+          - "activello"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.3.1')
\ No newline at end of file
+          - compare_versions(version, '<= 1.4.0')
\ No newline at end of file
diff --git a/nuclei-templates/2020/CVE-2020-36722-b1162d19127bf06b82fd09bfd50f373f.yaml b/nuclei-templates/2020/CVE-2020-36722-b1162d19127bf06b82fd09bfd50f373f.yaml
index d0cac20ec0..07dbcc0cf0 100644
--- a/nuclei-templates/2020/CVE-2020-36722-b1162d19127bf06b82fd09bfd50f373f.yaml
+++ b/nuclei-templates/2020/CVE-2020-36722-b1162d19127bf06b82fd09bfd50f373f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Composer <= 26.0 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visualcomposer/"
     google-query: inurl:"/wp-content/plugins/visualcomposer/"
     shodan-query: 'vuln:CVE-2020-36722'
-  tags: cve,wordpress,wp-plugin,visualcomposer,medium
+  tags: cve,wordpress,wp-plugin,visualcomposer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-36725-728e240a198c7c451039858fc71e171c.yaml b/nuclei-templates/2020/CVE-2020-36725-728e240a198c7c451039858fc71e171c.yaml
index 582cd8ad4c..e2f54ff6a7 100644
--- a/nuclei-templates/2020/CVE-2020-36725-728e240a198c7c451039858fc71e171c.yaml
+++ b/nuclei-templates/2020/CVE-2020-36725-728e240a198c7c451039858fc71e171c.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2020-36725
   metadata:
-    fofa-query: "wp-content/plugins/ti-woocommerce-wishlist/"
-    google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist/"
+    fofa-query: "wp-content/plugins/ti-woocommerce-wishlist-premium/"
+    google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist-premium/"
     shodan-query: 'vuln:CVE-2020-36725'
-  tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist,high
+  tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist-premium,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist-premium/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "ti-woocommerce-wishlist"
+          - "ti-woocommerce-wishlist-premium"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.21.11')
\ No newline at end of file
+          - compare_versions(version, '<= 1.21.4')
\ No newline at end of file
diff --git a/nuclei-templates/2020/CVE-2020-36729-6009aafd4759ca9a9de1f0b928158a27.yaml b/nuclei-templates/2020/CVE-2020-36729-6009aafd4759ca9a9de1f0b928158a27.yaml
index 8b8059f3d9..d8217d5c8a 100644
--- a/nuclei-templates/2020/CVE-2020-36729-6009aafd4759ca9a9de1f0b928158a27.yaml
+++ b/nuclei-templates/2020/CVE-2020-36729-6009aafd4759ca9a9de1f0b928158a27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow, Image Slider by 2J  <= 1.3.31 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers (Subscriber, or above level access) to allow attackers to perform otherwise restricted actions and subsequently deactivate any plugins on the blog.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/2j-slideshow/"
     google-query: inurl:"/wp-content/plugins/2j-slideshow/"
     shodan-query: 'vuln:CVE-2020-36729'
-  tags: cve,wordpress,wp-plugin,2j-slideshow,medium
+  tags: cve,wordpress,wp-plugin,2j-slideshow,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-4046-3c2c8b06162030c304a3d8608d66a5c9.yaml b/nuclei-templates/2020/CVE-2020-4046-3c2c8b06162030c304a3d8608d66a5c9.yaml
index 3b54fca808..8f3aeb42f6 100644
--- a/nuclei-templates/2020/CVE-2020-4046-3c2c8b06162030c304a3d8608d66a5c9.yaml
+++ b/nuclei-templates/2020/CVE-2020-4046-3c2c8b06162030c304a3d8608d66a5c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2020-4046
   metadata:
     shodan-query: 'vuln:CVE-2020-4046'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-4047-bb9587c8922bec5591eb7af4043b1550.yaml b/nuclei-templates/2020/CVE-2020-4047-bb9587c8922bec5591eb7af4043b1550.yaml
index 3c0680b112..94859bc947 100644
--- a/nuclei-templates/2020/CVE-2020-4047-bb9587c8922bec5591eb7af4043b1550.yaml
+++ b/nuclei-templates/2020/CVE-2020-4047-bb9587c8922bec5591eb7af4043b1550.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2020-4047
   metadata:
     shodan-query: 'vuln:CVE-2020-4047'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5391-2b0533cd6930889b564dac0001232de1.yaml b/nuclei-templates/2020/CVE-2020-5391-2b0533cd6930889b564dac0001232de1.yaml
index 949d051525..9296c70d74 100644
--- a/nuclei-templates/2020/CVE-2020-5391-2b0533cd6930889b564dac0001232de1.yaml
+++ b/nuclei-templates/2020/CVE-2020-5391-2b0533cd6930889b564dac0001232de1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login by Auth0 <= 3.11.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auth0/"
     google-query: inurl:"/wp-content/plugins/auth0/"
     shodan-query: 'vuln:CVE-2020-5391'
-  tags: cve,wordpress,wp-plugin,auth0,high
+  tags: cve,wordpress,wp-plugin,auth0,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5392-74d2043a574ab69cbbb11dda595211e3.yaml b/nuclei-templates/2020/CVE-2020-5392-74d2043a574ab69cbbb11dda595211e3.yaml
index 1f62e8479f..10ff2a36b9 100644
--- a/nuclei-templates/2020/CVE-2020-5392-74d2043a574ab69cbbb11dda595211e3.yaml
+++ b/nuclei-templates/2020/CVE-2020-5392-74d2043a574ab69cbbb11dda595211e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login by Auth0 Plugin <= 3.11.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Login by Auth0 Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auth0/"
     google-query: inurl:"/wp-content/plugins/auth0/"
     shodan-query: 'vuln:CVE-2020-5392'
-  tags: cve,wordpress,wp-plugin,auth0,medium
+  tags: cve,wordpress,wp-plugin,auth0,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5530-e049cf9cff2a64ed7bf022044d018fad.yaml b/nuclei-templates/2020/CVE-2020-5530-e049cf9cff2a64ed7bf022044d018fad.yaml
index d180da0221..116aaed4d1 100644
--- a/nuclei-templates/2020/CVE-2020-5530-e049cf9cff2a64ed7bf022044d018fad.yaml
+++ b/nuclei-templates/2020/CVE-2020-5530-e049cf9cff2a64ed7bf022044d018fad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Property Listings < 3.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-property-listings/"
     google-query: inurl:"/wp-content/plugins/easy-property-listings/"
     shodan-query: 'vuln:CVE-2020-5530'
-  tags: cve,wordpress,wp-plugin,easy-property-listings,high
+  tags: cve,wordpress,wp-plugin,easy-property-listings,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5579-d6f22dc7688630789d302268152d865d.yaml b/nuclei-templates/2020/CVE-2020-5579-d6f22dc7688630789d302268152d865d.yaml
index e5e66f767a..99bed3a21a 100644
--- a/nuclei-templates/2020/CVE-2020-5579-d6f22dc7688630789d302268152d865d.yaml
+++ b/nuclei-templates/2020/CVE-2020-5579-d6f22dc7688630789d302268152d865d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:CVE-2020-5579'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5611-a0f089d6e873fbb7be028eaafb4cd0fc.yaml b/nuclei-templates/2020/CVE-2020-5611-a0f089d6e873fbb7be028eaafb4cd0fc.yaml
index c45d08285d..708c938503 100644
--- a/nuclei-templates/2020/CVE-2020-5611-a0f089d6e873fbb7be028eaafb4cd0fc.yaml
+++ b/nuclei-templates/2020/CVE-2020-5611-a0f089d6e873fbb7be028eaafb4cd0fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Rocket – Social Sharing Plugin < 1.2.10 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2020-5611/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2020-5611/"
     shodan-query: 'vuln:CVE-2020-5611'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2020-5611,high
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2020-5611,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5642-802c4864b87b89e6df06fc16568188de.yaml b/nuclei-templates/2020/CVE-2020-5642-802c4864b87b89e6df06fc16568188de.yaml
index 7d0ee84362..9a7bf0b617 100644
--- a/nuclei-templates/2020/CVE-2020-5642-802c4864b87b89e6df06fc16568188de.yaml
+++ b/nuclei-templates/2020/CVE-2020-5642-802c4864b87b89e6df06fc16568188de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Live Chat – Live support <= 3.1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/onwebchat/"
     google-query: inurl:"/wp-content/plugins/onwebchat/"
     shodan-query: 'vuln:CVE-2020-5642'
-  tags: cve,wordpress,wp-plugin,onwebchat,high
+  tags: cve,wordpress,wp-plugin,onwebchat,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5650-5d5eee8781ce2674b2c2c40cb2fcc273.yaml b/nuclei-templates/2020/CVE-2020-5650-5d5eee8781ce2674b2c2c40cb2fcc273.yaml
index ede6d0488a..541ee837b9 100644
--- a/nuclei-templates/2020/CVE-2020-5650-5d5eee8781ce2674b2c2c40cb2fcc273.yaml
+++ b/nuclei-templates/2020/CVE-2020-5650-5d5eee8781ce2674b2c2c40cb2fcc273.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Download Monitor <= 3.8.8 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Download Monitor plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping on the User-Agent header. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-download-monitor/"
     google-query: inurl:"/wp-content/plugins/simple-download-monitor/"
     shodan-query: 'vuln:CVE-2020-5650'
-  tags: cve,wordpress,wp-plugin,simple-download-monitor,medium
+  tags: cve,wordpress,wp-plugin,simple-download-monitor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5651-94d6413af5bdd7c5410cee1dbb9ba3ce.yaml b/nuclei-templates/2020/CVE-2020-5651-94d6413af5bdd7c5410cee1dbb9ba3ce.yaml
index f0dfea3135..3b7863a774 100644
--- a/nuclei-templates/2020/CVE-2020-5651-94d6413af5bdd7c5410cee1dbb9ba3ce.yaml
+++ b/nuclei-templates/2020/CVE-2020-5651-94d6413af5bdd7c5410cee1dbb9ba3ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Download Monitor <= 3.8.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Simple Download Monitor plugin for WordPress is vulnerable to generic SQL Injection in versions up to, and including, 3.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database if an authenticated user clicks on a malicious URL.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-download-monitor/"
     google-query: inurl:"/wp-content/plugins/simple-download-monitor/"
     shodan-query: 'vuln:CVE-2020-5651'
-  tags: cve,wordpress,wp-plugin,simple-download-monitor,high
+  tags: cve,wordpress,wp-plugin,simple-download-monitor,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5766-44e9876427663f96d92e4c3c678955d5.yaml b/nuclei-templates/2020/CVE-2020-5766-44e9876427663f96d92e4c3c678955d5.yaml
index c58e53894d..5352c12675 100644
--- a/nuclei-templates/2020/CVE-2020-5766-44e9876427663f96d92e4c3c678955d5.yaml
+++ b/nuclei-templates/2020/CVE-2020-5766-44e9876427663f96d92e4c3c678955d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SRS Simple Hits Counter Plugin for WordPress 1.03 - 1.04 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/srs-simple-hits-counter/"
     google-query: inurl:"/wp-content/plugins/srs-simple-hits-counter/"
     shodan-query: 'vuln:CVE-2020-5766'
-  tags: cve,wordpress,wp-plugin,srs-simple-hits-counter,high
+  tags: cve,wordpress,wp-plugin,srs-simple-hits-counter,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5767-880b88155b22c7b6bb28fecc96be5e0e.yaml b/nuclei-templates/2020/CVE-2020-5767-880b88155b22c7b6bb28fecc96be5e0e.yaml
index 681a0efb78..09bfd6e060 100644
--- a/nuclei-templates/2020/CVE-2020-5767-880b88155b22c7b6bb28fecc96be5e0e.yaml
+++ b/nuclei-templates/2020/CVE-2020-5767-880b88155b22c7b6bb28fecc96be5e0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram Email Subscribers & Newsletters Plugin for WordPress <= 4.5.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.5.0 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2020-5767'
-  tags: cve,wordpress,wp-plugin,email-subscribers,high
+  tags: cve,wordpress,wp-plugin,email-subscribers,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-5768-52ad0bdca5afebb4c884c4a9d304e243.yaml b/nuclei-templates/2020/CVE-2020-5768-52ad0bdca5afebb4c884c4a9d304e243.yaml
index 69eff7dbca..d58006e558 100644
--- a/nuclei-templates/2020/CVE-2020-5768-52ad0bdca5afebb4c884c4a9d304e243.yaml
+++ b/nuclei-templates/2020/CVE-2020-5768-52ad0bdca5afebb4c884c4a9d304e243.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram Email Subscribers & Newsletters <= 4.5.0 - Authenticated SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2020-5768'
-  tags: cve,wordpress,wp-plugin,email-subscribers,medium
+  tags: cve,wordpress,wp-plugin,email-subscribers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-6010-79a6d64a3a134f3b86c4ab9063f7bbeb.yaml b/nuclei-templates/2020/CVE-2020-6010-79a6d64a3a134f3b86c4ab9063f7bbeb.yaml
index 985a9d2ebe..b270136da5 100644
--- a/nuclei-templates/2020/CVE-2020-6010-79a6d64a3a134f3b86c4ab9063f7bbeb.yaml
+++ b/nuclei-templates/2020/CVE-2020-6010-79a6d64a3a134f3b86c4ab9063f7bbeb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 3.2.6.7 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2020-6010'
-  tags: cve,wordpress,wp-plugin,learnpress,high
+  tags: cve,wordpress,wp-plugin,learnpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-6166-6ff8db6967b717d0cf958b73dfda5c1c.yaml b/nuclei-templates/2020/CVE-2020-6166-6ff8db6967b717d0cf958b73dfda5c1c.yaml
index fe6699269a..bd0abc1312 100644
--- a/nuclei-templates/2020/CVE-2020-6166-6ff8db6967b717d0cf958b73dfda5c1c.yaml
+++ b/nuclei-templates/2020/CVE-2020-6166-6ff8db6967b717d0cf958b73dfda5c1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Minimal Coming Soon & Maintenance Mode <= 2.16 - Missing Authorization to Export Settings/Theme Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/minimal-coming-soon-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/minimal-coming-soon-maintenance-mode/"
     shodan-query: 'vuln:CVE-2020-6166'
-  tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-6167-843fe9a3debf8db188ba99413c342e16.yaml b/nuclei-templates/2020/CVE-2020-6167-843fe9a3debf8db188ba99413c342e16.yaml
index 9b7b14d916..6c964863dc 100644
--- a/nuclei-templates/2020/CVE-2020-6167-843fe9a3debf8db188ba99413c342e16.yaml
+++ b/nuclei-templates/2020/CVE-2020-6167-843fe9a3debf8db188ba99413c342e16.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Minimal Coming Soon & Maintenance Mode <= 2.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Setting Changes
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/minimal-coming-soon-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/minimal-coming-soon-maintenance-mode/"
     shodan-query: 'vuln:CVE-2020-6167'
-  tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,high
+  tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-6849-8d38cd4f2bf680c2b1b244824fc691f8.yaml b/nuclei-templates/2020/CVE-2020-6849-8d38cd4f2bf680c2b1b244824fc691f8.yaml
index 2b4b339038..f4a2c4f38e 100644
--- a/nuclei-templates/2020/CVE-2020-6849-8d38cd4f2bf680c2b1b244824fc691f8.yaml
+++ b/nuclei-templates/2020/CVE-2020-6849-8d38cd4f2bf680c2b1b244824fc691f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Marketo Forms and Tracking <= 1.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/marketo-forms-and-tracking/"
     google-query: inurl:"/wp-content/plugins/marketo-forms-and-tracking/"
     shodan-query: 'vuln:CVE-2020-6849'
-  tags: cve,wordpress,wp-plugin,marketo-forms-and-tracking,high
+  tags: cve,wordpress,wp-plugin,marketo-forms-and-tracking,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-6850-6125bda092f086c6d166ad135d42c4ef.yaml b/nuclei-templates/2020/CVE-2020-6850-6125bda092f086c6d166ad135d42c4ef.yaml
index b4d967d97c..f98c895b32 100644
--- a/nuclei-templates/2020/CVE-2020-6850-6125bda092f086c6d166ad135d42c4ef.yaml
+++ b/nuclei-templates/2020/CVE-2020-6850-6125bda092f086c6d166ad135d42c4ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SAML Single Sign On – SAML SSO Login <= 4.8.83 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-saml-20-single-sign-on/"
     google-query: inurl:"/wp-content/plugins/miniorange-saml-20-single-sign-on/"
     shodan-query: 'vuln:CVE-2020-6850'
-  tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,medium
+  tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-7055-d16f5d5a117e59e23a5a604664dfe044.yaml b/nuclei-templates/2020/CVE-2020-7055-d16f5d5a117e59e23a5a604664dfe044.yaml
index 8b0e7a161b..cc96e9c9be 100644
--- a/nuclei-templates/2020/CVE-2020-7055-d16f5d5a117e59e23a5a604664dfe044.yaml
+++ b/nuclei-templates/2020/CVE-2020-7055-d16f5d5a117e59e23a5a604664dfe044.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 2.7.4 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Elementor Website Builder plugin for WordPress is vulnerable to arbitrary file upload by subscriber level users and above due to missing authorization on the Import Templates function, which makes it possible for attackers to gain remote code execution. This affects versions up to 2.7.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2020-7055'
-  tags: cve,wordpress,wp-plugin,elementor,high
+  tags: cve,wordpress,wp-plugin,elementor,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-7228-83141551066454cfa3570b7b645030aa.yaml b/nuclei-templates/2020/CVE-2020-7228-83141551066454cfa3570b7b645030aa.yaml
index 0c93713c67..e503601056 100644
--- a/nuclei-templates/2020/CVE-2020-7228-83141551066454cfa3570b7b645030aa.yaml
+++ b/nuclei-templates/2020/CVE-2020-7228-83141551066454cfa3570b7b645030aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calculated Fields Form <= 1.0.353 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calculated-fields-form/"
     google-query: inurl:"/wp-content/plugins/calculated-fields-form/"
     shodan-query: 'vuln:CVE-2020-7228'
-  tags: cve,wordpress,wp-plugin,calculated-fields-form,medium
+  tags: cve,wordpress,wp-plugin,calculated-fields-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-7239-a48a527c714ec711ca739eed07091779.yaml b/nuclei-templates/2020/CVE-2020-7239-a48a527c714ec711ca739eed07091779.yaml
index 715c456653..a60ba0ec76 100644
--- a/nuclei-templates/2020/CVE-2020-7239-a48a527c714ec711ca739eed07091779.yaml
+++ b/nuclei-templates/2020/CVE-2020-7239-a48a527c714ec711ca739eed07091779.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chatbot with IBM Watson < 0.8.21 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Chatbot with IBM Watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/conversation-watson/"
     google-query: inurl:"/wp-content/plugins/conversation-watson/"
     shodan-query: 'vuln:CVE-2020-7239'
-  tags: cve,wordpress,wp-plugin,conversation-watson,medium
+  tags: cve,wordpress,wp-plugin,conversation-watson,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-8417-39bc2edd346e28405d70531e51a8164a.yaml b/nuclei-templates/2020/CVE-2020-8417-39bc2edd346e28405d70531e51a8164a.yaml
index 71ed559c1b..cd9a752fb2 100644
--- a/nuclei-templates/2020/CVE-2020-8417-39bc2edd346e28405d70531e51a8164a.yaml
+++ b/nuclei-templates/2020/CVE-2020-8417-39bc2edd346e28405d70531e51a8164a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Code Snippets <= 2.13.3 - Cross-Site Request Forgery to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/code-snippets/"
     google-query: inurl:"/wp-content/plugins/code-snippets/"
     shodan-query: 'vuln:CVE-2020-8417'
-  tags: cve,wordpress,wp-plugin,code-snippets,high
+  tags: cve,wordpress,wp-plugin,code-snippets,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-8435-5d65a7992972ebe63734d1fdf7ce6dcd.yaml b/nuclei-templates/2020/CVE-2020-8435-5d65a7992972ebe63734d1fdf7ce6dcd.yaml
index 2d3d9d79ab..c4a6213f5d 100644
--- a/nuclei-templates/2020/CVE-2020-8435-5d65a7992972ebe63734d1fdf7ce6dcd.yaml
+++ b/nuclei-templates/2020/CVE-2020-8435-5d65a7992972ebe63734d1fdf7ce6dcd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic - Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     An issue was discovered in the RegistrationMagic plugin 4.6.0.2 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2020-8435'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-8436-f7a999ea17927c5e9ebebc775b43318c.yaml b/nuclei-templates/2020/CVE-2020-8436-f7a999ea17927c5e9ebebc775b43318c.yaml
index 0ab215e72a..5290882dc4 100644
--- a/nuclei-templates/2020/CVE-2020-8436-f7a999ea17927c5e9ebebc775b43318c.yaml
+++ b/nuclei-templates/2020/CVE-2020-8436-f7a999ea17927c5e9ebebc775b43318c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     XSS was discovered in the RegistrationMagic plugin 4.6.0.1 for WordPress via the rm_form_id, rm_tr, or form_name parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2020-8436'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-8498-4e01c0b287f81a38f8a747fdacd53194.yaml b/nuclei-templates/2020/CVE-2020-8498-4e01c0b287f81a38f8a747fdacd53194.yaml
index a7799efa1c..fc41316a8c 100644
--- a/nuclei-templates/2020/CVE-2020-8498-4e01c0b287f81a38f8a747fdacd53194.yaml
+++ b/nuclei-templates/2020/CVE-2020-8498-4e01c0b287f81a38f8a747fdacd53194.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GistPress < 3.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gistpress/"
     google-query: inurl:"/wp-content/plugins/gistpress/"
     shodan-query: 'vuln:CVE-2020-8498'
-  tags: cve,wordpress,wp-plugin,gistpress,medium
+  tags: cve,wordpress,wp-plugin,gistpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-8594-0b4ef9eb693a7e87ce6cfca4623c180a.yaml b/nuclei-templates/2020/CVE-2020-8594-0b4ef9eb693a7e87ce6cfca4623c180a.yaml
index e2aeb9dd5f..13fdbb09be 100644
--- a/nuclei-templates/2020/CVE-2020-8594-0b4ef9eb693a7e87ce6cfca4623c180a.yaml
+++ b/nuclei-templates/2020/CVE-2020-8594-0b4ef9eb693a7e87ce6cfca4623c180a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 3.4.22 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2020-8594'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-8596-07270c625770ea55406700bd4faf8963.yaml b/nuclei-templates/2020/CVE-2020-8596-07270c625770ea55406700bd4faf8963.yaml
index 0ed0f4266b..c56f33298b 100644
--- a/nuclei-templates/2020/CVE-2020-8596-07270c625770ea55406700bd4faf8963.yaml
+++ b/nuclei-templates/2020/CVE-2020-8596-07270c625770ea55406700bd4faf8963.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Participants Database <= 1.9.5.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/participants-database/"
     google-query: inurl:"/wp-content/plugins/participants-database/"
     shodan-query: 'vuln:CVE-2020-8596'
-  tags: cve,wordpress,wp-plugin,participants-database,high
+  tags: cve,wordpress,wp-plugin,participants-database,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-8615-b4ca6e1dc02a9ba7306fb5b7361185cc.yaml b/nuclei-templates/2020/CVE-2020-8615-b4ca6e1dc02a9ba7306fb5b7361185cc.yaml
index 436f89c380..6fbb2b92ac 100644
--- a/nuclei-templates/2020/CVE-2020-8615-b4ca6e1dc02a9ba7306fb5b7361185cc.yaml
+++ b/nuclei-templates/2020/CVE-2020-8615-b4ca6e1dc02a9ba7306fb5b7361185cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS < 1.5.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2020-8615'
-  tags: cve,wordpress,wp-plugin,tutor,high
+  tags: cve,wordpress,wp-plugin,tutor,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-8658-edec211af3b7dbc24681331832d822e4.yaml b/nuclei-templates/2020/CVE-2020-8658-edec211af3b7dbc24681331832d822e4.yaml
index d3a06a375a..976ba5a272 100644
--- a/nuclei-templates/2020/CVE-2020-8658-edec211af3b7dbc24681331832d822e4.yaml
+++ b/nuclei-templates/2020/CVE-2020-8658-edec211af3b7dbc24681331832d822e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Htaccess <= 1.8.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/htaccess/"
     google-query: inurl:"/wp-content/plugins/htaccess/"
     shodan-query: 'vuln:CVE-2020-8658'
-  tags: cve,wordpress,wp-plugin,htaccess,high
+  tags: cve,wordpress,wp-plugin,htaccess,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-8799-bea1167e010c002491bae397468a7fde.yaml b/nuclei-templates/2020/CVE-2020-8799-bea1167e010c002491bae397468a7fde.yaml
index 2828fe8a08..7a4ef0372d 100644
--- a/nuclei-templates/2020/CVE-2020-8799-bea1167e010c002491bae397468a7fde.yaml
+++ b/nuclei-templates/2020/CVE-2020-8799-bea1167e010c002491bae397468a7fde.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WTI Like Post <= 1.4.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wti-like-post/"
     google-query: inurl:"/wp-content/plugins/wti-like-post/"
     shodan-query: 'vuln:CVE-2020-8799'
-  tags: cve,wordpress,wp-plugin,wti-like-post,medium
+  tags: cve,wordpress,wp-plugin,wti-like-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9003-010a08c8c856a2f4fe4e778e18ce7576.yaml b/nuclei-templates/2020/CVE-2020-9003-010a08c8c856a2f4fe4e778e18ce7576.yaml
index b7efdcb0fa..3940d1e779 100644
--- a/nuclei-templates/2020/CVE-2020-9003-010a08c8c856a2f4fe4e778e18ce7576.yaml
+++ b/nuclei-templates/2020/CVE-2020-9003-010a08c8c856a2f4fe4e778e18ce7576.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modula Image Gallery <= 2.2.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modula-best-grid-gallery/"
     google-query: inurl:"/wp-content/plugins/modula-best-grid-gallery/"
     shodan-query: 'vuln:CVE-2020-9003'
-  tags: cve,wordpress,wp-plugin,modula-best-grid-gallery,medium
+  tags: cve,wordpress,wp-plugin,modula-best-grid-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9019-52e9c784ee926500b6a7a44692c6aef8.yaml b/nuclei-templates/2020/CVE-2020-9019-52e9c784ee926500b6a7a44692c6aef8.yaml
index b516dc27ed..39267d86b0 100644
--- a/nuclei-templates/2020/CVE-2020-9019-52e9c784ee926500b6a7a44692c6aef8.yaml
+++ b/nuclei-templates/2020/CVE-2020-9019-52e9c784ee926500b6a7a44692c6aef8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPJobBoard <= 5.5.3 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpjobboard/"
     google-query: inurl:"/wp-content/plugins/wpjobboard/"
     shodan-query: 'vuln:CVE-2020-9019'
-  tags: cve,wordpress,wp-plugin,wpjobboard,medium
+  tags: cve,wordpress,wp-plugin,wpjobboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9334-493dd00fbad457efffd98380feee37ad.yaml b/nuclei-templates/2020/CVE-2020-9334-493dd00fbad457efffd98380feee37ad.yaml
index 9c99e3a96c..7eb47772d0 100644
--- a/nuclei-templates/2020/CVE-2020-9334-493dd00fbad457efffd98380feee37ad.yaml
+++ b/nuclei-templates/2020/CVE-2020-9334-493dd00fbad457efffd98380feee37ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Envira Photo Gallery <= 1.7.6 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/envira-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/envira-gallery-lite/"
     shodan-query: 'vuln:CVE-2020-9334'
-  tags: cve,wordpress,wp-plugin,envira-gallery-lite,medium
+  tags: cve,wordpress,wp-plugin,envira-gallery-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9335-9f00578ac1259c4fd1c8b9de9165324f.yaml b/nuclei-templates/2020/CVE-2020-9335-9f00578ac1259c4fd1c8b9de9165324f.yaml
index 000cd682bb..726e3261f8 100644
--- a/nuclei-templates/2020/CVE-2020-9335-9f00578ac1259c4fd1c8b9de9165324f.yaml
+++ b/nuclei-templates/2020/CVE-2020-9335-9f00578ac1259c4fd1c8b9de9165324f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.5.45 - Multiple Cross-Site Scripting Issues
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2020-9335'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9371-297cb3aa5bbfd9cc7b8af82349a82915.yaml b/nuclei-templates/2020/CVE-2020-9371-297cb3aa5bbfd9cc7b8af82349a82915.yaml
index 086f99a31b..0b9587791f 100644
--- a/nuclei-templates/2020/CVE-2020-9371-297cb3aa5bbfd9cc7b8af82349a82915.yaml
+++ b/nuclei-templates/2020/CVE-2020-9371-297cb3aa5bbfd9cc7b8af82349a82915.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Booking Calendar <= 1.3.34 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/appointment-booking-calendar/"
     google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/"
     shodan-query: 'vuln:CVE-2020-9371'
-  tags: cve,wordpress,wp-plugin,appointment-booking-calendar,medium
+  tags: cve,wordpress,wp-plugin,appointment-booking-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9394-a0cf0c70320b9077a478823de4b5e05c.yaml b/nuclei-templates/2020/CVE-2020-9394-a0cf0c70320b9077a478823de4b5e05c.yaml
index c14a3eb190..04081ced93 100644
--- a/nuclei-templates/2020/CVE-2020-9394-a0cf0c70320b9077a478823de4b5e05c.yaml
+++ b/nuclei-templates/2020/CVE-2020-9394-a0cf0c70320b9077a478823de4b5e05c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pricing-table-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/pricing-table-by-supsystic/"
     shodan-query: 'vuln:CVE-2020-9394'
-  tags: cve,wordpress,wp-plugin,pricing-table-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,pricing-table-by-supsystic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9454-eab40a7edf5f2e1a98131d79813fdf48.yaml b/nuclei-templates/2020/CVE-2020-9454-eab40a7edf5f2e1a98131d79813fdf48.yaml
index 4aacbc8630..4515ac489c 100644
--- a/nuclei-templates/2020/CVE-2020-9454-eab40a7edf5f2e1a98131d79813fdf48.yaml
+++ b/nuclei-templates/2020/CVE-2020-9454-eab40a7edf5f2e1a98131d79813fdf48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Cross-Site Request Forgery to Settings Modification
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2020-9454'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9455-8f8b97c7d5c0b9ba282a6dfa6a5c0131.yaml b/nuclei-templates/2020/CVE-2020-9455-8f8b97c7d5c0b9ba282a6dfa6a5c0131.yaml
index d710d7898c..90e1f31f8a 100644
--- a/nuclei-templates/2020/CVE-2020-9455-8f8b97c7d5c0b9ba282a6dfa6a5c0131.yaml
+++ b/nuclei-templates/2020/CVE-2020-9455-8f8b97c7d5c0b9ba282a6dfa6a5c0131.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Email Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2020-9455'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9456-1d190b0241a92bf4c0712f3b939e7393.yaml b/nuclei-templates/2020/CVE-2020-9456-1d190b0241a92bf4c0712f3b939e7393.yaml
index b3ac8bcc04..5f968fbcce 100644
--- a/nuclei-templates/2020/CVE-2020-9456-1d190b0241a92bf4c0712f3b939e7393.yaml
+++ b/nuclei-templates/2020/CVE-2020-9456-1d190b0241a92bf4c0712f3b939e7393.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Privilege Escalation
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2020-9456'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9457-750b74705bdff8d7fe8b29d226f6a7fb.yaml b/nuclei-templates/2020/CVE-2020-9457-750b74705bdff8d7fe8b29d226f6a7fb.yaml
index 1f64c84821..0616501228 100644
--- a/nuclei-templates/2020/CVE-2020-9457-750b74705bdff8d7fe8b29d226f6a7fb.yaml
+++ b/nuclei-templates/2020/CVE-2020-9457-750b74705bdff8d7fe8b29d226f6a7fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Settings Import to Privilege Escalation
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2020-9457'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9458-4ebf8466ab7647227779ddf8d6ac3494.yaml b/nuclei-templates/2020/CVE-2020-9458-4ebf8466ab7647227779ddf8d6ac3494.yaml
index 12cd5c127c..7e8e6ccb82 100644
--- a/nuclei-templates/2020/CVE-2020-9458-4ebf8466ab7647227779ddf8d6ac3494.yaml
+++ b/nuclei-templates/2020/CVE-2020-9458-4ebf8466ab7647227779ddf8d6ac3494.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Settings and User Data Export
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2020-9458'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9459-7ec9f64a1c57f6403dfdbff51a32f9cb.yaml b/nuclei-templates/2020/CVE-2020-9459-7ec9f64a1c57f6403dfdbff51a32f9cb.yaml
index 9caf170961..3607edf4b2 100644
--- a/nuclei-templates/2020/CVE-2020-9459-7ec9f64a1c57f6403dfdbff51a32f9cb.yaml
+++ b/nuclei-templates/2020/CVE-2020-9459-7ec9f64a1c57f6403dfdbff51a32f9cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar Lite <= 5.1.6 - Missing Authorization to Stored Cross-Site Scripting and Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2020-9459'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2020/CVE-2020-9514-ce70b843af38d7c69c95be8ff1b26205.yaml b/nuclei-templates/2020/CVE-2020-9514-ce70b843af38d7c69c95be8ff1b26205.yaml
index 2675577f78..d1ac29c403 100644
--- a/nuclei-templates/2020/CVE-2020-9514-ce70b843af38d7c69c95be8ff1b26205.yaml
+++ b/nuclei-templates/2020/CVE-2020-9514-ce70b843af38d7c69c95be8ff1b26205.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IMPress for IDX Broker <= 2.6.1 - Authenticated Arbitrary Post Creation, Modification, and Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page).  This is due to missing capability and nonce checks on two of its Ajax actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/idx-broker-platinum/"
     google-query: inurl:"/wp-content/plugins/idx-broker-platinum/"
     shodan-query: 'vuln:CVE-2020-9514'
-  tags: cve,wordpress,wp-plugin,idx-broker-platinum,high
+  tags: cve,wordpress,wp-plugin,idx-broker-platinum,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20652-e5ace19f8910dfb41dd382bdef641807.yaml b/nuclei-templates/2021/CVE-2021-20652-e5ace19f8910dfb41dd382bdef641807.yaml
index 98d4590a50..7486f0305a 100644
--- a/nuclei-templates/2021/CVE-2021-20652-e5ace19f8910dfb41dd382bdef641807.yaml
+++ b/nuclei-templates/2021/CVE-2021-20652-e5ace19f8910dfb41dd382bdef641807.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Name Directory <= 1.17.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/name-directory/"
     google-query: inurl:"/wp-content/plugins/name-directory/"
     shodan-query: 'vuln:CVE-2021-20652'
-  tags: cve,wordpress,wp-plugin,name-directory,high
+  tags: cve,wordpress,wp-plugin,name-directory,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20678-9d10b05b216e9b3725f77f2e756c3bb4.yaml b/nuclei-templates/2021/CVE-2021-20678-9d10b05b216e9b3725f77f2e756c3bb4.yaml
index d82bb03dc0..2dbf995fca 100644
--- a/nuclei-templates/2021/CVE-2021-20678-9d10b05b216e9b3725f77f2e756c3bb4.yaml
+++ b/nuclei-templates/2021/CVE-2021-20678-9d10b05b216e9b3725f77f2e756c3bb4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro <= 2.5.5 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:CVE-2021-20678'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,high
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20714-5159dc207c489f95e16ee89d4e708b82.yaml b/nuclei-templates/2021/CVE-2021-20714-5159dc207c489f95e16ee89d4e708b82.yaml
index 553a0377bf..cd0cf7583a 100644
--- a/nuclei-templates/2021/CVE-2021-20714-5159dc207c489f95e16ee89d4e708b82.yaml
+++ b/nuclei-templates/2021/CVE-2021-20714-5159dc207c489f95e16ee89d4e708b82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 0.9.1.6 - Authenticated (Admin+) Directory Traversal to Arbitrary File Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2021-20714'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20746-178d99b6f6579f15b7e84dce26c43816.yaml b/nuclei-templates/2021/CVE-2021-20746-178d99b6f6579f15b7e84dce26c43816.yaml
index 965c218a7c..d8b4f65904 100644
--- a/nuclei-templates/2021/CVE-2021-20746-178d99b6f6579f15b7e84dce26c43816.yaml
+++ b/nuclei-templates/2021/CVE-2021-20746-178d99b6f6579f15b7e84dce26c43816.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Popular Posts <= 5.3.2 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-popular-posts/"
     google-query: inurl:"/wp-content/plugins/wordpress-popular-posts/"
     shodan-query: 'vuln:CVE-2021-20746'
-  tags: cve,wordpress,wp-plugin,wordpress-popular-posts,medium
+  tags: cve,wordpress,wp-plugin,wordpress-popular-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20779-a97999937eba2822f909f308d3c02136.yaml b/nuclei-templates/2021/CVE-2021-20779-a97999937eba2822f909f308d3c02136.yaml
index 1e859e5598..890777a344 100644
--- a/nuclei-templates/2021/CVE-2021-20779-a97999937eba2822f909f308d3c02136.yaml
+++ b/nuclei-templates/2021/CVE-2021-20779-a97999937eba2822f909f308d3c02136.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Email Template Designer < 3.0.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-html-mail/"
     google-query: inurl:"/wp-content/plugins/wp-html-mail/"
     shodan-query: 'vuln:CVE-2021-20779'
-  tags: cve,wordpress,wp-plugin,wp-html-mail,high
+  tags: cve,wordpress,wp-plugin,wp-html-mail,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20781-388ffda3d201191cb375824a74d92ffc.yaml b/nuclei-templates/2021/CVE-2021-20781-388ffda3d201191cb375824a74d92ffc.yaml
index b8665c6142..ef6b368a51 100644
--- a/nuclei-templates/2021/CVE-2021-20781-388ffda3d201191cb375824a74d92ffc.yaml
+++ b/nuclei-templates/2021/CVE-2021-20781-388ffda3d201191cb375824a74d92ffc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meta Data Filter & Taxonomies Filter <= 1.2.7.2 -  Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Meta Data Filter & Taxonomies Filter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions versions prior to v.2.2.8. This is due to missing or incorrect nonce validation on the draw_settings_page() function. This makes it possible for unauthenticated attackers to inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     shodan-query: 'vuln:CVE-2021-20781'
-  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,high
+  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20782-b0e0ed74ea2c963635231dd123335584.yaml b/nuclei-templates/2021/CVE-2021-20782-b0e0ed74ea2c963635231dd123335584.yaml
index 23aec7e82d..d4da8fe301 100644
--- a/nuclei-templates/2021/CVE-2021-20782-b0e0ed74ea2c963635231dd123335584.yaml
+++ b/nuclei-templates/2021/CVE-2021-20782-b0e0ed74ea2c963635231dd123335584.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Software License Manager < 4.4.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/software-license-manager/"
     google-query: inurl:"/wp-content/plugins/software-license-manager/"
     shodan-query: 'vuln:CVE-2021-20782'
-  tags: cve,wordpress,wp-plugin,software-license-manager,high
+  tags: cve,wordpress,wp-plugin,software-license-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20792-20fec9c706022c27227f812437225b4b.yaml b/nuclei-templates/2021/CVE-2021-20792-20fec9c706022c27227f812437225b4b.yaml
index 8cd839402b..a60f7a2c96 100644
--- a/nuclei-templates/2021/CVE-2021-20792-20fec9c706022c27227f812437225b4b.yaml
+++ b/nuclei-templates/2021/CVE-2021-20792-20fec9c706022c27227f812437225b4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz and Survey Master <= 7.1.13 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2021-20792'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20831-d6eff878d5e751e7448431e370bd1e18.yaml b/nuclei-templates/2021/CVE-2021-20831-d6eff878d5e751e7448431e370bd1e18.yaml
index 222f4fd6c6..febd5ff71f 100644
--- a/nuclei-templates/2021/CVE-2021-20831-d6eff878d5e751e7448431e370bd1e18.yaml
+++ b/nuclei-templates/2021/CVE-2021-20831-d6eff878d5e751e7448431e370bd1e18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OG Tags <= 2.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in OG Tags versions prior to 2.0.2 allows a remote attacker to hijack the authentication of administrators and unintended operation may be performed via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/og-tags/"
     google-query: inurl:"/wp-content/plugins/og-tags/"
     shodan-query: 'vuln:CVE-2021-20831'
-  tags: cve,wordpress,wp-plugin,og-tags,high
+  tags: cve,wordpress,wp-plugin,og-tags,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20846-1aa0482b62398dab21c7b36e9908a28d.yaml b/nuclei-templates/2021/CVE-2021-20846-1aa0482b62398dab21c7b36e9908a28d.yaml
index 9dbd9430ef..4f547476aa 100644
--- a/nuclei-templates/2021/CVE-2021-20846-1aa0482b62398dab21c7b36e9908a28d.yaml
+++ b/nuclei-templates/2021/CVE-2021-20846-1aa0482b62398dab21c7b36e9908a28d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Push Notifications for WordPress (Lite) < 6.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/push-notifications-for-wp/"
     google-query: inurl:"/wp-content/plugins/push-notifications-for-wp/"
     shodan-query: 'vuln:CVE-2021-20846'
-  tags: cve,wordpress,wp-plugin,push-notifications-for-wp,high
+  tags: cve,wordpress,wp-plugin,push-notifications-for-wp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20851-99e41ed657ab27362dc617dd94edb65f.yaml b/nuclei-templates/2021/CVE-2021-20851-99e41ed657ab27362dc617dd94edb65f.yaml
index be0c1d6c50..5225d12f4c 100644
--- a/nuclei-templates/2021/CVE-2021-20851-99e41ed657ab27362dc617dd94edb65f.yaml
+++ b/nuclei-templates/2021/CVE-2021-20851-99e41ed657ab27362dc617dd94edb65f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Browser and Operating System Finder <= 1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/browser-and-operating-system-finder/"
     google-query: inurl:"/wp-content/plugins/browser-and-operating-system-finder/"
     shodan-query: 'vuln:CVE-2021-20851'
-  tags: cve,wordpress,wp-plugin,browser-and-operating-system-finder,high
+  tags: cve,wordpress,wp-plugin,browser-and-operating-system-finder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-20865-3a746fc902e2b6559213043452550064.yaml b/nuclei-templates/2021/CVE-2021-20865-3a746fc902e2b6559213043452550064.yaml
index f3b1402911..59ce5c4ca2 100644
--- a/nuclei-templates/2021/CVE-2021-20865-3a746fc902e2b6559213043452550064.yaml
+++ b/nuclei-templates/2021/CVE-2021-20865-3a746fc902e2b6559213043452550064.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2021-20865
   metadata:
-    fofa-query: "wp-content/plugins/advanced-custom-fields/"
-    google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
+    fofa-query: "wp-content/plugins/advanced-custom-fields-pro/"
+    google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/"
     shodan-query: 'vuln:CVE-2021-20865'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,high
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "advanced-custom-fields"
+          - "advanced-custom-fields-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2021/CVE-2021-20866-d907690c5c767a972864a779d8ced723.yaml b/nuclei-templates/2021/CVE-2021-20866-d907690c5c767a972864a779d8ced723.yaml
index c460345f4c..1c96f00608 100644
--- a/nuclei-templates/2021/CVE-2021-20866-d907690c5c767a972864a779d8ced723.yaml
+++ b/nuclei-templates/2021/CVE-2021-20866-d907690c5c767a972864a779d8ced723.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2021-20866
   metadata:
-    fofa-query: "wp-content/plugins/advanced-custom-fields/"
-    google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
+    fofa-query: "wp-content/plugins/advanced-custom-fields-pro/"
+    google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/"
     shodan-query: 'vuln:CVE-2021-20866'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "advanced-custom-fields"
+          - "advanced-custom-fields-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2021/CVE-2021-20867-db2d8a1251fb5f78024e34146e92e4d0.yaml b/nuclei-templates/2021/CVE-2021-20867-db2d8a1251fb5f78024e34146e92e4d0.yaml
index 51f0903205..2e990d1713 100644
--- a/nuclei-templates/2021/CVE-2021-20867-db2d8a1251fb5f78024e34146e92e4d0.yaml
+++ b/nuclei-templates/2021/CVE-2021-20867-db2d8a1251fb5f78024e34146e92e4d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields <= 5.10 - Missing Authorization on Option Changes
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2021-20867
   metadata:
-    fofa-query: "wp-content/plugins/advanced-custom-fields/"
-    google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
+    fofa-query: "wp-content/plugins/advanced-custom-fields-pro/"
+    google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/"
     shodan-query: 'vuln:CVE-2021-20867'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "advanced-custom-fields"
+          - "advanced-custom-fields-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2021/CVE-2021-23150-c05da70d5ed77ea30636d59ab804aaa2.yaml b/nuclei-templates/2021/CVE-2021-23150-c05da70d5ed77ea30636d59ab804aaa2.yaml
index 68616335fd..d756c02ec5 100644
--- a/nuclei-templates/2021/CVE-2021-23150-c05da70d5ed77ea30636d59ab804aaa2.yaml
+++ b/nuclei-templates/2021/CVE-2021-23150-c05da70d5ed77ea30636d59ab804aaa2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AMP for WP – Accelerated Mobile Pages <= 1.0.77.31 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accelerated-mobile-pages/"
     google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/"
     shodan-query: 'vuln:CVE-2021-23150'
-  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,medium
+  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-23174-9156a008e8a44bce922b7f9ab6484346.yaml b/nuclei-templates/2021/CVE-2021-23174-9156a008e8a44bce922b7f9ab6484346.yaml
index a68a00fccd..f52b8a1b96 100644
--- a/nuclei-templates/2021/CVE-2021-23174-9156a008e8a44bce922b7f9ab6484346.yaml
+++ b/nuclei-templates/2021/CVE-2021-23174-9156a008e8a44bce922b7f9ab6484346.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 4.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:CVE-2021-23174'
-  tags: cve,wordpress,wp-plugin,download-monitor,medium
+  tags: cve,wordpress,wp-plugin,download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-23209-c7b7a15003ffbb80a100eb159e64a8bf.yaml b/nuclei-templates/2021/CVE-2021-23209-c7b7a15003ffbb80a100eb159e64a8bf.yaml
index 0f7d070d14..4d19b5162e 100644
--- a/nuclei-templates/2021/CVE-2021-23209-c7b7a15003ffbb80a100eb159e64a8bf.yaml
+++ b/nuclei-templates/2021/CVE-2021-23209-c7b7a15003ffbb80a100eb159e64a8bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AMP for WP <= 1.0.77.32 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accelerated-mobile-pages/"
     google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/"
     shodan-query: 'vuln:CVE-2021-23209'
-  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,medium
+  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-23227-f8e9e8a25542e313c19a4d2c9a30bf10.yaml b/nuclei-templates/2021/CVE-2021-23227-f8e9e8a25542e313c19a4d2c9a30bf10.yaml
index e32707a3b0..9873b4c633 100644
--- a/nuclei-templates/2021/CVE-2021-23227-f8e9e8a25542e313c19a4d2c9a30bf10.yaml
+++ b/nuclei-templates/2021/CVE-2021-23227-f8e9e8a25542e313c19a4d2c9a30bf10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PHP Everywhere <= 2.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The PHP Everywhere plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to conduct unspecified potential attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/php-everywhere/"
     google-query: inurl:"/wp-content/plugins/php-everywhere/"
     shodan-query: 'vuln:CVE-2021-23227'
-  tags: cve,wordpress,wp-plugin,php-everywhere,high
+  tags: cve,wordpress,wp-plugin,php-everywhere,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24123-2a2fe738939a9e67d5cb46ca54ca2af9.yaml b/nuclei-templates/2021/CVE-2021-24123-2a2fe738939a9e67d5cb46ca54ca2af9.yaml
index fdb554ed28..39ade3f1a8 100644
--- a/nuclei-templates/2021/CVE-2021-24123-2a2fe738939a9e67d5cb46ca54ca2af9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24123-2a2fe738939a9e67d5cb46ca54ca2af9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPress <= 8.3.7 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.7, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpress/"
     google-query: inurl:"/wp-content/plugins/powerpress/"
     shodan-query: 'vuln:CVE-2021-24123'
-  tags: cve,wordpress,wp-plugin,powerpress,high
+  tags: cve,wordpress,wp-plugin,powerpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24125-fa320a52a4bd2b6a6f52aad5ce1ea74d.yaml b/nuclei-templates/2021/CVE-2021-24125-fa320a52a4bd2b6a6f52aad5ce1ea74d.yaml
index 24da37cb74..4688bad3e3 100644
--- a/nuclei-templates/2021/CVE-2021-24125-fa320a52a4bd2b6a6f52aad5ce1ea74d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24125-fa320a52a4bd2b6a6f52aad5ce1ea74d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Submissions <= 1.7 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-submissions/"
     google-query: inurl:"/wp-content/plugins/contact-form-submissions/"
     shodan-query: 'vuln:CVE-2021-24125'
-  tags: cve,wordpress,wp-plugin,contact-form-submissions,high
+  tags: cve,wordpress,wp-plugin,contact-form-submissions,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24126-cc4dabd01e1338fc09aa2ef444904587.yaml b/nuclei-templates/2021/CVE-2021-24126-cc4dabd01e1338fc09aa2ef444904587.yaml
index c4b73a3c38..e4f5b7f494 100644
--- a/nuclei-templates/2021/CVE-2021-24126-cc4dabd01e1338fc09aa2ef444904587.yaml
+++ b/nuclei-templates/2021/CVE-2021-24126-cc4dabd01e1338fc09aa2ef444904587.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Envira Gallery Lite <= 1.8.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/envira-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/envira-gallery-lite/"
     shodan-query: 'vuln:CVE-2021-24126'
-  tags: cve,wordpress,wp-plugin,envira-gallery-lite,medium
+  tags: cve,wordpress,wp-plugin,envira-gallery-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24127-7f32d3ac2f0177d9329a7490c025ed06.yaml b/nuclei-templates/2021/CVE-2021-24127-7f32d3ac2f0177d9329a7490c025ed06.yaml
index eb081b185e..eee77baf0f 100644
--- a/nuclei-templates/2021/CVE-2021-24127-7f32d3ac2f0177d9329a7490c025ed06.yaml
+++ b/nuclei-templates/2021/CVE-2021-24127-7f32d3ac2f0177d9329a7490c025ed06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThirstyAffiliates Affiliate Link Manager <= 3.9.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thirstyaffiliates/"
     google-query: inurl:"/wp-content/plugins/thirstyaffiliates/"
     shodan-query: 'vuln:CVE-2021-24127'
-  tags: cve,wordpress,wp-plugin,thirstyaffiliates,medium
+  tags: cve,wordpress,wp-plugin,thirstyaffiliates,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24128-7cd66621baa98ee6c1094c3629ee5b9c.yaml b/nuclei-templates/2021/CVE-2021-24128-7cd66621baa98ee6c1094c3629ee5b9c.yaml
index 1cd4bfa226..5ac1433dc7 100644
--- a/nuclei-templates/2021/CVE-2021-24128-7cd66621baa98ee6c1094c3629ee5b9c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24128-7cd66621baa98ee6c1094c3629ee5b9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Team Members <= 5.0.3 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tc-team-members/"
     google-query: inurl:"/wp-content/plugins/tc-team-members/"
     shodan-query: 'vuln:CVE-2021-24128'
-  tags: cve,wordpress,wp-plugin,tc-team-members,medium
+  tags: cve,wordpress,wp-plugin,tc-team-members,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24129-293ee203790c9494dd9271c2d0887ade.yaml b/nuclei-templates/2021/CVE-2021-24129-293ee203790c9494dd9271c2d0887ade.yaml
index 6b6950cd13..f0ce1bcb16 100644
--- a/nuclei-templates/2021/CVE-2021-24129-293ee203790c9494dd9271c2d0887ade.yaml
+++ b/nuclei-templates/2021/CVE-2021-24129-293ee203790c9494dd9271c2d0887ade.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Portfolio Post <= 1.1.5 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-portfolio-post/"
     google-query: inurl:"/wp-content/plugins/themify-portfolio-post/"
     shodan-query: 'vuln:CVE-2021-24129'
-  tags: cve,wordpress,wp-plugin,themify-portfolio-post,medium
+  tags: cve,wordpress,wp-plugin,themify-portfolio-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24130-0680dcfefb929cf836c59db202cd40da.yaml b/nuclei-templates/2021/CVE-2021-24130-0680dcfefb929cf836c59db202cd40da.yaml
index 62c3f3908b..60d755aac7 100644
--- a/nuclei-templates/2021/CVE-2021-24130-0680dcfefb929cf836c59db202cd40da.yaml
+++ b/nuclei-templates/2021/CVE-2021-24130-0680dcfefb929cf836c59db202cd40da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Map Plugin <= 4.1.4 - Authenticated SQL Injection via Orderby
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-map-plugin/"
     google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/"
     shodan-query: 'vuln:CVE-2021-24130'
-  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,high
+  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24131-4459115a144ee37cdfb4079325938d4b.yaml b/nuclei-templates/2021/CVE-2021-24131-4459115a144ee37cdfb4079325938d4b.yaml
index 14b916266b..39377daff9 100644
--- a/nuclei-templates/2021/CVE-2021-24131-4459115a144ee37cdfb4079325938d4b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24131-4459115a144ee37cdfb4079325938d4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Anti-Spam by CleanTalk < 5.149 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cleantalk-spam-protect/"
     google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/"
     shodan-query: 'vuln:CVE-2021-24131'
-  tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,high
+  tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24132-0f314421e3eb6001edc6ef983cf272a2.yaml b/nuclei-templates/2021/CVE-2021-24132-0f314421e3eb6001edc6ef983cf272a2.yaml
index 8ae256e42c..43b7935c89 100644
--- a/nuclei-templates/2021/CVE-2021-24132-0f314421e3eb6001edc6ef983cf272a2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24132-0f314421e3eb6001edc6ef983cf272a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider by 10Web <= 1.2.35 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-wd/"
     google-query: inurl:"/wp-content/plugins/slider-wd/"
     shodan-query: 'vuln:CVE-2021-24132'
-  tags: cve,wordpress,wp-plugin,slider-wd,high
+  tags: cve,wordpress,wp-plugin,slider-wd,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24134-b14574939a93e002a63be522534dc429.yaml b/nuclei-templates/2021/CVE-2021-24134-b14574939a93e002a63be522534dc429.yaml
index f799b56674..f24ac1d569 100644
--- a/nuclei-templates/2021/CVE-2021-24134-b14574939a93e002a63be522534dc429.yaml
+++ b/nuclei-templates/2021/CVE-2021-24134-b14574939a93e002a63be522534dc429.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Constant Contact Forms <= 1.8.7 Editor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/constant-contact-forms/"
     google-query: inurl:"/wp-content/plugins/constant-contact-forms/"
     shodan-query: 'vuln:CVE-2021-24134'
-  tags: cve,wordpress,wp-plugin,constant-contact-forms,medium
+  tags: cve,wordpress,wp-plugin,constant-contact-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24135-b3f06bebea4c15ec9085029db00fb9fa.yaml b/nuclei-templates/2021/CVE-2021-24135-b3f06bebea4c15ec9085029db00fb9fa.yaml
index 31fa8cb005..c2d15f2012 100644
--- a/nuclei-templates/2021/CVE-2021-24135-b3f06bebea4c15ec9085029db00fb9fa.yaml
+++ b/nuclei-templates/2021/CVE-2021-24135-b3f06bebea4c15ec9085029db00fb9fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Customer Reviews <= 3.4.2 - Multiple Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-customer-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-customer-reviews/"
     shodan-query: 'vuln:CVE-2021-24135'
-  tags: cve,wordpress,wp-plugin,wp-customer-reviews,medium
+  tags: cve,wordpress,wp-plugin,wp-customer-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24136-f08697abe75fa6ac28d5ec1f1d0bb149.yaml b/nuclei-templates/2021/CVE-2021-24136-f08697abe75fa6ac28d5ec1f1d0bb149.yaml
index 6ee61de533..1ade1611d1 100644
--- a/nuclei-templates/2021/CVE-2021-24136-f08697abe75fa6ac28d5ec1f1d0bb149.yaml
+++ b/nuclei-templates/2021/CVE-2021-24136-f08697abe75fa6ac28d5ec1f1d0bb149.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonials Widget <= 3.5.1 - Multiple Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonials-widget/"
     google-query: inurl:"/wp-content/plugins/testimonials-widget/"
     shodan-query: 'vuln:CVE-2021-24136'
-  tags: cve,wordpress,wp-plugin,testimonials-widget,medium
+  tags: cve,wordpress,wp-plugin,testimonials-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24137-73117910b29a1c368fce71745504290c.yaml b/nuclei-templates/2021/CVE-2021-24137-73117910b29a1c368fce71745504290c.yaml
index dd6a40edf8..4dd339bc53 100644
--- a/nuclei-templates/2021/CVE-2021-24137-73117910b29a1c368fce71745504290c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24137-73117910b29a1c368fce71745504290c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog2social/"
     google-query: inurl:"/wp-content/plugins/blog2social/"
     shodan-query: 'vuln:CVE-2021-24137'
-  tags: cve,wordpress,wp-plugin,blog2social,high
+  tags: cve,wordpress,wp-plugin,blog2social,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24138-f5d87ece59db37936b3fb9bdb05376cd.yaml b/nuclei-templates/2021/CVE-2021-24138-f5d87ece59db37936b3fb9bdb05376cd.yaml
index 7203308d7b..7034191925 100644
--- a/nuclei-templates/2021/CVE-2021-24138-f5d87ece59db37936b3fb9bdb05376cd.yaml
+++ b/nuclei-templates/2021/CVE-2021-24138-f5d87ece59db37936b3fb9bdb05376cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdRotate < 5.8.4 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adrotate/"
     google-query: inurl:"/wp-content/plugins/adrotate/"
     shodan-query: 'vuln:CVE-2021-24138'
-  tags: cve,wordpress,wp-plugin,adrotate,high
+  tags: cve,wordpress,wp-plugin,adrotate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24140-492664286a6eb9d8fced88f47715604a.yaml b/nuclei-templates/2021/CVE-2021-24140-492664286a6eb9d8fced88f47715604a.yaml
index 1d26f1d252..c1489e49c6 100644
--- a/nuclei-templates/2021/CVE-2021-24140-492664286a6eb9d8fced88f47715604a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24140-492664286a6eb9d8fced88f47715604a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ajax Load More plugin < 5.3.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-load-more/"
     google-query: inurl:"/wp-content/plugins/ajax-load-more/"
     shodan-query: 'vuln:CVE-2021-24140'
-  tags: cve,wordpress,wp-plugin,ajax-load-more,high
+  tags: cve,wordpress,wp-plugin,ajax-load-more,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24142-60796296d5bd5b2c076a796a73e81fc7.yaml b/nuclei-templates/2021/CVE-2021-24142-60796296d5bd5b2c076a796a73e81fc7.yaml
index 0bed396684..2dbf2b71ac 100644
--- a/nuclei-templates/2021/CVE-2021-24142-60796296d5bd5b2c076a796a73e81fc7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24142-60796296d5bd5b2c076a796a73e81fc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     301 Redirects - Easy Redirect Manager < 2.51 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eps-301-redirects/"
     google-query: inurl:"/wp-content/plugins/eps-301-redirects/"
     shodan-query: 'vuln:CVE-2021-24142'
-  tags: cve,wordpress,wp-plugin,eps-301-redirects,high
+  tags: cve,wordpress,wp-plugin,eps-301-redirects,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24143-3129a6f1429e82e60a76e088cdf26794.yaml b/nuclei-templates/2021/CVE-2021-24143-3129a6f1429e82e60a76e088cdf26794.yaml
index 41e90c9f81..c7bb026e9b 100644
--- a/nuclei-templates/2021/CVE-2021-24143-3129a6f1429e82e60a76e088cdf26794.yaml
+++ b/nuclei-templates/2021/CVE-2021-24143-3129a6f1429e82e60a76e088cdf26794.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Social Icons <= 1.8.0 - Author+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accesspress-social-icons/"
     google-query: inurl:"/wp-content/plugins/accesspress-social-icons/"
     shodan-query: 'vuln:CVE-2021-24143'
-  tags: cve,wordpress,wp-plugin,accesspress-social-icons,high
+  tags: cve,wordpress,wp-plugin,accesspress-social-icons,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24145-07fde43240c3cfe047c463512be535e6.yaml b/nuclei-templates/2021/CVE-2021-24145-07fde43240c3cfe047c463512be535e6.yaml
index 60a72cde45..89c72b3b5c 100644
--- a/nuclei-templates/2021/CVE-2021-24145-07fde43240c3cfe047c463512be535e6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24145-07fde43240c3cfe047c463512be535e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar Lite <= 5.16.4 - Authenticated Arbitrary File Upload leading to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2021-24145'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,high
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24147-c1b0a376f2ef6bdd72b49e73751ed117.yaml b/nuclei-templates/2021/CVE-2021-24147-c1b0a376f2ef6bdd72b49e73751ed117.yaml
index bb0d5482e5..0d15782f2a 100644
--- a/nuclei-templates/2021/CVE-2021-24147-c1b0a376f2ef6bdd72b49e73751ed117.yaml
+++ b/nuclei-templates/2021/CVE-2021-24147-c1b0a376f2ef6bdd72b49e73751ed117.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar Lite <= 5.16.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2021-24147'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24149-4dd145dc4bcaa7b143713cd5ced149a0.yaml b/nuclei-templates/2021/CVE-2021-24149-4dd145dc4bcaa7b143713cd5ced149a0.yaml
index e89f26c9c1..d29cff745f 100644
--- a/nuclei-templates/2021/CVE-2021-24149-4dd145dc4bcaa7b143713cd5ced149a0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24149-4dd145dc4bcaa7b143713cd5ced149a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar Lite <= 5.16.5 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2021-24149'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,high
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24151-1184e292a35a8344c32cddb99a8fcb99.yaml b/nuclei-templates/2021/CVE-2021-24151-1184e292a35a8344c32cddb99a8fcb99.yaml
index ea80fd60c6..e4d2dffa85 100644
--- a/nuclei-templates/2021/CVE-2021-24151-1184e292a35a8344c32cddb99a8fcb99.yaml
+++ b/nuclei-templates/2021/CVE-2021-24151-1184e292a35a8344c32cddb99a8fcb99.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Editor <= 1.2.6.3 - Authenticated (Admin+) SQL injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Editor plugin for WordPress is vulnerable to blind SQL Injection via the setting fields in versions up to, and including, 1.2.6.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-editor/"
     google-query: inurl:"/wp-content/plugins/wp-editor/"
     shodan-query: 'vuln:CVE-2021-24151'
-  tags: cve,wordpress,wp-plugin,wp-editor,high
+  tags: cve,wordpress,wp-plugin,wp-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24153-5e0b93fe3a022a24343b38fe5a2f7283.yaml b/nuclei-templates/2021/CVE-2021-24153-5e0b93fe3a022a24343b38fe5a2f7283.yaml
index 408930a14e..8da264a32a 100644
--- a/nuclei-templates/2021/CVE-2021-24153-5e0b93fe3a022a24343b38fe5a2f7283.yaml
+++ b/nuclei-templates/2021/CVE-2021-24153-5e0b93fe3a022a24343b38fe5a2f7283.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting parentheses as well as several functions such as alert, but bypasses were found.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-seo/"
     google-query: inurl:"/wp-content/plugins/wordpress-seo/"
     shodan-query: 'vuln:CVE-2021-24153'
-  tags: cve,wordpress,wp-plugin,wordpress-seo,medium
+  tags: cve,wordpress,wp-plugin,wordpress-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24154-2dfa0b8f134cf415442ecf4c309e85d2.yaml b/nuclei-templates/2021/CVE-2021-24154-2dfa0b8f134cf415442ecf4c309e85d2.yaml
index 1ceb285c23..dce049233b 100644
--- a/nuclei-templates/2021/CVE-2021-24154-2dfa0b8f134cf415442ecf4c309e85d2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24154-2dfa0b8f134cf415442ecf4c309e85d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme Editor <= 2.5 - Authenticated Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-editor/"
     google-query: inurl:"/wp-content/plugins/theme-editor/"
     shodan-query: 'vuln:CVE-2021-24154'
-  tags: cve,wordpress,wp-plugin,theme-editor,medium
+  tags: cve,wordpress,wp-plugin,theme-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24155-892437eb68b329dd17b3be2557272f56.yaml b/nuclei-templates/2021/CVE-2021-24155-892437eb68b329dd17b3be2557272f56.yaml
index 09bf302cd4..20c11b3d4f 100644
--- a/nuclei-templates/2021/CVE-2021-24155-892437eb68b329dd17b3be2557272f56.yaml
+++ b/nuclei-templates/2021/CVE-2021-24155-892437eb68b329dd17b3be2557272f56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup Guard <= 1.5.9 - Authenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup/"
     google-query: inurl:"/wp-content/plugins/backup/"
     shodan-query: 'vuln:CVE-2021-24155'
-  tags: cve,wordpress,wp-plugin,backup,high
+  tags: cve,wordpress,wp-plugin,backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24156-ef09ee87048a20a553f4804a48eb6952.yaml b/nuclei-templates/2021/CVE-2021-24156-ef09ee87048a20a553f4804a48eb6952.yaml
index e96f895d2c..c7dd7a6b24 100644
--- a/nuclei-templates/2021/CVE-2021-24156-ef09ee87048a20a553f4804a48eb6952.yaml
+++ b/nuclei-templates/2021/CVE-2021-24156-ef09ee87048a20a553f4804a48eb6952.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial Rotator <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-rotator/"
     google-query: inurl:"/wp-content/plugins/testimonial-rotator/"
     shodan-query: 'vuln:CVE-2021-24156'
-  tags: cve,wordpress,wp-plugin,testimonial-rotator,medium
+  tags: cve,wordpress,wp-plugin,testimonial-rotator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24157-79fb0bcc374a70f9a1181c9553d664f5.yaml b/nuclei-templates/2021/CVE-2021-24157-79fb0bcc374a70f9a1181c9553d664f5.yaml
index 9d96d9aadb..2e87f12603 100644
--- a/nuclei-templates/2021/CVE-2021-24157-79fb0bcc374a70f9a1181c9553d664f5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24157-79fb0bcc374a70f9a1181c9553d664f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated (Contributor+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious in versions up to, and including 2.10.2.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themeisle-companion/"
     google-query: inurl:"/wp-content/plugins/themeisle-companion/"
     shodan-query: 'vuln:CVE-2021-24157'
-  tags: cve,wordpress,wp-plugin,themeisle-companion,medium
+  tags: cve,wordpress,wp-plugin,themeisle-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24158-175f5f197d39e1751001f35acbaf01df.yaml b/nuclei-templates/2021/CVE-2021-24158-175f5f197d39e1751001f35acbaf01df.yaml
index 76d935bbee..360d63a412 100644
--- a/nuclei-templates/2021/CVE-2021-24158-175f5f197d39e1751001f35acbaf01df.yaml
+++ b/nuclei-templates/2021/CVE-2021-24158-175f5f197d39e1751001f35acbaf01df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated Privilege Escalation
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themeisle-companion/"
     google-query: inurl:"/wp-content/plugins/themeisle-companion/"
     shodan-query: 'vuln:CVE-2021-24158'
-  tags: cve,wordpress,wp-plugin,themeisle-companion,critical
+  tags: cve,wordpress,wp-plugin,themeisle-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24159-a1fcf6f91e16b2992432e60b1b4c9234.yaml b/nuclei-templates/2021/CVE-2021-24159-a1fcf6f91e16b2992432e60b1b4c9234.yaml
index 5922d19ed1..199eeb5f17 100644
--- a/nuclei-templates/2021/CVE-2021-24159-a1fcf6f91e16b2992432e60b1b4c9234.yaml
+++ b/nuclei-templates/2021/CVE-2021-24159-a1fcf6f91e16b2992432e60b1b4c9234.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form 7 Style <= 3.1.9 Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7-style/"
     google-query: inurl:"/wp-content/plugins/contact-form-7-style/"
     shodan-query: 'vuln:CVE-2021-24159'
-  tags: cve,wordpress,wp-plugin,contact-form-7-style,high
+  tags: cve,wordpress,wp-plugin,contact-form-7-style,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24160-dfaadc66129d4ea285875cfb5037ccde.yaml b/nuclei-templates/2021/CVE-2021-24160-dfaadc66129d4ea285875cfb5037ccde.yaml
index 6000ca00b1..3542ba35f7 100644
--- a/nuclei-templates/2021/CVE-2021-24160-dfaadc66129d4ea285875cfb5037ccde.yaml
+++ b/nuclei-templates/2021/CVE-2021-24160-dfaadc66129d4ea285875cfb5037ccde.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Menu 4.0 - 4.0.3 - Authenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-menu/"
     google-query: inurl:"/wp-content/plugins/responsive-menu/"
     shodan-query: 'vuln:CVE-2021-24160'
-  tags: cve,wordpress,wp-plugin,responsive-menu,high
+  tags: cve,wordpress,wp-plugin,responsive-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24161-7361a0798b6e7d91e3483a810ae46200.yaml b/nuclei-templates/2021/CVE-2021-24161-7361a0798b6e7d91e3483a810ae46200.yaml
index f02e4d614f..e7b39393a6 100644
--- a/nuclei-templates/2021/CVE-2021-24161-7361a0798b6e7d91e3483a810ae46200.yaml
+++ b/nuclei-templates/2021/CVE-2021-24161-7361a0798b6e7d91e3483a810ae46200.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     In the Responsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-menu/"
     google-query: inurl:"/wp-content/plugins/responsive-menu/"
     shodan-query: 'vuln:CVE-2021-24161'
-  tags: cve,wordpress,wp-plugin,responsive-menu,high
+  tags: cve,wordpress,wp-plugin,responsive-menu,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24162-35d0076e41c66587aa55b1dff00355a9.yaml b/nuclei-templates/2021/CVE-2021-24162-35d0076e41c66587aa55b1dff00355a9.yaml
index e0f429631f..722320f98f 100644
--- a/nuclei-templates/2021/CVE-2021-24162-35d0076e41c66587aa55b1dff00355a9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24162-35d0076e41c66587aa55b1dff00355a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Setting Modification
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-menu/"
     google-query: inurl:"/wp-content/plugins/responsive-menu/"
     shodan-query: 'vuln:CVE-2021-24162'
-  tags: cve,wordpress,wp-plugin,responsive-menu,high
+  tags: cve,wordpress,wp-plugin,responsive-menu,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24163-d52a1b2d96a87813163020667b1d0ea9.yaml b/nuclei-templates/2021/CVE-2021-24163-d52a1b2d96a87813163020667b1d0ea9.yaml
index 07e08246df..216361cbf5 100644
--- a/nuclei-templates/2021/CVE-2021-24163-d52a1b2d96a87813163020667b1d0ea9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24163-d52a1b2d96a87813163020667b1d0ea9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2021-24163'
-  tags: cve,wordpress,wp-plugin,ninja-forms,high
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24164-c1844c535b6764f33ccae986eaa4a431.yaml b/nuclei-templates/2021/CVE-2021-24164-c1844c535b6764f33ccae986eaa4a431.yaml
index 86839d48ef..a1a449adb8 100644
--- a/nuclei-templates/2021/CVE-2021-24164-c1844c535b6764f33ccae986eaa4a431.yaml
+++ b/nuclei-templates/2021/CVE-2021-24164-c1844c535b6764f33ccae986eaa4a431.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2021-24164'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24168-7ddd7913775f2842bdb03b5dd83ed7fe.yaml b/nuclei-templates/2021/CVE-2021-24168-7ddd7913775f2842bdb03b5dd83ed7fe.yaml
index aee51c5f10..a843abeb21 100644
--- a/nuclei-templates/2021/CVE-2021-24168-7ddd7913775f2842bdb03b5dd83ed7fe.yaml
+++ b/nuclei-templates/2021/CVE-2021-24168-7ddd7913775f2842bdb03b5dd83ed7fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Contact Form Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form in versions before 1.1.1.9. This makes it possible for Author-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-contact-form-pro/"
     google-query: inurl:"/wp-content/plugins/easy-contact-form-pro/"
     shodan-query: 'vuln:CVE-2021-24168'
-  tags: cve,wordpress,wp-plugin,easy-contact-form-pro,medium
+  tags: cve,wordpress,wp-plugin,easy-contact-form-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24173-a4378f0df660425c1f67e7a182915736.yaml b/nuclei-templates/2021/CVE-2021-24173-a4378f0df660425c1f67e7a182915736.yaml
index 79c0813742..3567888dde 100644
--- a/nuclei-templates/2021/CVE-2021-24173-a4378f0df660425c1f67e7a182915736.yaml
+++ b/nuclei-templates/2021/CVE-2021-24173-a4378f0df660425c1f67e7a182915736.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VM Backups <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vm-backups/"
     google-query: inurl:"/wp-content/plugins/vm-backups/"
     shodan-query: 'vuln:CVE-2021-24173'
-  tags: cve,wordpress,wp-plugin,vm-backups,high
+  tags: cve,wordpress,wp-plugin,vm-backups,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24174-e75e8a53a3e5f421e8dff4ebc1472f1b.yaml b/nuclei-templates/2021/CVE-2021-24174-e75e8a53a3e5f421e8dff4ebc1472f1b.yaml
index 11eb30fcc6..47be611bc0 100644
--- a/nuclei-templates/2021/CVE-2021-24174-e75e8a53a3e5f421e8dff4ebc1472f1b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24174-e75e8a53a3e5f421e8dff4ebc1472f1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Database Backups <= 1.2.2.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/database-backups/"
     google-query: inurl:"/wp-content/plugins/database-backups/"
     shodan-query: 'vuln:CVE-2021-24174'
-  tags: cve,wordpress,wp-plugin,database-backups,high
+  tags: cve,wordpress,wp-plugin,database-backups,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24176-df91ebe73a45ac966511f7792447be75.yaml b/nuclei-templates/2021/CVE-2021-24176-df91ebe73a45ac966511f7792447be75.yaml
index afa0d4c6d7..56b78746fd 100644
--- a/nuclei-templates/2021/CVE-2021-24176-df91ebe73a45ac966511f7792447be75.yaml
+++ b/nuclei-templates/2021/CVE-2021-24176-df91ebe73a45ac966511f7792447be75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jh-404-logger/"
     google-query: inurl:"/wp-content/plugins/jh-404-logger/"
     shodan-query: 'vuln:CVE-2021-24176'
-  tags: cve,wordpress,wp-plugin,jh-404-logger,medium
+  tags: cve,wordpress,wp-plugin,jh-404-logger,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24178-167e61af371a8f35ae376105d3215900.yaml b/nuclei-templates/2021/CVE-2021-24178-167e61af371a8f35ae376105d3215900.yaml
index 6e983c0e49..6334f52200 100644
--- a/nuclei-templates/2021/CVE-2021-24178-167e61af371a8f35ae376105d3215900.yaml
+++ b/nuclei-templates/2021/CVE-2021-24178-167e61af371a8f35ae376105d3215900.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Business Directory Plugin < 5.11 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/business-directory-plugin/"
     google-query: inurl:"/wp-content/plugins/business-directory-plugin/"
     shodan-query: 'vuln:CVE-2021-24178'
-  tags: cve,wordpress,wp-plugin,business-directory-plugin,high
+  tags: cve,wordpress,wp-plugin,business-directory-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24179-f1a649593702eb632f6f553b9ae25e5a.yaml b/nuclei-templates/2021/CVE-2021-24179-f1a649593702eb632f6f553b9ae25e5a.yaml
index b69d09e0ee..415e39f769 100644
--- a/nuclei-templates/2021/CVE-2021-24179-f1a649593702eb632f6f553b9ae25e5a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24179-f1a649593702eb632f6f553b9ae25e5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Business Directory Plugin <= 5.10.1 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/business-directory-plugin/"
     google-query: inurl:"/wp-content/plugins/business-directory-plugin/"
     shodan-query: 'vuln:CVE-2021-24179'
-  tags: cve,wordpress,wp-plugin,business-directory-plugin,high
+  tags: cve,wordpress,wp-plugin,business-directory-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24181-982f78919d6ffdbae69689e67e460d30.yaml b/nuclei-templates/2021/CVE-2021-24181-982f78919d6ffdbae69689e67e460d30.yaml
index 65e162bbfa..7e4baefc34 100644
--- a/nuclei-templates/2021/CVE-2021-24181-982f78919d6ffdbae69689e67e460d30.yaml
+++ b/nuclei-templates/2021/CVE-2021-24181-982f78919d6ffdbae69689e67e460d30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS – eLearning and online course solution <= 1.7.6 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2021-24181'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24182-d8208bd4e60d421585f9ef9118f52dc1.yaml b/nuclei-templates/2021/CVE-2021-24182-d8208bd4e60d421585f9ef9118f52dc1.yaml
index c47b59a001..49040fff5d 100644
--- a/nuclei-templates/2021/CVE-2021-24182-d8208bd4e60d421585f9ef9118f52dc1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24182-d8208bd4e60d421585f9ef9118f52dc1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <=1.8.2 - SQL Injection via tutor_quiz_builder_get_answers_by_question
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2021-24182'
-  tags: cve,wordpress,wp-plugin,tutor,high
+  tags: cve,wordpress,wp-plugin,tutor,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24183-0f7d324b49374ff1264595834ad272cb.yaml b/nuclei-templates/2021/CVE-2021-24183-0f7d324b49374ff1264595834ad272cb.yaml
index 9eb29797fe..576d01975a 100644
--- a/nuclei-templates/2021/CVE-2021-24183-0f7d324b49374ff1264595834ad272cb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24183-0f7d324b49374ff1264595834ad272cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 1.8.2 - SQL Injection via tutor_quiz_builder_get_question_form
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2021-24183'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24185-b9268ddd3338fe184d978d9f6b4b6b66.yaml b/nuclei-templates/2021/CVE-2021-24185-b9268ddd3338fe184d978d9f6b4b6b66.yaml
index d9f7493e93..1f46e7b154 100644
--- a/nuclei-templates/2021/CVE-2021-24185-b9268ddd3338fe184d978d9f6b4b6b66.yaml
+++ b/nuclei-templates/2021/CVE-2021-24185-b9268ddd3338fe184d978d9f6b4b6b66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS – eLearning and online course solution <=1.7.6 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2021-24185'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24186-1a3c55b78621c5a0f1132cb6e90ef267.yaml b/nuclei-templates/2021/CVE-2021-24186-1a3c55b78621c5a0f1132cb6e90ef267.yaml
index 35ca267767..529ae66c70 100644
--- a/nuclei-templates/2021/CVE-2021-24186-1a3c55b78621c5a0f1132cb6e90ef267.yaml
+++ b/nuclei-templates/2021/CVE-2021-24186-1a3c55b78621c5a0f1132cb6e90ef267.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <=1.8.2 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2021-24186'
-  tags: cve,wordpress,wp-plugin,tutor,high
+  tags: cve,wordpress,wp-plugin,tutor,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24199-46151945d00d6bf25de490ff58da7c2c.yaml b/nuclei-templates/2021/CVE-2021-24199-46151945d00d6bf25de490ff58da7c2c.yaml
index 7ea03ec00e..bf07fac706 100644
--- a/nuclei-templates/2021/CVE-2021-24199-46151945d00d6bf25de490ff58da7c2c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24199-46151945d00d6bf25de490ff58da7c2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDataTables (Premium) <= 3.4.1 - Blind SQL Injection via start Parameter
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application. Please note that this only affects the premium version of the plugin which shares the same slug as the free version.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdatatables/"
     google-query: inurl:"/wp-content/plugins/wpdatatables/"
     shodan-query: 'vuln:CVE-2021-24199'
-  tags: cve,wordpress,wp-plugin,wpdatatables,medium
+  tags: cve,wordpress,wp-plugin,wpdatatables,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24200-19cf3f1ecae01908df4ff2c886d4fa04.yaml b/nuclei-templates/2021/CVE-2021-24200-19cf3f1ecae01908df4ff2c886d4fa04.yaml
index 3d5ae6fb24..b657ab37ea 100644
--- a/nuclei-templates/2021/CVE-2021-24200-19cf3f1ecae01908df4ff2c886d4fa04.yaml
+++ b/nuclei-templates/2021/CVE-2021-24200-19cf3f1ecae01908df4ff2c886d4fa04.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDataTables (Premium) <= 3.4.1 - Blind SQL Injection via length Parameter
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application. Please note that this only affects the premium version of the plugin which shares the same slug as the free version.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdatatables/"
     google-query: inurl:"/wp-content/plugins/wpdatatables/"
     shodan-query: 'vuln:CVE-2021-24200'
-  tags: cve,wordpress,wp-plugin,wpdatatables,medium
+  tags: cve,wordpress,wp-plugin,wpdatatables,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24201-98c8e6a6d80acb851afcee0bde588eea.yaml b/nuclei-templates/2021/CVE-2021-24201-98c8e6a6d80acb851afcee0bde588eea.yaml
index a9378260a9..a35a349d69 100644
--- a/nuclei-templates/2021/CVE-2021-24201-98c8e6a6d80acb851afcee0bde588eea.yaml
+++ b/nuclei-templates/2021/CVE-2021-24201-98c8e6a6d80acb851afcee0bde588eea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via html_tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2021-24201'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24202-5721e5b5b859df336ecc013b38726f93.yaml b/nuclei-templates/2021/CVE-2021-24202-5721e5b5b859df336ecc013b38726f93.yaml
index bcddb37257..a05848671f 100644
--- a/nuclei-templates/2021/CVE-2021-24202-5721e5b5b859df336ecc013b38726f93.yaml
+++ b/nuclei-templates/2021/CVE-2021-24202-5721e5b5b859df336ecc013b38726f93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_size
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2021-24202'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24203-5e6768e991caa45e72cc5f93d69cc8a5.yaml b/nuclei-templates/2021/CVE-2021-24203-5e6768e991caa45e72cc5f93d69cc8a5.yaml
index cc03ad5b3d..7a98c68eb4 100644
--- a/nuclei-templates/2021/CVE-2021-24203-5e6768e991caa45e72cc5f93d69cc8a5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24203-5e6768e991caa45e72cc5f93d69cc8a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via html_tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2021-24203'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24204-2f027571e136822dc3132e7a5b6f47eb.yaml b/nuclei-templates/2021/CVE-2021-24204-2f027571e136822dc3132e7a5b6f47eb.yaml
index 8c18f29125..dee5234110 100644
--- a/nuclei-templates/2021/CVE-2021-24204-2f027571e136822dc3132e7a5b6f47eb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24204-2f027571e136822dc3132e7a5b6f47eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_html_tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2021-24204'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24205-88f2e8b62006d8f70eead27b7d5c23f7.yaml b/nuclei-templates/2021/CVE-2021-24205-88f2e8b62006d8f70eead27b7d5c23f7.yaml
index 0a8e1e2dc9..0a1d2e25ed 100644
--- a/nuclei-templates/2021/CVE-2021-24205-88f2e8b62006d8f70eead27b7d5c23f7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24205-88f2e8b62006d8f70eead27b7d5c23f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_size Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2021-24205'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24206-95ed8c023906e2f70f01592d99282d0b.yaml b/nuclei-templates/2021/CVE-2021-24206-95ed8c023906e2f70f01592d99282d0b.yaml
index dc20d70146..db17fd9b68 100644
--- a/nuclei-templates/2021/CVE-2021-24206-95ed8c023906e2f70f01592d99282d0b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24206-95ed8c023906e2f70f01592d99282d0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_size
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2021-24206'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24209-fce354233cc8042e718d5365b3a58e08.yaml b/nuclei-templates/2021/CVE-2021-24209-fce354233cc8042e718d5365b3a58e08.yaml
index 842567b66e..00c20a26e1 100644
--- a/nuclei-templates/2021/CVE-2021-24209-fce354233cc8042e718d5365b3a58e08.yaml
+++ b/nuclei-templates/2021/CVE-2021-24209-fce354233cc8042e718d5365b3a58e08.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Super Cache <= 1.7.1 - Authenticated (Admin+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-super-cache/"
     google-query: inurl:"/wp-content/plugins/wp-super-cache/"
     shodan-query: 'vuln:CVE-2021-24209'
-  tags: cve,wordpress,wp-plugin,wp-super-cache,high
+  tags: cve,wordpress,wp-plugin,wp-super-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24211-c52e6603b19e1ddbfb9c023a9a70f51b.yaml b/nuclei-templates/2021/CVE-2021-24211-c52e6603b19e1ddbfb9c023a9a70f51b.yaml
index b5878ef445..7860e68df1 100644
--- a/nuclei-templates/2021/CVE-2021-24211-c52e6603b19e1ddbfb9c023a9a70f51b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24211-c52e6603b19e1ddbfb9c023a9a70f51b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Related Posts <= 3.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-23-related-posts-plugin/"
     google-query: inurl:"/wp-content/plugins/wordpress-23-related-posts-plugin/"
     shodan-query: 'vuln:CVE-2021-24211'
-  tags: cve,wordpress,wp-plugin,wordpress-23-related-posts-plugin,medium
+  tags: cve,wordpress,wp-plugin,wordpress-23-related-posts-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24216-e4cd9a4bbacdbb2aa88bdc0cb49786e1.yaml b/nuclei-templates/2021/CVE-2021-24216-e4cd9a4bbacdbb2aa88bdc0cb49786e1.yaml
index 2f202465d1..9e9182376e 100644
--- a/nuclei-templates/2021/CVE-2021-24216-e4cd9a4bbacdbb2aa88bdc0cb49786e1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24216-e4cd9a4bbacdbb2aa88bdc0cb49786e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-One WP Migration <= 7.40 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on file upload in versions up to, and including, 7.40. This makes it possible for authenticated attackers with administrative privileges to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-migration/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration/"
     shodan-query: 'vuln:CVE-2021-24216'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-migration,high
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-migration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24219-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/2021/CVE-2021-24219-bceae5f53d1ac07f2efbd28988c0d5d9.yaml
index 7951f764c5..c66f413782 100644
--- a/nuclei-templates/2021/CVE-2021-24219-bceae5f53d1ac07f2efbd28988c0d5d9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24219-bceae5f53d1ac07f2efbd28988c0d5d9.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2021-24219
   metadata:
-    fofa-query: "wp-content/plugins/thrive-ab-page-testing/"
-    google-query: inurl:"/wp-content/plugins/thrive-ab-page-testing/"
+    fofa-query: "wp-content/plugins/thrive-headline-optimizer/"
+    google-query: inurl:"/wp-content/plugins/thrive-headline-optimizer/"
     shodan-query: 'vuln:CVE-2021-24219'
-  tags: cve,wordpress,wp-plugin,thrive-ab-page-testing,medium
+  tags: cve,wordpress,wp-plugin,thrive-headline-optimizer,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/thrive-ab-page-testing/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/thrive-headline-optimizer/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "thrive-ab-page-testing"
+          - "thrive-headline-optimizer"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.4.13.3')
\ No newline at end of file
+          - compare_versions(version, '< 1.3.7.3')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-24220-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/2021/CVE-2021-24220-09bb804f266b350634cb031ea62ca641.yaml
index e90ed2c907..2774388946 100644
--- a/nuclei-templates/2021/CVE-2021-24220-09bb804f266b350634cb031ea62ca641.yaml
+++ b/nuclei-templates/2021/CVE-2021-24220-09bb804f266b350634cb031ea62ca641.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.1
     cve-id: CVE-2021-24220
   metadata:
-    fofa-query: "wp-content/themes/ignition/"
-    google-query: inurl:"/wp-content/themes/ignition/"
+    fofa-query: "wp-content/themes/focusblog/"
+    google-query: inurl:"/wp-content/themes/focusblog/"
     shodan-query: 'vuln:CVE-2021-24220'
-  tags: cve,wordpress,wp-theme,ignition,critical
+  tags: cve,wordpress,wp-theme,focusblog,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/ignition/style.css"
+      - "{{BaseURL}}/wp-content/themes/focusblog/style.css"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "ignition"
+          - "focusblog"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2021/CVE-2021-24221-9fbb2aba0f1c281c62bcad50b683f582.yaml b/nuclei-templates/2021/CVE-2021-24221-9fbb2aba0f1c281c62bcad50b683f582.yaml
index 79c0ab4316..3573df6e98 100644
--- a/nuclei-templates/2021/CVE-2021-24221-9fbb2aba0f1c281c62bcad50b683f582.yaml
+++ b/nuclei-templates/2021/CVE-2021-24221-9fbb2aba0f1c281c62bcad50b683f582.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 7.1.11 - Authenticated SQL injection via shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2021-24221'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,high
+  tags: cve,wordpress,wp-plugin,quiz-master-next,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24224-1cdb0a1c4888e43e483d5ba8e84b6d9c.yaml b/nuclei-templates/2021/CVE-2021-24224-1cdb0a1c4888e43e483d5ba8e84b6d9c.yaml
index 238f34d95b..df31b8d13d 100644
--- a/nuclei-templates/2021/CVE-2021-24224-1cdb0a1c4888e43e483d5ba8e84b6d9c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24224-1cdb0a1c4888e43e483d5ba8e84b6d9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Form Builder <= 1.0 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-form-builder-by-bitware/"
     google-query: inurl:"/wp-content/plugins/easy-form-builder-by-bitware/"
     shodan-query: 'vuln:CVE-2021-24224'
-  tags: cve,wordpress,wp-plugin,easy-form-builder-by-bitware,high
+  tags: cve,wordpress,wp-plugin,easy-form-builder-by-bitware,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24228-d2e2b4003ef24e75b8d453ad2f0582ba.yaml b/nuclei-templates/2021/CVE-2021-24228-d2e2b4003ef24e75b8d453ad2f0582ba.yaml
index c2d9983ea0..97db689dc9 100644
--- a/nuclei-templates/2021/CVE-2021-24228-d2e2b4003ef24e75b8d453ad2f0582ba.yaml
+++ b/nuclei-templates/2021/CVE-2021-24228-d2e2b4003ef24e75b8d453ad2f0582ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Patreon WordPress <= 1.7.0 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of the error logging logic behind the scene allowed user-controlled input to be reflected on the login page, unsanitized.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/patreon-connect/"
     google-query: inurl:"/wp-content/plugins/patreon-connect/"
     shodan-query: 'vuln:CVE-2021-24228'
-  tags: cve,wordpress,wp-plugin,patreon-connect,critical
+  tags: cve,wordpress,wp-plugin,patreon-connect,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24229-1e16eec4b6ae009a904a8e7f17b7b28d.yaml b/nuclei-templates/2021/CVE-2021-24229-1e16eec4b6ae009a904a8e7f17b7b28d.yaml
index 31fa922861..516e38d86b 100644
--- a/nuclei-templates/2021/CVE-2021-24229-1e16eec4b6ae009a904a8e7f17b7b28d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24229-1e16eec4b6ae009a904a8e7f17b7b28d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Patreon WordPress <= 1.7.0 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with the ‘manage_options’ privilege (i.e.., only administrators). Unfortunately, one of the parameters used in this AJAX endpoint is not sanitized before being printed back to the user, so the risk it represents is the same as the previous XSS vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/patreon-connect/"
     google-query: inurl:"/wp-content/plugins/patreon-connect/"
     shodan-query: 'vuln:CVE-2021-24229'
-  tags: cve,wordpress,wp-plugin,patreon-connect,critical
+  tags: cve,wordpress,wp-plugin,patreon-connect,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24230-1d56115c5756336039596f3db2afcf11.yaml b/nuclei-templates/2021/CVE-2021-24230-1d56115c5756336039596f3db2afcf11.yaml
index c0ffc09e85..effb41f3a9 100644
--- a/nuclei-templates/2021/CVE-2021-24230-1d56115c5756336039596f3db2afcf11.yaml
+++ b/nuclei-templates/2021/CVE-2021-24230-1d56115c5756336039596f3db2afcf11.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Patreon WordPress <= 1.6.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Patreon WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.9. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user account’s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content.  This makes it possible for unauthenticated attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/patreon-connect/"
     google-query: inurl:"/wp-content/plugins/patreon-connect/"
     shodan-query: 'vuln:CVE-2021-24230'
-  tags: cve,wordpress,wp-plugin,patreon-connect,high
+  tags: cve,wordpress,wp-plugin,patreon-connect,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24231-3ea0fac767d2ae2ce8f2f4784f535988.yaml b/nuclei-templates/2021/CVE-2021-24231-3ea0fac767d2ae2ce8f2f4784f535988.yaml
index 3201c7938f..a69fff12aa 100644
--- a/nuclei-templates/2021/CVE-2021-24231-3ea0fac767d2ae2ce8f2f4784f535988.yaml
+++ b/nuclei-templates/2021/CVE-2021-24231-3ea0fac767d2ae2ce8f2f4784f535988.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Patreon WordPress <= 1.6.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/patreon-connect/"
     google-query: inurl:"/wp-content/plugins/patreon-connect/"
     shodan-query: 'vuln:CVE-2021-24231'
-  tags: cve,wordpress,wp-plugin,patreon-connect,high
+  tags: cve,wordpress,wp-plugin,patreon-connect,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24238-d1bbc50d843df9b465aead854697cdc8.yaml b/nuclei-templates/2021/CVE-2021-24238-d1bbc50d843df9b465aead854697cdc8.yaml
index eb54d3f764..3d5e4efecc 100644
--- a/nuclei-templates/2021/CVE-2021-24238-d1bbc50d843df9b465aead854697cdc8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24238-d1bbc50d843df9b465aead854697cdc8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Realteo < 1.2.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/findeo/"
     google-query: inurl:"/wp-content/plugins/findeo/"
     shodan-query: 'vuln:CVE-2021-24238'
-  tags: cve,wordpress,wp-plugin,findeo,medium
+  tags: cve,wordpress,wp-plugin,findeo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24242-78ff72d9346255abccb5396c4cac06cb.yaml b/nuclei-templates/2021/CVE-2021-24242-78ff72d9346255abccb5396c4cac06cb.yaml
index 831625beae..c1a9fad8d0 100644
--- a/nuclei-templates/2021/CVE-2021-24242-78ff72d9346255abccb5396c4cac06cb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24242-78ff72d9346255abccb5396c4cac06cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 1.8.7 - Authenticated Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2021-24242'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24243-3ff23277c9ba98ae052e3b9f7bce2ce5.yaml b/nuclei-templates/2021/CVE-2021-24243-3ff23277c9ba98ae052e3b9f7bce2ce5.yaml
index 3557def5a6..b24762dde4 100644
--- a/nuclei-templates/2021/CVE-2021-24243-3ff23277c9ba98ae052e3b9f7bce2ce5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24243-3ff23277c9ba98ae052e3b9f7bce2ce5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBakery Page Builder Clipboard <= 4.5.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vc_clipboard/"
     google-query: inurl:"/wp-content/plugins/vc_clipboard/"
     shodan-query: 'vuln:CVE-2021-24243'
-  tags: cve,wordpress,wp-plugin,vc_clipboard,medium
+  tags: cve,wordpress,wp-plugin,vc_clipboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24246-295565d6c00c49b75df12a1f75ae3147.yaml b/nuclei-templates/2021/CVE-2021-24246-295565d6c00c49b75df12a1f75ae3147.yaml
index 1fef89b9ab..8489226ce1 100644
--- a/nuclei-templates/2021/CVE-2021-24246-295565d6c00c49b75df12a1f75ae3147.yaml
+++ b/nuclei-templates/2021/CVE-2021-24246-295565d6c00c49b75df12a1f75ae3147.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WorkScout - Job Board WordPress Theme <= 2.0.31 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2021-24246
   metadata:
-    fofa-query: "wp-content/plugins/workscout-core/"
-    google-query: inurl:"/wp-content/plugins/workscout-core/"
+    fofa-query: "wp-content/themes/workscout/"
+    google-query: inurl:"/wp-content/themes/workscout/"
     shodan-query: 'vuln:CVE-2021-24246'
-  tags: cve,wordpress,wp-plugin,workscout-core,medium
+  tags: cve,wordpress,wp-theme,workscout,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/workscout-core/readme.txt"
+      - "{{BaseURL}}/wp-content/themes/workscout/style.css"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "workscout-core"
+          - "workscout"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.3.4')
\ No newline at end of file
+          - compare_versions(version, '<= 2.0.31')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-24247-8399de040479bedb6b313106c99e1459.yaml b/nuclei-templates/2021/CVE-2021-24247-8399de040479bedb6b313106c99e1459.yaml
index e919a722dd..daaab1f45b 100644
--- a/nuclei-templates/2021/CVE-2021-24247-8399de040479bedb6b313106c99e1459.yaml
+++ b/nuclei-templates/2021/CVE-2021-24247-8399de040479bedb6b313106c99e1459.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Check Tester <= 1.0.2 - Authenticated (Subscriber+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-check-tester/"
     google-query: inurl:"/wp-content/plugins/contact-form-check-tester/"
     shodan-query: 'vuln:CVE-2021-24247'
-  tags: cve,wordpress,wp-plugin,contact-form-check-tester,medium
+  tags: cve,wordpress,wp-plugin,contact-form-check-tester,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24248-70e9f9d703b7871b412f99e0b65bc826.yaml b/nuclei-templates/2021/CVE-2021-24248-70e9f9d703b7871b412f99e0b65bc826.yaml
index f8005bd83b..96865276f7 100644
--- a/nuclei-templates/2021/CVE-2021-24248-70e9f9d703b7871b412f99e0b65bc826.yaml
+++ b/nuclei-templates/2021/CVE-2021-24248-70e9f9d703b7871b412f99e0b65bc826.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Business Directory Plugin <= 5.11 - Authenticated PHP4 Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/business-directory-plugin/"
     google-query: inurl:"/wp-content/plugins/business-directory-plugin/"
     shodan-query: 'vuln:CVE-2021-24248'
-  tags: cve,wordpress,wp-plugin,business-directory-plugin,high
+  tags: cve,wordpress,wp-plugin,business-directory-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24249-3640b3daf83d6cd1e2aa52d4c7a270ac.yaml b/nuclei-templates/2021/CVE-2021-24249-3640b3daf83d6cd1e2aa52d4c7a270ac.yaml
index 3292851a10..e08114150d 100644
--- a/nuclei-templates/2021/CVE-2021-24249-3640b3daf83d6cd1e2aa52d4c7a270ac.yaml
+++ b/nuclei-templates/2021/CVE-2021-24249-3640b3daf83d6cd1e2aa52d4c7a270ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Business Directory Plugin – Easy Listing Directories for WordPress <= 5.11.1 - Cross-Site Request Forgery to Arbitrary Listing Export
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/business-directory-plugin/"
     google-query: inurl:"/wp-content/plugins/business-directory-plugin/"
     shodan-query: 'vuln:CVE-2021-24249'
-  tags: cve,wordpress,wp-plugin,business-directory-plugin,high
+  tags: cve,wordpress,wp-plugin,business-directory-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24250-3950561f5b69ad2aadeaa54bf293ca85.yaml b/nuclei-templates/2021/CVE-2021-24250-3950561f5b69ad2aadeaa54bf293ca85.yaml
index df94731f9c..53b9d2a50e 100644
--- a/nuclei-templates/2021/CVE-2021-24250-3950561f5b69ad2aadeaa54bf293ca85.yaml
+++ b/nuclei-templates/2021/CVE-2021-24250-3950561f5b69ad2aadeaa54bf293ca85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Business Directory Plugin <= 5.11.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/business-directory-plugin/"
     google-query: inurl:"/wp-content/plugins/business-directory-plugin/"
     shodan-query: 'vuln:CVE-2021-24250'
-  tags: cve,wordpress,wp-plugin,business-directory-plugin,medium
+  tags: cve,wordpress,wp-plugin,business-directory-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24252-47d3ad7250426f9e950984c71ba1d1f7.yaml b/nuclei-templates/2021/CVE-2021-24252-47d3ad7250426f9e950984c71ba1d1f7.yaml
index 31307e2306..83eef1b16a 100644
--- a/nuclei-templates/2021/CVE-2021-24252-47d3ad7250426f9e950984c71ba1d1f7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24252-47d3ad7250426f9e950984c71ba1d1f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Banner <= 1.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/free-event-banner/"
     google-query: inurl:"/wp-content/plugins/free-event-banner/"
     shodan-query: 'vuln:CVE-2021-24252'
-  tags: cve,wordpress,wp-plugin,free-event-banner,high
+  tags: cve,wordpress,wp-plugin,free-event-banner,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24253-f47e6eae64c804173012f23d96ac47f1.yaml b/nuclei-templates/2021/CVE-2021-24253-f47e6eae64c804173012f23d96ac47f1.yaml
index 26ef8d6998..2507feb6bb 100644
--- a/nuclei-templates/2021/CVE-2021-24253-f47e6eae64c804173012f23d96ac47f1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24253-f47e6eae64c804173012f23d96ac47f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     classyfrieds <= 3.8 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/classyfrieds/"
     google-query: inurl:"/wp-content/plugins/classyfrieds/"
     shodan-query: 'vuln:CVE-2021-24253'
-  tags: cve,wordpress,wp-plugin,classyfrieds,high
+  tags: cve,wordpress,wp-plugin,classyfrieds,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24254-c719c1fa9d94cb4a4d6e24f4ded47412.yaml b/nuclei-templates/2021/CVE-2021-24254-c719c1fa9d94cb4a4d6e24f4ded47412.yaml
index 11370c4616..ad6654e4c1 100644
--- a/nuclei-templates/2021/CVE-2021-24254-c719c1fa9d94cb4a4d6e24f4ded47412.yaml
+++ b/nuclei-templates/2021/CVE-2021-24254-c719c1fa9d94cb4a4d6e24f4ded47412.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     College publisher Import <= 0.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/college-publisher-import/"
     google-query: inurl:"/wp-content/plugins/college-publisher-import/"
     shodan-query: 'vuln:CVE-2021-24254'
-  tags: cve,wordpress,wp-plugin,college-publisher-import,high
+  tags: cve,wordpress,wp-plugin,college-publisher-import,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24255-73185f41beb88e54f54a80787c1d789a.yaml b/nuclei-templates/2021/CVE-2021-24255-73185f41beb88e54f54a80787c1d789a.yaml
index d6f459a9cd..0d3f1a0535 100644
--- a/nuclei-templates/2021/CVE-2021-24255-73185f41beb88e54f54a80787c1d789a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24255-73185f41beb88e54f54a80787c1d789a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor Lite <= 4.5.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2021-24255'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24256-76b99567dc5d8693687703220a992b79.yaml b/nuclei-templates/2021/CVE-2021-24256-76b99567dc5d8693687703220a992b79.yaml
index 9305c32569..15139d82e6 100644
--- a/nuclei-templates/2021/CVE-2021-24256-76b99567dc5d8693687703220a992b79.yaml
+++ b/nuclei-templates/2021/CVE-2021-24256-76b99567dc5d8693687703220a992b79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Header & Footer Builder <= 1.5.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/header-footer-elementor/"
     google-query: inurl:"/wp-content/plugins/header-footer-elementor/"
     shodan-query: 'vuln:CVE-2021-24256'
-  tags: cve,wordpress,wp-plugin,header-footer-elementor,medium
+  tags: cve,wordpress,wp-plugin,header-footer-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24257-ca0593eecf48a43d195a057ed533a1b4.yaml b/nuclei-templates/2021/CVE-2021-24257-ca0593eecf48a43d195a057ed533a1b4.yaml
index 002b7b953e..aa31380b02 100644
--- a/nuclei-templates/2021/CVE-2021-24257-ca0593eecf48a43d195a057ed533a1b4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24257-ca0593eecf48a43d195a057ed533a1b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <=4.2.7 Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2021-24257'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24258-b5aa1e2113ade8542174b19f6a7b50fe.yaml b/nuclei-templates/2021/CVE-2021-24258-b5aa1e2113ade8542174b19f6a7b50fe.yaml
index b7b7779d6b..eb70aef6c5 100644
--- a/nuclei-templates/2021/CVE-2021-24258-b5aa1e2113ade8542174b19f6a7b50fe.yaml
+++ b/nuclei-templates/2021/CVE-2021-24258-b5aa1e2113ade8542174b19f6a7b50fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elements Kit Lite/Pro <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit-lite/"
     google-query: inurl:"/wp-content/plugins/elementskit-lite/"
     shodan-query: 'vuln:CVE-2021-24258'
-  tags: cve,wordpress,wp-plugin,elementskit-lite,medium
+  tags: cve,wordpress,wp-plugin,elementskit-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24259-f95a6103756f27e103bcf366ca12c670.yaml b/nuclei-templates/2021/CVE-2021-24259-f95a6103756f27e103bcf366ca12c670.yaml
index 297219430f..fe25cce003 100644
--- a/nuclei-templates/2021/CVE-2021-24259-f95a6103756f27e103bcf366ca12c670.yaml
+++ b/nuclei-templates/2021/CVE-2021-24259-f95a6103756f27e103bcf366ca12c670.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.11.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2021-24259'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24260-f08da3e42125c87db99ab45bab5c3734.yaml b/nuclei-templates/2021/CVE-2021-24260-f08da3e42125c87db99ab45bab5c3734.yaml
index 9b5ad42ee1..9b8362723a 100644
--- a/nuclei-templates/2021/CVE-2021-24260-f08da3e42125c87db99ab45bab5c3734.yaml
+++ b/nuclei-templates/2021/CVE-2021-24260-f08da3e42125c87db99ab45bab5c3734.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Livemesh Addons for Elementor <= 6.7.1- Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2021-24260'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24261-70fc895faebcf1fe7c1137deedd632a4.yaml b/nuclei-templates/2021/CVE-2021-24261-70fc895faebcf1fe7c1137deedd632a4.yaml
index 1412d023f2..04a4d58f79 100644
--- a/nuclei-templates/2021/CVE-2021-24261-70fc895faebcf1fe7c1137deedd632a4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24261-70fc895faebcf1fe7c1137deedd632a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega - Absolute Addons for Elementor Page Builder <= 1.5.5 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2021-24261'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24262-bd64f1f16c4920e8819a833f00007e5e.yaml b/nuclei-templates/2021/CVE-2021-24262-bd64f1f16c4920e8819a833f00007e5e.yaml
index d3a8158b32..2b3f93ca89 100644
--- a/nuclei-templates/2021/CVE-2021-24262-bd64f1f16c4920e8819a833f00007e5e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24262-bd64f1f16c4920e8819a833f00007e5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooLentor – WooCommerce Elementor Addons + Builder <= 1.8.5 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woolentor-addons/"
     google-query: inurl:"/wp-content/plugins/woolentor-addons/"
     shodan-query: 'vuln:CVE-2021-24262'
-  tags: cve,wordpress,wp-plugin,woolentor-addons,medium
+  tags: cve,wordpress,wp-plugin,woolentor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24263-e94aceaf63920aa3eb4b9932eb00b35a.yaml b/nuclei-templates/2021/CVE-2021-24263-e94aceaf63920aa3eb4b9932eb00b35a.yaml
index c1541ed089..9af6865a7b 100644
--- a/nuclei-templates/2021/CVE-2021-24263-e94aceaf63920aa3eb4b9932eb00b35a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24263-e94aceaf63920aa3eb4b9932eb00b35a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPack Addons for Elementor <= 2.3.1 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/"
     google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/"
     shodan-query: 'vuln:CVE-2021-24263'
-  tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24264-257c0e2f02ca2973a1b0fbc7bb05b9d9.yaml b/nuclei-templates/2021/CVE-2021-24264-257c0e2f02ca2973a1b0fbc7bb05b9d9.yaml
index e7ebe16ccc..03a92dbd76 100644
--- a/nuclei-templates/2021/CVE-2021-24264-257c0e2f02ca2973a1b0fbc7bb05b9d9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24264-257c0e2f02ca2973a1b0fbc7bb05b9d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects – Elementor Addon <= 1.3.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-addon-for-elementor/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-addon-for-elementor/"
     shodan-query: 'vuln:CVE-2021-24264'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-addon-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,image-hover-effects-addon-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24265-b6405ae9eaca03d55059021293cdb417.yaml b/nuclei-templates/2021/CVE-2021-24265-b6405ae9eaca03d55059021293cdb417.yaml
index 86787b14e1..9abfe3917e 100644
--- a/nuclei-templates/2021/CVE-2021-24265-b6405ae9eaca03d55059021293cdb417.yaml
+++ b/nuclei-templates/2021/CVE-2021-24265-b6405ae9eaca03d55059021293cdb417.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rife Elementor Extensions & Templates <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rife-elementor-extensions/"
     google-query: inurl:"/wp-content/plugins/rife-elementor-extensions/"
     shodan-query: 'vuln:CVE-2021-24265'
-  tags: cve,wordpress,wp-plugin,rife-elementor-extensions,medium
+  tags: cve,wordpress,wp-plugin,rife-elementor-extensions,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24266-3835c81a3b054f8f577b5a29958ca111.yaml b/nuclei-templates/2021/CVE-2021-24266-3835c81a3b054f8f577b5a29958ca111.yaml
index 870ef83841..7742bbd631 100644
--- a/nuclei-templates/2021/CVE-2021-24266-3835c81a3b054f8f577b5a29958ca111.yaml
+++ b/nuclei-templates/2021/CVE-2021-24266-3835c81a3b054f8f577b5a29958ca111.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2021-24266'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24267-85a1c6e007a9a1b0879129219d595f5f.yaml b/nuclei-templates/2021/CVE-2021-24267-85a1c6e007a9a1b0879129219d595f5f.yaml
index fce1e2da23..1bdd18ed24 100644
--- a/nuclei-templates/2021/CVE-2021-24267-85a1c6e007a9a1b0879129219d595f5f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24267-85a1c6e007a9a1b0879129219d595f5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-One Addons for Elementor - WidgetKit <= 2.3.9 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widgetkit-for-elementor/"
     google-query: inurl:"/wp-content/plugins/widgetkit-for-elementor/"
     shodan-query: 'vuln:CVE-2021-24267'
-  tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24268-c3fb6f2c99d4c5f13096c4775a849201.yaml b/nuclei-templates/2021/CVE-2021-24268-c3fb6f2c99d4c5f13096c4775a849201.yaml
index 33257b8929..b6b6dba616 100644
--- a/nuclei-templates/2021/CVE-2021-24268-c3fb6f2c99d4c5f13096c4775a849201.yaml
+++ b/nuclei-templates/2021/CVE-2021-24268-c3fb6f2c99d4c5f13096c4775a849201.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JetWidgets For Elementor <= 1.0.8 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetwidgets-for-elementor/"
     google-query: inurl:"/wp-content/plugins/jetwidgets-for-elementor/"
     shodan-query: 'vuln:CVE-2021-24268'
-  tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24269-85fafc88eba7f097874b28a387304352.yaml b/nuclei-templates/2021/CVE-2021-24269-85fafc88eba7f097874b28a387304352.yaml
index 4e8718447f..8678728f26 100644
--- a/nuclei-templates/2021/CVE-2021-24269-85fafc88eba7f097874b28a387304352.yaml
+++ b/nuclei-templates/2021/CVE-2021-24269-85fafc88eba7f097874b28a387304352.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sina Extension for Elementor <= 3.3.11 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sina-extension-for-elementor/"
     google-query: inurl:"/wp-content/plugins/sina-extension-for-elementor/"
     shodan-query: 'vuln:CVE-2021-24269'
-  tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24270-9e56ce0a564cde270ffad1e5997baa50.yaml b/nuclei-templates/2021/CVE-2021-24270-9e56ce0a564cde270ffad1e5997baa50.yaml
index 166ede4f45..9c9205a8eb 100644
--- a/nuclei-templates/2021/CVE-2021-24270-9e56ce0a564cde270ffad1e5997baa50.yaml
+++ b/nuclei-templates/2021/CVE-2021-24270-9e56ce0a564cde270ffad1e5997baa50.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DethemeKit For Elementor <= 1.5.5.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dethemekit-for-elementor/"
     google-query: inurl:"/wp-content/plugins/dethemekit-for-elementor/"
     shodan-query: 'vuln:CVE-2021-24270'
-  tags: cve,wordpress,wp-plugin,dethemekit-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,dethemekit-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24271-b3de31ba898622222026a1275ef3dc05.yaml b/nuclei-templates/2021/CVE-2021-24271-b3de31ba898622222026a1275ef3dc05.yaml
index b4deb4c240..bc6382845e 100644
--- a/nuclei-templates/2021/CVE-2021-24271-b3de31ba898622222026a1275ef3dc05.yaml
+++ b/nuclei-templates/2021/CVE-2021-24271-b3de31ba898622222026a1275ef3dc05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Elementor < 1.30.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Addons for Elementor WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-elementor/"
     google-query: inurl:"/wp-content/plugins/ultimate-elementor/"
     shodan-query: 'vuln:CVE-2021-24271'
-  tags: cve,wordpress,wp-plugin,ultimate-elementor,medium
+  tags: cve,wordpress,wp-plugin,ultimate-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24273-dddec61512fe66c6bc2775d423f59680.yaml b/nuclei-templates/2021/CVE-2021-24273-dddec61512fe66c6bc2775d423f59680.yaml
index 6255917191..1d1ca6fcd4 100644
--- a/nuclei-templates/2021/CVE-2021-24273-dddec61512fe66c6bc2775d423f59680.yaml
+++ b/nuclei-templates/2021/CVE-2021-24273-dddec61512fe66c6bc2775d423f59680.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clever Addons for Elementor <=2.0.15 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cafe-lite/"
     google-query: inurl:"/wp-content/plugins/cafe-lite/"
     shodan-query: 'vuln:CVE-2021-24273'
-  tags: cve,wordpress,wp-plugin,cafe-lite,medium
+  tags: cve,wordpress,wp-plugin,cafe-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24277-509b534cfaeb00eddb901be35d0a9812.yaml b/nuclei-templates/2021/CVE-2021-24277-509b534cfaeb00eddb901be35d0a9812.yaml
index 5bec1bde5e..88e27aa859 100644
--- a/nuclei-templates/2021/CVE-2021-24277-509b534cfaeb00eddb901be35d0a9812.yaml
+++ b/nuclei-templates/2021/CVE-2021-24277-509b534cfaeb00eddb901be35d0a9812.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS for Yandex Turbo <= 1.29 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rss-for-yandex-turbo/"
     google-query: inurl:"/wp-content/plugins/rss-for-yandex-turbo/"
     shodan-query: 'vuln:CVE-2021-24277'
-  tags: cve,wordpress,wp-plugin,rss-for-yandex-turbo,medium
+  tags: cve,wordpress,wp-plugin,rss-for-yandex-turbo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24279-981460190387e68d2f348e5da885ce72.yaml b/nuclei-templates/2021/CVE-2021-24279-981460190387e68d2f348e5da885ce72.yaml
index 0dc406eb1e..8d46ca4986 100644
--- a/nuclei-templates/2021/CVE-2021-24279-981460190387e68d2f348e5da885ce72.yaml
+++ b/nuclei-templates/2021/CVE-2021-24279-981460190387e68d2f348e5da885ce72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Plugin Installation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpcf7-redirect/"
     google-query: inurl:"/wp-content/plugins/wpcf7-redirect/"
     shodan-query: 'vuln:CVE-2021-24279'
-  tags: cve,wordpress,wp-plugin,wpcf7-redirect,medium
+  tags: cve,wordpress,wp-plugin,wpcf7-redirect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24280-0446faf7e8a09fe554612052c4885eba.yaml b/nuclei-templates/2021/CVE-2021-24280-0446faf7e8a09fe554612052c4885eba.yaml
index f2d7d1af64..d567684308 100644
--- a/nuclei-templates/2021/CVE-2021-24280-0446faf7e8a09fe554612052c4885eba.yaml
+++ b/nuclei-templates/2021/CVE-2021-24280-0446faf7e8a09fe554612052c4885eba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirection for Contact Form 7 <= 2.3.3 - Authenticated PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpcf7-redirect/"
     google-query: inurl:"/wp-content/plugins/wpcf7-redirect/"
     shodan-query: 'vuln:CVE-2021-24280'
-  tags: cve,wordpress,wp-plugin,wpcf7-redirect,high
+  tags: cve,wordpress,wp-plugin,wpcf7-redirect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24281-7cb2e46e237585083f0f410d32da724a.yaml b/nuclei-templates/2021/CVE-2021-24281-7cb2e46e237585083f0f410d32da724a.yaml
index 4d05371ae3..b1a3567864 100644
--- a/nuclei-templates/2021/CVE-2021-24281-7cb2e46e237585083f0f410d32da724a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24281-7cb2e46e237585083f0f410d32da724a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpcf7-redirect/"
     google-query: inurl:"/wp-content/plugins/wpcf7-redirect/"
     shodan-query: 'vuln:CVE-2021-24281'
-  tags: cve,wordpress,wp-plugin,wpcf7-redirect,medium
+  tags: cve,wordpress,wp-plugin,wpcf7-redirect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24289-e2053d18b4d79ba0e416f265a7be2f35.yaml b/nuclei-templates/2021/CVE-2021-24289-e2053d18b4d79ba0e416f265a7be2f35.yaml
index 6bb4ba6e59..a9062b88ac 100644
--- a/nuclei-templates/2021/CVE-2021-24289-e2053d18b4d79ba0e416f265a7be2f35.yaml
+++ b/nuclei-templates/2021/CVE-2021-24289-e2053d18b4d79ba0e416f265a7be2f35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Store Locator Plus <= 5.5.15 - Authenticated Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     There is functionality in the Store Locator Plus for WordPress plugin through 5.5.15 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/store-locator-le/"
     google-query: inurl:"/wp-content/plugins/store-locator-le/"
     shodan-query: 'vuln:CVE-2021-24289'
-  tags: cve,wordpress,wp-plugin,store-locator-le,high
+  tags: cve,wordpress,wp-plugin,store-locator-le,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24290-41bea91ce3336d6adb86e1ea410b9aef.yaml b/nuclei-templates/2021/CVE-2021-24290-41bea91ce3336d6adb86e1ea410b9aef.yaml
index ee54dbf401..5d540bc8ac 100644
--- a/nuclei-templates/2021/CVE-2021-24290-41bea91ce3336d6adb86e1ea410b9aef.yaml
+++ b/nuclei-templates/2021/CVE-2021-24290-41bea91ce3336d6adb86e1ea410b9aef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Store Locator Plus <= 5.12.3 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     There are several endpoints in the Store Locator Plus for WordPress plugin through 5.12.3 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/store-locator-le/"
     google-query: inurl:"/wp-content/plugins/store-locator-le/"
     shodan-query: 'vuln:CVE-2021-24290'
-  tags: cve,wordpress,wp-plugin,store-locator-le,medium
+  tags: cve,wordpress,wp-plugin,store-locator-le,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24292-bc1bf66d22152db23406f67a4e5cfee9.yaml b/nuclei-templates/2021/CVE-2021-24292-bc1bf66d22152db23406f67a4e5cfee9.yaml
index 8a218d697a..9bad2bc2f3 100644
--- a/nuclei-templates/2021/CVE-2021-24292-bc1bf66d22152db23406f67a4e5cfee9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24292-bc1bf66d22152db23406f67a4e5cfee9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 2.23.0 & Pro Version < 1.17.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “title_tag” parameter. Although the element control lists a fixed set of possible html tags, it is possible to send a ‘save_builder’ request with the “heading_tag” set to “script”, and the actual “title” parameter set to JavaScript to be executed within the script tags added by the “heading_tag” parameter.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2021-24292
   metadata:
-    fofa-query: "wp-content/plugins/happy-elementor-addons-pro/"
-    google-query: inurl:"/wp-content/plugins/happy-elementor-addons-pro/"
+    fofa-query: "wp-content/plugins/happy-elementor-addons/"
+    google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2021-24292'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons-pro,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "happy-elementor-addons-pro"
+          - "happy-elementor-addons"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.17.0')
\ No newline at end of file
+          - compare_versions(version, '< 2.24.0')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-24294-295363837d1454c8802423d79b02460d.yaml b/nuclei-templates/2021/CVE-2021-24294-295363837d1454c8802423d79b02460d.yaml
index 44047ef37e..bddd4dd0ba 100644
--- a/nuclei-templates/2021/CVE-2021-24294-295363837d1454c8802423d79b02460d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24294-295363837d1454c8802423d79b02460d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DSGVO All in one for WP <= 3.9 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard (wp-admin/admin.php?page=dsgvoaiofree-show-log). This could allow unauthenticated attackers to gain unauthorised access by using an XSS payload to create a rogue administrator account, which will be trigged when an administrator will view the logs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dsgvo-all-in-one-for-wp/"
     google-query: inurl:"/wp-content/plugins/dsgvo-all-in-one-for-wp/"
     shodan-query: 'vuln:CVE-2021-24294'
-  tags: cve,wordpress,wp-plugin,dsgvo-all-in-one-for-wp,medium
+  tags: cve,wordpress,wp-plugin,dsgvo-all-in-one-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24295-212daaad6857839ca091cc2dcc90e7c8.yaml b/nuclei-templates/2021/CVE-2021-24295-212daaad6857839ca091cc2dcc90e7c8.yaml
index 9dbd8932cb..8d32986932 100644
--- a/nuclei-templates/2021/CVE-2021-24295-212daaad6857839ca091cc2dcc90e7c8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24295-212daaad6857839ca091cc2dcc90e7c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spam protection, AntiSpam, FireWall by CleanTalk <= 5.153.3 - Unauthenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cleantalk-spam-protect/"
     google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/"
     shodan-query: 'vuln:CVE-2021-24295'
-  tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,high
+  tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24296-6ed86de0b04577fc056eab4066eb09a3.yaml b/nuclei-templates/2021/CVE-2021-24296-6ed86de0b04577fc056eab4066eb09a3.yaml
index fc297c9f3c..4d656b5231 100644
--- a/nuclei-templates/2021/CVE-2021-24296-6ed86de0b04577fc056eab4066eb09a3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24296-6ed86de0b04577fc056eab4066eb09a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Customer Reviews <= 3.5.5 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-customer-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-customer-reviews/"
     shodan-query: 'vuln:CVE-2021-24296'
-  tags: cve,wordpress,wp-plugin,wp-customer-reviews,medium
+  tags: cve,wordpress,wp-plugin,wp-customer-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24301-106707c65ee1208d448d3a7f0350d84b.yaml b/nuclei-templates/2021/CVE-2021-24301-106707c65ee1208d448d3a7f0350d84b.yaml
index cfd21ab132..3458877f50 100644
--- a/nuclei-templates/2021/CVE-2021-24301-106707c65ee1208d448d3a7f0350d84b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24301-106707c65ee1208d448d3a7f0350d84b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hotjar Connecticator <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hotjar-connecticator/"
     google-query: inurl:"/wp-content/plugins/hotjar-connecticator/"
     shodan-query: 'vuln:CVE-2021-24301'
-  tags: cve,wordpress,wp-plugin,hotjar-connecticator,medium
+  tags: cve,wordpress,wp-plugin,hotjar-connecticator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24302-dc95c582cdcd23384ad1f3f9c0a3bd57.yaml b/nuclei-templates/2021/CVE-2021-24302-dc95c582cdcd23384ad1f3f9c0a3bd57.yaml
index f064583380..487f500768 100644
--- a/nuclei-templates/2021/CVE-2021-24302-dc95c582cdcd23384ad1f3f9c0a3bd57.yaml
+++ b/nuclei-templates/2021/CVE-2021-24302-dc95c582cdcd23384ad1f3f9c0a3bd57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the 'Default Skin' field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hana-flv-player/"
     google-query: inurl:"/wp-content/plugins/hana-flv-player/"
     shodan-query: 'vuln:CVE-2021-24302'
-  tags: cve,wordpress,wp-plugin,hana-flv-player,medium
+  tags: cve,wordpress,wp-plugin,hana-flv-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24303-f73561aa7a756a9f3e5287e2a9bf11ee.yaml b/nuclei-templates/2021/CVE-2021-24303-f73561aa7a756a9f3e5287e2a9bf11ee.yaml
index 64dc29275f..c8683de655 100644
--- a/nuclei-templates/2021/CVE-2021-24303-f73561aa7a756a9f3e5287e2a9bf11ee.yaml
+++ b/nuclei-templates/2021/CVE-2021-24303-f73561aa7a756a9f3e5287e2a9bf11ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JiangQie Official Website Mini Program < 1.1.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jiangqie-official-website-mini-program/"
     google-query: inurl:"/wp-content/plugins/jiangqie-official-website-mini-program/"
     shodan-query: 'vuln:CVE-2021-24303'
-  tags: cve,wordpress,wp-plugin,jiangqie-official-website-mini-program,high
+  tags: cve,wordpress,wp-plugin,jiangqie-official-website-mini-program,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24305-798f3fd97aa989f25f329926174d2a78.yaml b/nuclei-templates/2021/CVE-2021-24305-798f3fd97aa989f25f329926174d2a78.yaml
index 2bb17cd188..ab8a148bc0 100644
--- a/nuclei-templates/2021/CVE-2021-24305-798f3fd97aa989f25f329926174d2a78.yaml
+++ b/nuclei-templates/2021/CVE-2021-24305-798f3fd97aa989f25f329926174d2a78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Watcheezy Live chat plugin for WordPress <= 2.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Target First WordPress Plugin v2.0, also previously known as Watcheezy, suffers from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the 'weeWzKey' parameter that will be save as the 'weeID' option and is not sanitized.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/watcheezy/"
     google-query: inurl:"/wp-content/plugins/watcheezy/"
     shodan-query: 'vuln:CVE-2021-24305'
-  tags: cve,wordpress,wp-plugin,watcheezy,medium
+  tags: cve,wordpress,wp-plugin,watcheezy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24307-9c814d5a9ddaae393720aa3fbf301f85.yaml b/nuclei-templates/2021/CVE-2021-24307-9c814d5a9ddaae393720aa3fbf301f85.yaml
index 813a5d633e..c1f241d62f 100644
--- a/nuclei-templates/2021/CVE-2021-24307-9c814d5a9ddaae393720aa3fbf301f85.yaml
+++ b/nuclei-templates/2021/CVE-2021-24307-9c814d5a9ddaae393720aa3fbf301f85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO <= 4.1.0.1 - Authenticated Code Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool > Import/Export". However, the plugin attempts to unserialize values of the .ini file. Moreover, the plugin embeds Monolog library which can be used to craft a gadget chain and thus trigger system command execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:CVE-2021-24307'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,high
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24308-93461439abae08e1620c6e9fa8825bb9.yaml b/nuclei-templates/2021/CVE-2021-24308-93461439abae08e1620c6e9fa8825bb9.yaml
index 1bcbe08d69..eb56e653b0 100644
--- a/nuclei-templates/2021/CVE-2021-24308-93461439abae08e1620c6e9fa8825bb9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24308-93461439abae08e1620c6e9fa8825bb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin <= 4.21.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users (such as students) to elevate their privilege via an XSS attack when an admin will view their profile.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lifterlms/"
     google-query: inurl:"/wp-content/plugins/lifterlms/"
     shodan-query: 'vuln:CVE-2021-24308'
-  tags: cve,wordpress,wp-plugin,lifterlms,medium
+  tags: cve,wordpress,wp-plugin,lifterlms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24309-a7639c71f3241814b9c95f17c5919356.yaml b/nuclei-templates/2021/CVE-2021-24309-a7639c71f3241814b9c95f17c5919356.yaml
index da009307b4..60b3397c87 100644
--- a/nuclei-templates/2021/CVE-2021-24309-a7639c71f3241814b9c95f17c5919356.yaml
+++ b/nuclei-templates/2021/CVE-2021-24309-a7639c71f3241814b9c95f17c5919356.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weekly Schedule <= 3.4.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "Schedule Name" input in the Weekly Schedule WordPress plugin before 3.4.3 general options did not properly sanitize input, allowing a user to inject javascript code using the <script> HTML tags and cause a stored XSS issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weekly-schedule/"
     google-query: inurl:"/wp-content/plugins/weekly-schedule/"
     shodan-query: 'vuln:CVE-2021-24309'
-  tags: cve,wordpress,wp-plugin,weekly-schedule,medium
+  tags: cve,wordpress,wp-plugin,weekly-schedule,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24310-c4eb24a39e4ca07448358eb29c4b844d.yaml b/nuclei-templates/2021/CVE-2021-24310-c4eb24a39e4ca07448358eb29c4b844d.yaml
index 13d3138173..e6f35f684c 100644
--- a/nuclei-templates/2021/CVE-2021-24310-c4eb24a39e4ca07448358eb29c4b844d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24310-c4eb24a39e4ca07448358eb29c4b844d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery <= 1.5.66 - Authenticated Stored Cross-Site Scripting via Gallery Title
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2021-24310'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24311-937a14986e699492c9c7f6e0e211e4a4.yaml b/nuclei-templates/2021/CVE-2021-24311-937a14986e699492c9c7f6e0e211e4a4.yaml
index 4ea01bf114..688a2f9fe9 100644
--- a/nuclei-templates/2021/CVE-2021-24311-937a14986e699492c9c7f6e0e211e4a4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24311-937a14986e699492c9c7f6e0e211e4a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     External Media <= 1.0.33 - Authenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/external-media/"
     google-query: inurl:"/wp-content/plugins/external-media/"
     shodan-query: 'vuln:CVE-2021-24311'
-  tags: cve,wordpress,wp-plugin,external-media,high
+  tags: cve,wordpress,wp-plugin,external-media,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24312-0a730b29011862fa99f3ba28ddcb0a8c.yaml b/nuclei-templates/2021/CVE-2021-24312-0a730b29011862fa99f3ba28ddcb0a8c.yaml
index 88251123f2..bb785bcd07 100644
--- a/nuclei-templates/2021/CVE-2021-24312-0a730b29011862fa99f3ba28ddcb0a8c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24312-0a730b29011862fa99f3ba28ddcb0a8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Super Cache <= 1.7.2 - Authenticated Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-super-cache/"
     google-query: inurl:"/wp-content/plugins/wp-super-cache/"
     shodan-query: 'vuln:CVE-2021-24312'
-  tags: cve,wordpress,wp-plugin,wp-super-cache,high
+  tags: cve,wordpress,wp-plugin,wp-super-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24313-93817db5fd5a790f9a8413665f75bc03.yaml b/nuclei-templates/2021/CVE-2021-24313-93817db5fd5a790f9a8413665f75bc03.yaml
index 7ba1709950..91792a8d24 100644
--- a/nuclei-templates/2021/CVE-2021-24313-93817db5fd5a790f9a8413665f75bc03.yaml
+++ b/nuclei-templates/2021/CVE-2021-24313-93817db5fd5a790f9a8413665f75bc03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Prayer <= 1.6.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fill in the form to request a prayer. The form to request prayers or praises have several fields. The 'prayer request' and 'praise request' fields do not use proper input validation and can be used to store XSS payloads.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-prayer/"
     google-query: inurl:"/wp-content/plugins/wp-prayer/"
     shodan-query: 'vuln:CVE-2021-24313'
-  tags: cve,wordpress,wp-plugin,wp-prayer,medium
+  tags: cve,wordpress,wp-plugin,wp-prayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24315-5b936937c8c0c4c278a2b778b73bea89.yaml b/nuclei-templates/2021/CVE-2021-24315-5b936937c8c0c4c278a2b778b73bea89.yaml
index 026cd621d5..1de0f4625e 100644
--- a/nuclei-templates/2021/CVE-2021-24315-5b936937c8c0c4c278a2b778b73bea89.yaml
+++ b/nuclei-templates/2021/CVE-2021-24315-5b936937c8c0c4c278a2b778b73bea89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.10.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2021-24315'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24317-328e4f3efad73259f1eb9967e17030cd.yaml b/nuclei-templates/2021/CVE-2021-24317-328e4f3efad73259f1eb9967e17030cd.yaml
index abf4068636..771076aea9 100644
--- a/nuclei-templates/2021/CVE-2021-24317-328e4f3efad73259f1eb9967e17030cd.yaml
+++ b/nuclei-templates/2021/CVE-2021-24317-328e4f3efad73259f1eb9967e17030cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/listeo/"
     google-query: inurl:"/wp-content/themes/listeo/"
     shodan-query: 'vuln:CVE-2021-24317'
-  tags: cve,wordpress,wp-theme,listeo,medium
+  tags: cve,wordpress,wp-theme,listeo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24319-84b15db6be01953ae7e773bc858c3601.yaml b/nuclei-templates/2021/CVE-2021-24319-84b15db6be01953ae7e773bc858c3601.yaml
index e5ef7a957c..2f52bba16b 100644
--- a/nuclei-templates/2021/CVE-2021-24319-84b15db6be01953ae7e773bc858c3601.yaml
+++ b/nuclei-templates/2021/CVE-2021-24319-84b15db6be01953ae7e773bc858c3601.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bello - Directory & Listing  - < 1.6.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/bello/"
     google-query: inurl:"/wp-content/themes/bello/"
     shodan-query: 'vuln:CVE-2021-24319'
-  tags: cve,wordpress,wp-theme,bello,medium
+  tags: cve,wordpress,wp-theme,bello,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24322-067d3779b4dc783cbbb0a5aaab128700.yaml b/nuclei-templates/2021/CVE-2021-24322-067d3779b4dc783cbbb0a5aaab128700.yaml
index 05e0fa5620..74cae25234 100644
--- a/nuclei-templates/2021/CVE-2021-24322-067d3779b4dc783cbbb0a5aaab128700.yaml
+++ b/nuclei-templates/2021/CVE-2021-24322-067d3779b4dc783cbbb0a5aaab128700.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Database Backup for WordPress <= 2.3.3 - Authenticated Stored Cross-Site Scripting via backup_receipient Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-db-backup/"
     google-query: inurl:"/wp-content/plugins/wp-db-backup/"
     shodan-query: 'vuln:CVE-2021-24322'
-  tags: cve,wordpress,wp-plugin,wp-db-backup,medium
+  tags: cve,wordpress,wp-plugin,wp-db-backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24323-dd9c5510a5d40b29d6b46c88b274a46a.yaml b/nuclei-templates/2021/CVE-2021-24323-dd9c5510a5d40b29d6b46c88b274a46a.yaml
index 47baa1df89..555c33f482 100644
--- a/nuclei-templates/2021/CVE-2021-24323-dd9c5510a5d40b29d6b46c88b274a46a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24323-dd9c5510a5d40b29d6b46c88b274a46a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 5.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Additional tax classes' field when the tax functionality of WooCommerce is enabled in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:CVE-2021-24323'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24324-ab1f48347ef68d08de8af611ca6f7153.yaml b/nuclei-templates/2021/CVE-2021-24324-ab1f48347ef68d08de8af611ca6f7153.yaml
index bf0b69968e..256e19e91e 100644
--- a/nuclei-templates/2021/CVE-2021-24324-ab1f48347ef68d08de8af611ca6f7153.yaml
+++ b/nuclei-templates/2021/CVE-2021-24324-ab1f48347ef68d08de8af611ca6f7153.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     404 SEO Redirection <= 1.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/404-redirection-manager/"
     google-query: inurl:"/wp-content/plugins/404-redirection-manager/"
     shodan-query: 'vuln:CVE-2021-24324'
-  tags: cve,wordpress,wp-plugin,404-redirection-manager,high
+  tags: cve,wordpress,wp-plugin,404-redirection-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24327-82c66bd49c9670a47844ee08f2e1dfec.yaml b/nuclei-templates/2021/CVE-2021-24327-82c66bd49c9670a47844ee08f2e1dfec.yaml
index 4b9c529888..dc1d3f40fe 100644
--- a/nuclei-templates/2021/CVE-2021-24327-82c66bd49c9670a47844ee08f2e1dfec.yaml
+++ b/nuclei-templates/2021/CVE-2021-24327-82c66bd49c9670a47844ee08f2e1dfec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Redirection <= 6.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 7.1 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-redirection/"
     google-query: inurl:"/wp-content/plugins/seo-redirection/"
     shodan-query: 'vuln:CVE-2021-24327'
-  tags: cve,wordpress,wp-plugin,seo-redirection,medium
+  tags: cve,wordpress,wp-plugin,seo-redirection,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24328-d5419bc1feddd2eafb9324b9b87684d7.yaml b/nuclei-templates/2021/CVE-2021-24328-d5419bc1feddd2eafb9324b9b87684d7.yaml
index 45a3699c9c..9e29a61f2a 100644
--- a/nuclei-templates/2021/CVE-2021-24328-d5419bc1feddd2eafb9324b9b87684d7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24328-d5419bc1feddd2eafb9324b9b87684d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Login Security and History <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-login-security-and-history/"
     google-query: inurl:"/wp-content/plugins/wp-login-security-and-history/"
     shodan-query: 'vuln:CVE-2021-24328'
-  tags: cve,wordpress,wp-plugin,wp-login-security-and-history,high
+  tags: cve,wordpress,wp-plugin,wp-login-security-and-history,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24329-578845e46f5e10ee10237d1397f1fce9.yaml b/nuclei-templates/2021/CVE-2021-24329-578845e46f5e10ee10237d1397f1fce9.yaml
index 9993fc613b..1e1993bd52 100644
--- a/nuclei-templates/2021/CVE-2021-24329-578845e46f5e10ee10237d1397f1fce9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24329-578845e46f5e10ee10237d1397f1fce9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Super Cache <= 1.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Twitter Bootstrap Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_cache_location' parameter in versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-super-cache/"
     google-query: inurl:"/wp-content/plugins/wp-super-cache/"
     shodan-query: 'vuln:CVE-2021-24329'
-  tags: cve,wordpress,wp-plugin,wp-super-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-super-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24330-9051aa7c81fdec9135cd53a28b43a964.yaml b/nuclei-templates/2021/CVE-2021-24330-9051aa7c81fdec9135cd53a28b43a964.yaml
index f7fc9fff9e..4b6cb4af8c 100644
--- a/nuclei-templates/2021/CVE-2021-24330-9051aa7c81fdec9135cd53a28b43a964.yaml
+++ b/nuclei-templates/2021/CVE-2021-24330-9051aa7c81fdec9135cd53a28b43a964.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnel Builder by CartFlows <= 1.6.12 - Authenticated Stored Cross-Site scripting via FB Pixel ID and Google Analytics ID
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Funnel Builder by CartFlows – Create High Converting Sales Funnels For WordPress plugin before 1.6.13 did not sanitise its facebook_pixel_id and google_analytics_id settings, allowing high privilege users to set XSS payload in them, which will either be executed on pages generated by the plugin, or the whole website depending on the settings used.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cartflows/"
     google-query: inurl:"/wp-content/plugins/cartflows/"
     shodan-query: 'vuln:CVE-2021-24330'
-  tags: cve,wordpress,wp-plugin,cartflows,medium
+  tags: cve,wordpress,wp-plugin,cartflows,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24331-ed5e303cb61bf4126d5ebc5c9cfb7c58.yaml b/nuclei-templates/2021/CVE-2021-24331-ed5e303cb61bf4126d5ebc5c9cfb7c58.yaml
index 6ad5e44cd8..422f47e8ec 100644
--- a/nuclei-templates/2021/CVE-2021-24331-ed5e303cb61bf4126d5ebc5c9cfb7c58.yaml
+++ b/nuclei-templates/2021/CVE-2021-24331-ed5e303cb61bf4126d5ebc5c9cfb7c58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smooth Scroll Page Up/Down Buttons <= 1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did not properly sanitise and validate its settings, such as psb_distance, psb_buttonsize, psb_speed, only validating them client side. This could allow high privilege users (such as admin) to set XSS payloads in them
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smooth-page-scroll-updown-buttons/"
     google-query: inurl:"/wp-content/plugins/smooth-page-scroll-updown-buttons/"
     shodan-query: 'vuln:CVE-2021-24331'
-  tags: cve,wordpress,wp-plugin,smooth-page-scroll-updown-buttons,medium
+  tags: cve,wordpress,wp-plugin,smooth-page-scroll-updown-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24332-a168ad5542ffc3cded569dbf621954d3.yaml b/nuclei-templates/2021/CVE-2021-24332-a168ad5542ffc3cded569dbf621954d3.yaml
index 045e6d6bae..fdef57d6ba 100644
--- a/nuclei-templates/2021/CVE-2021-24332-a168ad5542ffc3cded569dbf621954d3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24332-a168ad5542ffc3cded569dbf621954d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Autoptimize <= 2.8.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autoptimize/"
     google-query: inurl:"/wp-content/plugins/autoptimize/"
     shodan-query: 'vuln:CVE-2021-24332'
-  tags: cve,wordpress,wp-plugin,autoptimize,medium
+  tags: cve,wordpress,wp-plugin,autoptimize,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24334-4c925e8fe2ce8185ac5a57769f1ea714.yaml b/nuclei-templates/2021/CVE-2021-24334-4c925e8fe2ce8185ac5a57769f1ea714.yaml
index 11880a09d2..deca15a497 100644
--- a/nuclei-templates/2021/CVE-2021-24334-4c925e8fe2ce8185ac5a57769f1ea714.yaml
+++ b/nuclei-templates/2021/CVE-2021-24334-4c925e8fe2ce8185ac5a57769f1ea714.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Instant Images – One Click Unsplash, Pixabay and Pexels Uploads <= 4.4.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/upload.php?page=instant-images), only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instant-images/"
     google-query: inurl:"/wp-content/plugins/instant-images/"
     shodan-query: 'vuln:CVE-2021-24334'
-  tags: cve,wordpress,wp-plugin,instant-images,medium
+  tags: cve,wordpress,wp-plugin,instant-images,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24336-019716f1cdfed62fc1f8666dedb59747.yaml b/nuclei-templates/2021/CVE-2021-24336-019716f1cdfed62fc1f8666dedb59747.yaml
index 90b5836c6d..ac8a121056 100644
--- a/nuclei-templates/2021/CVE-2021-24336-019716f1cdfed62fc1f8666dedb59747.yaml
+++ b/nuclei-templates/2021/CVE-2021-24336-019716f1cdfed62fc1f8666dedb59747.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FlightLog <= 3.0.2 - Authenticated (Editor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flightlog/"
     google-query: inurl:"/wp-content/plugins/flightlog/"
     shodan-query: 'vuln:CVE-2021-24336'
-  tags: cve,wordpress,wp-plugin,flightlog,high
+  tags: cve,wordpress,wp-plugin,flightlog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24337-a38e11881f3b1727628c06798dde0846.yaml b/nuclei-templates/2021/CVE-2021-24337-a38e11881f3b1727628c06798dde0846.yaml
index fbf8a59b60..be9f32b4ef 100644
--- a/nuclei-templates/2021/CVE-2021-24337-a38e11881f3b1727628c06798dde0846.yaml
+++ b/nuclei-templates/2021/CVE-2021-24337-a38e11881f3b1727628c06798dde0846.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Embed <= 1.0 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-embed-box/"
     google-query: inurl:"/wp-content/plugins/video-embed-box/"
     shodan-query: 'vuln:CVE-2021-24337'
-  tags: cve,wordpress,wp-plugin,video-embed-box,high
+  tags: cve,wordpress,wp-plugin,video-embed-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24338-ff2c0144dd3f14c012ac895bb24d6c4c.yaml b/nuclei-templates/2021/CVE-2021-24338-ff2c0144dd3f14c012ac895bb24d6c4c.yaml
index 28a7bef5ed..8091ac088e 100644
--- a/nuclei-templates/2021/CVE-2021-24338-ff2c0144dd3f14c012ac895bb24d6c4c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24338-ff2c0144dd3f14c012ac895bb24d6c4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pods 2.4.4.1 - 2.7.26 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pods/"
     google-query: inurl:"/wp-content/plugins/pods/"
     shodan-query: 'vuln:CVE-2021-24338'
-  tags: cve,wordpress,wp-plugin,pods,medium
+  tags: cve,wordpress,wp-plugin,pods,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24339-ba3ebdc8660c704b12fdc576b67a35b8.yaml b/nuclei-templates/2021/CVE-2021-24339-ba3ebdc8660c704b12fdc576b67a35b8.yaml
index 7c1207b407..6a256f2c7f 100644
--- a/nuclei-templates/2021/CVE-2021-24339-ba3ebdc8660c704b12fdc576b67a35b8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24339-ba3ebdc8660c704b12fdc576b67a35b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pods <= 2.7.26 - Authenticated Stored Cross-Site Scripting via Menu Label field
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pods/"
     google-query: inurl:"/wp-content/plugins/pods/"
     shodan-query: 'vuln:CVE-2021-24339'
-  tags: cve,wordpress,wp-plugin,pods,medium
+  tags: cve,wordpress,wp-plugin,pods,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24340-cf0e8508a150a92dcb38be8ebc42b5eb.yaml b/nuclei-templates/2021/CVE-2021-24340-cf0e8508a150a92dcb38be8ebc42b5eb.yaml
index d157e29656..51e702c0bb 100644
--- a/nuclei-templates/2021/CVE-2021-24340-cf0e8508a150a92dcb38be8ebc42b5eb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24340-cf0e8508a150a92dcb38be8ebc42b5eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 13.0.7 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:CVE-2021-24340'
-  tags: cve,wordpress,wp-plugin,wp-statistics,high
+  tags: cve,wordpress,wp-plugin,wp-statistics,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24341-cfbef53d87854aaa058c431289304e79.yaml b/nuclei-templates/2021/CVE-2021-24341-cfbef53d87854aaa058c431289304e79.yaml
index a04c5e041c..3a5de3378a 100644
--- a/nuclei-templates/2021/CVE-2021-24341-cfbef53d87854aaa058c431289304e79.yaml
+++ b/nuclei-templates/2021/CVE-2021-24341-cfbef53d87854aaa058c431289304e79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Xllentech English Islamic Calendar <= 2.6.7 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the year_number and month_number POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xllentech-english-islamic-calendar/"
     google-query: inurl:"/wp-content/plugins/xllentech-english-islamic-calendar/"
     shodan-query: 'vuln:CVE-2021-24341'
-  tags: cve,wordpress,wp-plugin,xllentech-english-islamic-calendar,high
+  tags: cve,wordpress,wp-plugin,xllentech-english-islamic-calendar,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24343-8961ac80ff2f49ea02524bf55be03a91.yaml b/nuclei-templates/2021/CVE-2021-24343-8961ac80ff2f49ea02524bf55be03a91.yaml
index 776be23608..3df4e02310 100644
--- a/nuclei-templates/2021/CVE-2021-24343-8961ac80ff2f49ea02524bf55be03a91.yaml
+++ b/nuclei-templates/2021/CVE-2021-24343-8961ac80ff2f49ea02524bf55be03a91.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iFlyChat – WordPress Chat <= 4.6.4 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iflychat/"
     google-query: inurl:"/wp-content/plugins/iflychat/"
     shodan-query: 'vuln:CVE-2021-24343'
-  tags: cve,wordpress,wp-plugin,iflychat,medium
+  tags: cve,wordpress,wp-plugin,iflychat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24344-8a961b077a643c6dcf8e7dd2b515541b.yaml b/nuclei-templates/2021/CVE-2021-24344-8a961b077a643c6dcf8e7dd2b515541b.yaml
index c078c02e7c..427d2fc18e 100644
--- a/nuclei-templates/2021/CVE-2021-24344-8a961b077a643c6dcf8e7dd2b515541b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24344-8a961b077a643c6dcf8e7dd2b515541b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Preloader <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Preloader WordPress plugin through 1.0.0 does not sanitise its setting fields, leading to authenticated (admin+) Stored Cross-Site scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-preloader/"
     google-query: inurl:"/wp-content/plugins/easy-preloader/"
     shodan-query: 'vuln:CVE-2021-24344'
-  tags: cve,wordpress,wp-plugin,easy-preloader,medium
+  tags: cve,wordpress,wp-plugin,easy-preloader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24345-85ac26fe1ed37dc881dfc2a5252c3fa6.yaml b/nuclei-templates/2021/CVE-2021-24345-85ac26fe1ed37dc881dfc2a5252c3fa6.yaml
index 7220bda52d..50d5039473 100644
--- a/nuclei-templates/2021/CVE-2021-24345-85ac26fe1ed37dc881dfc2a5252c3fa6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24345-85ac26fe1ed37dc881dfc2a5252c3fa6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sendit WP Newsletter <= 2.5.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sendit WP Newsletter plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘id_lista’ parameter in versions up to, and including, 2.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers requires administrator level access to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sendit/"
     google-query: inurl:"/wp-content/plugins/sendit/"
     shodan-query: 'vuln:CVE-2021-24345'
-  tags: cve,wordpress,wp-plugin,sendit,medium
+  tags: cve,wordpress,wp-plugin,sendit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24347-f424267505cbcf902cf4e60fa01acaf4.yaml b/nuclei-templates/2021/CVE-2021-24347-f424267505cbcf902cf4e60fa01acaf4.yaml
index 07c0a52fac..c0814af5ae 100644
--- a/nuclei-templates/2021/CVE-2021-24347-f424267505cbcf902cf4e60fa01acaf4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24347-f424267505cbcf902cf4e60fa01acaf4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager <= 4.21 - Authenticated Shell Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:CVE-2021-24347'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,high
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24348-5f3c1d80f50fc6780cc9be3d160231a8.yaml b/nuclei-templates/2021/CVE-2021-24348-5f3c1d80f50fc6780cc9be3d160231a8.yaml
index ea7d682f59..d2c7eff858 100644
--- a/nuclei-templates/2021/CVE-2021-24348-5f3c1d80f50fc6780cc9be3d160231a8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24348-5f3c1d80f50fc6780cc9be3d160231a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Side Menu – add fixed side buttons <= 3.1.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/side-menu/"
     google-query: inurl:"/wp-content/plugins/side-menu/"
     shodan-query: 'vuln:CVE-2021-24348'
-  tags: cve,wordpress,wp-plugin,side-menu,high
+  tags: cve,wordpress,wp-plugin,side-menu,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24354-da9748807dbda454b45fa581681ad9a2.yaml b/nuclei-templates/2021/CVE-2021-24354-da9748807dbda454b45fa581681ad9a2.yaml
index d4cbf136c6..825978b587 100644
--- a/nuclei-templates/2021/CVE-2021-24354-da9748807dbda454b45fa581681ad9a2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24354-da9748807dbda454b45fa581681ad9a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Installation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-301-redirects/"
     google-query: inurl:"/wp-content/plugins/simple-301-redirects/"
     shodan-query: 'vuln:CVE-2021-24354'
-  tags: cve,wordpress,wp-plugin,simple-301-redirects,high
+  tags: cve,wordpress,wp-plugin,simple-301-redirects,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24355-f2f204b71c27258d8bc3636a9cf0d080.yaml b/nuclei-templates/2021/CVE-2021-24355-f2f204b71c27258d8bc3636a9cf0d080.yaml
index 8ee4216c7b..37258ca7e5 100644
--- a/nuclei-templates/2021/CVE-2021-24355-f2f204b71c27258d8bc3636a9cf0d080.yaml
+++ b/nuclei-templates/2021/CVE-2021-24355-f2f204b71c27258d8bc3636a9cf0d080.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Wildcard Activation and Retrieval
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-301-redirects/"
     google-query: inurl:"/wp-content/plugins/simple-301-redirects/"
     shodan-query: 'vuln:CVE-2021-24355'
-  tags: cve,wordpress,wp-plugin,simple-301-redirects,medium
+  tags: cve,wordpress,wp-plugin,simple-301-redirects,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24356-92f8dddef0caee0f45322f38c33da40e.yaml b/nuclei-templates/2021/CVE-2021-24356-92f8dddef0caee0f45322f38c33da40e.yaml
index e10fa54a7e..cd7ff41017 100644
--- a/nuclei-templates/2021/CVE-2021-24356-92f8dddef0caee0f45322f38c33da40e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24356-92f8dddef0caee0f45322f38c33da40e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Activation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-301-redirects/"
     google-query: inurl:"/wp-content/plugins/simple-301-redirects/"
     shodan-query: 'vuln:CVE-2021-24356'
-  tags: cve,wordpress,wp-plugin,simple-301-redirects,high
+  tags: cve,wordpress,wp-plugin,simple-301-redirects,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24357-84b774dce1ed446fe61865bc9717d231.yaml b/nuclei-templates/2021/CVE-2021-24357-84b774dce1ed446fe61865bc9717d231.yaml
index 982212b5fe..1426661157 100644
--- a/nuclei-templates/2021/CVE-2021-24357-84b774dce1ed446fe61865bc9717d231.yaml
+++ b/nuclei-templates/2021/CVE-2021-24357-84b774dce1ed446fe61865bc9717d231.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FooGallery <= 2.0.34 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foogallery/"
     google-query: inurl:"/wp-content/plugins/foogallery/"
     shodan-query: 'vuln:CVE-2021-24357'
-  tags: cve,wordpress,wp-plugin,foogallery,medium
+  tags: cve,wordpress,wp-plugin,foogallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24360-d1fe830178bd836f853d2f1e8ea1327c.yaml b/nuclei-templates/2021/CVE-2021-24360-d1fe830178bd836f853d2f1e8ea1327c.yaml
index ceeeb459f5..548b5a0d03 100644
--- a/nuclei-templates/2021/CVE-2021-24360-d1fe830178bd836f853d2f1e8ea1327c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24360-d1fe830178bd836f853d2f1e8ea1327c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yes/No Chart < 1.0.12 - Authenticated SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yesno/"
     google-query: inurl:"/wp-content/plugins/yesno/"
     shodan-query: 'vuln:CVE-2021-24360'
-  tags: cve,wordpress,wp-plugin,yesno,medium
+  tags: cve,wordpress,wp-plugin,yesno,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24362-d029a01fd5b93450433108c7576996d9.yaml b/nuclei-templates/2021/CVE-2021-24362-d029a01fd5b93450433108c7576996d9.yaml
index 9c55b25bf5..5e730d40d0 100644
--- a/nuclei-templates/2021/CVE-2021-24362-d029a01fd5b93450433108c7576996d9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24362-d029a01fd5b93450433108c7576996d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery <= 1.5.74 - Stored Cross-Site Scripting via Uploaded SVG
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2021-24362'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24365-9a1ea12529e15f0a017ce8f0e47401f6.yaml b/nuclei-templates/2021/CVE-2021-24365-9a1ea12529e15f0a017ce8f0e47401f6.yaml
index 77f0cd37a8..42c337b027 100644
--- a/nuclei-templates/2021/CVE-2021-24365-9a1ea12529e15f0a017ce8f0e47401f6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24365-9a1ea12529e15f0a017ce8f0e47401f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Columns Free < 4.3.2 and Pro < 5.5.2 Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.4
     cve-id: CVE-2021-24365
   metadata:
-    fofa-query: "wp-content/plugins/codepress-admin-columns/"
-    google-query: inurl:"/wp-content/plugins/codepress-admin-columns/"
+    fofa-query: "wp-content/plugins/admin-columns-pro/"
+    google-query: inurl:"/wp-content/plugins/admin-columns-pro/"
     shodan-query: 'vuln:CVE-2021-24365'
-  tags: cve,wordpress,wp-plugin,codepress-admin-columns,medium
+  tags: cve,wordpress,wp-plugin,admin-columns-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/codepress-admin-columns/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/admin-columns-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "codepress-admin-columns"
+          - "admin-columns-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 4.3.2')
\ No newline at end of file
+          - compare_versions(version, '< 5.5.2')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-24366-2cf825b0502a2430e12833bc820c6234.yaml b/nuclei-templates/2021/CVE-2021-24366-2cf825b0502a2430e12833bc820c6234.yaml
index 588f759a43..910f7aaf9a 100644
--- a/nuclei-templates/2021/CVE-2021-24366-2cf825b0502a2430e12833bc820c6234.yaml
+++ b/nuclei-templates/2021/CVE-2021-24366-2cf825b0502a2430e12833bc820c6234.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Columns Free < 4.3 and Pro < 5.5.1 Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Admin Columns Free WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1, rendered input on the posted pages with improper input validation on the value passed into the field 'Label' parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.4
     cve-id: CVE-2021-24366
   metadata:
-    fofa-query: "wp-content/plugins/codepress-admin-columns/"
-    google-query: inurl:"/wp-content/plugins/codepress-admin-columns/"
+    fofa-query: "wp-content/plugins/admin-columns-pro/"
+    google-query: inurl:"/wp-content/plugins/admin-columns-pro/"
     shodan-query: 'vuln:CVE-2021-24366'
-  tags: cve,wordpress,wp-plugin,codepress-admin-columns,medium
+  tags: cve,wordpress,wp-plugin,admin-columns-pro,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/codepress-admin-columns/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/admin-columns-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "codepress-admin-columns"
+          - "admin-columns-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 4.2')
\ No newline at end of file
+          - compare_versions(version, '< 5.5.1')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-24367-416feeed72e481e9c6ade025bb1108e9.yaml b/nuclei-templates/2021/CVE-2021-24367-416feeed72e481e9c6ade025bb1108e9.yaml
index f234d6eaa1..9532e0f8ac 100644
--- a/nuclei-templates/2021/CVE-2021-24367-416feeed72e481e9c6ade025bb1108e9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24367-416feeed72e481e9c6ade025bb1108e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Config File Editor <= 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-config-file-editor/"
     google-query: inurl:"/wp-content/plugins/wp-config-file-editor/"
     shodan-query: 'vuln:CVE-2021-24367'
-  tags: cve,wordpress,wp-plugin,wp-config-file-editor,medium
+  tags: cve,wordpress,wp-plugin,wp-config-file-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24369-7c4b664dcbab81960496a17b3a66e44c.yaml b/nuclei-templates/2021/CVE-2021-24369-7c4b664dcbab81960496a17b3a66e44c.yaml
index a4828e753b..176a206c2c 100644
--- a/nuclei-templates/2021/CVE-2021-24369-7c4b664dcbab81960496a17b3a66e44c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24369-7c4b664dcbab81960496a17b3a66e44c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Payments Plugin | GetPaid <= 2.3.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/invoicing/"
     google-query: inurl:"/wp-content/plugins/invoicing/"
     shodan-query: 'vuln:CVE-2021-24369'
-  tags: cve,wordpress,wp-plugin,invoicing,medium
+  tags: cve,wordpress,wp-plugin,invoicing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24377-967efd081266df53c7d5c10295955cd0.yaml b/nuclei-templates/2021/CVE-2021-24377-967efd081266df53c7d5c10295955cd0.yaml
index 992aad2c46..b242db2cc4 100644
--- a/nuclei-templates/2021/CVE-2021-24377-967efd081266df53c7d5c10295955cd0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24377-967efd081266df53c7d5c10295955cd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Autoptimize <= 2.7.7 - Race Condition leading to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autoptimize/"
     google-query: inurl:"/wp-content/plugins/autoptimize/"
     shodan-query: 'vuln:CVE-2021-24377'
-  tags: cve,wordpress,wp-plugin,autoptimize,high
+  tags: cve,wordpress,wp-plugin,autoptimize,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24378-9b6d789ab9054bec8f3668e533e7af06.yaml b/nuclei-templates/2021/CVE-2021-24378-9b6d789ab9054bec8f3668e533e7af06.yaml
index 643565afd5..f5e513fca3 100644
--- a/nuclei-templates/2021/CVE-2021-24378-9b6d789ab9054bec8f3668e533e7af06.yaml
+++ b/nuclei-templates/2021/CVE-2021-24378-9b6d789ab9054bec8f3668e533e7af06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Autoptimize <= 2.7.7 - Unsafe File Upload to Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute when a victim visits index.html inside the plugin directory.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autoptimize/"
     google-query: inurl:"/wp-content/plugins/autoptimize/"
     shodan-query: 'vuln:CVE-2021-24378'
-  tags: cve,wordpress,wp-plugin,autoptimize,medium
+  tags: cve,wordpress,wp-plugin,autoptimize,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24381-b156b450e510844126aa5b98c430cad1.yaml b/nuclei-templates/2021/CVE-2021-24381-b156b450e510844126aa5b98c430cad1.yaml
index 9af1edfc6b..ff409f4eb8 100644
--- a/nuclei-templates/2021/CVE-2021-24381-b156b450e510844126aa5b98c430cad1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24381-b156b450e510844126aa5b98c430cad1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms <= 3.5.8.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2021-24381'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24382-39ab4c2294aa56f29beb5a701f23e19b.yaml b/nuclei-templates/2021/CVE-2021-24382-39ab4c2294aa56f29beb5a701f23e19b.yaml
index 8c0e3eea0f..91b04f11fd 100644
--- a/nuclei-templates/2021/CVE-2021-24382-39ab4c2294aa56f29beb5a701f23e19b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24382-39ab4c2294aa56f29beb5a701f23e19b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Slider 3 <= 3.5.0.8 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-slider-3/"
     google-query: inurl:"/wp-content/plugins/smart-slider-3/"
     shodan-query: 'vuln:CVE-2021-24382'
-  tags: cve,wordpress,wp-plugin,smart-slider-3,medium
+  tags: cve,wordpress,wp-plugin,smart-slider-3,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24383-363421e443d86bf6a03f6199bd5c6045.yaml b/nuclei-templates/2021/CVE-2021-24383-363421e443d86bf6a03f6199bd5c6045.yaml
index 2a509260f3..8073da4334 100644
--- a/nuclei-templates/2021/CVE-2021-24383-363421e443d86bf6a03f6199bd5c6045.yaml
+++ b/nuclei-templates/2021/CVE-2021-24383-363421e443d86bf6a03f6199bd5c6045.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Maps <= 8.1.11 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-maps/"
     google-query: inurl:"/wp-content/plugins/wp-google-maps/"
     shodan-query: 'vuln:CVE-2021-24383'
-  tags: cve,wordpress,wp-plugin,wp-google-maps,medium
+  tags: cve,wordpress,wp-plugin,wp-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24386-d123d567f469bf81fa1efe0cec4fc6a4.yaml b/nuclei-templates/2021/CVE-2021-24386-d123d567f469bf81fa1efe0cec4fc6a4.yaml
index de20cffa01..aaa5fea8c6 100644
--- a/nuclei-templates/2021/CVE-2021-24386-d123d567f469bf81fa1efe0cec4fc6a4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24386-d123d567f469bf81fa1efe0cec4fc6a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SVG Images <= 3.3 - Authenticated (author+) Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to also allow author to do so. The description of the plugin has also been updated with a security warning as upload of such content is intended.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-svg-images/"
     google-query: inurl:"/wp-content/plugins/wp-svg-images/"
     shodan-query: 'vuln:CVE-2021-24386'
-  tags: cve,wordpress,wp-plugin,wp-svg-images,medium
+  tags: cve,wordpress,wp-plugin,wp-svg-images,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24390-32ce162d5a195b7dc3b119d3f49907dd.yaml b/nuclei-templates/2021/CVE-2021-24390-32ce162d5a195b7dc3b119d3f49907dd.yaml
index 020cfc73ea..f09cb907cd 100644
--- a/nuclei-templates/2021/CVE-2021-24390-32ce162d5a195b7dc3b119d3f49907dd.yaml
+++ b/nuclei-templates/2021/CVE-2021-24390-32ce162d5a195b7dc3b119d3f49907dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 <= 3.7.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     A proid GET parameter of the WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alipay/"
     google-query: inurl:"/wp-content/plugins/alipay/"
     shodan-query: 'vuln:CVE-2021-24390'
-  tags: cve,wordpress,wp-plugin,alipay,high
+  tags: cve,wordpress,wp-plugin,alipay,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24391-652b592a23d9d8ef3233d28a405d4909.yaml b/nuclei-templates/2021/CVE-2021-24391-652b592a23d9d8ef3233d28a405d4909.yaml
index 2b54c5b3d1..db8b6288a3 100644
--- a/nuclei-templates/2021/CVE-2021-24391-652b592a23d9d8ef3233d28a405d4909.yaml
+++ b/nuclei-templates/2021/CVE-2021-24391-652b592a23d9d8ef3233d28a405d4909.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cashtomer <= 1.0.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cashtomer/"
     google-query: inurl:"/wp-content/plugins/cashtomer/"
     shodan-query: 'vuln:CVE-2021-24391'
-  tags: cve,wordpress,wp-plugin,cashtomer,high
+  tags: cve,wordpress,wp-plugin,cashtomer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24392-3e4694078ceef16f755ef9eb324edfcb.yaml b/nuclei-templates/2021/CVE-2021-24392-3e4694078ceef16f755ef9eb324edfcb.yaml
index 0124d3388d..1f7150540f 100644
--- a/nuclei-templates/2021/CVE-2021-24392-3e4694078ceef16f755ef9eb324edfcb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24392-3e4694078ceef16f755ef9eb324edfcb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Membership SwiftCloud.io <= 1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/club-management-software/"
     google-query: inurl:"/wp-content/plugins/club-management-software/"
     shodan-query: 'vuln:CVE-2021-24392'
-  tags: cve,wordpress,wp-plugin,club-management-software,high
+  tags: cve,wordpress,wp-plugin,club-management-software,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24393-8912ce3f5c5896ec3ae73a9aecfa4081.yaml b/nuclei-templates/2021/CVE-2021-24393-8912ce3f5c5896ec3ae73a9aecfa4081.yaml
index 95ab5b1164..81ebbc2a2b 100644
--- a/nuclei-templates/2021/CVE-2021-24393-8912ce3f5c5896ec3ae73a9aecfa4081.yaml
+++ b/nuclei-templates/2021/CVE-2021-24393-8912ce3f5c5896ec3ae73a9aecfa4081.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comment Highlighter <= 0.13 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comment-highlighter/"
     google-query: inurl:"/wp-content/plugins/comment-highlighter/"
     shodan-query: 'vuln:CVE-2021-24393'
-  tags: cve,wordpress,wp-plugin,comment-highlighter,high
+  tags: cve,wordpress,wp-plugin,comment-highlighter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24394-6fbfd79bf661b65b2359132741b885f3.yaml b/nuclei-templates/2021/CVE-2021-24394-6fbfd79bf661b65b2359132741b885f3.yaml
index 757a6f6965..a3104ca986 100644
--- a/nuclei-templates/2021/CVE-2021-24394-6fbfd79bf661b65b2359132741b885f3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24394-6fbfd79bf661b65b2359132741b885f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Testimonial Manager <= 1.2.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-testimonial-manager/"
     google-query: inurl:"/wp-content/plugins/easy-testimonial-manager/"
     shodan-query: 'vuln:CVE-2021-24394'
-  tags: cve,wordpress,wp-plugin,easy-testimonial-manager,high
+  tags: cve,wordpress,wp-plugin,easy-testimonial-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24395-d936ad16c92f96a8d361e8354b08642f.yaml b/nuclei-templates/2021/CVE-2021-24395-d936ad16c92f96a8d361e8354b08642f.yaml
index 56ecbd9eda..f4f7e032c2 100644
--- a/nuclei-templates/2021/CVE-2021-24395-d936ad16c92f96a8d361e8354b08642f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24395-d936ad16c92f96a8d361e8354b08642f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Embed Youtube Video <= 1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embed-youtube-video/"
     google-query: inurl:"/wp-content/plugins/embed-youtube-video/"
     shodan-query: 'vuln:CVE-2021-24395'
-  tags: cve,wordpress,wp-plugin,embed-youtube-video,high
+  tags: cve,wordpress,wp-plugin,embed-youtube-video,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24396-3c35d6ca8d97eaaa9d359ed4e523fe3c.yaml b/nuclei-templates/2021/CVE-2021-24396-3c35d6ca8d97eaaa9d359ed4e523fe3c.yaml
index 7237e41108..dbc42ebdb1 100644
--- a/nuclei-templates/2021/CVE-2021-24396-3c35d6ca8d97eaaa9d359ed4e523fe3c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24396-3c35d6ca8d97eaaa9d359ed4e523fe3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GSEOR – WordPress SEO Plugin <= 1.3 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gseor/"
     google-query: inurl:"/wp-content/plugins/gseor/"
     shodan-query: 'vuln:CVE-2021-24396'
-  tags: cve,wordpress,wp-plugin,gseor,high
+  tags: cve,wordpress,wp-plugin,gseor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24397-f8764dadc75611aef7a1572c7ab006f8.yaml b/nuclei-templates/2021/CVE-2021-24397-f8764dadc75611aef7a1572c7ab006f8.yaml
index 56d9f699ca..8b2ec1d7c2 100644
--- a/nuclei-templates/2021/CVE-2021-24397-f8764dadc75611aef7a1572c7ab006f8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24397-f8764dadc75611aef7a1572c7ab006f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MicroCopy <= 1.1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MicroCopy plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/microcopy/"
     google-query: inurl:"/wp-content/plugins/microcopy/"
     shodan-query: 'vuln:CVE-2021-24397'
-  tags: cve,wordpress,wp-plugin,microcopy,high
+  tags: cve,wordpress,wp-plugin,microcopy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24398-6368f485fdfbfa4bcc6e9fc96c77a440.yaml b/nuclei-templates/2021/CVE-2021-24398-6368f485fdfbfa4bcc6e9fc96c77a440.yaml
index c8b18a14a5..16652b294e 100644
--- a/nuclei-templates/2021/CVE-2021-24398-6368f485fdfbfa4bcc6e9fc96c77a440.yaml
+++ b/nuclei-templates/2021/CVE-2021-24398-6368f485fdfbfa4bcc6e9fc96c77a440.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive 3D Slider <= 1.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/morpheus-slider/"
     google-query: inurl:"/wp-content/plugins/morpheus-slider/"
     shodan-query: 'vuln:CVE-2021-24398'
-  tags: cve,wordpress,wp-plugin,morpheus-slider,high
+  tags: cve,wordpress,wp-plugin,morpheus-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24399-ca1b64ffb0ccae02fca2d23bb2d6ec12.yaml b/nuclei-templates/2021/CVE-2021-24399-ca1b64ffb0ccae02fca2d23bb2d6ec12.yaml
index 699e58c674..9725e8252b 100644
--- a/nuclei-templates/2021/CVE-2021-24399-ca1b64ffb0ccae02fca2d23bb2d6ec12.yaml
+++ b/nuclei-templates/2021/CVE-2021-24399-ca1b64ffb0ccae02fca2d23bb2d6ec12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Sorter <= 1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-sorter/"
     google-query: inurl:"/wp-content/plugins/the-sorter/"
     shodan-query: 'vuln:CVE-2021-24399'
-  tags: cve,wordpress,wp-plugin,the-sorter,high
+  tags: cve,wordpress,wp-plugin,the-sorter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24400-426286a65b9c6cb22be8026fc66ac3eb.yaml b/nuclei-templates/2021/CVE-2021-24400-426286a65b9c6cb22be8026fc66ac3eb.yaml
index 33bfbd9412..c71a95888c 100644
--- a/nuclei-templates/2021/CVE-2021-24400-426286a65b9c6cb22be8026fc66ac3eb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24400-426286a65b9c6cb22be8026fc66ac3eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Display Users <= 2.0.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-display-users/"
     google-query: inurl:"/wp-content/plugins/wp-display-users/"
     shodan-query: 'vuln:CVE-2021-24400'
-  tags: cve,wordpress,wp-plugin,wp-display-users,high
+  tags: cve,wordpress,wp-plugin,wp-display-users,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24401-4e4e50f7a420b0e140281c805ef6a928.yaml b/nuclei-templates/2021/CVE-2021-24401-4e4e50f7a420b0e140281c805ef6a928.yaml
index be36b7e774..6f122efe5f 100644
--- a/nuclei-templates/2021/CVE-2021-24401-4e4e50f7a420b0e140281c805ef6a928.yaml
+++ b/nuclei-templates/2021/CVE-2021-24401-4e4e50f7a420b0e140281c805ef6a928.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Domain Redirect <= 1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-domain-redirect/"
     google-query: inurl:"/wp-content/plugins/wp-domain-redirect/"
     shodan-query: 'vuln:CVE-2021-24401'
-  tags: cve,wordpress,wp-plugin,wp-domain-redirect,high
+  tags: cve,wordpress,wp-plugin,wp-domain-redirect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24402-f4d44f135652b4f97e23ce29c089eca6.yaml b/nuclei-templates/2021/CVE-2021-24402-f4d44f135652b4f97e23ce29c089eca6.yaml
index 94fe1a4114..7b00ed28a5 100644
--- a/nuclei-templates/2021/CVE-2021-24402-f4d44f135652b4f97e23ce29c089eca6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24402-f4d44f135652b4f97e23ce29c089eca6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP iCommerce – the first interactive ecommerce for wordpress <= 1.1.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-icommerce/"
     google-query: inurl:"/wp-content/plugins/wp-icommerce/"
     shodan-query: 'vuln:CVE-2021-24402'
-  tags: cve,wordpress,wp-plugin,wp-icommerce,high
+  tags: cve,wordpress,wp-plugin,wp-icommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24403-7d9cfe7c7d057a8bbf5fcb3c72a54c2b.yaml b/nuclei-templates/2021/CVE-2021-24403-7d9cfe7c7d057a8bbf5fcb3c72a54c2b.yaml
index 2cb71ca03a..721f225b43 100644
--- a/nuclei-templates/2021/CVE-2021-24403-7d9cfe7c7d057a8bbf5fcb3c72a54c2b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24403-7d9cfe7c7d057a8bbf5fcb3c72a54c2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Page Contact <= 1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpagecontact/"
     google-query: inurl:"/wp-content/plugins/wpagecontact/"
     shodan-query: 'vuln:CVE-2021-24403'
-  tags: cve,wordpress,wp-plugin,wpagecontact,high
+  tags: cve,wordpress,wp-plugin,wpagecontact,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24404-4e8e6308af14cc738d0cb86b4562e1c4.yaml b/nuclei-templates/2021/CVE-2021-24404-4e8e6308af14cc738d0cb86b4562e1c4.yaml
index a2a7ebf6c6..0d1d630149 100644
--- a/nuclei-templates/2021/CVE-2021-24404-4e8e6308af14cc738d0cb86b4562e1c4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24404-4e8e6308af14cc738d0cb86b4562e1c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Board <= 1.1(Beta) - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The options.php file of the WP-Board WordPress plugin through 1.1(Beta) accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query ran twice.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-board/"
     google-query: inurl:"/wp-content/plugins/wp-board/"
     shodan-query: 'vuln:CVE-2021-24404'
-  tags: cve,wordpress,wp-plugin,wp-board,high
+  tags: cve,wordpress,wp-plugin,wp-board,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24405-217c5fbd6c523ea432120eff4f82682f.yaml b/nuclei-templates/2021/CVE-2021-24405-217c5fbd6c523ea432120eff4f82682f.yaml
index c39a44df65..6aaa8d5427 100644
--- a/nuclei-templates/2021/CVE-2021-24405-217c5fbd6c523ea432120eff4f82682f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24405-217c5fbd6c523ea432120eff4f82682f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Cookies Policy <= 1.6.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-cookies-policy/"
     google-query: inurl:"/wp-content/plugins/easy-cookies-policy/"
     shodan-query: 'vuln:CVE-2021-24405'
-  tags: cve,wordpress,wp-plugin,easy-cookies-policy,medium
+  tags: cve,wordpress,wp-plugin,easy-cookies-policy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24408-8edd86c32f445ba8a5cfcf66f80c6f54.yaml b/nuclei-templates/2021/CVE-2021-24408-8edd86c32f445ba8a5cfcf66f80c6f54.yaml
index a161c9c7a0..904d61ddab 100644
--- a/nuclei-templates/2021/CVE-2021-24408-8edd86c32f445ba8a5cfcf66f80c6f54.yaml
+++ b/nuclei-templates/2021/CVE-2021-24408-8edd86c32f445ba8a5cfcf66f80c6f54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prismatic <= 2.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/prismatic/"
     google-query: inurl:"/wp-content/plugins/prismatic/"
     shodan-query: 'vuln:CVE-2021-24408'
-  tags: cve,wordpress,wp-plugin,prismatic,medium
+  tags: cve,wordpress,wp-plugin,prismatic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24410-10fa074ce14cd8aff4840b1abbaf6c83.yaml b/nuclei-templates/2021/CVE-2021-24410-10fa074ce14cd8aff4840b1abbaf6c83.yaml
index 0c5080157d..2d73a69343 100644
--- a/nuclei-templates/2021/CVE-2021-24410-10fa074ce14cd8aff4840b1abbaf6c83.yaml
+++ b/nuclei-templates/2021/CVE-2021-24410-10fa074ce14cd8aff4840b1abbaf6c83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     తెలుగు బైబిల్ వచనములు <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The తెలుగు బైబిల్ వచనములు WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/telugu-bible-verse-daily/"
     google-query: inurl:"/wp-content/plugins/telugu-bible-verse-daily/"
     shodan-query: 'vuln:CVE-2021-24410'
-  tags: cve,wordpress,wp-plugin,telugu-bible-verse-daily,high
+  tags: cve,wordpress,wp-plugin,telugu-bible-verse-daily,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24412-8c8ea74da9222b97df27e5eb58a8262e.yaml b/nuclei-templates/2021/CVE-2021-24412-8c8ea74da9222b97df27e5eb58a8262e.yaml
index 16760c33d0..cc998996f1 100644
--- a/nuclei-templates/2021/CVE-2021-24412-8c8ea74da9222b97df27e5eb58a8262e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24412-8c8ea74da9222b97df27e5eb58a8262e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Html5 Audio Player <= 2.1.2 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-audio-player/"
     google-query: inurl:"/wp-content/plugins/html5-audio-player/"
     shodan-query: 'vuln:CVE-2021-24412'
-  tags: cve,wordpress,wp-plugin,html5-audio-player,medium
+  tags: cve,wordpress,wp-plugin,html5-audio-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24413-376e635d9c344dbb946b8ae2b1699cff.yaml b/nuclei-templates/2021/CVE-2021-24413-376e635d9c344dbb946b8ae2b1699cff.yaml
index e4fe0a21fb..cae8ad775b 100644
--- a/nuclei-templates/2021/CVE-2021-24413-376e635d9c344dbb946b8ae2b1699cff.yaml
+++ b/nuclei-templates/2021/CVE-2021-24413-376e635d9c344dbb946b8ae2b1699cff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Twitter Feed < 1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-twitter-feeds/"
     google-query: inurl:"/wp-content/plugins/easy-twitter-feeds/"
     shodan-query: 'vuln:CVE-2021-24413'
-  tags: cve,wordpress,wp-plugin,easy-twitter-feeds,medium
+  tags: cve,wordpress,wp-plugin,easy-twitter-feeds,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24414-3976419442f6726cc8fee397bc7f22ee.yaml b/nuclei-templates/2021/CVE-2021-24414-3976419442f6726cc8fee397bc7f22ee.yaml
index 6e0be6613e..164b2cb398 100644
--- a/nuclei-templates/2021/CVE-2021-24414-3976419442f6726cc8fee397bc7f22ee.yaml
+++ b/nuclei-templates/2021/CVE-2021-24414-3976419442f6726cc8fee397bc7f22ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Player for YouTube <= 1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yt-player/"
     google-query: inurl:"/wp-content/plugins/yt-player/"
     shodan-query: 'vuln:CVE-2021-24414'
-  tags: cve,wordpress,wp-plugin,yt-player,medium
+  tags: cve,wordpress,wp-plugin,yt-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24415-62d375a0ef3c9366ba6ad68911a5c603.yaml b/nuclei-templates/2021/CVE-2021-24415-62d375a0ef3c9366ba6ad68911a5c603.yaml
index bf5f729320..c4b3a3ebec 100644
--- a/nuclei-templates/2021/CVE-2021-24415-62d375a0ef3c9366ba6ad68911a5c603.yaml
+++ b/nuclei-templates/2021/CVE-2021-24415-62d375a0ef3c9366ba6ad68911a5c603.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Polo Video Gallery – Best wordpress video gallery plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/polo-video-gallery/"
     google-query: inurl:"/wp-content/plugins/polo-video-gallery/"
     shodan-query: 'vuln:CVE-2021-24415'
-  tags: cve,wordpress,wp-plugin,polo-video-gallery,medium
+  tags: cve,wordpress,wp-plugin,polo-video-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24416-fe66522b1a62142749b36d39c6b2760b.yaml b/nuclei-templates/2021/CVE-2021-24416-fe66522b1a62142749b36d39c6b2760b.yaml
index 4c4f6b81d2..19413587a0 100644
--- a/nuclei-templates/2021/CVE-2021-24416-fe66522b1a62142749b36d39c6b2760b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24416-fe66522b1a62142749b36d39c6b2760b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     StreamCast – Radio Player for WordPress <= 2.1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/streamcast/"
     google-query: inurl:"/wp-content/plugins/streamcast/"
     shodan-query: 'vuln:CVE-2021-24416'
-  tags: cve,wordpress,wp-plugin,streamcast,medium
+  tags: cve,wordpress,wp-plugin,streamcast,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24418-c1380d1b7ef910c0603f14abaf611a7b.yaml b/nuclei-templates/2021/CVE-2021-24418-c1380d1b7ef910c0603f14abaf611a7b.yaml
index 2d703d7716..cea2e4b9f4 100644
--- a/nuclei-templates/2021/CVE-2021-24418-c1380d1b7ef910c0603f14abaf611a7b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24418-c1380d1b7ef910c0603f14abaf611a7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smooth Scroll Page Up/Down Buttons <= 1.3 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smooth-page-scroll-updown-buttons/"
     google-query: inurl:"/wp-content/plugins/smooth-page-scroll-updown-buttons/"
     shodan-query: 'vuln:CVE-2021-24418'
-  tags: cve,wordpress,wp-plugin,smooth-page-scroll-updown-buttons,medium
+  tags: cve,wordpress,wp-plugin,smooth-page-scroll-updown-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24420-9285c0881d2d0d11de4e3b3a24768c84.yaml b/nuclei-templates/2021/CVE-2021-24420-9285c0881d2d0d11de4e3b3a24768c84.yaml
index efc8bb1dd4..982d1c3809 100644
--- a/nuclei-templates/2021/CVE-2021-24420-9285c0881d2d0d11de4e3b3a24768c84.yaml
+++ b/nuclei-templates/2021/CVE-2021-24420-9285c0881d2d0d11de4e3b3a24768c84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Request a Quote <= 2.3.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/request-a-quote/"
     google-query: inurl:"/wp-content/plugins/request-a-quote/"
     shodan-query: 'vuln:CVE-2021-24420'
-  tags: cve,wordpress,wp-plugin,request-a-quote,medium
+  tags: cve,wordpress,wp-plugin,request-a-quote,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24421-b6b5ac51737dc25240c45d0d6e3809e0.yaml b/nuclei-templates/2021/CVE-2021-24421-b6b5ac51737dc25240c45d0d6e3809e0.yaml
index b95c85ecb3..f26193651e 100644
--- a/nuclei-templates/2021/CVE-2021-24421-b6b5ac51737dc25240c45d0d6e3809e0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24421-b6b5ac51737dc25240c45d0d6e3809e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP JobSearch <= 1.7.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/careerfy/"
     google-query: inurl:"/wp-content/plugins/careerfy/"
     shodan-query: 'vuln:CVE-2021-24421'
-  tags: cve,wordpress,wp-plugin,careerfy,medium
+  tags: cve,wordpress,wp-plugin,careerfy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24423-f1749872ec46f0f647fe9218c75359fd.yaml b/nuclei-templates/2021/CVE-2021-24423-f1749872ec46f0f647fe9218c75359fd.yaml
index e3c674606c..e9d28344bc 100644
--- a/nuclei-templates/2021/CVE-2021-24423-f1749872ec46f0f647fe9218c75359fd.yaml
+++ b/nuclei-templates/2021/CVE-2021-24423-f1749872ec46f0f647fe9218c75359fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UpdraftPlus WordPress Backup Plugin < 1.6.59 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/updraftplus/"
     google-query: inurl:"/wp-content/plugins/updraftplus/"
     shodan-query: 'vuln:CVE-2021-24423'
-  tags: cve,wordpress,wp-plugin,updraftplus,medium
+  tags: cve,wordpress,wp-plugin,updraftplus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24424-dc229c244bcfffc7d06d63944e8371c4.yaml b/nuclei-templates/2021/CVE-2021-24424-dc229c244bcfffc7d06d63944e8371c4.yaml
index 0bfa22dade..3deb3bf9f6 100644
--- a/nuclei-templates/2021/CVE-2021-24424-dc229c244bcfffc7d06d63944e8371c4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24424-dc229c244bcfffc7d06d63944e8371c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Reset <= 1.86 - Authenticated Stored Cross-Site Scripting via extra_data Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-reset/"
     google-query: inurl:"/wp-content/plugins/wp-reset/"
     shodan-query: 'vuln:CVE-2021-24424'
-  tags: cve,wordpress,wp-plugin,wp-reset,medium
+  tags: cve,wordpress,wp-plugin,wp-reset,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24425-49cfc8c3d99725c4ecb38a0e0b05420f.yaml b/nuclei-templates/2021/CVE-2021-24425-49cfc8c3d99725c4ecb38a0e0b05420f.yaml
index 4545b0bd42..3751ea4975 100644
--- a/nuclei-templates/2021/CVE-2021-24425-49cfc8c3d99725c4ecb38a0e0b05420f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24425-49cfc8c3d99725c4ecb38a0e0b05420f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     myStickymenu <= 2.5.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mystickymenu/"
     google-query: inurl:"/wp-content/plugins/mystickymenu/"
     shodan-query: 'vuln:CVE-2021-24425'
-  tags: cve,wordpress,wp-plugin,mystickymenu,medium
+  tags: cve,wordpress,wp-plugin,mystickymenu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24427-6cc6a3d6d739a61d420343f25551dbad.yaml b/nuclei-templates/2021/CVE-2021-24427-6cc6a3d6d739a61d420343f25551dbad.yaml
index c3c1ce8be9..d100a97ae6 100644
--- a/nuclei-templates/2021/CVE-2021-24427-6cc6a3d6d739a61d420343f25551dbad.yaml
+++ b/nuclei-templates/2021/CVE-2021-24427-6cc6a3d6d739a61d420343f25551dbad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     W3 Total Cache <= 2.1.2 Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The W3 Total Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several CDN settings in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w3-total-cache/"
     google-query: inurl:"/wp-content/plugins/w3-total-cache/"
     shodan-query: 'vuln:CVE-2021-24427'
-  tags: cve,wordpress,wp-plugin,w3-total-cache,medium
+  tags: cve,wordpress,wp-plugin,w3-total-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24428-6c5c77255a84fb41b6fdd26d0fd10783.yaml b/nuclei-templates/2021/CVE-2021-24428-6c5c77255a84fb41b6fdd26d0fd10783.yaml
index 6a374dcd7f..a3a794e0c8 100644
--- a/nuclei-templates/2021/CVE-2021-24428-6c5c77255a84fb41b6fdd26d0fd10783.yaml
+++ b/nuclei-templates/2021/CVE-2021-24428-6c5c77255a84fb41b6fdd26d0fd10783.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rss for Yandex Turbo <= 1.30 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rss-for-yandex-turbo/"
     google-query: inurl:"/wp-content/plugins/rss-for-yandex-turbo/"
     shodan-query: 'vuln:CVE-2021-24428'
-  tags: cve,wordpress,wp-plugin,rss-for-yandex-turbo,medium
+  tags: cve,wordpress,wp-plugin,rss-for-yandex-turbo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24429-826b0e6fc8bdc77439da0a867a102476.yaml b/nuclei-templates/2021/CVE-2021-24429-826b0e6fc8bdc77439da0a867a102476.yaml
index 121fbb1e13..8e7e390f23 100644
--- a/nuclei-templates/2021/CVE-2021-24429-826b0e6fc8bdc77439da0a867a102476.yaml
+++ b/nuclei-templates/2021/CVE-2021-24429-826b0e6fc8bdc77439da0a867a102476.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salon booking system < 6.3.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salon-booking-system/"
     google-query: inurl:"/wp-content/plugins/salon-booking-system/"
     shodan-query: 'vuln:CVE-2021-24429'
-  tags: cve,wordpress,wp-plugin,salon-booking-system,medium
+  tags: cve,wordpress,wp-plugin,salon-booking-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24430-076ba2e4af7ca8a46ce67983592fc4f6.yaml b/nuclei-templates/2021/CVE-2021-24430-076ba2e4af7ca8a46ce67983592fc4f6.yaml
index 95a58ffae3..b58c9562a9 100644
--- a/nuclei-templates/2021/CVE-2021-24430-076ba2e4af7ca8a46ce67983592fc4f6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24430-076ba2e4af7ca8a46ce67983592fc4f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Speed Booster Pack PageSpeed Optimization Suite <= 4.1.9. - Authenticated (Admin+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Speed Booster Pack PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/speed-booster-pack/"
     google-query: inurl:"/wp-content/plugins/speed-booster-pack/"
     shodan-query: 'vuln:CVE-2021-24430'
-  tags: cve,wordpress,wp-plugin,speed-booster-pack,high
+  tags: cve,wordpress,wp-plugin,speed-booster-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24433-dad17a0f7cc6bf4dce65968822857b48.yaml b/nuclei-templates/2021/CVE-2021-24433-dad17a0f7cc6bf4dce65968822857b48.yaml
index a4e9222e0c..c553bfa254 100644
--- a/nuclei-templates/2021/CVE-2021-24433-dad17a0f7cc6bf4dce65968822857b48.yaml
+++ b/nuclei-templates/2021/CVE-2021-24433-dad17a0f7cc6bf4dce65968822857b48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Sort&Search <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Sort&Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘indexurl’ parameter in versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated Contributor+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-sortsearch/"
     google-query: inurl:"/wp-content/plugins/simple-sortsearch/"
     shodan-query: 'vuln:CVE-2021-24433'
-  tags: cve,wordpress,wp-plugin,simple-sortsearch,medium
+  tags: cve,wordpress,wp-plugin,simple-sortsearch,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24435-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/2021/CVE-2021-24435-480067fff73f218a897f527d009097f5.yaml
index 4e99a4f75e..a5a5e8c377 100644
--- a/nuclei-templates/2021/CVE-2021-24435-480067fff73f218a897f527d009097f5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24435-480067fff73f218a897f527d009097f5.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2021-24435
   metadata:
-    fofa-query: "wp-content/plugins/amp-extensions/"
-    google-query: inurl:"/wp-content/plugins/amp-extensions/"
+    fofa-query: "wp-content/plugins/affiliate-pro/"
+    google-query: inurl:"/wp-content/plugins/affiliate-pro/"
     shodan-query: 'vuln:CVE-2021-24435'
-  tags: cve,wordpress,wp-plugin,amp-extensions,medium
+  tags: cve,wordpress,wp-plugin,affiliate-pro,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/amp-extensions/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/affiliate-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "amp-extensions"
+          - "affiliate-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2021/CVE-2021-24439-e8da5022574661b62f1a47c50584d384.yaml b/nuclei-templates/2021/CVE-2021-24439-e8da5022574661b62f1a47c50584d384.yaml
index 450959e73d..3f03b20223 100644
--- a/nuclei-templates/2021/CVE-2021-24439-e8da5022574661b62f1a47c50584d384.yaml
+++ b/nuclei-templates/2021/CVE-2021-24439-e8da5022574661b62f1a47c50584d384.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Browser Screenshots < 1.7.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/browser-shots/"
     google-query: inurl:"/wp-content/plugins/browser-shots/"
     shodan-query: 'vuln:CVE-2021-24439'
-  tags: cve,wordpress,wp-plugin,browser-shots,medium
+  tags: cve,wordpress,wp-plugin,browser-shots,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24440-df5624fcfc60e06a94f15a6af052be53.yaml b/nuclei-templates/2021/CVE-2021-24440-df5624fcfc60e06a94f15a6af052be53.yaml
index c13490c905..a9312cc8e1 100644
--- a/nuclei-templates/2021/CVE-2021-24440-df5624fcfc60e06a94f15a6af052be53.yaml
+++ b/nuclei-templates/2021/CVE-2021-24440-df5624fcfc60e06a94f15a6af052be53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sign-up Sheets <= 1.0.13 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sign-up-sheets/"
     google-query: inurl:"/wp-content/plugins/sign-up-sheets/"
     shodan-query: 'vuln:CVE-2021-24440'
-  tags: cve,wordpress,wp-plugin,sign-up-sheets,medium
+  tags: cve,wordpress,wp-plugin,sign-up-sheets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24441-56fc7e10ac8b22881c3f0ca008407e33.yaml b/nuclei-templates/2021/CVE-2021-24441-56fc7e10ac8b22881c3f0ca008407e33.yaml
index b8a81e68ab..ae914f4851 100644
--- a/nuclei-templates/2021/CVE-2021-24441-56fc7e10ac8b22881c3f0ca008407e33.yaml
+++ b/nuclei-templates/2021/CVE-2021-24441-56fc7e10ac8b22881c3f0ca008407e33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sign-up Sheets <= 1.0.13 - Authenticated CSV Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sign-up-sheets/"
     google-query: inurl:"/wp-content/plugins/sign-up-sheets/"
     shodan-query: 'vuln:CVE-2021-24441'
-  tags: cve,wordpress,wp-plugin,sign-up-sheets,high
+  tags: cve,wordpress,wp-plugin,sign-up-sheets,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24443-8b9fbd031d6f59226821b7faa24713d4.yaml b/nuclei-templates/2021/CVE-2021-24443-8b9fbd031d6f59226821b7faa24713d4.yaml
index eb02500456..d09ac19aba 100644
--- a/nuclei-templates/2021/CVE-2021-24443-8b9fbd031d6f59226821b7faa24713d4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24443-8b9fbd031d6f59226821b7faa24713d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Youzify <= 1.0.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youzify/"
     google-query: inurl:"/wp-content/plugins/youzify/"
     shodan-query: 'vuln:CVE-2021-24443'
-  tags: cve,wordpress,wp-plugin,youzify,medium
+  tags: cve,wordpress,wp-plugin,youzify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24444-9af4513a0f46be16e18750162e487d0e.yaml b/nuclei-templates/2021/CVE-2021-24444-9af4513a0f46be16e18750162e487d0e.yaml
index bb4fb94634..7b3fe997b1 100644
--- a/nuclei-templates/2021/CVE-2021-24444-9af4513a0f46be16e18750162e487d0e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24444-9af4513a0f46be16e18750162e487d0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TaxoPress <= 3.0.7.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-tags/"
     google-query: inurl:"/wp-content/plugins/simple-tags/"
     shodan-query: 'vuln:CVE-2021-24444'
-  tags: cve,wordpress,wp-plugin,simple-tags,medium
+  tags: cve,wordpress,wp-plugin,simple-tags,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24445-e422a5cf5dae135dafe01672b0f3ffbc.yaml b/nuclei-templates/2021/CVE-2021-24445-e422a5cf5dae135dafe01672b0f3ffbc.yaml
index a83fb64c41..5711c516a6 100644
--- a/nuclei-templates/2021/CVE-2021-24445-e422a5cf5dae135dafe01672b0f3ffbc.yaml
+++ b/nuclei-templates/2021/CVE-2021-24445-e422a5cf5dae135dafe01672b0f3ffbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Site Audit <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-audit/"
     google-query: inurl:"/wp-content/plugins/site-audit/"
     shodan-query: 'vuln:CVE-2021-24445'
-  tags: cve,wordpress,wp-plugin,site-audit,medium
+  tags: cve,wordpress,wp-plugin,site-audit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24447-fdc1c524e165c5f1685c267f450ebcb9.yaml b/nuclei-templates/2021/CVE-2021-24447-fdc1c524e165c5f1685c267f450ebcb9.yaml
index ef19068566..50077a6111 100644
--- a/nuclei-templates/2021/CVE-2021-24447-fdc1c524e165c5f1685c267f450ebcb9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24447-fdc1c524e165c5f1685c267f450ebcb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Image Zoom <= 1.46 - Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-image-zoooom/"
     google-query: inurl:"/wp-content/plugins/wp-image-zoooom/"
     shodan-query: 'vuln:CVE-2021-24447'
-  tags: cve,wordpress,wp-plugin,wp-image-zoooom,medium
+  tags: cve,wordpress,wp-plugin,wp-image-zoooom,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24448-5015ecbd471db4975c3b73948587d93d.yaml b/nuclei-templates/2021/CVE-2021-24448-5015ecbd471db4975c3b73948587d93d.yaml
index af2ef48487..e5291ad8f1 100644
--- a/nuclei-templates/2021/CVE-2021-24448-5015ecbd471db4975c3b73948587d93d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24448-5015ecbd471db4975c3b73948587d93d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder <= 3.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping on the 'Modify default Redirect Delay timer' setting. This makes it possible for authenticated attackers. with administrator-level privileges or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder/"
     google-query: inurl:"/wp-content/plugins/profile-builder/"
     shodan-query: 'vuln:CVE-2021-24448'
-  tags: cve,wordpress,wp-plugin,profile-builder,medium
+  tags: cve,wordpress,wp-plugin,profile-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24450-7433993cea900124b0f7230cf232b44d.yaml b/nuclei-templates/2021/CVE-2021-24450-7433993cea900124b0f7230cf232b44d.yaml
index c635defcb0..e23e3bb3d8 100644
--- a/nuclei-templates/2021/CVE-2021-24450-7433993cea900124b0f7230cf232b44d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24450-7433993cea900124b0f7230cf232b44d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfilePress <= 3.1.7 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.8 did not sanitise or escape some of its settings before saving them and outputting them back in the page, allowing high privilege users such as admin to set JavaScript payloads in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2021-24450'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24451-b68fe278807d5bbe8b9f9515e0348d4e.yaml b/nuclei-templates/2021/CVE-2021-24451-b68fe278807d5bbe8b9f9515e0348d4e.yaml
index d9b6eb8f6e..4b9bf9c6bd 100644
--- a/nuclei-templates/2021/CVE-2021-24451-b68fe278807d5bbe8b9f9515e0348d4e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24451-b68fe278807d5bbe8b9f9515e0348d4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export Users With Meta < 0.6.5 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-export-with-their-meta-data/"
     google-query: inurl:"/wp-content/plugins/user-export-with-their-meta-data/"
     shodan-query: 'vuln:CVE-2021-24451'
-  tags: cve,wordpress,wp-plugin,user-export-with-their-meta-data,high
+  tags: cve,wordpress,wp-plugin,user-export-with-their-meta-data,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24452-3b7846f9454db2dd18a15d1689f18426.yaml b/nuclei-templates/2021/CVE-2021-24452-3b7846f9454db2dd18a15d1689f18426.yaml
index 8be69ed072..5fcdd39ed9 100644
--- a/nuclei-templates/2021/CVE-2021-24452-3b7846f9454db2dd18a15d1689f18426.yaml
+++ b/nuclei-templates/2021/CVE-2021-24452-3b7846f9454db2dd18a15d1689f18426.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     W3 Total Cache <= 2.1.4 - Reflected Cross-Site Scripting via extension
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w3-total-cache/"
     google-query: inurl:"/wp-content/plugins/w3-total-cache/"
     shodan-query: 'vuln:CVE-2021-24452'
-  tags: cve,wordpress,wp-plugin,w3-total-cache,high
+  tags: cve,wordpress,wp-plugin,w3-total-cache,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24453-7df4ba3c146c5caf3d402ff70333f208.yaml b/nuclei-templates/2021/CVE-2021-24453-7df4ba3c146c5caf3d402ff70333f208.yaml
index cc194ca6d9..a4f0e34218 100644
--- a/nuclei-templates/2021/CVE-2021-24453-7df4ba3c146c5caf3d402ff70333f208.yaml
+++ b/nuclei-templates/2021/CVE-2021-24453-7df4ba3c146c5caf3d402ff70333f208.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Include Me <= 1.2.1 - Local File Inclusion leading to Authenticated Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/include-me/"
     google-query: inurl:"/wp-content/plugins/include-me/"
     shodan-query: 'vuln:CVE-2021-24453'
-  tags: cve,wordpress,wp-plugin,include-me,high
+  tags: cve,wordpress,wp-plugin,include-me,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24454-cb10630ddc7da513be3fbc863f316ce2.yaml b/nuclei-templates/2021/CVE-2021-24454-cb10630ddc7da513be3fbc863f316ce2.yaml
index bc62ebbd1e..49850ee159 100644
--- a/nuclei-templates/2021/CVE-2021-24454-cb10630ddc7da513be3fbc863f316ce2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24454-cb10630ddc7da513be3fbc863f316ce2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YOP Poll <= 6.2.7 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. The execution of the XSS payload depends on the 'Show results' option selected, which could be before or after sending the vote for example.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yop-poll/"
     google-query: inurl:"/wp-content/plugins/yop-poll/"
     shodan-query: 'vuln:CVE-2021-24454'
-  tags: cve,wordpress,wp-plugin,yop-poll,medium
+  tags: cve,wordpress,wp-plugin,yop-poll,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24455-805b776aa99780dfe83d45b24c67ce87.yaml b/nuclei-templates/2021/CVE-2021-24455-805b776aa99780dfe83d45b24c67ce87.yaml
index 036fc2558b..2326555b3e 100644
--- a/nuclei-templates/2021/CVE-2021-24455-805b776aa99780dfe83d45b24c67ce87.yaml
+++ b/nuclei-templates/2021/CVE-2021-24455-805b776aa99780dfe83d45b24c67ce87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 1.9.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tutor LMS – eLearning and online course solution WordPress plugin before 1.9.2 did not escape the Summary field of Announcements (when outputting it in an attribute), which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting issue, which is triggered when viewing the Announcements list, and could result in privilege escalation when viewed by an admin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2021-24455'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24456-a72cf1044ce793e721c265e19c02178a.yaml b/nuclei-templates/2021/CVE-2021-24456-a72cf1044ce793e721c265e19c02178a.yaml
index 314e23e6bb..8078edfe20 100644
--- a/nuclei-templates/2021/CVE-2021-24456-a72cf1044ce793e721c265e19c02178a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24456-a72cf1044ce793e721c265e19c02178a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz Maker <= 6.2.0.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-maker/"
     google-query: inurl:"/wp-content/plugins/quiz-maker/"
     shodan-query: 'vuln:CVE-2021-24456'
-  tags: cve,wordpress,wp-plugin,quiz-maker,high
+  tags: cve,wordpress,wp-plugin,quiz-maker,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24457-d3ba4c3e62ed9f2cd7ab1df9d9c7321d.yaml b/nuclei-templates/2021/CVE-2021-24457-d3ba4c3e62ed9f2cd7ab1df9d9c7321d.yaml
index 493afcbb8e..a9e5a3947a 100644
--- a/nuclei-templates/2021/CVE-2021-24457-d3ba4c3e62ed9f2cd7ab1df9d9c7321d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24457-d3ba4c3e62ed9f2cd7ab1df9d9c7321d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Portfolio Responsive Gallery <= 1.1.7 - Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/portfolio-responsive-gallery/"
     google-query: inurl:"/wp-content/plugins/portfolio-responsive-gallery/"
     shodan-query: 'vuln:CVE-2021-24457'
-  tags: cve,wordpress,wp-plugin,portfolio-responsive-gallery,high
+  tags: cve,wordpress,wp-plugin,portfolio-responsive-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24458-8198c675532e8f307d66f6e19540bf63.yaml b/nuclei-templates/2021/CVE-2021-24458-8198c675532e8f307d66f6e19540bf63.yaml
index d39ee0dcd2..0ccd17355c 100644
--- a/nuclei-templates/2021/CVE-2021-24458-8198c675532e8f307d66f6e19540bf63.yaml
+++ b/nuclei-templates/2021/CVE-2021-24458-8198c675532e8f307d66f6e19540bf63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup box < 2.3.4 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-popup-box/"
     google-query: inurl:"/wp-content/plugins/ays-popup-box/"
     shodan-query: 'vuln:CVE-2021-24458'
-  tags: cve,wordpress,wp-plugin,ays-popup-box,high
+  tags: cve,wordpress,wp-plugin,ays-popup-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24459-72fdd3a89359bcd594b4d65638469ed8.yaml b/nuclei-templates/2021/CVE-2021-24459-72fdd3a89359bcd594b4d65638469ed8.yaml
index f282e8e772..44f52886a9 100644
--- a/nuclei-templates/2021/CVE-2021-24459-72fdd3a89359bcd594b4d65638469ed8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24459-72fdd3a89359bcd594b4d65638469ed8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Survey Maker < 1.5.6 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/survey-maker/"
     google-query: inurl:"/wp-content/plugins/survey-maker/"
     shodan-query: 'vuln:CVE-2021-24459'
-  tags: cve,wordpress,wp-plugin,survey-maker,high
+  tags: cve,wordpress,wp-plugin,survey-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24460-c5dca15da955e97b5160cc77880cc971.yaml b/nuclei-templates/2021/CVE-2021-24460-c5dca15da955e97b5160cc77880cc971.yaml
index afa3f49d67..5138126cbb 100644
--- a/nuclei-templates/2021/CVE-2021-24460-c5dca15da955e97b5160cc77880cc971.yaml
+++ b/nuclei-templates/2021/CVE-2021-24460-c5dca15da955e97b5160cc77880cc971.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Like box – Page Plugin < 3.5.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-facebook-popup-likebox/"
     google-query: inurl:"/wp-content/plugins/ays-facebook-popup-likebox/"
     shodan-query: 'vuln:CVE-2021-24460'
-  tags: cve,wordpress,wp-plugin,ays-facebook-popup-likebox,high
+  tags: cve,wordpress,wp-plugin,ays-facebook-popup-likebox,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24461-050ac633edcdd8103878bb1a391274ca.yaml b/nuclei-templates/2021/CVE-2021-24461-050ac633edcdd8103878bb1a391274ca.yaml
index da6e969df8..863e0eea79 100644
--- a/nuclei-templates/2021/CVE-2021-24461-050ac633edcdd8103878bb1a391274ca.yaml
+++ b/nuclei-templates/2021/CVE-2021-24461-050ac633edcdd8103878bb1a391274ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FAQ Builder AYS <= 1.3.5 - Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/faq-builder-ays/"
     google-query: inurl:"/wp-content/plugins/faq-builder-ays/"
     shodan-query: 'vuln:CVE-2021-24461'
-  tags: cve,wordpress,wp-plugin,faq-builder-ays,high
+  tags: cve,wordpress,wp-plugin,faq-builder-ays,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24462-2e53d704a68a2528570d9bc04622f7a7.yaml b/nuclei-templates/2021/CVE-2021-24462-2e53d704a68a2528570d9bc04622f7a7.yaml
index 0b92f0dea0..01886d1819 100644
--- a/nuclei-templates/2021/CVE-2021-24462-2e53d704a68a2528570d9bc04622f7a7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24462-2e53d704a68a2528570d9bc04622f7a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by Ays - Responsive Image Gallery <= 4.4.3 - Authenticated Blind SQL Injections
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-photo-gallery/"
     google-query: inurl:"/wp-content/plugins/gallery-photo-gallery/"
     shodan-query: 'vuln:CVE-2021-24462'
-  tags: cve,wordpress,wp-plugin,gallery-photo-gallery,high
+  tags: cve,wordpress,wp-plugin,gallery-photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24463-46069454c6ba944e642bfecf69aa0fc3.yaml b/nuclei-templates/2021/CVE-2021-24463-46069454c6ba944e642bfecf69aa0fc3.yaml
index 3b19a5fbc6..526a3713e6 100644
--- a/nuclei-templates/2021/CVE-2021-24463-46069454c6ba944e642bfecf69aa0fc3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24463-46069454c6ba944e642bfecf69aa0fc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Slider by Ays- Responsive Slider and Carousel < 2.5.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-slider/"
     google-query: inurl:"/wp-content/plugins/ays-slider/"
     shodan-query: 'vuln:CVE-2021-24463'
-  tags: cve,wordpress,wp-plugin,ays-slider,high
+  tags: cve,wordpress,wp-plugin,ays-slider,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24464-2b8463e6867dce79ddd40af4dd9780fd.yaml b/nuclei-templates/2021/CVE-2021-24464-2b8463e6867dce79ddd40af4dd9780fd.yaml
index 63e062822d..6e1bdcd4d0 100644
--- a/nuclei-templates/2021/CVE-2021-24464-2b8463e6867dce79ddd40af4dd9780fd.yaml
+++ b/nuclei-templates/2021/CVE-2021-24464-2b8463e6867dce79ddd40af4dd9780fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YouTube Embed, Playlist and Popup <= 2.3.8 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor, leading to an authenticated Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-video-player/"
     google-query: inurl:"/wp-content/plugins/youtube-video-player/"
     shodan-query: 'vuln:CVE-2021-24464'
-  tags: cve,wordpress,wp-plugin,youtube-video-player,medium
+  tags: cve,wordpress,wp-plugin,youtube-video-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24465-db3802f450d9e0fa899a4b52caf267f5.yaml b/nuclei-templates/2021/CVE-2021-24465-db3802f450d9e0fa899a4b52caf267f5.yaml
index 004bd0acf7..4aa85488d3 100644
--- a/nuclei-templates/2021/CVE-2021-24465-db3802f450d9e0fa899a4b52caf267f5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24465-db3802f450d9e0fa899a4b52caf267f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meow Gallery (+ Gallery Block) <= 4.1.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meow-gallery/"
     google-query: inurl:"/wp-content/plugins/meow-gallery/"
     shodan-query: 'vuln:CVE-2021-24465'
-  tags: cve,wordpress,wp-plugin,meow-gallery,high
+  tags: cve,wordpress,wp-plugin,meow-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24466-6172c422eaf36f3edbfde89320e25329.yaml b/nuclei-templates/2021/CVE-2021-24466-6172c422eaf36f3edbfde89320e25329.yaml
index e986cc2f64..6defb3f72e 100644
--- a/nuclei-templates/2021/CVE-2021-24466-6172c422eaf36f3edbfde89320e25329.yaml
+++ b/nuclei-templates/2021/CVE-2021-24466-6172c422eaf36f3edbfde89320e25329.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Verse-O-Matic <= 4.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this could also lead to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/verse-o-matic/"
     google-query: inurl:"/wp-content/plugins/verse-o-matic/"
     shodan-query: 'vuln:CVE-2021-24466'
-  tags: cve,wordpress,wp-plugin,verse-o-matic,high
+  tags: cve,wordpress,wp-plugin,verse-o-matic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24468-e97645e174e90e9260a0b981384daa6e.yaml b/nuclei-templates/2021/CVE-2021-24468-e97645e174e90e9260a0b981384daa6e.yaml
index 00c42850a5..1c65a29aab 100644
--- a/nuclei-templates/2021/CVE-2021-24468-e97645e174e90e9260a0b981384daa6e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24468-e97645e174e90e9260a0b981384daa6e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaflet Map <= 2.23.3 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaflet-map/"
     google-query: inurl:"/wp-content/plugins/leaflet-map/"
     shodan-query: 'vuln:CVE-2021-24468'
-  tags: cve,wordpress,wp-plugin,leaflet-map,medium
+  tags: cve,wordpress,wp-plugin,leaflet-map,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24470-57f13a889e0cffca9cc00946f63d375b.yaml b/nuclei-templates/2021/CVE-2021-24470-57f13a889e0cffca9cc00946f63d375b.yaml
index f3d8cdc0c0..042a0a9029 100644
--- a/nuclei-templates/2021/CVE-2021-24470-57f13a889e0cffca9cc00946f63d375b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24470-57f13a889e0cffca9cc00946f63d375b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yada Wiki <= 3.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yada-wiki/"
     google-query: inurl:"/wp-content/plugins/yada-wiki/"
     shodan-query: 'vuln:CVE-2021-24470'
-  tags: cve,wordpress,wp-plugin,yada-wiki,medium
+  tags: cve,wordpress,wp-plugin,yada-wiki,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24471-315a019742ffab737ef11e333f6ddf51.yaml b/nuclei-templates/2021/CVE-2021-24471-315a019742ffab737ef11e333f6ddf51.yaml
index 8aa7b16e88..aba9927c4f 100644
--- a/nuclei-templates/2021/CVE-2021-24471-315a019742ffab737ef11e333f6ddf51.yaml
+++ b/nuclei-templates/2021/CVE-2021-24471-315a019742ffab737ef11e333f6ddf51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YouTube Embed <= 5.2.1 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. using w, h, controls, cc_lang, color, language, start, stop, or style parameter of youtube shortcode, 2. by using style, class, rel, target, width, height, or alt parameter of youtube_thumb shortcode, or 3. by embedding a video whose title or description contains XSS payload (if API key is configured).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-embed/"
     google-query: inurl:"/wp-content/plugins/youtube-embed/"
     shodan-query: 'vuln:CVE-2021-24471'
-  tags: cve,wordpress,wp-plugin,youtube-embed,medium
+  tags: cve,wordpress,wp-plugin,youtube-embed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24472-3a52346bbe93c0a607f0387208360f6f.yaml b/nuclei-templates/2021/CVE-2021-24472-3a52346bbe93c0a607f0387208360f6f.yaml
index b8031fe450..334245336b 100644
--- a/nuclei-templates/2021/CVE-2021-24472-3a52346bbe93c0a607f0387208360f6f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24472-3a52346bbe93c0a607f0387208360f6f.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2021-24472
   metadata:
-    fofa-query: "wp-content/themes/onair2/"
-    google-query: inurl:"/wp-content/themes/onair2/"
+    fofa-query: "wp-content/plugins/qt-kentharadio/"
+    google-query: inurl:"/wp-content/plugins/qt-kentharadio/"
     shodan-query: 'vuln:CVE-2021-24472'
-  tags: cve,wordpress,wp-theme,onair2,critical
+  tags: cve,wordpress,wp-plugin,qt-kentharadio,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/onair2/style.css"
+      - "{{BaseURL}}/wp-content/plugins/qt-kentharadio/readme.txt"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Version: ([0-9.]+)"
+          - "(?mi)Stable tag: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Version: ([0-9.]+)"
+          - "(?mi)Stable tag: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "onair2"
+          - "qt-kentharadio"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 3.9.9.2')
\ No newline at end of file
+          - compare_versions(version, '< 2.0.2')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-24473-28ec3275d51e7b8c31fce132b1bffc74.yaml b/nuclei-templates/2021/CVE-2021-24473-28ec3275d51e7b8c31fce132b1bffc74.yaml
index 17c878da3e..fa2190bdb3 100644
--- a/nuclei-templates/2021/CVE-2021-24473-28ec3275d51e7b8c31fce132b1bffc74.yaml
+++ b/nuclei-templates/2021/CVE-2021-24473-28ec3275d51e7b8c31fce132b1bffc74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Profile Picture < 2.6.0 - Authenticated Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-profile-picture/"
     google-query: inurl:"/wp-content/plugins/users-profile-picture/"
     shodan-query: 'vuln:CVE-2021-24473'
-  tags: cve,wordpress,wp-plugin,users-profile-picture,medium
+  tags: cve,wordpress,wp-plugin,users-profile-picture,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24476-ba89c7968306258a1d45a93c7b938ec5.yaml b/nuclei-templates/2021/CVE-2021-24476-ba89c7968306258a1d45a93c7b938ec5.yaml
index 0fdd6368da..4ef0da96c1 100644
--- a/nuclei-templates/2021/CVE-2021-24476-ba89c7968306258a1d45a93c7b938ec5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24476-ba89c7968306258a1d45a93c7b938ec5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/steam-group-viewer/"
     google-query: inurl:"/wp-content/plugins/steam-group-viewer/"
     shodan-query: 'vuln:CVE-2021-24476'
-  tags: cve,wordpress,wp-plugin,steam-group-viewer,medium
+  tags: cve,wordpress,wp-plugin,steam-group-viewer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24478-0e3f0bd6a580d466d037adb8757f5f4f.yaml b/nuclei-templates/2021/CVE-2021-24478-0e3f0bd6a580d466d037adb8757f5f4f.yaml
index dec2749d24..e7af05b48f 100644
--- a/nuclei-templates/2021/CVE-2021-24478-0e3f0bd6a580d466d037adb8757f5f4f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24478-0e3f0bd6a580d466d037adb8757f5f4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bookshelf <= 2.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookshelf/"
     google-query: inurl:"/wp-content/plugins/bookshelf/"
     shodan-query: 'vuln:CVE-2021-24478'
-  tags: cve,wordpress,wp-plugin,bookshelf,medium
+  tags: cve,wordpress,wp-plugin,bookshelf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24479-ae76e34d6e644abc4667be59d0e2e0dc.yaml b/nuclei-templates/2021/CVE-2021-24479-ae76e34d6e644abc4667be59d0e2e0dc.yaml
index 05ba86465e..ad5bf2aeea 100644
--- a/nuclei-templates/2021/CVE-2021-24479-ae76e34d6e644abc4667be59d0e2e0dc.yaml
+++ b/nuclei-templates/2021/CVE-2021-24479-ae76e34d6e644abc4667be59d0e2e0dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DrawBlog <= 0.90 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drawblog/"
     google-query: inurl:"/wp-content/plugins/drawblog/"
     shodan-query: 'vuln:CVE-2021-24479'
-  tags: cve,wordpress,wp-plugin,drawblog,medium
+  tags: cve,wordpress,wp-plugin,drawblog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24480-895b9710054cceeb59eef3658e032c99.yaml b/nuclei-templates/2021/CVE-2021-24480-895b9710054cceeb59eef3658e032c99.yaml
index 4b5cdab870..a627f29cb0 100644
--- a/nuclei-templates/2021/CVE-2021-24480-895b9710054cceeb59eef3658e032c99.yaml
+++ b/nuclei-templates/2021/CVE-2021-24480-895b9710054cceeb59eef3658e032c99.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Geek <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Event Geek WordPress plugin through 2.5.2 does not sanitise or escape its "Use your own " setting before outputting it in the page, leading to an authenticated (admin+) stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-geek/"
     google-query: inurl:"/wp-content/plugins/event-geek/"
     shodan-query: 'vuln:CVE-2021-24480'
-  tags: cve,wordpress,wp-plugin,event-geek,medium
+  tags: cve,wordpress,wp-plugin,event-geek,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24481-3bc0607c56016206aa45fc2de8e660d1.yaml b/nuclei-templates/2021/CVE-2021-24481-3bc0607c56016206aa45fc2de8e660d1.yaml
index c185e6cb87..7b5f28cd32 100644
--- a/nuclei-templates/2021/CVE-2021-24481-3bc0607c56016206aa45fc2de8e660d1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24481-3bc0607c56016206aa45fc2de8e660d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Any Hostname <= 1.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/any-hostname/"
     google-query: inurl:"/wp-content/plugins/any-hostname/"
     shodan-query: 'vuln:CVE-2021-24481'
-  tags: cve,wordpress,wp-plugin,any-hostname,medium
+  tags: cve,wordpress,wp-plugin,any-hostname,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24482-83b73a058cb79d602447680b268132d1.yaml b/nuclei-templates/2021/CVE-2021-24482-83b73a058cb79d602447680b268132d1.yaml
index 684f6dcfdb..f253656757 100644
--- a/nuclei-templates/2021/CVE-2021-24482-83b73a058cb79d602447680b268132d1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24482-83b73a058cb79d602447680b268132d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Related Posts for WordPress <= 2.0.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/related-posts-for-wp/"
     google-query: inurl:"/wp-content/plugins/related-posts-for-wp/"
     shodan-query: 'vuln:CVE-2021-24482'
-  tags: cve,wordpress,wp-plugin,related-posts-for-wp,medium
+  tags: cve,wordpress,wp-plugin,related-posts-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24483-18f92d3237c36d8e0be4fe5c61fd453f.yaml b/nuclei-templates/2021/CVE-2021-24483-18f92d3237c36d8e0be4fe5c61fd453f.yaml
index 328c7a6f30..6b8397bcdf 100644
--- a/nuclei-templates/2021/CVE-2021-24483-18f92d3237c36d8e0be4fe5c61fd453f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24483-18f92d3237c36d8e0be4fe5c61fd453f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poll Maker <= 3.2.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/poll-maker/"
     google-query: inurl:"/wp-content/plugins/poll-maker/"
     shodan-query: 'vuln:CVE-2021-24483'
-  tags: cve,wordpress,wp-plugin,poll-maker,high
+  tags: cve,wordpress,wp-plugin,poll-maker,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24484-40c9df59c7e3df119c2dd5f1035b5b7e.yaml b/nuclei-templates/2021/CVE-2021-24484-40c9df59c7e3df119c2dd5f1035b5b7e.yaml
index cfa54d2ae4..00a3ef3bc9 100644
--- a/nuclei-templates/2021/CVE-2021-24484-40c9df59c7e3df119c2dd5f1035b5b7e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24484-40c9df59c7e3df119c2dd5f1035b5b7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Secure Copy Content Protection and Content Locking <= 2.6.6 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/secure-copy-content-protection/"
     google-query: inurl:"/wp-content/plugins/secure-copy-content-protection/"
     shodan-query: 'vuln:CVE-2021-24484'
-  tags: cve,wordpress,wp-plugin,secure-copy-content-protection,high
+  tags: cve,wordpress,wp-plugin,secure-copy-content-protection,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24485-1e506d7d0a79883a044afbbb48ac382a.yaml b/nuclei-templates/2021/CVE-2021-24485-1e506d7d0a79883a044afbbb48ac382a.yaml
index 7274050038..68b0d3a856 100644
--- a/nuclei-templates/2021/CVE-2021-24485-1e506d7d0a79883a044afbbb48ac382a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24485-1e506d7d0a79883a044afbbb48ac382a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Special Text Boxes <= 5.9.109 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Special Text Boxes WordPress plugin through 5.9.109 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-special-textboxes/"
     google-query: inurl:"/wp-content/plugins/wp-special-textboxes/"
     shodan-query: 'vuln:CVE-2021-24485'
-  tags: cve,wordpress,wp-plugin,wp-special-textboxes,medium
+  tags: cve,wordpress,wp-plugin,wp-special-textboxes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24486-84af63ce54f1aff066c5cbc0224ece1e.yaml b/nuclei-templates/2021/CVE-2021-24486-84af63ce54f1aff066c5cbc0224ece1e.yaml
index 2718f61770..59bb533a59 100644
--- a/nuclei-templates/2021/CVE-2021-24486-84af63ce54f1aff066c5cbc0224ece1e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24486-84af63ce54f1aff066c5cbc0224ece1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Social Media Share Buttons <= 3.2.2 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Social Media Share Buttons – Social Sharing for Everyone WordPress plugin before 3.2.3 did not escape the align and like_button_size parameters of its SSB shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-social-buttons/"
     google-query: inurl:"/wp-content/plugins/simple-social-buttons/"
     shodan-query: 'vuln:CVE-2021-24486'
-  tags: cve,wordpress,wp-plugin,simple-social-buttons,medium
+  tags: cve,wordpress,wp-plugin,simple-social-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24489-d660fb4211ca4d5aa389748791b62abb.yaml b/nuclei-templates/2021/CVE-2021-24489-d660fb4211ca4d5aa389748791b62abb.yaml
index 9c9037c7ee..f66616d59c 100644
--- a/nuclei-templates/2021/CVE-2021-24489-d660fb4211ca4d5aa389748791b62abb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24489-d660fb4211ca4d5aa389748791b62abb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Request a Quote <= 2.3.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/request-a-quote/"
     google-query: inurl:"/wp-content/plugins/request-a-quote/"
     shodan-query: 'vuln:CVE-2021-24489'
-  tags: cve,wordpress,wp-plugin,request-a-quote,medium
+  tags: cve,wordpress,wp-plugin,request-a-quote,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24490-20b7ddc5d1ffcbeda215596162f60f8b.yaml b/nuclei-templates/2021/CVE-2021-24490-20b7ddc5d1ffcbeda215596162f60f8b.yaml
index 51a6deec3f..f17d60a23d 100644
--- a/nuclei-templates/2021/CVE-2021-24490-20b7ddc5d1ffcbeda215596162f60f8b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24490-20b7ddc5d1ffcbeda215596162f60f8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Artillery (MASS EMAIL) <= 4.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denying access to everything in the folder the file is uploaded to, the malicious uploaded file will only be accessible on Web Servers such as Nginx/IIS
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-artillery/"
     google-query: inurl:"/wp-content/plugins/email-artillery/"
     shodan-query: 'vuln:CVE-2021-24490'
-  tags: cve,wordpress,wp-plugin,email-artillery,high
+  tags: cve,wordpress,wp-plugin,email-artillery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24491-beab7dee3648c51c868a41f9c4244298.yaml b/nuclei-templates/2021/CVE-2021-24491-beab7dee3648c51c868a41f9c4244298.yaml
index 9da81c7ac2..1e838f6b6f 100644
--- a/nuclei-templates/2021/CVE-2021-24491-beab7dee3648c51c868a41f9c4244298.yaml
+++ b/nuclei-templates/2021/CVE-2021-24491-beab7dee3648c51c868a41f9c4244298.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fileviewer <= 2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fileviewer/"
     google-query: inurl:"/wp-content/plugins/fileviewer/"
     shodan-query: 'vuln:CVE-2021-24491'
-  tags: cve,wordpress,wp-plugin,fileviewer,high
+  tags: cve,wordpress,wp-plugin,fileviewer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24492-87c27569f8277885aabdf5403aebae34.yaml b/nuclei-templates/2021/CVE-2021-24492-87c27569f8277885aabdf5403aebae34.yaml
index bcb3b249a8..53f32b5c96 100644
--- a/nuclei-templates/2021/CVE-2021-24492-87c27569f8277885aabdf5403aebae34.yaml
+++ b/nuclei-templates/2021/CVE-2021-24492-87c27569f8277885aabdf5403aebae34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Handsome Testimonials & Reviews < 2.1.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtst_previewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/handsome-testimonials/"
     google-query: inurl:"/wp-content/plugins/handsome-testimonials/"
     shodan-query: 'vuln:CVE-2021-24492'
-  tags: cve,wordpress,wp-plugin,handsome-testimonials,high
+  tags: cve,wordpress,wp-plugin,handsome-testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24494-e6c4489ab4760cc2610080b31e1c8d78.yaml b/nuclei-templates/2021/CVE-2021-24494-e6c4489ab4760cc2610080b31e1c8d78.yaml
index 5eed7b25ae..63c9b4600b 100644
--- a/nuclei-templates/2021/CVE-2021-24494-e6c4489ab4760cc2610080b31e1c8d78.yaml
+++ b/nuclei-templates/2021/CVE-2021-24494-e6c4489ab4760cc2610080b31e1c8d78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Offload SES Lite <= 1.4.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the subject when filling a contact form for example. The XSS will be executed in the context of a logged in admin viewing the Activity tab of the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ses/"
     google-query: inurl:"/wp-content/plugins/wp-ses/"
     shodan-query: 'vuln:CVE-2021-24494'
-  tags: cve,wordpress,wp-plugin,wp-ses,medium
+  tags: cve,wordpress,wp-plugin,wp-ses,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24497-26c15735f9b04a66bec91df3a0d7b981.yaml b/nuclei-templates/2021/CVE-2021-24497-26c15735f9b04a66bec91df3a0d7b981.yaml
index a992965989..a848a02470 100644
--- a/nuclei-templates/2021/CVE-2021-24497-26c15735f9b04a66bec91df3a0d7b981.yaml
+++ b/nuclei-templates/2021/CVE-2021-24497-26c15735f9b04a66bec91df3a0d7b981.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Giveaway <= 1.2.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/giveaway/"
     google-query: inurl:"/wp-content/plugins/giveaway/"
     shodan-query: 'vuln:CVE-2021-24497'
-  tags: cve,wordpress,wp-plugin,giveaway,high
+  tags: cve,wordpress,wp-plugin,giveaway,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24500-c1a5d94e24ff3bf97db23d2e01bc94ca.yaml b/nuclei-templates/2021/CVE-2021-24500-c1a5d94e24ff3bf97db23d2e01bc94ca.yaml
index fc68b97e4e..6045293238 100644
--- a/nuclei-templates/2021/CVE-2021-24500-c1a5d94e24ff3bf97db23d2e01bc94ca.yaml
+++ b/nuclei-templates/2021/CVE-2021-24500-c1a5d94e24ff3bf97db23d2e01bc94ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Workreap < 2.2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/workreap/"
     google-query: inurl:"/wp-content/themes/workreap/"
     shodan-query: 'vuln:CVE-2021-24500'
-  tags: cve,wordpress,wp-theme,workreap,high
+  tags: cve,wordpress,wp-theme,workreap,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24502-cf16a38393f700cdb2be76a3ca5de2f2.yaml b/nuclei-templates/2021/CVE-2021-24502-cf16a38393f700cdb2be76a3ca5de2f2.yaml
index 11afd30289..31159f33b0 100644
--- a/nuclei-templates/2021/CVE-2021-24502-cf16a38393f700cdb2be76a3ca5de2f2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24502-cf16a38393f700cdb2be76a3ca5de2f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Map <= 1.7.6 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gmap-embed/"
     google-query: inurl:"/wp-content/plugins/gmap-embed/"
     shodan-query: 'vuln:CVE-2021-24502'
-  tags: cve,wordpress,wp-plugin,gmap-embed,medium
+  tags: cve,wordpress,wp-plugin,gmap-embed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24503-77fadf9a7971f3244b33864c9a81256e.yaml b/nuclei-templates/2021/CVE-2021-24503-77fadf9a7971f3244b33864c9a81256e.yaml
index ddbf683901..d32b32fec0 100644
--- a/nuclei-templates/2021/CVE-2021-24503-77fadf9a7971f3244b33864c9a81256e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24503-77fadf9a7971f3244b33864c9a81256e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popular Brand Icons - Simple Icons <= 2.7.7 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popular Brand Icons – Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-icons/"
     google-query: inurl:"/wp-content/plugins/simple-icons/"
     shodan-query: 'vuln:CVE-2021-24503'
-  tags: cve,wordpress,wp-plugin,simple-icons,medium
+  tags: cve,wordpress,wp-plugin,simple-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24504-ad546711ae594c4c52f6942c35b5d00b.yaml b/nuclei-templates/2021/CVE-2021-24504-ad546711ae594c4c52f6942c35b5d00b.yaml
index aed545cc05..b705454ba6 100644
--- a/nuclei-templates/2021/CVE-2021-24504-ad546711ae594c4c52f6942c35b5d00b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24504-ad546711ae594c4c52f6942c35b5d00b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP LMS – Best WordPress LMS Plugin <= 1.1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.5 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learn-manager/"
     google-query: inurl:"/wp-content/plugins/learn-manager/"
     shodan-query: 'vuln:CVE-2021-24504'
-  tags: cve,wordpress,wp-plugin,learn-manager,medium
+  tags: cve,wordpress,wp-plugin,learn-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24505-12ca01b6bd94ae75bcfa758e16b20678.yaml b/nuclei-templates/2021/CVE-2021-24505-12ca01b6bd94ae75bcfa758e16b20678.yaml
index 1f7a2e8de7..bde52e290a 100644
--- a/nuclei-templates/2021/CVE-2021-24505-12ca01b6bd94ae75bcfa758e16b20678.yaml
+++ b/nuclei-templates/2021/CVE-2021-24505-12ca01b6bd94ae75bcfa758e16b20678.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forms <= 1.12.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms "Add new" field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forms-by-made-it/"
     google-query: inurl:"/wp-content/plugins/forms-by-made-it/"
     shodan-query: 'vuln:CVE-2021-24505'
-  tags: cve,wordpress,wp-plugin,forms-by-made-it,medium
+  tags: cve,wordpress,wp-plugin,forms-by-made-it,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24506-4fef6f3c1b2c07adc38d4a7abbb8304a.yaml b/nuclei-templates/2021/CVE-2021-24506-4fef6f3c1b2c07adc38d4a7abbb8304a.yaml
index ee90d234e7..a0e84ef11d 100644
--- a/nuclei-templates/2021/CVE-2021-24506-4fef6f3c1b2c07adc38d4a7abbb8304a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24506-4fef6f3c1b2c07adc38d4a7abbb8304a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Hero with Animation, Video Background & Intro Maker <= 8.2.6 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-hero/"
     google-query: inurl:"/wp-content/plugins/slider-hero/"
     shodan-query: 'vuln:CVE-2021-24506'
-  tags: cve,wordpress,wp-plugin,slider-hero,high
+  tags: cve,wordpress,wp-plugin,slider-hero,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24508-4c7bbe6117155e4a798748fa2ed8fb9c.yaml b/nuclei-templates/2021/CVE-2021-24508-4c7bbe6117155e4a798748fa2ed8fb9c.yaml
index ead9f42dc8..c46852648f 100644
--- a/nuclei-templates/2021/CVE-2021-24508-4c7bbe6117155e4a798748fa2ed8fb9c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24508-4c7bbe6117155e4a798748fa2ed8fb9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smash Balloon Social Post Feed <= 2.19.1 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feed_locator AJAX action (available to both authenticated and unauthenticated users) before outputting a truncated version of it in the admin dashboard, leading to an unauthenticated Stored Cross-Site Scripting issue which will be executed in the context of a logged in administrator.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-facebook-feed/"
     google-query: inurl:"/wp-content/plugins/custom-facebook-feed/"
     shodan-query: 'vuln:CVE-2021-24508'
-  tags: cve,wordpress,wp-plugin,custom-facebook-feed,medium
+  tags: cve,wordpress,wp-plugin,custom-facebook-feed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24509-d058005189aafe6324b373d8ff03e3df.yaml b/nuclei-templates/2021/CVE-2021-24509-d058005189aafe6324b373d8ff03e3df.yaml
index 645a993a5b..d406b942d7 100644
--- a/nuclei-templates/2021/CVE-2021-24509-d058005189aafe6324b373d8ff03e3df.yaml
+++ b/nuclei-templates/2021/CVE-2021-24509-d058005189aafe6324b373d8ff03e3df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page View Counts <= 2.4.8 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-views-count/"
     google-query: inurl:"/wp-content/plugins/page-views-count/"
     shodan-query: 'vuln:CVE-2021-24509'
-  tags: cve,wordpress,wp-plugin,page-views-count,medium
+  tags: cve,wordpress,wp-plugin,page-views-count,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24511-4e655e8637363048266492f0b32a6610.yaml b/nuclei-templates/2021/CVE-2021-24511-4e655e8637363048266492f0b32a6610.yaml
index df9fd9f0a1..813a73ee71 100644
--- a/nuclei-templates/2021/CVE-2021-24511-4e655e8637363048266492f0b32a6610.yaml
+++ b/nuclei-templates/2021/CVE-2021-24511-4e655e8637363048266492f0b32a6610.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More < 3.3.1.0 - Authenticated SQL Injection via product_id Parameter
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/"
     shodan-query: 'vuln:CVE-2021-24511'
-  tags: cve,wordpress,wp-plugin,purple-xmls-google-product-feed-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,purple-xmls-google-product-feed-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24512-5db7f2428ab16ac575d716a8cfad3c32.yaml b/nuclei-templates/2021/CVE-2021-24512-5db7f2428ab16ac575d716a8cfad3c32.yaml
index 00a615bc7a..d8c09b8914 100644
--- a/nuclei-templates/2021/CVE-2021-24512-5db7f2428ab16ac575d716a8cfad3c32.yaml
+++ b/nuclei-templates/2021/CVE-2021-24512-5db7f2428ab16ac575d716a8cfad3c32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Posts Webcam Recorder < 3.2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has a reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-posts-webcam-recorder/"
     google-query: inurl:"/wp-content/plugins/video-posts-webcam-recorder/"
     shodan-query: 'vuln:CVE-2021-24512'
-  tags: cve,wordpress,wp-plugin,video-posts-webcam-recorder,medium
+  tags: cve,wordpress,wp-plugin,video-posts-webcam-recorder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24513-2d5c4c1875b8b7afff532ee362cb19b6.yaml b/nuclei-templates/2021/CVE-2021-24513-2d5c4c1875b8b7afff532ee362cb19b6.yaml
index 5efcfb1d7a..2e45594438 100644
--- a/nuclei-templates/2021/CVE-2021-24513-2d5c4c1875b8b7afff532ee362cb19b6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24513-2d5c4c1875b8b7afff532ee362cb19b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Builder <= 1.9.8.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-add/"
     google-query: inurl:"/wp-content/plugins/contact-form-add/"
     shodan-query: 'vuln:CVE-2021-24513'
-  tags: cve,wordpress,wp-plugin,contact-form-add,medium
+  tags: cve,wordpress,wp-plugin,contact-form-add,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24514-4c347b72fa44728662f7bf8d25a3a220.yaml b/nuclei-templates/2021/CVE-2021-24514-4c347b72fa44728662f7bf8d25a3a220.yaml
index 797b98d2c3..c0c717278c 100644
--- a/nuclei-templates/2021/CVE-2021-24514-4c347b72fa44728662f7bf8d25a3a220.yaml
+++ b/nuclei-templates/2021/CVE-2021-24514-4c347b72fa44728662f7bf8d25a3a220.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Form Builder <= 3.0.3 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visual-form-builder/"
     google-query: inurl:"/wp-content/plugins/visual-form-builder/"
     shodan-query: 'vuln:CVE-2021-24514'
-  tags: cve,wordpress,wp-plugin,visual-form-builder,medium
+  tags: cve,wordpress,wp-plugin,visual-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24515-9226076d86703169a8ae6d270bd5adc3.yaml b/nuclei-templates/2021/CVE-2021-24515-9226076d86703169a8ae6d270bd5adc3.yaml
index 7a9ef988c4..eff7bb5fee 100644
--- a/nuclei-templates/2021/CVE-2021-24515-9226076d86703169a8ae6d270bd5adc3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24515-9226076d86703169a8ae6d270bd5adc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Video Gallery WordPress plugin before 1.1.5 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-grid-gallery/"
     google-query: inurl:"/wp-content/plugins/smart-grid-gallery/"
     shodan-query: 'vuln:CVE-2021-24515'
-  tags: cve,wordpress,wp-plugin,smart-grid-gallery,medium
+  tags: cve,wordpress,wp-plugin,smart-grid-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24516-b3f5b694f8149f7215285f5a07a42c03.yaml b/nuclei-templates/2021/CVE-2021-24516-b3f5b694f8149f7215285f5a07a42c03.yaml
index b44f7ef29f..8871e75296 100644
--- a/nuclei-templates/2021/CVE-2021-24516-b3f5b694f8149f7215285f5a07a42c03.yaml
+++ b/nuclei-templates/2021/CVE-2021-24516-b3f5b694f8149f7215285f5a07a42c03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PlanSo Forms <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PlanSo Forms WordPress plugin through 2.6.4 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/planso-forms/"
     google-query: inurl:"/wp-content/plugins/planso-forms/"
     shodan-query: 'vuln:CVE-2021-24516'
-  tags: cve,wordpress,wp-plugin,planso-forms,medium
+  tags: cve,wordpress,wp-plugin,planso-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24517-aaa45d66679ac35ae0d003ff8a8e5f48.yaml b/nuclei-templates/2021/CVE-2021-24517-aaa45d66679ac35ae0d003ff8a8e5f48.yaml
index 9ac765c7a8..94d7838f22 100644
--- a/nuclei-templates/2021/CVE-2021-24517-aaa45d66679ac35ae0d003ff8a8e5f48.yaml
+++ b/nuclei-templates/2021/CVE-2021-24517-aaa45d66679ac35ae0d003ff8a8e5f48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stop Spammers Security <= 2021.17 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stop-spammer-registrations-plugin/"
     google-query: inurl:"/wp-content/plugins/stop-spammer-registrations-plugin/"
     shodan-query: 'vuln:CVE-2021-24517'
-  tags: cve,wordpress,wp-plugin,stop-spammer-registrations-plugin,medium
+  tags: cve,wordpress,wp-plugin,stop-spammer-registrations-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24518-994b2a0046a121a24de62a7ef6f747b0.yaml b/nuclei-templates/2021/CVE-2021-24518-994b2a0046a121a24de62a7ef6f747b0.yaml
index 80f576be05..2602626332 100644
--- a/nuclei-templates/2021/CVE-2021-24518-994b2a0046a121a24de62a7ef6f747b0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24518-994b2a0046a121a24de62a7ef6f747b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPFront Notification Bar <= 1.9.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPFront Notification Bar WordPress plugin before 2.0.0 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpfront-notification-bar/"
     google-query: inurl:"/wp-content/plugins/wpfront-notification-bar/"
     shodan-query: 'vuln:CVE-2021-24518'
-  tags: cve,wordpress,wp-plugin,wpfront-notification-bar,medium
+  tags: cve,wordpress,wp-plugin,wpfront-notification-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24519-8e0a508178120443600d129a2e7dbdba.yaml b/nuclei-templates/2021/CVE-2021-24519-8e0a508178120443600d129a2e7dbdba.yaml
index ebcfd37793..fa834bec3c 100644
--- a/nuclei-templates/2021/CVE-2021-24519-8e0a508178120443600d129a2e7dbdba.yaml
+++ b/nuclei-templates/2021/CVE-2021-24519-8e0a508178120443600d129a2e7dbdba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VikRentCar Car Rental Management System < 1.1.10 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vikrentcar/"
     google-query: inurl:"/wp-content/plugins/vikrentcar/"
     shodan-query: 'vuln:CVE-2021-24519'
-  tags: cve,wordpress,wp-plugin,vikrentcar,medium
+  tags: cve,wordpress,wp-plugin,vikrentcar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24520-3f8c7e452acf0c92c2be04758743dd87.yaml b/nuclei-templates/2021/CVE-2021-24520-3f8c7e452acf0c92c2be04758743dd87.yaml
index f1864706d2..f5e3db0087 100644
--- a/nuclei-templates/2021/CVE-2021-24520-3f8c7e452acf0c92c2be04758743dd87.yaml
+++ b/nuclei-templates/2021/CVE-2021-24520-3f8c7e452acf0c92c2be04758743dd87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stock in & out <= 1.0.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Stock in & out WordPress plugin for WordPress is vulnerable to SQL Injection via the product_id parameter in versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stock-in/"
     google-query: inurl:"/wp-content/plugins/stock-in/"
     shodan-query: 'vuln:CVE-2021-24520'
-  tags: cve,wordpress,wp-plugin,stock-in,high
+  tags: cve,wordpress,wp-plugin,stock-in,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24521-fe8e75c60168f65685f1418c9d95c3e6.yaml b/nuclei-templates/2021/CVE-2021-24521-fe8e75c60168f65685f1418c9d95c3e6.yaml
index 35649a6f11..d9ac2b1491 100644
--- a/nuclei-templates/2021/CVE-2021-24521-fe8e75c60168f65685f1418c9d95c3e6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24521-fe8e75c60168f65685f1418c9d95c3e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Side Menu Lite <= 2.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/side-menu-lite/"
     google-query: inurl:"/wp-content/plugins/side-menu-lite/"
     shodan-query: 'vuln:CVE-2021-24521'
-  tags: cve,wordpress,wp-plugin,side-menu-lite,high
+  tags: cve,wordpress,wp-plugin,side-menu-lite,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24523-1924e010841990f8a5472d7ce0d4475a.yaml b/nuclei-templates/2021/CVE-2021-24523-1924e010841990f8a5472d7ce0d4475a.yaml
index 940d5e9e51..7927c37af1 100644
--- a/nuclei-templates/2021/CVE-2021-24523-1924e010841990f8a5472d7ce0d4475a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24523-1924e010841990f8a5472d7ce0d4475a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Daily Prayer Time <= 2021.08.09 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/daily-prayer-time-for-mosques/"
     google-query: inurl:"/wp-content/plugins/daily-prayer-time-for-mosques/"
     shodan-query: 'vuln:CVE-2021-24523'
-  tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,medium
+  tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24524-b9cdb37818419e5c667c4243ff011f5d.yaml b/nuclei-templates/2021/CVE-2021-24524-b9cdb37818419e5c667c4243ff011f5d.yaml
index da90f35af4..156c059f1c 100644
--- a/nuclei-templates/2021/CVE-2021-24524-b9cdb37818419e5c667c4243ff011f5d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24524-b9cdb37818419e5c667c4243ff011f5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.11.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2021-24524'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24525-49026b84d0c7a958dfce935cb3d41d0b.yaml b/nuclei-templates/2021/CVE-2021-24525-49026b84d0c7a958dfce935cb3d41d0b.yaml
index 0e248b53c8..0346057efe 100644
--- a/nuclei-templates/2021/CVE-2021-24525-49026b84d0c7a958dfce935cb3d41d0b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24525-49026b84d0c7a958dfce935cb3d41d0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Shortcodes Plugin — Shortcodes Ultimate <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2021-24525'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24526-2420cc8c52f0171d8c5b49b0e53cd69a.yaml b/nuclei-templates/2021/CVE-2021-24526-2420cc8c52f0171d8c5b49b0e53cd69a.yaml
index c62a939e6c..648f54964e 100644
--- a/nuclei-templates/2021/CVE-2021-24526-2420cc8c52f0171d8c5b49b0e53cd69a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24526-2420cc8c52f0171d8c5b49b0e53cd69a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-maker/"
     google-query: inurl:"/wp-content/plugins/form-maker/"
     shodan-query: 'vuln:CVE-2021-24526'
-  tags: cve,wordpress,wp-plugin,form-maker,medium
+  tags: cve,wordpress,wp-plugin,form-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24528-e7db547069bdcddc296155dd435cd330.yaml b/nuclei-templates/2021/CVE-2021-24528-e7db547069bdcddc296155dd435cd330.yaml
index 592667699d..d7c94808d8 100644
--- a/nuclei-templates/2021/CVE-2021-24528-e7db547069bdcddc296155dd435cd330.yaml
+++ b/nuclei-templates/2021/CVE-2021-24528-e7db547069bdcddc296155dd435cd330.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FluentSMTP <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) vulnerability. Only users with roles capable of managing plugins can modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluent-smtp/"
     google-query: inurl:"/wp-content/plugins/fluent-smtp/"
     shodan-query: 'vuln:CVE-2021-24528'
-  tags: cve,wordpress,wp-plugin,fluent-smtp,medium
+  tags: cve,wordpress,wp-plugin,fluent-smtp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24529-be71c57d44785349cf4b236716cff6b0.yaml b/nuclei-templates/2021/CVE-2021-24529-be71c57d44785349cf4b236716cff6b0.yaml
index 1a9d735b94..c634f12a3e 100644
--- a/nuclei-templates/2021/CVE-2021-24529-be71c57d44785349cf4b236716cff6b0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24529-be71c57d44785349cf4b236716cff6b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Grid Gallery – Photo Image Grid Gallery <= 1.2.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/new-grid-gallery/"
     google-query: inurl:"/wp-content/plugins/new-grid-gallery/"
     shodan-query: 'vuln:CVE-2021-24529'
-  tags: cve,wordpress,wp-plugin,new-grid-gallery,medium
+  tags: cve,wordpress,wp-plugin,new-grid-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24530-7358f712002614260dfd68c7ec8f6f4a.yaml b/nuclei-templates/2021/CVE-2021-24530-7358f712002614260dfd68c7ec8f6f4a.yaml
index 0de64087ca..62f06ba823 100644
--- a/nuclei-templates/2021/CVE-2021-24530-7358f712002614260dfd68c7ec8f6f4a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24530-7358f712002614260dfd68c7ec8f6f4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Alojapro Widget <= 1.1.15 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alojapro-widget/"
     google-query: inurl:"/wp-content/plugins/alojapro-widget/"
     shodan-query: 'vuln:CVE-2021-24530'
-  tags: cve,wordpress,wp-plugin,alojapro-widget,medium
+  tags: cve,wordpress,wp-plugin,alojapro-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24531-8a3943e3e4b63a520dbb0168b24f856a.yaml b/nuclei-templates/2021/CVE-2021-24531-8a3943e3e4b63a520dbb0168b24f856a.yaml
index 203d52118c..b65634dfce 100644
--- a/nuclei-templates/2021/CVE-2021-24531-8a3943e3e4b63a520dbb0168b24f856a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24531-8a3943e3e4b63a520dbb0168b24f856a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Charitable – Donation Plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/charitable/"
     google-query: inurl:"/wp-content/plugins/charitable/"
     shodan-query: 'vuln:CVE-2021-24531'
-  tags: cve,wordpress,wp-plugin,charitable,medium
+  tags: cve,wordpress,wp-plugin,charitable,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24533-488c9d125819772b803e742156124a9a.yaml b/nuclei-templates/2021/CVE-2021-24533-488c9d125819772b803e742156124a9a.yaml
index f8f869dd50..08b60d2f66 100644
--- a/nuclei-templates/2021/CVE-2021-24533-488c9d125819772b803e742156124a9a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24533-488c9d125819772b803e742156124a9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Maintenance <= 4.02 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontend
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maintenance/"
     google-query: inurl:"/wp-content/plugins/maintenance/"
     shodan-query: 'vuln:CVE-2021-24533'
-  tags: cve,wordpress,wp-plugin,maintenance,medium
+  tags: cve,wordpress,wp-plugin,maintenance,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24534-86d1730d65ed535523c7e0c21cf9f29e.yaml b/nuclei-templates/2021/CVE-2021-24534-86d1730d65ed535523c7e0c21cf9f29e.yaml
index e6a2d9fd9b..8d7d569006 100644
--- a/nuclei-templates/2021/CVE-2021-24534-86d1730d65ed535523c7e0c21cf9f29e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24534-86d1730d65ed535523c7e0c21cf9f29e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PhoneTrack Meu Site Manager <= 0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not sanitise or escape its "pht_id" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/phonetrack-meu-site-manager/"
     google-query: inurl:"/wp-content/plugins/phonetrack-meu-site-manager/"
     shodan-query: 'vuln:CVE-2021-24534'
-  tags: cve,wordpress,wp-plugin,phonetrack-meu-site-manager,medium
+  tags: cve,wordpress,wp-plugin,phonetrack-meu-site-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24535-4241318cd929615a02a622c5e7416212.yaml b/nuclei-templates/2021/CVE-2021-24535-4241318cd929615a02a622c5e7416212.yaml
index 395ddb072b..15888cfcc5 100644
--- a/nuclei-templates/2021/CVE-2021-24535-4241318cd929615a02a622c5e7416212.yaml
+++ b/nuclei-templates/2021/CVE-2021-24535-4241318cd929615a02a622c5e7416212.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Light Messages <= 1.0 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them (even with the unfiltered_html disallowed). As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a Cross-Site Scripting payload in the Message Content. Depending on the options set, the XSS payload can be triggered either in the backend only (in the plugin's settings), or both frontend and backend.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/light-messages/"
     google-query: inurl:"/wp-content/plugins/light-messages/"
     shodan-query: 'vuln:CVE-2021-24535'
-  tags: cve,wordpress,wp-plugin,light-messages,medium
+  tags: cve,wordpress,wp-plugin,light-messages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24538-538fbd9fdeb83d5c5aab2ed683914a16.yaml b/nuclei-templates/2021/CVE-2021-24538-538fbd9fdeb83d5c5aab2ed683914a16.yaml
index 5938adfb89..d512de82c5 100644
--- a/nuclei-templates/2021/CVE-2021-24538-538fbd9fdeb83d5c5aab2ed683914a16.yaml
+++ b/nuclei-templates/2021/CVE-2021-24538-538fbd9fdeb83d5c5aab2ed683914a16.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/current-book/"
     google-query: inurl:"/wp-content/plugins/current-book/"
     shodan-query: 'vuln:CVE-2021-24538'
-  tags: cve,wordpress,wp-plugin,current-book,medium
+  tags: cve,wordpress,wp-plugin,current-book,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24539-c725a8bb61c1af435931beba79cf59e0.yaml b/nuclei-templates/2021/CVE-2021-24539-c725a8bb61c1af435931beba79cf59e0.yaml
index 11e3f08329..4b66e5a1b6 100644
--- a/nuclei-templates/2021/CVE-2021-24539-c725a8bb61c1af435931beba79cf59e0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24539-c725a8bb61c1af435931beba79cf59e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 1.6.3 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Coming Soon, Under Construction & Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coming-soon-wp/"
     google-query: inurl:"/wp-content/plugins/coming-soon-wp/"
     shodan-query: 'vuln:CVE-2021-24539'
-  tags: cve,wordpress,wp-plugin,coming-soon-wp,medium
+  tags: cve,wordpress,wp-plugin,coming-soon-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24540-da919374ddf5731e45e304b65e085880.yaml b/nuclei-templates/2021/CVE-2021-24540-da919374ddf5731e45e304b65e085880.yaml
index 094d02d32c..78c89689a4 100644
--- a/nuclei-templates/2021/CVE-2021-24540-da919374ddf5731e45e304b65e085880.yaml
+++ b/nuclei-templates/2021/CVE-2021-24540-da919374ddf5731e45e304b65e085880.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wonder Video Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wonderplugin-video-embed/"
     google-query: inurl:"/wp-content/plugins/wonderplugin-video-embed/"
     shodan-query: 'vuln:CVE-2021-24540'
-  tags: cve,wordpress,wp-plugin,wonderplugin-video-embed,medium
+  tags: cve,wordpress,wp-plugin,wonderplugin-video-embed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24541-4fd129ac95b2130cc2038525d8a627da.yaml b/nuclei-templates/2021/CVE-2021-24541-4fd129ac95b2130cc2038525d8a627da.yaml
index dab4e7e84d..da198d2dd2 100644
--- a/nuclei-templates/2021/CVE-2021-24541-4fd129ac95b2130cc2038525d8a627da.yaml
+++ b/nuclei-templates/2021/CVE-2021-24541-4fd129ac95b2130cc2038525d8a627da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wonder PDF Embed <= 1.6 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderplugin_pdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wonderplugin-pdf-embed/"
     google-query: inurl:"/wp-content/plugins/wonderplugin-pdf-embed/"
     shodan-query: 'vuln:CVE-2021-24541'
-  tags: cve,wordpress,wp-plugin,wonderplugin-pdf-embed,medium
+  tags: cve,wordpress,wp-plugin,wonderplugin-pdf-embed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24543-4ce88d432edfef73000dd57a527803fa.yaml b/nuclei-templates/2021/CVE-2021-24543-4ce88d432edfef73000dd57a527803fa.yaml
index fa81356cfb..d0220c3e70 100644
--- a/nuclei-templates/2021/CVE-2021-24543-4ce88d432edfef73000dd57a527803fa.yaml
+++ b/nuclei-templates/2021/CVE-2021-24543-4ce88d432edfef73000dd57a527803fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     jQuery Reply to Comment <= 1.31 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jquery-reply-to-comment/"
     google-query: inurl:"/wp-content/plugins/jquery-reply-to-comment/"
     shodan-query: 'vuln:CVE-2021-24543'
-  tags: cve,wordpress,wp-plugin,jquery-reply-to-comment,high
+  tags: cve,wordpress,wp-plugin,jquery-reply-to-comment,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24544-c70486d9239c270e7b09b18c9bd29bfc.yaml b/nuclei-templates/2021/CVE-2021-24544-c70486d9239c270e7b09b18c9bd29bfc.yaml
index f6574349c2..4870f5307f 100644
--- a/nuclei-templates/2021/CVE-2021-24544-c70486d9239c270e7b09b18c9bd29bfc.yaml
+++ b/nuclei-templates/2021/CVE-2021-24544-c70486d9239c270e7b09b18c9bd29bfc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive WordPress Slider <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders (https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, such settings can be changed in the plugin's settings), this would allow user with a role as low as subscriber to perform Cross-Site Scripting attacks against logged in admins viewing the slider list and could lead to privilege escalation by creating a rogue admin account for example.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/motopress-slider-lite/"
     google-query: inurl:"/wp-content/plugins/motopress-slider-lite/"
     shodan-query: 'vuln:CVE-2021-24544'
-  tags: cve,wordpress,wp-plugin,motopress-slider-lite,medium
+  tags: cve,wordpress,wp-plugin,motopress-slider-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24545-752b08f32f0cfee54f18be53421a36cb.yaml b/nuclei-templates/2021/CVE-2021-24545-752b08f32f0cfee54f18be53421a36cb.yaml
index a83d167b18..21aa9e33ca 100644
--- a/nuclei-templates/2021/CVE-2021-24545-752b08f32f0cfee54f18be53421a36cb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24545-752b08f32f0cfee54f18be53421a36cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP HTML Author Bio <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against users, which could potentially lead to privilege escalation when an admin view the related post/s.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-html-author-bio-by-ahmad-awais/"
     google-query: inurl:"/wp-content/plugins/wp-html-author-bio-by-ahmad-awais/"
     shodan-query: 'vuln:CVE-2021-24545'
-  tags: cve,wordpress,wp-plugin,wp-html-author-bio-by-ahmad-awais,medium
+  tags: cve,wordpress,wp-plugin,wp-html-author-bio-by-ahmad-awais,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24546-3b363f50f63e2252e93a4eaf65f7fc9e.yaml b/nuclei-templates/2021/CVE-2021-24546-3b363f50f63e2252e93a4eaf65f7fc9e.yaml
index f2f37e9d42..b9c145f6a1 100644
--- a/nuclei-templates/2021/CVE-2021-24546-3b363f50f63e2252e93a4eaf65f7fc9e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24546-3b363f50f63e2252e93a4eaf65f7fc9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EditorsKit <= 1.31.5 - Authenticated (Contributor+) Code Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/block-options/"
     google-query: inurl:"/wp-content/plugins/block-options/"
     shodan-query: 'vuln:CVE-2021-24546'
-  tags: cve,wordpress,wp-plugin,block-options,high
+  tags: cve,wordpress,wp-plugin,block-options,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24547-fe19c96913ad86b413d30430f8f6dd54.yaml b/nuclei-templates/2021/CVE-2021-24547-fe19c96913ad86b413d30430f8f6dd54.yaml
index 64078aa6b1..71631935ed 100644
--- a/nuclei-templates/2021/CVE-2021-24547-fe19c96913ad86b413d30430f8f6dd54.yaml
+++ b/nuclei-templates/2021/CVE-2021-24547-fe19c96913ad86b413d30430f8f6dd54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KN Fix Your Title <= 1.0.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to Authenticated Stored XSS in the separator field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kn-fix-your/"
     google-query: inurl:"/wp-content/plugins/kn-fix-your/"
     shodan-query: 'vuln:CVE-2021-24547'
-  tags: cve,wordpress,wp-plugin,kn-fix-your,medium
+  tags: cve,wordpress,wp-plugin,kn-fix-your,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24548-a4f62ab934de0d3b7e3d119485cf9183.yaml b/nuclei-templates/2021/CVE-2021-24548-a4f62ab934de0d3b7e3d119485cf9183.yaml
index 5ce946a602..1b0885973a 100644
--- a/nuclei-templates/2021/CVE-2021-24548-a4f62ab934de0d3b7e3d119485cf9183.yaml
+++ b/nuclei-templates/2021/CVE-2021-24548-a4f62ab934de0d3b7e3d119485cf9183.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mimetic Books <= 0.2.13 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mimetic-books/"
     google-query: inurl:"/wp-content/plugins/mimetic-books/"
     shodan-query: 'vuln:CVE-2021-24548'
-  tags: cve,wordpress,wp-plugin,mimetic-books,medium
+  tags: cve,wordpress,wp-plugin,mimetic-books,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24549-66b82cf9b546b0dbf96942572438d94e.yaml b/nuclei-templates/2021/CVE-2021-24549-66b82cf9b546b0dbf96942572438d94e.yaml
index bcb57a4231..8cf80a5678 100644
--- a/nuclei-templates/2021/CVE-2021-24549-66b82cf9b546b0dbf96942572438d94e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24549-66b82cf9b546b0dbf96942572438d94e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AceIDE <= 2.6.2 - Authenticated (Admin+) Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory via a path traversal attack.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aceide/"
     google-query: inurl:"/wp-content/plugins/aceide/"
     shodan-query: 'vuln:CVE-2021-24549'
-  tags: cve,wordpress,wp-plugin,aceide,medium
+  tags: cve,wordpress,wp-plugin,aceide,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24550-47bfe206cfaf86d87b1c99f3c44195fd.yaml b/nuclei-templates/2021/CVE-2021-24550-47bfe206cfaf86d87b1c99f3c44195fd.yaml
index 49d93f1166..35eb84f73b 100644
--- a/nuclei-templates/2021/CVE-2021-24550-47bfe206cfaf86d87b1c99f3c44195fd.yaml
+++ b/nuclei-templates/2021/CVE-2021-24550-47bfe206cfaf86d87b1c99f3c44195fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broken Link Manager <= 0.6.5 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/broken-link-manager/"
     google-query: inurl:"/wp-content/plugins/broken-link-manager/"
     shodan-query: 'vuln:CVE-2021-24550'
-  tags: cve,wordpress,wp-plugin,broken-link-manager,high
+  tags: cve,wordpress,wp-plugin,broken-link-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24552-d3d0ad8926aafa9beab7b5840f982076.yaml b/nuclei-templates/2021/CVE-2021-24552-d3d0ad8926aafa9beab7b5840f982076.yaml
index 7d50f98197..146e610d5b 100644
--- a/nuclei-templates/2021/CVE-2021-24552-d3d0ad8926aafa9beab7b5840f982076.yaml
+++ b/nuclei-templates/2021/CVE-2021-24552-d3d0ad8926aafa9beab7b5840f982076.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Events Calendar <= 1.4.0 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-events-calendar/"
     google-query: inurl:"/wp-content/plugins/simple-events-calendar/"
     shodan-query: 'vuln:CVE-2021-24552'
-  tags: cve,wordpress,wp-plugin,simple-events-calendar,high
+  tags: cve,wordpress,wp-plugin,simple-events-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24553-85e4c9b56c88bebde438fcf37c31b92a.yaml b/nuclei-templates/2021/CVE-2021-24553-85e4c9b56c88bebde438fcf37c31b92a.yaml
index 0666417841..126da225b2 100644
--- a/nuclei-templates/2021/CVE-2021-24553-85e4c9b56c88bebde438fcf37c31b92a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24553-85e4c9b56c88bebde438fcf37c31b92a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Timeline Calendar <= 1.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/timeline-calendar/"
     google-query: inurl:"/wp-content/plugins/timeline-calendar/"
     shodan-query: 'vuln:CVE-2021-24553'
-  tags: cve,wordpress,wp-plugin,timeline-calendar,high
+  tags: cve,wordpress,wp-plugin,timeline-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24554-0b2d1a45be009b6e70cf642e2a8cf8b0.yaml b/nuclei-templates/2021/CVE-2021-24554-0b2d1a45be009b6e70cf642e2a8cf8b0.yaml
index 150592a214..d1751af409 100644
--- a/nuclei-templates/2021/CVE-2021-24554-0b2d1a45be009b6e70cf642e2a8cf8b0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24554-0b2d1a45be009b6e70cf642e2a8cf8b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytm – Donation Plugin <= 1.3.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-paytm-pay/"
     google-query: inurl:"/wp-content/plugins/wp-paytm-pay/"
     shodan-query: 'vuln:CVE-2021-24554'
-  tags: cve,wordpress,wp-plugin,wp-paytm-pay,high
+  tags: cve,wordpress,wp-plugin,wp-paytm-pay,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24555-93b21f556464132da5e236e1e43ab9a3.yaml b/nuclei-templates/2021/CVE-2021-24555-93b21f556464132da5e236e1e43ab9a3.yaml
index d6d04b5c74..f8f886dbf3 100644
--- a/nuclei-templates/2021/CVE-2021-24555-93b21f556464132da5e236e1e43ab9a3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24555-93b21f556464132da5e236e1e43ab9a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Diary & Availability Calendar <= 1.0.3 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/diary-availability-calendar/"
     google-query: inurl:"/wp-content/plugins/diary-availability-calendar/"
     shodan-query: 'vuln:CVE-2021-24555'
-  tags: cve,wordpress,wp-plugin,diary-availability-calendar,high
+  tags: cve,wordpress,wp-plugin,diary-availability-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24556-59026d3a8bc5d6798f6f8303efbe2f34.yaml b/nuclei-templates/2021/CVE-2021-24556-59026d3a8bc5d6798f6f8303efbe2f34.yaml
index bad313a513..c391cdecbe 100644
--- a/nuclei-templates/2021/CVE-2021-24556-59026d3a8bc5d6798f6f8303efbe2f34.yaml
+++ b/nuclei-templates/2021/CVE-2021-24556-59026d3a8bc5d6798f6f8303efbe2f34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Subscriber <= 1.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST parameters, inserting them in the DB and then outputting them back in the Subscriber list (/wp-admin/edit.php?post_type=kes_campaign&page=kento_email_subscriber_list_settings), leading a Stored XSS issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscriber/"
     google-query: inurl:"/wp-content/plugins/email-subscriber/"
     shodan-query: 'vuln:CVE-2021-24556'
-  tags: cve,wordpress,wp-plugin,email-subscriber,medium
+  tags: cve,wordpress,wp-plugin,email-subscriber,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24557-c02cfcdd0ba606abb55e36d23c78177d.yaml b/nuclei-templates/2021/CVE-2021-24557-c02cfcdd0ba606abb55e36d23c78177d.yaml
index b4dae73251..1fc01133fd 100644
--- a/nuclei-templates/2021/CVE-2021-24557-c02cfcdd0ba606abb55e36d23c78177d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24557-c02cfcdd0ba606abb55e36d23c78177d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     M-vSlider <= 2.1.3 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The M-vSlider plugin for WordPress is vulnerable to blind SQL Injection via the ‘rs_id POST’ parameter in versions up to, and including, 2.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers using administrator level access to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/m-vslider/"
     google-query: inurl:"/wp-content/plugins/m-vslider/"
     shodan-query: 'vuln:CVE-2021-24557'
-  tags: cve,wordpress,wp-plugin,m-vslider,high
+  tags: cve,wordpress,wp-plugin,m-vslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24559-1954398156051d3ad0f2e33b45b08e3a.yaml b/nuclei-templates/2021/CVE-2021-24559-1954398156051d3ad0f2e33b45b08e3a.yaml
index c2e854a4cb..a605804360 100644
--- a/nuclei-templates/2021/CVE-2021-24559-1954398156051d3ad0f2e33b45b08e3a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24559-1954398156051d3ad0f2e33b45b08e3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qyrr – simply and modern QR-Code creation <= 0.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-uri’ parameter in versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qyrr-code/"
     google-query: inurl:"/wp-content/plugins/qyrr-code/"
     shodan-query: 'vuln:CVE-2021-24559'
-  tags: cve,wordpress,wp-plugin,qyrr-code,medium
+  tags: cve,wordpress,wp-plugin,qyrr-code,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24561-604205ec49f025926385a1b0eaceae3d.yaml b/nuclei-templates/2021/CVE-2021-24561-604205ec49f025926385a1b0eaceae3d.yaml
index 67663d77df..145885c7c6 100644
--- a/nuclei-templates/2021/CVE-2021-24561-604205ec49f025926385a1b0eaceae3d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24561-604205ec49f025926385a1b0eaceae3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SMS <= 5.4.12 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-sms/"
     google-query: inurl:"/wp-content/plugins/wp-sms/"
     shodan-query: 'vuln:CVE-2021-24561'
-  tags: cve,wordpress,wp-plugin,wp-sms,medium
+  tags: cve,wordpress,wp-plugin,wp-sms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24563-968d2b25d7330f5b3338dbe58174f4a6.yaml b/nuclei-templates/2021/CVE-2021-24563-968d2b25d7330f5b3338dbe58174f4a6.yaml
index 59fe490e26..c9f4884bb4 100644
--- a/nuclei-templates/2021/CVE-2021-24563-968d2b25d7330f5b3338dbe58174f4a6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24563-968d2b25d7330f5b3338dbe58174f4a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/frontend-uploader/"
     google-query: inurl:"/wp-content/plugins/frontend-uploader/"
     shodan-query: 'vuln:CVE-2021-24563'
-  tags: cve,wordpress,wp-plugin,frontend-uploader,medium
+  tags: cve,wordpress,wp-plugin,frontend-uploader,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24564-357b47caf5db9e0098a5f7a1e50f8dc7.yaml b/nuclei-templates/2021/CVE-2021-24564-357b47caf5db9e0098a5f7a1e50f8dc7.yaml
index 81779fddb5..748199a140 100644
--- a/nuclei-templates/2021/CVE-2021-24564-357b47caf5db9e0098a5f7a1e50f8dc7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24564-357b47caf5db9e0098a5f7a1e50f8dc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPFront Scroll Top <= 2.0.5 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPFront Scroll Top WordPress plugin before 2.0.5 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpfront-scroll-top/"
     google-query: inurl:"/wp-content/plugins/wpfront-scroll-top/"
     shodan-query: 'vuln:CVE-2021-24564'
-  tags: cve,wordpress,wp-plugin,wpfront-scroll-top,medium
+  tags: cve,wordpress,wp-plugin,wpfront-scroll-top,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24565-14d0e5668206cef97d18962e8ae7b83f.yaml b/nuclei-templates/2021/CVE-2021-24565-14d0e5668206cef97d18962e8ae7b83f.yaml
index 504098a9a2..31e704b156 100644
--- a/nuclei-templates/2021/CVE-2021-24565-14d0e5668206cef97d18962e8ae7b83f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24565-14d0e5668206cef97d18962e8ae7b83f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form 7 Captcha <= 0.0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7-simple-recaptcha/"
     google-query: inurl:"/wp-content/plugins/contact-form-7-simple-recaptcha/"
     shodan-query: 'vuln:CVE-2021-24565'
-  tags: cve,wordpress,wp-plugin,contact-form-7-simple-recaptcha,high
+  tags: cve,wordpress,wp-plugin,contact-form-7-simple-recaptcha,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24566-ddc4061947d45933e373a65e6831e3d2.yaml b/nuclei-templates/2021/CVE-2021-24566-ddc4061947d45933e373a65e6831e3d2.yaml
index 81ed70af01..a24811a718 100644
--- a/nuclei-templates/2021/CVE-2021-24566-ddc4061947d45933e373a65e6831e3d2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24566-ddc4061947d45933e373a65e6831e3d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WOOCS – Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce Currency Switcher plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.7 via the "woocs.php" file. This allows low-level authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-currency-switcher/"
     google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/"
     shodan-query: 'vuln:CVE-2021-24566'
-  tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,high
+  tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24567-79a115d0225d5e6109d2bfb5d804fc26.yaml b/nuclei-templates/2021/CVE-2021-24567-79a115d0225d5e6109d2bfb5d804fc26.yaml
index 2850806125..3e63d87c9f 100644
--- a/nuclei-templates/2021/CVE-2021-24567-79a115d0225d5e6109d2bfb5d804fc26.yaml
+++ b/nuclei-templates/2021/CVE-2021-24567-79a115d0225d5e6109d2bfb5d804fc26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Post <= 1.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the text input field in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-post/"
     google-query: inurl:"/wp-content/plugins/simple-post/"
     shodan-query: 'vuln:CVE-2021-24567'
-  tags: cve,wordpress,wp-plugin,simple-post,medium
+  tags: cve,wordpress,wp-plugin,simple-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24568-6b33e64acf4e555f0136d2c33ebedb80.yaml b/nuclei-templates/2021/CVE-2021-24568-6b33e64acf4e555f0136d2c33ebedb80.yaml
index 8672a43c76..aa52b0a69e 100644
--- a/nuclei-templates/2021/CVE-2021-24568-6b33e64acf4e555f0136d2c33ebedb80.yaml
+++ b/nuclei-templates/2021/CVE-2021-24568-6b33e64acf4e555f0136d2c33ebedb80.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AddToAny Share Buttons <= 1.7.45 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-to-any/"
     google-query: inurl:"/wp-content/plugins/add-to-any/"
     shodan-query: 'vuln:CVE-2021-24568'
-  tags: cve,wordpress,wp-plugin,add-to-any,medium
+  tags: cve,wordpress,wp-plugin,add-to-any,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24569-f08aff12bfc66296ae4f842e638dd13b.yaml b/nuclei-templates/2021/CVE-2021-24569-f08aff12bfc66296ae4f842e638dd13b.yaml
index 88b0b82a48..020a524e2d 100644
--- a/nuclei-templates/2021/CVE-2021-24569-f08aff12bfc66296ae4f842e638dd13b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24569-f08aff12bfc66296ae4f842e638dd13b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Notice & Compliance for GDPR / CCPA <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Text setting in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for Admin+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations or installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookie-notice/"
     google-query: inurl:"/wp-content/plugins/cookie-notice/"
     shodan-query: 'vuln:CVE-2021-24569'
-  tags: cve,wordpress,wp-plugin,cookie-notice,medium
+  tags: cve,wordpress,wp-plugin,cookie-notice,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24571-eea7979a3adae6620386ae2fd9256411.yaml b/nuclei-templates/2021/CVE-2021-24571-eea7979a3adae6620386ae2fd9256411.yaml
index 669018cdc5..37b425f777 100644
--- a/nuclei-templates/2021/CVE-2021-24571-eea7979a3adae6620386ae2fd9256411.yaml
+++ b/nuclei-templates/2021/CVE-2021-24571-eea7979a3adae6620386ae2fd9256411.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HD Quiz <= 1.8.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hd-quiz/"
     google-query: inurl:"/wp-content/plugins/hd-quiz/"
     shodan-query: 'vuln:CVE-2021-24571'
-  tags: cve,wordpress,wp-plugin,hd-quiz,medium
+  tags: cve,wordpress,wp-plugin,hd-quiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24572-96fff1abfd750f8db5e7b15f8178a35a.yaml b/nuclei-templates/2021/CVE-2021-24572-96fff1abfd750f8db5e7b15f8178a35a.yaml
index f21da5b7c7..f86bad7066 100644
--- a/nuclei-templates/2021/CVE-2021-24572-96fff1abfd750f8db5e7b15f8178a35a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24572-96fff1abfd750f8db5e7b15f8178a35a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accept Donations with PayPal <= 1.3.0 Cross-Site Request Forgery to Post Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-paypal-donation/"
     google-query: inurl:"/wp-content/plugins/easy-paypal-donation/"
     shodan-query: 'vuln:CVE-2021-24572'
-  tags: cve,wordpress,wp-plugin,easy-paypal-donation,high
+  tags: cve,wordpress,wp-plugin,easy-paypal-donation,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24574-cc890ca86d59bec43888764af28bac9a.yaml b/nuclei-templates/2021/CVE-2021-24574-cc890ca86d59bec43888764af28bac9a.yaml
index d3e0037065..df32f5f23e 100644
--- a/nuclei-templates/2021/CVE-2021-24574-cc890ca86d59bec43888764af28bac9a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24574-cc890ca86d59bec43888764af28bac9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Banner <= 2.10.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-banner/"
     google-query: inurl:"/wp-content/plugins/simple-banner/"
     shodan-query: 'vuln:CVE-2021-24574'
-  tags: cve,wordpress,wp-plugin,simple-banner,medium
+  tags: cve,wordpress,wp-plugin,simple-banner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24575-f6bb81d744ef9464f6fccc27a671bc84.yaml b/nuclei-templates/2021/CVE-2021-24575-f6bb81d744ef9464f6fccc27a671bc84.yaml
index c84e28c628..29c5cacbfe 100644
--- a/nuclei-templates/2021/CVE-2021-24575-f6bb81d744ef9464f6fccc27a671bc84.yaml
+++ b/nuclei-templates/2021/CVE-2021-24575-f6bb81d744ef9464f6fccc27a671bc84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     School Management System – WPSchoolPress <= 2.1.9 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The School Management System – WPSchoolPress plugin for WordPress is vulnerable to blind SQL Injection via the several parameters in versions up to, and including, 2.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/wpschoolpress/"
     google-query: inurl:"/wp-content/plugins/wpschoolpress/"
     shodan-query: 'vuln:CVE-2021-24575'
-  tags: cve,wordpress,wp-plugin,wpschoolpress,high
+  tags: cve,wordpress,wp-plugin,wpschoolpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24576-3253e2e7de1175aa67f3d6d5696567c5.yaml b/nuclei-templates/2021/CVE-2021-24576-3253e2e7de1175aa67f3d6d5696567c5.yaml
index 4616baaed7..ac7c2eb603 100644
--- a/nuclei-templates/2021/CVE-2021-24576-3253e2e7de1175aa67f3d6d5696567c5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24576-3253e2e7de1175aa67f3d6d5696567c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Accordion <= 2.0.21 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-accordion-free/"
     google-query: inurl:"/wp-content/plugins/easy-accordion-free/"
     shodan-query: 'vuln:CVE-2021-24576'
-  tags: cve,wordpress,wp-plugin,easy-accordion-free,medium
+  tags: cve,wordpress,wp-plugin,easy-accordion-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24577-604cc742b0731a1b0e3b91222daa2367.yaml b/nuclei-templates/2021/CVE-2021-24577-604cc742b0731a1b0e3b91222daa2367.yaml
index 2a6765bfac..06acd9924e 100644
--- a/nuclei-templates/2021/CVE-2021-24577-604cc742b0731a1b0e3b91222daa2367.yaml
+++ b/nuclei-templates/2021/CVE-2021-24577-604cc742b0731a1b0e3b91222daa2367.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming soon and Maintenance mode <= 3.5.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/coming-soon-page/"
     shodan-query: 'vuln:CVE-2021-24577'
-  tags: cve,wordpress,wp-plugin,coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,coming-soon-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24580-58b47ebea36b65f50bab513dec8fd081.yaml b/nuclei-templates/2021/CVE-2021-24580-58b47ebea36b65f50bab513dec8fd081.yaml
index 6690e121d2..f42ed43d76 100644
--- a/nuclei-templates/2021/CVE-2021-24580-58b47ebea36b65f50bab513dec8fd081.yaml
+++ b/nuclei-templates/2021/CVE-2021-24580-58b47ebea36b65f50bab513dec8fd081.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Side Menu Lite - add sticky fixed buttons < 2.2.6 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/side-menu-lite/"
     google-query: inurl:"/wp-content/plugins/side-menu-lite/"
     shodan-query: 'vuln:CVE-2021-24580'
-  tags: cve,wordpress,wp-plugin,side-menu-lite,high
+  tags: cve,wordpress,wp-plugin,side-menu-lite,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24581-2eb580b3f81928dc01b4da13b3317526.yaml b/nuclei-templates/2021/CVE-2021-24581-2eb580b3f81928dc01b4da13b3317526.yaml
index 3e05fbe84a..25993c16dd 100644
--- a/nuclei-templates/2021/CVE-2021-24581-2eb580b3f81928dc01b4da13b3317526.yaml
+++ b/nuclei-templates/2021/CVE-2021-24581-2eb580b3f81928dc01b4da13b3317526.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blue Admin <= 21.06.01 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blue-admin/"
     google-query: inurl:"/wp-content/plugins/blue-admin/"
     shodan-query: 'vuln:CVE-2021-24581'
-  tags: cve,wordpress,wp-plugin,blue-admin,high
+  tags: cve,wordpress,wp-plugin,blue-admin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24582-eae5f7c2210c1cdf959e29a045115865.yaml b/nuclei-templates/2021/CVE-2021-24582-eae5f7c2210c1cdf959e29a045115865.yaml
index b522c969ce..8746049687 100644
--- a/nuclei-templates/2021/CVE-2021-24582-eae5f7c2210c1cdf959e29a045115865.yaml
+++ b/nuclei-templates/2021/CVE-2021-24582-eae5f7c2210c1cdf959e29a045115865.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThinkTwit < 1.7.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thinktwit/"
     google-query: inurl:"/wp-content/plugins/thinktwit/"
     shodan-query: 'vuln:CVE-2021-24582'
-  tags: cve,wordpress,wp-plugin,thinktwit,medium
+  tags: cve,wordpress,wp-plugin,thinktwit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24586-178341479b86e6771bea046e08788d1c.yaml b/nuclei-templates/2021/CVE-2021-24586-178341479b86e6771bea046e08788d1c.yaml
index 6108b4c4b9..99b42ed973 100644
--- a/nuclei-templates/2021/CVE-2021-24586-178341479b86e6771bea046e08788d1c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24586-178341479b86e6771bea046e08788d1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Per Page Add To Head <= 1.4.3 Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting (feature mentioned by the plugin), this could lead to Stored XSS issue which will be triggered either in the backend, frontend or both depending on the payload used.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/per-page-add-to/"
     google-query: inurl:"/wp-content/plugins/per-page-add-to/"
     shodan-query: 'vuln:CVE-2021-24586'
-  tags: cve,wordpress,wp-plugin,per-page-add-to,high
+  tags: cve,wordpress,wp-plugin,per-page-add-to,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24587-ab94523f6e880edfade4cc9deca8c597.yaml b/nuclei-templates/2021/CVE-2021-24587-ab94523f6e880edfade4cc9deca8c597.yaml
index ae9114fcf7..dd9f8de989 100644
--- a/nuclei-templates/2021/CVE-2021-24587-ab94523f6e880edfade4cc9deca8c597.yaml
+++ b/nuclei-templates/2021/CVE-2021-24587-ab94523f6e880edfade4cc9deca8c597.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Splash Header < 1.20.8 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/splash-header/"
     google-query: inurl:"/wp-content/plugins/splash-header/"
     shodan-query: 'vuln:CVE-2021-24587'
-  tags: cve,wordpress,wp-plugin,splash-header,medium
+  tags: cve,wordpress,wp-plugin,splash-header,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24588-d6a49c02628ddcb69bd8644362723660.yaml b/nuclei-templates/2021/CVE-2021-24588-d6a49c02628ddcb69bd8644362723660.yaml
index 23b5b0b0c7..1da583d227 100644
--- a/nuclei-templates/2021/CVE-2021-24588-d6a49c02628ddcb69bd8644362723660.yaml
+++ b/nuclei-templates/2021/CVE-2021-24588-d6a49c02628ddcb69bd8644362723660.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SMS Alert Order Notifications – WooCommerce <= 3.4.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin's setting page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sms-alert/"
     google-query: inurl:"/wp-content/plugins/sms-alert/"
     shodan-query: 'vuln:CVE-2021-24588'
-  tags: cve,wordpress,wp-plugin,sms-alert,medium
+  tags: cve,wordpress,wp-plugin,sms-alert,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24590-0f75bb052c76ac287df6a3cedb6cbaf7.yaml b/nuclei-templates/2021/CVE-2021-24590-0f75bb052c76ac287df6a3cedb6cbaf7.yaml
index d2752beadd..e995f64fec 100644
--- a/nuclei-templates/2021/CVE-2021-24590-0f75bb052c76ac287df6a3cedb6cbaf7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24590-0f75bb052c76ac287df6a3cedb6cbaf7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Notice & Consent Banner for GDPR & CCPA Compliance <= 1.7.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookie-notice-and-consent-banner/"
     google-query: inurl:"/wp-content/plugins/cookie-notice-and-consent-banner/"
     shodan-query: 'vuln:CVE-2021-24590'
-  tags: cve,wordpress,wp-plugin,cookie-notice-and-consent-banner,medium
+  tags: cve,wordpress,wp-plugin,cookie-notice-and-consent-banner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24591-bfb136ecd8a5fcaea8f121127bb1d532.yaml b/nuclei-templates/2021/CVE-2021-24591-bfb136ecd8a5fcaea8f121127bb1d532.yaml
index 3c32aed78d..50c1f47be8 100644
--- a/nuclei-templates/2021/CVE-2021-24591-bfb136ecd8a5fcaea8f121127bb1d532.yaml
+++ b/nuclei-templates/2021/CVE-2021-24591-bfb136ecd8a5fcaea8f121127bb1d532.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Highlight < 0.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/highlight/"
     google-query: inurl:"/wp-content/plugins/highlight/"
     shodan-query: 'vuln:CVE-2021-24591'
-  tags: cve,wordpress,wp-plugin,highlight,medium
+  tags: cve,wordpress,wp-plugin,highlight,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24592-9903b310d82da078ab37bcb7e6aa7858.yaml b/nuclei-templates/2021/CVE-2021-24592-9903b310d82da078ab37bcb7e6aa7858.yaml
index 67ba427b3b..bd55593352 100644
--- a/nuclei-templates/2021/CVE-2021-24592-9903b310d82da078ab37bcb7e6aa7858.yaml
+++ b/nuclei-templates/2021/CVE-2021-24592-9903b310d82da078ab37bcb7e6aa7858.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sitewide Notice WP <= 2.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitewide-notice-wp/"
     google-query: inurl:"/wp-content/plugins/sitewide-notice-wp/"
     shodan-query: 'vuln:CVE-2021-24592'
-  tags: cve,wordpress,wp-plugin,sitewide-notice-wp,medium
+  tags: cve,wordpress,wp-plugin,sitewide-notice-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24593-b0f7eacb55c0790170a8a4009593c548.yaml b/nuclei-templates/2021/CVE-2021-24593-b0f7eacb55c0790170a8a4009593c548.yaml
index 7af8b84fd0..e1b121d0b1 100644
--- a/nuclei-templates/2021/CVE-2021-24593-b0f7eacb55c0790170a8a4009593c548.yaml
+++ b/nuclei-templates/2021/CVE-2021-24593-b0f7eacb55c0790170a8a4009593c548.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Business Hours Indicator <= 2.3.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/business-hours-indicator/"
     google-query: inurl:"/wp-content/plugins/business-hours-indicator/"
     shodan-query: 'vuln:CVE-2021-24593'
-  tags: cve,wordpress,wp-plugin,business-hours-indicator,medium
+  tags: cve,wordpress,wp-plugin,business-hours-indicator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24594-b8c86f67e83059075ac727a634aa1bcf.yaml b/nuclei-templates/2021/CVE-2021-24594-b8c86f67e83059075ac727a634aa1bcf.yaml
index 4ff51bf080..b44f786ff9 100644
--- a/nuclei-templates/2021/CVE-2021-24594-b8c86f67e83059075ac727a634aa1bcf.yaml
+++ b/nuclei-templates/2021/CVE-2021-24594-b8c86f67e83059075ac727a634aa1bcf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Translate WordPress - Google Language Translator <= 6.0.11 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-language-translator/"
     google-query: inurl:"/wp-content/plugins/google-language-translator/"
     shodan-query: 'vuln:CVE-2021-24594'
-  tags: cve,wordpress,wp-plugin,google-language-translator,medium
+  tags: cve,wordpress,wp-plugin,google-language-translator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24596-0b4cf00934e898c124e66c8a24ee9c38.yaml b/nuclei-templates/2021/CVE-2021-24596-0b4cf00934e898c124e66c8a24ee9c38.yaml
index 9666ed2912..b45cb80f4f 100644
--- a/nuclei-templates/2021/CVE-2021-24596-0b4cf00934e898c124e66c8a24ee9c38.yaml
+++ b/nuclei-templates/2021/CVE-2021-24596-0b4cf00934e898c124e66c8a24ee9c38.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     youForms for WordPress – Creating Forms for CopeCart <= 1.0.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youforms-free-for-copecart/"
     google-query: inurl:"/wp-content/plugins/youforms-free-for-copecart/"
     shodan-query: 'vuln:CVE-2021-24596'
-  tags: cve,wordpress,wp-plugin,youforms-free-for-copecart,medium
+  tags: cve,wordpress,wp-plugin,youforms-free-for-copecart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24597-43a1e8131c5398f64ddb0148cb86b0fc.yaml b/nuclei-templates/2021/CVE-2021-24597-43a1e8131c5398f64ddb0148cb86b0fc.yaml
index 3a5bed4f15..d3f81434e6 100644
--- a/nuclei-templates/2021/CVE-2021-24597-43a1e8131c5398f64ddb0148cb86b0fc.yaml
+++ b/nuclei-templates/2021/CVE-2021-24597-43a1e8131c5398f64ddb0148cb86b0fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     有赏 You Shang <= 1.0.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/you-shang/"
     google-query: inurl:"/wp-content/plugins/you-shang/"
     shodan-query: 'vuln:CVE-2021-24597'
-  tags: cve,wordpress,wp-plugin,you-shang,medium
+  tags: cve,wordpress,wp-plugin,you-shang,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24598-cc8d3237ec9d31d7a17e75a3773f4b59.yaml b/nuclei-templates/2021/CVE-2021-24598-cc8d3237ec9d31d7a17e75a3773f4b59.yaml
index a0a518b3df..80345e6740 100644
--- a/nuclei-templates/2021/CVE-2021-24598-cc8d3237ec9d31d7a17e75a3773f4b59.yaml
+++ b/nuclei-templates/2021/CVE-2021-24598-cc8d3237ec9d31d7a17e75a3773f4b59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial < 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-builder/"
     google-query: inurl:"/wp-content/plugins/testimonial-builder/"
     shodan-query: 'vuln:CVE-2021-24598'
-  tags: cve,wordpress,wp-plugin,testimonial-builder,medium
+  tags: cve,wordpress,wp-plugin,testimonial-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24600-0b351fbbceddd3af3b8762c10e45e612.yaml b/nuclei-templates/2021/CVE-2021-24600-0b351fbbceddd3af3b8762c10e45e612.yaml
index 63b02a551a..bee6fb7327 100644
--- a/nuclei-templates/2021/CVE-2021-24600-0b351fbbceddd3af3b8762c10e45e612.yaml
+++ b/nuclei-templates/2021/CVE-2021-24600-0b351fbbceddd3af3b8762c10e45e612.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Dialog <= 1.2.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dialog/"
     google-query: inurl:"/wp-content/plugins/wp-dialog/"
     shodan-query: 'vuln:CVE-2021-24600'
-  tags: cve,wordpress,wp-plugin,wp-dialog,medium
+  tags: cve,wordpress,wp-plugin,wp-dialog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24601-88bd79040ab3368b09f14c252d140de8.yaml b/nuclei-templates/2021/CVE-2021-24601-88bd79040ab3368b09f14c252d140de8.yaml
index 73ac0ad550..88a18f08a0 100644
--- a/nuclei-templates/2021/CVE-2021-24601-88bd79040ab3368b09f14c252d140de8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24601-88bd79040ab3368b09f14c252d140de8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPFront Notification Bar <= 2.0.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpfront-notification-bar/"
     google-query: inurl:"/wp-content/plugins/wpfront-notification-bar/"
     shodan-query: 'vuln:CVE-2021-24601'
-  tags: cve,wordpress,wp-plugin,wpfront-notification-bar,medium
+  tags: cve,wordpress,wp-plugin,wpfront-notification-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24603-1d382a2cbfe1692803bdc9f5974b02e1.yaml b/nuclei-templates/2021/CVE-2021-24603-1d382a2cbfe1692803bdc9f5974b02e1.yaml
index 19489c3953..12df5f307d 100644
--- a/nuclei-templates/2021/CVE-2021-24603-1d382a2cbfe1692803bdc9f5974b02e1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24603-1d382a2cbfe1692803bdc9f5974b02e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Reviews <= 5.13.0 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-reviews/"
     google-query: inurl:"/wp-content/plugins/site-reviews/"
     shodan-query: 'vuln:CVE-2021-24603'
-  tags: cve,wordpress,wp-plugin,site-reviews,medium
+  tags: cve,wordpress,wp-plugin,site-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24604-1fa01304932da158500562eabc5ce5d0.yaml b/nuclei-templates/2021/CVE-2021-24604-1fa01304932da158500562eabc5ce5d0.yaml
index eb07625414..eff1d8f123 100644
--- a/nuclei-templates/2021/CVE-2021-24604-1fa01304932da158500562eabc5ce5d0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24604-1fa01304932da158500562eabc5ce5d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Availability Calendar <= 1.2.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/availability-calendar/"
     google-query: inurl:"/wp-content/plugins/availability-calendar/"
     shodan-query: 'vuln:CVE-2021-24604'
-  tags: cve,wordpress,wp-plugin,availability-calendar,medium
+  tags: cve,wordpress,wp-plugin,availability-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24606-3850f9fd40f943ca2e9ea3445b1f1e23.yaml b/nuclei-templates/2021/CVE-2021-24606-3850f9fd40f943ca2e9ea3445b1f1e23.yaml
index e4c6994662..fe14eb009d 100644
--- a/nuclei-templates/2021/CVE-2021-24606-3850f9fd40f943ca2e9ea3445b1f1e23.yaml
+++ b/nuclei-templates/2021/CVE-2021-24606-3850f9fd40f943ca2e9ea3445b1f1e23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Availability Calendar < 1.2.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/availability-calendar/"
     google-query: inurl:"/wp-content/plugins/availability-calendar/"
     shodan-query: 'vuln:CVE-2021-24606'
-  tags: cve,wordpress,wp-plugin,availability-calendar,high
+  tags: cve,wordpress,wp-plugin,availability-calendar,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24607-dcf3d519c235997890c41f1336f203e6.yaml b/nuclei-templates/2021/CVE-2021-24607-dcf3d519c235997890c41f1336f203e6.yaml
index e718819f7d..4b8e1230a1 100644
--- a/nuclei-templates/2021/CVE-2021-24607-dcf3d519c235997890c41f1336f203e6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24607-dcf3d519c235997890c41f1336f203e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Storefront Footer Text <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/storefront-footer-text/"
     google-query: inurl:"/wp-content/plugins/storefront-footer-text/"
     shodan-query: 'vuln:CVE-2021-24607'
-  tags: cve,wordpress,wp-plugin,storefront-footer-text,medium
+  tags: cve,wordpress,wp-plugin,storefront-footer-text,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24608-08ccf69c17927ada744879c1923c390b.yaml b/nuclei-templates/2021/CVE-2021-24608-08ccf69c17927ada744879c1923c390b.yaml
index 9f3b5dad51..302d57facf 100644
--- a/nuclei-templates/2021/CVE-2021-24608-08ccf69c17927ada744879c1923c390b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24608-08ccf69c17927ada744879c1923c390b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidable/"
     google-query: inurl:"/wp-content/plugins/formidable/"
     shodan-query: 'vuln:CVE-2021-24608'
-  tags: cve,wordpress,wp-plugin,formidable,medium
+  tags: cve,wordpress,wp-plugin,formidable,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24609-85d2798dcbad09cd3df8222f6cc3a39d.yaml b/nuclei-templates/2021/CVE-2021-24609-85d2798dcbad09cd3df8222f6cc3a39d.yaml
index b40c4dd707..a8de8e63f0 100644
--- a/nuclei-templates/2021/CVE-2021-24609-85d2798dcbad09cd3df8222f6cc3a39d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24609-85d2798dcbad09cd3df8222f6cc3a39d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mapa Politico España < 3.7.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mapa-politico-spain/"
     google-query: inurl:"/wp-content/plugins/wp-mapa-politico-spain/"
     shodan-query: 'vuln:CVE-2021-24609'
-  tags: cve,wordpress,wp-plugin,wp-mapa-politico-spain,medium
+  tags: cve,wordpress,wp-plugin,wp-mapa-politico-spain,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24610-1bcc8deaed7a36dfed3699cc2606446d.yaml b/nuclei-templates/2021/CVE-2021-24610-1bcc8deaed7a36dfed3699cc2606446d.yaml
index 052826cd8b..d2d38bb367 100644
--- a/nuclei-templates/2021/CVE-2021-24610-1bcc8deaed7a36dfed3699cc2606446d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24610-1bcc8deaed7a36dfed3699cc2606446d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TranslatePress <= 2.0.8 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/translatepress-multilingual/"
     google-query: inurl:"/wp-content/plugins/translatepress-multilingual/"
     shodan-query: 'vuln:CVE-2021-24610'
-  tags: cve,wordpress,wp-plugin,translatepress-multilingual,medium
+  tags: cve,wordpress,wp-plugin,translatepress-multilingual,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24611-ff335b153bdda68f2c4ef086e30eeef7.yaml b/nuclei-templates/2021/CVE-2021-24611-ff335b153bdda68f2c4ef086e30eeef7.yaml
index ea583323f5..bb7369a34c 100644
--- a/nuclei-templates/2021/CVE-2021-24611-ff335b153bdda68f2c4ef086e30eeef7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24611-ff335b153bdda68f2c4ef086e30eeef7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Keyword Meta <= 3.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF attack.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/keyword-meta/"
     google-query: inurl:"/wp-content/plugins/keyword-meta/"
     shodan-query: 'vuln:CVE-2021-24611'
-  tags: cve,wordpress,wp-plugin,keyword-meta,medium
+  tags: cve,wordpress,wp-plugin,keyword-meta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24612-4c5051d5f52547e43ba1e2683a220c8c.yaml b/nuclei-templates/2021/CVE-2021-24612-4c5051d5f52547e43ba1e2683a220c8c.yaml
index 549729ac24..ebb56d6a46 100644
--- a/nuclei-templates/2021/CVE-2021-24612-4c5051d5f52547e43ba1e2683a220c8c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24612-4c5051d5f52547e43ba1e2683a220c8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sociable <= 4.3.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sociable WordPress plugin through 4.3.4.1 does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sociable/"
     google-query: inurl:"/wp-content/plugins/sociable/"
     shodan-query: 'vuln:CVE-2021-24612'
-  tags: cve,wordpress,wp-plugin,sociable,medium
+  tags: cve,wordpress,wp-plugin,sociable,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24613-71955a966b82cf2219c81131b80c408e.yaml b/nuclei-templates/2021/CVE-2021-24613-71955a966b82cf2219c81131b80c408e.yaml
index 9d9dcbdff8..1eea61438d 100644
--- a/nuclei-templates/2021/CVE-2021-24613-71955a966b82cf2219c81131b80c408e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24613-71955a966b82cf2219c81131b80c408e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Views Counter <= 1.3.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-views-counter/"
     google-query: inurl:"/wp-content/plugins/post-views-counter/"
     shodan-query: 'vuln:CVE-2021-24613'
-  tags: cve,wordpress,wp-plugin,post-views-counter,medium
+  tags: cve,wordpress,wp-plugin,post-views-counter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24614-edbb23e6d1dd3c6d3b98a72a827de16d.yaml b/nuclei-templates/2021/CVE-2021-24614-edbb23e6d1dd3c6d3b98a72a827de16d.yaml
index 0791732d9d..ccbd498994 100644
--- a/nuclei-templates/2021/CVE-2021-24614-edbb23e6d1dd3c6d3b98a72a827de16d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24614-edbb23e6d1dd3c6d3b98a72a827de16d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Book appointment online <= 1.38 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Book appointment online WordPress plugin before 1.39 does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/book-appointment-online/"
     google-query: inurl:"/wp-content/plugins/book-appointment-online/"
     shodan-query: 'vuln:CVE-2021-24614'
-  tags: cve,wordpress,wp-plugin,book-appointment-online,medium
+  tags: cve,wordpress,wp-plugin,book-appointment-online,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24615-bcff2870cae12c5758ea4c72282891f6.yaml b/nuclei-templates/2021/CVE-2021-24615-bcff2870cae12c5758ea4c72282891f6.yaml
index 3d42579cec..fccfe50d24 100644
--- a/nuclei-templates/2021/CVE-2021-24615-bcff2870cae12c5758ea4c72282891f6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24615-bcff2870cae12c5758ea4c72282891f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wechat Reward <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wechat-reward/"
     google-query: inurl:"/wp-content/plugins/wechat-reward/"
     shodan-query: 'vuln:CVE-2021-24615'
-  tags: cve,wordpress,wp-plugin,wechat-reward,high
+  tags: cve,wordpress,wp-plugin,wechat-reward,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24616-ae230608473cfc56a303443ba2385f1d.yaml b/nuclei-templates/2021/CVE-2021-24616-ae230608473cfc56a303443ba2385f1d.yaml
index 5bea7a0afc..b775989d2d 100644
--- a/nuclei-templates/2021/CVE-2021-24616-ae230608473cfc56a303443ba2385f1d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24616-ae230608473cfc56a303443ba2385f1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AddToAny Share Buttons <= 1.7.47 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-to-any/"
     google-query: inurl:"/wp-content/plugins/add-to-any/"
     shodan-query: 'vuln:CVE-2021-24616'
-  tags: cve,wordpress,wp-plugin,add-to-any,medium
+  tags: cve,wordpress,wp-plugin,add-to-any,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24618-737595c2ea3449d9afc6f182f87c2e0c.yaml b/nuclei-templates/2021/CVE-2021-24618-737595c2ea3449d9afc6f182f87c2e0c.yaml
index 9a8c45f9a5..1d7bd0c284 100644
--- a/nuclei-templates/2021/CVE-2021-24618-737595c2ea3449d9afc6f182f87c2e0c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24618-737595c2ea3449d9afc6f182f87c2e0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donate With QRCode <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/donate-with-qrcode/"
     google-query: inurl:"/wp-content/plugins/donate-with-qrcode/"
     shodan-query: 'vuln:CVE-2021-24618'
-  tags: cve,wordpress,wp-plugin,donate-with-qrcode,medium
+  tags: cve,wordpress,wp-plugin,donate-with-qrcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24619-186c3d28d4f62e262c488a190cb41115.yaml b/nuclei-templates/2021/CVE-2021-24619-186c3d28d4f62e262c488a190cb41115.yaml
index 4a9649fa84..7878e86731 100644
--- a/nuclei-templates/2021/CVE-2021-24619-186c3d28d4f62e262c488a190cb41115.yaml
+++ b/nuclei-templates/2021/CVE-2021-24619-186c3d28d4f62e262c488a190cb41115.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Per Page Add to Head <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/per-page-add-to/"
     google-query: inurl:"/wp-content/plugins/per-page-add-to/"
     shodan-query: 'vuln:CVE-2021-24619'
-  tags: cve,wordpress,wp-plugin,per-page-add-to,medium
+  tags: cve,wordpress,wp-plugin,per-page-add-to,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24620-b9227c21bfafb1eba2c9f59a2176e5a7.yaml b/nuclei-templates/2021/CVE-2021-24620-b9227c21bfafb1eba2c9f59a2176e5a7.yaml
index 71489545ef..797fc2acc2 100644
--- a/nuclei-templates/2021/CVE-2021-24620-b9227c21bfafb1eba2c9f59a2176e5a7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24620-b9227c21bfafb1eba2c9f59a2176e5a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.2. This is due to missing nonce validation on the simpleecommcart-products page, and missing file type validation on the Downloadable Digital product file. This makes it possible for unauthenticated attackers to upload arbitrary files, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-e-commerce-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/simple-e-commerce-shopping-cart/"
     shodan-query: 'vuln:CVE-2021-24620'
-  tags: cve,wordpress,wp-plugin,simple-e-commerce-shopping-cart,high
+  tags: cve,wordpress,wp-plugin,simple-e-commerce-shopping-cart,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24621-863ed304215cd2e175d9703d88e6083d.yaml b/nuclei-templates/2021/CVE-2021-24621-863ed304215cd2e175d9703d88e6083d.yaml
index 8ceec13dac..3d76b3025d 100644
--- a/nuclei-templates/2021/CVE-2021-24621-863ed304215cd2e175d9703d88e6083d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24621-863ed304215cd2e175d9703d88e6083d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Courses LMS < 2.0.44 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Courses LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting  in versions before 2.0.44 due to improper handling of the unfiltered_html capability. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-courses/"
     google-query: inurl:"/wp-content/plugins/wp-courses/"
     shodan-query: 'vuln:CVE-2021-24621'
-  tags: cve,wordpress,wp-plugin,wp-courses,medium
+  tags: cve,wordpress,wp-plugin,wp-courses,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24622-2335d22fc63434a5bcaa426b8fe660ca.yaml b/nuclei-templates/2021/CVE-2021-24622-2335d22fc63434a5bcaa426b8fe660ca.yaml
index 4f3a10fe31..ede5f9690c 100644
--- a/nuclei-templates/2021/CVE-2021-24622-2335d22fc63434a5bcaa426b8fe660ca.yaml
+++ b/nuclei-templates/2021/CVE-2021-24622-2335d22fc63434a5bcaa426b8fe660ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Service Software & Support Ticket System < 5.10.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ticket/"
     google-query: inurl:"/wp-content/plugins/wp-ticket/"
     shodan-query: 'vuln:CVE-2021-24622'
-  tags: cve,wordpress,wp-plugin,wp-ticket,medium
+  tags: cve,wordpress,wp-plugin,wp-ticket,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24623-8cc533b05aae8f8735d3033cbbcc92b8.yaml b/nuclei-templates/2021/CVE-2021-24623-8cc533b05aae8f8735d3033cbbcc92b8.yaml
index f034b5d555..3f4691c05e 100644
--- a/nuclei-templates/2021/CVE-2021-24623-8cc533b05aae8f8735d3033cbbcc92b8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24623-8cc533b05aae8f8735d3033cbbcc92b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Advanced Ticket System, Elite Support Helpdesk <= 1.0.63 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wats/"
     google-query: inurl:"/wp-content/plugins/wats/"
     shodan-query: 'vuln:CVE-2021-24623'
-  tags: cve,wordpress,wp-plugin,wats,medium
+  tags: cve,wordpress,wp-plugin,wats,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24625-ba6ce63fd5cf470afef6a6aae7117079.yaml b/nuclei-templates/2021/CVE-2021-24625-ba6ce63fd5cf470afef6a6aae7117079.yaml
index d5a7233df1..a8e86f8694 100644
--- a/nuclei-templates/2021/CVE-2021-24625-ba6ce63fd5cf470afef6a6aae7117079.yaml
+++ b/nuclei-templates/2021/CVE-2021-24625-ba6ce63fd5cf470afef6a6aae7117079.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SpiderCatalog <= 1.7.3 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/catalog/"
     google-query: inurl:"/wp-content/plugins/catalog/"
     shodan-query: 'vuln:CVE-2021-24625'
-  tags: cve,wordpress,wp-plugin,catalog,high
+  tags: cve,wordpress,wp-plugin,catalog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24626-6e87e05f951d4532dd6f6de3b88ad77d.yaml b/nuclei-templates/2021/CVE-2021-24626-6e87e05f951d4532dd6f6de3b88ad77d.yaml
index b52a01eb33..8c36aa8f0a 100644
--- a/nuclei-templates/2021/CVE-2021-24626-6e87e05f951d4532dd6f6de3b88ad77d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24626-6e87e05f951d4532dd6f6de3b88ad77d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chameleon CSS <= 1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chameleon-css/"
     google-query: inurl:"/wp-content/plugins/chameleon-css/"
     shodan-query: 'vuln:CVE-2021-24626'
-  tags: cve,wordpress,wp-plugin,chameleon-css,high
+  tags: cve,wordpress,wp-plugin,chameleon-css,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24627-7e1dd5ec2f3ce921814a97005e4bdef0.yaml b/nuclei-templates/2021/CVE-2021-24627-7e1dd5ec2f3ce921814a97005e4bdef0.yaml
index c75997630a..d29e87e481 100644
--- a/nuclei-templates/2021/CVE-2021-24627-7e1dd5ec2f3ce921814a97005e4bdef0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24627-7e1dd5ec2f3ce921814a97005e4bdef0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     G Auto-Hyperlink <= 1.0.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/g-auto-hyperlink/"
     google-query: inurl:"/wp-content/plugins/g-auto-hyperlink/"
     shodan-query: 'vuln:CVE-2021-24627'
-  tags: cve,wordpress,wp-plugin,g-auto-hyperlink,high
+  tags: cve,wordpress,wp-plugin,g-auto-hyperlink,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24628-14d5ec39f3f717cd0febca936a2aa6ce.yaml b/nuclei-templates/2021/CVE-2021-24628-14d5ec39f3f717cd0febca936a2aa6ce.yaml
index 9552e1105a..6ee8709aa0 100644
--- a/nuclei-templates/2021/CVE-2021-24628-14d5ec39f3f717cd0febca936a2aa6ce.yaml
+++ b/nuclei-templates/2021/CVE-2021-24628-14d5ec39f3f717cd0febca936a2aa6ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wow Forms – create any form with custom style <= 3.1.3 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mwp-forms/"
     google-query: inurl:"/wp-content/plugins/mwp-forms/"
     shodan-query: 'vuln:CVE-2021-24628'
-  tags: cve,wordpress,wp-plugin,mwp-forms,high
+  tags: cve,wordpress,wp-plugin,mwp-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24629-c5997f1fef9873598e392fd29a23db70.yaml b/nuclei-templates/2021/CVE-2021-24629-c5997f1fef9873598e392fd29a23db70.yaml
index 4c1668c1ea..5534dcf38a 100644
--- a/nuclei-templates/2021/CVE-2021-24629-c5997f1fef9873598e392fd29a23db70.yaml
+++ b/nuclei-templates/2021/CVE-2021-24629-c5997f1fef9873598e392fd29a23db70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Content XMLRPC <= 1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-content-xmlrpc/"
     google-query: inurl:"/wp-content/plugins/post-content-xmlrpc/"
     shodan-query: 'vuln:CVE-2021-24629'
-  tags: cve,wordpress,wp-plugin,post-content-xmlrpc,high
+  tags: cve,wordpress,wp-plugin,post-content-xmlrpc,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24630-13e0cdd00039aa83908edb26fc9e840c.yaml b/nuclei-templates/2021/CVE-2021-24630-13e0cdd00039aa83908edb26fc9e840c.yaml
index 1891fa5ada..7dfea0c679 100644
--- a/nuclei-templates/2021/CVE-2021-24630-13e0cdd00039aa83908edb26fc9e840c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24630-13e0cdd00039aa83908edb26fc9e840c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schreikasten <= 0.14.18 - Authenticated (Author+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/schreikasten/"
     google-query: inurl:"/wp-content/plugins/schreikasten/"
     shodan-query: 'vuln:CVE-2021-24630'
-  tags: cve,wordpress,wp-plugin,schreikasten,high
+  tags: cve,wordpress,wp-plugin,schreikasten,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24631-87cd3b8d44051ebe8fa42c56e4d1cbb3.yaml b/nuclei-templates/2021/CVE-2021-24631-87cd3b8d44051ebe8fa42c56e4d1cbb3.yaml
index 2a6912ca9a..a07dcccce3 100644
--- a/nuclei-templates/2021/CVE-2021-24631-87cd3b8d44051ebe8fa42c56e4d1cbb3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24631-87cd3b8d44051ebe8fa42c56e4d1cbb3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unlimited PopUps <= 4.5.3 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-popups/"
     google-query: inurl:"/wp-content/plugins/unlimited-popups/"
     shodan-query: 'vuln:CVE-2021-24631'
-  tags: cve,wordpress,wp-plugin,unlimited-popups,high
+  tags: cve,wordpress,wp-plugin,unlimited-popups,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24633-c70d49119f4b9f186615bc657f763711.yaml b/nuclei-templates/2021/CVE-2021-24633-c70d49119f4b9f186615bc657f763711.yaml
index f6f59844e9..f4ef8a5f04 100644
--- a/nuclei-templates/2021/CVE-2021-24633-c70d49119f4b9f186615bc657f763711.yaml
+++ b/nuclei-templates/2021/CVE-2021-24633-c70d49119f4b9f186615bc657f763711.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Countdown Block <= 1.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-countdown-block/"
     google-query: inurl:"/wp-content/plugins/wp-countdown-block/"
     shodan-query: 'vuln:CVE-2021-24633'
-  tags: cve,wordpress,wp-plugin,wp-countdown-block,medium
+  tags: cve,wordpress,wp-plugin,wp-countdown-block,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24634-6fb42790ec406c67546f572fbaa70d56.yaml b/nuclei-templates/2021/CVE-2021-24634-6fb42790ec406c67546f572fbaa70d56.yaml
index 7b6917a1f7..696fb657e1 100644
--- a/nuclei-templates/2021/CVE-2021-24634-6fb42790ec406c67546f572fbaa70d56.yaml
+++ b/nuclei-templates/2021/CVE-2021-24634-6fb42790ec406c67546f572fbaa70d56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Recipe Card Blocks by WPZOOM <= 2.8.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Recipe Card Blocks by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.2 by not properly sanitizing or escaping some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings). This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recipe-card-blocks-by-wpzoom/"
     google-query: inurl:"/wp-content/plugins/recipe-card-blocks-by-wpzoom/"
     shodan-query: 'vuln:CVE-2021-24634'
-  tags: cve,wordpress,wp-plugin,recipe-card-blocks-by-wpzoom,medium
+  tags: cve,wordpress,wp-plugin,recipe-card-blocks-by-wpzoom,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24636-6bab7e18a95398e2980bac2c1ae0a9ae.yaml b/nuclei-templates/2021/CVE-2021-24636-6bab7e18a95398e2980bac2c1ae0a9ae.yaml
index d2c8447c63..a514ed7c35 100644
--- a/nuclei-templates/2021/CVE-2021-24636-6bab7e18a95398e2980bac2c1ae0a9ae.yaml
+++ b/nuclei-templates/2021/CVE-2021-24636-6bab7e18a95398e2980bac2c1ae0a9ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.4.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-my-blog/"
     google-query: inurl:"/wp-content/plugins/print-my-blog/"
     shodan-query: 'vuln:CVE-2021-24636'
-  tags: cve,wordpress,wp-plugin,print-my-blog,high
+  tags: cve,wordpress,wp-plugin,print-my-blog,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24637-97a8bbca52a057b5fde67edd446b89ce.yaml b/nuclei-templates/2021/CVE-2021-24637-97a8bbca52a057b5fde67edd446b89ce.yaml
index f9e3f8d477..b579f24acd 100644
--- a/nuclei-templates/2021/CVE-2021-24637-97a8bbca52a057b5fde67edd446b89ce.yaml
+++ b/nuclei-templates/2021/CVE-2021-24637-97a8bbca52a057b5fde67edd446b89ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Fonts Typography <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via blockType arguments
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitize some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/olympus-google-fonts/"
     google-query: inurl:"/wp-content/plugins/olympus-google-fonts/"
     shodan-query: 'vuln:CVE-2021-24637'
-  tags: cve,wordpress,wp-plugin,olympus-google-fonts,medium
+  tags: cve,wordpress,wp-plugin,olympus-google-fonts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24640-6a7d0f10989c55df0c2d186c1333c6d5.yaml b/nuclei-templates/2021/CVE-2021-24640-6a7d0f10989c55df0c2d186c1333c6d5.yaml
index bc63778aa7..a5c27e2f04 100644
--- a/nuclei-templates/2021/CVE-2021-24640-6a7d0f10989c55df0c2d186c1333c6d5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24640-6a7d0f10989c55df0c2d186c1333c6d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Slider Block Gutenslider <= 5.1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gutenslider/"
     google-query: inurl:"/wp-content/plugins/gutenslider/"
     shodan-query: 'vuln:CVE-2021-24640'
-  tags: cve,wordpress,wp-plugin,gutenslider,medium
+  tags: cve,wordpress,wp-plugin,gutenslider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24641-fe4c9ec6c5f12eda6f85dea0f4ee153f.yaml b/nuclei-templates/2021/CVE-2021-24641-fe4c9ec6c5f12eda6f85dea0f4ee153f.yaml
index 22cb781e1b..be2674cb02 100644
--- a/nuclei-templates/2021/CVE-2021-24641-fe4c9ec6c5f12eda6f85dea0f4ee153f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24641-fe4c9ec6c5f12eda6f85dea0f4ee153f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Images to WebP < 1.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/images-to-webp/"
     google-query: inurl:"/wp-content/plugins/images-to-webp/"
     shodan-query: 'vuln:CVE-2021-24641'
-  tags: cve,wordpress,wp-plugin,images-to-webp,high
+  tags: cve,wordpress,wp-plugin,images-to-webp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24642-62e4e20027880ffdd76d60900f6cc1c9.yaml b/nuclei-templates/2021/CVE-2021-24642-62e4e20027880ffdd76d60900f6cc1c9.yaml
index 24e882c08f..cf9b43b8e1 100644
--- a/nuclei-templates/2021/CVE-2021-24642-62e4e20027880ffdd76d60900f6cc1c9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24642-62e4e20027880ffdd76d60900f6cc1c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scroll Baner <= 1.0 - Cross-Site Request Forgery to Remote Code Execution and/or Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scroll-baner/"
     google-query: inurl:"/wp-content/plugins/scroll-baner/"
     shodan-query: 'vuln:CVE-2021-24642'
-  tags: cve,wordpress,wp-plugin,scroll-baner,high
+  tags: cve,wordpress,wp-plugin,scroll-baner,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24643-5b50465ae2f78659823d6ff4bd2ffc8a.yaml b/nuclei-templates/2021/CVE-2021-24643-5b50465ae2f78659823d6ff4bd2ffc8a.yaml
index aede09e65a..48f403ffeb 100644
--- a/nuclei-templates/2021/CVE-2021-24643-5b50465ae2f78659823d6ff4bd2ffc8a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24643-5b50465ae2f78659823d6ff4bd2ffc8a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Map Block – Gutenberg Map Block for Google Map and OpenStreet Map <= 1.2.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-map-block/"
     google-query: inurl:"/wp-content/plugins/wp-map-block/"
     shodan-query: 'vuln:CVE-2021-24643'
-  tags: cve,wordpress,wp-plugin,wp-map-block,medium
+  tags: cve,wordpress,wp-plugin,wp-map-block,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24644-a060d1379e872ddbb3c1744a92296936.yaml b/nuclei-templates/2021/CVE-2021-24644-a060d1379e872ddbb3c1744a92296936.yaml
index fab03bfa6f..82ef0c16b9 100644
--- a/nuclei-templates/2021/CVE-2021-24644-a060d1379e872ddbb3c1744a92296936.yaml
+++ b/nuclei-templates/2021/CVE-2021-24644-a060d1379e872ddbb3c1744a92296936.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Images to WebP <= 1.8 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/images-to-webp/"
     google-query: inurl:"/wp-content/plugins/images-to-webp/"
     shodan-query: 'vuln:CVE-2021-24644'
-  tags: cve,wordpress,wp-plugin,images-to-webp,high
+  tags: cve,wordpress,wp-plugin,images-to-webp,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24645-97d71a5a3da44a42d764845b5a062c1f.yaml b/nuclei-templates/2021/CVE-2021-24645-97d71a5a3da44a42d764845b5a062c1f.yaml
index 8f3b41e1f6..47447aaf09 100644
--- a/nuclei-templates/2021/CVE-2021-24645-97d71a5a3da44a42d764845b5a062c1f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24645-97d71a5a3da44a42d764845b5a062c1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking.com Product Helper <= 1.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookingcom-product-helper/"
     google-query: inurl:"/wp-content/plugins/bookingcom-product-helper/"
     shodan-query: 'vuln:CVE-2021-24645'
-  tags: cve,wordpress,wp-plugin,bookingcom-product-helper,medium
+  tags: cve,wordpress,wp-plugin,bookingcom-product-helper,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24646-792631ba5cdfc566598ea26dfe895270.yaml b/nuclei-templates/2021/CVE-2021-24646-792631ba5cdfc566598ea26dfe895270.yaml
index 1d55743ebd..a3add06092 100644
--- a/nuclei-templates/2021/CVE-2021-24646-792631ba5cdfc566598ea26dfe895270.yaml
+++ b/nuclei-templates/2021/CVE-2021-24646-792631ba5cdfc566598ea26dfe895270.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking.com Banner Creator <= 1.4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookingcom-banner-creator/"
     google-query: inurl:"/wp-content/plugins/bookingcom-banner-creator/"
     shodan-query: 'vuln:CVE-2021-24646'
-  tags: cve,wordpress,wp-plugin,bookingcom-banner-creator,medium
+  tags: cve,wordpress,wp-plugin,bookingcom-banner-creator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24647-555fd231d361b91b6b7b333e844c48cf.yaml b/nuclei-templates/2021/CVE-2021-24647-555fd231d361b91b6b7b333e844c48cf.yaml
index 93311d23f9..86b2999580 100644
--- a/nuclei-templates/2021/CVE-2021-24647-555fd231d361b91b6b7b333e844c48cf.yaml
+++ b/nuclei-templates/2021/CVE-2021-24647-555fd231d361b91b6b7b333e844c48cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pie Register <= 3.7.1.5 - Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Registration Forms  User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pie-register/"
     google-query: inurl:"/wp-content/plugins/pie-register/"
     shodan-query: 'vuln:CVE-2021-24647'
-  tags: cve,wordpress,wp-plugin,pie-register,high
+  tags: cve,wordpress,wp-plugin,pie-register,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24651-c07bb721e301a0dbb891c103a2081934.yaml b/nuclei-templates/2021/CVE-2021-24651-c07bb721e301a0dbb891c103a2081934.yaml
index 17076ae5f4..27d8edf5f0 100644
--- a/nuclei-templates/2021/CVE-2021-24651-c07bb721e301a0dbb891c103a2081934.yaml
+++ b/nuclei-templates/2021/CVE-2021-24651-c07bb721e301a0dbb891c103a2081934.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poll Maker < 3.4.2 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/poll-maker/"
     google-query: inurl:"/wp-content/plugins/poll-maker/"
     shodan-query: 'vuln:CVE-2021-24651'
-  tags: cve,wordpress,wp-plugin,poll-maker,high
+  tags: cve,wordpress,wp-plugin,poll-maker,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24653-13b25bc0903a03574dd9d52d17a8d7fb.yaml b/nuclei-templates/2021/CVE-2021-24653-13b25bc0903a03574dd9d52d17a8d7fb.yaml
index 31e48c5e9b..22d7e593d9 100644
--- a/nuclei-templates/2021/CVE-2021-24653-13b25bc0903a03574dd9d52d17a8d7fb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24653-13b25bc0903a03574dd9d52d17a8d7fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Bar <= 1.8.8 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookie-bar/"
     google-query: inurl:"/wp-content/plugins/cookie-bar/"
     shodan-query: 'vuln:CVE-2021-24653'
-  tags: cve,wordpress,wp-plugin,cookie-bar,medium
+  tags: cve,wordpress,wp-plugin,cookie-bar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24654-5acef1bfe4bd1454c852e9b74429a91a.yaml b/nuclei-templates/2021/CVE-2021-24654-5acef1bfe4bd1454c852e9b74429a91a.yaml
index 4ce407f9fe..b8034fa6f7 100644
--- a/nuclei-templates/2021/CVE-2021-24654-5acef1bfe4bd1454c852e9b74429a91a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24654-5acef1bfe4bd1454c852e9b74429a91a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration < 2.0.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-manager/"
     google-query: inurl:"/wp-content/plugins/wp-user-manager/"
     shodan-query: 'vuln:CVE-2021-24654'
-  tags: cve,wordpress,wp-plugin,wp-user-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-user-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24656-12ff7814319c3fed879573cad73d612b.yaml b/nuclei-templates/2021/CVE-2021-24656-12ff7814319c3fed879573cad73d612b.yaml
index 60448a743d..c77195274d 100644
--- a/nuclei-templates/2021/CVE-2021-24656-12ff7814319c3fed879573cad73d612b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24656-12ff7814319c3fed879573cad73d612b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Social Media Share Buttons <= 3.2.3 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-social-buttons/"
     google-query: inurl:"/wp-content/plugins/simple-social-buttons/"
     shodan-query: 'vuln:CVE-2021-24656'
-  tags: cve,wordpress,wp-plugin,simple-social-buttons,medium
+  tags: cve,wordpress,wp-plugin,simple-social-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24657-1c092eb4ba33ccf4bb9feb95671821cb.yaml b/nuclei-templates/2021/CVE-2021-24657-1c092eb4ba33ccf4bb9feb95671821cb.yaml
index dad9e3a593..ff7ca6a03f 100644
--- a/nuclei-templates/2021/CVE-2021-24657-1c092eb4ba33ccf4bb9feb95671821cb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24657-1c092eb4ba33ccf4bb9feb95671821cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Limit Login Attempts <= 4.0.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-limit-login-attempts/"
     google-query: inurl:"/wp-content/plugins/miniorange-limit-login-attempts/"
     shodan-query: 'vuln:CVE-2021-24657'
-  tags: cve,wordpress,wp-plugin,miniorange-limit-login-attempts,medium
+  tags: cve,wordpress,wp-plugin,miniorange-limit-login-attempts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24658-bd06eea54f94d4f00b121a93f672de21.yaml b/nuclei-templates/2021/CVE-2021-24658-bd06eea54f94d4f00b121a93f672de21.yaml
index dda4de6d13..e86736c58b 100644
--- a/nuclei-templates/2021/CVE-2021-24658-bd06eea54f94d4f00b121a93f672de21.yaml
+++ b/nuclei-templates/2021/CVE-2021-24658-bd06eea54f94d4f00b121a93f672de21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Erident Custom Login and Dashboard <= 3.5.8 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erident-custom-login-and-dashboard/"
     google-query: inurl:"/wp-content/plugins/erident-custom-login-and-dashboard/"
     shodan-query: 'vuln:CVE-2021-24658'
-  tags: cve,wordpress,wp-plugin,erident-custom-login-and-dashboard,medium
+  tags: cve,wordpress,wp-plugin,erident-custom-login-and-dashboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24659-d5a9675642b3846bb1039f5b8393297a.yaml b/nuclei-templates/2021/CVE-2021-24659-d5a9675642b3846bb1039f5b8393297a.yaml
index 88cedc9093..927850b6cf 100644
--- a/nuclei-templates/2021/CVE-2021-24659-d5a9675642b3846bb1039f5b8393297a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24659-d5a9675642b3846bb1039f5b8393297a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-post/"
     google-query: inurl:"/wp-content/plugins/ultimate-post/"
     shodan-query: 'vuln:CVE-2021-24659'
-  tags: cve,wordpress,wp-plugin,ultimate-post,medium
+  tags: cve,wordpress,wp-plugin,ultimate-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24660-d9d7cdc24ee2887d8625dc92279b0527.yaml b/nuclei-templates/2021/CVE-2021-24660-d9d7cdc24ee2887d8625dc92279b0527.yaml
index 82c78b7a00..3bce3432b0 100644
--- a/nuclei-templates/2021/CVE-2021-24660-d9d7cdc24ee2887d8625dc92279b0527.yaml
+++ b/nuclei-templates/2021/CVE-2021-24660-d9d7cdc24ee2887d8625dc92279b0527.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-post/"
     google-query: inurl:"/wp-content/plugins/ultimate-post/"
     shodan-query: 'vuln:CVE-2021-24660'
-  tags: cve,wordpress,wp-plugin,ultimate-post,medium
+  tags: cve,wordpress,wp-plugin,ultimate-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24662-4860564c39627d424628b36fd20f6fbc.yaml b/nuclei-templates/2021/CVE-2021-24662-4860564c39627d424628b36fd20f6fbc.yaml
index 0af29b7e1c..e1b09b2cde 100644
--- a/nuclei-templates/2021/CVE-2021-24662-4860564c39627d424628b36fd20f6fbc.yaml
+++ b/nuclei-templates/2021/CVE-2021-24662-4860564c39627d424628b36fd20f6fbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Game Server Status <= 1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/game-server-status/"
     google-query: inurl:"/wp-content/plugins/game-server-status/"
     shodan-query: 'vuln:CVE-2021-24662'
-  tags: cve,wordpress,wp-plugin,game-server-status,high
+  tags: cve,wordpress,wp-plugin,game-server-status,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24663-9d4cfba6200e394cef32d487f65ab9e2.yaml b/nuclei-templates/2021/CVE-2021-24663-9d4cfba6200e394cef32d487f65ab9e2.yaml
index f190055d3d..f556541480 100644
--- a/nuclei-templates/2021/CVE-2021-24663-9d4cfba6200e394cef32d487f65ab9e2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24663-9d4cfba6200e394cef32d487f65ab9e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Schools Staff Directory <= 1.1 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-schools-staff-directory/"
     google-query: inurl:"/wp-content/plugins/simple-schools-staff-directory/"
     shodan-query: 'vuln:CVE-2021-24663'
-  tags: cve,wordpress,wp-plugin,simple-schools-staff-directory,high
+  tags: cve,wordpress,wp-plugin,simple-schools-staff-directory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24664-b9006062d746b8caf6ca2e15e2892f35.yaml b/nuclei-templates/2021/CVE-2021-24664-b9006062d746b8caf6ca2e15e2892f35.yaml
index 907465c765..e5b2b200df 100644
--- a/nuclei-templates/2021/CVE-2021-24664-b9006062d746b8caf6ca2e15e2892f35.yaml
+++ b/nuclei-templates/2021/CVE-2021-24664-b9006062d746b8caf6ca2e15e2892f35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     School Management System – WPSchoolPress <= 2.1.16 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpschoolpress/"
     google-query: inurl:"/wp-content/plugins/wpschoolpress/"
     shodan-query: 'vuln:CVE-2021-24664'
-  tags: cve,wordpress,wp-plugin,wpschoolpress,medium
+  tags: cve,wordpress,wp-plugin,wpschoolpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24665-f81f2c3fb0fd545df0470702817f5fe2.yaml b/nuclei-templates/2021/CVE-2021-24665-f81f2c3fb0fd545df0470702817f5fe2.yaml
index f711a46283..be7868cbb2 100644
--- a/nuclei-templates/2021/CVE-2021-24665-f81f2c3fb0fd545df0470702817f5fe2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24665-f81f2c3fb0fd545df0470702817f5fe2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Video Lightbox <= 1.9.2 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-video-lightbox/"
     google-query: inurl:"/wp-content/plugins/wp-video-lightbox/"
     shodan-query: 'vuln:CVE-2021-24665'
-  tags: cve,wordpress,wp-plugin,wp-video-lightbox,medium
+  tags: cve,wordpress,wp-plugin,wp-video-lightbox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24667-11813679c9659f7e86b27269316b1760.yaml b/nuclei-templates/2021/CVE-2021-24667-11813679c9659f7e86b27269316b1760.yaml
index bd4c5d39ad..1039b8c76b 100644
--- a/nuclei-templates/2021/CVE-2021-24667-11813679c9659f7e86b27269316b1760.yaml
+++ b/nuclei-templates/2021/CVE-2021-24667-11813679c9659f7e86b27269316b1760.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Blocks with Lightbox <= 2.2.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 & below). The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of image parameters in meta data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simply-gallery-block/"
     google-query: inurl:"/wp-content/plugins/simply-gallery-block/"
     shodan-query: 'vuln:CVE-2021-24667'
-  tags: cve,wordpress,wp-plugin,simply-gallery-block,medium
+  tags: cve,wordpress,wp-plugin,simply-gallery-block,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24669-ccaa11bd28c41ea215a8627a09fdb85f.yaml b/nuclei-templates/2021/CVE-2021-24669-ccaa11bd28c41ea215a8627a09fdb85f.yaml
index 5268b767be..ac348b242b 100644
--- a/nuclei-templates/2021/CVE-2021-24669-ccaa11bd28c41ea215a8627a09fdb85f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24669-ccaa11bd28c41ea215a8627a09fdb85f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MAZ Loader – Preloader Builder for WordPress <= 1.3.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maz-loader/"
     google-query: inurl:"/wp-content/plugins/maz-loader/"
     shodan-query: 'vuln:CVE-2021-24669'
-  tags: cve,wordpress,wp-plugin,maz-loader,high
+  tags: cve,wordpress,wp-plugin,maz-loader,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24670-d3f53759db6cbb2a0f47408beaf6dbd0.yaml b/nuclei-templates/2021/CVE-2021-24670-d3f53759db6cbb2a0f47408beaf6dbd0.yaml
index 0d6c3d76f6..925d495629 100644
--- a/nuclei-templates/2021/CVE-2021-24670-d3f53759db6cbb2a0f47408beaf6dbd0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24670-d3f53759db6cbb2a0f47408beaf6dbd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CoolClock <= 4.3.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coolclock/"
     google-query: inurl:"/wp-content/plugins/coolclock/"
     shodan-query: 'vuln:CVE-2021-24670'
-  tags: cve,wordpress,wp-plugin,coolclock,medium
+  tags: cve,wordpress,wp-plugin,coolclock,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24671-efba52660b6ae40494c76473deb3b9d9.yaml b/nuclei-templates/2021/CVE-2021-24671-efba52660b6ae40494c76473deb3b9d9.yaml
index a1774c754e..3769c8f71c 100644
--- a/nuclei-templates/2021/CVE-2021-24671-efba52660b6ae40494c76473deb3b9d9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24671-efba52660b6ae40494c76473deb3b9d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MX Time Zone Clocks <= 3.4 - Contributor+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mx-time-zone-clocks/"
     google-query: inurl:"/wp-content/plugins/mx-time-zone-clocks/"
     shodan-query: 'vuln:CVE-2021-24671'
-  tags: cve,wordpress,wp-plugin,mx-time-zone-clocks,medium
+  tags: cve,wordpress,wp-plugin,mx-time-zone-clocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24672-2eb3196d201c69c1b619f7192e23dfa3.yaml b/nuclei-templates/2021/CVE-2021-24672-2eb3196d201c69c1b619f7192e23dfa3.yaml
index d17725f557..44684c95b8 100644
--- a/nuclei-templates/2021/CVE-2021-24672-2eb3196d201c69c1b619f7192e23dfa3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24672-2eb3196d201c69c1b619f7192e23dfa3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     One User Avatar <= 2.3.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/one-user-avatar/"
     google-query: inurl:"/wp-content/plugins/one-user-avatar/"
     shodan-query: 'vuln:CVE-2021-24672'
-  tags: cve,wordpress,wp-plugin,one-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,one-user-avatar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24673-b36315e23ade129c61fb07a902fc54b7.yaml b/nuclei-templates/2021/CVE-2021-24673-b36315e23ade129c61fb07a902fc54b7.yaml
index 425b00191f..77a66c824d 100644
--- a/nuclei-templates/2021/CVE-2021-24673-b36315e23ade129c61fb07a902fc54b7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24673-b36315e23ade129c61fb07a902fc54b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Hour Booking <= 1.3.15 Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/appointment-hour-booking/"
     google-query: inurl:"/wp-content/plugins/appointment-hour-booking/"
     shodan-query: 'vuln:CVE-2021-24673'
-  tags: cve,wordpress,wp-plugin,appointment-hour-booking,medium
+  tags: cve,wordpress,wp-plugin,appointment-hour-booking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24678-6bc3c65cb1ca8d7f84584a1599bace9a.yaml b/nuclei-templates/2021/CVE-2021-24678-6bc3c65cb1ca8d7f84584a1599bace9a.yaml
index b3668075d0..04feb616e8 100644
--- a/nuclei-templates/2021/CVE-2021-24678-6bc3c65cb1ca8d7f84584a1599bace9a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24678-6bc3c65cb1ca8d7f84584a1599bace9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CM Tooltip Glossary <= 3.9.20 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CM Tooltip Glossary plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.9.20 due to insufficient input sanitization and output escaping. It does not escape some glossary_tooltip shortcode attributes.  This makes it possible for Contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-tooltipglossary/"
     google-query: inurl:"/wp-content/plugins/enhanced-tooltipglossary/"
     shodan-query: 'vuln:CVE-2021-24678'
-  tags: cve,wordpress,wp-plugin,enhanced-tooltipglossary,medium
+  tags: cve,wordpress,wp-plugin,enhanced-tooltipglossary,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24680-f6c6555824d98b71401c19c502cb055d.yaml b/nuclei-templates/2021/CVE-2021-24680-f6c6555824d98b71401c19c502cb055d.yaml
index 168972feca..02783d3d02 100644
--- a/nuclei-templates/2021/CVE-2021-24680-f6c6555824d98b71401c19c502cb055d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24680-f6c6555824d98b71401c19c502cb055d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Travel Engine <= 5.3.0 - Editor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-travel-engine/"
     google-query: inurl:"/wp-content/plugins/wp-travel-engine/"
     shodan-query: 'vuln:CVE-2021-24680'
-  tags: cve,wordpress,wp-plugin,wp-travel-engine,medium
+  tags: cve,wordpress,wp-plugin,wp-travel-engine,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24681-d66fba0caf4197da913cda06e8bae43e.yaml b/nuclei-templates/2021/CVE-2021-24681-d66fba0caf4197da913cda06e8bae43e.yaml
index 7a7ec2a500..c719a5adb0 100644
--- a/nuclei-templates/2021/CVE-2021-24681-d66fba0caf4197da913cda06e8bae43e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24681-d66fba0caf4197da913cda06e8bae43e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Page <= 4.4.1 Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Duplicate Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Duplicate Post Suffix settings in versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-page/"
     google-query: inurl:"/wp-content/plugins/duplicate-page/"
     shodan-query: 'vuln:CVE-2021-24681'
-  tags: cve,wordpress,wp-plugin,duplicate-page,medium
+  tags: cve,wordpress,wp-plugin,duplicate-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24682-02f969afa585249fd7cbd8abedb25b46.yaml b/nuclei-templates/2021/CVE-2021-24682-02f969afa585249fd7cbd8abedb25b46.yaml
index 8cae24cd23..270fd99f38 100644
--- a/nuclei-templates/2021/CVE-2021-24682-02f969afa585249fd7cbd8abedb25b46.yaml
+++ b/nuclei-templates/2021/CVE-2021-24682-02f969afa585249fd7cbd8abedb25b46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cool Tag Cloud <= 2.25 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cool-tag-cloud/"
     google-query: inurl:"/wp-content/plugins/cool-tag-cloud/"
     shodan-query: 'vuln:CVE-2021-24682'
-  tags: cve,wordpress,wp-plugin,cool-tag-cloud,medium
+  tags: cve,wordpress,wp-plugin,cool-tag-cloud,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24683-f85537b61e94963bbc9d5c86e5b9998c.yaml b/nuclei-templates/2021/CVE-2021-24683-f85537b61e94963bbc9d5c86e5b9998c.yaml
index 599d639e99..617d2f9d99 100644
--- a/nuclei-templates/2021/CVE-2021-24683-f85537b61e94963bbc9d5c86e5b9998c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24683-f85537b61e94963bbc9d5c86e5b9998c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weather Effect – Christmas Santa Snow Falling <= 1.3.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weather-effect/"
     google-query: inurl:"/wp-content/plugins/weather-effect/"
     shodan-query: 'vuln:CVE-2021-24683'
-  tags: cve,wordpress,wp-plugin,weather-effect,high
+  tags: cve,wordpress,wp-plugin,weather-effect,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24684-b4f2d824d6b4e83932e04d871f8fc11c.yaml b/nuclei-templates/2021/CVE-2021-24684-b4f2d824d6b4e83932e04d871f8fc11c.yaml
index 273745a878..73e7112079 100644
--- a/nuclei-templates/2021/CVE-2021-24684-b4f2d824d6b4e83932e04d871f8fc11c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24684-b4f2d824d6b4e83932e04d871f8fc11c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Light Viewer <= 1.4.11 - Authenticated Command Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-light-viewer/"
     google-query: inurl:"/wp-content/plugins/pdf-light-viewer/"
     shodan-query: 'vuln:CVE-2021-24684'
-  tags: cve,wordpress,wp-plugin,pdf-light-viewer,critical
+  tags: cve,wordpress,wp-plugin,pdf-light-viewer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24686-4cdd67f3f418a30581118cbbb5c2e501.yaml b/nuclei-templates/2021/CVE-2021-24686-4cdd67f3f418a30581118cbbb5c2e501.yaml
index aa9bfddd2f..e197352bdc 100644
--- a/nuclei-templates/2021/CVE-2021-24686-4cdd67f3f418a30581118cbbb5c2e501.yaml
+++ b/nuclei-templates/2021/CVE-2021-24686-4cdd67f3f418a30581118cbbb5c2e501.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SVG Support <= 2.3.19 Admin+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/svg-support/"
     google-query: inurl:"/wp-content/plugins/svg-support/"
     shodan-query: 'vuln:CVE-2021-24686'
-  tags: cve,wordpress,wp-plugin,svg-support,medium
+  tags: cve,wordpress,wp-plugin,svg-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24687-075f9c166c068dd8df28c57bf8d8a51a.yaml b/nuclei-templates/2021/CVE-2021-24687-075f9c166c068dd8df28c57bf8d8a51a.yaml
index a357fcf655..abba5ca110 100644
--- a/nuclei-templates/2021/CVE-2021-24687-075f9c166c068dd8df28c57bf8d8a51a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24687-075f9c166c068dd8df28c57bf8d8a51a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar Lite < 5.22.1 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2021-24687'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24688-dc42737b07ffe9283fc25fc1965481dd.yaml b/nuclei-templates/2021/CVE-2021-24688-dc42737b07ffe9283fc25fc1965481dd.yaml
index dfeb5e5b28..c4e51b06cf 100644
--- a/nuclei-templates/2021/CVE-2021-24688-dc42737b07ffe9283fc25fc1965481dd.yaml
+++ b/nuclei-templates/2021/CVE-2021-24688-dc42737b07ffe9283fc25fc1965481dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orange Form <= 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/orange-form/"
     google-query: inurl:"/wp-content/plugins/orange-form/"
     shodan-query: 'vuln:CVE-2021-24688'
-  tags: cve,wordpress,wp-plugin,orange-form,high
+  tags: cve,wordpress,wp-plugin,orange-form,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24689-59cabb7b5299e919e0e9798126655ebf.yaml b/nuclei-templates/2021/CVE-2021-24689-59cabb7b5299e919e0e9798126655ebf.yaml
index 8be6f405f7..229b9dfda7 100644
--- a/nuclei-templates/2021/CVE-2021-24689-59cabb7b5299e919e0e9798126655ebf.yaml
+++ b/nuclei-templates/2021/CVE-2021-24689-59cabb7b5299e919e0e9798126655ebf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Authenticated (Admin+) Arbitrary System File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lastform/"
     google-query: inurl:"/wp-content/plugins/lastform/"
     shodan-query: 'vuln:CVE-2021-24689'
-  tags: cve,wordpress,wp-plugin,lastform,medium
+  tags: cve,wordpress,wp-plugin,lastform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24690-4a26e6944326e51fbc6f1bb093dd580e.yaml b/nuclei-templates/2021/CVE-2021-24690-4a26e6944326e51fbc6f1bb093dd580e.yaml
index ea34a57e30..be3492080f 100644
--- a/nuclei-templates/2021/CVE-2021-24690-4a26e6944326e51fbc6f1bb093dd580e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24690-4a26e6944326e51fbc6f1bb093dd580e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chained Quiz < 1.2.7.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chained-quiz/"
     google-query: inurl:"/wp-content/plugins/chained-quiz/"
     shodan-query: 'vuln:CVE-2021-24690'
-  tags: cve,wordpress,wp-plugin,chained-quiz,medium
+  tags: cve,wordpress,wp-plugin,chained-quiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24691-91489b941b180b4987354a4aee0df6e3.yaml b/nuclei-templates/2021/CVE-2021-24691-91489b941b180b4987354a4aee0df6e3.yaml
index 60570c77f6..0a92c18f6f 100644
--- a/nuclei-templates/2021/CVE-2021-24691-91489b941b180b4987354a4aee0df6e3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24691-91489b941b180b4987354a4aee0df6e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 7.3.1 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2021-24691'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24693-5017a561b2bec42e777a79d3e7f73798.yaml b/nuclei-templates/2021/CVE-2021-24693-5017a561b2bec42e777a79d3e7f73798.yaml
index ed76556944..fc9df417d5 100644
--- a/nuclei-templates/2021/CVE-2021-24693-5017a561b2bec42e777a79d3e7f73798.yaml
+++ b/nuclei-templates/2021/CVE-2021-24693-5017a561b2bec42e777a79d3e7f73798.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Download Monitor <= 3.9.4 - Contributor+ Stored Cross-Site Scripting via File Thumbnail
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could make JavaScript code execute in a context of a reviewer such as admin and make them create a rogue admin account, or install a malicious plugin
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-download-monitor/"
     google-query: inurl:"/wp-content/plugins/simple-download-monitor/"
     shodan-query: 'vuln:CVE-2021-24693'
-  tags: cve,wordpress,wp-plugin,simple-download-monitor,critical
+  tags: cve,wordpress,wp-plugin,simple-download-monitor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24694-59401ea9ce38d0433cad6f039547d860.yaml b/nuclei-templates/2021/CVE-2021-24694-59401ea9ce38d0433cad6f039547d860.yaml
index e721c62527..4526996881 100644
--- a/nuclei-templates/2021/CVE-2021-24694-59401ea9ce38d0433cad6f039547d860.yaml
+++ b/nuclei-templates/2021/CVE-2021-24694-59401ea9ce38d0433cad6f039547d860.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "placeholder" argument of sdm_search_form shortcode.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-download-monitor/"
     google-query: inurl:"/wp-content/plugins/simple-download-monitor/"
     shodan-query: 'vuln:CVE-2021-24694'
-  tags: cve,wordpress,wp-plugin,simple-download-monitor,medium
+  tags: cve,wordpress,wp-plugin,simple-download-monitor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24696-9b6bff957c02c5adaec64684fd5bd810.yaml b/nuclei-templates/2021/CVE-2021-24696-9b6bff957c02c5adaec64684fd5bd810.yaml
index 4f401af3bb..3e930dfbd2 100644
--- a/nuclei-templates/2021/CVE-2021-24696-9b6bff957c02c5adaec64684fd5bd810.yaml
+++ b/nuclei-templates/2021/CVE-2021-24696-9b6bff957c02c5adaec64684fd5bd810.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-download-monitor/"
     google-query: inurl:"/wp-content/plugins/simple-download-monitor/"
     shodan-query: 'vuln:CVE-2021-24696'
-  tags: cve,wordpress,wp-plugin,simple-download-monitor,high
+  tags: cve,wordpress,wp-plugin,simple-download-monitor,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24699-91ba8b6ec0e7e434577621e62a4faeec.yaml b/nuclei-templates/2021/CVE-2021-24699-91ba8b6ec0e7e434577621e62a4faeec.yaml
index 1224ee82da..718f0048bb 100644
--- a/nuclei-templates/2021/CVE-2021-24699-91ba8b6ec0e7e434577621e62a4faeec.yaml
+++ b/nuclei-templates/2021/CVE-2021-24699-91ba8b6ec0e7e434577621e62a4faeec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Media Download <= 1.1.5 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-media-download/"
     google-query: inurl:"/wp-content/plugins/easy-media-download/"
     shodan-query: 'vuln:CVE-2021-24699'
-  tags: cve,wordpress,wp-plugin,easy-media-download,medium
+  tags: cve,wordpress,wp-plugin,easy-media-download,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24700-ee384374dcb64224451204e7db1b00fc.yaml b/nuclei-templates/2021/CVE-2021-24700-ee384374dcb64224451204e7db1b00fc.yaml
index 8265a1084e..a01c23e02c 100644
--- a/nuclei-templates/2021/CVE-2021-24700-ee384374dcb64224451204e7db1b00fc.yaml
+++ b/nuclei-templates/2021/CVE-2021-24700-ee384374dcb64224451204e7db1b00fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forminator/"
     google-query: inurl:"/wp-content/plugins/forminator/"
     shodan-query: 'vuln:CVE-2021-24700'
-  tags: cve,wordpress,wp-plugin,forminator,medium
+  tags: cve,wordpress,wp-plugin,forminator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24701-8979f6505c90c68150042fb786bf639e.yaml b/nuclei-templates/2021/CVE-2021-24701-8979f6505c90c68150042fb786bf639e.yaml
index 3f52be730f..37c2f23d9b 100644
--- a/nuclei-templates/2021/CVE-2021-24701-8979f6505c90c68150042fb786bf639e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24701-8979f6505c90c68150042fb786bf639e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz Tool Lite <= 2.3.15 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to inject arbitrary web scripts in pages  even when the unfiltered_html capability is disallowed that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-tool-lite/"
     google-query: inurl:"/wp-content/plugins/quiz-tool-lite/"
     shodan-query: 'vuln:CVE-2021-24701'
-  tags: cve,wordpress,wp-plugin,quiz-tool-lite,medium
+  tags: cve,wordpress,wp-plugin,quiz-tool-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24702-7716b5ad1739bacc35b966f53febea57.yaml b/nuclei-templates/2021/CVE-2021-24702-7716b5ad1739bacc35b966f53febea57.yaml
index c36d994e12..f74a46ae1f 100644
--- a/nuclei-templates/2021/CVE-2021-24702-7716b5ad1739bacc35b966f53febea57.yaml
+++ b/nuclei-templates/2021/CVE-2021-24702-7716b5ad1739bacc35b966f53febea57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 4.1.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2021-24702'
-  tags: cve,wordpress,wp-plugin,learnpress,medium
+  tags: cve,wordpress,wp-plugin,learnpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24704-cb748c9c9efa655b709ed263bb18ce58.yaml b/nuclei-templates/2021/CVE-2021-24704-cb748c9c9efa655b709ed263bb18ce58.yaml
index ead191e6a9..196e9e1606 100644
--- a/nuclei-templates/2021/CVE-2021-24704-cb748c9c9efa655b709ed263bb18ce58.yaml
+++ b/nuclei-templates/2021/CVE-2021-24704-cb748c9c9efa655b709ed263bb18ce58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orange Form <= 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     In the Orange Form WordPress plugin through 1.0.1, the process_bulk_action() function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/orange-form/"
     google-query: inurl:"/wp-content/plugins/orange-form/"
     shodan-query: 'vuln:CVE-2021-24704'
-  tags: cve,wordpress,wp-plugin,orange-form,high
+  tags: cve,wordpress,wp-plugin,orange-form,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24705-3484031578b48515a252a1136c0592de.yaml b/nuclei-templates/2021/CVE-2021-24705-3484031578b48515a252a1136c0592de.yaml
index 2b8168f819..e31b4bff35 100644
--- a/nuclei-templates/2021/CVE-2021-24705-3484031578b48515a252a1136c0592de.yaml
+++ b/nuclei-templates/2021/CVE-2021-24705-3484031578b48515a252a1136c0592de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms – Ultimate Form Builder <= 8.4.2 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The NEX-Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.2. This is due to missing or incorrect nonce validation on the update_record() function, in addition to many other functions. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2021-24705'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24706-28d16d6b1cef547447e4d705dcc2a1cb.yaml b/nuclei-templates/2021/CVE-2021-24706-28d16d6b1cef547447e4d705dcc2a1cb.yaml
index 63ae07eb90..1dd00eea41 100644
--- a/nuclei-templates/2021/CVE-2021-24706-28d16d6b1cef547447e4d705dcc2a1cb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24706-28d16d6b1cef547447e4d705dcc2a1cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qwizcards <= 3.61 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qwiz-online-quizzes-and-flashcards/"
     google-query: inurl:"/wp-content/plugins/qwiz-online-quizzes-and-flashcards/"
     shodan-query: 'vuln:CVE-2021-24706'
-  tags: cve,wordpress,wp-plugin,qwiz-online-quizzes-and-flashcards,medium
+  tags: cve,wordpress,wp-plugin,qwiz-online-quizzes-and-flashcards,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24707-a63938534e67d796e6484c84d1211d1e.yaml b/nuclei-templates/2021/CVE-2021-24707-a63938534e67d796e6484c84d1211d1e.yaml
index a65a030586..a6d38e4bba 100644
--- a/nuclei-templates/2021/CVE-2021-24707-a63938534e67d796e6484c84d1211d1e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24707-a63938534e67d796e6484c84d1211d1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Learning Courses < 5.0 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-learning/"
     google-query: inurl:"/wp-content/plugins/nd-learning/"
     shodan-query: 'vuln:CVE-2021-24707'
-  tags: cve,wordpress,wp-plugin,nd-learning,medium
+  tags: cve,wordpress,wp-plugin,nd-learning,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24708-1ab755d3e95de25c386caeb2d042c3d1.yaml b/nuclei-templates/2021/CVE-2021-24708-1ab755d3e95de25c386caeb2d042c3d1.yaml
index 9787107847..e29180d821 100644
--- a/nuclei-templates/2021/CVE-2021-24708-1ab755d3e95de25c386caeb2d042c3d1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24708-1ab755d3e95de25c386caeb2d042c3d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP All Export <= 1.3.0 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-export/"
     google-query: inurl:"/wp-content/plugins/wp-all-export/"
     shodan-query: 'vuln:CVE-2021-24708'
-  tags: cve,wordpress,wp-plugin,wp-all-export,medium
+  tags: cve,wordpress,wp-plugin,wp-all-export,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24709-fa8d9c6fc1b3f748c9c03e858b8946b9.yaml b/nuclei-templates/2021/CVE-2021-24709-fa8d9c6fc1b3f748c9c03e858b8946b9.yaml
index 6a641d0407..50536f11bc 100644
--- a/nuclei-templates/2021/CVE-2021-24709-fa8d9c6fc1b3f748c9c03e858b8946b9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24709-fa8d9c6fc1b3f748c9c03e858b8946b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weather Effect – Christmas Santa Snow Falling <= 1.3.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weather-effect/"
     google-query: inurl:"/wp-content/plugins/weather-effect/"
     shodan-query: 'vuln:CVE-2021-24709'
-  tags: cve,wordpress,wp-plugin,weather-effect,medium
+  tags: cve,wordpress,wp-plugin,weather-effect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24710-92919ce0eb17b0cea216462cfde732e2.yaml b/nuclei-templates/2021/CVE-2021-24710-92919ce0eb17b0cea216462cfde732e2.yaml
index 8475f49310..62031831a1 100644
--- a/nuclei-templates/2021/CVE-2021-24710-92919ce0eb17b0cea216462cfde732e2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24710-92919ce0eb17b0cea216462cfde732e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Print-O-Matic <= 2.0.2 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-o-matic/"
     google-query: inurl:"/wp-content/plugins/print-o-matic/"
     shodan-query: 'vuln:CVE-2021-24710'
-  tags: cve,wordpress,wp-plugin,print-o-matic,medium
+  tags: cve,wordpress,wp-plugin,print-o-matic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24712-93e983f709a0a8202ff094d785febb7b.yaml b/nuclei-templates/2021/CVE-2021-24712-93e983f709a0a8202ff094d785febb7b.yaml
index 43d1691eed..bf1cb2739e 100644
--- a/nuclei-templates/2021/CVE-2021-24712-93e983f709a0a8202ff094d785febb7b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24712-93e983f709a0a8202ff094d785febb7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Hour Booking <= 1.3.16 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/appointment-hour-booking/"
     google-query: inurl:"/wp-content/plugins/appointment-hour-booking/"
     shodan-query: 'vuln:CVE-2021-24712'
-  tags: cve,wordpress,wp-plugin,appointment-hour-booking,medium
+  tags: cve,wordpress,wp-plugin,appointment-hour-booking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24713-d10884d848b4b49b542895ed8b750487.yaml b/nuclei-templates/2021/CVE-2021-24713-d10884d848b4b49b542895ed8b750487.yaml
index e8bf7917ea..4ac7aa8af6 100644
--- a/nuclei-templates/2021/CVE-2021-24713-d10884d848b4b49b542895ed8b750487.yaml
+++ b/nuclei-templates/2021/CVE-2021-24713-d10884d848b4b49b542895ed8b750487.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Lessons Manager < 1.7.2 and Video Lessons Manager Pro < 3.5.9 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.5
     cve-id: CVE-2021-24713
   metadata:
-    fofa-query: "wp-content/plugins/cm-video-lesson-manager/"
-    google-query: inurl:"/wp-content/plugins/cm-video-lesson-manager/"
+    fofa-query: "wp-content/plugins/cm-video-lesson-manager-pro/"
+    google-query: inurl:"/wp-content/plugins/cm-video-lesson-manager-pro/"
     shodan-query: 'vuln:CVE-2021-24713'
-  tags: cve,wordpress,wp-plugin,cm-video-lesson-manager,medium
+  tags: cve,wordpress,wp-plugin,cm-video-lesson-manager-pro,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/cm-video-lesson-manager/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/cm-video-lesson-manager-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "cm-video-lesson-manager"
+          - "cm-video-lesson-manager-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.7.1')
\ No newline at end of file
+          - compare_versions(version, '<= 3.5.8')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-24714-490b87f43f2fe349a60db708b8fdfe27.yaml b/nuclei-templates/2021/CVE-2021-24714-490b87f43f2fe349a60db708b8fdfe27.yaml
index 327ca22da0..ff0820b215 100644
--- a/nuclei-templates/2021/CVE-2021-24714-490b87f43f2fe349a60db708b8fdfe27.yaml
+++ b/nuclei-templates/2021/CVE-2021-24714-490b87f43f2fe349a60db708b8fdfe27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import any XML or CSV File to WordPress <= 3.6.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2021-24714'
-  tags: cve,wordpress,wp-plugin,wp-all-import,medium
+  tags: cve,wordpress,wp-plugin,wp-all-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24716-b99ab0aa7e8eaa169d59d870ba15e44f.yaml b/nuclei-templates/2021/CVE-2021-24716-b99ab0aa7e8eaa169d59d870ba15e44f.yaml
index 8f77a49374..770af08c50 100644
--- a/nuclei-templates/2021/CVE-2021-24716-b99ab0aa7e8eaa169d59d870ba15e44f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24716-b99ab0aa7e8eaa169d59d870ba15e44f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar Lite <= 5.22.2 - Authenticated Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2021-24716'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24718-021b10291895f49c72c52c95a60965eb.yaml b/nuclei-templates/2021/CVE-2021-24718-021b10291895f49c72c52c95a60965eb.yaml
index 49c1e8393d..5d6e6d24fe 100644
--- a/nuclei-templates/2021/CVE-2021-24718-021b10291895f49c72c52c95a60965eb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24718-021b10291895f49c72c52c95a60965eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form, Survey & Popup Form Plugin for WordPress –  ARForms Form Builder < 1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/arforms-form-builder/"
     google-query: inurl:"/wp-content/plugins/arforms-form-builder/"
     shodan-query: 'vuln:CVE-2021-24718'
-  tags: cve,wordpress,wp-plugin,arforms-form-builder,medium
+  tags: cve,wordpress,wp-plugin,arforms-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24720-10faa8f7dbe39946fc1591dc4a29cfc1.yaml b/nuclei-templates/2021/CVE-2021-24720-10faa8f7dbe39946fc1591dc4a29cfc1.yaml
index 704aff74f9..dd8d01fe24 100644
--- a/nuclei-templates/2021/CVE-2021-24720-10faa8f7dbe39946fc1591dc4a29cfc1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24720-10faa8f7dbe39946fc1591dc4a29cfc1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GeoDirectory <= 2.1.1.2 - Authenticated (admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geodirectory/"
     google-query: inurl:"/wp-content/plugins/geodirectory/"
     shodan-query: 'vuln:CVE-2021-24720'
-  tags: cve,wordpress,wp-plugin,geodirectory,medium
+  tags: cve,wordpress,wp-plugin,geodirectory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24721-8187837c8e502d478100e3984ca296fb.yaml b/nuclei-templates/2021/CVE-2021-24721-8187837c8e502d478100e3984ca296fb.yaml
index 7ff31036cc..69991ed5b9 100644
--- a/nuclei-templates/2021/CVE-2021-24721-8187837c8e502d478100e3984ca296fb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24721-8187837c8e502d478100e3984ca296fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Loco Translate <= 2.5.3 - Authenticated PHP Code Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/loco-translate/"
     google-query: inurl:"/wp-content/plugins/loco-translate/"
     shodan-query: 'vuln:CVE-2021-24721'
-  tags: cve,wordpress,wp-plugin,loco-translate,medium
+  tags: cve,wordpress,wp-plugin,loco-translate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24723-0b686c4cb6f413d46dafa7ed933109c6.yaml b/nuclei-templates/2021/CVE-2021-24723-0b686c4cb6f413d46dafa7ed933109c6.yaml
index 111ce98771..f48a769208 100644
--- a/nuclei-templates/2021/CVE-2021-24723-0b686c4cb6f413d46dafa7ed933109c6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24723-0b686c4cb6f413d46dafa7ed933109c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Reactions Lite <= 1.3.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-reactions-lite/"
     google-query: inurl:"/wp-content/plugins/wp-reactions-lite/"
     shodan-query: 'vuln:CVE-2021-24723'
-  tags: cve,wordpress,wp-plugin,wp-reactions-lite,medium
+  tags: cve,wordpress,wp-plugin,wp-reactions-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24724-953e4421c93547e97fe8ff565f4ade18.yaml b/nuclei-templates/2021/CVE-2021-24724-953e4421c93547e97fe8ff565f4ade18.yaml
index 8fa46cf11f..3e9926e80a 100644
--- a/nuclei-templates/2021/CVE-2021-24724-953e4421c93547e97fe8ff565f4ade18.yaml
+++ b/nuclei-templates/2021/CVE-2021-24724-953e4421c93547e97fe8ff565f4ade18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Timetable and Event Schedule by MotoPress <= 2.3.18 - Author+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mp-timetable/"
     google-query: inurl:"/wp-content/plugins/mp-timetable/"
     shodan-query: 'vuln:CVE-2021-24724'
-  tags: cve,wordpress,wp-plugin,mp-timetable,medium
+  tags: cve,wordpress,wp-plugin,mp-timetable,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24726-bac170dcd3835d8bbf7c00e58b6af261.yaml b/nuclei-templates/2021/CVE-2021-24726-bac170dcd3835d8bbf7c00e58b6af261.yaml
index 66e5be68d9..490c0b5670 100644
--- a/nuclei-templates/2021/CVE-2021-24726-bac170dcd3835d8bbf7c00e58b6af261.yaml
+++ b/nuclei-templates/2021/CVE-2021-24726-bac170dcd3835d8bbf7c00e58b6af261.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Simple Booking Calendar <= 2.0.6 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Simple Booking Calendar WordPress plugin before 2.0.7 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-simple-booking-calendar/"
     google-query: inurl:"/wp-content/plugins/wp-simple-booking-calendar/"
     shodan-query: 'vuln:CVE-2021-24726'
-  tags: cve,wordpress,wp-plugin,wp-simple-booking-calendar,high
+  tags: cve,wordpress,wp-plugin,wp-simple-booking-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24727-a56a10763fef9c6c1ee5edbd42a68314.yaml b/nuclei-templates/2021/CVE-2021-24727-a56a10763fef9c6c1ee5edbd42a68314.yaml
index e3b3517867..16db6ae53b 100644
--- a/nuclei-templates/2021/CVE-2021-24727-a56a10763fef9c6c1ee5edbd42a68314.yaml
+++ b/nuclei-templates/2021/CVE-2021-24727-a56a10763fef9c6c1ee5edbd42a68314.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.60 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stopbadbots/"
     google-query: inurl:"/wp-content/plugins/stopbadbots/"
     shodan-query: 'vuln:CVE-2021-24727'
-  tags: cve,wordpress,wp-plugin,stopbadbots,high
+  tags: cve,wordpress,wp-plugin,stopbadbots,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24728-cce20befda4e7caf1b066f754d7a6624.yaml b/nuclei-templates/2021/CVE-2021-24728-cce20befda4e7caf1b066f754d7a6624.yaml
index 9cfa091af8..3188ebf25b 100644
--- a/nuclei-templates/2021/CVE-2021-24728-cce20befda4e7caf1b066f754d7a6624.yaml
+++ b/nuclei-templates/2021/CVE-2021-24728-cce20befda4e7caf1b066f754d7a6624.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Membership & Content Restriction – Paid Member Subscriptions <= 2.4.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to authenticated SQL injections in the Members and Payments pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-member-subscriptions/"
     google-query: inurl:"/wp-content/plugins/paid-member-subscriptions/"
     shodan-query: 'vuln:CVE-2021-24728'
-  tags: cve,wordpress,wp-plugin,paid-member-subscriptions,high
+  tags: cve,wordpress,wp-plugin,paid-member-subscriptions,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24729-5de20b622f7b3426c6426e4d509bd26e.yaml b/nuclei-templates/2021/CVE-2021-24729-5de20b622f7b3426c6426e4d509bd26e.yaml
index 88a3373595..2f5b57c599 100644
--- a/nuclei-templates/2021/CVE-2021-24729-5de20b622f7b3426c6426e4d509bd26e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24729-5de20b622f7b3426c6426e4d509bd26e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/logo-showcase-with-slick-slider/"
     google-query: inurl:"/wp-content/plugins/logo-showcase-with-slick-slider/"
     shodan-query: 'vuln:CVE-2021-24729'
-  tags: cve,wordpress,wp-plugin,logo-showcase-with-slick-slider,medium
+  tags: cve,wordpress,wp-plugin,logo-showcase-with-slick-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24732-f6e79c74546c68ce5cae314ffc286a54.yaml b/nuclei-templates/2021/CVE-2021-24732-f6e79c74546c68ce5cae314ffc286a54.yaml
index bf90be9563..a16a6b1ac8 100644
--- a/nuclei-templates/2021/CVE-2021-24732-f6e79c74546c68ce5cae314ffc286a54.yaml
+++ b/nuclei-templates/2021/CVE-2021-24732-f6e79c74546c68ce5cae314ffc286a54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Flipbook, 3D Flipbook WordPress – DearFlip Lite <= 1.7.12 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.13 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3d-flipbook-dflip-lite/"
     google-query: inurl:"/wp-content/plugins/3d-flipbook-dflip-lite/"
     shodan-query: 'vuln:CVE-2021-24732'
-  tags: cve,wordpress,wp-plugin,3d-flipbook-dflip-lite,medium
+  tags: cve,wordpress,wp-plugin,3d-flipbook-dflip-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24733-477f1ad4dc386cbc51b27ed2633fd23f.yaml b/nuclei-templates/2021/CVE-2021-24733-477f1ad4dc386cbc51b27ed2633fd23f.yaml
index 873da42402..a8cfa10968 100644
--- a/nuclei-templates/2021/CVE-2021-24733-477f1ad4dc386cbc51b27ed2633fd23f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24733-477f1ad4dc386cbc51b27ed2633fd23f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Post Page Clone <= 1.1 - Missing Authorization to Post Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-post-page-clone/"
     google-query: inurl:"/wp-content/plugins/wp-post-page-clone/"
     shodan-query: 'vuln:CVE-2021-24733'
-  tags: cve,wordpress,wp-plugin,wp-post-page-clone,medium
+  tags: cve,wordpress,wp-plugin,wp-post-page-clone,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24734-bd35c1f22ebbbba8b36bd6df988b805a.yaml b/nuclei-templates/2021/CVE-2021-24734-bd35c1f22ebbbba8b36bd6df988b805a.yaml
index 2e9444c3e3..5bb024802e 100644
--- a/nuclei-templates/2021/CVE-2021-24734-bd35c1f22ebbbba8b36bd6df988b805a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24734-bd35c1f22ebbbba8b36bd6df988b805a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Compact WP Audio Player <= 1.9.6 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/compact-wp-audio-player/"
     google-query: inurl:"/wp-content/plugins/compact-wp-audio-player/"
     shodan-query: 'vuln:CVE-2021-24734'
-  tags: cve,wordpress,wp-plugin,compact-wp-audio-player,medium
+  tags: cve,wordpress,wp-plugin,compact-wp-audio-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24736-b62cd969ddcf5b8e9b0c69558a4a4184.yaml b/nuclei-templates/2021/CVE-2021-24736-b62cd969ddcf5b8e9b0c69558a4a4184.yaml
index 3a0231c3b1..df7d71eed5 100644
--- a/nuclei-templates/2021/CVE-2021-24736-b62cd969ddcf5b8e9b0c69558a4a4184.yaml
+++ b/nuclei-templates/2021/CVE-2021-24736-b62cd969ddcf5b8e9b0c69558a4a4184.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shared Files – Easy Download Manager and File Sharing Plugin with Frontend File Upload <= 1.6.56 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shared-files/"
     google-query: inurl:"/wp-content/plugins/shared-files/"
     shodan-query: 'vuln:CVE-2021-24736'
-  tags: cve,wordpress,wp-plugin,shared-files,medium
+  tags: cve,wordpress,wp-plugin,shared-files,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24737-0bc93e8d9149869cc1871c88dbbfb381.yaml b/nuclei-templates/2021/CVE-2021-24737-0bc93e8d9149869cc1871c88dbbfb381.yaml
index f3b1383cec..0a35d5d435 100644
--- a/nuclei-templates/2021/CVE-2021-24737-0bc93e8d9149869cc1871c88dbbfb381.yaml
+++ b/nuclei-templates/2021/CVE-2021-24737-0bc93e8d9149869cc1871c88dbbfb381.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comments - wpDiscuz <= 7.3.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Comments - wpDiscuz WordPress plugin through 7.3.0 does not properly sanitize or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdiscuz/"
     google-query: inurl:"/wp-content/plugins/wpdiscuz/"
     shodan-query: 'vuln:CVE-2021-24737'
-  tags: cve,wordpress,wp-plugin,wpdiscuz,medium
+  tags: cve,wordpress,wp-plugin,wpdiscuz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24738-426067a3112463f4371753090e35be9b.yaml b/nuclei-templates/2021/CVE-2021-24738-426067a3112463f4371753090e35be9b.yaml
index 7ed88e3163..120b2c4735 100644
--- a/nuclei-templates/2021/CVE-2021-24738-426067a3112463f4371753090e35be9b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24738-426067a3112463f4371753090e35be9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Logo Carousel <= 3.4.1 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/logo-carousel-free/"
     google-query: inurl:"/wp-content/plugins/logo-carousel-free/"
     shodan-query: 'vuln:CVE-2021-24738'
-  tags: cve,wordpress,wp-plugin,logo-carousel-free,medium
+  tags: cve,wordpress,wp-plugin,logo-carousel-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24740-a9f74f94f7fdfe42f50099f4c0f55e53.yaml b/nuclei-templates/2021/CVE-2021-24740-a9f74f94f7fdfe42f50099f4c0f55e53.yaml
index 273bccd0b7..081c110360 100644
--- a/nuclei-templates/2021/CVE-2021-24740-a9f74f94f7fdfe42f50099f4c0f55e53.yaml
+++ b/nuclei-templates/2021/CVE-2021-24740-a9f74f94f7fdfe42f50099f4c0f55e53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 1.9.8 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2021-24740'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24743-e54fc04abf0b5b0662339153e1522a1e.yaml b/nuclei-templates/2021/CVE-2021-24743-e54fc04abf0b5b0662339153e1522a1e.yaml
index 46e0e0a961..09723abe66 100644
--- a/nuclei-templates/2021/CVE-2021-24743-e54fc04abf0b5b0662339153e1522a1e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24743-e54fc04abf0b5b0662339153e1522a1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podcast Subscribe Buttons < 1.4.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podcast-subscribe-buttons/"
     google-query: inurl:"/wp-content/plugins/podcast-subscribe-buttons/"
     shodan-query: 'vuln:CVE-2021-24743'
-  tags: cve,wordpress,wp-plugin,podcast-subscribe-buttons,medium
+  tags: cve,wordpress,wp-plugin,podcast-subscribe-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24744-14cc2ff52c2662c5bebf9121075ccf4f.yaml b/nuclei-templates/2021/CVE-2021-24744-14cc2ff52c2662c5bebf9121075ccf4f.yaml
index c29917705c..b69af75a78 100644
--- a/nuclei-templates/2021/CVE-2021-24744-14cc2ff52c2662c5bebf9121075ccf4f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24744-14cc2ff52c2662c5bebf9121075ccf4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cimatti Contact Forms <= 1.4.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cimatti Contact Forms plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4.11.This is due to insufficient input sanitization and output escaping on the title value of a form and makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. This only affects multi-site installations and installations where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-forms/"
     google-query: inurl:"/wp-content/plugins/contact-forms/"
     shodan-query: 'vuln:CVE-2021-24744'
-  tags: cve,wordpress,wp-plugin,contact-forms,medium
+  tags: cve,wordpress,wp-plugin,contact-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24745-0b3e32c5343e2d92c6dd937071e516b1.yaml b/nuclei-templates/2021/CVE-2021-24745-0b3e32c5343e2d92c6dd937071e516b1.yaml
index bf11e4011b..4efd777365 100644
--- a/nuclei-templates/2021/CVE-2021-24745-0b3e32c5343e2d92c6dd937071e516b1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24745-0b3e32c5343e2d92c6dd937071e516b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     About Author Box < 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/about-author-box/"
     google-query: inurl:"/wp-content/plugins/about-author-box/"
     shodan-query: 'vuln:CVE-2021-24745'
-  tags: cve,wordpress,wp-plugin,about-author-box,medium
+  tags: cve,wordpress,wp-plugin,about-author-box,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24747-cc60724a02e2069155463638fe585163.yaml b/nuclei-templates/2021/CVE-2021-24747-cc60724a02e2069155463638fe585163.yaml
index 7635c225dc..a70aef8ae3 100644
--- a/nuclei-templates/2021/CVE-2021-24747-cc60724a02e2069155463638fe585163.yaml
+++ b/nuclei-templates/2021/CVE-2021-24747-cc60724a02e2069155463638fe585163.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Booster <= 3.7 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-booster/"
     google-query: inurl:"/wp-content/plugins/seo-booster/"
     shodan-query: 'vuln:CVE-2021-24747'
-  tags: cve,wordpress,wp-plugin,seo-booster,high
+  tags: cve,wordpress,wp-plugin,seo-booster,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24748-6ebfe44ebffa047243d43e4d8e8b6f78.yaml b/nuclei-templates/2021/CVE-2021-24748-6ebfe44ebffa047243d43e4d8e8b6f78.yaml
index 0f12af0455..8ab1ace7c2 100644
--- a/nuclei-templates/2021/CVE-2021-24748-6ebfe44ebffa047243d43e4d8e8b6f78.yaml
+++ b/nuclei-templates/2021/CVE-2021-24748-6ebfe44ebffa047243d43e4d8e8b6f78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Before Download <= 6.7 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-before-download/"
     google-query: inurl:"/wp-content/plugins/email-before-download/"
     shodan-query: 'vuln:CVE-2021-24748'
-  tags: cve,wordpress,wp-plugin,email-before-download,high
+  tags: cve,wordpress,wp-plugin,email-before-download,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24750-8bca0401c2687aab215b4ddd44231c26.yaml b/nuclei-templates/2021/CVE-2021-24750-8bca0401c2687aab215b4ddd44231c26.yaml
index 0b98503e3a..f97a3de8fb 100644
--- a/nuclei-templates/2021/CVE-2021-24750-8bca0401c2687aab215b4ddd44231c26.yaml
+++ b/nuclei-templates/2021/CVE-2021-24750-8bca0401c2687aab215b4ddd44231c26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Visitor Statistics (Real Time Traffic) <= 4.7 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-stats-manager/"
     google-query: inurl:"/wp-content/plugins/wp-stats-manager/"
     shodan-query: 'vuln:CVE-2021-24750'
-  tags: cve,wordpress,wp-plugin,wp-stats-manager,high
+  tags: cve,wordpress,wp-plugin,wp-stats-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24751-207f8d3483b6bc918c2a6bbcc21fd35b.yaml b/nuclei-templates/2021/CVE-2021-24751-207f8d3483b6bc918c2a6bbcc21fd35b.yaml
index 53202688f5..b63828ba82 100644
--- a/nuclei-templates/2021/CVE-2021-24751-207f8d3483b6bc918c2a6bbcc21fd35b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24751-207f8d3483b6bc918c2a6bbcc21fd35b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GenerateBlocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/generateblocks/"
     google-query: inurl:"/wp-content/plugins/generateblocks/"
     shodan-query: 'vuln:CVE-2021-24751'
-  tags: cve,wordpress,wp-plugin,generateblocks,medium
+  tags: cve,wordpress,wp-plugin,generateblocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24752-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/2021/CVE-2021-24752-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml
index dfc5ee8723..c1d7c3eee5 100644
--- a/nuclei-templates/2021/CVE-2021-24752-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24752-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CatchThemes Plugins (Various Versions) - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.4
     cve-id: CVE-2021-24752
   metadata:
-    fofa-query: "wp-content/plugins/header-enhancement/"
-    google-query: inurl:"/wp-content/plugins/header-enhancement/"
+    fofa-query: "wp-content/plugins/catch-scroll-progress-bar/"
+    google-query: inurl:"/wp-content/plugins/catch-scroll-progress-bar/"
     shodan-query: 'vuln:CVE-2021-24752'
-  tags: cve,wordpress,wp-plugin,header-enhancement,medium
+  tags: cve,wordpress,wp-plugin,catch-scroll-progress-bar,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/header-enhancement/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/catch-scroll-progress-bar/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "header-enhancement"
+          - "catch-scroll-progress-bar"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.5')
\ No newline at end of file
+          - compare_versions(version, '< 1.6')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-24753-b5ff51b3c591b9026f1ed0c5c634aabc.yaml b/nuclei-templates/2021/CVE-2021-24753-b5ff51b3c591b9026f1ed0c5c634aabc.yaml
index adfe2d89b7..d8fe3bc7ed 100644
--- a/nuclei-templates/2021/CVE-2021-24753-b5ff51b3c591b9026f1ed0c5c634aabc.yaml
+++ b/nuclei-templates/2021/CVE-2021-24753-b5ff51b3c591b9026f1ed0c5c634aabc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rich Reviews by Starfish <= 1.9.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rich-reviews/"
     google-query: inurl:"/wp-content/plugins/rich-reviews/"
     shodan-query: 'vuln:CVE-2021-24753'
-  tags: cve,wordpress,wp-plugin,rich-reviews,high
+  tags: cve,wordpress,wp-plugin,rich-reviews,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24754-b48bd5a9b387deec2652bf65a2f60d36.yaml b/nuclei-templates/2021/CVE-2021-24754-b48bd5a9b387deec2652bf65a2f60d36.yaml
index 6af0c1b8a5..1f6c17b047 100644
--- a/nuclei-templates/2021/CVE-2021-24754-b48bd5a9b387deec2652bf65a2f60d36.yaml
+++ b/nuclei-templates/2021/CVE-2021-24754-b48bd5a9b387deec2652bf65a2f60d36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Child Reports <= 2.0.7 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-child-reports/"
     google-query: inurl:"/wp-content/plugins/mainwp-child-reports/"
     shodan-query: 'vuln:CVE-2021-24754'
-  tags: cve,wordpress,wp-plugin,mainwp-child-reports,high
+  tags: cve,wordpress,wp-plugin,mainwp-child-reports,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24755-a4073afeed9945d540c4483af566c48e.yaml b/nuclei-templates/2021/CVE-2021-24755-a4073afeed9945d540c4483af566c48e.yaml
index dcd8e24060..132d9654e0 100644
--- a/nuclei-templates/2021/CVE-2021-24755-a4073afeed9945d540c4483af566c48e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24755-a4073afeed9945d540c4483af566c48e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.2 - Subscriber+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mycred/"
     google-query: inurl:"/wp-content/plugins/mycred/"
     shodan-query: 'vuln:CVE-2021-24755'
-  tags: cve,wordpress,wp-plugin,mycred,high
+  tags: cve,wordpress,wp-plugin,mycred,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24756-a51f4e9f249cf27f338341ad1f220702.yaml b/nuclei-templates/2021/CVE-2021-24756-a51f4e9f249cf27f338341ad1f220702.yaml
index e42fba5c68..0956cefda9 100644
--- a/nuclei-templates/2021/CVE-2021-24756-a51f4e9f249cf27f338341ad1f220702.yaml
+++ b/nuclei-templates/2021/CVE-2021-24756-a51f4e9f249cf27f338341ad1f220702.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP System Log < 1.0.21 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/winterlock/"
     google-query: inurl:"/wp-content/plugins/winterlock/"
     shodan-query: 'vuln:CVE-2021-24756'
-  tags: cve,wordpress,wp-plugin,winterlock,medium
+  tags: cve,wordpress,wp-plugin,winterlock,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24758-ed713a06b3f7e4b3455b2dcdb9972457.yaml b/nuclei-templates/2021/CVE-2021-24758-ed713a06b3f7e4b3455b2dcdb9972457.yaml
index 2761e89795..124d4694f3 100644
--- a/nuclei-templates/2021/CVE-2021-24758-ed713a06b3f7e4b3455b2dcdb9972457.yaml
+++ b/nuclei-templates/2021/CVE-2021-24758-ed713a06b3f7e4b3455b2dcdb9972457.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Log <= 2.4.6 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-log/"
     google-query: inurl:"/wp-content/plugins/email-log/"
     shodan-query: 'vuln:CVE-2021-24758'
-  tags: cve,wordpress,wp-plugin,email-log,high
+  tags: cve,wordpress,wp-plugin,email-log,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24759-732f3abc36bb4bb116e7c8687f86e2aa.yaml b/nuclei-templates/2021/CVE-2021-24759-732f3abc36bb4bb116e7c8687f86e2aa.yaml
index f9d846936d..3f4ff63494 100644
--- a/nuclei-templates/2021/CVE-2021-24759-732f3abc36bb4bb116e7c8687f86e2aa.yaml
+++ b/nuclei-templates/2021/CVE-2021-24759-732f3abc36bb4bb116e7c8687f86e2aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF.js Viewer <= 2.0.1 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdfjs-viewer-shortcode/"
     google-query: inurl:"/wp-content/plugins/pdfjs-viewer-shortcode/"
     shodan-query: 'vuln:CVE-2021-24759'
-  tags: cve,wordpress,wp-plugin,pdfjs-viewer-shortcode,medium
+  tags: cve,wordpress,wp-plugin,pdfjs-viewer-shortcode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24760-a843323be037daf5f3b8528ace16935d.yaml b/nuclei-templates/2021/CVE-2021-24760-a843323be037daf5f3b8528ace16935d.yaml
index ba0e10bcc5..a4d7e03861 100644
--- a/nuclei-templates/2021/CVE-2021-24760-a843323be037daf5f3b8528ace16935d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24760-a843323be037daf5f3b8528ace16935d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg PDF Viewer Block <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-viewer-block/"
     google-query: inurl:"/wp-content/plugins/pdf-viewer-block/"
     shodan-query: 'vuln:CVE-2021-24760'
-  tags: cve,wordpress,wp-plugin,pdf-viewer-block,medium
+  tags: cve,wordpress,wp-plugin,pdf-viewer-block,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24761-4c143b0897524c6ae94ca24b5d894e6a.yaml b/nuclei-templates/2021/CVE-2021-24761-4c143b0897524c6ae94ca24b5d894e6a.yaml
index 584b733727..04b85aa2a0 100644
--- a/nuclei-templates/2021/CVE-2021-24761-4c143b0897524c6ae94ca24b5d894e6a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24761-4c143b0897524c6ae94ca24b5d894e6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Error Log Viewer by BestWebSoft <= 1.1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/error-log-viewer/"
     google-query: inurl:"/wp-content/plugins/error-log-viewer/"
     shodan-query: 'vuln:CVE-2021-24761'
-  tags: cve,wordpress,wp-plugin,error-log-viewer,high
+  tags: cve,wordpress,wp-plugin,error-log-viewer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24763-a8d322ee7f2a3aae906b690c8d232e76.yaml b/nuclei-templates/2021/CVE-2021-24763-a8d322ee7f2a3aae906b690c8d232e76.yaml
index 6c356523e9..0ef4449bc2 100644
--- a/nuclei-templates/2021/CVE-2021-24763-a8d322ee7f2a3aae906b690c8d232e76.yaml
+++ b/nuclei-templates/2021/CVE-2021-24763-a8d322ee7f2a3aae906b690c8d232e76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Perfect Survey <= 1.5.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which will be executed in the context of a user viewing any survey
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/perfect-survey/"
     google-query: inurl:"/wp-content/plugins/perfect-survey/"
     shodan-query: 'vuln:CVE-2021-24763'
-  tags: cve,wordpress,wp-plugin,perfect-survey,high
+  tags: cve,wordpress,wp-plugin,perfect-survey,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24768-c9743e9890778c464db472a56cb6fc0e.yaml b/nuclei-templates/2021/CVE-2021-24768-c9743e9890778c464db472a56cb6fc0e.yaml
index cb2d6bc0b5..fa74d32fcb 100644
--- a/nuclei-templates/2021/CVE-2021-24768-c9743e9890778c464db472a56cb6fc0e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24768-c9743e9890778c464db472a56cb6fc0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP RSS Aggregator <= 4.19.1 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rss-aggregator/"
     google-query: inurl:"/wp-content/plugins/wp-rss-aggregator/"
     shodan-query: 'vuln:CVE-2021-24768'
-  tags: cve,wordpress,wp-plugin,wp-rss-aggregator,medium
+  tags: cve,wordpress,wp-plugin,wp-rss-aggregator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24769-e32cc6e85c9fbac88c9c7b48d1277259.yaml b/nuclei-templates/2021/CVE-2021-24769-e32cc6e85c9fbac88c9c7b48d1277259.yaml
index 6ec2d56694..c217c553ef 100644
--- a/nuclei-templates/2021/CVE-2021-24769-e32cc6e85c9fbac88c9c7b48d1277259.yaml
+++ b/nuclei-templates/2021/CVE-2021-24769-e32cc6e85c9fbac88c9c7b48d1277259.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Permalink Manager Lite <= 2.2.12 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/permalink-manager/"
     google-query: inurl:"/wp-content/plugins/permalink-manager/"
     shodan-query: 'vuln:CVE-2021-24769'
-  tags: cve,wordpress,wp-plugin,permalink-manager,high
+  tags: cve,wordpress,wp-plugin,permalink-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24770-bcf6a8a116341bcac1e69fe2f154a5e2.yaml b/nuclei-templates/2021/CVE-2021-24770-bcf6a8a116341bcac1e69fe2f154a5e2.yaml
index 3803b55dc6..b2ce5f9bda 100644
--- a/nuclei-templates/2021/CVE-2021-24770-bcf6a8a116341bcac1e69fe2f154a5e2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24770-bcf6a8a116341bcac1e69fe2f154a5e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stylish Price List <= 6.9.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stylish-price-list/"
     google-query: inurl:"/wp-content/plugins/stylish-price-list/"
     shodan-query: 'vuln:CVE-2021-24770'
-  tags: cve,wordpress,wp-plugin,stylish-price-list,medium
+  tags: cve,wordpress,wp-plugin,stylish-price-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24771-2a97538728d15bbfb55e66c4649885a4.yaml b/nuclei-templates/2021/CVE-2021-24771-2a97538728d15bbfb55e66c4649885a4.yaml
index 9f27519222..5ee67ff6ff 100644
--- a/nuclei-templates/2021/CVE-2021-24771-2a97538728d15bbfb55e66c4649885a4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24771-2a97538728d15bbfb55e66c4649885a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inspirational Quote Rotator <= 1.0.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/inspirational-quote-rotator/"
     google-query: inurl:"/wp-content/plugins/inspirational-quote-rotator/"
     shodan-query: 'vuln:CVE-2021-24771'
-  tags: cve,wordpress,wp-plugin,inspirational-quote-rotator,medium
+  tags: cve,wordpress,wp-plugin,inspirational-quote-rotator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24772-439ba91c06350a9c8bb984e5dff1a4a4.yaml b/nuclei-templates/2021/CVE-2021-24772-439ba91c06350a9c8bb984e5dff1a4a4.yaml
index 9a3fb09d2f..605cdf691c 100644
--- a/nuclei-templates/2021/CVE-2021-24772-439ba91c06350a9c8bb984e5dff1a4a4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24772-439ba91c06350a9c8bb984e5dff1a4a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stream <= 3.8.1 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stream/"
     google-query: inurl:"/wp-content/plugins/stream/"
     shodan-query: 'vuln:CVE-2021-24772'
-  tags: cve,wordpress,wp-plugin,stream,high
+  tags: cve,wordpress,wp-plugin,stream,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24773-bc9258a94f7c2dba9bd7d9f332571167.yaml b/nuclei-templates/2021/CVE-2021-24773-bc9258a94f7c2dba9bd7d9f332571167.yaml
index 2f37f4205d..facb388779 100644
--- a/nuclei-templates/2021/CVE-2021-24773-bc9258a94f7c2dba9bd7d9f332571167.yaml
+++ b/nuclei-templates/2021/CVE-2021-24773-bc9258a94f7c2dba9bd7d9f332571167.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 3.2.15 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2021-24773'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24774-88a3c1a86120c49f8c7acdd40fc0ba9b.yaml b/nuclei-templates/2021/CVE-2021-24774-88a3c1a86120c49f8c7acdd40fc0ba9b.yaml
index 5c4ae026c8..1ff8ecd565 100644
--- a/nuclei-templates/2021/CVE-2021-24774-88a3c1a86120c49f8c7acdd40fc0ba9b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24774-88a3c1a86120c49f8c7acdd40fc0ba9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Check & Log Email <= 1.0.2 - Admin+ SQL Injection via Order and OrderBy parameters
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/check-email/"
     google-query: inurl:"/wp-content/plugins/check-email/"
     shodan-query: 'vuln:CVE-2021-24774'
-  tags: cve,wordpress,wp-plugin,check-email,high
+  tags: cve,wordpress,wp-plugin,check-email,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24777-e36d961a443fc07bfdc5e0b939b3e6e6.yaml b/nuclei-templates/2021/CVE-2021-24777-e36d961a443fc07bfdc5e0b939b3e6e6.yaml
index 20e8686b25..dec55eec46 100644
--- a/nuclei-templates/2021/CVE-2021-24777-e36d961a443fc07bfdc5e0b939b3e6e6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24777-e36d961a443fc07bfdc5e0b939b3e6e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hotscot Contact Form < 1.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hotscot-contact-form/"
     google-query: inurl:"/wp-content/plugins/hotscot-contact-form/"
     shodan-query: 'vuln:CVE-2021-24777'
-  tags: cve,wordpress,wp-plugin,hotscot-contact-form,high
+  tags: cve,wordpress,wp-plugin,hotscot-contact-form,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24778-1ff709162f10c9c6eac55480ea55c5a7.yaml b/nuclei-templates/2021/CVE-2021-24778-1ff709162f10c9c6eac55480ea55c5a7.yaml
index 0ae9a6d4f3..bcd96870ea 100644
--- a/nuclei-templates/2021/CVE-2021-24778-1ff709162f10c9c6eac55480ea55c5a7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24778-1ff709162f10c9c6eac55480ea55c5a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tradetracker-Store < 4.6.60 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Tradetracker-Store plugin for WordPress is vulnerable to generic SQL Injection via the ‘test’ parameter in versions before 4.6.60 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for highly-authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tradetracker-store/"
     google-query: inurl:"/wp-content/plugins/tradetracker-store/"
     shodan-query: 'vuln:CVE-2021-24778'
-  tags: cve,wordpress,wp-plugin,tradetracker-store,high
+  tags: cve,wordpress,wp-plugin,tradetracker-store,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24782-4ccd73756d3ff800ac0459f5347027d3.yaml b/nuclei-templates/2021/CVE-2021-24782-4ccd73756d3ff800ac0459f5347027d3.yaml
index ca2bc5a888..0e88aafde1 100644
--- a/nuclei-templates/2021/CVE-2021-24782-4ccd73756d3ff800ac0459f5347027d3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24782-4ccd73756d3ff800ac0459f5347027d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flex Local Fonts <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fsflex-local-fonts/"
     google-query: inurl:"/wp-content/plugins/fsflex-local-fonts/"
     shodan-query: 'vuln:CVE-2021-24782'
-  tags: cve,wordpress,wp-plugin,fsflex-local-fonts,medium
+  tags: cve,wordpress,wp-plugin,fsflex-local-fonts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24785-a9ade0513aa1dccbdad4ffd99dcceb42.yaml b/nuclei-templates/2021/CVE-2021-24785-a9ade0513aa1dccbdad4ffd99dcceb42.yaml
index a845751fff..d8e0b96a9c 100644
--- a/nuclei-templates/2021/CVE-2021-24785-a9ade0513aa1dccbdad4ffd99dcceb42.yaml
+++ b/nuclei-templates/2021/CVE-2021-24785-a9ade0513aa1dccbdad4ffd99dcceb42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Great Quotes <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Great Quotes WordPress plugin through 1.0.0 does not sanitise and escape the Quote and Author fields of its Quotes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/great-quotes/"
     google-query: inurl:"/wp-content/plugins/great-quotes/"
     shodan-query: 'vuln:CVE-2021-24785'
-  tags: cve,wordpress,wp-plugin,great-quotes,medium
+  tags: cve,wordpress,wp-plugin,great-quotes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24786-ee37641121dd5ca3e58a921bd679af5c.yaml b/nuclei-templates/2021/CVE-2021-24786-ee37641121dd5ca3e58a921bd679af5c.yaml
index 0e0c2aa2a3..f2c972800b 100644
--- a/nuclei-templates/2021/CVE-2021-24786-ee37641121dd5ca3e58a921bd679af5c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24786-ee37641121dd5ca3e58a921bd679af5c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 4.4.4 - Admin+ SQL Injection via orderby parameter
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:CVE-2021-24786'
-  tags: cve,wordpress,wp-plugin,download-monitor,high
+  tags: cve,wordpress,wp-plugin,download-monitor,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24787-f12b94e3ed29f6a01de55ac0eaeeefde.yaml b/nuclei-templates/2021/CVE-2021-24787-f12b94e3ed29f6a01de55ac0eaeeefde.yaml
index 2d7cc6aca8..2050e47a34 100644
--- a/nuclei-templates/2021/CVE-2021-24787-f12b94e3ed29f6a01de55ac0eaeeefde.yaml
+++ b/nuclei-templates/2021/CVE-2021-24787-f12b94e3ed29f6a01de55ac0eaeeefde.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Client Invoicing by Sprout Invoices <= 19.9.6 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Client Invoicing by Sprout Invoices plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to the plugin not sanitising and escaping some of its settings. This makes it possible for high privilege users to inject arbitrary web scripts in pages to perform attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sprout-invoices/"
     google-query: inurl:"/wp-content/plugins/sprout-invoices/"
     shodan-query: 'vuln:CVE-2021-24787'
-  tags: cve,wordpress,wp-plugin,sprout-invoices,medium
+  tags: cve,wordpress,wp-plugin,sprout-invoices,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24788-5fc1378196caf660cea9b35242972f9a.yaml b/nuclei-templates/2021/CVE-2021-24788-5fc1378196caf660cea9b35242972f9a.yaml
index 8fc20d0a05..454015bba8 100644
--- a/nuclei-templates/2021/CVE-2021-24788-5fc1378196caf660cea9b35242972f9a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24788-5fc1378196caf660cea9b35242972f9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Batch Cat <= 0.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/batch-cat/"
     google-query: inurl:"/wp-content/plugins/batch-cat/"
     shodan-query: 'vuln:CVE-2021-24788'
-  tags: cve,wordpress,wp-plugin,batch-cat,medium
+  tags: cve,wordpress,wp-plugin,batch-cat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24789-49a588fa69586f2484ce1bba5358bbd9.yaml b/nuclei-templates/2021/CVE-2021-24789-49a588fa69586f2484ce1bba5358bbd9.yaml
index 5025efc27a..e2fe0eac13 100644
--- a/nuclei-templates/2021/CVE-2021-24789-49a588fa69586f2484ce1bba5358bbd9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24789-49a588fa69586f2484ce1bba5358bbd9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flat Preloader < 1.5.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flat-preloader/"
     google-query: inurl:"/wp-content/plugins/flat-preloader/"
     shodan-query: 'vuln:CVE-2021-24789'
-  tags: cve,wordpress,wp-plugin,flat-preloader,medium
+  tags: cve,wordpress,wp-plugin,flat-preloader,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24791-4e85b966f722637fb8ba38d8dce7367a.yaml b/nuclei-templates/2021/CVE-2021-24791-4e85b966f722637fb8ba38d8dce7367a.yaml
index 14a8386748..64f06fc647 100644
--- a/nuclei-templates/2021/CVE-2021-24791-4e85b966f722637fb8ba38d8dce7367a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24791-4e85b966f722637fb8ba38d8dce7367a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Header Footer Code Manager <= 1.1.13 - Authenticated SQL Injections
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/header-footer-code-manager/"
     google-query: inurl:"/wp-content/plugins/header-footer-code-manager/"
     shodan-query: 'vuln:CVE-2021-24791'
-  tags: cve,wordpress,wp-plugin,header-footer-code-manager,high
+  tags: cve,wordpress,wp-plugin,header-footer-code-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24793-ce2aa47cca210105b9ad928ad1c57540.yaml b/nuclei-templates/2021/CVE-2021-24793-ce2aa47cca210105b9ad928ad1c57540.yaml
index c4bdc75d92..da4117bd1b 100644
--- a/nuclei-templates/2021/CVE-2021-24793-ce2aa47cca210105b9ad928ad1c57540.yaml
+++ b/nuclei-templates/2021/CVE-2021-24793-ce2aa47cca210105b9ad928ad1c57540.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPeMatico RSS Feed Fetcher <= 2.6.11 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpematico/"
     google-query: inurl:"/wp-content/plugins/wpematico/"
     shodan-query: 'vuln:CVE-2021-24793'
-  tags: cve,wordpress,wp-plugin,wpematico,medium
+  tags: cve,wordpress,wp-plugin,wpematico,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24794-1f71cd156c1c7a7919178911b00bc151.yaml b/nuclei-templates/2021/CVE-2021-24794-1f71cd156c1c7a7919178911b00bc151.yaml
index 3143434050..0bed9f8a89 100644
--- a/nuclei-templates/2021/CVE-2021-24794-1f71cd156c1c7a7919178911b00bc151.yaml
+++ b/nuclei-templates/2021/CVE-2021-24794-1f71cd156c1c7a7919178911b00bc151.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Connections Business Directory <= 10.4.2 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/connections/"
     google-query: inurl:"/wp-content/plugins/connections/"
     shodan-query: 'vuln:CVE-2021-24794'
-  tags: cve,wordpress,wp-plugin,connections,medium
+  tags: cve,wordpress,wp-plugin,connections,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24796-77e642ff24948f5be818c3b7338e42ce.yaml b/nuclei-templates/2021/CVE-2021-24796-77e642ff24948f5be818c3b7338e42ce.yaml
index 26e87a824e..88ef33dbae 100644
--- a/nuclei-templates/2021/CVE-2021-24796-77e642ff24948f5be818c3b7338e42ce.yaml
+++ b/nuclei-templates/2021/CVE-2021-24796-77e642ff24948f5be818c3b7338e42ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Tickets <= 1.8.30 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The My Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Email field of booked tickets in versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-tickets/"
     google-query: inurl:"/wp-content/plugins/my-tickets/"
     shodan-query: 'vuln:CVE-2021-24796'
-  tags: cve,wordpress,wp-plugin,my-tickets,medium
+  tags: cve,wordpress,wp-plugin,my-tickets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24800-076d6aabf5652856b3ecd43b1d4071c7.yaml b/nuclei-templates/2021/CVE-2021-24800-076d6aabf5652856b3ecd43b1d4071c7.yaml
index 2a32b6f018..b6f6a7b327 100644
--- a/nuclei-templates/2021/CVE-2021-24800-076d6aabf5652856b3ecd43b1d4071c7.yaml
+++ b/nuclei-templates/2021/CVE-2021-24800-076d6aabf5652856b3ecd43b1d4071c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DW Question & Answer Pro <= 1.3.4 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dw-question-answer-pro/"
     google-query: inurl:"/wp-content/plugins/dw-question-answer-pro/"
     shodan-query: 'vuln:CVE-2021-24800'
-  tags: cve,wordpress,wp-plugin,dw-question-answer-pro,medium
+  tags: cve,wordpress,wp-plugin,dw-question-answer-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24803-ed27c4cd836ec804d97b971161525852.yaml b/nuclei-templates/2021/CVE-2021-24803-ed27c4cd836ec804d97b971161525852.yaml
index 22b1475ab8..dce1d1517d 100644
--- a/nuclei-templates/2021/CVE-2021-24803-ed27c4cd836ec804d97b971161525852.yaml
+++ b/nuclei-templates/2021/CVE-2021-24803-ed27c4cd836ec804d97b971161525852.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Core Tweaks WP Setup <= 4.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-automatic-wp-core-tweaks/"
     google-query: inurl:"/wp-content/plugins/seo-automatic-wp-core-tweaks/"
     shodan-query: 'vuln:CVE-2021-24803'
-  tags: cve,wordpress,wp-plugin,seo-automatic-wp-core-tweaks,high
+  tags: cve,wordpress,wp-plugin,seo-automatic-wp-core-tweaks,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24804-3ada0767be249ce4ccbdfd9339b2ad7e.yaml b/nuclei-templates/2021/CVE-2021-24804-3ada0767be249ce4ccbdfd9339b2ad7e.yaml
index af73ac2e4d..1989855c00 100644
--- a/nuclei-templates/2021/CVE-2021-24804-3ada0767be249ce4ccbdfd9339b2ad7e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24804-3ada0767be249ce4ccbdfd9339b2ad7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-jwt-login/"
     google-query: inurl:"/wp-content/plugins/simple-jwt-login/"
     shodan-query: 'vuln:CVE-2021-24804'
-  tags: cve,wordpress,wp-plugin,simple-jwt-login,high
+  tags: cve,wordpress,wp-plugin,simple-jwt-login,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24807-c1a62af10487c310f7866304f28fe56c.yaml b/nuclei-templates/2021/CVE-2021-24807-c1a62af10487c310f7866304f28fe56c.yaml
index 29dfbf9106..ab2c1a3db3 100644
--- a/nuclei-templates/2021/CVE-2021-24807-c1a62af10487c310f7866304f28fe56c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24807-c1a62af10487c310f7866304f28fe56c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Support Board <= 3.3.4 - Agent+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportboard/"
     google-query: inurl:"/wp-content/plugins/supportboard/"
     shodan-query: 'vuln:CVE-2021-24807'
-  tags: cve,wordpress,wp-plugin,supportboard,medium
+  tags: cve,wordpress,wp-plugin,supportboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24809-aa4a0e71714152916ddf88945c46dfa0.yaml b/nuclei-templates/2021/CVE-2021-24809-aa4a0e71714152916ddf88945c46dfa0.yaml
index f7404e9327..de742c9a49 100644
--- a/nuclei-templates/2021/CVE-2021-24809-aa4a0e71714152916ddf88945c46dfa0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24809-aa4a0e71714152916ddf88945c46dfa0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BP Better Messages <= 1.9.9.37 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-better-messages/"
     google-query: inurl:"/wp-content/plugins/bp-better-messages/"
     shodan-query: 'vuln:CVE-2021-24809'
-  tags: cve,wordpress,wp-plugin,bp-better-messages,high
+  tags: cve,wordpress,wp-plugin,bp-better-messages,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24810-b1c130064cba38fde3b249c93cb244d8.yaml b/nuclei-templates/2021/CVE-2021-24810-b1c130064cba38fde3b249c93cb244d8.yaml
index f0dffb5aee..1d7f9593f1 100644
--- a/nuclei-templates/2021/CVE-2021-24810-b1c130064cba38fde3b249c93cb244d8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24810-b1c130064cba38fde3b249c93cb244d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Event Manager <= 3.1.22 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-event-manager/"
     google-query: inurl:"/wp-content/plugins/wp-event-manager/"
     shodan-query: 'vuln:CVE-2021-24810'
-  tags: cve,wordpress,wp-plugin,wp-event-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-event-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24811-2bd96fa6fc397c3dffcc3e90ed6550f2.yaml b/nuclei-templates/2021/CVE-2021-24811-2bd96fa6fc397c3dffcc3e90ed6550f2.yaml
index 18782d8d8c..554b122eb9 100644
--- a/nuclei-templates/2021/CVE-2021-24811-2bd96fa6fc397c3dffcc3e90ed6550f2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24811-2bd96fa6fc397c3dffcc3e90ed6550f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shop Page WP <= 1.2.7 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shop Page WP WordPress plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shop-page-wp/"
     google-query: inurl:"/wp-content/plugins/shop-page-wp/"
     shodan-query: 'vuln:CVE-2021-24811'
-  tags: cve,wordpress,wp-plugin,shop-page-wp,medium
+  tags: cve,wordpress,wp-plugin,shop-page-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24812-7f5e21acda03d1d7fde69a880719d61b.yaml b/nuclei-templates/2021/CVE-2021-24812-7f5e21acda03d1d7fde69a880719d61b.yaml
index f500fc4373..3a5441bfc9 100644
--- a/nuclei-templates/2021/CVE-2021-24812-7f5e21acda03d1d7fde69a880719d61b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24812-7f5e21acda03d1d7fde69a880719d61b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BetterLinks – Shorten, Track and Manage any URL <= 1.2.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/betterlinks/"
     google-query: inurl:"/wp-content/plugins/betterlinks/"
     shodan-query: 'vuln:CVE-2021-24812'
-  tags: cve,wordpress,wp-plugin,betterlinks,medium
+  tags: cve,wordpress,wp-plugin,betterlinks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24813-a5068346d1e00e358b18b96ff80d8028.yaml b/nuclei-templates/2021/CVE-2021-24813-a5068346d1e00e358b18b96ff80d8028.yaml
index c87f5fc10f..da31757bdb 100644
--- a/nuclei-templates/2021/CVE-2021-24813-a5068346d1e00e358b18b96ff80d8028.yaml
+++ b/nuclei-templates/2021/CVE-2021-24813-a5068346d1e00e358b18b96ff80d8028.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Made Easy <= 2.2.23 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-made-easy/"
     google-query: inurl:"/wp-content/plugins/events-made-easy/"
     shodan-query: 'vuln:CVE-2021-24813'
-  tags: cve,wordpress,wp-plugin,events-made-easy,medium
+  tags: cve,wordpress,wp-plugin,events-made-easy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24815-89760f3ab457772708d08bbbb7ce1092.yaml b/nuclei-templates/2021/CVE-2021-24815-89760f3ab457772708d08bbbb7ce1092.yaml
index 6703353ec6..03a455b20e 100644
--- a/nuclei-templates/2021/CVE-2021-24815-89760f3ab457772708d08bbbb7ce1092.yaml
+++ b/nuclei-templates/2021/CVE-2021-24815-89760f3ab457772708d08bbbb7ce1092.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paypal Donation <= 1.3.1 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Accept Donations with PayPal WordPress plugin before 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-paypal-donation/"
     google-query: inurl:"/wp-content/plugins/easy-paypal-donation/"
     shodan-query: 'vuln:CVE-2021-24815'
-  tags: cve,wordpress,wp-plugin,easy-paypal-donation,medium
+  tags: cve,wordpress,wp-plugin,easy-paypal-donation,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24817-a8cfb826ae3cd1e60648ab483d0a35aa.yaml b/nuclei-templates/2021/CVE-2021-24817-a8cfb826ae3cd1e60648ab483d0a35aa.yaml
index 0e4af60ad0..4c42dc0703 100644
--- a/nuclei-templates/2021/CVE-2021-24817-a8cfb826ae3cd1e60648ab483d0a35aa.yaml
+++ b/nuclei-templates/2021/CVE-2021-24817-a8cfb826ae3cd1e60648ab483d0a35aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate NoFollow <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nofollow/"
     google-query: inurl:"/wp-content/plugins/nofollow/"
     shodan-query: 'vuln:CVE-2021-24817'
-  tags: cve,wordpress,wp-plugin,nofollow,medium
+  tags: cve,wordpress,wp-plugin,nofollow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24819-4f011bf5e0985256ce0dc243eb8712f9.yaml b/nuclei-templates/2021/CVE-2021-24819-4f011bf5e0985256ce0dc243eb8712f9.yaml
index 5e52d19567..9283fcd1af 100644
--- a/nuclei-templates/2021/CVE-2021-24819-4f011bf5e0985256ce0dc243eb8712f9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24819-4f011bf5e0985256ce0dc243eb8712f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page/Post Content Shortcode <= 1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagepost-content-shortcode/"
     google-query: inurl:"/wp-content/plugins/pagepost-content-shortcode/"
     shodan-query: 'vuln:CVE-2021-24819'
-  tags: cve,wordpress,wp-plugin,pagepost-content-shortcode,medium
+  tags: cve,wordpress,wp-plugin,pagepost-content-shortcode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24820-f3802a1bd27cc43cf9c93101d4cbaed4.yaml b/nuclei-templates/2021/CVE-2021-24820-f3802a1bd27cc43cf9c93101d4cbaed4.yaml
index 738b7af6c2..ab9f904b04 100644
--- a/nuclei-templates/2021/CVE-2021-24820-f3802a1bd27cc43cf9c93101d4cbaed4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24820-f3802a1bd27cc43cf9c93101d4cbaed4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cost Calculator <= 1.8 - Authenticated Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Cost Calculator WordPress plugin through 1.7 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.8) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-projects/"
     google-query: inurl:"/wp-content/plugins/nd-projects/"
     shodan-query: 'vuln:CVE-2021-24820'
-  tags: cve,wordpress,wp-plugin,nd-projects,high
+  tags: cve,wordpress,wp-plugin,nd-projects,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24821-a663013695ba225f715bd4ecd0b647ba.yaml b/nuclei-templates/2021/CVE-2021-24821-a663013695ba225f715bd4ecd0b647ba.yaml
index eda84700c9..72c07ea213 100644
--- a/nuclei-templates/2021/CVE-2021-24821-a663013695ba225f715bd4ecd0b647ba.yaml
+++ b/nuclei-templates/2021/CVE-2021-24821-a663013695ba225f715bd4ecd0b647ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cost Calculator <= 1.5 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-projects/"
     google-query: inurl:"/wp-content/plugins/nd-projects/"
     shodan-query: 'vuln:CVE-2021-24821'
-  tags: cve,wordpress,wp-plugin,nd-projects,medium
+  tags: cve,wordpress,wp-plugin,nd-projects,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24822-17f69747f5418f0c498184d7a40cd5d8.yaml b/nuclei-templates/2021/CVE-2021-24822-17f69747f5418f0c498184d7a40cd5d8.yaml
index 97cc3e66f1..0272e6e6cc 100644
--- a/nuclei-templates/2021/CVE-2021-24822-17f69747f5418f0c498184d7a40cd5d8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24822-17f69747f5418f0c498184d7a40cd5d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stylish Cost Calculator <= 7.0.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users due to the lack of sanitisation and escaping in some parameters
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stylish-cost-calculator/"
     google-query: inurl:"/wp-content/plugins/stylish-cost-calculator/"
     shodan-query: 'vuln:CVE-2021-24822'
-  tags: cve,wordpress,wp-plugin,stylish-cost-calculator,medium
+  tags: cve,wordpress,wp-plugin,stylish-cost-calculator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24823-2a20c012892057123c0688f9b3a4ff38.yaml b/nuclei-templates/2021/CVE-2021-24823-2a20c012892057123c0688f9b3a4ff38.yaml
index 79ed430668..9e3989d6bf 100644
--- a/nuclei-templates/2021/CVE-2021-24823-2a20c012892057123c0688f9b3a4ff38.yaml
+++ b/nuclei-templates/2021/CVE-2021-24823-2a20c012892057123c0688f9b3a4ff38.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Support Board < 3.3.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportboard/"
     google-query: inurl:"/wp-content/plugins/supportboard/"
     shodan-query: 'vuln:CVE-2021-24823'
-  tags: cve,wordpress,wp-plugin,supportboard,high
+  tags: cve,wordpress,wp-plugin,supportboard,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24825-ef34cbe0110e2c6603d8d105d71a9566.yaml b/nuclei-templates/2021/CVE-2021-24825-ef34cbe0110e2c6603d8d105d71a9566.yaml
index 88725789d3..6ef8a6d9a7 100644
--- a/nuclei-templates/2021/CVE-2021-24825-ef34cbe0110e2c6603d8d105d71a9566.yaml
+++ b/nuclei-templates/2021/CVE-2021-24825-ef34cbe0110e2c6603d8d105d71a9566.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Content Shortcode <= 4.0.1 - Authenticated Arbitrary File Access / Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when either the unfiltered_html or file_edit is disallowed)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-content-shortcode/"
     google-query: inurl:"/wp-content/plugins/custom-content-shortcode/"
     shodan-query: 'vuln:CVE-2021-24825'
-  tags: cve,wordpress,wp-plugin,custom-content-shortcode,medium
+  tags: cve,wordpress,wp-plugin,custom-content-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24826-2c26192ebe7847230519e6e8ccb48b5f.yaml b/nuclei-templates/2021/CVE-2021-24826-2c26192ebe7847230519e6e8ccb48b5f.yaml
index 7db11b18a2..ca4a9496b1 100644
--- a/nuclei-templates/2021/CVE-2021-24826-2c26192ebe7847230519e6e8ccb48b5f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24826-2c26192ebe7847230519e6e8ccb48b5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Content Shortcode <= 4.0.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when the unfiltered_html is disallowed)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-content-shortcode/"
     google-query: inurl:"/wp-content/plugins/custom-content-shortcode/"
     shodan-query: 'vuln:CVE-2021-24826'
-  tags: cve,wordpress,wp-plugin,custom-content-shortcode,medium
+  tags: cve,wordpress,wp-plugin,custom-content-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24828-f33817d1f67c73c0784fb9213086394b.yaml b/nuclei-templates/2021/CVE-2021-24828-f33817d1f67c73c0784fb9213086394b.yaml
index a4541e348a..b58f03252b 100644
--- a/nuclei-templates/2021/CVE-2021-24828-f33817d1f67c73c0784fb9213086394b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24828-f33817d1f67c73c0784fb9213086394b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mortgage Calculator / Loan Calculator < 1.5.17 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mortgage-loan-calculator/"
     google-query: inurl:"/wp-content/plugins/mortgage-loan-calculator/"
     shodan-query: 'vuln:CVE-2021-24828'
-  tags: cve,wordpress,wp-plugin,mortgage-loan-calculator,medium
+  tags: cve,wordpress,wp-plugin,mortgage-loan-calculator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24829-4fea783b4afcd4b123f2e73a82fb91f6.yaml b/nuclei-templates/2021/CVE-2021-24829-4fea783b4afcd4b123f2e73a82fb91f6.yaml
index db81292ea0..d932f55270 100644
--- a/nuclei-templates/2021/CVE-2021-24829-4fea783b4afcd4b123f2e73a82fb91f6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24829-4fea783b4afcd4b123f2e73a82fb91f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visitor Traffic Real Time Statistics <= 3.8 - Subscriber+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/"
     google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/"
     shodan-query: 'vuln:CVE-2021-24829'
-  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,high
+  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24830-86962de7248a9bc1e25d4d3ee2951f2c.yaml b/nuclei-templates/2021/CVE-2021-24830-86962de7248a9bc1e25d4d3ee2951f2c.yaml
index 9ce4d9711e..e9e9ed4883 100644
--- a/nuclei-templates/2021/CVE-2021-24830-86962de7248a9bc1e25d4d3ee2951f2c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24830-86962de7248a9bc1e25d4d3ee2951f2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Access Manager <= 6.7.9 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-access-manager/"
     google-query: inurl:"/wp-content/plugins/advanced-access-manager/"
     shodan-query: 'vuln:CVE-2021-24830'
-  tags: cve,wordpress,wp-plugin,advanced-access-manager,medium
+  tags: cve,wordpress,wp-plugin,advanced-access-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24832-0da88a23adab8991ac9273c6a18e2665.yaml b/nuclei-templates/2021/CVE-2021-24832-0da88a23adab8991ac9273c6a18e2665.yaml
index 7b1f4df373..0a44a85bdf 100644
--- a/nuclei-templates/2021/CVE-2021-24832-0da88a23adab8991ac9273c6a18e2665.yaml
+++ b/nuclei-templates/2021/CVE-2021-24832-0da88a23adab8991ac9273c6a18e2665.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SEO Redirect 301 <= 2.3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SEO Redirection - 301 Redirect Manager Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the seo_redirect_admin_page_widget_box() function. This makes it possible for unauthenticated attackers to exploit it via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-seo-redirect-301/"
     google-query: inurl:"/wp-content/plugins/wp-seo-redirect-301/"
     shodan-query: 'vuln:CVE-2021-24832'
-  tags: cve,wordpress,wp-plugin,wp-seo-redirect-301,high
+  tags: cve,wordpress,wp-plugin,wp-seo-redirect-301,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24833-2209fd73f482335c124e2a704dbac383.yaml b/nuclei-templates/2021/CVE-2021-24833-2209fd73f482335c124e2a704dbac383.yaml
index 03285d406f..ea08b69a66 100644
--- a/nuclei-templates/2021/CVE-2021-24833-2209fd73f482335c124e2a704dbac383.yaml
+++ b/nuclei-templates/2021/CVE-2021-24833-2209fd73f482335c124e2a704dbac383.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Preview Module
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of question and answer text parameters in Create Poll module.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yop-poll/"
     google-query: inurl:"/wp-content/plugins/yop-poll/"
     shodan-query: 'vuln:CVE-2021-24833'
-  tags: cve,wordpress,wp-plugin,yop-poll,medium
+  tags: cve,wordpress,wp-plugin,yop-poll,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24834-0779481b7f80c0411ff97013b26aee05.yaml b/nuclei-templates/2021/CVE-2021-24834-0779481b7f80c0411ff97013b26aee05.yaml
index 76cfce70ab..a49f1d0810 100644
--- a/nuclei-templates/2021/CVE-2021-24834-0779481b7f80c0411ff97013b26aee05.yaml
+++ b/nuclei-templates/2021/CVE-2021-24834-0779481b7f80c0411ff97013b26aee05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Options Module
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of custom label parameters - vote button label , results link label and back to vote caption label.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yop-poll/"
     google-query: inurl:"/wp-content/plugins/yop-poll/"
     shodan-query: 'vuln:CVE-2021-24834'
-  tags: cve,wordpress,wp-plugin,yop-poll,medium
+  tags: cve,wordpress,wp-plugin,yop-poll,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24835-21c7f53627abc5f5c7e2ab4c4c0be8ef.yaml b/nuclei-templates/2021/CVE-2021-24835-21c7f53627abc5f5c7e2ab4c4c0be8ef.yaml
index 3966b5d046..bbd4cd4d03 100644
--- a/nuclei-templates/2021/CVE-2021-24835-21c7f53627abc5f5c7e2ab4c4c0be8ef.yaml
+++ b/nuclei-templates/2021/CVE-2021-24835-21c7f53627abc5f5c7e2ab4c4c0be8ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WCFM - Frontend Manager for WooCommerce <= 6.5.11 - Customer/Subscriber+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-frontend-manager/"
     google-query: inurl:"/wp-content/plugins/wc-frontend-manager/"
     shodan-query: 'vuln:CVE-2021-24835'
-  tags: cve,wordpress,wp-plugin,wc-frontend-manager,high
+  tags: cve,wordpress,wp-plugin,wc-frontend-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24837-d2daaa3d964f6f32895fca6e21e6cab6.yaml b/nuclei-templates/2021/CVE-2021-24837-d2daaa3d964f6f32895fca6e21e6cab6.yaml
index ae21028a25..cedceae5ca 100644
--- a/nuclei-templates/2021/CVE-2021-24837-d2daaa3d964f6f32895fca6e21e6cab6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24837-d2daaa3d964f6f32895fca6e21e6cab6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Passster – Password Protection <= 3.5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Passster – Password Protection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.5.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-protector/"
     google-query: inurl:"/wp-content/plugins/content-protector/"
     shodan-query: 'vuln:CVE-2021-24837'
-  tags: cve,wordpress,wp-plugin,content-protector,medium
+  tags: cve,wordpress,wp-plugin,content-protector,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24840-301d4c247a680f6ce86b39ab492df068.yaml b/nuclei-templates/2021/CVE-2021-24840-301d4c247a680f6ce86b39ab492df068.yaml
index 4f42c0f5e9..76b9c84fee 100644
--- a/nuclei-templates/2021/CVE-2021-24840-301d4c247a680f6ce86b39ab492df068.yaml
+++ b/nuclei-templates/2021/CVE-2021-24840-301d4c247a680f6ce86b39ab492df068.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Squaretype - Modern Blog WordPress Theme < 3.0.4 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/squaretype/"
     google-query: inurl:"/wp-content/themes/squaretype/"
     shodan-query: 'vuln:CVE-2021-24840'
-  tags: cve,wordpress,wp-theme,squaretype,medium
+  tags: cve,wordpress,wp-theme,squaretype,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24841-7344a2ea198088e725e4c36ccf66d66c.yaml b/nuclei-templates/2021/CVE-2021-24841-7344a2ea198088e725e4c36ccf66d66c.yaml
index 5edc86c310..224aabdf11 100644
--- a/nuclei-templates/2021/CVE-2021-24841-7344a2ea198088e725e4c36ccf66d66c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24841-7344a2ea198088e725e4c36ccf66d66c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Helpful <= 4.4.58 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Helpful WordPress plugin before 4.4.59 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/helpful/"
     google-query: inurl:"/wp-content/plugins/helpful/"
     shodan-query: 'vuln:CVE-2021-24841'
-  tags: cve,wordpress,wp-plugin,helpful,medium
+  tags: cve,wordpress,wp-plugin,helpful,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24845-300fd59e3797ac35e26fb3e33490ca99.yaml b/nuclei-templates/2021/CVE-2021-24845-300fd59e3797ac35e26fb3e33490ca99.yaml
index 5b75dfcecf..62e1dbd377 100644
--- a/nuclei-templates/2021/CVE-2021-24845-300fd59e3797ac35e26fb3e33490ca99.yaml
+++ b/nuclei-templates/2021/CVE-2021-24845-300fd59e3797ac35e26fb3e33490ca99.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Improved Include Page <= 1.2 - Authenticated (Contributor+) Arbitrary Posts/Pages Access
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/improved-include-page/"
     google-query: inurl:"/wp-content/plugins/improved-include-page/"
     shodan-query: 'vuln:CVE-2021-24845'
-  tags: cve,wordpress,wp-plugin,improved-include-page,medium
+  tags: cve,wordpress,wp-plugin,improved-include-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24846-7561b8c1f99227b7381d59264fa6815d.yaml b/nuclei-templates/2021/CVE-2021-24846-7561b8c1f99227b7381d59264fa6815d.yaml
index 89b9e59d13..387ed15767 100644
--- a/nuclei-templates/2021/CVE-2021-24846-7561b8c1f99227b7381d59264fa6815d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24846-7561b8c1f99227b7381d59264fa6815d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ni WooCommerce Custom Order Status <= 1.9.6 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ni-woocommerce-custom-order-status/"
     google-query: inurl:"/wp-content/plugins/ni-woocommerce-custom-order-status/"
     shodan-query: 'vuln:CVE-2021-24846'
-  tags: cve,wordpress,wp-plugin,ni-woocommerce-custom-order-status,high
+  tags: cve,wordpress,wp-plugin,ni-woocommerce-custom-order-status,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24847-81580e623be1bd11eb139b9bedb99985.yaml b/nuclei-templates/2021/CVE-2021-24847-81580e623be1bd11eb139b9bedb99985.yaml
index cf0761bc33..aaef045afe 100644
--- a/nuclei-templates/2021/CVE-2021-24847-81580e623be1bd11eb139b9bedb99985.yaml
+++ b/nuclei-templates/2021/CVE-2021-24847-81580e623be1bd11eb139b9bedb99985.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Redirection <= 8.1 - Subscriber+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-redirection/"
     google-query: inurl:"/wp-content/plugins/seo-redirection/"
     shodan-query: 'vuln:CVE-2021-24847'
-  tags: cve,wordpress,wp-plugin,seo-redirection,high
+  tags: cve,wordpress,wp-plugin,seo-redirection,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24848-66ac5cf55cb601e1e04c93898023eadb.yaml b/nuclei-templates/2021/CVE-2021-24848-66ac5cf55cb601e1e04c93898023eadb.yaml
index b4c444a460..f431c99280 100644
--- a/nuclei-templates/2021/CVE-2021-24848-66ac5cf55cb601e1e04c93898023eadb.yaml
+++ b/nuclei-templates/2021/CVE-2021-24848-66ac5cf55cb601e1e04c93898023eadb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mediamatic – Media Library Folders <= 2.8.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mediamatic/"
     google-query: inurl:"/wp-content/plugins/mediamatic/"
     shodan-query: 'vuln:CVE-2021-24848'
-  tags: cve,wordpress,wp-plugin,mediamatic,high
+  tags: cve,wordpress,wp-plugin,mediamatic,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24850-888c0d96bb5c45a5559094f92be9b42d.yaml b/nuclei-templates/2021/CVE-2021-24850-888c0d96bb5c45a5559094f92be9b42d.yaml
index 7637b5fed7..0f73e9db42 100644
--- a/nuclei-templates/2021/CVE-2021-24850-888c0d96bb5c45a5559094f92be9b42d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24850-888c0d96bb5c45a5559094f92be9b42d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Insert Pages <= 3.6.1 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insert-pages/"
     google-query: inurl:"/wp-content/plugins/insert-pages/"
     shodan-query: 'vuln:CVE-2021-24850'
-  tags: cve,wordpress,wp-plugin,insert-pages,medium
+  tags: cve,wordpress,wp-plugin,insert-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24854-c050d4c8a8366a715e53188fca3792c1.yaml b/nuclei-templates/2021/CVE-2021-24854-c050d4c8a8366a715e53188fca3792c1.yaml
index 715998e51f..8b7a774407 100644
--- a/nuclei-templates/2021/CVE-2021-24854-c050d4c8a8366a715e53188fca3792c1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24854-c050d4c8a8366a715e53188fca3792c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     QR Redirector < 1.6.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qr-redirector/"
     google-query: inurl:"/wp-content/plugins/qr-redirector/"
     shodan-query: 'vuln:CVE-2021-24854'
-  tags: cve,wordpress,wp-plugin,qr-redirector,medium
+  tags: cve,wordpress,wp-plugin,qr-redirector,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24855-68e029abe789ad7c1ac8726ecdc73f1e.yaml b/nuclei-templates/2021/CVE-2021-24855-68e029abe789ad7c1ac8726ecdc73f1e.yaml
index c19a2724e3..4f262ce1d2 100644
--- a/nuclei-templates/2021/CVE-2021-24855-68e029abe789ad7c1ac8726ecdc73f1e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24855-68e029abe789ad7c1ac8726ecdc73f1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Display Post Metadata <= 1.4.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Display Post Metadata for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_fields’ parameter in versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers as low as contributor level roles to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/display-post-metadata/"
     google-query: inurl:"/wp-content/plugins/display-post-metadata/"
     shodan-query: 'vuln:CVE-2021-24855'
-  tags: cve,wordpress,wp-plugin,display-post-metadata,medium
+  tags: cve,wordpress,wp-plugin,display-post-metadata,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24856-13647ac0f5697b4e3d7374c8bbd8f571.yaml b/nuclei-templates/2021/CVE-2021-24856-13647ac0f5697b4e3d7374c8bbd8f571.yaml
index f4422ceb2d..bbaa725b7d 100644
--- a/nuclei-templates/2021/CVE-2021-24856-13647ac0f5697b4e3d7374c8bbd8f571.yaml
+++ b/nuclei-templates/2021/CVE-2021-24856-13647ac0f5697b4e3d7374c8bbd8f571.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shared Files – Easy Download Manager and File Sharing Plugin with Frontend File Upload <= 1.6.60 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shared-files/"
     google-query: inurl:"/wp-content/plugins/shared-files/"
     shodan-query: 'vuln:CVE-2021-24856'
-  tags: cve,wordpress,wp-plugin,shared-files,medium
+  tags: cve,wordpress,wp-plugin,shared-files,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24858-11d8ae615e422011cdb2e654cf3c2a37.yaml b/nuclei-templates/2021/CVE-2021-24858-11d8ae615e422011cdb2e654cf3c2a37.yaml
index 02597d4d50..f068cbd10e 100644
--- a/nuclei-templates/2021/CVE-2021-24858-11d8ae615e422011cdb2e654cf3c2a37.yaml
+++ b/nuclei-templates/2021/CVE-2021-24858-11d8ae615e422011cdb2e654cf3c2a37.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Notification Plugin for WordPress < 1.0.9 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cookie-user-info/"
     google-query: inurl:"/wp-content/plugins/wp-cookie-user-info/"
     shodan-query: 'vuln:CVE-2021-24858'
-  tags: cve,wordpress,wp-plugin,wp-cookie-user-info,high
+  tags: cve,wordpress,wp-plugin,wp-cookie-user-info,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24860-a6117f5c5b129c85596c75822f81da17.yaml b/nuclei-templates/2021/CVE-2021-24860-a6117f5c5b129c85596c75822f81da17.yaml
index 221e000408..dc94b549f9 100644
--- a/nuclei-templates/2021/CVE-2021-24860-a6117f5c5b129c85596c75822f81da17.yaml
+++ b/nuclei-templates/2021/CVE-2021-24860-a6117f5c5b129c85596c75822f81da17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BSK PDF Manager <= 3.1.1 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bsk-pdf-manager/"
     google-query: inurl:"/wp-content/plugins/bsk-pdf-manager/"
     shodan-query: 'vuln:CVE-2021-24860'
-  tags: cve,wordpress,wp-plugin,bsk-pdf-manager,high
+  tags: cve,wordpress,wp-plugin,bsk-pdf-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24861-498d9280bb627df5ee0fc3435bab6bb8.yaml b/nuclei-templates/2021/CVE-2021-24861-498d9280bb627df5ee0fc3435bab6bb8.yaml
index 96962a4200..a064ddbe30 100644
--- a/nuclei-templates/2021/CVE-2021-24861-498d9280bb627df5ee0fc3435bab6bb8.yaml
+++ b/nuclei-templates/2021/CVE-2021-24861-498d9280bb627df5ee0fc3435bab6bb8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quotes Collection <= 2.5.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quotes-collection/"
     google-query: inurl:"/wp-content/plugins/quotes-collection/"
     shodan-query: 'vuln:CVE-2021-24861'
-  tags: cve,wordpress,wp-plugin,quotes-collection,high
+  tags: cve,wordpress,wp-plugin,quotes-collection,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24862-1ae4dd533f16291d906e419f9b6a90b5.yaml b/nuclei-templates/2021/CVE-2021-24862-1ae4dd533f16291d906e419f9b6a90b5.yaml
index 2bc8626651..9cede1f70e 100644
--- a/nuclei-templates/2021/CVE-2021-24862-1ae4dd533f16291d906e419f9b6a90b5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24862-1ae4dd533f16291d906e419f9b6a90b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic <= 5.0.1.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2021-24862'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24864-0ad53ed111e4c9bd0fa768a28b64118e.yaml b/nuclei-templates/2021/CVE-2021-24864-0ad53ed111e4c9bd0fa768a28b64118e.yaml
index 319bd8be7b..5507f29eee 100644
--- a/nuclei-templates/2021/CVE-2021-24864-0ad53ed111e4c9bd0fa768a28b64118e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24864-0ad53ed111e4c9bd0fa768a28b64118e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Cloudy <= 4.4.9 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cloudy/"
     google-query: inurl:"/wp-content/plugins/wp-cloudy/"
     shodan-query: 'vuln:CVE-2021-24864'
-  tags: cve,wordpress,wp-plugin,wp-cloudy,high
+  tags: cve,wordpress,wp-plugin,wp-cloudy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24865-386512462e991dca6695af0141e48ca0.yaml b/nuclei-templates/2021/CVE-2021-24865-386512462e991dca6695af0141e48ca0.yaml
index 011205be1b..46b4392efc 100644
--- a/nuclei-templates/2021/CVE-2021-24865-386512462e991dca6695af0141e48ca0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24865-386512462e991dca6695af0141e48ca0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields: Extended <= 0.8.8.6 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acf-extended/"
     google-query: inurl:"/wp-content/plugins/acf-extended/"
     shodan-query: 'vuln:CVE-2021-24865'
-  tags: cve,wordpress,wp-plugin,acf-extended,high
+  tags: cve,wordpress,wp-plugin,acf-extended,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24866-f5497363e91c49e85823434d8464dab9.yaml b/nuclei-templates/2021/CVE-2021-24866-f5497363e91c49e85823434d8464dab9.yaml
index 071789d072..6c5e2076a6 100644
--- a/nuclei-templates/2021/CVE-2021-24866-f5497363e91c49e85823434d8464dab9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24866-f5497363e91c49e85823434d8464dab9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Data Access <= 4.3.1 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-data-access/"
     google-query: inurl:"/wp-content/plugins/wp-data-access/"
     shodan-query: 'vuln:CVE-2021-24866'
-  tags: cve,wordpress,wp-plugin,wp-data-access,high
+  tags: cve,wordpress,wp-plugin,wp-data-access,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24869-a984dcb982c3439de2d89b2a845332c4.yaml b/nuclei-templates/2021/CVE-2021-24869-a984dcb982c3439de2d89b2a845332c4.yaml
index 8d2070a62a..9ef26ed1b0 100644
--- a/nuclei-templates/2021/CVE-2021-24869-a984dcb982c3439de2d89b2a845332c4.yaml
+++ b/nuclei-templates/2021/CVE-2021-24869-a984dcb982c3439de2d89b2a845332c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache < 0.9.5 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions before 0.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers subscriber-level privileges or above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2021-24869'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24870-c21f1786e3abdb7c657091d8024583d5.yaml b/nuclei-templates/2021/CVE-2021-24870-c21f1786e3abdb7c657091d8024583d5.yaml
index d75cac95b8..096aff6154 100644
--- a/nuclei-templates/2021/CVE-2021-24870-c21f1786e3abdb7c657091d8024583d5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24870-c21f1786e3abdb7c657091d8024583d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache < 0.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 0.9.5. This is due to missing or incorrect nonce validation on the wpfc_save_cdn_integration function. This makes it possible for unauthenticated attackers to perform stored cross-site scripting attacks via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2021-24870'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24871-a48251c3741e5bdda10cc3847e3d84b2.yaml b/nuclei-templates/2021/CVE-2021-24871-a48251c3741e5bdda10cc3847e3d84b2.yaml
index 6ae1dffedc..fd96ac64e7 100644
--- a/nuclei-templates/2021/CVE-2021-24871-a48251c3741e5bdda10cc3847e3d84b2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24871-a48251c3741e5bdda10cc3847e3d84b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Get Custom Field Values <= 4.0.0 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/get-custom-field-values/"
     google-query: inurl:"/wp-content/plugins/get-custom-field-values/"
     shodan-query: 'vuln:CVE-2021-24871'
-  tags: cve,wordpress,wp-plugin,get-custom-field-values,medium
+  tags: cve,wordpress,wp-plugin,get-custom-field-values,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24877-f00ee035f691e855432693cfeab4496d.yaml b/nuclei-templates/2021/CVE-2021-24877-f00ee035f691e855432693cfeab4496d.yaml
index 077b90c626..3e8d757ecd 100644
--- a/nuclei-templates/2021/CVE-2021-24877-f00ee035f691e855432693cfeab4496d.yaml
+++ b/nuclei-templates/2021/CVE-2021-24877-f00ee035f691e855432693cfeab4496d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Child <= 4.1.7.1 - SQL Injection via orderby,  order Parameters
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-child/"
     google-query: inurl:"/wp-content/plugins/mainwp-child/"
     shodan-query: 'vuln:CVE-2021-24877'
-  tags: cve,wordpress,wp-plugin,mainwp-child,high
+  tags: cve,wordpress,wp-plugin,mainwp-child,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24880-b305b8b934fd913e3c8bf40e033b8b8e.yaml b/nuclei-templates/2021/CVE-2021-24880-b305b8b934fd913e3c8bf40e033b8b8e.yaml
index 8df8d1e4f0..4c2b8e1013 100644
--- a/nuclei-templates/2021/CVE-2021-24880-b305b8b934fd913e3c8bf40e033b8b8e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24880-b305b8b934fd913e3c8bf40e033b8b8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SupportCandy <= 2.2.6 - Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportcandy/"
     google-query: inurl:"/wp-content/plugins/supportcandy/"
     shodan-query: 'vuln:CVE-2021-24880'
-  tags: cve,wordpress,wp-plugin,supportcandy,medium
+  tags: cve,wordpress,wp-plugin,supportcandy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24882-173ff175ba6504a9e007b9120074cdb1.yaml b/nuclei-templates/2021/CVE-2021-24882-173ff175ba6504a9e007b9120074cdb1.yaml
index ca31820717..a4cf01af4b 100644
--- a/nuclei-templates/2021/CVE-2021-24882-173ff175ba6504a9e007b9120074cdb1.yaml
+++ b/nuclei-templates/2021/CVE-2021-24882-173ff175ba6504a9e007b9120074cdb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow Gallery < 1.7.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-gallery/"
     shodan-query: 'vuln:CVE-2021-24882'
-  tags: cve,wordpress,wp-plugin,slideshow-gallery,medium
+  tags: cve,wordpress,wp-plugin,slideshow-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24883-d4b97461c23d3e553d4dc5a4ed959427.yaml b/nuclei-templates/2021/CVE-2021-24883-d4b97461c23d3e553d4dc5a4ed959427.yaml
index 114ed6b25e..8e7cb70286 100644
--- a/nuclei-templates/2021/CVE-2021-24883-d4b97461c23d3e553d4dc5a4ed959427.yaml
+++ b/nuclei-templates/2021/CVE-2021-24883-d4b97461c23d3e553d4dc5a4ed959427.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Anything <= 2.0.3 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-anything-on-click/"
     google-query: inurl:"/wp-content/plugins/popup-anything-on-click/"
     shodan-query: 'vuln:CVE-2021-24883'
-  tags: cve,wordpress,wp-plugin,popup-anything-on-click,medium
+  tags: cve,wordpress,wp-plugin,popup-anything-on-click,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24884-437b9be662132aed2b43b674efcda98c.yaml b/nuclei-templates/2021/CVE-2021-24884-437b9be662132aed2b43b674efcda98c.yaml
index 3aca56d357..2e62b1169d 100644
--- a/nuclei-templates/2021/CVE-2021-24884-437b9be662132aed2b43b674efcda98c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24884-437b9be662132aed2b43b674efcda98c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable Form Builder <= 4.09.04 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the "data-frmverify" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidable/"
     google-query: inurl:"/wp-content/plugins/formidable/"
     shodan-query: 'vuln:CVE-2021-24884'
-  tags: cve,wordpress,wp-plugin,formidable,critical
+  tags: cve,wordpress,wp-plugin,formidable,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24888-680976f321c5a9425e00ce5d5ee1cc42.yaml b/nuclei-templates/2021/CVE-2021-24888-680976f321c5a9425e00ce5d5ee1cc42.yaml
index 5b8a1a52bd..9e06b46d82 100644
--- a/nuclei-templates/2021/CVE-2021-24888-680976f321c5a9425e00ce5d5ee1cc42.yaml
+++ b/nuclei-templates/2021/CVE-2021-24888-680976f321c5a9425e00ce5d5ee1cc42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageBoss – Images Up To 60% Smaller & CDN < 3.0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ImageBoss WordPress plugin before 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imageboss/"
     google-query: inurl:"/wp-content/plugins/imageboss/"
     shodan-query: 'vuln:CVE-2021-24888'
-  tags: cve,wordpress,wp-plugin,imageboss,medium
+  tags: cve,wordpress,wp-plugin,imageboss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24889-8af21f8f0c6e953daf8df61c5c7a078e.yaml b/nuclei-templates/2021/CVE-2021-24889-8af21f8f0c6e953daf8df61c5c7a078e.yaml
index 25c3733afb..4d1b6ff69f 100644
--- a/nuclei-templates/2021/CVE-2021-24889-8af21f8f0c6e953daf8df61c5c7a078e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24889-8af21f8f0c6e953daf8df61c5c7a078e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 3.6.3 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2021-24889'
-  tags: cve,wordpress,wp-plugin,ninja-forms,high
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24891-e1d6d92659e9b697c29f278d3aacc568.yaml b/nuclei-templates/2021/CVE-2021-24891-e1d6d92659e9b697c29f278d3aacc568.yaml
index 609325dd4a..aba5d2349e 100644
--- a/nuclei-templates/2021/CVE-2021-24891-e1d6d92659e9b697c29f278d3aacc568.yaml
+++ b/nuclei-templates/2021/CVE-2021-24891-e1d6d92659e9b697c29f278d3aacc568.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 3.4.7 - DOM-based Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor Website Builder plugin for WordPress is vulnerable to DOM-based Cross-Site Scripting via the '#elementor-action:action=lightbox&settings=' DOM in versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2021-24891'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24895-a97afd1d52e8ec7c0950d3b4bfa966dc.yaml b/nuclei-templates/2021/CVE-2021-24895-a97afd1d52e8ec7c0950d3b4bfa966dc.yaml
index 2092dfdee7..60c00db265 100644
--- a/nuclei-templates/2021/CVE-2021-24895-a97afd1d52e8ec7c0950d3b4bfa966dc.yaml
+++ b/nuclei-templates/2021/CVE-2021-24895-a97afd1d52e8ec7c0950d3b4bfa966dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cybersoldier < 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cybersoldier/"
     google-query: inurl:"/wp-content/plugins/cybersoldier/"
     shodan-query: 'vuln:CVE-2021-24895'
-  tags: cve,wordpress,wp-plugin,cybersoldier,medium
+  tags: cve,wordpress,wp-plugin,cybersoldier,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24896-b4c4ff584d962e0bfb58568b73a5ecd3.yaml b/nuclei-templates/2021/CVE-2021-24896-b4c4ff584d962e0bfb58568b73a5ecd3.yaml
index 89ace59ba6..7fa4809ea3 100644
--- a/nuclei-templates/2021/CVE-2021-24896-b4c4ff584d962e0bfb58568b73a5ecd3.yaml
+++ b/nuclei-templates/2021/CVE-2021-24896-b4c4ff584d962e0bfb58568b73a5ecd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Caldera forms <= 1.9.4 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/caldera-forms/"
     google-query: inurl:"/wp-content/plugins/caldera-forms/"
     shodan-query: 'vuln:CVE-2021-24896'
-  tags: cve,wordpress,wp-plugin,caldera-forms,medium
+  tags: cve,wordpress,wp-plugin,caldera-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24897-e650ec648b3137d2000a4e41f6b87363.yaml b/nuclei-templates/2021/CVE-2021-24897-e650ec648b3137d2000a4e41f6b87363.yaml
index 7cd45679bd..5e20d9e652 100644
--- a/nuclei-templates/2021/CVE-2021-24897-e650ec648b3137d2000a4e41f6b87363.yaml
+++ b/nuclei-templates/2021/CVE-2021-24897-e650ec648b3137d2000a4e41f6b87363.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Subtitle <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-subtitle/"
     google-query: inurl:"/wp-content/plugins/add-subtitle/"
     shodan-query: 'vuln:CVE-2021-24897'
-  tags: cve,wordpress,wp-plugin,add-subtitle,high
+  tags: cve,wordpress,wp-plugin,add-subtitle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24898-3f51c790e689dcb447adc1ee79fee545.yaml b/nuclei-templates/2021/CVE-2021-24898-3f51c790e689dcb447adc1ee79fee545.yaml
index d3da21ab24..22abf2ca6e 100644
--- a/nuclei-templates/2021/CVE-2021-24898-3f51c790e689dcb447adc1ee79fee545.yaml
+++ b/nuclei-templates/2021/CVE-2021-24898-3f51c790e689dcb447adc1ee79fee545.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Editable Table Simple Fast FrontEnd From Sql tables <= 0.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/editable-table/"
     google-query: inurl:"/wp-content/plugins/editable-table/"
     shodan-query: 'vuln:CVE-2021-24898'
-  tags: cve,wordpress,wp-plugin,editable-table,medium
+  tags: cve,wordpress,wp-plugin,editable-table,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24899-5a607f07c740543865789590cbca6639.yaml b/nuclei-templates/2021/CVE-2021-24899-5a607f07c740543865789590cbca6639.yaml
index 93a3be917c..0c4d9d8db7 100644
--- a/nuclei-templates/2021/CVE-2021-24899-5a607f07c740543865789590cbca6639.yaml
+++ b/nuclei-templates/2021/CVE-2021-24899-5a607f07c740543865789590cbca6639.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media-Tags <= 3.2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htnl capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-tags/"
     google-query: inurl:"/wp-content/plugins/media-tags/"
     shodan-query: 'vuln:CVE-2021-24899'
-  tags: cve,wordpress,wp-plugin,media-tags,medium
+  tags: cve,wordpress,wp-plugin,media-tags,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24900-406776aa8100e59355ccb6cf6b38aab0.yaml b/nuclei-templates/2021/CVE-2021-24900-406776aa8100e59355ccb6cf6b38aab0.yaml
index 293b2e2fb8..384088bda0 100644
--- a/nuclei-templates/2021/CVE-2021-24900-406776aa8100e59355ccb6cf6b38aab0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24900-406776aa8100e59355ccb6cf6b38aab0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Tables <= 4.1.7 - Admin+ Stored Cross-Site Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-tables/"
     google-query: inurl:"/wp-content/plugins/ninja-tables/"
     shodan-query: 'vuln:CVE-2021-24900'
-  tags: cve,wordpress,wp-plugin,ninja-tables,medium
+  tags: cve,wordpress,wp-plugin,ninja-tables,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24901-cb74790ba4bbb7de85dca1c3cb33c74c.yaml b/nuclei-templates/2021/CVE-2021-24901-cb74790ba4bbb7de85dca1c3cb33c74c.yaml
index 32802fa411..3a99b4ddb5 100644
--- a/nuclei-templates/2021/CVE-2021-24901-cb74790ba4bbb7de85dca1c3cb33c74c.yaml
+++ b/nuclei-templates/2021/CVE-2021-24901-cb74790ba4bbb7de85dca1c3cb33c74c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Security Audit <= 1.0.0 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/titan-labs-security-audit/"
     google-query: inurl:"/wp-content/plugins/titan-labs-security-audit/"
     shodan-query: 'vuln:CVE-2021-24901'
-  tags: cve,wordpress,wp-plugin,titan-labs-security-audit,medium
+  tags: cve,wordpress,wp-plugin,titan-labs-security-audit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24902-2dfca9afbcd5108da5d0b371a8c3da93.yaml b/nuclei-templates/2021/CVE-2021-24902-2dfca9afbcd5108da5d0b371a8c3da93.yaml
index 1737e6385a..70f1ce2b83 100644
--- a/nuclei-templates/2021/CVE-2021-24902-2dfca9afbcd5108da5d0b371a8c3da93.yaml
+++ b/nuclei-templates/2021/CVE-2021-24902-2dfca9afbcd5108da5d0b371a8c3da93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Typebot | Build beautiful conversational forms < 1.4.3 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Typebot | Build beautiful conversational forms WordPress plugin before 1.4.3 does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/typebot/"
     google-query: inurl:"/wp-content/plugins/typebot/"
     shodan-query: 'vuln:CVE-2021-24902'
-  tags: cve,wordpress,wp-plugin,typebot,medium
+  tags: cve,wordpress,wp-plugin,typebot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24903-eca8e288e4dc717ec25c774372f69b42.yaml b/nuclei-templates/2021/CVE-2021-24903-eca8e288e4dc717ec25c774372f69b42.yaml
index 7543a19f82..484fe9f639 100644
--- a/nuclei-templates/2021/CVE-2021-24903-eca8e288e4dc717ec25c774372f69b42.yaml
+++ b/nuclei-templates/2021/CVE-2021-24903-eca8e288e4dc717ec25c774372f69b42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 6.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flash-album-gallery/"
     google-query: inurl:"/wp-content/plugins/flash-album-gallery/"
     shodan-query: 'vuln:CVE-2021-24903'
-  tags: cve,wordpress,wp-plugin,flash-album-gallery,medium
+  tags: cve,wordpress,wp-plugin,flash-album-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24904-51d2a215a7382b06f6f66c19158d7560.yaml b/nuclei-templates/2021/CVE-2021-24904-51d2a215a7382b06f6f66c19158d7560.yaml
index f9c3eaa3cf..daaad6f613 100644
--- a/nuclei-templates/2021/CVE-2021-24904-51d2a215a7382b06f6f66c19158d7560.yaml
+++ b/nuclei-templates/2021/CVE-2021-24904-51d2a215a7382b06f6f66c19158d7560.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mortgage Calculators WP < 1.53 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mortgage Calculators WP WordPress plugin before 1.53 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mortgage-calculators-wp/"
     google-query: inurl:"/wp-content/plugins/mortgage-calculators-wp/"
     shodan-query: 'vuln:CVE-2021-24904'
-  tags: cve,wordpress,wp-plugin,mortgage-calculators-wp,medium
+  tags: cve,wordpress,wp-plugin,mortgage-calculators-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24905-0ac820af26b82917a9384c67560e13a6.yaml b/nuclei-templates/2021/CVE-2021-24905-0ac820af26b82917a9384c67560e13a6.yaml
index ebb90177dc..3f2ba505b5 100644
--- a/nuclei-templates/2021/CVE-2021-24905-0ac820af26b82917a9384c67560e13a6.yaml
+++ b/nuclei-templates/2021/CVE-2021-24905-0ac820af26b82917a9384c67560e13a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Contact form 7 DB <= 1.8.6 - Authenticated Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-cf7-db/"
     google-query: inurl:"/wp-content/plugins/advanced-cf7-db/"
     shodan-query: 'vuln:CVE-2021-24905'
-  tags: cve,wordpress,wp-plugin,advanced-cf7-db,high
+  tags: cve,wordpress,wp-plugin,advanced-cf7-db,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24911-d8f6d24ae9aefabd89bc3732379fc08a.yaml b/nuclei-templates/2021/CVE-2021-24911-d8f6d24ae9aefabd89bc3732379fc08a.yaml
index f4c6a2c2af..1a9ac1ea78 100644
--- a/nuclei-templates/2021/CVE-2021-24911-d8f6d24ae9aefabd89bc3732379fc08a.yaml
+++ b/nuclei-templates/2021/CVE-2021-24911-d8f6d24ae9aefabd89bc3732379fc08a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Transposh WordPress Translation <= 1.0.7 -  Unauthenticated Stored Cross-Site Scripting via 'tp_translation'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Transposh WordPress Translation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tk0' parameter in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/"
     shodan-query: 'vuln:CVE-2021-24911'
-  tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24912-99547d0fc21ffda2676b791122585c77.yaml b/nuclei-templates/2021/CVE-2021-24912-99547d0fc21ffda2676b791122585c77.yaml
index 50b1c386a6..0b3a7905c6 100644
--- a/nuclei-templates/2021/CVE-2021-24912-99547d0fc21ffda2676b791122585c77.yaml
+++ b/nuclei-templates/2021/CVE-2021-24912-99547d0fc21ffda2676b791122585c77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Transposh WordPress Translation <= 1.0.8.1 -  Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Transposh WordPress Translation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8.1. This is due to missing nonce validation on several AJAX action function. This makes it possible for unauthenticated attackers to performa variety of actions such as initiating a back-up, changing the plugin's settings, and deleting duplicates via forged requests granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/"
     shodan-query: 'vuln:CVE-2021-24912'
-  tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,high
+  tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24918-da6dd99d1493b082c05d60ab888f9ef0.yaml b/nuclei-templates/2021/CVE-2021-24918-da6dd99d1493b082c05d60ab888f9ef0.yaml
index 734ba00950..394b62fbc2 100644
--- a/nuclei-templates/2021/CVE-2021-24918-da6dd99d1493b082c05d60ab888f9ef0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24918-da6dd99d1493b082c05d60ab888f9ef0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smash Balloon Social Post Feed <= 4.0 - Arbitrary Plugin Settings Update to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-facebook-feed/"
     google-query: inurl:"/wp-content/plugins/custom-facebook-feed/"
     shodan-query: 'vuln:CVE-2021-24918'
-  tags: cve,wordpress,wp-plugin,custom-facebook-feed,medium
+  tags: cve,wordpress,wp-plugin,custom-facebook-feed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24919-38cfa7354fceb66defa5b11a8b1426c0.yaml b/nuclei-templates/2021/CVE-2021-24919-38cfa7354fceb66defa5b11a8b1426c0.yaml
index f610626e01..6c0a0d30dd 100644
--- a/nuclei-templates/2021/CVE-2021-24919-38cfa7354fceb66defa5b11a8b1426c0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24919-38cfa7354fceb66defa5b11a8b1426c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.9 - Subscriber+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Wicked Folders WordPress plugin before 2.18.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2021-24919'
-  tags: cve,wordpress,wp-plugin,wicked-folders,high
+  tags: cve,wordpress,wp-plugin,wicked-folders,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24920-d0adb6ab141d87bc7e2689c3386228f9.yaml b/nuclei-templates/2021/CVE-2021-24920-d0adb6ab141d87bc7e2689c3386228f9.yaml
index 4e154adaa5..1543633326 100644
--- a/nuclei-templates/2021/CVE-2021-24920-d0adb6ab141d87bc7e2689c3386228f9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24920-d0adb6ab141d87bc7e2689c3386228f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     StatCounter <= 2.0.6 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/official-statcounter-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/official-statcounter-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2021-24920'
-  tags: cve,wordpress,wp-plugin,official-statcounter-plugin-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,official-statcounter-plugin-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24922-45d861039b945e03d43af50c9dafa301.yaml b/nuclei-templates/2021/CVE-2021-24922-45d861039b945e03d43af50c9dafa301.yaml
index 1d8c36553a..efc3450a46 100644
--- a/nuclei-templates/2021/CVE-2021-24922-45d861039b945e03d43af50c9dafa301.yaml
+++ b/nuclei-templates/2021/CVE-2021-24922-45d861039b945e03d43af50c9dafa301.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pixel Cat – Conversion Pixel Manager <= 2.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Pixel Cat – Conversion Pixel Manager WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-conversion-pixel/"
     google-query: inurl:"/wp-content/plugins/facebook-conversion-pixel/"
     shodan-query: 'vuln:CVE-2021-24922'
-  tags: cve,wordpress,wp-plugin,facebook-conversion-pixel,high
+  tags: cve,wordpress,wp-plugin,facebook-conversion-pixel,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24928-b1810213664dbc480df9bda4d5950322.yaml b/nuclei-templates/2021/CVE-2021-24928-b1810213664dbc480df9bda4d5950322.yaml
index 81276a2436..48b5b7e2e6 100644
--- a/nuclei-templates/2021/CVE-2021-24928-b1810213664dbc480df9bda4d5950322.yaml
+++ b/nuclei-templates/2021/CVE-2021-24928-b1810213664dbc480df9bda4d5950322.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rearrange Woocommerce Products <= 3.0.7 - Subscriber+ SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rearrange-woocommerce-products/"
     google-query: inurl:"/wp-content/plugins/rearrange-woocommerce-products/"
     shodan-query: 'vuln:CVE-2021-24928'
-  tags: cve,wordpress,wp-plugin,rearrange-woocommerce-products,medium
+  tags: cve,wordpress,wp-plugin,rearrange-woocommerce-products,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24930-9ae477d5648cc901734eab0eec621bd2.yaml b/nuclei-templates/2021/CVE-2021-24930-9ae477d5648cc901734eab0eec621bd2.yaml
index c1caa8c298..8078ad5441 100644
--- a/nuclei-templates/2021/CVE-2021-24930-9ae477d5648cc901734eab0eec621bd2.yaml
+++ b/nuclei-templates/2021/CVE-2021-24930-9ae477d5648cc901734eab0eec621bd2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bookly <= 20.3 - Staff Member Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/"
     google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/"
     shodan-query: 'vuln:CVE-2021-24930'
-  tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,medium
+  tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24936-388ae826ccb91352f7d4e90d33114225.yaml b/nuclei-templates/2021/CVE-2021-24936-388ae826ccb91352f7d4e90d33114225.yaml
index 65e472e416..2de11cb131 100644
--- a/nuclei-templates/2021/CVE-2021-24936-388ae826ccb91352f7d4e90d33114225.yaml
+++ b/nuclei-templates/2021/CVE-2021-24936-388ae826ccb91352f7d4e90d33114225.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Extra File Types <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-extra-file-types/"
     google-query: inurl:"/wp-content/plugins/wp-extra-file-types/"
     shodan-query: 'vuln:CVE-2021-24936'
-  tags: cve,wordpress,wp-plugin,wp-extra-file-types,high
+  tags: cve,wordpress,wp-plugin,wp-extra-file-types,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24942-15bf765de2821299511e8bf3105d6965.yaml b/nuclei-templates/2021/CVE-2021-24942-15bf765de2821299511e8bf3105d6965.yaml
index 397bb57d9e..3034ba1028 100644
--- a/nuclei-templates/2021/CVE-2021-24942-15bf765de2821299511e8bf3105d6965.yaml
+++ b/nuclei-templates/2021/CVE-2021-24942-15bf765de2821299511e8bf3105d6965.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Menu Item Visibility Control <= 0.5 - Authenticated (Admin+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Menu Item Visibility Control plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 0.5 via the 'visibility logic' option. This allows administrator-level attackers to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/menu-items-visibility-control/"
     google-query: inurl:"/wp-content/plugins/menu-items-visibility-control/"
     shodan-query: 'vuln:CVE-2021-24942'
-  tags: cve,wordpress,wp-plugin,menu-items-visibility-control,high
+  tags: cve,wordpress,wp-plugin,menu-items-visibility-control,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24944-c65dc1c886e5406e004d2361f156725f.yaml b/nuclei-templates/2021/CVE-2021-24944-c65dc1c886e5406e004d2361f156725f.yaml
index fae8c66ec8..8a5ae644ee 100644
--- a/nuclei-templates/2021/CVE-2021-24944-c65dc1c886e5406e004d2361f156725f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24944-c65dc1c886e5406e004d2361f156725f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Dashboard & Login Page < 6.9.5 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Custom Dashboard & Login Page WordPress plugin before 7.0 does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ag-custom-admin/"
     google-query: inurl:"/wp-content/plugins/ag-custom-admin/"
     shodan-query: 'vuln:CVE-2021-24944'
-  tags: cve,wordpress,wp-plugin,ag-custom-admin,medium
+  tags: cve,wordpress,wp-plugin,ag-custom-admin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24950-f70ed327fff0a742246ce2b66447d100.yaml b/nuclei-templates/2021/CVE-2021-24950-f70ed327fff0a742246ce2b66447d100.yaml
index 9d26ed1c17..3376e40528 100644
--- a/nuclei-templates/2021/CVE-2021-24950-f70ed327fff0a742246ce2b66447d100.yaml
+++ b/nuclei-templates/2021/CVE-2021-24950-f70ed327fff0a742246ce2b66447d100.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Insight Core <= 1.0 - Authenticated PHP Object Injection & Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insight-core/"
     google-query: inurl:"/wp-content/plugins/insight-core/"
     shodan-query: 'vuln:CVE-2021-24950'
-  tags: cve,wordpress,wp-plugin,insight-core,medium
+  tags: cve,wordpress,wp-plugin,insight-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24951-12b3926da3c13269ad9e1faadb8734ac.yaml b/nuclei-templates/2021/CVE-2021-24951-12b3926da3c13269ad9e1faadb8734ac.yaml
index 397d4f87f0..f3b886ed04 100644
--- a/nuclei-templates/2021/CVE-2021-24951-12b3926da3c13269ad9e1faadb8734ac.yaml
+++ b/nuclei-templates/2021/CVE-2021-24951-12b3926da3c13269ad9e1faadb8734ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 4.1.3 - Authenticated SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2021-24951'
-  tags: cve,wordpress,wp-plugin,learnpress,critical
+  tags: cve,wordpress,wp-plugin,learnpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24952-88bf9af12ef5e38595f378ad9f2dcf87.yaml b/nuclei-templates/2021/CVE-2021-24952-88bf9af12ef5e38595f378ad9f2dcf87.yaml
index 9faccaec46..185a2ec9fc 100644
--- a/nuclei-templates/2021/CVE-2021-24952-88bf9af12ef5e38595f378ad9f2dcf87.yaml
+++ b/nuclei-templates/2021/CVE-2021-24952-88bf9af12ef5e38595f378ad9f2dcf87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conversios.io - Google Analytics and Google Shopping plugin for WooCommerce <= 4.6.1 Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/"
     google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/"
     shodan-query: 'vuln:CVE-2021-24952'
-  tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,high
+  tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24958-30f045a25a21ac539fd3f995d744abbd.yaml b/nuclei-templates/2021/CVE-2021-24958-30f045a25a21ac539fd3f995d744abbd.yaml
index f5e99d284e..e3ad55202d 100644
--- a/nuclei-templates/2021/CVE-2021-24958-30f045a25a21ac539fd3f995d744abbd.yaml
+++ b/nuclei-templates/2021/CVE-2021-24958-30f045a25a21ac539fd3f995d744abbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meks Easy Photo Feed Widget < 1.2.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meks-easy-instagram-widget/"
     google-query: inurl:"/wp-content/plugins/meks-easy-instagram-widget/"
     shodan-query: 'vuln:CVE-2021-24958'
-  tags: cve,wordpress,wp-plugin,meks-easy-instagram-widget,medium
+  tags: cve,wordpress,wp-plugin,meks-easy-instagram-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24959-f523c60311785f4d77bdd4f2724550c9.yaml b/nuclei-templates/2021/CVE-2021-24959-f523c60311785f4d77bdd4f2724550c9.yaml
index 968db61cad..e1782d13fc 100644
--- a/nuclei-templates/2021/CVE-2021-24959-f523c60311785f4d77bdd4f2724550c9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24959-f523c60311785f4d77bdd4f2724550c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Email Users <= 1.7.6 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-email-users/"
     google-query: inurl:"/wp-content/plugins/wp-email-users/"
     shodan-query: 'vuln:CVE-2021-24959'
-  tags: cve,wordpress,wp-plugin,wp-email-users,high
+  tags: cve,wordpress,wp-plugin,wp-email-users,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24960-1ea0fe6e846ccbee16701a333d122fbe.yaml b/nuclei-templates/2021/CVE-2021-24960-1ea0fe6e846ccbee16701a333d122fbe.yaml
index 1c8fd8d5c5..ca1654530b 100644
--- a/nuclei-templates/2021/CVE-2021-24960-1ea0fe6e846ccbee16701a333d122fbe.yaml
+++ b/nuclei-templates/2021/CVE-2021-24960-1ea0fe6e846ccbee16701a333d122fbe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-upload/"
     google-query: inurl:"/wp-content/plugins/wp-file-upload/"
     shodan-query: 'vuln:CVE-2021-24960'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,medium
+  tags: cve,wordpress,wp-plugin,wp-file-upload,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24961-3384b3561233822afc35f30b762beb0e.yaml b/nuclei-templates/2021/CVE-2021-24961-3384b3561233822afc35f30b762beb0e.yaml
index 31ec348506..04c64c035c 100644
--- a/nuclei-templates/2021/CVE-2021-24961-3384b3561233822afc35f30b762beb0e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24961-3384b3561233822afc35f30b762beb0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-upload/"
     google-query: inurl:"/wp-content/plugins/wp-file-upload/"
     shodan-query: 'vuln:CVE-2021-24961'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,medium
+  tags: cve,wordpress,wp-plugin,wp-file-upload,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24962-7723e642214a4cc19dd0a90f922c5611.yaml b/nuclei-templates/2021/CVE-2021-24962-7723e642214a4cc19dd0a90f922c5611.yaml
index 4e147a255e..aa8b1ebb29 100644
--- a/nuclei-templates/2021/CVE-2021-24962-7723e642214a4cc19dd0a90f922c5611.yaml
+++ b/nuclei-templates/2021/CVE-2021-24962-7723e642214a4cc19dd0a90f922c5611.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2021-24962
   metadata:
-    fofa-query: "wp-content/plugins/wp-file-upload/"
-    google-query: inurl:"/wp-content/plugins/wp-file-upload/"
+    fofa-query: "wp-content/plugins/wordpress-file-upload-pro/"
+    google-query: inurl:"/wp-content/plugins/wordpress-file-upload-pro/"
     shodan-query: 'vuln:CVE-2021-24962'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,medium
+  tags: cve,wordpress,wp-plugin,wordpress-file-upload-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wordpress-file-upload-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "wp-file-upload"
+          - "wordpress-file-upload-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2021/CVE-2021-24964-5f623b9be5a2d2349866b91146be2f95.yaml b/nuclei-templates/2021/CVE-2021-24964-5f623b9be5a2d2349866b91146be2f95.yaml
index f428d0acd0..1dad2cbfe1 100644
--- a/nuclei-templates/2021/CVE-2021-24964-5f623b9be5a2d2349866b91146be2f95.yaml
+++ b/nuclei-templates/2021/CVE-2021-24964-5f623b9be5a2d2349866b91146be2f95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LiteSpeed Cache <= 4.4.3 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/litespeed-cache/"
     google-query: inurl:"/wp-content/plugins/litespeed-cache/"
     shodan-query: 'vuln:CVE-2021-24964'
-  tags: cve,wordpress,wp-plugin,litespeed-cache,medium
+  tags: cve,wordpress,wp-plugin,litespeed-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24965-2357694d03c405e4b8e1df1be34f5e9f.yaml b/nuclei-templates/2021/CVE-2021-24965-2357694d03c405e4b8e1df1be34f5e9f.yaml
index c7bb854ee5..7fcc79da26 100644
--- a/nuclei-templates/2021/CVE-2021-24965-2357694d03c405e4b8e1df1be34f5e9f.yaml
+++ b/nuclei-templates/2021/CVE-2021-24965-2357694d03c405e4b8e1df1be34f5e9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Five Star Restaurant Reservations <= 2.4.7 - Subscriber+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restaurant-reservations/"
     google-query: inurl:"/wp-content/plugins/restaurant-reservations/"
     shodan-query: 'vuln:CVE-2021-24965'
-  tags: cve,wordpress,wp-plugin,restaurant-reservations,medium
+  tags: cve,wordpress,wp-plugin,restaurant-reservations,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24968-deca81735cc88aee9510bee96ebea3f5.yaml b/nuclei-templates/2021/CVE-2021-24968-deca81735cc88aee9510bee96ebea3f5.yaml
index e3c7ee324e..5bb8ac0188 100644
--- a/nuclei-templates/2021/CVE-2021-24968-deca81735cc88aee9510bee96ebea3f5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24968-deca81735cc88aee9510bee96ebea3f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate FAQ <= 2.1.1 - Missing Authorization to Arbitrary FAQ Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-faqs/"
     google-query: inurl:"/wp-content/plugins/ultimate-faqs/"
     shodan-query: 'vuln:CVE-2021-24968'
-  tags: cve,wordpress,wp-plugin,ultimate-faqs,medium
+  tags: cve,wordpress,wp-plugin,ultimate-faqs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24969-cf4fa8f0c990098bbe171db8d667a080.yaml b/nuclei-templates/2021/CVE-2021-24969-cf4fa8f0c990098bbe171db8d667a080.yaml
index 34d20684e9..5ed24fb1dd 100644
--- a/nuclei-templates/2021/CVE-2021-24969-cf4fa8f0c990098bbe171db8d667a080.yaml
+++ b/nuclei-templates/2021/CVE-2021-24969-cf4fa8f0c990098bbe171db8d667a080.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 3.2.21 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2021-24969'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24970-cae2253667a3a6e475a01cd76266d7d9.yaml b/nuclei-templates/2021/CVE-2021-24970-cae2253667a3a6e475a01cd76266d7d9.yaml
index e81ec9afb9..c7941ffe70 100644
--- a/nuclei-templates/2021/CVE-2021-24970-cae2253667a3a6e475a01cd76266d7d9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24970-cae2253667a3a6e475a01cd76266d7d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-video-gallery/"
     google-query: inurl:"/wp-content/plugins/all-in-one-video-gallery/"
     shodan-query: 'vuln:CVE-2021-24970'
-  tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,high
+  tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24971-56eaa7b8dc455f22f829544599237693.yaml b/nuclei-templates/2021/CVE-2021-24971-56eaa7b8dc455f22f829544599237693.yaml
index d314631645..3cf8a0e17f 100644
--- a/nuclei-templates/2021/CVE-2021-24971-56eaa7b8dc455f22f829544599237693.yaml
+++ b/nuclei-templates/2021/CVE-2021-24971-56eaa7b8dc455f22f829544599237693.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Responsive Menu <= 3.1.7 - Missing Authorization to Settings Update & Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-responsive-menu/"
     google-query: inurl:"/wp-content/plugins/wp-responsive-menu/"
     shodan-query: 'vuln:CVE-2021-24971'
-  tags: cve,wordpress,wp-plugin,wp-responsive-menu,medium
+  tags: cve,wordpress,wp-plugin,wp-responsive-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24972-e7103d15c56bf4b3a7eff2cebe3d9729.yaml b/nuclei-templates/2021/CVE-2021-24972-e7103d15c56bf4b3a7eff2cebe3d9729.yaml
index 042064061e..eb89cf6ff9 100644
--- a/nuclei-templates/2021/CVE-2021-24972-e7103d15c56bf4b3a7eff2cebe3d9729.yaml
+++ b/nuclei-templates/2021/CVE-2021-24972-e7103d15c56bf4b3a7eff2cebe3d9729.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pixel Cat Lite <= 2.6.2 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-conversion-pixel/"
     google-query: inurl:"/wp-content/plugins/facebook-conversion-pixel/"
     shodan-query: 'vuln:CVE-2021-24972'
-  tags: cve,wordpress,wp-plugin,facebook-conversion-pixel,medium
+  tags: cve,wordpress,wp-plugin,facebook-conversion-pixel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24974-e33771324145cc65657e7a62ea2644b5.yaml b/nuclei-templates/2021/CVE-2021-24974-e33771324145cc65657e7a62ea2644b5.yaml
index 1a66c02239..3fd06dfdb4 100644
--- a/nuclei-templates/2021/CVE-2021-24974-e33771324145cc65657e7a62ea2644b5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24974-e33771324145cc65657e7a62ea2644b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Feed PRO for WooCommerce <= 11.0.6 - Settings Update to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorization and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be triggered in the admin dashboard) due to the lack of escaping.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-feed-pro/"
     google-query: inurl:"/wp-content/plugins/woo-product-feed-pro/"
     shodan-query: 'vuln:CVE-2021-24974'
-  tags: cve,wordpress,wp-plugin,woo-product-feed-pro,medium
+  tags: cve,wordpress,wp-plugin,woo-product-feed-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24975-0a3b3d0ea7c2929f39d0e12eda2eee2b.yaml b/nuclei-templates/2021/CVE-2021-24975-0a3b3d0ea7c2929f39d0e12eda2eee2b.yaml
index f67cf460b9..4bb6b5cb04 100644
--- a/nuclei-templates/2021/CVE-2021-24975-0a3b3d0ea7c2929f39d0e12eda2eee2b.yaml
+++ b/nuclei-templates/2021/CVE-2021-24975-0a3b3d0ea7c2929f39d0e12eda2eee2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextScripts: Social Networks Auto-Poster <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/"
     google-query: inurl:"/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/"
     shodan-query: 'vuln:CVE-2021-24975'
-  tags: cve,wordpress,wp-plugin,social-networks-auto-poster-facebook-twitter-g,medium
+  tags: cve,wordpress,wp-plugin,social-networks-auto-poster-facebook-twitter-g,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24981-133afc4fd6bf43efcd46913bc74537a5.yaml b/nuclei-templates/2021/CVE-2021-24981-133afc4fd6bf43efcd46913bc74537a5.yaml
index d80e0201d0..6a7e8f834f 100644
--- a/nuclei-templates/2021/CVE-2021-24981-133afc4fd6bf43efcd46913bc74537a5.yaml
+++ b/nuclei-templates/2021/CVE-2021-24981-133afc4fd6bf43efcd46913bc74537a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Directorist <= 7.0.6.1 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:CVE-2021-24981'
-  tags: cve,wordpress,wp-plugin,directorist,high
+  tags: cve,wordpress,wp-plugin,directorist,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24986-cf1bd6ff01752966d1624646c80166a0.yaml b/nuclei-templates/2021/CVE-2021-24986-cf1bd6ff01752966d1624646c80166a0.yaml
index 5f86ad8c75..2b40b5d8c4 100644
--- a/nuclei-templates/2021/CVE-2021-24986-cf1bd6ff01752966d1624646c80166a0.yaml
+++ b/nuclei-templates/2021/CVE-2021-24986-cf1bd6ff01752966d1624646c80166a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid <= 2.1.15 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-grid/"
     google-query: inurl:"/wp-content/plugins/post-grid/"
     shodan-query: 'vuln:CVE-2021-24986'
-  tags: cve,wordpress,wp-plugin,post-grid,medium
+  tags: cve,wordpress,wp-plugin,post-grid,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24988-b26100fb2d07199c87c48d6d1e20e10e.yaml b/nuclei-templates/2021/CVE-2021-24988-b26100fb2d07199c87c48d6d1e20e10e.yaml
index 9d68bd3b83..e7f7cc2573 100644
--- a/nuclei-templates/2021/CVE-2021-24988-b26100fb2d07199c87c48d6d1e20e10e.yaml
+++ b/nuclei-templates/2021/CVE-2021-24988-b26100fb2d07199c87c48d6d1e20e10e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP RSS Aggregator <= 4.19.2 - Subscriber+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rss-aggregator/"
     google-query: inurl:"/wp-content/plugins/wp-rss-aggregator/"
     shodan-query: 'vuln:CVE-2021-24988'
-  tags: cve,wordpress,wp-plugin,wp-rss-aggregator,medium
+  tags: cve,wordpress,wp-plugin,wp-rss-aggregator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24992-456677c70a49bc1c088cafa5c6ef9da9.yaml b/nuclei-templates/2021/CVE-2021-24992-456677c70a49bc1c088cafa5c6ef9da9.yaml
index 7604accbcf..bbc73f48eb 100644
--- a/nuclei-templates/2021/CVE-2021-24992-456677c70a49bc1c088cafa5c6ef9da9.yaml
+++ b/nuclei-templates/2021/CVE-2021-24992-456677c70a49bc1c088cafa5c6ef9da9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Buttonizer - Smart Floating Action Button <= 2.5.4 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buttonizer-multifunctional-button/"
     google-query: inurl:"/wp-content/plugins/buttonizer-multifunctional-button/"
     shodan-query: 'vuln:CVE-2021-24992'
-  tags: cve,wordpress,wp-plugin,buttonizer-multifunctional-button,medium
+  tags: cve,wordpress,wp-plugin,buttonizer-multifunctional-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24994-0bef183926021b3705ecb7e440cd2280.yaml b/nuclei-templates/2021/CVE-2021-24994-0bef183926021b3705ecb7e440cd2280.yaml
index 4ebba50699..01ff572264 100644
--- a/nuclei-templates/2021/CVE-2021-24994-0bef183926021b3705ecb7e440cd2280.yaml
+++ b/nuclei-templates/2021/CVE-2021-24994-0bef183926021b3705ecb7e440cd2280.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Migration, Backup, Staging – WPvivid <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Migration, Backup, Staging – WPvivid plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:CVE-2021-24994'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,medium
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-24995-fb9f6e5f6b739b217a3c9294b96be3ec.yaml b/nuclei-templates/2021/CVE-2021-24995-fb9f6e5f6b739b217a3c9294b96be3ec.yaml
index 57cbb47efc..27afe8a33e 100644
--- a/nuclei-templates/2021/CVE-2021-24995-fb9f6e5f6b739b217a3c9294b96be3ec.yaml
+++ b/nuclei-templates/2021/CVE-2021-24995-fb9f6e5f6b739b217a3c9294b96be3ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML5 Responsive FAQ <= 2.8.5 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HTML5 Responsive FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping. This makes it possible for high privilege attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.  This exploit can occur even when unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-responsive-faq/"
     google-query: inurl:"/wp-content/plugins/html5-responsive-faq/"
     shodan-query: 'vuln:CVE-2021-24995'
-  tags: cve,wordpress,wp-plugin,html5-responsive-faq,medium
+  tags: cve,wordpress,wp-plugin,html5-responsive-faq,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25002-6007b8b9442eb6013d2d90e94b8a6f90.yaml b/nuclei-templates/2021/CVE-2021-25002-6007b8b9442eb6013d2d90e94b8a6f90.yaml
index 241f779c4f..56495b5882 100644
--- a/nuclei-templates/2021/CVE-2021-25002-6007b8b9442eb6013d2d90e94b8a6f90.yaml
+++ b/nuclei-templates/2021/CVE-2021-25002-6007b8b9442eb6013d2d90e94b8a6f90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tipsacarrier <= 1.4.4.2 - Missing Authorization to Order Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tipsacarrier/"
     google-query: inurl:"/wp-content/plugins/tipsacarrier/"
     shodan-query: 'vuln:CVE-2021-25002'
-  tags: cve,wordpress,wp-plugin,tipsacarrier,medium
+  tags: cve,wordpress,wp-plugin,tipsacarrier,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25004-0ca7c41649d0f082ad6681a5a0217ff7.yaml b/nuclei-templates/2021/CVE-2021-25004-0ca7c41649d0f082ad6681a5a0217ff7.yaml
index 857efbf219..fd25f66c18 100644
--- a/nuclei-templates/2021/CVE-2021-25004-0ca7c41649d0f082ad6681a5a0217ff7.yaml
+++ b/nuclei-templates/2021/CVE-2021-25004-0ca7c41649d0f082ad6681a5a0217ff7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEUR Oficial < 1.7.2 - Authenticated Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seur/"
     google-query: inurl:"/wp-content/plugins/seur/"
     shodan-query: 'vuln:CVE-2021-25004'
-  tags: cve,wordpress,wp-plugin,seur,medium
+  tags: cve,wordpress,wp-plugin,seur,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25005-01f666d1348f15c58dad4eff11007661.yaml b/nuclei-templates/2021/CVE-2021-25005-01f666d1348f15c58dad4eff11007661.yaml
index 64b3fcf74e..c31a9984a1 100644
--- a/nuclei-templates/2021/CVE-2021-25005-01f666d1348f15c58dad4eff11007661.yaml
+++ b/nuclei-templates/2021/CVE-2021-25005-01f666d1348f15c58dad4eff11007661.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEUR Oficial <= 1.6.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seur/"
     google-query: inurl:"/wp-content/plugins/seur/"
     shodan-query: 'vuln:CVE-2021-25005'
-  tags: cve,wordpress,wp-plugin,seur,medium
+  tags: cve,wordpress,wp-plugin,seur,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25007-5efd9ccd23023c6687750d4699e0bae0.yaml b/nuclei-templates/2021/CVE-2021-25007-5efd9ccd23023c6687750d4699e0bae0.yaml
index 8a3a0044ac..ea35b163ca 100644
--- a/nuclei-templates/2021/CVE-2021-25007-5efd9ccd23023c6687750d4699e0bae0.yaml
+++ b/nuclei-templates/2021/CVE-2021-25007-5efd9ccd23023c6687750d4699e0bae0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MOLIE <= 0.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/molie-instructure-canvas-linking-tool/"
     google-query: inurl:"/wp-content/plugins/molie-instructure-canvas-linking-tool/"
     shodan-query: 'vuln:CVE-2021-25007'
-  tags: cve,wordpress,wp-plugin,molie-instructure-canvas-linking-tool,high
+  tags: cve,wordpress,wp-plugin,molie-instructure-canvas-linking-tool,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25010-6dabd7288f9bf1aa4314c1230eb61170.yaml b/nuclei-templates/2021/CVE-2021-25010-6dabd7288f9bf1aa4314c1230eb61170.yaml
index 684661189b..2560b5c658 100644
--- a/nuclei-templates/2021/CVE-2021-25010-6dabd7288f9bf1aa4314c1230eb61170.yaml
+++ b/nuclei-templates/2021/CVE-2021-25010-6dabd7288f9bf1aa4314c1230eb61170.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Snippets <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-snippets/"
     google-query: inurl:"/wp-content/plugins/post-snippets/"
     shodan-query: 'vuln:CVE-2021-25010'
-  tags: cve,wordpress,wp-plugin,post-snippets,critical
+  tags: cve,wordpress,wp-plugin,post-snippets,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25013-ac09455e90923727a5127092ab5cf052.yaml b/nuclei-templates/2021/CVE-2021-25013-ac09455e90923727a5127092ab5cf052.yaml
index c9418a8b8a..6c2805352b 100644
--- a/nuclei-templates/2021/CVE-2021-25013-ac09455e90923727a5127092ab5cf052.yaml
+++ b/nuclei-templates/2021/CVE-2021-25013-ac09455e90923727a5127092ab5cf052.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qubely <= 1.7.7 - Missing Authorization to Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qubely/"
     google-query: inurl:"/wp-content/plugins/qubely/"
     shodan-query: 'vuln:CVE-2021-25013'
-  tags: cve,wordpress,wp-plugin,qubely,medium
+  tags: cve,wordpress,wp-plugin,qubely,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25014-fdc54b4c35b7d9b62d80ce198388bdcb.yaml b/nuclei-templates/2021/CVE-2021-25014-fdc54b4c35b7d9b62d80ce198388bdcb.yaml
index d2f8de4f65..4ae2004901 100644
--- a/nuclei-templates/2021/CVE-2021-25014-fdc54b4c35b7d9b62d80ce198388bdcb.yaml
+++ b/nuclei-templates/2021/CVE-2021-25014-fdc54b4c35b7d9b62d80ce198388bdcb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ibtana – WordPress Website Builder <= 1.1.4.7 - Missing Authorization to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ibtana – WordPress Website Builder WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ibtana-visual-editor/"
     google-query: inurl:"/wp-content/plugins/ibtana-visual-editor/"
     shodan-query: 'vuln:CVE-2021-25014'
-  tags: cve,wordpress,wp-plugin,ibtana-visual-editor,medium
+  tags: cve,wordpress,wp-plugin,ibtana-visual-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25018-c42befeaabe8cc2f04b4d79fa9968af7.yaml b/nuclei-templates/2021/CVE-2021-25018-c42befeaabe8cc2f04b4d79fa9968af7.yaml
index 7c26ae1d18..3729dad5b0 100644
--- a/nuclei-templates/2021/CVE-2021-25018-c42befeaabe8cc2f04b4d79fa9968af7.yaml
+++ b/nuclei-templates/2021/CVE-2021-25018-c42befeaabe8cc2f04b4d79fa9968af7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PPOM for WooCommerce <= 23.9 - Missing Authorization to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-addon/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/"
     shodan-query: 'vuln:CVE-2021-25018'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-addon,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-product-addon,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25021-2442f509b4c40ac50640a6c02e5c1509.yaml b/nuclei-templates/2021/CVE-2021-25021-2442f509b4c40ac50640a6c02e5c1509.yaml
index 0a5faca323..a9c0581c3b 100644
--- a/nuclei-templates/2021/CVE-2021-25021-2442f509b4c40ac50640a6c02e5c1509.yaml
+++ b/nuclei-templates/2021/CVE-2021-25021-2442f509b4c40ac50640a6c02e5c1509.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OMGF <= 4.5.11 - Authenticated (Admin+) Arbitrary Folder Deletion via Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/host-webfonts-local/"
     google-query: inurl:"/wp-content/plugins/host-webfonts-local/"
     shodan-query: 'vuln:CVE-2021-25021'
-  tags: cve,wordpress,wp-plugin,host-webfonts-local,medium
+  tags: cve,wordpress,wp-plugin,host-webfonts-local,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25023-221fa8b539336ea57a6760f06055d98c.yaml b/nuclei-templates/2021/CVE-2021-25023-221fa8b539336ea57a6760f06055d98c.yaml
index 089913bc5d..4ea364517f 100644
--- a/nuclei-templates/2021/CVE-2021-25023-221fa8b539336ea57a6760f06055d98c.yaml
+++ b/nuclei-templates/2021/CVE-2021-25023-221fa8b539336ea57a6760f06055d98c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Speed Booster Pack <= 4.3.3 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the related table, leading to an SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/speed-booster-pack/"
     google-query: inurl:"/wp-content/plugins/speed-booster-pack/"
     shodan-query: 'vuln:CVE-2021-25023'
-  tags: cve,wordpress,wp-plugin,speed-booster-pack,high
+  tags: cve,wordpress,wp-plugin,speed-booster-pack,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25026-c914118ffbfe0c8c975fe93b917507cf.yaml b/nuclei-templates/2021/CVE-2021-25026-c914118ffbfe0c8c975fe93b917507cf.yaml
index 9fc18603e8..df0cb04227 100644
--- a/nuclei-templates/2021/CVE-2021-25026-c914118ffbfe0c8c975fe93b917507cf.yaml
+++ b/nuclei-templates/2021/CVE-2021-25026-c914118ffbfe0c8c975fe93b917507cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Patreon WordPress <= 1.8.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Patreon WordPress plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.8.1 due to insufficient privilege handling. This makes it possible for high-privilege users attackers to inject arbitrary web scripts that execute in a victim's browser even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/patreon-connect/"
     google-query: inurl:"/wp-content/plugins/patreon-connect/"
     shodan-query: 'vuln:CVE-2021-25026'
-  tags: cve,wordpress,wp-plugin,patreon-connect,medium
+  tags: cve,wordpress,wp-plugin,patreon-connect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25029-9424f0d1add83019568a32a2d432a588.yaml b/nuclei-templates/2021/CVE-2021-25029-9424f0d1add83019568a32a2d432a588.yaml
index 023230eec4..be352e0755 100644
--- a/nuclei-templates/2021/CVE-2021-25029-9424f0d1add83019568a32a2d432a588.yaml
+++ b/nuclei-templates/2021/CVE-2021-25029-9424f0d1add83019568a32a2d432a588.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CLUEVO E-Learning Platform <= 1.8.0 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
     The CLUEVO E-Learning Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping in the Course's module. This makes it possible for high privilege attackers, even when the unfiltered_html capability is disallowed, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
@@ -18,7 +18,7 @@ info:
     fofa-query: "wp-content/plugins/cluevo-lms/"
     google-query: inurl:"/wp-content/plugins/cluevo-lms/"
     shodan-query: 'vuln:CVE-2021-25029'
-  tags: cve,wordpress,wp-plugin,cluevo-lms,medium
+  tags: cve,wordpress,wp-plugin,cluevo-lms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25030-fb606eac6f1cd09b63793985561a9ded.yaml b/nuclei-templates/2021/CVE-2021-25030-fb606eac6f1cd09b63793985561a9ded.yaml
index 1d967ccd88..65ce548fae 100644
--- a/nuclei-templates/2021/CVE-2021-25030-fb606eac6f1cd09b63793985561a9ded.yaml
+++ b/nuclei-templates/2021/CVE-2021-25030-fb606eac6f1cd09b63793985561a9ded.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Made Easy <= 2.2.35 - Subscriber+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-made-easy/"
     google-query: inurl:"/wp-content/plugins/events-made-easy/"
     shodan-query: 'vuln:CVE-2021-25030'
-  tags: cve,wordpress,wp-plugin,events-made-easy,high
+  tags: cve,wordpress,wp-plugin,events-made-easy,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25037-814d85e88dab797899057f8e016cf74f.yaml b/nuclei-templates/2021/CVE-2021-25037-814d85e88dab797899057f8e016cf74f.yaml
index b6e1d07712..f2f268d0eb 100644
--- a/nuclei-templates/2021/CVE-2021-25037-814d85e88dab797899057f8e016cf74f.yaml
+++ b/nuclei-templates/2021/CVE-2021-25037-814d85e88dab797899057f8e016cf74f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO 4.1.3.1 - 4.1.5.2 - Authenticated SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:CVE-2021-25037'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,critical
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25042-6d7c8242c157e79033d5cce1ebd197e9.yaml b/nuclei-templates/2021/CVE-2021-25042-6d7c8242c157e79033d5cce1ebd197e9.yaml
index 96a3fc4b20..c2f861f158 100644
--- a/nuclei-templates/2021/CVE-2021-25042-6d7c8242c157e79033d5cce1ebd197e9.yaml
+++ b/nuclei-templates/2021/CVE-2021-25042-6d7c8242c157e79033d5cce1ebd197e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Visitor Statistics (Real Time Traffic) <= 5.4 - Missing Authorization to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-stats-manager/"
     google-query: inurl:"/wp-content/plugins/wp-stats-manager/"
     shodan-query: 'vuln:CVE-2021-25042'
-  tags: cve,wordpress,wp-plugin,wp-stats-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-stats-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25045-d214d99e51223f558d7540a78be5f43a.yaml b/nuclei-templates/2021/CVE-2021-25045-d214d99e51223f558d7540a78be5f43a.yaml
index 6c884201f8..28054c18f5 100644
--- a/nuclei-templates/2021/CVE-2021-25045-d214d99e51223f558d7540a78be5f43a.yaml
+++ b/nuclei-templates/2021/CVE-2021-25045-d214d99e51223f558d7540a78be5f43a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Asgaros Forum <= 1.15.14 - Admin+ SQL Injection via forum_id
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/asgaros-forum/"
     google-query: inurl:"/wp-content/plugins/asgaros-forum/"
     shodan-query: 'vuln:CVE-2021-25045'
-  tags: cve,wordpress,wp-plugin,asgaros-forum,high
+  tags: cve,wordpress,wp-plugin,asgaros-forum,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25046-61e330316e7097e0d9e2b13495d29a1f.yaml b/nuclei-templates/2021/CVE-2021-25046-61e330316e7097e0d9e2b13495d29a1f.yaml
index b1541884fb..83dda044b5 100644
--- a/nuclei-templates/2021/CVE-2021-25046-61e330316e7097e0d9e2b13495d29a1f.yaml
+++ b/nuclei-templates/2021/CVE-2021-25046-61e330316e7097e0d9e2b13495d29a1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar Lite <= 6.1.6 - Subscriber+ Category Add Leading to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2021-25046'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25048-48b0aa896289cd47d761dfb701222bb0.yaml b/nuclei-templates/2021/CVE-2021-25048-48b0aa896289cd47d761dfb701222bb0.yaml
index fc116ed793..00a3fe5f84 100644
--- a/nuclei-templates/2021/CVE-2021-25048-48b0aa896289cd47d761dfb701222bb0.yaml
+++ b/nuclei-templates/2021/CVE-2021-25048-48b0aa896289cd47d761dfb701222bb0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder KingComposer <= 2.9.6 - Authenticated Arbitrary Profile Creation and Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kingcomposer/"
     google-query: inurl:"/wp-content/plugins/kingcomposer/"
     shodan-query: 'vuln:CVE-2021-25048'
-  tags: cve,wordpress,wp-plugin,kingcomposer,high
+  tags: cve,wordpress,wp-plugin,kingcomposer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25049-32e884b82485fb448af167a249e58037.yaml b/nuclei-templates/2021/CVE-2021-25049-32e884b82485fb448af167a249e58037.yaml
index 6c50b10a18..f9db718b55 100644
--- a/nuclei-templates/2021/CVE-2021-25049-32e884b82485fb448af167a249e58037.yaml
+++ b/nuclei-templates/2021/CVE-2021-25049-32e884b82485fb448af167a249e58037.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mobile Events Manager < 1.4.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mobile-events-manager/"
     google-query: inurl:"/wp-content/plugins/mobile-events-manager/"
     shodan-query: 'vuln:CVE-2021-25049'
-  tags: cve,wordpress,wp-plugin,mobile-events-manager,medium
+  tags: cve,wordpress,wp-plugin,mobile-events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25050-3996e754fae7512574e32b3cc63b1ef7.yaml b/nuclei-templates/2021/CVE-2021-25050-3996e754fae7512574e32b3cc63b1ef7.yaml
index ae67e1f09f..0bd879281e 100644
--- a/nuclei-templates/2021/CVE-2021-25050-3996e754fae7512574e32b3cc63b1ef7.yaml
+++ b/nuclei-templates/2021/CVE-2021-25050-3996e754fae7512574e32b3cc63b1ef7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Remove Footer Credit <= 1.0.10 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/remove-footer-credit/"
     google-query: inurl:"/wp-content/plugins/remove-footer-credit/"
     shodan-query: 'vuln:CVE-2021-25050'
-  tags: cve,wordpress,wp-plugin,remove-footer-credit,medium
+  tags: cve,wordpress,wp-plugin,remove-footer-credit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25051-53ff289b27bc5f383393c1a07c0f7797.yaml b/nuclei-templates/2021/CVE-2021-25051-53ff289b27bc5f383393c1a07c0f7797.yaml
index 21fc3d6b77..cd45aaab9e 100644
--- a/nuclei-templates/2021/CVE-2021-25051-53ff289b27bc5f383393c1a07c0f7797.yaml
+++ b/nuclei-templates/2021/CVE-2021-25051-53ff289b27bc5f383393c1a07c0f7797.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modal Window – create popup modal window <= 5.2.1 - Cross-Site Request Forgery to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modal-window/"
     google-query: inurl:"/wp-content/plugins/modal-window/"
     shodan-query: 'vuln:CVE-2021-25051'
-  tags: cve,wordpress,wp-plugin,modal-window,high
+  tags: cve,wordpress,wp-plugin,modal-window,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25052-42e2e881f29393c821ce6d432bf2a46a.yaml b/nuclei-templates/2021/CVE-2021-25052-42e2e881f29393c821ce6d432bf2a46a.yaml
index d1c327fb89..d227d6575f 100644
--- a/nuclei-templates/2021/CVE-2021-25052-42e2e881f29393c821ce6d432bf2a46a.yaml
+++ b/nuclei-templates/2021/CVE-2021-25052-42e2e881f29393c821ce6d432bf2a46a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Button Generator – easily Button Builder <= 2.3.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Button Generator WordPress plugin before 2.3.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/button-generation/"
     google-query: inurl:"/wp-content/plugins/button-generation/"
     shodan-query: 'vuln:CVE-2021-25052'
-  tags: cve,wordpress,wp-plugin,button-generation,high
+  tags: cve,wordpress,wp-plugin,button-generation,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25053-ed25dc4554a62fa61ab6134b2e367cf7.yaml b/nuclei-templates/2021/CVE-2021-25053-ed25dc4554a62fa61ab6134b2e367cf7.yaml
index d9a44b0a22..30acd5d593 100644
--- a/nuclei-templates/2021/CVE-2021-25053-ed25dc4554a62fa61ab6134b2e367cf7.yaml
+++ b/nuclei-templates/2021/CVE-2021-25053-ed25dc4554a62fa61ab6134b2e367cf7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Coder <= 2.5.1 - Remote File Inclusion leading to Remote Code Execution via Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-coder/"
     google-query: inurl:"/wp-content/plugins/wp-coder/"
     shodan-query: 'vuln:CVE-2021-25053'
-  tags: cve,wordpress,wp-plugin,wp-coder,high
+  tags: cve,wordpress,wp-plugin,wp-coder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25054-8c686690daafe251c11d3b5105b46fb5.yaml b/nuclei-templates/2021/CVE-2021-25054-8c686690daafe251c11d3b5105b46fb5.yaml
index ef90c7993e..05b86cb52c 100644
--- a/nuclei-templates/2021/CVE-2021-25054-8c686690daafe251c11d3b5105b46fb5.yaml
+++ b/nuclei-templates/2021/CVE-2021-25054-8c686690daafe251c11d3b5105b46fb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPcalc – Create any online calculators <= 2.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpcalc/"
     google-query: inurl:"/wp-content/plugins/wpcalc/"
     shodan-query: 'vuln:CVE-2021-25054'
-  tags: cve,wordpress,wp-plugin,wpcalc,high
+  tags: cve,wordpress,wp-plugin,wpcalc,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25056-2955aefdf1cefad709d8b720d6db9ca9.yaml b/nuclei-templates/2021/CVE-2021-25056-2955aefdf1cefad709d8b720d6db9ca9.yaml
index 18c6d95988..5a73efebe7 100644
--- a/nuclei-templates/2021/CVE-2021-25056-2955aefdf1cefad709d8b720d6db9ca9.yaml
+++ b/nuclei-templates/2021/CVE-2021-25056-2955aefdf1cefad709d8b720d6db9ca9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 3.6.9 - Cross-Site Scripting via field label
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ninja Forms Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via field labels in versions up to, and including, 3.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2021-25056'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25057-31af361d998f1bee646666eb75e8dde6.yaml b/nuclei-templates/2021/CVE-2021-25057-31af361d998f1bee646666eb75e8dde6.yaml
index a25bb701aa..cfe65b1db4 100644
--- a/nuclei-templates/2021/CVE-2021-25057-31af361d998f1bee646666eb75e8dde6.yaml
+++ b/nuclei-templates/2021/CVE-2021-25057-31af361d998f1bee646666eb75e8dde6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Translation Exchange <= 1.0.14 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text field found in the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/translation-exchange/"
     google-query: inurl:"/wp-content/plugins/translation-exchange/"
     shodan-query: 'vuln:CVE-2021-25057'
-  tags: cve,wordpress,wp-plugin,translation-exchange,medium
+  tags: cve,wordpress,wp-plugin,translation-exchange,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25058-073c84bcdcba646c59175dbb887b7a95.yaml b/nuclei-templates/2021/CVE-2021-25058-073c84bcdcba646c59175dbb887b7a95.yaml
index 0237d9425f..7fc809545e 100644
--- a/nuclei-templates/2021/CVE-2021-25058-073c84bcdcba646c59175dbb887b7a95.yaml
+++ b/nuclei-templates/2021/CVE-2021-25058-073c84bcdcba646c59175dbb887b7a95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Buffer Button <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-buffer-button/"
     google-query: inurl:"/wp-content/plugins/the-buffer-button/"
     shodan-query: 'vuln:CVE-2021-25058'
-  tags: cve,wordpress,wp-plugin,the-buffer-button,medium
+  tags: cve,wordpress,wp-plugin,the-buffer-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25059-8a3bfba63e8785572c67f2c51b59a6d0.yaml b/nuclei-templates/2021/CVE-2021-25059-8a3bfba63e8785572c67f2c51b59a6d0.yaml
index 275b7d8ecf..b3e901a1ea 100644
--- a/nuclei-templates/2021/CVE-2021-25059-8a3bfba63e8785572c67f2c51b59a6d0.yaml
+++ b/nuclei-templates/2021/CVE-2021-25059-8a3bfba63e8785572c67f2c51b59a6d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Plugin <= 1.6.2 - Missing Authorization and Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Download Plugin plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.6.2 due to missing capability checks on the dpwap_plugin_multiple_download_func function. This makes it possible for authenticated attackers with subscriber-level attackers to create and download arbitrary content as backup zip files in the wp-content folder.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-plugin/"
     google-query: inurl:"/wp-content/plugins/download-plugin/"
     shodan-query: 'vuln:CVE-2021-25059'
-  tags: cve,wordpress,wp-plugin,download-plugin,medium
+  tags: cve,wordpress,wp-plugin,download-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25060-828427f0b9437525d7829a16b68575dc.yaml b/nuclei-templates/2021/CVE-2021-25060-828427f0b9437525d7829a16b68575dc.yaml
index f0b7d0abd2..424dfaa056 100644
--- a/nuclei-templates/2021/CVE-2021-25060-828427f0b9437525d7829a16b68575dc.yaml
+++ b/nuclei-templates/2021/CVE-2021-25060-828427f0b9437525d7829a16b68575dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Five Star Business Profile and Schema <= 2.1.6 - Subscriber+ Page Creation & Settings Update to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/business-profile/"
     google-query: inurl:"/wp-content/plugins/business-profile/"
     shodan-query: 'vuln:CVE-2021-25060'
-  tags: cve,wordpress,wp-plugin,business-profile,medium
+  tags: cve,wordpress,wp-plugin,business-profile,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25064-d561f3d81e84a307c0bd1e31854171e0.yaml b/nuclei-templates/2021/CVE-2021-25064-d561f3d81e84a307c0bd1e31854171e0.yaml
index 428234b6c8..7e03f23ae6 100644
--- a/nuclei-templates/2021/CVE-2021-25064-d561f3d81e84a307c0bd1e31854171e0.yaml
+++ b/nuclei-templates/2021/CVE-2021-25064-d561f3d81e84a307c0bd1e31854171e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wow Countdowns <= 3.1.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mwp-countdown/"
     google-query: inurl:"/wp-content/plugins/mwp-countdown/"
     shodan-query: 'vuln:CVE-2021-25064'
-  tags: cve,wordpress,wp-plugin,mwp-countdown,high
+  tags: cve,wordpress,wp-plugin,mwp-countdown,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25066-88ca4a7bd7c66c74cd477716cd98c157.yaml b/nuclei-templates/2021/CVE-2021-25066-88ca4a7bd7c66c74cd477716cd98c157.yaml
index 81e5a0e2c9..eb1b373117 100644
--- a/nuclei-templates/2021/CVE-2021-25066-88ca4a7bd7c66c74cd477716cd98c157.yaml
+++ b/nuclei-templates/2021/CVE-2021-25066-88ca4a7bd7c66c74cd477716cd98c157.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Ninja Forms Contact Form <= 3.6.10 - Authenticated (Admin+) Stored Cross-Site Scripting via import
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ninja Forms Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters found in an import in versions up to, and including, 3.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2021-25066'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25068-b2d6fe0a5065d0107b2198e03dfa4409.yaml b/nuclei-templates/2021/CVE-2021-25068-b2d6fe0a5065d0107b2198e03dfa4409.yaml
index 548d3cb6fa..2eb8e8be11 100644
--- a/nuclei-templates/2021/CVE-2021-25068-b2d6fe0a5065d0107b2198e03dfa4409.yaml
+++ b/nuclei-templates/2021/CVE-2021-25068-b2d6fe0a5065d0107b2198e03dfa4409.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sync WooCommerce Product feed to Google Shopping <= 1.2.4  - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exportfeed-for-woocommerce-google-product-feed/"
     google-query: inurl:"/wp-content/plugins/exportfeed-for-woocommerce-google-product-feed/"
     shodan-query: 'vuln:CVE-2021-25068'
-  tags: cve,wordpress,wp-plugin,exportfeed-for-woocommerce-google-product-feed,high
+  tags: cve,wordpress,wp-plugin,exportfeed-for-woocommerce-google-product-feed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25069-e5651ec96e6ca99165a7dcf4611fe4ad.yaml b/nuclei-templates/2021/CVE-2021-25069-e5651ec96e6ca99165a7dcf4611fe4ad.yaml
index 7426c269b6..e21e5c0bba 100644
--- a/nuclei-templates/2021/CVE-2021-25069-e5651ec96e6ca99165a7dcf4611fe4ad.yaml
+++ b/nuclei-templates/2021/CVE-2021-25069-e5651ec96e6ca99165a7dcf4611fe4ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 3.2.33 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2021-25069'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25073-498ee45b8c7fc3083e30dce9b4fdf901.yaml b/nuclei-templates/2021/CVE-2021-25073-498ee45b8c7fc3083e30dce9b4fdf901.yaml
index e913edf27c..170d6cfae7 100644
--- a/nuclei-templates/2021/CVE-2021-25073-498ee45b8c7fc3083e30dce9b4fdf901.yaml
+++ b/nuclei-templates/2021/CVE-2021-25073-498ee45b8c7fc3083e30dce9b4fdf901.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP125 <= 1.5.4 -  Cross-Site Request Forgery to Arbitrary Ad Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp125/"
     google-query: inurl:"/wp-content/plugins/wp125/"
     shodan-query: 'vuln:CVE-2021-25073'
-  tags: cve,wordpress,wp-plugin,wp125,high
+  tags: cve,wordpress,wp-plugin,wp125,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25075-b4ec89e0637e2a12e7606215722e4f54.yaml b/nuclei-templates/2021/CVE-2021-25075-b4ec89e0637e2a12e7606215722e4f54.yaml
index 8c891d3f44..5e077a47fe 100644
--- a/nuclei-templates/2021/CVE-2021-25075-b4ec89e0637e2a12e7606215722e4f54.yaml
+++ b/nuclei-templates/2021/CVE-2021-25075-b4ec89e0637e2a12e7606215722e4f54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Page or Post <= 1.5.0 - Missing Authorization to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-page-or-post/"
     google-query: inurl:"/wp-content/plugins/duplicate-page-or-post/"
     shodan-query: 'vuln:CVE-2021-25075'
-  tags: cve,wordpress,wp-plugin,duplicate-page-or-post,medium
+  tags: cve,wordpress,wp-plugin,duplicate-page-or-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25076-36566c3afb06b969f751eee41300c71b.yaml b/nuclei-templates/2021/CVE-2021-25076-36566c3afb06b969f751eee41300c71b.yaml
index d6c3fd737b..461b19a48f 100644
--- a/nuclei-templates/2021/CVE-2021-25076-36566c3afb06b969f751eee41300c71b.yaml
+++ b/nuclei-templates/2021/CVE-2021-25076-36566c3afb06b969f751eee41300c71b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Frontend <= 3.5.25 - SQL Injection & Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-frontend/"
     google-query: inurl:"/wp-content/plugins/wp-user-frontend/"
     shodan-query: 'vuln:CVE-2021-25076'
-  tags: cve,wordpress,wp-plugin,wp-user-frontend,high
+  tags: cve,wordpress,wp-plugin,wp-user-frontend,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25082-1f9ac7c68fe8ba8939533494bdaf6f2c.yaml b/nuclei-templates/2021/CVE-2021-25082-1f9ac7c68fe8ba8939533494bdaf6f2c.yaml
index a84ff9182c..4ca2a98b6f 100644
--- a/nuclei-templates/2021/CVE-2021-25082-1f9ac7c68fe8ba8939533494bdaf6f2c.yaml
+++ b/nuclei-templates/2021/CVE-2021-25082-1f9ac7c68fe8ba8939533494bdaf6f2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder <= 4.0.6 - Local File Inclusion and PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-builder/"
     google-query: inurl:"/wp-content/plugins/popup-builder/"
     shodan-query: 'vuln:CVE-2021-25082'
-  tags: cve,wordpress,wp-plugin,popup-builder,high
+  tags: cve,wordpress,wp-plugin,popup-builder,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25084-9b156b803761678f004bbe691278814c.yaml b/nuclei-templates/2021/CVE-2021-25084-9b156b803761678f004bbe691278814c.yaml
index f5cde45cef..6325c6d335 100644
--- a/nuclei-templates/2021/CVE-2021-25084-9b156b803761678f004bbe691278814c.yaml
+++ b/nuclei-templates/2021/CVE-2021-25084-9b156b803761678f004bbe691278814c.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2021-25084
   metadata:
-    fofa-query: "wp-content/plugins/advanced-cron-manager/"
-    google-query: inurl:"/wp-content/plugins/advanced-cron-manager/"
+    fofa-query: "wp-content/plugins/advanced-cron-manager-pro/"
+    google-query: inurl:"/wp-content/plugins/advanced-cron-manager-pro/"
     shodan-query: 'vuln:CVE-2021-25084'
-  tags: cve,wordpress,wp-plugin,advanced-cron-manager,medium
+  tags: cve,wordpress,wp-plugin,advanced-cron-manager-pro,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/advanced-cron-manager/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/advanced-cron-manager-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "advanced-cron-manager"
+          - "advanced-cron-manager-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2021/CVE-2021-25088-a8343a6c54d23e35a66b54c79a6e406e.yaml b/nuclei-templates/2021/CVE-2021-25088-a8343a6c54d23e35a66b54c79a6e406e.yaml
index 1c73c0aabf..b352603e4f 100644
--- a/nuclei-templates/2021/CVE-2021-25088-a8343a6c54d23e35a66b54c79a6e406e.yaml
+++ b/nuclei-templates/2021/CVE-2021-25088-a8343a6c54d23e35a66b54c79a6e406e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XML Sitemaps <= 4.1.1 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The XML Sitemaps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping on the Debug page. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-sitemap-generator/"
     google-query: inurl:"/wp-content/plugins/google-sitemap-generator/"
     shodan-query: 'vuln:CVE-2021-25088'
-  tags: cve,wordpress,wp-plugin,google-sitemap-generator,medium
+  tags: cve,wordpress,wp-plugin,google-sitemap-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25090-422a760ab8a04278c237785bf5be638b.yaml b/nuclei-templates/2021/CVE-2021-25090-422a760ab8a04278c237785bf5be638b.yaml
index 67ddd22576..6547d7a1c4 100644
--- a/nuclei-templates/2021/CVE-2021-25090-422a760ab8a04278c237785bf5be638b.yaml
+++ b/nuclei-templates/2021/CVE-2021-25090-422a760ab8a04278c237785bf5be638b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GridKit Portfolio <= 2.0.0 - Subscriber+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/portfolio-wp/"
     google-query: inurl:"/wp-content/plugins/portfolio-wp/"
     shodan-query: 'vuln:CVE-2021-25090'
-  tags: cve,wordpress,wp-plugin,portfolio-wp,medium
+  tags: cve,wordpress,wp-plugin,portfolio-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25093-45cc93dab6d9a9c50a4569ff06d10d7a.yaml b/nuclei-templates/2021/CVE-2021-25093-45cc93dab6d9a9c50a4569ff06d10d7a.yaml
index b97f815458..657d172d3b 100644
--- a/nuclei-templates/2021/CVE-2021-25093-45cc93dab6d9a9c50a4569ff06d10d7a.yaml
+++ b/nuclei-templates/2021/CVE-2021-25093-45cc93dab6d9a9c50a4569ff06d10d7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link Library <= 7.2.7 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-library/"
     google-query: inurl:"/wp-content/plugins/link-library/"
     shodan-query: 'vuln:CVE-2021-25093'
-  tags: cve,wordpress,wp-plugin,link-library,medium
+  tags: cve,wordpress,wp-plugin,link-library,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25094-fbd8ecc6dba160d0b0ce8ccb8069b0ff.yaml b/nuclei-templates/2021/CVE-2021-25094-fbd8ecc6dba160d0b0ce8ccb8069b0ff.yaml
index e5d37c0fa5..387238b567 100644
--- a/nuclei-templates/2021/CVE-2021-25094-fbd8ecc6dba160d0b0ce8ccb8069b0ff.yaml
+++ b/nuclei-templates/2021/CVE-2021-25094-fbd8ecc6dba160d0b0ce8ccb8069b0ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tatsu <= 3.3.12 - Unauthenticated Remote Code Execution
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Tatsu WordPress plugin before 3.3.13 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tatsu/"
     google-query: inurl:"/wp-content/plugins/tatsu/"
     shodan-query: 'vuln:CVE-2021-25094'
-  tags: cve,wordpress,wp-plugin,tatsu,medium
+  tags: cve,wordpress,wp-plugin,tatsu,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25097-d4cabd09aa67db7f89a13839c46aab51.yaml b/nuclei-templates/2021/CVE-2021-25097-d4cabd09aa67db7f89a13839c46aab51.yaml
index ec320366db..5d71dbb0ba 100644
--- a/nuclei-templates/2021/CVE-2021-25097-d4cabd09aa67db7f89a13839c46aab51.yaml
+++ b/nuclei-templates/2021/CVE-2021-25097-d4cabd09aa67db7f89a13839c46aab51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LabTools <= 1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/labtools/"
     google-query: inurl:"/wp-content/plugins/labtools/"
     shodan-query: 'vuln:CVE-2021-25097'
-  tags: cve,wordpress,wp-plugin,labtools,medium
+  tags: cve,wordpress,wp-plugin,labtools,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25105-0f70db17156622f62eb6b0301d900f5d.yaml b/nuclei-templates/2021/CVE-2021-25105-0f70db17156622f62eb6b0301d900f5d.yaml
index 013cde759f..487710afca 100644
--- a/nuclei-templates/2021/CVE-2021-25105-0f70db17156622f62eb6b0301d900f5d.yaml
+++ b/nuclei-templates/2021/CVE-2021-25105-0f70db17156622f62eb6b0301d900f5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ivory Search <= 5.4 - Multiple Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-search-to-menu/"
     google-query: inurl:"/wp-content/plugins/add-search-to-menu/"
     shodan-query: 'vuln:CVE-2021-25105'
-  tags: cve,wordpress,wp-plugin,add-search-to-menu,medium
+  tags: cve,wordpress,wp-plugin,add-search-to-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25106-aa2d32a6da076063dc14a9036390d1fe.yaml b/nuclei-templates/2021/CVE-2021-25106-aa2d32a6da076063dc14a9036390d1fe.yaml
index 905943454a..b8f0e85333 100644
--- a/nuclei-templates/2021/CVE-2021-25106-aa2d32a6da076063dc14a9036390d1fe.yaml
+++ b/nuclei-templates/2021/CVE-2021-25106-aa2d32a6da076063dc14a9036390d1fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Privacy Policy Generator, Terms & Conditions Generator - WPLegalPages <= 2.7.0 - Arbitrary Settings Update to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wplegalpages/"
     google-query: inurl:"/wp-content/plugins/wplegalpages/"
     shodan-query: 'vuln:CVE-2021-25106'
-  tags: cve,wordpress,wp-plugin,wplegalpages,medium
+  tags: cve,wordpress,wp-plugin,wplegalpages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25107-457136e7a482f19e1fb7eda420cd0512.yaml b/nuclei-templates/2021/CVE-2021-25107-457136e7a482f19e1fb7eda420cd0512.yaml
index 6455cd990a..0e867c1ad9 100644
--- a/nuclei-templates/2021/CVE-2021-25107-457136e7a482f19e1fb7eda420cd0512.yaml
+++ b/nuclei-templates/2021/CVE-2021-25107-457136e7a482f19e1fb7eda420cd0512.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Store to DB <= 1.1.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-store-to-db-lite/"
     google-query: inurl:"/wp-content/plugins/cf7-store-to-db-lite/"
     shodan-query: 'vuln:CVE-2021-25107'
-  tags: cve,wordpress,wp-plugin,cf7-store-to-db-lite,medium
+  tags: cve,wordpress,wp-plugin,cf7-store-to-db-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25108-28eb2dd9b394a6991989e0316614fa07.yaml b/nuclei-templates/2021/CVE-2021-25108-28eb2dd9b394a6991989e0316614fa07.yaml
index f3c1e26151..045ad4d715 100644
--- a/nuclei-templates/2021/CVE-2021-25108-28eb2dd9b394a6991989e0316614fa07.yaml
+++ b/nuclei-templates/2021/CVE-2021-25108-28eb2dd9b394a6991989e0316614fa07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IP2Location Country Blocker <= 2.26.5 - Arbitrary Country Ban via Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ip2location-country-blocker/"
     google-query: inurl:"/wp-content/plugins/ip2location-country-blocker/"
     shodan-query: 'vuln:CVE-2021-25108'
-  tags: cve,wordpress,wp-plugin,ip2location-country-blocker,high
+  tags: cve,wordpress,wp-plugin,ip2location-country-blocker,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25109-3fb7396e595eda0e4c64d906babd7ea9.yaml b/nuclei-templates/2021/CVE-2021-25109-3fb7396e595eda0e4c64d906babd7ea9.yaml
index 7b2cd87663..aae4ade83c 100644
--- a/nuclei-templates/2021/CVE-2021-25109-3fb7396e595eda0e4c64d906babd7ea9.yaml
+++ b/nuclei-templates/2021/CVE-2021-25109-3fb7396e595eda0e4c64d906babd7ea9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Futurio Extra <= 1.6.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/futurio-extra/"
     google-query: inurl:"/wp-content/plugins/futurio-extra/"
     shodan-query: 'vuln:CVE-2021-25109'
-  tags: cve,wordpress,wp-plugin,futurio-extra,high
+  tags: cve,wordpress,wp-plugin,futurio-extra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25117-230dca5ad7a4f65f364511571d38f472.yaml b/nuclei-templates/2021/CVE-2021-25117-230dca5ad7a4f65f364511571d38f472.yaml
index 59de02b836..82ae160fb1 100644
--- a/nuclei-templates/2021/CVE-2021-25117-230dca5ad7a4f65f364511571d38f472.yaml
+++ b/nuclei-templates/2021/CVE-2021-25117-230dca5ad7a4f65f364511571d38f472.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-PostRatings <= 1.86 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-PostRatings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘postratings_image’ parameter in versions up to, and including, 1.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-postratings/"
     google-query: inurl:"/wp-content/plugins/wp-postratings/"
     shodan-query: 'vuln:CVE-2021-25117'
-  tags: cve,wordpress,wp-plugin,wp-postratings,medium
+  tags: cve,wordpress,wp-plugin,wp-postratings,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25119-b320e1c5f0dacab6b03f963021265f72.yaml b/nuclei-templates/2021/CVE-2021-25119-b320e1c5f0dacab6b03f963021265f72.yaml
index 97f4776ece..e8ed630971 100644
--- a/nuclei-templates/2021/CVE-2021-25119-b320e1c5f0dacab6b03f963021265f72.yaml
+++ b/nuclei-templates/2021/CVE-2021-25119-b320e1c5f0dacab6b03f963021265f72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AGIL(Automatic Grid Image Listing) <= 1.0 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/automatic-grid-image-listing/"
     google-query: inurl:"/wp-content/plugins/automatic-grid-image-listing/"
     shodan-query: 'vuln:CVE-2021-25119'
-  tags: cve,wordpress,wp-plugin,automatic-grid-image-listing,high
+  tags: cve,wordpress,wp-plugin,automatic-grid-image-listing,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-25120-dcded48546674d8a7147bd7b9ee5af2d.yaml b/nuclei-templates/2021/CVE-2021-25120-dcded48546674d8a7147bd7b9ee5af2d.yaml
index 09ceaa6224..a841b8fbe9 100644
--- a/nuclei-templates/2021/CVE-2021-25120-dcded48546674d8a7147bd7b9ee5af2d.yaml
+++ b/nuclei-templates/2021/CVE-2021-25120-dcded48546674d8a7147bd7b9ee5af2d.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2021-25120
   metadata:
-    fofa-query: "wp-content/plugins/easy-facebook-likebox/"
-    google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/"
+    fofa-query: "wp-content/plugins/UNKNOWN-CVE-2021-25120/"
+    google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2021-25120/"
     shodan-query: 'vuln:CVE-2021-25120'
-  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2021-25120,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2021-25120/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "easy-facebook-likebox"
+          - "UNKNOWN-CVE-2021-25120"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2021/CVE-2021-26609-33e169ef58595c551d71b2a0f254c1a0.yaml b/nuclei-templates/2021/CVE-2021-26609-33e169ef58595c551d71b2a0f254c1a0.yaml
index 1e96d24693..8a250522cc 100644
--- a/nuclei-templates/2021/CVE-2021-26609-33e169ef58595c551d71b2a0f254c1a0.yaml
+++ b/nuclei-templates/2021/CVE-2021-26609-33e169ef58595c551d71b2a0f254c1a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mangboard <= 1.9.9 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mangboard/"
     google-query: inurl:"/wp-content/plugins/mangboard/"
     shodan-query: 'vuln:CVE-2021-26609'
-  tags: cve,wordpress,wp-plugin,mangboard,high
+  tags: cve,wordpress,wp-plugin,mangboard,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-26754-25ab8b4cfcb0262dc70ad0a958834bfd.yaml b/nuclei-templates/2021/CVE-2021-26754-25ab8b4cfcb0262dc70ad0a958834bfd.yaml
index 257099ffdc..bed7cd4455 100644
--- a/nuclei-templates/2021/CVE-2021-26754-25ab8b4cfcb0262dc70ad0a958834bfd.yaml
+++ b/nuclei-templates/2021/CVE-2021-26754-25ab8b4cfcb0262dc70ad0a958834bfd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDataTables (Premium) <= 3.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. Please note that this only affects the premium version of the plugin which shares the same slug as the free version.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdatatables/"
     google-query: inurl:"/wp-content/plugins/wpdatatables/"
     shodan-query: 'vuln:CVE-2021-26754'
-  tags: cve,wordpress,wp-plugin,wpdatatables,high
+  tags: cve,wordpress,wp-plugin,wpdatatables,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-27349-45f3255db2b21cf02cfd20c83ca9648c.yaml b/nuclei-templates/2021/CVE-2021-27349-45f3255db2b21cf02cfd20c83ca9648c.yaml
index 4ff38a063f..fef2c063f3 100644
--- a/nuclei-templates/2021/CVE-2021-27349-45f3255db2b21cf02cfd20c83ca9648c.yaml
+++ b/nuclei-templates/2021/CVE-2021-27349-45f3255db2b21cf02cfd20c83ca9648c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Order Export for WooCommerce <= 3.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-order-export-lite/"
     google-query: inurl:"/wp-content/plugins/woo-order-export-lite/"
     shodan-query: 'vuln:CVE-2021-27349'
-  tags: cve,wordpress,wp-plugin,woo-order-export-lite,medium
+  tags: cve,wordpress,wp-plugin,woo-order-export-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-28121-2d9ff787627cd2e1924f86a1568cd815.yaml b/nuclei-templates/2021/CVE-2021-28121-2d9ff787627cd2e1924f86a1568cd815.yaml
index e0d7a93564..02c6908628 100644
--- a/nuclei-templates/2021/CVE-2021-28121-2d9ff787627cd2e1924f86a1568cd815.yaml
+++ b/nuclei-templates/2021/CVE-2021-28121-2d9ff787627cd2e1924f86a1568cd815.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Virtual Robots.txt < 1.10 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/virtual-robotstxt-littlebizzy/"
     google-query: inurl:"/wp-content/plugins/virtual-robotstxt-littlebizzy/"
     shodan-query: 'vuln:CVE-2021-28121'
-  tags: cve,wordpress,wp-plugin,virtual-robotstxt-littlebizzy,medium
+  tags: cve,wordpress,wp-plugin,virtual-robotstxt-littlebizzy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-3124-1e3e94ac66c9cccf9af54623829f9f1e.yaml b/nuclei-templates/2021/CVE-2021-3124-1e3e94ac66c9cccf9af54623829f9f1e.yaml
index c375c5829d..76fbd07758 100644
--- a/nuclei-templates/2021/CVE-2021-3124-1e3e94ac66c9cccf9af54623829f9f1e.yaml
+++ b/nuclei-templates/2021/CVE-2021-3124-1e3e94ac66c9cccf9af54623829f9f1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Global Variables <= 1.0.5 - Stored Cross-Site Scripting via 'name'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-global-variables/"
     google-query: inurl:"/wp-content/plugins/custom-global-variables/"
     shodan-query: 'vuln:CVE-2021-3124'
-  tags: cve,wordpress,wp-plugin,custom-global-variables,medium
+  tags: cve,wordpress,wp-plugin,custom-global-variables,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-3133-66e7875aa9a79f68060a917eb8074082.yaml b/nuclei-templates/2021/CVE-2021-3133-66e7875aa9a79f68060a917eb8074082.yaml
index ffd8d0a6db..26908eafff 100644
--- a/nuclei-templates/2021/CVE-2021-3133-66e7875aa9a79f68060a917eb8074082.yaml
+++ b/nuclei-templates/2021/CVE-2021-3133-66e7875aa9a79f68060a917eb8074082.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Contact Form DB <= 1.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sb-elementor-contact-form-db/"
     google-query: inurl:"/wp-content/plugins/sb-elementor-contact-form-db/"
     shodan-query: 'vuln:CVE-2021-3133'
-  tags: cve,wordpress,wp-plugin,sb-elementor-contact-form-db,high
+  tags: cve,wordpress,wp-plugin,sb-elementor-contact-form-db,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-31567-bdf53bf0d4580f34f6ebb2e5285d2f9e.yaml b/nuclei-templates/2021/CVE-2021-31567-bdf53bf0d4580f34f6ebb2e5285d2f9e.yaml
index 5cdc98d640..ce102e2fd0 100644
--- a/nuclei-templates/2021/CVE-2021-31567-bdf53bf0d4580f34f6ebb2e5285d2f9e.yaml
+++ b/nuclei-templates/2021/CVE-2021-31567-bdf53bf0d4580f34f6ebb2e5285d2f9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 4.4.6 - Authenticated (Admin+) Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:CVE-2021-31567'
-  tags: cve,wordpress,wp-plugin,download-monitor,medium
+  tags: cve,wordpress,wp-plugin,download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-32789-749a7702ffa607983798f5d2868f83ea.yaml b/nuclei-templates/2021/CVE-2021-32789-749a7702ffa607983798f5d2868f83ea.yaml
index ae4d55d0ed..c4feb04092 100644
--- a/nuclei-templates/2021/CVE-2021-32789-749a7702ffa607983798f5d2868f83ea.yaml
+++ b/nuclei-templates/2021/CVE-2021-32789-749a7702ffa607983798f5d2868f83ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Blocks < 5.5 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-gutenberg-products-block/"
     google-query: inurl:"/wp-content/plugins/woo-gutenberg-products-block/"
     shodan-query: 'vuln:CVE-2021-32789'
-  tags: cve,wordpress,wp-plugin,woo-gutenberg-products-block,high
+  tags: cve,wordpress,wp-plugin,woo-gutenberg-products-block,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-32790-487085694140471bbcc32f33541e46e2.yaml b/nuclei-templates/2021/CVE-2021-32790-487085694140471bbcc32f33541e46e2.yaml
index 4764192637..cbe27350e3 100644
--- a/nuclei-templates/2021/CVE-2021-32790-487085694140471bbcc32f33541e46e2.yaml
+++ b/nuclei-templates/2021/CVE-2021-32790-487085694140471bbcc32f33541e46e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce < 5.5 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 5.5. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoints of `/wp-json/wc/v3/webhooks`, `/wp-json/wc/v2/webhooks` and other webhook listing API. Read-only SQL queries can be executed using this exploit, while data will not be returned, by carefully crafting `search` parameter information can be disclosed using timing and related attacks. Version 3.3.6 is the earliest version of Woocommerce with a patch for this vulnerability. There are no known workarounds other than upgrading.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:CVE-2021-32790'
-  tags: cve,wordpress,wp-plugin,woocommerce,high
+  tags: cve,wordpress,wp-plugin,woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-33849-db1fed2fca8e80d33156bce8fe1dd724.yaml b/nuclei-templates/2021/CVE-2021-33849-db1fed2fca8e80d33156bce8fe1dd724.yaml
index 3b7b540638..c0cd5614fa 100644
--- a/nuclei-templates/2021/CVE-2021-33849-db1fed2fca8e80d33156bce8fe1dd724.yaml
+++ b/nuclei-templates/2021/CVE-2021-33849-db1fed2fca8e80d33156bce8fe1dd724.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zoho CRM Lead Magnet <= 1.7.2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user&#8217;s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zoho-crm-forms/"
     google-query: inurl:"/wp-content/plugins/zoho-crm-forms/"
     shodan-query: 'vuln:CVE-2021-33849'
-  tags: cve,wordpress,wp-plugin,zoho-crm-forms,medium
+  tags: cve,wordpress,wp-plugin,zoho-crm-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-33850-41374c7f8d145b4ed7aa35f41d920496.yaml b/nuclei-templates/2021/CVE-2021-33850-41374c7f8d145b4ed7aa35f41d920496.yaml
index 4c74b4bcff..751a10a052 100644
--- a/nuclei-templates/2021/CVE-2021-33850-41374c7f8d145b4ed7aa35f41d920496.yaml
+++ b/nuclei-templates/2021/CVE-2021-33850-41374c7f8d145b4ed7aa35f41d920496.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Microsoft Clarity <= 0.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/microsoft-clarity/"
     google-query: inurl:"/wp-content/plugins/microsoft-clarity/"
     shodan-query: 'vuln:CVE-2021-33850'
-  tags: cve,wordpress,wp-plugin,microsoft-clarity,medium
+  tags: cve,wordpress,wp-plugin,microsoft-clarity,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-33851-cdd44eb1f0b901b8f5061171a068c613.yaml b/nuclei-templates/2021/CVE-2021-33851-cdd44eb1f0b901b8f5061171a068c613.yaml
index 359e6ddef1..67c190b146 100644
--- a/nuclei-templates/2021/CVE-2021-33851-cdd44eb1f0b901b8f5061171a068c613.yaml
+++ b/nuclei-templates/2021/CVE-2021-33851-cdd44eb1f0b901b8f5061171a068c613.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customize Login Image <= 3.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customize-login-image/"
     google-query: inurl:"/wp-content/plugins/customize-login-image/"
     shodan-query: 'vuln:CVE-2021-33851'
-  tags: cve,wordpress,wp-plugin,customize-login-image,medium
+  tags: cve,wordpress,wp-plugin,customize-login-image,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-33852-4411dec3eca9ec1ccdcf332ed790a4a3.yaml b/nuclei-templates/2021/CVE-2021-33852-4411dec3eca9ec1ccdcf332ed790a4a3.yaml
index ded623207a..d14bee63ab 100644
--- a/nuclei-templates/2021/CVE-2021-33852-4411dec3eca9ec1ccdcf332ed790a4a3.yaml
+++ b/nuclei-templates/2021/CVE-2021-33852-4411dec3eca9ec1ccdcf332ed790a4a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Duplicator <= 2.23 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-duplicator/"
     google-query: inurl:"/wp-content/plugins/post-duplicator/"
     shodan-query: 'vuln:CVE-2021-33852'
-  tags: cve,wordpress,wp-plugin,post-duplicator,medium
+  tags: cve,wordpress,wp-plugin,post-duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34619-febc39f061d4ea440e6c2d9bf3acdb4c.yaml b/nuclei-templates/2021/CVE-2021-34619-febc39f061d4ea440e6c2d9bf3acdb4c.yaml
index 45f1235766..633c0aa989 100644
--- a/nuclei-templates/2021/CVE-2021-34619-febc39f061d4ea440e6c2d9bf3acdb4c.yaml
+++ b/nuclei-templates/2021/CVE-2021-34619-febc39f061d4ea440e6c2d9bf3acdb4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Stock Manager <= 2.5.7 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-stock-manager/"
     google-query: inurl:"/wp-content/plugins/woocommerce-stock-manager/"
     shodan-query: 'vuln:CVE-2021-34619'
-  tags: cve,wordpress,wp-plugin,woocommerce-stock-manager,high
+  tags: cve,wordpress,wp-plugin,woocommerce-stock-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34625-f55c5d00698b3df2b8933d7fd6999c2a.yaml b/nuclei-templates/2021/CVE-2021-34625-f55c5d00698b3df2b8933d7fd6999c2a.yaml
index 2578b1fb0b..0d117f3fd9 100644
--- a/nuclei-templates/2021/CVE-2021-34625-f55c5d00698b3df2b8933d7fd6999c2a.yaml
+++ b/nuclei-templates/2021/CVE-2021-34625-f55c5d00698b3df2b8933d7fd6999c2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Upload Restriction <= 2.2.4 – Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Upload Restriction plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saveCustomType' function in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-upload-restriction/"
     google-query: inurl:"/wp-content/plugins/wp-upload-restriction/"
     shodan-query: 'vuln:CVE-2021-34625'
-  tags: cve,wordpress,wp-plugin,wp-upload-restriction,medium
+  tags: cve,wordpress,wp-plugin,wp-upload-restriction,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34626-5a577e1325bef2936221483c67cddb03.yaml b/nuclei-templates/2021/CVE-2021-34626-5a577e1325bef2936221483c67cddb03.yaml
index 9ba7601db1..4e75859e23 100644
--- a/nuclei-templates/2021/CVE-2021-34626-5a577e1325bef2936221483c67cddb03.yaml
+++ b/nuclei-templates/2021/CVE-2021-34626-5a577e1325bef2936221483c67cddb03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Upload Restriction <= 2.2.4 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Upload Restriction plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deleteCustomType function in versions up to, and including, 2.2.4. This makes it possible for authenticated attackers with minimal permissions to delete custom extensions that may have been added by site administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-upload-restriction/"
     google-query: inurl:"/wp-content/plugins/wp-upload-restriction/"
     shodan-query: 'vuln:CVE-2021-34626'
-  tags: cve,wordpress,wp-plugin,wp-upload-restriction,medium
+  tags: cve,wordpress,wp-plugin,wp-upload-restriction,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34627-451bef3a18327362fa560f933f5185ec.yaml b/nuclei-templates/2021/CVE-2021-34627-451bef3a18327362fa560f933f5185ec.yaml
index 6ec65c7939..49f4a56645 100644
--- a/nuclei-templates/2021/CVE-2021-34627-451bef3a18327362fa560f933f5185ec.yaml
+++ b/nuclei-templates/2021/CVE-2021-34627-451bef3a18327362fa560f933f5185ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Upload Restriction <= 2.2.4 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions up to 2.2.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-upload-restriction/"
     google-query: inurl:"/wp-content/plugins/wp-upload-restriction/"
     shodan-query: 'vuln:CVE-2021-34627'
-  tags: cve,wordpress,wp-plugin,wp-upload-restriction,medium
+  tags: cve,wordpress,wp-plugin,wp-upload-restriction,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34628-a3f7dace6308a168799f4b5efdcbf0fc.yaml b/nuclei-templates/2021/CVE-2021-34628-a3f7dace6308a168799f4b5efdcbf0fc.yaml
index 08846adfdd..962c95d840 100644
--- a/nuclei-templates/2021/CVE-2021-34628-a3f7dace6308a168799f4b5efdcbf0fc.yaml
+++ b/nuclei-templates/2021/CVE-2021-34628-a3f7dace6308a168799f4b5efdcbf0fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Custom Login <= 3.2.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-custom-login/"
     google-query: inurl:"/wp-content/plugins/admin-custom-login/"
     shodan-query: 'vuln:CVE-2021-34628'
-  tags: cve,wordpress,wp-plugin,admin-custom-login,high
+  tags: cve,wordpress,wp-plugin,admin-custom-login,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34629-526f9a50eb94365c6edf2a44fc6ceed7.yaml b/nuclei-templates/2021/CVE-2021-34629-526f9a50eb94365c6edf2a44fc6ceed7.yaml
index 0935d2618c..8171d1484d 100644
--- a/nuclei-templates/2021/CVE-2021-34629-526f9a50eb94365c6edf2a44fc6ceed7.yaml
+++ b/nuclei-templates/2021/CVE-2021-34629-526f9a50eb94365c6edf2a44fc6ceed7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SendGrid <= 1.11.8 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sendgrid-email-delivery-simplified/"
     google-query: inurl:"/wp-content/plugins/sendgrid-email-delivery-simplified/"
     shodan-query: 'vuln:CVE-2021-34629'
-  tags: cve,wordpress,wp-plugin,sendgrid-email-delivery-simplified,medium
+  tags: cve,wordpress,wp-plugin,sendgrid-email-delivery-simplified,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34631-90997fecd42d62efb670daec1cf651f8.yaml b/nuclei-templates/2021/CVE-2021-34631-90997fecd42d62efb670daec1cf651f8.yaml
index 38b0d5ceae..b2570840ed 100644
--- a/nuclei-templates/2021/CVE-2021-34631-90997fecd42d62efb670daec1cf651f8.yaml
+++ b/nuclei-templates/2021/CVE-2021-34631-90997fecd42d62efb670daec1cf651f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NewsPlugin <= 1.0.18 – Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsplugin/"
     google-query: inurl:"/wp-content/plugins/newsplugin/"
     shodan-query: 'vuln:CVE-2021-34631'
-  tags: cve,wordpress,wp-plugin,newsplugin,high
+  tags: cve,wordpress,wp-plugin,newsplugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34632-896998a582295bc584998dec0e35768b.yaml b/nuclei-templates/2021/CVE-2021-34632-896998a582295bc584998dec0e35768b.yaml
index 0bdc234a3f..31a816eeb8 100644
--- a/nuclei-templates/2021/CVE-2021-34632-896998a582295bc584998dec0e35768b.yaml
+++ b/nuclei-templates/2021/CVE-2021-34632-896998a582295bc584998dec0e35768b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Backlinks <= 4.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-backlinks/"
     google-query: inurl:"/wp-content/plugins/seo-backlinks/"
     shodan-query: 'vuln:CVE-2021-34632'
-  tags: cve,wordpress,wp-plugin,seo-backlinks,high
+  tags: cve,wordpress,wp-plugin,seo-backlinks,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34633-ba80b860d4e6bf99a76e42ede7281809.yaml b/nuclei-templates/2021/CVE-2021-34633-ba80b860d4e6bf99a76e42ede7281809.yaml
index 42fffbafa6..b77abea239 100644
--- a/nuclei-templates/2021/CVE-2021-34633-ba80b860d4e6bf99a76e42ede7281809.yaml
+++ b/nuclei-templates/2021/CVE-2021-34633-ba80b860d4e6bf99a76e42ede7281809.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Youtube Feeder <= 2.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-feeder/"
     google-query: inurl:"/wp-content/plugins/youtube-feeder/"
     shodan-query: 'vuln:CVE-2021-34633'
-  tags: cve,wordpress,wp-plugin,youtube-feeder,high
+  tags: cve,wordpress,wp-plugin,youtube-feeder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34634-6e0c27e6aa8bbd23ae1645c9db38ce34.yaml b/nuclei-templates/2021/CVE-2021-34634-6e0c27e6aa8bbd23ae1645c9db38ce34.yaml
index e06192618f..c28d5c836f 100644
--- a/nuclei-templates/2021/CVE-2021-34634-6e0c27e6aa8bbd23ae1645c9db38ce34.yaml
+++ b/nuclei-templates/2021/CVE-2021-34634-6e0c27e6aa8bbd23ae1645c9db38ce34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nifty Newsletters <= 4.0.23 – Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sola-newsletters/"
     google-query: inurl:"/wp-content/plugins/sola-newsletters/"
     shodan-query: 'vuln:CVE-2021-34634'
-  tags: cve,wordpress,wp-plugin,sola-newsletters,high
+  tags: cve,wordpress,wp-plugin,sola-newsletters,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34636-a267ad47aaacbda283b13d30d0de08e1.yaml b/nuclei-templates/2021/CVE-2021-34636-a267ad47aaacbda283b13d30d0de08e1.yaml
index edcdb4b616..84ef09d229 100644
--- a/nuclei-templates/2021/CVE-2021-34636-a267ad47aaacbda283b13d30d0de08e1.yaml
+++ b/nuclei-templates/2021/CVE-2021-34636-a267ad47aaacbda283b13d30d0de08e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Countdown and CountUp, WooCommerce Sales Timers <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/countdown-wpdevart-extended/"
     google-query: inurl:"/wp-content/plugins/countdown-wpdevart-extended/"
     shodan-query: 'vuln:CVE-2021-34636'
-  tags: cve,wordpress,wp-plugin,countdown-wpdevart-extended,high
+  tags: cve,wordpress,wp-plugin,countdown-wpdevart-extended,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34637-a197637cb7c671923c50bb35a3955a77.yaml b/nuclei-templates/2021/CVE-2021-34637-a197637cb7c671923c50bb35a3955a77.yaml
index df22a27072..03dd8dc15e 100644
--- a/nuclei-templates/2021/CVE-2021-34637-a197637cb7c671923c50bb35a3955a77.yaml
+++ b/nuclei-templates/2021/CVE-2021-34637-a197637cb7c671923c50bb35a3955a77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Index <= 0.7.5 Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-index/"
     google-query: inurl:"/wp-content/plugins/post-index/"
     shodan-query: 'vuln:CVE-2021-34637'
-  tags: cve,wordpress,wp-plugin,post-index,high
+  tags: cve,wordpress,wp-plugin,post-index,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34638-6aa900a875605d12f51c36a7aee68e0c.yaml b/nuclei-templates/2021/CVE-2021-34638-6aa900a875605d12f51c36a7aee68e0c.yaml
index 4681fa092d..ffc6f0bd10 100644
--- a/nuclei-templates/2021/CVE-2021-34638-6aa900a875605d12f51c36a7aee68e0c.yaml
+++ b/nuclei-templates/2021/CVE-2021-34638-6aa900a875605d12f51c36a7aee68e0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 3.1.24 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2021-34638'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34639-010922f26f33a94ab231b7f0fdab049f.yaml b/nuclei-templates/2021/CVE-2021-34639-010922f26f33a94ab231b7f0fdab049f.yaml
index 90cad2a17a..864c7d4dc8 100644
--- a/nuclei-templates/2021/CVE-2021-34639-010922f26f33a94ab231b7f0fdab049f.yaml
+++ b/nuclei-templates/2021/CVE-2021-34639-010922f26f33a94ab231b7f0fdab049f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 3.1.24 - Authenticated File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2021-34639'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34641-c6c1e0bf86c779c9f71689d63880acf1.yaml b/nuclei-templates/2021/CVE-2021-34641-c6c1e0bf86c779c9f71689d63880acf1.yaml
index 80857a7c89..28f38baa54 100644
--- a/nuclei-templates/2021/CVE-2021-34641-c6c1e0bf86c779c9f71689d63880acf1.yaml
+++ b/nuclei-templates/2021/CVE-2021-34641-c6c1e0bf86c779c9f71689d63880acf1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEOPress 5.0.0 - 5.0.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-seopress/"
     google-query: inurl:"/wp-content/plugins/wp-seopress/"
     shodan-query: 'vuln:CVE-2021-34641'
-  tags: cve,wordpress,wp-plugin,wp-seopress,medium
+  tags: cve,wordpress,wp-plugin,wp-seopress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34645-8bf5f589d084befe53d71ebadbbe38a9.yaml b/nuclei-templates/2021/CVE-2021-34645-8bf5f589d084befe53d71ebadbbe38a9.yaml
index 5669910418..46b2e2f199 100644
--- a/nuclei-templates/2021/CVE-2021-34645-8bf5f589d084befe53d71ebadbbe38a9.yaml
+++ b/nuclei-templates/2021/CVE-2021-34645-8bf5f589d084befe53d71ebadbbe38a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shopping Cart & eCommerce Store <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easycart/"
     google-query: inurl:"/wp-content/plugins/wp-easycart/"
     shodan-query: 'vuln:CVE-2021-34645'
-  tags: cve,wordpress,wp-plugin,wp-easycart,high
+  tags: cve,wordpress,wp-plugin,wp-easycart,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34668-d45b3048f23bdc5676881ea128b4fe4b.yaml b/nuclei-templates/2021/CVE-2021-34668-d45b3048f23bdc5676881ea128b4fe4b.yaml
index b15757088e..089112958c 100644
--- a/nuclei-templates/2021/CVE-2021-34668-d45b3048f23bdc5676881ea128b4fe4b.yaml
+++ b/nuclei-templates/2021/CVE-2021-34668-d45b3048f23bdc5676881ea128b4fe4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Real Media Library <= 4.14.1 - Authenticated (Author) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the ~/inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/real-media-library-lite/"
     google-query: inurl:"/wp-content/plugins/real-media-library-lite/"
     shodan-query: 'vuln:CVE-2021-34668'
-  tags: cve,wordpress,wp-plugin,real-media-library-lite,medium
+  tags: cve,wordpress,wp-plugin,real-media-library-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34675-8b8a23561a8628021b8646bf3571f1c0.yaml b/nuclei-templates/2021/CVE-2021-34675-8b8a23561a8628021b8646bf3571f1c0.yaml
index 3a2b19b8f6..a2053705bf 100644
--- a/nuclei-templates/2021/CVE-2021-34675-8b8a23561a8628021b8646bf3571f1c0.yaml
+++ b/nuclei-templates/2021/CVE-2021-34675-8b8a23561a8628021b8646bf3571f1c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX Forms <= 7.8.7 - Authentication Bypass for PDF Reports
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms/"
     google-query: inurl:"/wp-content/plugins/nex-forms/"
     shodan-query: 'vuln:CVE-2021-34675'
-  tags: cve,wordpress,wp-plugin,nex-forms,high
+  tags: cve,wordpress,wp-plugin,nex-forms,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-34676-bb95d05f96d844686568bca3576c4dd9.yaml b/nuclei-templates/2021/CVE-2021-34676-bb95d05f96d844686568bca3576c4dd9.yaml
index 8bb4c963d4..e9c97a44ed 100644
--- a/nuclei-templates/2021/CVE-2021-34676-bb95d05f96d844686568bca3576c4dd9.yaml
+++ b/nuclei-templates/2021/CVE-2021-34676-bb95d05f96d844686568bca3576c4dd9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms <= 7.8.7 Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2021-34676'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36823-958209cd1cdd4ea5cb260b87d6b618da.yaml b/nuclei-templates/2021/CVE-2021-36823-958209cd1cdd4ea5cb260b87d6b618da.yaml
index cfb1f5ea3d..7cb354a713 100644
--- a/nuclei-templates/2021/CVE-2021-36823-958209cd1cdd4ea5cb260b87d6b618da.yaml
+++ b/nuclei-templates/2021/CVE-2021-36823-958209cd1cdd4ea5cb260b87d6b618da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Absolutely Glamorous Custom Admin <= 6.8 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ag-custom-admin/"
     google-query: inurl:"/wp-content/plugins/ag-custom-admin/"
     shodan-query: 'vuln:CVE-2021-36823'
-  tags: cve,wordpress,wp-plugin,ag-custom-admin,medium
+  tags: cve,wordpress,wp-plugin,ag-custom-admin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36826-8a54587701c521af8ba2b5105bfe686a.yaml b/nuclei-templates/2021/CVE-2021-36826-8a54587701c521af8ba2b5105bfe686a.yaml
index b106c2fbe1..9bdeb18f60 100644
--- a/nuclei-templates/2021/CVE-2021-36826-8a54587701c521af8ba2b5105bfe686a.yaml
+++ b/nuclei-templates/2021/CVE-2021-36826-8a54587701c521af8ba2b5105bfe686a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Project Manager <= 2.4.13 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible for Subscriber-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wedevs-project-manager/"
     google-query: inurl:"/wp-content/plugins/wedevs-project-manager/"
     shodan-query: 'vuln:CVE-2021-36826'
-  tags: cve,wordpress,wp-plugin,wedevs-project-manager,medium
+  tags: cve,wordpress,wp-plugin,wedevs-project-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36827-707e5bb3cb201f78de35f00133c00922.yaml b/nuclei-templates/2021/CVE-2021-36827-707e5bb3cb201f78de35f00133c00922.yaml
index 6d59d23193..be74abd394 100644
--- a/nuclei-templates/2021/CVE-2021-36827-707e5bb3cb201f78de35f00133c00922.yaml
+++ b/nuclei-templates/2021/CVE-2021-36827-707e5bb3cb201f78de35f00133c00922.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 3.6.9 - Authenticated (Admin+) Cross-Site Scripting via label
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ninja Forms Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'label' parameter in versions up to, and including, 3.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2021-36827'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36828-aab671eab1f3a35319bc119c20a62b84.yaml b/nuclei-templates/2021/CVE-2021-36828-aab671eab1f3a35319bc119c20a62b84.yaml
index ce41939d3e..fe52714153 100644
--- a/nuclei-templates/2021/CVE-2021-36828-aab671eab1f3a35319bc119c20a62b84.yaml
+++ b/nuclei-templates/2021/CVE-2021-36828-aab671eab1f3a35319bc119c20a62b84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Maintenance <= 6.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-maintenance/"
     google-query: inurl:"/wp-content/plugins/wp-maintenance/"
     shodan-query: 'vuln:CVE-2021-36828'
-  tags: cve,wordpress,wp-plugin,wp-maintenance,medium
+  tags: cve,wordpress,wp-plugin,wp-maintenance,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36829-992cb2db66581f66b70df8df6297f14c.yaml b/nuclei-templates/2021/CVE-2021-36829-992cb2db66581f66b70df8df6297f14c.yaml
index 09f01d754d..532fe46fa6 100644
--- a/nuclei-templates/2021/CVE-2021-36829-992cb2db66581f66b70df8df6297f14c.yaml
+++ b/nuclei-templates/2021/CVE-2021-36829-992cb2db66581f66b70df8df6297f14c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Launcher: Coming Soon & Maintenance Mode <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Launcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/launcher/"
     google-query: inurl:"/wp-content/plugins/launcher/"
     shodan-query: 'vuln:CVE-2021-36829'
-  tags: cve,wordpress,wp-plugin,launcher,medium
+  tags: cve,wordpress,wp-plugin,launcher,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36830-8a14e10c4e61da2c2574a977cb4dd78d.yaml b/nuclei-templates/2021/CVE-2021-36830-8a14e10c4e61da2c2574a977cb4dd78d.yaml
index 0d5b66835f..d5e24a95c0 100644
--- a/nuclei-templates/2021/CVE-2021-36830-8a14e10c4e61da2c2574a977cb4dd78d.yaml
+++ b/nuclei-templates/2021/CVE-2021-36830-8a14e10c4e61da2c2574a977cb4dd78d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comment Guestbook <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Comment Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comment-guestbook/"
     google-query: inurl:"/wp-content/plugins/comment-guestbook/"
     shodan-query: 'vuln:CVE-2021-36830'
-  tags: cve,wordpress,wp-plugin,comment-guestbook,medium
+  tags: cve,wordpress,wp-plugin,comment-guestbook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36832-de418588fa621f09a7aaad7d1520c591.yaml b/nuclei-templates/2021/CVE-2021-36832-de418588fa621f09a7aaad7d1520c591.yaml
index b81505d436..a44c44f2ed 100644
--- a/nuclei-templates/2021/CVE-2021-36832-de418588fa621f09a7aaad7d1520c591.yaml
+++ b/nuclei-templates/2021/CVE-2021-36832-de418588fa621f09a7aaad7d1520c591.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram <= 2.0.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icegram/"
     google-query: inurl:"/wp-content/plugins/icegram/"
     shodan-query: 'vuln:CVE-2021-36832'
-  tags: cve,wordpress,wp-plugin,icegram,medium
+  tags: cve,wordpress,wp-plugin,icegram,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36833-d08e992a9c86b0410a9dd2a576aeae42.yaml b/nuclei-templates/2021/CVE-2021-36833-d08e992a9c86b0410a9dd2a576aeae42.yaml
index 0341bb2a2b..b89604ef67 100644
--- a/nuclei-templates/2021/CVE-2021-36833-d08e992a9c86b0410a9dd2a576aeae42.yaml
+++ b/nuclei-templates/2021/CVE-2021-36833-d08e992a9c86b0410a9dd2a576aeae42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MC4WP: Mailchimp for WordPress <= 4.8.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 4.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-for-wp/"
     google-query: inurl:"/wp-content/plugins/mailchimp-for-wp/"
     shodan-query: 'vuln:CVE-2021-36833'
-  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36839-99651f4102212266ab89ea9f71ca952d.yaml b/nuclei-templates/2021/CVE-2021-36839-99651f4102212266ab89ea9f71ca952d.yaml
index d725dfbcd1..fa98cb06ad 100644
--- a/nuclei-templates/2021/CVE-2021-36839-99651f4102212266ab89ea9f71ca952d.yaml
+++ b/nuclei-templates/2021/CVE-2021-36839-99651f4102212266ab89ea9f71ca952d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Follow Buttons Bar <= 4.73 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Media Follow Buttons Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter among others in versions up to, and including, 4.73 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-media-buttons-toolbar/"
     google-query: inurl:"/wp-content/plugins/social-media-buttons-toolbar/"
     shodan-query: 'vuln:CVE-2021-36839'
-  tags: cve,wordpress,wp-plugin,social-media-buttons-toolbar,medium
+  tags: cve,wordpress,wp-plugin,social-media-buttons-toolbar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36841-9e36292a7ac47d63600972695d9e0b66.yaml b/nuclei-templates/2021/CVE-2021-36841-9e36292a7ac47d63600972695d9e0b66.yaml
index 26fa280c07..14a2b6638b 100644
--- a/nuclei-templates/2021/CVE-2021-36841-9e36292a7ac47d63600972695d9e0b66.yaml
+++ b/nuclei-templates/2021/CVE-2021-36841-9e36292a7ac47d63600972695d9e0b66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH Maintenance Mode <= 1.3.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/yith-maintenance-mode/"
     shodan-query: 'vuln:CVE-2021-36841'
-  tags: cve,wordpress,wp-plugin,yith-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,yith-maintenance-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36843-3b1c84fb06bbfd928bb6bd8a2dc656bc.yaml b/nuclei-templates/2021/CVE-2021-36843-3b1c84fb06bbfd928bb6bd8a2dc656bc.yaml
index 33aa4ed066..f5f69562ce 100644
--- a/nuclei-templates/2021/CVE-2021-36843-3b1c84fb06bbfd928bb6bd8a2dc656bc.yaml
+++ b/nuclei-templates/2021/CVE-2021-36843-3b1c84fb06bbfd928bb6bd8a2dc656bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Flying Icons | Floating Social Media Icon <= 4.3.5 -  Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Media Flying Icons | Floating Social Media Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/floating-social-media-icon/"
     google-query: inurl:"/wp-content/plugins/floating-social-media-icon/"
     shodan-query: 'vuln:CVE-2021-36843'
-  tags: cve,wordpress,wp-plugin,floating-social-media-icon,medium
+  tags: cve,wordpress,wp-plugin,floating-social-media-icon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36844-a4b9301f609713ae947856e0a785959d.yaml b/nuclei-templates/2021/CVE-2021-36844-a4b9301f609713ae947856e0a785959d.yaml
index f6130ce2b3..b537791298 100644
--- a/nuclei-templates/2021/CVE-2021-36844-a4b9301f609713ae947856e0a785959d.yaml
+++ b/nuclei-templates/2021/CVE-2021-36844-a4b9301f609713ae947856e0a785959d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Subscribe <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WP Subscribe versions up to 1.2.12 is vulnerable to Cross-Site Scripting. This allows authenticated attackers to inject JavaScript into the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-subscribe/"
     google-query: inurl:"/wp-content/plugins/wp-subscribe/"
     shodan-query: 'vuln:CVE-2021-36844'
-  tags: cve,wordpress,wp-plugin,wp-subscribe,medium
+  tags: cve,wordpress,wp-plugin,wp-subscribe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36845-c63c09dfe0443988600f74c6f35feaf4.yaml b/nuclei-templates/2021/CVE-2021-36845-c63c09dfe0443988600f74c6f35feaf4.yaml
index ab68e98ec5..52bc83903d 100644
--- a/nuclei-templates/2021/CVE-2021-36845-c63c09dfe0443988600f74c6f35feaf4.yaml
+++ b/nuclei-templates/2021/CVE-2021-36845-c63c09dfe0443988600f74c6f35feaf4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH Maintenance Mode <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered while admin visits this page/tab. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/yith-maintenance-mode/"
     shodan-query: 'vuln:CVE-2021-36845'
-  tags: cve,wordpress,wp-plugin,yith-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,yith-maintenance-mode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36846-07056c447bdab5ad6a1bdd36170bd91a.yaml b/nuclei-templates/2021/CVE-2021-36846-07056c447bdab5ad6a1bdd36170bd91a.yaml
index ea428cd492..1d93ab940b 100644
--- a/nuclei-templates/2021/CVE-2021-36846-07056c447bdab5ad6a1bdd36170bd91a.yaml
+++ b/nuclei-templates/2021/CVE-2021-36846-07056c447bdab5ad6a1bdd36170bd91a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button – Chaty <= 2.8.3 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chaty/"
     google-query: inurl:"/wp-content/plugins/chaty/"
     shodan-query: 'vuln:CVE-2021-36846'
-  tags: cve,wordpress,wp-plugin,chaty,medium
+  tags: cve,wordpress,wp-plugin,chaty,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36847-852d49969bf0838b042595dfd6400dc8.yaml b/nuclei-templates/2021/CVE-2021-36847-852d49969bf0838b042595dfd6400dc8.yaml
index d70e16149d..108482c99b 100644
--- a/nuclei-templates/2021/CVE-2021-36847-852d49969bf0838b042595dfd6400dc8.yaml
+++ b/nuclei-templates/2021/CVE-2021-36847-852d49969bf0838b042595dfd6400dc8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Webba Booking <= 4.2.21 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Webba Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.2.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webba-booking-lite/"
     google-query: inurl:"/wp-content/plugins/webba-booking-lite/"
     shodan-query: 'vuln:CVE-2021-36847'
-  tags: cve,wordpress,wp-plugin,webba-booking-lite,medium
+  tags: cve,wordpress,wp-plugin,webba-booking-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36848-1588d8e6d7413910cf24de603f48ae6c.yaml b/nuclei-templates/2021/CVE-2021-36848-1588d8e6d7413910cf24de603f48ae6c.yaml
index b6499f9d9d..f1e9b34d5c 100644
--- a/nuclei-templates/2021/CVE-2021-36848-1588d8e6d7413910cf24de603f48ae6c.yaml
+++ b/nuclei-templates/2021/CVE-2021-36848-1588d8e6d7413910cf24de603f48ae6c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Feather <= 2.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-media-feather/"
     google-query: inurl:"/wp-content/plugins/social-media-feather/"
     shodan-query: 'vuln:CVE-2021-36848'
-  tags: cve,wordpress,wp-plugin,social-media-feather,medium
+  tags: cve,wordpress,wp-plugin,social-media-feather,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36849-7512032bfe4cd740c20bf708ea302987.yaml b/nuclei-templates/2021/CVE-2021-36849-7512032bfe4cd740c20bf708ea302987.yaml
index 120ff517ea..0371e533c7 100644
--- a/nuclei-templates/2021/CVE-2021-36849-7512032bfe4cd740c20bf708ea302987.yaml
+++ b/nuclei-templates/2021/CVE-2021-36849-7512032bfe4cd740c20bf708ea302987.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Share Buttons <= 3.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mashsharer/"
     google-query: inurl:"/wp-content/plugins/mashsharer/"
     shodan-query: 'vuln:CVE-2021-36849'
-  tags: cve,wordpress,wp-plugin,mashsharer,medium
+  tags: cve,wordpress,wp-plugin,mashsharer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36850-e76a25dd6d02a9976e1a45024d852c58.yaml b/nuclei-templates/2021/CVE-2021-36850-e76a25dd6d02a9976e1a45024d852c58.yaml
index 5150e5ed16..06cbf1872f 100644
--- a/nuclei-templates/2021/CVE-2021-36850-e76a25dd6d02a9976e1a45024d852c58.yaml
+++ b/nuclei-templates/2021/CVE-2021-36850-e76a25dd6d02a9976e1a45024d852c58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media File Renamer – Auto & Manual Rename <= 5.2.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.2.5). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-file-renamer/"
     google-query: inurl:"/wp-content/plugins/media-file-renamer/"
     shodan-query: 'vuln:CVE-2021-36850'
-  tags: cve,wordpress,wp-plugin,media-file-renamer,high
+  tags: cve,wordpress,wp-plugin,media-file-renamer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36851-098a7c1e7e4a3294c0b3e783c9234d81.yaml b/nuclei-templates/2021/CVE-2021-36851-098a7c1e7e4a3294c0b3e783c9234d81.yaml
index 45fae0e0e8..4ead674a7e 100644
--- a/nuclei-templates/2021/CVE-2021-36851-098a7c1e7e4a3294c0b3e783c9234d81.yaml
+++ b/nuclei-templates/2021/CVE-2021-36851-098a7c1e7e4a3294c0b3e783c9234d81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonials Slider <= 3.5.8.3 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-add/"
     google-query: inurl:"/wp-content/plugins/testimonial-add/"
     shodan-query: 'vuln:CVE-2021-36851'
-  tags: cve,wordpress,wp-plugin,testimonial-add,medium
+  tags: cve,wordpress,wp-plugin,testimonial-add,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36852-1ca57b94b0c3924da7aeb6a7b470fb34.yaml b/nuclei-templates/2021/CVE-2021-36852-1ca57b94b0c3924da7aeb6a7b470fb34.yaml
index 7f71334c6e..8f83d39d84 100644
--- a/nuclei-templates/2021/CVE-2021-36852-1ca57b94b0c3924da7aeb6a7b470fb34.yaml
+++ b/nuclei-templates/2021/CVE-2021-36852-1ca57b94b0c3924da7aeb6a7b470fb34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Hotel Booking <= 1.10.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.5 due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to trigger actions via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-hotel-booking/"
     google-query: inurl:"/wp-content/plugins/wp-hotel-booking/"
     shodan-query: 'vuln:CVE-2021-36852'
-  tags: cve,wordpress,wp-plugin,wp-hotel-booking,high
+  tags: cve,wordpress,wp-plugin,wp-hotel-booking,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36854-5b1c2add49d2a47b01ab11a65c17a099.yaml b/nuclei-templates/2021/CVE-2021-36854-5b1c2add49d2a47b01ab11a65c17a099.yaml
index 5f17a252b8..15dfd3a03e 100644
--- a/nuclei-templates/2021/CVE-2021-36854-5b1c2add49d2a47b01ab11a65c17a099.yaml
+++ b/nuclei-templates/2021/CVE-2021-36854-5b1c2add49d2a47b01ab11a65c17a099.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booking Ultra Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on most AJAX actions. This makes it possible for unauthenticated attackers to inject malicious JavaScript, obtain information about staff users, change opening times and more, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-ultra-pro/"
     google-query: inurl:"/wp-content/plugins/booking-ultra-pro/"
     shodan-query: 'vuln:CVE-2021-36854'
-  tags: cve,wordpress,wp-plugin,booking-ultra-pro,high
+  tags: cve,wordpress,wp-plugin,booking-ultra-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36854-770cacdb7e6dbbed594d0162d09eaa1e.yaml b/nuclei-templates/2021/CVE-2021-36854-770cacdb7e6dbbed594d0162d09eaa1e.yaml
index ca4a6c2e82..5315d3347a 100644
--- a/nuclei-templates/2021/CVE-2021-36854-770cacdb7e6dbbed594d0162d09eaa1e.yaml
+++ b/nuclei-templates/2021/CVE-2021-36854-770cacdb7e6dbbed594d0162d09eaa1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Ultra Pro <= 1.1.8 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booking Ultra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This can also be exploited via CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-ultra-pro/"
     google-query: inurl:"/wp-content/plugins/booking-ultra-pro/"
     shodan-query: 'vuln:CVE-2021-36854'
-  tags: cve,wordpress,wp-plugin,booking-ultra-pro,medium
+  tags: cve,wordpress,wp-plugin,booking-ultra-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36855-a730585b1aab8262e7f092340f9d0036.yaml b/nuclei-templates/2021/CVE-2021-36855-a730585b1aab8262e7f092340f9d0036.yaml
index 84c8f78c00..57ab824bcf 100644
--- a/nuclei-templates/2021/CVE-2021-36855-a730585b1aab8262e7f092340f9d0036.yaml
+++ b/nuclei-templates/2021/CVE-2021-36855-a730585b1aab8262e7f092340f9d0036.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booking Ultra Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on most AJAX actions. This makes it possible for unauthenticated attackers to inject malicious JavaScript, obtain information about staff users, change opening times and more, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-ultra-pro/"
     google-query: inurl:"/wp-content/plugins/booking-ultra-pro/"
     shodan-query: 'vuln:CVE-2021-36855'
-  tags: cve,wordpress,wp-plugin,booking-ultra-pro,high
+  tags: cve,wordpress,wp-plugin,booking-ultra-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36857-ebb1ebcf4f2c8c10213c00b9f2126830.yaml b/nuclei-templates/2021/CVE-2021-36857-ebb1ebcf4f2c8c10213c00b9f2126830.yaml
index 74ea7fdd4f..181cb75723 100644
--- a/nuclei-templates/2021/CVE-2021-36857-ebb1ebcf4f2c8c10213c00b9f2126830.yaml
+++ b/nuclei-templates/2021/CVE-2021-36857-ebb1ebcf4f2c8c10213c00b9f2126830.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial Builder <= 1.6.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Testimonial Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockip’ parameter in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-builder/"
     google-query: inurl:"/wp-content/plugins/testimonial-builder/"
     shodan-query: 'vuln:CVE-2021-36857'
-  tags: cve,wordpress,wp-plugin,testimonial-builder,medium
+  tags: cve,wordpress,wp-plugin,testimonial-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36858-f27a4c95db01a4a56d77711f77220046.yaml b/nuclei-templates/2021/CVE-2021-36858-f27a4c95db01a4a56d77711f77220046.yaml
index e2d8aa1a12..b8bb07f415 100644
--- a/nuclei-templates/2021/CVE-2021-36858-f27a4c95db01a4a56d77711f77220046.yaml
+++ b/nuclei-templates/2021/CVE-2021-36858-f27a4c95db01a4a56d77711f77220046.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonials <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-testimonial/"
     google-query: inurl:"/wp-content/plugins/super-testimonial/"
     shodan-query: 'vuln:CVE-2021-36858'
-  tags: cve,wordpress,wp-plugin,super-testimonial,medium
+  tags: cve,wordpress,wp-plugin,super-testimonial,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36861-d096551cc11e027298b83171a2a3683a.yaml b/nuclei-templates/2021/CVE-2021-36861-d096551cc11e027298b83171a2a3683a.yaml
index dad8455bd6..47a81d5fcb 100644
--- a/nuclei-templates/2021/CVE-2021-36861-d096551cc11e027298b83171a2a3683a.yaml
+++ b/nuclei-templates/2021/CVE-2021-36861-d096551cc11e027298b83171a2a3683a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rich Reviews by Starfish <= 1.9.14 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Rich Reviews by Starfish plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.14. This is due to missing nonce validation on the process_bulk_action() function. This makes it possible for unauthenticated attackers to bulk process reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rich-reviews/"
     google-query: inurl:"/wp-content/plugins/rich-reviews/"
     shodan-query: 'vuln:CVE-2021-36861'
-  tags: cve,wordpress,wp-plugin,rich-reviews,high
+  tags: cve,wordpress,wp-plugin,rich-reviews,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36863-ce3f05ae5116fef07efba37ae58297b9.yaml b/nuclei-templates/2021/CVE-2021-36863-ce3f05ae5116fef07efba37ae58297b9.yaml
index 27c0633b3d..ec6a9daf6d 100644
--- a/nuclei-templates/2021/CVE-2021-36863-ce3f05ae5116fef07efba37ae58297b9.yaml
+++ b/nuclei-templates/2021/CVE-2021-36863-ce3f05ae5116fef07efba37ae58297b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 7.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quiz And Survey Master plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 7.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2021-36863'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36866-e4f1d5f5dc814ad4d0bdfba0ea143852.yaml b/nuclei-templates/2021/CVE-2021-36866-e4f1d5f5dc814ad4d0bdfba0ea143852.yaml
index 666f287c7d..1fc59bdcb4 100644
--- a/nuclei-templates/2021/CVE-2021-36866-e4f1d5f5dc814ad4d0bdfba0ea143852.yaml
+++ b/nuclei-templates/2021/CVE-2021-36866-e4f1d5f5dc814ad4d0bdfba0ea143852.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Pricing Tables  <= 3.1.2 - Author+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-pricing-tables/"
     google-query: inurl:"/wp-content/plugins/easy-pricing-tables/"
     shodan-query: 'vuln:CVE-2021-36866'
-  tags: cve,wordpress,wp-plugin,easy-pricing-tables,medium
+  tags: cve,wordpress,wp-plugin,easy-pricing-tables,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36867-23d65a0c7f78efb0a00d9004db77bb73.yaml b/nuclei-templates/2021/CVE-2021-36867-23d65a0c7f78efb0a00d9004db77bb73.yaml
index 94c3120b55..8852ed3a0f 100644
--- a/nuclei-templates/2021/CVE-2021-36867-23d65a0c7f78efb0a00d9004db77bb73.yaml
+++ b/nuclei-templates/2021/CVE-2021-36867-23d65a0c7f78efb0a00d9004db77bb73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Psychological tests & quizzes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.21.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-testing/"
     google-query: inurl:"/wp-content/plugins/wp-testing/"
     shodan-query: 'vuln:CVE-2021-36867'
-  tags: cve,wordpress,wp-plugin,wp-testing,medium
+  tags: cve,wordpress,wp-plugin,wp-testing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36870-69aedfc905a5a0f0e668841416c424fd.yaml b/nuclei-templates/2021/CVE-2021-36870-69aedfc905a5a0f0e668841416c424fd.yaml
index 7b028630a9..c4f845f10c 100644
--- a/nuclei-templates/2021/CVE-2021-36870-69aedfc905a5a0f0e668841416c424fd.yaml
+++ b/nuclei-templates/2021/CVE-2021-36870-69aedfc905a5a0f0e668841416c424fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Maps <= 8.1.12 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-maps/"
     google-query: inurl:"/wp-content/plugins/wp-google-maps/"
     shodan-query: 'vuln:CVE-2021-36870'
-  tags: cve,wordpress,wp-plugin,wp-google-maps,medium
+  tags: cve,wordpress,wp-plugin,wp-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36871-622602817799a1869bfcc5c18c23392a.yaml b/nuclei-templates/2021/CVE-2021-36871-622602817799a1869bfcc5c18c23392a.yaml
index 972b00e192..aa50b4f0a9 100644
--- a/nuclei-templates/2021/CVE-2021-36871-622602817799a1869bfcc5c18c23392a.yaml
+++ b/nuclei-templates/2021/CVE-2021-36871-622602817799a1869bfcc5c18c23392a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Maps Pro <= 8.1.11 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-maps-pro/"
     google-query: inurl:"/wp-content/plugins/wp-google-maps-pro/"
     shodan-query: 'vuln:CVE-2021-36871'
-  tags: cve,wordpress,wp-plugin,wp-google-maps-pro,medium
+  tags: cve,wordpress,wp-plugin,wp-google-maps-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36872-05a7a0498d570dab847e4a9ab6951cdd.yaml b/nuclei-templates/2021/CVE-2021-36872-05a7a0498d570dab847e4a9ab6951cdd.yaml
index 8f59f8caeb..b16b9eae80 100644
--- a/nuclei-templates/2021/CVE-2021-36872-05a7a0498d570dab847e4a9ab6951cdd.yaml
+++ b/nuclei-templates/2021/CVE-2021-36872-05a7a0498d570dab847e4a9ab6951cdd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Popular Posts <= 5.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-popular-posts/"
     google-query: inurl:"/wp-content/plugins/wordpress-popular-posts/"
     shodan-query: 'vuln:CVE-2021-36872'
-  tags: cve,wordpress,wp-plugin,wordpress-popular-posts,medium
+  tags: cve,wordpress,wp-plugin,wordpress-popular-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36873-13327063860a0ee0e2e86f1e87898320.yaml b/nuclei-templates/2021/CVE-2021-36873-13327063860a0ee0e2e86f1e87898320.yaml
index f3c76a400f..f27d3ba4af 100644
--- a/nuclei-templates/2021/CVE-2021-36873-13327063860a0ee0e2e86f1e87898320.yaml
+++ b/nuclei-templates/2021/CVE-2021-36873-13327063860a0ee0e2e86f1e87898320.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress iQ Block Country <= 1.2.11 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iq-block-country/"
     google-query: inurl:"/wp-content/plugins/iq-block-country/"
     shodan-query: 'vuln:CVE-2021-36873'
-  tags: cve,wordpress,wp-plugin,iq-block-country,medium
+  tags: cve,wordpress,wp-plugin,iq-block-country,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36874-992243a3e82e516c6ec6b7febbf82953.yaml b/nuclei-templates/2021/CVE-2021-36874-992243a3e82e516c6ec6b7febbf82953.yaml
index 791d37595a..7e1e11acd8 100644
--- a/nuclei-templates/2021/CVE-2021-36874-992243a3e82e516c6ec6b7febbf82953.yaml
+++ b/nuclei-templates/2021/CVE-2021-36874-992243a3e82e516c6ec6b7febbf82953.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR)
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ulisting/"
     google-query: inurl:"/wp-content/plugins/ulisting/"
     shodan-query: 'vuln:CVE-2021-36874'
-  tags: cve,wordpress,wp-plugin,ulisting,high
+  tags: cve,wordpress,wp-plugin,ulisting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36884-62786f2608f27a539a0474c4d2ebfa59.yaml b/nuclei-templates/2021/CVE-2021-36884-62786f2608f27a539a0474c4d2ebfa59.yaml
index 2dc579ff54..af43405236 100644
--- a/nuclei-templates/2021/CVE-2021-36884-62786f2608f27a539a0474c4d2ebfa59.yaml
+++ b/nuclei-templates/2021/CVE-2021-36884-62786f2608f27a539a0474c4d2ebfa59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup Migration <= 1.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup-backup/"
     google-query: inurl:"/wp-content/plugins/backup-backup/"
     shodan-query: 'vuln:CVE-2021-36884'
-  tags: cve,wordpress,wp-plugin,backup-backup,medium
+  tags: cve,wordpress,wp-plugin,backup-backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36885-a479da98606812ed965dd3889c1983c1.yaml b/nuclei-templates/2021/CVE-2021-36885-a479da98606812ed965dd3889c1983c1.yaml
index 31b12ec14b..2be3c172a8 100644
--- a/nuclei-templates/2021/CVE-2021-36885-a479da98606812ed965dd3889c1983c1.yaml
+++ b/nuclei-templates/2021/CVE-2021-36885-a479da98606812ed965dd3889c1983c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form 7 Database Addon – CFDB7 <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-cfdb7/"
     google-query: inurl:"/wp-content/plugins/contact-form-cfdb7/"
     shodan-query: 'vuln:CVE-2021-36885'
-  tags: cve,wordpress,wp-plugin,contact-form-cfdb7,medium
+  tags: cve,wordpress,wp-plugin,contact-form-cfdb7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36887-7493b4e361e65fc33d302e9a8676eef5.yaml b/nuclei-templates/2021/CVE-2021-36887-7493b4e361e65fc33d302e9a8676eef5.yaml
index 746f1fad29..fb5c46682a 100644
--- a/nuclei-templates/2021/CVE-2021-36887-7493b4e361e65fc33d302e9a8676eef5.yaml
+++ b/nuclei-templates/2021/CVE-2021-36887-7493b4e361e65fc33d302e9a8676eef5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     tarteaucitron.js – Cookies legislation & GDPR <= 1.5.4 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass".
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tarteaucitronjs/"
     google-query: inurl:"/wp-content/plugins/tarteaucitronjs/"
     shodan-query: 'vuln:CVE-2021-36887'
-  tags: cve,wordpress,wp-plugin,tarteaucitronjs,high
+  tags: cve,wordpress,wp-plugin,tarteaucitronjs,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36889-cdde9db33caece636f624a4e888cbf55.yaml b/nuclei-templates/2021/CVE-2021-36889-cdde9db33caece636f624a4e888cbf55.yaml
index 0cebe3f25a..81a2f19efc 100644
--- a/nuclei-templates/2021/CVE-2021-36889-cdde9db33caece636f624a4e888cbf55.yaml
+++ b/nuclei-templates/2021/CVE-2021-36889-cdde9db33caece636f624a4e888cbf55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) <= 1.6 - Cross-Site Scripting
   author: topscoder
-  severity: low
+  severity: high
   description: >
     Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tarteaucitronjs/"
     google-query: inurl:"/wp-content/plugins/tarteaucitronjs/"
     shodan-query: 'vuln:CVE-2021-36889'
-  tags: cve,wordpress,wp-plugin,tarteaucitronjs,low
+  tags: cve,wordpress,wp-plugin,tarteaucitronjs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36893-7cfb9c8a38b02b5d1f8df2ea212c2f3b.yaml b/nuclei-templates/2021/CVE-2021-36893-7cfb9c8a38b02b5d1f8df2ea212c2f3b.yaml
index 08771e772b..654e5288d3 100644
--- a/nuclei-templates/2021/CVE-2021-36893-7cfb9c8a38b02b5d1f8df2ea212c2f3b.yaml
+++ b/nuclei-templates/2021/CVE-2021-36893-7cfb9c8a38b02b5d1f8df2ea212c2f3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Tabs <= 4.0.5 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-tabs/"
     google-query: inurl:"/wp-content/plugins/responsive-tabs/"
     shodan-query: 'vuln:CVE-2021-36893'
-  tags: cve,wordpress,wp-plugin,responsive-tabs,medium
+  tags: cve,wordpress,wp-plugin,responsive-tabs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36896-a5038f440967c1bd1e883ce46373e9e5.yaml b/nuclei-templates/2021/CVE-2021-36896-a5038f440967c1bd1e883ce46373e9e5.yaml
index 389781c4d3..5643ac3cc5 100644
--- a/nuclei-templates/2021/CVE-2021-36896-a5038f440967c1bd1e883ce46373e9e5.yaml
+++ b/nuclei-templates/2021/CVE-2021-36896-a5038f440967c1bd1e883ce46373e9e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pricing Table <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pricing-table/"
     google-query: inurl:"/wp-content/plugins/pricing-table/"
     shodan-query: 'vuln:CVE-2021-36896'
-  tags: cve,wordpress,wp-plugin,pricing-table,medium
+  tags: cve,wordpress,wp-plugin,pricing-table,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36898-4023135654a032018b1b7ca568ed38d7.yaml b/nuclei-templates/2021/CVE-2021-36898-4023135654a032018b1b7ca568ed38d7.yaml
index db7fdf0098..ec9c5201c9 100644
--- a/nuclei-templates/2021/CVE-2021-36898-4023135654a032018b1b7ca568ed38d7.yaml
+++ b/nuclei-templates/2021/CVE-2021-36898-4023135654a032018b1b7ca568ed38d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 7.3.4 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Quiz And Survey Master plugin for WordPress is vulnerable to SQL Injection via several parameters in versions up to, and including, 7.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with high-level privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2021-36898'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,high
+  tags: cve,wordpress,wp-plugin,quiz-master-next,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36905-ecadda5bda84d8a0b69e1131abec5fcf.yaml b/nuclei-templates/2021/CVE-2021-36905-ecadda5bda84d8a0b69e1131abec5fcf.yaml
index 48a819ab90..00a176f4ee 100644
--- a/nuclei-templates/2021/CVE-2021-36905-ecadda5bda84d8a0b69e1131abec5fcf.yaml
+++ b/nuclei-templates/2021/CVE-2021-36905-ecadda5bda84d8a0b69e1131abec5fcf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 7.3.4 - Multiple Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quiz And Survey Master plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 7.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2021-36905'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36908-1ac9ed75dda676d9de3cd3380fd4d32a.yaml b/nuclei-templates/2021/CVE-2021-36908-1ac9ed75dda676d9de3cd3380fd4d32a.yaml
index 9e6b18c085..a7ccc7be03 100644
--- a/nuclei-templates/2021/CVE-2021-36908-1ac9ed75dda676d9de3cd3380fd4d32a.yaml
+++ b/nuclei-templates/2021/CVE-2021-36908-1ac9ed75dda676d9de3cd3380fd4d32a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Reset PRO 5.00-5.98 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows attackers to trick authenticated into making unintentional database reset.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-reset/"
     google-query: inurl:"/wp-content/plugins/wp-reset/"
     shodan-query: 'vuln:CVE-2021-36908'
-  tags: cve,wordpress,wp-plugin,wp-reset,high
+  tags: cve,wordpress,wp-plugin,wp-reset,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36910-e587e1665fb732b10014cf1110ac13b4.yaml b/nuclei-templates/2021/CVE-2021-36910-e587e1665fb732b10014cf1110ac13b4.yaml
index c19b8bac97..daa781ca93 100644
--- a/nuclei-templates/2021/CVE-2021-36910-e587e1665fb732b10014cf1110ac13b4.yaml
+++ b/nuclei-templates/2021/CVE-2021-36910-e587e1665fb732b10014cf1110ac13b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Appbox <= 4.3.20 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-appbox/"
     google-query: inurl:"/wp-content/plugins/wp-appbox/"
     shodan-query: 'vuln:CVE-2021-36910'
-  tags: cve,wordpress,wp-plugin,wp-appbox,medium
+  tags: cve,wordpress,wp-plugin,wp-appbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36911-2faa74d51969fb024a7d850a91d6917b.yaml b/nuclei-templates/2021/CVE-2021-36911-2faa74d51969fb024a7d850a91d6917b.yaml
index 167e76f569..0e524d915a 100644
--- a/nuclei-templates/2021/CVE-2021-36911-2faa74d51969fb024a7d850a91d6917b.yaml
+++ b/nuclei-templates/2021/CVE-2021-36911-2faa74d51969fb024a7d850a91d6917b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comment Engine Pro <= 1.0 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Comment Engine Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comment-engine-pro/"
     google-query: inurl:"/wp-content/plugins/comment-engine-pro/"
     shodan-query: 'vuln:CVE-2021-36911'
-  tags: cve,wordpress,wp-plugin,comment-engine-pro,medium
+  tags: cve,wordpress,wp-plugin,comment-engine-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36912-d6ab389c616dfd2cb30cbd7db8473c95.yaml b/nuclei-templates/2021/CVE-2021-36912-d6ab389c616dfd2cb30cbd7db8473c95.yaml
index 36e22f4e90..507d460fcf 100644
--- a/nuclei-templates/2021/CVE-2021-36912-d6ab389c616dfd2cb30cbd7db8473c95.yaml
+++ b/nuclei-templates/2021/CVE-2021-36912-d6ab389c616dfd2cb30cbd7db8473c95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Andrea Pernici News Sitemap for Google <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-news-sitemap/"
     google-query: inurl:"/wp-content/plugins/google-news-sitemap/"
     shodan-query: 'vuln:CVE-2021-36912'
-  tags: cve,wordpress,wp-plugin,google-news-sitemap,medium
+  tags: cve,wordpress,wp-plugin,google-news-sitemap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36913-8eae6b3d481165727afe77f464d11a2d.yaml b/nuclei-templates/2021/CVE-2021-36913-8eae6b3d481165727afe77f464d11a2d.yaml
index 1bdd7dbcfd..9808d9432d 100644
--- a/nuclei-templates/2021/CVE-2021-36913-8eae6b3d481165727afe77f464d11a2d.yaml
+++ b/nuclei-templates/2021/CVE-2021-36913-8eae6b3d481165727afe77f464d11a2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirection for Contact Form 7 <= 2.4.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirection for Contact Form 7 plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to update the plugin's options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpcf7-redirect/"
     google-query: inurl:"/wp-content/plugins/wpcf7-redirect/"
     shodan-query: 'vuln:CVE-2021-36913'
-  tags: cve,wordpress,wp-plugin,wpcf7-redirect,medium
+  tags: cve,wordpress,wp-plugin,wpcf7-redirect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36915-da13e940921b9b4b286d3e79be1e9d85.yaml b/nuclei-templates/2021/CVE-2021-36915-da13e940921b9b4b286d3e79be1e9d85.yaml
index ed6d34d2ee..83f4f5e423 100644
--- a/nuclei-templates/2021/CVE-2021-36915-da13e940921b9b4b286d3e79be1e9d85.yaml
+++ b/nuclei-templates/2021/CVE-2021-36915-da13e940921b9b4b286d3e79be1e9d85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.4. This is due to missing nonce validation on the wppb_pbie_import() & wppb_pbie_export_our_json() functions. This makes it possible for unauthenticated attackers to import and export plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder/"
     google-query: inurl:"/wp-content/plugins/profile-builder/"
     shodan-query: 'vuln:CVE-2021-36915'
-  tags: cve,wordpress,wp-plugin,profile-builder,high
+  tags: cve,wordpress,wp-plugin,profile-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-36916-a5da2259e66916eeb957e15e5b2a199e.yaml b/nuclei-templates/2021/CVE-2021-36916-a5da2259e66916eeb957e15e5b2a199e.yaml
index e6311ff936..82c7fa5779 100644
--- a/nuclei-templates/2021/CVE-2021-36916-a5da2259e66916eeb957e15e5b2a199e.yaml
+++ b/nuclei-templates/2021/CVE-2021-36916-a5da2259e66916eeb957e15e5b2a199e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hide My WP <= 6.2.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hide_my_wp/"
     google-query: inurl:"/wp-content/plugins/hide_my_wp/"
     shodan-query: 'vuln:CVE-2021-36916'
-  tags: cve,wordpress,wp-plugin,hide_my_wp,high
+  tags: cve,wordpress,wp-plugin,hide_my_wp,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-38314-97e559b0ee0d8f7ed9a23afb1d3a5dfd.yaml b/nuclei-templates/2021/CVE-2021-38314-97e559b0ee0d8f7ed9a23afb1d3a5dfd.yaml
index 3113d3bc85..ca25b5b68a 100644
--- a/nuclei-templates/2021/CVE-2021-38314-97e559b0ee0d8f7ed9a23afb1d3a5dfd.yaml
+++ b/nuclei-templates/2021/CVE-2021-38314-97e559b0ee0d8f7ed9a23afb1d3a5dfd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Template Library & Redux Framework <= 4.2.11 - Missing Authorization to Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redux-framework/"
     google-query: inurl:"/wp-content/plugins/redux-framework/"
     shodan-query: 'vuln:CVE-2021-38314'
-  tags: cve,wordpress,wp-plugin,redux-framework,medium
+  tags: cve,wordpress,wp-plugin,redux-framework,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-38324-41e16d89dcc64533542d0355200f7979.yaml b/nuclei-templates/2021/CVE-2021-38324-41e16d89dcc64533542d0355200f7979.yaml
index ba34ae5941..def8cfa7f9 100644
--- a/nuclei-templates/2021/CVE-2021-38324-41e16d89dcc64533542d0355200f7979.yaml
+++ b/nuclei-templates/2021/CVE-2021-38324-41e16d89dcc64533542d0355200f7979.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Rental Manager <= 1.5.3 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-rental-manager/"
     google-query: inurl:"/wp-content/plugins/sp-rental-manager/"
     shodan-query: 'vuln:CVE-2021-38324'
-  tags: cve,wordpress,wp-plugin,sp-rental-manager,high
+  tags: cve,wordpress,wp-plugin,sp-rental-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-38342-fa85581f8faec8e54a152a5a0efaf823.yaml b/nuclei-templates/2021/CVE-2021-38342-fa85581f8faec8e54a152a5a0efaf823.yaml
index c34026f29e..f5a20dca5b 100644
--- a/nuclei-templates/2021/CVE-2021-38342-fa85581f8faec8e54a152a5a0efaf823.yaml
+++ b/nuclei-templates/2021/CVE-2021-38342-fa85581f8faec8e54a152a5a0efaf823.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nested Pages <= 3.1.15 - Cross-Site Request Forgery to Arbitrary Post Deletion and Modification
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-nested-pages/"
     google-query: inurl:"/wp-content/plugins/wp-nested-pages/"
     shodan-query: 'vuln:CVE-2021-38342'
-  tags: cve,wordpress,wp-plugin,wp-nested-pages,high
+  tags: cve,wordpress,wp-plugin,wp-nested-pages,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-38344-51d48891356faa4b5ee750ea40af7e8d.yaml b/nuclei-templates/2021/CVE-2021-38344-51d48891356faa4b5ee750ea40af7e8d.yaml
index f79401a2a7..05af3356a4 100644
--- a/nuclei-templates/2021/CVE-2021-38344-51d48891356faa4b5ee750ea40af7e8d.yaml
+++ b/nuclei-templates/2021/CVE-2021-38344-51d48891356faa4b5ee750ea40af7e8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy - Page Builder <= 2.3.11 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:CVE-2021-38344'
-  tags: cve,wordpress,wp-plugin,brizy,medium
+  tags: cve,wordpress,wp-plugin,brizy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-38346-a5ce2d4f9e1b1bb323f57b01146d769b.yaml b/nuclei-templates/2021/CVE-2021-38346-a5ce2d4f9e1b1bb323f57b01146d769b.yaml
index fd8c925ca3..a598cbab05 100644
--- a/nuclei-templates/2021/CVE-2021-38346-a5ce2d4f9e1b1bb323f57b01146d769b.yaml
+++ b/nuclei-templates/2021/CVE-2021-38346-a5ce2d4f9e1b1bb323f57b01146d769b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy Page Builder <= 2.3.11 - Authenticated File Upload and Path Traversal
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:CVE-2021-38346'
-  tags: cve,wordpress,wp-plugin,brizy,high
+  tags: cve,wordpress,wp-plugin,brizy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-38360-76cc9ef157cda8ab12c517a7c91088af.yaml b/nuclei-templates/2021/CVE-2021-38360-76cc9ef157cda8ab12c517a7c91088af.yaml
index 07c50d9e6d..17f86f366e 100644
--- a/nuclei-templates/2021/CVE-2021-38360-76cc9ef157cda8ab12c517a7c91088af.yaml
+++ b/nuclei-templates/2021/CVE-2021-38360-76cc9ef157cda8ab12c517a7c91088af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wp-publications < 1.1 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-publications/"
     google-query: inurl:"/wp-content/plugins/wp-publications/"
     shodan-query: 'vuln:CVE-2021-38360'
-  tags: cve,wordpress,wp-plugin,wp-publications,high
+  tags: cve,wordpress,wp-plugin,wp-publications,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39201-65fb786a832ae70556835ff6a5bf2139.yaml b/nuclei-templates/2021/CVE-2021-39201-65fb786a832ae70556835ff6a5bf2139.yaml
index 61ec551a31..34ce429c62 100644
--- a/nuclei-templates/2021/CVE-2021-39201-65fb786a832ae70556835ff6a5bf2139.yaml
+++ b/nuclei-templates/2021/CVE-2021-39201-65fb786a832ae70556835ff6a5bf2139.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core 5.4 - 5.8 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It's strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress)
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2021-39201
   metadata:
     shodan-query: 'vuln:CVE-2021-39201'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39203-a7765f598fd1a7f35b5c80f721d18a4c.yaml b/nuclei-templates/2021/CVE-2021-39203-a7765f598fd1a7f35b5c80f721d18a4c.yaml
index 118cd8920c..43b402c90a 100644
--- a/nuclei-templates/2021/CVE-2021-39203-a7765f598fd1a7f35b5c80f721d18a4c.yaml
+++ b/nuclei-templates/2021/CVE-2021-39203-a7765f598fd1a7f35b5c80f721d18a4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core 5.8 beta - Block Editor Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2021-39203
   metadata:
     shodan-query: 'vuln:CVE-2021-39203'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39317-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/2021/CVE-2021-39317-f89ee1fe18d2f93346e76054105f5916.yaml
index dc89edaaa8..2f4ee10800 100644
--- a/nuclei-templates/2021/CVE-2021-39317-f89ee1fe18d2f93346e76054105f5916.yaml
+++ b/nuclei-templates/2021/CVE-2021-39317-f89ee1fe18d2f93346e76054105f5916.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2021-39317
   metadata:
-    fofa-query: "wp-content/themes/the-monday/"
-    google-query: inurl:"/wp-content/themes/the-monday/"
+    fofa-query: "wp-content/themes/bloger/"
+    google-query: inurl:"/wp-content/themes/bloger/"
     shodan-query: 'vuln:CVE-2021-39317'
-  tags: cve,wordpress,wp-theme,the-monday,high
+  tags: cve,wordpress,wp-theme,bloger,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/the-monday/style.css"
+      - "{{BaseURL}}/wp-content/themes/bloger/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "the-monday"
+          - "bloger"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.4.1')
\ No newline at end of file
+          - compare_versions(version, '<= 1.2.6')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-39328-77686428a77d266ce22bfe59b8ab3fea.yaml b/nuclei-templates/2021/CVE-2021-39328-77686428a77d266ce22bfe59b8ab3fea.yaml
index 8cf348ae5b..2684479b99 100644
--- a/nuclei-templates/2021/CVE-2021-39328-77686428a77d266ce22bfe59b8ab3fea.yaml
+++ b/nuclei-templates/2021/CVE-2021-39328-77686428a77d266ce22bfe59b8ab3fea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Job Board <= 2.9.4 Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.9.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-job-board/"
     google-query: inurl:"/wp-content/plugins/simple-job-board/"
     shodan-query: 'vuln:CVE-2021-39328'
-  tags: cve,wordpress,wp-plugin,simple-job-board,medium
+  tags: cve,wordpress,wp-plugin,simple-job-board,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39329-dbbebd9fd091a5f8a7900f65f6287602.yaml b/nuclei-templates/2021/CVE-2021-39329-dbbebd9fd091a5f8a7900f65f6287602.yaml
index 2c05a151a7..9886e51445 100644
--- a/nuclei-templates/2021/CVE-2021-39329-dbbebd9fd091a5f8a7900f65f6287602.yaml
+++ b/nuclei-templates/2021/CVE-2021-39329-dbbebd9fd091a5f8a7900f65f6287602.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobBoardWP – Job Board Listings and Submissions <= 1.0.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jobboardwp/"
     google-query: inurl:"/wp-content/plugins/jobboardwp/"
     shodan-query: 'vuln:CVE-2021-39329'
-  tags: cve,wordpress,wp-plugin,jobboardwp,medium
+  tags: cve,wordpress,wp-plugin,jobboardwp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39332-24e7ccbee7ca416ae56183733be3750e.yaml b/nuclei-templates/2021/CVE-2021-39332-24e7ccbee7ca416ae56183733be3750e.yaml
index 34ed371862..e5c370752a 100644
--- a/nuclei-templates/2021/CVE-2021-39332-24e7ccbee7ca416ae56183733be3750e.yaml
+++ b/nuclei-templates/2021/CVE-2021-39332-24e7ccbee7ca416ae56183733be3750e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Business Manager  <= 1.4.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/business-manager/"
     google-query: inurl:"/wp-content/plugins/business-manager/"
     shodan-query: 'vuln:CVE-2021-39332'
-  tags: cve,wordpress,wp-plugin,business-manager,medium
+  tags: cve,wordpress,wp-plugin,business-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39334-4b6c5be1fe7b22ce9d31baa1ab6b6513.yaml b/nuclei-templates/2021/CVE-2021-39334-4b6c5be1fe7b22ce9d31baa1ab6b6513.yaml
index 32e55072c8..c76d079aff 100644
--- a/nuclei-templates/2021/CVE-2021-39334-4b6c5be1fe7b22ce9d31baa1ab6b6513.yaml
+++ b/nuclei-templates/2021/CVE-2021-39334-4b6c5be1fe7b22ce9d31baa1ab6b6513.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Job Board Vanila Plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-board-vanilla/"
     google-query: inurl:"/wp-content/plugins/job-board-vanilla/"
     shodan-query: 'vuln:CVE-2021-39334'
-  tags: cve,wordpress,wp-plugin,job-board-vanilla,medium
+  tags: cve,wordpress,wp-plugin,job-board-vanilla,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39335-17d9d2647ecfd4b0be797349f3817c27.yaml b/nuclei-templates/2021/CVE-2021-39335-17d9d2647ecfd4b0be797349f3817c27.yaml
index 38dde2bc64..64bbaf979a 100644
--- a/nuclei-templates/2021/CVE-2021-39335-17d9d2647ecfd4b0be797349f3817c27.yaml
+++ b/nuclei-templates/2021/CVE-2021-39335-17d9d2647ecfd4b0be797349f3817c27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WpGenius Job Listing <= 1.0.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpgenious-job-listing/"
     google-query: inurl:"/wp-content/plugins/wpgenious-job-listing/"
     shodan-query: 'vuln:CVE-2021-39335'
-  tags: cve,wordpress,wp-plugin,wpgenious-job-listing,medium
+  tags: cve,wordpress,wp-plugin,wpgenious-job-listing,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39336-10474b54f82207cb48d47efc5316fa08.yaml b/nuclei-templates/2021/CVE-2021-39336-10474b54f82207cb48d47efc5316fa08.yaml
index a502d1cf10..31ad135e78 100644
--- a/nuclei-templates/2021/CVE-2021-39336-10474b54f82207cb48d47efc5316fa08.yaml
+++ b/nuclei-templates/2021/CVE-2021-39336-10474b54f82207cb48d47efc5316fa08.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Job Manager <= 0.7.25 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-manager/"
     google-query: inurl:"/wp-content/plugins/job-manager/"
     shodan-query: 'vuln:CVE-2021-39336'
-  tags: cve,wordpress,wp-plugin,job-manager,medium
+  tags: cve,wordpress,wp-plugin,job-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39337-c57a50def1ef305a4e8acb9063bb5142.yaml b/nuclei-templates/2021/CVE-2021-39337-c57a50def1ef305a4e8acb9063bb5142.yaml
index d529574214..6cfd8586a7 100644
--- a/nuclei-templates/2021/CVE-2021-39337-c57a50def1ef305a4e8acb9063bb5142.yaml
+++ b/nuclei-templates/2021/CVE-2021-39337-c57a50def1ef305a4e8acb9063bb5142.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     job-portal <= 0.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-portal/"
     google-query: inurl:"/wp-content/plugins/job-portal/"
     shodan-query: 'vuln:CVE-2021-39337'
-  tags: cve,wordpress,wp-plugin,job-portal,medium
+  tags: cve,wordpress,wp-plugin,job-portal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39338-7b501f3b3223dc999faba6ed8169a765.yaml b/nuclei-templates/2021/CVE-2021-39338-7b501f3b3223dc999faba6ed8169a765.yaml
index 56490fe872..2cf8b923dc 100644
--- a/nuclei-templates/2021/CVE-2021-39338-7b501f3b3223dc999faba6ed8169a765.yaml
+++ b/nuclei-templates/2021/CVE-2021-39338-7b501f3b3223dc999faba6ed8169a765.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MyBB Cross-Poster <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mybb-cross-poster/"
     google-query: inurl:"/wp-content/plugins/mybb-cross-poster/"
     shodan-query: 'vuln:CVE-2021-39338'
-  tags: cve,wordpress,wp-plugin,mybb-cross-poster,medium
+  tags: cve,wordpress,wp-plugin,mybb-cross-poster,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39340-eae4213a5c0782ae01f44dd9c21edcbb.yaml b/nuclei-templates/2021/CVE-2021-39340-eae4213a5c0782ae01f44dd9c21edcbb.yaml
index d5c8d77116..39b48679de 100644
--- a/nuclei-templates/2021/CVE-2021-39340-eae4213a5c0782ae01f44dd9c21edcbb.yaml
+++ b/nuclei-templates/2021/CVE-2021-39340-eae4213a5c0782ae01f44dd9c21edcbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Notification – Custom Notifications and Alerts for WordPress <= 7.2.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/notification/"
     google-query: inurl:"/wp-content/plugins/notification/"
     shodan-query: 'vuln:CVE-2021-39340'
-  tags: cve,wordpress,wp-plugin,notification,medium
+  tags: cve,wordpress,wp-plugin,notification,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39343-c8b3ba4607788e0f441ac762600baab2.yaml b/nuclei-templates/2021/CVE-2021-39343-c8b3ba4607788e0f441ac762600baab2.yaml
index e9b12d3349..b2e07a2ed8 100644
--- a/nuclei-templates/2021/CVE-2021-39343-c8b3ba4607788e0f441ac762600baab2.yaml
+++ b/nuclei-templates/2021/CVE-2021-39343-c8b3ba4607788e0f441ac762600baab2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MPL-Publisher  <= 1.30.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mpl-publisher/"
     google-query: inurl:"/wp-content/plugins/mpl-publisher/"
     shodan-query: 'vuln:CVE-2021-39343'
-  tags: cve,wordpress,wp-plugin,mpl-publisher,medium
+  tags: cve,wordpress,wp-plugin,mpl-publisher,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39344-c6a3bc41ee8a2ee4ea6023cb51c1bb30.yaml b/nuclei-templates/2021/CVE-2021-39344-c6a3bc41ee8a2ee4ea6023cb51c1bb30.yaml
index 23c26c3f90..b0ca57e868 100644
--- a/nuclei-templates/2021/CVE-2021-39344-c6a3bc41ee8a2ee4ea6023cb51c1bb30.yaml
+++ b/nuclei-templates/2021/CVE-2021-39344-c6a3bc41ee8a2ee4ea6023cb51c1bb30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KJM Admin Notices <= 2.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kjm-admin-notices/"
     google-query: inurl:"/wp-content/plugins/kjm-admin-notices/"
     shodan-query: 'vuln:CVE-2021-39344'
-  tags: cve,wordpress,wp-plugin,kjm-admin-notices,medium
+  tags: cve,wordpress,wp-plugin,kjm-admin-notices,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39345-06dfe81bc3a355cd7801ee39e75e5076.yaml b/nuclei-templates/2021/CVE-2021-39345-06dfe81bc3a355cd7801ee39e75e5076.yaml
index 42f5a1228b..b3bdcb5f35 100644
--- a/nuclei-templates/2021/CVE-2021-39345-06dfe81bc3a355cd7801ee39e75e5076.yaml
+++ b/nuclei-templates/2021/CVE-2021-39345-06dfe81bc3a355cd7801ee39e75e5076.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HAL <= 2.1.1 Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hal/"
     google-query: inurl:"/wp-content/plugins/hal/"
     shodan-query: 'vuln:CVE-2021-39345'
-  tags: cve,wordpress,wp-plugin,hal,medium
+  tags: cve,wordpress,wp-plugin,hal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39346-071e46b1422bc01b590261a3c5a56383.yaml b/nuclei-templates/2021/CVE-2021-39346-071e46b1422bc01b590261a3c5a56383.yaml
index 06a7138c83..1eec4782f3 100644
--- a/nuclei-templates/2021/CVE-2021-39346-071e46b1422bc01b590261a3c5a56383.yaml
+++ b/nuclei-templates/2021/CVE-2021-39346-071e46b1422bc01b590261a3c5a56383.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Maps Easy <= 1.9.33 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-maps-easy/"
     google-query: inurl:"/wp-content/plugins/google-maps-easy/"
     shodan-query: 'vuln:CVE-2021-39346'
-  tags: cve,wordpress,wp-plugin,google-maps-easy,medium
+  tags: cve,wordpress,wp-plugin,google-maps-easy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39347-47381a600b8cc2173f5be6a0287dc5d1.yaml b/nuclei-templates/2021/CVE-2021-39347-47381a600b8cc2173f5be6a0287dc5d1.yaml
index 8434931953..dfafb5f58c 100644
--- a/nuclei-templates/2021/CVE-2021-39347-47381a600b8cc2173f5be6a0287dc5d1.yaml
+++ b/nuclei-templates/2021/CVE-2021-39347-47381a600b8cc2173f5be6a0287dc5d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stripe for WooCommerce 3.0.0 - 3.3.9 - Missing Authorization Controls to Financial Account Hijacking
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 - 3.3.9.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stripe-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/stripe-for-woocommerce/"
     shodan-query: 'vuln:CVE-2021-39347'
-  tags: cve,wordpress,wp-plugin,stripe-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,stripe-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39348-a6e9d3ad722034f3a564750baa53887c.yaml b/nuclei-templates/2021/CVE-2021-39348-a6e9d3ad722034f3a564750baa53887c.yaml
index 624436bde9..f8ed5626af 100644
--- a/nuclei-templates/2021/CVE-2021-39348-a6e9d3ad722034f3a564750baa53887c.yaml
+++ b/nuclei-templates/2021/CVE-2021-39348-a6e9d3ad722034f3a564750baa53887c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 4.1.3.1 - Stored Cross-Site Scripting via $custom_profile
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2021-39348'
-  tags: cve,wordpress,wp-plugin,learnpress,medium
+  tags: cve,wordpress,wp-plugin,learnpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39349-6674d09f375c0a0c6100b633268f7e7c.yaml b/nuclei-templates/2021/CVE-2021-39349-6674d09f375c0a0c6100b633268f7e7c.yaml
index b3437f2a4d..e0144bdcc6 100644
--- a/nuclei-templates/2021/CVE-2021-39349-6674d09f375c0a0c6100b633268f7e7c.yaml
+++ b/nuclei-templates/2021/CVE-2021-39349-6674d09f375c0a0c6100b633268f7e7c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Author Bio Box <= 3.3.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-author-bio-box-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/author-bio-box/"
     google-query: inurl:"/wp-content/plugins/author-bio-box/"
     shodan-query: 'vuln:CVE-2021-39349'
-  tags: cve,wordpress,wp-plugin,author-bio-box,medium
+  tags: cve,wordpress,wp-plugin,author-bio-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39351-b6ce71d23b8bb3b641046b5238bd95ce.yaml b/nuclei-templates/2021/CVE-2021-39351-b6ce71d23b8bb3b641046b5238bd95ce.yaml
index ea1a4e44b7..08179950cc 100644
--- a/nuclei-templates/2021/CVE-2021-39351-b6ce71d23b8bb3b641046b5238bd95ce.yaml
+++ b/nuclei-templates/2021/CVE-2021-39351-b6ce71d23b8bb3b641046b5238bd95ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Bannerize 2.0.0 - 4.0.2 - Authenticated SQL Injection via id Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-bannerize/"
     google-query: inurl:"/wp-content/plugins/wp-bannerize/"
     shodan-query: 'vuln:CVE-2021-39351'
-  tags: cve,wordpress,wp-plugin,wp-bannerize,medium
+  tags: cve,wordpress,wp-plugin,wp-bannerize,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39352-ede5967c43f0c429d90aef07bf32832d.yaml b/nuclei-templates/2021/CVE-2021-39352-ede5967c43f0c429d90aef07bf32832d.yaml
index de13dee2a0..e62804d503 100644
--- a/nuclei-templates/2021/CVE-2021-39352-ede5967c43f0c429d90aef07bf32832d.yaml
+++ b/nuclei-templates/2021/CVE-2021-39352-ede5967c43f0c429d90aef07bf32832d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Catch Themes Demo Import <= 1.7 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/catch-themes-demo-import/"
     google-query: inurl:"/wp-content/plugins/catch-themes-demo-import/"
     shodan-query: 'vuln:CVE-2021-39352'
-  tags: cve,wordpress,wp-plugin,catch-themes-demo-import,high
+  tags: cve,wordpress,wp-plugin,catch-themes-demo-import,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39353-3cf0c7158d6fa6e72389913fb8e96f48.yaml b/nuclei-templates/2021/CVE-2021-39353-3cf0c7158d6fa6e72389913fb8e96f48.yaml
index 56382fc2e4..2f9ecde200 100644
--- a/nuclei-templates/2021/CVE-2021-39353-3cf0c7158d6fa6e72389913fb8e96f48.yaml
+++ b/nuclei-templates/2021/CVE-2021-39353-3cf0c7158d6fa6e72389913fb8e96f48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Registration Forms <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-registration-forms/"
     google-query: inurl:"/wp-content/plugins/easy-registration-forms/"
     shodan-query: 'vuln:CVE-2021-39353'
-  tags: cve,wordpress,wp-plugin,easy-registration-forms,high
+  tags: cve,wordpress,wp-plugin,easy-registration-forms,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39355-738cbcde2d8ae9b069d1cee10adc6b90.yaml b/nuclei-templates/2021/CVE-2021-39355-738cbcde2d8ae9b069d1cee10adc6b90.yaml
index 67741a579e..9982e3ac5a 100644
--- a/nuclei-templates/2021/CVE-2021-39355-738cbcde2d8ae9b069d1cee10adc6b90.yaml
+++ b/nuclei-templates/2021/CVE-2021-39355-738cbcde2d8ae9b069d1cee10adc6b90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Indeed Job Importer  <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/indeed-job-importer/"
     google-query: inurl:"/wp-content/plugins/indeed-job-importer/"
     shodan-query: 'vuln:CVE-2021-39355'
-  tags: cve,wordpress,wp-plugin,indeed-job-importer,medium
+  tags: cve,wordpress,wp-plugin,indeed-job-importer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39356-a29cb4528fb3dd359faf1d68a8cf9ee1.yaml b/nuclei-templates/2021/CVE-2021-39356-a29cb4528fb3dd359faf1d68a8cf9ee1.yaml
index 22a6c3e2b4..90f08c25eb 100644
--- a/nuclei-templates/2021/CVE-2021-39356-a29cb4528fb3dd359faf1d68a8cf9ee1.yaml
+++ b/nuclei-templates/2021/CVE-2021-39356-a29cb4528fb3dd359faf1d68a8cf9ee1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Staging <= 2.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the ~/templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-staging/"
     google-query: inurl:"/wp-content/plugins/content-staging/"
     shodan-query: 'vuln:CVE-2021-39356'
-  tags: cve,wordpress,wp-plugin,content-staging,medium
+  tags: cve,wordpress,wp-plugin,content-staging,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-39357-58a6911fd3193aa0bffa110e873b9369.yaml b/nuclei-templates/2021/CVE-2021-39357-58a6911fd3193aa0bffa110e873b9369.yaml
index 97f2667ed5..1792c89758 100644
--- a/nuclei-templates/2021/CVE-2021-39357-58a6911fd3193aa0bffa110e873b9369.yaml
+++ b/nuclei-templates/2021/CVE-2021-39357-58a6911fd3193aa0bffa110e873b9369.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the ~/class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaky-paywall/"
     google-query: inurl:"/wp-content/plugins/leaky-paywall/"
     shodan-query: 'vuln:CVE-2021-39357'
-  tags: cve,wordpress,wp-plugin,leaky-paywall,medium
+  tags: cve,wordpress,wp-plugin,leaky-paywall,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4074-f7ea807ec289aa8d8be34a1208e9ebb9.yaml b/nuclei-templates/2021/CVE-2021-4074-f7ea807ec289aa8d8be34a1208e9ebb9.yaml
index 1bd5edf2f4..98e5c44209 100644
--- a/nuclei-templates/2021/CVE-2021-4074-f7ea807ec289aa8d8be34a1208e9ebb9.yaml
+++ b/nuclei-templates/2021/CVE-2021-4074-f7ea807ec289aa8d8be34a1208e9ebb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenticated users such as subscribers can exploit this vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/whmcs-bridge/"
     google-query: inurl:"/wp-content/plugins/whmcs-bridge/"
     shodan-query: 'vuln:CVE-2021-4074'
-  tags: cve,wordpress,wp-plugin,whmcs-bridge,medium
+  tags: cve,wordpress,wp-plugin,whmcs-bridge,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4096-16fc618536c8b0d70612472b29c155c9.yaml b/nuclei-templates/2021/CVE-2021-4096-16fc618536c8b0d70612472b29c155c9.yaml
index a89870caa1..0ccd22d570 100644
--- a/nuclei-templates/2021/CVE-2021-4096-16fc618536c8b0d70612472b29c155c9.yaml
+++ b/nuclei-templates/2021/CVE-2021-4096-16fc618536c8b0d70612472b29c155c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancy-product-designer/"
     google-query: inurl:"/wp-content/plugins/fancy-product-designer/"
     shodan-query: 'vuln:CVE-2021-4096'
-  tags: cve,wordpress,wp-plugin,fancy-product-designer,high
+  tags: cve,wordpress,wp-plugin,fancy-product-designer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4134-d8e9444efeb93debc442fb77c567fbad.yaml b/nuclei-templates/2021/CVE-2021-4134-d8e9444efeb93debc442fb77c567fbad.yaml
index 9e49dda56c..28aa443992 100644
--- a/nuclei-templates/2021/CVE-2021-4134-d8e9444efeb93debc442fb77c567fbad.yaml
+++ b/nuclei-templates/2021/CVE-2021-4134-d8e9444efeb93debc442fb77c567fbad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fancy Product Designer <= 4.7.4 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~/inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 4.7.4.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancy-product-designer/"
     google-query: inurl:"/wp-content/plugins/fancy-product-designer/"
     shodan-query: 'vuln:CVE-2021-4134'
-  tags: cve,wordpress,wp-plugin,fancy-product-designer,high
+  tags: cve,wordpress,wp-plugin,fancy-product-designer,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-41836-b1767ac6c4058810b3f215f7aa0668ab.yaml b/nuclei-templates/2021/CVE-2021-41836-b1767ac6c4058810b3f215f7aa0668ab.yaml
index 72b99b6784..9cb9d79ebc 100644
--- a/nuclei-templates/2021/CVE-2021-41836-b1767ac6c4058810b3f215f7aa0668ab.yaml
+++ b/nuclei-templates/2021/CVE-2021-41836-b1767ac6c4058810b3f215f7aa0668ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fathom Analytics <= 3.0.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.0.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fathom-analytics/"
     google-query: inurl:"/wp-content/plugins/fathom-analytics/"
     shodan-query: 'vuln:CVE-2021-41836'
-  tags: cve,wordpress,wp-plugin,fathom-analytics,medium
+  tags: cve,wordpress,wp-plugin,fathom-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4208-e3d531049fbe8d4cfc0687a776a83ff1.yaml b/nuclei-templates/2021/CVE-2021-4208-e3d531049fbe8d4cfc0687a776a83ff1.yaml
index 1c5d6aac17..4a31f4faf8 100644
--- a/nuclei-templates/2021/CVE-2021-4208-e3d531049fbe8d4cfc0687a776a83ff1.yaml
+++ b/nuclei-templates/2021/CVE-2021-4208-e3d531049fbe8d4cfc0687a776a83ff1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ExportFeed <= 2.0.1.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exportfeed-list-woocommerce-products-on-ebay-store/"
     google-query: inurl:"/wp-content/plugins/exportfeed-list-woocommerce-products-on-ebay-store/"
     shodan-query: 'vuln:CVE-2021-4208'
-  tags: cve,wordpress,wp-plugin,exportfeed-list-woocommerce-products-on-ebay-store,high
+  tags: cve,wordpress,wp-plugin,exportfeed-list-woocommerce-products-on-ebay-store,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4222-ac056be778ddfca7dda3b1e72c3f8315.yaml b/nuclei-templates/2021/CVE-2021-4222-ac056be778ddfca7dda3b1e72c3f8315.yaml
index a2b85aba24..283d42dea3 100644
--- a/nuclei-templates/2021/CVE-2021-4222-ac056be778ddfca7dda3b1e72c3f8315.yaml
+++ b/nuclei-templates/2021/CVE-2021-4222-ac056be778ddfca7dda3b1e72c3f8315.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Paginate <= 2.1.3 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-paginate/"
     google-query: inurl:"/wp-content/plugins/wp-paginate/"
     shodan-query: 'vuln:CVE-2021-4222'
-  tags: cve,wordpress,wp-plugin,wp-paginate,medium
+  tags: cve,wordpress,wp-plugin,wp-paginate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4225-f55d9ddf38ced2af39de4e46518b9654.yaml b/nuclei-templates/2021/CVE-2021-4225-f55d9ddf38ced2af39de4e46518b9654.yaml
index 141e47fb3a..5e49a4f34e 100644
--- a/nuclei-templates/2021/CVE-2021-4225-f55d9ddf38ced2af39de4e46518b9654.yaml
+++ b/nuclei-templates/2021/CVE-2021-4225-f55d9ddf38ced2af39de4e46518b9654.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager  <= 4.23 - Subscriber+ Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:CVE-2021-4225'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,high
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-42358-e81493486edc65b51a46933e4d69c1ae.yaml b/nuclei-templates/2021/CVE-2021-42358-e81493486edc65b51a46933e4d69c1ae.yaml
index 64c0d24e58..aa1a4501d4 100644
--- a/nuclei-templates/2021/CVE-2021-42358-e81493486edc65b51a46933e4d69c1ae.yaml
+++ b/nuclei-templates/2021/CVE-2021-42358-e81493486edc65b51a46933e4d69c1ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form With Captcha <= 1.6.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.7.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-with-captcha/"
     google-query: inurl:"/wp-content/plugins/contact-form-with-captcha/"
     shodan-query: 'vuln:CVE-2021-42358'
-  tags: cve,wordpress,wp-plugin,contact-form-with-captcha,high
+  tags: cve,wordpress,wp-plugin,contact-form-with-captcha,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-42361-b66a39c48610a87259a172e4f5cf2fee.yaml b/nuclei-templates/2021/CVE-2021-42361-b66a39c48610a87259a172e4f5cf2fee.yaml
index 399cf911fa..873adaca47 100644
--- a/nuclei-templates/2021/CVE-2021-42361-b66a39c48610a87259a172e4f5cf2fee.yaml
+++ b/nuclei-templates/2021/CVE-2021-42361-b66a39c48610a87259a172e4f5cf2fee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Email <= 1.3.24 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-email/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-email/"
     shodan-query: 'vuln:CVE-2021-42361'
-  tags: cve,wordpress,wp-plugin,contact-form-to-email,medium
+  tags: cve,wordpress,wp-plugin,contact-form-to-email,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-42362-9912c297cff35bf8bf01c7b24d0db7f5.yaml b/nuclei-templates/2021/CVE-2021-42362-9912c297cff35bf8bf01c7b24d0db7f5.yaml
index c85a510b30..960ca4e64b 100644
--- a/nuclei-templates/2021/CVE-2021-42362-9912c297cff35bf8bf01c7b24d0db7f5.yaml
+++ b/nuclei-templates/2021/CVE-2021-42362-9912c297cff35bf8bf01c7b24d0db7f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Popular Posts <= 5.3.2 - Authenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-popular-posts/"
     google-query: inurl:"/wp-content/plugins/wordpress-popular-posts/"
     shodan-query: 'vuln:CVE-2021-42362'
-  tags: cve,wordpress,wp-plugin,wordpress-popular-posts,high
+  tags: cve,wordpress,wp-plugin,wordpress-popular-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-42364-6c87924dbb6c43a2f1ddf339475f1f21.yaml b/nuclei-templates/2021/CVE-2021-42364-6c87924dbb6c43a2f1ddf339475f1f21.yaml
index 66de168f42..8c23d20b1b 100644
--- a/nuclei-templates/2021/CVE-2021-42364-6c87924dbb6c43a2f1ddf339475f1f21.yaml
+++ b/nuclei-templates/2021/CVE-2021-42364-6c87924dbb6c43a2f1ddf339475f1f21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stetic/"
     google-query: inurl:"/wp-content/plugins/stetic/"
     shodan-query: 'vuln:CVE-2021-42364'
-  tags: cve,wordpress,wp-plugin,stetic,high
+  tags: cve,wordpress,wp-plugin,stetic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-42365-536f8f709fcfc0e34ccf2b79f3c436d7.yaml b/nuclei-templates/2021/CVE-2021-42365-536f8f709fcfc0e34ccf2b79f3c436d7.yaml
index 800e2a4288..5e9f41ddfd 100644
--- a/nuclei-templates/2021/CVE-2021-42365-536f8f709fcfc0e34ccf2b79f3c436d7.yaml
+++ b/nuclei-templates/2021/CVE-2021-42365-536f8f709fcfc0e34ccf2b79f3c436d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Asgaros Forums <= 1.15.13 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/asgaros-forum/"
     google-query: inurl:"/wp-content/plugins/asgaros-forum/"
     shodan-query: 'vuln:CVE-2021-42365'
-  tags: cve,wordpress,wp-plugin,asgaros-forum,medium
+  tags: cve,wordpress,wp-plugin,asgaros-forum,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-42367-51f425b2b47157be5d941492e7da4019.yaml b/nuclei-templates/2021/CVE-2021-42367-51f425b2b47157be5d941492e7da4019.yaml
index 9c65a3642f..c01d96afb4 100644
--- a/nuclei-templates/2021/CVE-2021-42367-51f425b2b47157be5d941492e7da4019.yaml
+++ b/nuclei-templates/2021/CVE-2021-42367-51f425b2b47157be5d941492e7da4019.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Variation Swatches for WooCommerce <= 2.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-variation-swatches-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/product-variation-swatches-for-woocommerce/"
     shodan-query: 'vuln:CVE-2021-42367'
-  tags: cve,wordpress,wp-plugin,product-variation-swatches-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,product-variation-swatches-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4330-e259392e4e0f5c005c71447bf33a289e.yaml b/nuclei-templates/2021/CVE-2021-4330-e259392e4e0f5c005c71447bf33a289e.yaml
index e96de31dc5..b198f75346 100644
--- a/nuclei-templates/2021/CVE-2021-4330-e259392e4e0f5c005c71447bf33a289e.yaml
+++ b/nuclei-templates/2021/CVE-2021-4330-e259392e4e0f5c005c71447bf33a289e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Envato Elements <= 2.0.10 & Template Kit <= 1.0.13  - Authenticated (Contributor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2021-4330
   metadata:
-    fofa-query: "wp-content/plugins/template-kit-import/"
-    google-query: inurl:"/wp-content/plugins/template-kit-import/"
+    fofa-query: "wp-content/plugins/envato-elements/"
+    google-query: inurl:"/wp-content/plugins/envato-elements/"
     shodan-query: 'vuln:CVE-2021-4330'
-  tags: cve,wordpress,wp-plugin,template-kit-import,high
+  tags: cve,wordpress,wp-plugin,envato-elements,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/template-kit-import/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/envato-elements/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "template-kit-import"
+          - "envato-elements"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.0.13')
\ No newline at end of file
+          - compare_versions(version, '<= 2.0.10')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-4331-ad74c1853755393f0d665754f820d681.yaml b/nuclei-templates/2021/CVE-2021-4331-ad74c1853755393f0d665754f820d681.yaml
index c2b8d9445a..c7623bf413 100644
--- a/nuclei-templates/2021/CVE-2021-4331-ad74c1853755393f0d665754f820d681.yaml
+++ b/nuclei-templates/2021/CVE-2021-4331-ad74c1853755393f0d665754f820d681.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2021-4331
   metadata:
-    fofa-query: "wp-content/plugins/theplus_elementor_addon/"
-    google-query: inurl:"/wp-content/plugins/theplus_elementor_addon/"
+    fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
+    google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2021-4331'
-  tags: cve,wordpress,wp-plugin,theplus_elementor_addon,high
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/theplus_elementor_addon/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "theplus_elementor_addon"
+          - "the-plus-addons-for-elementor-page-builder"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 4.1.9')
\ No newline at end of file
+          - compare_versions(version, '<= 2.0.6')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-4332-28b13ccb507cfeb174aa819fc3235b5f.yaml b/nuclei-templates/2021/CVE-2021-4332-28b13ccb507cfeb174aa819fc3235b5f.yaml
index 95b8ec95d8..619883af32 100644
--- a/nuclei-templates/2021/CVE-2021-4332-28b13ccb507cfeb174aa819fc3235b5f.yaml
+++ b/nuclei-templates/2021/CVE-2021-4332-28b13ccb507cfeb174aa819fc3235b5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2021-4332'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-43353-3e9db5ca5f74e03bc884849a472e7363.yaml b/nuclei-templates/2021/CVE-2021-43353-3e9db5ca5f74e03bc884849a472e7363.yaml
index cf6be3bac8..b6b1f76fa0 100644
--- a/nuclei-templates/2021/CVE-2021-43353-3e9db5ca5f74e03bc884849a472e7363.yaml
+++ b/nuclei-templates/2021/CVE-2021-43353-3e9db5ca5f74e03bc884849a472e7363.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crisp/"
     google-query: inurl:"/wp-content/plugins/crisp/"
     shodan-query: 'vuln:CVE-2021-43353'
-  tags: cve,wordpress,wp-plugin,crisp,high
+  tags: cve,wordpress,wp-plugin,crisp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4337-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/2021/CVE-2021-4337-05a9cfff31ff66f2865f7b47e03322c5.yaml
index e62d8f0b74..c245bfbdec 100644
--- a/nuclei-templates/2021/CVE-2021-4337-05a9cfff31ff66f2865f7b47e03322c5.yaml
+++ b/nuclei-templates/2021/CVE-2021-4337-05a9cfff31ff66f2865f7b47e03322c5.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2021-4337
   metadata:
-    fofa-query: "wp-content/plugins/prdctfltr/"
-    google-query: inurl:"/wp-content/plugins/prdctfltr/"
+    fofa-query: "wp-content/plugins/seo-for-woocommerce/"
+    google-query: inurl:"/wp-content/plugins/seo-for-woocommerce/"
     shodan-query: 'vuln:CVE-2021-4337'
-  tags: cve,wordpress,wp-plugin,prdctfltr,high
+  tags: cve,wordpress,wp-plugin,seo-for-woocommerce,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/prdctfltr/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/seo-for-woocommerce/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "prdctfltr"
+          - "seo-for-woocommerce"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 8.2.0')
\ No newline at end of file
+          - compare_versions(version, '< 1.6.0')
\ No newline at end of file
diff --git a/nuclei-templates/2021/CVE-2021-4338-e5012481eb3358496d9e8266284a0c72.yaml b/nuclei-templates/2021/CVE-2021-4338-e5012481eb3358496d9e8266284a0c72.yaml
index d6736ae74f..301e43cbf8 100644
--- a/nuclei-templates/2021/CVE-2021-4338-e5012481eb3358496d9e8266284a0c72.yaml
+++ b/nuclei-templates/2021/CVE-2021-4338-e5012481eb3358496d9e8266284a0c72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     404 to 301 <= 3.0.7 - Missing Authorization to Redirect Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/404-to-301/"
     google-query: inurl:"/wp-content/plugins/404-to-301/"
     shodan-query: 'vuln:CVE-2021-4338'
-  tags: cve,wordpress,wp-plugin,404-to-301,medium
+  tags: cve,wordpress,wp-plugin,404-to-301,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-43408-f8c9b929aeaeb9c8fafdde93d3c6755f.yaml b/nuclei-templates/2021/CVE-2021-43408-f8c9b929aeaeb9c8fafdde93d3c6755f.yaml
index 9ac8a96fd9..124ec127ca 100644
--- a/nuclei-templates/2021/CVE-2021-43408-f8c9b929aeaeb9c8fafdde93d3c6755f.yaml
+++ b/nuclei-templates/2021/CVE-2021-43408-f8c9b929aeaeb9c8fafdde93d3c6755f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Post WordPress Plugin <= 1.1.9 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/copy-delete-posts/"
     google-query: inurl:"/wp-content/plugins/copy-delete-posts/"
     shodan-query: 'vuln:CVE-2021-43408'
-  tags: cve,wordpress,wp-plugin,copy-delete-posts,medium
+  tags: cve,wordpress,wp-plugin,copy-delete-posts,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-43409-41c658cc02437ea28ef89a50228368a2.yaml b/nuclei-templates/2021/CVE-2021-43409-41c658cc02437ea28ef89a50228368a2.yaml
index 34510495e0..d8c1780f35 100644
--- a/nuclei-templates/2021/CVE-2021-43409-41c658cc02437ea28ef89a50228368a2.yaml
+++ b/nuclei-templates/2021/CVE-2021-43409-41c658cc02437ea28ef89a50228368a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress + Microsoft Office 365 / Azure AD | LOGIN <= 15.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPO365 | LOGIN WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpo365-login/"
     google-query: inurl:"/wp-content/plugins/wpo365-login/"
     shodan-query: 'vuln:CVE-2021-43409'
-  tags: cve,wordpress,wp-plugin,wpo365-login,medium
+  tags: cve,wordpress,wp-plugin,wpo365-login,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4347-c176f376f5ace8dd8c28eea850150499.yaml b/nuclei-templates/2021/CVE-2021-4347-c176f376f5ace8dd8c28eea850150499.yaml
index 4e3193fc51..d6293a84fc 100644
--- a/nuclei-templates/2021/CVE-2021-4347-c176f376f5ace8dd8c28eea850150499.yaml
+++ b/nuclei-templates/2021/CVE-2021-4347-c176f376f5ace8dd8c28eea850150499.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options Change
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers (including those at customer level) to update any WordPress option in the database. Version 3.2.5 was initially released as a fix, but doesn't fully address the issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-advanced-shipment-tracking/"
     google-query: inurl:"/wp-content/plugins/woo-advanced-shipment-tracking/"
     shodan-query: 'vuln:CVE-2021-4347'
-  tags: cve,wordpress,wp-plugin,woo-advanced-shipment-tracking,critical
+  tags: cve,wordpress,wp-plugin,woo-advanced-shipment-tracking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4349-dc3e0c6c532d55735bad2ab0a9b29d39.yaml b/nuclei-templates/2021/CVE-2021-4349-dc3e0c6c532d55735bad2ab0a9b29d39.yaml
index 31f2d2b618..9e55069d2a 100644
--- a/nuclei-templates/2021/CVE-2021-4349-dc3e0c6c532d55735bad2ab0a9b29d39.yaml
+++ b/nuclei-templates/2021/CVE-2021-4349-dc3e0c6c532d55735bad2ab0a9b29d39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/process-steps-template-designer/"
     google-query: inurl:"/wp-content/plugins/process-steps-template-designer/"
     shodan-query: 'vuln:CVE-2021-4349'
-  tags: cve,wordpress,wp-plugin,process-steps-template-designer,high
+  tags: cve,wordpress,wp-plugin,process-steps-template-designer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4352-91fa130b7c3ea6431b231102505db7d5.yaml b/nuclei-templates/2021/CVE-2021-4352-91fa130b7c3ea6431b231102505db7d5.yaml
index a7a58366a1..6444c7e26b 100644
--- a/nuclei-templates/2021/CVE-2021-4352-91fa130b7c3ea6431b231102505db7d5.yaml
+++ b/nuclei-templates/2021/CVE-2021-4352-91fa130b7c3ea6431b231102505db7d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-jobsearch/"
     google-query: inurl:"/wp-content/plugins/wp-jobsearch/"
     shodan-query: 'vuln:CVE-2021-4352'
-  tags: cve,wordpress,wp-plugin,wp-jobsearch,medium
+  tags: cve,wordpress,wp-plugin,wp-jobsearch,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4354-fe4487fc151c051d39c023720ae70292.yaml b/nuclei-templates/2021/CVE-2021-4354-fe4487fc151c051d39c023720ae70292.yaml
index 4aa11f309a..25b94a16bf 100644
--- a/nuclei-templates/2021/CVE-2021-4354-fe4487fc151c051d39c023720ae70292.yaml
+++ b/nuclei-templates/2021/CVE-2021-4354-fe4487fc151c051d39c023720ae70292.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pwa-for-wp/"
     google-query: inurl:"/wp-content/plugins/pwa-for-wp/"
     shodan-query: 'vuln:CVE-2021-4354'
-  tags: cve,wordpress,wp-plugin,pwa-for-wp,high
+  tags: cve,wordpress,wp-plugin,pwa-for-wp,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4364-a81ba5cd5b7c78f82a652995b8b78367.yaml b/nuclei-templates/2021/CVE-2021-4364-a81ba5cd5b7c78f82a652995b8b78367.yaml
index 44e68ecdec..88fb39941b 100644
--- a/nuclei-templates/2021/CVE-2021-4364-a81ba5cd5b7c78f82a652995b8b78367.yaml
+++ b/nuclei-templates/2021/CVE-2021-4364-a81ba5cd5b7c78f82a652995b8b78367.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobSearch WP Job Board < = 1.8.1 - Missing Authorization on jobsearch_update_job_import_schedule_call() function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-jobsearch/"
     google-query: inurl:"/wp-content/plugins/wp-jobsearch/"
     shodan-query: 'vuln:CVE-2021-4364'
-  tags: cve,wordpress,wp-plugin,wp-jobsearch,medium
+  tags: cve,wordpress,wp-plugin,wp-jobsearch,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4366-a3f1f9f4718f614e268d95c106a320c2.yaml b/nuclei-templates/2021/CVE-2021-4366-a3f1f9f4718f614e268d95c106a320c2.yaml
index d20b194548..1602a4eb60 100644
--- a/nuclei-templates/2021/CVE-2021-4366-a3f1f9f4718f614e268d95c106a320c2.yaml
+++ b/nuclei-templates/2021/CVE-2021-4366-a3f1f9f4718f614e268d95c106a320c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PWA for WP & AMP < = 1.7.32 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the  pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pwa-for-wp/"
     google-query: inurl:"/wp-content/plugins/pwa-for-wp/"
     shodan-query: 'vuln:CVE-2021-4366'
-  tags: cve,wordpress,wp-plugin,pwa-for-wp,medium
+  tags: cve,wordpress,wp-plugin,pwa-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4367-ec6ef7f01d456e74c1ef5bcee54d14d6.yaml b/nuclei-templates/2021/CVE-2021-4367-ec6ef7f01d456e74c1ef5bcee54d14d6.yaml
index 5b68ef03e5..bbdf30c683 100644
--- a/nuclei-templates/2021/CVE-2021-4367-ec6ef7f01d456e74c1ef5bcee54d14d6.yaml
+++ b/nuclei-templates/2021/CVE-2021-4367-ec6ef7f01d456e74c1ef5bcee54d14d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flo Forms – Easy Drag & Drop Form Builder <= 1.0.35 - Options Change to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks. This makes it possible for authenticated attackers, like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flo-forms/"
     google-query: inurl:"/wp-content/plugins/flo-forms/"
     shodan-query: 'vuln:CVE-2021-4367'
-  tags: cve,wordpress,wp-plugin,flo-forms,medium
+  tags: cve,wordpress,wp-plugin,flo-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4368-6555d944c0da7a05c7a9f7417ba389b0.yaml b/nuclei-templates/2021/CVE-2021-4368-6555d944c0da7a05c7a9f7417ba389b0.yaml
index 999579bb38..1ba0b39c57 100644
--- a/nuclei-templates/2021/CVE-2021-4368-6555d944c0da7a05c7a9f7417ba389b0.yaml
+++ b/nuclei-templates/2021/CVE-2021-4368-6555d944c0da7a05c7a9f7417ba389b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it possible for subscriber-level attackers to edit the plugin settings, such as the allowed upload file types.  This can lead to remote code execution through other vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nmedia-user-file-uploader/"
     google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/"
     shodan-query: 'vuln:CVE-2021-4368'
-  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,critical
+  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4370-3262dd8277294ea89d83139475cd5b78.yaml b/nuclei-templates/2021/CVE-2021-4370-3262dd8277294ea89d83139475cd5b78.yaml
index 42ca0c2d73..b751512534 100644
--- a/nuclei-templates/2021/CVE-2021-4370-3262dd8277294ea89d83139475cd5b78.yaml
+++ b/nuclei-templates/2021/CVE-2021-4370-3262dd8277294ea89d83139475cd5b78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     uListing <= 1.6.6 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to conduct numerous administrative actions, including those less critical than the explicitly outlined ones in our detection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ulisting/"
     google-query: inurl:"/wp-content/plugins/ulisting/"
     shodan-query: 'vuln:CVE-2021-4370'
-  tags: cve,wordpress,wp-plugin,ulisting,critical
+  tags: cve,wordpress,wp-plugin,ulisting,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4371-18ba5164adc930f4c13bf8eac8771529.yaml b/nuclei-templates/2021/CVE-2021-4371-18ba5164adc930f4c13bf8eac8771529.yaml
index 5c06c27957..6776d3a817 100644
--- a/nuclei-templates/2021/CVE-2021-4371-18ba5164adc930f4c13bf8eac8771529.yaml
+++ b/nuclei-templates/2021/CVE-2021-4371-18ba5164adc930f4c13bf8eac8771529.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-quick-front-end-editor/"
     google-query: inurl:"/wp-content/plugins/wp-quick-front-end-editor/"
     shodan-query: 'vuln:CVE-2021-4371'
-  tags: cve,wordpress,wp-plugin,wp-quick-front-end-editor,medium
+  tags: cve,wordpress,wp-plugin,wp-quick-front-end-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4372-e783401602a498d4131896498c1a16c5.yaml b/nuclei-templates/2021/CVE-2021-4372-e783401602a498d4131896498c1a16c5.yaml
index a4c0a0b778..11550027ea 100644
--- a/nuclei-templates/2021/CVE-2021-4372-e783401602a498d4131896498c1a16c5.yaml
+++ b/nuclei-templates/2021/CVE-2021-4372-e783401602a498d4131896498c1a16c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it possible for unauthenticated attackers to import a settings file containing malicious JavaScript that would execute when an administrator accesses the settings area of the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-dynamic-pricing-and-discounts/"
     google-query: inurl:"/wp-content/plugins/wc-dynamic-pricing-and-discounts/"
     shodan-query: 'vuln:CVE-2021-4372'
-  tags: cve,wordpress,wp-plugin,wc-dynamic-pricing-and-discounts,medium
+  tags: cve,wordpress,wp-plugin,wc-dynamic-pricing-and-discounts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4373-1bccfaa95263e0cba6cdbff0fea9a636.yaml b/nuclei-templates/2021/CVE-2021-4373-1bccfaa95263e0cba6cdbff0fea9a636.yaml
index 3f08fd030a..7f9b533fff 100644
--- a/nuclei-templates/2021/CVE-2021-4373-1bccfaa95263e0cba6cdbff0fea9a636.yaml
+++ b/nuclei-templates/2021/CVE-2021-4373-1bccfaa95263e0cba6cdbff0fea9a636.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-search/"
     google-query: inurl:"/wp-content/plugins/better-search/"
     shodan-query: 'vuln:CVE-2021-4373'
-  tags: cve,wordpress,wp-plugin,better-search,high
+  tags: cve,wordpress,wp-plugin,better-search,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4376-4e4599c0d5b0830c29196e68a72f1714.yaml b/nuclei-templates/2021/CVE-2021-4376-4e4599c0d5b0830c29196e68a72f1714.yaml
index b6f460490b..cc7cec1f9b 100644
--- a/nuclei-templates/2021/CVE-2021-4376-4e4599c0d5b0830c29196e68a72f1714.yaml
+++ b/nuclei-templates/2021/CVE-2021-4376-4e4599c0d5b0830c29196e68a72f1714.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Multi Currency <= 2.1.17 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization  in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-multi-currency/"
     google-query: inurl:"/wp-content/plugins/woo-multi-currency/"
     shodan-query: 'vuln:CVE-2021-4376'
-  tags: cve,wordpress,wp-plugin,woo-multi-currency,medium
+  tags: cve,wordpress,wp-plugin,woo-multi-currency,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4378-34686e9b40a6d9c4dcc8e1fbb6d4343b.yaml b/nuclei-templates/2021/CVE-2021-4378-34686e9b40a6d9c4dcc8e1fbb6d4343b.yaml
index 579026e85f..031e489fa4 100644
--- a/nuclei-templates/2021/CVE-2021-4378-34686e9b40a6d9c4dcc8e1fbb6d4343b.yaml
+++ b/nuclei-templates/2021/CVE-2021-4378-34686e9b40a6d9c4dcc8e1fbb6d4343b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-quick-front-end-editor/"
     google-query: inurl:"/wp-content/plugins/wp-quick-front-end-editor/"
     shodan-query: 'vuln:CVE-2021-4378'
-  tags: cve,wordpress,wp-plugin,wp-quick-front-end-editor,medium
+  tags: cve,wordpress,wp-plugin,wp-quick-front-end-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4379-fdd08f1e50818f896e8c8a898740f26b.yaml b/nuclei-templates/2021/CVE-2021-4379-fdd08f1e50818f896e8c8a898740f26b.yaml
index 0cdbfaf41d..9363bcf46e 100644
--- a/nuclei-templates/2021/CVE-2021-4379-fdd08f1e50818f896e8c8a898740f26b.yaml
+++ b/nuclei-templates/2021/CVE-2021-4379-fdd08f1e50818f896e8c8a898740f26b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Multi Currency <= 2.1.17 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-multi-currency/"
     google-query: inurl:"/wp-content/plugins/woocommerce-multi-currency/"
     shodan-query: 'vuln:CVE-2021-4379'
-  tags: cve,wordpress,wp-plugin,woocommerce-multi-currency,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-multi-currency,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4382-623ee8a736cc9ca7598f1fcb6de572f9.yaml b/nuclei-templates/2021/CVE-2021-4382-623ee8a736cc9ca7598f1fcb6de572f9.yaml
index 04430aebb9..769ce4de64 100644
--- a/nuclei-templates/2021/CVE-2021-4382-623ee8a736cc9ca7598f1fcb6de572f9.yaml
+++ b/nuclei-templates/2021/CVE-2021-4382-623ee8a736cc9ca7598f1fcb6de572f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Recently <= 3.0.4 - Arbitrary File Upload to Remote Code Exectution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recently/"
     google-query: inurl:"/wp-content/plugins/recently/"
     shodan-query: 'vuln:CVE-2021-4382'
-  tags: cve,wordpress,wp-plugin,recently,high
+  tags: cve,wordpress,wp-plugin,recently,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4383-f945b2013c9f8db455b1c19cba6e241e.yaml b/nuclei-templates/2021/CVE-2021-4383-f945b2013c9f8db455b1c19cba6e241e.yaml
index 392519076d..78b91bfcd7 100644
--- a/nuclei-templates/2021/CVE-2021-4383-f945b2013c9f8db455b1c19cba6e241e.yaml
+++ b/nuclei-templates/2021/CVE-2021-4383-f945b2013c9f8db455b1c19cba6e241e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-quick-front-end-editor/"
     google-query: inurl:"/wp-content/plugins/wp-quick-front-end-editor/"
     shodan-query: 'vuln:CVE-2021-4383'
-  tags: cve,wordpress,wp-plugin,wp-quick-front-end-editor,high
+  tags: cve,wordpress,wp-plugin,wp-quick-front-end-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4388-92760ee1af263e3e31758b506a58ef85.yaml b/nuclei-templates/2021/CVE-2021-4388-92760ee1af263e3e31758b506a58ef85.yaml
index 4f73b1fb8e..f7aca2aa54 100644
--- a/nuclei-templates/2021/CVE-2021-4388-92760ee1af263e3e31758b506a58ef85.yaml
+++ b/nuclei-templates/2021/CVE-2021-4388-92760ee1af263e3e31758b506a58ef85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Opal Estate <= 1.6.11 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing  capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/opal-estate/"
     google-query: inurl:"/wp-content/plugins/opal-estate/"
     shodan-query: 'vuln:CVE-2021-4388'
-  tags: cve,wordpress,wp-plugin,opal-estate,medium
+  tags: cve,wordpress,wp-plugin,opal-estate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4401-28932f902044dea62ee1c6a2f1f7a4c4.yaml b/nuclei-templates/2021/CVE-2021-4401-28932f902044dea62ee1c6a2f1f7a4c4.yaml
index b3eac6040b..ca805fa5ef 100644
--- a/nuclei-templates/2021/CVE-2021-4401-28932f902044dea62ee1c6a2f1f7a4c4.yaml
+++ b/nuclei-templates/2021/CVE-2021-4401-28932f902044dea62ee1c6a2f1f7a4c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/analogwp-templates/"
     google-query: inurl:"/wp-content/plugins/analogwp-templates/"
     shodan-query: 'vuln:CVE-2021-4401'
-  tags: cve,wordpress,wp-plugin,analogwp-templates,high
+  tags: cve,wordpress,wp-plugin,analogwp-templates,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-4428-9dec9c9b266000df591dc3dcef1e7d84.yaml b/nuclei-templates/2021/CVE-2021-4428-9dec9c9b266000df591dc3dcef1e7d84.yaml
index 50e947ba4e..d1a03468b8 100644
--- a/nuclei-templates/2021/CVE-2021-4428-9dec9c9b266000df591dc3dcef1e7d84.yaml
+++ b/nuclei-templates/2021/CVE-2021-4428-9dec9c9b266000df591dc3dcef1e7d84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     what3words Address Field <= 4.0.0 - Authenticated (Administrator+) Sensitive Information Exposure in class-w3w-autosuggest-public.php
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The what3words Address Field plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.0.0 in class-w3w-autosuggest-public.php. This can allow authenticated attackers, with administrator-level privileges and above, to extract sensitive data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3-word-address-validation-field/"
     google-query: inurl:"/wp-content/plugins/3-word-address-validation-field/"
     shodan-query: 'vuln:CVE-2021-4428'
-  tags: cve,wordpress,wp-plugin,3-word-address-validation-field,medium
+  tags: cve,wordpress,wp-plugin,3-word-address-validation-field,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-44779-d0a082141e820d78d2c62d7167bca620.yaml b/nuclei-templates/2021/CVE-2021-44779-d0a082141e820d78d2c62d7167bca620.yaml
index aafe6b7938..94b3bd4c1a 100644
--- a/nuclei-templates/2021/CVE-2021-44779-d0a082141e820d78d2c62d7167bca620.yaml
+++ b/nuclei-templates/2021/CVE-2021-44779-d0a082141e820d78d2c62d7167bca620.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     [GWA] AutoResponder <= 2.3 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The [GWA] AutoResponder plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autoresponder-gwa/"
     google-query: inurl:"/wp-content/plugins/autoresponder-gwa/"
     shodan-query: 'vuln:CVE-2021-44779'
-  tags: cve,wordpress,wp-plugin,autoresponder-gwa,high
+  tags: cve,wordpress,wp-plugin,autoresponder-gwa,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2021/CVE-2021-45729-a2596cd818b9e76da96ce78707638a4c.yaml b/nuclei-templates/2021/CVE-2021-45729-a2596cd818b9e76da96ce78707638a4c.yaml
index d7d3e43b5e..a21e1bacd4 100644
--- a/nuclei-templates/2021/CVE-2021-45729-a2596cd818b9e76da96ce78707638a4c.yaml
+++ b/nuclei-templates/2021/CVE-2021-45729-a2596cd818b9e76da96ce78707638a4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Map <= 1.8.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gmap-embed/"
     google-query: inurl:"/wp-content/plugins/gmap-embed/"
     shodan-query: 'vuln:CVE-2021-45729'
-  tags: cve,wordpress,wp-plugin,gmap-embed,medium
+  tags: cve,wordpress,wp-plugin,gmap-embed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0134-b59e16af89b52cabb8769776994f8e59.yaml b/nuclei-templates/2022/CVE-2022-0134-b59e16af89b52cabb8769776994f8e59.yaml
index f565bd09cb..fe5a91a680 100644
--- a/nuclei-templates/2022/CVE-2022-0134-b59e16af89b52cabb8769776994f8e59.yaml
+++ b/nuclei-templates/2022/CVE-2022-0134-b59e16af89b52cabb8769776994f8e59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AnyComment <= 0.2.17 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anycomment/"
     google-query: inurl:"/wp-content/plugins/anycomment/"
     shodan-query: 'vuln:CVE-2022-0134'
-  tags: cve,wordpress,wp-plugin,anycomment,high
+  tags: cve,wordpress,wp-plugin,anycomment,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0141-bbd390969a32b30a2e60ec6fbae2e10c.yaml b/nuclei-templates/2022/CVE-2022-0141-bbd390969a32b30a2e60ec6fbae2e10c.yaml
index 4138e29a2f..dfb9dac934 100644
--- a/nuclei-templates/2022/CVE-2022-0141-bbd390969a32b30a2e60ec6fbae2e10c.yaml
+++ b/nuclei-templates/2022/CVE-2022-0141-bbd390969a32b30a2e60ec6fbae2e10c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Form Builder <= 3.0.7 - Cross-Site Request Forgery to Data Modification
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visual-form-builder/"
     google-query: inurl:"/wp-content/plugins/visual-form-builder/"
     shodan-query: 'vuln:CVE-2022-0141'
-  tags: cve,wordpress,wp-plugin,visual-form-builder,high
+  tags: cve,wordpress,wp-plugin,visual-form-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0163-3928f6f30c541722320412a9e71021b8.yaml b/nuclei-templates/2022/CVE-2022-0163-3928f6f30c541722320412a9e71021b8.yaml
index 5382a809f0..fa5dca667c 100644
--- a/nuclei-templates/2022/CVE-2022-0163-3928f6f30c541722320412a9e71021b8.yaml
+++ b/nuclei-templates/2022/CVE-2022-0163-3928f6f30c541722320412a9e71021b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Forms < 2.6.71 - Missing Authorization to Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-forms/"
     google-query: inurl:"/wp-content/plugins/smart-forms/"
     shodan-query: 'vuln:CVE-2022-0163'
-  tags: cve,wordpress,wp-plugin,smart-forms,medium
+  tags: cve,wordpress,wp-plugin,smart-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0164-590623a5d7befa81a3dd4c5d938153e0.yaml b/nuclei-templates/2022/CVE-2022-0164-590623a5d7befa81a3dd4c5d938153e0.yaml
index de0ab1400f..7a2badabb9 100644
--- a/nuclei-templates/2022/CVE-2022-0164-590623a5d7befa81a3dd4c5d938153e0.yaml
+++ b/nuclei-templates/2022/CVE-2022-0164-590623a5d7befa81a3dd4c5d938153e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming soon and Maintenance mode  <= 3.6.6 - Missing Authorization to Arbitrary Email Send
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/coming-soon-page/"
     shodan-query: 'vuln:CVE-2022-0164'
-  tags: cve,wordpress,wp-plugin,coming-soon-page,medium
+  tags: cve,wordpress,wp-plugin,coming-soon-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0180-1cb4591e0480a2550d32c48672d101ca.yaml b/nuclei-templates/2022/CVE-2022-0180-1cb4591e0480a2550d32c48672d101ca.yaml
index 06d554f194..973d6b5b16 100644
--- a/nuclei-templates/2022/CVE-2022-0180-1cb4591e0480a2550d32c48672d101ca.yaml
+++ b/nuclei-templates/2022/CVE-2022-0180-1cb4591e0480a2550d32c48672d101ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 7.3.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2022-0180'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,high
+  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0182-b13bd75954a4a1908d54b2904726ac6a.yaml b/nuclei-templates/2022/CVE-2022-0182-b13bd75954a4a1908d54b2904726ac6a.yaml
index 05ead2454d..8dcd656d95 100644
--- a/nuclei-templates/2022/CVE-2022-0182-b13bd75954a4a1908d54b2904726ac6a.yaml
+++ b/nuclei-templates/2022/CVE-2022-0182-b13bd75954a4a1908d54b2904726ac6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 7.3.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2022-0182'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0186-40a15a1270025c5cb430a29eea6824ae.yaml b/nuclei-templates/2022/CVE-2022-0186-40a15a1270025c5cb430a29eea6824ae.yaml
index 968cb26fc2..56c29124c7 100644
--- a/nuclei-templates/2022/CVE-2022-0186-40a15a1270025c5cb430a29eea6824ae.yaml
+++ b/nuclei-templates/2022/CVE-2022-0186-40a15a1270025c5cb430a29eea6824ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Photo Gallery Final Tiles Grid <= 3.5.2 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/final-tiles-grid-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/final-tiles-grid-gallery-lite/"
     shodan-query: 'vuln:CVE-2022-0186'
-  tags: cve,wordpress,wp-plugin,final-tiles-grid-gallery-lite,medium
+  tags: cve,wordpress,wp-plugin,final-tiles-grid-gallery-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0190-f2687a211e25f95aa3e0981921986366.yaml b/nuclei-templates/2022/CVE-2022-0190-f2687a211e25f95aa3e0981921986366.yaml
index 0f44554e10..a5573bc454 100644
--- a/nuclei-templates/2022/CVE-2022-0190-f2687a211e25f95aa3e0981921986366.yaml
+++ b/nuclei-templates/2022/CVE-2022-0190-f2687a211e25f95aa3e0981921986366.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ad Invalid Click Protector <= 1.2.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ad-invalid-click-protector/"
     google-query: inurl:"/wp-content/plugins/ad-invalid-click-protector/"
     shodan-query: 'vuln:CVE-2022-0190'
-  tags: cve,wordpress,wp-plugin,ad-invalid-click-protector,high
+  tags: cve,wordpress,wp-plugin,ad-invalid-click-protector,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0205-7a46739bfced50470df5ec8fce622b5b.yaml b/nuclei-templates/2022/CVE-2022-0205-7a46739bfced50470df5ec8fce622b5b.yaml
index b2aafaa89f..5cb2ac5676 100644
--- a/nuclei-templates/2022/CVE-2022-0205-7a46739bfced50470df5ec8fce622b5b.yaml
+++ b/nuclei-templates/2022/CVE-2022-0205-7a46739bfced50470df5ec8fce622b5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YOP Poll <= 6.3.4 - Author+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yop-poll/"
     google-query: inurl:"/wp-content/plugins/yop-poll/"
     shodan-query: 'vuln:CVE-2022-0205'
-  tags: cve,wordpress,wp-plugin,yop-poll,medium
+  tags: cve,wordpress,wp-plugin,yop-poll,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0209-0c15ed5f69fa39b17ef98a0065e40d8c.yaml b/nuclei-templates/2022/CVE-2022-0209-0c15ed5f69fa39b17ef98a0065e40d8c.yaml
index 6a909df6b8..140e8bf0e9 100644
--- a/nuclei-templates/2022/CVE-2022-0209-0c15ed5f69fa39b17ef98a0065e40d8c.yaml
+++ b/nuclei-templates/2022/CVE-2022-0209-0c15ed5f69fa39b17ef98a0065e40d8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mitsol Social Post Feed <= 1.10 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping on the application id parameters. This makes it possible for authenticated (admin+) attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-wall-and-social-integration/"
     google-query: inurl:"/wp-content/plugins/facebook-wall-and-social-integration/"
     shodan-query: 'vuln:CVE-2022-0209'
-  tags: cve,wordpress,wp-plugin,facebook-wall-and-social-integration,medium
+  tags: cve,wordpress,wp-plugin,facebook-wall-and-social-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0210-6cbcd9de8a0bffdfb0e1ab93c491bf62.yaml b/nuclei-templates/2022/CVE-2022-0210-6cbcd9de8a0bffdfb0e1ab93c491bf62.yaml
index 6cdaf65254..fabae8b242 100644
--- a/nuclei-templates/2022/CVE-2022-0210-6cbcd9de8a0bffdfb0e1ab93c491bf62.yaml
+++ b/nuclei-templates/2022/CVE-2022-0210-6cbcd9de8a0bffdfb0e1ab93c491bf62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Random Banner <= 4.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/random-banner/"
     google-query: inurl:"/wp-content/plugins/random-banner/"
     shodan-query: 'vuln:CVE-2022-0210'
-  tags: cve,wordpress,wp-plugin,random-banner,medium
+  tags: cve,wordpress,wp-plugin,random-banner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0211-90c7f750404de09cdcd8955a310ab0ab.yaml b/nuclei-templates/2022/CVE-2022-0211-90c7f750404de09cdcd8955a310ab0ab.yaml
index 8860a49c3a..87923cdea7 100644
--- a/nuclei-templates/2022/CVE-2022-0211-90c7f750404de09cdcd8955a310ab0ab.yaml
+++ b/nuclei-templates/2022/CVE-2022-0211-90c7f750404de09cdcd8955a310ab0ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shield Security <= 13.0.5 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-simple-firewall/"
     google-query: inurl:"/wp-content/plugins/wp-simple-firewall/"
     shodan-query: 'vuln:CVE-2022-0211'
-  tags: cve,wordpress,wp-plugin,wp-simple-firewall,medium
+  tags: cve,wordpress,wp-plugin,wp-simple-firewall,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0215-16223cc2976f7faa5fb929bf7546e0a0.yaml b/nuclei-templates/2022/CVE-2022-0215-16223cc2976f7faa5fb929bf7546e0a0.yaml
index e4366c4144..341072c5c1 100644
--- a/nuclei-templates/2022/CVE-2022-0215-16223cc2976f7faa5fb929bf7546e0a0.yaml
+++ b/nuclei-templates/2022/CVE-2022-0215-16223cc2976f7faa5fb929bf7546e0a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login/Signup Popup <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-login-woocommerce/"
     google-query: inurl:"/wp-content/plugins/easy-login-woocommerce/"
     shodan-query: 'vuln:CVE-2022-0215'
-  tags: cve,wordpress,wp-plugin,easy-login-woocommerce,high
+  tags: cve,wordpress,wp-plugin,easy-login-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0215-5dc88e8bebac4fb35e29ff329ac029fd.yaml b/nuclei-templates/2022/CVE-2022-0215-5dc88e8bebac4fb35e29ff329ac029fd.yaml
index f01d6994e3..492b1d8dd3 100644
--- a/nuclei-templates/2022/CVE-2022-0215-5dc88e8bebac4fb35e29ff329ac029fd.yaml
+++ b/nuclei-templates/2022/CVE-2022-0215-5dc88e8bebac4fb35e29ff329ac029fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Side Cart Woocommerce (Ajax) <= 2.0 - Cross-Site Request Forgery to Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/side-cart-woocommerce/"
     google-query: inurl:"/wp-content/plugins/side-cart-woocommerce/"
     shodan-query: 'vuln:CVE-2022-0215'
-  tags: cve,wordpress,wp-plugin,side-cart-woocommerce,high
+  tags: cve,wordpress,wp-plugin,side-cart-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0215-9c997af79b10bc0805f0be2e95bc48ad.yaml b/nuclei-templates/2022/CVE-2022-0215-9c997af79b10bc0805f0be2e95bc48ad.yaml
index 4794b3042d..36275e66a4 100644
--- a/nuclei-templates/2022/CVE-2022-0215-9c997af79b10bc0805f0be2e95bc48ad.yaml
+++ b/nuclei-templates/2022/CVE-2022-0215-9c997af79b10bc0805f0be2e95bc48ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.1 - Cross-Site Request Forgery to Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/waitlist-woocommerce/"
     google-query: inurl:"/wp-content/plugins/waitlist-woocommerce/"
     shodan-query: 'vuln:CVE-2022-0215'
-  tags: cve,wordpress,wp-plugin,waitlist-woocommerce,high
+  tags: cve,wordpress,wp-plugin,waitlist-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0228-b04ad422f3446dde9c13618b34ff98a5.yaml b/nuclei-templates/2022/CVE-2022-0228-b04ad422f3446dde9c13618b34ff98a5.yaml
index eef159aa88..eaaeada1c1 100644
--- a/nuclei-templates/2022/CVE-2022-0228-b04ad422f3446dde9c13618b34ff98a5.yaml
+++ b/nuclei-templates/2022/CVE-2022-0228-b04ad422f3446dde9c13618b34ff98a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder <= 4.0.6 - Authenticated SQL Injection via order & orderby Parameters
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-builder/"
     google-query: inurl:"/wp-content/plugins/popup-builder/"
     shodan-query: 'vuln:CVE-2022-0228'
-  tags: cve,wordpress,wp-plugin,popup-builder,high
+  tags: cve,wordpress,wp-plugin,popup-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0230-e5558e0a5f22ef3f76543aa9614d9789.yaml b/nuclei-templates/2022/CVE-2022-0230-e5558e0a5f22ef3f76543aa9614d9789.yaml
index 6207e7592b..e80755cc07 100644
--- a/nuclei-templates/2022/CVE-2022-0230-e5558e0a5f22ef3f76543aa9614d9789.yaml
+++ b/nuclei-templates/2022/CVE-2022-0230-e5558e0a5f22ef3f76543aa9614d9789.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bwp-google-xml-sitemaps/"
     google-query: inurl:"/wp-content/plugins/bwp-google-xml-sitemaps/"
     shodan-query: 'vuln:CVE-2022-0230'
-  tags: cve,wordpress,wp-plugin,bwp-google-xml-sitemaps,medium
+  tags: cve,wordpress,wp-plugin,bwp-google-xml-sitemaps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0232-c0cb327a973fcb4e19ac20c22cf757a3.yaml b/nuclei-templates/2022/CVE-2022-0232-c0cb327a973fcb4e19ac20c22cf757a3.yaml
index 2b6949fd61..e1f9f86e8f 100644
--- a/nuclei-templates/2022/CVE-2022-0232-c0cb327a973fcb4e19ac20c22cf757a3.yaml
+++ b/nuclei-templates/2022/CVE-2022-0232-c0cb327a973fcb4e19ac20c22cf757a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration, Login & Landing Pages  <= 1.2.7 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-landing-pages-leadmagic/"
     google-query: inurl:"/wp-content/plugins/custom-landing-pages-leadmagic/"
     shodan-query: 'vuln:CVE-2022-0232'
-  tags: cve,wordpress,wp-plugin,custom-landing-pages-leadmagic,medium
+  tags: cve,wordpress,wp-plugin,custom-landing-pages-leadmagic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0233-b38eda58adcd55c816f6214da161bc56.yaml b/nuclei-templates/2022/CVE-2022-0233-b38eda58adcd55c816f6214da161bc56.yaml
index 04e219f428..401fc63d7b 100644
--- a/nuclei-templates/2022/CVE-2022-0233-b38eda58adcd55c816f6214da161bc56.yaml
+++ b/nuclei-templates/2022/CVE-2022-0233-b38eda58adcd55c816f6214da161bc56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 - Stored Cross-Site Scripting via Profile
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 4.7.4.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2022-0233'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0254-e1ad6d026d68d47f5c4c4162b3b2d312.yaml b/nuclei-templates/2022/CVE-2022-0254-e1ad6d026d68d47f5c4c4162b3b2d312.yaml
index 3f4bfbcd0c..9738f10ed9 100644
--- a/nuclei-templates/2022/CVE-2022-0254-e1ad6d026d68d47f5c4c4162b3b2d312.yaml
+++ b/nuclei-templates/2022/CVE-2022-0254-e1ad6d026d68d47f5c4c4162b3b2d312.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zero Spam <= 5.2.10 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zero-spam/"
     google-query: inurl:"/wp-content/plugins/zero-spam/"
     shodan-query: 'vuln:CVE-2022-0254'
-  tags: cve,wordpress,wp-plugin,zero-spam,high
+  tags: cve,wordpress,wp-plugin,zero-spam,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0255-b872392d30229399db8513dcb00793fb.yaml b/nuclei-templates/2022/CVE-2022-0255-b872392d30229399db8513dcb00793fb.yaml
index 4c19698db1..14115272c0 100644
--- a/nuclei-templates/2022/CVE-2022-0255-b872392d30229399db8513dcb00793fb.yaml
+++ b/nuclei-templates/2022/CVE-2022-0255-b872392d30229399db8513dcb00793fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Database Backup for WordPress <= 2.5 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-db-backup/"
     google-query: inurl:"/wp-content/plugins/wp-db-backup/"
     shodan-query: 'vuln:CVE-2022-0255'
-  tags: cve,wordpress,wp-plugin,wp-db-backup,high
+  tags: cve,wordpress,wp-plugin,wp-db-backup,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0267-d9b7905c602159e1d431254ae8993ca0.yaml b/nuclei-templates/2022/CVE-2022-0267-d9b7905c602159e1d431254ae8993ca0.yaml
index 9ddd6b983a..1f2abdb06d 100644
--- a/nuclei-templates/2022/CVE-2022-0267-d9b7905c602159e1d431254ae8993ca0.yaml
+++ b/nuclei-templates/2022/CVE-2022-0267-d9b7905c602159e1d431254ae8993ca0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdRotate – Ad manager & AdSense Ads <= 5.8.17 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adrotate/"
     google-query: inurl:"/wp-content/plugins/adrotate/"
     shodan-query: 'vuln:CVE-2022-0267'
-  tags: cve,wordpress,wp-plugin,adrotate,high
+  tags: cve,wordpress,wp-plugin,adrotate,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0287-dab92fc7cb3e34a6cce738aec497ec2e.yaml b/nuclei-templates/2022/CVE-2022-0287-dab92fc7cb3e34a6cce738aec497ec2e.yaml
index 99b2dbfc09..389f43464e 100644
--- a/nuclei-templates/2022/CVE-2022-0287-dab92fc7cb3e34a6cce738aec497ec2e.yaml
+++ b/nuclei-templates/2022/CVE-2022-0287-dab92fc7cb3e34a6cce738aec497ec2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mycred/"
     google-query: inurl:"/wp-content/plugins/mycred/"
     shodan-query: 'vuln:CVE-2022-0287'
-  tags: cve,wordpress,wp-plugin,mycred,medium
+  tags: cve,wordpress,wp-plugin,mycred,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0316-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/2022/CVE-2022-0316-5bf9d91713d8c35818245877f73557be.yaml
index 6174a6736a..524f87ca62 100644
--- a/nuclei-templates/2022/CVE-2022-0316-5bf9d91713d8c35818245877f73557be.yaml
+++ b/nuclei-templates/2022/CVE-2022-0316-5bf9d91713d8c35818245877f73557be.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2022-0316
   metadata:
-    fofa-query: "wp-content/themes/aidreform/"
-    google-query: inurl:"/wp-content/themes/aidreform/"
+    fofa-query: "wp-content/themes/footysquare/"
+    google-query: inurl:"/wp-content/themes/footysquare/"
     shodan-query: 'vuln:CVE-2022-0316'
-  tags: cve,wordpress,wp-theme,aidreform,critical
+  tags: cve,wordpress,wp-theme,footysquare,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/aidreform/style.css"
+      - "{{BaseURL}}/wp-content/themes/footysquare/style.css"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "aidreform"
+          - "footysquare"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-0328-127d546d7f94ec42c9601b4f8349bbdc.yaml b/nuclei-templates/2022/CVE-2022-0328-127d546d7f94ec42c9601b4f8349bbdc.yaml
index 5aeccf4c8c..0485f4c646 100644
--- a/nuclei-templates/2022/CVE-2022-0328-127d546d7f94ec42c9601b4f8349bbdc.yaml
+++ b/nuclei-templates/2022/CVE-2022-0328-127d546d7f94ec42c9601b4f8349bbdc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership <= 4.0.8 - Cross-Site Request Forgery to Arbitrary Member Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership/"
     google-query: inurl:"/wp-content/plugins/simple-membership/"
     shodan-query: 'vuln:CVE-2022-0328'
-  tags: cve,wordpress,wp-plugin,simple-membership,high
+  tags: cve,wordpress,wp-plugin,simple-membership,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0360-e9ce7b3589ea1d2e769d3fe233efa510.yaml b/nuclei-templates/2022/CVE-2022-0360-e9ce7b3589ea1d2e769d3fe233efa510.yaml
index b5d23c5754..609592dc4f 100644
--- a/nuclei-templates/2022/CVE-2022-0360-e9ce7b3589ea1d2e769d3fe233efa510.yaml
+++ b/nuclei-templates/2022/CVE-2022-0360-e9ce7b3589ea1d2e769d3fe233efa510.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Ultimate CSV Importer <= 6.4.2 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/"
     shodan-query: 'vuln:CVE-2022-0360'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,medium
+  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0363-6420c7d64b9445ffc9ff5c8ed72e1368.yaml b/nuclei-templates/2022/CVE-2022-0363-6420c7d64b9445ffc9ff5c8ed72e1368.yaml
index 1a190aba02..4106713e36 100644
--- a/nuclei-templates/2022/CVE-2022-0363-6420c7d64b9445ffc9ff5c8ed72e1368.yaml
+++ b/nuclei-templates/2022/CVE-2022-0363-6420c7d64b9445ffc9ff5c8ed72e1368.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 -  Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mycred/"
     google-query: inurl:"/wp-content/plugins/mycred/"
     shodan-query: 'vuln:CVE-2022-0363'
-  tags: cve,wordpress,wp-plugin,mycred,medium
+  tags: cve,wordpress,wp-plugin,mycred,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0364-f91654e07624f568e772537007d8ac97.yaml b/nuclei-templates/2022/CVE-2022-0364-f91654e07624f568e772537007d8ac97.yaml
index 8719b8e708..2d4a3bcd61 100644
--- a/nuclei-templates/2022/CVE-2022-0364-f91654e07624f568e772537007d8ac97.yaml
+++ b/nuclei-templates/2022/CVE-2022-0364-f91654e07624f568e772537007d8ac97.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar Lite <= 6.3.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2022-0364'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0376-ef13d8f60909d5e2009ffdcbdc23e29a.yaml b/nuclei-templates/2022/CVE-2022-0376-ef13d8f60909d5e2009ffdcbdc23e29a.yaml
index 5ba8962bd9..fca31d2bcf 100644
--- a/nuclei-templates/2022/CVE-2022-0376-ef13d8f60909d5e2009ffdcbdc23e29a.yaml
+++ b/nuclei-templates/2022/CVE-2022-0376-ef13d8f60909d5e2009ffdcbdc23e29a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Meta <= 2.4.2 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-meta/"
     google-query: inurl:"/wp-content/plugins/user-meta/"
     shodan-query: 'vuln:CVE-2022-0376'
-  tags: cve,wordpress,wp-plugin,user-meta,medium
+  tags: cve,wordpress,wp-plugin,user-meta,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0383-de4b42af1ef3e90d957d2f6f01c968f1.yaml b/nuclei-templates/2022/CVE-2022-0383-de4b42af1ef3e90d957d2f6f01c968f1.yaml
index 2a3834fa2b..0877893b30 100644
--- a/nuclei-templates/2022/CVE-2022-0383-de4b42af1ef3e90d957d2f6f01c968f1.yaml
+++ b/nuclei-templates/2022/CVE-2022-0383-de4b42af1ef3e90d957d2f6f01c968f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Review Slider < 11.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-facebook-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-facebook-reviews/"
     shodan-query: 'vuln:CVE-2022-0383'
-  tags: cve,wordpress,wp-plugin,wp-facebook-reviews,high
+  tags: cve,wordpress,wp-plugin,wp-facebook-reviews,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0388-205de06070622aab10eb1bdf566b37c2.yaml b/nuclei-templates/2022/CVE-2022-0388-205de06070622aab10eb1bdf566b37c2.yaml
index 3fa2883111..0b526a36e3 100644
--- a/nuclei-templates/2022/CVE-2022-0388-205de06070622aab10eb1bdf566b37c2.yaml
+++ b/nuclei-templates/2022/CVE-2022-0388-205de06070622aab10eb1bdf566b37c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Interactive Medical Drawing of Human Body < 2.4 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Interactive Medical Drawing of Human Body WordPress plugin before 2.4 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-medical-drawing-of-human-body/"
     google-query: inurl:"/wp-content/plugins/interactive-medical-drawing-of-human-body/"
     shodan-query: 'vuln:CVE-2022-0388'
-  tags: cve,wordpress,wp-plugin,interactive-medical-drawing-of-human-body,medium
+  tags: cve,wordpress,wp-plugin,interactive-medical-drawing-of-human-body,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0389-1b5cbc1452a8c85b5da51d915487aec1.yaml b/nuclei-templates/2022/CVE-2022-0389-1b5cbc1452a8c85b5da51d915487aec1.yaml
index f67b4b94ca..842768177d 100644
--- a/nuclei-templates/2022/CVE-2022-0389-1b5cbc1452a8c85b5da51d915487aec1.yaml
+++ b/nuclei-templates/2022/CVE-2022-0389-1b5cbc1452a8c85b5da51d915487aec1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Time Slots Booking Form <= 1.1.62 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-time-slots-booking-form/"
     google-query: inurl:"/wp-content/plugins/wp-time-slots-booking-form/"
     shodan-query: 'vuln:CVE-2022-0389'
-  tags: cve,wordpress,wp-plugin,wp-time-slots-booking-form,medium
+  tags: cve,wordpress,wp-plugin,wp-time-slots-booking-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0404-2c15d4e93f6f6d616a273e49657a41e3.yaml b/nuclei-templates/2022/CVE-2022-0404-2c15d4e93f6f6d616a273e49657a41e3.yaml
index bad4db9697..6e9fcdcc0e 100644
--- a/nuclei-templates/2022/CVE-2022-0404-2c15d4e93f6f6d616a273e49657a41e3.yaml
+++ b/nuclei-templates/2022/CVE-2022-0404-2c15d4e93f6f6d616a273e49657a41e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Material Design for Contact Form 7 <= 2.6.4 - Missing Authorization to Arbitrary Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/material-design-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/material-design-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2022-0404'
-  tags: cve,wordpress,wp-plugin,material-design-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,material-design-for-contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0410-1be66c0880c6c44fa345977c011d45e4.yaml b/nuclei-templates/2022/CVE-2022-0410-1be66c0880c6c44fa345977c011d45e4.yaml
index 39215a4771..035ee7efb8 100644
--- a/nuclei-templates/2022/CVE-2022-0410-1be66c0880c6c44fa345977c011d45e4.yaml
+++ b/nuclei-templates/2022/CVE-2022-0410-1be66c0880c6c44fa345977c011d45e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Visitor Statistics (Real Time Traffic) <= 5.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-stats-manager/"
     google-query: inurl:"/wp-content/plugins/wp-stats-manager/"
     shodan-query: 'vuln:CVE-2022-0410'
-  tags: cve,wordpress,wp-plugin,wp-stats-manager,high
+  tags: cve,wordpress,wp-plugin,wp-stats-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0411-d9dc418339bf1c25423bb7e18f222c8e.yaml b/nuclei-templates/2022/CVE-2022-0411-d9dc418339bf1c25423bb7e18f222c8e.yaml
index c410b4f6e0..76d3006688 100644
--- a/nuclei-templates/2022/CVE-2022-0411-d9dc418339bf1c25423bb7e18f222c8e.yaml
+++ b/nuclei-templates/2022/CVE-2022-0411-d9dc418339bf1c25423bb7e18f222c8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Asgaros Forum < 2.0.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/asgaros-forum/"
     google-query: inurl:"/wp-content/plugins/asgaros-forum/"
     shodan-query: 'vuln:CVE-2022-0411'
-  tags: cve,wordpress,wp-plugin,asgaros-forum,high
+  tags: cve,wordpress,wp-plugin,asgaros-forum,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0412-c1e85ed5dbff1aadf024b8bce56884f9.yaml b/nuclei-templates/2022/CVE-2022-0412-c1e85ed5dbff1aadf024b8bce56884f9.yaml
index 6d45161bc7..9084df938b 100644
--- a/nuclei-templates/2022/CVE-2022-0412-c1e85ed5dbff1aadf024b8bce56884f9.yaml
+++ b/nuclei-templates/2022/CVE-2022-0412-c1e85ed5dbff1aadf024b8bce56884f9.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2022-0412
   metadata:
-    fofa-query: "wp-content/plugins/ti-woocommerce-wishlist/"
-    google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist/"
+    fofa-query: "wp-content/plugins/ti-woocommerce-wishlist-premium/"
+    google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist-premium/"
     shodan-query: 'vuln:CVE-2022-0412'
-  tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist,critical
+  tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist-premium,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist-premium/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "ti-woocommerce-wishlist"
+          - "ti-woocommerce-wishlist-premium"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-0418-8aead4340d12e591a0e0e1fb46dd9226.yaml b/nuclei-templates/2022/CVE-2022-0418-8aead4340d12e591a0e0e1fb46dd9226.yaml
index 6fd57a547b..b1bf132277 100644
--- a/nuclei-templates/2022/CVE-2022-0418-8aead4340d12e591a0e0e1fb46dd9226.yaml
+++ b/nuclei-templates/2022/CVE-2022-0418-8aead4340d12e591a0e0e1fb46dd9226.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event List < 0.8.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Event List WordPress plugin through 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-list/"
     google-query: inurl:"/wp-content/plugins/event-list/"
     shodan-query: 'vuln:CVE-2022-0418'
-  tags: cve,wordpress,wp-plugin,event-list,medium
+  tags: cve,wordpress,wp-plugin,event-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0420-a93b511e834ddd2e10f787cf551e0214.yaml b/nuclei-templates/2022/CVE-2022-0420-a93b511e834ddd2e10f787cf551e0214.yaml
index 1ef2f159ab..9c8d5f228a 100644
--- a/nuclei-templates/2022/CVE-2022-0420-a93b511e834ddd2e10f787cf551e0214.yaml
+++ b/nuclei-templates/2022/CVE-2022-0420-a93b511e834ddd2e10f787cf551e0214.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic <= 5.0.2.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2022-0420'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0423-6daeff7e508f05aeef343934c15a7178.yaml b/nuclei-templates/2022/CVE-2022-0423-6daeff7e508f05aeef343934c15a7178.yaml
index 8921c5501b..2dc1b1d39f 100644
--- a/nuclei-templates/2022/CVE-2022-0423-6daeff7e508f05aeef343934c15a7178.yaml
+++ b/nuclei-templates/2022/CVE-2022-0423-6daeff7e508f05aeef343934c15a7178.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3D FlipBook <= 1.12.0 - Subscriber+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/"
     google-query: inurl:"/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/"
     shodan-query: 'vuln:CVE-2022-0423'
-  tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,medium
+  tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0439-b5e4b4063141fbe3f98d4c057142e54f.yaml b/nuclei-templates/2022/CVE-2022-0439-b5e4b4063141fbe3f98d4c057142e54f.yaml
index fa93dd6043..dc8f880ebb 100644
--- a/nuclei-templates/2022/CVE-2022-0439-b5e4b4063141fbe3f98d4c057142e54f.yaml
+++ b/nuclei-templates/2022/CVE-2022-0439-b5e4b4063141fbe3f98d4c057142e54f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Subscribers & Newsletters <= 5.3.1 - Authenticated (or Cross-Site Request Forgery) Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2022-0439'
-  tags: cve,wordpress,wp-plugin,email-subscribers,high
+  tags: cve,wordpress,wp-plugin,email-subscribers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0440-b60d38a6f27b4184d7cf8b134a701e36.yaml b/nuclei-templates/2022/CVE-2022-0440-b60d38a6f27b4184d7cf8b134a701e36.yaml
index 318c8dda30..9915e1d2d1 100644
--- a/nuclei-templates/2022/CVE-2022-0440-b60d38a6f27b4184d7cf8b134a701e36.yaml
+++ b/nuclei-templates/2022/CVE-2022-0440-b60d38a6f27b4184d7cf8b134a701e36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Catch Themes Demo Import <= 2.1 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Catch Themes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 2.1. This is due to insufficient file type validation on imported files that makes it possible for high-level authenticated users, such as administrators, to upload arbitrary files onto a vulnerable site's server and gain remote code execution. This would only affect installations where admins have been restricted from uploading/modifying files to a site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/catch-themes-demo-import/"
     google-query: inurl:"/wp-content/plugins/catch-themes-demo-import/"
     shodan-query: 'vuln:CVE-2022-0440'
-  tags: cve,wordpress,wp-plugin,catch-themes-demo-import,high
+  tags: cve,wordpress,wp-plugin,catch-themes-demo-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0446-decbeaef5c23a80c05557edd9e92444e.yaml b/nuclei-templates/2022/CVE-2022-0446-decbeaef5c23a80c05557edd9e92444e.yaml
index 32a3e30ebf..7f975e9646 100644
--- a/nuclei-templates/2022/CVE-2022-0446-decbeaef5c23a80c05557edd9e92444e.yaml
+++ b/nuclei-templates/2022/CVE-2022-0446-decbeaef5c23a80c05557edd9e92444e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Banner <= 2.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-banner/"
     google-query: inurl:"/wp-content/plugins/simple-banner/"
     shodan-query: 'vuln:CVE-2022-0446'
-  tags: cve,wordpress,wp-plugin,simple-banner,medium
+  tags: cve,wordpress,wp-plugin,simple-banner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0448-b6fdd6c618695aebb9014f9dd705ea55.yaml b/nuclei-templates/2022/CVE-2022-0448-b6fdd6c618695aebb9014f9dd705ea55.yaml
index b448a635d8..0bd24bcae0 100644
--- a/nuclei-templates/2022/CVE-2022-0448-b6fdd6c618695aebb9014f9dd705ea55.yaml
+++ b/nuclei-templates/2022/CVE-2022-0448-b6fdd6c618695aebb9014f9dd705ea55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CP Blocks <= 1.0.14 - Authenticated Stored Cross-Site Scripting via License ID settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to inject arbitrary web scripts that execute in a victim's browser even when the unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-blocks/"
     google-query: inurl:"/wp-content/plugins/cp-blocks/"
     shodan-query: 'vuln:CVE-2022-0448'
-  tags: cve,wordpress,wp-plugin,cp-blocks,medium
+  tags: cve,wordpress,wp-plugin,cp-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0450-800833211422a31fa0bc329389e6ba63.yaml b/nuclei-templates/2022/CVE-2022-0450-800833211422a31fa0bc329389e6ba63.yaml
index 8cd569a303..6ca43fb1cc 100644
--- a/nuclei-templates/2022/CVE-2022-0450-800833211422a31fa0bc329389e6ba63.yaml
+++ b/nuclei-templates/2022/CVE-2022-0450-800833211422a31fa0bc329389e6ba63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Menu Image, Icons made easy <= 3.0.7 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/menu-image/"
     google-query: inurl:"/wp-content/plugins/menu-image/"
     shodan-query: 'vuln:CVE-2022-0450'
-  tags: cve,wordpress,wp-plugin,menu-image,medium
+  tags: cve,wordpress,wp-plugin,menu-image,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0478-6a54d7f93d8962555c63afb66d95fb68.yaml b/nuclei-templates/2022/CVE-2022-0478-6a54d7f93d8962555c63afb66d95fb68.yaml
index dc190cc84f..b8662ecd17 100644
--- a/nuclei-templates/2022/CVE-2022-0478-6a54d7f93d8962555c63afb66d95fb68.yaml
+++ b/nuclei-templates/2022/CVE-2022-0478-6a54d7f93d8962555c63afb66d95fb68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Manager and Tickets Selling for WooCommerce < 3.5.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mage-eventpress/"
     google-query: inurl:"/wp-content/plugins/mage-eventpress/"
     shodan-query: 'vuln:CVE-2022-0478'
-  tags: cve,wordpress,wp-plugin,mage-eventpress,high
+  tags: cve,wordpress,wp-plugin,mage-eventpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0493-54ef8279e490c1378421576f13667db9.yaml b/nuclei-templates/2022/CVE-2022-0493-54ef8279e490c1378421576f13667db9.yaml
index 7a0cd80615..c3fd4b34fd 100644
--- a/nuclei-templates/2022/CVE-2022-0493-54ef8279e490c1378421576f13667db9.yaml
+++ b/nuclei-templates/2022/CVE-2022-0493-54ef8279e490c1378421576f13667db9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     String Locator <= 2.4.2 - Authenticated Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/string-locator/"
     google-query: inurl:"/wp-content/plugins/string-locator/"
     shodan-query: 'vuln:CVE-2022-0493'
-  tags: cve,wordpress,wp-plugin,string-locator,medium
+  tags: cve,wordpress,wp-plugin,string-locator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0499-63d4ee9917fcafc47225c3c77377bf2f.yaml b/nuclei-templates/2022/CVE-2022-0499-63d4ee9917fcafc47225c3c77377bf2f.yaml
index 0d8587eb47..9884bc094a 100644
--- a/nuclei-templates/2022/CVE-2022-0499-63d4ee9917fcafc47225c3c77377bf2f.yaml
+++ b/nuclei-templates/2022/CVE-2022-0499-63d4ee9917fcafc47225c3c77377bf2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sermon Browser <= 0.45.22 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sermon-browser/"
     google-query: inurl:"/wp-content/plugins/sermon-browser/"
     shodan-query: 'vuln:CVE-2022-0499'
-  tags: cve,wordpress,wp-plugin,sermon-browser,high
+  tags: cve,wordpress,wp-plugin,sermon-browser,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0535-cc85fecce61e81ebcfd16fc13ed35220.yaml b/nuclei-templates/2022/CVE-2022-0535-cc85fecce61e81ebcfd16fc13ed35220.yaml
index 587bc271ad..28e48aaf0c 100644
--- a/nuclei-templates/2022/CVE-2022-0535-cc85fecce61e81ebcfd16fc13ed35220.yaml
+++ b/nuclei-templates/2022/CVE-2022-0535-cc85fecce61e81ebcfd16fc13ed35220.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     E2Pdf <= 1.16.44 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/e2pdf/"
     google-query: inurl:"/wp-content/plugins/e2pdf/"
     shodan-query: 'vuln:CVE-2022-0535'
-  tags: cve,wordpress,wp-plugin,e2pdf,medium
+  tags: cve,wordpress,wp-plugin,e2pdf,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0537-14a7ffa14fbeefc172000dc0caefb552.yaml b/nuclei-templates/2022/CVE-2022-0537-14a7ffa14fbeefc172000dc0caefb552.yaml
index 861ddc924e..937efa3d21 100644
--- a/nuclei-templates/2022/CVE-2022-0537-14a7ffa14fbeefc172000dc0caefb552.yaml
+++ b/nuclei-templates/2022/CVE-2022-0537-14a7ffa14fbeefc172000dc0caefb552.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MapPress Maps for WordPress <= 2.73.12 - Admin+ File Upload to Remote Code Execution
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/"
     shodan-query: 'vuln:CVE-2022-0537'
-  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0541-9447e0c2ffa1a53245e3f3fb0bac226a.yaml b/nuclei-templates/2022/CVE-2022-0541-9447e0c2ffa1a53245e3f3fb0bac226a.yaml
index 142fa72d2a..26aba2defc 100644
--- a/nuclei-templates/2022/CVE-2022-0541-9447e0c2ffa1a53245e3f3fb0bac226a.yaml
+++ b/nuclei-templates/2022/CVE-2022-0541-9447e0c2ffa1a53245e3f3fb0bac226a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FloLaunch <= 2.4 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flo-launch/"
     google-query: inurl:"/wp-content/plugins/flo-launch/"
     shodan-query: 'vuln:CVE-2022-0541'
-  tags: cve,wordpress,wp-plugin,flo-launch,critical
+  tags: cve,wordpress,wp-plugin,flo-launch,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0590-cad2b6b8af5079972fa1531cce991f4d.yaml b/nuclei-templates/2022/CVE-2022-0590-cad2b6b8af5079972fa1531cce991f4d.yaml
index 6274bf949d..a5618a57d4 100644
--- a/nuclei-templates/2022/CVE-2022-0590-cad2b6b8af5079972fa1531cce991f4d.yaml
+++ b/nuclei-templates/2022/CVE-2022-0590-cad2b6b8af5079972fa1531cce991f4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BulletProof Security <= 5.7 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletproof-security/"
     google-query: inurl:"/wp-content/plugins/bulletproof-security/"
     shodan-query: 'vuln:CVE-2022-0590'
-  tags: cve,wordpress,wp-plugin,bulletproof-security,medium
+  tags: cve,wordpress,wp-plugin,bulletproof-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0592-e1d4b31d2e512648b34fb410fc6ac542.yaml b/nuclei-templates/2022/CVE-2022-0592-e1d4b31d2e512648b34fb410fc6ac542.yaml
index 5698afced9..f3f42a1023 100644
--- a/nuclei-templates/2022/CVE-2022-0592-e1d4b31d2e512648b34fb410fc6ac542.yaml
+++ b/nuclei-templates/2022/CVE-2022-0592-e1d4b31d2e512648b34fb410fc6ac542.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MapSVG <= 6.2.19 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mapsvg/"
     google-query: inurl:"/wp-content/plugins/mapsvg/"
     shodan-query: 'vuln:CVE-2022-0592'
-  tags: cve,wordpress,wp-plugin,mapsvg,high
+  tags: cve,wordpress,wp-plugin,mapsvg,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0598-a833ece3f343246705571f6788efd405.yaml b/nuclei-templates/2022/CVE-2022-0598-a833ece3f343246705571f6788efd405.yaml
index 83e36cd456..c3491e41e9 100644
--- a/nuclei-templates/2022/CVE-2022-0598-a833ece3f343246705571f6788efd405.yaml
+++ b/nuclei-templates/2022/CVE-2022-0598-a833ece3f343246705571f6788efd405.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login with phone number <= 1.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login with phone number WordPress plugin through 1.3.7 do not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-phone-number/"
     google-query: inurl:"/wp-content/plugins/login-with-phone-number/"
     shodan-query: 'vuln:CVE-2022-0598'
-  tags: cve,wordpress,wp-plugin,login-with-phone-number,medium
+  tags: cve,wordpress,wp-plugin,login-with-phone-number,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0626-b5af9134a0dd9c46b02e9a0fe6e4c234.yaml b/nuclei-templates/2022/CVE-2022-0626-b5af9134a0dd9c46b02e9a0fe6e4c234.yaml
index 88005365ed..cdfe5c5642 100644
--- a/nuclei-templates/2022/CVE-2022-0626-b5af9134a0dd9c46b02e9a0fe6e4c234.yaml
+++ b/nuclei-templates/2022/CVE-2022-0626-b5af9134a0dd9c46b02e9a0fe6e4c234.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Admin Search <= 1.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Admin Search WordPress plugin through 1.1.2 does not sanitize and escape some parameters before outputting them back in an admin page, leading to Reflected Cross-Site Scripting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-admin-search/"
     google-query: inurl:"/wp-content/plugins/advanced-admin-search/"
     shodan-query: 'vuln:CVE-2022-0626'
-  tags: cve,wordpress,wp-plugin,advanced-admin-search,medium
+  tags: cve,wordpress,wp-plugin,advanced-admin-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0633-50aa046ee7fe3b1495c79cf309977bf9.yaml b/nuclei-templates/2022/CVE-2022-0633-50aa046ee7fe3b1495c79cf309977bf9.yaml
index 415ab4f509..fe0a9d0ffb 100644
--- a/nuclei-templates/2022/CVE-2022-0633-50aa046ee7fe3b1495c79cf309977bf9.yaml
+++ b/nuclei-templates/2022/CVE-2022-0633-50aa046ee7fe3b1495c79cf309977bf9.yaml
@@ -7,8 +7,8 @@ info:
   severity: medium
   description: >
     The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.
-    
-    The UpdraftPlus WordPress Backup Plugin plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when performing a heartbeat function in versions up to 1.22.3. This makes it possible for authenticated attackers with minimal permissions such as a subscriber to retrieve the path to arbitrary back-up files which can subsequently be downloaded and used to gain sensitive information about the system. This also affects premium versions before before 2.22.3.
+        
+        The UpdraftPlus WordPress Backup Plugin plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when performing a heartbeat function in versions up to 1.22.3. This makes it possible for authenticated attackers with minimal permissions such as a subscriber to retrieve the path to arbitrary back-up files which can subsequently be downloaded and used to gain sensitive information about the system. This also affects premium versions before before 2.22.3.
   reference:
     - https://www.wordfence.com/threat-intel/vulnerabilities/id/266b1004-a374-4770-9659-bac3d167b585?source=api-prod
   classification:
@@ -16,17 +16,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2022-0633
   metadata:
-    fofa-query: "wp-content/plugins/updraftplus/"
-    google-query: inurl:"/wp-content/plugins/updraftplus/"
+    fofa-query: "wp-content/plugins/updraftplus-pro/"
+    google-query: inurl:"/wp-content/plugins/updraftplus-pro/"
     shodan-query: 'vuln:CVE-2022-0633'
-  tags: cve,wordpress,wp-plugin,updraftplus,medium
+  tags: cve,wordpress,wp-plugin,updraftplus-pro,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/updraftplus-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -52,9 +52,9 @@ http:
 
       - type: word
         words:
-          - "updraftplus"
+          - "updraftplus-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '>= 1.16.7', '< 1.22.3')
\ No newline at end of file
+          - compare_versions(version, '< 2.22.3')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-0642-557dc76e2c2294cd33c5721f9ecf01e7.yaml b/nuclei-templates/2022/CVE-2022-0642-557dc76e2c2294cd33c5721f9ecf01e7.yaml
index cc4ca211f7..1d71aff8d1 100644
--- a/nuclei-templates/2022/CVE-2022-0642-557dc76e2c2294cd33c5721f9ecf01e7.yaml
+++ b/nuclei-templates/2022/CVE-2022-0642-557dc76e2c2294cd33c5721f9ecf01e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JivoChat Live Chat – WP live chat plugin for WordPress <= 1.3.5.3 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jivochat/"
     google-query: inurl:"/wp-content/plugins/jivochat/"
     shodan-query: 'vuln:CVE-2022-0642'
-  tags: cve,wordpress,wp-plugin,jivochat,high
+  tags: cve,wordpress,wp-plugin,jivochat,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0649-404d802e6aee5b15a871049b9ffff69a.yaml b/nuclei-templates/2022/CVE-2022-0649-404d802e6aee5b15a871049b9ffff69a.yaml
index 369b368743..054afe548f 100644
--- a/nuclei-templates/2022/CVE-2022-0649-404d802e6aee5b15a871049b9ffff69a.yaml
+++ b/nuclei-templates/2022/CVE-2022-0649-404d802e6aee5b15a871049b9ffff69a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdRotate – Ad manager & AdSense Ads <= 5.8.22 - Authenticated Stored Cross-Site Scripting via Group Names
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adrotate/"
     google-query: inurl:"/wp-content/plugins/adrotate/"
     shodan-query: 'vuln:CVE-2022-0649'
-  tags: cve,wordpress,wp-plugin,adrotate,medium
+  tags: cve,wordpress,wp-plugin,adrotate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0653-f044be0e1e4c22699ad8261226bc2dd0.yaml b/nuclei-templates/2022/CVE-2022-0653-f044be0e1e4c22699ad8261226bc2dd0.yaml
index fcdf8af991..ad50eb0d10 100644
--- a/nuclei-templates/2022/CVE-2022-0653-f044be0e1e4c22699ad8261226bc2dd0.yaml
+++ b/nuclei-templates/2022/CVE-2022-0653-f044be0e1e4c22699ad8261226bc2dd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder/"
     google-query: inurl:"/wp-content/plugins/profile-builder/"
     shodan-query: 'vuln:CVE-2022-0653'
-  tags: cve,wordpress,wp-plugin,profile-builder,medium
+  tags: cve,wordpress,wp-plugin,profile-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0659-52c19ba3b4c4a4e86f87839bb901d71b.yaml b/nuclei-templates/2022/CVE-2022-0659-52c19ba3b4c4a4e86f87839bb901d71b.yaml
index 67716e7841..7dcfd7bbfa 100644
--- a/nuclei-templates/2022/CVE-2022-0659-52c19ba3b4c4a4e86f87839bb901d71b.yaml
+++ b/nuclei-templates/2022/CVE-2022-0659-52c19ba3b4c4a4e86f87839bb901d71b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sync QCloud COS Plugin < 2.0.1 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sync-qcloud-cos/"
     google-query: inurl:"/wp-content/plugins/sync-qcloud-cos/"
     shodan-query: 'vuln:CVE-2022-0659'
-  tags: cve,wordpress,wp-plugin,sync-qcloud-cos,medium
+  tags: cve,wordpress,wp-plugin,sync-qcloud-cos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0661-55f4a1b139d90fca33a89ff564faba6b.yaml b/nuclei-templates/2022/CVE-2022-0661-55f4a1b139d90fca33a89ff564faba6b.yaml
index 78af2583db..d87a8b5b6a 100644
--- a/nuclei-templates/2022/CVE-2022-0661-55f4a1b139d90fca33a89ff564faba6b.yaml
+++ b/nuclei-templates/2022/CVE-2022-0661-55f4a1b139d90fca33a89ff564faba6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ad Injection <= 1.2.0.19 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site scripting (XSS) vulnerability. Further it is also possible to inject PHP code, leading to a Remote Code execution (RCE) vulnerability, even if the DISALLOW_FILE_EDIT and DISALLOW_FILE_MOD constants are both set.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ad-injection/"
     google-query: inurl:"/wp-content/plugins/ad-injection/"
     shodan-query: 'vuln:CVE-2022-0661'
-  tags: cve,wordpress,wp-plugin,ad-injection,medium
+  tags: cve,wordpress,wp-plugin,ad-injection,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0662-d07cf22ef8f576e671dbb7b3eafdf13a.yaml b/nuclei-templates/2022/CVE-2022-0662-d07cf22ef8f576e671dbb7b3eafdf13a.yaml
index 281f47ea39..5cbd4b5e99 100644
--- a/nuclei-templates/2022/CVE-2022-0662-d07cf22ef8f576e671dbb7b3eafdf13a.yaml
+++ b/nuclei-templates/2022/CVE-2022-0662-d07cf22ef8f576e671dbb7b3eafdf13a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdRotate – Ad manager & AdSense Ads <= 5.8.22 - Authenticated Stored Cross-Site Scripting via Advert Names
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adrotate/"
     google-query: inurl:"/wp-content/plugins/adrotate/"
     shodan-query: 'vuln:CVE-2022-0662'
-  tags: cve,wordpress,wp-plugin,adrotate,medium
+  tags: cve,wordpress,wp-plugin,adrotate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0663-1d90f05eb3de7b1b2997cada03edccfe.yaml b/nuclei-templates/2022/CVE-2022-0663-1d90f05eb3de7b1b2997cada03edccfe.yaml
index cbb5fa51bc..5d7c07d89f 100644
--- a/nuclei-templates/2022/CVE-2022-0663-1d90f05eb3de7b1b2997cada03edccfe.yaml
+++ b/nuclei-templates/2022/CVE-2022-0663-1d90f05eb3de7b1b2997cada03edccfe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Print, PDF, Email by PrintFriendly <= 5.2.2 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/printfriendly/"
     google-query: inurl:"/wp-content/plugins/printfriendly/"
     shodan-query: 'vuln:CVE-2022-0663'
-  tags: cve,wordpress,wp-plugin,printfriendly,medium
+  tags: cve,wordpress,wp-plugin,printfriendly,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0674-54befb9e4a40b2daeebffb4c52b40b61.yaml b/nuclei-templates/2022/CVE-2022-0674-54befb9e4a40b2daeebffb4c52b40b61.yaml
index 64c39466dd..f7d4647d82 100644
--- a/nuclei-templates/2022/CVE-2022-0674-54befb9e4a40b2daeebffb4c52b40b61.yaml
+++ b/nuclei-templates/2022/CVE-2022-0674-54befb9e4a40b2daeebffb4c52b40b61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kunze Law < 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kunze-law/"
     google-query: inurl:"/wp-content/plugins/kunze-law/"
     shodan-query: 'vuln:CVE-2022-0674'
-  tags: cve,wordpress,wp-plugin,kunze-law,medium
+  tags: cve,wordpress,wp-plugin,kunze-law,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0684-1663017756a06282bb3d18d015739d82.yaml b/nuclei-templates/2022/CVE-2022-0684-1663017756a06282bb3d18d015739d82.yaml
index 3f3bbc4e02..25714069e5 100644
--- a/nuclei-templates/2022/CVE-2022-0684-1663017756a06282bb3d18d015739d82.yaml
+++ b/nuclei-templates/2022/CVE-2022-0684-1663017756a06282bb3d18d015739d82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Home Page Menu < 3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-home-page-menu/"
     google-query: inurl:"/wp-content/plugins/wp-home-page-menu/"
     shodan-query: 'vuln:CVE-2022-0684'
-  tags: cve,wordpress,wp-plugin,wp-home-page-menu,medium
+  tags: cve,wordpress,wp-plugin,wp-home-page-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0687-bb8040f6049d728dd727ac789ea87332.yaml b/nuclei-templates/2022/CVE-2022-0687-bb8040f6049d728dd727ac789ea87332.yaml
index f6848564d7..331b33f8da 100644
--- a/nuclei-templates/2022/CVE-2022-0687-bb8040f6049d728dd727ac789ea87332.yaml
+++ b/nuclei-templates/2022/CVE-2022-0687-bb8040f6049d728dd727ac789ea87332.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment and Event Booking Calendar - Amelia < 1.0.47 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ameliabooking/"
     google-query: inurl:"/wp-content/plugins/ameliabooking/"
     shodan-query: 'vuln:CVE-2022-0687'
-  tags: cve,wordpress,wp-plugin,ameliabooking,high
+  tags: cve,wordpress,wp-plugin,ameliabooking,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0700-d24630671f65fdbbb367bb893bfade3c.yaml b/nuclei-templates/2022/CVE-2022-0700-d24630671f65fdbbb367bb893bfade3c.yaml
index 1921ab2d57..9c654dcccf 100644
--- a/nuclei-templates/2022/CVE-2022-0700-d24630671f65fdbbb367bb893bfade3c.yaml
+++ b/nuclei-templates/2022/CVE-2022-0700-d24630671f65fdbbb367bb893bfade3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Tracking <= 1.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-theme-options/"
     google-query: inurl:"/wp-content/plugins/simple-theme-options/"
     shodan-query: 'vuln:CVE-2022-0700'
-  tags: cve,wordpress,wp-plugin,simple-theme-options,medium
+  tags: cve,wordpress,wp-plugin,simple-theme-options,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0701-1d87fdeb396f4600b280560afe2112ee.yaml b/nuclei-templates/2022/CVE-2022-0701-1d87fdeb396f4600b280560afe2112ee.yaml
index c778a18877..b0936e855c 100644
--- a/nuclei-templates/2022/CVE-2022-0701-1d87fdeb396f4600b280560afe2112ee.yaml
+++ b/nuclei-templates/2022/CVE-2022-0701-1d87fdeb396f4600b280560afe2112ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seo 301 Meta <= 1.9.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-301-meta/"
     google-query: inurl:"/wp-content/plugins/seo-301-meta/"
     shodan-query: 'vuln:CVE-2022-0701'
-  tags: cve,wordpress,wp-plugin,seo-301-meta,medium
+  tags: cve,wordpress,wp-plugin,seo-301-meta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0702-4aabb12734f76649f5626710ac0ad1d9.yaml b/nuclei-templates/2022/CVE-2022-0702-4aabb12734f76649f5626710ac0ad1d9.yaml
index de9c028749..63a2248f88 100644
--- a/nuclei-templates/2022/CVE-2022-0702-4aabb12734f76649f5626710ac0ad1d9.yaml
+++ b/nuclei-templates/2022/CVE-2022-0702-4aabb12734f76649f5626710ac0ad1d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Petfinder Listings <= 1.0.19 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/petfinder-listings/"
     google-query: inurl:"/wp-content/plugins/petfinder-listings/"
     shodan-query: 'vuln:CVE-2022-0702'
-  tags: cve,wordpress,wp-plugin,petfinder-listings,medium
+  tags: cve,wordpress,wp-plugin,petfinder-listings,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0703-8ac9cdbd4cf7676c20528abcd5d7ef87.yaml b/nuclei-templates/2022/CVE-2022-0703-8ac9cdbd4cf7676c20528abcd5d7ef87.yaml
index 264bb1dd15..635ba0561c 100644
--- a/nuclei-templates/2022/CVE-2022-0703-8ac9cdbd4cf7676c20528abcd5d7ef87.yaml
+++ b/nuclei-templates/2022/CVE-2022-0703-8ac9cdbd4cf7676c20528abcd5d7ef87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Mylist <= 1.1.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-mylist/"
     google-query: inurl:"/wp-content/plugins/gd-mylist/"
     shodan-query: 'vuln:CVE-2022-0703'
-  tags: cve,wordpress,wp-plugin,gd-mylist,medium
+  tags: cve,wordpress,wp-plugin,gd-mylist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0706-8bf5f3c88eae040df5c93bb90ba373a1.yaml b/nuclei-templates/2022/CVE-2022-0706-8bf5f3c88eae040df5c93bb90ba373a1.yaml
index 5d03649e1e..a125ed75ec 100644
--- a/nuclei-templates/2022/CVE-2022-0706-8bf5f3c88eae040df5c93bb90ba373a1.yaml
+++ b/nuclei-templates/2022/CVE-2022-0706-8bf5f3c88eae040df5c93bb90ba373a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads <= 2.11.5 - Admin+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-digital-downloads/"
     google-query: inurl:"/wp-content/plugins/easy-digital-downloads/"
     shodan-query: 'vuln:CVE-2022-0706'
-  tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium
+  tags: cve,wordpress,wp-plugin,easy-digital-downloads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0707-a5ae13191d707f6528df2db00d64b11b.yaml b/nuclei-templates/2022/CVE-2022-0707-a5ae13191d707f6528df2db00d64b11b.yaml
index 64a9fa8c74..c8e11ae326 100644
--- a/nuclei-templates/2022/CVE-2022-0707-a5ae13191d707f6528df2db00d64b11b.yaml
+++ b/nuclei-templates/2022/CVE-2022-0707-a5ae13191d707f6528df2db00d64b11b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads <= 2.11.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Easy Digital Downloads WordPress plugin before version 2.11.6 does not have Cross-Site Request Forgery checks in place when inserting payment notes. This could allow attackers to make a logged admin insert arbitrary notes via a Cross-Site Request Forgery attack.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-digital-downloads/"
     google-query: inurl:"/wp-content/plugins/easy-digital-downloads/"
     shodan-query: 'vuln:CVE-2022-0707'
-  tags: cve,wordpress,wp-plugin,easy-digital-downloads,high
+  tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0728-823ea976111689a9bb4045475cc60c43.yaml b/nuclei-templates/2022/CVE-2022-0728-823ea976111689a9bb4045475cc60c43.yaml
index 0b6bde6df5..a7852a556b 100644
--- a/nuclei-templates/2022/CVE-2022-0728-823ea976111689a9bb4045475cc60c43.yaml
+++ b/nuclei-templates/2022/CVE-2022-0728-823ea976111689a9bb4045475cc60c43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Smooth Scroll Links <= 2.23.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scrolling-anchors/"
     google-query: inurl:"/wp-content/plugins/scrolling-anchors/"
     shodan-query: 'vuln:CVE-2022-0728'
-  tags: cve,wordpress,wp-plugin,scrolling-anchors,medium
+  tags: cve,wordpress,wp-plugin,scrolling-anchors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0737-c38399df1330c2dfd449ee16ef7996a9.yaml b/nuclei-templates/2022/CVE-2022-0737-c38399df1330c2dfd449ee16ef7996a9.yaml
index c2ac9670a5..d51e56d8a2 100644
--- a/nuclei-templates/2022/CVE-2022-0737-c38399df1330c2dfd449ee16ef7996a9.yaml
+++ b/nuclei-templates/2022/CVE-2022-0737-c38399df1330c2dfd449ee16ef7996a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Text Hover <= 4.1 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Text Hover WordPress plugin before 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/text-hover/"
     google-query: inurl:"/wp-content/plugins/text-hover/"
     shodan-query: 'vuln:CVE-2022-0737'
-  tags: cve,wordpress,wp-plugin,text-hover,medium
+  tags: cve,wordpress,wp-plugin,text-hover,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0750-4086b1cacdc76d37665a053863a25b12.yaml b/nuclei-templates/2022/CVE-2022-0750-4086b1cacdc76d37665a053863a25b12.yaml
index 13b4af3424..c1661bc634 100644
--- a/nuclei-templates/2022/CVE-2022-0750-4086b1cacdc76d37665a053863a25b12.yaml
+++ b/nuclei-templates/2022/CVE-2022-0750-4086b1cacdc76d37665a053863a25b12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photoswipe Masonry Gallery <= 1.2.14 Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters  found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photoswipe-masonry/"
     google-query: inurl:"/wp-content/plugins/photoswipe-masonry/"
     shodan-query: 'vuln:CVE-2022-0750'
-  tags: cve,wordpress,wp-plugin,photoswipe-masonry,medium
+  tags: cve,wordpress,wp-plugin,photoswipe-masonry,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0765-d8800c16823f2094a6d5c651646d84fa.yaml b/nuclei-templates/2022/CVE-2022-0765-d8800c16823f2094a6d5c651646d84fa.yaml
index e160b826dc..ed6e6b5975 100644
--- a/nuclei-templates/2022/CVE-2022-0765-d8800c16823f2094a6d5c651646d84fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-0765-d8800c16823f2094a6d5c651646d84fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Loco Translate <= 2.6.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Loco Translate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via elements in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the plugin, such as translators and site administrators, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/loco-translate/"
     google-query: inurl:"/wp-content/plugins/loco-translate/"
     shodan-query: 'vuln:CVE-2022-0765'
-  tags: cve,wordpress,wp-plugin,loco-translate,medium
+  tags: cve,wordpress,wp-plugin,loco-translate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0770-d02f0d7121f40075980c3a177c578c3f.yaml b/nuclei-templates/2022/CVE-2022-0770-d02f0d7121f40075980c3a177c578c3f.yaml
index b4ae907944..eda3840bb4 100644
--- a/nuclei-templates/2022/CVE-2022-0770-d02f0d7121f40075980c3a177c578c3f.yaml
+++ b/nuclei-templates/2022/CVE-2022-0770-d02f0d7121f40075980c3a177c578c3f.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2022-0770
   metadata:
-    fofa-query: "wp-content/plugins/gtranslate/"
-    google-query: inurl:"/wp-content/plugins/gtranslate/"
+    fofa-query: "wp-content/plugins/google-language-translator/"
+    google-query: inurl:"/wp-content/plugins/google-language-translator/"
     shodan-query: 'vuln:CVE-2022-0770'
-  tags: cve,wordpress,wp-plugin,gtranslate,high
+  tags: cve,wordpress,wp-plugin,google-language-translator,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/gtranslate/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/google-language-translator/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "gtranslate"
+          - "google-language-translator"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 2.9.9')
\ No newline at end of file
+          - compare_versions(version, '<= 6.0.13')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-0783-72a5beaa06012eefbccaf7bb2be8aca6.yaml b/nuclei-templates/2022/CVE-2022-0783-72a5beaa06012eefbccaf7bb2be8aca6.yaml
index 75f8d18a64..84a1c57e93 100644
--- a/nuclei-templates/2022/CVE-2022-0783-72a5beaa06012eefbccaf7bb2be8aca6.yaml
+++ b/nuclei-templates/2022/CVE-2022-0783-72a5beaa06012eefbccaf7bb2be8aca6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multiple-shipping-address-woocommerce/"
     google-query: inurl:"/wp-content/plugins/multiple-shipping-address-woocommerce/"
     shodan-query: 'vuln:CVE-2022-0783'
-  tags: cve,wordpress,wp-plugin,multiple-shipping-address-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,multiple-shipping-address-woocommerce,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0814-f2c3929c09b259d783ad3e308478fb8e.yaml b/nuclei-templates/2022/CVE-2022-0814-f2c3929c09b259d783ad3e308478fb8e.yaml
index 98bf4d3247..6a4db5cb23 100644
--- a/nuclei-templates/2022/CVE-2022-0814-f2c3929c09b259d783ad3e308478fb8e.yaml
+++ b/nuclei-templates/2022/CVE-2022-0814-f2c3929c09b259d783ad3e308478fb8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ubigeo-peru/"
     google-query: inurl:"/wp-content/plugins/ubigeo-peru/"
     shodan-query: 'vuln:CVE-2022-0814'
-  tags: cve,wordpress,wp-plugin,ubigeo-peru,medium
+  tags: cve,wordpress,wp-plugin,ubigeo-peru,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0826-259e85ddeb38f519130917626241cfb2.yaml b/nuclei-templates/2022/CVE-2022-0826-259e85ddeb38f519130917626241cfb2.yaml
index 533acc1c4a..07c99f8b81 100644
--- a/nuclei-templates/2022/CVE-2022-0826-259e85ddeb38f519130917626241cfb2.yaml
+++ b/nuclei-templates/2022/CVE-2022-0826-259e85ddeb38f519130917626241cfb2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Video Gallery <= 1.7.1 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-video-gallery-free/"
     google-query: inurl:"/wp-content/plugins/wp-video-gallery-free/"
     shodan-query: 'vuln:CVE-2022-0826'
-  tags: cve,wordpress,wp-plugin,wp-video-gallery-free,medium
+  tags: cve,wordpress,wp-plugin,wp-video-gallery-free,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0840-d9a381f55de2cbcc100fd4387b57379e.yaml b/nuclei-templates/2022/CVE-2022-0840-d9a381f55de2cbcc100fd4387b57379e.yaml
index b412ec9f4d..4beeda2e43 100644
--- a/nuclei-templates/2022/CVE-2022-0840-d9a381f55de2cbcc100fd4387b57379e.yaml
+++ b/nuclei-templates/2022/CVE-2022-0840-d9a381f55de2cbcc100fd4387b57379e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Icons <= 3.2.0 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-icons/"
     google-query: inurl:"/wp-content/plugins/easy-social-icons/"
     shodan-query: 'vuln:CVE-2022-0840'
-  tags: cve,wordpress,wp-plugin,easy-social-icons,medium
+  tags: cve,wordpress,wp-plugin,easy-social-icons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0863-b7954fa43e16eb8eb1a34f4e676a00e3.yaml b/nuclei-templates/2022/CVE-2022-0863-b7954fa43e16eb8eb1a34f4e676a00e3.yaml
index f5915da280..bf2312fced 100644
--- a/nuclei-templates/2022/CVE-2022-0863-b7954fa43e16eb8eb1a34f4e676a00e3.yaml
+++ b/nuclei-templates/2022/CVE-2022-0863-b7954fa43e16eb8eb1a34f4e676a00e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SVG Icons <= 3.2.3 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing a high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/svg-vector-icon-plugin/"
     google-query: inurl:"/wp-content/plugins/svg-vector-icon-plugin/"
     shodan-query: 'vuln:CVE-2022-0863'
-  tags: cve,wordpress,wp-plugin,svg-vector-icon-plugin,high
+  tags: cve,wordpress,wp-plugin,svg-vector-icon-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0873-feb8ea008986699e99b1ae18448b79c3.yaml b/nuclei-templates/2022/CVE-2022-0873-feb8ea008986699e99b1ae18448b79c3.yaml
index a31257e2b9..dcd641f358 100644
--- a/nuclei-templates/2022/CVE-2022-0873-feb8ea008986699e99b1ae18448b79c3.yaml
+++ b/nuclei-templates/2022/CVE-2022-0873-feb8ea008986699e99b1ae18448b79c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gmedia Photo Gallery < 1.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/grand-media/"
     google-query: inurl:"/wp-content/plugins/grand-media/"
     shodan-query: 'vuln:CVE-2022-0873'
-  tags: cve,wordpress,wp-plugin,grand-media,medium
+  tags: cve,wordpress,wp-plugin,grand-media,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0874-7b54be45a2f07bfa9d249dae96b2b8a9.yaml b/nuclei-templates/2022/CVE-2022-0874-7b54be45a2f07bfa9d249dae96b2b8a9.yaml
index 1efa397058..1873785745 100644
--- a/nuclei-templates/2022/CVE-2022-0874-7b54be45a2f07bfa9d249dae96b2b8a9.yaml
+++ b/nuclei-templates/2022/CVE-2022-0874-7b54be45a2f07bfa9d249dae96b2b8a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Social Buttons <= 2.1 - Admin+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-social-buttons/"
     google-query: inurl:"/wp-content/plugins/wp-social-buttons/"
     shodan-query: 'vuln:CVE-2022-0874'
-  tags: cve,wordpress,wp-plugin,wp-social-buttons,medium
+  tags: cve,wordpress,wp-plugin,wp-social-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0875-0afb6b2d10846bc66cf5079f2d5cff9d.yaml b/nuclei-templates/2022/CVE-2022-0875-0afb6b2d10846bc66cf5079f2d5cff9d.yaml
index 11de3df243..9ee6078e19 100644
--- a/nuclei-templates/2022/CVE-2022-0875-0afb6b2d10846bc66cf5079f2d5cff9d.yaml
+++ b/nuclei-templates/2022/CVE-2022-0875-0afb6b2d10846bc66cf5079f2d5cff9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login With OTP Over SMS, Email, WhatsApp and Google Authenticator <= 1.0.4 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-google-authenticator/"
     google-query: inurl:"/wp-content/plugins/miniorange-google-authenticator/"
     shodan-query: 'vuln:CVE-2022-0875'
-  tags: cve,wordpress,wp-plugin,miniorange-google-authenticator,critical
+  tags: cve,wordpress,wp-plugin,miniorange-google-authenticator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0876-cf20fa8408c9425d9c1e30f3c5cdbbda.yaml b/nuclei-templates/2022/CVE-2022-0876-cf20fa8408c9425d9c1e30f3c5cdbbda.yaml
index f5f59312ac..ad0e88231d 100644
--- a/nuclei-templates/2022/CVE-2022-0876-cf20fa8408c9425d9c1e30f3c5cdbbda.yaml
+++ b/nuclei-templates/2022/CVE-2022-0876-cf20fa8408c9425d9c1e30f3c5cdbbda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social comments by WpDevArt <= 2.4.9 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comments-from-facebook/"
     google-query: inurl:"/wp-content/plugins/comments-from-facebook/"
     shodan-query: 'vuln:CVE-2022-0876'
-  tags: cve,wordpress,wp-plugin,comments-from-facebook,medium
+  tags: cve,wordpress,wp-plugin,comments-from-facebook,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0884-d50bca474bfff7b87f9bd013b925f56e.yaml b/nuclei-templates/2022/CVE-2022-0884-d50bca474bfff7b87f9bd013b925f56e.yaml
index 391bfb1ffa..4ce25c0588 100644
--- a/nuclei-templates/2022/CVE-2022-0884-d50bca474bfff7b87f9bd013b925f56e.yaml
+++ b/nuclei-templates/2022/CVE-2022-0884-d50bca474bfff7b87f9bd013b925f56e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder/"
     google-query: inurl:"/wp-content/plugins/profile-builder/"
     shodan-query: 'vuln:CVE-2022-0884'
-  tags: cve,wordpress,wp-plugin,profile-builder,medium
+  tags: cve,wordpress,wp-plugin,profile-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0887-61a927bc340bb105a879f38c8d71f797.yaml b/nuclei-templates/2022/CVE-2022-0887-61a927bc340bb105a879f38c8d71f797.yaml
index f05143ad05..080515839a 100644
--- a/nuclei-templates/2022/CVE-2022-0887-61a927bc340bb105a879f38c8d71f797.yaml
+++ b/nuclei-templates/2022/CVE-2022-0887-61a927bc340bb105a879f38c8d71f797.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Icons <= 3.1.3 - Admin+ SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-icons/"
     google-query: inurl:"/wp-content/plugins/easy-social-icons/"
     shodan-query: 'vuln:CVE-2022-0887'
-  tags: cve,wordpress,wp-plugin,easy-social-icons,medium
+  tags: cve,wordpress,wp-plugin,easy-social-icons,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0889-b97c4bb0c30e63e1bfc74807877230de.yaml b/nuclei-templates/2022/CVE-2022-0889-b97c4bb0c30e63e1bfc74807877230de.yaml
index 205d73b169..3db89782cd 100644
--- a/nuclei-templates/2022/CVE-2022-0889-b97c4bb0c30e63e1bfc74807877230de.yaml
+++ b/nuclei-templates/2022/CVE-2022-0889-b97c4bb0c30e63e1bfc74807877230de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites, in versions up to and including 3.3.12.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms-uploads/"
     google-query: inurl:"/wp-content/plugins/ninja-forms-uploads/"
     shodan-query: 'vuln:CVE-2022-0889'
-  tags: cve,wordpress,wp-plugin,ninja-forms-uploads,high
+  tags: cve,wordpress,wp-plugin,ninja-forms-uploads,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0898-edf371c1f05d5a891d28a3a64c575117.yaml b/nuclei-templates/2022/CVE-2022-0898-edf371c1f05d5a891d28a3a64c575117.yaml
index 47810e3f3c..b797d34c29 100644
--- a/nuclei-templates/2022/CVE-2022-0898-edf371c1f05d5a891d28a3a64c575117.yaml
+++ b/nuclei-templates/2022/CVE-2022-0898-edf371c1f05d5a891d28a3a64c575117.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IgniteUp – Coming Soon and Maintenance Mode <= 3.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/igniteup/"
     google-query: inurl:"/wp-content/plugins/igniteup/"
     shodan-query: 'vuln:CVE-2022-0898'
-  tags: cve,wordpress,wp-plugin,igniteup,medium
+  tags: cve,wordpress,wp-plugin,igniteup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0899-54aadf8fe607e5a163f75b88f9bb6921.yaml b/nuclei-templates/2022/CVE-2022-0899-54aadf8fe607e5a163f75b88f9bb6921.yaml
index 9d32ce771d..63ad8ee6dc 100644
--- a/nuclei-templates/2022/CVE-2022-0899-54aadf8fe607e5a163f75b88f9bb6921.yaml
+++ b/nuclei-templates/2022/CVE-2022-0899-54aadf8fe607e5a163f75b88f9bb6921.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Header Footer Code Manager <= 1.1.23 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Header Footer Code Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/header-footer-code-manager/"
     google-query: inurl:"/wp-content/plugins/header-footer-code-manager/"
     shodan-query: 'vuln:CVE-2022-0899'
-  tags: cve,wordpress,wp-plugin,header-footer-code-manager,medium
+  tags: cve,wordpress,wp-plugin,header-footer-code-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0901-085734e6e575cc721d044070dab37117.yaml b/nuclei-templates/2022/CVE-2022-0901-085734e6e575cc721d044070dab37117.yaml
index 0b9d208d96..ccf434f92d 100644
--- a/nuclei-templates/2022/CVE-2022-0901-085734e6e575cc721d044070dab37117.yaml
+++ b/nuclei-templates/2022/CVE-2022-0901-085734e6e575cc721d044070dab37117.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2022-0901
   metadata:
-    fofa-query: "wp-content/plugins/ad-inserter/"
-    google-query: inurl:"/wp-content/plugins/ad-inserter/"
+    fofa-query: "wp-content/plugins/ad-inserter-pro/"
+    google-query: inurl:"/wp-content/plugins/ad-inserter-pro/"
     shodan-query: 'vuln:CVE-2022-0901'
-  tags: cve,wordpress,wp-plugin,ad-inserter,medium
+  tags: cve,wordpress,wp-plugin,ad-inserter-pro,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/ad-inserter-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "ad-inserter"
+          - "ad-inserter-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-0948-484dd45c6c89790208a6369cc9e3257b.yaml b/nuclei-templates/2022/CVE-2022-0948-484dd45c6c89790208a6369cc9e3257b.yaml
index e89ea988cc..6d7a7d1782 100644
--- a/nuclei-templates/2022/CVE-2022-0948-484dd45c6c89790208a6369cc9e3257b.yaml
+++ b/nuclei-templates/2022/CVE-2022-0948-484dd45c6c89790208a6369cc9e3257b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order Listener for WooCommerce – Play Sounds Instantly on New Orders <= 3.2.1 - Unauthenticated SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woc-order-alert/"
     google-query: inurl:"/wp-content/plugins/woc-order-alert/"
     shodan-query: 'vuln:CVE-2022-0948'
-  tags: cve,wordpress,wp-plugin,woc-order-alert,medium
+  tags: cve,wordpress,wp-plugin,woc-order-alert,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0958-cf0f772efb4c9beac6971570b02c3073.yaml b/nuclei-templates/2022/CVE-2022-0958-cf0f772efb4c9beac6971570b02c3073.yaml
index 8e6daf62e0..f20ccd7a40 100644
--- a/nuclei-templates/2022/CVE-2022-0958-cf0f772efb4c9beac6971570b02c3073.yaml
+++ b/nuclei-templates/2022/CVE-2022-0958-cf0f772efb4c9beac6971570b02c3073.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mark Posts <= 2.0.0 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mark-posts/"
     google-query: inurl:"/wp-content/plugins/mark-posts/"
     shodan-query: 'vuln:CVE-2022-0958'
-  tags: cve,wordpress,wp-plugin,mark-posts,medium
+  tags: cve,wordpress,wp-plugin,mark-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0969-7ae1e981db663479bebe95d4fc6e1fb9.yaml b/nuclei-templates/2022/CVE-2022-0969-7ae1e981db663479bebe95d4fc6e1fb9.yaml
index d149f0df38..f43866a09d 100644
--- a/nuclei-templates/2022/CVE-2022-0969-7ae1e981db663479bebe95d4fc6e1fb9.yaml
+++ b/nuclei-templates/2022/CVE-2022-0969-7ae1e981db663479bebe95d4fc6e1fb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image optimization & Lazy Load <= 3.3.1 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/optimole-wp/"
     google-query: inurl:"/wp-content/plugins/optimole-wp/"
     shodan-query: 'vuln:CVE-2022-0969'
-  tags: cve,wordpress,wp-plugin,optimole-wp,medium
+  tags: cve,wordpress,wp-plugin,optimole-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0993-158366fe9b5b0baf92dc531e125fc491.yaml b/nuclei-templates/2022/CVE-2022-0993-158366fe9b5b0baf92dc531e125fc491.yaml
index a138365565..74f38215a0 100644
--- a/nuclei-templates/2022/CVE-2022-0993-158366fe9b5b0baf92dc531e125fc491.yaml
+++ b/nuclei-templates/2022/CVE-2022-0993-158366fe9b5b0baf92dc531e125fc491.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sg-security/"
     google-query: inurl:"/wp-content/plugins/sg-security/"
     shodan-query: 'vuln:CVE-2022-0993'
-  tags: cve,wordpress,wp-plugin,sg-security,high
+  tags: cve,wordpress,wp-plugin,sg-security,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-0994-198731eb0d140b29cd1b351f123496f9.yaml b/nuclei-templates/2022/CVE-2022-0994-198731eb0d140b29cd1b351f123496f9.yaml
index 93af32a521..3619ed687e 100644
--- a/nuclei-templates/2022/CVE-2022-0994-198731eb0d140b29cd1b351f123496f9.yaml
+++ b/nuclei-templates/2022/CVE-2022-0994-198731eb0d140b29cd1b351f123496f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hummingbird <= 3.3.1 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hummingbird-performance/"
     google-query: inurl:"/wp-content/plugins/hummingbird-performance/"
     shodan-query: 'vuln:CVE-2022-0994'
-  tags: cve,wordpress,wp-plugin,hummingbird-performance,medium
+  tags: cve,wordpress,wp-plugin,hummingbird-performance,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1001-c8a533331a66588a41e484e2593bc634.yaml b/nuclei-templates/2022/CVE-2022-1001-c8a533331a66588a41e484e2593bc634.yaml
index f1dbed7462..e205bca5c0 100644
--- a/nuclei-templates/2022/CVE-2022-1001-c8a533331a66588a41e484e2593bc634.yaml
+++ b/nuclei-templates/2022/CVE-2022-1001-c8a533331a66588a41e484e2593bc634.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Downgrade <= 1.2.2 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-downgrade/"
     google-query: inurl:"/wp-content/plugins/wp-downgrade/"
     shodan-query: 'vuln:CVE-2022-1001'
-  tags: cve,wordpress,wp-plugin,wp-downgrade,medium
+  tags: cve,wordpress,wp-plugin,wp-downgrade,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1006-a9aa77a954191266292b06f87ea42806.yaml b/nuclei-templates/2022/CVE-2022-1006-a9aa77a954191266292b06f87ea42806.yaml
index 63ea1396bf..c85bc5099c 100644
--- a/nuclei-templates/2022/CVE-2022-1006-a9aa77a954191266292b06f87ea42806.yaml
+++ b/nuclei-templates/2022/CVE-2022-1006-a9aa77a954191266292b06f87ea42806.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Booking Calendar <= 1.7.0 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Advanced Booking Calendar plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in versions up to, and including, 1.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for admin-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-booking-calendar/"
     google-query: inurl:"/wp-content/plugins/advanced-booking-calendar/"
     shodan-query: 'vuln:CVE-2022-1006'
-  tags: cve,wordpress,wp-plugin,advanced-booking-calendar,high
+  tags: cve,wordpress,wp-plugin,advanced-booking-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1008-a9a32f74174df8c480433ef7ce05b39d.yaml b/nuclei-templates/2022/CVE-2022-1008-a9a32f74174df8c480433ef7ce05b39d.yaml
index c0641c45b7..e5c0cff458 100644
--- a/nuclei-templates/2022/CVE-2022-1008-a9a32f74174df8c480433ef7ce05b39d.yaml
+++ b/nuclei-templates/2022/CVE-2022-1008-a9a32f74174df8c480433ef7ce05b39d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Catch Themes Demo Import <= 3.0.2 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Catch Themes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 3.0.2. This is due to insufficient file type validation on imported files that makes it possible for high-level authenticated users, such as administrators, to upload arbitrary files onto a vulnerable site's server and gain remote code execution. This would only affect installations where admins have been restricted from uploading/modifying files to a site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/one-click-demo-import/"
     google-query: inurl:"/wp-content/plugins/one-click-demo-import/"
     shodan-query: 'vuln:CVE-2022-1008'
-  tags: cve,wordpress,wp-plugin,one-click-demo-import,high
+  tags: cve,wordpress,wp-plugin,one-click-demo-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1009-7a3ab4b4d26a299b96225464ccb1d356.yaml b/nuclei-templates/2022/CVE-2022-1009-7a3ab4b4d26a299b96225464ccb1d356.yaml
index 96ea102a30..476270fba4 100644
--- a/nuclei-templates/2022/CVE-2022-1009-7a3ab4b4d26a299b96225464ccb1d356.yaml
+++ b/nuclei-templates/2022/CVE-2022-1009-7a3ab4b4d26a299b96225464ccb1d356.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smush – Lazy Load Images, Optimize & Compress Images <= 3.9.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smush – Lazy Load Images, Optimize & Compress Images plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'name' and 'description' parameters in versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This requires an attacker to trick an administrator into uploading a malicious configuration file in order to be successful.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-smushit/"
     google-query: inurl:"/wp-content/plugins/wp-smushit/"
     shodan-query: 'vuln:CVE-2022-1009'
-  tags: cve,wordpress,wp-plugin,wp-smushit,medium
+  tags: cve,wordpress,wp-plugin,wp-smushit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1010-73c8c687b5d5c2441c948ce0feefccb9.yaml b/nuclei-templates/2022/CVE-2022-1010-73c8c687b5d5c2441c948ce0feefccb9.yaml
index fc90d0bfb7..00daeb28d9 100644
--- a/nuclei-templates/2022/CVE-2022-1010-73c8c687b5d5c2441c948ce0feefccb9.yaml
+++ b/nuclei-templates/2022/CVE-2022-1010-73c8c687b5d5c2441c948ce0feefccb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login using WordPress Users (WP as SAML IDP) <= 1.13.2 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login using WordPress Users (WP as SAML IDP) plugin by MiniOrange is vulnerable to Cross-Site Scripting in versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. This only affected multi-site installations and installations where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-wp-as-saml-idp/"
     google-query: inurl:"/wp-content/plugins/miniorange-wp-as-saml-idp/"
     shodan-query: 'vuln:CVE-2022-1010'
-  tags: cve,wordpress,wp-plugin,miniorange-wp-as-saml-idp,medium
+  tags: cve,wordpress,wp-plugin,miniorange-wp-as-saml-idp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1020-e2d12fb1743cf7c34146fef09c867ef4.yaml b/nuclei-templates/2022/CVE-2022-1020-e2d12fb1743cf7c34146fef09c867ef4.yaml
index bf201068f1..5493924db8 100644
--- a/nuclei-templates/2022/CVE-2022-1020-e2d12fb1743cf7c34146fef09c867ef4.yaml
+++ b/nuclei-templates/2022/CVE-2022-1020-e2d12fb1743cf7c34146fef09c867ef4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Table for WooCommerce <= 3.1.2 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-table/"
     google-query: inurl:"/wp-content/plugins/woo-product-table/"
     shodan-query: 'vuln:CVE-2022-1020'
-  tags: cve,wordpress,wp-plugin,woo-product-table,critical
+  tags: cve,wordpress,wp-plugin,woo-product-table,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1023-39c09063986ff422c9e20ab8b773f550.yaml b/nuclei-templates/2022/CVE-2022-1023-39c09063986ff422c9e20ab8b773f550.yaml
index 25c4eb5a78..c24e6dc287 100644
--- a/nuclei-templates/2022/CVE-2022-1023-39c09063986ff422c9e20ab8b773f550.yaml
+++ b/nuclei-templates/2022/CVE-2022-1023-39c09063986ff422c9e20ab8b773f550.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podcast Importer SecondLine < 1.3.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podcast-importer-secondline/"
     google-query: inurl:"/wp-content/plugins/podcast-importer-secondline/"
     shodan-query: 'vuln:CVE-2022-1023'
-  tags: cve,wordpress,wp-plugin,podcast-importer-secondline,high
+  tags: cve,wordpress,wp-plugin,podcast-importer-secondline,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1027-7e7d3fe35e3640caa3a72acaf61512d5.yaml b/nuclei-templates/2022/CVE-2022-1027-7e7d3fe35e3640caa3a72acaf61512d5.yaml
index eb0d8e4883..4e02953792 100644
--- a/nuclei-templates/2022/CVE-2022-1027-7e7d3fe35e3640caa3a72acaf61512d5.yaml
+++ b/nuclei-templates/2022/CVE-2022-1027-7e7d3fe35e3640caa3a72acaf61512d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Restriction WordPress <= 1.2.6 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-and-post-restriction/"
     google-query: inurl:"/wp-content/plugins/page-and-post-restriction/"
     shodan-query: 'vuln:CVE-2022-1027'
-  tags: cve,wordpress,wp-plugin,page-and-post-restriction,medium
+  tags: cve,wordpress,wp-plugin,page-and-post-restriction,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1028-8e950dd64eb760b48f921b3528ca5c9f.yaml b/nuclei-templates/2022/CVE-2022-1028-8e950dd64eb760b48f921b3528ca5c9f.yaml
index 804255149b..f03ab034c1 100644
--- a/nuclei-templates/2022/CVE-2022-1028-8e950dd64eb760b48f921b3528ca5c9f.yaml
+++ b/nuclei-templates/2022/CVE-2022-1028-8e950dd64eb760b48f921b3528ca5c9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Security <= 4.2 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-security-pro/"
     google-query: inurl:"/wp-content/plugins/wp-security-pro/"
     shodan-query: 'vuln:CVE-2022-1028'
-  tags: cve,wordpress,wp-plugin,wp-security-pro,medium
+  tags: cve,wordpress,wp-plugin,wp-security-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1029-6f5594aa21d74ab20f466ec04157beee.yaml b/nuclei-templates/2022/CVE-2022-1029-6f5594aa21d74ab20f466ec04157beee.yaml
index 7eaee9e409..a451809d54 100644
--- a/nuclei-templates/2022/CVE-2022-1029-6f5594aa21d74ab20f466ec04157beee.yaml
+++ b/nuclei-templates/2022/CVE-2022-1029-6f5594aa21d74ab20f466ec04157beee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MiniOrange Limit Login Attempts <= 4.0.72 - Administrator+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-limit-login-attempts/"
     google-query: inurl:"/wp-content/plugins/miniorange-limit-login-attempts/"
     shodan-query: 'vuln:CVE-2022-1029'
-  tags: cve,wordpress,wp-plugin,miniorange-limit-login-attempts,medium
+  tags: cve,wordpress,wp-plugin,miniorange-limit-login-attempts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1046-02a51eb116d83b932887ff5f7b3fb4a8.yaml b/nuclei-templates/2022/CVE-2022-1046-02a51eb116d83b932887ff5f7b3fb4a8.yaml
index ec2efbb9d7..8e5aefd151 100644
--- a/nuclei-templates/2022/CVE-2022-1046-02a51eb116d83b932887ff5f7b3fb4a8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1046-02a51eb116d83b932887ff5f7b3fb4a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Form Builder <= 3.0.6 - Admin+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visual-form-builder/"
     google-query: inurl:"/wp-content/plugins/visual-form-builder/"
     shodan-query: 'vuln:CVE-2022-1046'
-  tags: cve,wordpress,wp-plugin,visual-form-builder,medium
+  tags: cve,wordpress,wp-plugin,visual-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1051-399a0cfb0032357f26f899d011d7490f.yaml b/nuclei-templates/2022/CVE-2022-1051-399a0cfb0032357f26f899d011d7490f.yaml
index 62be32e4aa..1c180d9a63 100644
--- a/nuclei-templates/2022/CVE-2022-1051-399a0cfb0032357f26f899d011d7490f.yaml
+++ b/nuclei-templates/2022/CVE-2022-1051-399a0cfb0032357f26f899d011d7490f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPQA - Builder forms Addon For WordPress < 5.2 - Stored Cross-Site Scripting via Profile fields
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpqa/"
     google-query: inurl:"/wp-content/plugins/wpqa/"
     shodan-query: 'vuln:CVE-2022-1051'
-  tags: cve,wordpress,wp-plugin,wpqa,medium
+  tags: cve,wordpress,wp-plugin,wpqa,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1062-f1d890dd18142758b1c8cdecbd50795b.yaml b/nuclei-templates/2022/CVE-2022-1062-f1d890dd18142758b1c8cdecbd50795b.yaml
index acc28a89cd..f5b98883c5 100644
--- a/nuclei-templates/2022/CVE-2022-1062-f1d890dd18142758b1c8cdecbd50795b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1062-f1d890dd18142758b1c8cdecbd50795b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     th23 Social <= 1.2.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/th23-social/"
     google-query: inurl:"/wp-content/plugins/th23-social/"
     shodan-query: 'vuln:CVE-2022-1062'
-  tags: cve,wordpress,wp-plugin,th23-social,medium
+  tags: cve,wordpress,wp-plugin,th23-social,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1063-5e0fa9fcba55bce0a7d159ec1d8e3486.yaml b/nuclei-templates/2022/CVE-2022-1063-5e0fa9fcba55bce0a7d159ec1d8e3486.yaml
index 247438ad6f..34d7de3c8f 100644
--- a/nuclei-templates/2022/CVE-2022-1063-5e0fa9fcba55bce0a7d159ec1d8e3486.yaml
+++ b/nuclei-templates/2022/CVE-2022-1063-5e0fa9fcba55bce0a7d159ec1d8e3486.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thank-me-later/"
     google-query: inurl:"/wp-content/plugins/thank-me-later/"
     shodan-query: 'vuln:CVE-2022-1063'
-  tags: cve,wordpress,wp-plugin,thank-me-later,medium
+  tags: cve,wordpress,wp-plugin,thank-me-later,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1088-9a80eb4e9ae6ba3b2c9128c9152fe450.yaml b/nuclei-templates/2022/CVE-2022-1088-9a80eb4e9ae6ba3b2c9128c9152fe450.yaml
index 21526be53d..71891a1f94 100644
--- a/nuclei-templates/2022/CVE-2022-1088-9a80eb4e9ae6ba3b2c9128c9152fe450.yaml
+++ b/nuclei-templates/2022/CVE-2022-1088-9a80eb4e9ae6ba3b2c9128c9152fe450.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Security & Membership <= 1.5.15 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Security & Membership WordPress plugin through 1.5.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contexture-page-security/"
     google-query: inurl:"/wp-content/plugins/contexture-page-security/"
     shodan-query: 'vuln:CVE-2022-1088'
-  tags: cve,wordpress,wp-plugin,contexture-page-security,medium
+  tags: cve,wordpress,wp-plugin,contexture-page-security,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1089-4f2b194ecb7432206d5e63b6f9923644.yaml b/nuclei-templates/2022/CVE-2022-1089-4f2b194ecb7432206d5e63b6f9923644.yaml
index 6e4ba40d49..61c858c351 100644
--- a/nuclei-templates/2022/CVE-2022-1089-4f2b194ecb7432206d5e63b6f9923644.yaml
+++ b/nuclei-templates/2022/CVE-2022-1089-4f2b194ecb7432206d5e63b6f9923644.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bulk Edit and Create User Profiles – WP Sheet Editor <= 1.5.13 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/"
     google-query: inurl:"/wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/"
     shodan-query: 'vuln:CVE-2022-1089'
-  tags: cve,wordpress,wp-plugin,bulk-edit-user-profiles-in-spreadsheet,medium
+  tags: cve,wordpress,wp-plugin,bulk-edit-user-profiles-in-spreadsheet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1090-50f3d46f270e4758bbe32a2e3166c5bc.yaml b/nuclei-templates/2022/CVE-2022-1090-50f3d46f270e4758bbe32a2e3166c5bc.yaml
index 64041ec8c0..42d8e894a4 100644
--- a/nuclei-templates/2022/CVE-2022-1090-50f3d46f270e4758bbe32a2e3166c5bc.yaml
+++ b/nuclei-templates/2022/CVE-2022-1090-50f3d46f270e4758bbe32a2e3166c5bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Good & Bad Comments <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Good & Bad Comments WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/good-bad-comments/"
     google-query: inurl:"/wp-content/plugins/good-bad-comments/"
     shodan-query: 'vuln:CVE-2022-1090'
-  tags: cve,wordpress,wp-plugin,good-bad-comments,medium
+  tags: cve,wordpress,wp-plugin,good-bad-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1092-7b33af13dcbb1f6cea4e6cd4849f85c9.yaml b/nuclei-templates/2022/CVE-2022-1092-7b33af13dcbb1f6cea4e6cd4849f85c9.yaml
index d5a843d6b1..5dc08b89eb 100644
--- a/nuclei-templates/2022/CVE-2022-1092-7b33af13dcbb1f6cea4e6cd4849f85c9.yaml
+++ b/nuclei-templates/2022/CVE-2022-1092-7b33af13dcbb1f6cea4e6cd4849f85c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin  <= 2.4.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mycred/"
     google-query: inurl:"/wp-content/plugins/mycred/"
     shodan-query: 'vuln:CVE-2022-1092'
-  tags: cve,wordpress,wp-plugin,mycred,medium
+  tags: cve,wordpress,wp-plugin,mycred,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1093-2e08f88f4d646fb37132bf634ea9d86a.yaml b/nuclei-templates/2022/CVE-2022-1093-2e08f88f4d646fb37132bf634ea9d86a.yaml
index 577fe231b0..9735dc2d37 100644
--- a/nuclei-templates/2022/CVE-2022-1093-2e08f88f4d646fb37132bf634ea9d86a.yaml
+++ b/nuclei-templates/2022/CVE-2022-1093-2e08f88f4d646fb37132bf634ea9d86a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meta SEO <= 4.4.6 - Admin+ Stored Cross-Site Scripting via breadcrumbs
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-seo/"
     google-query: inurl:"/wp-content/plugins/wp-meta-seo/"
     shodan-query: 'vuln:CVE-2022-1093'
-  tags: cve,wordpress,wp-plugin,wp-meta-seo,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1094-5ff51e8e3d70f359c04a37d7bd2f99bd.yaml b/nuclei-templates/2022/CVE-2022-1094-5ff51e8e3d70f359c04a37d7bd2f99bd.yaml
index a4b752f215..c1e87437d1 100644
--- a/nuclei-templates/2022/CVE-2022-1094-5ff51e8e3d70f359c04a37d7bd2f99bd.yaml
+++ b/nuclei-templates/2022/CVE-2022-1094-5ff51e8e3d70f359c04a37d7bd2f99bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     amr users <= 4.59.3 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amr-users/"
     google-query: inurl:"/wp-content/plugins/amr-users/"
     shodan-query: 'vuln:CVE-2022-1094'
-  tags: cve,wordpress,wp-plugin,amr-users,medium
+  tags: cve,wordpress,wp-plugin,amr-users,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1095-115be693fa2aef7e78774bec69a9ed0c.yaml b/nuclei-templates/2022/CVE-2022-1095-115be693fa2aef7e78774bec69a9ed0c.yaml
index ab7287a9f8..f1ca0af5bc 100644
--- a/nuclei-templates/2022/CVE-2022-1095-115be693fa2aef7e78774bec69a9ed0c.yaml
+++ b/nuclei-templates/2022/CVE-2022-1095-115be693fa2aef7e78774bec69a9ed0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mihdan: No External Links <= 4.7.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mihdan: No External Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including 4.7.4. This makes it possible for admin level attackers to inject arbitrary web scripts on web pages that execute whenever another administrator accesses the page. This can be exploited on multi-site installations and installations where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mihdan-no-external-links/"
     google-query: inurl:"/wp-content/plugins/mihdan-no-external-links/"
     shodan-query: 'vuln:CVE-2022-1095'
-  tags: cve,wordpress,wp-plugin,mihdan-no-external-links,medium
+  tags: cve,wordpress,wp-plugin,mihdan-no-external-links,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1103-501a1f4c716dcfc5dbf27f3bb41b2666.yaml b/nuclei-templates/2022/CVE-2022-1103-501a1f4c716dcfc5dbf27f3bb41b2666.yaml
index 98630bff1d..d417702b18 100644
--- a/nuclei-templates/2022/CVE-2022-1103-501a1f4c716dcfc5dbf27f3bb41b2666.yaml
+++ b/nuclei-templates/2022/CVE-2022-1103-501a1f4c716dcfc5dbf27f3bb41b2666.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced uploader <= 4.2 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to Remote Code Execution
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-uploader/"
     google-query: inurl:"/wp-content/plugins/advanced-uploader/"
     shodan-query: 'vuln:CVE-2022-1103'
-  tags: cve,wordpress,wp-plugin,advanced-uploader,medium
+  tags: cve,wordpress,wp-plugin,advanced-uploader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1104-de64ee696bec8d009d778000d64252b8.yaml b/nuclei-templates/2022/CVE-2022-1104-de64ee696bec8d009d778000d64252b8.yaml
index 2b78994a51..bb07bb58f5 100644
--- a/nuclei-templates/2022/CVE-2022-1104-de64ee696bec8d009d778000d64252b8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1104-de64ee696bec8d009d778000d64252b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Maker <= 1.16.4 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Cookie Time field in versions up to, and including, 1.16.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-maker/"
     google-query: inurl:"/wp-content/plugins/popup-maker/"
     shodan-query: 'vuln:CVE-2022-1104'
-  tags: cve,wordpress,wp-plugin,popup-maker,medium
+  tags: cve,wordpress,wp-plugin,popup-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1112-ad0620cb04a8c4743efa183697178556.yaml b/nuclei-templates/2022/CVE-2022-1112-ad0620cb04a8c4743efa183697178556.yaml
index ea8dc21058..4148a43953 100644
--- a/nuclei-templates/2022/CVE-2022-1112-ad0620cb04a8c4743efa183697178556.yaml
+++ b/nuclei-templates/2022/CVE-2022-1112-ad0620cb04a8c4743efa183697178556.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Autolinks <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored Cross-Site scripting against a logged in admin via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autolinks/"
     google-query: inurl:"/wp-content/plugins/autolinks/"
     shodan-query: 'vuln:CVE-2022-1112'
-  tags: cve,wordpress,wp-plugin,autolinks,high
+  tags: cve,wordpress,wp-plugin,autolinks,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1113-4d590f8cfc3cb04affd33a6ac18e5217.yaml b/nuclei-templates/2022/CVE-2022-1113-4d590f8cfc3cb04affd33a6ac18e5217.yaml
index 8d772b51ec..c8083f0031 100644
--- a/nuclei-templates/2022/CVE-2022-1113-4d590f8cfc3cb04affd33a6ac18e5217.yaml
+++ b/nuclei-templates/2022/CVE-2022-1113-4d590f8cfc3cb04affd33a6ac18e5217.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flower Delivery by Florist One <= 3.5.8 - (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Flower Delivery by Florist One plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 3.5.8. This can be exploited on multi-site installations and installations where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flower-delivery-by-florist-one/"
     google-query: inurl:"/wp-content/plugins/flower-delivery-by-florist-one/"
     shodan-query: 'vuln:CVE-2022-1113'
-  tags: cve,wordpress,wp-plugin,flower-delivery-by-florist-one,medium
+  tags: cve,wordpress,wp-plugin,flower-delivery-by-florist-one,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1123-7f6d3b4e502f3e87f036376c050085cb.yaml b/nuclei-templates/2022/CVE-2022-1123-7f6d3b4e502f3e87f036376c050085cb.yaml
index 6c4aec1e07..a7ebe633c5 100644
--- a/nuclei-templates/2022/CVE-2022-1123-7f6d3b4e502f3e87f036376c050085cb.yaml
+++ b/nuclei-templates/2022/CVE-2022-1123-7f6d3b4e502f3e87f036376c050085cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) <= 3.12.4 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to SQL Injection via the importer functionality parameter in versions up to, and including, 3.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrative privileges and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaflet-maps-marker/"
     google-query: inurl:"/wp-content/plugins/leaflet-maps-marker/"
     shodan-query: 'vuln:CVE-2022-1123'
-  tags: cve,wordpress,wp-plugin,leaflet-maps-marker,high
+  tags: cve,wordpress,wp-plugin,leaflet-maps-marker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1153-7b9f5b71ec8719bf9a8cb5694942faa9.yaml b/nuclei-templates/2022/CVE-2022-1153-7b9f5b71ec8719bf9a8cb5694942faa9.yaml
index 656b31a029..a9474e74cf 100644
--- a/nuclei-templates/2022/CVE-2022-1153-7b9f5b71ec8719bf9a8cb5694942faa9.yaml
+++ b/nuclei-templates/2022/CVE-2022-1153-7b9f5b71ec8719bf9a8cb5694942faa9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LayerSlider <= 7.1.1 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/LayerSlider/"
     google-query: inurl:"/wp-content/plugins/LayerSlider/"
     shodan-query: 'vuln:CVE-2022-1153'
-  tags: cve,wordpress,wp-plugin,LayerSlider,medium
+  tags: cve,wordpress,wp-plugin,LayerSlider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1156-01ed1eb8aac2e68ae5c276ba61ed6aed.yaml b/nuclei-templates/2022/CVE-2022-1156-01ed1eb8aac2e68ae5c276ba61ed6aed.yaml
index 13177b6a88..acac93f055 100644
--- a/nuclei-templates/2022/CVE-2022-1156-01ed1eb8aac2e68ae5c276ba61ed6aed.yaml
+++ b/nuclei-templates/2022/CVE-2022-1156-01ed1eb8aac2e68ae5c276ba61ed6aed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Books & Papers <= 0.20210223 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/books-papers/"
     google-query: inurl:"/wp-content/plugins/books-papers/"
     shodan-query: 'vuln:CVE-2022-1156'
-  tags: cve,wordpress,wp-plugin,books-papers,medium
+  tags: cve,wordpress,wp-plugin,books-papers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1167-3dadecf90476b3cb59a265c7ae6d0c01.yaml b/nuclei-templates/2022/CVE-2022-1167-3dadecf90476b3cb59a265c7ae6d0c01.yaml
index 9dfbfba52f..46556b2fb9 100644
--- a/nuclei-templates/2022/CVE-2022-1167-3dadecf90476b3cb59a265c7ae6d0c01.yaml
+++ b/nuclei-templates/2022/CVE-2022-1167-3dadecf90476b3cb59a265c7ae6d0c01.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CareerUp < 2.3.1 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/careerup/"
     google-query: inurl:"/wp-content/themes/careerup/"
     shodan-query: 'vuln:CVE-2022-1167'
-  tags: cve,wordpress,wp-theme,careerup,high
+  tags: cve,wordpress,wp-theme,careerup,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1168-1af02924d8ed846b859206c9bcd93941.yaml b/nuclei-templates/2022/CVE-2022-1168-1af02924d8ed846b859206c9bcd93941.yaml
index cbe21b5a79..ceb42ee111 100644
--- a/nuclei-templates/2022/CVE-2022-1168-1af02924d8ed846b859206c9bcd93941.yaml
+++ b/nuclei-templates/2022/CVE-2022-1168-1af02924d8ed846b859206c9bcd93941.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP JobSearch < 1.5.1 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1 via search_title parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/careerfy/"
     google-query: inurl:"/wp-content/plugins/careerfy/"
     shodan-query: 'vuln:CVE-2022-1168'
-  tags: cve,wordpress,wp-plugin,careerfy,high
+  tags: cve,wordpress,wp-plugin,careerfy,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1169-0b2658951b7cfc28db2aef3263c845a3.yaml b/nuclei-templates/2022/CVE-2022-1169-0b2658951b7cfc28db2aef3263c845a3.yaml
index 3a068feecd..4d662caf5f 100644
--- a/nuclei-templates/2022/CVE-2022-1169-0b2658951b7cfc28db2aef3263c845a3.yaml
+++ b/nuclei-templates/2022/CVE-2022-1169-0b2658951b7cfc28db2aef3263c845a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Careerfy < 3.9.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Careerfy theme plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to 3.9.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/careerfy/"
     google-query: inurl:"/wp-content/themes/careerfy/"
     shodan-query: 'vuln:CVE-2022-1169'
-  tags: cve,wordpress,wp-theme,careerfy,medium
+  tags: cve,wordpress,wp-theme,careerfy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1182-1302cc789091d34c6db79147cc295acd.yaml b/nuclei-templates/2022/CVE-2022-1182-1302cc789091d34c6db79147cc295acd.yaml
index 1ae89f9313..53d6e84b57 100644
--- a/nuclei-templates/2022/CVE-2022-1182-1302cc789091d34c6db79147cc295acd.yaml
+++ b/nuclei-templates/2022/CVE-2022-1182-1302cc789091d34c6db79147cc295acd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Slide Box Builder <= 3.2.9 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-visual-slidebox-builder/"
     google-query: inurl:"/wp-content/plugins/wp-visual-slidebox-builder/"
     shodan-query: 'vuln:CVE-2022-1182'
-  tags: cve,wordpress,wp-plugin,wp-visual-slidebox-builder,critical
+  tags: cve,wordpress,wp-plugin,wp-visual-slidebox-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1203-1c3db202ed4136234a7dba357e335f3e.yaml b/nuclei-templates/2022/CVE-2022-1203-1c3db202ed4136234a7dba357e335f3e.yaml
index cdeb90aa7b..30efc5a832 100644
--- a/nuclei-templates/2022/CVE-2022-1203-1c3db202ed4136234a7dba357e335f3e.yaml
+++ b/nuclei-templates/2022/CVE-2022-1203-1c3db202ed4136234a7dba357e335f3e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Mask <= 1.8.4 - Authenticated (Subscriber+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-mask/"
     google-query: inurl:"/wp-content/plugins/content-mask/"
     shodan-query: 'vuln:CVE-2022-1203'
-  tags: cve,wordpress,wp-plugin,content-mask,high
+  tags: cve,wordpress,wp-plugin,content-mask,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1208-d6ddc334180239abe617a7bb4b11e74b.yaml b/nuclei-templates/2022/CVE-2022-1208-d6ddc334180239abe617a7bb4b11e74b.yaml
index 9ef5a8563f..1946b939d3 100644
--- a/nuclei-templates/2022/CVE-2022-1208-d6ddc334180239abe617a7bb4b11e74b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1208-d6ddc334180239abe617a7bb4b11e74b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.3.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was only partially fixed in version 2.3.2.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2022-1208'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1217-f62cbc07d0c97caefc6751d0180dc663.yaml b/nuclei-templates/2022/CVE-2022-1217-f62cbc07d0c97caefc6751d0180dc663.yaml
index aa65f56be5..fb2e9a4a6c 100644
--- a/nuclei-templates/2022/CVE-2022-1217-f62cbc07d0c97caefc6751d0180dc663.yaml
+++ b/nuclei-templates/2022/CVE-2022-1217-f62cbc07d0c97caefc6751d0180dc663.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom TinyMCE Shortcode Button <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-tinymce-shortcode-button/"
     google-query: inurl:"/wp-content/plugins/custom-tinymce-shortcode-button/"
     shodan-query: 'vuln:CVE-2022-1217'
-  tags: cve,wordpress,wp-plugin,custom-tinymce-shortcode-button,high
+  tags: cve,wordpress,wp-plugin,custom-tinymce-shortcode-button,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1228-3e83969edc359576afe93a3a140053fe.yaml b/nuclei-templates/2022/CVE-2022-1228-3e83969edc359576afe93a3a140053fe.yaml
index dcbba2f466..0aa7af948d 100644
--- a/nuclei-templates/2022/CVE-2022-1228-3e83969edc359576afe93a3a140053fe.yaml
+++ b/nuclei-templates/2022/CVE-2022-1228-3e83969edc359576afe93a3a140053fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Opensea <= 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/opensea/"
     google-query: inurl:"/wp-content/plugins/opensea/"
     shodan-query: 'vuln:CVE-2022-1228'
-  tags: cve,wordpress,wp-plugin,opensea,medium
+  tags: cve,wordpress,wp-plugin,opensea,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1251-1c2da71dac8a1ffb07f1c87e262b5e0e.yaml b/nuclei-templates/2022/CVE-2022-1251-1c2da71dac8a1ffb07f1c87e262b5e0e.yaml
index 8bdc4cafd1..dd67b80a66 100644
--- a/nuclei-templates/2022/CVE-2022-1251-1c2da71dac8a1ffb07f1c87e262b5e0e.yaml
+++ b/nuclei-templates/2022/CVE-2022-1251-1c2da71dac8a1ffb07f1c87e262b5e0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ask Me <= 6.8.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ask Me theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.8.3. This is due to missing or incorrect nonce validation when editing profiles. This makes it possible for unauthenticated attackers to edit user profiles, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/ask-me/"
     google-query: inurl:"/wp-content/themes/ask-me/"
     shodan-query: 'vuln:CVE-2022-1251'
-  tags: cve,wordpress,wp-theme,ask-me,high
+  tags: cve,wordpress,wp-theme,ask-me,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1255-b7e40dcc40f790ccf1ceff5a8722305f.yaml b/nuclei-templates/2022/CVE-2022-1255-b7e40dcc40f790ccf1ceff5a8722305f.yaml
index 8bc09329fb..3fcbfca560 100644
--- a/nuclei-templates/2022/CVE-2022-1255-b7e40dcc40f790ccf1ceff5a8722305f.yaml
+++ b/nuclei-templates/2022/CVE-2022-1255-b7e40dcc40f790ccf1ceff5a8722305f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import and export users and customers <= 1.19.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitize and escape imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2022-1255'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1265-8d9d8e003ce03da674f1adc87ce55135.yaml b/nuclei-templates/2022/CVE-2022-1265-8d9d8e003ce03da674f1adc87ce55135.yaml
index 5d0788b772..2ae8e79e54 100644
--- a/nuclei-templates/2022/CVE-2022-1265-8d9d8e003ce03da674f1adc87ce55135.yaml
+++ b/nuclei-templates/2022/CVE-2022-1265-8d9d8e003ce03da674f1adc87ce55135.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BulletProof Security <= 6.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletproof-security/"
     google-query: inurl:"/wp-content/plugins/bulletproof-security/"
     shodan-query: 'vuln:CVE-2022-1265'
-  tags: cve,wordpress,wp-plugin,bulletproof-security,medium
+  tags: cve,wordpress,wp-plugin,bulletproof-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1266-1ddfe592d879bc70e98e16d6c917ddd6.yaml b/nuclei-templates/2022/CVE-2022-1266-1ddfe592d879bc70e98e16d6c917ddd6.yaml
index 1feba0b604..59a9850584 100644
--- a/nuclei-templates/2022/CVE-2022-1266-1ddfe592d879bc70e98e16d6c917ddd6.yaml
+++ b/nuclei-templates/2022/CVE-2022-1266-1ddfe592d879bc70e98e16d6c917ddd6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid, Slider & Carousel Ultimate <= 1.4.3 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-grid-carousel-ultimate/"
     google-query: inurl:"/wp-content/plugins/post-grid-carousel-ultimate/"
     shodan-query: 'vuln:CVE-2022-1266'
-  tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,medium
+  tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1269-02b84b42a8b3e6e7dc009b5046e38b5a.yaml b/nuclei-templates/2022/CVE-2022-1269-02b84b42a8b3e6e7dc009b5046e38b5a.yaml
index ba7e4f90c1..8c887ec147 100644
--- a/nuclei-templates/2022/CVE-2022-1269-02b84b42a8b3e6e7dc009b5046e38b5a.yaml
+++ b/nuclei-templates/2022/CVE-2022-1269-02b84b42a8b3e6e7dc009b5046e38b5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fast Flow <= 1.2.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Fast Flow WordPress plugin before 1.2.11 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to Reflected Cross-Site Scripting
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fast-flow-dashboard/"
     google-query: inurl:"/wp-content/plugins/fast-flow-dashboard/"
     shodan-query: 'vuln:CVE-2022-1269'
-  tags: cve,wordpress,wp-plugin,fast-flow-dashboard,medium
+  tags: cve,wordpress,wp-plugin,fast-flow-dashboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1273-70ada96da95be698f6717e6048a6ec59.yaml b/nuclei-templates/2022/CVE-2022-1273-70ada96da95be698f6717e6048a6ec59.yaml
index 068ae64f7a..bfaa868288 100644
--- a/nuclei-templates/2022/CVE-2022-1273-70ada96da95be698f6717e6048a6ec59.yaml
+++ b/nuclei-templates/2022/CVE-2022-1273-70ada96da95be698f6717e6048a6ec59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import WP – Import and Export WordPress data to XML or CSV files <= 2.4.5 - Authenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Import WP – Import and Export WordPress data to XML or CSV files plugin for WordPress is vulnerable to arbitrary file upload via high level authenticated users in versions up to, and including, 2.4.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jc-importer/"
     google-query: inurl:"/wp-content/plugins/jc-importer/"
     shodan-query: 'vuln:CVE-2022-1273'
-  tags: cve,wordpress,wp-plugin,jc-importer,high
+  tags: cve,wordpress,wp-plugin,jc-importer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1275-1bdbe0eed23754132ebb7324a7cbafe1.yaml b/nuclei-templates/2022/CVE-2022-1275-1bdbe0eed23754132ebb7324a7cbafe1.yaml
index e9cc565a8f..7455b3d17a 100644
--- a/nuclei-templates/2022/CVE-2022-1275-1bdbe0eed23754132ebb7324a7cbafe1.yaml
+++ b/nuclei-templates/2022/CVE-2022-1275-1bdbe0eed23754132ebb7324a7cbafe1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BannerMan <= 0.2.4 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bannerman/"
     google-query: inurl:"/wp-content/plugins/bannerman/"
     shodan-query: 'vuln:CVE-2022-1275'
-  tags: cve,wordpress,wp-plugin,bannerman,medium
+  tags: cve,wordpress,wp-plugin,bannerman,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1281-b9e46f23f1c3c438cdb8dc39395715de.yaml b/nuclei-templates/2022/CVE-2022-1281-b9e46f23f1c3c438cdb8dc39395715de.yaml
index 4495d621e9..fb7d6ae0a8 100644
--- a/nuclei-templates/2022/CVE-2022-1281-b9e46f23f1c3c438cdb8dc39395715de.yaml
+++ b/nuclei-templates/2022/CVE-2022-1281-b9e46f23f1c3c438cdb8dc39395715de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.6.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2022-1281'
-  tags: cve,wordpress,wp-plugin,photo-gallery,high
+  tags: cve,wordpress,wp-plugin,photo-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1282-1defc4b79b3e0026fa5b8dc78f8c4d1d.yaml b/nuclei-templates/2022/CVE-2022-1282-1defc4b79b3e0026fa5b8dc78f8c4d1d.yaml
index d58b563c1f..32ff177eb2 100644
--- a/nuclei-templates/2022/CVE-2022-1282-1defc4b79b3e0026fa5b8dc78f8c4d1d.yaml
+++ b/nuclei-templates/2022/CVE-2022-1282-1defc4b79b3e0026fa5b8dc78f8c4d1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.6.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2022-1282'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1294-d08f135748c79437965679674f4da9c2.yaml b/nuclei-templates/2022/CVE-2022-1294-d08f135748c79437965679674f4da9c2.yaml
index 45d91327d9..351cad0dec 100644
--- a/nuclei-templates/2022/CVE-2022-1294-d08f135748c79437965679674f4da9c2.yaml
+++ b/nuclei-templates/2022/CVE-2022-1294-d08f135748c79437965679674f4da9c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IMDB Info Box <= 2.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imdb-info-box/"
     google-query: inurl:"/wp-content/plugins/imdb-info-box/"
     shodan-query: 'vuln:CVE-2022-1294'
-  tags: cve,wordpress,wp-plugin,imdb-info-box,medium
+  tags: cve,wordpress,wp-plugin,imdb-info-box,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1298-f48a8e9c9fcbd8cc7a0d7249289e3206.yaml b/nuclei-templates/2022/CVE-2022-1298-f48a8e9c9fcbd8cc7a0d7249289e3206.yaml
index e02ce887ef..89d939c88e 100644
--- a/nuclei-templates/2022/CVE-2022-1298-f48a8e9c9fcbd8cc7a0d7249289e3206.yaml
+++ b/nuclei-templates/2022/CVE-2022-1298-f48a8e9c9fcbd8cc7a0d7249289e3206.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tabs Responsive <= 2.2.7 - Editor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tabs-responsive/"
     google-query: inurl:"/wp-content/plugins/tabs-responsive/"
     shodan-query: 'vuln:CVE-2022-1298'
-  tags: cve,wordpress,wp-plugin,tabs-responsive,medium
+  tags: cve,wordpress,wp-plugin,tabs-responsive,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1299-74a8ac0075a235e0a0c14b0719aab19b.yaml b/nuclei-templates/2022/CVE-2022-1299-74a8ac0075a235e0a0c14b0719aab19b.yaml
index 5e3e708f57..3ca990d211 100644
--- a/nuclei-templates/2022/CVE-2022-1299-74a8ac0075a235e0a0c14b0719aab19b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1299-74a8ac0075a235e0a0c14b0719aab19b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow <= 2.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-jquery-image-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-jquery-image-gallery/"
     shodan-query: 'vuln:CVE-2022-1299'
-  tags: cve,wordpress,wp-plugin,slideshow-jquery-image-gallery,medium
+  tags: cve,wordpress,wp-plugin,slideshow-jquery-image-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1301-d8df0d0d76816bab3218aaeebd329b4b.yaml b/nuclei-templates/2022/CVE-2022-1301-d8df0d0d76816bab3218aaeebd329b4b.yaml
index 4e5edf8362..e045341c89 100644
--- a/nuclei-templates/2022/CVE-2022-1301-d8df0d0d76816bab3218aaeebd329b4b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1301-d8df0d0d76816bab3218aaeebd329b4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Contact Slider <= 2.4.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Contact Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of sliders in versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with editor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multisite installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-contact-slider/"
     google-query: inurl:"/wp-content/plugins/wp-contact-slider/"
     shodan-query: 'vuln:CVE-2022-1301'
-  tags: cve,wordpress,wp-plugin,wp-contact-slider,medium
+  tags: cve,wordpress,wp-plugin,wp-contact-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1303-dba115ec2b96e48bab904dedd2103380.yaml b/nuclei-templates/2022/CVE-2022-1303-dba115ec2b96e48bab904dedd2103380.yaml
index 36e0075edc..61a2895584 100644
--- a/nuclei-templates/2022/CVE-2022-1303-dba115ec2b96e48bab904dedd2103380.yaml
+++ b/nuclei-templates/2022/CVE-2022-1303-dba115ec2b96e48bab904dedd2103380.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slide Anything – Responsive Content / HTML Slider and Carousel <= 2.3.43 - Editor+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slide-anything/"
     google-query: inurl:"/wp-content/plugins/slide-anything/"
     shodan-query: 'vuln:CVE-2022-1303'
-  tags: cve,wordpress,wp-plugin,slide-anything,medium
+  tags: cve,wordpress,wp-plugin,slide-anything,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1320-330b086d5a163173ce80e7bcf35592b2.yaml b/nuclei-templates/2022/CVE-2022-1320-330b086d5a163173ce80e7bcf35592b2.yaml
index 24548504f3..4b72182fc4 100644
--- a/nuclei-templates/2022/CVE-2022-1320-330b086d5a163173ce80e7bcf35592b2.yaml
+++ b/nuclei-templates/2022/CVE-2022-1320-330b086d5a163173ce80e7bcf35592b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider by 10Web <= 1.2.51 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-wd/"
     google-query: inurl:"/wp-content/plugins/slider-wd/"
     shodan-query: 'vuln:CVE-2022-1320'
-  tags: cve,wordpress,wp-plugin,slider-wd,medium
+  tags: cve,wordpress,wp-plugin,slider-wd,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1321-4764645e6471ac58214ba2ea5f55bde8.yaml b/nuclei-templates/2022/CVE-2022-1321-4764645e6471ac58214ba2ea5f55bde8.yaml
index 7221c3ea82..0b1bfed27b 100644
--- a/nuclei-templates/2022/CVE-2022-1321-4764645e6471ac58214ba2ea5f55bde8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1321-4764645e6471ac58214ba2ea5f55bde8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     miniOrange's Google Authenticator <= 5.5.5 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The miniOrange's Google Authenticator plugin for WordPress vulnerable to Stored Cross-Site Scripting via the ‘Add Referer’ field in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html have been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-2-factor-authentication/"
     google-query: inurl:"/wp-content/plugins/miniorange-2-factor-authentication/"
     shodan-query: 'vuln:CVE-2022-1321'
-  tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,medium
+  tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1322-943971993cbe3a7f3e1700395fdc37bf.yaml b/nuclei-templates/2022/CVE-2022-1322-943971993cbe3a7f3e1700395fdc37bf.yaml
index 0da867baad..4ed82a59c4 100644
--- a/nuclei-templates/2022/CVE-2022-1322-943971993cbe3a7f3e1700395fdc37bf.yaml
+++ b/nuclei-templates/2022/CVE-2022-1322-943971993cbe3a7f3e1700395fdc37bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon – Under Construction <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Coming Soon – Under Construction plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coming-soons/"
     google-query: inurl:"/wp-content/plugins/coming-soons/"
     shodan-query: 'vuln:CVE-2022-1322'
-  tags: cve,wordpress,wp-plugin,coming-soons,medium
+  tags: cve,wordpress,wp-plugin,coming-soons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1323-3cce740c3da6d548d8d19689826c4cf1.yaml b/nuclei-templates/2022/CVE-2022-1323-3cce740c3da6d548d8d19689826c4cf1.yaml
index cbba30dc8e..65257ddd0a 100644
--- a/nuclei-templates/2022/CVE-2022-1323-3cce740c3da6d548d8d19689826c4cf1.yaml
+++ b/nuclei-templates/2022/CVE-2022-1323-3cce740c3da6d548d8d19689826c4cf1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Discy - Social Questions and Answers WordPress Theme <= 4.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "Discy - Social Questions and Answers WordPress Theme" theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the discy_update_options AJAX action in versions up to, and including, 4.9. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/discy/"
     google-query: inurl:"/wp-content/themes/discy/"
     shodan-query: 'vuln:CVE-2022-1323'
-  tags: cve,wordpress,wp-theme,discy,medium
+  tags: cve,wordpress,wp-theme,discy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1324-bb6d2bf0f5a8a794df5c5f921c8ed2d6.yaml b/nuclei-templates/2022/CVE-2022-1324-bb6d2bf0f5a8a794df5c5f921c8ed2d6.yaml
index 7ce2114df8..f1a4dd8679 100644
--- a/nuclei-templates/2022/CVE-2022-1324-bb6d2bf0f5a8a794df5c5f921c8ed2d6.yaml
+++ b/nuclei-templates/2022/CVE-2022-1324-bb6d2bf0f5a8a794df5c5f921c8ed2d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Timeline <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Event Timeline WordPress plugin through 1.1.6 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rich-event-timeline/"
     google-query: inurl:"/wp-content/plugins/rich-event-timeline/"
     shodan-query: 'vuln:CVE-2022-1324'
-  tags: cve,wordpress,wp-plugin,rich-event-timeline,medium
+  tags: cve,wordpress,wp-plugin,rich-event-timeline,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1326-96b39b472ca8eccbec11e47f253c80b8.yaml b/nuclei-templates/2022/CVE-2022-1326-96b39b472ca8eccbec11e47f253c80b8.yaml
index 2a2ee51f12..9f8d950f6d 100644
--- a/nuclei-templates/2022/CVE-2022-1326-96b39b472ca8eccbec11e47f253c80b8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1326-96b39b472ca8eccbec11e47f253c80b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form – Contact Form <= 1.2.0 - Administrator+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-forms/"
     google-query: inurl:"/wp-content/plugins/form-forms/"
     shodan-query: 'vuln:CVE-2022-1326'
-  tags: cve,wordpress,wp-plugin,form-forms,medium
+  tags: cve,wordpress,wp-plugin,form-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1327-c27095e826fc99d4e3ff59487183eb49.yaml b/nuclei-templates/2022/CVE-2022-1327-c27095e826fc99d4e3ff59487183eb49.yaml
index 253caaf299..8d9c4d403e 100644
--- a/nuclei-templates/2022/CVE-2022-1327-c27095e826fc99d4e3ff59487183eb49.yaml
+++ b/nuclei-templates/2022/CVE-2022-1327-c27095e826fc99d4e3ff59487183eb49.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Gallery – Grid Gallery <= 1.1.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: low
+  severity: high
   description: >
     The Image Gallery - Grid Gallery WordPress plugin through 1.1.1 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-image-gallery-photo/"
     google-query: inurl:"/wp-content/plugins/gallery-image-gallery-photo/"
     shodan-query: 'vuln:CVE-2022-1327'
-  tags: cve,wordpress,wp-plugin,gallery-image-gallery-photo,low
+  tags: cve,wordpress,wp-plugin,gallery-image-gallery-photo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1334-ed930301ff6966bb2b42fba1c213a244.yaml b/nuclei-templates/2022/CVE-2022-1334-ed930301ff6966bb2b42fba1c213a244.yaml
index 0d1f931e85..3cd2b6427e 100644
--- a/nuclei-templates/2022/CVE-2022-1334-ed930301ff6966bb2b42fba1c213a244.yaml
+++ b/nuclei-templates/2022/CVE-2022-1334-ed930301ff6966bb2b42fba1c213a244.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP YouTube Live <= 1.8.2 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-youtube-live/"
     google-query: inurl:"/wp-content/plugins/wp-youtube-live/"
     shodan-query: 'vuln:CVE-2022-1334'
-  tags: cve,wordpress,wp-plugin,wp-youtube-live,medium
+  tags: cve,wordpress,wp-plugin,wp-youtube-live,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1335-315a1c5d119a58cae4d57802c27a1504.yaml b/nuclei-templates/2022/CVE-2022-1335-315a1c5d119a58cae4d57802c27a1504.yaml
index d465c9a05d..576aa445bc 100644
--- a/nuclei-templates/2022/CVE-2022-1335-315a1c5d119a58cae4d57802c27a1504.yaml
+++ b/nuclei-templates/2022/CVE-2022-1335-315a1c5d119a58cae4d57802c27a1504.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow CK <= 1.4.9 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-ck/"
     google-query: inurl:"/wp-content/plugins/slideshow-ck/"
     shodan-query: 'vuln:CVE-2022-1335'
-  tags: cve,wordpress,wp-plugin,slideshow-ck,medium
+  tags: cve,wordpress,wp-plugin,slideshow-ck,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1336-3a426a819fa4af21ed44f2fbb809eae0.yaml b/nuclei-templates/2022/CVE-2022-1336-3a426a819fa4af21ed44f2fbb809eae0.yaml
index 2be567613a..8a01531bc6 100644
--- a/nuclei-templates/2022/CVE-2022-1336-3a426a819fa4af21ed44f2fbb809eae0.yaml
+++ b/nuclei-templates/2022/CVE-2022-1336-3a426a819fa4af21ed44f2fbb809eae0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carousel CK <= 1.1.0 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/carousel-ck/"
     google-query: inurl:"/wp-content/plugins/carousel-ck/"
     shodan-query: 'vuln:CVE-2022-1336'
-  tags: cve,wordpress,wp-plugin,carousel-ck,medium
+  tags: cve,wordpress,wp-plugin,carousel-ck,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1338-667161af8562bbf0616cde527e940c70.yaml b/nuclei-templates/2022/CVE-2022-1338-667161af8562bbf0616cde527e940c70.yaml
index 1b415c33ff..7b68fdbfee 100644
--- a/nuclei-templates/2022/CVE-2022-1338-667161af8562bbf0616cde527e940c70.yaml
+++ b/nuclei-templates/2022/CVE-2022-1338-667161af8562bbf0616cde527e940c70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easily Generate Rest API Url <= 1.0.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easily-generate-rest-api-url/"
     google-query: inurl:"/wp-content/plugins/easily-generate-rest-api-url/"
     shodan-query: 'vuln:CVE-2022-1338'
-  tags: cve,wordpress,wp-plugin,easily-generate-rest-api-url,medium
+  tags: cve,wordpress,wp-plugin,easily-generate-rest-api-url,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1386-d882958bab372a69d811837406b3986e.yaml b/nuclei-templates/2022/CVE-2022-1386-d882958bab372a69d811837406b3986e.yaml
index 1ae9782911..e795dab0dd 100644
--- a/nuclei-templates/2022/CVE-2022-1386-d882958bab372a69d811837406b3986e.yaml
+++ b/nuclei-templates/2022/CVE-2022-1386-d882958bab372a69d811837406b3986e.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.3
     cve-id: CVE-2022-1386
   metadata:
-    fofa-query: "wp-content/plugins/fusion-builder/"
-    google-query: inurl:"/wp-content/plugins/fusion-builder/"
+    fofa-query: "wp-content/themes/Avada/"
+    google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2022-1386'
-  tags: cve,wordpress,wp-plugin,fusion-builder,high
+  tags: cve,wordpress,wp-theme,Avada,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/fusion-builder/languages/fusion-builder.pot"
+      - "{{BaseURL}}/wp-content/themes/Avada/style.css"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "fusion-builder"
+          - "Avada"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 3.6.2')
\ No newline at end of file
+          - compare_versions(version, '< 7.6.2')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-1387-42ee0da57f529d4a1f0ef2f4cdec544f.yaml b/nuclei-templates/2022/CVE-2022-1387-42ee0da57f529d4a1f0ef2f4cdec544f.yaml
index f0f90679c5..663bec7a21 100644
--- a/nuclei-templates/2022/CVE-2022-1387-42ee0da57f529d4a1f0ef2f4cdec544f.yaml
+++ b/nuclei-templates/2022/CVE-2022-1387-42ee0da57f529d4a1f0ef2f4cdec544f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     No Future Posts <= 1.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/no-future-posts/"
     google-query: inurl:"/wp-content/plugins/no-future-posts/"
     shodan-query: 'vuln:CVE-2022-1387'
-  tags: cve,wordpress,wp-plugin,no-future-posts,medium
+  tags: cve,wordpress,wp-plugin,no-future-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1391-850cdc2bb11e2c84c49d36aadc35f92a.yaml b/nuclei-templates/2022/CVE-2022-1391-850cdc2bb11e2c84c49d36aadc35f92a.yaml
index 344c47e0ae..ee191d7102 100644
--- a/nuclei-templates/2022/CVE-2022-1391-850cdc2bb11e2c84c49d36aadc35f92a.yaml
+++ b/nuclei-templates/2022/CVE-2022-1391-850cdc2bb11e2c84c49d36aadc35f92a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cab fare calculator <= 1.0.3 - Unauthenticated Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cab-fare-calculator/"
     google-query: inurl:"/wp-content/plugins/cab-fare-calculator/"
     shodan-query: 'vuln:CVE-2022-1391'
-  tags: cve,wordpress,wp-plugin,cab-fare-calculator,medium
+  tags: cve,wordpress,wp-plugin,cab-fare-calculator,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1393-8e8d26048a256bd2a6af10c450c287bb.yaml b/nuclei-templates/2022/CVE-2022-1393-8e8d26048a256bd2a6af10c450c287bb.yaml
index e43ac77164..677fa22d62 100644
--- a/nuclei-templates/2022/CVE-2022-1393-8e8d26048a256bd2a6af10c450c287bb.yaml
+++ b/nuclei-templates/2022/CVE-2022-1393-8e8d26048a256bd2a6af10c450c287bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Subtitle <= 3.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. The subtitle is stored as a custom post meta with the key: "wps_subtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from the post meta update button (via AJAX) - and this makes the XSS exploitable by authenticated users with a role as low as contributor.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-subtitle/"
     google-query: inurl:"/wp-content/plugins/wp-subtitle/"
     shodan-query: 'vuln:CVE-2022-1393'
-  tags: cve,wordpress,wp-plugin,wp-subtitle,medium
+  tags: cve,wordpress,wp-plugin,wp-subtitle,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1394-cde70bc716e26c33fb792a26b5c7f5b0.yaml b/nuclei-templates/2022/CVE-2022-1394-cde70bc716e26c33fb792a26b5c7f5b0.yaml
index 3f360a78c1..85fd5dcd49 100644
--- a/nuclei-templates/2022/CVE-2022-1394-cde70bc716e26c33fb792a26b5c7f5b0.yaml
+++ b/nuclei-templates/2022/CVE-2022-1394-cde70bc716e26c33fb792a26b5c7f5b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Watermark font size" and "Watermark opacity" fields in versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2022-1394'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1395-7ed4275b69b36875b8deb7c4de847800.yaml b/nuclei-templates/2022/CVE-2022-1395-7ed4275b69b36875b8deb7c4de847800.yaml
index a0123bc538..d5302f6e3d 100644
--- a/nuclei-templates/2022/CVE-2022-1395-7ed4275b69b36875b8deb7c4de847800.yaml
+++ b/nuclei-templates/2022/CVE-2022-1395-7ed4275b69b36875b8deb7c4de847800.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy FAQ with Expanding Text <= 3.2.8.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-faq-with-expanding-text/"
     google-query: inurl:"/wp-content/plugins/easy-faq-with-expanding-text/"
     shodan-query: 'vuln:CVE-2022-1395'
-  tags: cve,wordpress,wp-plugin,easy-faq-with-expanding-text,medium
+  tags: cve,wordpress,wp-plugin,easy-faq-with-expanding-text,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1396-074326e7470f284764101e6fc9e53f79.yaml b/nuclei-templates/2022/CVE-2022-1396-074326e7470f284764101e6fc9e53f79.yaml
index 79ef8fbb99..113b08ad69 100644
--- a/nuclei-templates/2022/CVE-2022-1396-074326e7470f284764101e6fc9e53f79.yaml
+++ b/nuclei-templates/2022/CVE-2022-1396-074326e7470f284764101e6fc9e53f79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donorbox – Free Recurring Donation Form <= 7.1.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/donorbox-donation-form/"
     google-query: inurl:"/wp-content/plugins/donorbox-donation-form/"
     shodan-query: 'vuln:CVE-2022-1396'
-  tags: cve,wordpress,wp-plugin,donorbox-donation-form,medium
+  tags: cve,wordpress,wp-plugin,donorbox-donation-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1398-47882f7a2bc08ac13c7e58b547c2a0c7.yaml b/nuclei-templates/2022/CVE-2022-1398-47882f7a2bc08ac13c7e58b547c2a0c7.yaml
index e0c37ee2e0..434e5d8bf7 100644
--- a/nuclei-templates/2022/CVE-2022-1398-47882f7a2bc08ac13c7e58b547c2a0c7.yaml
+++ b/nuclei-templates/2022/CVE-2022-1398-47882f7a2bc08ac13c7e58b547c2a0c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     External Media without Import <= 1.1.2 - Authenticated (Subscriber+) Blind Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/external-media-without-import/"
     google-query: inurl:"/wp-content/plugins/external-media-without-import/"
     shodan-query: 'vuln:CVE-2022-1398'
-  tags: cve,wordpress,wp-plugin,external-media-without-import,medium
+  tags: cve,wordpress,wp-plugin,external-media-without-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1407-9ff0528f3bdcbc7bc2a574ec76b7073c.yaml b/nuclei-templates/2022/CVE-2022-1407-9ff0528f3bdcbc7bc2a574ec76b7073c.yaml
index b5d9293c0f..d967f76bda 100644
--- a/nuclei-templates/2022/CVE-2022-1407-9ff0528f3bdcbc7bc2a574ec76b7073c.yaml
+++ b/nuclei-templates/2022/CVE-2022-1407-9ff0528f3bdcbc7bc2a574ec76b7073c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VikBooking Hotel Booking Engine & PMS <= 1.5.7 -  Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vikbooking/"
     google-query: inurl:"/wp-content/plugins/vikbooking/"
     shodan-query: 'vuln:CVE-2022-1407'
-  tags: cve,wordpress,wp-plugin,vikbooking,high
+  tags: cve,wordpress,wp-plugin,vikbooking,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1408-fa15faecec3c0097e1e35ec5d5e47da4.yaml b/nuclei-templates/2022/CVE-2022-1408-fa15faecec3c0097e1e35ec5d5e47da4.yaml
index 35b5293b2d..dd758bc161 100644
--- a/nuclei-templates/2022/CVE-2022-1408-fa15faecec3c0097e1e35ec5d5e47da4.yaml
+++ b/nuclei-templates/2022/CVE-2022-1408-fa15faecec3c0097e1e35ec5d5e47da4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VikBooking Hotel Booking Engine & PMS <= 1.5.7 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vikbooking/"
     google-query: inurl:"/wp-content/plugins/vikbooking/"
     shodan-query: 'vuln:CVE-2022-1408'
-  tags: cve,wordpress,wp-plugin,vikbooking,medium
+  tags: cve,wordpress,wp-plugin,vikbooking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1409-0f884ba817e82a09c51444fd8fb9e0c3.yaml b/nuclei-templates/2022/CVE-2022-1409-0f884ba817e82a09c51444fd8fb9e0c3.yaml
index ccbaa153fc..f3e3a2b676 100644
--- a/nuclei-templates/2022/CVE-2022-1409-0f884ba817e82a09c51444fd8fb9e0c3.yaml
+++ b/nuclei-templates/2022/CVE-2022-1409-0f884ba817e82a09c51444fd8fb9e0c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VikBooking Hotel Booking Engine & PMS <= 1.5.8 - Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vikbooking/"
     google-query: inurl:"/wp-content/plugins/vikbooking/"
     shodan-query: 'vuln:CVE-2022-1409'
-  tags: cve,wordpress,wp-plugin,vikbooking,medium
+  tags: cve,wordpress,wp-plugin,vikbooking,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1421-e286b3a8935bca8a0217c3e2e8d64e5c.yaml b/nuclei-templates/2022/CVE-2022-1421-e286b3a8935bca8a0217c3e2e8d64e5c.yaml
index 3ebc3b8174..159e3f575e 100644
--- a/nuclei-templates/2022/CVE-2022-1421-e286b3a8935bca8a0217c3e2e8d64e5c.yaml
+++ b/nuclei-templates/2022/CVE-2022-1421-e286b3a8935bca8a0217c3e2e8d64e5c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Discy <= 5.1 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/discy/"
     google-query: inurl:"/wp-content/themes/discy/"
     shodan-query: 'vuln:CVE-2022-1421'
-  tags: cve,wordpress,wp-theme,discy,high
+  tags: cve,wordpress,wp-theme,discy,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1422-46244fdcad0724fd77e42ba287d7514a.yaml b/nuclei-templates/2022/CVE-2022-1422-46244fdcad0724fd77e42ba287d7514a.yaml
index c9eccdafda..6c24398c96 100644
--- a/nuclei-templates/2022/CVE-2022-1422-46244fdcad0724fd77e42ba287d7514a.yaml
+++ b/nuclei-templates/2022/CVE-2022-1422-46244fdcad0724fd77e42ba287d7514a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Discy <= 5.1 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/discy/"
     google-query: inurl:"/wp-content/themes/discy/"
     shodan-query: 'vuln:CVE-2022-1422'
-  tags: cve,wordpress,wp-theme,discy,high
+  tags: cve,wordpress,wp-theme,discy,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1424-e8eee7b13f0d955b5b5dd5ba7908051b.yaml b/nuclei-templates/2022/CVE-2022-1424-e8eee7b13f0d955b5b5dd5ba7908051b.yaml
index c831540b0b..f878d30de0 100644
--- a/nuclei-templates/2022/CVE-2022-1424-e8eee7b13f0d955b5b5dd5ba7908051b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1424-e8eee7b13f0d955b5b5dd5ba7908051b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ask Me <= 6.8.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/ask-me/"
     google-query: inurl:"/wp-content/themes/ask-me/"
     shodan-query: 'vuln:CVE-2022-1424'
-  tags: cve,wordpress,wp-theme,ask-me,high
+  tags: cve,wordpress,wp-theme,ask-me,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1456-7a1aa0c88530968ed1b5b646f3180462.yaml b/nuclei-templates/2022/CVE-2022-1456-7a1aa0c88530968ed1b5b646f3180462.yaml
index 6d6ba81412..dcabe4e720 100644
--- a/nuclei-templates/2022/CVE-2022-1456-7a1aa0c88530968ed1b5b646f3180462.yaml
+++ b/nuclei-templates/2022/CVE-2022-1456-7a1aa0c88530968ed1b5b646f3180462.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poll Maker <= 4.0.1 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/poll-maker/"
     google-query: inurl:"/wp-content/plugins/poll-maker/"
     shodan-query: 'vuln:CVE-2022-1456'
-  tags: cve,wordpress,wp-plugin,poll-maker,medium
+  tags: cve,wordpress,wp-plugin,poll-maker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1469-6a2b5867f4b2cb8b9df53b8ba2dbfdc3.yaml b/nuclei-templates/2022/CVE-2022-1469-6a2b5867f4b2cb8b9df53b8ba2dbfdc3.yaml
index 07cf67dc5f..70f8e2724e 100644
--- a/nuclei-templates/2022/CVE-2022-1469-6a2b5867f4b2cb8b9df53b8ba2dbfdc3.yaml
+++ b/nuclei-templates/2022/CVE-2022-1469-6a2b5867f4b2cb8b9df53b8ba2dbfdc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FiboSearch <= 1.17.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-search-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/ajax-search-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-1469'
-  tags: cve,wordpress,wp-plugin,ajax-search-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,ajax-search-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1472-eab47af35bd14f792c9512e4731e4999.yaml b/nuclei-templates/2022/CVE-2022-1472-eab47af35bd14f792c9512e4731e4999.yaml
index b5fa0e43fb..6c470a77fd 100644
--- a/nuclei-templates/2022/CVE-2022-1472-eab47af35bd14f792c9512e4731e4999.yaml
+++ b/nuclei-templates/2022/CVE-2022-1472-eab47af35bd14f792c9512e4731e4999.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Find and Replace <= 1.3.5 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/real-time-auto-find-and-replace/"
     google-query: inurl:"/wp-content/plugins/real-time-auto-find-and-replace/"
     shodan-query: 'vuln:CVE-2022-1472'
-  tags: cve,wordpress,wp-plugin,real-time-auto-find-and-replace,high
+  tags: cve,wordpress,wp-plugin,real-time-auto-find-and-replace,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1506-2a429e3083a4c7d371b1df483f6771d1.yaml b/nuclei-templates/2022/CVE-2022-1506-2a429e3083a4c7d371b1df483f6771d1.yaml
index 5061fdab5c..b7acb7a8d8 100644
--- a/nuclei-templates/2022/CVE-2022-1506-2a429e3083a4c7d371b1df483f6771d1.yaml
+++ b/nuclei-templates/2022/CVE-2022-1506-2a429e3083a4c7d371b1df483f6771d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     //// WP BORN BABIES PLUGIN /// <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-born-babies/"
     google-query: inurl:"/wp-content/plugins/wp-born-babies/"
     shodan-query: 'vuln:CVE-2022-1506'
-  tags: cve,wordpress,wp-plugin,wp-born-babies,medium
+  tags: cve,wordpress,wp-plugin,wp-born-babies,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1512-92ee91cf72a43dfa2c90a26dd4e9aac0.yaml b/nuclei-templates/2022/CVE-2022-1512-92ee91cf72a43dfa2c90a26dd4e9aac0.yaml
index 934ea9944d..663fd8f5fc 100644
--- a/nuclei-templates/2022/CVE-2022-1512-92ee91cf72a43dfa2c90a26dd4e9aac0.yaml
+++ b/nuclei-templates/2022/CVE-2022-1512-92ee91cf72a43dfa2c90a26dd4e9aac0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ScrollReveal.js Effects <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scrollrevealjs-effects/"
     google-query: inurl:"/wp-content/plugins/scrollrevealjs-effects/"
     shodan-query: 'vuln:CVE-2022-1512'
-  tags: cve,wordpress,wp-plugin,scrollrevealjs-effects,medium
+  tags: cve,wordpress,wp-plugin,scrollrevealjs-effects,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1538-acd2f33fed5535f04cc63cbd673f8668.yaml b/nuclei-templates/2022/CVE-2022-1538-acd2f33fed5535f04cc63cbd673f8668.yaml
index 019cd4e767..62dad7a39a 100644
--- a/nuclei-templates/2022/CVE-2022-1538-acd2f33fed5535f04cc63cbd673f8668.yaml
+++ b/nuclei-templates/2022/CVE-2022-1538-acd2f33fed5535f04cc63cbd673f8668.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme Demo Import <= 1.1.1 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Theme Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the ~/upload.php file in versions up to, and including, 1.1.1. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. This issue is not patched in version 1.1.1 due to the fact that the extension checking was only applied client-side.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-demo-import/"
     google-query: inurl:"/wp-content/plugins/theme-demo-import/"
     shodan-query: 'vuln:CVE-2022-1538'
-  tags: cve,wordpress,wp-plugin,theme-demo-import,high
+  tags: cve,wordpress,wp-plugin,theme-demo-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1540-4f73853f1fed7601f5de786bcd020099.yaml b/nuclei-templates/2022/CVE-2022-1540-4f73853f1fed7601f5de786bcd020099.yaml
index 3ea21b702d..6f208eb855 100644
--- a/nuclei-templates/2022/CVE-2022-1540-4f73853f1fed7601f5de786bcd020099.yaml
+++ b/nuclei-templates/2022/CVE-2022-1540-4f73853f1fed7601f5de786bcd020099.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PostmagThemes Demo Import <= 1.0.9 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The PostmagThemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/postmagthemes-demo-import/"
     google-query: inurl:"/wp-content/plugins/postmagthemes-demo-import/"
     shodan-query: 'vuln:CVE-2022-1540'
-  tags: cve,wordpress,wp-plugin,postmagthemes-demo-import,high
+  tags: cve,wordpress,wp-plugin,postmagthemes-demo-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1541-93c0b4806bb82af1f99b4d0c878535e6.yaml b/nuclei-templates/2022/CVE-2022-1541-93c0b4806bb82af1f99b4d0c878535e6.yaml
index 4e0acccc0d..4171cbca56 100644
--- a/nuclei-templates/2022/CVE-2022-1541-93c0b4806bb82af1f99b4d0c878535e6.yaml
+++ b/nuclei-templates/2022/CVE-2022-1541-93c0b4806bb82af1f99b4d0c878535e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Slider WordPress <= 1.4.6 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-video/"
     google-query: inurl:"/wp-content/plugins/slider-video/"
     shodan-query: 'vuln:CVE-2022-1541'
-  tags: cve,wordpress,wp-plugin,slider-video,medium
+  tags: cve,wordpress,wp-plugin,slider-video,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1542-fd9a8180717056f9f1f968f01ca33f0b.yaml b/nuclei-templates/2022/CVE-2022-1542-fd9a8180717056f9f1f968f01ca33f0b.yaml
index b5b9268b50..4fa926adf5 100644
--- a/nuclei-templates/2022/CVE-2022-1542-fd9a8180717056f9f1f968f01ca33f0b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1542-fd9a8180717056f9f1f968f01ca33f0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     hpb Dashboard <= 1.3.1 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hpbtool/"
     google-query: inurl:"/wp-content/plugins/hpbtool/"
     shodan-query: 'vuln:CVE-2022-1542'
-  tags: cve,wordpress,wp-plugin,hpbtool,medium
+  tags: cve,wordpress,wp-plugin,hpbtool,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1549-3b9b22b591de089c72309692f7ac4907.yaml b/nuclei-templates/2022/CVE-2022-1549-3b9b22b591de089c72309692f7ac4907.yaml
index 3fcc205c51..222319a967 100644
--- a/nuclei-templates/2022/CVE-2022-1549-3b9b22b591de089c72309692f7ac4907.yaml
+++ b/nuclei-templates/2022/CVE-2022-1549-3b9b22b591de089c72309692f7ac4907.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Athletics <= 1.1.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-athletics/"
     google-query: inurl:"/wp-content/plugins/wp-athletics/"
     shodan-query: 'vuln:CVE-2022-1549'
-  tags: cve,wordpress,wp-plugin,wp-athletics,medium
+  tags: cve,wordpress,wp-plugin,wp-athletics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1556-f5c3047a64378a59b5a46efb892afcac.yaml b/nuclei-templates/2022/CVE-2022-1556-f5c3047a64378a59b5a46efb892afcac.yaml
index 6664118c0e..cc008a9f0a 100644
--- a/nuclei-templates/2022/CVE-2022-1556-f5c3047a64378a59b5a46efb892afcac.yaml
+++ b/nuclei-templates/2022/CVE-2022-1556-f5c3047a64378a59b5a46efb892afcac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     StaffList <= 3.1.2 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stafflist/"
     google-query: inurl:"/wp-content/plugins/stafflist/"
     shodan-query: 'vuln:CVE-2022-1556'
-  tags: cve,wordpress,wp-plugin,stafflist,high
+  tags: cve,wordpress,wp-plugin,stafflist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1557-19a7dd3894c625a145c40adc74330444.yaml b/nuclei-templates/2022/CVE-2022-1557-19a7dd3894c625a145c40adc74330444.yaml
index c375e5f02e..f4635df445 100644
--- a/nuclei-templates/2022/CVE-2022-1557-19a7dd3894c625a145c40adc74330444.yaml
+++ b/nuclei-templates/2022/CVE-2022-1557-19a7dd3894c625a145c40adc74330444.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ULeak Security & Monitoring Plugin <= 1.2.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uleak-security-dashboard/"
     google-query: inurl:"/wp-content/plugins/uleak-security-dashboard/"
     shodan-query: 'vuln:CVE-2022-1557'
-  tags: cve,wordpress,wp-plugin,uleak-security-dashboard,medium
+  tags: cve,wordpress,wp-plugin,uleak-security-dashboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1558-c8c8f457de7ea311efa222b66a51a434.yaml b/nuclei-templates/2022/CVE-2022-1558-c8c8f457de7ea311efa222b66a51a434.yaml
index efb17ea585..9db87e3865 100644
--- a/nuclei-templates/2022/CVE-2022-1558-c8c8f457de7ea311efa222b66a51a434.yaml
+++ b/nuclei-templates/2022/CVE-2022-1558-c8c8f457de7ea311efa222b66a51a434.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Curtain <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/curtain/"
     google-query: inurl:"/wp-content/plugins/curtain/"
     shodan-query: 'vuln:CVE-2022-1558'
-  tags: cve,wordpress,wp-plugin,curtain,medium
+  tags: cve,wordpress,wp-plugin,curtain,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1559-e96b7ac8a29e8b231c1f7265734f9442.yaml b/nuclei-templates/2022/CVE-2022-1559-e96b7ac8a29e8b231c1f7265734f9442.yaml
index 30609f8d8f..2c5ffbb6e4 100644
--- a/nuclei-templates/2022/CVE-2022-1559-e96b7ac8a29e8b231c1f7265734f9442.yaml
+++ b/nuclei-templates/2022/CVE-2022-1559-e96b7ac8a29e8b231c1f7265734f9442.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clipr/"
     google-query: inurl:"/wp-content/plugins/clipr/"
     shodan-query: 'vuln:CVE-2022-1559'
-  tags: cve,wordpress,wp-plugin,clipr,medium
+  tags: cve,wordpress,wp-plugin,clipr,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1560-f5cc690dc04197cd95b8aba840195297.yaml b/nuclei-templates/2022/CVE-2022-1560-f5cc690dc04197cd95b8aba840195297.yaml
index e275368ea9..a600ae428d 100644
--- a/nuclei-templates/2022/CVE-2022-1560-f5cc690dc04197cd95b8aba840195297.yaml
+++ b/nuclei-templates/2022/CVE-2022-1560-f5cc690dc04197cd95b8aba840195297.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Amministrazione Aperta <= 3.7.3 - Admin+ Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Amministrazione Aperta WordPress plugin through 3.7.3 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amministrazione-aperta/"
     google-query: inurl:"/wp-content/plugins/amministrazione-aperta/"
     shodan-query: 'vuln:CVE-2022-1560'
-  tags: cve,wordpress,wp-plugin,amministrazione-aperta,medium
+  tags: cve,wordpress,wp-plugin,amministrazione-aperta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1562-de18c34baf9718449b89d0d38543217b.yaml b/nuclei-templates/2022/CVE-2022-1562-de18c34baf9718449b89d0d38543217b.yaml
index fc556c5fe9..4499bd6fa0 100644
--- a/nuclei-templates/2022/CVE-2022-1562-de18c34baf9718449b89d0d38543217b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1562-de18c34baf9718449b89d0d38543217b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enable SVG <= 1.3.1 - Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enable-svg/"
     google-query: inurl:"/wp-content/plugins/enable-svg/"
     shodan-query: 'vuln:CVE-2022-1562'
-  tags: cve,wordpress,wp-plugin,enable-svg,medium
+  tags: cve,wordpress,wp-plugin,enable-svg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1564-fd28c2a8a8ece88ce28c75cf84e47383.yaml b/nuclei-templates/2022/CVE-2022-1564-fd28c2a8a8ece88ce28c75cf84e47383.yaml
index b89ef0fa8f..7ceaee3da0 100644
--- a/nuclei-templates/2022/CVE-2022-1564-fd28c2a8a8ece88ce28c75cf84e47383.yaml
+++ b/nuclei-templates/2022/CVE-2022-1564-fd28c2a8a8ece88ce28c75cf84e47383.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Maker <= 1.14.11 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-maker/"
     google-query: inurl:"/wp-content/plugins/form-maker/"
     shodan-query: 'vuln:CVE-2022-1564'
-  tags: cve,wordpress,wp-plugin,form-maker,medium
+  tags: cve,wordpress,wp-plugin,form-maker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1566-88df46a6830158391aaf7619c151706b.yaml b/nuclei-templates/2022/CVE-2022-1566-88df46a6830158391aaf7619c151706b.yaml
index e2711d70d9..3de45f8bbf 100644
--- a/nuclei-templates/2022/CVE-2022-1566-88df46a6830158391aaf7619c151706b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1566-88df46a6830158391aaf7619c151706b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quotes llama <= 0.7 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quotes-llama/"
     google-query: inurl:"/wp-content/plugins/quotes-llama/"
     shodan-query: 'vuln:CVE-2022-1566'
-  tags: cve,wordpress,wp-plugin,quotes-llama,medium
+  tags: cve,wordpress,wp-plugin,quotes-llama,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1568-68a19dcbafa893fee0f134b5b9682816.yaml b/nuclei-templates/2022/CVE-2022-1568-68a19dcbafa893fee0f134b5b9682816.yaml
index 577f14b0c4..9eca77c4c6 100644
--- a/nuclei-templates/2022/CVE-2022-1568-68a19dcbafa893fee0f134b5b9682816.yaml
+++ b/nuclei-templates/2022/CVE-2022-1568-68a19dcbafa893fee0f134b5b9682816.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Team Members <= 5.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/team-members/"
     google-query: inurl:"/wp-content/plugins/team-members/"
     shodan-query: 'vuln:CVE-2022-1568'
-  tags: cve,wordpress,wp-plugin,team-members,medium
+  tags: cve,wordpress,wp-plugin,team-members,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1569-fad10c5df0d12e13e57389567502ed4b.yaml b/nuclei-templates/2022/CVE-2022-1569-fad10c5df0d12e13e57389567502ed4b.yaml
index ae46f94622..63fd1a3838 100644
--- a/nuclei-templates/2022/CVE-2022-1569-fad10c5df0d12e13e57389567502ed4b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1569-fad10c5df0d12e13e57389567502ed4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Forms by Pie Forms <= 1.4.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pie-forms-for-wp/"
     google-query: inurl:"/wp-content/plugins/pie-forms-for-wp/"
     shodan-query: 'vuln:CVE-2022-1569'
-  tags: cve,wordpress,wp-plugin,pie-forms-for-wp,medium
+  tags: cve,wordpress,wp-plugin,pie-forms-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1570-83711b9f4415eeef12b96843272e6f77.yaml b/nuclei-templates/2022/CVE-2022-1570-83711b9f4415eeef12b96843272e6f77.yaml
index d9201f2398..0f93f1eaa7 100644
--- a/nuclei-templates/2022/CVE-2022-1570-83711b9f4415eeef12b96843272e6f77.yaml
+++ b/nuclei-templates/2022/CVE-2022-1570-83711b9f4415eeef12b96843272e6f77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Files Download Delay <= 1.0.6 - Missing Authorization to Settings Reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/files-download-delay/"
     google-query: inurl:"/wp-content/plugins/files-download-delay/"
     shodan-query: 'vuln:CVE-2022-1570'
-  tags: cve,wordpress,wp-plugin,files-download-delay,medium
+  tags: cve,wordpress,wp-plugin,files-download-delay,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1573-fcada36c51980400d6b77ffead4b0c1b.yaml b/nuclei-templates/2022/CVE-2022-1573-fcada36c51980400d6b77ffead4b0c1b.yaml
index 2786cb85e8..9bc44771bf 100644
--- a/nuclei-templates/2022/CVE-2022-1573-fcada36c51980400d6b77ffead4b0c1b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1573-fcada36c51980400d6b77ffead4b0c1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML2WP <= 1.0.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html2wp/"
     google-query: inurl:"/wp-content/plugins/html2wp/"
     shodan-query: 'vuln:CVE-2022-1573'
-  tags: cve,wordpress,wp-plugin,html2wp,high
+  tags: cve,wordpress,wp-plugin,html2wp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1576-12a42b489a4f41309029bce2b7df59b4.yaml b/nuclei-templates/2022/CVE-2022-1576-12a42b489a4f41309029bce2b7df59b4.yaml
index b9af8b5e16..5ccf137cc3 100644
--- a/nuclei-templates/2022/CVE-2022-1576-12a42b489a4f41309029bce2b7df59b4.yaml
+++ b/nuclei-templates/2022/CVE-2022-1576-12a42b489a4f41309029bce2b7df59b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Maintenance Mode & Coming Soon <= 2.4.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Maintenance Mode & Coming Soon plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.4. This is due to missing nonce validation on the reset_plugin_settings, subscribers_empty_list, dismiss_notices, subscribers_export, add_subscriber, & send_contact functions. This makes it possible for unauthenticated attackers to perform a variety of actions such as emptying the subscribers list and resetting the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/"
     shodan-query: 'vuln:CVE-2022-1576'
-  tags: cve,wordpress,wp-plugin,wp-maintenance-mode,high
+  tags: cve,wordpress,wp-plugin,wp-maintenance-mode,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1577-5741da0b171618ff87448def21553be2.yaml b/nuclei-templates/2022/CVE-2022-1577-5741da0b171618ff87448def21553be2.yaml
index fc64622412..75dbcc60e8 100644
--- a/nuclei-templates/2022/CVE-2022-1577-5741da0b171618ff87448def21553be2.yaml
+++ b/nuclei-templates/2022/CVE-2022-1577-5741da0b171618ff87448def21553be2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Database Backup for WordPress <= 2.5.1 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-db-backup/"
     google-query: inurl:"/wp-content/plugins/wp-db-backup/"
     shodan-query: 'vuln:CVE-2022-1577'
-  tags: cve,wordpress,wp-plugin,wp-db-backup,high
+  tags: cve,wordpress,wp-plugin,wp-db-backup,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1578-ca85fcbf44c8f529ecdfa95b175d7b9b.yaml b/nuclei-templates/2022/CVE-2022-1578-ca85fcbf44c8f529ecdfa95b175d7b9b.yaml
index 2591baacf3..63f747a53b 100644
--- a/nuclei-templates/2022/CVE-2022-1578-ca85fcbf44c8f529ecdfa95b175d7b9b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1578-ca85fcbf44c8f529ecdfa95b175d7b9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My wpdb <= 1.1.12 - Cross-Site Request Forgery to Arbitrary SQL Query Execution
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The My wpdb plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.12. This is due to missing or incorrect nonce validation on functions executing SQL queries. This makes it possible for unauthenticated attackers to execute arbitrary SQL queries, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-wpdb/"
     google-query: inurl:"/wp-content/plugins/my-wpdb/"
     shodan-query: 'vuln:CVE-2022-1578'
-  tags: cve,wordpress,wp-plugin,my-wpdb,high
+  tags: cve,wordpress,wp-plugin,my-wpdb,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1582-39407bfbd26cec40aa785db15ec93f9b.yaml b/nuclei-templates/2022/CVE-2022-1582-39407bfbd26cec40aa785db15ec93f9b.yaml
index 0b43e4ed1b..329b80ef90 100644
--- a/nuclei-templates/2022/CVE-2022-1582-39407bfbd26cec40aa785db15ec93f9b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1582-39407bfbd26cec40aa785db15ec93f9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     External Links in New Window / New Tab <= 1.42 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/open-external-links-in-a-new-window/"
     google-query: inurl:"/wp-content/plugins/open-external-links-in-a-new-window/"
     shodan-query: 'vuln:CVE-2022-1582'
-  tags: cve,wordpress,wp-plugin,open-external-links-in-a-new-window,medium
+  tags: cve,wordpress,wp-plugin,open-external-links-in-a-new-window,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1589-4490549b2215d97aa7dcad6a865e6752.yaml b/nuclei-templates/2022/CVE-2022-1589-4490549b2215d97aa7dcad6a865e6752.yaml
index 34192a91e9..b5a605dafb 100644
--- a/nuclei-templates/2022/CVE-2022-1589-4490549b2215d97aa7dcad6a865e6752.yaml
+++ b/nuclei-templates/2022/CVE-2022-1589-4490549b2215d97aa7dcad6a865e6752.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Change WP Admin Login <= 1.0.9 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Change WP Admin Login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/change-wp-admin-login/"
     google-query: inurl:"/wp-content/plugins/change-wp-admin-login/"
     shodan-query: 'vuln:CVE-2022-1589'
-  tags: cve,wordpress,wp-plugin,change-wp-admin-login,medium
+  tags: cve,wordpress,wp-plugin,change-wp-admin-login,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1593-fcfe12c9ab0b540a8002a6b623d72f95.yaml b/nuclei-templates/2022/CVE-2022-1593-fcfe12c9ab0b540a8002a6b623d72f95.yaml
index 4bc61e329c..5c9f910ad2 100644
--- a/nuclei-templates/2022/CVE-2022-1593-fcfe12c9ab0b540a8002a6b623d72f95.yaml
+++ b/nuclei-templates/2022/CVE-2022-1593-fcfe12c9ab0b540a8002a6b623d72f95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Offline or Coming Soon <= 1.6.6 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-is-offline-plugin/"
     google-query: inurl:"/wp-content/plugins/site-is-offline-plugin/"
     shodan-query: 'vuln:CVE-2022-1593'
-  tags: cve,wordpress,wp-plugin,site-is-offline-plugin,critical
+  tags: cve,wordpress,wp-plugin,site-is-offline-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1594-7ac6b90fc34536c09d99f508147f9181.yaml b/nuclei-templates/2022/CVE-2022-1594-7ac6b90fc34536c09d99f508147f9181.yaml
index c3f0d141b3..f7dd4a8244 100644
--- a/nuclei-templates/2022/CVE-2022-1594-7ac6b90fc34536c09d99f508147f9181.yaml
+++ b/nuclei-templates/2022/CVE-2022-1594-7ac6b90fc34536c09d99f508147f9181.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HC Custom WP-Admin URL <= 1.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hc-custom-wp-admin-url/"
     google-query: inurl:"/wp-content/plugins/hc-custom-wp-admin-url/"
     shodan-query: 'vuln:CVE-2022-1594'
-  tags: cve,wordpress,wp-plugin,hc-custom-wp-admin-url,critical
+  tags: cve,wordpress,wp-plugin,hc-custom-wp-admin-url,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1603-04389ec3013ce0dc7cd91731fa525c48.yaml b/nuclei-templates/2022/CVE-2022-1603-04389ec3013ce0dc7cd91731fa525c48.yaml
index f7af9a2c46..d714e517a8 100644
--- a/nuclei-templates/2022/CVE-2022-1603-04389ec3013ce0dc7cd91731fa525c48.yaml
+++ b/nuclei-templates/2022/CVE-2022-1603-04389ec3013ce0dc7cd91731fa525c48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Subscribe List <= 2.1.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-subscribe-list/"
     google-query: inurl:"/wp-content/plugins/mail-subscribe-list/"
     shodan-query: 'vuln:CVE-2022-1603'
-  tags: cve,wordpress,wp-plugin,mail-subscribe-list,high
+  tags: cve,wordpress,wp-plugin,mail-subscribe-list,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1605-f8b327a38c9f793227404396765e7078.yaml b/nuclei-templates/2022/CVE-2022-1605-f8b327a38c9f793227404396765e7078.yaml
index 38c2bc4d58..e7ea69ce8e 100644
--- a/nuclei-templates/2022/CVE-2022-1605-f8b327a38c9f793227404396765e7078.yaml
+++ b/nuclei-templates/2022/CVE-2022-1605-f8b327a38c9f793227404396765e7078.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Users <= 4.8.8 - Arbitrary Settings Update via Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-users/"
     google-query: inurl:"/wp-content/plugins/email-users/"
     shodan-query: 'vuln:CVE-2022-1605'
-  tags: cve,wordpress,wp-plugin,email-users,high
+  tags: cve,wordpress,wp-plugin,email-users,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1608-6b8f7b7b7105323e383724ec1fbf543e.yaml b/nuclei-templates/2022/CVE-2022-1608-6b8f7b7b7105323e383724ec1fbf543e.yaml
index 8bf090f6a6..88832082c8 100644
--- a/nuclei-templates/2022/CVE-2022-1608-6b8f7b7b7105323e383724ec1fbf543e.yaml
+++ b/nuclei-templates/2022/CVE-2022-1608-6b8f7b7b7105323e383724ec1fbf543e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OnePress Social Locker <= 5.6.2 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-locker/"
     google-query: inurl:"/wp-content/plugins/social-locker/"
     shodan-query: 'vuln:CVE-2022-1608'
-  tags: cve,wordpress,wp-plugin,social-locker,high
+  tags: cve,wordpress,wp-plugin,social-locker,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1610-0f1cce8b3f6cc44f06846edd384bb3d3.yaml b/nuclei-templates/2022/CVE-2022-1610-0f1cce8b3f6cc44f06846edd384bb3d3.yaml
index 19d45c6b2f..70e9dd9328 100644
--- a/nuclei-templates/2022/CVE-2022-1610-0f1cce8b3f6cc44f06846edd384bb3d3.yaml
+++ b/nuclei-templates/2022/CVE-2022-1610-0f1cce8b3f6cc44f06846edd384bb3d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal <= 5.1.7 - Cross-Site Request Forgery to Settings Chage
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Seamless Donations WordPress plugin before 5.1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seamless-donations/"
     google-query: inurl:"/wp-content/plugins/seamless-donations/"
     shodan-query: 'vuln:CVE-2022-1610'
-  tags: cve,wordpress,wp-plugin,seamless-donations,high
+  tags: cve,wordpress,wp-plugin,seamless-donations,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1611-8f6754331835c0e520f1fdc12e539318.yaml b/nuclei-templates/2022/CVE-2022-1611-8f6754331835c0e520f1fdc12e539318.yaml
index eb511f4577..e4c73a64be 100644
--- a/nuclei-templates/2022/CVE-2022-1611-8f6754331835c0e520f1fdc12e539318.yaml
+++ b/nuclei-templates/2022/CVE-2022-1611-8f6754331835c0e520f1fdc12e539318.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bulk Page Creator <= 1.1.3 - Cross-Site Request Forgery to Arbitrary Page Creation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-page-creator/"
     google-query: inurl:"/wp-content/plugins/bulk-page-creator/"
     shodan-query: 'vuln:CVE-2022-1611'
-  tags: cve,wordpress,wp-plugin,bulk-page-creator,high
+  tags: cve,wordpress,wp-plugin,bulk-page-creator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1612-65f94ea0710a1cc5f2df8da6f9883ee7.yaml b/nuclei-templates/2022/CVE-2022-1612-65f94ea0710a1cc5f2df8da6f9883ee7.yaml
index bbf12be01e..0e75f7ef50 100644
--- a/nuclei-templates/2022/CVE-2022-1612-65f94ea0710a1cc5f2df8da6f9883ee7.yaml
+++ b/nuclei-templates/2022/CVE-2022-1612-65f94ea0710a1cc5f2df8da6f9883ee7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Webriti SMTP Mail <= 1.0 - Cross-Site Request Forgery to options update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webriti-smtp-mail/"
     google-query: inurl:"/wp-content/plugins/webriti-smtp-mail/"
     shodan-query: 'vuln:CVE-2022-1612'
-  tags: cve,wordpress,wp-plugin,webriti-smtp-mail,high
+  tags: cve,wordpress,wp-plugin,webriti-smtp-mail,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1618-55f7bc7dbafb42aecc9f8ebab372d604.yaml b/nuclei-templates/2022/CVE-2022-1618-55f7bc7dbafb42aecc9f8ebab372d604.yaml
index 8989239d49..29a472f74d 100644
--- a/nuclei-templates/2022/CVE-2022-1618-55f7bc7dbafb42aecc9f8ebab372d604.yaml
+++ b/nuclei-templates/2022/CVE-2022-1618-55f7bc7dbafb42aecc9f8ebab372d604.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coru LFMember <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Tracked Tweets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2.9. This is due to missing nonce validation via the coru_lfmember_admin page. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coru-lfmember/"
     google-query: inurl:"/wp-content/plugins/coru-lfmember/"
     shodan-query: 'vuln:CVE-2022-1618'
-  tags: cve,wordpress,wp-plugin,coru-lfmember,high
+  tags: cve,wordpress,wp-plugin,coru-lfmember,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1624-b7b0638727516de291f017e208e485cf.yaml b/nuclei-templates/2022/CVE-2022-1624-b7b0638727516de291f017e208e485cf.yaml
index 3780726b4a..2e240d9386 100644
--- a/nuclei-templates/2022/CVE-2022-1624-b7b0638727516de291f017e208e485cf.yaml
+++ b/nuclei-templates/2022/CVE-2022-1624-b7b0638727516de291f017e208e485cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/latest-tweets-widget/"
     google-query: inurl:"/wp-content/plugins/latest-tweets-widget/"
     shodan-query: 'vuln:CVE-2022-1624'
-  tags: cve,wordpress,wp-plugin,latest-tweets-widget,high
+  tags: cve,wordpress,wp-plugin,latest-tweets-widget,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1625-0e6d3f2d08066d7cff85e87321056d7c.yaml b/nuclei-templates/2022/CVE-2022-1625-0e6d3f2d08066d7cff85e87321056d7c.yaml
index ceb5eb6fa0..54d0c288dd 100644
--- a/nuclei-templates/2022/CVE-2022-1625-0e6d3f2d08066d7cff85e87321056d7c.yaml
+++ b/nuclei-templates/2022/CVE-2022-1625-0e6d3f2d08066d7cff85e87321056d7c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     New User Approve <= 2.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The New User Approve WordPress plugin before 2.4.1 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/new-user-approve/"
     google-query: inurl:"/wp-content/plugins/new-user-approve/"
     shodan-query: 'vuln:CVE-2022-1625'
-  tags: cve,wordpress,wp-plugin,new-user-approve,critical
+  tags: cve,wordpress,wp-plugin,new-user-approve,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1626-c6abae1f3b36418b8b7ce31e542cc230.yaml b/nuclei-templates/2022/CVE-2022-1626-c6abae1f3b36418b8b7ce31e542cc230.yaml
index 8fd60ec3fb..5ebf3a3c1d 100644
--- a/nuclei-templates/2022/CVE-2022-1626-c6abae1f3b36418b8b7ce31e542cc230.yaml
+++ b/nuclei-templates/2022/CVE-2022-1626-c6abae1f3b36418b8b7ce31e542cc230.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sharebar <= 1.4.1 - Cross-Site Request Forgery to Settings Update & Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sharebar/"
     google-query: inurl:"/wp-content/plugins/sharebar/"
     shodan-query: 'vuln:CVE-2022-1626'
-  tags: cve,wordpress,wp-plugin,sharebar,high
+  tags: cve,wordpress,wp-plugin,sharebar,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1627-a1936a4a25a96962401af7be405882a8.yaml b/nuclei-templates/2022/CVE-2022-1627-a1936a4a25a96962401af7be405882a8.yaml
index 7c49377fc7..823518538f 100644
--- a/nuclei-templates/2022/CVE-2022-1627-a1936a4a25a96962401af7be405882a8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1627-a1936a4a25a96962401af7be405882a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Private Site <= 3.0.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The plugin My Private Site for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.7. This is due to missing or incorrect nonce validation in the my_private_site_tab_advanced_process_buttons function. This makes it possible for unauthenticated attackers to inject malicious JavaScript, that will execute whenever a user accesses the /my_private_site_tab_advanced_process_buttons page, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jonradio-private-site/"
     google-query: inurl:"/wp-content/plugins/jonradio-private-site/"
     shodan-query: 'vuln:CVE-2022-1627'
-  tags: cve,wordpress,wp-plugin,jonradio-private-site,high
+  tags: cve,wordpress,wp-plugin,jonradio-private-site,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1628-5acab9ad0ccb5e44fc932f6fa0ba244a.yaml b/nuclei-templates/2022/CVE-2022-1628-5acab9ad0ccb5e44fc932f6fa0ba244a.yaml
index 208d24b708..770390d1d6 100644
--- a/nuclei-templates/2022/CVE-2022-1628-5acab9ad0ccb5e44fc932f6fa0ba244a.yaml
+++ b/nuclei-templates/2022/CVE-2022-1628-5acab9ad0ccb5e44fc932f6fa0ba244a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple SEO <= 1.7.91 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cds-simple-seo/"
     google-query: inurl:"/wp-content/plugins/cds-simple-seo/"
     shodan-query: 'vuln:CVE-2022-1628'
-  tags: cve,wordpress,wp-plugin,cds-simple-seo,medium
+  tags: cve,wordpress,wp-plugin,cds-simple-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1643-c350cdbcabbf0c6c2cbe275725809f83.yaml b/nuclei-templates/2022/CVE-2022-1643-c350cdbcabbf0c6c2cbe275725809f83.yaml
index 6ee81a61f4..48028848ab 100644
--- a/nuclei-templates/2022/CVE-2022-1643-c350cdbcabbf0c6c2cbe275725809f83.yaml
+++ b/nuclei-templates/2022/CVE-2022-1643-c350cdbcabbf0c6c2cbe275725809f83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Birthdays Widget <= 1.7.18 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/birthdays-widget/"
     google-query: inurl:"/wp-content/plugins/birthdays-widget/"
     shodan-query: 'vuln:CVE-2022-1643'
-  tags: cve,wordpress,wp-plugin,birthdays-widget,medium
+  tags: cve,wordpress,wp-plugin,birthdays-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1644-2ea25ed58e645deebc4c9ee26219463e.yaml b/nuclei-templates/2022/CVE-2022-1644-2ea25ed58e645deebc4c9ee26219463e.yaml
index 9886371856..949cb61e4a 100644
--- a/nuclei-templates/2022/CVE-2022-1644-2ea25ed58e645deebc4c9ee26219463e.yaml
+++ b/nuclei-templates/2022/CVE-2022-1644-2ea25ed58e645deebc4c9ee26219463e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Call&Book Mobile Bar <= 1.2.2 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/callbook-mobile-bar/"
     google-query: inurl:"/wp-content/plugins/callbook-mobile-bar/"
     shodan-query: 'vuln:CVE-2022-1644'
-  tags: cve,wordpress,wp-plugin,callbook-mobile-bar,medium
+  tags: cve,wordpress,wp-plugin,callbook-mobile-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1645-e8c6c87a94f00d5eab313cc9a401818b.yaml b/nuclei-templates/2022/CVE-2022-1645-e8c6c87a94f00d5eab313cc9a401818b.yaml
index 2c0c22e1c3..514a3d1755 100644
--- a/nuclei-templates/2022/CVE-2022-1645-e8c6c87a94f00d5eab313cc9a401818b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1645-e8c6c87a94f00d5eab313cc9a401818b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Amazon Link <= 3.2.10 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amazon-link/"
     google-query: inurl:"/wp-content/plugins/amazon-link/"
     shodan-query: 'vuln:CVE-2022-1645'
-  tags: cve,wordpress,wp-plugin,amazon-link,medium
+  tags: cve,wordpress,wp-plugin,amazon-link,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1646-b3837018bee9dc0f25b1197bd329be87.yaml b/nuclei-templates/2022/CVE-2022-1646-b3837018bee9dc0f25b1197bd329be87.yaml
index d7d96b942e..357314b295 100644
--- a/nuclei-templates/2022/CVE-2022-1646-b3837018bee9dc0f25b1197bd329be87.yaml
+++ b/nuclei-templates/2022/CVE-2022-1646-b3837018bee9dc0f25b1197bd329be87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Real Estate Pack <= 1.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-real-estate-pack-4/"
     google-query: inurl:"/wp-content/plugins/simple-real-estate-pack-4/"
     shodan-query: 'vuln:CVE-2022-1646'
-  tags: cve,wordpress,wp-plugin,simple-real-estate-pack-4,medium
+  tags: cve,wordpress,wp-plugin,simple-real-estate-pack-4,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1647-02ff6e8f4c50ebc35c46ebd6a0282258.yaml b/nuclei-templates/2022/CVE-2022-1647-02ff6e8f4c50ebc35c46ebd6a0282258.yaml
index 1e4ef9226b..3d7408a930 100644
--- a/nuclei-templates/2022/CVE-2022-1647-02ff6e8f4c50ebc35c46ebd6a0282258.yaml
+++ b/nuclei-templates/2022/CVE-2022-1647-02ff6e8f4c50ebc35c46ebd6a0282258.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FormCraft Basic <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formcraft-form-builder/"
     google-query: inurl:"/wp-content/plugins/formcraft-form-builder/"
     shodan-query: 'vuln:CVE-2022-1647'
-  tags: cve,wordpress,wp-plugin,formcraft-form-builder,medium
+  tags: cve,wordpress,wp-plugin,formcraft-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1653-db671b595a6de4259366a24bfd717a43.yaml b/nuclei-templates/2022/CVE-2022-1653-db671b595a6de4259366a24bfd717a43.yaml
index d38107590f..33f236bb25 100644
--- a/nuclei-templates/2022/CVE-2022-1653-db671b595a6de4259366a24bfd717a43.yaml
+++ b/nuclei-templates/2022/CVE-2022-1653-db671b595a6de4259366a24bfd717a43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-share-buttons-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/social-share-buttons-by-supsystic/"
     shodan-query: 'vuln:CVE-2022-1653'
-  tags: cve,wordpress,wp-plugin,social-share-buttons-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,social-share-buttons-by-supsystic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1654-f3750481cefda659186282ffd61f21aa.yaml b/nuclei-templates/2022/CVE-2022-1654-f3750481cefda659186282ffd61f21aa.yaml
index b3acc2c13f..94ad452c4f 100644
--- a/nuclei-templates/2022/CVE-2022-1654-f3750481cefda659186282ffd61f21aa.yaml
+++ b/nuclei-templates/2022/CVE-2022-1654-f3750481cefda659186282ffd61f21aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.9
     cve-id: CVE-2022-1654
   metadata:
-    fofa-query: "wp-content/plugins/jupiterx-core/"
-    google-query: inurl:"/wp-content/plugins/jupiterx-core/"
+    fofa-query: "wp-content/themes/jupiter/"
+    google-query: inurl:"/wp-content/themes/jupiter/"
     shodan-query: 'vuln:CVE-2022-1654'
-  tags: cve,wordpress,wp-plugin,jupiterx-core,critical
+  tags: cve,wordpress,wp-theme,jupiter,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt"
+      - "{{BaseURL}}/wp-content/themes/jupiter/style.css"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "jupiterx-core"
+          - "jupiter"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.0.7')
\ No newline at end of file
+          - compare_versions(version, '<= 6.10.1')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-1656-0fb4e97ee7da5e51631d72f53857a9d4.yaml b/nuclei-templates/2022/CVE-2022-1656-0fb4e97ee7da5e51631d72f53857a9d4.yaml
index 04d0a7f2dd..39b7e98fa9 100644
--- a/nuclei-templates/2022/CVE-2022-1656-0fb4e97ee7da5e51631d72f53857a9d4.yaml
+++ b/nuclei-templates/2022/CVE-2022-1656-0fb4e97ee7da5e51631d72f53857a9d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Vulnerable versions of the JupiterX Theme allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin. This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2022-1656
   metadata:
-    fofa-query: "wp-content/plugins/jupiterx-core/"
-    google-query: inurl:"/wp-content/plugins/jupiterx-core/"
+    fofa-query: "wp-content/themes/jupiterx/"
+    google-query: inurl:"/wp-content/themes/jupiterx/"
     shodan-query: 'vuln:CVE-2022-1656'
-  tags: cve,wordpress,wp-plugin,jupiterx-core,medium
+  tags: cve,wordpress,wp-theme,jupiterx,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt"
+      - "{{BaseURL}}/wp-content/themes/jupiterx/style.css"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "jupiterx-core"
+          - "jupiterx"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-1657-25e01eb0a9bc2abfaf531fab30be9b46.yaml b/nuclei-templates/2022/CVE-2022-1657-25e01eb0a9bc2abfaf531fab30be9b46.yaml
index 4f345dd965..c14a32d56e 100644
--- a/nuclei-templates/2022/CVE-2022-1657-25e01eb0a9bc2abfaf531fab30be9b46.yaml
+++ b/nuclei-templates/2022/CVE-2022-1657-25e01eb0a9bc2abfaf531fab30be9b46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Vulnerable versions of the Jupiter and JupiterX Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane function. It is possible to use this action to include any local PHP file via the slug parameter. The Jupiter theme has a nearly identical vulnerability which can be exploited via the mka_cp_load_pane_action AJAX action present in the framework/admin/control-panel/logic/functions.php file, which calls the mka_cp_load_pane_action function.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2022-1657
   metadata:
-    fofa-query: "wp-content/themes/jupiter/"
-    google-query: inurl:"/wp-content/themes/jupiter/"
+    fofa-query: "wp-content/themes/jupiterx/"
+    google-query: inurl:"/wp-content/themes/jupiterx/"
     shodan-query: 'vuln:CVE-2022-1657'
-  tags: cve,wordpress,wp-theme,jupiter,high
+  tags: cve,wordpress,wp-theme,jupiterx,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/jupiter/style.css"
+      - "{{BaseURL}}/wp-content/themes/jupiterx/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "jupiter"
+          - "jupiterx"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 6.10.1')
\ No newline at end of file
+          - compare_versions(version, '<= 2.0.6')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-1658-2fbd93f620678f9df8d36f97616c7078.yaml b/nuclei-templates/2022/CVE-2022-1658-2fbd93f620678f9df8d36f97616c7078.yaml
index 4504c595ef..d4873e273a 100644
--- a/nuclei-templates/2022/CVE-2022-1658-2fbd93f620678f9df8d36f97616c7078.yaml
+++ b/nuclei-templates/2022/CVE-2022-1658-2fbd93f620678f9df8d36f97616c7078.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Vulnerable versions of the Jupiter Theme allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/jupiter/"
     google-query: inurl:"/wp-content/themes/jupiter/"
     shodan-query: 'vuln:CVE-2022-1658'
-  tags: cve,wordpress,wp-theme,jupiter,medium
+  tags: cve,wordpress,wp-theme,jupiter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1672-151d3e08592a36d4136c6e83ca9b4d33.yaml b/nuclei-templates/2022/CVE-2022-1672-151d3e08592a36d4136c6e83ca9b4d33.yaml
index 9a2801186c..31413cdc8c 100644
--- a/nuclei-templates/2022/CVE-2022-1672-151d3e08592a36d4136c6e83ca9b4d33.yaml
+++ b/nuclei-templates/2022/CVE-2022-1672-151d3e08592a36d4136c6e83ca9b4d33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Insights from Google PageSpeed <= 4.0.6 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-pagespeed-insights/"
     google-query: inurl:"/wp-content/plugins/google-pagespeed-insights/"
     shodan-query: 'vuln:CVE-2022-1672'
-  tags: cve,wordpress,wp-plugin,google-pagespeed-insights,high
+  tags: cve,wordpress,wp-plugin,google-pagespeed-insights,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1683-96de88df50c13b090e6e70188ce8bb28.yaml b/nuclei-templates/2022/CVE-2022-1683-96de88df50c13b090e6e70188ce8bb28.yaml
index 4fcf189291..09cc756ea7 100644
--- a/nuclei-templates/2022/CVE-2022-1683-96de88df50c13b090e6e70188ce8bb28.yaml
+++ b/nuclei-templates/2022/CVE-2022-1683-96de88df50c13b090e6e70188ce8bb28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     amtyThumb <= 4.2.0 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amtythumb/"
     google-query: inurl:"/wp-content/plugins/amtythumb/"
     shodan-query: 'vuln:CVE-2022-1683'
-  tags: cve,wordpress,wp-plugin,amtythumb,high
+  tags: cve,wordpress,wp-plugin,amtythumb,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1684-bee7ee097d9c2854b2e0df3652ff1065.yaml b/nuclei-templates/2022/CVE-2022-1684-bee7ee097d9c2854b2e0df3652ff1065.yaml
index 1241407fa6..d2619dc1a7 100644
--- a/nuclei-templates/2022/CVE-2022-1684-bee7ee097d9c2854b2e0df3652ff1065.yaml
+++ b/nuclei-templates/2022/CVE-2022-1684-bee7ee097d9c2854b2e0df3652ff1065.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CUBE SLIDER <= 1.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cube-slider/"
     google-query: inurl:"/wp-content/plugins/cube-slider/"
     shodan-query: 'vuln:CVE-2022-1684'
-  tags: cve,wordpress,wp-plugin,cube-slider,high
+  tags: cve,wordpress,wp-plugin,cube-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1685-22c242de8477403c11aa170395108645.yaml b/nuclei-templates/2022/CVE-2022-1685-22c242de8477403c11aa170395108645.yaml
index a847c17c25..a621f98a32 100644
--- a/nuclei-templates/2022/CVE-2022-1685-22c242de8477403c11aa170395108645.yaml
+++ b/nuclei-templates/2022/CVE-2022-1685-22c242de8477403c11aa170395108645.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Five Minute Webshop <= 1.3.2 - Authenticated (Admin+) SQL Injection via orderby
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/five-minute-webshop/"
     google-query: inurl:"/wp-content/plugins/five-minute-webshop/"
     shodan-query: 'vuln:CVE-2022-1685'
-  tags: cve,wordpress,wp-plugin,five-minute-webshop,high
+  tags: cve,wordpress,wp-plugin,five-minute-webshop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1686-8eccbee0dd1899147fba577f29a00bda.yaml b/nuclei-templates/2022/CVE-2022-1686-8eccbee0dd1899147fba577f29a00bda.yaml
index 5c979b2845..8d474ecd7b 100644
--- a/nuclei-templates/2022/CVE-2022-1686-8eccbee0dd1899147fba577f29a00bda.yaml
+++ b/nuclei-templates/2022/CVE-2022-1686-8eccbee0dd1899147fba577f29a00bda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Five Minute Webshop <= 1.3.2 - Authenticated (Admin+) SQL Injection via id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/five-minute-webshop/"
     google-query: inurl:"/wp-content/plugins/five-minute-webshop/"
     shodan-query: 'vuln:CVE-2022-1686'
-  tags: cve,wordpress,wp-plugin,five-minute-webshop,high
+  tags: cve,wordpress,wp-plugin,five-minute-webshop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1687-810ed483cc25df9feef2344d7fe0063d.yaml b/nuclei-templates/2022/CVE-2022-1687-810ed483cc25df9feef2344d7fe0063d.yaml
index 9e50727269..f945712abf 100644
--- a/nuclei-templates/2022/CVE-2022-1687-810ed483cc25df9feef2344d7fe0063d.yaml
+++ b/nuclei-templates/2022/CVE-2022-1687-810ed483cc25df9feef2344d7fe0063d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Logo Slider <= 1.4.8 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/logo-slider/"
     google-query: inurl:"/wp-content/plugins/logo-slider/"
     shodan-query: 'vuln:CVE-2022-1687'
-  tags: cve,wordpress,wp-plugin,logo-slider,high
+  tags: cve,wordpress,wp-plugin,logo-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1688-c6243b9dee6460614115df8351692603.yaml b/nuclei-templates/2022/CVE-2022-1688-c6243b9dee6460614115df8351692603.yaml
index 0f18a6be58..e5899bb463 100644
--- a/nuclei-templates/2022/CVE-2022-1688-c6243b9dee6460614115df8351692603.yaml
+++ b/nuclei-templates/2022/CVE-2022-1688-c6243b9dee6460614115df8351692603.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via ids Parameter
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/note-press/"
     google-query: inurl:"/wp-content/plugins/note-press/"
     shodan-query: 'vuln:CVE-2022-1688'
-  tags: cve,wordpress,wp-plugin,note-press,high
+  tags: cve,wordpress,wp-plugin,note-press,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1689-8247dd9e5bbd39d391956bd6159727f9.yaml b/nuclei-templates/2022/CVE-2022-1689-8247dd9e5bbd39d391956bd6159727f9.yaml
index 788ee30e1e..3a7b0d9043 100644
--- a/nuclei-templates/2022/CVE-2022-1689-8247dd9e5bbd39d391956bd6159727f9.yaml
+++ b/nuclei-templates/2022/CVE-2022-1689-8247dd9e5bbd39d391956bd6159727f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/note-press/"
     google-query: inurl:"/wp-content/plugins/note-press/"
     shodan-query: 'vuln:CVE-2022-1689'
-  tags: cve,wordpress,wp-plugin,note-press,high
+  tags: cve,wordpress,wp-plugin,note-press,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1690-8825e85de759f44127189c61a2caf509.yaml b/nuclei-templates/2022/CVE-2022-1690-8825e85de759f44127189c61a2caf509.yaml
index 77a96c6369..5adcd61ce9 100644
--- a/nuclei-templates/2022/CVE-2022-1690-8825e85de759f44127189c61a2caf509.yaml
+++ b/nuclei-templates/2022/CVE-2022-1690-8825e85de759f44127189c61a2caf509.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via id Parameter
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/note-press/"
     google-query: inurl:"/wp-content/plugins/note-press/"
     shodan-query: 'vuln:CVE-2022-1690'
-  tags: cve,wordpress,wp-plugin,note-press,high
+  tags: cve,wordpress,wp-plugin,note-press,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1691-3eb72b31a7a3f042d44188428aa0f9df.yaml b/nuclei-templates/2022/CVE-2022-1691-3eb72b31a7a3f042d44188428aa0f9df.yaml
index 6f24fa5e23..881bb70422 100644
--- a/nuclei-templates/2022/CVE-2022-1691-3eb72b31a7a3f042d44188428aa0f9df.yaml
+++ b/nuclei-templates/2022/CVE-2022-1691-3eb72b31a7a3f042d44188428aa0f9df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Realty Workstation <= 1.0.9 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Realty Workstation WordPress plugin through 1.0.9 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/realty-workstation/"
     google-query: inurl:"/wp-content/plugins/realty-workstation/"
     shodan-query: 'vuln:CVE-2022-1691'
-  tags: cve,wordpress,wp-plugin,realty-workstation,high
+  tags: cve,wordpress,wp-plugin,realty-workstation,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1694-663fd6040ba08a6cf95a5d56aa372c7d.yaml b/nuclei-templates/2022/CVE-2022-1694-663fd6040ba08a6cf95a5d56aa372c7d.yaml
index 72d312ce1e..891f364f20 100644
--- a/nuclei-templates/2022/CVE-2022-1694-663fd6040ba08a6cf95a5d56aa372c7d.yaml
+++ b/nuclei-templates/2022/CVE-2022-1694-663fd6040ba08a6cf95a5d56aa372c7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Useful Banner Manager <= 1.6.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/useful-banner-manager/"
     google-query: inurl:"/wp-content/plugins/useful-banner-manager/"
     shodan-query: 'vuln:CVE-2022-1694'
-  tags: cve,wordpress,wp-plugin,useful-banner-manager,high
+  tags: cve,wordpress,wp-plugin,useful-banner-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1695-1bd642d2e3ff9973b88e9924e704fbb7.yaml b/nuclei-templates/2022/CVE-2022-1695-1bd642d2e3ff9973b88e9924e704fbb7.yaml
index 48384f784e..ece5375994 100644
--- a/nuclei-templates/2022/CVE-2022-1695-1bd642d2e3ff9973b88e9924e704fbb7.yaml
+++ b/nuclei-templates/2022/CVE-2022-1695-1bd642d2e3ff9973b88e9924e704fbb7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Simple Adsense Insertion <= 2.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-plugin-for-simple-google-adsense-insertion/"
     google-query: inurl:"/wp-content/plugins/wordpress-plugin-for-simple-google-adsense-insertion/"
     shodan-query: 'vuln:CVE-2022-1695'
-  tags: cve,wordpress,wp-plugin,wordpress-plugin-for-simple-google-adsense-insertion,high
+  tags: cve,wordpress,wp-plugin,wordpress-plugin-for-simple-google-adsense-insertion,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1709-36c982ede7470d2e3e88a740557c4530.yaml b/nuclei-templates/2022/CVE-2022-1709-36c982ede7470d2e3e88a740557c4530.yaml
index e081277748..43bdc34519 100644
--- a/nuclei-templates/2022/CVE-2022-1709-36c982ede7470d2e3e88a740557c4530.yaml
+++ b/nuclei-templates/2022/CVE-2022-1709-36c982ede7470d2e3e88a740557c4530.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Throws SPAM Away <= 3.3 - Cross-Site Request Forgery to Comment Modification
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/throws-spam-away/"
     google-query: inurl:"/wp-content/plugins/throws-spam-away/"
     shodan-query: 'vuln:CVE-2022-1709'
-  tags: cve,wordpress,wp-plugin,throws-spam-away,high
+  tags: cve,wordpress,wp-plugin,throws-spam-away,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1710-49498beeab40d799abe54105f37dda52.yaml b/nuclei-templates/2022/CVE-2022-1710-49498beeab40d799abe54105f37dda52.yaml
index 25eb1693c0..60640fdbbf 100644
--- a/nuclei-templates/2022/CVE-2022-1710-49498beeab40d799abe54105f37dda52.yaml
+++ b/nuclei-templates/2022/CVE-2022-1710-49498beeab40d799abe54105f37dda52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Hour Booking <= 1.3.55 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/appointment-hour-booking/"
     google-query: inurl:"/wp-content/plugins/appointment-hour-booking/"
     shodan-query: 'vuln:CVE-2022-1710'
-  tags: cve,wordpress,wp-plugin,appointment-hour-booking,medium
+  tags: cve,wordpress,wp-plugin,appointment-hour-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1712-38a3278b44badbc6201e3e06953e0d59.yaml b/nuclei-templates/2022/CVE-2022-1712-38a3278b44badbc6201e3e06953e0d59.yaml
index 59d07e4d6d..dff8964388 100644
--- a/nuclei-templates/2022/CVE-2022-1712-38a3278b44badbc6201e3e06953e0d59.yaml
+++ b/nuclei-templates/2022/CVE-2022-1712-38a3278b44badbc6201e3e06953e0d59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LiveSync for WordPress <= 1.0 - Cross-Site Request Forgery to Arbitrary Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/livesync/"
     google-query: inurl:"/wp-content/plugins/livesync/"
     shodan-query: 'vuln:CVE-2022-1712'
-  tags: cve,wordpress,wp-plugin,livesync,high
+  tags: cve,wordpress,wp-plugin,livesync,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1717-e1e48d10961945b3a2fc571529bab9c7.yaml b/nuclei-templates/2022/CVE-2022-1717-e1e48d10961945b3a2fc571529bab9c7.yaml
index a1864257b9..fdcf6979ba 100644
--- a/nuclei-templates/2022/CVE-2022-1717-e1e48d10961945b3a2fc571529bab9c7.yaml
+++ b/nuclei-templates/2022/CVE-2022-1717-e1e48d10961945b3a2fc571529bab9c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Share Buttons with Floating Sidebar <= 4.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Custom Share Buttons with Floating Sidebar plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.1 via several parameters. This makes it possible for authenticated attackers to inject arbitrary web scripts that may execute when a victim accesses a page containing the malicious payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-share-buttons-with-floating-sidebar/"
     google-query: inurl:"/wp-content/plugins/custom-share-buttons-with-floating-sidebar/"
     shodan-query: 'vuln:CVE-2022-1717'
-  tags: cve,wordpress,wp-plugin,custom-share-buttons-with-floating-sidebar,medium
+  tags: cve,wordpress,wp-plugin,custom-share-buttons-with-floating-sidebar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1749-de57c9c6347745d9dac6d12ee00f13b8.yaml b/nuclei-templates/2022/CVE-2022-1749-de57c9c6347745d9dac6d12ee00f13b8.yaml
index 3b41098d86..8732e321bf 100644
--- a/nuclei-templates/2022/CVE-2022-1749-de57c9c6347745d9dac6d12ee00f13b8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1749-de57c9c6347745d9dac6d12ee00f13b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPMK Ajax Finder <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/find-any-think/"
     google-query: inurl:"/wp-content/plugins/find-any-think/"
     shodan-query: 'vuln:CVE-2022-1749'
-  tags: cve,wordpress,wp-plugin,find-any-think,high
+  tags: cve,wordpress,wp-plugin,find-any-think,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1750-309733b2329b1a831e5f4ba1b62b19a8.yaml b/nuclei-templates/2022/CVE-2022-1750-309733b2329b1a831e5f4ba1b62b19a8.yaml
index ff11affcb7..b95d971b4b 100644
--- a/nuclei-templates/2022/CVE-2022-1750-309733b2329b1a831e5f4ba1b62b19a8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1750-309733b2329b1a831e5f4ba1b62b19a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sticky Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue mostly affects sites where unfiltered_html has been disabled for administrators and on multi-site installations where unfiltered_html is disabled for administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sticky-popup/"
     google-query: inurl:"/wp-content/plugins/sticky-popup/"
     shodan-query: 'vuln:CVE-2022-1750'
-  tags: cve,wordpress,wp-plugin,sticky-popup,medium
+  tags: cve,wordpress,wp-plugin,sticky-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1755-5b6d277a829fbd531e952b54c0a495ad.yaml b/nuclei-templates/2022/CVE-2022-1755-5b6d277a829fbd531e952b54c0a495ad.yaml
index 530568f03a..34187f5977 100644
--- a/nuclei-templates/2022/CVE-2022-1755-5b6d277a829fbd531e952b54c0a495ad.yaml
+++ b/nuclei-templates/2022/CVE-2022-1755-5b6d277a829fbd531e952b54c0a495ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SVG Support <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockip’ parameter in versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/svg-support/"
     google-query: inurl:"/wp-content/plugins/svg-support/"
     shodan-query: 'vuln:CVE-2022-1755'
-  tags: cve,wordpress,wp-plugin,svg-support,medium
+  tags: cve,wordpress,wp-plugin,svg-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1757-4b545f99e277a5b533a4828fddfdf3e6.yaml b/nuclei-templates/2022/CVE-2022-1757-4b545f99e277a5b533a4828fddfdf3e6.yaml
index 1346135218..d5e3dd4fb7 100644
--- a/nuclei-templates/2022/CVE-2022-1757-4b545f99e277a5b533a4828fddfdf3e6.yaml
+++ b/nuclei-templates/2022/CVE-2022-1757-4b545f99e277a5b533a4828fddfdf3e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     pagebar <= 2.65 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The pagebar WordPress plugin through 2.65 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagebar/"
     google-query: inurl:"/wp-content/plugins/pagebar/"
     shodan-query: 'vuln:CVE-2022-1757'
-  tags: cve,wordpress,wp-plugin,pagebar,high
+  tags: cve,wordpress,wp-plugin,pagebar,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1758-d4ee747485499e50fea0ef44831d0b48.yaml b/nuclei-templates/2022/CVE-2022-1758-d4ee747485499e50fea0ef44831d0b48.yaml
index 26c8819635..04a465d98c 100644
--- a/nuclei-templates/2022/CVE-2022-1758-d4ee747485499e50fea0ef44831d0b48.yaml
+++ b/nuclei-templates/2022/CVE-2022-1758-d4ee747485499e50fea0ef44831d0b48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Genki Pre-Publish Reminder <= 1.4.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/genki-pre-publish-reminder/"
     google-query: inurl:"/wp-content/plugins/genki-pre-publish-reminder/"
     shodan-query: 'vuln:CVE-2022-1758'
-  tags: cve,wordpress,wp-plugin,genki-pre-publish-reminder,high
+  tags: cve,wordpress,wp-plugin,genki-pre-publish-reminder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1759-1b62450f818e2ba095ee733915545ce8.yaml b/nuclei-templates/2022/CVE-2022-1759-1b62450f818e2ba095ee733915545ce8.yaml
index e1c48bf63e..e18bf1b1a0 100644
--- a/nuclei-templates/2022/CVE-2022-1759-1b62450f818e2ba095ee733915545ce8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1759-1b62450f818e2ba095ee733915545ce8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RB Internal Links <= 2.0.16 - Cross-Site Request Forgery to Settings update and Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rb-internal-links/"
     google-query: inurl:"/wp-content/plugins/rb-internal-links/"
     shodan-query: 'vuln:CVE-2022-1759'
-  tags: cve,wordpress,wp-plugin,rb-internal-links,critical
+  tags: cve,wordpress,wp-plugin,rb-internal-links,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1760-eeca82a89fbac0124d669de2f8301089.yaml b/nuclei-templates/2022/CVE-2022-1760-eeca82a89fbac0124d669de2f8301089.yaml
index 32249182fc..8d8426cfac 100644
--- a/nuclei-templates/2022/CVE-2022-1760-eeca82a89fbac0124d669de2f8301089.yaml
+++ b/nuclei-templates/2022/CVE-2022-1760-eeca82a89fbac0124d669de2f8301089.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Core Control <= 1.2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Core Control plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to update the plugin's settings granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/core-control/"
     google-query: inurl:"/wp-content/plugins/core-control/"
     shodan-query: 'vuln:CVE-2022-1760'
-  tags: cve,wordpress,wp-plugin,core-control,high
+  tags: cve,wordpress,wp-plugin,core-control,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1761-cf9cb4b184f662090fa6c012e4b5ad99.yaml b/nuclei-templates/2022/CVE-2022-1761-cf9cb4b184f662090fa6c012e4b5ad99.yaml
index b5d6f372d8..f0a2a35558 100644
--- a/nuclei-templates/2022/CVE-2022-1761-cf9cb4b184f662090fa6c012e4b5ad99.yaml
+++ b/nuclei-templates/2022/CVE-2022-1761-cf9cb4b184f662090fa6c012e4b5ad99.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Peter’s Collaboration E-mails <= 2.2.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/peters-collaboration-e-mails/"
     google-query: inurl:"/wp-content/plugins/peters-collaboration-e-mails/"
     shodan-query: 'vuln:CVE-2022-1761'
-  tags: cve,wordpress,wp-plugin,peters-collaboration-e-mails,high
+  tags: cve,wordpress,wp-plugin,peters-collaboration-e-mails,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1763-e67b32cb7aae592e15f89a10718ce09e.yaml b/nuclei-templates/2022/CVE-2022-1763-e67b32cb7aae592e15f89a10718ce09e.yaml
index 1d418c2402..b355962242 100644
--- a/nuclei-templates/2022/CVE-2022-1763-e67b32cb7aae592e15f89a10718ce09e.yaml
+++ b/nuclei-templates/2022/CVE-2022-1763-e67b32cb7aae592e15f89a10718ce09e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Static Page eXtended <= 2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jp-staticpagex/"
     google-query: inurl:"/wp-content/plugins/jp-staticpagex/"
     shodan-query: 'vuln:CVE-2022-1763'
-  tags: cve,wordpress,wp-plugin,jp-staticpagex,high
+  tags: cve,wordpress,wp-plugin,jp-staticpagex,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1764-13481b1ed77fd504fee89b917516fad5.yaml b/nuclei-templates/2022/CVE-2022-1764-13481b1ed77fd504fee89b917516fad5.yaml
index 6c53b3816f..6db6e8ac95 100644
--- a/nuclei-templates/2022/CVE-2022-1764-13481b1ed77fd504fee89b917516fad5.yaml
+++ b/nuclei-templates/2022/CVE-2022-1764-13481b1ed77fd504fee89b917516fad5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-chgFontSize <= 1.8 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-chgfontsize/"
     google-query: inurl:"/wp-content/plugins/wp-chgfontsize/"
     shodan-query: 'vuln:CVE-2022-1764'
-  tags: cve,wordpress,wp-plugin,wp-chgfontsize,critical
+  tags: cve,wordpress,wp-plugin,wp-chgfontsize,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1765-c27aea985311d8d430509d848af8ed00.yaml b/nuclei-templates/2022/CVE-2022-1765-c27aea985311d8d430509d848af8ed00.yaml
index a6c51b6312..20479c0c34 100644
--- a/nuclei-templates/2022/CVE-2022-1765-c27aea985311d8d430509d848af8ed00.yaml
+++ b/nuclei-templates/2022/CVE-2022-1765-c27aea985311d8d430509d848af8ed00.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hot Linked Image Cacher <= 1.16 - Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hot-linked-image-cacher/"
     google-query: inurl:"/wp-content/plugins/hot-linked-image-cacher/"
     shodan-query: 'vuln:CVE-2022-1765'
-  tags: cve,wordpress,wp-plugin,hot-linked-image-cacher,critical
+  tags: cve,wordpress,wp-plugin,hot-linked-image-cacher,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1772-4ebbec62da7dd4744569d093e5a7ca36.yaml b/nuclei-templates/2022/CVE-2022-1772-4ebbec62da7dd4744569d093e5a7ca36.yaml
index 6e4d261add..1c40ed2bbd 100644
--- a/nuclei-templates/2022/CVE-2022-1772-4ebbec62da7dd4744569d093e5a7ca36.yaml
+++ b/nuclei-templates/2022/CVE-2022-1772-4ebbec62da7dd4744569d093e5a7ca36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Places Reviews < 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2022-1772/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2022-1772/"
     shodan-query: 'vuln:CVE-2022-1772'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2022-1772,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2022-1772,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1776-889f2c95b741c5e0897bda79fd4658fe.yaml b/nuclei-templates/2022/CVE-2022-1776-889f2c95b741c5e0897bda79fd4658fe.yaml
index da0a04b306..ad334bf379 100644
--- a/nuclei-templates/2022/CVE-2022-1776-889f2c95b741c5e0897bda79fd4658fe.yaml
+++ b/nuclei-templates/2022/CVE-2022-1776-889f2c95b741c5e0897bda79fd4658fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram Engage <= 2.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icegram/"
     google-query: inurl:"/wp-content/plugins/icegram/"
     shodan-query: 'vuln:CVE-2022-1776'
-  tags: cve,wordpress,wp-plugin,icegram,medium
+  tags: cve,wordpress,wp-plugin,icegram,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1777-e71ba64e3ce13e58bab0fc3eb80546e8.yaml b/nuclei-templates/2022/CVE-2022-1777-e71ba64e3ce13e58bab0fc3eb80546e8.yaml
index 6aef734b1f..5dfe84952c 100644
--- a/nuclei-templates/2022/CVE-2022-1777-e71ba64e3ce13e58bab0fc3eb80546e8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1777-e71ba64e3ce13e58bab0fc3eb80546e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Filr – Secure document library <= 1.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filr-protection/"
     google-query: inurl:"/wp-content/plugins/filr-protection/"
     shodan-query: 'vuln:CVE-2022-1777'
-  tags: cve,wordpress,wp-plugin,filr-protection,medium
+  tags: cve,wordpress,wp-plugin,filr-protection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1779-558370c6db6c7d4d1eb32adfed3a020b.yaml b/nuclei-templates/2022/CVE-2022-1779-558370c6db6c7d4d1eb32adfed3a020b.yaml
index d1a55696df..614f293601 100644
--- a/nuclei-templates/2022/CVE-2022-1779-558370c6db6c7d4d1eb32adfed3a020b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1779-558370c6db6c7d4d1eb32adfed3a020b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Delete Posts <= 1.3.0 - Cross-Site Request Forgery to Arbitrary Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-delete-posts/"
     google-query: inurl:"/wp-content/plugins/auto-delete-posts/"
     shodan-query: 'vuln:CVE-2022-1779'
-  tags: cve,wordpress,wp-plugin,auto-delete-posts,high
+  tags: cve,wordpress,wp-plugin,auto-delete-posts,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1780-53e03067c5c0bd571562823dadf2dc1b.yaml b/nuclei-templates/2022/CVE-2022-1780-53e03067c5c0bd571562823dadf2dc1b.yaml
index 0020815d16..5bdaffa3fa 100644
--- a/nuclei-templates/2022/CVE-2022-1780-53e03067c5c0bd571562823dadf2dc1b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1780-53e03067c5c0bd571562823dadf2dc1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LaTeX <= 3.4.10 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/latex/"
     google-query: inurl:"/wp-content/plugins/latex/"
     shodan-query: 'vuln:CVE-2022-1780'
-  tags: cve,wordpress,wp-plugin,latex,critical
+  tags: cve,wordpress,wp-plugin,latex,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1781-03debccd2847f0f3861af391ac774ecf.yaml b/nuclei-templates/2022/CVE-2022-1781-03debccd2847f0f3861af391ac774ecf.yaml
index d014555933..7ed43c7bee 100644
--- a/nuclei-templates/2022/CVE-2022-1781-03debccd2847f0f3861af391ac774ecf.yaml
+++ b/nuclei-templates/2022/CVE-2022-1781-03debccd2847f0f3861af391ac774ecf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     postTabs <= 2.10.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/posttabs/"
     google-query: inurl:"/wp-content/plugins/posttabs/"
     shodan-query: 'vuln:CVE-2022-1781'
-  tags: cve,wordpress,wp-plugin,posttabs,critical
+  tags: cve,wordpress,wp-plugin,posttabs,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1787-85bcd61b96548b75a4bebce0af8ade18.yaml b/nuclei-templates/2022/CVE-2022-1787-85bcd61b96548b75a4bebce0af8ade18.yaml
index 7755900dec..ef2cb7e742 100644
--- a/nuclei-templates/2022/CVE-2022-1787-85bcd61b96548b75a4bebce0af8ade18.yaml
+++ b/nuclei-templates/2022/CVE-2022-1787-85bcd61b96548b75a4bebce0af8ade18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sideblog WordPress Plugin <= 6.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sideblog/"
     google-query: inurl:"/wp-content/plugins/sideblog/"
     shodan-query: 'vuln:CVE-2022-1787'
-  tags: cve,wordpress,wp-plugin,sideblog,critical
+  tags: cve,wordpress,wp-plugin,sideblog,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1788-b3c283ecfc25af9f10f9c937f229f24c.yaml b/nuclei-templates/2022/CVE-2022-1788-b3c283ecfc25af9f10f9c937f229f24c.yaml
index f0489ab4e1..0fd771872b 100644
--- a/nuclei-templates/2022/CVE-2022-1788-b3c283ecfc25af9f10f9c937f229f24c.yaml
+++ b/nuclei-templates/2022/CVE-2022-1788-b3c283ecfc25af9f10f9c937f229f24c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Change Uploaded File Permissions <= 4.0.0 - Cross-Site Request Forgery to Options Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/change-uploaded-file-permissions/"
     google-query: inurl:"/wp-content/plugins/change-uploaded-file-permissions/"
     shodan-query: 'vuln:CVE-2022-1788'
-  tags: cve,wordpress,wp-plugin,change-uploaded-file-permissions,high
+  tags: cve,wordpress,wp-plugin,change-uploaded-file-permissions,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1790-2d0401b900eef6498675d312d5732e7a.yaml b/nuclei-templates/2022/CVE-2022-1790-2d0401b900eef6498675d312d5732e7a.yaml
index 48d09aaaab..8e6703e54f 100644
--- a/nuclei-templates/2022/CVE-2022-1790-2d0401b900eef6498675d312d5732e7a.yaml
+++ b/nuclei-templates/2022/CVE-2022-1790-2d0401b900eef6498675d312d5732e7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     New User Email Set Up <= 0.5.2 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/new-user-email-set-up/"
     google-query: inurl:"/wp-content/plugins/new-user-email-set-up/"
     shodan-query: 'vuln:CVE-2022-1790'
-  tags: cve,wordpress,wp-plugin,new-user-email-set-up,high
+  tags: cve,wordpress,wp-plugin,new-user-email-set-up,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1791-a27299fafee4147eee6143e446c0d4ac.yaml b/nuclei-templates/2022/CVE-2022-1791-a27299fafee4147eee6143e446c0d4ac.yaml
index e2b622844f..3a17753ad1 100644
--- a/nuclei-templates/2022/CVE-2022-1791-a27299fafee4147eee6143e446c0d4ac.yaml
+++ b/nuclei-templates/2022/CVE-2022-1791-a27299fafee4147eee6143e446c0d4ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     One Click Plugin Updater <= 2.4.14 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/one-click-plugin-updater/"
     google-query: inurl:"/wp-content/plugins/one-click-plugin-updater/"
     shodan-query: 'vuln:CVE-2022-1791'
-  tags: cve,wordpress,wp-plugin,one-click-plugin-updater,critical
+  tags: cve,wordpress,wp-plugin,one-click-plugin-updater,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1792-acd84f5e4cde82a402d1c05f1e4adf06.yaml b/nuclei-templates/2022/CVE-2022-1792-acd84f5e4cde82a402d1c05f1e4adf06.yaml
index 236ff0bcb2..88f9f054b4 100644
--- a/nuclei-templates/2022/CVE-2022-1792-acd84f5e4cde82a402d1c05f1e4adf06.yaml
+++ b/nuclei-templates/2022/CVE-2022-1792-acd84f5e4cde82a402d1c05f1e4adf06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Subscribe <= 1.7.1 - Cross-Site Request Forgery to Arbitrary Settings Update and Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-subscribe/"
     google-query: inurl:"/wp-content/plugins/quick-subscribe/"
     shodan-query: 'vuln:CVE-2022-1792'
-  tags: cve,wordpress,wp-plugin,quick-subscribe,high
+  tags: cve,wordpress,wp-plugin,quick-subscribe,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1793-dfb92d2f2c245aee84f9cb4e282df3aa.yaml b/nuclei-templates/2022/CVE-2022-1793-dfb92d2f2c245aee84f9cb4e282df3aa.yaml
index 10a31f9417..a1344d799a 100644
--- a/nuclei-templates/2022/CVE-2022-1793-dfb92d2f2c245aee84f9cb4e282df3aa.yaml
+++ b/nuclei-templates/2022/CVE-2022-1793-dfb92d2f2c245aee84f9cb4e282df3aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Private Files <= 0.40 - Cross-Site Request Forgery to Disable Protection
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/private-files/"
     google-query: inurl:"/wp-content/plugins/private-files/"
     shodan-query: 'vuln:CVE-2022-1793'
-  tags: cve,wordpress,wp-plugin,private-files,high
+  tags: cve,wordpress,wp-plugin,private-files,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1800-c1088d4a7272923461f43cf76023c143.yaml b/nuclei-templates/2022/CVE-2022-1800-c1088d4a7272923461f43cf76023c143.yaml
index c6e0e1d6ce..d75ed2b225 100644
--- a/nuclei-templates/2022/CVE-2022-1800-c1088d4a7272923461f43cf76023c143.yaml
+++ b/nuclei-templates/2022/CVE-2022-1800-c1088d4a7272923461f43cf76023c143.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export any WordPress data to XML/CSV <= 1.3.4 - Authenticated SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-export/"
     google-query: inurl:"/wp-content/plugins/wp-all-export/"
     shodan-query: 'vuln:CVE-2022-1800'
-  tags: cve,wordpress,wp-plugin,wp-all-export,critical
+  tags: cve,wordpress,wp-plugin,wp-all-export,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1814-04d32a3642a2c96352c83010608db77d.yaml b/nuclei-templates/2022/CVE-2022-1814-04d32a3642a2c96352c83010608db77d.yaml
index 9a3c6c857b..2b6c12e6ea 100644
--- a/nuclei-templates/2022/CVE-2022-1814-04d32a3642a2c96352c83010608db77d.yaml
+++ b/nuclei-templates/2022/CVE-2022-1814-04d32a3642a2c96352c83010608db77d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Admin Style <= 0.1.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-admin-style/"
     google-query: inurl:"/wp-content/plugins/wp-admin-style/"
     shodan-query: 'vuln:CVE-2022-1814'
-  tags: cve,wordpress,wp-plugin,wp-admin-style,medium
+  tags: cve,wordpress,wp-plugin,wp-admin-style,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1818-d6476ba9d1f9af74d842dc5c3e1d7008.yaml b/nuclei-templates/2022/CVE-2022-1818-d6476ba9d1f9af74d842dc5c3e1d7008.yaml
index 46d6c21aba..6f001f7a98 100644
--- a/nuclei-templates/2022/CVE-2022-1818-d6476ba9d1f9af74d842dc5c3e1d7008.yaml
+++ b/nuclei-templates/2022/CVE-2022-1818-d6476ba9d1f9af74d842dc5c3e1d7008.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multi-page Toolkit <= 2.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multi-page-toolkit/"
     google-query: inurl:"/wp-content/plugins/multi-page-toolkit/"
     shodan-query: 'vuln:CVE-2022-1818'
-  tags: cve,wordpress,wp-plugin,multi-page-toolkit,high
+  tags: cve,wordpress,wp-plugin,multi-page-toolkit,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1826-6efe820f12fb9f3137c56cee070730c7.yaml b/nuclei-templates/2022/CVE-2022-1826-6efe820f12fb9f3137c56cee070730c7.yaml
index c3c904914b..d1d31b6f05 100644
--- a/nuclei-templates/2022/CVE-2022-1826-6efe820f12fb9f3137c56cee070730c7.yaml
+++ b/nuclei-templates/2022/CVE-2022-1826-6efe820f12fb9f3137c56cee070730c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cross-Linker <= 3.0.1.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cross-linker/"
     google-query: inurl:"/wp-content/plugins/cross-linker/"
     shodan-query: 'vuln:CVE-2022-1826'
-  tags: cve,wordpress,wp-plugin,cross-linker,high
+  tags: cve,wordpress,wp-plugin,cross-linker,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1827-1f8d84e6699c9f64cbbc8919147cefef.yaml b/nuclei-templates/2022/CVE-2022-1827-1f8d84e6699c9f64cbbc8919147cefef.yaml
index d99805c4cd..1589dd1c90 100644
--- a/nuclei-templates/2022/CVE-2022-1827-1f8d84e6699c9f64cbbc8919147cefef.yaml
+++ b/nuclei-templates/2022/CVE-2022-1827-1f8d84e6699c9f64cbbc8919147cefef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF24 Article To PDF <= 4.2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf24-post-to-pdf/"
     google-query: inurl:"/wp-content/plugins/pdf24-post-to-pdf/"
     shodan-query: 'vuln:CVE-2022-1827'
-  tags: cve,wordpress,wp-plugin,pdf24-post-to-pdf,high
+  tags: cve,wordpress,wp-plugin,pdf24-post-to-pdf,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1828-4eea95bcbc22121deeeb133b73467001.yaml b/nuclei-templates/2022/CVE-2022-1828-4eea95bcbc22121deeeb133b73467001.yaml
index effcc1cabb..bdfe949903 100644
--- a/nuclei-templates/2022/CVE-2022-1828-4eea95bcbc22121deeeb133b73467001.yaml
+++ b/nuclei-templates/2022/CVE-2022-1828-4eea95bcbc22121deeeb133b73467001.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF24 Articles To PDF <= 4.2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf24-posts-to-pdf/"
     google-query: inurl:"/wp-content/plugins/pdf24-posts-to-pdf/"
     shodan-query: 'vuln:CVE-2022-1828'
-  tags: cve,wordpress,wp-plugin,pdf24-posts-to-pdf,high
+  tags: cve,wordpress,wp-plugin,pdf24-posts-to-pdf,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1829-bad18eab263a0541b49dc3dae830d379.yaml b/nuclei-templates/2022/CVE-2022-1829-bad18eab263a0541b49dc3dae830d379.yaml
index 83b07932cb..ca55618629 100644
--- a/nuclei-templates/2022/CVE-2022-1829-bad18eab263a0541b49dc3dae830d379.yaml
+++ b/nuclei-templates/2022/CVE-2022-1829-bad18eab263a0541b49dc3dae830d379.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inline Google Maps <= 5.11 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-maps-advanced/"
     google-query: inurl:"/wp-content/plugins/google-maps-advanced/"
     shodan-query: 'vuln:CVE-2022-1829'
-  tags: cve,wordpress,wp-plugin,google-maps-advanced,high
+  tags: cve,wordpress,wp-plugin,google-maps-advanced,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1830-179da13f00bd0c1a7dc169b4d93d8c60.yaml b/nuclei-templates/2022/CVE-2022-1830-179da13f00bd0c1a7dc169b4d93d8c60.yaml
index f2a7dc27c3..fe6c304340 100644
--- a/nuclei-templates/2022/CVE-2022-1830-179da13f00bd0c1a7dc169b4d93d8c60.yaml
+++ b/nuclei-templates/2022/CVE-2022-1830-179da13f00bd0c1a7dc169b4d93d8c60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Amazon Einzeltitellinks <= 1.3.3 - Cross-Site Request Forgery to Arbitrary Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amazon-einzeltitellinks/"
     google-query: inurl:"/wp-content/plugins/amazon-einzeltitellinks/"
     shodan-query: 'vuln:CVE-2022-1830'
-  tags: cve,wordpress,wp-plugin,amazon-einzeltitellinks,high
+  tags: cve,wordpress,wp-plugin,amazon-einzeltitellinks,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1831-3910ec4d645c60375887481edfe719b7.yaml b/nuclei-templates/2022/CVE-2022-1831-3910ec4d645c60375887481edfe719b7.yaml
index a9bf111ae3..ebf6330645 100644
--- a/nuclei-templates/2022/CVE-2022-1831-3910ec4d645c60375887481edfe719b7.yaml
+++ b/nuclei-templates/2022/CVE-2022-1831-3910ec4d645c60375887481edfe719b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPlite <= 1.3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wplite/"
     google-query: inurl:"/wp-content/plugins/wplite/"
     shodan-query: 'vuln:CVE-2022-1831'
-  tags: cve,wordpress,wp-plugin,wplite,high
+  tags: cve,wordpress,wp-plugin,wplite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1842-fc3bbad32864e7b45f7b03bfa40e7ab6.yaml b/nuclei-templates/2022/CVE-2022-1842-fc3bbad32864e7b45f7b03bfa40e7ab6.yaml
index 82baca8bac..a6c4b5da62 100644
--- a/nuclei-templates/2022/CVE-2022-1842-fc3bbad32864e7b45f7b03bfa40e7ab6.yaml
+++ b/nuclei-templates/2022/CVE-2022-1842-fc3bbad32864e7b45f7b03bfa40e7ab6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OpenBook Book Data <= 3.5.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/openbook-book-data/"
     google-query: inurl:"/wp-content/plugins/openbook-book-data/"
     shodan-query: 'vuln:CVE-2022-1842'
-  tags: cve,wordpress,wp-plugin,openbook-book-data,critical
+  tags: cve,wordpress,wp-plugin,openbook-book-data,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1844-d34327d1e992d219d0a1381df1c090fa.yaml b/nuclei-templates/2022/CVE-2022-1844-d34327d1e992d219d0a1381df1c090fa.yaml
index f4cdee2a63..f0a067ec5e 100644
--- a/nuclei-templates/2022/CVE-2022-1844-d34327d1e992d219d0a1381df1c090fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-1844-d34327d1e992d219d0a1381df1c090fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Sentry <= 1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-sentry/"
     google-query: inurl:"/wp-content/plugins/wp-sentry/"
     shodan-query: 'vuln:CVE-2022-1844'
-  tags: cve,wordpress,wp-plugin,wp-sentry,high
+  tags: cve,wordpress,wp-plugin,wp-sentry,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1846-daddd512be0305b66a7c59d444cececf.yaml b/nuclei-templates/2022/CVE-2022-1846-daddd512be0305b66a7c59d444cececf.yaml
index a1feaff5b7..0d21a2e8e8 100644
--- a/nuclei-templates/2022/CVE-2022-1846-daddd512be0305b66a7c59d444cececf.yaml
+++ b/nuclei-templates/2022/CVE-2022-1846-daddd512be0305b66a7c59d444cececf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tiny Contact Form <= 0.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tiny-contact-form/"
     google-query: inurl:"/wp-content/plugins/tiny-contact-form/"
     shodan-query: 'vuln:CVE-2022-1846'
-  tags: cve,wordpress,wp-plugin,tiny-contact-form,high
+  tags: cve,wordpress,wp-plugin,tiny-contact-form,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1847-f7a5929579e2eeff4b02eaa7e1b6a770.yaml b/nuclei-templates/2022/CVE-2022-1847-f7a5929579e2eeff4b02eaa7e1b6a770.yaml
index 0c469a3b52..80dbcbd47b 100644
--- a/nuclei-templates/2022/CVE-2022-1847-f7a5929579e2eeff4b02eaa7e1b6a770.yaml
+++ b/nuclei-templates/2022/CVE-2022-1847-f7a5929579e2eeff4b02eaa7e1b6a770.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rotating Posts <= 1.11 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rotating-posts/"
     google-query: inurl:"/wp-content/plugins/rotating-posts/"
     shodan-query: 'vuln:CVE-2022-1847'
-  tags: cve,wordpress,wp-plugin,rotating-posts,high
+  tags: cve,wordpress,wp-plugin,rotating-posts,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1885-b77d972bfa12e86d544c2057da2d9c61.yaml b/nuclei-templates/2022/CVE-2022-1885-b77d972bfa12e86d544c2057da2d9c61.yaml
index c2c46ef660..9e465d4416 100644
--- a/nuclei-templates/2022/CVE-2022-1885-b77d972bfa12e86d544c2057da2d9c61.yaml
+++ b/nuclei-templates/2022/CVE-2022-1885-b77d972bfa12e86d544c2057da2d9c61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cimy Header Image Rotator <= 6.1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cimy-header-image-rotator/"
     google-query: inurl:"/wp-content/plugins/cimy-header-image-rotator/"
     shodan-query: 'vuln:CVE-2022-1885'
-  tags: cve,wordpress,wp-plugin,cimy-header-image-rotator,high
+  tags: cve,wordpress,wp-plugin,cimy-header-image-rotator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1889-981beced4302bc1ed44f59f5bbd895e2.yaml b/nuclei-templates/2022/CVE-2022-1889-981beced4302bc1ed44f59f5bbd895e2.yaml
index 5e1da67b75..5563166d2e 100644
--- a/nuclei-templates/2022/CVE-2022-1889-981beced4302bc1ed44f59f5bbd895e2.yaml
+++ b/nuclei-templates/2022/CVE-2022-1889-981beced4302bc1ed44f59f5bbd895e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter <= 7.4.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the preheader_text value in versions up to, and including, 7.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletter/"
     google-query: inurl:"/wp-content/plugins/newsletter/"
     shodan-query: 'vuln:CVE-2022-1889'
-  tags: cve,wordpress,wp-plugin,newsletter,medium
+  tags: cve,wordpress,wp-plugin,newsletter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1894-b5996763218808f5db38a6126c890df9.yaml b/nuclei-templates/2022/CVE-2022-1894-b5996763218808f5db38a6126c890df9.yaml
index beb0b87ed1..643b2fc8e4 100644
--- a/nuclei-templates/2022/CVE-2022-1894-b5996763218808f5db38a6126c890df9.yaml
+++ b/nuclei-templates/2022/CVE-2022-1894-b5996763218808f5db38a6126c890df9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder <= 4.1.10 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-builder/"
     google-query: inurl:"/wp-content/plugins/popup-builder/"
     shodan-query: 'vuln:CVE-2022-1894'
-  tags: cve,wordpress,wp-plugin,popup-builder,medium
+  tags: cve,wordpress,wp-plugin,popup-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1895-49a29c208dcdf8c767e242ee9b07c664.yaml b/nuclei-templates/2022/CVE-2022-1895-49a29c208dcdf8c767e242ee9b07c664.yaml
index 329d6c3e84..54210b8659 100644
--- a/nuclei-templates/2022/CVE-2022-1895-49a29c208dcdf8c767e242ee9b07c664.yaml
+++ b/nuclei-templates/2022/CVE-2022-1895-49a29c208dcdf8c767e242ee9b07c664.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     underConstruction <= 1.19 - Cross-Site Request Forgery to Construction Mode Disabled
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/underconstruction/"
     google-query: inurl:"/wp-content/plugins/underconstruction/"
     shodan-query: 'vuln:CVE-2022-1895'
-  tags: cve,wordpress,wp-plugin,underconstruction,high
+  tags: cve,wordpress,wp-plugin,underconstruction,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1896-52197fd3d372d9ca3330b7fb6abe6c1e.yaml b/nuclei-templates/2022/CVE-2022-1896-52197fd3d372d9ca3330b7fb6abe6c1e.yaml
index 28be971c05..3c99e8d2c6 100644
--- a/nuclei-templates/2022/CVE-2022-1896-52197fd3d372d9ca3330b7fb6abe6c1e.yaml
+++ b/nuclei-templates/2022/CVE-2022-1896-52197fd3d372d9ca3330b7fb6abe6c1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     underConstruction <= 1.20 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/underconstruction/"
     google-query: inurl:"/wp-content/plugins/underconstruction/"
     shodan-query: 'vuln:CVE-2022-1896'
-  tags: cve,wordpress,wp-plugin,underconstruction,medium
+  tags: cve,wordpress,wp-plugin,underconstruction,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1900-d08d0840632760096f6b8acd75a58e66.yaml b/nuclei-templates/2022/CVE-2022-1900-d08d0840632760096f6b8acd75a58e66.yaml
index d06f34d2bf..705a4504df 100644
--- a/nuclei-templates/2022/CVE-2022-1900-d08d0840632760096f6b8acd75a58e66.yaml
+++ b/nuclei-templates/2022/CVE-2022-1900-d08d0840632760096f6b8acd75a58e66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/copify/"
     google-query: inurl:"/wp-content/plugins/copify/"
     shodan-query: 'vuln:CVE-2022-1900'
-  tags: cve,wordpress,wp-plugin,copify,high
+  tags: cve,wordpress,wp-plugin,copify,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1912-681d5f2f15a561b04bf2e029cc02c5b4.yaml b/nuclei-templates/2022/CVE-2022-1912-681d5f2f15a561b04bf2e029cc02c5b4.yaml
index 4d2e80791a..f95feefc6c 100644
--- a/nuclei-templates/2022/CVE-2022-1912-681d5f2f15a561b04bf2e029cc02c5b4.yaml
+++ b/nuclei-templates/2022/CVE-2022-1912-681d5f2f15a561b04bf2e029cc02c5b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smartsoftbutton-widget-de-botones-de-chat/"
     google-query: inurl:"/wp-content/plugins/smartsoftbutton-widget-de-botones-de-chat/"
     shodan-query: 'vuln:CVE-2022-1912'
-  tags: cve,wordpress,wp-plugin,smartsoftbutton-widget-de-botones-de-chat,high
+  tags: cve,wordpress,wp-plugin,smartsoftbutton-widget-de-botones-de-chat,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1913-544ee7aee750c4df26fe7f3c5d3e9353.yaml b/nuclei-templates/2022/CVE-2022-1913-544ee7aee750c4df26fe7f3c5d3e9353.yaml
index 1eaddfa652..bba9059f56 100644
--- a/nuclei-templates/2022/CVE-2022-1913-544ee7aee750c4df26fe7f3c5d3e9353.yaml
+++ b/nuclei-templates/2022/CVE-2022-1913-544ee7aee750c4df26fe7f3c5d3e9353.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Post URL <= 2.1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-posturl/"
     google-query: inurl:"/wp-content/plugins/wp-posturl/"
     shodan-query: 'vuln:CVE-2022-1913'
-  tags: cve,wordpress,wp-plugin,wp-posturl,critical
+  tags: cve,wordpress,wp-plugin,wp-posturl,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1914-800e55dd995f58ca489269cf15bde8aa.yaml b/nuclei-templates/2022/CVE-2022-1914-800e55dd995f58ca489269cf15bde8aa.yaml
index f85b089173..fa37bcbf94 100644
--- a/nuclei-templates/2022/CVE-2022-1914-800e55dd995f58ca489269cf15bde8aa.yaml
+++ b/nuclei-templates/2022/CVE-2022-1914-800e55dd995f58ca489269cf15bde8aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clean-Contact <= 1.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The plugin Clean-Contact is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the clean_contact_conf_page function. This makes it possible for unauthenticated attackers to inject malicious JavaScript, that will execute whenever a user accesses the /back-ups page, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clean-contact/"
     google-query: inurl:"/wp-content/plugins/clean-contact/"
     shodan-query: 'vuln:CVE-2022-1914'
-  tags: cve,wordpress,wp-plugin,clean-contact,high
+  tags: cve,wordpress,wp-plugin,clean-contact,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1915-fd55f9f1199bb3c6e4b47c897716c4d9.yaml b/nuclei-templates/2022/CVE-2022-1915-fd55f9f1199bb3c6e4b47c897716c4d9.yaml
index 5a4c29a92e..c3448efa0f 100644
--- a/nuclei-templates/2022/CVE-2022-1915-fd55f9f1199bb3c6e4b47c897716c4d9.yaml
+++ b/nuclei-templates/2022/CVE-2022-1915-fd55f9f1199bb3c6e4b47c897716c4d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Zillow Review Slider <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-zillow-review-slider/"
     google-query: inurl:"/wp-content/plugins/wp-zillow-review-slider/"
     shodan-query: 'vuln:CVE-2022-1915'
-  tags: cve,wordpress,wp-plugin,wp-zillow-review-slider,medium
+  tags: cve,wordpress,wp-plugin,wp-zillow-review-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1918-4c6e2168599e221f42c1bf26fb04cbf7.yaml b/nuclei-templates/2022/CVE-2022-1918-4c6e2168599e221f42c1bf26fb04cbf7.yaml
index 1bf14567d7..f8648298e7 100644
--- a/nuclei-templates/2022/CVE-2022-1918-4c6e2168599e221f42c1bf26fb04cbf7.yaml
+++ b/nuclei-templates/2022/CVE-2022-1918-4c6e2168599e221f42c1bf26fb04cbf7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ToolBar to Share <= 2.0 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/toolbar-to-share/"
     google-query: inurl:"/wp-content/plugins/toolbar-to-share/"
     shodan-query: 'vuln:CVE-2022-1918'
-  tags: cve,wordpress,wp-plugin,toolbar-to-share,high
+  tags: cve,wordpress,wp-plugin,toolbar-to-share,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1933-ac850d5730363d3bbd84ae6609135f15.yaml b/nuclei-templates/2022/CVE-2022-1933-ac850d5730363d3bbd84ae6609135f15.yaml
index 38f51640f7..8d44d69ef0 100644
--- a/nuclei-templates/2022/CVE-2022-1933-ac850d5730363d3bbd84ae6609135f15.yaml
+++ b/nuclei-templates/2022/CVE-2022-1933-ac850d5730363d3bbd84ae6609135f15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CDI – Collect and Deliver Interface for Woocommerce <= 5.1.9 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     CDI – Collect and Deliver Interface for Woocommerce plugin for WordPress is vulnerable to Cross-Site Scripting via multiple parameters in version up to, and including, 5.1.9. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/collect-and-deliver-interface-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/collect-and-deliver-interface-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-1933'
-  tags: cve,wordpress,wp-plugin,collect-and-deliver-interface-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,collect-and-deliver-interface-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1939-f31b01af0e36d70ece981a2da79389f8.yaml b/nuclei-templates/2022/CVE-2022-1939-f31b01af0e36d70ece981a2da79389f8.yaml
index 1c57ec1681..3cbab44ec7 100644
--- a/nuclei-templates/2022/CVE-2022-1939-f31b01af0e36d70ece981a2da79389f8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1939-f31b01af0e36d70ece981a2da79389f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Allow SVG Files <= 1.0 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/asf-allow-svg-files/"
     google-query: inurl:"/wp-content/plugins/asf-allow-svg-files/"
     shodan-query: 'vuln:CVE-2022-1939'
-  tags: cve,wordpress,wp-plugin,asf-allow-svg-files,high
+  tags: cve,wordpress,wp-plugin,asf-allow-svg-files,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1945-699697d906ce98da7e0a75001998e24b.yaml b/nuclei-templates/2022/CVE-2022-1945-699697d906ce98da7e0a75001998e24b.yaml
index ae6ecbe386..01ce168350 100644
--- a/nuclei-templates/2022/CVE-2022-1945-699697d906ce98da7e0a75001998e24b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1945-699697d906ce98da7e0a75001998e24b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon & Maintenance Mode by Colorlib <= 1.0.98 - Administrator+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The plugin Coming Soon & Maintenance Mode by Colorlib for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘input’ parameter of the ccsm_sanitize_google_analytics function in versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/colorlib-coming-soon-maintenance/"
     google-query: inurl:"/wp-content/plugins/colorlib-coming-soon-maintenance/"
     shodan-query: 'vuln:CVE-2022-1945'
-  tags: cve,wordpress,wp-plugin,colorlib-coming-soon-maintenance,medium
+  tags: cve,wordpress,wp-plugin,colorlib-coming-soon-maintenance,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1952-1ab98d23b8f5715db32cf93509d555f7.yaml b/nuclei-templates/2022/CVE-2022-1952-1ab98d23b8f5715db32cf93509d555f7.yaml
index e8dd103962..6158b92ce7 100644
--- a/nuclei-templates/2022/CVE-2022-1952-1ab98d23b8f5715db32cf93509d555f7.yaml
+++ b/nuclei-templates/2022/CVE-2022-1952-1ab98d23b8f5715db32cf93509d555f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Free Booking Plugin for Hotels, Restaurant and Car Rental is vulnerable to arbitrary file uploads due to missing file type validation via the ~/easync.php file in versions up to, and including, 1.1.15. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easync-booking/"
     google-query: inurl:"/wp-content/plugins/easync-booking/"
     shodan-query: 'vuln:CVE-2022-1952'
-  tags: cve,wordpress,wp-plugin,easync-booking,high
+  tags: cve,wordpress,wp-plugin,easync-booking,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1956-7c4f098f276bb438e8b06c67cf08748e.yaml b/nuclei-templates/2022/CVE-2022-1956-7c4f098f276bb438e8b06c67cf08748e.yaml
index ca8a89fa0d..7347452757 100644
--- a/nuclei-templates/2022/CVE-2022-1956-7c4f098f276bb438e8b06c67cf08748e.yaml
+++ b/nuclei-templates/2022/CVE-2022-1956-7c4f098f276bb438e8b06c67cf08748e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcut Macros <= 1.3 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcut-macros/"
     google-query: inurl:"/wp-content/plugins/shortcut-macros/"
     shodan-query: 'vuln:CVE-2022-1956'
-  tags: cve,wordpress,wp-plugin,shortcut-macros,medium
+  tags: cve,wordpress,wp-plugin,shortcut-macros,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1957-1af6a7823a6a8a142bc89c08631d8f4b.yaml b/nuclei-templates/2022/CVE-2022-1957-1af6a7823a6a8a142bc89c08631d8f4b.yaml
index d37e7af294..06ffc86ed4 100644
--- a/nuclei-templates/2022/CVE-2022-1957-1af6a7823a6a8a142bc89c08631d8f4b.yaml
+++ b/nuclei-templates/2022/CVE-2022-1957-1af6a7823a6a8a142bc89c08631d8f4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comment License <= 1.3.0 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comment-license/"
     google-query: inurl:"/wp-content/plugins/comment-license/"
     shodan-query: 'vuln:CVE-2022-1957'
-  tags: cve,wordpress,wp-plugin,comment-license,high
+  tags: cve,wordpress,wp-plugin,comment-license,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1960-51cc7451392ec09a8c7688f9ed5f409c.yaml b/nuclei-templates/2022/CVE-2022-1960-51cc7451392ec09a8c7688f9ed5f409c.yaml
index 12cb13a8bd..285b32b795 100644
--- a/nuclei-templates/2022/CVE-2022-1960-51cc7451392ec09a8c7688f9ed5f409c.yaml
+++ b/nuclei-templates/2022/CVE-2022-1960-51cc7451392ec09a8c7688f9ed5f409c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MyCSS <= 1.1 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mycss/"
     google-query: inurl:"/wp-content/plugins/mycss/"
     shodan-query: 'vuln:CVE-2022-1960'
-  tags: cve,wordpress,wp-plugin,mycss,high
+  tags: cve,wordpress,wp-plugin,mycss,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1961-7adc7eb8c094a09a98664c4579c84eb8.yaml b/nuclei-templates/2022/CVE-2022-1961-7adc7eb8c094a09a98664c4579c84eb8.yaml
index 98f3cffc46..785adc69ce 100644
--- a/nuclei-templates/2022/CVE-2022-1961-7adc7eb8c094a09a98664c4579c84eb8.yaml
+++ b/nuclei-templates/2022/CVE-2022-1961-7adc7eb8c094a09a98664c4579c84eb8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Tag Manager for WordPress (GTM4WP) <= 1.15.1 - Stored Cross-Site Scripting via Content Element ID
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duracelltomi-google-tag-manager/"
     google-query: inurl:"/wp-content/plugins/duracelltomi-google-tag-manager/"
     shodan-query: 'vuln:CVE-2022-1961'
-  tags: cve,wordpress,wp-plugin,duracelltomi-google-tag-manager,medium
+  tags: cve,wordpress,wp-plugin,duracelltomi-google-tag-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1964-73a4ba5237a6c747115a7db7e60454a1.yaml b/nuclei-templates/2022/CVE-2022-1964-73a4ba5237a6c747115a7db7e60454a1.yaml
index 26278b8091..dbc049fe05 100644
--- a/nuclei-templates/2022/CVE-2022-1964-73a4ba5237a6c747115a7db7e60454a1.yaml
+++ b/nuclei-templates/2022/CVE-2022-1964-73a4ba5237a6c747115a7db7e60454a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy SVG Support <= 3.2.0 - Cross-Site Scripting via SVG Upload
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-svg/"
     google-query: inurl:"/wp-content/plugins/easy-svg/"
     shodan-query: 'vuln:CVE-2022-1964'
-  tags: cve,wordpress,wp-plugin,easy-svg,medium
+  tags: cve,wordpress,wp-plugin,easy-svg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1967-cb362ac834e4e127112e662b8e597a11.yaml b/nuclei-templates/2022/CVE-2022-1967-cb362ac834e4e127112e662b8e597a11.yaml
index 6ec7e347d0..10042860f5 100644
--- a/nuclei-templates/2022/CVE-2022-1967-cb362ac834e4e127112e662b8e597a11.yaml
+++ b/nuclei-templates/2022/CVE-2022-1967-cb362ac834e4e127112e662b8e597a11.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wp-championship <= 9.2 - Multiple Cross-Site Request Forgery Vulnerabilities
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wp-championship plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 9.2. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform a wide range of administrative tasks via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-championship/"
     google-query: inurl:"/wp-content/plugins/wp-championship/"
     shodan-query: 'vuln:CVE-2022-1967'
-  tags: cve,wordpress,wp-plugin,wp-championship,high
+  tags: cve,wordpress,wp-plugin,wp-championship,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1969-1fd788f4344858c60db9f8c8da73d2ed.yaml b/nuclei-templates/2022/CVE-2022-1969-1fd788f4344858c60db9f8c8da73d2ed.yaml
index 7c92dfd3ea..deedbda974 100644
--- a/nuclei-templates/2022/CVE-2022-1969-1fd788f4344858c60db9f8c8da73d2ed.yaml
+++ b/nuclei-templates/2022/CVE-2022-1969-1fd788f4344858c60db9f8c8da73d2ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mobile browser color select <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mobile-browser-color-select/"
     google-query: inurl:"/wp-content/plugins/mobile-browser-color-select/"
     shodan-query: 'vuln:CVE-2022-1969'
-  tags: cve,wordpress,wp-plugin,mobile-browser-color-select,high
+  tags: cve,wordpress,wp-plugin,mobile-browser-color-select,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1971-5b2ed76d9224d230598bdf2cc0cffcbc.yaml b/nuclei-templates/2022/CVE-2022-1971-5b2ed76d9224d230598bdf2cc0cffcbc.yaml
index 6435cdbebf..c06420fbc5 100644
--- a/nuclei-templates/2022/CVE-2022-1971-5b2ed76d9224d230598bdf2cc0cffcbc.yaml
+++ b/nuclei-templates/2022/CVE-2022-1971-5b2ed76d9224d230598bdf2cc0cffcbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextCellent Gallery <= 1.9.35 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextcellent-gallery-nextgen-legacy/"
     google-query: inurl:"/wp-content/plugins/nextcellent-gallery-nextgen-legacy/"
     shodan-query: 'vuln:CVE-2022-1971'
-  tags: cve,wordpress,wp-plugin,nextcellent-gallery-nextgen-legacy,medium
+  tags: cve,wordpress,wp-plugin,nextcellent-gallery-nextgen-legacy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1990-2628ec35fd0d634f503face1acac9f3d.yaml b/nuclei-templates/2022/CVE-2022-1990-2628ec35fd0d634f503face1acac9f3d.yaml
index d986937fe5..62ab28b90c 100644
--- a/nuclei-templates/2022/CVE-2022-1990-2628ec35fd0d634f503face1acac9f3d.yaml
+++ b/nuclei-templates/2022/CVE-2022-1990-2628ec35fd0d634f503face1acac9f3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nested Pages <= 3.1.20 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-nested-pages/"
     google-query: inurl:"/wp-content/plugins/wp-nested-pages/"
     shodan-query: 'vuln:CVE-2022-1990'
-  tags: cve,wordpress,wp-plugin,wp-nested-pages,medium
+  tags: cve,wordpress,wp-plugin,wp-nested-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1994-056a681add2c2e01374393f870550b92.yaml b/nuclei-templates/2022/CVE-2022-1994-056a681add2c2e01374393f870550b92.yaml
index 4a43ef1a41..fed2b66f0f 100644
--- a/nuclei-templates/2022/CVE-2022-1994-056a681add2c2e01374393f870550b92.yaml
+++ b/nuclei-templates/2022/CVE-2022-1994-056a681add2c2e01374393f870550b92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login With OTP Over SMS, Email, WhatsApp and Google Authenticator <= 1.0.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-google-authenticator/"
     google-query: inurl:"/wp-content/plugins/miniorange-google-authenticator/"
     shodan-query: 'vuln:CVE-2022-1994'
-  tags: cve,wordpress,wp-plugin,miniorange-google-authenticator,medium
+  tags: cve,wordpress,wp-plugin,miniorange-google-authenticator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-1995-7ed5021e959e36c29209eaf63566fdb5.yaml b/nuclei-templates/2022/CVE-2022-1995-7ed5021e959e36c29209eaf63566fdb5.yaml
index 54c6bd999b..79fec4fb7a 100644
--- a/nuclei-templates/2022/CVE-2022-1995-7ed5021e959e36c29209eaf63566fdb5.yaml
+++ b/nuclei-templates/2022/CVE-2022-1995-7ed5021e959e36c29209eaf63566fdb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     miniOrange’s Malware Scanner <= 4.5.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-malware-protection/"
     google-query: inurl:"/wp-content/plugins/miniorange-malware-protection/"
     shodan-query: 'vuln:CVE-2022-1995'
-  tags: cve,wordpress,wp-plugin,miniorange-malware-protection,medium
+  tags: cve,wordpress,wp-plugin,miniorange-malware-protection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2001-34871fd2757b31ede448958147d678fa.yaml b/nuclei-templates/2022/CVE-2022-2001-34871fd2757b31ede448958147d678fa.yaml
index ea01901a06..c8b25a4b19 100644
--- a/nuclei-templates/2022/CVE-2022-2001-34871fd2757b31ede448958147d678fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-2001-34871fd2757b31ede448958147d678fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DX Share Selection <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxss_admin_page() function found in the ~/dx-share-selection.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dx-share-selection/"
     google-query: inurl:"/wp-content/plugins/dx-share-selection/"
     shodan-query: 'vuln:CVE-2022-2001'
-  tags: cve,wordpress,wp-plugin,dx-share-selection,high
+  tags: cve,wordpress,wp-plugin,dx-share-selection,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2039-86ee984a5b2cc7b4ab97dc8a4e8b06c6.yaml b/nuclei-templates/2022/CVE-2022-2039-86ee984a5b2cc7b4ab97dc8a4e8b06c6.yaml
index 24d6d9a9e8..a8854ecabc 100644
--- a/nuclei-templates/2022/CVE-2022-2039-86ee984a5b2cc7b4ab97dc8a4e8b06c6.yaml
+++ b/nuclei-templates/2022/CVE-2022-2039-86ee984a5b2cc7b4ab97dc8a4e8b06c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupporti_settings() function found in the ~/livesupporti.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/livesupporti/"
     google-query: inurl:"/wp-content/plugins/livesupporti/"
     shodan-query: 'vuln:CVE-2022-2039'
-  tags: cve,wordpress,wp-plugin,livesupporti,high
+  tags: cve,wordpress,wp-plugin,livesupporti,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2040-22707a3d55e78cedf2f7dfb41d94bfbd.yaml b/nuclei-templates/2022/CVE-2022-2040-22707a3d55e78cedf2f7dfb41d94bfbd.yaml
index f527ed049c..731f46c257 100644
--- a/nuclei-templates/2022/CVE-2022-2040-22707a3d55e78cedf2f7dfb41d94bfbd.yaml
+++ b/nuclei-templates/2022/CVE-2022-2040-22707a3d55e78cedf2f7dfb41d94bfbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element URL
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:CVE-2022-2040'
-  tags: cve,wordpress,wp-plugin,brizy,medium
+  tags: cve,wordpress,wp-plugin,brizy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2041-475d1ffae41ddc61dae5fe3b295751d5.yaml b/nuclei-templates/2022/CVE-2022-2041-475d1ffae41ddc61dae5fe3b295751d5.yaml
index d0f9f10a97..afd0484faa 100644
--- a/nuclei-templates/2022/CVE-2022-2041-475d1ffae41ddc61dae5fe3b295751d5.yaml
+++ b/nuclei-templates/2022/CVE-2022-2041-475d1ffae41ddc61dae5fe3b295751d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element Content
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:CVE-2022-2041'
-  tags: cve,wordpress,wp-plugin,brizy,medium
+  tags: cve,wordpress,wp-plugin,brizy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2046-1187996edf4177af89ef3ea40b60db53.yaml b/nuclei-templates/2022/CVE-2022-2046-1187996edf4177af89ef3ea40b60db53.yaml
index 2c83a6e6ed..22167693d9 100644
--- a/nuclei-templates/2022/CVE-2022-2046-1187996edf4177af89ef3ea40b60db53.yaml
+++ b/nuclei-templates/2022/CVE-2022-2046-1187996edf4177af89ef3ea40b60db53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Directorist <= 7.2.2 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Directorist plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the atbdp_download_file() AJAX action in versions up to, and including, 7.2.2. This makes it possible for authenticated attackers with administrative privileges to upload arbitrary files on the affected sites server which may make remote code execution possible. This only affects sites where administrator have been restricted in their uploading files capabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:CVE-2022-2046'
-  tags: cve,wordpress,wp-plugin,directorist,high
+  tags: cve,wordpress,wp-plugin,directorist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2050-2cf1a19662092e1fd3d184af328e1b57.yaml b/nuclei-templates/2022/CVE-2022-2050-2cf1a19662092e1fd3d184af328e1b57.yaml
index 04d0d36516..883dc90d82 100644
--- a/nuclei-templates/2022/CVE-2022-2050-2cf1a19662092e1fd3d184af328e1b57.yaml
+++ b/nuclei-templates/2022/CVE-2022-2050-2cf1a19662092e1fd3d184af328e1b57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Paginate <= 2.1.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-paginate/"
     google-query: inurl:"/wp-content/plugins/wp-paginate/"
     shodan-query: 'vuln:CVE-2022-2050'
-  tags: cve,wordpress,wp-plugin,wp-paginate,medium
+  tags: cve,wordpress,wp-plugin,wp-paginate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2071-6c06bc58e8c431cd39158598c7d3df3c.yaml b/nuclei-templates/2022/CVE-2022-2071-6c06bc58e8c431cd39158598c7d3df3c.yaml
index 97f1e8a81c..bf2d587ecb 100644
--- a/nuclei-templates/2022/CVE-2022-2071-6c06bc58e8c431cd39158598c7d3df3c.yaml
+++ b/nuclei-templates/2022/CVE-2022-2071-6c06bc58e8c431cd39158598c7d3df3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Name Directory <= 1.25.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Name Directory plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.25.3. This is due to missing or incorrect nonce validation when editing, deleting or naming directories. This makes it possible for unauthenticated attackers to trigger the above actions via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/name-directory/"
     google-query: inurl:"/wp-content/plugins/name-directory/"
     shodan-query: 'vuln:CVE-2022-2071'
-  tags: cve,wordpress,wp-plugin,name-directory,high
+  tags: cve,wordpress,wp-plugin,name-directory,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2072-27463f760012793e1526cf6e69e5e624.yaml b/nuclei-templates/2022/CVE-2022-2072-27463f760012793e1526cf6e69e5e624.yaml
index 96d3aedd89..4dd8a75a22 100644
--- a/nuclei-templates/2022/CVE-2022-2072-27463f760012793e1526cf6e69e5e624.yaml
+++ b/nuclei-templates/2022/CVE-2022-2072-27463f760012793e1526cf6e69e5e624.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Name Directory <= 1.25.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Name Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘name’ parameter in versions up to, and including, 1.25.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/name-directory/"
     google-query: inurl:"/wp-content/plugins/name-directory/"
     shodan-query: 'vuln:CVE-2022-2072'
-  tags: cve,wordpress,wp-plugin,name-directory,medium
+  tags: cve,wordpress,wp-plugin,name-directory,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2080-a7ff75affe3888f63fffbde3a81a35a3.yaml b/nuclei-templates/2022/CVE-2022-2080-a7ff75affe3888f63fffbde3a81a35a3.yaml
index 6bf9a37f84..23ada8e3a9 100644
--- a/nuclei-templates/2022/CVE-2022-2080-a7ff75affe3888f63fffbde3a81a35a3.yaml
+++ b/nuclei-templates/2022/CVE-2022-2080-a7ff75affe3888f63fffbde3a81a35a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sensei LMS <= 4.5.1 -  Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sensei LMS plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 4.5.1. This is because the plugin does not properly authenticate individuals before they send emails through the system. This makes it possible for attackers to send emails to arbitrary users and impersonate other individuals.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sensei-lms/"
     google-query: inurl:"/wp-content/plugins/sensei-lms/"
     shodan-query: 'vuln:CVE-2022-2080'
-  tags: cve,wordpress,wp-plugin,sensei-lms,medium
+  tags: cve,wordpress,wp-plugin,sensei-lms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2083-d5d7eb75824b8adafca40c78e85d9d96.yaml b/nuclei-templates/2022/CVE-2022-2083-d5d7eb75824b8adafca40c78e85d9d96.yaml
index bbaafeea83..4492cd1c82 100644
--- a/nuclei-templates/2022/CVE-2022-2083-d5d7eb75824b8adafca40c78e85d9d96.yaml
+++ b/nuclei-templates/2022/CVE-2022-2083-d5d7eb75824b8adafca40c78e85d9d96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Single Sign On <= 4.1.1 - Insecure OAuth Implementation to Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Simple Single Sign On plugin for WordPress is vulnerable to authorization bypass due to insecurely configured OAuth in versions up to, and including, 4.1.1 which allows attackers to retrieve client access_tokens that can be used to authenticate to a vulnerable site. This makes it possible unauthenticated attackers to gain unauthorized access to vulnerable web servers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/single-sign-on-client/"
     google-query: inurl:"/wp-content/plugins/single-sign-on-client/"
     shodan-query: 'vuln:CVE-2022-2083'
-  tags: cve,wordpress,wp-plugin,single-sign-on-client,high
+  tags: cve,wordpress,wp-plugin,single-sign-on-client,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2089-b332e32a470aff42684e131c72a2c94a.yaml b/nuclei-templates/2022/CVE-2022-2089-b332e32a470aff42684e131c72a2c94a.yaml
index d4c68b295e..2cf89b7281 100644
--- a/nuclei-templates/2022/CVE-2022-2089-b332e32a470aff42684e131c72a2c94a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2089-b332e32a470aff42684e131c72a2c94a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2022-2089'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2091-182ea68949b1ee6faae255d4de23157d.yaml b/nuclei-templates/2022/CVE-2022-2091-182ea68949b1ee6faae255d4de23157d.yaml
index 98dbf7bd0b..dcf0b9fe6b 100644
--- a/nuclei-templates/2022/CVE-2022-2091-182ea68949b1ee6faae255d4de23157d.yaml
+++ b/nuclei-templates/2022/CVE-2022-2091-182ea68949b1ee6faae255d4de23157d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cache Images <= 3.2 - Cross-Site Request Forgery to Image Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Cache Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing nonce validation on the cache_images_ajax() function. This makes it possible for unauthenticated attackers to upload images via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cache-images/"
     google-query: inurl:"/wp-content/plugins/cache-images/"
     shodan-query: 'vuln:CVE-2022-2091'
-  tags: cve,wordpress,wp-plugin,cache-images,high
+  tags: cve,wordpress,wp-plugin,cache-images,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2093-783792bc349c3286b30c741d65b88b21.yaml b/nuclei-templates/2022/CVE-2022-2093-783792bc349c3286b30c741d65b88b21.yaml
index 392a78c12c..3e14896ab9 100644
--- a/nuclei-templates/2022/CVE-2022-2093-783792bc349c3286b30c741d65b88b21.yaml
+++ b/nuclei-templates/2022/CVE-2022-2093-783792bc349c3286b30c741d65b88b21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Duplicate Page <= 1.2 - Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-duplicate-page/"
     google-query: inurl:"/wp-content/plugins/wp-duplicate-page/"
     shodan-query: 'vuln:CVE-2022-2093'
-  tags: cve,wordpress,wp-plugin,wp-duplicate-page,medium
+  tags: cve,wordpress,wp-plugin,wp-duplicate-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2099-c27b32abd810b7ccfab57cf684c27b3d.yaml b/nuclei-templates/2022/CVE-2022-2099-c27b32abd810b7ccfab57cf684c27b3d.yaml
index 2b4b319759..19f61fdbf1 100644
--- a/nuclei-templates/2022/CVE-2022-2099-c27b32abd810b7ccfab57cf684c27b3d.yaml
+++ b/nuclei-templates/2022/CVE-2022-2099-c27b32abd810b7ccfab57cf684c27b3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 6.5.1 - Authenticated (Admin+) HTML Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce plugin for WordPress is vulnerable to Stored HTML Injection via payment gateway titles in versions up to 6.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with high-level capabilities, such as a Store Manager, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:CVE-2022-2099'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2100-328db48b412bf150c51734d4e256b1dc.yaml b/nuclei-templates/2022/CVE-2022-2100-328db48b412bf150c51734d4e256b1dc.yaml
index e199acad7c..c34fd86cba 100644
--- a/nuclei-templates/2022/CVE-2022-2100-328db48b412bf150c51734d4e256b1dc.yaml
+++ b/nuclei-templates/2022/CVE-2022-2100-328db48b412bf150c51734d4e256b1dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Generator <= 1.6.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Page Generator plugin is vulnerable to Cross-Site Scripting in versions up to, and including, 1.6.4. This allows authenticated users with high privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-generator/"
     google-query: inurl:"/wp-content/plugins/page-generator/"
     shodan-query: 'vuln:CVE-2022-2100'
-  tags: cve,wordpress,wp-plugin,page-generator,medium
+  tags: cve,wordpress,wp-plugin,page-generator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2101-31bb9a1a6021af8a029348a6ecc96852.yaml b/nuclei-templates/2022/CVE-2022-2101-31bb9a1a6021af8a029348a6ecc96852.yaml
index fde1601599..1a26a9d14f 100644
--- a/nuclei-templates/2022/CVE-2022-2101-31bb9a1a6021af8a029348a6ecc96852.yaml
+++ b/nuclei-templates/2022/CVE-2022-2101-31bb9a1a6021af8a029348a6ecc96852.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.46 - Contributor+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts on the file's page that will execute whenever an administrator accesses the editor area for the injected file page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2022-2101'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2114-7bb51482172811e3c51edf370ad2cde3.yaml b/nuclei-templates/2022/CVE-2022-2114-7bb51482172811e3c51edf370ad2cde3.yaml
index 9b6557130e..bf44e0564e 100644
--- a/nuclei-templates/2022/CVE-2022-2114-7bb51482172811e3c51edf370ad2cde3.yaml
+++ b/nuclei-templates/2022/CVE-2022-2114-7bb51482172811e3c51edf370ad2cde3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Data Tables Generator By Supsystic <= 1.10.19 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/"
     shodan-query: 'vuln:CVE-2022-2114'
-  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2118-fb3335fd014953747fe67771d5c2fe67.yaml b/nuclei-templates/2022/CVE-2022-2118-fb3335fd014953747fe67771d5c2fe67.yaml
index 3bd3f46fbb..1b274b7c84 100644
--- a/nuclei-templates/2022/CVE-2022-2118-fb3335fd014953747fe67771d5c2fe67.yaml
+++ b/nuclei-templates/2022/CVE-2022-2118-fb3335fd014953747fe67771d5c2fe67.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     404s <= 3.4.9 - Administrator+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/404s/"
     google-query: inurl:"/wp-content/plugins/404s/"
     shodan-query: 'vuln:CVE-2022-2118'
-  tags: cve,wordpress,wp-plugin,404s,medium
+  tags: cve,wordpress,wp-plugin,404s,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2123-1045ae974bdd8bcaee8ec5d4a243aff7.yaml b/nuclei-templates/2022/CVE-2022-2123-1045ae974bdd8bcaee8ec5d4a243aff7.yaml
index 2d2eeb15b4..00787a6bd5 100644
--- a/nuclei-templates/2022/CVE-2022-2123-1045ae974bdd8bcaee8ec5d4a243aff7.yaml
+++ b/nuclei-templates/2022/CVE-2022-2123-1045ae974bdd8bcaee8ec5d4a243aff7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Opt-in <= 1.4.1 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Opt-in plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1. This is due to missing nonce validation on the wpoi_init_action() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-opt-in/"
     google-query: inurl:"/wp-content/plugins/wp-opt-in/"
     shodan-query: 'vuln:CVE-2022-2123'
-  tags: cve,wordpress,wp-plugin,wp-opt-in,high
+  tags: cve,wordpress,wp-plugin,wp-opt-in,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2133-9d80c6cd84258efd69f77a8f06dc55b8.yaml b/nuclei-templates/2022/CVE-2022-2133-9d80c6cd84258efd69f77a8f06dc55b8.yaml
index a1355df570..8b3c94dd42 100644
--- a/nuclei-templates/2022/CVE-2022-2133-9d80c6cd84258efd69f77a8f06dc55b8.yaml
+++ b/nuclei-templates/2022/CVE-2022-2133-9d80c6cd84258efd69f77a8f06dc55b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-login-with-eve-online-google-facebook/"
     google-query: inurl:"/wp-content/plugins/miniorange-login-with-eve-online-google-facebook/"
     shodan-query: 'vuln:CVE-2022-2133'
-  tags: cve,wordpress,wp-plugin,miniorange-login-with-eve-online-google-facebook,high
+  tags: cve,wordpress,wp-plugin,miniorange-login-with-eve-online-google-facebook,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2144-fdec704444e3056cbaed479252db31c8.yaml b/nuclei-templates/2022/CVE-2022-2144-fdec704444e3056cbaed479252db31c8.yaml
index 5080a07e7b..085348b81e 100644
--- a/nuclei-templates/2022/CVE-2022-2144-fdec704444e3056cbaed479252db31c8.yaml
+++ b/nuclei-templates/2022/CVE-2022-2144-fdec704444e3056cbaed479252db31c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jquery Validation For Contact Form 7 <= 5.2 - Cross-Site Request Forgery to Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Jquery Validation For Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2. This is due to missing or incorrect nonce validation on the jvcf7 page. This makes it possible for unauthenticated attackers to update arbitrary options, such as default role and users_can_register, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jquery-validation-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/jquery-validation-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2022-2144'
-  tags: cve,wordpress,wp-plugin,jquery-validation-for-contact-form-7,high
+  tags: cve,wordpress,wp-plugin,jquery-validation-for-contact-form-7,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2148-ae77789cf095ebe5a3c15cc04f8354ae.yaml b/nuclei-templates/2022/CVE-2022-2148-ae77789cf095ebe5a3c15cc04f8354ae.yaml
index 26b1b5cfc5..13a6a4f692 100644
--- a/nuclei-templates/2022/CVE-2022-2148-ae77789cf095ebe5a3c15cc04f8354ae.yaml
+++ b/nuclei-templates/2022/CVE-2022-2148-ae77789cf095ebe5a3c15cc04f8354ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LinkedIn Company Updates <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/company-updates-for-linkedin/"
     google-query: inurl:"/wp-content/plugins/company-updates-for-linkedin/"
     shodan-query: 'vuln:CVE-2022-2148'
-  tags: cve,wordpress,wp-plugin,company-updates-for-linkedin,medium
+  tags: cve,wordpress,wp-plugin,company-updates-for-linkedin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2149-af6a5ec90875038596d2be175f9973f4.yaml b/nuclei-templates/2022/CVE-2022-2149-af6a5ec90875038596d2be175f9973f4.yaml
index 52a28e82c1..fe026028e1 100644
--- a/nuclei-templates/2022/CVE-2022-2149-af6a5ec90875038596d2be175f9973f4.yaml
+++ b/nuclei-templates/2022/CVE-2022-2149-af6a5ec90875038596d2be175f9973f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Very Simple Breadcrumb <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/very-simple-breadcrumb/"
     google-query: inurl:"/wp-content/plugins/very-simple-breadcrumb/"
     shodan-query: 'vuln:CVE-2022-2149'
-  tags: cve,wordpress,wp-plugin,very-simple-breadcrumb,medium
+  tags: cve,wordpress,wp-plugin,very-simple-breadcrumb,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2151-1a94885b829a17aaf2fa1ae77773a27a.yaml b/nuclei-templates/2022/CVE-2022-2151-1a94885b829a17aaf2fa1ae77773a27a.yaml
index 6011944e6b..3f5968055a 100644
--- a/nuclei-templates/2022/CVE-2022-2151-1a94885b829a17aaf2fa1ae77773a27a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2151-1a94885b829a17aaf2fa1ae77773a27a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Best Contact Management Software <= 3.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Best Contact Management Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "No Access Message" setting in versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easy-contact/"
     google-query: inurl:"/wp-content/plugins/wp-easy-contact/"
     shodan-query: 'vuln:CVE-2022-2151'
-  tags: cve,wordpress,wp-plugin,wp-easy-contact,medium
+  tags: cve,wordpress,wp-plugin,wp-easy-contact,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2152-79f880a7e6c6b5f19edddfee4238c580.yaml b/nuclei-templates/2022/CVE-2022-2152-79f880a7e6c6b5f19edddfee4238c580.yaml
index c1b913febe..a2369e52a9 100644
--- a/nuclei-templates/2022/CVE-2022-2152-79f880a7e6c6b5f19edddfee4238c580.yaml
+++ b/nuclei-templates/2022/CVE-2022-2152-79f880a7e6c6b5f19edddfee4238c580.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Duplicate Page and Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Settings->Duplicate Post->Duplicate Post Suffix’ value in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-wp-page-post/"
     google-query: inurl:"/wp-content/plugins/duplicate-wp-page-post/"
     shodan-query: 'vuln:CVE-2022-2152'
-  tags: cve,wordpress,wp-plugin,duplicate-wp-page-post,medium
+  tags: cve,wordpress,wp-plugin,duplicate-wp-page-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-21661-96bf3f16564c1ae9e8c567dffc5576d2.yaml b/nuclei-templates/2022/CVE-2022-21661-96bf3f16564c1ae9e8c567dffc5576d2.yaml
index fe2e47ce31..0bbf286d50 100644
--- a/nuclei-templates/2022/CVE-2022-21661-96bf3f16564c1ae9e8c567dffc5576d2.yaml
+++ b/nuclei-templates/2022/CVE-2022-21661-96bf3f16564c1ae9e8c567dffc5576d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.8.3 - SQL Injection via WP_Query
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2022-21661
   metadata:
     shodan-query: 'vuln:CVE-2022-21661'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-21662-b2f452da67fdef518c0ca5b8fbefe3fc.yaml b/nuclei-templates/2022/CVE-2022-21662-b2f452da67fdef518c0ca5b8fbefe3fc.yaml
index d7fc89a1ca..08fc42a9fb 100644
--- a/nuclei-templates/2022/CVE-2022-21662-b2f452da67fdef518c0ca5b8fbefe3fc.yaml
+++ b/nuclei-templates/2022/CVE-2022-21662-b2f452da67fdef518c0ca5b8fbefe3fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.8.3 - Authenticated (Author+) Stored Cross Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2022-21662
   metadata:
     shodan-query: 'vuln:CVE-2022-21662'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-21664-94ffba477783a49fe859db6d419a4e64.yaml b/nuclei-templates/2022/CVE-2022-21664-94ffba477783a49fe859db6d419a4e64.yaml
index 6406b1c484..30b4621738 100644
--- a/nuclei-templates/2022/CVE-2022-21664-94ffba477783a49fe859db6d419a4e64.yaml
+++ b/nuclei-templates/2022/CVE-2022-21664-94ffba477783a49fe859db6d419a4e64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 5.8.3 - SQL Injection via WP_Meta_Query
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2022-21664
   metadata:
     shodan-query: 'vuln:CVE-2022-21664'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2169-4168c6f35e53b3bb6cbc2cd944aa14e6.yaml b/nuclei-templates/2022/CVE-2022-2169-4168c6f35e53b3bb6cbc2cd944aa14e6.yaml
index f737ea539c..f30cb2f52c 100644
--- a/nuclei-templates/2022/CVE-2022-2169-4168c6f35e53b3bb6cbc2cd944aa14e6.yaml
+++ b/nuclei-templates/2022/CVE-2022-2169-4168c6f35e53b3bb6cbc2cd944aa14e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Loading Page with Loading Screen <= 1.0.82 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/loading-page/"
     google-query: inurl:"/wp-content/plugins/loading-page/"
     shodan-query: 'vuln:CVE-2022-2169'
-  tags: cve,wordpress,wp-plugin,loading-page,medium
+  tags: cve,wordpress,wp-plugin,loading-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2170-4a64b780bf144c05e7e8310b30ac549a.yaml b/nuclei-templates/2022/CVE-2022-2170-4a64b780bf144c05e7e8310b30ac549a.yaml
index ffbd22a4a0..6aa94278f4 100644
--- a/nuclei-templates/2022/CVE-2022-2170-4a64b780bf144c05e7e8310b30ac549a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2170-4a64b780bf144c05e7e8310b30ac549a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Microsoft Advertising Universal Event Tracking (UET) <= 1.0.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/microsoft-advertising-universal-event-tracking-uet/"
     google-query: inurl:"/wp-content/plugins/microsoft-advertising-universal-event-tracking-uet/"
     shodan-query: 'vuln:CVE-2022-2170'
-  tags: cve,wordpress,wp-plugin,microsoft-advertising-universal-event-tracking-uet,medium
+  tags: cve,wordpress,wp-plugin,microsoft-advertising-universal-event-tracking-uet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2172-9ed1e670781ff936317a3cc7c1d9dd47.yaml b/nuclei-templates/2022/CVE-2022-2172-9ed1e670781ff936317a3cc7c1d9dd47.yaml
index 50265c0c7b..9f6d4d977b 100644
--- a/nuclei-templates/2022/CVE-2022-2172-9ed1e670781ff936317a3cc7c1d9dd47.yaml
+++ b/nuclei-templates/2022/CVE-2022-2172-9ed1e670781ff936317a3cc7c1d9dd47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LinkWorth plugin <= 3.3.3 - Cross-Site Request Forgery to Plugin Setting Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The LinkWorth plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.3. This is due to missing or incorrect nonce validation on the update_advanced_options_action action. This makes it possible for unauthenticated attackers to trigger plugin setting updates and deletion via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/linkworth-wp-plugin/"
     google-query: inurl:"/wp-content/plugins/linkworth-wp-plugin/"
     shodan-query: 'vuln:CVE-2022-2172'
-  tags: cve,wordpress,wp-plugin,linkworth-wp-plugin,high
+  tags: cve,wordpress,wp-plugin,linkworth-wp-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2184-cbb68fdfa6e0c8d1d1dcc60eddde34f0.yaml b/nuclei-templates/2022/CVE-2022-2184-cbb68fdfa6e0c8d1d1dcc60eddde34f0.yaml
index f3b4925404..425a5adce3 100644
--- a/nuclei-templates/2022/CVE-2022-2184-cbb68fdfa6e0c8d1d1dcc60eddde34f0.yaml
+++ b/nuclei-templates/2022/CVE-2022-2184-cbb68fdfa6e0c8d1d1dcc60eddde34f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CAPTCHA 4WP <= 7.0.6.1 - Cross-Site Request Forgery to Local File Inclusion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The CAPTCHA 4WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.0.6.1. This makes it possible for unauthenticated attackers to inject malicious code, resulting in remote code execution, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-nocaptcha-recaptcha/"
     google-query: inurl:"/wp-content/plugins/advanced-nocaptcha-recaptcha/"
     shodan-query: 'vuln:CVE-2022-2184'
-  tags: cve,wordpress,wp-plugin,advanced-nocaptcha-recaptcha,high
+  tags: cve,wordpress,wp-plugin,advanced-nocaptcha-recaptcha,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2186-ae1d09ace0c5a27260a5b15fa0f15e71.yaml b/nuclei-templates/2022/CVE-2022-2186-ae1d09ace0c5a27260a5b15fa0f15e71.yaml
index 772bdf0d94..5323564c1a 100644
--- a/nuclei-templates/2022/CVE-2022-2186-ae1d09ace0c5a27260a5b15fa0f15e71.yaml
+++ b/nuclei-templates/2022/CVE-2022-2186-ae1d09ace0c5a27260a5b15fa0f15e71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Post Notes <= 1.7.5 - Subscriber+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Post Notes plugin for WordPress is vulnerable to subscriber+ Stored Cross-Site Scripting via the 'spnote' parameter saved via the save_bulkedit_note() function which gets called through the wp_ajax_spnote_save_bulk_edit AJAX action. This affects versions up to 1.7.6, and version 1.7.6 is still vulnerable to unauthorized post note changes by subscriber level users due to a missing capability check on the spnote_save_bulk_edit action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-post-notes/"
     google-query: inurl:"/wp-content/plugins/simple-post-notes/"
     shodan-query: 'vuln:CVE-2022-2186'
-  tags: cve,wordpress,wp-plugin,simple-post-notes,medium
+  tags: cve,wordpress,wp-plugin,simple-post-notes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2194-560fba5c90dc74d38384277269b51dae.yaml b/nuclei-templates/2022/CVE-2022-2194-560fba5c90dc74d38384277269b51dae.yaml
index 09845dc5c8..cc27a012e0 100644
--- a/nuclei-templates/2022/CVE-2022-2194-560fba5c90dc74d38384277269b51dae.yaml
+++ b/nuclei-templates/2022/CVE-2022-2194-560fba5c90dc74d38384277269b51dae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accept Stripe Payments <= 2.0.63 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stripe-payments/"
     google-query: inurl:"/wp-content/plugins/stripe-payments/"
     shodan-query: 'vuln:CVE-2022-2194'
-  tags: cve,wordpress,wp-plugin,stripe-payments,medium
+  tags: cve,wordpress,wp-plugin,stripe-payments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2215-ed46e202f3a956c555880fedcaa0b829.yaml b/nuclei-templates/2022/CVE-2022-2215-ed46e202f3a956c555880fedcaa0b829.yaml
index dbf31a0110..66fa708575 100644
--- a/nuclei-templates/2022/CVE-2022-2215-ed46e202f3a956c555880fedcaa0b829.yaml
+++ b/nuclei-templates/2022/CVE-2022-2215-ed46e202f3a956c555880fedcaa0b829.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.21.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2022-2215'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2219-610d128e626440e80c8a487da8ac96e5.yaml b/nuclei-templates/2022/CVE-2022-2219-610d128e626440e80c8a487da8ac96e5.yaml
index 13f4f3f4fa..22a3af8f6a 100644
--- a/nuclei-templates/2022/CVE-2022-2219-610d128e626440e80c8a487da8ac96e5.yaml
+++ b/nuclei-templates/2022/CVE-2022-2219-610d128e626440e80c8a487da8ac96e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unyson <= 2.7.26 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Unyson  plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘extension name’ parameter in versions up to, and including, 2.7.26 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unyson/"
     google-query: inurl:"/wp-content/plugins/unyson/"
     shodan-query: 'vuln:CVE-2022-2219'
-  tags: cve,wordpress,wp-plugin,unyson,medium
+  tags: cve,wordpress,wp-plugin,unyson,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2222-8d4bf28803761cae038f398e0f1dd848.yaml b/nuclei-templates/2022/CVE-2022-2222-8d4bf28803761cae038f398e0f1dd848.yaml
index 1a06203920..15a730852e 100644
--- a/nuclei-templates/2022/CVE-2022-2222-8d4bf28803761cae038f398e0f1dd848.yaml
+++ b/nuclei-templates/2022/CVE-2022-2222-8d4bf28803761cae038f398e0f1dd848.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 4.5.9 - Authenticated Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:CVE-2022-2222'
-  tags: cve,wordpress,wp-plugin,download-monitor,medium
+  tags: cve,wordpress,wp-plugin,download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2233-b587c5b6b45c195ebb12bd5f55ed780d.yaml b/nuclei-templates/2022/CVE-2022-2233-b587c5b6b45c195ebb12bd5f55ed780d.yaml
index b9f9154f9e..60cbcbb2ad 100644
--- a/nuclei-templates/2022/CVE-2022-2233-b587c5b6b45c195ebb12bd5f55ed780d.yaml
+++ b/nuclei-templates/2022/CVE-2022-2233-b587c5b6b45c195ebb12bd5f55ed780d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Banner Cycler <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site’s administrator into performing an action such as clicking on a link
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/banner-cycler/"
     google-query: inurl:"/wp-content/plugins/banner-cycler/"
     shodan-query: 'vuln:CVE-2022-2233'
-  tags: cve,wordpress,wp-plugin,banner-cycler,high
+  tags: cve,wordpress,wp-plugin,banner-cycler,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2239-e78bafbef882a9c48928d514c06bbb3b.yaml b/nuclei-templates/2022/CVE-2022-2239-e78bafbef882a9c48928d514c06bbb3b.yaml
index 2a42a2ca17..00d6bb9dba 100644
--- a/nuclei-templates/2022/CVE-2022-2239-e78bafbef882a9c48928d514c06bbb3b.yaml
+++ b/nuclei-templates/2022/CVE-2022-2239-e78bafbef882a9c48928d514c06bbb3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Request a Quote <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Request a Quote WordPress plugin through 2.3.7 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/request-a-quote/"
     google-query: inurl:"/wp-content/plugins/request-a-quote/"
     shodan-query: 'vuln:CVE-2022-2239'
-  tags: cve,wordpress,wp-plugin,request-a-quote,medium
+  tags: cve,wordpress,wp-plugin,request-a-quote,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2241-3f695144fde56e5e68c9d7f131f8380c.yaml b/nuclei-templates/2022/CVE-2022-2241-3f695144fde56e5e68c9d7f131f8380c.yaml
index 094b7193fe..c1e2969426 100644
--- a/nuclei-templates/2022/CVE-2022-2241-3f695144fde56e5e68c9d7f131f8380c.yaml
+++ b/nuclei-templates/2022/CVE-2022-2241-3f695144fde56e5e68c9d7f131f8380c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Featured Image from URL (FIFU) <= 3.9.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.9. This is due to missing or incorrect nonce validation on the fifu_update_menu_options function. This makes it possible for unauthenticated attackers to trigger plugin options updates via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/featured-image-from-url/"
     google-query: inurl:"/wp-content/plugins/featured-image-from-url/"
     shodan-query: 'vuln:CVE-2022-2241'
-  tags: cve,wordpress,wp-plugin,featured-image-from-url,high
+  tags: cve,wordpress,wp-plugin,featured-image-from-url,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2245-e218b5d377826292a46ae91919228725.yaml b/nuclei-templates/2022/CVE-2022-2245-e218b5d377826292a46ae91919228725.yaml
index fac28378e2..37a41175fa 100644
--- a/nuclei-templates/2022/CVE-2022-2245-e218b5d377826292a46ae91919228725.yaml
+++ b/nuclei-templates/2022/CVE-2022-2245-e218b5d377826292a46ae91919228725.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Counter Box <= 1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/counter-box/"
     google-query: inurl:"/wp-content/plugins/counter-box/"
     shodan-query: 'vuln:CVE-2022-2245'
-  tags: cve,wordpress,wp-plugin,counter-box,high
+  tags: cve,wordpress,wp-plugin,counter-box,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2256-a42d8ff7a7669fd14fcfc52a34b52ce7.yaml b/nuclei-templates/2022/CVE-2022-2256-a42d8ff7a7669fd14fcfc52a34b52ce7.yaml
index 6119af2322..f927198e6f 100644
--- a/nuclei-templates/2022/CVE-2022-2256-a42d8ff7a7669fd14fcfc52a34b52ce7.yaml
+++ b/nuclei-templates/2022/CVE-2022-2256-a42d8ff7a7669fd14fcfc52a34b52ce7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in the file Block.php in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visualizer/"
     google-query: inurl:"/wp-content/plugins/visualizer/"
     shodan-query: 'vuln:CVE-2022-2256'
-  tags: cve,wordpress,wp-plugin,visualizer,high
+  tags: cve,wordpress,wp-plugin,visualizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2261-13d6d07ad8433fc4c13ab399af9c2000.yaml b/nuclei-templates/2022/CVE-2022-2261-13d6d07ad8433fc4c13ab399af9c2000.yaml
index b922788f86..c99f31d588 100644
--- a/nuclei-templates/2022/CVE-2022-2261-13d6d07ad8433fc4c13ab399af9c2000.yaml
+++ b/nuclei-templates/2022/CVE-2022-2261-13d6d07ad8433fc4c13ab399af9c2000.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPIDE – File Manager & Code Editor <= 2.6 - Authenticated (Admininstrator+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WPIDE plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.6. This allows administrator-level or higher attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpide/"
     google-query: inurl:"/wp-content/plugins/wpide/"
     shodan-query: 'vuln:CVE-2022-2261'
-  tags: cve,wordpress,wp-plugin,wpide,high
+  tags: cve,wordpress,wp-plugin,wpide,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2267-b001a479011d319ceac5f48bfd2e6d39.yaml b/nuclei-templates/2022/CVE-2022-2267-b001a479011d319ceac5f48bfd2e6d39.yaml
index 646db517ea..f47bd5ef65 100644
--- a/nuclei-templates/2022/CVE-2022-2267-b001a479011d319ceac5f48bfd2e6d39.yaml
+++ b/nuclei-templates/2022/CVE-2022-2267-b001a479011d319ceac5f48bfd2e6d39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mailchimp for WooCommerce <= 2.7 - Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The plugin Mailchimp for WooCommerce for WordPress is vulnerable to Server-Side Request Forgery via one of its AJAX actions in versions up to, and including, 2.7.1. This makes it possible for an attacker with subscriber privileges or higher to send requests to the internal network.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/mailchimp-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-2267'
-  tags: cve,wordpress,wp-plugin,mailchimp-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2268-dcb0952ba59e4cf6e5088fb4c3d3565e.yaml b/nuclei-templates/2022/CVE-2022-2268-dcb0952ba59e4cf6e5088fb4c3d3565e.yaml
index f65b529d3e..21105487bd 100644
--- a/nuclei-templates/2022/CVE-2022-2268-dcb0952ba59e4cf6e5088fb4c3d3565e.yaml
+++ b/nuclei-templates/2022/CVE-2022-2268-dcb0952ba59e4cf6e5088fb4c3d3565e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP All Import <= 3.6.7 - Admin+ Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2022-2268'
-  tags: cve,wordpress,wp-plugin,wp-all-import,medium
+  tags: cve,wordpress,wp-plugin,wp-all-import,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2269-b4286607d776cde455809a59a67464fa.yaml b/nuclei-templates/2022/CVE-2022-2269-b4286607d776cde455809a59a67464fa.yaml
index 659dc00f26..3a93a3e4d5 100644
--- a/nuclei-templates/2022/CVE-2022-2269-b4286607d776cde455809a59a67464fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-2269-b4286607d776cde455809a59a67464fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Website File Changes Monitor <= 1.8.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Website File Changes Monitor plugin for WordPress is vulnerable to SQL Injection via the ‘path' parameter in versions up to, and including, 1.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/website-file-changes-monitor/"
     google-query: inurl:"/wp-content/plugins/website-file-changes-monitor/"
     shodan-query: 'vuln:CVE-2022-2269'
-  tags: cve,wordpress,wp-plugin,website-file-changes-monitor,high
+  tags: cve,wordpress,wp-plugin,website-file-changes-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2271-570d7dad3e17c051e824f46c008efb18.yaml b/nuclei-templates/2022/CVE-2022-2271-570d7dad3e17c051e824f46c008efb18.yaml
index 198fa399d9..411bc379ec 100644
--- a/nuclei-templates/2022/CVE-2022-2271-570d7dad3e17c051e824f46c008efb18.yaml
+++ b/nuclei-templates/2022/CVE-2022-2271-570d7dad3e17c051e824f46c008efb18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Database Backup <= 5.8.3 -  Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Database Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 5.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-backup/"
     google-query: inurl:"/wp-content/plugins/wp-database-backup/"
     shodan-query: 'vuln:CVE-2022-2271'
-  tags: cve,wordpress,wp-plugin,wp-database-backup,medium
+  tags: cve,wordpress,wp-plugin,wp-database-backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2271-8927f27721e1d8b23d2e73cb09a3c9b9.yaml b/nuclei-templates/2022/CVE-2022-2271-8927f27721e1d8b23d2e73cb09a3c9b9.yaml
index 48e00d7525..e87fc3c233 100644
--- a/nuclei-templates/2022/CVE-2022-2271-8927f27721e1d8b23d2e73cb09a3c9b9.yaml
+++ b/nuclei-templates/2022/CVE-2022-2271-8927f27721e1d8b23d2e73cb09a3c9b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Database Backup <= 5.8.3 -  Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Database Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 5.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-backup/"
     google-query: inurl:"/wp-content/plugins/wp-database-backup/"
     shodan-query: 'vuln:CVE-2022-2271'
-  tags: cve,wordpress,wp-plugin,wp-database-backup,medium
+  tags: cve,wordpress,wp-plugin,wp-database-backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2275-d194b7c99710bb89f1ee39dafcb5d71b.yaml b/nuclei-templates/2022/CVE-2022-2275-d194b7c99710bb89f1ee39dafcb5d71b.yaml
index 2c1c198217..0fc715e91c 100644
--- a/nuclei-templates/2022/CVE-2022-2275-d194b7c99710bb89f1ee39dafcb5d71b.yaml
+++ b/nuclei-templates/2022/CVE-2022-2275-d194b7c99710bb89f1ee39dafcb5d71b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Edit Menu <= 1.5.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Edit Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the wpem_remove_menu_entry function. This makes it possible for unauthenticated attackers to delete posts or pages, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-edit-menu/"
     google-query: inurl:"/wp-content/plugins/wp-edit-menu/"
     shodan-query: 'vuln:CVE-2022-2275'
-  tags: cve,wordpress,wp-plugin,wp-edit-menu,high
+  tags: cve,wordpress,wp-plugin,wp-edit-menu,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2278-7420b38eef61601a8533cd300d3acef6.yaml b/nuclei-templates/2022/CVE-2022-2278-7420b38eef61601a8533cd300d3acef6.yaml
index 7010ae2fc3..6aafb204f8 100644
--- a/nuclei-templates/2022/CVE-2022-2278-7420b38eef61601a8533cd300d3acef6.yaml
+++ b/nuclei-templates/2022/CVE-2022-2278-7420b38eef61601a8533cd300d3acef6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Featured Image from URL (FIFU) <= 4.0.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘input’ parameter in versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/featured-image-from-url/"
     google-query: inurl:"/wp-content/plugins/featured-image-from-url/"
     shodan-query: 'vuln:CVE-2022-2278'
-  tags: cve,wordpress,wp-plugin,featured-image-from-url,medium
+  tags: cve,wordpress,wp-plugin,featured-image-from-url,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2299-6b99b25706bc10b6938889b6d61c2c79.yaml b/nuclei-templates/2022/CVE-2022-2299-6b99b25706bc10b6938889b6d61c2c79.yaml
index 107a7a7961..91bde1a745 100644
--- a/nuclei-templates/2022/CVE-2022-2299-6b99b25706bc10b6938889b6d61c2c79.yaml
+++ b/nuclei-templates/2022/CVE-2022-2299-6b99b25706bc10b6938889b6d61c2c79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Allow SVG Files <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Allow SVG Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 1.1 due to insufficient sanitization and escaping on the SVG file. This makes it possible for authenticated attackers with file uploading capabilities, like an author, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/asf-allow-svg-files/"
     google-query: inurl:"/wp-content/plugins/asf-allow-svg-files/"
     shodan-query: 'vuln:CVE-2022-2299'
-  tags: cve,wordpress,wp-plugin,asf-allow-svg-files,medium
+  tags: cve,wordpress,wp-plugin,asf-allow-svg-files,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2305-356d13b6974d8f1c305ed39531dbff42.yaml b/nuclei-templates/2022/CVE-2022-2305-356d13b6974d8f1c305ed39531dbff42.yaml
index 3144190663..b995a4f2bc 100644
--- a/nuclei-templates/2022/CVE-2022-2305-356d13b6974d8f1c305ed39531dbff42.yaml
+++ b/nuclei-templates/2022/CVE-2022-2305-356d13b6974d8f1c305ed39531dbff42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popups <= 1.9.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcode attributes in versions up to, and including, 1.9.3.8.  This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popups/"
     google-query: inurl:"/wp-content/plugins/popups/"
     shodan-query: 'vuln:CVE-2022-2305'
-  tags: cve,wordpress,wp-plugin,popups,medium
+  tags: cve,wordpress,wp-plugin,popups,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2311-3a24a068d1ed9da16159938c4295f7f7.yaml b/nuclei-templates/2022/CVE-2022-2311-3a24a068d1ed9da16159938c4295f7f7.yaml
index 687f09ef6c..ceaf3cf7c0 100644
--- a/nuclei-templates/2022/CVE-2022-2311-3a24a068d1ed9da16159938c4295f7f7.yaml
+++ b/nuclei-templates/2022/CVE-2022-2311-3a24a068d1ed9da16159938c4295f7f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Find and Replace All <= 1.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Find and Replace All plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation when performing a search. This makes it possible for unauthenticated attackers to inject malicious JavaScript via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/find-and-replace-all/"
     google-query: inurl:"/wp-content/plugins/find-and-replace-all/"
     shodan-query: 'vuln:CVE-2022-2311'
-  tags: cve,wordpress,wp-plugin,find-and-replace-all,high
+  tags: cve,wordpress,wp-plugin,find-and-replace-all,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-23179-ae016ddc716d42a85477445c62a5e437.yaml b/nuclei-templates/2022/CVE-2022-23179-ae016ddc716d42a85477445c62a5e437.yaml
index d0e110522b..68f3b51b49 100644
--- a/nuclei-templates/2022/CVE-2022-23179-ae016ddc716d42a85477445c62a5e437.yaml
+++ b/nuclei-templates/2022/CVE-2022-23179-ae016ddc716d42a85477445c62a5e437.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Contact Form Builder & Lead Generation Plugin < 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.7.0 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lead-form-builder/"
     google-query: inurl:"/wp-content/plugins/lead-form-builder/"
     shodan-query: 'vuln:CVE-2022-23179'
-  tags: cve,wordpress,wp-plugin,lead-form-builder,medium
+  tags: cve,wordpress,wp-plugin,lead-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-23183-a5138dbd3ab5f7be9499c9facaa915f6.yaml b/nuclei-templates/2022/CVE-2022-23183-a5138dbd3ab5f7be9499c9facaa915f6.yaml
index 2339aa6b21..5cfbbea1be 100644
--- a/nuclei-templates/2022/CVE-2022-23183-a5138dbd3ab5f7be9499c9facaa915f6.yaml
+++ b/nuclei-templates/2022/CVE-2022-23183-a5138dbd3ab5f7be9499c9facaa915f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields <= 5.12 - Authenticated Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Custom Fields plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 5.12. This makes it possible for authenticated attackers with editor access, such as Contributors and above, to view information in the database without the appropriate authorization.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2022-23183
   metadata:
-    fofa-query: "wp-content/plugins/advanced-custom-fields/"
-    google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
+    fofa-query: "wp-content/plugins/advanced-custom-fields-pro/"
+    google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/"
     shodan-query: 'vuln:CVE-2022-23183'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "advanced-custom-fields"
+          - "advanced-custom-fields-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-2325-d4a44b7e5865ae371b4706ab716f5f69.yaml b/nuclei-templates/2022/CVE-2022-2325-d4a44b7e5865ae371b4706ab716f5f69.yaml
index fc020ed3a8..fa7694ec86 100644
--- a/nuclei-templates/2022/CVE-2022-2325-d4a44b7e5865ae371b4706ab716f5f69.yaml
+++ b/nuclei-templates/2022/CVE-2022-2325-d4a44b7e5865ae371b4706ab716f5f69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Invitation Based Registrations <= 2.2.84 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/invitation-based-registrations/"
     google-query: inurl:"/wp-content/plugins/invitation-based-registrations/"
     shodan-query: 'vuln:CVE-2022-2325'
-  tags: cve,wordpress,wp-plugin,invitation-based-registrations,medium
+  tags: cve,wordpress,wp-plugin,invitation-based-registrations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2328-13464676c956740d86ef6b835803b913.yaml b/nuclei-templates/2022/CVE-2022-2328-13464676c956740d86ef6b835803b913.yaml
index 194299cc5e..a7a53db89d 100644
--- a/nuclei-templates/2022/CVE-2022-2328-13464676c956740d86ef6b835803b913.yaml
+++ b/nuclei-templates/2022/CVE-2022-2328-13464676c956740d86ef6b835803b913.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flexi Quote Rotator <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Flexi Quote Rotator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flexi-quote-rotator/"
     google-query: inurl:"/wp-content/plugins/flexi-quote-rotator/"
     shodan-query: 'vuln:CVE-2022-2328'
-  tags: cve,wordpress,wp-plugin,flexi-quote-rotator,medium
+  tags: cve,wordpress,wp-plugin,flexi-quote-rotator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2340-a9e063bb904bfdeb89be1c3d634b4901.yaml b/nuclei-templates/2022/CVE-2022-2340-a9e063bb904bfdeb89be1c3d634b4901.yaml
index e97e3db42e..d5db141794 100644
--- a/nuclei-templates/2022/CVE-2022-2340-a9e063bb904bfdeb89be1c3d634b4901.yaml
+++ b/nuclei-templates/2022/CVE-2022-2340-a9e063bb904bfdeb89be1c3d634b4901.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     W-DALIL <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The W-DALIL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$dalil_information’ parameter in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w-dalil/"
     google-query: inurl:"/wp-content/plugins/w-dalil/"
     shodan-query: 'vuln:CVE-2022-2340'
-  tags: cve,wordpress,wp-plugin,w-dalil,medium
+  tags: cve,wordpress,wp-plugin,w-dalil,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2350-453fdd29f3b3ed3425776068af53e39d.yaml b/nuclei-templates/2022/CVE-2022-2350-453fdd29f3b3ed3425776068af53e39d.yaml
index 81bd2b8793..006ebcd1ce 100644
--- a/nuclei-templates/2022/CVE-2022-2350-453fdd29f3b3ed3425776068af53e39d.yaml
+++ b/nuclei-templates/2022/CVE-2022-2350-453fdd29f3b3ed3425776068af53e39d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Disable User Login <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Disable User Login plugin for WordPress is vulnerable to unauthenticated settings update due to missing authentication when updating its settings in versions up to, and including, 9.8. This makes it possible for unauthenticated attackers to update the plugin's settings. Cross-Site Request Forgery protection is also not present.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-users-disable/"
     google-query: inurl:"/wp-content/plugins/wp-users-disable/"
     shodan-query: 'vuln:CVE-2022-2350'
-  tags: cve,wordpress,wp-plugin,wp-users-disable,medium
+  tags: cve,wordpress,wp-plugin,wp-users-disable,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2351-5dcfc5ea6f05d00ca9432dc6e06a959a.yaml b/nuclei-templates/2022/CVE-2022-2351-5dcfc5ea6f05d00ca9432dc6e06a959a.yaml
index f3f065f485..538c5d8238 100644
--- a/nuclei-templates/2022/CVE-2022-2351-5dcfc5ea6f05d00ca9432dc6e06a959a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2351-5dcfc5ea6f05d00ca9432dc6e06a959a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post SMTP Mailer/Email Log <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post SMTP Mailer/Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘input_tmp_dir’ parameter in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-smtp/"
     google-query: inurl:"/wp-content/plugins/post-smtp/"
     shodan-query: 'vuln:CVE-2022-2351'
-  tags: cve,wordpress,wp-plugin,post-smtp,medium
+  tags: cve,wordpress,wp-plugin,post-smtp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2352-afbbe261546ed611413e53ceb7e989bf.yaml b/nuclei-templates/2022/CVE-2022-2352-afbbe261546ed611413e53ceb7e989bf.yaml
index 1e23c3fb4e..8ab2fd5630 100644
--- a/nuclei-templates/2022/CVE-2022-2352-afbbe261546ed611413e53ceb7e989bf.yaml
+++ b/nuclei-templates/2022/CVE-2022-2352-afbbe261546ed611413e53ceb7e989bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post SMTP <= 2.1.6 - Authenticated (Administrator+) Blind Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post SMTP plugin for WordPress is vulnerable to blind Server-Side Request Forgery. This is due to improper authorization on some of the plugin's AJAX actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-smtp/"
     google-query: inurl:"/wp-content/plugins/post-smtp/"
     shodan-query: 'vuln:CVE-2022-2352'
-  tags: cve,wordpress,wp-plugin,post-smtp,medium
+  tags: cve,wordpress,wp-plugin,post-smtp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2354-ee247de60df1bfe0f1ecd93cf598296f.yaml b/nuclei-templates/2022/CVE-2022-2354-ee247de60df1bfe0f1ecd93cf598296f.yaml
index ef21baf56a..0891fbf262 100644
--- a/nuclei-templates/2022/CVE-2022-2354-ee247de60df1bfe0f1ecd93cf598296f.yaml
+++ b/nuclei-templates/2022/CVE-2022-2354-ee247de60df1bfe0f1ecd93cf598296f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-DBManager <= 2.80.7 - Authenticated (Admin+) Remote Code Execution on Multi-Site
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP-DBManager plugin for WordPress is vulnerable to remote code execution due to an incorrect capability check in the ~/database-backup.php file in versions up to, and including, 2.80.7. This makes it possible for high level authenticated users, such as administrators, to run arbitrary commands on the affected server. This only affects multi-site installations where an administrator wouldn't have the capability to run arbitrary code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dbmanager/"
     google-query: inurl:"/wp-content/plugins/wp-dbmanager/"
     shodan-query: 'vuln:CVE-2022-2354'
-  tags: cve,wordpress,wp-plugin,wp-dbmanager,high
+  tags: cve,wordpress,wp-plugin,wp-dbmanager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2355-2508566224c9697f712ccd556a0ee74e.yaml b/nuclei-templates/2022/CVE-2022-2355-2508566224c9697f712ccd556a0ee74e.yaml
index 72937f5cbd..78d7dd77f8 100644
--- a/nuclei-templates/2022/CVE-2022-2355-2508566224c9697f712ccd556a0ee74e.yaml
+++ b/nuclei-templates/2022/CVE-2022-2355-2508566224c9697f712ccd556a0ee74e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Username Updater <= 1.0.3 - Cross-Site Request Forgery to Username Change
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Easy Username Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing nonce validation on the eup_user_update function. This makes it possible for unauthenticated attackers to change arbitrary usernames via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/username-updater/"
     google-query: inurl:"/wp-content/plugins/username-updater/"
     shodan-query: 'vuln:CVE-2022-2355'
-  tags: cve,wordpress,wp-plugin,username-updater,high
+  tags: cve,wordpress,wp-plugin,username-updater,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2356-2203cb02480ab13ddbd56959a93d1555.yaml b/nuclei-templates/2022/CVE-2022-2356-2203cb02480ab13ddbd56959a93d1555.yaml
index 359a081be2..e0fdba5849 100644
--- a/nuclei-templates/2022/CVE-2022-2356-2203cb02480ab13ddbd56959a93d1555.yaml
+++ b/nuclei-templates/2022/CVE-2022-2356-2203cb02480ab13ddbd56959a93d1555.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend File Manager & Sharing – User Private Files <= 1.1.2 - Subscriber+ Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Frontend File Manager & Sharing – User Private Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_doc_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible under certain conditions. The plugin adds a Rewrite Rule to the site's .htaccess file in order to ensure that direct file access is not possible. However, deactivation of the plugin or resetting of the .htaccess file would lead to potential for Remote Code Execution. Servers other than Apache may ignore .htaccess files and be vulnerable to RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-private-files/"
     google-query: inurl:"/wp-content/plugins/user-private-files/"
     shodan-query: 'vuln:CVE-2022-2356'
-  tags: cve,wordpress,wp-plugin,user-private-files,high
+  tags: cve,wordpress,wp-plugin,user-private-files,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2361-a04496fc12c107641a2dfaedc56869ca.yaml b/nuclei-templates/2022/CVE-2022-2361-a04496fc12c107641a2dfaedc56869ca.yaml
index 40a192ef37..c164c45ccb 100644
--- a/nuclei-templates/2022/CVE-2022-2361-a04496fc12c107641a2dfaedc56869ca.yaml
+++ b/nuclei-templates/2022/CVE-2022-2361-a04496fc12c107641a2dfaedc56869ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Social Chat – Click To Chat App <= 6.0.4 - Administrator+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Social Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters including  the 'background' parameter in versions up to, and including, 6.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-whatsapp-chat/"
     google-query: inurl:"/wp-content/plugins/wp-whatsapp-chat/"
     shodan-query: 'vuln:CVE-2022-2361'
-  tags: cve,wordpress,wp-plugin,wp-whatsapp-chat,medium
+  tags: cve,wordpress,wp-plugin,wp-whatsapp-chat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2370-53237b2a666711b5ed5327cacfdd45f6.yaml b/nuclei-templates/2022/CVE-2022-2370-53237b2a666711b5ed5327cacfdd45f6.yaml
index a9aa715294..92287dcced 100644
--- a/nuclei-templates/2022/CVE-2022-2370-53237b2a666711b5ed5327cacfdd45f6.yaml
+++ b/nuclei-templates/2022/CVE-2022-2370-53237b2a666711b5ed5327cacfdd45f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YaySMTP – Simple WP SMTP Mail <= 2.2 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yaysmtp/"
     google-query: inurl:"/wp-content/plugins/yaysmtp/"
     shodan-query: 'vuln:CVE-2022-2370'
-  tags: cve,wordpress,wp-plugin,yaysmtp,medium
+  tags: cve,wordpress,wp-plugin,yaysmtp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2371-4d3dbfcfc5bd83e1f32cd6ab14a72545.yaml b/nuclei-templates/2022/CVE-2022-2371-4d3dbfcfc5bd83e1f32cd6ab14a72545.yaml
index d912f88492..bf6856517c 100644
--- a/nuclei-templates/2022/CVE-2022-2371-4d3dbfcfc5bd83e1f32cd6ab14a72545.yaml
+++ b/nuclei-templates/2022/CVE-2022-2371-4d3dbfcfc5bd83e1f32cd6ab14a72545.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YaySMTP – Simple WP SMTP Mail <= 2.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YaySMTP – Simple WP SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[fromName]' parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yaysmtp/"
     google-query: inurl:"/wp-content/plugins/yaysmtp/"
     shodan-query: 'vuln:CVE-2022-2371'
-  tags: cve,wordpress,wp-plugin,yaysmtp,medium
+  tags: cve,wordpress,wp-plugin,yaysmtp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2372-c5709fba92c5e77b429d3d6d877dbdaa.yaml b/nuclei-templates/2022/CVE-2022-2372-c5709fba92c5e77b429d3d6d877dbdaa.yaml
index 94b1e6afb7..22fc1dabcf 100644
--- a/nuclei-templates/2022/CVE-2022-2372-c5709fba92c5e77b429d3d6d877dbdaa.yaml
+++ b/nuclei-templates/2022/CVE-2022-2372-c5709fba92c5e77b429d3d6d877dbdaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YaySMTP – Simple WP SMTP Mail <= 2.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YaySMTP  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters, with at least one being the 'client_id' parameter, in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, administrator and above, to inject arbitrary web scripts stored in the plugin options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yaysmtp/"
     google-query: inurl:"/wp-content/plugins/yaysmtp/"
     shodan-query: 'vuln:CVE-2022-2372'
-  tags: cve,wordpress,wp-plugin,yaysmtp,medium
+  tags: cve,wordpress,wp-plugin,yaysmtp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2374-2a22d89645a206ec3980a097270f17eb.yaml b/nuclei-templates/2022/CVE-2022-2374-2a22d89645a206ec3980a097270f17eb.yaml
index 3d3fd53f35..ac5fef5f93 100644
--- a/nuclei-templates/2022/CVE-2022-2374-2a22d89645a206ec3980a097270f17eb.yaml
+++ b/nuclei-templates/2022/CVE-2022-2374-2a22d89645a206ec3980a097270f17eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simply Schedule Appointments <= 1.5.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simply Schedule Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.5.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simply-schedule-appointments/"
     google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/"
     shodan-query: 'vuln:CVE-2022-2374'
-  tags: cve,wordpress,wp-plugin,simply-schedule-appointments,medium
+  tags: cve,wordpress,wp-plugin,simply-schedule-appointments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2375-bbd0071d59903fe2f31999b2357a095e.yaml b/nuclei-templates/2022/CVE-2022-2375-bbd0071d59903fe2f31999b2357a095e.yaml
index b32a7a59d1..4b8c234d76 100644
--- a/nuclei-templates/2022/CVE-2022-2375-bbd0071d59903fe2f31999b2357a095e.yaml
+++ b/nuclei-templates/2022/CVE-2022-2375-bbd0071d59903fe2f31999b2357a095e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Sticky Button <= 1.4 - Missing Authorization to Arbitrary Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Sticky Button plugin for WordPress is vulnerable to unauthenticated plugin settings update in versions up to, and including, 1.4, due to missing authorization on the okapi_wasb_save_settings AJAX action. This allows unauthenticated attackers to update arbitrary plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wa-sticky-button/"
     google-query: inurl:"/wp-content/plugins/wa-sticky-button/"
     shodan-query: 'vuln:CVE-2022-2375'
-  tags: cve,wordpress,wp-plugin,wa-sticky-button,medium
+  tags: cve,wordpress,wp-plugin,wa-sticky-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2377-0ac5cc81243c959ab88705244a2988b3.yaml b/nuclei-templates/2022/CVE-2022-2377-0ac5cc81243c959ab88705244a2988b3.yaml
index a35f2d95cd..48af4140df 100644
--- a/nuclei-templates/2022/CVE-2022-2377-0ac5cc81243c959ab88705244a2988b3.yaml
+++ b/nuclei-templates/2022/CVE-2022-2377-0ac5cc81243c959ab88705244a2988b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Directorist – WordPress Business Directory Plugin with Classified Ads Listings <= 7.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the send_announcement() function in versions up to, and including, 7.2.3. This makes it possible for authenticated attackers with subscriber level permissions to send arbitrary emails from the vulnerable WordPress site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:CVE-2022-2377'
-  tags: cve,wordpress,wp-plugin,directorist,medium
+  tags: cve,wordpress,wp-plugin,directorist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2379-429ff280452993df8646f6def7c9d328.yaml b/nuclei-templates/2022/CVE-2022-2379-429ff280452993df8646f6def7c9d328.yaml
index f1891e21dd..cac37c1e5c 100644
--- a/nuclei-templates/2022/CVE-2022-2379-429ff280452993df8646f6def7c9d328.yaml
+++ b/nuclei-templates/2022/CVE-2022-2379-429ff280452993df8646f6def7c9d328.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Student Results <= 2.2.8 -  Missing Authorization to Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Student Results plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API endpoints in versions up to, and including, 2.2.8. This makes it possible for unauthenticated attackers to extract sensitive information about courses and students from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-student-results/"
     google-query: inurl:"/wp-content/plugins/easy-student-results/"
     shodan-query: 'vuln:CVE-2022-2379'
-  tags: cve,wordpress,wp-plugin,easy-student-results,medium
+  tags: cve,wordpress,wp-plugin,easy-student-results,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2381-46393c1e973f37162a617bc152661e74.yaml b/nuclei-templates/2022/CVE-2022-2381-46393c1e973f37162a617bc152661e74.yaml
index 77e8c0ae7d..8368af9c4d 100644
--- a/nuclei-templates/2022/CVE-2022-2381-46393c1e973f37162a617bc152661e74.yaml
+++ b/nuclei-templates/2022/CVE-2022-2381-46393c1e973f37162a617bc152661e74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     E Unlocked - Student Result <= 1.0.4 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The E Unlocked - Student Result plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing nonce validation in the ~/menu-files/settings/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and upload arbitrary files due to missing file type validation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/e-unlocked-student-result/"
     google-query: inurl:"/wp-content/plugins/e-unlocked-student-result/"
     shodan-query: 'vuln:CVE-2022-2381'
-  tags: cve,wordpress,wp-plugin,e-unlocked-student-result,high
+  tags: cve,wordpress,wp-plugin,e-unlocked-student-result,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2382-f700ae3c5b4e92d34fddc6f86f957267.yaml b/nuclei-templates/2022/CVE-2022-2382-f700ae3c5b4e92d34fddc6f86f957267.yaml
index 591e994d82..a1bc8f399e 100644
--- a/nuclei-templates/2022/CVE-2022-2382-f700ae3c5b4e92d34fddc6f86f957267.yaml
+++ b/nuclei-templates/2022/CVE-2022-2382-f700ae3c5b4e92d34fddc6f86f957267.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Slider for WooCommerce <= 2.5.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Slider for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the spwps_reset_ajax and spwps_get_icons functions called via AJAX actions in versions up to, and including, 2.5.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to reset arbitrary options and retrieve data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-slider/"
     google-query: inurl:"/wp-content/plugins/woo-product-slider/"
     shodan-query: 'vuln:CVE-2022-2382'
-  tags: cve,wordpress,wp-plugin,woo-product-slider,medium
+  tags: cve,wordpress,wp-plugin,woo-product-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2384-eadc3f836bcbd93a1ac6bfbe3a4ccd12.yaml b/nuclei-templates/2022/CVE-2022-2384-eadc3f836bcbd93a1ac6bfbe3a4ccd12.yaml
index 96da1b5fb5..e014a7251e 100644
--- a/nuclei-templates/2022/CVE-2022-2384-eadc3f836bcbd93a1ac6bfbe3a4ccd12.yaml
+++ b/nuclei-templates/2022/CVE-2022-2384-eadc3f836bcbd93a1ac6bfbe3a4ccd12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Digital Publications by Supsystic <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/digital-publications-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/digital-publications-by-supsystic/"
     shodan-query: 'vuln:CVE-2022-2384'
-  tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2387-bd2f40761a0dbf1803fa7290e415ab2f.yaml b/nuclei-templates/2022/CVE-2022-2387-bd2f40761a0dbf1803fa7290e415ab2f.yaml
index a24a534724..c1625e781e 100644
--- a/nuclei-templates/2022/CVE-2022-2387-bd2f40761a0dbf1803fa7290e415ab2f.yaml
+++ b/nuclei-templates/2022/CVE-2022-2387-bd2f40761a0dbf1803fa7290e415ab2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads <= 2.11.7 - Cross-Site Request Forgery to Arbitrary Post Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.11.7 . This is due to missing or incorrect nonce validation when deleting payment history. Additionally, the plugin does not ensure that the item about to be deleted is payment history. This makes it possible for unauthenticated attackers to delete arbitrary posts, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-digital-downloads/"
     google-query: inurl:"/wp-content/plugins/easy-digital-downloads/"
     shodan-query: 'vuln:CVE-2022-2387'
-  tags: cve,wordpress,wp-plugin,easy-digital-downloads,high
+  tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2388-83f22a47dbd6befc1b5b2de701a66592.yaml b/nuclei-templates/2022/CVE-2022-2388-83f22a47dbd6befc1b5b2de701a66592.yaml
index 737d90f019..dbb2b8e606 100644
--- a/nuclei-templates/2022/CVE-2022-2388-83f22a47dbd6befc1b5b2de701a66592.yaml
+++ b/nuclei-templates/2022/CVE-2022-2388-83f22a47dbd6befc1b5b2de701a66592.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Coder <= 2.5.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Coder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation in the ~/admin/partials/tools-data-base.php file. This makes it possible for unauthenticated attackers to delete code created by the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-coder/"
     google-query: inurl:"/wp-content/plugins/wp-coder/"
     shodan-query: 'vuln:CVE-2022-2388'
-  tags: cve,wordpress,wp-plugin,wp-coder,high
+  tags: cve,wordpress,wp-plugin,wp-coder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2389-17e239a9a613785a57f9dff8c47dabbc.yaml b/nuclei-templates/2022/CVE-2022-2389-17e239a9a613785a57f9dff8c47dabbc.yaml
index c1a4878766..7e7e7c7617 100644
--- a/nuclei-templates/2022/CVE-2022-2389-17e239a9a613785a57f9dff8c47dabbc.yaml
+++ b/nuclei-templates/2022/CVE-2022-2389-17e239a9a613785a57f9dff8c47dabbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Abandoned Cart Recovery for WooCommerce by Autonami <= 2.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Abandoned Cart Recovery for WooCommerce by Autonami plugin for WordPress is vulnerable to unauthorized execution of various AJAX actions due to insufficient capability checking and nonce validation on various AJAX actions and their hooked functions in versions up to, and including 2.1.1. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-marketing-automations/"
     google-query: inurl:"/wp-content/plugins/wp-marketing-automations/"
     shodan-query: 'vuln:CVE-2022-2389'
-  tags: cve,wordpress,wp-plugin,wp-marketing-automations,medium
+  tags: cve,wordpress,wp-plugin,wp-marketing-automations,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2391-0d2429a44660b0fd9009cfc551d51d85.yaml b/nuclei-templates/2022/CVE-2022-2391-0d2429a44660b0fd9009cfc551d51d85.yaml
index 50d0e6220b..4538eb35f5 100644
--- a/nuclei-templates/2022/CVE-2022-2391-0d2429a44660b0fd9009cfc551d51d85.yaml
+++ b/nuclei-templates/2022/CVE-2022-2391-0d2429a44660b0fd9009cfc551d51d85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inspiro Pro <= 7.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Inspiro Pro theme for WordPress is vulnerable to Stored Cross-Site Scripting via the description area in versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/wpzoom-inspiro-pro/"
     google-query: inurl:"/wp-content/themes/wpzoom-inspiro-pro/"
     shodan-query: 'vuln:CVE-2022-2391'
-  tags: cve,wordpress,wp-theme,wpzoom-inspiro-pro,medium
+  tags: cve,wordpress,wp-theme,wpzoom-inspiro-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-23911-ea71ac2a34dc7248e02bdf91d9e86e30.yaml b/nuclei-templates/2022/CVE-2022-23911-ea71ac2a34dc7248e02bdf91d9e86e30.yaml
index 4eaf56c3e9..0f1f11fd37 100644
--- a/nuclei-templates/2022/CVE-2022-23911-ea71ac2a34dc7248e02bdf91d9e86e30.yaml
+++ b/nuclei-templates/2022/CVE-2022-23911-ea71ac2a34dc7248e02bdf91d9e86e30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AP Custom Testimonial <= 1.4.7 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ap-custom-testimonial/"
     google-query: inurl:"/wp-content/plugins/ap-custom-testimonial/"
     shodan-query: 'vuln:CVE-2022-23911'
-  tags: cve,wordpress,wp-plugin,ap-custom-testimonial,high
+  tags: cve,wordpress,wp-plugin,ap-custom-testimonial,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2392-3e06725c467ed0bbc52c31de7579bce8.yaml b/nuclei-templates/2022/CVE-2022-2392-3e06725c467ed0bbc52c31de7579bce8.yaml
index d90c7fc6b7..7b34268b35 100644
--- a/nuclei-templates/2022/CVE-2022-2392-3e06725c467ed0bbc52c31de7579bce8.yaml
+++ b/nuclei-templates/2022/CVE-2022-2392-3e06725c467ed0bbc52c31de7579bce8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lana Downloads Manager <= 1.7.1 - Authenticated Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Lana Downloads Manager plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers, with contributor level permissions and above, to download arbitrary files on the affected site's server thus leaking sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lana-downloads-manager/"
     google-query: inurl:"/wp-content/plugins/lana-downloads-manager/"
     shodan-query: 'vuln:CVE-2022-2392'
-  tags: cve,wordpress,wp-plugin,lana-downloads-manager,medium
+  tags: cve,wordpress,wp-plugin,lana-downloads-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2395-61c13420e3dc8f41c004527b0a6dcd7f.yaml b/nuclei-templates/2022/CVE-2022-2395-61c13420e3dc8f41c004527b0a6dcd7f.yaml
index b0717e0608..efbf25ed8a 100644
--- a/nuclei-templates/2022/CVE-2022-2395-61c13420e3dc8f41c004527b0a6dcd7f.yaml
+++ b/nuclei-templates/2022/CVE-2022-2395-61c13420e3dc8f41c004527b0a6dcd7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     weForms <= 1.6.13 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via contact form settings in versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weforms/"
     google-query: inurl:"/wp-content/plugins/weforms/"
     shodan-query: 'vuln:CVE-2022-2395'
-  tags: cve,wordpress,wp-plugin,weforms,medium
+  tags: cve,wordpress,wp-plugin,weforms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-23975-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/2022/CVE-2022-23975-6ca6c33ebd7ae06f9203f7a1178920a1.yaml
index 0db90f7788..cacc672c59 100644
--- a/nuclei-templates/2022/CVE-2022-23975-6ca6c33ebd7ae06f9203f7a1178920a1.yaml
+++ b/nuclei-templates/2022/CVE-2022-23975-6ca6c33ebd7ae06f9203f7a1178920a1.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2022-23975
   metadata:
-    fofa-query: "wp-content/themes/the-monday/"
-    google-query: inurl:"/wp-content/themes/the-monday/"
+    fofa-query: "wp-content/themes/bloger/"
+    google-query: inurl:"/wp-content/themes/bloger/"
     shodan-query: 'vuln:CVE-2022-23975'
-  tags: cve,wordpress,wp-theme,the-monday,high
+  tags: cve,wordpress,wp-theme,bloger,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/the-monday/style.css"
+      - "{{BaseURL}}/wp-content/themes/bloger/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "the-monday"
+          - "bloger"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.4.1')
\ No newline at end of file
+          - compare_versions(version, '<= 1.2.6')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-23976-87857021bf0d6b4f9e9f9a7926fd73da.yaml b/nuclei-templates/2022/CVE-2022-23976-87857021bf0d6b4f9e9f9a7926fd73da.yaml
index 1006ed56de..edc52bf056 100644
--- a/nuclei-templates/2022/CVE-2022-23976-87857021bf0d6b4f9e9f9a7926fd73da.yaml
+++ b/nuclei-templates/2022/CVE-2022-23976-87857021bf0d6b4f9e9f9a7926fd73da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Access Demo Importer <= 1.0.7 - Cross-Site Request Forgery to Data Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Access Demo Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.7 due to missing nonce validation on the `adi_demo_data_reset` function called via an AJAX action. This makes it possible for an attacker to reset all data on the site, including posts,  pages, and media.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/access-demo-importer/"
     google-query: inurl:"/wp-content/plugins/access-demo-importer/"
     shodan-query: 'vuln:CVE-2022-23976'
-  tags: cve,wordpress,wp-plugin,access-demo-importer,high
+  tags: cve,wordpress,wp-plugin,access-demo-importer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-23979-9cac9db84fd0e9e4554d820862a40ccc.yaml b/nuclei-templates/2022/CVE-2022-23979-9cac9db84fd0e9e4554d820862a40ccc.yaml
index 0d216b8838..bcdf029782 100644
--- a/nuclei-templates/2022/CVE-2022-23979-9cac9db84fd0e9e4554d820862a40ccc.yaml
+++ b/nuclei-templates/2022/CVE-2022-23979-9cac9db84fd0e9e4554d820862a40ccc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Reviews <= 3.0.15 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-reviews/"
     google-query: inurl:"/wp-content/plugins/ultimate-reviews/"
     shodan-query: 'vuln:CVE-2022-23979'
-  tags: cve,wordpress,wp-plugin,ultimate-reviews,medium
+  tags: cve,wordpress,wp-plugin,ultimate-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2398-287b97d3800f658fb6c7787e238d09c5.yaml b/nuclei-templates/2022/CVE-2022-2398-287b97d3800f658fb6c7787e238d09c5.yaml
index 7f8a4dff7f..7920893913 100644
--- a/nuclei-templates/2022/CVE-2022-2398-287b97d3800f658fb6c7787e238d09c5.yaml
+++ b/nuclei-templates/2022/CVE-2022-2398-287b97d3800f658fb6c7787e238d09c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Comments Fields <= 4.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Comments Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Error Message setting in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-comment-fields/"
     google-query: inurl:"/wp-content/plugins/wp-comment-fields/"
     shodan-query: 'vuln:CVE-2022-2398'
-  tags: cve,wordpress,wp-plugin,wp-comment-fields,medium
+  tags: cve,wordpress,wp-plugin,wp-comment-fields,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-23980-2f087270cc2f0766f3522e85859f5682.yaml b/nuclei-templates/2022/CVE-2022-23980-2f087270cc2f0766f3522e85859f5682.yaml
index 55d3826a62..5f9bc38cf0 100644
--- a/nuclei-templates/2022/CVE-2022-23980-2f087270cc2f0766f3522e85859f5682.yaml
+++ b/nuclei-templates/2022/CVE-2022-23980-2f087270cc2f0766f3522e85859f5682.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yasr – Yet Another Stars Rating  <= 2.9.9 - Cross-Site Scripting via source
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-stars-rating/"
     google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/"
     shodan-query: 'vuln:CVE-2022-23980'
-  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,medium
+  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-23987-a9651b358db184ef2f9f80cf3ecfa474.yaml b/nuclei-templates/2022/CVE-2022-23987-a9651b358db184ef2f9f80cf3ecfa474.yaml
index 8a8e8a5580..f74bd1e3ac 100644
--- a/nuclei-templates/2022/CVE-2022-23987-a9651b358db184ef2f9f80cf3ecfa474.yaml
+++ b/nuclei-templates/2022/CVE-2022-23987-a9651b358db184ef2f9f80cf3ecfa474.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WS Form LITE and Pro < 1.8.176 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.8
     cve-id: CVE-2022-23987
   metadata:
-    fofa-query: "wp-content/plugins/ws-form/"
-    google-query: inurl:"/wp-content/plugins/ws-form/"
+    fofa-query: "wp-content/plugins/ws-form-pro/"
+    google-query: inurl:"/wp-content/plugins/ws-form-pro/"
     shodan-query: 'vuln:CVE-2022-23987'
-  tags: cve,wordpress,wp-plugin,ws-form,medium
+  tags: cve,wordpress,wp-plugin,ws-form-pro,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/ws-form-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "ws-form"
+          - "ws-form-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-23988-832185af76432ae76d6be1580f0d17e2.yaml b/nuclei-templates/2022/CVE-2022-23988-832185af76432ae76d6be1580f0d17e2.yaml
index 9dd6a3d04a..cfbbb50008 100644
--- a/nuclei-templates/2022/CVE-2022-23988-832185af76432ae76d6be1580f0d17e2.yaml
+++ b/nuclei-templates/2022/CVE-2022-23988-832185af76432ae76d6be1580f0d17e2.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.2
     cve-id: CVE-2022-23988
   metadata:
-    fofa-query: "wp-content/plugins/ws-form/"
-    google-query: inurl:"/wp-content/plugins/ws-form/"
+    fofa-query: "wp-content/plugins/ws-form-pro/"
+    google-query: inurl:"/wp-content/plugins/ws-form-pro/"
     shodan-query: 'vuln:CVE-2022-23988'
-  tags: cve,wordpress,wp-plugin,ws-form,high
+  tags: cve,wordpress,wp-plugin,ws-form-pro,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/ws-form-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "ws-form"
+          - "ws-form-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-2405-c232fc614c70c66e672cbac2a32ca9cd.yaml b/nuclei-templates/2022/CVE-2022-2405-c232fc614c70c66e672cbac2a32ca9cd.yaml
index 8b7e44aea0..6d8816f58c 100644
--- a/nuclei-templates/2022/CVE-2022-2405-c232fc614c70c66e672cbac2a32ca9cd.yaml
+++ b/nuclei-templates/2022/CVE-2022-2405-c232fc614c70c66e672cbac2a32ca9cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Popup Builder <= 1.2.9 - Missing Authorization and Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Popup Builder plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.9. This is due to missing or incorrect nonce validation and capabilities checks on several of its functions available to unauthenticated users. This makes it possible for unauthenticated attackers to create, update, and delete popups.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-popup-builder/"
     google-query: inurl:"/wp-content/plugins/wp-popup-builder/"
     shodan-query: 'vuln:CVE-2022-2405'
-  tags: cve,wordpress,wp-plugin,wp-popup-builder,high
+  tags: cve,wordpress,wp-plugin,wp-popup-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2407-8d1c748e2defc5d91fbb1dd267386d44.yaml b/nuclei-templates/2022/CVE-2022-2407-8d1c748e2defc5d91fbb1dd267386d44.yaml
index 66dc2a2f57..01de0db503 100644
--- a/nuclei-templates/2022/CVE-2022-2407-8d1c748e2defc5d91fbb1dd267386d44.yaml
+++ b/nuclei-templates/2022/CVE-2022-2407-8d1c748e2defc5d91fbb1dd267386d44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP phpMyAdmin <= 5.2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The plugin WP phpMyAdmin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-phpmyadmin-extension/"
     google-query: inurl:"/wp-content/plugins/wp-phpmyadmin-extension/"
     shodan-query: 'vuln:CVE-2022-2407'
-  tags: cve,wordpress,wp-plugin,wp-phpmyadmin-extension,high
+  tags: cve,wordpress,wp-plugin,wp-phpmyadmin-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2409-0c31a10cc87b13f4ea6563dcb29fd71f.yaml b/nuclei-templates/2022/CVE-2022-2409-0c31a10cc87b13f4ea6563dcb29fd71f.yaml
index 6234f24eca..10a33391e2 100644
--- a/nuclei-templates/2022/CVE-2022-2409-0c31a10cc87b13f4ea6563dcb29fd71f.yaml
+++ b/nuclei-templates/2022/CVE-2022-2409-0c31a10cc87b13f4ea6563dcb29fd71f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rough Chart <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Rough Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a Chart Data Label in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rough-chart/"
     google-query: inurl:"/wp-content/plugins/rough-chart/"
     shodan-query: 'vuln:CVE-2022-2409'
-  tags: cve,wordpress,wp-plugin,rough-chart,high
+  tags: cve,wordpress,wp-plugin,rough-chart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2410-bb563e95b48b650f94219f11430dd39c.yaml b/nuclei-templates/2022/CVE-2022-2410-bb563e95b48b650f94219f11430dd39c.yaml
index 3c1a611bc2..9c799e4d9e 100644
--- a/nuclei-templates/2022/CVE-2022-2410-bb563e95b48b650f94219f11430dd39c.yaml
+++ b/nuclei-templates/2022/CVE-2022-2410-bb563e95b48b650f94219f11430dd39c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     mTouch Quiz <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The mTouch Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mtouch-quiz/"
     google-query: inurl:"/wp-content/plugins/mtouch-quiz/"
     shodan-query: 'vuln:CVE-2022-2410'
-  tags: cve,wordpress,wp-plugin,mtouch-quiz,medium
+  tags: cve,wordpress,wp-plugin,mtouch-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2411-5181665927ed9da562e36af3ea3ec2fb.yaml b/nuclei-templates/2022/CVE-2022-2411-5181665927ed9da562e36af3ea3ec2fb.yaml
index 7a284caee6..ce2a0defce 100644
--- a/nuclei-templates/2022/CVE-2022-2411-5181665927ed9da562e36af3ea3ec2fb.yaml
+++ b/nuclei-templates/2022/CVE-2022-2411-5181665927ed9da562e36af3ea3ec2fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto More Tag <= 4.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Auto More Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-more-tag/"
     google-query: inurl:"/wp-content/plugins/auto-more-tag/"
     shodan-query: 'vuln:CVE-2022-2411'
-  tags: cve,wordpress,wp-plugin,auto-more-tag,medium
+  tags: cve,wordpress,wp-plugin,auto-more-tag,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2412-94bc27f855a1b3e71ba6782c8361e04d.yaml b/nuclei-templates/2022/CVE-2022-2412-94bc27f855a1b3e71ba6782c8361e04d.yaml
index 7cd5203ae4..be0f6e75fc 100644
--- a/nuclei-templates/2022/CVE-2022-2412-94bc27f855a1b3e71ba6782c8361e04d.yaml
+++ b/nuclei-templates/2022/CVE-2022-2412-94bc27f855a1b3e71ba6782c8361e04d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Tag Cloud <= 0.99.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Better Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several setting parameters in versions up to, and including, 0.99.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nktagcloud/"
     google-query: inurl:"/wp-content/plugins/nktagcloud/"
     shodan-query: 'vuln:CVE-2022-2412'
-  tags: cve,wordpress,wp-plugin,nktagcloud,medium
+  tags: cve,wordpress,wp-plugin,nktagcloud,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2413-125fc22aa1fac173aaf79b805fc0dafc.yaml b/nuclei-templates/2022/CVE-2022-2413-125fc22aa1fac173aaf79b805fc0dafc.yaml
index eecba96367..f9d411072e 100644
--- a/nuclei-templates/2022/CVE-2022-2413-125fc22aa1fac173aaf79b805fc0dafc.yaml
+++ b/nuclei-templates/2022/CVE-2022-2413-125fc22aa1fac173aaf79b805fc0dafc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slide Anything – Responsive Content / HTML Slider and Carousel <= 2.3.46 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slide Anything – Responsive Content / HTML Slider and Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title parameter in versions up to, and including, 2.3.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slide-anything/"
     google-query: inurl:"/wp-content/plugins/slide-anything/"
     shodan-query: 'vuln:CVE-2022-2413'
-  tags: cve,wordpress,wp-plugin,slide-anything,medium
+  tags: cve,wordpress,wp-plugin,slide-anything,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2423-6ebbfbf7f4ff52ef90502e505dd10d64.yaml b/nuclei-templates/2022/CVE-2022-2423-6ebbfbf7f4ff52ef90502e505dd10d64.yaml
index 76ff16c353..796a7d11df 100644
--- a/nuclei-templates/2022/CVE-2022-2423-6ebbfbf7f4ff52ef90502e505dd10d64.yaml
+++ b/nuclei-templates/2022/CVE-2022-2423-6ebbfbf7f4ff52ef90502e505dd10d64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DW Promobar <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DW Promobar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dwpb_bar_text' parameter in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level capabilities to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dw-promobar/"
     google-query: inurl:"/wp-content/plugins/dw-promobar/"
     shodan-query: 'vuln:CVE-2022-2423'
-  tags: cve,wordpress,wp-plugin,dw-promobar,medium
+  tags: cve,wordpress,wp-plugin,dw-promobar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2424-d6efc23acaa92418f6d5991825096389.yaml b/nuclei-templates/2022/CVE-2022-2424-d6efc23acaa92418f6d5991825096389.yaml
index 7280ae3d98..1ea08dfdab 100644
--- a/nuclei-templates/2022/CVE-2022-2424-d6efc23acaa92418f6d5991825096389.yaml
+++ b/nuclei-templates/2022/CVE-2022-2424-d6efc23acaa92418f6d5991825096389.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Maps Anywhere <= 1.2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Maps Anywhere plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters from the plugin's settings in versions up to, and including, 1.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-maps-anywhere/"
     google-query: inurl:"/wp-content/plugins/google-maps-anywhere/"
     shodan-query: 'vuln:CVE-2022-2424'
-  tags: cve,wordpress,wp-plugin,google-maps-anywhere,medium
+  tags: cve,wordpress,wp-plugin,google-maps-anywhere,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2425-7fd62997a96edc06785da25d5644aff0.yaml b/nuclei-templates/2022/CVE-2022-2425-7fd62997a96edc06785da25d5644aff0.yaml
index de2adae4ad..5e1306f9c0 100644
--- a/nuclei-templates/2022/CVE-2022-2425-7fd62997a96edc06785da25d5644aff0.yaml
+++ b/nuclei-templates/2022/CVE-2022-2425-7fd62997a96edc06785da25d5644aff0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP DS Blog Map <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP DS Blog Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ds-blog-map/"
     google-query: inurl:"/wp-content/plugins/wp-ds-blog-map/"
     shodan-query: 'vuln:CVE-2022-2425'
-  tags: cve,wordpress,wp-plugin,wp-ds-blog-map,medium
+  tags: cve,wordpress,wp-plugin,wp-ds-blog-map,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2426-d35fe59b43f4760392f4ec7a5eaa4ede.yaml b/nuclei-templates/2022/CVE-2022-2426-d35fe59b43f4760392f4ec7a5eaa4ede.yaml
index cddc4eb952..caf9e4ef35 100644
--- a/nuclei-templates/2022/CVE-2022-2426-d35fe59b43f4760392f4ec7a5eaa4ede.yaml
+++ b/nuclei-templates/2022/CVE-2022-2426-d35fe59b43f4760392f4ec7a5eaa4ede.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thinkific Uploader <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Thinkific Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thinkific-uploader/"
     google-query: inurl:"/wp-content/plugins/thinkific-uploader/"
     shodan-query: 'vuln:CVE-2022-2426'
-  tags: cve,wordpress,wp-plugin,thinkific-uploader,medium
+  tags: cve,wordpress,wp-plugin,thinkific-uploader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2430-9c4cf933125615aec48f1e67f49080b2.yaml b/nuclei-templates/2022/CVE-2022-2430-9c4cf933125615aec48f1e67f49080b2.yaml
index 0dc2017392..9d0814e952 100644
--- a/nuclei-templates/2022/CVE-2022-2430-9c4cf933125615aec48f1e67f49080b2.yaml
+++ b/nuclei-templates/2022/CVE-2022-2430-9c4cf933125615aec48f1e67f49080b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visualcomposer/"
     google-query: inurl:"/wp-content/plugins/visualcomposer/"
     shodan-query: 'vuln:CVE-2022-2430'
-  tags: cve,wordpress,wp-plugin,visualcomposer,medium
+  tags: cve,wordpress,wp-plugin,visualcomposer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2431-6811835f1b3b62a667088ec060a91ec5.yaml b/nuclei-templates/2022/CVE-2022-2431-6811835f1b3b62a667088ec060a91ec5.yaml
index f0fa15de20..d5c9b2c5fd 100644
--- a/nuclei-templates/2022/CVE-2022-2431-6811835f1b3b62a667088ec060a91ec5.yaml
+++ b/nuclei-templates/2022/CVE-2022-2431-6811835f1b3b62a667088ec060a91ec5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the 'file[files]' parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by attackers to delete the /wp-config.php file which will reset the installation and make it possible for an attacker to achieve remote code execution on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2022-2431'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2432-cbb1fea9bfad5a9264ec67a1ffb3cfd0.yaml b/nuclei-templates/2022/CVE-2022-2432-cbb1fea9bfad5a9264ec67a1ffb3cfd0.yaml
index 742ccea0ec..52380f4caf 100644
--- a/nuclei-templates/2022/CVE-2022-2432-cbb1fea9bfad5a9264ec67a1ffb3cfd0.yaml
+++ b/nuclei-templates/2022/CVE-2022-2432-cbb1fea9bfad5a9264ec67a1ffb3cfd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for unauthenticated attackers to update plugin options granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ecwid-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/ecwid-shopping-cart/"
     shodan-query: 'vuln:CVE-2022-2432'
-  tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,high
+  tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2433-1e202ba9a2d031ffbc5309780a3c635a.yaml b/nuclei-templates/2022/CVE-2022-2433-1e202ba9a2d031ffbc5309780a3c635a.yaml
index 47f569dbbc..3f609e49e7 100644
--- a/nuclei-templates/2022/CVE-2022-2433-1e202ba9a2d031ffbc5309780a3c635a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2433-1e202ba9a2d031ffbc5309780a3c635a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-load-more/"
     google-query: inurl:"/wp-content/plugins/ajax-load-more/"
     shodan-query: 'vuln:CVE-2022-2433'
-  tags: cve,wordpress,wp-plugin,ajax-load-more,high
+  tags: cve,wordpress,wp-plugin,ajax-load-more,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2434-2d86b7b96a584b0abcc7bac3e11b4cae.yaml b/nuclei-templates/2022/CVE-2022-2434-2d86b7b96a584b0abcc7bac3e11b4cae.yaml
index 5b7a56d245..286b755919 100644
--- a/nuclei-templates/2022/CVE-2022-2434-2d86b7b96a584b0abcc7bac3e11b4cae.yaml
+++ b/nuclei-templates/2022/CVE-2022-2434-2d86b7b96a584b0abcc7bac3e11b4cae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/string-locator/"
     google-query: inurl:"/wp-content/plugins/string-locator/"
     shodan-query: 'vuln:CVE-2022-2434'
-  tags: cve,wordpress,wp-plugin,string-locator,high
+  tags: cve,wordpress,wp-plugin,string-locator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2435-acdadfe8e1df89f0c7d26ae29b23fa05.yaml b/nuclei-templates/2022/CVE-2022-2435-acdadfe8e1df89f0c7d26ae29b23fa05.yaml
index 03bf2efec9..fd02395901 100644
--- a/nuclei-templates/2022/CVE-2022-2435-acdadfe8e1df89f0c7d26ae29b23fa05.yaml
+++ b/nuclei-templates/2022/CVE-2022-2435-acdadfe8e1df89f0c7d26ae29b23fa05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure() function found in the ~/anymind-widget-id.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site’s administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anymind-widget/"
     google-query: inurl:"/wp-content/plugins/anymind-widget/"
     shodan-query: 'vuln:CVE-2022-2435'
-  tags: cve,wordpress,wp-plugin,anymind-widget,high
+  tags: cve,wordpress,wp-plugin,anymind-widget,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2436-31395bccdb490b805531cabc85d6de58.yaml b/nuclei-templates/2022/CVE-2022-2436-31395bccdb490b805531cabc85d6de58.yaml
index 838ec8ded6..7bdbe838f5 100644
--- a/nuclei-templates/2022/CVE-2022-2436-31395bccdb490b805531cabc85d6de58.yaml
+++ b/nuclei-templates/2022/CVE-2022-2436-31395bccdb490b805531cabc85d6de58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2022-2436'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2438-4787aca2f4649ac09a5532468944b982.yaml b/nuclei-templates/2022/CVE-2022-2438-4787aca2f4649ac09a5532468944b982.yaml
index fa0a37065a..d9fe9c246d 100644
--- a/nuclei-templates/2022/CVE-2022-2438-4787aca2f4649ac09a5532468944b982.yaml
+++ b/nuclei-templates/2022/CVE-2022-2438-4787aca2f4649ac09a5532468944b982.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/broken-link-checker/"
     google-query: inurl:"/wp-content/plugins/broken-link-checker/"
     shodan-query: 'vuln:CVE-2022-2438'
-  tags: cve,wordpress,wp-plugin,broken-link-checker,high
+  tags: cve,wordpress,wp-plugin,broken-link-checker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2441-ed507e8efb229061c654187b47c114b4.yaml b/nuclei-templates/2022/CVE-2022-2441-ed507e8efb229061c654187b47c114b4.yaml
index 8b9eb18169..d974571ea3 100644
--- a/nuclei-templates/2022/CVE-2022-2441-ed507e8efb229061c654187b47c114b4.yaml
+++ b/nuclei-templates/2022/CVE-2022-2441-ed507e8efb229061c654187b47c114b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to Remote Command Execution
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagemagick-engine/"
     google-query: inurl:"/wp-content/plugins/imagemagick-engine/"
     shodan-query: 'vuln:CVE-2022-2441'
-  tags: cve,wordpress,wp-plugin,imagemagick-engine,high
+  tags: cve,wordpress,wp-plugin,imagemagick-engine,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2442-21742813963970be1b852e62999d105e.yaml b/nuclei-templates/2022/CVE-2022-2442-21742813963970be1b852e62999d105e.yaml
index 2d81083546..7a754b9c52 100644
--- a/nuclei-templates/2022/CVE-2022-2442-21742813963970be1b852e62999d105e.yaml
+++ b/nuclei-templates/2022/CVE-2022-2442-21742813963970be1b852e62999d105e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Migration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the   'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:CVE-2022-2442'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,high
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2443-76c5ff841d2dc96506f10e16c9ef0103.yaml b/nuclei-templates/2022/CVE-2022-2443-76c5ff841d2dc96506f10e16c9ef0103.yaml
index a074d7221f..16910f0a51 100644
--- a/nuclei-templates/2022/CVE-2022-2443-76c5ff841d2dc96506f10e16c9ef0103.yaml
+++ b/nuclei-templates/2022/CVE-2022-2443-76c5ff841d2dc96506f10e16c9ef0103.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function found in the ~/freemind-wp-browser.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/freemind-wp-browser/"
     google-query: inurl:"/wp-content/plugins/freemind-wp-browser/"
     shodan-query: 'vuln:CVE-2022-2443'
-  tags: cve,wordpress,wp-plugin,freemind-wp-browser,high
+  tags: cve,wordpress,wp-plugin,freemind-wp-browser,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2444-2124b535b772d79cc24446b949f6de44.yaml b/nuclei-templates/2022/CVE-2022-2444-2124b535b772d79cc24446b949f6de44.yaml
index df2ddf2876..08dcf18e6c 100644
--- a/nuclei-templates/2022/CVE-2022-2444-2124b535b772d79cc24446b949f6de44.yaml
+++ b/nuclei-templates/2022/CVE-2022-2444-2124b535b772d79cc24446b949f6de44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visualizer/"
     google-query: inurl:"/wp-content/plugins/visualizer/"
     shodan-query: 'vuln:CVE-2022-2444'
-  tags: cve,wordpress,wp-plugin,visualizer,high
+  tags: cve,wordpress,wp-plugin,visualizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2445-3cc251560d3b16f1b023b3769603bce5.yaml b/nuclei-templates/2022/CVE-2022-2445-3cc251560d3b16f1b023b3769603bce5.yaml
index 7ed4a38409..d5acfa2ddd 100644
--- a/nuclei-templates/2022/CVE-2022-2445-3cc251560d3b16f1b023b3769603bce5.yaml
+++ b/nuclei-templates/2022/CVE-2022-2445-3cc251560d3b16f1b023b3769603bce5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'pack' parameter. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a file with the exact name 'init.php' then remote code execution may also be possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2022-2445'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2448-69e740cf6c8c1abbdc55bae92d3a061a.yaml b/nuclei-templates/2022/CVE-2022-2448-69e740cf6c8c1abbdc55bae92d3a061a.yaml
index 79703d7e9c..ac52b9a890 100644
--- a/nuclei-templates/2022/CVE-2022-2448-69e740cf6c8c1abbdc55bae92d3a061a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2448-69e740cf6c8c1abbdc55bae92d3a061a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     reSmush.it Image Optimizer <= 0.4.5 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The reSmush.it plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 0.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/resmushit-image-optimizer/"
     google-query: inurl:"/wp-content/plugins/resmushit-image-optimizer/"
     shodan-query: 'vuln:CVE-2022-2448'
-  tags: cve,wordpress,wp-plugin,resmushit-image-optimizer,medium
+  tags: cve,wordpress,wp-plugin,resmushit-image-optimizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2449-0292116775ef708600542a7e8f86fd65.yaml b/nuclei-templates/2022/CVE-2022-2449-0292116775ef708600542a7e8f86fd65.yaml
index 781755b420..fa047ebc57 100644
--- a/nuclei-templates/2022/CVE-2022-2449-0292116775ef708600542a7e8f86fd65.yaml
+++ b/nuclei-templates/2022/CVE-2022-2449-0292116775ef708600542a7e8f86fd65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     reSmush.it Image Optimizer <= 0.4.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The reSmush.it Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.6. This is due to missing or incorrect nonce validation on several AJAX calls. This makes it possible for unauthenticated attackers to invoke those functions to do things like process images and delete/restore back-ups created by the pluign, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/resmushit-image-optimizer/"
     google-query: inurl:"/wp-content/plugins/resmushit-image-optimizer/"
     shodan-query: 'vuln:CVE-2022-2449'
-  tags: cve,wordpress,wp-plugin,resmushit-image-optimizer,high
+  tags: cve,wordpress,wp-plugin,resmushit-image-optimizer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-24664-83059d16d11e2fca8e78916d3d8e8973.yaml b/nuclei-templates/2022/CVE-2022-24664-83059d16d11e2fca8e78916d3d8e8973.yaml
index 32ae9ebb50..3afdea142a 100644
--- a/nuclei-templates/2022/CVE-2022-24664-83059d16d11e2fca8e78916d3d8e8973.yaml
+++ b/nuclei-templates/2022/CVE-2022-24664-83059d16d11e2fca8e78916d3d8e8973.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PHP Everywhere <= 2.0.3 - Authenticated (Contributor+) Remote Code Execution via Metabox
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/php-everywhere/"
     google-query: inurl:"/wp-content/plugins/php-everywhere/"
     shodan-query: 'vuln:CVE-2022-24664'
-  tags: cve,wordpress,wp-plugin,php-everywhere,critical
+  tags: cve,wordpress,wp-plugin,php-everywhere,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2473-669b73ac27d820ad91a32920ca859ce3.yaml b/nuclei-templates/2022/CVE-2022-2473-669b73ac27d820ad91a32920ca859ce3.yaml
index d6892ed2ed..cfee56ac2b 100644
--- a/nuclei-templates/2022/CVE-2022-2473-669b73ac27d820ad91a32920ca859ce3.yaml
+++ b/nuclei-templates/2022/CVE-2022-2473-669b73ac27d820ad91a32920ca859ce3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text]' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The only affects multi-site installations and installations where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-useronline/"
     google-query: inurl:"/wp-content/plugins/wp-useronline/"
     shodan-query: 'vuln:CVE-2022-2473'
-  tags: cve,wordpress,wp-plugin,wp-useronline,medium
+  tags: cve,wordpress,wp-plugin,wp-useronline,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2515-292e0cc17029954da0392c71fc757409.yaml b/nuclei-templates/2022/CVE-2022-2515-292e0cc17029954da0392c71fc757409.yaml
index 3c2bc910a3..7e1f5c6c1c 100644
--- a/nuclei-templates/2022/CVE-2022-2515-292e0cc17029954da0392c71fc757409.yaml
+++ b/nuclei-templates/2022/CVE-2022-2515-292e0cc17029954da0392c71fc757409.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_version_activation_code` parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those without administrative capabilities when access is granted to those users, to inject arbitrary web scripts in page that will execute whenever a user role having access to "Simple Banner" accesses the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-banner/"
     google-query: inurl:"/wp-content/plugins/simple-banner/"
     shodan-query: 'vuln:CVE-2022-2515'
-  tags: cve,wordpress,wp-plugin,simple-banner,medium
+  tags: cve,wordpress,wp-plugin,simple-banner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2516-8a58bcfdfe2c7ef0990c9f0e6222a7d9.yaml b/nuclei-templates/2022/CVE-2022-2516-8a58bcfdfe2c7ef0990c9f0e6222a7d9.yaml
index 6b75ab8404..239616e2d8 100644
--- a/nuclei-templates/2022/CVE-2022-2516-8a58bcfdfe2c7ef0990c9f0e6222a7d9.yaml
+++ b/nuclei-templates/2022/CVE-2022-2516-8a58bcfdfe2c7ef0990c9f0e6222a7d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visualcomposer/"
     google-query: inurl:"/wp-content/plugins/visualcomposer/"
     shodan-query: 'vuln:CVE-2022-2516'
-  tags: cve,wordpress,wp-plugin,visualcomposer,medium
+  tags: cve,wordpress,wp-plugin,visualcomposer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2517-a4b84494f2ca0459161168fd007453cd.yaml b/nuclei-templates/2022/CVE-2022-2517-a4b84494f2ca0459161168fd007453cd.yaml
index 62ca6600d7..83722fdb7b 100644
--- a/nuclei-templates/2022/CVE-2022-2517-a4b84494f2ca0459161168fd007453cd.yaml
+++ b/nuclei-templates/2022/CVE-2022-2517-a4b84494f2ca0459161168fd007453cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2022-2517'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2518-93d3f42fb72b82260168d21150301cb3.yaml b/nuclei-templates/2022/CVE-2022-2518-93d3f42fb72b82260168d21150301cb3.yaml
index d3c5742a39..8fd9d7aac5 100644
--- a/nuclei-templates/2022/CVE-2022-2518-93d3f42fb72b82260168d21150301cb3.yaml
+++ b/nuclei-templates/2022/CVE-2022-2518-93d3f42fb72b82260168d21150301cb3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stockists-manager/"
     google-query: inurl:"/wp-content/plugins/stockists-manager/"
     shodan-query: 'vuln:CVE-2022-2518'
-  tags: cve,wordpress,wp-plugin,stockists-manager,high
+  tags: cve,wordpress,wp-plugin,stockists-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2532-fafa2caced18a7c0c4666d573df5d9d1.yaml b/nuclei-templates/2022/CVE-2022-2532-fafa2caced18a7c0c4666d573df5d9d1.yaml
index 041d1e0ef7..ddd51ffe5e 100644
--- a/nuclei-templates/2022/CVE-2022-2532-fafa2caced18a7c0c4666d573df5d9d1.yaml
+++ b/nuclei-templates/2022/CVE-2022-2532-fafa2caced18a7c0c4666d573df5d9d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Subscriber+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Feed Them Social plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘access_token’  parameter in the function fts_encrypt_token_ajax in versions up to, and including, 2.9.8.6  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, subscriber and above, to inject arbitrary web scripts stored in the plugin options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feed-them-social/"
     google-query: inurl:"/wp-content/plugins/feed-them-social/"
     shodan-query: 'vuln:CVE-2022-2532'
-  tags: cve,wordpress,wp-plugin,feed-them-social,medium
+  tags: cve,wordpress,wp-plugin,feed-them-social,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2540-7c00a992b189dd605d955a517ab5ff4b.yaml b/nuclei-templates/2022/CVE-2022-2540-7c00a992b189dd605d955a517ab5ff4b.yaml
index 2bb2ec6076..796a01bc41 100644
--- a/nuclei-templates/2022/CVE-2022-2540-7c00a992b189dd605d955a517ab5ff4b.yaml
+++ b/nuclei-templates/2022/CVE-2022-2540-7c00a992b189dd605d955a517ab5ff4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link Optimizer Lite <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-optimizer-lite/"
     google-query: inurl:"/wp-content/plugins/link-optimizer-lite/"
     shodan-query: 'vuln:CVE-2022-2540'
-  tags: cve,wordpress,wp-plugin,link-optimizer-lite,high
+  tags: cve,wordpress,wp-plugin,link-optimizer-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2541-cac3c9ade2b34b60466d535155587563.yaml b/nuclei-templates/2022/CVE-2022-2541-cac3c9ade2b34b60466d535155587563.yaml
index 89bc385f14..58f898fa09 100644
--- a/nuclei-templates/2022/CVE-2022-2541-cac3c9ade2b34b60466d535155587563.yaml
+++ b/nuclei-templates/2022/CVE-2022-2541-cac3c9ade2b34b60466d535155587563.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ucontext-for-amazon/"
     google-query: inurl:"/wp-content/plugins/ucontext-for-amazon/"
     shodan-query: 'vuln:CVE-2022-2541'
-  tags: cve,wordpress,wp-plugin,ucontext-for-amazon,high
+  tags: cve,wordpress,wp-plugin,ucontext-for-amazon,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2542-474821f1bfc79c7314fe0d7eec328e34.yaml b/nuclei-templates/2022/CVE-2022-2542-474821f1bfc79c7314fe0d7eec328e34.yaml
index 1d66727d3b..dcda972673 100644
--- a/nuclei-templates/2022/CVE-2022-2542-474821f1bfc79c7314fe0d7eec328e34.yaml
+++ b/nuclei-templates/2022/CVE-2022-2542-474821f1bfc79c7314fe0d7eec328e34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     uContext for Clickbank <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ucontext/"
     google-query: inurl:"/wp-content/plugins/ucontext/"
     shodan-query: 'vuln:CVE-2022-2542'
-  tags: cve,wordpress,wp-plugin,ucontext,high
+  tags: cve,wordpress,wp-plugin,ucontext,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2554-47f4114397364fc89b3a25b4215574b4.yaml b/nuclei-templates/2022/CVE-2022-2554-47f4114397364fc89b3a25b4215574b4.yaml
index 92646fba7c..6f0975e106 100644
--- a/nuclei-templates/2022/CVE-2022-2554-47f4114397364fc89b3a25b4215574b4.yaml
+++ b/nuclei-templates/2022/CVE-2022-2554-47f4114397364fc89b3a25b4215574b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enable Media Replace <= 3.6.3 - Authenticated (Administrator+) Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Enable Media Replace plugin for WordPress is vulnerable to path traversal when renaming files in versions up to, and including, 3.6.3. This makes it possible for authenticated attackers, with administrator-level permissions and above, to move files on the affected site's server outside of the webroot.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enable-media-replace/"
     google-query: inurl:"/wp-content/plugins/enable-media-replace/"
     shodan-query: 'vuln:CVE-2022-2554'
-  tags: cve,wordpress,wp-plugin,enable-media-replace,medium
+  tags: cve,wordpress,wp-plugin,enable-media-replace,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2555-2209fd38d31d7045610e08e5a8e2302b.yaml b/nuclei-templates/2022/CVE-2022-2555-2209fd38d31d7045610e08e5a8e2302b.yaml
index 1f3225931d..e83c827287 100644
--- a/nuclei-templates/2022/CVE-2022-2555-2209fd38d31d7045610e08e5a8e2302b.yaml
+++ b/nuclei-templates/2022/CVE-2022-2555-2209fd38d31d7045610e08e5a8e2302b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yotpo Reviews for WooCommerce (Unofficial) <= 2.0.4 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Yotpo Reviews for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation when modifying plugin settings. This makes it possible for unauthenticated attackers to trigger changes to the plugin's own settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yotpo-reviews-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/yotpo-reviews-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-2555'
-  tags: cve,wordpress,wp-plugin,yotpo-reviews-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,yotpo-reviews-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2556-f9bc7cdb6ab2ec4c7db8c04c4f500136.yaml b/nuclei-templates/2022/CVE-2022-2556-f9bc7cdb6ab2ec4c7db8c04c4f500136.yaml
index e4f99ba279..f2ac9647d6 100644
--- a/nuclei-templates/2022/CVE-2022-2556-f9bc7cdb6ab2ec4c7db8c04c4f500136.yaml
+++ b/nuclei-templates/2022/CVE-2022-2556-f9bc7cdb6ab2ec4c7db8c04c4f500136.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mailchimp for WooCommerce <= 2.7.1 - Authenticated (Admin+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The plugin Mailchimp for WooCommerce for WordPress is vulnerable to Server-Side Request Forgery via one of its AJAX actions in versions up to, and including, 2.7.1. This makes it possible for an attacker with administrator privileges to send requests to the internal network.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/mailchimp-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-2556'
-  tags: cve,wordpress,wp-plugin,mailchimp-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2559-da98de7f074ffd80f7cb587c569cdd12.yaml b/nuclei-templates/2022/CVE-2022-2559-da98de7f074ffd80f7cb587c569cdd12.yaml
index 16846706f7..b89b9011ac 100644
--- a/nuclei-templates/2022/CVE-2022-2559-da98de7f074ffd80f7cb587c569cdd12.yaml
+++ b/nuclei-templates/2022/CVE-2022-2559-da98de7f074ffd80f7cb587c569cdd12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fluent Support <= 1.5.7 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Fluent Support plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 1.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluent-support/"
     google-query: inurl:"/wp-content/plugins/fluent-support/"
     shodan-query: 'vuln:CVE-2022-2559'
-  tags: cve,wordpress,wp-plugin,fluent-support,high
+  tags: cve,wordpress,wp-plugin,fluent-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25602-6e39ce305d8fc46246730df95c49bc5a.yaml b/nuclei-templates/2022/CVE-2022-25602-6e39ce305d8fc46246730df95c49bc5a.yaml
index 52da135de8..abdbc3d612 100644
--- a/nuclei-templates/2022/CVE-2022-25602-6e39ce305d8fc46246730df95c49bc5a.yaml
+++ b/nuclei-templates/2022/CVE-2022-25602-6e39ce305d8fc46246730df95c49bc5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Menu <= 4.1.7 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Responsive Menu plugin for WordPress is vulnerable to authorization bypass due to missing authorization checks on various functions and nonce disclosure in versions up to, and including 4.1.7. This makes it possible for attackers to upload arbitrary files, delete themes, and change plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-menu/"
     google-query: inurl:"/wp-content/plugins/responsive-menu/"
     shodan-query: 'vuln:CVE-2022-25602'
-  tags: cve,wordpress,wp-plugin,responsive-menu,medium
+  tags: cve,wordpress,wp-plugin,responsive-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25603-e066c5d256834fe1f65bdb778f74e19e.yaml b/nuclei-templates/2022/CVE-2022-25603-e066c5d256834fe1f65bdb778f74e19e.yaml
index 9925fa9ef1..f12ac5a5b5 100644
--- a/nuclei-templates/2022/CVE-2022-25603-e066c5d256834fe1f65bdb778f74e19e.yaml
+++ b/nuclei-templates/2022/CVE-2022-25603-e066c5d256834fe1f65bdb778f74e19e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MaxGalleria <= 6.2.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maxgalleria/"
     google-query: inurl:"/wp-content/plugins/maxgalleria/"
     shodan-query: 'vuln:CVE-2022-25603'
-  tags: cve,wordpress,wp-plugin,maxgalleria,medium
+  tags: cve,wordpress,wp-plugin,maxgalleria,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25604-c09dba9091d0ee592d0a0d23f17cab8b.yaml b/nuclei-templates/2022/CVE-2022-25604-c09dba9091d0ee592d0a0d23f17cab8b.yaml
index ceb7b4e9df..d79f1fd982 100644
--- a/nuclei-templates/2022/CVE-2022-25604-c09dba9091d0ee592d0a0d23f17cab8b.yaml
+++ b/nuclei-templates/2022/CVE-2022-25604-c09dba9091d0ee592d0a0d23f17cab8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Price Table <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pricetable/"
     google-query: inurl:"/wp-content/plugins/pricetable/"
     shodan-query: 'vuln:CVE-2022-25604'
-  tags: cve,wordpress,wp-plugin,pricetable,medium
+  tags: cve,wordpress,wp-plugin,pricetable,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25605-fde55a7ed22dac34f683215367ee2443.yaml b/nuclei-templates/2022/CVE-2022-25605-fde55a7ed22dac34f683215367ee2443.yaml
index 4a3705dc28..f77866c04a 100644
--- a/nuclei-templates/2022/CVE-2022-25605-fde55a7ed22dac34f683215367ee2443.yaml
+++ b/nuclei-templates/2022/CVE-2022-25605-fde55a7ed22dac34f683215367ee2443.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-DownloadManager plugin <= 1.68.6 -  Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-downloadmanager/"
     google-query: inurl:"/wp-content/plugins/wp-downloadmanager/"
     shodan-query: 'vuln:CVE-2022-25605'
-  tags: cve,wordpress,wp-plugin,wp-downloadmanager,medium
+  tags: cve,wordpress,wp-plugin,wp-downloadmanager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25606-46ca57fda9611a4d8d3fe3eb2317d1ac.yaml b/nuclei-templates/2022/CVE-2022-25606-46ca57fda9611a4d8d3fe3eb2317d1ac.yaml
index f7d756add8..1730105a79 100644
--- a/nuclei-templates/2022/CVE-2022-25606-46ca57fda9611a4d8d3fe3eb2317d1ac.yaml
+++ b/nuclei-templates/2022/CVE-2022-25606-46ca57fda9611a4d8d3fe3eb2317d1ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-DownloadManager <= 1.68.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-downloadmanager/"
     google-query: inurl:"/wp-content/plugins/wp-downloadmanager/"
     shodan-query: 'vuln:CVE-2022-25606'
-  tags: cve,wordpress,wp-plugin,wp-downloadmanager,medium
+  tags: cve,wordpress,wp-plugin,wp-downloadmanager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25607-21b5e2cc1773e8a375d4b06283f1f75c.yaml b/nuclei-templates/2022/CVE-2022-25607-21b5e2cc1773e8a375d4b06283f1f75c.yaml
index a1b2b56e0f..d9550f85f0 100644
--- a/nuclei-templates/2022/CVE-2022-25607-21b5e2cc1773e8a375d4b06283f1f75c.yaml
+++ b/nuclei-templates/2022/CVE-2022-25607-21b5e2cc1773e8a375d4b06283f1f75c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:CVE-2022-25607'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,high
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25609-7da4dea81c55210aa215efa50cd5e1a7.yaml b/nuclei-templates/2022/CVE-2022-25609-7da4dea81c55210aa215efa50cd5e1a7.yaml
index 4a460107d6..8a581a3dea 100644
--- a/nuclei-templates/2022/CVE-2022-25609-7da4dea81c55210aa215efa50cd5e1a7.yaml
+++ b/nuclei-templates/2022/CVE-2022-25609-7da4dea81c55210aa215efa50cd5e1a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yoo-slider/"
     google-query: inurl:"/wp-content/plugins/yoo-slider/"
     shodan-query: 'vuln:CVE-2022-25609'
-  tags: cve,wordpress,wp-plugin,yoo-slider,medium
+  tags: cve,wordpress,wp-plugin,yoo-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25610-1bbd8f2ed08db0b77690cb0df76fdffe.yaml b/nuclei-templates/2022/CVE-2022-25610-1bbd8f2ed08db0b77690cb0df76fdffe.yaml
index 0fa86ba649..32508c27a3 100644
--- a/nuclei-templates/2022/CVE-2022-25610-1bbd8f2ed08db0b77690cb0df76fdffe.yaml
+++ b/nuclei-templates/2022/CVE-2022-25610-1bbd8f2ed08db0b77690cb0df76fdffe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Ajax Chat <= 20220115 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 20220115 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. However, the attack requires specific conditions, making it hard to exploit.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-ajax-chat/"
     google-query: inurl:"/wp-content/plugins/simple-ajax-chat/"
     shodan-query: 'vuln:CVE-2022-25610'
-  tags: cve,wordpress,wp-plugin,simple-ajax-chat,medium
+  tags: cve,wordpress,wp-plugin,simple-ajax-chat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25611-0e3b2109a8f3c98e6d7b288936c49e4a.yaml b/nuclei-templates/2022/CVE-2022-25611-0e3b2109a8f3c98e6d7b288936c49e4a.yaml
index 87cbb40288..5981354b47 100644
--- a/nuclei-templates/2022/CVE-2022-25611-0e3b2109a8f3c98e6d7b288936c49e4a.yaml
+++ b/nuclei-templates/2022/CVE-2022-25611-0e3b2109a8f3c98e6d7b288936c49e4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Event Planner <= 1.5.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Event Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘&custom[add_seg][]’ parameter in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for Contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-event-planner/"
     google-query: inurl:"/wp-content/plugins/simple-event-planner/"
     shodan-query: 'vuln:CVE-2022-25611'
-  tags: cve,wordpress,wp-plugin,simple-event-planner,medium
+  tags: cve,wordpress,wp-plugin,simple-event-planner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25612-0c7da527d5c5020bdc519d1c19025768.yaml b/nuclei-templates/2022/CVE-2022-25612-0c7da527d5c5020bdc519d1c19025768.yaml
index 0d467a54ad..f2f5067acd 100644
--- a/nuclei-templates/2022/CVE-2022-25612-0c7da527d5c5020bdc519d1c19025768.yaml
+++ b/nuclei-templates/2022/CVE-2022-25612-0c7da527d5c5020bdc519d1c19025768.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Event Planner plugin <= 1.5.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-event-planner/"
     google-query: inurl:"/wp-content/plugins/simple-event-planner/"
     shodan-query: 'vuln:CVE-2022-25612'
-  tags: cve,wordpress,wp-plugin,simple-event-planner,medium
+  tags: cve,wordpress,wp-plugin,simple-event-planner,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25613-d173f6ac48d7132b733f53a51a70ac65.yaml b/nuclei-templates/2022/CVE-2022-25613-d173f6ac48d7132b733f53a51a70ac65.yaml
index 41008f8b2e..33f294959d 100644
--- a/nuclei-templates/2022/CVE-2022-25613-d173f6ac48d7132b733f53a51a70ac65.yaml
+++ b/nuclei-templates/2022/CVE-2022-25613-d173f6ac48d7132b733f53a51a70ac65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:CVE-2022-25613'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25618-983af3d35ec99acfdee458670c0dbf30.yaml b/nuclei-templates/2022/CVE-2022-25618-983af3d35ec99acfdee458670c0dbf30.yaml
index 594ed7a550..f7fe714979 100644
--- a/nuclei-templates/2022/CVE-2022-25618-983af3d35ec99acfdee458670c0dbf30.yaml
+++ b/nuclei-templates/2022/CVE-2022-25618-983af3d35ec99acfdee458670c0dbf30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDataTables – WordPress Tables & Table Charts Plugin <= 2.1.27 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpDataTables plugin <= 2.1.27 is vulnerable to authenticated (admin+) Stored Cross-Site Scripting
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdatatables/"
     google-query: inurl:"/wp-content/plugins/wpdatatables/"
     shodan-query: 'vuln:CVE-2022-25618'
-  tags: cve,wordpress,wp-plugin,wpdatatables,medium
+  tags: cve,wordpress,wp-plugin,wpdatatables,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2563-14663e06b0c267ee32922b2e7b917924.yaml b/nuclei-templates/2022/CVE-2022-2563-14663e06b0c267ee32922b2e7b917924.yaml
index 3f12125b9a..290ddc816f 100644
--- a/nuclei-templates/2022/CVE-2022-2563-14663e06b0c267ee32922b2e7b917924.yaml
+++ b/nuclei-templates/2022/CVE-2022-2563-14663e06b0c267ee32922b2e7b917924.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 2.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tutor LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the topic name and lesson name parameters in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2022-2563'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25649-5e2a21e34446161fac44e66bf2f9139e.yaml b/nuclei-templates/2022/CVE-2022-25649-5e2a21e34446161fac44e66bf2f9139e.yaml
index bd8ff25124..869a28b3b5 100644
--- a/nuclei-templates/2022/CVE-2022-25649-5e2a21e34446161fac44e66bf2f9139e.yaml
+++ b/nuclei-templates/2022/CVE-2022-25649-5e2a21e34446161fac44e66bf2f9139e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Affiliate For WooCommerce <= 4.7.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Affiliate For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability checks function in versions up to, and including, 4.7.0. This makes it possible for authenticated attackers with minimal permissions, such as an affiliate, to make unauthorized changes to the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliate-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/affiliate-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-25649'
-  tags: cve,wordpress,wp-plugin,affiliate-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,affiliate-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2567-7cb4dee16a7431d0aa1859c958e33f53.yaml b/nuclei-templates/2022/CVE-2022-2567-7cb4dee16a7431d0aa1859c958e33f53.yaml
index eb1f4aac88..7c71277cb6 100644
--- a/nuclei-templates/2022/CVE-2022-2567-7cb4dee16a7431d0aa1859c958e33f53.yaml
+++ b/nuclei-templates/2022/CVE-2022-2567-7cb4dee16a7431d0aa1859c958e33f53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Builder CP <= 1.2.31 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Form Builder CP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-easy-form-builder/"
     google-query: inurl:"/wp-content/plugins/cp-easy-form-builder/"
     shodan-query: 'vuln:CVE-2022-2567'
-  tags: cve,wordpress,wp-plugin,cp-easy-form-builder,medium
+  tags: cve,wordpress,wp-plugin,cp-easy-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2574-7f939cb3e37ce54ad131378445cfa889.yaml b/nuclei-templates/2022/CVE-2022-2574-7f939cb3e37ce54ad131378445cfa889.yaml
index 82491c208e..d6407ce27c 100644
--- a/nuclei-templates/2022/CVE-2022-2574-7f939cb3e37ce54ad131378445cfa889.yaml
+++ b/nuclei-templates/2022/CVE-2022-2574-7f939cb3e37ce54ad131378445cfa889.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meks Easy Social Share <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Meks Easy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its parameters in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meks-easy-social-share/"
     google-query: inurl:"/wp-content/plugins/meks-easy-social-share/"
     shodan-query: 'vuln:CVE-2022-2574'
-  tags: cve,wordpress,wp-plugin,meks-easy-social-share,medium
+  tags: cve,wordpress,wp-plugin,meks-easy-social-share,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2575-daeaf69e03551f5a39540769cb2822ca.yaml b/nuclei-templates/2022/CVE-2022-2575-daeaf69e03551f5a39540769cb2822ca.yaml
index bae6328c38..6b3073eeab 100644
--- a/nuclei-templates/2022/CVE-2022-2575-daeaf69e03551f5a39540769cb2822ca.yaml
+++ b/nuclei-templates/2022/CVE-2022-2575-daeaf69e03551f5a39540769cb2822ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WBW Currency Switcher <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WBW Currency Switcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockip’ parameter in versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-currency/"
     google-query: inurl:"/wp-content/plugins/woo-currency/"
     shodan-query: 'vuln:CVE-2022-2575'
-  tags: cve,wordpress,wp-plugin,woo-currency,medium
+  tags: cve,wordpress,wp-plugin,woo-currency,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25810-4b35d32175d8c6a60caf01bbc915cbc9.yaml b/nuclei-templates/2022/CVE-2022-25810-4b35d32175d8c6a60caf01bbc915cbc9.yaml
index 0190c48b56..45a6414b44 100644
--- a/nuclei-templates/2022/CVE-2022-25810-4b35d32175d8c6a60caf01bbc915cbc9.yaml
+++ b/nuclei-templates/2022/CVE-2022-25810-4b35d32175d8c6a60caf01bbc915cbc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Transposh WordPress Translation <= 1.0.8.1 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Transposh WordPress Translation plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions called via AJAX actions in versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers with subscriber-level permissions and above to perform many administrative actions such as initiating new back-ups, modifying the plugin's settings, deleting duplicates, and more.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/"
     shodan-query: 'vuln:CVE-2022-25810'
-  tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25811-f437ea7631a9816d78b50dbf1934085a.yaml b/nuclei-templates/2022/CVE-2022-25811-f437ea7631a9816d78b50dbf1934085a.yaml
index 10884e17a2..c7fe8c30de 100644
--- a/nuclei-templates/2022/CVE-2022-25811-f437ea7631a9816d78b50dbf1934085a.yaml
+++ b/nuclei-templates/2022/CVE-2022-25811-f437ea7631a9816d78b50dbf1934085a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Transposh WordPress Translation <= 1.0.8.1 - Authenticated (Admin+) SQL Injection via 'tp_editor'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Transposh WordPress Translation plugin for WordPress is vulnerable to SQL Injection via the 'order' and 'orderby' parameters in versions up to, and including, 1.0.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/"
     shodan-query: 'vuln:CVE-2022-25811'
-  tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,high
+  tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25812-a687f130dc4fb0dc3fa1596936a6c928.yaml b/nuclei-templates/2022/CVE-2022-25812-a687f130dc4fb0dc3fa1596936a6c928.yaml
index beeaa40add..ea5b1a6eaa 100644
--- a/nuclei-templates/2022/CVE-2022-25812-a687f130dc4fb0dc3fa1596936a6c928.yaml
+++ b/nuclei-templates/2022/CVE-2022-25812-a687f130dc4fb0dc3fa1596936a6c928.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Transposh WordPress Translation <= 1.0.8.1 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Transposh WordPress Translation plugin for WordPress is vulnerable to remote code execution in versions up to, and including, 1.0.8.1. This is due to insufficient extension validation on the log file that can be created via the plugin. This makes it possible for authenticated attackers with administrative level permissions and above to set the log file extension to .php and then update a setting to log PHP executable code to that file which can be used to achieve remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/"
     shodan-query: 'vuln:CVE-2022-25812'
-  tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,high
+  tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25858-c3dca1d1ef3a946c9ddf3e33caa00021.yaml b/nuclei-templates/2022/CVE-2022-25858-c3dca1d1ef3a946c9ddf3e33caa00021.yaml
index 996f72f09b..e9f3478196 100644
--- a/nuclei-templates/2022/CVE-2022-25858-c3dca1d1ef3a946c9ddf3e33caa00021.yaml
+++ b/nuclei-templates/2022/CVE-2022-25858-c3dca1d1ef3a946c9ddf3e33caa00021.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 3.7
     cve-id: CVE-2022-25858
   metadata:
-    fofa-query: "wp-content/plugins/retro-winamp-block/"
-    google-query: inurl:"/wp-content/plugins/retro-winamp-block/"
+    fofa-query: "wp-content/plugins/simple-local-avatars/"
+    google-query: inurl:"/wp-content/plugins/simple-local-avatars/"
     shodan-query: 'vuln:CVE-2022-25858'
-  tags: cve,wordpress,wp-plugin,retro-winamp-block,low
+  tags: cve,wordpress,wp-plugin,simple-local-avatars,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/retro-winamp-block/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/simple-local-avatars/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "retro-winamp-block"
+          - "simple-local-avatars"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.1.0')
\ No newline at end of file
+          - compare_versions(version, '<= 2.5.0')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-25858-f9078038dec7d199edb0413f76661495.yaml b/nuclei-templates/2022/CVE-2022-25858-f9078038dec7d199edb0413f76661495.yaml
index da2b338790..90763f8629 100644
--- a/nuclei-templates/2022/CVE-2022-25858-f9078038dec7d199edb0413f76661495.yaml
+++ b/nuclei-templates/2022/CVE-2022-25858-f9078038dec7d199edb0413f76661495.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2022-25858
   metadata:
-    fofa-query: "wp-content/plugins/publisher-media-kit/"
-    google-query: inurl:"/wp-content/plugins/publisher-media-kit/"
+    fofa-query: "wp-content/plugins/autoshare-for-twitter/"
+    google-query: inurl:"/wp-content/plugins/autoshare-for-twitter/"
     shodan-query: 'vuln:CVE-2022-25858'
-  tags: cve,wordpress,wp-plugin,publisher-media-kit,medium
+  tags: cve,wordpress,wp-plugin,autoshare-for-twitter,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/publisher-media-kit/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/autoshare-for-twitter/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "publisher-media-kit"
+          - "autoshare-for-twitter"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.2.1')
\ No newline at end of file
+          - compare_versions(version, '<= 1.1.2')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-25860-bc55ea7b509124d1a77831d4400c5030.yaml b/nuclei-templates/2022/CVE-2022-25860-bc55ea7b509124d1a77831d4400c5030.yaml
index 6df5fa14ba..540225831b 100644
--- a/nuclei-templates/2022/CVE-2022-25860-bc55ea7b509124d1a77831d4400c5030.yaml
+++ b/nuclei-templates/2022/CVE-2022-25860-bc55ea7b509124d1a77831d4400c5030.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     simple-git < 3.16.0 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The package simple-git is vulnerable to Remote Code Execution in versions before 3.16.0 via the clone(), pull(), push() and listRemote() methods due to improper input sanitization. This is due to an incomplete fix of CVE-2022-25912. WordPress plugins and themes may be using this package, however, they may not be vulnerable to exploitation.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2022-25860
   metadata:
-    fofa-query: "wp-content/plugins/insecure-content-warning/"
-    google-query: inurl:"/wp-content/plugins/insecure-content-warning/"
+    fofa-query: "wp-content/plugins/simple-local-avatars/"
+    google-query: inurl:"/wp-content/plugins/simple-local-avatars/"
     shodan-query: 'vuln:CVE-2022-25860'
-  tags: cve,wordpress,wp-plugin,insecure-content-warning,high
+  tags: cve,wordpress,wp-plugin,simple-local-avatars,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/insecure-content-warning/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/simple-local-avatars/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "insecure-content-warning"
+          - "simple-local-avatars"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.0.3')
\ No newline at end of file
+          - compare_versions(version, '<= 2.7.3')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-25912-73081b1f6f4e13a9e6e969eba5e746fc.yaml b/nuclei-templates/2022/CVE-2022-25912-73081b1f6f4e13a9e6e969eba5e746fc.yaml
index bb29cbe608..913e833810 100644
--- a/nuclei-templates/2022/CVE-2022-25912-73081b1f6f4e13a9e6e969eba5e746fc.yaml
+++ b/nuclei-templates/2022/CVE-2022-25912-73081b1f6f4e13a9e6e969eba5e746fc.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2022-25912
   metadata:
-    fofa-query: "wp-content/plugins/elasticpress/"
-    google-query: inurl:"/wp-content/plugins/elasticpress/"
+    fofa-query: "wp-content/plugins/autoshare-for-twitter/"
+    google-query: inurl:"/wp-content/plugins/autoshare-for-twitter/"
     shodan-query: 'vuln:CVE-2022-25912'
-  tags: cve,wordpress,wp-plugin,elasticpress,critical
+  tags: cve,wordpress,wp-plugin,autoshare-for-twitter,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/elasticpress/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/autoshare-for-twitter/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "elasticpress"
+          - "autoshare-for-twitter"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 4.4.0')
\ No newline at end of file
+          - compare_versions(version, '<= 1.2.1')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-2593-3d5b724b4980f24cb96bdfad9d38ad3d.yaml b/nuclei-templates/2022/CVE-2022-2593-3d5b724b4980f24cb96bdfad9d38ad3d.yaml
index 2df1aa25be..e49d430b24 100644
--- a/nuclei-templates/2022/CVE-2022-2593-3d5b724b4980f24cb96bdfad9d38ad3d.yaml
+++ b/nuclei-templates/2022/CVE-2022-2593-3d5b724b4980f24cb96bdfad9d38ad3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Search Replace <= 1.4 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The plugin Better Search Replace for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to lack of sanitization of user input in the construction of a database query. This makes it possible for authenticated attackers with administrator-level accounts to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-search-replace/"
     google-query: inurl:"/wp-content/plugins/better-search-replace/"
     shodan-query: 'vuln:CVE-2022-2593'
-  tags: cve,wordpress,wp-plugin,better-search-replace,high
+  tags: cve,wordpress,wp-plugin,better-search-replace,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-25952-e3ab5ea87cccc6d9dbd7e7c3ec127075.yaml b/nuclei-templates/2022/CVE-2022-25952-e3ab5ea87cccc6d9dbd7e7c3ec127075.yaml
index 9178914f54..fcf36a7d23 100644
--- a/nuclei-templates/2022/CVE-2022-25952-e3ab5ea87cccc6d9dbd7e7c3ec127075.yaml
+++ b/nuclei-templates/2022/CVE-2022-25952-e3ab5ea87cccc6d9dbd7e7c3ec127075.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Egg <= 5.4.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Content Egg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke that function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-egg/"
     google-query: inurl:"/wp-content/plugins/content-egg/"
     shodan-query: 'vuln:CVE-2022-25952'
-  tags: cve,wordpress,wp-plugin,content-egg,high
+  tags: cve,wordpress,wp-plugin,content-egg,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2628-1a5f08a913b9e66bca4a1d7c16d1cb52.yaml b/nuclei-templates/2022/CVE-2022-2628-1a5f08a913b9e66bca4a1d7c16d1cb52.yaml
index b737c82c63..03b60d4649 100644
--- a/nuclei-templates/2022/CVE-2022-2628-1a5f08a913b9e66bca4a1d7c16d1cb52.yaml
+++ b/nuclei-templates/2022/CVE-2022-2628-1a5f08a913b9e66bca4a1d7c16d1cb52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DSGVO All in one for WP <= 4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DSGVO All in one for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dsdvo_customimprinttext’ parameter in versions up to, and including, 4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/dsgvo-all-in-one-for-wp/"
     google-query: inurl:"/wp-content/plugins/dsgvo-all-in-one-for-wp/"
     shodan-query: 'vuln:CVE-2022-2628'
-  tags: cve,wordpress,wp-plugin,dsgvo-all-in-one-for-wp,medium
+  tags: cve,wordpress,wp-plugin,dsgvo-all-in-one-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2629-4f0560b0cde9af506953920ade591947.yaml b/nuclei-templates/2022/CVE-2022-2629-4f0560b0cde9af506953920ade591947.yaml
index 0d7f3a5cf4..d5ca9d38fd 100644
--- a/nuclei-templates/2022/CVE-2022-2629-4f0560b0cde9af506953920ade591947.yaml
+++ b/nuclei-templates/2022/CVE-2022-2629-4f0560b0cde9af506953920ade591947.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Top Bar <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tpbr_message,tpbr_btn_text,tpbr_btn_url, and tpbr_color parameters. This allows authenticated users with administrator-level permissions to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/top-bar/"
     google-query: inurl:"/wp-content/plugins/top-bar/"
     shodan-query: 'vuln:CVE-2022-2629'
-  tags: cve,wordpress,wp-plugin,top-bar,medium
+  tags: cve,wordpress,wp-plugin,top-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2635-4cdab5a4c9d1ef359c9ea3e65c6cdb07.yaml b/nuclei-templates/2022/CVE-2022-2635-4cdab5a4c9d1ef359c9ea3e65c6cdb07.yaml
index c53f7bf43a..5be31ada2e 100644
--- a/nuclei-templates/2022/CVE-2022-2635-4cdab5a4c9d1ef359c9ea3e65c6cdb07.yaml
+++ b/nuclei-templates/2022/CVE-2022-2635-4cdab5a4c9d1ef359c9ea3e65c6cdb07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Autoptimize <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the critical css settings rules in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. The issue was partially fixed in version 3.1.0 but a full fix was not made available until version 3.1.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autoptimize/"
     google-query: inurl:"/wp-content/plugins/autoptimize/"
     shodan-query: 'vuln:CVE-2022-2635'
-  tags: cve,wordpress,wp-plugin,autoptimize,medium
+  tags: cve,wordpress,wp-plugin,autoptimize,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-26366-a74fb6f00e03de1d4dc066ebae34f69d.yaml b/nuclei-templates/2022/CVE-2022-26366-a74fb6f00e03de1d4dc066ebae34f69d.yaml
index be42ff4fd7..d56bacf1a3 100644
--- a/nuclei-templates/2022/CVE-2022-26366-a74fb6f00e03de1d4dc066ebae34f69d.yaml
+++ b/nuclei-templates/2022/CVE-2022-26366-a74fb6f00e03de1d4dc066ebae34f69d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdRotate Banner Manager <= 5.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The AdRotate Banner Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.9. This is due to missing or incorrect nonce validation on the adrotate_options() function. This makes it possible for unauthenticated attackers to invoke these functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adrotate/"
     google-query: inurl:"/wp-content/plugins/adrotate/"
     shodan-query: 'vuln:CVE-2022-26366'
-  tags: cve,wordpress,wp-plugin,adrotate,high
+  tags: cve,wordpress,wp-plugin,adrotate,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-26375-414da17bdb4a780711966608cd7b68aa.yaml b/nuclei-templates/2022/CVE-2022-26375-414da17bdb4a780711966608cd7b68aa.yaml
index b6d282cdf8..409dfe4ca2 100644
--- a/nuclei-templates/2022/CVE-2022-26375-414da17bdb4a780711966608cd7b68aa.yaml
+++ b/nuclei-templates/2022/CVE-2022-26375-414da17bdb4a780711966608cd7b68aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AB Press Optimizer <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AB Press Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ab-press-optimizer-lite/"
     google-query: inurl:"/wp-content/plugins/ab-press-optimizer-lite/"
     shodan-query: 'vuln:CVE-2022-26375'
-  tags: cve,wordpress,wp-plugin,ab-press-optimizer-lite,medium
+  tags: cve,wordpress,wp-plugin,ab-press-optimizer-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2654-94f85d394521a13053659cf48cf14634.yaml b/nuclei-templates/2022/CVE-2022-2654-94f85d394521a13053659cf48cf14634.yaml
index da247cd443..790d0074c8 100644
--- a/nuclei-templates/2022/CVE-2022-2654-94f85d394521a13053659cf48cf14634.yaml
+++ b/nuclei-templates/2022/CVE-2022-2654-94f85d394521a13053659cf48cf14634.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2022-2654
   metadata:
-    fofa-query: "wp-content/plugins/classified-core/"
-    google-query: inurl:"/wp-content/plugins/classified-core/"
+    fofa-query: "wp-content/plugins/classified-listing-store/"
+    google-query: inurl:"/wp-content/plugins/classified-listing-store/"
     shodan-query: 'vuln:CVE-2022-2654'
-  tags: cve,wordpress,wp-plugin,classified-core,medium
+  tags: cve,wordpress,wp-plugin,classified-listing-store,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/classified-core/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/classified-listing-store/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "classified-core"
+          - "classified-listing-store"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.10')
\ No newline at end of file
+          - compare_versions(version, '< 1.4.20')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-2657-fb02750d498a9fe091fa40a841ae2cde.yaml b/nuclei-templates/2022/CVE-2022-2657-fb02750d498a9fe091fa40a841ae2cde.yaml
index 5dcc76e385..5cf4511939 100644
--- a/nuclei-templates/2022/CVE-2022-2657-fb02750d498a9fe091fa40a841ae2cde.yaml
+++ b/nuclei-templates/2022/CVE-2022-2657-fb02750d498a9fe091fa40a841ae2cde.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Multivendor Marketplace Solution for WooCommerce  plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.11.8. This is due to missing or incorrect nonce validation on the wcmp_suspend_vendor ajax action. This makes it possible for unauthenticated attackers to suspend vendors, via forged request granted they can trick a logged in user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/"
     google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/"
     shodan-query: 'vuln:CVE-2022-2657'
-  tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,high
+  tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2658-b804d82967d372f1edcb1ab799e70f37.yaml b/nuclei-templates/2022/CVE-2022-2658-b804d82967d372f1edcb1ab799e70f37.yaml
index e65ad56467..1cd739dc17 100644
--- a/nuclei-templates/2022/CVE-2022-2658-b804d82967d372f1edcb1ab799e70f37.yaml
+++ b/nuclei-templates/2022/CVE-2022-2658-b804d82967d372f1edcb1ab799e70f37.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Spell Check <= 9.12 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Spell Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-spell-check/"
     google-query: inurl:"/wp-content/plugins/wp-spell-check/"
     shodan-query: 'vuln:CVE-2022-2658'
-  tags: cve,wordpress,wp-plugin,wp-spell-check,medium
+  tags: cve,wordpress,wp-plugin,wp-spell-check,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2695-3deace4984f0c809f54b31e2e6aaea40.yaml b/nuclei-templates/2022/CVE-2022-2695-3deace4984f0c809f54b31e2e6aaea40.yaml
index 18540e1e61..392d180515 100644
--- a/nuclei-templates/2022/CVE-2022-2695-3deace4984f0c809f54b31e2e6aaea40.yaml
+++ b/nuclei-templates/2022/CVE-2022-2695-3deace4984f0c809f54b31e2e6aaea40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2022-2695'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2696-211f53d8b1b52b0d7d117c8d6be4a364.yaml b/nuclei-templates/2022/CVE-2022-2696-211f53d8b1b52b0d7d117c8d6be4a364.yaml
index dacdc90c6f..47d6c3efdf 100644
--- a/nuclei-templates/2022/CVE-2022-2696-211f53d8b1b52b0d7d117c8d6be4a364.yaml
+++ b/nuclei-templates/2022/CVE-2022-2696-211f53d8b1b52b0d7d117c8d6be4a364.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 - Missing Authorization on AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/menu-ordering-reservations/"
     google-query: inurl:"/wp-content/plugins/menu-ordering-reservations/"
     shodan-query: 'vuln:CVE-2022-2696'
-  tags: cve,wordpress,wp-plugin,menu-ordering-reservations,medium
+  tags: cve,wordpress,wp-plugin,menu-ordering-reservations,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2709-402db9fc1f91d6a610e9186418e3f339.yaml b/nuclei-templates/2022/CVE-2022-2709-402db9fc1f91d6a610e9186418e3f339.yaml
index 3895cb5b30..cf63edac8d 100644
--- a/nuclei-templates/2022/CVE-2022-2709-402db9fc1f91d6a610e9186418e3f339.yaml
+++ b/nuclei-templates/2022/CVE-2022-2709-402db9fc1f91d6a610e9186418e3f339.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Float to Top Button <= 2.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Float to Top Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/float-to-top-button/"
     google-query: inurl:"/wp-content/plugins/float-to-top-button/"
     shodan-query: 'vuln:CVE-2022-2709'
-  tags: cve,wordpress,wp-plugin,float-to-top-button,medium
+  tags: cve,wordpress,wp-plugin,float-to-top-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2710-b5b3c8eb6791ecd6029bb9d46ed89ac0.yaml b/nuclei-templates/2022/CVE-2022-2710-b5b3c8eb6791ecd6029bb9d46ed89ac0.yaml
index 00e5c7c50f..03b554d3c2 100644
--- a/nuclei-templates/2022/CVE-2022-2710-b5b3c8eb6791ecd6029bb9d46ed89ac0.yaml
+++ b/nuclei-templates/2022/CVE-2022-2710-b5b3c8eb6791ecd6029bb9d46ed89ac0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scroll To Top <= 1.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Scroll To Top plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text’ parameter in versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scroll-top/"
     google-query: inurl:"/wp-content/plugins/scroll-top/"
     shodan-query: 'vuln:CVE-2022-2710'
-  tags: cve,wordpress,wp-plugin,scroll-top,medium
+  tags: cve,wordpress,wp-plugin,scroll-top,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2711-8f60c3b6446189e3058b9237676dd33f.yaml b/nuclei-templates/2022/CVE-2022-2711-8f60c3b6446189e3058b9237676dd33f.yaml
index 778a2164cf..7361bc3188 100644
--- a/nuclei-templates/2022/CVE-2022-2711-8f60c3b6446189e3058b9237676dd33f.yaml
+++ b/nuclei-templates/2022/CVE-2022-2711-8f60c3b6446189e3058b9237676dd33f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload via Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Import any XML or CSV File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file path validation in uploaded zip archives in versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2022-2711'
-  tags: cve,wordpress,wp-plugin,wp-all-import,medium
+  tags: cve,wordpress,wp-plugin,wp-all-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2716-a11c0611909385052cd0aaeced3bbff4.yaml b/nuclei-templates/2022/CVE-2022-2716-a11c0611909385052cd0aaeced3bbff4.yaml
index 1fd22f7694..587cae5be3 100644
--- a/nuclei-templates/2022/CVE-2022-2716-a11c0611909385052cd0aaeced3bbff4.yaml
+++ b/nuclei-templates/2022/CVE-2022-2716-a11c0611909385052cd0aaeced3bbff4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2022-2716'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2717-dbd794ea76909c06feaaa4b067d9c221.yaml b/nuclei-templates/2022/CVE-2022-2717-dbd794ea76909c06feaaa4b067d9c221.yaml
index 47c49cecde..d637903865 100644
--- a/nuclei-templates/2022/CVE-2022-2717-dbd794ea76909c06feaaa4b067d9c221.yaml
+++ b/nuclei-templates/2022/CVE-2022-2717-dbd794ea76909c06feaaa4b067d9c221.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authentciated (Admin+) SQL Injection via orderby
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/joomsport-sports-league-results-management/"
     google-query: inurl:"/wp-content/plugins/joomsport-sports-league-results-management/"
     shodan-query: 'vuln:CVE-2022-2717'
-  tags: cve,wordpress,wp-plugin,joomsport-sports-league-results-management,high
+  tags: cve,wordpress,wp-plugin,joomsport-sports-league-results-management,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2718-14278d198b70b2e64cd570f29581f83a.yaml b/nuclei-templates/2022/CVE-2022-2718-14278d198b70b2e64cd570f29581f83a.yaml
index 43d1c31534..811301e4c2 100644
--- a/nuclei-templates/2022/CVE-2022-2718-14278d198b70b2e64cd570f29581f83a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2718-14278d198b70b2e64cd570f29581f83a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/joomsport-sports-league-results-management/"
     google-query: inurl:"/wp-content/plugins/joomsport-sports-league-results-management/"
     shodan-query: 'vuln:CVE-2022-2718'
-  tags: cve,wordpress,wp-plugin,joomsport-sports-league-results-management,high
+  tags: cve,wordpress,wp-plugin,joomsport-sports-league-results-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27231-2a14d3fb0a465f1cdb9f64f93f69aedd.yaml b/nuclei-templates/2022/CVE-2022-27231-2a14d3fb0a465f1cdb9f64f93f69aedd.yaml
index 93527c6d55..4e1255827e 100644
--- a/nuclei-templates/2022/CVE-2022-27231-2a14d3fb0a465f1cdb9f64f93f69aedd.yaml
+++ b/nuclei-templates/2022/CVE-2022-27231-2a14d3fb0a465f1cdb9f64f93f69aedd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 13.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:CVE-2022-27231'
-  tags: cve,wordpress,wp-plugin,wp-statistics,medium
+  tags: cve,wordpress,wp-plugin,wp-statistics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27235-50f3815a7306e514f6cb6f2669b958ed.yaml b/nuclei-templates/2022/CVE-2022-27235-50f3815a7306e514f6cb6f2669b958ed.yaml
index 2084031ef5..c17182a788 100644
--- a/nuclei-templates/2022/CVE-2022-27235-50f3815a7306e514f6cb6f2669b958ed.yaml
+++ b/nuclei-templates/2022/CVE-2022-27235-50f3815a7306e514f6cb6f2669b958ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Share Buttons by Supsystic <= 2.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Share Buttons by Supsystic  plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various functions in versions up to, and including, 2.2.3. This makes it possible for authenticated attackers with subscriber level permissions and above to perform a wide variety of actions such as modifying the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-share-buttons-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/social-share-buttons-by-supsystic/"
     shodan-query: 'vuln:CVE-2022-27235'
-  tags: cve,wordpress,wp-plugin,social-share-buttons-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,social-share-buttons-by-supsystic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2737-3d60381961999c332401ff6c0d1b2fcd.yaml b/nuclei-templates/2022/CVE-2022-2737-3d60381961999c332401ff6c0d1b2fcd.yaml
index 3423487481..26dd379cd9 100644
--- a/nuclei-templates/2022/CVE-2022-2737-3d60381961999c332401ff6c0d1b2fcd.yaml
+++ b/nuclei-templates/2022/CVE-2022-2737-3d60381961999c332401ff6c0d1b2fcd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP STAGING – Backup Duplicator & Migration <= 2.9.17 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP STAGING plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.9.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-staging/"
     google-query: inurl:"/wp-content/plugins/wp-staging/"
     shodan-query: 'vuln:CVE-2022-2737'
-  tags: cve,wordpress,wp-plugin,wp-staging,medium
+  tags: cve,wordpress,wp-plugin,wp-staging,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2762-70956e63e550605d8f25a09facb07794.yaml b/nuclei-templates/2022/CVE-2022-2762-70956e63e550605d8f25a09facb07794.yaml
index e0c4daa819..0c5c258cfb 100644
--- a/nuclei-templates/2022/CVE-2022-2762-70956e63e550605d8f25a09facb07794.yaml
+++ b/nuclei-templates/2022/CVE-2022-2762-70956e63e550605d8f25a09facb07794.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdminPad <= 2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The AdminPad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the bsft_adminpad_form() function. This makes it possible for unauthenticated attackers to update the plugins adminpad content via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adminpad/"
     google-query: inurl:"/wp-content/plugins/adminpad/"
     shodan-query: 'vuln:CVE-2022-2762'
-  tags: cve,wordpress,wp-plugin,adminpad,high
+  tags: cve,wordpress,wp-plugin,adminpad,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27628-11c10e4dc5f28f5f7b4e3c822488409f.yaml b/nuclei-templates/2022/CVE-2022-27628-11c10e4dc5f28f5f7b4e3c822488409f.yaml
index 1f87763008..04f6366e5a 100644
--- a/nuclei-templates/2022/CVE-2022-27628-11c10e4dc5f28f5f7b4e3c822488409f.yaml
+++ b/nuclei-templates/2022/CVE-2022-27628-11c10e4dc5f28f5f7b4e3c822488409f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WZone - Lite <= 3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WZone - Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-amazon-affiliates-light-version/"
     google-query: inurl:"/wp-content/plugins/woocommerce-amazon-affiliates-light-version/"
     shodan-query: 'vuln:CVE-2022-27628'
-  tags: cve,wordpress,wp-plugin,woocommerce-amazon-affiliates-light-version,high
+  tags: cve,wordpress,wp-plugin,woocommerce-amazon-affiliates-light-version,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2763-9c5f430746b739fbae6902b53c806e7a.yaml b/nuclei-templates/2022/CVE-2022-2763-9c5f430746b739fbae6902b53c806e7a.yaml
index 7901e8c5ce..89ebbe1a27 100644
--- a/nuclei-templates/2022/CVE-2022-2763-9c5f430746b739fbae6902b53c806e7a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2763-9c5f430746b739fbae6902b53c806e7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Socializer – Simple & Easy Social Media Share Icons <= 7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Socializer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘misc_additional_css’ parameter in versions up to, and including, 7.2  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-socializer/"
     google-query: inurl:"/wp-content/plugins/wp-socializer/"
     shodan-query: 'vuln:CVE-2022-2763'
-  tags: cve,wordpress,wp-plugin,wp-socializer,medium
+  tags: cve,wordpress,wp-plugin,wp-socializer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2775-b95feef4ddcb37164d4f7af73136c4f2.yaml b/nuclei-templates/2022/CVE-2022-2775-b95feef4ddcb37164d4f7af73136c4f2.yaml
index a408880aa2..07c3608ea5 100644
--- a/nuclei-templates/2022/CVE-2022-2775-b95feef4ddcb37164d4f7af73136c4f2.yaml
+++ b/nuclei-templates/2022/CVE-2022-2775-b95feef4ddcb37164d4f7af73136c4f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fast Flow <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fast Flow WordPress plugin is vulnerable to stored Cross-Site scripting in versions up to, and including, 1.2.12, via the multiple parameters due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fast-flow-dashboard/"
     google-query: inurl:"/wp-content/plugins/fast-flow-dashboard/"
     shodan-query: 'vuln:CVE-2022-2775'
-  tags: cve,wordpress,wp-plugin,fast-flow-dashboard,medium
+  tags: cve,wordpress,wp-plugin,fast-flow-dashboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27844-261f8d0d96a6973bf1fe24c56cd5b3ec.yaml b/nuclei-templates/2022/CVE-2022-27844-261f8d0d96a6973bf1fe24c56cd5b3ec.yaml
index 5edd74d8af..3746f08f3d 100644
--- a/nuclei-templates/2022/CVE-2022-27844-261f8d0d96a6973bf1fe24c56cd5b3ec.yaml
+++ b/nuclei-templates/2022/CVE-2022-27844-261f8d0d96a6973bf1fe24c56cd5b3ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Migration, Backup, Staging – WPvivid  <= 0.9.70 - Authenticated Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:CVE-2022-27844'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,medium
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27845-c591f3e0b0e6607bb02f8ca1122eb1cd.yaml b/nuclei-templates/2022/CVE-2022-27845-c591f3e0b0e6607bb02f8ca1122eb1cd.yaml
index 4bde6eaf05..1cb4f05062 100644
--- a/nuclei-templates/2022/CVE-2022-27845-c591f3e0b0e6607bb02f8ca1122eb1cd.yaml
+++ b/nuclei-templates/2022/CVE-2022-27845-c591f3e0b0e6607bb02f8ca1122eb1cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plausible Analytics <= 1.2.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/plausible-analytics/"
     google-query: inurl:"/wp-content/plugins/plausible-analytics/"
     shodan-query: 'vuln:CVE-2022-27845'
-  tags: cve,wordpress,wp-plugin,plausible-analytics,medium
+  tags: cve,wordpress,wp-plugin,plausible-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27848-afec02ed4fb861008e492afadabc92bd.yaml b/nuclei-templates/2022/CVE-2022-27848-afec02ed4fb861008e492afadabc92bd.yaml
index 7a8395f7db..dd4bdb7adc 100644
--- a/nuclei-templates/2022/CVE-2022-27848-afec02ed4fb861008e492afadabc92bd.yaml
+++ b/nuclei-templates/2022/CVE-2022-27848-afec02ed4fb861008e492afadabc92bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar Lite <= 6.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Modern Events Calendar Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2022-27848'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27852-d8468ce3a3b28bab55fbd9d9d45afc3e.yaml b/nuclei-templates/2022/CVE-2022-27852-d8468ce3a3b28bab55fbd9d9d45afc3e.yaml
index 099b6e4b74..d6fd64642b 100644
--- a/nuclei-templates/2022/CVE-2022-27852-d8468ce3a3b28bab55fbd9d9d45afc3e.yaml
+++ b/nuclei-templates/2022/CVE-2022-27852-d8468ce3a3b28bab55fbd9d9d45afc3e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KB Support – WordPress Help Desk <= 1.5.5 - Multiple Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The plugin KB Support – WordPress Help Desk versions up to 1.5.5 are vulnerable to Cross-Site Scripting. The vulnerabilities allow unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kb-support/"
     google-query: inurl:"/wp-content/plugins/kb-support/"
     shodan-query: 'vuln:CVE-2022-27852'
-  tags: cve,wordpress,wp-plugin,kb-support,medium
+  tags: cve,wordpress,wp-plugin,kb-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27853-53bd8ee68daf44e8898790dff3d4d891.yaml b/nuclei-templates/2022/CVE-2022-27853-53bd8ee68daf44e8898790dff3d4d891.yaml
index a6410da3e4..b668d41d21 100644
--- a/nuclei-templates/2022/CVE-2022-27853-53bd8ee68daf44e8898790dff3d4d891.yaml
+++ b/nuclei-templates/2022/CVE-2022-27853-53bd8ee68daf44e8898790dff3d4d891.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 13.1.0.9 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:CVE-2022-27853'
-  tags: cve,wordpress,wp-plugin,contest-gallery,medium
+  tags: cve,wordpress,wp-plugin,contest-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27854-a2c4b877b0651ff620e8169263705757.yaml b/nuclei-templates/2022/CVE-2022-27854-a2c4b877b0651ff620e8169263705757.yaml
index a93ec64ba3..39b80f2e61 100644
--- a/nuclei-templates/2022/CVE-2022-27854-a2c4b877b0651ff620e8169263705757.yaml
+++ b/nuclei-templates/2022/CVE-2022-27854-a2c4b877b0651ff620e8169263705757.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Psychological tests & quizzes plugin is vulnerable to Cross-Site Scripting due to missing sanitization on the wpt_test_page_submit_button_caption parameter. This vulnerability affects versions up to 0.21.19 and can be exploited by contributor level users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-testing/"
     google-query: inurl:"/wp-content/plugins/wp-testing/"
     shodan-query: 'vuln:CVE-2022-27854'
-  tags: cve,wordpress,wp-plugin,wp-testing,medium
+  tags: cve,wordpress,wp-plugin,wp-testing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27855-e08a52f680b625be47e9beebec7b3154.yaml b/nuclei-templates/2022/CVE-2022-27855-e08a52f680b625be47e9beebec7b3154.yaml
index bbffeb87bf..482f9bba9a 100644
--- a/nuclei-templates/2022/CVE-2022-27855-e08a52f680b625be47e9beebec7b3154.yaml
+++ b/nuclei-templates/2022/CVE-2022-27855-e08a52f680b625be47e9beebec7b3154.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fatcat Apps Analytics Cat <= 1.0.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Fatcat Apps Analytics Cat plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation in the fca_ga_settings_page function . This makes it possible for unauthenticated attackers to change plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/analytics-cat/"
     google-query: inurl:"/wp-content/plugins/analytics-cat/"
     shodan-query: 'vuln:CVE-2022-27855'
-  tags: cve,wordpress,wp-plugin,analytics-cat,high
+  tags: cve,wordpress,wp-plugin,analytics-cat,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27856-b5b013b649a98c215832bbde298896e0.yaml b/nuclei-templates/2022/CVE-2022-27856-b5b013b649a98c215832bbde298896e0.yaml
index b7cb9dfc7c..a7b531de58 100644
--- a/nuclei-templates/2022/CVE-2022-27856-b5b013b649a98c215832bbde298896e0.yaml
+++ b/nuclei-templates/2022/CVE-2022-27856-b5b013b649a98c215832bbde298896e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export All URLs <= 4.1 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Export All URLs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/export-all-urls/"
     google-query: inurl:"/wp-content/plugins/export-all-urls/"
     shodan-query: 'vuln:CVE-2022-27856'
-  tags: cve,wordpress,wp-plugin,export-all-urls,medium
+  tags: cve,wordpress,wp-plugin,export-all-urls,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-27859-c95f7d5b525da0435460cefad8d11b57.yaml b/nuclei-templates/2022/CVE-2022-27859-c95f7d5b525da0435460cefad8d11b57.yaml
index 1ec6f5cd3b..49a0c574c2 100644
--- a/nuclei-templates/2022/CVE-2022-27859-c95f7d5b525da0435460cefad8d11b57.yaml
+++ b/nuclei-templates/2022/CVE-2022-27859-c95f7d5b525da0435460cefad8d11b57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Travel Management <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-travel/"
     google-query: inurl:"/wp-content/plugins/nd-travel/"
     shodan-query: 'vuln:CVE-2022-27859'
-  tags: cve,wordpress,wp-plugin,nd-travel,medium
+  tags: cve,wordpress,wp-plugin,nd-travel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2799-9029119eb68fd27e882d54dbd4a742cd.yaml b/nuclei-templates/2022/CVE-2022-2799-9029119eb68fd27e882d54dbd4a742cd.yaml
index eff0d87e12..f0e4266927 100644
--- a/nuclei-templates/2022/CVE-2022-2799-9029119eb68fd27e882d54dbd4a742cd.yaml
+++ b/nuclei-templates/2022/CVE-2022-2799-9029119eb68fd27e882d54dbd4a742cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Affiliates Manager <= 2.9.13 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Affiliates Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.9.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliates-manager/"
     google-query: inurl:"/wp-content/plugins/affiliates-manager/"
     shodan-query: 'vuln:CVE-2022-2799'
-  tags: cve,wordpress,wp-plugin,affiliates-manager,medium
+  tags: cve,wordpress,wp-plugin,affiliates-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2823-ed137f483ea3e94091bee5b4d772d058.yaml b/nuclei-templates/2022/CVE-2022-2823-ed137f483ea3e94091bee5b4d772d058.yaml
index 1004baf7f4..e9dedfe275 100644
--- a/nuclei-templates/2022/CVE-2022-2823-ed137f483ea3e94091bee5b4d772d058.yaml
+++ b/nuclei-templates/2022/CVE-2022-2823-ed137f483ea3e94091bee5b4d772d058.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 3.27.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The "Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.27.8 due to insufficient input sanitization and output escaping of some of its parameters. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ml-slider/"
     google-query: inurl:"/wp-content/plugins/ml-slider/"
     shodan-query: 'vuln:CVE-2022-2823'
-  tags: cve,wordpress,wp-plugin,ml-slider,medium
+  tags: cve,wordpress,wp-plugin,ml-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2863-c09b3bbf7fa2f9da4c4d07cfecb5595a.yaml b/nuclei-templates/2022/CVE-2022-2863-c09b3bbf7fa2f9da4c4d07cfecb5595a.yaml
index 20d19e117e..68f86e1219 100644
--- a/nuclei-templates/2022/CVE-2022-2863-c09b3bbf7fa2f9da4c4d07cfecb5595a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2863-c09b3bbf7fa2f9da4c4d07cfecb5595a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Administrator+) Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPvivid backup plugin  for WordPress is vulnerable to arbitrary file read due to missing parameter sanitization and validation on the 'file_name' parameter in versions up to, and including, 0.9.75. This makes it possible for authenticated attackers, with administrator level permissions and above, to access arbitrary files on the affected sites server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:CVE-2022-2863'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,medium
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2864-14a6574b6d9fc13262269a727d440dc3.yaml b/nuclei-templates/2022/CVE-2022-2864-14a6574b6d9fc13262269a727d440dc3.yaml
index 0b60109fa2..9d2d291ea9 100644
--- a/nuclei-templates/2022/CVE-2022-2864-14a6574b6d9fc13262269a727d440dc3.yaml
+++ b/nuclei-templates/2022/CVE-2022-2864-14a6574b6d9fc13262269a727d440dc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     demon image annotation <= 4.7 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/demon-image-annotation/"
     google-query: inurl:"/wp-content/plugins/demon-image-annotation/"
     shodan-query: 'vuln:CVE-2022-2864'
-  tags: cve,wordpress,wp-plugin,demon-image-annotation,high
+  tags: cve,wordpress,wp-plugin,demon-image-annotation,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-28700-37be249d4dba046bd5576085cbb2729e.yaml b/nuclei-templates/2022/CVE-2022-28700-37be249d4dba046bd5576085cbb2729e.yaml
index 22821dd096..98f1d50719 100644
--- a/nuclei-templates/2022/CVE-2022-28700-37be249d4dba046bd5576085cbb2729e.yaml
+++ b/nuclei-templates/2022/CVE-2022-28700-37be249d4dba046bd5576085cbb2729e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.20.2 - Authenticated Arbitrary File Creation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2022-28700'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2887-47415a21e09795154df1ff35281901c5.yaml b/nuclei-templates/2022/CVE-2022-2887-47415a21e09795154df1ff35281901c5.yaml
index 44f6ff9b49..132e891bb8 100644
--- a/nuclei-templates/2022/CVE-2022-2887-47415a21e09795154df1ff35281901c5.yaml
+++ b/nuclei-templates/2022/CVE-2022-2887-47415a21e09795154df1ff35281901c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Server Health Stats <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Server Health Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘API Pro Key’ parameter in versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-server-stats/"
     google-query: inurl:"/wp-content/plugins/wp-server-stats/"
     shodan-query: 'vuln:CVE-2022-2887'
-  tags: cve,wordpress,wp-plugin,wp-server-stats,medium
+  tags: cve,wordpress,wp-plugin,wp-server-stats,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2903-a2ca90e41d2e5160436c08c965469eba.yaml b/nuclei-templates/2022/CVE-2022-2903-a2ca90e41d2e5160436c08c965469eba.yaml
index 54a2207db8..3a3d3928bf 100644
--- a/nuclei-templates/2022/CVE-2022-2903-a2ca90e41d2e5160436c08c965469eba.yaml
+++ b/nuclei-templates/2022/CVE-2022-2903-a2ca90e41d2e5160436c08c965469eba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.6.12  via deserialization of untrusted input. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable NinjaForms. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2022-2903'
-  tags: cve,wordpress,wp-plugin,ninja-forms,high
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2926-30d61c53466fa58934f9b72c5790a166.yaml b/nuclei-templates/2022/CVE-2022-2926-30d61c53466fa58934f9b72c5790a166.yaml
index 50c97ddd35..f1c3eab2ed 100644
--- a/nuclei-templates/2022/CVE-2022-2926-30d61c53466fa58934f9b72c5790a166.yaml
+++ b/nuclei-templates/2022/CVE-2022-2926-30d61c53466fa58934f9b72c5790a166.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.54 - Authenticated (Admin+) Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Manager plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 3.2.54  via the File Browser Root field. This makes it possible for administrator-level attackers to list and read arbitrary files and folders outside of the blog directory.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2022-2926'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2934-e9ae67bcdb286ec58db8997d8a78829a.yaml b/nuclei-templates/2022/CVE-2022-2934-e9ae67bcdb286ec58db8997d8a78829a.yaml
index 6d906a1fa0..26e9125d0c 100644
--- a/nuclei-templates/2022/CVE-2022-2934-e9ae67bcdb286ec58db8997d8a78829a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2934-e9ae67bcdb286ec58db8997d8a78829a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL'  value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2022-2934'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2935-d213e2e9594308f580bdffdb06a3d065.yaml b/nuclei-templates/2022/CVE-2022-2935-d213e2e9594308f580bdffdb06a3d065.yaml
index b5fc2a1641..fe5d387b42 100644
--- a/nuclei-templates/2022/CVE-2022-2935-d213e2e9594308f580bdffdb06a3d065.yaml
+++ b/nuclei-templates/2022/CVE-2022-2935-d213e2e9594308f580bdffdb06a3d065.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-ultimate/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/"
     shodan-query: 'vuln:CVE-2022-2935'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,medium
+  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2936-eef599f42089077d3f1367aba810ab3a.yaml b/nuclei-templates/2022/CVE-2022-2936-eef599f42089077d3f1367aba810ab3a.yaml
index 2d38f4241d..9face0ef3a 100644
--- a/nuclei-templates/2022/CVE-2022-2936-eef599f42089077d3f1367aba810ab3a.yaml
+++ b/nuclei-templates/2022/CVE-2022-2936-eef599f42089077d3f1367aba810ab3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-ultimate/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/"
     shodan-query: 'vuln:CVE-2022-2936'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,medium
+  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2937-f12c6444f5c306cf6d2f74b5d9b1f8a0.yaml b/nuclei-templates/2022/CVE-2022-2937-f12c6444f5c306cf6d2f74b5d9b1f8a0.yaml
index 8eeb593414..9a2e0f319f 100644
--- a/nuclei-templates/2022/CVE-2022-2937-f12c6444f5c306cf6d2f74b5d9b1f8a0.yaml
+++ b/nuclei-templates/2022/CVE-2022-2937-f12c6444f5c306cf6d2f74b5d9b1f8a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Title & Description
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-ultimate/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/"
     shodan-query: 'vuln:CVE-2022-2937'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,medium
+  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2940-193e887d8efbd63f7ee64b85c4a576a5.yaml b/nuclei-templates/2022/CVE-2022-2940-193e887d8efbd63f7ee64b85c4a576a5.yaml
index 2536fa9e08..efb17062ed 100644
--- a/nuclei-templates/2022/CVE-2022-2940-193e887d8efbd63f7ee64b85c4a576a5.yaml
+++ b/nuclei-templates/2022/CVE-2022-2940-193e887d8efbd63f7ee64b85c4a576a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Subscriber+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Feed Them Social plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘access_token’ parameter in the function fts_instagram_token_ajax in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, subscriber and above, to inject arbitrary web scripts stored in the plugin options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feed-them-social/"
     google-query: inurl:"/wp-content/plugins/feed-them-social/"
     shodan-query: 'vuln:CVE-2022-2940'
-  tags: cve,wordpress,wp-plugin,feed-them-social,medium
+  tags: cve,wordpress,wp-plugin,feed-them-social,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29406-092e64b42de134fb4233d6bec85b9415.yaml b/nuclei-templates/2022/CVE-2022-29406-092e64b42de134fb4233d6bec85b9415.yaml
index 74fcf010f9..4af1debc22 100644
--- a/nuclei-templates/2022/CVE-2022-29406-092e64b42de134fb4233d6bec85b9415.yaml
+++ b/nuclei-templates/2022/CVE-2022-29406-092e64b42de134fb4233d6bec85b9415.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Team Manager <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Team Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-team-manager/"
     google-query: inurl:"/wp-content/plugins/wp-team-manager/"
     shodan-query: 'vuln:CVE-2022-29406'
-  tags: cve,wordpress,wp-plugin,wp-team-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-team-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29408-4039c397e350c84a436243d9a4f3eab1.yaml b/nuclei-templates/2022/CVE-2022-29408-4039c397e350c84a436243d9a4f3eab1.yaml
index c343311f19..68c3a8fc31 100644
--- a/nuclei-templates/2022/CVE-2022-29408-4039c397e350c84a436243d9a4f3eab1.yaml
+++ b/nuclei-templates/2022/CVE-2022-29408-4039c397e350c84a436243d9a4f3eab1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Contact form 7 DB <= 1.8.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-cf7-db/"
     google-query: inurl:"/wp-content/plugins/advanced-cf7-db/"
     shodan-query: 'vuln:CVE-2022-29408'
-  tags: cve,wordpress,wp-plugin,advanced-cf7-db,medium
+  tags: cve,wordpress,wp-plugin,advanced-cf7-db,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2941-5b8cbfd6e3ba79c4725fe838c412c514.yaml b/nuclei-templates/2022/CVE-2022-2941-5b8cbfd6e3ba79c4725fe838c412c514.yaml
index 3bc939bb69..456b747e30 100644
--- a/nuclei-templates/2022/CVE-2022-2941-5b8cbfd6e3ba79c4725fe838c412c514.yaml
+++ b/nuclei-templates/2022/CVE-2022-2941-5b8cbfd6e3ba79c4725fe838c412c514.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-useronline/"
     google-query: inurl:"/wp-content/plugins/wp-useronline/"
     shodan-query: 'vuln:CVE-2022-2941'
-  tags: cve,wordpress,wp-plugin,wp-useronline,medium
+  tags: cve,wordpress,wp-plugin,wp-useronline,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29410-43b828ba6ca06e13c96e8d6957a25d26.yaml b/nuclei-templates/2022/CVE-2022-29410-43b828ba6ca06e13c96e8d6957a25d26.yaml
index 6287a3ed37..27fc2cdd2d 100644
--- a/nuclei-templates/2022/CVE-2022-29410-43b828ba6ca06e13c96e8d6957a25d26.yaml
+++ b/nuclei-templates/2022/CVE-2022-29410-43b828ba6ca06e13c96e8d6957a25d26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hermit 音乐播放器 <= 3.1.6 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 is vulnerable to SQL injection. This allows authenticated attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). Versions up to 3.1.6 are affected.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hermit/"
     google-query: inurl:"/wp-content/plugins/hermit/"
     shodan-query: 'vuln:CVE-2022-29410'
-  tags: cve,wordpress,wp-plugin,hermit,high
+  tags: cve,wordpress,wp-plugin,hermit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29413-3ba7758def7bb999accbbcf70be2e182.yaml b/nuclei-templates/2022/CVE-2022-29413-3ba7758def7bb999accbbcf70be2e182.yaml
index f626da9af7..425b7cb53a 100644
--- a/nuclei-templates/2022/CVE-2022-29413-3ba7758def7bb999accbbcf70be2e182.yaml
+++ b/nuclei-templates/2022/CVE-2022-29413-3ba7758def7bb999accbbcf70be2e182.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hermit 音乐播放器 <= 3.1.6 -  Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器  plugin <= 3.1.6 on WordPress via title parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hermit/"
     google-query: inurl:"/wp-content/plugins/hermit/"
     shodan-query: 'vuln:CVE-2022-29413'
-  tags: cve,wordpress,wp-plugin,hermit,high
+  tags: cve,wordpress,wp-plugin,hermit,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29414-218762f76a47ddcb2051ebcd055069c7.yaml b/nuclei-templates/2022/CVE-2022-29414-218762f76a47ddcb2051ebcd055069c7.yaml
index fe8d3344cd..09ca4e7ac8 100644
--- a/nuclei-templates/2022/CVE-2022-29414-218762f76a47ddcb2051ebcd055069c7.yaml
+++ b/nuclei-templates/2022/CVE-2022-29414-218762f76a47ddcb2051ebcd055069c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Subscribe To Comments Reloaded <= 211130 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/subscribe-to-comments-reloaded/"
     google-query: inurl:"/wp-content/plugins/subscribe-to-comments-reloaded/"
     shodan-query: 'vuln:CVE-2022-29414'
-  tags: cve,wordpress,wp-plugin,subscribe-to-comments-reloaded,high
+  tags: cve,wordpress,wp-plugin,subscribe-to-comments-reloaded,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29418-d2a99368cddd63664c69600c9b7c92a3.yaml b/nuclei-templates/2022/CVE-2022-29418-d2a99368cddd63664c69600c9b7c92a3.yaml
index 30f4eb7448..e082039669 100644
--- a/nuclei-templates/2022/CVE-2022-29418-d2a99368cddd63664c69600c9b7c92a3.yaml
+++ b/nuclei-templates/2022/CVE-2022-29418-d2a99368cddd63664c69600c9b7c92a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Night Mode <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color].
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/night-mode/"
     google-query: inurl:"/wp-content/plugins/night-mode/"
     shodan-query: 'vuln:CVE-2022-29418'
-  tags: cve,wordpress,wp-plugin,night-mode,medium
+  tags: cve,wordpress,wp-plugin,night-mode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29419-af2ae774d22378ee0a69d1768e15e475.yaml b/nuclei-templates/2022/CVE-2022-29419-af2ae774d22378ee0a69d1768e15e475.yaml
index 6978729655..c054227d56 100644
--- a/nuclei-templates/2022/CVE-2022-29419-af2ae774d22378ee0a69d1768e15e475.yaml
+++ b/nuclei-templates/2022/CVE-2022-29419-af2ae774d22378ee0a69d1768e15e475.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3xSocializer <= 0.98.22 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3xsocializer/"
     google-query: inurl:"/wp-content/plugins/3xsocializer/"
     shodan-query: 'vuln:CVE-2022-29419'
-  tags: cve,wordpress,wp-plugin,3xsocializer,high
+  tags: cve,wordpress,wp-plugin,3xsocializer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2942-e4fb6d249b711115cf1c72af2ed8bb4d.yaml b/nuclei-templates/2022/CVE-2022-2942-e4fb6d249b711115cf1c72af2ed8bb4d.yaml
index 64bd44fb32..eef0b8bc47 100644
--- a/nuclei-templates/2022/CVE-2022-2942-e4fb6d249b711115cf1c72af2ed8bb4d.yaml
+++ b/nuclei-templates/2022/CVE-2022-2942-e4fb6d249b711115cf1c72af2ed8bb4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Cross-Site Request Forgery to Settings update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Feed Them Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.9. This is due to missing or incorrect nonce validation on various functions such as fts_instagram_token_ajax(). This makes it possible for unauthenticated attackers to trigger settings updates via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feed-them-social/"
     google-query: inurl:"/wp-content/plugins/feed-them-social/"
     shodan-query: 'vuln:CVE-2022-2942'
-  tags: cve,wordpress,wp-plugin,feed-them-social,high
+  tags: cve,wordpress,wp-plugin,feed-them-social,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29420-8078b4f9949ef9f89bc0fb06a9571b7f.yaml b/nuclei-templates/2022/CVE-2022-29420-8078b4f9949ef9f89bc0fb06a9571b7f.yaml
index afb2c7695a..9f4b540020 100644
--- a/nuclei-templates/2022/CVE-2022-29420-8078b4f9949ef9f89bc0fb06a9571b7f.yaml
+++ b/nuclei-templates/2022/CVE-2022-29420-8078b4f9949ef9f89bc0fb06a9571b7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Countdown & Clock <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/countdown-builder/"
     google-query: inurl:"/wp-content/plugins/countdown-builder/"
     shodan-query: 'vuln:CVE-2022-29420'
-  tags: cve,wordpress,wp-plugin,countdown-builder,medium
+  tags: cve,wordpress,wp-plugin,countdown-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29422-2e3506811e52ec17c7634c4366161915.yaml b/nuclei-templates/2022/CVE-2022-29422-2e3506811e52ec17c7634c4366161915.yaml
index dfe32b552b..28825a7d9d 100644
--- a/nuclei-templates/2022/CVE-2022-29422-2e3506811e52ec17c7634c4366161915.yaml
+++ b/nuclei-templates/2022/CVE-2022-29422-2e3506811e52ec17c7634c4366161915.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.3.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/countdown-builder/"
     google-query: inurl:"/wp-content/plugins/countdown-builder/"
     shodan-query: 'vuln:CVE-2022-29422'
-  tags: cve,wordpress,wp-plugin,countdown-builder,medium
+  tags: cve,wordpress,wp-plugin,countdown-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29425-d9b04ea1292b41be830780f6e6d01550.yaml b/nuclei-templates/2022/CVE-2022-29425-d9b04ea1292b41be830780f6e6d01550.yaml
index becd715897..1a5ae8899e 100644
--- a/nuclei-templates/2022/CVE-2022-29425-d9b04ea1292b41be830780f6e6d01550.yaml
+++ b/nuclei-templates/2022/CVE-2022-29425-d9b04ea1292b41be830780f6e6d01550.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Checkout Files Upload for WooCommerce <= 2.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/checkout-files-upload-woocommerce/"
     google-query: inurl:"/wp-content/plugins/checkout-files-upload-woocommerce/"
     shodan-query: 'vuln:CVE-2022-29425'
-  tags: cve,wordpress,wp-plugin,checkout-files-upload-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,checkout-files-upload-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29428-596c1534922e10c637aff8c9e7564a21.yaml b/nuclei-templates/2022/CVE-2022-29428-596c1534922e10c637aff8c9e7564a21.yaml
index 93fcbed662..f1d6421d76 100644
--- a/nuclei-templates/2022/CVE-2022-29428-596c1534922e10c637aff8c9e7564a21.yaml
+++ b/nuclei-templates/2022/CVE-2022-29428-596c1534922e10c637aff8c9e7564a21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Slider Plugin <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-slider-ssp/"
     google-query: inurl:"/wp-content/plugins/simple-slider-ssp/"
     shodan-query: 'vuln:CVE-2022-29428'
-  tags: cve,wordpress,wp-plugin,simple-slider-ssp,medium
+  tags: cve,wordpress,wp-plugin,simple-slider-ssp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29429-989eb9c3cbf3a8a65b24266fa6fa3458.yaml b/nuclei-templates/2022/CVE-2022-29429-989eb9c3cbf3a8a65b24266fa6fa3458.yaml
index 54482e53be..d52b841a75 100644
--- a/nuclei-templates/2022/CVE-2022-29429-989eb9c3cbf3a8a65b24266fa6fa3458.yaml
+++ b/nuclei-templates/2022/CVE-2022-29429-989eb9c3cbf3a8a65b24266fa6fa3458.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/code-snippets-extended/"
     google-query: inurl:"/wp-content/plugins/code-snippets-extended/"
     shodan-query: 'vuln:CVE-2022-29429'
-  tags: cve,wordpress,wp-plugin,code-snippets-extended,high
+  tags: cve,wordpress,wp-plugin,code-snippets-extended,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2943-581efb108579060acb9ef33538e40085.yaml b/nuclei-templates/2022/CVE-2022-2943-581efb108579060acb9ef33538e40085.yaml
index 35bb8a26a8..13654b5c50 100644
--- a/nuclei-templates/2022/CVE-2022-2943-581efb108579060acb9ef33538e40085.yaml
+++ b/nuclei-templates/2022/CVE-2022-2943-581efb108579060acb9ef33538e40085.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-load-more/"
     google-query: inurl:"/wp-content/plugins/ajax-load-more/"
     shodan-query: 'vuln:CVE-2022-2943'
-  tags: cve,wordpress,wp-plugin,ajax-load-more,medium
+  tags: cve,wordpress,wp-plugin,ajax-load-more,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29430-63d2a51e3e8824195c3d41033688aedc.yaml b/nuclei-templates/2022/CVE-2022-29430-63d2a51e3e8824195c3d41033688aedc.yaml
index 33f3b35db4..c1b3347e62 100644
--- a/nuclei-templates/2022/CVE-2022-29430-63d2a51e3e8824195c3d41033688aedc.yaml
+++ b/nuclei-templates/2022/CVE-2022-29430-63d2a51e3e8824195c3d41033688aedc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PNG to JPG <= 5.8 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/png-to-jpg/"
     google-query: inurl:"/wp-content/plugins/png-to-jpg/"
     shodan-query: 'vuln:CVE-2022-29430'
-  tags: cve,wordpress,wp-plugin,png-to-jpg,high
+  tags: cve,wordpress,wp-plugin,png-to-jpg,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29431-47c8baaa723b461feba125f5d75cdf5b.yaml b/nuclei-templates/2022/CVE-2022-29431-47c8baaa723b461feba125f5d75cdf5b.yaml
index 9332b9e8ce..4d740be252 100644
--- a/nuclei-templates/2022/CVE-2022-29431-47c8baaa723b461feba125f5d75cdf5b.yaml
+++ b/nuclei-templates/2022/CVE-2022-29431-47c8baaa723b461feba125f5d75cdf5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Remove CPT base <= 5.8 - Cross-Site Request Forgery to CPT base deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/remove-cpt-base/"
     google-query: inurl:"/wp-content/plugins/remove-cpt-base/"
     shodan-query: 'vuln:CVE-2022-29431'
-  tags: cve,wordpress,wp-plugin,remove-cpt-base,high
+  tags: cve,wordpress,wp-plugin,remove-cpt-base,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29432-0c5b7f509db51c1a7230bd37febd24a9.yaml b/nuclei-templates/2022/CVE-2022-29432-0c5b7f509db51c1a7230bd37febd24a9.yaml
index 76f66a77f9..158c91dd41 100644
--- a/nuclei-templates/2022/CVE-2022-29432-0c5b7f509db51c1a7230bd37febd24a9.yaml
+++ b/nuclei-templates/2022/CVE-2022-29432-0c5b7f509db51c1a7230bd37febd24a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDataTables <= 2.1.27 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdatatables/"
     google-query: inurl:"/wp-content/plugins/wpdatatables/"
     shodan-query: 'vuln:CVE-2022-29432'
-  tags: cve,wordpress,wp-plugin,wpdatatables,medium
+  tags: cve,wordpress,wp-plugin,wpdatatables,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29433-7af5a8d75570b9733bf6f036d3311f98.yaml b/nuclei-templates/2022/CVE-2022-29433-7af5a8d75570b9733bf6f036d3311f98.yaml
index 609e9e5d1f..9437447fb2 100644
--- a/nuclei-templates/2022/CVE-2022-29433-7af5a8d75570b9733bf6f036d3311f98.yaml
+++ b/nuclei-templates/2022/CVE-2022-29433-7af5a8d75570b9733bf6f036d3311f98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donations <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Donations plugin <= 1.8 for WordPress is vulnerable to Authenticated stored Cross-Site Scripting (XSS) by users with the contributor role or higher
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-donations/"
     google-query: inurl:"/wp-content/plugins/nd-donations/"
     shodan-query: 'vuln:CVE-2022-29433'
-  tags: cve,wordpress,wp-plugin,nd-donations,medium
+  tags: cve,wordpress,wp-plugin,nd-donations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29436-429616022004f10edfb6da5df655ced8.yaml b/nuclei-templates/2022/CVE-2022-29436-429616022004f10edfb6da5df655ced8.yaml
index 9ea9c26424..2e85b3e870 100644
--- a/nuclei-templates/2022/CVE-2022-29436-429616022004f10edfb6da5df655ced8.yaml
+++ b/nuclei-templates/2022/CVE-2022-29436-429616022004f10edfb6da5df655ced8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/code-snippets-extended/"
     google-query: inurl:"/wp-content/plugins/code-snippets-extended/"
     shodan-query: 'vuln:CVE-2022-29436'
-  tags: cve,wordpress,wp-plugin,code-snippets-extended,high
+  tags: cve,wordpress,wp-plugin,code-snippets-extended,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29437-9ea1bb5d162409cd77ba612423f2f166.yaml b/nuclei-templates/2022/CVE-2022-29437-9ea1bb5d162409cd77ba612423f2f166.yaml
index fe3c9105cf..7ebf3ff021 100644
--- a/nuclei-templates/2022/CVE-2022-29437-9ea1bb5d162409cd77ba612423f2f166.yaml
+++ b/nuclei-templates/2022/CVE-2022-29437-9ea1bb5d162409cd77ba612423f2f166.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Slider by NextCode <= 1.1.2 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/baslider/"
     google-query: inurl:"/wp-content/plugins/baslider/"
     shodan-query: 'vuln:CVE-2022-29437'
-  tags: cve,wordpress,wp-plugin,baslider,high
+  tags: cve,wordpress,wp-plugin,baslider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29438-6df2df1f538663a4b281d00b01155047.yaml b/nuclei-templates/2022/CVE-2022-29438-6df2df1f538663a4b281d00b01155047.yaml
index 44fa64a0ad..b325e46942 100644
--- a/nuclei-templates/2022/CVE-2022-29438-6df2df1f538663a4b281d00b01155047.yaml
+++ b/nuclei-templates/2022/CVE-2022-29438-6df2df1f538663a4b281d00b01155047.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Slider by NextCode <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Slider by NextCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/baslider/"
     google-query: inurl:"/wp-content/plugins/baslider/"
     shodan-query: 'vuln:CVE-2022-29438'
-  tags: cve,wordpress,wp-plugin,baslider,medium
+  tags: cve,wordpress,wp-plugin,baslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29439-8d331ddadf2ec92c698925fb701e1625.yaml b/nuclei-templates/2022/CVE-2022-29439-8d331ddadf2ec92c698925fb701e1625.yaml
index a19b407fc7..0fcd356f00 100644
--- a/nuclei-templates/2022/CVE-2022-29439-8d331ddadf2ec92c698925fb701e1625.yaml
+++ b/nuclei-templates/2022/CVE-2022-29439-8d331ddadf2ec92c698925fb701e1625.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Slider by NextCode <= 1.1.2 - Cross-Site Request Forgery to Slide Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/baslider/"
     google-query: inurl:"/wp-content/plugins/baslider/"
     shodan-query: 'vuln:CVE-2022-29439'
-  tags: cve,wordpress,wp-plugin,baslider,high
+  tags: cve,wordpress,wp-plugin,baslider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2944-0c91dc81841b4946dcdd188b1f4f59d9.yaml b/nuclei-templates/2022/CVE-2022-2944-0c91dc81841b4946dcdd188b1f4f59d9.yaml
index 1cf76e145f..af21da9bce 100644
--- a/nuclei-templates/2022/CVE-2022-2944-0c91dc81841b4946dcdd188b1f4f59d9.yaml
+++ b/nuclei-templates/2022/CVE-2022-2944-0c91dc81841b4946dcdd188b1f4f59d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Countdown Widget <= 3.1.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-countdown-widget/"
     google-query: inurl:"/wp-content/plugins/wordpress-countdown-widget/"
     shodan-query: 'vuln:CVE-2022-2944'
-  tags: cve,wordpress,wp-plugin,wordpress-countdown-widget,medium
+  tags: cve,wordpress,wp-plugin,wordpress-countdown-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29440-bffa3ebfd0f8f4eee0788789721093cc.yaml b/nuclei-templates/2022/CVE-2022-29440-bffa3ebfd0f8f4eee0788789721093cc.yaml
index f72234c6b1..09ab41272e 100644
--- a/nuclei-templates/2022/CVE-2022-29440-bffa3ebfd0f8f4eee0788789721093cc.yaml
+++ b/nuclei-templates/2022/CVE-2022-29440-bffa3ebfd0f8f4eee0788789721093cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Promotion Slider <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Promotion Slider in versions up to and including 3.3.4 is vulnerable to Authenticated Stored Cross-Site Scripting via post metadata due to insufficient input sanitization and output escaping in the function save_meta_data. This allows contributors and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/promotion-slider/"
     google-query: inurl:"/wp-content/plugins/promotion-slider/"
     shodan-query: 'vuln:CVE-2022-29440'
-  tags: cve,wordpress,wp-plugin,promotion-slider,medium
+  tags: cve,wordpress,wp-plugin,promotion-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29442-28a0fb0e5795f11d3d7f2a955c95e65c.yaml b/nuclei-templates/2022/CVE-2022-29442-28a0fb0e5795f11d3d7f2a955c95e65c.yaml
index 3bdd6191b1..d0eedae0ab 100644
--- a/nuclei-templates/2022/CVE-2022-29442-28a0fb0e5795f11d3d7f2a955c95e65c.yaml
+++ b/nuclei-templates/2022/CVE-2022-29442-28a0fb0e5795f11d3d7f2a955c95e65c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Private Messages For WordPress <= 2.1.10 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/private-messages-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/private-messages-for-wordpress/"
     shodan-query: 'vuln:CVE-2022-29442'
-  tags: cve,wordpress,wp-plugin,private-messages-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,private-messages-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29443-164126146e9a645f77469a8e4602aa76.yaml b/nuclei-templates/2022/CVE-2022-29443-164126146e9a645f77469a8e4602aa76.yaml
index a72c735308..2fb45262b6 100644
--- a/nuclei-templates/2022/CVE-2022-29443-164126146e9a645f77469a8e4602aa76.yaml
+++ b/nuclei-templates/2022/CVE-2022-29443-164126146e9a645f77469a8e4602aa76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hotel Booking < 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin < 3.3 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-booking/"
     google-query: inurl:"/wp-content/plugins/nd-booking/"
     shodan-query: 'vuln:CVE-2022-29443'
-  tags: cve,wordpress,wp-plugin,nd-booking,medium
+  tags: cve,wordpress,wp-plugin,nd-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29445-66e44ffd73c4157b210becf5e5234e8e.yaml b/nuclei-templates/2022/CVE-2022-29445-66e44ffd73c4157b210becf5e5234e8e.yaml
index c07ca7a1a9..ec83480ba3 100644
--- a/nuclei-templates/2022/CVE-2022-29445-66e44ffd73c4157b210becf5e5234e8e.yaml
+++ b/nuclei-templates/2022/CVE-2022-29445-66e44ffd73c4157b210becf5e5234e8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Box <= 2.1.2 - Authenticated Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-box/"
     google-query: inurl:"/wp-content/plugins/popup-box/"
     shodan-query: 'vuln:CVE-2022-29445'
-  tags: cve,wordpress,wp-plugin,popup-box,medium
+  tags: cve,wordpress,wp-plugin,popup-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29446-d41f2371740382f5fe12f9b2729e260d.yaml b/nuclei-templates/2022/CVE-2022-29446-d41f2371740382f5fe12f9b2729e260d.yaml
index 08d5b7aaa3..c279375055 100644
--- a/nuclei-templates/2022/CVE-2022-29446-d41f2371740382f5fe12f9b2729e260d.yaml
+++ b/nuclei-templates/2022/CVE-2022-29446-d41f2371740382f5fe12f9b2729e260d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Counter Box <= 1.1.1 - Authenticated Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/counter-box/"
     google-query: inurl:"/wp-content/plugins/counter-box/"
     shodan-query: 'vuln:CVE-2022-29446'
-  tags: cve,wordpress,wp-plugin,counter-box,medium
+  tags: cve,wordpress,wp-plugin,counter-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29447-4e07fbfa9287b3d698591e747048b894.yaml b/nuclei-templates/2022/CVE-2022-29447-4e07fbfa9287b3d698591e747048b894.yaml
index a0c6d66106..07c5423496 100644
--- a/nuclei-templates/2022/CVE-2022-29447-4e07fbfa9287b3d698591e747048b894.yaml
+++ b/nuclei-templates/2022/CVE-2022-29447-4e07fbfa9287b3d698591e747048b894.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hover Effects – easily create any hover effect <= 2.1 - Authenticated Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hover-effects/"
     google-query: inurl:"/wp-content/plugins/hover-effects/"
     shodan-query: 'vuln:CVE-2022-29447'
-  tags: cve,wordpress,wp-plugin,hover-effects,medium
+  tags: cve,wordpress,wp-plugin,hover-effects,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29448-013a3c9fa700970f10b7bbed788f507b.yaml b/nuclei-templates/2022/CVE-2022-29448-013a3c9fa700970f10b7bbed788f507b.yaml
index d7f1fd2b7e..bb7c425b75 100644
--- a/nuclei-templates/2022/CVE-2022-29448-013a3c9fa700970f10b7bbed788f507b.yaml
+++ b/nuclei-templates/2022/CVE-2022-29448-013a3c9fa700970f10b7bbed788f507b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Herd Effects <= 5.2 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mwp-herd-effect/"
     google-query: inurl:"/wp-content/plugins/mwp-herd-effect/"
     shodan-query: 'vuln:CVE-2022-29448'
-  tags: cve,wordpress,wp-plugin,mwp-herd-effect,high
+  tags: cve,wordpress,wp-plugin,mwp-herd-effect,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29449-6dff8ad57b57f849baa2c45d3ecc2834.yaml b/nuclei-templates/2022/CVE-2022-29449-6dff8ad57b57f849baa2c45d3ecc2834.yaml
index 41a3de1f6d..643e0658dd 100644
--- a/nuclei-templates/2022/CVE-2022-29449-6dff8ad57b57f849baa2c45d3ecc2834.yaml
+++ b/nuclei-templates/2022/CVE-2022-29449-6dff8ad57b57f849baa2c45d3ecc2834.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Opal Hotel Room Booking plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/opal-hotel-room-booking/"
     google-query: inurl:"/wp-content/plugins/opal-hotel-room-booking/"
     shodan-query: 'vuln:CVE-2022-29449'
-  tags: cve,wordpress,wp-plugin,opal-hotel-room-booking,medium
+  tags: cve,wordpress,wp-plugin,opal-hotel-room-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29450-de7a5d3d23cd7a255b8c43340d197b1b.yaml b/nuclei-templates/2022/CVE-2022-29450-de7a5d3d23cd7a255b8c43340d197b1b.yaml
index 9e3fd3f549..c465485dbd 100644
--- a/nuclei-templates/2022/CVE-2022-29450-de7a5d3d23cd7a255b8c43340d197b1b.yaml
+++ b/nuclei-templates/2022/CVE-2022-29450-de7a5d3d23cd7a255b8c43340d197b1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-management-xtended/"
     google-query: inurl:"/wp-content/plugins/admin-management-xtended/"
     shodan-query: 'vuln:CVE-2022-29450'
-  tags: cve,wordpress,wp-plugin,admin-management-xtended,high
+  tags: cve,wordpress,wp-plugin,admin-management-xtended,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29451-7625842be5b20a912d85c30fab35389d.yaml b/nuclei-templates/2022/CVE-2022-29451-7625842be5b20a912d85c30fab35389d.yaml
index 78570a55c5..8197ee679a 100644
--- a/nuclei-templates/2022/CVE-2022-29451-7625842be5b20a912d85c30fab35389d.yaml
+++ b/nuclei-templates/2022/CVE-2022-29451-7625842be5b20a912d85c30fab35389d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rara One Click Demo Import <= 1.2.9 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A Cross-Site Request Forgery leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rara-one-click-demo-import/"
     google-query: inurl:"/wp-content/plugins/rara-one-click-demo-import/"
     shodan-query: 'vuln:CVE-2022-29451'
-  tags: cve,wordpress,wp-plugin,rara-one-click-demo-import,high
+  tags: cve,wordpress,wp-plugin,rara-one-click-demo-import,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29454-27610b5571a30e556b64bf5b8d096808.yaml b/nuclei-templates/2022/CVE-2022-29454-27610b5571a30e556b64bf5b8d096808.yaml
index 7a606966e7..02efba8f0c 100644
--- a/nuclei-templates/2022/CVE-2022-29454-27610b5571a30e556b64bf5b8d096808.yaml
+++ b/nuclei-templates/2022/CVE-2022-29454-27610b5571a30e556b64bf5b8d096808.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Messages <= 1.9.9.148 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Better Messages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 19.9.148. This is due to missing nonce validation on the favorite() function. This makes it possible for unauthenticated attackers to favorite messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-better-messages/"
     google-query: inurl:"/wp-content/plugins/bp-better-messages/"
     shodan-query: 'vuln:CVE-2022-29454'
-  tags: cve,wordpress,wp-plugin,bp-better-messages,high
+  tags: cve,wordpress,wp-plugin,bp-better-messages,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29489-783f372f4644686742e160ed2c3ab92d.yaml b/nuclei-templates/2022/CVE-2022-29489-783f372f4644686742e160ed2c3ab92d.yaml
index 13d29c9418..e8a0dc52dc 100644
--- a/nuclei-templates/2022/CVE-2022-29489-783f372f4644686742e160ed2c3ab92d.yaml
+++ b/nuclei-templates/2022/CVE-2022-29489-783f372f4644686742e160ed2c3ab92d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sucuri Security <= 1.8.33 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Sucuri Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.33. This is due to missing or incorrect nonce validation on several of its hooks. This makes it possible for unauthenticated attackers to log edit/modify/delete events for themes and plugins, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sucuri-scanner/"
     google-query: inurl:"/wp-content/plugins/sucuri-scanner/"
     shodan-query: 'vuln:CVE-2022-29489'
-  tags: cve,wordpress,wp-plugin,sucuri-scanner,high
+  tags: cve,wordpress,wp-plugin,sucuri-scanner,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-29495-e90caa361b62564e08e191aa073473cd.yaml b/nuclei-templates/2022/CVE-2022-29495-e90caa361b62564e08e191aa073473cd.yaml
index 33f5966a56..6382c5eb2c 100644
--- a/nuclei-templates/2022/CVE-2022-29495-e90caa361b62564e08e191aa073473cd.yaml
+++ b/nuclei-templates/2022/CVE-2022-29495-e90caa361b62564e08e191aa073473cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The  "Popup Builder – Create highly converting, mobile friendly marketing popups." plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.11. This is due to missing or incorrect nonce validation on the saveSettings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-builder/"
     google-query: inurl:"/wp-content/plugins/popup-builder/"
     shodan-query: 'vuln:CVE-2022-29495'
-  tags: cve,wordpress,wp-plugin,popup-builder,high
+  tags: cve,wordpress,wp-plugin,popup-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2958-8e5d590ef949dabd3bb7265d663cdfbb.yaml b/nuclei-templates/2022/CVE-2022-2958-8e5d590ef949dabd3bb7265d663cdfbb.yaml
index c0fc4a0279..349b892d62 100644
--- a/nuclei-templates/2022/CVE-2022-2958-8e5d590ef949dabd3bb7265d663cdfbb.yaml
+++ b/nuclei-templates/2022/CVE-2022-2958-8e5d590ef949dabd3bb7265d663cdfbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BadgeOS <= 3.7.1.2 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The BadgeOS  plugin for WordPress is vulnerable to SQL Injection via some of its ajax actions in versions up to, and including, 3.7.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/badgeos/"
     google-query: inurl:"/wp-content/plugins/badgeos/"
     shodan-query: 'vuln:CVE-2022-2958'
-  tags: cve,wordpress,wp-plugin,badgeos,high
+  tags: cve,wordpress,wp-plugin,badgeos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2981-2ee20ef00c8dffbd5ed7b6a797548996.yaml b/nuclei-templates/2022/CVE-2022-2981-2ee20ef00c8dffbd5ed7b6a797548996.yaml
index 352ae11505..bc214348a3 100644
--- a/nuclei-templates/2022/CVE-2022-2981-2ee20ef00c8dffbd5ed7b6a797548996.yaml
+++ b/nuclei-templates/2022/CVE-2022-2981-2ee20ef00c8dffbd5ed7b6a797548996.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 4.5.97 - Authenticated (Administrator+) Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Monitor plugin for WordPress is vulnerable to arbitrary file downloads due to not verifying that downloaded files reside within the blog directory in versions up to, and including, 4.5.97. This makes it possible for authenticated attackers, with administrator-level permissions and above, to download arbitrary files on the affected site's server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:CVE-2022-2981'
-  tags: cve,wordpress,wp-plugin,download-monitor,medium
+  tags: cve,wordpress,wp-plugin,download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-2983-dff51ecf68a2a27471cd48bde63ce4a2.yaml b/nuclei-templates/2022/CVE-2022-2983-dff51ecf68a2a27471cd48bde63ce4a2.yaml
index 25707dcda3..d227c8def3 100644
--- a/nuclei-templates/2022/CVE-2022-2983-dff51ecf68a2a27471cd48bde63ce4a2.yaml
+++ b/nuclei-templates/2022/CVE-2022-2983-dff51ecf68a2a27471cd48bde63ce4a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salat Times < = 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Salat Times plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Title parameter in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salat-times/"
     google-query: inurl:"/wp-content/plugins/salat-times/"
     shodan-query: 'vuln:CVE-2022-2983'
-  tags: cve,wordpress,wp-plugin,salat-times,medium
+  tags: cve,wordpress,wp-plugin,salat-times,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3021-46b167768e3cac0676fa19e5201075cc.yaml b/nuclei-templates/2022/CVE-2022-3021-46b167768e3cac0676fa19e5201075cc.yaml
index 71d778beb2..701bc17c9f 100644
--- a/nuclei-templates/2022/CVE-2022-3021-46b167768e3cac0676fa19e5201075cc.yaml
+++ b/nuclei-templates/2022/CVE-2022-3021-46b167768e3cac0676fa19e5201075cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slickr Flickr <= 2.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slickr Flickr plugin for WordPress is vulnerable to Stored Cross-Site Scripting when saving its settings in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slickr-flickr/"
     google-query: inurl:"/wp-content/plugins/slickr-flickr/"
     shodan-query: 'vuln:CVE-2022-3021'
-  tags: cve,wordpress,wp-plugin,slickr-flickr,medium
+  tags: cve,wordpress,wp-plugin,slickr-flickr,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3024-600b942b044271afb765e6ae63286c52.yaml b/nuclei-templates/2022/CVE-2022-3024-600b942b044271afb765e6ae63286c52.yaml
index 34a693357c..b041870411 100644
--- a/nuclei-templates/2022/CVE-2022-3024-600b942b044271afb765e6ae63286c52.yaml
+++ b/nuclei-templates/2022/CVE-2022-3024-600b942b044271afb765e6ae63286c52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bitcoin Satoshi Tools <= 1.7.0 - Missing Authorization to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bitcoin Satoshi Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via one of its AJAX calls in versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Cross-Site Request Forgery protection is also missing. Furthermore, this missing authorization may also lead to the modification of bonds.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-bitcoin-faucets/"
     google-query: inurl:"/wp-content/plugins/simple-bitcoin-faucets/"
     shodan-query: 'vuln:CVE-2022-3024'
-  tags: cve,wordpress,wp-plugin,simple-bitcoin-faucets,medium
+  tags: cve,wordpress,wp-plugin,simple-bitcoin-faucets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3025-1ad3a36baf4c9ef732b67d8d092f21e4.yaml b/nuclei-templates/2022/CVE-2022-3025-1ad3a36baf4c9ef732b67d8d092f21e4.yaml
index 1e93528cd2..474b90ca4e 100644
--- a/nuclei-templates/2022/CVE-2022-3025-1ad3a36baf4c9ef732b67d8d092f21e4.yaml
+++ b/nuclei-templates/2022/CVE-2022-3025-1ad3a36baf4c9ef732b67d8d092f21e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bitcoin / Altcoin Faucet <= 1.6.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Bitcoin / Altcoin Faucet plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to lack of sanitization of user input, an attacker may also use this vulnerability to inject malicious JavaScript, that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bitcoin-faucet/"
     google-query: inurl:"/wp-content/plugins/bitcoin-faucet/"
     shodan-query: 'vuln:CVE-2022-3025'
-  tags: cve,wordpress,wp-plugin,bitcoin-faucet,high
+  tags: cve,wordpress,wp-plugin,bitcoin-faucet,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-30337-853440dc6a0bac372d49c0a52406c979.yaml b/nuclei-templates/2022/CVE-2022-30337-853440dc6a0bac372d49c0a52406c979.yaml
index 20f96e86b1..1f3c2cd40c 100644
--- a/nuclei-templates/2022/CVE-2022-30337-853440dc6a0bac372d49c0a52406c979.yaml
+++ b/nuclei-templates/2022/CVE-2022-30337-853440dc6a0bac372d49c0a52406c979.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meta SEO <= 4.4.8 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.8. This is due to incorrect nonce validation which only verifies the presence of a nonce value rather than the on the validity of the nonce on a couple of cases in the loadPage() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-seo/"
     google-query: inurl:"/wp-content/plugins/wp-meta-seo/"
     shodan-query: 'vuln:CVE-2022-30337'
-  tags: cve,wordpress,wp-plugin,wp-meta-seo,high
+  tags: cve,wordpress,wp-plugin,wp-meta-seo,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3036-c3ee6aa7cf2263de71bab964716588bf.yaml b/nuclei-templates/2022/CVE-2022-3036-c3ee6aa7cf2263de71bab964716588bf.yaml
index fdc204e95c..0b95ed9d59 100644
--- a/nuclei-templates/2022/CVE-2022-3036-c3ee6aa7cf2263de71bab964716588bf.yaml
+++ b/nuclei-templates/2022/CVE-2022-3036-c3ee6aa7cf2263de71bab964716588bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gettext override translations <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gettext override translations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘validconstant’ function in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gettext-override-translations/"
     google-query: inurl:"/wp-content/plugins/gettext-override-translations/"
     shodan-query: 'vuln:CVE-2022-3036'
-  tags: cve,wordpress,wp-plugin,gettext-override-translations,medium
+  tags: cve,wordpress,wp-plugin,gettext-override-translations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-30533-6a51878e913acce27812b845eba68b33.yaml b/nuclei-templates/2022/CVE-2022-30533-6a51878e913acce27812b845eba68b33.yaml
index 7c9bc70f57..3ff29f3edb 100644
--- a/nuclei-templates/2022/CVE-2022-30533-6a51878e913acce27812b845eba68b33.yaml
+++ b/nuclei-templates/2022/CVE-2022-30533-6a51878e913acce27812b845eba68b33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar Lite <= 6.2.9 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Modern Events Calendar Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 6.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2022-30533'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-30536-dcbc0003781c6decb5bf6d916532822b.yaml b/nuclei-templates/2022/CVE-2022-30536-dcbc0003781c6decb5bf6d916532822b.yaml
index a298b533dd..3bf2d5972e 100644
--- a/nuclei-templates/2022/CVE-2022-30536-dcbc0003781c6decb5bf6d916532822b.yaml
+++ b/nuclei-templates/2022/CVE-2022-30536-dcbc0003781c6decb5bf6d916532822b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Maintenance <= 6.0.7 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Maintenance plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative permissions and above to inject arbitrary web scripts that execute in a victim's browser. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2022-30536/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2022-30536/"
     shodan-query: 'vuln:CVE-2022-30536'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2022-30536,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2022-30536,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-30544-b58caf3062d49a3b707b9a414cc1dfaa.yaml b/nuclei-templates/2022/CVE-2022-30544-b58caf3062d49a3b707b9a414cc1dfaa.yaml
index f51d94423f..6afccbca39 100644
--- a/nuclei-templates/2022/CVE-2022-30544-b58caf3062d49a3b707b9a414cc1dfaa.yaml
+++ b/nuclei-templates/2022/CVE-2022-30544-b58caf3062d49a3b707b9a414cc1dfaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OSM - OpenStreetMap <= 6.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The OSM - OpenStreetMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/osm/"
     google-query: inurl:"/wp-content/plugins/osm/"
     shodan-query: 'vuln:CVE-2022-30544'
-  tags: cve,wordpress,wp-plugin,osm,high
+  tags: cve,wordpress,wp-plugin,osm,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3069-4626cb693582f4ef4c3fd754ef5fda3a.yaml b/nuclei-templates/2022/CVE-2022-3069-4626cb693582f4ef4c3fd754ef5fda3a.yaml
index e03b9b0257..4210f645b1 100644
--- a/nuclei-templates/2022/CVE-2022-3069-4626cb693582f4ef4c3fd754ef5fda3a.yaml
+++ b/nuclei-templates/2022/CVE-2022-3069-4626cb693582f4ef4c3fd754ef5fda3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wordlift <= 3.37.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wordlift plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.37.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordlift/"
     google-query: inurl:"/wp-content/plugins/wordlift/"
     shodan-query: 'vuln:CVE-2022-3069'
-  tags: cve,wordpress,wp-plugin,wordlift,medium
+  tags: cve,wordpress,wp-plugin,wordlift,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3070-213c6c67e9f7d7367e5fa5ff895afa34.yaml b/nuclei-templates/2022/CVE-2022-3070-213c6c67e9f7d7367e5fa5ff895afa34.yaml
index 733822079a..673d3ae038 100644
--- a/nuclei-templates/2022/CVE-2022-3070-213c6c67e9f7d7367e5fa5ff895afa34.yaml
+++ b/nuclei-templates/2022/CVE-2022-3070-213c6c67e9f7d7367e5fa5ff895afa34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Generate PDF using Contact Form 7 <= 3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with adminstrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/generate-pdf-using-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/generate-pdf-using-contact-form-7/"
     shodan-query: 'vuln:CVE-2022-3070'
-  tags: cve,wordpress,wp-plugin,generate-pdf-using-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,generate-pdf-using-contact-form-7,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3074-53fef4883b3ae390bd3ce74f9e9ddf6a.yaml b/nuclei-templates/2022/CVE-2022-3074-53fef4883b3ae390bd3ce74f9e9ddf6a.yaml
index 48b9f92562..2712a3039b 100644
--- a/nuclei-templates/2022/CVE-2022-3074-53fef4883b3ae390bd3ce74f9e9ddf6a.yaml
+++ b/nuclei-templates/2022/CVE-2022-3074-53fef4883b3ae390bd3ce74f9e9ddf6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Hero <= 8.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slider Hero plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in versions up to, and including, 8.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-hero/"
     google-query: inurl:"/wp-content/plugins/slider-hero/"
     shodan-query: 'vuln:CVE-2022-3074'
-  tags: cve,wordpress,wp-plugin,slider-hero,medium
+  tags: cve,wordpress,wp-plugin,slider-hero,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3076-5fc74cc66f5330c5bc45fdae1ec9ced1.yaml b/nuclei-templates/2022/CVE-2022-3076-5fc74cc66f5330c5bc45fdae1ec9ced1.yaml
index 14ae45426e..e53d9385b5 100644
--- a/nuclei-templates/2022/CVE-2022-3076-5fc74cc66f5330c5bc45fdae1ec9ced1.yaml
+++ b/nuclei-templates/2022/CVE-2022-3076-5fc74cc66f5330c5bc45fdae1ec9ced1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The CM Download Manager plugin for WordPress is vulnerable to arbitrary file uploads because it allows administrators to choose the php extension as an allowable file extension in versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cm-download-manager/"
     google-query: inurl:"/wp-content/plugins/cm-download-manager/"
     shodan-query: 'vuln:CVE-2022-3076'
-  tags: cve,wordpress,wp-plugin,cm-download-manager,high
+  tags: cve,wordpress,wp-plugin,cm-download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3082-14052cb4248c1d727995c47dc9e235be.yaml b/nuclei-templates/2022/CVE-2022-3082-14052cb4248c1d727995c47dc9e235be.yaml
index 1fbb591b1f..143adcfbc7 100644
--- a/nuclei-templates/2022/CVE-2022-3082-14052cb4248c1d727995c47dc9e235be.yaml
+++ b/nuclei-templates/2022/CVE-2022-3082-14052cb4248c1d727995c47dc9e235be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     miniOrange Discord Integration <= 2.1.5 - Missing Authorization to Plugin Options Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The miniOrange Discord Integration plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an several AJAX actions including 'mo_discord_check_capp_enable' and 'mo_discord_custom_app_enable_change_update' in versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions leading to plugin options update.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-discord-integration/"
     google-query: inurl:"/wp-content/plugins/miniorange-discord-integration/"
     shodan-query: 'vuln:CVE-2022-3082'
-  tags: cve,wordpress,wp-plugin,miniorange-discord-integration,medium
+  tags: cve,wordpress,wp-plugin,miniorange-discord-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3096-f6fedef4900f687723635382ff2bb4d5.yaml b/nuclei-templates/2022/CVE-2022-3096-f6fedef4900f687723635382ff2bb4d5.yaml
index ca2afe3bbe..5274d1a72c 100644
--- a/nuclei-templates/2022/CVE-2022-3096-f6fedef4900f687723635382ff2bb4d5.yaml
+++ b/nuclei-templates/2022/CVE-2022-3096-f6fedef4900f687723635382ff2bb4d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Total Hacks plugin for WordPress is vulnerable to stored Plugin Options Update and Cross-Site Scripting in versions up to, and including, 4.7.2 This allows authenticated attackers with subscriber-level permissions the ability to embed JavaScript which will be executed in the browser of anyone who logs into the admin area, even if unfiltered_html is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-total-hacks/"
     google-query: inurl:"/wp-content/plugins/wp-total-hacks/"
     shodan-query: 'vuln:CVE-2022-3096'
-  tags: cve,wordpress,wp-plugin,wp-total-hacks,medium
+  tags: cve,wordpress,wp-plugin,wp-total-hacks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3097-fdd4bded1dfa98b42ec68b8794019fbd.yaml b/nuclei-templates/2022/CVE-2022-3097-fdd4bded1dfa98b42ec68b8794019fbd.yaml
index d691ef2649..9f14dbcfe9 100644
--- a/nuclei-templates/2022/CVE-2022-3097-fdd4bded1dfa98b42ec68b8794019fbd.yaml
+++ b/nuclei-templates/2022/CVE-2022-3097-fdd4bded1dfa98b42ec68b8794019fbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plugin LBstopattack <= 1.1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Plugin LBstopattack plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on on the setting save functionality. This makes it possible for unauthenticated attackers to invoke this function and modify the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lbstopattack/"
     google-query: inurl:"/wp-content/plugins/lbstopattack/"
     shodan-query: 'vuln:CVE-2022-3097'
-  tags: cve,wordpress,wp-plugin,lbstopattack,high
+  tags: cve,wordpress,wp-plugin,lbstopattack,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3098-02f07014b96a3edb2c7f1b16bbe0bd90.yaml b/nuclei-templates/2022/CVE-2022-3098-02f07014b96a3edb2c7f1b16bbe0bd90.yaml
index 28a7836f87..72fb70d7e3 100644
--- a/nuclei-templates/2022/CVE-2022-3098-02f07014b96a3edb2c7f1b16bbe0bd90.yaml
+++ b/nuclei-templates/2022/CVE-2022-3098-02f07014b96a3edb2c7f1b16bbe0bd90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login Block IPs <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Login Block IPs plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation in the admin/partials/login-block-ips-admin-display.php file. This makes it possible for unauthenticated attackers to update the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-block-ips/"
     google-query: inurl:"/wp-content/plugins/login-block-ips/"
     shodan-query: 'vuln:CVE-2022-3098'
-  tags: cve,wordpress,wp-plugin,login-block-ips,high
+  tags: cve,wordpress,wp-plugin,login-block-ips,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-30998-61ef4484d482c37a0de9af18fac5edf6.yaml b/nuclei-templates/2022/CVE-2022-30998-61ef4484d482c37a0de9af18fac5edf6.yaml
index 9861582da7..1f0b926abb 100644
--- a/nuclei-templates/2022/CVE-2022-30998-61ef4484d482c37a0de9af18fac5edf6.yaml
+++ b/nuclei-templates/2022/CVE-2022-30998-61ef4484d482c37a0de9af18fac5edf6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Homepage Product Organizer for WooCommerce <= 1.1 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Homepage Product Organizer for WooCommerce plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/homepage-product-organizer-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/homepage-product-organizer-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-30998'
-  tags: cve,wordpress,wp-plugin,homepage-product-organizer-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,homepage-product-organizer-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3124-cf17a017c60d948b78f758c0612d102b.yaml b/nuclei-templates/2022/CVE-2022-3124-cf17a017c60d948b78f758c0612d102b.yaml
index 51ae0f64cb..68fd9cde27 100644
--- a/nuclei-templates/2022/CVE-2022-3124-cf17a017c60d948b78f758c0612d102b.yaml
+++ b/nuclei-templates/2022/CVE-2022-3124-cf17a017c60d948b78f758c0612d102b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend File Manager <= 21.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Frontend File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check and lacking authentication in versions up to, and including, 9.8. This makes it possible for unauthenticated attackers to rename uploaded files on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nmedia-user-file-uploader/"
     google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/"
     shodan-query: 'vuln:CVE-2022-3124'
-  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,medium
+  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3125-9d01a3c1450589963802e2c82f79a1da.yaml b/nuclei-templates/2022/CVE-2022-3125-9d01a3c1450589963802e2c82f79a1da.yaml
index 31b2de85e6..00a54e17f5 100644
--- a/nuclei-templates/2022/CVE-2022-3125-9d01a3c1450589963802e2c82f79a1da.yaml
+++ b/nuclei-templates/2022/CVE-2022-3125-9d01a3c1450589963802e2c82f79a1da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Frontend File Manager plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 21.2. The vulnerability makes it possible for authenticated attackers, with subscriber-level permissions and above, to upload arbitrary files on the affected sites server and change their file extensions which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nmedia-user-file-uploader/"
     google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/"
     shodan-query: 'vuln:CVE-2022-3125'
-  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,high
+  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3126-912300bb987f9b62927bac6bd20872ca.yaml b/nuclei-templates/2022/CVE-2022-3126-912300bb987f9b62927bac6bd20872ca.yaml
index 8450ee6a2e..85952c97ba 100644
--- a/nuclei-templates/2022/CVE-2022-3126-912300bb987f9b62927bac6bd20872ca.yaml
+++ b/nuclei-templates/2022/CVE-2022-3126-912300bb987f9b62927bac6bd20872ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The "Frontend File Manager Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 21.2. This is due to missing or incorrect nonce validation on the wpfm_upload_file function. This makes it possible for unauthenticated attackers to upload files on behalf of other users, via forged request granted they can trick such a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nmedia-user-file-uploader/"
     google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/"
     shodan-query: 'vuln:CVE-2022-3126'
-  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,high
+  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3128-11d8842f155c393e0c8cf7dd8d4ce45b.yaml b/nuclei-templates/2022/CVE-2022-3128-11d8842f155c393e0c8cf7dd8d4ce45b.yaml
index bab164ad15..062559a1b5 100644
--- a/nuclei-templates/2022/CVE-2022-3128-11d8842f155c393e0c8cf7dd8d4ce45b.yaml
+++ b/nuclei-templates/2022/CVE-2022-3128-11d8842f155c393e0c8cf7dd8d4ce45b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donation Thermometer <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Donation Thermometer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/donation-thermometer/"
     google-query: inurl:"/wp-content/plugins/donation-thermometer/"
     shodan-query: 'vuln:CVE-2022-3128'
-  tags: cve,wordpress,wp-plugin,donation-thermometer,medium
+  tags: cve,wordpress,wp-plugin,donation-thermometer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3131-967dff727dbc42b5a7eb2d15c9e083d4.yaml b/nuclei-templates/2022/CVE-2022-3131-967dff727dbc42b5a7eb2d15c9e083d4.yaml
index 234068fa72..fbd7d6b4d3 100644
--- a/nuclei-templates/2022/CVE-2022-3131-967dff727dbc42b5a7eb2d15c9e083d4.yaml
+++ b/nuclei-templates/2022/CVE-2022-3131-967dff727dbc42b5a7eb2d15c9e083d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Search Logger plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/search-logger/"
     google-query: inurl:"/wp-content/plugins/search-logger/"
     shodan-query: 'vuln:CVE-2022-3131'
-  tags: cve,wordpress,wp-plugin,search-logger,high
+  tags: cve,wordpress,wp-plugin,search-logger,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3132-733ee63acd3da1891d75d0f23730ff92.yaml b/nuclei-templates/2022/CVE-2022-3132-733ee63acd3da1891d75d0f23730ff92.yaml
index a6ec8956bb..29474710d6 100644
--- a/nuclei-templates/2022/CVE-2022-3132-733ee63acd3da1891d75d0f23730ff92.yaml
+++ b/nuclei-templates/2022/CVE-2022-3132-733ee63acd3da1891d75d0f23730ff92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Goolytics – Simple Google Analytics <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Wordfence plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘goolytics_web_property_id’ parameter in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/goolytics-simple-google-analytics/"
     google-query: inurl:"/wp-content/plugins/goolytics-simple-google-analytics/"
     shodan-query: 'vuln:CVE-2022-3132'
-  tags: cve,wordpress,wp-plugin,goolytics-simple-google-analytics,medium
+  tags: cve,wordpress,wp-plugin,goolytics-simple-google-analytics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3135-40b96ba14c189bc5294c696f541a5a2a.yaml b/nuclei-templates/2022/CVE-2022-3135-40b96ba14c189bc5294c696f541a5a2a.yaml
index ca79edb23d..5e06452430 100644
--- a/nuclei-templates/2022/CVE-2022-3135-40b96ba14c189bc5294c696f541a5a2a.yaml
+++ b/nuclei-templates/2022/CVE-2022-3135-40b96ba14c189bc5294c696f541a5a2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Smart Links <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SEO Smart Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-automatic-links/"
     google-query: inurl:"/wp-content/plugins/seo-automatic-links/"
     shodan-query: 'vuln:CVE-2022-3135'
-  tags: cve,wordpress,wp-plugin,seo-automatic-links,medium
+  tags: cve,wordpress,wp-plugin,seo-automatic-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3136-d503115e692639756bb3a2ffdde34c03.yaml b/nuclei-templates/2022/CVE-2022-3136-d503115e692639756bb3a2ffdde34c03.yaml
index 71a4a6c692..065823bb90 100644
--- a/nuclei-templates/2022/CVE-2022-3136-d503115e692639756bb3a2ffdde34c03.yaml
+++ b/nuclei-templates/2022/CVE-2022-3136-d503115e692639756bb3a2ffdde34c03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Rocket <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Rocket plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-rocket/"
     google-query: inurl:"/wp-content/plugins/social-rocket/"
     shodan-query: 'vuln:CVE-2022-3136'
-  tags: cve,wordpress,wp-plugin,social-rocket,medium
+  tags: cve,wordpress,wp-plugin,social-rocket,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3137-aa1aed011557ee5dc2bfa06501123a9e.yaml b/nuclei-templates/2022/CVE-2022-3137-aa1aed011557ee5dc2bfa06501123a9e.yaml
index 78162aff8e..6c8cfefffd 100644
--- a/nuclei-templates/2022/CVE-2022-3137-aa1aed011557ee5dc2bfa06501123a9e.yaml
+++ b/nuclei-templates/2022/CVE-2022-3137-aa1aed011557ee5dc2bfa06501123a9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Taskbuilder <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts into SVG files that are uploaded as part of the task creation process and that will execute whenever a user accesses an injected page or access such an SVG file directly.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/taskbuilder/"
     google-query: inurl:"/wp-content/plugins/taskbuilder/"
     shodan-query: 'vuln:CVE-2022-3137'
-  tags: cve,wordpress,wp-plugin,taskbuilder,medium
+  tags: cve,wordpress,wp-plugin,taskbuilder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3139-c0079d75a97eeffbdeb6d0d0f4759f91.yaml b/nuclei-templates/2022/CVE-2022-3139-c0079d75a97eeffbdeb6d0d0f4759f91.yaml
index 5f8f7178e0..e3b9f228bd 100644
--- a/nuclei-templates/2022/CVE-2022-3139-c0079d75a97eeffbdeb6d0d0f4759f91.yaml
+++ b/nuclei-templates/2022/CVE-2022-3139-c0079d75a97eeffbdeb6d0d0f4759f91.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     We’re Open! <= 1.41 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The We’re Open! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.41 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/opening-hours/"
     google-query: inurl:"/wp-content/plugins/opening-hours/"
     shodan-query: 'vuln:CVE-2022-3139'
-  tags: cve,wordpress,wp-plugin,opening-hours,medium
+  tags: cve,wordpress,wp-plugin,opening-hours,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3141-17f9d007266f9a0cab0ee55eb44edcc9.yaml b/nuclei-templates/2022/CVE-2022-3141-17f9d007266f9a0cab0ee55eb44edcc9.yaml
index eb21e992f3..019ae02cd2 100644
--- a/nuclei-templates/2022/CVE-2022-3141-17f9d007266f9a0cab0ee55eb44edcc9.yaml
+++ b/nuclei-templates/2022/CVE-2022-3141-17f9d007266f9a0cab0ee55eb44edcc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TranslatePress <= 2.3.2 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Translate Multilingual sites WordPress plugin is vulnerable to an authenticated SQL injection in versions up to, and including, 2.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/translatepress-multilingual/"
     google-query: inurl:"/wp-content/plugins/translatepress-multilingual/"
     shodan-query: 'vuln:CVE-2022-3141'
-  tags: cve,wordpress,wp-plugin,translatepress-multilingual,high
+  tags: cve,wordpress,wp-plugin,translatepress-multilingual,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3142-9eff154e275679aff481294211504cad.yaml b/nuclei-templates/2022/CVE-2022-3142-9eff154e275679aff481294211504cad.yaml
index 38a84eb3f1..3c0562c254 100644
--- a/nuclei-templates/2022/CVE-2022-3142-9eff154e275679aff481294211504cad.yaml
+++ b/nuclei-templates/2022/CVE-2022-3142-9eff154e275679aff481294211504cad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms <= 7.9.6 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The NEX-Forms plugin for WordPress is vulnerable to SQL Injection via the ‘form_id’ parameter in versions up to, and including, 7.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2022-3142'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3144-aaccf9d8425eddd13e4ac4f8c70f1e50.yaml b/nuclei-templates/2022/CVE-2022-3144-aaccf9d8425eddd13e4ac4f8c70f1e50.yaml
index 586f86625d..b42ad636e1 100644
--- a/nuclei-templates/2022/CVE-2022-3144-aaccf9d8425eddd13e4ac4f8c70f1e50.yaml
+++ b/nuclei-templates/2022/CVE-2022-3144-aaccf9d8425eddd13e4ac4f8c70f1e50.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wordfence Security – Firewall & Malware Scan <= 7.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordfence/"
     google-query: inurl:"/wp-content/plugins/wordfence/"
     shodan-query: 'vuln:CVE-2022-3144'
-  tags: cve,wordpress,wp-plugin,wordfence,medium
+  tags: cve,wordpress,wp-plugin,wordfence,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-31475-eee72fcaef7d6d7710f8503cc05b2365.yaml b/nuclei-templates/2022/CVE-2022-31475-eee72fcaef7d6d7710f8503cc05b2365.yaml
index c8cea6850d..e34c0e409d 100644
--- a/nuclei-templates/2022/CVE-2022-31475-eee72fcaef7d6d7710f8503cc05b2365.yaml
+++ b/nuclei-templates/2022/CVE-2022-31475-eee72fcaef7d6d7710f8503cc05b2365.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.20.2 - Authenticated Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2022-28700/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2022-28700/"
     shodan-query: 'vuln:CVE-2022-31475'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2022-28700,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2022-28700,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3149-ece3289501587998363581768a050e75.yaml b/nuclei-templates/2022/CVE-2022-3149-ece3289501587998363581768a050e75.yaml
index d8d7f02379..1dfcdef92b 100644
--- a/nuclei-templates/2022/CVE-2022-3149-ece3289501587998363581768a050e75.yaml
+++ b/nuclei-templates/2022/CVE-2022-3149-ece3289501587998363581768a050e75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Cursors <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Custom Cursors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor_text’ parameter  as well as others in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-cursors/"
     google-query: inurl:"/wp-content/plugins/wp-custom-cursors/"
     shodan-query: 'vuln:CVE-2022-3149'
-  tags: cve,wordpress,wp-plugin,wp-custom-cursors,medium
+  tags: cve,wordpress,wp-plugin,wp-custom-cursors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3150-31292a415c3bd76b8562016d2514c1b7.yaml b/nuclei-templates/2022/CVE-2022-3150-31292a415c3bd76b8562016d2514c1b7.yaml
index 33fecddb99..d7ed0ff88e 100644
--- a/nuclei-templates/2022/CVE-2022-3150-31292a415c3bd76b8562016d2514c1b7.yaml
+++ b/nuclei-templates/2022/CVE-2022-3150-31292a415c3bd76b8562016d2514c1b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Cursors <= 3.0.1 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Custom Cursors plugin for WordPress is vulnerable to SQL Injection via the ‘edit_row’ parameter and potentially others in versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: CVE-2023-2221 appears to be a duplicate of this vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-cursors/"
     google-query: inurl:"/wp-content/plugins/wp-custom-cursors/"
     shodan-query: 'vuln:CVE-2022-3150'
-  tags: cve,wordpress,wp-plugin,wp-custom-cursors,high
+  tags: cve,wordpress,wp-plugin,wp-custom-cursors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3151-990bebfd04ffccf7784d9ed7851bc9ac.yaml b/nuclei-templates/2022/CVE-2022-3151-990bebfd04ffccf7784d9ed7851bc9ac.yaml
index 317f86056d..a69291b351 100644
--- a/nuclei-templates/2022/CVE-2022-3151-990bebfd04ffccf7784d9ed7851bc9ac.yaml
+++ b/nuclei-templates/2022/CVE-2022-3151-990bebfd04ffccf7784d9ed7851bc9ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Cursors <= 3.0 - Cross-Site Request Forgery to Cursor Manipulation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Custom Cursors plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0. This is due to missing or incorrect nonce validation in the ~/wp-custom-cursors-add-new.php file. This makes it possible for unauthenticated attackers to manipulate cursors, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-cursors/"
     google-query: inurl:"/wp-content/plugins/wp-custom-cursors/"
     shodan-query: 'vuln:CVE-2022-3151'
-  tags: cve,wordpress,wp-plugin,wp-custom-cursors,high
+  tags: cve,wordpress,wp-plugin,wp-custom-cursors,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3154-ed2236ee570598966dd60e4e75f31def.yaml b/nuclei-templates/2022/CVE-2022-3154-ed2236ee570598966dd60e4e75f31def.yaml
index 5c746a1852..e1ed962dce 100644
--- a/nuclei-templates/2022/CVE-2022-3154-ed2236ee570598966dd60e4e75f31def.yaml
+++ b/nuclei-templates/2022/CVE-2022-3154-ed2236ee570598966dd60e4e75f31def.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Plugins from Viszt Peter - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The plugins 'Integration for Billingo & Gravity Forms' up to version 1.0.3,  'Integration for Szamlazz.hu & Gravity Forms' up to version 1.2.6, and 'Woo Billingo Plus' up to version 4.4.5.3 for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation in various AJAX actions. This allows unauthenticated attackers to make logged in Shop Managers and above perform unwanted actions granted they can trick such a user into performing an action such as clicking on a link.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2022-3154
   metadata:
-    fofa-query: "wp-content/plugins/integration-for-billingo-gravity-forms/"
-    google-query: inurl:"/wp-content/plugins/integration-for-billingo-gravity-forms/"
+    fofa-query: "wp-content/plugins/integration-for-szamlazz-hu-gravity-forms/"
+    google-query: inurl:"/wp-content/plugins/integration-for-szamlazz-hu-gravity-forms/"
     shodan-query: 'vuln:CVE-2022-3154'
-  tags: cve,wordpress,wp-plugin,integration-for-billingo-gravity-forms,high
+  tags: cve,wordpress,wp-plugin,integration-for-szamlazz-hu-gravity-forms,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/integration-for-billingo-gravity-forms/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/integration-for-szamlazz-hu-gravity-forms/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "integration-for-billingo-gravity-forms"
+          - "integration-for-szamlazz-hu-gravity-forms"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.0.3')
\ No newline at end of file
+          - compare_versions(version, '<= 1.2.6')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-3194-5ad44d8edf07e29935fd9f2a379a8bdf.yaml b/nuclei-templates/2022/CVE-2022-3194-5ad44d8edf07e29935fd9f2a379a8bdf.yaml
index 8b9c1d7a93..543f29bf6e 100644
--- a/nuclei-templates/2022/CVE-2022-3194-5ad44d8edf07e29935fd9f2a379a8bdf.yaml
+++ b/nuclei-templates/2022/CVE-2022-3194-5ad44d8edf07e29935fd9f2a379a8bdf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dokan <= 3.6.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.5. This is due to missing or incorrect nonce validation on the setup_wizard function. This makes it possible for unauthenticated attackers to change settings in the setup process, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dokan-lite/"
     google-query: inurl:"/wp-content/plugins/dokan-lite/"
     shodan-query: 'vuln:CVE-2022-3194'
-  tags: cve,wordpress,wp-plugin,dokan-lite,high
+  tags: cve,wordpress,wp-plugin,dokan-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3194-98e27e4b860cdb80f775d8dcf8849471.yaml b/nuclei-templates/2022/CVE-2022-3194-98e27e4b860cdb80f775d8dcf8849471.yaml
index d54b447361..ed01ab5b64 100644
--- a/nuclei-templates/2022/CVE-2022-3194-98e27e4b860cdb80f775d8dcf8849471.yaml
+++ b/nuclei-templates/2022/CVE-2022-3194-98e27e4b860cdb80f775d8dcf8849471.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dokan <= 3.6.3 - Authenticated (Vendor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dokan plugin for WordPress is vulnerable to Stored Cross-Site Scripting via product reviews in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with vendor permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was the result of the plugin enabling unfiltered_html capabilities for this user role.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dokan-lite/"
     google-query: inurl:"/wp-content/plugins/dokan-lite/"
     shodan-query: 'vuln:CVE-2022-3194'
-  tags: cve,wordpress,wp-plugin,dokan-lite,medium
+  tags: cve,wordpress,wp-plugin,dokan-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3208-f1ab2ba9aab33ab61ed9ab0dbb6a8c74.yaml b/nuclei-templates/2022/CVE-2022-3208-f1ab2ba9aab33ab61ed9ab0dbb6a8c74.yaml
index 2c128c8397..63ab88c0b3 100644
--- a/nuclei-templates/2022/CVE-2022-3208-f1ab2ba9aab33ab61ed9ab0dbb6a8c74.yaml
+++ b/nuclei-templates/2022/CVE-2022-3208-f1ab2ba9aab33ab61ed9ab0dbb6a8c74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple File List <= 4.4.12 - Cross-Site Request Forgery to Page Creation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple File List plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.12. This is due to missing or incorrect nonce validation on its page creation function eeSFL_FREE_CreatePostwithShortcode(). This makes it possible for unauthenticated attackers to create new pages and manipulate their contents, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-file-list/"
     google-query: inurl:"/wp-content/plugins/simple-file-list/"
     shodan-query: 'vuln:CVE-2022-3208'
-  tags: cve,wordpress,wp-plugin,simple-file-list,high
+  tags: cve,wordpress,wp-plugin,simple-file-list,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3220-c25a227d2616b1e266b27ae90761f594.yaml b/nuclei-templates/2022/CVE-2022-3220-c25a227d2616b1e266b27ae90761f594.yaml
index fd5a456099..bc45f24b5c 100644
--- a/nuclei-templates/2022/CVE-2022-3220-c25a227d2616b1e266b27ae90761f594.yaml
+++ b/nuclei-templates/2022/CVE-2022-3220-c25a227d2616b1e266b27ae90761f594.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Comment Form <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Comment Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings form  in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comment-form/"
     google-query: inurl:"/wp-content/plugins/comment-form/"
     shodan-query: 'vuln:CVE-2022-3220'
-  tags: cve,wordpress,wp-plugin,comment-form,medium
+  tags: cve,wordpress,wp-plugin,comment-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-32280-3f7130e05b74b1e5f65b8d9e77a1373e.yaml b/nuclei-templates/2022/CVE-2022-32280-3f7130e05b74b1e5f65b8d9e77a1373e.yaml
index bef33d3793..d5f73949cc 100644
--- a/nuclei-templates/2022/CVE-2022-32280-3f7130e05b74b1e5f65b8d9e77a1373e.yaml
+++ b/nuclei-templates/2022/CVE-2022-32280-3f7130e05b74b1e5f65b8d9e77a1373e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XO Slider <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xo-liteslider/"
     google-query: inurl:"/wp-content/plugins/xo-liteslider/"
     shodan-query: 'vuln:CVE-2022-32280'
-  tags: cve,wordpress,wp-plugin,xo-liteslider,medium
+  tags: cve,wordpress,wp-plugin,xo-liteslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3237-13a0eed39cd76523725bdb9ac6f8ad2f.yaml b/nuclei-templates/2022/CVE-2022-3237-13a0eed39cd76523725bdb9ac6f8ad2f.yaml
index e5d356ed39..428980d7fb 100644
--- a/nuclei-templates/2022/CVE-2022-3237-13a0eed39cd76523725bdb9ac6f8ad2f.yaml
+++ b/nuclei-templates/2022/CVE-2022-3237-13a0eed39cd76523725bdb9ac6f8ad2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Contact Slider <= 2.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Contact Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Text to display’ parameter in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-contact-slider/"
     google-query: inurl:"/wp-content/plugins/wp-contact-slider/"
     shodan-query: 'vuln:CVE-2022-3237'
-  tags: cve,wordpress,wp-plugin,wp-contact-slider,medium
+  tags: cve,wordpress,wp-plugin,wp-contact-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3240-de62fa1091876ce7733352db2cec2f12.yaml b/nuclei-templates/2022/CVE-2022-3240-de62fa1091876ce7733352db2cec2f12.yaml
index cc1500a3af..d55bcae596 100644
--- a/nuclei-templates/2022/CVE-2022-3240-de62fa1091876ce7733352db2cec2f12.yaml
+++ b/nuclei-templates/2022/CVE-2022-3240-de62fa1091876ce7733352db2cec2f12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/follow-me/"
     google-query: inurl:"/wp-content/plugins/follow-me/"
     shodan-query: 'vuln:CVE-2022-3240'
-  tags: cve,wordpress,wp-plugin,follow-me,high
+  tags: cve,wordpress,wp-plugin,follow-me,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3243-e5b4ec8d38e3122f17a3232664bd3572.yaml b/nuclei-templates/2022/CVE-2022-3243-e5b4ec8d38e3122f17a3232664bd3572.yaml
index 1ae75e11d1..b06083a5d7 100644
--- a/nuclei-templates/2022/CVE-2022-3243-e5b4ec8d38e3122f17a3232664bd3572.yaml
+++ b/nuclei-templates/2022/CVE-2022-3243-e5b4ec8d38e3122f17a3232664bd3572.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Ultimate CSV Importer <= 6.5.7 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Ultimate CSV Importer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/"
     shodan-query: 'vuln:CVE-2022-3243'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high
+  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3244-dc21ebc00161a8071a291b6ff6e22872.yaml b/nuclei-templates/2022/CVE-2022-3244-dc21ebc00161a8071a291b6ff6e22872.yaml
index acfe0d70ba..94c7368b78 100644
--- a/nuclei-templates/2022/CVE-2022-3244-dc21ebc00161a8071a291b6ff6e22872.yaml
+++ b/nuclei-templates/2022/CVE-2022-3244-dc21ebc00161a8071a291b6ff6e22872.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Ultimate CSV Importer <= 6.5.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Ultimate CSV Importer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on some of its functions in versions up to, and including, 6.5.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke them if they are able to obtain a valid nonce.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/"
     shodan-query: 'vuln:CVE-2022-3244'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,medium
+  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3246-5b5598cebbb5b08b875d9ea03d9a72bc.yaml b/nuclei-templates/2022/CVE-2022-3246-5b5598cebbb5b08b875d9ea03d9a72bc.yaml
index 5fca7a259f..ee9582be28 100644
--- a/nuclei-templates/2022/CVE-2022-3246-5b5598cebbb5b08b875d9ea03d9a72bc.yaml
+++ b/nuclei-templates/2022/CVE-2022-3246-5b5598cebbb5b08b875d9ea03d9a72bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Blog2Social plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.9.9 due to insufficient escaping on the user supplied parameter 'publish_error_code' and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog2social/"
     google-query: inurl:"/wp-content/plugins/blog2social/"
     shodan-query: 'vuln:CVE-2022-3246'
-  tags: cve,wordpress,wp-plugin,blog2social,high
+  tags: cve,wordpress,wp-plugin,blog2social,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3247-cefe6e830adb746b2199d03b92e9b0d3.yaml b/nuclei-templates/2022/CVE-2022-3247-cefe6e830adb746b2199d03b92e9b0d3.yaml
index 9222ea7541..a60aec4e1b 100644
--- a/nuclei-templates/2022/CVE-2022-3247-cefe6e830adb746b2199d03b92e9b0d3.yaml
+++ b/nuclei-templates/2022/CVE-2022-3247-cefe6e830adb746b2199d03b92e9b0d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blog2Social <= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Blog2Social  plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 6.9.9 due to missing URL validation to ensure an external URL is used in the function b2sFileGetContents. This makes it possible for authenticated users, with subscriber-level access or higher, to perform attacks against the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog2social/"
     google-query: inurl:"/wp-content/plugins/blog2social/"
     shodan-query: 'vuln:CVE-2022-3247'
-  tags: cve,wordpress,wp-plugin,blog2social,high
+  tags: cve,wordpress,wp-plugin,blog2social,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3249-4e6e2faa30d1cb67b640ff4b64c7c434.yaml b/nuclei-templates/2022/CVE-2022-3249-4e6e2faa30d1cb67b640ff4b64c7c434.yaml
index c0d14269f5..8a087d1243 100644
--- a/nuclei-templates/2022/CVE-2022-3249-4e6e2faa30d1cb67b640ff4b64c7c434.yaml
+++ b/nuclei-templates/2022/CVE-2022-3249-4e6e2faa30d1cb67b640ff4b64c7c434.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP CSV Exporter <= 1.3.6 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP CSV Exporter plugin for WordPress is vulnerable to generic SQL Injection via the $query_select value in versions up to, and including, 1.3.6 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-csv-exporter/"
     google-query: inurl:"/wp-content/plugins/wp-csv-exporter/"
     shodan-query: 'vuln:CVE-2022-3249'
-  tags: cve,wordpress,wp-plugin,wp-csv-exporter,high
+  tags: cve,wordpress,wp-plugin,wp-csv-exporter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-32587-62e712c4c51e2629997a1a286dd08453.yaml b/nuclei-templates/2022/CVE-2022-32587-62e712c4c51e2629997a1a286dd08453.yaml
index 96a04a8296..595cb2aa12 100644
--- a/nuclei-templates/2022/CVE-2022-32587-62e712c4c51e2629997a1a286dd08453.yaml
+++ b/nuclei-templates/2022/CVE-2022-32587-62e712c4c51e2629997a1a286dd08453.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Page Widget <= 3.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Page Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9. This is due to missing nonce validation on the pw_settings_page() function. This makes it possible for unauthenticated attackers to invoke the function and update the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-page-widget/"
     google-query: inurl:"/wp-content/plugins/wp-page-widget/"
     shodan-query: 'vuln:CVE-2022-32587'
-  tags: cve,wordpress,wp-plugin,wp-page-widget,high
+  tags: cve,wordpress,wp-plugin,wp-page-widget,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-32776-0ce7e54d96c7e37996c0287c3e487a8b.yaml b/nuclei-templates/2022/CVE-2022-32776-0ce7e54d96c7e37996c0287c3e487a8b.yaml
index d4ed1281b5..2926962284 100644
--- a/nuclei-templates/2022/CVE-2022-32776-0ce7e54d96c7e37996c0287c3e487a8b.yaml
+++ b/nuclei-templates/2022/CVE-2022-32776-0ce7e54d96c7e37996c0287c3e487a8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Ads – Ad Manager & AdSense <= 1.31.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title parameter in versions up to, and including, 1.31.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-ads/"
     google-query: inurl:"/wp-content/plugins/advanced-ads/"
     shodan-query: 'vuln:CVE-2022-32776'
-  tags: cve,wordpress,wp-plugin,advanced-ads,medium
+  tags: cve,wordpress,wp-plugin,advanced-ads,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-32970-eeb643b56c37992255be8d889b1e9ae2.yaml b/nuclei-templates/2022/CVE-2022-32970-eeb643b56c37992255be8d889b1e9ae2.yaml
index b1aa2a4205..241e11bc57 100644
--- a/nuclei-templates/2022/CVE-2022-32970-eeb643b56c37992255be8d889b1e9ae2.yaml
+++ b/nuclei-templates/2022/CVE-2022-32970-eeb643b56c37992255be8d889b1e9ae2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-portfolio-post/"
     google-query: inurl:"/wp-content/plugins/themify-portfolio-post/"
     shodan-query: 'vuln:CVE-2022-32970'
-  tags: cve,wordpress,wp-plugin,themify-portfolio-post,medium
+  tags: cve,wordpress,wp-plugin,themify-portfolio-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3300-e23a8ff0f941885439bb6eaa6879d8d2.yaml b/nuclei-templates/2022/CVE-2022-3300-e23a8ff0f941885439bb6eaa6879d8d2.yaml
index fcd9701e52..c616511f1e 100644
--- a/nuclei-templates/2022/CVE-2022-3300-e23a8ff0f941885439bb6eaa6879d8d2.yaml
+++ b/nuclei-templates/2022/CVE-2022-3300-e23a8ff0f941885439bb6eaa6879d8d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Form Maker plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in versions up to, and including, 1.15.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-maker/"
     google-query: inurl:"/wp-content/plugins/form-maker/"
     shodan-query: 'vuln:CVE-2022-3300'
-  tags: cve,wordpress,wp-plugin,form-maker,high
+  tags: cve,wordpress,wp-plugin,form-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3302-bf15f8f75324665dbab0a976954762a4.yaml b/nuclei-templates/2022/CVE-2022-3302-bf15f8f75324665dbab0a976954762a4.yaml
index e9574e6bdb..b296a18d0c 100644
--- a/nuclei-templates/2022/CVE-2022-3302-bf15f8f75324665dbab0a976954762a4.yaml
+++ b/nuclei-templates/2022/CVE-2022-3302-bf15f8f75324665dbab0a976954762a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AntiSpam by CleanTalk <= 5.185 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The AntiSpam plugin for WordPress is vulnerable to SQL Injection via the ‘ids’ parameter in versions up to, and including, 5.185 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cleantalk-spam-protect/"
     google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/"
     shodan-query: 'vuln:CVE-2022-3302'
-  tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,high
+  tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-33191-2ee541e9c869c15a8b871966c41047ce.yaml b/nuclei-templates/2022/CVE-2022-33191-2ee541e9c869c15a8b871966c41047ce.yaml
index a81c890dde..9a11f7062a 100644
--- a/nuclei-templates/2022/CVE-2022-33191-2ee541e9c869c15a8b871966c41047ce.yaml
+++ b/nuclei-templates/2022/CVE-2022-33191-2ee541e9c869c15a8b871966c41047ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonials <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Testimonials plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonials/"
     google-query: inurl:"/wp-content/plugins/testimonials/"
     shodan-query: 'vuln:CVE-2022-33191'
-  tags: cve,wordpress,wp-plugin,testimonials,medium
+  tags: cve,wordpress,wp-plugin,testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-33201-83cdeca9a177bee255e863b7e36aae57.yaml b/nuclei-templates/2022/CVE-2022-33201-83cdeca9a177bee255e863b7e36aae57.yaml
index 0cb5264ee9..7c7a165f92 100644
--- a/nuclei-templates/2022/CVE-2022-33201-83cdeca9a177bee255e863b7e36aae57.yaml
+++ b/nuclei-templates/2022/CVE-2022-33201-83cdeca9a177bee255e863b7e36aae57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailerLite – Signup forms (official) <= 1.5.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MailerLite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation several functions used to change plugin settings. This makes it possible for unauthenticated attackers to trigger setting updates via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/official-mailerlite-sign-up-forms/"
     google-query: inurl:"/wp-content/plugins/official-mailerlite-sign-up-forms/"
     shodan-query: 'vuln:CVE-2022-33201'
-  tags: cve,wordpress,wp-plugin,official-mailerlite-sign-up-forms,high
+  tags: cve,wordpress,wp-plugin,official-mailerlite-sign-up-forms,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3334-3fc9a3fcf79cc1897ce2e887e3d3f73c.yaml b/nuclei-templates/2022/CVE-2022-3334-3fc9a3fcf79cc1897ce2e887e3d3f73c.yaml
index 1b49f151e4..17f5ea724b 100644
--- a/nuclei-templates/2022/CVE-2022-3334-3fc9a3fcf79cc1897ce2e887e3d3f73c.yaml
+++ b/nuclei-templates/2022/CVE-2022-3334-3fc9a3fcf79cc1897ce2e887e3d3f73c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy WP SMTP <= 1.4.9 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Easy WP SMTP plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.9 via deserialization of untrusted input when processing the contents of an imported file. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-wp-smtp/"
     google-query: inurl:"/wp-content/plugins/easy-wp-smtp/"
     shodan-query: 'vuln:CVE-2022-3334'
-  tags: cve,wordpress,wp-plugin,easy-wp-smtp,high
+  tags: cve,wordpress,wp-plugin,easy-wp-smtp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3336-6be2333e24bb1c10a3a6c889899366b0.yaml b/nuclei-templates/2022/CVE-2022-3336-6be2333e24bb1c10a3a6c889899366b0.yaml
index 1fe57c6eee..1b367d94db 100644
--- a/nuclei-templates/2022/CVE-2022-3336-6be2333e24bb1c10a3a6c889899366b0.yaml
+++ b/nuclei-templates/2022/CVE-2022-3336-6be2333e24bb1c10a3a6c889899366b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Monster – Event Management, Tickets Booking, Upcoming Event <= 1.1.20 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Event Monster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.20. This is due to missing or incorrect nonce validation when processing AJAX actions. This makes it possible for unauthenticated attackers to invoke these actions and perform actions like deleting all visitor records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-monster/"
     google-query: inurl:"/wp-content/plugins/event-monster/"
     shodan-query: 'vuln:CVE-2022-3336'
-  tags: cve,wordpress,wp-plugin,event-monster,high
+  tags: cve,wordpress,wp-plugin,event-monster,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3342-aec751941690d89755638c950f64d01d.yaml b/nuclei-templates/2022/CVE-2022-3342-aec751941690d89755638c950f64d01d.yaml
index 03aaf652bc..04945b9890 100644
--- a/nuclei-templates/2022/CVE-2022-3342-aec751941690d89755638c950f64d01d.yaml
+++ b/nuclei-templates/2022/CVE-2022-3342-aec751941690d89755638c950f64d01d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zero-bs-crm/"
     google-query: inurl:"/wp-content/plugins/zero-bs-crm/"
     shodan-query: 'vuln:CVE-2022-3342'
-  tags: cve,wordpress,wp-plugin,zero-bs-crm,high
+  tags: cve,wordpress,wp-plugin,zero-bs-crm,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3343-dda12396183ee405a0b6804083230616.yaml b/nuclei-templates/2022/CVE-2022-3343-dda12396183ee405a0b6804083230616.yaml
index 2b007f5ee4..06c18588f2 100644
--- a/nuclei-templates/2022/CVE-2022-3343-dda12396183ee405a0b6804083230616.yaml
+++ b/nuclei-templates/2022/CVE-2022-3343-dda12396183ee405a0b6804083230616.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPQA - Builder forms Addon For WordPress (<= 5.9.2),  Himer (<= 1.9.3) and Discy (<= 5.5.3) - Authenticated (Subscriber+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPQA - Builder forms Addon For WordPress plugin is vulnerable to insecure direct object reference in versions up to, and including, 5.9.2 along with the Himer (<= 1.9.3) and Discy (<= 5.5.3) WordPress themes. This is due to insufficient validation of user follows on the wpqa_following_you_ajax action. This makes it possible for authenticated attackers with subscriber-level capabilities and above to inflate follower counts of others by sending repeat follow requests.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2022-3343
   metadata:
-    fofa-query: "wp-content/themes/himer/"
-    google-query: inurl:"/wp-content/themes/himer/"
+    fofa-query: "wp-content/themes/discy/"
+    google-query: inurl:"/wp-content/themes/discy/"
     shodan-query: 'vuln:CVE-2022-3343'
-  tags: cve,wordpress,wp-theme,himer,medium
+  tags: cve,wordpress,wp-theme,discy,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/himer/style.css"
+      - "{{BaseURL}}/wp-content/themes/discy/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "himer"
+          - "discy"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.9.3')
\ No newline at end of file
+          - compare_versions(version, '<= 5.5.3')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-3350-e445dff1dbcdaa9bae7b0592b35676e6.yaml b/nuclei-templates/2022/CVE-2022-3350-e445dff1dbcdaa9bae7b0592b35676e6.yaml
index 5ae9330f28..7c527fba79 100644
--- a/nuclei-templates/2022/CVE-2022-3350-e445dff1dbcdaa9bae7b0592b35676e6.yaml
+++ b/nuclei-templates/2022/CVE-2022-3350-e445dff1dbcdaa9bae7b0592b35676e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Bank <= 3.0.30 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Bank plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-bank/"
     google-query: inurl:"/wp-content/plugins/contact-bank/"
     shodan-query: 'vuln:CVE-2022-3350'
-  tags: cve,wordpress,wp-plugin,contact-bank,medium
+  tags: cve,wordpress,wp-plugin,contact-bank,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3361-80c655d3d796ab546d2bd2d7a2a197bc.yaml b/nuclei-templates/2022/CVE-2022-3361-80c655d3d796ab546d2bd2d7a2a197bc.yaml
index 88a49db1de..19d76a6f7c 100644
--- a/nuclei-templates/2022/CVE-2022-3361-80c655d3d796ab546d2bd2d7a2a197bc.yaml
+++ b/nuclei-templates/2022/CVE-2022-3361-80c655d3d796ab546d2bd2d7a2a197bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2022-3361'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3366-90e136f1c49e3c12cb6162b882a23711.yaml b/nuclei-templates/2022/CVE-2022-3366-90e136f1c49e3c12cb6162b882a23711.yaml
index 77dfd6b600..168c664f3e 100644
--- a/nuclei-templates/2022/CVE-2022-3366-90e136f1c49e3c12cb6162b882a23711.yaml
+++ b/nuclei-templates/2022/CVE-2022-3366-90e136f1c49e3c12cb6162b882a23711.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PublishPress Capabilities <= 2.5.1 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The PublishPress Capabilities plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.5.1 via deserialization of untrusted input when processing an import file. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.2
     cve-id: CVE-2022-3366
   metadata:
-    fofa-query: "wp-content/plugins/capabilities-pro/"
-    google-query: inurl:"/wp-content/plugins/capabilities-pro/"
+    fofa-query: "wp-content/plugins/capability-manager-enhanced/"
+    google-query: inurl:"/wp-content/plugins/capability-manager-enhanced/"
     shodan-query: 'vuln:CVE-2022-3366'
-  tags: cve,wordpress,wp-plugin,capabilities-pro,high
+  tags: cve,wordpress,wp-plugin,capability-manager-enhanced,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/capabilities-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/capability-manager-enhanced/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "capabilities-pro"
+          - "capability-manager-enhanced"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-3374-219e356df9406ff61a0cdb8030ff8ed2.yaml b/nuclei-templates/2022/CVE-2022-3374-219e356df9406ff61a0cdb8030ff8ed2.yaml
index 479170a10e..46269a6991 100644
--- a/nuclei-templates/2022/CVE-2022-3374-219e356df9406ff61a0cdb8030ff8ed2.yaml
+++ b/nuclei-templates/2022/CVE-2022-3374-219e356df9406ff61a0cdb8030ff8ed2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ocean Extra <= 2.0.4 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ocean Extra plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.4  via deserialization of untrusted input when processing a malicious customizer styling file. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ocean-extra/"
     google-query: inurl:"/wp-content/plugins/ocean-extra/"
     shodan-query: 'vuln:CVE-2022-3374'
-  tags: cve,wordpress,wp-plugin,ocean-extra,high
+  tags: cve,wordpress,wp-plugin,ocean-extra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3380-c7389b248c40364239ac72c9e1e9985e.yaml b/nuclei-templates/2022/CVE-2022-3380-c7389b248c40364239ac72c9e1e9985e.yaml
index dd36188ec1..7f5758023e 100644
--- a/nuclei-templates/2022/CVE-2022-3380-c7389b248c40364239ac72c9e1e9985e.yaml
+++ b/nuclei-templates/2022/CVE-2022-3380-c7389b248c40364239ac72c9e1e9985e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customizer Export/Import <= 0.9.4 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Customizer Export/Import for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 0.9.4  via deserialization of untrusted input from an imported file. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customizer-export-import/"
     google-query: inurl:"/wp-content/plugins/customizer-export-import/"
     shodan-query: 'vuln:CVE-2022-3380'
-  tags: cve,wordpress,wp-plugin,customizer-export-import,high
+  tags: cve,wordpress,wp-plugin,customizer-export-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3383-18ceaed7f43455d18367a3a1c3285ab3.yaml b/nuclei-templates/2022/CVE-2022-3383-18ceaed7f43455d18367a3a1c3285ab3.yaml
index 6cac59c272..b34b4a86ff 100644
--- a/nuclei-templates/2022/CVE-2022-3383-18ceaed7f43455d18367a3a1c3285ab3.yaml
+++ b/nuclei-templates/2022/CVE-2022-3383-18ceaed7f43455d18367a3a1c3285ab3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Remote Code Execution via Multi-Select
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2022-3383'
-  tags: cve,wordpress,wp-plugin,ultimate-member,high
+  tags: cve,wordpress,wp-plugin,ultimate-member,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3384-674e9e8ffc19e4d579a57273137742ea.yaml b/nuclei-templates/2022/CVE-2022-3384-674e9e8ffc19e4d579a57273137742ea.yaml
index 61d9671b04..41705fc67b 100644
--- a/nuclei-templates/2022/CVE-2022-3384-674e9e8ffc19e4d579a57273137742ea.yaml
+++ b/nuclei-templates/2022/CVE-2022-3384-674e9e8ffc19e4d579a57273137742ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_options
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2022-3384'
-  tags: cve,wordpress,wp-plugin,ultimate-member,high
+  tags: cve,wordpress,wp-plugin,ultimate-member,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3391-3c6cc9490d009d5c5e5a38130b58bb8c.yaml b/nuclei-templates/2022/CVE-2022-3391-3c6cc9490d009d5c5e5a38130b58bb8c.yaml
index d9f2fa8bd1..f2ff06893a 100644
--- a/nuclei-templates/2022/CVE-2022-3391-3c6cc9490d009d5c5e5a38130b58bb8c.yaml
+++ b/nuclei-templates/2022/CVE-2022-3391-3c6cc9490d009d5c5e5a38130b58bb8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Retain Live Chat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Retain Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/retain/"
     google-query: inurl:"/wp-content/plugins/retain/"
     shodan-query: 'vuln:CVE-2022-3391'
-  tags: cve,wordpress,wp-plugin,retain,medium
+  tags: cve,wordpress,wp-plugin,retain,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3392-e4bd7eea0fd05e8e2fe20b6f0c6b7046.yaml b/nuclei-templates/2022/CVE-2022-3392-e4bd7eea0fd05e8e2fe20b6f0c6b7046.yaml
index 076685fdc9..2a7b4d4a5b 100644
--- a/nuclei-templates/2022/CVE-2022-3392-e4bd7eea0fd05e8e2fe20b6f0c6b7046.yaml
+++ b/nuclei-templates/2022/CVE-2022-3392-e4bd7eea0fd05e8e2fe20b6f0c6b7046.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Humans.txt <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Humans.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator -level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-humanstxt/"
     google-query: inurl:"/wp-content/plugins/wp-humanstxt/"
     shodan-query: 'vuln:CVE-2022-3392'
-  tags: cve,wordpress,wp-plugin,wp-humanstxt,medium
+  tags: cve,wordpress,wp-plugin,wp-humanstxt,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3393-7b65c39ddbda37096522c90c94a9d953.yaml b/nuclei-templates/2022/CVE-2022-3393-7b65c39ddbda37096522c90c94a9d953.yaml
index 2f1423041e..2745fb6fc6 100644
--- a/nuclei-templates/2022/CVE-2022-3393-7b65c39ddbda37096522c90c94a9d953.yaml
+++ b/nuclei-templates/2022/CVE-2022-3393-7b65c39ddbda37096522c90c94a9d953.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post to CSV by BestWebSoft <= 1.3.8 - Authenticated (Author+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post to CSV by BestWebSoft plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.8. This allows author-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-to-csv/"
     google-query: inurl:"/wp-content/plugins/post-to-csv/"
     shodan-query: 'vuln:CVE-2022-3393'
-  tags: cve,wordpress,wp-plugin,post-to-csv,medium
+  tags: cve,wordpress,wp-plugin,post-to-csv,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3394-92aa647881d350b340f99ec0dcdafcc3.yaml b/nuclei-templates/2022/CVE-2022-3394-92aa647881d350b340f99ec0dcdafcc3.yaml
index 35fbf739a3..5aad0c415f 100644
--- a/nuclei-templates/2022/CVE-2022-3394-92aa647881d350b340f99ec0dcdafcc3.yaml
+++ b/nuclei-templates/2022/CVE-2022-3394-92aa647881d350b340f99ec0dcdafcc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ALL Export Pro <= 1.7.8 - Authenticated Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.7.8. This allows low-level attackers (depending on whether they have been given permission to perform exports) to execute code on the server. While the plugin defaults to allow only administrators to perform such exports, they can also delegate this task to lower-privileged users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-export-pro/"
     google-query: inurl:"/wp-content/plugins/wp-all-export-pro/"
     shodan-query: 'vuln:CVE-2022-3394'
-  tags: cve,wordpress,wp-plugin,wp-all-export-pro,high
+  tags: cve,wordpress,wp-plugin,wp-all-export-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-33943-629a86e61ae281b9190188a5f16e6d8f.yaml b/nuclei-templates/2022/CVE-2022-33943-629a86e61ae281b9190188a5f16e6d8f.yaml
index f38c0f0241..ae3239949b 100644
--- a/nuclei-templates/2022/CVE-2022-33943-629a86e61ae281b9190188a5f16e6d8f.yaml
+++ b/nuclei-templates/2022/CVE-2022-33943-629a86e61ae281b9190188a5f16e6d8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BxSlider WP <= 2.0.0 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BxSlider WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bxslider-wp/"
     google-query: inurl:"/wp-content/plugins/bxslider-wp/"
     shodan-query: 'vuln:CVE-2022-33943'
-  tags: cve,wordpress,wp-plugin,bxslider-wp,medium
+  tags: cve,wordpress,wp-plugin,bxslider-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3395-c8d77620d025f09aeefa4638ee5b37e1.yaml b/nuclei-templates/2022/CVE-2022-3395-c8d77620d025f09aeefa4638ee5b37e1.yaml
index 37c3fe9f4b..06e3001c86 100644
--- a/nuclei-templates/2022/CVE-2022-3395-c8d77620d025f09aeefa4638ee5b37e1.yaml
+++ b/nuclei-templates/2022/CVE-2022-3395-c8d77620d025f09aeefa4638ee5b37e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ALL Export Pro <= 1.7.8 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP ALL Export Pro plugin for WordPress is vulnerable to SQL Injection via the cc_sql  parameter in versions up to, and including, 1.7.8. This allows low-level attackers (depending on whether they have been given permission to perform SQL queries) to to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. While the plugin defaults to allow only administrators to perform such queries, they can also delegate this task to lower-privileged users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-export-pro/"
     google-query: inurl:"/wp-content/plugins/wp-all-export-pro/"
     shodan-query: 'vuln:CVE-2022-3395'
-  tags: cve,wordpress,wp-plugin,wp-all-export-pro,high
+  tags: cve,wordpress,wp-plugin,wp-all-export-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-33960-aa18dc73a5ad2f3458b2829a667a4dbe.yaml b/nuclei-templates/2022/CVE-2022-33960-aa18dc73a5ad2f3458b2829a667a4dbe.yaml
index 62bb1ecb29..bf330336dc 100644
--- a/nuclei-templates/2022/CVE-2022-33960-aa18dc73a5ad2f3458b2829a667a4dbe.yaml
+++ b/nuclei-templates/2022/CVE-2022-33960-aa18dc73a5ad2f3458b2829a667a4dbe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Share Buttons by Supsystic <= 2.2.3 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Social Share Buttons by Supsystic plugin for WordPress is vulnerable to SQL Injection via several unknown parameters in versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-share-buttons-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/social-share-buttons-by-supsystic/"
     shodan-query: 'vuln:CVE-2022-33960'
-  tags: cve,wordpress,wp-plugin,social-share-buttons-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,social-share-buttons-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-33969-5dac27116865bf3a33881aeb2e87a891.yaml b/nuclei-templates/2022/CVE-2022-33969-5dac27116865bf3a33881aeb2e87a891.yaml
index 2f5cf43ec5..4829f2b483 100644
--- a/nuclei-templates/2022/CVE-2022-33969-5dac27116865bf3a33881aeb2e87a891.yaml
+++ b/nuclei-templates/2022/CVE-2022-33969-5dac27116865bf3a33881aeb2e87a891.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Flipbox – Awesomes Flip Boxes Image Overlay plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 2.6.0. This is due to a lack of validation on the settings supplied to the oxi_settings() function. This makes it possible for authenticated attackers, with administrative level permissions, to update arbitrary options on the WordPress site. This would only affect sites where the administrator has been restricted to not 'manage_options' or the administrator has allowed users with lower permissions to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-ultimate-visual-composer/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate-visual-composer/"
     shodan-query: 'vuln:CVE-2022-33969'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate-visual-composer,high
+  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate-visual-composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-33970-51577bdf9a059e7edb1dda702623d2b6.yaml b/nuclei-templates/2022/CVE-2022-33970-51577bdf9a059e7edb1dda702623d2b6.yaml
index 1063e289c9..b7494a6d4e 100644
--- a/nuclei-templates/2022/CVE-2022-33970-51577bdf9a059e7edb1dda702623d2b6.yaml
+++ b/nuclei-templates/2022/CVE-2022-33970-51577bdf9a059e7edb1dda702623d2b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The "Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension" plugin for WordPress is vulnerable to arbitrary options update in versions up to, and including, 3.1.2. This makes it possible for authenticated attackers to modify arbitrary site options that can be used for complete site takeover.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-addons/"
     google-query: inurl:"/wp-content/plugins/shortcode-addons/"
     shodan-query: 'vuln:CVE-2022-33970'
-  tags: cve,wordpress,wp-plugin,shortcode-addons,high
+  tags: cve,wordpress,wp-plugin,shortcode-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-33987-05c2167f7f1f78fa58c980d418931b2c.yaml b/nuclei-templates/2022/CVE-2022-33987-05c2167f7f1f78fa58c980d418931b2c.yaml
index 60d2e5657c..708156b9db 100644
--- a/nuclei-templates/2022/CVE-2022-33987-05c2167f7f1f78fa58c980d418931b2c.yaml
+++ b/nuclei-templates/2022/CVE-2022-33987-05c2167f7f1f78fa58c980d418931b2c.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2022-33987
   metadata:
-    fofa-query: "wp-content/plugins/simple-page-ordering/"
-    google-query: inurl:"/wp-content/plugins/simple-page-ordering/"
+    fofa-query: "wp-content/plugins/safe-redirect-manager/"
+    google-query: inurl:"/wp-content/plugins/safe-redirect-manager/"
     shodan-query: 'vuln:CVE-2022-33987'
-  tags: cve,wordpress,wp-plugin,simple-page-ordering,medium
+  tags: cve,wordpress,wp-plugin,safe-redirect-manager,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/simple-page-ordering/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/safe-redirect-manager/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "simple-page-ordering"
+          - "safe-redirect-manager"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.4.2')
\ No newline at end of file
+          - compare_versions(version, '<= 1.11.1')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-3400-76570c8af26fd8add3788aed77d646fa.yaml b/nuclei-templates/2022/CVE-2022-3400-76570c8af26fd8add3788aed77d646fa.yaml
index 67f045916e..38d8ccad13 100644
--- a/nuclei-templates/2022/CVE-2022-3400-76570c8af26fd8add3788aed77d646fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-3400-76570c8af26fd8add3788aed77d646fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bricks 1.0 - 1.5.3 - Missing Authorization to Arbitrary Content Creation/Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/bricks/"
     google-query: inurl:"/wp-content/themes/bricks/"
     shodan-query: 'vuln:CVE-2022-3400'
-  tags: cve,wordpress,wp-theme,bricks,medium
+  tags: cve,wordpress,wp-theme,bricks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3401-8d874ea95f55c0ec9bb8e08a17ec4807.yaml b/nuclei-templates/2022/CVE-2022-3401-8d874ea95f55c0ec9bb8e08a17ec4807.yaml
index 03418940d3..ffaefe1f4c 100644
--- a/nuclei-templates/2022/CVE-2022-3401-8d874ea95f55c0ec9bb8e08a17ec4807.yaml
+++ b/nuclei-templates/2022/CVE-2022-3401-8d874ea95f55c0ec9bb8e08a17ec4807.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bricks 1.2 - 1.5.3 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/bricks/"
     google-query: inurl:"/wp-content/themes/bricks/"
     shodan-query: 'vuln:CVE-2022-3401'
-  tags: cve,wordpress,wp-theme,bricks,high
+  tags: cve,wordpress,wp-theme,bricks,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3402-5a93acfe5c571ac99fbd0be363e6f484.yaml b/nuclei-templates/2022/CVE-2022-3402-5a93acfe5c571ac99fbd0be363e6f484.yaml
index c1ff6e83cb..a6c991f151 100644
--- a/nuclei-templates/2022/CVE-2022-3402-5a93acfe5c571ac99fbd0be363e6f484.yaml
+++ b/nuclei-templates/2022/CVE-2022-3402-5a93acfe5c571ac99fbd0be363e6f484.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Log HTTP Requests <= 1.3.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/log-http-requests/"
     google-query: inurl:"/wp-content/plugins/log-http-requests/"
     shodan-query: 'vuln:CVE-2022-3402'
-  tags: cve,wordpress,wp-plugin,log-http-requests,medium
+  tags: cve,wordpress,wp-plugin,log-http-requests,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3408-7fe1343755ae3216e2612ce9dec35f72.yaml b/nuclei-templates/2022/CVE-2022-3408-7fe1343755ae3216e2612ce9dec35f72.yaml
index ea9b10f86f..698b7a6e47 100644
--- a/nuclei-templates/2022/CVE-2022-3408-7fe1343755ae3216e2612ce9dec35f72.yaml
+++ b/nuclei-templates/2022/CVE-2022-3408-7fe1343755ae3216e2612ce9dec35f72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Word Count <= 3.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Word Count plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-word-count/"
     google-query: inurl:"/wp-content/plugins/wp-word-count/"
     shodan-query: 'vuln:CVE-2022-3408'
-  tags: cve,wordpress,wp-plugin,wp-word-count,medium
+  tags: cve,wordpress,wp-plugin,wp-word-count,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34148-8eae7ffaabe0ed4cfdd5b1537b7b4d67.yaml b/nuclei-templates/2022/CVE-2022-34148-8eae7ffaabe0ed4cfdd5b1537b7b4d67.yaml
index d29347abd8..77387e935d 100644
--- a/nuclei-templates/2022/CVE-2022-34148-8eae7ffaabe0ed4cfdd5b1537b7b4d67.yaml
+++ b/nuclei-templates/2022/CVE-2022-34148-8eae7ffaabe0ed4cfdd5b1537b7b4d67.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup Guard <= 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Backup Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup/"
     google-query: inurl:"/wp-content/plugins/backup/"
     shodan-query: 'vuln:CVE-2022-34148'
-  tags: cve,wordpress,wp-plugin,backup,medium
+  tags: cve,wordpress,wp-plugin,backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34154-ac9050df076297964363495b9c075e7f.yaml b/nuclei-templates/2022/CVE-2022-34154-ac9050df076297964363495b9c075e7f.yaml
index 62f8613f40..eee5b20b1c 100644
--- a/nuclei-templates/2022/CVE-2022-34154-ac9050df076297964363495b9c075e7f.yaml
+++ b/nuclei-templates/2022/CVE-2022-34154-ac9050df076297964363495b9c075e7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enable SVG, WebP & ICO Upload <= 1.0.3 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Enable SVG, WebP & ICO Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enable-svg-webp-ico-upload/"
     google-query: inurl:"/wp-content/plugins/enable-svg-webp-ico-upload/"
     shodan-query: 'vuln:CVE-2022-34154'
-  tags: cve,wordpress,wp-plugin,enable-svg-webp-ico-upload,high
+  tags: cve,wordpress,wp-plugin,enable-svg-webp-ico-upload,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3416-4578c261077bba561117707849a7d191.yaml b/nuclei-templates/2022/CVE-2022-3416-4578c261077bba561117707849a7d191.yaml
index eec4850dd4..8e17344057 100644
--- a/nuclei-templates/2022/CVE-2022-3416-4578c261077bba561117707849a7d191.yaml
+++ b/nuclei-templates/2022/CVE-2022-3416-4578c261077bba561117707849a7d191.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPtouch <= 4.3.44 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WPtouch plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation when uploading images in versions up to, and including, 4.3.44. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wptouch/"
     google-query: inurl:"/wp-content/plugins/wptouch/"
     shodan-query: 'vuln:CVE-2022-3416'
-  tags: cve,wordpress,wp-plugin,wptouch,high
+  tags: cve,wordpress,wp-plugin,wptouch,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3417-1b6d42c938576bb7e9892a86129f9bc5.yaml b/nuclei-templates/2022/CVE-2022-3417-1b6d42c938576bb7e9892a86129f9bc5.yaml
index 1adbbb7500..72f9cd92e0 100644
--- a/nuclei-templates/2022/CVE-2022-3417-1b6d42c938576bb7e9892a86129f9bc5.yaml
+++ b/nuclei-templates/2022/CVE-2022-3417-1b6d42c938576bb7e9892a86129f9bc5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPtouch <= 4.3.44 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WPtouch plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.3.44 via deserialization of untrusted input when importing settings. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wptouch/"
     google-query: inurl:"/wp-content/plugins/wptouch/"
     shodan-query: 'vuln:CVE-2022-3417'
-  tags: cve,wordpress,wp-plugin,wptouch,high
+  tags: cve,wordpress,wp-plugin,wptouch,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3418-6e8d8a68dd9873805b5f71eb69761022.yaml b/nuclei-templates/2022/CVE-2022-3418-6e8d8a68dd9873805b5f71eb69761022.yaml
index 13b124dfdf..dcaa6b5905 100644
--- a/nuclei-templates/2022/CVE-2022-3418-6e8d8a68dd9873805b5f71eb69761022.yaml
+++ b/nuclei-templates/2022/CVE-2022-3418-6e8d8a68dd9873805b5f71eb69761022.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Import any XML or CSV File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to improper file extension validation when uploading files in versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2022-3418'
-  tags: cve,wordpress,wp-plugin,wp-all-import,medium
+  tags: cve,wordpress,wp-plugin,wp-all-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3425-d27196962105bff471a16f16aa617461.yaml b/nuclei-templates/2022/CVE-2022-3425-d27196962105bff471a16f16aa617461.yaml
index c77c786e50..561dfa3463 100644
--- a/nuclei-templates/2022/CVE-2022-3425-d27196962105bff471a16f16aa617461.yaml
+++ b/nuclei-templates/2022/CVE-2022-3425-d27196962105bff471a16f16aa617461.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Google Analyticator plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.5.5  via deserialization of untrusted input. This allows administrator-level attackers to inject a PHP Object. The additional presence of a POP chain in the vulnerable plugin may allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analyticator/"
     google-query: inurl:"/wp-content/plugins/google-analyticator/"
     shodan-query: 'vuln:CVE-2022-3425'
-  tags: cve,wordpress,wp-plugin,google-analyticator,high
+  tags: cve,wordpress,wp-plugin,google-analyticator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3426-46e70ce2d5b65ea57e5b89cf696f0367.yaml b/nuclei-templates/2022/CVE-2022-3426-46e70ce2d5b65ea57e5b89cf696f0367.yaml
index 95768f18d1..93faab6240 100644
--- a/nuclei-templates/2022/CVE-2022-3426-46e70ce2d5b65ea57e5b89cf696f0367.yaml
+++ b/nuclei-templates/2022/CVE-2022-3426-46e70ce2d5b65ea57e5b89cf696f0367.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced WP Columns <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced WP Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various setting parameters in versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-wp-columns/"
     google-query: inurl:"/wp-content/plugins/advanced-wp-columns/"
     shodan-query: 'vuln:CVE-2022-3426'
-  tags: cve,wordpress,wp-plugin,advanced-wp-columns,medium
+  tags: cve,wordpress,wp-plugin,advanced-wp-columns,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3427-34e1ea4c84115991aa9040d8463cc384.yaml b/nuclei-templates/2022/CVE-2022-3427-34e1ea4c84115991aa9040d8463cc384.yaml
index e8afd7c685..1d124d8861 100644
--- a/nuclei-templates/2022/CVE-2022-3427-34e1ea4c84115991aa9040d8463cc384.yaml
+++ b/nuclei-templates/2022/CVE-2022-3427-34e1ea4c84115991aa9040d8463cc384.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Corner Ad <= 1.0.56 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger the deletion of ads via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/corner-ad/"
     google-query: inurl:"/wp-content/plugins/corner-ad/"
     shodan-query: 'vuln:CVE-2022-3427'
-  tags: cve,wordpress,wp-plugin,corner-ad,high
+  tags: cve,wordpress,wp-plugin,corner-ad,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34344-ea695aba033f5eaa6e1bbebc4ad1cb3b.yaml b/nuclei-templates/2022/CVE-2022-34344-ea695aba033f5eaa6e1bbebc4ad1cb3b.yaml
index 15060a91f7..b869724ab5 100644
--- a/nuclei-templates/2022/CVE-2022-34344-ea695aba033f5eaa6e1bbebc4ad1cb3b.yaml
+++ b/nuclei-templates/2022/CVE-2022-34344-ea695aba033f5eaa6e1bbebc4ad1cb3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wholesale Suite <= 2.1.5 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wholesale Suite plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the edit_wholesale_role function in versions up to, and including, 2.1.5. This makes it possible for authenticated attackers with subscriber-level privileges to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-wholesale-prices/"
     google-query: inurl:"/wp-content/plugins/woocommerce-wholesale-prices/"
     shodan-query: 'vuln:CVE-2022-34344'
-  tags: cve,wordpress,wp-plugin,woocommerce-wholesale-prices,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-wholesale-prices,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34347-cb8528ea228de7c195be74b03a1cf056.yaml b/nuclei-templates/2022/CVE-2022-34347-cb8528ea228de7c195be74b03a1cf056.yaml
index c608ec975f..8469287365 100644
--- a/nuclei-templates/2022/CVE-2022-34347-cb8528ea228de7c195be74b03a1cf056.yaml
+++ b/nuclei-templates/2022/CVE-2022-34347-cb8528ea228de7c195be74b03a1cf056.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.48 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.48. This is due to missing or incorrect nonce validation on the updateTemplateStatus function. This makes it possible for unauthenticated attackers to trigger setting changes forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2022-34347'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3441-a6ad4e1a267f3d946e1e2e12d5bebc25.yaml b/nuclei-templates/2022/CVE-2022-3441-a6ad4e1a267f3d946e1e2e12d5bebc25.yaml
index 279cdd213d..f31436f379 100644
--- a/nuclei-templates/2022/CVE-2022-3441-a6ad4e1a267f3d946e1e2e12d5bebc25.yaml
+++ b/nuclei-templates/2022/CVE-2022-3441-a6ad4e1a267f3d946e1e2e12d5bebc25.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rock Convert <= 2.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rock Convert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text’ field on the settings form in versions up to, and including, 2.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rock-convert/"
     google-query: inurl:"/wp-content/plugins/rock-convert/"
     shodan-query: 'vuln:CVE-2022-3441'
-  tags: cve,wordpress,wp-plugin,rock-convert,medium
+  tags: cve,wordpress,wp-plugin,rock-convert,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3451-8e787a46ad14cecfaea14ee098f61614.yaml b/nuclei-templates/2022/CVE-2022-3451-8e787a46ad14cecfaea14ee098f61614.yaml
index 7222c5a11a..5aef0e249c 100644
--- a/nuclei-templates/2022/CVE-2022-3451-8e787a46ad14cecfaea14ee098f61614.yaml
+++ b/nuclei-templates/2022/CVE-2022-3451-8e787a46ad14cecfaea14ee098f61614.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Stock Manager < 1.0.5 - Missing Authorization and Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Product Stock Manager plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several AJAX actions such as af_sm_set_checkbox_status in versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions and make changes they are unauthorized to do so. Furthermore, proper Cross-Site Request Forgery protection is missing. This allows unauthenticated attackers to invoke those actions, via forged request granted they can trick a user into clicking on a link. The af_sm_set_checkbox_status AJAX action can be used to change arbitrary options on the site, which can be used to register administrative user accounts on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addify-product-stock-manager/"
     google-query: inurl:"/wp-content/plugins/addify-product-stock-manager/"
     shodan-query: 'vuln:CVE-2022-3451'
-  tags: cve,wordpress,wp-plugin,addify-product-stock-manager,high
+  tags: cve,wordpress,wp-plugin,addify-product-stock-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3462-4f5affe3e6d10944ac86113d1e4881da.yaml b/nuclei-templates/2022/CVE-2022-3462-4f5affe3e6d10944ac86113d1e4881da.yaml
index 6047496776..c9a6c68074 100644
--- a/nuclei-templates/2022/CVE-2022-3462-4f5affe3e6d10944ac86113d1e4881da.yaml
+++ b/nuclei-templates/2022/CVE-2022-3462-4f5affe3e6d10944ac86113d1e4881da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Highlight Focus <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Highlight Focus plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/highlight-focus/"
     google-query: inurl:"/wp-content/plugins/highlight-focus/"
     shodan-query: 'vuln:CVE-2022-3462'
-  tags: cve,wordpress,wp-plugin,highlight-focus,medium
+  tags: cve,wordpress,wp-plugin,highlight-focus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34648-5c305c85e58387c07315e703af6d187a.yaml b/nuclei-templates/2022/CVE-2022-34648-5c305c85e58387c07315e703af6d187a.yaml
index 4dcc7e5744..bfcf074d12 100644
--- a/nuclei-templates/2022/CVE-2022-34648-5c305c85e58387c07315e703af6d187a.yaml
+++ b/nuclei-templates/2022/CVE-2022-34648-5c305c85e58387c07315e703af6d187a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uploading SVG, WEBP and ICO files <= 1.0.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Uploading SVG, WEBP and ICO files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uploading-svgwebp-and-ico-files/"
     google-query: inurl:"/wp-content/plugins/uploading-svgwebp-and-ico-files/"
     shodan-query: 'vuln:CVE-2022-34648'
-  tags: cve,wordpress,wp-plugin,uploading-svgwebp-and-ico-files,medium
+  tags: cve,wordpress,wp-plugin,uploading-svgwebp-and-ico-files,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34650-ddd0e9486fe68ad8ba91d2369f80747b.yaml b/nuclei-templates/2022/CVE-2022-34650-ddd0e9486fe68ad8ba91d2369f80747b.yaml
index 4beb2e5c67..6c4d58a214 100644
--- a/nuclei-templates/2022/CVE-2022-34650-ddd0e9486fe68ad8ba91d2369f80747b.yaml
+++ b/nuclei-templates/2022/CVE-2022-34650-ddd0e9486fe68ad8ba91d2369f80747b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Team <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adl-team/"
     google-query: inurl:"/wp-content/plugins/adl-team/"
     shodan-query: 'vuln:CVE-2022-34650'
-  tags: cve,wordpress,wp-plugin,adl-team,medium
+  tags: cve,wordpress,wp-plugin,adl-team,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34654-a5a6d2493729bf3090ce1785835756c3.yaml b/nuclei-templates/2022/CVE-2022-34654-a5a6d2493729bf3090ce1785835756c3.yaml
index 5a4e9119d1..ff333194e2 100644
--- a/nuclei-templates/2022/CVE-2022-34654-a5a6d2493729bf3090ce1785835756c3.yaml
+++ b/nuclei-templates/2022/CVE-2022-34654-a5a6d2493729bf3090ce1785835756c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Manage Notification E-mails <= 1.8.2 - Cross-Site Request Forgery to Plugin Options Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Manage Notification E-mails plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the reset_settings function. This makes it possible for unauthenticated attackers to reset the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/manage-notification-emails/"
     google-query: inurl:"/wp-content/plugins/manage-notification-emails/"
     shodan-query: 'vuln:CVE-2022-34654'
-  tags: cve,wordpress,wp-plugin,manage-notification-emails,high
+  tags: cve,wordpress,wp-plugin,manage-notification-emails,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34656-ab0d8c25a4b5735f6b566693ae1e6b91.yaml b/nuclei-templates/2022/CVE-2022-34656-ab0d8c25a4b5735f6b566693ae1e6b91.yaml
index 5e28cac0cd..447ee249b8 100644
--- a/nuclei-templates/2022/CVE-2022-34656-ab0d8c25a4b5735f6b566693ae1e6b91.yaml
+++ b/nuclei-templates/2022/CVE-2022-34656-ab0d8c25a4b5735f6b566693ae1e6b91.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poll, Survey, Questionnaire and Voting system <= 1.7.4 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Poll, Survey, Questionnaire and Voting system plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/polls-widget/"
     google-query: inurl:"/wp-content/plugins/polls-widget/"
     shodan-query: 'vuln:CVE-2022-34656'
-  tags: cve,wordpress,wp-plugin,polls-widget,medium
+  tags: cve,wordpress,wp-plugin,polls-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34658-300ac7058f885b1b1ecbf0131074eaf1.yaml b/nuclei-templates/2022/CVE-2022-34658-300ac7058f885b1b1ecbf0131074eaf1.yaml
index 5bb8bf9c77..66714b847f 100644
--- a/nuclei-templates/2022/CVE-2022-34658-300ac7058f885b1b1ecbf0131074eaf1.yaml
+++ b/nuclei-templates/2022/CVE-2022-34658-300ac7058f885b1b1ecbf0131074eaf1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.48 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ and 'label' parameters in versions up to, and including, 3.2.48  due to insufficient input sanitization and output escaping when setting lock options for downloadables. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2022-34658'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3469-d368d355a42efc82f9add75ee0c1d079.yaml b/nuclei-templates/2022/CVE-2022-3469-d368d355a42efc82f9add75ee0c1d079.yaml
index 0c6ae1ee6f..c91cc87b41 100644
--- a/nuclei-templates/2022/CVE-2022-3469-d368d355a42efc82f9add75ee0c1d079.yaml
+++ b/nuclei-templates/2022/CVE-2022-3469-d368d355a42efc82f9add75ee0c1d079.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Attachments <= 5.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attachment’ parameter in versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-attachments/"
     google-query: inurl:"/wp-content/plugins/wp-attachments/"
     shodan-query: 'vuln:CVE-2022-3469'
-  tags: cve,wordpress,wp-plugin,wp-attachments,medium
+  tags: cve,wordpress,wp-plugin,wp-attachments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3477-bff7cd3ae66179edd6f79145d30bd8a6.yaml b/nuclei-templates/2022/CVE-2022-3477-bff7cd3ae66179edd6f79145d30bd8a6.yaml
index 9f68ef4d42..887b733c8f 100644
--- a/nuclei-templates/2022/CVE-2022-3477-bff7cd3ae66179edd6f79145d30bd8a6.yaml
+++ b/nuclei-templates/2022/CVE-2022-3477-bff7cd3ae66179edd6f79145d30bd8a6.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2022-3477
   metadata:
-    fofa-query: "wp-content/themes/Newspaper/"
-    google-query: inurl:"/wp-content/themes/Newspaper/"
+    fofa-query: "wp-content/plugins/td-composer/"
+    google-query: inurl:"/wp-content/plugins/td-composer/"
     shodan-query: 'vuln:CVE-2022-3477'
-  tags: cve,wordpress,wp-theme,Newspaper,critical
+  tags: cve,wordpress,wp-plugin,td-composer,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/Newspaper/style.css"
+      - "{{BaseURL}}/wp-content/plugins/td-composer/readme.txt"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Version: ([0-9.]+)"
+          - "(?mi)Stable tag: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Version: ([0-9.]+)"
+          - "(?mi)Stable tag: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "Newspaper"
+          - "td-composer"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 12')
\ No newline at end of file
+          - compare_versions(version, '< 3.5')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-34839-11efe70fd2ae23707bfcf341a18862cb.yaml b/nuclei-templates/2022/CVE-2022-34839-11efe70fd2ae23707bfcf341a18862cb.yaml
index a3b164cfb0..5c12f7302a 100644
--- a/nuclei-templates/2022/CVE-2022-34839-11efe70fd2ae23707bfcf341a18862cb.yaml
+++ b/nuclei-templates/2022/CVE-2022-34839-11efe70fd2ae23707bfcf341a18862cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP OAuth2 Server <= 1.0.1 - Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP OAuth2 Server plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oauth2-server/"
     google-query: inurl:"/wp-content/plugins/oauth2-server/"
     shodan-query: 'vuln:CVE-2022-34839'
-  tags: cve,wordpress,wp-plugin,oauth2-server,high
+  tags: cve,wordpress,wp-plugin,oauth2-server,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34853-b4bab111be528a55d6c4bef04962870e.yaml b/nuclei-templates/2022/CVE-2022-34853-b4bab111be528a55d6c4bef04962870e.yaml
index ca16cf679a..796c7dd30a 100644
--- a/nuclei-templates/2022/CVE-2022-34853-b4bab111be528a55d6c4bef04962870e.yaml
+++ b/nuclei-templates/2022/CVE-2022-34853-b4bab111be528a55d6c4bef04962870e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Team <= 1.2.6 - Authenticated (Contibutor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adl-team/"
     google-query: inurl:"/wp-content/plugins/adl-team/"
     shodan-query: 'vuln:CVE-2022-34853'
-  tags: cve,wordpress,wp-plugin,adl-team,medium
+  tags: cve,wordpress,wp-plugin,adl-team,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-34868-d03a599615f97ee32ed6c9f069046608.yaml b/nuclei-templates/2022/CVE-2022-34868-d03a599615f97ee32ed6c9f069046608.yaml
index f15ba2cbbe..5b8d369848 100644
--- a/nuclei-templates/2022/CVE-2022-34868-d03a599615f97ee32ed6c9f069046608.yaml
+++ b/nuclei-templates/2022/CVE-2022-34868-d03a599615f97ee32ed6c9f069046608.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ЮKassa для WooCommerce <= 2.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ЮKassa для WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_settings() function in versions up to, and including, 2.3.0. This makes it possible for authenticated attacker with minimal permissions, such as a subscriber, to update arbitrary settings for the plugin on the WordPress site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yookassa/"
     google-query: inurl:"/wp-content/plugins/yookassa/"
     shodan-query: 'vuln:CVE-2022-34868'
-  tags: cve,wordpress,wp-plugin,yookassa,medium
+  tags: cve,wordpress,wp-plugin,yookassa,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3490-d8db32c50c0bea30a973b5af0530e9fa.yaml b/nuclei-templates/2022/CVE-2022-3490-d8db32c50c0bea30a973b5af0530e9fa.yaml
index 07f22e2d0e..203f7bccf8 100644
--- a/nuclei-templates/2022/CVE-2022-3490-d8db32c50c0bea30a973b5af0530e9fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-3490-d8db32c50c0bea30a973b5af0530e9fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Checkout Field Editor <= 1.7.2 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Checkout Field Editor plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.7.2 via deserialization of untrusted input from the 'save_plugin_settings' function and the 'i_settings_data' parameter. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-checkout-field-editor-pro/"
     google-query: inurl:"/wp-content/plugins/woo-checkout-field-editor-pro/"
     shodan-query: 'vuln:CVE-2022-3490'
-  tags: cve,wordpress,wp-plugin,woo-checkout-field-editor-pro,high
+  tags: cve,wordpress,wp-plugin,woo-checkout-field-editor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3494-6f528eadb66a9354628a303cdece4106.yaml b/nuclei-templates/2022/CVE-2022-3494-6f528eadb66a9354628a303cdece4106.yaml
index beede9c5a1..ca5106f65f 100644
--- a/nuclei-templates/2022/CVE-2022-3494-6f528eadb66a9354628a303cdece4106.yaml
+++ b/nuclei-templates/2022/CVE-2022-3494-6f528eadb66a9354628a303cdece4106.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Complianz Free <= 6.3.3 & Premium <= 6.3.5  - SQL Injection via Translations
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Complianz plugin for WordPress is vulnerable to SQL Injection via unescaped translations in versions up to, and including, 6.3.3 (Free) and 6.3.5 (Premium) due to insufficient escaping on the user supplied translation (either from a translation file or a user with translator role through a translation plugin) and lack of sufficient preparation on the existing SQL query. This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2022-3494
   metadata:
-    fofa-query: "wp-content/plugins/complianz-gdpr-premium/"
-    google-query: inurl:"/wp-content/plugins/complianz-gdpr-premium/"
+    fofa-query: "wp-content/plugins/complianz-gdpr/"
+    google-query: inurl:"/wp-content/plugins/complianz-gdpr/"
     shodan-query: 'vuln:CVE-2022-3494'
-  tags: cve,wordpress,wp-plugin,complianz-gdpr-premium,high
+  tags: cve,wordpress,wp-plugin,complianz-gdpr,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/complianz-gdpr-premium/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "complianz-gdpr-premium"
+          - "complianz-gdpr"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 6.3.5')
\ No newline at end of file
+          - compare_versions(version, '<= 6.3.3')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-3506-38bcc8fc23f5e64dd2298c12f27f47b2.yaml b/nuclei-templates/2022/CVE-2022-3506-38bcc8fc23f5e64dd2298c12f27f47b2.yaml
index b3d1db965b..6d8afdd5c0 100644
--- a/nuclei-templates/2022/CVE-2022-3506-38bcc8fc23f5e64dd2298c12f27f47b2.yaml
+++ b/nuclei-templates/2022/CVE-2022-3506-38bcc8fc23f5e64dd2298c12f27f47b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Related Posts for WordPress <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Related Posts for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_text’ parameter in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note, this vulnerability was independently found by two researchers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/related-posts-for-wp/"
     google-query: inurl:"/wp-content/plugins/related-posts-for-wp/"
     shodan-query: 'vuln:CVE-2022-3506'
-  tags: cve,wordpress,wp-plugin,related-posts-for-wp,medium
+  tags: cve,wordpress,wp-plugin,related-posts-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-35235-ec9c194a00305798df823bbd977744c9.yaml b/nuclei-templates/2022/CVE-2022-35235-ec9c194a00305798df823bbd977744c9.yaml
index fa12dc7ca0..467c3f6070 100644
--- a/nuclei-templates/2022/CVE-2022-35235-ec9c194a00305798df823bbd977744c9.yaml
+++ b/nuclei-templates/2022/CVE-2022-35235-ec9c194a00305798df823bbd977744c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The plugin WPide for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 2.6. This makes it possible for authenticated users, with administrative privileges or higher, to read any file on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpide/"
     google-query: inurl:"/wp-content/plugins/wpide/"
     shodan-query: 'vuln:CVE-2022-35235'
-  tags: cve,wordpress,wp-plugin,wpide,medium
+  tags: cve,wordpress,wp-plugin,wpide,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-35242-535595f4b0854a5ba3ef769bc0a6d8a1.yaml b/nuclei-templates/2022/CVE-2022-35242-535595f4b0854a5ba3ef769bc0a6d8a1.yaml
index 61334ac241..702426e601 100644
--- a/nuclei-templates/2022/CVE-2022-35242-535595f4b0854a5ba3ef769bc0a6d8a1.yaml
+++ b/nuclei-templates/2022/CVE-2022-35242-535595f4b0854a5ba3ef769bc0a6d8a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     THE Leads Management System: 59sec LITE <= 3.4.1 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The THE Leads Management System: 59sec LITE plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 3.4.1. This makes it possible for unauthenticated attackers to update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/"
     google-query: inurl:"/wp-content/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/"
     shodan-query: 'vuln:CVE-2022-35242'
-  tags: cve,wordpress,wp-plugin,59sec-lite-contact-form-7-push-notifications-on-ios-and-android,medium
+  tags: cve,wordpress,wp-plugin,59sec-lite-contact-form-7-push-notifications-on-ios-and-android,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-35277-9fa773be7e5cdf580182e19b1f6e77fb.yaml b/nuclei-templates/2022/CVE-2022-35277-9fa773be7e5cdf580182e19b1f6e77fb.yaml
index d047636d55..dd9375dae7 100644
--- a/nuclei-templates/2022/CVE-2022-35277-9fa773be7e5cdf580182e19b1f6e77fb.yaml
+++ b/nuclei-templates/2022/CVE-2022-35277-9fa773be7e5cdf580182e19b1f6e77fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GetResponse <= 5.5.19 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The GetResponse plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.5.19. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to trigger API Key updates via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/getresponse-integration/"
     google-query: inurl:"/wp-content/plugins/getresponse-integration/"
     shodan-query: 'vuln:CVE-2022-35277'
-  tags: cve,wordpress,wp-plugin,getresponse-integration,high
+  tags: cve,wordpress,wp-plugin,getresponse-integration,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3536-9572375f1a63fe71cfefeb901690b502.yaml b/nuclei-templates/2022/CVE-2022-3536-9572375f1a63fe71cfefeb901690b502.yaml
index 92f3d06032..9ed8e465dc 100644
--- a/nuclei-templates/2022/CVE-2022-3536-9572375f1a63fe71cfefeb901690b502.yaml
+++ b/nuclei-templates/2022/CVE-2022-3536-9572375f1a63fe71cfefeb901690b502.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Role Based Pricing for WooCommerce <= 1.6.2 - Missing Authorization to PHAR Deserialization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Role Based Pricing for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with subscriber-level access or higher, to perform PHAR deserialization attacks provided they can upload a file and a suitable pop chain is present.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/role-based-pricing-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/role-based-pricing-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-3536'
-  tags: cve,wordpress,wp-plugin,role-based-pricing-for-woocommerce,critical
+  tags: cve,wordpress,wp-plugin,role-based-pricing-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3537-226373864d57cc20f7f59dea62a55c3b.yaml b/nuclei-templates/2022/CVE-2022-3537-226373864d57cc20f7f59dea62a55c3b.yaml
index e9035a6024..9b5f622086 100644
--- a/nuclei-templates/2022/CVE-2022-3537-226373864d57cc20f7f59dea62a55c3b.yaml
+++ b/nuclei-templates/2022/CVE-2022-3537-226373864d57cc20f7f59dea62a55c3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Role Based Pricing for WooCommerce <= 1.6.1 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Role Based Pricing for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation, and insufficient authorization in versions up to, and including, 1.6.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/role-based-pricing-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/role-based-pricing-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-3537'
-  tags: cve,wordpress,wp-plugin,role-based-pricing-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,role-based-pricing-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3538-200b5675cd7f93f9a3a59f8b16a025dd.yaml b/nuclei-templates/2022/CVE-2022-3538-200b5675cd7f93f9a3a59f8b16a025dd.yaml
index 20b65d7d1a..f275bd1601 100644
--- a/nuclei-templates/2022/CVE-2022-3538-200b5675cd7f93f9a3a59f8b16a025dd.yaml
+++ b/nuclei-templates/2022/CVE-2022-3538-200b5675cd7f93f9a3a59f8b16a025dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Webmaster Tools Verification <= 1.2 - Missing Authorization to Arbitrary Plugin Deactivation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Webmaster Tools Verification plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmtv_uninstall function in versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to disable arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webmaster-tools-verification/"
     google-query: inurl:"/wp-content/plugins/webmaster-tools-verification/"
     shodan-query: 'vuln:CVE-2022-3538'
-  tags: cve,wordpress,wp-plugin,webmaster-tools-verification,medium
+  tags: cve,wordpress,wp-plugin,webmaster-tools-verification,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3539-16fe73a759651a7d3bcefdb3b3d57eae.yaml b/nuclei-templates/2022/CVE-2022-3539-16fe73a759651a7d3bcefdb3b3d57eae.yaml
index bf6190a285..babca5a293 100644
--- a/nuclei-templates/2022/CVE-2022-3539-16fe73a759651a7d3bcefdb3b3d57eae.yaml
+++ b/nuclei-templates/2022/CVE-2022-3539-16fe73a759651a7d3bcefdb3b3d57eae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonials (Free <= 2.6, Pro < 1.0.7) - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameter in versions up to, and including, 2.6 (Free) and 1.0.7 (Pro) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.5
     cve-id: CVE-2022-3539
   metadata:
-    fofa-query: "wp-content/plugins/super-testimonial/"
-    google-query: inurl:"/wp-content/plugins/super-testimonial/"
+    fofa-query: "wp-content/plugins/super-testimonial-pro/"
+    google-query: inurl:"/wp-content/plugins/super-testimonial-pro/"
     shodan-query: 'vuln:CVE-2022-3539'
-  tags: cve,wordpress,wp-plugin,super-testimonial,medium
+  tags: cve,wordpress,wp-plugin,super-testimonial-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/super-testimonial/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/super-testimonial-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "super-testimonial"
+          - "super-testimonial-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.6')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.7')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-3558-7ae4217671bcb5c8f6efe46ca1b8db85.yaml b/nuclei-templates/2022/CVE-2022-3558-7ae4217671bcb5c8f6efe46ca1b8db85.yaml
index e2a0f3a627..d1e41b0bdc 100644
--- a/nuclei-templates/2022/CVE-2022-3558-7ae4217671bcb5c8f6efe46ca1b8db85.yaml
+++ b/nuclei-templates/2022/CVE-2022-3558-7ae4217671bcb5c8f6efe46ca1b8db85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import and export users and customers <= 1.20.4 - Authenticated (Subscriber+) CSV Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Import and export users and customers plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.20.4. This allows subscriber-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2022-3558'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3568-ca0bad06790922b16f5da17ee6db4bb8.yaml b/nuclei-templates/2022/CVE-2022-3568-ca0bad06790922b16f5da17ee6db4bb8.yaml
index ce2bbdd51f..185d969f2f 100644
--- a/nuclei-templates/2022/CVE-2022-3568-ca0bad06790922b16f5da17ee6db4bb8.yaml
+++ b/nuclei-templates/2022/CVE-2022-3568-ca0bad06790922b16f5da17ee6db4bb8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagemagick-engine/"
     google-query: inurl:"/wp-content/plugins/imagemagick-engine/"
     shodan-query: 'vuln:CVE-2022-3568'
-  tags: cve,wordpress,wp-plugin,imagemagick-engine,high
+  tags: cve,wordpress,wp-plugin,imagemagick-engine,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-35725-f00922a5d35b3c6ca276e64048795ab0.yaml b/nuclei-templates/2022/CVE-2022-35725-f00922a5d35b3c6ca276e64048795ab0.yaml
index 22d0446888..5488083ff0 100644
--- a/nuclei-templates/2022/CVE-2022-35725-f00922a5d35b3c6ca276e64048795ab0.yaml
+++ b/nuclei-templates/2022/CVE-2022-35725-f00922a5d35b3c6ca276e64048795ab0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wp-forecast <= 7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wp-forecast plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-forecast/"
     google-query: inurl:"/wp-content/plugins/wp-forecast/"
     shodan-query: 'vuln:CVE-2022-35725'
-  tags: cve,wordpress,wp-plugin,wp-forecast,medium
+  tags: cve,wordpress,wp-plugin,wp-forecast,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-35726-371f210cfb55319010fd16b3a7c4efca.yaml b/nuclei-templates/2022/CVE-2022-35726-371f210cfb55319010fd16b3a7c4efca.yaml
index cfff5316d7..1e12b7b1ec 100644
--- a/nuclei-templates/2022/CVE-2022-35726-371f210cfb55319010fd16b3a7c4efca.yaml
+++ b/nuclei-templates/2022/CVE-2022-35726-371f210cfb55319010fd16b3a7c4efca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Video Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deletecache function in versions up to, and including, 1.3.8. This makes it possible for unauthenticated attackers to clear the plugin's cache. The plugin added an "is_admin" check in version 1.3.5 but this would not be sufficient access control to prevent even unauthenticated attackers from exploiting the vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yotuwp-easy-youtube-embed/"
     google-query: inurl:"/wp-content/plugins/yotuwp-easy-youtube-embed/"
     shodan-query: 'vuln:CVE-2022-35726'
-  tags: cve,wordpress,wp-plugin,yotuwp-easy-youtube-embed,medium
+  tags: cve,wordpress,wp-plugin,yotuwp-easy-youtube-embed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-35730-40341532c7f84f3b54f6d735c45b3460.yaml b/nuclei-templates/2022/CVE-2022-35730-40341532c7f84f3b54f6d735c45b3460.yaml
index d12b867f43..ee0bcf58b5 100644
--- a/nuclei-templates/2022/CVE-2022-35730-40341532c7f84f3b54f6d735c45b3460.yaml
+++ b/nuclei-templates/2022/CVE-2022-35730-40341532c7f84f3b54f6d735c45b3460.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Oceanwp sticky header <= 1.0.8 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Oceanwp sticky header plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the settings_page function. This makes it possible for unauthenticated attackers to change the plugin's style settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sticky-header-oceanwp/"
     google-query: inurl:"/wp-content/plugins/sticky-header-oceanwp/"
     shodan-query: 'vuln:CVE-2022-35730'
-  tags: cve,wordpress,wp-plugin,sticky-header-oceanwp,high
+  tags: cve,wordpress,wp-plugin,sticky-header-oceanwp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-35882-95b4227a0d3d41c249f2bf8ed2c425e5.yaml b/nuclei-templates/2022/CVE-2022-35882-95b4227a0d3d41c249f2bf8ed2c425e5.yaml
index f17aed81df..edfd8239c7 100644
--- a/nuclei-templates/2022/CVE-2022-35882-95b4227a0d3d41c249f2bf8ed2c425e5.yaml
+++ b/nuclei-templates/2022/CVE-2022-35882-95b4227a0d3d41c249f2bf8ed2c425e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Testimonial Slider <= 1.9.6 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GS Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as 'gs_t_client_company' and 'gs_t_client_design' in versions up to, and including, 1.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-testimonial/"
     google-query: inurl:"/wp-content/plugins/gs-testimonial/"
     shodan-query: 'vuln:CVE-2022-35882'
-  tags: cve,wordpress,wp-plugin,gs-testimonial,medium
+  tags: cve,wordpress,wp-plugin,gs-testimonial,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3601-af386a5b7a4c4897059c13e07ba6a1c2.yaml b/nuclei-templates/2022/CVE-2022-3601-af386a5b7a4c4897059c13e07ba6a1c2.yaml
index e385b13fbc..d59d0a4a80 100644
--- a/nuclei-templates/2022/CVE-2022-3601-af386a5b7a4c4897059c13e07ba6a1c2.yaml
+++ b/nuclei-templates/2022/CVE-2022-3601-af386a5b7a4c4897059c13e07ba6a1c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects Css3 <= 4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Hover Effects Css3 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-css3/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-css3/"
     shodan-query: 'vuln:CVE-2022-3601'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-css3,medium
+  tags: cve,wordpress,wp-plugin,image-hover-effects-css3,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3609-e01c69283b147d24245068f3ebce49d9.yaml b/nuclei-templates/2022/CVE-2022-3609-e01c69283b147d24245068f3ebce49d9.yaml
index 6d9af67f98..84abfbc499 100644
--- a/nuclei-templates/2022/CVE-2022-3609-e01c69283b147d24245068f3ebce49d9.yaml
+++ b/nuclei-templates/2022/CVE-2022-3609-e01c69283b147d24245068f3ebce49d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GetYourGuide Ticketing <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GetYourGuide Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘partner_hash’ parameter in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/getyourguide-ticketing/"
     google-query: inurl:"/wp-content/plugins/getyourguide-ticketing/"
     shodan-query: 'vuln:CVE-2022-3609'
-  tags: cve,wordpress,wp-plugin,getyourguide-ticketing,medium
+  tags: cve,wordpress,wp-plugin,getyourguide-ticketing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3610-c5989c384ff1fa34fed277024ca7c660.yaml b/nuclei-templates/2022/CVE-2022-3610-c5989c384ff1fa34fed277024ca7c660.yaml
index d02bb5b87f..7478c02ced 100644
--- a/nuclei-templates/2022/CVE-2022-3610-c5989c384ff1fa34fed277024ca7c660.yaml
+++ b/nuclei-templates/2022/CVE-2022-3610-c5989c384ff1fa34fed277024ca7c660.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jeeng Push Notifications <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jeeng Push Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'client_id' parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jeeng-push-notifications/"
     google-query: inurl:"/wp-content/plugins/jeeng-push-notifications/"
     shodan-query: 'vuln:CVE-2022-3610'
-  tags: cve,wordpress,wp-plugin,jeeng-push-notifications,medium
+  tags: cve,wordpress,wp-plugin,jeeng-push-notifications,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3618-d06ebbe7f6b16be606d476a52581f74c.yaml b/nuclei-templates/2022/CVE-2022-3618-d06ebbe7f6b16be606d476a52581f74c.yaml
index 6cb01c1a1b..2a5b936f36 100644
--- a/nuclei-templates/2022/CVE-2022-3618-d06ebbe7f6b16be606d476a52581f74c.yaml
+++ b/nuclei-templates/2022/CVE-2022-3618-d06ebbe7f6b16be606d476a52581f74c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spacer <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Spacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spacer/"
     google-query: inurl:"/wp-content/plugins/spacer/"
     shodan-query: 'vuln:CVE-2022-3618'
-  tags: cve,wordpress,wp-plugin,spacer,medium
+  tags: cve,wordpress,wp-plugin,spacer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3622-21019b02ab939e1588f34c6a653e9f06.yaml b/nuclei-templates/2022/CVE-2022-3622-21019b02ab939e1588f34c6a653e9f06.yaml
index 6223712287..ae68f46233 100644
--- a/nuclei-templates/2022/CVE-2022-3622-21019b02ab939e1588f34c6a653e9f06.yaml
+++ b/nuclei-templates/2022/CVE-2022-3622-21019b02ab939e1588f34c6a653e9f06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blog2Social  plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog2social/"
     google-query: inurl:"/wp-content/plugins/blog2social/"
     shodan-query: 'vuln:CVE-2022-3622'
-  tags: cve,wordpress,wp-plugin,blog2social,medium
+  tags: cve,wordpress,wp-plugin,blog2social,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36282-3a32aa7a18d47ef0f7438986ced63310.yaml b/nuclei-templates/2022/CVE-2022-36282-3a32aa7a18d47ef0f7438986ced63310.yaml
index 0377a85c10..638ed5fc07 100644
--- a/nuclei-templates/2022/CVE-2022-36282-3a32aa7a18d47ef0f7438986ced63310.yaml
+++ b/nuclei-templates/2022/CVE-2022-36282-3a32aa7a18d47ef0f7438986ced63310.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Search Exclude <= 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Search Exclude plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘the_title’ parameter in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/search-exclude/"
     google-query: inurl:"/wp-content/plugins/search-exclude/"
     shodan-query: 'vuln:CVE-2022-36282'
-  tags: cve,wordpress,wp-plugin,search-exclude,medium
+  tags: cve,wordpress,wp-plugin,search-exclude,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36284-6dc63a693616ad13933a53bb0a4503d9.yaml b/nuclei-templates/2022/CVE-2022-36284-6dc63a693616ad13933a53bb0a4503d9.yaml
index ef636cc294..3a23a0b3ab 100644
--- a/nuclei-templates/2022/CVE-2022-36284-6dc63a693616ad13933a53bb0a4503d9.yaml
+++ b/nuclei-templates/2022/CVE-2022-36284-6dc63a693616ad13933a53bb0a4503d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Affiliate For WooCommerce premium <= 4.7.0 - Authenticated Insecure Direct Object Reference
   author: topscoder
-  severity: high
+  severity: low
   description: >
     This plugin Affiliate For WooCommerce premium for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.7.0. This makes it possible for attackers to change the PayPal email address that receives payments.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliate-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/affiliate-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-36284'
-  tags: cve,wordpress,wp-plugin,affiliate-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,affiliate-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36285-31f526f5fc6023df268597ecb0e81e2e.yaml b/nuclei-templates/2022/CVE-2022-36285-31f526f5fc6023df268597ecb0e81e2e.yaml
index 2e30e1d4c0..7a9ab5533b 100644
--- a/nuclei-templates/2022/CVE-2022-36285-31f526f5fc6023df268597ecb0e81e2e.yaml
+++ b/nuclei-templates/2022/CVE-2022-36285-31f526f5fc6023df268597ecb0e81e2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uploading SVG, WEBP and ICO files <= 1.0.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Uploading SVG, WEBP and ICO files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in an unknown function in versions up to, and including, 1.0.1. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uploading-svgwebp-and-ico-files/"
     google-query: inurl:"/wp-content/plugins/uploading-svgwebp-and-ico-files/"
     shodan-query: 'vuln:CVE-2022-36285'
-  tags: cve,wordpress,wp-plugin,uploading-svgwebp-and-ico-files,high
+  tags: cve,wordpress,wp-plugin,uploading-svgwebp-and-ico-files,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36288-dc8ff7d3332154eb2062f549788da3cc.yaml b/nuclei-templates/2022/CVE-2022-36288-dc8ff7d3332154eb2062f549788da3cc.yaml
index 15e39e9daa..16b7a67635 100644
--- a/nuclei-templates/2022/CVE-2022-36288-dc8ff7d3332154eb2062f549788da3cc.yaml
+++ b/nuclei-templates/2022/CVE-2022-36288-dc8ff7d3332154eb2062f549788da3cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.48 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.48. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to delete stats and clear the plugin's cache via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2022-36288'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36292-acd433b1de86848d8124ba9bb8ed6ee0.yaml b/nuclei-templates/2022/CVE-2022-36292-acd433b1de86848d8124ba9bb8ed6ee0.yaml
index 1b9189c260..a3c75abb8a 100644
--- a/nuclei-templates/2022/CVE-2022-36292-acd433b1de86848d8124ba9bb8ed6ee0.yaml
+++ b/nuclei-templates/2022/CVE-2022-36292-acd433b1de86848d8124ba9bb8ed6ee0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery PhotoBlocks <= 1.2.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Gallery PhotoBlocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing nonce validation on the init() function. This makes it possible for unauthenticated attackers to delete or copy photo galleries via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photoblocks-grid-gallery/"
     google-query: inurl:"/wp-content/plugins/photoblocks-grid-gallery/"
     shodan-query: 'vuln:CVE-2022-36292'
-  tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,high
+  tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36296-adf2d29be020721f57ebc8e5c323f1bc.yaml b/nuclei-templates/2022/CVE-2022-36296-adf2d29be020721f57ebc8e5c323f1bc.yaml
index 162ced80ba..96913e994b 100644
--- a/nuclei-templates/2022/CVE-2022-36296-adf2d29be020721f57ebc8e5c323f1bc.yaml
+++ b/nuclei-templates/2022/CVE-2022-36296-adf2d29be020721f57ebc8e5c323f1bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ActiveDEMAND <= 0.2.27 - Missing Authorization Checks
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The ActiveDEMAND plugin for WordPress is vulnerable to unauthenticated post updates and deletion due to missing authorization checks in the api_save_post and api_delete_post functions called via REST APIs in versions up to, and including 0.2.27. This makes it possible for unauthenticated attackers to modify posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activedemand/"
     google-query: inurl:"/wp-content/plugins/activedemand/"
     shodan-query: 'vuln:CVE-2022-36296'
-  tags: cve,wordpress,wp-plugin,activedemand,critical
+  tags: cve,wordpress,wp-plugin,activedemand,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3631-c6fe3e98ca720b92fad33bdf271aacdd.yaml b/nuclei-templates/2022/CVE-2022-3631-c6fe3e98ca720b92fad33bdf271aacdd.yaml
index bf8aa05203..361ccf21b7 100644
--- a/nuclei-templates/2022/CVE-2022-3631-c6fe3e98ca720b92fad33bdf271aacdd.yaml
+++ b/nuclei-templates/2022/CVE-2022-3631-c6fe3e98ca720b92fad33bdf271aacdd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OAuth Client by DigitialPixies <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OAuth Client by DigitialPixies plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dpt-oauth-client/"
     google-query: inurl:"/wp-content/plugins/dpt-oauth-client/"
     shodan-query: 'vuln:CVE-2022-3631'
-  tags: cve,wordpress,wp-plugin,dpt-oauth-client,medium
+  tags: cve,wordpress,wp-plugin,dpt-oauth-client,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3632-809d63af1f69964de8a6d451fb63eac3.yaml b/nuclei-templates/2022/CVE-2022-3632-809d63af1f69964de8a6d451fb63eac3.yaml
index 021fe86c8a..1a4f220db9 100644
--- a/nuclei-templates/2022/CVE-2022-3632-809d63af1f69964de8a6d451fb63eac3.yaml
+++ b/nuclei-templates/2022/CVE-2022-3632-809d63af1f69964de8a6d451fb63eac3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OAuth Client by DigitialPixies <= 1.1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The OAuth Client by DigitialPixies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the AJAX() function. This makes it possible for unauthenticated attackers to invoke this function which can delete a users OAuth code, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dpt-oauth-client/"
     google-query: inurl:"/wp-content/plugins/dpt-oauth-client/"
     shodan-query: 'vuln:CVE-2022-3632'
-  tags: cve,wordpress,wp-plugin,dpt-oauth-client,high
+  tags: cve,wordpress,wp-plugin,dpt-oauth-client,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36340-845e9efdcaa8e86ee95dfb613d1c9636.yaml b/nuclei-templates/2022/CVE-2022-36340-845e9efdcaa8e86ee95dfb613d1c9636.yaml
index 272617f44e..3ea0ee996d 100644
--- a/nuclei-templates/2022/CVE-2022-36340-845e9efdcaa8e86ee95dfb613d1c9636.yaml
+++ b/nuclei-templates/2022/CVE-2022-36340-845e9efdcaa8e86ee95dfb613d1c9636.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailOptin <= 1.2.49.0 - Missing Authorization to Cache Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MailOptin plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_optin_cache function in versions up to, and including, 1.2.49.0. This makes it possible for unauthenticated attackers to clear the plugin's cache. Additionally, the function was also missing a nonce check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailoptin/"
     google-query: inurl:"/wp-content/plugins/mailoptin/"
     shodan-query: 'vuln:CVE-2022-36340'
-  tags: cve,wordpress,wp-plugin,mailoptin,medium
+  tags: cve,wordpress,wp-plugin,mailoptin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36341-d1f3834e2f95aaed2e601e83a20e5d59.yaml b/nuclei-templates/2022/CVE-2022-36341-d1f3834e2f95aaed2e601e83a20e5d59.yaml
index 44e124eb0d..4101487577 100644
--- a/nuclei-templates/2022/CVE-2022-36341-d1f3834e2f95aaed2e601e83a20e5d59.yaml
+++ b/nuclei-templates/2022/CVE-2022-36341-d1f3834e2f95aaed2e601e83a20e5d59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AS – Create Pinterest Pinboard Pages <= 1.0 - Authenticated Options Change to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Create Pinterest Pinboard Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘as_edit_pins_page’ ajax action using the post_title parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/as-create-pinterest-pinboard-pages/"
     google-query: inurl:"/wp-content/plugins/as-create-pinterest-pinboard-pages/"
     shodan-query: 'vuln:CVE-2022-36341'
-  tags: cve,wordpress,wp-plugin,as-create-pinterest-pinboard-pages,medium
+  tags: cve,wordpress,wp-plugin,as-create-pinterest-pinboard-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36346-b87b09efd2ae58c86dc8e5fdf3e23221.yaml b/nuclei-templates/2022/CVE-2022-36346-b87b09efd2ae58c86dc8e5fdf3e23221.yaml
index d291000b75..b4d71aaddd 100644
--- a/nuclei-templates/2022/CVE-2022-36346-b87b09efd2ae58c86dc8e5fdf3e23221.yaml
+++ b/nuclei-templates/2022/CVE-2022-36346-b87b09efd2ae58c86dc8e5fdf3e23221.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Button Plugin MaxButtons <= 9.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 9.2. This is due to missing or incorrect nonce validation on the handlePost function. This makes it possible for unauthenticated attackers to change plugin settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maxbuttons/"
     google-query: inurl:"/wp-content/plugins/maxbuttons/"
     shodan-query: 'vuln:CVE-2022-36346'
-  tags: cve,wordpress,wp-plugin,maxbuttons,high
+  tags: cve,wordpress,wp-plugin,maxbuttons,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36347-56be40d6cceb101df1647cdc9530b1ac.yaml b/nuclei-templates/2022/CVE-2022-36347-56be40d6cceb101df1647cdc9530b1ac.yaml
index 06f30a819b..7ac4d74af1 100644
--- a/nuclei-templates/2022/CVE-2022-36347-56be40d6cceb101df1647cdc9530b1ac.yaml
+++ b/nuclei-templates/2022/CVE-2022-36347-56be40d6cceb101df1647cdc9530b1ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Alpine PhotoTile for Pinterest <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Alpine PhotoTile for Pinterest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with high privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alpine-photo-tile-for-pinterest/"
     google-query: inurl:"/wp-content/plugins/alpine-photo-tile-for-pinterest/"
     shodan-query: 'vuln:CVE-2022-36347'
-  tags: cve,wordpress,wp-plugin,alpine-photo-tile-for-pinterest,medium
+  tags: cve,wordpress,wp-plugin,alpine-photo-tile-for-pinterest,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36352-2f992f86ff54d554aa2e677bbff33be5.yaml b/nuclei-templates/2022/CVE-2022-36352-2f992f86ff54d554aa2e677bbff33be5.yaml
index 7f6d18ed42..2813d4660a 100644
--- a/nuclei-templates/2022/CVE-2022-36352-2f992f86ff54d554aa2e677bbff33be5.yaml
+++ b/nuclei-templates/2022/CVE-2022-36352-2f992f86ff54d554aa2e677bbff33be5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 5.0.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to obtain access to arbitrary messages with read and edit capabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2022-36352'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36355-c452417a821be37f2cab44c35d2fb224.yaml b/nuclei-templates/2022/CVE-2022-36355-c452417a821be37f2cab44c35d2fb224.yaml
index 90217be117..179748c165 100644
--- a/nuclei-templates/2022/CVE-2022-36355-c452417a821be37f2cab44c35d2fb224.yaml
+++ b/nuclei-templates/2022/CVE-2022-36355-c452417a821be37f2cab44c35d2fb224.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Org Chart <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Org Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-org-chart/"
     google-query: inurl:"/wp-content/plugins/easy-org-chart/"
     shodan-query: 'vuln:CVE-2022-36355'
-  tags: cve,wordpress,wp-plugin,easy-org-chart,medium
+  tags: cve,wordpress,wp-plugin,easy-org-chart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36356-b758c0c37fd1d990bf9268c1c848eb10.yaml b/nuclei-templates/2022/CVE-2022-36356-b758c0c37fd1d990bf9268c1c848eb10.yaml
index 45eac51fdc..7d622c26de 100644
--- a/nuclei-templates/2022/CVE-2022-36356-b758c0c37fd1d990bf9268c1c848eb10.yaml
+++ b/nuclei-templates/2022/CVE-2022-36356-b758c0c37fd1d990bf9268c1c848eb10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Culture Object <= 4.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Culture Object plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/culture-object/"
     google-query: inurl:"/wp-content/plugins/culture-object/"
     shodan-query: 'vuln:CVE-2022-36356'
-  tags: cve,wordpress,wp-plugin,culture-object,medium
+  tags: cve,wordpress,wp-plugin,culture-object,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36358-d05a6b8d7f246d51e5c6639ab5b124d6.yaml b/nuclei-templates/2022/CVE-2022-36358-d05a6b8d7f246d51e5c6639ab5b124d6.yaml
index 703365feb5..1fac3c5d23 100644
--- a/nuclei-templates/2022/CVE-2022-36358-d05a6b8d7f246d51e5c6639ab5b124d6.yaml
+++ b/nuclei-templates/2022/CVE-2022-36358-d05a6b8d7f246d51e5c6639ab5b124d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Scout <= 0.9.83 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SEO Scout plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.9.83 . This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to update plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ab-rankings-testing-tool/"
     google-query: inurl:"/wp-content/plugins/ab-rankings-testing-tool/"
     shodan-query: 'vuln:CVE-2022-36358'
-  tags: cve,wordpress,wp-plugin,ab-rankings-testing-tool,high
+  tags: cve,wordpress,wp-plugin,ab-rankings-testing-tool,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36365-c67d4649ea18743c5c7a2e3701c4b78b.yaml b/nuclei-templates/2022/CVE-2022-36365-c67d4649ea18743c5c7a2e3701c4b78b.yaml
index a228ee60eb..09503eb1d2 100644
--- a/nuclei-templates/2022/CVE-2022-36365-c67d4649ea18743c5c7a2e3701c4b78b.yaml
+++ b/nuclei-templates/2022/CVE-2022-36365-c67d4649ea18743c5c7a2e3701c4b78b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WHA Crossword plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wha-crossword/"
     google-query: inurl:"/wp-content/plugins/wha-crossword/"
     shodan-query: 'vuln:CVE-2022-36365'
-  tags: cve,wordpress,wp-plugin,wha-crossword,medium
+  tags: cve,wordpress,wp-plugin,wha-crossword,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36373-498c92520d857cb30ad7df8aa299fc2f.yaml b/nuclei-templates/2022/CVE-2022-36373-498c92520d857cb30ad7df8aa299fc2f.yaml
index 9c53b5b668..6298c3e785 100644
--- a/nuclei-templates/2022/CVE-2022-36373-498c92520d857cb30ad7df8aa299fc2f.yaml
+++ b/nuclei-templates/2022/CVE-2022-36373-498c92520d857cb30ad7df8aa299fc2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MP3 jPlayer <= 2.7.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MP3 jPlayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.3. This is due to missing or incorrect nonce validation on several of its functions. This makes it possible for unauthenticated attackers to execute them, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mp3-jplayer/"
     google-query: inurl:"/wp-content/plugins/mp3-jplayer/"
     shodan-query: 'vuln:CVE-2022-36373'
-  tags: cve,wordpress,wp-plugin,mp3-jplayer,high
+  tags: cve,wordpress,wp-plugin,mp3-jplayer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36375-02e92fc9d8edd2a31ef37844cc4fdd57.yaml b/nuclei-templates/2022/CVE-2022-36375-02e92fc9d8edd2a31ef37844cc4fdd57.yaml
index 9b1110cc7d..5e7c2589a6 100644
--- a/nuclei-templates/2022/CVE-2022-36375-02e92fc9d8edd2a31ef37844cc4fdd57.yaml
+++ b/nuclei-templates/2022/CVE-2022-36375-02e92fc9d8edd2a31ef37844cc4fdd57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tabs – Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Tabs – Responsive Tabs with WooCommerce Product Tab Extension plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.6.8. This is due to a lack of validation on the settings supplied to the post_oxi_settings() function. This makes it possible for authenticated attackers, with administrative level permissions, to update arbitrary options on the WordPress site. This would only affect sites where the administrator has been restricted to not 'manage_options' or the administrator has allowed users with lower permissions to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vc-tabs/"
     google-query: inurl:"/wp-content/plugins/vc-tabs/"
     shodan-query: 'vuln:CVE-2022-36375'
-  tags: cve,wordpress,wp-plugin,vc-tabs,high
+  tags: cve,wordpress,wp-plugin,vc-tabs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36378-f7eaf9b938a6df4b39be6616b2432caf.yaml b/nuclei-templates/2022/CVE-2022-36378-f7eaf9b938a6df4b39be6616b2432caf.yaml
index fe6870ebb8..d3363e4044 100644
--- a/nuclei-templates/2022/CVE-2022-36378-f7eaf9b938a6df4b39be6616b2432caf.yaml
+++ b/nuclei-templates/2022/CVE-2022-36378-f7eaf9b938a6df4b39be6616b2432caf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Floating Div <= 3.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/floating-div/"
     google-query: inurl:"/wp-content/plugins/floating-div/"
     shodan-query: 'vuln:CVE-2022-36378'
-  tags: cve,wordpress,wp-plugin,floating-div,medium
+  tags: cve,wordpress,wp-plugin,floating-div,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36379-10647c17dbf9c37ea854931ce84957f9.yaml b/nuclei-templates/2022/CVE-2022-36379-10647c17dbf9c37ea854931ce84957f9.yaml
index 1232665b78..a1a81b7b56 100644
--- a/nuclei-templates/2022/CVE-2022-36379-10647c17dbf9c37ea854931ce84957f9.yaml
+++ b/nuclei-templates/2022/CVE-2022-36379-10647c17dbf9c37ea854931ce84957f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ЮKassa для WooCommerce <= 2.3.0 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The ЮKassa для WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.0. This is due to missing nonce validation on the save_settings() function found in the ~/admin/YooKassaAdmin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yookassa/"
     google-query: inurl:"/wp-content/plugins/yookassa/"
     shodan-query: 'vuln:CVE-2022-36379'
-  tags: cve,wordpress,wp-plugin,yookassa,high
+  tags: cve,wordpress,wp-plugin,yookassa,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36383-9c32419221ff25df45de1a2bef4b454c.yaml b/nuclei-templates/2022/CVE-2022-36383-9c32419221ff25df45de1a2bef4b454c.yaml
index 0f18f7e296..6dbfdcbd27 100644
--- a/nuclei-templates/2022/CVE-2022-36383-9c32419221ff25df45de1a2bef4b454c.yaml
+++ b/nuclei-templates/2022/CVE-2022-36383-9c32419221ff25df45de1a2bef4b454c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Word Search Puzzles game <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Word Search Puzzles game plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wha-wordsearch/"
     google-query: inurl:"/wp-content/plugins/wha-wordsearch/"
     shodan-query: 'vuln:CVE-2022-36383'
-  tags: cve,wordpress,wp-plugin,wha-wordsearch,medium
+  tags: cve,wordpress,wp-plugin,wha-wordsearch,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36386-aed64fd523c0d1b492fdf86a110cd8b5.yaml b/nuclei-templates/2022/CVE-2022-36386-aed64fd523c0d1b492fdf86a110cd8b5.yaml
index c510eda00f..589bce04a8 100644
--- a/nuclei-templates/2022/CVE-2022-36386-aed64fd523c0d1b492fdf86a110cd8b5.yaml
+++ b/nuclei-templates/2022/CVE-2022-36386-aed64fd523c0d1b492fdf86a110cd8b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP All Import <= 3.6.7 - Authenticated (Administrator+) Arbitrary Code Execution
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WP All Import plugin for WordPress is vulnerable to arbitrary code execution in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator-level permissions and above, to execute arbitrary code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2022-36386'
-  tags: cve,wordpress,wp-plugin,wp-all-import,critical
+  tags: cve,wordpress,wp-plugin,wp-all-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36388-099d72d33b89027185d04eec96bd1d04.yaml b/nuclei-templates/2022/CVE-2022-36388-099d72d33b89027185d04eec96bd1d04.yaml
index d6eb7cc118..39a8157ca7 100644
--- a/nuclei-templates/2022/CVE-2022-36388-099d72d33b89027185d04eec96bd1d04.yaml
+++ b/nuclei-templates/2022/CVE-2022-36388-099d72d33b89027185d04eec96bd1d04.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YDS Support Ticket System <= 1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The YDS Support Ticket System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on various functions. This makes it possible for unauthenticated attackers to create user tickets, and perform other actions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/yds-support-ticket-system/"
     google-query: inurl:"/wp-content/plugins/yds-support-ticket-system/"
     shodan-query: 'vuln:CVE-2022-36388'
-  tags: cve,wordpress,wp-plugin,yds-support-ticket-system,high
+  tags: cve,wordpress,wp-plugin,yds-support-ticket-system,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36389-83e4f665f1af2e601634717e68062856.yaml b/nuclei-templates/2022/CVE-2022-36389-83e4f665f1af2e601634717e68062856.yaml
index ccc28008f5..5164413bac 100644
--- a/nuclei-templates/2022/CVE-2022-36389-83e4f665f1af2e601634717e68062856.yaml
+++ b/nuclei-templates/2022/CVE-2022-36389-83e4f665f1af2e601634717e68062856.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Messages <= 1.9.9.148 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Better Messages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.9.148. This is due to missing or incorrect nonce validation on the bp_messages_favorite action. This makes it possible for unauthenticated attackers to trigger this action granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-better-messages/"
     google-query: inurl:"/wp-content/plugins/bp-better-messages/"
     shodan-query: 'vuln:CVE-2022-36389'
-  tags: cve,wordpress,wp-plugin,bp-better-messages,high
+  tags: cve,wordpress,wp-plugin,bp-better-messages,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36394-f99fe05b2429bd9e4943506324d48d85.yaml b/nuclei-templates/2022/CVE-2022-36394-f99fe05b2429bd9e4943506324d48d85.yaml
index ef87e1fd72..a61dcdc8d1 100644
--- a/nuclei-templates/2022/CVE-2022-36394-f99fe05b2429bd9e4943506324d48d85.yaml
+++ b/nuclei-templates/2022/CVE-2022-36394-f99fe05b2429bd9e4943506324d48d85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 17.0.4 - Authenticated (Author+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 17.0.4  due to insufficient escaping on the user supplied $id parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:CVE-2022-36394'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36401-6cf5df1f5906c35e420af33d77451aff.yaml b/nuclei-templates/2022/CVE-2022-36401-6cf5df1f5906c35e420af33d77451aff.yaml
index ac3dbc424b..f3e67246e1 100644
--- a/nuclei-templates/2022/CVE-2022-36401-6cf5df1f5906c35e420af33d77451aff.yaml
+++ b/nuclei-templates/2022/CVE-2022-36401-6cf5df1f5906c35e420af33d77451aff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via lock_unlock_terawallet
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The TeraWallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.24. This is due to missing nonce validation on the lock_unlock_terawallet function. This makes it possible for unauthenticated attackers to lock and unlock wallets, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-wallet/"
     google-query: inurl:"/wp-content/plugins/woo-wallet/"
     shodan-query: 'vuln:CVE-2022-36401'
-  tags: cve,wordpress,wp-plugin,woo-wallet,high
+  tags: cve,wordpress,wp-plugin,woo-wallet,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36404-7a3d9d99e440e4df9bd78305e509f883.yaml b/nuclei-templates/2022/CVE-2022-36404-7a3d9d99e440e4df9bd78305e509f883.yaml
index 9e61f70d95..4890bfa3fb 100644
--- a/nuclei-templates/2022/CVE-2022-36404-7a3d9d99e440e4df9bd78305e509f883.yaml
+++ b/nuclei-templates/2022/CVE-2022-36404-7a3d9d99e440e4df9bd78305e509f883.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple SEO <= 1.8.12 - Cross-Site Request Forgery to Sitemap Deletion/Creation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.12. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to create or delete sitemaps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2022-44627 is a duplicate.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cds-simple-seo/"
     google-query: inurl:"/wp-content/plugins/cds-simple-seo/"
     shodan-query: 'vuln:CVE-2022-36404'
-  tags: cve,wordpress,wp-plugin,cds-simple-seo,high
+  tags: cve,wordpress,wp-plugin,cds-simple-seo,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36405-f4919b10c6f7c2a14e1c7d5b8a3f99cb.yaml b/nuclei-templates/2022/CVE-2022-36405-f4919b10c6f7c2a14e1c7d5b8a3f99cb.yaml
index 303c544f32..6f1acf1b96 100644
--- a/nuclei-templates/2022/CVE-2022-36405-f4919b10c6f7c2a14e1c7d5b8a3f99cb.yaml
+++ b/nuclei-templates/2022/CVE-2022-36405-f4919b10c6f7c2a14e1c7d5b8a3f99cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     amCharts: Charts and Maps <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The amCharts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_id’ shortcode attribute in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amcharts-charts-and-maps/"
     google-query: inurl:"/wp-content/plugins/amcharts-charts-and-maps/"
     shodan-query: 'vuln:CVE-2022-36405'
-  tags: cve,wordpress,wp-plugin,amcharts-charts-and-maps,medium
+  tags: cve,wordpress,wp-plugin,amcharts-charts-and-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36417-27fde2e6c4a806f7a102ac0a7cda9a14.yaml b/nuclei-templates/2022/CVE-2022-36417-27fde2e6c4a806f7a102ac0a7cda9a14.yaml
index 53651f1841..1eef745439 100644
--- a/nuclei-templates/2022/CVE-2022-36417-27fde2e6c4a806f7a102ac0a7cda9a14.yaml
+++ b/nuclei-templates/2022/CVE-2022-36417-27fde2e6c4a806f7a102ac0a7cda9a14.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3D Tag Cloud <= 3.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The 3D Tag Cloud plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8. This is due to missing or incorrect nonce validation when submitting plugin settings changes. This makes it possible for unauthenticated attackers to manipulate plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. NOTE: CVE-2022-41990 appears to be a duplicate of this record.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cardoza-3d-tag-cloud/"
     google-query: inurl:"/wp-content/plugins/cardoza-3d-tag-cloud/"
     shodan-query: 'vuln:CVE-2022-36417'
-  tags: cve,wordpress,wp-plugin,cardoza-3d-tag-cloud,high
+  tags: cve,wordpress,wp-plugin,cardoza-3d-tag-cloud,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36418-6293b091bc766206bb45c5e76ab63e4c.yaml b/nuclei-templates/2022/CVE-2022-36418-6293b091bc766206bb45c5e76ab63e4c.yaml
index 42df9e8d37..dc74b7e62c 100644
--- a/nuclei-templates/2022/CVE-2022-36418-6293b091bc766206bb45c5e76ab63e4c.yaml
+++ b/nuclei-templates/2022/CVE-2022-36418-6293b091bc766206bb45c5e76ab63e4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HREFLANG Tags Lite <= 2.0.0 - Missing Authorization to Data Reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The HREFLANG Tags Lite plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the hreflang_delete_all_data function called via a nopriv AJAX action in versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to reset the plugin's data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hreflang-tags-by-dcgws/"
     google-query: inurl:"/wp-content/plugins/hreflang-tags-by-dcgws/"
     shodan-query: 'vuln:CVE-2022-36418'
-  tags: cve,wordpress,wp-plugin,hreflang-tags-by-dcgws,medium
+  tags: cve,wordpress,wp-plugin,hreflang-tags-by-dcgws,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36425-03b179e5beb399c252262dca2e1c2a47.yaml b/nuclei-templates/2022/CVE-2022-36425-03b179e5beb399c252262dca2e1c2a47.yaml
index 31364c65d5..42c8ed36df 100644
--- a/nuclei-templates/2022/CVE-2022-36425-03b179e5beb399c252262dca2e1c2a47.yaml
+++ b/nuclei-templates/2022/CVE-2022-36425-03b179e5beb399c252262dca2e1c2a47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder <= 2.5.4.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Beaver Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_settings function in versions up to, and including, 2.5.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to disable the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2022-36425'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36428-f5bd530013958004252bd14d740d1932.yaml b/nuclei-templates/2022/CVE-2022-36428-f5bd530013958004252bd14d740d1932.yaml
index 65d067af36..ad25e34112 100644
--- a/nuclei-templates/2022/CVE-2022-36428-f5bd530013958004252bd14d740d1932.yaml
+++ b/nuclei-templates/2022/CVE-2022-36428-f5bd530013958004252bd14d740d1932.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rock Convert <= 2.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rock Convert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's settings such as the 'rock_convert_popup_title' parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rock-convert/"
     google-query: inurl:"/wp-content/plugins/rock-convert/"
     shodan-query: 'vuln:CVE-2022-36428'
-  tags: cve,wordpress,wp-plugin,rock-convert,medium
+  tags: cve,wordpress,wp-plugin,rock-convert,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3677-21d84dd234ad676a469c1b281a9da497.yaml b/nuclei-templates/2022/CVE-2022-3677-21d84dd234ad676a469c1b281a9da497.yaml
index b96f9edc85..98b77e809f 100644
--- a/nuclei-templates/2022/CVE-2022-3677-21d84dd234ad676a469c1b281a9da497.yaml
+++ b/nuclei-templates/2022/CVE-2022-3677-21d84dd234ad676a469c1b281a9da497.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Import <= 1.3.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Advanced Import plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.7. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to enable and disable arbitrary plugins, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-import/"
     google-query: inurl:"/wp-content/plugins/advanced-import/"
     shodan-query: 'vuln:CVE-2022-3677'
-  tags: cve,wordpress,wp-plugin,advanced-import,high
+  tags: cve,wordpress,wp-plugin,advanced-import,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3679-884840a442619cbc5a7daf95f85cb6cb.yaml b/nuclei-templates/2022/CVE-2022-3679-884840a442619cbc5a7daf95f85cb6cb.yaml
index f0adbe18fd..b2de3763fa 100644
--- a/nuclei-templates/2022/CVE-2022-3679-884840a442619cbc5a7daf95f85cb6cb.yaml
+++ b/nuclei-templates/2022/CVE-2022-3679-884840a442619cbc5a7daf95f85cb6cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Starter Templates by Kadence WP <= 1.2.16 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Starter Templates by Kadence WP plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2.16 via the 'import_customizer_options' function. This allows authenticated users with administratior-level capabilities to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-starter-templates/"
     google-query: inurl:"/wp-content/plugins/kadence-starter-templates/"
     shodan-query: 'vuln:CVE-2022-3679'
-  tags: cve,wordpress,wp-plugin,kadence-starter-templates,medium
+  tags: cve,wordpress,wp-plugin,kadence-starter-templates,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36791-0b90da005dc4b695e711677701780a3d.yaml b/nuclei-templates/2022/CVE-2022-36791-0b90da005dc4b695e711677701780a3d.yaml
index b9c20103eb..70423ef421 100644
--- a/nuclei-templates/2022/CVE-2022-36791-0b90da005dc4b695e711677701780a3d.yaml
+++ b/nuclei-templates/2022/CVE-2022-36791-0b90da005dc4b695e711677701780a3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Torro Forms <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Torro Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/torro-forms/"
     google-query: inurl:"/wp-content/plugins/torro-forms/"
     shodan-query: 'vuln:CVE-2022-36791'
-  tags: cve,wordpress,wp-plugin,torro-forms,medium
+  tags: cve,wordpress,wp-plugin,torro-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-36798-57d7eb4c0bda23c172922977bec66f98.yaml b/nuclei-templates/2022/CVE-2022-36798-57d7eb4c0bda23c172922977bec66f98.yaml
index 63404475ca..e1603db6e8 100644
--- a/nuclei-templates/2022/CVE-2022-36798-57d7eb4c0bda23c172922977bec66f98.yaml
+++ b/nuclei-templates/2022/CVE-2022-36798-57d7eb4c0bda23c172922977bec66f98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mega Addons For WPBakery Page Builder <= 4.2.7 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Mega Addons For WPBakery Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.7. This is due to missing or incorrect nonce validation on the vc_saving_data function. This makes it possible for unauthenticated attackers to update plugin settings, via forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mega-addons-for-visual-composer/"
     google-query: inurl:"/wp-content/plugins/mega-addons-for-visual-composer/"
     shodan-query: 'vuln:CVE-2022-36798'
-  tags: cve,wordpress,wp-plugin,mega-addons-for-visual-composer,high
+  tags: cve,wordpress,wp-plugin,mega-addons-for-visual-composer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3688-c453f0ecd6a4881debc7f71c36086298.yaml b/nuclei-templates/2022/CVE-2022-3688-c453f0ecd6a4881debc7f71c36086298.yaml
index 6cb0697b28..082e5dcaf2 100644
--- a/nuclei-templates/2022/CVE-2022-3688-c453f0ecd6a4881debc7f71c36086298.yaml
+++ b/nuclei-templates/2022/CVE-2022-3688-c453f0ecd6a4881debc7f71c36086298.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPQA < 5.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WPQA plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, but not including, 5.9. This is due to missing or incorrect nonce validation on some of its functions. This makes it possible for unauthenticated attackers to invoke these functions leading users to follow or unfollow others, via forged request granted they can trick a site user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpqa/"
     google-query: inurl:"/wp-content/plugins/wpqa/"
     shodan-query: 'vuln:CVE-2022-3688'
-  tags: cve,wordpress,wp-plugin,wpqa,high
+  tags: cve,wordpress,wp-plugin,wpqa,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3689-8afa46038c928522e1a939b693fa3626.yaml b/nuclei-templates/2022/CVE-2022-3689-8afa46038c928522e1a939b693fa3626.yaml
index f63c1877c7..fe036a56d2 100644
--- a/nuclei-templates/2022/CVE-2022-3689-8afa46038c928522e1a939b693fa3626.yaml
+++ b/nuclei-templates/2022/CVE-2022-3689-8afa46038c928522e1a939b693fa3626.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML Forms <= 1.3.24 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The HTML Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3.24 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html-forms/"
     google-query: inurl:"/wp-content/plugins/html-forms/"
     shodan-query: 'vuln:CVE-2022-3689'
-  tags: cve,wordpress,wp-plugin,html-forms,high
+  tags: cve,wordpress,wp-plugin,html-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3690-535ebdfe2ca4cb1641e4a25814726229.yaml b/nuclei-templates/2022/CVE-2022-3690-535ebdfe2ca4cb1641e4a25814726229.yaml
index 1112f54693..6a88f6f70d 100644
--- a/nuclei-templates/2022/CVE-2022-3690-535ebdfe2ca4cb1641e4a25814726229.yaml
+++ b/nuclei-templates/2022/CVE-2022-3690-535ebdfe2ca4cb1641e4a25814726229.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Maker <= 1.16.10 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.16.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-maker/"
     google-query: inurl:"/wp-content/plugins/popup-maker/"
     shodan-query: 'vuln:CVE-2022-3690'
-  tags: cve,wordpress,wp-plugin,popup-maker,medium
+  tags: cve,wordpress,wp-plugin,popup-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3694-d016ddea2985e3c1ec3f3ed31d67329b.yaml b/nuclei-templates/2022/CVE-2022-3694-d016ddea2985e3c1ec3f3ed31d67329b.yaml
index faca7e620d..2279287d51 100644
--- a/nuclei-templates/2022/CVE-2022-3694-d016ddea2985e3c1ec3f3ed31d67329b.yaml
+++ b/nuclei-templates/2022/CVE-2022-3694-d016ddea2985e3c1ec3f3ed31d67329b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Syncee – Global Dropshipping <= 1.0.9 - Missing Authorization.
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Syncee – Global Dropshipping plugin for WordPress is vulnerable to to Missing Authorization to Sensitive Information Disclosure in versions up to, and including, 1.0.9. This is due to a missing capability check on the /wp-json/syncee/supplier/v1/getDataForFrontend REST-API endpoint. This makes it possible for unauthenticated attackers to perform a GET request to that information that discloses information like the site's syncee_access_token and data_to_syncee_installer values.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/syncee-global-dropshipping/"
     google-query: inurl:"/wp-content/plugins/syncee-global-dropshipping/"
     shodan-query: 'vuln:CVE-2022-3694'
-  tags: cve,wordpress,wp-plugin,syncee-global-dropshipping,medium
+  tags: cve,wordpress,wp-plugin,syncee-global-dropshipping,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3720-2ce3da9cb13ca01fe4975c718c0361d4.yaml b/nuclei-templates/2022/CVE-2022-3720-2ce3da9cb13ca01fe4975c718c0361d4.yaml
index 6f31d2eaf7..36215d1661 100644
--- a/nuclei-templates/2022/CVE-2022-3720-2ce3da9cb13ca01fe4975c718c0361d4.yaml
+++ b/nuclei-templates/2022/CVE-2022-3720-2ce3da9cb13ca01fe4975c718c0361d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Monster <= 1.2.0 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The  Event Monster plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-monster/"
     google-query: inurl:"/wp-content/plugins/event-monster/"
     shodan-query: 'vuln:CVE-2022-3720'
-  tags: cve,wordpress,wp-plugin,event-monster,high
+  tags: cve,wordpress,wp-plugin,event-monster,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37328-4dec1d95d84aa9956ba49479ab4962de.yaml b/nuclei-templates/2022/CVE-2022-37328-4dec1d95d84aa9956ba49479ab4962de.yaml
index 40f81e5535..aa4346ed01 100644
--- a/nuclei-templates/2022/CVE-2022-37328-4dec1d95d84aa9956ba49479ab4962de.yaml
+++ b/nuclei-templates/2022/CVE-2022-37328-4dec1d95d84aa9956ba49479ab4962de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     History Timeline <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The History Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/timeline-awesome/"
     google-query: inurl:"/wp-content/plugins/timeline-awesome/"
     shodan-query: 'vuln:CVE-2022-37328'
-  tags: cve,wordpress,wp-plugin,timeline-awesome,medium
+  tags: cve,wordpress,wp-plugin,timeline-awesome,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37330-363aa4459971c85215990cb3c8eb5496.yaml b/nuclei-templates/2022/CVE-2022-37330-363aa4459971c85215990cb3c8eb5496.yaml
index d5f593849b..4ea114f5ac 100644
--- a/nuclei-templates/2022/CVE-2022-37330-363aa4459971c85215990cb3c8eb5496.yaml
+++ b/nuclei-templates/2022/CVE-2022-37330-363aa4459971c85215990cb3c8eb5496.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WHA Crossword plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wha-crossword/"
     google-query: inurl:"/wp-content/plugins/wha-crossword/"
     shodan-query: 'vuln:CVE-2022-37330'
-  tags: cve,wordpress,wp-plugin,wha-crossword,medium
+  tags: cve,wordpress,wp-plugin,wha-crossword,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37335-6fde6e46382738cc90cbede415252e23.yaml b/nuclei-templates/2022/CVE-2022-37335-6fde6e46382738cc90cbede415252e23.yaml
index 3cf9af0c48..db40df3c1e 100644
--- a/nuclei-templates/2022/CVE-2022-37335-6fde6e46382738cc90cbede415252e23.yaml
+++ b/nuclei-templates/2022/CVE-2022-37335-6fde6e46382738cc90cbede415252e23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Word Search Puzzles game  <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Word Search Puzzles game plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wha-wordsearch/"
     google-query: inurl:"/wp-content/plugins/wha-wordsearch/"
     shodan-query: 'vuln:CVE-2022-37335'
-  tags: cve,wordpress,wp-plugin,wha-wordsearch,medium
+  tags: cve,wordpress,wp-plugin,wha-wordsearch,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37338-d5a23abb517a497649fa5fae9ebed1d6.yaml b/nuclei-templates/2022/CVE-2022-37338-d5a23abb517a497649fa5fae9ebed1d6.yaml
index 71c642c93f..e52cf27eea 100644
--- a/nuclei-templates/2022/CVE-2022-37338-d5a23abb517a497649fa5fae9ebed1d6.yaml
+++ b/nuclei-templates/2022/CVE-2022-37338-d5a23abb517a497649fa5fae9ebed1d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blossom Recipe Maker <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blossom Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blossom-recipe-maker/"
     google-query: inurl:"/wp-content/plugins/blossom-recipe-maker/"
     shodan-query: 'vuln:CVE-2022-37338'
-  tags: cve,wordpress,wp-plugin,blossom-recipe-maker,medium
+  tags: cve,wordpress,wp-plugin,blossom-recipe-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37339-a2ba0d175d26a5652fc4c3dde4656860.yaml b/nuclei-templates/2022/CVE-2022-37339-a2ba0d175d26a5652fc4c3dde4656860.yaml
index 5e045cbe8e..9dbeb56eb9 100644
--- a/nuclei-templates/2022/CVE-2022-37339-a2ba0d175d26a5652fc4c3dde4656860.yaml
+++ b/nuclei-templates/2022/CVE-2022-37339-a2ba0d175d26a5652fc4c3dde4656860.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meet My Team <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Meet My Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meet-my-team/"
     google-query: inurl:"/wp-content/plugins/meet-my-team/"
     shodan-query: 'vuln:CVE-2022-37339'
-  tags: cve,wordpress,wp-plugin,meet-my-team,medium
+  tags: cve,wordpress,wp-plugin,meet-my-team,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37342-d3a3435dfd803c8984d494bbdacab67a.yaml b/nuclei-templates/2022/CVE-2022-37342-d3a3435dfd803c8984d494bbdacab67a.yaml
index 96e36f0ada..62cc8716f4 100644
--- a/nuclei-templates/2022/CVE-2022-37342-d3a3435dfd803c8984d494bbdacab67a.yaml
+++ b/nuclei-templates/2022/CVE-2022-37342-d3a3435dfd803c8984d494bbdacab67a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Shortcodes Actions And Filters <= 2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add Shortcodes Actions And Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-actions-and-filters/"
     google-query: inurl:"/wp-content/plugins/add-actions-and-filters/"
     shodan-query: 'vuln:CVE-2022-37342'
-  tags: cve,wordpress,wp-plugin,add-actions-and-filters,medium
+  tags: cve,wordpress,wp-plugin,add-actions-and-filters,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3739-d89cd4d50e467aee5b89a046ed25a308.yaml b/nuclei-templates/2022/CVE-2022-3739-d89cd4d50e467aee5b89a046ed25a308.yaml
index 3d5fca33e7..ef4e11d03b 100644
--- a/nuclei-templates/2022/CVE-2022-3739-d89cd4d50e467aee5b89a046ed25a308.yaml
+++ b/nuclei-templates/2022/CVE-2022-3739-d89cd4d50e467aee5b89a046ed25a308.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Best Quiz <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Best Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-best-quiz/"
     google-query: inurl:"/wp-content/plugins/wp-best-quiz/"
     shodan-query: 'vuln:CVE-2022-3739'
-  tags: cve,wordpress,wp-plugin,wp-best-quiz,medium
+  tags: cve,wordpress,wp-plugin,wp-best-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37402-a3cdd5fc08475bf0155bcdf233d6ccac.yaml b/nuclei-templates/2022/CVE-2022-37402-a3cdd5fc08475bf0155bcdf233d6ccac.yaml
index c0ceece94b..64f76a32cf 100644
--- a/nuclei-templates/2022/CVE-2022-37402-a3cdd5fc08475bf0155bcdf233d6ccac.yaml
+++ b/nuclei-templates/2022/CVE-2022-37402-a3cdd5fc08475bf0155bcdf233d6ccac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AFS Analytics <= 4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AFS Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addfreestats/"
     google-query: inurl:"/wp-content/plugins/addfreestats/"
     shodan-query: 'vuln:CVE-2022-37402'
-  tags: cve,wordpress,wp-plugin,addfreestats,medium
+  tags: cve,wordpress,wp-plugin,addfreestats,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37403-473bd673aad6ebbb1666b1cd91242034.yaml b/nuclei-templates/2022/CVE-2022-37403-473bd673aad6ebbb1666b1cd91242034.yaml
index 39929cde34..01c70b354a 100644
--- a/nuclei-templates/2022/CVE-2022-37403-473bd673aad6ebbb1666b1cd91242034.yaml
+++ b/nuclei-templates/2022/CVE-2022-37403-473bd673aad6ebbb1666b1cd91242034.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add User Role <= 0.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add User Role plugin for WordPress is vulnerable to Stored Cross-Site Scripting via in versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-user-role/"
     google-query: inurl:"/wp-content/plugins/add-user-role/"
     shodan-query: 'vuln:CVE-2022-37403'
-  tags: cve,wordpress,wp-plugin,add-user-role,medium
+  tags: cve,wordpress,wp-plugin,add-user-role,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37404-d039001c0af8cb5076be473a89522a72.yaml b/nuclei-templates/2022/CVE-2022-37404-d039001c0af8cb5076be473a89522a72.yaml
index ca7f8e6a9e..45cbd63414 100644
--- a/nuclei-templates/2022/CVE-2022-37404-d039001c0af8cb5076be473a89522a72.yaml
+++ b/nuclei-templates/2022/CVE-2022-37404-d039001c0af8cb5076be473a89522a72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     add2fav <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The add2fav plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add2fav/"
     google-query: inurl:"/wp-content/plugins/add2fav/"
     shodan-query: 'vuln:CVE-2022-37404'
-  tags: cve,wordpress,wp-plugin,add2fav,medium
+  tags: cve,wordpress,wp-plugin,add2fav,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37405-367b17bcc7fd153764ffbb7e174fed0a.yaml b/nuclei-templates/2022/CVE-2022-37405-367b17bcc7fd153764ffbb7e174fed0a.yaml
index 6d912a8f25..01c8b5140e 100644
--- a/nuclei-templates/2022/CVE-2022-37405-367b17bcc7fd153764ffbb7e174fed0a.yaml
+++ b/nuclei-templates/2022/CVE-2022-37405-367b17bcc7fd153764ffbb7e174fed0a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Better Font Awesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the save_options function. This makes it possible for unauthenticated attackers to change the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-font-awesome/"
     google-query: inurl:"/wp-content/plugins/better-font-awesome/"
     shodan-query: 'vuln:CVE-2022-37405'
-  tags: cve,wordpress,wp-plugin,better-font-awesome,high
+  tags: cve,wordpress,wp-plugin,better-font-awesome,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37405-415ed972729f96565976948d92875199.yaml b/nuclei-templates/2022/CVE-2022-37405-415ed972729f96565976948d92875199.yaml
index 35521d389c..fbb2c3090f 100644
--- a/nuclei-templates/2022/CVE-2022-37405-415ed972729f96565976948d92875199.yaml
+++ b/nuclei-templates/2022/CVE-2022-37405-415ed972729f96565976948d92875199.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Better Font Awesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the save_options function. This makes it possible for unauthenticated attackers to update the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-font-awesome/"
     google-query: inurl:"/wp-content/plugins/better-font-awesome/"
     shodan-query: 'vuln:CVE-2022-37405'
-  tags: cve,wordpress,wp-plugin,better-font-awesome,high
+  tags: cve,wordpress,wp-plugin,better-font-awesome,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37407-e067b113a87087f2914c0d765908e157.yaml b/nuclei-templates/2022/CVE-2022-37407-e067b113a87087f2914c0d765908e157.yaml
index b2d91dc461..13a2072448 100644
--- a/nuclei-templates/2022/CVE-2022-37407-e067b113a87087f2914c0d765908e157.yaml
+++ b/nuclei-templates/2022/CVE-2022-37407-e067b113a87087f2914c0d765908e157.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery PhotoBlocks <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gallery PhotoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photoblocks-grid-gallery/"
     google-query: inurl:"/wp-content/plugins/photoblocks-grid-gallery/"
     shodan-query: 'vuln:CVE-2022-37407'
-  tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,medium
+  tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37411-31a8072de701550e4edcf2604b9e23bf.yaml b/nuclei-templates/2022/CVE-2022-37411-31a8072de701550e4edcf2604b9e23bf.yaml
index fc15c26806..bb319b1d48 100644
--- a/nuclei-templates/2022/CVE-2022-37411-31a8072de701550e4edcf2604b9e23bf.yaml
+++ b/nuclei-templates/2022/CVE-2022-37411-31a8072de701550e4edcf2604b9e23bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Captcha Code <= 2.7 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Captcha Code plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7. This is due to missing or incorrect nonce validation on the wp_captcha_general_options function. This makes it possible for unauthenticated attackers to update plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/captcha-code-authentication/"
     google-query: inurl:"/wp-content/plugins/captcha-code-authentication/"
     shodan-query: 'vuln:CVE-2022-37411'
-  tags: cve,wordpress,wp-plugin,captcha-code-authentication,high
+  tags: cve,wordpress,wp-plugin,captcha-code-authentication,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37412-fdec0718eabbae53872d03fa70d141a9.yaml b/nuclei-templates/2022/CVE-2022-37412-fdec0718eabbae53872d03fa70d141a9.yaml
index dfd893df8a..b2a09147f5 100644
--- a/nuclei-templates/2022/CVE-2022-37412-fdec0718eabbae53872d03fa70d141a9.yaml
+++ b/nuclei-templates/2022/CVE-2022-37412-fdec0718eabbae53872d03fa70d141a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Delete Revision <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Better Delete Revision plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$bdr_rev_no’ parameter in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-delete-revision/"
     google-query: inurl:"/wp-content/plugins/better-delete-revision/"
     shodan-query: 'vuln:CVE-2022-37412'
-  tags: cve,wordpress,wp-plugin,better-delete-revision,medium
+  tags: cve,wordpress,wp-plugin,better-delete-revision,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3747-1b89b5eb4288496d851956ba01f7ee38.yaml b/nuclei-templates/2022/CVE-2022-3747-1b89b5eb4288496d851956ba01f7ee38.yaml
index 6ff23a9de8..2bca37074e 100644
--- a/nuclei-templates/2022/CVE-2022-3747-1b89b5eb4288496d851956ba01f7ee38.yaml
+++ b/nuclei-templates/2022/CVE-2022-3747-1b89b5eb4288496d851956ba01f7ee38.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Becustom <= 1.0.5.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/becustom/"
     google-query: inurl:"/wp-content/plugins/becustom/"
     shodan-query: 'vuln:CVE-2022-3747'
-  tags: cve,wordpress,wp-plugin,becustom,high
+  tags: cve,wordpress,wp-plugin,becustom,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3750-3b38633cbeac82c001940cb4aed44709.yaml b/nuclei-templates/2022/CVE-2022-3750-3b38633cbeac82c001940cb4aed44709.yaml
index 6b78512de8..14a719d9f2 100644
--- a/nuclei-templates/2022/CVE-2022-3750-3b38633cbeac82c001940cb4aed44709.yaml
+++ b/nuclei-templates/2022/CVE-2022-3750-3b38633cbeac82c001940cb4aed44709.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ask Me < 6.8.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ask Me theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, but not including, 6.8.7. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke that function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/ask-me/"
     google-query: inurl:"/wp-content/themes/ask-me/"
     shodan-query: 'vuln:CVE-2022-3750'
-  tags: cve,wordpress,wp-theme,ask-me,high
+  tags: cve,wordpress,wp-theme,ask-me,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3753-c206b1ef471fcab481cc325e40071db1.yaml b/nuclei-templates/2022/CVE-2022-3753-c206b1ef471fcab481cc325e40071db1.yaml
index 7a36efa37c..8cbbf30662 100644
--- a/nuclei-templates/2022/CVE-2022-3753-c206b1ef471fcab481cc325e40071db1.yaml
+++ b/nuclei-templates/2022/CVE-2022-3753-c206b1ef471fcab481cc325e40071db1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Evaluate <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Evaluate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/evaluate/"
     google-query: inurl:"/wp-content/plugins/evaluate/"
     shodan-query: 'vuln:CVE-2022-3753'
-  tags: cve,wordpress,wp-plugin,evaluate,medium
+  tags: cve,wordpress,wp-plugin,evaluate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-37599-bd26ccd939104e13f73f569b312459d6.yaml b/nuclei-templates/2022/CVE-2022-37599-bd26ccd939104e13f73f569b312459d6.yaml
index eb70c5c205..38141ef1ce 100644
--- a/nuclei-templates/2022/CVE-2022-37599-bd26ccd939104e13f73f569b312459d6.yaml
+++ b/nuclei-templates/2022/CVE-2022-37599-bd26ccd939104e13f73f569b312459d6.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 3.7
     cve-id: CVE-2022-37599
   metadata:
-    fofa-query: "wp-content/plugins/simple-page-ordering/"
-    google-query: inurl:"/wp-content/plugins/simple-page-ordering/"
+    fofa-query: "wp-content/plugins/insert-special-characters/"
+    google-query: inurl:"/wp-content/plugins/insert-special-characters/"
     shodan-query: 'vuln:CVE-2022-37599'
-  tags: cve,wordpress,wp-plugin,simple-page-ordering,low
+  tags: cve,wordpress,wp-plugin,insert-special-characters,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/simple-page-ordering/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/insert-special-characters/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "simple-page-ordering"
+          - "insert-special-characters"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.4.3')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.5')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-37601-54bc1daf26907dc59a5c7876a142ff1b.yaml b/nuclei-templates/2022/CVE-2022-37601-54bc1daf26907dc59a5c7876a142ff1b.yaml
index 3718cbe91b..6cb7ba3c2f 100644
--- a/nuclei-templates/2022/CVE-2022-37601-54bc1daf26907dc59a5c7876a142ff1b.yaml
+++ b/nuclei-templates/2022/CVE-2022-37601-54bc1daf26907dc59a5c7876a142ff1b.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.4
     cve-id: CVE-2022-37601
   metadata:
-    fofa-query: "wp-content/plugins/elasticpress/"
-    google-query: inurl:"/wp-content/plugins/elasticpress/"
+    fofa-query: "wp-content/plugins/insert-special-characters/"
+    google-query: inurl:"/wp-content/plugins/insert-special-characters/"
     shodan-query: 'vuln:CVE-2022-37601'
-  tags: cve,wordpress,wp-plugin,elasticpress,medium
+  tags: cve,wordpress,wp-plugin,insert-special-characters,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/elasticpress/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/insert-special-characters/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "elasticpress"
+          - "insert-special-characters"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 4.3.1')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.5')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-37603-1951707b594e6f4a4e8e4243b43c9841.yaml b/nuclei-templates/2022/CVE-2022-37603-1951707b594e6f4a4e8e4243b43c9841.yaml
index 1643463988..320f1fad3f 100644
--- a/nuclei-templates/2022/CVE-2022-37603-1951707b594e6f4a4e8e4243b43c9841.yaml
+++ b/nuclei-templates/2022/CVE-2022-37603-1951707b594e6f4a4e8e4243b43c9841.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 3.7
     cve-id: CVE-2022-37603
   metadata:
-    fofa-query: "wp-content/plugins/simple-page-ordering/"
-    google-query: inurl:"/wp-content/plugins/simple-page-ordering/"
+    fofa-query: "wp-content/plugins/insert-special-characters/"
+    google-query: inurl:"/wp-content/plugins/insert-special-characters/"
     shodan-query: 'vuln:CVE-2022-37603'
-  tags: cve,wordpress,wp-plugin,simple-page-ordering,low
+  tags: cve,wordpress,wp-plugin,insert-special-characters,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/simple-page-ordering/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/insert-special-characters/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "simple-page-ordering"
+          - "insert-special-characters"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.4.3')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.5')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-3762-127ab045dd12eca20b1f05cdaef8b291.yaml b/nuclei-templates/2022/CVE-2022-3762-127ab045dd12eca20b1f05cdaef8b291.yaml
index 198342a184..0c99274d95 100644
--- a/nuclei-templates/2022/CVE-2022-3762-127ab045dd12eca20b1f05cdaef8b291.yaml
+++ b/nuclei-templates/2022/CVE-2022-3762-127ab045dd12eca20b1f05cdaef8b291.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file downloads due to missing sanitization and filename validation of a user-supplied parameter in versions up to, and including, 5.6.6 (5.6.4 for Booster Plus). This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to download arbitrary files on the affected sites server.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2022-3762
   metadata:
-    fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/"
-    google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/"
+    fofa-query: "wp-content/plugins/woocommerce-jetpack/"
+    google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2022-3762'
-  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "booster-plus-for-woocommerce"
+          - "woocommerce-jetpack"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 5.6.4')
\ No newline at end of file
+          - compare_versions(version, '<= 5.6.6')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-3762-ed8996a111dbc40e1e02c2318552499b.yaml b/nuclei-templates/2022/CVE-2022-3762-ed8996a111dbc40e1e02c2318552499b.yaml
index d6d99cf3de..12677bcf04 100644
--- a/nuclei-templates/2022/CVE-2022-3762-ed8996a111dbc40e1e02c2318552499b.yaml
+++ b/nuclei-templates/2022/CVE-2022-3762-ed8996a111dbc40e1e02c2318552499b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster Elite for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, but not including, 1.1.7. This makes it possible for administrator-level attackers to download files from the website, leading to the extraction of sensitive user or configuration data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-3762'
-  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3763-3ae6c1779315005d2af44a96ee77af2d.yaml b/nuclei-templates/2022/CVE-2022-3763-3ae6c1779315005d2af44a96ee77af2d.yaml
index 579e05c74a..eed2723c23 100644
--- a/nuclei-templates/2022/CVE-2022-3763-3ae6c1779315005d2af44a96ee77af2d.yaml
+++ b/nuclei-templates/2022/CVE-2022-3763-3ae6c1779315005d2af44a96ee77af2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.6.6 (Free) and 5.6.4 (Premium). This is due to missing or incorrect nonce validation when deleting files uploaded during checkout. This makes it possible for unauthenticated attackers to delete those files, via forged request granted they can trick a site Shop Manager into performing an action such as clicking on a link.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2022-3763
   metadata:
-    fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/"
-    google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/"
+    fofa-query: "wp-content/plugins/woocommerce-jetpack/"
+    google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2022-3763'
-  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "booster-plus-for-woocommerce"
+          - "woocommerce-jetpack"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 5.6.4')
\ No newline at end of file
+          - compare_versions(version, '<= 5.6.6')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-3763-bd1638a89aa7173589958124d15f2afb.yaml b/nuclei-templates/2022/CVE-2022-3763-bd1638a89aa7173589958124d15f2afb.yaml
index 38af0a95db..3141cdb6b9 100644
--- a/nuclei-templates/2022/CVE-2022-3763-bd1638a89aa7173589958124d15f2afb.yaml
+++ b/nuclei-templates/2022/CVE-2022-3763-bd1638a89aa7173589958124d15f2afb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster Elite for WooCommerce < 1.1.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booster Elite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, but not including, 1.1.7. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to delete files uploaded during a check-out, granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-3763'
-  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3764-b7888b843ebf167b77c4d303a6db54de.yaml b/nuclei-templates/2022/CVE-2022-3764-b7888b843ebf167b77c4d303a6db54de.yaml
index 6bc92502e2..d28459e745 100644
--- a/nuclei-templates/2022/CVE-2022-3764-b7888b843ebf167b77c4d303a6db54de.yaml
+++ b/nuclei-templates/2022/CVE-2022-3764-b7888b843ebf167b77c4d303a6db54de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Vibes <= 1.4.5 - Authenticated (Admininstrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Form Vibes plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.5 due to insufficient escaping on the user supplied parameter IDs and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database when deleting form entries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-vibes/"
     google-query: inurl:"/wp-content/plugins/form-vibes/"
     shodan-query: 'vuln:CVE-2022-3764'
-  tags: cve,wordpress,wp-plugin,form-vibes,high
+  tags: cve,wordpress,wp-plugin,form-vibes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3768-221016fc8948bfb930fdcdca33f79836.yaml b/nuclei-templates/2022/CVE-2022-3768-221016fc8948bfb930fdcdca33f79836.yaml
index f7750e645f..0e18b3ca35 100644
--- a/nuclei-templates/2022/CVE-2022-3768-221016fc8948bfb930fdcdca33f79836.yaml
+++ b/nuclei-templates/2022/CVE-2022-3768-221016fc8948bfb930fdcdca33f79836.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPSmartContracts <= 1.3.11 - Authenticated (Author+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WPSmartContracts plugin for WordPress is vulnerable to generic SQL Injection via an unknown parameter in versions up to, and including, 1.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for author-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-smart-contracts/"
     google-query: inurl:"/wp-content/plugins/wp-smart-contracts/"
     shodan-query: 'vuln:CVE-2022-3768'
-  tags: cve,wordpress,wp-plugin,wp-smart-contracts,high
+  tags: cve,wordpress,wp-plugin,wp-smart-contracts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3769-8e5a5c6c98d5ff17214ae536b2646317.yaml b/nuclei-templates/2022/CVE-2022-3769-8e5a5c6c98d5ff17214ae536b2646317.yaml
index 47f586c71f..12e1d2edca 100644
--- a/nuclei-templates/2022/CVE-2022-3769-8e5a5c6c98d5ff17214ae536b2646317.yaml
+++ b/nuclei-templates/2022/CVE-2022-3769-8e5a5c6c98d5ff17214ae536b2646317.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OWM Weather <= 5.6.8 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The OWM Weather plugin for WordPress is vulnerable to unspecified SQL Injection via the ‘post’ parameter in versions up to, and including, 5.6.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for Contributor-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/owm-weather/"
     google-query: inurl:"/wp-content/plugins/owm-weather/"
     shodan-query: 'vuln:CVE-2022-3769'
-  tags: cve,wordpress,wp-plugin,owm-weather,high
+  tags: cve,wordpress,wp-plugin,owm-weather,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3776-2624b69820d22e5b5127f2b411babf77.yaml b/nuclei-templates/2022/CVE-2022-3776-2624b69820d22e5b5127f2b411babf77.yaml
index cfcb9a21b6..f4ac5dbe80 100644
--- a/nuclei-templates/2022/CVE-2022-3776-2624b69820d22e5b5127f2b411babf77.yaml
+++ b/nuclei-templates/2022/CVE-2022-3776-2624b69820d22e5b5127f2b411babf77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/menu-ordering-reservations/"
     google-query: inurl:"/wp-content/plugins/menu-ordering-reservations/"
     shodan-query: 'vuln:CVE-2022-3776'
-  tags: cve,wordpress,wp-plugin,menu-ordering-reservations,high
+  tags: cve,wordpress,wp-plugin,menu-ordering-reservations,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3794-39f38e457d08269c0a24a582767d3dfd.yaml b/nuclei-templates/2022/CVE-2022-3794-39f38e457d08269c0a24a582767d3dfd.yaml
index 888b2b0f3b..1eb34f9361 100644
--- a/nuclei-templates/2022/CVE-2022-3794-39f38e457d08269c0a24a582767d3dfd.yaml
+++ b/nuclei-templates/2022/CVE-2022-3794-39f38e457d08269c0a24a582767d3dfd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jeg Elementor Kit <= 2.5.6 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6.  Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not use capability checks for this purpose.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jeg-elementor-kit/"
     google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/"
     shodan-query: 'vuln:CVE-2022-3794'
-  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,medium
+  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38055-df308cf6b44530f23e6aa9e16f45633a.yaml b/nuclei-templates/2022/CVE-2022-38055-df308cf6b44530f23e6aa9e16f45633a.yaml
index e30fc492fc..5789cc7ac1 100644
--- a/nuclei-templates/2022/CVE-2022-38055-df308cf6b44530f23e6aa9e16f45633a.yaml
+++ b/nuclei-templates/2022/CVE-2022-38055-df308cf6b44530f23e6aa9e16f45633a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) HTML Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpForo Forum plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 2.0.9. This is due to insufficient escaping and sanitization of user supplied input. This makes it possible for authenticated attackers, with subscriber-level permissions and above to inject HTML content on pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2022-38055'
-  tags: cve,wordpress,wp-plugin,wpforo,medium
+  tags: cve,wordpress,wp-plugin,wpforo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38057-9e3753c62120a17f21550a2c92d7d0fe.yaml b/nuclei-templates/2022/CVE-2022-38057-9e3753c62120a17f21550a2c92d7d0fe.yaml
index 778a712bcf..d53bf6166f 100644
--- a/nuclei-templates/2022/CVE-2022-38057-9e3753c62120a17f21550a2c92d7d0fe.yaml
+++ b/nuclei-templates/2022/CVE-2022-38057-9e3753c62120a17f21550a2c92d7d0fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advance Product Search plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the set_defaults function accessible via an init action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to reset the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/th-advance-product-search/"
     google-query: inurl:"/wp-content/plugins/th-advance-product-search/"
     shodan-query: 'vuln:CVE-2022-38057'
-  tags: cve,wordpress,wp-plugin,th-advance-product-search,medium
+  tags: cve,wordpress,wp-plugin,th-advance-product-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38058-26e6e5cc3851b03fa772529952303fc4.yaml b/nuclei-templates/2022/CVE-2022-38058-26e6e5cc3851b03fa772529952303fc4.yaml
index d5ef8e26ce..87799290e5 100644
--- a/nuclei-templates/2022/CVE-2022-38058-26e6e5cc3851b03fa772529952303fc4.yaml
+++ b/nuclei-templates/2022/CVE-2022-38058-26e6e5cc3851b03fa772529952303fc4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shamsi <= 4.1.1 - Missing Authorization to Plugin Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when saving plugin settings in versions up to, and including, 4.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's options and active a pro license.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-shamsi/"
     google-query: inurl:"/wp-content/plugins/wp-shamsi/"
     shodan-query: 'vuln:CVE-2022-38058'
-  tags: cve,wordpress,wp-plugin,wp-shamsi,medium
+  tags: cve,wordpress,wp-plugin,wp-shamsi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38061-80eb51ecba5ec678d038fbafb9f76a3a.yaml b/nuclei-templates/2022/CVE-2022-38061-80eb51ecba5ec678d038fbafb9f76a3a.yaml
index bf7f97affe..c8c119d8f3 100644
--- a/nuclei-templates/2022/CVE-2022-38061-80eb51ecba5ec678d038fbafb9f76a3a.yaml
+++ b/nuclei-templates/2022/CVE-2022-38061-80eb51ecba5ec678d038fbafb9f76a3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export Post Info <= 1.2.0 - Authenticated (Author+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Export Post Info plugin for WordPress is vulnerable to CSV Injection. This allows authenticated users with author permissions or higher, to inject commands that the plugin will include when generating a CSV file for export. If a victim opens the malicious CSV file on a vulnerable platform these commands could be executed on their local machine.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/export-post-info/"
     google-query: inurl:"/wp-content/plugins/export-post-info/"
     shodan-query: 'vuln:CVE-2022-38061'
-  tags: cve,wordpress,wp-plugin,export-post-info,medium
+  tags: cve,wordpress,wp-plugin,export-post-info,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38067-09740a555ab133389f0f6571fce0ae84.yaml b/nuclei-templates/2022/CVE-2022-38067-09740a555ab133389f0f6571fce0ae84.yaml
index 157e32877b..5c0ea44006 100644
--- a/nuclei-templates/2022/CVE-2022-38067-09740a555ab133389f0f6571fce0ae84.yaml
+++ b/nuclei-templates/2022/CVE-2022-38067-09740a555ab133389f0f6571fce0ae84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Calendar <= 1.4.6 - Missing Authorization to Event Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Event Calendar plugin for WordPress lacks authorization and capability checks on several of its functions reachable via AJAX actions in versions up to, and including, 1.4.6. This makes it possible for unauthenticated attackers to edit, clone, and delete events.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calendar-event/"
     google-query: inurl:"/wp-content/plugins/calendar-event/"
     shodan-query: 'vuln:CVE-2022-38067'
-  tags: cve,wordpress,wp-plugin,calendar-event,medium
+  tags: cve,wordpress,wp-plugin,calendar-event,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38068-0bf76c13f5d059f24c33a04b1579ea8d.yaml b/nuclei-templates/2022/CVE-2022-38068-0bf76c13f5d059f24c33a04b1579ea8d.yaml
index d43204ae22..e2312f8bc5 100644
--- a/nuclei-templates/2022/CVE-2022-38068-0bf76c13f5d059f24c33a04b1579ea8d.yaml
+++ b/nuclei-templates/2022/CVE-2022-38068-0bf76c13f5d059f24c33a04b1579ea8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export Post Info <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Export Post Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘epi_random_string_filename’ parameter in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in the post export page that will execute whenever a user accesses it.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/export-post-info/"
     google-query: inurl:"/wp-content/plugins/export-post-info/"
     shodan-query: 'vuln:CVE-2022-38068'
-  tags: cve,wordpress,wp-plugin,export-post-info,medium
+  tags: cve,wordpress,wp-plugin,export-post-info,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38073-1f2a06a643f40ca267bd342499fdc692.yaml b/nuclei-templates/2022/CVE-2022-38073-1f2a06a643f40ca267bd342499fdc692.yaml
index 8a3b6e1828..fe014faf59 100644
--- a/nuclei-templates/2022/CVE-2022-38073-1f2a06a643f40ca267bd342499fdc692.yaml
+++ b/nuclei-templates/2022/CVE-2022-38073-1f2a06a643f40ca267bd342499fdc692.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Awesome Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Several vulnerabilities are present in this version of the plugin requiring different privilege levels.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2022-38073'
-  tags: cve,wordpress,wp-plugin,awesome-support,high
+  tags: cve,wordpress,wp-plugin,awesome-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38074-5c2247e17c791b6fdfbffdac85a13840.yaml b/nuclei-templates/2022/CVE-2022-38074-5c2247e17c791b6fdfbffdac85a13840.yaml
index f8a09d7fd9..5f93a62545 100644
--- a/nuclei-templates/2022/CVE-2022-38074-5c2247e17c791b6fdfbffdac85a13840.yaml
+++ b/nuclei-templates/2022/CVE-2022-38074-5c2247e17c791b6fdfbffdac85a13840.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 13.2.10 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Statistics plugin for WordPress is vulnerable to SQL Injection via the ‘limit’ parameter in versions up to, and including, 13.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for subscriber-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:CVE-2022-38074'
-  tags: cve,wordpress,wp-plugin,wp-statistics,high
+  tags: cve,wordpress,wp-plugin,wp-statistics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38079-897959e22c40ecc199bf5dc5042856a0.yaml b/nuclei-templates/2022/CVE-2022-38079-897959e22c40ecc199bf5dc5042856a0.yaml
index fc7c05e928..d61348f191 100644
--- a/nuclei-templates/2022/CVE-2022-38079-897959e22c40ecc199bf5dc5042856a0.yaml
+++ b/nuclei-templates/2022/CVE-2022-38079-897959e22c40ecc199bf5dc5042856a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup Scheduler <= 1.5.13 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Backup Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on several of its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup-scheduler/"
     google-query: inurl:"/wp-content/plugins/backup-scheduler/"
     shodan-query: 'vuln:CVE-2022-38079'
-  tags: cve,wordpress,wp-plugin,backup-scheduler,high
+  tags: cve,wordpress,wp-plugin,backup-scheduler,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38085-353927ae64af5c6eafc196b5f94afe9a.yaml b/nuclei-templates/2022/CVE-2022-38085-353927ae64af5c6eafc196b5f94afe9a.yaml
index 41ae923ce2..800d6a00e5 100644
--- a/nuclei-templates/2022/CVE-2022-38085-353927ae64af5c6eafc196b5f94afe9a.yaml
+++ b/nuclei-templates/2022/CVE-2022-38085-353927ae64af5c6eafc196b5f94afe9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Read more By Adam <= 1.1.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Read more By Adam plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to execute it, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/read-more/"
     google-query: inurl:"/wp-content/plugins/read-more/"
     shodan-query: 'vuln:CVE-2022-38085'
-  tags: cve,wordpress,wp-plugin,read-more,high
+  tags: cve,wordpress,wp-plugin,read-more,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38086-9485da9dcc7a2c1f998297394d9f2737.yaml b/nuclei-templates/2022/CVE-2022-38086-9485da9dcc7a2c1f998297394d9f2737.yaml
index 97887b211b..37fa4ef9d0 100644
--- a/nuclei-templates/2022/CVE-2022-38086-9485da9dcc7a2c1f998297394d9f2737.yaml
+++ b/nuclei-templates/2022/CVE-2022-38086-9485da9dcc7a2c1f998297394d9f2737.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.12.0. This is due to missing or incorrect nonce validation on the ajax_remove_preset() and ajax_get_preset() functions. This makes it possible for unauthenticated attackers to make preset changes via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2022-38086'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,high
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38093-52b9b171189fecca507b9059a4e2fc92.yaml b/nuclei-templates/2022/CVE-2022-38093-52b9b171189fecca507b9059a4e2fc92.yaml
index 143a9baa31..9856527b2e 100644
--- a/nuclei-templates/2022/CVE-2022-38093-52b9b171189fecca507b9059a4e2fc92.yaml
+++ b/nuclei-templates/2022/CVE-2022-38093-52b9b171189fecca507b9059a4e2fc92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO <= 4.2.3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The All in One SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.3.1. This is due to missing or incorrect nonce validation on several of its functions. This makes it possible for unauthenticated attackers to execute them, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:CVE-2022-38093'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,high
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38095-37fc83c506180cf381ac5dfbd233eafb.yaml b/nuclei-templates/2022/CVE-2022-38095-37fc83c506180cf381ac5dfbd233eafb.yaml
index 14d40b8bab..c05e756598 100644
--- a/nuclei-templates/2022/CVE-2022-38095-37fc83c506180cf381ac5dfbd233eafb.yaml
+++ b/nuclei-templates/2022/CVE-2022-38095-37fc83c506180cf381ac5dfbd233eafb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Dynamic Pricing for WooCommerce <= 4.1.3 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.3. This is due to missing or incorrect nonce validation on the handleSubmitAction function. This makes it possible for unauthenticated attackers to update plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-38095'
-  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38104-4f4db8cd21765548f8ac243b07d65419.yaml b/nuclei-templates/2022/CVE-2022-38104-4f4db8cd21765548f8ac243b07d65419.yaml
index bb31dd0ee1..b9c8c24e7b 100644
--- a/nuclei-templates/2022/CVE-2022-38104-4f4db8cd21765548f8ac243b07d65419.yaml
+++ b/nuclei-templates/2022/CVE-2022-38104-4f4db8cd21765548f8ac243b07d65419.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated Arbitrary Options Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordions plugin for WordPress is vulnerable to arbitrary options update in versions up to, and including, 2.0.3. This is due to insufficient capability checking on the manual_import_json() function. This makes it possible for authenticated attackers to modify arbitrary options on the site and can be used for complete site takeover. This is due to an incomplete fix of CVE-2022-33198.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-or-faqs/"
     google-query: inurl:"/wp-content/plugins/accordions-or-faqs/"
     shodan-query: 'vuln:CVE-2022-38104'
-  tags: cve,wordpress,wp-plugin,accordions-or-faqs,medium
+  tags: cve,wordpress,wp-plugin,accordions-or-faqs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3811-7bd73acb3e7a0bf377aeb77c95eb6b8a.yaml b/nuclei-templates/2022/CVE-2022-3811-7bd73acb3e7a0bf377aeb77c95eb6b8a.yaml
index 919f8af2e1..53fed189ab 100644
--- a/nuclei-templates/2022/CVE-2022-3811-7bd73acb3e7a0bf377aeb77c95eb6b8a.yaml
+++ b/nuclei-templates/2022/CVE-2022-3811-7bd73acb3e7a0bf377aeb77c95eb6b8a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EU Cookie Law <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EU Cookie Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eu-cookie-law/"
     google-query: inurl:"/wp-content/plugins/eu-cookie-law/"
     shodan-query: 'vuln:CVE-2022-3811'
-  tags: cve,wordpress,wp-plugin,eu-cookie-law,medium
+  tags: cve,wordpress,wp-plugin,eu-cookie-law,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38135-b019cad8ad64e7103a4ef60d49f6dea3.yaml b/nuclei-templates/2022/CVE-2022-38135-b019cad8ad64e7103a4ef60d49f6dea3.yaml
index 9e30cf23b6..1cabb06e3b 100644
--- a/nuclei-templates/2022/CVE-2022-38135-b019cad8ad64e7103a4ef60d49f6dea3.yaml
+++ b/nuclei-templates/2022/CVE-2022-38135-b019cad8ad64e7103a4ef60d49f6dea3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photospace Gallery <= 2.3.5 - Missing Authorization to Plugin Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photospace Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its settings updatefunction in versions up to, and including, 2.3.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photospace/"
     google-query: inurl:"/wp-content/plugins/photospace/"
     shodan-query: 'vuln:CVE-2022-38135'
-  tags: cve,wordpress,wp-plugin,photospace,medium
+  tags: cve,wordpress,wp-plugin,photospace,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38137-4570eda0c03b7f7b441d2c3a25dcd80e.yaml b/nuclei-templates/2022/CVE-2022-38137-4570eda0c03b7f7b441d2c3a25dcd80e.yaml
index b1ec88d874..10046fb25e 100644
--- a/nuclei-templates/2022/CVE-2022-38137-4570eda0c03b7f7b441d2c3a25dcd80e.yaml
+++ b/nuclei-templates/2022/CVE-2022-38137-4570eda0c03b7f7b441d2c3a25dcd80e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Analytify – Google Analytics Dashboard For WordPress <= 4.2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Analytify – Google Analytics Dashboard For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the analytify_delete_cache action. This makes it possible for unauthenticated attackers to delete the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-analytify/"
     google-query: inurl:"/wp-content/plugins/wp-analytify/"
     shodan-query: 'vuln:CVE-2022-38137'
-  tags: cve,wordpress,wp-plugin,wp-analytify,high
+  tags: cve,wordpress,wp-plugin,wp-analytify,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38139-29636b68c2f3ab161e7a045474b91034.yaml b/nuclei-templates/2022/CVE-2022-38139-29636b68c2f3ab161e7a045474b91034.yaml
index a5e8a43ec8..b27d4f5109 100644
--- a/nuclei-templates/2022/CVE-2022-38139-29636b68c2f3ab161e7a045474b91034.yaml
+++ b/nuclei-templates/2022/CVE-2022-38139-29636b68c2f3ab161e7a045474b91034.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RD Station <= 5.1.3 - Cross-Site Request Forgery to Plugin Log Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The RD Station plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation on the clear_log_file function. This makes it possible for unauthenticated attackers to delete the plugin's logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integracao-rd-station/"
     google-query: inurl:"/wp-content/plugins/integracao-rd-station/"
     shodan-query: 'vuln:CVE-2022-38139'
-  tags: cve,wordpress,wp-plugin,integracao-rd-station,high
+  tags: cve,wordpress,wp-plugin,integracao-rd-station,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38139-54337cab42839ec3b613ba98b54eca17.yaml b/nuclei-templates/2022/CVE-2022-38139-54337cab42839ec3b613ba98b54eca17.yaml
index 65ec30a5ed..8d2a694bac 100644
--- a/nuclei-templates/2022/CVE-2022-38139-54337cab42839ec3b613ba98b54eca17.yaml
+++ b/nuclei-templates/2022/CVE-2022-38139-54337cab42839ec3b613ba98b54eca17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RD Station <= 5.2.0 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The RD Station plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2.0. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions (including one resulting in settings update), via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integracao-rd-station/"
     google-query: inurl:"/wp-content/plugins/integracao-rd-station/"
     shodan-query: 'vuln:CVE-2022-38139'
-  tags: cve,wordpress,wp-plugin,integracao-rd-station,high
+  tags: cve,wordpress,wp-plugin,integracao-rd-station,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38140-83717a76e7400e087835909cd79a400f.yaml b/nuclei-templates/2022/CVE-2022-38140-83717a76e7400e087835909cd79a400f.yaml
index 93157bbd62..6473b54ab1 100644
--- a/nuclei-templates/2022/CVE-2022-38140-83717a76e7400e087835909cd79a400f.yaml
+++ b/nuclei-templates/2022/CVE-2022-38140-83717a76e7400e087835909cd79a400f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SEO Plugin by Squirrly SEO for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 12.1.10. This makes it possible for authenticated attackers, with contributor level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/squirrly-seo/"
     google-query: inurl:"/wp-content/plugins/squirrly-seo/"
     shodan-query: 'vuln:CVE-2022-38140'
-  tags: cve,wordpress,wp-plugin,squirrly-seo,high
+  tags: cve,wordpress,wp-plugin,squirrly-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38141-1a3d5e6e024266b84857a352fd89d5d4.yaml b/nuclei-templates/2022/CVE-2022-38141-1a3d5e6e024266b84857a352fd89d5d4.yaml
index ec63444a32..dd42b3149a 100644
--- a/nuclei-templates/2022/CVE-2022-38141-1a3d5e6e024266b84857a352fd89d5d4.yaml
+++ b/nuclei-templates/2022/CVE-2022-38141-1a3d5e6e024266b84857a352fd89d5d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sales Report Email for WooCommerce <= 2.8.0 - Missing Authorization for Email Functionality
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sales Report Email for WooCommerce plugin for WordPress is missing a capability and nonce check in several functions in versions up to, and including, 2.8.0. This allows attackers to perform actions such as sending test emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-advanced-sales-report-email/"
     google-query: inurl:"/wp-content/plugins/woo-advanced-sales-report-email/"
     shodan-query: 'vuln:CVE-2022-38141'
-  tags: cve,wordpress,wp-plugin,woo-advanced-sales-report-email,medium
+  tags: cve,wordpress,wp-plugin,woo-advanced-sales-report-email,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38144-5fc70b9a54a47a4a18b6ce16ce7c23ba.yaml b/nuclei-templates/2022/CVE-2022-38144-5fc70b9a54a47a4a18b6ce16ce7c23ba.yaml
index eefbd702a6..f77ed17ef6 100644
--- a/nuclei-templates/2022/CVE-2022-38144-5fc70b9a54a47a4a18b6ce16ce7c23ba.yaml
+++ b/nuclei-templates/2022/CVE-2022-38144-5fc70b9a54a47a4a18b6ce16ce7c23ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 2.0.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wpForo Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to execute that function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2022-38144'
-  tags: cve,wordpress,wp-plugin,wpforo,high
+  tags: cve,wordpress,wp-plugin,wpforo,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3822-6fc6438dcbfd4ff68526e6d482fa74a2.yaml b/nuclei-templates/2022/CVE-2022-3822-6fc6438dcbfd4ff68526e6d482fa74a2.yaml
index eb4cab0d4c..6ac69dc4db 100644
--- a/nuclei-templates/2022/CVE-2022-3822-6fc6438dcbfd4ff68526e6d482fa74a2.yaml
+++ b/nuclei-templates/2022/CVE-2022-3822-6fc6438dcbfd4ff68526e6d482fa74a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donations via PayPal <= 1.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Donations via PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting when saving settings in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paypal-donations/"
     google-query: inurl:"/wp-content/plugins/paypal-donations/"
     shodan-query: 'vuln:CVE-2022-3822'
-  tags: cve,wordpress,wp-plugin,paypal-donations,medium
+  tags: cve,wordpress,wp-plugin,paypal-donations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3823-2f0c52f572204949d9dfa707ba4715b5.yaml b/nuclei-templates/2022/CVE-2022-3823-2f0c52f572204949d9dfa707ba4715b5.yaml
index 823ba7ff8a..5eff4ca8cf 100644
--- a/nuclei-templates/2022/CVE-2022-3823-2f0c52f572204949d9dfa707ba4715b5.yaml
+++ b/nuclei-templates/2022/CVE-2022-3823-2f0c52f572204949d9dfa707ba4715b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beautiful Cookie Consent Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beautiful-and-responsive-cookie-consent/"
     google-query: inurl:"/wp-content/plugins/beautiful-and-responsive-cookie-consent/"
     shodan-query: 'vuln:CVE-2022-3823'
-  tags: cve,wordpress,wp-plugin,beautiful-and-responsive-cookie-consent,medium
+  tags: cve,wordpress,wp-plugin,beautiful-and-responsive-cookie-consent,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3824-d5f34e92eea10518421633a7bf6a6987.yaml b/nuclei-templates/2022/CVE-2022-3824-d5f34e92eea10518421633a7bf6a6987.yaml
index 1176edca58..ed5b74bbd6 100644
--- a/nuclei-templates/2022/CVE-2022-3824-d5f34e92eea10518421633a7bf6a6987.yaml
+++ b/nuclei-templates/2022/CVE-2022-3824-d5f34e92eea10518421633a7bf6a6987.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Admin UI Customize <= 1.5.12 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Admin UI Customize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘footer text’ parameter in versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-admin-ui-customize/"
     google-query: inurl:"/wp-content/plugins/wp-admin-ui-customize/"
     shodan-query: 'vuln:CVE-2022-3824'
-  tags: cve,wordpress,wp-plugin,wp-admin-ui-customize,medium
+  tags: cve,wordpress,wp-plugin,wp-admin-ui-customize,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3828-66fc8c140dcc821532233cac0866d8de.yaml b/nuclei-templates/2022/CVE-2022-3828-66fc8c140dcc821532233cac0866d8de.yaml
index bdcc8975b6..abc7277575 100644
--- a/nuclei-templates/2022/CVE-2022-3828-66fc8c140dcc821532233cac0866d8de.yaml
+++ b/nuclei-templates/2022/CVE-2022-3828-66fc8c140dcc821532233cac0866d8de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Thumbnails <= 2.12.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 2.12.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-thumbnails/"
     google-query: inurl:"/wp-content/plugins/video-thumbnails/"
     shodan-query: 'vuln:CVE-2022-3828'
-  tags: cve,wordpress,wp-plugin,video-thumbnails,medium
+  tags: cve,wordpress,wp-plugin,video-thumbnails,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3829-335b776cd554e8913d4f10e98e262ec0.yaml b/nuclei-templates/2022/CVE-2022-3829-335b776cd554e8913d4f10e98e262ec0.yaml
index bc066dd2ce..991cf432cb 100644
--- a/nuclei-templates/2022/CVE-2022-3829-335b776cd554e8913d4f10e98e262ec0.yaml
+++ b/nuclei-templates/2022/CVE-2022-3829-335b776cd554e8913d4f10e98e262ec0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Font Awesome 4 Menus <= 4.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/font-awesome-4-menus/"
     google-query: inurl:"/wp-content/plugins/font-awesome-4-menus/"
     shodan-query: 'vuln:CVE-2022-3829'
-  tags: cve,wordpress,wp-plugin,font-awesome-4-menus,medium
+  tags: cve,wordpress,wp-plugin,font-awesome-4-menus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3830-3e7f60a3df49d0f7fb4057d158598ecf.yaml b/nuclei-templates/2022/CVE-2022-3830-3e7f60a3df49d0f7fb4057d158598ecf.yaml
index f59231034e..40a579bb42 100644
--- a/nuclei-templates/2022/CVE-2022-3830-3e7f60a3df49d0f7fb4057d158598ecf.yaml
+++ b/nuclei-templates/2022/CVE-2022-3830-3e7f60a3df49d0f7fb4057d158598ecf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Page Builder <= 1.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-pagebuilder/"
     google-query: inurl:"/wp-content/plugins/wp-pagebuilder/"
     shodan-query: 'vuln:CVE-2022-3830'
-  tags: cve,wordpress,wp-plugin,wp-pagebuilder,medium
+  tags: cve,wordpress,wp-plugin,wp-pagebuilder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3831-eab309830ae20eeb18b4936d022eab3a.yaml b/nuclei-templates/2022/CVE-2022-3831-eab309830ae20eeb18b4936d022eab3a.yaml
index 3f06769cf1..7e2c702056 100644
--- a/nuclei-templates/2022/CVE-2022-3831-eab309830ae20eeb18b4936d022eab3a.yaml
+++ b/nuclei-templates/2022/CVE-2022-3831-eab309830ae20eeb18b4936d022eab3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     reCAPTCHA <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-form-recaptcha/"
     google-query: inurl:"/wp-content/plugins/login-form-recaptcha/"
     shodan-query: 'vuln:CVE-2022-3831'
-  tags: cve,wordpress,wp-plugin,login-form-recaptcha,medium
+  tags: cve,wordpress,wp-plugin,login-form-recaptcha,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3832-2b23e7bc36f5649501747aa394af6972.yaml b/nuclei-templates/2022/CVE-2022-3832-2b23e7bc36f5649501747aa394af6972.yaml
index 1c871e1aac..6a30acb87a 100644
--- a/nuclei-templates/2022/CVE-2022-3832-2b23e7bc36f5649501747aa394af6972.yaml
+++ b/nuclei-templates/2022/CVE-2022-3832-2b23e7bc36f5649501747aa394af6972.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     External Media <= 1.0.35 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The External Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/external-media/"
     google-query: inurl:"/wp-content/plugins/external-media/"
     shodan-query: 'vuln:CVE-2022-3832'
-  tags: cve,wordpress,wp-plugin,external-media,medium
+  tags: cve,wordpress,wp-plugin,external-media,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3833-7e3662ab11c3565756d75a405c4e3374.yaml b/nuclei-templates/2022/CVE-2022-3833-7e3662ab11c3565756d75a405c4e3374.yaml
index b91e2c4a94..41f87b2c3e 100644
--- a/nuclei-templates/2022/CVE-2022-3833-7e3662ab11c3565756d75a405c4e3374.yaml
+++ b/nuclei-templates/2022/CVE-2022-3833-7e3662ab11c3565756d75a405c4e3374.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fancier Author Box by ThematoSoup <= 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fancier Author Box by ThematoSoup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancier-author-box/"
     google-query: inurl:"/wp-content/plugins/fancier-author-box/"
     shodan-query: 'vuln:CVE-2022-3833'
-  tags: cve,wordpress,wp-plugin,fancier-author-box,medium
+  tags: cve,wordpress,wp-plugin,fancier-author-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3834-44fe84770decd19120a8d913bc09bfe5.yaml b/nuclei-templates/2022/CVE-2022-3834-44fe84770decd19120a8d913bc09bfe5.yaml
index bf23d8cd1d..187deb02d6 100644
--- a/nuclei-templates/2022/CVE-2022-3834-44fe84770decd19120a8d913bc09bfe5.yaml
+++ b/nuclei-templates/2022/CVE-2022-3834-44fe84770decd19120a8d913bc09bfe5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Forms <= 0.95 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 0.95 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpgform/"
     google-query: inurl:"/wp-content/plugins/wpgform/"
     shodan-query: 'vuln:CVE-2022-3834'
-  tags: cve,wordpress,wp-plugin,wpgform,medium
+  tags: cve,wordpress,wp-plugin,wpgform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3835-03920cd9ca5ff22b06a994a5f8a5fb1c.yaml b/nuclei-templates/2022/CVE-2022-3835-03920cd9ca5ff22b06a994a5f8a5fb1c.yaml
index 51ecd029f7..153c2e9bce 100644
--- a/nuclei-templates/2022/CVE-2022-3835-03920cd9ca5ff22b06a994a5f8a5fb1c.yaml
+++ b/nuclei-templates/2022/CVE-2022-3835-03920cd9ca5ff22b06a994a5f8a5fb1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kwayy HTML Sitemap <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scipting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Kwayy HTML Sitemap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kwayy-html-sitemap/"
     google-query: inurl:"/wp-content/plugins/kwayy-html-sitemap/"
     shodan-query: 'vuln:CVE-2022-3835'
-  tags: cve,wordpress,wp-plugin,kwayy-html-sitemap,medium
+  tags: cve,wordpress,wp-plugin,kwayy-html-sitemap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3836-714e1a158166a33a7b439bd28dcdaa32.yaml b/nuclei-templates/2022/CVE-2022-3836-714e1a158166a33a7b439bd28dcdaa32.yaml
index be0f30d50d..435dc3e8ce 100644
--- a/nuclei-templates/2022/CVE-2022-3836-714e1a158166a33a7b439bd28dcdaa32.yaml
+++ b/nuclei-templates/2022/CVE-2022-3836-714e1a158166a33a7b439bd28dcdaa32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seed Social <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Seed Social plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Facebook App Id and App Secret parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seed-social/"
     google-query: inurl:"/wp-content/plugins/seed-social/"
     shodan-query: 'vuln:CVE-2022-3836'
-  tags: cve,wordpress,wp-plugin,seed-social,medium
+  tags: cve,wordpress,wp-plugin,seed-social,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3836-c4ddc0489c7fc6327da43ce100fae835.yaml b/nuclei-templates/2022/CVE-2022-3836-c4ddc0489c7fc6327da43ce100fae835.yaml
index de95e8fd92..301d853cd3 100644
--- a/nuclei-templates/2022/CVE-2022-3836-c4ddc0489c7fc6327da43ce100fae835.yaml
+++ b/nuclei-templates/2022/CVE-2022-3836-c4ddc0489c7fc6327da43ce100fae835.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seed Social <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Seed Social plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of the plugin's settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seed-social/"
     google-query: inurl:"/wp-content/plugins/seed-social/"
     shodan-query: 'vuln:CVE-2022-3836'
-  tags: cve,wordpress,wp-plugin,seed-social,medium
+  tags: cve,wordpress,wp-plugin,seed-social,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3837-15a33f4bb5e2d06a85f82ec34f8865fa.yaml b/nuclei-templates/2022/CVE-2022-3837-15a33f4bb5e2d06a85f82ec34f8865fa.yaml
index 3e5cc26c2c..5289181c7b 100644
--- a/nuclei-templates/2022/CVE-2022-3837-15a33f4bb5e2d06a85f82ec34f8865fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-3837-15a33f4bb5e2d06a85f82ec34f8865fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uji Countdown <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Uji Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uji-countdown/"
     google-query: inurl:"/wp-content/plugins/uji-countdown/"
     shodan-query: 'vuln:CVE-2022-3837'
-  tags: cve,wordpress,wp-plugin,uji-countdown,medium
+  tags: cve,wordpress,wp-plugin,uji-countdown,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3838-94f3a814c03c449b36cb253d7f80d949.yaml b/nuclei-templates/2022/CVE-2022-3838-94f3a814c03c449b36cb253d7f80d949.yaml
index 899bf05751..72705f7bf5 100644
--- a/nuclei-templates/2022/CVE-2022-3838-94f3a814c03c449b36cb253d7f80d949.yaml
+++ b/nuclei-templates/2022/CVE-2022-3838-94f3a814c03c449b36cb253d7f80d949.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPUpper Share Buttons <= 3.42 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPUpper Share Buttons plugin for WordPress is vulnerable to Authenticated (Admin+) Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 3.42 due to insufficient input sanitization and output escaping. This makes it possible for adminitrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpupper-share-buttons/"
     google-query: inurl:"/wp-content/plugins/wpupper-share-buttons/"
     shodan-query: 'vuln:CVE-2022-3838'
-  tags: cve,wordpress,wp-plugin,wpupper-share-buttons,medium
+  tags: cve,wordpress,wp-plugin,wpupper-share-buttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3839-5b728c0f0ab67d66edeb4ee534a33e19.yaml b/nuclei-templates/2022/CVE-2022-3839-5b728c0f0ab67d66edeb4ee534a33e19.yaml
index 416f0d1497..3dcf44858a 100644
--- a/nuclei-templates/2022/CVE-2022-3839-5b728c0f0ab67d66edeb4ee534a33e19.yaml
+++ b/nuclei-templates/2022/CVE-2022-3839-5b728c0f0ab67d66edeb4ee534a33e19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Analytics for WP <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Analytics for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/analytics-for-wp/"
     google-query: inurl:"/wp-content/plugins/analytics-for-wp/"
     shodan-query: 'vuln:CVE-2022-3839'
-  tags: cve,wordpress,wp-plugin,analytics-for-wp,medium
+  tags: cve,wordpress,wp-plugin,analytics-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3840-a6981c5b5578853614f986e96039441b.yaml b/nuclei-templates/2022/CVE-2022-3840-a6981c5b5578853614f986e96039441b.yaml
index 46c4d996b7..e35a03bc96 100644
--- a/nuclei-templates/2022/CVE-2022-3840-a6981c5b5578853614f986e96039441b.yaml
+++ b/nuclei-templates/2022/CVE-2022-3840-a6981c5b5578853614f986e96039441b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Apps Login <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Apps Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-apps-login/"
     google-query: inurl:"/wp-content/plugins/google-apps-login/"
     shodan-query: 'vuln:CVE-2022-3840'
-  tags: cve,wordpress,wp-plugin,google-apps-login,medium
+  tags: cve,wordpress,wp-plugin,google-apps-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38454-a98db6a35902de5cbf34db4eed4ead5f.yaml b/nuclei-templates/2022/CVE-2022-38454-a98db6a35902de5cbf34db4eed4ead5f.yaml
index a71bd1a97f..f2806c9905 100644
--- a/nuclei-templates/2022/CVE-2022-38454-a98db6a35902de5cbf34db4eed4ead5f.yaml
+++ b/nuclei-templates/2022/CVE-2022-38454-a98db6a35902de5cbf34db4eed4ead5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kraken.io Image Optimizer <= 2.6.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Kraken.io Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.5. This is due to missing nonce validation on the kraken_settings_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kraken-image-optimizer/"
     google-query: inurl:"/wp-content/plugins/kraken-image-optimizer/"
     shodan-query: 'vuln:CVE-2022-38454'
-  tags: cve,wordpress,wp-plugin,kraken-image-optimizer,high
+  tags: cve,wordpress,wp-plugin,kraken-image-optimizer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38456-a9cc73f9037d9cdf674a96fc1a0c0e0f.yaml b/nuclei-templates/2022/CVE-2022-38456-a9cc73f9037d9cdf674a96fc1a0c0e0f.yaml
index eab47fa805..1be8923c08 100644
--- a/nuclei-templates/2022/CVE-2022-38456-a9cc73f9037d9cdf674a96fc1a0c0e0f.yaml
+++ b/nuclei-templates/2022/CVE-2022-38456-a9cc73f9037d9cdf674a96fc1a0c0e0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ajax Search Lite <= 4.10.3 - Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ajax Search Lite plugin for WordPress is vulnerable to Missing Authorization (leading to Sensitive Information Disclosure) in versions up to, and including, 4.10.3 via the 'searchCF' function. This can allow subscriber-level attackers to extract sensitive data including post metadata from an unprotected Ajax endpoint.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-search-lite/"
     google-query: inurl:"/wp-content/plugins/ajax-search-lite/"
     shodan-query: 'vuln:CVE-2022-38456'
-  tags: cve,wordpress,wp-plugin,ajax-search-lite,medium
+  tags: cve,wordpress,wp-plugin,ajax-search-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38460-b3b2af8cc00699a0018afcc81e707f41.yaml b/nuclei-templates/2022/CVE-2022-38460-b3b2af8cc00699a0018afcc81e707f41.yaml
index 3e700babf3..c69ca80c5f 100644
--- a/nuclei-templates/2022/CVE-2022-38460-b3b2af8cc00699a0018afcc81e707f41.yaml
+++ b/nuclei-templates/2022/CVE-2022-38460-b3b2af8cc00699a0018afcc81e707f41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NOTICE BOARD <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NOTICE BOARD plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/notice-board/"
     google-query: inurl:"/wp-content/plugins/notice-board/"
     shodan-query: 'vuln:CVE-2022-38460'
-  tags: cve,wordpress,wp-plugin,notice-board,medium
+  tags: cve,wordpress,wp-plugin,notice-board,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38461-1695c167f694fa63c272f7b2c5254e2e.yaml b/nuclei-templates/2022/CVE-2022-38461-1695c167f694fa63c272f7b2c5254e2e.yaml
index 4ea4fed055..d0394012de 100644
--- a/nuclei-templates/2022/CVE-2022-38461-1695c167f694fa63c272f7b2c5254e2e.yaml
+++ b/nuclei-templates/2022/CVE-2022-38461-1695c167f694fa63c272f7b2c5254e2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPML <= 4.5.10 - Missing Authorization to Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPML plugin for WordPress is vulnerable to missing authorization checks in versions up to, and including, 4.5.10. This is due to improper access controls on authorization for user controls. This makes it possible for subscriber-level attackers to perform plugin settings changes.  This means allows the change of the language for legacy widgets, and the default behaviors for media content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitepress-multilingual-cms/"
     google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/"
     shodan-query: 'vuln:CVE-2022-38461'
-  tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,medium
+  tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3848-f267d62c47f700236f07eb0616a44f03.yaml b/nuclei-templates/2022/CVE-2022-3848-f267d62c47f700236f07eb0616a44f03.yaml
index 35c153b2aa..a3656d8e7b 100644
--- a/nuclei-templates/2022/CVE-2022-3848-f267d62c47f700236f07eb0616a44f03.yaml
+++ b/nuclei-templates/2022/CVE-2022-3848-f267d62c47f700236f07eb0616a44f03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP User Merger plugin for WordPress is vulnerable to generic SQL Injection via 'user_id' parameter (in function 'wpus_get_order_ids_by_user') in versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-merger/"
     google-query: inurl:"/wp-content/plugins/wp-user-merger/"
     shodan-query: 'vuln:CVE-2022-3848'
-  tags: cve,wordpress,wp-plugin,wp-user-merger,high
+  tags: cve,wordpress,wp-plugin,wp-user-merger,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3849-7f2ad53d025d64620bae59b467d70f5b.yaml b/nuclei-templates/2022/CVE-2022-3849-7f2ad53d025d64620bae59b467d70f5b.yaml
index 628462064c..47567b45f2 100644
--- a/nuclei-templates/2022/CVE-2022-3849-7f2ad53d025d64620bae59b467d70f5b.yaml
+++ b/nuclei-templates/2022/CVE-2022-3849-7f2ad53d025d64620bae59b467d70f5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP User Merger plugin for WordPress is vulnerable to generic SQL Injection via 'reassign_user' parameter versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-merger/"
     google-query: inurl:"/wp-content/plugins/wp-user-merger/"
     shodan-query: 'vuln:CVE-2022-3849'
-  tags: cve,wordpress,wp-plugin,wp-user-merger,high
+  tags: cve,wordpress,wp-plugin,wp-user-merger,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3850-ef26eea08cd48a0673b556bc7ad08135.yaml b/nuclei-templates/2022/CVE-2022-3850-ef26eea08cd48a0673b556bc7ad08135.yaml
index 04434a35a4..bd32e763cd 100644
--- a/nuclei-templates/2022/CVE-2022-3850-ef26eea08cd48a0673b556bc7ad08135.yaml
+++ b/nuclei-templates/2022/CVE-2022-3850-ef26eea08cd48a0673b556bc7ad08135.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Find and Replace All <= 1.3 - Cross-Site Request Forgery to Arbitrary Content Replacement
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Find and Replace All plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation when performing a search. This makes it possible for unauthenticated attackers to replace arbitrary content on the site via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/find-and-replace-all/"
     google-query: inurl:"/wp-content/plugins/find-and-replace-all/"
     shodan-query: 'vuln:CVE-2022-3850'
-  tags: cve,wordpress,wp-plugin,find-and-replace-all,high
+  tags: cve,wordpress,wp-plugin,find-and-replace-all,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3852-a514896a8210fef61861b6a5fb93d0c5.yaml b/nuclei-templates/2022/CVE-2022-3852-a514896a8210fef61861b6a5fb93d0c5.yaml
index c0886014ce..9fb8ac64d7 100644
--- a/nuclei-templates/2022/CVE-2022-3852-a514896a8210fef61861b6a5fb93d0c5.yaml
+++ b/nuclei-templates/2022/CVE-2022-3852-a514896a8210fef61861b6a5fb93d0c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VR Calendar <= 2.3.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vr-calendar-sync/"
     google-query: inurl:"/wp-content/plugins/vr-calendar-sync/"
     shodan-query: 'vuln:CVE-2022-3852'
-  tags: cve,wordpress,wp-plugin,vr-calendar-sync,high
+  tags: cve,wordpress,wp-plugin,vr-calendar-sync,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3855-540d765197d5d77b942283129699e946.yaml b/nuclei-templates/2022/CVE-2022-3855-540d765197d5d77b942283129699e946.yaml
index eeb72e1240..750662d810 100644
--- a/nuclei-templates/2022/CVE-2022-3855-540d765197d5d77b942283129699e946.yaml
+++ b/nuclei-templates/2022/CVE-2022-3855-540d765197d5d77b942283129699e946.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     404 to Start <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 404 to Start plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/404-to-start/"
     google-query: inurl:"/wp-content/plugins/404-to-start/"
     shodan-query: 'vuln:CVE-2022-3855'
-  tags: cve,wordpress,wp-plugin,404-to-start,medium
+  tags: cve,wordpress,wp-plugin,404-to-start,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3856-d103dcd12252c06ef076f4cb74df842f.yaml b/nuclei-templates/2022/CVE-2022-3856-d103dcd12252c06ef076f4cb74df842f.yaml
index 229bc993c7..0ce6bb6ae1 100644
--- a/nuclei-templates/2022/CVE-2022-3856-d103dcd12252c06ef076f4cb74df842f.yaml
+++ b/nuclei-templates/2022/CVE-2022-3856-d103dcd12252c06ef076f4cb74df842f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comic Book Management System < 2.2.0 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Comic Book Management System plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.2.0 due to insufficient escaping on the 'id' parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comicbookmanagementsystemweeklypicks/"
     google-query: inurl:"/wp-content/plugins/comicbookmanagementsystemweeklypicks/"
     shodan-query: 'vuln:CVE-2022-3856'
-  tags: cve,wordpress,wp-plugin,comicbookmanagementsystemweeklypicks,critical
+  tags: cve,wordpress,wp-plugin,comicbookmanagementsystemweeklypicks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3858-d2f186fae58d1b5afd77fc5306fc26bf.yaml b/nuclei-templates/2022/CVE-2022-3858-d2f186fae58d1b5afd77fc5306fc26bf.yaml
index ec7f176b3f..e95ba4cd8d 100644
--- a/nuclei-templates/2022/CVE-2022-3858-d2f186fae58d1b5afd77fc5306fc26bf.yaml
+++ b/nuclei-templates/2022/CVE-2022-3858-d2f186fae58d1b5afd77fc5306fc26bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Floating Chat Widget - Chaty <= 3.0.2 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Chaty plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.0.2 due to insufficient escaping on the $chaty_leads parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chaty/"
     google-query: inurl:"/wp-content/plugins/chaty/"
     shodan-query: 'vuln:CVE-2022-3858'
-  tags: cve,wordpress,wp-plugin,chaty,high
+  tags: cve,wordpress,wp-plugin,chaty,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3860-240ee5ac158ce434b1247f54a6208c44.yaml b/nuclei-templates/2022/CVE-2022-3860-240ee5ac158ce434b1247f54a6208c44.yaml
index 51a0b0e521..775935d3a6 100644
--- a/nuclei-templates/2022/CVE-2022-3860-240ee5ac158ce434b1247f54a6208c44.yaml
+++ b/nuclei-templates/2022/CVE-2022-3860-240ee5ac158ce434b1247f54a6208c44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Email Designer for WooCommerce <= 1.7.1 - Authenticated (Author+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Visual Email Designer for WooCommerce plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-customizer-woocommerce/"
     google-query: inurl:"/wp-content/plugins/email-customizer-woocommerce/"
     shodan-query: 'vuln:CVE-2022-3860'
-  tags: cve,wordpress,wp-plugin,email-customizer-woocommerce,high
+  tags: cve,wordpress,wp-plugin,email-customizer-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3861-c3f3aac4022202f47e3ad7f05ff237dd.yaml b/nuclei-templates/2022/CVE-2022-3861-c3f3aac4022202f47e3ad7f05ff237dd.yaml
index 6d1df8b2f3..adf32a1e0f 100644
--- a/nuclei-templates/2022/CVE-2022-3861-c3f3aac4022202f47e3ad7f05ff237dd.yaml
+++ b/nuclei-templates/2022/CVE-2022-3861-c3f3aac4022202f47e3ad7f05ff237dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions.  This makes it possible for authenticated attackers, with subscriber level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/betheme/"
     google-query: inurl:"/wp-content/themes/betheme/"
     shodan-query: 'vuln:CVE-2022-3861'
-  tags: cve,wordpress,wp-theme,betheme,high
+  tags: cve,wordpress,wp-theme,betheme,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3862-435e5a4b20bcaf9d0c9ffb3797d6604e.yaml b/nuclei-templates/2022/CVE-2022-3862-435e5a4b20bcaf9d0c9ffb3797d6604e.yaml
index c7433f044a..a9469e18df 100644
--- a/nuclei-templates/2022/CVE-2022-3862-435e5a4b20bcaf9d0c9ffb3797d6604e.yaml
+++ b/nuclei-templates/2022/CVE-2022-3862-435e5a4b20bcaf9d0c9ffb3797d6604e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘lae_theme_color’, 'lae_theme_hover_color', and 'lae_custom_css' plugin options in versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2022-3862'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3865-9e9c8555eaf480676d3bf05dbd493869.yaml b/nuclei-templates/2022/CVE-2022-3865-9e9c8555eaf480676d3bf05dbd493869.yaml
index becc18a38c..19546347dc 100644
--- a/nuclei-templates/2022/CVE-2022-3865-9e9c8555eaf480676d3bf05dbd493869.yaml
+++ b/nuclei-templates/2022/CVE-2022-3865-9e9c8555eaf480676d3bf05dbd493869.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP User Merger plugin for WordPress is vulnerable to generic SQL Injection via 'user_id' parameter (in function 'wpum_admin_init') in versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-merger/"
     google-query: inurl:"/wp-content/plugins/wp-user-merger/"
     shodan-query: 'vuln:CVE-2022-3865'
-  tags: cve,wordpress,wp-plugin,wp-user-merger,high
+  tags: cve,wordpress,wp-plugin,wp-user-merger,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38703-2cfa41593b5c54dbbe7f94408a704c8b.yaml b/nuclei-templates/2022/CVE-2022-38703-2cfa41593b5c54dbbe7f94408a704c8b.yaml
index be9fc61564..39c700b268 100644
--- a/nuclei-templates/2022/CVE-2022-38703-2cfa41593b5c54dbbe7f94408a704c8b.yaml
+++ b/nuclei-templates/2022/CVE-2022-38703-2cfa41593b5c54dbbe7f94408a704c8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MaxButtons <= 9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maxbuttons/"
     google-query: inurl:"/wp-content/plugins/maxbuttons/"
     shodan-query: 'vuln:CVE-2022-38703'
-  tags: cve,wordpress,wp-plugin,maxbuttons,medium
+  tags: cve,wordpress,wp-plugin,maxbuttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38704-73f794bdb6d5d5ebc6d4220191ef5dda.yaml b/nuclei-templates/2022/CVE-2022-38704-73f794bdb6d5d5ebc6d4220191ef5dda.yaml
index 74df3d7180..4f445caf5e 100644
--- a/nuclei-templates/2022/CVE-2022-38704-73f794bdb6d5d5ebc6d4220191ef5dda.yaml
+++ b/nuclei-templates/2022/CVE-2022-38704-73f794bdb6d5d5ebc6d4220191ef5dda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Redirection Plugin – 301 Redirect Manager <= 8.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SEO Redirection Plugin – 301 Redirect Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.9. This is due to missing nonce validation in the ~/options/option_page_404.php and ~/options/option_page_history.php files. This makes it possible for unauthenticated attackers to delete 404 redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-redirection/"
     google-query: inurl:"/wp-content/plugins/seo-redirection/"
     shodan-query: 'vuln:CVE-2022-38704'
-  tags: cve,wordpress,wp-plugin,seo-redirection,high
+  tags: cve,wordpress,wp-plugin,seo-redirection,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3879-6b187667244750832b7e539032f73d81.yaml b/nuclei-templates/2022/CVE-2022-3879-6b187667244750832b7e539032f73d81.yaml
index a5743f08b4..8681187aa0 100644
--- a/nuclei-templates/2022/CVE-2022-3879-6b187667244750832b7e539032f73d81.yaml
+++ b/nuclei-templates/2022/CVE-2022-3879-6b187667244750832b7e539032f73d81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Car Dealer <= 3.04 - Missing Authorization to Arbitrary Plugin Installation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Car Dealer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the cardealer_install_plugin() function in versions up to, and including, 3.04. This makes it possible for authenticated attackers with minimal permission, such as a subscriber, to install arbitrary plugins on the vulnerable site. This could be used to install additional vulnerable plugins that could aid in further compromise of the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cardealer/"
     google-query: inurl:"/wp-content/plugins/cardealer/"
     shodan-query: 'vuln:CVE-2022-3879'
-  tags: cve,wordpress,wp-plugin,cardealer,medium
+  tags: cve,wordpress,wp-plugin,cardealer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3880-6e0c5ff8c6831d302f08813c9570b138.yaml b/nuclei-templates/2022/CVE-2022-3880-6e0c5ff8c6831d302f08813c9570b138.yaml
index d39229adbf..3aa0b15b6b 100644
--- a/nuclei-templates/2022/CVE-2022-3880-6e0c5ff8c6831d302f08813c9570b138.yaml
+++ b/nuclei-templates/2022/CVE-2022-3880-6e0c5ff8c6831d302f08813c9570b138.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Anti Hacker <= 4.19 - Missing Authorization to Arbitrary Plugin Install
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Anti Hacker plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the antihacker_install_plugin() function in versions up to, and including, 4.19. This makes it possible for authenticated attackers with minimal permission, such as a subscriber, to install arbitrary plugins on the vulnerable site. This could be used to install additional vulnerable plugins that could aid in further compromise of the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/antihacker/"
     google-query: inurl:"/wp-content/plugins/antihacker/"
     shodan-query: 'vuln:CVE-2022-3880'
-  tags: cve,wordpress,wp-plugin,antihacker,medium
+  tags: cve,wordpress,wp-plugin,antihacker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3881-509c39acb39a633805d6b569fc41a485.yaml b/nuclei-templates/2022/CVE-2022-3881-509c39acb39a633805d6b569fc41a485.yaml
index 61ef3855af..4048ce87a7 100644
--- a/nuclei-templates/2022/CVE-2022-3881-509c39acb39a633805d6b569fc41a485.yaml
+++ b/nuclei-templates/2022/CVE-2022-3881-509c39acb39a633805d6b569fc41a485.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Tools <= 3.42 - Missing Authorization to Select Plugin Installation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Tools plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wptools_install_plugin() function in versions up to, and including, 3.42. This makes it possible for authenticated attackers with minimal permission, such as a subscriber, to install other plugins owned by the developer on the vulnerable site. This could be used to install additional vulnerable plugins that could aid in further compromise of the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wptools/"
     google-query: inurl:"/wp-content/plugins/wptools/"
     shodan-query: 'vuln:CVE-2022-3881'
-  tags: cve,wordpress,wp-plugin,wptools,medium
+  tags: cve,wordpress,wp-plugin,wptools,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3882-da896910a5cacf8279e4d7de14e16a7d.yaml b/nuclei-templates/2022/CVE-2022-3882-da896910a5cacf8279e4d7de14e16a7d.yaml
index adf4bf77ec..62b606b912 100644
--- a/nuclei-templates/2022/CVE-2022-3882-da896910a5cacf8279e4d7de14e16a7d.yaml
+++ b/nuclei-templates/2022/CVE-2022-3882-da896910a5cacf8279e4d7de14e16a7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Memory Usage <= 2.45 - Missing Authorization to Arbitrary Plugin Installation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Memory Usage plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpmemory_install_plugin() function in versions up to, and including, 2.45. This makes it possible for authenticated attackers with minimal permission, such as a subscriber, to install arbitrary plugins on the vulnerable site. This could be used to install additional vulnerable plugins that could aid in further compromise of the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-memory/"
     google-query: inurl:"/wp-content/plugins/wp-memory/"
     shodan-query: 'vuln:CVE-2022-3882'
-  tags: cve,wordpress,wp-plugin,wp-memory,medium
+  tags: cve,wordpress,wp-plugin,wp-memory,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3883-24b1f52e6cf57fe2a2edbecda487edee.yaml b/nuclei-templates/2022/CVE-2022-3883-24b1f52e6cf57fe2a2edbecda487edee.yaml
index e264dcfe8e..364ff87e56 100644
--- a/nuclei-templates/2022/CVE-2022-3883-24b1f52e6cf57fe2a2edbecda487edee.yaml
+++ b/nuclei-templates/2022/CVE-2022-3883-24b1f52e6cf57fe2a2edbecda487edee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     StopBadBots <= 7.23 - Missing Authorization to Arbitrary Plugin Installation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The StopBadBots plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the stopbadbots_install_plugin() function in versions up to, and including, 3.04. This makes it possible for authenticated attackers with minimal permission, such as a subscriber, to install arbitrary plugins on the vulnerable site. This could be used to install additional vulnerable plugins that could aid in further compromise of the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stopbadbots/"
     google-query: inurl:"/wp-content/plugins/stopbadbots/"
     shodan-query: 'vuln:CVE-2022-3883'
-  tags: cve,wordpress,wp-plugin,stopbadbots,medium
+  tags: cve,wordpress,wp-plugin,stopbadbots,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3891-4d29004b4f45680a61808cd7f630a100.yaml b/nuclei-templates/2022/CVE-2022-3891-4d29004b4f45680a61808cd7f630a100.yaml
index 033d865b95..a0e090a0bc 100644
--- a/nuclei-templates/2022/CVE-2022-3891-4d29004b4f45680a61808cd7f630a100.yaml
+++ b/nuclei-templates/2022/CVE-2022-3891-4d29004b4f45680a61808cd7f630a100.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP FullCalendar <= 1.4.1 - Missing Authorization to Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP FullCalendar plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to view arbitrary posts and pages regardless of password protection and whether they are private.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fullcalendar/"
     google-query: inurl:"/wp-content/plugins/wp-fullcalendar/"
     shodan-query: 'vuln:CVE-2022-3891'
-  tags: cve,wordpress,wp-plugin,wp-fullcalendar,medium
+  tags: cve,wordpress,wp-plugin,wp-fullcalendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3892-ef86ab7f523579cf61ae7ca65b0017ce.yaml b/nuclei-templates/2022/CVE-2022-3892-ef86ab7f523579cf61ae7ca65b0017ce.yaml
index 4ea7ced391..20d401a0ae 100644
--- a/nuclei-templates/2022/CVE-2022-3892-ef86ab7f523579cf61ae7ca65b0017ce.yaml
+++ b/nuclei-templates/2022/CVE-2022-3892-ef86ab7f523579cf61ae7ca65b0017ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP OAuth Server (OAuth Authentication) <= 4.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP OAuth Server plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the client ID parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oauth2-provider/"
     google-query: inurl:"/wp-content/plugins/oauth2-provider/"
     shodan-query: 'vuln:CVE-2022-3892'
-  tags: cve,wordpress,wp-plugin,oauth2-provider,medium
+  tags: cve,wordpress,wp-plugin,oauth2-provider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3897-9760015c4d350e201fad6b9179af7df3.yaml b/nuclei-templates/2022/CVE-2022-3897-9760015c4d350e201fad6b9179af7df3.yaml
index cc46b68bb7..09b4f7c7b5 100644
--- a/nuclei-templates/2022/CVE-2022-3897-9760015c4d350e201fad6b9179af7df3.yaml
+++ b/nuclei-templates/2022/CVE-2022-3897-9760015c4d350e201fad6b9179af7df3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Affiliate Platform <= 6.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-affiliate-platform/"
     google-query: inurl:"/wp-content/plugins/wp-affiliate-platform/"
     shodan-query: 'vuln:CVE-2022-3897'
-  tags: cve,wordpress,wp-plugin,wp-affiliate-platform,medium
+  tags: cve,wordpress,wp-plugin,wp-affiliate-platform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38971-c0fe1fee8a4f48d20fef6e8a451cadaa.yaml b/nuclei-templates/2022/CVE-2022-38971-c0fe1fee8a4f48d20fef6e8a451cadaa.yaml
index 9323b46587..2b8d338684 100644
--- a/nuclei-templates/2022/CVE-2022-38971-c0fe1fee8a4f48d20fef6e8a451cadaa.yaml
+++ b/nuclei-templates/2022/CVE-2022-38971-c0fe1fee8a4f48d20fef6e8a451cadaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyForms <= 2.7.2 - Authenticated (Contributor+) Stored Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BuddyForms  plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyforms/"
     google-query: inurl:"/wp-content/plugins/buddyforms/"
     shodan-query: 'vuln:CVE-2022-38971'
-  tags: cve,wordpress,wp-plugin,buddyforms,medium
+  tags: cve,wordpress,wp-plugin,buddyforms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-38974-46fa110da1e59fdc31ecff31d6e6ec62.yaml b/nuclei-templates/2022/CVE-2022-38974-46fa110da1e59fdc31ecff31d6e6ec62.yaml
index 6fb027efbb..931a2d65e1 100644
--- a/nuclei-templates/2022/CVE-2022-38974-46fa110da1e59fdc31ecff31d6e6ec62.yaml
+++ b/nuclei-templates/2022/CVE-2022-38974-46fa110da1e59fdc31ecff31d6e6ec62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPML <= 4.5.10 - Missing Authorization to Translation Job Status Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPML plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 4.5.10. This is due to improper access controls on authentication for user controls. This makes it possible for subscriber-level attackers to perform status changes of translation jobs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitepress-multilingual-cms/"
     google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/"
     shodan-query: 'vuln:CVE-2022-38974'
-  tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,medium
+  tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3898-9d26ce45ae3e2b9cd30cf1aaa62ddd92.yaml b/nuclei-templates/2022/CVE-2022-3898-9d26ce45ae3e2b9cd30cf1aaa62ddd92.yaml
index 580f593f3a..f36394071b 100644
--- a/nuclei-templates/2022/CVE-2022-3898-9d26ce45ae3e2b9cd30cf1aaa62ddd92.yaml
+++ b/nuclei-templates/2022/CVE-2022-3898-9d26ce45ae3e2b9cd30cf1aaa62ddd92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-affiliate-platform/"
     google-query: inurl:"/wp-content/plugins/wp-affiliate-platform/"
     shodan-query: 'vuln:CVE-2022-3898'
-  tags: cve,wordpress,wp-plugin,wp-affiliate-platform,high
+  tags: cve,wordpress,wp-plugin,wp-affiliate-platform,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3899-f6f5e5b83dd05b47087018ab93dc70c8.yaml b/nuclei-templates/2022/CVE-2022-3899-f6f5e5b83dd05b47087018ab93dc70c8.yaml
index b89393d9a4..146928b663 100644
--- a/nuclei-templates/2022/CVE-2022-3899-f6f5e5b83dd05b47087018ab93dc70c8.yaml
+++ b/nuclei-templates/2022/CVE-2022-3899-f6f5e5b83dd05b47087018ab93dc70c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3DPrint <= 3.5.4.7 - Cross-Site Request Forgery to Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The 3DPrint plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.4.7. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to delete arbitrary files and directories, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3dprint/"
     google-query: inurl:"/wp-content/plugins/3dprint/"
     shodan-query: 'vuln:CVE-2022-3899'
-  tags: cve,wordpress,wp-plugin,3dprint,high
+  tags: cve,wordpress,wp-plugin,3dprint,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3904-89e45ac29496786a2f26bbad510d04b9.yaml b/nuclei-templates/2022/CVE-2022-3904-89e45ac29496786a2f26bbad510d04b9.yaml
index bf4b00e753..4aa5a441f5 100644
--- a/nuclei-templates/2022/CVE-2022-3904-89e45ac29496786a2f26bbad510d04b9.yaml
+++ b/nuclei-templates/2022/CVE-2022-3904-89e45ac29496786a2f26bbad510d04b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MonsterInsights <= 8.9.0 - Unauthenticated Stored Cross-Site Scripting via Google Analytics
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MonsterInsights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles and pages in versions up to, and including, 8.9.0 due to insufficient input sanitization and output escaping on those values. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page if they are able to successfully spoof a request to Google Analytics.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/"
     shodan-query: 'vuln:CVE-2022-3904'
-  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3906-9f2fa558a3b450f42672af408bb3b106.yaml b/nuclei-templates/2022/CVE-2022-3906-9f2fa558a3b450f42672af408bb3b106.yaml
index d8bff25a97..5e06dc17dc 100644
--- a/nuclei-templates/2022/CVE-2022-3906-9f2fa558a3b450f42672af408bb3b106.yaml
+++ b/nuclei-templates/2022/CVE-2022-3906-9f2fa558a3b450f42672af408bb3b106.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Form Builder <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-form-builder/"
     google-query: inurl:"/wp-content/plugins/easy-form-builder/"
     shodan-query: 'vuln:CVE-2022-3906'
-  tags: cve,wordpress,wp-plugin,easy-form-builder,medium
+  tags: cve,wordpress,wp-plugin,easy-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3907-c0684cce94d057969c2bd8df09557f34.yaml b/nuclei-templates/2022/CVE-2022-3907-c0684cce94d057969c2bd8df09557f34.yaml
index 5fdf6bbd20..6381e8f4a8 100644
--- a/nuclei-templates/2022/CVE-2022-3907-c0684cce94d057969c2bd8df09557f34.yaml
+++ b/nuclei-templates/2022/CVE-2022-3907-c0684cce94d057969c2bd8df09557f34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clerk <= 3.8.2 -  Authorization Bypass via Insufficient Validation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Clerk plugin for WordPress is vulnerable to Authorization Bypass via Insufficient Validation in versions up to, and including, 3.8.2. This is due to the validation function for all API requests using comparison operators to verify API keys against those stored in the site options.  This leaves the API request validation vulnerable to time-based attacks. This makes it possible for unauthenticated attackers to potentially bypass API validation or to discover API keys.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clerkio/"
     google-query: inurl:"/wp-content/plugins/clerkio/"
     shodan-query: 'vuln:CVE-2022-3907'
-  tags: cve,wordpress,wp-plugin,clerkio,medium
+  tags: cve,wordpress,wp-plugin,clerkio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3909-5f015fc98ebe61708b30f8e106c0dca9.yaml b/nuclei-templates/2022/CVE-2022-3909-5f015fc98ebe61708b30f8e106c0dca9.yaml
index 47edc1669e..3289f760b0 100644
--- a/nuclei-templates/2022/CVE-2022-3909-5f015fc98ebe61708b30f8e106c0dca9.yaml
+++ b/nuclei-templates/2022/CVE-2022-3909-5f015fc98ebe61708b30f8e106c0dca9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Comments <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various plugin settings parameters in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-comments/"
     google-query: inurl:"/wp-content/plugins/add-comments/"
     shodan-query: 'vuln:CVE-2022-3909'
-  tags: cve,wordpress,wp-plugin,add-comments,medium
+  tags: cve,wordpress,wp-plugin,add-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3911-e4dfba623e207111ac2894d0b05e0171.yaml b/nuclei-templates/2022/CVE-2022-3911-e4dfba623e207111ac2894d0b05e0171.yaml
index 25d9be90b3..ee3880e7cb 100644
--- a/nuclei-templates/2022/CVE-2022-3911-e4dfba623e207111ac2894d0b05e0171.yaml
+++ b/nuclei-templates/2022/CVE-2022-3911-e4dfba623e207111ac2894d0b05e0171.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iubenda <= 3.3.2 - Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ubenda plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 3.3.2. This is due to missing verification in the 'process_actions' and 'ajax_save_options' functions (among numerous others). This makes it possible for subscriber-level attackers to perform ajax actions (such as updating plugin options) that are normally only available to higher-level authenticated users.  This can include granting new privileges to ones own account.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iubenda-cookie-law-solution/"
     google-query: inurl:"/wp-content/plugins/iubenda-cookie-law-solution/"
     shodan-query: 'vuln:CVE-2022-3911'
-  tags: cve,wordpress,wp-plugin,iubenda-cookie-law-solution,high
+  tags: cve,wordpress,wp-plugin,iubenda-cookie-law-solution,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3912-f2f2b27ba49b35955a269b199809763e.yaml b/nuclei-templates/2022/CVE-2022-3912-f2f2b27ba49b35955a269b199809763e.yaml
index 453d343a85..1ec0ce5a5a 100644
--- a/nuclei-templates/2022/CVE-2022-3912-f2f2b27ba49b35955a269b199809763e.yaml
+++ b/nuclei-templates/2022/CVE-2022-3912-f2f2b27ba49b35955a269b199809763e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration <= 2.2.4  - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the profile_pic_upload function in versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber access or higher, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-registration/"
     google-query: inurl:"/wp-content/plugins/user-registration/"
     shodan-query: 'vuln:CVE-2022-3912'
-  tags: cve,wordpress,wp-plugin,user-registration,high
+  tags: cve,wordpress,wp-plugin,user-registration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3919-38ff57a3a79c762236aaaeaffc92c374.yaml b/nuclei-templates/2022/CVE-2022-3919-38ff57a3a79c762236aaaeaffc92c374.yaml
index 664b79e78b..fe1de77644 100644
--- a/nuclei-templates/2022/CVE-2022-3919-38ff57a3a79c762236aaaeaffc92c374.yaml
+++ b/nuclei-templates/2022/CVE-2022-3919-38ff57a3a79c762236aaaeaffc92c374.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack CRM <= 5.4.2 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jetpack CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings in versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zero-bs-crm/"
     google-query: inurl:"/wp-content/plugins/zero-bs-crm/"
     shodan-query: 'vuln:CVE-2022-3919'
-  tags: cve,wordpress,wp-plugin,zero-bs-crm,medium
+  tags: cve,wordpress,wp-plugin,zero-bs-crm,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3922-bada82132f6cbfd33d5760be8742a9cb.yaml b/nuclei-templates/2022/CVE-2022-3922-bada82132f6cbfd33d5760be8742a9cb.yaml
index 802d31e872..021ffd625a 100644
--- a/nuclei-templates/2022/CVE-2022-3922-bada82132f6cbfd33d5760be8742a9cb.yaml
+++ b/nuclei-templates/2022/CVE-2022-3922-bada82132f6cbfd33d5760be8742a9cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broken Link Checker <= 1.11.19 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Broken Link Checker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘youtube_api_key’ parameter in versions up to, and including, 1.11.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/broken-link-checker/"
     google-query: inurl:"/wp-content/plugins/broken-link-checker/"
     shodan-query: 'vuln:CVE-2022-3922'
-  tags: cve,wordpress,wp-plugin,broken-link-checker,medium
+  tags: cve,wordpress,wp-plugin,broken-link-checker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3923-e8ed3a408ffed7b696f1556afff0400c.yaml b/nuclei-templates/2022/CVE-2022-3923-e8ed3a408ffed7b696f1556afff0400c.yaml
index b7a950489b..397690e6d8 100644
--- a/nuclei-templates/2022/CVE-2022-3923-e8ed3a408ffed7b696f1556afff0400c.yaml
+++ b/nuclei-templates/2022/CVE-2022-3923-e8ed3a408ffed7b696f1556afff0400c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ActiveCampaign for WooCommerce <= 1.9.6 - Missing Authorization to Error Log Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ActiveCampaign plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_wc_error_log function in versions up to, and including, 1.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function via AJAX call resulting in log file deletion.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activecampaign-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/activecampaign-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-3923'
-  tags: cve,wordpress,wp-plugin,activecampaign-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,activecampaign-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3925-0b4ca30f3ad4ec80ff7de93b32a4ae21.yaml b/nuclei-templates/2022/CVE-2022-3925-0b4ca30f3ad4ec80ff7de93b32a4ae21.yaml
index 7bc8136d52..5aeb4fbbfc 100644
--- a/nuclei-templates/2022/CVE-2022-3925-0b4ca30f3ad4ec80ff7de93b32a4ae21.yaml
+++ b/nuclei-templates/2022/CVE-2022-3925-0b4ca30f3ad4ec80ff7de93b32a4ae21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Buddybadges <= 1.0.0 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Buddybadges  plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddybadges/"
     google-query: inurl:"/wp-content/plugins/buddybadges/"
     shodan-query: 'vuln:CVE-2022-3925'
-  tags: cve,wordpress,wp-plugin,buddybadges,high
+  tags: cve,wordpress,wp-plugin,buddybadges,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3926-cbceddd57d7051d45761e4fa44eca556.yaml b/nuclei-templates/2022/CVE-2022-3926-cbceddd57d7051d45761e4fa44eca556.yaml
index e96a91b548..27ef668acf 100644
--- a/nuclei-templates/2022/CVE-2022-3926-cbceddd57d7051d45761e4fa44eca556.yaml
+++ b/nuclei-templates/2022/CVE-2022-3926-cbceddd57d7051d45761e4fa44eca556.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP OAuth Server (OAuth Authentication) <= 4.2.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP OAuth Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.5. This is due to missing nonce validation on one the wo_regenerate_secret() function. This makes it possible for unauthenticated attackers to regenerate client secrets, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oauth2-provider/"
     google-query: inurl:"/wp-content/plugins/oauth2-provider/"
     shodan-query: 'vuln:CVE-2022-3926'
-  tags: cve,wordpress,wp-plugin,oauth2-provider,high
+  tags: cve,wordpress,wp-plugin,oauth2-provider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3930-3ca2c37cf2bcc2a6f7bd7d384d01930f.yaml b/nuclei-templates/2022/CVE-2022-3930-3ca2c37cf2bcc2a6f7bd7d384d01930f.yaml
index adee406a9a..29488413a7 100644
--- a/nuclei-templates/2022/CVE-2022-3930-3ca2c37cf2bcc2a6f7bd7d384d01930f.yaml
+++ b/nuclei-templates/2022/CVE-2022-3930-3ca2c37cf2bcc2a6f7bd7d384d01930f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Directorist <= 7.4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Directorist plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 7.4.2.1. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for subscriber-level attackers to change user passwords and potentially take over administrator accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:CVE-2022-3930'
-  tags: cve,wordpress,wp-plugin,directorist,high
+  tags: cve,wordpress,wp-plugin,directorist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3935-038cd4d7f3a85c2e02153b9f3d732338.yaml b/nuclei-templates/2022/CVE-2022-3935-038cd4d7f3a85c2e02153b9f3d732338.yaml
index f3e2ae4750..c88ffddb06 100644
--- a/nuclei-templates/2022/CVE-2022-3935-038cd4d7f3a85c2e02153b9f3d732338.yaml
+++ b/nuclei-templates/2022/CVE-2022-3935-038cd4d7f3a85c2e02153b9f3d732338.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.8.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2022-3935'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3936-3251ec6afe785e3bef31ff4841e744c5.yaml b/nuclei-templates/2022/CVE-2022-3936-3251ec6afe785e3bef31ff4841e744c5.yaml
index 1dc0ff522e..7b11d9c5ed 100644
--- a/nuclei-templates/2022/CVE-2022-3936-3251ec6afe785e3bef31ff4841e744c5.yaml
+++ b/nuclei-templates/2022/CVE-2022-3936-3251ec6afe785e3bef31ff4841e744c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Team Members <= 5.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 5.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/team-members/"
     google-query: inurl:"/wp-content/plugins/team-members/"
     shodan-query: 'vuln:CVE-2022-3936'
-  tags: cve,wordpress,wp-plugin,team-members,medium
+  tags: cve,wordpress,wp-plugin,team-members,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3937-cdfd3455a6f46d912895a672ab21e1b5.yaml b/nuclei-templates/2022/CVE-2022-3937-cdfd3455a6f46d912895a672ab21e1b5.yaml
index ee7ed91af1..7ff0191413 100644
--- a/nuclei-templates/2022/CVE-2022-3937-cdfd3455a6f46d912895a672ab21e1b5.yaml
+++ b/nuclei-templates/2022/CVE-2022-3937-cdfd3455a6f46d912895a672ab21e1b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Video Player <= 1.2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes ('url', 'class', 'width', 'poster', and 'video_id') within the 'evp_embed_video_handler' function in versions up to, and including, 1.2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-video-player/"
     google-query: inurl:"/wp-content/plugins/easy-video-player/"
     shodan-query: 'vuln:CVE-2022-3937'
-  tags: cve,wordpress,wp-plugin,easy-video-player,medium
+  tags: cve,wordpress,wp-plugin,easy-video-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3946-cfe5fa3015f2fc55d2b05163019ba81a.yaml b/nuclei-templates/2022/CVE-2022-3946-cfe5fa3015f2fc55d2b05163019ba81a.yaml
index b30ba85a2e..c06aa7baad 100644
--- a/nuclei-templates/2022/CVE-2022-3946-cfe5fa3015f2fc55d2b05163019ba81a.yaml
+++ b/nuclei-templates/2022/CVE-2022-3946-cfe5fa3015f2fc55d2b05163019ba81a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.8.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on a function related to an AJAX action in versions up to, and including, 2.8.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function resulting in the update/deletion of default shipping methods.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2022-3946'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
+  tags: cve,wordpress,wp-plugin,usc-e-shop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3961-6547c1d240217acd0e74acb8773a56d3.yaml b/nuclei-templates/2022/CVE-2022-3961-6547c1d240217acd0e74acb8773a56d3.yaml
index 148756cecb..3cc5630803 100644
--- a/nuclei-templates/2022/CVE-2022-3961-6547c1d240217acd0e74acb8773a56d3.yaml
+++ b/nuclei-templates/2022/CVE-2022-3961-6547c1d240217acd0e74acb8773a56d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Directorist <= 7.4.3 - Authenticated (Subscriber+) Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Directorist for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 7.4.3. This can allow authenticated attackers, with subscriber-level permissions or higher, to extract sensitive system data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:CVE-2022-3961'
-  tags: cve,wordpress,wp-plugin,directorist,medium
+  tags: cve,wordpress,wp-plugin,directorist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3981-64ebdeacfb7857f81240b567b724e6b3.yaml b/nuclei-templates/2022/CVE-2022-3981-64ebdeacfb7857f81240b567b724e6b3.yaml
index 4e1919090d..e00f2952fd 100644
--- a/nuclei-templates/2022/CVE-2022-3981-64ebdeacfb7857f81240b567b724e6b3.yaml
+++ b/nuclei-templates/2022/CVE-2022-3981-64ebdeacfb7857f81240b567b724e6b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram Express <= 5.4.19 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Icegram Express plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.4.19  due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2022-3981'
-  tags: cve,wordpress,wp-plugin,email-subscribers,high
+  tags: cve,wordpress,wp-plugin,email-subscribers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3983-8648ead24f8ede303ab8621f146c3147.yaml b/nuclei-templates/2022/CVE-2022-3983-8648ead24f8ede303ab8621f146c3147.yaml
index b3ad4ab6f7..70913de36e 100644
--- a/nuclei-templates/2022/CVE-2022-3983-8648ead24f8ede303ab8621f146c3147.yaml
+++ b/nuclei-templates/2022/CVE-2022-3983-8648ead24f8ede303ab8621f146c3147.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Checkout for PayPal <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes ('item_description' and 'amount') within the ‘checkout_for_paypal_button_handler’ function in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/checkout-for-paypal/"
     google-query: inurl:"/wp-content/plugins/checkout-for-paypal/"
     shodan-query: 'vuln:CVE-2022-3983'
-  tags: cve,wordpress,wp-plugin,checkout-for-paypal,medium
+  tags: cve,wordpress,wp-plugin,checkout-for-paypal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3984-91cbfc58418f178a67da5f57d5fe8aa8.yaml b/nuclei-templates/2022/CVE-2022-3984-91cbfc58418f178a67da5f57d5fe8aa8.yaml
index c034f1b699..6a77594e6b 100644
--- a/nuclei-templates/2022/CVE-2022-3984-91cbfc58418f178a67da5f57d5fe8aa8.yaml
+++ b/nuclei-templates/2022/CVE-2022-3984-91cbfc58418f178a67da5f57d5fe8aa8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flowerplayer Video Player <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Flowerplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘flowplayer6_video_shortcode’ function in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flowplayer6-video-player/"
     google-query: inurl:"/wp-content/plugins/flowplayer6-video-player/"
     shodan-query: 'vuln:CVE-2022-3984'
-  tags: cve,wordpress,wp-plugin,flowplayer6-video-player,medium
+  tags: cve,wordpress,wp-plugin,flowplayer6-video-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3985-affad12bbe06868aff921eeaa6373196.yaml b/nuclei-templates/2022/CVE-2022-3985-affad12bbe06868aff921eeaa6373196.yaml
index 2b4b425ba2..57eb9e3b18 100644
--- a/nuclei-templates/2022/CVE-2022-3985-affad12bbe06868aff921eeaa6373196.yaml
+++ b/nuclei-templates/2022/CVE-2022-3985-affad12bbe06868aff921eeaa6373196.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Videojs HTML5 Player <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes (such as 'url', 'ogv', 'poster', 'webm') handled by the ‘videojs_html5_video_embed_handler’ function in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/videojs-html5-player/"
     google-query: inurl:"/wp-content/plugins/videojs-html5-player/"
     shodan-query: 'vuln:CVE-2022-3985'
-  tags: cve,wordpress,wp-plugin,videojs-html5-player,medium
+  tags: cve,wordpress,wp-plugin,videojs-html5-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3986-8a4ffb5cbc3cc45c48f96fc0d6e8fdac.yaml b/nuclei-templates/2022/CVE-2022-3986-8a4ffb5cbc3cc45c48f96fc0d6e8fdac.yaml
index 3b6bbc1e58..4ae4930f9a 100644
--- a/nuclei-templates/2022/CVE-2022-3986-8a4ffb5cbc3cc45c48f96fc0d6e8fdac.yaml
+++ b/nuclei-templates/2022/CVE-2022-3986-8a4ffb5cbc3cc45c48f96fc0d6e8fdac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Stripe Checkout <= 1.2.2.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shortcodes in the wp_stripe_checkout.  This results in a vulnerability in the ‘wp_stripe_checkout_legacy_checkout_button_handler’ function in versions up to, and including, 1.2.2.20 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-stripe-checkout/"
     google-query: inurl:"/wp-content/plugins/wp-stripe-checkout/"
     shodan-query: 'vuln:CVE-2022-3986'
-  tags: cve,wordpress,wp-plugin,wp-stripe-checkout,medium
+  tags: cve,wordpress,wp-plugin,wp-stripe-checkout,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3987-85a882f3a47555e7fcebe3d512a6eae9.yaml b/nuclei-templates/2022/CVE-2022-3987-85a882f3a47555e7fcebe3d512a6eae9.yaml
index 61c0e97bfc..d9bd40633a 100644
--- a/nuclei-templates/2022/CVE-2022-3987-85a882f3a47555e7fcebe3d512a6eae9.yaml
+++ b/nuclei-templates/2022/CVE-2022-3987-85a882f3a47555e7fcebe3d512a6eae9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Lightbox2 <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Lightbox2 plugin for WordPress is vulnerable to Authenticated (Contributor+) Stored Cross-Site Scripting via the plugin's shortcode parameters (title, url, hyperlink) in the shortcode_handler function in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-lightbox2/"
     google-query: inurl:"/wp-content/plugins/responsive-lightbox2/"
     shodan-query: 'vuln:CVE-2022-3987'
-  tags: cve,wordpress,wp-plugin,responsive-lightbox2,medium
+  tags: cve,wordpress,wp-plugin,responsive-lightbox2,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3991-7457dd966d0c4c8ae20cdc84ea24da94.yaml b/nuclei-templates/2022/CVE-2022-3991-7457dd966d0c4c8ae20cdc84ea24da94.yaml
index a6a346f0c3..96324bf2d1 100644
--- a/nuclei-templates/2022/CVE-2022-3991-7457dd966d0c4c8ae20cdc84ea24da94.yaml
+++ b/nuclei-templates/2022/CVE-2022-3991-7457dd966d0c4c8ae20cdc84ea24da94.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photospace Gallery <= 2.3.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photospace/"
     google-query: inurl:"/wp-content/plugins/photospace/"
     shodan-query: 'vuln:CVE-2022-3991'
-  tags: cve,wordpress,wp-plugin,photospace,medium
+  tags: cve,wordpress,wp-plugin,photospace,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-3999-39e0cd9a1bb57b7c976fa340879a57c5.yaml b/nuclei-templates/2022/CVE-2022-3999-39e0cd9a1bb57b7c976fa340879a57c5.yaml
index 6689784740..dad3494224 100644
--- a/nuclei-templates/2022/CVE-2022-3999-39e0cd9a1bb57b7c976fa340879a57c5.yaml
+++ b/nuclei-templates/2022/CVE-2022-3999-39e0cd9a1bb57b7c976fa340879a57c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Shipping – DPD baltic <= 1.2.54 - Missing Authorization to Arbitrary Options Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Shipping – DPD baltic plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the delete_warehouse AJAX action in versions up to, and including, 1.2.54. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to delete arbitrary options and cause a denial of service.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-shipping-dpd-baltic/"
     google-query: inurl:"/wp-content/plugins/woo-shipping-dpd-baltic/"
     shodan-query: 'vuln:CVE-2022-3999'
-  tags: cve,wordpress,wp-plugin,woo-shipping-dpd-baltic,medium
+  tags: cve,wordpress,wp-plugin,woo-shipping-dpd-baltic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4000-bbc1707c7a5ee3103ec07e525a958c37.yaml b/nuclei-templates/2022/CVE-2022-4000-bbc1707c7a5ee3103ec07e525a958c37.yaml
index 05ffd8216f..04eec4bc5f 100644
--- a/nuclei-templates/2022/CVE-2022-4000-bbc1707c7a5ee3103ec07e525a958c37.yaml
+++ b/nuclei-templates/2022/CVE-2022-4000-bbc1707c7a5ee3103ec07e525a958c37.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Shipping – DPD baltic <= 1.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DPD Baltic Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shipping terminal parameters (ex: 'wc_shipping_(idnumber)_terminal') in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-shipping-dpd-baltic/"
     google-query: inurl:"/wp-content/plugins/woo-shipping-dpd-baltic/"
     shodan-query: 'vuln:CVE-2022-4000'
-  tags: cve,wordpress,wp-plugin,woo-shipping-dpd-baltic,medium
+  tags: cve,wordpress,wp-plugin,woo-shipping-dpd-baltic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4004-2930d925944c874731b469b90d98e5da.yaml b/nuclei-templates/2022/CVE-2022-4004-2930d925944c874731b469b90d98e5da.yaml
index f3c4852172..fa6187e108 100644
--- a/nuclei-templates/2022/CVE-2022-4004-2930d925944c874731b469b90d98e5da.yaml
+++ b/nuclei-templates/2022/CVE-2022-4004-2930d925944c874731b469b90d98e5da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donation Button <= 4.0.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Donation Button plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the donation_button_twilio_send_test_sms AJAX action in versions up to, and including, 4.0.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to use the plugin's Twilio integration to send SMS messages to arbitrary phone numbers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/donation-button/"
     google-query: inurl:"/wp-content/plugins/donation-button/"
     shodan-query: 'vuln:CVE-2022-4004'
-  tags: cve,wordpress,wp-plugin,donation-button,medium
+  tags: cve,wordpress,wp-plugin,donation-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4005-40014647f15550cd9dd8d5556a2d8ae1.yaml b/nuclei-templates/2022/CVE-2022-4005-40014647f15550cd9dd8d5556a2d8ae1.yaml
index ab1cd95e6c..1c86db041e 100644
--- a/nuclei-templates/2022/CVE-2022-4005-40014647f15550cd9dd8d5556a2d8ae1.yaml
+++ b/nuclei-templates/2022/CVE-2022-4005-40014647f15550cd9dd8d5556a2d8ae1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donation Button <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Donation Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/donation-button/"
     google-query: inurl:"/wp-content/plugins/donation-button/"
     shodan-query: 'vuln:CVE-2022-4005'
-  tags: cve,wordpress,wp-plugin,donation-button,medium
+  tags: cve,wordpress,wp-plugin,donation-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4010-f33065d14f70bf7433189e427d984bdc.yaml b/nuclei-templates/2022/CVE-2022-4010-f33065d14f70bf7433189e427d984bdc.yaml
index b943b32d37..fca1d933c2 100644
--- a/nuclei-templates/2022/CVE-2022-4010-f33065d14f70bf7433189e427d984bdc.yaml
+++ b/nuclei-templates/2022/CVE-2022-4010-f33065d14f70bf7433189e427d984bdc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects <= 5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Hover Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters on the settings page in versions up to, and including, 5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects/"
     shodan-query: 'vuln:CVE-2022-4010'
-  tags: cve,wordpress,wp-plugin,image-hover-effects,medium
+  tags: cve,wordpress,wp-plugin,image-hover-effects,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40128-585b04156d64682d18676fed41ed4dfa.yaml b/nuclei-templates/2022/CVE-2022-40128-585b04156d64682d18676fed41ed4dfa.yaml
index cbeccc8519..ac1c9dd788 100644
--- a/nuclei-templates/2022/CVE-2022-40128-585b04156d64682d18676fed41ed4dfa.yaml
+++ b/nuclei-templates/2022/CVE-2022-40128-585b04156d64682d18676fed41ed4dfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the export download functionality. This makes it possible for unauthenticated attackers to execute this code on behalf of an administrator, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-order-export-lite/"
     google-query: inurl:"/wp-content/plugins/woo-order-export-lite/"
     shodan-query: 'vuln:CVE-2022-40128'
-  tags: cve,wordpress,wp-plugin,woo-order-export-lite,high
+  tags: cve,wordpress,wp-plugin,woo-order-export-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40131-67889b4ef1ae0d338be85daad64d3e7e.yaml b/nuclei-templates/2022/CVE-2022-40131-67889b4ef1ae0d338be85daad64d3e7e.yaml
index 01b0a7a675..bd4c88496b 100644
--- a/nuclei-templates/2022/CVE-2022-40131-67889b4ef1ae0d338be85daad64d3e7e.yaml
+++ b/nuclei-templates/2022/CVE-2022-40131-67889b4ef1ae0d338be85daad64d3e7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page View Count <= 2.5.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Page View Count plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the reset_settings function. This makes it possible for unauthenticated attackers to reset the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-views-count/"
     google-query: inurl:"/wp-content/plugins/page-views-count/"
     shodan-query: 'vuln:CVE-2022-40131'
-  tags: cve,wordpress,wp-plugin,page-views-count,high
+  tags: cve,wordpress,wp-plugin,page-views-count,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40132-bd3f97a6db76b6dcae059be482b558f5.yaml b/nuclei-templates/2022/CVE-2022-40132-bd3f97a6db76b6dcae059be482b558f5.yaml
index c2ed136526..e95fca45f2 100644
--- a/nuclei-templates/2022/CVE-2022-40132-bd3f97a6db76b6dcae059be482b558f5.yaml
+++ b/nuclei-templates/2022/CVE-2022-40132-bd3f97a6db76b6dcae059be482b558f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seriously Simple Podcasting <= 2.16.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Seriously Simple Podcasting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.16.0. This is due to missing or incorrect nonce validation on the save_step function as well as other functions related to onboarding. This makes it possible for unauthenticated attackers to invoke those functions and change plugin settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seriously-simple-podcasting/"
     google-query: inurl:"/wp-content/plugins/seriously-simple-podcasting/"
     shodan-query: 'vuln:CVE-2022-40132'
-  tags: cve,wordpress,wp-plugin,seriously-simple-podcasting,high
+  tags: cve,wordpress,wp-plugin,seriously-simple-podcasting,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4016-2594adb9a7b091439405e835629ab066.yaml b/nuclei-templates/2022/CVE-2022-4016-2594adb9a7b091439405e835629ab066.yaml
index d2d67d70b0..6f222314ef 100644
--- a/nuclei-templates/2022/CVE-2022-4016-2594adb9a7b091439405e835629ab066.yaml
+++ b/nuclei-templates/2022/CVE-2022-4016-2594adb9a7b091439405e835629ab066.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.4
     cve-id: CVE-2022-4016
   metadata:
-    fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/"
-    google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/"
+    fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/"
+    google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-4016'
-  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "booster-plus-for-woocommerce"
+          - "booster-elite-for-woocommerce"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 5.6.5')
\ No newline at end of file
+          - compare_versions(version, '<= 1.1.7')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-4017-58678de90c143fa9b35140b23ca7ba6c.yaml b/nuclei-templates/2022/CVE-2022-4017-58678de90c143fa9b35140b23ca7ba6c.yaml
index d8e4f905d8..0db855951a 100644
--- a/nuclei-templates/2022/CVE-2022-4017-58678de90c143fa9b35140b23ca7ba6c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4017-58678de90c143fa9b35140b23ca7ba6c.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.4
     cve-id: CVE-2022-4017
   metadata:
-    fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/"
-    google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/"
+    fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/"
+    google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-4017'
-  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "booster-plus-for-woocommerce"
+          - "booster-elite-for-woocommerce"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-40191-ddabc756c7ddb5aa3f2db005373f60ba.yaml b/nuclei-templates/2022/CVE-2022-40191-ddabc756c7ddb5aa3f2db005373f60ba.yaml
index 3c3478adfe..0c02aadb7f 100644
--- a/nuclei-templates/2022/CVE-2022-40191-ddabc756c7ddb5aa3f2db005373f60ba.yaml
+++ b/nuclei-templates/2022/CVE-2022-40191-ddabc756c7ddb5aa3f2db005373f60ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form By Mega Forms <= 1.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form By Mega Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mega-forms/"
     google-query: inurl:"/wp-content/plugins/mega-forms/"
     shodan-query: 'vuln:CVE-2022-40191'
-  tags: cve,wordpress,wp-plugin,mega-forms,medium
+  tags: cve,wordpress,wp-plugin,mega-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40192-7796a6543f11d887deb3ec9c31928648.yaml b/nuclei-templates/2022/CVE-2022-40192-7796a6543f11d887deb3ec9c31928648.yaml
index 7a2777de08..3732c4935c 100644
--- a/nuclei-templates/2022/CVE-2022-40192-7796a6543f11d887deb3ec9c31928648.yaml
+++ b/nuclei-templates/2022/CVE-2022-40192-7796a6543f11d887deb3ec9c31928648.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 2.0.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wpForo Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the profile_cover_delete function. This makes it possible for unauthenticated attackers to delete forum users, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2022-40192'
-  tags: cve,wordpress,wp-plugin,wpforo,high
+  tags: cve,wordpress,wp-plugin,wpforo,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40195-bc6751aa5110381a68bfe443bb0b5c6b.yaml b/nuclei-templates/2022/CVE-2022-40195-bc6751aa5110381a68bfe443bb0b5c6b.yaml
index f7e4e676f3..18b4cf8119 100644
--- a/nuclei-templates/2022/CVE-2022-40195-bc6751aa5110381a68bfe443bb0b5c6b.yaml
+++ b/nuclei-templates/2022/CVE-2022-40195-bc6751aa5110381a68bfe443bb0b5c6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PCA Predict <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PCA Predict plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockip’ parameter in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/address-email-and-phone-validation/"
     google-query: inurl:"/wp-content/plugins/address-email-and-phone-validation/"
     shodan-query: 'vuln:CVE-2022-40195'
-  tags: cve,wordpress,wp-plugin,address-email-and-phone-validation,medium
+  tags: cve,wordpress,wp-plugin,address-email-and-phone-validation,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40200-180565f2bb1ffb1d14acebaf2b798b98.yaml b/nuclei-templates/2022/CVE-2022-40200-180565f2bb1ffb1d14acebaf2b798b98.yaml
index ab42fb088a..7e1ed41f46 100644
--- a/nuclei-templates/2022/CVE-2022-40200-180565f2bb1ffb1d14acebaf2b798b98.yaml
+++ b/nuclei-templates/2022/CVE-2022-40200-180565f2bb1ffb1d14acebaf2b798b98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The wpForo Forum plugin for WordPress is vulnerable to arbitrary file uploads due to missing protections or file validations in versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with minimal permissions, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2022-40200'
-  tags: cve,wordpress,wp-plugin,wpforo,high
+  tags: cve,wordpress,wp-plugin,wpforo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40203-13af69fc3b4639d4eee1c5f8765f3113.yaml b/nuclei-templates/2022/CVE-2022-40203-13af69fc3b4639d4eee1c5f8765f3113.yaml
index 3a8556420e..ff4f26950e 100644
--- a/nuclei-templates/2022/CVE-2022-40203-13af69fc3b4639d4eee1c5f8765f3113.yaml
+++ b/nuclei-templates/2022/CVE-2022-40203-13af69fc3b4639d4eee1c5f8765f3113.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateProductOnlyToCommon function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the migrateProductOnlyToCommon function in versions up to, and including, 4.1.5. This makes it possible for authenticated attackers with subscriber-level access or higher to make changes to advanced pricing rules.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-40203'
-  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40203-9036eb8b1e0f76afba77e37799b01f92.yaml b/nuclei-templates/2022/CVE-2022-40203-9036eb8b1e0f76afba77e37799b01f92.yaml
index 6f2a5f735f..d8409e70ae 100644
--- a/nuclei-templates/2022/CVE-2022-40203-9036eb8b1e0f76afba77e37799b01f92.yaml
+++ b/nuclei-templates/2022/CVE-2022-40203-9036eb8b1e0f76afba77e37799b01f92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculateSeveralProducts function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxCalculateSeveralProducts  function in versions up to, and including, 4.1.5. This makes it possible for authenticated attackers with subscriber-level access or higher to obtain advance pricing info.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-40203'
-  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40203-bcf8e746293c2a8c7e07a4dcb5e63f07.yaml b/nuclei-templates/2022/CVE-2022-40203-bcf8e746293c2a8c7e07a4dcb5e63f07.yaml
index 19a9017bd3..0feeffa3d4 100644
--- a/nuclei-templates/2022/CVE-2022-40203-bcf8e746293c2a8c7e07a4dcb5e63f07.yaml
+++ b/nuclei-templates/2022/CVE-2022-40203-bcf8e746293c2a8c7e07a4dcb5e63f07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateCommonToProductOnly function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the migrateCommonToProductOnly function in versions up to, and including, 4.1.5. This makes it possible for authenticated attackers with subscriber-level access or higher to make changes to advanced pricing rules.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-40203'
-  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40203-fc8048569d06ebc90ac21a7212b76518.yaml b/nuclei-templates/2022/CVE-2022-40203-fc8048569d06ebc90ac21a7212b76518.yaml
index b09615ccd3..2eac513572 100644
--- a/nuclei-templates/2022/CVE-2022-40203-fc8048569d06ebc90ac21a7212b76518.yaml
+++ b/nuclei-templates/2022/CVE-2022-40203-fc8048569d06ebc90ac21a7212b76518.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculatePrice function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxCalculatePrice function in versions up to, and including, 4.1.5. This makes it possible for authenticated attackers with subscriber-level access or higher to obtain advance pricing info.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-40203'
-  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4021-ca60ddb788ce2ba7421ade305d793252.yaml b/nuclei-templates/2022/CVE-2022-4021-ca60ddb788ce2ba7421ade305d793252.yaml
index d25ad78eb3..df763cd66b 100644
--- a/nuclei-templates/2022/CVE-2022-4021-ca60ddb788ce2ba7421ade305d793252.yaml
+++ b/nuclei-templates/2022/CVE-2022-4021-ca60ddb788ce2ba7421ade305d793252.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/permalink-manager/"
     google-query: inurl:"/wp-content/plugins/permalink-manager/"
     shodan-query: 'vuln:CVE-2022-4021'
-  tags: cve,wordpress,wp-plugin,permalink-manager,high
+  tags: cve,wordpress,wp-plugin,permalink-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40211-6377ab76651d16deea08b67670c91822.yaml b/nuclei-templates/2022/CVE-2022-40211-6377ab76651d16deea08b67670c91822.yaml
index 275dd12905..de55ef4eec 100644
--- a/nuclei-templates/2022/CVE-2022-40211-6377ab76651d16deea08b67670c91822.yaml
+++ b/nuclei-templates/2022/CVE-2022-40211-6377ab76651d16deea08b67670c91822.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.25.1 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2022-40211'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40213-d8076a607a4a2cad3434e6393a4159d1.yaml b/nuclei-templates/2022/CVE-2022-40213-d8076a607a4a2cad3434e6393a4159d1.yaml
index 6c8ee00517..9b1f0edf6b 100644
--- a/nuclei-templates/2022/CVE-2022-40213-d8076a607a4a2cad3434e6393a4159d1.yaml
+++ b/nuclei-templates/2022/CVE-2022-40213-d8076a607a4a2cad3434e6393a4159d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Testimonial Slider <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GS Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-testimonial/"
     google-query: inurl:"/wp-content/plugins/gs-testimonial/"
     shodan-query: 'vuln:CVE-2022-40213'
-  tags: cve,wordpress,wp-plugin,gs-testimonial,medium
+  tags: cve,wordpress,wp-plugin,gs-testimonial,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40215-e4bedac25bcf1a2f58f7010119167cc3.yaml b/nuclei-templates/2022/CVE-2022-40215-e4bedac25bcf1a2f58f7010119167cc3.yaml
index a732578b0e..dc1e4f0f5f 100644
--- a/nuclei-templates/2022/CVE-2022-40215-e4bedac25bcf1a2f58f7010119167cc3.yaml
+++ b/nuclei-templates/2022/CVE-2022-40215-e4bedac25bcf1a2f58f7010119167cc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Tabs  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with high-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vc-tabs/"
     google-query: inurl:"/wp-content/plugins/vc-tabs/"
     shodan-query: 'vuln:CVE-2022-40215'
-  tags: cve,wordpress,wp-plugin,vc-tabs,high
+  tags: cve,wordpress,wp-plugin,vc-tabs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40216-cf8da83f0f83eb1a574fe335e5527411.yaml b/nuclei-templates/2022/CVE-2022-40216-cf8da83f0f83eb1a574fe335e5527411.yaml
index 0290ab067d..5cd7b38808 100644
--- a/nuclei-templates/2022/CVE-2022-40216-cf8da83f0f83eb1a574fe335e5527411.yaml
+++ b/nuclei-templates/2022/CVE-2022-40216-cf8da83f0f83eb1a574fe335e5527411.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Messages <= 1.9.10.68 - Authorization Bypass to Blocking Control Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Better Messages plugin for WordPress is vulnerable to Authorization Bypass resulting in a block bypass on messaging controls in versions up to, and including, 1.9.10.68. This is due to insufficient or broken controls in the plugin. This makes it possible for subscriber-level attackers to bypass messaging blocks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-better-messages/"
     google-query: inurl:"/wp-content/plugins/bp-better-messages/"
     shodan-query: 'vuln:CVE-2022-40216'
-  tags: cve,wordpress,wp-plugin,bp-better-messages,medium
+  tags: cve,wordpress,wp-plugin,bp-better-messages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40217-a281a6daee68ba362dc7d77d71441ffb.yaml b/nuclei-templates/2022/CVE-2022-40217-a281a6daee68ba362dc7d77d71441ffb.yaml
index ad9db8f667..6f4e04d573 100644
--- a/nuclei-templates/2022/CVE-2022-40217-a281a6daee68ba362dc7d77d71441ffb.yaml
+++ b/nuclei-templates/2022/CVE-2022-40217-a281a6daee68ba362dc7d77d71441ffb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WPide plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 2.6. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpide/"
     google-query: inurl:"/wp-content/plugins/wpide/"
     shodan-query: 'vuln:CVE-2022-40217'
-  tags: cve,wordpress,wp-plugin,wpide,high
+  tags: cve,wordpress,wp-plugin,wpide,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40218-299542a4c8b3958179820e8901ce5f1d.yaml b/nuclei-templates/2022/CVE-2022-40218-299542a4c8b3958179820e8901ce5f1d.yaml
index f62485e360..98d18b6430 100644
--- a/nuclei-templates/2022/CVE-2022-40218-299542a4c8b3958179820e8901ce5f1d.yaml
+++ b/nuclei-templates/2022/CVE-2022-40218-299542a4c8b3958179820e8901ce5f1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TH Advance Product Search plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the thaps_form_setting function accessible via a nopriv AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/th-advance-product-search/"
     google-query: inurl:"/wp-content/plugins/th-advance-product-search/"
     shodan-query: 'vuln:CVE-2022-40218'
-  tags: cve,wordpress,wp-plugin,th-advance-product-search,medium
+  tags: cve,wordpress,wp-plugin,th-advance-product-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40219-0f224f68bb34d36af769db2549696ba9.yaml b/nuclei-templates/2022/CVE-2022-40219-0f224f68bb34d36af769db2549696ba9.yaml
index bb5ddd2e7d..2f2bdc7b71 100644
--- a/nuclei-templates/2022/CVE-2022-40219-0f224f68bb34d36af769db2549696ba9.yaml
+++ b/nuclei-templates/2022/CVE-2022-40219-0f224f68bb34d36af769db2549696ba9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FavIcon Switcher <= 1.2.11 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The FavIcon Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.11. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/favicon-switcher/"
     google-query: inurl:"/wp-content/plugins/favicon-switcher/"
     shodan-query: 'vuln:CVE-2022-40219'
-  tags: cve,wordpress,wp-plugin,favicon-switcher,high
+  tags: cve,wordpress,wp-plugin,favicon-switcher,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4022-ffa9b508bdc94d69f110d4734885da09.yaml b/nuclei-templates/2022/CVE-2022-4022-ffa9b508bdc94d69f110d4734885da09.yaml
index 446b33f9c5..d0cb3cc23e 100644
--- a/nuclei-templates/2022/CVE-2022-4022-ffa9b508bdc94d69f110d4734885da09.yaml
+++ b/nuclei-templates/2022/CVE-2022-4022-ffa9b508bdc94d69f110d4734885da09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SVG Support 2.5 - 2.5.1 - Insecure Plugin Defaults to Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/svg-support/"
     google-query: inurl:"/wp-content/plugins/svg-support/"
     shodan-query: 'vuln:CVE-2022-4022'
-  tags: cve,wordpress,wp-plugin,svg-support,medium
+  tags: cve,wordpress,wp-plugin,svg-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40223-347f040de616333a1a9814dd7bc708c0.yaml b/nuclei-templates/2022/CVE-2022-40223-347f040de616333a1a9814dd7bc708c0.yaml
index 6553ca7796..34a5291a9c 100644
--- a/nuclei-templates/2022/CVE-2022-40223-347f040de616333a1a9814dd7bc708c0.yaml
+++ b/nuclei-templates/2022/CVE-2022-40223-347f040de616333a1a9814dd7bc708c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SearchWP Premium <= 4.2.5 - Authenticated (Subscriber+) Nonce Leakage and Authorization Bypass
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SearchWP Premium plugin for WordPress is vulnerable to authorization bypass due to leaking a nonce protecting a function used to modify plugin settings in versions up to, and including, 4.2.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to obtain the nonce and modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/searchwp/"
     google-query: inurl:"/wp-content/plugins/searchwp/"
     shodan-query: 'vuln:CVE-2022-40223'
-  tags: cve,wordpress,wp-plugin,searchwp,high
+  tags: cve,wordpress,wp-plugin,searchwp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4023-d5d38bc96ea3d80c250cd1535165fc1d.yaml b/nuclei-templates/2022/CVE-2022-4023-d5d38bc96ea3d80c250cd1535165fc1d.yaml
index db6a5d3c7c..88a589133b 100644
--- a/nuclei-templates/2022/CVE-2022-4023-d5d38bc96ea3d80c250cd1535165fc1d.yaml
+++ b/nuclei-templates/2022/CVE-2022-4023-d5d38bc96ea3d80c250cd1535165fc1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3DPrint <= 3.5.6.8 - Cross-Site Request Forgery to Arbitrary File Download
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The 3DPrint plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.6.9. This is due to missing or incorrect nonce validation in the tinyfilemanager.php file. This makes it possible for unauthenticated attackers to create a backup of any file or directory on the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. File backups are stored with a predictable name (prepending a timestamp) in a known location which adds a trivial amount of complexity.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3dprint/"
     google-query: inurl:"/wp-content/plugins/3dprint/"
     shodan-query: 'vuln:CVE-2022-4023'
-  tags: cve,wordpress,wp-plugin,3dprint,high
+  tags: cve,wordpress,wp-plugin,3dprint,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4024-44a36b31780ae752545fe7f279378677.yaml b/nuclei-templates/2022/CVE-2022-4024-44a36b31780ae752545fe7f279378677.yaml
index c814075798..187ac253a2 100644
--- a/nuclei-templates/2022/CVE-2022-4024-44a36b31780ae752545fe7f279378677.yaml
+++ b/nuclei-templates/2022/CVE-2022-4024-44a36b31780ae752545fe7f279378677.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pie Register <= 3.8.1.2 - Missing Authorization to Arbitrary User Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Pie Register plugin for WordPress is vulnerable to arbitrary user deletion in versions up to, and including, 3.8.1.3. This is due to missing validation and capability checking on code that handles the deletion of users. This makes it possible for unauthenticated attackers to delete arbitrary users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pie-register/"
     google-query: inurl:"/wp-content/plugins/pie-register/"
     shodan-query: 'vuln:CVE-2022-4024'
-  tags: cve,wordpress,wp-plugin,pie-register,medium
+  tags: cve,wordpress,wp-plugin,pie-register,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4028-1385e98bb73a78a4b3298f9d107fe144.yaml b/nuclei-templates/2022/CVE-2022-4028-1385e98bb73a78a4b3298f9d107fe144.yaml
index 078b93a71e..991e7dcf6d 100644
--- a/nuclei-templates/2022/CVE-2022-4028-1385e98bb73a78a4b3298f9d107fe144.yaml
+++ b/nuclei-templates/2022/CVE-2022-4028-1385e98bb73a78a4b3298f9d107fe144.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple:Press <= 6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Signatures
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to inject arbitrary web scripts in pages when modifying a profile signature that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simplepress/"
     google-query: inurl:"/wp-content/plugins/simplepress/"
     shodan-query: 'vuln:CVE-2022-4028'
-  tags: cve,wordpress,wp-plugin,simplepress,medium
+  tags: cve,wordpress,wp-plugin,simplepress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4030-64b8d0d829a31289bbb915ba2b2eb077.yaml b/nuclei-templates/2022/CVE-2022-4030-64b8d0d829a31289bbb915ba2b2eb077.yaml
index f693b5caf1..6b69f01051 100644
--- a/nuclei-templates/2022/CVE-2022-4030-64b8d0d829a31289bbb915ba2b2eb077.yaml
+++ b/nuclei-templates/2022/CVE-2022-4030-64b8d0d829a31289bbb915ba2b2eb077.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simplepress/"
     google-query: inurl:"/wp-content/plugins/simplepress/"
     shodan-query: 'vuln:CVE-2022-4030'
-  tags: cve,wordpress,wp-plugin,simplepress,high
+  tags: cve,wordpress,wp-plugin,simplepress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40311-7d46d3a81ec6bb63cad62cde0afab07a.yaml b/nuclei-templates/2022/CVE-2022-40311-7d46d3a81ec6bb63cad62cde0afab07a.yaml
index 5af083bac7..2dc3c70ab1 100644
--- a/nuclei-templates/2022/CVE-2022-40311-7d46d3a81ec6bb63cad62cde0afab07a.yaml
+++ b/nuclei-templates/2022/CVE-2022-40311-7d46d3a81ec6bb63cad62cde0afab07a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Analytics Cat – Google Analytics Made Easy <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Analytics Cat – Google Analytics Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings parameter in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping in the fca_ga_input() function. This makes it possible for authenticated attackers with administrative-level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/analytics-cat/"
     google-query: inurl:"/wp-content/plugins/analytics-cat/"
     shodan-query: 'vuln:CVE-2022-40311'
-  tags: cve,wordpress,wp-plugin,analytics-cat,medium
+  tags: cve,wordpress,wp-plugin,analytics-cat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40312-78446893c956fc1d75ddd7c2d7c876e7.yaml b/nuclei-templates/2022/CVE-2022-40312-78446893c956fc1d75ddd7c2d7c876e7.yaml
index 56db027a5d..ddd2327dd0 100644
--- a/nuclei-templates/2022/CVE-2022-40312-78446893c956fc1d75ddd7c2d7c876e7.yaml
+++ b/nuclei-templates/2022/CVE-2022-40312-78446893c956fc1d75ddd7c2d7c876e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.25.1 - Authenticated (Admin+) Server-Side Request Forgery via give_get_content_by_ajax_handler
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 2.25.1 via the 'give_get_content_by_ajax_handler'. This can allow authenticated attackers with administrator-level privileges to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2022-40312'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4042-b4cb9ba45757222ec6c9dc1b2fa44488.yaml b/nuclei-templates/2022/CVE-2022-4042-b4cb9ba45757222ec6c9dc1b2fa44488.yaml
index fd659f778f..a1743231cc 100644
--- a/nuclei-templates/2022/CVE-2022-4042-b4cb9ba45757222ec6c9dc1b2fa44488.yaml
+++ b/nuclei-templates/2022/CVE-2022-4042-b4cb9ba45757222ec6c9dc1b2fa44488.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytium <= 4.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paytium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paytium_live_api_key' option and 'newsletter_group' attribute in versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytium/"
     google-query: inurl:"/wp-content/plugins/paytium/"
     shodan-query: 'vuln:CVE-2022-4042'
-  tags: cve,wordpress,wp-plugin,paytium,medium
+  tags: cve,wordpress,wp-plugin,paytium,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4043-32ed4b36d9532730d50e66214a30b7fa.yaml b/nuclei-templates/2022/CVE-2022-4043-32ed4b36d9532730d50e66214a30b7fa.yaml
index d1ea513515..f8e4ce1294 100644
--- a/nuclei-templates/2022/CVE-2022-4043-32ed4b36d9532730d50e66214a30b7fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-4043-32ed4b36d9532730d50e66214a30b7fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Admin Interface <= 7.28 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Custom Admin Interface plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 7.28, via deserialization of untrusted input in the northernbeacheswebsites_information and wp_custom_admin_interface_import_settings functions. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. The vulnerability is patched by setting allowed_classes. While this makes the vulnerability more or less unexploitable, PHP recommends not passing untrusted input to the unserialize function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-admin-interface/"
     google-query: inurl:"/wp-content/plugins/wp-custom-admin-interface/"
     shodan-query: 'vuln:CVE-2022-4043'
-  tags: cve,wordpress,wp-plugin,wp-custom-admin-interface,high
+  tags: cve,wordpress,wp-plugin,wp-custom-admin-interface,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4047-96ff12fd53b9282c4a2c4aeb674ac66e.yaml b/nuclei-templates/2022/CVE-2022-4047-96ff12fd53b9282c4a2c4aeb674ac66e.yaml
index a71fd51440..87edd7879c 100644
--- a/nuclei-templates/2022/CVE-2022-4047-96ff12fd53b9282c4a2c4aeb674ac66e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4047-96ff12fd53b9282c4a2c4aeb674ac66e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the wps_rma_order_return_attach_files function in versions up to, and including, 4.0.8. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-refund-and-exchange-lite/"
     google-query: inurl:"/wp-content/plugins/woo-refund-and-exchange-lite/"
     shodan-query: 'vuln:CVE-2022-4047'
-  tags: cve,wordpress,wp-plugin,woo-refund-and-exchange-lite,high
+  tags: cve,wordpress,wp-plugin,woo-refund-and-exchange-lite,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4060-b03939b1629e023f1100df8dea055a3b.yaml b/nuclei-templates/2022/CVE-2022-4060-b03939b1629e023f1100df8dea055a3b.yaml
index 4e48d6da30..28c7640149 100644
--- a/nuclei-templates/2022/CVE-2022-4060-b03939b1629e023f1100df8dea055a3b.yaml
+++ b/nuclei-templates/2022/CVE-2022-4060-b03939b1629e023f1100df8dea055a3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Post Gallery - UPG <= 2.19 - Missing Authorization to Remote Command Execution
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitrary PHP functions and perform actions like adding new files that can be webshells and updating the site's options to allow anyone to register as an administrator.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-upg/"
     google-query: inurl:"/wp-content/plugins/wp-upg/"
     shodan-query: 'vuln:CVE-2022-4060'
-  tags: cve,wordpress,wp-plugin,wp-upg,critical
+  tags: cve,wordpress,wp-plugin,wp-upg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40632-b1ced039ec3e12066bd1cc12c97938c8.yaml b/nuclei-templates/2022/CVE-2022-40632-b1ced039ec3e12066bd1cc12c97938c8.yaml
index 0f46de5f6c..e3d676c623 100644
--- a/nuclei-templates/2022/CVE-2022-40632-b1ced039ec3e12066bd1cc12c97938c8.yaml
+++ b/nuclei-templates/2022/CVE-2022-40632-b1ced039ec3e12066bd1cc12c97938c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 2.0.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The wpForo Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on various AJAX actions. This makes it possible for unauthenticated attackers to invoke the associated functions (leading to post deletion for example), via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2022-40632'
-  tags: cve,wordpress,wp-plugin,wpforo,high
+  tags: cve,wordpress,wp-plugin,wpforo,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40671-cd934d4abb39f62a28c7ae7b5501f68f.yaml b/nuclei-templates/2022/CVE-2022-40671-cd934d4abb39f62a28c7ae7b5501f68f.yaml
index 86708f8424..9326e3d12e 100644
--- a/nuclei-templates/2022/CVE-2022-40671-cd934d4abb39f62a28c7ae7b5501f68f.yaml
+++ b/nuclei-templates/2022/CVE-2022-40671-cd934d4abb39f62a28c7ae7b5501f68f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rate my Post – WP Rating System <= 3.3.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Rate my Post plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.4. This is due to missing or incorrect nonce validation on the has_valid_nonce function. This makes it possible for unauthenticated attackers to vote on posts, via forged request granted they can trick a site user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rate-my-post/"
     google-query: inurl:"/wp-content/plugins/rate-my-post/"
     shodan-query: 'vuln:CVE-2022-40671'
-  tags: cve,wordpress,wp-plugin,rate-my-post,high
+  tags: cve,wordpress,wp-plugin,rate-my-post,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40672-f0281688d74f818cfad7334eba1cc561.yaml b/nuclei-templates/2022/CVE-2022-40672-f0281688d74f818cfad7334eba1cc561.yaml
index e37548e637..47fb943f96 100644
--- a/nuclei-templates/2022/CVE-2022-40672-f0281688d74f818cfad7334eba1cc561.yaml
+++ b/nuclei-templates/2022/CVE-2022-40672-f0281688d74f818cfad7334eba1cc561.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CPO Shortcodes <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cpo-shortcodes/"
     google-query: inurl:"/wp-content/plugins/cpo-shortcodes/"
     shodan-query: 'vuln:CVE-2022-40672'
-  tags: cve,wordpress,wp-plugin,cpo-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,cpo-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40686-f890a87599d700193f94857dcecd8b3d.yaml b/nuclei-templates/2022/CVE-2022-40686-f890a87599d700193f94857dcecd8b3d.yaml
index 4f6078fa30..0f544865e2 100644
--- a/nuclei-templates/2022/CVE-2022-40686-f890a87599d700193f94857dcecd8b3d.yaml
+++ b/nuclei-templates/2022/CVE-2022-40686-f890a87599d700193f94857dcecd8b3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Creative Mail <= 1.5.4 - Cross-Site Request Forgery to Plugin Deactivation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on settings change. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/creative-mail-by-constant-contact/"
     google-query: inurl:"/wp-content/plugins/creative-mail-by-constant-contact/"
     shodan-query: 'vuln:CVE-2022-40686'
-  tags: cve,wordpress,wp-plugin,creative-mail-by-constant-contact,high
+  tags: cve,wordpress,wp-plugin,creative-mail-by-constant-contact,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40687-883ac125446954bc56b63a659310e326.yaml b/nuclei-templates/2022/CVE-2022-40687-883ac125446954bc56b63a659310e326.yaml
index ca94287bc1..0cb3056c56 100644
--- a/nuclei-templates/2022/CVE-2022-40687-883ac125446954bc56b63a659310e326.yaml
+++ b/nuclei-templates/2022/CVE-2022-40687-883ac125446954bc56b63a659310e326.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Creative Mail <= 1.5.4 - Cross-Site Request Forgery to Settings Disconnect
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on settings change. This makes it possible for unauthenticated attackers to reset the plugin's settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/creative-mail-by-constant-contact/"
     google-query: inurl:"/wp-content/plugins/creative-mail-by-constant-contact/"
     shodan-query: 'vuln:CVE-2022-40687'
-  tags: cve,wordpress,wp-plugin,creative-mail-by-constant-contact,high
+  tags: cve,wordpress,wp-plugin,creative-mail-by-constant-contact,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40692-6fb4ed5587f0486cce5c1d786ad4230e.yaml b/nuclei-templates/2022/CVE-2022-40692-6fb4ed5587f0486cce5c1d786ad4230e.yaml
index f1a8f6f65d..9df4adcf62 100644
--- a/nuclei-templates/2022/CVE-2022-40692-6fb4ed5587f0486cce5c1d786ad4230e.yaml
+++ b/nuclei-templates/2022/CVE-2022-40692-6fb4ed5587f0486cce5c1d786ad4230e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sunshine Photo Cart <= 2.9.13 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.13. This is due to missing or incorrect nonce validation on the sunshine_update_image_location_ajax function. This makes it possible for unauthenticated attackers to change image file paths, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sunshine-photo-cart/"
     google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/"
     shodan-query: 'vuln:CVE-2022-40692'
-  tags: cve,wordpress,wp-plugin,sunshine-photo-cart,high
+  tags: cve,wordpress,wp-plugin,sunshine-photo-cart,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40694-6c5199d39eb82de60e28b6acd63ef12d.yaml b/nuclei-templates/2022/CVE-2022-40694-6c5199d39eb82de60e28b6acd63ef12d.yaml
index 20cf41a7c4..ac46b06e45 100644
--- a/nuclei-templates/2022/CVE-2022-40694-6c5199d39eb82de60e28b6acd63ef12d.yaml
+++ b/nuclei-templates/2022/CVE-2022-40694-6c5199d39eb82de60e28b6acd63ef12d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     News Announcement Scroll <= 8.8.8 - Authenticated (Admininstrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The News Announcement Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 8.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/news-announcement-scroll/"
     google-query: inurl:"/wp-content/plugins/news-announcement-scroll/"
     shodan-query: 'vuln:CVE-2022-40694'
-  tags: cve,wordpress,wp-plugin,news-announcement-scroll,medium
+  tags: cve,wordpress,wp-plugin,news-announcement-scroll,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40695-ea58f8019f8858d1a6e5612496c6cdb0.yaml b/nuclei-templates/2022/CVE-2022-40695-ea58f8019f8858d1a6e5612496c6cdb0.yaml
index ae763568eb..cbcaf6064a 100644
--- a/nuclei-templates/2022/CVE-2022-40695-ea58f8019f8858d1a6e5612496c6cdb0.yaml
+++ b/nuclei-templates/2022/CVE-2022-40695-ea58f8019f8858d1a6e5612496c6cdb0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Redirection Plugin <= 8.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SEO Redirection Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.9. This is due to missing nonce validation in the option_page_history.php and option_page_404.php files. This makes it possible for unauthenticated attackers to change 404 page settings and manage redirection history via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-redirection/"
     google-query: inurl:"/wp-content/plugins/seo-redirection/"
     shodan-query: 'vuln:CVE-2022-40695'
-  tags: cve,wordpress,wp-plugin,seo-redirection,high
+  tags: cve,wordpress,wp-plugin,seo-redirection,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40696-73ae88fd78bf0becac09b57aa5f8c767.yaml b/nuclei-templates/2022/CVE-2022-40696-73ae88fd78bf0becac09b57aa5f8c767.yaml
index 19fb8a657f..df92c46e0a 100644
--- a/nuclei-templates/2022/CVE-2022-40696-73ae88fd78bf0becac09b57aa5f8c767.yaml
+++ b/nuclei-templates/2022/CVE-2022-40696-73ae88fd78bf0becac09b57aa5f8c767.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields <= 6.0.2 - Authenticated (Contributor+) Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Custom Fields plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 6.0.2. While the ACF shortcode ensures that the ACF data being accessed is valid data that has been entered into ACF fields, it may be possible with certain site configurations, that contributor-level users may extract sensitive user or configuration data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-custom-fields/"
     google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
     shodan-query: 'vuln:CVE-2022-40696'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40697-2f1a45c352b73e0646091d728f0d1831.yaml b/nuclei-templates/2022/CVE-2022-40697-2f1a45c352b73e0646091d728f0d1831.yaml
index 4bad657f27..a28303d147 100644
--- a/nuclei-templates/2022/CVE-2022-40697-2f1a45c352b73e0646091d728f0d1831.yaml
+++ b/nuclei-templates/2022/CVE-2022-40697-2f1a45c352b73e0646091d728f0d1831.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3com – Asesor de Cookies <= 3.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 3com – Asesor de Cookies plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3com-asesor-de-cookies/"
     google-query: inurl:"/wp-content/plugins/3com-asesor-de-cookies/"
     shodan-query: 'vuln:CVE-2022-40697'
-  tags: cve,wordpress,wp-plugin,3com-asesor-de-cookies,medium
+  tags: cve,wordpress,wp-plugin,3com-asesor-de-cookies,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40699-146da8f6895b52d2f71daced48bc4bb3.yaml b/nuclei-templates/2022/CVE-2022-40699-146da8f6895b52d2f71daced48bc4bb3.yaml
index 1aa730c81a..1516b207f1 100644
--- a/nuclei-templates/2022/CVE-2022-40699-146da8f6895b52d2f71daced48bc4bb3.yaml
+++ b/nuclei-templates/2022/CVE-2022-40699-146da8f6895b52d2f71daced48bc4bb3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yet Another Stars Rating <= 3.1.2 - Authenticated (Subscriber+) Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yet Another Stars Rating plugin for WordPress is vulnerable to Cross-Site Scripting via shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-stars-rating/"
     google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/"
     shodan-query: 'vuln:CVE-2022-40699'
-  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,medium
+  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40700-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/2022/CVE-2022-40700-e2fa4c8a4519773eef901f4abb2bc665.yaml
index bf14eba1c7..e8f3467b2a 100644
--- a/nuclei-templates/2022/CVE-2022-40700-e2fa4c8a4519773eef901f4abb2bc665.yaml
+++ b/nuclei-templates/2022/CVE-2022-40700-e2fa4c8a4519773eef901f4abb2bc665.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.3
     cve-id: CVE-2022-40700
   metadata:
-    fofa-query: "wp-content/plugins/admin-css-mu/"
-    google-query: inurl:"/wp-content/plugins/admin-css-mu/"
+    fofa-query: "wp-content/plugins/amp-toolbox/"
+    google-query: inurl:"/wp-content/plugins/amp-toolbox/"
     shodan-query: 'vuln:CVE-2022-40700'
-  tags: cve,wordpress,wp-plugin,admin-css-mu,high
+  tags: cve,wordpress,wp-plugin,amp-toolbox,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/admin-css-mu/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/amp-toolbox/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "admin-css-mu"
+          - "amp-toolbox"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.6')
\ No newline at end of file
+          - compare_versions(version, '<= 2.1.1')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-40702-53dce218cb6cdf713c943d61cbe1c885.yaml b/nuclei-templates/2022/CVE-2022-40702-53dce218cb6cdf713c943d61cbe1c885.yaml
index 2a9b71daa7..2ea975b30a 100644
--- a/nuclei-templates/2022/CVE-2022-40702-53dce218cb6cdf713c943d61cbe1c885.yaml
+++ b/nuclei-templates/2022/CVE-2022-40702-53dce218cb6cdf713c943d61cbe1c885.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Local Pickup for WooCommerce <= 1.5.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Local Pickup for WooCommerce for WordPress is vulnerable to unauthorized access of AJAX actions due to a missing capability check on the functions wclp_update_state_dropdown_fun, wclp_update_work_hours_list_fun, wclp_update_edit_location_form_fun, and wclp_apply_work_hours_fun in versions up to, and including, 1.5.2. This makes it possible for subscriber-level attackers to invoke these functions and change plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-local-pickup-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-local-pickup-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-40702'
-  tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40963-dcd836cebf0e20586e7baffdfe54c10c.yaml b/nuclei-templates/2022/CVE-2022-40963-dcd836cebf0e20586e7baffdfe54c10c.yaml
index 52e7fee018..aa211422f9 100644
--- a/nuclei-templates/2022/CVE-2022-40963-dcd836cebf0e20586e7baffdfe54c10c.yaml
+++ b/nuclei-templates/2022/CVE-2022-40963-dcd836cebf0e20586e7baffdfe54c10c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Page Builder <= 1.2.6 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-pagebuilder/"
     google-query: inurl:"/wp-content/plugins/wp-pagebuilder/"
     shodan-query: 'vuln:CVE-2022-40963'
-  tags: cve,wordpress,wp-plugin,wp-pagebuilder,medium
+  tags: cve,wordpress,wp-plugin,wp-pagebuilder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40968-942a0a0ff8bd16dd5a3f3bf1e155403a.yaml b/nuclei-templates/2022/CVE-2022-40968-942a0a0ff8bd16dd5a3f3bf1e155403a.yaml
index eec3abc280..893efcf34f 100644
--- a/nuclei-templates/2022/CVE-2022-40968-942a0a0ff8bd16dd5a3f3bf1e155403a.yaml
+++ b/nuclei-templates/2022/CVE-2022-40968-942a0a0ff8bd16dd5a3f3bf1e155403a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     2kb Amazon Affiliates Store <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 2kb Amazon Affiliates Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/2kb-amazon-affiliates-store/"
     google-query: inurl:"/wp-content/plugins/2kb-amazon-affiliates-store/"
     shodan-query: 'vuln:CVE-2022-40968'
-  tags: cve,wordpress,wp-plugin,2kb-amazon-affiliates-store,medium
+  tags: cve,wordpress,wp-plugin,2kb-amazon-affiliates-store,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-40975-baea03495f30d429cbcc479e7010d90b.yaml b/nuclei-templates/2022/CVE-2022-40975-baea03495f30d429cbcc479e7010d90b.yaml
index 616e2c7a10..29c06bd6fb 100644
--- a/nuclei-templates/2022/CVE-2022-40975-baea03495f30d429cbcc479e7010d90b.yaml
+++ b/nuclei-templates/2022/CVE-2022-40975-baea03495f30d429cbcc479e7010d90b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Slider <= 1.6.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Slider plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the toggle_featured_post() function in versions up to, and including, 1.6.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change featured posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adl-post-slider/"
     google-query: inurl:"/wp-content/plugins/adl-post-slider/"
     shodan-query: 'vuln:CVE-2022-40975'
-  tags: cve,wordpress,wp-plugin,adl-post-slider,medium
+  tags: cve,wordpress,wp-plugin,adl-post-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4101-67cbbeb086472c18cc998dc3852acd0d.yaml b/nuclei-templates/2022/CVE-2022-4101-67cbbeb086472c18cc998dc3852acd0d.yaml
index 06fa9d18c6..e7ec8fac63 100644
--- a/nuclei-templates/2022/CVE-2022-4101-67cbbeb086472c18cc998dc3852acd0d.yaml
+++ b/nuclei-templates/2022/CVE-2022-4101-67cbbeb086472c18cc998dc3852acd0d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Images Optimize and Upload CF7 <= 2.1.4 - Missing Authorization to Arbitrary File Deletion
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Images Optimize and Upload CF7 plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the yr_api_delete AJAX action available to unprivileged users in versions up to, and including, 2.1.4. This makes it possible for unauthenticated attackers to delete arbitrary files. This could be used to delete the wp-config.php file that would make complete site takeover relatively simple for an attacker.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/images-optimize-and-upload-cf7/"
     google-query: inurl:"/wp-content/plugins/images-optimize-and-upload-cf7/"
     shodan-query: 'vuln:CVE-2022-4101'
-  tags: cve,wordpress,wp-plugin,images-optimize-and-upload-cf7,critical
+  tags: cve,wordpress,wp-plugin,images-optimize-and-upload-cf7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4102-14fedf42454dd570b7c4db0f006340a9.yaml b/nuclei-templates/2022/CVE-2022-4102-14fedf42454dd570b7c4db0f006340a9.yaml
index 4b8067bebd..d37d4ad13a 100644
--- a/nuclei-templates/2022/CVE-2022-4102-14fedf42454dd570b7c4db0f006340a9.yaml
+++ b/nuclei-templates/2022/CVE-2022-4102-14fedf42454dd570b7c4db0f006340a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.55. This is due to missing or incorrect nonce validation on the wpr_delete_template and wpr_create_template functions. This makes it possible for unauthenticated attackers to delete or create pages/posts, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2022-4102'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,high
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4102-34cb9813e7e0af12dde3e7fb63dcabc4.yaml b/nuclei-templates/2022/CVE-2022-4102-34cb9813e7e0af12dde3e7fb63dcabc4.yaml
index 3cf77e166f..7459aee835 100644
--- a/nuclei-templates/2022/CVE-2022-4102-34cb9813e7e0af12dde3e7fb63dcabc4.yaml
+++ b/nuclei-templates/2022/CVE-2022-4102-34cb9813e7e0af12dde3e7fb63dcabc4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons <=1.3.55 - Authenticated (Subscriber+) Arbitrary Post Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Royal Elementor Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check during template deletion in the function wpr_create_template in versions up to, and including, 1.3.55. Furthermore, the plugin does not verify whether the deleted post is a template. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts and pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2022-4102'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,high
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4103-67ad0ff7411e0b10941fca10e62b3adc.yaml b/nuclei-templates/2022/CVE-2022-4103-67ad0ff7411e0b10941fca10e62b3adc.yaml
index ab20f789fa..d8e4fce4ec 100644
--- a/nuclei-templates/2022/CVE-2022-4103-67ad0ff7411e0b10941fca10e62b3adc.yaml
+++ b/nuclei-templates/2022/CVE-2022-4103-67ad0ff7411e0b10941fca10e62b3adc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons <=1.3.55 - Missing Authorization to Subscriber+ Arbitrary Post Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Royal Elementor Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check during template creation in the function wpr_create_template in versions up to, and including, 1.3.55. Furthermore, the plugin does not verify whether the created post is a template. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create arbitrary posts and pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2022-4103'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4107-a6b4638155101fd9dca73e44a2714579.yaml b/nuclei-templates/2022/CVE-2022-4107-a6b4638155101fd9dca73e44a2714579.yaml
index f1ef347f36..1006a739cd 100644
--- a/nuclei-templates/2022/CVE-2022-4107-a6b4638155101fd9dca73e44a2714579.yaml
+++ b/nuclei-templates/2022/CVE-2022-4107-a6b4638155101fd9dca73e44a2714579.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SMSA Shipping for WooCommerce <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SMSA Shipping for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Download due to missing file validation on file download functionality in versions up to, and including, 1.0.4. This makes it possible for subscriber-level attackers with any file download functionality to access and download any arbitrary file on the server, including database configuration files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smsa-shipping-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/smsa-shipping-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-4107'
-  tags: cve,wordpress,wp-plugin,smsa-shipping-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,smsa-shipping-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4108-519740287ea130c472e2b41307bc4416.yaml b/nuclei-templates/2022/CVE-2022-4108-519740287ea130c472e2b41307bc4416.yaml
index d2a5c3c088..6d96b3cc6d 100644
--- a/nuclei-templates/2022/CVE-2022-4108-519740287ea130c472e2b41307bc4416.yaml
+++ b/nuclei-templates/2022/CVE-2022-4108-519740287ea130c472e2b41307bc4416.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wholesale Market for WooCommerce <= 1.0.7 - Authenticated (Administrator+) Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wholesale Market for WooCommerce plugin for WordPress is vulnerable to arbitrary file download due to missing user input validation during the system path generation process in versions up to, and including, 1.0.7. This makes it possible for authenticated attackers with administrator-level privileges to download arbitrary files on the affected site's server, including database configuration files from other sites.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wholesale-market-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/wholesale-market-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-4108'
-  tags: cve,wordpress,wp-plugin,wholesale-market-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,wholesale-market-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4109-f7ab3183d6a1c8faf8c7fa4cce5c285d.yaml b/nuclei-templates/2022/CVE-2022-4109-f7ab3183d6a1c8faf8c7fa4cce5c285d.yaml
index db5cb9e26a..b80235891d 100644
--- a/nuclei-templates/2022/CVE-2022-4109-f7ab3183d6a1c8faf8c7fa4cce5c285d.yaml
+++ b/nuclei-templates/2022/CVE-2022-4109-f7ab3183d6a1c8faf8c7fa4cce5c285d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wholesale Market for WooCommerce < 2.0.0 - Authenticated (Administrator+) Arbitrary Log File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wholesale Market for WooCommerce plugin for WordPress is vulnerable to Arbitrary Log File Download in versions below 2.0.0. This due to the plugin not verifying that paths accessed belong to the site they are accessed from. This makes it possible for unauthenticated attackers to download log files from the vulnerable service's server even if they belong to another site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wholesale-market-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/wholesale-market-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-4109'
-  tags: cve,wordpress,wp-plugin,wholesale-market-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,wholesale-market-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4110-a2935a109cadc5c6b15de3c6e258096e.yaml b/nuclei-templates/2022/CVE-2022-4110-a2935a109cadc5c6b15de3c6e258096e.yaml
index 13fea09c5e..46388b0b94 100644
--- a/nuclei-templates/2022/CVE-2022-4110-a2935a109cadc5c6b15de3c6e258096e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4110-a2935a109cadc5c6b15de3c6e258096e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Eventify <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Eventify  plugin for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventify/"
     google-query: inurl:"/wp-content/plugins/eventify/"
     shodan-query: 'vuln:CVE-2022-4110'
-  tags: cve,wordpress,wp-plugin,eventify,medium
+  tags: cve,wordpress,wp-plugin,eventify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4112-aa821804338bfa52c597bf95613d3cbf.yaml b/nuclei-templates/2022/CVE-2022-4112-aa821804338bfa52c597bf95613d3cbf.yaml
index 7c485b2f04..07605865d0 100644
--- a/nuclei-templates/2022/CVE-2022-4112-aa821804338bfa52c597bf95613d3cbf.yaml
+++ b/nuclei-templates/2022/CVE-2022-4112-aa821804338bfa52c597bf95613d3cbf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quizlord <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quizlord plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unspecified parameter in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quizlord/"
     google-query: inurl:"/wp-content/plugins/quizlord/"
     shodan-query: 'vuln:CVE-2022-4112'
-  tags: cve,wordpress,wp-plugin,quizlord,medium
+  tags: cve,wordpress,wp-plugin,quizlord,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41132-26aceda847c1eb3f25bb17474245905f.yaml b/nuclei-templates/2022/CVE-2022-41132-26aceda847c1eb3f25bb17474245905f.yaml
index 78947a4b0b..7bd500f270 100644
--- a/nuclei-templates/2022/CVE-2022-41132-26aceda847c1eb3f25bb17474245905f.yaml
+++ b/nuclei-templates/2022/CVE-2022-41132-26aceda847c1eb3f25bb17474245905f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ezoic <= 2.8.8 - Missing Authorization to Stored Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Ezoic plugin for WordPress is vulnerable to authorization bypass to stored cross-site scripting via several REST-API endpoints in versions up to, and including, 2.8.8 due to missing capability checks and insufficient input sanitization and output escaping. This makes it possible for unauthenticated-level attackers to make settings changes in the plugin.  Because of protections lacking in the plugin settings, it will allow attackers to subsequently inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ezoic-integration/"
     google-query: inurl:"/wp-content/plugins/ezoic-integration/"
     shodan-query: 'vuln:CVE-2022-41132'
-  tags: cve,wordpress,wp-plugin,ezoic-integration,critical
+  tags: cve,wordpress,wp-plugin,ezoic-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41134-65a9527890576df98e6c12dd65024410.yaml b/nuclei-templates/2022/CVE-2022-41134-65a9527890576df98e6c12dd65024410.yaml
index ee74a2d2b1..eba265e0bb 100644
--- a/nuclei-templates/2022/CVE-2022-41134-65a9527890576df98e6c12dd65024410.yaml
+++ b/nuclei-templates/2022/CVE-2022-41134-65a9527890576df98e6c12dd65024410.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Optinly <= 1.0.15 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Optinly plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.15. This is due to missing or incorrect nonce validation on several of its functions. This makes it possible for unauthenticated attackers to modify plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Note the developer attempted to patch the issue, however, the plugin is still vulnerable by simply omitting the `csrfToken` value.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/optinly/"
     google-query: inurl:"/wp-content/plugins/optinly/"
     shodan-query: 'vuln:CVE-2022-41134'
-  tags: cve,wordpress,wp-plugin,optinly,high
+  tags: cve,wordpress,wp-plugin,optinly,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41136-dbe0cc2eb5dbae77d4244d0de7839b9b.yaml b/nuclei-templates/2022/CVE-2022-41136-dbe0cc2eb5dbae77d4244d0de7839b9b.yaml
index a0cbbc5771..2931365450 100644
--- a/nuclei-templates/2022/CVE-2022-41136-dbe0cc2eb5dbae77d4244d0de7839b9b.yaml
+++ b/nuclei-templates/2022/CVE-2022-41136-dbe0cc2eb5dbae77d4244d0de7839b9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.12.0. This is due to missing nonce validation on the ajax_add_preset() function. This makes it possible for unauthenticated attackers to make preset changes and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2022-41136'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,high
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4114-cb7c43df76e71bb6d20f5f4c8a5d90eb.yaml b/nuclei-templates/2022/CVE-2022-4114-cb7c43df76e71bb6d20f5f4c8a5d90eb.yaml
index d40e27ddf0..0640133791 100644
--- a/nuclei-templates/2022/CVE-2022-4114-cb7c43df76e71bb6d20f5f4c8a5d90eb.yaml
+++ b/nuclei-templates/2022/CVE-2022-4114-cb7c43df76e71bb6d20f5f4c8a5d90eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Superio - Job Board <= 1.2.32 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Superio theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/superio/"
     google-query: inurl:"/wp-content/themes/superio/"
     shodan-query: 'vuln:CVE-2022-4114'
-  tags: cve,wordpress,wp-theme,superio,medium
+  tags: cve,wordpress,wp-theme,superio,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4115-b0561191aff3bb3e5af8336a71c1ffcc.yaml b/nuclei-templates/2022/CVE-2022-4115-b0561191aff3bb3e5af8336a71c1ffcc.yaml
index 7755a33f26..076c0f6bff 100644
--- a/nuclei-templates/2022/CVE-2022-4115-b0561191aff3bb3e5af8336a71c1ffcc.yaml
+++ b/nuclei-templates/2022/CVE-2022-4115-b0561191aff3bb3e5af8336a71c1ffcc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Editorial Calendar <= 3.8.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via edcal_saveoptions AJAX action
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Editorial Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wheel-support’ parameter accepted by the 'edcal_saveoptions' AJAX action in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/editorial-calendar/"
     google-query: inurl:"/wp-content/plugins/editorial-calendar/"
     shodan-query: 'vuln:CVE-2022-4115'
-  tags: cve,wordpress,wp-plugin,editorial-calendar,medium
+  tags: cve,wordpress,wp-plugin,editorial-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4119-6ccadf7e1366ca3249cc5950850c4bdc.yaml b/nuclei-templates/2022/CVE-2022-4119-6ccadf7e1366ca3249cc5950850c4bdc.yaml
index 27ac8763f0..f28c869a81 100644
--- a/nuclei-templates/2022/CVE-2022-4119-6ccadf7e1366ca3249cc5950850c4bdc.yaml
+++ b/nuclei-templates/2022/CVE-2022-4119-6ccadf7e1366ca3249cc5950850c4bdc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Optimizer, Resizer and CDN – Sirv <= 6.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘SIRV_ACCOUNT_EMAIL’ parameter in versions up to, and including, 6.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sirv/"
     google-query: inurl:"/wp-content/plugins/sirv/"
     shodan-query: 'vuln:CVE-2022-4119'
-  tags: cve,wordpress,wp-plugin,sirv,medium
+  tags: cve,wordpress,wp-plugin,sirv,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4124-76f3b72582acb97747f26a7d73d169e0.yaml b/nuclei-templates/2022/CVE-2022-4124-76f3b72582acb97747f26a7d73d169e0.yaml
index 0bdd0cdf4c..5ce69544b7 100644
--- a/nuclei-templates/2022/CVE-2022-4124-76f3b72582acb97747f26a7d73d169e0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4124-76f3b72582acb97747f26a7d73d169e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Manager <= 1.6.6 - Missing Authorization to Arbitrary Popup Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to delete arbitrary popups. Cross-Site Request Forgery protection is also missing.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-manager/"
     google-query: inurl:"/wp-content/plugins/popup-manager/"
     shodan-query: 'vuln:CVE-2022-4124'
-  tags: cve,wordpress,wp-plugin,popup-manager,medium
+  tags: cve,wordpress,wp-plugin,popup-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41315-f68243f27ec6cdc816f3b8c11a5b90ea.yaml b/nuclei-templates/2022/CVE-2022-41315-f68243f27ec6cdc816f3b8c11a5b90ea.yaml
index 67f85cd9af..3d5a6e7e27 100644
--- a/nuclei-templates/2022/CVE-2022-41315-f68243f27ec6cdc816f3b8c11a5b90ea.yaml
+++ b/nuclei-templates/2022/CVE-2022-41315-f68243f27ec6cdc816f3b8c11a5b90ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ezoic <= 2.8.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ezoic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges, to inject malicious web scripts into a page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ezoic-integration/"
     google-query: inurl:"/wp-content/plugins/ezoic-integration/"
     shodan-query: 'vuln:CVE-2022-41315'
-  tags: cve,wordpress,wp-plugin,ezoic-integration,high
+  tags: cve,wordpress,wp-plugin,ezoic-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4142-cf862152b16dd1f39286055ed51b17b7.yaml b/nuclei-templates/2022/CVE-2022-4142-cf862152b16dd1f39286055ed51b17b7.yaml
index b74fa195bb..c875f8ffda 100644
--- a/nuclei-templates/2022/CVE-2022-4142-cf862152b16dd1f39286055ed51b17b7.yaml
+++ b/nuclei-templates/2022/CVE-2022-4142-cf862152b16dd1f39286055ed51b17b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Filter Gallery Plugin <= 0.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Filter Gallery Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ufg_gallery_filters 
      AJAX action in versions up to, and including, 0.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
@@ -18,7 +18,7 @@ info:
     fofa-query: "wp-content/plugins/filter-gallery/"
     google-query: inurl:"/wp-content/plugins/filter-gallery/"
     shodan-query: 'vuln:CVE-2022-4142'
-  tags: cve,wordpress,wp-plugin,filter-gallery,medium
+  tags: cve,wordpress,wp-plugin,filter-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4148-41a31043d8f2b87b33721864ecd51995.yaml b/nuclei-templates/2022/CVE-2022-4148-41a31043d8f2b87b33721864ecd51995.yaml
index baf32bf84c..729a16b128 100644
--- a/nuclei-templates/2022/CVE-2022-4148-41a31043d8f2b87b33721864ecd51995.yaml
+++ b/nuclei-templates/2022/CVE-2022-4148-41a31043d8f2b87b33721864ecd51995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP OAuth Server <= 4.2.5 - Authenticated (Subscriber+) Arbitrary Client Deletion (wo_ajax_remove_client)
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP OAuth Server plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wo_ajax_remove_client() function in versions up to, and including, 4.2.5. This makes it possible for authenticated attackers with minimal permissions such as a subscriber to delete arbitrary clients.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oauth2-provider/"
     google-query: inurl:"/wp-content/plugins/oauth2-provider/"
     shodan-query: 'vuln:CVE-2022-4148'
-  tags: cve,wordpress,wp-plugin,oauth2-provider,medium
+  tags: cve,wordpress,wp-plugin,oauth2-provider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4150-cadc46493e5e64619719bfd06035e262.yaml b/nuclei-templates/2022/CVE-2022-4150-cadc46493e5e64619719bfd06035e262.yaml
index 99c3aafa50..0fe639da46 100644
--- a/nuclei-templates/2022/CVE-2022-4150-cadc46493e5e64619719bfd06035e262.yaml
+++ b/nuclei-templates/2022/CVE-2022-4150-cadc46493e5e64619719bfd06035e262.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Contest Gallery (Pro) plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.5 due to insufficient escaping on the user supplied option_id parameter and lack of sufficient preparation on the existing SQL query in the order-custom-fields-with-and-without-search.php file. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2022-4150
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4150'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-4151-a3fa9aa05831cbe48f93e588aa23d79b.yaml b/nuclei-templates/2022/CVE-2022-4151-a3fa9aa05831cbe48f93e588aa23d79b.yaml
index e81844486c..ed81739684 100644
--- a/nuclei-templates/2022/CVE-2022-4151-a3fa9aa05831cbe48f93e588aa23d79b.yaml
+++ b/nuclei-templates/2022/CVE-2022-4151-a3fa9aa05831cbe48f93e588aa23d79b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied option_id parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4151
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4151'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-4152-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml b/nuclei-templates/2022/CVE-2022-4152-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml
index 9ddd64c0c1..9b87b64899 100644
--- a/nuclei-templates/2022/CVE-2022-4152-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml
+++ b/nuclei-templates/2022/CVE-2022-4152-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied option_id GET parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4152
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4152'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-4153-4f98def5aafbaedc907582ddf709a1ef.yaml b/nuclei-templates/2022/CVE-2022-4153-4f98def5aafbaedc907582ddf709a1ef.yaml
index 7f6da716e8..3ca75959f9 100644
--- a/nuclei-templates/2022/CVE-2022-4153-4f98def5aafbaedc907582ddf709a1ef.yaml
+++ b/nuclei-templates/2022/CVE-2022-4153-4f98def5aafbaedc907582ddf709a1ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[]
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.5 due to insufficient escaping on the user supplied upload[] parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4153
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4153'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-4154-82c2c907402b124f31a2f373f11be562.yaml b/nuclei-templates/2022/CVE-2022-4154-82c2c907402b124f31a2f373f11be562.yaml
index 9c32fd3acc..8de499df3c 100644
--- a/nuclei-templates/2022/CVE-2022-4154-82c2c907402b124f31a2f373f11be562.yaml
+++ b/nuclei-templates/2022/CVE-2022-4154-82c2c907402b124f31a2f373f11be562.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contest Gallery Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied wp_user_id parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery-pro/"
     google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4154'
-  tags: cve,wordpress,wp-plugin,contest-gallery-pro,medium
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4155-cad4f56715717797069f7a87850b72f0.yaml b/nuclei-templates/2022/CVE-2022-4155-cad4f56715717797069f7a87850b72f0.yaml
index c6b3724a89..0129f62b0b 100644
--- a/nuclei-templates/2022/CVE-2022-4155-cad4f56715717797069f7a87850b72f0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4155-cad4f56715717797069f7a87850b72f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied wp_user_id parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4155
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4155'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-41554-4c2a731e32a3d9201839b73fb37eef51.yaml b/nuclei-templates/2022/CVE-2022-41554-4c2a731e32a3d9201839b73fb37eef51.yaml
index 5661f0f376..8ab09982ca 100644
--- a/nuclei-templates/2022/CVE-2022-41554-4c2a731e32a3d9201839b73fb37eef51.yaml
+++ b/nuclei-templates/2022/CVE-2022-41554-4c2a731e32a3d9201839b73fb37eef51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow SE <= 2.5.5 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slideshow SE plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-se/"
     google-query: inurl:"/wp-content/plugins/slideshow-se/"
     shodan-query: 'vuln:CVE-2022-41554'
-  tags: cve,wordpress,wp-plugin,slideshow-se,medium
+  tags: cve,wordpress,wp-plugin,slideshow-se,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4156-8a640d3ed297a8a63d17c701796646c2.yaml b/nuclei-templates/2022/CVE-2022-4156-8a640d3ed297a8a63d17c701796646c2.yaml
index 8a764a8b2c..549f9526a8 100644
--- a/nuclei-templates/2022/CVE-2022-4156-8a640d3ed297a8a63d17c701796646c2.yaml
+++ b/nuclei-templates/2022/CVE-2022-4156-8a640d3ed297a8a63d17c701796646c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.5 due to insufficient escaping on the user supplied user_id parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2022-4156
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4156'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-4157-aa986981c75263be7a2313fe5bb981c0.yaml b/nuclei-templates/2022/CVE-2022-4157-aa986981c75263be7a2313fe5bb981c0.yaml
index 3860e65151..e7243a4d8c 100644
--- a/nuclei-templates/2022/CVE-2022-4157-aa986981c75263be7a2313fe5bb981c0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4157-aa986981c75263be7a2313fe5bb981c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_option_id parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4157
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4157'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-4158-9ac93e930052c6b551d522a1a37f90fe.yaml b/nuclei-templates/2022/CVE-2022-4158-9ac93e930052c6b551d522a1a37f90fe.yaml
index 220ee587fb..031a97ec95 100644
--- a/nuclei-templates/2022/CVE-2022-4158-9ac93e930052c6b551d522a1a37f90fe.yaml
+++ b/nuclei-templates/2022/CVE-2022-4158-9ac93e930052c6b551d522a1a37f90fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_Fields parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2022-4158
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4158'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-4159-53c528c4b38bd34834da864bf5436a73.yaml b/nuclei-templates/2022/CVE-2022-4159-53c528c4b38bd34834da864bf5436a73.yaml
index 4e247a36f6..8537372e1e 100644
--- a/nuclei-templates/2022/CVE-2022-4159-53c528c4b38bd34834da864bf5436a73.yaml
+++ b/nuclei-templates/2022/CVE-2022-4159-53c528c4b38bd34834da864bf5436a73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.5 due to insufficient escaping on the user supplied cg_id parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4159
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4159'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-4160-b3fb140ad00234395ef28e4892077821.yaml b/nuclei-templates/2022/CVE-2022-4160-b3fb140ad00234395ef28e4892077821.yaml
index d2e24f6035..f94c9ec3e8 100644
--- a/nuclei-templates/2022/CVE-2022-4160-b3fb140ad00234395ef28e4892077821.yaml
+++ b/nuclei-templates/2022/CVE-2022-4160-b3fb140ad00234395ef28e4892077821.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1  due to insufficient escaping on the user supplied cg_copy_id parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4160
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4160'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-41608-488a5177633c5d61ff8bef1899fcdb13.yaml b/nuclei-templates/2022/CVE-2022-41608-488a5177633c5d61ff8bef1899fcdb13.yaml
index f73e6996ae..9d65b936fc 100644
--- a/nuclei-templates/2022/CVE-2022-41608-488a5177633c5d61ff8bef1899fcdb13.yaml
+++ b/nuclei-templates/2022/CVE-2022-41608-488a5177633c5d61ff8bef1899fcdb13.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Asgaros Forum <= 2.1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/asgaros-forum/"
     google-query: inurl:"/wp-content/plugins/asgaros-forum/"
     shodan-query: 'vuln:CVE-2022-41608'
-  tags: cve,wordpress,wp-plugin,asgaros-forum,high
+  tags: cve,wordpress,wp-plugin,asgaros-forum,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4161-757bd659f9146e7fed02497d3559c2e8.yaml b/nuclei-templates/2022/CVE-2022-4161-757bd659f9146e7fed02497d3559c2e8.yaml
index b5d2b55d77..9893ec0bc9 100644
--- a/nuclei-templates/2022/CVE-2022-4161-757bd659f9146e7fed02497d3559c2e8.yaml
+++ b/nuclei-templates/2022/CVE-2022-4161-757bd659f9146e7fed02497d3559c2e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_copy_start parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4161
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4161'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-41612-2474a94365b10412bcdef71534b7cdd2.yaml b/nuclei-templates/2022/CVE-2022-41612-2474a94365b10412bcdef71534b7cdd2.yaml
index 4febb04a7d..e43e18fba6 100644
--- a/nuclei-templates/2022/CVE-2022-41612-2474a94365b10412bcdef71534b7cdd2.yaml
+++ b/nuclei-templates/2022/CVE-2022-41612-2474a94365b10412bcdef71534b7cdd2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Similar Posts – Best Related Posts Plugin for WordPress <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Similar Posts – Best Related Posts Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers authenticated as an administrator to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/similar-posts/"
     google-query: inurl:"/wp-content/plugins/similar-posts/"
     shodan-query: 'vuln:CVE-2022-41612'
-  tags: cve,wordpress,wp-plugin,similar-posts,medium
+  tags: cve,wordpress,wp-plugin,similar-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41615-9bc085475e51bc522ac86c43319af153.yaml b/nuclei-templates/2022/CVE-2022-41615-9bc085475e51bc522ac86c43319af153.yaml
index 9f74be5d1c..698b421b39 100644
--- a/nuclei-templates/2022/CVE-2022-41615-9bc085475e51bc522ac86c43319af153.yaml
+++ b/nuclei-templates/2022/CVE-2022-41615-9bc085475e51bc522ac86c43319af153.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Store Locator WordPress <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Store Locator WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.5. This is due to missing or incorrect nonce validation on the handle_request function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/agile-store-locator/"
     google-query: inurl:"/wp-content/plugins/agile-store-locator/"
     shodan-query: 'vuln:CVE-2022-41615'
-  tags: cve,wordpress,wp-plugin,agile-store-locator,high
+  tags: cve,wordpress,wp-plugin,agile-store-locator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41616-e05fa458a1f240ccb4e1b67dcb2e1cc1.yaml b/nuclei-templates/2022/CVE-2022-41616-e05fa458a1f240ccb4e1b67dcb2e1cc1.yaml
index 42206c5183..cf3d1eb64d 100644
--- a/nuclei-templates/2022/CVE-2022-41616-e05fa458a1f240ccb4e1b67dcb2e1cc1.yaml
+++ b/nuclei-templates/2022/CVE-2022-41616-e05fa458a1f240ccb4e1b67dcb2e1cc1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export Users Data CSV <= 2.1 - Authenticated (Subscriber+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Export Users Data CSV plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 2.1. This allows subscriber-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/export-users-data-csv/"
     google-query: inurl:"/wp-content/plugins/export-users-data-csv/"
     shodan-query: 'vuln:CVE-2022-41616'
-  tags: cve,wordpress,wp-plugin,export-users-data-csv,medium
+  tags: cve,wordpress,wp-plugin,export-users-data-csv,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41619-285b140dd354e7b55f93f22538da9394.yaml b/nuclei-templates/2022/CVE-2022-41619-285b140dd354e7b55f93f22538da9394.yaml
index 598ee04c00..937b67de05 100644
--- a/nuclei-templates/2022/CVE-2022-41619-285b140dd354e7b55f93f22538da9394.yaml
+++ b/nuclei-templates/2022/CVE-2022-41619-285b140dd354e7b55f93f22538da9394.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Zoom <= 1.8.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Image Zoom plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several of its AJAX functions in versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke them leading to translation modifications.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-zoom/"
     google-query: inurl:"/wp-content/plugins/image-zoom/"
     shodan-query: 'vuln:CVE-2022-41619'
-  tags: cve,wordpress,wp-plugin,image-zoom,medium
+  tags: cve,wordpress,wp-plugin,image-zoom,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4162-c747e3cc597300516c2ada9764e8c1be.yaml b/nuclei-templates/2022/CVE-2022-4162-c747e3cc597300516c2ada9764e8c1be.yaml
index 11646d00df..558243f5d2 100644
--- a/nuclei-templates/2022/CVE-2022-4162-c747e3cc597300516c2ada9764e8c1be.yaml
+++ b/nuclei-templates/2022/CVE-2022-4162-c747e3cc597300516c2ada9764e8c1be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_row parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4162
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4162'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-41620-2163947a7faebedb99b02ea382f621f0.yaml b/nuclei-templates/2022/CVE-2022-41620-2163947a7faebedb99b02ea382f621f0.yaml
index 565a151567..1856cd136e 100644
--- a/nuclei-templates/2022/CVE-2022-41620-2163947a7faebedb99b02ea382f621f0.yaml
+++ b/nuclei-templates/2022/CVE-2022-41620-2163947a7faebedb99b02ea382f621f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SeoSamba for WordPress Webmasters <= 1.0.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SeoSamba plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seosamba-webmasters/"
     google-query: inurl:"/wp-content/plugins/seosamba-webmasters/"
     shodan-query: 'vuln:CVE-2022-41620'
-  tags: cve,wordpress,wp-plugin,seosamba-webmasters,high
+  tags: cve,wordpress,wp-plugin,seosamba-webmasters,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4163-9c0847af71db5cbde2297c6d8117181e.yaml b/nuclei-templates/2022/CVE-2022-4163-9c0847af71db5cbde2297c6d8117181e.yaml
index 8278741c2b..3414b59144 100644
--- a/nuclei-templates/2022/CVE-2022-4163-9c0847af71db5cbde2297c6d8117181e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4163-9c0847af71db5cbde2297c6d8117181e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_activate and cg_deactivate parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4163
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4163'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-41634-7f361b8e267eec159cd338045858bebf.yaml b/nuclei-templates/2022/CVE-2022-41634-7f361b8e267eec159cd338045858bebf.yaml
index caa1589d95..a0998a5db5 100644
--- a/nuclei-templates/2022/CVE-2022-41634-7f361b8e267eec159cd338045858bebf.yaml
+++ b/nuclei-templates/2022/CVE-2022-41634-7f361b8e267eec159cd338045858bebf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Folders <= 7.1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1.1. This is due to missing nonce validation on the clean_database() function. This makes it possible for unauthenticated attackers to invoke this function and reset the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-plus/"
     google-query: inurl:"/wp-content/plugins/media-library-plus/"
     shodan-query: 'vuln:CVE-2022-41634'
-  tags: cve,wordpress,wp-plugin,media-library-plus,high
+  tags: cve,wordpress,wp-plugin,media-library-plus,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41638-4332f8cf6f6916ee73d377911664daa1.yaml b/nuclei-templates/2022/CVE-2022-41638-4332f8cf6f6916ee73d377911664daa1.yaml
index fb651ee65b..3980feb0a1 100644
--- a/nuclei-templates/2022/CVE-2022-41638-4332f8cf6f6916ee73d377911664daa1.yaml
+++ b/nuclei-templates/2022/CVE-2022-41638-4332f8cf6f6916ee73d377911664daa1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pop-Up Chop Chop <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pop-Up Chop Chop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email_data’ parameter in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pop-up/"
     google-query: inurl:"/wp-content/plugins/pop-up/"
     shodan-query: 'vuln:CVE-2022-41638'
-  tags: cve,wordpress,wp-plugin,pop-up,medium
+  tags: cve,wordpress,wp-plugin,pop-up,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4164-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml b/nuclei-templates/2022/CVE-2022-4164-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml
index 7b9ebc45d9..ee72eb2981 100644
--- a/nuclei-templates/2022/CVE-2022-4164-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml
+++ b/nuclei-templates/2022/CVE-2022-4164-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_multiple_files_for_post parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4164
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4164'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-41640-6d6e0436ccffe0043617b48128024cf4.yaml b/nuclei-templates/2022/CVE-2022-41640-6d6e0436ccffe0043617b48128024cf4.yaml
index cd723261d8..20718a5509 100644
--- a/nuclei-templates/2022/CVE-2022-41640-6d6e0436ccffe0043617b48128024cf4.yaml
+++ b/nuclei-templates/2022/CVE-2022-41640-6d6e0436ccffe0043617b48128024cf4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wholesale Suite <= 2.1.5 - Authenticated (Subscriber+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wholesale Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'role' parameters in versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level, and above, attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-wholesale-prices/"
     google-query: inurl:"/wp-content/plugins/woocommerce-wholesale-prices/"
     shodan-query: 'vuln:CVE-2022-41640'
-  tags: cve,wordpress,wp-plugin,woocommerce-wholesale-prices,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-wholesale-prices,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41643-7dc4797d3de860817ed6ac2d09e72ea4.yaml b/nuclei-templates/2022/CVE-2022-41643-7dc4797d3de860817ed6ac2d09e72ea4.yaml
index d88f7d9d3d..097303f866 100644
--- a/nuclei-templates/2022/CVE-2022-41643-7dc4797d3de860817ed6ac2d09e72ea4.yaml
+++ b/nuclei-templates/2022/CVE-2022-41643-7dc4797d3de860817ed6ac2d09e72ea4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accessibility  <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accessibility plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accessibility/"
     google-query: inurl:"/wp-content/plugins/accessibility/"
     shodan-query: 'vuln:CVE-2022-41643'
-  tags: cve,wordpress,wp-plugin,accessibility,medium
+  tags: cve,wordpress,wp-plugin,accessibility,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4165-f4eafb52aedd774a77d6abb99f32e10c.yaml b/nuclei-templates/2022/CVE-2022-4165-f4eafb52aedd774a77d6abb99f32e10c.yaml
index ec049182cc..2cf3f78e84 100644
--- a/nuclei-templates/2022/CVE-2022-4165-f4eafb52aedd774a77d6abb99f32e10c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4165-f4eafb52aedd774a77d6abb99f32e10c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_order parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4165
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4165'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-41650-d5a15b7cded52d19f32afbdd2169bb8f.yaml b/nuclei-templates/2022/CVE-2022-41650-d5a15b7cded52d19f32afbdd2169bb8f.yaml
index 65b880b0c9..ebf7e493c9 100644
--- a/nuclei-templates/2022/CVE-2022-41650-d5a15b7cded52d19f32afbdd2169bb8f.yaml
+++ b/nuclei-templates/2022/CVE-2022-41650-d5a15b7cded52d19f32afbdd2169bb8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Custom Content by Country plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.2. This is due to missing or incorrect nonce validation on the handleSubmit_main function. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-content-by-country/"
     google-query: inurl:"/wp-content/plugins/custom-content-by-country/"
     shodan-query: 'vuln:CVE-2022-41650'
-  tags: cve,wordpress,wp-plugin,custom-content-by-country,high
+  tags: cve,wordpress,wp-plugin,custom-content-by-country,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41652-cbf15a410baf5df5c6e73ec81eccde3a.yaml b/nuclei-templates/2022/CVE-2022-41652-cbf15a410baf5df5c6e73ec81eccde3a.yaml
index 45da8dae5b..f5d2fb9ca4 100644
--- a/nuclei-templates/2022/CVE-2022-41652-cbf15a410baf5df5c6e73ec81eccde3a.yaml
+++ b/nuclei-templates/2022/CVE-2022-41652-cbf15a410baf5df5c6e73ec81eccde3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 7.3.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quiz And Survey Master plugin for WordPress is vulnerable to authorization bypass due to a missing user validations on the qsm_clear_audit_data function in versions up to, and including, 7.3.10. This makes it possible for unauthenticated attackers to invoke this function and clear audit log data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2022-41652'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41655-6736c43448ceec0a8c35031a10886cda.yaml b/nuclei-templates/2022/CVE-2022-41655-6736c43448ceec0a8c35031a10886cda.yaml
index c28a90c720..4d71a891c0 100644
--- a/nuclei-templates/2022/CVE-2022-41655-6736c43448ceec0a8c35031a10886cda.yaml
+++ b/nuclei-templates/2022/CVE-2022-41655-6736c43448ceec0a8c35031a10886cda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Phone Orders for WooCommerce <= 3.7.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Phone Orders for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_gate function which controls many additional functions also missing capability checks, in versions up to, and including, 3.7.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to obtain order information and other sensitive data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/phone-orders-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/phone-orders-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-41655'
-  tags: cve,wordpress,wp-plugin,phone-orders-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,phone-orders-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41656-b870ae481ac77b6b40f8ab9a7e8f35ed.yaml b/nuclei-templates/2022/CVE-2022-41656-b870ae481ac77b6b40f8ab9a7e8f35ed.yaml
index 15e9b1e38a..20a46a67d4 100644
--- a/nuclei-templates/2022/CVE-2022-41656-b870ae481ac77b6b40f8ab9a7e8f35ed.yaml
+++ b/nuclei-templates/2022/CVE-2022-41656-b870ae481ac77b6b40f8ab9a7e8f35ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Account Manager for WooCommerce <= 2.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Account Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to export sensitive information such as user id, first name, and last name of registered users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/account-manager-woocommerce/"
     google-query: inurl:"/wp-content/plugins/account-manager-woocommerce/"
     shodan-query: 'vuln:CVE-2022-41656'
-  tags: cve,wordpress,wp-plugin,account-manager-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,account-manager-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4166-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml b/nuclei-templates/2022/CVE-2022-4166-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml
index d517990617..b7d2dc8cac 100644
--- a/nuclei-templates/2022/CVE-2022-4166-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml
+++ b/nuclei-templates/2022/CVE-2022-4166-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied addCountS parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4166
   metadata:
-    fofa-query: "wp-content/plugins/contest-gallery/"
-    google-query: inurl:"/wp-content/plugins/contest-gallery/"
+    fofa-query: "wp-content/plugins/contest-gallery-pro/"
+    google-query: inurl:"/wp-content/plugins/contest-gallery-pro/"
     shodan-query: 'vuln:CVE-2022-4166'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "contest-gallery"
+          - "contest-gallery-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-41685-4954ab56551b4ce703a0899a0107deda.yaml b/nuclei-templates/2022/CVE-2022-41685-4954ab56551b4ce703a0899a0107deda.yaml
index ea5e7dbbfb..c8b8cd6ea4 100644
--- a/nuclei-templates/2022/CVE-2022-41685-4954ab56551b4ce703a0899a0107deda.yaml
+++ b/nuclei-templates/2022/CVE-2022-41685-4954ab56551b4ce703a0899a0107deda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Csomagpontok és szállítási címkék WooCommerce hez <= 1.9.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Csomagpontok és szállítási címkék WooCommerce hez plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.0.2. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions ranging from import to label generation, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hungarian-pickup-points-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/hungarian-pickup-points-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-41685'
-  tags: cve,wordpress,wp-plugin,hungarian-pickup-points-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,hungarian-pickup-points-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41685-f7bbd778de1c9c53d31f5ab55d2c4192.yaml b/nuclei-templates/2022/CVE-2022-41685-f7bbd778de1c9c53d31f5ab55d2c4192.yaml
index 4cd0cf961a..615c86c291 100644
--- a/nuclei-templates/2022/CVE-2022-41685-f7bbd778de1c9c53d31f5ab55d2c4192.yaml
+++ b/nuclei-templates/2022/CVE-2022-41685-f7bbd778de1c9c53d31f5ab55d2c4192.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Integration for Szamlazz.hu & WooCommerce <= 5.6.3.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Integration for Szamlazz.hu & WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.6.3.2. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integration-for-szamlazzhu-woocommerce/"
     google-query: inurl:"/wp-content/plugins/integration-for-szamlazzhu-woocommerce/"
     shodan-query: 'vuln:CVE-2022-41685'
-  tags: cve,wordpress,wp-plugin,integration-for-szamlazzhu-woocommerce,high
+  tags: cve,wordpress,wp-plugin,integration-for-szamlazzhu-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4169-f5d278de8a6f52f6b1d00da3aecdfc57.yaml b/nuclei-templates/2022/CVE-2022-4169-f5d278de8a6f52f6b1d00da3aecdfc57.yaml
index 6444f52d40..28b7bb7745 100644
--- a/nuclei-templates/2022/CVE-2022-4169-f5d278de8a6f52f6b1d00da3aecdfc57.yaml
+++ b/nuclei-templates/2022/CVE-2022-4169-f5d278de8a6f52f6b1d00da3aecdfc57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme and plugin translation for Polylang <= 3.2.16 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-translation-for-polylang/"
     google-query: inurl:"/wp-content/plugins/theme-translation-for-polylang/"
     shodan-query: 'vuln:CVE-2022-4169'
-  tags: cve,wordpress,wp-plugin,theme-translation-for-polylang,medium
+  tags: cve,wordpress,wp-plugin,theme-translation-for-polylang,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41692-236c93e0abdcaccaa98b96d0eb756aaf.yaml b/nuclei-templates/2022/CVE-2022-41692-236c93e0abdcaccaa98b96d0eb756aaf.yaml
index 6cc7f0385a..3a7894f7c4 100644
--- a/nuclei-templates/2022/CVE-2022-41692-236c93e0abdcaccaa98b96d0eb756aaf.yaml
+++ b/nuclei-templates/2022/CVE-2022-41692-236c93e0abdcaccaa98b96d0eb756aaf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Hour Booking <= 1.3.71 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appointment Hour Booking plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the cpapphb_feedback function in versions up to, and including, 1.3.71. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to provide plugin feedback.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/appointment-hour-booking/"
     google-query: inurl:"/wp-content/plugins/appointment-hour-booking/"
     shodan-query: 'vuln:CVE-2022-41692'
-  tags: cve,wordpress,wp-plugin,appointment-hour-booking,medium
+  tags: cve,wordpress,wp-plugin,appointment-hour-booking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41695-0cc0200594a7eced582455e86333c795.yaml b/nuclei-templates/2022/CVE-2022-41695-0cc0200594a7eced582455e86333c795.yaml
index c7dd8a443a..ffb329c1e6 100644
--- a/nuclei-templates/2022/CVE-2022-41695-0cc0200594a7eced582455e86333c795.yaml
+++ b/nuclei-templates/2022/CVE-2022-41695-0cc0200594a7eced582455e86333c795.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Traffic Manager <= 1.4.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Traffic Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access functionality or information not intended for them.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/traffic-manager/"
     google-query: inurl:"/wp-content/plugins/traffic-manager/"
     shodan-query: 'vuln:CVE-2022-41695'
-  tags: cve,wordpress,wp-plugin,traffic-manager,medium
+  tags: cve,wordpress,wp-plugin,traffic-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41698-cd6ae30437be0309f27d9b8ec11e2caa.yaml b/nuclei-templates/2022/CVE-2022-41698-cd6ae30437be0309f27d9b8ec11e2caa.yaml
index 010e02487f..37f63f2c85 100644
--- a/nuclei-templates/2022/CVE-2022-41698-cd6ae30437be0309f27d9b8ec11e2caa.yaml
+++ b/nuclei-templates/2022/CVE-2022-41698-cd6ae30437be0309f27d9b8ec11e2caa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     If Menu <= 0.16.3 - Missing Authorization to Admin Settings Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The If Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'action' function in versions up to, and including, 0.16.3. This makes it possible for unauthenticated attackers to modify admin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/if-menu/"
     google-query: inurl:"/wp-content/plugins/if-menu/"
     shodan-query: 'vuln:CVE-2022-41698'
-  tags: cve,wordpress,wp-plugin,if-menu,medium
+  tags: cve,wordpress,wp-plugin,if-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41781-10b89b9db07084a443cbeed71b129af6.yaml b/nuclei-templates/2022/CVE-2022-41781-10b89b9db07084a443cbeed71b129af6.yaml
index c9f6167b10..020a871e72 100644
--- a/nuclei-templates/2022/CVE-2022-41781-10b89b9db07084a443cbeed71b129af6.yaml
+++ b/nuclei-templates/2022/CVE-2022-41781-10b89b9db07084a443cbeed71b129af6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Permalink Manager Lite <= 2.2.20 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Permalink Manager Lite plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the extra_actions function in versions up to, and including, 2.2.20. This makes it possible for unauthenticated attackers to remove URIs, plugin data, and flush sitemaps.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/permalink-manager/"
     google-query: inurl:"/wp-content/plugins/permalink-manager/"
     shodan-query: 'vuln:CVE-2022-41781'
-  tags: cve,wordpress,wp-plugin,permalink-manager,medium
+  tags: cve,wordpress,wp-plugin,permalink-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41785-04b351a32ea4d9e14665cfe5ee1edb27.yaml b/nuclei-templates/2022/CVE-2022-41785-04b351a32ea4d9e14665cfe5ee1edb27.yaml
index c29761d7f6..834260530a 100644
--- a/nuclei-templates/2022/CVE-2022-41785-04b351a32ea4d9e14665cfe5ee1edb27.yaml
+++ b/nuclei-templates/2022/CVE-2022-41785-04b351a32ea4d9e14665cfe5ee1edb27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Images Ape <= 2.2.8 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gallery Images Ape plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-images-ape/"
     google-query: inurl:"/wp-content/plugins/gallery-images-ape/"
     shodan-query: 'vuln:CVE-2022-41785'
-  tags: cve,wordpress,wp-plugin,gallery-images-ape,medium
+  tags: cve,wordpress,wp-plugin,gallery-images-ape,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41786-a5de647c0bebb3ff3775ad99edcea819.yaml b/nuclei-templates/2022/CVE-2022-41786-a5de647c0bebb3ff3775ad99edcea819.yaml
index 85ccdec85b..17e07a0e93 100644
--- a/nuclei-templates/2022/CVE-2022-41786-a5de647c0bebb3ff3775ad99edcea819.yaml
+++ b/nuclei-templates/2022/CVE-2022-41786-a5de647c0bebb3ff3775ad99edcea819.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Job Portal <= 2.0.1 - Missing Authorization to Settings Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Job Portal plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in versions up to, and including, 2.0.1. This makes it possible for unauthenticated attackers to modify plugin settings (e.g., delete the company logo).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-job-portal/"
     google-query: inurl:"/wp-content/plugins/wp-job-portal/"
     shodan-query: 'vuln:CVE-2022-41786'
-  tags: cve,wordpress,wp-plugin,wp-job-portal,medium
+  tags: cve,wordpress,wp-plugin,wp-job-portal,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41788-c15a76ab76b6bacb9d3a014790c1e98c.yaml b/nuclei-templates/2022/CVE-2022-41788-c15a76ab76b6bacb9d3a014790c1e98c.yaml
index 932f67c0a6..1f433b4652 100644
--- a/nuclei-templates/2022/CVE-2022-41788-c15a76ab76b6bacb9d3a014790c1e98c.yaml
+++ b/nuclei-templates/2022/CVE-2022-41788-c15a76ab76b6bacb9d3a014790c1e98c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Soledad <= 8.2.5 - Authenticated (Subscriber+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/soledad/"
     google-query: inurl:"/wp-content/themes/soledad/"
     shodan-query: 'vuln:CVE-2022-41788'
-  tags: cve,wordpress,wp-theme,soledad,medium
+  tags: cve,wordpress,wp-theme,soledad,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41790-23b8ee7d3cf1c8b343f01dee0e6b0127.yaml b/nuclei-templates/2022/CVE-2022-41790-23b8ee7d3cf1c8b343f01dee0e6b0127.yaml
index 59964ba436..63961ccc7b 100644
--- a/nuclei-templates/2022/CVE-2022-41790-23b8ee7d3cf1c8b343f01dee0e6b0127.yaml
+++ b/nuclei-templates/2022/CVE-2022-41790-23b8ee7d3cf1c8b343f01dee0e6b0127.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Time Slots Booking Form <= 1.1.76 - Missing Authorization to Feedback Submission
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Time Slots Booking Form plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the cptslotsb_feedback function in versions up to, and including, 1.1.76. This makes it possible for authenticated  attackers with subscriber access or higher to submit plugin feedback on behalf of the site owner.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-time-slots-booking-form/"
     google-query: inurl:"/wp-content/plugins/wp-time-slots-booking-form/"
     shodan-query: 'vuln:CVE-2022-41790'
-  tags: cve,wordpress,wp-plugin,wp-time-slots-booking-form,medium
+  tags: cve,wordpress,wp-plugin,wp-time-slots-booking-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41791-87d13bf13b6be6962a557c3627b3cfe7.yaml b/nuclei-templates/2022/CVE-2022-41791-87d13bf13b6be6962a557c3627b3cfe7.yaml
index b26aed9e18..4bc68f0d18 100644
--- a/nuclei-templates/2022/CVE-2022-41791-87d13bf13b6be6962a557c3627b3cfe7.yaml
+++ b/nuclei-templates/2022/CVE-2022-41791-87d13bf13b6be6962a557c3627b3cfe7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid <= 5.1.7 - Authenticated (Subscriber+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ProfileGrid plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 5.1.6, via the 'pm_get_csv_single_user_row' function. This allows subscriber-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2022-41791'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41805-761ad1a5f416d5f845100fe45755bedf.yaml b/nuclei-templates/2022/CVE-2022-41805-761ad1a5f416d5f845100fe45755bedf.yaml
index 780686cfa1..2598b16fe2 100644
--- a/nuclei-templates/2022/CVE-2022-41805-761ad1a5f416d5f845100fe45755bedf.yaml
+++ b/nuclei-templates/2022/CVE-2022-41805-761ad1a5f416d5f845100fe45755bedf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 5.6.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2022-41805'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,high
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41831-c8baa9ed85af66dd4a921b8f2c5af1ac.yaml b/nuclei-templates/2022/CVE-2022-41831-c8baa9ed85af66dd4a921b8f2c5af1ac.yaml
index 274c8f6b29..7d1392f6c5 100644
--- a/nuclei-templates/2022/CVE-2022-41831-c8baa9ed85af66dd4a921b8f2c5af1ac.yaml
+++ b/nuclei-templates/2022/CVE-2022-41831-c8baa9ed85af66dd4a921b8f2c5af1ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Glossary <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Glossary plugin for WordPress is vulnerable to Stored Cross-Site Scripting versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-glossary/"
     google-query: inurl:"/wp-content/plugins/wp-glossary/"
     shodan-query: 'vuln:CVE-2022-41831'
-  tags: cve,wordpress,wp-plugin,wp-glossary,medium
+  tags: cve,wordpress,wp-plugin,wp-glossary,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41839-ff3790cb0753cd7ef435623008e69310.yaml b/nuclei-templates/2022/CVE-2022-41839-ff3790cb0753cd7ef435623008e69310.yaml
index c7d0956930..f6b2558937 100644
--- a/nuclei-templates/2022/CVE-2022-41839-ff3790cb0753cd7ef435623008e69310.yaml
+++ b/nuclei-templates/2022/CVE-2022-41839-ff3790cb0753cd7ef435623008e69310.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LoginPress | Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LoginPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability checks in versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to change the Opt-In or Opt-Out tracking settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/loginpress/"
     google-query: inurl:"/wp-content/plugins/loginpress/"
     shodan-query: 'vuln:CVE-2022-41839'
-  tags: cve,wordpress,wp-plugin,loginpress,medium
+  tags: cve,wordpress,wp-plugin,loginpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4196-447bef3440e263d45c541524d37bf6b4.yaml b/nuclei-templates/2022/CVE-2022-4196-447bef3440e263d45c541524d37bf6b4.yaml
index ee57c19006..c7ace47d58 100644
--- a/nuclei-templates/2022/CVE-2022-4196-447bef3440e263d45c541524d37bf6b4.yaml
+++ b/nuclei-templates/2022/CVE-2022-4196-447bef3440e263d45c541524d37bf6b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multi Step Form <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Multi Step Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its form fields in versions up to, and including, 1.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multi-step-form/"
     google-query: inurl:"/wp-content/plugins/multi-step-form/"
     shodan-query: 'vuln:CVE-2022-4196'
-  tags: cve,wordpress,wp-plugin,multi-step-form,medium
+  tags: cve,wordpress,wp-plugin,multi-step-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4197-3ca395cf4457963d99cc7df0953a3124.yaml b/nuclei-templates/2022/CVE-2022-4197-3ca395cf4457963d99cc7df0953a3124.yaml
index 8c245330e8..a37fd9a40a 100644
--- a/nuclei-templates/2022/CVE-2022-4197-3ca395cf4457963d99cc7df0953a3124.yaml
+++ b/nuclei-templates/2022/CVE-2022-4197-3ca395cf4457963d99cc7df0953a3124.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sliderby10Web <= 1.2.52 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sliderby10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via slider row links in versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-wd/"
     google-query: inurl:"/wp-content/plugins/slider-wd/"
     shodan-query: 'vuln:CVE-2022-4197'
-  tags: cve,wordpress,wp-plugin,slider-wd,medium
+  tags: cve,wordpress,wp-plugin,slider-wd,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41978-8e8dcc759eccd2518e9fba14e695c093.yaml b/nuclei-templates/2022/CVE-2022-41978-8e8dcc759eccd2518e9fba14e695c093.yaml
index c2e8ef6692..ce978b64ea 100644
--- a/nuclei-templates/2022/CVE-2022-41978-8e8dcc759eccd2518e9fba14e695c093.yaml
+++ b/nuclei-templates/2022/CVE-2022-41978-8e8dcc759eccd2518e9fba14e695c093.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zoho CRM Lead Magnet  <= 1.7.5.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Zoho CRM Lead Magnet plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on one of its functions in versions up to, and including, 1.7.5.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update arbitrary options that can used to enable user registration and create administrative user accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zoho-crm-forms/"
     google-query: inurl:"/wp-content/plugins/zoho-crm-forms/"
     shodan-query: 'vuln:CVE-2022-41978'
-  tags: cve,wordpress,wp-plugin,zoho-crm-forms,high
+  tags: cve,wordpress,wp-plugin,zoho-crm-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4198-bde0dbf50dee086cf6c52ee659134929.yaml b/nuclei-templates/2022/CVE-2022-4198-bde0dbf50dee086cf6c52ee659134929.yaml
index 274c98a6ce..b0282a73f7 100644
--- a/nuclei-templates/2022/CVE-2022-4198-bde0dbf50dee086cf6c52ee659134929.yaml
+++ b/nuclei-templates/2022/CVE-2022-4198-bde0dbf50dee086cf6c52ee659134929.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Social Sharing <= 2.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-social-sharing/"
     google-query: inurl:"/wp-content/plugins/wp-social-sharing/"
     shodan-query: 'vuln:CVE-2022-4198'
-  tags: cve,wordpress,wp-plugin,wp-social-sharing,medium
+  tags: cve,wordpress,wp-plugin,wp-social-sharing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41980-a43440257ec4eba085c1ac2ce540e1bf.yaml b/nuclei-templates/2022/CVE-2022-41980-a43440257ec4eba085c1ac2ce540e1bf.yaml
index 73a113eb80..c3ed13498d 100644
--- a/nuclei-templates/2022/CVE-2022-41980-a43440257ec4eba085c1ac2ce540e1bf.yaml
+++ b/nuclei-templates/2022/CVE-2022-41980-a43440257ec4eba085c1ac2ce540e1bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mantenimiento web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mantenimiento-web/"
     google-query: inurl:"/wp-content/plugins/mantenimiento-web/"
     shodan-query: 'vuln:CVE-2022-41980'
-  tags: cve,wordpress,wp-plugin,mantenimiento-web,medium
+  tags: cve,wordpress,wp-plugin,mantenimiento-web,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4199-89d3c8a11ff10e6756f75032f0181833.yaml b/nuclei-templates/2022/CVE-2022-4199-89d3c8a11ff10e6756f75032f0181833.yaml
index 05a9cedb0f..6c7bb808ec 100644
--- a/nuclei-templates/2022/CVE-2022-4199-89d3c8a11ff10e6756f75032f0181833.yaml
+++ b/nuclei-templates/2022/CVE-2022-4199-89d3c8a11ff10e6756f75032f0181833.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link Library <= 7.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-library/"
     google-query: inurl:"/wp-content/plugins/link-library/"
     shodan-query: 'vuln:CVE-2022-4199'
-  tags: cve,wordpress,wp-plugin,link-library,medium
+  tags: cve,wordpress,wp-plugin,link-library,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41995-e82a3788d5ee1ba0ec33b3e0db2276c0.yaml b/nuclei-templates/2022/CVE-2022-41995-e82a3788d5ee1ba0ec33b3e0db2276c0.yaml
index ae0d359a05..8c202f811d 100644
--- a/nuclei-templates/2022/CVE-2022-41995-e82a3788d5ee1ba0ec33b3e0db2276c0.yaml
+++ b/nuclei-templates/2022/CVE-2022-41995-e82a3788d5ee1ba0ec33b3e0db2276c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Images Ape <= 2.2.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gallery Images Ape plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when modifying galleries in versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to duplicate galleries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-images-ape/"
     google-query: inurl:"/wp-content/plugins/gallery-images-ape/"
     shodan-query: 'vuln:CVE-2022-41995'
-  tags: cve,wordpress,wp-plugin,gallery-images-ape,medium
+  tags: cve,wordpress,wp-plugin,gallery-images-ape,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-41996-f93d99515ef4e6bdea2dd530448d23e4.yaml b/nuclei-templates/2022/CVE-2022-41996-f93d99515ef4e6bdea2dd530448d23e4.yaml
index 1051691bb3..4b1169ad82 100644
--- a/nuclei-templates/2022/CVE-2022-41996-f93d99515ef4e6bdea2dd530448d23e4.yaml
+++ b/nuclei-templates/2022/CVE-2022-41996-f93d99515ef4e6bdea2dd530448d23e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 7.8.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Avada theme for WordPress is vulnerable to Cross-Site Request forgery in versions up to, and including, 7.8.1 in class-avada-admin.php. This allows unauthenticated attackers to perform actions on behalf of an administrator if they can trick that administrator into performing an action, such as clicking a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2022-41996'
-  tags: cve,wordpress,wp-theme,Avada,high
+  tags: cve,wordpress,wp-theme,Avada,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4200-29259c5b25c72133b49fdd41585cc3d7.yaml b/nuclei-templates/2022/CVE-2022-4200-29259c5b25c72133b49fdd41585cc3d7.yaml
index 6b464bfd3c..a1d6cdbe2e 100644
--- a/nuclei-templates/2022/CVE-2022-4200-29259c5b25c72133b49fdd41585cc3d7.yaml
+++ b/nuclei-templates/2022/CVE-2022-4200-29259c5b25c72133b49fdd41585cc3d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login with Cognito <= 1.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login with Cognito plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-cognito/"
     google-query: inurl:"/wp-content/plugins/login-with-cognito/"
     shodan-query: 'vuln:CVE-2022-4200'
-  tags: cve,wordpress,wp-plugin,login-with-cognito,medium
+  tags: cve,wordpress,wp-plugin,login-with-cognito,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4207-cb1c5b7fa2f66db14c90c48d844c8b70.yaml b/nuclei-templates/2022/CVE-2022-4207-cb1c5b7fa2f66db14c90c48d844c8b70.yaml
index bc7ddb1ad9..81bb14749e 100644
--- a/nuclei-templates/2022/CVE-2022-4207-cb1c5b7fa2f66db14c90c48d844c8b70.yaml
+++ b/nuclei-templates/2022/CVE-2022-4207-cb1c5b7fa2f66db14c90c48d844c8b70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects Ultimate 9.8.1 - 9.8.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-ultimate/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/"
     shodan-query: 'vuln:CVE-2022-4207'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,medium
+  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4216-53813c475afa70818392401295ac8091.yaml b/nuclei-templates/2022/CVE-2022-4216-53813c475afa70818392401295ac8091.yaml
index 945430c384..4ef9cc18bd 100644
--- a/nuclei-templates/2022/CVE-2022-4216-53813c475afa70818392401295ac8091.yaml
+++ b/nuclei-templates/2022/CVE-2022-4216-53813c475afa70818392401295ac8091.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chained-quiz/"
     google-query: inurl:"/wp-content/plugins/chained-quiz/"
     shodan-query: 'vuln:CVE-2022-4216'
-  tags: cve,wordpress,wp-plugin,chained-quiz,medium
+  tags: cve,wordpress,wp-plugin,chained-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4217-18bb670f149f3ce453ab41abb0ba94e6.yaml b/nuclei-templates/2022/CVE-2022-4217-18bb670f149f3ce453ab41abb0ba94e6.yaml
index a4a79cf1d5..81632c8810 100644
--- a/nuclei-templates/2022/CVE-2022-4217-18bb670f149f3ce453ab41abb0ba94e6.yaml
+++ b/nuclei-templates/2022/CVE-2022-4217-18bb670f149f3ce453ab41abb0ba94e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chained-quiz/"
     google-query: inurl:"/wp-content/plugins/chained-quiz/"
     shodan-query: 'vuln:CVE-2022-4217'
-  tags: cve,wordpress,wp-plugin,chained-quiz,medium
+  tags: cve,wordpress,wp-plugin,chained-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4226-24b6c342cef1d8274544190481da6dc0.yaml b/nuclei-templates/2022/CVE-2022-4226-24b6c342cef1d8274544190481da6dc0.yaml
index 6e55dcfc16..75fccdbafa 100644
--- a/nuclei-templates/2022/CVE-2022-4226-24b6c342cef1d8274544190481da6dc0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4226-24b6c342cef1d8274544190481da6dc0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Basic Contact Form <= 20220207 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Basic Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 20220207 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-basic-contact-form/"
     google-query: inurl:"/wp-content/plugins/simple-basic-contact-form/"
     shodan-query: 'vuln:CVE-2022-4226'
-  tags: cve,wordpress,wp-plugin,simple-basic-contact-form,medium
+  tags: cve,wordpress,wp-plugin,simple-basic-contact-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4227-882bdd3fdb6681642f156a22924c9a36.yaml b/nuclei-templates/2022/CVE-2022-4227-882bdd3fdb6681642f156a22924c9a36.yaml
index b4c235153c..9b206d6d72 100644
--- a/nuclei-templates/2022/CVE-2022-4227-882bdd3fdb6681642f156a22924c9a36.yaml
+++ b/nuclei-templates/2022/CVE-2022-4227-882bdd3fdb6681642f156a22924c9a36.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2022-4227
   metadata:
-    fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/"
-    google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/"
+    fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/"
+    google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-4227'
-  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "booster-plus-for-woocommerce"
+          - "booster-elite-for-woocommerce"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-4230-5cdc77b83509c234be9fd2621b4d50a6.yaml b/nuclei-templates/2022/CVE-2022-4230-5cdc77b83509c234be9fd2621b4d50a6.yaml
index 1e5b7b0453..d48a2e9633 100644
--- a/nuclei-templates/2022/CVE-2022-4230-5cdc77b83509c234be9fd2621b4d50a6.yaml
+++ b/nuclei-templates/2022/CVE-2022-4230-5cdc77b83509c234be9fd2621b4d50a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 13.2.8 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Statistics plugin for WordPress is vulnerable to SQL Injection via the $search_engine value in versions up to, and including, 13.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:CVE-2022-4230'
-  tags: cve,wordpress,wp-plugin,wp-statistics,high
+  tags: cve,wordpress,wp-plugin,wp-statistics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4236-defc78f281b1b753471f78628f828031.yaml b/nuclei-templates/2022/CVE-2022-4236-defc78f281b1b753471f78628f828031.yaml
index fbbd868591..ed9e234662 100644
--- a/nuclei-templates/2022/CVE-2022-4236-defc78f281b1b753471f78628f828031.yaml
+++ b/nuclei-templates/2022/CVE-2022-4236-defc78f281b1b753471f78628f828031.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to arbitrary file read due to missing restrictions to proper file paths in one of its AJAX actions in versions 2.6.10-2.8.4. This makes it possible for authenticated attackers, with subscriber-level access and higher, to read arbitrary files on the affected sites server leading to information disclosure.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2022-4236'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4237-2ff5131571517bfee0f572e860d19db4.yaml b/nuclei-templates/2022/CVE-2022-4237-2ff5131571517bfee0f572e860d19db4.yaml
index 8be7b2bd0e..06d6fdaf44 100644
--- a/nuclei-templates/2022/CVE-2022-4237-2ff5131571517bfee0f572e860d19db4.yaml
+++ b/nuclei-templates/2022/CVE-2022-4237-2ff5131571517bfee0f572e860d19db4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to Information Disclosure due to missing capability checks on the wel_check_progress_ajax AJAX action in versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read certain log files maintained by the plugin leading to information disclosure. While the log file names are known and are directly accessible via browser on a server that is configured to serve .txt and .log files, the vulnerability allows attackers to access log files on other sites sharing the same server and also provides the ability to read such log files even if direct access is forbidden. Furthermore, the plugin is vulnerable to deserialization of untrusted input via the 'progressfile ' parameter. This makes it possible for attackers to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2022-4237'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4242-8f14563b89ae2fb865ea87d5f251bc48.yaml b/nuclei-templates/2022/CVE-2022-4242-8f14563b89ae2fb865ea87d5f251bc48.yaml
index 83dc880474..839e804097 100644
--- a/nuclei-templates/2022/CVE-2022-4242-8f14563b89ae2fb865ea87d5f251bc48.yaml
+++ b/nuclei-templates/2022/CVE-2022-4242-8f14563b89ae2fb865ea87d5f251bc48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Review Slider <= 11.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Google Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 11.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-places-review-slider/"
     google-query: inurl:"/wp-content/plugins/wp-google-places-review-slider/"
     shodan-query: 'vuln:CVE-2022-4242'
-  tags: cve,wordpress,wp-plugin,wp-google-places-review-slider,medium
+  tags: cve,wordpress,wp-plugin,wp-google-places-review-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4243-9741c51413af2327faa27cd2e2fade6e.yaml b/nuclei-templates/2022/CVE-2022-4243-9741c51413af2327faa27cd2e2fade6e.yaml
index 2d2916cd78..61a238c2b9 100644
--- a/nuclei-templates/2022/CVE-2022-4243-9741c51413af2327faa27cd2e2fade6e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4243-9741c51413af2327faa27cd2e2fade6e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageInject <= 1.18 - Authenticated (Admin+) Stored XSS
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ImageInject plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 1.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-inject/"
     google-query: inurl:"/wp-content/plugins/wp-inject/"
     shodan-query: 'vuln:CVE-2022-4243'
-  tags: cve,wordpress,wp-plugin,wp-inject,medium
+  tags: cve,wordpress,wp-plugin,wp-inject,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-42459-617785fa7c971048a906a08d626203c0.yaml b/nuclei-templates/2022/CVE-2022-42459-617785fa7c971048a906a08d626203c0.yaml
index f0ea6f2d04..2163640764 100644
--- a/nuclei-templates/2022/CVE-2022-42459-617785fa7c971048a906a08d626203c0.yaml
+++ b/nuclei-templates/2022/CVE-2022-42459-617785fa7c971048a906a08d626203c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects Ultimate <= 9.7.1 - Authenticated (Admin+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Arbitrary Options Update in versions up to, and including, 9.7.1. This is due to a lack of validation on the settings supplied to the post_oxi_settings() function. This makes it possible for authenticated attackers, with administrative level permissions, to update arbitrary options on the WordPress site. This would only affect sites where the administrator has been restricted to not 'manage_options' or the administrator has allowed users with lower permissions to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-ultimate/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/"
     shodan-query: 'vuln:CVE-2022-42459'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,high
+  tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-42460-1b0051f6cdacf52fc28a89570f274917.yaml b/nuclei-templates/2022/CVE-2022-42460-1b0051f6cdacf52fc28a89570f274917.yaml
index 82c272af75..fccc85df5a 100644
--- a/nuclei-templates/2022/CVE-2022-42460-1b0051f6cdacf52fc28a89570f274917.yaml
+++ b/nuclei-templates/2022/CVE-2022-42460-1b0051f6cdacf52fc28a89570f274917.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Traffic Manager <= 1.4.5 - Missing Authorization to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Traffic Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/traffic-manager/"
     google-query: inurl:"/wp-content/plugins/traffic-manager/"
     shodan-query: 'vuln:CVE-2022-42460'
-  tags: cve,wordpress,wp-plugin,traffic-manager,medium
+  tags: cve,wordpress,wp-plugin,traffic-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-42461-8c3657d5aee544c7f980b9786567d40a.yaml b/nuclei-templates/2022/CVE-2022-42461-8c3657d5aee544c7f980b9786567d40a.yaml
index eec55fae9f..c3c6245c40 100644
--- a/nuclei-templates/2022/CVE-2022-42461-8c3657d5aee544c7f980b9786567d40a.yaml
+++ b/nuclei-templates/2022/CVE-2022-42461-8c3657d5aee544c7f980b9786567d40a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     miniOrange's Google Authenticator <= 5.6.1 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-2-factor-authentication/"
     google-query: inurl:"/wp-content/plugins/miniorange-2-factor-authentication/"
     shodan-query: 'vuln:CVE-2022-42461'
-  tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,medium
+  tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-42462-aea3cbfb921c1d1330c879b8f85a35d1.yaml b/nuclei-templates/2022/CVE-2022-42462-aea3cbfb921c1d1330c879b8f85a35d1.yaml
index 8592a45554..dca1456b56 100644
--- a/nuclei-templates/2022/CVE-2022-42462-aea3cbfb921c1d1330c879b8f85a35d1.yaml
+++ b/nuclei-templates/2022/CVE-2022-42462-aea3cbfb921c1d1330c879b8f85a35d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The IP Blacklist Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ip-blacklist-cloud/"
     google-query: inurl:"/wp-content/plugins/ip-blacklist-cloud/"
     shodan-query: 'vuln:CVE-2022-42462'
-  tags: cve,wordpress,wp-plugin,ip-blacklist-cloud,medium
+  tags: cve,wordpress,wp-plugin,ip-blacklist-cloud,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-42479-33c4d0a0f515bd1cedf9cdcf55231d10.yaml b/nuclei-templates/2022/CVE-2022-42479-33c4d0a0f515bd1cedf9cdcf55231d10.yaml
index b0cd1c9da4..5da715a13b 100644
--- a/nuclei-templates/2022/CVE-2022-42479-33c4d0a0f515bd1cedf9cdcf55231d10.yaml
+++ b/nuclei-templates/2022/CVE-2022-42479-33c4d0a0f515bd1cedf9cdcf55231d10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Soledad <= 8.2.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Soledad plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on one of its functions in versions up to, and including, 8.2.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function that was not intended for their use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/soledad/"
     google-query: inurl:"/wp-content/themes/soledad/"
     shodan-query: 'vuln:CVE-2022-42479'
-  tags: cve,wordpress,wp-theme,soledad,medium
+  tags: cve,wordpress,wp-theme,soledad,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-42485-1a1fe1dc5dd307bb721b18dad6e53951.yaml b/nuclei-templates/2022/CVE-2022-42485-1a1fe1dc5dd307bb721b18dad6e53951.yaml
index a8fc5bca12..cd28a1f526 100644
--- a/nuclei-templates/2022/CVE-2022-42485-1a1fe1dc5dd307bb721b18dad6e53951.yaml
+++ b/nuclei-templates/2022/CVE-2022-42485-1a1fe1dc5dd307bb721b18dad6e53951.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery with thumbnail slider <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gallery with thumbnail slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.0 due to insufficient input sanitization and output escaping on the plugin's settings. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-with-thumbnail-slider/"
     google-query: inurl:"/wp-content/plugins/gallery-with-thumbnail-slider/"
     shodan-query: 'vuln:CVE-2022-42485'
-  tags: cve,wordpress,wp-plugin,gallery-with-thumbnail-slider,medium
+  tags: cve,wordpress,wp-plugin,gallery-with-thumbnail-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-42494-ed79806268ad8e12ebf6df82f872530a.yaml b/nuclei-templates/2022/CVE-2022-42494-ed79806268ad8e12ebf6df82f872530a.yaml
index a06d9b3b3f..5f0fbd45a9 100644
--- a/nuclei-templates/2022/CVE-2022-42494-ed79806268ad8e12ebf6df82f872530a.yaml
+++ b/nuclei-templates/2022/CVE-2022-42494-ed79806268ad8e12ebf6df82f872530a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO Pro <= 4.2.5.1 - Authenticated (Admin+) Server Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All in One SEO Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 4.2.5.1 due to missing nonce checks and hostname validation.  This makes it possible for authenticated users, with administrative privileges, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack-pro/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack-pro/"
     shodan-query: 'vuln:CVE-2022-42494'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack-pro,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4256-20b8b7b7f0087daadf58f3d74ba2a999.yaml b/nuclei-templates/2022/CVE-2022-4256-20b8b7b7f0087daadf58f3d74ba2a999.yaml
index 5d41dcf8d6..1e624c28a7 100644
--- a/nuclei-templates/2022/CVE-2022-4256-20b8b7b7f0087daadf58f3d74ba2a999.yaml
+++ b/nuclei-templates/2022/CVE-2022-4256-20b8b7b7f0087daadf58f3d74ba2a999.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-One Addons for Elementor - WidgetKit <= 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All-in-One Addons for Elementor - WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widgetkit-for-elementor/"
     google-query: inurl:"/wp-content/plugins/widgetkit-for-elementor/"
     shodan-query: 'vuln:CVE-2022-4256'
-  tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4260-012d37d1a0419e2b4d417ad1bf8624b8.yaml b/nuclei-templates/2022/CVE-2022-4260-012d37d1a0419e2b4d417ad1bf8624b8.yaml
index 6e9bf91eb2..7877d847fb 100644
--- a/nuclei-templates/2022/CVE-2022-4260-012d37d1a0419e2b4d417ad1bf8624b8.yaml
+++ b/nuclei-templates/2022/CVE-2022-4260-012d37d1a0419e2b4d417ad1bf8624b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Ban <= 1.69 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Ban plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 1.69 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ban/"
     google-query: inurl:"/wp-content/plugins/wp-ban/"
     shodan-query: 'vuln:CVE-2022-4260'
-  tags: cve,wordpress,wp-plugin,wp-ban,medium
+  tags: cve,wordpress,wp-plugin,wp-ban,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4265-77c6557ed6d5a269f424f3a44bdb8307.yaml b/nuclei-templates/2022/CVE-2022-4265-77c6557ed6d5a269f424f3a44bdb8307.yaml
index 22a2774e7f..49f3c7db70 100644
--- a/nuclei-templates/2022/CVE-2022-4265-77c6557ed6d5a269f424f3a44bdb8307.yaml
+++ b/nuclei-templates/2022/CVE-2022-4265-77c6557ed6d5a269f424f3a44bdb8307.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Replyable – Subscribe to Comments and Reply by Email <= 2.2.9 - Authenticated (Subscriber+) PHP Object Injection via prompt_dismiss_notice
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Replyable plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.9 via deserialization of untrusted input from the 'class' parameter used by the prompt_dismiss_notice AJAX action. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/postmatic/"
     google-query: inurl:"/wp-content/plugins/postmatic/"
     shodan-query: 'vuln:CVE-2022-4265'
-  tags: cve,wordpress,wp-plugin,postmatic,high
+  tags: cve,wordpress,wp-plugin,postmatic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4266-66ff52bda667dbc0abbc88dbfecf89ff.yaml b/nuclei-templates/2022/CVE-2022-4266-66ff52bda667dbc0abbc88dbfecf89ff.yaml
index cfc0cf54ac..e54f88fae2 100644
--- a/nuclei-templates/2022/CVE-2022-4266-66ff52bda667dbc0abbc88dbfecf89ff.yaml
+++ b/nuclei-templates/2022/CVE-2022-4266-66ff52bda667dbc0abbc88dbfecf89ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bulk Delete Users by Email <= 1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Bulk Delete Users by Email plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the baw_settings_page function. This makes it possible for unauthenticated attackers to delete users, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-delete-users-by-email/"
     google-query: inurl:"/wp-content/plugins/bulk-delete-users-by-email/"
     shodan-query: 'vuln:CVE-2022-4266'
-  tags: cve,wordpress,wp-plugin,bulk-delete-users-by-email,high
+  tags: cve,wordpress,wp-plugin,bulk-delete-users-by-email,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4268-c9f14b3efd68aaad972afe4c5e7676c3.yaml b/nuclei-templates/2022/CVE-2022-4268-c9f14b3efd68aaad972afe4c5e7676c3.yaml
index 83dfafab64..6ff0c77ce5 100644
--- a/nuclei-templates/2022/CVE-2022-4268-c9f14b3efd68aaad972afe4c5e7676c3.yaml
+++ b/nuclei-templates/2022/CVE-2022-4268-c9f14b3efd68aaad972afe4c5e7676c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plugin Logic <= 1.0.7 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Plugin Logic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/plugin-logic/"
     google-query: inurl:"/wp-content/plugins/plugin-logic/"
     shodan-query: 'vuln:CVE-2022-4268'
-  tags: cve,wordpress,wp-plugin,plugin-logic,high
+  tags: cve,wordpress,wp-plugin,plugin-logic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-42699-e3ac7cfb196d6042fdf4cb82d4ed4384.yaml b/nuclei-templates/2022/CVE-2022-42699-e3ac7cfb196d6042fdf4cb82d4ed4384.yaml
index 322f635cf9..2506c48091 100644
--- a/nuclei-templates/2022/CVE-2022-42699-e3ac7cfb196d6042fdf4cb82d4ed4384.yaml
+++ b/nuclei-templates/2022/CVE-2022-42699-e3ac7cfb196d6042fdf4cb82d4ed4384.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Easy WP SMTP plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.5.1 possibly via the 'admin_init' function (as part of the SMTP import/export functionality). This allows administrator-level attackers to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-wp-smtp/"
     google-query: inurl:"/wp-content/plugins/easy-wp-smtp/"
     shodan-query: 'vuln:CVE-2022-42699'
-  tags: cve,wordpress,wp-plugin,easy-wp-smtp,high
+  tags: cve,wordpress,wp-plugin,easy-wp-smtp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-42880-e720f99baaecf49f6cf9a7d54ee9d187.yaml b/nuclei-templates/2022/CVE-2022-42880-e720f99baaecf49f6cf9a7d54ee9d187.yaml
index d0f4443349..9b73a96fc2 100644
--- a/nuclei-templates/2022/CVE-2022-42880-e720f99baaecf49f6cf9a7d54ee9d187.yaml
+++ b/nuclei-templates/2022/CVE-2022-42880-e720f99baaecf49f6cf9a7d54ee9d187.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Upload Images <= 3.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Auto Upload Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3. This is due to missing or incorrect nonce validation on the settingPage function. This makes it possible for unauthenticated attackers to change the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-upload-images/"
     google-query: inurl:"/wp-content/plugins/auto-upload-images/"
     shodan-query: 'vuln:CVE-2022-42880'
-  tags: cve,wordpress,wp-plugin,auto-upload-images,high
+  tags: cve,wordpress,wp-plugin,auto-upload-images,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-42884-41ebdf42bbd34392f33d2e300bcf1f22.yaml b/nuclei-templates/2022/CVE-2022-42884-41ebdf42bbd34392f33d2e300bcf1f22.yaml
index 3cdcdaaa27..05ae8f83a2 100644
--- a/nuclei-templates/2022/CVE-2022-42884-41ebdf42bbd34392f33d2e300bcf1f22.yaml
+++ b/nuclei-templates/2022/CVE-2022-42884-41ebdf42bbd34392f33d2e300bcf1f22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WIP Custom Login <= 1.2.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WIP Custom Login plugin for WordPress is vulnerable to authorization bypass due to a missing capability and nonce check on several the wip_custom_login_backup_reset action in versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke the function to reset the plugin's back-up.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wip-custom-login/"
     google-query: inurl:"/wp-content/plugins/wip-custom-login/"
     shodan-query: 'vuln:CVE-2022-42884'
-  tags: cve,wordpress,wp-plugin,wip-custom-login,medium
+  tags: cve,wordpress,wp-plugin,wip-custom-login,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4290-dfe9d916adc4339b514e6f246a1ff502.yaml b/nuclei-templates/2022/CVE-2022-4290-dfe9d916adc4339b514e6f246a1ff502.yaml
index 5fe3f9511d..4a1207d372 100644
--- a/nuclei-templates/2022/CVE-2022-4290-dfe9d916adc4339b514e6f246a1ff502.yaml
+++ b/nuclei-templates/2022/CVE-2022-4290-dfe9d916adc4339b514e6f246a1ff502.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cyr to Lat <= 3.5 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cyr3lat/"
     google-query: inurl:"/wp-content/plugins/cyr3lat/"
     shodan-query: 'vuln:CVE-2022-4290'
-  tags: cve,wordpress,wp-plugin,cyr3lat,high
+  tags: cve,wordpress,wp-plugin,cyr3lat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4297-8757d0b374234a37718f99a73c9ea57a.yaml b/nuclei-templates/2022/CVE-2022-4297-8757d0b374234a37718f99a73c9ea57a.yaml
index c9195e915b..99eae7b5ac 100644
--- a/nuclei-templates/2022/CVE-2022-4297-8757d0b374234a37718f99a73c9ea57a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4297-8757d0b374234a37718f99a73c9ea57a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP AutoComplete Search <= 1.0.4 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP AutoComplete Search plugin for WordPress is vulnerable to SQL Injection via an AJAX action in versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-autosearch/"
     google-query: inurl:"/wp-content/plugins/wp-autosearch/"
     shodan-query: 'vuln:CVE-2022-4297'
-  tags: cve,wordpress,wp-plugin,wp-autosearch,high
+  tags: cve,wordpress,wp-plugin,wp-autosearch,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4299-7746f8e1b3332b64c44418f10c52b872.yaml b/nuclei-templates/2022/CVE-2022-4299-7746f8e1b3332b64c44418f10c52b872.yaml
index 61a245369c..0786197ed5 100644
--- a/nuclei-templates/2022/CVE-2022-4299-7746f8e1b3332b64c44418f10c52b872.yaml
+++ b/nuclei-templates/2022/CVE-2022-4299-7746f8e1b3332b64c44418f10c52b872.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metricool <= 1.17 - Authenticated (Administrator+) Stored Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metricool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metricool/"
     google-query: inurl:"/wp-content/plugins/metricool/"
     shodan-query: 'vuln:CVE-2022-4299'
-  tags: cve,wordpress,wp-plugin,metricool,medium
+  tags: cve,wordpress,wp-plugin,metricool,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4302-84f16791aafe87d42cf363331892fb65.yaml b/nuclei-templates/2022/CVE-2022-4302-84f16791aafe87d42cf363331892fb65.yaml
index 473613d5f8..8c226a746d 100644
--- a/nuclei-templates/2022/CVE-2022-4302-84f16791aafe87d42cf363331892fb65.yaml
+++ b/nuclei-templates/2022/CVE-2022-4302-84f16791aafe87d42cf363331892fb65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     White Label CMS <= 2.4 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The White Label CMS plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.4 via deserialization of untrusted input in the legacy_import function. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/white-label-cms/"
     google-query: inurl:"/wp-content/plugins/white-label-cms/"
     shodan-query: 'vuln:CVE-2022-4302'
-  tags: cve,wordpress,wp-plugin,white-label-cms,high
+  tags: cve,wordpress,wp-plugin,white-label-cms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4309-914f38027718514db2df33bcbfa5d9b6.yaml b/nuclei-templates/2022/CVE-2022-4309-914f38027718514db2df33bcbfa5d9b6.yaml
index 1b820b71cb..97af201b73 100644
--- a/nuclei-templates/2022/CVE-2022-4309-914f38027718514db2df33bcbfa5d9b6.yaml
+++ b/nuclei-templates/2022/CVE-2022-4309-914f38027718514db2df33bcbfa5d9b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Subscribe2 <= 10.37 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.37. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete users, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/subscribe2/"
     google-query: inurl:"/wp-content/plugins/subscribe2/"
     shodan-query: 'vuln:CVE-2022-4309'
-  tags: cve,wordpress,wp-plugin,subscribe2,high
+  tags: cve,wordpress,wp-plugin,subscribe2,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4323-b8c54b7d77df783a3aa06fe35c635411.yaml b/nuclei-templates/2022/CVE-2022-4323-b8c54b7d77df783a3aa06fe35c635411.yaml
index 180daf805c..0a26a680c9 100644
--- a/nuclei-templates/2022/CVE-2022-4323-b8c54b7d77df783a3aa06fe35c635411.yaml
+++ b/nuclei-templates/2022/CVE-2022-4323-b8c54b7d77df783a3aa06fe35c635411.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Google Analyticator plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.5.5 via deserialization of untrusted input. This allows administrator-level attackers to inject a PHP Object. The additional presence of a POP chain in the vulnerable plugin may allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analyticator/"
     google-query: inurl:"/wp-content/plugins/google-analyticator/"
     shodan-query: 'vuln:CVE-2022-4323'
-  tags: cve,wordpress,wp-plugin,google-analyticator,high
+  tags: cve,wordpress,wp-plugin,google-analyticator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4324-41a8bca5b4e509ff5992617799743aa0.yaml b/nuclei-templates/2022/CVE-2022-4324-41a8bca5b4e509ff5992617799743aa0.yaml
index 91847299fc..f25bded848 100644
--- a/nuclei-templates/2022/CVE-2022-4324-41a8bca5b4e509ff5992617799743aa0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4324-41a8bca5b4e509ff5992617799743aa0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Field Template <= 2.5.7 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Custom Field Template plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.5.7 via deserialization of untrusted input in the custom_field_template_admin function. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-field-template/"
     google-query: inurl:"/wp-content/plugins/custom-field-template/"
     shodan-query: 'vuln:CVE-2022-4324'
-  tags: cve,wordpress,wp-plugin,custom-field-template,high
+  tags: cve,wordpress,wp-plugin,custom-field-template,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4327-1a3ebcec002fbbf2625550387d2d42c9.yaml b/nuclei-templates/2022/CVE-2022-4327-1a3ebcec002fbbf2625550387d2d42c9.yaml
index 326313855b..de712b93a0 100644
--- a/nuclei-templates/2022/CVE-2022-4327-1a3ebcec002fbbf2625550387d2d42c9.yaml
+++ b/nuclei-templates/2022/CVE-2022-4327-1a3ebcec002fbbf2625550387d2d42c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Anti-Malware Security and Brute-Force Firewall <= 4.21.85 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.21.85 via deserialization of untrusted input. This allows attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gotmls/"
     google-query: inurl:"/wp-content/plugins/gotmls/"
     shodan-query: 'vuln:CVE-2022-4327'
-  tags: cve,wordpress,wp-plugin,gotmls,high
+  tags: cve,wordpress,wp-plugin,gotmls,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4330-607d97f75ca23282557e4dc2fc682915.yaml b/nuclei-templates/2022/CVE-2022-4330-607d97f75ca23282557e4dc2fc682915.yaml
index a95db26104..3d1def368a 100644
--- a/nuclei-templates/2022/CVE-2022-4330-607d97f75ca23282557e4dc2fc682915.yaml
+++ b/nuclei-templates/2022/CVE-2022-4330-607d97f75ca23282557e4dc2fc682915.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Attachments <= 5.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-attachments/"
     google-query: inurl:"/wp-content/plugins/wp-attachments/"
     shodan-query: 'vuln:CVE-2022-4330'
-  tags: cve,wordpress,wp-plugin,wp-attachments,medium
+  tags: cve,wordpress,wp-plugin,wp-attachments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43450-04699771b766f0fc714834ca199fc5ab.yaml b/nuclei-templates/2022/CVE-2022-43450-04699771b766f0fc714834ca199fc5ab.yaml
index 92c24d74c3..d02c7c52a8 100644
--- a/nuclei-templates/2022/CVE-2022-43450-04699771b766f0fc714834ca199fc5ab.yaml
+++ b/nuclei-templates/2022/CVE-2022-43450-04699771b766f0fc714834ca199fc5ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stream <= 3.9.2 - Missing Authorization via load_alerts_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stream plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_alerts_settings function in versions up to, and including, 3.9.2. This makes it possible for authenticated attackers with subscriber-level permissions or above to view arbitrary alerts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stream/"
     google-query: inurl:"/wp-content/plugins/stream/"
     shodan-query: 'vuln:CVE-2022-43450'
-  tags: cve,wordpress,wp-plugin,stream,medium
+  tags: cve,wordpress,wp-plugin,stream,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43453-08963ed44b1cea3058d5d701a7dc7bd5.yaml b/nuclei-templates/2022/CVE-2022-43453-08963ed44b1cea3058d5d701a7dc7bd5.yaml
index eec7d29e52..5aa4564580 100644
--- a/nuclei-templates/2022/CVE-2022-43453-08963ed44b1cea3058d5d701a7dc7bd5.yaml
+++ b/nuclei-templates/2022/CVE-2022-43453-08963ed44b1cea3058d5d701a7dc7bd5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Tools <= 3.41 - Missing Authorization leading to Authenticated (Subscriber+) Authorization Bypass
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Tools plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.41. This is due to missing capability check resulting in authorization bypass. This makes it possible for subscriber-level attackers to access unspecified user controls granted at a higher authorization-level.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wptools/"
     google-query: inurl:"/wp-content/plugins/wptools/"
     shodan-query: 'vuln:CVE-2022-43453'
-  tags: cve,wordpress,wp-plugin,wptools,high
+  tags: cve,wordpress,wp-plugin,wptools,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43458-f9f9f8843b8a77c541ca723acfae2e44.yaml b/nuclei-templates/2022/CVE-2022-43458-f9f9f8843b8a77c541ca723acfae2e44.yaml
index 8fbf5495c1..2db3a969ec 100644
--- a/nuclei-templates/2022/CVE-2022-43458-f9f9f8843b8a77c541ca723acfae2e44.yaml
+++ b/nuclei-templates/2022/CVE-2022-43458-f9f9f8843b8a77c541ca723acfae2e44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Floating Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Floating Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-floating-content-lite/"
     google-query: inurl:"/wp-content/plugins/advanced-floating-content-lite/"
     shodan-query: 'vuln:CVE-2022-43458'
-  tags: cve,wordpress,wp-plugin,advanced-floating-content-lite,medium
+  tags: cve,wordpress,wp-plugin,advanced-floating-content-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43459-d6b551c8eebbc07aebd60fb21b086030.yaml b/nuclei-templates/2022/CVE-2022-43459-d6b551c8eebbc07aebd60fb21b086030.yaml
index d5a72b29b7..9cd0a68597 100644
--- a/nuclei-templates/2022/CVE-2022-43459-d6b551c8eebbc07aebd60fb21b086030.yaml
+++ b/nuclei-templates/2022/CVE-2022-43459-d6b551c8eebbc07aebd60fb21b086030.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Forms by CaptainForm plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.3. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke that function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/captainform/"
     google-query: inurl:"/wp-content/plugins/captainform/"
     shodan-query: 'vuln:CVE-2022-43459'
-  tags: cve,wordpress,wp-plugin,captainform,high
+  tags: cve,wordpress,wp-plugin,captainform,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43461-0d198fa5a9097295a41f947e62ed164f.yaml b/nuclei-templates/2022/CVE-2022-43461-0d198fa5a9097295a41f947e62ed164f.yaml
index a9f7feb440..0ed8bf6664 100644
--- a/nuclei-templates/2022/CVE-2022-43461-0d198fa5a9097295a41f947e62ed164f.yaml
+++ b/nuclei-templates/2022/CVE-2022-43461-0d198fa5a9097295a41f947e62ed164f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow SE <= 2.5.5 - Authenticated (Subscriber+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slideshow SE plugin for WordPress is vulnerable to Stored Cross-Site Scripting in certain plugin configurations in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-se/"
     google-query: inurl:"/wp-content/plugins/slideshow-se/"
     shodan-query: 'vuln:CVE-2022-43461'
-  tags: cve,wordpress,wp-plugin,slideshow-se,medium
+  tags: cve,wordpress,wp-plugin,slideshow-se,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43462-fbcd8cab0390c5423cc4977a1f1be996.yaml b/nuclei-templates/2022/CVE-2022-43462-fbcd8cab0390c5423cc4977a1f1be996.yaml
index 3dda6669b1..4e42d1b596 100644
--- a/nuclei-templates/2022/CVE-2022-43462-fbcd8cab0390c5423cc4977a1f1be996.yaml
+++ b/nuclei-templates/2022/CVE-2022-43462-fbcd8cab0390c5423cc4977a1f1be996.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The IP Blacklist Cloud plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.00 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ip-blacklist-cloud/"
     google-query: inurl:"/wp-content/plugins/ip-blacklist-cloud/"
     shodan-query: 'vuln:CVE-2022-43462'
-  tags: cve,wordpress,wp-plugin,ip-blacklist-cloud,high
+  tags: cve,wordpress,wp-plugin,ip-blacklist-cloud,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43463-8d1ec64befa71150df8d15ca9a46e658.yaml b/nuclei-templates/2022/CVE-2022-43463-8d1ec64befa71150df8d15ca9a46e658.yaml
index cb440cd930..5dda2bc2ea 100644
--- a/nuclei-templates/2022/CVE-2022-43463-8d1ec64befa71150df8d15ca9a46e658.yaml
+++ b/nuclei-templates/2022/CVE-2022-43463-8d1ec64befa71150df8d15ca9a46e658.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Product Tabs for WooCommerce <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Product Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/"
     google-query: inurl:"/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/"
     shodan-query: 'vuln:CVE-2022-43463'
-  tags: cve,wordpress,wp-plugin,yikes-inc-easy-custom-woocommerce-product-tabs,medium
+  tags: cve,wordpress,wp-plugin,yikes-inc-easy-custom-woocommerce-product-tabs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43469-e740d0f5f3811a1aac1ce94a356e0d8f.yaml b/nuclei-templates/2022/CVE-2022-43469-e740d0f5f3811a1aac1ce94a356e0d8f.yaml
index a8f998c76b..0975a00eec 100644
--- a/nuclei-templates/2022/CVE-2022-43469-e740d0f5f3811a1aac1ce94a356e0d8f.yaml
+++ b/nuclei-templates/2022/CVE-2022-43469-e740d0f5f3811a1aac1ce94a356e0d8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Corona Virus (COVID-19) Banner & Live Data <= 1.7.0.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Corona Virus (COVID-19) Banner & Live Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.0.6. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/corona-virus-covid-19-banner/"
     google-query: inurl:"/wp-content/plugins/corona-virus-covid-19-banner/"
     shodan-query: 'vuln:CVE-2022-43469'
-  tags: cve,wordpress,wp-plugin,corona-virus-covid-19-banner,high
+  tags: cve,wordpress,wp-plugin,corona-virus-covid-19-banner,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43471-2326f2ccfd7003acca183b6e98abdbd2.yaml b/nuclei-templates/2022/CVE-2022-43471-2326f2ccfd7003acca183b6e98abdbd2.yaml
index a7f389ca45..acc3875db0 100644
--- a/nuclei-templates/2022/CVE-2022-43471-2326f2ccfd7003acca183b6e98abdbd2.yaml
+++ b/nuclei-templates/2022/CVE-2022-43471-2326f2ccfd7003acca183b6e98abdbd2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Bootstrap Gallery <= 1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Bootstrap Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_get_wpbgallery_update_imagetitle function in versions up to, and including, 1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update titles of arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-bootstrap-gallery/"
     google-query: inurl:"/wp-content/plugins/wp-bootstrap-gallery/"
     shodan-query: 'vuln:CVE-2022-43471'
-  tags: cve,wordpress,wp-plugin,wp-bootstrap-gallery,medium
+  tags: cve,wordpress,wp-plugin,wp-bootstrap-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43472-e081d559a96dc283eb19909827c9469c.yaml b/nuclei-templates/2022/CVE-2022-43472-e081d559a96dc283eb19909827c9469c.yaml
index c5467a712a..e68c2147ea 100644
--- a/nuclei-templates/2022/CVE-2022-43472-e081d559a96dc283eb19909827c9469c.yaml
+++ b/nuclei-templates/2022/CVE-2022-43472-e081d559a96dc283eb19909827c9469c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eRoom – Zoom Meetings & Webinar <= 1.4.6 - Missing Authorization via stm_wpcfto_get_settings_callback
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The eRoom – Zoom Meetings & Webinar plugin for WordPress is vulnerable to retrieve setting information due to a missing capability check on the stm_wpcfto_get_settings_callback function in versions up to, and including, 1.4.6. This makes it possible for authenticated attackers with subscriber-level access, and above, to retrieve setting information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eroom-zoom-meetings-webinar/"
     google-query: inurl:"/wp-content/plugins/eroom-zoom-meetings-webinar/"
     shodan-query: 'vuln:CVE-2022-43472'
-  tags: cve,wordpress,wp-plugin,eroom-zoom-meetings-webinar,medium
+  tags: cve,wordpress,wp-plugin,eroom-zoom-meetings-webinar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43476-f8057967039523304998e4a1e27c496f.yaml b/nuclei-templates/2022/CVE-2022-43476-f8057967039523304998e4a1e27c496f.yaml
index cc3b940592..715eaf5180 100644
--- a/nuclei-templates/2022/CVE-2022-43476-f8057967039523304998e4a1e27c496f.yaml
+++ b/nuclei-templates/2022/CVE-2022-43476-f8057967039523304998e4a1e27c496f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Subscribe to Category <= 2.7.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Subscribe to Category plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke them leading to Information Exposure.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/subscribe-to-category/"
     google-query: inurl:"/wp-content/plugins/subscribe-to-category/"
     shodan-query: 'vuln:CVE-2022-43476'
-  tags: cve,wordpress,wp-plugin,subscribe-to-category,medium
+  tags: cve,wordpress,wp-plugin,subscribe-to-category,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43480-9fb8bc0ed140e27215d75f6096a9ee6f.yaml b/nuclei-templates/2022/CVE-2022-43480-9fb8bc0ed140e27215d75f6096a9ee6f.yaml
index 180dd15bd4..923e96431a 100644
--- a/nuclei-templates/2022/CVE-2022-43480-9fb8bc0ed140e27215d75f6096a9ee6f.yaml
+++ b/nuclei-templates/2022/CVE-2022-43480-9fb8bc0ed140e27215d75f6096a9ee6f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Homepage Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/homepage-pop-up/"
     google-query: inurl:"/wp-content/plugins/homepage-pop-up/"
     shodan-query: 'vuln:CVE-2022-43480'
-  tags: cve,wordpress,wp-plugin,homepage-pop-up,medium
+  tags: cve,wordpress,wp-plugin,homepage-pop-up,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43481-bf87097eab97d5618311a5d6293581ee.yaml b/nuclei-templates/2022/CVE-2022-43481-bf87097eab97d5618311a5d6293581ee.yaml
index 47a30935da..e25473066a 100644
--- a/nuclei-templates/2022/CVE-2022-43481-bf87097eab97d5618311a5d6293581ee.yaml
+++ b/nuclei-templates/2022/CVE-2022-43481-bf87097eab97d5618311a5d6293581ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Coupons for WooCommerce Coupons <= 4.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Advanced Coupons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5. This is due to missing or incorrect nonce validation on the get_all_admin_notices function. This makes it possible for unauthenticated attackers to hide admin notices, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-coupons-for-woocommerce-free/"
     google-query: inurl:"/wp-content/plugins/advanced-coupons-for-woocommerce-free/"
     shodan-query: 'vuln:CVE-2022-43481'
-  tags: cve,wordpress,wp-plugin,advanced-coupons-for-woocommerce-free,high
+  tags: cve,wordpress,wp-plugin,advanced-coupons-for-woocommerce-free,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43482-5da504c8dee91299e78459069ad88795.yaml b/nuclei-templates/2022/CVE-2022-43482-5da504c8dee91299e78459069ad88795.yaml
index 2b8149cdfd..9e69643394 100644
--- a/nuclei-templates/2022/CVE-2022-43482-5da504c8dee91299e78459069ad88795.yaml
+++ b/nuclei-templates/2022/CVE-2022-43482-5da504c8dee91299e78459069ad88795.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Booking Calendar <= 1.3.69 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appointment Booking Calendar plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the cpabcal_feedback() function in versions up to, and including, 1.3.69. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to submit plugin feedback. This can also be exploited via CSRF due to missing nonce validation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/appointment-booking-calendar/"
     google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/"
     shodan-query: 'vuln:CVE-2022-43482'
-  tags: cve,wordpress,wp-plugin,appointment-booking-calendar,medium
+  tags: cve,wordpress,wp-plugin,appointment-booking-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43488-739c3b6a5da1b82e1034ec2752c5a42f.yaml b/nuclei-templates/2022/CVE-2022-43488-739c3b6a5da1b82e1034ec2752c5a42f.yaml
index a9017c4a93..33f2fd4406 100644
--- a/nuclei-templates/2022/CVE-2022-43488-739c3b6a5da1b82e1034ec2752c5a42f.yaml
+++ b/nuclei-templates/2022/CVE-2022-43488-739c3b6a5da1b82e1034ec2752c5a42f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.5. This is due to missing or incorrect nonce validation on several functions related to data migration. This makes it possible for unauthenticated attackers to invoke those functions which makes it possible to update settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-43488'
-  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43491-2b7649bf0d1b33f22a628883cdb8312a.yaml b/nuclei-templates/2022/CVE-2022-43491-2b7649bf0d1b33f22a628883cdb8312a.yaml
index b5bcc16296..f98e6c8380 100644
--- a/nuclei-templates/2022/CVE-2022-43491-2b7649bf0d1b33f22a628883cdb8312a.yaml
+++ b/nuclei-templates/2022/CVE-2022-43491-2b7649bf0d1b33f22a628883cdb8312a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.5. This is due to missing or incorrect nonce validation on several functions such as exportCSVBulkRangesAjaxCB(). This makes it possible for unauthenticated attackers to invoke those functions which makes it possible to update and import settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-43491'
-  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-43497-5f3b219095913ca0ac8eaef4013782dc.yaml b/nuclei-templates/2022/CVE-2022-43497-5f3b219095913ca0ac8eaef4013782dc.yaml
index 864a24f1c0..6ff3022568 100644
--- a/nuclei-templates/2022/CVE-2022-43497-5f3b219095913ca0ac8eaef4013782dc.yaml
+++ b/nuclei-templates/2022/CVE-2022-43497-5f3b219095913ca0ac8eaef4013782dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     WordPress Core is vulnerable to SQL Injection in the Media Library that can be leveraged to exploit a Reflected Cross-Site Scripting issue in versions up to 6.0.3. This is due to insufficient escaping on user supplied values passed to a SQL query.  This makes it possible for an attacker to achieved JavaScript code execution in a victims browser, granted they can trick the victim into performing an action such as clicking on a link.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2022-43497
   metadata:
     shodan-query: 'vuln:CVE-2022-43497'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4351-72e98d054dd35c38c2ccedc1b3e556e3.yaml b/nuclei-templates/2022/CVE-2022-4351-72e98d054dd35c38c2ccedc1b3e556e3.yaml
index ee681224fe..168945fc31 100644
--- a/nuclei-templates/2022/CVE-2022-4351-72e98d054dd35c38c2ccedc1b3e556e3.yaml
+++ b/nuclei-templates/2022/CVE-2022-4351-72e98d054dd35c38c2ccedc1b3e556e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Qe SEO Handyman plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qe-seo-handyman/"
     google-query: inurl:"/wp-content/plugins/qe-seo-handyman/"
     shodan-query: 'vuln:CVE-2022-4351'
-  tags: cve,wordpress,wp-plugin,qe-seo-handyman,medium
+  tags: cve,wordpress,wp-plugin,qe-seo-handyman,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4352-9b3e1e16f60897007a08c1914eadf98c.yaml b/nuclei-templates/2022/CVE-2022-4352-9b3e1e16f60897007a08c1914eadf98c.yaml
index 2e0ae84267..5cb8fa7c01 100644
--- a/nuclei-templates/2022/CVE-2022-4352-9b3e1e16f60897007a08c1914eadf98c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4352-9b3e1e16f60897007a08c1914eadf98c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Qe SEO Handyman plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qe-seo-handyman/"
     google-query: inurl:"/wp-content/plugins/qe-seo-handyman/"
     shodan-query: 'vuln:CVE-2022-4352'
-  tags: cve,wordpress,wp-plugin,qe-seo-handyman,medium
+  tags: cve,wordpress,wp-plugin,qe-seo-handyman,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4355-1a6e413024d8d1ae95c30f6878f11970.yaml b/nuclei-templates/2022/CVE-2022-4355-1a6e413024d8d1ae95c30f6878f11970.yaml
index 0b8437bb7b..31680a956a 100644
--- a/nuclei-templates/2022/CVE-2022-4355-1a6e413024d8d1ae95c30f6878f11970.yaml
+++ b/nuclei-templates/2022/CVE-2022-4355-1a6e413024d8d1ae95c30f6878f11970.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The LetsRecover plugin for WordPress is vulnerable to generic SQL Injection via an unspecified parameter in versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/letsrecover-woocommerce-abandoned-cart/"
     google-query: inurl:"/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/"
     shodan-query: 'vuln:CVE-2022-4355'
-  tags: cve,wordpress,wp-plugin,letsrecover-woocommerce-abandoned-cart,high
+  tags: cve,wordpress,wp-plugin,letsrecover-woocommerce-abandoned-cart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4356-381f90bef3e067367c93c00d3b2f3da3.yaml b/nuclei-templates/2022/CVE-2022-4356-381f90bef3e067367c93c00d3b2f3da3.yaml
index a9e5dd38d1..51ace13f61 100644
--- a/nuclei-templates/2022/CVE-2022-4356-381f90bef3e067367c93c00d3b2f3da3.yaml
+++ b/nuclei-templates/2022/CVE-2022-4356-381f90bef3e067367c93c00d3b2f3da3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The LetsRecover plugin for WordPress is vulnerable to generic SQL Injection via an unspecified parameter in versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/letsrecover-woocommerce-abandoned-cart/"
     google-query: inurl:"/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/"
     shodan-query: 'vuln:CVE-2022-4356'
-  tags: cve,wordpress,wp-plugin,letsrecover-woocommerce-abandoned-cart,high
+  tags: cve,wordpress,wp-plugin,letsrecover-woocommerce-abandoned-cart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4358-462fb716ec2f0ec4e2f418a785fb1df8.yaml b/nuclei-templates/2022/CVE-2022-4358-462fb716ec2f0ec4e2f418a785fb1df8.yaml
index dfd07fe549..d19c1c5653 100644
--- a/nuclei-templates/2022/CVE-2022-4358-462fb716ec2f0ec4e2f418a785fb1df8.yaml
+++ b/nuclei-templates/2022/CVE-2022-4358-462fb716ec2f0ec4e2f418a785fb1df8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP RSS By Publishers plugin for WordPress is vulnerable to generic SQL Injection via an unspecified parameter in versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rss-by-publishers/"
     google-query: inurl:"/wp-content/plugins/wp-rss-by-publishers/"
     shodan-query: 'vuln:CVE-2022-4358'
-  tags: cve,wordpress,wp-plugin,wp-rss-by-publishers,high
+  tags: cve,wordpress,wp-plugin,wp-rss-by-publishers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4359-74b1a71215563001aea36d2a3bce8f35.yaml b/nuclei-templates/2022/CVE-2022-4359-74b1a71215563001aea36d2a3bce8f35.yaml
index 3976b2d01f..19edcabfee 100644
--- a/nuclei-templates/2022/CVE-2022-4359-74b1a71215563001aea36d2a3bce8f35.yaml
+++ b/nuclei-templates/2022/CVE-2022-4359-74b1a71215563001aea36d2a3bce8f35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP RSS By Publishers plugin for WordPress is vulnerable to generic SQL Injection via an unspecified parameter in versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rss-by-publishers/"
     google-query: inurl:"/wp-content/plugins/wp-rss-by-publishers/"
     shodan-query: 'vuln:CVE-2022-4359'
-  tags: cve,wordpress,wp-plugin,wp-rss-by-publishers,high
+  tags: cve,wordpress,wp-plugin,wp-rss-by-publishers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4360-ee3fe625ab8f88885d07211e8987b8d5.yaml b/nuclei-templates/2022/CVE-2022-4360-ee3fe625ab8f88885d07211e8987b8d5.yaml
index 1798852510..50fea96a7e 100644
--- a/nuclei-templates/2022/CVE-2022-4360-ee3fe625ab8f88885d07211e8987b8d5.yaml
+++ b/nuclei-templates/2022/CVE-2022-4360-ee3fe625ab8f88885d07211e8987b8d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP RSS By Publishers plugin for WordPress is vulnerable to generic SQL Injection via an unspecified parameter in versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rss-by-publishers/"
     google-query: inurl:"/wp-content/plugins/wp-rss-by-publishers/"
     shodan-query: 'vuln:CVE-2022-4360'
-  tags: cve,wordpress,wp-plugin,wp-rss-by-publishers,high
+  tags: cve,wordpress,wp-plugin,wp-rss-by-publishers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4362-babd847e079fcdd7a546f8f906593529.yaml b/nuclei-templates/2022/CVE-2022-4362-babd847e079fcdd7a546f8f906593529.yaml
index 83b5db632c..6cace95a02 100644
--- a/nuclei-templates/2022/CVE-2022-4362-babd847e079fcdd7a546f8f906593529.yaml
+++ b/nuclei-templates/2022/CVE-2022-4362-babd847e079fcdd7a546f8f906593529.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Maker <= 1.16.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.16.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-maker/"
     google-query: inurl:"/wp-content/plugins/popup-maker/"
     shodan-query: 'vuln:CVE-2022-4362'
-  tags: cve,wordpress,wp-plugin,popup-maker,medium
+  tags: cve,wordpress,wp-plugin,popup-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4370-bc5e61b065b355ecda981dfb9a91839d.yaml b/nuclei-templates/2022/CVE-2022-4370-bc5e61b065b355ecda981dfb9a91839d.yaml
index 2243ed8c6c..c4d444a452 100644
--- a/nuclei-templates/2022/CVE-2022-4370-bc5e61b065b355ecda981dfb9a91839d.yaml
+++ b/nuclei-templates/2022/CVE-2022-4370-bc5e61b065b355ecda981dfb9a91839d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     multimedial images <= 1.0b - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The multimedial images plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0b due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator=level access to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multimedial-images/"
     google-query: inurl:"/wp-content/plugins/multimedial-images/"
     shodan-query: 'vuln:CVE-2022-4370'
-  tags: cve,wordpress,wp-plugin,multimedial-images,high
+  tags: cve,wordpress,wp-plugin,multimedial-images,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4371-4d7353aae0306a1d0c2e5c68f3406ced.yaml b/nuclei-templates/2022/CVE-2022-4371-4d7353aae0306a1d0c2e5c68f3406ced.yaml
index 174e72bf80..5b722e0098 100644
--- a/nuclei-templates/2022/CVE-2022-4371-4d7353aae0306a1d0c2e5c68f3406ced.yaml
+++ b/nuclei-templates/2022/CVE-2022-4371-4d7353aae0306a1d0c2e5c68f3406ced.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Web Invoice <= 2.1.3 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Web Invoice plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. By default this applies to administrators but depending on the plugin configuration can also allow other authenticated users such as subscribers to exploit this.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/web-invoice/"
     google-query: inurl:"/wp-content/plugins/web-invoice/"
     shodan-query: 'vuln:CVE-2022-4371'
-  tags: cve,wordpress,wp-plugin,web-invoice,high
+  tags: cve,wordpress,wp-plugin,web-invoice,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4372-1da82cb5548de3f68423707825b69043.yaml b/nuclei-templates/2022/CVE-2022-4372-1da82cb5548de3f68423707825b69043.yaml
index 45129a81d5..1de34c4756 100644
--- a/nuclei-templates/2022/CVE-2022-4372-1da82cb5548de3f68423707825b69043.yaml
+++ b/nuclei-templates/2022/CVE-2022-4372-1da82cb5548de3f68423707825b69043.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Web Invoice <= 2.1.3 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Web Invoice plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. By default this applies to administrators but depending on the plugin configuration can also allow other authenticated users such as subscribers to exploit this.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/web-invoice/"
     google-query: inurl:"/wp-content/plugins/web-invoice/"
     shodan-query: 'vuln:CVE-2022-4372'
-  tags: cve,wordpress,wp-plugin,web-invoice,high
+  tags: cve,wordpress,wp-plugin,web-invoice,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4373-6435ac4f9788a7cece5b6014e8487e16.yaml b/nuclei-templates/2022/CVE-2022-4373-6435ac4f9788a7cece5b6014e8487e16.yaml
index feb5cd65cb..1dca0309d1 100644
--- a/nuclei-templates/2022/CVE-2022-4373-6435ac4f9788a7cece5b6014e8487e16.yaml
+++ b/nuclei-templates/2022/CVE-2022-4373-6435ac4f9788a7cece5b6014e8487e16.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quote-O-Matic <= 1.0.5 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Quote-O-Matic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quote-o-matic/"
     google-query: inurl:"/wp-content/plugins/quote-o-matic/"
     shodan-query: 'vuln:CVE-2022-4373'
-  tags: cve,wordpress,wp-plugin,quote-o-matic,high
+  tags: cve,wordpress,wp-plugin,quote-o-matic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4381-ff57e42e57104b9d5c57fd329587cf27.yaml b/nuclei-templates/2022/CVE-2022-4381-ff57e42e57104b9d5c57fd329587cf27.yaml
index 8f087ca09a..a14bc80513 100644
--- a/nuclei-templates/2022/CVE-2022-4381-ff57e42e57104b9d5c57fd329587cf27.yaml
+++ b/nuclei-templates/2022/CVE-2022-4381-ff57e42e57104b9d5c57fd329587cf27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Maker <= 1.16.8 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup body content in versions up to, and including, 1.16.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-maker/"
     google-query: inurl:"/wp-content/plugins/popup-maker/"
     shodan-query: 'vuln:CVE-2022-4381'
-  tags: cve,wordpress,wp-plugin,popup-maker,medium
+  tags: cve,wordpress,wp-plugin,popup-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4384-4203dc94ef5199d201031e3f384724b9.yaml b/nuclei-templates/2022/CVE-2022-4384-4203dc94ef5199d201031e3f384724b9.yaml
index 15e4eaa614..80e10b4ac1 100644
--- a/nuclei-templates/2022/CVE-2022-4384-4203dc94ef5199d201031e3f384724b9.yaml
+++ b/nuclei-templates/2022/CVE-2022-4384-4203dc94ef5199d201031e3f384724b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stream <= 3.9.1 - Missing Authorization to Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stream plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'save_new_alert' and 'get_new_alert_triggers_notifications' functions in versions up to, and including, 3.9.1. This makes it possible for subscriber-level attackers to use the plugin's alert functionality and potentially leak sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stream/"
     google-query: inurl:"/wp-content/plugins/stream/"
     shodan-query: 'vuln:CVE-2022-4384'
-  tags: cve,wordpress,wp-plugin,stream,medium
+  tags: cve,wordpress,wp-plugin,stream,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4385-7737e8caafd57ae5760281e5e46a68d7.yaml b/nuclei-templates/2022/CVE-2022-4385-7737e8caafd57ae5760281e5e46a68d7.yaml
index 22357b1135..2e764a5963 100644
--- a/nuclei-templates/2022/CVE-2022-4385-7737e8caafd57ae5760281e5e46a68d7.yaml
+++ b/nuclei-templates/2022/CVE-2022-4385-7737e8caafd57ae5760281e5e46a68d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Intuitive Custom Post Order plugin for WordPress is vulnerable to authenticated settings change in versions up to and including 3.1.3 via the 'update-menu-order' AJAX action. This allows authenticated attackers with subscriber privileges or above, to change the order of posts in the posts menu.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/intuitive-custom-post-order/"
     google-query: inurl:"/wp-content/plugins/intuitive-custom-post-order/"
     shodan-query: 'vuln:CVE-2022-4385'
-  tags: cve,wordpress,wp-plugin,intuitive-custom-post-order,medium
+  tags: cve,wordpress,wp-plugin,intuitive-custom-post-order,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4391-b3d167dc589e1f7c398305699f98be68.yaml b/nuclei-templates/2022/CVE-2022-4391-b3d167dc589e1f7c398305699f98be68.yaml
index 2d6e78a7ac..3bc8add608 100644
--- a/nuclei-templates/2022/CVE-2022-4391-b3d167dc589e1f7c398305699f98be68.yaml
+++ b/nuclei-templates/2022/CVE-2022-4391-b3d167dc589e1f7c398305699f98be68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vision Interactive <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Vision Interactive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ function in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vision/"
     google-query: inurl:"/wp-content/plugins/vision/"
     shodan-query: 'vuln:CVE-2022-4391'
-  tags: cve,wordpress,wp-plugin,vision,medium
+  tags: cve,wordpress,wp-plugin,vision,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4392-176b60254015c7171bdde001bfef506b.yaml b/nuclei-templates/2022/CVE-2022-4392-176b60254015c7171bdde001bfef506b.yaml
index 9168cb4283..4d3f508ed4 100644
--- a/nuclei-templates/2022/CVE-2022-4392-176b60254015c7171bdde001bfef506b.yaml
+++ b/nuclei-templates/2022/CVE-2022-4392-176b60254015c7171bdde001bfef506b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.6.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/"
     shodan-query: 'vuln:CVE-2022-4392'
-  tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4393-e18789f54f5a5fe13b8ddacd79d408fc.yaml b/nuclei-templates/2022/CVE-2022-4393-e18789f54f5a5fe13b8ddacd79d408fc.yaml
index 73fd310fc3..33111311ea 100644
--- a/nuclei-templates/2022/CVE-2022-4393-e18789f54f5a5fe13b8ddacd79d408fc.yaml
+++ b/nuclei-templates/2022/CVE-2022-4393-e18789f54f5a5fe13b8ddacd79d408fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ImageLinks Interactive Image Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagelinks-interactive-image-builder-lite/"
     google-query: inurl:"/wp-content/plugins/imagelinks-interactive-image-builder-lite/"
     shodan-query: 'vuln:CVE-2022-4393'
-  tags: cve,wordpress,wp-plugin,imagelinks-interactive-image-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,imagelinks-interactive-image-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4394-ffe84a5da8ea35eb24ec280a71f71719.yaml b/nuclei-templates/2022/CVE-2022-4394-ffe84a5da8ea35eb24ec280a71f71719.yaml
index e7b9924a5e..24186413bc 100644
--- a/nuclei-templates/2022/CVE-2022-4394-ffe84a5da8ea35eb24ec280a71f71719.yaml
+++ b/nuclei-templates/2022/CVE-2022-4394-ffe84a5da8ea35eb24ec280a71f71719.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iPages Flipbook <= 1.4.6 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iPages Flipbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its shortcode in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ipages-flipbook/"
     google-query: inurl:"/wp-content/plugins/ipages-flipbook/"
     shodan-query: 'vuln:CVE-2022-4394'
-  tags: cve,wordpress,wp-plugin,ipages-flipbook,medium
+  tags: cve,wordpress,wp-plugin,ipages-flipbook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4410-4e977ded44741d82f1c08a16943badd0.yaml b/nuclei-templates/2022/CVE-2022-4410-4e977ded44741d82f1c08a16943badd0.yaml
index 844c7743be..c0dc282e77 100644
--- a/nuclei-templates/2022/CVE-2022-4410-4e977ded44741d82f1c08a16943badd0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4410-4e977ded44741d82f1c08a16943badd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/permalink-manager/"
     google-query: inurl:"/wp-content/plugins/permalink-manager/"
     shodan-query: 'vuln:CVE-2022-4410'
-  tags: cve,wordpress,wp-plugin,permalink-manager,medium
+  tags: cve,wordpress,wp-plugin,permalink-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4431-4a8f4a33d3fd03ddfa522524f9449c10.yaml b/nuclei-templates/2022/CVE-2022-4431-4a8f4a33d3fd03ddfa522524f9449c10.yaml
index c3e7fc7a82..91616bc6f5 100644
--- a/nuclei-templates/2022/CVE-2022-4431-4a8f4a33d3fd03ddfa522524f9449c10.yaml
+++ b/nuclei-templates/2022/CVE-2022-4431-4a8f4a33d3fd03ddfa522524f9449c10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WOOCS <= 1.3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WOOCS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 1.3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-currency-switcher/"
     google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/"
     shodan-query: 'vuln:CVE-2022-4431'
-  tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4431-6bedb1579a7e4736e9514fa8e953db76.yaml b/nuclei-templates/2022/CVE-2022-4431-6bedb1579a7e4736e9514fa8e953db76.yaml
index b702bfbe09..13c006dd2a 100644
--- a/nuclei-templates/2022/CVE-2022-4431-6bedb1579a7e4736e9514fa8e953db76.yaml
+++ b/nuclei-templates/2022/CVE-2022-4431-6bedb1579a7e4736e9514fa8e953db76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WOOCS <= 1.3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WOOCS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 1.3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-currency-switcher/"
     google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/"
     shodan-query: 'vuln:CVE-2022-4431'
-  tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4442-1e89a13fba73865588209c9be692cd21.yaml b/nuclei-templates/2022/CVE-2022-4442-1e89a13fba73865588209c9be692cd21.yaml
index 7688e20fa4..9a03a4fb8c 100644
--- a/nuclei-templates/2022/CVE-2022-4442-1e89a13fba73865588209c9be692cd21.yaml
+++ b/nuclei-templates/2022/CVE-2022-4442-1e89a13fba73865588209c9be692cd21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Post Types and Custom Fields creator <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Post Types and Custom Fields creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its setting parameters in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wck-custom-fields-and-custom-post-types-creator/"
     google-query: inurl:"/wp-content/plugins/wck-custom-fields-and-custom-post-types-creator/"
     shodan-query: 'vuln:CVE-2022-4442'
-  tags: cve,wordpress,wp-plugin,wck-custom-fields-and-custom-post-types-creator,medium
+  tags: cve,wordpress,wp-plugin,wck-custom-fields-and-custom-post-types-creator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4448-81dceb70d6b123bc1dd5fda793f142c3.yaml b/nuclei-templates/2022/CVE-2022-4448-81dceb70d6b123bc1dd5fda793f142c3.yaml
index c5f7299f4a..efdcabc18b 100644
--- a/nuclei-templates/2022/CVE-2022-4448-81dceb70d6b123bc1dd5fda793f142c3.yaml
+++ b/nuclei-templates/2022/CVE-2022-4448-81dceb70d6b123bc1dd5fda793f142c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.23.2  - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP  for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.23.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2022-4448'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4449-6d5213a5628e216eb9e2a763fb4762ea.yaml b/nuclei-templates/2022/CVE-2022-4449-6d5213a5628e216eb9e2a763fb4762ea.yaml
index 553efc2698..05aabcfefa 100644
--- a/nuclei-templates/2022/CVE-2022-4449-6d5213a5628e216eb9e2a763fb4762ea.yaml
+++ b/nuclei-templates/2022/CVE-2022-4449-6d5213a5628e216eb9e2a763fb4762ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page scroll to id <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page scroll to id plugin for WordPress is vulnerable to Stored Cross-Site Scripting via one of its shortcode attributes in versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-scroll-to-id/"
     google-query: inurl:"/wp-content/plugins/page-scroll-to-id/"
     shodan-query: 'vuln:CVE-2022-4449'
-  tags: cve,wordpress,wp-plugin,page-scroll-to-id,medium
+  tags: cve,wordpress,wp-plugin,page-scroll-to-id,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4451-f793e64947f92282a534916c8b501137.yaml b/nuclei-templates/2022/CVE-2022-4451-f793e64947f92282a534916c8b501137.yaml
index ecbf4b3c33..85c8240f72 100644
--- a/nuclei-templates/2022/CVE-2022-4451-f793e64947f92282a534916c8b501137.yaml
+++ b/nuclei-templates/2022/CVE-2022-4451-f793e64947f92282a534916c8b501137.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sassy Social Share <= 3.3.44 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via numerous shortcode attributes (such as 'title' and 'width') used in the 'follow_icons_shortcode' and 'sharing_shortcode' functions in versions up to, and including, 3.3.44 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sassy-social-share/"
     google-query: inurl:"/wp-content/plugins/sassy-social-share/"
     shodan-query: 'vuln:CVE-2022-4451'
-  tags: cve,wordpress,wp-plugin,sassy-social-share,medium
+  tags: cve,wordpress,wp-plugin,sassy-social-share,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4453-d875c7330364cd8c2a286deccf313956.yaml b/nuclei-templates/2022/CVE-2022-4453-d875c7330364cd8c2a286deccf313956.yaml
index 35ca6f4cc2..1767c49301 100644
--- a/nuclei-templates/2022/CVE-2022-4453-d875c7330364cd8c2a286deccf313956.yaml
+++ b/nuclei-templates/2022/CVE-2022-4453-d875c7330364cd8c2a286deccf313956.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3D FlipBook <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/"
     google-query: inurl:"/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/"
     shodan-query: 'vuln:CVE-2022-4453'
-  tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,medium
+  tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44576-246a1b75793883d17dc885e0bfc6e4bc.yaml b/nuclei-templates/2022/CVE-2022-44576-246a1b75793883d17dc885e0bfc6e4bc.yaml
index 500b9618d4..179e11cd22 100644
--- a/nuclei-templates/2022/CVE-2022-44576-246a1b75793883d17dc885e0bfc6e4bc.yaml
+++ b/nuclei-templates/2022/CVE-2022-44576-246a1b75793883d17dc885e0bfc6e4bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AgentEasy Properties <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AgentEasy Properties plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/agenteasy-properties/"
     google-query: inurl:"/wp-content/plugins/agenteasy-properties/"
     shodan-query: 'vuln:CVE-2022-44576'
-  tags: cve,wordpress,wp-plugin,agenteasy-properties,medium
+  tags: cve,wordpress,wp-plugin,agenteasy-properties,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44578-4dd1db9fbfcd7d8c0bd7134fb7dd4c2e.yaml b/nuclei-templates/2022/CVE-2022-44578-4dd1db9fbfcd7d8c0bd7134fb7dd4c2e.yaml
index 2694c3b1e0..bbf3c35b2b 100644
--- a/nuclei-templates/2022/CVE-2022-44578-4dd1db9fbfcd7d8c0bd7134fb7dd4c2e.yaml
+++ b/nuclei-templates/2022/CVE-2022-44578-4dd1db9fbfcd7d8c0bd7134fb7dd4c2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Owl Carousel <= 0.5.3 - Missing Authorization via save_paramter.php
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Owl Carousel plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check in the file /save_parameter.php in versions up to, and including, 0.5.3. This makes it possible for unauthenticated attackers  to update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/owl-carousel/"
     google-query: inurl:"/wp-content/plugins/owl-carousel/"
     shodan-query: 'vuln:CVE-2022-44578'
-  tags: cve,wordpress,wp-plugin,owl-carousel,medium
+  tags: cve,wordpress,wp-plugin,owl-carousel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4458-957e4d84091168909dcf10979c3f829e.yaml b/nuclei-templates/2022/CVE-2022-4458-957e4d84091168909dcf10979c3f829e.yaml
index 8938584fa0..148a528a6b 100644
--- a/nuclei-templates/2022/CVE-2022-4458-957e4d84091168909dcf10979c3f829e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4458-957e4d84091168909dcf10979c3f829e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     amr shortcode any widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The amr shortcode any widget  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amr-shortcode-any-widget/"
     google-query: inurl:"/wp-content/plugins/amr-shortcode-any-widget/"
     shodan-query: 'vuln:CVE-2022-4458'
-  tags: cve,wordpress,wp-plugin,amr-shortcode-any-widget,medium
+  tags: cve,wordpress,wp-plugin,amr-shortcode-any-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44580-69fd4d1a3d07810924c63e0b65d11e51.yaml b/nuclei-templates/2022/CVE-2022-44580-69fd4d1a3d07810924c63e0b65d11e51.yaml
index aa8992f8f4..3556713738 100644
--- a/nuclei-templates/2022/CVE-2022-44580-69fd4d1a3d07810924c63e0b65d11e51.yaml
+++ b/nuclei-templates/2022/CVE-2022-44580-69fd4d1a3d07810924c63e0b65d11e51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Plugin for Google Reviews plugin for WordPress is vulnerable to generic SQL Injection via the $place_id value in versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-google-reviews/"
     google-query: inurl:"/wp-content/plugins/widget-google-reviews/"
     shodan-query: 'vuln:CVE-2022-44580'
-  tags: cve,wordpress,wp-plugin,widget-google-reviews,high
+  tags: cve,wordpress,wp-plugin,widget-google-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44582-b0a5bbc946df09d6c3b0cc9fe2eebc81.yaml b/nuclei-templates/2022/CVE-2022-44582-b0a5bbc946df09d6c3b0cc9fe2eebc81.yaml
index 3ffa9b3535..5dc8946388 100644
--- a/nuclei-templates/2022/CVE-2022-44582-b0a5bbc946df09d6c3b0cc9fe2eebc81.yaml
+++ b/nuclei-templates/2022/CVE-2022-44582-b0a5bbc946df09d6c3b0cc9fe2eebc81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Apptivo Business Site CRM <= 3.0.12 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Apptivo Business Site CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.0.12 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/apptivo-business-site/"
     google-query: inurl:"/wp-content/plugins/apptivo-business-site/"
     shodan-query: 'vuln:CVE-2022-44582'
-  tags: cve,wordpress,wp-plugin,apptivo-business-site,medium
+  tags: cve,wordpress,wp-plugin,apptivo-business-site,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44585-48cb81f29289d3dff74b9ff9eb6ca258.yaml b/nuclei-templates/2022/CVE-2022-44585-48cb81f29289d3dff74b9ff9eb6ca258.yaml
index 95da73fbd5..092cbaa2e6 100644
--- a/nuclei-templates/2022/CVE-2022-44585-48cb81f29289d3dff74b9ff9eb6ca258.yaml
+++ b/nuclei-templates/2022/CVE-2022-44585-48cb81f29289d3dff74b9ff9eb6ca258.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Homepage PopUp plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/homepage-pop-up/"
     google-query: inurl:"/wp-content/plugins/homepage-pop-up/"
     shodan-query: 'vuln:CVE-2022-44585'
-  tags: cve,wordpress,wp-plugin,homepage-pop-up,high
+  tags: cve,wordpress,wp-plugin,homepage-pop-up,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44586-d9ed7ea48d292aeb09b5a69dca626c8b.yaml b/nuclei-templates/2022/CVE-2022-44586-d9ed7ea48d292aeb09b5a69dca626c8b.yaml
index 6c549b583f..21bb284551 100644
--- a/nuclei-templates/2022/CVE-2022-44586-d9ed7ea48d292aeb09b5a69dca626c8b.yaml
+++ b/nuclei-templates/2022/CVE-2022-44586-d9ed7ea48d292aeb09b5a69dca626c8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AM-HiLi <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AM-HiLi plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/am-hili-affiliate-manager-for-publishers/"
     google-query: inurl:"/wp-content/plugins/am-hili-affiliate-manager-for-publishers/"
     shodan-query: 'vuln:CVE-2022-44586'
-  tags: cve,wordpress,wp-plugin,am-hili-affiliate-manager-for-publishers,medium
+  tags: cve,wordpress,wp-plugin,am-hili-affiliate-manager-for-publishers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4459-10f63d314e85015ce49d2337fc605c93.yaml b/nuclei-templates/2022/CVE-2022-4459-10f63d314e85015ce49d2337fc605c93.yaml
index 52a4cfe46d..f5cb6ad7a1 100644
--- a/nuclei-templates/2022/CVE-2022-4459-10f63d314e85015ce49d2337fc605c93.yaml
+++ b/nuclei-templates/2022/CVE-2022-4459-10f63d314e85015ce49d2337fc605c93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Show Posts <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘order’, 'orderby', and other plugin settings in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-show-posts/"
     google-query: inurl:"/wp-content/plugins/wp-show-posts/"
     shodan-query: 'vuln:CVE-2022-4459'
-  tags: cve,wordpress,wp-plugin,wp-show-posts,medium
+  tags: cve,wordpress,wp-plugin,wp-show-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44590-f34299764af595ef815c30af6bd496f7.yaml b/nuclei-templates/2022/CVE-2022-44590-f34299764af595ef815c30af6bd496f7.yaml
index d178bcf5f5..e95f8443a4 100644
--- a/nuclei-templates/2022/CVE-2022-44590-f34299764af595ef815c30af6bd496f7.yaml
+++ b/nuclei-templates/2022/CVE-2022-44590-f34299764af595ef815c30af6bd496f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Video Embedder <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-video-embedder/"
     google-query: inurl:"/wp-content/plugins/simple-video-embedder/"
     shodan-query: 'vuln:CVE-2022-44590'
-  tags: cve,wordpress,wp-plugin,simple-video-embedder,medium
+  tags: cve,wordpress,wp-plugin,simple-video-embedder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44591-ba0f1a7c1e75b12eba4e62626fd27944.yaml b/nuclei-templates/2022/CVE-2022-44591-ba0f1a7c1e75b12eba4e62626fd27944.yaml
index ac41f6fcb0..a9d6ec4c98 100644
--- a/nuclei-templates/2022/CVE-2022-44591-ba0f1a7c1e75b12eba4e62626fd27944.yaml
+++ b/nuclei-templates/2022/CVE-2022-44591-ba0f1a7c1e75b12eba4e62626fd27944.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Anthologize <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Anthologize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’, 'post_status' and other parameters in versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anthologize/"
     google-query: inurl:"/wp-content/plugins/anthologize/"
     shodan-query: 'vuln:CVE-2022-44591'
-  tags: cve,wordpress,wp-plugin,anthologize,medium
+  tags: cve,wordpress,wp-plugin,anthologize,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44594-395ce3ec44ad4bf8f5ea06caea1ca7c5.yaml b/nuclei-templates/2022/CVE-2022-44594-395ce3ec44ad4bf8f5ea06caea1ca7c5.yaml
index 8cb114750c..d3400b89f2 100644
--- a/nuclei-templates/2022/CVE-2022-44594-395ce3ec44ad4bf8f5ea06caea1ca7c5.yaml
+++ b/nuclei-templates/2022/CVE-2022-44594-395ce3ec44ad4bf8f5ea06caea1ca7c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One Time Clok Lite <= 1.3.320 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All in One Time Clok Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 1.3.320 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aio-time-clock-lite/"
     google-query: inurl:"/wp-content/plugins/aio-time-clock-lite/"
     shodan-query: 'vuln:CVE-2022-44594'
-  tags: cve,wordpress,wp-plugin,aio-time-clock-lite,medium
+  tags: cve,wordpress,wp-plugin,aio-time-clock-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44595-4ff6298b795b2324bce636d08965d81d.yaml b/nuclei-templates/2022/CVE-2022-44595-4ff6298b795b2324bce636d08965d81d.yaml
index 61a3493462..b3fcaa903d 100644
--- a/nuclei-templates/2022/CVE-2022-44595-4ff6298b795b2324bce636d08965d81d.yaml
+++ b/nuclei-templates/2022/CVE-2022-44595-4ff6298b795b2324bce636d08965d81d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP 2FA – Two-factor authentication for WordPress <= 2.2.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP 2FA plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the login_form_validate_2fa function in versions up to, and including, 2.2.0. This makes it possible for authenticated attackers to receive a 2fa login code even if the provider is not enabled for that user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-2fa/"
     google-query: inurl:"/wp-content/plugins/wp-2fa/"
     shodan-query: 'vuln:CVE-2022-44595'
-  tags: cve,wordpress,wp-plugin,wp-2fa,medium
+  tags: cve,wordpress,wp-plugin,wp-2fa,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4460-5a9c4861ed09ce785a6f69836ddbac67.yaml b/nuclei-templates/2022/CVE-2022-4460-5a9c4861ed09ce785a6f69836ddbac67.yaml
index 33967c381a..ee3712b926 100644
--- a/nuclei-templates/2022/CVE-2022-4460-5a9c4861ed09ce785a6f69836ddbac67.yaml
+++ b/nuclei-templates/2022/CVE-2022-4460-5a9c4861ed09ce785a6f69836ddbac67.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sidebar Widgets by CodeLights <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/codelights-shortcodes-and-widgets/"
     google-query: inurl:"/wp-content/plugins/codelights-shortcodes-and-widgets/"
     shodan-query: 'vuln:CVE-2022-4460'
-  tags: cve,wordpress,wp-plugin,codelights-shortcodes-and-widgets,medium
+  tags: cve,wordpress,wp-plugin,codelights-shortcodes-and-widgets,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44625-e785890064729677b76cdb50e8ed4af9.yaml b/nuclei-templates/2022/CVE-2022-44625-e785890064729677b76cdb50e8ed4af9.yaml
index f349fc821e..e7452dd9a2 100644
--- a/nuclei-templates/2022/CVE-2022-44625-e785890064729677b76cdb50e8ed4af9.yaml
+++ b/nuclei-templates/2022/CVE-2022-44625-e785890064729677b76cdb50e8ed4af9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cyklodev WP Notify <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cyklodev WP Notify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cyklodev-wp-notify/"
     google-query: inurl:"/wp-content/plugins/cyklodev-wp-notify/"
     shodan-query: 'vuln:CVE-2022-44625'
-  tags: cve,wordpress,wp-plugin,cyklodev-wp-notify,medium
+  tags: cve,wordpress,wp-plugin,cyklodev-wp-notify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44626-97aa7aa2977bb6f3604b4b418beecdeb.yaml b/nuclei-templates/2022/CVE-2022-44626-97aa7aa2977bb6f3604b4b418beecdeb.yaml
index b5aa6ee917..f15cfb2bf8 100644
--- a/nuclei-templates/2022/CVE-2022-44626-97aa7aa2977bb6f3604b4b418beecdeb.yaml
+++ b/nuclei-templates/2022/CVE-2022-44626-97aa7aa2977bb6f3604b4b418beecdeb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Plugin by Squirrly SEO <= 12.1.20 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized access/modification or loss of data due to a missing capability check on AJAX action handlers in versions up to, and including, 12.1.20. This makes it possible for authenticated attackers with subscriber-level access, and above, to invoke those functions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/squirrly-seo/"
     google-query: inurl:"/wp-content/plugins/squirrly-seo/"
     shodan-query: 'vuln:CVE-2022-44626'
-  tags: cve,wordpress,wp-plugin,squirrly-seo,medium
+  tags: cve,wordpress,wp-plugin,squirrly-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44627-0a5cc290bf065b9d61dd8d6424548f9c.yaml b/nuclei-templates/2022/CVE-2022-44627-0a5cc290bf065b9d61dd8d6424548f9c.yaml
index bf49d9a212..38399ea008 100644
--- a/nuclei-templates/2022/CVE-2022-44627-0a5cc290bf065b9d61dd8d6424548f9c.yaml
+++ b/nuclei-templates/2022/CVE-2022-44627-0a5cc290bf065b9d61dd8d6424548f9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple SEO  <= 1.8.12 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.12. This is due to missing or incorrect nonce validation when managing sitemaps. This makes it possible for unauthenticated attackers to create or delete, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cds-simple-seo/"
     google-query: inurl:"/wp-content/plugins/cds-simple-seo/"
     shodan-query: 'vuln:CVE-2022-44627'
-  tags: cve,wordpress,wp-plugin,cds-simple-seo,high
+  tags: cve,wordpress,wp-plugin,cds-simple-seo,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44628-2d4f6a1b39a4cc9b06569630fa151900.yaml b/nuclei-templates/2022/CVE-2022-44628-2d4f6a1b39a4cc9b06569630fa151900.yaml
index 5fa7d6ab30..c3293366a5 100644
--- a/nuclei-templates/2022/CVE-2022-44628-2d4f6a1b39a4cc9b06569630fa151900.yaml
+++ b/nuclei-templates/2022/CVE-2022-44628-2d4f6a1b39a4cc9b06569630fa151900.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     4ECPS Web Forms <= 0.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 4ECPS Web Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/4ecps-webforms/"
     google-query: inurl:"/wp-content/plugins/4ecps-webforms/"
     shodan-query: 'vuln:CVE-2022-44628'
-  tags: cve,wordpress,wp-plugin,4ecps-webforms,medium
+  tags: cve,wordpress,wp-plugin,4ecps-webforms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44629-719aecac015dde0f14f4cf5400965308.yaml b/nuclei-templates/2022/CVE-2022-44629-719aecac015dde0f14f4cf5400965308.yaml
index 3fac6e590b..771a44e947 100644
--- a/nuclei-templates/2022/CVE-2022-44629-719aecac015dde0f14f4cf5400965308.yaml
+++ b/nuclei-templates/2022/CVE-2022-44629-719aecac015dde0f14f4cf5400965308.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Catalyst Connect Zoho CRM Client Portal <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/catalyst-connect-client-portal/"
     google-query: inurl:"/wp-content/plugins/catalyst-connect-client-portal/"
     shodan-query: 'vuln:CVE-2022-44629'
-  tags: cve,wordpress,wp-plugin,catalyst-connect-client-portal,medium
+  tags: cve,wordpress,wp-plugin,catalyst-connect-client-portal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44630-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/2022/CVE-2022-44630-564f40d4fe0ef114f55053468e52e333.yaml
index d373287f92..6e6228ec16 100644
--- a/nuclei-templates/2022/CVE-2022-44630-564f40d4fe0ef114f55053468e52e333.yaml
+++ b/nuclei-templates/2022/CVE-2022-44630-564f40d4fe0ef114f55053468e52e333.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2022-44630
   metadata:
-    fofa-query: "wp-content/plugins/yith-woocommerce-bulk-product-editing/"
-    google-query: inurl:"/wp-content/plugins/yith-woocommerce-bulk-product-editing/"
+    fofa-query: "wp-content/plugins/yith-woocommerce-social-login/"
+    google-query: inurl:"/wp-content/plugins/yith-woocommerce-social-login/"
     shodan-query: 'vuln:CVE-2022-44630'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-bulk-product-editing,medium
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-social-login,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-bulk-product-editing/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-social-login/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "yith-woocommerce-bulk-product-editing"
+          - "yith-woocommerce-social-login"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.2.27')
\ No newline at end of file
+          - compare_versions(version, '<= 1.4.9')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-44631-0bb8bade373073a31c7eae43154f4462.yaml b/nuclei-templates/2022/CVE-2022-44631-0bb8bade373073a31c7eae43154f4462.yaml
index 5ce6d7e7f3..9ee6a6ea7e 100644
--- a/nuclei-templates/2022/CVE-2022-44631-0bb8bade373073a31c7eae43154f4462.yaml
+++ b/nuclei-templates/2022/CVE-2022-44631-0bb8bade373073a31c7eae43154f4462.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     1app Business Forms <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 1app Business Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for author-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/1app-business-forms/"
     google-query: inurl:"/wp-content/plugins/1app-business-forms/"
     shodan-query: 'vuln:CVE-2022-44631'
-  tags: cve,wordpress,wp-plugin,1app-business-forms,medium
+  tags: cve,wordpress,wp-plugin,1app-business-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44631-3a92cf2d3b454c13398f20f7a203cccd.yaml b/nuclei-templates/2022/CVE-2022-44631-3a92cf2d3b454c13398f20f7a203cccd.yaml
index bc2ade4f79..acf3bcc74a 100644
--- a/nuclei-templates/2022/CVE-2022-44631-3a92cf2d3b454c13398f20f7a203cccd.yaml
+++ b/nuclei-templates/2022/CVE-2022-44631-3a92cf2d3b454c13398f20f7a203cccd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     1app Business Forms <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 1app Business Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for author-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/1app-business-forms/"
     google-query: inurl:"/wp-content/plugins/1app-business-forms/"
     shodan-query: 'vuln:CVE-2022-44631'
-  tags: cve,wordpress,wp-plugin,1app-business-forms,medium
+  tags: cve,wordpress,wp-plugin,1app-business-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44632-8bc6ce24c222c874630a145ef16e8d93.yaml b/nuclei-templates/2022/CVE-2022-44632-8bc6ce24c222c874630a145ef16e8d93.yaml
index dcdec081c2..dd65fe9995 100644
--- a/nuclei-templates/2022/CVE-2022-44632-8bc6ce24c222c874630a145ef16e8d93.yaml
+++ b/nuclei-templates/2022/CVE-2022-44632-8bc6ce24c222c874630a145ef16e8d93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Repeater – Custom Posts Simplified <= 1.1.13 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Content Repeater plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-repeater/"
     google-query: inurl:"/wp-content/plugins/content-repeater/"
     shodan-query: 'vuln:CVE-2022-44632'
-  tags: cve,wordpress,wp-plugin,content-repeater,medium
+  tags: cve,wordpress,wp-plugin,content-repeater,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44632-ab2b677573aede58b8661a8c8b875adf.yaml b/nuclei-templates/2022/CVE-2022-44632-ab2b677573aede58b8661a8c8b875adf.yaml
index d52f22dc8e..71825dee7a 100644
--- a/nuclei-templates/2022/CVE-2022-44632-ab2b677573aede58b8661a8c8b875adf.yaml
+++ b/nuclei-templates/2022/CVE-2022-44632-ab2b677573aede58b8661a8c8b875adf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Repeater <= 1.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Content Repeater plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-repeater/"
     google-query: inurl:"/wp-content/plugins/content-repeater/"
     shodan-query: 'vuln:CVE-2022-44632'
-  tags: cve,wordpress,wp-plugin,content-repeater,medium
+  tags: cve,wordpress,wp-plugin,content-repeater,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44633-4a463e7ba518b96c1fea8ec0461b05e3.yaml b/nuclei-templates/2022/CVE-2022-44633-4a463e7ba518b96c1fea8ec0461b05e3.yaml
index 1986b8370d..4db451fb80 100644
--- a/nuclei-templates/2022/CVE-2022-44633-4a463e7ba518b96c1fea8ec0461b05e3.yaml
+++ b/nuclei-templates/2022/CVE-2022-44633-4a463e7ba518b96c1fea8ec0461b05e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH WooCommerce Gift Cards Premium <= 3.23.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YITH WooCommerce Gift Cards Premium plugin for WordPress is vulnerable to unauthorized gift card creation due to a missing capability check on one of its functions in versions up to, and including, 3.23.1. This makes it possible for unauthenticated attackers to create gift cards. Sanitization of user input is also insufficient, which allows users to inject malicious scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-woocommerce-gift-cards-premium/"
     google-query: inurl:"/wp-content/plugins/yith-woocommerce-gift-cards-premium/"
     shodan-query: 'vuln:CVE-2022-44633'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-gift-cards-premium,medium
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-gift-cards-premium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44634-829eb8aa5088a8dfbd751ae2143f350b.yaml b/nuclei-templates/2022/CVE-2022-44634-829eb8aa5088a8dfbd751ae2143f350b.yaml
index fb06c0ea65..aed8b2139d 100644
--- a/nuclei-templates/2022/CVE-2022-44634-829eb8aa5088a8dfbd751ae2143f350b.yaml
+++ b/nuclei-templates/2022/CVE-2022-44634-829eb8aa5088a8dfbd751ae2143f350b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     S2W – Import Shopify to WooCommerce <= 1.1.12 - Authenticated (Admin+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The S2W – Import Shopify to WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.12, via insufficient restrictions in the 'generate_log_ajax' function. This allows administrator-level attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-shopify-to-woocommerce/"
     google-query: inurl:"/wp-content/plugins/import-shopify-to-woocommerce/"
     shodan-query: 'vuln:CVE-2022-44634'
-  tags: cve,wordpress,wp-plugin,import-shopify-to-woocommerce,high
+  tags: cve,wordpress,wp-plugin,import-shopify-to-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4464-ef2ccc3b2c02ce044d17cf1db08c67d1.yaml b/nuclei-templates/2022/CVE-2022-4464-ef2ccc3b2c02ce044d17cf1db08c67d1.yaml
index 563ef4f661..30312cbfb1 100644
--- a/nuclei-templates/2022/CVE-2022-4464-ef2ccc3b2c02ce044d17cf1db08c67d1.yaml
+++ b/nuclei-templates/2022/CVE-2022-4464-ef2ccc3b2c02ce044d17cf1db08c67d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Portfolio Post <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-portfolio-post/"
     google-query: inurl:"/wp-content/plugins/themify-portfolio-post/"
     shodan-query: 'vuln:CVE-2022-4464'
-  tags: cve,wordpress,wp-plugin,themify-portfolio-post,medium
+  tags: cve,wordpress,wp-plugin,themify-portfolio-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4465-ea22f32ac37f9f8e0f263b4584b31b1a.yaml b/nuclei-templates/2022/CVE-2022-4465-ea22f32ac37f9f8e0f263b4584b31b1a.yaml
index d00735fe05..6ecf37d8dc 100644
--- a/nuclei-templates/2022/CVE-2022-4465-ea22f32ac37f9f8e0f263b4584b31b1a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4465-ea22f32ac37f9f8e0f263b4584b31b1a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Video Lightbox <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Video Lightbox for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.9.6 due to insufficient input sanitization and output escaping on supplied attributes. This makes it possible for authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-video-lightbox/"
     google-query: inurl:"/wp-content/plugins/wp-video-lightbox/"
     shodan-query: 'vuln:CVE-2022-4465'
-  tags: cve,wordpress,wp-plugin,wp-video-lightbox,medium
+  tags: cve,wordpress,wp-plugin,wp-video-lightbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4466-638d34b4766f8e2a63bed27bf53ab9d8.yaml b/nuclei-templates/2022/CVE-2022-4466-638d34b4766f8e2a63bed27bf53ab9d8.yaml
index 597609b0e4..96c14f13dd 100644
--- a/nuclei-templates/2022/CVE-2022-4466-638d34b4766f8e2a63bed27bf53ab9d8.yaml
+++ b/nuclei-templates/2022/CVE-2022-4466-638d34b4766f8e2a63bed27bf53ab9d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Infinite Scroll - Ajax Load More <= 5.6.0.2 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 5.6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-load-more/"
     google-query: inurl:"/wp-content/plugins/ajax-load-more/"
     shodan-query: 'vuln:CVE-2022-4466'
-  tags: cve,wordpress,wp-plugin,ajax-load-more,medium
+  tags: cve,wordpress,wp-plugin,ajax-load-more,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4467-7932b82c356f203f76bc21fa22bfac04.yaml b/nuclei-templates/2022/CVE-2022-4467-7932b82c356f203f76bc21fa22bfac04.yaml
index ba977199c1..72d1ebdbbf 100644
--- a/nuclei-templates/2022/CVE-2022-4467-7932b82c356f203f76bc21fa22bfac04.yaml
+++ b/nuclei-templates/2022/CVE-2022-4467-7932b82c356f203f76bc21fa22bfac04.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Search & Filter <= 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Search & Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.2.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level privileges and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/search-filter/"
     google-query: inurl:"/wp-content/plugins/search-filter/"
     shodan-query: 'vuln:CVE-2022-4467'
-  tags: cve,wordpress,wp-plugin,search-filter,medium
+  tags: cve,wordpress,wp-plugin,search-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4468-30317bfce905faf2637e9a9df56ecb43.yaml b/nuclei-templates/2022/CVE-2022-4468-30317bfce905faf2637e9a9df56ecb43.yaml
index 3aa882860d..614bbae940 100644
--- a/nuclei-templates/2022/CVE-2022-4468-30317bfce905faf2637e9a9df56ecb43.yaml
+++ b/nuclei-templates/2022/CVE-2022-4468-30317bfce905faf2637e9a9df56ecb43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Recipe Maker <= 8.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 8.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recipe-maker/"
     google-query: inurl:"/wp-content/plugins/wp-recipe-maker/"
     shodan-query: 'vuln:CVE-2022-4468'
-  tags: cve,wordpress,wp-plugin,wp-recipe-maker,medium
+  tags: cve,wordpress,wp-plugin,wp-recipe-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4469-4ae0743589a43c31ae78715c1bb792c2.yaml b/nuclei-templates/2022/CVE-2022-4469-4ae0743589a43c31ae78715c1bb792c2.yaml
index bc2bb9e000..2bfa779824 100644
--- a/nuclei-templates/2022/CVE-2022-4469-4ae0743589a43c31ae78715c1bb792c2.yaml
+++ b/nuclei-templates/2022/CVE-2022-4469-4ae0743589a43c31ae78715c1bb792c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership <= 4.2.1 - Authenticated (Contributor+) Cross Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership/"
     google-query: inurl:"/wp-content/plugins/simple-membership/"
     shodan-query: 'vuln:CVE-2022-4469'
-  tags: cve,wordpress,wp-plugin,simple-membership,medium
+  tags: cve,wordpress,wp-plugin,simple-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4470-46456613c7a836ce3b1a8f48d3151f77.yaml b/nuclei-templates/2022/CVE-2022-4470-46456613c7a836ce3b1a8f48d3151f77.yaml
index 4060bba657..8159a0de25 100644
--- a/nuclei-templates/2022/CVE-2022-4470-46456613c7a836ce3b1a8f48d3151f77.yaml
+++ b/nuclei-templates/2022/CVE-2022-4470-46456613c7a836ce3b1a8f48d3151f77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-reviews-plugin-for-google/"
     google-query: inurl:"/wp-content/plugins/wp-reviews-plugin-for-google/"
     shodan-query: 'vuln:CVE-2022-4470'
-  tags: cve,wordpress,wp-plugin,wp-reviews-plugin-for-google,medium
+  tags: cve,wordpress,wp-plugin,wp-reviews-plugin-for-google,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4471-9da0817673d4e46e6fd57b591efba31c.yaml b/nuclei-templates/2022/CVE-2022-4471-9da0817673d4e46e6fd57b591efba31c.yaml
index aa955bbfdd..47a727ea43 100644
--- a/nuclei-templates/2022/CVE-2022-4471-9da0817673d4e46e6fd57b591efba31c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4471-9da0817673d4e46e6fd57b591efba31c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YARPP – Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 5.30.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: It was found that an additional shortcode attribute (template) was vulnerable in versions <= 5.30.2. This was addressed in version 5.30.3.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/"
     google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/"
     shodan-query: 'vuln:CVE-2022-4471'
-  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,medium
+  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4472-1523648bd0f24adc2a26d45bbae47ace.yaml b/nuclei-templates/2022/CVE-2022-4472-1523648bd0f24adc2a26d45bbae47ace.yaml
index a07ca8891c..2769bc9e0e 100644
--- a/nuclei-templates/2022/CVE-2022-4472-1523648bd0f24adc2a26d45bbae47ace.yaml
+++ b/nuclei-templates/2022/CVE-2022-4472-1523648bd0f24adc2a26d45bbae47ace.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Sitemap <= 3.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Sitemap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-sitemap/"
     google-query: inurl:"/wp-content/plugins/simple-sitemap/"
     shodan-query: 'vuln:CVE-2022-4472'
-  tags: cve,wordpress,wp-plugin,simple-sitemap,medium
+  tags: cve,wordpress,wp-plugin,simple-sitemap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4473-6ec64fa1d5347bc867f5cb9d59094e81.yaml b/nuclei-templates/2022/CVE-2022-4473-6ec64fa1d5347bc867f5cb9d59094e81.yaml
index d60efd89c1..776f098a02 100644
--- a/nuclei-templates/2022/CVE-2022-4473-6ec64fa1d5347bc867f5cb9d59094e81.yaml
+++ b/nuclei-templates/2022/CVE-2022-4473-6ec64fa1d5347bc867f5cb9d59094e81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Widget Shortcode <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Widget Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 0.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-shortcode/"
     google-query: inurl:"/wp-content/plugins/widget-shortcode/"
     shodan-query: 'vuln:CVE-2022-4473'
-  tags: cve,wordpress,wp-plugin,widget-shortcode,medium
+  tags: cve,wordpress,wp-plugin,widget-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4473-d17eaa15397a887312aedfb1919c156f.yaml b/nuclei-templates/2022/CVE-2022-4473-d17eaa15397a887312aedfb1919c156f.yaml
index 8c610f8465..8f5a7eae8f 100644
--- a/nuclei-templates/2022/CVE-2022-4473-d17eaa15397a887312aedfb1919c156f.yaml
+++ b/nuclei-templates/2022/CVE-2022-4473-d17eaa15397a887312aedfb1919c156f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WidgetShortcode <= 0.3.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WidgetShortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget' shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widgetshortcode/"
     google-query: inurl:"/wp-content/plugins/widgetshortcode/"
     shodan-query: 'vuln:CVE-2022-4473'
-  tags: cve,wordpress,wp-plugin,widgetshortcode,medium
+  tags: cve,wordpress,wp-plugin,widgetshortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44734-840d0f5e27379db8cc72bc8207e84fc7.yaml b/nuclei-templates/2022/CVE-2022-44734-840d0f5e27379db8cc72bc8207e84fc7.yaml
index 7a217cebd4..a7a2214cd6 100644
--- a/nuclei-templates/2022/CVE-2022-44734-840d0f5e27379db8cc72bc8207e84fc7.yaml
+++ b/nuclei-templates/2022/CVE-2022-44734-840d0f5e27379db8cc72bc8207e84fc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Car Rental by BestWebSoft <= 1.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Car Rental by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/car-rental/"
     google-query: inurl:"/wp-content/plugins/car-rental/"
     shodan-query: 'vuln:CVE-2022-44734'
-  tags: cve,wordpress,wp-plugin,car-rental,medium
+  tags: cve,wordpress,wp-plugin,car-rental,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44735-da7f33487455bd9ca64c5f5b0b3257c0.yaml b/nuclei-templates/2022/CVE-2022-44735-da7f33487455bd9ca64c5f5b0b3257c0.yaml
index e095c27bf4..026a31e266 100644
--- a/nuclei-templates/2022/CVE-2022-44735-da7f33487455bd9ca64c5f5b0b3257c0.yaml
+++ b/nuclei-templates/2022/CVE-2022-44735-da7f33487455bd9ca64c5f5b0b3257c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Clictracker <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Clictracker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clictracker/"
     google-query: inurl:"/wp-content/plugins/clictracker/"
     shodan-query: 'vuln:CVE-2022-44735'
-  tags: cve,wordpress,wp-plugin,clictracker,medium
+  tags: cve,wordpress,wp-plugin,clictracker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44736-6c023e252025477e682e7148561b6604.yaml b/nuclei-templates/2022/CVE-2022-44736-6c023e252025477e682e7148561b6604.yaml
index 4dbc3a1512..285a979f68 100644
--- a/nuclei-templates/2022/CVE-2022-44736-6c023e252025477e682e7148561b6604.yaml
+++ b/nuclei-templates/2022/CVE-2022-44736-6c023e252025477e682e7148561b6604.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chameleon <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chameleon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpch_news_title’ parameter in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chameleon/"
     google-query: inurl:"/wp-content/plugins/chameleon/"
     shodan-query: 'vuln:CVE-2022-44736'
-  tags: cve,wordpress,wp-plugin,chameleon,medium
+  tags: cve,wordpress,wp-plugin,chameleon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44737-873b15a500e300080bf17fdd62b04ccc.yaml b/nuclei-templates/2022/CVE-2022-44737-873b15a500e300080bf17fdd62b04ccc.yaml
index 7df85c7a1b..0b02ae8664 100644
--- a/nuclei-templates/2022/CVE-2022-44737-873b15a500e300080bf17fdd62b04ccc.yaml
+++ b/nuclei-templates/2022/CVE-2022-44737-873b15a500e300080bf17fdd62b04ccc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The All In One WP Security & Firewall plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to incorrect nonce validation on the functions 'render_login_whitelist', 'render_rename_login', 'render_honeypot' functions and possible others. This makes it possible for unauthenticated attackers to perform bulk actions on the plugin's list tables (such as deleting blocked IP entries) via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.  These actions would be restricted by manipulating entries by database ID, not by other fields (such as IP address).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/"
     shodan-query: 'vuln:CVE-2022-44737'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44738-d94e06192974b1fb1b08b2e10b17630f.yaml b/nuclei-templates/2022/CVE-2022-44738-d94e06192974b1fb1b08b2e10b17630f.yaml
index b40fd90518..e2cd8ebe9e 100644
--- a/nuclei-templates/2022/CVE-2022-44738-d94e06192974b1fb1b08b2e10b17630f.yaml
+++ b/nuclei-templates/2022/CVE-2022-44738-d94e06192974b1fb1b08b2e10b17630f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Posts and Users Stats plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.1.3. This allows attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/posts-and-users-stats/"
     google-query: inurl:"/wp-content/plugins/posts-and-users-stats/"
     shodan-query: 'vuln:CVE-2022-44738'
-  tags: cve,wordpress,wp-plugin,posts-and-users-stats,medium
+  tags: cve,wordpress,wp-plugin,posts-and-users-stats,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44739-bcb8383c6f8589761d6cb6fb2a6e00e4.yaml b/nuclei-templates/2022/CVE-2022-44739-bcb8383c6f8589761d6cb6fb2a6e00e4.yaml
index 36300e6c5d..d384338b35 100644
--- a/nuclei-templates/2022/CVE-2022-44739-bcb8383c6f8589761d6cb6fb2a6e00e4.yaml
+++ b/nuclei-templates/2022/CVE-2022-44739-bcb8383c6f8589761d6cb6fb2a6e00e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Restaurant Reservations <= 1.5.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Quick Restaurant Reservations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on the 'email_action' function. This makes it possible for unauthenticated attackers to modify email statuses granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-restaurant-reservations/"
     google-query: inurl:"/wp-content/plugins/quick-restaurant-reservations/"
     shodan-query: 'vuln:CVE-2022-44739'
-  tags: cve,wordpress,wp-plugin,quick-restaurant-reservations,high
+  tags: cve,wordpress,wp-plugin,quick-restaurant-reservations,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4474-f32c6b2b7d3eb58c4682087aa288b3f1.yaml b/nuclei-templates/2022/CVE-2022-4474-f32c6b2b7d3eb58c4682087aa288b3f1.yaml
index 8454af1f11..9fbf7ebc1a 100644
--- a/nuclei-templates/2022/CVE-2022-4474-f32c6b2b7d3eb58c4682087aa288b3f1.yaml
+++ b/nuclei-templates/2022/CVE-2022-4474-f32c6b2b7d3eb58c4682087aa288b3f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Feed <= 6.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-facebook-likebox/"
     google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/"
     shodan-query: 'vuln:CVE-2022-4474'
-  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium
+  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44740-20e49640b2d172fe60c3e66f7c5c2961.yaml b/nuclei-templates/2022/CVE-2022-44740-20e49640b2d172fe60c3e66f7c5c2961.yaml
index aaba1e4c88..477c9d7a02 100644
--- a/nuclei-templates/2022/CVE-2022-44740-20e49640b2d172fe60c3e66f7c5c2961.yaml
+++ b/nuclei-templates/2022/CVE-2022-44740-20e49640b2d172fe60c3e66f7c5c2961.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Creative Mail <= 1.5.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform actions such as resetting the plugin, toggling contact sync and changing marketing settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/creative-mail-by-constant-contact/"
     google-query: inurl:"/wp-content/plugins/creative-mail-by-constant-contact/"
     shodan-query: 'vuln:CVE-2022-44740'
-  tags: cve,wordpress,wp-plugin,creative-mail-by-constant-contact,high
+  tags: cve,wordpress,wp-plugin,creative-mail-by-constant-contact,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44741-c6bb0e4c31a358c9eb072ecaccea302f.yaml b/nuclei-templates/2022/CVE-2022-44741-c6bb0e4c31a358c9eb072ecaccea302f.yaml
index cdba48b4d4..ba6d925c83 100644
--- a/nuclei-templates/2022/CVE-2022-44741-c6bb0e4c31a358c9eb072ecaccea302f.yaml
+++ b/nuclei-templates/2022/CVE-2022-44741-c6bb0e4c31a358c9eb072ecaccea302f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial Slider <= 1.3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Testimonial Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing nonce validation on the testimonial_update_review_me() function. This makes it possible for unauthenticated attackers to inject malicious JavaScript, granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-slider/"
     google-query: inurl:"/wp-content/plugins/testimonial-slider/"
     shodan-query: 'vuln:CVE-2022-44741'
-  tags: cve,wordpress,wp-plugin,testimonial-slider,high
+  tags: cve,wordpress,wp-plugin,testimonial-slider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44742-c74241ceba44be19e7ba6e8fb09c27d6.yaml b/nuclei-templates/2022/CVE-2022-44742-c74241ceba44be19e7ba6e8fb09c27d6.yaml
index fbf60db652..26d29cd459 100644
--- a/nuclei-templates/2022/CVE-2022-44742-c74241ceba44be19e7ba6e8fb09c27d6.yaml
+++ b/nuclei-templates/2022/CVE-2022-44742-c74241ceba44be19e7ba6e8fb09c27d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Community Events <= 1.4.8 - Authenticated (Administrator+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/community-events/"
     google-query: inurl:"/wp-content/plugins/community-events/"
     shodan-query: 'vuln:CVE-2022-44742'
-  tags: cve,wordpress,wp-plugin,community-events,medium
+  tags: cve,wordpress,wp-plugin,community-events,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-44743-da0336a411f4f619331fc9d86a24bec5.yaml b/nuclei-templates/2022/CVE-2022-44743-da0336a411f4f619331fc9d86a24bec5.yaml
index 39538a0607..fc50940179 100644
--- a/nuclei-templates/2022/CVE-2022-44743-da0336a411f4f619331fc9d86a24bec5.yaml
+++ b/nuclei-templates/2022/CVE-2022-44743-da0336a411f4f619331fc9d86a24bec5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jobs for WordPress <= 2.5.10.2 - Authenticated (Author+) Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jobs for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-postings/"
     google-query: inurl:"/wp-content/plugins/job-postings/"
     shodan-query: 'vuln:CVE-2022-44743'
-  tags: cve,wordpress,wp-plugin,job-postings,medium
+  tags: cve,wordpress,wp-plugin,job-postings,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4475-934106ff95d7bc443b715a08222f1f73.yaml b/nuclei-templates/2022/CVE-2022-4475-934106ff95d7bc443b715a08222f1f73.yaml
index 1fe561b145..9f7adb339b 100644
--- a/nuclei-templates/2022/CVE-2022-4475-934106ff95d7bc443b715a08222f1f73.yaml
+++ b/nuclei-templates/2022/CVE-2022-4475-934106ff95d7bc443b715a08222f1f73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Collapse-O-Matic <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jquery-collapse-o-matic/"
     google-query: inurl:"/wp-content/plugins/jquery-collapse-o-matic/"
     shodan-query: 'vuln:CVE-2022-4475'
-  tags: cve,wordpress,wp-plugin,jquery-collapse-o-matic,medium
+  tags: cve,wordpress,wp-plugin,jquery-collapse-o-matic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4476-c202e0ac545cb4289f68113596303c38.yaml b/nuclei-templates/2022/CVE-2022-4476-c202e0ac545cb4289f68113596303c38.yaml
index 5f034ff004..77903a2686 100644
--- a/nuclei-templates/2022/CVE-2022-4476-c202e0ac545cb4289f68113596303c38.yaml
+++ b/nuclei-templates/2022/CVE-2022-4476-c202e0ac545cb4289f68113596303c38.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.61 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 3.2.61 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2022-4476'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4477-4f470840b5c22d9fdd8f597a9956aef0.yaml b/nuclei-templates/2022/CVE-2022-4477-4f470840b5c22d9fdd8f597a9956aef0.yaml
index ea516f747f..f037d76aae 100644
--- a/nuclei-templates/2022/CVE-2022-4477-4f470840b5c22d9fdd8f597a9956aef0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4477-4f470840b5c22d9fdd8f597a9956aef0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smash Balloon Social Post Feed <= 4.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smash Balloon Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-facebook-feed/"
     google-query: inurl:"/wp-content/plugins/custom-facebook-feed/"
     shodan-query: 'vuln:CVE-2022-4477'
-  tags: cve,wordpress,wp-plugin,custom-facebook-feed,medium
+  tags: cve,wordpress,wp-plugin,custom-facebook-feed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4478-7115ada113c9b929bcb0dd07d0bf9d4f.yaml b/nuclei-templates/2022/CVE-2022-4478-7115ada113c9b929bcb0dd07d0bf9d4f.yaml
index 9588fc3ba2..838d38b85b 100644
--- a/nuclei-templates/2022/CVE-2022-4478-7115ada113c9b929bcb0dd07d0bf9d4f.yaml
+++ b/nuclei-templates/2022/CVE-2022-4478-7115ada113c9b929bcb0dd07d0bf9d4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Font Awesome <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/font-awesome/"
     google-query: inurl:"/wp-content/plugins/font-awesome/"
     shodan-query: 'vuln:CVE-2022-4478'
-  tags: cve,wordpress,wp-plugin,font-awesome,medium
+  tags: cve,wordpress,wp-plugin,font-awesome,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4479-88443ca5df44ae2bdc297b09180bef0c.yaml b/nuclei-templates/2022/CVE-2022-4479-88443ca5df44ae2bdc297b09180bef0c.yaml
index a4f54501e7..3e5889868d 100644
--- a/nuclei-templates/2022/CVE-2022-4479-88443ca5df44ae2bdc297b09180bef0c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4479-88443ca5df44ae2bdc297b09180bef0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Table of Contents Plus <= 2106 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Table of Contents Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' and 'label' properties in the [toc] and [sitemap_pages] shortcodes respectively in versions up to, and including, 2106 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/table-of-contents-plus/"
     google-query: inurl:"/wp-content/plugins/table-of-contents-plus/"
     shodan-query: 'vuln:CVE-2022-4479'
-  tags: cve,wordpress,wp-plugin,table-of-contents-plus,medium
+  tags: cve,wordpress,wp-plugin,table-of-contents-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4480-a875d85b1acd34789210b1b8be6e7c70.yaml b/nuclei-templates/2022/CVE-2022-4480-a875d85b1acd34789210b1b8be6e7c70.yaml
index 485fdaf2f6..c1b679530a 100644
--- a/nuclei-templates/2022/CVE-2022-4480-a875d85b1acd34789210b1b8be6e7c70.yaml
+++ b/nuclei-templates/2022/CVE-2022-4480-a875d85b1acd34789210b1b8be6e7c70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Click to Chat <= 3.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 3.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/click-to-chat-for-whatsapp/"
     google-query: inurl:"/wp-content/plugins/click-to-chat-for-whatsapp/"
     shodan-query: 'vuln:CVE-2022-4480'
-  tags: cve,wordpress,wp-plugin,click-to-chat-for-whatsapp,medium
+  tags: cve,wordpress,wp-plugin,click-to-chat-for-whatsapp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4481-3816de1a2f06ca9d6d7c8b9dfb0a51bf.yaml b/nuclei-templates/2022/CVE-2022-4481-3816de1a2f06ca9d6d7c8b9dfb0a51bf.yaml
index c79d34b329..043251264a 100644
--- a/nuclei-templates/2022/CVE-2022-4481-3816de1a2f06ca9d6d7c8b9dfb0a51bf.yaml
+++ b/nuclei-templates/2022/CVE-2022-4481-3816de1a2f06ca9d6d7c8b9dfb0a51bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mesmerize Companion <= 1.6.133 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 1.6.133 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mesmerize-companion/"
     google-query: inurl:"/wp-content/plugins/mesmerize-companion/"
     shodan-query: 'vuln:CVE-2022-4481'
-  tags: cve,wordpress,wp-plugin,mesmerize-companion,medium
+  tags: cve,wordpress,wp-plugin,mesmerize-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4482-4b6f3787781ed281c4bf315d7815f11d.yaml b/nuclei-templates/2022/CVE-2022-4482-4b6f3787781ed281c4bf315d7815f11d.yaml
index f0386cf939..40d3737818 100644
--- a/nuclei-templates/2022/CVE-2022-4482-4b6f3787781ed281c4bf315d7815f11d.yaml
+++ b/nuclei-templates/2022/CVE-2022-4482-4b6f3787781ed281c4bf315d7815f11d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carousel, Slider, Gallery by WP Carousel <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Carousel, Slider, Gallery by WP Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcodes in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping on supplied attributes. This makes it possible for authenticated attackers with contributor-level privileges and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-carousel-free/"
     google-query: inurl:"/wp-content/plugins/wp-carousel-free/"
     shodan-query: 'vuln:CVE-2022-4482'
-  tags: cve,wordpress,wp-plugin,wp-carousel-free,medium
+  tags: cve,wordpress,wp-plugin,wp-carousel-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4483-474fa03f5b39570acd09bb99c310528b.yaml b/nuclei-templates/2022/CVE-2022-4483-474fa03f5b39570acd09bb99c310528b.yaml
index 5a3e2e1e63..de86e8f7d7 100644
--- a/nuclei-templates/2022/CVE-2022-4483-474fa03f5b39570acd09bb99c310528b.yaml
+++ b/nuclei-templates/2022/CVE-2022-4483-474fa03f5b39570acd09bb99c310528b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Insert Pages <= 3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the insert shortcode offered by the plugin in versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insert-pages/"
     google-query: inurl:"/wp-content/plugins/insert-pages/"
     shodan-query: 'vuln:CVE-2022-4483'
-  tags: cve,wordpress,wp-plugin,insert-pages,medium
+  tags: cve,wordpress,wp-plugin,insert-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4484-164f540fc7a38170dc136b3ff3864ea3.yaml b/nuclei-templates/2022/CVE-2022-4484-164f540fc7a38170dc136b3ff3864ea3.yaml
index 0132cde7ef..32e768abb5 100644
--- a/nuclei-templates/2022/CVE-2022-4484-164f540fc7a38170dc136b3ff3864ea3.yaml
+++ b/nuclei-templates/2022/CVE-2022-4484-164f540fc7a38170dc136b3ff3864ea3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Super Socializer <= 7.13.44 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Super Socializer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 7.13.44 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-socializer/"
     google-query: inurl:"/wp-content/plugins/super-socializer/"
     shodan-query: 'vuln:CVE-2022-4484'
-  tags: cve,wordpress,wp-plugin,super-socializer,medium
+  tags: cve,wordpress,wp-plugin,super-socializer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4485-c7b94497207a62b415298f2f46cd674e.yaml b/nuclei-templates/2022/CVE-2022-4485-c7b94497207a62b415298f2f46cd674e.yaml
index 4ecdb682eb..96c37df01e 100644
--- a/nuclei-templates/2022/CVE-2022-4485-c7b94497207a62b415298f2f46cd674e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4485-c7b94497207a62b415298f2f46cd674e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page-list <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page-list plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-list/"
     google-query: inurl:"/wp-content/plugins/page-list/"
     shodan-query: 'vuln:CVE-2022-4485'
-  tags: cve,wordpress,wp-plugin,page-list,medium
+  tags: cve,wordpress,wp-plugin,page-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4486-d785c662ffdd5bb603cbd342128e597d.yaml b/nuclei-templates/2022/CVE-2022-4486-d785c662ffdd5bb603cbd342128e597d.yaml
index 440bbf65cd..d9bb4e3e4c 100644
--- a/nuclei-templates/2022/CVE-2022-4486-d785c662ffdd5bb603cbd342128e597d.yaml
+++ b/nuclei-templates/2022/CVE-2022-4486-d785c662ffdd5bb603cbd342128e597d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meteor Slides <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meteor-slides/"
     google-query: inurl:"/wp-content/plugins/meteor-slides/"
     shodan-query: 'vuln:CVE-2022-4486'
-  tags: cve,wordpress,wp-plugin,meteor-slides,medium
+  tags: cve,wordpress,wp-plugin,meteor-slides,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4487-6139caeaed9293c95d17b26944e3e8d5.yaml b/nuclei-templates/2022/CVE-2022-4487-6139caeaed9293c95d17b26944e3e8d5.yaml
index b434c11d24..38771d9988 100644
--- a/nuclei-templates/2022/CVE-2022-4487-6139caeaed9293c95d17b26944e3e8d5.yaml
+++ b/nuclei-templates/2022/CVE-2022-4487-6139caeaed9293c95d17b26944e3e8d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Accordion <= 2.1.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.1.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-accordion-free/"
     google-query: inurl:"/wp-content/plugins/easy-accordion-free/"
     shodan-query: 'vuln:CVE-2022-4487'
-  tags: cve,wordpress,wp-plugin,easy-accordion-free,medium
+  tags: cve,wordpress,wp-plugin,easy-accordion-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4488-022d6e4b68c3750efdb62382e3088ee3.yaml b/nuclei-templates/2022/CVE-2022-4488-022d6e4b68c3750efdb62382e3088ee3.yaml
index 5edc8296cc..c3c85f3f57 100644
--- a/nuclei-templates/2022/CVE-2022-4488-022d6e4b68c3750efdb62382e3088ee3.yaml
+++ b/nuclei-templates/2022/CVE-2022-4488-022d6e4b68c3750efdb62382e3088ee3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Widgets on Pages <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Widgets on Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widgets-on-pages/"
     google-query: inurl:"/wp-content/plugins/widgets-on-pages/"
     shodan-query: 'vuln:CVE-2022-4488'
-  tags: cve,wordpress,wp-plugin,widgets-on-pages,medium
+  tags: cve,wordpress,wp-plugin,widgets-on-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4489-0a19ecfdd9174c31fe37388d883b8078.yaml b/nuclei-templates/2022/CVE-2022-4489-0a19ecfdd9174c31fe37388d883b8078.yaml
index 76d764f688..2ae9736a5b 100644
--- a/nuclei-templates/2022/CVE-2022-4489-0a19ecfdd9174c31fe37388d883b8078.yaml
+++ b/nuclei-templates/2022/CVE-2022-4489-0a19ecfdd9174c31fe37388d883b8078.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HUSKY – Products Filter for WooCommerce Professional <= 1.3.1 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The HUSKY plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.3.1  via deserialization of untrusted input in the get_all_options function. This allows authenticated attackers with administrator-level privileges to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-products-filter/"
     google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/"
     shodan-query: 'vuln:CVE-2022-4489'
-  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,high
+  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4491-c5db9aebd1fc40e9e4c7b7eca92c3a88.yaml b/nuclei-templates/2022/CVE-2022-4491-c5db9aebd1fc40e9e4c7b7eca92c3a88.yaml
index 22c0ffad3a..5c1800c916 100644
--- a/nuclei-templates/2022/CVE-2022-4491-c5db9aebd1fc40e9e4c7b7eca92c3a88.yaml
+++ b/nuclei-templates/2022/CVE-2022-4491-c5db9aebd1fc40e9e4c7b7eca92c3a88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Table Reloaded <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Table Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.9.4 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-table-reloaded/"
     google-query: inurl:"/wp-content/plugins/wp-table-reloaded/"
     shodan-query: 'vuln:CVE-2022-4491'
-  tags: cve,wordpress,wp-plugin,wp-table-reloaded,medium
+  tags: cve,wordpress,wp-plugin,wp-table-reloaded,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4496-17d0dd4ca47cd3783ad012601e5033f4.yaml b/nuclei-templates/2022/CVE-2022-4496-17d0dd4ca47cd3783ad012601e5033f4.yaml
index 8ffd230b46..daf147fe9d 100644
--- a/nuclei-templates/2022/CVE-2022-4496-17d0dd4ca47cd3783ad012601e5033f4.yaml
+++ b/nuclei-templates/2022/CVE-2022-4496-17d0dd4ca47cd3783ad012601e5033f4.yaml
@@ -55,4 +55,4 @@ http:
 
       - type: dsl
         dsl:
-          - compare_versions(version, '>= 16', '< 16.0.8')
\ No newline at end of file
+          - compare_versions(version, '>= 20', '< 20.0.7')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-4497-ebb8de96320f3c64a91f6dbb13b596fa.yaml b/nuclei-templates/2022/CVE-2022-4497-ebb8de96320f3c64a91f6dbb13b596fa.yaml
index 879b08d9a7..d9714ec316 100644
--- a/nuclei-templates/2022/CVE-2022-4497-ebb8de96320f3c64a91f6dbb13b596fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-4497-ebb8de96320f3c64a91f6dbb13b596fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack CRM <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jetpack CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 5.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zero-bs-crm/"
     google-query: inurl:"/wp-content/plugins/zero-bs-crm/"
     shodan-query: 'vuln:CVE-2022-4497'
-  tags: cve,wordpress,wp-plugin,zero-bs-crm,medium
+  tags: cve,wordpress,wp-plugin,zero-bs-crm,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4501-aef5861873c712667e57c762ed3ff81e.yaml b/nuclei-templates/2022/CVE-2022-4501-aef5861873c712667e57c762ed3ff81e.yaml
index 96c8edf5e8..eb439355b1 100644
--- a/nuclei-templates/2022/CVE-2022-4501-aef5861873c712667e57c762ed3ff81e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4501-aef5861873c712667e57c762ed3ff81e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Subscriber+) Settings Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mega-addons-for-visual-composer/"
     google-query: inurl:"/wp-content/plugins/mega-addons-for-visual-composer/"
     shodan-query: 'vuln:CVE-2022-4501'
-  tags: cve,wordpress,wp-plugin,mega-addons-for-visual-composer,high
+  tags: cve,wordpress,wp-plugin,mega-addons-for-visual-composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45066-e20e9bcb00e5e945a6bb2c24c79d65cf.yaml b/nuclei-templates/2022/CVE-2022-45066-e20e9bcb00e5e945a6bb2c24c79d65cf.yaml
index c30d122040..143a001692 100644
--- a/nuclei-templates/2022/CVE-2022-45066-e20e9bcb00e5e945a6bb2c24c79d65cf.yaml
+++ b/nuclei-templates/2022/CVE-2022-45066-e20e9bcb00e5e945a6bb2c24c79d65cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooSwipe WooCommerce Gallery <= 3.0.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooSwipe WooCommerce Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the update() function called via the admin_menu hook in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to update the plugins settings. This can also be exploited via Cross-Site Request Forgery.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wooswipe/"
     google-query: inurl:"/wp-content/plugins/wooswipe/"
     shodan-query: 'vuln:CVE-2022-45066'
-  tags: cve,wordpress,wp-plugin,wooswipe,medium
+  tags: cve,wordpress,wp-plugin,wooswipe,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45069-24fe066591faebd7c14b911941c41812.yaml b/nuclei-templates/2022/CVE-2022-45069-24fe066591faebd7c14b911941c41812.yaml
index d9f1ffe3d9..67a5704c41 100644
--- a/nuclei-templates/2022/CVE-2022-45069-24fe066591faebd7c14b911941c41812.yaml
+++ b/nuclei-templates/2022/CVE-2022-45069-24fe066591faebd7c14b911941c41812.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crowdsignal Dashboard <= 3.0.9 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Crowdsignal Dashboard plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including, 3.0.9. This is due to missing authorization checks on the settings page that made it possible for contributor-level attackers to load the ratings settings page and modify the settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/polldaddy/"
     google-query: inurl:"/wp-content/plugins/polldaddy/"
     shodan-query: 'vuln:CVE-2022-45069'
-  tags: cve,wordpress,wp-plugin,polldaddy,medium
+  tags: cve,wordpress,wp-plugin,polldaddy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4507-cb472ca260be89964a7f7e562d3b7648.yaml b/nuclei-templates/2022/CVE-2022-4507-cb472ca260be89964a7f7e562d3b7648.yaml
index 78b12d48e7..fd966de25a 100644
--- a/nuclei-templates/2022/CVE-2022-4507-cb472ca260be89964a7f7e562d3b7648.yaml
+++ b/nuclei-templates/2022/CVE-2022-4507-cb472ca260be89964a7f7e562d3b7648.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Cookie Banner <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Real Cookie Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/real-cookie-banner/"
     google-query: inurl:"/wp-content/plugins/real-cookie-banner/"
     shodan-query: 'vuln:CVE-2022-4507'
-  tags: cve,wordpress,wp-plugin,real-cookie-banner,medium
+  tags: cve,wordpress,wp-plugin,real-cookie-banner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45070-9b415d0d3fdf05f04e00c8b364d66a56.yaml b/nuclei-templates/2022/CVE-2022-45070-9b415d0d3fdf05f04e00c8b364d66a56.yaml
index 24924a6e8e..96fabbca60 100644
--- a/nuclei-templates/2022/CVE-2022-45070-9b415d0d3fdf05f04e00c8b364d66a56.yaml
+++ b/nuclei-templates/2022/CVE-2022-45070-9b415d0d3fdf05f04e00c8b364d66a56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conditional Checkout Fields & Edit Checkout Fields for WooCommerce <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Conditional Checkout Fields & Edit Checkout Fields for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability check in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/conditional-checkout-fields-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/conditional-checkout-fields-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-45070'
-  tags: cve,wordpress,wp-plugin,conditional-checkout-fields-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,conditional-checkout-fields-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45073-c4daa9433506094793f25873e18663b9.yaml b/nuclei-templates/2022/CVE-2022-45073-c4daa9433506094793f25873e18663b9.yaml
index eee33c67e4..df9e8fe392 100644
--- a/nuclei-templates/2022/CVE-2022-45073-c4daa9433506094793f25873e18663b9.yaml
+++ b/nuclei-templates/2022/CVE-2022-45073-c4daa9433506094793f25873e18663b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress REST API Authentication <= 2.4.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WordPress REST API Authentication plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the 'save_temporary_data' function. This makes it possible for unauthenticated attackers to make plugin settings changes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rest-api-authentication/"
     google-query: inurl:"/wp-content/plugins/wp-rest-api-authentication/"
     shodan-query: 'vuln:CVE-2022-45073'
-  tags: cve,wordpress,wp-plugin,wp-rest-api-authentication,high
+  tags: cve,wordpress,wp-plugin,wp-rest-api-authentication,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45074-f8b3cfa96a6263fb75e4e2e3d0d2b588.yaml b/nuclei-templates/2022/CVE-2022-45074-f8b3cfa96a6263fb75e4e2e3d0d2b588.yaml
index dda33141d9..432fd7fa8a 100644
--- a/nuclei-templates/2022/CVE-2022-45074-f8b3cfa96a6263fb75e4e2e3d0d2b588.yaml
+++ b/nuclei-templates/2022/CVE-2022-45074-f8b3cfa96a6263fb75e4e2e3d0d2b588.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Activity Reactions For Buddypress <= 1.0.22 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Activity Reactions For Buddypress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.22. This is due to missing nonce validation on the ai_front_smiley() function. This makes it possible for unauthenticated attackers to disabled and enable reactions granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activity-reactions-for-buddypress/"
     google-query: inurl:"/wp-content/plugins/activity-reactions-for-buddypress/"
     shodan-query: 'vuln:CVE-2022-45074'
-  tags: cve,wordpress,wp-plugin,activity-reactions-for-buddypress,high
+  tags: cve,wordpress,wp-plugin,activity-reactions-for-buddypress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45075-2764a8f5acae96c89d7440a05722c172.yaml b/nuclei-templates/2022/CVE-2022-45075-2764a8f5acae96c89d7440a05722c172.yaml
index 16e4a41888..99f8bf883c 100644
--- a/nuclei-templates/2022/CVE-2022-45075-2764a8f5acae96c89d7440a05722c172.yaml
+++ b/nuclei-templates/2022/CVE-2022-45075-2764a8f5acae96c89d7440a05722c172.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Activity Reactions For Buddypress <= 1.0.22 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Activity Reactions For Buddypress plugin for WordPress is vulnerable to missing authorization checks in versions up to, and including, 1.0.22 on the ai_front_smiley function. This makes it possible for subscriber-level to enable and disable reactions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activity-reactions-for-buddypress/"
     google-query: inurl:"/wp-content/plugins/activity-reactions-for-buddypress/"
     shodan-query: 'vuln:CVE-2022-45075'
-  tags: cve,wordpress,wp-plugin,activity-reactions-for-buddypress,medium
+  tags: cve,wordpress,wp-plugin,activity-reactions-for-buddypress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45077-a02d18d0740894600f021e06a20fd2de.yaml b/nuclei-templates/2022/CVE-2022-45077-a02d18d0740894600f021e06a20fd2de.yaml
index 6e4f32b60a..aeab496835 100644
--- a/nuclei-templates/2022/CVE-2022-45077-a02d18d0740894600f021e06a20fd2de.yaml
+++ b/nuclei-templates/2022/CVE-2022-45077-a02d18d0740894600f021e06a20fd2de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input from an unknown parameter. This allows subscriber-level attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/betheme/"
     google-query: inurl:"/wp-content/themes/betheme/"
     shodan-query: 'vuln:CVE-2022-45077'
-  tags: cve,wordpress,wp-theme,betheme,high
+  tags: cve,wordpress,wp-theme,betheme,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45078-78588e22a79e99f07ccbdc69fa52af87.yaml b/nuclei-templates/2022/CVE-2022-45078-78588e22a79e99f07ccbdc69fa52af87.yaml
index 8ada5ab872..5e5d799105 100644
--- a/nuclei-templates/2022/CVE-2022-45078-78588e22a79e99f07ccbdc69fa52af87.yaml
+++ b/nuclei-templates/2022/CVE-2022-45078-78588e22a79e99f07ccbdc69fa52af87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Blocker <= 1.5.5 - Authenticated (Admin+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Blocker plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.5.5. This allows administrator-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-blocker/"
     google-query: inurl:"/wp-content/plugins/user-blocker/"
     shodan-query: 'vuln:CVE-2022-45078'
-  tags: cve,wordpress,wp-plugin,user-blocker,medium
+  tags: cve,wordpress,wp-plugin,user-blocker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4508-5ccba34100497998aa68e15dc82c8875.yaml b/nuclei-templates/2022/CVE-2022-4508-5ccba34100497998aa68e15dc82c8875.yaml
index 2928243217..c7f788ea03 100644
--- a/nuclei-templates/2022/CVE-2022-4508-5ccba34100497998aa68e15dc82c8875.yaml
+++ b/nuclei-templates/2022/CVE-2022-4508-5ccba34100497998aa68e15dc82c8875.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ConvertKit <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ConvertKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/convertkit/"
     google-query: inurl:"/wp-content/plugins/convertkit/"
     shodan-query: 'vuln:CVE-2022-4508'
-  tags: cve,wordpress,wp-plugin,convertkit,medium
+  tags: cve,wordpress,wp-plugin,convertkit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45080-5c12b38e55523c2abb1229db17d7b69c.yaml b/nuclei-templates/2022/CVE-2022-45080-5c12b38e55523c2abb1229db17d7b69c.yaml
index cf068147b6..96a325cb89 100644
--- a/nuclei-templates/2022/CVE-2022-45080-5c12b38e55523c2abb1229db17d7b69c.yaml
+++ b/nuclei-templates/2022/CVE-2022-45080-5c12b38e55523c2abb1229db17d7b69c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Multiple Marker <= 1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Add Multiple Marker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on several functions like addmultiplemarker_save_maps_data(). This makes it possible for unauthenticated attackers to modify the plugin's settings granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-multiple-marker/"
     google-query: inurl:"/wp-content/plugins/add-multiple-marker/"
     shodan-query: 'vuln:CVE-2022-45080'
-  tags: cve,wordpress,wp-plugin,add-multiple-marker,high
+  tags: cve,wordpress,wp-plugin,add-multiple-marker,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45081-93ed6654d55bf39f7e0ea24a9224f858.yaml b/nuclei-templates/2022/CVE-2022-45081-93ed6654d55bf39f7e0ea24a9224f858.yaml
index c166d85d28..69c173ac6c 100644
--- a/nuclei-templates/2022/CVE-2022-45081-93ed6654d55bf39f7e0ea24a9224f858.yaml
+++ b/nuclei-templates/2022/CVE-2022-45081-93ed6654d55bf39f7e0ea24a9224f858.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Multiple Marker <= 1.2 - Missing Authorization Checks to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Add Multiple Marker plugin for WordPress is vulnerable authorization bypass in versions up to, and including, 1.2. This is due to lacking authentication checks on certain user functions like addmultiplemarker_save_maps_data() which is called via a nopriv AJAX action. This makes it possible for unauthenticated attackers to make plugin settings changes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-multiple-marker/"
     google-query: inurl:"/wp-content/plugins/add-multiple-marker/"
     shodan-query: 'vuln:CVE-2022-45081'
-  tags: cve,wordpress,wp-plugin,add-multiple-marker,medium
+  tags: cve,wordpress,wp-plugin,add-multiple-marker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45082-1b12a289a671c54e3c29dcf0a118316b.yaml b/nuclei-templates/2022/CVE-2022-45082-1b12a289a671c54e3c29dcf0a118316b.yaml
index 13f2039c03..9f2f73b812 100644
--- a/nuclei-templates/2022/CVE-2022-45082-1b12a289a671c54e3c29dcf0a118316b.yaml
+++ b/nuclei-templates/2022/CVE-2022-45082-1b12a289a671c54e3c29dcf0a118316b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'rawdata' parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any parameters used in the 'rawdata' parameter in function function api_action for the API class in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-or-faqs/"
     google-query: inurl:"/wp-content/plugins/accordions-or-faqs/"
     shodan-query: 'vuln:CVE-2022-45082'
-  tags: cve,wordpress,wp-plugin,accordions-or-faqs,medium
+  tags: cve,wordpress,wp-plugin,accordions-or-faqs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45082-3b610f84d98a5bc8d0e6aaa3b08f5054.yaml b/nuclei-templates/2022/CVE-2022-45082-3b610f84d98a5bc8d0e6aaa3b08f5054.yaml
index 36000d3aa1..ffdba51c40 100644
--- a/nuclei-templates/2022/CVE-2022-45082-3b610f84d98a5bc8d0e6aaa3b08f5054.yaml
+++ b/nuclei-templates/2022/CVE-2022-45082-3b610f84d98a5bc8d0e6aaa3b08f5054.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting in post_oxi_settings function
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any parameters used in the post_oxi_settings function for the API class in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-or-faqs/"
     google-query: inurl:"/wp-content/plugins/accordions-or-faqs/"
     shodan-query: 'vuln:CVE-2022-45082'
-  tags: cve,wordpress,wp-plugin,accordions-or-faqs,medium
+  tags: cve,wordpress,wp-plugin,accordions-or-faqs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45082-4032a78ffdb0269b83ac44db0e50cdc3.yaml b/nuclei-templates/2022/CVE-2022-45082-4032a78ffdb0269b83ac44db0e50cdc3.yaml
index 741b624eb6..107f99be7c 100644
--- a/nuclei-templates/2022/CVE-2022-45082-4032a78ffdb0269b83ac44db0e50cdc3.yaml
+++ b/nuclei-templates/2022/CVE-2022-45082-4032a78ffdb0269b83ac44db0e50cdc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'notice' parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘notice’ parameter used in the post_notice_dissmiss function in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-or-faqs/"
     google-query: inurl:"/wp-content/plugins/accordions-or-faqs/"
     shodan-query: 'vuln:CVE-2022-45082'
-  tags: cve,wordpress,wp-plugin,accordions-or-faqs,medium
+  tags: cve,wordpress,wp-plugin,accordions-or-faqs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45082-4ef1f0520c09d9782f1be91688816f9a.yaml b/nuclei-templates/2022/CVE-2022-45082-4ef1f0520c09d9782f1be91688816f9a.yaml
index 8fd8e27e25..4eaa44e165 100644
--- a/nuclei-templates/2022/CVE-2022-45082-4ef1f0520c09d9782f1be91688816f9a.yaml
+++ b/nuclei-templates/2022/CVE-2022-45082-4ef1f0520c09d9782f1be91688816f9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pages’ parameter used in the Bootstrap class constructor function in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-or-faqs/"
     google-query: inurl:"/wp-content/plugins/accordions-or-faqs/"
     shodan-query: 'vuln:CVE-2022-45082'
-  tags: cve,wordpress,wp-plugin,accordions-or-faqs,medium
+  tags: cve,wordpress,wp-plugin,accordions-or-faqs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45082-6e7fd75d5000c1a779cde51d0f7b0d94.yaml b/nuclei-templates/2022/CVE-2022-45082-6e7fd75d5000c1a779cde51d0f7b0d94.yaml
index ef8b1a3cbb..93b107d0f5 100644
--- a/nuclei-templates/2022/CVE-2022-45082-6e7fd75d5000c1a779cde51d0f7b0d94.yaml
+++ b/nuclei-templates/2022/CVE-2022-45082-6e7fd75d5000c1a779cde51d0f7b0d94.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'layouts' parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouts’ parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-or-faqs/"
     google-query: inurl:"/wp-content/plugins/accordions-or-faqs/"
     shodan-query: 'vuln:CVE-2022-45082'
-  tags: cve,wordpress,wp-plugin,accordions-or-faqs,medium
+  tags: cve,wordpress,wp-plugin,accordions-or-faqs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45082-805e4862296df1b32dd279bbfd5412a7.yaml b/nuclei-templates/2022/CVE-2022-45082-805e4862296df1b32dd279bbfd5412a7.yaml
index 61e716693c..31ccc68e6c 100644
--- a/nuclei-templates/2022/CVE-2022-45082-805e4862296df1b32dd279bbfd5412a7.yaml
+++ b/nuclei-templates/2022/CVE-2022-45082-805e4862296df1b32dd279bbfd5412a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pages’ parameter used in the maybe_load_template function in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-or-faqs/"
     google-query: inurl:"/wp-content/plugins/accordions-or-faqs/"
     shodan-query: 'vuln:CVE-2022-45082'
-  tags: cve,wordpress,wp-plugin,accordions-or-faqs,medium
+  tags: cve,wordpress,wp-plugin,accordions-or-faqs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45082-ce7addd0eabe078cf96d1fb6e8d32578.yaml b/nuclei-templates/2022/CVE-2022-45082-ce7addd0eabe078cf96d1fb6e8d32578.yaml
index 9d2509e715..4f45d466ba 100644
--- a/nuclei-templates/2022/CVE-2022-45082-ce7addd0eabe078cf96d1fb6e8d32578.yaml
+++ b/nuclei-templates/2022/CVE-2022-45082-ce7addd0eabe078cf96d1fb6e8d32578.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'license' parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘license’ parameter used in the post_oxi_license function for the API class in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-or-faqs/"
     google-query: inurl:"/wp-content/plugins/accordions-or-faqs/"
     shodan-query: 'vuln:CVE-2022-45082'
-  tags: cve,wordpress,wp-plugin,accordions-or-faqs,medium
+  tags: cve,wordpress,wp-plugin,accordions-or-faqs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45083-51b25af2629d0400d7625bb870546310.yaml b/nuclei-templates/2022/CVE-2022-45083-51b25af2629d0400d7625bb870546310.yaml
index a7bac8d7e4..629411c1a4 100644
--- a/nuclei-templates/2022/CVE-2022-45083-51b25af2629d0400d7625bb870546310.yaml
+++ b/nuclei-templates/2022/CVE-2022-45083-51b25af2629d0400d7625bb870546310.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfilePress <= 4.3.2 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ProfilePress plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.3.2 via deserialization of untrusted input in functions like 'get_form_meta'. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2022-45083'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4509-65043d39bf222f68f6c9850d424ae1bf.yaml b/nuclei-templates/2022/CVE-2022-4509-65043d39bf222f68f6c9850d424ae1bf.yaml
index a51f16db66..bea504a889 100644
--- a/nuclei-templates/2022/CVE-2022-4509-65043d39bf222f68f6c9850d424ae1bf.yaml
+++ b/nuclei-templates/2022/CVE-2022-4509-65043d39bf222f68f6c9850d424ae1bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Control <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Content Control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-control/"
     google-query: inurl:"/wp-content/plugins/content-control/"
     shodan-query: 'vuln:CVE-2022-4509'
-  tags: cve,wordpress,wp-plugin,content-control,medium
+  tags: cve,wordpress,wp-plugin,content-control,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4512-e128c0c0167442ae481665888471e921.yaml b/nuclei-templates/2022/CVE-2022-4512-e128c0c0167442ae481665888471e921.yaml
index e8ffc73960..25657a32af 100644
--- a/nuclei-templates/2022/CVE-2022-4512-e128c0c0167442ae481665888471e921.yaml
+++ b/nuclei-templates/2022/CVE-2022-4512-e128c0c0167442ae481665888471e921.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Font Awesome <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Better Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes (such as 'title', 'size', and class strings) in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-font-awesome/"
     google-query: inurl:"/wp-content/plugins/better-font-awesome/"
     shodan-query: 'vuln:CVE-2022-4512'
-  tags: cve,wordpress,wp-plugin,better-font-awesome,medium
+  tags: cve,wordpress,wp-plugin,better-font-awesome,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4519-873b35008af518fb3d54c42d47368243.yaml b/nuclei-templates/2022/CVE-2022-4519-873b35008af518fb3d54c42d47368243.yaml
index 231beb7d42..26706ccdde 100644
--- a/nuclei-templates/2022/CVE-2022-4519-873b35008af518fb3d54c42d47368243.yaml
+++ b/nuclei-templates/2022/CVE-2022-4519-873b35008af518fb3d54c42d47368243.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User <= 7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user/"
     google-query: inurl:"/wp-content/plugins/wp-user/"
     shodan-query: 'vuln:CVE-2022-4519'
-  tags: cve,wordpress,wp-plugin,wp-user,medium
+  tags: cve,wordpress,wp-plugin,wp-user,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45348-3b7bdb3a8404e199e1deb34a5f3502a4.yaml b/nuclei-templates/2022/CVE-2022-45348-3b7bdb3a8404e199e1deb34a5f3502a4.yaml
index 1e01239463..4b61b2c875 100644
--- a/nuclei-templates/2022/CVE-2022-45348-3b7bdb3a8404e199e1deb34a5f3502a4.yaml
+++ b/nuclei-templates/2022/CVE-2022-45348-3b7bdb3a8404e199e1deb34a5f3502a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     amr users <= 4.59.4 - Authenticated (Subscriber+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The amr users plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 4.59.4. This allows authenticated attackers with subscriber-level permissions or above to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amr-users/"
     google-query: inurl:"/wp-content/plugins/amr-users/"
     shodan-query: 'vuln:CVE-2022-45348'
-  tags: cve,wordpress,wp-plugin,amr-users,medium
+  tags: cve,wordpress,wp-plugin,amr-users,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45349-0eda30de3bc2dbaa94da2af30caf268c.yaml b/nuclei-templates/2022/CVE-2022-45349-0eda30de3bc2dbaa94da2af30caf268c.yaml
index 9685330179..9baccb3afb 100644
--- a/nuclei-templates/2022/CVE-2022-45349-0eda30de3bc2dbaa94da2af30caf268c.yaml
+++ b/nuclei-templates/2022/CVE-2022-45349-0eda30de3bc2dbaa94da2af30caf268c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Betheme <= 26.6.2 - Missing Authorization to Post Title Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Betheme theme for WordPress is vulnerable to authorization bypass in versions up to, and including, 26.6.2. This is due to a missing capability check on the mfnvb_init_vb() function that initializes the visual editor for the plugin and discloses the plugin's page builder nonces and functionality to an attacker. This makes it possible for authenticated attacks with minimal permissions, such as a subscriber, to trigger the Betheme page editor for any post or page and view the information along with make any changes to the post/page accessed through the editor. This CVE is specific to changing the title of arbitrary posts and pages. This is an extension of CVE-2022-45356.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/betheme/"
     google-query: inurl:"/wp-content/themes/betheme/"
     shodan-query: 'vuln:CVE-2022-45349'
-  tags: cve,wordpress,wp-theme,betheme,medium
+  tags: cve,wordpress,wp-theme,betheme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45350-4a300ce6f6f831fce9cb1c19680cdfa4.yaml b/nuclei-templates/2022/CVE-2022-45350-4a300ce6f6f831fce9cb1c19680cdfa4.yaml
index f9b06b968b..9fb0a2ab26 100644
--- a/nuclei-templates/2022/CVE-2022-45350-4a300ce6f6f831fce9cb1c19680cdfa4.yaml
+++ b/nuclei-templates/2022/CVE-2022-45350-4a300ce6f6f831fce9cb1c19680cdfa4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple History <= 3.3.1 - Authenticated (Subscriber+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple History plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 3.3.1. This allows subscriber-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-history/"
     google-query: inurl:"/wp-content/plugins/simple-history/"
     shodan-query: 'vuln:CVE-2022-45350'
-  tags: cve,wordpress,wp-plugin,simple-history,medium
+  tags: cve,wordpress,wp-plugin,simple-history,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45351-eef54adf293c01cfcd3711ba2746f5e0.yaml b/nuclei-templates/2022/CVE-2022-45351-eef54adf293c01cfcd3711ba2746f5e0.yaml
index c9dfa6b95c..31db73da2e 100644
--- a/nuclei-templates/2022/CVE-2022-45351-eef54adf293c01cfcd3711ba2746f5e0.yaml
+++ b/nuclei-templates/2022/CVE-2022-45351-eef54adf293c01cfcd3711ba2746f5e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Betheme <= 26.6.2 - Missing Authorization to Post Status Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Betheme theme for WordPress is vulnerable to authorization bypass in versions up to, and including, 26.6.2. This is due to a missing capability check on the mfnvb_init_vb() function that initializes the visual editor for the plugin and discloses the plugin's page builder nonces and functionality to an attacker. This makes it possible for authenticated attacks with minimal permissions, such as a subscriber, to trigger the Betheme page editor for any post or page and view the information along with make any changes to the post/page accessed through the editor. This CVE is specific to changing the status (published, draft, private) of arbitrary posts and pages and is controlled via the mfnvb_updateVbView() function. This is an extension of CVE-2022-45356.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/betheme/"
     google-query: inurl:"/wp-content/themes/betheme/"
     shodan-query: 'vuln:CVE-2022-45351'
-  tags: cve,wordpress,wp-theme,betheme,medium
+  tags: cve,wordpress,wp-theme,betheme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45352-f626e9df68cec35c776cf1191c5c3f5d.yaml b/nuclei-templates/2022/CVE-2022-45352-f626e9df68cec35c776cf1191c5c3f5d.yaml
index 4d38c61d5d..869fd56aad 100644
--- a/nuclei-templates/2022/CVE-2022-45352-f626e9df68cec35c776cf1191c5c3f5d.yaml
+++ b/nuclei-templates/2022/CVE-2022-45352-f626e9df68cec35c776cf1191c5c3f5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Betheme <= 26.6.2 - Missing Authorization to Theme Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Betheme theme for WordPress is vulnerable to authorization bypass in versions up to, and including, 26.6.2. This is due to a missing capability check on the mfnvb_init_vb() function that initializes the visual editor for the plugin and discloses the plugin's page builder nonces and functionality to an attacker. This makes it possible for authenticated attacks with minimal permissions, such as a subscriber, to trigger the Betheme page editor for any post or page and view the information along with make any changes to the post/page accessed through the editor. This CVE is specific to updating the theme's settings via the editing page through the mfnvb_savethemeoptions function. This is an extension of CVE-2022-45356.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/betheme/"
     google-query: inurl:"/wp-content/themes/betheme/"
     shodan-query: 'vuln:CVE-2022-45352'
-  tags: cve,wordpress,wp-theme,betheme,medium
+  tags: cve,wordpress,wp-theme,betheme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45353-4177059b270800f6cdd2567297565b05.yaml b/nuclei-templates/2022/CVE-2022-45353-4177059b270800f6cdd2567297565b05.yaml
index 387d9f5397..ff3c4f568f 100644
--- a/nuclei-templates/2022/CVE-2022-45353-4177059b270800f6cdd2567297565b05.yaml
+++ b/nuclei-templates/2022/CVE-2022-45353-4177059b270800f6cdd2567297565b05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Betheme <= 26.6.2 - Missing Authorization Checks to Private Page/Post Data Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Betheme theme for WordPress is vulnerable to authorization bypass in versions up to, and including, 26.6.2. This is due to a missing capability check on the mfnvb_init_vb() function that initializes the visual editor for the plugin and discloses the plugin's page builder nonces and functionality to an attacker. This makes it possible for authenticated attacks with minimal permissions, such as a subscriber, to trigger the Betheme page editor for any post or page and view the information along with make any changes to the post/page accessed through the editor. This CVE is specific to viewing private page data that should otherwise be restricted. This is an extension of CVE-2022-45356.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/betheme/"
     google-query: inurl:"/wp-content/themes/betheme/"
     shodan-query: 'vuln:CVE-2022-45353'
-  tags: cve,wordpress,wp-theme,betheme,medium
+  tags: cve,wordpress,wp-theme,betheme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45355-a48d0e7d0d0abab8208c9ac988b86701.yaml b/nuclei-templates/2022/CVE-2022-45355-a48d0e7d0d0abab8208c9ac988b86701.yaml
index 0c86896786..2ea13d3ab9 100644
--- a/nuclei-templates/2022/CVE-2022-45355-a48d0e7d0d0abab8208c9ac988b86701.yaml
+++ b/nuclei-templates/2022/CVE-2022-45355-a48d0e7d0d0abab8208c9ac988b86701.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Pipes <= 1.33 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WP Pipes plugin for WordPress is vulnerable to SQL Injection  in versions up to, and including, 1.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-pipes/"
     google-query: inurl:"/wp-content/plugins/wp-pipes/"
     shodan-query: 'vuln:CVE-2022-45355'
-  tags: cve,wordpress,wp-plugin,wp-pipes,critical
+  tags: cve,wordpress,wp-plugin,wp-pipes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45361-cbd2f40afcea324b1b6628d63c264b5b.yaml b/nuclei-templates/2022/CVE-2022-45361-cbd2f40afcea324b1b6628d63c264b5b.yaml
index 256d0c2719..cad60989f5 100644
--- a/nuclei-templates/2022/CVE-2022-45361-cbd2f40afcea324b1b6628d63c264b5b.yaml
+++ b/nuclei-templates/2022/CVE-2022-45361-cbd2f40afcea324b1b6628d63c264b5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     0mk Shortener <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 0mk Shortener for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/0mk-shortener/"
     google-query: inurl:"/wp-content/plugins/0mk-shortener/"
     shodan-query: 'vuln:CVE-2022-45361'
-  tags: cve,wordpress,wp-plugin,0mk-shortener,medium
+  tags: cve,wordpress,wp-plugin,0mk-shortener,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45363-f2c966f060ba4e0ec53591e455e174f0.yaml b/nuclei-templates/2022/CVE-2022-45363-f2c966f060ba4e0ec53591e455e174f0.yaml
index 808980f9cf..c5da8f9a2d 100644
--- a/nuclei-templates/2022/CVE-2022-45363-f2c966f060ba4e0ec53591e455e174f0.yaml
+++ b/nuclei-templates/2022/CVE-2022-45363-f2c966f060ba4e0ec53591e455e174f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Betheme <= 26.6.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Betheme theme for WordPress is vulnerable to authorization bypass that leads to stored Cross-Site Scripting in versions up to, and including, 26.6.2. This is due to a missing capability check on the mfnvb_init_vb() function that initializes the visual editor for the plugin and discloses the plugin's page builder nonces and functionality to an attacker. This makes it possible for authenticated attacks with minimal permissions, such as a subscriber, to trigger the Betheme page editor for any post or page and view the information along with make any changes to the post/page accessed through the editor. This CVE is specific to being able to inject malicious JavaScript into the pages and posts that can be edited by the plugin as a result of the initial missing authorization vulnerability. This is an extension of CVE-2022-45356.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/betheme/"
     google-query: inurl:"/wp-content/themes/betheme/"
     shodan-query: 'vuln:CVE-2022-45363'
-  tags: cve,wordpress,wp-theme,betheme,medium
+  tags: cve,wordpress,wp-theme,betheme,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45364-c5b846fbda39bbc2b213c6450fb38da1.yaml b/nuclei-templates/2022/CVE-2022-45364-c5b846fbda39bbc2b213c6450fb38da1.yaml
index 5a50457bdd..ff4560fbf1 100644
--- a/nuclei-templates/2022/CVE-2022-45364-c5b846fbda39bbc2b213c6450fb38da1.yaml
+++ b/nuclei-templates/2022/CVE-2022-45364-c5b846fbda39bbc2b213c6450fb38da1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.5 - Cross-Site Request Forgery in dnd_upload_cf7_upload and dnd_codedropz_upload_delete
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.6.5. This is due to missing or incorrect nonce validation on the dnd_upload_cf7_upload and dnd_codedropz_upload_delete functions. This makes it possible for unauthenticated attackers to upload or delete files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/"
     shodan-query: 'vuln:CVE-2022-45364'
-  tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-contact-form-7,high
+  tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-contact-form-7,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45368-5d3b862e6e4baaf71b24925f067433ca.yaml b/nuclei-templates/2022/CVE-2022-45368-5d3b862e6e4baaf71b24925f067433ca.yaml
index 753a594989..95936f4284 100644
--- a/nuclei-templates/2022/CVE-2022-45368-5d3b862e6e4baaf71b24925f067433ca.yaml
+++ b/nuclei-templates/2022/CVE-2022-45368-5d3b862e6e4baaf71b24925f067433ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     1003 Mortgage Application <= 1.75 - Authenticated (Subscriber+) Arbitrary File Download
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The 1003 Mortgage Application plugin for WordPress is vulnerable to arbitrary file download in versions up to, and including, 1.75 due to incorrect controls on the mortgate_application_download_file_callback() function. This makes it possible for authenticated attackers, with subscriber-level access or higher to download arbitrary files on the affected site's server, including database configuration files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/1003-mortgage-application/"
     google-query: inurl:"/wp-content/plugins/1003-mortgage-application/"
     shodan-query: 'vuln:CVE-2022-45368'
-  tags: cve,wordpress,wp-plugin,1003-mortgage-application,high
+  tags: cve,wordpress,wp-plugin,1003-mortgage-application,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45369-4de563d96c4862070b39ddbeaaf2aa52.yaml b/nuclei-templates/2022/CVE-2022-45369-4de563d96c4862070b39ddbeaaf2aa52.yaml
index b4d37fb431..0f8bed34d1 100644
--- a/nuclei-templates/2022/CVE-2022-45369-4de563d96c4862070b39ddbeaaf2aa52.yaml
+++ b/nuclei-templates/2022/CVE-2022-45369-4de563d96c4862070b39ddbeaaf2aa52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plugin for Google Reviews <= 2.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Plugin for Google Reviews for WordPress is vulnerable to authorization bypass due to a missing capability check on the save function in versions up to, and including, 2.2.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create widgets.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-google-reviews/"
     google-query: inurl:"/wp-content/plugins/widget-google-reviews/"
     shodan-query: 'vuln:CVE-2022-45369'
-  tags: cve,wordpress,wp-plugin,widget-google-reviews,medium
+  tags: cve,wordpress,wp-plugin,widget-google-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45373-9ab73d918da016b8bea0197df7034889.yaml b/nuclei-templates/2022/CVE-2022-45373-9ab73d918da016b8bea0197df7034889.yaml
index ee227d1d05..c40e64c3f5 100644
--- a/nuclei-templates/2022/CVE-2022-45373-9ab73d918da016b8bea0197df7034889.yaml
+++ b/nuclei-templates/2022/CVE-2022-45373-9ab73d918da016b8bea0197df7034889.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the 'misc[limit_results]' parameter in versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2022-45373'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,high
+  tags: cve,wordpress,wp-plugin,wp-slimstat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45374-c1c98038e2071b40fa92b1876951feb1.yaml b/nuclei-templates/2022/CVE-2022-45374-c1c98038e2071b40fa92b1876951feb1.yaml
index 3db140016c..6e2d874f11 100644
--- a/nuclei-templates/2022/CVE-2022-45374-c1c98038e2071b40fa92b1876951feb1.yaml
+++ b/nuclei-templates/2022/CVE-2022-45374-c1c98038e2071b40fa92b1876951feb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The YARPP plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 5.30.4 via the yarpp shortcode due to insufficient validation on the 'template' user attribute. This allows subscriber-level attackers, and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/"
     google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/"
     shodan-query: 'vuln:CVE-2022-45374'
-  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,high
+  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45375-4857da40460f492fd61121c6a3d9ad96.yaml b/nuclei-templates/2022/CVE-2022-45375-4857da40460f492fd61121c6a3d9ad96.yaml
index d3462513e7..f36adeddb3 100644
--- a/nuclei-templates/2022/CVE-2022-45375-4857da40460f492fd61121c6a3d9ad96.yaml
+++ b/nuclei-templates/2022/CVE-2022-45375-4857da40460f492fd61121c6a3d9ad96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iFeature Slider <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iFeature Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ifeature-slider/"
     google-query: inurl:"/wp-content/plugins/ifeature-slider/"
     shodan-query: 'vuln:CVE-2022-45375'
-  tags: cve,wordpress,wp-plugin,ifeature-slider,medium
+  tags: cve,wordpress,wp-plugin,ifeature-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45377-7ae73592996d92a88095adedd13bc8f2.yaml b/nuclei-templates/2022/CVE-2022-45377-7ae73592996d92a88095adedd13bc8f2.yaml
index 2d82ab6cef..4bc4940b63 100644
--- a/nuclei-templates/2022/CVE-2022-45377-7ae73592996d92a88095adedd13bc8f2.yaml
+++ b/nuclei-templates/2022/CVE-2022-45377-7ae73592996d92a88095adedd13bc8f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Cross-Site Request Forgery in upload and delete_file
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the upload and delete_file functions. This makes it possible for unauthenticated attackers to perform an unauthorized file upload or deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-45377'
-  tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4542-950a80cc7b38cd4c46587704ae88fbc4.yaml b/nuclei-templates/2022/CVE-2022-4542-950a80cc7b38cd4c46587704ae88fbc4.yaml
index 754943fde3..944f52e88c 100644
--- a/nuclei-templates/2022/CVE-2022-4542-950a80cc7b38cd4c46587704ae88fbc4.yaml
+++ b/nuclei-templates/2022/CVE-2022-4542-950a80cc7b38cd4c46587704ae88fbc4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Compact WP Audio Player <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/compact-wp-audio-player/"
     google-query: inurl:"/wp-content/plugins/compact-wp-audio-player/"
     shodan-query: 'vuln:CVE-2022-4542'
-  tags: cve,wordpress,wp-plugin,compact-wp-audio-player,medium
+  tags: cve,wordpress,wp-plugin,compact-wp-audio-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4544-d7a376bac039b7fcdb01d011343f232a.yaml b/nuclei-templates/2022/CVE-2022-4544-d7a376bac039b7fcdb01d011343f232a.yaml
index b320c97e26..316b7d5644 100644
--- a/nuclei-templates/2022/CVE-2022-4544-d7a376bac039b7fcdb01d011343f232a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4544-d7a376bac039b7fcdb01d011343f232a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Share Buttons <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Media Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mashsharer/"
     google-query: inurl:"/wp-content/plugins/mashsharer/"
     shodan-query: 'vuln:CVE-2022-4544'
-  tags: cve,wordpress,wp-plugin,mashsharer,medium
+  tags: cve,wordpress,wp-plugin,mashsharer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4545-efa61bc9a560990c025c5047443643f6.yaml b/nuclei-templates/2022/CVE-2022-4545-efa61bc9a560990c025c5047443643f6.yaml
index 4001b3d397..37699ccec8 100644
--- a/nuclei-templates/2022/CVE-2022-4545-efa61bc9a560990c025c5047443643f6.yaml
+++ b/nuclei-templates/2022/CVE-2022-4545-efa61bc9a560990c025c5047443643f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sitemap <= 4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sitemap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitemap/"
     google-query: inurl:"/wp-content/plugins/sitemap/"
     shodan-query: 'vuln:CVE-2022-4545'
-  tags: cve,wordpress,wp-plugin,sitemap,medium
+  tags: cve,wordpress,wp-plugin,sitemap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4546-47ec4d19442547ad0d7289d6f4804147.yaml b/nuclei-templates/2022/CVE-2022-4546-47ec4d19442547ad0d7289d6f4804147.yaml
index a8a50de8ee..3136fc8d87 100644
--- a/nuclei-templates/2022/CVE-2022-4546-47ec4d19442547ad0d7289d6f4804147.yaml
+++ b/nuclei-templates/2022/CVE-2022-4546-47ec4d19442547ad0d7289d6f4804147.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mapwiz <= 1.0.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Mapwiz plugin for WordPress is vulnerable to SQL Injection via the 'mid' parameter in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mapwiz/"
     google-query: inurl:"/wp-content/plugins/mapwiz/"
     shodan-query: 'vuln:CVE-2022-4546'
-  tags: cve,wordpress,wp-plugin,mapwiz,high
+  tags: cve,wordpress,wp-plugin,mapwiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4547-47ed991bbc14dda7a2d912876312ff28.yaml b/nuclei-templates/2022/CVE-2022-4547-47ed991bbc14dda7a2d912876312ff28.yaml
index 2a70015dbf..64b0877c85 100644
--- a/nuclei-templates/2022/CVE-2022-4547-47ed991bbc14dda7a2d912876312ff28.yaml
+++ b/nuclei-templates/2022/CVE-2022-4547-47ed991bbc14dda7a2d912876312ff28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conditional Payment Methods for WooCommerce <= 1.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Conditional Payment Methods for WooCommerce plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/conditional-payment-methods-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/conditional-payment-methods-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-4547'
-  tags: cve,wordpress,wp-plugin,conditional-payment-methods-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,conditional-payment-methods-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4551-0a49b86c658b566e0874b7c8c6fd8f9c.yaml b/nuclei-templates/2022/CVE-2022-4551-0a49b86c658b566e0874b7c8c6fd8f9c.yaml
index 3c3b7059ca..a1f5d5cf90 100644
--- a/nuclei-templates/2022/CVE-2022-4551-0a49b86c658b566e0874b7c8c6fd8f9c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4551-0a49b86c658b566e0874b7c8c6fd8f9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rich Table of Contents <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rich Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rich-table-of-content/"
     google-query: inurl:"/wp-content/plugins/rich-table-of-content/"
     shodan-query: 'vuln:CVE-2022-4551'
-  tags: cve,wordpress,wp-plugin,rich-table-of-content,medium
+  tags: cve,wordpress,wp-plugin,rich-table-of-content,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4555-738fbfc3eb4f88850a59e7c7149f1534.yaml b/nuclei-templates/2022/CVE-2022-4555-738fbfc3eb4f88850a59e7c7149f1534.yaml
index d105367481..8d80009b1e 100644
--- a/nuclei-templates/2022/CVE-2022-4555-738fbfc3eb4f88850a59e7c7149f1534.yaml
+++ b/nuclei-templates/2022/CVE-2022-4555-738fbfc3eb4f88850a59e7c7149f1534.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-shamsi/"
     google-query: inurl:"/wp-content/plugins/wp-shamsi/"
     shodan-query: 'vuln:CVE-2022-4555'
-  tags: cve,wordpress,wp-plugin,wp-shamsi,medium
+  tags: cve,wordpress,wp-plugin,wp-shamsi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4562-bee37332f6e8a8436cc61a9d140d558a.yaml b/nuclei-templates/2022/CVE-2022-4562-bee37332f6e8a8436cc61a9d140d558a.yaml
index 42525b5340..aca131a28d 100644
--- a/nuclei-templates/2022/CVE-2022-4562-bee37332f6e8a8436cc61a9d140d558a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4562-bee37332f6e8a8436cc61a9d140d558a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meks Flexible Shortcodes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Meks Flexible Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, [up to affected version] due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meks-flexible-shortcodes/"
     google-query: inurl:"/wp-content/plugins/meks-flexible-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4562'
-  tags: cve,wordpress,wp-plugin,meks-flexible-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,meks-flexible-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4570-a631956fae26932cfe37dec9f8eea277.yaml b/nuclei-templates/2022/CVE-2022-4570-a631956fae26932cfe37dec9f8eea277.yaml
index 9f7027873e..1dfc53c4ce 100644
--- a/nuclei-templates/2022/CVE-2022-4570-a631956fae26932cfe37dec9f8eea277.yaml
+++ b/nuclei-templates/2022/CVE-2022-4570-a631956fae26932cfe37dec9f8eea277.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Top 10 – Popular posts plugin for WordPress <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Top 10 – Popular posts plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/top-10/"
     google-query: inurl:"/wp-content/plugins/top-10/"
     shodan-query: 'vuln:CVE-2022-4570'
-  tags: cve,wordpress,wp-plugin,top-10,medium
+  tags: cve,wordpress,wp-plugin,top-10,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4571-7d9695bdca873940197ea6a55e88c78a.yaml b/nuclei-templates/2022/CVE-2022-4571-7d9695bdca873940197ea6a55e88c78a.yaml
index be2336b29d..a331544dd4 100644
--- a/nuclei-templates/2022/CVE-2022-4571-7d9695bdca873940197ea6a55e88c78a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4571-7d9695bdca873940197ea6a55e88c78a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seriously Simple Podcasting <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Seriously Simple Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seriously-simple-podcasting/"
     google-query: inurl:"/wp-content/plugins/seriously-simple-podcasting/"
     shodan-query: 'vuln:CVE-2022-4571'
-  tags: cve,wordpress,wp-plugin,seriously-simple-podcasting,medium
+  tags: cve,wordpress,wp-plugin,seriously-simple-podcasting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4576-05c1130a0be4b028fb1b748819924a55.yaml b/nuclei-templates/2022/CVE-2022-4576-05c1130a0be4b028fb1b748819924a55.yaml
index cede71fcdd..f5fcb045c2 100644
--- a/nuclei-templates/2022/CVE-2022-4576-05c1130a0be4b028fb1b748819924a55.yaml
+++ b/nuclei-templates/2022/CVE-2022-4576-05c1130a0be4b028fb1b748819924a55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Bootstrap Shortcode <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'theme_hrrule' function and multiple other short codes in versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor capabilities or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/easy-bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4576'
-  tags: cve,wordpress,wp-plugin,easy-bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,easy-bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4577-aeef249fc57afd724305e4aa12ba4e2c.yaml b/nuclei-templates/2022/CVE-2022-4577-aeef249fc57afd724305e4aa12ba4e2c.yaml
index 871952656d..0a6f1130a9 100644
--- a/nuclei-templates/2022/CVE-2022-4577-aeef249fc57afd724305e4aa12ba4e2c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4577-aeef249fc57afd724305e4aa12ba4e2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Testimonials <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-testimonials/"
     google-query: inurl:"/wp-content/plugins/easy-testimonials/"
     shodan-query: 'vuln:CVE-2022-4577'
-  tags: cve,wordpress,wp-plugin,easy-testimonials,medium
+  tags: cve,wordpress,wp-plugin,easy-testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4578-bb335261eec45408126dfda83cd4c302.yaml b/nuclei-templates/2022/CVE-2022-4578-bb335261eec45408126dfda83cd4c302.yaml
index b3c7a257de..a2811a1263 100644
--- a/nuclei-templates/2022/CVE-2022-4578-bb335261eec45408126dfda83cd4c302.yaml
+++ b/nuclei-templates/2022/CVE-2022-4578-bb335261eec45408126dfda83cd4c302.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Conferencing with Zoom <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-conferencing-with-zoom-api/"
     google-query: inurl:"/wp-content/plugins/video-conferencing-with-zoom-api/"
     shodan-query: 'vuln:CVE-2022-4578'
-  tags: cve,wordpress,wp-plugin,video-conferencing-with-zoom-api,medium
+  tags: cve,wordpress,wp-plugin,video-conferencing-with-zoom-api,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4580-227a5c7ee9b9e5c6c608ba88b684ac16.yaml b/nuclei-templates/2022/CVE-2022-4580-227a5c7ee9b9e5c6c608ba88b684ac16.yaml
index e6abbd1417..cc61f7cd56 100644
--- a/nuclei-templates/2022/CVE-2022-4580-227a5c7ee9b9e5c6c608ba88b684ac16.yaml
+++ b/nuclei-templates/2022/CVE-2022-4580-227a5c7ee9b9e5c6c608ba88b684ac16.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Twenty20 Image Before-After <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Twenty20 Image Before-After plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twenty20/"
     google-query: inurl:"/wp-content/plugins/twenty20/"
     shodan-query: 'vuln:CVE-2022-4580'
-  tags: cve,wordpress,wp-plugin,twenty20,medium
+  tags: cve,wordpress,wp-plugin,twenty20,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45803-41cad88ff79d9f1a300cb623d000ffea.yaml b/nuclei-templates/2022/CVE-2022-45803-41cad88ff79d9f1a300cb623d000ffea.yaml
index a2b5db37ea..5f51b13608 100644
--- a/nuclei-templates/2022/CVE-2022-45803-41cad88ff79d9f1a300cb623d000ffea.yaml
+++ b/nuclei-templates/2022/CVE-2022-45803-41cad88ff79d9f1a300cb623d000ffea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Forms plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.2.8.3, due to insufficient access control on form entries. This allowed authenticated attackers with subscriber-level privileges and above to view the contents of form entries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forms-gutenberg/"
     google-query: inurl:"/wp-content/plugins/forms-gutenberg/"
     shodan-query: 'vuln:CVE-2022-45803'
-  tags: cve,wordpress,wp-plugin,forms-gutenberg,medium
+  tags: cve,wordpress,wp-plugin,forms-gutenberg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45805-319371b7283fd7e2cb3c7db7ca64946f.yaml b/nuclei-templates/2022/CVE-2022-45805-319371b7283fd7e2cb3c7db7ca64946f.yaml
index 8c54a2851a..b59d375c52 100644
--- a/nuclei-templates/2022/CVE-2022-45805-319371b7283fd7e2cb3c7db7ca64946f.yaml
+++ b/nuclei-templates/2022/CVE-2022-45805-319371b7283fd7e2cb3c7db7ca64946f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytm Payment Gateway <= 2.7.3 - Authenticated (Editor+) SQL Injection via 'post'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Paytm Payment Gateway plugin for WordPress is vulnerable to generic SQL Injection via the ‘post’ parameter in versions up to, and including, 2.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with editor-level access, and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytm-payments/"
     google-query: inurl:"/wp-content/plugins/paytm-payments/"
     shodan-query: 'vuln:CVE-2022-45805'
-  tags: cve,wordpress,wp-plugin,paytm-payments,high
+  tags: cve,wordpress,wp-plugin,paytm-payments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45807-fe1c7e5641b372bf56ee629133d6f4e5.yaml b/nuclei-templates/2022/CVE-2022-45807-fe1c7e5641b372bf56ee629133d6f4e5.yaml
index 26596373ee..5c7b61ae5d 100644
--- a/nuclei-templates/2022/CVE-2022-45807-fe1c7e5641b372bf56ee629133d6f4e5.yaml
+++ b/nuclei-templates/2022/CVE-2022-45807-fe1c7e5641b372bf56ee629133d6f4e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mail Log <= 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Mail Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the wpv_mail_review function. This makes it possible for unauthenticated attackers to review the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-log/"
     google-query: inurl:"/wp-content/plugins/wp-mail-log/"
     shodan-query: 'vuln:CVE-2022-45807'
-  tags: cve,wordpress,wp-plugin,wp-mail-log,high
+  tags: cve,wordpress,wp-plugin,wp-mail-log,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45811-767aeb59e47dca848d0413b31cb3f81a.yaml b/nuclei-templates/2022/CVE-2022-45811-767aeb59e47dca848d0413b31cb3f81a.yaml
index e66115ad7f..035b116d70 100644
--- a/nuclei-templates/2022/CVE-2022-45811-767aeb59e47dca848d0413b31cb3f81a.yaml
+++ b/nuclei-templates/2022/CVE-2022-45811-767aeb59e47dca848d0413b31cb3f81a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Teaser <= 4.1.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Post Teaser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.5. This is due to missing or incorrect nonce validation on the init_option_page function. This makes it possible for unauthenticated attackers to change the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-teaser/"
     google-query: inurl:"/wp-content/plugins/post-teaser/"
     shodan-query: 'vuln:CVE-2022-45811'
-  tags: cve,wordpress,wp-plugin,post-teaser,high
+  tags: cve,wordpress,wp-plugin,post-teaser,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45811-db46aef04d74b6695e5a22627a3163f0.yaml b/nuclei-templates/2022/CVE-2022-45811-db46aef04d74b6695e5a22627a3163f0.yaml
index ab8091aef8..4fecde71a2 100644
--- a/nuclei-templates/2022/CVE-2022-45811-db46aef04d74b6695e5a22627a3163f0.yaml
+++ b/nuclei-templates/2022/CVE-2022-45811-db46aef04d74b6695e5a22627a3163f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Teaser <= 4.1.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Teaser plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the init_option_page function in versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update plugin settings since the function is invoked on admin menu load.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-teaser/"
     google-query: inurl:"/wp-content/plugins/post-teaser/"
     shodan-query: 'vuln:CVE-2022-45811'
-  tags: cve,wordpress,wp-plugin,post-teaser,medium
+  tags: cve,wordpress,wp-plugin,post-teaser,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45812-21d6fb0129ec0276cbb256583b4e5048.yaml b/nuclei-templates/2022/CVE-2022-45812-21d6fb0129ec0276cbb256583b4e5048.yaml
index 062fbd3da8..6f56b40e0c 100644
--- a/nuclei-templates/2022/CVE-2022-45812-21d6fb0129ec0276cbb256583b4e5048.yaml
+++ b/nuclei-templates/2022/CVE-2022-45812-21d6fb0129ec0276cbb256583b4e5048.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exxp <= 2.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exxp plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exxp-wp/"
     google-query: inurl:"/wp-content/plugins/exxp-wp/"
     shodan-query: 'vuln:CVE-2022-45812'
-  tags: cve,wordpress,wp-plugin,exxp-wp,medium
+  tags: cve,wordpress,wp-plugin,exxp-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45813-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/2022/CVE-2022-45813-dfec65d3ffe11067030127a9c011404a.yaml
index c5d03dbaea..bcba3a28f1 100644
--- a/nuclei-templates/2022/CVE-2022-45813-dfec65d3ffe11067030127a9c011404a.yaml
+++ b/nuclei-templates/2022/CVE-2022-45813-dfec65d3ffe11067030127a9c011404a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BeRocket Plugins <= (Various Versions) - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Several BeRocket Plugins for WordPress are vulnerable to authorization bypass due to missing capability checks on functions corresponding to AJAX actions that are available to subscribers. This includes the close_notice, subscribe, disable_rate_notice, feature_request_send, get_plugin_error_ajax, close_notice, and test_key functions This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. One of the functions is used to subscribe to the BeRocket newsletter and can be used by subscribers to subscribe arbitrary email addresses. These functions are still missing Cross-Site Request Forgery Protection.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.4
     cve-id: CVE-2022-45813
   metadata:
-    fofa-query: "wp-content/plugins/sales-report-for-woocommerce/"
-    google-query: inurl:"/wp-content/plugins/sales-report-for-woocommerce/"
+    fofa-query: "wp-content/plugins/product-preview-for-woocommerce/"
+    google-query: inurl:"/wp-content/plugins/product-preview-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-45813'
-  tags: cve,wordpress,wp-plugin,sales-report-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,product-preview-for-woocommerce,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/sales-report-for-woocommerce/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/product-preview-for-woocommerce/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "sales-report-for-woocommerce"
+          - "product-preview-for-woocommerce"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2022/CVE-2022-45814-7d771013dd99d35b0d7273344b75ad3f.yaml b/nuclei-templates/2022/CVE-2022-45814-7d771013dd99d35b0d7273344b75ad3f.yaml
index f0b2efaaec..2e7a27cbf8 100644
--- a/nuclei-templates/2022/CVE-2022-45814-7d771013dd99d35b0d7273344b75ad3f.yaml
+++ b/nuclei-templates/2022/CVE-2022-45814-7d771013dd99d35b0d7273344b75ad3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Calendar <= 1.5.3 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Calendar plugin for WordPress is vulnerable to Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-calendar/"
     google-query: inurl:"/wp-content/plugins/wp-calendar/"
     shodan-query: 'vuln:CVE-2022-45814'
-  tags: cve,wordpress,wp-plugin,wp-calendar,medium
+  tags: cve,wordpress,wp-plugin,wp-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45816-6edbfbf441adea692ef285720c58a9cd.yaml b/nuclei-templates/2022/CVE-2022-45816-6edbfbf441adea692ef285720c58a9cd.yaml
index 9abbfa92a0..4582d73aa4 100644
--- a/nuclei-templates/2022/CVE-2022-45816-6edbfbf441adea692ef285720c58a9cd.yaml
+++ b/nuclei-templates/2022/CVE-2022-45816-6edbfbf441adea692ef285720c58a9cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD bbPress Attachments <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GD bbPress Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-bbpress-attachments/"
     google-query: inurl:"/wp-content/plugins/gd-bbpress-attachments/"
     shodan-query: 'vuln:CVE-2022-45816'
-  tags: cve,wordpress,wp-plugin,gd-bbpress-attachments,medium
+  tags: cve,wordpress,wp-plugin,gd-bbpress-attachments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45817-673bbf1cbb44b5f720028f2010c7e907.yaml b/nuclei-templates/2022/CVE-2022-45817-673bbf1cbb44b5f720028f2010c7e907.yaml
index 634163409a..ce20490576 100644
--- a/nuclei-templates/2022/CVE-2022-45817-673bbf1cbb44b5f720028f2010c7e907.yaml
+++ b/nuclei-templates/2022/CVE-2022-45817-673bbf1cbb44b5f720028f2010c7e907.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GC Testimonials <= 1.3.2 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GC Testimonials plugin for WordPress is vulnerable to Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gc-testimonials/"
     google-query: inurl:"/wp-content/plugins/gc-testimonials/"
     shodan-query: 'vuln:CVE-2022-45817'
-  tags: cve,wordpress,wp-plugin,gc-testimonials,medium
+  tags: cve,wordpress,wp-plugin,gc-testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45818-8e499ffbdb5eeef7ac0a6adb29663778.yaml b/nuclei-templates/2022/CVE-2022-45818-8e499ffbdb5eeef7ac0a6adb29663778.yaml
index 5150797ed3..253e85b1eb 100644
--- a/nuclei-templates/2022/CVE-2022-45818-8e499ffbdb5eeef7ac0a6adb29663778.yaml
+++ b/nuclei-templates/2022/CVE-2022-45818-8e499ffbdb5eeef7ac0a6adb29663778.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hero Banner Ultimate <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hero Banner Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting possibly via unspecified shortcodes in versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hero-banner-ultimate/"
     google-query: inurl:"/wp-content/plugins/hero-banner-ultimate/"
     shodan-query: 'vuln:CVE-2022-45818'
-  tags: cve,wordpress,wp-plugin,hero-banner-ultimate,medium
+  tags: cve,wordpress,wp-plugin,hero-banner-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45819-3a1e41088675792a5f4e28fc34263cd0.yaml b/nuclei-templates/2022/CVE-2022-45819-3a1e41088675792a5f4e28fc34263cd0.yaml
index 87bfa25a99..caa484457e 100644
--- a/nuclei-templates/2022/CVE-2022-45819-3a1e41088675792a5f4e28fc34263cd0.yaml
+++ b/nuclei-templates/2022/CVE-2022-45819-3a1e41088675792a5f4e28fc34263cd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Maker <= 1.17.1 - Missing Authorization via save_popup_enabled_state
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_popup_enabled_state function in versions up to, and including, 1.17.1. This makes it possible for authenticated attackers with contributor-level access, and above, to enable and disable popups even when they do not have the right to edit those popups.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-maker/"
     google-query: inurl:"/wp-content/plugins/popup-maker/"
     shodan-query: 'vuln:CVE-2022-45819'
-  tags: cve,wordpress,wp-plugin,popup-maker,medium
+  tags: cve,wordpress,wp-plugin,popup-maker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45820-8e805369c6f828c8254ff169ce6c85f4.yaml b/nuclei-templates/2022/CVE-2022-45820-8e805369c6f828c8254ff169ce6c85f4.yaml
index 3f4870e2b7..5f6d852eb7 100644
--- a/nuclei-templates/2022/CVE-2022-45820-8e805369c6f828c8254ff169ce6c85f4.yaml
+++ b/nuclei-templates/2022/CVE-2022-45820-8e805369c6f828c8254ff169ce6c85f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 4.1.7.3.2 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The LearnPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.1.7.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query passed via the learn_press_recent_courses and learn_press_featured_courses shortcodes. This makes it possible for authenticated attackers with subscriber level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2022-45820'
-  tags: cve,wordpress,wp-plugin,learnpress,high
+  tags: cve,wordpress,wp-plugin,learnpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45821-3c7165ed170542d9a48b7ebd75bdcfa2.yaml b/nuclei-templates/2022/CVE-2022-45821-3c7165ed170542d9a48b7ebd75bdcfa2.yaml
index 69a1ea6db5..02a215c9d3 100644
--- a/nuclei-templates/2022/CVE-2022-45821-3c7165ed170542d9a48b7ebd75bdcfa2.yaml
+++ b/nuclei-templates/2022/CVE-2022-45821-3c7165ed170542d9a48b7ebd75bdcfa2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NOO Timetable <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NOO Timetable plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/noo-timetable/"
     google-query: inurl:"/wp-content/plugins/noo-timetable/"
     shodan-query: 'vuln:CVE-2022-45821'
-  tags: cve,wordpress,wp-plugin,noo-timetable,medium
+  tags: cve,wordpress,wp-plugin,noo-timetable,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45826-04bb16712ffe510bd42325a97d792814.yaml b/nuclei-templates/2022/CVE-2022-45826-04bb16712ffe510bd42325a97d792814.yaml
index cf5840e7af..fdffc9c71f 100644
--- a/nuclei-templates/2022/CVE-2022-45826-04bb16712ffe510bd42325a97d792814.yaml
+++ b/nuclei-templates/2022/CVE-2022-45826-04bb16712ffe510bd42325a97d792814.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sunshine Photo Cart <= 2.9.13 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sunshine Photo Cart plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the sunshine_update_image_location_ajax function in versions up to, and including, 2.9.13. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image file paths.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sunshine-photo-cart/"
     google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/"
     shodan-query: 'vuln:CVE-2022-45826'
-  tags: cve,wordpress,wp-plugin,sunshine-photo-cart,medium
+  tags: cve,wordpress,wp-plugin,sunshine-photo-cart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45827-9390ac5e66dccc4c03531e3f70a3187f.yaml b/nuclei-templates/2022/CVE-2022-45827-9390ac5e66dccc4c03531e3f70a3187f.yaml
index 7b13897cec..854a8f62ad 100644
--- a/nuclei-templates/2022/CVE-2022-45827-9390ac5e66dccc4c03531e3f70a3187f.yaml
+++ b/nuclei-templates/2022/CVE-2022-45827-9390ac5e66dccc4c03531e3f70a3187f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Contest WordPress Plugin <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Contest WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-contest/"
     google-query: inurl:"/wp-content/plugins/video-contest/"
     shodan-query: 'vuln:CVE-2022-45827'
-  tags: cve,wordpress,wp-plugin,video-contest,medium
+  tags: cve,wordpress,wp-plugin,video-contest,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45829-9a16f7dd8fd77a0633f39e5cb1c0fe95.yaml b/nuclei-templates/2022/CVE-2022-45829-9a16f7dd8fd77a0633f39e5cb1c0fe95.yaml
index 62a2b95600..5f891e4c90 100644
--- a/nuclei-templates/2022/CVE-2022-45829-9a16f7dd8fd77a0633f39e5cb1c0fe95.yaml
+++ b/nuclei-templates/2022/CVE-2022-45829-9a16f7dd8fd77a0633f39e5cb1c0fe95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Arbitrary File Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy WP SMTP plugin for WordPress is vulnerable to Arbitrary File Deletion versions up to, and including, 1.5.1. This is possibly due to the SMTP import/export functionality. This makes it possible for administrator-level attackers to arbitrarily delete files on the server, including critical files for the website's functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-wp-smtp/"
     google-query: inurl:"/wp-content/plugins/easy-wp-smtp/"
     shodan-query: 'vuln:CVE-2022-45829'
-  tags: cve,wordpress,wp-plugin,easy-wp-smtp,medium
+  tags: cve,wordpress,wp-plugin,easy-wp-smtp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45832-7b1133cf795e5004c4eb6459afb4af96.yaml b/nuclei-templates/2022/CVE-2022-45832-7b1133cf795e5004c4eb6459afb4af96.yaml
index 1af2c214ad..e491375245 100644
--- a/nuclei-templates/2022/CVE-2022-45832-7b1133cf795e5004c4eb6459afb4af96.yaml
+++ b/nuclei-templates/2022/CVE-2022-45832-7b1133cf795e5004c4eb6459afb4af96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Attorney <= 3 - Missing Authorization to Unauthenticated Arbitrary Content Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Attorney theme for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the hd_delete_index_page function hooked via admin_init in versions up to, and including, 3. This makes it possible for unauthenticated attackers to delete arbitrary posts and content via the 'drop' parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/attorney/"
     google-query: inurl:"/wp-content/themes/attorney/"
     shodan-query: 'vuln:CVE-2022-45832'
-  tags: cve,wordpress,wp-theme,attorney,medium
+  tags: cve,wordpress,wp-theme,attorney,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45835-da56011233283b841dd7c13f7f29d7e9.yaml b/nuclei-templates/2022/CVE-2022-45835-da56011233283b841dd7c13f7f29d7e9.yaml
index 8876e01673..887f5ae783 100644
--- a/nuclei-templates/2022/CVE-2022-45835-da56011233283b841dd7c13f7f29d7e9.yaml
+++ b/nuclei-templates/2022/CVE-2022-45835-da56011233283b841dd7c13f7f29d7e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PhonePe Payment Solutions <= 1.0.15 - Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PhonePe Payment Solutions plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.0.15. This can allow authenticated attackers with subscriber-level privileges to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/phonepe-payment-solutions/"
     google-query: inurl:"/wp-content/plugins/phonepe-payment-solutions/"
     shodan-query: 'vuln:CVE-2022-45835'
-  tags: cve,wordpress,wp-plugin,phonepe-payment-solutions,medium
+  tags: cve,wordpress,wp-plugin,phonepe-payment-solutions,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45836-6855332cd5767d389db903e31b1c4f88.yaml b/nuclei-templates/2022/CVE-2022-45836-6855332cd5767d389db903e31b1c4f88.yaml
index 8f79ff75d5..6c84f451d7 100644
--- a/nuclei-templates/2022/CVE-2022-45836-6855332cd5767d389db903e31b1c4f88.yaml
+++ b/nuclei-templates/2022/CVE-2022-45836-6855332cd5767d389db903e31b1c4f88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.59 - Refleced Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘packages-shortcode-toolbar.php’, 'Shortcodes.php', and 'category-shortcode-toolbar.php' (in both 'src/Package/views/' and 'src/Category/views/') files in versions up to, and including, 3.2.59 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute if they can successfully trick a victim into clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2022-45836'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45839-054cca949d3d20e70e41393d4d7ba0fa.yaml b/nuclei-templates/2022/CVE-2022-45839-054cca949d3d20e70e41393d4d7ba0fa.yaml
index 2536f067b7..dd983f89a8 100644
--- a/nuclei-templates/2022/CVE-2022-45839-054cca949d3d20e70e41393d4d7ba0fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-45839-054cca949d3d20e70e41393d4d7ba0fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WHA Puzzle <= 1.0.9 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WHA Puzzle plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wha-puzzle/"
     google-query: inurl:"/wp-content/plugins/wha-puzzle/"
     shodan-query: 'vuln:CVE-2022-45839'
-  tags: cve,wordpress,wp-plugin,wha-puzzle,medium
+  tags: cve,wordpress,wp-plugin,wha-puzzle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45839-d23e433446769426d4aae17f6fe2a04a.yaml b/nuclei-templates/2022/CVE-2022-45839-d23e433446769426d4aae17f6fe2a04a.yaml
index d1ef699623..70bafc9bfb 100644
--- a/nuclei-templates/2022/CVE-2022-45839-d23e433446769426d4aae17f6fe2a04a.yaml
+++ b/nuclei-templates/2022/CVE-2022-45839-d23e433446769426d4aae17f6fe2a04a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Click To Tweet <= 5.10.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Better Click To Tweet plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the welcome_page function in versions up to, and including, 5.10.3. This makes it possible for unauthenticated attackers to update some of the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-click-to-tweet/"
     google-query: inurl:"/wp-content/plugins/better-click-to-tweet/"
     shodan-query: 'vuln:CVE-2022-45839'
-  tags: cve,wordpress,wp-plugin,better-click-to-tweet,medium
+  tags: cve,wordpress,wp-plugin,better-click-to-tweet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45840-ade8d23b5006403a0ff80adcff26f453.yaml b/nuclei-templates/2022/CVE-2022-45840-ade8d23b5006403a0ff80adcff26f453.yaml
index 5b989f2703..53b5d26849 100644
--- a/nuclei-templates/2022/CVE-2022-45840-ade8d23b5006403a0ff80adcff26f453.yaml
+++ b/nuclei-templates/2022/CVE-2022-45840-ade8d23b5006403a0ff80adcff26f453.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Affiliate Links <= 6.2.1.5 - Authenticated (Subscriber+) Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Auto Affiliate Links plugin for WordPress is vulnerable to improper access control via multiple AJAX actions in versions up to, and including, 6.2.1.5. This allows authenticated attackers with subscriber-level permissions or above to modify plugin settings such as adding exclusions for posts and words and to view statistics.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-auto-affiliate-links/"
     google-query: inurl:"/wp-content/plugins/wp-auto-affiliate-links/"
     shodan-query: 'vuln:CVE-2022-45840'
-  tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,medium
+  tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45843-f451ba2e71b9d178f196c4bee4c708ef.yaml b/nuclei-templates/2022/CVE-2022-45843-f451ba2e71b9d178f196c4bee4c708ef.yaml
index 0fa107b1b0..c509e995f9 100644
--- a/nuclei-templates/2022/CVE-2022-45843-f451ba2e71b9d178f196c4bee4c708ef.yaml
+++ b/nuclei-templates/2022/CVE-2022-45843-f451ba2e71b9d178f196c4bee4c708ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart Slider 3 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-slider-3/"
     google-query: inurl:"/wp-content/plugins/smart-slider-3/"
     shodan-query: 'vuln:CVE-2022-45843'
-  tags: cve,wordpress,wp-plugin,smart-slider-3,medium
+  tags: cve,wordpress,wp-plugin,smart-slider-3,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45844-a4e88b3da711b27ab40f6efd4bb4e5fa.yaml b/nuclei-templates/2022/CVE-2022-45844-a4e88b3da711b27ab40f6efd4bb4e5fa.yaml
index f8ac3a5549..74e58f423e 100644
--- a/nuclei-templates/2022/CVE-2022-45844-a4e88b3da711b27ab40f6efd4bb4e5fa.yaml
+++ b/nuclei-templates/2022/CVE-2022-45844-a4e88b3da711b27ab40f6efd4bb4e5fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Organization chart <= 1.4.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Organization chart plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the post_page_content function in versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/organization-chart/"
     google-query: inurl:"/wp-content/plugins/organization-chart/"
     shodan-query: 'vuln:CVE-2022-45844'
-  tags: cve,wordpress,wp-plugin,organization-chart,medium
+  tags: cve,wordpress,wp-plugin,organization-chart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45845-01aa5492a4b5bc7532a3a46a182927f8.yaml b/nuclei-templates/2022/CVE-2022-45845-01aa5492a4b5bc7532a3a46a182927f8.yaml
index 1c475d78e5..79c1dfe1f5 100644
--- a/nuclei-templates/2022/CVE-2022-45845-01aa5492a4b5bc7532a3a46a182927f8.yaml
+++ b/nuclei-templates/2022/CVE-2022-45845-01aa5492a4b5bc7532a3a46a182927f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Smart Slider 3 plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.5.1.9  via deserialization of untrusted input. This allows contributor-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-slider-3/"
     google-query: inurl:"/wp-content/plugins/smart-slider-3/"
     shodan-query: 'vuln:CVE-2022-45845'
-  tags: cve,wordpress,wp-plugin,smart-slider-3,high
+  tags: cve,wordpress,wp-plugin,smart-slider-3,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45846-bf2853efc06d31fecebbff0926f79cc8.yaml b/nuclei-templates/2022/CVE-2022-45846-bf2853efc06d31fecebbff0926f79cc8.yaml
index e1f8c5fdd3..6318e542fd 100644
--- a/nuclei-templates/2022/CVE-2022-45846-bf2853efc06d31fecebbff0926f79cc8.yaml
+++ b/nuclei-templates/2022/CVE-2022-45846-bf2853efc06d31fecebbff0926f79cc8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Map Pro <= 5.5.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Image Map Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke that function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-map-pro/"
     google-query: inurl:"/wp-content/plugins/image-map-pro/"
     shodan-query: 'vuln:CVE-2022-45846'
-  tags: cve,wordpress,wp-plugin,image-map-pro,high
+  tags: cve,wordpress,wp-plugin,image-map-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45847-475773ebaa71f55189abb950928342c8.yaml b/nuclei-templates/2022/CVE-2022-45847-475773ebaa71f55189abb950928342c8.yaml
index dd08409fa0..931eb1f77b 100644
--- a/nuclei-templates/2022/CVE-2022-45847-475773ebaa71f55189abb950928342c8.yaml
+++ b/nuclei-templates/2022/CVE-2022-45847-475773ebaa71f55189abb950928342c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Countdown Widget <= 3.1.9.1 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WordPress Countdown Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.9.1. This is due to missing or incorrect nonce validation on the admin_header function. This makes it possible for unauthenticated attackers to change plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-countdown-widget/"
     google-query: inurl:"/wp-content/plugins/wordpress-countdown-widget/"
     shodan-query: 'vuln:CVE-2022-45847'
-  tags: cve,wordpress,wp-plugin,wordpress-countdown-widget,high
+  tags: cve,wordpress,wp-plugin,wordpress-countdown-widget,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45848-e13fa86cb5f0a76818b71a18a333569e.yaml b/nuclei-templates/2022/CVE-2022-45848-e13fa86cb5f0a76818b71a18a333569e.yaml
index 104b9f7a16..3bbaf7ba03 100644
--- a/nuclei-templates/2022/CVE-2022-45848-e13fa86cb5f0a76818b71a18a333569e.yaml
+++ b/nuclei-templates/2022/CVE-2022-45848-e13fa86cb5f0a76818b71a18a333569e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 13.1.0.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 13.1.0.9  due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:CVE-2022-45848'
-  tags: cve,wordpress,wp-plugin,contest-gallery,medium
+  tags: cve,wordpress,wp-plugin,contest-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45849-860fdeef59df60170db304dfbf6f0b2b.yaml b/nuclei-templates/2022/CVE-2022-45849-860fdeef59df60170db304dfbf6f0b2b.yaml
index abe161bd9e..17df9c5891 100644
--- a/nuclei-templates/2022/CVE-2022-45849-860fdeef59df60170db304dfbf6f0b2b.yaml
+++ b/nuclei-templates/2022/CVE-2022-45849-860fdeef59df60170db304dfbf6f0b2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Activello <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Activello theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/activello/"
     google-query: inurl:"/wp-content/themes/activello/"
     shodan-query: 'vuln:CVE-2022-45849'
-  tags: cve,wordpress,wp-theme,activello,medium
+  tags: cve,wordpress,wp-theme,activello,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45850-3dfe4a41b3f6685dbbc11ea86f232a73.yaml b/nuclei-templates/2022/CVE-2022-45850-3dfe4a41b3f6685dbbc11ea86f232a73.yaml
index 9a0864e478..ec41484d3f 100644
--- a/nuclei-templates/2022/CVE-2022-45850-3dfe4a41b3f6685dbbc11ea86f232a73.yaml
+++ b/nuclei-templates/2022/CVE-2022-45850-3dfe4a41b3f6685dbbc11ea86f232a73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Map Pro <= 5.5.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Image Map Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke that function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-map-pro/"
     google-query: inurl:"/wp-content/plugins/image-map-pro/"
     shodan-query: 'vuln:CVE-2022-45850'
-  tags: cve,wordpress,wp-plugin,image-map-pro,high
+  tags: cve,wordpress,wp-plugin,image-map-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45851-2207307382a7e5b71273a639c041b28d.yaml b/nuclei-templates/2022/CVE-2022-45851-2207307382a7e5b71273a639c041b28d.yaml
index 90f93dbc7b..7fa1cab228 100644
--- a/nuclei-templates/2022/CVE-2022-45851-2207307382a7e5b71273a639c041b28d.yaml
+++ b/nuclei-templates/2022/CVE-2022-45851-2207307382a7e5b71273a639c041b28d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShareThis Dashboard for Google Analytics <= 3.1.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ShareThis Dashboard plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on one of its functions in versions up to, and including, 3.1.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and change plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/googleanalytics/"
     google-query: inurl:"/wp-content/plugins/googleanalytics/"
     shodan-query: 'vuln:CVE-2022-45851'
-  tags: cve,wordpress,wp-plugin,googleanalytics,medium
+  tags: cve,wordpress,wp-plugin,googleanalytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-45852-14ef39181771488f76a78ebc7f182128.yaml b/nuclei-templates/2022/CVE-2022-45852-14ef39181771488f76a78ebc7f182128.yaml
index 8a60daf2ed..70b661733a 100644
--- a/nuclei-templates/2022/CVE-2022-45852-14ef39181771488f76a78ebc7f182128.yaml
+++ b/nuclei-templates/2022/CVE-2022-45852-14ef39181771488f76a78ebc7f182128.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-FormAssembly <= 2.0.5  - Authenticated (Contributor+) Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-FormAssembly plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 2.0.5. This is due to insufficient controls on defining file paths on the fa_add() function. This makes it possible for contributor-level attackers to read the contents of any server file, including database configurations.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formassembly-web-forms/"
     google-query: inurl:"/wp-content/plugins/formassembly-web-forms/"
     shodan-query: 'vuln:CVE-2022-45852'
-  tags: cve,wordpress,wp-plugin,formassembly-web-forms,medium
+  tags: cve,wordpress,wp-plugin,formassembly-web-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46175-48cf291038d407d0c14437de80bf836d.yaml b/nuclei-templates/2022/CVE-2022-46175-48cf291038d407d0c14437de80bf836d.yaml
index a421485c80..9d91a29a4e 100644
--- a/nuclei-templates/2022/CVE-2022-46175-48cf291038d407d0c14437de80bf836d.yaml
+++ b/nuclei-templates/2022/CVE-2022-46175-48cf291038d407d0c14437de80bf836d.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2022-46175
   metadata:
-    fofa-query: "wp-content/plugins/simple-podcasting/"
-    google-query: inurl:"/wp-content/plugins/simple-podcasting/"
+    fofa-query: "wp-content/plugins/maps-block-apple/"
+    google-query: inurl:"/wp-content/plugins/maps-block-apple/"
     shodan-query: 'vuln:CVE-2022-46175'
-  tags: cve,wordpress,wp-plugin,simple-podcasting,high
+  tags: cve,wordpress,wp-plugin,maps-block-apple,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/simple-podcasting/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/maps-block-apple/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "simple-podcasting"
+          - "maps-block-apple"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.3.0')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.3')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-4619-4f0e3223d5ea7b01c767c6e564ea2ada.yaml b/nuclei-templates/2022/CVE-2022-4619-4f0e3223d5ea7b01c767c6e564ea2ada.yaml
index 48203e594b..0b181be29c 100644
--- a/nuclei-templates/2022/CVE-2022-4619-4f0e3223d5ea7b01c767c6e564ea2ada.yaml
+++ b/nuclei-templates/2022/CVE-2022-4619-4f0e3223d5ea7b01c767c6e564ea2ada.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sidebar Widgets by CodeLights <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/codelights-shortcodes-and-widgets/"
     google-query: inurl:"/wp-content/plugins/codelights-shortcodes-and-widgets/"
     shodan-query: 'vuln:CVE-2022-4619'
-  tags: cve,wordpress,wp-plugin,codelights-shortcodes-and-widgets,medium
+  tags: cve,wordpress,wp-plugin,codelights-shortcodes-and-widgets,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4622-4d7cf09bd61a740d1d041e4a547bb223.yaml b/nuclei-templates/2022/CVE-2022-4622-4d7cf09bd61a740d1d041e4a547bb223.yaml
index 58dbc11021..a727572ed1 100644
--- a/nuclei-templates/2022/CVE-2022-4622-4d7cf09bd61a740d1d041e4a547bb223.yaml
+++ b/nuclei-templates/2022/CVE-2022-4622-4d7cf09bd61a740d1d041e4a547bb223.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login Logout Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/baw-login-logout-menu/"
     google-query: inurl:"/wp-content/plugins/baw-login-logout-menu/"
     shodan-query: 'vuln:CVE-2022-4622'
-  tags: cve,wordpress,wp-plugin,baw-login-logout-menu,medium
+  tags: cve,wordpress,wp-plugin,baw-login-logout-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4623-fada6798d03eaae704cdbb04f45c1dff.yaml b/nuclei-templates/2022/CVE-2022-4623-fada6798d03eaae704cdbb04f45c1dff.yaml
index b02a7b33b8..145f199ef4 100644
--- a/nuclei-templates/2022/CVE-2022-4623-fada6798d03eaae704cdbb04f45c1dff.yaml
+++ b/nuclei-templates/2022/CVE-2022-4623-fada6798d03eaae704cdbb04f45c1dff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ND Shortcodes <= 6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nd_options_testimonial' shortcode in versions up to, and including, 6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-shortcodes/"
     google-query: inurl:"/wp-content/plugins/nd-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4623'
-  tags: cve,wordpress,wp-plugin,nd-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,nd-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4624-ee05a64bbaf03a516917796674375367.yaml b/nuclei-templates/2022/CVE-2022-4624-ee05a64bbaf03a516917796674375367.yaml
index 7d5e162242..4cbdd6e3c5 100644
--- a/nuclei-templates/2022/CVE-2022-4624-ee05a64bbaf03a516917796674375367.yaml
+++ b/nuclei-templates/2022/CVE-2022-4624-ee05a64bbaf03a516917796674375367.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Logo Slider – Ticker, Grid, List, Table & Filter Views <= 3.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GS Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-logo-slider/"
     google-query: inurl:"/wp-content/plugins/gs-logo-slider/"
     shodan-query: 'vuln:CVE-2022-4624'
-  tags: cve,wordpress,wp-plugin,gs-logo-slider,medium
+  tags: cve,wordpress,wp-plugin,gs-logo-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4625-de60bb7a2d8edb4c8b70880b7d8f6006.yaml b/nuclei-templates/2022/CVE-2022-4625-de60bb7a2d8edb4c8b70880b7d8f6006.yaml
index e11832216a..c8dd9b72d6 100644
--- a/nuclei-templates/2022/CVE-2022-4625-de60bb7a2d8edb4c8b70880b7d8f6006.yaml
+++ b/nuclei-templates/2022/CVE-2022-4625-de60bb7a2d8edb4c8b70880b7d8f6006.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login Logout Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-logout-menu/"
     google-query: inurl:"/wp-content/plugins/login-logout-menu/"
     shodan-query: 'vuln:CVE-2022-4625'
-  tags: cve,wordpress,wp-plugin,login-logout-menu,medium
+  tags: cve,wordpress,wp-plugin,login-logout-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4626-d66ad8d87de6007b46efcadeba262d7e.yaml b/nuclei-templates/2022/CVE-2022-4626-d66ad8d87de6007b46efcadeba262d7e.yaml
index 67c9b842a6..ad8e4712d6 100644
--- a/nuclei-templates/2022/CVE-2022-4626-d66ad8d87de6007b46efcadeba262d7e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4626-d66ad8d87de6007b46efcadeba262d7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PPWP – WordPress Password Protect Page <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Password Protect Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/password-protect-page/"
     google-query: inurl:"/wp-content/plugins/password-protect-page/"
     shodan-query: 'vuln:CVE-2022-4626'
-  tags: cve,wordpress,wp-plugin,password-protect-page,medium
+  tags: cve,wordpress,wp-plugin,password-protect-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4627-178a0b2872232b9ff07f79c6391e0625.yaml b/nuclei-templates/2022/CVE-2022-4627-178a0b2872232b9ff07f79c6391e0625.yaml
index 494bb3e874..e2c5893107 100644
--- a/nuclei-templates/2022/CVE-2022-4627-178a0b2872232b9ff07f79c6391e0625.yaml
+++ b/nuclei-templates/2022/CVE-2022-4627-178a0b2872232b9ff07f79c6391e0625.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShiftNav – Responsive Mobile Menu <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ShiftNav – Responsive Mobile Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shiftnav-responsive-mobile-menu/"
     google-query: inurl:"/wp-content/plugins/shiftnav-responsive-mobile-menu/"
     shodan-query: 'vuln:CVE-2022-4627'
-  tags: cve,wordpress,wp-plugin,shiftnav-responsive-mobile-menu,medium
+  tags: cve,wordpress,wp-plugin,shiftnav-responsive-mobile-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4628-51e05e1842b40dddcacbdfa060eb58f3.yaml b/nuclei-templates/2022/CVE-2022-4628-51e05e1842b40dddcacbdfa060eb58f3.yaml
index be1fe9670d..e0d4ac73d8 100644
--- a/nuclei-templates/2022/CVE-2022-4628-51e05e1842b40dddcacbdfa060eb58f3.yaml
+++ b/nuclei-templates/2022/CVE-2022-4628-51e05e1842b40dddcacbdfa060eb58f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy PayPal Buy Now Button <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy PayPal Buy Now Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ecommerce-paypal/"
     google-query: inurl:"/wp-content/plugins/wp-ecommerce-paypal/"
     shodan-query: 'vuln:CVE-2022-4628'
-  tags: cve,wordpress,wp-plugin,wp-ecommerce-paypal,medium
+  tags: cve,wordpress,wp-plugin,wp-ecommerce-paypal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4629-c1072dc6be25d5ca69ffa07a2d068093.yaml b/nuclei-templates/2022/CVE-2022-4629-c1072dc6be25d5ca69ffa07a2d068093.yaml
index a75b8d084c..d860e4c0fd 100644
--- a/nuclei-templates/2022/CVE-2022-4629-c1072dc6be25d5ca69ffa07a2d068093.yaml
+++ b/nuclei-templates/2022/CVE-2022-4629-c1072dc6be25d5ca69ffa07a2d068093.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Slider for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Product Slider for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-slider/"
     google-query: inurl:"/wp-content/plugins/woo-product-slider/"
     shodan-query: 'vuln:CVE-2022-4629'
-  tags: cve,wordpress,wp-plugin,woo-product-slider,high
+  tags: cve,wordpress,wp-plugin,woo-product-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4648-68309fb63b5db886058ca866de7b117b.yaml b/nuclei-templates/2022/CVE-2022-4648-68309fb63b5db886058ca866de7b117b.yaml
index f11a760976..6a9e1ee824 100644
--- a/nuclei-templates/2022/CVE-2022-4648-68309fb63b5db886058ca866de7b117b.yaml
+++ b/nuclei-templates/2022/CVE-2022-4648-68309fb63b5db886058ca866de7b117b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Testimonials <= 2.5.11 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Real Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.5.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-free/"
     google-query: inurl:"/wp-content/plugins/testimonial-free/"
     shodan-query: 'vuln:CVE-2022-4648'
-  tags: cve,wordpress,wp-plugin,testimonial-free,medium
+  tags: cve,wordpress,wp-plugin,testimonial-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4649-2124f2372d43d33c582fb413bf11d2cf.yaml b/nuclei-templates/2022/CVE-2022-4649-2124f2372d43d33c582fb413bf11d2cf.yaml
index 1883c3bf91..8aa35a0dff 100644
--- a/nuclei-templates/2022/CVE-2022-4649-2124f2372d43d33c582fb413bf11d2cf.yaml
+++ b/nuclei-templates/2022/CVE-2022-4649-2124f2372d43d33c582fb413bf11d2cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Extended Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Extended Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-extended-search/"
     google-query: inurl:"/wp-content/plugins/wp-extended-search/"
     shodan-query: 'vuln:CVE-2022-4649'
-  tags: cve,wordpress,wp-plugin,wp-extended-search,medium
+  tags: cve,wordpress,wp-plugin,wp-extended-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4650-77bff58a02745412cca836e0af8ecf6c.yaml b/nuclei-templates/2022/CVE-2022-4650-77bff58a02745412cca836e0af8ecf6c.yaml
index 3dc1ec5ee3..935f0f54d3 100644
--- a/nuclei-templates/2022/CVE-2022-4650-77bff58a02745412cca836e0af8ecf6c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4650-77bff58a02745412cca836e0af8ecf6c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HashBar – WordPress Notification Bar <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HashBar – WordPress Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level privileges and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hashbar-wp-notification-bar/"
     google-query: inurl:"/wp-content/plugins/hashbar-wp-notification-bar/"
     shodan-query: 'vuln:CVE-2022-4650'
-  tags: cve,wordpress,wp-plugin,hashbar-wp-notification-bar,medium
+  tags: cve,wordpress,wp-plugin,hashbar-wp-notification-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4651-421ff303fd144872eafd938e0ed53208.yaml b/nuclei-templates/2022/CVE-2022-4651-421ff303fd144872eafd938e0ed53208.yaml
index c9df27e4f0..ebb3c96ccf 100644
--- a/nuclei-templates/2022/CVE-2022-4651-421ff303fd144872eafd938e0ed53208.yaml
+++ b/nuclei-templates/2022/CVE-2022-4651-421ff303fd144872eafd938e0ed53208.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Justified Gallery <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Justified Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 1.7.0 due to insufficient sanitization and escaping on the attribute values passed through the plugins shortcode. This makes it possible for authenticated attackers with contributor level and above privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/justified-gallery/"
     google-query: inurl:"/wp-content/plugins/justified-gallery/"
     shodan-query: 'vuln:CVE-2022-4651'
-  tags: cve,wordpress,wp-plugin,justified-gallery,medium
+  tags: cve,wordpress,wp-plugin,justified-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4652-5826ca6dc34aaca6ed2393f60977f5a4.yaml b/nuclei-templates/2022/CVE-2022-4652-5826ca6dc34aaca6ed2393f60977f5a4.yaml
index 1fba306b10..022968b2ea 100644
--- a/nuclei-templates/2022/CVE-2022-4652-5826ca6dc34aaca6ed2393f60977f5a4.yaml
+++ b/nuclei-templates/2022/CVE-2022-4652-5826ca6dc34aaca6ed2393f60977f5a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Background <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-background/"
     google-query: inurl:"/wp-content/plugins/video-background/"
     shodan-query: 'vuln:CVE-2022-4652'
-  tags: cve,wordpress,wp-plugin,video-background,medium
+  tags: cve,wordpress,wp-plugin,video-background,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4653-601f7b212435b0908f5157de31e9c323.yaml b/nuclei-templates/2022/CVE-2022-4653-601f7b212435b0908f5157de31e9c323.yaml
index 5fab341cd8..5f43419fc7 100644
--- a/nuclei-templates/2022/CVE-2022-4653-601f7b212435b0908f5157de31e9c323.yaml
+++ b/nuclei-templates/2022/CVE-2022-4653-601f7b212435b0908f5157de31e9c323.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Greenshift – animation and page builder blocks <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/greenshift-animation-and-page-builder-blocks/"
     google-query: inurl:"/wp-content/plugins/greenshift-animation-and-page-builder-blocks/"
     shodan-query: 'vuln:CVE-2022-4653'
-  tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,medium
+  tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4654-99e94192bf6d19eb379533764c917cb6.yaml b/nuclei-templates/2022/CVE-2022-4654-99e94192bf6d19eb379533764c917cb6.yaml
index 8d07672e0a..3854c9f330 100644
--- a/nuclei-templates/2022/CVE-2022-4654-99e94192bf6d19eb379533764c917cb6.yaml
+++ b/nuclei-templates/2022/CVE-2022-4654-99e94192bf6d19eb379533764c917cb6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Pricing Tables <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-pricing-tables/"
     google-query: inurl:"/wp-content/plugins/easy-pricing-tables/"
     shodan-query: 'vuln:CVE-2022-4654'
-  tags: cve,wordpress,wp-plugin,easy-pricing-tables,medium
+  tags: cve,wordpress,wp-plugin,easy-pricing-tables,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4655-229b28e3351ab434cc4be3a1c3322160.yaml b/nuclei-templates/2022/CVE-2022-4655-229b28e3351ab434cc4be3a1c3322160.yaml
index f4383df646..ea76ca0dd2 100644
--- a/nuclei-templates/2022/CVE-2022-4655-229b28e3351ab434cc4be3a1c3322160.yaml
+++ b/nuclei-templates/2022/CVE-2022-4655-229b28e3351ab434cc4be3a1c3322160.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level privileges and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2022-4655'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4656-1085089f2339a1b75325ca6667c1e32b.yaml b/nuclei-templates/2022/CVE-2022-4656-1085089f2339a1b75325ca6667c1e32b.yaml
index 06987c9781..a5618bb808 100644
--- a/nuclei-templates/2022/CVE-2022-4656-1085089f2339a1b75325ca6667c1e32b.yaml
+++ b/nuclei-templates/2022/CVE-2022-4656-1085089f2339a1b75325ca6667c1e32b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Visitor Statistics (Real Time Traffic) <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Visitor Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 6.4  due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-stats-manager/"
     google-query: inurl:"/wp-content/plugins/wp-stats-manager/"
     shodan-query: 'vuln:CVE-2022-4656'
-  tags: cve,wordpress,wp-plugin,wp-stats-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-stats-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4657-52f3f56cac58e66f1b3bbe271591fbea.yaml b/nuclei-templates/2022/CVE-2022-4657-52f3f56cac58e66f1b3bbe271591fbea.yaml
index 9dc0da6e43..7811a0887d 100644
--- a/nuclei-templates/2022/CVE-2022-4657-52f3f56cac58e66f1b3bbe271591fbea.yaml
+++ b/nuclei-templates/2022/CVE-2022-4657-52f3f56cac58e66f1b3bbe271591fbea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.5 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/menu-ordering-reservations/"
     google-query: inurl:"/wp-content/plugins/menu-ordering-reservations/"
     shodan-query: 'vuln:CVE-2022-4657'
-  tags: cve,wordpress,wp-plugin,menu-ordering-reservations,medium
+  tags: cve,wordpress,wp-plugin,menu-ordering-reservations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4658-cd17a32212236705de6be45ec4d31053.yaml b/nuclei-templates/2022/CVE-2022-4658-cd17a32212236705de6be45ec4d31053.yaml
index 74e806a5dd..7d3fc7f8ec 100644
--- a/nuclei-templates/2022/CVE-2022-4658-cd17a32212236705de6be45ec4d31053.yaml
+++ b/nuclei-templates/2022/CVE-2022-4658-cd17a32212236705de6be45ec4d31053.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSSImport <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RSSImport plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rss-import/"
     google-query: inurl:"/wp-content/plugins/rss-import/"
     shodan-query: 'vuln:CVE-2022-4658'
-  tags: cve,wordpress,wp-plugin,rss-import,medium
+  tags: cve,wordpress,wp-plugin,rss-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4661-b224632750bfc8c01cfd4c8878280cb5.yaml b/nuclei-templates/2022/CVE-2022-4661-b224632750bfc8c01cfd4c8878280cb5.yaml
index 1704471718..82a1032e3f 100644
--- a/nuclei-templates/2022/CVE-2022-4661-b224632750bfc8c01cfd4c8878280cb5.yaml
+++ b/nuclei-templates/2022/CVE-2022-4661-b224632750bfc8c01cfd4c8878280cb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woo Products Widgets For Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Woo Products Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woo-products-widgets-products shortcode in versions up to, and including, 1.0.7  due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-products-widgets-for-elementor/"
     google-query: inurl:"/wp-content/plugins/woo-products-widgets-for-elementor/"
     shodan-query: 'vuln:CVE-2022-4661'
-  tags: cve,wordpress,wp-plugin,woo-products-widgets-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,woo-products-widgets-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4663-44b1b2f0eb9245a5807308d2327328e8.yaml b/nuclei-templates/2022/CVE-2022-4663-44b1b2f0eb9245a5807308d2327328e8.yaml
index 28e8fe717a..da5e3f8f9c 100644
--- a/nuclei-templates/2022/CVE-2022-4663-44b1b2f0eb9245a5807308d2327328e8.yaml
+++ b/nuclei-templates/2022/CVE-2022-4663-44b1b2f0eb9245a5807308d2327328e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Members Import <= 1.4.2 - Self Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site's administrator into uploading a CSV file with the malicious payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/members-import/"
     google-query: inurl:"/wp-content/plugins/members-import/"
     shodan-query: 'vuln:CVE-2022-4663'
-  tags: cve,wordpress,wp-plugin,members-import,medium
+  tags: cve,wordpress,wp-plugin,members-import,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4664-c7884dbfd12febc95a975f955686dac3.yaml b/nuclei-templates/2022/CVE-2022-4664-c7884dbfd12febc95a975f955686dac3.yaml
index 3ec6114887..a1c4508899 100644
--- a/nuclei-templates/2022/CVE-2022-4664-c7884dbfd12febc95a975f955686dac3.yaml
+++ b/nuclei-templates/2022/CVE-2022-4664-c7884dbfd12febc95a975f955686dac3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Logo Slider <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via numerous shortcodes in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping in the 'lgx_output_function_dep' function. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/logo-slider-wp/"
     google-query: inurl:"/wp-content/plugins/logo-slider-wp/"
     shodan-query: 'vuln:CVE-2022-4664'
-  tags: cve,wordpress,wp-plugin,logo-slider-wp,medium
+  tags: cve,wordpress,wp-plugin,logo-slider-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4666-d5d53242307fbcb60f1d07b6a75cb319.yaml b/nuclei-templates/2022/CVE-2022-4666-d5d53242307fbcb60f1d07b6a75cb319.yaml
index de932f54d4..1b37a83401 100644
--- a/nuclei-templates/2022/CVE-2022-4666-d5d53242307fbcb60f1d07b6a75cb319.yaml
+++ b/nuclei-templates/2022/CVE-2022-4666-d5d53242307fbcb60f1d07b6a75cb319.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Markup <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Markup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-structuring-markup/"
     google-query: inurl:"/wp-content/plugins/wp-structuring-markup/"
     shodan-query: 'vuln:CVE-2022-4666'
-  tags: cve,wordpress,wp-plugin,wp-structuring-markup,medium
+  tags: cve,wordpress,wp-plugin,wp-structuring-markup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4667-507b936e6df45800b9063c2207c957aa.yaml b/nuclei-templates/2022/CVE-2022-4667-507b936e6df45800b9063c2207c957aa.yaml
index cb113abdf7..135dd824d5 100644
--- a/nuclei-templates/2022/CVE-2022-4667-507b936e6df45800b9063c2207c957aa.yaml
+++ b/nuclei-templates/2022/CVE-2022-4667-507b936e6df45800b9063c2207c957aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Aggregator by Feedzy <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedzy-rss-feeds/"
     google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/"
     shodan-query: 'vuln:CVE-2022-4667'
-  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,medium
+  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4668-e2ec209c741fed7cc95066eb8c9d077f.yaml b/nuclei-templates/2022/CVE-2022-4668-e2ec209c741fed7cc95066eb8c9d077f.yaml
index fe85766c5d..fd095eec12 100644
--- a/nuclei-templates/2022/CVE-2022-4668-e2ec209c741fed7cc95066eb8c9d077f.yaml
+++ b/nuclei-templates/2022/CVE-2022-4668-e2ec209c741fed7cc95066eb8c9d077f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Appointments <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Appointment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-appointments/"
     google-query: inurl:"/wp-content/plugins/easy-appointments/"
     shodan-query: 'vuln:CVE-2022-4668'
-  tags: cve,wordpress,wp-plugin,easy-appointments,medium
+  tags: cve,wordpress,wp-plugin,easy-appointments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4669-add895115f53c9c7df4b8eacc636e203.yaml b/nuclei-templates/2022/CVE-2022-4669-add895115f53c9c7df4b8eacc636e203.yaml
index 3906c39c2b..c194f263eb 100644
--- a/nuclei-templates/2022/CVE-2022-4669-add895115f53c9c7df4b8eacc636e203.yaml
+++ b/nuclei-templates/2022/CVE-2022-4669-add895115f53c9c7df4b8eacc636e203.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: Live Composer <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder: Live Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/live-composer-page-builder/"
     google-query: inurl:"/wp-content/plugins/live-composer-page-builder/"
     shodan-query: 'vuln:CVE-2022-4669'
-  tags: cve,wordpress,wp-plugin,live-composer-page-builder,medium
+  tags: cve,wordpress,wp-plugin,live-composer-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4670-ca93f191e3639f84afcc1a9b1fea599a.yaml b/nuclei-templates/2022/CVE-2022-4670-ca93f191e3639f84afcc1a9b1fea599a.yaml
index eee965f16e..64bee4bad5 100644
--- a/nuclei-templates/2022/CVE-2022-4670-ca93f191e3639f84afcc1a9b1fea599a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4670-ca93f191e3639f84afcc1a9b1fea599a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF.js Viewer <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PDF.js Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdfjs-viewer-shortcode/"
     google-query: inurl:"/wp-content/plugins/pdfjs-viewer-shortcode/"
     shodan-query: 'vuln:CVE-2022-4670'
-  tags: cve,wordpress,wp-plugin,pdfjs-viewer-shortcode,medium
+  tags: cve,wordpress,wp-plugin,pdfjs-viewer-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4671-4706d1b1438785969ae30d4549fd166c.yaml b/nuclei-templates/2022/CVE-2022-4671-4706d1b1438785969ae30d4549fd166c.yaml
index 12897e3e92..85f278b7d4 100644
--- a/nuclei-templates/2022/CVE-2022-4671-4706d1b1438785969ae30d4549fd166c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4671-4706d1b1438785969ae30d4549fd166c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PixCodes <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PixCodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pixcodes/"
     google-query: inurl:"/wp-content/plugins/pixcodes/"
     shodan-query: 'vuln:CVE-2022-4671'
-  tags: cve,wordpress,wp-plugin,pixcodes,medium
+  tags: cve,wordpress,wp-plugin,pixcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4672-02744bc958048e60b6fe8becee3f2311.yaml b/nuclei-templates/2022/CVE-2022-4672-02744bc958048e60b6fe8becee3f2311.yaml
index dcb6212e44..b8621e9f4b 100644
--- a/nuclei-templates/2022/CVE-2022-4672-02744bc958048e60b6fe8becee3f2311.yaml
+++ b/nuclei-templates/2022/CVE-2022-4672-02744bc958048e60b6fe8becee3f2311.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Simple PayPal Shopping Cart <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Simple PayPal Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-simple-paypal-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/wordpress-simple-paypal-shopping-cart/"
     shodan-query: 'vuln:CVE-2022-4672'
-  tags: cve,wordpress,wp-plugin,wordpress-simple-paypal-shopping-cart,medium
+  tags: cve,wordpress,wp-plugin,wordpress-simple-paypal-shopping-cart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4673-bc63c69c92e0f2828459114bbefab4b4.yaml b/nuclei-templates/2022/CVE-2022-4673-bc63c69c92e0f2828459114bbefab4b4.yaml
index 3398dfd611..226ef8c123 100644
--- a/nuclei-templates/2022/CVE-2022-4673-bc63c69c92e0f2828459114bbefab4b4.yaml
+++ b/nuclei-templates/2022/CVE-2022-4673-bc63c69c92e0f2828459114bbefab4b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rate my Post – WP Rating System <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rate my Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rate-my-post/"
     google-query: inurl:"/wp-content/plugins/rate-my-post/"
     shodan-query: 'vuln:CVE-2022-4673'
-  tags: cve,wordpress,wp-plugin,rate-my-post,medium
+  tags: cve,wordpress,wp-plugin,rate-my-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4674-747cb2b72097d91ef1564458b7d2e373.yaml b/nuclei-templates/2022/CVE-2022-4674-747cb2b72097d91ef1564458b7d2e373.yaml
index fc47585270..68820eb76b 100644
--- a/nuclei-templates/2022/CVE-2022-4674-747cb2b72097d91ef1564458b7d2e373.yaml
+++ b/nuclei-templates/2022/CVE-2022-4674-747cb2b72097d91ef1564458b7d2e373.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ibtana – WordPress Website Builder <= 1.1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [ive] shortcode in versions up to, and including, 1.1.8.7 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ibtana-visual-editor/"
     google-query: inurl:"/wp-content/plugins/ibtana-visual-editor/"
     shodan-query: 'vuln:CVE-2022-4674'
-  tags: cve,wordpress,wp-plugin,ibtana-visual-editor,medium
+  tags: cve,wordpress,wp-plugin,ibtana-visual-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4675-cfdb8d7325e93947d2061002a4b258f4.yaml b/nuclei-templates/2022/CVE-2022-4675-cfdb8d7325e93947d2061002a4b258f4.yaml
index 648b2391a2..79a72ed320 100644
--- a/nuclei-templates/2022/CVE-2022-4675-cfdb8d7325e93947d2061002a4b258f4.yaml
+++ b/nuclei-templates/2022/CVE-2022-4675-cfdb8d7325e93947d2061002a4b258f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mongoose Page Plugin <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mongoose Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-page-feed-graph-api/"
     google-query: inurl:"/wp-content/plugins/facebook-page-feed-graph-api/"
     shodan-query: 'vuln:CVE-2022-4675'
-  tags: cve,wordpress,wp-plugin,facebook-page-feed-graph-api,medium
+  tags: cve,wordpress,wp-plugin,facebook-page-feed-graph-api,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4676-8b5e55916d6d52550d91a97ed666547f.yaml b/nuclei-templates/2022/CVE-2022-4676-8b5e55916d6d52550d91a97ed666547f.yaml
index 58b4058b3b..38e0d1c12a 100644
--- a/nuclei-templates/2022/CVE-2022-4676-8b5e55916d6d52550d91a97ed666547f.yaml
+++ b/nuclei-templates/2022/CVE-2022-4676-8b5e55916d6d52550d91a97ed666547f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OSM - OpenStreetMap <= 6.0.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OSM - OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/osm/"
     google-query: inurl:"/wp-content/plugins/osm/"
     shodan-query: 'vuln:CVE-2022-4676'
-  tags: cve,wordpress,wp-plugin,osm,medium
+  tags: cve,wordpress,wp-plugin,osm,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4677-8015d391de62b785680b52c5ead73093.yaml b/nuclei-templates/2022/CVE-2022-4677-8015d391de62b785680b52c5ead73093.yaml
index 836cac21a8..43f887ce52 100644
--- a/nuclei-templates/2022/CVE-2022-4677-8015d391de62b785680b52c5ead73093.yaml
+++ b/nuclei-templates/2022/CVE-2022-4677-8015d391de62b785680b52c5ead73093.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaflet Maps Marker < 3.12.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Leaflet Maps Marker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.12.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaflet-maps-marker/"
     google-query: inurl:"/wp-content/plugins/leaflet-maps-marker/"
     shodan-query: 'vuln:CVE-2022-4677'
-  tags: cve,wordpress,wp-plugin,leaflet-maps-marker,high
+  tags: cve,wordpress,wp-plugin,leaflet-maps-marker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4678-d10130ec70ac5e95df8a68d13ca495cb.yaml b/nuclei-templates/2022/CVE-2022-4678-d10130ec70ac5e95df8a68d13ca495cb.yaml
index 3559337627..5927d6002d 100644
--- a/nuclei-templates/2022/CVE-2022-4678-d10130ec70ac5e95df8a68d13ca495cb.yaml
+++ b/nuclei-templates/2022/CVE-2022-4678-d10130ec70ac5e95df8a68d13ca495cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/templatesnext-toolkit/"
     google-query: inurl:"/wp-content/plugins/templatesnext-toolkit/"
     shodan-query: 'vuln:CVE-2022-4678'
-  tags: cve,wordpress,wp-plugin,templatesnext-toolkit,medium
+  tags: cve,wordpress,wp-plugin,templatesnext-toolkit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4679-e7037db773bf01752d04e36ac2a2c9a0.yaml b/nuclei-templates/2022/CVE-2022-4679-e7037db773bf01752d04e36ac2a2c9a0.yaml
index 24b86b7168..27c865bc62 100644
--- a/nuclei-templates/2022/CVE-2022-4679-e7037db773bf01752d04e36ac2a2c9a0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4679-e7037db773bf01752d04e36ac2a2c9a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wufoo Shortcode <= 1.51 - Authenticated (Contributor+) Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wufoo Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via numerous shortcode attributes (such as 'height', 'username', and 'header') for the 'wufoo' shortcode in versions up to, and including, 1.51 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wufoo-shortcode/"
     google-query: inurl:"/wp-content/plugins/wufoo-shortcode/"
     shodan-query: 'vuln:CVE-2022-4679'
-  tags: cve,wordpress,wp-plugin,wufoo-shortcode,medium
+  tags: cve,wordpress,wp-plugin,wufoo-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46796-04585caadf98109f09006297093db829.yaml b/nuclei-templates/2022/CVE-2022-46796-04585caadf98109f09006297093db829.yaml
index 3fe68cc65b..2cbd051187 100644
--- a/nuclei-templates/2022/CVE-2022-46796-04585caadf98109f09006297093db829.yaml
+++ b/nuclei-templates/2022/CVE-2022-46796-04585caadf98109f09006297093db829.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CURCY <= 2.1.25 - Missing Authorization to Currency Exchange Retrieval
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CURCY plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woomulticurrency_exchange' function in versions up to, and including, 2.1.25. This makes it possible for unauthenticated-level attackers to access currency information retrieved by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-multi-currency/"
     google-query: inurl:"/wp-content/plugins/woo-multi-currency/"
     shodan-query: 'vuln:CVE-2022-46796'
-  tags: cve,wordpress,wp-plugin,woo-multi-currency,medium
+  tags: cve,wordpress,wp-plugin,woo-multi-currency,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4680-b4cd17df95bd140cf7c61464c7525ad6.yaml b/nuclei-templates/2022/CVE-2022-4680-b4cd17df95bd140cf7c61464c7525ad6.yaml
index 8def242ef9..87a8eecd5b 100644
--- a/nuclei-templates/2022/CVE-2022-4680-b4cd17df95bd140cf7c61464c7525ad6.yaml
+++ b/nuclei-templates/2022/CVE-2022-4680-b4cd17df95bd140cf7c61464c7525ad6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Revive Old Posts <= 9.0.10 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Revive Old Posts plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 9.0.10 via deserialization of untrusted input in the vulnerable function 'is_set_not_empty'. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tweet-old-post/"
     google-query: inurl:"/wp-content/plugins/tweet-old-post/"
     shodan-query: 'vuln:CVE-2022-4680'
-  tags: cve,wordpress,wp-plugin,tweet-old-post,medium
+  tags: cve,wordpress,wp-plugin,tweet-old-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46800-eaef067d144406da863b2f1698405be1.yaml b/nuclei-templates/2022/CVE-2022-46800-eaef067d144406da863b2f1698405be1.yaml
index 46f2f5fb09..4d8581a3b5 100644
--- a/nuclei-templates/2022/CVE-2022-46800-eaef067d144406da863b2f1698405be1.yaml
+++ b/nuclei-templates/2022/CVE-2022-46800-eaef067d144406da863b2f1698405be1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LiteSpeed Cache <= 5.3 - Missing Authorization to Toggle Crawler State
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LiteSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rest_api_init function in versions up to, and including, 5.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate or deactivate arbitrary crawlers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/litespeed-cache/"
     google-query: inurl:"/wp-content/plugins/litespeed-cache/"
     shodan-query: 'vuln:CVE-2022-46800'
-  tags: cve,wordpress,wp-plugin,litespeed-cache,medium
+  tags: cve,wordpress,wp-plugin,litespeed-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46804-8972c0084426af137e3ac2a4f9b562c5.yaml b/nuclei-templates/2022/CVE-2022-46804-8972c0084426af137e3ac2a4f9b562c5.yaml
index 0eabcdc268..e6c76aa536 100644
--- a/nuclei-templates/2022/CVE-2022-46804-8972c0084426af137e3ac2a4f9b562c5.yaml
+++ b/nuclei-templates/2022/CVE-2022-46804-8972c0084426af137e3ac2a4f9b562c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export Users Data Distinct <= 1.3 - Authenticated (Subscriber+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Export Users Data Distinct plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3. This allows authenticated attackers with subscriber-level permissions or above to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/export-users-data-distinct/"
     google-query: inurl:"/wp-content/plugins/export-users-data-distinct/"
     shodan-query: 'vuln:CVE-2022-46804'
-  tags: cve,wordpress,wp-plugin,export-users-data-distinct,medium
+  tags: cve,wordpress,wp-plugin,export-users-data-distinct,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46807-9c2789fd4f31da6a3e682d3cde6291b3.yaml b/nuclei-templates/2022/CVE-2022-46807-9c2789fd4f31da6a3e682d3cde6291b3.yaml
index ea29d3b3ce..9f62b5e65b 100644
--- a/nuclei-templates/2022/CVE-2022-46807-9c2789fd4f31da6a3e682d3cde6291b3.yaml
+++ b/nuclei-templates/2022/CVE-2022-46807-9c2789fd4f31da6a3e682d3cde6291b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stock Sync for WooCommerce <= 2.3.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stock Sync for WooCommerce plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to a missing capability check on the functions check_api_access and view_last_response in versions up to, and including, 2.3.2. This makes it possible for authenticated attackers with subscriber-level access, and above, to utilize those functions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stock-sync-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/stock-sync-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-46807'
-  tags: cve,wordpress,wp-plugin,stock-sync-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,stock-sync-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46815-f546949dea525a0c95c8895c66b00552.yaml b/nuclei-templates/2022/CVE-2022-46815-f546949dea525a0c95c8895c66b00552.yaml
index 3d77de373c..46ebfa09e5 100644
--- a/nuclei-templates/2022/CVE-2022-46815-f546949dea525a0c95c8895c66b00552.yaml
+++ b/nuclei-templates/2022/CVE-2022-46815-f546949dea525a0c95c8895c66b00552.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conditional Shipping for WooCommerce <= 2.3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Conditional Shipping for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the toggle_ruleset function. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/conditional-shipping-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/conditional-shipping-for-woocommerce/"
     shodan-query: 'vuln:CVE-2022-46815'
-  tags: cve,wordpress,wp-plugin,conditional-shipping-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,conditional-shipping-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46816-7075591051dde0bd8bf5f75302619dd9.yaml b/nuclei-templates/2022/CVE-2022-46816-7075591051dde0bd8bf5f75302619dd9.yaml
index 728898cce9..d4b099550e 100644
--- a/nuclei-templates/2022/CVE-2022-46816-7075591051dde0bd8bf5f75302619dd9.yaml
+++ b/nuclei-templates/2022/CVE-2022-46816-7075591051dde0bd8bf5f75302619dd9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booking Ultra Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-ultra-pro/"
     google-query: inurl:"/wp-content/plugins/booking-ultra-pro/"
     shodan-query: 'vuln:CVE-2022-46816'
-  tags: cve,wordpress,wp-plugin,booking-ultra-pro,high
+  tags: cve,wordpress,wp-plugin,booking-ultra-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46817-b142fb65f777c01f09af0b6a529becd3.yaml b/nuclei-templates/2022/CVE-2022-46817-b142fb65f777c01f09af0b6a529becd3.yaml
index d92c5aeea9..f4bf6e8667 100644
--- a/nuclei-templates/2022/CVE-2022-46817-b142fb65f777c01f09af0b6a529becd3.yaml
+++ b/nuclei-templates/2022/CVE-2022-46817-b142fb65f777c01f09af0b6a529becd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flyzoo Chat <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Flyzoo Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flyzoo/"
     google-query: inurl:"/wp-content/plugins/flyzoo/"
     shodan-query: 'vuln:CVE-2022-46817'
-  tags: cve,wordpress,wp-plugin,flyzoo,medium
+  tags: cve,wordpress,wp-plugin,flyzoo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46819-bbd95e8edaa114935e8c46570e7cf3d6.yaml b/nuclei-templates/2022/CVE-2022-46819-bbd95e8edaa114935e8c46570e7cf3d6.yaml
index c1c7e25a98..8c040464a1 100644
--- a/nuclei-templates/2022/CVE-2022-46819-bbd95e8edaa114935e8c46570e7cf3d6.yaml
+++ b/nuclei-templates/2022/CVE-2022-46819-bbd95e8edaa114935e8c46570e7cf3d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Continuous announcement scroller <= 13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Continuous announcement scroller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/continuous-announcement-scroller/"
     google-query: inurl:"/wp-content/plugins/continuous-announcement-scroller/"
     shodan-query: 'vuln:CVE-2022-46819'
-  tags: cve,wordpress,wp-plugin,continuous-announcement-scroller,medium
+  tags: cve,wordpress,wp-plugin,continuous-announcement-scroller,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4682-6dc5d6d271c910589d9f7947458f0df6.yaml b/nuclei-templates/2022/CVE-2022-4682-6dc5d6d271c910589d9f7947458f0df6.yaml
index 741671688d..6a8879a3b9 100644
--- a/nuclei-templates/2022/CVE-2022-4682-6dc5d6d271c910589d9f7947458f0df6.yaml
+++ b/nuclei-templates/2022/CVE-2022-4682-6dc5d6d271c910589d9f7947458f0df6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lightbox Gallery <= 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Lightbox Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery shortcode in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping on the user supplied 'class' attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lightbox-gallery/"
     google-query: inurl:"/wp-content/plugins/lightbox-gallery/"
     shodan-query: 'vuln:CVE-2022-4682'
-  tags: cve,wordpress,wp-plugin,lightbox-gallery,medium
+  tags: cve,wordpress,wp-plugin,lightbox-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46821-0f6f97ec8d1cc89cf7cec3ff35c09656.yaml b/nuclei-templates/2022/CVE-2022-46821-0f6f97ec8d1cc89cf7cec3ff35c09656.yaml
index 26b8c4daed..bcf415307b 100644
--- a/nuclei-templates/2022/CVE-2022-46821-0f6f97ec8d1cc89cf7cec3ff35c09656.yaml
+++ b/nuclei-templates/2022/CVE-2022-46821-0f6f97ec8d1cc89cf7cec3ff35c09656.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Emails & Newsletters with Jackmail <= 1.2.22 - Authenticated (Subscriber+) CSV Injecton
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Emails & Newsletters with Jackmail plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.2.22. This allows authenticated attackers, with subscriber-level permissions and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jackmail-newsletters/"
     google-query: inurl:"/wp-content/plugins/jackmail-newsletters/"
     shodan-query: 'vuln:CVE-2022-46821'
-  tags: cve,wordpress,wp-plugin,jackmail-newsletters,medium
+  tags: cve,wordpress,wp-plugin,jackmail-newsletters,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46822-4d6bafb19843bc6d71a91327064ee112.yaml b/nuclei-templates/2022/CVE-2022-46822-4d6bafb19843bc6d71a91327064ee112.yaml
index 2fecd1d9d4..9b6e91d807 100644
--- a/nuclei-templates/2022/CVE-2022-46822-4d6bafb19843bc6d71a91327064ee112.yaml
+++ b/nuclei-templates/2022/CVE-2022-46822-4d6bafb19843bc6d71a91327064ee112.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce JazzCash Gateway Plugin <= 2.0 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce JazzCash Gateway Plugin plugin for WordPress is vulnerable to Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers  to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jazzcash-woocommerce-gateway/"
     google-query: inurl:"/wp-content/plugins/jazzcash-woocommerce-gateway/"
     shodan-query: 'vuln:CVE-2022-46822'
-  tags: cve,wordpress,wp-plugin,jazzcash-woocommerce-gateway,medium
+  tags: cve,wordpress,wp-plugin,jazzcash-woocommerce-gateway,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46838-05e6db992de66a60c66b532d0b52e5c0.yaml b/nuclei-templates/2022/CVE-2022-46838-05e6db992de66a60c66b532d0b52e5c0.yaml
index 7a720a35f6..2baf7248e9 100644
--- a/nuclei-templates/2022/CVE-2022-46838-05e6db992de66a60c66b532d0b52e5c0.yaml
+++ b/nuclei-templates/2022/CVE-2022-46838-05e6db992de66a60c66b532d0b52e5c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The JS Help Desk plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 2.7.1. This makes it possible for unauthenticated attackers to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-support-ticket/"
     google-query: inurl:"/wp-content/plugins/js-support-ticket/"
     shodan-query: 'vuln:CVE-2022-46838'
-  tags: cve,wordpress,wp-plugin,js-support-ticket,critical
+  tags: cve,wordpress,wp-plugin,js-support-ticket,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46840-497602ea4705020cbc78a0b19d427eba.yaml b/nuclei-templates/2022/CVE-2022-46840-497602ea4705020cbc78a0b19d427eba.yaml
index 4744100b8d..d3972cb256 100644
--- a/nuclei-templates/2022/CVE-2022-46840-497602ea4705020cbc78a0b19d427eba.yaml
+++ b/nuclei-templates/2022/CVE-2022-46840-497602ea4705020cbc78a0b19d427eba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Help Desk <= 2.7.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JS Help Desk plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for higher-privileged users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-support-ticket/"
     google-query: inurl:"/wp-content/plugins/js-support-ticket/"
     shodan-query: 'vuln:CVE-2022-46840'
-  tags: cve,wordpress,wp-plugin,js-support-ticket,medium
+  tags: cve,wordpress,wp-plugin,js-support-ticket,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46844-32884b4069e08a6e3a456b6d9b5e62d6.yaml b/nuclei-templates/2022/CVE-2022-46844-32884b4069e08a6e3a456b6d9b5e62d6.yaml
index b2ebc1f991..d898fc6bd5 100644
--- a/nuclei-templates/2022/CVE-2022-46844-32884b4069e08a6e3a456b6d9b5e62d6.yaml
+++ b/nuclei-templates/2022/CVE-2022-46844-32884b4069e08a6e3a456b6d9b5e62d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PixFields <= 0.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PixFields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pixfields/"
     google-query: inurl:"/wp-content/plugins/pixfields/"
     shodan-query: 'vuln:CVE-2022-46844'
-  tags: cve,wordpress,wp-plugin,pixfields,medium
+  tags: cve,wordpress,wp-plugin,pixfields,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46845-cabe168b618270b5c6e54c5ab98ed27e.yaml b/nuclei-templates/2022/CVE-2022-46845-cabe168b618270b5c6e54c5ab98ed27e.yaml
index fbdff78228..781f580360 100644
--- a/nuclei-templates/2022/CVE-2022-46845-cabe168b618270b5c6e54c5ab98ed27e.yaml
+++ b/nuclei-templates/2022/CVE-2022-46845-cabe168b618270b5c6e54c5ab98ed27e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider a SlidersPack <= 2.0.2 - Missing Authorization via wp_spaios_save_attachment_data
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slider a SlidersPack plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the wp_spaios_save_attachment_data and wp_spaios_get_attachment_edit_form functions in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to modify and retrieve the metadata of an arbitrary WordPress Media Library attachment.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sliderspack-all-in-one-image-sliders/"
     google-query: inurl:"/wp-content/plugins/sliderspack-all-in-one-image-sliders/"
     shodan-query: 'vuln:CVE-2022-46845'
-  tags: cve,wordpress,wp-plugin,sliderspack-all-in-one-image-sliders,medium
+  tags: cve,wordpress,wp-plugin,sliderspack-all-in-one-image-sliders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46848-586527cb70d024f19104907acee04683.yaml b/nuclei-templates/2022/CVE-2022-46848-586527cb70d024f19104907acee04683.yaml
index a7ce429867..55bcf682b8 100644
--- a/nuclei-templates/2022/CVE-2022-46848-586527cb70d024f19104907acee04683.yaml
+++ b/nuclei-templates/2022/CVE-2022-46848-586527cb70d024f19104907acee04683.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visualizer <= 3.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Visualizer plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping in the 'renderChartPages' function. This makes it possible for authenticated attackers with contributor-level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visualizer/"
     google-query: inurl:"/wp-content/plugins/visualizer/"
     shodan-query: 'vuln:CVE-2022-46848'
-  tags: cve,wordpress,wp-plugin,visualizer,medium
+  tags: cve,wordpress,wp-plugin,visualizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46849-90c5798f111069225c0a9b9bba314556.yaml b/nuclei-templates/2022/CVE-2022-46849-90c5798f111069225c0a9b9bba314556.yaml
index 39cb35cfa5..cf4d8f2751 100644
--- a/nuclei-templates/2022/CVE-2022-46849-90c5798f111069225c0a9b9bba314556.yaml
+++ b/nuclei-templates/2022/CVE-2022-46849-90c5798f111069225c0a9b9bba314556.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coming Soon Page <= 1.5.9 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Coming Soon Page plugin for WordPress is vulnerable to SQL Injection via the 'rem' parameter in versions up to, and including, 1.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-coming-soon-page/"
     google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/"
     shodan-query: 'vuln:CVE-2022-46849'
-  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high
+  tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46850-1f6ddf0ce56b9b9d3d870c2c339aeff1.yaml b/nuclei-templates/2022/CVE-2022-46850-1f6ddf0ce56b9b9d3d870c2c339aeff1.yaml
index 96ff53ba8b..12d0269c7f 100644
--- a/nuclei-templates/2022/CVE-2022-46850-1f6ddf0ce56b9b9d3d870c2c339aeff1.yaml
+++ b/nuclei-templates/2022/CVE-2022-46850-1f6ddf0ce56b9b9d3d870c2c339aeff1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Media Replace <= 0.1.3 - Authenticated (Author+) Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Easy Media Replace plugin for WordPress is vulnerable to arbitrary file deletion due to file path validation in the replace function in versions up to, and including, 0.1.3. This makes it possible for author-level attackers to delete arbitrary files on the affected site's server. File deletion is limited to files of the same mime type the attacker can upload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-media-replace/"
     google-query: inurl:"/wp-content/plugins/easy-media-replace/"
     shodan-query: 'vuln:CVE-2022-46850'
-  tags: cve,wordpress,wp-plugin,easy-media-replace,high
+  tags: cve,wordpress,wp-plugin,easy-media-replace,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46852-fe0115e4206583520304b505b1843190.yaml b/nuclei-templates/2022/CVE-2022-46852-fe0115e4206583520304b505b1843190.yaml
index f2048d4f61..1dc4efdc29 100644
--- a/nuclei-templates/2022/CVE-2022-46852-fe0115e4206583520304b505b1843190.yaml
+++ b/nuclei-templates/2022/CVE-2022-46852-fe0115e4206583520304b505b1843190.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Table Builder – WordPress Table Plugin <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level privileges, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-table-builder/"
     google-query: inurl:"/wp-content/plugins/wp-table-builder/"
     shodan-query: 'vuln:CVE-2022-46852'
-  tags: cve,wordpress,wp-plugin,wp-table-builder,medium
+  tags: cve,wordpress,wp-plugin,wp-table-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46854-e9635d2750ec3cdec7963e531110e8e5.yaml b/nuclei-templates/2022/CVE-2022-46854-e9635d2750ec3cdec7963e531110e8e5.yaml
index d5d19216c4..270673ddb5 100644
--- a/nuclei-templates/2022/CVE-2022-46854-e9635d2750ec3cdec7963e531110e8e5.yaml
+++ b/nuclei-templates/2022/CVE-2022-46854-e9635d2750ec3cdec7963e531110e8e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Launchpad <= 1.0.13 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Launchapd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.13. This is due to missing or incorrect nonce validation on an unspecified function. This makes it possible for unauthenticated attackers to request unspecified actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/launchpad-by-obox/"
     google-query: inurl:"/wp-content/plugins/launchpad-by-obox/"
     shodan-query: 'vuln:CVE-2022-46854'
-  tags: cve,wordpress,wp-plugin,launchpad-by-obox,high
+  tags: cve,wordpress,wp-plugin,launchpad-by-obox,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46855-03f17f31cd71196d3e8108e1dfd1705d.yaml b/nuclei-templates/2022/CVE-2022-46855-03f17f31cd71196d3e8108e1dfd1705d.yaml
index 7a186adde2..d130bc8c2e 100644
--- a/nuclei-templates/2022/CVE-2022-46855-03f17f31cd71196d3e8108e1dfd1705d.yaml
+++ b/nuclei-templates/2022/CVE-2022-46855-03f17f31cd71196d3e8108e1dfd1705d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Pricing Table <= 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fields.title’ parameter in versions up to, and including, 5.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level privileges or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dk-pricr-responsive-pricing-table/"
     google-query: inurl:"/wp-content/plugins/dk-pricr-responsive-pricing-table/"
     shodan-query: 'vuln:CVE-2022-46855'
-  tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,medium
+  tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46859-9cd804229a710db23428eb806db45e23.yaml b/nuclei-templates/2022/CVE-2022-46859-9cd804229a710db23428eb806db45e23.yaml
index d6a53ed305..613a3b7a98 100644
--- a/nuclei-templates/2022/CVE-2022-46859-9cd804229a710db23428eb806db45e23.yaml
+++ b/nuclei-templates/2022/CVE-2022-46859-9cd804229a710db23428eb806db45e23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spiffy Calendar <= 4.9.1 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Spiffy Calendar plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter among others in versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level permissions and above (or subscriber-level permissions, if the 'Event manager role' option is set to 'Subscriber'), to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spiffy-calendar/"
     google-query: inurl:"/wp-content/plugins/spiffy-calendar/"
     shodan-query: 'vuln:CVE-2022-46859'
-  tags: cve,wordpress,wp-plugin,spiffy-calendar,high
+  tags: cve,wordpress,wp-plugin,spiffy-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46860-ed44a5e289d05299409a4dd60c060b57.yaml b/nuclei-templates/2022/CVE-2022-46860-ed44a5e289d05299409a4dd60c060b57.yaml
index 7cf3de9f90..ae999fa7a8 100644
--- a/nuclei-templates/2022/CVE-2022-46860-ed44a5e289d05299409a4dd60c060b57.yaml
+++ b/nuclei-templates/2022/CVE-2022-46860-ed44a5e289d05299409a4dd60c060b57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Short URL <= 1.6.4 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Short URL plugin for WordPress is vulnerable to SQL Injection via the 'idLink' parameter of the reset_link() function called via an AJAX action in versions up to, and including, 1.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shorten-url/"
     google-query: inurl:"/wp-content/plugins/shorten-url/"
     shodan-query: 'vuln:CVE-2022-46860'
-  tags: cve,wordpress,wp-plugin,shorten-url,high
+  tags: cve,wordpress,wp-plugin,shorten-url,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46861-7d4c259ea0aa11707d8270b3e5db8568.yaml b/nuclei-templates/2022/CVE-2022-46861-7d4c259ea0aa11707d8270b3e5db8568.yaml
index 99fdfda499..012d7d7dba 100644
--- a/nuclei-templates/2022/CVE-2022-46861-7d4c259ea0aa11707d8270b3e5db8568.yaml
+++ b/nuclei-templates/2022/CVE-2022-46861-7d4c259ea0aa11707d8270b3e5db8568.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login Page Styler <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login Page Styler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-page-styler/"
     google-query: inurl:"/wp-content/plugins/login-page-styler/"
     shodan-query: 'vuln:CVE-2022-46861'
-  tags: cve,wordpress,wp-plugin,login-page-styler,medium
+  tags: cve,wordpress,wp-plugin,login-page-styler,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46863-54c83422727dbe8ec911e59f2a60998f.yaml b/nuclei-templates/2022/CVE-2022-46863-54c83422727dbe8ec911e59f2a60998f.yaml
index e6fb8c6bab..a0bfc69f8c 100644
--- a/nuclei-templates/2022/CVE-2022-46863-54c83422727dbe8ec911e59f2a60998f.yaml
+++ b/nuclei-templates/2022/CVE-2022-46863-54c83422727dbe8ec911e59f2a60998f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Event Manager <= 9.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  Quick Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.6.4  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-event-manager/"
     google-query: inurl:"/wp-content/plugins/quick-event-manager/"
     shodan-query: 'vuln:CVE-2022-46863'
-  tags: cve,wordpress,wp-plugin,quick-event-manager,medium
+  tags: cve,wordpress,wp-plugin,quick-event-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-46867-09395db7be64b2d03b62fa45ed0398d7.yaml b/nuclei-templates/2022/CVE-2022-46867-09395db7be64b2d03b62fa45ed0398d7.yaml
index 8f8757d4a6..e96de15b9a 100644
--- a/nuclei-templates/2022/CVE-2022-46867-09395db7be64b2d03b62fa45ed0398d7.yaml
+++ b/nuclei-templates/2022/CVE-2022-46867-09395db7be64b2d03b62fa45ed0398d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Universal Star Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/universal-star-rating/"
     google-query: inurl:"/wp-content/plugins/universal-star-rating/"
     shodan-query: 'vuln:CVE-2022-46867'
-  tags: cve,wordpress,wp-plugin,universal-star-rating,high
+  tags: cve,wordpress,wp-plugin,universal-star-rating,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4697-c25b123faba0bdec0e1756161a7f2a1e.yaml b/nuclei-templates/2022/CVE-2022-4697-c25b123faba0bdec0e1756161a7f2a1e.yaml
index d93cb8afe7..2e65f591f4 100644
--- a/nuclei-templates/2022/CVE-2022-4697-c25b123faba0bdec0e1756161a7f2a1e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4697-c25b123faba0bdec0e1756161a7f2a1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2022-4697'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4698-faa5c662684f3e34d87e4c432d1f9f4a.yaml b/nuclei-templates/2022/CVE-2022-4698-faa5c662684f3e34d87e4c432d1f9f4a.yaml
index 24bac774b0..d243535fc8 100644
--- a/nuclei-templates/2022/CVE-2022-4698-faa5c662684f3e34d87e4c432d1f9f4a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4698-faa5c662684f3e34d87e4c432d1f9f4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2022-4698'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4699-6833c69669f3b6c1ff537772ca9a9c7f.yaml b/nuclei-templates/2022/CVE-2022-4699-6833c69669f3b6c1ff537772ca9a9c7f.yaml
index b2c6e28a67..b8d994756b 100644
--- a/nuclei-templates/2022/CVE-2022-4699-6833c69669f3b6c1ff537772ca9a9c7f.yaml
+++ b/nuclei-templates/2022/CVE-2022-4699-6833c69669f3b6c1ff537772ca9a9c7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MediaElement.js – HTML5 Video & Audio Player <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MediaElement.js – HTML5 Video & Audio Player for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-element-html5-video-and-audio-player/"
     google-query: inurl:"/wp-content/plugins/media-element-html5-video-and-audio-player/"
     shodan-query: 'vuln:CVE-2022-4699'
-  tags: cve,wordpress,wp-plugin,media-element-html5-video-and-audio-player,medium
+  tags: cve,wordpress,wp-plugin,media-element-html5-video-and-audio-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4706-c0043e4e0fc4abc274a0b7326af041c1.yaml b/nuclei-templates/2022/CVE-2022-4706-c0043e4e0fc4abc274a0b7326af041c1.yaml
index 839192370f..5f16c0f4d8 100644
--- a/nuclei-templates/2022/CVE-2022-4706-c0043e4e0fc4abc274a0b7326af041c1.yaml
+++ b/nuclei-templates/2022/CVE-2022-4706-c0043e4e0fc4abc274a0b7326af041c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Genesis Columns Advanced <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Genesis Columns Advanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/genesis-columns-advanced/"
     google-query: inurl:"/wp-content/plugins/genesis-columns-advanced/"
     shodan-query: 'vuln:CVE-2022-4706'
-  tags: cve,wordpress,wp-plugin,genesis-columns-advanced,medium
+  tags: cve,wordpress,wp-plugin,genesis-columns-advanced,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47137-87a2603e70828cd5276b845c0ebcc6ab.yaml b/nuclei-templates/2022/CVE-2022-47137-87a2603e70828cd5276b845c0ebcc6ab.yaml
index 8828c24c45..8629becb69 100644
--- a/nuclei-templates/2022/CVE-2022-47137-87a2603e70828cd5276b845c0ebcc6ab.yaml
+++ b/nuclei-templates/2022/CVE-2022-47137-87a2603e70828cd5276b845c0ebcc6ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ninja Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 4.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-tables/"
     google-query: inurl:"/wp-content/plugins/ninja-tables/"
     shodan-query: 'vuln:CVE-2022-47137'
-  tags: cve,wordpress,wp-plugin,ninja-tables,medium
+  tags: cve,wordpress,wp-plugin,ninja-tables,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4714-9b4ecfa65ce2bd75653c853011940f82.yaml b/nuclei-templates/2022/CVE-2022-4714-9b4ecfa65ce2bd75653c853011940f82.yaml
index 485faee035..56695f8fc7 100644
--- a/nuclei-templates/2022/CVE-2022-4714-9b4ecfa65ce2bd75653c853011940f82.yaml
+++ b/nuclei-templates/2022/CVE-2022-4714-9b4ecfa65ce2bd75653c853011940f82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Dark Mode <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Dark Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.0.6  due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dark-mode/"
     google-query: inurl:"/wp-content/plugins/wp-dark-mode/"
     shodan-query: 'vuln:CVE-2022-4714'
-  tags: cve,wordpress,wp-plugin,wp-dark-mode,medium
+  tags: cve,wordpress,wp-plugin,wp-dark-mode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47142-957e023e162fd65b104346c605f19c7a.yaml b/nuclei-templates/2022/CVE-2022-47142-957e023e162fd65b104346c605f19c7a.yaml
index 0a88047388..03421612c8 100644
--- a/nuclei-templates/2022/CVE-2022-47142-957e023e162fd65b104346c605f19c7a.yaml
+++ b/nuclei-templates/2022/CVE-2022-47142-957e023e162fd65b104346c605f19c7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mediamatic – Media Library Folders <= 2.8.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is a possible duplicate of CVE-2023-0294 and CVE-2022-47144.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mediamatic/"
     google-query: inurl:"/wp-content/plugins/mediamatic/"
     shodan-query: 'vuln:CVE-2022-47142'
-  tags: cve,wordpress,wp-plugin,mediamatic,high
+  tags: cve,wordpress,wp-plugin,mediamatic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4715-8afca71d6fa766e9a24060d9214388e1.yaml b/nuclei-templates/2022/CVE-2022-4715-8afca71d6fa766e9a24060d9214388e1.yaml
index 2b7bf7de67..29348bf1c9 100644
--- a/nuclei-templates/2022/CVE-2022-4715-8afca71d6fa766e9a24060d9214388e1.yaml
+++ b/nuclei-templates/2022/CVE-2022-4715-8afca71d6fa766e9a24060d9214388e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Structured Content <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/structured-content/"
     google-query: inurl:"/wp-content/plugins/structured-content/"
     shodan-query: 'vuln:CVE-2022-4715'
-  tags: cve,wordpress,wp-plugin,structured-content,medium
+  tags: cve,wordpress,wp-plugin,structured-content,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47150-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/2022/CVE-2022-47150-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml
index d8d56d95d0..59d24760c7 100644
--- a/nuclei-templates/2022/CVE-2022-47150-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml
+++ b/nuclei-templates/2022/CVE-2022-47150-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2022-47150
   metadata:
-    fofa-query: "wp-content/plugins/pt-elementor-addons-lite/"
-    google-query: inurl:"/wp-content/plugins/pt-elementor-addons-lite/"
+    fofa-query: "wp-content/plugins/wc-category-showcase/"
+    google-query: inurl:"/wp-content/plugins/wc-category-showcase/"
     shodan-query: 'vuln:CVE-2022-47150'
-  tags: cve,wordpress,wp-plugin,pt-elementor-addons-lite,medium
+  tags: cve,wordpress,wp-plugin,wc-category-showcase,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/pt-elementor-addons-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wc-category-showcase/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "pt-elementor-addons-lite"
+          - "wc-category-showcase"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.2')
\ No newline at end of file
+          - compare_versions(version, '<= 1.1.9')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-47151-cd695a94c9ddf898661512e7b5a151f2.yaml b/nuclei-templates/2022/CVE-2022-47151-cd695a94c9ddf898661512e7b5a151f2.yaml
index cc199511b8..ce416fc9a0 100644
--- a/nuclei-templates/2022/CVE-2022-47151-cd695a94c9ddf898661512e7b5a151f2.yaml
+++ b/nuclei-templates/2022/CVE-2022-47151-cd695a94c9ddf898661512e7b5a151f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Help Desk <= 2.7.1 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The JS Help Desk plugin for WordPress is vulnerable to generic SQL Injection via an unknown parameter in versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-support-ticket/"
     google-query: inurl:"/wp-content/plugins/js-support-ticket/"
     shodan-query: 'vuln:CVE-2022-47151'
-  tags: cve,wordpress,wp-plugin,js-support-ticket,high
+  tags: cve,wordpress,wp-plugin,js-support-ticket,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47155-5a964b37d1f769e559a3b5969ea09bec.yaml b/nuclei-templates/2022/CVE-2022-47155-5a964b37d1f769e559a3b5969ea09bec.yaml
index 774d3e22c8..af1a28f2ba 100644
--- a/nuclei-templates/2022/CVE-2022-47155-5a964b37d1f769e559a3b5969ea09bec.yaml
+++ b/nuclei-templates/2022/CVE-2022-47155-5a964b37d1f769e559a3b5969ea09bec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider by Supsystic <= 1.8.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Slider by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke the function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/slider-by-supsystic/"
     shodan-query: 'vuln:CVE-2022-47155'
-  tags: cve,wordpress,wp-plugin,slider-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,slider-by-supsystic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47157-0b1be450ec6216c739b3d0139ea02732.yaml b/nuclei-templates/2022/CVE-2022-47157-0b1be450ec6216c739b3d0139ea02732.yaml
index 54e29b44c1..2b965f7537 100644
--- a/nuclei-templates/2022/CVE-2022-47157-0b1be450ec6216c739b3d0139ea02732.yaml
+++ b/nuclei-templates/2022/CVE-2022-47157-0b1be450ec6216c739b3d0139ea02732.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Fields Search <= 1.2.34 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.34  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-fields-search/"
     google-query: inurl:"/wp-content/plugins/wp-custom-fields-search/"
     shodan-query: 'vuln:CVE-2022-47157'
-  tags: cve,wordpress,wp-plugin,wp-custom-fields-search,medium
+  tags: cve,wordpress,wp-plugin,wp-custom-fields-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47158-58928e38edbab233a84020a472a44caa.yaml b/nuclei-templates/2022/CVE-2022-47158-58928e38edbab233a84020a472a44caa.yaml
index b0c3a8a2ca..b5ac34a6aa 100644
--- a/nuclei-templates/2022/CVE-2022-47158-58928e38edbab233a84020a472a44caa.yaml
+++ b/nuclei-templates/2022/CVE-2022-47158-58928e38edbab233a84020a472a44caa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     alfred24 Click & Collect <= 1.1.7 - Authenticated (Administrator+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The alfred24 Click & Collect plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alfred-click-collect/"
     google-query: inurl:"/wp-content/plugins/alfred-click-collect/"
     shodan-query: 'vuln:CVE-2022-47158'
-  tags: cve,wordpress,wp-plugin,alfred-click-collect,medium
+  tags: cve,wordpress,wp-plugin,alfred-click-collect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4716-3f71ab9bea10d44c97baaae5fd797060.yaml b/nuclei-templates/2022/CVE-2022-4716-3f71ab9bea10d44c97baaae5fd797060.yaml
index 95a18822d0..0f95e90113 100644
--- a/nuclei-templates/2022/CVE-2022-4716-3f71ab9bea10d44c97baaae5fd797060.yaml
+++ b/nuclei-templates/2022/CVE-2022-4716-3f71ab9bea10d44c97baaae5fd797060.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Popups <= 2.1.4.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including,  2.1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-popups-lite/"
     google-query: inurl:"/wp-content/plugins/wp-popups-lite/"
     shodan-query: 'vuln:CVE-2022-4716'
-  tags: cve,wordpress,wp-plugin,wp-popups-lite,medium
+  tags: cve,wordpress,wp-plugin,wp-popups-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47160-f8238c64411cb9dd2c01251b0ae0655a.yaml b/nuclei-templates/2022/CVE-2022-47160-f8238c64411cb9dd2c01251b0ae0655a.yaml
index cab4e731ce..b3a97fe324 100644
--- a/nuclei-templates/2022/CVE-2022-47160-f8238c64411cb9dd2c01251b0ae0655a.yaml
+++ b/nuclei-templates/2022/CVE-2022-47160-f8238c64411cb9dd2c01251b0ae0655a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp Social <= 1.9.0 - Authenticated (Subscriber+) Information Disclosure
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Wp Social plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.9.0. This is due to missing capability checks on the 'export_users_content_csv' function. This makes it possible for authenticated attackers with minimal permissions such as subscribers to export user content such as user logins and passwords of various social media providers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-social/"
     google-query: inurl:"/wp-content/plugins/wp-social/"
     shodan-query: 'vuln:CVE-2022-47160'
-  tags: cve,wordpress,wp-plugin,wp-social,high
+  tags: cve,wordpress,wp-plugin,wp-social,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47163-83d9cd71e386193f00255f0781416f64.yaml b/nuclei-templates/2022/CVE-2022-47163-83d9cd71e386193f00255f0781416f64.yaml
index 3841dc378a..310f0c99cb 100644
--- a/nuclei-templates/2022/CVE-2022-47163-83d9cd71e386193f00255f0781416f64.yaml
+++ b/nuclei-templates/2022/CVE-2022-47163-83d9cd71e386193f00255f0781416f64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP CSV to Database <= 2.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP CSV to Database plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-csv-to-database/"
     google-query: inurl:"/wp-content/plugins/wp-csv-to-database/"
     shodan-query: 'vuln:CVE-2022-47163'
-  tags: cve,wordpress,wp-plugin,wp-csv-to-database,high
+  tags: cve,wordpress,wp-plugin,wp-csv-to-database,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47167-d47618ad7b3ff873ed22aa3e5efab3e0.yaml b/nuclei-templates/2022/CVE-2022-47167-d47618ad7b3ff873ed22aa3e5efab3e0.yaml
index cc142302ff..3a06ed2800 100644
--- a/nuclei-templates/2022/CVE-2022-47167-d47618ad7b3ff873ed22aa3e5efab3e0.yaml
+++ b/nuclei-templates/2022/CVE-2022-47167-d47618ad7b3ff873ed22aa3e5efab3e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crayon Syntax Highlighter <= 2.8.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.4. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crayon-syntax-highlighter/"
     google-query: inurl:"/wp-content/plugins/crayon-syntax-highlighter/"
     shodan-query: 'vuln:CVE-2022-47167'
-  tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,high
+  tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4717-4e10d6d81d87afd9b8cf214ddcd496ad.yaml b/nuclei-templates/2022/CVE-2022-4717-4e10d6d81d87afd9b8cf214ddcd496ad.yaml
index c6cb7c246d..6f4210f5f3 100644
--- a/nuclei-templates/2022/CVE-2022-4717-4e10d6d81d87afd9b8cf214ddcd496ad.yaml
+++ b/nuclei-templates/2022/CVE-2022-4717-4e10d6d81d87afd9b8cf214ddcd496ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/strong-testimonials/"
     google-query: inurl:"/wp-content/plugins/strong-testimonials/"
     shodan-query: 'vuln:CVE-2022-4717'
-  tags: cve,wordpress,wp-plugin,strong-testimonials,medium
+  tags: cve,wordpress,wp-plugin,strong-testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47170-ba7ba7554cf607d5d507c2c2d4751a5b.yaml b/nuclei-templates/2022/CVE-2022-47170-ba7ba7554cf607d5d507c2c2d4751a5b.yaml
index ed62fc9ea5..a3c08451e1 100644
--- a/nuclei-templates/2022/CVE-2022-47170-ba7ba7554cf607d5d507c2c2d4751a5b.yaml
+++ b/nuclei-templates/2022/CVE-2022-47170-ba7ba7554cf607d5d507c2c2d4751a5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48  - Authenticated (Admin+) Cross Site Scripting (XSS)
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 1.5.48 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/"
     google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/"
     shodan-query: 'vuln:CVE-2022-47170'
-  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47171-80529a3b54852ed1b40d1078928149a9.yaml b/nuclei-templates/2022/CVE-2022-47171-80529a3b54852ed1b40d1078928149a9.yaml
index 80569b276f..237392612a 100644
--- a/nuclei-templates/2022/CVE-2022-47171-80529a3b54852ed1b40d1078928149a9.yaml
+++ b/nuclei-templates/2022/CVE-2022-47171-80529a3b54852ed1b40d1078928149a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IP Vault – WP Firewall <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The IP Vault – WP Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ip-vault-wp-firewall/"
     google-query: inurl:"/wp-content/plugins/ip-vault-wp-firewall/"
     shodan-query: 'vuln:CVE-2022-47171'
-  tags: cve,wordpress,wp-plugin,ip-vault-wp-firewall,medium
+  tags: cve,wordpress,wp-plugin,ip-vault-wp-firewall,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47173-78c3981cb87a9d312796397fd5fb8a1d.yaml b/nuclei-templates/2022/CVE-2022-47173-78c3981cb87a9d312796397fd5fb8a1d.yaml
index 1ea1d98e11..0794197c8c 100644
--- a/nuclei-templates/2022/CVE-2022-47173-78c3981cb87a9d312796397fd5fb8a1d.yaml
+++ b/nuclei-templates/2022/CVE-2022-47173-78c3981cb87a9d312796397fd5fb8a1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration <= 1.62.0 - Authenticated (Admin+) Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.62.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-form-integration/"
     google-query: inurl:"/wp-content/plugins/advanced-form-integration/"
     shodan-query: 'vuln:CVE-2022-47173'
-  tags: cve,wordpress,wp-plugin,advanced-form-integration,medium
+  tags: cve,wordpress,wp-plugin,advanced-form-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47176-69e238d5564cebaab229183900098117.yaml b/nuclei-templates/2022/CVE-2022-47176-69e238d5564cebaab229183900098117.yaml
index 30a98107b7..ea4ce5f54c 100644
--- a/nuclei-templates/2022/CVE-2022-47176-69e238d5564cebaab229183900098117.yaml
+++ b/nuclei-templates/2022/CVE-2022-47176-69e238d5564cebaab229183900098117.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Depicter Slider <= 1.9.0 - Missing Authorization on 'make' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Depicter Slider plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on multiple functions in versions up to, and including, 1.9.0. This makes it possible for authenticated attackers, with contributor-level access and above, to create, publish, and edit sliders
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/depicter/"
     google-query: inurl:"/wp-content/plugins/depicter/"
     shodan-query: 'vuln:CVE-2022-47176'
-  tags: cve,wordpress,wp-plugin,depicter,medium
+  tags: cve,wordpress,wp-plugin,depicter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47179-d0ac90c02958fd486fae19ccf9cfd8db.yaml b/nuclei-templates/2022/CVE-2022-47179-d0ac90c02958fd486fae19ccf9cfd8db.yaml
index 9bab0eec34..1d37bf3cca 100644
--- a/nuclei-templates/2022/CVE-2022-47179-d0ac90c02958fd486fae19ccf9cfd8db.yaml
+++ b/nuclei-templates/2022/CVE-2022-47179-d0ac90c02958fd486fae19ccf9cfd8db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OWM Weather <= 5.6.11 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The OWM Weather plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.6.11. This is due to missing or incorrect nonce validation on the owmw_duplicate_post_as_draft function. This makes it possible for unauthenticated attackers to duplicate posts, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/owm-weather/"
     google-query: inurl:"/wp-content/plugins/owm-weather/"
     shodan-query: 'vuln:CVE-2022-47179'
-  tags: cve,wordpress,wp-plugin,owm-weather,high
+  tags: cve,wordpress,wp-plugin,owm-weather,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4718-76176e7d0b3c59c6f85d0f00865be579.yaml b/nuclei-templates/2022/CVE-2022-4718-76176e7d0b3c59c6f85d0f00865be579.yaml
index 2fa0a5c73a..f1b84f4ebd 100644
--- a/nuclei-templates/2022/CVE-2022-4718-76176e7d0b3c59c6f85d0f00865be579.yaml
+++ b/nuclei-templates/2022/CVE-2022-4718-76176e7d0b3c59c6f85d0f00865be579.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Landing Page Builder <= 1.4.9.8.9  - Authenticated (Contributor+) Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Landing Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.9.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-builder-add/"
     google-query: inurl:"/wp-content/plugins/page-builder-add/"
     shodan-query: 'vuln:CVE-2022-4718'
-  tags: cve,wordpress,wp-plugin,page-builder-add,medium
+  tags: cve,wordpress,wp-plugin,page-builder-add,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47182-63a838c07fa7f4dbcc749cd4ec305acf.yaml b/nuclei-templates/2022/CVE-2022-47182-63a838c07fa7f4dbcc749cd4ec305acf.yaml
index c8b7fc2416..4b44d354b2 100644
--- a/nuclei-templates/2022/CVE-2022-47182-63a838c07fa7f4dbcc749cd4ec305acf.yaml
+++ b/nuclei-templates/2022/CVE-2022-47182-63a838c07fa7f4dbcc749cd4ec305acf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     APIExperts Square for WooCommerce <= 4.4.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The APIExperts Square for WooCommerce plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 4.4.1. This makes it possible for unauthenticated attackers to make use of this functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woosquare/"
     google-query: inurl:"/wp-content/plugins/woosquare/"
     shodan-query: 'vuln:CVE-2022-47182'
-  tags: cve,wordpress,wp-plugin,woosquare,medium
+  tags: cve,wordpress,wp-plugin,woosquare,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47183-b62755f81eca9dc431fe91f1c1c5e844.yaml b/nuclei-templates/2022/CVE-2022-47183-b62755f81eca9dc431fe91f1c1c5e844.yaml
index 44862d9f74..2ae10e208b 100644
--- a/nuclei-templates/2022/CVE-2022-47183-b62755f81eca9dc431fe91f1c1c5e844.yaml
+++ b/nuclei-templates/2022/CVE-2022-47183-b62755f81eca9dc431fe91f1c1c5e844.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Extra Block Design, Style, CSS for ANY Gutenberg Blocks <= 0.2.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2.6. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stylist/"
     google-query: inurl:"/wp-content/plugins/stylist/"
     shodan-query: 'vuln:CVE-2022-47183'
-  tags: cve,wordpress,wp-plugin,stylist,high
+  tags: cve,wordpress,wp-plugin,stylist,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47420-32de7cdd0bd82a27d1f9a9185ff54e70.yaml b/nuclei-templates/2022/CVE-2022-47420-32de7cdd0bd82a27d1f9a9185ff54e70.yaml
index 193ad4dcc1..deefa66d0b 100644
--- a/nuclei-templates/2022/CVE-2022-47420-32de7cdd0bd82a27d1f9a9185ff54e70.yaml
+++ b/nuclei-templates/2022/CVE-2022-47420-32de7cdd0bd82a27d1f9a9185ff54e70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Accessibility Suite by Online ADA plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers , with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/online-accessibility/"
     google-query: inurl:"/wp-content/plugins/online-accessibility/"
     shodan-query: 'vuln:CVE-2022-47420'
-  tags: cve,wordpress,wp-plugin,online-accessibility,high
+  tags: cve,wordpress,wp-plugin,online-accessibility,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47421-41830c974de1f3419028654a94a429d1.yaml b/nuclei-templates/2022/CVE-2022-47421-41830c974de1f3419028654a94a429d1.yaml
index 590e50e569..fe9ab96506 100644
--- a/nuclei-templates/2022/CVE-2022-47421-41830c974de1f3419028654a94a429d1.yaml
+++ b/nuclei-templates/2022/CVE-2022-47421-41830c974de1f3419028654a94a429d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARMember <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ARMember plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/armember-membership/"
     google-query: inurl:"/wp-content/plugins/armember-membership/"
     shodan-query: 'vuln:CVE-2022-47421'
-  tags: cve,wordpress,wp-plugin,armember-membership,medium
+  tags: cve,wordpress,wp-plugin,armember-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47423-21fdda375898746027e6f9dda342b8cd.yaml b/nuclei-templates/2022/CVE-2022-47423-21fdda375898746027e6f9dda342b8cd.yaml
index 3c18c4b41a..238b64c7eb 100644
--- a/nuclei-templates/2022/CVE-2022-47423-21fdda375898746027e6f9dda342b8cd.yaml
+++ b/nuclei-templates/2022/CVE-2022-47423-21fdda375898746027e6f9dda342b8cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-dTree <= 4.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-dTree plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dtree-30/"
     google-query: inurl:"/wp-content/plugins/wp-dtree-30/"
     shodan-query: 'vuln:CVE-2022-47423'
-  tags: cve,wordpress,wp-plugin,wp-dtree-30,medium
+  tags: cve,wordpress,wp-plugin,wp-dtree-30,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47425-e36fdcdf09b5a64eac64f879dc48947d.yaml b/nuclei-templates/2022/CVE-2022-47425-e36fdcdf09b5a64eac64f879dc48947d.yaml
index 7554ae1678..db7f9d64e5 100644
--- a/nuclei-templates/2022/CVE-2022-47425-e36fdcdf09b5a64eac64f879dc48947d.yaml
+++ b/nuclei-templates/2022/CVE-2022-47425-e36fdcdf09b5a64eac64f879dc48947d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARMember <= 3.4.10 - Missing Access Control leading to Authenticated (Subscriber+) Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ARMember plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ARMember dashboard in versions up to, and including, 3.4.10. This makes it possible for subscriber-level attackers to potentially access the ARMember dashboard information and disclose basic membership information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/armember-membership/"
     google-query: inurl:"/wp-content/plugins/armember-membership/"
     shodan-query: 'vuln:CVE-2022-47425'
-  tags: cve,wordpress,wp-plugin,armember-membership,medium
+  tags: cve,wordpress,wp-plugin,armember-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47426-17731af892dc35dbe7d98abcc5958a1a.yaml b/nuclei-templates/2022/CVE-2022-47426-17731af892dc35dbe7d98abcc5958a1a.yaml
index a8ec442ba2..9b274d793e 100644
--- a/nuclei-templates/2022/CVE-2022-47426-17731af892dc35dbe7d98abcc5958a1a.yaml
+++ b/nuclei-templates/2022/CVE-2022-47426-17731af892dc35dbe7d98abcc5958a1a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Neshan Maps <= 1.1.4 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Neshan Maps plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers , with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/neshan-maps/"
     google-query: inurl:"/wp-content/plugins/neshan-maps/"
     shodan-query: 'vuln:CVE-2022-47426'
-  tags: cve,wordpress,wp-plugin,neshan-maps,high
+  tags: cve,wordpress,wp-plugin,neshan-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47427-aa680f4ce8dad5699d078d5a407ddd10.yaml b/nuclei-templates/2022/CVE-2022-47427-aa680f4ce8dad5699d078d5a407ddd10.yaml
index 37dc35a53c..ecfbd95a78 100644
--- a/nuclei-templates/2022/CVE-2022-47427-aa680f4ce8dad5699d078d5a407ddd10.yaml
+++ b/nuclei-templates/2022/CVE-2022-47427-aa680f4ce8dad5699d078d5a407ddd10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Calendar <= 3.3.24.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The My Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.24.1. This is due to missing or incorrect nonce validation on several functions handling the deletion of events and locations. This makes it possible for unauthenticated attackers to remove events or locations, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-calendar/"
     google-query: inurl:"/wp-content/plugins/my-calendar/"
     shodan-query: 'vuln:CVE-2022-47427'
-  tags: cve,wordpress,wp-plugin,my-calendar,high
+  tags: cve,wordpress,wp-plugin,my-calendar,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47428-e44a87677c68a494baa8ed72b523a10f.yaml b/nuclei-templates/2022/CVE-2022-47428-e44a87677c68a494baa8ed72b523a10f.yaml
index 7870937fd2..5653465685 100644
--- a/nuclei-templates/2022/CVE-2022-47428-e44a87677c68a494baa8ed72b523a10f.yaml
+++ b/nuclei-templates/2022/CVE-2022-47428-e44a87677c68a494baa8ed72b523a10f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking calendar, Appointment Booking System <= 3.2.6 - Authenticated (Administrator+) SQL Injection via *_selected
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to generic SQL Injection via the multiple *_selected functions in versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-calendar/"
     google-query: inurl:"/wp-content/plugins/booking-calendar/"
     shodan-query: 'vuln:CVE-2022-47428'
-  tags: cve,wordpress,wp-plugin,booking-calendar,high
+  tags: cve,wordpress,wp-plugin,booking-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47430-be2315835d7b2267c9fa00b942855a61.yaml b/nuclei-templates/2022/CVE-2022-47430-be2315835d7b2267c9fa00b942855a61.yaml
index b0fed171bf..40df15930c 100644
--- a/nuclei-templates/2022/CVE-2022-47430-be2315835d7b2267c9fa00b942855a61.yaml
+++ b/nuclei-templates/2022/CVE-2022-47430-be2315835d7b2267c9fa00b942855a61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The School Management – Education & Learning Management <= 4.1 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The The School Management – Education & Learning Management plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers , with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/school-management-system/"
     google-query: inurl:"/wp-content/plugins/school-management-system/"
     shodan-query: 'vuln:CVE-2022-47430'
-  tags: cve,wordpress,wp-plugin,school-management-system,high
+  tags: cve,wordpress,wp-plugin,school-management-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47432-568ee8060d1c0b8a7ff761ffdaf606b0.yaml b/nuclei-templates/2022/CVE-2022-47432-568ee8060d1c0b8a7ff761ffdaf606b0.yaml
index 77a3e1b513..6a5b85007c 100644
--- a/nuclei-templates/2022/CVE-2022-47432-568ee8060d1c0b8a7ff761ffdaf606b0.yaml
+++ b/nuclei-templates/2022/CVE-2022-47432-568ee8060d1c0b8a7ff761ffdaf606b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcode IMDB <= 6.0.8 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Shortcode IMDB plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 6.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers , with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-imdb/"
     google-query: inurl:"/wp-content/plugins/shortcode-imdb/"
     shodan-query: 'vuln:CVE-2022-47432'
-  tags: cve,wordpress,wp-plugin,shortcode-imdb,high
+  tags: cve,wordpress,wp-plugin,shortcode-imdb,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47434-9d9c7f9cf0e3be8bd05b705703e8905b.yaml b/nuclei-templates/2022/CVE-2022-47434-9d9c7f9cf0e3be8bd05b705703e8905b.yaml
index bc0c293e24..0bc42c6b37 100644
--- a/nuclei-templates/2022/CVE-2022-47434-9d9c7f9cf0e3be8bd05b705703e8905b.yaml
+++ b/nuclei-templates/2022/CVE-2022-47434-9d9c7f9cf0e3be8bd05b705703e8905b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PB SEO Friendly Images <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PB SEO Friendly Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pb-seo-friendly-images/"
     google-query: inurl:"/wp-content/plugins/pb-seo-friendly-images/"
     shodan-query: 'vuln:CVE-2022-47434'
-  tags: cve,wordpress,wp-plugin,pb-seo-friendly-images,medium
+  tags: cve,wordpress,wp-plugin,pb-seo-friendly-images,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47435-57987a7ef285cce42daf7bbeebe78cfc.yaml b/nuclei-templates/2022/CVE-2022-47435-57987a7ef285cce42daf7bbeebe78cfc.yaml
index 10e94c4a09..c56524cc28 100644
--- a/nuclei-templates/2022/CVE-2022-47435-57987a7ef285cce42daf7bbeebe78cfc.yaml
+++ b/nuclei-templates/2022/CVE-2022-47435-57987a7ef285cce42daf7bbeebe78cfc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-OliveCart <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-OliveCart plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-olivecart/"
     google-query: inurl:"/wp-content/plugins/wp-olivecart/"
     shodan-query: 'vuln:CVE-2022-47435'
-  tags: cve,wordpress,wp-plugin,wp-olivecart,medium
+  tags: cve,wordpress,wp-plugin,wp-olivecart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47436-3cae7fcdb0832a80c22b613ce2425d20.yaml b/nuclei-templates/2022/CVE-2022-47436-3cae7fcdb0832a80c22b613ce2425d20.yaml
index 22bdef4cce..c5c1827b19 100644
--- a/nuclei-templates/2022/CVE-2022-47436-3cae7fcdb0832a80c22b613ce2425d20.yaml
+++ b/nuclei-templates/2022/CVE-2022-47436-3cae7fcdb0832a80c22b613ce2425d20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yatra <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yatra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'activity_image_id' and 'destination_image_id' parameters in versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yatra/"
     google-query: inurl:"/wp-content/plugins/yatra/"
     shodan-query: 'vuln:CVE-2022-47436'
-  tags: cve,wordpress,wp-plugin,yatra,medium
+  tags: cve,wordpress,wp-plugin,yatra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47437-02b515a3d90192b157fb5edc5ea88a55.yaml b/nuclei-templates/2022/CVE-2022-47437-02b515a3d90192b157fb5edc5ea88a55.yaml
index 762903f904..812555a3f7 100644
--- a/nuclei-templates/2022/CVE-2022-47437-02b515a3d90192b157fb5edc5ea88a55.yaml
+++ b/nuclei-templates/2022/CVE-2022-47437-02b515a3d90192b157fb5edc5ea88a55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WSB Brands <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via $logo
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WSB Brands plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $logo variable in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wsb-brands/"
     google-query: inurl:"/wp-content/plugins/wsb-brands/"
     shodan-query: 'vuln:CVE-2022-47437'
-  tags: cve,wordpress,wp-plugin,wsb-brands,medium
+  tags: cve,wordpress,wp-plugin,wsb-brands,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47438-d11c386e86541e81dcae4e94a2860a10.yaml b/nuclei-templates/2022/CVE-2022-47438-d11c386e86541e81dcae4e94a2860a10.yaml
index 5513d6967e..82010086bb 100644
--- a/nuclei-templates/2022/CVE-2022-47438-d11c386e86541e81dcae4e94a2860a10.yaml
+++ b/nuclei-templates/2022/CVE-2022-47438-d11c386e86541e81dcae4e94a2860a10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking calendar, Appointment Booking System <= 3.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booking calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-calendar/"
     google-query: inurl:"/wp-content/plugins/booking-calendar/"
     shodan-query: 'vuln:CVE-2022-47438'
-  tags: cve,wordpress,wp-plugin,booking-calendar,medium
+  tags: cve,wordpress,wp-plugin,booking-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47442-8d1c622642cdaf2469921f84335dfe12.yaml b/nuclei-templates/2022/CVE-2022-47442-8d1c622642cdaf2469921f84335dfe12.yaml
index a236dc13ec..24e6b1a095 100644
--- a/nuclei-templates/2022/CVE-2022-47442-8d1c622642cdaf2469921f84335dfe12.yaml
+++ b/nuclei-templates/2022/CVE-2022-47442-8d1c622642cdaf2469921f84335dfe12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UsersWP <= 1.2.3.9 - Authenticated (Administrator+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The UsersWP plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.2.3.9 via the process_users_export function. This allows administrator-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userswp/"
     google-query: inurl:"/wp-content/plugins/userswp/"
     shodan-query: 'vuln:CVE-2022-47442'
-  tags: cve,wordpress,wp-plugin,userswp,medium
+  tags: cve,wordpress,wp-plugin,userswp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47445-7d6d3ed82fbce25bd8d4d72adc5dbb85.yaml b/nuclei-templates/2022/CVE-2022-47445-7d6d3ed82fbce25bd8d4d72adc5dbb85.yaml
index 6c902031a0..33a922d74b 100644
--- a/nuclei-templates/2022/CVE-2022-47445-7d6d3ed82fbce25bd8d4d72adc5dbb85.yaml
+++ b/nuclei-templates/2022/CVE-2022-47445-7d6d3ed82fbce25bd8d4d72adc5dbb85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Be POPIA Compliant <= 1.2.0 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Be POPIA Compliant plugin for WordPress is vulnerable to SQL Injection via the 'check_id' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on an existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/be-popia-compliant/"
     google-query: inurl:"/wp-content/plugins/be-popia-compliant/"
     shodan-query: 'vuln:CVE-2022-47445'
-  tags: cve,wordpress,wp-plugin,be-popia-compliant,critical
+  tags: cve,wordpress,wp-plugin,be-popia-compliant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4745-64194ddc20aa7461447b4d03da264c07.yaml b/nuclei-templates/2022/CVE-2022-4745-64194ddc20aa7461447b4d03da264c07.yaml
index 1fff685dbc..f2a84bcb5c 100644
--- a/nuclei-templates/2022/CVE-2022-4745-64194ddc20aa7461447b4d03da264c07.yaml
+++ b/nuclei-templates/2022/CVE-2022-4745-64194ddc20aa7461447b4d03da264c07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Customer Area <= 8.1.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Customer Area plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.1.3. This is due to missing or incorrect nonce validation on several functions related to file and folder management. This makes it possible for unauthenticated attackers to invoke those functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-area/"
     google-query: inurl:"/wp-content/plugins/customer-area/"
     shodan-query: 'vuln:CVE-2022-4745'
-  tags: cve,wordpress,wp-plugin,customer-area,high
+  tags: cve,wordpress,wp-plugin,customer-area,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4747-048a39e7d237e8f103e054f25cf72eb4.yaml b/nuclei-templates/2022/CVE-2022-4747-048a39e7d237e8f103e054f25cf72eb4.yaml
index c01f1607fe..656654a5fc 100644
--- a/nuclei-templates/2022/CVE-2022-4747-048a39e7d237e8f103e054f25cf72eb4.yaml
+++ b/nuclei-templates/2022/CVE-2022-4747-048a39e7d237e8f103e054f25cf72eb4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Category Image With Grid and Slider <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Category Image With Grid and Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes like 'design'. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-category-image-with-grid-and-slider/"
     google-query: inurl:"/wp-content/plugins/post-category-image-with-grid-and-slider/"
     shodan-query: 'vuln:CVE-2022-4747'
-  tags: cve,wordpress,wp-plugin,post-category-image-with-grid-and-slider,medium
+  tags: cve,wordpress,wp-plugin,post-category-image-with-grid-and-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4749-bb6c1374b9c3f1f7e4fbd5d4ecd1156f.yaml b/nuclei-templates/2022/CVE-2022-4749-bb6c1374b9c3f1f7e4fbd5d4ecd1156f.yaml
index 8ca7d3b612..36c7537c3c 100644
--- a/nuclei-templates/2022/CVE-2022-4749-bb6c1374b9c3f1f7e4fbd5d4ecd1156f.yaml
+++ b/nuclei-templates/2022/CVE-2022-4749-bb6c1374b9c3f1f7e4fbd5d4ecd1156f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Posts List Designer by Category <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scriptiong via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Posts List Designer by Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-list-designer/"
     google-query: inurl:"/wp-content/plugins/post-list-designer/"
     shodan-query: 'vuln:CVE-2022-4749'
-  tags: cve,wordpress,wp-plugin,post-list-designer,medium
+  tags: cve,wordpress,wp-plugin,post-list-designer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4750-6ee9ba365ca511bfc329f7df63da810e.yaml b/nuclei-templates/2022/CVE-2022-4750-6ee9ba365ca511bfc329f7df63da810e.yaml
index 4cfee62364..2558c4bbb8 100644
--- a/nuclei-templates/2022/CVE-2022-4750-6ee9ba365ca511bfc329f7df63da810e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4750-6ee9ba365ca511bfc329f7df63da810e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Responsive Testimonials Slider And Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Responsive Testimonials Slider And Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-responsive-testimonials-slider-and-widget/"
     google-query: inurl:"/wp-content/plugins/wp-responsive-testimonials-slider-and-widget/"
     shodan-query: 'vuln:CVE-2022-4750'
-  tags: cve,wordpress,wp-plugin,wp-responsive-testimonials-slider-and-widget,medium
+  tags: cve,wordpress,wp-plugin,wp-responsive-testimonials-slider-and-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4751-367b7f8831e5629ea2336d98cf86a14a.yaml b/nuclei-templates/2022/CVE-2022-4751-367b7f8831e5629ea2336d98cf86a14a.yaml
index fa5d0a4572..eae40c3fa7 100644
--- a/nuclei-templates/2022/CVE-2022-4751-367b7f8831e5629ea2336d98cf86a14a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4751-367b7f8831e5629ea2336d98cf86a14a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Word Balloon <= 4.19.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Word Balloon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 4.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/word-balloon/"
     google-query: inurl:"/wp-content/plugins/word-balloon/"
     shodan-query: 'vuln:CVE-2022-4751'
-  tags: cve,wordpress,wp-plugin,word-balloon,medium
+  tags: cve,wordpress,wp-plugin,word-balloon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4752-59655d2ccadb8aa0cfd1aeca8138f97d.yaml b/nuclei-templates/2022/CVE-2022-4752-59655d2ccadb8aa0cfd1aeca8138f97d.yaml
index 2142e90a11..f53bcc9465 100644
--- a/nuclei-templates/2022/CVE-2022-4752-59655d2ccadb8aa0cfd1aeca8138f97d.yaml
+++ b/nuclei-templates/2022/CVE-2022-4752-59655d2ccadb8aa0cfd1aeca8138f97d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Opening Hours <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-opening-hours/"
     google-query: inurl:"/wp-content/plugins/wp-opening-hours/"
     shodan-query: 'vuln:CVE-2022-4752'
-  tags: cve,wordpress,wp-plugin,wp-opening-hours,medium
+  tags: cve,wordpress,wp-plugin,wp-opening-hours,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4753-6cf87515d30763cb39f9dddd78a854d6.yaml b/nuclei-templates/2022/CVE-2022-4753-6cf87515d30763cb39f9dddd78a854d6.yaml
index d0f4fe76b6..caeec2097d 100644
--- a/nuclei-templates/2022/CVE-2022-4753-6cf87515d30763cb39f9dddd78a854d6.yaml
+++ b/nuclei-templates/2022/CVE-2022-4753-6cf87515d30763cb39f9dddd78a854d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Print-O-Matic <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-o-matic/"
     google-query: inurl:"/wp-content/plugins/print-o-matic/"
     shodan-query: 'vuln:CVE-2022-4753'
-  tags: cve,wordpress,wp-plugin,print-o-matic,medium
+  tags: cve,wordpress,wp-plugin,print-o-matic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4754-97fb5b5839a832ac7ff02fb0d708c5d7.yaml b/nuclei-templates/2022/CVE-2022-4754-97fb5b5839a832ac7ff02fb0d708c5d7.yaml
index d3b6157711..df9ac47f69 100644
--- a/nuclei-templates/2022/CVE-2022-4754-97fb5b5839a832ac7ff02fb0d708c5d7.yaml
+++ b/nuclei-templates/2022/CVE-2022-4754-97fb5b5839a832ac7ff02fb0d708c5d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Box / Page Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The "Easy Social Box / Page Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-facebook-like-box/"
     google-query: inurl:"/wp-content/plugins/easy-facebook-like-box/"
     shodan-query: 'vuln:CVE-2022-4754'
-  tags: cve,wordpress,wp-plugin,easy-facebook-like-box,medium
+  tags: cve,wordpress,wp-plugin,easy-facebook-like-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4756-8e4fe58479cedd644fbbd3b418e0b682.yaml b/nuclei-templates/2022/CVE-2022-4756-8e4fe58479cedd644fbbd3b418e0b682.yaml
index 8561760b0d..ef8e617632 100644
--- a/nuclei-templates/2022/CVE-2022-4756-8e4fe58479cedd644fbbd3b418e0b682.yaml
+++ b/nuclei-templates/2022/CVE-2022-4756-8e4fe58479cedd644fbbd3b418e0b682.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YouTube Channel < 3.0.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-channel/"
     google-query: inurl:"/wp-content/plugins/youtube-channel/"
     shodan-query: 'vuln:CVE-2022-4756'
-  tags: cve,wordpress,wp-plugin,youtube-channel,medium
+  tags: cve,wordpress,wp-plugin,youtube-channel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4757-b3a8e8167569aa6cba2a5950875c8b0e.yaml b/nuclei-templates/2022/CVE-2022-4757-b3a8e8167569aa6cba2a5950875c8b0e.yaml
index 4c5b618c7b..c501f40cbb 100644
--- a/nuclei-templates/2022/CVE-2022-4757-b3a8e8167569aa6cba2a5950875c8b0e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4757-b3a8e8167569aa6cba2a5950875c8b0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     List Pages Shortcode <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The List Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'class'. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/list-pages-shortcode/"
     google-query: inurl:"/wp-content/plugins/list-pages-shortcode/"
     shodan-query: 'vuln:CVE-2022-4757'
-  tags: cve,wordpress,wp-plugin,list-pages-shortcode,medium
+  tags: cve,wordpress,wp-plugin,list-pages-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4758-7e3117bf0f4e61f1c6678c5ed0029bc5.yaml b/nuclei-templates/2022/CVE-2022-4758-7e3117bf0f4e61f1c6678c5ed0029bc5.yaml
index 0f414bec65..d8e4544440 100644
--- a/nuclei-templates/2022/CVE-2022-4758-7e3117bf0f4e61f1c6678c5ed0029bc5.yaml
+++ b/nuclei-templates/2022/CVE-2022-4758-7e3117bf0f4e61f1c6678c5ed0029bc5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10WebMapBuilder <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wd-google-maps/"
     google-query: inurl:"/wp-content/plugins/wd-google-maps/"
     shodan-query: 'vuln:CVE-2022-4758'
-  tags: cve,wordpress,wp-plugin,wd-google-maps,medium
+  tags: cve,wordpress,wp-plugin,wd-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47587-48d179450e001d6e5bb006bf4ba5d2a6.yaml b/nuclei-templates/2022/CVE-2022-47587-48d179450e001d6e5bb006bf4ba5d2a6.yaml
index 09af0799b1..b46401db26 100644
--- a/nuclei-templates/2022/CVE-2022-47587-48d179450e001d6e5bb006bf4ba5d2a6.yaml
+++ b/nuclei-templates/2022/CVE-2022-47587-48d179450e001d6e5bb006bf4ba5d2a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Search Analytics <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Search Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/search-analytics/"
     google-query: inurl:"/wp-content/plugins/search-analytics/"
     shodan-query: 'vuln:CVE-2022-47587'
-  tags: cve,wordpress,wp-plugin,search-analytics,medium
+  tags: cve,wordpress,wp-plugin,search-analytics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47588-8c2e6071ee4d4b147b6cf4ef074e12d8.yaml b/nuclei-templates/2022/CVE-2022-47588-8c2e6071ee4d4b147b6cf4ef074e12d8.yaml
index 0e30b66445..63aa55e10c 100644
--- a/nuclei-templates/2022/CVE-2022-47588-8c2e6071ee4d4b147b6cf4ef074e12d8.yaml
+++ b/nuclei-templates/2022/CVE-2022-47588-8c2e6071ee4d4b147b6cf4ef074e12d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Simple Photo Gallery plugin for WordPress is vulnerable to generic SQL Injection via the ‘item’ parameter in versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-photo-gallery/"
     google-query: inurl:"/wp-content/plugins/simple-photo-gallery/"
     shodan-query: 'vuln:CVE-2022-47588'
-  tags: cve,wordpress,wp-plugin,simple-photo-gallery,critical
+  tags: cve,wordpress,wp-plugin,simple-photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47589-7f12ff16273eb990bb45ef4156cd86e1.yaml b/nuclei-templates/2022/CVE-2022-47589-7f12ff16273eb990bb45ef4156cd86e1.yaml
index ea80b48091..9d1b0a267a 100644
--- a/nuclei-templates/2022/CVE-2022-47589-7f12ff16273eb990bb45ef4156cd86e1.yaml
+++ b/nuclei-templates/2022/CVE-2022-47589-7f12ff16273eb990bb45ef4156cd86e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CTT Expresso para WooCommerce <= 3.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several fields in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ctt-expresso-para-woocommerce/"
     google-query: inurl:"/wp-content/plugins/ctt-expresso-para-woocommerce/"
     shodan-query: 'vuln:CVE-2022-47589'
-  tags: cve,wordpress,wp-plugin,ctt-expresso-para-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,ctt-expresso-para-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4759-f31fcdd6accb0c61ba4b73c6a548d97d.yaml b/nuclei-templates/2022/CVE-2022-4759-f31fcdd6accb0c61ba4b73c6a548d97d.yaml
index 2070addd50..3f8ea1eb3e 100644
--- a/nuclei-templates/2022/CVE-2022-4759-f31fcdd6accb0c61ba4b73c6a548d97d.yaml
+++ b/nuclei-templates/2022/CVE-2022-4759-f31fcdd6accb0c61ba4b73c6a548d97d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GigPress <= 2.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GigPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.3.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gigpress/"
     google-query: inurl:"/wp-content/plugins/gigpress/"
     shodan-query: 'vuln:CVE-2022-4759'
-  tags: cve,wordpress,wp-plugin,gigpress,medium
+  tags: cve,wordpress,wp-plugin,gigpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47593-fdaa7c7a6a16dd831123dd45077162f8.yaml b/nuclei-templates/2022/CVE-2022-47593-fdaa7c7a6a16dd831123dd45077162f8.yaml
index 00cd85e3c4..0de04d40fd 100644
--- a/nuclei-templates/2022/CVE-2022-47593-fdaa7c7a6a16dd831123dd45077162f8.yaml
+++ b/nuclei-templates/2022/CVE-2022-47593-fdaa7c7a6a16dd831123dd45077162f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RapidLoad Power-Up for Autoptimize <= 1.6.35 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to SQL Injection via the rule_id parameter in versions up to, and including, 1.6.35 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unusedcss/"
     google-query: inurl:"/wp-content/plugins/unusedcss/"
     shodan-query: 'vuln:CVE-2022-47593'
-  tags: cve,wordpress,wp-plugin,unusedcss,high
+  tags: cve,wordpress,wp-plugin,unusedcss,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47595-8c03b52626997e166cccabfb7426db2b.yaml b/nuclei-templates/2022/CVE-2022-47595-8c03b52626997e166cccabfb7426db2b.yaml
index 2604c56250..ff16f31fed 100644
--- a/nuclei-templates/2022/CVE-2022-47595-8c03b52626997e166cccabfb7426db2b.yaml
+++ b/nuclei-templates/2022/CVE-2022-47595-8c03b52626997e166cccabfb7426db2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Go Maps plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 9.0.15 via the 'wpgmza_xml_location' option accessed in 'getXMLCacheDirPath'. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-maps/"
     google-query: inurl:"/wp-content/plugins/wp-google-maps/"
     shodan-query: 'vuln:CVE-2022-47595'
-  tags: cve,wordpress,wp-plugin,wp-google-maps,medium
+  tags: cve,wordpress,wp-plugin,wp-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47596-5a62a90392d8e5e62d1e1ad4b9531478.yaml b/nuclei-templates/2022/CVE-2022-47596-5a62a90392d8e5e62d1e1ad4b9531478.yaml
index 66686d7b7b..89ae75185a 100644
--- a/nuclei-templates/2022/CVE-2022-47596-5a62a90392d8e5e62d1e1ad4b9531478.yaml
+++ b/nuclei-templates/2022/CVE-2022-47596-5a62a90392d8e5e62d1e1ad4b9531478.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Categories <= 1.9.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media Library Categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmediacategory_taxonomy’ plugin option in versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-media-library-categories/"
     google-query: inurl:"/wp-content/plugins/wp-media-library-categories/"
     shodan-query: 'vuln:CVE-2022-47596'
-  tags: cve,wordpress,wp-plugin,wp-media-library-categories,medium
+  tags: cve,wordpress,wp-plugin,wp-media-library-categories,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47598-39af241a774d2dcd3cc32b6204b6cb7b.yaml b/nuclei-templates/2022/CVE-2022-47598-39af241a774d2dcd3cc32b6204b6cb7b.yaml
index 4f0cd9035d..09491ac1d0 100644
--- a/nuclei-templates/2022/CVE-2022-47598-39af241a774d2dcd3cc32b6204b6cb7b.yaml
+++ b/nuclei-templates/2022/CVE-2022-47598-39af241a774d2dcd3cc32b6204b6cb7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Super Popup <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Super Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-super-popup/"
     google-query: inurl:"/wp-content/plugins/wp-super-popup/"
     shodan-query: 'vuln:CVE-2022-47598'
-  tags: cve,wordpress,wp-plugin,wp-super-popup,medium
+  tags: cve,wordpress,wp-plugin,wp-super-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47599-48a8d2f0d5a63315df776c831690e09c.yaml b/nuclei-templates/2022/CVE-2022-47599-48a8d2f0d5a63315df776c831690e09c.yaml
index 577b1281b4..9e8c2facb3 100644
--- a/nuclei-templates/2022/CVE-2022-47599-48a8d2f0d5a63315df776c831690e09c.yaml
+++ b/nuclei-templates/2022/CVE-2022-47599-48a8d2f0d5a63315df776c831690e09c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bit File Manager <= 5.2.7 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Bit File Manager plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 5.2.7 via deserialization of untrusted input from the 'language' setting parameter. This allows authenticated attackers, with administrative privileges and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/file-manager/"
     google-query: inurl:"/wp-content/plugins/file-manager/"
     shodan-query: 'vuln:CVE-2022-47599'
-  tags: cve,wordpress,wp-plugin,file-manager,high
+  tags: cve,wordpress,wp-plugin,file-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4760-5e1a23f981a78be569054daae1a85203.yaml b/nuclei-templates/2022/CVE-2022-4760-5e1a23f981a78be569054daae1a85203.yaml
index e13578c7e7..d32a03df6d 100644
--- a/nuclei-templates/2022/CVE-2022-4760-5e1a23f981a78be569054daae1a85203.yaml
+++ b/nuclei-templates/2022/CVE-2022-4760-5e1a23f981a78be569054daae1a85203.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OneClick Chat to Order <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OneClick Chat to Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oneclick-whatsapp-order/"
     google-query: inurl:"/wp-content/plugins/oneclick-whatsapp-order/"
     shodan-query: 'vuln:CVE-2022-4760'
-  tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,medium
+  tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47602-63379065ec53581cef23820054e2a064.yaml b/nuclei-templates/2022/CVE-2022-47602-63379065ec53581cef23820054e2a064.yaml
index 57d4726915..b2d77b107f 100644
--- a/nuclei-templates/2022/CVE-2022-47602-63379065ec53581cef23820054e2a064.yaml
+++ b/nuclei-templates/2022/CVE-2022-47602-63379065ec53581cef23820054e2a064.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Table Manager <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Table Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on table cell values. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-table-manager/"
     google-query: inurl:"/wp-content/plugins/wp-table-manager/"
     shodan-query: 'vuln:CVE-2022-47602'
-  tags: cve,wordpress,wp-plugin,wp-table-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-table-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47604-4fe952dc4f33b2225826338b2a3f9203.yaml b/nuclei-templates/2022/CVE-2022-47604-4fe952dc4f33b2225826338b2a3f9203.yaml
index fa06d9957f..5330f40802 100644
--- a/nuclei-templates/2022/CVE-2022-47604-4fe952dc4f33b2225826338b2a3f9203.yaml
+++ b/nuclei-templates/2022/CVE-2022-47604-4fe952dc4f33b2225826338b2a3f9203.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AJAX Thumbnail Rebuild <= 1.13 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AJAX Thumbnail Rebuild plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_thumbnail_rebuild_ajax function in versions up to, and including, 1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to rebuild thumbnails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-thumbnail-rebuild/"
     google-query: inurl:"/wp-content/plugins/ajax-thumbnail-rebuild/"
     shodan-query: 'vuln:CVE-2022-47604'
-  tags: cve,wordpress,wp-plugin,ajax-thumbnail-rebuild,medium
+  tags: cve,wordpress,wp-plugin,ajax-thumbnail-rebuild,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47605-c4be63bba4a89fa3e83779737577feda.yaml b/nuclei-templates/2022/CVE-2022-47605-c4be63bba4a89fa3e83779737577feda.yaml
index eb0bcce16e..275ebcbb38 100644
--- a/nuclei-templates/2022/CVE-2022-47605-c4be63bba4a89fa3e83779737577feda.yaml
+++ b/nuclei-templates/2022/CVE-2022-47605-c4be63bba4a89fa3e83779737577feda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom 404 Pro <= 3.7.0 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Custom 404 Pro plugin for WordPress is vulnerable to blind SQL Injection via the ‘path’ parameter in versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator access or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-404-pro/"
     google-query: inurl:"/wp-content/plugins/custom-404-pro/"
     shodan-query: 'vuln:CVE-2022-47605'
-  tags: cve,wordpress,wp-plugin,custom-404-pro,high
+  tags: cve,wordpress,wp-plugin,custom-404-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47606-e46a5a03ceb7f18070858cdd9f1f8b5c.yaml b/nuclei-templates/2022/CVE-2022-47606-e46a5a03ceb7f18070858cdd9f1f8b5c.yaml
index 479a1fb269..d52d9e1267 100644
--- a/nuclei-templates/2022/CVE-2022-47606-e46a5a03ceb7f18070858cdd9f1f8b5c.yaml
+++ b/nuclei-templates/2022/CVE-2022-47606-e46a5a03ceb7f18070858cdd9f1f8b5c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-CORS <= 0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-CORS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Allowed domains’ admin setting in versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cors/"
     google-query: inurl:"/wp-content/plugins/wp-cors/"
     shodan-query: 'vuln:CVE-2022-47606'
-  tags: cve,wordpress,wp-plugin,wp-cors,medium
+  tags: cve,wordpress,wp-plugin,wp-cors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47607-650d3965dc4c579880213651d87a4777.yaml b/nuclei-templates/2022/CVE-2022-47607-650d3965dc4c579880213651d87a4777.yaml
index 5b1e3896bf..80da97955b 100644
--- a/nuclei-templates/2022/CVE-2022-47607-650d3965dc4c579880213651d87a4777.yaml
+++ b/nuclei-templates/2022/CVE-2022-47607-650d3965dc4c579880213651d87a4777.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Usersnap plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.16 due to insufficient input sanitization and output escaping on the API key value. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usersnap/"
     google-query: inurl:"/wp-content/plugins/usersnap/"
     shodan-query: 'vuln:CVE-2022-47607'
-  tags: cve,wordpress,wp-plugin,usersnap,medium
+  tags: cve,wordpress,wp-plugin,usersnap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47608-f442fd7af4f1450884ccd37204471581.yaml b/nuclei-templates/2022/CVE-2022-47608-f442fd7af4f1450884ccd37204471581.yaml
index 04c77e429a..47c01e9392 100644
--- a/nuclei-templates/2022/CVE-2022-47608-f442fd7af4f1450884ccd37204471581.yaml
+++ b/nuclei-templates/2022/CVE-2022-47608-f442fd7af4f1450884ccd37204471581.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Contact Form <= 8.0.3.1 - Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-contact-form/"
     google-query: inurl:"/wp-content/plugins/quick-contact-form/"
     shodan-query: 'vuln:CVE-2022-47608'
-  tags: cve,wordpress,wp-plugin,quick-contact-form,medium
+  tags: cve,wordpress,wp-plugin,quick-contact-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4761-689bba03a0123069bb521d413df5bf54.yaml b/nuclei-templates/2022/CVE-2022-4761-689bba03a0123069bb521d413df5bf54.yaml
index 6241265873..af5b9ef3d5 100644
--- a/nuclei-templates/2022/CVE-2022-4761-689bba03a0123069bb521d413df5bf54.yaml
+++ b/nuclei-templates/2022/CVE-2022-4761-689bba03a0123069bb521d413df5bf54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Views Count <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Views Count plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/baw-post-views-count/"
     google-query: inurl:"/wp-content/plugins/baw-post-views-count/"
     shodan-query: 'vuln:CVE-2022-4761'
-  tags: cve,wordpress,wp-plugin,baw-post-views-count,medium
+  tags: cve,wordpress,wp-plugin,baw-post-views-count,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47610-5bcd1f7720b268a32568c458d817b9bf.yaml b/nuclei-templates/2022/CVE-2022-47610-5bcd1f7720b268a32568c458d817b9bf.yaml
index 80887074f3..6b025d46f0 100644
--- a/nuclei-templates/2022/CVE-2022-47610-5bcd1f7720b268a32568c458d817b9bf.yaml
+++ b/nuclei-templates/2022/CVE-2022-47610-5bcd1f7720b268a32568c458d817b9bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Image Popup <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Image Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via popup settings in versions up to, and including, 1.3.6  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-image-popup/"
     google-query: inurl:"/wp-content/plugins/simple-image-popup/"
     shodan-query: 'vuln:CVE-2022-47610'
-  tags: cve,wordpress,wp-plugin,simple-image-popup,medium
+  tags: cve,wordpress,wp-plugin,simple-image-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47611-4ebc9d9cf2e6c0b8863f7b05c2ec1bcd.yaml b/nuclei-templates/2022/CVE-2022-47611-4ebc9d9cf2e6c0b8863f7b05c2ec1bcd.yaml
index 0ec30ae66b..84622a18c5 100644
--- a/nuclei-templates/2022/CVE-2022-47611-4ebc9d9cf2e6c0b8863f7b05c2ec1bcd.yaml
+++ b/nuclei-templates/2022/CVE-2022-47611-4ebc9d9cf2e6c0b8863f7b05c2ec1bcd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hover Image <= 1.4.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Hover Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hover-image/"
     google-query: inurl:"/wp-content/plugins/hover-image/"
     shodan-query: 'vuln:CVE-2022-47611'
-  tags: cve,wordpress,wp-plugin,hover-image,high
+  tags: cve,wordpress,wp-plugin,hover-image,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-47613-e91e697ef1f971cda16c40acfd5a2dfb.yaml b/nuclei-templates/2022/CVE-2022-47613-e91e697ef1f971cda16c40acfd5a2dfb.yaml
index 3b1551fc7c..8487cc27c0 100644
--- a/nuclei-templates/2022/CVE-2022-47613-e91e697ef1f971cda16c40acfd5a2dfb.yaml
+++ b/nuclei-templates/2022/CVE-2022-47613-e91e697ef1f971cda16c40acfd5a2dfb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ChatBot <= 4.3.0 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ChatBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘qlcd_wp_chatbot_email_sub’ parameter in versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2022-47613'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4762-41bbba0b761effafe973f064cede1988.yaml b/nuclei-templates/2022/CVE-2022-4762-41bbba0b761effafe973f064cede1988.yaml
index b2d5d9f443..e404d64565 100644
--- a/nuclei-templates/2022/CVE-2022-4762-41bbba0b761effafe973f064cede1988.yaml
+++ b/nuclei-templates/2022/CVE-2022-4762-41bbba0b761effafe973f064cede1988.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Materialis Companion <= 1.3.39 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown shortcode in versions up to, and including, 1.3.39 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/materialis-companion/"
     google-query: inurl:"/wp-content/plugins/materialis-companion/"
     shodan-query: 'vuln:CVE-2022-4762'
-  tags: cve,wordpress,wp-plugin,materialis-companion,medium
+  tags: cve,wordpress,wp-plugin,materialis-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4763-8616181357e5ec901fe630838e957487.yaml b/nuclei-templates/2022/CVE-2022-4763-8616181357e5ec901fe630838e957487.yaml
index 329ee6d84e..dcfb144358 100644
--- a/nuclei-templates/2022/CVE-2022-4763-8616181357e5ec901fe630838e957487.yaml
+++ b/nuclei-templates/2022/CVE-2022-4763-8616181357e5ec901fe630838e957487.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icon Widget <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icon-widget/"
     google-query: inurl:"/wp-content/plugins/icon-widget/"
     shodan-query: 'vuln:CVE-2022-4763'
-  tags: cve,wordpress,wp-plugin,icon-widget,medium
+  tags: cve,wordpress,wp-plugin,icon-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4764-f7783b1b95259bfc99e8cabc59fcdb30.yaml b/nuclei-templates/2022/CVE-2022-4764-f7783b1b95259bfc99e8cabc59fcdb30.yaml
index 8275090ba7..8b1671a37f 100644
--- a/nuclei-templates/2022/CVE-2022-4764-f7783b1b95259bfc99e8cabc59fcdb30.yaml
+++ b/nuclei-templates/2022/CVE-2022-4764-f7783b1b95259bfc99e8cabc59fcdb30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple File Downloader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-file-downloader/"
     google-query: inurl:"/wp-content/plugins/simple-file-downloader/"
     shodan-query: 'vuln:CVE-2022-4764'
-  tags: cve,wordpress,wp-plugin,simple-file-downloader,medium
+  tags: cve,wordpress,wp-plugin,simple-file-downloader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4765-4d83bba8058d5550f9120708c18d4b23.yaml b/nuclei-templates/2022/CVE-2022-4765-4d83bba8058d5550f9120708c18d4b23.yaml
index 618faeaaf8..c9f547349a 100644
--- a/nuclei-templates/2022/CVE-2022-4765-4d83bba8058d5550f9120708c18d4b23.yaml
+++ b/nuclei-templates/2022/CVE-2022-4765-4d83bba8058d5550f9120708c18d4b23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Portfolio for Elementor <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Portfolio for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/portfolio-elementor/"
     google-query: inurl:"/wp-content/plugins/portfolio-elementor/"
     shodan-query: 'vuln:CVE-2022-4765'
-  tags: cve,wordpress,wp-plugin,portfolio-elementor,medium
+  tags: cve,wordpress,wp-plugin,portfolio-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4775-0c1c0e5907f82c480480fd236d7507d7.yaml b/nuclei-templates/2022/CVE-2022-4775-0c1c0e5907f82c480480fd236d7507d7.yaml
index 6b0ced8a09..9ea9fde543 100644
--- a/nuclei-templates/2022/CVE-2022-4775-0c1c0e5907f82c480480fd236d7507d7.yaml
+++ b/nuclei-templates/2022/CVE-2022-4775-0c1c0e5907f82c480480fd236d7507d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GeoDirectory <= 2.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GeoDirectory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geodirectory/"
     google-query: inurl:"/wp-content/plugins/geodirectory/"
     shodan-query: 'vuln:CVE-2022-4775'
-  tags: cve,wordpress,wp-plugin,geodirectory,medium
+  tags: cve,wordpress,wp-plugin,geodirectory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4776-16f9ec159f7aada4bb87cabf3c4d9411.yaml b/nuclei-templates/2022/CVE-2022-4776-16f9ec159f7aada4bb87cabf3c4d9411.yaml
index 14abb3ec93..b8891ef2e9 100644
--- a/nuclei-templates/2022/CVE-2022-4776-16f9ec159f7aada4bb87cabf3c4d9411.yaml
+++ b/nuclei-templates/2022/CVE-2022-4776-16f9ec159f7aada4bb87cabf3c4d9411.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CC Child Pages <= 1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.42 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cc-child-pages/"
     google-query: inurl:"/wp-content/plugins/cc-child-pages/"
     shodan-query: 'vuln:CVE-2022-4776'
-  tags: cve,wordpress,wp-plugin,cc-child-pages,medium
+  tags: cve,wordpress,wp-plugin,cc-child-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-0063be3832ab01645d83916172a49901.yaml b/nuclei-templates/2022/CVE-2022-4777-0063be3832ab01645d83916172a49901.yaml
index 42aa8c18ab..be255fc2fb 100644
--- a/nuclei-templates/2022/CVE-2022-4777-0063be3832ab01645d83916172a49901.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-0063be3832ab01645d83916172a49901.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'parent' parameters in the 'bs_citem' shortcode in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-1c682460ea1b975e2214df2ecfd2a316.yaml b/nuclei-templates/2022/CVE-2022-4777-1c682460ea1b975e2214df2ecfd2a316.yaml
index eef0bf3ec3..b4795f1e5a 100644
--- a/nuclei-templates/2022/CVE-2022-4777-1c682460ea1b975e2214df2ecfd2a316.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-1c682460ea1b975e2214df2ecfd2a316.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the 'bs_tcontent' shortcode in versions up to, and including, 3.4.0. This may make it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that while it is trivial to add event attributes to the <div> tag generated by the shortcode, a practically exploitable payload may not exist as the tag is closed without any additional content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-3cdf082bedfada27b24599e0f1cfd2ca.yaml b/nuclei-templates/2022/CVE-2022-4777-3cdf082bedfada27b24599e0f1cfd2ca.yaml
index 469a6c151e..ee6c622764 100644
--- a/nuclei-templates/2022/CVE-2022-4777-3cdf082bedfada27b24599e0f1cfd2ca.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-3cdf082bedfada27b24599e0f1cfd2ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' and 'href' parameters in the 'bs_tab' shortcode in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-4162fc0aa9f89a19a3b0d9a16f341e8b.yaml b/nuclei-templates/2022/CVE-2022-4777-4162fc0aa9f89a19a3b0d9a16f341e8b.yaml
index 20a9bd9324..fe4470ec7c 100644
--- a/nuclei-templates/2022/CVE-2022-4777-4162fc0aa9f89a19a3b0d9a16f341e8b.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-4162fc0aa9f89a19a3b0d9a16f341e8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in the 'bs_row' shortcode in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-548b1bf05be2eb1395c8483d4525a9fd.yaml b/nuclei-templates/2022/CVE-2022-4777-548b1bf05be2eb1395c8483d4525a9fd.yaml
index e84e8d5e09..6e1ed79859 100644
--- a/nuclei-templates/2022/CVE-2022-4777-548b1bf05be2eb1395c8483d4525a9fd.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-548b1bf05be2eb1395c8483d4525a9fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the 'bs_collapse' shortcode in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-56e13ca8937773de3612c03bb63c62f7.yaml b/nuclei-templates/2022/CVE-2022-4777-56e13ca8937773de3612c03bb63c62f7.yaml
index 70991d948d..c0d018ade7 100644
--- a/nuclei-templates/2022/CVE-2022-4777-56e13ca8937773de3612c03bb63c62f7.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-56e13ca8937773de3612c03bb63c62f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' parameter in the 'bs_notification' shortcode in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-5baab614c3a64c60d1e33947fef5d35a.yaml b/nuclei-templates/2022/CVE-2022-4777-5baab614c3a64c60d1e33947fef5d35a.yaml
index 20adb54347..97fbc28f6d 100644
--- a/nuclei-templates/2022/CVE-2022-4777-5baab614c3a64c60d1e33947fef5d35a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-5baab614c3a64c60d1e33947fef5d35a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' parameter in the 'bs_label' shortcode in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-9fb1ec0e705e68a81b6b6afdf66e55e5.yaml b/nuclei-templates/2022/CVE-2022-4777-9fb1ec0e705e68a81b6b6afdf66e55e5.yaml
index f4c89643c3..fda56caf8a 100644
--- a/nuclei-templates/2022/CVE-2022-4777-9fb1ec0e705e68a81b6b6afdf66e55e5.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-9fb1ec0e705e68a81b6b6afdf66e55e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' parameter in the 'bs_well' shortcode in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-b9a97b0935a5ed2529aec7b450e17238.yaml b/nuclei-templates/2022/CVE-2022-4777-b9a97b0935a5ed2529aec7b450e17238.yaml
index ad1fdc6bc7..97adce3f98 100644
--- a/nuclei-templates/2022/CVE-2022-4777-b9a97b0935a5ed2529aec7b450e17238.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-b9a97b0935a5ed2529aec7b450e17238.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in the 'bs_col' shortcode in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-dac296fb931bf261709dca85eb4e38f9.yaml b/nuclei-templates/2022/CVE-2022-4777-dac296fb931bf261709dca85eb4e38f9.yaml
index c7bb069c97..3a5c44d4d7 100644
--- a/nuclei-templates/2022/CVE-2022-4777-dac296fb931bf261709dca85eb4e38f9.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-dac296fb931bf261709dca85eb4e38f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in the 'bs_icon' shortcode in versions up to, and including, 3.4.0. This may make it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that while it is trivial to add event attributes to the <i> tag generated by the shortcode, a practically exploitable payload may not exist as the tag is closed without any additional content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-ee646c363ad3189cf7438d75312013e3.yaml b/nuclei-templates/2022/CVE-2022-4777-ee646c363ad3189cf7438d75312013e3.yaml
index 81a0f0747c..e30d120336 100644
--- a/nuclei-templates/2022/CVE-2022-4777-ee646c363ad3189cf7438d75312013e3.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-ee646c363ad3189cf7438d75312013e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' and 'id' parameters in the 'bs_dropdown' shortcode in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4777-f8952c598fe28f01e932d940cff08de2.yaml b/nuclei-templates/2022/CVE-2022-4777-f8952c598fe28f01e932d940cff08de2.yaml
index 7fbc99d2d4..260e18f6b1 100644
--- a/nuclei-templates/2022/CVE-2022-4777-f8952c598fe28f01e932d940cff08de2.yaml
+++ b/nuclei-templates/2022/CVE-2022-4777-f8952c598fe28f01e932d940cff08de2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BootStrap Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size', 'type', and 'href' parameters in the 'bs_button' shortcode in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers with the 'edit posts' capability, such as contributors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bootstrap-shortcodes/"
     google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4777'
-  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4781-3091ac7532eaab098f714acca62716d7.yaml b/nuclei-templates/2022/CVE-2022-4781-3091ac7532eaab098f714acca62716d7.yaml
index 3e5cd393ec..69fb6a970b 100644
--- a/nuclei-templates/2022/CVE-2022-4781-3091ac7532eaab098f714acca62716d7.yaml
+++ b/nuclei-templates/2022/CVE-2022-4781-3091ac7532eaab098f714acca62716d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordion Shortcodes <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordion Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordion-shortcodes/"
     google-query: inurl:"/wp-content/plugins/accordion-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4781'
-  tags: cve,wordpress,wp-plugin,accordion-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,accordion-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4782-b375402f4d94456be8a455efbe0b59a8.yaml b/nuclei-templates/2022/CVE-2022-4782-b375402f4d94456be8a455efbe0b59a8.yaml
index 2161de08ea..db2ff6e752 100644
--- a/nuclei-templates/2022/CVE-2022-4782-b375402f4d94456be8a455efbe0b59a8.yaml
+++ b/nuclei-templates/2022/CVE-2022-4782-b375402f4d94456be8a455efbe0b59a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ClickFunnels <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ClickFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clickfunnels/"
     google-query: inurl:"/wp-content/plugins/clickfunnels/"
     shodan-query: 'vuln:CVE-2022-4782'
-  tags: cve,wordpress,wp-plugin,clickfunnels,medium
+  tags: cve,wordpress,wp-plugin,clickfunnels,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4783-b830431516693664401f38e9ff6fdd82.yaml b/nuclei-templates/2022/CVE-2022-4783-b830431516693664401f38e9ff6fdd82.yaml
index 74a15b7ccc..2dc9864613 100644
--- a/nuclei-templates/2022/CVE-2022-4783-b830431516693664401f38e9ff6fdd82.yaml
+++ b/nuclei-templates/2022/CVE-2022-4783-b830431516693664401f38e9ff6fdd82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Youtube Channel Gallery <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Youtube Channel Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes such as search_input_text. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-channel-gallery/"
     google-query: inurl:"/wp-content/plugins/youtube-channel-gallery/"
     shodan-query: 'vuln:CVE-2022-4783'
-  tags: cve,wordpress,wp-plugin,youtube-channel-gallery,medium
+  tags: cve,wordpress,wp-plugin,youtube-channel-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4784-9b8d61323342cf7cc549ce8c8f2716e5.yaml b/nuclei-templates/2022/CVE-2022-4784-9b8d61323342cf7cc549ce8c8f2716e5.yaml
index 102ad28009..0114373a26 100644
--- a/nuclei-templates/2022/CVE-2022-4784-9b8d61323342cf7cc549ce8c8f2716e5.yaml
+++ b/nuclei-templates/2022/CVE-2022-4784-9b8d61323342cf7cc549ce8c8f2716e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hueman Addons <= 2.3.3 - Authenticated (Contributor+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hueman Addons for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hueman-addons/"
     google-query: inurl:"/wp-content/plugins/hueman-addons/"
     shodan-query: 'vuln:CVE-2022-4784'
-  tags: cve,wordpress,wp-plugin,hueman-addons,medium
+  tags: cve,wordpress,wp-plugin,hueman-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4785-24e6c274146f1f712f8edfca9e42b8b8.yaml b/nuclei-templates/2022/CVE-2022-4785-24e6c274146f1f712f8edfca9e42b8b8.yaml
index 9e30eade3f..f719147294 100644
--- a/nuclei-templates/2022/CVE-2022-4785-24e6c274146f1f712f8edfca9e42b8b8.yaml
+++ b/nuclei-templates/2022/CVE-2022-4785-24e6c274146f1f712f8edfca9e42b8b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Sidebar Widgets <= 6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Sidebar Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters saved as post meta such as 'vsw_pmvw_video_id' in versions up to, and including, 6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-sidebar-widgets/"
     google-query: inurl:"/wp-content/plugins/video-sidebar-widgets/"
     shodan-query: 'vuln:CVE-2022-4785'
-  tags: cve,wordpress,wp-plugin,video-sidebar-widgets,medium
+  tags: cve,wordpress,wp-plugin,video-sidebar-widgets,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4786-cb800bf450a42c7a99ab39154ac260ab.yaml b/nuclei-templates/2022/CVE-2022-4786-cb800bf450a42c7a99ab39154ac260ab.yaml
index 5ff3c6d0c7..7dcf080126 100644
--- a/nuclei-templates/2022/CVE-2022-4786-cb800bf450a42c7a99ab39154ac260ab.yaml
+++ b/nuclei-templates/2022/CVE-2022-4786-cb800bf450a42c7a99ab39154ac260ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video.js – HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video.js – HTML5 Video Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes such as 'class'. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/videojs-html5-video-player-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/videojs-html5-video-player-for-wordpress/"
     shodan-query: 'vuln:CVE-2022-4786'
-  tags: cve,wordpress,wp-plugin,videojs-html5-video-player-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,videojs-html5-video-player-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4787-7fb1bb76537e399dfae9ca2dc54c6a8c.yaml b/nuclei-templates/2022/CVE-2022-4787-7fb1bb76537e399dfae9ca2dc54c6a8c.yaml
index b3f251347a..c50b79361a 100644
--- a/nuclei-templates/2022/CVE-2022-4787-7fb1bb76537e399dfae9ca2dc54c6a8c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4787-7fb1bb76537e399dfae9ca2dc54c6a8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Shortcodes <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-shortcodes/"
     google-query: inurl:"/wp-content/plugins/themify-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4787'
-  tags: cve,wordpress,wp-plugin,themify-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,themify-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4788-ed0ef3463be2d5aaf2ed1f44e5427cec.yaml b/nuclei-templates/2022/CVE-2022-4788-ed0ef3463be2d5aaf2ed1f44e5427cec.yaml
index cad3082909..78fa6017c5 100644
--- a/nuclei-templates/2022/CVE-2022-4788-ed0ef3463be2d5aaf2ed1f44e5427cec.yaml
+++ b/nuclei-templates/2022/CVE-2022-4788-ed0ef3463be2d5aaf2ed1f44e5427cec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Embed PDF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes such as 'style'. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dirtysuds-embed-pdf/"
     google-query: inurl:"/wp-content/plugins/dirtysuds-embed-pdf/"
     shodan-query: 'vuln:CVE-2022-4788'
-  tags: cve,wordpress,wp-plugin,dirtysuds-embed-pdf,medium
+  tags: cve,wordpress,wp-plugin,dirtysuds-embed-pdf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4789-0ee2773c0417239ca9eb51cc09f9c94f.yaml b/nuclei-templates/2022/CVE-2022-4789-0ee2773c0417239ca9eb51cc09f9c94f.yaml
index dbba94540b..0a075546c6 100644
--- a/nuclei-templates/2022/CVE-2022-4789-0ee2773c0417239ca9eb51cc09f9c94f.yaml
+++ b/nuclei-templates/2022/CVE-2022-4789-0ee2773c0417239ca9eb51cc09f9c94f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPZOOM Portfolio <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPZOOM Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpzoom-portfolio/"
     google-query: inurl:"/wp-content/plugins/wpzoom-portfolio/"
     shodan-query: 'vuln:CVE-2022-4789'
-  tags: cve,wordpress,wp-plugin,wpzoom-portfolio,medium
+  tags: cve,wordpress,wp-plugin,wpzoom-portfolio,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4790-1f645d98bf29f7b2e378ac42457eb0cd.yaml b/nuclei-templates/2022/CVE-2022-4790-1f645d98bf29f7b2e378ac42457eb0cd.yaml
index bdb5983a7d..a3e6408709 100644
--- a/nuclei-templates/2022/CVE-2022-4790-1f645d98bf29f7b2e378ac42457eb0cd.yaml
+++ b/nuclei-templates/2022/CVE-2022-4790-1f645d98bf29f7b2e378ac42457eb0cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google My Business Auto Publish <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Google My Business Auto Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-my-business-auto-publish/"
     google-query: inurl:"/wp-content/plugins/wp-google-my-business-auto-publish/"
     shodan-query: 'vuln:CVE-2022-4790'
-  tags: cve,wordpress,wp-plugin,wp-google-my-business-auto-publish,medium
+  tags: cve,wordpress,wp-plugin,wp-google-my-business-auto-publish,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4791-ba63b488e2407e68ac5be6c07d4b813b.yaml b/nuclei-templates/2022/CVE-2022-4791-ba63b488e2407e68ac5be6c07d4b813b.yaml
index e55c84f084..5401a9f300 100644
--- a/nuclei-templates/2022/CVE-2022-4791-ba63b488e2407e68ac5be6c07d4b813b.yaml
+++ b/nuclei-templates/2022/CVE-2022-4791-ba63b488e2407e68ac5be6c07d4b813b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Slider and Carousel with Category for WooCommerce <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product Slider and Carousel with Category for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'design'. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-slider-and-carousel-with-category/"
     google-query: inurl:"/wp-content/plugins/woo-product-slider-and-carousel-with-category/"
     shodan-query: 'vuln:CVE-2022-4791'
-  tags: cve,wordpress,wp-plugin,woo-product-slider-and-carousel-with-category,medium
+  tags: cve,wordpress,wp-plugin,woo-product-slider-and-carousel-with-category,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4792-95eff066a45135b12edbc92f481f5d74.yaml b/nuclei-templates/2022/CVE-2022-4792-95eff066a45135b12edbc92f481f5d74.yaml
index 1185e567c3..1d52a8537f 100644
--- a/nuclei-templates/2022/CVE-2022-4792-95eff066a45135b12edbc92f481f5d74.yaml
+++ b/nuclei-templates/2022/CVE-2022-4792-95eff066a45135b12edbc92f481f5d74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     News & Blog Designer Pack <= 3.2 - Authenticated (Contributor+) Stored Cross-Site SQcripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The News & Blog Designer Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog-designer-pack/"
     google-query: inurl:"/wp-content/plugins/blog-designer-pack/"
     shodan-query: 'vuln:CVE-2022-4792'
-  tags: cve,wordpress,wp-plugin,blog-designer-pack,medium
+  tags: cve,wordpress,wp-plugin,blog-designer-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4793-c371054500c25911223fb4e88ae17274.yaml b/nuclei-templates/2022/CVE-2022-4793-c371054500c25911223fb4e88ae17274.yaml
index c8f638d0cb..a31d3a8c97 100644
--- a/nuclei-templates/2022/CVE-2022-4793-c371054500c25911223fb4e88ae17274.yaml
+++ b/nuclei-templates/2022/CVE-2022-4793-c371054500c25911223fb4e88ae17274.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blog Designer - Post and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blog Designer - Post and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes like 'design'. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog-designer-for-post-and-widget/"
     google-query: inurl:"/wp-content/plugins/blog-designer-for-post-and-widget/"
     shodan-query: 'vuln:CVE-2022-4793'
-  tags: cve,wordpress,wp-plugin,blog-designer-for-post-and-widget,medium
+  tags: cve,wordpress,wp-plugin,blog-designer-for-post-and-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4795-603a30eceae4e23d58fec3225b0d2f29.yaml b/nuclei-templates/2022/CVE-2022-4795-603a30eceae4e23d58fec3225b0d2f29.yaml
index e19c5516d2..de2419c8d8 100644
--- a/nuclei-templates/2022/CVE-2022-4795-603a30eceae4e23d58fec3225b0d2f29.yaml
+++ b/nuclei-templates/2022/CVE-2022-4795-603a30eceae4e23d58fec3225b0d2f29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Galleries by Angie Makes <= 1.67 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Galleries by Angie Makes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.67 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-shortcodes/"
     google-query: inurl:"/wp-content/plugins/wc-shortcodes/"
     shodan-query: 'vuln:CVE-2022-4795'
-  tags: cve,wordpress,wp-plugin,wc-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,wc-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4824-8bfdb58ec24e0630da2bd7f7847728ae.yaml b/nuclei-templates/2022/CVE-2022-4824-8bfdb58ec24e0630da2bd7f7847728ae.yaml
index 4a06688460..b80ef0e91b 100644
--- a/nuclei-templates/2022/CVE-2022-4824-8bfdb58ec24e0630da2bd7f7847728ae.yaml
+++ b/nuclei-templates/2022/CVE-2022-4824-8bfdb58ec24e0630da2bd7f7847728ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Blog and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Blog and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-blog-and-widgets/"
     google-query: inurl:"/wp-content/plugins/wp-blog-and-widgets/"
     shodan-query: 'vuln:CVE-2022-4824'
-  tags: cve,wordpress,wp-plugin,wp-blog-and-widgets,high
+  tags: cve,wordpress,wp-plugin,wp-blog-and-widgets,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4825-d3ed4033e1c7b404f15d64bf377cadc7.yaml b/nuclei-templates/2022/CVE-2022-4825-d3ed4033e1c7b404f15d64bf377cadc7.yaml
index 43bb50ae13..728cdab9b3 100644
--- a/nuclei-templates/2022/CVE-2022-4825-d3ed4033e1c7b404f15d64bf377cadc7.yaml
+++ b/nuclei-templates/2022/CVE-2022-4825-d3ed4033e1c7b404f15d64bf377cadc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-ShowHide <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-ShowHide for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.04 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-showhide/"
     google-query: inurl:"/wp-content/plugins/wp-showhide/"
     shodan-query: 'vuln:CVE-2022-4825'
-  tags: cve,wordpress,wp-plugin,wp-showhide,medium
+  tags: cve,wordpress,wp-plugin,wp-showhide,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4826-6284e6441b25b9ea2f8b947793590242.yaml b/nuclei-templates/2022/CVE-2022-4826-6284e6441b25b9ea2f8b947793590242.yaml
index 4a09fa27c2..e3bcbaf116 100644
--- a/nuclei-templates/2022/CVE-2022-4826-6284e6441b25b9ea2f8b947793590242.yaml
+++ b/nuclei-templates/2022/CVE-2022-4826-6284e6441b25b9ea2f8b947793590242.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Tooltips <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Tooltips plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-tooltips/"
     google-query: inurl:"/wp-content/plugins/simple-tooltips/"
     shodan-query: 'vuln:CVE-2022-4826'
-  tags: cve,wordpress,wp-plugin,simple-tooltips,medium
+  tags: cve,wordpress,wp-plugin,simple-tooltips,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4827-d83c363445764249cee1964637302b09.yaml b/nuclei-templates/2022/CVE-2022-4827-d83c363445764249cee1964637302b09.yaml
index 08e45c6b02..47312dbad6 100644
--- a/nuclei-templates/2022/CVE-2022-4827-d83c363445764249cee1964637302b09.yaml
+++ b/nuclei-templates/2022/CVE-2022-4827-d83c363445764249cee1964637302b09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Tiles <= 1.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Tiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-tiles/"
     google-query: inurl:"/wp-content/plugins/wp-tiles/"
     shodan-query: 'vuln:CVE-2022-4827'
-  tags: cve,wordpress,wp-plugin,wp-tiles,medium
+  tags: cve,wordpress,wp-plugin,wp-tiles,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4828-263cb8027fbba6881585c49ec8985e2c.yaml b/nuclei-templates/2022/CVE-2022-4828-263cb8027fbba6881585c49ec8985e2c.yaml
index ea1006f64f..bdd2288c52 100644
--- a/nuclei-templates/2022/CVE-2022-4828-263cb8027fbba6881585c49ec8985e2c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4828-263cb8027fbba6881585c49ec8985e2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Timeline Lite <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-timeline-lite/"
     google-query: inurl:"/wp-content/plugins/bold-timeline-lite/"
     shodan-query: 'vuln:CVE-2022-4828'
-  tags: cve,wordpress,wp-plugin,bold-timeline-lite,medium
+  tags: cve,wordpress,wp-plugin,bold-timeline-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4829-de70b1243fed8f47eec92e24941c2439.yaml b/nuclei-templates/2022/CVE-2022-4829-de70b1243fed8f47eec92e24941c2439.yaml
index 75d5ac93f6..36444c52f3 100644
--- a/nuclei-templates/2022/CVE-2022-4829-de70b1243fed8f47eec92e24941c2439.yaml
+++ b/nuclei-templates/2022/CVE-2022-4829-de70b1243fed8f47eec92e24941c2439.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Show-Hide / Collapse-Expand <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Show-Hide / Collapse-Expand plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/show-hidecollapse-expand/"
     google-query: inurl:"/wp-content/plugins/show-hidecollapse-expand/"
     shodan-query: 'vuln:CVE-2022-4829'
-  tags: cve,wordpress,wp-plugin,show-hidecollapse-expand,medium
+  tags: cve,wordpress,wp-plugin,show-hidecollapse-expand,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4830-cc7679b7eedbbcc9700c025bd91811bc.yaml b/nuclei-templates/2022/CVE-2022-4830-cc7679b7eedbbcc9700c025bd91811bc.yaml
index 8588e8ce3e..f8089f818b 100644
--- a/nuclei-templates/2022/CVE-2022-4830-cc7679b7eedbbcc9700c025bd91811bc.yaml
+++ b/nuclei-templates/2022/CVE-2022-4830-cc7679b7eedbbcc9700c025bd91811bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Memberships Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:CVE-2022-4830'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4831-f1d7c5edd451960671d8bd82cadc646e.yaml b/nuclei-templates/2022/CVE-2022-4831-f1d7c5edd451960671d8bd82cadc646e.yaml
index ab509002b1..139c347785 100644
--- a/nuclei-templates/2022/CVE-2022-4831-f1d7c5edd451960671d8bd82cadc646e.yaml
+++ b/nuclei-templates/2022/CVE-2022-4831-f1d7c5edd451960671d8bd82cadc646e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom User Profile Fields <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pmpro-register-helper/"
     google-query: inurl:"/wp-content/plugins/pmpro-register-helper/"
     shodan-query: 'vuln:CVE-2022-4831'
-  tags: cve,wordpress,wp-plugin,pmpro-register-helper,medium
+  tags: cve,wordpress,wp-plugin,pmpro-register-helper,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4832-dff478252e53a4d48eba850e27632073.yaml b/nuclei-templates/2022/CVE-2022-4832-dff478252e53a4d48eba850e27632073.yaml
index b8cfafd3c1..4fc4fc925d 100644
--- a/nuclei-templates/2022/CVE-2022-4832-dff478252e53a4d48eba850e27632073.yaml
+++ b/nuclei-templates/2022/CVE-2022-4832-dff478252e53a4d48eba850e27632073.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Store Locator WordPress <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Store Locator WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/agile-store-locator/"
     google-query: inurl:"/wp-content/plugins/agile-store-locator/"
     shodan-query: 'vuln:CVE-2022-4832'
-  tags: cve,wordpress,wp-plugin,agile-store-locator,medium
+  tags: cve,wordpress,wp-plugin,agile-store-locator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4833-7b03e9c7a48a7a487481072b229c74d2.yaml b/nuclei-templates/2022/CVE-2022-4833-7b03e9c7a48a7a487481072b229c74d2.yaml
index 685a79f1c1..4452fab3f5 100644
--- a/nuclei-templates/2022/CVE-2022-4833-7b03e9c7a48a7a487481072b229c74d2.yaml
+++ b/nuclei-templates/2022/CVE-2022-4833-7b03e9c7a48a7a487481072b229c74d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YourChannel <= 1.2.2 Authenticated (Contributor+) Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yourchannel/"
     google-query: inurl:"/wp-content/plugins/yourchannel/"
     shodan-query: 'vuln:CVE-2022-4833'
-  tags: cve,wordpress,wp-plugin,yourchannel,high
+  tags: cve,wordpress,wp-plugin,yourchannel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4833-7eee22ee9d7eafb911cff5c522c34cc9.yaml b/nuclei-templates/2022/CVE-2022-4833-7eee22ee9d7eafb911cff5c522c34cc9.yaml
index 2e6ad2b5a9..497e6f17e8 100644
--- a/nuclei-templates/2022/CVE-2022-4833-7eee22ee9d7eafb911cff5c522c34cc9.yaml
+++ b/nuclei-templates/2022/CVE-2022-4833-7eee22ee9d7eafb911cff5c522c34cc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YourChannel <= 1.2.1 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The YourChannel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'save', 'delete', 'deleteLang', and 'saveLang' functions in versions up to, and including, 1.2.1. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level attackers to access functions to save or delete plugin data that can potentially lead to injected arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yourchannel/"
     google-query: inurl:"/wp-content/plugins/yourchannel/"
     shodan-query: 'vuln:CVE-2022-4833'
-  tags: cve,wordpress,wp-plugin,yourchannel,high
+  tags: cve,wordpress,wp-plugin,yourchannel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4834-e983f7dc1644cbc367524173b0bfd556.yaml b/nuclei-templates/2022/CVE-2022-4834-e983f7dc1644cbc367524173b0bfd556.yaml
index fe94c00b0b..372e6a4e51 100644
--- a/nuclei-templates/2022/CVE-2022-4834-e983f7dc1644cbc367524173b0bfd556.yaml
+++ b/nuclei-templates/2022/CVE-2022-4834-e983f7dc1644cbc367524173b0bfd556.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CPT Bootstrap Carousel <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CPT Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cpt-bootstrap-carousel/"
     google-query: inurl:"/wp-content/plugins/cpt-bootstrap-carousel/"
     shodan-query: 'vuln:CVE-2022-4834'
-  tags: cve,wordpress,wp-plugin,cpt-bootstrap-carousel,medium
+  tags: cve,wordpress,wp-plugin,cpt-bootstrap-carousel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4835-b594ed2c30b3954ae4ee7c97ed6645b0.yaml b/nuclei-templates/2022/CVE-2022-4835-b594ed2c30b3954ae4ee7c97ed6645b0.yaml
index e36e2ac834..47c721afe2 100644
--- a/nuclei-templates/2022/CVE-2022-4835-b594ed2c30b3954ae4ee7c97ed6645b0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4835-b594ed2c30b3954ae4ee7c97ed6645b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Sharing Toolkit <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Sharing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'title'. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-sharing-toolkit/"
     google-query: inurl:"/wp-content/plugins/social-sharing-toolkit/"
     shodan-query: 'vuln:CVE-2022-4835'
-  tags: cve,wordpress,wp-plugin,social-sharing-toolkit,medium
+  tags: cve,wordpress,wp-plugin,social-sharing-toolkit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4836-27fbae7541522bd11e17939b8913ef50.yaml b/nuclei-templates/2022/CVE-2022-4836-27fbae7541522bd11e17939b8913ef50.yaml
index b19fbc9498..51f2955e9f 100644
--- a/nuclei-templates/2022/CVE-2022-4836-27fbae7541522bd11e17939b8913ef50.yaml
+++ b/nuclei-templates/2022/CVE-2022-4836-27fbae7541522bd11e17939b8913ef50.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Breadcrumb <= 1.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Breadcrumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'breadcrumb_themes' (within in the 'breadcrumb_display' function) in versions up to, and including, 1.5.32 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/breadcrumb/"
     google-query: inurl:"/wp-content/plugins/breadcrumb/"
     shodan-query: 'vuln:CVE-2022-4836'
-  tags: cve,wordpress,wp-plugin,breadcrumb,medium
+  tags: cve,wordpress,wp-plugin,breadcrumb,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4837-1cb9694a410b975eefa3459fd9bd670b.yaml b/nuclei-templates/2022/CVE-2022-4837-1cb9694a410b975eefa3459fd9bd670b.yaml
index d3c78a2ac2..525760e014 100644
--- a/nuclei-templates/2022/CVE-2022-4837-1cb9694a410b975eefa3459fd9bd670b.yaml
+++ b/nuclei-templates/2022/CVE-2022-4837-1cb9694a410b975eefa3459fd9bd670b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CPO Companion <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cpo-companion/"
     google-query: inurl:"/wp-content/plugins/cpo-companion/"
     shodan-query: 'vuln:CVE-2022-4837'
-  tags: cve,wordpress,wp-plugin,cpo-companion,medium
+  tags: cve,wordpress,wp-plugin,cpo-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4838-ac790c964325ea0370bae2df48218a78.yaml b/nuclei-templates/2022/CVE-2022-4838-ac790c964325ea0370bae2df48218a78.yaml
index 521f0aacb4..558ae542e4 100644
--- a/nuclei-templates/2022/CVE-2022-4838-ac790c964325ea0370bae2df48218a78.yaml
+++ b/nuclei-templates/2022/CVE-2022-4838-ac790c964325ea0370bae2df48218a78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clean Login <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Clean Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clean-login/"
     google-query: inurl:"/wp-content/plugins/clean-login/"
     shodan-query: 'vuln:CVE-2022-4838'
-  tags: cve,wordpress,wp-plugin,clean-login,medium
+  tags: cve,wordpress,wp-plugin,clean-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4872-a49761e8700910d2b10517900bb96f1c.yaml b/nuclei-templates/2022/CVE-2022-4872-a49761e8700910d2b10517900bb96f1c.yaml
index 0fa50074d4..77d01e2510 100644
--- a/nuclei-templates/2022/CVE-2022-4872-a49761e8700910d2b10517900bb96f1c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4872-a49761e8700910d2b10517900bb96f1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The WooCommerce Chained Products plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when updating its settings in versions up to, and including, 2.12.0. This makes it possible for unauthenticated attackers to update arbitrary options that  may not belong to the plugin. However, update of options is limited to the value "no".
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-chained-products/"
     google-query: inurl:"/wp-content/plugins/woocommerce-chained-products/"
     shodan-query: 'vuln:CVE-2022-4872'
-  tags: cve,wordpress,wp-plugin,woocommerce-chained-products,critical
+  tags: cve,wordpress,wp-plugin,woocommerce-chained-products,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4888-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/2022/CVE-2022-4888-7f2753bfc2a0c6bb0434db7d475ab03d.yaml
index 7275bef85f..789a5a2ea2 100644
--- a/nuclei-templates/2022/CVE-2022-4888-7f2753bfc2a0c6bb0434db7d475ab03d.yaml
+++ b/nuclei-templates/2022/CVE-2022-4888-7f2753bfc2a0c6bb0434db7d475ab03d.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2022-4888
   metadata:
-    fofa-query: "wp-content/plugins/addify-custom-registration-forms-builder/"
-    google-query: inurl:"/wp-content/plugins/addify-custom-registration-forms-builder/"
+    fofa-query: "wp-content/plugins/addify-custom-order-number/"
+    google-query: inurl:"/wp-content/plugins/addify-custom-order-number/"
     shodan-query: 'vuln:CVE-2022-4888'
-  tags: cve,wordpress,wp-plugin,addify-custom-registration-forms-builder,medium
+  tags: cve,wordpress,wp-plugin,addify-custom-order-number,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/addify-custom-registration-forms-builder/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/addify-custom-order-number/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "addify-custom-registration-forms-builder"
+          - "addify-custom-order-number"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.0.2')
\ No newline at end of file
+          - compare_versions(version, '<= *')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-4905-1aa8a227283e43da0f41a656224571d0.yaml b/nuclei-templates/2022/CVE-2022-4905-1aa8a227283e43da0f41a656224571d0.yaml
index c6c68f8f90..f1a3e3905f 100644
--- a/nuclei-templates/2022/CVE-2022-4905-1aa8a227283e43da0f41a656224571d0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4905-1aa8a227283e43da0f41a656224571d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Stateless – Google Cloud Storage <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sm' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-stateless/"
     google-query: inurl:"/wp-content/plugins/wp-stateless/"
     shodan-query: 'vuln:CVE-2022-4905'
-  tags: cve,wordpress,wp-plugin,wp-stateless,medium
+  tags: cve,wordpress,wp-plugin,wp-stateless,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4931-f5711bcfafc45228fc0a872f3e3fae05.yaml b/nuclei-templates/2022/CVE-2022-4931-f5711bcfafc45228fc0a872f3e3fae05.yaml
index d19005e0e8..170a721c52 100644
--- a/nuclei-templates/2022/CVE-2022-4931-f5711bcfafc45228fc0a872f3e3fae05.yaml
+++ b/nuclei-templates/2022/CVE-2022-4931-f5711bcfafc45228fc0a872f3e3fae05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BackupWordPress <= 3.12 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backupwordpress/"
     google-query: inurl:"/wp-content/plugins/backupwordpress/"
     shodan-query: 'vuln:CVE-2022-4931'
-  tags: cve,wordpress,wp-plugin,backupwordpress,medium
+  tags: cve,wordpress,wp-plugin,backupwordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4932-faa8cb9cb5e4fa47467175ce98c14091.yaml b/nuclei-templates/2022/CVE-2022-4932-faa8cb9cb5e4fa47467175ce98c14091.yaml
index 149bbc813a..982db772f1 100644
--- a/nuclei-templates/2022/CVE-2022-4932-faa8cb9cb5e4fa47467175ce98c14091.yaml
+++ b/nuclei-templates/2022/CVE-2022-4932-faa8cb9cb5e4fa47467175ce98c14091.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/boldgrid-backup/"
     google-query: inurl:"/wp-content/plugins/boldgrid-backup/"
     shodan-query: 'vuln:CVE-2022-4932'
-  tags: cve,wordpress,wp-plugin,boldgrid-backup,medium
+  tags: cve,wordpress,wp-plugin,boldgrid-backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4937-0c52b9ced5fad811a9c32501960e026a.yaml b/nuclei-templates/2022/CVE-2022-4937-0c52b9ced5fad811a9c32501960e026a.yaml
index 6adf9af34e..4434d19dc7 100644
--- a/nuclei-templates/2022/CVE-2022-4937-0c52b9ced5fad811a9c32501960e026a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4937-0c52b9ced5fad811a9c32501960e026a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WCFM Frontend Manager <= 6.6.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-frontend-manager/"
     google-query: inurl:"/wp-content/plugins/wc-frontend-manager/"
     shodan-query: 'vuln:CVE-2022-4937'
-  tags: cve,wordpress,wp-plugin,wc-frontend-manager,medium
+  tags: cve,wordpress,wp-plugin,wc-frontend-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4946-0259b7e0abb7a82246638a669050bc8a.yaml b/nuclei-templates/2022/CVE-2022-4946-0259b7e0abb7a82246638a669050bc8a.yaml
index 69ad92f7b4..53814e20f7 100644
--- a/nuclei-templates/2022/CVE-2022-4946-0259b7e0abb7a82246638a669050bc8a.yaml
+++ b/nuclei-templates/2022/CVE-2022-4946-0259b7e0abb7a82246638a669050bc8a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Anonymous Post <= 2.8.4 - Authenticated (Contributor+) Arbitrary Redirect
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AccessPress Anonymous Post plugin for WordPress is vulnerable to Arbitrary Redirect in versions up to, and including, 2.8.4. This is due to insufficient validation on one of the attributes for one of its shortcodes. This makes it possible for authenticated attackers, with contributor-level access, to redirect users to potentially malicious sites.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accesspress-anonymous-post/"
     google-query: inurl:"/wp-content/plugins/accesspress-anonymous-post/"
     shodan-query: 'vuln:CVE-2022-4946'
-  tags: cve,wordpress,wp-plugin,accesspress-anonymous-post,medium
+  tags: cve,wordpress,wp-plugin,accesspress-anonymous-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4948-473a1cc0b0ec6c93a83a85cc6eeee218.yaml b/nuclei-templates/2022/CVE-2022-4948-473a1cc0b0ec6c93a83a85cc6eeee218.yaml
index bf96bcc8f4..6ff60f9d7b 100644
--- a/nuclei-templates/2022/CVE-2022-4948-473a1cc0b0ec6c93a83a85cc6eeee218.yaml
+++ b/nuclei-templates/2022/CVE-2022-4948-473a1cc0b0ec6c93a83a85cc6eeee218.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FlyingPress <= 3.9.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in ways administrators are intended to. One action (save_config) allows for the configuration of an external CDN. This could be used to include malicious javascript from a source controlled by the attacker.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flying-press/"
     google-query: inurl:"/wp-content/plugins/flying-press/"
     shodan-query: 'vuln:CVE-2022-4948'
-  tags: cve,wordpress,wp-plugin,flying-press,medium
+  tags: cve,wordpress,wp-plugin,flying-press,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4949-76eba8cd8a4e862710149dc77a310969.yaml b/nuclei-templates/2022/CVE-2022-4949-76eba8cd8a4e862710149dc77a310969.yaml
index 8efb6af5dc..b08c567be0 100644
--- a/nuclei-templates/2022/CVE-2022-4949-76eba8cd8a4e862710149dc77a310969.yaml
+++ b/nuclei-templates/2022/CVE-2022-4949-76eba8cd8a4e862710149dc77a310969.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdSanity < 1.8.2 - Authenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adsanity/"
     google-query: inurl:"/wp-content/plugins/adsanity/"
     shodan-query: 'vuln:CVE-2022-4949'
-  tags: cve,wordpress,wp-plugin,adsanity,high
+  tags: cve,wordpress,wp-plugin,adsanity,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2022/CVE-2022-4950-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/2022/CVE-2022-4950-218c9a934953359a2e2d8f63be0a287c.yaml
index 19c5a80801..1c62c14507 100644
--- a/nuclei-templates/2022/CVE-2022-4950-218c9a934953359a2e2d8f63be0a287c.yaml
+++ b/nuclei-templates/2022/CVE-2022-4950-218c9a934953359a2e2d8f63be0a287c.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2022-4950
   metadata:
-    fofa-query: "wp-content/plugins/countdown-for-the-events-calendar/"
-    google-query: inurl:"/wp-content/plugins/countdown-for-the-events-calendar/"
+    fofa-query: "wp-content/plugins/events-widgets-for-elementor-and-the-events-calendar/"
+    google-query: inurl:"/wp-content/plugins/events-widgets-for-elementor-and-the-events-calendar/"
     shodan-query: 'vuln:CVE-2022-4950'
-  tags: cve,wordpress,wp-plugin,countdown-for-the-events-calendar,high
+  tags: cve,wordpress,wp-plugin,events-widgets-for-elementor-and-the-events-calendar,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/countdown-for-the-events-calendar/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/events-widgets-for-elementor-and-the-events-calendar/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "countdown-for-the-events-calendar"
+          - "events-widgets-for-elementor-and-the-events-calendar"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.3.1')
\ No newline at end of file
+          - compare_versions(version, '<= 1.4.2')
\ No newline at end of file
diff --git a/nuclei-templates/2022/CVE-2022-4954-8c1942cb96af03432bec152c3b3fb8a0.yaml b/nuclei-templates/2022/CVE-2022-4954-8c1942cb96af03432bec152c3b3fb8a0.yaml
index 5e9c6ae23b..f2ab72a17f 100644
--- a/nuclei-templates/2022/CVE-2022-4954-8c1942cb96af03432bec152c3b3fb8a0.yaml
+++ b/nuclei-templates/2022/CVE-2022-4954-8c1942cb96af03432bec152c3b3fb8a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/waiting/"
     google-query: inurl:"/wp-content/plugins/waiting/"
     shodan-query: 'vuln:CVE-2022-4954'
-  tags: cve,wordpress,wp-plugin,waiting,medium
+  tags: cve,wordpress,wp-plugin,waiting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0033-c8829397a00680f2b905cec73a59a77f.yaml b/nuclei-templates/2023/CVE-2023-0033-c8829397a00680f2b905cec73a59a77f.yaml
index ca0de4dc9f..249c2d29ee 100644
--- a/nuclei-templates/2023/CVE-2023-0033-c8829397a00680f2b905cec73a59a77f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0033-c8829397a00680f2b905cec73a59a77f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Viewer <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-viewer/"
     google-query: inurl:"/wp-content/plugins/pdf-viewer/"
     shodan-query: 'vuln:CVE-2023-0033'
-  tags: cve,wordpress,wp-plugin,pdf-viewer,medium
+  tags: cve,wordpress,wp-plugin,pdf-viewer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0034-d9a90b73211e016b68ca1b3072e7a420.yaml b/nuclei-templates/2023/CVE-2023-0034-d9a90b73211e016b68ca1b3072e7a420.yaml
index 677dd2bf7e..18181fcb01 100644
--- a/nuclei-templates/2023/CVE-2023-0034-d9a90b73211e016b68ca1b3072e7a420.yaml
+++ b/nuclei-templates/2023/CVE-2023-0034-d9a90b73211e016b68ca1b3072e7a420.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JetWidgets For Elementor <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetwidgets-for-elementor/"
     google-query: inurl:"/wp-content/plugins/jetwidgets-for-elementor/"
     shodan-query: 'vuln:CVE-2023-0034'
-  tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0059-87cb25b1c7747f5af4e409cfd05ed832.yaml b/nuclei-templates/2023/CVE-2023-0059-87cb25b1c7747f5af4e409cfd05ed832.yaml
index f44e496aeb..4307df16f9 100644
--- a/nuclei-templates/2023/CVE-2023-0059-87cb25b1c7747f5af4e409cfd05ed832.yaml
+++ b/nuclei-templates/2023/CVE-2023-0059-87cb25b1c7747f5af4e409cfd05ed832.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Youzify <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youzify/"
     google-query: inurl:"/wp-content/plugins/youzify/"
     shodan-query: 'vuln:CVE-2023-0059'
-  tags: cve,wordpress,wp-plugin,youzify,medium
+  tags: cve,wordpress,wp-plugin,youzify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0060-a609881cbf31d06f5f3320cc98e71e76.yaml b/nuclei-templates/2023/CVE-2023-0060-a609881cbf31d06f5f3320cc98e71e76.yaml
index 2bda364ed3..e2efa64f10 100644
--- a/nuclei-templates/2023/CVE-2023-0060-a609881cbf31d06f5f3320cc98e71e76.yaml
+++ b/nuclei-templates/2023/CVE-2023-0060-a609881cbf31d06f5f3320cc98e71e76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Gallery Grid <= 2.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Gallery Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-gallery-grid/"
     google-query: inurl:"/wp-content/plugins/responsive-gallery-grid/"
     shodan-query: 'vuln:CVE-2023-0060'
-  tags: cve,wordpress,wp-plugin,responsive-gallery-grid,medium
+  tags: cve,wordpress,wp-plugin,responsive-gallery-grid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0061-e8b437aec6c6d5cf835be562d11e2a03.yaml b/nuclei-templates/2023/CVE-2023-0061-e8b437aec6c6d5cf835be562d11e2a03.yaml
index 51fc3ee454..f4d478858e 100644
--- a/nuclei-templates/2023/CVE-2023-0061-e8b437aec6c6d5cf835be562d11e2a03.yaml
+++ b/nuclei-templates/2023/CVE-2023-0061-e8b437aec6c6d5cf835be562d11e2a03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Judge.me Product Reviews for WooCommerce <= 1.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Judge.me Product Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.3.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/judgeme-product-reviews-woocommerce/"
     google-query: inurl:"/wp-content/plugins/judgeme-product-reviews-woocommerce/"
     shodan-query: 'vuln:CVE-2023-0061'
-  tags: cve,wordpress,wp-plugin,judgeme-product-reviews-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,judgeme-product-reviews-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0062-c623741b8b5dbd96eac005af1ef14987.yaml b/nuclei-templates/2023/CVE-2023-0062-c623741b8b5dbd96eac005af1ef14987.yaml
index a638a0b2d9..b63d2d8afc 100644
--- a/nuclei-templates/2023/CVE-2023-0062-c623741b8b5dbd96eac005af1ef14987.yaml
+++ b/nuclei-templates/2023/CVE-2023-0062-c623741b8b5dbd96eac005af1ef14987.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EAN for WooCommerce <= 4.4.2 - Authenticated (Contributor+ )Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ean-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/ean-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-0062'
-  tags: cve,wordpress,wp-plugin,ean-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,ean-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0063-6c1c86676b3f6a00f366fd4021465d09.yaml b/nuclei-templates/2023/CVE-2023-0063-6c1c86676b3f6a00f366fd4021465d09.yaml
index fceb7917a3..f70fb74933 100644
--- a/nuclei-templates/2023/CVE-2023-0063-6c1c86676b3f6a00f366fd4021465d09.yaml
+++ b/nuclei-templates/2023/CVE-2023-0063-6c1c86676b3f6a00f366fd4021465d09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Shortcodes <= 1.6.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.6.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/synved-shortcodes/"
     google-query: inurl:"/wp-content/plugins/synved-shortcodes/"
     shodan-query: 'vuln:CVE-2023-0063'
-  tags: cve,wordpress,wp-plugin,synved-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,synved-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0064-a04fa743a93c3af81940f7c153cec33e.yaml b/nuclei-templates/2023/CVE-2023-0064-a04fa743a93c3af81940f7c153cec33e.yaml
index dd8cf11721..46e7056e35 100644
--- a/nuclei-templates/2023/CVE-2023-0064-a04fa743a93c3af81940f7c153cec33e.yaml
+++ b/nuclei-templates/2023/CVE-2023-0064-a04fa743a93c3af81940f7c153cec33e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eVision Responsive Column Layout Shortcodes <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The eVision Responsive Column Layout Shortcodes for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wens-responsive-column-layout-shortcodes/"
     google-query: inurl:"/wp-content/plugins/wens-responsive-column-layout-shortcodes/"
     shodan-query: 'vuln:CVE-2023-0064'
-  tags: cve,wordpress,wp-plugin,wens-responsive-column-layout-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,wens-responsive-column-layout-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0065-5c4c3c093dd69f631ab63d22386e6148.yaml b/nuclei-templates/2023/CVE-2023-0065-5c4c3c093dd69f631ab63d22386e6148.yaml
index d0dd0e730d..c28abfef1d 100644
--- a/nuclei-templates/2023/CVE-2023-0065-5c4c3c093dd69f631ab63d22386e6148.yaml
+++ b/nuclei-templates/2023/CVE-2023-0065-5c4c3c093dd69f631ab63d22386e6148.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     i2 Pros & Cons <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The i2 Pros & Cons is vulnerable to stored Cross-Site Scripting in versions up to, and including, i2 Pros & Cons, via the 'i2_pros_and_cons' shortcode. This makes it possible for authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/i2-pro-cons/"
     google-query: inurl:"/wp-content/plugins/i2-pro-cons/"
     shodan-query: 'vuln:CVE-2023-0065'
-  tags: cve,wordpress,wp-plugin,i2-pro-cons,medium
+  tags: cve,wordpress,wp-plugin,i2-pro-cons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0066-c4c4cf320f9d5a30f314d45c9905f1fd.yaml b/nuclei-templates/2023/CVE-2023-0066-c4c4cf320f9d5a30f314d45c9905f1fd.yaml
index 06010975eb..8304424a67 100644
--- a/nuclei-templates/2023/CVE-2023-0066-c4c4cf320f9d5a30f314d45c9905f1fd.yaml
+++ b/nuclei-templates/2023/CVE-2023-0066-c4c4cf320f9d5a30f314d45c9905f1fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Companion Sitemap Generator <= 4.5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Companion Sitemap Generator  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.5.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/companion-sitemap-generator/"
     google-query: inurl:"/wp-content/plugins/companion-sitemap-generator/"
     shodan-query: 'vuln:CVE-2023-0066'
-  tags: cve,wordpress,wp-plugin,companion-sitemap-generator,medium
+  tags: cve,wordpress,wp-plugin,companion-sitemap-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0067-2049615ded6008298be273ad480dccbb.yaml b/nuclei-templates/2023/CVE-2023-0067-2049615ded6008298be273ad480dccbb.yaml
index b99d229469..bbff834356 100644
--- a/nuclei-templates/2023/CVE-2023-0067-2049615ded6008298be273ad480dccbb.yaml
+++ b/nuclei-templates/2023/CVE-2023-0067-2049615ded6008298be273ad480dccbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Timed Content <= 2.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Timed Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including,2.72 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/timed-content/"
     google-query: inurl:"/wp-content/plugins/timed-content/"
     shodan-query: 'vuln:CVE-2023-0067'
-  tags: cve,wordpress,wp-plugin,timed-content,medium
+  tags: cve,wordpress,wp-plugin,timed-content,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0068-bfa3bdf21b692d54c0876a9ef34f70f6.yaml b/nuclei-templates/2023/CVE-2023-0068-bfa3bdf21b692d54c0876a9ef34f70f6.yaml
index b659889834..937595d693 100644
--- a/nuclei-templates/2023/CVE-2023-0068-bfa3bdf21b692d54c0876a9ef34f70f6.yaml
+++ b/nuclei-templates/2023/CVE-2023-0068-bfa3bdf21b692d54c0876a9ef34f70f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product GTIN (EAN, UPC, ISBN) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-gtin-ean-upc-isbn-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/product-gtin-ean-upc-isbn-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-0068'
-  tags: cve,wordpress,wp-plugin,product-gtin-ean-upc-isbn-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,product-gtin-ean-upc-isbn-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0069-75529ea91935af94487230f89ef485d5.yaml b/nuclei-templates/2023/CVE-2023-0069-75529ea91935af94487230f89ef485d5.yaml
index 4dbcbb272e..bccd96de76 100644
--- a/nuclei-templates/2023/CVE-2023-0069-75529ea91935af94487230f89ef485d5.yaml
+++ b/nuclei-templates/2023/CVE-2023-0069-75529ea91935af94487230f89ef485d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPaudio MP3 Player <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPaudio MP3 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpaudio-mp3-player/"
     google-query: inurl:"/wp-content/plugins/wpaudio-mp3-player/"
     shodan-query: 'vuln:CVE-2023-0069'
-  tags: cve,wordpress,wp-plugin,wpaudio-mp3-player,medium
+  tags: cve,wordpress,wp-plugin,wpaudio-mp3-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0070-7dc366f5379f56890e8af348e04eb10f.yaml b/nuclei-templates/2023/CVE-2023-0070-7dc366f5379f56890e8af348e04eb10f.yaml
index 3eddd83b34..69da83f94d 100644
--- a/nuclei-templates/2023/CVE-2023-0070-7dc366f5379f56890e8af348e04eb10f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0070-7dc366f5379f56890e8af348e04eb10f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ResponsiveVoice Text To Speech <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ResponsiveVoice Text To Speech plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsivevoice-text-to-speech/"
     google-query: inurl:"/wp-content/plugins/responsivevoice-text-to-speech/"
     shodan-query: 'vuln:CVE-2023-0070'
-  tags: cve,wordpress,wp-plugin,responsivevoice-text-to-speech,medium
+  tags: cve,wordpress,wp-plugin,responsivevoice-text-to-speech,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0071-e352fc57a2782b7212eb2f2b84743eba.yaml b/nuclei-templates/2023/CVE-2023-0071-e352fc57a2782b7212eb2f2b84743eba.yaml
index 91e861ed7e..04fe035337 100644
--- a/nuclei-templates/2023/CVE-2023-0071-e352fc57a2782b7212eb2f2b84743eba.yaml
+++ b/nuclei-templates/2023/CVE-2023-0071-e352fc57a2782b7212eb2f2b84743eba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Tabs <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-expand-tabs-free/"
     google-query: inurl:"/wp-content/plugins/wp-expand-tabs-free/"
     shodan-query: 'vuln:CVE-2023-0071'
-  tags: cve,wordpress,wp-plugin,wp-expand-tabs-free,medium
+  tags: cve,wordpress,wp-plugin,wp-expand-tabs-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0072-e8bc31ae76ca92a9ee7834937815ba80.yaml b/nuclei-templates/2023/CVE-2023-0072-e8bc31ae76ca92a9ee7834937815ba80.yaml
index ac1146b06c..1d5ea32e09 100644
--- a/nuclei-templates/2023/CVE-2023-0072-e8bc31ae76ca92a9ee7834937815ba80.yaml
+++ b/nuclei-templates/2023/CVE-2023-0072-e8bc31ae76ca92a9ee7834937815ba80.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WC Vendors Marketplace <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Sites Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WC Vendors Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-vendors/"
     google-query: inurl:"/wp-content/plugins/wc-vendors/"
     shodan-query: 'vuln:CVE-2023-0072'
-  tags: cve,wordpress,wp-plugin,wc-vendors,medium
+  tags: cve,wordpress,wp-plugin,wc-vendors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0073-119ed13ee8d9c38858fd75fb1eb0a4cd.yaml b/nuclei-templates/2023/CVE-2023-0073-119ed13ee8d9c38858fd75fb1eb0a4cd.yaml
index 497e0a17f2..7b286474b6 100644
--- a/nuclei-templates/2023/CVE-2023-0073-119ed13ee8d9c38858fd75fb1eb0a4cd.yaml
+++ b/nuclei-templates/2023/CVE-2023-0073-119ed13ee8d9c38858fd75fb1eb0a4cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Client Logo Carousel <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Client Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-client-logo-carousel/"
     google-query: inurl:"/wp-content/plugins/wp-client-logo-carousel/"
     shodan-query: 'vuln:CVE-2023-0073'
-  tags: cve,wordpress,wp-plugin,wp-client-logo-carousel,medium
+  tags: cve,wordpress,wp-plugin,wp-client-logo-carousel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0074-78c7195ce152d6d5bdeab7f38e20a1db.yaml b/nuclei-templates/2023/CVE-2023-0074-78c7195ce152d6d5bdeab7f38e20a1db.yaml
index 4b502ef55d..9128cdc1e5 100644
--- a/nuclei-templates/2023/CVE-2023-0074-78c7195ce152d6d5bdeab7f38e20a1db.yaml
+++ b/nuclei-templates/2023/CVE-2023-0074-78c7195ce152d6d5bdeab7f38e20a1db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-social-widget/"
     google-query: inurl:"/wp-content/plugins/wp-social-widget/"
     shodan-query: 'vuln:CVE-2023-0074'
-  tags: cve,wordpress,wp-plugin,wp-social-widget,medium
+  tags: cve,wordpress,wp-plugin,wp-social-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0075-b196a1a5480d68e35f21f441524da412.yaml b/nuclei-templates/2023/CVE-2023-0075-b196a1a5480d68e35f21f441524da412.yaml
index b0ab5b654c..960f5eadc9 100644
--- a/nuclei-templates/2023/CVE-2023-0075-b196a1a5480d68e35f21f441524da412.yaml
+++ b/nuclei-templates/2023/CVE-2023-0075-b196a1a5480d68e35f21f441524da412.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Amazon JS <= 0.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Amazon JS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amazonjs/"
     google-query: inurl:"/wp-content/plugins/amazonjs/"
     shodan-query: 'vuln:CVE-2023-0075'
-  tags: cve,wordpress,wp-plugin,amazonjs,medium
+  tags: cve,wordpress,wp-plugin,amazonjs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0076-6f48b6d420d1eeb4f46e78496cf4eb1b.yaml b/nuclei-templates/2023/CVE-2023-0076-6f48b6d420d1eeb4f46e78496cf4eb1b.yaml
index d67c3b72dc..582445df0a 100644
--- a/nuclei-templates/2023/CVE-2023-0076-6f48b6d420d1eeb4f46e78496cf4eb1b.yaml
+++ b/nuclei-templates/2023/CVE-2023-0076-6f48b6d420d1eeb4f46e78496cf4eb1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Attachments <= 1.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-attachments/"
     google-query: inurl:"/wp-content/plugins/download-attachments/"
     shodan-query: 'vuln:CVE-2023-0076'
-  tags: cve,wordpress,wp-plugin,download-attachments,medium
+  tags: cve,wordpress,wp-plugin,download-attachments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0078-3cd33ca20c9c9eda3e3eb14910cde0f4.yaml b/nuclei-templates/2023/CVE-2023-0078-3cd33ca20c9c9eda3e3eb14910cde0f4.yaml
index 11db5ca8ee..6a2e9505a8 100644
--- a/nuclei-templates/2023/CVE-2023-0078-3cd33ca20c9c9eda3e3eb14910cde0f4.yaml
+++ b/nuclei-templates/2023/CVE-2023-0078-3cd33ca20c9c9eda3e3eb14910cde0f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Resume Builder <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Resume Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/resume-builder/"
     google-query: inurl:"/wp-content/plugins/resume-builder/"
     shodan-query: 'vuln:CVE-2023-0078'
-  tags: cve,wordpress,wp-plugin,resume-builder,medium
+  tags: cve,wordpress,wp-plugin,resume-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0079-33080b0d5149a7811a842330fcd02a9a.yaml b/nuclei-templates/2023/CVE-2023-0079-33080b0d5149a7811a842330fcd02a9a.yaml
index 16dcc5e37e..bb188b6511 100644
--- a/nuclei-templates/2023/CVE-2023-0079-33080b0d5149a7811a842330fcd02a9a.yaml
+++ b/nuclei-templates/2023/CVE-2023-0079-33080b0d5149a7811a842330fcd02a9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Reviews for WooCommerce <= 5.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via either a ‘color_ex_brdr’ or 'color_ex_bcrd' shortcode attributes in versions up to, and including, 5.16.0 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-reviews-woocommerce/"
     google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/"
     shodan-query: 'vuln:CVE-2023-0079'
-  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0080-03f52e4edfa7408cb52c9d72fc195004.yaml b/nuclei-templates/2023/CVE-2023-0080-03f52e4edfa7408cb52c9d72fc195004.yaml
index 668b7214ec..ef51d417ad 100644
--- a/nuclei-templates/2023/CVE-2023-0080-03f52e4edfa7408cb52c9d72fc195004.yaml
+++ b/nuclei-templates/2023/CVE-2023-0080-03f52e4edfa7408cb52c9d72fc195004.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.15.0 via a shortcode attribute. This allows subscriber-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-reviews-woocommerce/"
     google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/"
     shodan-query: 'vuln:CVE-2023-0080'
-  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,high
+  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0081-5d2c8f0682b9df406ab0b4c99151d03e.yaml b/nuclei-templates/2023/CVE-2023-0081-5d2c8f0682b9df406ab0b4c99151d03e.yaml
index 9f599d67be..0c3edac731 100644
--- a/nuclei-templates/2023/CVE-2023-0081-5d2c8f0682b9df406ab0b4c99151d03e.yaml
+++ b/nuclei-templates/2023/CVE-2023-0081-5d2c8f0682b9df406ab0b4c99151d03e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MonsterInsights <= 8.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MonsterInsights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unspecified block options (used in pages and posts) in versions up to, and including, 8.12.0 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-0081'
-  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0082-0afedca0afb43a5850c9c8a9aae6b215.yaml b/nuclei-templates/2023/CVE-2023-0082-0afedca0afb43a5850c9c8a9aae6b215.yaml
index 38a88764ce..308ffa4b0e 100644
--- a/nuclei-templates/2023/CVE-2023-0082-0afedca0afb43a5850c9c8a9aae6b215.yaml
+++ b/nuclei-templates/2023/CVE-2023-0082-0afedca0afb43a5850c9c8a9aae6b215.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ExactMetrics <= 7.12.0 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ExactMetrics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unspecified block options in posts/pages within versions up to, and including, 7.12.0 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-dashboard-for-wp/"
     google-query: inurl:"/wp-content/plugins/google-analytics-dashboard-for-wp/"
     shodan-query: 'vuln:CVE-2023-0082'
-  tags: cve,wordpress,wp-plugin,google-analytics-dashboard-for-wp,medium
+  tags: cve,wordpress,wp-plugin,google-analytics-dashboard-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0087-ee107d9cd894fe54bb677ea3e5052c7f.yaml b/nuclei-templates/2023/CVE-2023-0087-ee107d9cd894fe54bb677ea3e5052c7f.yaml
index 4e4d773fc0..be854ebada 100644
--- a/nuclei-templates/2023/CVE-2023-0087-ee107d9cd894fe54bb677ea3e5052c7f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0087-ee107d9cd894fe54bb677ea3e5052c7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Swifty Page Manager <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spm_plugin_options_page_tree_max_width’ parameter in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/swifty-page-manager/"
     google-query: inurl:"/wp-content/plugins/swifty-page-manager/"
     shodan-query: 'vuln:CVE-2023-0087'
-  tags: cve,wordpress,wp-plugin,swifty-page-manager,medium
+  tags: cve,wordpress,wp-plugin,swifty-page-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0088-94a65bcd2f84366f6216e3f9b19f7582.yaml b/nuclei-templates/2023/CVE-2023-0088-94a65bcd2f84366f6216e3f9b19f7582.yaml
index 42d0b78b8f..b1dfa4913b 100644
--- a/nuclei-templates/2023/CVE-2023-0088-94a65bcd2f84366f6216e3f9b19f7582.yaml
+++ b/nuclei-templates/2023/CVE-2023-0088-94a65bcd2f84366f6216e3f9b19f7582.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Swifty Page Manager <= 3.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page creation and deletion among other things. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/swifty-page-manager/"
     google-query: inurl:"/wp-content/plugins/swifty-page-manager/"
     shodan-query: 'vuln:CVE-2023-0088'
-  tags: cve,wordpress,wp-plugin,swifty-page-manager,high
+  tags: cve,wordpress,wp-plugin,swifty-page-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0094-21d62382cf0e1f6a821aaecd2963e3e4.yaml b/nuclei-templates/2023/CVE-2023-0094-21d62382cf0e1f6a821aaecd2963e3e4.yaml
index 9e5896efd6..931b390bda 100644
--- a/nuclei-templates/2023/CVE-2023-0094-21d62382cf0e1f6a821aaecd2963e3e4.yaml
+++ b/nuclei-templates/2023/CVE-2023-0094-21d62382cf0e1f6a821aaecd2963e3e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UpQode Google Maps <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The UpQode Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/upqode-google-maps/"
     google-query: inurl:"/wp-content/plugins/upqode-google-maps/"
     shodan-query: 'vuln:CVE-2023-0094'
-  tags: cve,wordpress,wp-plugin,upqode-google-maps,medium
+  tags: cve,wordpress,wp-plugin,upqode-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0095-13ec2bdc85df7c3571b35167e7c009d7.yaml b/nuclei-templates/2023/CVE-2023-0095-13ec2bdc85df7c3571b35167e7c009d7.yaml
index df2e726807..725c0fb622 100644
--- a/nuclei-templates/2023/CVE-2023-0095-13ec2bdc85df7c3571b35167e7c009d7.yaml
+++ b/nuclei-templates/2023/CVE-2023-0095-13ec2bdc85df7c3571b35167e7c009d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page View Count <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page View Count plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-views-count/"
     google-query: inurl:"/wp-content/plugins/page-views-count/"
     shodan-query: 'vuln:CVE-2023-0095'
-  tags: cve,wordpress,wp-plugin,page-views-count,medium
+  tags: cve,wordpress,wp-plugin,page-views-count,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0096-74ccbff13cedef341c14f509a30bb49c.yaml b/nuclei-templates/2023/CVE-2023-0096-74ccbff13cedef341c14f509a30bb49c.yaml
index 6e050e4f3c..d3c2a0e6ab 100644
--- a/nuclei-templates/2023/CVE-2023-0096-74ccbff13cedef341c14f509a30bb49c.yaml
+++ b/nuclei-templates/2023/CVE-2023-0096-74ccbff13cedef341c14f509a30bb49c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happyforms <= 1.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happyforms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ and 'anchor' block options in versions up to, and including, 1.21.1 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happyforms/"
     google-query: inurl:"/wp-content/plugins/happyforms/"
     shodan-query: 'vuln:CVE-2023-0096'
-  tags: cve,wordpress,wp-plugin,happyforms,medium
+  tags: cve,wordpress,wp-plugin,happyforms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0097-b852d5115d07ebbb3d6948d1d5619495.yaml b/nuclei-templates/2023/CVE-2023-0097-b852d5115d07ebbb3d6948d1d5619495.yaml
index d0a43aa294..041e2b4066 100644
--- a/nuclei-templates/2023/CVE-2023-0097-b852d5115d07ebbb3d6948d1d5619495.yaml
+++ b/nuclei-templates/2023/CVE-2023-0097-b852d5115d07ebbb3d6948d1d5619495.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid, Post Carousel, & List Category Posts <= 2.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Grid, Post Carousel, & List Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.4.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-carousel/"
     google-query: inurl:"/wp-content/plugins/post-carousel/"
     shodan-query: 'vuln:CVE-2023-0097'
-  tags: cve,wordpress,wp-plugin,post-carousel,medium
+  tags: cve,wordpress,wp-plugin,post-carousel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0098-f2a5202240be9077b802b53424bd6267.yaml b/nuclei-templates/2023/CVE-2023-0098-f2a5202240be9077b802b53424bd6267.yaml
index 177a87c935..f662e3481c 100644
--- a/nuclei-templates/2023/CVE-2023-0098-f2a5202240be9077b802b53424bd6267.yaml
+++ b/nuclei-templates/2023/CVE-2023-0098-f2a5202240be9077b802b53424bd6267.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple URLs <= 114 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Simple URLs plugin for WordPress is vulnerable to SQL Injection via several AJAX actions in versions up to, and including, 114 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level access or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-urls/"
     google-query: inurl:"/wp-content/plugins/simple-urls/"
     shodan-query: 'vuln:CVE-2023-0098'
-  tags: cve,wordpress,wp-plugin,simple-urls,high
+  tags: cve,wordpress,wp-plugin,simple-urls,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0143-fbdeefe8fdc61a2e9093fee1505ec5f9.yaml b/nuclei-templates/2023/CVE-2023-0143-fbdeefe8fdc61a2e9093fee1505ec5f9.yaml
index aa2d158b47..8e1fd672b1 100644
--- a/nuclei-templates/2023/CVE-2023-0143-fbdeefe8fdc61a2e9093fee1505ec5f9.yaml
+++ b/nuclei-templates/2023/CVE-2023-0143-fbdeefe8fdc61a2e9093fee1505ec5f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Send PDF for Contact Form 7 <= 0.9.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Send PDF for Contact Form 7 for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 0.9.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/send-pdf-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/send-pdf-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2023-0143'
-  tags: cve,wordpress,wp-plugin,send-pdf-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,send-pdf-for-contact-form-7,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0144-828638ea1963a58b890deaf22836b2cd.yaml b/nuclei-templates/2023/CVE-2023-0144-828638ea1963a58b890deaf22836b2cd.yaml
index 1395c880c2..62889c5f50 100644
--- a/nuclei-templates/2023/CVE-2023-0144-828638ea1963a58b890deaf22836b2cd.yaml
+++ b/nuclei-templates/2023/CVE-2023-0144-828638ea1963a58b890deaf22836b2cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Manager and Tickets Selling Plugin for WooCommerce <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Event Manager and Tickets Selling Plugin for WooCommerce is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mage-eventpress/"
     google-query: inurl:"/wp-content/plugins/mage-eventpress/"
     shodan-query: 'vuln:CVE-2023-0144'
-  tags: cve,wordpress,wp-plugin,mage-eventpress,medium
+  tags: cve,wordpress,wp-plugin,mage-eventpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0145-dbff9a993e10a4f80cd4718f67303541.yaml b/nuclei-templates/2023/CVE-2023-0145-dbff9a993e10a4f80cd4718f67303541.yaml
index 1ac116b9a7..d361d99f24 100644
--- a/nuclei-templates/2023/CVE-2023-0145-dbff9a993e10a4f80cd4718f67303541.yaml
+++ b/nuclei-templates/2023/CVE-2023-0145-dbff9a993e10a4f80cd4718f67303541.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Saan World Clock <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Saan World Clock plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/saan-world-clock/"
     google-query: inurl:"/wp-content/plugins/saan-world-clock/"
     shodan-query: 'vuln:CVE-2023-0145'
-  tags: cve,wordpress,wp-plugin,saan-world-clock,medium
+  tags: cve,wordpress,wp-plugin,saan-world-clock,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0146-f4ee020375ee3d79fbe799a7df61d461.yaml b/nuclei-templates/2023/CVE-2023-0146-f4ee020375ee3d79fbe799a7df61d461.yaml
index cd1522d710..e00adcf5ed 100644
--- a/nuclei-templates/2023/CVE-2023-0146-f4ee020375ee3d79fbe799a7df61d461.yaml
+++ b/nuclei-templates/2023/CVE-2023-0146-f4ee020375ee3d79fbe799a7df61d461.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Naver Map <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Naver Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/naver-map/"
     google-query: inurl:"/wp-content/plugins/naver-map/"
     shodan-query: 'vuln:CVE-2023-0146'
-  tags: cve,wordpress,wp-plugin,naver-map,medium
+  tags: cve,wordpress,wp-plugin,naver-map,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0147-5ba06f6e9e576d3b96edab291a35b673.yaml b/nuclei-templates/2023/CVE-2023-0147-5ba06f6e9e576d3b96edab291a35b673.yaml
index 46e20154ff..c8fcada786 100644
--- a/nuclei-templates/2023/CVE-2023-0147-5ba06f6e9e576d3b96edab291a35b673.yaml
+++ b/nuclei-templates/2023/CVE-2023-0147-5ba06f6e9e576d3b96edab291a35b673.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flexible Captcha <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Flexible Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flexible-captcha/"
     google-query: inurl:"/wp-content/plugins/flexible-captcha/"
     shodan-query: 'vuln:CVE-2023-0147'
-  tags: cve,wordpress,wp-plugin,flexible-captcha,medium
+  tags: cve,wordpress,wp-plugin,flexible-captcha,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0148-9266ca4886b0c646b2489433a5137061.yaml b/nuclei-templates/2023/CVE-2023-0148-9266ca4886b0c646b2489433a5137061.yaml
index 433ca2d050..1bc700353f 100644
--- a/nuclei-templates/2023/CVE-2023-0148-9266ca4886b0c646b2489433a5137061.yaml
+++ b/nuclei-templates/2023/CVE-2023-0148-9266ca4886b0c646b2489433a5137061.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Factory Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gallery Factory Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-factory-lite/"
     google-query: inurl:"/wp-content/plugins/gallery-factory-lite/"
     shodan-query: 'vuln:CVE-2023-0148'
-  tags: cve,wordpress,wp-plugin,gallery-factory-lite,medium
+  tags: cve,wordpress,wp-plugin,gallery-factory-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0149-a32e0707f724d294df7bedd19626586f.yaml b/nuclei-templates/2023/CVE-2023-0149-a32e0707f724d294df7bedd19626586f.yaml
index f9769d50b6..32bd69df9a 100644
--- a/nuclei-templates/2023/CVE-2023-0149-a32e0707f724d294df7bedd19626586f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0149-a32e0707f724d294df7bedd19626586f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPrezi <= 0.8.2 - Authenticated (Contributor+) Strored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPrezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 0.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordprezi/"
     google-query: inurl:"/wp-content/plugins/wordprezi/"
     shodan-query: 'vuln:CVE-2023-0149'
-  tags: cve,wordpress,wp-plugin,wordprezi,medium
+  tags: cve,wordpress,wp-plugin,wordprezi,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0150-8f88ca251b34c3f9441215db0d0eb986.yaml b/nuclei-templates/2023/CVE-2023-0150-8f88ca251b34c3f9441215db0d0eb986.yaml
index 6d68232b89..e282adb8df 100644
--- a/nuclei-templates/2023/CVE-2023-0150-8f88ca251b34c3f9441215db0d0eb986.yaml
+++ b/nuclei-templates/2023/CVE-2023-0150-8f88ca251b34c3f9441215db0d0eb986.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cloak Front End Email <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cloak Front End Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cloak-front-end-email/"
     google-query: inurl:"/wp-content/plugins/cloak-front-end-email/"
     shodan-query: 'vuln:CVE-2023-0150'
-  tags: cve,wordpress,wp-plugin,cloak-front-end-email,medium
+  tags: cve,wordpress,wp-plugin,cloak-front-end-email,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0151-17199c68a13d9adf35ea73d24856f5f8.yaml b/nuclei-templates/2023/CVE-2023-0151-17199c68a13d9adf35ea73d24856f5f8.yaml
index 58e10755fd..456e41fff1 100644
--- a/nuclei-templates/2023/CVE-2023-0151-17199c68a13d9adf35ea73d24856f5f8.yaml
+++ b/nuclei-templates/2023/CVE-2023-0151-17199c68a13d9adf35ea73d24856f5f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     uTubeVideo Gallery <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The uTubeVideo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/utubevideo-gallery/"
     google-query: inurl:"/wp-content/plugins/utubevideo-gallery/"
     shodan-query: 'vuln:CVE-2023-0151'
-  tags: cve,wordpress,wp-plugin,utubevideo-gallery,medium
+  tags: cve,wordpress,wp-plugin,utubevideo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0152-f8b65cf3e0a27eff31bc4c61ee628d1e.yaml b/nuclei-templates/2023/CVE-2023-0152-f8b65cf3e0a27eff31bc4c61ee628d1e.yaml
index 4c1bf6e4d0..e522e3b05e 100644
--- a/nuclei-templates/2023/CVE-2023-0152-f8b65cf3e0a27eff31bc4c61ee628d1e.yaml
+++ b/nuclei-templates/2023/CVE-2023-0152-f8b65cf3e0a27eff31bc4c61ee628d1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Multi Store Locator <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-multi-store-locator/"
     google-query: inurl:"/wp-content/plugins/wp-multi-store-locator/"
     shodan-query: 'vuln:CVE-2023-0152'
-  tags: cve,wordpress,wp-plugin,wp-multi-store-locator,medium
+  tags: cve,wordpress,wp-plugin,wp-multi-store-locator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0153-eaecffa52785ff552863c4cf8f09811c.yaml b/nuclei-templates/2023/CVE-2023-0153-eaecffa52785ff552863c4cf8f09811c.yaml
index 82c91a5473..3fd7262277 100644
--- a/nuclei-templates/2023/CVE-2023-0153-eaecffa52785ff552863c4cf8f09811c.yaml
+++ b/nuclei-templates/2023/CVE-2023-0153-eaecffa52785ff552863c4cf8f09811c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vimeo Video Autoplay Automute <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Vimeo Video Autoplay Automute plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vimeo-video-autoplay-automute/"
     google-query: inurl:"/wp-content/plugins/vimeo-video-autoplay-automute/"
     shodan-query: 'vuln:CVE-2023-0153'
-  tags: cve,wordpress,wp-plugin,vimeo-video-autoplay-automute,medium
+  tags: cve,wordpress,wp-plugin,vimeo-video-autoplay-automute,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0154-164be8fbabac441285f1a369205bd8e3.yaml b/nuclei-templates/2023/CVE-2023-0154-164be8fbabac441285f1a369205bd8e3.yaml
index 2d6331a742..4ccf6ef663 100644
--- a/nuclei-templates/2023/CVE-2023-0154-164be8fbabac441285f1a369205bd8e3.yaml
+++ b/nuclei-templates/2023/CVE-2023-0154-164be8fbabac441285f1a369205bd8e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GamiPress – Vimeo integration <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GamiPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gamipress-vimeo-integration/"
     google-query: inurl:"/wp-content/plugins/gamipress-vimeo-integration/"
     shodan-query: 'vuln:CVE-2023-0154'
-  tags: cve,wordpress,wp-plugin,gamipress-vimeo-integration,medium
+  tags: cve,wordpress,wp-plugin,gamipress-vimeo-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0156-7195efc84ea5b8977b30b3313bab7ab8.yaml b/nuclei-templates/2023/CVE-2023-0156-7195efc84ea5b8977b30b3313bab7ab8.yaml
index 3407858b8d..4a2c017106 100644
--- a/nuclei-templates/2023/CVE-2023-0156-7195efc84ea5b8977b30b3313bab7ab8.yaml
+++ b/nuclei-templates/2023/CVE-2023-0156-7195efc84ea5b8977b30b3313bab7ab8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-In-One Security (AIOS) <= 5.1.4 - Authenticated(Admin+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All-In-One Security (AIOS) plugin for WordPress is vulnerable to directory traversal in versions up to, and including, 5.1.4. This allows authenticated attackers with administrator-level permissions to read the contents of arbitrary files on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/"
     shodan-query: 'vuln:CVE-2023-0156'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0157-c43c8e4dbb43df481e0c6cf7578539a9.yaml b/nuclei-templates/2023/CVE-2023-0157-c43c8e4dbb43df481e0c6cf7578539a9.yaml
index 041dd607ac..4a810fabbe 100644
--- a/nuclei-templates/2023/CVE-2023-0157-c43c8e4dbb43df481e0c6cf7578539a9.yaml
+++ b/nuclei-templates/2023/CVE-2023-0157-c43c8e4dbb43df481e0c6cf7578539a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-In-One Security (AIOS) <= 5.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  All-In-One Security (AIOS) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via log files in versions up to, and including, 5.1.4  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/"
     shodan-query: 'vuln:CVE-2023-0157'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0162-a426d8604178ea06fd441814d816d538.yaml b/nuclei-templates/2023/CVE-2023-0162-a426d8604178ea06fd441814d816d538.yaml
index bb2ec046af..e02b00b04e 100644
--- a/nuclei-templates/2023/CVE-2023-0162-a426d8604178ea06fd441814d816d538.yaml
+++ b/nuclei-templates/2023/CVE-2023-0162-a426d8604178ea06fd441814d816d538.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CPO Companion <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cpo-companion/"
     google-query: inurl:"/wp-content/plugins/cpo-companion/"
     shodan-query: 'vuln:CVE-2023-0162'
-  tags: cve,wordpress,wp-plugin,cpo-companion,medium
+  tags: cve,wordpress,wp-plugin,cpo-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0165-e82bd49c08eee13d3a8a750e759d2e98.yaml b/nuclei-templates/2023/CVE-2023-0165-e82bd49c08eee13d3a8a750e759d2e98.yaml
index ecc2a81c83..0fa0986b65 100644
--- a/nuclei-templates/2023/CVE-2023-0165-e82bd49c08eee13d3a8a750e759d2e98.yaml
+++ b/nuclei-templates/2023/CVE-2023-0165-e82bd49c08eee13d3a8a750e759d2e98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's nd_cost_calculator 
     shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
@@ -18,7 +18,7 @@ info:
     fofa-query: "wp-content/plugins/nd-projects/"
     google-query: inurl:"/wp-content/plugins/nd-projects/"
     shodan-query: 'vuln:CVE-2023-0165'
-  tags: cve,wordpress,wp-plugin,nd-projects,medium
+  tags: cve,wordpress,wp-plugin,nd-projects,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0166-b143f95f119acbc330075f594bca9125.yaml b/nuclei-templates/2023/CVE-2023-0166-b143f95f119acbc330075f594bca9125.yaml
index d7f1ad304e..7e3711784f 100644
--- a/nuclei-templates/2023/CVE-2023-0166-b143f95f119acbc330075f594bca9125.yaml
+++ b/nuclei-templates/2023/CVE-2023-0166-b143f95f119acbc330075f594bca9125.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PickPlugins Product Slider for WooCommerce <= 1.13.41 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PickPlugins Product Slider for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.13.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-products-slider/"
     google-query: inurl:"/wp-content/plugins/woocommerce-products-slider/"
     shodan-query: 'vuln:CVE-2023-0166'
-  tags: cve,wordpress,wp-plugin,woocommerce-products-slider,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-products-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0167-318af4e7ad8fddddeacf6d8489b19638.yaml b/nuclei-templates/2023/CVE-2023-0167-318af4e7ad8fddddeacf6d8489b19638.yaml
index 47e097e415..e38a43a4c0 100644
--- a/nuclei-templates/2023/CVE-2023-0167-318af4e7ad8fddddeacf6d8489b19638.yaml
+++ b/nuclei-templates/2023/CVE-2023-0167-318af4e7ad8fddddeacf6d8489b19638.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GetResponse for WordPress <= 5.5.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GetResponse for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 5.5.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/getresponse-integration/"
     google-query: inurl:"/wp-content/plugins/getresponse-integration/"
     shodan-query: 'vuln:CVE-2023-0167'
-  tags: cve,wordpress,wp-plugin,getresponse-integration,medium
+  tags: cve,wordpress,wp-plugin,getresponse-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0168-d767c0b5d303daf65b04ebec294c7e3f.yaml b/nuclei-templates/2023/CVE-2023-0168-d767c0b5d303daf65b04ebec294c7e3f.yaml
index 375c37c51c..5117f92add 100644
--- a/nuclei-templates/2023/CVE-2023-0168-d767c0b5d303daf65b04ebec294c7e3f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0168-d767c0b5d303daf65b04ebec294c7e3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Olevmedia Shortcodes for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [button] shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/olevmedia-shortcodes/"
     google-query: inurl:"/wp-content/plugins/olevmedia-shortcodes/"
     shodan-query: 'vuln:CVE-2023-0168'
-  tags: cve,wordpress,wp-plugin,olevmedia-shortcodes,high
+  tags: cve,wordpress,wp-plugin,olevmedia-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0169-fe0f3dd2df39b34940cdb1e352238936.yaml b/nuclei-templates/2023/CVE-2023-0169-fe0f3dd2df39b34940cdb1e352238936.yaml
index df5680f216..3b61153ccf 100644
--- a/nuclei-templates/2023/CVE-2023-0169-fe0f3dd2df39b34940cdb1e352238936.yaml
+++ b/nuclei-templates/2023/CVE-2023-0169-fe0f3dd2df39b34940cdb1e352238936.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zoho Forms <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Zoho Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zoho-forms/"
     google-query: inurl:"/wp-content/plugins/zoho-forms/"
     shodan-query: 'vuln:CVE-2023-0169'
-  tags: cve,wordpress,wp-plugin,zoho-forms,medium
+  tags: cve,wordpress,wp-plugin,zoho-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0170-1ab07ec0caa3cd50e192c36d8dc28388.yaml b/nuclei-templates/2023/CVE-2023-0170-1ab07ec0caa3cd50e192c36d8dc28388.yaml
index 5353ce1c5c..f84f30ef07 100644
--- a/nuclei-templates/2023/CVE-2023-0170-1ab07ec0caa3cd50e192c36d8dc28388.yaml
+++ b/nuclei-templates/2023/CVE-2023-0170-1ab07ec0caa3cd50e192c36d8dc28388.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Html5 Audio Player <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Html5 Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-audio-player/"
     google-query: inurl:"/wp-content/plugins/html5-audio-player/"
     shodan-query: 'vuln:CVE-2023-0170'
-  tags: cve,wordpress,wp-plugin,html5-audio-player,medium
+  tags: cve,wordpress,wp-plugin,html5-audio-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0171-cf29ff4800b24e4ea96e524c408240d8.yaml b/nuclei-templates/2023/CVE-2023-0171-cf29ff4800b24e4ea96e524c408240d8.yaml
index 289fc484e5..47c21e4472 100644
--- a/nuclei-templates/2023/CVE-2023-0171-cf29ff4800b24e4ea96e524c408240d8.yaml
+++ b/nuclei-templates/2023/CVE-2023-0171-cf29ff4800b24e4ea96e524c408240d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     jQuery T(-) Countdown Widget <= 2.3.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jquery-t-countdown-widget/"
     google-query: inurl:"/wp-content/plugins/jquery-t-countdown-widget/"
     shodan-query: 'vuln:CVE-2023-0171'
-  tags: cve,wordpress,wp-plugin,jquery-t-countdown-widget,medium
+  tags: cve,wordpress,wp-plugin,jquery-t-countdown-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0172-1856c5e867bf1d120f63e6e0b7edcd33.yaml b/nuclei-templates/2023/CVE-2023-0172-1856c5e867bf1d120f63e6e0b7edcd33.yaml
index 38a0f2f8c0..3c343fa372 100644
--- a/nuclei-templates/2023/CVE-2023-0172-1856c5e867bf1d120f63e6e0b7edcd33.yaml
+++ b/nuclei-templates/2023/CVE-2023-0172-1856c5e867bf1d120f63e6e0b7edcd33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Juicer <= 1.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Juicer  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/juicer/"
     google-query: inurl:"/wp-content/plugins/juicer/"
     shodan-query: 'vuln:CVE-2023-0172'
-  tags: cve,wordpress,wp-plugin,juicer,medium
+  tags: cve,wordpress,wp-plugin,juicer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0173-c470f8f5625ce2e9f7a4e073bc31fb3b.yaml b/nuclei-templates/2023/CVE-2023-0173-c470f8f5625ce2e9f7a4e073bc31fb3b.yaml
index ec886a855a..be9c4de61a 100644
--- a/nuclei-templates/2023/CVE-2023-0173-c470f8f5625ce2e9f7a4e073bc31fb3b.yaml
+++ b/nuclei-templates/2023/CVE-2023-0173-c470f8f5625ce2e9f7a4e073bc31fb3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPFunnels <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpfunnels/"
     google-query: inurl:"/wp-content/plugins/wpfunnels/"
     shodan-query: 'vuln:CVE-2023-0173'
-  tags: cve,wordpress,wp-plugin,wpfunnels,medium
+  tags: cve,wordpress,wp-plugin,wpfunnels,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0174-05c834cda01a386b0744c30fe4c1b224.yaml b/nuclei-templates/2023/CVE-2023-0174-05c834cda01a386b0744c30fe4c1b224.yaml
index 9e19b194c0..744db83ce4 100644
--- a/nuclei-templates/2023/CVE-2023-0174-05c834cda01a386b0744c30fe4c1b224.yaml
+++ b/nuclei-templates/2023/CVE-2023-0174-05c834cda01a386b0744c30fe4c1b224.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP VR <= 8.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP VR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvr/"
     google-query: inurl:"/wp-content/plugins/wpvr/"
     shodan-query: 'vuln:CVE-2023-0174'
-  tags: cve,wordpress,wp-plugin,wpvr,high
+  tags: cve,wordpress,wp-plugin,wpvr,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0175-32a522f1c04399b883d41fab9d9aff30.yaml b/nuclei-templates/2023/CVE-2023-0175-32a522f1c04399b883d41fab9d9aff30.yaml
index e659037422..50ed567f32 100644
--- a/nuclei-templates/2023/CVE-2023-0175-32a522f1c04399b883d41fab9d9aff30.yaml
+++ b/nuclei-templates/2023/CVE-2023-0175-32a522f1c04399b883d41fab9d9aff30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Logo Showcase Lite <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart Logo Showcase Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-logo-showcase-lite/"
     google-query: inurl:"/wp-content/plugins/smart-logo-showcase-lite/"
     shodan-query: 'vuln:CVE-2023-0175'
-  tags: cve,wordpress,wp-plugin,smart-logo-showcase-lite,medium
+  tags: cve,wordpress,wp-plugin,smart-logo-showcase-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0176-0df72c1ea599347d49ac94e58a15317d.yaml b/nuclei-templates/2023/CVE-2023-0176-0df72c1ea599347d49ac94e58a15317d.yaml
index 6ab6f79f5a..f1c2a0bb15 100644
--- a/nuclei-templates/2023/CVE-2023-0176-0df72c1ea599347d49ac94e58a15317d.yaml
+++ b/nuclei-templates/2023/CVE-2023-0176-0df72c1ea599347d49ac94e58a15317d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Giveaways and Contests by RafflePress <= 1.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, [up to affected version] due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rafflepress/"
     google-query: inurl:"/wp-content/plugins/rafflepress/"
     shodan-query: 'vuln:CVE-2023-0176'
-  tags: cve,wordpress,wp-plugin,rafflepress,high
+  tags: cve,wordpress,wp-plugin,rafflepress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0177-98df1be3acb90063bf3d77ddbcd92918.yaml b/nuclei-templates/2023/CVE-2023-0177-98df1be3acb90063bf3d77ddbcd92918.yaml
index 9c6dc602cf..e1703a9803 100644
--- a/nuclei-templates/2023/CVE-2023-0177-98df1be3acb90063bf3d77ddbcd92918.yaml
+++ b/nuclei-templates/2023/CVE-2023-0177-98df1be3acb90063bf3d77ddbcd92918.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Like Box and Page by WpDevArt <= 0.8.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Like Box and Page by WpDevArt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 0.8.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/like-box/"
     google-query: inurl:"/wp-content/plugins/like-box/"
     shodan-query: 'vuln:CVE-2023-0177'
-  tags: cve,wordpress,wp-plugin,like-box,medium
+  tags: cve,wordpress,wp-plugin,like-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0178-633a7d922fc914b18ddc7d21035ab39d.yaml b/nuclei-templates/2023/CVE-2023-0178-633a7d922fc914b18ddc7d21035ab39d.yaml
index 64731d93de..790e4899a9 100644
--- a/nuclei-templates/2023/CVE-2023-0178-633a7d922fc914b18ddc7d21035ab39d.yaml
+++ b/nuclei-templates/2023/CVE-2023-0178-633a7d922fc914b18ddc7d21035ab39d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Annual Archive <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Annual Archive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anual-archive/"
     google-query: inurl:"/wp-content/plugins/anual-archive/"
     shodan-query: 'vuln:CVE-2023-0178'
-  tags: cve,wordpress,wp-plugin,anual-archive,medium
+  tags: cve,wordpress,wp-plugin,anual-archive,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0212-aedd5bdd6732fba44f64193c96bef864.yaml b/nuclei-templates/2023/CVE-2023-0212-aedd5bdd6732fba44f64193c96bef864.yaml
index 71bbb7eb06..6ffe59e8b4 100644
--- a/nuclei-templates/2023/CVE-2023-0212-aedd5bdd6732fba44f64193c96bef864.yaml
+++ b/nuclei-templates/2023/CVE-2023-0212-aedd5bdd6732fba44f64193c96bef864.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Recent Posts <= 0.6.14 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Recent Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lptw_recentposts shortcode in versions up to, and including, 0.6.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-recent-posts/"
     google-query: inurl:"/wp-content/plugins/advanced-recent-posts/"
     shodan-query: 'vuln:CVE-2023-0212'
-  tags: cve,wordpress,wp-plugin,advanced-recent-posts,medium
+  tags: cve,wordpress,wp-plugin,advanced-recent-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0220-38e29be67779459d45a16e8dcf062abc.yaml b/nuclei-templates/2023/CVE-2023-0220-38e29be67779459d45a16e8dcf062abc.yaml
index 3a0e85c7b6..bfa1038f41 100644
--- a/nuclei-templates/2023/CVE-2023-0220-38e29be67779459d45a16e8dcf062abc.yaml
+++ b/nuclei-templates/2023/CVE-2023-0220-38e29be67779459d45a16e8dcf062abc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pinpoint Booking System  <= 2.9.9.2.8 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Pinpoint Booking System plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 2.9.9.2.8 due to insufficient escaping on the user supplied attributes and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-system/"
     google-query: inurl:"/wp-content/plugins/booking-system/"
     shodan-query: 'vuln:CVE-2023-0220'
-  tags: cve,wordpress,wp-plugin,booking-system,high
+  tags: cve,wordpress,wp-plugin,booking-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0230-c77161a5bde1c663570a6c8d07d1524e.yaml b/nuclei-templates/2023/CVE-2023-0230-c77161a5bde1c663570a6c8d07d1524e.yaml
index 0bf2706c0c..c8742b1f28 100644
--- a/nuclei-templates/2023/CVE-2023-0230-c77161a5bde1c663570a6c8d07d1524e.yaml
+++ b/nuclei-templates/2023/CVE-2023-0230-c77161a5bde1c663570a6c8d07d1524e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK All in One Expansion Unit <= 9.85.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 9.85.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as class_name. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vk-all-in-one-expansion-unit/"
     google-query: inurl:"/wp-content/plugins/vk-all-in-one-expansion-unit/"
     shodan-query: 'vuln:CVE-2023-0230'
-  tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,medium
+  tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0231-2f369022c90ab11184f498c7e18175e1.yaml b/nuclei-templates/2023/CVE-2023-0231-2f369022c90ab11184f498c7e18175e1.yaml
index 255a14b0a7..44f256eda8 100644
--- a/nuclei-templates/2023/CVE-2023-0231-2f369022c90ab11184f498c7e18175e1.yaml
+++ b/nuclei-templates/2023/CVE-2023-0231-2f369022c90ab11184f498c7e18175e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooLentor <= 2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woolentor-addons/"
     google-query: inurl:"/wp-content/plugins/woolentor-addons/"
     shodan-query: 'vuln:CVE-2023-0231'
-  tags: cve,wordpress,wp-plugin,woolentor-addons,medium
+  tags: cve,wordpress,wp-plugin,woolentor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0233-0bd5595821e6e021ded7947ef04d5401.yaml b/nuclei-templates/2023/CVE-2023-0233-0bd5595821e6e021ded7947ef04d5401.yaml
index d23d7c87fe..0288c425a2 100644
--- a/nuclei-templates/2023/CVE-2023-0233-0bd5595821e6e021ded7947ef04d5401.yaml
+++ b/nuclei-templates/2023/CVE-2023-0233-0bd5595821e6e021ded7947ef04d5401.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ActiveCampaign – Forms, Site Tracking, Live Chat <= 8.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ActiveCampaign – Forms, Site Tracking, Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block options in versions up to, and including, 8.1.11 due to insufficient input sanitization and output escaping on user supplied options. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activecampaign-subscription-forms/"
     google-query: inurl:"/wp-content/plugins/activecampaign-subscription-forms/"
     shodan-query: 'vuln:CVE-2023-0233'
-  tags: cve,wordpress,wp-plugin,activecampaign-subscription-forms,medium
+  tags: cve,wordpress,wp-plugin,activecampaign-subscription-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0234-97e524444c79464d138f78b1bdccb0af.yaml b/nuclei-templates/2023/CVE-2023-0234-97e524444c79464d138f78b1bdccb0af.yaml
index 57aa7b012a..53d92ddafe 100644
--- a/nuclei-templates/2023/CVE-2023-0234-97e524444c79464d138f78b1bdccb0af.yaml
+++ b/nuclei-templates/2023/CVE-2023-0234-97e524444c79464d138f78b1bdccb0af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SiteGround Security <= 1.3.0 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SiteGround Security plugin for WordPress is vulnerable to blind SQL Injection via some if its filtering and paging parameters in versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sg-security/"
     google-query: inurl:"/wp-content/plugins/sg-security/"
     shodan-query: 'vuln:CVE-2023-0234'
-  tags: cve,wordpress,wp-plugin,sg-security,high
+  tags: cve,wordpress,wp-plugin,sg-security,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0252-ab86f3a4c1a5f2be4ec7926458a9f257.yaml b/nuclei-templates/2023/CVE-2023-0252-ab86f3a4c1a5f2be4ec7926458a9f257.yaml
index f7c862d14b..6900eb94e6 100644
--- a/nuclei-templates/2023/CVE-2023-0252-ab86f3a4c1a5f2be4ec7926458a9f257.yaml
+++ b/nuclei-templates/2023/CVE-2023-0252-ab86f3a4c1a5f2be4ec7926458a9f257.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contextual Related Posts <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contextual-related-posts/"
     google-query: inurl:"/wp-content/plugins/contextual-related-posts/"
     shodan-query: 'vuln:CVE-2023-0252'
-  tags: cve,wordpress,wp-plugin,contextual-related-posts,medium
+  tags: cve,wordpress,wp-plugin,contextual-related-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0253-2a7a5a205e77ded07268b829f167efa8.yaml b/nuclei-templates/2023/CVE-2023-0253-2a7a5a205e77ded07268b829f167efa8.yaml
index 46e4105c8e..cac611d157 100644
--- a/nuclei-templates/2023/CVE-2023-0253-2a7a5a205e77ded07268b829f167efa8.yaml
+++ b/nuclei-templates/2023/CVE-2023-0253-2a7a5a205e77ded07268b829f167efa8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Media Library: Media Library Folder & File Manager <= 4.18.28 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/real-media-library-lite/"
     google-query: inurl:"/wp-content/plugins/real-media-library-lite/"
     shodan-query: 'vuln:CVE-2023-0253'
-  tags: cve,wordpress,wp-plugin,real-media-library-lite,medium
+  tags: cve,wordpress,wp-plugin,real-media-library-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0254-c2be66a7e8a99421d368476b2dea75ed.yaml b/nuclei-templates/2023/CVE-2023-0254-c2be66a7e8a99421d368476b2dea75ed.yaml
index b77a59b25f..089fb26a8e 100644
--- a/nuclei-templates/2023/CVE-2023-0254-c2be66a7e8a99421d368476b2dea75ed.yaml
+++ b/nuclei-templates/2023/CVE-2023-0254-c2be66a7e8a99421d368476b2dea75ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership-wp-user-import/"
     google-query: inurl:"/wp-content/plugins/simple-membership-wp-user-import/"
     shodan-query: 'vuln:CVE-2023-0254'
-  tags: cve,wordpress,wp-plugin,simple-membership-wp-user-import,high
+  tags: cve,wordpress,wp-plugin,simple-membership-wp-user-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0255-dead64d1305225210f2390b6b61b5201.yaml b/nuclei-templates/2023/CVE-2023-0255-dead64d1305225210f2390b6b61b5201.yaml
index 3ab6ac33fa..2b570dbe83 100644
--- a/nuclei-templates/2023/CVE-2023-0255-dead64d1305225210f2390b6b61b5201.yaml
+++ b/nuclei-templates/2023/CVE-2023-0255-dead64d1305225210f2390b6b61b5201.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enable Media Replace <= 4.0.1 - Authenticated (Author+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Enable Media Replace plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with author-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enable-media-replace/"
     google-query: inurl:"/wp-content/plugins/enable-media-replace/"
     shodan-query: 'vuln:CVE-2023-0255'
-  tags: cve,wordpress,wp-plugin,enable-media-replace,high
+  tags: cve,wordpress,wp-plugin,enable-media-replace,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0259-63e8aaca3bf1d75703f616e718360745.yaml b/nuclei-templates/2023/CVE-2023-0259-63e8aaca3bf1d75703f616e718360745.yaml
index f9236ce956..494e3ff93d 100644
--- a/nuclei-templates/2023/CVE-2023-0259-63e8aaca3bf1d75703f616e718360745.yaml
+++ b/nuclei-templates/2023/CVE-2023-0259-63e8aaca3bf1d75703f616e718360745.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Review Slider <= 11.7 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Google Review Slider plugin for WordPress is vulnerable to SQL Injection via the $tid parameter in versions up to, and including, 11.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-places-review-slider/"
     google-query: inurl:"/wp-content/plugins/wp-google-places-review-slider/"
     shodan-query: 'vuln:CVE-2023-0259'
-  tags: cve,wordpress,wp-plugin,wp-google-places-review-slider,high
+  tags: cve,wordpress,wp-plugin,wp-google-places-review-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0260-33420cd1d54a09491bc3d21e0f948bd1.yaml b/nuclei-templates/2023/CVE-2023-0260-33420cd1d54a09491bc3d21e0f948bd1.yaml
index c9cf47c563..93c6e7f70f 100644
--- a/nuclei-templates/2023/CVE-2023-0260-33420cd1d54a09491bc3d21e0f948bd1.yaml
+++ b/nuclei-templates/2023/CVE-2023-0260-33420cd1d54a09491bc3d21e0f948bd1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Review Slider <= 12.1 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Review Slider plugin for WordPress is vulnerable to SQL Injection via the $tid value in versions up to, and including, 12.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-facebook-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-facebook-reviews/"
     shodan-query: 'vuln:CVE-2023-0260'
-  tags: cve,wordpress,wp-plugin,wp-facebook-reviews,high
+  tags: cve,wordpress,wp-plugin,wp-facebook-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0261-5aea692cc96187a31807c0f2f26416eb.yaml b/nuclei-templates/2023/CVE-2023-0261-5aea692cc96187a31807c0f2f26416eb.yaml
index 3281203a36..139bf7d3c2 100644
--- a/nuclei-templates/2023/CVE-2023-0261-5aea692cc96187a31807c0f2f26416eb.yaml
+++ b/nuclei-templates/2023/CVE-2023-0261-5aea692cc96187a31807c0f2f26416eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP TripAdvisor Review Slider <= 10.7 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP TripAdvisor Review Slider plugin for WordPress is vulnerable to SQL Injection via the $tid value in versions up to, and including, 10.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-tripadvisor-review-slider/"
     google-query: inurl:"/wp-content/plugins/wp-tripadvisor-review-slider/"
     shodan-query: 'vuln:CVE-2023-0261'
-  tags: cve,wordpress,wp-plugin,wp-tripadvisor-review-slider,high
+  tags: cve,wordpress,wp-plugin,wp-tripadvisor-review-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0262-5f97cab1c787955760a43df34e0be9d5.yaml b/nuclei-templates/2023/CVE-2023-0262-5f97cab1c787955760a43df34e0be9d5.yaml
index bfcf08b2cd..90093d745f 100644
--- a/nuclei-templates/2023/CVE-2023-0262-5f97cab1c787955760a43df34e0be9d5.yaml
+++ b/nuclei-templates/2023/CVE-2023-0262-5f97cab1c787955760a43df34e0be9d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Airbnb Review Slider <= 3.2 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Airbnb Review Slider plugin for WordPress is vulnerable to SQL Injection via the $tid value in versions up to, and including, 3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-airbnb-review-slider/"
     google-query: inurl:"/wp-content/plugins/wp-airbnb-review-slider/"
     shodan-query: 'vuln:CVE-2023-0262'
-  tags: cve,wordpress,wp-plugin,wp-airbnb-review-slider,high
+  tags: cve,wordpress,wp-plugin,wp-airbnb-review-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0263-aea7c598ba9d4fa4ffd8fc15ef6dd40c.yaml b/nuclei-templates/2023/CVE-2023-0263-aea7c598ba9d4fa4ffd8fc15ef6dd40c.yaml
index 416b1315c4..22643a28f9 100644
--- a/nuclei-templates/2023/CVE-2023-0263-aea7c598ba9d4fa4ffd8fc15ef6dd40c.yaml
+++ b/nuclei-templates/2023/CVE-2023-0263-aea7c598ba9d4fa4ffd8fc15ef6dd40c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Yelp Review Slider <= 7.0 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Yelp Review Slider plugin for WordPress is vulnerable to SQL Injection via the $tid value in versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-yelp-review-slider/"
     google-query: inurl:"/wp-content/plugins/wp-yelp-review-slider/"
     shodan-query: 'vuln:CVE-2023-0263'
-  tags: cve,wordpress,wp-plugin,wp-yelp-review-slider,high
+  tags: cve,wordpress,wp-plugin,wp-yelp-review-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0267-5829eead4c96879234a4f24b2d7f9ad4.yaml b/nuclei-templates/2023/CVE-2023-0267-5829eead4c96879234a4f24b2d7f9ad4.yaml
index fcbe174a6b..699cec1173 100644
--- a/nuclei-templates/2023/CVE-2023-0267-5829eead4c96879234a4f24b2d7f9ad4.yaml
+++ b/nuclei-templates/2023/CVE-2023-0267-5829eead4c96879234a4f24b2d7f9ad4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Carousel For WPBakery Page Builder <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Carousel For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-carousel-for-visual-composer/"
     google-query: inurl:"/wp-content/plugins/ultimate-carousel-for-visual-composer/"
     shodan-query: 'vuln:CVE-2023-0267'
-  tags: cve,wordpress,wp-plugin,ultimate-carousel-for-visual-composer,medium
+  tags: cve,wordpress,wp-plugin,ultimate-carousel-for-visual-composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0268-e462c11578c3d7efd1d373387e69d961.yaml b/nuclei-templates/2023/CVE-2023-0268-e462c11578c3d7efd1d373387e69d961.yaml
index 32dfd6b099..d348bd7c87 100644
--- a/nuclei-templates/2023/CVE-2023-0268-e462c11578c3d7efd1d373387e69d961.yaml
+++ b/nuclei-templates/2023/CVE-2023-0268-e462c11578c3d7efd1d373387e69d961.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mega Addons For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mega-addons-for-visual-composer/"
     google-query: inurl:"/wp-content/plugins/mega-addons-for-visual-composer/"
     shodan-query: 'vuln:CVE-2023-0268'
-  tags: cve,wordpress,wp-plugin,mega-addons-for-visual-composer,medium
+  tags: cve,wordpress,wp-plugin,mega-addons-for-visual-composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0270-f801c1aeb4734b7133d474f559fadcb5.yaml b/nuclei-templates/2023/CVE-2023-0270-f801c1aeb4734b7133d474f559fadcb5.yaml
index 12a77c0c83..e85ee23541 100644
--- a/nuclei-templates/2023/CVE-2023-0270-f801c1aeb4734b7133d474f559fadcb5.yaml
+++ b/nuclei-templates/2023/CVE-2023-0270-f801c1aeb4734b7133d474f559fadcb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YaMaps <= 0.6.25 - Authenticaterd (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YaMaps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, [up to affected version] due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yamaps/"
     google-query: inurl:"/wp-content/plugins/yamaps/"
     shodan-query: 'vuln:CVE-2023-0270'
-  tags: cve,wordpress,wp-plugin,yamaps,medium
+  tags: cve,wordpress,wp-plugin,yamaps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0271-7e2bbcff98524a357bbf2e605454a087.yaml b/nuclei-templates/2023/CVE-2023-0271-7e2bbcff98524a357bbf2e605454a087.yaml
index 45fa6c8300..beebdc2fe4 100644
--- a/nuclei-templates/2023/CVE-2023-0271-7e2bbcff98524a357bbf2e605454a087.yaml
+++ b/nuclei-templates/2023/CVE-2023-0271-7e2bbcff98524a357bbf2e605454a087.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Font Awesome <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-font-awesome/"
     google-query: inurl:"/wp-content/plugins/wp-font-awesome/"
     shodan-query: 'vuln:CVE-2023-0271'
-  tags: cve,wordpress,wp-plugin,wp-font-awesome,medium
+  tags: cve,wordpress,wp-plugin,wp-font-awesome,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0272-1873bca252baceb5719ad4cfda8c952f.yaml b/nuclei-templates/2023/CVE-2023-0272-1873bca252baceb5719ad4cfda8c952f.yaml
index 1fd3a325ff..b7c09c305e 100644
--- a/nuclei-templates/2023/CVE-2023-0272-1873bca252baceb5719ad4cfda8c952f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0272-1873bca252baceb5719ad4cfda8c952f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms - Ultimate Form Builder <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NEX-Forms - Ultimate Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2023-0272'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0272-2d88339f87e8f539294930b47234f049.yaml b/nuclei-templates/2023/CVE-2023-0272-2d88339f87e8f539294930b47234f049.yaml
index fcd235dd4e..a776758ffe 100644
--- a/nuclei-templates/2023/CVE-2023-0272-2d88339f87e8f539294930b47234f049.yaml
+++ b/nuclei-templates/2023/CVE-2023-0272-2d88339f87e8f539294930b47234f049.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms - Ultimate Form Builder <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NEX-Forms - Ultimate Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2023-0272'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0273-fe4470deb32fffc7ae711831b5c4f60c.yaml b/nuclei-templates/2023/CVE-2023-0273-fe4470deb32fffc7ae711831b5c4f60c.yaml
index 82a81572a7..d642b037cb 100644
--- a/nuclei-templates/2023/CVE-2023-0273-fe4470deb32fffc7ae711831b5c4f60c.yaml
+++ b/nuclei-templates/2023/CVE-2023-0273-fe4470deb32fffc7ae711831b5c4f60c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-content-shortcode/"
     google-query: inurl:"/wp-content/plugins/custom-content-shortcode/"
     shodan-query: 'vuln:CVE-2023-0273'
-  tags: cve,wordpress,wp-plugin,custom-content-shortcode,medium
+  tags: cve,wordpress,wp-plugin,custom-content-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0274-89a1787cccb90fd10317497361aed1fe.yaml b/nuclei-templates/2023/CVE-2023-0274-89a1787cccb90fd10317497361aed1fe.yaml
index 3b7c49e2b5..6605bf1ef8 100644
--- a/nuclei-templates/2023/CVE-2023-0274-89a1787cccb90fd10317497361aed1fe.yaml
+++ b/nuclei-templates/2023/CVE-2023-0274-89a1787cccb90fd10317497361aed1fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     URL Params <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The URL Params plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level and above permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/url-params/"
     google-query: inurl:"/wp-content/plugins/url-params/"
     shodan-query: 'vuln:CVE-2023-0274'
-  tags: cve,wordpress,wp-plugin,url-params,medium
+  tags: cve,wordpress,wp-plugin,url-params,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0275-c10b1142778769e9493bfb35c88879e4.yaml b/nuclei-templates/2023/CVE-2023-0275-c10b1142778769e9493bfb35c88879e4.yaml
index 4f5c74e1df..2a2999d07c 100644
--- a/nuclei-templates/2023/CVE-2023-0275-c10b1142778769e9493bfb35c88879e4.yaml
+++ b/nuclei-templates/2023/CVE-2023-0275-c10b1142778769e9493bfb35c88879e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Accept Payments for PayPal <= 4.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Accept Payments for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/"
     google-query: inurl:"/wp-content/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/"
     shodan-query: 'vuln:CVE-2023-0275'
-  tags: cve,wordpress,wp-plugin,wordpress-easy-paypal-payment-or-donation-accept-plugin,medium
+  tags: cve,wordpress,wp-plugin,wordpress-easy-paypal-payment-or-donation-accept-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0276-d8d38e7154b358bc9b031a2ad78ce806.yaml b/nuclei-templates/2023/CVE-2023-0276-d8d38e7154b358bc9b031a2ad78ce806.yaml
index 537492863e..4e7088f353 100644
--- a/nuclei-templates/2023/CVE-2023-0276-d8d38e7154b358bc9b031a2ad78ce806.yaml
+++ b/nuclei-templates/2023/CVE-2023-0276-d8d38e7154b358bc9b031a2ad78ce806.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weaver Xtreme Theme Support <= 6.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '[youtube]' and '[vimeo]' shortcodes in versions up to, and including, 6.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weaverx-theme-support/"
     google-query: inurl:"/wp-content/plugins/weaverx-theme-support/"
     shodan-query: 'vuln:CVE-2023-0276'
-  tags: cve,wordpress,wp-plugin,weaverx-theme-support,medium
+  tags: cve,wordpress,wp-plugin,weaverx-theme-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0277-6351a80c46e754ccfc255c93464a7133.yaml b/nuclei-templates/2023/CVE-2023-0277-6351a80c46e754ccfc255c93464a7133.yaml
index d9240219f3..fbdb1b9cc0 100644
--- a/nuclei-templates/2023/CVE-2023-0277-6351a80c46e754ccfc255c93464a7133.yaml
+++ b/nuclei-templates/2023/CVE-2023-0277-6351a80c46e754ccfc255c93464a7133.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WC Fields Factory <= 4.1.5 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WC Fields Factory for WordPress is vulnerable to SQL Injection via the 'post' parameter in versions up to, and including, 4.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-fields-factory/"
     google-query: inurl:"/wp-content/plugins/wc-fields-factory/"
     shodan-query: 'vuln:CVE-2023-0277'
-  tags: cve,wordpress,wp-plugin,wc-fields-factory,high
+  tags: cve,wordpress,wp-plugin,wc-fields-factory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0278-db82d66ee6f616f5c7fafadef247b8d1.yaml b/nuclei-templates/2023/CVE-2023-0278-db82d66ee6f616f5c7fafadef247b8d1.yaml
index 9c2cf8f39e..aa25ef5e37 100644
--- a/nuclei-templates/2023/CVE-2023-0278-db82d66ee6f616f5c7fafadef247b8d1.yaml
+++ b/nuclei-templates/2023/CVE-2023-0278-db82d66ee6f616f5c7fafadef247b8d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GeoDirectory <= 2.2.23 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The GeoDirectory plugin for WordPress is vulnerable to SQL Injection via the 'selected', 'post_type' parameters in versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geodirectory/"
     google-query: inurl:"/wp-content/plugins/geodirectory/"
     shodan-query: 'vuln:CVE-2023-0278'
-  tags: cve,wordpress,wp-plugin,geodirectory,high
+  tags: cve,wordpress,wp-plugin,geodirectory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0279-1749acb4ff55d423ebb0f0a82a7c5808.yaml b/nuclei-templates/2023/CVE-2023-0279-1749acb4ff55d423ebb0f0a82a7c5808.yaml
index f3321c0a94..349c1c2742 100644
--- a/nuclei-templates/2023/CVE-2023-0279-1749acb4ff55d423ebb0f0a82a7c5808.yaml
+++ b/nuclei-templates/2023/CVE-2023-0279-1749acb4ff55d423ebb0f0a82a7c5808.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Assistant <= 3.05 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Media Library Assistant for WordPress is vulnerable to SQL Injection via the ‘post_types’ parameter in versions up to, and including, 3.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-assistant/"
     google-query: inurl:"/wp-content/plugins/media-library-assistant/"
     shodan-query: 'vuln:CVE-2023-0279'
-  tags: cve,wordpress,wp-plugin,media-library-assistant,high
+  tags: cve,wordpress,wp-plugin,media-library-assistant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0280-d246c52e9d4725c7b245a84d679cf9a0.yaml b/nuclei-templates/2023/CVE-2023-0280-d246c52e9d4725c7b245a84d679cf9a0.yaml
index 9665aa85c8..167ceeaa17 100644
--- a/nuclei-templates/2023/CVE-2023-0280-d246c52e9d4725c7b245a84d679cf9a0.yaml
+++ b/nuclei-templates/2023/CVE-2023-0280-d246c52e9d4725c7b245a84d679cf9a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Carousel For Elementor <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block options in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied options. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-carousel-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ultimate-carousel-for-elementor/"
     shodan-query: 'vuln:CVE-2023-0280'
-  tags: cve,wordpress,wp-plugin,ultimate-carousel-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ultimate-carousel-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0282-3989a9901d352d6a2f1182e6cf00355e.yaml b/nuclei-templates/2023/CVE-2023-0282-3989a9901d352d6a2f1182e6cf00355e.yaml
index 8ab3ca7ec4..3ed7059676 100644
--- a/nuclei-templates/2023/CVE-2023-0282-3989a9901d352d6a2f1182e6cf00355e.yaml
+++ b/nuclei-templates/2023/CVE-2023-0282-3989a9901d352d6a2f1182e6cf00355e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YourChannel <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'yrc_lang[Videos]'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘yrc_lang[Videos]’ parameter in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yourchannel/"
     google-query: inurl:"/wp-content/plugins/yourchannel/"
     shodan-query: 'vuln:CVE-2023-0282'
-  tags: cve,wordpress,wp-plugin,yourchannel,medium
+  tags: cve,wordpress,wp-plugin,yourchannel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0293-d708fed52a98da33c7b5f777938fb90a.yaml b/nuclei-templates/2023/CVE-2023-0293-d708fed52a98da33c7b5f777938fb90a.yaml
index b56c5d6be2..70a893b9ba 100644
--- a/nuclei-templates/2023/CVE-2023-0293-d708fed52a98da33c7b5f777938fb90a.yaml
+++ b/nuclei-templates/2023/CVE-2023-0293-d708fed52a98da33c7b5f777938fb90a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mediamatic – Media Library Folders <= 2.8.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image categories, which it uses to arrange them in folder views.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mediamatic/"
     google-query: inurl:"/wp-content/plugins/mediamatic/"
     shodan-query: 'vuln:CVE-2023-0293'
-  tags: cve,wordpress,wp-plugin,mediamatic,medium
+  tags: cve,wordpress,wp-plugin,mediamatic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0294-0b95cfad1999ef6bac1ef79ebeeb624d.yaml b/nuclei-templates/2023/CVE-2023-0294-0b95cfad1999ef6bac1ef79ebeeb624d.yaml
index da04ef848d..4ca625785c 100644
--- a/nuclei-templates/2023/CVE-2023-0294-0b95cfad1999ef6bac1ef79ebeeb624d.yaml
+++ b/nuclei-templates/2023/CVE-2023-0294-0b95cfad1999ef6bac1ef79ebeeb624d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mediamatic – Media Library Folders <= 2.8.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mediamatic/"
     google-query: inurl:"/wp-content/plugins/mediamatic/"
     shodan-query: 'vuln:CVE-2023-0294'
-  tags: cve,wordpress,wp-plugin,mediamatic,high
+  tags: cve,wordpress,wp-plugin,mediamatic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0295-1d6b909d9b4a86a23d05301fe792416a.yaml b/nuclei-templates/2023/CVE-2023-0295-1d6b909d9b4a86a23d05301fe792416a.yaml
index e9487f2f30..4f9ac37587 100644
--- a/nuclei-templates/2023/CVE-2023-0295-1d6b909d9b4a86a23d05301fe792416a.yaml
+++ b/nuclei-templates/2023/CVE-2023-0295-1d6b909d9b4a86a23d05301fe792416a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Launchpad – Coming Soon & Maintenance Mode Plugin <= 1.0.13 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/launchpad-by-obox/"
     google-query: inurl:"/wp-content/plugins/launchpad-by-obox/"
     shodan-query: 'vuln:CVE-2023-0295'
-  tags: cve,wordpress,wp-plugin,launchpad-by-obox,medium
+  tags: cve,wordpress,wp-plugin,launchpad-by-obox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0328-88444b55ba593f6267560d3998cc950b.yaml b/nuclei-templates/2023/CVE-2023-0328-88444b55ba593f6267560d3998cc950b.yaml
index 9db6c4d1c6..835ff72d69 100644
--- a/nuclei-templates/2023/CVE-2023-0328-88444b55ba593f6267560d3998cc950b.yaml
+++ b/nuclei-templates/2023/CVE-2023-0328-88444b55ba593f6267560d3998cc950b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPCode <= 2.0.6 - Missing Authorization to Sensitive Key Disclosure/Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPCode plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ajax_auth_url, store_auth_key, and delete_auth functions in versions up to, and including, 2.0.6. This makes it possible for authenticated attackers with access to edit_posts, such as contributors, to retrieve and update the auth key for the WPCode library.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insert-headers-and-footers/"
     google-query: inurl:"/wp-content/plugins/insert-headers-and-footers/"
     shodan-query: 'vuln:CVE-2023-0328'
-  tags: cve,wordpress,wp-plugin,insert-headers-and-footers,medium
+  tags: cve,wordpress,wp-plugin,insert-headers-and-footers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0329-7df4e23827630859e3a047cf49f19af4.yaml b/nuclei-templates/2023/CVE-2023-0329-7df4e23827630859e3a047cf49f19af4.yaml
index ce2f17549c..7eb8670163 100644
--- a/nuclei-templates/2023/CVE-2023-0329-7df4e23827630859e3a047cf49f19af4.yaml
+++ b/nuclei-templates/2023/CVE-2023-0329-7df4e23827630859e3a047cf49f19af4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor plugin for WordPress is vulnerable to blind SQL Injection via the 'replace_urls' functionality in versions up to, and including, 3.12.1 due to insufficient escaping on the user supplied 'old' and 'new' parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2023-0329'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0333-6880997a756b467547a9370c60ac6681.yaml b/nuclei-templates/2023/CVE-2023-0333-6880997a756b467547a9370c60ac6681.yaml
index 903bca0be8..2ffa7dbdde 100644
--- a/nuclei-templates/2023/CVE-2023-0333-6880997a756b467547a9370c60ac6681.yaml
+++ b/nuclei-templates/2023/CVE-2023-0333-6880997a756b467547a9370c60ac6681.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TemplatesNext ToolKit <= 3.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/templatesnext-toolkit/"
     google-query: inurl:"/wp-content/plugins/templatesnext-toolkit/"
     shodan-query: 'vuln:CVE-2023-0333'
-  tags: cve,wordpress,wp-plugin,templatesnext-toolkit,medium
+  tags: cve,wordpress,wp-plugin,templatesnext-toolkit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0335-4a71f65ecef18d04fe003f6a65b7d9e2.yaml b/nuclei-templates/2023/CVE-2023-0335-4a71f65ecef18d04fe003f6a65b7d9e2.yaml
index d6ce2492a3..60601c2a8c 100644
--- a/nuclei-templates/2023/CVE-2023-0335-4a71f65ecef18d04fe003f6a65b7d9e2.yaml
+++ b/nuclei-templates/2023/CVE-2023-0335-4a71f65ecef18d04fe003f6a65b7d9e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shamsi <= 4.3.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Shamsi plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'file_batch_delete_callback' and 'file_delete' functions in versions up to, and including, 4.3.3. This makes it possible for subscriber-level attackers to delete attachments.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-shamsi/"
     google-query: inurl:"/wp-content/plugins/wp-shamsi/"
     shodan-query: 'vuln:CVE-2023-0335'
-  tags: cve,wordpress,wp-plugin,wp-shamsi,medium
+  tags: cve,wordpress,wp-plugin,wp-shamsi,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0336-aef6ec9f420d3aef577ad115ead987ef.yaml b/nuclei-templates/2023/CVE-2023-0336-aef6ec9f420d3aef577ad115ead987ef.yaml
index 642fc5880a..eb89d186ea 100644
--- a/nuclei-templates/2023/CVE-2023-0336-aef6ec9f420d3aef577ad115ead987ef.yaml
+++ b/nuclei-templates/2023/CVE-2023-0336-aef6ec9f420d3aef577ad115ead987ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OoohBoi Steroids for Elementor <= 2.1.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'file_batch_delete_callback' function in versions up to, and including, 2.1.3. This makes it possible for subscriber-level attackers to delete attachments.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ooohboi-steroids-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ooohboi-steroids-for-elementor/"
     shodan-query: 'vuln:CVE-2023-0336'
-  tags: cve,wordpress,wp-plugin,ooohboi-steroids-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ooohboi-steroids-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0340-250d58918649c83e91a9349c1cb1cbf0.yaml b/nuclei-templates/2023/CVE-2023-0340-250d58918649c83e91a9349c1cb1cbf0.yaml
index 982d0ee546..f8b84b9c2e 100644
--- a/nuclei-templates/2023/CVE-2023-0340-250d58918649c83e91a9349c1cb1cbf0.yaml
+++ b/nuclei-templates/2023/CVE-2023-0340-250d58918649c83e91a9349c1cb1cbf0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Custom Content Shortcode plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.0.2 via a Shortcode attribute. This allows contributor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-content-shortcode/"
     google-query: inurl:"/wp-content/plugins/custom-content-shortcode/"
     shodan-query: 'vuln:CVE-2023-0340'
-  tags: cve,wordpress,wp-plugin,custom-content-shortcode,high
+  tags: cve,wordpress,wp-plugin,custom-content-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0360-6c261a297dbcd9991a82748059272596.yaml b/nuclei-templates/2023/CVE-2023-0360-6c261a297dbcd9991a82748059272596.yaml
index 1939aba7a8..b646fe073e 100644
--- a/nuclei-templates/2023/CVE-2023-0360-6c261a297dbcd9991a82748059272596.yaml
+++ b/nuclei-templates/2023/CVE-2023-0360-6c261a297dbcd9991a82748059272596.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Location Weather <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Location Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes (such as 'sp_location_weather_pro_shortcode') in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/location-weather/"
     google-query: inurl:"/wp-content/plugins/location-weather/"
     shodan-query: 'vuln:CVE-2023-0360'
-  tags: cve,wordpress,wp-plugin,location-weather,medium
+  tags: cve,wordpress,wp-plugin,location-weather,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0362-be668a1f67bf2032bc65bfbd87433e2e.yaml b/nuclei-templates/2023/CVE-2023-0362-be668a1f67bf2032bc65bfbd87433e2e.yaml
index 36270b9fb0..2b2ee1cca5 100644
--- a/nuclei-templates/2023/CVE-2023-0362-be668a1f67bf2032bc65bfbd87433e2e.yaml
+++ b/nuclei-templates/2023/CVE-2023-0362-be668a1f67bf2032bc65bfbd87433e2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-portfolio-post/"
     google-query: inurl:"/wp-content/plugins/themify-portfolio-post/"
     shodan-query: 'vuln:CVE-2023-0362'
-  tags: cve,wordpress,wp-plugin,themify-portfolio-post,medium
+  tags: cve,wordpress,wp-plugin,themify-portfolio-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0363-29145e5db5dd5627b3607ea1e36f49b2.yaml b/nuclei-templates/2023/CVE-2023-0363-29145e5db5dd5627b3607ea1e36f49b2.yaml
index 4fb9cd6db5..12a6c2ee00 100644
--- a/nuclei-templates/2023/CVE-2023-0363-29145e5db5dd5627b3607ea1e36f49b2.yaml
+++ b/nuclei-templates/2023/CVE-2023-0363-29145e5db5dd5627b3607ea1e36f49b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scheduled Announcements Widget <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Scheduled Announcements Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height_settings', 'link_settings', 'order_settings', 'saw_id', 'scroll_settings', 'show_titles', 'speed_settings', 'text_settings', 'trans_settings, and 'width_settings' shortcode attributes in versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scheduled-announcements-widget/"
     google-query: inurl:"/wp-content/plugins/scheduled-announcements-widget/"
     shodan-query: 'vuln:CVE-2023-0363'
-  tags: cve,wordpress,wp-plugin,scheduled-announcements-widget,medium
+  tags: cve,wordpress,wp-plugin,scheduled-announcements-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0364-ba00ab2a2755c54cd7d0683aa28f5913.yaml b/nuclei-templates/2023/CVE-2023-0364-ba00ab2a2755c54cd7d0683aa28f5913.yaml
index 4c72fee6f9..815764c928 100644
--- a/nuclei-templates/2023/CVE-2023-0364-ba00ab2a2755c54cd7d0683aa28f5913.yaml
+++ b/nuclei-templates/2023/CVE-2023-0364-ba00ab2a2755c54cd7d0683aa28f5913.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     real.Kit <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 5.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/real-kit/"
     google-query: inurl:"/wp-content/plugins/real-kit/"
     shodan-query: 'vuln:CVE-2023-0364'
-  tags: cve,wordpress,wp-plugin,real-kit,medium
+  tags: cve,wordpress,wp-plugin,real-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0365-ecc9ca2eedeba9a7eb9cef5703953450.yaml b/nuclei-templates/2023/CVE-2023-0365-ecc9ca2eedeba9a7eb9cef5703953450.yaml
index 8be56d7dc0..28bea07fd3 100644
--- a/nuclei-templates/2023/CVE-2023-0365-ecc9ca2eedeba9a7eb9cef5703953450.yaml
+++ b/nuclei-templates/2023/CVE-2023-0365-ecc9ca2eedeba9a7eb9cef5703953450.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     React Webcam <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The React Webcam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/react-webcam/"
     google-query: inurl:"/wp-content/plugins/react-webcam/"
     shodan-query: 'vuln:CVE-2023-0365'
-  tags: cve,wordpress,wp-plugin,react-webcam,medium
+  tags: cve,wordpress,wp-plugin,react-webcam,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0366-58b316530bd9635132dfd03a76f490ff.yaml b/nuclei-templates/2023/CVE-2023-0366-58b316530bd9635132dfd03a76f490ff.yaml
index 5f165d23fa..30f9d9a978 100644
--- a/nuclei-templates/2023/CVE-2023-0366-58b316530bd9635132dfd03a76f490ff.yaml
+++ b/nuclei-templates/2023/CVE-2023-0366-58b316530bd9635132dfd03a76f490ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Loan Comparison <= 1.5.2 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Loan Comparison plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes like 'amount', 'term', filters' in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/loan-comparison/"
     google-query: inurl:"/wp-content/plugins/loan-comparison/"
     shodan-query: 'vuln:CVE-2023-0366'
-  tags: cve,wordpress,wp-plugin,loan-comparison,medium
+  tags: cve,wordpress,wp-plugin,loan-comparison,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0367-fa96acbf0fe29f0b0c48fe458fac9bfe.yaml b/nuclei-templates/2023/CVE-2023-0367-fa96acbf0fe29f0b0c48fe458fac9bfe.yaml
index d0459bbc64..c5e58b6f02 100644
--- a/nuclei-templates/2023/CVE-2023-0367-fa96acbf0fe29f0b0c48fe458fac9bfe.yaml
+++ b/nuclei-templates/2023/CVE-2023-0367-fa96acbf0fe29f0b0c48fe458fac9bfe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pricing Tables For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pricing-tables-for-wpbakery-page-builder/"
     google-query: inurl:"/wp-content/plugins/pricing-tables-for-wpbakery-page-builder/"
     shodan-query: 'vuln:CVE-2023-0367'
-  tags: cve,wordpress,wp-plugin,pricing-tables-for-wpbakery-page-builder,medium
+  tags: cve,wordpress,wp-plugin,pricing-tables-for-wpbakery-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0368-daa26206b4813de7be1eac00b5b9eaa0.yaml b/nuclei-templates/2023/CVE-2023-0368-daa26206b4813de7be1eac00b5b9eaa0.yaml
index 1c3ac3ef40..490a9d04e1 100644
--- a/nuclei-templates/2023/CVE-2023-0368-daa26206b4813de7be1eac00b5b9eaa0.yaml
+++ b/nuclei-templates/2023/CVE-2023-0368-daa26206b4813de7be1eac00b5b9eaa0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Tabs For WPBakery Page Builder <= 1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Tabs For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-tabs-for-wpbakery/"
     google-query: inurl:"/wp-content/plugins/responsive-tabs-for-wpbakery/"
     shodan-query: 'vuln:CVE-2023-0368'
-  tags: cve,wordpress,wp-plugin,responsive-tabs-for-wpbakery,medium
+  tags: cve,wordpress,wp-plugin,responsive-tabs-for-wpbakery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0369-1dba374d8f67142177f857791fc4897a.yaml b/nuclei-templates/2023/CVE-2023-0369-1dba374d8f67142177f857791fc4897a.yaml
index 2f65c91538..70990e763f 100644
--- a/nuclei-templates/2023/CVE-2023-0369-1dba374d8f67142177f857791fc4897a.yaml
+++ b/nuclei-templates/2023/CVE-2023-0369-1dba374d8f67142177f857791fc4897a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GoToWP <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GoToWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gotowp/"
     google-query: inurl:"/wp-content/plugins/gotowp/"
     shodan-query: 'vuln:CVE-2023-0369'
-  tags: cve,wordpress,wp-plugin,gotowp,medium
+  tags: cve,wordpress,wp-plugin,gotowp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0370-ea35e08ef79a30cf67846c992e562b69.yaml b/nuclei-templates/2023/CVE-2023-0370-ea35e08ef79a30cf67846c992e562b69.yaml
index 855e0950ef..c33da46186 100644
--- a/nuclei-templates/2023/CVE-2023-0370-ea35e08ef79a30cf67846c992e562b69.yaml
+++ b/nuclei-templates/2023/CVE-2023-0370-ea35e08ef79a30cf67846c992e562b69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPB Advanced FAQ <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPB Advanced FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpb-advanced-faq/"
     google-query: inurl:"/wp-content/plugins/wpb-advanced-faq/"
     shodan-query: 'vuln:CVE-2023-0370'
-  tags: cve,wordpress,wp-plugin,wpb-advanced-faq,medium
+  tags: cve,wordpress,wp-plugin,wpb-advanced-faq,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0371-db16305504754334b65159ac40ded503.yaml b/nuclei-templates/2023/CVE-2023-0371-db16305504754334b65159ac40ded503.yaml
index 723804514a..3ea84eb0b8 100644
--- a/nuclei-templates/2023/CVE-2023-0371-db16305504754334b65159ac40ded503.yaml
+++ b/nuclei-templates/2023/CVE-2023-0371-db16305504754334b65159ac40ded503.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedSocial – Social Media Feeds, Reviews and Galleries = 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedSocial plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.1.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedalbum-pro/"
     google-query: inurl:"/wp-content/plugins/embedalbum-pro/"
     shodan-query: 'vuln:CVE-2023-0371'
-  tags: cve,wordpress,wp-plugin,embedalbum-pro,medium
+  tags: cve,wordpress,wp-plugin,embedalbum-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0372-a14026f64e5ecc9508ff272952e95205.yaml b/nuclei-templates/2023/CVE-2023-0372-a14026f64e5ecc9508ff272952e95205.yaml
index c4a43f11cd..cc6b5261f6 100644
--- a/nuclei-templates/2023/CVE-2023-0372-a14026f64e5ecc9508ff272952e95205.yaml
+++ b/nuclei-templates/2023/CVE-2023-0372-a14026f64e5ecc9508ff272952e95205.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedStories <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedStories  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedstories/"
     google-query: inurl:"/wp-content/plugins/embedstories/"
     shodan-query: 'vuln:CVE-2023-0372'
-  tags: cve,wordpress,wp-plugin,embedstories,medium
+  tags: cve,wordpress,wp-plugin,embedstories,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0373-e6a664a291db10911439b7200ec5f058.yaml b/nuclei-templates/2023/CVE-2023-0373-e6a664a291db10911439b7200ec5f058.yaml
index 65fbf6fe76..e3066d4297 100644
--- a/nuclei-templates/2023/CVE-2023-0373-e6a664a291db10911439b7200ec5f058.yaml
+++ b/nuclei-templates/2023/CVE-2023-0373-e6a664a291db10911439b7200ec5f058.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lightweight Accordion <= 1.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.5.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lightweight-accordion/"
     google-query: inurl:"/wp-content/plugins/lightweight-accordion/"
     shodan-query: 'vuln:CVE-2023-0373'
-  tags: cve,wordpress,wp-plugin,lightweight-accordion,medium
+  tags: cve,wordpress,wp-plugin,lightweight-accordion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0374-081112230905e11fac17a07fd3185d02.yaml b/nuclei-templates/2023/CVE-2023-0374-081112230905e11fac17a07fd3185d02.yaml
index 5274caede6..dc55fd8898 100644
--- a/nuclei-templates/2023/CVE-2023-0374-081112230905e11fac17a07fd3185d02.yaml
+++ b/nuclei-templates/2023/CVE-2023-0374-081112230905e11fac17a07fd3185d02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     W4 Post List <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The W4 Post List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block options in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w4-post-list/"
     google-query: inurl:"/wp-content/plugins/w4-post-list/"
     shodan-query: 'vuln:CVE-2023-0374'
-  tags: cve,wordpress,wp-plugin,w4-post-list,medium
+  tags: cve,wordpress,wp-plugin,w4-post-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0375-4e96720039ccc700f05ab77c703ff32b.yaml b/nuclei-templates/2023/CVE-2023-0375-4e96720039ccc700f05ab77c703ff32b.yaml
index df5759b667..9b40eec961 100644
--- a/nuclei-templates/2023/CVE-2023-0375-4e96720039ccc700f05ab77c703ff32b.yaml
+++ b/nuclei-templates/2023/CVE-2023-0375-4e96720039ccc700f05ab77c703ff32b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Affiliate Links <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block settings in versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied settings. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-affiliate-links/"
     google-query: inurl:"/wp-content/plugins/easy-affiliate-links/"
     shodan-query: 'vuln:CVE-2023-0375'
-  tags: cve,wordpress,wp-plugin,easy-affiliate-links,medium
+  tags: cve,wordpress,wp-plugin,easy-affiliate-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0376-6f075010900e43673686fc0d208260ff.yaml b/nuclei-templates/2023/CVE-2023-0376-6f075010900e43673686fc0d208260ff.yaml
index afa7ef1af6..9707dd309c 100644
--- a/nuclei-templates/2023/CVE-2023-0376-6f075010900e43673686fc0d208260ff.yaml
+++ b/nuclei-templates/2023/CVE-2023-0376-6f075010900e43673686fc0d208260ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quebely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qubely/"
     google-query: inurl:"/wp-content/plugins/qubely/"
     shodan-query: 'vuln:CVE-2023-0376'
-  tags: cve,wordpress,wp-plugin,qubely,medium
+  tags: cve,wordpress,wp-plugin,qubely,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0377-53a6ab0ca5df0931f86a3cb0e36625b5.yaml b/nuclei-templates/2023/CVE-2023-0377-53a6ab0ca5df0931f86a3cb0e36625b5.yaml
index d890456bdd..0a8381f4b8 100644
--- a/nuclei-templates/2023/CVE-2023-0377-53a6ab0ca5df0931f86a3cb0e36625b5.yaml
+++ b/nuclei-templates/2023/CVE-2023-0377-53a6ab0ca5df0931f86a3cb0e36625b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scriptless Social Sharing <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Scriptless Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's class block option in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on the user supplied option. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scriptless-social-sharing/"
     google-query: inurl:"/wp-content/plugins/scriptless-social-sharing/"
     shodan-query: 'vuln:CVE-2023-0377'
-  tags: cve,wordpress,wp-plugin,scriptless-social-sharing,medium
+  tags: cve,wordpress,wp-plugin,scriptless-social-sharing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0378-f9a2a8b78b336f59f7555c63172782ec.yaml b/nuclei-templates/2023/CVE-2023-0378-f9a2a8b78b336f59f7555c63172782ec.yaml
index e3992cc8fe..33e1eb3dc3 100644
--- a/nuclei-templates/2023/CVE-2023-0378-f9a2a8b78b336f59f7555c63172782ec.yaml
+++ b/nuclei-templates/2023/CVE-2023-0378-f9a2a8b78b336f59f7555c63172782ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Greenshift – animation and page builder blocks <= 4.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/greenshift-animation-and-page-builder-blocks/"
     google-query: inurl:"/wp-content/plugins/greenshift-animation-and-page-builder-blocks/"
     shodan-query: 'vuln:CVE-2023-0378'
-  tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,medium
+  tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0379-2d33cf6aadd9c85f7e657c07e30320a8.yaml b/nuclei-templates/2023/CVE-2023-0379-2d33cf6aadd9c85f7e657c07e30320a8.yaml
index 3d359af2cc..ce0d3f99b8 100644
--- a/nuclei-templates/2023/CVE-2023-0379-2d33cf6aadd9c85f7e657c07e30320a8.yaml
+++ b/nuclei-templates/2023/CVE-2023-0379-2d33cf6aadd9c85f7e657c07e30320a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spotlight Social Feeds <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Spotlight Social Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spotlight-social-photo-feeds/"
     google-query: inurl:"/wp-content/plugins/spotlight-social-photo-feeds/"
     shodan-query: 'vuln:CVE-2023-0379'
-  tags: cve,wordpress,wp-plugin,spotlight-social-photo-feeds,medium
+  tags: cve,wordpress,wp-plugin,spotlight-social-photo-feeds,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0380-50401a72166a704fa2626edd9085598a.yaml b/nuclei-templates/2023/CVE-2023-0380-50401a72166a704fa2626edd9085598a.yaml
index 0802cd6ef8..97cd9ffed4 100644
--- a/nuclei-templates/2023/CVE-2023-0380-50401a72166a704fa2626edd9085598a.yaml
+++ b/nuclei-templates/2023/CVE-2023-0380-50401a72166a704fa2626edd9085598a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads <= 3.1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Digital Downloads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-digital-downloads/"
     google-query: inurl:"/wp-content/plugins/easy-digital-downloads/"
     shodan-query: 'vuln:CVE-2023-0380'
-  tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium
+  tags: cve,wordpress,wp-plugin,easy-digital-downloads,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0381-6a1e5a3fb07b5d9291ff1e62a0f08cd2.yaml b/nuclei-templates/2023/CVE-2023-0381-6a1e5a3fb07b5d9291ff1e62a0f08cd2.yaml
index 49e231c61a..30056cb337 100644
--- a/nuclei-templates/2023/CVE-2023-0381-6a1e5a3fb07b5d9291ff1e62a0f08cd2.yaml
+++ b/nuclei-templates/2023/CVE-2023-0381-6a1e5a3fb07b5d9291ff1e62a0f08cd2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GigPress <= 2.3.28 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The GigPress plugin for WordPress is vulnerable to SQL Injection via shortcode attributes in versions up to, and including, 2.3.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gigpress/"
     google-query: inurl:"/wp-content/plugins/gigpress/"
     shodan-query: 'vuln:CVE-2023-0381'
-  tags: cve,wordpress,wp-plugin,gigpress,high
+  tags: cve,wordpress,wp-plugin,gigpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0388-1fdf26dc57df471e3029b947067853d6.yaml b/nuclei-templates/2023/CVE-2023-0388-1fdf26dc57df471e3029b947067853d6.yaml
index b1f8db5573..101e29e7a9 100644
--- a/nuclei-templates/2023/CVE-2023-0388-1fdf26dc57df471e3029b947067853d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-0388-1fdf26dc57df471e3029b947067853d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Random Text <= 0.3.0 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Random Text  plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/randomtext/"
     google-query: inurl:"/wp-content/plugins/randomtext/"
     shodan-query: 'vuln:CVE-2023-0388'
-  tags: cve,wordpress,wp-plugin,randomtext,medium
+  tags: cve,wordpress,wp-plugin,randomtext,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0389-a7620f303af6467e51bdd4f84801b80c.yaml b/nuclei-templates/2023/CVE-2023-0389-a7620f303af6467e51bdd4f84801b80c.yaml
index 6e458e4b7a..7d9d2d2c17 100644
--- a/nuclei-templates/2023/CVE-2023-0389-a7620f303af6467e51bdd4f84801b80c.yaml
+++ b/nuclei-templates/2023/CVE-2023-0389-a7620f303af6467e51bdd4f84801b80c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calculated Fields Form <= 1.1.150 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.150 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calculated-fields-form/"
     google-query: inurl:"/wp-content/plugins/calculated-fields-form/"
     shodan-query: 'vuln:CVE-2023-0389'
-  tags: cve,wordpress,wp-plugin,calculated-fields-form,medium
+  tags: cve,wordpress,wp-plugin,calculated-fields-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0395-9fdc305e956b483dd32edefc410a0147.yaml b/nuclei-templates/2023/CVE-2023-0395-9fdc305e956b483dd32edefc410a0147.yaml
index db6adfc309..34191be3ee 100644
--- a/nuclei-templates/2023/CVE-2023-0395-9fdc305e956b483dd32edefc410a0147.yaml
+++ b/nuclei-templates/2023/CVE-2023-0395-9fdc305e956b483dd32edefc410a0147.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     menu shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The menu shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/menu-shortcode/"
     google-query: inurl:"/wp-content/plugins/menu-shortcode/"
     shodan-query: 'vuln:CVE-2023-0395'
-  tags: cve,wordpress,wp-plugin,menu-shortcode,medium
+  tags: cve,wordpress,wp-plugin,menu-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0399-fddf50b89fd6e037cc6266b73dceb03a.yaml b/nuclei-templates/2023/CVE-2023-0399-fddf50b89fd6e037cc6266b73dceb03a.yaml
index 0aa5106b7a..655069092a 100644
--- a/nuclei-templates/2023/CVE-2023-0399-fddf50b89fd6e037cc6266b73dceb03a.yaml
+++ b/nuclei-templates/2023/CVE-2023-0399-fddf50b89fd6e037cc6266b73dceb03a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Over Image For WPBakery Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Over Image For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image_over_image_vc shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-over-image-vc-extension/"
     google-query: inurl:"/wp-content/plugins/image-over-image-vc-extension/"
     shodan-query: 'vuln:CVE-2023-0399'
-  tags: cve,wordpress,wp-plugin,image-over-image-vc-extension,medium
+  tags: cve,wordpress,wp-plugin,image-over-image-vc-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0402-357fbb3649272b57b08a032d33621319.yaml b/nuclei-templates/2023/CVE-2023-0402-357fbb3649272b57b08a032d33621319.yaml
index c3e49c1404..787bfcb97a 100644
--- a/nuclei-templates/2023/CVE-2023-0402-357fbb3649272b57b08a032d33621319.yaml
+++ b/nuclei-templates/2023/CVE-2023-0402-357fbb3649272b57b08a032d33621319.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Warfare <= 4.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta information and reset network access tokens.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-warfare/"
     google-query: inurl:"/wp-content/plugins/social-warfare/"
     shodan-query: 'vuln:CVE-2023-0402'
-  tags: cve,wordpress,wp-plugin,social-warfare,medium
+  tags: cve,wordpress,wp-plugin,social-warfare,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0404-9bcf64c7dbe781ab40d3670dc81b8e8c.yaml b/nuclei-templates/2023/CVE-2023-0404-9bcf64c7dbe781ab40d3670dc81b8e8c.yaml
index 9c03b6bde4..3c03466c0c 100644
--- a/nuclei-templates/2023/CVE-2023-0404-9bcf64c7dbe781ab40d3670dc81b8e8c.yaml
+++ b/nuclei-templates/2023/CVE-2023-0404-9bcf64c7dbe781ab40d3670dc81b8e8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Made Easy <= 2.3.16 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. While the plugin is still pending review from the WordPress repository, site owners can download a copy of the patched version directly from the developer's Github at https://github.com/liedekef/events-made-easy
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-made-easy/"
     google-query: inurl:"/wp-content/plugins/events-made-easy/"
     shodan-query: 'vuln:CVE-2023-0404'
-  tags: cve,wordpress,wp-plugin,events-made-easy,medium
+  tags: cve,wordpress,wp-plugin,events-made-easy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0418-0c9e1bdf3a0788fe28746e6155355583.yaml b/nuclei-templates/2023/CVE-2023-0418-0c9e1bdf3a0788fe28746e6155355583.yaml
index e456a8e663..4ebff0d4c9 100644
--- a/nuclei-templates/2023/CVE-2023-0418-0c9e1bdf3a0788fe28746e6155355583.yaml
+++ b/nuclei-templates/2023/CVE-2023-0418-0c9e1bdf3a0788fe28746e6155355583.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Central for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Central plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-central/"
     google-query: inurl:"/wp-content/plugins/video-central/"
     shodan-query: 'vuln:CVE-2023-0418'
-  tags: cve,wordpress,wp-plugin,video-central,medium
+  tags: cve,wordpress,wp-plugin,video-central,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0419-a7ddbb09fcd7198bac10f4c61d87a90f.yaml b/nuclei-templates/2023/CVE-2023-0419-a7ddbb09fcd7198bac10f4c61d87a90f.yaml
index 8f31a1b73a..6a7365fd6f 100644
--- a/nuclei-templates/2023/CVE-2023-0419-a7ddbb09fcd7198bac10f4c61d87a90f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0419-a7ddbb09fcd7198bac10f4c61d87a90f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcode for Font Awesome <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcode for Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-for-font-awesome/"
     google-query: inurl:"/wp-content/plugins/shortcode-for-font-awesome/"
     shodan-query: 'vuln:CVE-2023-0419'
-  tags: cve,wordpress,wp-plugin,shortcode-for-font-awesome,medium
+  tags: cve,wordpress,wp-plugin,shortcode-for-font-awesome,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0422-6ee3ff55725bf2e5894fc0e814f92fd5.yaml b/nuclei-templates/2023/CVE-2023-0422-6ee3ff55725bf2e5894fc0e814f92fd5.yaml
index 9619085fca..d4a6b8eeff 100644
--- a/nuclei-templates/2023/CVE-2023-0422-6ee3ff55725bf2e5894fc0e814f92fd5.yaml
+++ b/nuclei-templates/2023/CVE-2023-0422-6ee3ff55725bf2e5894fc0e814f92fd5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Article Directory <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'publish_terms_text'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Article Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publish_terms_text' admin setting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/article-directory/"
     google-query: inurl:"/wp-content/plugins/article-directory/"
     shodan-query: 'vuln:CVE-2023-0422'
-  tags: cve,wordpress,wp-plugin,article-directory,medium
+  tags: cve,wordpress,wp-plugin,article-directory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0424-3b3f96c33b07ec89b36c294dbf4ced51.yaml b/nuclei-templates/2023/CVE-2023-0424-3b3f96c33b07ec89b36c294dbf4ced51.yaml
index 8794cbe63b..1ee0cab7ca 100644
--- a/nuclei-templates/2023/CVE-2023-0424-3b3f96c33b07ec89b36c294dbf4ced51.yaml
+++ b/nuclei-templates/2023/CVE-2023-0424-3b3f96c33b07ec89b36c294dbf4ced51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MS-Reviews <= 1.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MS-Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ms-reviews/"
     google-query: inurl:"/wp-content/plugins/ms-reviews/"
     shodan-query: 'vuln:CVE-2023-0424'
-  tags: cve,wordpress,wp-plugin,ms-reviews,medium
+  tags: cve,wordpress,wp-plugin,ms-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0429-bc7de59ba516744b35b1924de01c50d6.yaml b/nuclei-templates/2023/CVE-2023-0429-bc7de59ba516744b35b1924de01c50d6.yaml
index d368758636..f366eb9820 100644
--- a/nuclei-templates/2023/CVE-2023-0429-bc7de59ba516744b35b1924de01c50d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-0429-bc7de59ba516744b35b1924de01c50d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Watu Quiz <= 3.3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Watu Quiz for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.3.8.2  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/watu/"
     google-query: inurl:"/wp-content/plugins/watu/"
     shodan-query: 'vuln:CVE-2023-0429'
-  tags: cve,wordpress,wp-plugin,watu,medium
+  tags: cve,wordpress,wp-plugin,watu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0431-466048d1971518e0b30eb580a52cc9ff.yaml b/nuclei-templates/2023/CVE-2023-0431-466048d1971518e0b30eb580a52cc9ff.yaml
index 81cb31f165..10c2e84787 100644
--- a/nuclei-templates/2023/CVE-2023-0431-466048d1971518e0b30eb580a52cc9ff.yaml
+++ b/nuclei-templates/2023/CVE-2023-0431-466048d1971518e0b30eb580a52cc9ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Away <= 3.9.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The File Away plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/file-away/"
     google-query: inurl:"/wp-content/plugins/file-away/"
     shodan-query: 'vuln:CVE-2023-0431'
-  tags: cve,wordpress,wp-plugin,file-away,medium
+  tags: cve,wordpress,wp-plugin,file-away,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0439-69c9678050af93b08d000bd2cd1bbedb.yaml b/nuclei-templates/2023/CVE-2023-0439-69c9678050af93b08d000bd2cd1bbedb.yaml
index d2b2514bc2..bc8241df4e 100644
--- a/nuclei-templates/2023/CVE-2023-0439-69c9678050af93b08d000bd2cd1bbedb.yaml
+++ b/nuclei-templates/2023/CVE-2023-0439-69c9678050af93b08d000bd2cd1bbedb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms - Ultimate Form Builder <= 8.4.3 - Authenticated Stored Cross-Site Scripting via Form Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NEX-Forms - Ultimate Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form names parameter in versions up to, and including, 8.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The plugin has the option to allow lower-level users access to the form, which may make this issue exploitable by lower-privileged users in some instances.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2023-0439'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0446-3f9ac076d173ecd9afccb09cd7195bfc.yaml b/nuclei-templates/2023/CVE-2023-0446-3f9ac076d173ecd9afccb09cd7195bfc.yaml
index 229387ba95..72782d9786 100644
--- a/nuclei-templates/2023/CVE-2023-0446-3f9ac076d173ecd9afccb09cd7195bfc.yaml
+++ b/nuclei-templates/2023/CVE-2023-0446-3f9ac076d173ecd9afccb09cd7195bfc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My YouTube Channel <= 3.0.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-channel/"
     google-query: inurl:"/wp-content/plugins/youtube-channel/"
     shodan-query: 'vuln:CVE-2023-0446'
-  tags: cve,wordpress,wp-plugin,youtube-channel,medium
+  tags: cve,wordpress,wp-plugin,youtube-channel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0447-dd26803b22794f717e5726511579315e.yaml b/nuclei-templates/2023/CVE-2023-0447-dd26803b22794f717e5726511579315e.yaml
index 1c56de666c..a3b8f91633 100644
--- a/nuclei-templates/2023/CVE-2023-0447-dd26803b22794f717e5726511579315e.yaml
+++ b/nuclei-templates/2023/CVE-2023-0447-dd26803b22794f717e5726511579315e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My YouTube Channel <= 3.0.12.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-channel/"
     google-query: inurl:"/wp-content/plugins/youtube-channel/"
     shodan-query: 'vuln:CVE-2023-0447'
-  tags: cve,wordpress,wp-plugin,youtube-channel,medium
+  tags: cve,wordpress,wp-plugin,youtube-channel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0467-129be45dc62378c19cbd82aa0287c865.yaml b/nuclei-templates/2023/CVE-2023-0467-129be45dc62378c19cbd82aa0287c865.yaml
index b4269f9bf0..3da50e8f93 100644
--- a/nuclei-templates/2023/CVE-2023-0467-129be45dc62378c19cbd82aa0287c865.yaml
+++ b/nuclei-templates/2023/CVE-2023-0467-129be45dc62378c19cbd82aa0287c865.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Dark Mode <= 4.0.7 - Authenticated (Subscriber+) Local File Inclusion via 'style'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.0.7 via the 'style' shortcode attribute. This allows authenticated attackers, with subscriber-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This only affects installations where the traversal of non-existent directories is allowed or when chained with another vulnerability that allows for the creation of arbitrary directories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dark-mode/"
     google-query: inurl:"/wp-content/plugins/wp-dark-mode/"
     shodan-query: 'vuln:CVE-2023-0467'
-  tags: cve,wordpress,wp-plugin,wp-dark-mode,high
+  tags: cve,wordpress,wp-plugin,wp-dark-mode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0477-eb2326275a758827f7cb2f8622cad6ce.yaml b/nuclei-templates/2023/CVE-2023-0477-eb2326275a758827f7cb2f8622cad6ce.yaml
index 1f151bab62..20bb1e42cd 100644
--- a/nuclei-templates/2023/CVE-2023-0477-eb2326275a758827f7cb2f8622cad6ce.yaml
+++ b/nuclei-templates/2023/CVE-2023-0477-eb2326275a758827f7cb2f8622cad6ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Featured Image (Auto Post Thumbnail) <= 3.9.15 - Authenticated (Author+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.9.15. This allows authenticated users with author-level permissions to upload arbitrary files from remote sources onto the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-post-thumbnail/"
     google-query: inurl:"/wp-content/plugins/auto-post-thumbnail/"
     shodan-query: 'vuln:CVE-2023-0477'
-  tags: cve,wordpress,wp-plugin,auto-post-thumbnail,high
+  tags: cve,wordpress,wp-plugin,auto-post-thumbnail,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0487-fd075b6c9853246b5cc33cafcab17a0c.yaml b/nuclei-templates/2023/CVE-2023-0487-fd075b6c9853246b5cc33cafcab17a0c.yaml
index 6fb329ea27..e9b8bfd0e5 100644
--- a/nuclei-templates/2023/CVE-2023-0487-fd075b6c9853246b5cc33cafcab17a0c.yaml
+++ b/nuclei-templates/2023/CVE-2023-0487-fd075b6c9853246b5cc33cafcab17a0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Sticky Elements <= 2.0.8 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The My Sticky Elements plugin for WordPress is vulnerable to SQL Injection via the 'delete_message' parameter in versions up to, and including, 2.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mystickyelements/"
     google-query: inurl:"/wp-content/plugins/mystickyelements/"
     shodan-query: 'vuln:CVE-2023-0487'
-  tags: cve,wordpress,wp-plugin,mystickyelements,high
+  tags: cve,wordpress,wp-plugin,mystickyelements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0489-09f92d564944a33a7811dc40429fdb32.yaml b/nuclei-templates/2023/CVE-2023-0489-09f92d564944a33a7811dc40429fdb32.yaml
index 71f77ddcbd..e251a9ee4e 100644
--- a/nuclei-templates/2023/CVE-2023-0489-09f92d564944a33a7811dc40429fdb32.yaml
+++ b/nuclei-templates/2023/CVE-2023-0489-09f92d564944a33a7811dc40429fdb32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SlideOnline <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SlideOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideonline/"
     google-query: inurl:"/wp-content/plugins/slideonline/"
     shodan-query: 'vuln:CVE-2023-0489'
-  tags: cve,wordpress,wp-plugin,slideonline,medium
+  tags: cve,wordpress,wp-plugin,slideonline,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0490-14de97dccf48252d3b3ac5a2e5d0250f.yaml b/nuclei-templates/2023/CVE-2023-0490-14de97dccf48252d3b3ac5a2e5d0250f.yaml
index c02d018a1b..31882b06fb 100644
--- a/nuclei-templates/2023/CVE-2023-0490-14de97dccf48252d3b3ac5a2e5d0250f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0490-14de97dccf48252d3b3ac5a2e5d0250f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     f(x) TOC <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The f(x) TOC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fx-toc/"
     google-query: inurl:"/wp-content/plugins/fx-toc/"
     shodan-query: 'vuln:CVE-2023-0490'
-  tags: cve,wordpress,wp-plugin,fx-toc,medium
+  tags: cve,wordpress,wp-plugin,fx-toc,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0491-1a925f12b1905f4ad4c8d17bba7bb15a.yaml b/nuclei-templates/2023/CVE-2023-0491-1a925f12b1905f4ad4c8d17bba7bb15a.yaml
index 84c4d30576..ad45b82669 100644
--- a/nuclei-templates/2023/CVE-2023-0491-1a925f12b1905f4ad4c8d17bba7bb15a.yaml
+++ b/nuclei-templates/2023/CVE-2023-0491-1a925f12b1905f4ad4c8d17bba7bb15a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schedulicity - Easy Online Scheduling <= 2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Schedulicity - Easy Online Scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/schedulicity-online-appointment-booking/"
     google-query: inurl:"/wp-content/plugins/schedulicity-online-appointment-booking/"
     shodan-query: 'vuln:CVE-2023-0491'
-  tags: cve,wordpress,wp-plugin,schedulicity-online-appointment-booking,medium
+  tags: cve,wordpress,wp-plugin,schedulicity-online-appointment-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0492-1735d30fe988ff978861d4dbdb0c640e.yaml b/nuclei-templates/2023/CVE-2023-0492-1735d30fe988ff978861d4dbdb0c640e.yaml
index 10621b4a44..a273f0bbed 100644
--- a/nuclei-templates/2023/CVE-2023-0492-1735d30fe988ff978861d4dbdb0c640e.yaml
+++ b/nuclei-templates/2023/CVE-2023-0492-1735d30fe988ff978861d4dbdb0c640e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Products Slider for WooCommerce <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GS Products Slider for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-woocommerce-products-slider/"
     google-query: inurl:"/wp-content/plugins/gs-woocommerce-products-slider/"
     shodan-query: 'vuln:CVE-2023-0492'
-  tags: cve,wordpress,wp-plugin,gs-woocommerce-products-slider,medium
+  tags: cve,wordpress,wp-plugin,gs-woocommerce-products-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0520-8ca33f13028f0931d0d1467c7211048d.yaml b/nuclei-templates/2023/CVE-2023-0520-8ca33f13028f0931d0d1467c7211048d.yaml
index 615a03e6ba..8bd19e3139 100644
--- a/nuclei-templates/2023/CVE-2023-0520-8ca33f13028f0931d0d1467c7211048d.yaml
+++ b/nuclei-templates/2023/CVE-2023-0520-8ca33f13028f0931d0d1467c7211048d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RapidExpCart <= 1.0 - Authenticated (Level 8/Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RapidExpCart plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with User Level 8 or higher (which typically corresponds to Administrator-level permissions) to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rapidexpcart/"
     google-query: inurl:"/wp-content/plugins/rapidexpcart/"
     shodan-query: 'vuln:CVE-2023-0520'
-  tags: cve,wordpress,wp-plugin,rapidexpcart,medium
+  tags: cve,wordpress,wp-plugin,rapidexpcart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0526-b16694416bb8375e384e3d9eb2224580.yaml b/nuclei-templates/2023/CVE-2023-0526-b16694416bb8375e384e3d9eb2224580.yaml
index 06af8b3076..fa4fb229fa 100644
--- a/nuclei-templates/2023/CVE-2023-0526-b16694416bb8375e384e3d9eb2224580.yaml
+++ b/nuclei-templates/2023/CVE-2023-0526-b16694416bb8375e384e3d9eb2224580.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Shortcode <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-shortcode/"
     google-query: inurl:"/wp-content/plugins/post-shortcode/"
     shodan-query: 'vuln:CVE-2023-0526'
-  tags: cve,wordpress,wp-plugin,post-shortcode,medium
+  tags: cve,wordpress,wp-plugin,post-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0535-28e3179254b4fd139125a16ede646345.yaml b/nuclei-templates/2023/CVE-2023-0535-28e3179254b4fd139125a16ede646345.yaml
index 3a28c5d337..f0164ce2d7 100644
--- a/nuclei-templates/2023/CVE-2023-0535-28e3179254b4fd139125a16ede646345.yaml
+++ b/nuclei-templates/2023/CVE-2023-0535-28e3179254b4fd139125a16ede646345.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donation Block For PayPal <=  2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Donation Block For PayPal for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/donations-block/"
     google-query: inurl:"/wp-content/plugins/donations-block/"
     shodan-query: 'vuln:CVE-2023-0535'
-  tags: cve,wordpress,wp-plugin,donations-block,medium
+  tags: cve,wordpress,wp-plugin,donations-block,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0536-8e3ce96babe760c2cb16640799a8d0b9.yaml b/nuclei-templates/2023/CVE-2023-0536-8e3ce96babe760c2cb16640799a8d0b9.yaml
index ee38f95ff0..147d89a43f 100644
--- a/nuclei-templates/2023/CVE-2023-0536-8e3ce96babe760c2cb16640799a8d0b9.yaml
+++ b/nuclei-templates/2023/CVE-2023-0536-8e3ce96babe760c2cb16640799a8d0b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp-D3 <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wp-D3 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-d3/"
     google-query: inurl:"/wp-content/plugins/wp-d3/"
     shodan-query: 'vuln:CVE-2023-0536'
-  tags: cve,wordpress,wp-plugin,wp-d3,medium
+  tags: cve,wordpress,wp-plugin,wp-d3,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0537-95618d186dc4c7ea88896374745039e9.yaml b/nuclei-templates/2023/CVE-2023-0537-95618d186dc4c7ea88896374745039e9.yaml
index a38c38f5af..d414395e15 100644
--- a/nuclei-templates/2023/CVE-2023-0537-95618d186dc4c7ea88896374745039e9.yaml
+++ b/nuclei-templates/2023/CVE-2023-0537-95618d186dc4c7ea88896374745039e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Slider For WooCommerce Lite <= 1.1.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Keys
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product Slider For WooCommerce Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Meta Keys in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied Meta Keys and Values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-slider-for-woocommerce-lite/"
     google-query: inurl:"/wp-content/plugins/product-slider-for-woocommerce-lite/"
     shodan-query: 'vuln:CVE-2023-0537'
-  tags: cve,wordpress,wp-plugin,product-slider-for-woocommerce-lite,medium
+  tags: cve,wordpress,wp-plugin,product-slider-for-woocommerce-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0538-a735151e1a4f287ab4567ad75cce9a30.yaml b/nuclei-templates/2023/CVE-2023-0538-a735151e1a4f287ab4567ad75cce9a30.yaml
index afb9b9696b..691f7eb381 100644
--- a/nuclei-templates/2023/CVE-2023-0538-a735151e1a4f287ab4567ad75cce9a30.yaml
+++ b/nuclei-templates/2023/CVE-2023-0538-a735151e1a4f287ab4567ad75cce9a30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Campaign URL Builder <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Campaign URL Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/campaign-url-builder/"
     google-query: inurl:"/wp-content/plugins/campaign-url-builder/"
     shodan-query: 'vuln:CVE-2023-0538'
-  tags: cve,wordpress,wp-plugin,campaign-url-builder,medium
+  tags: cve,wordpress,wp-plugin,campaign-url-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0539-bb81738a1483724d89303a6a2b8b759f.yaml b/nuclei-templates/2023/CVE-2023-0539-bb81738a1483724d89303a6a2b8b759f.yaml
index d5680a4013..822aa1e888 100644
--- a/nuclei-templates/2023/CVE-2023-0539-bb81738a1483724d89303a6a2b8b759f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0539-bb81738a1483724d89303a6a2b8b759f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Insever Portfolio <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GS Insever Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-instagram-portfolio/"
     google-query: inurl:"/wp-content/plugins/gs-instagram-portfolio/"
     shodan-query: 'vuln:CVE-2023-0539'
-  tags: cve,wordpress,wp-plugin,gs-instagram-portfolio,medium
+  tags: cve,wordpress,wp-plugin,gs-instagram-portfolio,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0540-876486fa06bffb3829a9c77f08f98e1b.yaml b/nuclei-templates/2023/CVE-2023-0540-876486fa06bffb3829a9c77f08f98e1b.yaml
index 8ba464b350..491e8e0c87 100644
--- a/nuclei-templates/2023/CVE-2023-0540-876486fa06bffb3829a9c77f08f98e1b.yaml
+++ b/nuclei-templates/2023/CVE-2023-0540-876486fa06bffb3829a9c77f08f98e1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Filterable Portfolio <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GS Filterable Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-portfolio/"
     google-query: inurl:"/wp-content/plugins/gs-portfolio/"
     shodan-query: 'vuln:CVE-2023-0540'
-  tags: cve,wordpress,wp-plugin,gs-portfolio,medium
+  tags: cve,wordpress,wp-plugin,gs-portfolio,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0541-2dfa9da72134b3fee9c376ecca6fe446.yaml b/nuclei-templates/2023/CVE-2023-0541-2dfa9da72134b3fee9c376ecca6fe446.yaml
index f2a8c35aad..edcb72a989 100644
--- a/nuclei-templates/2023/CVE-2023-0541-2dfa9da72134b3fee9c376ecca6fe446.yaml
+++ b/nuclei-templates/2023/CVE-2023-0541-2dfa9da72134b3fee9c376ecca6fe446.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Books Showcase <= 1.3.0 - Authenticator (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GS Books Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-books-showcase/"
     google-query: inurl:"/wp-content/plugins/gs-books-showcase/"
     shodan-query: 'vuln:CVE-2023-0541'
-  tags: cve,wordpress,wp-plugin,gs-books-showcase,medium
+  tags: cve,wordpress,wp-plugin,gs-books-showcase,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0542-7a94ec5884e06f0a302f2bb4d1ea7e80.yaml b/nuclei-templates/2023/CVE-2023-0542-7a94ec5884e06f0a302f2bb4d1ea7e80.yaml
index b425b65e4e..ebcfb77212 100644
--- a/nuclei-templates/2023/CVE-2023-0542-7a94ec5884e06f0a302f2bb4d1ea7e80.yaml
+++ b/nuclei-templates/2023/CVE-2023-0542-7a94ec5884e06f0a302f2bb4d1ea7e80.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Post Type List Shortcode <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Post Type List Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-post-type-list-shortcode/"
     google-query: inurl:"/wp-content/plugins/custom-post-type-list-shortcode/"
     shodan-query: 'vuln:CVE-2023-0542'
-  tags: cve,wordpress,wp-plugin,custom-post-type-list-shortcode,medium
+  tags: cve,wordpress,wp-plugin,custom-post-type-list-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0543-fa4a6ca6cb5f0ed29a506220c9fcc52b.yaml b/nuclei-templates/2023/CVE-2023-0543-fa4a6ca6cb5f0ed29a506220c9fcc52b.yaml
index 43abe6daef..af639f189f 100644
--- a/nuclei-templates/2023/CVE-2023-0543-fa4a6ca6cb5f0ed29a506220c9fcc52b.yaml
+++ b/nuclei-templates/2023/CVE-2023-0543-fa4a6ca6cb5f0ed29a506220c9fcc52b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Arigato Autoresponder and Newsletter <= 2.1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$user->email’ parameter in versions up to, and including, 2.1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with admin level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bft-autoresponder/"
     google-query: inurl:"/wp-content/plugins/bft-autoresponder/"
     shodan-query: 'vuln:CVE-2023-0543'
-  tags: cve,wordpress,wp-plugin,bft-autoresponder,medium
+  tags: cve,wordpress,wp-plugin,bft-autoresponder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0544-1b107fac39fc60c6674fcf9f0d2a0f84.yaml b/nuclei-templates/2023/CVE-2023-0544-1b107fac39fc60c6674fcf9f0d2a0f84.yaml
index ead54fe448..599df3370c 100644
--- a/nuclei-templates/2023/CVE-2023-0544-1b107fac39fc60c6674fcf9f0d2a0f84.yaml
+++ b/nuclei-templates/2023/CVE-2023-0544-1b107fac39fc60c6674fcf9f0d2a0f84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Login Box <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Login Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-login-box/"
     google-query: inurl:"/wp-content/plugins/wp-login-box/"
     shodan-query: 'vuln:CVE-2023-0544'
-  tags: cve,wordpress,wp-plugin,wp-login-box,medium
+  tags: cve,wordpress,wp-plugin,wp-login-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0545-da8a9590fd2919ac3b910c3614df54d5.yaml b/nuclei-templates/2023/CVE-2023-0545-da8a9590fd2919ac3b910c3614df54d5.yaml
index a26c4b4ece..edd5fc9c2d 100644
--- a/nuclei-templates/2023/CVE-2023-0545-da8a9590fd2919ac3b910c3614df54d5.yaml
+++ b/nuclei-templates/2023/CVE-2023-0545-da8a9590fd2919ac3b910c3614df54d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. This may be a duplicate of CVE-2023-32120.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hostel/"
     google-query: inurl:"/wp-content/plugins/hostel/"
     shodan-query: 'vuln:CVE-2023-0545'
-  tags: cve,wordpress,wp-plugin,hostel,medium
+  tags: cve,wordpress,wp-plugin,hostel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0546-a7309b89079395b33b2cb7915ba03d32.yaml b/nuclei-templates/2023/CVE-2023-0546-a7309b89079395b33b2cb7915ba03d32.yaml
index aa9242da19..f28161e90c 100644
--- a/nuclei-templates/2023/CVE-2023-0546-a7309b89079395b33b2cb7915ba03d32.yaml
+++ b/nuclei-templates/2023/CVE-2023-0546-a7309b89079395b33b2cb7915ba03d32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FluentForms <= 4.3.24 - Authenticated(Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FluentForms plugin for WrodPress is vulnerable to stored Cross-Site Scripting via custom form fields in versions up to, and including, 4.3.24. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluentform/"
     google-query: inurl:"/wp-content/plugins/fluentform/"
     shodan-query: 'vuln:CVE-2023-0546'
-  tags: cve,wordpress,wp-plugin,fluentform,medium
+  tags: cve,wordpress,wp-plugin,fluentform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0548-243f75a6da65f6edc93ed6a1b9eaec80.yaml b/nuclei-templates/2023/CVE-2023-0548-243f75a6da65f6edc93ed6a1b9eaec80.yaml
index 8aec33dafa..058fca7132 100644
--- a/nuclei-templates/2023/CVE-2023-0548-243f75a6da65f6edc93ed6a1b9eaec80.yaml
+++ b/nuclei-templates/2023/CVE-2023-0548-243f75a6da65f6edc93ed6a1b9eaec80.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Namaste! LMS <= 2.5.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Namaste! LMS for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including,  2.5.9.3 due to insufficient input sanitization and output escaping on the currency setting value. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/namaste-lms/"
     google-query: inurl:"/wp-content/plugins/namaste-lms/"
     shodan-query: 'vuln:CVE-2023-0548'
-  tags: cve,wordpress,wp-plugin,namaste-lms,medium
+  tags: cve,wordpress,wp-plugin,namaste-lms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0551-f45bff66b36c1cb9f233929a488ca421.yaml b/nuclei-templates/2023/CVE-2023-0551-f45bff66b36c1cb9f233929a488ca421.yaml
index dad08d110d..73d140da56 100644
--- a/nuclei-templates/2023/CVE-2023-0551-f45bff66b36c1cb9f233929a488ca421.yaml
+++ b/nuclei-templates/2023/CVE-2023-0551-f45bff66b36c1cb9f233929a488ca421.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     REST API TO MiniProgram <= 4.6.8 - Authenticated (Subscriber+) Media Attachment Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The REST API TO MiniProgram plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the file_batch_delete_callback() function used to delete uploaded attachments in versions up to, and including, 4.6.8. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete arbitrary media files on a WordPress site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rest-api-to-miniprogram/"
     google-query: inurl:"/wp-content/plugins/rest-api-to-miniprogram/"
     shodan-query: 'vuln:CVE-2023-0551'
-  tags: cve,wordpress,wp-plugin,rest-api-to-miniprogram,medium
+  tags: cve,wordpress,wp-plugin,rest-api-to-miniprogram,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0553-608358cb0a02728075caac1560a96687.yaml b/nuclei-templates/2023/CVE-2023-0553-608358cb0a02728075caac1560a96687.yaml
index 793229bd97..3b452ab7cd 100644
--- a/nuclei-templates/2023/CVE-2023-0553-608358cb0a02728075caac1560a96687.yaml
+++ b/nuclei-templates/2023/CVE-2023-0553-608358cb0a02728075caac1560a96687.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Restaurant Menu <= 2.0.2 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-restaurant-menu/"
     google-query: inurl:"/wp-content/plugins/quick-restaurant-menu/"
     shodan-query: 'vuln:CVE-2023-0553'
-  tags: cve,wordpress,wp-plugin,quick-restaurant-menu,medium
+  tags: cve,wordpress,wp-plugin,quick-restaurant-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0554-f4c35f9c74d06655cf517936ec3bc387.yaml b/nuclei-templates/2023/CVE-2023-0554-f4c35f9c74d06655cf517936ec3bc387.yaml
index 3c44768892..1ccae2e4d4 100644
--- a/nuclei-templates/2023/CVE-2023-0554-f4c35f9c74d06655cf517936ec3bc387.yaml
+++ b/nuclei-templates/2023/CVE-2023-0554-f4c35f9c74d06655cf517936ec3bc387.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-restaurant-menu/"
     google-query: inurl:"/wp-content/plugins/quick-restaurant-menu/"
     shodan-query: 'vuln:CVE-2023-0554'
-  tags: cve,wordpress,wp-plugin,quick-restaurant-menu,high
+  tags: cve,wordpress,wp-plugin,quick-restaurant-menu,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0556-9dbce4bd062a39cef5c1a852c279047e.yaml b/nuclei-templates/2023/CVE-2023-0556-9dbce4bd062a39cef5c1a852c279047e.yaml
index 7ff09f25b1..3f8c52ae3d 100644
--- a/nuclei-templates/2023/CVE-2023-0556-9dbce4bd062a39cef5c1a852c279047e.yaml
+++ b/nuclei-templates/2023/CVE-2023-0556-9dbce4bd062a39cef5c1a852c279047e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ContentStudio <= 1.2.5 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contentstudio/"
     google-query: inurl:"/wp-content/plugins/contentstudio/"
     shodan-query: 'vuln:CVE-2023-0556'
-  tags: cve,wordpress,wp-plugin,contentstudio,critical
+  tags: cve,wordpress,wp-plugin,contentstudio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0559-6238c45309a73e1d06001135fffb48d2.yaml b/nuclei-templates/2023/CVE-2023-0559-6238c45309a73e1d06001135fffb48d2.yaml
index 1bffd01d69..e38ea10e17 100644
--- a/nuclei-templates/2023/CVE-2023-0559-6238c45309a73e1d06001135fffb48d2.yaml
+++ b/nuclei-templates/2023/CVE-2023-0559-6238c45309a73e1d06001135fffb48d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Portfolio for Envato <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GS Portfolio for Envato plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-envato-portfolio/"
     google-query: inurl:"/wp-content/plugins/gs-envato-portfolio/"
     shodan-query: 'vuln:CVE-2023-0559'
-  tags: cve,wordpress,wp-plugin,gs-envato-portfolio,medium
+  tags: cve,wordpress,wp-plugin,gs-envato-portfolio,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0579-f373bbafc03e475d3ffabbbd84f90eda.yaml b/nuclei-templates/2023/CVE-2023-0579-f373bbafc03e475d3ffabbbd84f90eda.yaml
index 9eecc0c3a3..3029cb0f8a 100644
--- a/nuclei-templates/2023/CVE-2023-0579-f373bbafc03e475d3ffabbbd84f90eda.yaml
+++ b/nuclei-templates/2023/CVE-2023-0579-f373bbafc03e475d3ffabbbd84f90eda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YARPP - Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The YARRP plugin for WordPress is vulnerable to SQL Injection via the 'limit' parameter set via a shortcode in versions up to, and including, 5.30.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/"
     google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/"
     shodan-query: 'vuln:CVE-2023-0579'
-  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,high
+  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0583-06ebadedd58b7ae3403fa022e6ae3a90.yaml b/nuclei-templates/2023/CVE-2023-0583-06ebadedd58b7ae3403fa022e6ae3a90.yaml
index 3145beb61c..387b40813d 100644
--- a/nuclei-templates/2023/CVE-2023-0583-06ebadedd58b7ae3403fa022e6ae3a90.yaml
+++ b/nuclei-templates/2023/CVE-2023-0583-06ebadedd58b7ae3403fa022e6ae3a90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vk-blocks/"
     google-query: inurl:"/wp-content/plugins/vk-blocks/"
     shodan-query: 'vuln:CVE-2023-0583'
-  tags: cve,wordpress,wp-plugin,vk-blocks,medium
+  tags: cve,wordpress,wp-plugin,vk-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0584-30ce892560143a1889e7a76a4e09b69d.yaml b/nuclei-templates/2023/CVE-2023-0584-30ce892560143a1889e7a76a4e09b69d.yaml
index a1d4516188..bc009d2360 100644
--- a/nuclei-templates/2023/CVE-2023-0584-30ce892560143a1889e7a76a4e09b69d.yaml
+++ b/nuclei-templates/2023/CVE-2023-0584-30ce892560143a1889e7a76a4e09b69d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vk-blocks/"
     google-query: inurl:"/wp-content/plugins/vk-blocks/"
     shodan-query: 'vuln:CVE-2023-0584'
-  tags: cve,wordpress,wp-plugin,vk-blocks,medium
+  tags: cve,wordpress,wp-plugin,vk-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0585-f74b8b0e3c6cf42f9c7d68f58857b310.yaml b/nuclei-templates/2023/CVE-2023-0585-f74b8b0e3c6cf42f9c7d68f58857b310.yaml
index c9ce747d0e..55230ed90b 100644
--- a/nuclei-templates/2023/CVE-2023-0585-f74b8b0e3c6cf42f9c7d68f58857b310.yaml
+++ b/nuclei-templates/2023/CVE-2023-0585-f74b8b0e3c6cf42f9c7d68f58857b310.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:CVE-2023-0585'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0586-c08b2158511f440bda6243887c732dc7.yaml b/nuclei-templates/2023/CVE-2023-0586-c08b2158511f440bda6243887c732dc7.yaml
index 82640c5ab9..0388ebb25b 100644
--- a/nuclei-templates/2023/CVE-2023-0586-c08b2158511f440bda6243887c732dc7.yaml
+++ b/nuclei-templates/2023/CVE-2023-0586-c08b2158511f440bda6243887c732dc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO Pack  <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:CVE-2023-0586'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0589-074f8cb869df86a1b6d64a4a39d460b8.yaml b/nuclei-templates/2023/CVE-2023-0589-074f8cb869df86a1b6d64a4a39d460b8.yaml
index ce5424bc8c..2bd9128765 100644
--- a/nuclei-templates/2023/CVE-2023-0589-074f8cb869df86a1b6d64a4a39d460b8.yaml
+++ b/nuclei-templates/2023/CVE-2023-0589-074f8cb869df86a1b6d64a4a39d460b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Image Carousel WordPress - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Image Carousel WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpic shortcode in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-image-carousel/"
     google-query: inurl:"/wp-content/plugins/wp-image-carousel/"
     shodan-query: 'vuln:CVE-2023-0589'
-  tags: cve,wordpress,wp-plugin,wp-image-carousel,medium
+  tags: cve,wordpress,wp-plugin,wp-image-carousel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0604-af40b53dc8c1c75f92915027f96fff8f.yaml b/nuclei-templates/2023/CVE-2023-0604-af40b53dc8c1c75f92915027f96fff8f.yaml
index fd5b6db6d6..3f35e83836 100644
--- a/nuclei-templates/2023/CVE-2023-0604-af40b53dc8c1c75f92915027f96fff8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0604-af40b53dc8c1c75f92915027f96fff8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Food Manager <= 1.0.3 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Food Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-food-manager/"
     google-query: inurl:"/wp-content/plugins/wp-food-manager/"
     shodan-query: 'vuln:CVE-2023-0604'
-  tags: cve,wordpress,wp-plugin,wp-food-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-food-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0605-9eab813e12b4ac048e7bde30bc6ba691.yaml b/nuclei-templates/2023/CVE-2023-0605-9eab813e12b4ac048e7bde30bc6ba691.yaml
index ac016ac20a..7f09fab2b4 100644
--- a/nuclei-templates/2023/CVE-2023-0605-9eab813e12b4ac048e7bde30bc6ba691.yaml
+++ b/nuclei-templates/2023/CVE-2023-0605-9eab813e12b4ac048e7bde30bc6ba691.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Rename Media On Upload <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Auto Rename Media On Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-rename-media-on-upload/"
     google-query: inurl:"/wp-content/plugins/auto-rename-media-on-upload/"
     shodan-query: 'vuln:CVE-2023-0605'
-  tags: cve,wordpress,wp-plugin,auto-rename-media-on-upload,medium
+  tags: cve,wordpress,wp-plugin,auto-rename-media-on-upload,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0619-d320263520ce22890af78fdf485478ad.yaml b/nuclei-templates/2023/CVE-2023-0619-d320263520ce22890af78fdf485478ad.yaml
index cb18acad76..80f0aae681 100644
--- a/nuclei-templates/2023/CVE-2023-0619-d320263520ce22890af78fdf485478ad.yaml
+++ b/nuclei-templates/2023/CVE-2023-0619-d320263520ce22890af78fdf485478ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kraken.io Image Optimizer <= 2.6.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kraken-image-optimizer/"
     google-query: inurl:"/wp-content/plugins/kraken-image-optimizer/"
     shodan-query: 'vuln:CVE-2023-0619'
-  tags: cve,wordpress,wp-plugin,kraken-image-optimizer,medium
+  tags: cve,wordpress,wp-plugin,kraken-image-optimizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0630-d15c506a6326f67745ff7867b3d43cbf.yaml b/nuclei-templates/2023/CVE-2023-0630-d15c506a6326f67745ff7867b3d43cbf.yaml
index 73fe0d96c5..b3bc62383a 100644
--- a/nuclei-templates/2023/CVE-2023-0630-d15c506a6326f67745ff7867b3d43cbf.yaml
+++ b/nuclei-templates/2023/CVE-2023-0630-d15c506a6326f67745ff7867b3d43cbf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in versions up to, and including, 4.9.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level permissions, and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2023-0630'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,high
+  tags: cve,wordpress,wp-plugin,wp-slimstat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0631-286f920ff3d0f48835cc5b28e8181446.yaml b/nuclei-templates/2023/CVE-2023-0631-286f920ff3d0f48835cc5b28e8181446.yaml
index c462bc3e9e..90ff0436d5 100644
--- a/nuclei-templates/2023/CVE-2023-0631-286f920ff3d0f48835cc5b28e8181446.yaml
+++ b/nuclei-templates/2023/CVE-2023-0631-286f920ff3d0f48835cc5b28e8181446.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Paid Memberships Pro plugin for WordPress is vulnerable to generic SQL Injection via the 'membership' shortcode in versions up to, and including, 2.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level access, and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:CVE-2023-0631'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,high
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0660-c9194ffc50bb3f8abe6f00ef14c4cdc5.yaml b/nuclei-templates/2023/CVE-2023-0660-c9194ffc50bb3f8abe6f00ef14c4cdc5.yaml
index 7b6ae77136..33aee24d05 100644
--- a/nuclei-templates/2023/CVE-2023-0660-c9194ffc50bb3f8abe6f00ef14c4cdc5.yaml
+++ b/nuclei-templates/2023/CVE-2023-0660-c9194ffc50bb3f8abe6f00ef14c4cdc5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Slider 3 <= 3.5.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart Slider 3 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.5.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-slider-3/"
     google-query: inurl:"/wp-content/plugins/smart-slider-3/"
     shodan-query: 'vuln:CVE-2023-0660'
-  tags: cve,wordpress,wp-plugin,smart-slider-3,medium
+  tags: cve,wordpress,wp-plugin,smart-slider-3,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0684-3831d6e441ebd610665743a8c0a63dc7.yaml b/nuclei-templates/2023/CVE-2023-0684-3831d6e441ebd610665743a8c0a63dc7.yaml
index 536851c1b3..6600928e74 100644
--- a/nuclei-templates/2023/CVE-2023-0684-3831d6e441ebd610665743a8c0a63dc7.yaml
+++ b/nuclei-templates/2023/CVE-2023-0684-3831d6e441ebd610665743a8c0a63dc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2023-0684'
-  tags: cve,wordpress,wp-plugin,wicked-folders,medium
+  tags: cve,wordpress,wp-plugin,wicked-folders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0688-1e853b05728a99a8747a224a5333ce69.yaml b/nuclei-templates/2023/CVE-2023-0688-1e853b05728a99a8747a224a5333ce69.yaml
index 2a3b76fbca..0b348deb37 100644
--- a/nuclei-templates/2023/CVE-2023-0688-1e853b05728a99a8747a224a5333ce69.yaml
+++ b/nuclei-templates/2023/CVE-2023-0688-1e853b05728a99a8747a224a5333ce69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form submissions, including payment status, and transaction ID.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-0688'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0689-5ca6c532bc755bf0bf6cce4098713b54.yaml b/nuclei-templates/2023/CVE-2023-0689-5ca6c532bc755bf0bf6cce4098713b54.yaml
index 0da2ac4f9e..f5034c8ee3 100644
--- a/nuclei-templates/2023/CVE-2023-0689-5ca6c532bc755bf0bf6cce4098713b54.yaml
+++ b/nuclei-templates/2023/CVE-2023-0689-5ca6c532bc755bf0bf6cce4098713b54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, including the submitter's first name.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-0689'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0691-bd74a2b3418b2ca97de6f6d3609c3ea2.yaml b/nuclei-templates/2023/CVE-2023-0691-bd74a2b3418b2ca97de6f6d3609c3ea2.yaml
index 3be2115943..e170b5fec5 100644
--- a/nuclei-templates/2023/CVE-2023-0691-bd74a2b3418b2ca97de6f6d3609c3ea2.yaml
+++ b/nuclei-templates/2023/CVE-2023-0691-bd74a2b3418b2ca97de6f6d3609c3ea2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter's last name.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-0691'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0692-f16e74cd433857af6e0b58aa13a15fac.yaml b/nuclei-templates/2023/CVE-2023-0692-f16e74cd433857af6e0b58aa13a15fac.yaml
index 6245d31e1d..acbf8177b4 100644
--- a/nuclei-templates/2023/CVE-2023-0692-f16e74cd433857af6e0b58aa13a15fac.yaml
+++ b/nuclei-templates/2023/CVE-2023-0692-f16e74cd433857af6e0b58aa13a15fac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-0692'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0693-867cb44fcfb4a79db1df0d5c41aba304.yaml b/nuclei-templates/2023/CVE-2023-0693-867cb44fcfb4a79db1df0d5c41aba304.yaml
index 7076b11159..f633f6d66c 100644
--- a/nuclei-templates/2023/CVE-2023-0693-867cb44fcfb4a79db1df0d5c41aba304.yaml
+++ b/nuclei-templates/2023/CVE-2023-0693-867cb44fcfb4a79db1df0d5c41aba304.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the transaction ids of arbitrary form submissions that included payment.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-0693'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0694-cb9d0b1e1071125567f9f9731a764d07.yaml b/nuclei-templates/2023/CVE-2023-0694-cb9d0b1e1071125567f9f9731a764d07.yaml
index b5aaf13346..8bddb3aeab 100644
--- a/nuclei-templates/2023/CVE-2023-0694-cb9d0b1e1071125567f9f9731a764d07.yaml
+++ b/nuclei-templates/2023/CVE-2023-0694-cb9d0b1e1071125567f9f9731a764d07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-0694'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0695-2f98768ab3ca0c5e24ef32eeb6e8633c.yaml b/nuclei-templates/2023/CVE-2023-0695-2f98768ab3ca0c5e24ef32eeb6e8633c.yaml
index bd89bd4677..3a84f90fda 100644
--- a/nuclei-templates/2023/CVE-2023-0695-2f98768ab3ca0c5e24ef32eeb6e8633c.yaml
+++ b/nuclei-templates/2023/CVE-2023-0695-2f98768ab3ca0c5e24ef32eeb6e8633c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a specific link. Note that getting the JavaScript to execute still requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-0695'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0708-7ec1193c499ff8ca62486bd031ee3b72.yaml b/nuclei-templates/2023/CVE-2023-0708-7ec1193c499ff8ca62486bd031ee3b72.yaml
index 82a19fc7c5..df34838075 100644
--- a/nuclei-templates/2023/CVE-2023-0708-7ec1193c499ff8ca62486bd031ee3b72.yaml
+++ b/nuclei-templates/2023/CVE-2023-0708-7ec1193c499ff8ca62486bd031ee3b72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-0708'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0709-1cd960c12693f517a3ddc1f2dd996093.yaml b/nuclei-templates/2023/CVE-2023-0709-1cd960c12693f517a3ddc1f2dd996093.yaml
index 8d82ee3a86..9cd6ea7037 100644
--- a/nuclei-templates/2023/CVE-2023-0709-1cd960c12693f517a3ddc1f2dd996093.yaml
+++ b/nuclei-templates/2023/CVE-2023-0709-1cd960c12693f517a3ddc1f2dd996093.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-0709'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0710-547f6d438086b7c901daed3b548b280c.yaml b/nuclei-templates/2023/CVE-2023-0710-547f6d438086b7c901daed3b548b280c.yaml
index 753c3c9c9d..77dad7fcfb 100644
--- a/nuclei-templates/2023/CVE-2023-0710-547f6d438086b7c901daed3b548b280c.yaml
+++ b/nuclei-templates/2023/CVE-2023-0710-547f6d438086b7c901daed3b548b280c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. Additionally this requires successful payment, increasing the complexity.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-0710'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0711-414ea88c3052f2317af7072cb92eace3.yaml b/nuclei-templates/2023/CVE-2023-0711-414ea88c3052f2317af7072cb92eace3.yaml
index f746b32b0d..05b9f95b7f 100644
--- a/nuclei-templates/2023/CVE-2023-0711-414ea88c3052f2317af7072cb92eace3.yaml
+++ b/nuclei-templates/2023/CVE-2023-0711-414ea88c3052f2317af7072cb92eace3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2023-0711'
-  tags: cve,wordpress,wp-plugin,wicked-folders,medium
+  tags: cve,wordpress,wp-plugin,wicked-folders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0712-84c888c9934970f66e3e629431140250.yaml b/nuclei-templates/2023/CVE-2023-0712-84c888c9934970f66e3e629431140250.yaml
index a9e0116e0f..75f2638ce8 100644
--- a/nuclei-templates/2023/CVE-2023-0712-84c888c9934970f66e3e629431140250.yaml
+++ b/nuclei-templates/2023/CVE-2023-0712-84c888c9934970f66e3e629431140250.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2023-0712'
-  tags: cve,wordpress,wp-plugin,wicked-folders,medium
+  tags: cve,wordpress,wp-plugin,wicked-folders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0713-30f703a8acc3080fb74debd07614d86d.yaml b/nuclei-templates/2023/CVE-2023-0713-30f703a8acc3080fb74debd07614d86d.yaml
index fdd3da0ad7..29b02d9815 100644
--- a/nuclei-templates/2023/CVE-2023-0713-30f703a8acc3080fb74debd07614d86d.yaml
+++ b/nuclei-templates/2023/CVE-2023-0713-30f703a8acc3080fb74debd07614d86d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.16 - Missing Authorization on ajax_add_folder
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2023-0713'
-  tags: cve,wordpress,wp-plugin,wicked-folders,medium
+  tags: cve,wordpress,wp-plugin,wicked-folders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0715-893145b250531536b2c0fa0f1e330f2c.yaml b/nuclei-templates/2023/CVE-2023-0715-893145b250531536b2c0fa0f1e330f2c.yaml
index 0dfdbe6888..7fbf63a761 100644
--- a/nuclei-templates/2023/CVE-2023-0715-893145b250531536b2c0fa0f1e330f2c.yaml
+++ b/nuclei-templates/2023/CVE-2023-0715-893145b250531536b2c0fa0f1e330f2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2023-0715'
-  tags: cve,wordpress,wp-plugin,wicked-folders,medium
+  tags: cve,wordpress,wp-plugin,wicked-folders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0716-0b0e708bccfb3aa959792527101f43e8.yaml b/nuclei-templates/2023/CVE-2023-0716-0b0e708bccfb3aa959792527101f43e8.yaml
index 24463a2284..95a1e7dc9e 100644
--- a/nuclei-templates/2023/CVE-2023-0716-0b0e708bccfb3aa959792527101f43e8.yaml
+++ b/nuclei-templates/2023/CVE-2023-0716-0b0e708bccfb3aa959792527101f43e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.16 - Missing Authorization on ajax_edit_folder
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2023-0716'
-  tags: cve,wordpress,wp-plugin,wicked-folders,medium
+  tags: cve,wordpress,wp-plugin,wicked-folders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0717-be4129faca04d80ed9ac385cd5b2bcc3.yaml b/nuclei-templates/2023/CVE-2023-0717-be4129faca04d80ed9ac385cd5b2bcc3.yaml
index f27f4ec2db..367ba3eec5 100644
--- a/nuclei-templates/2023/CVE-2023-0717-be4129faca04d80ed9ac385cd5b2bcc3.yaml
+++ b/nuclei-templates/2023/CVE-2023-0717-be4129faca04d80ed9ac385cd5b2bcc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2023-0717'
-  tags: cve,wordpress,wp-plugin,wicked-folders,medium
+  tags: cve,wordpress,wp-plugin,wicked-folders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0718-98f5671f8000cd41848d0242c4d503d1.yaml b/nuclei-templates/2023/CVE-2023-0718-98f5671f8000cd41848d0242c4d503d1.yaml
index a2df105ee6..bf75572aa5 100644
--- a/nuclei-templates/2023/CVE-2023-0718-98f5671f8000cd41848d0242c4d503d1.yaml
+++ b/nuclei-templates/2023/CVE-2023-0718-98f5671f8000cd41848d0242c4d503d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2023-0718'
-  tags: cve,wordpress,wp-plugin,wicked-folders,medium
+  tags: cve,wordpress,wp-plugin,wicked-folders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0719-094fc0c37d514333a53dda18143a300a.yaml b/nuclei-templates/2023/CVE-2023-0719-094fc0c37d514333a53dda18143a300a.yaml
index c65c97764f..4458addf30 100644
--- a/nuclei-templates/2023/CVE-2023-0719-094fc0c37d514333a53dda18143a300a.yaml
+++ b/nuclei-templates/2023/CVE-2023-0719-094fc0c37d514333a53dda18143a300a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_sort_order
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2023-0719'
-  tags: cve,wordpress,wp-plugin,wicked-folders,medium
+  tags: cve,wordpress,wp-plugin,wicked-folders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0720-d79b94a0512e6933bbccf753fd89114f.yaml b/nuclei-templates/2023/CVE-2023-0720-d79b94a0512e6933bbccf753fd89114f.yaml
index 7ef4ad29f0..b7673ae051 100644
--- a/nuclei-templates/2023/CVE-2023-0720-d79b94a0512e6933bbccf753fd89114f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0720-d79b94a0512e6933bbccf753fd89114f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder_order
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wicked-folders/"
     google-query: inurl:"/wp-content/plugins/wicked-folders/"
     shodan-query: 'vuln:CVE-2023-0720'
-  tags: cve,wordpress,wp-plugin,wicked-folders,medium
+  tags: cve,wordpress,wp-plugin,wicked-folders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0731-18a9792159e3a4315eefb0545c165734.yaml b/nuclei-templates/2023/CVE-2023-0731-18a9792159e3a4315eefb0545c165734.yaml
index 7021231643..e4655d419a 100644
--- a/nuclei-templates/2023/CVE-2023-0731-18a9792159e3a4315eefb0545c165734.yaml
+++ b/nuclei-templates/2023/CVE-2023-0731-18a9792159e3a4315eefb0545c165734.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Interactive Geo Maps <= 1.5.9 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-geo-maps/"
     google-query: inurl:"/wp-content/plugins/interactive-geo-maps/"
     shodan-query: 'vuln:CVE-2023-0731'
-  tags: cve,wordpress,wp-plugin,interactive-geo-maps,medium
+  tags: cve,wordpress,wp-plugin,interactive-geo-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0749-59a12b62de2e9aeb74cd74615dde1cd6.yaml b/nuclei-templates/2023/CVE-2023-0749-59a12b62de2e9aeb74cd74615dde1cd6.yaml
index 1f3b12c02e..10732d0bb8 100644
--- a/nuclei-templates/2023/CVE-2023-0749-59a12b62de2e9aeb74cd74615dde1cd6.yaml
+++ b/nuclei-templates/2023/CVE-2023-0749-59a12b62de2e9aeb74cd74615dde1cd6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ocean Extra <= 2.1.2 - Authenticated (Subscriber+) Arbitrary Post Access
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ocean Extra for WordPress is vulnerable to disclosure of potentially sensitive data in versions up to, and including, 2.1.2. This is due to to the [oceanwp_library] shortcode not properly validating a post's status prior to returning the post's content. This makes it possible for authenticated attackers with subscriber-level permissions and above to retrieve arbitrary post content, even when it is in a pre-published or private status.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ocean-extra/"
     google-query: inurl:"/wp-content/plugins/ocean-extra/"
     shodan-query: 'vuln:CVE-2023-0749'
-  tags: cve,wordpress,wp-plugin,ocean-extra,medium
+  tags: cve,wordpress,wp-plugin,ocean-extra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0764-3c52a879e5c7f6b209aeea9f28acf059.yaml b/nuclei-templates/2023/CVE-2023-0764-3c52a879e5c7f6b209aeea9f28acf059.yaml
index 1b28258c67..d745fb8a6e 100644
--- a/nuclei-templates/2023/CVE-2023-0764-3c52a879e5c7f6b209aeea9f28acf059.yaml
+++ b/nuclei-templates/2023/CVE-2023-0764-3c52a879e5c7f6b209aeea9f28acf059.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gallery by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via gallery information in versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-plugin/"
     google-query: inurl:"/wp-content/plugins/gallery-plugin/"
     shodan-query: 'vuln:CVE-2023-0764'
-  tags: cve,wordpress,wp-plugin,gallery-plugin,medium
+  tags: cve,wordpress,wp-plugin,gallery-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0765-123e18f5d341b41bb59091344f2c4c88.yaml b/nuclei-templates/2023/CVE-2023-0765-123e18f5d341b41bb59091344f2c4c88.yaml
index 2ba4c9be09..c5f7430d33 100644
--- a/nuclei-templates/2023/CVE-2023-0765-123e18f5d341b41bb59091344f2c4c88.yaml
+++ b/nuclei-templates/2023/CVE-2023-0765-123e18f5d341b41bb59091344f2c4c88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Gallery by BestWebSoft plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.6.9  due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for author-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-plugin/"
     google-query: inurl:"/wp-content/plugins/gallery-plugin/"
     shodan-query: 'vuln:CVE-2023-0765'
-  tags: cve,wordpress,wp-plugin,gallery-plugin,high
+  tags: cve,wordpress,wp-plugin,gallery-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0768-f27c37237edad62fdf365ba901d07da8.yaml b/nuclei-templates/2023/CVE-2023-0768-f27c37237edad62fdf365ba901d07da8.yaml
index 48118f05ad..7e784caa13 100644
--- a/nuclei-templates/2023/CVE-2023-0768-f27c37237edad62fdf365ba901d07da8.yaml
+++ b/nuclei-templates/2023/CVE-2023-0768-f27c37237edad62fdf365ba901d07da8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avirato hotels online booking engine <= 5.0.5 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Avirato hotels online booking engine plugin for WordPress is vulnerable to SQL Injection via the ‘id’ attribute of the Calendario_Avirato shortcode in versions up to, and including, 5.0.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/avirato-calendar/"
     google-query: inurl:"/wp-content/plugins/avirato-calendar/"
     shodan-query: 'vuln:CVE-2023-0768'
-  tags: cve,wordpress,wp-plugin,avirato-calendar,high
+  tags: cve,wordpress,wp-plugin,avirato-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0772-2e5b9dabe10dfc18a46871d43fa96491.yaml b/nuclei-templates/2023/CVE-2023-0772-2e5b9dabe10dfc18a46871d43fa96491.yaml
index ea73a331d5..165c5192a4 100644
--- a/nuclei-templates/2023/CVE-2023-0772-2e5b9dabe10dfc18a46871d43fa96491.yaml
+++ b/nuclei-templates/2023/CVE-2023-0772-2e5b9dabe10dfc18a46871d43fa96491.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OptinMonster <= 2.12.1 -  Authenticated (Subscriber+) Sensitive Information Disclosure via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OptinMonster plugin for WordPress is vulnerable to unauthorized access of data due to insufficient post type validation on the  'prepare_campaign' function in versions up to 2.12.1. This makes it possible for authenticated attackers with subscriber-level access, and above, to access potentially sensitive information due to lack of protections and information restrictions that let campaign information or even private post and content information to be leaked.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/optinmonster/"
     google-query: inurl:"/wp-content/plugins/optinmonster/"
     shodan-query: 'vuln:CVE-2023-0772'
-  tags: cve,wordpress,wp-plugin,optinmonster,medium
+  tags: cve,wordpress,wp-plugin,optinmonster,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0820-be510149fd1b62e5b5bb38762ffb0573.yaml b/nuclei-templates/2023/CVE-2023-0820-be510149fd1b62e5b5bb38762ffb0573.yaml
index 94ec0ef10c..c6d9aa20ce 100644
--- a/nuclei-templates/2023/CVE-2023-0820-be510149fd1b62e5b5bb38762ffb0573.yaml
+++ b/nuclei-templates/2023/CVE-2023-0820-be510149fd1b62e5b5bb38762ffb0573.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Role by BestWebSoft <= 1.6.6 - Cross-Site Request Forgery to Privilege Escalation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The User Role by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.6. This is due to missing nonce validation in the edit-role-page.php file. This makes it possible for unauthenticated attackers to modify the capabilities of individual roles to elevate individual user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-role/"
     google-query: inurl:"/wp-content/plugins/user-role/"
     shodan-query: 'vuln:CVE-2023-0820'
-  tags: cve,wordpress,wp-plugin,user-role,high
+  tags: cve,wordpress,wp-plugin,user-role,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0823-4871efeec934efc06ef8f938e4a88d59.yaml b/nuclei-templates/2023/CVE-2023-0823-4871efeec934efc06ef8f938e4a88d59.yaml
index 18583bd536..ffaa02cfe7 100644
--- a/nuclei-templates/2023/CVE-2023-0823-4871efeec934efc06ef8f938e4a88d59.yaml
+++ b/nuclei-templates/2023/CVE-2023-0823-4871efeec934efc06ef8f938e4a88d59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_revoke_shortcode' Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cookies_revoke_shortcode' shortcode in versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookie-notice/"
     google-query: inurl:"/wp-content/plugins/cookie-notice/"
     shodan-query: 'vuln:CVE-2023-0823'
-  tags: cve,wordpress,wp-plugin,cookie-notice,medium
+  tags: cve,wordpress,wp-plugin,cookie-notice,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0844-04f146ec33992e5efff05a0bd40f659f.yaml b/nuclei-templates/2023/CVE-2023-0844-04f146ec33992e5efff05a0bd40f659f.yaml
index 0cb3b3112b..aaa90bcc3c 100644
--- a/nuclei-templates/2023/CVE-2023-0844-04f146ec33992e5efff05a0bd40f659f.yaml
+++ b/nuclei-templates/2023/CVE-2023-0844-04f146ec33992e5efff05a0bd40f659f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Namaste! LMS <= 2.5.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'accept_other_payment_methods', 'other_payment_methods' Parameters
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Namaste! LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accept_other_payment_methods', 'other_payment_methods' parameters in versions up to 2.5.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/namaste-lms/"
     google-query: inurl:"/wp-content/plugins/namaste-lms/"
     shodan-query: 'vuln:CVE-2023-0844'
-  tags: cve,wordpress,wp-plugin,namaste-lms,medium
+  tags: cve,wordpress,wp-plugin,namaste-lms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0865-af4d8c78cfc5d18ffd2467d3a5581338.yaml b/nuclei-templates/2023/CVE-2023-0865-af4d8c78cfc5d18ffd2467d3a5581338.yaml
index 17725a0590..782f30c928 100644
--- a/nuclei-templates/2023/CVE-2023-0865-af4d8c78cfc5d18ffd2467d3a5581338.yaml
+++ b/nuclei-templates/2023/CVE-2023-0865-af4d8c78cfc5d18ffd2467d3a5581338.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Multiple Customer Addresses & Shipping <= 21.6 - Missing Authorization leading to Authenticated (Subscriber+) Arbitrary Address Creation/Deletion/View/Updates
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Multiple Customer Addresses & Shipping plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 21.6. This is due to missing protections on the plugin's administrative functions. This makes it possible for subscriber-level attackers to create, delete, view, and update addresses of other users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-0865-1/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-0865-1/"
     shodan-query: 'vuln:CVE-2023-0865'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-0865-1,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-0865-1,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0873-437b56ebf4aacc7667a38732c9abf4be.yaml b/nuclei-templates/2023/CVE-2023-0873-437b56ebf4aacc7667a38732c9abf4be.yaml
index 494f6ddd7b..172b36b5d3 100644
--- a/nuclei-templates/2023/CVE-2023-0873-437b56ebf4aacc7667a38732c9abf4be.yaml
+++ b/nuclei-templates/2023/CVE-2023-0873-437b56ebf4aacc7667a38732c9abf4be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kanban Boards for WordPress <= 2.5.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Kanban Boards for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.5.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. Note that this may be a duplicate of CVE-2023-34368.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kanban/"
     google-query: inurl:"/wp-content/plugins/kanban/"
     shodan-query: 'vuln:CVE-2023-0873'
-  tags: cve,wordpress,wp-plugin,kanban,medium
+  tags: cve,wordpress,wp-plugin,kanban,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0874-f10af2927781e57c830660efc5735cb4.yaml b/nuclei-templates/2023/CVE-2023-0874-f10af2927781e57c830660efc5735cb4.yaml
index b7a74df397..8a09a1a6ff 100644
--- a/nuclei-templates/2023/CVE-2023-0874-f10af2927781e57c830660efc5735cb4.yaml
+++ b/nuclei-templates/2023/CVE-2023-0874-f10af2927781e57c830660efc5735cb4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Klaviyo <= 3.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Klaviyo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/klaviyo/"
     google-query: inurl:"/wp-content/plugins/klaviyo/"
     shodan-query: 'vuln:CVE-2023-0874'
-  tags: cve,wordpress,wp-plugin,klaviyo,medium
+  tags: cve,wordpress,wp-plugin,klaviyo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0875-8f211e542f6f3ea8f0872b9525089564.yaml b/nuclei-templates/2023/CVE-2023-0875-8f211e542f6f3ea8f0872b9525089564.yaml
index 3387825b58..2a18394b90 100644
--- a/nuclei-templates/2023/CVE-2023-0875-8f211e542f6f3ea8f0872b9525089564.yaml
+++ b/nuclei-templates/2023/CVE-2023-0875-8f211e542f6f3ea8f0872b9525089564.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meta SEO <= 4.5.2 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Meta SEO plugin for WordPress is vulnerable to SQL Injection via the ‘ids’ parameter in the bulkImageCopy function reachable via the wp_ajax_wpms AJAX action in versions up to, and including, 4.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Since the plugin relied on nonce checks as a means of access control, and that nonce was made accessible to all authenticated users regardless of role, the vulnerability could be exploited by asubscribers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-seo/"
     google-query: inurl:"/wp-content/plugins/wp-meta-seo/"
     shodan-query: 'vuln:CVE-2023-0875'
-  tags: cve,wordpress,wp-plugin,wp-meta-seo,high
+  tags: cve,wordpress,wp-plugin,wp-meta-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0889-0ca0bd9c39bf258c51c77483b135b8f5.yaml b/nuclei-templates/2023/CVE-2023-0889-0ca0bd9c39bf258c51c77483b135b8f5.yaml
index 4c24b2e73b..8a0115840d 100644
--- a/nuclei-templates/2023/CVE-2023-0889-0ca0bd9c39bf258c51c77483b135b8f5.yaml
+++ b/nuclei-templates/2023/CVE-2023-0889-0ca0bd9c39bf258c51c77483b135b8f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themeflection Numbers <= 1.8.1 - Authenticated(Subscriber+) Privilege Escalation via tf_numb_save_licenses
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Themeflection Numbers plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the tf_numb_save_licenses function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation. Version 2.0.0 introduced a partial patch which prevented privilege escalation but still potentially allowed data modification.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tf-numbers-number-counter-animaton/"
     google-query: inurl:"/wp-content/plugins/tf-numbers-number-counter-animaton/"
     shodan-query: 'vuln:CVE-2023-0889'
-  tags: cve,wordpress,wp-plugin,tf-numbers-number-counter-animaton,high
+  tags: cve,wordpress,wp-plugin,tf-numbers-number-counter-animaton,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0890-051c86487ea054ab8374342c3d7fd783.yaml b/nuclei-templates/2023/CVE-2023-0890-051c86487ea054ab8374342c3d7fd783.yaml
index a761afb033..c61139e666 100644
--- a/nuclei-templates/2023/CVE-2023-0890-051c86487ea054ab8374342c3d7fd783.yaml
+++ b/nuclei-templates/2023/CVE-2023-0890-051c86487ea054ab8374342c3d7fd783.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Arbitrary Post Access via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes Ultimate plugin for WordPress is vulnerable to unauthorized access of data due to missing authorization controls in a plugin's shortcode in versions up to, and including, 5.12.7. This makes it possible for authenticated attackers with subscriber-level permissions and above to read arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2023-0890'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0891-295c71d391fe6f97f05c0f5bc739be92.yaml b/nuclei-templates/2023/CVE-2023-0891-295c71d391fe6f97f05c0f5bc739be92.yaml
index 853959e7ae..a7b8aef834 100644
--- a/nuclei-templates/2023/CVE-2023-0891-295c71d391fe6f97f05c0f5bc739be92.yaml
+++ b/nuclei-templates/2023/CVE-2023-0891-295c71d391fe6f97f05c0f5bc739be92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stagtools <= 2.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Stagtools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stagtools/"
     google-query: inurl:"/wp-content/plugins/stagtools/"
     shodan-query: 'vuln:CVE-2023-0891'
-  tags: cve,wordpress,wp-plugin,stagtools,medium
+  tags: cve,wordpress,wp-plugin,stagtools,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0892-84478af058257dde74ad587387b8e0c5.yaml b/nuclei-templates/2023/CVE-2023-0892-84478af058257dde74ad587387b8e0c5.yaml
index 346b348cc7..090dc23aba 100644
--- a/nuclei-templates/2023/CVE-2023-0892-84478af058257dde74ad587387b8e0c5.yaml
+++ b/nuclei-templates/2023/CVE-2023-0892-84478af058257dde74ad587387b8e0c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BizLibrary <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BizLibrary plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bizlibrary/"
     google-query: inurl:"/wp-content/plugins/bizlibrary/"
     shodan-query: 'vuln:CVE-2023-0892'
-  tags: cve,wordpress,wp-plugin,bizlibrary,medium
+  tags: cve,wordpress,wp-plugin,bizlibrary,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0893-49fe99f51fd3a93a572d1c7ee54d4741.yaml b/nuclei-templates/2023/CVE-2023-0893-49fe99f51fd3a93a572d1c7ee54d4741.yaml
index 26fa4494c3..ea05daeee4 100644
--- a/nuclei-templates/2023/CVE-2023-0893-49fe99f51fd3a93a572d1c7ee54d4741.yaml
+++ b/nuclei-templates/2023/CVE-2023-0893-49fe99f51fd3a93a572d1c7ee54d4741.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Time Sheets <= 1.29.2 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Time Sheets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/time-sheets/"
     google-query: inurl:"/wp-content/plugins/time-sheets/"
     shodan-query: 'vuln:CVE-2023-0893'
-  tags: cve,wordpress,wp-plugin,time-sheets,medium
+  tags: cve,wordpress,wp-plugin,time-sheets,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0894-fe4c4bb2122cdad1871934e83ec97820.yaml b/nuclei-templates/2023/CVE-2023-0894-fe4c4bb2122cdad1871934e83ec97820.yaml
index ea0868eb37..b92f140c42 100644
--- a/nuclei-templates/2023/CVE-2023-0894-fe4c4bb2122cdad1871934e83ec97820.yaml
+++ b/nuclei-templates/2023/CVE-2023-0894-fe4c4bb2122cdad1871934e83ec97820.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pickup | Delivery | Dine-in date time <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pickup | Delivery | Dine-in date time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restaurant-pickup-delivery-dine-in/"
     google-query: inurl:"/wp-content/plugins/restaurant-pickup-delivery-dine-in/"
     shodan-query: 'vuln:CVE-2023-0894'
-  tags: cve,wordpress,wp-plugin,restaurant-pickup-delivery-dine-in,medium
+  tags: cve,wordpress,wp-plugin,restaurant-pickup-delivery-dine-in,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0895-d4baf5319f8e6cff227085b65be4db6a.yaml b/nuclei-templates/2023/CVE-2023-0895-d4baf5319f8e6cff227085b65be4db6a.yaml
index 677a0f674c..d460ffd3f5 100644
--- a/nuclei-templates/2023/CVE-2023-0895-d4baf5319f8e6cff227085b65be4db6a.yaml
+++ b/nuclei-templates/2023/CVE-2023-0895-d4baf5319f8e6cff227085b65be4db6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-coder/"
     google-query: inurl:"/wp-content/plugins/wp-coder/"
     shodan-query: 'vuln:CVE-2023-0895'
-  tags: cve,wordpress,wp-plugin,wp-coder,high
+  tags: cve,wordpress,wp-plugin,wp-coder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0900-55621d6fc615b8d4a345ef4a0a4b8e73.yaml b/nuclei-templates/2023/CVE-2023-0900-55621d6fc615b8d4a345ef4a0a4b8e73.yaml
index b3f76996f5..4f091a49ea 100644
--- a/nuclei-templates/2023/CVE-2023-0900-55621d6fc615b8d4a345ef4a0a4b8e73.yaml
+++ b/nuclei-templates/2023/CVE-2023-0900-55621d6fc615b8d4a345ef4a0a4b8e73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AP Pricing Tables Lite <= 1.1.6 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The AP Pricing Tables Lite plugin for WordPress is vulnerable to SQL Injection via the 'table_id' parameter passed through the appts_backend_ajax AJAX function in versions up to, and including, 1.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ap-pricing-tables-lite/"
     google-query: inurl:"/wp-content/plugins/ap-pricing-tables-lite/"
     shodan-query: 'vuln:CVE-2023-0900'
-  tags: cve,wordpress,wp-plugin,ap-pricing-tables-lite,high
+  tags: cve,wordpress,wp-plugin,ap-pricing-tables-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0911-88b0cb27fd508341f3181a16f7fa23a3.yaml b/nuclei-templates/2023/CVE-2023-0911-88b0cb27fd508341f3181a16f7fa23a3.yaml
index 76cf77a7db..33c9e1f7d5 100644
--- a/nuclei-templates/2023/CVE-2023-0911-88b0cb27fd508341f3181a16f7fa23a3.yaml
+++ b/nuclei-templates/2023/CVE-2023-0911-88b0cb27fd508341f3181a16f7fa23a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes Ultimate for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.12.7  via its shortcodes. This can allow authenticated attackers with subscriber-level privileges or higher to extract sensitive data including user meta information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2023-0911'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0924-d9e5ab172446fd3be8d4dddf9dcfa63e.yaml b/nuclei-templates/2023/CVE-2023-0924-d9e5ab172446fd3be8d4dddf9dcfa63e.yaml
index c1a337d545..063bbdd4ff 100644
--- a/nuclei-templates/2023/CVE-2023-0924-d9e5ab172446fd3be8d4dddf9dcfa63e.yaml
+++ b/nuclei-templates/2023/CVE-2023-0924-d9e5ab172446fd3be8d4dddf9dcfa63e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zyrex Popup <= 1.0 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Zyrex Popup plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zx_main_page function in versions up to, and including, 1.0. This makes it possible for authenticated attackers, with administrative privileges, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-zyrex/"
     google-query: inurl:"/wp-content/plugins/popup-zyrex/"
     shodan-query: 'vuln:CVE-2023-0924'
-  tags: cve,wordpress,wp-plugin,popup-zyrex,high
+  tags: cve,wordpress,wp-plugin,popup-zyrex,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0955-4ab5b9d0741d36fdeb0d5b8e06672d39.yaml b/nuclei-templates/2023/CVE-2023-0955-4ab5b9d0741d36fdeb0d5b8e06672d39.yaml
index 11cd2f1922..4a128c4dfa 100644
--- a/nuclei-templates/2023/CVE-2023-0955-4ab5b9d0741d36fdeb0d5b8e06672d39.yaml
+++ b/nuclei-templates/2023/CVE-2023-0955-4ab5b9d0741d36fdeb0d5b8e06672d39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 13.2.16 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Statistics plugin for WordPress is vulnerable to SQL Injection via the $days_time_list value in versions up to, and including, 13.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:CVE-2023-0955'
-  tags: cve,wordpress,wp-plugin,wp-statistics,high
+  tags: cve,wordpress,wp-plugin,wp-statistics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-0958-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/2023/CVE-2023-0958-25a10466c42d47292b8a71c862e9a26a.yaml
index ce392d1c64..65de7fca92 100644
--- a/nuclei-templates/2023/CVE-2023-0958-25a10466c42d47292b8a71c862e9a26a.yaml
+++ b/nuclei-templates/2023/CVE-2023-0958-25a10466c42d47292b8a71c862e9a26a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-0958
   metadata:
-    fofa-query: "wp-content/plugins/http-https-remover/"
-    google-query: inurl:"/wp-content/plugins/http-https-remover/"
+    fofa-query: "wp-content/plugins/enhanced-text-widget/"
+    google-query: inurl:"/wp-content/plugins/enhanced-text-widget/"
     shodan-query: 'vuln:CVE-2023-0958'
-  tags: cve,wordpress,wp-plugin,http-https-remover,medium
+  tags: cve,wordpress,wp-plugin,enhanced-text-widget,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/http-https-remover/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/enhanced-text-widget/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "http-https-remover"
+          - "enhanced-text-widget"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.2.3')
\ No newline at end of file
+          - compare_versions(version, '<= 1.5.7')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-0993-380d905325ab5069c99a7e476a1a4f89.yaml b/nuclei-templates/2023/CVE-2023-0993-380d905325ab5069c99a7e476a1a4f89.yaml
index f2dd1a477b..e8c8b3c379 100644
--- a/nuclei-templates/2023/CVE-2023-0993-380d905325ab5069c99a7e476a1a4f89.yaml
+++ b/nuclei-templates/2023/CVE-2023-0993-380d905325ab5069c99a7e476a1a4f89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shield Security <= 17.0.17 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-simple-firewall/"
     google-query: inurl:"/wp-content/plugins/wp-simple-firewall/"
     shodan-query: 'vuln:CVE-2023-0993'
-  tags: cve,wordpress,wp-plugin,wp-simple-firewall,medium
+  tags: cve,wordpress,wp-plugin,wp-simple-firewall,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1016-18457ce0add8e02185ec82dfe3cc1c14.yaml b/nuclei-templates/2023/CVE-2023-1016-18457ce0add8e02185ec82dfe3cc1c14.yaml
index e78aa4b5c3..856fd4d049 100644
--- a/nuclei-templates/2023/CVE-2023-1016-18457ce0add8e02185ec82dfe3cc1c14.yaml
+++ b/nuclei-templates/2023/CVE-2023-1016-18457ce0add8e02185ec82dfe3cc1c14.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'update_options' function as well as the 'refresh' function which runs queries on the same values. This allows authenticated attackers, with administrator permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this attack may only be practical on configurations where it is possible to bypass addslashes due to the database using a nonstandard character set such as GBK.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/intuitive-custom-post-order/"
     google-query: inurl:"/wp-content/plugins/intuitive-custom-post-order/"
     shodan-query: 'vuln:CVE-2023-1016'
-  tags: cve,wordpress,wp-plugin,intuitive-custom-post-order,medium
+  tags: cve,wordpress,wp-plugin,intuitive-custom-post-order,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1019-0aa92148d99c1bca8d88494c39b853c4.yaml b/nuclei-templates/2023/CVE-2023-1019-0aa92148d99c1bca8d88494c39b853c4.yaml
index 1087febca6..1295a802dd 100644
--- a/nuclei-templates/2023/CVE-2023-1019-0aa92148d99c1bca8d88494c39b853c4.yaml
+++ b/nuclei-templates/2023/CVE-2023-1019-0aa92148d99c1bca8d88494c39b853c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Help Desk WP <= 1.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Help Desk WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with editor privileges, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/helpdeskwp/"
     google-query: inurl:"/wp-content/plugins/helpdeskwp/"
     shodan-query: 'vuln:CVE-2023-1019'
-  tags: cve,wordpress,wp-plugin,helpdeskwp,high
+  tags: cve,wordpress,wp-plugin,helpdeskwp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1021-65248f15aa94ab7dabcc81cdc7d86180.yaml b/nuclei-templates/2023/CVE-2023-1021-65248f15aa94ab7dabcc81cdc7d86180.yaml
index e7f7490f38..91e07c449a 100644
--- a/nuclei-templates/2023/CVE-2023-1021-65248f15aa94ab7dabcc81cdc7d86180.yaml
+++ b/nuclei-templates/2023/CVE-2023-1021-65248f15aa94ab7dabcc81cdc7d86180.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Amr Ical Events Lists <= 6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Amr Ical Events Lists plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amr-ical-events-list/"
     google-query: inurl:"/wp-content/plugins/amr-ical-events-list/"
     shodan-query: 'vuln:CVE-2023-1021'
-  tags: cve,wordpress,wp-plugin,amr-ical-events-list,medium
+  tags: cve,wordpress,wp-plugin,amr-ical-events-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1022-48db89bfccb085b8a9e9bacdc76c0af1.yaml b/nuclei-templates/2023/CVE-2023-1022-48db89bfccb085b8a9e9bacdc76c0af1.yaml
index b2bc365037..75206d7794 100644
--- a/nuclei-templates/2023/CVE-2023-1022-48db89bfccb085b8a9e9bacdc76c0af1.yaml
+++ b/nuclei-templates/2023/CVE-2023-1022-48db89bfccb085b8a9e9bacdc76c0af1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meta SEO <= 4.5.3 - Missing Authorization in 'wpmsGGSaveInformation'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-seo/"
     google-query: inurl:"/wp-content/plugins/wp-meta-seo/"
     shodan-query: 'vuln:CVE-2023-1022'
-  tags: cve,wordpress,wp-plugin,wp-meta-seo,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1023-a77598a8619865ebfa5a440835fd61e6.yaml b/nuclei-templates/2023/CVE-2023-1023-a77598a8619865ebfa5a440835fd61e6.yaml
index 60a56e68c7..0b36fc07a9 100644
--- a/nuclei-templates/2023/CVE-2023-1023-a77598a8619865ebfa5a440835fd61e6.yaml
+++ b/nuclei-templates/2023/CVE-2023-1023-a77598a8619865ebfa5a440835fd61e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meta SEO <= 4.5.3 - Missing Authorization in 'saveSitemapSettings'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change sitemap-related settings of the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-seo/"
     google-query: inurl:"/wp-content/plugins/wp-meta-seo/"
     shodan-query: 'vuln:CVE-2023-1023'
-  tags: cve,wordpress,wp-plugin,wp-meta-seo,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1024-2f2d8b93ad701e19ec6f3207f936eef8.yaml b/nuclei-templates/2023/CVE-2023-1024-2f2d8b93ad701e19ec6f3207f936eef8.yaml
index 2d840093e3..c14db2a767 100644
--- a/nuclei-templates/2023/CVE-2023-1024-2f2d8b93ad701e19ec6f3207f936eef8.yaml
+++ b/nuclei-templates/2023/CVE-2023-1024-2f2d8b93ad701e19ec6f3207f936eef8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meta SEO <= 4.5.3 - Missing Authorization in 'regenerateSitemaps'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-seo/"
     google-query: inurl:"/wp-content/plugins/wp-meta-seo/"
     shodan-query: 'vuln:CVE-2023-1024'
-  tags: cve,wordpress,wp-plugin,wp-meta-seo,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1025-1057cae23f85520832f9b7c2f9fe55c7.yaml b/nuclei-templates/2023/CVE-2023-1025-1057cae23f85520832f9b7c2f9fe55c7.yaml
index f8666615a6..0e5eb9ef9a 100644
--- a/nuclei-templates/2023/CVE-2023-1025-1057cae23f85520832f9b7c2f9fe55c7.yaml
+++ b/nuclei-templates/2023/CVE-2023-1025-1057cae23f85520832f9b7c2f9fe55c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple File List <= 6.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple File List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-file-list/"
     google-query: inurl:"/wp-content/plugins/simple-file-list/"
     shodan-query: 'vuln:CVE-2023-1025'
-  tags: cve,wordpress,wp-plugin,simple-file-list,medium
+  tags: cve,wordpress,wp-plugin,simple-file-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1026-eb91f445c10e82b7c3e98be1062a0e24.yaml b/nuclei-templates/2023/CVE-2023-1026-eb91f445c10e82b7c3e98be1062a0e24.yaml
index aece32b31a..3b15b99adc 100644
--- a/nuclei-templates/2023/CVE-2023-1026-eb91f445c10e82b7c3e98be1062a0e24.yaml
+++ b/nuclei-templates/2023/CVE-2023-1026-eb91f445c10e82b7c3e98be1062a0e24.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by category as long as those posts are published. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-seo/"
     google-query: inurl:"/wp-content/plugins/wp-meta-seo/"
     shodan-query: 'vuln:CVE-2023-1026'
-  tags: cve,wordpress,wp-plugin,wp-meta-seo,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1027-051ffefc51104be6bb17d2b5cf41b941.yaml b/nuclei-templates/2023/CVE-2023-1027-051ffefc51104be6bb17d2b5cf41b941.yaml
index 1587aec45d..196e474f23 100644
--- a/nuclei-templates/2023/CVE-2023-1027-051ffefc51104be6bb17d2b5cf41b941.yaml
+++ b/nuclei-templates/2023/CVE-2023-1027-051ffefc51104be6bb17d2b5cf41b941.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meta SEO <= 4.5.3 - Missing Authorization in 'checkAllCategoryInSitemap'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-seo/"
     google-query: inurl:"/wp-content/plugins/wp-meta-seo/"
     shodan-query: 'vuln:CVE-2023-1027'
-  tags: cve,wordpress,wp-plugin,wp-meta-seo,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1069-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml b/nuclei-templates/2023/CVE-2023-1069-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml
index 9a33d778c5..d9794341c6 100644
--- a/nuclei-templates/2023/CVE-2023-1069-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml
+++ b/nuclei-templates/2023/CVE-2023-1069-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Complianz - GDPR/CCPA Cookie Consent <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2023-1069
   metadata:
-    fofa-query: "wp-content/plugins/complianz-gdpr/"
-    google-query: inurl:"/wp-content/plugins/complianz-gdpr/"
+    fofa-query: "wp-content/plugins/complianz-gdpr-premium/"
+    google-query: inurl:"/wp-content/plugins/complianz-gdpr-premium/"
     shodan-query: 'vuln:CVE-2023-1069'
-  tags: cve,wordpress,wp-plugin,complianz-gdpr,medium
+  tags: cve,wordpress,wp-plugin,complianz-gdpr-premium,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/complianz-gdpr-premium/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "complianz-gdpr"
+          - "complianz-gdpr-premium"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-1090-4f005a53f32a91b958c425e9676f1ab9.yaml b/nuclei-templates/2023/CVE-2023-1090-4f005a53f32a91b958c425e9676f1ab9.yaml
index 7cca9edc62..54d54eccb9 100644
--- a/nuclei-templates/2023/CVE-2023-1090-4f005a53f32a91b958c425e9676f1ab9.yaml
+++ b/nuclei-templates/2023/CVE-2023-1090-4f005a53f32a91b958c425e9676f1ab9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SMTP Mailing Queue <= 1.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SMTP Mailing Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via mailing settings in versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smtp-mailing-queue/"
     google-query: inurl:"/wp-content/plugins/smtp-mailing-queue/"
     shodan-query: 'vuln:CVE-2023-1090'
-  tags: cve,wordpress,wp-plugin,smtp-mailing-queue,medium
+  tags: cve,wordpress,wp-plugin,smtp-mailing-queue,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1110-04f24d8a77ed9613e08490a191c4df98.yaml b/nuclei-templates/2023/CVE-2023-1110-04f24d8a77ed9613e08490a191c4df98.yaml
index 91399dcb64..1494019c31 100644
--- a/nuclei-templates/2023/CVE-2023-1110-04f24d8a77ed9613e08490a191c4df98.yaml
+++ b/nuclei-templates/2023/CVE-2023-1110-04f24d8a77ed9613e08490a191c4df98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yellow Yard Searchbar <= 2.7.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yellow Yard Searchbar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yy_filter and yy_filter_container shortcodes in versions up to, and including, 2.7.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level and above permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yellow-yard/"
     google-query: inurl:"/wp-content/plugins/yellow-yard/"
     shodan-query: 'vuln:CVE-2023-1110'
-  tags: cve,wordpress,wp-plugin,yellow-yard,medium
+  tags: cve,wordpress,wp-plugin,yellow-yard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1119-4393e503b4c5e360e86d4cf75de99b91.yaml b/nuclei-templates/2023/CVE-2023-1119-4393e503b4c5e360e86d4cf75de99b91.yaml
index 3008783b42..a1a8d798c6 100644
--- a/nuclei-templates/2023/CVE-2023-1119-4393e503b4c5e360e86d4cf75de99b91.yaml
+++ b/nuclei-templates/2023/CVE-2023-1119-4393e503b4c5e360e86d4cf75de99b91.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-1119
   metadata:
-    fofa-query: "wp-content/plugins/srbtranslatin/"
-    google-query: inurl:"/wp-content/plugins/srbtranslatin/"
+    fofa-query: "wp-content/plugins/wp-optimize/"
+    google-query: inurl:"/wp-content/plugins/wp-optimize/"
     shodan-query: 'vuln:CVE-2023-1119'
-  tags: cve,wordpress,wp-plugin,srbtranslatin,medium
+  tags: cve,wordpress,wp-plugin,wp-optimize,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/srbtranslatin/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-optimize/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "srbtranslatin"
+          - "wp-optimize"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.4')
\ No newline at end of file
+          - compare_versions(version, '< 3.2.13')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-1120-c518ac9593781d65f764a219f04b0aec.yaml b/nuclei-templates/2023/CVE-2023-1120-c518ac9593781d65f764a219f04b0aec.yaml
index d6c1b68c97..73b477d5a9 100644
--- a/nuclei-templates/2023/CVE-2023-1120-c518ac9593781d65f764a219f04b0aec.yaml
+++ b/nuclei-templates/2023/CVE-2023-1120-c518ac9593781d65f764a219f04b0aec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Giveaways <= 2.45.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Giveaways plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/giveasap/"
     google-query: inurl:"/wp-content/plugins/giveasap/"
     shodan-query: 'vuln:CVE-2023-1120'
-  tags: cve,wordpress,wp-plugin,giveasap,medium
+  tags: cve,wordpress,wp-plugin,giveasap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1121-3d832eae81d276110b2fb05b6aea23b7.yaml b/nuclei-templates/2023/CVE-2023-1121-3d832eae81d276110b2fb05b6aea23b7.yaml
index b197fd6a78..46188eea53 100644
--- a/nuclei-templates/2023/CVE-2023-1121-3d832eae81d276110b2fb05b6aea23b7.yaml
+++ b/nuclei-templates/2023/CVE-2023-1121-3d832eae81d276110b2fb05b6aea23b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Giveaways <= 2.45.0 - Authenticated(Admin+) Stored Cross-Site Scripting via form fields
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Giveaways plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple form fields in versions up to, and including, 2.45.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/giveasap/"
     google-query: inurl:"/wp-content/plugins/giveasap/"
     shodan-query: 'vuln:CVE-2023-1121'
-  tags: cve,wordpress,wp-plugin,giveasap,medium
+  tags: cve,wordpress,wp-plugin,giveasap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1122-fece4721182fa2d84ab761adf04133ca.yaml b/nuclei-templates/2023/CVE-2023-1122-fece4721182fa2d84ab761adf04133ca.yaml
index e8925c22c4..534dd185ce 100644
--- a/nuclei-templates/2023/CVE-2023-1122-fece4721182fa2d84ab761adf04133ca.yaml
+++ b/nuclei-templates/2023/CVE-2023-1122-fece4721182fa2d84ab761adf04133ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Giveaways <= 2.45.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Form, Prize, and Sharing Method Fields
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Giveaways plugin for WordPress is vulnerable to Stored Cross-Site Scripting via certain form, prize, and sharing method fields in versions up to, and including, 2.45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/giveasap/"
     google-query: inurl:"/wp-content/plugins/giveasap/"
     shodan-query: 'vuln:CVE-2023-1122'
-  tags: cve,wordpress,wp-plugin,giveasap,medium
+  tags: cve,wordpress,wp-plugin,giveasap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1124-00935a43a6eeac3216e5733aff1322b8.yaml b/nuclei-templates/2023/CVE-2023-1124-00935a43a6eeac3216e5733aff1322b8.yaml
index 500b8f8af0..099deb15d5 100644
--- a/nuclei-templates/2023/CVE-2023-1124-00935a43a6eeac3216e5733aff1322b8.yaml
+++ b/nuclei-templates/2023/CVE-2023-1124-00935a43a6eeac3216e5733aff1322b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shopping Cart & eCommerce Store <= 5.4.2 - Authenticated (Admin+) Local File Inclusion via import_file_url
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 5.4.2 via the import_file_url parameter. This allows authenticated attackers, with administrator-level permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easycart/"
     google-query: inurl:"/wp-content/plugins/wp-easycart/"
     shodan-query: 'vuln:CVE-2023-1124'
-  tags: cve,wordpress,wp-plugin,wp-easycart,high
+  tags: cve,wordpress,wp-plugin,wp-easycart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1125-9346f7a9d2f3883e949e211cd3195670.yaml b/nuclei-templates/2023/CVE-2023-1125-9346f7a9d2f3883e949e211cd3195670.yaml
index f916ebadac..d3f68233c2 100644
--- a/nuclei-templates/2023/CVE-2023-1125-9346f7a9d2f3883e949e211cd3195670.yaml
+++ b/nuclei-templates/2023/CVE-2023-1125-9346f7a9d2f3883e949e211cd3195670.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ruby Help Desk <= 1.3.3 - Missing Authorization to Arbitrary Ticket Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ruby Help Desk plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the process_ticket_reply function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to update arbitrary tickets in the system.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ruby-help-desk/"
     google-query: inurl:"/wp-content/plugins/ruby-help-desk/"
     shodan-query: 'vuln:CVE-2023-1125'
-  tags: cve,wordpress,wp-plugin,ruby-help-desk,medium
+  tags: cve,wordpress,wp-plugin,ruby-help-desk,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1126-6baff9c0f37923203f19e1b9ed3bec89.yaml b/nuclei-templates/2023/CVE-2023-1126-6baff9c0f37923203f19e1b9ed3bec89.yaml
index 8dcb507fd6..a45f26536c 100644
--- a/nuclei-templates/2023/CVE-2023-1126-6baff9c0f37923203f19e1b9ed3bec89.yaml
+++ b/nuclei-templates/2023/CVE-2023-1126-6baff9c0f37923203f19e1b9ed3bec89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP FEvents Book <= 0.46 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP FEvents Book plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fevents-book/"
     google-query: inurl:"/wp-content/plugins/wp-fevents-book/"
     shodan-query: 'vuln:CVE-2023-1126'
-  tags: cve,wordpress,wp-plugin,wp-fevents-book,medium
+  tags: cve,wordpress,wp-plugin,wp-fevents-book,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1129-0b46297c5a1cfd566b6a7dde332d02ec.yaml b/nuclei-templates/2023/CVE-2023-1129-0b46297c5a1cfd566b6a7dde332d02ec.yaml
index 16e0640d92..db7356b629 100644
--- a/nuclei-templates/2023/CVE-2023-1129-0b46297c5a1cfd566b6a7dde332d02ec.yaml
+++ b/nuclei-templates/2023/CVE-2023-1129-0b46297c5a1cfd566b6a7dde332d02ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP FEvents Book <= 0.46 - Authenticated (Subscriber+) Insecure Direct Object Reference to Booking Manipulation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP FEvents Book plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to insufficient controls on the userID controlled via the showform_fevent6 function in versions up to, and including, 0.46. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to manipulate booking data for any user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fevents-book/"
     google-query: inurl:"/wp-content/plugins/wp-fevents-book/"
     shodan-query: 'vuln:CVE-2023-1129'
-  tags: cve,wordpress,wp-plugin,wp-fevents-book,medium
+  tags: cve,wordpress,wp-plugin,wp-fevents-book,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1155-2f7ae6b5d7fdabeafa201dc90bcb50c1.yaml b/nuclei-templates/2023/CVE-2023-1155-2f7ae6b5d7fdabeafa201dc90bcb50c1.yaml
index 861532a86d..17abc55aeb 100644
--- a/nuclei-templates/2023/CVE-2023-1155-2f7ae6b5d7fdabeafa201dc90bcb50c1.yaml
+++ b/nuclei-templates/2023/CVE-2023-1155-2f7ae6b5d7fdabeafa201dc90bcb50c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-projects/"
     google-query: inurl:"/wp-content/plugins/nd-projects/"
     shodan-query: 'vuln:CVE-2023-1155'
-  tags: cve,wordpress,wp-plugin,nd-projects,medium
+  tags: cve,wordpress,wp-plugin,nd-projects,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1159-1609915cce06136e2f0af7da1d5a5d40.yaml b/nuclei-templates/2023/CVE-2023-1159-1609915cce06136e2f0af7da1d5a5d40.yaml
index 480aaa42e9..49f0a1efb2 100644
--- a/nuclei-templates/2023/CVE-2023-1159-1609915cce06136e2f0af7da1d5a5d40.yaml
+++ b/nuclei-templates/2023/CVE-2023-1159-1609915cce06136e2f0af7da1d5a5d40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bookly <= 21.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/"
     google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/"
     shodan-query: 'vuln:CVE-2023-1159'
-  tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,medium
+  tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1166-0a55a8c44319eebd91a4589219732011.yaml b/nuclei-templates/2023/CVE-2023-1166-0a55a8c44319eebd91a4589219732011.yaml
index 4dcb2066c6..e3b823b6de 100644
--- a/nuclei-templates/2023/CVE-2023-1166-0a55a8c44319eebd91a4589219732011.yaml
+++ b/nuclei-templates/2023/CVE-2023-1166-0a55a8c44319eebd91a4589219732011.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     USM Premium <= 16.2 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The USM Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 16.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/Ultimate-Premium-Plugin/"
     google-query: inurl:"/wp-content/plugins/Ultimate-Premium-Plugin/"
     shodan-query: 'vuln:CVE-2023-1166'
-  tags: cve,wordpress,wp-plugin,Ultimate-Premium-Plugin,medium
+  tags: cve,wordpress,wp-plugin,Ultimate-Premium-Plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1166-50ee1df3b648d8ffe7c8bf72d2de42cd.yaml b/nuclei-templates/2023/CVE-2023-1166-50ee1df3b648d8ffe7c8bf72d2de42cd.yaml
index 9ec41d9fbc..9bb74fd0c6 100644
--- a/nuclei-templates/2023/CVE-2023-1166-50ee1df3b648d8ffe7c8bf72d2de42cd.yaml
+++ b/nuclei-templates/2023/CVE-2023-1166-50ee1df3b648d8ffe7c8bf72d2de42cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Share Buttons & Social Sharing Icons <= 2.8.1 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.8.1  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-social-media-icons/"
     google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/"
     shodan-query: 'vuln:CVE-2023-1166'
-  tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,medium
+  tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1169-1ec906f849b052ad86a65e59b4ad588d.yaml b/nuclei-templates/2023/CVE-2023-1169-1ec906f849b052ad86a65e59b4ad588d.yaml
index 32048f6bf8..12c0b34945 100644
--- a/nuclei-templates/2023/CVE-2023-1169-1ec906f849b052ad86a65e59b4ad588d.yaml
+++ b/nuclei-templates/2023/CVE-2023-1169-1ec906f849b052ad86a65e59b4ad588d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ooohboi-steroids-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ooohboi-steroids-for-elementor/"
     shodan-query: 'vuln:CVE-2023-1169'
-  tags: cve,wordpress,wp-plugin,ooohboi-steroids-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ooohboi-steroids-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1196-5ab0380f0225cb3f813fd2faf9e0804b.yaml b/nuclei-templates/2023/CVE-2023-1196-5ab0380f0225cb3f813fd2faf9e0804b.yaml
index 26c5e6d4e7..b6b4afc675 100644
--- a/nuclei-templates/2023/CVE-2023-1196-5ab0380f0225cb3f813fd2faf9e0804b.yaml
+++ b/nuclei-templates/2023/CVE-2023-1196-5ab0380f0225cb3f813fd2faf9e0804b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields <= 6.0.7 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Advanced Custom Fields plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.0.7 via deserialization of untrusted input in custom field values. This makes it possible for authenticated attackers, with contributor-level permissions, and above to inject a PHP Object. No POP chain appears to be present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-custom-fields/"
     google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
     shodan-query: 'vuln:CVE-2023-1196'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,high
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1207-5f2adc5ca6dedc40903aa1f1e563d920.yaml b/nuclei-templates/2023/CVE-2023-1207-5f2adc5ca6dedc40903aa1f1e563d920.yaml
index ab165c9af0..4ac6ec1d05 100644
--- a/nuclei-templates/2023/CVE-2023-1207-5f2adc5ca6dedc40903aa1f1e563d920.yaml
+++ b/nuclei-templates/2023/CVE-2023-1207-5f2adc5ca6dedc40903aa1f1e563d920.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HTTP Headers plugin for WordPress is vulnerable to SQL Injection via the 'http_headers_post_import' and 'http_headers_post_export' functions in versions up to, and including, 1.18.8 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that 1.18.8 provided a partial patch by restricting this capability to Super Administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/http-headers/"
     google-query: inurl:"/wp-content/plugins/http-headers/"
     shodan-query: 'vuln:CVE-2023-1207'
-  tags: cve,wordpress,wp-plugin,http-headers,medium
+  tags: cve,wordpress,wp-plugin,http-headers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1208-15a164b8d7acefaa3a7ae7d37647554e.yaml b/nuclei-templates/2023/CVE-2023-1208-15a164b8d7acefaa3a7ae7d37647554e.yaml
index e4e9d96f52..78718a0448 100644
--- a/nuclei-templates/2023/CVE-2023-1208-15a164b8d7acefaa3a7ae7d37647554e.yaml
+++ b/nuclei-templates/2023/CVE-2023-1208-15a164b8d7acefaa3a7ae7d37647554e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTTP Headers <= 1.18.10 - Authenticated(Administrator+) Remote Code Execution
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HTTP Headers plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.18.10 via the 'http_headers_pre_update_option' function. This allows authenticated attackers with administrator-level permissions to write files and execute code on the server. The issue was partially fixed in 1.18.10 but not fully fixed until 1.18.11.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/http-headers/"
     google-query: inurl:"/wp-content/plugins/http-headers/"
     shodan-query: 'vuln:CVE-2023-1208'
-  tags: cve,wordpress,wp-plugin,http-headers,medium
+  tags: cve,wordpress,wp-plugin,http-headers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1259-28e170e893975e3ad314a1e6dd206e77.yaml b/nuclei-templates/2023/CVE-2023-1259-28e170e893975e3ad314a1e6dd206e77.yaml
index febfe19340..94fb1bd63a 100644
--- a/nuclei-templates/2023/CVE-2023-1259-28e170e893975e3ad314a1e6dd206e77.yaml
+++ b/nuclei-templates/2023/CVE-2023-1259-28e170e893975e3ad314a1e6dd206e77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hotjar <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hotjar/"
     google-query: inurl:"/wp-content/plugins/hotjar/"
     shodan-query: 'vuln:CVE-2023-1259'
-  tags: cve,wordpress,wp-plugin,hotjar,medium
+  tags: cve,wordpress,wp-plugin,hotjar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1273-bce590a02f073327d2ec7a566a982db1.yaml b/nuclei-templates/2023/CVE-2023-1273-bce590a02f073327d2ec7a566a982db1.yaml
index 39c412df92..d54b3db87c 100644
--- a/nuclei-templates/2023/CVE-2023-1273-bce590a02f073327d2ec7a566a982db1.yaml
+++ b/nuclei-templates/2023/CVE-2023-1273-bce590a02f073327d2ec7a566a982db1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ND Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 6.9 the plugin's shortcodes. This allows authenticated attackers with subscriber-level permissions, and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-shortcodes/"
     google-query: inurl:"/wp-content/plugins/nd-shortcodes/"
     shodan-query: 'vuln:CVE-2023-1273'
-  tags: cve,wordpress,wp-plugin,nd-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,nd-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1274-ea2779881d033f74603b414138c61a0a.yaml b/nuclei-templates/2023/CVE-2023-1274-ea2779881d033f74603b414138c61a0a.yaml
index 97c4b476df..e27d29d1a5 100644
--- a/nuclei-templates/2023/CVE-2023-1274-ea2779881d033f74603b414138c61a0a.yaml
+++ b/nuclei-templates/2023/CVE-2023-1274-ea2779881d033f74603b414138c61a0a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 2.0 - Authenticated (Subscriber+) Local File Inclusion via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Pricing Tables For WPBakery Page Builder plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0 via Shortcode. This allows subscriber-level attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pricing-tables-for-wpbakery-page-builder/"
     google-query: inurl:"/wp-content/plugins/pricing-tables-for-wpbakery-page-builder/"
     shodan-query: 'vuln:CVE-2023-1274'
-  tags: cve,wordpress,wp-plugin,pricing-tables-for-wpbakery-page-builder,high
+  tags: cve,wordpress,wp-plugin,pricing-tables-for-wpbakery-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1323-53951cc6c6fc3a1b6dbee499dbf71331.yaml b/nuclei-templates/2023/CVE-2023-1323-53951cc6c6fc3a1b6dbee499dbf71331.yaml
index 295944aab6..bfb27344e0 100644
--- a/nuclei-templates/2023/CVE-2023-1323-53951cc6c6fc3a1b6dbee499dbf71331.yaml
+++ b/nuclei-templates/2023/CVE-2023-1323-53951cc6c6fc3a1b6dbee499dbf71331.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Forms for Mailchimp <= 6.8.8 - Authenticated (Administrator+) Cross-Site Scripting via Form Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  Easy Forms for Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Name in versions up to, and including, 6.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/"
     google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/"
     shodan-query: 'vuln:CVE-2023-1323'
-  tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,medium
+  tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1325-fe922fd0e38d640f64cea8429582a5c0.yaml b/nuclei-templates/2023/CVE-2023-1325-fe922fd0e38d640f64cea8429582a5c0.yaml
index aa67a79ce8..cd3673b7de 100644
--- a/nuclei-templates/2023/CVE-2023-1325-fe922fd0e38d640f64cea8429582a5c0.yaml
+++ b/nuclei-templates/2023/CVE-2023-1325-fe922fd0e38d640f64cea8429582a5c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Forms for MailChimp <= 6.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Forms for MailChimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 6.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/"
     google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/"
     shodan-query: 'vuln:CVE-2023-1325'
-  tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,medium
+  tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1333-9a0b6c64179538a07b644a9798c3ccee.yaml b/nuclei-templates/2023/CVE-2023-1333-9a0b6c64179538a07b644a9798c3ccee.yaml
index 5ed4b9cb38..a52d11fe92 100644
--- a/nuclei-templates/2023/CVE-2023-1333-9a0b6c64179538a07b644a9798c3ccee.yaml
+++ b/nuclei-templates/2023/CVE-2023-1333-9a0b6c64179538a07b644a9798c3ccee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_page_cache'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unusedcss/"
     google-query: inurl:"/wp-content/plugins/unusedcss/"
     shodan-query: 'vuln:CVE-2023-1333'
-  tags: cve,wordpress,wp-plugin,unusedcss,medium
+  tags: cve,wordpress,wp-plugin,unusedcss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1334-2a1f9d077aaf4e3fadb41e60e62e6854.yaml b/nuclei-templates/2023/CVE-2023-1334-2a1f9d077aaf4e3fadb41e60e62e6854.yaml
index 326036c312..47910f7c95 100644
--- a/nuclei-templates/2023/CVE-2023-1334-2a1f9d077aaf4e3fadb41e60e62e6854.yaml
+++ b/nuclei-templates/2023/CVE-2023-1334-2a1f9d077aaf4e3fadb41e60e62e6854.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'queue_posts'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unusedcss/"
     google-query: inurl:"/wp-content/plugins/unusedcss/"
     shodan-query: 'vuln:CVE-2023-1334'
-  tags: cve,wordpress,wp-plugin,unusedcss,medium
+  tags: cve,wordpress,wp-plugin,unusedcss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1335-dea1282ba49458404fbdca77bb502b69.yaml b/nuclei-templates/2023/CVE-2023-1335-dea1282ba49458404fbdca77bb502b69.yaml
index 79da25cbfa..ae8d6f158a 100644
--- a/nuclei-templates/2023/CVE-2023-1335-dea1282ba49458404fbdca77bb502b69.yaml
+++ b/nuclei-templates/2023/CVE-2023-1335-dea1282ba49458404fbdca77bb502b69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ucss_connect'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unusedcss/"
     google-query: inurl:"/wp-content/plugins/unusedcss/"
     shodan-query: 'vuln:CVE-2023-1335'
-  tags: cve,wordpress,wp-plugin,unusedcss,medium
+  tags: cve,wordpress,wp-plugin,unusedcss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1336-7fabd60d3b2198be95329f47bacc886f.yaml b/nuclei-templates/2023/CVE-2023-1336-7fabd60d3b2198be95329f47bacc886f.yaml
index a28d6e702b..ace50a7ca5 100644
--- a/nuclei-templates/2023/CVE-2023-1336-7fabd60d3b2198be95329f47bacc886f.yaml
+++ b/nuclei-templates/2023/CVE-2023-1336-7fabd60d3b2198be95329f47bacc886f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ajax_deactivate'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unusedcss/"
     google-query: inurl:"/wp-content/plugins/unusedcss/"
     shodan-query: 'vuln:CVE-2023-1336'
-  tags: cve,wordpress,wp-plugin,unusedcss,medium
+  tags: cve,wordpress,wp-plugin,unusedcss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1337-76ac5b6d638212e0347ed800db5531d1.yaml b/nuclei-templates/2023/CVE-2023-1337-76ac5b6d638212e0347ed800db5531d1.yaml
index f89cf4031f..3480c512ba 100644
--- a/nuclei-templates/2023/CVE-2023-1337-76ac5b6d638212e0347ed800db5531d1.yaml
+++ b/nuclei-templates/2023/CVE-2023-1337-76ac5b6d638212e0347ed800db5531d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unusedcss/"
     google-query: inurl:"/wp-content/plugins/unusedcss/"
     shodan-query: 'vuln:CVE-2023-1337'
-  tags: cve,wordpress,wp-plugin,unusedcss,medium
+  tags: cve,wordpress,wp-plugin,unusedcss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1338-a0e3ff5d3be6b2d76d2f97e392703cee.yaml b/nuclei-templates/2023/CVE-2023-1338-a0e3ff5d3be6b2d76d2f97e392703cee.yaml
index 056de6f43b..5712461f9e 100644
--- a/nuclei-templates/2023/CVE-2023-1338-a0e3ff5d3be6b2d76d2f97e392703cee.yaml
+++ b/nuclei-templates/2023/CVE-2023-1338-a0e3ff5d3be6b2d76d2f97e392703cee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'attach_rule'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unusedcss/"
     google-query: inurl:"/wp-content/plugins/unusedcss/"
     shodan-query: 'vuln:CVE-2023-1338'
-  tags: cve,wordpress,wp-plugin,unusedcss,medium
+  tags: cve,wordpress,wp-plugin,unusedcss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1339-0fee961f47a5a9afb9a972a5a5342a98.yaml b/nuclei-templates/2023/CVE-2023-1339-0fee961f47a5a9afb9a972a5a5342a98.yaml
index 7eb54ea1c2..219ce63a6d 100644
--- a/nuclei-templates/2023/CVE-2023-1339-0fee961f47a5a9afb9a972a5a5342a98.yaml
+++ b/nuclei-templates/2023/CVE-2023-1339-0fee961f47a5a9afb9a972a5a5342a98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'uucss_update_rule'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unusedcss/"
     google-query: inurl:"/wp-content/plugins/unusedcss/"
     shodan-query: 'vuln:CVE-2023-1339'
-  tags: cve,wordpress,wp-plugin,unusedcss,medium
+  tags: cve,wordpress,wp-plugin,unusedcss,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1347-6aade0ab1cd3e84f1c328d12c13c28e5.yaml b/nuclei-templates/2023/CVE-2023-1347-6aade0ab1cd3e84f1c328d12c13c28e5.yaml
index f8b42a5d10..681ebf5a7b 100644
--- a/nuclei-templates/2023/CVE-2023-1347-6aade0ab1cd3e84f1c328d12c13c28e5.yaml
+++ b/nuclei-templates/2023/CVE-2023-1347-6aade0ab1cd3e84f1c328d12c13c28e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customizer Export/Import <= 0.9.5 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Customizer Export/Import for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 0.9.5  via deserialization of untrusted input from an imported file. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customizer-export-import/"
     google-query: inurl:"/wp-content/plugins/customizer-export-import/"
     shodan-query: 'vuln:CVE-2023-1347'
-  tags: cve,wordpress,wp-plugin,customizer-export-import,high
+  tags: cve,wordpress,wp-plugin,customizer-export-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1374-a159294bbf51e0b7e5b555bc0921d9bf.yaml b/nuclei-templates/2023/CVE-2023-1374-a159294bbf51e0b7e5b555bc0921d9bf.yaml
index 841d7d27b6..6a94a19f13 100644
--- a/nuclei-templates/2023/CVE-2023-1374-a159294bbf51e0b7e5b555bc0921d9bf.yaml
+++ b/nuclei-templates/2023/CVE-2023-1374-a159294bbf51e0b7e5b555bc0921d9bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Solidres <= 0.9.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currency_name' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/solidres/"
     google-query: inurl:"/wp-content/plugins/solidres/"
     shodan-query: 'vuln:CVE-2023-1374'
-  tags: cve,wordpress,wp-plugin,solidres,medium
+  tags: cve,wordpress,wp-plugin,solidres,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1375-528f5db23cd029b151a95682806084f9.yaml b/nuclei-templates/2023/CVE-2023-1375-528f5db23cd029b151a95682806084f9.yaml
index 8bc0e8e093..3d70ed56de 100644
--- a/nuclei-templates/2023/CVE-2023-1375-528f5db23cd029b151a95682806084f9.yaml
+++ b/nuclei-templates/2023/CVE-2023-1375-528f5db23cd029b151a95682806084f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 1.1.2 - Missing Authorization to Cache Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2023-1375'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1381-9ba2b29c37ba8aee356eadac5eafa36d.yaml b/nuclei-templates/2023/CVE-2023-1381-9ba2b29c37ba8aee356eadac5eafa36d.yaml
index 1b7d3d3626..ccf1f96a82 100644
--- a/nuclei-templates/2023/CVE-2023-1381-9ba2b29c37ba8aee356eadac5eafa36d.yaml
+++ b/nuclei-templates/2023/CVE-2023-1381-9ba2b29c37ba8aee356eadac5eafa36d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meta SEO <= 4.5.4 - Authenticated (Author+) PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Meta SEO plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.5.4 due to insufficient file path validation that makes it possible for attackers to supply paths to files with a phar:// wrapper that will unserialize during retrieval. This makes it possible for authenticated attackers, with author-level permissions and above, to inject a PHP Object. The plugin does contain a useable gadget chain that may make remote execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-seo/"
     google-query: inurl:"/wp-content/plugins/wp-meta-seo/"
     shodan-query: 'vuln:CVE-2023-1381'
-  tags: cve,wordpress,wp-plugin,wp-meta-seo,high
+  tags: cve,wordpress,wp-plugin,wp-meta-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1400-042678d5382067c26f9d9ead263e484c.yaml b/nuclei-templates/2023/CVE-2023-1400-042678d5382067c26f9d9ead263e484c.yaml
index bfbc8dd26b..bbd126dd60 100644
--- a/nuclei-templates/2023/CVE-2023-1400-042678d5382067c26f9d9ead263e484c.yaml
+++ b/nuclei-templates/2023/CVE-2023-1400-042678d5382067c26f9d9ead263e484c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar lite < 6.10.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, and including, 6.10.5  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2023-1400'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1403-13c73556a747c83cbb4df9719464f4fd.yaml b/nuclei-templates/2023/CVE-2023-1403-13c73556a747c83cbb4df9719464f4fd.yaml
index 017678ab17..ab90675ca6 100644
--- a/nuclei-templates/2023/CVE-2023-1403-13c73556a747c83cbb4df9719464f4fd.yaml
+++ b/nuclei-templates/2023/CVE-2023-1403-13c73556a747c83cbb4df9719464f4fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/weaver-xtreme/"
     google-query: inurl:"/wp-content/themes/weaver-xtreme/"
     shodan-query: 'vuln:CVE-2023-1403'
-  tags: cve,wordpress,wp-theme,weaver-xtreme,medium
+  tags: cve,wordpress,wp-theme,weaver-xtreme,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1404-0e821b289513241b63396beff87653b4.yaml b/nuclei-templates/2023/CVE-2023-1404-0e821b289513241b63396beff87653b4.yaml
index 4a8ec256ab..21399295c9 100644
--- a/nuclei-templates/2023/CVE-2023-1404-0e821b289513241b63396beff87653b4.yaml
+++ b/nuclei-templates/2023/CVE-2023-1404-0e821b289513241b63396beff87653b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weaver Show Posts <= 1.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/show-posts/"
     google-query: inurl:"/wp-content/plugins/show-posts/"
     shodan-query: 'vuln:CVE-2023-1404'
-  tags: cve,wordpress,wp-plugin,show-posts,medium
+  tags: cve,wordpress,wp-plugin,show-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1406-1671dddc3e7743782d8ec72b0e2ab60c.yaml b/nuclei-templates/2023/CVE-2023-1406-1671dddc3e7743782d8ec72b0e2ab60c.yaml
index 54d7cc6bed..dfc09437fe 100644
--- a/nuclei-templates/2023/CVE-2023-1406-1671dddc3e7743782d8ec72b0e2ab60c.yaml
+++ b/nuclei-templates/2023/CVE-2023-1406-1671dddc3e7743782d8ec72b0e2ab60c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crocoblock JetEngine <= 3.1.3 - Authenticated(Author+) Arbitrary File Upload to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Crocoblock JetEngine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including, 3.1.3. This makes it possible for authenticated attackers with author-level permissions and above to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jet-engine/"
     google-query: inurl:"/wp-content/plugins/jet-engine/"
     shodan-query: 'vuln:CVE-2023-1406'
-  tags: cve,wordpress,wp-plugin,jet-engine,high
+  tags: cve,wordpress,wp-plugin,jet-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1408-0641eb85b540308df0a59914e6860d1d.yaml b/nuclei-templates/2023/CVE-2023-1408-0641eb85b540308df0a59914e6860d1d.yaml
index a040ed187e..36df9ef0a3 100644
--- a/nuclei-templates/2023/CVE-2023-1408-0641eb85b540308df0a59914e6860d1d.yaml
+++ b/nuclei-templates/2023/CVE-2023-1408-0641eb85b540308df0a59914e6860d1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video List Manager <= 1.7 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Video List Manager plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-list-manager/"
     google-query: inurl:"/wp-content/plugins/video-list-manager/"
     shodan-query: 'vuln:CVE-2023-1408'
-  tags: cve,wordpress,wp-plugin,video-list-manager,high
+  tags: cve,wordpress,wp-plugin,video-list-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1414-30df02f445ade717ac7c0e2991062171.yaml b/nuclei-templates/2023/CVE-2023-1414-30df02f445ade717ac7c0e2991062171.yaml
index 8014f630c0..fa7a478aed 100644
--- a/nuclei-templates/2023/CVE-2023-1414-30df02f445ade717ac7c0e2991062171.yaml
+++ b/nuclei-templates/2023/CVE-2023-1414-30df02f445ade717ac7c0e2991062171.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP VR <= 8.2.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP VR plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an AJAX action in versions up to, and including, 8.2.9. This makes it possible for subscriber-level attackers to update tours.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvr/"
     google-query: inurl:"/wp-content/plugins/wpvr/"
     shodan-query: 'vuln:CVE-2023-1414'
-  tags: cve,wordpress,wp-plugin,wpvr,medium
+  tags: cve,wordpress,wp-plugin,wpvr,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1420-83c0864a3df9b4d7703e76d7c2b55658.yaml b/nuclei-templates/2023/CVE-2023-1420-83c0864a3df9b4d7703e76d7c2b55658.yaml
index 6484ab08ac..12f9041256 100644
--- a/nuclei-templates/2023/CVE-2023-1420-83c0864a3df9b4d7703e76d7c2b55658.yaml
+++ b/nuclei-templates/2023/CVE-2023-1420-83c0864a3df9b4d7703e76d7c2b55658.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ajax Search Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-search-lite/"
     google-query: inurl:"/wp-content/plugins/ajax-search-lite/"
     shodan-query: 'vuln:CVE-2023-1420'
-  tags: cve,wordpress,wp-plugin,ajax-search-lite,high
+  tags: cve,wordpress,wp-plugin,ajax-search-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1425-5c29a3cc888c2b8f4800d87269906f2c.yaml b/nuclei-templates/2023/CVE-2023-1425-5c29a3cc888c2b8f4800d87269906f2c.yaml
index bc2f2db80c..dbe3560f99 100644
--- a/nuclei-templates/2023/CVE-2023-1425-5c29a3cc888c2b8f4800d87269906f2c.yaml
+++ b/nuclei-templates/2023/CVE-2023-1425-5c29a3cc888c2b8f4800d87269906f2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Groundhogg <= 2.7.9.3 - Authenticated (Administrator)+ SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Groundhogg  plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.7.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level users to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/groundhogg/"
     google-query: inurl:"/wp-content/plugins/groundhogg/"
     shodan-query: 'vuln:CVE-2023-1425'
-  tags: cve,wordpress,wp-plugin,groundhogg,high
+  tags: cve,wordpress,wp-plugin,groundhogg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1426-b470f5de6fb2ae7a347b8e6eaf7d8ee9.yaml b/nuclei-templates/2023/CVE-2023-1426-b470f5de6fb2ae7a347b8e6eaf7d8ee9.yaml
index 600eae0441..3be67924d6 100644
--- a/nuclei-templates/2023/CVE-2023-1426-b470f5de6fb2ae7a347b8e6eaf7d8ee9.yaml
+++ b/nuclei-templates/2023/CVE-2023-1426-b470f5de6fb2ae7a347b8e6eaf7d8ee9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Tiles <= 1.1.2 - Authenticated(Subscriber+) Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Tiles plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.1.2 via the 'get_posts' AJAX function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including the titles of private or draft posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-tiles/"
     google-query: inurl:"/wp-content/plugins/wp-tiles/"
     shodan-query: 'vuln:CVE-2023-1426'
-  tags: cve,wordpress,wp-plugin,wp-tiles,medium
+  tags: cve,wordpress,wp-plugin,wp-tiles,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1427-be54fbb88b07e1793c0aea3459743537.yaml b/nuclei-templates/2023/CVE-2023-1427-be54fbb88b07e1793c0aea3459743537.yaml
index 18b0a45790..c41e26d494 100644
--- a/nuclei-templates/2023/CVE-2023-1427-be54fbb88b07e1793c0aea3459743537.yaml
+++ b/nuclei-templates/2023/CVE-2023-1427-be54fbb88b07e1793c0aea3459743537.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Gallery plugin by 10Web for WordPress is vulnerable to Directory Traversal in versions up to, and including, 1.8.14 via the dir parameter. This allows authenticated attackers with administrator-level permissions to upload files to arbitrary directories on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2023-1427'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1469-ba0174f27e21e2789733491b8587f8b7.yaml b/nuclei-templates/2023/CVE-2023-1469-ba0174f27e21e2789733491b8587f8b7.yaml
index bb34027dfd..d9c603e7fc 100644
--- a/nuclei-templates/2023/CVE-2023-1469-ba0174f27e21e2789733491b8587f8b7.yaml
+++ b/nuclei-templates/2023/CVE-2023-1469-ba0174f27e21e2789733491b8587f8b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Express Checkout <= 2.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting via pec_coupon[code]
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-express-checkout/"
     google-query: inurl:"/wp-content/plugins/wp-express-checkout/"
     shodan-query: 'vuln:CVE-2023-1469'
-  tags: cve,wordpress,wp-plugin,wp-express-checkout,medium
+  tags: cve,wordpress,wp-plugin,wp-express-checkout,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1470-90a088835020a5c787dfade0eee8a2e0.yaml b/nuclei-templates/2023/CVE-2023-1470-90a088835020a5c787dfade0eee8a2e0.yaml
index 6fc48766e9..c188124436 100644
--- a/nuclei-templates/2023/CVE-2023-1470-90a088835020a5c787dfade0eee8a2e0.yaml
+++ b/nuclei-templates/2023/CVE-2023-1470-90a088835020a5c787dfade0eee8a2e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eCommerce Product Catalog plugin for WordPress <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ecommerce-product-catalog/"
     google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/"
     shodan-query: 'vuln:CVE-2023-1470'
-  tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,medium
+  tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1471-10b51d35ae6aafbea477ae24a9c22ccc.yaml b/nuclei-templates/2023/CVE-2023-1471-10b51d35ae6aafbea477ae24a9c22ccc.yaml
index c995e3d6da..afa876ccd9 100644
--- a/nuclei-templates/2023/CVE-2023-1471-10b51d35ae6aafbea477ae24a9c22ccc.yaml
+++ b/nuclei-templates/2023/CVE-2023-1471-10b51d35ae6aafbea477ae24a9c22ccc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'banner_id' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-popup-banners/"
     google-query: inurl:"/wp-content/plugins/wp-popup-banners/"
     shodan-query: 'vuln:CVE-2023-1471'
-  tags: cve,wordpress,wp-plugin,wp-popup-banners,high
+  tags: cve,wordpress,wp-plugin,wp-popup-banners,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1509-99958bc5af6b387619c59f0368c5fbd3.yaml b/nuclei-templates/2023/CVE-2023-1509-99958bc5af6b387619c59f0368c5fbd3.yaml
index 1d1799dd8c..acb797be54 100644
--- a/nuclei-templates/2023/CVE-2023-1509-99958bc5af6b387619c59f0368c5fbd3.yaml
+++ b/nuclei-templates/2023/CVE-2023-1509-99958bc5af6b387619c59f0368c5fbd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmace_manager_server function called via the wp_ajax_gmace_manager AJAX action. This makes it possible for unauthenticated attackers to modify arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gmace/"
     google-query: inurl:"/wp-content/plugins/gmace/"
     shodan-query: 'vuln:CVE-2023-1509'
-  tags: cve,wordpress,wp-plugin,gmace,high
+  tags: cve,wordpress,wp-plugin,gmace,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1525-dc0678502bda1f209b1b74a11263e93c.yaml b/nuclei-templates/2023/CVE-2023-1525-dc0678502bda1f209b1b74a11263e93c.yaml
index 066f74f31d..5630941d52 100644
--- a/nuclei-templates/2023/CVE-2023-1525-dc0678502bda1f209b1b74a11263e93c.yaml
+++ b/nuclei-templates/2023/CVE-2023-1525-dc0678502bda1f209b1b74a11263e93c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Reviews <= 6.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-reviews/"
     google-query: inurl:"/wp-content/plugins/site-reviews/"
     shodan-query: 'vuln:CVE-2023-1525'
-  tags: cve,wordpress,wp-plugin,site-reviews,medium
+  tags: cve,wordpress,wp-plugin,site-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1549-e9f3d7aebb0ed7cd4a6a52dea34e70b2.yaml b/nuclei-templates/2023/CVE-2023-1549-e9f3d7aebb0ed7cd4a6a52dea34e70b2.yaml
index 06ccbfcce7..42a5345941 100644
--- a/nuclei-templates/2023/CVE-2023-1549-e9f3d7aebb0ed7cd4a6a52dea34e70b2.yaml
+++ b/nuclei-templates/2023/CVE-2023-1549-e9f3d7aebb0ed7cd4a6a52dea34e70b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ad Inserter <= 2.7.25 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ad Inserter plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.7.25 via deserialization of untrusted input from the $exported_settings variable when importing settings. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ad-inserter/"
     google-query: inurl:"/wp-content/plugins/ad-inserter/"
     shodan-query: 'vuln:CVE-2023-1549'
-  tags: cve,wordpress,wp-plugin,ad-inserter,high
+  tags: cve,wordpress,wp-plugin,ad-inserter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1554-e5b4920cbbb8f5f8f7e1a259b30101c9.yaml b/nuclei-templates/2023/CVE-2023-1554-e5b4920cbbb8f5f8f7e1a259b30101c9.yaml
index c683bd51d7..31094312de 100644
--- a/nuclei-templates/2023/CVE-2023-1554-e5b4920cbbb8f5f8f7e1a259b30101c9.yaml
+++ b/nuclei-templates/2023/CVE-2023-1554-e5b4920cbbb8f5f8f7e1a259b30101c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Paypal Payments <= 5.7.26.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick Paypal Payments for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.7.26.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-paypal-payments/"
     google-query: inurl:"/wp-content/plugins/quick-paypal-payments/"
     shodan-query: 'vuln:CVE-2023-1554'
-  tags: cve,wordpress,wp-plugin,quick-paypal-payments,medium
+  tags: cve,wordpress,wp-plugin,quick-paypal-payments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1575-3c9418584b935e41a1f48b31c0a5f181.yaml b/nuclei-templates/2023/CVE-2023-1575-3c9418584b935e41a1f48b31c0a5f181.yaml
index 5124e9296e..9749278834 100644
--- a/nuclei-templates/2023/CVE-2023-1575-3c9418584b935e41a1f48b31c0a5f181.yaml
+++ b/nuclei-templates/2023/CVE-2023-1575-3c9418584b935e41a1f48b31c0a5f181.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mega Main Menu <=  2.2.2 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mega_main_menu/"
     google-query: inurl:"/wp-content/plugins/mega_main_menu/"
     shodan-query: 'vuln:CVE-2023-1575'
-  tags: cve,wordpress,wp-plugin,mega_main_menu,medium
+  tags: cve,wordpress,wp-plugin,mega_main_menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1597-e9eec5a929c2311a5540a7010e91443f.yaml b/nuclei-templates/2023/CVE-2023-1597-e9eec5a929c2311a5540a7010e91443f.yaml
index 0a0a646522..a2f0323fdb 100644
--- a/nuclei-templates/2023/CVE-2023-1597-e9eec5a929c2311a5540a7010e91443f.yaml
+++ b/nuclei-templates/2023/CVE-2023-1597-e9eec5a929c2311a5540a7010e91443f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The tagDiv Cloud Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tdb_user_form_on_submit() function called via an AJAX action in versions prior to 2.7. This makes it possible for unauthenticated attackers to modify arbitrary user metadata and gain elevated privileges.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2023-1597
   metadata:
-    fofa-query: "wp-content/themes/Newspaper/"
-    google-query: inurl:"/wp-content/themes/Newspaper/"
+    fofa-query: "wp-content/plugins/td-cloud-library/"
+    google-query: inurl:"/wp-content/plugins/td-cloud-library/"
     shodan-query: 'vuln:CVE-2023-1597'
-  tags: cve,wordpress,wp-theme,Newspaper,critical
+  tags: cve,wordpress,wp-plugin,td-cloud-library,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/Newspaper/style.css"
+      - "{{BaseURL}}/wp-content/plugins/td-cloud-library/readme.txt"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Version: ([0-9.]+)"
+          - "(?mi)Stable tag: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Version: ([0-9.]+)"
+          - "(?mi)Stable tag: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "Newspaper"
+          - "td-cloud-library"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 12.3')
\ No newline at end of file
+          - compare_versions(version, '< 2.7')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-1602-6098ffaf0f2018e72b2fddb1b0994b64.yaml b/nuclei-templates/2023/CVE-2023-1602-6098ffaf0f2018e72b2fddb1b0994b64.yaml
index 44d2c929d5..b61c4e0bb6 100644
--- a/nuclei-templates/2023/CVE-2023-1602-6098ffaf0f2018e72b2fddb1b0994b64.yaml
+++ b/nuclei-templates/2023/CVE-2023-1602-6098ffaf0f2018e72b2fddb1b0994b64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Short URL <=  1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shorten-url/"
     google-query: inurl:"/wp-content/plugins/shorten-url/"
     shodan-query: 'vuln:CVE-2023-1602'
-  tags: cve,wordpress,wp-plugin,shorten-url,medium
+  tags: cve,wordpress,wp-plugin,shorten-url,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1614-050cddb029ad5e41b8d75ac57910a3a4.yaml b/nuclei-templates/2023/CVE-2023-1614-050cddb029ad5e41b8d75ac57910a3a4.yaml
index a99188d84a..59c900f9fc 100644
--- a/nuclei-templates/2023/CVE-2023-1614-050cddb029ad5e41b8d75ac57910a3a4.yaml
+++ b/nuclei-templates/2023/CVE-2023-1614-050cddb029ad5e41b8d75ac57910a3a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Author URL <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Custom Author URL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-author-url/"
     google-query: inurl:"/wp-content/plugins/wp-custom-author-url/"
     shodan-query: 'vuln:CVE-2023-1614'
-  tags: cve,wordpress,wp-plugin,wp-custom-author-url,medium
+  tags: cve,wordpress,wp-plugin,wp-custom-author-url,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1615-6cf0838d8f56929452bab2f8ff3f1bd8.yaml b/nuclei-templates/2023/CVE-2023-1615-6cf0838d8f56929452bab2f8ff3f1bd8.yaml
index f4ed89ae21..4e28482e8e 100644
--- a/nuclei-templates/2023/CVE-2023-1615-6cf0838d8f56929452bab2f8ff3f1bd8.yaml
+++ b/nuclei-templates/2023/CVE-2023-1615-6cf0838d8f56929452bab2f8ff3f1bd8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated(Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2023-1615'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,high
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1649-711d5e4371b5307e83aafa75e094a16d.yaml b/nuclei-templates/2023/CVE-2023-1649-711d5e4371b5307e83aafa75e094a16d.yaml
index 8a675203d9..4162af6495 100644
--- a/nuclei-templates/2023/CVE-2023-1649-711d5e4371b5307e83aafa75e094a16d.yaml
+++ b/nuclei-templates/2023/CVE-2023-1649-711d5e4371b5307e83aafa75e094a16d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI ChatBot <= 4.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AI ChatBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-1649'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1651-f715c92150b63b8634910eb743badf7e.yaml b/nuclei-templates/2023/CVE-2023-1651-f715c92150b63b8634910eb743badf7e.yaml
index bd625b720a..683d22168c 100644
--- a/nuclei-templates/2023/CVE-2023-1651-f715c92150b63b8634910eb743badf7e.yaml
+++ b/nuclei-templates/2023/CVE-2023-1651-f715c92150b63b8634910eb743badf7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ChatBot <= 4.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via openai_settings_option_callback
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ChatBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘openai_settings_option_callback’ function in versions up to, and including, 4.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-1651'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1660-5ef5a5a8c6cb4692922673fc79eb4970.yaml b/nuclei-templates/2023/CVE-2023-1660-5ef5a5a8c6cb4692922673fc79eb4970.yaml
index b15e82a784..d98f5dd0e1 100644
--- a/nuclei-templates/2023/CVE-2023-1660-5ef5a5a8c6cb4692922673fc79eb4970.yaml
+++ b/nuclei-templates/2023/CVE-2023-1660-5ef5a5a8c6cb4692922673fc79eb4970.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ChatBot <= 4.4.8 - Unauthenticated Stored Cross-Site Scripting in Admin Dashboard
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ChatBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting in the Admin Dashboard in versions up to, and including, 4.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers (leveraging a function hooked to init that lacks authorization and CSRF checks) to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-1660'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1661-7d1a4c06854607da91f0cfd973b64e55.yaml b/nuclei-templates/2023/CVE-2023-1661-7d1a4c06854607da91f0cfd973b64e55.yaml
index 01d9c92137..313471fefa 100644
--- a/nuclei-templates/2023/CVE-2023-1661-7d1a4c06854607da91f0cfd973b64e55.yaml
+++ b/nuclei-templates/2023/CVE-2023-1661-7d1a4c06854607da91f0cfd973b64e55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Display post meta, term meta, comment meta, and user meta <= 0.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/display-metadata/"
     google-query: inurl:"/wp-content/plugins/display-metadata/"
     shodan-query: 'vuln:CVE-2023-1661'
-  tags: cve,wordpress,wp-plugin,display-metadata,medium
+  tags: cve,wordpress,wp-plugin,display-metadata,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1669-13e2a2185dde6af6bd269d22e183dd35.yaml b/nuclei-templates/2023/CVE-2023-1669-13e2a2185dde6af6bd269d22e183dd35.yaml
index 47c23bade9..ee7cb6cde7 100644
--- a/nuclei-templates/2023/CVE-2023-1669-13e2a2185dde6af6bd269d22e183dd35.yaml
+++ b/nuclei-templates/2023/CVE-2023-1669-13e2a2185dde6af6bd269d22e183dd35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEOPress <= 6.5.0.2 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SEOPress plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.5.0.2 via deserialization of untrusted input of the $redirect_value['sources'] value triggered to an import with the seopress_import_rk_redirections function. This allows authenticated attackers, with administrator-level privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-seopress/"
     google-query: inurl:"/wp-content/plugins/wp-seopress/"
     shodan-query: 'vuln:CVE-2023-1669'
-  tags: cve,wordpress,wp-plugin,wp-seopress,medium
+  tags: cve,wordpress,wp-plugin,wp-seopress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1839-cad557e1501fb237a72952936969ee8d.yaml b/nuclei-templates/2023/CVE-2023-1839-cad557e1501fb237a72952936969ee8d.yaml
index 7b3ece1d8c..5ea35d7c36 100644
--- a/nuclei-templates/2023/CVE-2023-1839-cad557e1501fb237a72952936969ee8d.yaml
+++ b/nuclei-templates/2023/CVE-2023-1839-cad557e1501fb237a72952936969ee8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PPOM for WooCommerce <= 32.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PPOM for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to and including 32.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-addon/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/"
     shodan-query: 'vuln:CVE-2023-1839'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-addon,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-product-addon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1840-31672843b36374c6d9bc9abf980ac503.yaml b/nuclei-templates/2023/CVE-2023-1840-31672843b36374c6d9bc9abf980ac503.yaml
index 620e24c4bb..5aa251bb73 100644
--- a/nuclei-templates/2023/CVE-2023-1840-31672843b36374c6d9bc9abf980ac503.yaml
+++ b/nuclei-templates/2023/CVE-2023-1840-31672843b36374c6d9bc9abf980ac503.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sp*tify Play Button for WordPress <= 2.07 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spotify-play-button-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/spotify-play-button-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-1840'
-  tags: cve,wordpress,wp-plugin,spotify-play-button-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,spotify-play-button-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1843-5821b8bbdf52273dc284ba9fb20cfb12.yaml b/nuclei-templates/2023/CVE-2023-1843-5821b8bbdf52273dc284ba9fb20cfb12.yaml
index 93ecde1c46..550db1545d 100644
--- a/nuclei-templates/2023/CVE-2023-1843-5821b8bbdf52273dc284ba9fb20cfb12.yaml
+++ b/nuclei-templates/2023/CVE-2023-1843-5821b8bbdf52273dc284ba9fb20cfb12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-1843'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1844-b1c3c2103a95130385060251902a6b08.yaml b/nuclei-templates/2023/CVE-2023-1844-b1c3c2103a95130385060251902a6b08.yaml
index 5492f7c5ef..6b1acfae21 100644
--- a/nuclei-templates/2023/CVE-2023-1844-b1c3c2103a95130385060251902a6b08.yaml
+++ b/nuclei-templates/2023/CVE-2023-1844-b1c3c2103a95130385060251902a6b08.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Subscribe2 <= 10.40 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/subscribe2/"
     google-query: inurl:"/wp-content/plugins/subscribe2/"
     shodan-query: 'vuln:CVE-2023-1844'
-  tags: cve,wordpress,wp-plugin,subscribe2,medium
+  tags: cve,wordpress,wp-plugin,subscribe2,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1861-377e66001fb8e84db9266941f39f3e9d.yaml b/nuclei-templates/2023/CVE-2023-1861-377e66001fb8e84db9266941f39f3e9d.yaml
index 59d5022278..74c5838cfb 100644
--- a/nuclei-templates/2023/CVE-2023-1861-377e66001fb8e84db9266941f39f3e9d.yaml
+++ b/nuclei-templates/2023/CVE-2023-1861-377e66001fb8e84db9266941f39f3e9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Limit Login Attempts <= 1.7.1 - Authenticated(Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping when displaying usernames on the log page. This makes it possible for authenticated attackers with subscriber-level permissions or above to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin's settings page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/limit-login-attempts/"
     google-query: inurl:"/wp-content/plugins/limit-login-attempts/"
     shodan-query: 'vuln:CVE-2023-1861'
-  tags: cve,wordpress,wp-plugin,limit-login-attempts,medium
+  tags: cve,wordpress,wp-plugin,limit-login-attempts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1865-874a492260299c7a5afa8a7cc7cbcac9.yaml b/nuclei-templates/2023/CVE-2023-1865-874a492260299c7a5afa8a7cc7cbcac9.yaml
index a561df74fc..f73a24ae91 100644
--- a/nuclei-templates/2023/CVE-2023-1865-874a492260299c7a5afa8a7cc7cbcac9.yaml
+++ b/nuclei-templates/2023/CVE-2023-1865-874a492260299c7a5afa8a7cc7cbcac9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when  resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels from the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yourchannel/"
     google-query: inurl:"/wp-content/plugins/yourchannel/"
     shodan-query: 'vuln:CVE-2023-1865'
-  tags: cve,wordpress,wp-plugin,yourchannel,medium
+  tags: cve,wordpress,wp-plugin,yourchannel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1868-9ffefef754ef7b05c84f3b0ba93de0df.yaml b/nuclei-templates/2023/CVE-2023-1868-9ffefef754ef7b05c84f3b0ba93de0df.yaml
index 1fc9a2c2c6..162d21e4b4 100644
--- a/nuclei-templates/2023/CVE-2023-1868-9ffefef754ef7b05c84f3b0ba93de0df.yaml
+++ b/nuclei-templates/2023/CVE-2023-1868-9ffefef754ef7b05c84f3b0ba93de0df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yourchannel/"
     google-query: inurl:"/wp-content/plugins/yourchannel/"
     shodan-query: 'vuln:CVE-2023-1868'
-  tags: cve,wordpress,wp-plugin,yourchannel,medium
+  tags: cve,wordpress,wp-plugin,yourchannel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1869-bda0e76aad71129453d100395876792d.yaml b/nuclei-templates/2023/CVE-2023-1869-bda0e76aad71129453d100395876792d.yaml
index d9c771b443..5184f4d2dc 100644
--- a/nuclei-templates/2023/CVE-2023-1869-bda0e76aad71129453d100395876792d.yaml
+++ b/nuclei-templates/2023/CVE-2023-1869-bda0e76aad71129453d100395876792d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YourChannel <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YourChannel  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yourchannel/"
     google-query: inurl:"/wp-content/plugins/yourchannel/"
     shodan-query: 'vuln:CVE-2023-1869'
-  tags: cve,wordpress,wp-plugin,yourchannel,medium
+  tags: cve,wordpress,wp-plugin,yourchannel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1874-69231840a822d24bacb2d776a5d46cf4.yaml b/nuclei-templates/2023/CVE-2023-1874-69231840a822d24bacb2d776a5d46cf4.yaml
index 47a3e9b58a..0528ccd23a 100644
--- a/nuclei-templates/2023/CVE-2023-1874-69231840a822d24bacb2d776a5d46cf4.yaml
+++ b/nuclei-templates/2023/CVE-2023-1874-69231840a822d24bacb2d776a5d46cf4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Data Access <= 5.3.7 - Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update. This requires the 'Enable role management' setting to be enabled for the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-data-access/"
     google-query: inurl:"/wp-content/plugins/wp-data-access/"
     shodan-query: 'vuln:CVE-2023-1874'
-  tags: cve,wordpress,wp-plugin,wp-data-access,high
+  tags: cve,wordpress,wp-plugin,wp-data-access,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1888-50115b9c428a5ad33912876ac3e59d68.yaml b/nuclei-templates/2023/CVE-2023-1888-50115b9c428a5ad33912876ac3e59d68.yaml
index a326c98c8f..31052443bd 100644
--- a/nuclei-templates/2023/CVE-2023-1888-50115b9c428a5ad33912876ac3e59d68.yaml
+++ b/nuclei-templates/2023/CVE-2023-1888-50115b9c428a5ad33912876ac3e59d68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:CVE-2023-1888'
-  tags: cve,wordpress,wp-plugin,directorist,high
+  tags: cve,wordpress,wp-plugin,directorist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1889-01ea85ddd8a050d4ed49539de0e44b17.yaml b/nuclei-templates/2023/CVE-2023-1889-01ea85ddd8a050d4ed49539de0e44b17.yaml
index 963c440fdd..c79293c99d 100644
--- a/nuclei-templates/2023/CVE-2023-1889-01ea85ddd8a050d4ed49539de0e44b17.yaml
+++ b/nuclei-templates/2023/CVE-2023-1889-01ea85ddd8a050d4ed49539de0e44b17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts. Please note CVE-2023-35052 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:CVE-2023-1889'
-  tags: cve,wordpress,wp-plugin,directorist,medium
+  tags: cve,wordpress,wp-plugin,directorist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1895-c31135ea82eaff9efa9c5f32111bb6e0.yaml b/nuclei-templates/2023/CVE-2023-1895-c31135ea82eaff9efa9c5f32111bb6e0.yaml
index 0d3f32f0a3..9a077bedf2 100644
--- a/nuclei-templates/2023/CVE-2023-1895-c31135ea82eaff9efa9c5f32111bb6e0.yaml
+++ b/nuclei-templates/2023/CVE-2023-1895-c31135ea82eaff9efa9c5f32111bb6e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/getwid/"
     google-query: inurl:"/wp-content/plugins/getwid/"
     shodan-query: 'vuln:CVE-2023-1895'
-  tags: cve,wordpress,wp-plugin,getwid,high
+  tags: cve,wordpress,wp-plugin,getwid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1905-44f42e89daa3749af5c9d461caa7bbaa.yaml b/nuclei-templates/2023/CVE-2023-1905-44f42e89daa3749af5c9d461caa7bbaa.yaml
index eec150a953..68857775ed 100644
--- a/nuclei-templates/2023/CVE-2023-1905-44f42e89daa3749af5c9d461caa7bbaa.yaml
+++ b/nuclei-templates/2023/CVE-2023-1905-44f42e89daa3749af5c9d461caa7bbaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Popups – WordPress Popup builder <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Popups – WordPress Popup builder for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spu-facebook-page shortcode in versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-popups-lite/"
     google-query: inurl:"/wp-content/plugins/wp-popups-lite/"
     shodan-query: 'vuln:CVE-2023-1905'
-  tags: cve,wordpress,wp-plugin,wp-popups-lite,medium
+  tags: cve,wordpress,wp-plugin,wp-popups-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1911-388e6ad87200512eea2e328c413a87c2.yaml b/nuclei-templates/2023/CVE-2023-1911-388e6ad87200512eea2e328c413a87c2.yaml
index 31a5cb8554..fdf28346f9 100644
--- a/nuclei-templates/2023/CVE-2023-1911-388e6ad87200512eea2e328c413a87c2.yaml
+++ b/nuclei-templates/2023/CVE-2023-1911-388e6ad87200512eea2e328c413a87c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blocksy Companion <= 1.8.81 - Authenticated(Subscriber+) Sensitive Information Exposure via blocksy_posts shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blocksy Companion plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.8.81 via the blocksy_posts shortcode. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including draft posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blocksy-companion/"
     google-query: inurl:"/wp-content/plugins/blocksy-companion/"
     shodan-query: 'vuln:CVE-2023-1911'
-  tags: cve,wordpress,wp-plugin,blocksy-companion,medium
+  tags: cve,wordpress,wp-plugin,blocksy-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1913-47ea06b51e4d84465dbdc7ce5332226e.yaml b/nuclei-templates/2023/CVE-2023-1913-47ea06b51e4d84465dbdc7ce5332226e.yaml
index 042b1b8032..1d9bccef06 100644
--- a/nuclei-templates/2023/CVE-2023-1913-47ea06b51e4d84465dbdc7ce5332226e.yaml
+++ b/nuclei-templates/2023/CVE-2023-1913-47ea06b51e4d84465dbdc7ce5332226e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Maps Widget for Google Maps <= 4.24 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-maps-widget/"
     google-query: inurl:"/wp-content/plugins/google-maps-widget/"
     shodan-query: 'vuln:CVE-2023-1913'
-  tags: cve,wordpress,wp-plugin,google-maps-widget,medium
+  tags: cve,wordpress,wp-plugin,google-maps-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1917-d2b59825f91765366d354ae0bca502ca.yaml b/nuclei-templates/2023/CVE-2023-1917-d2b59825f91765366d354ae0bca502ca.yaml
index b5a768a1f7..5861951bcd 100644
--- a/nuclei-templates/2023/CVE-2023-1917-d2b59825f91765366d354ae0bca502ca.yaml
+++ b/nuclei-templates/2023/CVE-2023-1917-d2b59825f91765366d354ae0bca502ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPress <= 10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpress/"
     google-query: inurl:"/wp-content/plugins/powerpress/"
     shodan-query: 'vuln:CVE-2023-1917'
-  tags: cve,wordpress,wp-plugin,powerpress,medium
+  tags: cve,wordpress,wp-plugin,powerpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1928-dca77da230ccc48431ba72fffaf1572c.yaml b/nuclei-templates/2023/CVE-2023-1928-dca77da230ccc48431ba72fffaf1572c.yaml
index 071d54627e..55be6a78fc 100644
--- a/nuclei-templates/2023/CVE-2023-1928-dca77da230ccc48431ba72fffaf1572c.yaml
+++ b/nuclei-templates/2023/CVE-2023-1928-dca77da230ccc48431ba72fffaf1572c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_preload_single_callback'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2023-1928'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1929-fc23a4effa46a10b3b1c7e7c56d41874.yaml b/nuclei-templates/2023/CVE-2023-1929-fc23a4effa46a10b3b1c7e7c56d41874.yaml
index 72736f0856..6974a7ac4e 100644
--- a/nuclei-templates/2023/CVE-2023-1929-fc23a4effa46a10b3b1c7e7c56d41874.yaml
+++ b/nuclei-templates/2023/CVE-2023-1929-fc23a4effa46a10b3b1c7e7c56d41874.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2023-1929'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1930-cda6fd724330a43ee464ed21db562f0f.yaml b/nuclei-templates/2023/CVE-2023-1930-cda6fd724330a43ee464ed21db562f0f.yaml
index e4f239746f..d853c5ec94 100644
--- a/nuclei-templates/2023/CVE-2023-1930-cda6fd724330a43ee464ed21db562f0f.yaml
+++ b/nuclei-templates/2023/CVE-2023-1930-cda6fd724330a43ee464ed21db562f0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_clear_cache_of_allsites_callback'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2023-1930'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1931-e73d249d01ad89f85ce6653e71044320.yaml b/nuclei-templates/2023/CVE-2023-1931-e73d249d01ad89f85ce6653e71044320.yaml
index 5d04651ffe..b3a3ad5ebb 100644
--- a/nuclei-templates/2023/CVE-2023-1931-e73d249d01ad89f85ce6653e71044320.yaml
+++ b/nuclei-templates/2023/CVE-2023-1931-e73d249d01ad89f85ce6653e71044320.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2023-1931'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1938-880d7d40699b96b833547889085219bd.yaml b/nuclei-templates/2023/CVE-2023-1938-880d7d40699b96b833547889085219bd.yaml
index 109192b0e3..24ecb7167b 100644
--- a/nuclei-templates/2023/CVE-2023-1938-880d7d40699b96b833547889085219bd.yaml
+++ b/nuclei-templates/2023/CVE-2023-1938-880d7d40699b96b833547889085219bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 1.1.4 - Authenticated(Administrator+) Blind Server Side Request Forgery via check_url
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.4 via the 'check_url' function. This can allow Authenticated attackers with Administrator-level permissions to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Note that the function is also vulnerable to Cross-Site Request Forgery but this is only an issue due to the Server-Side Request Forgery capability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:CVE-2023-1938'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1977-ffbb08b3382f9c076d19dfa65caa3e3a.yaml b/nuclei-templates/2023/CVE-2023-1977-ffbb08b3382f9c076d19dfa65caa3e3a.yaml
index 0085043e30..57e4cf8221 100644
--- a/nuclei-templates/2023/CVE-2023-1977-ffbb08b3382f9c076d19dfa65caa3e3a.yaml
+++ b/nuclei-templates/2023/CVE-2023-1977-ffbb08b3382f9c076d19dfa65caa3e3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Manager <= 2.0.28 - Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booking Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 2.0.28 via the wpbm_get_ssl_page_content() function. This can allow authenticated attackers with subscriber-level permissions and above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-manager/"
     google-query: inurl:"/wp-content/plugins/booking-manager/"
     shodan-query: 'vuln:CVE-2023-1977'
-  tags: cve,wordpress,wp-plugin,booking-manager,medium
+  tags: cve,wordpress,wp-plugin,booking-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-1982-daaaa272b2f5cd2cb1ddbf8cf5560d23.yaml b/nuclei-templates/2023/CVE-2023-1982-daaaa272b2f5cd2cb1ddbf8cf5560d23.yaml
index c1d35b02e4..31d4612a10 100644
--- a/nuclei-templates/2023/CVE-2023-1982-daaaa272b2f5cd2cb1ddbf8cf5560d23.yaml
+++ b/nuclei-templates/2023/CVE-2023-1982-daaaa272b2f5cd2cb1ddbf8cf5560d23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/front-editor/"
     google-query: inurl:"/wp-content/plugins/front-editor/"
     shodan-query: 'vuln:CVE-2023-1982'
-  tags: cve,wordpress,wp-plugin,front-editor,medium
+  tags: cve,wordpress,wp-plugin,front-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2009-977a0355e694b9d265545981130653f2.yaml b/nuclei-templates/2023/CVE-2023-2009-977a0355e694b9d265545981130653f2.yaml
index 621c11a07e..d10e24d9dc 100644
--- a/nuclei-templates/2023/CVE-2023-2009-977a0355e694b9d265545981130653f2.yaml
+++ b/nuclei-templates/2023/CVE-2023-2009-977a0355e694b9d265545981130653f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pretty Url <= 1.5.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pretty Url plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.4  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pretty-url/"
     google-query: inurl:"/wp-content/plugins/pretty-url/"
     shodan-query: 'vuln:CVE-2023-2009'
-  tags: cve,wordpress,wp-plugin,pretty-url,medium
+  tags: cve,wordpress,wp-plugin,pretty-url,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2026-9fd302216733e7b16fde39fa0da8b2af.yaml b/nuclei-templates/2023/CVE-2023-2026-9fd302216733e7b16fde39fa0da8b2af.yaml
index be8978648a..ea96e6c18d 100644
--- a/nuclei-templates/2023/CVE-2023-2026-9fd302216733e7b16fde39fa0da8b2af.yaml
+++ b/nuclei-templates/2023/CVE-2023-2026-9fd302216733e7b16fde39fa0da8b2af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Protector <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Protector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-protector/"
     google-query: inurl:"/wp-content/plugins/image-protector/"
     shodan-query: 'vuln:CVE-2023-2026'
-  tags: cve,wordpress,wp-plugin,image-protector,medium
+  tags: cve,wordpress,wp-plugin,image-protector,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2029-a5227115c16c80c1d90e0210cfd39bd1.yaml b/nuclei-templates/2023/CVE-2023-2029-a5227115c16c80c1d90e0210cfd39bd1.yaml
index 15e1f5d762..71b986160b 100644
--- a/nuclei-templates/2023/CVE-2023-2029-a5227115c16c80c1d90e0210cfd39bd1.yaml
+++ b/nuclei-templates/2023/CVE-2023-2029-a5227115c16c80c1d90e0210cfd39bd1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PrePost SEO <= 3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PrePost SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/prepost-seo/"
     google-query: inurl:"/wp-content/plugins/prepost-seo/"
     shodan-query: 'vuln:CVE-2023-2029'
-  tags: cve,wordpress,wp-plugin,prepost-seo,medium
+  tags: cve,wordpress,wp-plugin,prepost-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2031-cfb712440be870231ef705d9454b409e.yaml b/nuclei-templates/2023/CVE-2023-2031-cfb712440be870231ef705d9454b409e.yaml
index 480456a17c..25bd2aca96 100644
--- a/nuclei-templates/2023/CVE-2023-2031-cfb712440be870231ef705d9454b409e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2031-cfb712440be870231ef705d9454b409e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Locatoraid Store Locator <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/locatoraid/"
     google-query: inurl:"/wp-content/plugins/locatoraid/"
     shodan-query: 'vuln:CVE-2023-2031'
-  tags: cve,wordpress,wp-plugin,locatoraid,medium
+  tags: cve,wordpress,wp-plugin,locatoraid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2066-0716e418df849204967cfc79352f5ba7.yaml b/nuclei-templates/2023/CVE-2023-2066-0716e418df849204967cfc79352f5ba7.yaml
index d912136fe8..078b5197ff 100644
--- a/nuclei-templates/2023/CVE-2023-2066-0716e418df849204967cfc79352f5ba7.yaml
+++ b/nuclei-templates/2023/CVE-2023-2066-0716e418df849204967cfc79352f5ba7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Announcement & Notification Banner – Bulletin <= 3.6.0 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the  'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions functions in versions up to, and including, 3.6.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin's settings, modify bulletins, create new bulletins, and more.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletin-announcements/"
     google-query: inurl:"/wp-content/plugins/bulletin-announcements/"
     shodan-query: 'vuln:CVE-2023-2066'
-  tags: cve,wordpress,wp-plugin,bulletin-announcements,medium
+  tags: cve,wordpress,wp-plugin,bulletin-announcements,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2079-514e5589e35f6de5b251e63d9ba1561e.yaml b/nuclei-templates/2023/CVE-2023-2079-514e5589e35f6de5b251e63d9ba1561e.yaml
index 0352bedf76..30936849d1 100644
--- a/nuclei-templates/2023/CVE-2023-2079-514e5589e35f6de5b251e63d9ba1561e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2079-514e5589e35f6de5b251e63d9ba1561e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for unauthenticated attackers to update the plugins settings, via a forged request granted the attacker can trick a site's administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buymeacoffee/"
     google-query: inurl:"/wp-content/plugins/buymeacoffee/"
     shodan-query: 'vuln:CVE-2023-2079'
-  tags: cve,wordpress,wp-plugin,buymeacoffee,high
+  tags: cve,wordpress,wp-plugin,buymeacoffee,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2082-0caf8903231ef8666af5245315083b74.yaml b/nuclei-templates/2023/CVE-2023-2082-0caf8903231ef8666af5245315083b74.yaml
index 9962801f69..6848e881e8 100644
--- a/nuclei-templates/2023/CVE-2023-2082-0caf8903231ef8666af5245315083b74.yaml
+++ b/nuclei-templates/2023/CVE-2023-2082-0caf8903231ef8666af5245315083b74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the 'text value set via the bmc_post_reception action. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to inject arbitrary web scripts into pages that execute whenever a victim accesses a page with the injected scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buymeacoffee/"
     google-query: inurl:"/wp-content/plugins/buymeacoffee/"
     shodan-query: 'vuln:CVE-2023-2082'
-  tags: cve,wordpress,wp-plugin,buymeacoffee,medium
+  tags: cve,wordpress,wp-plugin,buymeacoffee,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2083-9de5506c980e28c9e55c18a88ab23a5f.yaml b/nuclei-templates/2023/CVE-2023-2083-9de5506c980e28c9e55c18a88ab23a5f.yaml
index 2bd4b38cb4..dd8109b12f 100644
--- a/nuclei-templates/2023/CVE-2023-2083-9de5506c980e28c9e55c18a88ab23a5f.yaml
+++ b/nuclei-templates/2023/CVE-2023-2083-9de5506c980e28c9e55c18a88ab23a5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks <= 4.0.6 - Missing Authorization via save
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2023-2083'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2084-7daa2f9a38772e28d5c088d50297e34a.yaml b/nuclei-templates/2023/CVE-2023-2084-7daa2f9a38772e28d5c088d50297e34a.yaml
index 011465758a..5d0f834ccd 100644
--- a/nuclei-templates/2023/CVE-2023-2084-7daa2f9a38772e28d5c088d50297e34a.yaml
+++ b/nuclei-templates/2023/CVE-2023-2084-7daa2f9a38772e28d5c088d50297e34a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks <= 4.0.6 - Missing Authorization via get
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2023-2084'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2085-ec83c952597cd4d48032e81f82ee4086.yaml b/nuclei-templates/2023/CVE-2023-2085-ec83c952597cd4d48032e81f82ee4086.yaml
index 398f707d6c..5a7f010859 100644
--- a/nuclei-templates/2023/CVE-2023-2085-ec83c952597cd4d48032e81f82ee4086.yaml
+++ b/nuclei-templates/2023/CVE-2023-2085-ec83c952597cd4d48032e81f82ee4086.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks <= 4.0.6 - Missing Authorization via templates
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2023-2085'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2086-b8c50e487b4b0337b88f73b897d2ea2b.yaml b/nuclei-templates/2023/CVE-2023-2086-b8c50e487b4b0337b88f73b897d2ea2b.yaml
index cd362d22ae..847009a94f 100644
--- a/nuclei-templates/2023/CVE-2023-2086-b8c50e487b4b0337b88f73b897d2ea2b.yaml
+++ b/nuclei-templates/2023/CVE-2023-2086-b8c50e487b4b0337b88f73b897d2ea2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks <= 4.0.6 - Missing Authorization via template_count
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2023-2086'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2111-62f024d1a6544d8128f328de7ec4ed81.yaml b/nuclei-templates/2023/CVE-2023-2111-62f024d1a6544d8128f328de7ec4ed81.yaml
index c31c40a339..68ffa80c25 100644
--- a/nuclei-templates/2023/CVE-2023-2111-62f024d1a6544d8128f328de7ec4ed81.yaml
+++ b/nuclei-templates/2023/CVE-2023-2111-62f024d1a6544d8128f328de7ec4ed81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HollerBox <= 2.1.3 - Authenticated (edit_popups+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HollerBox plugin for WordPress is vulnerable to generic SQL Injection via the ‘get_report_data’ function in versions up to, and including, 2.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with the 'edit_popups' capability to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that the 'edit_popups' capability is not assigned to any user by default, though an administrator could assign it arbitrarily using a third-party plugin or directly through the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/holler-box/"
     google-query: inurl:"/wp-content/plugins/holler-box/"
     shodan-query: 'vuln:CVE-2023-2111'
-  tags: cve,wordpress,wp-plugin,holler-box,medium
+  tags: cve,wordpress,wp-plugin,holler-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2113-c98cc11ba230cb93eea39872b453bb99.yaml b/nuclei-templates/2023/CVE-2023-2113-c98cc11ba230cb93eea39872b453bb99.yaml
index 22f4087a28..8fab2f4a83 100644
--- a/nuclei-templates/2023/CVE-2023-2113-c98cc11ba230cb93eea39872b453bb99.yaml
+++ b/nuclei-templates/2023/CVE-2023-2113-c98cc11ba230cb93eea39872b453bb99.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Autoptimize <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Rules
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the critical css rules in versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autoptimize/"
     google-query: inurl:"/wp-content/plugins/autoptimize/"
     shodan-query: 'vuln:CVE-2023-2113'
-  tags: cve,wordpress,wp-plugin,autoptimize,medium
+  tags: cve,wordpress,wp-plugin,autoptimize,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2114-3c32e113f430e95dd1bba8970b964bc4.yaml b/nuclei-templates/2023/CVE-2023-2114-3c32e113f430e95dd1bba8970b964bc4.yaml
index 6a64a0db31..02078673db 100644
--- a/nuclei-templates/2023/CVE-2023-2114-3c32e113f430e95dd1bba8970b964bc4.yaml
+++ b/nuclei-templates/2023/CVE-2023-2114-3c32e113f430e95dd1bba8970b964bc4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms <= 8.3.3 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The NEX-Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2023-2114'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2143-165d37e436f1584c4d3db5b3ec68fd79.yaml b/nuclei-templates/2023/CVE-2023-2143-165d37e436f1584c4d3db5b3ec68fd79.yaml
index 21c532a607..d905c369bc 100644
--- a/nuclei-templates/2023/CVE-2023-2143-165d37e436f1584c4d3db5b3ec68fd79.yaml
+++ b/nuclei-templates/2023/CVE-2023-2143-165d37e436f1584c4d3db5b3ec68fd79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enable SVG, WebP & ICO Upload <= 1.0.3 - Authenticated  (Author+) Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Enable SVG, WebP & ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient sanitization of SVG uploads. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enable-svg-webp-ico-upload/"
     google-query: inurl:"/wp-content/plugins/enable-svg-webp-ico-upload/"
     shodan-query: 'vuln:CVE-2023-2143'
-  tags: cve,wordpress,wp-plugin,enable-svg-webp-ico-upload,medium
+  tags: cve,wordpress,wp-plugin,enable-svg-webp-ico-upload,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2168-4c56b6bb234842fef87202ea54089581.yaml b/nuclei-templates/2023/CVE-2023-2168-4c56b6bb234842fef87202ea54089581.yaml
index dcecc3869f..de1f90fc4a 100644
--- a/nuclei-templates/2023/CVE-2023-2168-4c56b6bb234842fef87202ea54089581.yaml
+++ b/nuclei-templates/2023/CVE-2023-2168-4c56b6bb234842fef87202ea54089581.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-tags/"
     google-query: inurl:"/wp-content/plugins/simple-tags/"
     shodan-query: 'vuln:CVE-2023-2168'
-  tags: cve,wordpress,wp-plugin,simple-tags,medium
+  tags: cve,wordpress,wp-plugin,simple-tags,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2169-1b628b6e919f163c78dec1ae22685875.yaml b/nuclei-templates/2023/CVE-2023-2169-1b628b6e919f163c78dec1ae22685875.yaml
index 326605e3f6..b584b07246 100644
--- a/nuclei-templates/2023/CVE-2023-2169-1b628b6e919f163c78dec1ae22685875.yaml
+++ b/nuclei-templates/2023/CVE-2023-2169-1b628b6e919f163c78dec1ae22685875.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-tags/"
     google-query: inurl:"/wp-content/plugins/simple-tags/"
     shodan-query: 'vuln:CVE-2023-2169'
-  tags: cve,wordpress,wp-plugin,simple-tags,medium
+  tags: cve,wordpress,wp-plugin,simple-tags,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2170-dbd78c6bc37635ee7558d00a91a8165a.yaml b/nuclei-templates/2023/CVE-2023-2170-dbd78c6bc37635ee7558d00a91a8165a.yaml
index efec45e369..f75de4ffa0 100644
--- a/nuclei-templates/2023/CVE-2023-2170-dbd78c6bc37635ee7558d00a91a8165a.yaml
+++ b/nuclei-templates/2023/CVE-2023-2170-dbd78c6bc37635ee7558d00a91a8165a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-tags/"
     google-query: inurl:"/wp-content/plugins/simple-tags/"
     shodan-query: 'vuln:CVE-2023-2170'
-  tags: cve,wordpress,wp-plugin,simple-tags,medium
+  tags: cve,wordpress,wp-plugin,simple-tags,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2171-e1ab43eefd1268f41af50d790136abb5.yaml b/nuclei-templates/2023/CVE-2023-2171-e1ab43eefd1268f41af50d790136abb5.yaml
index eeca89a5f8..393ab36aad 100644
--- a/nuclei-templates/2023/CVE-2023-2171-e1ab43eefd1268f41af50d790136abb5.yaml
+++ b/nuclei-templates/2023/CVE-2023-2171-e1ab43eefd1268f41af50d790136abb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/badgeos/"
     google-query: inurl:"/wp-content/plugins/badgeos/"
     shodan-query: 'vuln:CVE-2023-2171'
-  tags: cve,wordpress,wp-plugin,badgeos,medium
+  tags: cve,wordpress,wp-plugin,badgeos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2172-948fbb4659b9489d63a6dcbbe5ab82b2.yaml b/nuclei-templates/2023/CVE-2023-2172-948fbb4659b9489d63a6dcbbe5ab82b2.yaml
index 03f11f6e37..60de2f540b 100644
--- a/nuclei-templates/2023/CVE-2023-2172-948fbb4659b9489d63a6dcbbe5ab82b2.yaml
+++ b/nuclei-templates/2023/CVE-2023-2172-948fbb4659b9489d63a6dcbbe5ab82b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, and badgeos_update_ranks_req_steps_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to overwrite arbitrary post titles.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/badgeos/"
     google-query: inurl:"/wp-content/plugins/badgeos/"
     shodan-query: 'vuln:CVE-2023-2172'
-  tags: cve,wordpress,wp-plugin,badgeos,medium
+  tags: cve,wordpress,wp-plugin,badgeos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2173-ee566a4e5dfcb43b5aa7224c7fc505bf.yaml b/nuclei-templates/2023/CVE-2023-2173-ee566a4e5dfcb43b5aa7224c7fc505bf.yaml
index 57b79639dd..850ac8225c 100644
--- a/nuclei-templates/2023/CVE-2023-2173-ee566a4e5dfcb43b5aa7224c7fc505bf.yaml
+++ b/nuclei-templates/2023/CVE-2023-2173-ee566a4e5dfcb43b5aa7224c7fc505bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_delete_step_ajax_handler, badgeos_delete_award_step_ajax_handler, badgeos_delete_deduct_step_ajax_handler, and badgeos_delete_rank_req_step_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/badgeos/"
     google-query: inurl:"/wp-content/plugins/badgeos/"
     shodan-query: 'vuln:CVE-2023-2173'
-  tags: cve,wordpress,wp-plugin,badgeos,medium
+  tags: cve,wordpress,wp-plugin,badgeos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2174-6a3c999f177d3f3a9005f7b86b4e26cb.yaml b/nuclei-templates/2023/CVE-2023-2174-6a3c999f177d3f3a9005f7b86b4e26cb.yaml
index 0610a3c16b..28e5879c80 100644
--- a/nuclei-templates/2023/CVE-2023-2174-6a3c999f177d3f3a9005f7b86b4e26cb.yaml
+++ b/nuclei-templates/2023/CVE-2023-2174-6a3c999f177d3f3a9005f7b86b4e26cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the plugin's log entries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/badgeos/"
     google-query: inurl:"/wp-content/plugins/badgeos/"
     shodan-query: 'vuln:CVE-2023-2174'
-  tags: cve,wordpress,wp-plugin,badgeos,medium
+  tags: cve,wordpress,wp-plugin,badgeos,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2178-6d0e53ee77e3c1fef450b5cd709f1ad9.yaml b/nuclei-templates/2023/CVE-2023-2178-6d0e53ee77e3c1fef450b5cd709f1ad9.yaml
index 8fffce70a6..54894b6f08 100644
--- a/nuclei-templates/2023/CVE-2023-2178-6d0e53ee77e3c1fef450b5cd709f1ad9.yaml
+++ b/nuclei-templates/2023/CVE-2023-2178-6d0e53ee77e3c1fef450b5cd709f1ad9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Aajoda Testimonials <= 2.2.1 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  Aajoda Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aajoda-testimonials/"
     google-query: inurl:"/wp-content/plugins/aajoda-testimonials/"
     shodan-query: 'vuln:CVE-2023-2178'
-  tags: cve,wordpress,wp-plugin,aajoda-testimonials,medium
+  tags: cve,wordpress,wp-plugin,aajoda-testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2179-ae1b1a51b391401549de89991091def2.yaml b/nuclei-templates/2023/CVE-2023-2179-ae1b1a51b391401549de89991091def2.yaml
index d4b4b2915d..cd964e01fd 100644
--- a/nuclei-templates/2023/CVE-2023-2179-ae1b1a51b391401549de89991091def2.yaml
+++ b/nuclei-templates/2023/CVE-2023-2179-ae1b1a51b391401549de89991091def2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Order Status Change Notifier <= 1.1.0 - Authenticated (Subscriber+) Arbitrary Order Status Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Order Status Change Notifier plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an AJAX action in versions up to, and including, 1.1.0. This makes it possible for authenticated attackers with minimal permissions, such as a customer, to modify arbitrary order status and mark orders as paid, for example, when the order isn't actually paid for.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-order-status-change-notifier/"
     google-query: inurl:"/wp-content/plugins/woocommerce-order-status-change-notifier/"
     shodan-query: 'vuln:CVE-2023-2179'
-  tags: cve,wordpress,wp-plugin,woocommerce-order-status-change-notifier,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-order-status-change-notifier,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2188-29c3e0ef4de33c7a54c9e5adeed782a1.yaml b/nuclei-templates/2023/CVE-2023-2188-29c3e0ef4de33c7a54c9e5adeed782a1.yaml
index 43cd6ad140..74306b0e8e 100644
--- a/nuclei-templates/2023/CVE-2023-2188-29c3e0ef4de33c7a54c9e5adeed782a1.yaml
+++ b/nuclei-templates/2023/CVE-2023-2188-29c3e0ef4de33c7a54c9e5adeed782a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/colibri-page-builder/"
     google-query: inurl:"/wp-content/plugins/colibri-page-builder/"
     shodan-query: 'vuln:CVE-2023-2188'
-  tags: cve,wordpress,wp-plugin,colibri-page-builder,high
+  tags: cve,wordpress,wp-plugin,colibri-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2189-b3370369626f0cd7746a33baa8f9c6f9.yaml b/nuclei-templates/2023/CVE-2023-2189-b3370369626f0cd7746a33baa8f9c6f9.yaml
index 3e950b26c2..e922276e99 100644
--- a/nuclei-templates/2023/CVE-2023-2189-b3370369626f0cd7746a33baa8f9c6f9.yaml
+++ b/nuclei-templates/2023/CVE-2023-2189-b3370369626f0cd7746a33baa8f9c6f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Missing Authorization in toggle_widget
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stax-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/stax-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2023-2189'
-  tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2201-263813b94544d66ca6de0f83221d4012.yaml b/nuclei-templates/2023/CVE-2023-2201-263813b94544d66ca6de0f83221d4012.yaml
index e8579937c6..9716404164 100644
--- a/nuclei-templates/2023/CVE-2023-2201-263813b94544d66ca6de0f83221d4012.yaml
+++ b/nuclei-templates/2023/CVE-2023-2201-263813b94544d66ca6de0f83221d4012.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Web Directory Free <= 1.6.8 - Authenticated (Contributor+) SQL Injection via post_id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.8  due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/web-directory-free/"
     google-query: inurl:"/wp-content/plugins/web-directory-free/"
     shodan-query: 'vuln:CVE-2023-2201'
-  tags: cve,wordpress,wp-plugin,web-directory-free,high
+  tags: cve,wordpress,wp-plugin,web-directory-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2223-0769a7de02fdecf0755ac761d0a440c1.yaml b/nuclei-templates/2023/CVE-2023-2223-0769a7de02fdecf0755ac761d0a440c1.yaml
index 2ed1841837..e8769f5537 100644
--- a/nuclei-templates/2023/CVE-2023-2223-0769a7de02fdecf0755ac761d0a440c1.yaml
+++ b/nuclei-templates/2023/CVE-2023-2223-0769a7de02fdecf0755ac761d0a440c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login rebuilder <= 2.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login rebuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-rebuilder/"
     google-query: inurl:"/wp-content/plugins/login-rebuilder/"
     shodan-query: 'vuln:CVE-2023-2223'
-  tags: cve,wordpress,wp-plugin,login-rebuilder,medium
+  tags: cve,wordpress,wp-plugin,login-rebuilder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2224-70a47ff6f5488e7468e76cf5273bfb81.yaml b/nuclei-templates/2023/CVE-2023-2224-70a47ff6f5488e7468e76cf5273bfb81.yaml
index e4a1829e43..1b10b38824 100644
--- a/nuclei-templates/2023/CVE-2023-2224-70a47ff6f5488e7468e76cf5273bfb81.yaml
+++ b/nuclei-templates/2023/CVE-2023-2224-70a47ff6f5488e7468e76cf5273bfb81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO By 10Web <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SEO By 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-by-10web/"
     google-query: inurl:"/wp-content/plugins/seo-by-10web/"
     shodan-query: 'vuln:CVE-2023-2224'
-  tags: cve,wordpress,wp-plugin,seo-by-10web,medium
+  tags: cve,wordpress,wp-plugin,seo-by-10web,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2225-437f4f4319341eb71e66802d9a46e647.yaml b/nuclei-templates/2023/CVE-2023-2225-437f4f4319341eb71e66802d9a46e647.yaml
index 6a2067efa5..2772724263 100644
--- a/nuclei-templates/2023/CVE-2023-2225-437f4f4319341eb71e66802d9a46e647.yaml
+++ b/nuclei-templates/2023/CVE-2023-2225-437f4f4319341eb71e66802d9a46e647.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO ALert <= 1.5.9 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SEO ALert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.9  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-alert/"
     google-query: inurl:"/wp-content/plugins/seo-alert/"
     shodan-query: 'vuln:CVE-2023-2225'
-  tags: cve,wordpress,wp-plugin,seo-alert,medium
+  tags: cve,wordpress,wp-plugin,seo-alert,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2229-bd5ef70cad456cfb810c3a196f6a2a81.yaml b/nuclei-templates/2023/CVE-2023-2229-bd5ef70cad456cfb810c3a196f6a2a81.yaml
index a63f2e3651..9f7e67e0cd 100644
--- a/nuclei-templates/2023/CVE-2023-2229-bd5ef70cad456cfb810c3a196f6a2a81.yaml
+++ b/nuclei-templates/2023/CVE-2023-2229-bd5ef70cad456cfb810c3a196f6a2a81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Post Duplicator <= 2.0 - Authenticated (Contributor+) SQL Injection via post_id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rduplicator/"
     google-query: inurl:"/wp-content/plugins/rduplicator/"
     shodan-query: 'vuln:CVE-2023-2229'
-  tags: cve,wordpress,wp-plugin,rduplicator,high
+  tags: cve,wordpress,wp-plugin,rduplicator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2237-64ddeafe0a6eb1f3dc3db9049ece872d.yaml b/nuclei-templates/2023/CVE-2023-2237-64ddeafe0a6eb1f3dc3db9049ece872d.yaml
index 50b93c975e..70813fe779 100644
--- a/nuclei-templates/2023/CVE-2023-2237-64ddeafe0a6eb1f3dc3db9049ece872d.yaml
+++ b/nuclei-templates/2023/CVE-2023-2237-64ddeafe0a6eb1f3dc3db9049ece872d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Replicate Post <= 4.0.2 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-replicate-post/"
     google-query: inurl:"/wp-content/plugins/wp-replicate-post/"
     shodan-query: 'vuln:CVE-2023-2237'
-  tags: cve,wordpress,wp-plugin,wp-replicate-post,high
+  tags: cve,wordpress,wp-plugin,wp-replicate-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2249-86ba8169e30edfd0fbeaaac7e702dfce.yaml b/nuclei-templates/2023/CVE-2023-2249-86ba8169e30edfd0fbeaaac7e702dfce.yaml
index ee4808282b..cc42274a03 100644
--- a/nuclei-templates/2023/CVE-2023-2249-86ba8169e30edfd0fbeaaac7e702dfce.yaml
+++ b/nuclei-templates/2023/CVE-2023-2249-86ba8169e30edfd0fbeaaac7e702dfce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2023-2249'
-  tags: cve,wordpress,wp-plugin,wpforo,high
+  tags: cve,wordpress,wp-plugin,wpforo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2252-9576bd28245508413e199ad3d8acfb19.yaml b/nuclei-templates/2023/CVE-2023-2252-9576bd28245508413e199ad3d8acfb19.yaml
index 860fa7a5d9..fbee012f9a 100644
--- a/nuclei-templates/2023/CVE-2023-2252-9576bd28245508413e199ad3d8acfb19.yaml
+++ b/nuclei-templates/2023/CVE-2023-2252-9576bd28245508413e199ad3d8acfb19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Directorist <= 7.5.3 - Authenticated (Administrator+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Directorist for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 7.5.3 via the file parameter during CSV import. This allows administrator-level attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:CVE-2023-2252'
-  tags: cve,wordpress,wp-plugin,directorist,high
+  tags: cve,wordpress,wp-plugin,directorist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2254-b309eae3300d9042c3f3d6f98d0437a7.yaml b/nuclei-templates/2023/CVE-2023-2254-b309eae3300d9042c3f3d6f98d0437a7.yaml
index 98e881885a..c5a1672150 100644
--- a/nuclei-templates/2023/CVE-2023-2254-b309eae3300d9042c3f3d6f98d0437a7.yaml
+++ b/nuclei-templates/2023/CVE-2023-2254-b309eae3300d9042c3f3d6f98d0437a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ko-fi Button <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ko-fi Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ko-fi-button/"
     google-query: inurl:"/wp-content/plugins/ko-fi-button/"
     shodan-query: 'vuln:CVE-2023-2254'
-  tags: cve,wordpress,wp-plugin,ko-fi-button,medium
+  tags: cve,wordpress,wp-plugin,ko-fi-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2261-dd3770633c5e3f81d160a943bc75a752.yaml b/nuclei-templates/2023/CVE-2023-2261-dd3770633c5e3f81d160a943bc75a752.yaml
index 6d927b03b4..bcd8af8792 100644
--- a/nuclei-templates/2023/CVE-2023-2261-dd3770633c5e3f81d160a943bc75a752.yaml
+++ b/nuclei-templates/2023/CVE-2023-2261-dd3770633c5e3f81d160a943bc75a752.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-2261
   metadata:
-    fofa-query: "wp-content/plugins/wp-security-audit-log/"
-    google-query: inurl:"/wp-content/plugins/wp-security-audit-log/"
+    fofa-query: "wp-content/plugins/wp-security-audit-log-premium/"
+    google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/"
     shodan-query: 'vuln:CVE-2023-2261'
-  tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium
+  tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log-premium/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "wp-security-audit-log"
+          - "wp-security-audit-log-premium"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-22677-12bc7ed9ac4b4df7c9585c5a1693f987.yaml b/nuclei-templates/2023/CVE-2023-22677-12bc7ed9ac4b4df7c9585c5a1693f987.yaml
index 820613c665..0ce8456c1b 100644
--- a/nuclei-templates/2023/CVE-2023-22677-12bc7ed9ac4b4df7c9585c5a1693f987.yaml
+++ b/nuclei-templates/2023/CVE-2023-22677-12bc7ed9ac4b4df7c9585c5a1693f987.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Booklet <= 2.1.8 - Authenticated (Subscriber+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Booklet plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.1.8 due to a lack of protections on functions such as '_command_exists' and 'run_command'. This allows subscriber-level attackers to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-booklet/"
     google-query: inurl:"/wp-content/plugins/wp-booklet/"
     shodan-query: 'vuln:CVE-2023-22677'
-  tags: cve,wordpress,wp-plugin,wp-booklet,high
+  tags: cve,wordpress,wp-plugin,wp-booklet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22679-91762f25ca1ba53290ed2c419bfe3a07.yaml b/nuclei-templates/2023/CVE-2023-22679-91762f25ca1ba53290ed2c419bfe3a07.yaml
index 7712b72b1f..3c9906ed70 100644
--- a/nuclei-templates/2023/CVE-2023-22679-91762f25ca1ba53290ed2c419bfe3a07.yaml
+++ b/nuclei-templates/2023/CVE-2023-22679-91762f25ca1ba53290ed2c419bfe3a07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Better Emails <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Better Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-better-emails/"
     google-query: inurl:"/wp-content/plugins/wp-better-emails/"
     shodan-query: 'vuln:CVE-2023-22679'
-  tags: cve,wordpress,wp-plugin,wp-better-emails,medium
+  tags: cve,wordpress,wp-plugin,wp-better-emails,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22680-43886ab11181377f0791e69c2c423b63.yaml b/nuclei-templates/2023/CVE-2023-22680-43886ab11181377f0791e69c2c423b63.yaml
index 7d1c87a6fc..b37f0951b0 100644
--- a/nuclei-templates/2023/CVE-2023-22680-43886ab11181377f0791e69c2c423b63.yaml
+++ b/nuclei-templates/2023/CVE-2023-22680-43886ab11181377f0791e69c2c423b63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     No API Amazon Affiliate <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The No API Amazon Affiliate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/no-api-amazon-affiliate/"
     google-query: inurl:"/wp-content/plugins/no-api-amazon-affiliate/"
     shodan-query: 'vuln:CVE-2023-22680'
-  tags: cve,wordpress,wp-plugin,no-api-amazon-affiliate,medium
+  tags: cve,wordpress,wp-plugin,no-api-amazon-affiliate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22683-cc0d4514b7c79b3cb4d1496328155c24.yaml b/nuclei-templates/2023/CVE-2023-22683-cc0d4514b7c79b3cb4d1496328155c24.yaml
index 37c3083948..d67367773c 100644
--- a/nuclei-templates/2023/CVE-2023-22683-cc0d4514b7c79b3cb4d1496328155c24.yaml
+++ b/nuclei-templates/2023/CVE-2023-22683-cc0d4514b7c79b3cb4d1496328155c24.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clio Grow <= 1.0.0 - Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Clio Grow plugin for WordPress is vulnerable to Stored Cross-Site Scripting up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clio-grow-form/"
     google-query: inurl:"/wp-content/plugins/clio-grow-form/"
     shodan-query: 'vuln:CVE-2023-22683'
-  tags: cve,wordpress,wp-plugin,clio-grow-form,medium
+  tags: cve,wordpress,wp-plugin,clio-grow-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22684-a6ba6de400353cbaf7c7146b43b770d6.yaml b/nuclei-templates/2023/CVE-2023-22684-a6ba6de400353cbaf7c7146b43b770d6.yaml
index ed6ae1dd8b..3f08e32032 100644
--- a/nuclei-templates/2023/CVE-2023-22684-a6ba6de400353cbaf7c7146b43b770d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-22684-a6ba6de400353cbaf7c7146b43b770d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Subscribers – Free Web Push Notifications <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Subscribers – Free Web Push Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/subscribers-com/"
     google-query: inurl:"/wp-content/plugins/subscribers-com/"
     shodan-query: 'vuln:CVE-2023-22684'
-  tags: cve,wordpress,wp-plugin,subscribers-com,medium
+  tags: cve,wordpress,wp-plugin,subscribers-com,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22685-4f38551b81bcc12b9f18d5f308341508.yaml b/nuclei-templates/2023/CVE-2023-22685-4f38551b81bcc12b9f18d5f308341508.yaml
index 340c310d48..764e07a0b0 100644
--- a/nuclei-templates/2023/CVE-2023-22685-4f38551b81bcc12b9f18d5f308341508.yaml
+++ b/nuclei-templates/2023/CVE-2023-22685-4f38551b81bcc12b9f18d5f308341508.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Category Specific RSS feed Subscription <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Category Specific RSS feed Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/category-specific-rss-feed-menu/"
     google-query: inurl:"/wp-content/plugins/category-specific-rss-feed-menu/"
     shodan-query: 'vuln:CVE-2023-22685'
-  tags: cve,wordpress,wp-plugin,category-specific-rss-feed-menu,medium
+  tags: cve,wordpress,wp-plugin,category-specific-rss-feed-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22690-0b18a98b24cbdb105ec0fbddf0f9fc1f.yaml b/nuclei-templates/2023/CVE-2023-22690-0b18a98b24cbdb105ec0fbddf0f9fc1f.yaml
index e65a9e46b7..5bac15b282 100644
--- a/nuclei-templates/2023/CVE-2023-22690-0b18a98b24cbdb105ec0fbddf0f9fc1f.yaml
+++ b/nuclei-templates/2023/CVE-2023-22690-0b18a98b24cbdb105ec0fbddf0f9fc1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions before 5.78 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ebook-store/"
     google-query: inurl:"/wp-content/plugins/ebook-store/"
     shodan-query: 'vuln:CVE-2023-22690'
-  tags: cve,wordpress,wp-plugin,ebook-store,medium
+  tags: cve,wordpress,wp-plugin,ebook-store,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22696-a7668a1f316cb3a4a10463e8f1f4e787.yaml b/nuclei-templates/2023/CVE-2023-22696-a7668a1f316cb3a4a10463e8f1f4e787.yaml
index a2e7631f55..3028c9bf65 100644
--- a/nuclei-templates/2023/CVE-2023-22696-a7668a1f316cb3a4a10463e8f1f4e787.yaml
+++ b/nuclei-templates/2023/CVE-2023-22696-a7668a1f316cb3a4a10463e8f1f4e787.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Affiliate Links Lite <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Affiliate Links Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliate-links/"
     google-query: inurl:"/wp-content/plugins/affiliate-links/"
     shodan-query: 'vuln:CVE-2023-22696'
-  tags: cve,wordpress,wp-plugin,affiliate-links,medium
+  tags: cve,wordpress,wp-plugin,affiliate-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22698-9be84376d34a812060ad8aba2e71f1f0.yaml b/nuclei-templates/2023/CVE-2023-22698-9be84376d34a812060ad8aba2e71f1f0.yaml
index 1ab3d0fea6..6a0906f0a4 100644
--- a/nuclei-templates/2023/CVE-2023-22698-9be84376d34a812060ad8aba2e71f1f0.yaml
+++ b/nuclei-templates/2023/CVE-2023-22698-9be84376d34a812060ad8aba2e71f1f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme Blvd Responsive Google Maps <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Theme Blvd Responsive Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on the shortcode attributes. This makes it possible for authenticated attackers with contributor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-blvd-responsive-google-maps/"
     google-query: inurl:"/wp-content/plugins/theme-blvd-responsive-google-maps/"
     shodan-query: 'vuln:CVE-2023-22698'
-  tags: cve,wordpress,wp-plugin,theme-blvd-responsive-google-maps,medium
+  tags: cve,wordpress,wp-plugin,theme-blvd-responsive-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22699-09213ac628577f10fc1f9d7850e68118.yaml b/nuclei-templates/2023/CVE-2023-22699-09213ac628577f10fc1f9d7850e68118.yaml
index b6f26a091c..e8282beb7d 100644
--- a/nuclei-templates/2023/CVE-2023-22699-09213ac628577f10fc1f9d7850e68118.yaml
+++ b/nuclei-templates/2023/CVE-2023-22699-09213ac628577f10fc1f9d7850e68118.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Wordfence Extension <= 4.0.7 - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Wordfence Extension  plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0.7, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-wordfence-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-wordfence-extension/"
     shodan-query: 'vuln:CVE-2023-22699'
-  tags: cve,wordpress,wp-plugin,mainwp-wordfence-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-wordfence-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22701-e077433f57a559397a844ed63a88920a.yaml b/nuclei-templates/2023/CVE-2023-22701-e077433f57a559397a844ed63a88920a.yaml
index 6c587f716d..07e452c062 100644
--- a/nuclei-templates/2023/CVE-2023-22701-e077433f57a559397a844ed63a88920a.yaml
+++ b/nuclei-templates/2023/CVE-2023-22701-e077433f57a559397a844ed63a88920a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ebook Store plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ebook_store_export_orders function in versions up to, and including, 5.775. This makes it possible for unauthenticated attackers to export order info.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ebook-store/"
     google-query: inurl:"/wp-content/plugins/ebook-store/"
     shodan-query: 'vuln:CVE-2023-22701'
-  tags: cve,wordpress,wp-plugin,ebook-store,medium
+  tags: cve,wordpress,wp-plugin,ebook-store,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22702-5e80d211739bf78fc6d29ff73646a991.yaml b/nuclei-templates/2023/CVE-2023-22702-5e80d211739bf78fc6d29ff73646a991.yaml
index 4f730b3ce9..8fc1e0feba 100644
--- a/nuclei-templates/2023/CVE-2023-22702-5e80d211739bf78fc6d29ff73646a991.yaml
+++ b/nuclei-templates/2023/CVE-2023-22702-5e80d211739bf78fc6d29ff73646a991.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPMobile.App — Android and iOS Mobile Application <= 11.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 11.13 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for authenticated attackers with contributor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpappninja/"
     google-query: inurl:"/wp-content/plugins/wpappninja/"
     shodan-query: 'vuln:CVE-2023-22702'
-  tags: cve,wordpress,wp-plugin,wpappninja,medium
+  tags: cve,wordpress,wp-plugin,wpappninja,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22707-01c7f6a7ff2da57d8e46e6c08e382c32.yaml b/nuclei-templates/2023/CVE-2023-22707-01c7f6a7ff2da57d8e46e6c08e382c32.yaml
index 76e0f2cd2e..16563ce603 100644
--- a/nuclei-templates/2023/CVE-2023-22707-01c7f6a7ff2da57d8e46e6c08e382c32.yaml
+++ b/nuclei-templates/2023/CVE-2023-22707-01c7f6a7ff2da57d8e46e6c08e382c32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Greenshift – animation and page builder blocks <= 4.9.9 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG upload in versions up to, and including, version 4.9.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers with author or greater access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/greenshift-animation-and-page-builder-blocks/"
     google-query: inurl:"/wp-content/plugins/greenshift-animation-and-page-builder-blocks/"
     shodan-query: 'vuln:CVE-2023-22707'
-  tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,medium
+  tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22708-e82a5c99393c73fafe048a1ee03cc574.yaml b/nuclei-templates/2023/CVE-2023-22708-e82a5c99393c73fafe048a1ee03cc574.yaml
index 6a7fe4a9c9..d6cd3d33d4 100644
--- a/nuclei-templates/2023/CVE-2023-22708-e82a5c99393c73fafe048a1ee03cc574.yaml
+++ b/nuclei-templates/2023/CVE-2023-22708-e82a5c99393c73fafe048a1ee03cc574.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kraken.io Image Optimizer <= 2.6.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     TheKraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its kraken_media_library_reset_all AJAX action in versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kraken-image-optimizer/"
     google-query: inurl:"/wp-content/plugins/kraken-image-optimizer/"
     shodan-query: 'vuln:CVE-2023-22708'
-  tags: cve,wordpress,wp-plugin,kraken-image-optimizer,medium
+  tags: cve,wordpress,wp-plugin,kraken-image-optimizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22711-c94bdab6658e87ec5036df9af1fd3f36.yaml b/nuclei-templates/2023/CVE-2023-22711-c94bdab6658e87ec5036df9af1fd3f36.yaml
index 0c2ffd84ba..f8962c4ee8 100644
--- a/nuclei-templates/2023/CVE-2023-22711-c94bdab6658e87ec5036df9af1fd3f36.yaml
+++ b/nuclei-templates/2023/CVE-2023-22711-c94bdab6658e87ec5036df9af1fd3f36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IMPress Listings <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Listing Fields
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The IMPress Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple listing fields in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-listings/"
     google-query: inurl:"/wp-content/plugins/wp-listings/"
     shodan-query: 'vuln:CVE-2023-22711'
-  tags: cve,wordpress,wp-plugin,wp-listings,medium
+  tags: cve,wordpress,wp-plugin,wp-listings,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22712-71cf8d6f1781f11cff9af8b811c7f0b2.yaml b/nuclei-templates/2023/CVE-2023-22712-71cf8d6f1781f11cff9af8b811c7f0b2.yaml
index f49de98139..2c93ee7295 100644
--- a/nuclei-templates/2023/CVE-2023-22712-71cf8d6f1781f11cff9af8b811c7f0b2.yaml
+++ b/nuclei-templates/2023/CVE-2023-22712-71cf8d6f1781f11cff9af8b811c7f0b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via numerous rendering parameters in its widgets code in versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/templatesnext-toolkit/"
     google-query: inurl:"/wp-content/plugins/templatesnext-toolkit/"
     shodan-query: 'vuln:CVE-2023-22712'
-  tags: cve,wordpress,wp-plugin,templatesnext-toolkit,medium
+  tags: cve,wordpress,wp-plugin,templatesnext-toolkit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22713-5096ea0bd77ac20a45ea75149ea1f0e9.yaml b/nuclei-templates/2023/CVE-2023-22713-5096ea0bd77ac20a45ea75149ea1f0e9.yaml
index dce48d5b68..7a9381161c 100644
--- a/nuclei-templates/2023/CVE-2023-22713-5096ea0bd77ac20a45ea75149ea1f0e9.yaml
+++ b/nuclei-templates/2023/CVE-2023-22713-5096ea0bd77ac20a45ea75149ea1f0e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberge Blocks <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberge Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdm-gutenberg-blocks/"
     google-query: inurl:"/wp-content/plugins/wpdm-gutenberg-blocks/"
     shodan-query: 'vuln:CVE-2023-22713'
-  tags: cve,wordpress,wp-plugin,wpdm-gutenberg-blocks,medium
+  tags: cve,wordpress,wp-plugin,wpdm-gutenberg-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22715-c4c58ad76c633d16084174a989d36082.yaml b/nuclei-templates/2023/CVE-2023-22715-c4c58ad76c633d16084174a989d36082.yaml
index 38b5bd4216..2344c7ca6f 100644
--- a/nuclei-templates/2023/CVE-2023-22715-c4c58ad76c633d16084174a989d36082.yaml
+++ b/nuclei-templates/2023/CVE-2023-22715-c4c58ad76c633d16084174a989d36082.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-CommentNavi <= 1.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-CommentNavi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the navi options 'pages_text', 'current_text', 'page_text', 'first_text', 'last_text', 'next_text', 'prev_text', 'dotright_text', and 'num_pages', in versions up to, and including, 1.12.1 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-commentnavi/"
     google-query: inurl:"/wp-content/plugins/wp-commentnavi/"
     shodan-query: 'vuln:CVE-2023-22715'
-  tags: cve,wordpress,wp-plugin,wp-commentnavi,medium
+  tags: cve,wordpress,wp-plugin,wp-commentnavi,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22716-6bf95a000c0173a075e212bc6eeb873d.yaml b/nuclei-templates/2023/CVE-2023-22716-6bf95a000c0173a075e212bc6eeb873d.yaml
index 7c94ee9491..e9d8d680a9 100644
--- a/nuclei-templates/2023/CVE-2023-22716-6bf95a000c0173a075e212bc6eeb873d.yaml
+++ b/nuclei-templates/2023/CVE-2023-22716-6bf95a000c0173a075e212bc6eeb873d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OOPSpam Anti-Spam <= 1.1.35 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OOPSpam Anti-Spam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via options such as 'oopspam_wpregister_spam_message', 'oopspam_woo_spam_message', and 'oopspam_give_spam_message' (as well as numerous others) in versions up to, and including, 1.1.35 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oopspam-anti-spam/"
     google-query: inurl:"/wp-content/plugins/oopspam-anti-spam/"
     shodan-query: 'vuln:CVE-2023-22716'
-  tags: cve,wordpress,wp-plugin,oopspam-anti-spam,medium
+  tags: cve,wordpress,wp-plugin,oopspam-anti-spam,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22717-527f36f790da1a74645e814e4fe52934.yaml b/nuclei-templates/2023/CVE-2023-22717-527f36f790da1a74645e814e4fe52934.yaml
index 253fac6eff..4e4e85fcbe 100644
--- a/nuclei-templates/2023/CVE-2023-22717-527f36f790da1a74645e814e4fe52934.yaml
+++ b/nuclei-templates/2023/CVE-2023-22717-527f36f790da1a74645e814e4fe52934.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FormCraft <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fcb shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fcb shortcode in versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formcraft-form-builder/"
     google-query: inurl:"/wp-content/plugins/formcraft-form-builder/"
     shodan-query: 'vuln:CVE-2023-22717'
-  tags: cve,wordpress,wp-plugin,formcraft-form-builder,medium
+  tags: cve,wordpress,wp-plugin,formcraft-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22720-e52be0435f55047670368cd34b580535.yaml b/nuclei-templates/2023/CVE-2023-22720-e52be0435f55047670368cd34b580535.yaml
index d78e52b764..0e66364513 100644
--- a/nuclei-templates/2023/CVE-2023-22720-e52be0435f55047670368cd34b580535.yaml
+++ b/nuclei-templates/2023/CVE-2023-22720-e52be0435f55047670368cd34b580535.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Links Page <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Links Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, and including, 4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-links-page/"
     google-query: inurl:"/wp-content/plugins/wp-links-page/"
     shodan-query: 'vuln:CVE-2023-22720'
-  tags: cve,wordpress,wp-plugin,wp-links-page,medium
+  tags: cve,wordpress,wp-plugin,wp-links-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-22721-edd20f1acfb98b2d0a1653edfc88a6dc.yaml b/nuclei-templates/2023/CVE-2023-22721-edd20f1acfb98b2d0a1653edfc88a6dc.yaml
index 993bcf4ceb..628289fa90 100644
--- a/nuclei-templates/2023/CVE-2023-22721-edd20f1acfb98b2d0a1653edfc88a6dc.yaml
+++ b/nuclei-templates/2023/CVE-2023-22721-edd20f1acfb98b2d0a1653edfc88a6dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Oi Yandex.Maps for WordPress <= 3.2.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Oi Yandex.Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oi-yamaps/"
     google-query: inurl:"/wp-content/plugins/oi-yamaps/"
     shodan-query: 'vuln:CVE-2023-22721'
-  tags: cve,wordpress,wp-plugin,oi-yamaps,medium
+  tags: cve,wordpress,wp-plugin,oi-yamaps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2275-054a823a88fd659044cb1d5f3fc034a5.yaml b/nuclei-templates/2023/CVE-2023-2275-054a823a88fd659044cb1d5f3fc034a5.yaml
index 33559d1c49..964605b87f 100644
--- a/nuclei-templates/2023/CVE-2023-2275-054a823a88fd659044cb1d5f3fc034a5.yaml
+++ b/nuclei-templates/2023/CVE-2023-2275-054a823a88fd659044cb1d5f3fc034a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wcfm-marketplace-rest-api/"
     google-query: inurl:"/wp-content/plugins/wcfm-marketplace-rest-api/"
     shodan-query: 'vuln:CVE-2023-2275'
-  tags: cve,wordpress,wp-plugin,wcfm-marketplace-rest-api,medium
+  tags: cve,wordpress,wp-plugin,wcfm-marketplace-rest-api,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2280-85863960848d10abf7509addf7ced106.yaml b/nuclei-templates/2023/CVE-2023-2280-85863960848d10abf7509addf7ced106.yaml
index cb7b914d6f..342ab78ec4 100644
--- a/nuclei-templates/2023/CVE-2023-2280-85863960848d10abf7509addf7ced106.yaml
+++ b/nuclei-templates/2023/CVE-2023-2280-85863960848d10abf7509addf7ced106.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdirectorykit/"
     google-query: inurl:"/wp-content/plugins/wpdirectorykit/"
     shodan-query: 'vuln:CVE-2023-2280'
-  tags: cve,wordpress,wp-plugin,wpdirectorykit,medium
+  tags: cve,wordpress,wp-plugin,wpdirectorykit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2284-fb8070a3ea093b2b03c1a0de45c253ff.yaml b/nuclei-templates/2023/CVE-2023-2284-fb8070a3ea093b2b03c1a0de45c253ff.yaml
index d396e94a57..3dc215960b 100644
--- a/nuclei-templates/2023/CVE-2023-2284-fb8070a3ea093b2b03c1a0de45c253ff.yaml
+++ b/nuclei-templates/2023/CVE-2023-2284-fb8070a3ea093b2b03c1a0de45c253ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_db
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-security-audit-log-premium/"
     google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/"
     shodan-query: 'vuln:CVE-2023-2284'
-  tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,medium
+  tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2286-f0b0a230f7453036382fc231a8391538.yaml b/nuclei-templates/2023/CVE-2023-2286-f0b0a230f7453036382fc231a8391538.yaml
index 632eabe19e..a825e0e10f 100644
--- a/nuclei-templates/2023/CVE-2023-2286-f0b0a230f7453036382fc231a8391538.yaml
+++ b/nuclei-templates/2023/CVE-2023-2286-f0b0a230f7453036382fc231a8391538.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-2286
   metadata:
-    fofa-query: "wp-content/plugins/wp-security-audit-log/"
-    google-query: inurl:"/wp-content/plugins/wp-security-audit-log/"
+    fofa-query: "wp-content/plugins/wp-security-audit-log-premium/"
+    google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/"
     shodan-query: 'vuln:CVE-2023-2286'
-  tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium
+  tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log-premium/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "wp-security-audit-log"
+          - "wp-security-audit-log-premium"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-2287-f0869bd6c833a2dcca8d781669a8f39f.yaml b/nuclei-templates/2023/CVE-2023-2287-f0869bd6c833a2dcca8d781669a8f39f.yaml
index fa2f1da2a9..d2b2b8b3bb 100644
--- a/nuclei-templates/2023/CVE-2023-2287-f0869bd6c833a2dcca8d781669a8f39f.yaml
+++ b/nuclei-templates/2023/CVE-2023-2287-f0869bd6c833a2dcca8d781669a8f39f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orbit Fox by ThemeIsle <= 2.10.23 - Authenticated (Author+) Server-Side Request Forgery via URL
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 2.10.23 via the parse_request function. This can allow authenticated attackers with the upload_files capability, like authors and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themeisle-companion/"
     google-query: inurl:"/wp-content/plugins/themeisle-companion/"
     shodan-query: 'vuln:CVE-2023-2287'
-  tags: cve,wordpress,wp-plugin,themeisle-companion,high
+  tags: cve,wordpress,wp-plugin,themeisle-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2288-08e36a5e429e15172c47a461c7457404.yaml b/nuclei-templates/2023/CVE-2023-2288-08e36a5e429e15172c47a461c7457404.yaml
index 4025923de3..2c742952d7 100644
--- a/nuclei-templates/2023/CVE-2023-2288-08e36a5e429e15172c47a461c7457404.yaml
+++ b/nuclei-templates/2023/CVE-2023-2288-08e36a5e429e15172c47a461c7457404.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Otter - Gutenberg Blocks <= 2.2.5 - Authenticated (Author+) PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Otter - Gutenberg Blocks plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fallback' parameter in versions up to, and including 1.2.7. This makes it possible for authenticated attackers with author privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/otter-blocks/"
     google-query: inurl:"/wp-content/plugins/otter-blocks/"
     shodan-query: 'vuln:CVE-2023-2288'
-  tags: cve,wordpress,wp-plugin,otter-blocks,high
+  tags: cve,wordpress,wp-plugin,otter-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2299-301e81e7a190a838bf006476907547b4.yaml b/nuclei-templates/2023/CVE-2023-2299-301e81e7a190a838bf006476907547b4.yaml
index a1b0498388..90563b7c6b 100644
--- a/nuclei-templates/2023/CVE-2023-2299-301e81e7a190a838bf006476907547b4.yaml
+++ b/nuclei-templates/2023/CVE-2023-2299-301e81e7a190a838bf006476907547b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.0 - Missing Authorization on REST-API
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.4.0 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/"
     google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/"
     shodan-query: 'vuln:CVE-2023-2299'
-  tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,medium
+  tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2300-6c834138798466361126510722b04f6a.yaml b/nuclei-templates/2023/CVE-2023-2300-6c834138798466361126510722b04f6a.yaml
index afee2bcb18..4ecd82fe94 100644
--- a/nuclei-templates/2023/CVE-2023-2300-6c834138798466361126510722b04f6a.yaml
+++ b/nuclei-templates/2023/CVE-2023-2300-6c834138798466361126510722b04f6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Builder by vcita <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/"
     google-query: inurl:"/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/"
     shodan-query: 'vuln:CVE-2023-2300'
-  tags: cve,wordpress,wp-plugin,contact-form-with-a-meeting-scheduler-by-vcita,medium
+  tags: cve,wordpress,wp-plugin,contact-form-with-a-meeting-scheduler-by-vcita,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2302-730361678b13f8f0736a72594b63e5d4.yaml b/nuclei-templates/2023/CVE-2023-2302-730361678b13f8f0736a72594b63e5d4.yaml
index e4e57dc54b..97d0d4d0c9 100644
--- a/nuclei-templates/2023/CVE-2023-2302-730361678b13f8f0736a72594b63e5d4.yaml
+++ b/nuclei-templates/2023/CVE-2023-2302-730361678b13f8f0736a72594b63e5d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form and Calls To Action by vcita <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lead-capturing-call-to-actions-by-vcita/"
     google-query: inurl:"/wp-content/plugins/lead-capturing-call-to-actions-by-vcita/"
     shodan-query: 'vuln:CVE-2023-2302'
-  tags: cve,wordpress,wp-plugin,lead-capturing-call-to-actions-by-vcita,medium
+  tags: cve,wordpress,wp-plugin,lead-capturing-call-to-actions-by-vcita,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2304-f2c467fe9ec6884b9a3fd8b065881ed3.yaml b/nuclei-templates/2023/CVE-2023-2304-f2c467fe9ec6884b9a3fd8b065881ed3.yaml
index 09147e0626..7aadc34193 100644
--- a/nuclei-templates/2023/CVE-2023-2304-f2c467fe9ec6884b9a3fd8b065881ed3.yaml
+++ b/nuclei-templates/2023/CVE-2023-2304-f2c467fe9ec6884b9a3fd8b065881ed3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/favorites/"
     google-query: inurl:"/wp-content/plugins/favorites/"
     shodan-query: 'vuln:CVE-2023-2304'
-  tags: cve,wordpress,wp-plugin,favorites,medium
+  tags: cve,wordpress,wp-plugin,favorites,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2305-1c63696c8009b48d027fd7d86fee0dcb.yaml b/nuclei-templates/2023/CVE-2023-2305-1c63696c8009b48d027fd7d86fee0dcb.yaml
index 4149251fd9..3139796d70 100644
--- a/nuclei-templates/2023/CVE-2023-2305-1c63696c8009b48d027fd7d86fee0dcb.yaml
+++ b/nuclei-templates/2023/CVE-2023-2305-1c63696c8009b48d027fd7d86fee0dcb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2023-2305'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2320-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml b/nuclei-templates/2023/CVE-2023-2320-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml
index 60a37589dd..a2c1533d1d 100644
--- a/nuclei-templates/2023/CVE-2023-2320-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-2320-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-2320
   metadata:
-    fofa-query: "wp-content/plugins/cf7-google-sheets-connector-pro/"
-    google-query: inurl:"/wp-content/plugins/cf7-google-sheets-connector-pro/"
+    fofa-query: "wp-content/plugins/cf7-google-sheets-connector/"
+    google-query: inurl:"/wp-content/plugins/cf7-google-sheets-connector/"
     shodan-query: 'vuln:CVE-2023-2320'
-  tags: cve,wordpress,wp-plugin,cf7-google-sheets-connector-pro,medium
+  tags: cve,wordpress,wp-plugin,cf7-google-sheets-connector,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/cf7-google-sheets-connector-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/cf7-google-sheets-connector/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "cf7-google-sheets-connector-pro"
+          - "cf7-google-sheets-connector"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 2.3.7')
\ No newline at end of file
+          - compare_versions(version, '<= 5.0.1')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-2321-2c53b255c00d529e8b580e9b919c837b.yaml b/nuclei-templates/2023/CVE-2023-2321-2c53b255c00d529e8b580e9b919c837b.yaml
index 69d19c541f..7ac785363f 100644
--- a/nuclei-templates/2023/CVE-2023-2321-2c53b255c00d529e8b580e9b919c837b.yaml
+++ b/nuclei-templates/2023/CVE-2023-2321-2c53b255c00d529e8b580e9b919c837b.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-2321
   metadata:
-    fofa-query: "wp-content/plugins/gsheetconnector-wpforms-pro/"
-    google-query: inurl:"/wp-content/plugins/gsheetconnector-wpforms-pro/"
+    fofa-query: "wp-content/plugins/gsheetconnector-wpforms/"
+    google-query: inurl:"/wp-content/plugins/gsheetconnector-wpforms/"
     shodan-query: 'vuln:CVE-2023-2321'
-  tags: cve,wordpress,wp-plugin,gsheetconnector-wpforms-pro,medium
+  tags: cve,wordpress,wp-plugin,gsheetconnector-wpforms,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/gsheetconnector-wpforms-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/gsheetconnector-wpforms/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "gsheetconnector-wpforms-pro"
+          - "gsheetconnector-wpforms"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 2.5.7')
\ No newline at end of file
+          - compare_versions(version, '<= 3.4.5')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-2324-5bdb93ed09679c782c93a7aa96190eff.yaml b/nuclei-templates/2023/CVE-2023-2324-5bdb93ed09679c782c93a7aa96190eff.yaml
index 4517a728ba..5214960e43 100644
--- a/nuclei-templates/2023/CVE-2023-2324-5bdb93ed09679c782c93a7aa96190eff.yaml
+++ b/nuclei-templates/2023/CVE-2023-2324-5bdb93ed09679c782c93a7aa96190eff.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-2324
   metadata:
-    fofa-query: "wp-content/plugins/gsheetconnector-for-elementor-forms-pro/"
-    google-query: inurl:"/wp-content/plugins/gsheetconnector-for-elementor-forms-pro/"
+    fofa-query: "wp-content/plugins/gsheetconnector-for-elementor-forms/"
+    google-query: inurl:"/wp-content/plugins/gsheetconnector-for-elementor-forms/"
     shodan-query: 'vuln:CVE-2023-2324'
-  tags: cve,wordpress,wp-plugin,gsheetconnector-for-elementor-forms-pro,medium
+  tags: cve,wordpress,wp-plugin,gsheetconnector-for-elementor-forms,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/gsheetconnector-for-elementor-forms-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/gsheetconnector-for-elementor-forms/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "gsheetconnector-for-elementor-forms-pro"
+          - "gsheetconnector-for-elementor-forms"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-2333-faac6d1ff1697000b9b14ca585be6ab0.yaml b/nuclei-templates/2023/CVE-2023-2333-faac6d1ff1697000b9b14ca585be6ab0.yaml
index 92133a3280..60dd8045ed 100644
--- a/nuclei-templates/2023/CVE-2023-2333-faac6d1ff1697000b9b14ca585be6ab0.yaml
+++ b/nuclei-templates/2023/CVE-2023-2333-faac6d1ff1697000b9b14ca585be6ab0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Google Sheet Connector <= 1.2.6 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ninja Forms Google Sheet Connector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on the 'code' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.2
     cve-id: CVE-2023-2333
   metadata:
-    fofa-query: "wp-content/plugins/gsheetconnector-ninja-forms/"
-    google-query: inurl:"/wp-content/plugins/gsheetconnector-ninja-forms/"
+    fofa-query: "wp-content/plugins/gsheetconnector-ninja-forms-pro/"
+    google-query: inurl:"/wp-content/plugins/gsheetconnector-ninja-forms-pro/"
     shodan-query: 'vuln:CVE-2023-2333'
-  tags: cve,wordpress,wp-plugin,gsheetconnector-ninja-forms,high
+  tags: cve,wordpress,wp-plugin,gsheetconnector-ninja-forms-pro,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/gsheetconnector-ninja-forms/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/gsheetconnector-ninja-forms-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "gsheetconnector-ninja-forms"
+          - "gsheetconnector-ninja-forms-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.2.6')
\ No newline at end of file
+          - compare_versions(version, '<= 1.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-23490-2bb4b724bd1a7da8929a5d331260d484.yaml b/nuclei-templates/2023/CVE-2023-23490-2bb4b724bd1a7da8929a5d331260d484.yaml
index 51e40849a3..6fe9343b47 100644
--- a/nuclei-templates/2023/CVE-2023-23490-2bb4b724bd1a7da8929a5d331260d484.yaml
+++ b/nuclei-templates/2023/CVE-2023-23490-2bb4b724bd1a7da8929a5d331260d484.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Survey Maker < 3.1.2 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Survey Maker plugin for WordPress is vulnerable to SQL injection in versions before 3.1.2 via the 'ays_surveys_export_json' AJAX action. This allows authenticated attackers, including those with subscriber-level privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/survey-maker/"
     google-query: inurl:"/wp-content/plugins/survey-maker/"
     shodan-query: 'vuln:CVE-2023-23490'
-  tags: cve,wordpress,wp-plugin,survey-maker,high
+  tags: cve,wordpress,wp-plugin,survey-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2351-4b446531318d71c375cbec3251c138e5.yaml b/nuclei-templates/2023/CVE-2023-2351-4b446531318d71c375cbec3251c138e5.yaml
index 7ba71ea1ad..68f8599104 100644
--- a/nuclei-templates/2023/CVE-2023-2351-4b446531318d71c375cbec3251c138e5.yaml
+++ b/nuclei-templates/2023/CVE-2023-2351-4b446531318d71c375cbec3251c138e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdirectorykit/"
     google-query: inurl:"/wp-content/plugins/wpdirectorykit/"
     shodan-query: 'vuln:CVE-2023-2351'
-  tags: cve,wordpress,wp-plugin,wpdirectorykit,medium
+  tags: cve,wordpress,wp-plugin,wpdirectorykit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2353-8ecff4070b265868b558d6084036a925.yaml b/nuclei-templates/2023/CVE-2023-2353-8ecff4070b265868b558d6084036a925.yaml
index 74288b48df..e812910659 100644
--- a/nuclei-templates/2023/CVE-2023-2353-8ecff4070b265868b558d6084036a925.yaml
+++ b/nuclei-templates/2023/CVE-2023-2353-8ecff4070b265868b558d6084036a925.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CHP Ads Block Detector <= 3.9.4 - Missing Authorization to Plugin Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chp_abd_action function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level attackers to change or reset plugin settings. CVE-2023-36509 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chp-ads-block-detector/"
     google-query: inurl:"/wp-content/plugins/chp-ads-block-detector/"
     shodan-query: 'vuln:CVE-2023-2353'
-  tags: cve,wordpress,wp-plugin,chp-ads-block-detector,medium
+  tags: cve,wordpress,wp-plugin,chp-ads-block-detector,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2354-a6450bbcf1d391d632396e4291c55731.yaml b/nuclei-templates/2023/CVE-2023-2354-a6450bbcf1d391d632396e4291c55731.yaml
index 77f6f459f7..9ba2140587 100644
--- a/nuclei-templates/2023/CVE-2023-2354-a6450bbcf1d391d632396e4291c55731.yaml
+++ b/nuclei-templates/2023/CVE-2023-2354-a6450bbcf1d391d632396e4291c55731.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CHP Ads Block Detector <= 3.9.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chp-ads-block-detector/"
     google-query: inurl:"/wp-content/plugins/chp-ads-block-detector/"
     shodan-query: 'vuln:CVE-2023-2354'
-  tags: cve,wordpress,wp-plugin,chp-ads-block-detector,medium
+  tags: cve,wordpress,wp-plugin,chp-ads-block-detector,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2359-648072cf9e5d6b428e895ff9cc55e265.yaml b/nuclei-templates/2023/CVE-2023-2359-648072cf9e5d6b428e895ff9cc55e265.yaml
index 5f86166ee4..2689dba581 100644
--- a/nuclei-templates/2023/CVE-2023-2359-648072cf9e5d6b428e895ff9cc55e265.yaml
+++ b/nuclei-templates/2023/CVE-2023-2359-648072cf9e5d6b428e895ff9cc55e265.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Revolution <= 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Slider Revolution plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including, 6.6.12. This makes it possible for authenticated attackers with administrator-level attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. While the default settings allow only administrators to exploit this vulnerability, this privilege can be granted to users as low as author.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/revslider/"
     google-query: inurl:"/wp-content/plugins/revslider/"
     shodan-query: 'vuln:CVE-2023-2359'
-  tags: cve,wordpress,wp-plugin,revslider,high
+  tags: cve,wordpress,wp-plugin,revslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2362-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/2023/CVE-2023-2362-03747b0c7844da2a502c367644e13831.yaml
index 511995e446..c366858723 100644
--- a/nuclei-templates/2023/CVE-2023-2362-03747b0c7844da2a502c367644e13831.yaml
+++ b/nuclei-templates/2023/CVE-2023-2362-03747b0c7844da2a502c367644e13831.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-2362
   metadata:
-    fofa-query: "wp-content/plugins/mwp-herd-effect/"
-    google-query: inurl:"/wp-content/plugins/mwp-herd-effect/"
+    fofa-query: "wp-content/plugins/button-generation/"
+    google-query: inurl:"/wp-content/plugins/button-generation/"
     shodan-query: 'vuln:CVE-2023-2362'
-  tags: cve,wordpress,wp-plugin,mwp-herd-effect,medium
+  tags: cve,wordpress,wp-plugin,button-generation,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/mwp-herd-effect/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/button-generation/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "mwp-herd-effect"
+          - "button-generation"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 5.2.1')
\ No newline at end of file
+          - compare_versions(version, '<= 2.3.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-23639-b093b4fe361511a13e571267d2dc54e9.yaml b/nuclei-templates/2023/CVE-2023-23639-b093b4fe361511a13e571267d2dc54e9.yaml
index c561de5897..6458593090 100644
--- a/nuclei-templates/2023/CVE-2023-23639-b093b4fe361511a13e571267d2dc54e9.yaml
+++ b/nuclei-templates/2023/CVE-2023-23639-b093b4fe361511a13e571267d2dc54e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Staging Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Staging Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0.3, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-staging-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-staging-extension/"
     shodan-query: 'vuln:CVE-2023-23639'
-  tags: cve,wordpress,wp-plugin,mainwp-staging-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-staging-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23640-aca127a8ed0bd7922687fe103f18d74f.yaml b/nuclei-templates/2023/CVE-2023-23640-aca127a8ed0bd7922687fe103f18d74f.yaml
index 7ddb3da5aa..ed58940bef 100644
--- a/nuclei-templates/2023/CVE-2023-23640-aca127a8ed0bd7922687fe103f18d74f.yaml
+++ b/nuclei-templates/2023/CVE-2023-23640-aca127a8ed0bd7922687fe103f18d74f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP UpdraftPlus Extension <= 4.0.6 - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP UpdraftPlus Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0.6, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-updraftplus-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-updraftplus-extension/"
     shodan-query: 'vuln:CVE-2023-23640'
-  tags: cve,wordpress,wp-plugin,mainwp-updraftplus-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-updraftplus-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23641-de9e079bb83ef0de7a86b06c72e28cbc.yaml b/nuclei-templates/2023/CVE-2023-23641-de9e079bb83ef0de7a86b06c72e28cbc.yaml
index b8c57cd1d7..7498fe0b3e 100644
--- a/nuclei-templates/2023/CVE-2023-23641-de9e079bb83ef0de7a86b06c72e28cbc.yaml
+++ b/nuclei-templates/2023/CVE-2023-23641-de9e079bb83ef0de7a86b06c72e28cbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uji Popup <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via uji_popup_code shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Uji Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘uji_popup_code’ shortcode in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uji-popup/"
     google-query: inurl:"/wp-content/plugins/uji-popup/"
     shodan-query: 'vuln:CVE-2023-23641'
-  tags: cve,wordpress,wp-plugin,uji-popup,medium
+  tags: cve,wordpress,wp-plugin,uji-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23642-cacc6911c40efb999d1fe86f0d0191d6.yaml b/nuclei-templates/2023/CVE-2023-23642-cacc6911c40efb999d1fe86f0d0191d6.yaml
index 2ee1749f01..a0cab94100 100644
--- a/nuclei-templates/2023/CVE-2023-23642-cacc6911c40efb999d1fe86f0d0191d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-23642-cacc6911c40efb999d1fe86f0d0191d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Clone Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Clone Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.0.2 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-clone-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-clone-extension/"
     shodan-query: 'vuln:CVE-2023-23642'
-  tags: cve,wordpress,wp-plugin,mainwp-clone-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-clone-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23643-aab60d7e635c7cb328946a00c5cb0802.yaml b/nuclei-templates/2023/CVE-2023-23643-aab60d7e635c7cb328946a00c5cb0802.yaml
index 08a0d0a4eb..0c0bddc5c7 100644
--- a/nuclei-templates/2023/CVE-2023-23643-aab60d7e635c7cb328946a00c5cb0802.yaml
+++ b/nuclei-templates/2023/CVE-2023-23643-aab60d7e635c7cb328946a00c5cb0802.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP iThemes Security Extension <= 4.1.1 - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP iThemes Security Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.1.1 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-ithemes-security-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-ithemes-security-extension/"
     shodan-query: 'vuln:CVE-2023-23643'
-  tags: cve,wordpress,wp-plugin,mainwp-ithemes-security-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-ithemes-security-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23644-1700178605ea1a028eb5734d4a1eaad7.yaml b/nuclei-templates/2023/CVE-2023-23644-1700178605ea1a028eb5734d4a1eaad7.yaml
index 5b8837fef9..83f756a568 100644
--- a/nuclei-templates/2023/CVE-2023-23644-1700178605ea1a028eb5734d4a1eaad7.yaml
+++ b/nuclei-templates/2023/CVE-2023-23644-1700178605ea1a028eb5734d4a1eaad7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Page Speed Extension <= 4.0.2 - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Page Speed Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.0.2 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-page-speed-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-page-speed-extension/"
     shodan-query: 'vuln:CVE-2023-23644'
-  tags: cve,wordpress,wp-plugin,mainwp-page-speed-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-page-speed-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23645-f6463e889774b4038473eb08cfdfa039.yaml b/nuclei-templates/2023/CVE-2023-23645-f6463e889774b4038473eb08cfdfa039.yaml
index aee0a8615f..890788475f 100644
--- a/nuclei-templates/2023/CVE-2023-23645-f6463e889774b4038473eb08cfdfa039.yaml
+++ b/nuclei-templates/2023/CVE-2023-23645-f6463e889774b4038473eb08cfdfa039.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Code Snippets Extension <= 4.0.2 - Authenticated (Subscriber+) PHP Code Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MainWP Code Snippets Extension for WordPress is vulnerable to code injection in versions up to, and including, 4.0.2. This makes it possible for attackers with subscriber-level privileges or higher to execute arbitrary code via the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-code-snippets-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-code-snippets-extension/"
     shodan-query: 'vuln:CVE-2023-23645'
-  tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23647-f7d812f744f4c9ca71f204033cc41839.yaml b/nuclei-templates/2023/CVE-2023-23647-f7d812f744f4c9ca71f204033cc41839.yaml
index 279ac01c42..72d90dcf39 100644
--- a/nuclei-templates/2023/CVE-2023-23647-f7d812f744f4c9ca71f204033cc41839.yaml
+++ b/nuclei-templates/2023/CVE-2023-23647-f7d812f744f4c9ca71f204033cc41839.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Team Member <= 4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via new_style_name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Team Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘new_style_name’ parameter in versions up to, and including, 4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/team-showcase-supreme/"
     google-query: inurl:"/wp-content/plugins/team-showcase-supreme/"
     shodan-query: 'vuln:CVE-2023-23647'
-  tags: cve,wordpress,wp-plugin,team-showcase-supreme,medium
+  tags: cve,wordpress,wp-plugin,team-showcase-supreme,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23648-2aa015126a1a525f86550f7ae828f7a6.yaml b/nuclei-templates/2023/CVE-2023-23648-2aa015126a1a525f86550f7ae828f7a6.yaml
index faad3810b2..443b15f711 100644
--- a/nuclei-templates/2023/CVE-2023-23648-2aa015126a1a525f86550f7ae828f7a6.yaml
+++ b/nuclei-templates/2023/CVE-2023-23648-2aa015126a1a525f86550f7ae828f7a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Rocket Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0.3 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-rocket-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-rocket-extension/"
     shodan-query: 'vuln:CVE-2023-23648'
-  tags: cve,wordpress,wp-plugin,mainwp-rocket-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-rocket-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23650-8f1eedab61ce04ff36cedd6b1737dcab.yaml b/nuclei-templates/2023/CVE-2023-23650-8f1eedab61ce04ff36cedd6b1737dcab.yaml
index 4239cdcfd9..9d549cf16f 100644
--- a/nuclei-templates/2023/CVE-2023-23650-8f1eedab61ce04ff36cedd6b1737dcab.yaml
+++ b/nuclei-templates/2023/CVE-2023-23650-8f1eedab61ce04ff36cedd6b1737dcab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Code Snippets Extension <= 4.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MainWP Code Snippets Extension for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-code-snippets-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-code-snippets-extension/"
     shodan-query: 'vuln:CVE-2023-23650'
-  tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23651-49a8bd4f442f3ed7ef68fc2e1242b1b6.yaml b/nuclei-templates/2023/CVE-2023-23651-49a8bd4f442f3ed7ef68fc2e1242b1b6.yaml
index 0dbc0caf34..8baddea4ae 100644
--- a/nuclei-templates/2023/CVE-2023-23651-49a8bd4f442f3ed7ef68fc2e1242b1b6.yaml
+++ b/nuclei-templates/2023/CVE-2023-23651-49a8bd4f442f3ed7ef68fc2e1242b1b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Google Analytics Extension <= 4.0.4 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MainWP Google Analytics Extension for WordPress are vulnerable to SQL Injection via an unknown parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-google-analytics-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-google-analytics-extension/"
     shodan-query: 'vuln:CVE-2023-23651'
-  tags: cve,wordpress,wp-plugin,mainwp-google-analytics-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-google-analytics-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23652-3959344c0c7e5999442d4341d93fe901.yaml b/nuclei-templates/2023/CVE-2023-23652-3959344c0c7e5999442d4341d93fe901.yaml
index ede5fe79bb..02a9fe6dab 100644
--- a/nuclei-templates/2023/CVE-2023-23652-3959344c0c7e5999442d4341d93fe901.yaml
+++ b/nuclei-templates/2023/CVE-2023-23652-3959344c0c7e5999442d4341d93fe901.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Google Analytics Extension <= 4.0.4 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Google Analytics Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.0.4 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-google-analytics-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-google-analytics-extension/"
     shodan-query: 'vuln:CVE-2023-23652'
-  tags: cve,wordpress,wp-plugin,mainwp-google-analytics-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-google-analytics-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23653-ef3286d81d94e9b713e6b4a272249cba.yaml b/nuclei-templates/2023/CVE-2023-23653-ef3286d81d94e9b713e6b4a272249cba.yaml
index 94650d0d70..89e82c99f8 100644
--- a/nuclei-templates/2023/CVE-2023-23653-ef3286d81d94e9b713e6b4a272249cba.yaml
+++ b/nuclei-templates/2023/CVE-2023-23653-ef3286d81d94e9b713e6b4a272249cba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP File Uploader Extension <= 4.1 - Authenticated (Subscriber+) Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MainWP File Uploader Extension for WordPress is vulnerable to arbitrary file download. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary files from the affected site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-file-uploader-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-file-uploader-extension/"
     shodan-query: 'vuln:CVE-2023-23653'
-  tags: cve,wordpress,wp-plugin,mainwp-file-uploader-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-file-uploader-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23654-74a58305bbc22438aab63e645d576e4d.yaml b/nuclei-templates/2023/CVE-2023-23654-74a58305bbc22438aab63e645d576e4d.yaml
index 55d3b241bb..d2acb17f6b 100644
--- a/nuclei-templates/2023/CVE-2023-23654-74a58305bbc22438aab63e645d576e4d.yaml
+++ b/nuclei-templates/2023/CVE-2023-23654-74a58305bbc22438aab63e645d576e4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SparkPost <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SparkPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sparkpost/"
     google-query: inurl:"/wp-content/plugins/sparkpost/"
     shodan-query: 'vuln:CVE-2023-23654'
-  tags: cve,wordpress,wp-plugin,sparkpost,medium
+  tags: cve,wordpress,wp-plugin,sparkpost,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23655-ebaaeb684636cb787d78e7b3c484407e.yaml b/nuclei-templates/2023/CVE-2023-23655-ebaaeb684636cb787d78e7b3c484407e.yaml
index df690bd651..62c5b81fd5 100644
--- a/nuclei-templates/2023/CVE-2023-23655-ebaaeb684636cb787d78e7b3c484407e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23655-ebaaeb684636cb787d78e7b3c484407e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Code Snippets Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Code Snippets Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.0.2 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-code-snippets-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-code-snippets-extension/"
     shodan-query: 'vuln:CVE-2023-23655'
-  tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23657-cabb923e0e757cd8efc2802197c2fa24.yaml b/nuclei-templates/2023/CVE-2023-23657-cabb923e0e757cd8efc2802197c2fa24.yaml
index 6b8a3d81f1..056fb0d1bd 100644
--- a/nuclei-templates/2023/CVE-2023-23657-cabb923e0e757cd8efc2802197c2fa24.yaml
+++ b/nuclei-templates/2023/CVE-2023-23657-cabb923e0e757cd8efc2802197c2fa24.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Subscribe List <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via smlsubform shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mail Subscribe List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘smlsubform’ shortcode in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-subscribe-list/"
     google-query: inurl:"/wp-content/plugins/mail-subscribe-list/"
     shodan-query: 'vuln:CVE-2023-23657'
-  tags: cve,wordpress,wp-plugin,mail-subscribe-list,medium
+  tags: cve,wordpress,wp-plugin,mail-subscribe-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23660-04f298147815233cd89825cce559844d.yaml b/nuclei-templates/2023/CVE-2023-23660-04f298147815233cd89825cce559844d.yaml
index a3349f6965..fa95a0e711 100644
--- a/nuclei-templates/2023/CVE-2023-23660-04f298147815233cd89825cce559844d.yaml
+++ b/nuclei-templates/2023/CVE-2023-23660-04f298147815233cd89825cce559844d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Maintenance Extension <= 4.1.1 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MainWP Maintenance Extension for WordPress are vulnerable to SQL Injection via an unknown parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-maintenance-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-maintenance-extension/"
     shodan-query: 'vuln:CVE-2023-23660'
-  tags: cve,wordpress,wp-plugin,mainwp-maintenance-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-maintenance-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23663-3b5c9ebf6b5cbb215fd772c13336a403.yaml b/nuclei-templates/2023/CVE-2023-23663-3b5c9ebf6b5cbb215fd772c13336a403.yaml
index 3da7aeb359..b4ad92324a 100644
--- a/nuclei-templates/2023/CVE-2023-23663-3b5c9ebf6b5cbb215fd772c13336a403.yaml
+++ b/nuclei-templates/2023/CVE-2023-23663-3b5c9ebf6b5cbb215fd772c13336a403.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Comments Extension <= 4.0.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Comments Extension plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 4.0.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete, approve or restore comments.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-comments-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-comments-extension/"
     shodan-query: 'vuln:CVE-2023-23663'
-  tags: cve,wordpress,wp-plugin,mainwp-comments-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-comments-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23664-8451bc0b3344f88890ab58dfe6424c23.yaml b/nuclei-templates/2023/CVE-2023-23664-8451bc0b3344f88890ab58dfe6424c23.yaml
index 33f3335be0..d03a594431 100644
--- a/nuclei-templates/2023/CVE-2023-23664-8451bc0b3344f88890ab58dfe6424c23.yaml
+++ b/nuclei-templates/2023/CVE-2023-23664-8451bc0b3344f88890ab58dfe6424c23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ConvertBox Auto Embed WordPress plugin <= 1.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ConvertBox Auto Embed WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cboxarea’ shortcode in versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/convertbox-auto-embed/"
     google-query: inurl:"/wp-content/plugins/convertbox-auto-embed/"
     shodan-query: 'vuln:CVE-2023-23664'
-  tags: cve,wordpress,wp-plugin,convertbox-auto-embed,medium
+  tags: cve,wordpress,wp-plugin,convertbox-auto-embed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23665-7bfb92cd98981d6d2231287741115d7d.yaml b/nuclei-templates/2023/CVE-2023-23665-7bfb92cd98981d6d2231287741115d7d.yaml
index d34e78b5aa..f680edf987 100644
--- a/nuclei-templates/2023/CVE-2023-23665-7bfb92cd98981d6d2231287741115d7d.yaml
+++ b/nuclei-templates/2023/CVE-2023-23665-7bfb92cd98981d6d2231287741115d7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Rocket Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.0.3 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-rocket-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-rocket-extension/"
     shodan-query: 'vuln:CVE-2023-23665'
-  tags: cve,wordpress,wp-plugin,mainwp-rocket-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-rocket-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23667-558e7a9aa7fa3c2ac2fdb51e4f62875d.yaml b/nuclei-templates/2023/CVE-2023-23667-558e7a9aa7fa3c2ac2fdb51e4f62875d.yaml
index 15b6abb3b3..6b073a0ac7 100644
--- a/nuclei-templates/2023/CVE-2023-23667-558e7a9aa7fa3c2ac2fdb51e4f62875d.yaml
+++ b/nuclei-templates/2023/CVE-2023-23667-558e7a9aa7fa3c2ac2fdb51e4f62875d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brands for WooCommerce <= 3.7.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Brands for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.7.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brands-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/brands-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-23667'
-  tags: cve,wordpress,wp-plugin,brands-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,brands-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23668-560e75b141006ad846ab2e105e9e507e.yaml b/nuclei-templates/2023/CVE-2023-23668-560e75b141006ad846ab2e105e9e507e.yaml
index 2973e684c6..50becf41ce 100644
--- a/nuclei-templates/2023/CVE-2023-23668-560e75b141006ad846ab2e105e9e507e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23668-560e75b141006ad846ab2e105e9e507e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via give_form_grid shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'give_form_grid' shortcode in versions up to, and including, 2.25.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2023-23668'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23669-089c7908dc4fffc678d9e3d75fcc62a9.yaml b/nuclei-templates/2023/CVE-2023-23669-089c7908dc4fffc678d9e3d75fcc62a9.yaml
index 8340b11f10..fcf75dd60f 100644
--- a/nuclei-templates/2023/CVE-2023-23669-089c7908dc4fffc678d9e3d75fcc62a9.yaml
+++ b/nuclei-templates/2023/CVE-2023-23669-089c7908dc4fffc678d9e3d75fcc62a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Wordfence Extension <= 4.0.7 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Wordfence Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.0.7 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-wordfence-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-wordfence-extension/"
     shodan-query: 'vuln:CVE-2023-23669'
-  tags: cve,wordpress,wp-plugin,mainwp-wordfence-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-wordfence-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23670-cedfa6f88d2bc9a6561954401e5a9b61.yaml b/nuclei-templates/2023/CVE-2023-23670-cedfa6f88d2bc9a6561954401e5a9b61.yaml
index 66142df37c..ee3ed67010 100644
--- a/nuclei-templates/2023/CVE-2023-23670-cedfa6f88d2bc9a6561954401e5a9b61.yaml
+++ b/nuclei-templates/2023/CVE-2023-23670-cedfa6f88d2bc9a6561954401e5a9b61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Fancy Comments <= 1.2.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Fancy Comments Plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping on user supplied attributes passed to the plugin's shortcodes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancy-facebook-comments/"
     google-query: inurl:"/wp-content/plugins/fancy-facebook-comments/"
     shodan-query: 'vuln:CVE-2023-23670'
-  tags: cve,wordpress,wp-plugin,fancy-facebook-comments,medium
+  tags: cve,wordpress,wp-plugin,fancy-facebook-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23672-85f432bf2dbf8ba147f83f3469bc9104.yaml b/nuclei-templates/2023/CVE-2023-23672-85f432bf2dbf8ba147f83f3469bc9104.yaml
index e7a3c76c69..df1a52d782 100644
--- a/nuclei-templates/2023/CVE-2023-23672-85f432bf2dbf8ba147f83f3469bc9104.yaml
+++ b/nuclei-templates/2023/CVE-2023-23672-85f432bf2dbf8ba147f83f3469bc9104.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.25.1 - Authenticated (Contributor+) Arbitrary Content Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP plugin for WordPress is vulnerable to Improper Authorization in versions up to, and including, 2.25.1. This makes it possible for authenticated attackers with contributor-level permissions to delete content from a vulnerable site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2023-23672'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23673-c8c3c4e396d486583b9e49a37e519b53.yaml b/nuclei-templates/2023/CVE-2023-23673-c8c3c4e396d486583b9e49a37e519b53.yaml
index 37656b07fe..1a898068d5 100644
--- a/nuclei-templates/2023/CVE-2023-23673-c8c3c4e396d486583b9e49a37e519b53.yaml
+++ b/nuclei-templates/2023/CVE-2023-23673-c8c3c4e396d486583b9e49a37e519b53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     I Recommend This <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The I Recommend This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/i-recommend-this/"
     google-query: inurl:"/wp-content/plugins/i-recommend-this/"
     shodan-query: 'vuln:CVE-2023-23673'
-  tags: cve,wordpress,wp-plugin,i-recommend-this,medium
+  tags: cve,wordpress,wp-plugin,i-recommend-this,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23674-40022e8f0d8dd6d5dda3b842e2bc95ed.yaml b/nuclei-templates/2023/CVE-2023-23674-40022e8f0d8dd6d5dda3b842e2bc95ed.yaml
index efdc306b73..a28ba13489 100644
--- a/nuclei-templates/2023/CVE-2023-23674-40022e8f0d8dd6d5dda3b842e2bc95ed.yaml
+++ b/nuclei-templates/2023/CVE-2023-23674-40022e8f0d8dd6d5dda3b842e2bc95ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Original Media Path <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Original Media Path plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-original-media-path/"
     google-query: inurl:"/wp-content/plugins/wp-original-media-path/"
     shodan-query: 'vuln:CVE-2023-23674'
-  tags: cve,wordpress,wp-plugin,wp-original-media-path,medium
+  tags: cve,wordpress,wp-plugin,wp-original-media-path,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23675-19694fc6eba31e53a1ac14bdaf6f6028.yaml b/nuclei-templates/2023/CVE-2023-23675-19694fc6eba31e53a1ac14bdaf6f6028.yaml
index 876bc7e1ab..b4e8df1845 100644
--- a/nuclei-templates/2023/CVE-2023-23675-19694fc6eba31e53a1ac14bdaf6f6028.yaml
+++ b/nuclei-templates/2023/CVE-2023-23675-19694fc6eba31e53a1ac14bdaf6f6028.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Smart Preloader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-smart-preloader/"
     google-query: inurl:"/wp-content/plugins/wp-smart-preloader/"
     shodan-query: 'vuln:CVE-2023-23675'
-  tags: cve,wordpress,wp-plugin,wp-smart-preloader,medium
+  tags: cve,wordpress,wp-plugin,wp-smart-preloader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23676-2ff1bc044255f45b7cf3b45392cb2e17.yaml b/nuclei-templates/2023/CVE-2023-23676-2ff1bc044255f45b7cf3b45392cb2e17.yaml
index ff2c901a9d..9b18d09732 100644
--- a/nuclei-templates/2023/CVE-2023-23676-2ff1bc044255f45b7cf3b45392cb2e17.yaml
+++ b/nuclei-templates/2023/CVE-2023-23676-2ff1bc044255f45b7cf3b45392cb2e17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Gallery <= 1.8.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_gallery_shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  File Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘file_gallery_shortcode’ function in versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/file-gallery/"
     google-query: inurl:"/wp-content/plugins/file-gallery/"
     shodan-query: 'vuln:CVE-2023-23676'
-  tags: cve,wordpress,wp-plugin,file-gallery,medium
+  tags: cve,wordpress,wp-plugin,file-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23678-6fafcaccee81c5d3208247d34dd3565c.yaml b/nuclei-templates/2023/CVE-2023-23678-6fafcaccee81c5d3208247d34dd3565c.yaml
index ee604baed8..89a89c0f60 100644
--- a/nuclei-templates/2023/CVE-2023-23678-6fafcaccee81c5d3208247d34dd3565c.yaml
+++ b/nuclei-templates/2023/CVE-2023-23678-6fafcaccee81c5d3208247d34dd3565c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 2.2.5 - Authenticated(Administrator+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 2.2.5. This allows authenticated administrators to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gdpr-cookie-consent/"
     google-query: inurl:"/wp-content/plugins/gdpr-cookie-consent/"
     shodan-query: 'vuln:CVE-2023-23678'
-  tags: cve,wordpress,wp-plugin,gdpr-cookie-consent,medium
+  tags: cve,wordpress,wp-plugin,gdpr-cookie-consent,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23679-37413a766ec0b67c1d3586422811e23c.yaml b/nuclei-templates/2023/CVE-2023-23679-37413a766ec0b67c1d3586422811e23c.yaml
index 1f1d09e849..5d6e74d7d2 100644
--- a/nuclei-templates/2023/CVE-2023-23679-37413a766ec0b67c1d3586422811e23c.yaml
+++ b/nuclei-templates/2023/CVE-2023-23679-37413a766ec0b67c1d3586422811e23c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The "JS Help Desk – Best Help Desk & Support Plugin" plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.7.7 via the 'email' parameter due to missing validation on a user controlled key. This can allow authenticated attackers, with subscriber-level access and above, to delete help desk tickets.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-support-ticket/"
     google-query: inurl:"/wp-content/plugins/js-support-ticket/"
     shodan-query: 'vuln:CVE-2023-23679'
-  tags: cve,wordpress,wp-plugin,js-support-ticket,medium
+  tags: cve,wordpress,wp-plugin,js-support-ticket,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23681-6e8db758b1055e1e1edd16d20fa3c329.yaml b/nuclei-templates/2023/CVE-2023-23681-6e8db758b1055e1e1edd16d20fa3c329.yaml
index 5805b07b8e..2e2f88d871 100644
--- a/nuclei-templates/2023/CVE-2023-23681-6e8db758b1055e1e1edd16d20fa3c329.yaml
+++ b/nuclei-templates/2023/CVE-2023-23681-6e8db758b1055e1e1edd16d20fa3c329.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects For WPBakery Page Builder <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Hover Effects For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-visual-composer-extension/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-visual-composer-extension/"
     shodan-query: 'vuln:CVE-2023-23681'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-visual-composer-extension,medium
+  tags: cve,wordpress,wp-plugin,image-hover-effects-visual-composer-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23682-276fdddefb69d404e325809486a9c5a4.yaml b/nuclei-templates/2023/CVE-2023-23682-276fdddefb69d404e325809486a9c5a4.yaml
index c9114cb194..252aae80fa 100644
--- a/nuclei-templates/2023/CVE-2023-23682-276fdddefb69d404e325809486a9c5a4.yaml
+++ b/nuclei-templates/2023/CVE-2023-23682-276fdddefb69d404e325809486a9c5a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EZP Maintenance Mode <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EZP Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-pie-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/easy-pie-maintenance-mode/"
     shodan-query: 'vuln:CVE-2023-23682'
-  tags: cve,wordpress,wp-plugin,easy-pie-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,easy-pie-maintenance-mode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23683-e6a4bf4b7def7461fd0f2bf14330f22c.yaml b/nuclei-templates/2023/CVE-2023-23683-e6a4bf4b7def7461fd0f2bf14330f22c.yaml
index 59de5e104a..d2111ec644 100644
--- a/nuclei-templates/2023/CVE-2023-23683-e6a4bf4b7def7461fd0f2bf14330f22c.yaml
+++ b/nuclei-templates/2023/CVE-2023-23683-e6a4bf4b7def7461fd0f2bf14330f22c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     White Label Branding for Elementor Page Builder <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The White Label Branding for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/white-label-branding-elementor/"
     google-query: inurl:"/wp-content/plugins/white-label-branding-elementor/"
     shodan-query: 'vuln:CVE-2023-23683'
-  tags: cve,wordpress,wp-plugin,white-label-branding-elementor,medium
+  tags: cve,wordpress,wp-plugin,white-label-branding-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23684-b238fd34b5c3e924a09fd674d5421611.yaml b/nuclei-templates/2023/CVE-2023-23684-b238fd34b5c3e924a09fd674d5421611.yaml
index f80fabfdaa..6c613e6c40 100644
--- a/nuclei-templates/2023/CVE-2023-23684-b238fd34b5c3e924a09fd674d5421611.yaml
+++ b/nuclei-templates/2023/CVE-2023-23684-b238fd34b5c3e924a09fd674d5421611.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPGraphQL <= 1.14.5 - Authenticated (Editor+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPGraphQL plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.14.5 via createMediaItem. This can allow authenticated attackers with editor access or higher to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-graphql/"
     google-query: inurl:"/wp-content/plugins/wp-graphql/"
     shodan-query: 'vuln:CVE-2023-23684'
-  tags: cve,wordpress,wp-plugin,wp-graphql,medium
+  tags: cve,wordpress,wp-plugin,wp-graphql,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23685-248c17eb0194783cca6065d1efba6689.yaml b/nuclei-templates/2023/CVE-2023-23685-248c17eb0194783cca6065d1efba6689.yaml
index 4b042e5053..16d5916a37 100644
--- a/nuclei-templates/2023/CVE-2023-23685-248c17eb0194783cca6065d1efba6689.yaml
+++ b/nuclei-templates/2023/CVE-2023-23685-248c17eb0194783cca6065d1efba6689.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Portfolio – WordPress Portfolio Plugin <= 2.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Portfolio – WordPress Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in versions up to, and including, 2.8.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tlp-portfolio/"
     google-query: inurl:"/wp-content/plugins/tlp-portfolio/"
     shodan-query: 'vuln:CVE-2023-23685'
-  tags: cve,wordpress,wp-plugin,tlp-portfolio,medium
+  tags: cve,wordpress,wp-plugin,tlp-portfolio,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23686-065f57f30aadd88480dc295cfdb7429a.yaml b/nuclei-templates/2023/CVE-2023-23686-065f57f30aadd88480dc295cfdb7429a.yaml
index 2a45f014fe..45e460d4d3 100644
--- a/nuclei-templates/2023/CVE-2023-23686-065f57f30aadd88480dc295cfdb7429a.yaml
+++ b/nuclei-templates/2023/CVE-2023-23686-065f57f30aadd88480dc295cfdb7429a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Staff List <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Staff List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-staff-list/"
     google-query: inurl:"/wp-content/plugins/simple-staff-list/"
     shodan-query: 'vuln:CVE-2023-23686'
-  tags: cve,wordpress,wp-plugin,simple-staff-list,medium
+  tags: cve,wordpress,wp-plugin,simple-staff-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23687-de2bc693a1c312889ab71164989a7177.yaml b/nuclei-templates/2023/CVE-2023-23687-de2bc693a1c312889ab71164989a7177.yaml
index d8457ae0b6..a6c1cb2dc6 100644
--- a/nuclei-templates/2023/CVE-2023-23687-de2bc693a1c312889ab71164989a7177.yaml
+++ b/nuclei-templates/2023/CVE-2023-23687-de2bc693a1c312889ab71164989a7177.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Youtube Shortcode <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-shortcode/"
     google-query: inurl:"/wp-content/plugins/youtube-shortcode/"
     shodan-query: 'vuln:CVE-2023-23687'
-  tags: cve,wordpress,wp-plugin,youtube-shortcode,medium
+  tags: cve,wordpress,wp-plugin,youtube-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23688-362e89b41145042eb5431e45e53b6db2.yaml b/nuclei-templates/2023/CVE-2023-23688-362e89b41145042eb5431e45e53b6db2.yaml
index 5c4edffcc6..817d9f3d43 100644
--- a/nuclei-templates/2023/CVE-2023-23688-362e89b41145042eb5431e45e53b6db2.yaml
+++ b/nuclei-templates/2023/CVE-2023-23688-362e89b41145042eb5431e45e53b6db2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Share Boost <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via ssboost shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Share Boost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ssboost shortcode in versions up to, and including, 4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-share-boost/"
     google-query: inurl:"/wp-content/plugins/social-share-boost/"
     shodan-query: 'vuln:CVE-2023-23688'
-  tags: cve,wordpress,wp-plugin,social-share-boost,medium
+  tags: cve,wordpress,wp-plugin,social-share-boost,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23699-941ae6e3f270ab1852f33bed4b21e75f.yaml b/nuclei-templates/2023/CVE-2023-23699-941ae6e3f270ab1852f33bed4b21e75f.yaml
index a73180f165..84ee1ed55f 100644
--- a/nuclei-templates/2023/CVE-2023-23699-941ae6e3f270ab1852f33bed4b21e75f.yaml
+++ b/nuclei-templates/2023/CVE-2023-23699-941ae6e3f270ab1852f33bed4b21e75f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Progress Bar <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppb shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppb' shortcode in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on the user-supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/progress-bar/"
     google-query: inurl:"/wp-content/plugins/progress-bar/"
     shodan-query: 'vuln:CVE-2023-23699'
-  tags: cve,wordpress,wp-plugin,progress-bar,medium
+  tags: cve,wordpress,wp-plugin,progress-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23700-edb6cbfc2b955228bcb748bd996c120c.yaml b/nuclei-templates/2023/CVE-2023-23700-edb6cbfc2b955228bcb748bd996c120c.yaml
index 9294379297..dddb278278 100644
--- a/nuclei-templates/2023/CVE-2023-23700-edb6cbfc2b955228bcb748bd996c120c.yaml
+++ b/nuclei-templates/2023/CVE-2023-23700-edb6cbfc2b955228bcb748bd996c120c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OceanWP <= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The OceanWP  theme for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.4. This allows subscriber-level attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/oceanwp/"
     google-query: inurl:"/wp-content/themes/oceanwp/"
     shodan-query: 'vuln:CVE-2023-23700'
-  tags: cve,wordpress,wp-theme,oceanwp,high
+  tags: cve,wordpress,wp-theme,oceanwp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23701-c3d61b837adb4506fbea73b489e751f0.yaml b/nuclei-templates/2023/CVE-2023-23701-c3d61b837adb4506fbea73b489e751f0.yaml
index 5f25531c5b..fa084dedc3 100644
--- a/nuclei-templates/2023/CVE-2023-23701-c3d61b837adb4506fbea73b489e751f0.yaml
+++ b/nuclei-templates/2023/CVE-2023-23701-c3d61b837adb4506fbea73b489e751f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Sign Up <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Sign Up plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-sign-up/"
     google-query: inurl:"/wp-content/plugins/easy-sign-up/"
     shodan-query: 'vuln:CVE-2023-23701'
-  tags: cve,wordpress,wp-plugin,easy-sign-up,medium
+  tags: cve,wordpress,wp-plugin,easy-sign-up,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23702-8c52e6f03af939f0f311c40af30d7f63.yaml b/nuclei-templates/2023/CVE-2023-23702-8c52e6f03af939f0f311c40af30d7f63.yaml
index 87470c6089..8548337161 100644
--- a/nuclei-templates/2023/CVE-2023-23702-8c52e6f03af939f0f311c40af30d7f63.yaml
+++ b/nuclei-templates/2023/CVE-2023-23702-8c52e6f03af939f0f311c40af30d7f63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comments Ratings <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Comments Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comments-ratings/"
     google-query: inurl:"/wp-content/plugins/comments-ratings/"
     shodan-query: 'vuln:CVE-2023-23702'
-  tags: cve,wordpress,wp-plugin,comments-ratings,medium
+  tags: cve,wordpress,wp-plugin,comments-ratings,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23703-2638501c4f697eb3fd2442b86e278a44.yaml b/nuclei-templates/2023/CVE-2023-23703-2638501c4f697eb3fd2442b86e278a44.yaml
index ab180aa67b..a6e56d9d58 100644
--- a/nuclei-templates/2023/CVE-2023-23703-2638501c4f697eb3fd2442b86e278a44.yaml
+++ b/nuclei-templates/2023/CVE-2023-23703-2638501c4f697eb3fd2442b86e278a44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Arconix Shortcodes <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via one or more shortcodes including the 'box_arconix_shortcode' in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on the user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/arconix-shortcodes/"
     google-query: inurl:"/wp-content/plugins/arconix-shortcodes/"
     shodan-query: 'vuln:CVE-2023-23703'
-  tags: cve,wordpress,wp-plugin,arconix-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,arconix-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23706-5585b9de0a3cacd6beb8b8edc279fcc3.yaml b/nuclei-templates/2023/CVE-2023-23706-5585b9de0a3cacd6beb8b8edc279fcc3.yaml
index 5f46da63f9..b41bfed65b 100644
--- a/nuclei-templates/2023/CVE-2023-23706-5585b9de0a3cacd6beb8b8edc279fcc3.yaml
+++ b/nuclei-templates/2023/CVE-2023-23706-5585b9de0a3cacd6beb8b8edc279fcc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5.14. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to trigger requests on behalf of an administrator, granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-login-openid/"
     google-query: inurl:"/wp-content/plugins/miniorange-login-openid/"
     shodan-query: 'vuln:CVE-2023-23706'
-  tags: cve,wordpress,wp-plugin,miniorange-login-openid,high
+  tags: cve,wordpress,wp-plugin,miniorange-login-openid,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23707-da04799a8ee55b9edffd7e84cb258c78.yaml b/nuclei-templates/2023/CVE-2023-23707-da04799a8ee55b9edffd7e84cb258c78.yaml
index 31af0cd0ca..be3b304b61 100644
--- a/nuclei-templates/2023/CVE-2023-23707-da04799a8ee55b9edffd7e84cb258c78.yaml
+++ b/nuclei-templates/2023/CVE-2023-23707-da04799a8ee55b9edffd7e84cb258c78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG files
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG files in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embed-any-document/"
     google-query: inurl:"/wp-content/plugins/embed-any-document/"
     shodan-query: 'vuln:CVE-2023-23707'
-  tags: cve,wordpress,wp-plugin,embed-any-document,medium
+  tags: cve,wordpress,wp-plugin,embed-any-document,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23708-4f85b81befb670bebb2829a27d7eeb09.yaml b/nuclei-templates/2023/CVE-2023-23708-4f85b81befb670bebb2829a27d7eeb09.yaml
index 7a0a663b29..5c5bc56cfa 100644
--- a/nuclei-templates/2023/CVE-2023-23708-4f85b81befb670bebb2829a27d7eeb09.yaml
+++ b/nuclei-templates/2023/CVE-2023-23708-4f85b81befb670bebb2829a27d7eeb09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visualizer <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Visualizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visualizer/"
     google-query: inurl:"/wp-content/plugins/visualizer/"
     shodan-query: 'vuln:CVE-2023-23708'
-  tags: cve,wordpress,wp-plugin,visualizer,medium
+  tags: cve,wordpress,wp-plugin,visualizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23709-d8720ff7be23b66bec0bd659c201c502.yaml b/nuclei-templates/2023/CVE-2023-23709-d8720ff7be23b66bec0bd659c201c502.yaml
index 781b7fc334..222c83b280 100644
--- a/nuclei-templates/2023/CVE-2023-23709-d8720ff7be23b66bec0bd659c201c502.yaml
+++ b/nuclei-templates/2023/CVE-2023-23709-d8720ff7be23b66bec0bd659c201c502.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPJAM Basic <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPJAM Basic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpjam-basic/"
     google-query: inurl:"/wp-content/plugins/wpjam-basic/"
     shodan-query: 'vuln:CVE-2023-23709'
-  tags: cve,wordpress,wp-plugin,wpjam-basic,medium
+  tags: cve,wordpress,wp-plugin,wpjam-basic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23710-c57529c85cbb2380b599b6f25e5d1cbd.yaml b/nuclei-templates/2023/CVE-2023-23710-c57529c85cbb2380b599b6f25e5d1cbd.yaml
index a04b38a959..6166e49ca0 100644
--- a/nuclei-templates/2023/CVE-2023-23710-c57529c85cbb2380b599b6f25e5d1cbd.yaml
+++ b/nuclei-templates/2023/CVE-2023-23710-c57529c85cbb2380b599b6f25e5d1cbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including,  7.5.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-login-openid/"
     google-query: inurl:"/wp-content/plugins/miniorange-login-openid/"
     shodan-query: 'vuln:CVE-2023-23710'
-  tags: cve,wordpress,wp-plugin,miniorange-login-openid,medium
+  tags: cve,wordpress,wp-plugin,miniorange-login-openid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23714-a75e8600265672ffbfe8fc90d6a06636.yaml b/nuclei-templates/2023/CVE-2023-23714-a75e8600265672ffbfe8fc90d6a06636.yaml
index ebb8ad4b1f..7ae39e77f4 100644
--- a/nuclei-templates/2023/CVE-2023-23714-a75e8600265672ffbfe8fc90d6a06636.yaml
+++ b/nuclei-templates/2023/CVE-2023-23714-a75e8600265672ffbfe8fc90d6a06636.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uncanny Toolkit for LearnDash <= 3.6.4.1 - Cross-Site Request Forgery to Arbitrary Plugin Install and Activation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Uncanny Toolkit for LearnDash plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.4.1. This is due to missing or incorrect nonce validation on the wp_ajax_auto_plugin_install function. This makes it possible for unauthenticated attackers to install or activate arbitrary plugins, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uncanny-learndash-toolkit/"
     google-query: inurl:"/wp-content/plugins/uncanny-learndash-toolkit/"
     shodan-query: 'vuln:CVE-2023-23714'
-  tags: cve,wordpress,wp-plugin,uncanny-learndash-toolkit,high
+  tags: cve,wordpress,wp-plugin,uncanny-learndash-toolkit,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23715-bd931f434035df45531eaa63d35d55b4.yaml b/nuclei-templates/2023/CVE-2023-23715-bd931f434035df45531eaa63d35d55b4.yaml
index 290457088c..7b418dbf34 100644
--- a/nuclei-templates/2023/CVE-2023-23715-bd931f434035df45531eaa63d35d55b4.yaml
+++ b/nuclei-templates/2023/CVE-2023-23715-bd931f434035df45531eaa63d35d55b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JobBoardWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the 
      actions_listener() function in versions up to, and including, 1.2.2. This makes it possible for authenticated attackers to manipulate other jobs postings than those that belong to them.
@@ -18,7 +18,7 @@ info:
     fofa-query: "wp-content/plugins/jobboardwp/"
     google-query: inurl:"/wp-content/plugins/jobboardwp/"
     shodan-query: 'vuln:CVE-2023-23715'
-  tags: cve,wordpress,wp-plugin,jobboardwp,medium
+  tags: cve,wordpress,wp-plugin,jobboardwp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23717-cb4e42488e82603fdda3ed8a6057c4fa.yaml b/nuclei-templates/2023/CVE-2023-23717-cb4e42488e82603fdda3ed8a6057c4fa.yaml
index a1d275662f..1097882adc 100644
--- a/nuclei-templates/2023/CVE-2023-23717-cb4e42488e82603fdda3ed8a6057c4fa.yaml
+++ b/nuclei-templates/2023/CVE-2023-23717-cb4e42488e82603fdda3ed8a6057c4fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Portfolio Slideshow <= 1.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Portfolio Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/portfolio-slideshow/"
     google-query: inurl:"/wp-content/plugins/portfolio-slideshow/"
     shodan-query: 'vuln:CVE-2023-23717'
-  tags: cve,wordpress,wp-plugin,portfolio-slideshow,medium
+  tags: cve,wordpress,wp-plugin,portfolio-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23718-06f0f6d997d3961c4576d91935933f05.yaml b/nuclei-templates/2023/CVE-2023-23718-06f0f6d997d3961c4576d91935933f05.yaml
index b5c3f68b91..5582d69d24 100644
--- a/nuclei-templates/2023/CVE-2023-23718-06f0f6d997d3961c4576d91935933f05.yaml
+++ b/nuclei-templates/2023/CVE-2023-23718-06f0f6d997d3961c4576d91935933f05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Loading Effects <= 2.0.0 - Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Loading Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-loading-effects/"
     google-query: inurl:"/wp-content/plugins/page-loading-effects/"
     shodan-query: 'vuln:CVE-2023-23718'
-  tags: cve,wordpress,wp-plugin,page-loading-effects,medium
+  tags: cve,wordpress,wp-plugin,page-loading-effects,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23720-569c4e32e955a5a711d57f73a7ff1bf2.yaml b/nuclei-templates/2023/CVE-2023-23720-569c4e32e955a5a711d57f73a7ff1bf2.yaml
index 2798ebbee1..562c6ce903 100644
--- a/nuclei-templates/2023/CVE-2023-23720-569c4e32e955a5a711d57f73a7ff1bf2.yaml
+++ b/nuclei-templates/2023/CVE-2023-23720-569c4e32e955a5a711d57f73a7ff1bf2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Verified Reviews (Avis Vérifiés) <= 2.3.14 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Verified Reviews (Avis Vérifiés) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via admin settings in versions up to, and including, 2.3.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/netreviews/"
     google-query: inurl:"/wp-content/plugins/netreviews/"
     shodan-query: 'vuln:CVE-2023-23720'
-  tags: cve,wordpress,wp-plugin,netreviews,medium
+  tags: cve,wordpress,wp-plugin,netreviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23721-df593141a2030e92d8b8a063fe09a284.yaml b/nuclei-templates/2023/CVE-2023-23721-df593141a2030e92d8b8a063fe09a284.yaml
index 6a451da5ac..608ed19a44 100644
--- a/nuclei-templates/2023/CVE-2023-23721-df593141a2030e92d8b8a063fe09a284.yaml
+++ b/nuclei-templates/2023/CVE-2023-23721-df593141a2030e92d8b8a063fe09a284.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Log <= 1.50 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Admin Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-log/"
     google-query: inurl:"/wp-content/plugins/admin-log/"
     shodan-query: 'vuln:CVE-2023-23721'
-  tags: cve,wordpress,wp-plugin,admin-log,high
+  tags: cve,wordpress,wp-plugin,admin-log,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23722-08485cb22c15bc9351789c0be0e79565.yaml b/nuclei-templates/2023/CVE-2023-23722-08485cb22c15bc9351789c0be0e79565.yaml
index 58b0a992e6..656a8f363d 100644
--- a/nuclei-templates/2023/CVE-2023-23722-08485cb22c15bc9351789c0be0e79565.yaml
+++ b/nuclei-templates/2023/CVE-2023-23722-08485cb22c15bc9351789c0be0e79565.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP eBay Product Feeds <= 3.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP eBay Product Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ebay-feeds-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/ebay-feeds-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-23722'
-  tags: cve,wordpress,wp-plugin,ebay-feeds-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,ebay-feeds-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23723-8b5e824a12086cc74066614f2e4e51cc.yaml b/nuclei-templates/2023/CVE-2023-23723-8b5e824a12086cc74066614f2e4e51cc.yaml
index 9eb0dbd151..20ba74ebe8 100644
--- a/nuclei-templates/2023/CVE-2023-23723-8b5e824a12086cc74066614f2e4e51cc.yaml
+++ b/nuclei-templates/2023/CVE-2023-23723-8b5e824a12086cc74066614f2e4e51cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Email Capture <= 3.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Email Capture plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-email-capture/"
     google-query: inurl:"/wp-content/plugins/wp-email-capture/"
     shodan-query: 'vuln:CVE-2023-23723'
-  tags: cve,wordpress,wp-plugin,wp-email-capture,medium
+  tags: cve,wordpress,wp-plugin,wp-email-capture,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23725-d28bd5fd4f3450ea3f311605e6d65b1d.yaml b/nuclei-templates/2023/CVE-2023-23725-d28bd5fd4f3450ea3f311605e6d65b1d.yaml
index f5db60e437..2ba9f82d5b 100644
--- a/nuclei-templates/2023/CVE-2023-23725-d28bd5fd4f3450ea3f311605e6d65b1d.yaml
+++ b/nuclei-templates/2023/CVE-2023-23725-d28bd5fd4f3450ea3f311605e6d65b1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes by Angie Makes <= 3.46 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shortcodes by Angie Makes plugin for WordPress is vulnerable to missing authorization due to a missing capability check on one of its functions in versions up to, and including, 3.46. This makes it possible for unauthenticated attackers to invoke this function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-shortcodes/"
     google-query: inurl:"/wp-content/plugins/wc-shortcodes/"
     shodan-query: 'vuln:CVE-2023-23725'
-  tags: cve,wordpress,wp-plugin,wc-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,wc-shortcodes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23727-309fdaa44a67ee8c05b1363fafbc2e7a.yaml b/nuclei-templates/2023/CVE-2023-23727-309fdaa44a67ee8c05b1363fafbc2e7a.yaml
index b0a240a234..7868293805 100644
--- a/nuclei-templates/2023/CVE-2023-23727-309fdaa44a67ee8c05b1363fafbc2e7a.yaml
+++ b/nuclei-templates/2023/CVE-2023-23727-309fdaa44a67ee8c05b1363fafbc2e7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formilla Live Chat <= 1.3.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaID'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Formilla Chat and Marketing Automation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'FormillaID' parameter in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formilla-live-chat/"
     google-query: inurl:"/wp-content/plugins/formilla-live-chat/"
     shodan-query: 'vuln:CVE-2023-23727'
-  tags: cve,wordpress,wp-plugin,formilla-live-chat,medium
+  tags: cve,wordpress,wp-plugin,formilla-live-chat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23728-d86c9fbec6faeed6e24c9e1120c7e0c6.yaml b/nuclei-templates/2023/CVE-2023-23728-d86c9fbec6faeed6e24c9e1120c7e0c6.yaml
index fe9bf7523c..ede0c98a08 100644
--- a/nuclei-templates/2023/CVE-2023-23728-d86c9fbec6faeed6e24c9e1120c7e0c6.yaml
+++ b/nuclei-templates/2023/CVE-2023-23728-d86c9fbec6faeed6e24c9e1120c7e0c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Flipclock <= 1.7.4 - Authenticated (Contributor+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Flipclock plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flipclock display settings in versions up to, and including,1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-flipclock/"
     google-query: inurl:"/wp-content/plugins/wp-flipclock/"
     shodan-query: 'vuln:CVE-2023-23728'
-  tags: cve,wordpress,wp-plugin,wp-flipclock,medium
+  tags: cve,wordpress,wp-plugin,wp-flipclock,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23729-7f4172230ab5f4cfd3c2df5f07ea6d4e.yaml b/nuclei-templates/2023/CVE-2023-23729-7f4172230ab5f4cfd3c2df5f07ea6d4e.yaml
index c6fdec6f49..90774258c1 100644
--- a/nuclei-templates/2023/CVE-2023-23729-7f4172230ab5f4cfd3c2df5f07ea6d4e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23729-7f4172230ab5f4cfd3c2df5f07ea6d4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization to Captcha Setting Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the forms_recaptcha function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with contributor-level permissions and above to modify the plugin's Captcha settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/"
     shodan-query: 'vuln:CVE-2023-23729'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23732-764235f1dad8997c7feda04c94cf2850.yaml b/nuclei-templates/2023/CVE-2023-23732-764235f1dad8997c7feda04c94cf2850.yaml
index 61847798f2..c1a4862a59 100644
--- a/nuclei-templates/2023/CVE-2023-23732-764235f1dad8997c7feda04c94cf2850.yaml
+++ b/nuclei-templates/2023/CVE-2023-23732-764235f1dad8997c7feda04c94cf2850.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Disqus Conditional Load <= 11.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings.
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Disqus Conditional Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin options such as 'dcl_div_width', 'dcl_type', and others in versions up to, and including, 11.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/disqus-conditional-load/"
     google-query: inurl:"/wp-content/plugins/disqus-conditional-load/"
     shodan-query: 'vuln:CVE-2023-23732'
-  tags: cve,wordpress,wp-plugin,disqus-conditional-load,medium
+  tags: cve,wordpress,wp-plugin,disqus-conditional-load,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23733-277494a31c77da0ae18248d4fccbad90.yaml b/nuclei-templates/2023/CVE-2023-23733-277494a31c77da0ae18248d4fccbad90.yaml
index 72ce3cfb5d..7b5defa820 100644
--- a/nuclei-templates/2023/CVE-2023-23733-277494a31c77da0ae18248d4fccbad90.yaml
+++ b/nuclei-templates/2023/CVE-2023-23733-277494a31c77da0ae18248d4fccbad90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lazy Social Comments <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Options
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Lazy Social Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin options such as 'box_width' in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lazy-facebook-comments/"
     google-query: inurl:"/wp-content/plugins/lazy-facebook-comments/"
     shodan-query: 'vuln:CVE-2023-23733'
-  tags: cve,wordpress,wp-plugin,lazy-facebook-comments,medium
+  tags: cve,wordpress,wp-plugin,lazy-facebook-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23734-e37188c1de6df4d33488960fa6e214fa.yaml b/nuclei-templates/2023/CVE-2023-23734-e37188c1de6df4d33488960fa6e214fa.yaml
index 1f39bfea70..e2adefc3c9 100644
--- a/nuclei-templates/2023/CVE-2023-23734-e37188c1de6df4d33488960fa6e214fa.yaml
+++ b/nuclei-templates/2023/CVE-2023-23734-e37188c1de6df4d33488960fa6e214fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Userlike <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Userlike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userlike/"
     google-query: inurl:"/wp-content/plugins/userlike/"
     shodan-query: 'vuln:CVE-2023-23734'
-  tags: cve,wordpress,wp-plugin,userlike,medium
+  tags: cve,wordpress,wp-plugin,userlike,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23745-6d4992572a9f9bd5311ba2254f8b32c1.yaml b/nuclei-templates/2023/CVE-2023-23745-6d4992572a9f9bd5311ba2254f8b32c1.yaml
index 0ae2b4c763..f3286519a6 100644
--- a/nuclei-templates/2023/CVE-2023-23745-6d4992572a9f9bd5311ba2254f8b32c1.yaml
+++ b/nuclei-templates/2023/CVE-2023-23745-6d4992572a9f9bd5311ba2254f8b32c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Boilerplate Extension <= 4.1 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Boilerplate Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.1 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/boilerplate-extension/"
     google-query: inurl:"/wp-content/plugins/boilerplate-extension/"
     shodan-query: 'vuln:CVE-2023-23745'
-  tags: cve,wordpress,wp-plugin,boilerplate-extension,medium
+  tags: cve,wordpress,wp-plugin,boilerplate-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23746-5bb6026096b7bf370409b664b0a819cb.yaml b/nuclei-templates/2023/CVE-2023-23746-5bb6026096b7bf370409b664b0a819cb.yaml
index 0a5e43919a..8c402f1adc 100644
--- a/nuclei-templates/2023/CVE-2023-23746-5bb6026096b7bf370409b664b0a819cb.yaml
+++ b/nuclei-templates/2023/CVE-2023-23746-5bb6026096b7bf370409b664b0a819cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP WordPress SEO Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP WordPress SEO Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0.1, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-seo-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-seo-extension/"
     shodan-query: 'vuln:CVE-2023-23746'
-  tags: cve,wordpress,wp-plugin,mainwp-seo-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-seo-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23747-88e0ecb64f4709b7a4173b13eb85c3b6.yaml b/nuclei-templates/2023/CVE-2023-23747-88e0ecb64f4709b7a4173b13eb85c3b6.yaml
index 9015e45470..49cb2e2899 100644
--- a/nuclei-templates/2023/CVE-2023-23747-88e0ecb64f4709b7a4173b13eb85c3b6.yaml
+++ b/nuclei-templates/2023/CVE-2023-23747-88e0ecb64f4709b7a4173b13eb85c3b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Buddy Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Buddy Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0.1 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-buddy-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-buddy-extension/"
     shodan-query: 'vuln:CVE-2023-23747'
-  tags: cve,wordpress,wp-plugin,mainwp-buddy-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-buddy-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23748-d432b5b11d667b6f9fe5cd55370cdb88.yaml b/nuclei-templates/2023/CVE-2023-23748-d432b5b11d667b6f9fe5cd55370cdb88.yaml
index 85005ec31e..ba7066a9be 100644
--- a/nuclei-templates/2023/CVE-2023-23748-d432b5b11d667b6f9fe5cd55370cdb88.yaml
+++ b/nuclei-templates/2023/CVE-2023-23748-d432b5b11d667b6f9fe5cd55370cdb88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP White Label Extension <= 4.1.1 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP White Label Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.1.1 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-branding-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-branding-extension/"
     shodan-query: 'vuln:CVE-2023-23748'
-  tags: cve,wordpress,wp-plugin,mainwp-branding-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-branding-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23785-d864c9b876d3aee646e414b358c69b64.yaml b/nuclei-templates/2023/CVE-2023-23785-d864c9b876d3aee646e414b358c69b64.yaml
index 35f7c0fed2..93e2cc1b77 100644
--- a/nuclei-templates/2023/CVE-2023-23785-d864c9b876d3aee646e414b358c69b64.yaml
+++ b/nuclei-templates/2023/CVE-2023-23785-d864c9b876d3aee646e414b358c69b64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exquisite PayPal Donation <= v2.0.0 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  Exquisite PayPal Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exquisite-paypal-donation/"
     google-query: inurl:"/wp-content/plugins/exquisite-paypal-donation/"
     shodan-query: 'vuln:CVE-2023-23785'
-  tags: cve,wordpress,wp-plugin,exquisite-paypal-donation,medium
+  tags: cve,wordpress,wp-plugin,exquisite-paypal-donation,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23786-fb9e76e2a53a99a1061be745850fe380.yaml b/nuclei-templates/2023/CVE-2023-23786-fb9e76e2a53a99a1061be745850fe380.yaml
index 142989c15d..b8d1e35c69 100644
--- a/nuclei-templates/2023/CVE-2023-23786-fb9e76e2a53a99a1061be745850fe380.yaml
+++ b/nuclei-templates/2023/CVE-2023-23786-fb9e76e2a53a99a1061be745850fe380.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post settings in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliate-toolkit-starter/"
     google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/"
     shodan-query: 'vuln:CVE-2023-23786'
-  tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,medium
+  tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23788-38be090459bf4011b3b41398d60796a6.yaml b/nuclei-templates/2023/CVE-2023-23788-38be090459bf4011b3b41398d60796a6.yaml
index 1dda38f184..bdf731d778 100644
--- a/nuclei-templates/2023/CVE-2023-23788-38be090459bf4011b3b41398d60796a6.yaml
+++ b/nuclei-templates/2023/CVE-2023-23788-38be090459bf4011b3b41398d60796a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom More Link Complete <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom More Link Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers ,with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-more-link-complete/"
     google-query: inurl:"/wp-content/plugins/custom-more-link-complete/"
     shodan-query: 'vuln:CVE-2023-23788'
-  tags: cve,wordpress,wp-plugin,custom-more-link-complete,medium
+  tags: cve,wordpress,wp-plugin,custom-more-link-complete,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23789-d025df7fa9c98e92f3b558a7323cb34f.yaml b/nuclei-templates/2023/CVE-2023-23789-d025df7fa9c98e92f3b558a7323cb34f.yaml
index d3412d3839..b137400982 100644
--- a/nuclei-templates/2023/CVE-2023-23789-d025df7fa9c98e92f3b558a7323cb34f.yaml
+++ b/nuclei-templates/2023/CVE-2023-23789-d025df7fa9c98e92f3b558a7323cb34f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premmerce Redirect Manager <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premmerce Redirect Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-redirect-manager/"
     google-query: inurl:"/wp-content/plugins/premmerce-redirect-manager/"
     shodan-query: 'vuln:CVE-2023-23789'
-  tags: cve,wordpress,wp-plugin,premmerce-redirect-manager,medium
+  tags: cve,wordpress,wp-plugin,premmerce-redirect-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23790-79c1e1544a74f2c87544fd2e816d236c.yaml b/nuclei-templates/2023/CVE-2023-23790-79c1e1544a74f2c87544fd2e816d236c.yaml
index b6ebbc2c81..488954430a 100644
--- a/nuclei-templates/2023/CVE-2023-23790-79c1e1544a74f2c87544fd2e816d236c.yaml
+++ b/nuclei-templates/2023/CVE-2023-23790-79c1e1544a74f2c87544fd2e816d236c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pods <= 2.9.10.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Pods plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10.2. This is due to missing or incorrect nonce validation when deleting pods. This makes it possible for unauthenticated attackers to delete pods via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pods/"
     google-query: inurl:"/wp-content/plugins/pods/"
     shodan-query: 'vuln:CVE-2023-23790'
-  tags: cve,wordpress,wp-plugin,pods,high
+  tags: cve,wordpress,wp-plugin,pods,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23793-66aaa6f41f27e2a7e948bc3c3424d334.yaml b/nuclei-templates/2023/CVE-2023-23793-66aaa6f41f27e2a7e948bc3c3424d334.yaml
index c7dcd66e49..2942b1f4f3 100644
--- a/nuclei-templates/2023/CVE-2023-23793-66aaa6f41f27e2a7e948bc3c3424d334.yaml
+++ b/nuclei-templates/2023/CVE-2023-23793-66aaa6f41f27e2a7e948bc3c3424d334.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Read More Without Refresh <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Read More Without Refresh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/read-more-without-refresh/"
     google-query: inurl:"/wp-content/plugins/read-more-without-refresh/"
     shodan-query: 'vuln:CVE-2023-23793'
-  tags: cve,wordpress,wp-plugin,read-more-without-refresh,medium
+  tags: cve,wordpress,wp-plugin,read-more-without-refresh,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23794-42f2aed82645b4c22a964230d4cf5c0e.yaml b/nuclei-templates/2023/CVE-2023-23794-42f2aed82645b4c22a964230d4cf5c0e.yaml
index abf7ef10fa..f8632915f6 100644
--- a/nuclei-templates/2023/CVE-2023-23794-42f2aed82645b4c22a964230d4cf5c0e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23794-42f2aed82645b4c22a964230d4cf5c0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Semalt Blocker <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Semalt Blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/semalt/"
     google-query: inurl:"/wp-content/plugins/semalt/"
     shodan-query: 'vuln:CVE-2023-23794'
-  tags: cve,wordpress,wp-plugin,semalt,medium
+  tags: cve,wordpress,wp-plugin,semalt,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23798-9cf47a9aaadc1341f9d7d43e1e7e02f2.yaml b/nuclei-templates/2023/CVE-2023-23798-9cf47a9aaadc1341f9d7d43e1e7e02f2.yaml
index aa751cac15..16bb6d6ff3 100644
--- a/nuclei-templates/2023/CVE-2023-23798-9cf47a9aaadc1341f9d7d43e1e7e02f2.yaml
+++ b/nuclei-templates/2023/CVE-2023-23798-9cf47a9aaadc1341f9d7d43e1e7e02f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Layer Slider <= 1.1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Layer Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-slideshow/"
     google-query: inurl:"/wp-content/plugins/slider-slideshow/"
     shodan-query: 'vuln:CVE-2023-23798'
-  tags: cve,wordpress,wp-plugin,slider-slideshow,medium
+  tags: cve,wordpress,wp-plugin,slider-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23799-0fb85e5ea92cfc0152cd39c07cc97431.yaml b/nuclei-templates/2023/CVE-2023-23799-0fb85e5ea92cfc0152cd39c07cc97431.yaml
index 57cf63a2e9..597144e20e 100644
--- a/nuclei-templates/2023/CVE-2023-23799-0fb85e5ea92cfc0152cd39c07cc97431.yaml
+++ b/nuclei-templates/2023/CVE-2023-23799-0fb85e5ea92cfc0152cd39c07cc97431.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Panorama <= 1.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Panorama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-panorama/"
     google-query: inurl:"/wp-content/plugins/easy-panorama/"
     shodan-query: 'vuln:CVE-2023-23799'
-  tags: cve,wordpress,wp-plugin,easy-panorama,medium
+  tags: cve,wordpress,wp-plugin,easy-panorama,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23800-0445de609fc885d2b170effe241e7510.yaml b/nuclei-templates/2023/CVE-2023-23800-0445de609fc885d2b170effe241e7510.yaml
index 9a0a64a931..43ad8d1ab9 100644
--- a/nuclei-templates/2023/CVE-2023-23800-0445de609fc885d2b170effe241e7510.yaml
+++ b/nuclei-templates/2023/CVE-2023-23800-0445de609fc885d2b170effe241e7510.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 5.12.6. This is due to insufficient validation on the url being supplied via the "url" attribute of the su_csv_table shortcode. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2023-23800'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23806-73efd5c8bcd4c1bfe4df6f8b395749d7.yaml b/nuclei-templates/2023/CVE-2023-23806-73efd5c8bcd4c1bfe4df6f8b395749d7.yaml
index bf30679be6..8a37c4c7b6 100644
--- a/nuclei-templates/2023/CVE-2023-23806-73efd5c8bcd4c1bfe4df6f8b395749d7.yaml
+++ b/nuclei-templates/2023/CVE-2023-23806-73efd5c8bcd4c1bfe4df6f8b395749d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Custom Settings <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Custom Settings plugin is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-settings/"
     google-query: inurl:"/wp-content/plugins/custom-settings/"
     shodan-query: 'vuln:CVE-2023-23806'
-  tags: cve,wordpress,wp-plugin,custom-settings,medium
+  tags: cve,wordpress,wp-plugin,custom-settings,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23807-2c9039886374ff786c4c2e679732fd8d.yaml b/nuclei-templates/2023/CVE-2023-23807-2c9039886374ff786c4c2e679732fd8d.yaml
index 3e28c3d754..95f21bffc6 100644
--- a/nuclei-templates/2023/CVE-2023-23807-2c9039886374ff786c4c2e679732fd8d.yaml
+++ b/nuclei-templates/2023/CVE-2023-23807-2c9039886374ff786c4c2e679732fd8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MojoPlug Slide Panel <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MojoPlug Slide Panel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mojoplug-slide-panel/"
     google-query: inurl:"/wp-content/plugins/mojoplug-slide-panel/"
     shodan-query: 'vuln:CVE-2023-23807'
-  tags: cve,wordpress,wp-plugin,mojoplug-slide-panel,medium
+  tags: cve,wordpress,wp-plugin,mojoplug-slide-panel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23808-eca4f2076644e75e750957ea6e558bad.yaml b/nuclei-templates/2023/CVE-2023-23808-eca4f2076644e75e750957ea6e558bad.yaml
index a160024ffc..bcff1990da 100644
--- a/nuclei-templates/2023/CVE-2023-23808-eca4f2076644e75e750957ea6e558bad.yaml
+++ b/nuclei-templates/2023/CVE-2023-23808-eca4f2076644e75e750957ea6e558bad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sponsors Carousel <= 4.02 - Authenticated (Admin+) Stored Cross-Site Scripting in show
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sponsors Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the an image title in versions up to, and including, 4.02 due to insufficient input sanitization and output escaping on the show function. This makes it possible for authenticated attackers, with administrator-level privileges, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sponsors-carousel/"
     google-query: inurl:"/wp-content/plugins/sponsors-carousel/"
     shodan-query: 'vuln:CVE-2023-23808'
-  tags: cve,wordpress,wp-plugin,sponsors-carousel,medium
+  tags: cve,wordpress,wp-plugin,sponsors-carousel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23809-4d66daf76c1a504d8951d5442d44e0d6.yaml b/nuclei-templates/2023/CVE-2023-23809-4d66daf76c1a504d8951d5442d44e0d6.yaml
index 6ac1134e04..43587255c5 100644
--- a/nuclei-templates/2023/CVE-2023-23809-4d66daf76c1a504d8951d5442d44e0d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-23809-4d66daf76c1a504d8951d5442d44e0d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stock market charts from finviz <= 1.0.1 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Stock market charts from finviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stock-market-charts-from-finviz/"
     google-query: inurl:"/wp-content/plugins/stock-market-charts-from-finviz/"
     shodan-query: 'vuln:CVE-2023-23809'
-  tags: cve,wordpress,wp-plugin,stock-market-charts-from-finviz,medium
+  tags: cve,wordpress,wp-plugin,stock-market-charts-from-finviz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23810-f526a0fb0a181d070234f458832b61bd.yaml b/nuclei-templates/2023/CVE-2023-23810-f526a0fb0a181d070234f458832b61bd.yaml
index b57cced0bc..c19d47075e 100644
--- a/nuclei-templates/2023/CVE-2023-23810-f526a0fb0a181d070234f458832b61bd.yaml
+++ b/nuclei-templates/2023/CVE-2023-23810-f526a0fb0a181d070234f458832b61bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Panorama – WordPress Project Management Plugin <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Panorama – WordPress Project Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the psp_back and psp_slug setting values in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/project-panorama-lite/"
     google-query: inurl:"/wp-content/plugins/project-panorama-lite/"
     shodan-query: 'vuln:CVE-2023-23810'
-  tags: cve,wordpress,wp-plugin,project-panorama-lite,medium
+  tags: cve,wordpress,wp-plugin,project-panorama-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23811-2cf2ecadfdb85fc26b2f2d1670a74a60.yaml b/nuclei-templates/2023/CVE-2023-23811-2cf2ecadfdb85fc26b2f2d1670a74a60.yaml
index 84874040ec..83ab3d8ba1 100644
--- a/nuclei-templates/2023/CVE-2023-23811-2cf2ecadfdb85fc26b2f2d1670a74a60.yaml
+++ b/nuclei-templates/2023/CVE-2023-23811-2cf2ecadfdb85fc26b2f2d1670a74a60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smoothscroller <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smoothscroller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smoothscroller/"
     google-query: inurl:"/wp-content/plugins/smoothscroller/"
     shodan-query: 'vuln:CVE-2023-23811'
-  tags: cve,wordpress,wp-plugin,smoothscroller,medium
+  tags: cve,wordpress,wp-plugin,smoothscroller,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23812-71e56d0f97e8b4d7649e09ad58dd5927.yaml b/nuclei-templates/2023/CVE-2023-23812-71e56d0f97e8b4d7649e09ad58dd5927.yaml
index 35f50ed1a5..c4b52e547c 100644
--- a/nuclei-templates/2023/CVE-2023-23812-71e56d0f97e8b4d7649e09ad58dd5927.yaml
+++ b/nuclei-templates/2023/CVE-2023-23812-71e56d0f97e8b4d7649e09ad58dd5927.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Enhanced WP Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers ,with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-wordpress-contactform/"
     google-query: inurl:"/wp-content/plugins/enhanced-wordpress-contactform/"
     shodan-query: 'vuln:CVE-2023-23812'
-  tags: cve,wordpress,wp-plugin,enhanced-wordpress-contactform,medium
+  tags: cve,wordpress,wp-plugin,enhanced-wordpress-contactform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23813-dd53e1988ec5b5d25424d4247fd55d9d.yaml b/nuclei-templates/2023/CVE-2023-23813-dd53e1988ec5b5d25424d4247fd55d9d.yaml
index 80c5b55a10..7303534626 100644
--- a/nuclei-templates/2023/CVE-2023-23813-dd53e1988ec5b5d25424d4247fd55d9d.yaml
+++ b/nuclei-templates/2023/CVE-2023-23813-dd53e1988ec5b5d25424d4247fd55d9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Calendar <= 3.4.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The My Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-calendar/"
     google-query: inurl:"/wp-content/plugins/my-calendar/"
     shodan-query: 'vuln:CVE-2023-23813'
-  tags: cve,wordpress,wp-plugin,my-calendar,high
+  tags: cve,wordpress,wp-plugin,my-calendar,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23815-1179313cfd258782fb4aa71495304bc0.yaml b/nuclei-templates/2023/CVE-2023-23815-1179313cfd258782fb4aa71495304bc0.yaml
index 152c3a8888..10507f406c 100644
--- a/nuclei-templates/2023/CVE-2023-23815-1179313cfd258782fb4aa71495304bc0.yaml
+++ b/nuclei-templates/2023/CVE-2023-23815-1179313cfd258782fb4aa71495304bc0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multi-column Tag Map <= 17.0.24 - Authenticated (Contributor+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 17.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multi-column-tag-map/"
     google-query: inurl:"/wp-content/plugins/multi-column-tag-map/"
     shodan-query: 'vuln:CVE-2023-23815'
-  tags: cve,wordpress,wp-plugin,multi-column-tag-map,medium
+  tags: cve,wordpress,wp-plugin,multi-column-tag-map,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23816-e71a52c7f200dba2edfeb838eff9f8f3.yaml b/nuclei-templates/2023/CVE-2023-23816-e71a52c7f200dba2edfeb838eff9f8f3.yaml
index 58d600ecc0..7047592b3b 100644
--- a/nuclei-templates/2023/CVE-2023-23816-e71a52c7f200dba2edfeb838eff9f8f3.yaml
+++ b/nuclei-templates/2023/CVE-2023-23816-e71a52c7f200dba2edfeb838eff9f8f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sitemap Index <= 1.2.3 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sitemap Index plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitemap-index/"
     google-query: inurl:"/wp-content/plugins/sitemap-index/"
     shodan-query: 'vuln:CVE-2023-23816'
-  tags: cve,wordpress,wp-plugin,sitemap-index,medium
+  tags: cve,wordpress,wp-plugin,sitemap-index,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23817-03f092a688a4fa72580d80fe6ada5bb3.yaml b/nuclei-templates/2023/CVE-2023-23817-03f092a688a4fa72580d80fe6ada5bb3.yaml
index 416c1c5bb8..d2c036597a 100644
--- a/nuclei-templates/2023/CVE-2023-23817-03f092a688a4fa72580d80fe6ada5bb3.yaml
+++ b/nuclei-templates/2023/CVE-2023-23817-03f092a688a4fa72580d80fe6ada5bb3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple PDF Viewer <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via googlepdf Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the googlepdf shortcode in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-pdf-viewer/"
     google-query: inurl:"/wp-content/plugins/simple-pdf-viewer/"
     shodan-query: 'vuln:CVE-2023-23817'
-  tags: cve,wordpress,wp-plugin,simple-pdf-viewer,medium
+  tags: cve,wordpress,wp-plugin,simple-pdf-viewer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23818-e5cd3f1b72f8c188bcce67a3cd5ccf0a.yaml b/nuclei-templates/2023/CVE-2023-23818-e5cd3f1b72f8c188bcce67a3cd5ccf0a.yaml
index 33286e15c0..96c3945082 100644
--- a/nuclei-templates/2023/CVE-2023-23818-e5cd3f1b72f8c188bcce67a3cd5ccf0a.yaml
+++ b/nuclei-templates/2023/CVE-2023-23818-e5cd3f1b72f8c188bcce67a3cd5ccf0a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 3.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-register-profile-with-shortcode/"
     google-query: inurl:"/wp-content/plugins/wp-register-profile-with-shortcode/"
     shodan-query: 'vuln:CVE-2023-23818'
-  tags: cve,wordpress,wp-plugin,wp-register-profile-with-shortcode,medium
+  tags: cve,wordpress,wp-plugin,wp-register-profile-with-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23819-1b30aff662020c0b4f39f0c4b04b2958.yaml b/nuclei-templates/2023/CVE-2023-23819-1b30aff662020c0b4f39f0c4b04b2958.yaml
index a66f2f4ddc..599139381e 100644
--- a/nuclei-templates/2023/CVE-2023-23819-1b30aff662020c0b4f39f0c4b04b2958.yaml
+++ b/nuclei-templates/2023/CVE-2023-23819-1b30aff662020c0b4f39f0c4b04b2958.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     itemprop WP for SERP/SEO Rich snippets <= 3.5.201706131 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The itemprop WP for SERP/SEO Rich snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.5.201706131 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/itempropwp/"
     google-query: inurl:"/wp-content/plugins/itempropwp/"
     shodan-query: 'vuln:CVE-2023-23819'
-  tags: cve,wordpress,wp-plugin,itempropwp,medium
+  tags: cve,wordpress,wp-plugin,itempropwp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23820-93365cd3a26ee2a497f31876bb4917f2.yaml b/nuclei-templates/2023/CVE-2023-23820-93365cd3a26ee2a497f31876bb4917f2.yaml
index 68e8aa28cc..5af6227dd3 100644
--- a/nuclei-templates/2023/CVE-2023-23820-93365cd3a26ee2a497f31876bb4917f2.yaml
+++ b/nuclei-templates/2023/CVE-2023-23820-93365cd3a26ee2a497f31876bb4917f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfilePress <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2023-23820'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23821-a73b50da5126e009aa2afaa408141c1f.yaml b/nuclei-templates/2023/CVE-2023-23821-a73b50da5126e009aa2afaa408141c1f.yaml
index 6904a8ad90..49c7a646be 100644
--- a/nuclei-templates/2023/CVE-2023-23821-a73b50da5126e009aa2afaa408141c1f.yaml
+++ b/nuclei-templates/2023/CVE-2023-23821-a73b50da5126e009aa2afaa408141c1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Interactive Polish Map <= 1.2 - Authenticated (Admi+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Interactive Polish Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-polish-map/"
     google-query: inurl:"/wp-content/plugins/interactive-polish-map/"
     shodan-query: 'vuln:CVE-2023-23821'
-  tags: cve,wordpress,wp-plugin,interactive-polish-map,medium
+  tags: cve,wordpress,wp-plugin,interactive-polish-map,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23823-d8eaeaf9f69a4b2de6a788086b60bfc0.yaml b/nuclei-templates/2023/CVE-2023-23823-d8eaeaf9f69a4b2de6a788086b60bfc0.yaml
index 43f2dffd6a..0e7dcc839d 100644
--- a/nuclei-templates/2023/CVE-2023-23823-d8eaeaf9f69a4b2de6a788086b60bfc0.yaml
+++ b/nuclei-templates/2023/CVE-2023-23823-d8eaeaf9f69a4b2de6a788086b60bfc0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enhanced Text Widget <= 1.5.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.5.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of this functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-text-widget/"
     google-query: inurl:"/wp-content/plugins/enhanced-text-widget/"
     shodan-query: 'vuln:CVE-2023-23823'
-  tags: cve,wordpress,wp-plugin,enhanced-text-widget,medium
+  tags: cve,wordpress,wp-plugin,enhanced-text-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23824-808f401d9d8c5d86d169e876e53df971.yaml b/nuclei-templates/2023/CVE-2023-23824-808f401d9d8c5d86d169e876e53df971.yaml
index 5723137db6..ca63695ffe 100644
--- a/nuclei-templates/2023/CVE-2023-23824-808f401d9d8c5d86d169e876e53df971.yaml
+++ b/nuclei-templates/2023/CVE-2023-23824-808f401d9d8c5d86d169e876e53df971.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-TopBar <= 5.36 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP-TopBar plugin for WordPress is vulnerable to blind SQL Injection in versions up to, and including, 5.36 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-topbar/"
     google-query: inurl:"/wp-content/plugins/wp-topbar/"
     shodan-query: 'vuln:CVE-2023-23824'
-  tags: cve,wordpress,wp-plugin,wp-topbar,high
+  tags: cve,wordpress,wp-plugin,wp-topbar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23826-64cea71514683366dc6b4c2ffb6a6e72.yaml b/nuclei-templates/2023/CVE-2023-23826-64cea71514683366dc6b4c2ffb6a6e72.yaml
index f5c96829e3..2246f9ee64 100644
--- a/nuclei-templates/2023/CVE-2023-23826-64cea71514683366dc6b4c2ffb6a6e72.yaml
+++ b/nuclei-templates/2023/CVE-2023-23826-64cea71514683366dc6b4c2ffb6a6e72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Posts to Pages <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add Posts to Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [add_posts_func] shortcode in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-posts-to-pages/"
     google-query: inurl:"/wp-content/plugins/add-posts-to-pages/"
     shodan-query: 'vuln:CVE-2023-23826'
-  tags: cve,wordpress,wp-plugin,add-posts-to-pages,medium
+  tags: cve,wordpress,wp-plugin,add-posts-to-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23827-e258e8570aa5a2a07663517678c9341e.yaml b/nuclei-templates/2023/CVE-2023-23827-e258e8570aa5a2a07663517678c9341e.yaml
index 2e34180ef1..a28405b151 100644
--- a/nuclei-templates/2023/CVE-2023-23827-e258e8570aa5a2a07663517678c9341e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23827-e258e8570aa5a2a07663517678c9341e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Maps v3 Shortcode <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Maps v3 Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-maps-v3-shortcode/"
     google-query: inurl:"/wp-content/plugins/google-maps-v3-shortcode/"
     shodan-query: 'vuln:CVE-2023-23827'
-  tags: cve,wordpress,wp-plugin,google-maps-v3-shortcode,medium
+  tags: cve,wordpress,wp-plugin,google-maps-v3-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23828-2349a7bd555a58451ac9e6f7145fe711.yaml b/nuclei-templates/2023/CVE-2023-23828-2349a7bd555a58451ac9e6f7145fe711.yaml
index 224fbfd470..5aa37c6f6c 100644
--- a/nuclei-templates/2023/CVE-2023-23828-2349a7bd555a58451ac9e6f7145fe711.yaml
+++ b/nuclei-templates/2023/CVE-2023-23828-2349a7bd555a58451ac9e6f7145fe711.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Category Post List Widget <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Category Post List Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-category-posts-list/"
     google-query: inurl:"/wp-content/plugins/wp-category-posts-list/"
     shodan-query: 'vuln:CVE-2023-23828'
-  tags: cve,wordpress,wp-plugin,wp-category-posts-list,medium
+  tags: cve,wordpress,wp-plugin,wp-category-posts-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23829-9a422d0a1f5b287c75a0c4e8af0a5fc9.yaml b/nuclei-templates/2023/CVE-2023-23829-9a422d0a1f5b287c75a0c4e8af0a5fc9.yaml
index f011a61b76..da74612da8 100644
--- a/nuclei-templates/2023/CVE-2023-23829-9a422d0a1f5b287c75a0c4e8af0a5fc9.yaml
+++ b/nuclei-templates/2023/CVE-2023-23829-9a422d0a1f5b287c75a0c4e8af0a5fc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Owl Carousel <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Owl Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/owl-carousel/"
     google-query: inurl:"/wp-content/plugins/owl-carousel/"
     shodan-query: 'vuln:CVE-2023-23829'
-  tags: cve,wordpress,wp-plugin,owl-carousel,medium
+  tags: cve,wordpress,wp-plugin,owl-carousel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23831-37317046e94cf4102e2b78af213fc732.yaml b/nuclei-templates/2023/CVE-2023-23831-37317046e94cf4102e2b78af213fc732.yaml
index 1994a44628..72b2580da0 100644
--- a/nuclei-templates/2023/CVE-2023-23831-37317046e94cf4102e2b78af213fc732.yaml
+++ b/nuclei-templates/2023/CVE-2023-23831-37317046e94cf4102e2b78af213fc732.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rating Widget <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rating-widget/"
     google-query: inurl:"/wp-content/plugins/rating-widget/"
     shodan-query: 'vuln:CVE-2023-23831'
-  tags: cve,wordpress,wp-plugin,rating-widget,medium
+  tags: cve,wordpress,wp-plugin,rating-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23832-f48aa8ce150f50f9f99d4d22650a952e.yaml b/nuclei-templates/2023/CVE-2023-23832-f48aa8ce150f50f9f99d4d22650a952e.yaml
index 44f89b1de6..74826b03e5 100644
--- a/nuclei-templates/2023/CVE-2023-23832-f48aa8ce150f50f9f99d4d22650a952e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23832-f48aa8ce150f50f9f99d4d22650a952e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate WP Query Search Filter <= 1.0.10 - Authenticated (Contributor+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate WP Query Search Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-wp-query-search-filter/"
     google-query: inurl:"/wp-content/plugins/ultimate-wp-query-search-filter/"
     shodan-query: 'vuln:CVE-2023-23832'
-  tags: cve,wordpress,wp-plugin,ultimate-wp-query-search-filter,medium
+  tags: cve,wordpress,wp-plugin,ultimate-wp-query-search-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23833-e9fd5a8f4cb940c05dfbd60e736ab50a.yaml b/nuclei-templates/2023/CVE-2023-23833-e9fd5a8f4cb940c05dfbd60e736ab50a.yaml
index d7dba338a8..938712816a 100644
--- a/nuclei-templates/2023/CVE-2023-23833-e9fd5a8f4cb940c05dfbd60e736ab50a.yaml
+++ b/nuclei-templates/2023/CVE-2023-23833-e9fd5a8f4cb940c05dfbd60e736ab50a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Drop Shadow Boxes <= 1.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.7.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drop-shadow-boxes/"
     google-query: inurl:"/wp-content/plugins/drop-shadow-boxes/"
     shodan-query: 'vuln:CVE-2023-23833'
-  tags: cve,wordpress,wp-plugin,drop-shadow-boxes,medium
+  tags: cve,wordpress,wp-plugin,drop-shadow-boxes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23861-573c28c014e533996385e54c5801eb5e.yaml b/nuclei-templates/2023/CVE-2023-23861-573c28c014e533996385e54c5801eb5e.yaml
index 898227e9bf..8bb11d6ae3 100644
--- a/nuclei-templates/2023/CVE-2023-23861-573c28c014e533996385e54c5801eb5e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23861-573c28c014e533996385e54c5801eb5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GMAce <= 1.5.2 - Cross-Site Request Forgery via gmace_manager_client
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the 'gmace_manager_client' AJAX function. This makes it possible for unauthenticated attackers to perform file manager tasks via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gmace/"
     google-query: inurl:"/wp-content/plugins/gmace/"
     shodan-query: 'vuln:CVE-2023-23861'
-  tags: cve,wordpress,wp-plugin,gmace,high
+  tags: cve,wordpress,wp-plugin,gmace,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23862-4703f57dd95a665cc36f6d5726f726bb.yaml b/nuclei-templates/2023/CVE-2023-23862-4703f57dd95a665cc36f6d5726f726bb.yaml
index 766fcbc9bb..41b187c5bb 100644
--- a/nuclei-templates/2023/CVE-2023-23862-4703f57dd95a665cc36f6d5726f726bb.yaml
+++ b/nuclei-templates/2023/CVE-2023-23862-4703f57dd95a665cc36f6d5726f726bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vertical scroll recent post <= 14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Vertical scroll recent post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in versions up to, and including, 14.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vertical-scroll-recent-post/"
     google-query: inurl:"/wp-content/plugins/vertical-scroll-recent-post/"
     shodan-query: 'vuln:CVE-2023-23862'
-  tags: cve,wordpress,wp-plugin,vertical-scroll-recent-post,medium
+  tags: cve,wordpress,wp-plugin,vertical-scroll-recent-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23863-537feb2660b274ef93e595158af0eec1.yaml b/nuclei-templates/2023/CVE-2023-23863-537feb2660b274ef93e595158af0eec1.yaml
index 0da453e9bc..2e1ec0ceb4 100644
--- a/nuclei-templates/2023/CVE-2023-23863-537feb2660b274ef93e595158af0eec1.yaml
+++ b/nuclei-templates/2023/CVE-2023-23863-537feb2660b274ef93e595158af0eec1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TreePress – Easy Family Trees & Ancestor Profiles <= 2.0.22 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'post_title' parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TreePress – Easy Family Trees & Ancestor Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'post_title' parameter in versions up to, and including, 2.0.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/treepress/"
     google-query: inurl:"/wp-content/plugins/treepress/"
     shodan-query: 'vuln:CVE-2023-23863'
-  tags: cve,wordpress,wp-plugin,treepress,medium
+  tags: cve,wordpress,wp-plugin,treepress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23864-1f531b026c2443d4ba9e4c6118234d6d.yaml b/nuclei-templates/2023/CVE-2023-23864-1f531b026c2443d4ba9e4c6118234d6d.yaml
index 01bbcc13bc..b138785fb5 100644
--- a/nuclei-templates/2023/CVE-2023-23864-1f531b026c2443d4ba9e4c6118234d6d.yaml
+++ b/nuclei-templates/2023/CVE-2023-23864-1f531b026c2443d4ba9e4c6118234d6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Very Simple Google Maps <= 2.8.4 - Authenticated (Contributor+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/very-simple-google-maps/"
     google-query: inurl:"/wp-content/plugins/very-simple-google-maps/"
     shodan-query: 'vuln:CVE-2023-23864'
-  tags: cve,wordpress,wp-plugin,very-simple-google-maps,medium
+  tags: cve,wordpress,wp-plugin,very-simple-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23866-6b38cc619c1f1d13c6fce974aa8b5a90.yaml b/nuclei-templates/2023/CVE-2023-23866-6b38cc619c1f1d13c6fce974aa8b5a90.yaml
index 58f22e0586..a00d9444f6 100644
--- a/nuclei-templates/2023/CVE-2023-23866-6b38cc619c1f1d13c6fce974aa8b5a90.yaml
+++ b/nuclei-templates/2023/CVE-2023-23866-6b38cc619c1f1d13c6fce974aa8b5a90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Interactive Geo Maps <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-geo-maps/"
     google-query: inurl:"/wp-content/plugins/interactive-geo-maps/"
     shodan-query: 'vuln:CVE-2023-23866'
-  tags: cve,wordpress,wp-plugin,interactive-geo-maps,medium
+  tags: cve,wordpress,wp-plugin,interactive-geo-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23867-f3522c3cb0ccfb1220b311f9a238555b.yaml b/nuclei-templates/2023/CVE-2023-23867-f3522c3cb0ccfb1220b311f9a238555b.yaml
index 1cf4b79f1d..655f0076cd 100644
--- a/nuclei-templates/2023/CVE-2023-23867-f3522c3cb0ccfb1220b311f9a238555b.yaml
+++ b/nuclei-templates/2023/CVE-2023-23867-f3522c3cb0ccfb1220b311f9a238555b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Button Builder – Buttons X <= 0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Button Builder – Buttons X plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the btnsx shortcode in versions up to, and including, 0.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers , with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buttons-x/"
     google-query: inurl:"/wp-content/plugins/buttons-x/"
     shodan-query: 'vuln:CVE-2023-23867'
-  tags: cve,wordpress,wp-plugin,buttons-x,medium
+  tags: cve,wordpress,wp-plugin,buttons-x,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23868-bdd35485646018dc29c3dede2e0cfc31.yaml b/nuclei-templates/2023/CVE-2023-23868-bdd35485646018dc29c3dede2e0cfc31.yaml
index 8d25963f94..0f94109e06 100644
--- a/nuclei-templates/2023/CVE-2023-23868-bdd35485646018dc29c3dede2e0cfc31.yaml
+++ b/nuclei-templates/2023/CVE-2023-23868-bdd35485646018dc29c3dede2e0cfc31.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cost of Goods for WooCommerce <= 2.8.6 - Missing Authorization in save_costs
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cost of Goods for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_costs function in versions up to, and including, 2.8.6. This makes it possible for authenticated attackers, with contributor-level permissions and above, to perform an unauthorized edit or save of prices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cost-of-goods-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/cost-of-goods-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-23868'
-  tags: cve,wordpress,wp-plugin,cost-of-goods-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,cost-of-goods-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23870-cfda816b6240f8a3b82f71453a31052b.yaml b/nuclei-templates/2023/CVE-2023-23870-cfda816b6240f8a3b82f71453a31052b.yaml
index baaf54874a..cdd9565686 100644
--- a/nuclei-templates/2023/CVE-2023-23870-cfda816b6240f8a3b82f71453a31052b.yaml
+++ b/nuclei-templates/2023/CVE-2023-23870-cfda816b6240f8a3b82f71453a31052b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Vertical Icon Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdevart-vertical-menu/"
     google-query: inurl:"/wp-content/plugins/wpdevart-vertical-menu/"
     shodan-query: 'vuln:CVE-2023-23870'
-  tags: cve,wordpress,wp-plugin,wpdevart-vertical-menu,medium
+  tags: cve,wordpress,wp-plugin,wpdevart-vertical-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23871-63f1bf4087d9427b6d24f67f8ffe6d66.yaml b/nuclei-templates/2023/CVE-2023-23871-63f1bf4087d9427b6d24f67f8ffe6d66.yaml
index e7fcb0b2e3..8a76127426 100644
--- a/nuclei-templates/2023/CVE-2023-23871-63f1bf4087d9427b6d24f67f8ffe6d66.yaml
+++ b/nuclei-templates/2023/CVE-2023-23871-63f1bf4087d9427b6d24f67f8ffe6d66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Button <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 1.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/button/"
     google-query: inurl:"/wp-content/plugins/button/"
     shodan-query: 'vuln:CVE-2023-23871'
-  tags: cve,wordpress,wp-plugin,button,medium
+  tags: cve,wordpress,wp-plugin,button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23872-91afdd80e105f88c419657c28ec390b7.yaml b/nuclei-templates/2023/CVE-2023-23872-91afdd80e105f88c419657c28ec390b7.yaml
index bebbbdc64f..fa99f91076 100644
--- a/nuclei-templates/2023/CVE-2023-23872-91afdd80e105f88c419657c28ec390b7.yaml
+++ b/nuclei-templates/2023/CVE-2023-23872-91afdd80e105f88c419657c28ec390b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GMAce <= 1.5.2 - Authenticated(Admin+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GMAce plugin for WordPress is vulnerable to directory traversal in versions up to, and including, 1.5.2 via the 'gm-download-file' parameter. This allows authenticated attackers with administrator-level permissions to download arbitrary files from the webserver.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gmace/"
     google-query: inurl:"/wp-content/plugins/gmace/"
     shodan-query: 'vuln:CVE-2023-23872'
-  tags: cve,wordpress,wp-plugin,gmace,medium
+  tags: cve,wordpress,wp-plugin,gmace,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23873-3b3faa72335204be9fd1e5395bb7377e.yaml b/nuclei-templates/2023/CVE-2023-23873-3b3faa72335204be9fd1e5395bb7377e.yaml
index f55b37352f..55ec16e08c 100644
--- a/nuclei-templates/2023/CVE-2023-23873-3b3faa72335204be9fd1e5395bb7377e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23873-3b3faa72335204be9fd1e5395bb7377e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BBSpoiler <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BBSpoiler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.01 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers , with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbspoiler/"
     google-query: inurl:"/wp-content/plugins/bbspoiler/"
     shodan-query: 'vuln:CVE-2023-23873'
-  tags: cve,wordpress,wp-plugin,bbspoiler,medium
+  tags: cve,wordpress,wp-plugin,bbspoiler,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23874-cb44b891144850987aa067ef65bfd80b.yaml b/nuclei-templates/2023/CVE-2023-23874-cb44b891144850987aa067ef65bfd80b.yaml
index f3955a8a3d..a8b6e32b53 100644
--- a/nuclei-templates/2023/CVE-2023-23874-cb44b891144850987aa067ef65bfd80b.yaml
+++ b/nuclei-templates/2023/CVE-2023-23874-cb44b891144850987aa067ef65bfd80b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ditty <= 3.0.32 - Authenticated (Contributor+) Stored Cross-Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ditty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ditty-news-ticker/"
     google-query: inurl:"/wp-content/plugins/ditty-news-ticker/"
     shodan-query: 'vuln:CVE-2023-23874'
-  tags: cve,wordpress,wp-plugin,ditty-news-ticker,medium
+  tags: cve,wordpress,wp-plugin,ditty-news-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23875-bc281b421f8fff950362929962ab0019.yaml b/nuclei-templates/2023/CVE-2023-23875-bc281b421f8fff950362929962ab0019.yaml
index c68f08e6b6..4a5a128aad 100644
--- a/nuclei-templates/2023/CVE-2023-23875-bc281b421f8fff950362929962ab0019.yaml
+++ b/nuclei-templates/2023/CVE-2023-23875-bc281b421f8fff950362929962ab0019.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Binge Site Verification using Meta Tag <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Binge Site Verification using Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bing-site-verification-using-meta-tag/"
     google-query: inurl:"/wp-content/plugins/bing-site-verification-using-meta-tag/"
     shodan-query: 'vuln:CVE-2023-23875'
-  tags: cve,wordpress,wp-plugin,bing-site-verification-using-meta-tag,medium
+  tags: cve,wordpress,wp-plugin,bing-site-verification-using-meta-tag,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23876-bf60bab5b44140ba04d1559cd2178f30.yaml b/nuclei-templates/2023/CVE-2023-23876-bf60bab5b44140ba04d1559cd2178f30.yaml
index 3ef29f8319..370755b375 100644
--- a/nuclei-templates/2023/CVE-2023-23876-bf60bab5b44140ba04d1559cd2178f30.yaml
+++ b/nuclei-templates/2023/CVE-2023-23876-bf60bab5b44140ba04d1559cd2178f30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDataTables <= 2.1.49 -  Authenticated (Contributor+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpDataTables plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.49 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdatatables/"
     google-query: inurl:"/wp-content/plugins/wpdatatables/"
     shodan-query: 'vuln:CVE-2023-23876'
-  tags: cve,wordpress,wp-plugin,wpdatatables,medium
+  tags: cve,wordpress,wp-plugin,wpdatatables,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23877-62705338d1951d661bb8e5bc23d5b61e.yaml b/nuclei-templates/2023/CVE-2023-23877-62705338d1951d661bb8e5bc23d5b61e.yaml
index 6334079541..57881cfec1 100644
--- a/nuclei-templates/2023/CVE-2023-23877-62705338d1951d661bb8e5bc23d5b61e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23877-62705338d1951d661bb8e5bc23d5b61e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pinterest RSS Widget <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pinterest RSS Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "prw_shortcode" shortcode in versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pinterest-rss-widget/"
     google-query: inurl:"/wp-content/plugins/pinterest-rss-widget/"
     shodan-query: 'vuln:CVE-2023-23877'
-  tags: cve,wordpress,wp-plugin,pinterest-rss-widget,medium
+  tags: cve,wordpress,wp-plugin,pinterest-rss-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23878-5237dfae31b24b8180bcd6193ab8bd7f.yaml b/nuclei-templates/2023/CVE-2023-23878-5237dfae31b24b8180bcd6193ab8bd7f.yaml
index 26d38aa7a2..0b4b5bab58 100644
--- a/nuclei-templates/2023/CVE-2023-23878-5237dfae31b24b8180bcd6193ab8bd7f.yaml
+++ b/nuclei-templates/2023/CVE-2023-23878-5237dfae31b24b8180bcd6193ab8bd7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP MAPS <= 4.3.9 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP MAPS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-map-plugin/"
     google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/"
     shodan-query: 'vuln:CVE-2023-23878'
-  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium
+  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23880-9084030bbc61cd11a5b8832a564811a7.yaml b/nuclei-templates/2023/CVE-2023-23880-9084030bbc61cd11a5b8832a564811a7.yaml
index 61af0449fa..b83544bbdc 100644
--- a/nuclei-templates/2023/CVE-2023-23880-9084030bbc61cd11a5b8832a564811a7.yaml
+++ b/nuclei-templates/2023/CVE-2023-23880-9084030bbc61cd11a5b8832a564811a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ExactMetrics <= 7.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ExactMetrics plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.14.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-dashboard-for-wp/"
     google-query: inurl:"/wp-content/plugins/google-analytics-dashboard-for-wp/"
     shodan-query: 'vuln:CVE-2023-23880'
-  tags: cve,wordpress,wp-plugin,google-analytics-dashboard-for-wp,medium
+  tags: cve,wordpress,wp-plugin,google-analytics-dashboard-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23881-ae8255f2994549b36706bb9a56ad3c0f.yaml b/nuclei-templates/2023/CVE-2023-23881-ae8255f2994549b36706bb9a56ad3c0f.yaml
index 2ffa3ffe95..078d191305 100644
--- a/nuclei-templates/2023/CVE-2023-23881-ae8255f2994549b36706bb9a56ad3c0f.yaml
+++ b/nuclei-templates/2023/CVE-2023-23881-ae8255f2994549b36706bb9a56ad3c0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Circles Gallery <= 1.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  Circles Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/circles-gallery/"
     google-query: inurl:"/wp-content/plugins/circles-gallery/"
     shodan-query: 'vuln:CVE-2023-23881'
-  tags: cve,wordpress,wp-plugin,circles-gallery,medium
+  tags: cve,wordpress,wp-plugin,circles-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23882-1a33452c961e3444957f4bc07615cf79.yaml b/nuclei-templates/2023/CVE-2023-23882-1a33452c961e3444957f4bc07615cf79.yaml
index af6bf35ba5..878b9f5ad8 100644
--- a/nuclei-templates/2023/CVE-2023-23882-1a33452c961e3444957f4bc07615cf79.yaml
+++ b/nuclei-templates/2023/CVE-2023-23882-1a33452c961e3444957f4bc07615cf79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Beaver Builder - Lite <= 1.5.5 - Authenticated (Subscriber+) Settings Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Addons for Beaver Builder - Lite plugin for WordPress is vulnerable to authorization bypass due to a missing capability and nonce check on the 'fetch_cloud_templates' function in versions up to, and including, 1.5.5. This makes it possible for subscriber-level attackers to refresh the plugin's cloud templates.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     shodan-query: 'vuln:CVE-2023-23882'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23883-cf0e16a0243bc8e5fbe7907a0ee34454.yaml b/nuclei-templates/2023/CVE-2023-23883-cf0e16a0243bc8e5fbe7907a0ee34454.yaml
index 97dca2232c..897c6cc1c1 100644
--- a/nuclei-templates/2023/CVE-2023-23883-cf0e16a0243bc8e5fbe7907a0ee34454.yaml
+++ b/nuclei-templates/2023/CVE-2023-23883-cf0e16a0243bc8e5fbe7907a0ee34454.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Content Filter – Censor All Offensive Content From Your Site <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Content Filter – Censor All Offensive Content From Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-content-filter/"
     google-query: inurl:"/wp-content/plugins/wp-content-filter/"
     shodan-query: 'vuln:CVE-2023-23883'
-  tags: cve,wordpress,wp-plugin,wp-content-filter,medium
+  tags: cve,wordpress,wp-plugin,wp-content-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23884-0ba2d63b51e45936904968ed820d3fb0.yaml b/nuclei-templates/2023/CVE-2023-23884-0ba2d63b51e45936904968ed820d3fb0.yaml
index ba7a68cce9..f483f6ea1a 100644
--- a/nuclei-templates/2023/CVE-2023-23884-0ba2d63b51e45936904968ed820d3fb0.yaml
+++ b/nuclei-templates/2023/CVE-2023-23884-0ba2d63b51e45936904968ed820d3fb0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kanban Boards for WordPress <= 2.5.21 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Kanban Boards for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.5.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kanban/"
     google-query: inurl:"/wp-content/plugins/kanban/"
     shodan-query: 'vuln:CVE-2023-23884'
-  tags: cve,wordpress,wp-plugin,kanban,medium
+  tags: cve,wordpress,wp-plugin,kanban,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23885-62b74eeb9a66bc4a3cf51fa299ef8a9e.yaml b/nuclei-templates/2023/CVE-2023-23885-62b74eeb9a66bc4a3cf51fa299ef8a9e.yaml
index ac33e38757..1a739b9305 100644
--- a/nuclei-templates/2023/CVE-2023-23885-62b74eeb9a66bc4a3cf51fa299ef8a9e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23885-62b74eeb9a66bc4a3cf51fa299ef8a9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Contact Form <= 8.0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters like 'tab', 'sendtoemail', 'subject', 'formname', 'message', 'messageqty', and 'messageorder' (and numerous others) in versions up to, and including, 8.0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-contact-form/"
     google-query: inurl:"/wp-content/plugins/quick-contact-form/"
     shodan-query: 'vuln:CVE-2023-23885'
-  tags: cve,wordpress,wp-plugin,quick-contact-form,medium
+  tags: cve,wordpress,wp-plugin,quick-contact-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23888-f745637cf5ff648ecffd79a7f071d200.yaml b/nuclei-templates/2023/CVE-2023-23888-f745637cf5ff648ecffd79a7f071d200.yaml
index f0d82ff8b1..308fde4930 100644
--- a/nuclei-templates/2023/CVE-2023-23888-f745637cf5ff648ecffd79a7f071d200.yaml
+++ b/nuclei-templates/2023/CVE-2023-23888-f745637cf5ff648ecffd79a7f071d200.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RankMath SEO plugin for WordPress is vulnerable to Local File Inclusion via the 'update_schemas' and 'get_snippet_content' functions. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls or obtain sensitive data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-by-rank-math/"
     google-query: inurl:"/wp-content/plugins/seo-by-rank-math/"
     shodan-query: 'vuln:CVE-2023-23888'
-  tags: cve,wordpress,wp-plugin,seo-by-rank-math,medium
+  tags: cve,wordpress,wp-plugin,seo-by-rank-math,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23889-c39c9d651b411fa109fee2b8c3a1d9b8.yaml b/nuclei-templates/2023/CVE-2023-23889-c39c9d651b411fa109fee2b8c3a1d9b8.yaml
index ea8a684b66..d2f19dee2a 100644
--- a/nuclei-templates/2023/CVE-2023-23889-c39c9d651b411fa109fee2b8c3a1d9b8.yaml
+++ b/nuclei-templates/2023/CVE-2023-23889-c39c9d651b411fa109fee2b8c3a1d9b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Paypal Payments <= 5.7.25 - Authenticated (Contributor+) Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick Paypal Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 5.7.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-paypal-payments/"
     google-query: inurl:"/wp-content/plugins/quick-paypal-payments/"
     shodan-query: 'vuln:CVE-2023-23889'
-  tags: cve,wordpress,wp-plugin,quick-paypal-payments,medium
+  tags: cve,wordpress,wp-plugin,quick-paypal-payments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23891-dd78e64b2b479493968a1e6217c98447.yaml b/nuclei-templates/2023/CVE-2023-23891-dd78e64b2b479493968a1e6217c98447.yaml
index c306b293e8..e69f0ab8d1 100644
--- a/nuclei-templates/2023/CVE-2023-23891-dd78e64b2b479493968a1e6217c98447.yaml
+++ b/nuclei-templates/2023/CVE-2023-23891-dd78e64b2b479493968a1e6217c98447.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ocean Extra <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ocean-extra/"
     google-query: inurl:"/wp-content/plugins/ocean-extra/"
     shodan-query: 'vuln:CVE-2023-23891'
-  tags: cve,wordpress,wp-plugin,ocean-extra,medium
+  tags: cve,wordpress,wp-plugin,ocean-extra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23892-d65055d7026996d94428cd7d953a60fd.yaml b/nuclei-templates/2023/CVE-2023-23892-d65055d7026996d94428cd7d953a60fd.yaml
index eaaf4445fe..148c4a3c2e 100644
--- a/nuclei-templates/2023/CVE-2023-23892-d65055d7026996d94428cd7d953a60fd.yaml
+++ b/nuclei-templates/2023/CVE-2023-23892-d65055d7026996d94428cd7d953a60fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     M Chart <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The M Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/m-chart/"
     google-query: inurl:"/wp-content/plugins/m-chart/"
     shodan-query: 'vuln:CVE-2023-23892'
-  tags: cve,wordpress,wp-plugin,m-chart,medium
+  tags: cve,wordpress,wp-plugin,m-chart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23893-3a84f9286ec25d34a996b5cb4ee829c4.yaml b/nuclei-templates/2023/CVE-2023-23893-3a84f9286ec25d34a996b5cb4ee829c4.yaml
index cd98ace5da..0c0bff5dbb 100644
--- a/nuclei-templates/2023/CVE-2023-23893-3a84f9286ec25d34a996b5cb4ee829c4.yaml
+++ b/nuclei-templates/2023/CVE-2023-23893-3a84f9286ec25d34a996b5cb4ee829c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Giveaways plugin for WordPress is vulnerable to unauthorized actions due to a missing capability check on several AJAX actions in versions up to, and including, 2.46.0. This makes it possible for unauthenticated attackers to perform unauthorized actions allowing them to see available giveaways, save plugin settings, end giveaways and select winners among other things.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/giveasap/"
     google-query: inurl:"/wp-content/plugins/giveasap/"
     shodan-query: 'vuln:CVE-2023-23893'
-  tags: cve,wordpress,wp-plugin,giveasap,medium
+  tags: cve,wordpress,wp-plugin,giveasap,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23894-65bd3240ae8121decf63d5f24c3d008f.yaml b/nuclei-templates/2023/CVE-2023-23894-65bd3240ae8121decf63d5f24c3d008f.yaml
index df8955362b..d778775a8a 100644
--- a/nuclei-templates/2023/CVE-2023-23894-65bd3240ae8121decf63d5f24c3d008f.yaml
+++ b/nuclei-templates/2023/CVE-2023-23894-65bd3240ae8121decf63d5f24c3d008f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Surbma | GDPR Proof Cookie Consent & Notice Bar <= 17.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Surbma | GDPR Proof Cookie Consent & Notice Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 17.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/surbma-gdpr-proof-google-analytics/"
     google-query: inurl:"/wp-content/plugins/surbma-gdpr-proof-google-analytics/"
     shodan-query: 'vuln:CVE-2023-23894'
-  tags: cve,wordpress,wp-plugin,surbma-gdpr-proof-google-analytics,medium
+  tags: cve,wordpress,wp-plugin,surbma-gdpr-proof-google-analytics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23896-e9eaa7084ed183eefbf2977e6f156e8c.yaml b/nuclei-templates/2023/CVE-2023-23896-e9eaa7084ed183eefbf2977e6f156e8c.yaml
index 2cf26c0f36..5e03b3efd1 100644
--- a/nuclei-templates/2023/CVE-2023-23896-e9eaa7084ed183eefbf2977e6f156e8c.yaml
+++ b/nuclei-templates/2023/CVE-2023-23896-e9eaa7084ed183eefbf2977e6f156e8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     URL Shortener by MyThemeShop <= 1.0.16 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The URL Shortener plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 1.0.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to performs actions intended for higher-level users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mts-url-shortener/"
     google-query: inurl:"/wp-content/plugins/mts-url-shortener/"
     shodan-query: 'vuln:CVE-2023-23896'
-  tags: cve,wordpress,wp-plugin,mts-url-shortener,medium
+  tags: cve,wordpress,wp-plugin,mts-url-shortener,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23898-487e89618ab2c9b35b3c1576f9f20c5d.yaml b/nuclei-templates/2023/CVE-2023-23898-487e89618ab2c9b35b3c1576f9f20c5d.yaml
index 736f339600..8cf54c019f 100644
--- a/nuclei-templates/2023/CVE-2023-23898-487e89618ab2c9b35b3c1576f9f20c5d.yaml
+++ b/nuclei-templates/2023/CVE-2023-23898-487e89618ab2c9b35b3c1576f9f20c5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blocksy Companion <= 1.8.67 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksy_posts 
      shortcode in versions up to, and including, 1.8.67 due to insufficient input sanitization and output escaping on user supplied 'class' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
@@ -18,7 +18,7 @@ info:
     fofa-query: "wp-content/plugins/blocksy-companion/"
     google-query: inurl:"/wp-content/plugins/blocksy-companion/"
     shodan-query: 'vuln:CVE-2023-23898'
-  tags: cve,wordpress,wp-plugin,blocksy-companion,medium
+  tags: cve,wordpress,wp-plugin,blocksy-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23970-32eb01ee606ecc19d89dc769776b1c92.yaml b/nuclei-templates/2023/CVE-2023-23970-32eb01ee606ecc19d89dc769776b1c92.yaml
index 0f5a75f870..4a1cdec672 100644
--- a/nuclei-templates/2023/CVE-2023-23970-32eb01ee606ecc19d89dc769776b1c92.yaml
+++ b/nuclei-templates/2023/CVE-2023-23970-32eb01ee606ecc19d89dc769776b1c92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Corsa Theme <= 1.5 - Authenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Corsa Theme is vulnerable to Arbitrary File Upload in versions up to, and including, 1.5. This makes it possible for authenticated attackers, with subscriber level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/corsa/"
     google-query: inurl:"/wp-content/themes/corsa/"
     shodan-query: 'vuln:CVE-2023-23970'
-  tags: cve,wordpress,wp-theme,corsa,high
+  tags: cve,wordpress,wp-theme,corsa,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23972-243adc14e5399e777d2255721eb66201.yaml b/nuclei-templates/2023/CVE-2023-23972-243adc14e5399e777d2255721eb66201.yaml
index 87139d39d0..2b77d5fa67 100644
--- a/nuclei-templates/2023/CVE-2023-23972-243adc14e5399e777d2255721eb66201.yaml
+++ b/nuclei-templates/2023/CVE-2023-23972-243adc14e5399e777d2255721eb66201.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Like Box and Page by WpDevArt <= 0.8.39 - Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Like Box and Page by WpDevArt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via select elements in versions up to, and including, 0.8.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/like-box/"
     google-query: inurl:"/wp-content/plugins/like-box/"
     shodan-query: 'vuln:CVE-2023-23972'
-  tags: cve,wordpress,wp-plugin,like-box,medium
+  tags: cve,wordpress,wp-plugin,like-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23975-cb184c0a5bf632bde9de97505ce638ee.yaml b/nuclei-templates/2023/CVE-2023-23975-cb184c0a5bf632bde9de97505ce638ee.yaml
index 848d790bd9..779203e215 100644
--- a/nuclei-templates/2023/CVE-2023-23975-cb184c0a5bf632bde9de97505ce638ee.yaml
+++ b/nuclei-templates/2023/CVE-2023-23975-cb184c0a5bf632bde9de97505ce638ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Event Manager <= 9.7.4 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quick Event Manager plugin for WordPress is vulnerable to authorization bypass due to missing authorization checks on various calls in the qem_messages() function in versions up to, and including, 9.7.4. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to manage and alter registration settings that should be intended for site administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-event-manager/"
     google-query: inurl:"/wp-content/plugins/quick-event-manager/"
     shodan-query: 'vuln:CVE-2023-23975'
-  tags: cve,wordpress,wp-plugin,quick-event-manager,medium
+  tags: cve,wordpress,wp-plugin,quick-event-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23977-73dd9496dc7942d3595fe6b58faa41a3.yaml b/nuclei-templates/2023/CVE-2023-23977-73dd9496dc7942d3595fe6b58faa41a3.yaml
index ea183b8500..7a7f8142ff 100644
--- a/nuclei-templates/2023/CVE-2023-23977-73dd9496dc7942d3595fe6b58faa41a3.yaml
+++ b/nuclei-templates/2023/CVE-2023-23977-73dd9496dc7942d3595fe6b58faa41a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Social Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/heateor-social-comments/"
     google-query: inurl:"/wp-content/plugins/heateor-social-comments/"
     shodan-query: 'vuln:CVE-2023-23977'
-  tags: cve,wordpress,wp-plugin,heateor-social-comments,medium
+  tags: cve,wordpress,wp-plugin,heateor-social-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23978-11a9c2fdd6ced3454ae2f484273892ee.yaml b/nuclei-templates/2023/CVE-2023-23978-11a9c2fdd6ced3454ae2f484273892ee.yaml
index 9b9923a496..749b361697 100644
--- a/nuclei-templates/2023/CVE-2023-23978-11a9c2fdd6ced3454ae2f484273892ee.yaml
+++ b/nuclei-templates/2023/CVE-2023-23978-11a9c2fdd6ced3454ae2f484273892ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Client Reports <= 1.0.16 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Client Reports plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.0.16 via the wp_client_reports_send_email_report_from_ajax() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to extract sensitive data, including information stored in client reports. Please note that this still appears to be vulnerable to Cross-Site Request Forgery.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-client-reports/"
     google-query: inurl:"/wp-content/plugins/wp-client-reports/"
     shodan-query: 'vuln:CVE-2023-23978'
-  tags: cve,wordpress,wp-plugin,wp-client-reports,medium
+  tags: cve,wordpress,wp-plugin,wp-client-reports,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23980-d4435c597b00bf3290ee73c887974569.yaml b/nuclei-templates/2023/CVE-2023-23980-d4435c597b00bf3290ee73c887974569.yaml
index 55a6207523..bf10bb6683 100644
--- a/nuclei-templates/2023/CVE-2023-23980-d4435c597b00bf3290ee73c887974569.yaml
+++ b/nuclei-templates/2023/CVE-2023-23980-d4435c597b00bf3290ee73c887974569.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailOptin <= 1.2.54.0 - Authenticated (Admin+) Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MailOptin plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.2.54.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailoptin/"
     google-query: inurl:"/wp-content/plugins/mailoptin/"
     shodan-query: 'vuln:CVE-2023-23980'
-  tags: cve,wordpress,wp-plugin,mailoptin,medium
+  tags: cve,wordpress,wp-plugin,mailoptin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23981-22b31e4572f874fba75c72ff00d007de.yaml b/nuclei-templates/2023/CVE-2023-23981-22b31e4572f874fba75c72ff00d007de.yaml
index d34ba4b6a5..389fc25cfe 100644
--- a/nuclei-templates/2023/CVE-2023-23981-22b31e4572f874fba75c72ff00d007de.yaml
+++ b/nuclei-templates/2023/CVE-2023-23981-22b31e4572f874fba75c72ff00d007de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Conversational Forms for ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via a form name in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/conversational-forms/"
     google-query: inurl:"/wp-content/plugins/conversational-forms/"
     shodan-query: 'vuln:CVE-2023-23981'
-  tags: cve,wordpress,wp-plugin,conversational-forms,medium
+  tags: cve,wordpress,wp-plugin,conversational-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23982-f018dd006c86a273640a9091528e99af.yaml b/nuclei-templates/2023/CVE-2023-23982-f018dd006c86a273640a9091528e99af.yaml
index c51decafd4..bc13d438c7 100644
--- a/nuclei-templates/2023/CVE-2023-23982-f018dd006c86a273640a9091528e99af.yaml
+++ b/nuclei-templates/2023/CVE-2023-23982-f018dd006c86a273640a9091528e99af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPFrom Email  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpfrom-email/"
     google-query: inurl:"/wp-content/plugins/wpfrom-email/"
     shodan-query: 'vuln:CVE-2023-23982'
-  tags: cve,wordpress,wp-plugin,wpfrom-email,medium
+  tags: cve,wordpress,wp-plugin,wpfrom-email,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23987-4d9fd3b2756396c2e2474f36f3b3ed72.yaml b/nuclei-templates/2023/CVE-2023-23987-4d9fd3b2756396c2e2474f36f3b3ed72.yaml
index 69dc5003f1..b6939888da 100644
--- a/nuclei-templates/2023/CVE-2023-23987-4d9fd3b2756396c2e2474f36f3b3ed72.yaml
+++ b/nuclei-templates/2023/CVE-2023-23987-4d9fd3b2756396c2e2474f36f3b3ed72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration <= 2.3.0  - Authenticated (Administrator+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via field settings in versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-registration/"
     google-query: inurl:"/wp-content/plugins/user-registration/"
     shodan-query: 'vuln:CVE-2023-23987'
-  tags: cve,wordpress,wp-plugin,user-registration,medium
+  tags: cve,wordpress,wp-plugin,user-registration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23988-3b65f76db2b87c51279c14c330d16347.yaml b/nuclei-templates/2023/CVE-2023-23988-3b65f76db2b87c51279c14c330d16347.yaml
index 226218f64c..e57d1eb5e0 100644
--- a/nuclei-templates/2023/CVE-2023-23988-3b65f76db2b87c51279c14c330d16347.yaml
+++ b/nuclei-templates/2023/CVE-2023-23988-3b65f76db2b87c51279c14c330d16347.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Tickets <= 1.9.11 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The My Tickets plugin for WordPress is vulnerable to authorization bypass due insufficient validation of a users payment offline payment status in versions up to, and including, 1.9.11. This makes it possible for unauthenticated attackers to bypass completing payment.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-tickets/"
     google-query: inurl:"/wp-content/plugins/my-tickets/"
     shodan-query: 'vuln:CVE-2023-23988'
-  tags: cve,wordpress,wp-plugin,my-tickets,medium
+  tags: cve,wordpress,wp-plugin,my-tickets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23989-49f8b17fd3f7202d469cd36057801698.yaml b/nuclei-templates/2023/CVE-2023-23989-49f8b17fd3f7202d469cd36057801698.yaml
index 3aee472975..1a258f7d6a 100644
--- a/nuclei-templates/2023/CVE-2023-23989-49f8b17fd3f7202d469cd36057801698.yaml
+++ b/nuclei-templates/2023/CVE-2023-23989-49f8b17fd3f7202d469cd36057801698.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic <= 5.1.9.2 - Missing Authorization to Unauthenticated Content Injection
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RegistrationMagic plugin for WordPress is vulnerable to content injection in versions up to, and including, 5.1.9.2. This is due to insufficient authorization checks. This makes it possible for unauthenticated attackers to alter the content on select pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2023-23989'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2399-f3d365dcf43ab1e2b6ca241869ef39d2.yaml b/nuclei-templates/2023/CVE-2023-2399-f3d365dcf43ab1e2b6ca241869ef39d2.yaml
index bde0b18269..bba2d210ea 100644
--- a/nuclei-templates/2023/CVE-2023-2399-f3d365dcf43ab1e2b6ca241869ef39d2.yaml
+++ b/nuclei-templates/2023/CVE-2023-2399-f3d365dcf43ab1e2b6ca241869ef39d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     QuBotChat <= 1.1.5 - Unauthenticated Self-Based Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The QuBotChat plugin for WordPress is vulnerable to Self-Based Cross-Site Scripting in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute when a user accesses the injected page, however, this may only be successful if the attacker can trick the user into pasting a malicious payload into the chat.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qubotchat/"
     google-query: inurl:"/wp-content/plugins/qubotchat/"
     shodan-query: 'vuln:CVE-2023-2399'
-  tags: cve,wordpress,wp-plugin,qubotchat,medium
+  tags: cve,wordpress,wp-plugin,qubotchat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23990-42471f956508e099a58e2e33212c947e.yaml b/nuclei-templates/2023/CVE-2023-23990-42471f956508e099a58e2e33212c947e.yaml
index e8379d22e9..9a3bcfb80f 100644
--- a/nuclei-templates/2023/CVE-2023-23990-42471f956508e099a58e2e33212c947e.yaml
+++ b/nuclei-templates/2023/CVE-2023-23990-42471f956508e099a58e2e33212c947e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirection for Contact Form 7 <= 2.7.0 - Authenticated(Editor+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Redirection for Contact Form 7 plugin is vulnerable to Authenticated Privilege Escalation in versions up to, and including, 2.7.0 due to the ability to update usermeta information. This allows authenticated attackers with Editor-level permissions and above to modify their permissions and grant themselves administrator privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpcf7-redirect/"
     google-query: inurl:"/wp-content/plugins/wpcf7-redirect/"
     shodan-query: 'vuln:CVE-2023-23990'
-  tags: cve,wordpress,wp-plugin,wpcf7-redirect,high
+  tags: cve,wordpress,wp-plugin,wpcf7-redirect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23991-e064d299c84a7a932db5e1b086223b4a.yaml b/nuclei-templates/2023/CVE-2023-23991-e064d299c84a7a932db5e1b086223b4a.yaml
index ec8a639627..b71ce53a72 100644
--- a/nuclei-templates/2023/CVE-2023-23991-e064d299c84a7a932db5e1b086223b4a.yaml
+++ b/nuclei-templates/2023/CVE-2023-23991-e064d299c84a7a932db5e1b086223b4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booking Calendar plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 9.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking/"
     google-query: inurl:"/wp-content/plugins/booking/"
     shodan-query: 'vuln:CVE-2023-23991'
-  tags: cve,wordpress,wp-plugin,booking,medium
+  tags: cve,wordpress,wp-plugin,booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23994-1243017811fac8a9f67c1c02c6c11406.yaml b/nuclei-templates/2023/CVE-2023-23994-1243017811fac8a9f67c1c02c6c11406.yaml
index d7f5ff6d82..61374f7a2b 100644
--- a/nuclei-templates/2023/CVE-2023-23994-1243017811fac8a9f67c1c02c6c11406.yaml
+++ b/nuclei-templates/2023/CVE-2023-23994-1243017811fac8a9f67c1c02c6c11406.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Hide Admin Bar <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Auto Hide Admin Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the keyboard shortcode value in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-hide-admin-bar/"
     google-query: inurl:"/wp-content/plugins/auto-hide-admin-bar/"
     shodan-query: 'vuln:CVE-2023-23994'
-  tags: cve,wordpress,wp-plugin,auto-hide-admin-bar,medium
+  tags: cve,wordpress,wp-plugin,auto-hide-admin-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23995-500071d87ecb0967bf74f13aaaaabbd7.yaml b/nuclei-templates/2023/CVE-2023-23995-500071d87ecb0967bf74f13aaaaabbd7.yaml
index 4b5b8ccf9b..3c94673b2d 100644
--- a/nuclei-templates/2023/CVE-2023-23995-500071d87ecb0967bf74f13aaaaabbd7.yaml
+++ b/nuclei-templates/2023/CVE-2023-23995-500071d87ecb0967bf74f13aaaaabbd7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TinyMCE Custom Styles <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TinyMCE Custom Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tinymce-custom-styles/"
     google-query: inurl:"/wp-content/plugins/tinymce-custom-styles/"
     shodan-query: 'vuln:CVE-2023-23995'
-  tags: cve,wordpress,wp-plugin,tinymce-custom-styles,medium
+  tags: cve,wordpress,wp-plugin,tinymce-custom-styles,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23996-a51251f0d703aa8b0485bf4eda435396.yaml b/nuclei-templates/2023/CVE-2023-23996-a51251f0d703aa8b0485bf4eda435396.yaml
index 32f88dadea..1519903f31 100644
--- a/nuclei-templates/2023/CVE-2023-23996-a51251f0d703aa8b0485bf4eda435396.yaml
+++ b/nuclei-templates/2023/CVE-2023-23996-a51251f0d703aa8b0485bf4eda435396.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2023-23996'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23998-89a7d7a1b88043a7292e56fadd9f32f2.yaml b/nuclei-templates/2023/CVE-2023-23998-89a7d7a1b88043a7292e56fadd9f32f2.yaml
index e991df9e00..18dc7a1e6c 100644
--- a/nuclei-templates/2023/CVE-2023-23998-89a7d7a1b88043a7292e56fadd9f32f2.yaml
+++ b/nuclei-templates/2023/CVE-2023-23998-89a7d7a1b88043a7292e56fadd9f32f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VikRentCar Car Rental Management System <= 1.3.0 - Authenticated (Admin+) Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vikrentcar/"
     google-query: inurl:"/wp-content/plugins/vikrentcar/"
     shodan-query: 'vuln:CVE-2023-23998'
-  tags: cve,wordpress,wp-plugin,vikrentcar,medium
+  tags: cve,wordpress,wp-plugin,vikrentcar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-23999-49a596fa960c73e741b497015244d412.yaml b/nuclei-templates/2023/CVE-2023-23999-49a596fa960c73e741b497015244d412.yaml
index b36481a837..d7cf45f3bd 100644
--- a/nuclei-templates/2023/CVE-2023-23999-49a596fa960c73e741b497015244d412.yaml
+++ b/nuclei-templates/2023/CVE-2023-23999-49a596fa960c73e741b497015244d412.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Analytics by Monster Insights plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.14.0 due to insufficient input sanitization and output escaping on the style attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-23999'
-  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24001-1520c53880fff07e37200c6f21a3681b.yaml b/nuclei-templates/2023/CVE-2023-24001-1520c53880fff07e37200c6f21a3681b.yaml
index e013450b71..f629bfba91 100644
--- a/nuclei-templates/2023/CVE-2023-24001-1520c53880fff07e37200c6f21a3681b.yaml
+++ b/nuclei-templates/2023/CVE-2023-24001-1520c53880fff07e37200c6f21a3681b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Modal Dialog plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modal-dialog/"
     google-query: inurl:"/wp-content/plugins/modal-dialog/"
     shodan-query: 'vuln:CVE-2023-24001'
-  tags: cve,wordpress,wp-plugin,modal-dialog,medium
+  tags: cve,wordpress,wp-plugin,modal-dialog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24002-9f08d8940e734966b92051cba3f5ff32.yaml b/nuclei-templates/2023/CVE-2023-24002-9f08d8940e734966b92051cba3f5ff32.yaml
index 10d682e6b4..a35791fae6 100644
--- a/nuclei-templates/2023/CVE-2023-24002-9f08d8940e734966b92051cba3f5ff32.yaml
+++ b/nuclei-templates/2023/CVE-2023-24002-9f08d8940e734966b92051cba3f5ff32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YouTube Embed <= 2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-video-player/"
     google-query: inurl:"/wp-content/plugins/youtube-video-player/"
     shodan-query: 'vuln:CVE-2023-24002'
-  tags: cve,wordpress,wp-plugin,youtube-video-player,medium
+  tags: cve,wordpress,wp-plugin,youtube-video-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24003-690de1b98dd30a46cb8901aa5c2f16aa.yaml b/nuclei-templates/2023/CVE-2023-24003-690de1b98dd30a46cb8901aa5c2f16aa.yaml
index f48fc9f2e2..891c5f2bb5 100644
--- a/nuclei-templates/2023/CVE-2023-24003-690de1b98dd30a46cb8901aa5c2f16aa.yaml
+++ b/nuclei-templates/2023/CVE-2023-24003-690de1b98dd30a46cb8901aa5c2f16aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Popups <= 2.1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘facebook_page_shortcode’ function's use of the 'href' parameter in versions up to, and including, 2.1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-popups-lite/"
     google-query: inurl:"/wp-content/plugins/wp-popups-lite/"
     shodan-query: 'vuln:CVE-2023-24003'
-  tags: cve,wordpress,wp-plugin,wp-popups-lite,medium
+  tags: cve,wordpress,wp-plugin,wp-popups-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24004-e990d85401ec922ea084ebafd475f1d6.yaml b/nuclei-templates/2023/CVE-2023-24004-e990d85401ec922ea084ebafd475f1d6.yaml
index 2d9ffd4dcd..8c70903051 100644
--- a/nuclei-templates/2023/CVE-2023-24004-e990d85401ec922ea084ebafd475f1d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-24004-e990d85401ec922ea084ebafd475f1d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image and Video Lightbox, Image Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via numerous page parameters and keys (such as ‘information_panel_text_for_no_title’ and other 'information_panel_*' parames) in versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lightbox-popup/"
     google-query: inurl:"/wp-content/plugins/lightbox-popup/"
     shodan-query: 'vuln:CVE-2023-24004'
-  tags: cve,wordpress,wp-plugin,lightbox-popup,medium
+  tags: cve,wordpress,wp-plugin,lightbox-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24005-44d79c88f80918a39ad3735f87916ce8.yaml b/nuclei-templates/2023/CVE-2023-24005-44d79c88f80918a39ad3735f87916ce8.yaml
index e127bcb141..c5ce74d5ab 100644
--- a/nuclei-templates/2023/CVE-2023-24005-44d79c88f80918a39ad3735f87916ce8.yaml
+++ b/nuclei-templates/2023/CVE-2023-24005-44d79c88f80918a39ad3735f87916ce8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inline Tweet Sharer <= 2.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Inline Tweet Sharer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin setting options parameters (such as 'inline-tweet-sharer-default', 'inline-tweet-sharer-dprefix', 'inline-tweet-sharer-dsuffix' and 'inline-tweet-sharer-extraclass') in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/inline-tweet-sharer/"
     google-query: inurl:"/wp-content/plugins/inline-tweet-sharer/"
     shodan-query: 'vuln:CVE-2023-24005'
-  tags: cve,wordpress,wp-plugin,inline-tweet-sharer,medium
+  tags: cve,wordpress,wp-plugin,inline-tweet-sharer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24006-d03335b5fcf3342ce30e3d6994089bf1.yaml b/nuclei-templates/2023/CVE-2023-24006-d03335b5fcf3342ce30e3d6994089bf1.yaml
index 399bc86734..f5789e6ff5 100644
--- a/nuclei-templates/2023/CVE-2023-24006-d03335b5fcf3342ce30e3d6994089bf1.yaml
+++ b/nuclei-templates/2023/CVE-2023-24006-d03335b5fcf3342ce30e3d6994089bf1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Terms Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-terms-popup/"
     google-query: inurl:"/wp-content/plugins/wp-terms-popup/"
     shodan-query: 'vuln:CVE-2023-24006'
-  tags: cve,wordpress,wp-plugin,wp-terms-popup,medium
+  tags: cve,wordpress,wp-plugin,wp-terms-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24009-4fc88bb474bb1a0cdd35b01d04f15578.yaml b/nuclei-templates/2023/CVE-2023-24009-4fc88bb474bb1a0cdd35b01d04f15578.yaml
index c704e204d2..bae679c184 100644
--- a/nuclei-templates/2023/CVE-2023-24009-4fc88bb474bb1a0cdd35b01d04f15578.yaml
+++ b/nuclei-templates/2023/CVE-2023-24009-4fc88bb474bb1a0cdd35b01d04f15578.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Upfrontwp <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Upfrontwp theme for WordPress is vulnerable to Stored Cross-Site Scripting via an unspecified shortcode or parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/upfrontwp/"
     google-query: inurl:"/wp-content/themes/upfrontwp/"
     shodan-query: 'vuln:CVE-2023-24009'
-  tags: cve,wordpress,wp-theme,upfrontwp,medium
+  tags: cve,wordpress,wp-theme,upfrontwp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2401-1b8adc4375e4968834c6e9a5908156bc.yaml b/nuclei-templates/2023/CVE-2023-2401-1b8adc4375e4968834c6e9a5908156bc.yaml
index 7ba4b27847..f156a6359f 100644
--- a/nuclei-templates/2023/CVE-2023-2401-1b8adc4375e4968834c6e9a5908156bc.yaml
+++ b/nuclei-templates/2023/CVE-2023-2401-1b8adc4375e4968834c6e9a5908156bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     QuBotChat <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The QuBotChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.5  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qubotchat/"
     google-query: inurl:"/wp-content/plugins/qubotchat/"
     shodan-query: 'vuln:CVE-2023-2401'
-  tags: cve,wordpress,wp-plugin,qubotchat,medium
+  tags: cve,wordpress,wp-plugin,qubotchat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2404-8a9c908ec048eb5db70aedddafa15d74.yaml b/nuclei-templates/2023/CVE-2023-2404-8a9c908ec048eb5db70aedddafa15d74.yaml
index a6e8fd8ef3..6f431bb235 100644
--- a/nuclei-templates/2023/CVE-2023-2404-8a9c908ec048eb5db70aedddafa15d74.yaml
+++ b/nuclei-templates/2023/CVE-2023-2404-8a9c908ec048eb5db70aedddafa15d74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CRM and Lead Management by vcita <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crm-customer-relationship-management-by-vcita/"
     google-query: inurl:"/wp-content/plugins/crm-customer-relationship-management-by-vcita/"
     shodan-query: 'vuln:CVE-2023-2404'
-  tags: cve,wordpress,wp-plugin,crm-customer-relationship-management-by-vcita,medium
+  tags: cve,wordpress,wp-plugin,crm-customer-relationship-management-by-vcita,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2406-75fa36bac06fa043ebc71b72e7bf53b3.yaml b/nuclei-templates/2023/CVE-2023-2406-75fa36bac06fa043ebc71b72e7bf53b3.yaml
index 8d7aad9b7b..f86861b3f2 100644
--- a/nuclei-templates/2023/CVE-2023-2406-75fa36bac06fa043ebc71b72e7bf53b3.yaml
+++ b/nuclei-templates/2023/CVE-2023-2406-75fa36bac06fa043ebc71b72e7bf53b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2023-2406
   metadata:
-    fofa-query: "wp-content/plugins/event-registration-calendar-by-vcita/"
-    google-query: inurl:"/wp-content/plugins/event-registration-calendar-by-vcita/"
+    fofa-query: "wp-content/plugins/paypal-payment-button-by-vcita/"
+    google-query: inurl:"/wp-content/plugins/paypal-payment-button-by-vcita/"
     shodan-query: 'vuln:CVE-2023-2406'
-  tags: cve,wordpress,wp-plugin,event-registration-calendar-by-vcita,medium
+  tags: cve,wordpress,wp-plugin,paypal-payment-button-by-vcita,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/event-registration-calendar-by-vcita/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/paypal-payment-button-by-vcita/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "event-registration-calendar-by-vcita"
+          - "paypal-payment-button-by-vcita"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.3.1')
\ No newline at end of file
+          - compare_versions(version, '<= 3.9.1')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-2407-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml b/nuclei-templates/2023/CVE-2023-2407-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml
index 5995792c87..a42d9e0241 100644
--- a/nuclei-templates/2023/CVE-2023-2407-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml
+++ b/nuclei-templates/2023/CVE-2023-2407-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-2407
   metadata:
-    fofa-query: "wp-content/plugins/event-registration-calendar-by-vcita/"
-    google-query: inurl:"/wp-content/plugins/event-registration-calendar-by-vcita/"
+    fofa-query: "wp-content/plugins/paypal-payment-button-by-vcita/"
+    google-query: inurl:"/wp-content/plugins/paypal-payment-button-by-vcita/"
     shodan-query: 'vuln:CVE-2023-2407'
-  tags: cve,wordpress,wp-plugin,event-registration-calendar-by-vcita,medium
+  tags: cve,wordpress,wp-plugin,paypal-payment-button-by-vcita,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/event-registration-calendar-by-vcita/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/paypal-payment-button-by-vcita/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "event-registration-calendar-by-vcita"
+          - "paypal-payment-button-by-vcita"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.3.1')
\ No newline at end of file
+          - compare_versions(version, '<= 3.9.1')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-2414-b65c2cbf689ff5e6c36de8e6ea88fb1d.yaml b/nuclei-templates/2023/CVE-2023-2414-b65c2cbf689ff5e6c36de8e6ea88fb1d.yaml
index 0cd9bcd4b0..7710693d7a 100644
--- a/nuclei-templates/2023/CVE-2023-2414-b65c2cbf689ff5e6c36de8e6ea88fb1d.yaml
+++ b/nuclei-templates/2023/CVE-2023-2414-b65c2cbf689ff5e6c36de8e6ea88fb1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.0 - Missing Authorization to Settings Update and Media Upload
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.0. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript (before 4.3.2).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/"
     google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/"
     shodan-query: 'vuln:CVE-2023-2414'
-  tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,medium
+  tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2415-80701456edd5634e54dde4f94f03d86e.yaml b/nuclei-templates/2023/CVE-2023-2415-80701456edd5634e54dde4f94f03d86e.yaml
index 9162e9ef91..df691a568e 100644
--- a/nuclei-templates/2023/CVE-2023-2415-80701456edd5634e54dde4f94f03d86e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2415-80701456edd5634e54dde4f94f03d86e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Online Booking & Scheduling Calendar for WordPress by vcita <= 4.2.10 - Missing Authorization to Account Logout
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/"
     google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/"
     shodan-query: 'vuln:CVE-2023-2415'
-  tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,medium
+  tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2433-6fe67f9ebf1fd28c0850e6428387bc2e.yaml b/nuclei-templates/2023/CVE-2023-2433-6fe67f9ebf1fd28c0850e6428387bc2e.yaml
index 8adddac854..a245b7bc30 100644
--- a/nuclei-templates/2023/CVE-2023-2433-6fe67f9ebf1fd28c0850e6428387bc2e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2433-6fe67f9ebf1fd28c0850e6428387bc2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YARPP – Yet Another Related Posts Plugin <= 5.30.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/"
     google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/"
     shodan-query: 'vuln:CVE-2023-2433'
-  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,medium
+  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2435-e95a6a45d70dd7149f957cc2dea209d3.yaml b/nuclei-templates/2023/CVE-2023-2435-e95a6a45d70dd7149f957cc2dea209d3.yaml
index f3f50c13d9..986a5edf66 100644
--- a/nuclei-templates/2023/CVE-2023-2435-e95a6a45d70dd7149f957cc2dea209d3.yaml
+++ b/nuclei-templates/2023/CVE-2023-2435-e95a6a45d70dd7149f957cc2dea209d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blog-in-Blog <= 1.1.1 - Authenticated (Editor+) Local File Inclusion via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog-in-blog/"
     google-query: inurl:"/wp-content/plugins/blog-in-blog/"
     shodan-query: 'vuln:CVE-2023-2435'
-  tags: cve,wordpress,wp-plugin,blog-in-blog,high
+  tags: cve,wordpress,wp-plugin,blog-in-blog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2436-97602b372ac2dff313ee6b7601be8c2a.yaml b/nuclei-templates/2023/CVE-2023-2436-97602b372ac2dff313ee6b7601be8c2a.yaml
index 4ff9836ffb..1e3659af54 100644
--- a/nuclei-templates/2023/CVE-2023-2436-97602b372ac2dff313ee6b7601be8c2a.yaml
+++ b/nuclei-templates/2023/CVE-2023-2436-97602b372ac2dff313ee6b7601be8c2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blog-in-Blog <= 1.1.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog-in-blog/"
     google-query: inurl:"/wp-content/plugins/blog-in-blog/"
     shodan-query: 'vuln:CVE-2023-2436'
-  tags: cve,wordpress,wp-plugin,blog-in-blog,medium
+  tags: cve,wordpress,wp-plugin,blog-in-blog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24372-a772a1bfbb77e4750a15c026120428cc.yaml b/nuclei-templates/2023/CVE-2023-24372-a772a1bfbb77e4750a15c026120428cc.yaml
index e30dea30bc..f87b7789c2 100644
--- a/nuclei-templates/2023/CVE-2023-24372-a772a1bfbb77e4750a15c026120428cc.yaml
+++ b/nuclei-templates/2023/CVE-2023-24372-a772a1bfbb77e4750a15c026120428cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Custom Author Profiles <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Custom Author Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-custom-author-profiles/"
     google-query: inurl:"/wp-content/plugins/simple-custom-author-profiles/"
     shodan-query: 'vuln:CVE-2023-24372'
-  tags: cve,wordpress,wp-plugin,simple-custom-author-profiles,medium
+  tags: cve,wordpress,wp-plugin,simple-custom-author-profiles,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24374-639d631ea2d71e82d52ba35e11baa85c.yaml b/nuclei-templates/2023/CVE-2023-24374-639d631ea2d71e82d52ba35e11baa85c.yaml
index 3f04c275f0..506dc13137 100644
--- a/nuclei-templates/2023/CVE-2023-24374-639d631ea2d71e82d52ba35e11baa85c.yaml
+++ b/nuclei-templates/2023/CVE-2023-24374-639d631ea2d71e82d52ba35e11baa85c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Material Design Icons for Page Builders <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Material Design Icons for Page Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/material-design-icons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/material-design-icons-for-elementor/"
     shodan-query: 'vuln:CVE-2023-24374'
-  tags: cve,wordpress,wp-plugin,material-design-icons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,material-design-icons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24375-0881f47c3594ae8da08c18a925e96922.yaml b/nuclei-templates/2023/CVE-2023-24375-0881f47c3594ae8da08c18a925e96922.yaml
index 2644b7bfbc..c4587d05cc 100644
--- a/nuclei-templates/2023/CVE-2023-24375-0881f47c3594ae8da08c18a925e96922.yaml
+++ b/nuclei-templates/2023/CVE-2023-24375-0881f47c3594ae8da08c18a925e96922.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Social Login and Register <=7.5.12 - Missing Authorization to Plugin Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Social Login and Register plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the mo_sharing_app_value function as well as others that are reachable via AJAX action in versions up to, and including, 7.5.12. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change plugin settings. 
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-login-openid/"
     google-query: inurl:"/wp-content/plugins/miniorange-login-openid/"
     shodan-query: 'vuln:CVE-2023-24375'
-  tags: cve,wordpress,wp-plugin,miniorange-login-openid,medium
+  tags: cve,wordpress,wp-plugin,miniorange-login-openid,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24376-9bd31a69895b603beba548b13ee3a848.yaml b/nuclei-templates/2023/CVE-2023-24376-9bd31a69895b603beba548b13ee3a848.yaml
index 5ea1e2649e..a544490f09 100644
--- a/nuclei-templates/2023/CVE-2023-24376-9bd31a69895b603beba548b13ee3a848.yaml
+++ b/nuclei-templates/2023/CVE-2023-24376-9bd31a69895b603beba548b13ee3a848.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Simple Events <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Simple Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-simple-events/"
     google-query: inurl:"/wp-content/plugins/wp-simple-events/"
     shodan-query: 'vuln:CVE-2023-24376'
-  tags: cve,wordpress,wp-plugin,wp-simple-events,medium
+  tags: cve,wordpress,wp-plugin,wp-simple-events,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24378-bc0cf3a754a6fbdff0b7d35751f27209.yaml b/nuclei-templates/2023/CVE-2023-24378-bc0cf3a754a6fbdff0b7d35751f27209.yaml
index 698e8c7598..4b3b996905 100644
--- a/nuclei-templates/2023/CVE-2023-24378-bc0cf3a754a6fbdff0b7d35751f27209.yaml
+++ b/nuclei-templates/2023/CVE-2023-24378-bc0cf3a754a6fbdff0b7d35751f27209.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Glossary <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Glossary plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/glossary-by-codeat/"
     google-query: inurl:"/wp-content/plugins/glossary-by-codeat/"
     shodan-query: 'vuln:CVE-2023-24378'
-  tags: cve,wordpress,wp-plugin,glossary-by-codeat,medium
+  tags: cve,wordpress,wp-plugin,glossary-by-codeat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24379-55c8be1b98f905c0f97aa18a603d7cea.yaml b/nuclei-templates/2023/CVE-2023-24379-55c8be1b98f905c0f97aa18a603d7cea.yaml
index f2dc63208d..53d2996d0d 100644
--- a/nuclei-templates/2023/CVE-2023-24379-55c8be1b98f905c0f97aa18a603d7cea.yaml
+++ b/nuclei-templates/2023/CVE-2023-24379-55c8be1b98f905c0f97aa18a603d7cea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Landing Page Builder – Free Landing Page Templates <= 3.1.9.8 - Local File Inclusion via 'lpp_template_select'
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Landing Page Builder plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.1.9.8 via the 'lpp_template_select' parameter. This allows editor-level attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-landing-page/"
     google-query: inurl:"/wp-content/plugins/ultimate-landing-page/"
     shodan-query: 'vuln:CVE-2023-24379'
-  tags: cve,wordpress,wp-plugin,ultimate-landing-page,high
+  tags: cve,wordpress,wp-plugin,ultimate-landing-page,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24381-b2640c0e1d9759721b91219a63bf25ee.yaml b/nuclei-templates/2023/CVE-2023-24381-b2640c0e1d9759721b91219a63bf25ee.yaml
index 8282ea26ae..aefc6216e5 100644
--- a/nuclei-templates/2023/CVE-2023-24381-b2640c0e1d9759721b91219a63bf25ee.yaml
+++ b/nuclei-templates/2023/CVE-2023-24381-b2640c0e1d9759721b91219a63bf25ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Social Pixel <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Social Pixel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ns-facebook-pixel-for-wp/"
     google-query: inurl:"/wp-content/plugins/ns-facebook-pixel-for-wp/"
     shodan-query: 'vuln:CVE-2023-24381'
-  tags: cve,wordpress,wp-plugin,ns-facebook-pixel-for-wp,medium
+  tags: cve,wordpress,wp-plugin,ns-facebook-pixel-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24382-eab3c1f0807691261d40289ccf106a32.yaml b/nuclei-templates/2023/CVE-2023-24382-eab3c1f0807691261d40289ccf106a32.yaml
index 24edd2c4d1..5814dd654c 100644
--- a/nuclei-templates/2023/CVE-2023-24382-eab3c1f0807691261d40289ccf106a32.yaml
+++ b/nuclei-templates/2023/CVE-2023-24382-eab3c1f0807691261d40289ccf106a32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Material Design Icons for Page Builders <= 1.4.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Material Design Icons for Page Builders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the save_settings function. This makes it possible for unauthenticated attackers to save plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/material-design-icons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/material-design-icons-for-elementor/"
     shodan-query: 'vuln:CVE-2023-24382'
-  tags: cve,wordpress,wp-plugin,material-design-icons-for-elementor,high
+  tags: cve,wordpress,wp-plugin,material-design-icons-for-elementor,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24383-03657cd383df53489c98f2c2003d74b0.yaml b/nuclei-templates/2023/CVE-2023-24383-03657cd383df53489c98f2c2003d74b0.yaml
index 335c627273..624e4de2cc 100644
--- a/nuclei-templates/2023/CVE-2023-24383-03657cd383df53489c98f2c2003d74b0.yaml
+++ b/nuclei-templates/2023/CVE-2023-24383-03657cd383df53489c98f2c2003d74b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Namaste! LMS <= 2.5.9.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Namaste! LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Certificate Title value in versions up to, and including, 2.5.9.1  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/namaste-lms/"
     google-query: inurl:"/wp-content/plugins/namaste-lms/"
     shodan-query: 'vuln:CVE-2023-24383'
-  tags: cve,wordpress,wp-plugin,namaste-lms,medium
+  tags: cve,wordpress,wp-plugin,namaste-lms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24385-0b903181e53a3afd2853d8a217d8de8d.yaml b/nuclei-templates/2023/CVE-2023-24385-0b903181e53a3afd2853d8a217d8de8d.yaml
index 4200fd6f8c..82c1e5eac3 100644
--- a/nuclei-templates/2023/CVE-2023-24385-0b903181e53a3afd2853d8a217d8de8d.yaml
+++ b/nuclei-templates/2023/CVE-2023-24385-0b903181e53a3afd2853d8a217d8de8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Assistant <= 3.11 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-assistant/"
     google-query: inurl:"/wp-content/plugins/media-library-assistant/"
     shodan-query: 'vuln:CVE-2023-24385'
-  tags: cve,wordpress,wp-plugin,media-library-assistant,medium
+  tags: cve,wordpress,wp-plugin,media-library-assistant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24386-4cb7b1b325a065f19e4694c97bc6e095.yaml b/nuclei-templates/2023/CVE-2023-24386-4cb7b1b325a065f19e4694c97bc6e095.yaml
index c3ced565b8..47bf2bee12 100644
--- a/nuclei-templates/2023/CVE-2023-24386-4cb7b1b325a065f19e4694c97bc6e095.yaml
+++ b/nuclei-templates/2023/CVE-2023-24386-4cb7b1b325a065f19e4694c97bc6e095.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI Contact Us Form <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AI Contact Us Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ai-contact-us/"
     google-query: inurl:"/wp-content/plugins/ai-contact-us/"
     shodan-query: 'vuln:CVE-2023-24386'
-  tags: cve,wordpress,wp-plugin,ai-contact-us,medium
+  tags: cve,wordpress,wp-plugin,ai-contact-us,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24387-fbacd93e40e029ab5294ff6e4faadc80.yaml b/nuclei-templates/2023/CVE-2023-24387-fbacd93e40e029ab5294ff6e4faadc80.yaml
index 55f23ea89d..d1d171e59b 100644
--- a/nuclei-templates/2023/CVE-2023-24387-fbacd93e40e029ab5294ff6e4faadc80.yaml
+++ b/nuclei-templates/2023/CVE-2023-24387-fbacd93e40e029ab5294ff6e4faadc80.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Organization chart <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/organization-chart/"
     google-query: inurl:"/wp-content/plugins/organization-chart/"
     shodan-query: 'vuln:CVE-2023-24387'
-  tags: cve,wordpress,wp-plugin,organization-chart,medium
+  tags: cve,wordpress,wp-plugin,organization-chart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24389-f60d70179169d7470d698c285c73d2aa.yaml b/nuclei-templates/2023/CVE-2023-24389-f60d70179169d7470d698c285c73d2aa.yaml
index 633fa3177a..eabbeb0481 100644
--- a/nuclei-templates/2023/CVE-2023-24389-f60d70179169d7470d698c285c73d2aa.yaml
+++ b/nuclei-templates/2023/CVE-2023-24389-f60d70179169d7470d698c285c73d2aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Proof (Testimonial) Slider <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers ,with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-proof-testimonials-slider/"
     google-query: inurl:"/wp-content/plugins/social-proof-testimonials-slider/"
     shodan-query: 'vuln:CVE-2023-24389'
-  tags: cve,wordpress,wp-plugin,social-proof-testimonials-slider,medium
+  tags: cve,wordpress,wp-plugin,social-proof-testimonials-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2439-73550b54c3b3918e019ec5d1a646e218.yaml b/nuclei-templates/2023/CVE-2023-2439-73550b54c3b3918e019ec5d1a646e218.yaml
index 4b736d77b2..189b8aaf72 100644
--- a/nuclei-templates/2023/CVE-2023-2439-73550b54c3b3918e019ec5d1a646e218.yaml
+++ b/nuclei-templates/2023/CVE-2023-2439-73550b54c3b3918e019ec5d1a646e218.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UserPro <= 5.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userpro/"
     google-query: inurl:"/wp-content/plugins/userpro/"
     shodan-query: 'vuln:CVE-2023-2439'
-  tags: cve,wordpress,wp-plugin,userpro,medium
+  tags: cve,wordpress,wp-plugin,userpro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24390-b205c6392eb0136cf0df5ea96fc73a56.yaml b/nuclei-templates/2023/CVE-2023-24390-b205c6392eb0136cf0df5ea96fc73a56.yaml
index a5369a021e..b05db2cbd4 100644
--- a/nuclei-templates/2023/CVE-2023-24390-b205c6392eb0136cf0df5ea96fc73a56.yaml
+++ b/nuclei-templates/2023/CVE-2023-24390-b205c6392eb0136cf0df5ea96fc73a56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WeSecur Security <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WeSecur Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wesecur-security/"
     google-query: inurl:"/wp-content/plugins/wesecur-security/"
     shodan-query: 'vuln:CVE-2023-24390'
-  tags: cve,wordpress,wp-plugin,wesecur-security,medium
+  tags: cve,wordpress,wp-plugin,wesecur-security,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24391-acf9697c1a09f246be4d3f2a957b0449.yaml b/nuclei-templates/2023/CVE-2023-24391-acf9697c1a09f246be4d3f2a957b0449.yaml
index 4345731e35..63ae8e95f2 100644
--- a/nuclei-templates/2023/CVE-2023-24391-acf9697c1a09f246be4d3f2a957b0449.yaml
+++ b/nuclei-templates/2023/CVE-2023-24391-acf9697c1a09f246be4d3f2a957b0449.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ApplyOnline – Application Form Builder and Manager <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings parameter in versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/apply-online/"
     google-query: inurl:"/wp-content/plugins/apply-online/"
     shodan-query: 'vuln:CVE-2023-24391'
-  tags: cve,wordpress,wp-plugin,apply-online,medium
+  tags: cve,wordpress,wp-plugin,apply-online,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24393-cf48a696f82d0831c89a84db8271161e.yaml b/nuclei-templates/2023/CVE-2023-24393-cf48a696f82d0831c89a84db8271161e.yaml
index 7c7bfd015e..0dda365a59 100644
--- a/nuclei-templates/2023/CVE-2023-24393-cf48a696f82d0831c89a84db8271161e.yaml
+++ b/nuclei-templates/2023/CVE-2023-24393-cf48a696f82d0831c89a84db8271161e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Animated Number Counters <= 1.6 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Animated Number Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/animated-number-counters/"
     google-query: inurl:"/wp-content/plugins/animated-number-counters/"
     shodan-query: 'vuln:CVE-2023-24393'
-  tags: cve,wordpress,wp-plugin,animated-number-counters,medium
+  tags: cve,wordpress,wp-plugin,animated-number-counters,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24394-bd8810c05731a418d8d9a50b27d4228d.yaml b/nuclei-templates/2023/CVE-2023-24394-bd8810c05731a418d8d9a50b27d4228d.yaml
index 3bcc18d456..504e729244 100644
--- a/nuclei-templates/2023/CVE-2023-24394-bd8810c05731a418d8d9a50b27d4228d.yaml
+++ b/nuclei-templates/2023/CVE-2023-24394-bd8810c05731a418d8d9a50b27d4228d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iframe popup <= 3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iframe popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iframe-popup/"
     google-query: inurl:"/wp-content/plugins/iframe-popup/"
     shodan-query: 'vuln:CVE-2023-24394'
-  tags: cve,wordpress,wp-plugin,iframe-popup,medium
+  tags: cve,wordpress,wp-plugin,iframe-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24396-12086c6161e4cc7ce0b879de54cf11f6.yaml b/nuclei-templates/2023/CVE-2023-24396-12086c6161e4cc7ce0b879de54cf11f6.yaml
index af3be933f9..e7b1f97833 100644
--- a/nuclei-templates/2023/CVE-2023-24396-12086c6161e4cc7ce0b879de54cf11f6.yaml
+++ b/nuclei-templates/2023/CVE-2023-24396-12086c6161e4cc7ce0b879de54cf11f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VikBooking Hotel Booking Engine & PMS <= 1.5.11 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.11  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vikbooking/"
     google-query: inurl:"/wp-content/plugins/vikbooking/"
     shodan-query: 'vuln:CVE-2023-24396'
-  tags: cve,wordpress,wp-plugin,vikbooking,medium
+  tags: cve,wordpress,wp-plugin,vikbooking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24397-33be367e25256f8164e300b3a7daf9ad.yaml b/nuclei-templates/2023/CVE-2023-24397-33be367e25256f8164e300b3a7daf9ad.yaml
index f65c3a7860..ae69961c6f 100644
--- a/nuclei-templates/2023/CVE-2023-24397-33be367e25256f8164e300b3a7daf9ad.yaml
+++ b/nuclei-templates/2023/CVE-2023-24397-33be367e25256f8164e300b3a7daf9ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Reservation.Studio widget <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Reservation.Studio widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. Note: This vulnerability is partially patched in versions 1.0.8 and above.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reservation-studio-widget/"
     google-query: inurl:"/wp-content/plugins/reservation-studio-widget/"
     shodan-query: 'vuln:CVE-2023-24397'
-  tags: cve,wordpress,wp-plugin,reservation-studio-widget,medium
+  tags: cve,wordpress,wp-plugin,reservation-studio-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24398-8e2fcddafd26ffe986aba71521006509.yaml b/nuclei-templates/2023/CVE-2023-24398-8e2fcddafd26ffe986aba71521006509.yaml
index 3cbdbabaa9..ee1bc74ff8 100644
--- a/nuclei-templates/2023/CVE-2023-24398-8e2fcddafd26ffe986aba71521006509.yaml
+++ b/nuclei-templates/2023/CVE-2023-24398-8e2fcddafd26ffe986aba71521006509.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EZP Coming Soon Page <= 1.0.7.3 - Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EZP Coming Soon Page Plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-pie-coming-soon/"
     google-query: inurl:"/wp-content/plugins/easy-pie-coming-soon/"
     shodan-query: 'vuln:CVE-2023-24398'
-  tags: cve,wordpress,wp-plugin,easy-pie-coming-soon,medium
+  tags: cve,wordpress,wp-plugin,easy-pie-coming-soon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24399-15e84b289a1503987417bb5a8a9db81a.yaml b/nuclei-templates/2023/CVE-2023-24399-15e84b289a1503987417bb5a8a9db81a.yaml
index 564a115894..022212d2b2 100644
--- a/nuclei-templates/2023/CVE-2023-24399-15e84b289a1503987417bb5a8a9db81a.yaml
+++ b/nuclei-templates/2023/CVE-2023-24399-15e84b289a1503987417bb5a8a9db81a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ocean Extra <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ocean-extra/"
     google-query: inurl:"/wp-content/plugins/ocean-extra/"
     shodan-query: 'vuln:CVE-2023-24399'
-  tags: cve,wordpress,wp-plugin,ocean-extra,medium
+  tags: cve,wordpress,wp-plugin,ocean-extra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2440-183bcbf1ecc01c4bcdfd0244c1054c88.yaml b/nuclei-templates/2023/CVE-2023-2440-183bcbf1ecc01c4bcdfd0244c1054c88.yaml
index ee0d69f39f..2359a2a3c2 100644
--- a/nuclei-templates/2023/CVE-2023-2440-183bcbf1ecc01c4bcdfd0244c1054c88.yaml
+++ b/nuclei-templates/2023/CVE-2023-2440-183bcbf1ecc01c4bcdfd0244c1054c88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userpro/"
     google-query: inurl:"/wp-content/plugins/userpro/"
     shodan-query: 'vuln:CVE-2023-2440'
-  tags: cve,wordpress,wp-plugin,userpro,high
+  tags: cve,wordpress,wp-plugin,userpro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24400-94366e72b8b16247e4525177a190a390.yaml b/nuclei-templates/2023/CVE-2023-24400-94366e72b8b16247e4525177a190a390.yaml
index 7f9618a247..fbf95d45c1 100644
--- a/nuclei-templates/2023/CVE-2023-24400-94366e72b8b16247e4525177a190a390.yaml
+++ b/nuclei-templates/2023/CVE-2023-24400-94366e72b8b16247e4525177a190a390.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_policy_link' Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookies_policy_link' shortcode in versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookie-notice/"
     google-query: inurl:"/wp-content/plugins/cookie-notice/"
     shodan-query: 'vuln:CVE-2023-24400'
-  tags: cve,wordpress,wp-plugin,cookie-notice,medium
+  tags: cve,wordpress,wp-plugin,cookie-notice,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24401-f7f88d86922c2be2737227c4eb89350c.yaml b/nuclei-templates/2023/CVE-2023-24401-f7f88d86922c2be2737227c4eb89350c.yaml
index 28fabeb92b..8c9d232774 100644
--- a/nuclei-templates/2023/CVE-2023-24401-f7f88d86922c2be2737227c4eb89350c.yaml
+++ b/nuclei-templates/2023/CVE-2023-24401-f7f88d86922c2be2737227c4eb89350c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mobile Call Now & Map Buttons <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mobile Call Now & Map Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mobile-call-now-map-buttons/"
     google-query: inurl:"/wp-content/plugins/mobile-call-now-map-buttons/"
     shodan-query: 'vuln:CVE-2023-24401'
-  tags: cve,wordpress,wp-plugin,mobile-call-now-map-buttons,medium
+  tags: cve,wordpress,wp-plugin,mobile-call-now-map-buttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24402-4f49b393f88ca9ff4cbed10f183193ed.yaml b/nuclei-templates/2023/CVE-2023-24402-4f49b393f88ca9ff4cbed10f183193ed.yaml
index 73d333ee67..c1cf2d13fc 100644
--- a/nuclei-templates/2023/CVE-2023-24402-4f49b393f88ca9ff4cbed10f183193ed.yaml
+++ b/nuclei-templates/2023/CVE-2023-24402-4f49b393f88ca9ff4cbed10f183193ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Booking System <= 2.0.18 - Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-booking-system/"
     google-query: inurl:"/wp-content/plugins/wp-booking-system/"
     shodan-query: 'vuln:CVE-2023-24402'
-  tags: cve,wordpress,wp-plugin,wp-booking-system,medium
+  tags: cve,wordpress,wp-plugin,wp-booking-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24403-40b2967e127caf7495ebfc36b3279860.yaml b/nuclei-templates/2023/CVE-2023-24403-40b2967e127caf7495ebfc36b3279860.yaml
index a9de68ac88..5efc66ee78 100644
--- a/nuclei-templates/2023/CVE-2023-24403-40b2967e127caf7495ebfc36b3279860.yaml
+++ b/nuclei-templates/2023/CVE-2023-24403-40b2967e127caf7495ebfc36b3279860.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     bbPress Voting <= 2.1.11.0  - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The bbPress Voting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.1.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbp-voting/"
     google-query: inurl:"/wp-content/plugins/bbp-voting/"
     shodan-query: 'vuln:CVE-2023-24403'
-  tags: cve,wordpress,wp-plugin,bbp-voting,high
+  tags: cve,wordpress,wp-plugin,bbp-voting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24406-8a828053bf646bd38f0facf7c997017f.yaml b/nuclei-templates/2023/CVE-2023-24406-8a828053bf646bd38f0facf7c997017f.yaml
index 3368e4d8a0..9edd35f0b3 100644
--- a/nuclei-templates/2023/CVE-2023-24406-8a828053bf646bd38f0facf7c997017f.yaml
+++ b/nuclei-templates/2023/CVE-2023-24406-8a828053bf646bd38f0facf7c997017f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Popup Images <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Popup Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-popup/"
     google-query: inurl:"/wp-content/plugins/simple-popup/"
     shodan-query: 'vuln:CVE-2023-24406'
-  tags: cve,wordpress,wp-plugin,simple-popup,medium
+  tags: cve,wordpress,wp-plugin,simple-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24408-b6af58199f4bb361c122e5469834d6a6.yaml b/nuclei-templates/2023/CVE-2023-24408-b6af58199f4bb361c122e5469834d6a6.yaml
index 819ed89097..8ab33ef03a 100644
--- a/nuclei-templates/2023/CVE-2023-24408-b6af58199f4bb361c122e5469834d6a6.yaml
+++ b/nuclei-templates/2023/CVE-2023-24408-b6af58199f4bb361c122e5469834d6a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ecwid Shopping Cart <= 6.11.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ecwid Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ecwid-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/ecwid-shopping-cart/"
     shodan-query: 'vuln:CVE-2023-24408'
-  tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,medium
+  tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24410-7505baf43f2a97f13623d8a9e01f067a.yaml b/nuclei-templates/2023/CVE-2023-24410-7505baf43f2a97f13623d8a9e01f067a.yaml
index 64e8f0dd12..e293243046 100644
--- a/nuclei-templates/2023/CVE-2023-24410-7505baf43f2a97f13623d8a9e01f067a.yaml
+++ b/nuclei-templates/2023/CVE-2023-24410-7505baf43f2a97f13623d8a9e01f067a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FluentForm <= 4.3.25 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The FluentForm plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.3.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluentform/"
     google-query: inurl:"/wp-content/plugins/fluentform/"
     shodan-query: 'vuln:CVE-2023-24410'
-  tags: cve,wordpress,wp-plugin,fluentform,high
+  tags: cve,wordpress,wp-plugin,fluentform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24411-aec5b406433b53e4f92df5e66d0bb478.yaml b/nuclei-templates/2023/CVE-2023-24411-aec5b406433b53e4f92df5e66d0bb478.yaml
index 5ea32694bd..5ffffc3bd6 100644
--- a/nuclei-templates/2023/CVE-2023-24411-aec5b406433b53e4f92df5e66d0bb478.yaml
+++ b/nuclei-templates/2023/CVE-2023-24411-aec5b406433b53e4f92df5e66d0bb478.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BNE Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bne-testimonials/"
     google-query: inurl:"/wp-content/plugins/bne-testimonials/"
     shodan-query: 'vuln:CVE-2023-24411'
-  tags: cve,wordpress,wp-plugin,bne-testimonials,medium
+  tags: cve,wordpress,wp-plugin,bne-testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24412-446660b2783c8caadc3d9d08f86fa99d.yaml b/nuclei-templates/2023/CVE-2023-24412-446660b2783c8caadc3d9d08f86fa99d.yaml
index 525e7d45e0..2cb4b47802 100644
--- a/nuclei-templates/2023/CVE-2023-24412-446660b2783c8caadc3d9d08f86fa99d.yaml
+++ b/nuclei-templates/2023/CVE-2023-24412-446660b2783c8caadc3d9d08f86fa99d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Social Feed Plugin <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Social Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-instagram/"
     google-query: inurl:"/wp-content/plugins/add-instagram/"
     shodan-query: 'vuln:CVE-2023-24412'
-  tags: cve,wordpress,wp-plugin,add-instagram,medium
+  tags: cve,wordpress,wp-plugin,add-instagram,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24416-1d838507fd655633d89fdd3f677085f8.yaml b/nuclei-templates/2023/CVE-2023-24416-1d838507fd655633d89fdd3f677085f8.yaml
index b3d6f85d88..d84a24844c 100644
--- a/nuclei-templates/2023/CVE-2023-24416-1d838507fd655633d89fdd3f677085f8.yaml
+++ b/nuclei-templates/2023/CVE-2023-24416-1d838507fd655633d89fdd3f677085f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One Favicon <= 4.7 - Authenticated(Admin+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     All In One Favicon plugin for WordPress is vulnerable to Directory Traversal via the 'aioFaviconUpdateSettings' function in versions up to, and including, 4.7. This allows authenticated attackers with administator-level permissions to delete arbitrary files on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-favicon/"
     google-query: inurl:"/wp-content/plugins/all-in-one-favicon/"
     shodan-query: 'vuln:CVE-2023-24416'
-  tags: cve,wordpress,wp-plugin,all-in-one-favicon,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-favicon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24418-e0a3631cbe633a42d5989c02ecf7206b.yaml b/nuclei-templates/2023/CVE-2023-24418-e0a3631cbe633a42d5989c02ecf7206b.yaml
index 90c5f390ce..e9a69037a7 100644
--- a/nuclei-templates/2023/CVE-2023-24418-e0a3631cbe633a42d5989c02ecf7206b.yaml
+++ b/nuclei-templates/2023/CVE-2023-24418-e0a3631cbe633a42d5989c02ecf7206b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tiny carousel horizontal slider plus <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tiny carousel horizontal slider plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tiny-carousel-horizontal-slider-plus/"
     google-query: inurl:"/wp-content/plugins/tiny-carousel-horizontal-slider-plus/"
     shodan-query: 'vuln:CVE-2023-24418'
-  tags: cve,wordpress,wp-plugin,tiny-carousel-horizontal-slider-plus,medium
+  tags: cve,wordpress,wp-plugin,tiny-carousel-horizontal-slider-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-24419-50b07daf945144cbfd99133630410da2.yaml b/nuclei-templates/2023/CVE-2023-24419-50b07daf945144cbfd99133630410da2.yaml
index e2d02c73f9..da83591a30 100644
--- a/nuclei-templates/2023/CVE-2023-24419-50b07daf945144cbfd99133630410da2.yaml
+++ b/nuclei-templates/2023/CVE-2023-24419-50b07daf945144cbfd99133630410da2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Formidable Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.5.6. This is due to missing or incorrect nonce validation on the 'destroy' function. This makes it possible for unauthenticated attackers to delete form entries via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidable/"
     google-query: inurl:"/wp-content/plugins/formidable/"
     shodan-query: 'vuln:CVE-2023-24419'
-  tags: cve,wordpress,wp-plugin,formidable,high
+  tags: cve,wordpress,wp-plugin,formidable,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2448-3e54e940d7f7e91b150b3a2075b3abc6.yaml b/nuclei-templates/2023/CVE-2023-2448-3e54e940d7f7e91b150b3a2075b3abc6.yaml
index 3fb28b16cb..4941b0a28d 100644
--- a/nuclei-templates/2023/CVE-2023-2448-3e54e940d7f7e91b150b3a2075b3abc6.yaml
+++ b/nuclei-templates/2023/CVE-2023-2448-3e54e940d7f7e91b150b3a2075b3abc6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userpro/"
     google-query: inurl:"/wp-content/plugins/userpro/"
     shodan-query: 'vuln:CVE-2023-2448'
-  tags: cve,wordpress,wp-plugin,userpro,medium
+  tags: cve,wordpress,wp-plugin,userpro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2450-d03e7c1b36748ce86c160cf6fe252332.yaml b/nuclei-templates/2023/CVE-2023-2450-d03e7c1b36748ce86c160cf6fe252332.yaml
index 43d301ac0a..081fd5d4ff 100644
--- a/nuclei-templates/2023/CVE-2023-2450-d03e7c1b36748ce86c160cf6fe252332.yaml
+++ b/nuclei-templates/2023/CVE-2023-2450-d03e7c1b36748ce86c160cf6fe252332.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FiboSearch - AJAX Search for WooCommerce <= 1.23.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-search-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/ajax-search-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-2450'
-  tags: cve,wordpress,wp-plugin,ajax-search-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,ajax-search-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2452-bafdacae26c88640cb6e30b25ba66a73.yaml b/nuclei-templates/2023/CVE-2023-2452-bafdacae26c88640cb6e30b25ba66a73.yaml
index b700904af3..b42360ffc9 100644
--- a/nuclei-templates/2023/CVE-2023-2452-bafdacae26c88640cb6e30b25ba66a73.yaml
+++ b/nuclei-templates/2023/CVE-2023-2452-bafdacae26c88640cb6e30b25ba66a73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Woo Search <= 2.77 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-woo-search/"
     google-query: inurl:"/wp-content/plugins/advanced-woo-search/"
     shodan-query: 'vuln:CVE-2023-2452'
-  tags: cve,wordpress,wp-plugin,advanced-woo-search,medium
+  tags: cve,wordpress,wp-plugin,advanced-woo-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2470-9327431607715dc8ad5049b0a62ebe4f.yaml b/nuclei-templates/2023/CVE-2023-2470-9327431607715dc8ad5049b0a62ebe4f.yaml
index 40f061398d..a80a670393 100644
--- a/nuclei-templates/2023/CVE-2023-2470-9327431607715dc8ad5049b0a62ebe4f.yaml
+++ b/nuclei-templates/2023/CVE-2023-2470-9327431607715dc8ad5049b0a62ebe4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add to Feedly <= 1.2.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add to Feedly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-to-feedly/"
     google-query: inurl:"/wp-content/plugins/add-to-feedly/"
     shodan-query: 'vuln:CVE-2023-2470'
-  tags: cve,wordpress,wp-plugin,add-to-feedly,medium
+  tags: cve,wordpress,wp-plugin,add-to-feedly,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2482-f2d03c372af597128c556a16b6de11cf.yaml b/nuclei-templates/2023/CVE-2023-2482-f2d03c372af597128c556a16b6de11cf.yaml
index 30af7bce25..a8b9bf500c 100644
--- a/nuclei-templates/2023/CVE-2023-2482-f2d03c372af597128c556a16b6de11cf.yaml
+++ b/nuclei-templates/2023/CVE-2023-2482-f2d03c372af597128c556a16b6de11cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive CSS EDITOR <= 1.0 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive CSS EDITOR plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-css-editor/"
     google-query: inurl:"/wp-content/plugins/responsive-css-editor/"
     shodan-query: 'vuln:CVE-2023-2482'
-  tags: cve,wordpress,wp-plugin,responsive-css-editor,medium
+  tags: cve,wordpress,wp-plugin,responsive-css-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2484-3662e536f344cad7ead518a87b44f9b9.yaml b/nuclei-templates/2023/CVE-2023-2484-3662e536f344cad7ead518a87b44f9b9.yaml
index cbdae6df37..f446851827 100644
--- a/nuclei-templates/2023/CVE-2023-2484-3662e536f344cad7ead518a87b44f9b9.yaml
+++ b/nuclei-templates/2023/CVE-2023-2484-3662e536f344cad7ead518a87b44f9b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ldap-login-for-intranet-sites/"
     google-query: inurl:"/wp-content/plugins/ldap-login-for-intranet-sites/"
     shodan-query: 'vuln:CVE-2023-2484'
-  tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,high
+  tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2489-38876a8a5fbfd61cde5369e484f937f2.yaml b/nuclei-templates/2023/CVE-2023-2489-38876a8a5fbfd61cde5369e484f937f2.yaml
index f102ca7f3c..c2bb94be40 100644
--- a/nuclei-templates/2023/CVE-2023-2489-38876a8a5fbfd61cde5369e484f937f2.yaml
+++ b/nuclei-templates/2023/CVE-2023-2489-38876a8a5fbfd61cde5369e484f937f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stop Spammers Security <= 2022.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Stop Spammers Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2022.6  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stop-spammer-registrations-plugin/"
     google-query: inurl:"/wp-content/plugins/stop-spammer-registrations-plugin/"
     shodan-query: 'vuln:CVE-2023-2489'
-  tags: cve,wordpress,wp-plugin,stop-spammer-registrations-plugin,medium
+  tags: cve,wordpress,wp-plugin,stop-spammer-registrations-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2490-6cfb5c63bbc7af6b76f9e01d4d2fe2ac.yaml b/nuclei-templates/2023/CVE-2023-2490-6cfb5c63bbc7af6b76f9e01d4d2fe2ac.yaml
index e7b5a8c9a0..3bc4eb3424 100644
--- a/nuclei-templates/2023/CVE-2023-2490-6cfb5c63bbc7af6b76f9e01d4d2fe2ac.yaml
+++ b/nuclei-templates/2023/CVE-2023-2490-6cfb5c63bbc7af6b76f9e01d4d2fe2ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UserAgent-Spy <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The UserAgent-Spy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/useragent-spy/"
     google-query: inurl:"/wp-content/plugins/useragent-spy/"
     shodan-query: 'vuln:CVE-2023-2490'
-  tags: cve,wordpress,wp-plugin,useragent-spy,medium
+  tags: cve,wordpress,wp-plugin,useragent-spy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2492-9ee0bf881f08cd3cb60239af7879852d.yaml b/nuclei-templates/2023/CVE-2023-2492-9ee0bf881f08cd3cb60239af7879852d.yaml
index bf22d89800..5e34765454 100644
--- a/nuclei-templates/2023/CVE-2023-2492-9ee0bf881f08cd3cb60239af7879852d.yaml
+++ b/nuclei-templates/2023/CVE-2023-2492-9ee0bf881f08cd3cb60239af7879852d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     QueryWall <= 1.1.1 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The QueryWall plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.1 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/querywall/"
     google-query: inurl:"/wp-content/plugins/querywall/"
     shodan-query: 'vuln:CVE-2023-2492'
-  tags: cve,wordpress,wp-plugin,querywall,high
+  tags: cve,wordpress,wp-plugin,querywall,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2493-3222e9d54de5c7b5bf110a40b9d38190.yaml b/nuclei-templates/2023/CVE-2023-2493-3222e9d54de5c7b5bf110a40b9d38190.yaml
index c01249eea9..e622953476 100644
--- a/nuclei-templates/2023/CVE-2023-2493-3222e9d54de5c7b5bf110a40b9d38190.yaml
+++ b/nuclei-templates/2023/CVE-2023-2493-3222e9d54de5c7b5bf110a40b9d38190.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One Redirection <= 2.1.0 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All In One Redirection plugin for WordPress is vulnerable to SQL Injection via the request URI in versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator capabilities to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-redirection/"
     google-query: inurl:"/wp-content/plugins/all-in-one-redirection/"
     shodan-query: 'vuln:CVE-2023-2493'
-  tags: cve,wordpress,wp-plugin,all-in-one-redirection,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-redirection,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2494-d934ac1748b53a01cebaf8d5ba82ca90.yaml b/nuclei-templates/2023/CVE-2023-2494-d934ac1748b53a01cebaf8d5ba82ca90.yaml
index e7cbc2da41..5f4641f4b9 100644
--- a/nuclei-templates/2023/CVE-2023-2494-d934ac1748b53a01cebaf8d5ba82ca90.yaml
+++ b/nuclei-templates/2023/CVE-2023-2494-d934ac1748b53a01cebaf8d5ba82ca90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Missing Authorization to Limited Privilege Granting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/go_pricing/"
     google-query: inurl:"/wp-content/plugins/go_pricing/"
     shodan-query: 'vuln:CVE-2023-2494'
-  tags: cve,wordpress,wp-plugin,go_pricing,medium
+  tags: cve,wordpress,wp-plugin,go_pricing,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2495-c5e8439f52a72fc808844ece6ad38bdd.yaml b/nuclei-templates/2023/CVE-2023-2495-c5e8439f52a72fc808844ece6ad38bdd.yaml
index 77b50737b2..805dbb05a7 100644
--- a/nuclei-templates/2023/CVE-2023-2495-c5e8439f52a72fc808844ece6ad38bdd.yaml
+++ b/nuclei-templates/2023/CVE-2023-2495-c5e8439f52a72fc808844ece6ad38bdd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Greeklish-permalink <= 3.3 - Missing Authorization via cyrtrans_ajax_old AJAX action
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Greeklish-permalink plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cyrtrans_ajax_old' AJAX action in versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to modify post slugs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/greeklish-permalink/"
     google-query: inurl:"/wp-content/plugins/greeklish-permalink/"
     shodan-query: 'vuln:CVE-2023-2495'
-  tags: cve,wordpress,wp-plugin,greeklish-permalink,medium
+  tags: cve,wordpress,wp-plugin,greeklish-permalink,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2496-6b34c883ba2362a8ae8903a4773f143d.yaml b/nuclei-templates/2023/CVE-2023-2496-6b34c883ba2362a8ae8903a4773f143d.yaml
index 018ab7d9b0..e6e33c123e 100644
--- a/nuclei-templates/2023/CVE-2023-2496-6b34c883ba2362a8ae8903a4773f143d.yaml
+++ b/nuclei-templates/2023/CVE-2023-2496-6b34c883ba2362a8ae8903a4773f143d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Improper Authorization to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/go_pricing/"
     google-query: inurl:"/wp-content/plugins/go_pricing/"
     shodan-query: 'vuln:CVE-2023-2496'
-  tags: cve,wordpress,wp-plugin,go_pricing,high
+  tags: cve,wordpress,wp-plugin,go_pricing,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2497-e9ae8122ab019b9f575d632976e78882.yaml b/nuclei-templates/2023/CVE-2023-2497-e9ae8122ab019b9f575d632976e78882.yaml
index 1dda403efd..6676921e98 100644
--- a/nuclei-templates/2023/CVE-2023-2497-e9ae8122ab019b9f575d632976e78882.yaml
+++ b/nuclei-templates/2023/CVE-2023-2497-e9ae8122ab019b9f575d632976e78882.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userpro/"
     google-query: inurl:"/wp-content/plugins/userpro/"
     shodan-query: 'vuln:CVE-2023-2497'
-  tags: cve,wordpress,wp-plugin,userpro,high
+  tags: cve,wordpress,wp-plugin,userpro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2498-b5e2905f3fa25ed5a268cff184f71b6b.yaml b/nuclei-templates/2023/CVE-2023-2498-b5e2905f3fa25ed5a268cff184f71b6b.yaml
index d02f0e0216..a41faabe04 100644
--- a/nuclei-templates/2023/CVE-2023-2498-b5e2905f3fa25ed5a268cff184f71b6b.yaml
+++ b/nuclei-templates/2023/CVE-2023-2498-b5e2905f3fa25ed5a268cff184f71b6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/go_pricing/"
     google-query: inurl:"/wp-content/plugins/go_pricing/"
     shodan-query: 'vuln:CVE-2023-2498'
-  tags: cve,wordpress,wp-plugin,go_pricing,medium
+  tags: cve,wordpress,wp-plugin,go_pricing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2500-c0501d6ec7222ce135cf1060e0209955.yaml b/nuclei-templates/2023/CVE-2023-2500-c0501d6ec7222ce135cf1060e0209955.yaml
index 41fea35d87..8e660429ab 100644
--- a/nuclei-templates/2023/CVE-2023-2500-c0501d6ec7222ce135cf1060e0209955.yaml
+++ b/nuclei-templates/2023/CVE-2023-2500-c0501d6ec7222ce135cf1060e0209955.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/go_pricing/"
     google-query: inurl:"/wp-content/plugins/go_pricing/"
     shodan-query: 'vuln:CVE-2023-2500'
-  tags: cve,wordpress,wp-plugin,go_pricing,high
+  tags: cve,wordpress,wp-plugin,go_pricing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25021-bb190962067ba33976cc3f88e434b44c.yaml b/nuclei-templates/2023/CVE-2023-25021-bb190962067ba33976cc3f88e434b44c.yaml
index c1edcc269a..c8e25209c9 100644
--- a/nuclei-templates/2023/CVE-2023-25021-bb190962067ba33976cc3f88e434b44c.yaml
+++ b/nuclei-templates/2023/CVE-2023-25021-bb190962067ba33976cc3f88e434b44c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FareHarbor for WordPress <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FareHarbor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fareharbor/"
     google-query: inurl:"/wp-content/plugins/fareharbor/"
     shodan-query: 'vuln:CVE-2023-25021'
-  tags: cve,wordpress,wp-plugin,fareharbor,medium
+  tags: cve,wordpress,wp-plugin,fareharbor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25022-c2cbb8ef0136e2fd003d5d3fa4115b69.yaml b/nuclei-templates/2023/CVE-2023-25022-c2cbb8ef0136e2fd003d5d3fa4115b69.yaml
index 8e64cd616f..6895dd2d2d 100644
--- a/nuclei-templates/2023/CVE-2023-25022-c2cbb8ef0136e2fd003d5d3fa4115b69.yaml
+++ b/nuclei-templates/2023/CVE-2023-25022-c2cbb8ef0136e2fd003d5d3fa4115b69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Watu Quiz <= 3.3.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gtitle’ parameter (as part of individual 'grade' items) in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/watu/"
     google-query: inurl:"/wp-content/plugins/watu/"
     shodan-query: 'vuln:CVE-2023-25022'
-  tags: cve,wordpress,wp-plugin,watu,medium
+  tags: cve,wordpress,wp-plugin,watu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25023-ea72a950c1ec7c195be94a36b1f4a88b.yaml b/nuclei-templates/2023/CVE-2023-25023-ea72a950c1ec7c195be94a36b1f4a88b.yaml
index dc34d6b187..3657ebbf0d 100644
--- a/nuclei-templates/2023/CVE-2023-25023-ea72a950c1ec7c195be94a36b1f4a88b.yaml
+++ b/nuclei-templates/2023/CVE-2023-25023-ea72a950c1ec7c195be94a36b1f4a88b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebinarIgnition <= 2.14.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WebinarIgnition plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'appname' and 'webinar_desc' parameters (from the webinar data items) in versions up to, and including, 2.14.2 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webinar-ignition/"
     google-query: inurl:"/wp-content/plugins/webinar-ignition/"
     shodan-query: 'vuln:CVE-2023-25023'
-  tags: cve,wordpress,wp-plugin,webinar-ignition,medium
+  tags: cve,wordpress,wp-plugin,webinar-ignition,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25024-00aaf3a917048a24cf4188f68658ad92.yaml b/nuclei-templates/2023/CVE-2023-25024-00aaf3a917048a24cf4188f68658ad92.yaml
index 63cc40cb4b..e0fba125d3 100644
--- a/nuclei-templates/2023/CVE-2023-25024-00aaf3a917048a24cf4188f68658ad92.yaml
+++ b/nuclei-templates/2023/CVE-2023-25024-00aaf3a917048a24cf4188f68658ad92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Icegram Collect plugin for WordPress is vulnerable to Cross-Site Scripting via the 'rainmaker_form' shortcode in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icegram-rainmaker/"
     google-query: inurl:"/wp-content/plugins/icegram-rainmaker/"
     shodan-query: 'vuln:CVE-2023-25024'
-  tags: cve,wordpress,wp-plugin,icegram-rainmaker,medium
+  tags: cve,wordpress,wp-plugin,icegram-rainmaker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25027-c2f2835d90a3f3c6d22ed640d7b5a35a.yaml b/nuclei-templates/2023/CVE-2023-25027-c2f2835d90a3f3c6d22ed640d7b5a35a.yaml
index b5b418d81d..28057ac9b2 100644
--- a/nuclei-templates/2023/CVE-2023-25027-c2f2835d90a3f3c6d22ed640d7b5a35a.yaml
+++ b/nuclei-templates/2023/CVE-2023-25027-c2f2835d90a3f3c6d22ed640d7b5a35a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chained Quiz <= 1.3.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only meaningfully impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chained-quiz/"
     google-query: inurl:"/wp-content/plugins/chained-quiz/"
     shodan-query: 'vuln:CVE-2023-25027'
-  tags: cve,wordpress,wp-plugin,chained-quiz,medium
+  tags: cve,wordpress,wp-plugin,chained-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25028-bc617b508aff51ac43ff170f5e7c19e9.yaml b/nuclei-templates/2023/CVE-2023-25028-bc617b508aff51ac43ff170f5e7c19e9.yaml
index 7e2883fc00..051c24fcfc 100644
--- a/nuclei-templates/2023/CVE-2023-25028-bc617b508aff51ac43ff170f5e7c19e9.yaml
+++ b/nuclei-templates/2023/CVE-2023-25028-bc617b508aff51ac43ff170f5e7c19e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CC Custom Taxonomy <= 1.0.1 - Authenticated (Administrator+) Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CC Custom Taxonomy for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative capabilities to inject arbitrary web scripts that execute in a victim's browser. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cc-custom-taxonmy/"
     google-query: inurl:"/wp-content/plugins/cc-custom-taxonmy/"
     shodan-query: 'vuln:CVE-2023-25028'
-  tags: cve,wordpress,wp-plugin,cc-custom-taxonmy,medium
+  tags: cve,wordpress,wp-plugin,cc-custom-taxonmy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25031-4270b682ebfb5d58e498fa26615a2af8.yaml b/nuclei-templates/2023/CVE-2023-25031-4270b682ebfb5d58e498fa26615a2af8.yaml
index add2cd871a..7067131acd 100644
--- a/nuclei-templates/2023/CVE-2023-25031-4270b682ebfb5d58e498fa26615a2af8.yaml
+++ b/nuclei-templates/2023/CVE-2023-25031-4270b682ebfb5d58e498fa26615a2af8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bft-autoresponder/"
     google-query: inurl:"/wp-content/plugins/bft-autoresponder/"
     shodan-query: 'vuln:CVE-2023-25031'
-  tags: cve,wordpress,wp-plugin,bft-autoresponder,medium
+  tags: cve,wordpress,wp-plugin,bft-autoresponder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25032-8d6a1c8b6a0bd1e0976b28104afac768.yaml b/nuclei-templates/2023/CVE-2023-25032-8d6a1c8b6a0bd1e0976b28104afac768.yaml
index a9aa020b43..dfed62b2d7 100644
--- a/nuclei-templates/2023/CVE-2023-25032-8d6a1c8b6a0bd1e0976b28104afac768.yaml
+++ b/nuclei-templates/2023/CVE-2023-25032-8d6a1c8b6a0bd1e0976b28104afac768.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Print, PDF, Email by PrintFriendly <= 5.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via in versions up to, and including, 5.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/printfriendly/"
     google-query: inurl:"/wp-content/plugins/printfriendly/"
     shodan-query: 'vuln:CVE-2023-25032'
-  tags: cve,wordpress,wp-plugin,printfriendly,medium
+  tags: cve,wordpress,wp-plugin,printfriendly,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25037-66b0b9e68fee422256033ff3686e7914.yaml b/nuclei-templates/2023/CVE-2023-25037-66b0b9e68fee422256033ff3686e7914.yaml
index 81690871f4..43c05257b6 100644
--- a/nuclei-templates/2023/CVE-2023-25037-66b0b9e68fee422256033ff3686e7914.yaml
+++ b/nuclei-templates/2023/CVE-2023-25037-66b0b9e68fee422256033ff3686e7914.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Calendar Contact Form <= 1.2.34 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booking Calendar Contact Form plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cpdexbccf_feedback function called via the cpdexbccf_feedback AJAX action in versions up to, and including, 1.2.34. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to perform an unauthorized feedback form submission.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-calendar-contact-form/"
     google-query: inurl:"/wp-content/plugins/booking-calendar-contact-form/"
     shodan-query: 'vuln:CVE-2023-25037'
-  tags: cve,wordpress,wp-plugin,booking-calendar-contact-form,medium
+  tags: cve,wordpress,wp-plugin,booking-calendar-contact-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25039-1123677072a0d47589707f79eb0e7e54.yaml b/nuclei-templates/2023/CVE-2023-25039-1123677072a0d47589707f79eb0e7e54.yaml
index 5ee0733d63..a3dc659786 100644
--- a/nuclei-templates/2023/CVE-2023-25039-1123677072a0d47589707f79eb0e7e54.yaml
+++ b/nuclei-templates/2023/CVE-2023-25039-1123677072a0d47589707f79eb0e7e54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Maps CP <= 1.0.43 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Maps CP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the feedback_action function called via the cp-google-maps-feedback action in versions up to, and including, 1.0.43. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to perform an unauthorized feedback form submission.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/codepeople-post-map/"
     google-query: inurl:"/wp-content/plugins/codepeople-post-map/"
     shodan-query: 'vuln:CVE-2023-25039'
-  tags: cve,wordpress,wp-plugin,codepeople-post-map,medium
+  tags: cve,wordpress,wp-plugin,codepeople-post-map,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25040-6211c1f22472d646cc232f92f882834f.yaml b/nuclei-templates/2023/CVE-2023-25040-6211c1f22472d646cc232f92f882834f.yaml
index 00d60f7399..e974686d30 100644
--- a/nuclei-templates/2023/CVE-2023-25040-6211c1f22472d646cc232f92f882834f.yaml
+++ b/nuclei-templates/2023/CVE-2023-25040-6211c1f22472d646cc232f92f882834f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes Ultimate <= 5.12.6 - Authenticated (Contributor+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 5.12.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2023-25040'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25042-bca2d75657a1c7a6e99c08d66b7b4e2e.yaml b/nuclei-templates/2023/CVE-2023-25042-bca2d75657a1c7a6e99c08d66b7b4e2e.yaml
index 0dedc11076..909fd6a1c8 100644
--- a/nuclei-templates/2023/CVE-2023-25042-bca2d75657a1c7a6e99c08d66b7b4e2e.yaml
+++ b/nuclei-templates/2023/CVE-2023-25042-bca2d75657a1c7a6e99c08d66b7b4e2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     oAuth Twitter Feed for Developers <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The oAuth Twitter Feed for Developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oauth-twitter-feed-for-developers/"
     google-query: inurl:"/wp-content/plugins/oauth-twitter-feed-for-developers/"
     shodan-query: 'vuln:CVE-2023-25042'
-  tags: cve,wordpress,wp-plugin,oauth-twitter-feed-for-developers,medium
+  tags: cve,wordpress,wp-plugin,oauth-twitter-feed-for-developers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25043-c974ccf1587cec2eccea9add62a9571f.yaml b/nuclei-templates/2023/CVE-2023-25043-c974ccf1587cec2eccea9add62a9571f.yaml
index 55d37b8a18..8ae6380304 100644
--- a/nuclei-templates/2023/CVE-2023-25043-c974ccf1587cec2eccea9add62a9571f.yaml
+++ b/nuclei-templates/2023/CVE-2023-25043-c974ccf1587cec2eccea9add62a9571f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Data Tables Generator by Supsystic <= 1.10.25 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to the plugin making nonces available to insufficiently privileged users inn the loadDataTablesNonces function in versions up to, and including, 1.10.25. This makes it possible for authenticated attackers with subscriber-level access, and above, to execute certain otherwise protected actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/"
     shodan-query: 'vuln:CVE-2023-25043'
-  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25044-68edca1ac76c8646936a8dc6a3f4659d.yaml b/nuclei-templates/2023/CVE-2023-25044-68edca1ac76c8646936a8dc6a3f4659d.yaml
index ad3236a6d7..c0acd5815d 100644
--- a/nuclei-templates/2023/CVE-2023-25044-68edca1ac76c8646936a8dc6a3f4659d.yaml
+++ b/nuclei-templates/2023/CVE-2023-25044-68edca1ac76c8646936a8dc6a3f4659d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Share Boost plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-share-boost/"
     google-query: inurl:"/wp-content/plugins/social-share-boost/"
     shodan-query: 'vuln:CVE-2023-25044'
-  tags: cve,wordpress,wp-plugin,social-share-boost,medium
+  tags: cve,wordpress,wp-plugin,social-share-boost,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25045-202c703bcd7494b0db3a9f2aa3a2b6de.yaml b/nuclei-templates/2023/CVE-2023-25045-202c703bcd7494b0db3a9f2aa3a2b6de.yaml
index 5bf87ed959..ab5bae2132 100644
--- a/nuclei-templates/2023/CVE-2023-25045-202c703bcd7494b0db3a9f2aa3a2b6de.yaml
+++ b/nuclei-templates/2023/CVE-2023-25045-202c703bcd7494b0db3a9f2aa3a2b6de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via $email value
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The RSVPMaker plugin for WordPress is vulnerable to SQL Injection via the ‘$email’ variable in versions up to, and including, 9.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for Admin level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rsvpmaker/"
     google-query: inurl:"/wp-content/plugins/rsvpmaker/"
     shodan-query: 'vuln:CVE-2023-25045'
-  tags: cve,wordpress,wp-plugin,rsvpmaker,high
+  tags: cve,wordpress,wp-plugin,rsvpmaker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25046-110726f45fe770f212d1aee89f3bb57f.yaml b/nuclei-templates/2023/CVE-2023-25046-110726f45fe770f212d1aee89f3bb57f.yaml
index 33a5faca47..c5ddd27ef2 100644
--- a/nuclei-templates/2023/CVE-2023-25046-110726f45fe770f212d1aee89f3bb57f.yaml
+++ b/nuclei-templates/2023/CVE-2023-25046-110726f45fe770f212d1aee89f3bb57f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Podcast Publisher <= 3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unspecified parameters (but including plugin options such as 'subtitle' and 'summary' fields) in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-25046'
-  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25047-fb36faa4bab8a0d1c4868c63043ddd1b.yaml b/nuclei-templates/2023/CVE-2023-25047-fb36faa4bab8a0d1c4868c63043ddd1b.yaml
index d59cce4dc7..2d990f3ea6 100644
--- a/nuclei-templates/2023/CVE-2023-25047-fb36faa4bab8a0d1c4868c63043ddd1b.yaml
+++ b/nuclei-templates/2023/CVE-2023-25047-fb36faa4bab8a0d1c4868c63043ddd1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via 'delete' parameter
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The RSVPMaker plugin for WordPress is vulnerable to SQL Injection via the 'delete' parameter in versions up to, and including, 9.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for admin-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rsvpmaker/"
     google-query: inurl:"/wp-content/plugins/rsvpmaker/"
     shodan-query: 'vuln:CVE-2023-25047'
-  tags: cve,wordpress,wp-plugin,rsvpmaker,high
+  tags: cve,wordpress,wp-plugin,rsvpmaker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25048-36f733a53254d69782057e16be93c1ec.yaml b/nuclei-templates/2023/CVE-2023-25048-36f733a53254d69782057e16be93c1ec.yaml
index 8b9e45e715..ff19333048 100644
--- a/nuclei-templates/2023/CVE-2023-25048-36f733a53254d69782057e16be93c1ec.yaml
+++ b/nuclei-templates/2023/CVE-2023-25048-36f733a53254d69782057e16be93c1ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fantastic Content Protector Free <= 2.6 - Missing Authorization via update_setting_fantastic_content_protector
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Fantastic Content Protector Free plugin for WordPress is vulnerable to unauthorized plugin settings reset due to a missing capability check on the update_setting_fantastic_content_protector function in versions up to, and including, 2.6. This makes it possible for unauthenticated attackers to reset this plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fantastic-content-protector-free/"
     google-query: inurl:"/wp-content/plugins/fantastic-content-protector-free/"
     shodan-query: 'vuln:CVE-2023-25048'
-  tags: cve,wordpress,wp-plugin,fantastic-content-protector-free,medium
+  tags: cve,wordpress,wp-plugin,fantastic-content-protector-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25049-f239cdbdbea64adf739686a8765fc6ab.yaml b/nuclei-templates/2023/CVE-2023-25049-f239cdbdbea64adf739686a8765fc6ab.yaml
index 4f940ef698..6266553a52 100644
--- a/nuclei-templates/2023/CVE-2023-25049-f239cdbdbea64adf739686a8765fc6ab.yaml
+++ b/nuclei-templates/2023/CVE-2023-25049-f239cdbdbea64adf739686a8765fc6ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vulnerability: eCommerce Product Catalog plugin for WordPress <= 3.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ecommerce-product-catalog/"
     google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/"
     shodan-query: 'vuln:CVE-2023-25049'
-  tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,medium
+  tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25050-2b8f19b8c01bfb1b9a5352e232b91e8f.yaml b/nuclei-templates/2023/CVE-2023-25050-2b8f19b8c01bfb1b9a5352e232b91e8f.yaml
index 12c5c394f6..edf05400d1 100644
--- a/nuclei-templates/2023/CVE-2023-25050-2b8f19b8c01bfb1b9a5352e232b91e8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-25050-2b8f19b8c01bfb1b9a5352e232b91e8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Arbitrary File Read via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes Ultimate plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 5.12.6. This is due to insufficient validation on the url being supplied via the "url" attribute of the su_table shortcode. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to supply paths to arbitrary files that will be returned when rendering the shortcode. This can be leveraged to read sensitive configuration files like wp-config.php. This is only exploitable when the Unsafe features option is enabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2023-25050'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25052-0cfa07456732530e831220894e1919de.yaml b/nuclei-templates/2023/CVE-2023-25052-0cfa07456732530e831220894e1919de.yaml
index ddc7792424..e7fd4ef22c 100644
--- a/nuclei-templates/2023/CVE-2023-25052-0cfa07456732530e831220894e1919de.yaml
+++ b/nuclei-templates/2023/CVE-2023-25052-0cfa07456732530e831220894e1919de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yandex.News Feed by Teplitsa <= 1.12.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yandex.News Feed by Teplitsa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yandexnews-feed-by-teplitsa/"
     google-query: inurl:"/wp-content/plugins/yandexnews-feed-by-teplitsa/"
     shodan-query: 'vuln:CVE-2023-25052'
-  tags: cve,wordpress,wp-plugin,yandexnews-feed-by-teplitsa,medium
+  tags: cve,wordpress,wp-plugin,yandexnews-feed-by-teplitsa,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25059-9bcf1b21f2afb149521c1b2b2eae8a87.yaml b/nuclei-templates/2023/CVE-2023-25059-9bcf1b21f2afb149521c1b2b2eae8a87.yaml
index c0883c11da..95bd782b6d 100644
--- a/nuclei-templates/2023/CVE-2023-25059-9bcf1b21f2afb149521c1b2b2eae8a87.yaml
+++ b/nuclei-templates/2023/CVE-2023-25059-9bcf1b21f2afb149521c1b2b2eae8a87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     avalex – Automatisch sichere Rechtstexte <= 3.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The avalex – Automatisch sichere Rechtstexte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalex_api_key' parameter in versions up to, and including, 3.0.3  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/avalex/"
     google-query: inurl:"/wp-content/plugins/avalex/"
     shodan-query: 'vuln:CVE-2023-25059'
-  tags: cve,wordpress,wp-plugin,avalex,medium
+  tags: cve,wordpress,wp-plugin,avalex,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25060-3d269a7750029141d9d3783312ca3377.yaml b/nuclei-templates/2023/CVE-2023-25060-3d269a7750029141d9d3783312ca3377.yaml
index 9787803aac..8faa5c904e 100644
--- a/nuclei-templates/2023/CVE-2023-25060-3d269a7750029141d9d3783312ca3377.yaml
+++ b/nuclei-templates/2023/CVE-2023-25060-3d269a7750029141d9d3783312ca3377.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Album and Image Gallery plus Lightbox <= 1.6.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on two AJAX actions in versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to change attributes of images used by the plugins in slideshows.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/album-and-image-gallery-plus-lightbox/"
     google-query: inurl:"/wp-content/plugins/album-and-image-gallery-plus-lightbox/"
     shodan-query: 'vuln:CVE-2023-25060'
-  tags: cve,wordpress,wp-plugin,album-and-image-gallery-plus-lightbox,medium
+  tags: cve,wordpress,wp-plugin,album-and-image-gallery-plus-lightbox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25061-a749224e64254fa4b744badbc098456b.yaml b/nuclei-templates/2023/CVE-2023-25061-a749224e64254fa4b744badbc098456b.yaml
index ba8ad1f9ce..605e717094 100644
--- a/nuclei-templates/2023/CVE-2023-25061-a749224e64254fa4b744badbc098456b.yaml
+++ b/nuclei-templates/2023/CVE-2023-25061-a749224e64254fa4b744badbc098456b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bft-autoresponder/"
     google-query: inurl:"/wp-content/plugins/bft-autoresponder/"
     shodan-query: 'vuln:CVE-2023-25061'
-  tags: cve,wordpress,wp-plugin,bft-autoresponder,medium
+  tags: cve,wordpress,wp-plugin,bft-autoresponder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25062-18e973bad98be5b94dffe02819323b60.yaml b/nuclei-templates/2023/CVE-2023-25062-18e973bad98be5b94dffe02819323b60.yaml
index fca786f04c..d4ec710ae6 100644
--- a/nuclei-templates/2023/CVE-2023-25062-18e973bad98be5b94dffe02819323b60.yaml
+++ b/nuclei-templates/2023/CVE-2023-25062-18e973bad98be5b94dffe02819323b60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pinpoint Booking System  <= 2.9.9.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pinpoint Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.9.9.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-system/"
     google-query: inurl:"/wp-content/plugins/booking-system/"
     shodan-query: 'vuln:CVE-2023-25062'
-  tags: cve,wordpress,wp-plugin,booking-system,medium
+  tags: cve,wordpress,wp-plugin,booking-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25063-9f2f326dd2b99a9ab7152b99b148e34c.yaml b/nuclei-templates/2023/CVE-2023-25063-9f2f326dd2b99a9ab7152b99b148e34c.yaml
index 4aec2d2826..7daa2e16ea 100644
--- a/nuclei-templates/2023/CVE-2023-25063-9f2f326dd2b99a9ab7152b99b148e34c.yaml
+++ b/nuclei-templates/2023/CVE-2023-25063-9f2f326dd2b99a9ab7152b99b148e34c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Page/Post Redirect <= 5.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick Page/Post Redirect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-pagepost-redirect-plugin/"
     google-query: inurl:"/wp-content/plugins/quick-pagepost-redirect-plugin/"
     shodan-query: 'vuln:CVE-2023-25063'
-  tags: cve,wordpress,wp-plugin,quick-pagepost-redirect-plugin,medium
+  tags: cve,wordpress,wp-plugin,quick-pagepost-redirect-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25064-f030486cf056eab3637611e650524a05.yaml b/nuclei-templates/2023/CVE-2023-25064-f030486cf056eab3637611e650524a05.yaml
index de38d8e6f7..708c620260 100644
--- a/nuclei-templates/2023/CVE-2023-25064-f030486cf056eab3637611e650524a05.yaml
+++ b/nuclei-templates/2023/CVE-2023-25064-f030486cf056eab3637611e650524a05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP htpasswd <= 1.7 - Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP htpasswd plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-htpasswd/"
     google-query: inurl:"/wp-content/plugins/wp-htpasswd/"
     shodan-query: 'vuln:CVE-2023-25064'
-  tags: cve,wordpress,wp-plugin,wp-htpasswd,medium
+  tags: cve,wordpress,wp-plugin,wp-htpasswd,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25068-f5a034fa03b4780f360af411f657fb5a.yaml b/nuclei-templates/2023/CVE-2023-25068-f5a034fa03b4780f360af411f657fb5a.yaml
index e514038d3b..ba239bdd5d 100644
--- a/nuclei-templates/2023/CVE-2023-25068-f5a034fa03b4780f360af411f657fb5a.yaml
+++ b/nuclei-templates/2023/CVE-2023-25068-f5a034fa03b4780f360af411f657fb5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Magazine Edge <= 1.13 - Authenticated (Subscriber+) Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Magazine Edge theme for WordPress is vulnerable to authorization bypass in versions up to, and including 1.13, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/magazine-edge/"
     google-query: inurl:"/wp-content/themes/magazine-edge/"
     shodan-query: 'vuln:CVE-2023-25068'
-  tags: cve,wordpress,wp-theme,magazine-edge,medium
+  tags: cve,wordpress,wp-theme,magazine-edge,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2527-2fe05eeb0f074422838b91d061a270ed.yaml b/nuclei-templates/2023/CVE-2023-2527-2fe05eeb0f074422838b91d061a270ed.yaml
index 6f5ca546ec..d7834e0741 100644
--- a/nuclei-templates/2023/CVE-2023-2527-2fe05eeb0f074422838b91d061a270ed.yaml
+++ b/nuclei-templates/2023/CVE-2023-2527-2fe05eeb0f074422838b91d061a270ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.3 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Integration for Contact Form 7 and Zoho CRM, Bigin plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-zoho/"
     google-query: inurl:"/wp-content/plugins/cf7-zoho/"
     shodan-query: 'vuln:CVE-2023-2527'
-  tags: cve,wordpress,wp-plugin,cf7-zoho,high
+  tags: cve,wordpress,wp-plugin,cf7-zoho,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2529-a61a2dfac8b16f216b2c313ed531d97e.yaml b/nuclei-templates/2023/CVE-2023-2529-a61a2dfac8b16f216b2c313ed531d97e.yaml
index 66ec2150e0..1fc0a78af4 100644
--- a/nuclei-templates/2023/CVE-2023-2529-a61a2dfac8b16f216b2c313ed531d97e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2529-a61a2dfac8b16f216b2c313ed531d97e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enable SVG Uploads <= 2.1.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Enable SVG Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG files in versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enable-svg-uploads/"
     google-query: inurl:"/wp-content/plugins/enable-svg-uploads/"
     shodan-query: 'vuln:CVE-2023-2529'
-  tags: cve,wordpress,wp-plugin,enable-svg-uploads,medium
+  tags: cve,wordpress,wp-plugin,enable-svg-uploads,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25442-230d51cfd302c1eecd4d3a3387befab9.yaml b/nuclei-templates/2023/CVE-2023-25442-230d51cfd302c1eecd4d3a3387befab9.yaml
index f534a5cea5..834da49eb7 100644
--- a/nuclei-templates/2023/CVE-2023-25442-230d51cfd302c1eecd4d3a3387befab9.yaml
+++ b/nuclei-templates/2023/CVE-2023-25442-230d51cfd302c1eecd4d3a3387befab9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Zeno Font Resizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zeno-font-resizer/"
     google-query: inurl:"/wp-content/plugins/zeno-font-resizer/"
     shodan-query: 'vuln:CVE-2023-25442'
-  tags: cve,wordpress,wp-plugin,zeno-font-resizer,medium
+  tags: cve,wordpress,wp-plugin,zeno-font-resizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25444-1a072d8df8f66c1d4b2649edb7db538a.yaml b/nuclei-templates/2023/CVE-2023-25444-1a072d8df8f66c1d4b2649edb7db538a.yaml
index 09ee8c9207..48ffebc193 100644
--- a/nuclei-templates/2023/CVE-2023-25444-1a072d8df8f66c1d4b2649edb7db538a.yaml
+++ b/nuclei-templates/2023/CVE-2023-25444-1a072d8df8f66c1d4b2649edb7db538a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The JS Help Desk plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 2.7.7. This makes it possible for administrators to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-support-ticket/"
     google-query: inurl:"/wp-content/plugins/js-support-ticket/"
     shodan-query: 'vuln:CVE-2023-25444'
-  tags: cve,wordpress,wp-plugin,js-support-ticket,high
+  tags: cve,wordpress,wp-plugin,js-support-ticket,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25445-c93f15f45e4694eec856b57673b454f8.yaml b/nuclei-templates/2023/CVE-2023-25445-c93f15f45e4694eec856b57673b454f8.yaml
index 335d71d3de..eeea913507 100644
--- a/nuclei-templates/2023/CVE-2023-25445-c93f15f45e4694eec856b57673b454f8.yaml
+++ b/nuclei-templates/2023/CVE-2023-25445-c93f15f45e4694eec856b57673b454f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HappyFiles Pro <= 1.8.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The HappyFiles Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to missing capability checks on several functions in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unknown actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happyfiles-pro/"
     google-query: inurl:"/wp-content/plugins/happyfiles-pro/"
     shodan-query: 'vuln:CVE-2023-25445'
-  tags: cve,wordpress,wp-plugin,happyfiles-pro,medium
+  tags: cve,wordpress,wp-plugin,happyfiles-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25446-9a4a86b73d09899b1f2fa163f3660f75.yaml b/nuclei-templates/2023/CVE-2023-25446-9a4a86b73d09899b1f2fa163f3660f75.yaml
index 3e0d0c3e45..5ff9814b3c 100644
--- a/nuclei-templates/2023/CVE-2023-25446-9a4a86b73d09899b1f2fa163f3660f75.yaml
+++ b/nuclei-templates/2023/CVE-2023-25446-9a4a86b73d09899b1f2fa163f3660f75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HappyFiles Pro <= 1.8.1 - Missing Authorization to Arbitrary File Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The HappyFiles Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to execute unauthorized actions such as deleting arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happyfiles-pro/"
     google-query: inurl:"/wp-content/plugins/happyfiles-pro/"
     shodan-query: 'vuln:CVE-2023-25446'
-  tags: cve,wordpress,wp-plugin,happyfiles-pro,medium
+  tags: cve,wordpress,wp-plugin,happyfiles-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25448-63705f2cf5933c3d0b8cb680facff791.yaml b/nuclei-templates/2023/CVE-2023-25448-63705f2cf5933c3d0b8cb680facff791.yaml
index 56ae985056..2686ad24af 100644
--- a/nuclei-templates/2023/CVE-2023-25448-63705f2cf5933c3d0b8cb680facff791.yaml
+++ b/nuclei-templates/2023/CVE-2023-25448-63705f2cf5933c3d0b8cb680facff791.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Archivist – Custom Archive Templates <= 1.7.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.4. This is due to missing or incorrect nonce validation on the 'settings_page' function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/archivist-custom-archive-templates/"
     google-query: inurl:"/wp-content/plugins/archivist-custom-archive-templates/"
     shodan-query: 'vuln:CVE-2023-25448'
-  tags: cve,wordpress,wp-plugin,archivist-custom-archive-templates,high
+  tags: cve,wordpress,wp-plugin,archivist-custom-archive-templates,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25451-20277bf2aad5677f3f9bd4eac5f630c9.yaml b/nuclei-templates/2023/CVE-2023-25451-20277bf2aad5677f3f9bd4eac5f630c9.yaml
index e5124151f8..27c3cf643a 100644
--- a/nuclei-templates/2023/CVE-2023-25451-20277bf2aad5677f3f9bd4eac5f630c9.yaml
+++ b/nuclei-templates/2023/CVE-2023-25451-20277bf2aad5677f3f9bd4eac5f630c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CPO Content Types <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CPO Content Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cpo-content-types/"
     google-query: inurl:"/wp-content/plugins/cpo-content-types/"
     shodan-query: 'vuln:CVE-2023-25451'
-  tags: cve,wordpress,wp-plugin,cpo-content-types,medium
+  tags: cve,wordpress,wp-plugin,cpo-content-types,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25452-a3fcccf439bdac9208ecc47d006e929e.yaml b/nuclei-templates/2023/CVE-2023-25452-a3fcccf439bdac9208ecc47d006e929e.yaml
index 400e677b8c..ee23083882 100644
--- a/nuclei-templates/2023/CVE-2023-25452-a3fcccf439bdac9208ecc47d006e929e.yaml
+++ b/nuclei-templates/2023/CVE-2023-25452-a3fcccf439bdac9208ecc47d006e929e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CMS Press <= 0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CMS Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cms-press/"
     google-query: inurl:"/wp-content/plugins/cms-press/"
     shodan-query: 'vuln:CVE-2023-25452'
-  tags: cve,wordpress,wp-plugin,cms-press,medium
+  tags: cve,wordpress,wp-plugin,cms-press,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25454-5d1bfbb84afa64ba47c235dccca370e2.yaml b/nuclei-templates/2023/CVE-2023-25454-5d1bfbb84afa64ba47c235dccca370e2.yaml
index 17be2be4b5..146906beb1 100644
--- a/nuclei-templates/2023/CVE-2023-25454-5d1bfbb84afa64ba47c235dccca370e2.yaml
+++ b/nuclei-templates/2023/CVE-2023-25454-5d1bfbb84afa64ba47c235dccca370e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Protected Posts Logout Button <= 1.4.5 - Missing Authorization on pplb_options_save
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Protected Posts Logout Button plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pplb_options_save function in versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to update the plugin's settings. A nonce check was added in version 1.4.5, which does not address this issue properly. 1.4.6 adds a capability check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/protected-posts-logout-button/"
     google-query: inurl:"/wp-content/plugins/protected-posts-logout-button/"
     shodan-query: 'vuln:CVE-2023-25454'
-  tags: cve,wordpress,wp-plugin,protected-posts-logout-button,medium
+  tags: cve,wordpress,wp-plugin,protected-posts-logout-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25455-7a725b90d4cc282b22e04990737c3b98.yaml b/nuclei-templates/2023/CVE-2023-25455-7a725b90d4cc282b22e04990737c3b98.yaml
index 94b5a2dc9f..580038e534 100644
--- a/nuclei-templates/2023/CVE-2023-25455-7a725b90d4cc282b22e04990737c3b98.yaml
+++ b/nuclei-templates/2023/CVE-2023-25455-7a725b90d4cc282b22e04990737c3b98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Social Login and Register <= 7.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Social Login and Register plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 7.6.0. This is due to a missing capability check on the 'mo_openid_login_validate' (and possibly 'end_new_tour2' and 'mo_openid_show_apps') functions. This makes it possible for unauthenticated attackers to delete social profile data and potentially perform other tasks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-login-openid/"
     google-query: inurl:"/wp-content/plugins/miniorange-login-openid/"
     shodan-query: 'vuln:CVE-2023-25455'
-  tags: cve,wordpress,wp-plugin,miniorange-login-openid,medium
+  tags: cve,wordpress,wp-plugin,miniorange-login-openid,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25456-e9d4c2285e81f24a0ebb73201d5c6506.yaml b/nuclei-templates/2023/CVE-2023-25456-e9d4c2285e81f24a0ebb73201d5c6506.yaml
index bc84b700e7..a525cbe7a5 100644
--- a/nuclei-templates/2023/CVE-2023-25456-e9d4c2285e81f24a0ebb73201d5c6506.yaml
+++ b/nuclei-templates/2023/CVE-2023-25456-e9d4c2285e81f24a0ebb73201d5c6506.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Klaviyo <= 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Klaviyo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/klaviyo/"
     google-query: inurl:"/wp-content/plugins/klaviyo/"
     shodan-query: 'vuln:CVE-2023-25456'
-  tags: cve,wordpress,wp-plugin,klaviyo,medium
+  tags: cve,wordpress,wp-plugin,klaviyo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25457-ed271342f2446f50a4b4b39df1d986d6.yaml b/nuclei-templates/2023/CVE-2023-25457-ed271342f2446f50a4b4b39df1d986d6.yaml
index 39f287eb04..52bb918de9 100644
--- a/nuclei-templates/2023/CVE-2023-25457-ed271342f2446f50a4b4b39df1d986d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-25457-ed271342f2446f50a4b4b39df1d986d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Carousel – Responsive Image Slider <= 1.5.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slider Carousel – Responsive Image Slider plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to make use of this functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-images/"
     google-query: inurl:"/wp-content/plugins/slider-images/"
     shodan-query: 'vuln:CVE-2023-25457'
-  tags: cve,wordpress,wp-plugin,slider-images,medium
+  tags: cve,wordpress,wp-plugin,slider-images,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25458-dfc5edcffb51809997c1a8d53e1c44ad.yaml b/nuclei-templates/2023/CVE-2023-25458-dfc5edcffb51809997c1a8d53e1c44ad.yaml
index e90a6a9b5c..274278e8dc 100644
--- a/nuclei-templates/2023/CVE-2023-25458-dfc5edcffb51809997c1a8d53e1c44ad.yaml
+++ b/nuclei-templates/2023/CVE-2023-25458-dfc5edcffb51809997c1a8d53e1c44ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unspecified parameters in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ts-webfonts-for-conoha/"
     google-query: inurl:"/wp-content/plugins/ts-webfonts-for-conoha/"
     shodan-query: 'vuln:CVE-2023-25458'
-  tags: cve,wordpress,wp-plugin,ts-webfonts-for-conoha,medium
+  tags: cve,wordpress,wp-plugin,ts-webfonts-for-conoha,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25459-67558508f8127f6d47b6b0749495c9d6.yaml b/nuclei-templates/2023/CVE-2023-25459-67558508f8127f6d47b6b0749495c9d6.yaml
index 0c97fffb4c..4ecf2ed0c2 100644
--- a/nuclei-templates/2023/CVE-2023-25459-67558508f8127f6d47b6b0749495c9d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-25459-67558508f8127f6d47b6b0749495c9d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Snippets <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'snippet_content'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘snippet_content’ parameter in versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-snippets/"
     google-query: inurl:"/wp-content/plugins/post-snippets/"
     shodan-query: 'vuln:CVE-2023-25459'
-  tags: cve,wordpress,wp-plugin,post-snippets,medium
+  tags: cve,wordpress,wp-plugin,post-snippets,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2546-e3973fedf7a8f63d43b3386884883485.yaml b/nuclei-templates/2023/CVE-2023-2546-e3973fedf7a8f63d43b3386884883485.yaml
index 0b9f7afea2..181d609d82 100644
--- a/nuclei-templates/2023/CVE-2023-2546-e3973fedf7a8f63d43b3386884883485.yaml
+++ b/nuclei-templates/2023/CVE-2023-2546-e3973fedf7a8f63d43b3386884883485.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Switch <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-switch/"
     google-query: inurl:"/wp-content/plugins/wp-user-switch/"
     shodan-query: 'vuln:CVE-2023-2546'
-  tags: cve,wordpress,wp-plugin,wp-user-switch,high
+  tags: cve,wordpress,wp-plugin,wp-user-switch,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25460-70088a82bdb29c81346c08fa9d47c687.yaml b/nuclei-templates/2023/CVE-2023-25460-70088a82bdb29c81346c08fa9d47c687.yaml
index 9efcf2e978..c339b83a54 100644
--- a/nuclei-templates/2023/CVE-2023-25460-70088a82bdb29c81346c08fa9d47c687.yaml
+++ b/nuclei-templates/2023/CVE-2023-25460-70088a82bdb29c81346c08fa9d47c687.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Ad Manager <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Ad Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-ad-manager/"
     google-query: inurl:"/wp-content/plugins/easy-ad-manager/"
     shodan-query: 'vuln:CVE-2023-25460'
-  tags: cve,wordpress,wp-plugin,easy-ad-manager,medium
+  tags: cve,wordpress,wp-plugin,easy-ad-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25461-c33e053383feb22bc4a0a09a68717fb4.yaml b/nuclei-templates/2023/CVE-2023-25461-c33e053383feb22bc4a0a09a68717fb4.yaml
index 0d4bfcb375..de93727c28 100644
--- a/nuclei-templates/2023/CVE-2023-25461-c33e053383feb22bc4a0a09a68717fb4.yaml
+++ b/nuclei-templates/2023/CVE-2023-25461-c33e053383feb22bc4a0a09a68717fb4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wp-Insert for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.5.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-insert/"
     google-query: inurl:"/wp-content/plugins/wp-insert/"
     shodan-query: 'vuln:CVE-2023-25461'
-  tags: cve,wordpress,wp-plugin,wp-insert,medium
+  tags: cve,wordpress,wp-plugin,wp-insert,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25462-4c313c7653b942a477e04e3a6c17f18a.yaml b/nuclei-templates/2023/CVE-2023-25462-4c313c7653b942a477e04e3a6c17f18a.yaml
index c437fc34bf..3a5a3aa63c 100644
--- a/nuclei-templates/2023/CVE-2023-25462-4c313c7653b942a477e04e3a6c17f18a.yaml
+++ b/nuclei-templates/2023/CVE-2023-25462-4c313c7653b942a477e04e3a6c17f18a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP htaccess Control <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP htaccess Control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-htaccess-control/"
     google-query: inurl:"/wp-content/plugins/wp-htaccess-control/"
     shodan-query: 'vuln:CVE-2023-25462'
-  tags: cve,wordpress,wp-plugin,wp-htaccess-control,medium
+  tags: cve,wordpress,wp-plugin,wp-htaccess-control,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25464-f7f846ee6a2643596409a73557db5ac2.yaml b/nuclei-templates/2023/CVE-2023-25464-f7f846ee6a2643596409a73557db5ac2.yaml
index c72dea2096..9279a8dbb7 100644
--- a/nuclei-templates/2023/CVE-2023-25464-f7f846ee6a2643596409a73557db5ac2.yaml
+++ b/nuclei-templates/2023/CVE-2023-25464-f7f846ee6a2643596409a73557db5ac2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Twitch Player <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Twitch Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘swti_options_player[swti_player_welcome_bg_colour]’, 'swti_options_player[swti_player_welcome_image]', 'swti_options_player[swti_player_welcome_logo]', 'swti_options_player[swti_player_welcome_text]', 'swti_options_player[swti_player_welcome_text_2]', and 'swti_options_player[swti_player_welcome_text_colour]' parameters in versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ttv-easy-embed-player/"
     google-query: inurl:"/wp-content/plugins/ttv-easy-embed-player/"
     shodan-query: 'vuln:CVE-2023-25464'
-  tags: cve,wordpress,wp-plugin,ttv-easy-embed-player,medium
+  tags: cve,wordpress,wp-plugin,ttv-easy-embed-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25465-d4c59ee10654dc665fe7870643db894a.yaml b/nuclei-templates/2023/CVE-2023-25465-d4c59ee10654dc665fe7870643db894a.yaml
index c0ce5ab542..de19f435f1 100644
--- a/nuclei-templates/2023/CVE-2023-25465-d4c59ee10654dc665fe7870643db894a.yaml
+++ b/nuclei-templates/2023/CVE-2023-25465-d4c59ee10654dc665fe7870643db894a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wp tell a friend popup form <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wp tell a friend popup form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings versions up to, and including, 7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-tell-a-friend-popup-form/"
     google-query: inurl:"/wp-content/plugins/wp-tell-a-friend-popup-form/"
     shodan-query: 'vuln:CVE-2023-25465'
-  tags: cve,wordpress,wp-plugin,wp-tell-a-friend-popup-form,medium
+  tags: cve,wordpress,wp-plugin,wp-tell-a-friend-popup-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25469-3d0e7652c5954cde6070c6634683929c.yaml b/nuclei-templates/2023/CVE-2023-25469-3d0e7652c5954cde6070c6634683929c.yaml
index 1d15cea215..7ad179b492 100644
--- a/nuclei-templates/2023/CVE-2023-25469-3d0e7652c5954cde6070c6634683929c.yaml
+++ b/nuclei-templates/2023/CVE-2023-25469-3d0e7652c5954cde6070c6634683929c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Table of Contents <= 2.0.45.2 - Missing Authorization via eztoc_reset_options_to_default
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Table of Contents plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the eztoc_reset_options_to_default function in versions up to, and including, 2.0.45.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset plugin options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-table-of-contents/"
     google-query: inurl:"/wp-content/plugins/easy-table-of-contents/"
     shodan-query: 'vuln:CVE-2023-25469'
-  tags: cve,wordpress,wp-plugin,easy-table-of-contents,medium
+  tags: cve,wordpress,wp-plugin,easy-table-of-contents,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2547-a766deff845672c22971718a646cf246.yaml b/nuclei-templates/2023/CVE-2023-2547-a766deff845672c22971718a646cf246.yaml
index dfd7835554..288aa7c063 100644
--- a/nuclei-templates/2023/CVE-2023-2547-a766deff845672c22971718a646cf246.yaml
+++ b/nuclei-templates/2023/CVE-2023-2547-a766deff845672c22971718a646cf246.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Non-Arbitrary User Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the temp user generated by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feather-login-page/"
     google-query: inurl:"/wp-content/plugins/feather-login-page/"
     shodan-query: 'vuln:CVE-2023-2547'
-  tags: cve,wordpress,wp-plugin,feather-login-page,medium
+  tags: cve,wordpress,wp-plugin,feather-login-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25477-fcbd76097c62e0d5592f5bd058f1a16f.yaml b/nuclei-templates/2023/CVE-2023-25477-fcbd76097c62e0d5592f5bd058f1a16f.yaml
index 98898c4ec3..5c17ad4342 100644
--- a/nuclei-templates/2023/CVE-2023-25477-fcbd76097c62e0d5592f5bd058f1a16f.yaml
+++ b/nuclei-templates/2023/CVE-2023-25477-fcbd76097c62e0d5592f5bd058f1a16f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Gallery <= 1.3.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yotuwp-easy-youtube-embed/"
     google-query: inurl:"/wp-content/plugins/yotuwp-easy-youtube-embed/"
     shodan-query: 'vuln:CVE-2023-25477'
-  tags: cve,wordpress,wp-plugin,yotuwp-easy-youtube-embed,medium
+  tags: cve,wordpress,wp-plugin,yotuwp-easy-youtube-embed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25479-4f7a95f2553b4e4ec80b6d04a6fbc8bb.yaml b/nuclei-templates/2023/CVE-2023-25479-4f7a95f2553b4e4ec80b6d04a6fbc8bb.yaml
index 806a55ec96..f7a9beb76c 100644
--- a/nuclei-templates/2023/CVE-2023-25479-4f7a95f2553b4e4ec80b6d04a6fbc8bb.yaml
+++ b/nuclei-templates/2023/CVE-2023-25479-4f7a95f2553b4e4ec80b6d04a6fbc8bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Subscribe button <= 1.3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Podlove Subscribe button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-subscribe-button/"
     google-query: inurl:"/wp-content/plugins/podlove-subscribe-button/"
     shodan-query: 'vuln:CVE-2023-25479'
-  tags: cve,wordpress,wp-plugin,podlove-subscribe-button,medium
+  tags: cve,wordpress,wp-plugin,podlove-subscribe-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2548-fcd65c8735954219062dc7bc27977dbf.yaml b/nuclei-templates/2023/CVE-2023-2548-fcd65c8735954219062dc7bc27977dbf.yaml
index 85507a50cc..486de7398b 100644
--- a/nuclei-templates/2023/CVE-2023-2548-fcd65c8735954219062dc7bc27977dbf.yaml
+++ b/nuclei-templates/2023/CVE-2023-2548-fcd65c8735954219062dc7bc27977dbf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permissions and above, to change user passwords and potentially take over super-administrator accounts in multisite setup.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2023-2548'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25483-4b7a2f690ab23a9c56fa493203cfb340.yaml b/nuclei-templates/2023/CVE-2023-25483-4b7a2f690ab23a9c56fa493203cfb340.yaml
index 7b8d4c4008..261a3eb82f 100644
--- a/nuclei-templates/2023/CVE-2023-25483-4b7a2f690ab23a9c56fa493203cfb340.yaml
+++ b/nuclei-templates/2023/CVE-2023-25483-4b7a2f690ab23a9c56fa493203cfb340.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Coming Soon <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Coming Soon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-coming-soon/"
     google-query: inurl:"/wp-content/plugins/easy-coming-soon/"
     shodan-query: 'vuln:CVE-2023-25483'
-  tags: cve,wordpress,wp-plugin,easy-coming-soon,medium
+  tags: cve,wordpress,wp-plugin,easy-coming-soon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25484-d3f480cf02dc331ee92b8ba5f6c29338.yaml b/nuclei-templates/2023/CVE-2023-25484-d3f480cf02dc331ee92b8ba5f6c29338.yaml
index b81242adb0..262a6c1ae2 100644
--- a/nuclei-templates/2023/CVE-2023-25484-d3f480cf02dc331ee92b8ba5f6c29338.yaml
+++ b/nuclei-templates/2023/CVE-2023-25484-d3f480cf02dc331ee92b8ba5f6c29338.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Yearly Archive <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Yearly Archive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-yearly-archive/"
     google-query: inurl:"/wp-content/plugins/simple-yearly-archive/"
     shodan-query: 'vuln:CVE-2023-25484'
-  tags: cve,wordpress,wp-plugin,simple-yearly-archive,medium
+  tags: cve,wordpress,wp-plugin,simple-yearly-archive,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25485-adbb6fa0fc2db14e16c1a1b09c0380c9.yaml b/nuclei-templates/2023/CVE-2023-25485-adbb6fa0fc2db14e16c1a1b09c0380c9.yaml
index 4adf59c508..cefb31629a 100644
--- a/nuclei-templates/2023/CVE-2023-25485-adbb6fa0fc2db14e16c1a1b09c0380c9.yaml
+++ b/nuclei-templates/2023/CVE-2023-25485-adbb6fa0fc2db14e16c1a1b09c0380c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JSON Content Importer <= 1.3.15 - Authenticated (Admin+) Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JSON Content Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/json-content-importer/"
     google-query: inurl:"/wp-content/plugins/json-content-importer/"
     shodan-query: 'vuln:CVE-2023-25485'
-  tags: cve,wordpress,wp-plugin,json-content-importer,medium
+  tags: cve,wordpress,wp-plugin,json-content-importer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25486-7379020b548b14b7be62b539ae5d76a2.yaml b/nuclei-templates/2023/CVE-2023-25486-7379020b548b14b7be62b539ae5d76a2.yaml
index c2a87d0288..6ba9f6bb68 100644
--- a/nuclei-templates/2023/CVE-2023-25486-7379020b548b14b7be62b539ae5d76a2.yaml
+++ b/nuclei-templates/2023/CVE-2023-25486-7379020b548b14b7be62b539ae5d76a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clone <= 2.3.7 - Missing Authorization via wp_ajax_tifm_save_decision
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Clone plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_tifm_save_decision function in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the 'Test new plugins before installing' setting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-clone-by-wp-academy/"
     google-query: inurl:"/wp-content/plugins/wp-clone-by-wp-academy/"
     shodan-query: 'vuln:CVE-2023-25486'
-  tags: cve,wordpress,wp-plugin,wp-clone-by-wp-academy,medium
+  tags: cve,wordpress,wp-plugin,wp-clone-by-wp-academy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25488-498a64542dbb51a5eba70d23bf7af5b7.yaml b/nuclei-templates/2023/CVE-2023-25488-498a64542dbb51a5eba70d23bf7af5b7.yaml
index fc6871162e..7ec1b7fda4 100644
--- a/nuclei-templates/2023/CVE-2023-25488-498a64542dbb51a5eba70d23bf7af5b7.yaml
+++ b/nuclei-templates/2023/CVE-2023-25488-498a64542dbb51a5eba70d23bf7af5b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Default Feature Image <= 1.0.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Default Feature Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-default-feature-image/"
     google-query: inurl:"/wp-content/plugins/wp-default-feature-image/"
     shodan-query: 'vuln:CVE-2023-25488'
-  tags: cve,wordpress,wp-plugin,wp-default-feature-image,medium
+  tags: cve,wordpress,wp-plugin,wp-default-feature-image,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2549-a8cea4062eea92bba71d4c0d54416fa2.yaml b/nuclei-templates/2023/CVE-2023-2549-a8cea4062eea92bba71d4c0d54416fa2.yaml
index b2ab15180a..63df5c1b6c 100644
--- a/nuclei-templates/2023/CVE-2023-2549-a8cea4062eea92bba71d4c0d54416fa2.yaml
+++ b/nuclei-templates/2023/CVE-2023-2549-a8cea4062eea92bba71d4c0d54416fa2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feather Login Page 1.0.7 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a new user with administrator role via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can leverage CVE-2023-2545 to get the login link or request a password reset to the new user's email address.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feather-login-page/"
     google-query: inurl:"/wp-content/plugins/feather-login-page/"
     shodan-query: 'vuln:CVE-2023-2549'
-  tags: cve,wordpress,wp-plugin,feather-login-page,high
+  tags: cve,wordpress,wp-plugin,feather-login-page,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25490-1c50317ba4f62105b747a16f1bd9f458.yaml b/nuclei-templates/2023/CVE-2023-25490-1c50317ba4f62105b747a16f1bd9f458.yaml
index 9ff3f4a5b6..faaa0a1436 100644
--- a/nuclei-templates/2023/CVE-2023-25490-1c50317ba4f62105b747a16f1bd9f458.yaml
+++ b/nuclei-templates/2023/CVE-2023-25490-1c50317ba4f62105b747a16f1bd9f458.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Archivist – Custom Archive Templates <= 1.7.4 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/archivist-custom-archive-templates/"
     google-query: inurl:"/wp-content/plugins/archivist-custom-archive-templates/"
     shodan-query: 'vuln:CVE-2023-25490'
-  tags: cve,wordpress,wp-plugin,archivist-custom-archive-templates,medium
+  tags: cve,wordpress,wp-plugin,archivist-custom-archive-templates,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25491-7438f6c5de0164c1ebbfea6f43fc0dba.yaml b/nuclei-templates/2023/CVE-2023-25491-7438f6c5de0164c1ebbfea6f43fc0dba.yaml
index 008c006058..26c69a6668 100644
--- a/nuclei-templates/2023/CVE-2023-25491-7438f6c5de0164c1ebbfea6f43fc0dba.yaml
+++ b/nuclei-templates/2023/CVE-2023-25491-7438f6c5de0164c1ebbfea6f43fc0dba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JCH Optimize <= 3.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JCH Optimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jch-optimize/"
     google-query: inurl:"/wp-content/plugins/jch-optimize/"
     shodan-query: 'vuln:CVE-2023-25491'
-  tags: cve,wordpress,wp-plugin,jch-optimize,medium
+  tags: cve,wordpress,wp-plugin,jch-optimize,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2555-fc8e4381ea5ebd79c418e0830ad7aa41.yaml b/nuclei-templates/2023/CVE-2023-2555-fc8e4381ea5ebd79c418e0830ad7aa41.yaml
index 27ccfef6b2..ce6fcddb5f 100644
--- a/nuclei-templates/2023/CVE-2023-2555-fc8e4381ea5ebd79c418e0830ad7aa41.yaml
+++ b/nuclei-templates/2023/CVE-2023-2555-fc8e4381ea5ebd79c418e0830ad7aa41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/currency-switcher/"
     google-query: inurl:"/wp-content/plugins/currency-switcher/"
     shodan-query: 'vuln:CVE-2023-2555'
-  tags: cve,wordpress,wp-plugin,currency-switcher,medium
+  tags: cve,wordpress,wp-plugin,currency-switcher,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2556-666b2fb2c881bde28dcf6538f4e79c83.yaml b/nuclei-templates/2023/CVE-2023-2556-666b2fb2c881bde28dcf6538f4e79c83.yaml
index c44ab27848..2915823f6e 100644
--- a/nuclei-templates/2023/CVE-2023-2556-666b2fb2c881bde28dcf6538f4e79c83.yaml
+++ b/nuclei-templates/2023/CVE-2023-2556-666b2fb2c881bde28dcf6538f4e79c83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/currency-switcher/"
     google-query: inurl:"/wp-content/plugins/currency-switcher/"
     shodan-query: 'vuln:CVE-2023-2556'
-  tags: cve,wordpress,wp-plugin,currency-switcher,medium
+  tags: cve,wordpress,wp-plugin,currency-switcher,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2557-2d27e10efdfec8fc58acf4cf64107b4a.yaml b/nuclei-templates/2023/CVE-2023-2557-2d27e10efdfec8fc58acf4cf64107b4a.yaml
index 621031e7f7..d2a0dbc38c 100644
--- a/nuclei-templates/2023/CVE-2023-2557-2d27e10efdfec8fc58acf4cf64107b4a.yaml
+++ b/nuclei-templates/2023/CVE-2023-2557-2d27e10efdfec8fc58acf4cf64107b4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/currency-switcher/"
     google-query: inurl:"/wp-content/plugins/currency-switcher/"
     shodan-query: 'vuln:CVE-2023-2557'
-  tags: cve,wordpress,wp-plugin,currency-switcher,medium
+  tags: cve,wordpress,wp-plugin,currency-switcher,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2558-181f8727807ba64411fbc27b7d06a7f7.yaml b/nuclei-templates/2023/CVE-2023-2558-181f8727807ba64411fbc27b7d06a7f7.yaml
index 656d99f5d7..647bfc9b3a 100644
--- a/nuclei-templates/2023/CVE-2023-2558-181f8727807ba64411fbc27b7d06a7f7.yaml
+++ b/nuclei-templates/2023/CVE-2023-2558-181f8727807ba64411fbc27b7d06a7f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/currency-switcher/"
     google-query: inurl:"/wp-content/plugins/currency-switcher/"
     shodan-query: 'vuln:CVE-2023-2558'
-  tags: cve,wordpress,wp-plugin,currency-switcher,medium
+  tags: cve,wordpress,wp-plugin,currency-switcher,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2561-24e92d0b5bd4d59ca9bd929ad9b17b1d.yaml b/nuclei-templates/2023/CVE-2023-2561-24e92d0b5bd4d59ca9bd929ad9b17b1d.yaml
index 4cdf33c08d..d9599ef04d 100644
--- a/nuclei-templates/2023/CVE-2023-2561-24e92d0b5bd4d59ca9bd929ad9b17b1d.yaml
+++ b/nuclei-templates/2023/CVE-2023-2561-24e92d0b5bd4d59ca9bd929ad9b17b1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with this plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-metabox/"
     google-query: inurl:"/wp-content/plugins/gallery-metabox/"
     shodan-query: 'vuln:CVE-2023-2561'
-  tags: cve,wordpress,wp-plugin,gallery-metabox,medium
+  tags: cve,wordpress,wp-plugin,gallery-metabox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2562-b4794af8b89126f30163809c87b8527e.yaml b/nuclei-templates/2023/CVE-2023-2562-b4794af8b89126f30163809c87b8527e.yaml
index 1d33434081..31724a5511 100644
--- a/nuclei-templates/2023/CVE-2023-2562-b4794af8b89126f30163809c87b8527e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2562-b4794af8b89126f30163809c87b8527e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Metabox <= 1.5 - Missing Authorization via refresh_metabox
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-metabox/"
     google-query: inurl:"/wp-content/plugins/gallery-metabox/"
     shodan-query: 'vuln:CVE-2023-2562'
-  tags: cve,wordpress,wp-plugin,gallery-metabox,medium
+  tags: cve,wordpress,wp-plugin,gallery-metabox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25699-86f850e8e3017abf354eb04e885cbf48.yaml b/nuclei-templates/2023/CVE-2023-25699-86f850e8e3017abf354eb04e885cbf48.yaml
index 7c211b0cfa..864e44e784 100644
--- a/nuclei-templates/2023/CVE-2023-25699-86f850e8e3017abf354eb04e885cbf48.yaml
+++ b/nuclei-templates/2023/CVE-2023-25699-86f850e8e3017abf354eb04e885cbf48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Live Streaming - Broadcast Live Video Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 5.5.15. This allows unauthenticated attackers to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/"
     google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/"
     shodan-query: 'vuln:CVE-2023-25699'
-  tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,critical
+  tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25702-ac00155c6073a79243073e436990a17b.yaml b/nuclei-templates/2023/CVE-2023-25702-ac00155c6073a79243073e436990a17b.yaml
index a5383a95a7..ae96991a35 100644
--- a/nuclei-templates/2023/CVE-2023-25702-ac00155c6073a79243073e436990a17b.yaml
+++ b/nuclei-templates/2023/CVE-2023-25702-ac00155c6073a79243073e436990a17b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick Paypal Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings through several parameters (blurb, comboboxword, comboboxlabel, shortcodeamount, postagepercent, postagefixed, couponref, couponbutton, minamount, recurringhowmany, Dperiod, Wperiod, Mperiod, Yperiod, every, quantitymaxblurb, min, max, initial, step) in versions up to, and including, 5.7.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-paypal-payments/"
     google-query: inurl:"/wp-content/plugins/quick-paypal-payments/"
     shodan-query: 'vuln:CVE-2023-25702'
-  tags: cve,wordpress,wp-plugin,quick-paypal-payments,medium
+  tags: cve,wordpress,wp-plugin,quick-paypal-payments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25704-d58b2eb7209b77e10a0a7be6a3ad7570.yaml b/nuclei-templates/2023/CVE-2023-25704-d58b2eb7209b77e10a0a7be6a3ad7570.yaml
index 724ad6f2b7..770c147057 100644
--- a/nuclei-templates/2023/CVE-2023-25704-d58b2eb7209b77e10a0a7be6a3ad7570.yaml
+++ b/nuclei-templates/2023/CVE-2023-25704-d58b2eb7209b77e10a0a7be6a3ad7570.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Interactive SVG Image Map Builder <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Interactive SVG Image Map Builder for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-image-map-builder/"
     google-query: inurl:"/wp-content/plugins/interactive-image-map-builder/"
     shodan-query: 'vuln:CVE-2023-25704'
-  tags: cve,wordpress,wp-plugin,interactive-image-map-builder,medium
+  tags: cve,wordpress,wp-plugin,interactive-image-map-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25705-fc6f44579727101979a58b50043c9f62.yaml b/nuclei-templates/2023/CVE-2023-25705-fc6f44579727101979a58b50043c9f62.yaml
index 32ef7fecde..265be87654 100644
--- a/nuclei-templates/2023/CVE-2023-25705-fc6f44579727101979a58b50043c9f62.yaml
+++ b/nuclei-templates/2023/CVE-2023-25705-fc6f44579727101979a58b50043c9f62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Prayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-prayer/"
     google-query: inurl:"/wp-content/plugins/wp-prayer/"
     shodan-query: 'vuln:CVE-2023-25705'
-  tags: cve,wordpress,wp-plugin,wp-prayer,medium
+  tags: cve,wordpress,wp-plugin,wp-prayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25710-7abc665e21c65fbf0435b861d32be85d.yaml b/nuclei-templates/2023/CVE-2023-25710-7abc665e21c65fbf0435b861d32be85d.yaml
index 598c3457f9..8923a85312 100644
--- a/nuclei-templates/2023/CVE-2023-25710-7abc665e21c65fbf0435b861d32be85d.yaml
+++ b/nuclei-templates/2023/CVE-2023-25710-7abc665e21c65fbf0435b861d32be85d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Click to Call or Chat Buttons <= 1.4.0 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Click to Call or Chat Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/click-to-call-or-chat-buttons/"
     google-query: inurl:"/wp-content/plugins/click-to-call-or-chat-buttons/"
     shodan-query: 'vuln:CVE-2023-25710'
-  tags: cve,wordpress,wp-plugin,click-to-call-or-chat-buttons,medium
+  tags: cve,wordpress,wp-plugin,click-to-call-or-chat-buttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25712-7173b1dd80c7cb39c8dbdccb921d11e8.yaml b/nuclei-templates/2023/CVE-2023-25712-7173b1dd80c7cb39c8dbdccb921d11e8.yaml
index 48f02a55e4..300a860a54 100644
--- a/nuclei-templates/2023/CVE-2023-25712-7173b1dd80c7cb39c8dbdccb921d11e8.yaml
+++ b/nuclei-templates/2023/CVE-2023-25712-7173b1dd80c7cb39c8dbdccb921d11e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Analytics Opt-Out <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Analytics Opt-Out for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-opt-out/"
     google-query: inurl:"/wp-content/plugins/google-analytics-opt-out/"
     shodan-query: 'vuln:CVE-2023-25712'
-  tags: cve,wordpress,wp-plugin,google-analytics-opt-out,medium
+  tags: cve,wordpress,wp-plugin,google-analytics-opt-out,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25715-2b733e03ac956657b279c0c2e7178248.yaml b/nuclei-templates/2023/CVE-2023-25715-2b733e03ac956657b279c0c2e7178248.yaml
index 7756179a8c..399bddc39b 100644
--- a/nuclei-templates/2023/CVE-2023-25715-2b733e03ac956657b279c0c2e7178248.yaml
+++ b/nuclei-templates/2023/CVE-2023-25715-2b733e03ac956657b279c0c2e7178248.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GamiPress <= 2.5.6 - Missing Authorization to User Points Updates
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GamiPress plugin for WordPress is vulnerable to unauthorized modification of user data due to a missing capability check on the gamipress_ajax_profile_update_user_points function in versions up to, and including, 2.5.6. This makes it possible for authenticated attackers with subscriber-level access or higher to manipulate rewards points of other users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gamipress/"
     google-query: inurl:"/wp-content/plugins/gamipress/"
     shodan-query: 'vuln:CVE-2023-25715'
-  tags: cve,wordpress,wp-plugin,gamipress,medium
+  tags: cve,wordpress,wp-plugin,gamipress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25716-4e902ac20277ef72a0ba4b9fef3685d6.yaml b/nuclei-templates/2023/CVE-2023-25716-4e902ac20277ef72a0ba4b9fef3685d6.yaml
index 24257a341a..9db689a793 100644
--- a/nuclei-templates/2023/CVE-2023-25716-4e902ac20277ef72a0ba4b9fef3685d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-25716-4e902ac20277ef72a0ba4b9fef3685d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Announce from the Dashboard <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/announce-from-the-dashboard/"
     google-query: inurl:"/wp-content/plugins/announce-from-the-dashboard/"
     shodan-query: 'vuln:CVE-2023-25716'
-  tags: cve,wordpress,wp-plugin,announce-from-the-dashboard,medium
+  tags: cve,wordpress,wp-plugin,announce-from-the-dashboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2578-e74780b7e51cbe82d58b11a6033838ff.yaml b/nuclei-templates/2023/CVE-2023-2578-e74780b7e51cbe82d58b11a6033838ff.yaml
index 1887b6b4d7..0d0b7281ed 100644
--- a/nuclei-templates/2023/CVE-2023-2578-e74780b7e51cbe82d58b11a6033838ff.yaml
+++ b/nuclei-templates/2023/CVE-2023-2578-e74780b7e51cbe82d58b11a6033838ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Buy Me a Coffee – Button and Widget Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buymeacoffee/"
     google-query: inurl:"/wp-content/plugins/buymeacoffee/"
     shodan-query: 'vuln:CVE-2023-2578'
-  tags: cve,wordpress,wp-plugin,buymeacoffee,medium
+  tags: cve,wordpress,wp-plugin,buymeacoffee,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25781-5edfe37e0774673d507ae94c41a64138.yaml b/nuclei-templates/2023/CVE-2023-25781-5edfe37e0774673d507ae94c41a64138.yaml
index f5d2079693..8345edcd04 100644
--- a/nuclei-templates/2023/CVE-2023-25781-5edfe37e0774673d507ae94c41a64138.yaml
+++ b/nuclei-templates/2023/CVE-2023-25781-5edfe37e0774673d507ae94c41a64138.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Upload File Type Settings Plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Upload File Type Settings Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/upload-file-type-settings-plugin/"
     google-query: inurl:"/wp-content/plugins/upload-file-type-settings-plugin/"
     shodan-query: 'vuln:CVE-2023-25781'
-  tags: cve,wordpress,wp-plugin,upload-file-type-settings-plugin,medium
+  tags: cve,wordpress,wp-plugin,upload-file-type-settings-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25782-bb6a55b0c6e726b2a2ecec4b50c8f7ea.yaml b/nuclei-templates/2023/CVE-2023-25782-bb6a55b0c6e726b2a2ecec4b50c8f7ea.yaml
index f5e3275e87..de378b12a5 100644
--- a/nuclei-templates/2023/CVE-2023-25782-bb6a55b0c6e726b2a2ecec4b50c8f7ea.yaml
+++ b/nuclei-templates/2023/CVE-2023-25782-bb6a55b0c6e726b2a2ecec4b50c8f7ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Service Area Postcode Checker <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Service Area Postcode Checker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/service-area-postcode-checker/"
     google-query: inurl:"/wp-content/plugins/service-area-postcode-checker/"
     shodan-query: 'vuln:CVE-2023-25782'
-  tags: cve,wordpress,wp-plugin,service-area-postcode-checker,medium
+  tags: cve,wordpress,wp-plugin,service-area-postcode-checker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25783-3ff2a2ae71a0269c8c6a199dba440423.yaml b/nuclei-templates/2023/CVE-2023-25783-3ff2a2ae71a0269c8c6a199dba440423.yaml
index c356672930..fd2adc47c3 100644
--- a/nuclei-templates/2023/CVE-2023-25783-3ff2a2ae71a0269c8c6a199dba440423.yaml
+++ b/nuclei-templates/2023/CVE-2023-25783-3ff2a2ae71a0269c8c6a199dba440423.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Peadig's Like & Share Button <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Peadig's Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-like-send-button/"
     google-query: inurl:"/wp-content/plugins/facebook-like-send-button/"
     shodan-query: 'vuln:CVE-2023-25783'
-  tags: cve,wordpress,wp-plugin,facebook-like-send-button,medium
+  tags: cve,wordpress,wp-plugin,facebook-like-send-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25784-e6b604fdb9cd729f08feb0319847d447.yaml b/nuclei-templates/2023/CVE-2023-25784-e6b604fdb9cd729f08feb0319847d447.yaml
index e10984fb57..a522d35182 100644
--- a/nuclei-templates/2023/CVE-2023-25784-e6b604fdb9cd729f08feb0319847d447.yaml
+++ b/nuclei-templates/2023/CVE-2023-25784-e6b604fdb9cd729f08feb0319847d447.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sticky Ad Bar <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sticky Ad Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via numerous plugin options parameters (such as 'sab_background_color', 'sab_bar_text_color_mob', and 'sab_bar_position', plus numerous others) in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sticky-ad-bar/"
     google-query: inurl:"/wp-content/plugins/sticky-ad-bar/"
     shodan-query: 'vuln:CVE-2023-25784'
-  tags: cve,wordpress,wp-plugin,sticky-ad-bar,medium
+  tags: cve,wordpress,wp-plugin,sticky-ad-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25785-872e77979f08b8dfa6cf8411f0e84c8f.yaml b/nuclei-templates/2023/CVE-2023-25785-872e77979f08b8dfa6cf8411f0e84c8f.yaml
index 5b69bdf079..d248c5df2d 100644
--- a/nuclei-templates/2023/CVE-2023-25785-872e77979f08b8dfa6cf8411f0e84c8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-25785-872e77979f08b8dfa6cf8411f0e84c8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Post Rating plugin for WordPress is vulnerable to unauthorized modification of votes in versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to manipulate ratings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-post-comment-rating/"
     google-query: inurl:"/wp-content/plugins/wp-post-comment-rating/"
     shodan-query: 'vuln:CVE-2023-25785'
-  tags: cve,wordpress,wp-plugin,wp-post-comment-rating,medium
+  tags: cve,wordpress,wp-plugin,wp-post-comment-rating,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25786-6ae4507849a8e19efb73377acf163d95.yaml b/nuclei-templates/2023/CVE-2023-25786-6ae4507849a8e19efb73377acf163d95.yaml
index c988a82352..5ce143db16 100644
--- a/nuclei-templates/2023/CVE-2023-25786-6ae4507849a8e19efb73377acf163d95.yaml
+++ b/nuclei-templates/2023/CVE-2023-25786-6ae4507849a8e19efb73377acf163d95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Eyes Only: User Access Shortcode <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Eyes Only: User Access Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eyes-only-user-access-shortcode/"
     google-query: inurl:"/wp-content/plugins/eyes-only-user-access-shortcode/"
     shodan-query: 'vuln:CVE-2023-25786'
-  tags: cve,wordpress,wp-plugin,eyes-only-user-access-shortcode,medium
+  tags: cve,wordpress,wp-plugin,eyes-only-user-access-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25787-3f433c20605e0478560f661cae839ad8.yaml b/nuclei-templates/2023/CVE-2023-25787-3f433c20605e0478560f661cae839ad8.yaml
index 8794cfe407..fa71f365f7 100644
--- a/nuclei-templates/2023/CVE-2023-25787-3f433c20605e0478560f661cae839ad8.yaml
+++ b/nuclei-templates/2023/CVE-2023-25787-3f433c20605e0478560f661cae839ad8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP资源下载管理 <= 1.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     TheWP资源下载管理  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-info-page/"
     google-query: inurl:"/wp-content/plugins/download-info-page/"
     shodan-query: 'vuln:CVE-2023-25787'
-  tags: cve,wordpress,wp-plugin,download-info-page,medium
+  tags: cve,wordpress,wp-plugin,download-info-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25789-0bb4c4e55d3bd7066abf4b3e5c409eb3.yaml b/nuclei-templates/2023/CVE-2023-25789-0bb4c4e55d3bd7066abf4b3e5c409eb3.yaml
index a8a7aa66a2..7f72a0c28b 100644
--- a/nuclei-templates/2023/CVE-2023-25789-0bb4c4e55d3bd7066abf4b3e5c409eb3.yaml
+++ b/nuclei-templates/2023/CVE-2023-25789-0bb4c4e55d3bd7066abf4b3e5c409eb3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tapfiliate <= 3.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tapfiliate  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tapfiliate/"
     google-query: inurl:"/wp-content/plugins/tapfiliate/"
     shodan-query: 'vuln:CVE-2023-25789'
-  tags: cve,wordpress,wp-plugin,tapfiliate,medium
+  tags: cve,wordpress,wp-plugin,tapfiliate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2579-6001aefe4ed5d867371bbaa565b1d288.yaml b/nuclei-templates/2023/CVE-2023-2579-6001aefe4ed5d867371bbaa565b1d288.yaml
index 0de8a5f50e..a3f6789810 100644
--- a/nuclei-templates/2023/CVE-2023-2579-6001aefe4ed5d867371bbaa565b1d288.yaml
+++ b/nuclei-templates/2023/CVE-2023-2579-6001aefe4ed5d867371bbaa565b1d288.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     InventoryPress <= 1.7 - Authenticated(Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The InventoryPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description parameter in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Author permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/inventorypress/"
     google-query: inurl:"/wp-content/plugins/inventorypress/"
     shodan-query: 'vuln:CVE-2023-2579'
-  tags: cve,wordpress,wp-plugin,inventorypress,medium
+  tags: cve,wordpress,wp-plugin,inventorypress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25790-7bd424eb93435e30d87b1474845a32ce.yaml b/nuclei-templates/2023/CVE-2023-25790-7bd424eb93435e30d87b1474845a32ce.yaml
index cb83236238..c6d1a93609 100644
--- a/nuclei-templates/2023/CVE-2023-25790-7bd424eb93435e30d87b1474845a32ce.yaml
+++ b/nuclei-templates/2023/CVE-2023-25790-7bd424eb93435e30d87b1474845a32ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WoodMart theme for WordPress is vulnerable to unauthorized shortcode injection in versions up to, and including, 7.1.1. This makes it possible for unauthenticated attackers to inject arbitrary shortcodes. This is only present when the "Display results from blog" setting is enabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/woodmart/"
     google-query: inurl:"/wp-content/themes/woodmart/"
     shodan-query: 'vuln:CVE-2023-25790'
-  tags: cve,wordpress,wp-theme,woodmart,medium
+  tags: cve,wordpress,wp-theme,woodmart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25791-ed8d60dbc212a2488ceb5fdf43131cd0.yaml b/nuclei-templates/2023/CVE-2023-25791-ed8d60dbc212a2488ceb5fdf43131cd0.yaml
index f61a3b436c..9fd19f1009 100644
--- a/nuclei-templates/2023/CVE-2023-25791-ed8d60dbc212a2488ceb5fdf43131cd0.yaml
+++ b/nuclei-templates/2023/CVE-2023-25791-ed8d60dbc212a2488ceb5fdf43131cd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fontiran <= 2.1 - Missing Authorization via fi_add_rule and fi_delete_webfont_php
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Fontiran plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the fi_add_rule and fi_delete_webfont_php functions in versions up to, and including, 2.1. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fontiran/"
     google-query: inurl:"/wp-content/plugins/fontiran/"
     shodan-query: 'vuln:CVE-2023-25791'
-  tags: cve,wordpress,wp-plugin,fontiran,medium
+  tags: cve,wordpress,wp-plugin,fontiran,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25792-55fba5060ceecf0350eb52f214341712.yaml b/nuclei-templates/2023/CVE-2023-25792-55fba5060ceecf0350eb52f214341712.yaml
index d917d2b792..a012091a2e 100644
--- a/nuclei-templates/2023/CVE-2023-25792-55fba5060ceecf0350eb52f214341712.yaml
+++ b/nuclei-templates/2023/CVE-2023-25792-55fba5060ceecf0350eb52f214341712.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Open Social <= 5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Open Social plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/open-social/"
     google-query: inurl:"/wp-content/plugins/open-social/"
     shodan-query: 'vuln:CVE-2023-25792'
-  tags: cve,wordpress,wp-plugin,open-social,medium
+  tags: cve,wordpress,wp-plugin,open-social,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25793-3ca3d61f633582fe10aacbed8816c6e5.yaml b/nuclei-templates/2023/CVE-2023-25793-3ca3d61f633582fe10aacbed8816c6e5.yaml
index 55efcca1aa..b95e0afdde 100644
--- a/nuclei-templates/2023/CVE-2023-25793-3ca3d61f633582fe10aacbed8816c6e5.yaml
+++ b/nuclei-templates/2023/CVE-2023-25793-3ca3d61f633582fe10aacbed8816c6e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link Juice Keeper <= 2.0.2 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Link Juice Keeper plugin for WordPress is vulnerable to stored cross-site scripting in versions up to, and including, 2.0.2 via the 'redirect_link' and 'notify_to' options due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level capabilities to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this primarily impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-juice-keeper/"
     google-query: inurl:"/wp-content/plugins/link-juice-keeper/"
     shodan-query: 'vuln:CVE-2023-25793'
-  tags: cve,wordpress,wp-plugin,link-juice-keeper,medium
+  tags: cve,wordpress,wp-plugin,link-juice-keeper,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25794-2b837a9bfbedcec8d35d48ea5080f6cf.yaml b/nuclei-templates/2023/CVE-2023-25794-2b837a9bfbedcec8d35d48ea5080f6cf.yaml
index 50ad8c319e..a45ec4217d 100644
--- a/nuclei-templates/2023/CVE-2023-25794-2b837a9bfbedcec8d35d48ea5080f6cf.yaml
+++ b/nuclei-templates/2023/CVE-2023-25794-2b837a9bfbedcec8d35d48ea5080f6cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nooz <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Nooz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.6.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nooz/"
     google-query: inurl:"/wp-content/plugins/nooz/"
     shodan-query: 'vuln:CVE-2023-25794'
-  tags: cve,wordpress,wp-plugin,nooz,medium
+  tags: cve,wordpress,wp-plugin,nooz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25795-2344762ab01ebc08578d7b685bed6e58.yaml b/nuclei-templates/2023/CVE-2023-25795-2344762ab01ebc08578d7b685bed6e58.yaml
index 6881ca19e7..206324184e 100644
--- a/nuclei-templates/2023/CVE-2023-25795-2344762ab01ebc08578d7b685bed6e58.yaml
+++ b/nuclei-templates/2023/CVE-2023-25795-2344762ab01ebc08578d7b685bed6e58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feed Changer <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Feed Changer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feed-changer/"
     google-query: inurl:"/wp-content/plugins/feed-changer/"
     shodan-query: 'vuln:CVE-2023-25795'
-  tags: cve,wordpress,wp-plugin,feed-changer,medium
+  tags: cve,wordpress,wp-plugin,feed-changer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25796-2820cb8fd83fcd8f6cd4181103e215ab.yaml b/nuclei-templates/2023/CVE-2023-25796-2820cb8fd83fcd8f6cd4181103e215ab.yaml
index 3acf4bb591..816ad82672 100644
--- a/nuclei-templates/2023/CVE-2023-25796-2820cb8fd83fcd8f6cd4181103e215ab.yaml
+++ b/nuclei-templates/2023/CVE-2023-25796-2820cb8fd83fcd8f6cd4181103e215ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP BaiDu Submit <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP BaiDu Submit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-baidu-submit/"
     google-query: inurl:"/wp-content/plugins/wp-baidu-submit/"
     shodan-query: 'vuln:CVE-2023-25796'
-  tags: cve,wordpress,wp-plugin,wp-baidu-submit,medium
+  tags: cve,wordpress,wp-plugin,wp-baidu-submit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25797-c05c9af186400589f780a92d671602c2.yaml b/nuclei-templates/2023/CVE-2023-25797-c05c9af186400589f780a92d671602c2.yaml
index d12e5f8b05..909d7b0dee 100644
--- a/nuclei-templates/2023/CVE-2023-25797-c05c9af186400589f780a92d671602c2.yaml
+++ b/nuclei-templates/2023/CVE-2023-25797-c05c9af186400589f780a92d671602c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     vSlider Multi Image Slider <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The vSlider Multi Image Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vslider/"
     google-query: inurl:"/wp-content/plugins/vslider/"
     shodan-query: 'vuln:CVE-2023-25797'
-  tags: cve,wordpress,wp-plugin,vslider,medium
+  tags: cve,wordpress,wp-plugin,vslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25798-76ca7c77b83fa68f077aef4f9085d916.yaml b/nuclei-templates/2023/CVE-2023-25798-76ca7c77b83fa68f077aef4f9085d916.yaml
index ff241349af..944f627d45 100644
--- a/nuclei-templates/2023/CVE-2023-25798-76ca7c77b83fa68f077aef4f9085d916.yaml
+++ b/nuclei-templates/2023/CVE-2023-25798-76ca7c77b83fa68f077aef4f9085d916.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Olevmedia Shortcodes for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/olevmedia-shortcodes/"
     google-query: inurl:"/wp-content/plugins/olevmedia-shortcodes/"
     shodan-query: 'vuln:CVE-2023-25798'
-  tags: cve,wordpress,wp-plugin,olevmedia-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,olevmedia-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25799-583b3f0f882e9563f461b70129fd6f7b.yaml b/nuclei-templates/2023/CVE-2023-25799-583b3f0f882e9563f461b70129fd6f7b.yaml
index 4b6cdb0132..8199a38d9f 100644
--- a/nuclei-templates/2023/CVE-2023-25799-583b3f0f882e9563f461b70129fd6f7b.yaml
+++ b/nuclei-templates/2023/CVE-2023-25799-583b3f0f882e9563f461b70129fd6f7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 2.1.8 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tutor LMS plugin for WordPress is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on the multiple functions in versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with student-level access and above, to perform actions such as deleting arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2023-25799'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2580-3184746777b9e1e2355cf98fc7ddb576.yaml b/nuclei-templates/2023/CVE-2023-2580-3184746777b9e1e2355cf98fc7ddb576.yaml
index 9396fc9bae..f9413f1d48 100644
--- a/nuclei-templates/2023/CVE-2023-2580-3184746777b9e1e2355cf98fc7ddb576.yaml
+++ b/nuclei-templates/2023/CVE-2023-2580-3184746777b9e1e2355cf98fc7ddb576.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable <= 1.6.82 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including,  1.6.82 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ai-engine/"
     google-query: inurl:"/wp-content/plugins/ai-engine/"
     shodan-query: 'vuln:CVE-2023-2580'
-  tags: cve,wordpress,wp-plugin,ai-engine,medium
+  tags: cve,wordpress,wp-plugin,ai-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25800-c75d16ff72ec9720f6fa40f4e6a40b23.yaml b/nuclei-templates/2023/CVE-2023-25800-c75d16ff72ec9720f6fa40f4e6a40b23.yaml
index fd453d8ff9..f78e6a7169 100644
--- a/nuclei-templates/2023/CVE-2023-25800-c75d16ff72ec9720f6fa40f4e6a40b23.yaml
+++ b/nuclei-templates/2023/CVE-2023-25800-c75d16ff72ec9720f6fa40f4e6a40b23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via many parameters in versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with student-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2023-25800'
-  tags: cve,wordpress,wp-plugin,tutor,high
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2584-5498e556e2216200fd56232f5d1a8034.yaml b/nuclei-templates/2023/CVE-2023-2584-5498e556e2216200fd56232f5d1a8034.yaml
index 28c39702bc..a61370cb51 100644
--- a/nuclei-templates/2023/CVE-2023-2584-5498e556e2216200fd56232f5d1a8034.yaml
+++ b/nuclei-templates/2023/CVE-2023-2584-5498e556e2216200fd56232f5d1a8034.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PixelYourSite <= 9.3.6 and PixelYourSite Pro <= 9.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.4
     cve-id: CVE-2023-2584
   metadata:
-    fofa-query: "wp-content/plugins/pixelyoursite-pro/"
-    google-query: inurl:"/wp-content/plugins/pixelyoursite-pro/"
+    fofa-query: "wp-content/plugins/pixelyoursite/"
+    google-query: inurl:"/wp-content/plugins/pixelyoursite/"
     shodan-query: 'vuln:CVE-2023-2584'
-  tags: cve,wordpress,wp-plugin,pixelyoursite-pro,medium
+  tags: cve,wordpress,wp-plugin,pixelyoursite,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/pixelyoursite-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/pixelyoursite/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "pixelyoursite-pro"
+          - "pixelyoursite"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 9.6.1')
\ No newline at end of file
+          - compare_versions(version, '<= 9.3.6')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-2592-98163a520e2e6ad1b536bf4759e7aff4.yaml b/nuclei-templates/2023/CVE-2023-2592-98163a520e2e6ad1b536bf4759e7aff4.yaml
index 6dabaf78fb..54eb194f33 100644
--- a/nuclei-templates/2023/CVE-2023-2592-98163a520e2e6ad1b536bf4759e7aff4.yaml
+++ b/nuclei-templates/2023/CVE-2023-2592-98163a520e2e6ad1b536bf4759e7aff4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FormCraft Premium <= 3.9.6 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FormCraft Premium plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this only impacts the Premium version of FormCraft, but the Premium and Free versions of FormCraft share the same plugin slug.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formcraft-form-builder/"
     google-query: inurl:"/wp-content/plugins/formcraft-form-builder/"
     shodan-query: 'vuln:CVE-2023-2592'
-  tags: cve,wordpress,wp-plugin,formcraft-form-builder,medium
+  tags: cve,wordpress,wp-plugin,formcraft-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25958-0a74f9768178c52be7335a4414a065a0.yaml b/nuclei-templates/2023/CVE-2023-25958-0a74f9768178c52be7335a4414a065a0.yaml
index 56d16a148a..efe1d7647a 100644
--- a/nuclei-templates/2023/CVE-2023-25958-0a74f9768178c52be7335a4414a065a0.yaml
+++ b/nuclei-templates/2023/CVE-2023-25958-0a74f9768178c52be7335a4414a065a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Tooltips <= 2.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Tooltips plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-tooltips/"
     google-query: inurl:"/wp-content/plugins/simple-tooltips/"
     shodan-query: 'vuln:CVE-2023-25958'
-  tags: cve,wordpress,wp-plugin,simple-tooltips,medium
+  tags: cve,wordpress,wp-plugin,simple-tooltips,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25959-7c93e57058800cc97d4580d0e8797ab3.yaml b/nuclei-templates/2023/CVE-2023-25959-7c93e57058800cc97d4580d0e8797ab3.yaml
index 0c151911f9..9f8581fe58 100644
--- a/nuclei-templates/2023/CVE-2023-25959-7c93e57058800cc97d4580d0e8797ab3.yaml
+++ b/nuclei-templates/2023/CVE-2023-25959-7c93e57058800cc97d4580d0e8797ab3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Apollo13 Framework Extensions <= 1.8.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Apollo13 Framework Extensions plugin for WordPress is vulnerable to missing authorization due to a missing capability check on an unknown function in versions up to, and including, 1.8.10. This makes it possible for attackers with subscriber-level access, and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/apollo13-framework-extensions/"
     google-query: inurl:"/wp-content/plugins/apollo13-framework-extensions/"
     shodan-query: 'vuln:CVE-2023-25959'
-  tags: cve,wordpress,wp-plugin,apollo13-framework-extensions,medium
+  tags: cve,wordpress,wp-plugin,apollo13-framework-extensions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25962-73da8bcc97724050406ff5bdd6471c84.yaml b/nuclei-templates/2023/CVE-2023-25962-73da8bcc97724050406ff5bdd6471c84.yaml
index 580f6bb91c..9c6eb12132 100644
--- a/nuclei-templates/2023/CVE-2023-25962-73da8bcc97724050406ff5bdd6471c84.yaml
+++ b/nuclei-templates/2023/CVE-2023-25962-73da8bcc97724050406ff5bdd6471c84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordions <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Several Parameters
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters and attributes such as 'label, 'type', 'sub-title', 'name' in versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-or-faqs/"
     google-query: inurl:"/wp-content/plugins/accordions-or-faqs/"
     shodan-query: 'vuln:CVE-2023-25962'
-  tags: cve,wordpress,wp-plugin,accordions-or-faqs,medium
+  tags: cve,wordpress,wp-plugin,accordions-or-faqs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25963-23c92f364f22c50ebf1609484d67aa5e.yaml b/nuclei-templates/2023/CVE-2023-25963-23c92f364f22c50ebf1609484d67aa5e.yaml
index 300f6ca6da..176821d9d5 100644
--- a/nuclei-templates/2023/CVE-2023-25963-23c92f364f22c50ebf1609484d67aa5e.yaml
+++ b/nuclei-templates/2023/CVE-2023-25963-23c92f364f22c50ebf1609484d67aa5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JS Job Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title parameter in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-jobs/"
     google-query: inurl:"/wp-content/plugins/js-jobs/"
     shodan-query: 'vuln:CVE-2023-25963'
-  tags: cve,wordpress,wp-plugin,js-jobs,medium
+  tags: cve,wordpress,wp-plugin,js-jobs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25964-8a9da35b1949b285490ef29120cda9a5.yaml b/nuclei-templates/2023/CVE-2023-25964-8a9da35b1949b285490ef29120cda9a5.yaml
index c66bced5ca..003f61cb16 100644
--- a/nuclei-templates/2023/CVE-2023-25964-8a9da35b1949b285490ef29120cda9a5.yaml
+++ b/nuclei-templates/2023/CVE-2023-25964-8a9da35b1949b285490ef29120cda9a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     We’re Open! <= 1.46 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The We’re Open! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/opening-hours/"
     google-query: inurl:"/wp-content/plugins/opening-hours/"
     shodan-query: 'vuln:CVE-2023-25964'
-  tags: cve,wordpress,wp-plugin,opening-hours,medium
+  tags: cve,wordpress,wp-plugin,opening-hours,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25965-accdbc7387e8cd352346b508525444ba.yaml b/nuclei-templates/2023/CVE-2023-25965-accdbc7387e8cd352346b508525444ba.yaml
index de3271989f..9aece308fe 100644
--- a/nuclei-templates/2023/CVE-2023-25965-accdbc7387e8cd352346b508525444ba.yaml
+++ b/nuclei-templates/2023/CVE-2023-25965-accdbc7387e8cd352346b508525444ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Upload Resume <= 1.2.0 - Authenticated Sensitive Information Disclosure via resume_upload_form_list shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Upload Resume plugin for WordPress is vulnerable to Sensitive Information Disclosure via the 'resume_upload_form_list' shortcode in versions up to, and including, 1.2.0. This allows authenticated attackers with subscriber-level permissions or above to view the contents of all resumes uploaded to the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/resume-upload-form/"
     google-query: inurl:"/wp-content/plugins/resume-upload-form/"
     shodan-query: 'vuln:CVE-2023-25965'
-  tags: cve,wordpress,wp-plugin,resume-upload-form,medium
+  tags: cve,wordpress,wp-plugin,resume-upload-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25966-4e2e155c281ae60022e2ed5429179c85.yaml b/nuclei-templates/2023/CVE-2023-25966-4e2e155c281ae60022e2ed5429179c85.yaml
index 0f7c51e980..ef2fc43e01 100644
--- a/nuclei-templates/2023/CVE-2023-25966-4e2e155c281ae60022e2ed5429179c85.yaml
+++ b/nuclei-templates/2023/CVE-2023-25966-4e2e155c281ae60022e2ed5429179c85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Filebird <= 5.1.4 - Missing Authorization via resAdminPermissionsCheck
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Filebird plugin for WordPress is vulnerable to unauthorized SPI key generation due to a missing capability check on the resAdminPermissionsCheck callback function function in versions up to, and including, 5.1.4. This makes it possible for authenticated attackers with author-level access to set the API key.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filebird/"
     google-query: inurl:"/wp-content/plugins/filebird/"
     shodan-query: 'vuln:CVE-2023-25966'
-  tags: cve,wordpress,wp-plugin,filebird,medium
+  tags: cve,wordpress,wp-plugin,filebird,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25967-05f8485e11de79d6aa39de126de0f4e7.yaml b/nuclei-templates/2023/CVE-2023-25967-05f8485e11de79d6aa39de126de0f4e7.yaml
index 19a6ba0487..e0f5f20b27 100644
--- a/nuclei-templates/2023/CVE-2023-25967-05f8485e11de79d6aa39de126de0f4e7.yaml
+++ b/nuclei-templates/2023/CVE-2023-25967-05f8485e11de79d6aa39de126de0f4e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Community by PeepSo <= 6.0.2.0 - Cross-Site Request Forgery leading to Plugin/Subscription Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Community by PeepSo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.0.2.0. This is due to missing or incorrect nonce validation in the 'peepso.php' file. This makes it possible for unauthenticated attackers to unsubscribe email subscribers or delete the peepso plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/peepso-core/"
     google-query: inurl:"/wp-content/plugins/peepso-core/"
     shodan-query: 'vuln:CVE-2023-25967'
-  tags: cve,wordpress,wp-plugin,peepso-core,high
+  tags: cve,wordpress,wp-plugin,peepso-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25969-41d911400ca8ace536dfd110ed4dbc79.yaml b/nuclei-templates/2023/CVE-2023-25969-41d911400ca8ace536dfd110ed4dbc79.yaml
index 6390e64b76..7616a52496 100644
--- a/nuclei-templates/2023/CVE-2023-25969-41d911400ca8ace536dfd110ed4dbc79.yaml
+++ b/nuclei-templates/2023/CVE-2023-25969-41d911400ca8ace536dfd110ed4dbc79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TH Side Cart and Menu Cart for Woocommerce <= 1.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TH Side Cart and Menu Cart for Woocommerce plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the functions taiowc_form_setting, delete_settings in versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers  to view or modify plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/th-all-in-one-woo-cart/"
     google-query: inurl:"/wp-content/plugins/th-all-in-one-woo-cart/"
     shodan-query: 'vuln:CVE-2023-25969'
-  tags: cve,wordpress,wp-plugin,th-all-in-one-woo-cart,medium
+  tags: cve,wordpress,wp-plugin,th-all-in-one-woo-cart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25969-9baae5fb51d9dd1141e1931574d9d7be.yaml b/nuclei-templates/2023/CVE-2023-25969-9baae5fb51d9dd1141e1931574d9d7be.yaml
index a5c49f47be..64778ed659 100644
--- a/nuclei-templates/2023/CVE-2023-25969-9baae5fb51d9dd1141e1931574d9d7be.yaml
+++ b/nuclei-templates/2023/CVE-2023-25969-9baae5fb51d9dd1141e1931574d9d7be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Plugins By ThemeHunk (Various Versions) - Missing Authorization via settings_init
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple Plugins By ThemeHunk are vulnerable to unauthorized plugin setting modification due to a missing capability check on the settings_init function in various versions. This makes it possible for unauthenticated attackers  to reset plugin settings.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2023-25969
   metadata:
-    fofa-query: "wp-content/plugins/th-product-compare/"
-    google-query: inurl:"/wp-content/plugins/th-product-compare/"
+    fofa-query: "wp-content/plugins/th-advance-product-search/"
+    google-query: inurl:"/wp-content/plugins/th-advance-product-search/"
     shodan-query: 'vuln:CVE-2023-25969'
-  tags: cve,wordpress,wp-plugin,th-product-compare,medium
+  tags: cve,wordpress,wp-plugin,th-advance-product-search,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/th-product-compare/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/th-advance-product-search/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "th-product-compare"
+          - "th-advance-product-search"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.2.5')
\ No newline at end of file
+          - compare_versions(version, '<= 1.1.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-25972-71669f91f6c03ce43a9b92fdae9360cb.yaml b/nuclei-templates/2023/CVE-2023-25972-71669f91f6c03ce43a9b92fdae9360cb.yaml
index c27708e052..7d50e82f49 100644
--- a/nuclei-templates/2023/CVE-2023-25972-71669f91f6c03ce43a9b92fdae9360cb.yaml
+++ b/nuclei-templates/2023/CVE-2023-25972-71669f91f6c03ce43a9b92fdae9360cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Старт <= 3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Старт plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iksweb/"
     google-query: inurl:"/wp-content/plugins/iksweb/"
     shodan-query: 'vuln:CVE-2023-25972'
-  tags: cve,wordpress,wp-plugin,iksweb,medium
+  tags: cve,wordpress,wp-plugin,iksweb,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25977-0fbf5aeb9219f7fac5b857b809c640a1.yaml b/nuclei-templates/2023/CVE-2023-25977-0fbf5aeb9219f7fac5b857b809c640a1.yaml
index 6219d828f0..8cab4cc02f 100644
--- a/nuclei-templates/2023/CVE-2023-25977-0fbf5aeb9219f7fac5b857b809c640a1.yaml
+++ b/nuclei-templates/2023/CVE-2023-25977-0fbf5aeb9219f7fac5b857b809c640a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CPT – Speakers <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CPT – Speakers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unspecified settings parameter in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cpt-speakers/"
     google-query: inurl:"/wp-content/plugins/cpt-speakers/"
     shodan-query: 'vuln:CVE-2023-25977'
-  tags: cve,wordpress,wp-plugin,cpt-speakers,medium
+  tags: cve,wordpress,wp-plugin,cpt-speakers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25978-c17395d57aa530c1ca072f07b2b709c1.yaml b/nuclei-templates/2023/CVE-2023-25978-c17395d57aa530c1ca072f07b2b709c1.yaml
index 6b543dab6b..2b5e608646 100644
--- a/nuclei-templates/2023/CVE-2023-25978-c17395d57aa530c1ca072f07b2b709c1.yaml
+++ b/nuclei-templates/2023/CVE-2023-25978-c17395d57aa530c1ca072f07b2b709c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Protected Posts Logout Button <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Protected Posts Logout Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/protected-posts-logout-button/"
     google-query: inurl:"/wp-content/plugins/protected-posts-logout-button/"
     shodan-query: 'vuln:CVE-2023-25978'
-  tags: cve,wordpress,wp-plugin,protected-posts-logout-button,medium
+  tags: cve,wordpress,wp-plugin,protected-posts-logout-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25979-c6bd3ba187d60fb65a038a39af19f9cc.yaml b/nuclei-templates/2023/CVE-2023-25979-c6bd3ba187d60fb65a038a39af19f9cc.yaml
index dd25aaf767..d520abe230 100644
--- a/nuclei-templates/2023/CVE-2023-25979-c6bd3ba187d60fb65a038a39af19f9cc.yaml
+++ b/nuclei-templates/2023/CVE-2023-25979-c6bd3ba187d60fb65a038a39af19f9cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Gallery – YouTube Gallery <= 1.7.6 -  Authenticated (Admin+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Gallery – YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-videos/"
     google-query: inurl:"/wp-content/plugins/gallery-videos/"
     shodan-query: 'vuln:CVE-2023-25979'
-  tags: cve,wordpress,wp-plugin,gallery-videos,medium
+  tags: cve,wordpress,wp-plugin,gallery-videos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25981-3c4ad527262d00d607d5c7466a5e3a23.yaml b/nuclei-templates/2023/CVE-2023-25981-3c4ad527262d00d607d5c7466a5e3a23.yaml
index 95d19dc8a3..6d2d5c77b5 100644
--- a/nuclei-templates/2023/CVE-2023-25981-3c4ad527262d00d607d5c7466a5e3a23.yaml
+++ b/nuclei-templates/2023/CVE-2023-25981-3c4ad527262d00d607d5c7466a5e3a23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyforms/"
     google-query: inurl:"/wp-content/plugins/buddyforms/"
     shodan-query: 'vuln:CVE-2023-25981'
-  tags: cve,wordpress,wp-plugin,buddyforms,medium
+  tags: cve,wordpress,wp-plugin,buddyforms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25982-a8a2129053b6265336aaeb65bc0c164a.yaml b/nuclei-templates/2023/CVE-2023-25982-a8a2129053b6265336aaeb65bc0c164a.yaml
index a2db936813..a681172a8e 100644
--- a/nuclei-templates/2023/CVE-2023-25982-a8a2129053b6265336aaeb65bc0c164a.yaml
+++ b/nuclei-templates/2023/CVE-2023-25982-a8a2129053b6265336aaeb65bc0c164a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple YouTube Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-youtube-responsive/"
     google-query: inurl:"/wp-content/plugins/simple-youtube-responsive/"
     shodan-query: 'vuln:CVE-2023-25982'
-  tags: cve,wordpress,wp-plugin,simple-youtube-responsive,medium
+  tags: cve,wordpress,wp-plugin,simple-youtube-responsive,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25983-11a5b3d7c20edce1773adda5ec308996.yaml b/nuclei-templates/2023/CVE-2023-25983-11a5b3d7c20edce1773adda5ec308996.yaml
index 6f1e0bd6d7..54bed2d2fc 100644
--- a/nuclei-templates/2023/CVE-2023-25983-11a5b3d7c20edce1773adda5ec308996.yaml
+++ b/nuclei-templates/2023/CVE-2023-25983-11a5b3d7c20edce1773adda5ec308996.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KB Support <= 1.5.84 - Authenticated (Subscriber+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The KB Support plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, KB Support. This allows subscriber-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kb-support/"
     google-query: inurl:"/wp-content/plugins/kb-support/"
     shodan-query: 'vuln:CVE-2023-25983'
-  tags: cve,wordpress,wp-plugin,kb-support,medium
+  tags: cve,wordpress,wp-plugin,kb-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25984-9a176796080675b246543fba168c027a.yaml b/nuclei-templates/2023/CVE-2023-25984-9a176796080675b246543fba168c027a.yaml
index 10bc386d76..cfefd51196 100644
--- a/nuclei-templates/2023/CVE-2023-25984-9a176796080675b246543fba168c027a.yaml
+++ b/nuclei-templates/2023/CVE-2023-25984-9a176796080675b246543fba168c027a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dovetail <= 1.2.13 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dovetail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dovetail/"
     google-query: inurl:"/wp-content/plugins/dovetail/"
     shodan-query: 'vuln:CVE-2023-25984'
-  tags: cve,wordpress,wp-plugin,dovetail,medium
+  tags: cve,wordpress,wp-plugin,dovetail,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25986-96955fd433f50860fcfbf43e30334f40.yaml b/nuclei-templates/2023/CVE-2023-25986-96955fd433f50860fcfbf43e30334f40.yaml
index f5e8712435..1edd36d05d 100644
--- a/nuclei-templates/2023/CVE-2023-25986-96955fd433f50860fcfbf43e30334f40.yaml
+++ b/nuclei-templates/2023/CVE-2023-25986-96955fd433f50860fcfbf43e30334f40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PayGreen – Ancienne version <= 4.10.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The PayGreen – Ancienne version plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paygreen-woocommerce/"
     google-query: inurl:"/wp-content/plugins/paygreen-woocommerce/"
     shodan-query: 'vuln:CVE-2023-25986'
-  tags: cve,wordpress,wp-plugin,paygreen-woocommerce,high
+  tags: cve,wordpress,wp-plugin,paygreen-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25989-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/2023/CVE-2023-25989-b1fa67bf969fdb68e71efc5cd730124e.yaml
index 4b4cf3308a..a35e4363e6 100644
--- a/nuclei-templates/2023/CVE-2023-25989-b1fa67bf969fdb68e71efc5cd730124e.yaml
+++ b/nuclei-templates/2023/CVE-2023-25989-b1fa67bf969fdb68e71efc5cd730124e.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-25989
   metadata:
-    fofa-query: "wp-content/plugins/meks-audio-player/"
-    google-query: inurl:"/wp-content/plugins/meks-audio-player/"
+    fofa-query: "wp-content/plugins/meks-smart-social-widget/"
+    google-query: inurl:"/wp-content/plugins/meks-smart-social-widget/"
     shodan-query: 'vuln:CVE-2023-25989'
-  tags: cve,wordpress,wp-plugin,meks-audio-player,medium
+  tags: cve,wordpress,wp-plugin,meks-smart-social-widget,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/meks-audio-player/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/meks-smart-social-widget/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "meks-audio-player"
+          - "meks-smart-social-widget"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.2')
\ No newline at end of file
+          - compare_versions(version, '<= 1.6')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-2599-8871ef770441f03d651279dadfcbfd9f.yaml b/nuclei-templates/2023/CVE-2023-2599-8871ef770441f03d651279dadfcbfd9f.yaml
index c4db702cca..57d8a6fb2e 100644
--- a/nuclei-templates/2023/CVE-2023-2599-8871ef770441f03d651279dadfcbfd9f.yaml
+++ b/nuclei-templates/2023/CVE-2023-2599-8871ef770441f03d651279dadfcbfd9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Active Directory Integration / LDAP Integration <= 4.1.4 - Cross-Site Request Forgery to SQL Injection
   author: topscoder
-  severity: low
+  severity: medium
   description: >
     The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ldap-login-for-intranet-sites/"
     google-query: inurl:"/wp-content/plugins/ldap-login-for-intranet-sites/"
     shodan-query: 'vuln:CVE-2023-2599'
-  tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,low
+  tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25990-3a1a2462f10e12efaa2197ad33a42396.yaml b/nuclei-templates/2023/CVE-2023-25990-3a1a2462f10e12efaa2197ad33a42396.yaml
index 7c340f8e9b..3d98e32b94 100644
--- a/nuclei-templates/2023/CVE-2023-25990-3a1a2462f10e12efaa2197ad33a42396.yaml
+++ b/nuclei-templates/2023/CVE-2023-25990-3a1a2462f10e12efaa2197ad33a42396.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via many parameters in versions up to, and including, 2.1.10 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with tutor instructor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2023-25990'
-  tags: cve,wordpress,wp-plugin,tutor,high
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25992-2ace3607ba6999f91533535a3a2816d7.yaml b/nuclei-templates/2023/CVE-2023-25992-2ace3607ba6999f91533535a3a2816d7.yaml
index 9949dc267e..01dc31b42a 100644
--- a/nuclei-templates/2023/CVE-2023-25992-2ace3607ba6999f91533535a3a2816d7.yaml
+++ b/nuclei-templates/2023/CVE-2023-25992-2ace3607ba6999f91533535a3a2816d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CM Answers <= 3.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CM Answers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cm-answers/"
     google-query: inurl:"/wp-content/plugins/cm-answers/"
     shodan-query: 'vuln:CVE-2023-25992'
-  tags: cve,wordpress,wp-plugin,cm-answers,medium
+  tags: cve,wordpress,wp-plugin,cm-answers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-25993-e7e948bfa89ef889d57ad4a644f6ffc0.yaml b/nuclei-templates/2023/CVE-2023-25993-e7e948bfa89ef889d57ad4a644f6ffc0.yaml
index 4735c8ecc4..399c909cef 100644
--- a/nuclei-templates/2023/CVE-2023-25993-e7e948bfa89ef889d57ad4a644f6ffc0.yaml
+++ b/nuclei-templates/2023/CVE-2023-25993-e7e948bfa89ef889d57ad4a644f6ffc0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Missing Authorization on tptn_ajax_clearcache
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Top 10 – Popular posts plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the tptn_ajax_clearcache function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/top-10/"
     google-query: inurl:"/wp-content/plugins/top-10/"
     shodan-query: 'vuln:CVE-2023-25993'
-  tags: cve,wordpress,wp-plugin,top-10,medium
+  tags: cve,wordpress,wp-plugin,top-10,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2600-59797dde213a6367a6157622c3715782.yaml b/nuclei-templates/2023/CVE-2023-2600-59797dde213a6367a6157622c3715782.yaml
index 077f44ad78..d467092382 100644
--- a/nuclei-templates/2023/CVE-2023-2600-59797dde213a6367a6157622c3715782.yaml
+++ b/nuclei-templates/2023/CVE-2023-2600-59797dde213a6367a6157622c3715782.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Base Terms <= 1.0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'base'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Base Terms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'base' parameter in versions up to, and including, 1.0.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-base-terms/"
     google-query: inurl:"/wp-content/plugins/custom-base-terms/"
     shodan-query: 'vuln:CVE-2023-2600'
-  tags: cve,wordpress,wp-plugin,custom-base-terms,medium
+  tags: cve,wordpress,wp-plugin,custom-base-terms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26008-8a2fdef7cc698ec15988b37831ded08d.yaml b/nuclei-templates/2023/CVE-2023-26008-8a2fdef7cc698ec15988b37831ded08d.yaml
index e95bec7d76..1058bc1b6e 100644
--- a/nuclei-templates/2023/CVE-2023-26008-8a2fdef7cc698ec15988b37831ded08d.yaml
+++ b/nuclei-templates/2023/CVE-2023-26008-8a2fdef7cc698ec15988b37831ded08d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Top 10 – Popular posts plugin - <= 3.2.4 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Top 10 – Popular posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/top-10/"
     google-query: inurl:"/wp-content/plugins/top-10/"
     shodan-query: 'vuln:CVE-2023-26008'
-  tags: cve,wordpress,wp-plugin,top-10,medium
+  tags: cve,wordpress,wp-plugin,top-10,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2601-55c5d66fcb1a0e14740f101ab90eeba9.yaml b/nuclei-templates/2023/CVE-2023-2601-55c5d66fcb1a0e14740f101ab90eeba9.yaml
index c2b133066a..4b8ba4046b 100644
--- a/nuclei-templates/2023/CVE-2023-2601-55c5d66fcb1a0e14740f101ab90eeba9.yaml
+++ b/nuclei-templates/2023/CVE-2023-2601-55c5d66fcb1a0e14740f101ab90eeba9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Brutal AI < 2.0.0 - Cross-Site Request Forgery to SQL Injection
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Brutal AI plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions before 2.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  Additionally it lacks a nonce check on this functionality. This makes it possible for authenticated attackers with administrator-level permissions, as well as unauthenticated attackers able to trick administrators into performing an action such as clicking a link, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpbrutalai/"
     google-query: inurl:"/wp-content/plugins/wpbrutalai/"
     shodan-query: 'vuln:CVE-2023-2601'
-  tags: cve,wordpress,wp-plugin,wpbrutalai,high
+  tags: cve,wordpress,wp-plugin,wpbrutalai,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26010-6481182e7ac4b130cac34d43758d1847.yaml b/nuclei-templates/2023/CVE-2023-26010-6481182e7ac4b130cac34d43758d1847.yaml
index ea407d5edb..a3ab3ea5bd 100644
--- a/nuclei-templates/2023/CVE-2023-26010-6481182e7ac4b130cac34d43758d1847.yaml
+++ b/nuclei-templates/2023/CVE-2023-26010-6481182e7ac4b130cac34d43758d1847.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPMobile.App — Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 11.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpappninja/"
     google-query: inurl:"/wp-content/plugins/wpappninja/"
     shodan-query: 'vuln:CVE-2023-26010'
-  tags: cve,wordpress,wp-plugin,wpappninja,medium
+  tags: cve,wordpress,wp-plugin,wpappninja,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26012-4fd05a735543332a71cc4808699480af.yaml b/nuclei-templates/2023/CVE-2023-26012-4fd05a735543332a71cc4808699480af.yaml
index 465796722e..e1a08f4d6f 100644
--- a/nuclei-templates/2023/CVE-2023-26012-4fd05a735543332a71cc4808699480af.yaml
+++ b/nuclei-templates/2023/CVE-2023-26012-4fd05a735543332a71cc4808699480af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Login Page <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-login-page/"
     google-query: inurl:"/wp-content/plugins/wp-custom-login-page/"
     shodan-query: 'vuln:CVE-2023-26012'
-  tags: cve,wordpress,wp-plugin,wp-custom-login-page,medium
+  tags: cve,wordpress,wp-plugin,wp-custom-login-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26013-30299c84e4a810a5d91c885ccad19e9f.yaml b/nuclei-templates/2023/CVE-2023-26013-30299c84e4a810a5d91c885ccad19e9f.yaml
index 0aaf9b3351..d8ff290c92 100644
--- a/nuclei-templates/2023/CVE-2023-26013-30299c84e4a810a5d91c885ccad19e9f.yaml
+++ b/nuclei-templates/2023/CVE-2023-26013-30299c84e4a810a5d91c885ccad19e9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/strong-testimonials/"
     google-query: inurl:"/wp-content/plugins/strong-testimonials/"
     shodan-query: 'vuln:CVE-2023-26013'
-  tags: cve,wordpress,wp-plugin,strong-testimonials,medium
+  tags: cve,wordpress,wp-plugin,strong-testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26015-f938f1ab4ea9e7929903077ead3a87cb.yaml b/nuclei-templates/2023/CVE-2023-26015-f938f1ab4ea9e7929903077ead3a87cb.yaml
index 29bf915bc9..85bb64bbe3 100644
--- a/nuclei-templates/2023/CVE-2023-26015-f938f1ab4ea9e7929903077ead3a87cb.yaml
+++ b/nuclei-templates/2023/CVE-2023-26015-f938f1ab4ea9e7929903077ead3a87cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MapPress Maps for WordPress <= 2.85.4 - Authenticated (Contributor+) SQL Injection via get_maps
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MapPress Maps for WordPress plugin for WordPress is vulnerable to SQL Injection via the get_maps function in versions up to, and including, 2.85.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers , with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-26015'
-  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,high
+  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26016-ace70e46c2c11dce25895020e8f9ce37.yaml b/nuclei-templates/2023/CVE-2023-26016-ace70e46c2c11dce25895020e8f9ce37.yaml
index f554ec0c9f..15ec98c0b0 100644
--- a/nuclei-templates/2023/CVE-2023-26016-ace70e46c2c11dce25895020e8f9ce37.yaml
+++ b/nuclei-templates/2023/CVE-2023-26016-ace70e46c2c11dce25895020e8f9ce37.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Portfolio Gallery <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1 via admin settings due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-portfolio-gallery/"
     google-query: inurl:"/wp-content/plugins/simple-portfolio-gallery/"
     shodan-query: 'vuln:CVE-2023-26016'
-  tags: cve,wordpress,wp-plugin,simple-portfolio-gallery,medium
+  tags: cve,wordpress,wp-plugin,simple-portfolio-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26017-fe5cb5dd50547aaa395139fc837a5f8f.yaml b/nuclei-templates/2023/CVE-2023-26017-fe5cb5dd50547aaa395139fc837a5f8f.yaml
index bafa33674e..1bf498338e 100644
--- a/nuclei-templates/2023/CVE-2023-26017-fe5cb5dd50547aaa395139fc837a5f8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-26017-fe5cb5dd50547aaa395139fc837a5f8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jobs for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-postings/"
     google-query: inurl:"/wp-content/plugins/job-postings/"
     shodan-query: 'vuln:CVE-2023-26017'
-  tags: cve,wordpress,wp-plugin,job-postings,medium
+  tags: cve,wordpress,wp-plugin,job-postings,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2606-131875d333b38df6cd9a906f0f1d6d15.yaml b/nuclei-templates/2023/CVE-2023-2606-131875d333b38df6cd9a906f0f1d6d15.yaml
index 63c9be1bda..728dbb9801 100644
--- a/nuclei-templates/2023/CVE-2023-2606-131875d333b38df6cd9a906f0f1d6d15.yaml
+++ b/nuclei-templates/2023/CVE-2023-2606-131875d333b38df6cd9a906f0f1d6d15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Brutal AI < 2.06 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Brutal AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, but not including, 2.06 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpbrutalai/"
     google-query: inurl:"/wp-content/plugins/wpbrutalai/"
     shodan-query: 'vuln:CVE-2023-2606'
-  tags: cve,wordpress,wp-plugin,wpbrutalai,medium
+  tags: cve,wordpress,wp-plugin,wpbrutalai,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2607-1f2e03d503f5681dd8b4d168bb6a5e29.yaml b/nuclei-templates/2023/CVE-2023-2607-1f2e03d503f5681dd8b4d168bb6a5e29.yaml
index 445d9b888b..ad847c9510 100644
--- a/nuclei-templates/2023/CVE-2023-2607-1f2e03d503f5681dd8b4d168bb6a5e29.yaml
+++ b/nuclei-templates/2023/CVE-2023-2607-1f2e03d503f5681dd8b4d168bb6a5e29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/"
     google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/"
     shodan-query: 'vuln:CVE-2023-2607'
-  tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,high
+  tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2608-03e8fea4abe393774ca83cec29070e62.yaml b/nuclei-templates/2023/CVE-2023-2608-03e8fea4abe393774ca83cec29070e62.yaml
index 44eb13f9d2..09928fa362 100644
--- a/nuclei-templates/2023/CVE-2023-2608-03e8fea4abe393774ca83cec29070e62.yaml
+++ b/nuclei-templates/2023/CVE-2023-2608-03e8fea4abe393774ca83cec29070e62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection
   author: topscoder
-  severity: low
+  severity: medium
   description: >
     The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries leading to resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. Version 3.3.18 addresses the SQL Injection, which drastically reduced the severity.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/"
     google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/"
     shodan-query: 'vuln:CVE-2023-2608'
-  tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,low
+  tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2627-e448c9e4b5c0c1a44cb7637de9906bfd.yaml b/nuclei-templates/2023/CVE-2023-2627-e448c9e4b5c0c1a44cb7637de9906bfd.yaml
index 22bbb461c7..be44379a6c 100644
--- a/nuclei-templates/2023/CVE-2023-2627-e448c9e4b5c0c1a44cb7637de9906bfd.yaml
+++ b/nuclei-templates/2023/CVE-2023-2627-e448c9e4b5c0c1a44cb7637de9906bfd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KiviCare – Clinic & Patient Management System (EHR) <= 3.2.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to unauthorized access to and modification of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 3.2.0. This makes it possible for authenticated attackers with subscriber-level privileges or above to modify plugin settings including adding arbitrary clinics, doctors, receptionists, and appointment as well as viewing plugin configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kivicare-clinic-management-system/"
     google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/"
     shodan-query: 'vuln:CVE-2023-2627'
-  tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,medium
+  tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26325-6a99396550744ae560a5320a1b153079.yaml b/nuclei-templates/2023/CVE-2023-26325-6a99396550744ae560a5320a1b153079.yaml
index 6515d497d5..a68eafe33b 100644
--- a/nuclei-templates/2023/CVE-2023-26325-6a99396550744ae560a5320a1b153079.yaml
+++ b/nuclei-templates/2023/CVE-2023-26325-6a99396550744ae560a5320a1b153079.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.8 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'filterValue' and 'selectedColumns' parameters passed through the 'rx_export_review' AJAX action in versions up to, and including, 1.6.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reviewx/"
     google-query: inurl:"/wp-content/plugins/reviewx/"
     shodan-query: 'vuln:CVE-2023-26325'
-  tags: cve,wordpress,wp-plugin,reviewx,high
+  tags: cve,wordpress,wp-plugin,reviewx,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2634-eceee40ae071bd0838ed35de0f0e77bb.yaml b/nuclei-templates/2023/CVE-2023-2634-eceee40ae071bd0838ed35de0f0e77bb.yaml
index f6714a8392..e42a2fc7f7 100644
--- a/nuclei-templates/2023/CVE-2023-2634-eceee40ae071bd0838ed35de0f0e77bb.yaml
+++ b/nuclei-templates/2023/CVE-2023-2634-eceee40ae071bd0838ed35de0f0e77bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Get Your Number <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Get Your Number plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/get-your-number/"
     google-query: inurl:"/wp-content/plugins/get-your-number/"
     shodan-query: 'vuln:CVE-2023-2634'
-  tags: cve,wordpress,wp-plugin,get-your-number,medium
+  tags: cve,wordpress,wp-plugin,get-your-number,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2636-054cd3c24ebffa75be93ee2056e1824c.yaml b/nuclei-templates/2023/CVE-2023-2636-054cd3c24ebffa75be93ee2056e1824c.yaml
index c13d3f79cc..8dc6755bec 100644
--- a/nuclei-templates/2023/CVE-2023-2636-054cd3c24ebffa75be93ee2056e1824c.yaml
+++ b/nuclei-templates/2023/CVE-2023-2636-054cd3c24ebffa75be93ee2056e1824c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AN_GradeBook <= 5.0.1 - Authenticated (Subscriber+) SQL Injection via 'id'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The AN_GradeBook for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 5.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/an-gradebook/"
     google-query: inurl:"/wp-content/plugins/an-gradebook/"
     shodan-query: 'vuln:CVE-2023-2636'
-  tags: cve,wordpress,wp-plugin,an-gradebook,high
+  tags: cve,wordpress,wp-plugin,an-gradebook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26515-59c7d1a679853ce7b01d642a9cdae84d.yaml b/nuclei-templates/2023/CVE-2023-26515-59c7d1a679853ce7b01d642a9cdae84d.yaml
index a2e0676f47..8cb32ecc70 100644
--- a/nuclei-templates/2023/CVE-2023-26515-59c7d1a679853ce7b01d642a9cdae84d.yaml
+++ b/nuclei-templates/2023/CVE-2023-26515-59c7d1a679853ce7b01d642a9cdae84d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Slug Translate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-slug-translate/"
     google-query: inurl:"/wp-content/plugins/simple-slug-translate/"
     shodan-query: 'vuln:CVE-2023-26515'
-  tags: cve,wordpress,wp-plugin,simple-slug-translate,medium
+  tags: cve,wordpress,wp-plugin,simple-slug-translate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26516-c4cb405587c7aac808cc9a0330f4a287.yaml b/nuclei-templates/2023/CVE-2023-26516-c4cb405587c7aac808cc9a0330f4a287.yaml
index 123e47d860..9d8a242581 100644
--- a/nuclei-templates/2023/CVE-2023-26516-c4cb405587c7aac808cc9a0330f4a287.yaml
+++ b/nuclei-templates/2023/CVE-2023-26516-c4cb405587c7aac808cc9a0330f4a287.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Debug Assistant <= 1.4 - Cross-Site Request Forgery via imlt_create_admin
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Debug Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4. This is due to missing or incorrect nonce validation when creating temporary admins. This makes it possible for unauthenticated attackers to create admin accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/debug-assistant/"
     google-query: inurl:"/wp-content/plugins/debug-assistant/"
     shodan-query: 'vuln:CVE-2023-26516'
-  tags: cve,wordpress,wp-plugin,debug-assistant,high
+  tags: cve,wordpress,wp-plugin,debug-assistant,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26517-2f94c3f833650d494dcd027c8f5b2a1d.yaml b/nuclei-templates/2023/CVE-2023-26517-2f94c3f833650d494dcd027c8f5b2a1d.yaml
index e8875c8cea..98debbccdc 100644
--- a/nuclei-templates/2023/CVE-2023-26517-2f94c3f833650d494dcd027c8f5b2a1d.yaml
+++ b/nuclei-templates/2023/CVE-2023-26517-2f94c3f833650d494dcd027c8f5b2a1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dashboard Widgets Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.1 via widget_notes_message due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dashboard-widgets-suite/"
     google-query: inurl:"/wp-content/plugins/dashboard-widgets-suite/"
     shodan-query: 'vuln:CVE-2023-26517'
-  tags: cve,wordpress,wp-plugin,dashboard-widgets-suite,medium
+  tags: cve,wordpress,wp-plugin,dashboard-widgets-suite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26519-fed0833f3ebebd240e7a0f4e9421be22.yaml b/nuclei-templates/2023/CVE-2023-26519-fed0833f3ebebd240e7a0f4e9421be22.yaml
index dcd0aa1243..b377d5c157 100644
--- a/nuclei-templates/2023/CVE-2023-26519-fed0833f3ebebd240e7a0f4e9421be22.yaml
+++ b/nuclei-templates/2023/CVE-2023-26519-fed0833f3ebebd240e7a0f4e9421be22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Publish to Schedule <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Publish to Schedule plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/publish-to-schedule/"
     google-query: inurl:"/wp-content/plugins/publish-to-schedule/"
     shodan-query: 'vuln:CVE-2023-26519'
-  tags: cve,wordpress,wp-plugin,publish-to-schedule,medium
+  tags: cve,wordpress,wp-plugin,publish-to-schedule,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26520-f8ef60664eb207643cf086f83584b3db.yaml b/nuclei-templates/2023/CVE-2023-26520-f8ef60664eb207643cf086f83584b3db.yaml
index 7cd59f8797..287638a751 100644
--- a/nuclei-templates/2023/CVE-2023-26520-f8ef60664eb207643cf086f83584b3db.yaml
+++ b/nuclei-templates/2023/CVE-2023-26520-f8ef60664eb207643cf086f83584b3db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Text Widget  <= 2.1.2 - Missing Authorization via atw_dismiss_admin_notice
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Text Widget  plugin for WordPress is vulnerable to unauthorized admin notice dismisssal due to a missing capability check on the atw_dismiss_admin_notice function in versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to dismiss admin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-text-widget/"
     google-query: inurl:"/wp-content/plugins/advanced-text-widget/"
     shodan-query: 'vuln:CVE-2023-26520'
-  tags: cve,wordpress,wp-plugin,advanced-text-widget,medium
+  tags: cve,wordpress,wp-plugin,advanced-text-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26521-67ada1785c1a67660530280a293c0d89.yaml b/nuclei-templates/2023/CVE-2023-26521-67ada1785c1a67660530280a293c0d89.yaml
index ecbdc2bc08..58062245ed 100644
--- a/nuclei-templates/2023/CVE-2023-26521-67ada1785c1a67660530280a293c0d89.yaml
+++ b/nuclei-templates/2023/CVE-2023-26521-67ada1785c1a67660530280a293c0d89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Search in Place <= 1.0.104 - Missing Authorization to Feedback Submission
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Search in Place plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the feedback_action function in versions up to, and including, 1.0.104. This makes it possible for authenticated  attackers with subscriber access or higher to submit plugin feedback on behalf of the site owner.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/search-in-place/"
     google-query: inurl:"/wp-content/plugins/search-in-place/"
     shodan-query: 'vuln:CVE-2023-26521'
-  tags: cve,wordpress,wp-plugin,search-in-place,medium
+  tags: cve,wordpress,wp-plugin,search-in-place,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26522-0e94306a43ae08419eb38c17f3bdf17f.yaml b/nuclei-templates/2023/CVE-2023-26522-0e94306a43ae08419eb38c17f3bdf17f.yaml
index f490635fbb..b73c068d35 100644
--- a/nuclei-templates/2023/CVE-2023-26522-0e94306a43ae08419eb38c17f3bdf17f.yaml
+++ b/nuclei-templates/2023/CVE-2023-26522-0e94306a43ae08419eb38c17f3bdf17f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Repost <= 0.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Repost plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on all functions in versions up to, and including, 0.1. This makes it possible for unauthenticated attackers to to perform unauthorized actions (e.g., modify plugin settings).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-repost/"
     google-query: inurl:"/wp-content/plugins/wp-repost/"
     shodan-query: 'vuln:CVE-2023-26522'
-  tags: cve,wordpress,wp-plugin,wp-repost,medium
+  tags: cve,wordpress,wp-plugin,wp-repost,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26523-4b4ac88975e8590a6a5fd0cf4302a336.yaml b/nuclei-templates/2023/CVE-2023-26523-4b4ac88975e8590a6a5fd0cf4302a336.yaml
index 7c7fbbc6f6..600c0522c0 100644
--- a/nuclei-templates/2023/CVE-2023-26523-4b4ac88975e8590a6a5fd0cf4302a336.yaml
+++ b/nuclei-templates/2023/CVE-2023-26523-4b4ac88975e8590a6a5fd0cf4302a336.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calculated Fields Form <= 1.1.120 - Missing Authorization to Feedback Submission
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Calculated Fields Form plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the feedback_action function in versions up to, and including, 1.1.120. This makes it possible for authenticated attackers with subscriber-level access to provide plugin feedback on the site owner's behalf.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calculated-fields-form/"
     google-query: inurl:"/wp-content/plugins/calculated-fields-form/"
     shodan-query: 'vuln:CVE-2023-26523'
-  tags: cve,wordpress,wp-plugin,calculated-fields-form,medium
+  tags: cve,wordpress,wp-plugin,calculated-fields-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26525-3a87cd2c194cd815db2ec636b84e643a.yaml b/nuclei-templates/2023/CVE-2023-26525-3a87cd2c194cd815db2ec636b84e643a.yaml
index 8a88e8c29a..9459714118 100644
--- a/nuclei-templates/2023/CVE-2023-26525-3a87cd2c194cd815db2ec636b84e643a.yaml
+++ b/nuclei-templates/2023/CVE-2023-26525-3a87cd2c194cd815db2ec636b84e643a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dokan <= 3.7.12 - Authenticated (Vendor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Dokan plugin for WordPress is vulnerable to SQL Injection via  multiple parameters in versions up to, and including, 3.7.12 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with vendor-level access, and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dokan-lite/"
     google-query: inurl:"/wp-content/plugins/dokan-lite/"
     shodan-query: 'vuln:CVE-2023-26525'
-  tags: cve,wordpress,wp-plugin,dokan-lite,high
+  tags: cve,wordpress,wp-plugin,dokan-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26527-7341f9a401e387eb541b7f0ce957b3d9.yaml b/nuclei-templates/2023/CVE-2023-26527-7341f9a401e387eb541b7f0ce957b3d9.yaml
index 1f7242d20c..dabc54b27d 100644
--- a/nuclei-templates/2023/CVE-2023-26527-7341f9a401e387eb541b7f0ce957b3d9.yaml
+++ b/nuclei-templates/2023/CVE-2023-26527-7341f9a401e387eb541b7f0ce957b3d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Debug Assistant <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Debug Assistant for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/debug-assistant/"
     google-query: inurl:"/wp-content/plugins/debug-assistant/"
     shodan-query: 'vuln:CVE-2023-26527'
-  tags: cve,wordpress,wp-plugin,debug-assistant,medium
+  tags: cve,wordpress,wp-plugin,debug-assistant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26528-644c7cae519f04e689e17393d43159b0.yaml b/nuclei-templates/2023/CVE-2023-26528-644c7cae519f04e689e17393d43159b0.yaml
index 9181630554..fb1f7ca837 100644
--- a/nuclei-templates/2023/CVE-2023-26528-644c7cae519f04e689e17393d43159b0.yaml
+++ b/nuclei-templates/2023/CVE-2023-26528-644c7cae519f04e689e17393d43159b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shipyaari Shipping Management <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shipyaari Shipping Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/manage-shipyaari-shipping/"
     google-query: inurl:"/wp-content/plugins/manage-shipyaari-shipping/"
     shodan-query: 'vuln:CVE-2023-26528'
-  tags: cve,wordpress,wp-plugin,manage-shipyaari-shipping,medium
+  tags: cve,wordpress,wp-plugin,manage-shipyaari-shipping,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26533-c592d86340244bb94d180507b23fa5a8.yaml b/nuclei-templates/2023/CVE-2023-26533-c592d86340244bb94d180507b23fa5a8.yaml
index 4e4003e9f1..ce4c51927d 100644
--- a/nuclei-templates/2023/CVE-2023-26533-c592d86340244bb94d180507b23fa5a8.yaml
+++ b/nuclei-templates/2023/CVE-2023-26533-c592d86340244bb94d180507b23fa5a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zippy <= 1.6.1 - Authenticated (Contributor+) Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Zippy plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.6.1 via the adminInit function. This can allow authenticated attackers with access to the post editor, such as contributors, to create an export that will contain sensitive author information, such as usernames and password hashes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zippy/"
     google-query: inurl:"/wp-content/plugins/zippy/"
     shodan-query: 'vuln:CVE-2023-26533'
-  tags: cve,wordpress,wp-plugin,zippy,medium
+  tags: cve,wordpress,wp-plugin,zippy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26534-f62d90a1456165ae9d04c07d4bf69a25.yaml b/nuclei-templates/2023/CVE-2023-26534-f62d90a1456165ae9d04c07d4bf69a25.yaml
index 5fd6f62ff7..899e84b1aa 100644
--- a/nuclei-templates/2023/CVE-2023-26534-f62d90a1456165ae9d04c07d4bf69a25.yaml
+++ b/nuclei-templates/2023/CVE-2023-26534-f62d90a1456165ae9d04c07d4bf69a25.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Repost <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scritping
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Repost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-repost/"
     google-query: inurl:"/wp-content/plugins/wp-repost/"
     shodan-query: 'vuln:CVE-2023-26534'
-  tags: cve,wordpress,wp-plugin,wp-repost,medium
+  tags: cve,wordpress,wp-plugin,wp-repost,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26536-a7c9f85c93718ea45a6837bae9a163d3.yaml b/nuclei-templates/2023/CVE-2023-26536-a7c9f85c93718ea45a6837bae9a163d3.yaml
index edf6ddbf8c..e036ee7138 100644
--- a/nuclei-templates/2023/CVE-2023-26536-a7c9f85c93718ea45a6837bae9a163d3.yaml
+++ b/nuclei-templates/2023/CVE-2023-26536-a7c9f85c93718ea45a6837bae9a163d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sp*tify Play Button for WordPress <= 2.05 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.05 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spotify-play-button-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/spotify-play-button-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-26536'
-  tags: cve,wordpress,wp-plugin,spotify-play-button-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,spotify-play-button-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26537-7a7c093f97491b5547b10f0abf94cd54.yaml b/nuclei-templates/2023/CVE-2023-26537-7a7c093f97491b5547b10f0abf94cd54.yaml
index aa41f73fc4..265f8be7b5 100644
--- a/nuclei-templates/2023/CVE-2023-26537-7a7c093f97491b5547b10f0abf94cd54.yaml
+++ b/nuclei-templates/2023/CVE-2023-26537-7a7c093f97491b5547b10f0abf94cd54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP No External Links <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP No External Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/no-external-links/"
     google-query: inurl:"/wp-content/plugins/no-external-links/"
     shodan-query: 'vuln:CVE-2023-26537'
-  tags: cve,wordpress,wp-plugin,no-external-links,medium
+  tags: cve,wordpress,wp-plugin,no-external-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26538-66589665af0b647ad01185928e32cee5.yaml b/nuclei-templates/2023/CVE-2023-26538-66589665af0b647ad01185928e32cee5.yaml
index aec15ee63d..68ae08435b 100644
--- a/nuclei-templates/2023/CVE-2023-26538-66589665af0b647ad01185928e32cee5.yaml
+++ b/nuclei-templates/2023/CVE-2023-26538-66589665af0b647ad01185928e32cee5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chat Bee <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chat Bee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chat-bee/"
     google-query: inurl:"/wp-content/plugins/chat-bee/"
     shodan-query: 'vuln:CVE-2023-26538'
-  tags: cve,wordpress,wp-plugin,chat-bee,medium
+  tags: cve,wordpress,wp-plugin,chat-bee,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26539-eec11cac81b9e7efcb35b893f28148cb.yaml b/nuclei-templates/2023/CVE-2023-26539-eec11cac81b9e7efcb35b893f28148cb.yaml
index 2e66ea9036..2e34d0af26 100644
--- a/nuclei-templates/2023/CVE-2023-26539-eec11cac81b9e7efcb35b893f28148cb.yaml
+++ b/nuclei-templates/2023/CVE-2023-26539-eec11cac81b9e7efcb35b893f28148cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Text Widget  <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Text Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-text-widget/"
     google-query: inurl:"/wp-content/plugins/advanced-text-widget/"
     shodan-query: 'vuln:CVE-2023-26539'
-  tags: cve,wordpress,wp-plugin,advanced-text-widget,medium
+  tags: cve,wordpress,wp-plugin,advanced-text-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-26541-caf355595af5171fa75c6b8b0c04dfb1.yaml b/nuclei-templates/2023/CVE-2023-26541-caf355595af5171fa75c6b8b0c04dfb1.yaml
index 5838cd0878..d27d56385c 100644
--- a/nuclei-templates/2023/CVE-2023-26541-caf355595af5171fa75c6b8b0c04dfb1.yaml
+++ b/nuclei-templates/2023/CVE-2023-26541-caf355595af5171fa75c6b8b0c04dfb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     asMember <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The asMember plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/asmember/"
     google-query: inurl:"/wp-content/plugins/asmember/"
     shodan-query: 'vuln:CVE-2023-26541'
-  tags: cve,wordpress,wp-plugin,asmember,medium
+  tags: cve,wordpress,wp-plugin,asmember,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2655-5530cad0a9767bd88d96d829bf733779.yaml b/nuclei-templates/2023/CVE-2023-2655-5530cad0a9767bd88d96d829bf733779.yaml
index 30d0065265..a159d39efe 100644
--- a/nuclei-templates/2023/CVE-2023-2655-5530cad0a9767bd88d96d829bf733779.yaml
+++ b/nuclei-templates/2023/CVE-2023-2655-5530cad0a9767bd88d96d829bf733779.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Maker <= 1.13.23 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form Maker plugin for WordPress is vulnerable to blind SQL Injection in versions before 1.13.23 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-maker/"
     google-query: inurl:"/wp-content/plugins/contact-form-maker/"
     shodan-query: 'vuln:CVE-2023-2655'
-  tags: cve,wordpress,wp-plugin,contact-form-maker,medium
+  tags: cve,wordpress,wp-plugin,contact-form-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2684-ca9ee22d1cc41a724720db8fe33326bf.yaml b/nuclei-templates/2023/CVE-2023-2684-ca9ee22d1cc41a724720db8fe33326bf.yaml
index 51322837cd..3ce5dbedab 100644
--- a/nuclei-templates/2023/CVE-2023-2684-ca9ee22d1cc41a724720db8fe33326bf.yaml
+++ b/nuclei-templates/2023/CVE-2023-2684-ca9ee22d1cc41a724720db8fe33326bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Renaming on Upload <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The File Renaming on Upload  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/file-renaming-on-upload/"
     google-query: inurl:"/wp-content/plugins/file-renaming-on-upload/"
     shodan-query: 'vuln:CVE-2023-2684'
-  tags: cve,wordpress,wp-plugin,file-renaming-on-upload,medium
+  tags: cve,wordpress,wp-plugin,file-renaming-on-upload,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2688-6bee4ceb90dc1010814fe03431f27200.yaml b/nuclei-templates/2023/CVE-2023-2688-6bee4ceb90dc1010814fe03431f27200.yaml
index 34223e087d..a2ddb21991 100644
--- a/nuclei-templates/2023/CVE-2023-2688-6bee4ceb90dc1010814fe03431f27200.yaml
+++ b/nuclei-templates/2023/CVE-2023-2688-6bee4ceb90dc1010814fe03431f27200.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.9
     cve-id: CVE-2023-2688
   metadata:
-    fofa-query: "wp-content/plugins/wp-file-upload/"
-    google-query: inurl:"/wp-content/plugins/wp-file-upload/"
+    fofa-query: "wp-content/plugins/wordpress-file-upload-pro/"
+    google-query: inurl:"/wp-content/plugins/wordpress-file-upload-pro/"
     shodan-query: 'vuln:CVE-2023-2688'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,medium
+  tags: cve,wordpress,wp-plugin,wordpress-file-upload-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wordpress-file-upload-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "wp-file-upload"
+          - "wordpress-file-upload-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-2706-cc96636e9196394b50c931f7bad41740.yaml b/nuclei-templates/2023/CVE-2023-2706-cc96636e9196394b50c931f7bad41740.yaml
index 894840f6eb..9d08480557 100644
--- a/nuclei-templates/2023/CVE-2023-2706-cc96636e9196394b50c931f7bad41740.yaml
+++ b/nuclei-templates/2023/CVE-2023-2706-cc96636e9196394b50c931f7bad41740.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social engineering or reconnaissance.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mobile-login-woocommerce/"
     google-query: inurl:"/wp-content/plugins/mobile-login-woocommerce/"
     shodan-query: 'vuln:CVE-2023-2706'
-  tags: cve,wordpress,wp-plugin,mobile-login-woocommerce,high
+  tags: cve,wordpress,wp-plugin,mobile-login-woocommerce,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2707-3337ca8e284defa05fd45bda9b3ec176.yaml b/nuclei-templates/2023/CVE-2023-2707-3337ca8e284defa05fd45bda9b3ec176.yaml
index bb133be42d..afe8f47077 100644
--- a/nuclei-templates/2023/CVE-2023-2707-3337ca8e284defa05fd45bda9b3ec176.yaml
+++ b/nuclei-templates/2023/CVE-2023-2707-3337ca8e284defa05fd45bda9b3ec176.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     gAppointments <= 1.9.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The gAppointments - Appointment booking addon for Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gAppointments/"
     google-query: inurl:"/wp-content/plugins/gAppointments/"
     shodan-query: 'vuln:CVE-2023-2707'
-  tags: cve,wordpress,wp-plugin,gAppointments,medium
+  tags: cve,wordpress,wp-plugin,gAppointments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2709-9da08dd717e53fc804ec0889b3c45692.yaml b/nuclei-templates/2023/CVE-2023-2709-9da08dd717e53fc804ec0889b3c45692.yaml
index 08d0a0b2bd..6c16955c9a 100644
--- a/nuclei-templates/2023/CVE-2023-2709-9da08dd717e53fc804ec0889b3c45692.yaml
+++ b/nuclei-templates/2023/CVE-2023-2709-9da08dd717e53fc804ec0889b3c45692.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AN_GradeBook <= 5.0.1 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AN_GradeBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/an-gradebook/"
     google-query: inurl:"/wp-content/plugins/an-gradebook/"
     shodan-query: 'vuln:CVE-2023-2709'
-  tags: cve,wordpress,wp-plugin,an-gradebook,medium
+  tags: cve,wordpress,wp-plugin,an-gradebook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2711-cdfdacefadee3ac15d930a67722d11e2.yaml b/nuclei-templates/2023/CVE-2023-2711-cdfdacefadee3ac15d930a67722d11e2.yaml
index e369ec42f3..b53f6a6498 100644
--- a/nuclei-templates/2023/CVE-2023-2711-cdfdacefadee3ac15d930a67722d11e2.yaml
+++ b/nuclei-templates/2023/CVE-2023-2711-cdfdacefadee3ac15d930a67722d11e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Product Catalog <= 5.2.5 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-product-catalogue/"
     google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/"
     shodan-query: 'vuln:CVE-2023-2711'
-  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,medium
+  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2714-7690dbacbae8cf712fa24f47448d84aa.yaml b/nuclei-templates/2023/CVE-2023-2714-7690dbacbae8cf712fa24f47448d84aa.yaml
index c9622bc4fe..dfd4279a80 100644
--- a/nuclei-templates/2023/CVE-2023-2714-7690dbacbae8cf712fa24f47448d84aa.yaml
+++ b/nuclei-templates/2023/CVE-2023-2714-7690dbacbae8cf712fa24f47448d84aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Groundhogg <= 2.7.9.8 - Missing Authorization to Update License
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/groundhogg/"
     google-query: inurl:"/wp-content/plugins/groundhogg/"
     shodan-query: 'vuln:CVE-2023-2714'
-  tags: cve,wordpress,wp-plugin,groundhogg,medium
+  tags: cve,wordpress,wp-plugin,groundhogg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2715-6f02fa76246cc8d01472e29b6032ad8f.yaml b/nuclei-templates/2023/CVE-2023-2715-6f02fa76246cc8d01472e29b6032ad8f.yaml
index 4e370636f4..9ca52c3f05 100644
--- a/nuclei-templates/2023/CVE-2023-2715-6f02fa76246cc8d01472e29b6032ad8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-2715-6f02fa76246cc8d01472e29b6032ad8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/groundhogg/"
     google-query: inurl:"/wp-content/plugins/groundhogg/"
     shodan-query: 'vuln:CVE-2023-2715'
-  tags: cve,wordpress,wp-plugin,groundhogg,medium
+  tags: cve,wordpress,wp-plugin,groundhogg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2716-ea3614c57e168b5cbba1a64665aa3e41.yaml b/nuclei-templates/2023/CVE-2023-2716-ea3614c57e168b5cbba1a64665aa3e41.yaml
index 54b255e637..d6597626ab 100644
--- a/nuclei-templates/2023/CVE-2023-2716-ea3614c57e168b5cbba1a64665aa3e41.yaml
+++ b/nuclei-templates/2023/CVE-2023-2716-ea3614c57e168b5cbba1a64665aa3e41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/groundhogg/"
     google-query: inurl:"/wp-content/plugins/groundhogg/"
     shodan-query: 'vuln:CVE-2023-2716'
-  tags: cve,wordpress,wp-plugin,groundhogg,medium
+  tags: cve,wordpress,wp-plugin,groundhogg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2719-3dc309d6eba7a3765b70c365b5153ae1.yaml b/nuclei-templates/2023/CVE-2023-2719-3dc309d6eba7a3765b70c365b5153ae1.yaml
index e18c10b77c..dbc720ee27 100644
--- a/nuclei-templates/2023/CVE-2023-2719-3dc309d6eba7a3765b70c365b5153ae1.yaml
+++ b/nuclei-templates/2023/CVE-2023-2719-3dc309d6eba7a3765b70c365b5153ae1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SupportCandy <= 3.1.6 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SupportCandy plugin for WordPress is vulnerable to SQL injection via the 'id' parameter used in the /wp-json/supportcandy/v2/agents/ REST route in versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportcandy/"
     google-query: inurl:"/wp-content/plugins/supportcandy/"
     shodan-query: 'vuln:CVE-2023-2719'
-  tags: cve,wordpress,wp-plugin,supportcandy,high
+  tags: cve,wordpress,wp-plugin,supportcandy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2735-f995ec2617f1d8e01a76eb96ebc10f06.yaml b/nuclei-templates/2023/CVE-2023-2735-f995ec2617f1d8e01a76eb96ebc10f06.yaml
index 9955726f5c..72c258333d 100644
--- a/nuclei-templates/2023/CVE-2023-2735-f995ec2617f1d8e01a76eb96ebc10f06.yaml
+++ b/nuclei-templates/2023/CVE-2023-2735-f995ec2617f1d8e01a76eb96ebc10f06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/groundhogg/"
     google-query: inurl:"/wp-content/plugins/groundhogg/"
     shodan-query: 'vuln:CVE-2023-2735'
-  tags: cve,wordpress,wp-plugin,groundhogg,medium
+  tags: cve,wordpress,wp-plugin,groundhogg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2736-a69ac85c2f382d8b82f7f44fd083ec69.yaml b/nuclei-templates/2023/CVE-2023-2736-a69ac85c2f382d8b82f7f44fd083ec69.yaml
index 73de967dc2..455a4dccfa 100644
--- a/nuclei-templates/2023/CVE-2023-2736-a69ac85c2f382d8b82f7f44fd083ec69.yaml
+++ b/nuclei-templates/2023/CVE-2023-2736-a69ac85c2f382d8b82f7f44fd083ec69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/groundhogg/"
     google-query: inurl:"/wp-content/plugins/groundhogg/"
     shodan-query: 'vuln:CVE-2023-2736'
-  tags: cve,wordpress,wp-plugin,groundhogg,high
+  tags: cve,wordpress,wp-plugin,groundhogg,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27412-0eeb168325aaf2fd5bb4eb1250e0882d.yaml b/nuclei-templates/2023/CVE-2023-27412-0eeb168325aaf2fd5bb4eb1250e0882d.yaml
index 35ac6c20ee..1513a9037b 100644
--- a/nuclei-templates/2023/CVE-2023-27412-0eeb168325aaf2fd5bb4eb1250e0882d.yaml
+++ b/nuclei-templates/2023/CVE-2023-27412-0eeb168325aaf2fd5bb4eb1250e0882d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mocho Blog <= 1.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mocho Blog theme for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers  to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/mocho-blog/"
     google-query: inurl:"/wp-content/themes/mocho-blog/"
     shodan-query: 'vuln:CVE-2023-27412'
-  tags: cve,wordpress,wp-theme,mocho-blog,medium
+  tags: cve,wordpress,wp-theme,mocho-blog,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27413-bfcfe2a24b673f9c7c3adba8fe6586b3.yaml b/nuclei-templates/2023/CVE-2023-27413-bfcfe2a24b673f9c7c3adba8fe6586b3.yaml
index b171d9647f..dea45876d0 100644
--- a/nuclei-templates/2023/CVE-2023-27413-bfcfe2a24b673f9c7c3adba8fe6586b3.yaml
+++ b/nuclei-templates/2023/CVE-2023-27413-bfcfe2a24b673f9c7c3adba8fe6586b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     W4 Post List <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w4pl[no_items_text]'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The W4 Post List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘w4pl[no_items_text]' parameter in versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w4-post-list/"
     google-query: inurl:"/wp-content/plugins/w4-post-list/"
     shodan-query: 'vuln:CVE-2023-27413'
-  tags: cve,wordpress,wp-plugin,w4-post-list,medium
+  tags: cve,wordpress,wp-plugin,w4-post-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27415-c8fa2e9308164baca50265fff2c3437b.yaml b/nuclei-templates/2023/CVE-2023-27415-c8fa2e9308164baca50265fff2c3437b.yaml
index 1055b427bd..8443787190 100644
--- a/nuclei-templates/2023/CVE-2023-27415-c8fa2e9308164baca50265fff2c3437b.yaml
+++ b/nuclei-templates/2023/CVE-2023-27415-c8fa2e9308164baca50265fff2c3437b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LetterPress <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LetterPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/letterpress/"
     google-query: inurl:"/wp-content/plugins/letterpress/"
     shodan-query: 'vuln:CVE-2023-27415'
-  tags: cve,wordpress,wp-plugin,letterpress,medium
+  tags: cve,wordpress,wp-plugin,letterpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27416-09af6d4d8c4435a3e0935a8eb5df6c7f.yaml b/nuclei-templates/2023/CVE-2023-27416-09af6d4d8c4435a3e0935a8eb5df6c7f.yaml
index 968bf2326d..3644b3cb85 100644
--- a/nuclei-templates/2023/CVE-2023-27416-09af6d4d8c4435a3e0935a8eb5df6c7f.yaml
+++ b/nuclei-templates/2023/CVE-2023-27416-09af6d4d8c4435a3e0935a8eb5df6c7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Decon WP SMS <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Decon WP SMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/decon-wp-sms/"
     google-query: inurl:"/wp-content/plugins/decon-wp-sms/"
     shodan-query: 'vuln:CVE-2023-27416'
-  tags: cve,wordpress,wp-plugin,decon-wp-sms,medium
+  tags: cve,wordpress,wp-plugin,decon-wp-sms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27419-6d87a6f7248c4528f7d5ef6ed7c11eba.yaml b/nuclei-templates/2023/CVE-2023-27419-6d87a6f7248c4528f7d5ef6ed7c11eba.yaml
index f55a79ce63..61ce2d173a 100644
--- a/nuclei-templates/2023/CVE-2023-27419-6d87a6f7248c4528f7d5ef6ed7c11eba.yaml
+++ b/nuclei-templates/2023/CVE-2023-27419-6d87a6f7248c4528f7d5ef6ed7c11eba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Viable blog <= 1.1.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Viable blog theme for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers  to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/viable-blog/"
     google-query: inurl:"/wp-content/themes/viable-blog/"
     shodan-query: 'vuln:CVE-2023-27419'
-  tags: cve,wordpress,wp-theme,viable-blog,medium
+  tags: cve,wordpress,wp-theme,viable-blog,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2742-96bcbe0539bed3ce58849487848c2a2e.yaml b/nuclei-templates/2023/CVE-2023-2742-96bcbe0539bed3ce58849487848c2a2e.yaml
index 9d28a90225..c6d3982565 100644
--- a/nuclei-templates/2023/CVE-2023-2742-96bcbe0539bed3ce58849487848c2a2e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2742-96bcbe0539bed3ce58849487848c2a2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI ChatBot <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AI ChatBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-2742'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27422-b9cea09f7ed512cb1aad12f24e857815.yaml b/nuclei-templates/2023/CVE-2023-27422-b9cea09f7ed512cb1aad12f24e857815.yaml
index a7269728d4..e7b7699296 100644
--- a/nuclei-templates/2023/CVE-2023-27422-b9cea09f7ed512cb1aad12f24e857815.yaml
+++ b/nuclei-templates/2023/CVE-2023-27422-b9cea09f7ed512cb1aad12f24e857815.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NS Coupon to Become Customer <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NS Coupon to Become Customer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ns-coupon-to-become-customer/"
     google-query: inurl:"/wp-content/plugins/ns-coupon-to-become-customer/"
     shodan-query: 'vuln:CVE-2023-27422'
-  tags: cve,wordpress,wp-plugin,ns-coupon-to-become-customer,medium
+  tags: cve,wordpress,wp-plugin,ns-coupon-to-become-customer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27424-4b89abc62fd406d908566683e2dcbf5a.yaml b/nuclei-templates/2023/CVE-2023-27424-4b89abc62fd406d908566683e2dcbf5a.yaml
index f9a44d5ff6..cc937d5062 100644
--- a/nuclei-templates/2023/CVE-2023-27424-4b89abc62fd406d908566683e2dcbf5a.yaml
+++ b/nuclei-templates/2023/CVE-2023-27424-4b89abc62fd406d908566683e2dcbf5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Inactive User Deleter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.59. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to modify plugin settings, delete, activate, inactivate, and export users, and create multiple arbitrary users with default privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/inactive-user-deleter/"
     google-query: inurl:"/wp-content/plugins/inactive-user-deleter/"
     shodan-query: 'vuln:CVE-2023-27424'
-  tags: cve,wordpress,wp-plugin,inactive-user-deleter,high
+  tags: cve,wordpress,wp-plugin,inactive-user-deleter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27425-f63b97efbb567f61e36df93bf47a02fe.yaml b/nuclei-templates/2023/CVE-2023-27425-f63b97efbb567f61e36df93bf47a02fe.yaml
index 12708bdd7e..efad8ba230 100644
--- a/nuclei-templates/2023/CVE-2023-27425-f63b97efbb567f61e36df93bf47a02fe.yaml
+++ b/nuclei-templates/2023/CVE-2023-27425-f63b97efbb567f61e36df93bf47a02fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Electric Studio Client Login <= 0.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Electric Studio Client Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/electric-studio-client-login/"
     google-query: inurl:"/wp-content/plugins/electric-studio-client-login/"
     shodan-query: 'vuln:CVE-2023-27425'
-  tags: cve,wordpress,wp-plugin,electric-studio-client-login,medium
+  tags: cve,wordpress,wp-plugin,electric-studio-client-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27426-9efb6c4b18285974b32863549d5c9405.yaml b/nuclei-templates/2023/CVE-2023-27426-9efb6c4b18285974b32863549d5c9405.yaml
index 2379c60976..7647a9a2cc 100644
--- a/nuclei-templates/2023/CVE-2023-27426-9efb6c4b18285974b32863549d5c9405.yaml
+++ b/nuclei-templates/2023/CVE-2023-27426-9efb6c4b18285974b32863549d5c9405.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NotifyVisitors <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NotifyVisitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/notifyvisitors-lead-form/"
     google-query: inurl:"/wp-content/plugins/notifyvisitors-lead-form/"
     shodan-query: 'vuln:CVE-2023-27426'
-  tags: cve,wordpress,wp-plugin,notifyvisitors-lead-form,medium
+  tags: cve,wordpress,wp-plugin,notifyvisitors-lead-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27427-f670252b93de10e17e15c533cbe48519.yaml b/nuclei-templates/2023/CVE-2023-27427-f670252b93de10e17e15c533cbe48519.yaml
index 2ae7beee4a..e4018092c1 100644
--- a/nuclei-templates/2023/CVE-2023-27427-f670252b93de10e17e15c533cbe48519.yaml
+++ b/nuclei-templates/2023/CVE-2023-27427-f670252b93de10e17e15c533cbe48519.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CRM Memberships <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CRM Memberships plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crm-memberships/"
     google-query: inurl:"/wp-content/plugins/crm-memberships/"
     shodan-query: 'vuln:CVE-2023-27427'
-  tags: cve,wordpress,wp-plugin,crm-memberships,medium
+  tags: cve,wordpress,wp-plugin,crm-memberships,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27428-6c042e8ea6605a500a8eb10aee943be3.yaml b/nuclei-templates/2023/CVE-2023-27428-6c042e8ea6605a500a8eb10aee943be3.yaml
index ef9fcc504b..b0f070ddaf 100644
--- a/nuclei-templates/2023/CVE-2023-27428-6c042e8ea6605a500a8eb10aee943be3.yaml
+++ b/nuclei-templates/2023/CVE-2023-27428-6c042e8ea6605a500a8eb10aee943be3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Users Media <= 4.2.3 - Missing Authorization via wpusme_save_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Users Media plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpusme_save_settings function in versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-users-media/"
     google-query: inurl:"/wp-content/plugins/wp-users-media/"
     shodan-query: 'vuln:CVE-2023-27428'
-  tags: cve,wordpress,wp-plugin,wp-users-media,medium
+  tags: cve,wordpress,wp-plugin,wp-users-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27429-e541a07e8afe605f1bf04dc95e06d38b.yaml b/nuclei-templates/2023/CVE-2023-27429-e541a07e8afe605f1bf04dc95e06d38b.yaml
index 74ca028562..13cf573da8 100644
--- a/nuclei-templates/2023/CVE-2023-27429-e541a07e8afe605f1bf04dc95e06d38b.yaml
+++ b/nuclei-templates/2023/CVE-2023-27429-e541a07e8afe605f1bf04dc95e06d38b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack CRM <= 5.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jetpack CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zero-bs-crm/"
     google-query: inurl:"/wp-content/plugins/zero-bs-crm/"
     shodan-query: 'vuln:CVE-2023-27429'
-  tags: cve,wordpress,wp-plugin,zero-bs-crm,medium
+  tags: cve,wordpress,wp-plugin,zero-bs-crm,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27432-9de482ee3d956ce585f6bd7d5fa3f9c1.yaml b/nuclei-templates/2023/CVE-2023-27432-9de482ee3d956ce585f6bd7d5fa3f9c1.yaml
index b66429b372..7eaefdcef1 100644
--- a/nuclei-templates/2023/CVE-2023-27432-9de482ee3d956ce585f6bd7d5fa3f9c1.yaml
+++ b/nuclei-templates/2023/CVE-2023-27432-9de482ee3d956ce585f6bd7d5fa3f9c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Manage Upload Limit <= 1.0.4 - Reflected Cross-Site Scripting via upload_limit
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Manage Upload Limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the upload_limit parameter in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpsimpletools-upload-limit/"
     google-query: inurl:"/wp-content/plugins/wpsimpletools-upload-limit/"
     shodan-query: 'vuln:CVE-2023-27432'
-  tags: cve,wordpress,wp-plugin,wpsimpletools-upload-limit,high
+  tags: cve,wordpress,wp-plugin,wpsimpletools-upload-limit,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27439-bf579b9a08de0f44c24def81bc3a2891.yaml b/nuclei-templates/2023/CVE-2023-27439-bf579b9a08de0f44c24def81bc3a2891.yaml
index d4e6c6cb8a..953bc8421f 100644
--- a/nuclei-templates/2023/CVE-2023-27439-bf579b9a08de0f44c24def81bc3a2891.yaml
+++ b/nuclei-templates/2023/CVE-2023-27439-bf579b9a08de0f44c24def81bc3a2891.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     New Adman <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The New Adman plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/new-adman/"
     google-query: inurl:"/wp-content/plugins/new-adman/"
     shodan-query: 'vuln:CVE-2023-27439'
-  tags: cve,wordpress,wp-plugin,new-adman,medium
+  tags: cve,wordpress,wp-plugin,new-adman,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2744-d1b821dbb873ab8f28cd2cb8f033062c.yaml b/nuclei-templates/2023/CVE-2023-2744-d1b821dbb873ab8f28cd2cb8f033062c.yaml
index 726ecc012e..4dfb1e69de 100644
--- a/nuclei-templates/2023/CVE-2023-2744-d1b821dbb873ab8f28cd2cb8f033062c.yaml
+++ b/nuclei-templates/2023/CVE-2023-2744-d1b821dbb873ab8f28cd2cb8f033062c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ERP <= 1.12.3 - Authenticated (Administrator+) SQL Injection via 'type'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP ERP plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in versions up to 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erp/"
     google-query: inurl:"/wp-content/plugins/erp/"
     shodan-query: 'vuln:CVE-2023-2744'
-  tags: cve,wordpress,wp-plugin,erp,high
+  tags: cve,wordpress,wp-plugin,erp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27440-f2d9478a61ae546bc6c42d7e589dc8be.yaml b/nuclei-templates/2023/CVE-2023-27440-f2d9478a61ae546bc6c42d7e589dc8be.yaml
index 01cf9d624b..88367a5d7a 100644
--- a/nuclei-templates/2023/CVE-2023-27440-f2d9478a61ae546bc6c42d7e589dc8be.yaml
+++ b/nuclei-templates/2023/CVE-2023-27440-f2d9478a61ae546bc6c42d7e589dc8be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Types <= 3.4.17 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Types plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in an unknown function in versions up to, and including, 3.4.17. This makes it possible for attackers, with administrator-level access, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/types/"
     google-query: inurl:"/wp-content/plugins/types/"
     shodan-query: 'vuln:CVE-2023-27440'
-  tags: cve,wordpress,wp-plugin,types,high
+  tags: cve,wordpress,wp-plugin,types,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27443-be0ba3aacccf6ba5116887341d902b74.yaml b/nuclei-templates/2023/CVE-2023-27443-be0ba3aacccf6ba5116887341d902b74.yaml
index f18dc67ae7..2b2e803a3f 100644
--- a/nuclei-templates/2023/CVE-2023-27443-be0ba3aacccf6ba5116887341d902b74.yaml
+++ b/nuclei-templates/2023/CVE-2023-27443-be0ba3aacccf6ba5116887341d902b74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Vimeo Shortcode <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Vimeo Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ylwm_vimeo’ shortcode in versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-very-simple-vimeo-shortcode/"
     google-query: inurl:"/wp-content/plugins/the-very-simple-vimeo-shortcode/"
     shodan-query: 'vuln:CVE-2023-27443'
-  tags: cve,wordpress,wp-plugin,the-very-simple-vimeo-shortcode,medium
+  tags: cve,wordpress,wp-plugin,the-very-simple-vimeo-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27451-c57f6caa20d50f7b5d4102cef52235b3.yaml b/nuclei-templates/2023/CVE-2023-27451-c57f6caa20d50f7b5d4102cef52235b3.yaml
index be22c22d7c..b47651e565 100644
--- a/nuclei-templates/2023/CVE-2023-27451-c57f6caa20d50f7b5d4102cef52235b3.yaml
+++ b/nuclei-templates/2023/CVE-2023-27451-c57f6caa20d50f7b5d4102cef52235b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Instant Images <= 5.1.0.1 - Authenticated (Author+) Server-Side Request Forgery via instant_images_download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Instant Images plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 5.1.0.1via the instant_images_download function. This can allow authenticated attackers, with author-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instant-images/"
     google-query: inurl:"/wp-content/plugins/instant-images/"
     shodan-query: 'vuln:CVE-2023-27451'
-  tags: cve,wordpress,wp-plugin,instant-images,medium
+  tags: cve,wordpress,wp-plugin,instant-images,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27452-0ad7f5a9c3342b7aeba5a03db14c71d0.yaml b/nuclei-templates/2023/CVE-2023-27452-0ad7f5a9c3342b7aeba5a03db14c71d0.yaml
index 1774ed8813..7b8b59f658 100644
--- a/nuclei-templates/2023/CVE-2023-27452-0ad7f5a9c3342b7aeba5a03db14c71d0.yaml
+++ b/nuclei-templates/2023/CVE-2023-27452-0ad7f5a9c3342b7aeba5a03db14c71d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Button Generator – easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Button Generator – easily Button Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/button-generation/"
     google-query: inurl:"/wp-content/plugins/button-generation/"
     shodan-query: 'vuln:CVE-2023-27452'
-  tags: cve,wordpress,wp-plugin,button-generation,medium
+  tags: cve,wordpress,wp-plugin,button-generation,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27453-057556914142c489ed57ccffe54665f7.yaml b/nuclei-templates/2023/CVE-2023-27453-057556914142c489ed57ccffe54665f7.yaml
index 353bbe1a6e..b2bb7142ba 100644
--- a/nuclei-templates/2023/CVE-2023-27453-057556914142c489ed57ccffe54665f7.yaml
+++ b/nuclei-templates/2023/CVE-2023-27453-057556914142c489ed57ccffe54665f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LWS Tools <= 2.3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The LWS Tools plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on 'lws_tk_create_page' function and several AJAX actions. This makes it possible for unauthenticated attackers to modify the database prefix, modify plugin settings, delete comments, and perform other actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lws-tools/"
     google-query: inurl:"/wp-content/plugins/lws-tools/"
     shodan-query: 'vuln:CVE-2023-27453'
-  tags: cve,wordpress,wp-plugin,lws-tools,high
+  tags: cve,wordpress,wp-plugin,lws-tools,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27454-9454be14498ff26da96354e9b5fc82b2.yaml b/nuclei-templates/2023/CVE-2023-27454-9454be14498ff26da96354e9b5fc82b2.yaml
index 476462f074..4dce0c8044 100644
--- a/nuclei-templates/2023/CVE-2023-27454-9454be14498ff26da96354e9b5fc82b2.yaml
+++ b/nuclei-templates/2023/CVE-2023-27454-9454be14498ff26da96354e9b5fc82b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rife Elementor Extensions & Templates <= 1.1.10 - Missing Authorization via import_templates
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to missing authorization  due to a missing capability check on the 'import_templates' function in versions up to, and including, 1.1.10. This makes it possible for authenticated attackers with subscriber-level access, and above, to import and activate templates on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rife-elementor-extensions/"
     google-query: inurl:"/wp-content/plugins/rife-elementor-extensions/"
     shodan-query: 'vuln:CVE-2023-27454'
-  tags: cve,wordpress,wp-plugin,rife-elementor-extensions,medium
+  tags: cve,wordpress,wp-plugin,rife-elementor-extensions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27456-99f1c42a705f1b7c13a404d5bf315c5f.yaml b/nuclei-templates/2023/CVE-2023-27456-99f1c42a705f1b7c13a404d5bf315c5f.yaml
index 349adb9964..95e54a25f3 100644
--- a/nuclei-templates/2023/CVE-2023-27456-99f1c42a705f1b7c13a404d5bf315c5f.yaml
+++ b/nuclei-templates/2023/CVE-2023-27456-99f1c42a705f1b7c13a404d5bf315c5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Total Theme <= 2.1.19 - Authenticated(Subscriber+) Plugin Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Total theme for WordPress is vulnerable to Plugin Activation due to insufficient capability and nonce checks on the 'activate_plugin' function in versions up to, and including, 2.1.19. This allows any authenticated attacker with subscriber-level capabilities or greater to activate arbitrary plugins already installed on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/total/"
     google-query: inurl:"/wp-content/themes/total/"
     shodan-query: 'vuln:CVE-2023-27456'
-  tags: cve,wordpress,wp-theme,total,medium
+  tags: cve,wordpress,wp-theme,total,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27460-e62ea330281841ac90814f51a2e6e358.yaml b/nuclei-templates/2023/CVE-2023-27460-e62ea330281841ac90814f51a2e6e358.yaml
index 8c3bc4fd7a..598654130d 100644
--- a/nuclei-templates/2023/CVE-2023-27460-e62ea330281841ac90814f51a2e6e358.yaml
+++ b/nuclei-templates/2023/CVE-2023-27460-e62ea330281841ac90814f51a2e6e358.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CP Contact Form with Paypal <= 1.3.34 - Authenticated Feedback Submission
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CP Contact Form with Paypal plugin for WordPress is vulnerable to missing authorization on the 'cpcfwpp_feedback' function in versions up to, and including, 1.3.34. This allows authenticated attackers, with subscriber-level capabilities or above, to submit feedback to the plugin developers, which is intended to be a functionality reserved for administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-contact-form-with-paypal/"
     google-query: inurl:"/wp-content/plugins/cp-contact-form-with-paypal/"
     shodan-query: 'vuln:CVE-2023-27460'
-  tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,medium
+  tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2757-2724145ee24f5785e7f7e4619d00fbc8.yaml b/nuclei-templates/2023/CVE-2023-2757-2724145ee24f5785e7f7e4619d00fbc8.yaml
index 0b13956a73..f4cea57500 100644
--- a/nuclei-templates/2023/CVE-2023-2757-2724145ee24f5785e7f7e4619d00fbc8.yaml
+++ b/nuclei-templates/2023/CVE-2023-2757-2724145ee24f5785e7f7e4619d00fbc8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level attackers to access functions to save plugin data that can potentially lead to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/waiting/"
     google-query: inurl:"/wp-content/plugins/waiting/"
     shodan-query: 'vuln:CVE-2023-2757'
-  tags: cve,wordpress,wp-plugin,waiting,high
+  tags: cve,wordpress,wp-plugin,waiting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27605-20b79e43dd02b60a0996dbe99e7ba439.yaml b/nuclei-templates/2023/CVE-2023-27605-20b79e43dd02b60a0996dbe99e7ba439.yaml
index 115704da10..1336a54ad2 100644
--- a/nuclei-templates/2023/CVE-2023-27605-20b79e43dd02b60a0996dbe99e7ba439.yaml
+++ b/nuclei-templates/2023/CVE-2023-27605-20b79e43dd02b60a0996dbe99e7ba439.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Reroute Email plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-reroute-email/"
     google-query: inurl:"/wp-content/plugins/wp-reroute-email/"
     shodan-query: 'vuln:CVE-2023-27605'
-  tags: cve,wordpress,wp-plugin,wp-reroute-email,high
+  tags: cve,wordpress,wp-plugin,wp-reroute-email,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27608-f595c203a77330422dba7245cce84dcd.yaml b/nuclei-templates/2023/CVE-2023-27608-f595c203a77330422dba7245cce84dcd.yaml
index d646e7c22d..16f5983181 100644
--- a/nuclei-templates/2023/CVE-2023-27608-f595c203a77330422dba7245cce84dcd.yaml
+++ b/nuclei-templates/2023/CVE-2023-27608-f595c203a77330422dba7245cce84dcd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Points and Rewards for WooCommerce <= 1.5.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'wps_wpr_points_update' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to update reward points.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/points-and-rewards-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/points-and-rewards-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-27608'
-  tags: cve,wordpress,wp-plugin,points-and-rewards-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,points-and-rewards-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27609-0822b2c02c49629a19bf084eb6d8580a.yaml b/nuclei-templates/2023/CVE-2023-27609-0822b2c02c49629a19bf084eb6d8580a.yaml
index 14e192d781..cd6718f178 100644
--- a/nuclei-templates/2023/CVE-2023-27609-0822b2c02c49629a19bf084eb6d8580a.yaml
+++ b/nuclei-templates/2023/CVE-2023-27609-0822b2c02c49629a19bf084eb6d8580a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Roles at Registration <= 0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Roles at Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-roles-at-registration/"
     google-query: inurl:"/wp-content/plugins/wp-roles-at-registration/"
     shodan-query: 'vuln:CVE-2023-27609'
-  tags: cve,wordpress,wp-plugin,wp-roles-at-registration,medium
+  tags: cve,wordpress,wp-plugin,wp-roles-at-registration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2761-ee6d7181de7e06427ee243be8abb06fb.yaml b/nuclei-templates/2023/CVE-2023-2761-ee6d7181de7e06427ee243be8abb06fb.yaml
index b93ffd858c..f602999503 100644
--- a/nuclei-templates/2023/CVE-2023-2761-ee6d7181de7e06427ee243be8abb06fb.yaml
+++ b/nuclei-templates/2023/CVE-2023-2761-ee6d7181de7e06427ee243be8abb06fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Activity Log plugin for WordPress is vulnerable to generic SQL Injection via the ‘txtsearch’ parameter in versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-activity-log/"
     google-query: inurl:"/wp-content/plugins/user-activity-log/"
     shodan-query: 'vuln:CVE-2023-2761'
-  tags: cve,wordpress,wp-plugin,user-activity-log,medium
+  tags: cve,wordpress,wp-plugin,user-activity-log,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27610-73d72f655c3b804018b0ad6a3a400257.yaml b/nuclei-templates/2023/CVE-2023-27610-73d72f655c3b804018b0ad6a3a400257.yaml
index de6b05e483..7e2626ffc0 100644
--- a/nuclei-templates/2023/CVE-2023-27610-73d72f655c3b804018b0ad6a3a400257.yaml
+++ b/nuclei-templates/2023/CVE-2023-27610-73d72f655c3b804018b0ad6a3a400257.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Transbank Webpay REST <= 1.6.6 - Authenticated (Administrator+) SQL Injection via orderby
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Transbank Webpay REST plugin for WordPress is vulnerable to SQL Injection via the ‘oderby’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers , with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/transbank-webpay-plus-rest/"
     google-query: inurl:"/wp-content/plugins/transbank-webpay-plus-rest/"
     shodan-query: 'vuln:CVE-2023-27610'
-  tags: cve,wordpress,wp-plugin,transbank-webpay-plus-rest,high
+  tags: cve,wordpress,wp-plugin,transbank-webpay-plus-rest,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27612-68354cec14dcc6c8c5561bd362f6a851.yaml b/nuclei-templates/2023/CVE-2023-27612-68354cec14dcc6c8c5561bd362f6a851.yaml
index 747c94b9a7..76a9b14c71 100644
--- a/nuclei-templates/2023/CVE-2023-27612-68354cec14dcc6c8c5561bd362f6a851.yaml
+++ b/nuclei-templates/2023/CVE-2023-27612-68354cec14dcc6c8c5561bd362f6a851.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-reviews/"
     google-query: inurl:"/wp-content/plugins/site-reviews/"
     shodan-query: 'vuln:CVE-2023-27612'
-  tags: cve,wordpress,wp-plugin,site-reviews,medium
+  tags: cve,wordpress,wp-plugin,site-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27614-20fefc27d9160f7f5b2c386f22a44380.yaml b/nuclei-templates/2023/CVE-2023-27614-20fefc27d9160f7f5b2c386f22a44380.yaml
index 86df2bc156..dfde7d193a 100644
--- a/nuclei-templates/2023/CVE-2023-27614-20fefc27d9160f7f5b2c386f22a44380.yaml
+++ b/nuclei-templates/2023/CVE-2023-27614-20fefc27d9160f7f5b2c386f22a44380.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Motor Racing League <= 1.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Motor Racing League plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.9.9  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/motor-racing-league/"
     google-query: inurl:"/wp-content/plugins/motor-racing-league/"
     shodan-query: 'vuln:CVE-2023-27614'
-  tags: cve,wordpress,wp-plugin,motor-racing-league,medium
+  tags: cve,wordpress,wp-plugin,motor-racing-league,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27617-ff8293f84b21b2955bef22aebfa62b32.yaml b/nuclei-templates/2023/CVE-2023-27617-ff8293f84b21b2955bef22aebfa62b32.yaml
index d7b8a44846..1b5933104b 100644
--- a/nuclei-templates/2023/CVE-2023-27617-ff8293f84b21b2955bef22aebfa62b32.yaml
+++ b/nuclei-templates/2023/CVE-2023-27617-ff8293f84b21b2955bef22aebfa62b32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSVPMarker  <= 10.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RSVPMarker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 10.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rsvpmaker/"
     google-query: inurl:"/wp-content/plugins/rsvpmaker/"
     shodan-query: 'vuln:CVE-2023-27617'
-  tags: cve,wordpress,wp-plugin,rsvpmaker,medium
+  tags: cve,wordpress,wp-plugin,rsvpmaker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27618-9a7bc6474013942cb9ad4b06ba961bd0.yaml b/nuclei-templates/2023/CVE-2023-27618-9a7bc6474013942cb9ad4b06ba961bd0.yaml
index 8881b5f566..6b54fc79c7 100644
--- a/nuclei-templates/2023/CVE-2023-27618-9a7bc6474013942cb9ad4b06ba961bd0.yaml
+++ b/nuclei-templates/2023/CVE-2023-27618-9a7bc6474013942cb9ad4b06ba961bd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Store Locator WordPress <= 1.4.9 - Authenticated (Editor+) Stored Cross-Site Scripting via 'category_name', 'description', 'description_2' parameters
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Store Locator WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting 'category_name', 'description', 'description_2' and other form parameters in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with editor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/agile-store-locator/"
     google-query: inurl:"/wp-content/plugins/agile-store-locator/"
     shodan-query: 'vuln:CVE-2023-27618'
-  tags: cve,wordpress,wp-plugin,agile-store-locator,medium
+  tags: cve,wordpress,wp-plugin,agile-store-locator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27620-9376ca64ef0c10c441ff62358957edd7.yaml b/nuclei-templates/2023/CVE-2023-27620-9376ca64ef0c10c441ff62358957edd7.yaml
index 80cc6ea3ef..d90bac689b 100644
--- a/nuclei-templates/2023/CVE-2023-27620-9376ca64ef0c10c441ff62358957edd7.yaml
+++ b/nuclei-templates/2023/CVE-2023-27620-9376ca64ef0c10c441ff62358957edd7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Robo Gallery <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/robo-gallery/"
     google-query: inurl:"/wp-content/plugins/robo-gallery/"
     shodan-query: 'vuln:CVE-2023-27620'
-  tags: cve,wordpress,wp-plugin,robo-gallery,medium
+  tags: cve,wordpress,wp-plugin,robo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27621-a521128c60a3e4447b1ae62129a4837e.yaml b/nuclei-templates/2023/CVE-2023-27621-a521128c60a3e4447b1ae62129a4837e.yaml
index a88ccc552f..9b4226998b 100644
--- a/nuclei-templates/2023/CVE-2023-27621-a521128c60a3e4447b1ae62129a4837e.yaml
+++ b/nuclei-templates/2023/CVE-2023-27621-a521128c60a3e4447b1ae62129a4837e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Livestream Notice <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Livestream Notice plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/livestream-notice/"
     google-query: inurl:"/wp-content/plugins/livestream-notice/"
     shodan-query: 'vuln:CVE-2023-27621'
-  tags: cve,wordpress,wp-plugin,livestream-notice,medium
+  tags: cve,wordpress,wp-plugin,livestream-notice,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27622-a6e719c0412296476082fdb1b971690e.yaml b/nuclei-templates/2023/CVE-2023-27622-a6e719c0412296476082fdb1b971690e.yaml
index 109c574ffb..db5d0a2a72 100644
--- a/nuclei-templates/2023/CVE-2023-27622-a6e719c0412296476082fdb1b971690e.yaml
+++ b/nuclei-templates/2023/CVE-2023-27622-a6e719c0412296476082fdb1b971690e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GuruWalk Affiliates <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GuruWalk Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/guruwalk-affiliates/"
     google-query: inurl:"/wp-content/plugins/guruwalk-affiliates/"
     shodan-query: 'vuln:CVE-2023-27622'
-  tags: cve,wordpress,wp-plugin,guruwalk-affiliates,medium
+  tags: cve,wordpress,wp-plugin,guruwalk-affiliates,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27624-47522a4a3dc3a65ace6791fdc8ad2676.yaml b/nuclei-templates/2023/CVE-2023-27624-47522a4a3dc3a65ace6791fdc8ad2676.yaml
index 059bf1db60..c680bd8205 100644
--- a/nuclei-templates/2023/CVE-2023-27624-47522a4a3dc3a65ace6791fdc8ad2676.yaml
+++ b/nuclei-templates/2023/CVE-2023-27624-47522a4a3dc3a65ace6791fdc8ad2676.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Redirect After Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-after-login/"
     google-query: inurl:"/wp-content/plugins/redirect-after-login/"
     shodan-query: 'vuln:CVE-2023-27624'
-  tags: cve,wordpress,wp-plugin,redirect-after-login,medium
+  tags: cve,wordpress,wp-plugin,redirect-after-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27625-db3e14a64935e9816ff1fc8cb2d49569.yaml b/nuclei-templates/2023/CVE-2023-27625-db3e14a64935e9816ff1fc8cb2d49569.yaml
index 1c0e7f2fce..87e7018831 100644
--- a/nuclei-templates/2023/CVE-2023-27625-db3e14a64935e9816ff1fc8cb2d49569.yaml
+++ b/nuclei-templates/2023/CVE-2023-27625-db3e14a64935e9816ff1fc8cb2d49569.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Reviews <= 6.5.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Site Reviews plugin for WordPress is vulnerable to setting modification and information disclosure due to lack of capability checks in a variety of functions, including rollbackPluginAjax, downloadConsole, downloadSystemInfo and exportSettings in versions up to, and including, 6.5.1. These functions are also vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for authenticated attackers with subscriber-level access, and above, to tamper with the console logging level amongst other actions like rolling back the plugin's version.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-reviews/"
     google-query: inurl:"/wp-content/plugins/site-reviews/"
     shodan-query: 'vuln:CVE-2023-27625'
-  tags: cve,wordpress,wp-plugin,site-reviews,medium
+  tags: cve,wordpress,wp-plugin,site-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27626-a63f1210dd076ac1af75bbdfb4936df5.yaml b/nuclei-templates/2023/CVE-2023-27626-a63f1210dd076ac1af75bbdfb4936df5.yaml
index d80f065c1c..7f6159844c 100644
--- a/nuclei-templates/2023/CVE-2023-27626-a63f1210dd076ac1af75bbdfb4936df5.yaml
+++ b/nuclei-templates/2023/CVE-2023-27626-a63f1210dd076ac1af75bbdfb4936df5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stock Ticker <= 3.23.0 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stock Ticker plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on several AJAX actions in versions up to, and including, 3.23.0. This makes it possible for unauthenticated attackers  to change plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stock-ticker/"
     google-query: inurl:"/wp-content/plugins/stock-ticker/"
     shodan-query: 'vuln:CVE-2023-27626'
-  tags: cve,wordpress,wp-plugin,stock-ticker,medium
+  tags: cve,wordpress,wp-plugin,stock-ticker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27627-b8484e4bbe43b173d4b67998a26e2ce3.yaml b/nuclei-templates/2023/CVE-2023-27627-b8484e4bbe43b173d4b67998a26e2ce3.yaml
index 2d43889f1e..ff27add1b7 100644
--- a/nuclei-templates/2023/CVE-2023-27627-b8484e4bbe43b173d4b67998a26e2ce3.yaml
+++ b/nuclei-templates/2023/CVE-2023-27627-b8484e4bbe43b173d4b67998a26e2ce3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woocommerce Email Report <= 2.4 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Woocommerce Email Report plugin for WordPress is vulnerable to Unauthenticated Cross-Site Scripting via an uknown parameter in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers  to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wooemailreport/"
     google-query: inurl:"/wp-content/plugins/wooemailreport/"
     shodan-query: 'vuln:CVE-2023-27627'
-  tags: cve,wordpress,wp-plugin,wooemailreport,medium
+  tags: cve,wordpress,wp-plugin,wooemailreport,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27628-50ade2845c53f4bbe684ddfabd1bfd64.yaml b/nuclei-templates/2023/CVE-2023-27628-50ade2845c53f4bbe684ddfabd1bfd64.yaml
index 09499fc0b9..5fafef6b2a 100644
--- a/nuclei-templates/2023/CVE-2023-27628-50ade2845c53f4bbe684ddfabd1bfd64.yaml
+++ b/nuclei-templates/2023/CVE-2023-27628-50ade2845c53f4bbe684ddfabd1bfd64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sitekit <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe ' shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sitekit_iframe' shortcode attributes in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitekit/"
     google-query: inurl:"/wp-content/plugins/sitekit/"
     shodan-query: 'vuln:CVE-2023-27628'
-  tags: cve,wordpress,wp-plugin,sitekit,medium
+  tags: cve,wordpress,wp-plugin,sitekit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27629-a344469158b924b0533b76919c9daf70.yaml b/nuclei-templates/2023/CVE-2023-27629-a344469158b924b0533b76919c9daf70.yaml
index b8604c27ea..6e19ac3d56 100644
--- a/nuclei-templates/2023/CVE-2023-27629-a344469158b924b0533b76919c9daf70.yaml
+++ b/nuclei-templates/2023/CVE-2023-27629-a344469158b924b0533b76919c9daf70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attribute(s) in versions up to, and including, 6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-reviews/"
     google-query: inurl:"/wp-content/plugins/site-reviews/"
     shodan-query: 'vuln:CVE-2023-27629'
-  tags: cve,wordpress,wp-plugin,site-reviews,medium
+  tags: cve,wordpress,wp-plugin,site-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27630-2d63f6e8d357472c9ca1e82cb0bc121b.yaml b/nuclei-templates/2023/CVE-2023-27630-2d63f6e8d357472c9ca1e82cb0bc121b.yaml
index 1d2b42071f..f85989c6f8 100644
--- a/nuclei-templates/2023/CVE-2023-27630-2d63f6e8d357472c9ca1e82cb0bc121b.yaml
+++ b/nuclei-templates/2023/CVE-2023-27630-2d63f6e8d357472c9ca1e82cb0bc121b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Community by PeepSo <= 6.0.9.0 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Community by PeepSo plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.0.9.0 due to missing authorization checks on the action_admin_export() function. This makes it possible for unauthenticated attackers to trigger a system report export and obtain sensitive information about the servers configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/peepso-core/"
     google-query: inurl:"/wp-content/plugins/peepso-core/"
     shodan-query: 'vuln:CVE-2023-27630'
-  tags: cve,wordpress,wp-plugin,peepso-core,medium
+  tags: cve,wordpress,wp-plugin,peepso-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27631-3824f011eab5214f502db246222a2a64.yaml b/nuclei-templates/2023/CVE-2023-27631-3824f011eab5214f502db246222a2a64.yaml
index dad4ff1898..507e5931e9 100644
--- a/nuclei-templates/2023/CVE-2023-27631-3824f011eab5214f502db246222a2a64.yaml
+++ b/nuclei-templates/2023/CVE-2023-27631-3824f011eab5214f502db246222a2a64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Daily Prayer Time <= 2023.03.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Daily Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2023.03.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/daily-prayer-time-for-mosques/"
     google-query: inurl:"/wp-content/plugins/daily-prayer-time-for-mosques/"
     shodan-query: 'vuln:CVE-2023-27631'
-  tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,medium
+  tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27634-a725115e3c0edf17f7d3885d6b810646.yaml b/nuclei-templates/2023/CVE-2023-27634-a725115e3c0edf17f7d3885d6b810646.yaml
index ce5ea2b436..dd86279641 100644
--- a/nuclei-templates/2023/CVE-2023-27634-a725115e3c0edf17f7d3885d6b810646.yaml
+++ b/nuclei-templates/2023/CVE-2023-27634-a725115e3c0edf17f7d3885d6b810646.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Intrepidity <= 1.5.1 - Cross-Site Request Forgery via mytheme_add_admin
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Intrepidity theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the mytheme_add_admin function. This makes it possible for unauthenticated attackers to upload files and update options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/intrepidity/"
     google-query: inurl:"/wp-content/themes/intrepidity/"
     shodan-query: 'vuln:CVE-2023-27634'
-  tags: cve,wordpress,wp-theme,intrepidity,high
+  tags: cve,wordpress,wp-theme,intrepidity,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2764-02fac00b4da69e9fe78fc7130f860fe9.yaml b/nuclei-templates/2023/CVE-2023-2764-02fac00b4da69e9fe78fc7130f860fe9.yaml
index 4be35de813..1cb04d0ff7 100644
--- a/nuclei-templates/2023/CVE-2023-2764-02fac00b4da69e9fe78fc7130f860fe9.yaml
+++ b/nuclei-templates/2023/CVE-2023-2764-02fac00b4da69e9fe78fc7130f860fe9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Draw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/draw-attention/"
     google-query: inurl:"/wp-content/plugins/draw-attention/"
     shodan-query: 'vuln:CVE-2023-2764'
-  tags: cve,wordpress,wp-plugin,draw-attention,medium
+  tags: cve,wordpress,wp-plugin,draw-attention,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2767-12fc948c06bbe2558fcf0a602f5f480e.yaml b/nuclei-templates/2023/CVE-2023-2767-12fc948c06bbe2558fcf0a602f5f480e.yaml
index 4627b78d46..d9687dece8 100644
--- a/nuclei-templates/2023/CVE-2023-2767-12fc948c06bbe2558fcf0a602f5f480e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2767-12fc948c06bbe2558fcf0a602f5f480e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.4
     cve-id: CVE-2023-2767
   metadata:
-    fofa-query: "wp-content/plugins/wp-file-upload/"
-    google-query: inurl:"/wp-content/plugins/wp-file-upload/"
+    fofa-query: "wp-content/plugins/wordpress-file-upload-pro/"
+    google-query: inurl:"/wp-content/plugins/wordpress-file-upload-pro/"
     shodan-query: 'vuln:CVE-2023-2767'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,medium
+  tags: cve,wordpress,wp-plugin,wordpress-file-upload-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wordpress-file-upload-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "wp-file-upload"
+          - "wordpress-file-upload-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-2781-20bfb39c28e57afafa73126a681ef707.yaml b/nuclei-templates/2023/CVE-2023-2781-20bfb39c28e57afafa73126a681ef707.yaml
index e2acfd9512..7e3744df83 100644
--- a/nuclei-templates/2023/CVE-2023-2781-20bfb39c28e57afafa73126a681ef707.yaml
+++ b/nuclei-templates/2023/CVE-2023-2781-20bfb39c28e57afafa73126a681ef707.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Allow Automatic Login After Successful Verification setting to be enabled, which it is not by default.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-confirmation-email/"
     google-query: inurl:"/wp-content/plugins/woo-confirmation-email/"
     shodan-query: 'vuln:CVE-2023-2781'
-  tags: cve,wordpress,wp-plugin,woo-confirmation-email,high
+  tags: cve,wordpress,wp-plugin,woo-confirmation-email,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-27923-4131547f48ef03f81376294e8bfec1f9.yaml b/nuclei-templates/2023/CVE-2023-27923-4131547f48ef03f81376294e8bfec1f9.yaml
index 9fa3cce676..12b66d21c5 100644
--- a/nuclei-templates/2023/CVE-2023-27923-4131547f48ef03f81376294e8bfec1f9.yaml
+++ b/nuclei-templates/2023/CVE-2023-27923-4131547f48ef03f81376294e8bfec1f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Tag Edit
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tag Edit functionality in versions up to, and including, 1.53.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2023-27923
   metadata:
-    fofa-query: "wp-content/plugins/vk-blocks-pro/"
-    google-query: inurl:"/wp-content/plugins/vk-blocks-pro/"
+    fofa-query: "wp-content/plugins/vk-blocks/"
+    google-query: inurl:"/wp-content/plugins/vk-blocks/"
     shodan-query: 'vuln:CVE-2023-27923'
-  tags: cve,wordpress,wp-plugin,vk-blocks-pro,medium
+  tags: cve,wordpress,wp-plugin,vk-blocks,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/vk-blocks-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/vk-blocks/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "vk-blocks-pro"
+          - "vk-blocks"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-27925-7d646a32d0c4bc3814bc480ca69d5434.yaml b/nuclei-templates/2023/CVE-2023-27925-7d646a32d0c4bc3814bc480ca69d5434.yaml
index 7093dca28d..01bb4ef48d 100644
--- a/nuclei-templates/2023/CVE-2023-27925-7d646a32d0c4bc3814bc480ca69d5434.yaml
+++ b/nuclei-templates/2023/CVE-2023-27925-7d646a32d0c4bc3814bc480ca69d5434.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Post
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post functionality in versions up to, and including, 1.53.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2023-27925
   metadata:
-    fofa-query: "wp-content/plugins/vk-blocks-pro/"
-    google-query: inurl:"/wp-content/plugins/vk-blocks-pro/"
+    fofa-query: "wp-content/plugins/vk-blocks/"
+    google-query: inurl:"/wp-content/plugins/vk-blocks/"
     shodan-query: 'vuln:CVE-2023-27925'
-  tags: cve,wordpress,wp-plugin,vk-blocks-pro,medium
+  tags: cve,wordpress,wp-plugin,vk-blocks,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/vk-blocks-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/vk-blocks/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "vk-blocks-pro"
+          - "vk-blocks"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-27926-5f7a0857cd225d8f715faf1ad377962f.yaml b/nuclei-templates/2023/CVE-2023-27926-5f7a0857cd225d8f715faf1ad377962f.yaml
index 04d18fb44e..4098d4122f 100644
--- a/nuclei-templates/2023/CVE-2023-27926-5f7a0857cd225d8f715faf1ad377962f.yaml
+++ b/nuclei-templates/2023/CVE-2023-27926-5f7a0857cd225d8f715faf1ad377962f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK All in One Expansion Unit <= 9.88.1.0 - Stored (Contributor+) Cross-Site Scripting in Profile Setting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile setting functionality in versions up to, and including, 9.88.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vk-all-in-one-expansion-unit/"
     google-query: inurl:"/wp-content/plugins/vk-all-in-one-expansion-unit/"
     shodan-query: 'vuln:CVE-2023-27926'
-  tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,medium
+  tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2795-6a2386cdcd3910d335805b9ddf952385.yaml b/nuclei-templates/2023/CVE-2023-2795-6a2386cdcd3910d335805b9ddf952385.yaml
index fd077228aa..2f8390fb2a 100644
--- a/nuclei-templates/2023/CVE-2023-2795-6a2386cdcd3910d335805b9ddf952385.yaml
+++ b/nuclei-templates/2023/CVE-2023-2795-6a2386cdcd3910d335805b9ddf952385.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CodeColorer <= 0.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.10.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/codecolorer/"
     google-query: inurl:"/wp-content/plugins/codecolorer/"
     shodan-query: 'vuln:CVE-2023-2795'
-  tags: cve,wordpress,wp-plugin,codecolorer,medium
+  tags: cve,wordpress,wp-plugin,codecolorer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2796-b285571aa8961228c020fb748a563a39.yaml b/nuclei-templates/2023/CVE-2023-2796-b285571aa8961228c020fb748a563a39.yaml
index 5f4bdf47ab..2891460b28 100644
--- a/nuclei-templates/2023/CVE-2023-2796-b285571aa8961228c020fb748a563a39.yaml
+++ b/nuclei-templates/2023/CVE-2023-2796-b285571aa8961228c020fb748a563a39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventON <= 2.1 - Missing Authorization to Event Access
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EventON plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the eventon_ics_download function in versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to view private or protected events.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventon-lite/"
     google-query: inurl:"/wp-content/plugins/eventon-lite/"
     shodan-query: 'vuln:CVE-2023-2796'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2802-8461759ea5a4f2c3230ae2ba89953371.yaml b/nuclei-templates/2023/CVE-2023-2802-8461759ea5a4f2c3230ae2ba89953371.yaml
index d6fd0ad6c1..7ff15a4156 100644
--- a/nuclei-templates/2023/CVE-2023-2802-8461759ea5a4f2c3230ae2ba89953371.yaml
+++ b/nuclei-templates/2023/CVE-2023-2802-8461759ea5a4f2c3230ae2ba89953371.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Contact Form 7 <= 3.1.28 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings like the 'Redirect URL' field in versions up to, and including, 3.1.28  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2023-2802'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2805-4b6c9f5939660218c2639c17b2048a97.yaml b/nuclei-templates/2023/CVE-2023-2805-4b6c9f5939660218c2639c17b2048a97.yaml
index 8d9053d4fd..f2baf36213 100644
--- a/nuclei-templates/2023/CVE-2023-2805-4b6c9f5939660218c2639c17b2048a97.yaml
+++ b/nuclei-templates/2023/CVE-2023-2805-4b6c9f5939660218c2639c17b2048a97.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SupportCandy <= 3.1.6 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SupportCandy plugin for WordPress is vulnerable to SQL injection via the 'agents[]' parameter used in the set_add_agent_leaves AJAX action in versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportcandy/"
     google-query: inurl:"/wp-content/plugins/supportcandy/"
     shodan-query: 'vuln:CVE-2023-2805'
-  tags: cve,wordpress,wp-plugin,supportcandy,high
+  tags: cve,wordpress,wp-plugin,supportcandy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2811-c8b00e3a8ae7ee111daecc90a5a50970.yaml b/nuclei-templates/2023/CVE-2023-2811-c8b00e3a8ae7ee111daecc90a5a50970.yaml
index ad31022d21..90f39d16f1 100644
--- a/nuclei-templates/2023/CVE-2023-2811-c8b00e3a8ae7ee111daecc90a5a50970.yaml
+++ b/nuclei-templates/2023/CVE-2023-2811-c8b00e3a8ae7ee111daecc90a5a50970.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AI ChatBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-2811'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2812-c5b5b783e98de972c2044e0acdd3ca83.yaml b/nuclei-templates/2023/CVE-2023-2812-c5b5b783e98de972c2044e0acdd3ca83.yaml
index 6a12922441..2195e004bb 100644
--- a/nuclei-templates/2023/CVE-2023-2812-c5b5b783e98de972c2044e0acdd3ca83.yaml
+++ b/nuclei-templates/2023/CVE-2023-2812-c5b5b783e98de972c2044e0acdd3ca83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Dashboard <= 3.7.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.5  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-dashboard/"
     google-query: inurl:"/wp-content/plugins/ultimate-dashboard/"
     shodan-query: 'vuln:CVE-2023-2812'
-  tags: cve,wordpress,wp-plugin,ultimate-dashboard,medium
+  tags: cve,wordpress,wp-plugin,ultimate-dashboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2813-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/2023/CVE-2023-2813-4790b4ad8b25152cb39533647a69d638.yaml
index 730383b819..2ad75f1fa3 100644
--- a/nuclei-templates/2023/CVE-2023-2813-4790b4ad8b25152cb39533647a69d638.yaml
+++ b/nuclei-templates/2023/CVE-2023-2813-4790b4ad8b25152cb39533647a69d638.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-2813
   metadata:
-    fofa-query: "wp-content/themes/college/"
-    google-query: inurl:"/wp-content/themes/college/"
+    fofa-query: "wp-content/themes/aapna/"
+    google-query: inurl:"/wp-content/themes/aapna/"
     shodan-query: 'vuln:CVE-2023-2813'
-  tags: cve,wordpress,wp-theme,college,medium
+  tags: cve,wordpress,wp-theme,aapna,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/college/style.css"
+      - "{{BaseURL}}/wp-content/themes/aapna/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "college"
+          - "aapna"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.5.1')
\ No newline at end of file
+          - compare_versions(version, '<= *')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-28154-0046efcaf372ceea3cbda093fc9866d7.yaml b/nuclei-templates/2023/CVE-2023-28154-0046efcaf372ceea3cbda093fc9866d7.yaml
index c1ffc7b895..d143b4b71f 100644
--- a/nuclei-templates/2023/CVE-2023-28154-0046efcaf372ceea3cbda093fc9866d7.yaml
+++ b/nuclei-templates/2023/CVE-2023-28154-0046efcaf372ceea3cbda093fc9866d7.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.3
     cve-id: CVE-2023-28154
   metadata:
-    fofa-query: "wp-content/plugins/restricted-site-access/"
-    google-query: inurl:"/wp-content/plugins/restricted-site-access/"
+    fofa-query: "wp-content/plugins/elasticpress/"
+    google-query: inurl:"/wp-content/plugins/elasticpress/"
     shodan-query: 'vuln:CVE-2023-28154'
-  tags: cve,wordpress,wp-plugin,restricted-site-access,high
+  tags: cve,wordpress,wp-plugin,elasticpress,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/restricted-site-access/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/elasticpress/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "restricted-site-access"
+          - "elasticpress"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 7.3.5')
\ No newline at end of file
+          - compare_versions(version, '<= 4.5.0')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-28165-133f9da4970886f2c6daa016271571ae.yaml b/nuclei-templates/2023/CVE-2023-28165-133f9da4970886f2c6daa016271571ae.yaml
index 36272918b1..0026a70087 100644
--- a/nuclei-templates/2023/CVE-2023-28165-133f9da4970886f2c6daa016271571ae.yaml
+++ b/nuclei-templates/2023/CVE-2023-28165-133f9da4970886f2c6daa016271571ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup Bank: WordPress Backup Plugin <= 4.0.28 - Missing Authorization via post_user_feedback_backup_bank
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Backup Bank: WordPress Backup Plugin plugin for WordPress is vulnerable to unauthorized execution of an AJAX action due to a missing capability check on the post_user_feedback_backup_bank() function in versions up to, and including, 4.0.28. This makes it possible for authenticated attackers with subscriber-level access, and above, to submit plugin feedback spoofing as the identity of the site owner.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-backup-bank/"
     google-query: inurl:"/wp-content/plugins/wp-backup-bank/"
     shodan-query: 'vuln:CVE-2023-28165'
-  tags: cve,wordpress,wp-plugin,wp-backup-bank,medium
+  tags: cve,wordpress,wp-plugin,wp-backup-bank,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28168-97c1ceb18f16975e668ed8d0bd718768.yaml b/nuclei-templates/2023/CVE-2023-28168-97c1ceb18f16975e668ed8d0bd718768.yaml
index 1d46ad4ca6..dc69b74f75 100644
--- a/nuclei-templates/2023/CVE-2023-28168-97c1ceb18f16975e668ed8d0bd718768.yaml
+++ b/nuclei-templates/2023/CVE-2023-28168-97c1ceb18f16975e668ed8d0bd718768.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Console <= 0.3.9 - Missing Authorization via reload.php
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Console plugin for WordPress is vulnerable to unauthorized modification of data and execution of files due to missing authorization in several files such as reload.php, complete.php, and query that is also missing direct file access controls in versions up to, and including, 0.3.9. This makes it possible for unauthenticated attackers to unset the '$_SESSION['console_vars']' and '$_SESSION['partial']' variables and potentially achieve remote code execution if they can successfully exploit the type juggling weakness in query.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-console/"
     google-query: inurl:"/wp-content/plugins/wordpress-console/"
     shodan-query: 'vuln:CVE-2023-28168'
-  tags: cve,wordpress,wp-plugin,wordpress-console,medium
+  tags: cve,wordpress,wp-plugin,wordpress-console,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28169-35d6cb483985201ac59c669cec20a881.yaml b/nuclei-templates/2023/CVE-2023-28169-35d6cb483985201ac59c669cec20a881.yaml
index c60fab38c6..6d303ba789 100644
--- a/nuclei-templates/2023/CVE-2023-28169-35d6cb483985201ac59c669cec20a881.yaml
+++ b/nuclei-templates/2023/CVE-2023-28169-35d6cb483985201ac59c669cec20a881.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Event calendar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Event calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-event-calendar/"
     google-query: inurl:"/wp-content/plugins/easy-event-calendar/"
     shodan-query: 'vuln:CVE-2023-28169'
-  tags: cve,wordpress,wp-plugin,easy-event-calendar,medium
+  tags: cve,wordpress,wp-plugin,easy-event-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28170-42bbb29a21ceaaa3011864640412a5ea.yaml b/nuclei-templates/2023/CVE-2023-28170-42bbb29a21ceaaa3011864640412a5ea.yaml
index 0d4f6223eb..b0a18a0487 100644
--- a/nuclei-templates/2023/CVE-2023-28170-42bbb29a21ceaaa3011864640412a5ea.yaml
+++ b/nuclei-templates/2023/CVE-2023-28170-42bbb29a21ceaaa3011864640412a5ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme Demo Import <= 1.1.1 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Theme Demo Import plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 1.1.1. This makes it possible for authenticated attackers with administrator privileges to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-demo-import/"
     google-query: inurl:"/wp-content/plugins/theme-demo-import/"
     shodan-query: 'vuln:CVE-2023-28170'
-  tags: cve,wordpress,wp-plugin,theme-demo-import,high
+  tags: cve,wordpress,wp-plugin,theme-demo-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28174-9babf2cf45788c102d8f9d4588bf3e93.yaml b/nuclei-templates/2023/CVE-2023-28174-9babf2cf45788c102d8f9d4588bf3e93.yaml
index 530c1de05e..a04f524042 100644
--- a/nuclei-templates/2023/CVE-2023-28174-9babf2cf45788c102d8f9d4588bf3e93.yaml
+++ b/nuclei-templates/2023/CVE-2023-28174-9babf2cf45788c102d8f9d4588bf3e93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eRocket <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The eRocket plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'share_text' value in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erocket/"
     google-query: inurl:"/wp-content/plugins/erocket/"
     shodan-query: 'vuln:CVE-2023-28174'
-  tags: cve,wordpress,wp-plugin,erocket,medium
+  tags: cve,wordpress,wp-plugin,erocket,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2833-1589d579faac8c7d72195578a8342786.yaml b/nuclei-templates/2023/CVE-2023-2833-1589d579faac8c7d72195578a8342786.yaml
index fad0159420..94d0bdaeac 100644
--- a/nuclei-templates/2023/CVE-2023-2833-1589d579faac8c7d72195578a8342786.yaml
+++ b/nuclei-templates/2023/CVE-2023-2833-1589d579faac8c7d72195578a8342786.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ReviewX <= 1.6.13 - Arbitrary Usermeta Update  to Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reviewx/"
     google-query: inurl:"/wp-content/plugins/reviewx/"
     shodan-query: 'vuln:CVE-2023-2833'
-  tags: cve,wordpress,wp-plugin,reviewx,high
+  tags: cve,wordpress,wp-plugin,reviewx,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2836-84e13e367dca55445350e25af8c4c3b9.yaml b/nuclei-templates/2023/CVE-2023-2836-84e13e367dca55445350e25af8c4c3b9.yaml
index 9fe7339e2a..3152221835 100644
--- a/nuclei-templates/2023/CVE-2023-2836-84e13e367dca55445350e25af8c4c3b9.yaml
+++ b/nuclei-templates/2023/CVE-2023-2836-84e13e367dca55445350e25af8c4c3b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crm-perks-forms/"
     google-query: inurl:"/wp-content/plugins/crm-perks-forms/"
     shodan-query: 'vuln:CVE-2023-2836'
-  tags: cve,wordpress,wp-plugin,crm-perks-forms,medium
+  tags: cve,wordpress,wp-plugin,crm-perks-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28367-8f7f33ee1e4675fee4c38d5051fea8e5.yaml b/nuclei-templates/2023/CVE-2023-28367-8f7f33ee1e4675fee4c38d5051fea8e5.yaml
index 8a80624e10..0403e62ebf 100644
--- a/nuclei-templates/2023/CVE-2023-28367-8f7f33ee1e4675fee4c38d5051fea8e5.yaml
+++ b/nuclei-templates/2023/CVE-2023-28367-8f7f33ee1e4675fee4c38d5051fea8e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK All in One Expansion Unit <= 9.88.1.0 - Stored (Contributor+) Cross-Site Scripting in CTA Post
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CTA post functionality in versions up to, and including, 9.88.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vk-all-in-one-expansion-unit/"
     google-query: inurl:"/wp-content/plugins/vk-all-in-one-expansion-unit/"
     shodan-query: 'vuln:CVE-2023-28367'
-  tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,medium
+  tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2841-4a9af0a7a0f9267c64d43cbcc0f6e60e.yaml b/nuclei-templates/2023/CVE-2023-2841-4a9af0a7a0f9267c64d43cbcc0f6e60e.yaml
index 0040bc69a7..2c89b7afdf 100644
--- a/nuclei-templates/2023/CVE-2023-2841-4a9af0a7a0f9267c64d43cbcc0f6e60e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2841-4a9af0a7a0f9267c64d43cbcc0f6e60e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Local Pickup for WooCommerce <= 1.5.5 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-local-pickup-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-local-pickup-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-2841'
-  tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28414-da0d789e3ff0c2c8ea9e944c14348b70.yaml b/nuclei-templates/2023/CVE-2023-28414-da0d789e3ff0c2c8ea9e944c14348b70.yaml
index 73ad1df9bd..a21b21fcb6 100644
--- a/nuclei-templates/2023/CVE-2023-28414-da0d789e3ff0c2c8ea9e944c14348b70.yaml
+++ b/nuclei-templates/2023/CVE-2023-28414-da0d789e3ff0c2c8ea9e944c14348b70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ApexChat <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ApexChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/apexchat/"
     google-query: inurl:"/wp-content/plugins/apexchat/"
     shodan-query: 'vuln:CVE-2023-28414'
-  tags: cve,wordpress,wp-plugin,apexchat,medium
+  tags: cve,wordpress,wp-plugin,apexchat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28415-d432100581e1c6943b259719e2daead5.yaml b/nuclei-templates/2023/CVE-2023-28415-d432100581e1c6943b259719e2daead5.yaml
index f6f00a4653..c19150101a 100644
--- a/nuclei-templates/2023/CVE-2023-28415-d432100581e1c6943b259719e2daead5.yaml
+++ b/nuclei-templates/2023/CVE-2023-28415-d432100581e1c6943b259719e2daead5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Side Cart Woocommerce (Ajax) <= 2.2 Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Side Cart Woocommerce (Ajax) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/side-cart-woocommerce/"
     google-query: inurl:"/wp-content/plugins/side-cart-woocommerce/"
     shodan-query: 'vuln:CVE-2023-28415'
-  tags: cve,wordpress,wp-plugin,side-cart-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,side-cart-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28416-cf02434258a49a4a00aa24a96c05817d.yaml b/nuclei-templates/2023/CVE-2023-28416-cf02434258a49a4a00aa24a96c05817d.yaml
index 216bdbab0a..4c9a6cfb17 100644
--- a/nuclei-templates/2023/CVE-2023-28416-cf02434258a49a4a00aa24a96c05817d.yaml
+++ b/nuclei-templates/2023/CVE-2023-28416-cf02434258a49a4a00aa24a96c05817d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chankhe <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chankhe theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate_plugin function called via the wp_ajax_chankhe_activate_plugin AJAX action in versions up to, and including, 1.0.5. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/chankhe/"
     google-query: inurl:"/wp-content/themes/chankhe/"
     shodan-query: 'vuln:CVE-2023-28416'
-  tags: cve,wordpress,wp-theme,chankhe,medium
+  tags: cve,wordpress,wp-theme,chankhe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28417-9d49312a2bc1a33dff873907673334c5.yaml b/nuclei-templates/2023/CVE-2023-28417-9d49312a2bc1a33dff873907673334c5.yaml
index cbc4bc005e..575dfbda47 100644
--- a/nuclei-templates/2023/CVE-2023-28417-9d49312a2bc1a33dff873907673334c5.yaml
+++ b/nuclei-templates/2023/CVE-2023-28417-9d49312a2bc1a33dff873907673334c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dynamics 365 Integration <= 1.3.12 - Missing Authorization via wp_ajax_wpcrm_log & wp_ajax_wpcrm_log_verbosity
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Dynamics 365 Integration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_wpcrm_log & wp_ajax_wpcrm_log_verbosity functions in versions up to, and including, 1.3.12. This makes it possible for authenticated attackers with subscriber-level access, and above, to download log files and change log verbosity.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integration-dynamics/"
     google-query: inurl:"/wp-content/plugins/integration-dynamics/"
     shodan-query: 'vuln:CVE-2023-28417'
-  tags: cve,wordpress,wp-plugin,integration-dynamics,medium
+  tags: cve,wordpress,wp-plugin,integration-dynamics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28422-1e549d9fdcaec4289273d20aedde9604.yaml b/nuclei-templates/2023/CVE-2023-28422-1e549d9fdcaec4289273d20aedde9604.yaml
index 7efe6fa43d..7b117d7603 100644
--- a/nuclei-templates/2023/CVE-2023-28422-1e549d9fdcaec4289273d20aedde9604.yaml
+++ b/nuclei-templates/2023/CVE-2023-28422-1e549d9fdcaec4289273d20aedde9604.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Manager for WooCommerce <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mep_get_option' function
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Event Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mep_get_option' function in versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mage-eventpress/"
     google-query: inurl:"/wp-content/plugins/mage-eventpress/"
     shodan-query: 'vuln:CVE-2023-28422'
-  tags: cve,wordpress,wp-plugin,mage-eventpress,medium
+  tags: cve,wordpress,wp-plugin,mage-eventpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28423-81c4580372e23b6ce41423bd5b13253e.yaml b/nuclei-templates/2023/CVE-2023-28423-81c4580372e23b6ce41423bd5b13253e.yaml
index ee11085895..a14f8d240d 100644
--- a/nuclei-templates/2023/CVE-2023-28423-81c4580372e23b6ce41423bd5b13253e.yaml
+++ b/nuclei-templates/2023/CVE-2023-28423-81c4580372e23b6ce41423bd5b13253e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Footnotes <= 1.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-footnotes/"
     google-query: inurl:"/wp-content/plugins/modern-footnotes/"
     shodan-query: 'vuln:CVE-2023-28423'
-  tags: cve,wordpress,wp-plugin,modern-footnotes,medium
+  tags: cve,wordpress,wp-plugin,modern-footnotes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2843-194154b98ea167d5243ca3bc6185dc5f.yaml b/nuclei-templates/2023/CVE-2023-2843-194154b98ea167d5243ca3bc6185dc5f.yaml
index ba634b886a..fa91642ac4 100644
--- a/nuclei-templates/2023/CVE-2023-2843-194154b98ea167d5243ca3bc6185dc5f.yaml
+++ b/nuclei-templates/2023/CVE-2023-2843-194154b98ea167d5243ca3bc6185dc5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MultiParcels Shipping For WooCommerce <= 1.14.12 - Authenticated(Subscriber+) SQL Injection via id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MultiParcels Shipping plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in versions up to, and including, 1.14.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. While the issue was patched in 1.14.13, a patch more in line with best practices was implemented in 1.14.15.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multiparcels-shipping-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/multiparcels-shipping-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-2843'
-  tags: cve,wordpress,wp-plugin,multiparcels-shipping-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,multiparcels-shipping-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28491-a6e5defdd0b61862c997e167d9ee2576.yaml b/nuclei-templates/2023/CVE-2023-28491-a6e5defdd0b61862c997e167d9ee2576.yaml
index 688ada2c6f..e08a74a9a7 100644
--- a/nuclei-templates/2023/CVE-2023-28491-a6e5defdd0b61862c997e167d9ee2576.yaml
+++ b/nuclei-templates/2023/CVE-2023-28491-a6e5defdd0b61862c997e167d9ee2576.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow Gallery LITE <= 1.7.6 - Authenticated(Admin+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slideshow Gallery LITE plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level capabilities to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-gallery/"
     shodan-query: 'vuln:CVE-2023-28491'
-  tags: cve,wordpress,wp-plugin,slideshow-gallery,medium
+  tags: cve,wordpress,wp-plugin,slideshow-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28492-7f3bbc96f4be604cf6114ca81b08ca3f.yaml b/nuclei-templates/2023/CVE-2023-28492-7f3bbc96f4be604cf6114ca81b08ca3f.yaml
index 2311f8a9e1..f1a0d46555 100644
--- a/nuclei-templates/2023/CVE-2023-28492-7f3bbc96f4be604cf6114ca81b08ca3f.yaml
+++ b/nuclei-templates/2023/CVE-2023-28492-7f3bbc96f4be604cf6114ca81b08ca3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CP Multi View Event Calendar  <= 1.4.10 - Missing Authentication leading to Authenticated (Subscriber+) Private Form Submission
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CP Multi View Event Calendar plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cpmvec_feedback function in versions up to, and including, 1.4.10. This makes it possible for subscriber-level attackers to submit 'deactivation feedback' forms to the plugin author without permissions nor with the plugin being deactivated.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-multi-view-calendar/"
     google-query: inurl:"/wp-content/plugins/cp-multi-view-calendar/"
     shodan-query: 'vuln:CVE-2023-28492'
-  tags: cve,wordpress,wp-plugin,cp-multi-view-calendar,medium
+  tags: cve,wordpress,wp-plugin,cp-multi-view-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28494-fa3064d32c24f2074e60835d6d0ebe62.yaml b/nuclei-templates/2023/CVE-2023-28494-fa3064d32c24f2074e60835d6d0ebe62.yaml
index 78cae7179f..956c4f2f95 100644
--- a/nuclei-templates/2023/CVE-2023-28494-fa3064d32c24f2074e60835d6d0ebe62.yaml
+++ b/nuclei-templates/2023/CVE-2023-28494-fa3064d32c24f2074e60835d6d0ebe62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Email <= 1.3.31 - Missing Authorization to Feedback Submission
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form Email for WordPress is vulnerable to unauthorized feedback submission due to a missing capability check on the cpcfte_feedback function in versions up to, and including, 1.3.31. This makes it possible for subscriber-level attackers to submit plugin feedback on the site owner's behalf.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-email/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-email/"
     shodan-query: 'vuln:CVE-2023-28494'
-  tags: cve,wordpress,wp-plugin,contact-form-to-email,medium
+  tags: cve,wordpress,wp-plugin,contact-form-to-email,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28496-702ceb7e56323b84fbe97e278b8eb74c.yaml b/nuclei-templates/2023/CVE-2023-28496-702ceb7e56323b84fbe97e278b8eb74c.yaml
index c63b58ab4d..31a911ea34 100644
--- a/nuclei-templates/2023/CVE-2023-28496-702ceb7e56323b84fbe97e278b8eb74c.yaml
+++ b/nuclei-templates/2023/CVE-2023-28496-702ceb7e56323b84fbe97e278b8eb74c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SMTP2GO <= 1.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SMTP2GO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘[function_or_param]’ parameter in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smtp2go/"
     google-query: inurl:"/wp-content/plugins/smtp2go/"
     shodan-query: 'vuln:CVE-2023-28496'
-  tags: cve,wordpress,wp-plugin,smtp2go,medium
+  tags: cve,wordpress,wp-plugin,smtp2go,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28499-96440e1a43df69d4a2a108bd78a1d55e.yaml b/nuclei-templates/2023/CVE-2023-28499-96440e1a43df69d4a2a108bd78a1d55e.yaml
index 853f3b18be..fce756aecc 100644
--- a/nuclei-templates/2023/CVE-2023-28499-96440e1a43df69d4a2a108bd78a1d55e.yaml
+++ b/nuclei-templates/2023/CVE-2023-28499-96440e1a43df69d4a2a108bd78a1d55e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slide Anything <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slide Anything plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slide-anything/"
     google-query: inurl:"/wp-content/plugins/slide-anything/"
     shodan-query: 'vuln:CVE-2023-28499'
-  tags: cve,wordpress,wp-plugin,slide-anything,medium
+  tags: cve,wordpress,wp-plugin,slide-anything,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28532-0c8164317d8680b32c0889f7b19b5e0b.yaml b/nuclei-templates/2023/CVE-2023-28532-0c8164317d8680b32c0889f7b19b5e0b.yaml
index 74c5287a0c..eb5386563d 100644
--- a/nuclei-templates/2023/CVE-2023-28532-0c8164317d8680b32c0889f7b19b5e0b.yaml
+++ b/nuclei-templates/2023/CVE-2023-28532-0c8164317d8680b32c0889f7b19b5e0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Estate Directory <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Real Estate Directory themes for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rdm_activate_plugin function in versions up to, and including, 1.0.4. This makes it possible for authenticated attackers with subscriber-level permissions and above to activate arbitrary plugins on a vulnerable site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/real-estate-directory/"
     google-query: inurl:"/wp-content/themes/real-estate-directory/"
     shodan-query: 'vuln:CVE-2023-28532'
-  tags: cve,wordpress,wp-theme,real-estate-directory,medium
+  tags: cve,wordpress,wp-theme,real-estate-directory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28533-e859444e797e41b8d664b82e23a899ba.yaml b/nuclei-templates/2023/CVE-2023-28533-e859444e797e41b8d664b82e23a899ba.yaml
index be35c2192e..35fbff835d 100644
--- a/nuclei-templates/2023/CVE-2023-28533-e859444e797e41b8d664b82e23a899ba.yaml
+++ b/nuclei-templates/2023/CVE-2023-28533-e859444e797e41b8d664b82e23a899ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cab Grid <= 1.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cab Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cab-grid/"
     google-query: inurl:"/wp-content/plugins/cab-grid/"
     shodan-query: 'vuln:CVE-2023-28533'
-  tags: cve,wordpress,wp-plugin,cab-grid,medium
+  tags: cve,wordpress,wp-plugin,cab-grid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28534-f2a0a0a17a439c3fab0b66d207898f19.yaml b/nuclei-templates/2023/CVE-2023-28534-f2a0a0a17a439c3fab0b66d207898f19.yaml
index d384fcaf60..b1011553a0 100644
--- a/nuclei-templates/2023/CVE-2023-28534-f2a0a0a17a439c3fab0b66d207898f19.yaml
+++ b/nuclei-templates/2023/CVE-2023-28534-f2a0a0a17a439c3fab0b66d207898f19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-job-portal/"
     google-query: inurl:"/wp-content/plugins/wp-job-portal/"
     shodan-query: 'vuln:CVE-2023-28534'
-  tags: cve,wordpress,wp-plugin,wp-job-portal,medium
+  tags: cve,wordpress,wp-plugin,wp-job-portal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28535-7e792191472cdad1fee49805adc5397c.yaml b/nuclei-templates/2023/CVE-2023-28535-7e792191472cdad1fee49805adc5397c.yaml
index db7e778a15..76652cc98d 100644
--- a/nuclei-templates/2023/CVE-2023-28535-7e792191472cdad1fee49805adc5397c.yaml
+++ b/nuclei-templates/2023/CVE-2023-28535-7e792191472cdad1fee49805adc5397c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytm Payment Donation <= 2.2.0 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Paytm Payment Donation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in the initiate_paytmCustomFieldSave() function in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers  to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytm-donation/"
     google-query: inurl:"/wp-content/plugins/paytm-donation/"
     shodan-query: 'vuln:CVE-2023-28535'
-  tags: cve,wordpress,wp-plugin,paytm-donation,high
+  tags: cve,wordpress,wp-plugin,paytm-donation,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28536-296dca83f7d30b213a3d42f8baefd9aa.yaml b/nuclei-templates/2023/CVE-2023-28536-296dca83f7d30b213a3d42f8baefd9aa.yaml
index 1279e272f3..562e0436c8 100644
--- a/nuclei-templates/2023/CVE-2023-28536-296dca83f7d30b213a3d42f8baefd9aa.yaml
+++ b/nuclei-templates/2023/CVE-2023-28536-296dca83f7d30b213a3d42f8baefd9aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Branded Social Images <= 1.1.0 - Missing Authorization leading to Unauthenticated Plugin Settings Updates
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Branded Social Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_post' function in versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to view and change the plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/branded-social-images/"
     google-query: inurl:"/wp-content/plugins/branded-social-images/"
     shodan-query: 'vuln:CVE-2023-28536'
-  tags: cve,wordpress,wp-plugin,branded-social-images,medium
+  tags: cve,wordpress,wp-plugin,branded-social-images,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28619-87e4105fcd662623c87dc5371d2bcde2.yaml b/nuclei-templates/2023/CVE-2023-28619-87e4105fcd662623c87dc5371d2bcde2.yaml
index 521e587b0d..5fe85f2869 100644
--- a/nuclei-templates/2023/CVE-2023-28619-87e4105fcd662623c87dc5371d2bcde2.yaml
+++ b/nuclei-templates/2023/CVE-2023-28619-87e4105fcd662623c87dc5371d2bcde2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Resoto <= 1.0.8 - Missing Authorization leading to Authenticated (Subscriber+) Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Resoto theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_plugin' function in versions up to, and including, 1.0.8. This makes it possible for authenticated attackers with subscriber-level access, and above, to use an ajax endpoint to activate an arbitrary plugin and hide the notice.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/resoto/"
     google-query: inurl:"/wp-content/themes/resoto/"
     shodan-query: 'vuln:CVE-2023-28619'
-  tags: cve,wordpress,wp-theme,resoto,medium
+  tags: cve,wordpress,wp-theme,resoto,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28620-589eb0de3c09a1f6b4b85bf3ecf20784.yaml b/nuclei-templates/2023/CVE-2023-28620-589eb0de3c09a1f6b4b85bf3ecf20784.yaml
index d797f31c8d..68c3818d40 100644
--- a/nuclei-templates/2023/CVE-2023-28620-589eb0de3c09a1f6b4b85bf3ecf20784.yaml
+++ b/nuclei-templates/2023/CVE-2023-28620-589eb0de3c09a1f6b4b85bf3ecf20784.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cyberus Key <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'uid' in 'cyberkey_settings' Plugin Setting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cyberus Key plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'uid' in 'cyberkey_settings' plugin setting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cyberus-key/"
     google-query: inurl:"/wp-content/plugins/cyberus-key/"
     shodan-query: 'vuln:CVE-2023-28620'
-  tags: cve,wordpress,wp-plugin,cyberus-key,medium
+  tags: cve,wordpress,wp-plugin,cyberus-key,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28621-a81a5bf9125eeee92e00bfdaa83c90ee.yaml b/nuclei-templates/2023/CVE-2023-28621-a81a5bf9125eeee92e00bfdaa83c90ee.yaml
index 5438215d13..d78df34bae 100644
--- a/nuclei-templates/2023/CVE-2023-28621-a81a5bf9125eeee92e00bfdaa83c90ee.yaml
+++ b/nuclei-templates/2023/CVE-2023-28621-a81a5bf9125eeee92e00bfdaa83c90ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wishful Blog <= 2.0.1 & Raise Mag <= 1.0.7 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wishful Blog theme, versions up to and including 2.0.1, and Raise Mag theme, versions up to and including 1.0.7, for WordPress are vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-28621
   metadata:
-    fofa-query: "wp-content/themes/raise-mag/"
-    google-query: inurl:"/wp-content/themes/raise-mag/"
+    fofa-query: "wp-content/themes/wishful-blog/"
+    google-query: inurl:"/wp-content/themes/wishful-blog/"
     shodan-query: 'vuln:CVE-2023-28621'
-  tags: cve,wordpress,wp-theme,raise-mag,medium
+  tags: cve,wordpress,wp-theme,wishful-blog,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/raise-mag/style.css"
+      - "{{BaseURL}}/wp-content/themes/wishful-blog/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "raise-mag"
+          - "wishful-blog"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.0.7')
\ No newline at end of file
+          - compare_versions(version, '<= 2.0.1')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-28622-97f7a332ae5645762ec8464bbe228dfc.yaml b/nuclei-templates/2023/CVE-2023-28622-97f7a332ae5645762ec8464bbe228dfc.yaml
index e1447f2a25..b97e1642b5 100644
--- a/nuclei-templates/2023/CVE-2023-28622-97f7a332ae5645762ec8464bbe228dfc.yaml
+++ b/nuclei-templates/2023/CVE-2023-28622-97f7a332ae5645762ec8464bbe228dfc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Slider Revolution <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via esrcpt_slider_allow_iframes_filter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘esrcpt_slider_allow_iframes_filter' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to use iframes to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-slider-revolution/"
     google-query: inurl:"/wp-content/plugins/easy-slider-revolution/"
     shodan-query: 'vuln:CVE-2023-28622'
-  tags: cve,wordpress,wp-plugin,easy-slider-revolution,medium
+  tags: cve,wordpress,wp-plugin,easy-slider-revolution,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28659-e15e05d52edf8dfda475d35365b1fa33.yaml b/nuclei-templates/2023/CVE-2023-28659-e15e05d52edf8dfda475d35365b1fa33.yaml
index 280bf66a03..66eab45b7f 100644
--- a/nuclei-templates/2023/CVE-2023-28659-e15e05d52edf8dfda475d35365b1fa33.yaml
+++ b/nuclei-templates/2023/CVE-2023-28659-e15e05d52edf8dfda475d35365b1fa33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Waiting: One-click countdowns <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'pbc_down[meta][id]'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Waiting: One-click countdowns plugin for WordPress is vulnerable to time-based SQL Injection via the ‘pbc_down[meta][id]’ parameter of the pbc_save_downs AJAX action in versions up to, and including, 0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/waiting/"
     google-query: inurl:"/wp-content/plugins/waiting/"
     shodan-query: 'vuln:CVE-2023-28659'
-  tags: cve,wordpress,wp-plugin,waiting,high
+  tags: cve,wordpress,wp-plugin,waiting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28660-6f97964629a2d8890727a9938703cfc3.yaml b/nuclei-templates/2023/CVE-2023-28660-6f97964629a2d8890727a9938703cfc3.yaml
index e8b057dbde..4cdc4b7dea 100644
--- a/nuclei-templates/2023/CVE-2023-28660-6f97964629a2d8890727a9938703cfc3.yaml
+++ b/nuclei-templates/2023/CVE-2023-28660-6f97964629a2d8890727a9938703cfc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Made Easy <= 2.3.14 - Authenticated (Subscriber+) SQL Injection via 'search_name'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Events Made Easy plugin for WordPress is vulnerable to a time-based SQL Injection via the 'search_name' parameter of the eme_recurrences_list AJAX action in versions up to, and including, 2.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-made-easy/"
     google-query: inurl:"/wp-content/plugins/events-made-easy/"
     shodan-query: 'vuln:CVE-2023-28660'
-  tags: cve,wordpress,wp-plugin,events-made-easy,high
+  tags: cve,wordpress,wp-plugin,events-made-easy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28661-92d1ed4c27e6f1a39ae5c39770d54c23.yaml b/nuclei-templates/2023/CVE-2023-28661-92d1ed4c27e6f1a39ae5c39770d54c23.yaml
index e6fa2d8c2a..1272cb6696 100644
--- a/nuclei-templates/2023/CVE-2023-28661-92d1ed4c27e6f1a39ae5c39770d54c23.yaml
+++ b/nuclei-templates/2023/CVE-2023-28661-92d1ed4c27e6f1a39ae5c39770d54c23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection via 'value'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Popup Banners plugin for WordPress is vulnerable to a time-based SQL Injection via the 'value' parameter of the get_popup_data AJAX action in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-popup-banners/"
     google-query: inurl:"/wp-content/plugins/wp-popup-banners/"
     shodan-query: 'vuln:CVE-2023-28661'
-  tags: cve,wordpress,wp-plugin,wp-popup-banners,high
+  tags: cve,wordpress,wp-plugin,wp-popup-banners,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28663-f2bfced9bfd91f1f83f4f10d9e2a4e2c.yaml b/nuclei-templates/2023/CVE-2023-28663-f2bfced9bfd91f1f83f4f10d9e2a4e2c.yaml
index 87993a5366..147d7890f5 100644
--- a/nuclei-templates/2023/CVE-2023-28663-f2bfced9bfd91f1f83f4f10d9e2a4e2c.yaml
+++ b/nuclei-templates/2023/CVE-2023-28663-f2bfced9bfd91f1f83f4f10d9e2a4e2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable PRO2PDF <= 3.09 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Formidable PRO2PDF plugin for WordPress is vulnerable to SQL Injection via several parameters in versions up to, and including, 3.09 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidablepro-2-pdf/"
     google-query: inurl:"/wp-content/plugins/formidablepro-2-pdf/"
     shodan-query: 'vuln:CVE-2023-28663'
-  tags: cve,wordpress,wp-plugin,formidablepro-2-pdf,high
+  tags: cve,wordpress,wp-plugin,formidablepro-2-pdf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28664-6028fbb33888953a639d7f4fdb105b84.yaml b/nuclei-templates/2023/CVE-2023-28664-6028fbb33888953a639d7f4fdb105b84.yaml
index df3fa76df9..9a7cee50bb 100644
--- a/nuclei-templates/2023/CVE-2023-28664-6028fbb33888953a639d7f4fdb105b84.yaml
+++ b/nuclei-templates/2023/CVE-2023-28664-6028fbb33888953a639d7f4fdb105b84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MDTF – Meta Data and Taxonomies Filter <= 1.3.0.1 - Relected Cross-Site Scripting via 'tax_name'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tax_name’ parameter of the mdf_get_tax_options_in_widget AJAX action in versions up to, and including, 1.3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     shodan-query: 'vuln:CVE-2023-28664'
-  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28687-3f03bc4b4b5619e488422c5b9dbcc730.yaml b/nuclei-templates/2023/CVE-2023-28687-3f03bc4b4b5619e488422c5b9dbcc730.yaml
index 5b64caad13..4443745566 100644
--- a/nuclei-templates/2023/CVE-2023-28687-3f03bc4b4b5619e488422c5b9dbcc730.yaml
+++ b/nuclei-templates/2023/CVE-2023-28687-3f03bc4b4b5619e488422c5b9dbcc730.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cream Blog, Fascinate, Glaze Blog Lite, & Everest News (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cream Blog theme for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-28687
   metadata:
-    fofa-query: "wp-content/themes/everest-news/"
-    google-query: inurl:"/wp-content/themes/everest-news/"
+    fofa-query: "wp-content/themes/fascinate/"
+    google-query: inurl:"/wp-content/themes/fascinate/"
     shodan-query: 'vuln:CVE-2023-28687'
-  tags: cve,wordpress,wp-theme,everest-news,medium
+  tags: cve,wordpress,wp-theme,fascinate,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/everest-news/style.css"
+      - "{{BaseURL}}/wp-content/themes/fascinate/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "everest-news"
+          - "fascinate"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= *')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.8')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-28689-1f7578af7b08d6f0682dfe557a69cb45.yaml b/nuclei-templates/2023/CVE-2023-28689-1f7578af7b08d6f0682dfe557a69cb45.yaml
index 0e9383503e..06c11459d1 100644
--- a/nuclei-templates/2023/CVE-2023-28689-1f7578af7b08d6f0682dfe557a69cb45.yaml
+++ b/nuclei-templates/2023/CVE-2023-28689-1f7578af7b08d6f0682dfe557a69cb45.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Job Manager <= 2.0.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JS Job Manager plugin for WordPress is vulnerable to unauthorized access to plugin functionality due to missing capability checks on several functions called via AJAX actions in versions up to, and including, 2.0.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to make use of much of the plugin's functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-jobs/"
     google-query: inurl:"/wp-content/plugins/js-jobs/"
     shodan-query: 'vuln:CVE-2023-28689'
-  tags: cve,wordpress,wp-plugin,js-jobs,medium
+  tags: cve,wordpress,wp-plugin,js-jobs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2869-dcbc79daa691cad653de67a9ff1a5707.yaml b/nuclei-templates/2023/CVE-2023-2869-dcbc79daa691cad653de67a9ff1a5707.yaml
index b53aeb54fd..4526e660f6 100644
--- a/nuclei-templates/2023/CVE-2023-2869-dcbc79daa691cad653de67a9ff1a5707.yaml
+++ b/nuclei-templates/2023/CVE-2023-2869-dcbc79daa691cad653de67a9ff1a5707.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-members/"
     google-query: inurl:"/wp-content/plugins/wp-members/"
     shodan-query: 'vuln:CVE-2023-2869'
-  tags: cve,wordpress,wp-plugin,wp-members,medium
+  tags: cve,wordpress,wp-plugin,wp-members,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28690-1bed895aa03e840b8e1fbdc433b64dc4.yaml b/nuclei-templates/2023/CVE-2023-28690-1bed895aa03e840b8e1fbdc433b64dc4.yaml
index f18caa7053..128c6d73c0 100644
--- a/nuclei-templates/2023/CVE-2023-28690-1bed895aa03e840b8e1fbdc433b64dc4.yaml
+++ b/nuclei-templates/2023/CVE-2023-28690-1bed895aa03e840b8e1fbdc433b64dc4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP BrowserUpdate <= 4.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP BrowserUpdate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the multiple parameters in versions up to, and including, 4.5 due to insufficient input sanitization and output escaping. Combined with a Cross-Site Request Forgery vulnerability in versions <= 4.4.1, this makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute if they can successfully trick a user into performing an action such as clicking on a link. In version 4.5, this issue is only exploited by authenticated administrative users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-browser-update/"
     google-query: inurl:"/wp-content/plugins/wp-browser-update/"
     shodan-query: 'vuln:CVE-2023-28690'
-  tags: cve,wordpress,wp-plugin,wp-browser-update,medium
+  tags: cve,wordpress,wp-plugin,wp-browser-update,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28692-0f680b0fba849d5d9ea4bc12dadd3c2e.yaml b/nuclei-templates/2023/CVE-2023-28692-0f680b0fba849d5d9ea4bc12dadd3c2e.yaml
index effb8ecc87..d4cbfda5a1 100644
--- a/nuclei-templates/2023/CVE-2023-28692-0f680b0fba849d5d9ea4bc12dadd3c2e.yaml
+++ b/nuclei-templates/2023/CVE-2023-28692-0f680b0fba849d5d9ea4bc12dadd3c2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Abstracts <= 2.6.2  - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Abstracts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-abstracts-manuscripts-manager/"
     google-query: inurl:"/wp-content/plugins/wp-abstracts-manuscripts-manager/"
     shodan-query: 'vuln:CVE-2023-28692'
-  tags: cve,wordpress,wp-plugin,wp-abstracts-manuscripts-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-abstracts-manuscripts-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28693-843692451d0aaf769ef716bbf02853d2.yaml b/nuclei-templates/2023/CVE-2023-28693-843692451d0aaf769ef716bbf02853d2.yaml
index 0aca35d5ce..c857beccbb 100644
--- a/nuclei-templates/2023/CVE-2023-28693-843692451d0aaf769ef716bbf02853d2.yaml
+++ b/nuclei-templates/2023/CVE-2023-28693-843692451d0aaf769ef716bbf02853d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Youtube Channel Pagination <= 1.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Youtube Channel Pagination plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘youtube_channel_pagination_init’ parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with adminisrtator-level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and is also exploitable via Cross-Site Request Forgery.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-youtube-channel-pagination/"
     google-query: inurl:"/wp-content/plugins/advanced-youtube-channel-pagination/"
     shodan-query: 'vuln:CVE-2023-28693'
-  tags: cve,wordpress,wp-plugin,advanced-youtube-channel-pagination,medium
+  tags: cve,wordpress,wp-plugin,advanced-youtube-channel-pagination,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28695-9d9f04adbd773a74d47487580aa614ff.yaml b/nuclei-templates/2023/CVE-2023-28695-9d9f04adbd773a74d47487580aa614ff.yaml
index 071979bda8..3f6bc6d207 100644
--- a/nuclei-templates/2023/CVE-2023-28695-9d9f04adbd773a74d47487580aa614ff.yaml
+++ b/nuclei-templates/2023/CVE-2023-28695-9d9f04adbd773a74d47487580aa614ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VigilanTor <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VigilanTor  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vitor_realtime_timeout' admin setting in versions up to, and including, 1.3.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vigilantor/"
     google-query: inurl:"/wp-content/plugins/vigilantor/"
     shodan-query: 'vuln:CVE-2023-28695'
-  tags: cve,wordpress,wp-plugin,vigilantor,medium
+  tags: cve,wordpress,wp-plugin,vigilantor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28748-3199c52f1f975758dfffb8998d727e53.yaml b/nuclei-templates/2023/CVE-2023-28748-3199c52f1f975758dfffb8998d727e53.yaml
index 593709166b..87eee27bfc 100644
--- a/nuclei-templates/2023/CVE-2023-28748-3199c52f1f975758dfffb8998d727e53.yaml
+++ b/nuclei-templates/2023/CVE-2023-28748-3199c52f1f975758dfffb8998d727e53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Copy Or Move Comments <= 5.0.4 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Copy Or Move Comments plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/copy-or-move-comments/"
     google-query: inurl:"/wp-content/plugins/copy-or-move-comments/"
     shodan-query: 'vuln:CVE-2023-28748'
-  tags: cve,wordpress,wp-plugin,copy-or-move-comments,high
+  tags: cve,wordpress,wp-plugin,copy-or-move-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28751-60ae23854ab0f767b1c82b0fb6a8dc96.yaml b/nuclei-templates/2023/CVE-2023-28751-60ae23854ab0f767b1c82b0fb6a8dc96.yaml
index 169a8f5328..64c78a128f 100644
--- a/nuclei-templates/2023/CVE-2023-28751-60ae23854ab0f767b1c82b0fb6a8dc96.yaml
+++ b/nuclei-templates/2023/CVE-2023-28751-60ae23854ab0f767b1c82b0fb6a8dc96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp Ultimate Review <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wp Ultimate Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-review/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-review/"
     shodan-query: 'vuln:CVE-2023-28751'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-review,medium
+  tags: cve,wordpress,wp-plugin,wp-ultimate-review,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2877-a29260605777cb6f82b580e66c46fcb9.yaml b/nuclei-templates/2023/CVE-2023-2877-a29260605777cb6f82b580e66c46fcb9.yaml
index 4bd9f11799..297ccb5ca8 100644
--- a/nuclei-templates/2023/CVE-2023-2877-a29260605777cb6f82b580e66c46fcb9.yaml
+++ b/nuclei-templates/2023/CVE-2023-2877-a29260605777cb6f82b580e66c46fcb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Formidable Forms plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the screen_page() and can_install_addon_api() functions in versions up to, and including, 6.3. This makes it possible for authenticated attackers, with minimal permissions such as subscribers to  retrieve a valid token from the welcome page, and then subsequently install and activate arbitrary plugins onto the site utilizing that key. This can easily be leveraged by attackers to achieve remote code execution as they simply need to install another plugin with a vulnerability or functionality that will aid in further exploitation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidable/"
     google-query: inurl:"/wp-content/plugins/formidable/"
     shodan-query: 'vuln:CVE-2023-2877'
-  tags: cve,wordpress,wp-plugin,formidable,medium
+  tags: cve,wordpress,wp-plugin,formidable,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28773-bf1fcb74e30994cb355bab78b549e730.yaml b/nuclei-templates/2023/CVE-2023-28773-bf1fcb74e30994cb355bab78b549e730.yaml
index 4ec9700dee..b7e05646e6 100644
--- a/nuclei-templates/2023/CVE-2023-28773-bf1fcb74e30994cb355bab78b549e730.yaml
+++ b/nuclei-templates/2023/CVE-2023-28773-bf1fcb74e30994cb355bab78b549e730.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Secondary Title <= 2.0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Secondary Title plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/secondary-title/"
     google-query: inurl:"/wp-content/plugins/secondary-title/"
     shodan-query: 'vuln:CVE-2023-28773'
-  tags: cve,wordpress,wp-plugin,secondary-title,medium
+  tags: cve,wordpress,wp-plugin,secondary-title,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28774-f9cb3c789647691d2de33bca14ad9edd.yaml b/nuclei-templates/2023/CVE-2023-28774-f9cb3c789647691d2de33bca14ad9edd.yaml
index 9c147f6d9e..d3cc35a891 100644
--- a/nuclei-templates/2023/CVE-2023-28774-f9cb3c789647691d2de33bca14ad9edd.yaml
+++ b/nuclei-templates/2023/CVE-2023-28774-f9cb3c789647691d2de33bca14ad9edd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Review Stream <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Review Stream plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/review-stream/"
     google-query: inurl:"/wp-content/plugins/review-stream/"
     shodan-query: 'vuln:CVE-2023-28774'
-  tags: cve,wordpress,wp-plugin,review-stream,medium
+  tags: cve,wordpress,wp-plugin,review-stream,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28775-4b1052f9f0f7a36afef9bbca9c94d0af.yaml b/nuclei-templates/2023/CVE-2023-28775-4b1052f9f0f7a36afef9bbca9c94d0af.yaml
index ca27359b27..7b02a7edf2 100644
--- a/nuclei-templates/2023/CVE-2023-28775-4b1052f9f0f7a36afef9bbca9c94d0af.yaml
+++ b/nuclei-templates/2023/CVE-2023-28775-4b1052f9f0f7a36afef9bbca9c94d0af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO Premium <= 20.4 - Missing Authorization to Zapier Key Reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Yoast SEO Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in versions up to, and including, 20.4. This makes it possible for unauthenticated attackers to disconnect a Zapier API Key.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-seo-premium/"
     google-query: inurl:"/wp-content/plugins/wordpress-seo-premium/"
     shodan-query: 'vuln:CVE-2023-28775'
-  tags: cve,wordpress,wp-plugin,wordpress-seo-premium,medium
+  tags: cve,wordpress,wp-plugin,wordpress-seo-premium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28778-fd43c9edc7bf436e03f5d59fcc9642f0.yaml b/nuclei-templates/2023/CVE-2023-28778-fd43c9edc7bf436e03f5d59fcc9642f0.yaml
index d9de9c2551..897a5f8e04 100644
--- a/nuclei-templates/2023/CVE-2023-28778-fd43c9edc7bf436e03f5d59fcc9642f0.yaml
+++ b/nuclei-templates/2023/CVE-2023-28778-fd43c9edc7bf436e03f5d59fcc9642f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pagination by BestWebSoft <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pagination by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagination/"
     google-query: inurl:"/wp-content/plugins/pagination/"
     shodan-query: 'vuln:CVE-2023-28778'
-  tags: cve,wordpress,wp-plugin,pagination,medium
+  tags: cve,wordpress,wp-plugin,pagination,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28783-45a6c5ecbb4131cfd2ebe25ca43d9a26.yaml b/nuclei-templates/2023/CVE-2023-28783-45a6c5ecbb4131cfd2ebe25ca43d9a26.yaml
index 4f39463ab8..220812aee1 100644
--- a/nuclei-templates/2023/CVE-2023-28783-45a6c5ecbb4131cfd2ebe25ca43d9a26.yaml
+++ b/nuclei-templates/2023/CVE-2023-28783-45a6c5ecbb4131cfd2ebe25ca43d9a26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woocommerce Tip/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Woocommerce Tip/Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-tipdonation/"
     google-query: inurl:"/wp-content/plugins/woo-tipdonation/"
     shodan-query: 'vuln:CVE-2023-28783'
-  tags: cve,wordpress,wp-plugin,woo-tipdonation,medium
+  tags: cve,wordpress,wp-plugin,woo-tipdonation,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28785-6f2bfa44316597918db6902f22101641.yaml b/nuclei-templates/2023/CVE-2023-28785-6f2bfa44316597918db6902f22101641.yaml
index c72f3a8cfa..47b8a8cae3 100644
--- a/nuclei-templates/2023/CVE-2023-28785-6f2bfa44316597918db6902f22101641.yaml
+++ b/nuclei-templates/2023/CVE-2023-28785-6f2bfa44316597918db6902f22101641.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO: Local <= 14.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yoast SEO: Local plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 14.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpseo-local/"
     google-query: inurl:"/wp-content/plugins/wpseo-local/"
     shodan-query: 'vuln:CVE-2023-28785'
-  tags: cve,wordpress,wp-plugin,wpseo-local,medium
+  tags: cve,wordpress,wp-plugin,wpseo-local,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28788-fb290f4001663ab9b3572ec6c32d0eb5.yaml b/nuclei-templates/2023/CVE-2023-28788-fb290f4001663ab9b3572ec6c32d0eb5.yaml
index 57386215b8..3352961382 100644
--- a/nuclei-templates/2023/CVE-2023-28788-fb290f4001663ab9b3572ec6c32d0eb5.yaml
+++ b/nuclei-templates/2023/CVE-2023-28788-fb290f4001663ab9b3572ec6c32d0eb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Page Visit Counter <= 6.4.2 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Advanced Page Visit Counter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-page-visit-counter/"
     google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/"
     shodan-query: 'vuln:CVE-2023-28788'
-  tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,high
+  tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28790-f7b0dea7fdc53cc395c11a147701c107.yaml b/nuclei-templates/2023/CVE-2023-28790-f7b0dea7fdc53cc395c11a147701c107.yaml
index 9a8128265e..98cde88d65 100644
--- a/nuclei-templates/2023/CVE-2023-28790-f7b0dea7fdc53cc395c11a147701c107.yaml
+++ b/nuclei-templates/2023/CVE-2023-28790-f7b0dea7fdc53cc395c11a147701c107.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Staff List <= 2.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Staff List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post editor settings in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-staff-list/"
     google-query: inurl:"/wp-content/plugins/simple-staff-list/"
     shodan-query: 'vuln:CVE-2023-28790'
-  tags: cve,wordpress,wp-plugin,simple-staff-list,medium
+  tags: cve,wordpress,wp-plugin,simple-staff-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28931-77f1b741caca90f6e233d10f62410685.yaml b/nuclei-templates/2023/CVE-2023-28931-77f1b741caca90f6e233d10f62410685.yaml
index 733573a803..90cb3d2758 100644
--- a/nuclei-templates/2023/CVE-2023-28931-77f1b741caca90f6e233d10f62410685.yaml
+++ b/nuclei-templates/2023/CVE-2023-28931-77f1b741caca90f6e233d10f62410685.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Connector <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-connector/"
     google-query: inurl:"/wp-content/plugins/post-connector/"
     shodan-query: 'vuln:CVE-2023-28931'
-  tags: cve,wordpress,wp-plugin,post-connector,medium
+  tags: cve,wordpress,wp-plugin,post-connector,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28932-f7b23b7f219bdfa01165ca96135e1423.yaml b/nuclei-templates/2023/CVE-2023-28932-f7b23b7f219bdfa01165ca96135e1423.yaml
index 45f8fc7881..73eac5a1b3 100644
--- a/nuclei-templates/2023/CVE-2023-28932-f7b23b7f219bdfa01165ca96135e1423.yaml
+++ b/nuclei-templates/2023/CVE-2023-28932-f7b23b7f219bdfa01165ca96135e1423.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPMobile.App <= 11.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPMobile.App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $_POST['wpappninja']['app']['name'] parameter in versions up to, and including, 11.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers ,with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpappninja/"
     google-query: inurl:"/wp-content/plugins/wpappninja/"
     shodan-query: 'vuln:CVE-2023-28932'
-  tags: cve,wordpress,wp-plugin,wpappninja,medium
+  tags: cve,wordpress,wp-plugin,wpappninja,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28933-a26164aedf80b474ee438ebcd8be6953.yaml b/nuclei-templates/2023/CVE-2023-28933-a26164aedf80b474ee438ebcd8be6953.yaml
index 7b846df49c..348596b231 100644
--- a/nuclei-templates/2023/CVE-2023-28933-a26164aedf80b474ee438ebcd8be6953.yaml
+++ b/nuclei-templates/2023/CVE-2023-28933-a26164aedf80b474ee438ebcd8be6953.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Call Now Accessibility Button <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Call Now Accessibility Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. Note that this vulnerability also appears to have been assigned CVE ID 2023-2028.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accessibility-help-button/"
     google-query: inurl:"/wp-content/plugins/accessibility-help-button/"
     shodan-query: 'vuln:CVE-2023-28933'
-  tags: cve,wordpress,wp-plugin,accessibility-help-button,medium
+  tags: cve,wordpress,wp-plugin,accessibility-help-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28934-c18b0aa1f2de13dec1ee3b9448c0e5ba.yaml b/nuclei-templates/2023/CVE-2023-28934-c18b0aa1f2de13dec1ee3b9448c0e5ba.yaml
index baec6c3b38..30865a16d2 100644
--- a/nuclei-templates/2023/CVE-2023-28934-c18b0aa1f2de13dec1ee3b9448c0e5ba.yaml
+++ b/nuclei-templates/2023/CVE-2023-28934-c18b0aa1f2de13dec1ee3b9448c0e5ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Full Stripe Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-full-stripe-free/"
     google-query: inurl:"/wp-content/plugins/wp-full-stripe-free/"
     shodan-query: 'vuln:CVE-2023-28934'
-  tags: cve,wordpress,wp-plugin,wp-full-stripe-free,medium
+  tags: cve,wordpress,wp-plugin,wp-full-stripe-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28988-1f532de1970706b80de4de5a54d3380e.yaml b/nuclei-templates/2023/CVE-2023-28988-1f532de1970706b80de4de5a54d3380e.yaml
index 87bab1a76e..ef61637be7 100644
--- a/nuclei-templates/2023/CVE-2023-28988-1f532de1970706b80de4de5a54d3380e.yaml
+++ b/nuclei-templates/2023/CVE-2023-28988-1f532de1970706b80de4de5a54d3380e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Direct checkout, Add to cart redirect for Woocommerce <= 2.1.48 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Direct checkout, Add to cart redirect for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 2.1.48 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-to-cart-direct-checkout-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/add-to-cart-direct-checkout-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-28988'
-  tags: cve,wordpress,wp-plugin,add-to-cart-direct-checkout-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,add-to-cart-direct-checkout-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2899-5a9c8ffeceece98dba6df9f5a0d59a78.yaml b/nuclei-templates/2023/CVE-2023-2899-5a9c8ffeceece98dba6df9f5a0d59a78.yaml
index a8eab921a5..5d4b47bbbd 100644
--- a/nuclei-templates/2023/CVE-2023-2899-5a9c8ffeceece98dba6df9f5a0d59a78.yaml
+++ b/nuclei-templates/2023/CVE-2023-2899-5a9c8ffeceece98dba6df9f5a0d59a78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Map Shortcode <= 3.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Map Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-map-shortcode/"
     google-query: inurl:"/wp-content/plugins/google-map-shortcode/"
     shodan-query: 'vuln:CVE-2023-2899'
-  tags: cve,wordpress,wp-plugin,google-map-shortcode,medium
+  tags: cve,wordpress,wp-plugin,google-map-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28990-800d496f51d819e5732256fbd162712b.yaml b/nuclei-templates/2023/CVE-2023-28990-800d496f51d819e5732256fbd162712b.yaml
index c71a36f577..3c384328d5 100644
--- a/nuclei-templates/2023/CVE-2023-28990-800d496f51d819e5732256fbd162712b.yaml
+++ b/nuclei-templates/2023/CVE-2023-28990-800d496f51d819e5732256fbd162712b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Viral Mag <= 1.0.9 - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Viral Mag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate_plugin() function in versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/viral-mag/"
     google-query: inurl:"/wp-content/themes/viral-mag/"
     shodan-query: 'vuln:CVE-2023-28990'
-  tags: cve,wordpress,wp-theme,viral-mag,medium
+  tags: cve,wordpress,wp-theme,viral-mag,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-28991-79edec65d658aad88495c54f54d3669a.yaml b/nuclei-templates/2023/CVE-2023-28991-79edec65d658aad88495c54f54d3669a.yaml
index aade4d6e55..3951045cf5 100644
--- a/nuclei-templates/2023/CVE-2023-28991-79edec65d658aad88495c54f54d3669a.yaml
+++ b/nuclei-templates/2023/CVE-2023-28991-79edec65d658aad88495c54f54d3669a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order date time for WooCommerce <= 3.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Order date time for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers ,with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pi-woocommerce-order-date-time-and-type/"
     google-query: inurl:"/wp-content/plugins/pi-woocommerce-order-date-time-and-type/"
     shodan-query: 'vuln:CVE-2023-28991'
-  tags: cve,wordpress,wp-plugin,pi-woocommerce-order-date-time-and-type,medium
+  tags: cve,wordpress,wp-plugin,pi-woocommerce-order-date-time-and-type,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29093-216a466c53c0f9dbd8311fa0afa66753.yaml b/nuclei-templates/2023/CVE-2023-29093-216a466c53c0f9dbd8311fa0afa66753.yaml
index 63e014ef71..c78f9d676c 100644
--- a/nuclei-templates/2023/CVE-2023-29093-216a466c53c0f9dbd8311fa0afa66753.yaml
+++ b/nuclei-templates/2023/CVE-2023-29093-216a466c53c0f9dbd8311fa0afa66753.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conditional cart fee / Extra charge rule for WooCommerce extra fees <= 1.0.96 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Conditional cart fee / Extra charge rule for WooCommerce extra fees plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.96 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers ,with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/conditional-extra-fees-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/conditional-extra-fees-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-29093'
-  tags: cve,wordpress,wp-plugin,conditional-extra-fees-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,conditional-extra-fees-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29094-16f12614c7a820b2ff0d5295346d446f.yaml b/nuclei-templates/2023/CVE-2023-29094-16f12614c7a820b2ff0d5295346d446f.yaml
index 969ffe8361..4bbecfaf17 100644
--- a/nuclei-templates/2023/CVE-2023-29094-16f12614c7a820b2ff0d5295346d446f.yaml
+++ b/nuclei-templates/2023/CVE-2023-29094-16f12614c7a820b2ff0d5295346d446f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product page shipping calculator for WooCommerce <= 1.3.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product page shipping calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-page-shipping-calculator-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/product-page-shipping-calculator-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-29094'
-  tags: cve,wordpress,wp-plugin,product-page-shipping-calculator-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,product-page-shipping-calculator-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29095-73c59415c469f5d4853f326fdd664c56.yaml b/nuclei-templates/2023/CVE-2023-29095-73c59415c469f5d4853f326fdd664c56.yaml
index ac97a9002c..59c69d6900 100644
--- a/nuclei-templates/2023/CVE-2023-29095-73c59415c469f5d4853f326fdd664c56.yaml
+++ b/nuclei-templates/2023/CVE-2023-29095-73c59415c469f5d4853f326fdd664c56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSVPMaker  <= 10.5.4 - Authenticated (Administrator+) SQL Injection via 'resend'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The RSVPMaker  plugin for WordPress is vulnerable to SQL Injection via the 'resend' parameter in versions up to, and including, 10.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rsvpmaker/"
     google-query: inurl:"/wp-content/plugins/rsvpmaker/"
     shodan-query: 'vuln:CVE-2023-29095'
-  tags: cve,wordpress,wp-plugin,rsvpmaker,high
+  tags: cve,wordpress,wp-plugin,rsvpmaker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29096-0bc37b5f5d5498d8771db41a1e16a982.yaml b/nuclei-templates/2023/CVE-2023-29096-0bc37b5f5d5498d8771db41a1e16a982.yaml
index b453adf9e6..666da161a7 100644
--- a/nuclei-templates/2023/CVE-2023-29096-0bc37b5f5d5498d8771db41a1e16a982.yaml
+++ b/nuclei-templates/2023/CVE-2023-29096-0bc37b5f5d5498d8771db41a1e16a982.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form to DB by BestWebSoft <= 1.7.0 - Authenticated (Contributor+) SQL Injection via cntctfrmtdb_department
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contact Form to DB by BestWebSoft plugin for WordPress is vulnerable to SQL Injection via the cntctfrmtdb_department parameter in versions up to, and including, 1.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers , with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-db/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-db/"
     shodan-query: 'vuln:CVE-2023-29096'
-  tags: cve,wordpress,wp-plugin,contact-form-to-db,high
+  tags: cve,wordpress,wp-plugin,contact-form-to-db,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29097-69bbdafafddf73eabec5b44d29b3cf8b.yaml b/nuclei-templates/2023/CVE-2023-29097-69bbdafafddf73eabec5b44d29b3cf8b.yaml
index 5dca772e42..a3e1e7f516 100644
--- a/nuclei-templates/2023/CVE-2023-29097-69bbdafafddf73eabec5b44d29b3cf8b.yaml
+++ b/nuclei-templates/2023/CVE-2023-29097-69bbdafafddf73eabec5b44d29b3cf8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Portfolio <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The a3 Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/a3-portfolio/"
     google-query: inurl:"/wp-content/plugins/a3-portfolio/"
     shodan-query: 'vuln:CVE-2023-29097'
-  tags: cve,wordpress,wp-plugin,a3-portfolio,medium
+  tags: cve,wordpress,wp-plugin,a3-portfolio,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29099-1ea409fe86fe5baf6c5d95a328e05b6b.yaml b/nuclei-templates/2023/CVE-2023-29099-1ea409fe86fe5baf6c5d95a328e05b6b.yaml
index 28ea9f5a69..f0ff6a6a21 100644
--- a/nuclei-templates/2023/CVE-2023-29099-1ea409fe86fe5baf6c5d95a328e05b6b.yaml
+++ b/nuclei-templates/2023/CVE-2023-29099-1ea409fe86fe5baf6c5d95a328e05b6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Divi <= 4.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.20.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Divi/"
     google-query: inurl:"/wp-content/themes/Divi/"
     shodan-query: 'vuln:CVE-2023-29099'
-  tags: cve,wordpress,wp-theme,Divi,medium
+  tags: cve,wordpress,wp-theme,Divi,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29102-440a978024c68b2f27be0eeba3cb55c2.yaml b/nuclei-templates/2023/CVE-2023-29102-440a978024c68b2f27be0eeba3cb55c2.yaml
index a2fd757760..32830112a4 100644
--- a/nuclei-templates/2023/CVE-2023-29102-440a978024c68b2f27be0eeba3cb55c2.yaml
+++ b/nuclei-templates/2023/CVE-2023-29102-440a978024c68b2f27be0eeba3cb55c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Olive One Click Demo Import <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload in olive_one_click_demo_import_save_file
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Olive One Click Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the olive_one_click_demo_import_save_file function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level privileges and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/olive-one-click-demo-import/"
     google-query: inurl:"/wp-content/plugins/olive-one-click-demo-import/"
     shodan-query: 'vuln:CVE-2023-29102'
-  tags: cve,wordpress,wp-plugin,olive-one-click-demo-import,high
+  tags: cve,wordpress,wp-plugin,olive-one-click-demo-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2916-05f450dd8aa4062aa24fbf2823c60c4a.yaml b/nuclei-templates/2023/CVE-2023-2916-05f450dd8aa4062aa24fbf2823c60c4a.yaml
index 0050323577..ee9f178834 100644
--- a/nuclei-templates/2023/CVE-2023-2916-05f450dd8aa4062aa24fbf2823c60c4a.yaml
+++ b/nuclei-templates/2023/CVE-2023-2916-05f450dd8aa4062aa24fbf2823c60c4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iwp-client/"
     google-query: inurl:"/wp-content/plugins/iwp-client/"
     shodan-query: 'vuln:CVE-2023-2916'
-  tags: cve,wordpress,wp-plugin,iwp-client,high
+  tags: cve,wordpress,wp-plugin,iwp-client,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29170-e5a8f42155cebe6939f0ccac8621a6a2.yaml b/nuclei-templates/2023/CVE-2023-29170-e5a8f42155cebe6939f0ccac8621a6a2.yaml
index 062ccc5cda..280ac8ef98 100644
--- a/nuclei-templates/2023/CVE-2023-29170-e5a8f42155cebe6939f0ccac8621a6a2.yaml
+++ b/nuclei-templates/2023/CVE-2023-29170-e5a8f42155cebe6939f0ccac8621a6a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Enquiry for WooCommerce <= 2.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product Enquiry for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enquiry-quotation-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/enquiry-quotation-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-29170'
-  tags: cve,wordpress,wp-plugin,enquiry-quotation-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,enquiry-quotation-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29173-7e41870e8c673b23f19244598ea8ebcd.yaml b/nuclei-templates/2023/CVE-2023-29173-7e41870e8c673b23f19244598ea8ebcd.yaml
index 1945791a42..03ce691acc 100644
--- a/nuclei-templates/2023/CVE-2023-29173-7e41870e8c673b23f19244598ea8ebcd.yaml
+++ b/nuclei-templates/2023/CVE-2023-29173-7e41870e8c673b23f19244598ea8ebcd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Category Tree <= 2.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Category Tree plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to make use of this functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-category-tree/"
     google-query: inurl:"/wp-content/plugins/product-category-tree/"
     shodan-query: 'vuln:CVE-2023-29173'
-  tags: cve,wordpress,wp-plugin,product-category-tree,medium
+  tags: cve,wordpress,wp-plugin,product-category-tree,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29174-8f9a4b2e27aff6f1c97baa2ca96cfe9f.yaml b/nuclei-templates/2023/CVE-2023-29174-8f9a4b2e27aff6f1c97baa2ca96cfe9f.yaml
index 6c32c214f9..21893c94c3 100644
--- a/nuclei-templates/2023/CVE-2023-29174-8f9a4b2e27aff6f1c97baa2ca96cfe9f.yaml
+++ b/nuclei-templates/2023/CVE-2023-29174-8f9a4b2e27aff6f1c97baa2ca96cfe9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SKU Label Changer For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcsku_update_text() function used to update the SKU text in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to update the WooCommerce SKU text.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-sku-label-changer/"
     google-query: inurl:"/wp-content/plugins/woo-sku-label-changer/"
     shodan-query: 'vuln:CVE-2023-29174'
-  tags: cve,wordpress,wp-plugin,woo-sku-label-changer,medium
+  tags: cve,wordpress,wp-plugin,woo-sku-label-changer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29197-13e3b44160360e3746c78b8d29452ac0.yaml b/nuclei-templates/2023/CVE-2023-29197-13e3b44160360e3746c78b8d29452ac0.yaml
index 7bdb5b238a..8cc23bb42d 100644
--- a/nuclei-templates/2023/CVE-2023-29197-13e3b44160360e3746c78b8d29452ac0.yaml
+++ b/nuclei-templates/2023/CVE-2023-29197-13e3b44160360e3746c78b8d29452ac0.yaml
@@ -7,8 +7,8 @@ info:
   severity: medium
   description: >
     guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade. 
-    
-    While some WordPress plugins and themes may be using this library, it does not make them vulnerable to exploitation.
+        
+        While some WordPress plugins and themes may be using this library, it does not make them vulnerable to exploitation.
   reference:
     - https://www.wordfence.com/threat-intel/vulnerabilities/id/2638bb80-7066-45c0-ab74-4ba407d50cae?source=api-prod
   classification:
@@ -16,17 +16,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2023-29197
   metadata:
-    fofa-query: "wp-content/plugins/wp-ses/"
-    google-query: inurl:"/wp-content/plugins/wp-ses/"
+    fofa-query: "wp-content/plugins/amazon-s3-and-cloudfront/"
+    google-query: inurl:"/wp-content/plugins/amazon-s3-and-cloudfront/"
     shodan-query: 'vuln:CVE-2023-29197'
-  tags: cve,wordpress,wp-plugin,wp-ses,medium
+  tags: cve,wordpress,wp-plugin,amazon-s3-and-cloudfront,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-ses/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/amazon-s3-and-cloudfront/readme.txt"
 
     extractors:
       - type: regex
@@ -52,9 +52,9 @@ http:
 
       - type: word
         words:
-          - "wp-ses"
+          - "amazon-s3-and-cloudfront"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.6.4')
\ No newline at end of file
+          - compare_versions(version, '< 3.2.2')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-29237-f208b8c044d71b8d44e9868aaf03997a.yaml b/nuclei-templates/2023/CVE-2023-29237-f208b8c044d71b8d44e9868aaf03997a.yaml
index 30433a2a5a..3f733a930d 100644
--- a/nuclei-templates/2023/CVE-2023-29237-f208b8c044d71b8d44e9868aaf03997a.yaml
+++ b/nuclei-templates/2023/CVE-2023-29237-f208b8c044d71b8d44e9868aaf03997a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Remove Duplicate Posts <= 1.3.5 - Missing Authorization to Post Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Remove Duplicate Posts plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rdp_ajax_process() and rdp_get_result() functions in versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete posts and retrieve duplicate post ids.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/remove-duplicate-posts/"
     google-query: inurl:"/wp-content/plugins/remove-duplicate-posts/"
     shodan-query: 'vuln:CVE-2023-29237'
-  tags: cve,wordpress,wp-plugin,remove-duplicate-posts,medium
+  tags: cve,wordpress,wp-plugin,remove-duplicate-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29239-4813c58962647ae4a6f05165adf752a7.yaml b/nuclei-templates/2023/CVE-2023-29239-4813c58962647ae4a6f05165adf752a7.yaml
index f15cba4528..c37b0fc18a 100644
--- a/nuclei-templates/2023/CVE-2023-29239-4813c58962647ae4a6f05165adf752a7.yaml
+++ b/nuclei-templates/2023/CVE-2023-29239-4813c58962647ae4a6f05165adf752a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LuckyWP Scripts Control <= 1.2.1 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LuckyWP Scripts Control plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, edit, delete, enable, disable, and sort items.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/luckywp-scripts-control/"
     google-query: inurl:"/wp-content/plugins/luckywp-scripts-control/"
     shodan-query: 'vuln:CVE-2023-29239'
-  tags: cve,wordpress,wp-plugin,luckywp-scripts-control,medium
+  tags: cve,wordpress,wp-plugin,luckywp-scripts-control,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29387-fcb2137e4fd0eeb6eaa0769932ceae96.yaml b/nuclei-templates/2023/CVE-2023-29387-fcb2137e4fd0eeb6eaa0769932ceae96.yaml
index 0d61544a00..30757c983b 100644
--- a/nuclei-templates/2023/CVE-2023-29387-fcb2137e4fd0eeb6eaa0769932ceae96.yaml
+++ b/nuclei-templates/2023/CVE-2023-29387-fcb2137e4fd0eeb6eaa0769932ceae96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Manager for Icomoon <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Manager for Icomoon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's  icomoon shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/manager-for-icomoon/"
     google-query: inurl:"/wp-content/plugins/manager-for-icomoon/"
     shodan-query: 'vuln:CVE-2023-29387'
-  tags: cve,wordpress,wp-plugin,manager-for-icomoon,medium
+  tags: cve,wordpress,wp-plugin,manager-for-icomoon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29422-0bafef3453580e19c740978e87d842b6.yaml b/nuclei-templates/2023/CVE-2023-29422-0bafef3453580e19c740978e87d842b6.yaml
index 683cb0124f..7db89607f1 100644
--- a/nuclei-templates/2023/CVE-2023-29422-0bafef3453580e19c740978e87d842b6.yaml
+++ b/nuclei-templates/2023/CVE-2023-29422-0bafef3453580e19c740978e87d842b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dynamics 365 Integration <= 1.3.13 - Missing Authorization via init
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Dynamics 365 Integration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in versions up to, and including, 1.3.13. This makes it possible for authenticated attackers , with subscriber-level access and above, to trigger the clear cache feature.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integration-dynamics/"
     google-query: inurl:"/wp-content/plugins/integration-dynamics/"
     shodan-query: 'vuln:CVE-2023-29422'
-  tags: cve,wordpress,wp-plugin,integration-dynamics,medium
+  tags: cve,wordpress,wp-plugin,integration-dynamics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29423-5b5a80245567937203123aecaa90cc27.yaml b/nuclei-templates/2023/CVE-2023-29423-5b5a80245567937203123aecaa90cc27.yaml
index 25849da66e..bddef84f2a 100644
--- a/nuclei-templates/2023/CVE-2023-29423-5b5a80245567937203123aecaa90cc27.yaml
+++ b/nuclei-templates/2023/CVE-2023-29423-5b5a80245567937203123aecaa90cc27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cancel order request WooCommerce <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cancel order request WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cancel-order-request-woocommerce/"
     google-query: inurl:"/wp-content/plugins/cancel-order-request-woocommerce/"
     shodan-query: 'vuln:CVE-2023-29423'
-  tags: cve,wordpress,wp-plugin,cancel-order-request-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,cancel-order-request-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29428-bfcc2c70b2c01ba809a238ca61e5f88c.yaml b/nuclei-templates/2023/CVE-2023-29428-bfcc2c70b2c01ba809a238ca61e5f88c.yaml
index 27e9431b6d..78075981b3 100644
--- a/nuclei-templates/2023/CVE-2023-29428-bfcc2c70b2c01ba809a238ca61e5f88c.yaml
+++ b/nuclei-templates/2023/CVE-2023-29428-bfcc2c70b2c01ba809a238ca61e5f88c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Missing Authorization via spbsmAjax
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Superb Social Media Share Buttons and Follow Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spbsmAjax function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/superb-social-share-and-follow-buttons/"
     google-query: inurl:"/wp-content/plugins/superb-social-share-and-follow-buttons/"
     shodan-query: 'vuln:CVE-2023-29428'
-  tags: cve,wordpress,wp-plugin,superb-social-share-and-follow-buttons,medium
+  tags: cve,wordpress,wp-plugin,superb-social-share-and-follow-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29429-2612ae00d02e310a6680f563b8b56eab.yaml b/nuclei-templates/2023/CVE-2023-29429-2612ae00d02e310a6680f563b8b56eab.yaml
index 0f8615b694..5a7ba67f54 100644
--- a/nuclei-templates/2023/CVE-2023-29429-2612ae00d02e310a6680f563b8b56eab.yaml
+++ b/nuclei-templates/2023/CVE-2023-29429-2612ae00d02e310a6680f563b8b56eab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration <= 2.3.2.1 - Missing Authorization via send_test_email
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_test_email function in versions up to, and including, 2.3.2.1. This makes it possible for unauthenticated attackers to send a test email.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-registration/"
     google-query: inurl:"/wp-content/plugins/user-registration/"
     shodan-query: 'vuln:CVE-2023-29429'
-  tags: cve,wordpress,wp-plugin,user-registration,medium
+  tags: cve,wordpress,wp-plugin,user-registration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29431-9583c7a118279761c36edb998dbf641d.yaml b/nuclei-templates/2023/CVE-2023-29431-9583c7a118279761c36edb998dbf641d.yaml
index 0f80fd7200..034dbd67b1 100644
--- a/nuclei-templates/2023/CVE-2023-29431-9583c7a118279761c36edb998dbf641d.yaml
+++ b/nuclei-templates/2023/CVE-2023-29431-9583c7a118279761c36edb998dbf641d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     qTranslate X Cleanup and WPML Import <= 3.0.1 - Missing Authorization via clean_ajx
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The qTranslate X Cleanup and WPML Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean_ajx function in versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger the 'clean' functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qtranslate-to-wpml-export/"
     google-query: inurl:"/wp-content/plugins/qtranslate-to-wpml-export/"
     shodan-query: 'vuln:CVE-2023-29431'
-  tags: cve,wordpress,wp-plugin,qtranslate-to-wpml-export,medium
+  tags: cve,wordpress,wp-plugin,qtranslate-to-wpml-export,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29433-b1770f9eb849f830c90d98a4a92d2baf.yaml b/nuclei-templates/2023/CVE-2023-29433-b1770f9eb849f830c90d98a4a92d2baf.yaml
index 522112d81f..23e5ad50b3 100644
--- a/nuclei-templates/2023/CVE-2023-29433-b1770f9eb849f830c90d98a4a92d2baf.yaml
+++ b/nuclei-templates/2023/CVE-2023-29433-b1770f9eb849f830c90d98a4a92d2baf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     tencentcloud-cos <= 1.0.7 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The tencentcloud-cos plugin for WordPress is vulnerable to unauthorized access to several functions associated with AJAX actions (including tcwpcosCheckBucket, replaceLegacyUrl2CosUrl, syncLegacyAttachmentToCos, tcwpcosSaveOptions, tcwpcosDeleteLogFile) due to a missing capability in versions up to, and including, 1.0.7. This makes it possible for authenticated attackers , with subscriber-level access and above, to access those actions leading to log file deletion and settings updates.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tencentcloud-cos/"
     google-query: inurl:"/wp-content/plugins/tencentcloud-cos/"
     shodan-query: 'vuln:CVE-2023-29433'
-  tags: cve,wordpress,wp-plugin,tencentcloud-cos,medium
+  tags: cve,wordpress,wp-plugin,tencentcloud-cos,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29434-b4a1c53e99884a28029186adce52a970.yaml b/nuclei-templates/2023/CVE-2023-29434-b4a1c53e99884a28029186adce52a970.yaml
index 2b71521c1b..863819d11e 100644
--- a/nuclei-templates/2023/CVE-2023-29434-b4a1c53e99884a28029186adce52a970.yaml
+++ b/nuclei-templates/2023/CVE-2023-29434-b4a1c53e99884a28029186adce52a970.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Optin Forms <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Optin Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/optin-forms/"
     google-query: inurl:"/wp-content/plugins/optin-forms/"
     shodan-query: 'vuln:CVE-2023-29434'
-  tags: cve,wordpress,wp-plugin,optin-forms,medium
+  tags: cve,wordpress,wp-plugin,optin-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29435-c5c657b48dcb3ae9c728f121d2d0aa85.yaml b/nuclei-templates/2023/CVE-2023-29435-c5c657b48dcb3ae9c728f121d2d0aa85.yaml
index b350b82ab5..50bf061e5d 100644
--- a/nuclei-templates/2023/CVE-2023-29435-c5c657b48dcb3ae9c728f121d2d0aa85.yaml
+++ b/nuclei-templates/2023/CVE-2023-29435-c5c657b48dcb3ae9c728f121d2d0aa85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cryptocurrency All-in-One <= 3.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cryptocurrency All-in-One plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cryptocurrency-prices/"
     google-query: inurl:"/wp-content/plugins/cryptocurrency-prices/"
     shodan-query: 'vuln:CVE-2023-29435'
-  tags: cve,wordpress,wp-plugin,cryptocurrency-prices,medium
+  tags: cve,wordpress,wp-plugin,cryptocurrency-prices,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29436-60b8d6d9997cb1264cf24cce0caa381a.yaml b/nuclei-templates/2023/CVE-2023-29436-60b8d6d9997cb1264cf24cce0caa381a.yaml
index cbb10a92aa..2c2ac84674 100644
--- a/nuclei-templates/2023/CVE-2023-29436-60b8d6d9997cb1264cf24cce0caa381a.yaml
+++ b/nuclei-templates/2023/CVE-2023-29436-60b8d6d9997cb1264cf24cce0caa381a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IFrame Shortcode <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The IFrame Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flynsarmy-iframe-shortcode/"
     google-query: inurl:"/wp-content/plugins/flynsarmy-iframe-shortcode/"
     shodan-query: 'vuln:CVE-2023-29436'
-  tags: cve,wordpress,wp-plugin,flynsarmy-iframe-shortcode,medium
+  tags: cve,wordpress,wp-plugin,flynsarmy-iframe-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29437-6869d4da7d1da9e6712437e8840c161b.yaml b/nuclei-templates/2023/CVE-2023-29437-6869d4da7d1da9e6712437e8840c161b.yaml
index da7f4187bb..1aa570e5ba 100644
--- a/nuclei-templates/2023/CVE-2023-29437-6869d4da7d1da9e6712437e8840c161b.yaml
+++ b/nuclei-templates/2023/CVE-2023-29437-6869d4da7d1da9e6712437e8840c161b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Connections Business Directory <= 10.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Connections Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'connections' and 'upcoming_list' shortcodes in versions up to, and including, 10.4.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/connections/"
     google-query: inurl:"/wp-content/plugins/connections/"
     shodan-query: 'vuln:CVE-2023-29437'
-  tags: cve,wordpress,wp-plugin,connections,medium
+  tags: cve,wordpress,wp-plugin,connections,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-29438-96b2063a0950eb9d73bc44532d96a2af.yaml b/nuclei-templates/2023/CVE-2023-29438-96b2063a0950eb9d73bc44532d96a2af.yaml
index f6b984c7a4..f2347f457b 100644
--- a/nuclei-templates/2023/CVE-2023-29438-96b2063a0950eb9d73bc44532d96a2af.yaml
+++ b/nuclei-templates/2023/CVE-2023-29438-96b2063a0950eb9d73bc44532d96a2af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SimpleModal Contact Form (SMCF) <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SimpleModal Contact Form (SMCF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simplemodal-contact-form-smcf/"
     google-query: inurl:"/wp-content/plugins/simplemodal-contact-form-smcf/"
     shodan-query: 'vuln:CVE-2023-29438'
-  tags: cve,wordpress,wp-plugin,simplemodal-contact-form-smcf,medium
+  tags: cve,wordpress,wp-plugin,simplemodal-contact-form-smcf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2964-b7ed33471f1469ef97fb3b870c3b3d8e.yaml b/nuclei-templates/2023/CVE-2023-2964-b7ed33471f1469ef97fb3b870c3b3d8e.yaml
index 4ba9b8e750..b2fd52e063 100644
--- a/nuclei-templates/2023/CVE-2023-2964-b7ed33471f1469ef97fb3b870c3b3d8e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2964-b7ed33471f1469ef97fb3b870c3b3d8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Iframe <= 1.1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via block attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-iframe/"
     google-query: inurl:"/wp-content/plugins/simple-iframe/"
     shodan-query: 'vuln:CVE-2023-2964'
-  tags: cve,wordpress,wp-plugin,simple-iframe,medium
+  tags: cve,wordpress,wp-plugin,simple-iframe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2967-c3680e3206f99027fb5f3986ae69948a.yaml b/nuclei-templates/2023/CVE-2023-2967-c3680e3206f99027fb5f3986ae69948a.yaml
index 64eedeebdd..8027a2cf5b 100644
--- a/nuclei-templates/2023/CVE-2023-2967-c3680e3206f99027fb5f3986ae69948a.yaml
+++ b/nuclei-templates/2023/CVE-2023-2967-c3680e3206f99027fb5f3986ae69948a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TinyMCE Custom Styles <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TinyMCE Custom Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tinymce-custom-styles/"
     google-query: inurl:"/wp-content/plugins/tinymce-custom-styles/"
     shodan-query: 'vuln:CVE-2023-2967'
-  tags: cve,wordpress,wp-plugin,tinymce-custom-styles,medium
+  tags: cve,wordpress,wp-plugin,tinymce-custom-styles,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2987-755ac9508c7a76c31cd7d0edf80b8b6e.yaml b/nuclei-templates/2023/CVE-2023-2987-755ac9508c7a76c31cd7d0edf80b8b6e.yaml
index e27d8d9f5d..16a329a40f 100644
--- a/nuclei-templates/2023/CVE-2023-2987-755ac9508c7a76c31cd7d0edf80b8b6e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2987-755ac9508c7a76c31cd7d0edf80b8b6e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wordapp <= 1.5.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordapp/"
     google-query: inurl:"/wp-content/plugins/wordapp/"
     shodan-query: 'vuln:CVE-2023-2987'
-  tags: cve,wordpress,wp-plugin,wordapp,critical
+  tags: cve,wordpress,wp-plugin,wordapp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2995-4ad4d0b506ee721748cb73d977e55c9e.yaml b/nuclei-templates/2023/CVE-2023-2995-4ad4d0b506ee721748cb73d977e55c9e.yaml
index 87d475d624..7902d999b1 100644
--- a/nuclei-templates/2023/CVE-2023-2995-4ad4d0b506ee721748cb73d977e55c9e.yaml
+++ b/nuclei-templates/2023/CVE-2023-2995-4ad4d0b506ee721748cb73d977e55c9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leyka <= 3.30.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Leyka plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.30.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: The problem was communicated to the developer on May 30, 2023, and was patched via a hot-fix in version 3.30.3 instead of a new release being rolled out.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leyka/"
     google-query: inurl:"/wp-content/plugins/leyka/"
     shodan-query: 'vuln:CVE-2023-2995'
-  tags: cve,wordpress,wp-plugin,leyka,medium
+  tags: cve,wordpress,wp-plugin,leyka,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-2996-67e0a9fec932f5d791c2a1af30baf3c7.yaml b/nuclei-templates/2023/CVE-2023-2996-67e0a9fec932f5d791c2a1af30baf3c7.yaml
index de25449adc..d1da52d578 100644
--- a/nuclei-templates/2023/CVE-2023-2996-67e0a9fec932f5d791c2a1af30baf3c7.yaml
+++ b/nuclei-templates/2023/CVE-2023-2996-67e0a9fec932f5d791c2a1af30baf3c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack <= 12.1 - Authenticated (Author+) Arbitrary File Manipulation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jetpack plugin for WordPress is vulnerable to arbitrary file manipulation in versions up to, and including, 12.1. This is due to insufficient validation on data being supplied to the media API endpoint. This makes it possible for authenticated attackers, with author-level permissions and above, to modify arbitrary files in the WordPress Installation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetpack/"
     google-query: inurl:"/wp-content/plugins/jetpack/"
     shodan-query: 'vuln:CVE-2023-2996'
-  tags: cve,wordpress,wp-plugin,jetpack,medium
+  tags: cve,wordpress,wp-plugin,jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3023-5c5967c0bbcbea315d0f076aa78401d0.yaml b/nuclei-templates/2023/CVE-2023-3023-5c5967c0bbcbea315d0f076aa78401d0.yaml
index 48c534bf92..a1daed2499 100644
--- a/nuclei-templates/2023/CVE-2023-3023-5c5967c0bbcbea315d0f076aa78401d0.yaml
+++ b/nuclei-templates/2023/CVE-2023-3023-5c5967c0bbcbea315d0f076aa78401d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP EasyCart <= 5.4.10 - Authenticated (Administrator+) SQL Injection via 'orderby'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level or above permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easycart/"
     google-query: inurl:"/wp-content/plugins/wp-easycart/"
     shodan-query: 'vuln:CVE-2023-3023'
-  tags: cve,wordpress,wp-plugin,wp-easycart,high
+  tags: cve,wordpress,wp-plugin,wp-easycart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30476-e5b5400c624e25843b2372f9abb89d26.yaml b/nuclei-templates/2023/CVE-2023-30476-e5b5400c624e25843b2372f9abb89d26.yaml
index d6f9af603b..c4f9721075 100644
--- a/nuclei-templates/2023/CVE-2023-30476-e5b5400c624e25843b2372f9abb89d26.yaml
+++ b/nuclei-templates/2023/CVE-2023-30476-e5b5400c624e25843b2372f9abb89d26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blogger Buzz <= 1.2.4 - Missing Authorization via activate_plugin
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Blogger Buzz theme for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the activate_plugin function in versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary installed plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/blogger-buzz/"
     google-query: inurl:"/wp-content/themes/blogger-buzz/"
     shodan-query: 'vuln:CVE-2023-30476'
-  tags: cve,wordpress,wp-theme,blogger-buzz,medium
+  tags: cve,wordpress,wp-theme,blogger-buzz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30477-5b09bbfafab13caa853913e46666c79b.yaml b/nuclei-templates/2023/CVE-2023-30477-5b09bbfafab13caa853913e46666c79b.yaml
index 7c9352b958..d82d128de1 100644
--- a/nuclei-templates/2023/CVE-2023-30477-5b09bbfafab13caa853913e46666c79b.yaml
+++ b/nuclei-templates/2023/CVE-2023-30477-5b09bbfafab13caa853913e46666c79b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AFFILIATE Solution <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AFFILIATE Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliate-solution/"
     google-query: inurl:"/wp-content/plugins/affiliate-solution/"
     shodan-query: 'vuln:CVE-2023-30477'
-  tags: cve,wordpress,wp-plugin,affiliate-solution,medium
+  tags: cve,wordpress,wp-plugin,affiliate-solution,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30479-f7de3a4183d7c85f1508bd7bcbb56139.yaml b/nuclei-templates/2023/CVE-2023-30479-f7de3a4183d7c85f1508bd7bcbb56139.yaml
index fac5a90406..b34511d80b 100644
--- a/nuclei-templates/2023/CVE-2023-30479-f7de3a4183d7c85f1508bd7bcbb56139.yaml
+++ b/nuclei-templates/2023/CVE-2023-30479-f7de3a4183d7c85f1508bd7bcbb56139.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stamped.io Product Reviews & UGC for WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the bulk_reviews_ajax, bulk_export_review, and clear_reviews_cache functions called via nopriv AJAX actions in versions up to, and including, 2.3.2. This makes it possible for unauthenticated attackers to export reviews and clear review caches.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stampedio-product-reviews/"
     google-query: inurl:"/wp-content/plugins/stampedio-product-reviews/"
     shodan-query: 'vuln:CVE-2023-30479'
-  tags: cve,wordpress,wp-plugin,stampedio-product-reviews,medium
+  tags: cve,wordpress,wp-plugin,stampedio-product-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30480-8b501a3e440ee475a390c14b78d1469e.yaml b/nuclei-templates/2023/CVE-2023-30480-8b501a3e440ee475a390c14b78d1469e.yaml
index 82e03607f9..e2e4fd5cf7 100644
--- a/nuclei-templates/2023/CVE-2023-30480-8b501a3e440ee475a390c14b78d1469e.yaml
+++ b/nuclei-templates/2023/CVE-2023-30480-8b501a3e440ee475a390c14b78d1469e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Educenter <= 1.5.7 - Missing Authorization via activate_plugin
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Educenter theme for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the activate_plugin function called via and AJAX action in versions up to, and including, 1.5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/educenter/"
     google-query: inurl:"/wp-content/themes/educenter/"
     shodan-query: 'vuln:CVE-2023-30480'
-  tags: cve,wordpress,wp-theme,educenter,medium
+  tags: cve,wordpress,wp-theme,educenter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30482-e83a61f4951a190bf506663021152379.yaml b/nuclei-templates/2023/CVE-2023-30482-e83a61f4951a190bf506663021152379.yaml
index fcf7bb734c..b24e5a634f 100644
--- a/nuclei-templates/2023/CVE-2023-30482-e83a61f4951a190bf506663021152379.yaml
+++ b/nuclei-templates/2023/CVE-2023-30482-e83a61f4951a190bf506663021152379.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBulky <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPBulky plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization via the 'sanitize' function which does not sufficiently sanitize content that does not contain HTML tags, as well as insufficient output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpbulky-wp-bulk-edit-post-types/"
     google-query: inurl:"/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/"
     shodan-query: 'vuln:CVE-2023-30482'
-  tags: cve,wordpress,wp-plugin,wpbulky-wp-bulk-edit-post-types,medium
+  tags: cve,wordpress,wp-plugin,wpbulky-wp-bulk-edit-post-types,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30486-3715092a367ddcdb9354396fe5cef26a.yaml b/nuclei-templates/2023/CVE-2023-30486-3715092a367ddcdb9354396fe5cef26a.yaml
index f1d3f0df76..78e092c245 100644
--- a/nuclei-templates/2023/CVE-2023-30486-3715092a367ddcdb9354396fe5cef26a.yaml
+++ b/nuclei-templates/2023/CVE-2023-30486-3715092a367ddcdb9354396fe5cef26a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Square <= 2.0.0 - Missing Authorization via activate_plugin
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Square theme for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the activate_plugin function called via an AJAX action in versions up to, and including, 2.0.0. This makes it possible for authenticated attackers , with subscriber-level access and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/square/"
     google-query: inurl:"/wp-content/themes/square/"
     shodan-query: 'vuln:CVE-2023-30486'
-  tags: cve,wordpress,wp-theme,square,medium
+  tags: cve,wordpress,wp-theme,square,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30488-947aab9c660d0a41bcf7e37fa45491b8.yaml b/nuclei-templates/2023/CVE-2023-30488-947aab9c660d0a41bcf7e37fa45491b8.yaml
index 7e6c6eb591..d146bb910e 100644
--- a/nuclei-templates/2023/CVE-2023-30488-947aab9c660d0a41bcf7e37fa45491b8.yaml
+++ b/nuclei-templates/2023/CVE-2023-30488-947aab9c660d0a41bcf7e37fa45491b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Featured Post Creative <= 1.2.7 - Missing Authorization via wpfp_update_featured_post
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Featured Post Creative plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfp_update_featured_post function called via a nopriv AJAX action in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to change what post is featured.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/featured-post-creative/"
     google-query: inurl:"/wp-content/plugins/featured-post-creative/"
     shodan-query: 'vuln:CVE-2023-30488'
-  tags: cve,wordpress,wp-plugin,featured-post-creative,medium
+  tags: cve,wordpress,wp-plugin,featured-post-creative,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30490-28d8e466f42a7ea620fa3fe2f98c9634.yaml b/nuclei-templates/2023/CVE-2023-30490-28d8e466f42a7ea620fa3fe2f98c9634.yaml
index 0db2783d1b..dbdd044b10 100644
--- a/nuclei-templates/2023/CVE-2023-30490-28d8e466f42a7ea620fa3fe2f98c9634.yaml
+++ b/nuclei-templates/2023/CVE-2023-30490-28d8e466f42a7ea620fa3fe2f98c9634.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easing Slider  <= 3.0.8 - Missing Authorization to Unauthenticated Settings Reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easing Slider  plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetSettings() function in versions up to, and including, 3.0.8. This makes it possible for unauthenticated attackers to reset the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easing-slider/"
     google-query: inurl:"/wp-content/plugins/easing-slider/"
     shodan-query: 'vuln:CVE-2023-30490'
-  tags: cve,wordpress,wp-plugin,easing-slider,medium
+  tags: cve,wordpress,wp-plugin,easing-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30492-ae760478256ed9e96e189f019a687210.yaml b/nuclei-templates/2023/CVE-2023-30492-ae760478256ed9e96e189f019a687210.yaml
index 7969e59369..9213d1d731 100644
--- a/nuclei-templates/2023/CVE-2023-30492-ae760478256ed9e96e189f019a687210.yaml
+++ b/nuclei-templates/2023/CVE-2023-30492-ae760478256ed9e96e189f019a687210.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Minimum Purchase for WooCommerce <= 2.0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Minimum Purchase for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/minimum-purchase-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/minimum-purchase-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-30492'
-  tags: cve,wordpress,wp-plugin,minimum-purchase-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,minimum-purchase-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30495-6ecaac8965c567964f683839f3212253.yaml b/nuclei-templates/2023/CVE-2023-30495-6ecaac8965c567964f683839f3212253.yaml
index d747e9f9ea..edc2000efb 100644
--- a/nuclei-templates/2023/CVE-2023-30495-6ecaac8965c567964f683839f3212253.yaml
+++ b/nuclei-templates/2023/CVE-2023-30495-6ecaac8965c567964f683839f3212253.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in versions up to, and including, 3.1.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2023-30495'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,high
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30500-7a378944e613d1b359a5928a9883a2f4.yaml b/nuclei-templates/2023/CVE-2023-30500-7a378944e613d1b359a5928a9883a2f4.yaml
index a56484f090..b8beea6b0c 100644
--- a/nuclei-templates/2023/CVE-2023-30500-7a378944e613d1b359a5928a9883a2f4.yaml
+++ b/nuclei-templates/2023/CVE-2023-30500-7a378944e613d1b359a5928a9883a2f4.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-30500
   metadata:
-    fofa-query: "wp-content/plugins/wpforms-lite/"
-    google-query: inurl:"/wp-content/plugins/wpforms-lite/"
+    fofa-query: "wp-content/plugins/wpforms/"
+    google-query: inurl:"/wp-content/plugins/wpforms/"
     shodan-query: 'vuln:CVE-2023-30500'
-  tags: cve,wordpress,wp-plugin,wpforms-lite,medium
+  tags: cve,wordpress,wp-plugin,wpforms,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wpforms-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wpforms/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "wpforms-lite"
+          - "wpforms"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-3051-903fd5007a29b9028410d0ffded470cf.yaml b/nuclei-templates/2023/CVE-2023-3051-903fd5007a29b9028410d0ffded470cf.yaml
index 3b7e20b6d1..ed6841c6fb 100644
--- a/nuclei-templates/2023/CVE-2023-3051-903fd5007a29b9028410d0ffded470cf.yaml
+++ b/nuclei-templates/2023/CVE-2023-3051-903fd5007a29b9028410d0ffded470cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder by AZEXO <= 1.27.133 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-builder-by-azexo/"
     google-query: inurl:"/wp-content/plugins/page-builder-by-azexo/"
     shodan-query: 'vuln:CVE-2023-3051'
-  tags: cve,wordpress,wp-plugin,page-builder-by-azexo,medium
+  tags: cve,wordpress,wp-plugin,page-builder-by-azexo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3053-2ef42991bf5a3f6fe661eaa83837878d.yaml b/nuclei-templates/2023/CVE-2023-3053-2ef42991bf5a3f6fe661eaa83837878d.yaml
index 883260e934..a6c305ceb6 100644
--- a/nuclei-templates/2023/CVE-2023-3053-2ef42991bf5a3f6fe661eaa83837878d.yaml
+++ b/nuclei-templates/2023/CVE-2023-3053-2ef42991bf5a3f6fe661eaa83837878d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder by AZEXO <= 1.27.133 - Missing Authorization to Post Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-builder-by-azexo/"
     google-query: inurl:"/wp-content/plugins/page-builder-by-azexo/"
     shodan-query: 'vuln:CVE-2023-3053'
-  tags: cve,wordpress,wp-plugin,page-builder-by-azexo,medium
+  tags: cve,wordpress,wp-plugin,page-builder-by-azexo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3063-cb1e1ee6d4a86d7ed0a6cb77ed172c33.yaml b/nuclei-templates/2023/CVE-2023-3063-cb1e1ee6d4a86d7ed0a6cb77ed172c33.yaml
index b92b540c6e..01d0c0b13f 100644
--- a/nuclei-templates/2023/CVE-2023-3063-cb1e1ee6d4a86d7ed0a6cb77ed172c33.yaml
+++ b/nuclei-templates/2023/CVE-2023-3063-cb1e1ee6d4a86d7ed0a6cb77ed172c33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:CVE-2023-3063'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,high
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30745-88404ad5e8128c3699e3c229a21a2eba.yaml b/nuclei-templates/2023/CVE-2023-30745-88404ad5e8128c3699e3c229a21a2eba.yaml
index cb9668c193..c515070cae 100644
--- a/nuclei-templates/2023/CVE-2023-30745-88404ad5e8128c3699e3c229a21a2eba.yaml
+++ b/nuclei-templates/2023/CVE-2023-30745-88404ad5e8128c3699e3c229a21a2eba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IP Metaboxes <= 2.1.1 -  Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The IP Metaboxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via metabox settings in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ip-metaboxes/"
     google-query: inurl:"/wp-content/plugins/ip-metaboxes/"
     shodan-query: 'vuln:CVE-2023-30745'
-  tags: cve,wordpress,wp-plugin,ip-metaboxes,medium
+  tags: cve,wordpress,wp-plugin,ip-metaboxes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30746-aa0b3a997f2af2400ed5816a52c96615.yaml b/nuclei-templates/2023/CVE-2023-30746-aa0b3a997f2af2400ed5816a52c96615.yaml
index 3a4f8ce306..12d26bd6b9 100644
--- a/nuclei-templates/2023/CVE-2023-30746-aa0b3a997f2af2400ed5816a52c96615.yaml
+++ b/nuclei-templates/2023/CVE-2023-30746-aa0b3a997f2af2400ed5816a52c96615.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booqable Rental Plugin <= 2.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booqable Rental Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booqable_company_name' value in versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booqable-rental-reservations/"
     google-query: inurl:"/wp-content/plugins/booqable-rental-reservations/"
     shodan-query: 'vuln:CVE-2023-30746'
-  tags: cve,wordpress,wp-plugin,booqable-rental-reservations,medium
+  tags: cve,wordpress,wp-plugin,booqable-rental-reservations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30748-afa229bd02db847384791980963680d0.yaml b/nuclei-templates/2023/CVE-2023-30748-afa229bd02db847384791980963680d0.yaml
index 2e2670af1c..7998b03f08 100644
--- a/nuclei-templates/2023/CVE-2023-30748-afa229bd02db847384791980963680d0.yaml
+++ b/nuclei-templates/2023/CVE-2023-30748-afa229bd02db847384791980963680d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-appointments/"
     google-query: inurl:"/wp-content/plugins/easy-appointments/"
     shodan-query: 'vuln:CVE-2023-30748'
-  tags: cve,wordpress,wp-plugin,easy-appointments,medium
+  tags: cve,wordpress,wp-plugin,easy-appointments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30749-a4c0765b0c52463caf31b82bc7711eb8.yaml b/nuclei-templates/2023/CVE-2023-30749-a4c0765b0c52463caf31b82bc7711eb8.yaml
index 62495699b9..ebba987fc5 100644
--- a/nuclei-templates/2023/CVE-2023-30749-a4c0765b0c52463caf31b82bc7711eb8.yaml
+++ b/nuclei-templates/2023/CVE-2023-30749-a4c0765b0c52463caf31b82bc7711eb8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Optima Express + MarketBoost IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings parameter in versions up to, and including, 7.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/optima-express/"
     google-query: inurl:"/wp-content/plugins/optima-express/"
     shodan-query: 'vuln:CVE-2023-30749'
-  tags: cve,wordpress,wp-plugin,optima-express,medium
+  tags: cve,wordpress,wp-plugin,optima-express,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30750-ad88df41b076143465006e1296e02fd7.yaml b/nuclei-templates/2023/CVE-2023-30750-ad88df41b076143465006e1296e02fd7.yaml
index 928b680147..ab2e110774 100644
--- a/nuclei-templates/2023/CVE-2023-30750-ad88df41b076143465006e1296e02fd7.yaml
+++ b/nuclei-templates/2023/CVE-2023-30750-ad88df41b076143465006e1296e02fd7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CM Pop-Up banners <= 1.5.10 - Authenticated (Subscriber+) SQL Injection via getStatistics
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The CM Pop-Up banners plugin for WordPress is vulnerable to generic SQL Injection via the getStatistics function in versions up to, and including, 1.5.10 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers , with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The plugin patched the issue by commenting out the function calls to functions that contained vulnerable SQL queries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cm-pop-up-banners/"
     google-query: inurl:"/wp-content/plugins/cm-pop-up-banners/"
     shodan-query: 'vuln:CVE-2023-30750'
-  tags: cve,wordpress,wp-plugin,cm-pop-up-banners,high
+  tags: cve,wordpress,wp-plugin,cm-pop-up-banners,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30751-bab2d740e6550ac0744f9a04322bcfe9.yaml b/nuclei-templates/2023/CVE-2023-30751-bab2d740e6550ac0744f9a04322bcfe9.yaml
index 0da5f017db..ec7e782526 100644
--- a/nuclei-templates/2023/CVE-2023-30751-bab2d740e6550ac0744f9a04322bcfe9.yaml
+++ b/nuclei-templates/2023/CVE-2023-30751-bab2d740e6550ac0744f9a04322bcfe9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Article Directory Redux <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Article Directory Redux plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/article-directory-redux/"
     google-query: inurl:"/wp-content/plugins/article-directory-redux/"
     shodan-query: 'vuln:CVE-2023-30751'
-  tags: cve,wordpress,wp-plugin,article-directory-redux,medium
+  tags: cve,wordpress,wp-plugin,article-directory-redux,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30752-c96e975122963919f6930b9c017e5991.yaml b/nuclei-templates/2023/CVE-2023-30752-c96e975122963919f6930b9c017e5991.yaml
index e926d677bb..e6d607ed4b 100644
--- a/nuclei-templates/2023/CVE-2023-30752-c96e975122963919f6930b9c017e5991.yaml
+++ b/nuclei-templates/2023/CVE-2023-30752-c96e975122963919f6930b9c017e5991.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     External Videos <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The External Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/external-videos/"
     google-query: inurl:"/wp-content/plugins/external-videos/"
     shodan-query: 'vuln:CVE-2023-30752'
-  tags: cve,wordpress,wp-plugin,external-videos,medium
+  tags: cve,wordpress,wp-plugin,external-videos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30777-ebdf981fa373e4823561a65bb577a1a2.yaml b/nuclei-templates/2023/CVE-2023-30777-ebdf981fa373e4823561a65bb577a1a2.yaml
index e26c3e7609..932cae989c 100644
--- a/nuclei-templates/2023/CVE-2023-30777-ebdf981fa373e4823561a65bb577a1a2.yaml
+++ b/nuclei-templates/2023/CVE-2023-30777-ebdf981fa373e4823561a65bb577a1a2.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-30777
   metadata:
-    fofa-query: "wp-content/plugins/advanced-custom-fields/"
-    google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
+    fofa-query: "wp-content/plugins/advanced-custom-fields-pro/"
+    google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/"
     shodan-query: 'vuln:CVE-2023-30777'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "advanced-custom-fields"
+          - "advanced-custom-fields-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-30778-bb853e4203fd77e0eccd7981cc19970b.yaml b/nuclei-templates/2023/CVE-2023-30778-bb853e4203fd77e0eccd7981cc19970b.yaml
index ba86d7a141..ac17552b35 100644
--- a/nuclei-templates/2023/CVE-2023-30778-bb853e4203fd77e0eccd7981cc19970b.yaml
+++ b/nuclei-templates/2023/CVE-2023-30778-bb853e4203fd77e0eccd7981cc19970b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPress <= 10.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpress/"
     google-query: inurl:"/wp-content/plugins/powerpress/"
     shodan-query: 'vuln:CVE-2023-30778'
-  tags: cve,wordpress,wp-plugin,powerpress,medium
+  tags: cve,wordpress,wp-plugin,powerpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30780-0fd2b55ebd627169d7e7b82b7b9c0e52.yaml b/nuclei-templates/2023/CVE-2023-30780-0fd2b55ebd627169d7e7b82b7b9c0e52.yaml
index bcc651e58b..cfb4916cd7 100644
--- a/nuclei-templates/2023/CVE-2023-30780-0fd2b55ebd627169d7e7b82b7b9c0e52.yaml
+++ b/nuclei-templates/2023/CVE-2023-30780-0fd2b55ebd627169d7e7b82b7b9c0e52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User IP and Location <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User IP and Location plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-ip-and-location/"
     google-query: inurl:"/wp-content/plugins/user-ip-and-location/"
     shodan-query: 'vuln:CVE-2023-30780'
-  tags: cve,wordpress,wp-plugin,user-ip-and-location,medium
+  tags: cve,wordpress,wp-plugin,user-ip-and-location,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30783-517aef4b1533709bdbf95e8d657f10e6.yaml b/nuclei-templates/2023/CVE-2023-30783-517aef4b1533709bdbf95e8d657f10e6.yaml
index c6b70b8484..bf0ecde110 100644
--- a/nuclei-templates/2023/CVE-2023-30783-517aef4b1533709bdbf95e8d657f10e6.yaml
+++ b/nuclei-templates/2023/CVE-2023-30783-517aef4b1533709bdbf95e8d657f10e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart WooCommerce Search <= 2.5.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smart WooCommerce Search plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks on the duplicate() & remove() functions called via AJAX actions in versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate and delete widgets created by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-woocommerce-search/"
     google-query: inurl:"/wp-content/plugins/smart-woocommerce-search/"
     shodan-query: 'vuln:CVE-2023-30783'
-  tags: cve,wordpress,wp-plugin,smart-woocommerce-search,medium
+  tags: cve,wordpress,wp-plugin,smart-woocommerce-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30784-3b8474b2759e8c9d48abfea5292a608c.yaml b/nuclei-templates/2023/CVE-2023-30784-3b8474b2759e8c9d48abfea5292a608c.yaml
index f57c497289..bc4a451605 100644
--- a/nuclei-templates/2023/CVE-2023-30784-3b8474b2759e8c9d48abfea5292a608c.yaml
+++ b/nuclei-templates/2023/CVE-2023-30784-3b8474b2759e8c9d48abfea5292a608c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kaya QR Code Generator <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via qrCode attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Kaya QR Code Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qrCode attributes in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kaya-qr-code-generator/"
     google-query: inurl:"/wp-content/plugins/kaya-qr-code-generator/"
     shodan-query: 'vuln:CVE-2023-30784'
-  tags: cve,wordpress,wp-plugin,kaya-qr-code-generator,medium
+  tags: cve,wordpress,wp-plugin,kaya-qr-code-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30786-1772bca649ab5b99b71eb70af7333d0b.yaml b/nuclei-templates/2023/CVE-2023-30786-1772bca649ab5b99b71eb70af7333d0b.yaml
index bdb8f3b5bd..f77c476349 100644
--- a/nuclei-templates/2023/CVE-2023-30786-1772bca649ab5b99b71eb70af7333d0b.yaml
+++ b/nuclei-templates/2023/CVE-2023-30786-1772bca649ab5b99b71eb70af7333d0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Captcha Them All <= 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Captcha Them All for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.3  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/captcha-them-all/"
     google-query: inurl:"/wp-content/plugins/captcha-them-all/"
     shodan-query: 'vuln:CVE-2023-30786'
-  tags: cve,wordpress,wp-plugin,captcha-them-all,medium
+  tags: cve,wordpress,wp-plugin,captcha-them-all,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30872-9d98910f079017bb745e5dfdd7b3a383.yaml b/nuclei-templates/2023/CVE-2023-30872-9d98910f079017bb745e5dfdd7b3a383.yaml
index 11dc8567ba..4b96aa97d4 100644
--- a/nuclei-templates/2023/CVE-2023-30872-9d98910f079017bb745e5dfdd7b3a383.yaml
+++ b/nuclei-templates/2023/CVE-2023-30872-9d98910f079017bb745e5dfdd7b3a383.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BSK Forms Blacklist <= 3.6.2 - Authenticated (Administrator+) SQL Injection via 'order' and 'orderby'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The BSK Forms Blacklist plugin for WordPress is vulnerable to generic SQL Injection via the 'order' and 'orderby' parameters in versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bsk-gravityforms-blacklist/"
     google-query: inurl:"/wp-content/plugins/bsk-gravityforms-blacklist/"
     shodan-query: 'vuln:CVE-2023-30872'
-  tags: cve,wordpress,wp-plugin,bsk-gravityforms-blacklist,high
+  tags: cve,wordpress,wp-plugin,bsk-gravityforms-blacklist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30873-8438c9473d07feba9507b08f7b2ca394.yaml b/nuclei-templates/2023/CVE-2023-30873-8438c9473d07feba9507b08f7b2ca394.yaml
index 352f2a75ff..69856b0c88 100644
--- a/nuclei-templates/2023/CVE-2023-30873-8438c9473d07feba9507b08f7b2ca394.yaml
+++ b/nuclei-templates/2023/CVE-2023-30873-8438c9473d07feba9507b08f7b2ca394.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Docs <= 1.9.8 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Docs plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on the AJAX functions wpdocs_create_folder, wpdocs_update_folder, and wpdocs_delete_folder. This makes it possible for authenticated attackers to create, rename and delete folders maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-docs/"
     google-query: inurl:"/wp-content/plugins/wp-docs/"
     shodan-query: 'vuln:CVE-2023-30873'
-  tags: cve,wordpress,wp-plugin,wp-docs,medium
+  tags: cve,wordpress,wp-plugin,wp-docs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30874-b434181ec4dda3f7c495c50067c97199.yaml b/nuclei-templates/2023/CVE-2023-30874-b434181ec4dda3f7c495c50067c97199.yaml
index ad3e83c561..a9c3d464df 100644
--- a/nuclei-templates/2023/CVE-2023-30874-b434181ec4dda3f7c495c50067c97199.yaml
+++ b/nuclei-templates/2023/CVE-2023-30874-b434181ec4dda3f7c495c50067c97199.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GPS Plotter <= 5.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GPS Plotter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gps-plotter/"
     google-query: inurl:"/wp-content/plugins/gps-plotter/"
     shodan-query: 'vuln:CVE-2023-30874'
-  tags: cve,wordpress,wp-plugin,gps-plotter,medium
+  tags: cve,wordpress,wp-plugin,gps-plotter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30875-6608e81097680e6fc28899a61a6c4d0d.yaml b/nuclei-templates/2023/CVE-2023-30875-6608e81097680e6fc28899a61a6c4d0d.yaml
index 03c297ce0a..1eacad6cbf 100644
--- a/nuclei-templates/2023/CVE-2023-30875-6608e81097680e6fc28899a61a6c4d0d.yaml
+++ b/nuclei-templates/2023/CVE-2023-30875-6608e81097680e6fc28899a61a6c4d0d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Logo Scheduler <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Logo Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/logo-scheduler-great-for-holidays-events-and-more/"
     google-query: inurl:"/wp-content/plugins/logo-scheduler-great-for-holidays-events-and-more/"
     shodan-query: 'vuln:CVE-2023-30875'
-  tags: cve,wordpress,wp-plugin,logo-scheduler-great-for-holidays-events-and-more,medium
+  tags: cve,wordpress,wp-plugin,logo-scheduler-great-for-holidays-events-and-more,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-30876-00d2f835919a4763491bb6e0afc99ba1.yaml b/nuclei-templates/2023/CVE-2023-30876-00d2f835919a4763491bb6e0afc99ba1.yaml
index 5ece0e8814..f2047bb5cc 100644
--- a/nuclei-templates/2023/CVE-2023-30876-00d2f835919a4763491bb6e0afc99ba1.yaml
+++ b/nuclei-templates/2023/CVE-2023-30876-00d2f835919a4763491bb6e0afc99ba1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dave's WordPress Live Search <= 4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dave's WordPress Live Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/daves-wordpress-live-search/"
     google-query: inurl:"/wp-content/plugins/daves-wordpress-live-search/"
     shodan-query: 'vuln:CVE-2023-30876'
-  tags: cve,wordpress,wp-plugin,daves-wordpress-live-search,medium
+  tags: cve,wordpress,wp-plugin,daves-wordpress-live-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31073-a2374460bb7e70d55eb2c8c43ce8140b.yaml b/nuclei-templates/2023/CVE-2023-31073-a2374460bb7e70d55eb2c8c43ce8140b.yaml
index d17b971704..0304414670 100644
--- a/nuclei-templates/2023/CVE-2023-31073-a2374460bb7e70d55eb2c8c43ce8140b.yaml
+++ b/nuclei-templates/2023/CVE-2023-31073-a2374460bb7e70d55eb2c8c43ce8140b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Display custom fields in the frontend – Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the display_object_data_shortcode function referenced by the vg_display_data shortcode in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers , with subscriber-level access and above, to access other users' metadata.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-to-display-post-and-user-data/"
     google-query: inurl:"/wp-content/plugins/shortcode-to-display-post-and-user-data/"
     shodan-query: 'vuln:CVE-2023-31073'
-  tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,medium
+  tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31079-13d220693e087642304f87b309abc136.yaml b/nuclei-templates/2023/CVE-2023-31079-13d220693e087642304f87b309abc136.yaml
index c0f1007980..c7f527b84b 100644
--- a/nuclei-templates/2023/CVE-2023-31079-13d220693e087642304f87b309abc136.yaml
+++ b/nuclei-templates/2023/CVE-2023-31079-13d220693e087642304f87b309abc136.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tippy <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tippy shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tippy shortcode in versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping of the user-supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tippy/"
     google-query: inurl:"/wp-content/plugins/tippy/"
     shodan-query: 'vuln:CVE-2023-31079'
-  tags: cve,wordpress,wp-plugin,tippy,medium
+  tags: cve,wordpress,wp-plugin,tippy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31080-f213f0cf0f29187e1d444e194fee045d.yaml b/nuclei-templates/2023/CVE-2023-31080-f213f0cf0f29187e1d444e194fee045d.yaml
index dfe12b007c..add4b72e94 100644
--- a/nuclei-templates/2023/CVE-2023-31080-f213f0cf0f29187e1d444e194fee045d.yaml
+++ b/nuclei-templates/2023/CVE-2023-31080-f213f0cf0f29187e1d444e194fee045d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the extensive functions throughout the plugin in versions up to, and including, 1.5.65. This makes it possible for authenticated attackers, with contributor-level access and above, to perform a plethora of unauthorized actions such as updating/ deleting/modfying addons and modifying various settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/"
     google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/"
     shodan-query: 'vuln:CVE-2023-31080'
-  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31091-5127fd9a578ab8f75789be1aab665dea.yaml b/nuclei-templates/2023/CVE-2023-31091-5127fd9a578ab8f75789be1aab665dea.yaml
index 7dfb55002a..97fbd74bff 100644
--- a/nuclei-templates/2023/CVE-2023-31091-5127fd9a578ab8f75789be1aab665dea.yaml
+++ b/nuclei-templates/2023/CVE-2023-31091-5127fd9a578ab8f75789be1aab665dea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dynamically Register Sidebars <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dynamically Register Sidebars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dynamically-register-sidebars/"
     google-query: inurl:"/wp-content/plugins/dynamically-register-sidebars/"
     shodan-query: 'vuln:CVE-2023-31091'
-  tags: cve,wordpress,wp-plugin,dynamically-register-sidebars,medium
+  tags: cve,wordpress,wp-plugin,dynamically-register-sidebars,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31092-49c0957ce7beb86c6cd3610ef85cd2a3.yaml b/nuclei-templates/2023/CVE-2023-31092-49c0957ce7beb86c6cd3610ef85cd2a3.yaml
index 8e2baa51d8..834268c9c3 100644
--- a/nuclei-templates/2023/CVE-2023-31092-49c0957ce7beb86c6cd3610ef85cd2a3.yaml
+++ b/nuclei-templates/2023/CVE-2023-31092-49c0957ce7beb86c6cd3610ef85cd2a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Bet <= 1.0.2 - Authenticated(Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Easy Bet plugin for WordPress is vulnerable to generic SQL Injection via multiple parameters in versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with contributor-level permissions or above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-bet/"
     google-query: inurl:"/wp-content/plugins/easy-bet/"
     shodan-query: 'vuln:CVE-2023-31092'
-  tags: cve,wordpress,wp-plugin,easy-bet,high
+  tags: cve,wordpress,wp-plugin,easy-bet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31212-572e59930dcc24f750ce3dae22510652.yaml b/nuclei-templates/2023/CVE-2023-31212-572e59930dcc24f750ce3dae22510652.yaml
index e30b90279b..bffa980b44 100644
--- a/nuclei-templates/2023/CVE-2023-31212-572e59930dcc24f750ce3dae22510652.yaml
+++ b/nuclei-templates/2023/CVE-2023-31212-572e59930dcc24f750ce3dae22510652.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) SQL Injection via shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contact Form Entries plugin for WordPress is vulnerable to generic SQL Injection via the plugin's shortcode attributes in versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-entries/"
     google-query: inurl:"/wp-content/plugins/contact-form-entries/"
     shodan-query: 'vuln:CVE-2023-31212'
-  tags: cve,wordpress,wp-plugin,contact-form-entries,high
+  tags: cve,wordpress,wp-plugin,contact-form-entries,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31213-f10d7adc04b5a73f4d72dd21d3e9038b.yaml b/nuclei-templates/2023/CVE-2023-31213-f10d7adc04b5a73f4d72dd21d3e9038b.yaml
index 11f32be484..48590605d4 100644
--- a/nuclei-templates/2023/CVE-2023-31213-f10d7adc04b5a73f4d72dd21d3e9038b.yaml
+++ b/nuclei-templates/2023/CVE-2023-31213-f10d7adc04b5a73f4d72dd21d3e9038b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBakery Page Builder for WordPress <= 6.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 6.12.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js_composer/"
     google-query: inurl:"/wp-content/plugins/js_composer/"
     shodan-query: 'vuln:CVE-2023-31213'
-  tags: cve,wordpress,wp-plugin,js_composer,medium
+  tags: cve,wordpress,wp-plugin,js_composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31214-10b5f73ced4f4ae8f40389dd6e188b1c.yaml b/nuclei-templates/2023/CVE-2023-31214-10b5f73ced4f4ae8f40389dd6e188b1c.yaml
index 9db63c3e95..43a754cf16 100644
--- a/nuclei-templates/2023/CVE-2023-31214-10b5f73ced4f4ae8f40389dd6e188b1c.yaml
+++ b/nuclei-templates/2023/CVE-2023-31214-10b5f73ced4f4ae8f40389dd6e188b1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Quick Post Duplicator <= 2.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Quick Post Duplicator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apj_duplicate_post_as_a_draft() function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate arbitrary posts that may have protected content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-quick-post-duplicator/"
     google-query: inurl:"/wp-content/plugins/wp-quick-post-duplicator/"
     shodan-query: 'vuln:CVE-2023-31214'
-  tags: cve,wordpress,wp-plugin,wp-quick-post-duplicator,medium
+  tags: cve,wordpress,wp-plugin,wp-quick-post-duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31215-90f8bc64469472ae0cd3174d5b6a7976.yaml b/nuclei-templates/2023/CVE-2023-31215-90f8bc64469472ae0cd3174d5b6a7976.yaml
index 94c0baa505..7e0e975d9b 100644
--- a/nuclei-templates/2023/CVE-2023-31215-90f8bc64469472ae0cd3174d5b6a7976.yaml
+++ b/nuclei-templates/2023/CVE-2023-31215-90f8bc64469472ae0cd3174d5b6a7976.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dropshipping & Affiliation with Amazon <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Dropshipping & Affiliation with Amazon plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on files imported from a URL via the wpas_import_product_from_amazon() function called via an AJAX action in versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-amazon-shop/"
     google-query: inurl:"/wp-content/plugins/wp-amazon-shop/"
     shodan-query: 'vuln:CVE-2023-31215'
-  tags: cve,wordpress,wp-plugin,wp-amazon-shop,high
+  tags: cve,wordpress,wp-plugin,wp-amazon-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31217-2ccf4a97a0b2b289a9997f10c05da014.yaml b/nuclei-templates/2023/CVE-2023-31217-2ccf4a97a0b2b289a9997f10c05da014.yaml
index 9f51303bf0..0a80316439 100644
--- a/nuclei-templates/2023/CVE-2023-31217-2ccf4a97a0b2b289a9997f10c05da014.yaml
+++ b/nuclei-templates/2023/CVE-2023-31217-2ccf4a97a0b2b289a9997f10c05da014.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Location and IP <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Location and IP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-location-and-ip/"
     google-query: inurl:"/wp-content/plugins/user-location-and-ip/"
     shodan-query: 'vuln:CVE-2023-31217'
-  tags: cve,wordpress,wp-plugin,user-location-and-ip,medium
+  tags: cve,wordpress,wp-plugin,user-location-and-ip,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31218-4d37b5938e435e55d1b784b692eb0059.yaml b/nuclei-templates/2023/CVE-2023-31218-4d37b5938e435e55d1b784b692eb0059.yaml
index f2f219113f..4c80abc150 100644
--- a/nuclei-templates/2023/CVE-2023-31218-4d37b5938e435e55d1b784b692eb0059.yaml
+++ b/nuclei-templates/2023/CVE-2023-31218-4d37b5938e435e55d1b784b692eb0059.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WOLF <= 1.0.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wpbe_update_page_field
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WOLF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpbe_update_page_field parameter in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber privileges, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-editor/"
     google-query: inurl:"/wp-content/plugins/bulk-editor/"
     shodan-query: 'vuln:CVE-2023-31218'
-  tags: cve,wordpress,wp-plugin,bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,bulk-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31219-ce4d8c6c1d15b00a6a80a41c19c0a53f.yaml b/nuclei-templates/2023/CVE-2023-31219-ce4d8c6c1d15b00a6a80a41c19c0a53f.yaml
index e10bd3e46a..0786d41d83 100644
--- a/nuclei-templates/2023/CVE-2023-31219-ce4d8c6c1d15b00a6a80a41c19c0a53f.yaml
+++ b/nuclei-templates/2023/CVE-2023-31219-ce4d8c6c1d15b00a6a80a41c19c0a53f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 4.8.1 - Authenticated (Admin+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 4.8.1 via the trigger() function. This makes it possible for authenticated attackers with administrative privileges to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:CVE-2023-31219'
-  tags: cve,wordpress,wp-plugin,download-monitor,medium
+  tags: cve,wordpress,wp-plugin,download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31221-2f2309313c5bda581e3b02314b8c850b.yaml b/nuclei-templates/2023/CVE-2023-31221-2f2309313c5bda581e3b02314b8c850b.yaml
index 43262faaea..c95e1490d4 100644
--- a/nuclei-templates/2023/CVE-2023-31221-2f2309313c5bda581e3b02314b8c850b.yaml
+++ b/nuclei-templates/2023/CVE-2023-31221-2f2309313c5bda581e3b02314b8c850b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDQ CSV <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PDQ CSV plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdq-csv/"
     google-query: inurl:"/wp-content/plugins/pdq-csv/"
     shodan-query: 'vuln:CVE-2023-31221'
-  tags: cve,wordpress,wp-plugin,pdq-csv,medium
+  tags: cve,wordpress,wp-plugin,pdq-csv,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31228-514273203d780a9cda87e275d81e2d5f.yaml b/nuclei-templates/2023/CVE-2023-31228-514273203d780a9cda87e275d81e2d5f.yaml
index 8ced1dfdb6..4ab3483df7 100644
--- a/nuclei-templates/2023/CVE-2023-31228-514273203d780a9cda87e275d81e2d5f.yaml
+++ b/nuclei-templates/2023/CVE-2023-31228-514273203d780a9cda87e275d81e2d5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CM On Demand Search And Replace <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CM On Demand Search And Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cm-on-demand-search-and-replace/"
     google-query: inurl:"/wp-content/plugins/cm-on-demand-search-and-replace/"
     shodan-query: 'vuln:CVE-2023-31228'
-  tags: cve,wordpress,wp-plugin,cm-on-demand-search-and-replace,medium
+  tags: cve,wordpress,wp-plugin,cm-on-demand-search-and-replace,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31232-d8a9eea8aa488b4edc83d1161c57f57d.yaml b/nuclei-templates/2023/CVE-2023-31232-d8a9eea8aa488b4edc83d1161c57f57d.yaml
index 4aa628a413..8e3e51da55 100644
--- a/nuclei-templates/2023/CVE-2023-31232-d8a9eea8aa488b4edc83d1161c57f57d.yaml
+++ b/nuclei-templates/2023/CVE-2023-31232-d8a9eea8aa488b4edc83d1161c57f57d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plugins List <= 2.5 - Authenticated (Author+) Stored Cross-Site Scripting via replace_plugin_list_tags
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Plugins List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the replace_plugin_list_tags function in versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/plugins-list/"
     google-query: inurl:"/wp-content/plugins/plugins-list/"
     shodan-query: 'vuln:CVE-2023-31232'
-  tags: cve,wordpress,wp-plugin,plugins-list,medium
+  tags: cve,wordpress,wp-plugin,plugins-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31234-2da3bb827430b38a292fe600fab2f658.yaml b/nuclei-templates/2023/CVE-2023-31234-2da3bb827430b38a292fe600fab2f658.yaml
index cf39b64623..d349e16f6f 100644
--- a/nuclei-templates/2023/CVE-2023-31234-2da3bb827430b38a292fe600fab2f658.yaml
+++ b/nuclei-templates/2023/CVE-2023-31234-2da3bb827430b38a292fe600fab2f658.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tilda Publishing <= 0.3.23 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tilda Publishing plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on several functions hooked via AJAX actions such as 'ajax_export_file,' 'ajax_sync,' 'ajax_get_keys,' 'ajax_switcher_status,' and more in versions up to, and including, 0.3.23. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform a wide variety of actions like exporting data, modifying keys, and more.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tilda-publishing/"
     google-query: inurl:"/wp-content/plugins/tilda-publishing/"
     shodan-query: 'vuln:CVE-2023-31234'
-  tags: cve,wordpress,wp-plugin,tilda-publishing,medium
+  tags: cve,wordpress,wp-plugin,tilda-publishing,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-31236-dd27ae18a86029fffd366285509782e0.yaml b/nuclei-templates/2023/CVE-2023-31236-dd27ae18a86029fffd366285509782e0.yaml
index f6ed92b8f5..a3f2d2332e 100644
--- a/nuclei-templates/2023/CVE-2023-31236-dd27ae18a86029fffd366285509782e0.yaml
+++ b/nuclei-templates/2023/CVE-2023-31236-dd27ae18a86029fffd366285509782e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scripts n Styles <= 3.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Scripts n Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scripts-n-styles/"
     google-query: inurl:"/wp-content/plugins/scripts-n-styles/"
     shodan-query: 'vuln:CVE-2023-31236'
-  tags: cve,wordpress,wp-plugin,scripts-n-styles,medium
+  tags: cve,wordpress,wp-plugin,scripts-n-styles,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3124-495b1b12b50b14325e42d32d8b21fb76.yaml b/nuclei-templates/2023/CVE-2023-3124-495b1b12b50b14325e42d32d8b21fb76.yaml
index 51474ba682..65cd65de68 100644
--- a/nuclei-templates/2023/CVE-2023-3124-495b1b12b50b14325e42d32d8b21fb76.yaml
+++ b/nuclei-templates/2023/CVE-2023-3124-495b1b12b50b14325e42d32d8b21fb76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2023-3124'
-  tags: cve,wordpress,wp-plugin,elementor-pro,high
+  tags: cve,wordpress,wp-plugin,elementor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3125-eef58a96354df2086d4576efe4313ff1.yaml b/nuclei-templates/2023/CVE-2023-3125-eef58a96354df2086d4576efe4313ff1.yaml
index 826a41566b..44b8530a7b 100644
--- a/nuclei-templates/2023/CVE-2023-3125-eef58a96354df2086d4576efe4313ff1.yaml
+++ b/nuclei-templates/2023/CVE-2023-3125-eef58a96354df2086d4576efe4313ff1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Price Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/b2bking-wholesale-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/b2bking-wholesale-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-3125'
-  tags: cve,wordpress,wp-plugin,b2bking-wholesale-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,b2bking-wholesale-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3126-5676c8d193c6c7c7c19f827a6027fe03.yaml b/nuclei-templates/2023/CVE-2023-3126-5676c8d193c6c7c7c19f827a6027fe03.yaml
index f153f8d88e..c79e5e048f 100644
--- a/nuclei-templates/2023/CVE-2023-3126-5676c8d193c6c7c7c19f827a6027fe03.yaml
+++ b/nuclei-templates/2023/CVE-2023-3126-5676c8d193c6c7c7c19f827a6027fe03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/b2bking-wholesale-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/b2bking-wholesale-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-3126'
-  tags: cve,wordpress,wp-plugin,b2bking-wholesale-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,b2bking-wholesale-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3129-7d73c621a5e8b7d0767350621fede4eb.yaml b/nuclei-templates/2023/CVE-2023-3129-7d73c621a5e8b7d0767350621fede4eb.yaml
index 3f608af201..e513c6cd38 100644
--- a/nuclei-templates/2023/CVE-2023-3129-7d73c621a5e8b7d0767350621fede4eb.yaml
+++ b/nuclei-templates/2023/CVE-2023-3129-7d73c621a5e8b7d0767350621fede4eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress <= 1.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The URL Shortify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.6.5  due to insufficient input sanitization and output escaping on the "Link Prefix" setting. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/url-shortify/"
     google-query: inurl:"/wp-content/plugins/url-shortify/"
     shodan-query: 'vuln:CVE-2023-3129'
-  tags: cve,wordpress,wp-plugin,url-shortify,medium
+  tags: cve,wordpress,wp-plugin,url-shortify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3130-cd46d97404c66642d7eaa5afb0766ece.yaml b/nuclei-templates/2023/CVE-2023-3130-cd46d97404c66642d7eaa5afb0766ece.yaml
index 53b28f4b4d..46926979cf 100644
--- a/nuclei-templates/2023/CVE-2023-3130-cd46d97404c66642d7eaa5afb0766ece.yaml
+++ b/nuclei-templates/2023/CVE-2023-3130-cd46d97404c66642d7eaa5afb0766ece.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Short URL <=  1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'url_externe' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shorten-url/"
     google-query: inurl:"/wp-content/plugins/shorten-url/"
     shodan-query: 'vuln:CVE-2023-3130'
-  tags: cve,wordpress,wp-plugin,shorten-url,medium
+  tags: cve,wordpress,wp-plugin,shorten-url,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3131-4acb0dd741daeb068a56799abff8a41c.yaml b/nuclei-templates/2023/CVE-2023-3131-4acb0dd741daeb068a56799abff8a41c.yaml
index 689e6ed14e..dfb1edc9d3 100644
--- a/nuclei-templates/2023/CVE-2023-3131-4acb0dd741daeb068a56799abff8a41c.yaml
+++ b/nuclei-templates/2023/CVE-2023-3131-4acb0dd741daeb068a56799abff8a41c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MStore API <= 3.9.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MStore API plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions called via AJAX actions such as mstore_delete_json_file, mstore_update_limit_product, mstore_update_firebase_server_key, mstore_update_new_order_title, mstore_update_new_order_message, mstore_update_status_order_title, and mstore_update_status_order_message in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to perform several unauthorized actions that allow the attacker to control the plugins settings. This was partially patched in 3.9.6 but not fully patched until 3.9.7. CVE-2023-3209 Also applies to this vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mstore-api/"
     google-query: inurl:"/wp-content/plugins/mstore-api/"
     shodan-query: 'vuln:CVE-2023-3131'
-  tags: cve,wordpress,wp-plugin,mstore-api,medium
+  tags: cve,wordpress,wp-plugin,mstore-api,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3154-ca565e6cb88aa754dd01e131a2eefadc.yaml b/nuclei-templates/2023/CVE-2023-3154-ca565e6cb88aa754dd01e131a2eefadc.yaml
index 4163e55660..c94b559768 100644
--- a/nuclei-templates/2023/CVE-2023-3154-ca565e6cb88aa754dd01e131a2eefadc.yaml
+++ b/nuclei-templates/2023/CVE-2023-3154-ca565e6cb88aa754dd01e131a2eefadc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Gallery Plugin – NextGEN Gallery <= 3.38 - Authenticated (Admin+) PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 3.38 via deserialization of untrusted input in the gallery_edit function. This makes it possible for authenticated attackers, with administrative-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2023-3154'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3155-75f34276d9b10d0195d546eabefff833.yaml b/nuclei-templates/2023/CVE-2023-3155-75f34276d9b10d0195d546eabefff833.yaml
index 49fb15ffc9..6c3d77b23a 100644
--- a/nuclei-templates/2023/CVE-2023-3155-75f34276d9b10d0195d546eabefff833.yaml
+++ b/nuclei-templates/2023/CVE-2023-3155-75f34276d9b10d0195d546eabefff833.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGEN Gallery <= 3.37 - Authenticated (Admininistrator+) Arbitrary File Read and Deletion in gallery_edit
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NextGEN Gallery plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in versions up to, and including, 3.37. This is due to insufficient input validation within the gallery_edit function. This makes it possible for authenticated attackers, with administrator-level privileges and above, to read and delete arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2023-3155'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3170-01793590016afb66f5a418a945e41a09.yaml b/nuclei-templates/2023/CVE-2023-3170-01793590016afb66f5a418a945e41a09.yaml
index 22438347a2..06e14decae 100644
--- a/nuclei-templates/2023/CVE-2023-3170-01793590016afb66f5a418a945e41a09.yaml
+++ b/nuclei-templates/2023/CVE-2023-3170-01793590016afb66f5a418a945e41a09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     tagDiv Composer <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/td-composer/"
     google-query: inurl:"/wp-content/plugins/td-composer/"
     shodan-query: 'vuln:CVE-2023-3170'
-  tags: cve,wordpress,wp-plugin,td-composer,medium
+  tags: cve,wordpress,wp-plugin,td-composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3175-a8d129ffa611a0e2860f9a0cb3ae87ba.yaml b/nuclei-templates/2023/CVE-2023-3175-a8d129ffa611a0e2860f9a0cb3ae87ba.yaml
index b06116f547..23ef7f5f7a 100644
--- a/nuclei-templates/2023/CVE-2023-3175-a8d129ffa611a0e2860f9a0cb3ae87ba.yaml
+++ b/nuclei-templates/2023/CVE-2023-3175-a8d129ffa611a0e2860f9a0cb3ae87ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI ChatBot <= 4.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AI ChatBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings on the 'language' tab in versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-3175'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32094-c787c6531ee0637047c0b6f0c28238e9.yaml b/nuclei-templates/2023/CVE-2023-32094-c787c6531ee0637047c0b6f0c28238e9.yaml
index 25864bb317..5ad656ad83 100644
--- a/nuclei-templates/2023/CVE-2023-32094-c787c6531ee0637047c0b6f0c28238e9.yaml
+++ b/nuclei-templates/2023/CVE-2023-32094-c787c6531ee0637047c0b6f0c28238e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Extended Post Status <= 1.0.19 - Missing Authorization via wp_insert_post_data
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Extended Post Status plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_insert_post_data function in versions up to, and including, 1.0.19. This makes it possible for authenticated attackers, with contributor-level access and above, to set their own posts to the 'published' status via the extended post status metabox.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/extended-post-status/"
     google-query: inurl:"/wp-content/plugins/extended-post-status/"
     shodan-query: 'vuln:CVE-2023-32094'
-  tags: cve,wordpress,wp-plugin,extended-post-status,medium
+  tags: cve,wordpress,wp-plugin,extended-post-status,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32095-024b2767e265d1c0c5a095406c0967d5.yaml b/nuclei-templates/2023/CVE-2023-32095-024b2767e265d1c0c5a095406c0967d5.yaml
index fc50d48a34..219459eb54 100644
--- a/nuclei-templates/2023/CVE-2023-32095-024b2767e265d1c0c5a095406c0967d5.yaml
+++ b/nuclei-templates/2023/CVE-2023-32095-024b2767e265d1c0c5a095406c0967d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rename Media Files <= 1.0.1 - Authenticated (Contributor+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Rename Media Files plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rename-media-files/"
     google-query: inurl:"/wp-content/plugins/rename-media-files/"
     shodan-query: 'vuln:CVE-2023-32095'
-  tags: cve,wordpress,wp-plugin,rename-media-files,high
+  tags: cve,wordpress,wp-plugin,rename-media-files,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32102-d611c750b72176ae3a8cea6f7095bd28.yaml b/nuclei-templates/2023/CVE-2023-32102-d611c750b72176ae3a8cea6f7095bd28.yaml
index fe8e4b0f9c..0990a74a0f 100644
--- a/nuclei-templates/2023/CVE-2023-32102-d611c750b72176ae3a8cea6f7095bd28.yaml
+++ b/nuclei-templates/2023/CVE-2023-32102-d611c750b72176ae3a8cea6f7095bd28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Library Viewer <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Library Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting the plugin's shortcode(s) in versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/library-viewer/"
     google-query: inurl:"/wp-content/plugins/library-viewer/"
     shodan-query: 'vuln:CVE-2023-32102'
-  tags: cve,wordpress,wp-plugin,library-viewer,medium
+  tags: cve,wordpress,wp-plugin,library-viewer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32103-da386ce90f0520e508b80fb1a2e2a0c2.yaml b/nuclei-templates/2023/CVE-2023-32103-da386ce90f0520e508b80fb1a2e2a0c2.yaml
index d92d4b1666..8d6f489640 100644
--- a/nuclei-templates/2023/CVE-2023-32103-da386ce90f0520e508b80fb1a2e2a0c2.yaml
+++ b/nuclei-templates/2023/CVE-2023-32103-da386ce90f0520e508b80fb1a2e2a0c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TP Education <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TP Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.4 due to insufficient input sanitization and output escaping of the user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tp-education/"
     google-query: inurl:"/wp-content/plugins/tp-education/"
     shodan-query: 'vuln:CVE-2023-32103'
-  tags: cve,wordpress,wp-plugin,tp-education,medium
+  tags: cve,wordpress,wp-plugin,tp-education,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3211-6cf9abd0a55631980f6943dc1552464b.yaml b/nuclei-templates/2023/CVE-2023-3211-6cf9abd0a55631980f6943dc1552464b.yaml
index 6b1e4a6bc0..d33acdca5a 100644
--- a/nuclei-templates/2023/CVE-2023-3211-6cf9abd0a55631980f6943dc1552464b.yaml
+++ b/nuclei-templates/2023/CVE-2023-3211-6cf9abd0a55631980f6943dc1552464b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Database Administrator <= 1.0.3 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WordPress Database Administrator plugin for WordPress is vulnerable to SQL Injection via an AJAX action in versions up to, and including, 1.0.3 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level and above permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-admin/"
     google-query: inurl:"/wp-content/plugins/wp-database-admin/"
     shodan-query: 'vuln:CVE-2023-3211'
-  tags: cve,wordpress,wp-plugin,wp-database-admin,high
+  tags: cve,wordpress,wp-plugin,wp-database-admin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32110-427edef992d7f7fdd62c26fd579e2341.yaml b/nuclei-templates/2023/CVE-2023-32110-427edef992d7f7fdd62c26fd579e2341.yaml
index bd6714d528..e6414237c5 100644
--- a/nuclei-templates/2023/CVE-2023-32110-427edef992d7f7fdd62c26fd579e2341.yaml
+++ b/nuclei-templates/2023/CVE-2023-32110-427edef992d7f7fdd62c26fd579e2341.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JupiterX Theme <= 3.0.0  - Authenticated Local File Inclusion via print_pane
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The JupiterX theme for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.0.0 via the print_pane function. This allows authenticated attackers with subscriber-level permissions or above to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/jupiterx/"
     google-query: inurl:"/wp-content/themes/jupiterx/"
     shodan-query: 'vuln:CVE-2023-32110'
-  tags: cve,wordpress,wp-theme,jupiterx,high
+  tags: cve,wordpress,wp-theme,jupiterx,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32116-03278634b9340d2d49106fefa161e7cd.yaml b/nuclei-templates/2023/CVE-2023-32116-03278634b9340d2d49106fefa161e7cd.yaml
index 6a4978732f..1e7d1ee318 100644
--- a/nuclei-templates/2023/CVE-2023-32116-03278634b9340d2d49106fefa161e7cd.yaml
+++ b/nuclei-templates/2023/CVE-2023-32116-03278634b9340d2d49106fefa161e7cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom post types <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-post-types/"
     google-query: inurl:"/wp-content/plugins/custom-post-types/"
     shodan-query: 'vuln:CVE-2023-32116'
-  tags: cve,wordpress,wp-plugin,custom-post-types,medium
+  tags: cve,wordpress,wp-plugin,custom-post-types,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32118-5727788917ca5dc70c5a2a8fc41d6ea0.yaml b/nuclei-templates/2023/CVE-2023-32118-5727788917ca5dc70c5a2a8fc41d6ea0.yaml
index 09c9630ba4..a2b914cf66 100644
--- a/nuclei-templates/2023/CVE-2023-32118-5727788917ca5dc70c5a2a8fc41d6ea0.yaml
+++ b/nuclei-templates/2023/CVE-2023-32118-5727788917ca5dc70c5a2a8fc41d6ea0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SALERT <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SALERT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salert/"
     google-query: inurl:"/wp-content/plugins/salert/"
     shodan-query: 'vuln:CVE-2023-32118'
-  tags: cve,wordpress,wp-plugin,salert,medium
+  tags: cve,wordpress,wp-plugin,salert,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32119-7fa8eef52402bb269ab6eda7703db35e.yaml b/nuclei-templates/2023/CVE-2023-32119-7fa8eef52402bb269ab6eda7703db35e.yaml
index c70d4f2c23..5130480339 100644
--- a/nuclei-templates/2023/CVE-2023-32119-7fa8eef52402bb269ab6eda7703db35e.yaml
+++ b/nuclei-templates/2023/CVE-2023-32119-7fa8eef52402bb269ab6eda7703db35e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPO365 | Mail Integration for Office 365 / Outlook <= 1.9.0 - reflected Cross-Site Scripting via error_description
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPO365 | Mail Integration for Office 365 / Outlook plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the ‘error_description’ parameter in versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-integration-365/"
     google-query: inurl:"/wp-content/plugins/mail-integration-365/"
     shodan-query: 'vuln:CVE-2023-32119'
-  tags: cve,wordpress,wp-plugin,mail-integration-365,medium
+  tags: cve,wordpress,wp-plugin,mail-integration-365,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32120-2719d6731668b9065520117203a3303c.yaml b/nuclei-templates/2023/CVE-2023-32120-2719d6731668b9065520117203a3303c.yaml
index 9bbf369c2c..863c857f19 100644
--- a/nuclei-templates/2023/CVE-2023-32120-2719d6731668b9065520117203a3303c.yaml
+++ b/nuclei-templates/2023/CVE-2023-32120-2719d6731668b9065520117203a3303c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Manage Bookings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Room Title of the Manage Bookings feature in versions up to, and including, 1.1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hostel/"
     google-query: inurl:"/wp-content/plugins/hostel/"
     shodan-query: 'vuln:CVE-2023-32120'
-  tags: cve,wordpress,wp-plugin,hostel,medium
+  tags: cve,wordpress,wp-plugin,hostel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32121-8d3590a739a7dcd2c4eca80910f2eb77.yaml b/nuclei-templates/2023/CVE-2023-32121-8d3590a739a7dcd2c4eca80910f2eb77.yaml
index 8d6f21a354..f2fde5823e 100644
--- a/nuclei-templates/2023/CVE-2023-32121-8d3590a739a7dcd2c4eca80910f2eb77.yaml
+++ b/nuclei-templates/2023/CVE-2023-32121-8d3590a739a7dcd2c4eca80910f2eb77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zero Spam <= 5.4.4 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Zero Spam plugin for WordPress is vulnerable to SQL Injection parameter in versions up to, and including, 5.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers , with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zero-spam/"
     google-query: inurl:"/wp-content/plugins/zero-spam/"
     shodan-query: 'vuln:CVE-2023-32121'
-  tags: cve,wordpress,wp-plugin,zero-spam,high
+  tags: cve,wordpress,wp-plugin,zero-spam,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32126-f2eb2411647af07955e8ded396c4583e.yaml b/nuclei-templates/2023/CVE-2023-32126-f2eb2411647af07955e8ded396c4583e.yaml
index c2cd7ebdd7..dbd8ecf6fa 100644
--- a/nuclei-templates/2023/CVE-2023-32126-f2eb2411647af07955e8ded396c4583e.yaml
+++ b/nuclei-templates/2023/CVE-2023-32126-f2eb2411647af07955e8ded396c4583e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SALERT <= 1.2.1 - Missing Authorization via salert_save_settings_with_ajax()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SALERT plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the salert_save_settings_with_ajax() function called via an AJAX action in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salert/"
     google-query: inurl:"/wp-content/plugins/salert/"
     shodan-query: 'vuln:CVE-2023-32126'
-  tags: cve,wordpress,wp-plugin,salert,medium
+  tags: cve,wordpress,wp-plugin,salert,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32127-63aab415fe29b03c8068882fbb1507f4.yaml b/nuclei-templates/2023/CVE-2023-32127-63aab415fe29b03c8068882fbb1507f4.yaml
index 65c3ae0900..5a3e61e78c 100644
--- a/nuclei-templates/2023/CVE-2023-32127-63aab415fe29b03c8068882fbb1507f4.yaml
+++ b/nuclei-templates/2023/CVE-2023-32127-63aab415fe29b03c8068882fbb1507f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multi Rating <= 5.0.6 - Missing Authorization to Arbitrary Ratings Value Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Multi Rating plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mr_edit_rating function in versions up to, and including, 5.0.6. This makes it possible for unauthenticated attackers to modify arbitrary ratings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multi-rating/"
     google-query: inurl:"/wp-content/plugins/multi-rating/"
     shodan-query: 'vuln:CVE-2023-32127'
-  tags: cve,wordpress,wp-plugin,multi-rating,medium
+  tags: cve,wordpress,wp-plugin,multi-rating,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32128-6c67c1bd228e1520f2b8d5bf20bbed3b.yaml b/nuclei-templates/2023/CVE-2023-32128-6c67c1bd228e1520f2b8d5bf20bbed3b.yaml
index aa2334e518..1a92bb1894 100644
--- a/nuclei-templates/2023/CVE-2023-32128-6c67c1bd228e1520f2b8d5bf20bbed3b.yaml
+++ b/nuclei-templates/2023/CVE-2023-32128-6c67c1bd228e1520f2b8d5bf20bbed3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.7 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin for WordPress is vulnerable to SQL Injection via several parameters in versions up to, and including, 2.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers , with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cryptocurrency-donation-box/"
     google-query: inurl:"/wp-content/plugins/cryptocurrency-donation-box/"
     shodan-query: 'vuln:CVE-2023-32128'
-  tags: cve,wordpress,wp-plugin,cryptocurrency-donation-box,high
+  tags: cve,wordpress,wp-plugin,cryptocurrency-donation-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32129-3220945a9ad1b5aa7c5c294cafd443a6.yaml b/nuclei-templates/2023/CVE-2023-32129-3220945a9ad1b5aa7c5c294cafd443a6.yaml
index d717f3037c..9c7134553d 100644
--- a/nuclei-templates/2023/CVE-2023-32129-3220945a9ad1b5aa7c5c294cafd443a6.yaml
+++ b/nuclei-templates/2023/CVE-2023-32129-3220945a9ad1b5aa7c5c294cafd443a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Editorialmag <= 1.2.0 - Missing Authorization to Authenticated Plugin Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Editorialmag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate_plugin function in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above to activate arbitrary plugins on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/editorialmag/"
     google-query: inurl:"/wp-content/themes/editorialmag/"
     shodan-query: 'vuln:CVE-2023-32129'
-  tags: cve,wordpress,wp-theme,editorialmag,medium
+  tags: cve,wordpress,wp-theme,editorialmag,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3213-da10288b29dd37bfe67b8eab58492860.yaml b/nuclei-templates/2023/CVE-2023-3213-da10288b29dd37bfe67b8eab58492860.yaml
index 214c0d01aa..4761da430b 100644
--- a/nuclei-templates/2023/CVE-2023-3213-da10288b29dd37bfe67b8eab58492860.yaml
+++ b/nuclei-templates/2023/CVE-2023-3213-da10288b29dd37bfe67b8eab58492860.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mail SMTP Pro <= 3.8.0 - Missing Authorization to Information Dislcosure via is_print_page
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-smtp-pro/"
     google-query: inurl:"/wp-content/plugins/wp-mail-smtp-pro/"
     shodan-query: 'vuln:CVE-2023-3213'
-  tags: cve,wordpress,wp-plugin,wp-mail-smtp-pro,medium
+  tags: cve,wordpress,wp-plugin,wp-mail-smtp-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32130-e487dc2fff22059c80c2edae74cd9a80.yaml b/nuclei-templates/2023/CVE-2023-32130-e487dc2fff22059c80c2edae74cd9a80.yaml
index a7a74e9c55..e93012014a 100644
--- a/nuclei-templates/2023/CVE-2023-32130-e487dc2fff22059c80c2edae74cd9a80.yaml
+++ b/nuclei-templates/2023/CVE-2023-32130-e487dc2fff22059c80c2edae74cd9a80.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multi Rating <= 5.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Multi Rating plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 5.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multi-rating/"
     google-query: inurl:"/wp-content/plugins/multi-rating/"
     shodan-query: 'vuln:CVE-2023-32130'
-  tags: cve,wordpress,wp-plugin,multi-rating,medium
+  tags: cve,wordpress,wp-plugin,multi-rating,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3219-6c5fd9bdbd84a5f94cf449613dea61df.yaml b/nuclei-templates/2023/CVE-2023-3219-6c5fd9bdbd84a5f94cf449613dea61df.yaml
index 2c0a92f964..dba296505d 100644
--- a/nuclei-templates/2023/CVE-2023-3219-6c5fd9bdbd84a5f94cf449613dea61df.yaml
+++ b/nuclei-templates/2023/CVE-2023-3219-6c5fd9bdbd84a5f94cf449613dea61df.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2023-3219
   metadata:
-    fofa-query: "wp-content/plugins/eventon-lite/"
-    google-query: inurl:"/wp-content/plugins/eventon-lite/"
+    fofa-query: "wp-content/plugins/eventon/"
+    google-query: inurl:"/wp-content/plugins/eventon/"
     shodan-query: 'vuln:CVE-2023-3219'
-  tags: cve,wordpress,wp-plugin,eventon-lite,high
+  tags: cve,wordpress,wp-plugin,eventon,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "eventon-lite"
+          - "eventon"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.1')
\ No newline at end of file
+          - compare_versions(version, '< 4.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-32237-8d422c3c7895b2b4d7494cb28df2efe5.yaml b/nuclei-templates/2023/CVE-2023-32237-8d422c3c7895b2b4d7494cb28df2efe5.yaml
index ded26f2e42..dfb524a001 100644
--- a/nuclei-templates/2023/CVE-2023-32237-8d422c3c7895b2b4d7494cb28df2efe5.yaml
+++ b/nuclei-templates/2023/CVE-2023-32237-8d422c3c7895b2b4d7494cb28df2efe5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TheGem < 5.8.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TheGem theme for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to 5.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/thegem/"
     google-query: inurl:"/wp-content/themes/thegem/"
     shodan-query: 'vuln:CVE-2023-32237'
-  tags: cve,wordpress,wp-theme,thegem,medium
+  tags: cve,wordpress,wp-theme,thegem,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32237-9132b473713ba452ca61cd28b37b6336.yaml b/nuclei-templates/2023/CVE-2023-32237-9132b473713ba452ca61cd28b37b6336.yaml
index ee1919fe32..968f7ade18 100644
--- a/nuclei-templates/2023/CVE-2023-32237-9132b473713ba452ca61cd28b37b6336.yaml
+++ b/nuclei-templates/2023/CVE-2023-32237-9132b473713ba452ca61cd28b37b6336.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TheGem < 5.8.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TheGem theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 5.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/thegem/"
     google-query: inurl:"/wp-content/themes/thegem/"
     shodan-query: 'vuln:CVE-2023-32237'
-  tags: cve,wordpress,wp-theme,thegem,medium
+  tags: cve,wordpress,wp-theme,thegem,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32238-e3e7d2debbf761854054ecabf536826d.yaml b/nuclei-templates/2023/CVE-2023-32238-e3e7d2debbf761854054ecabf536826d.yaml
index 39a5f9ca20..83f3df3e4a 100644
--- a/nuclei-templates/2023/CVE-2023-32238-e3e7d2debbf761854054ecabf536826d.yaml
+++ b/nuclei-templates/2023/CVE-2023-32238-e3e7d2debbf761854054ecabf536826d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TheGem < 5.8.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TheGem theme for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the ajaxApi() function called via an AJAX action in versions up to 5.8.1.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like modifying custom fields, theme options, retrieving theme data, and more
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/thegem/"
     google-query: inurl:"/wp-content/themes/thegem/"
     shodan-query: 'vuln:CVE-2023-32238'
-  tags: cve,wordpress,wp-theme,thegem,medium
+  tags: cve,wordpress,wp-theme,thegem,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32239-a392159f37a0ade5203b528da67d0e66.yaml b/nuclei-templates/2023/CVE-2023-32239-a392159f37a0ade5203b528da67d0e66.yaml
index 008a90b4eb..f49ee9ef45 100644
--- a/nuclei-templates/2023/CVE-2023-32239-a392159f37a0ade5203b528da67d0e66.yaml
+++ b/nuclei-templates/2023/CVE-2023-32239-a392159f37a0ade5203b528da67d0e66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WoodMart <= 7.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WoodMart theme for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 7.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/woodmart/"
     google-query: inurl:"/wp-content/themes/woodmart/"
     shodan-query: 'vuln:CVE-2023-32239'
-  tags: cve,wordpress,wp-theme,woodmart,medium
+  tags: cve,wordpress,wp-theme,woodmart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32240-27976922dece0aca2bde50f6320bde6f.yaml b/nuclei-templates/2023/CVE-2023-32240-27976922dece0aca2bde50f6320bde6f.yaml
index ca31293141..e84158759f 100644
--- a/nuclei-templates/2023/CVE-2023-32240-27976922dece0aca2bde50f6320bde6f.yaml
+++ b/nuclei-templates/2023/CVE-2023-32240-27976922dece0aca2bde50f6320bde6f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WoodMart <= 7.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WoodMart theme for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on an unknown function in versions up to, and including, 7.2.1. This makes it possible for authenticated attackers , with subscriber-level access and above, to invoke this function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/woodmart/"
     google-query: inurl:"/wp-content/themes/woodmart/"
     shodan-query: 'vuln:CVE-2023-32240'
-  tags: cve,wordpress,wp-theme,woodmart,medium
+  tags: cve,wordpress,wp-theme,woodmart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3225-5fb9bec95a707650ef979fd037b97227.yaml b/nuclei-templates/2023/CVE-2023-3225-5fb9bec95a707650ef979fd037b97227.yaml
index bd1f4f2f26..029b622127 100644
--- a/nuclei-templates/2023/CVE-2023-3225-5fb9bec95a707650ef979fd037b97227.yaml
+++ b/nuclei-templates/2023/CVE-2023-3225-5fb9bec95a707650ef979fd037b97227.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Float menu <= 5.0.2 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Float menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/float-menu/"
     google-query: inurl:"/wp-content/plugins/float-menu/"
     shodan-query: 'vuln:CVE-2023-3225'
-  tags: cve,wordpress,wp-plugin,float-menu,medium
+  tags: cve,wordpress,wp-plugin,float-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3226-2b836e0762bdbf59a8ee2eb5384418f5.yaml b/nuclei-templates/2023/CVE-2023-3226-2b836e0762bdbf59a8ee2eb5384418f5.yaml
index cdc82e60a2..324a553e41 100644
--- a/nuclei-templates/2023/CVE-2023-3226-2b836e0762bdbf59a8ee2eb5384418f5.yaml
+++ b/nuclei-templates/2023/CVE-2023-3226-2b836e0762bdbf59a8ee2eb5384418f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder <= 4.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-builder/"
     google-query: inurl:"/wp-content/plugins/popup-builder/"
     shodan-query: 'vuln:CVE-2023-3226'
-  tags: cve,wordpress,wp-plugin,popup-builder,medium
+  tags: cve,wordpress,wp-plugin,popup-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32291-c8bc852e0f629926f8c3b976dbc68f47.yaml b/nuclei-templates/2023/CVE-2023-32291-c8bc852e0f629926f8c3b976dbc68f47.yaml
index ef0871f6df..e172a23bf4 100644
--- a/nuclei-templates/2023/CVE-2023-32291-c8bc852e0f629926f8c3b976dbc68f47.yaml
+++ b/nuclei-templates/2023/CVE-2023-32291-c8bc852e0f629926f8c3b976dbc68f47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MonsterInsights Pro <= 8.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MonsterInsights Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 8.14.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-premium/"
     google-query: inurl:"/wp-content/plugins/google-analytics-premium/"
     shodan-query: 'vuln:CVE-2023-32291'
-  tags: cve,wordpress,wp-plugin,google-analytics-premium,medium
+  tags: cve,wordpress,wp-plugin,google-analytics-premium,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32292-5010f538683e4ce673730780a1277a01.yaml b/nuclei-templates/2023/CVE-2023-32292-5010f538683e4ce673730780a1277a01.yaml
index 6a2ef12671..ff5a2cccf2 100644
--- a/nuclei-templates/2023/CVE-2023-32292-5010f538683e4ce673730780a1277a01.yaml
+++ b/nuclei-templates/2023/CVE-2023-32292-5010f538683e4ce673730780a1277a01.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chat Button <= 1.8.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chat Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.8.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/whatshelp-chat-button/"
     google-query: inurl:"/wp-content/plugins/whatshelp-chat-button/"
     shodan-query: 'vuln:CVE-2023-32292'
-  tags: cve,wordpress,wp-plugin,whatshelp-chat-button,medium
+  tags: cve,wordpress,wp-plugin,whatshelp-chat-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32293-c3986a6ffb844160a08c3a8660d4bd5e.yaml b/nuclei-templates/2023/CVE-2023-32293-c3986a6ffb844160a08c3a8660d4bd5e.yaml
index b0391d4b7e..8516f7df74 100644
--- a/nuclei-templates/2023/CVE-2023-32293-c3986a6ffb844160a08c3a8660d4bd5e.yaml
+++ b/nuclei-templates/2023/CVE-2023-32293-c3986a6ffb844160a08c3a8660d4bd5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WRC Pricing Tables <= 2.3.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WRC Pricing Tables plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on several functions including wrcpt_process_package_features, wrcpt_edit_pricing_packages, wrcpt_activate_template and others in versions up to, and including, 2.3.7. This makes it possible for unauthenticated attackers to make settings changes via nopriv AJAX actions. This plugin was further hardened with appropriate capability checks along-side the nonce checks in version 2.4 so we recommend updating to that version for optimal protection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wrc-pricing-tables/"
     google-query: inurl:"/wp-content/plugins/wrc-pricing-tables/"
     shodan-query: 'vuln:CVE-2023-32293'
-  tags: cve,wordpress,wp-plugin,wrc-pricing-tables,medium
+  tags: cve,wordpress,wp-plugin,wrc-pricing-tables,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32294-0a7db26507a2752830d796f872bfc74f.yaml b/nuclei-templates/2023/CVE-2023-32294-0a7db26507a2752830d796f872bfc74f.yaml
index a7e28dd242..ada2f638c0 100644
--- a/nuclei-templates/2023/CVE-2023-32294-0a7db26507a2752830d796f872bfc74f.yaml
+++ b/nuclei-templates/2023/CVE-2023-32294-0a7db26507a2752830d796f872bfc74f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GDPR Cookie Consent Notice Box <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GDPR Cookie Consent Notice Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookie-consent-box/"
     google-query: inurl:"/wp-content/plugins/cookie-consent-box/"
     shodan-query: 'vuln:CVE-2023-32294'
-  tags: cve,wordpress,wp-plugin,cookie-consent-box,medium
+  tags: cve,wordpress,wp-plugin,cookie-consent-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32295-38d608cacdc80db417ded65078eef410.yaml b/nuclei-templates/2023/CVE-2023-32295-38d608cacdc80db417ded65078eef410.yaml
index eb73393635..49c6244df7 100644
--- a/nuclei-templates/2023/CVE-2023-32295-38d608cacdc80db417ded65078eef410.yaml
+++ b/nuclei-templates/2023/CVE-2023-32295-38d608cacdc80db417ded65078eef410.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy!Appointments <= 1.3.1 - Authenticated(Subscriber+) Arbitrary File Deletion via 'disconnect'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Easy!Appointments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the disconnect function in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers with subscriber privileges to delete a preconfigured list of common filenames and subfolders from arbitrary directories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easyappointments/"
     google-query: inurl:"/wp-content/plugins/easyappointments/"
     shodan-query: 'vuln:CVE-2023-32295'
-  tags: cve,wordpress,wp-plugin,easyappointments,high
+  tags: cve,wordpress,wp-plugin,easyappointments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32299-82dd4087673f4e5c2cbc42c8ad11ddcf.yaml b/nuclei-templates/2023/CVE-2023-32299-82dd4087673f4e5c2cbc42c8ad11ddcf.yaml
index b13ae45d1e..2c4acdba1b 100644
--- a/nuclei-templates/2023/CVE-2023-32299-82dd4087673f4e5c2cbc42c8ad11ddcf.yaml
+++ b/nuclei-templates/2023/CVE-2023-32299-82dd4087673f4e5c2cbc42c8ad11ddcf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ni WooCommerce Sales Report <= 3.7.3 - Missing Authorization via ajax_sales_order
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ni WooCommerce Sales Report plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_sales_order' function in versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to view sales and order reports.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ni-woocommerce-sales-report/"
     google-query: inurl:"/wp-content/plugins/ni-woocommerce-sales-report/"
     shodan-query: 'vuln:CVE-2023-32299'
-  tags: cve,wordpress,wp-plugin,ni-woocommerce-sales-report,medium
+  tags: cve,wordpress,wp-plugin,ni-woocommerce-sales-report,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3244-42b4c4c9ef55b9cbba64c1b7340638c8.yaml b/nuclei-templates/2023/CVE-2023-3244-42b4c4c9ef55b9cbba64c1b7340638c8.yaml
index 466315e83a..33b6c00766 100644
--- a/nuclei-templates/2023/CVE-2023-3244-42b4c4c9ef55b9cbba64c1b7340638c8.yaml
+++ b/nuclei-templates/2023/CVE-2023-3244-42b4c4c9ef55b9cbba64c1b7340638c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to reset the plugin's settings. NOTE: this issue is was only partially patched in version 1.2.0, as the nonce is still present to subscriber-level users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comments-like-dislike/"
     google-query: inurl:"/wp-content/plugins/comments-like-dislike/"
     shodan-query: 'vuln:CVE-2023-3244'
-  tags: cve,wordpress,wp-plugin,comments-like-dislike,medium
+  tags: cve,wordpress,wp-plugin,comments-like-dislike,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3245-6ffb854c265938eec5a761ac2ea74cda.yaml b/nuclei-templates/2023/CVE-2023-3245-6ffb854c265938eec5a761ac2ea74cda.yaml
index fd8dede790..90cb0568fc 100644
--- a/nuclei-templates/2023/CVE-2023-3245-6ffb854c265938eec5a761ac2ea74cda.yaml
+++ b/nuclei-templates/2023/CVE-2023-3245-6ffb854c265938eec5a761ac2ea74cda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Floating Chat Widget - Chaty <= 3.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Floating Chat Widget - Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chaty/"
     google-query: inurl:"/wp-content/plugins/chaty/"
     shodan-query: 'vuln:CVE-2023-3245'
-  tags: cve,wordpress,wp-plugin,chaty,medium
+  tags: cve,wordpress,wp-plugin,chaty,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3248-54afcc25e30c13f6fd81531108a460de.yaml b/nuclei-templates/2023/CVE-2023-3248-54afcc25e30c13f6fd81531108a460de.yaml
index 3f2cbf2407..1c5af7bdd6 100644
--- a/nuclei-templates/2023/CVE-2023-3248-54afcc25e30c13f6fd81531108a460de.yaml
+++ b/nuclei-templates/2023/CVE-2023-3248-54afcc25e30c13f6fd81531108a460de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-one Floating Contact Form <= 2.1.1 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All-in-one Floating Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mystickyelements/"
     google-query: inurl:"/wp-content/plugins/mystickyelements/"
     shodan-query: 'vuln:CVE-2023-3248'
-  tags: cve,wordpress,wp-plugin,mystickyelements,medium
+  tags: cve,wordpress,wp-plugin,mystickyelements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32496-cfab52d3443d4e82a03b0d2f0889ab4f.yaml b/nuclei-templates/2023/CVE-2023-32496-cfab52d3443d4e82a03b0d2f0889ab4f.yaml
index 288eb04c8d..71b650f970 100644
--- a/nuclei-templates/2023/CVE-2023-32496-cfab52d3443d4e82a03b0d2f0889ab4f.yaml
+++ b/nuclei-templates/2023/CVE-2023-32496-cfab52d3443d4e82a03b0d2f0889ab4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     StopBadBots <= 7.31 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The StopBadBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 7.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stopbadbots/"
     google-query: inurl:"/wp-content/plugins/stopbadbots/"
     shodan-query: 'vuln:CVE-2023-32496'
-  tags: cve,wordpress,wp-plugin,stopbadbots,medium
+  tags: cve,wordpress,wp-plugin,stopbadbots,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32498-2e8ccf164adc8951aa826c00f9317ffc.yaml b/nuclei-templates/2023/CVE-2023-32498-2e8ccf164adc8951aa826c00f9317ffc.yaml
index 865f218119..03e7bfa962 100644
--- a/nuclei-templates/2023/CVE-2023-32498-2e8ccf164adc8951aa826c00f9317ffc.yaml
+++ b/nuclei-templates/2023/CVE-2023-32498-2e8ccf164adc8951aa826c00f9317ffc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Form by AYS <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Form by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-form/"
     google-query: inurl:"/wp-content/plugins/easy-form/"
     shodan-query: 'vuln:CVE-2023-32498'
-  tags: cve,wordpress,wp-plugin,easy-form,medium
+  tags: cve,wordpress,wp-plugin,easy-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32505-6046df75d04ba248b7035ff17b16ffc4.yaml b/nuclei-templates/2023/CVE-2023-32505-6046df75d04ba248b7035ff17b16ffc4.yaml
index de517e929a..8ae09722e1 100644
--- a/nuclei-templates/2023/CVE-2023-32505-6046df75d04ba248b7035ff17b16ffc4.yaml
+++ b/nuclei-templates/2023/CVE-2023-32505-6046df75d04ba248b7035ff17b16ffc4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Hide Login <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Hide Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-hide-login/"
     google-query: inurl:"/wp-content/plugins/easy-hide-login/"
     shodan-query: 'vuln:CVE-2023-32505'
-  tags: cve,wordpress,wp-plugin,easy-hide-login,medium
+  tags: cve,wordpress,wp-plugin,easy-hide-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32506-efbea6db4c4deaef4b1a0846e33065cf.yaml b/nuclei-templates/2023/CVE-2023-32506-efbea6db4c4deaef4b1a0846e33065cf.yaml
index 4df52c43c3..352e8432fd 100644
--- a/nuclei-templates/2023/CVE-2023-32506-efbea6db4c4deaef4b1a0846e33065cf.yaml
+++ b/nuclei-templates/2023/CVE-2023-32506-efbea6db4c4deaef4b1a0846e33065cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link Whisper Free <= 0.6.3 - Missing Authorization via init()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Link Whisper Free plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init() function called via admin_init in versions up to, and including, 0.6.3. This makes it possible for unauthenticated attackers to export post data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-whisper/"
     google-query: inurl:"/wp-content/plugins/link-whisper/"
     shodan-query: 'vuln:CVE-2023-32506'
-  tags: cve,wordpress,wp-plugin,link-whisper,medium
+  tags: cve,wordpress,wp-plugin,link-whisper,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32507-05692bb82558cd77ced2449a9947331d.yaml b/nuclei-templates/2023/CVE-2023-32507-05692bb82558cd77ced2449a9947331d.yaml
index 7def7362d9..fed33138cd 100644
--- a/nuclei-templates/2023/CVE-2023-32507-05692bb82558cd77ced2449a9947331d.yaml
+++ b/nuclei-templates/2023/CVE-2023-32507-05692bb82558cd77ced2449a9947331d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woo Custom Emails <= 2.2 - Missing Authorization to Unauthenticated Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Woo Custom Emails plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcemails_email_actions_details() function called via admin_init in versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to update email options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-custom-emails/"
     google-query: inurl:"/wp-content/plugins/woo-custom-emails/"
     shodan-query: 'vuln:CVE-2023-32507'
-  tags: cve,wordpress,wp-plugin,woo-custom-emails,medium
+  tags: cve,wordpress,wp-plugin,woo-custom-emails,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32508-6221ac90696b9d40486e73f6a756b92e.yaml b/nuclei-templates/2023/CVE-2023-32508-6221ac90696b9d40486e73f6a756b92e.yaml
index d70aa27dd0..be18a9b415 100644
--- a/nuclei-templates/2023/CVE-2023-32508-6221ac90696b9d40486e73f6a756b92e.yaml
+++ b/nuclei-templates/2023/CVE-2023-32508-6221ac90696b9d40486e73f6a756b92e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order Your Posts Manually <= 2.2.5 - Authenticated (Administrator+) SQL Injection via 'sortdata'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Order Your Posts Manually plugin for WordPress is vulnerable to SQL Injection via the 'sortdata' parameter in versions up to, and including, 2.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/order-your-posts-manually/"
     google-query: inurl:"/wp-content/plugins/order-your-posts-manually/"
     shodan-query: 'vuln:CVE-2023-32508'
-  tags: cve,wordpress,wp-plugin,order-your-posts-manually,high
+  tags: cve,wordpress,wp-plugin,order-your-posts-manually,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32511-946e2c8cf66089d544e720fc4e253df1.yaml b/nuclei-templates/2023/CVE-2023-32511-946e2c8cf66089d544e720fc4e253df1.yaml
index 5c47c15626..44649bfb1a 100644
--- a/nuclei-templates/2023/CVE-2023-32511-946e2c8cf66089d544e720fc4e253df1.yaml
+++ b/nuclei-templates/2023/CVE-2023-32511-946e2c8cf66089d544e720fc4e253df1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Ultra Pro <= 1.1.8 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booking Ultra Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, granted they can trick a site owner into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-ultra-pro/"
     google-query: inurl:"/wp-content/plugins/booking-ultra-pro/"
     shodan-query: 'vuln:CVE-2023-32511'
-  tags: cve,wordpress,wp-plugin,booking-ultra-pro,high
+  tags: cve,wordpress,wp-plugin,booking-ultra-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32513-c2ccbf305342f3ecbc58cb5dfedcc25d.yaml b/nuclei-templates/2023/CVE-2023-32513-c2ccbf305342f3ecbc58cb5dfedcc25d.yaml
index a29f138b97..d680428592 100644
--- a/nuclei-templates/2023/CVE-2023-32513-c2ccbf305342f3ecbc58cb5dfedcc25d.yaml
+++ b/nuclei-templates/2023/CVE-2023-32513-c2ccbf305342f3ecbc58cb5dfedcc25d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.25.3 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.25.3 via deserialization of untrusted input via the $output['main_key'] value. This allows authenticated attackers, with administrative privileges, to inject a PHP Object that will deserialize upon a data export. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2023-32513'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32515-5914d2a62c6e9fda2e52358bd6a051ee.yaml b/nuclei-templates/2023/CVE-2023-32515-5914d2a62c6e9fda2e52358bd6a051ee.yaml
index 1c2c8dd7db..d9c97260f5 100644
--- a/nuclei-templates/2023/CVE-2023-32515-5914d2a62c6e9fda2e52358bd6a051ee.yaml
+++ b/nuclei-templates/2023/CVE-2023-32515-5914d2a62c6e9fda2e52358bd6a051ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Field Suite <= 2.6.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via field values in versions up to, and including, 2.6.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-field-suite/"
     google-query: inurl:"/wp-content/plugins/custom-field-suite/"
     shodan-query: 'vuln:CVE-2023-32515'
-  tags: cve,wordpress,wp-plugin,custom-field-suite,medium
+  tags: cve,wordpress,wp-plugin,custom-field-suite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32519-313015abf6a4029981fb303ae0c8c403.yaml b/nuclei-templates/2023/CVE-2023-32519-313015abf6a4029981fb303ae0c8c403.yaml
index 749ab21146..8ef5319f84 100644
--- a/nuclei-templates/2023/CVE-2023-32519-313015abf6a4029981fb303ae0c8c403.yaml
+++ b/nuclei-templates/2023/CVE-2023-32519-313015abf6a4029981fb303ae0c8c403.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WCP Contact Form <= 3.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WCP Contact Form plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on a few functions like 'customActions' in versions up to, and including, 3.1.0. This makes it possible for authenticated attackers, with contributor-level access and above, to access contact form submissions and submitted data along with modifying the state of those submissions (read/unread).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wcp-contact-form/"
     google-query: inurl:"/wp-content/plugins/wcp-contact-form/"
     shodan-query: 'vuln:CVE-2023-32519'
-  tags: cve,wordpress,wp-plugin,wcp-contact-form,medium
+  tags: cve,wordpress,wp-plugin,wcp-contact-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32520-d5eec60f27d6879accd492bf02988af0.yaml b/nuclei-templates/2023/CVE-2023-32520-d5eec60f27d6879accd492bf02988af0.yaml
index 9120a5e1df..9adb9bfdac 100644
--- a/nuclei-templates/2023/CVE-2023-32520-d5eec60f27d6879accd492bf02988af0.yaml
+++ b/nuclei-templates/2023/CVE-2023-32520-d5eec60f27d6879accd492bf02988af0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WCP Contact Form <= 3.1.0 - Missing Authorization via downloadCsv
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WCP Contact Form plugin for WordPress is vulnerable to unauthorized disclosure of data due to a missing capability check on the downloadCsv() function hooked via plugins_loaded in versions up to, and including, 3.1.0. This makes it possible for unauthenticated attackers to export submitted form data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wcp-contact-form/"
     google-query: inurl:"/wp-content/plugins/wcp-contact-form/"
     shodan-query: 'vuln:CVE-2023-32520'
-  tags: cve,wordpress,wp-plugin,wcp-contact-form,medium
+  tags: cve,wordpress,wp-plugin,wcp-contact-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32574-f1d5eaff1a5d538327565db0438aa59a.yaml b/nuclei-templates/2023/CVE-2023-32574-f1d5eaff1a5d538327565db0438aa59a.yaml
index f718e292bc..1d11892775 100644
--- a/nuclei-templates/2023/CVE-2023-32574-f1d5eaff1a5d538327565db0438aa59a.yaml
+++ b/nuclei-templates/2023/CVE-2023-32574-f1d5eaff1a5d538327565db0438aa59a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Injection Guard <= 1.2.1 - Missing Authorization via ig_update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Injection Guard plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ig_update and ig_update_bulk_backlist functions in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers , with subscriber-level access and above, to make changes to IP block- and allowlists.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/injection-guard/"
     google-query: inurl:"/wp-content/plugins/injection-guard/"
     shodan-query: 'vuln:CVE-2023-32574'
-  tags: cve,wordpress,wp-plugin,injection-guard,medium
+  tags: cve,wordpress,wp-plugin,injection-guard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32575-eb2fd42fe2d2e213e39c0b11404601e5.yaml b/nuclei-templates/2023/CVE-2023-32575-eb2fd42fe2d2e213e39c0b11404601e5.yaml
index fbf58c064e..704c579e10 100644
--- a/nuclei-templates/2023/CVE-2023-32575-eb2fd42fe2d2e213e39c0b11404601e5.yaml
+++ b/nuclei-templates/2023/CVE-2023-32575-eb2fd42fe2d2e213e39c0b11404601e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product page shipping calculator for WooCommerce <= 1.3.25 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product page shipping calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-page-shipping-calculator-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/product-page-shipping-calculator-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-32575'
-  tags: cve,wordpress,wp-plugin,product-page-shipping-calculator-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,product-page-shipping-calculator-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32576-f129897036a69e5c156d976b88efd3ed.yaml b/nuclei-templates/2023/CVE-2023-32576-f129897036a69e5c156d976b88efd3ed.yaml
index 7b915caf95..67c791f44c 100644
--- a/nuclei-templates/2023/CVE-2023-32576-f129897036a69e5c156d976b88efd3ed.yaml
+++ b/nuclei-templates/2023/CVE-2023-32576-f129897036a69e5c156d976b88efd3ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Locatoraid Store Locator <= 3.9.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.9.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/locatoraid/"
     google-query: inurl:"/wp-content/plugins/locatoraid/"
     shodan-query: 'vuln:CVE-2023-32576'
-  tags: cve,wordpress,wp-plugin,locatoraid,medium
+  tags: cve,wordpress,wp-plugin,locatoraid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32577-539276d00e4422db414565e796e54c45.yaml b/nuclei-templates/2023/CVE-2023-32577-539276d00e4422db414565e796e54c45.yaml
index 162bddb175..328888c8a4 100644
--- a/nuclei-templates/2023/CVE-2023-32577-539276d00e4422db414565e796e54c45.yaml
+++ b/nuclei-templates/2023/CVE-2023-32577-539276d00e4422db414565e796e54c45.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DevBuddy Twitter Feed <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DevBuddy Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/devbuddy-twitter-feed/"
     google-query: inurl:"/wp-content/plugins/devbuddy-twitter-feed/"
     shodan-query: 'vuln:CVE-2023-32577'
-  tags: cve,wordpress,wp-plugin,devbuddy-twitter-feed,medium
+  tags: cve,wordpress,wp-plugin,devbuddy-twitter-feed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32578-468f187fbaef8b522a9247e1a677ec05.yaml b/nuclei-templates/2023/CVE-2023-32578-468f187fbaef8b522a9247e1a677ec05.yaml
index 22a7c50c4a..c45295b921 100644
--- a/nuclei-templates/2023/CVE-2023-32578-468f187fbaef8b522a9247e1a677ec05.yaml
+++ b/nuclei-templates/2023/CVE-2023-32578-468f187fbaef8b522a9247e1a677ec05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Column-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/column-matic/"
     google-query: inurl:"/wp-content/plugins/column-matic/"
     shodan-query: 'vuln:CVE-2023-32578'
-  tags: cve,wordpress,wp-plugin,column-matic,medium
+  tags: cve,wordpress,wp-plugin,column-matic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32579-53da943f73d7c6e6cd21ccb312450cb4.yaml b/nuclei-templates/2023/CVE-2023-32579-53da943f73d7c6e6cd21ccb312450cb4.yaml
index e52de0d79e..4b1b9bf5f6 100644
--- a/nuclei-templates/2023/CVE-2023-32579-53da943f73d7c6e6cd21ccb312450cb4.yaml
+++ b/nuclei-templates/2023/CVE-2023-32579-53da943f73d7c6e6cd21ccb312450cb4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Forget About Shortcode Buttons plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the fasc_buttons function in versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access or higher, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forget-about-shortcode-buttons/"
     google-query: inurl:"/wp-content/plugins/forget-about-shortcode-buttons/"
     shodan-query: 'vuln:CVE-2023-32579'
-  tags: cve,wordpress,wp-plugin,forget-about-shortcode-buttons,medium
+  tags: cve,wordpress,wp-plugin,forget-about-shortcode-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32580-f70dd0265071b25825ed4ac0daac6966.yaml b/nuclei-templates/2023/CVE-2023-32580-f70dd0265071b25825ed4ac0daac6966.yaml
index 096cd92684..7cbb69732d 100644
--- a/nuclei-templates/2023/CVE-2023-32580-f70dd0265071b25825ed4ac0daac6966.yaml
+++ b/nuclei-templates/2023/CVE-2023-32580-f70dd0265071b25825ed4ac0daac6966.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Password Protected <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Password Protected plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/password-protected/"
     google-query: inurl:"/wp-content/plugins/password-protected/"
     shodan-query: 'vuln:CVE-2023-32580'
-  tags: cve,wordpress,wp-plugin,password-protected,medium
+  tags: cve,wordpress,wp-plugin,password-protected,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32581-3243534248880dc4d13208e428d3bdd1.yaml b/nuclei-templates/2023/CVE-2023-32581-3243534248880dc4d13208e428d3bdd1.yaml
index 663b205d36..5a2c135926 100644
--- a/nuclei-templates/2023/CVE-2023-32581-3243534248880dc4d13208e428d3bdd1.yaml
+++ b/nuclei-templates/2023/CVE-2023-32581-3243534248880dc4d13208e428d3bdd1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Chatbot for Messenger <= 4.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-Chatbot for Messenger plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions like csv(), cancel_subscribe(), create_subscribe(), notice_lead_off(), banner_off() and many more called via AJAX actions in versions up to, and including, 4.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's settings, manipulate subscription settings, and export submitted form data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-chatbot/"
     google-query: inurl:"/wp-content/plugins/wp-chatbot/"
     shodan-query: 'vuln:CVE-2023-32581'
-  tags: cve,wordpress,wp-plugin,wp-chatbot,medium
+  tags: cve,wordpress,wp-plugin,wp-chatbot,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32582-147a2c380c511ff89f6007b5ad85a430.yaml b/nuclei-templates/2023/CVE-2023-32582-147a2c380c511ff89f6007b5ad85a430.yaml
index 9703b61fcf..f960082f49 100644
--- a/nuclei-templates/2023/CVE-2023-32582-147a2c380c511ff89f6007b5ad85a430.yaml
+++ b/nuclei-templates/2023/CVE-2023-32582-147a2c380c511ff89f6007b5ad85a430.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Don8 <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Don8 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/don8/"
     google-query: inurl:"/wp-content/plugins/don8/"
     shodan-query: 'vuln:CVE-2023-32582'
-  tags: cve,wordpress,wp-plugin,don8,medium
+  tags: cve,wordpress,wp-plugin,don8,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32584-994e6758795c8c6e11e9f43c7bd4ac1c.yaml b/nuclei-templates/2023/CVE-2023-32584-994e6758795c8c6e11e9f43c7bd4ac1c.yaml
index 6694540915..8ea0f57425 100644
--- a/nuclei-templates/2023/CVE-2023-32584-994e6758795c8c6e11e9f43c7bd4ac1c.yaml
+++ b/nuclei-templates/2023/CVE-2023-32584-994e6758795c8c6e11e9f43c7bd4ac1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eBecas <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The eBecas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ebecas/"
     google-query: inurl:"/wp-content/plugins/ebecas/"
     shodan-query: 'vuln:CVE-2023-32584'
-  tags: cve,wordpress,wp-plugin,ebecas,medium
+  tags: cve,wordpress,wp-plugin,ebecas,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32585-eea2926eb15d95f90b3df3b2873dbe1c.yaml b/nuclei-templates/2023/CVE-2023-32585-eea2926eb15d95f90b3df3b2873dbe1c.yaml
index c95fdc9fca..bc71c73762 100644
--- a/nuclei-templates/2023/CVE-2023-32585-eea2926eb15d95f90b3df3b2873dbe1c.yaml
+++ b/nuclei-templates/2023/CVE-2023-32585-eea2926eb15d95f90b3df3b2873dbe1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Portfolio Gallery – Responsive Image Gallery <= 1.4.5 - Missing Authorization to Arbitrary Gallery Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Portfolio Gallery – Responsive Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the TotalSoftPortfolio_Del_Callback() function called via an AJAX action in versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to delete arbitrary galleries. Please note there are many additional AJAX actions that are also vulnerable and can be used to perform other actions like cloning galleries and editing limited details for them.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-portfolio/"
     google-query: inurl:"/wp-content/plugins/gallery-portfolio/"
     shodan-query: 'vuln:CVE-2023-32585'
-  tags: cve,wordpress,wp-plugin,gallery-portfolio,medium
+  tags: cve,wordpress,wp-plugin,gallery-portfolio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32586-97e81ce09ae72195c5b04d7f6a992589.yaml b/nuclei-templates/2023/CVE-2023-32586-97e81ce09ae72195c5b04d7f6a992589.yaml
index 6978de4df7..f7e9bce733 100644
--- a/nuclei-templates/2023/CVE-2023-32586-97e81ce09ae72195c5b04d7f6a992589.yaml
+++ b/nuclei-templates/2023/CVE-2023-32586-97e81ce09ae72195c5b04d7f6a992589.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Soundcloud Is Gold <= 2.5.1 - Missing Authorization to Soundcloud User Add
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Soundcloud Is Gold plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soundcloud_is_gold_add_user() function called via an AJAX action in versions up to, and including, 2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to add additional Soundcloud usernames.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/soundcloud-is-gold/"
     google-query: inurl:"/wp-content/plugins/soundcloud-is-gold/"
     shodan-query: 'vuln:CVE-2023-32586'
-  tags: cve,wordpress,wp-plugin,soundcloud-is-gold,medium
+  tags: cve,wordpress,wp-plugin,soundcloud-is-gold,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32591-416f60ea7c83625605d6748aec7fe39d.yaml b/nuclei-templates/2023/CVE-2023-32591-416f60ea7c83625605d6748aec7fe39d.yaml
index 1e35a06e40..bc707516d7 100644
--- a/nuclei-templates/2023/CVE-2023-32591-416f60ea7c83625605d6748aec7fe39d.yaml
+++ b/nuclei-templates/2023/CVE-2023-32591-416f60ea7c83625605d6748aec7fe39d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DBargain <= 3.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DBargain plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings parameter in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/d-bargain/"
     google-query: inurl:"/wp-content/plugins/d-bargain/"
     shodan-query: 'vuln:CVE-2023-32591'
-  tags: cve,wordpress,wp-plugin,d-bargain,medium
+  tags: cve,wordpress,wp-plugin,d-bargain,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32595-6c441629c885cb1da3fc16e4bca4f23b.yaml b/nuclei-templates/2023/CVE-2023-32595-6c441629c885cb1da3fc16e4bca4f23b.yaml
index 23480131e4..22d1e4b616 100644
--- a/nuclei-templates/2023/CVE-2023-32595-6c441629c885cb1da3fc16e4bca4f23b.yaml
+++ b/nuclei-templates/2023/CVE-2023-32595-6c441629c885cb1da3fc16e4bca4f23b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sunny Search <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sunny Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fast-search-powered-by-solr/"
     google-query: inurl:"/wp-content/plugins/fast-search-powered-by-solr/"
     shodan-query: 'vuln:CVE-2023-32595'
-  tags: cve,wordpress,wp-plugin,fast-search-powered-by-solr,medium
+  tags: cve,wordpress,wp-plugin,fast-search-powered-by-solr,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32596-910100abea99ef6c374051083d0fe4ff.yaml b/nuclei-templates/2023/CVE-2023-32596-910100abea99ef6c374051083d0fe4ff.yaml
index 1f775c8b6f..452281c633 100644
--- a/nuclei-templates/2023/CVE-2023-32596-910100abea99ef6c374051083d0fe4ff.yaml
+++ b/nuclei-templates/2023/CVE-2023-32596-910100abea99ef6c374051083d0fe4ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     weebotLite <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The weebotLite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weebotlite/"
     google-query: inurl:"/wp-content/plugins/weebotlite/"
     shodan-query: 'vuln:CVE-2023-32596'
-  tags: cve,wordpress,wp-plugin,weebotlite,medium
+  tags: cve,wordpress,wp-plugin,weebotlite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32599-13830cbd72a32fb533758edb07ec60b9.yaml b/nuclei-templates/2023/CVE-2023-32599-13830cbd72a32fb533758edb07ec60b9.yaml
index 257a03db85..422bcaabd3 100644
--- a/nuclei-templates/2023/CVE-2023-32599-13830cbd72a32fb533758edb07ec60b9.yaml
+++ b/nuclei-templates/2023/CVE-2023-32599-13830cbd72a32fb533758edb07ec60b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     reCAPTCHA for all <= 1.22 - Missing Authorization via recaptcha_for_all_image_select
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The reCAPTCHA for all plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the recaptcha_for_all_image_select function in versions up to, and including, 1.22. This makes it possible for authenticated attackers , with subscriber-level access and above, to change plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recaptcha-for-all/"
     google-query: inurl:"/wp-content/plugins/recaptcha-for-all/"
     shodan-query: 'vuln:CVE-2023-32599'
-  tags: cve,wordpress,wp-plugin,recaptcha-for-all,medium
+  tags: cve,wordpress,wp-plugin,recaptcha-for-all,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32600-50ad7e6a87a7ec0f76525597202c2f2f.yaml b/nuclei-templates/2023/CVE-2023-32600-50ad7e6a87a7ec0f76525597202c2f2f.yaml
index a8ab2b3663..31d6fd4b94 100644
--- a/nuclei-templates/2023/CVE-2023-32600-50ad7e6a87a7ec0f76525597202c2f2f.yaml
+++ b/nuclei-templates/2023/CVE-2023-32600-50ad7e6a87a7ec0f76525597202c2f2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rank Math SEO <= 1.0.119 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rank Math SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.0.119 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-by-rank-math/"
     google-query: inurl:"/wp-content/plugins/seo-by-rank-math/"
     shodan-query: 'vuln:CVE-2023-32600'
-  tags: cve,wordpress,wp-plugin,seo-by-rank-math,medium
+  tags: cve,wordpress,wp-plugin,seo-by-rank-math,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32601-437e935b70b10e1a496119f3d8fbac5b.yaml b/nuclei-templates/2023/CVE-2023-32601-437e935b70b10e1a496119f3d8fbac5b.yaml
index ae899e67a8..60947260fe 100644
--- a/nuclei-templates/2023/CVE-2023-32601-437e935b70b10e1a496119f3d8fbac5b.yaml
+++ b/nuclei-templates/2023/CVE-2023-32601-437e935b70b10e1a496119f3d8fbac5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Ultra Pro <= 1.1.6 - Missing Authorization via save_fields_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booking Ultra Pro plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the save_fields_settings function in versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-ultra-pro/"
     google-query: inurl:"/wp-content/plugins/booking-ultra-pro/"
     shodan-query: 'vuln:CVE-2023-32601'
-  tags: cve,wordpress,wp-plugin,booking-ultra-pro,medium
+  tags: cve,wordpress,wp-plugin,booking-ultra-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32624-20e7688da466978fa975c03a8c97cece.yaml b/nuclei-templates/2023/CVE-2023-32624-20e7688da466978fa975c03a8c97cece.yaml
index 8d4ae106a2..77380eab38 100644
--- a/nuclei-templates/2023/CVE-2023-32624-20e7688da466978fa975c03a8c97cece.yaml
+++ b/nuclei-templates/2023/CVE-2023-32624-20e7688da466978fa975c03a8c97cece.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TS Webfonts for SAKURA  <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TS Webfonts for SAKURA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ts-webfonts-for-sakura/"
     google-query: inurl:"/wp-content/plugins/ts-webfonts-for-sakura/"
     shodan-query: 'vuln:CVE-2023-32624'
-  tags: cve,wordpress,wp-plugin,ts-webfonts-for-sakura,medium
+  tags: cve,wordpress,wp-plugin,ts-webfonts-for-sakura,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32738-bce2c57392aa12eefee039fe25226280.yaml b/nuclei-templates/2023/CVE-2023-32738-bce2c57392aa12eefee039fe25226280.yaml
index b412a9fc23..1ff12f08d1 100644
--- a/nuclei-templates/2023/CVE-2023-32738-bce2c57392aa12eefee039fe25226280.yaml
+++ b/nuclei-templates/2023/CVE-2023-32738-bce2c57392aa12eefee039fe25226280.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Eonet Manual User Approve <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Eonet Manual User Approve plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eonet-manual-user-approve/"
     google-query: inurl:"/wp-content/plugins/eonet-manual-user-approve/"
     shodan-query: 'vuln:CVE-2023-32738'
-  tags: cve,wordpress,wp-plugin,eonet-manual-user-approve,medium
+  tags: cve,wordpress,wp-plugin,eonet-manual-user-approve,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32741-2cc77b5ea4b45b7ee724687c14467261.yaml b/nuclei-templates/2023/CVE-2023-32741-2cc77b5ea4b45b7ee724687c14467261.yaml
index 21b22ec56e..a502e2dc24 100644
--- a/nuclei-templates/2023/CVE-2023-32741-2cc77b5ea4b45b7ee724687c14467261.yaml
+++ b/nuclei-templates/2023/CVE-2023-32741-2cc77b5ea4b45b7ee724687c14467261.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form to Any API <= 1.1.2 - Authenticated (Administrator+) SQL Injection via 'form_id'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contact Form to Any API plugin for WordPress is vulnerable to  SQL Injection the 'form_id' parameter in versions up to, and including, 1.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-any-api/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-any-api/"
     shodan-query: 'vuln:CVE-2023-32741'
-  tags: cve,wordpress,wp-plugin,contact-form-to-any-api,high
+  tags: cve,wordpress,wp-plugin,contact-form-to-any-api,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32743-62fe87d4141e78303e17a76d693266f0.yaml b/nuclei-templates/2023/CVE-2023-32743-62fe87d4141e78303e17a76d693266f0.yaml
index ab2fdd3756..b317921eee 100644
--- a/nuclei-templates/2023/CVE-2023-32743-62fe87d4141e78303e17a76d693266f0.yaml
+++ b/nuclei-templates/2023/CVE-2023-32743-62fe87d4141e78303e17a76d693266f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AutomateWoo <= 5.7.1 - Authenticated (Shop manager+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AutomateWoo plugin for WordPress is vulnerable to SQL Injection via bulk actions in versions up to, and including, 5.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/automatewoo/"
     google-query: inurl:"/wp-content/plugins/automatewoo/"
     shodan-query: 'vuln:CVE-2023-32743'
-  tags: cve,wordpress,wp-plugin,automatewoo,medium
+  tags: cve,wordpress,wp-plugin,automatewoo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32746-36407f459596fb4be9dff24b707a16b5.yaml b/nuclei-templates/2023/CVE-2023-32746-36407f459596fb4be9dff24b707a16b5.yaml
index 50d556dd76..5ae758c02c 100644
--- a/nuclei-templates/2023/CVE-2023-32746-36407f459596fb4be9dff24b707a16b5.yaml
+++ b/nuclei-templates/2023/CVE-2023-32746-36407f459596fb4be9dff24b707a16b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Brands <= 1.6.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Brands plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '[product_brand]' shortcode in versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-brands/"
     google-query: inurl:"/wp-content/plugins/woocommerce-brands/"
     shodan-query: 'vuln:CVE-2023-32746'
-  tags: cve,wordpress,wp-plugin,woocommerce-brands,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-brands,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3279-7f9e6cd367e17f5d58e3f74e4dd23702.yaml b/nuclei-templates/2023/CVE-2023-3279-7f9e6cd367e17f5d58e3f74e4dd23702.yaml
index 635824ae4c..79a8b3261c 100644
--- a/nuclei-templates/2023/CVE-2023-3279-7f9e6cd367e17f5d58e3f74e4dd23702.yaml
+++ b/nuclei-templates/2023/CVE-2023-3279-7f9e6cd367e17f5d58e3f74e4dd23702.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Gallery Plugin – NextGEN Gallery <= 3.38 - Authenticated (Admin+) Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.38 via the 'Select View' field in the plugin's developer tools. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2023-3279'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32793-7d14368de367a2adadf4a2871484c186.yaml b/nuclei-templates/2023/CVE-2023-32793-7d14368de367a2adadf4a2871484c186.yaml
index 7ac9adb34e..4ec7498db6 100644
--- a/nuclei-templates/2023/CVE-2023-32793-7d14368de367a2adadf4a2871484c186.yaml
+++ b/nuclei-templates/2023/CVE-2023-32793-7d14368de367a2adadf4a2871484c186.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Pre-Orders <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Pre-Orders plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-pre-orders/"
     google-query: inurl:"/wp-content/plugins/woocommerce-pre-orders/"
     shodan-query: 'vuln:CVE-2023-32793'
-  tags: cve,wordpress,wp-plugin,woocommerce-pre-orders,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-pre-orders,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32795-0250c115051a0a19911ae4becfbbb8c8.yaml b/nuclei-templates/2023/CVE-2023-32795-0250c115051a0a19911ae4becfbbb8c8.yaml
index 5f868c0d7c..86ef6a4d65 100644
--- a/nuclei-templates/2023/CVE-2023-32795-0250c115051a0a19911ae4becfbbb8c8.yaml
+++ b/nuclei-templates/2023/CVE-2023-32795-0250c115051a0a19911ae4becfbbb8c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Product Add-ons <= 6.1.3 - Authenticated (Shop Manager+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce Product Add-ons plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.1.3 via deserialization of untrusted input. This allows authenticated attackers, with shop manager permissions and above, to inject a PHP Object. It is unknown if a POP chain is also present in the plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-addons/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-addons/"
     shodan-query: 'vuln:CVE-2023-32795'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-addons,high
+  tags: cve,wordpress,wp-plugin,woocommerce-product-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32796-971d7261bd1edf88014f77f83ee8b436.yaml b/nuclei-templates/2023/CVE-2023-32796-971d7261bd1edf88014f77f83ee8b436.yaml
index d639395435..dfff7ffbc1 100644
--- a/nuclei-templates/2023/CVE-2023-32796-971d7261bd1edf88014f77f83ee8b436.yaml
+++ b/nuclei-templates/2023/CVE-2023-32796-971d7261bd1edf88014f77f83ee8b436.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Product Enquiry <= 2.3.4 - Unauthenticated Self-Based Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Product Enquiry plugin for WordPress is vulnerable to Self-Cross-Site Scripting via the enquiry form fields in versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the page an enquiry form is on, though it would require successful social engineering to get the user to input the malicious payload into form fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-enquiry/"
     google-query: inurl:"/wp-content/plugins/woo-product-enquiry/"
     shodan-query: 'vuln:CVE-2023-32796'
-  tags: cve,wordpress,wp-plugin,woo-product-enquiry,medium
+  tags: cve,wordpress,wp-plugin,woo-product-enquiry,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32798-4ae509b53172b618cff3a0afd6c091e5.yaml b/nuclei-templates/2023/CVE-2023-32798-4ae509b53172b618cff3a0afd6c091e5.yaml
index 9da7dab312..1cf7b561f3 100644
--- a/nuclei-templates/2023/CVE-2023-32798-4ae509b53172b618cff3a0afd6c091e5.yaml
+++ b/nuclei-templates/2023/CVE-2023-32798-4ae509b53172b618cff3a0afd6c091e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Page Ordering <= 2.5.0 - Missing Authorization to Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Page Ordering plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the rest_page_ordering function in versions up to, and including, 2.5.0. This makes it possible for subscriber-level attackers to obtain structural information maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-page-ordering/"
     google-query: inurl:"/wp-content/plugins/simple-page-ordering/"
     shodan-query: 'vuln:CVE-2023-32798'
-  tags: cve,wordpress,wp-plugin,simple-page-ordering,medium
+  tags: cve,wordpress,wp-plugin,simple-page-ordering,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3295-0115c4f456db0247c3530a55e2dfe13e.yaml b/nuclei-templates/2023/CVE-2023-3295-0115c4f456db0247c3530a55e2dfe13e.yaml
index 937de38424..d5390b2d85 100644
--- a/nuclei-templates/2023/CVE-2023-3295-0115c4f456db0247c3530a55e2dfe13e.yaml
+++ b/nuclei-templates/2023/CVE-2023-3295-0115c4f456db0247c3530a55e2dfe13e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The issue was partially patched in version 1.5.66 and fully patched in 1.5.67. CVE-2023-31231 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/"
     google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/"
     shodan-query: 'vuln:CVE-2023-3295'
-  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,high
+  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32957-a68d2dddb296088b38bf42abce9933d3.yaml b/nuclei-templates/2023/CVE-2023-32957-a68d2dddb296088b38bf42abce9933d3.yaml
index 79bbb3973c..2b73e63b56 100644
--- a/nuclei-templates/2023/CVE-2023-32957-a68d2dddb296088b38bf42abce9933d3.yaml
+++ b/nuclei-templates/2023/CVE-2023-32957-a68d2dddb296088b38bf42abce9933d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Team Members Showcase <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Team Members Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dazzlersoft-teams/"
     google-query: inurl:"/wp-content/plugins/dazzlersoft-teams/"
     shodan-query: 'vuln:CVE-2023-32957'
-  tags: cve,wordpress,wp-plugin,dazzlersoft-teams,medium
+  tags: cve,wordpress,wp-plugin,dazzlersoft-teams,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32958-f083409bbde8131959cd560116eb8b78.yaml b/nuclei-templates/2023/CVE-2023-32958-f083409bbde8131959cd560116eb8b78.yaml
index 95651342bb..6e77b3f8f1 100644
--- a/nuclei-templates/2023/CVE-2023-32958-f083409bbde8131959cd560116eb8b78.yaml
+++ b/nuclei-templates/2023/CVE-2023-32958-f083409bbde8131959cd560116eb8b78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Novelist <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Book Information Fields
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Novelist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via certain book information fields in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/novelist/"
     google-query: inurl:"/wp-content/plugins/novelist/"
     shodan-query: 'vuln:CVE-2023-32958'
-  tags: cve,wordpress,wp-plugin,novelist,medium
+  tags: cve,wordpress,wp-plugin,novelist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32959-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/2023/CVE-2023-32959-4afe438c3219ba223c08f05567ce5890.yaml
index bf3711faf0..c631cdced4 100644
--- a/nuclei-templates/2023/CVE-2023-32959-4afe438c3219ba223c08f05567ce5890.yaml
+++ b/nuclei-templates/2023/CVE-2023-32959-4afe438c3219ba223c08f05567ce5890.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Several themes for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the activate_plugin() function called via an AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2023-32959
   metadata:
-    fofa-query: "wp-content/themes/kathmag/"
-    google-query: inurl:"/wp-content/themes/kathmag/"
+    fofa-query: "wp-content/themes/sparklestore/"
+    google-query: inurl:"/wp-content/themes/sparklestore/"
     shodan-query: 'vuln:CVE-2023-32959'
-  tags: cve,wordpress,wp-theme,kathmag,medium
+  tags: cve,wordpress,wp-theme,sparklestore,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/kathmag/style.css"
+      - "{{BaseURL}}/wp-content/themes/sparklestore/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "kathmag"
+          - "sparklestore"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.0.6')
\ No newline at end of file
+          - compare_versions(version, '<= 1.6.2')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-32959-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/2023/CVE-2023-32959-57ce58b6230c68936a87b493b14f2285.yaml
index 4eaaa75650..e81410e751 100644
--- a/nuclei-templates/2023/CVE-2023-32959-57ce58b6230c68936a87b493b14f2285.yaml
+++ b/nuclei-templates/2023/CVE-2023-32959-57ce58b6230c68936a87b493b14f2285.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2023-32959
   metadata:
-    fofa-query: "wp-content/themes/kathmag/"
-    google-query: inurl:"/wp-content/themes/kathmag/"
+    fofa-query: "wp-content/themes/sparklestore/"
+    google-query: inurl:"/wp-content/themes/sparklestore/"
     shodan-query: 'vuln:CVE-2023-32959'
-  tags: cve,wordpress,wp-theme,kathmag,medium
+  tags: cve,wordpress,wp-theme,sparklestore,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/kathmag/style.css"
+      - "{{BaseURL}}/wp-content/themes/sparklestore/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "kathmag"
+          - "sparklestore"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.0.6')
\ No newline at end of file
+          - compare_versions(version, '<= 1.5.9')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-32962-636baab4ac31da3f60a0d64060238890.yaml b/nuclei-templates/2023/CVE-2023-32962-636baab4ac31da3f60a0d64060238890.yaml
index ac8b97051e..e33d0caaef 100644
--- a/nuclei-templates/2023/CVE-2023-32962-636baab4ac31da3f60a0d64060238890.yaml
+++ b/nuclei-templates/2023/CVE-2023-32962-636baab4ac31da3f60a0d64060238890.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WishSuite <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wishsuite/"
     google-query: inurl:"/wp-content/plugins/wishsuite/"
     shodan-query: 'vuln:CVE-2023-32962'
-  tags: cve,wordpress,wp-plugin,wishsuite,medium
+  tags: cve,wordpress,wp-plugin,wishsuite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-32963-8943f00b83bb9af4ef7c839b2bef305e.yaml b/nuclei-templates/2023/CVE-2023-32963-8943f00b83bb9af4ef7c839b2bef305e.yaml
index 230b093f7f..8cb3f97502 100644
--- a/nuclei-templates/2023/CVE-2023-32963-8943f00b83bb9af4ef7c839b2bef305e.yaml
+++ b/nuclei-templates/2023/CVE-2023-32963-8943f00b83bb9af4ef7c839b2bef305e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Predictive Search <= 5.8.0 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Predictive Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax sync functions in versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to sync various product search results such as categories and SKUs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-predictive-search/"
     google-query: inurl:"/wp-content/plugins/woocommerce-predictive-search/"
     shodan-query: 'vuln:CVE-2023-32963'
-  tags: cve,wordpress,wp-plugin,woocommerce-predictive-search,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-predictive-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33208-5b40ee65b1caa7d96e4e60846451b515.yaml b/nuclei-templates/2023/CVE-2023-33208-5b40ee65b1caa7d96e4e60846451b515.yaml
index a50cf1fd8b..5a68955a6e 100644
--- a/nuclei-templates/2023/CVE-2023-33208-5b40ee65b1caa7d96e4e60846451b515.yaml
+++ b/nuclei-templates/2023/CVE-2023-33208-5b40ee65b1caa7d96e4e60846451b515.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Monster <= 1.51 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cookie Monster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.51 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookiemonster/"
     google-query: inurl:"/wp-content/plugins/cookiemonster/"
     shodan-query: 'vuln:CVE-2023-33208'
-  tags: cve,wordpress,wp-plugin,cookiemonster,medium
+  tags: cve,wordpress,wp-plugin,cookiemonster,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33209-b91a2480651782f3bb16ba3659354dba.yaml b/nuclei-templates/2023/CVE-2023-33209-b91a2480651782f3bb16ba3659354dba.yaml
index 70be85042a..4137462a7d 100644
--- a/nuclei-templates/2023/CVE-2023-33209-b91a2480651782f3bb16ba3659354dba.yaml
+++ b/nuclei-templates/2023/CVE-2023-33209-b91a2480651782f3bb16ba3659354dba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Change Monitor <= 1.2 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SEO Change Monitor plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the cscm_edit_list_of_urls_tbl function. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-change-monitor/"
     google-query: inurl:"/wp-content/plugins/seo-change-monitor/"
     shodan-query: 'vuln:CVE-2023-33209'
-  tags: cve,wordpress,wp-plugin,seo-change-monitor,high
+  tags: cve,wordpress,wp-plugin,seo-change-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33210-f0470adcfca34e53051811d10184b858.yaml b/nuclei-templates/2023/CVE-2023-33210-f0470adcfca34e53051811d10184b858.yaml
index 6f40d313d0..31293029c8 100644
--- a/nuclei-templates/2023/CVE-2023-33210-f0470adcfca34e53051811d10184b858.yaml
+++ b/nuclei-templates/2023/CVE-2023-33210-f0470adcfca34e53051811d10184b858.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     nuajik CDN <= 0.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The nuajik CDN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nuajik-cdn/"
     google-query: inurl:"/wp-content/plugins/nuajik-cdn/"
     shodan-query: 'vuln:CVE-2023-33210'
-  tags: cve,wordpress,wp-plugin,nuajik-cdn,medium
+  tags: cve,wordpress,wp-plugin,nuajik-cdn,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33211-2cdd87e3f80dc46e464c425f1498ee45.yaml b/nuclei-templates/2023/CVE-2023-33211-2cdd87e3f80dc46e464c425f1498ee45.yaml
index 61ee609ca4..31cf05e87a 100644
--- a/nuclei-templates/2023/CVE-2023-33211-2cdd87e3f80dc46e464c425f1498ee45.yaml
+++ b/nuclei-templates/2023/CVE-2023-33211-2cdd87e3f80dc46e464c425f1498ee45.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Piwik <= 1.0.27 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Display Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Piwik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin display name in versions up to, and including, 1.0.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-piwik/"
     google-query: inurl:"/wp-content/plugins/wp-piwik/"
     shodan-query: 'vuln:CVE-2023-33211'
-  tags: cve,wordpress,wp-plugin,wp-piwik,medium
+  tags: cve,wordpress,wp-plugin,wp-piwik,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33213-0da2272f6fad3d314fe055d518112eb5.yaml b/nuclei-templates/2023/CVE-2023-33213-0da2272f6fad3d314fe055d518112eb5.yaml
index 60c1fefe01..03c1a6196f 100644
--- a/nuclei-templates/2023/CVE-2023-33213-0da2272f6fad3d314fe055d518112eb5.yaml
+++ b/nuclei-templates/2023/CVE-2023-33213-0da2272f6fad3d314fe055d518112eb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpView <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpView plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpview/"
     google-query: inurl:"/wp-content/plugins/wpview/"
     shodan-query: 'vuln:CVE-2023-33213'
-  tags: cve,wordpress,wp-plugin,wpview,medium
+  tags: cve,wordpress,wp-plugin,wpview,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33215-8d570fcab536c9b0d9a14e0fe3f1fda7.yaml b/nuclei-templates/2023/CVE-2023-33215-8d570fcab536c9b0d9a14e0fe3f1fda7.yaml
index 8904e66735..293aec4fc5 100644
--- a/nuclei-templates/2023/CVE-2023-33215-8d570fcab536c9b0d9a14e0fe3f1fda7.yaml
+++ b/nuclei-templates/2023/CVE-2023-33215-8d570fcab536c9b0d9a14e0fe3f1fda7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Taggbox <= 3.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Taggbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/taggbox-widget/"
     google-query: inurl:"/wp-content/plugins/taggbox-widget/"
     shodan-query: 'vuln:CVE-2023-33215'
-  tags: cve,wordpress,wp-plugin,taggbox-widget,medium
+  tags: cve,wordpress,wp-plugin,taggbox-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33216-11d5ca6aae21b29aac64f7355ab7d838.yaml b/nuclei-templates/2023/CVE-2023-33216-11d5ca6aae21b29aac64f7355ab7d838.yaml
index acadbfc267..ed8d634532 100644
--- a/nuclei-templates/2023/CVE-2023-33216-11d5ca6aae21b29aac64f7355ab7d838.yaml
+++ b/nuclei-templates/2023/CVE-2023-33216-11d5ca6aae21b29aac64f7355ab7d838.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooDiscuz – WooCommerce Comments <= 2.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooDiscuz – WooCommerce Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woodiscuz-woocommerce-comments/"
     google-query: inurl:"/wp-content/plugins/woodiscuz-woocommerce-comments/"
     shodan-query: 'vuln:CVE-2023-33216'
-  tags: cve,wordpress,wp-plugin,woodiscuz-woocommerce-comments,medium
+  tags: cve,wordpress,wp-plugin,woodiscuz-woocommerce-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3328-1b076d88024e9e8fa50fb517fb49e6d5.yaml b/nuclei-templates/2023/CVE-2023-3328-1b076d88024e9e8fa50fb517fb49e6d5.yaml
index 4abbc2beaa..a7605d58e9 100644
--- a/nuclei-templates/2023/CVE-2023-3328-1b076d88024e9e8fa50fb517fb49e6d5.yaml
+++ b/nuclei-templates/2023/CVE-2023-3328-1b076d88024e9e8fa50fb517fb49e6d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-field-for-wp-job-manager/"
     google-query: inurl:"/wp-content/plugins/custom-field-for-wp-job-manager/"
     shodan-query: 'vuln:CVE-2023-3328'
-  tags: cve,wordpress,wp-plugin,custom-field-for-wp-job-manager,medium
+  tags: cve,wordpress,wp-plugin,custom-field-for-wp-job-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33310-d8d7674d520927a7ad2ed94f66363231.yaml b/nuclei-templates/2023/CVE-2023-33310-d8d7674d520927a7ad2ed94f66363231.yaml
index bea70bc60c..124468047e 100644
--- a/nuclei-templates/2023/CVE-2023-33310-d8d7674d520927a7ad2ed94f66363231.yaml
+++ b/nuclei-templates/2023/CVE-2023-33310-d8d7674d520927a7ad2ed94f66363231.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Unite Gallery Lite plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.7.59 via the 'view' parameter. This allows authenticated attackers with administrator-level privileges to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unite-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/unite-gallery-lite/"
     shodan-query: 'vuln:CVE-2023-33310'
-  tags: cve,wordpress,wp-plugin,unite-gallery-lite,medium
+  tags: cve,wordpress,wp-plugin,unite-gallery-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33311-27391e149ab2871748f52ce997dd4e34.yaml b/nuclei-templates/2023/CVE-2023-33311-27391e149ab2871748f52ce997dd4e34.yaml
index 7c46e5a936..3673018bd8 100644
--- a/nuclei-templates/2023/CVE-2023-33311-27391e149ab2871748f52ce997dd4e34.yaml
+++ b/nuclei-templates/2023/CVE-2023-33311-27391e149ab2871748f52ce997dd4e34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via vx-entries shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form Entries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vx-entries' shortcode attributes in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-entries/"
     google-query: inurl:"/wp-content/plugins/contact-form-entries/"
     shodan-query: 'vuln:CVE-2023-33311'
-  tags: cve,wordpress,wp-plugin,contact-form-entries,medium
+  tags: cve,wordpress,wp-plugin,contact-form-entries,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33317-d1c23493ccad67b72beabba59496692f.yaml b/nuclei-templates/2023/CVE-2023-33317-d1c23493ccad67b72beabba59496692f.yaml
index 8569868aae..799c5f060e 100644
--- a/nuclei-templates/2023/CVE-2023-33317-d1c23493ccad67b72beabba59496692f.yaml
+++ b/nuclei-templates/2023/CVE-2023-33317-d1c23493ccad67b72beabba59496692f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Warranty Requests <= 2.1.6 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WooCommerce Warranty Requests plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-warranty/"
     google-query: inurl:"/wp-content/plugins/woocommerce-warranty/"
     shodan-query: 'vuln:CVE-2023-33317'
-  tags: cve,wordpress,wp-plugin,woocommerce-warranty,high
+  tags: cve,wordpress,wp-plugin,woocommerce-warranty,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33318-1a8df042079c3b5a71f5229720de76a0.yaml b/nuclei-templates/2023/CVE-2023-33318-1a8df042079c3b5a71f5229720de76a0.yaml
index 72ab919eaa..a3dc34db83 100644
--- a/nuclei-templates/2023/CVE-2023-33318-1a8df042079c3b5a71f5229720de76a0.yaml
+++ b/nuclei-templates/2023/CVE-2023-33318-1a8df042079c3b5a71f5229720de76a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Follow-Up Emails <= 4.9.40 - Authenticated Arbitrary File Upload in Template Editing
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WooCommerce Follow-Up Emails plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the template editing functionality in versions up to, and including, 4.9.40. This makes it possible for authenticated attackers, with Follow-Up Emails Manager permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-follow-up-emails/"
     google-query: inurl:"/wp-content/plugins/woocommerce-follow-up-emails/"
     shodan-query: 'vuln:CVE-2023-33318'
-  tags: cve,wordpress,wp-plugin,woocommerce-follow-up-emails,critical
+  tags: cve,wordpress,wp-plugin,woocommerce-follow-up-emails,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33322-64fa318eea101296cd3a97fbe96ebb75.yaml b/nuclei-templates/2023/CVE-2023-33322-64fa318eea101296cd3a97fbe96ebb75.yaml
index 1194991d14..091e8f06dd 100644
--- a/nuclei-templates/2023/CVE-2023-33322-64fa318eea101296cd3a97fbe96ebb75.yaml
+++ b/nuclei-templates/2023/CVE-2023-33322-64fa318eea101296cd3a97fbe96ebb75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Front End Users <= 3.2.27 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Front End Users plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.2.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/front-end-only-users/"
     google-query: inurl:"/wp-content/plugins/front-end-only-users/"
     shodan-query: 'vuln:CVE-2023-33322'
-  tags: cve,wordpress,wp-plugin,front-end-only-users,medium
+  tags: cve,wordpress,wp-plugin,front-end-only-users,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33323-ab42ec9d60829884112a87fe093b6c61.yaml b/nuclei-templates/2023/CVE-2023-33323-ab42ec9d60829884112a87fe093b6c61.yaml
index 7131f3f5d8..8877b71f29 100644
--- a/nuclei-templates/2023/CVE-2023-33323-ab42ec9d60829884112a87fe093b6c61.yaml
+++ b/nuclei-templates/2023/CVE-2023-33323-ab42ec9d60829884112a87fe093b6c61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARMember <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ARMember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/armember-membership/"
     google-query: inurl:"/wp-content/plugins/armember-membership/"
     shodan-query: 'vuln:CVE-2023-33323'
-  tags: cve,wordpress,wp-plugin,armember-membership,medium
+  tags: cve,wordpress,wp-plugin,armember-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33328-249f3208e9e6f6c1af58b4828d3f6027.yaml b/nuclei-templates/2023/CVE-2023-33328-249f3208e9e6f6c1af58b4828d3f6027.yaml
index 35e89e8720..fe3f93132a 100644
--- a/nuclei-templates/2023/CVE-2023-33328-249f3208e9e6f6c1af58b4828d3f6027.yaml
+++ b/nuclei-templates/2023/CVE-2023-33328-249f3208e9e6f6c1af58b4828d3f6027.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailChimp Subscribe Forms  <= 4.0.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MailChimp Subscribe Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-subscribe-sm/"
     google-query: inurl:"/wp-content/plugins/mailchimp-subscribe-sm/"
     shodan-query: 'vuln:CVE-2023-33328'
-  tags: cve,wordpress,wp-plugin,mailchimp-subscribe-sm,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-subscribe-sm,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33329-b832c46935cda704a801fdf109478436.yaml b/nuclei-templates/2023/CVE-2023-33329-b832c46935cda704a801fdf109478436.yaml
index 787df98f36..3c1620885b 100644
--- a/nuclei-templates/2023/CVE-2023-33329-b832c46935cda704a801fdf109478436.yaml
+++ b/nuclei-templates/2023/CVE-2023-33329-b832c46935cda704a801fdf109478436.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Post Type Generator <= 2.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Post Type Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-post-type-generator/"
     google-query: inurl:"/wp-content/plugins/custom-post-type-generator/"
     shodan-query: 'vuln:CVE-2023-33329'
-  tags: cve,wordpress,wp-plugin,custom-post-type-generator,medium
+  tags: cve,wordpress,wp-plugin,custom-post-type-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33330-9f39bbe8da0a79b61b743c5fac55c881.yaml b/nuclei-templates/2023/CVE-2023-33330-9f39bbe8da0a79b61b743c5fac55c881.yaml
index 0c2eee3fdc..af9071cbf0 100644
--- a/nuclei-templates/2023/CVE-2023-33330-9f39bbe8da0a79b61b743c5fac55c881.yaml
+++ b/nuclei-templates/2023/CVE-2023-33330-9f39bbe8da0a79b61b743c5fac55c881.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Follow-Up Emails <= 4.9.50 - Authenticated (Follow-up emails manager+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce Follow-Up Emails plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.9.50 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with follow-up emails manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-follow-up-emails/"
     google-query: inurl:"/wp-content/plugins/woocommerce-follow-up-emails/"
     shodan-query: 'vuln:CVE-2023-33330'
-  tags: cve,wordpress,wp-plugin,woocommerce-follow-up-emails,high
+  tags: cve,wordpress,wp-plugin,woocommerce-follow-up-emails,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33331-d801fbca464a51e293e83c92692f388d.yaml b/nuclei-templates/2023/CVE-2023-33331-d801fbca464a51e293e83c92692f388d.yaml
index b93f3d7630..2c694ea497 100644
--- a/nuclei-templates/2023/CVE-2023-33331-d801fbca464a51e293e83c92692f388d.yaml
+++ b/nuclei-templates/2023/CVE-2023-33331-d801fbca464a51e293e83c92692f388d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce Product Vendors plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.76 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with vendor admin-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-vendors/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-vendors/"
     shodan-query: 'vuln:CVE-2023-33331'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,high
+  tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33333-83ba977a44de14ef1ffafdedd6dd629e.yaml b/nuclei-templates/2023/CVE-2023-33333-83ba977a44de14ef1ffafdedd6dd629e.yaml
index f20af2b812..36b94dc4a0 100644
--- a/nuclei-templates/2023/CVE-2023-33333-83ba977a44de14ef1ffafdedd6dd629e.yaml
+++ b/nuclei-templates/2023/CVE-2023-33333-83ba977a44de14ef1ffafdedd6dd629e.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-33333
   metadata:
-    fofa-query: "wp-content/plugins/complianz-gdpr-premium/"
-    google-query: inurl:"/wp-content/plugins/complianz-gdpr-premium/"
+    fofa-query: "wp-content/plugins/complianz-gdpr/"
+    google-query: inurl:"/wp-content/plugins/complianz-gdpr/"
     shodan-query: 'vuln:CVE-2023-33333'
-  tags: cve,wordpress,wp-plugin,complianz-gdpr-premium,medium
+  tags: cve,wordpress,wp-plugin,complianz-gdpr,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/complianz-gdpr-premium/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "complianz-gdpr-premium"
+          - "complianz-gdpr"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 6.4.6.1')
\ No newline at end of file
+          - compare_versions(version, '<= 6.4.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-3342-d95100aaa0c0f9fcb84493d4239628ac.yaml b/nuclei-templates/2023/CVE-2023-3342-d95100aaa0c0f9fcb84493d4239628ac.yaml
index 005ac4b8d5..793615a454 100644
--- a/nuclei-templates/2023/CVE-2023-3342-d95100aaa0c0f9fcb84493d4239628ac.yaml
+++ b/nuclei-templates/2023/CVE-2023-3342-d95100aaa0c0f9fcb84493d4239628ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-registration/"
     google-query: inurl:"/wp-content/plugins/user-registration/"
     shodan-query: 'vuln:CVE-2023-3342'
-  tags: cve,wordpress,wp-plugin,user-registration,critical
+  tags: cve,wordpress,wp-plugin,user-registration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3343-3d14b08568400569a677dd320c2e823a.yaml b/nuclei-templates/2023/CVE-2023-3343-3d14b08568400569a677dd320c2e823a.yaml
index e1400a4911..654d5a7463 100644
--- a/nuclei-templates/2023/CVE-2023-3343-3d14b08568400569a677dd320c2e823a.yaml
+++ b/nuclei-templates/2023/CVE-2023-3343-3d14b08568400569a677dd320c2e823a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-registration/"
     google-query: inurl:"/wp-content/plugins/user-registration/"
     shodan-query: 'vuln:CVE-2023-3343'
-  tags: cve,wordpress,wp-plugin,user-registration,high
+  tags: cve,wordpress,wp-plugin,user-registration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3344-c35094b437e27c460747dae02d21159c.yaml b/nuclei-templates/2023/CVE-2023-3344-c35094b437e27c460747dae02d21159c.yaml
index 5b525e932a..cd574093f5 100644
--- a/nuclei-templates/2023/CVE-2023-3344-c35094b437e27c460747dae02d21159c.yaml
+++ b/nuclei-templates/2023/CVE-2023-3344-c35094b437e27c460747dae02d21159c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Location for WP Job Manager via Google <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Auto Location for WP Job Manager via Google plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-location-for-wp-job-manager/"
     google-query: inurl:"/wp-content/plugins/auto-location-for-wp-job-manager/"
     shodan-query: 'vuln:CVE-2023-3344'
-  tags: cve,wordpress,wp-plugin,auto-location-for-wp-job-manager,medium
+  tags: cve,wordpress,wp-plugin,auto-location-for-wp-job-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3365-e6a704ce234334d9f31ac517092f1bb0.yaml b/nuclei-templates/2023/CVE-2023-3365-e6a704ce234334d9f31ac517092f1bb0.yaml
index d627b7b09b..615c45ea9c 100644
--- a/nuclei-templates/2023/CVE-2023-3365-e6a704ce234334d9f31ac517092f1bb0.yaml
+++ b/nuclei-templates/2023/CVE-2023-3365-e6a704ce234334d9f31ac517092f1bb0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MultiParcels Shipping For WooCommerce <= 1.14.13 - Missing Authorization via get_history
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MultiParcels Shipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'get_history' function in versions up to, and including, 1.14.13. This makes it possible for authenticated attackers with subscriber-level permissions to delete arbitrary shipments.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multiparcels-shipping-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/multiparcels-shipping-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-3365'
-  tags: cve,wordpress,wp-plugin,multiparcels-shipping-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,multiparcels-shipping-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3369-e7894ec8416d5b9bca834efe054366ef.yaml b/nuclei-templates/2023/CVE-2023-3369-e7894ec8416d5b9bca834efe054366ef.yaml
index aa5fa1d87f..0783939d9b 100644
--- a/nuclei-templates/2023/CVE-2023-3369-e7894ec8416d5b9bca834efe054366ef.yaml
+++ b/nuclei-templates/2023/CVE-2023-3369-e7894ec8416d5b9bca834efe054366ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     About Me 3000 widget <= 2.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/about-me-3000/"
     google-query: inurl:"/wp-content/plugins/about-me-3000/"
     shodan-query: 'vuln:CVE-2023-3369'
-  tags: cve,wordpress,wp-plugin,about-me-3000,medium
+  tags: cve,wordpress,wp-plugin,about-me-3000,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3372-30c4f098df3ec040d50017f604f86e26.yaml b/nuclei-templates/2023/CVE-2023-3372-30c4f098df3ec040d50017f604f86e26.yaml
index 0a12209279..7c09450861 100644
--- a/nuclei-templates/2023/CVE-2023-3372-30c4f098df3ec040d50017f604f86e26.yaml
+++ b/nuclei-templates/2023/CVE-2023-3372-30c4f098df3ec040d50017f604f86e26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lana Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Lana Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lana-shortcodes/"
     google-query: inurl:"/wp-content/plugins/lana-shortcodes/"
     shodan-query: 'vuln:CVE-2023-3372'
-  tags: cve,wordpress,wp-plugin,lana-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,lana-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3387-01d1d88da52813ba88f89d4ae266435f.yaml b/nuclei-templates/2023/CVE-2023-3387-01d1d88da52813ba88f89d4ae266435f.yaml
index 7a4bab3c98..12a3e96ef9 100644
--- a/nuclei-templates/2023/CVE-2023-3387-01d1d88da52813ba88f89d4ae266435f.yaml
+++ b/nuclei-templates/2023/CVE-2023-3387-01d1d88da52813ba88f89d4ae266435f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lana Text to Image <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lana_text_to_image' and 'lana_text_to_img' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lana-text-to-image/"
     google-query: inurl:"/wp-content/plugins/lana-text-to-image/"
     shodan-query: 'vuln:CVE-2023-3387'
-  tags: cve,wordpress,wp-plugin,lana-text-to-image,medium
+  tags: cve,wordpress,wp-plugin,lana-text-to-image,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3392-20e2ffcefe24845b4b4e6344c91c5c95.yaml b/nuclei-templates/2023/CVE-2023-3392-20e2ffcefe24845b4b4e6344c91c5c95.yaml
index f3391aef25..a202b3e6c0 100644
--- a/nuclei-templates/2023/CVE-2023-3392-20e2ffcefe24845b4b4e6344c91c5c95.yaml
+++ b/nuclei-templates/2023/CVE-2023-3392-20e2ffcefe24845b4b4e6344c91c5c95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Read More & Accordion <= 3.2.6.1 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Read More & Accordion plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.2.6.1 via deserialization of untrusted input from admin settings. This allows authenticated attackers, with administrator-level privileges and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/expand-maker/"
     google-query: inurl:"/wp-content/plugins/expand-maker/"
     shodan-query: 'vuln:CVE-2023-3392'
-  tags: cve,wordpress,wp-plugin,expand-maker,high
+  tags: cve,wordpress,wp-plugin,expand-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33922-287536d4e13889455f637b6c851d2004.yaml b/nuclei-templates/2023/CVE-2023-33922-287536d4e13889455f637b6c851d2004.yaml
index e38b712a11..5045495faa 100644
--- a/nuclei-templates/2023/CVE-2023-33922-287536d4e13889455f637b6c851d2004.yaml
+++ b/nuclei-templates/2023/CVE-2023-33922-287536d4e13889455f637b6c851d2004.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor <= 3.13.2 Authenticated(Contributor+) Arbitrary Post Type Creation via save_item
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor plugin for WordPress is vulnerable to the creation of emergent resources due to insufficient input validation in the template "save_item" function in versions up to, and including, 3.13.3. This allows authenticated attackers, with contributor-level permissions or above, to create templates with an arbitrary post type, potentially allowing the exploitation of other plugins that depend on custom post types.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2023-33922'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33923-06cd0f178ae533c7b94126d052d17b3f.yaml b/nuclei-templates/2023/CVE-2023-33923-06cd0f178ae533c7b94126d052d17b3f.yaml
index 0f75eeaaa7..66d6244f7f 100644
--- a/nuclei-templates/2023/CVE-2023-33923-06cd0f178ae533c7b94126d052d17b3f.yaml
+++ b/nuclei-templates/2023/CVE-2023-33923-06cd0f178ae533c7b94126d052d17b3f.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-33923
   metadata:
-    fofa-query: "wp-content/themes/viral-news/"
-    google-query: inurl:"/wp-content/themes/viral-news/"
+    fofa-query: "wp-content/themes/viral/"
+    google-query: inurl:"/wp-content/themes/viral/"
     shodan-query: 'vuln:CVE-2023-33923'
-  tags: cve,wordpress,wp-theme,viral-news,medium
+  tags: cve,wordpress,wp-theme,viral,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/viral-news/style.css"
+      - "{{BaseURL}}/wp-content/themes/viral/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "viral-news"
+          - "viral"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.4.5')
\ No newline at end of file
+          - compare_versions(version, '<= 1.8.0')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-33923-d566c0816c38ea6ca24760850c1eaf4a.yaml b/nuclei-templates/2023/CVE-2023-33923-d566c0816c38ea6ca24760850c1eaf4a.yaml
index a57acba579..11b7c2cbed 100644
--- a/nuclei-templates/2023/CVE-2023-33923-d566c0816c38ea6ca24760850c1eaf4a.yaml
+++ b/nuclei-templates/2023/CVE-2023-33923-d566c0816c38ea6ca24760850c1eaf4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Themes (Various Versions) - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Several themes for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the activate_plugin() function called via an AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-33923
   metadata:
-    fofa-query: "wp-content/themes/viral-news/"
-    google-query: inurl:"/wp-content/themes/viral-news/"
+    fofa-query: "wp-content/themes/viral/"
+    google-query: inurl:"/wp-content/themes/viral/"
     shodan-query: 'vuln:CVE-2023-33923'
-  tags: cve,wordpress,wp-theme,viral-news,medium
+  tags: cve,wordpress,wp-theme,viral,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/viral-news/style.css"
+      - "{{BaseURL}}/wp-content/themes/viral/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "viral-news"
+          - "viral"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.4.5')
\ No newline at end of file
+          - compare_versions(version, '<= 1.8.0')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-33924-1d1308e4009a475d471dafd71ee14d32.yaml b/nuclei-templates/2023/CVE-2023-33924-1d1308e4009a475d471dafd71ee14d32.yaml
index cc21d949f9..74a635cd89 100644
--- a/nuclei-templates/2023/CVE-2023-33924-1d1308e4009a475d471dafd71ee14d32.yaml
+++ b/nuclei-templates/2023/CVE-2023-33924-1d1308e4009a475d471dafd71ee14d32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SIS Handball <= 1.0.45 - Authenticated (Administrator+) SQL Injection via 'orderby'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SIS Handball plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in versions up to, and including, 1.0.45 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sis-handball/"
     google-query: inurl:"/wp-content/plugins/sis-handball/"
     shodan-query: 'vuln:CVE-2023-33924'
-  tags: cve,wordpress,wp-plugin,sis-handball,high
+  tags: cve,wordpress,wp-plugin,sis-handball,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33927-bce926ab22529c16e0539f0acc228409.yaml b/nuclei-templates/2023/CVE-2023-33927-bce926ab22529c16e0539f0acc228409.yaml
index 29f423c7e8..9842b7de3a 100644
--- a/nuclei-templates/2023/CVE-2023-33927-bce926ab22529c16e0539f0acc228409.yaml
+++ b/nuclei-templates/2023/CVE-2023-33927-bce926ab22529c16e0539f0acc228409.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Page Generator Plugin – MPG <= 3.3.19 - Authenticated (Administrator+) SQL Injection in projects_list and total_projects
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to SQL Injection in the projects_list and total_projects functions in versions up to, and including, 3.3.19 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/"
     google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/"
     shodan-query: 'vuln:CVE-2023-33927'
-  tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,high
+  tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33928-beccbd5d983b56da7098c3b6df8c3b57.yaml b/nuclei-templates/2023/CVE-2023-33928-beccbd5d983b56da7098c3b6df8c3b57.yaml
index f168e8bb1d..808de6762b 100644
--- a/nuclei-templates/2023/CVE-2023-33928-beccbd5d983b56da7098c3b6df8c3b57.yaml
+++ b/nuclei-templates/2023/CVE-2023-33928-beccbd5d983b56da7098c3b6df8c3b57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Backup & Migration <= 1.4.0 - Missing Authorization via wt_delete_schedule
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wt_delete_schedule' AJAX function in versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the migration schedule cron.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-migration-duplicator/"
     google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/"
     shodan-query: 'vuln:CVE-2023-33928'
-  tags: cve,wordpress,wp-plugin,wp-migration-duplicator,medium
+  tags: cve,wordpress,wp-plugin,wp-migration-duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33929-3b5f830cc2d293978dbe39244d121ee0.yaml b/nuclei-templates/2023/CVE-2023-33929-3b5f830cc2d293978dbe39244d121ee0.yaml
index fdb6c8c5b9..8eec80a7e8 100644
--- a/nuclei-templates/2023/CVE-2023-33929-3b5f830cc2d293978dbe39244d121ee0.yaml
+++ b/nuclei-templates/2023/CVE-2023-33929-3b5f830cc2d293978dbe39244d121ee0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Admin Menu <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Admin Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-admin-menu/"
     google-query: inurl:"/wp-content/plugins/easy-admin-menu/"
     shodan-query: 'vuln:CVE-2023-33929'
-  tags: cve,wordpress,wp-plugin,easy-admin-menu,medium
+  tags: cve,wordpress,wp-plugin,easy-admin-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33994-971075c7b5684cf126577f8a88b91254.yaml b/nuclei-templates/2023/CVE-2023-33994-971075c7b5684cf126577f8a88b91254.yaml
index caf7591bd2..70425bcdcc 100644
--- a/nuclei-templates/2023/CVE-2023-33994-971075c7b5684cf126577f8a88b91254.yaml
+++ b/nuclei-templates/2023/CVE-2023-33994-971075c7b5684cf126577f8a88b91254.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slimstat Analytics plugin for WordPress is vulnerable to unauthorized PageView Deletion due to a missing capability check on the delete_pageview function in versions up to, and including, 5.0.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete PageViews.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2023-33994'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,medium
+  tags: cve,wordpress,wp-plugin,wp-slimstat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33995-e07e7d71dc600bc27e4f1c11c365c393.yaml b/nuclei-templates/2023/CVE-2023-33995-e07e7d71dc600bc27e4f1c11c365c393.yaml
index d6c55e4304..65bcd3f7ae 100644
--- a/nuclei-templates/2023/CVE-2023-33995-e07e7d71dc600bc27e4f1c11c365c393.yaml
+++ b/nuclei-templates/2023/CVE-2023-33995-e07e7d71dc600bc27e4f1c11c365c393.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery <= 1.8.15 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photo Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_score function called via an AJAX action in versions up to, and including, 1.8.15. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to check page speed score.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2023-33995'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33996-a8def04824c95aa61e5602395bc3c9b4.yaml b/nuclei-templates/2023/CVE-2023-33996-a8def04824c95aa61e5602395bc3c9b4.yaml
index 9620c63725..ced8c08f4d 100644
--- a/nuclei-templates/2023/CVE-2023-33996-a8def04824c95aa61e5602395bc3c9b4.yaml
+++ b/nuclei-templates/2023/CVE-2023-33996-a8def04824c95aa61e5602395bc3c9b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Spam protection, AntiSpam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions along with nonce disclosure in versions up to, and including, 6.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify/export/import templates and trash/spam/modify comments among some other actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cleantalk-spam-protect/"
     google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/"
     shodan-query: 'vuln:CVE-2023-33996'
-  tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,medium
+  tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33998-f48220ff86f125e37c7a8dfee9752f3b.yaml b/nuclei-templates/2023/CVE-2023-33998-f48220ff86f125e37c7a8dfee9752f3b.yaml
index 4bd2a05087..5f3c2ea3aa 100644
--- a/nuclei-templates/2023/CVE-2023-33998-f48220ff86f125e37c7a8dfee9752f3b.yaml
+++ b/nuclei-templates/2023/CVE-2023-33998-f48220ff86f125e37c7a8dfee9752f3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Icons <= 3.2.4 - Missing Authorization via cnss_save_ajax_order
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Social Icons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cnss_save_ajax_order function in versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the order of social icons.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-icons/"
     google-query: inurl:"/wp-content/plugins/easy-social-icons/"
     shodan-query: 'vuln:CVE-2023-33998'
-  tags: cve,wordpress,wp-plugin,easy-social-icons,medium
+  tags: cve,wordpress,wp-plugin,easy-social-icons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-33999-3025abb89074bfece497106ff98a8953.yaml b/nuclei-templates/2023/CVE-2023-33999-3025abb89074bfece497106ff98a8953.yaml
index 142ce500b2..7490ed0007 100644
--- a/nuclei-templates/2023/CVE-2023-33999-3025abb89074bfece497106ff98a8953.yaml
+++ b/nuclei-templates/2023/CVE-2023-33999-3025abb89074bfece497106ff98a8953.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-33999
   metadata:
-    fofa-query: "wp-content/plugins/yet-another-stars-rating/"
-    google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/"
+    fofa-query: "wp-content/plugins/wp-automedic/"
+    google-query: inurl:"/wp-content/plugins/wp-automedic/"
     shodan-query: 'vuln:CVE-2023-33999'
-  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,medium
+  tags: cve,wordpress,wp-plugin,wp-automedic,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/yet-another-stars-rating/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-automedic/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "yet-another-stars-rating"
+          - "wp-automedic"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '>= 1.4.4', '<= 3.4.1')
\ No newline at end of file
+          - compare_versions(version, '>= 1.4.0', '<= 1.5.6')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-34003-e7840c043e4c24ed6e535dc7a65aee86.yaml b/nuclei-templates/2023/CVE-2023-34003-e7840c043e4c24ed6e535dc7a65aee86.yaml
index e624a836e9..8a997f2fd5 100644
--- a/nuclei-templates/2023/CVE-2023-34003-e7840c043e4c24ed6e535dc7a65aee86.yaml
+++ b/nuclei-templates/2023/CVE-2023-34003-e7840c043e4c24ed6e535dc7a65aee86.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Box Office <= 1.1.51 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 1.1.51. This makes it possible for unauthenticated attackers to save ticket barcodes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-box-office/"
     google-query: inurl:"/wp-content/plugins/woocommerce-box-office/"
     shodan-query: 'vuln:CVE-2023-34003'
-  tags: cve,wordpress,wp-plugin,woocommerce-box-office,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-box-office,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34004-615764f544ee769c8562683adf2e3c22.yaml b/nuclei-templates/2023/CVE-2023-34004-615764f544ee769c8562683adf2e3c22.yaml
index 40176585c3..1890ce5e52 100644
--- a/nuclei-templates/2023/CVE-2023-34004-615764f544ee769c8562683adf2e3c22.yaml
+++ b/nuclei-templates/2023/CVE-2023-34004-615764f544ee769c8562683adf2e3c22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Box Office <= 1.1.50 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Box Office plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-box-office/"
     google-query: inurl:"/wp-content/plugins/woocommerce-box-office/"
     shodan-query: 'vuln:CVE-2023-34004'
-  tags: cve,wordpress,wp-plugin,woocommerce-box-office,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-box-office,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34006-0caf4f2b6437a679adbb5b527c6703b2.yaml b/nuclei-templates/2023/CVE-2023-34006-0caf4f2b6437a679adbb5b527c6703b2.yaml
index 0c77058dbf..fd189842bf 100644
--- a/nuclei-templates/2023/CVE-2023-34006-0caf4f2b6437a679adbb5b527c6703b2.yaml
+++ b/nuclei-templates/2023/CVE-2023-34006-0caf4f2b6437a679adbb5b527c6703b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Telegram Bot & Channel <= 3.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/telegram-bot/"
     google-query: inurl:"/wp-content/plugins/telegram-bot/"
     shodan-query: 'vuln:CVE-2023-34006'
-  tags: cve,wordpress,wp-plugin,telegram-bot,medium
+  tags: cve,wordpress,wp-plugin,telegram-bot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34007-5c72e030a59da55164488a0121d8367a.yaml b/nuclei-templates/2023/CVE-2023-34007-5c72e030a59da55164488a0121d8367a.yaml
index d48be2db9f..74306bc724 100644
--- a/nuclei-templates/2023/CVE-2023-34007-5c72e030a59da55164488a0121d8367a.yaml
+++ b/nuclei-templates/2023/CVE-2023-34007-5c72e030a59da55164488a0121d8367a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Download Monitor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and access controls on the 'upload_file' function in versions up to, and including, 4.8.3. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:CVE-2023-34007'
-  tags: cve,wordpress,wp-plugin,download-monitor,high
+  tags: cve,wordpress,wp-plugin,download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34009-0e6b771f58abc47bc1cd00cdb88a6b13.yaml b/nuclei-templates/2023/CVE-2023-34009-0e6b771f58abc47bc1cd00cdb88a6b13.yaml
index 815664d4e9..00c2bc916b 100644
--- a/nuclei-templates/2023/CVE-2023-34009-0e6b771f58abc47bc1cd00cdb88a6b13.yaml
+++ b/nuclei-templates/2023/CVE-2023-34009-0e6b771f58abc47bc1cd00cdb88a6b13.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media & Share Icons <= 2.8.1 - Missing Authorization via handle_installation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Media & Share Icons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_installation function in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to install one of a pre-defined set of plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-social-media-icons/"
     google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/"
     shodan-query: 'vuln:CVE-2023-34009'
-  tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,medium
+  tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34013-29bc9c14cc220941303188c45b9daf29.yaml b/nuclei-templates/2023/CVE-2023-34013-29bc9c14cc220941303188c45b9daf29.yaml
index 0802b5d229..6b93ff3fd1 100644
--- a/nuclei-templates/2023/CVE-2023-34013-29bc9c14cc220941303188c45b9daf29.yaml
+++ b/nuclei-templates/2023/CVE-2023-34013-29bc9c14cc220941303188c45b9daf29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poll Maker <= 4.6.2 - Authenticated (Admin+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Poll Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 4.6.2. This makes it possible for authenticated attackers, with administrator-level access, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/poll-maker/"
     google-query: inurl:"/wp-content/plugins/poll-maker/"
     shodan-query: 'vuln:CVE-2023-34013'
-  tags: cve,wordpress,wp-plugin,poll-maker,medium
+  tags: cve,wordpress,wp-plugin,poll-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34018-69235207b58aed8fe2c8ecd662e7a82c.yaml b/nuclei-templates/2023/CVE-2023-34018-69235207b58aed8fe2c8ecd662e7a82c.yaml
index 370bc19828..19a8025983 100644
--- a/nuclei-templates/2023/CVE-2023-34018-69235207b58aed8fe2c8ecd662e7a82c.yaml
+++ b/nuclei-templates/2023/CVE-2023-34018-69235207b58aed8fe2c8ecd662e7a82c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SoundCloud Shortcode <= 3.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SoundCloud Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/soundcloud-shortcode/"
     google-query: inurl:"/wp-content/plugins/soundcloud-shortcode/"
     shodan-query: 'vuln:CVE-2023-34018'
-  tags: cve,wordpress,wp-plugin,soundcloud-shortcode,medium
+  tags: cve,wordpress,wp-plugin,soundcloud-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34019-66d45612d48c50a420406488ffbcd2d8.yaml b/nuclei-templates/2023/CVE-2023-34019-66d45612d48c50a420406488ffbcd2d8.yaml
index efe7c7c76e..3395363d89 100644
--- a/nuclei-templates/2023/CVE-2023-34019-66d45612d48c50a420406488ffbcd2d8.yaml
+++ b/nuclei-templates/2023/CVE-2023-34019-66d45612d48c50a420406488ffbcd2d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uncanny Toolkit for LearnDash <= 3.6.4.3 - Missing Authorization via review-banner-visibility REST route
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Uncanny Toolkit for LearnDash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the review-banner-visibility REST route in versions up to, and including, 3.6.4.3. This makes it possible for unauthenticated attackers to save review settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uncanny-learndash-toolkit/"
     google-query: inurl:"/wp-content/plugins/uncanny-learndash-toolkit/"
     shodan-query: 'vuln:CVE-2023-34019'
-  tags: cve,wordpress,wp-plugin,uncanny-learndash-toolkit,medium
+  tags: cve,wordpress,wp-plugin,uncanny-learndash-toolkit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3403-d335e6c8c52890984157995f488f49da.yaml b/nuclei-templates/2023/CVE-2023-3403-d335e6c8c52890984157995f488f49da.yaml
index cdc2948957..49a11f19ea 100644
--- a/nuclei-templates/2023/CVE-2023-3403-d335e6c8c52890984157995f488f49da.yaml
+++ b/nuclei-templates/2023/CVE-2023-3403-d335e6c8c52890984157995f488f49da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid <= 5.5.1 - Missing Authorization to User Import
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2023-3403'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34030-3faec85547682ca0daca65d7bcfe4f48.yaml b/nuclei-templates/2023/CVE-2023-34030-3faec85547682ca0daca65d7bcfe4f48.yaml
index d4395a5e1c..3c3f540d3e 100644
--- a/nuclei-templates/2023/CVE-2023-34030-3faec85547682ca0daca65d7bcfe4f48.yaml
+++ b/nuclei-templates/2023/CVE-2023-34030-3faec85547682ca0daca65d7bcfe4f48.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-34030
   metadata:
-    fofa-query: "wp-content/plugins/complianz-gdpr-premium/"
-    google-query: inurl:"/wp-content/plugins/complianz-gdpr-premium/"
+    fofa-query: "wp-content/plugins/complianz-gdpr/"
+    google-query: inurl:"/wp-content/plugins/complianz-gdpr/"
     shodan-query: 'vuln:CVE-2023-34030'
-  tags: cve,wordpress,wp-plugin,complianz-gdpr-premium,medium
+  tags: cve,wordpress,wp-plugin,complianz-gdpr,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/complianz-gdpr-premium/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "complianz-gdpr-premium"
+          - "complianz-gdpr"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 6.4.7')
\ No newline at end of file
+          - compare_versions(version, '<= 6.4.5')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-3412-8ab353496a7495d9f3fe5d5531e368eb.yaml b/nuclei-templates/2023/CVE-2023-3412-8ab353496a7495d9f3fe5d5531e368eb.yaml
index 7b6fb77a96..f2c78da956 100644
--- a/nuclei-templates/2023/CVE-2023-3412-8ab353496a7495d9f3fe5d5531e368eb.yaml
+++ b/nuclei-templates/2023/CVE-2023-3412-8ab353496a7495d9f3fe5d5531e368eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Missing Authorization to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajax_store_save() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify plugin settings and inject malicious web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-map-pro-lite/"
     google-query: inurl:"/wp-content/plugins/image-map-pro-lite/"
     shodan-query: 'vuln:CVE-2023-3412'
-  tags: cve,wordpress,wp-plugin,image-map-pro-lite,medium
+  tags: cve,wordpress,wp-plugin,image-map-pro-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34168-1540a4d1322834c5a338a51354b58ee1.yaml b/nuclei-templates/2023/CVE-2023-34168-1540a4d1322834c5a338a51354b58ee1.yaml
index fe0f1828df..43336ff3e9 100644
--- a/nuclei-templates/2023/CVE-2023-34168-1540a4d1322834c5a338a51354b58ee1.yaml
+++ b/nuclei-templates/2023/CVE-2023-34168-1540a4d1322834c5a338a51354b58ee1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Report Post <= 2.1.2 - Authenticated (Editor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Report Post plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-report-post/"
     google-query: inurl:"/wp-content/plugins/wp-report-post/"
     shodan-query: 'vuln:CVE-2023-34168'
-  tags: cve,wordpress,wp-plugin,wp-report-post,high
+  tags: cve,wordpress,wp-plugin,wp-report-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34170-d9e29420afd04acd93625f8acad7ad8f.yaml b/nuclei-templates/2023/CVE-2023-34170-d9e29420afd04acd93625f8acad7ad8f.yaml
index c4d00d6fde..da9b44f647 100644
--- a/nuclei-templates/2023/CVE-2023-34170-d9e29420afd04acd93625f8acad7ad8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-34170-d9e29420afd04acd93625f8acad7ad8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick/Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Shop manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick/Bulk Order Form for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-bulk-order-form/"
     google-query: inurl:"/wp-content/plugins/woocommerce-bulk-order-form/"
     shodan-query: 'vuln:CVE-2023-34170'
-  tags: cve,wordpress,wp-plugin,woocommerce-bulk-order-form,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-bulk-order-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34172-adeb22f24ece0b4bc846eeeff12f100f.yaml b/nuclei-templates/2023/CVE-2023-34172-adeb22f24ece0b4bc846eeeff12f100f.yaml
index dd8733bdb4..16deeb40aa 100644
--- a/nuclei-templates/2023/CVE-2023-34172-adeb22f24ece0b4bc846eeeff12f100f.yaml
+++ b/nuclei-templates/2023/CVE-2023-34172-adeb22f24ece0b4bc846eeeff12f100f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Social Login <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-social-login/"
     google-query: inurl:"/wp-content/plugins/wordpress-social-login/"
     shodan-query: 'vuln:CVE-2023-34172'
-  tags: cve,wordpress,wp-plugin,wordpress-social-login,medium
+  tags: cve,wordpress,wp-plugin,wordpress-social-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34173-ffdf4101e49b7fe440cdcd6bd244561e.yaml b/nuclei-templates/2023/CVE-2023-34173-ffdf4101e49b7fe440cdcd6bd244561e.yaml
index 06754c861f..0c0f14ec46 100644
--- a/nuclei-templates/2023/CVE-2023-34173-ffdf4101e49b7fe440cdcd6bd244561e.yaml
+++ b/nuclei-templates/2023/CVE-2023-34173-ffdf4101e49b7fe440cdcd6bd244561e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yandex Metrica Counter <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yandex Metrica Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/counter-yandex-metrica/"
     google-query: inurl:"/wp-content/plugins/counter-yandex-metrica/"
     shodan-query: 'vuln:CVE-2023-34173'
-  tags: cve,wordpress,wp-plugin,counter-yandex-metrica,medium
+  tags: cve,wordpress,wp-plugin,counter-yandex-metrica,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34179-1d9266ecaa07d410393e4d47b4c9954f.yaml b/nuclei-templates/2023/CVE-2023-34179-1d9266ecaa07d410393e4d47b4c9954f.yaml
index 1bd1767ec3..9d7da6f1b7 100644
--- a/nuclei-templates/2023/CVE-2023-34179-1d9266ecaa07d410393e4d47b4c9954f.yaml
+++ b/nuclei-templates/2023/CVE-2023-34179-1d9266ecaa07d410393e4d47b4c9954f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Groundhogg plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.7.11 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/groundhogg/"
     google-query: inurl:"/wp-content/plugins/groundhogg/"
     shodan-query: 'vuln:CVE-2023-34179'
-  tags: cve,wordpress,wp-plugin,groundhogg,high
+  tags: cve,wordpress,wp-plugin,groundhogg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34183-4b751d7bee414741f3c79461b74b4584.yaml b/nuclei-templates/2023/CVE-2023-34183-4b751d7bee414741f3c79461b74b4584.yaml
index b49365fe9b..a923e67cb9 100644
--- a/nuclei-templates/2023/CVE-2023-34183-4b751d7bee414741f3c79461b74b4584.yaml
+++ b/nuclei-templates/2023/CVE-2023-34183-4b751d7bee414741f3c79461b74b4584.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unite Gallery Lite <= 1.7.61 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Unite Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 1.7.61 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unite-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/unite-gallery-lite/"
     shodan-query: 'vuln:CVE-2023-34183'
-  tags: cve,wordpress,wp-plugin,unite-gallery-lite,medium
+  tags: cve,wordpress,wp-plugin,unite-gallery-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34186-924d818a306e9e6b06f3cb1274c2304e.yaml b/nuclei-templates/2023/CVE-2023-34186-924d818a306e9e6b06f3cb1274c2304e.yaml
index 6690d5cf45..7afdef1208 100644
--- a/nuclei-templates/2023/CVE-2023-34186-924d818a306e9e6b06f3cb1274c2304e.yaml
+++ b/nuclei-templates/2023/CVE-2023-34186-924d818a306e9e6b06f3cb1274c2304e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Headless CMS <= 2.0.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Headless CMS plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check in versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to utilize this functionality reserved for admin users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/headless-cms/"
     google-query: inurl:"/wp-content/plugins/headless-cms/"
     shodan-query: 'vuln:CVE-2023-34186'
-  tags: cve,wordpress,wp-plugin,headless-cms,medium
+  tags: cve,wordpress,wp-plugin,headless-cms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34187-cfbef64f1e1fba4c3a45a9c3c672157f.yaml b/nuclei-templates/2023/CVE-2023-34187-cfbef64f1e1fba4c3a45a9c3c672157f.yaml
index d40c81e34f..e7ea1c6885 100644
--- a/nuclei-templates/2023/CVE-2023-34187-cfbef64f1e1fba4c3a45a9c3c672157f.yaml
+++ b/nuclei-templates/2023/CVE-2023-34187-cfbef64f1e1fba4c3a45a9c3c672157f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Call Now Icon Animate <= 0.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Call Now Icon Animate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/call-now-icon-animate/"
     google-query: inurl:"/wp-content/plugins/call-now-icon-animate/"
     shodan-query: 'vuln:CVE-2023-34187'
-  tags: cve,wordpress,wp-plugin,call-now-icon-animate,medium
+  tags: cve,wordpress,wp-plugin,call-now-icon-animate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3435-e95622a863397746d0d019b16e681085.yaml b/nuclei-templates/2023/CVE-2023-3435-e95622a863397746d0d019b16e681085.yaml
index 966b5de320..0e5e2ab176 100644
--- a/nuclei-templates/2023/CVE-2023-3435-e95622a863397746d0d019b16e681085.yaml
+++ b/nuclei-templates/2023/CVE-2023-3435-e95622a863397746d0d019b16e681085.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Activity Log <= 1.6.4 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The User Activity Log plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.6.4 via the ual_export_log() and ual_export_user_log() function that is missing preparation on existing queries as well as escaping on the user input passed to them. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.  This issue was partially patched in 1.6.4, which made it only exploitable by authenticated users, a full patch was released in 1.6.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-activity-log/"
     google-query: inurl:"/wp-content/plugins/user-activity-log/"
     shodan-query: 'vuln:CVE-2023-3435'
-  tags: cve,wordpress,wp-plugin,user-activity-log,high
+  tags: cve,wordpress,wp-plugin,user-activity-log,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34368-c02729e12026bce3dd84d6631a92ade6.yaml b/nuclei-templates/2023/CVE-2023-34368-c02729e12026bce3dd84d6631a92ade6.yaml
index 067bfd9894..55fd391b12 100644
--- a/nuclei-templates/2023/CVE-2023-34368-c02729e12026bce3dd84d6631a92ade6.yaml
+++ b/nuclei-templates/2023/CVE-2023-34368-c02729e12026bce3dd84d6631a92ade6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kanban Boards for WordPress <= 2.5.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Kanban Boards for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.5.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kanban/"
     google-query: inurl:"/wp-content/plugins/kanban/"
     shodan-query: 'vuln:CVE-2023-34368'
-  tags: cve,wordpress,wp-plugin,kanban,medium
+  tags: cve,wordpress,wp-plugin,kanban,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34369-46799564b7a9d79d9f58df7d68a85824.yaml b/nuclei-templates/2023/CVE-2023-34369-46799564b7a9d79d9f58df7d68a85824.yaml
index b9329ba308..0049342dad 100644
--- a/nuclei-templates/2023/CVE-2023-34369-46799564b7a9d79d9f58df7d68a85824.yaml
+++ b/nuclei-templates/2023/CVE-2023-34369-46799564b7a9d79d9f58df7d68a85824.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login Configurator <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login Configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-configurator/"
     google-query: inurl:"/wp-content/plugins/login-configurator/"
     shodan-query: 'vuln:CVE-2023-34369'
-  tags: cve,wordpress,wp-plugin,login-configurator,medium
+  tags: cve,wordpress,wp-plugin,login-configurator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34372-376bf43456853b74eb2f520d8ce53233.yaml b/nuclei-templates/2023/CVE-2023-34372-376bf43456853b74eb2f520d8ce53233.yaml
index 2830ff6c0d..d8143bfdb7 100644
--- a/nuclei-templates/2023/CVE-2023-34372-376bf43456853b74eb2f520d8ce53233.yaml
+++ b/nuclei-templates/2023/CVE-2023-34372-376bf43456853b74eb2f520d8ce53233.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download SpamReferrerBlock <= 2.22 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download SpamReferrerBlock plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spamreferrerblock/"
     google-query: inurl:"/wp-content/plugins/spamreferrerblock/"
     shodan-query: 'vuln:CVE-2023-34372'
-  tags: cve,wordpress,wp-plugin,spamreferrerblock,medium
+  tags: cve,wordpress,wp-plugin,spamreferrerblock,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34376-a483253d605901e000058299d42af1c9.yaml b/nuclei-templates/2023/CVE-2023-34376-a483253d605901e000058299d42af1c9.yaml
index a81c868ca0..9160ba6cf1 100644
--- a/nuclei-templates/2023/CVE-2023-34376-a483253d605901e000058299d42af1c9.yaml
+++ b/nuclei-templates/2023/CVE-2023-34376-a483253d605901e000058299d42af1c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Change WooCommerce Add To Cart Button Text <= 1.3 - Missing Authorization via rexvs_settings_submit
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Change WooCommerce Add To Cart Button Text plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rexvs_settings_submit AJAX function in versions up to, and including, 1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/change-woocommerce-add-to-cart-button-text/"
     google-query: inurl:"/wp-content/plugins/change-woocommerce-add-to-cart-button-text/"
     shodan-query: 'vuln:CVE-2023-34376'
-  tags: cve,wordpress,wp-plugin,change-woocommerce-add-to-cart-button-text,medium
+  tags: cve,wordpress,wp-plugin,change-woocommerce-add-to-cart-button-text,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34377-2e12d42eb302e6a61f201e211fa0da28.yaml b/nuclei-templates/2023/CVE-2023-34377-2e12d42eb302e6a61f201e211fa0da28.yaml
index 7782b0396f..3975614790 100644
--- a/nuclei-templates/2023/CVE-2023-34377-2e12d42eb302e6a61f201e211fa0da28.yaml
+++ b/nuclei-templates/2023/CVE-2023-34377-2e12d42eb302e6a61f201e211fa0da28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Content Management <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The My Content Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-content-management/"
     google-query: inurl:"/wp-content/plugins/my-content-management/"
     shodan-query: 'vuln:CVE-2023-34377'
-  tags: cve,wordpress,wp-plugin,my-content-management,medium
+  tags: cve,wordpress,wp-plugin,my-content-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34381-919cf6f31f29222aa869aeeb40e21222.yaml b/nuclei-templates/2023/CVE-2023-34381-919cf6f31f29222aa869aeeb40e21222.yaml
index 7fc444df6b..003ff065bb 100644
--- a/nuclei-templates/2023/CVE-2023-34381-919cf6f31f29222aa869aeeb40e21222.yaml
+++ b/nuclei-templates/2023/CVE-2023-34381-919cf6f31f29222aa869aeeb40e21222.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zippy <= 1.6.2 - Missing Authorization via adminInit
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Zippy plugin for WordPress is vulnerable to unauthorized archiving and unarchiving of pages due to a missing capability check on the adminInit function in versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to archive and unarchive pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zippy/"
     google-query: inurl:"/wp-content/plugins/zippy/"
     shodan-query: 'vuln:CVE-2023-34381'
-  tags: cve,wordpress,wp-plugin,zippy,medium
+  tags: cve,wordpress,wp-plugin,zippy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34382-e63e30ec60f147aa93db545efe75d6f6.yaml b/nuclei-templates/2023/CVE-2023-34382-e63e30ec60f147aa93db545efe75d6f6.yaml
index 594eb9f9c1..caa0509c5b 100644
--- a/nuclei-templates/2023/CVE-2023-34382-e63e30ec60f147aa93db545efe75d6f6.yaml
+++ b/nuclei-templates/2023/CVE-2023-34382-e63e30ec60f147aa93db545efe75d6f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dokan <=3.7.19 - Authenticated(Shop Manager+) PHP Object Injection via create_dummy_vendor
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dokan plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.7.19 via deserialization of untrusted input via the 'create_dummy_vendor' function called by the 'import' REST API endpoint. This allows authenticated attackers with Shop Manager privileges or above to inject a PHP Object. No POP chain is known to be present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dokan-lite/"
     google-query: inurl:"/wp-content/plugins/dokan-lite/"
     shodan-query: 'vuln:CVE-2023-34382'
-  tags: cve,wordpress,wp-plugin,dokan-lite,medium
+  tags: cve,wordpress,wp-plugin,dokan-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34383-df9102694b36792bdabf02d0dae189bc.yaml b/nuclei-templates/2023/CVE-2023-34383-df9102694b36792bdabf02d0dae189bc.yaml
index 13a4e6daf9..d08bee32cd 100644
--- a/nuclei-templates/2023/CVE-2023-34383-df9102694b36792bdabf02d0dae189bc.yaml
+++ b/nuclei-templates/2023/CVE-2023-34383-df9102694b36792bdabf02d0dae189bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Project Manager <= 2.6.0 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Project Manager plugin for WordPress is vulnerable to SQL Injection via the user task starting date in versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wedevs-project-manager/"
     google-query: inurl:"/wp-content/plugins/wedevs-project-manager/"
     shodan-query: 'vuln:CVE-2023-34383'
-  tags: cve,wordpress,wp-plugin,wedevs-project-manager,high
+  tags: cve,wordpress,wp-plugin,wedevs-project-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34385-554b3becffafc2d7533a6574bfe4f7de.yaml b/nuclei-templates/2023/CVE-2023-34385-554b3becffafc2d7533a6574bfe4f7de.yaml
index 8039c97a29..1358a57323 100644
--- a/nuclei-templates/2023/CVE-2023-34385-554b3becffafc2d7533a6574bfe4f7de.yaml
+++ b/nuclei-templates/2023/CVE-2023-34385-554b3becffafc2d7533a6574bfe4f7de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export Import Menus <= 1.8.0 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Export Import Menus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadMenusJson() function in versions up to, and including, 1.8.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/export-import-menus/"
     google-query: inurl:"/wp-content/plugins/export-import-menus/"
     shodan-query: 'vuln:CVE-2023-34385'
-  tags: cve,wordpress,wp-plugin,export-import-menus,high
+  tags: cve,wordpress,wp-plugin,export-import-menus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-34387-903a37844bea1fdaf4cd48ec6980337e.yaml b/nuclei-templates/2023/CVE-2023-34387-903a37844bea1fdaf4cd48ec6980337e.yaml
index 3e2b12643e..0ae4705366 100644
--- a/nuclei-templates/2023/CVE-2023-34387-903a37844bea1fdaf4cd48ec6980337e.yaml
+++ b/nuclei-templates/2023/CVE-2023-34387-903a37844bea1fdaf4cd48ec6980337e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Constant Contact Forms <= 1.14.0 - Missing Authorization via constant_contact_optin_ajax_handler
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Constant Contact Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the constant_contact_optin_ajax_handler function in versions up to, and including, 1.14.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's opt-in settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/constant-contact-forms/"
     google-query: inurl:"/wp-content/plugins/constant-contact-forms/"
     shodan-query: 'vuln:CVE-2023-34387'
-  tags: cve,wordpress,wp-plugin,constant-contact-forms,medium
+  tags: cve,wordpress,wp-plugin,constant-contact-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3447-3ac7913de6e3ab3bdc9b5e42fbbe516c.yaml b/nuclei-templates/2023/CVE-2023-3447-3ac7913de6e3ab3bdc9b5e42fbbe516c.yaml
index 773ffcb9ea..07235c9e07 100644
--- a/nuclei-templates/2023/CVE-2023-3447-3ac7913de6e3ab3bdc9b5e42fbbe516c.yaml
+++ b/nuclei-templates/2023/CVE-2023-3447-3ac7913de6e3ab3bdc9b5e42fbbe516c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Active Directory Integration / LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account on a vulnerable WordPress instance, to extract potentially sensitive information from the LDAP directory.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ldap-login-for-intranet-sites/"
     google-query: inurl:"/wp-content/plugins/ldap-login-for-intranet-sites/"
     shodan-query: 'vuln:CVE-2023-3447'
-  tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,high
+  tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3459-4f3805308ff329789ed39fb1a7c50453.yaml b/nuclei-templates/2023/CVE-2023-3459-4f3805308ff329789ed39fb1a7c50453.yaml
index 8c55c40010..2fbbea248d 100644
--- a/nuclei-templates/2023/CVE-2023-3459-4f3805308ff329789ed39fb1a7c50453.yaml
+++ b/nuclei-templates/2023/CVE-2023-3459-4f3805308ff329789ed39fb1a7c50453.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-customers-import-export-for-wp-woocommerce/"
     google-query: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/"
     shodan-query: 'vuln:CVE-2023-3459'
-  tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,high
+  tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3492-2cc21eace9abb2004f2ff03d1c79dbc9.yaml b/nuclei-templates/2023/CVE-2023-3492-2cc21eace9abb2004f2ff03d1c79dbc9.yaml
index 8d640fbade..91ab7fd57f 100644
--- a/nuclei-templates/2023/CVE-2023-3492-2cc21eace9abb2004f2ff03d1c79dbc9.yaml
+++ b/nuclei-templates/2023/CVE-2023-3492-2cc21eace9abb2004f2ff03d1c79dbc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shopping Pages <= 1.14 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Shopping Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.14. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to add malicious JavaScript payloads to the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shopping-pages/"
     google-query: inurl:"/wp-content/plugins/shopping-pages/"
     shodan-query: 'vuln:CVE-2023-3492'
-  tags: cve,wordpress,wp-plugin,shopping-pages,high
+  tags: cve,wordpress,wp-plugin,shopping-pages,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3499-11a45c98dd2f844970dab94e4b84b3d9.yaml b/nuclei-templates/2023/CVE-2023-3499-11a45c98dd2f844970dab94e4b84b3d9.yaml
index aa73a41e42..eaa0fd84f0 100644
--- a/nuclei-templates/2023/CVE-2023-3499-11a45c98dd2f844970dab94e4b84b3d9.yaml
+++ b/nuclei-templates/2023/CVE-2023-3499-11a45c98dd2f844970dab94e4b84b3d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Robo Gallery <= 3.2.15 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.2.15  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/robo-gallery/"
     google-query: inurl:"/wp-content/plugins/robo-gallery/"
     shodan-query: 'vuln:CVE-2023-3499'
-  tags: cve,wordpress,wp-plugin,robo-gallery,medium
+  tags: cve,wordpress,wp-plugin,robo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3501-e2849c772d6e6f64d56860e36e54564f.yaml b/nuclei-templates/2023/CVE-2023-3501-e2849c772d6e6f64d56860e36e54564f.yaml
index 42969dd2da..2ebdfccd48 100644
--- a/nuclei-templates/2023/CVE-2023-3501-e2849c772d6e6f64d56860e36e54564f.yaml
+++ b/nuclei-templates/2023/CVE-2023-3501-e2849c772d6e6f64d56860e36e54564f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FormCraft <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formcraft-form-builder/"
     google-query: inurl:"/wp-content/plugins/formcraft-form-builder/"
     shodan-query: 'vuln:CVE-2023-3501'
-  tags: cve,wordpress,wp-plugin,formcraft-form-builder,medium
+  tags: cve,wordpress,wp-plugin,formcraft-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35037-c3e49cc5a301ec2fc03ff611d9afd783.yaml b/nuclei-templates/2023/CVE-2023-35037-c3e49cc5a301ec2fc03ff611d9afd783.yaml
index 4a0ddbfb40..3674603070 100644
--- a/nuclei-templates/2023/CVE-2023-35037-c3e49cc5a301ec2fc03ff611d9afd783.yaml
+++ b/nuclei-templates/2023/CVE-2023-35037-c3e49cc5a301ec2fc03ff611d9afd783.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Surfer <= 1.3.2.357 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Surfer plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions, such as remove_post_draft_connection,  check_draft_status, get_locations, get_ajax_surfer_connect_url, disconnect_surfer_from_wp, and check_connection_status called via AJAX actions in versions up to, and including, 1.3.2.357. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the connection details for the plugin and check the status details of posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/surferseo/"
     google-query: inurl:"/wp-content/plugins/surferseo/"
     shodan-query: 'vuln:CVE-2023-35037'
-  tags: cve,wordpress,wp-plugin,surferseo,medium
+  tags: cve,wordpress,wp-plugin,surferseo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35040-349038bfb8ad974ae4bba5615712f5b9.yaml b/nuclei-templates/2023/CVE-2023-35040-349038bfb8ad974ae4bba5615712f5b9.yaml
index dcd9e8f902..47f085d6e3 100644
--- a/nuclei-templates/2023/CVE-2023-35040-349038bfb8ad974ae4bba5615712f5b9.yaml
+++ b/nuclei-templates/2023/CVE-2023-35040-349038bfb8ad974ae4bba5615712f5b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SendPress Newsletters <= 1.23.11.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SendPress Newsletters plugin for WordPress is vulnerable to unauthorized modification of due to a missing capability check on multiple REST routes that initiate cron execution in versions up to, and including, 1.23.11.6. This makes it possible for unauthenticated attackers to run the plugin's cron function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sendpress/"
     google-query: inurl:"/wp-content/plugins/sendpress/"
     shodan-query: 'vuln:CVE-2023-35040'
-  tags: cve,wordpress,wp-plugin,sendpress,medium
+  tags: cve,wordpress,wp-plugin,sendpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35041-99ed4f84114970decbe599553d25ef62.yaml b/nuclei-templates/2023/CVE-2023-35041-99ed4f84114970decbe599553d25ef62.yaml
index a7c2b34308..4a80475491 100644
--- a/nuclei-templates/2023/CVE-2023-35041-99ed4f84114970decbe599553d25ef62.yaml
+++ b/nuclei-templates/2023/CVE-2023-35041-99ed4f84114970decbe599553d25ef62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Webpushr <= 4.34.0 - Cross-Site Request Forgery to Local File Inclusion via menu
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Webpushr plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.34.0. This is due to missing or incorrect nonce validation within the wpp_save_settings function. This makes it possible for unauthenticated attackers to conduct local file inclusion attacks by leveraging the 'menu' parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webpushr-web-push-notifications/"
     google-query: inurl:"/wp-content/plugins/webpushr-web-push-notifications/"
     shodan-query: 'vuln:CVE-2023-35041'
-  tags: cve,wordpress,wp-plugin,webpushr-web-push-notifications,high
+  tags: cve,wordpress,wp-plugin,webpushr-web-push-notifications,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35045-c3880379f0826cf949058267ed182aec.yaml b/nuclei-templates/2023/CVE-2023-35045-c3880379f0826cf949058267ed182aec.yaml
index 26ba4d6032..ed9d482746 100644
--- a/nuclei-templates/2023/CVE-2023-35045-c3880379f0826cf949058267ed182aec.yaml
+++ b/nuclei-templates/2023/CVE-2023-35045-c3880379f0826cf949058267ed182aec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fat Rat Collect <= 2.6.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Fat Rat Collect plugin for WordPress is vulnerable to unauthorized action due to a missing capability check on the wp_ajax_frc_interface AJAX action versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to access restricted plugin functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fat-rat-collect/"
     google-query: inurl:"/wp-content/plugins/fat-rat-collect/"
     shodan-query: 'vuln:CVE-2023-35045'
-  tags: cve,wordpress,wp-plugin,fat-rat-collect,medium
+  tags: cve,wordpress,wp-plugin,fat-rat-collect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35046-a835e225538d98a6a0f49f942c25b6a5.yaml b/nuclei-templates/2023/CVE-2023-35046-a835e225538d98a6a0f49f942c25b6a5.yaml
index 8c07f9188c..5efc05b717 100644
--- a/nuclei-templates/2023/CVE-2023-35046-a835e225538d98a6a0f49f942c25b6a5.yaml
+++ b/nuclei-templates/2023/CVE-2023-35046-a835e225538d98a6a0f49f942c25b6a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dynamic Visibility for Elementor <= 5.0.5 - Missing Authorization to Authenticated(Subscriber+) Post Visibility Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dynamic Visibility for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dce_visibility_toggle' function in versions up to, and including, 5.0.5. This makes it possible for authenticated attackers with subscriber-level permissions or above to modify the visibility of posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dynamic-visibility-for-elementor/"
     google-query: inurl:"/wp-content/plugins/dynamic-visibility-for-elementor/"
     shodan-query: 'vuln:CVE-2023-35046'
-  tags: cve,wordpress,wp-plugin,dynamic-visibility-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,dynamic-visibility-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35048-de725b70e5d07ce131e255467578f038.yaml b/nuclei-templates/2023/CVE-2023-35048-de725b70e5d07ce131e255467578f038.yaml
index 1af296ad4f..9d95706957 100644
--- a/nuclei-templates/2023/CVE-2023-35048-de725b70e5d07ce131e255467578f038.yaml
+++ b/nuclei-templates/2023/CVE-2023-35048-de725b70e5d07ce131e255467578f038.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking and Rental Manager <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booking and Rental Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-and-rental-manager-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booking-and-rental-manager-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-35048'
-  tags: cve,wordpress,wp-plugin,booking-and-rental-manager-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booking-and-rental-manager-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35049-3b50ede48b2cfc5cc49521992d3d9653.yaml b/nuclei-templates/2023/CVE-2023-35049-3b50ede48b2cfc5cc49521992d3d9653.yaml
index b6440fb8ae..f265014665 100644
--- a/nuclei-templates/2023/CVE-2023-35049-3b50ede48b2cfc5cc49521992d3d9653.yaml
+++ b/nuclei-templates/2023/CVE-2023-35049-3b50ede48b2cfc5cc49521992d3d9653.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Stripe Payment Gateway <= 7.4.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 7.4.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-gateway-stripe/"
     google-query: inurl:"/wp-content/plugins/woocommerce-gateway-stripe/"
     shodan-query: 'vuln:CVE-2023-35049'
-  tags: cve,wordpress,wp-plugin,woocommerce-gateway-stripe,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-gateway-stripe,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35050-500730a31af9acbaf8945d735529d69e.yaml b/nuclei-templates/2023/CVE-2023-35050-500730a31af9acbaf8945d735529d69e.yaml
index a9a69b9ef3..3fa8c6fc4f 100644
--- a/nuclei-templates/2023/CVE-2023-35050-500730a31af9acbaf8945d735529d69e.yaml
+++ b/nuclei-templates/2023/CVE-2023-35050-500730a31af9acbaf8945d735529d69e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Pro <= 3.13.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.13.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions like modifying screenshots,
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2023-35050'
-  tags: cve,wordpress,wp-plugin,elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,elementor-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35090-99f4448a717d374af03d744cdc0eb9ad.yaml b/nuclei-templates/2023/CVE-2023-35090-99f4448a717d374af03d744cdc0eb9ad.yaml
index f6be5242f8..3c1c1c9582 100644
--- a/nuclei-templates/2023/CVE-2023-35090-99f4448a717d374af03d744cdc0eb9ad.yaml
+++ b/nuclei-templates/2023/CVE-2023-35090-99f4448a717d374af03d744cdc0eb9ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MasterStudy LMS <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MasterStudy LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/"
     google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/"
     shodan-query: 'vuln:CVE-2023-35090'
-  tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,medium
+  tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35093-f9e11f76930ee22e20526313ed9f389b.yaml b/nuclei-templates/2023/CVE-2023-35093-f9e11f76930ee22e20526313ed9f389b.yaml
index 6f949da437..3d4148b98c 100644
--- a/nuclei-templates/2023/CVE-2023-35093-f9e11f76930ee22e20526313ed9f389b.yaml
+++ b/nuclei-templates/2023/CVE-2023-35093-f9e11f76930ee22e20526313ed9f389b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MasterStudy LMS <= 3.0.8 - Missing Authorization to Course Category Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_lms_create_term function in versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary course categories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/"
     google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/"
     shodan-query: 'vuln:CVE-2023-35093'
-  tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,medium
+  tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35094-1c68ed9adb5cb9e4bd046ceebf588774.yaml b/nuclei-templates/2023/CVE-2023-35094-1c68ed9adb5cb9e4bd046ceebf588774.yaml
index 23af6f9858..2f0215d90d 100644
--- a/nuclei-templates/2023/CVE-2023-35094-1c68ed9adb5cb9e4bd046ceebf588774.yaml
+++ b/nuclei-templates/2023/CVE-2023-35094-1c68ed9adb5cb9e4bd046ceebf588774.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Matterport Shortcode <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Matterport Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'matterport' shortcode in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-gallery-for-matterport-showcase/"
     google-query: inurl:"/wp-content/plugins/shortcode-gallery-for-matterport-showcase/"
     shodan-query: 'vuln:CVE-2023-35094'
-  tags: cve,wordpress,wp-plugin,shortcode-gallery-for-matterport-showcase,medium
+  tags: cve,wordpress,wp-plugin,shortcode-gallery-for-matterport-showcase,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35095-bbbaa8f4798af45f432fee689b1a5feb.yaml b/nuclei-templates/2023/CVE-2023-35095-bbbaa8f4798af45f432fee689b1a5feb.yaml
index 13db9771db..c63e8b4965 100644
--- a/nuclei-templates/2023/CVE-2023-35095-bbbaa8f4798af45f432fee689b1a5feb.yaml
+++ b/nuclei-templates/2023/CVE-2023-35095-bbbaa8f4798af45f432fee689b1a5feb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flo Forms <= 1.0.40 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Flo Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flo-forms/"
     google-query: inurl:"/wp-content/plugins/flo-forms/"
     shodan-query: 'vuln:CVE-2023-35095'
-  tags: cve,wordpress,wp-plugin,flo-forms,medium
+  tags: cve,wordpress,wp-plugin,flo-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3510-3fbce7126258b6f86e3d8d39cbcb69cc.yaml b/nuclei-templates/2023/CVE-2023-3510-3fbce7126258b6f86e3d8d39cbcb69cc.yaml
index 0258895d7d..721f2a04a4 100644
--- a/nuclei-templates/2023/CVE-2023-3510-3fbce7126258b6f86e3d8d39cbcb69cc.yaml
+++ b/nuclei-templates/2023/CVE-2023-3510-3fbce7126258b6f86e3d8d39cbcb69cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FTP Access <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  FTP Access plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the FTPMenu() function hooked via admin_menu in versions up to, and including, 1.0. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to modify the plugin's settings and inject malicious JavaScript that execute whenever a user accesses the injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ftp-access/"
     google-query: inurl:"/wp-content/plugins/ftp-access/"
     shodan-query: 'vuln:CVE-2023-3510'
-  tags: cve,wordpress,wp-plugin,ftp-access,medium
+  tags: cve,wordpress,wp-plugin,ftp-access,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3575-acd3eef162930a0876122d4b56734acd.yaml b/nuclei-templates/2023/CVE-2023-3575-acd3eef162930a0876122d4b56734acd.yaml
index 3b6444e1db..acb8668e27 100644
--- a/nuclei-templates/2023/CVE-2023-3575-acd3eef162930a0876122d4b56734acd.yaml
+++ b/nuclei-templates/2023/CVE-2023-3575-acd3eef162930a0876122d4b56734acd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 8.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Question Title
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quiz And Survey Master plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a question title in versions up to, and including 8.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2023-3575'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35776-5558112c84605e9bc74e93c1eb9fbe3b.yaml b/nuclei-templates/2023/CVE-2023-35776-5558112c84605e9bc74e93c1eb9fbe3b.yaml
index df26c5f0c5..42c8b5b2a2 100644
--- a/nuclei-templates/2023/CVE-2023-35776-5558112c84605e9bc74e93c1eb9fbe3b.yaml
+++ b/nuclei-templates/2023/CVE-2023-35776-5558112c84605e9bc74e93c1eb9fbe3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sermon'e <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sermon'e plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-35776-1/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-35776-1/"
     shodan-query: 'vuln:CVE-2023-35776'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-35776-1,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-35776-1,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35776-71b25caf3907e04060e0d61d5bb4a2e5.yaml b/nuclei-templates/2023/CVE-2023-35776-71b25caf3907e04060e0d61d5bb4a2e5.yaml
index dcb7b9b0cf..b740975fd5 100644
--- a/nuclei-templates/2023/CVE-2023-35776-71b25caf3907e04060e0d61d5bb4a2e5.yaml
+++ b/nuclei-templates/2023/CVE-2023-35776-71b25caf3907e04060e0d61d5bb4a2e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sermon'e <= 1.0.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sermon'e plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sermone-online-sermons-management/"
     google-query: inurl:"/wp-content/plugins/sermone-online-sermons-management/"
     shodan-query: 'vuln:CVE-2023-35776'
-  tags: cve,wordpress,wp-plugin,sermone-online-sermons-management,medium
+  tags: cve,wordpress,wp-plugin,sermone-online-sermons-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35777-362ad579ac93dd9d0975339b992aaf7d.yaml b/nuclei-templates/2023/CVE-2023-35777-362ad579ac93dd9d0975339b992aaf7d.yaml
index c4cdb07c08..9927f9ecad 100644
--- a/nuclei-templates/2023/CVE-2023-35777-362ad579ac93dd9d0975339b992aaf7d.yaml
+++ b/nuclei-templates/2023/CVE-2023-35777-362ad579ac93dd9d0975339b992aaf7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Events Calendar <= 6.1.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The The Events Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_ical_output_for_an_event() function in versions up to, and including, 6.1.2.2. This makes it possible for unauthenticated attackers to view arbitrary/private event content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-events-calendar/"
     google-query: inurl:"/wp-content/plugins/the-events-calendar/"
     shodan-query: 'vuln:CVE-2023-35777'
-  tags: cve,wordpress,wp-plugin,the-events-calendar,medium
+  tags: cve,wordpress,wp-plugin,the-events-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35779-05c88cf821e14c133b503ea979e12c4d.yaml b/nuclei-templates/2023/CVE-2023-35779-05c88cf821e14c133b503ea979e12c4d.yaml
index fd5ad86003..7f3705d671 100644
--- a/nuclei-templates/2023/CVE-2023-35779-05c88cf821e14c133b503ea979e12c4d.yaml
+++ b/nuclei-templates/2023/CVE-2023-35779-05c88cf821e14c133b503ea979e12c4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seed Fonts 2.3.1 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  Seed Fonts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seed-fonts/"
     google-query: inurl:"/wp-content/plugins/seed-fonts/"
     shodan-query: 'vuln:CVE-2023-35779'
-  tags: cve,wordpress,wp-plugin,seed-fonts,medium
+  tags: cve,wordpress,wp-plugin,seed-fonts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35875-f66a440cd899e10b9d3c84e8064d84c8.yaml b/nuclei-templates/2023/CVE-2023-35875-f66a440cd899e10b9d3c84e8064d84c8.yaml
index 988e7b089f..c0bd4ad5d1 100644
--- a/nuclei-templates/2023/CVE-2023-35875-f66a440cd899e10b9d3c84e8064d84c8.yaml
+++ b/nuclei-templates/2023/CVE-2023-35875-f66a440cd899e10b9d3c84e8064d84c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenverse <= 1.8.5 - Missing Authorization via 'data/update' API Endpoint
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gutenverse plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'data/update' API Endpoint function in versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to perform an unauthorized data update.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gutenverse/"
     google-query: inurl:"/wp-content/plugins/gutenverse/"
     shodan-query: 'vuln:CVE-2023-35875'
-  tags: cve,wordpress,wp-plugin,gutenverse,medium
+  tags: cve,wordpress,wp-plugin,gutenverse,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35876-249dbfd7183b6684ad412dc7f00e598b.yaml b/nuclei-templates/2023/CVE-2023-35876-249dbfd7183b6684ad412dc7f00e598b.yaml
index c6211a8361..516a19e53b 100644
--- a/nuclei-templates/2023/CVE-2023-35876-249dbfd7183b6684ad412dc7f00e598b.yaml
+++ b/nuclei-templates/2023/CVE-2023-35876-249dbfd7183b6684ad412dc7f00e598b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Square <= 3.8.1 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Square plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 3.8.1. This makes it possible for authenticated attackers with contributor-level privileges to modify other user's orders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-square/"
     google-query: inurl:"/wp-content/plugins/woocommerce-square/"
     shodan-query: 'vuln:CVE-2023-35876'
-  tags: cve,wordpress,wp-plugin,woocommerce-square,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-square,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35878-ff2f93ef83cef5530210b6c4053efbfa.yaml b/nuclei-templates/2023/CVE-2023-35878-ff2f93ef83cef5530210b6c4053efbfa.yaml
index 74029a0edb..7b7bdf09c7 100644
--- a/nuclei-templates/2023/CVE-2023-35878-ff2f93ef83cef5530210b6c4053efbfa.yaml
+++ b/nuclei-templates/2023/CVE-2023-35878-ff2f93ef83cef5530210b6c4053efbfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Extra User Details <= 0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Extra User Details plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/extra-user-details/"
     google-query: inurl:"/wp-content/plugins/extra-user-details/"
     shodan-query: 'vuln:CVE-2023-35878'
-  tags: cve,wordpress,wp-plugin,extra-user-details,medium
+  tags: cve,wordpress,wp-plugin,extra-user-details,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35879-b89386d59e4ac2c68e4b5b1c7b8ceed1.yaml b/nuclei-templates/2023/CVE-2023-35879-b89386d59e4ac2c68e4b5b1c7b8ceed1.yaml
index 39c740655b..f6392fc7a0 100644
--- a/nuclei-templates/2023/CVE-2023-35879-b89386d59e4ac2c68e4b5b1c7b8ceed1.yaml
+++ b/nuclei-templates/2023/CVE-2023-35879-b89386d59e4ac2c68e4b5b1c7b8ceed1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Product Vendors plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 2.1.78 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-vendors/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-vendors/"
     shodan-query: 'vuln:CVE-2023-35879'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35881-3df49792a8ece76a8d711abde91f5cbd.yaml b/nuclei-templates/2023/CVE-2023-35881-3df49792a8ece76a8d711abde91f5cbd.yaml
index ee39b36d66..3414e03fb1 100644
--- a/nuclei-templates/2023/CVE-2023-35881-3df49792a8ece76a8d711abde91f5cbd.yaml
+++ b/nuclei-templates/2023/CVE-2023-35881-3df49792a8ece76a8d711abde91f5cbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout`
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce One Page Checkout plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.3.0 via the 'woocommerce_one_page_checkout' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-one-page-checkout/"
     google-query: inurl:"/wp-content/plugins/woocommerce-one-page-checkout/"
     shodan-query: 'vuln:CVE-2023-35881'
-  tags: cve,wordpress,wp-plugin,woocommerce-one-page-checkout,high
+  tags: cve,wordpress,wp-plugin,woocommerce-one-page-checkout,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35882-55664802ca8a80e3857f1283c80160e1.yaml b/nuclei-templates/2023/CVE-2023-35882-55664802ca8a80e3857f1283c80160e1.yaml
index 887ccd30f1..7baaed12ab 100644
--- a/nuclei-templates/2023/CVE-2023-35882-55664802ca8a80e3857f1283c80160e1.yaml
+++ b/nuclei-templates/2023/CVE-2023-35882-55664802ca8a80e3857f1283c80160e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Super Socializer <= 7.13.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Super Socializer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 7.13.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-socializer/"
     google-query: inurl:"/wp-content/plugins/super-socializer/"
     shodan-query: 'vuln:CVE-2023-35882'
-  tags: cve,wordpress,wp-plugin,super-socializer,medium
+  tags: cve,wordpress,wp-plugin,super-socializer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35910-88a3fac791c3551827ed85f785e74c8c.yaml b/nuclei-templates/2023/CVE-2023-35910-88a3fac791c3551827ed85f785e74c8c.yaml
index 568aaf737a..a7048f4590 100644
--- a/nuclei-templates/2023/CVE-2023-35910-88a3fac791c3551827ed85f785e74c8c.yaml
+++ b/nuclei-templates/2023/CVE-2023-35910-88a3fac791c3551827ed85f785e74c8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quasar form <= 6.1 - Authenticated (Subscriber+) SQL Injection via 'id'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Quasar form plugin for WordPress is vulnerable to SQL Injection via the 'id' shortcode attribute in versions up to, and including, 6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quasar-form/"
     google-query: inurl:"/wp-content/plugins/quasar-form/"
     shodan-query: 'vuln:CVE-2023-35910'
-  tags: cve,wordpress,wp-plugin,quasar-form,high
+  tags: cve,wordpress,wp-plugin,quasar-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35911-4493ed5056e4671039baf554adba702c.yaml b/nuclei-templates/2023/CVE-2023-35911-4493ed5056e4671039baf554adba702c.yaml
index 4204b42f6e..17e7746692 100644
--- a/nuclei-templates/2023/CVE-2023-35911-4493ed5056e4671039baf554adba702c.yaml
+++ b/nuclei-templates/2023/CVE-2023-35911-4493ed5056e4671039baf554adba702c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Generator <= 2.7.1 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contact Form Generator plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-generator/"
     google-query: inurl:"/wp-content/plugins/contact-form-generator/"
     shodan-query: 'vuln:CVE-2023-35911'
-  tags: cve,wordpress,wp-plugin,contact-form-generator,high
+  tags: cve,wordpress,wp-plugin,contact-form-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35914-c710e29aeb4a754ea209ddfa89b2e510.yaml b/nuclei-templates/2023/CVE-2023-35914-c710e29aeb4a754ea209ddfa89b2e510.yaml
index 7c27690077..79af9a8ca8 100644
--- a/nuclei-templates/2023/CVE-2023-35914-c710e29aeb4a754ea209ddfa89b2e510.yaml
+++ b/nuclei-templates/2023/CVE-2023-35914-c710e29aeb4a754ea209ddfa89b2e510.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Subscriptions <= 5.1.2 - Missing Authorization to Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Subscriptions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown unction in versions up to, and including, 5.1.2. This makes it possible for unauthenticated attackers to access or modify information by passing in a user-conttrolled parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-subscriptions/"
     google-query: inurl:"/wp-content/plugins/woocommerce-subscriptions/"
     shodan-query: 'vuln:CVE-2023-35914'
-  tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35915-f291a0b96ba11ad5b48df58ad86c38db.yaml b/nuclei-templates/2023/CVE-2023-35915-f291a0b96ba11ad5b48df58ad86c38db.yaml
index 3a52fec9f5..69603ab437 100644
--- a/nuclei-templates/2023/CVE-2023-35915-f291a0b96ba11ad5b48df58ad86c38db.yaml
+++ b/nuclei-templates/2023/CVE-2023-35915-f291a0b96ba11ad5b48df58ad86c38db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Payments <= 5.9.0 - Authenticated (Shop manager+) SQL Injection via currency parameters
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Payments plugin for WordPress is vulnerable to SQL Injection via the ‘currency', 'currency_is', and 'currency_is_not' parameters in versions up to, and including, 5.9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-payments/"
     google-query: inurl:"/wp-content/plugins/woocommerce-payments/"
     shodan-query: 'vuln:CVE-2023-35915'
-  tags: cve,wordpress,wp-plugin,woocommerce-payments,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-payments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35916-477398bcb43958a50c7a7519798e0391.yaml b/nuclei-templates/2023/CVE-2023-35916-477398bcb43958a50c7a7519798e0391.yaml
index d014c8a8f9..4292a36249 100644
--- a/nuclei-templates/2023/CVE-2023-35916-477398bcb43958a50c7a7519798e0391.yaml
+++ b/nuclei-templates/2023/CVE-2023-35916-477398bcb43958a50c7a7519798e0391.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Payments <= 5.9.0 - Missing Authorization via redirect_pay_for_order_to_update_payment_method
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the redirect_pay_for_order_to_update_payment_method function in versions up to, and including, 5.9.0. This makes it possible for unauthenticated attackers to change payment information for other users' orders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-payments/"
     google-query: inurl:"/wp-content/plugins/woocommerce-payments/"
     shodan-query: 'vuln:CVE-2023-35916'
-  tags: cve,wordpress,wp-plugin,woocommerce-payments,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-payments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-35918-8a651f3bc7f119f869db333cd8567d87.yaml b/nuclei-templates/2023/CVE-2023-35918-8a651f3bc7f119f869db333cd8567d87.yaml
index f8114c976e..0b754bdada 100644
--- a/nuclei-templates/2023/CVE-2023-35918-8a651f3bc7f119f869db333cd8567d87.yaml
+++ b/nuclei-templates/2023/CVE-2023-35918-8a651f3bc7f119f869db333cd8567d87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Bulk Stock Management <= 2.2.33 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Bulk Stock Management plugin plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.2.33 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-bulk-stock-management/"
     google-query: inurl:"/wp-content/plugins/woocommerce-bulk-stock-management/"
     shodan-query: 'vuln:CVE-2023-35918'
-  tags: cve,wordpress,wp-plugin,woocommerce-bulk-stock-management,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-bulk-stock-management,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3601-4c2b5bad649e24fd03a9941d8a2a227e.yaml b/nuclei-templates/2023/CVE-2023-3601-4c2b5bad649e24fd03a9941d8a2a227e.yaml
index 1ff5ee133c..157cc05ff7 100644
--- a/nuclei-templates/2023/CVE-2023-3601-4c2b5bad649e24fd03a9941d8a2a227e.yaml
+++ b/nuclei-templates/2023/CVE-2023-3601-4c2b5bad649e24fd03a9941d8a2a227e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Author Box <= 2.51 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary User Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Author Box plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.51. This is due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level permissions and above, to expose sensitive user information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-author-box/"
     google-query: inurl:"/wp-content/plugins/simple-author-box/"
     shodan-query: 'vuln:CVE-2023-3601'
-  tags: cve,wordpress,wp-plugin,simple-author-box,medium
+  tags: cve,wordpress,wp-plugin,simple-author-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3636-0a72b6924fec36fec1dd6c3deccd8793.yaml b/nuclei-templates/2023/CVE-2023-3636-0a72b6924fec36fec1dd6c3deccd8793.yaml
index 8844d45205..63337e3f0e 100644
--- a/nuclei-templates/2023/CVE-2023-3636-0a72b6924fec36fec1dd6c3deccd8793.yaml
+++ b/nuclei-templates/2023/CVE-2023-3636-0a72b6924fec36fec1dd6c3deccd8793.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wedevs-project-manager/"
     google-query: inurl:"/wp-content/plugins/wedevs-project-manager/"
     shodan-query: 'vuln:CVE-2023-3636'
-  tags: cve,wordpress,wp-plugin,wedevs-project-manager,high
+  tags: cve,wordpress,wp-plugin,wedevs-project-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36381-5296c4f305bae7ac7b64bb4111846d67.yaml b/nuclei-templates/2023/CVE-2023-36381-5296c4f305bae7ac7b64bb4111846d67.yaml
index 9c7be8436e..0ea06b10bb 100644
--- a/nuclei-templates/2023/CVE-2023-36381-5296c4f305bae7ac7b64bb4111846d67.yaml
+++ b/nuclei-templates/2023/CVE-2023-36381-5296c4f305bae7ac7b64bb4111846d67.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zippy <= 1.6.5 - Authenticated(Author+) PHP Object Injection via unzipPosts
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Zippy plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.6.5 via deserialization of untrusted input in the vulnerable 'unzipPosts' function. This allows authenticated attackers with author-level permissions to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zippy/"
     google-query: inurl:"/wp-content/plugins/zippy/"
     shodan-query: 'vuln:CVE-2023-36381'
-  tags: cve,wordpress,wp-plugin,zippy,high
+  tags: cve,wordpress,wp-plugin,zippy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36382-9fd777f73c4ef625b6fdbf9d8363a65e.yaml b/nuclei-templates/2023/CVE-2023-36382-9fd777f73c4ef625b6fdbf9d8363a65e.yaml
index 4fc5c13973..fca216bd26 100644
--- a/nuclei-templates/2023/CVE-2023-36382-9fd777f73c4ef625b6fdbf9d8363a65e.yaml
+++ b/nuclei-templates/2023/CVE-2023-36382-9fd777f73c4ef625b6fdbf9d8363a65e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Categories <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media Library Categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-media-library-categories/"
     google-query: inurl:"/wp-content/plugins/wp-media-library-categories/"
     shodan-query: 'vuln:CVE-2023-36382'
-  tags: cve,wordpress,wp-plugin,wp-media-library-categories,medium
+  tags: cve,wordpress,wp-plugin,wp-media-library-categories,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3645-ec6c4566c5b89e861708c86d4c662f99.yaml b/nuclei-templates/2023/CVE-2023-3645-ec6c4566c5b89e861708c86d4c662f99.yaml
index 49402528b6..125af7c843 100644
--- a/nuclei-templates/2023/CVE-2023-3645-ec6c4566c5b89e861708c86d4c662f99.yaml
+++ b/nuclei-templates/2023/CVE-2023-3645-ec6c4566c5b89e861708c86d4c662f99.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Builder by Bit Form <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form Builder by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.1.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bit-form/"
     google-query: inurl:"/wp-content/plugins/bit-form/"
     shodan-query: 'vuln:CVE-2023-3645'
-  tags: cve,wordpress,wp-plugin,bit-form,medium
+  tags: cve,wordpress,wp-plugin,bit-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3647-2c744f500a4cb530f5a915c698c40d99.yaml b/nuclei-templates/2023/CVE-2023-3647-2c744f500a4cb530f5a915c698c40d99.yaml
index d7a8758a07..0a6e5cc62c 100644
--- a/nuclei-templates/2023/CVE-2023-3647-2c744f500a4cb530f5a915c698c40d99.yaml
+++ b/nuclei-templates/2023/CVE-2023-3647-2c744f500a4cb530f5a915c698c40d99.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IURNY by INDIGITALL – WhatsApp Chat, Web Push Notifications (FREE) <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The IURNY by INDIGITALL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/indigitall-web-push-notifications/"
     google-query: inurl:"/wp-content/plugins/indigitall-web-push-notifications/"
     shodan-query: 'vuln:CVE-2023-3647'
-  tags: cve,wordpress,wp-plugin,indigitall-web-push-notifications,medium
+  tags: cve,wordpress,wp-plugin,indigitall-web-push-notifications,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3650-5ef4178486944c845329dc8d7715fea8.yaml b/nuclei-templates/2023/CVE-2023-3650-5ef4178486944c845329dc8d7715fea8.yaml
index ef3f548743..97a1608cb4 100644
--- a/nuclei-templates/2023/CVE-2023-3650-5ef4178486944c845329dc8d7715fea8.yaml
+++ b/nuclei-templates/2023/CVE-2023-3650-5ef4178486944c845329dc8d7715fea8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bubble Menu <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bubble Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-3650-1/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-3650-1/"
     shodan-query: 'vuln:CVE-2023-3650'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-3650-1,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-3650-1,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36503-5e63735b86336209453cce97844f636d.yaml b/nuclei-templates/2023/CVE-2023-36503-5e63735b86336209453cce97844f636d.yaml
index 18ff35f27a..72b68bc2f3 100644
--- a/nuclei-templates/2023/CVE-2023-36503-5e63735b86336209453cce97844f636d.yaml
+++ b/nuclei-templates/2023/CVE-2023-36503-5e63735b86336209453cce97844f636d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MaxButtons <= 9.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 9.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maxbuttons/"
     google-query: inurl:"/wp-content/plugins/maxbuttons/"
     shodan-query: 'vuln:CVE-2023-36503'
-  tags: cve,wordpress,wp-plugin,maxbuttons,medium
+  tags: cve,wordpress,wp-plugin,maxbuttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36504-47cb3cea5c7ee929fdb9a30f97cd8b93.yaml b/nuclei-templates/2023/CVE-2023-36504-47cb3cea5c7ee929fdb9a30f97cd8b93.yaml
index 44e0eab099..7db141e481 100644
--- a/nuclei-templates/2023/CVE-2023-36504-47cb3cea5c7ee929fdb9a30f97cd8b93.yaml
+++ b/nuclei-templates/2023/CVE-2023-36504-47cb3cea5c7ee929fdb9a30f97cd8b93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BBS e-Popup <= 2.4.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BBS e-Popup plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bbse_popup_admin_action_proc() function called via admin_action in versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to modify popup settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbs-e-popup/"
     google-query: inurl:"/wp-content/plugins/bbs-e-popup/"
     shodan-query: 'vuln:CVE-2023-36504'
-  tags: cve,wordpress,wp-plugin,bbs-e-popup,medium
+  tags: cve,wordpress,wp-plugin,bbs-e-popup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36505-9b10289c81ee712ffc41aaeeec7d52b6.yaml b/nuclei-templates/2023/CVE-2023-36505-9b10289c81ee712ffc41aaeeec7d52b6.yaml
index 10a7faa0dc..367b895ac9 100644
--- a/nuclei-templates/2023/CVE-2023-36505-9b10289c81ee712ffc41aaeeec7d52b6.yaml
+++ b/nuclei-templates/2023/CVE-2023-36505-9b10289c81ee712ffc41aaeeec7d52b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ninja Forms plugin for WordPress is vulnerable to arbitrary file deletions in versions up to, and including, 3.6.24. This is due to insufficient restriction on the file path that can be supplied during file deletion. This makes it possible for authenticated attackers, with administrative-level access, to delete arbitrary files on the server. One such file that could be targeted is wp-config.php which if deleted can make it possible for an attacker to connect a site to their own database and ultimately achieve remote code execution on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2023-36505'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36508-74041a1cd73f08568e0ec3ed47a172de.yaml b/nuclei-templates/2023/CVE-2023-36508-74041a1cd73f08568e0ec3ed47a172de.yaml
index 72b3d56a3e..d039432584 100644
--- a/nuclei-templates/2023/CVE-2023-36508-74041a1cd73f08568e0ec3ed47a172de.yaml
+++ b/nuclei-templates/2023/CVE-2023-36508-74041a1cd73f08568e0ec3ed47a172de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form to DB by BestWebSoft <= 1.7.1 - Authenticated (Administrator+) SQL Injection via 's'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contact Form to DB by BestWebSoft plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in versions up to, and including, 1.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-db/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-db/"
     shodan-query: 'vuln:CVE-2023-36508'
-  tags: cve,wordpress,wp-plugin,contact-form-to-db,high
+  tags: cve,wordpress,wp-plugin,contact-form-to-db,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36510-804968d490234b5a152e19bbec2ea599.yaml b/nuclei-templates/2023/CVE-2023-36510-804968d490234b5a152e19bbec2ea599.yaml
index ae6987fe0b..7bc22ffa17 100644
--- a/nuclei-templates/2023/CVE-2023-36510-804968d490234b5a152e19bbec2ea599.yaml
+++ b/nuclei-templates/2023/CVE-2023-36510-804968d490234b5a152e19bbec2ea599.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ReDi Restaurant Reservation <= 23.0211 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ReDi Restaurant Reservation plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the redi_restaurant_ajax() function in versions up to, and including, 23.0211. This makes it possible for unauthenticated attackers to modify the plugin's settings
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redi-restaurant-reservation/"
     google-query: inurl:"/wp-content/plugins/redi-restaurant-reservation/"
     shodan-query: 'vuln:CVE-2023-36510'
-  tags: cve,wordpress,wp-plugin,redi-restaurant-reservation,medium
+  tags: cve,wordpress,wp-plugin,redi-restaurant-reservation,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36512-d7fca3e11b3b0863de2f43ab6c4390c1.yaml b/nuclei-templates/2023/CVE-2023-36512-d7fca3e11b3b0863de2f43ab6c4390c1.yaml
index 55f13ed604..ffdb3945c3 100644
--- a/nuclei-templates/2023/CVE-2023-36512-d7fca3e11b3b0863de2f43ab6c4390c1.yaml
+++ b/nuclei-templates/2023/CVE-2023-36512-d7fca3e11b3b0863de2f43ab6c4390c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AutomateWoo <= 5.7.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AutomateWoo plugin for WordPress is vulnerable to unauthorized functionality access due to a missing capability check on one of its functions in versions up to, and including, 5.7.5. This makes it possible for unauthenticated attackers to invoke this function intended for users with higher privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/automatewoo/"
     google-query: inurl:"/wp-content/plugins/automatewoo/"
     shodan-query: 'vuln:CVE-2023-36512'
-  tags: cve,wordpress,wp-plugin,automatewoo,medium
+  tags: cve,wordpress,wp-plugin,automatewoo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36516-1f34156a3d4672d58e020bb5b55f0b64.yaml b/nuclei-templates/2023/CVE-2023-36516-1f34156a3d4672d58e020bb5b55f0b64.yaml
index e7866390ff..02e883dc28 100644
--- a/nuclei-templates/2023/CVE-2023-36516-1f34156a3d4672d58e020bb5b55f0b64.yaml
+++ b/nuclei-templates/2023/CVE-2023-36516-1f34156a3d4672d58e020bb5b55f0b64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 4.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LearnPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on one of its functions in versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2023-36516'
-  tags: cve,wordpress,wp-plugin,learnpress,medium
+  tags: cve,wordpress,wp-plugin,learnpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36518-f768e79079373c221f74efaccdcb8674.yaml b/nuclei-templates/2023/CVE-2023-36518-f768e79079373c221f74efaccdcb8674.yaml
index 52ff6e67f4..307f079bca 100644
--- a/nuclei-templates/2023/CVE-2023-36518-f768e79079373c221f74efaccdcb8674.yaml
+++ b/nuclei-templates/2023/CVE-2023-36518-f768e79079373c221f74efaccdcb8674.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Hit Counter <= 1.3.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Hit Counter plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of this functionality intended for higher privilege users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-hit-counter/"
     google-query: inurl:"/wp-content/plugins/post-hit-counter/"
     shodan-query: 'vuln:CVE-2023-36518'
-  tags: cve,wordpress,wp-plugin,post-hit-counter,medium
+  tags: cve,wordpress,wp-plugin,post-hit-counter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36519-325c2ee814ddc7331db5383ec03956d1.yaml b/nuclei-templates/2023/CVE-2023-36519-325c2ee814ddc7331db5383ec03956d1.yaml
index 9fe7a70293..3223431632 100644
--- a/nuclei-templates/2023/CVE-2023-36519-325c2ee814ddc7331db5383ec03956d1.yaml
+++ b/nuclei-templates/2023/CVE-2023-36519-325c2ee814ddc7331db5383ec03956d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SW Product Bundles <= 2.0.15 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SW Product Bundles plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on one of its functions in versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of this function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sw-product-bundles/"
     google-query: inurl:"/wp-content/plugins/sw-product-bundles/"
     shodan-query: 'vuln:CVE-2023-36519'
-  tags: cve,wordpress,wp-plugin,sw-product-bundles,medium
+  tags: cve,wordpress,wp-plugin,sw-product-bundles,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36520-a85ca9a2b7f246b28c6ccf181717216e.yaml b/nuclei-templates/2023/CVE-2023-36520-a85ca9a2b7f246b28c6ccf181717216e.yaml
index 50bbcb77a4..0c45b67c1a 100644
--- a/nuclei-templates/2023/CVE-2023-36520-a85ca9a2b7f246b28c6ccf181717216e.yaml
+++ b/nuclei-templates/2023/CVE-2023-36520-a85ca9a2b7f246b28c6ccf181717216e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Editorial Calendar <= 3.7.12 - Authenticated (Contributor+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Editorial Calendar plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.7.12. This is due to insufficient validation on a user controlled key. This makes it possible for authenticated attackers with contributor-level capabilities and above to perform actions on objects they aren't intended to manipulate.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/editorial-calendar/"
     google-query: inurl:"/wp-content/plugins/editorial-calendar/"
     shodan-query: 'vuln:CVE-2023-36520'
-  tags: cve,wordpress,wp-plugin,editorial-calendar,medium
+  tags: cve,wordpress,wp-plugin,editorial-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36526-373dd0a06bd13b32d55487814dbab124.yaml b/nuclei-templates/2023/CVE-2023-36526-373dd0a06bd13b32d55487814dbab124.yaml
index d39317e61b..b311d27a91 100644
--- a/nuclei-templates/2023/CVE-2023-36526-373dd0a06bd13b32d55487814dbab124.yaml
+++ b/nuclei-templates/2023/CVE-2023-36526-373dd0a06bd13b32d55487814dbab124.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the duplicate_ppmc_menu_maker function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate menus.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-post-page-menu-custom-post-type/"
     google-query: inurl:"/wp-content/plugins/duplicate-post-page-menu-custom-post-type/"
     shodan-query: 'vuln:CVE-2023-36526'
-  tags: cve,wordpress,wp-plugin,duplicate-post-page-menu-custom-post-type,medium
+  tags: cve,wordpress,wp-plugin,duplicate-post-page-menu-custom-post-type,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36527-ebe4222fc5927e1301c1b27600c1ee1b.yaml b/nuclei-templates/2023/CVE-2023-36527-ebe4222fc5927e1301c1b27600c1ee1b.yaml
index 8d4a43f4e6..e697184e6c 100644
--- a/nuclei-templates/2023/CVE-2023-36527-ebe4222fc5927e1301c1b27600c1ee1b.yaml
+++ b/nuclei-templates/2023/CVE-2023-36527-ebe4222fc5927e1301c1b27600c1ee1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post to CSV by BestWebSoft <= 1.4.0 - Authenticated (Author+) CSV Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Post to CSV by BestWebSoft plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-to-csv/"
     google-query: inurl:"/wp-content/plugins/post-to-csv/"
     shodan-query: 'vuln:CVE-2023-36527'
-  tags: cve,wordpress,wp-plugin,post-to-csv,high
+  tags: cve,wordpress,wp-plugin,post-to-csv,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36529-a2b34dc7c637e9503c30ea45277c4ce7.yaml b/nuclei-templates/2023/CVE-2023-36529-a2b34dc7c637e9503c30ea45277c4ce7.yaml
index d8b1418f55..98be8b0c98 100644
--- a/nuclei-templates/2023/CVE-2023-36529-a2b34dc7c637e9503c30ea45277c4ce7.yaml
+++ b/nuclei-templates/2023/CVE-2023-36529-a2b34dc7c637e9503c30ea45277c4ce7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Houzez CRM <= 1.3.4 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Houzez CRM plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/houzez-crm/"
     google-query: inurl:"/wp-content/plugins/houzez-crm/"
     shodan-query: 'vuln:CVE-2023-36529'
-  tags: cve,wordpress,wp-plugin,houzez-crm,high
+  tags: cve,wordpress,wp-plugin,houzez-crm,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36530-401b607f5d2e6f27bfcb5e6df2983f64.yaml b/nuclei-templates/2023/CVE-2023-36530-401b607f5d2e6f27bfcb5e6df2983f64.yaml
index bd8d68410b..21c3a33a1d 100644
--- a/nuclei-templates/2023/CVE-2023-36530-401b607f5d2e6f27bfcb5e6df2983f64.yaml
+++ b/nuclei-templates/2023/CVE-2023-36530-401b607f5d2e6f27bfcb5e6df2983f64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager  <= 4.67 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SP Project & Document Manager  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 4.67 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:CVE-2023-36530'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,medium
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36531-65871570265ff3cbf8c9f9629c5ab326.yaml b/nuclei-templates/2023/CVE-2023-36531-65871570265ff3cbf8c9f9629c5ab326.yaml
index b504066292..e96d9fe5b8 100644
--- a/nuclei-templates/2023/CVE-2023-36531-65871570265ff3cbf8c9f9629c5ab326.yaml
+++ b/nuclei-templates/2023/CVE-2023-36531-65871570265ff3cbf8c9f9629c5ab326.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addon
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LiquidPoll – Advanced Polls for Creators and Brands plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and nonce check on the 'activate_addon' function in versions up to, and including, 3.3.68. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate addons.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-poll/"
     google-query: inurl:"/wp-content/plugins/wp-poll/"
     shodan-query: 'vuln:CVE-2023-36531'
-  tags: cve,wordpress,wp-plugin,wp-poll,medium
+  tags: cve,wordpress,wp-plugin,wp-poll,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3667-2a0968e3dc51c0d6442ac11d19f9e211.yaml b/nuclei-templates/2023/CVE-2023-3667-2a0968e3dc51c0d6442ac11d19f9e211.yaml
index 617e7cc8d1..f009b3dfa5 100644
--- a/nuclei-templates/2023/CVE-2023-3667-2a0968e3dc51c0d6442ac11d19f9e211.yaml
+++ b/nuclei-templates/2023/CVE-2023-3667-2a0968e3dc51c0d6442ac11d19f9e211.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bit Assist <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bit Assist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bit-assist/"
     google-query: inurl:"/wp-content/plugins/bit-assist/"
     shodan-query: 'vuln:CVE-2023-3667'
-  tags: cve,wordpress,wp-plugin,bit-assist,medium
+  tags: cve,wordpress,wp-plugin,bit-assist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36677-f2cabdaf778fd02d270ecff63ff16022.yaml b/nuclei-templates/2023/CVE-2023-36677-f2cabdaf778fd02d270ecff63ff16022.yaml
index 47a80f1d55..060ac6a00d 100644
--- a/nuclei-templates/2023/CVE-2023-36677-f2cabdaf778fd02d270ecff63ff16022.yaml
+++ b/nuclei-templates/2023/CVE-2023-36677-f2cabdaf778fd02d270ecff63ff16022.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager  <= 4.67 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SP Project & Document Manager  plugin for WordPress is vulnerable to SQL Injection via an unknownparameter in versions up to, and including, 4.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:CVE-2023-36677'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,high
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36678-d7e80e6f1bf77fdb58c4ef0772ba692b.yaml b/nuclei-templates/2023/CVE-2023-36678-d7e80e6f1bf77fdb58c4ef0772ba692b.yaml
index ae585fbc56..15dc3d4f35 100644
--- a/nuclei-templates/2023/CVE-2023-36678-d7e80e6f1bf77fdb58c4ef0772ba692b.yaml
+++ b/nuclei-templates/2023/CVE-2023-36678-d7e80e6f1bf77fdb58c4ef0772ba692b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Content Copy Protection & No Right Click <= 3.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Content Copy Protection & No Right Click plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-content-copy-protector/"
     google-query: inurl:"/wp-content/plugins/wp-content-copy-protector/"
     shodan-query: 'vuln:CVE-2023-36678'
-  tags: cve,wordpress,wp-plugin,wp-content-copy-protector,medium
+  tags: cve,wordpress,wp-plugin,wp-content-copy-protector,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36679-d75adb1e1a8470a2c11b41a61ac1c215.yaml b/nuclei-templates/2023/CVE-2023-36679-d75adb1e1a8470a2c11b41a61ac1c215.yaml
index 804ef6905c..d367cc3786 100644
--- a/nuclei-templates/2023/CVE-2023-36679-d75adb1e1a8470a2c11b41a61ac1c215.yaml
+++ b/nuclei-templates/2023/CVE-2023-36679-d75adb1e1a8470a2c11b41a61ac1c215.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in import_wpforms
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Spectra plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 2.6.6 via the import_wpforms function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/"
     shodan-query: 'vuln:CVE-2023-36679'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,high
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36680-165f51757c849b44f8513611b7cd23ef.yaml b/nuclei-templates/2023/CVE-2023-36680-165f51757c849b44f8513611b7cd23ef.yaml
index adca95e2d0..374cd57deb 100644
--- a/nuclei-templates/2023/CVE-2023-36680-165f51757c849b44f8513611b7cd23ef.yaml
+++ b/nuclei-templates/2023/CVE-2023-36680-165f51757c849b44f8513611b7cd23ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Regenerate & Select Crop <= 7.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Image Regenerate & Select Crop plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-regenerate-select-crop/"
     google-query: inurl:"/wp-content/plugins/image-regenerate-select-crop/"
     shodan-query: 'vuln:CVE-2023-36680'
-  tags: cve,wordpress,wp-plugin,image-regenerate-select-crop,medium
+  tags: cve,wordpress,wp-plugin,image-regenerate-select-crop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36681-ad516406623ae6ecf9dab15916a4b830.yaml b/nuclei-templates/2023/CVE-2023-36681-ad516406623ae6ecf9dab15916a4b830.yaml
index 85db613a0c..209ee6d364 100644
--- a/nuclei-templates/2023/CVE-2023-36681-ad516406623ae6ecf9dab15916a4b830.yaml
+++ b/nuclei-templates/2023/CVE-2023-36681-ad516406623ae6ecf9dab15916a4b830.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cryptocurrency Widgets – Price Ticker & Coins List <= 2.6.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on one of its functions in versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cryptocurrency-price-ticker-widget/"
     google-query: inurl:"/wp-content/plugins/cryptocurrency-price-ticker-widget/"
     shodan-query: 'vuln:CVE-2023-36681'
-  tags: cve,wordpress,wp-plugin,cryptocurrency-price-ticker-widget,medium
+  tags: cve,wordpress,wp-plugin,cryptocurrency-price-ticker-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36683-c23d0468fa1aa29e9cff4258e8e5f1b7.yaml b/nuclei-templates/2023/CVE-2023-36683-c23d0468fa1aa29e9cff4258e8e5f1b7.yaml
index f877553a7e..f248c5dc32 100644
--- a/nuclei-templates/2023/CVE-2023-36683-c23d0468fa1aa29e9cff4258e8e5f1b7.yaml
+++ b/nuclei-templates/2023/CVE-2023-36683-c23d0468fa1aa29e9cff4258e8e5f1b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schema Pro <= 2.7.8 - Authenticated(Contributor+) Missing Authorization
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Schema Pro plugin for WordPress is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with contributor-level access and above, to make use of the unprotected functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-schema-pro/"
     google-query: inurl:"/wp-content/plugins/wp-schema-pro/"
     shodan-query: 'vuln:CVE-2023-36683'
-  tags: cve,wordpress,wp-plugin,wp-schema-pro,medium
+  tags: cve,wordpress,wp-plugin,wp-schema-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36684-144ed0d6a5cb015106c17c6c273b534a.yaml b/nuclei-templates/2023/CVE-2023-36684-144ed0d6a5cb015106c17c6c273b534a.yaml
index 9e5ce47cfc..a97686065e 100644
--- a/nuclei-templates/2023/CVE-2023-36684-144ed0d6a5cb015106c17c6c273b534a.yaml
+++ b/nuclei-templates/2023/CVE-2023-36684-144ed0d6a5cb015106c17c6c273b534a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Convert Pro <= 1.7.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Convert Pro plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/convertpro/"
     google-query: inurl:"/wp-content/plugins/convertpro/"
     shodan-query: 'vuln:CVE-2023-36684'
-  tags: cve,wordpress,wp-plugin,convertpro,medium
+  tags: cve,wordpress,wp-plugin,convertpro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36688-401f06c28c1cd430ed4024172948f5b4.yaml b/nuclei-templates/2023/CVE-2023-36688-401f06c28c1cd430ed4024172948f5b4.yaml
index 2a6b55484b..1d18ec0df5 100644
--- a/nuclei-templates/2023/CVE-2023-36688-401f06c28c1cd430ed4024172948f5b4.yaml
+++ b/nuclei-templates/2023/CVE-2023-36688-401f06c28c1cd430ed4024172948f5b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Site Verify <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Site Verify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-site-verify/"
     google-query: inurl:"/wp-content/plugins/simple-site-verify/"
     shodan-query: 'vuln:CVE-2023-36688'
-  tags: cve,wordpress,wp-plugin,simple-site-verify,medium
+  tags: cve,wordpress,wp-plugin,simple-site-verify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36692-a7963745ff69e39eb4bbcfe48cff5818.yaml b/nuclei-templates/2023/CVE-2023-36692-a7963745ff69e39eb4bbcfe48cff5818.yaml
index 2021aab821..22c092ec55 100644
--- a/nuclei-templates/2023/CVE-2023-36692-a7963745ff69e39eb4bbcfe48cff5818.yaml
+++ b/nuclei-templates/2023/CVE-2023-36692-a7963745ff69e39eb4bbcfe48cff5818.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Cirrus <= 0.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Cirrus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cirrus/"
     google-query: inurl:"/wp-content/plugins/wp-cirrus/"
     shodan-query: 'vuln:CVE-2023-36692'
-  tags: cve,wordpress,wp-plugin,wp-cirrus,medium
+  tags: cve,wordpress,wp-plugin,wp-cirrus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36694-3b5accdca91dd653d9fdbf15959cc447.yaml b/nuclei-templates/2023/CVE-2023-36694-3b5accdca91dd653d9fdbf15959cc447.yaml
index 140b00bd90..e713801fbc 100644
--- a/nuclei-templates/2023/CVE-2023-36694-3b5accdca91dd653d9fdbf15959cc447.yaml
+++ b/nuclei-templates/2023/CVE-2023-36694-3b5accdca91dd653d9fdbf15959cc447.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kingkong Board <= 2.1.0.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Kingkong Board plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on one of its functions in versions up to, and including, 2.1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kingkong-board/"
     google-query: inurl:"/wp-content/plugins/kingkong-board/"
     shodan-query: 'vuln:CVE-2023-36694'
-  tags: cve,wordpress,wp-plugin,kingkong-board,medium
+  tags: cve,wordpress,wp-plugin,kingkong-board,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-36695-80e328ca936017b96ab31fe4d42f9f3e.yaml b/nuclei-templates/2023/CVE-2023-36695-80e328ca936017b96ab31fe4d42f9f3e.yaml
index b23e80bfe5..79ed9bae32 100644
--- a/nuclei-templates/2023/CVE-2023-36695-80e328ca936017b96ab31fe4d42f9f3e.yaml
+++ b/nuclei-templates/2023/CVE-2023-36695-80e328ca936017b96ab31fe4d42f9f3e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sublanguage <= 2.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sublanguage plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the multiple functions in versions up to, and including, 2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sublanguage/"
     google-query: inurl:"/wp-content/plugins/sublanguage/"
     shodan-query: 'vuln:CVE-2023-36695'
-  tags: cve,wordpress,wp-plugin,sublanguage,medium
+  tags: cve,wordpress,wp-plugin,sublanguage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3677-e3fb45d4e1d6f55f124a91bc17024113.yaml b/nuclei-templates/2023/CVE-2023-3677-e3fb45d4e1d6f55f124a91bc17024113.yaml
index 1ae5f148ce..e2cddc87c2 100644
--- a/nuclei-templates/2023/CVE-2023-3677-e3fb45d4e1d6f55f124a91bc17024113.yaml
+++ b/nuclei-templates/2023/CVE-2023-3677-e3fb45d4e1d6f55f124a91bc17024113.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated (Subscriber+) SQL Injection via Export
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for subscribers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/"
     google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/"
     shodan-query: 'vuln:CVE-2023-3677'
-  tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,high
+  tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3706-3d9f543216228e07e8805addbdc60815.yaml b/nuclei-templates/2023/CVE-2023-3706-3d9f543216228e07e8805addbdc60815.yaml
index 74f1c222cf..8fd80da589 100644
--- a/nuclei-templates/2023/CVE-2023-3706-3d9f543216228e07e8805addbdc60815.yaml
+++ b/nuclei-templates/2023/CVE-2023-3706-3d9f543216228e07e8805addbdc60815.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ActivityPub <= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Title Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ActivityPub plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 0.17.0 due to missing validation on a user controlled key. This can allow authenticated attackers, with subscriber-level permissions and above, to expose potentially sensitive post titles (e.g., draft and private post titles).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activitypub/"
     google-query: inurl:"/wp-content/plugins/activitypub/"
     shodan-query: 'vuln:CVE-2023-3706'
-  tags: cve,wordpress,wp-plugin,activitypub,medium
+  tags: cve,wordpress,wp-plugin,activitypub,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3707-f60eec61fd032c9a9193cb04ba124ce1.yaml b/nuclei-templates/2023/CVE-2023-3707-f60eec61fd032c9a9193cb04ba124ce1.yaml
index c19ec5af90..4eed2f82e6 100644
--- a/nuclei-templates/2023/CVE-2023-3707-f60eec61fd032c9a9193cb04ba124ce1.yaml
+++ b/nuclei-templates/2023/CVE-2023-3707-f60eec61fd032c9a9193cb04ba124ce1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ActivityPub <= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Content Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ActivityPub plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 0.17.0 due to missing validation on a user controlled key. This can allow authenticated attackers, with subscriber-level permissions and above, to expose sensitive post information (e.g., draft and private post content).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activitypub/"
     google-query: inurl:"/wp-content/plugins/activitypub/"
     shodan-query: 'vuln:CVE-2023-3707'
-  tags: cve,wordpress,wp-plugin,activitypub,medium
+  tags: cve,wordpress,wp-plugin,activitypub,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3708-161c9677e95eb847dc432eddc65db142.yaml b/nuclei-templates/2023/CVE-2023-3708-161c9677e95eb847dc432eddc65db142.yaml
index 819f39c1d5..c45ecbb0ec 100644
--- a/nuclei-templates/2023/CVE-2023-3708-161c9677e95eb847dc432eddc65db142.yaml
+++ b/nuclei-templates/2023/CVE-2023-3708-161c9677e95eb847dc432eddc65db142.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-3708
   metadata:
-    fofa-query: "wp-content/themes/everse/"
-    google-query: inurl:"/wp-content/themes/everse/"
+    fofa-query: "wp-content/themes/amela/"
+    google-query: inurl:"/wp-content/themes/amela/"
     shodan-query: 'vuln:CVE-2023-3708'
-  tags: cve,wordpress,wp-theme,everse,medium
+  tags: cve,wordpress,wp-theme,amela,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/everse/style.css"
+      - "{{BaseURL}}/wp-content/themes/amela/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "everse"
+          - "amela"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.8.10')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.13')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-3713-602df06e81e9929680d21f57b3d3e3d7.yaml b/nuclei-templates/2023/CVE-2023-3713-602df06e81e9929680d21f57b3d3e3d7.yaml
index 1fde5359fb..6f04127c95 100644
--- a/nuclei-templates/2023/CVE-2023-3713-602df06e81e9929680d21f57b3d3e3d7.yaml
+++ b/nuclei-templates/2023/CVE-2023-3713-602df06e81e9929680d21f57b3d3e3d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2023-3713'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3721-00703f6574c6499c4c754c18b06e2fac.yaml b/nuclei-templates/2023/CVE-2023-3721-00703f6574c6499c4c754c18b06e2fac.yaml
index 899a956c72..d848873e2f 100644
--- a/nuclei-templates/2023/CVE-2023-3721-00703f6574c6499c4c754c18b06e2fac.yaml
+++ b/nuclei-templates/2023/CVE-2023-3721-00703f6574c6499c4c754c18b06e2fac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-EMail <= 2.69.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-EMail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.69.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-email/"
     google-query: inurl:"/wp-content/plugins/wp-email/"
     shodan-query: 'vuln:CVE-2023-3721'
-  tags: cve,wordpress,wp-plugin,wp-email,medium
+  tags: cve,wordpress,wp-plugin,wp-email,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37388-6da6015396d12ad265b2f5a24810c5e3.yaml b/nuclei-templates/2023/CVE-2023-37388-6da6015396d12ad265b2f5a24810c5e3.yaml
index 7af115e946..0336de8c95 100644
--- a/nuclei-templates/2023/CVE-2023-37388-6da6015396d12ad265b2f5a24810c5e3.yaml
+++ b/nuclei-templates/2023/CVE-2023-37388-6da6015396d12ad265b2f5a24810c5e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/only-tweet-like-share-and-google-1/"
     google-query: inurl:"/wp-content/plugins/only-tweet-like-share-and-google-1/"
     shodan-query: 'vuln:CVE-2023-37388'
-  tags: cve,wordpress,wp-plugin,only-tweet-like-share-and-google-1,medium
+  tags: cve,wordpress,wp-plugin,only-tweet-like-share-and-google-1,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37389-6104fab3d6323129ecb2671e037b46ea.yaml b/nuclei-templates/2023/CVE-2023-37389-6104fab3d6323129ecb2671e037b46ea.yaml
index 9f3daa4dfc..ea13f15305 100644
--- a/nuclei-templates/2023/CVE-2023-37389-6104fab3d6323129ecb2671e037b46ea.yaml
+++ b/nuclei-templates/2023/CVE-2023-37389-6104fab3d6323129ecb2671e037b46ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Package <= 1.5.98 - Authorization Bypass to Arbitrary Password Reset
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Booking Package plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including 1.5.98 due to missing validation in the 'updateUser' function. This allows unauthenticated attackers to reset the email and password of any user on the site if they know the username. Note that only sites that have an active premium subscription are vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-package/"
     google-query: inurl:"/wp-content/plugins/booking-package/"
     shodan-query: 'vuln:CVE-2023-37389'
-  tags: cve,wordpress,wp-plugin,booking-package,critical
+  tags: cve,wordpress,wp-plugin,booking-package,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37394-422c4f76899e03c0666b1907832b3ab3.yaml b/nuclei-templates/2023/CVE-2023-37394-422c4f76899e03c0666b1907832b3ab3.yaml
index 0155c19c5b..23007383f9 100644
--- a/nuclei-templates/2023/CVE-2023-37394-422c4f76899e03c0666b1907832b3ab3.yaml
+++ b/nuclei-templates/2023/CVE-2023-37394-422c4f76899e03c0666b1907832b3ab3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Dummy Content Generator <= 2.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Dummy Content Generator plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to make use of this functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dummy-content-generator/"
     google-query: inurl:"/wp-content/plugins/wp-dummy-content-generator/"
     shodan-query: 'vuln:CVE-2023-37394'
-  tags: cve,wordpress,wp-plugin,wp-dummy-content-generator,medium
+  tags: cve,wordpress,wp-plugin,wp-dummy-content-generator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3746-3492aa2f8ff8d594f214ebc3c0f6df74.yaml b/nuclei-templates/2023/CVE-2023-3746-3492aa2f8ff8d594f214ebc3c0f6df74.yaml
index 811ede4228..8e30192537 100644
--- a/nuclei-templates/2023/CVE-2023-3746-3492aa2f8ff8d594f214ebc3c0f6df74.yaml
+++ b/nuclei-templates/2023/CVE-2023-3746-3492aa2f8ff8d594f214ebc3c0f6df74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Content
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ActivityPub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via certain post content in versions up to, and including, 0.17.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activitypub/"
     google-query: inurl:"/wp-content/plugins/activitypub/"
     shodan-query: 'vuln:CVE-2023-3746'
-  tags: cve,wordpress,wp-plugin,activitypub,medium
+  tags: cve,wordpress,wp-plugin,activitypub,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37866-49120404cfb8d5621438564fe9eb32bd.yaml b/nuclei-templates/2023/CVE-2023-37866-49120404cfb8d5621438564fe9eb32bd.yaml
index da2ddeb770..bd5164f8e9 100644
--- a/nuclei-templates/2023/CVE-2023-37866-49120404cfb8d5621438564fe9eb32bd.yaml
+++ b/nuclei-templates/2023/CVE-2023-37866-49120404cfb8d5621438564fe9eb32bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JetFormBuilder <= 3.0.8 - Authenticated (Author+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.0.8. This is due to insufficient restrictions on the form builder. This makes it possible for authenticated attackers, with author-level access and above, to create forms that make it possible to register a user with administrative privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetformbuilder/"
     google-query: inurl:"/wp-content/plugins/jetformbuilder/"
     shodan-query: 'vuln:CVE-2023-37866'
-  tags: cve,wordpress,wp-plugin,jetformbuilder,high
+  tags: cve,wordpress,wp-plugin,jetformbuilder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37867-efe780e12c2c72ceb89cb957cd97aaac.yaml b/nuclei-templates/2023/CVE-2023-37867-efe780e12c2c72ceb89cb957cd97aaac.yaml
index 12a7ae1b4a..638d659ea7 100644
--- a/nuclei-templates/2023/CVE-2023-37867-efe780e12c2c72ceb89cb957cd97aaac.yaml
+++ b/nuclei-templates/2023/CVE-2023-37867-efe780e12c2c72ceb89cb957cd97aaac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yet Another Stars Rating <= 3.3.8 - Missing Authorization to Vote Tampering
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Yet Another Stars Rating plugin for WordPress is vulnerable to vote tampering in versions up to, and including, 3.3.8. This vulnerability can be utilized by unauthenticated users to vote repeatedly.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-stars-rating/"
     google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/"
     shodan-query: 'vuln:CVE-2023-37867'
-  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,medium
+  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37869-476134bec82a295d4478418acb3a1fc0.yaml b/nuclei-templates/2023/CVE-2023-37869-476134bec82a295d4478418acb3a1fc0.yaml
index 9387bb5598..6d1778653c 100644
--- a/nuclei-templates/2023/CVE-2023-37869-476134bec82a295d4478418acb3a1fc0.yaml
+++ b/nuclei-templates/2023/CVE-2023-37869-476134bec82a295d4478418acb3a1fc0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons PRO <= 2.9.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Premium Addons PRO plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 2.9.0. This makes it possible for authenticated attackers, with contributor-level access and above, to make use of this functionality intended for users with higher privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-pro/"
     google-query: inurl:"/wp-content/plugins/premium-addons-pro/"
     shodan-query: 'vuln:CVE-2023-37869'
-  tags: cve,wordpress,wp-plugin,premium-addons-pro,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37870-ac9e437a3a3be183da02189f782c1fad.yaml b/nuclei-templates/2023/CVE-2023-37870-ac9e437a3a3be183da02189f782c1fad.yaml
index 6c21091d35..3d668c1535 100644
--- a/nuclei-templates/2023/CVE-2023-37870-ac9e437a3a3be183da02189f782c1fad.yaml
+++ b/nuclei-templates/2023/CVE-2023-37870-ac9e437a3a3be183da02189f782c1fad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Warranty Requests <= 2.1.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with customer-level access and above, to make use of this functionality intended for higher-privileged users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-warranty/"
     google-query: inurl:"/wp-content/plugins/woocommerce-warranty/"
     shodan-query: 'vuln:CVE-2023-37870'
-  tags: cve,wordpress,wp-plugin,woocommerce-warranty,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-warranty,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37872-c19f8aaf85e78b37bfb8827bc7a43d0f.yaml b/nuclei-templates/2023/CVE-2023-37872-c19f8aaf85e78b37bfb8827bc7a43d0f.yaml
index 1673342080..cadb29de8f 100644
--- a/nuclei-templates/2023/CVE-2023-37872-c19f8aaf85e78b37bfb8827bc7a43d0f.yaml
+++ b/nuclei-templates/2023/CVE-2023-37872-c19f8aaf85e78b37bfb8827bc7a43d0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Ship to Multiple Addresses <= 3.8.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 3.8.5. This makes it possible for authenticated attackers, with customer-level access and above, to invoke this function intended for higher-privileged users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-shipping-multiple-addresses/"
     google-query: inurl:"/wp-content/plugins/woocommerce-shipping-multiple-addresses/"
     shodan-query: 'vuln:CVE-2023-37872'
-  tags: cve,wordpress,wp-plugin,woocommerce-shipping-multiple-addresses,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-shipping-multiple-addresses,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37874-3400f4eb6ff8887592360d9448530f42.yaml b/nuclei-templates/2023/CVE-2023-37874-3400f4eb6ff8887592360d9448530f42.yaml
index 37a25e8361..8c179129c9 100644
--- a/nuclei-templates/2023/CVE-2023-37874-3400f4eb6ff8887592360d9448530f42.yaml
+++ b/nuclei-templates/2023/CVE-2023-37874-3400f4eb6ff8887592360d9448530f42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTTP Headers <= 1.18.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HTTP Headers for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.18.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/http-headers/"
     google-query: inurl:"/wp-content/plugins/http-headers/"
     shodan-query: 'vuln:CVE-2023-37874'
-  tags: cve,wordpress,wp-plugin,http-headers,medium
+  tags: cve,wordpress,wp-plugin,http-headers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37886-4a61498f6efba74cb49bf8c1a7045be1.yaml b/nuclei-templates/2023/CVE-2023-37886-4a61498f6efba74cb49bf8c1a7045be1.yaml
index 3b3a0e10c7..29a06dd356 100644
--- a/nuclei-templates/2023/CVE-2023-37886-4a61498f6efba74cb49bf8c1a7045be1.yaml
+++ b/nuclei-templates/2023/CVE-2023-37886-4a61498f6efba74cb49bf8c1a7045be1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RealHomes <= 4.0.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RealHomes theme for WordPress is vulnerable to unauthorized access due to a missing capability check an unknown function in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. Please note, there is not enough detail available to determine the difference between this CVE (CVE-2023-37886) and CVE-2023-37885.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/realhomes/"
     google-query: inurl:"/wp-content/themes/realhomes/"
     shodan-query: 'vuln:CVE-2023-37886'
-  tags: cve,wordpress,wp-theme,realhomes,medium
+  tags: cve,wordpress,wp-theme,realhomes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37887-f1f206bccc7ec9ca4ed21059b6547361.yaml b/nuclei-templates/2023/CVE-2023-37887-f1f206bccc7ec9ca4ed21059b6547361.yaml
index cda49d4df4..1114a6fbd2 100644
--- a/nuclei-templates/2023/CVE-2023-37887-f1f206bccc7ec9ca4ed21059b6547361.yaml
+++ b/nuclei-templates/2023/CVE-2023-37887-f1f206bccc7ec9ca4ed21059b6547361.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPSchoolPress <= 2.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPSchoolPress plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several functions such as wpsp_AddStudent(), wpsp_DeleteTeacher(), wpsp_UpdateStudent(), wpsp_DeleteStudent and more in versions up to, and including, 2.2.3. This makes it possible for authenticated attackers, with student-level access and above, modify student and teacher accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpschoolpress/"
     google-query: inurl:"/wp-content/plugins/wpschoolpress/"
     shodan-query: 'vuln:CVE-2023-37887'
-  tags: cve,wordpress,wp-plugin,wpschoolpress,medium
+  tags: cve,wordpress,wp-plugin,wpschoolpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37890-d5de86927ffadedc80433179f0132f85.yaml b/nuclei-templates/2023/CVE-2023-37890-d5de86927ffadedc80433179f0132f85.yaml
index fc0eaa9eb8..007946fd21 100644
--- a/nuclei-templates/2023/CVE-2023-37890-d5de86927ffadedc80433179f0132f85.yaml
+++ b/nuclei-templates/2023/CVE-2023-37890-d5de86927ffadedc80433179f0132f85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KB Support <= 1.5.88 - Missing Authorization to Sensitive Data Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The KB Support plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.5.88 via the kbs_ajax_get_customer_data function due to lack of a capability check. This can allow authenticated attackers with subscriber access or higher to extract sensitive data including customer data including name, email, phone number.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kb-support/"
     google-query: inurl:"/wp-content/plugins/kb-support/"
     shodan-query: 'vuln:CVE-2023-37890'
-  tags: cve,wordpress,wp-plugin,kb-support,medium
+  tags: cve,wordpress,wp-plugin,kb-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37966-1e01dff414d04212c3c6453a2d281edc.yaml b/nuclei-templates/2023/CVE-2023-37966-1e01dff414d04212c3c6453a2d281edc.yaml
index 3f5c597d9b..dfc9e4da8b 100644
--- a/nuclei-templates/2023/CVE-2023-37966-1e01dff414d04212c3c6453a2d281edc.yaml
+++ b/nuclei-templates/2023/CVE-2023-37966-1e01dff414d04212c3c6453a2d281edc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Activity Log <= 1.6.2 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The User Activity Log plugin for WordPress is vulnerable to SQL Injection via several parameters like 'userrole', 'userip', 'username', and 'type' in versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the ual_user_activity_function() function.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-activity-log/"
     google-query: inurl:"/wp-content/plugins/user-activity-log/"
     shodan-query: 'vuln:CVE-2023-37966'
-  tags: cve,wordpress,wp-plugin,user-activity-log,high
+  tags: cve,wordpress,wp-plugin,user-activity-log,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37970-2569de726bff5107260fe23150979031.yaml b/nuclei-templates/2023/CVE-2023-37970-2569de726bff5107260fe23150979031.yaml
index f467d34f6a..173a44cb61 100644
--- a/nuclei-templates/2023/CVE-2023-37970-2569de726bff5107260fe23150979031.yaml
+++ b/nuclei-templates/2023/CVE-2023-37970-2569de726bff5107260fe23150979031.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MF Gig Calendar  <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via event_title and event_time
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MF Gig Calendar  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event's time and title parameters in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mf-gig-calendar/"
     google-query: inurl:"/wp-content/plugins/mf-gig-calendar/"
     shodan-query: 'vuln:CVE-2023-37970'
-  tags: cve,wordpress,wp-plugin,mf-gig-calendar,medium
+  tags: cve,wordpress,wp-plugin,mf-gig-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37971-e39ea928bd894c6c2a483c3234cd1111.yaml b/nuclei-templates/2023/CVE-2023-37971-e39ea928bd894c6c2a483c3234cd1111.yaml
index 35b992e834..6319046ad1 100644
--- a/nuclei-templates/2023/CVE-2023-37971-e39ea928bd894c6c2a483c3234cd1111.yaml
+++ b/nuclei-templates/2023/CVE-2023-37971-e39ea928bd894c6c2a483c3234cd1111.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Product Stock Alert <= 2.0.1 - Missing Authorization via API
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Product Stock Alert plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stock_alert_rest_routes_react_module action in versions up to, and including, 2.0.1. This makes it possible for authenticated attackers with subscriber-level access to use this endpoint intended for administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-stock-alert/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-stock-alert/"
     shodan-query: 'vuln:CVE-2023-37971'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-stock-alert,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-product-stock-alert,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37976-5344d2a9421d4134e013b9ef9543b210.yaml b/nuclei-templates/2023/CVE-2023-37976-5344d2a9421d4134e013b9ef9543b210.yaml
index 2549b841c9..ff43001869 100644
--- a/nuclei-templates/2023/CVE-2023-37976-5344d2a9421d4134e013b9ef9543b210.yaml
+++ b/nuclei-templates/2023/CVE-2023-37976-5344d2a9421d4134e013b9ef9543b210.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Radio Forge Muses Player with Skins <= 2.5 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Radio Forge Muses Player with Skins plugin for WordPress is vulnerable to Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/radio-forge/"
     google-query: inurl:"/wp-content/plugins/radio-forge/"
     shodan-query: 'vuln:CVE-2023-37976'
-  tags: cve,wordpress,wp-plugin,radio-forge,high
+  tags: cve,wordpress,wp-plugin,radio-forge,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37980-c6eebad0122883aa540363f1389d9ced.yaml b/nuclei-templates/2023/CVE-2023-37980-c6eebad0122883aa540363f1389d9ced.yaml
index 584ca7406e..8fc79304ca 100644
--- a/nuclei-templates/2023/CVE-2023-37980-c6eebad0122883aa540363f1389d9ced.yaml
+++ b/nuclei-templates/2023/CVE-2023-37980-c6eebad0122883aa540363f1389d9ced.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-field-for-wp-job-manager/"
     google-query: inurl:"/wp-content/plugins/custom-field-for-wp-job-manager/"
     shodan-query: 'vuln:CVE-2023-37980'
-  tags: cve,wordpress,wp-plugin,custom-field-for-wp-job-manager,medium
+  tags: cve,wordpress,wp-plugin,custom-field-for-wp-job-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37983-47deea3f06e73d1d92fa8e2918f9b61e.yaml b/nuclei-templates/2023/CVE-2023-37983-47deea3f06e73d1d92fa8e2918f9b61e.yaml
index d4e04848ba..7a08c22aa9 100644
--- a/nuclei-templates/2023/CVE-2023-37983-47deea3f06e73d1d92fa8e2918f9b61e.yaml
+++ b/nuclei-templates/2023/CVE-2023-37983-47deea3f06e73d1d92fa8e2918f9b61e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Art Direction <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Art Direction plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/art-direction/"
     google-query: inurl:"/wp-content/plugins/art-direction/"
     shodan-query: 'vuln:CVE-2023-37983'
-  tags: cve,wordpress,wp-plugin,art-direction,medium
+  tags: cve,wordpress,wp-plugin,art-direction,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37986-5f0a636903de630172f072592f6edff3.yaml b/nuclei-templates/2023/CVE-2023-37986-5f0a636903de630172f072592f6edff3.yaml
index 61fd31ef49..cd9cd52a21 100644
--- a/nuclei-templates/2023/CVE-2023-37986-5f0a636903de630172f072592f6edff3.yaml
+++ b/nuclei-templates/2023/CVE-2023-37986-5f0a636903de630172f072592f6edff3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YourMembership Single Sign On <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YourMembership Single Sign On plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-yourmembership/"
     google-query: inurl:"/wp-content/plugins/login-with-yourmembership/"
     shodan-query: 'vuln:CVE-2023-37986'
-  tags: cve,wordpress,wp-plugin,login-with-yourmembership,medium
+  tags: cve,wordpress,wp-plugin,login-with-yourmembership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37987-c5fe48358feae544a0b21efff11ac6fd.yaml b/nuclei-templates/2023/CVE-2023-37987-c5fe48358feae544a0b21efff11ac6fd.yaml
index 980d5dc11f..dba4082e2d 100644
--- a/nuclei-templates/2023/CVE-2023-37987-c5fe48358feae544a0b21efff11ac6fd.yaml
+++ b/nuclei-templates/2023/CVE-2023-37987-c5fe48358feae544a0b21efff11ac6fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YourMembership Single Sign On <= 1.1.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YourMembership Single Sign On plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-yourmembership/"
     google-query: inurl:"/wp-content/plugins/login-with-yourmembership/"
     shodan-query: 'vuln:CVE-2023-37987'
-  tags: cve,wordpress,wp-plugin,login-with-yourmembership,medium
+  tags: cve,wordpress,wp-plugin,login-with-yourmembership,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37989-a80bdd8568c61aa45e987adfac4d1b71.yaml b/nuclei-templates/2023/CVE-2023-37989-a80bdd8568c61aa45e987adfac4d1b71.yaml
index 7e1ed9976f..ab11e259a5 100644
--- a/nuclei-templates/2023/CVE-2023-37989-a80bdd8568c61aa45e987adfac4d1b71.yaml
+++ b/nuclei-templates/2023/CVE-2023-37989-a80bdd8568c61aa45e987adfac4d1b71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easyship WooCommerce Shipping Rates <= 0.8.9 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easyship WooCommerce Shipping Rates plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 0.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to register for and deactivate EasyShip functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easyship-woocommerce-shipping-rates/"
     google-query: inurl:"/wp-content/plugins/easyship-woocommerce-shipping-rates/"
     shodan-query: 'vuln:CVE-2023-37989'
-  tags: cve,wordpress,wp-plugin,easyship-woocommerce-shipping-rates,medium
+  tags: cve,wordpress,wp-plugin,easyship-woocommerce-shipping-rates,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37993-8b316c2c5c57a5bec4fddd68dace9cd3.yaml b/nuclei-templates/2023/CVE-2023-37993-8b316c2c5c57a5bec4fddd68dace9cd3.yaml
index b3d473f3d5..bcfa964d74 100644
--- a/nuclei-templates/2023/CVE-2023-37993-8b316c2c5c57a5bec4fddd68dace9cd3.yaml
+++ b/nuclei-templates/2023/CVE-2023-37993-8b316c2c5c57a5bec4fddd68dace9cd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpShopGermany IT-RECHT KANZLEI <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpShopGermany IT-RECHT KANZLEI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpshopgermany-it-recht-kanzlei/"
     google-query: inurl:"/wp-content/plugins/wpshopgermany-it-recht-kanzlei/"
     shodan-query: 'vuln:CVE-2023-37993'
-  tags: cve,wordpress,wp-plugin,wpshopgermany-it-recht-kanzlei,medium
+  tags: cve,wordpress,wp-plugin,wpshopgermany-it-recht-kanzlei,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37994-6866d09139386202bbed5983be370086.yaml b/nuclei-templates/2023/CVE-2023-37994-6866d09139386202bbed5983be370086.yaml
index 3c793f5a5e..4d75e50e5d 100644
--- a/nuclei-templates/2023/CVE-2023-37994-6866d09139386202bbed5983be370086.yaml
+++ b/nuclei-templates/2023/CVE-2023-37994-6866d09139386202bbed5983be370086.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Art Decoration Shortcode <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Art Decoration Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/art-decoration-shortcode/"
     google-query: inurl:"/wp-content/plugins/art-decoration-shortcode/"
     shodan-query: 'vuln:CVE-2023-37994'
-  tags: cve,wordpress,wp-plugin,art-decoration-shortcode,medium
+  tags: cve,wordpress,wp-plugin,art-decoration-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-37999-719fa4e7b6c83ab485c9d95f46e8edb7.yaml b/nuclei-templates/2023/CVE-2023-37999-719fa4e7b6c83ab485c9d95f46e8edb7.yaml
index 7c7176d213..7008333396 100644
--- a/nuclei-templates/2023/CVE-2023-37999-719fa4e7b6c83ab485c9d95f46e8edb7.yaml
+++ b/nuclei-templates/2023/CVE-2023-37999-719fa4e7b6c83ab485c9d95f46e8edb7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The HT Mega plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.2.0. This is due to missing validation of the reg_role parameter on the htmega_ajax_register function. This makes it possible for unauthenticated attackers to create administrator accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2023-37999'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,critical
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38000-8629a041445673190f74e67cf1a4f264.yaml b/nuclei-templates/2023/CVE-2023-38000-8629a041445673190f74e67cf1a4f264.yaml
index 6320b01a07..c2abe333ae 100644
--- a/nuclei-templates/2023/CVE-2023-38000-8629a041445673190f74e67cf1a4f264.yaml
+++ b/nuclei-templates/2023/CVE-2023-38000-8629a041445673190f74e67cf1a4f264.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core 5.9-6.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Navigation Attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core is vulnerable to Stored Cross-Site Scripting via the arrow navigation block attributes in versions between 5.9 and 6.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level privileges and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,47 +14,45 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2023-38000
   metadata:
+    fofa-query: "wp-content/plugins/gutenberg/"
+    google-query: inurl:"/wp-content/plugins/gutenberg/"
     shodan-query: 'vuln:CVE-2023-38000'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-plugin,gutenberg,low
 
 http:
   - method: GET
-    path:
-      - "{{BaseURL}}"
-      - "{{BaseURL}}/wp-admin/install.php"
-      - "{{BaseURL}}/feed/"
-      - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked
-
     redirects: true
-    max-redirects: 2
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - compare_versions(version_by_generator, '>= 6.3', '<= 6.3.1')
-          - compare_versions(version_by_js, '>= 6.3', '<= 6.3.1')
-          - compare_versions(version_by_css, '>= 6.3', '<= 6.3.1')
-
-      - type: status
-        status:
-          - 200
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/gutenberg/readme.txt"
 
     extractors:
       - type: regex
-        name: version_by_generator
+        name: version
+        part: body
         group: 1
+        internal: true
         regex:
-          - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)'
+          - "(?mi)Stable tag: ([0-9.]+)"
 
       - type: regex
-        name: version_by_js
+        name: version
+        part: body
         group: 1
         regex:
-          - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b'
+          - "(?mi)Stable tag: ([0-9.]+)"
 
-      - type: regex
-        name: version_by_css
-        group: 1
-        regex:
-          - 'install\.min\.css\?ver=((\d+\.?)+)\b'
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "gutenberg"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 16.8.0')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-3814-1ced58320fa56965f50860e215f3e06d.yaml b/nuclei-templates/2023/CVE-2023-3814-1ced58320fa56965f50860e215f3e06d.yaml
index 1e6a7a10f1..dad3ab4bee 100644
--- a/nuclei-templates/2023/CVE-2023-3814-1ced58320fa56965f50860e215f3e06d.yaml
+++ b/nuclei-templates/2023/CVE-2023-3814-1ced58320fa56965f50860e215f3e06d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced File Manager <= 5.1 - Authenticated(Administrator+) Arbitrary File and Folder Access
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced File Managerplugin for WordPress is vulnerable to improper access control in versions up to, and including, 5.1. This makes it possible for authenticated attackers, with administrator-level permissions and above, to access the filesystem on multisite installations. This only affects multi-site installations.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/file-manager-advanced/"
     google-query: inurl:"/wp-content/plugins/file-manager-advanced/"
     shodan-query: 'vuln:CVE-2023-3814'
-  tags: cve,wordpress,wp-plugin,file-manager-advanced,medium
+  tags: cve,wordpress,wp-plugin,file-manager-advanced,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38383-a96c597219ed29fc68772417c5a3093c.yaml b/nuclei-templates/2023/CVE-2023-38383-a96c597219ed29fc68772417c5a3093c.yaml
index 5ab70c738d..d415ed7616 100644
--- a/nuclei-templates/2023/CVE-2023-38383-a96c597219ed29fc68772417c5a3093c.yaml
+++ b/nuclei-templates/2023/CVE-2023-38383-a96c597219ed29fc68772417c5a3093c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Language <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Language plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-language/"
     google-query: inurl:"/wp-content/plugins/wordpress-language/"
     shodan-query: 'vuln:CVE-2023-38383'
-  tags: cve,wordpress,wp-plugin,wordpress-language,medium
+  tags: cve,wordpress,wp-plugin,wordpress-language,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38386-740df732c021f2878fae481d2ff89873.yaml b/nuclei-templates/2023/CVE-2023-38386-740df732c021f2878fae481d2ff89873.yaml
index 069282b7e1..d493f4afbb 100644
--- a/nuclei-templates/2023/CVE-2023-38386-740df732c021f2878fae481d2ff89873.yaml
+++ b/nuclei-templates/2023/CVE-2023-38386-740df732c021f2878fae481d2ff89873.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms <= 3.6.25 - Missing Authorization to Contributor+ Form Submission Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_listen() function in versions up to, and including, 3.6.25. This makes it possible for authenticated attackers, with contributor-level access and above, to export form submissions via a properly crafted request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2023-38386'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38387-7666fb1e1d2345dc70da7aee12ac3253.yaml b/nuclei-templates/2023/CVE-2023-38387-7666fb1e1d2345dc70da7aee12ac3253.yaml
index 148be5b7e3..5ab1994e15 100644
--- a/nuclei-templates/2023/CVE-2023-38387-7666fb1e1d2345dc70da7aee12ac3253.yaml
+++ b/nuclei-templates/2023/CVE-2023-38387-7666fb1e1d2345dc70da7aee12ac3253.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elastic Email Sender <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elastic Email Sender plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elastic-email-sender/"
     google-query: inurl:"/wp-content/plugins/elastic-email-sender/"
     shodan-query: 'vuln:CVE-2023-38387'
-  tags: cve,wordpress,wp-plugin,elastic-email-sender,medium
+  tags: cve,wordpress,wp-plugin,elastic-email-sender,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38391-a3ea3eadba50d012fd5181689a40ff84.yaml b/nuclei-templates/2023/CVE-2023-38391-a3ea3eadba50d012fd5181689a40ff84.yaml
index ace4e1de03..021a7a3e5c 100644
--- a/nuclei-templates/2023/CVE-2023-38391-a3ea3eadba50d012fd5181689a40ff84.yaml
+++ b/nuclei-templates/2023/CVE-2023-38391-a3ea3eadba50d012fd5181689a40ff84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Onepage Builder – Easiest Landing Page Builder For WordPress <= 2.4.1 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Onepage Builder – Easiest Landing Page Builder For WordPress plugin for WordPress is vulnerable to SQL Injection parameter in versions up to, and including, 2.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tx-onepager/"
     google-query: inurl:"/wp-content/plugins/tx-onepager/"
     shodan-query: 'vuln:CVE-2023-38391'
-  tags: cve,wordpress,wp-plugin,tx-onepager,high
+  tags: cve,wordpress,wp-plugin,tx-onepager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38393-706995907d69bd14e09ce77802032800.yaml b/nuclei-templates/2023/CVE-2023-38393-706995907d69bd14e09ce77802032800.yaml
index 19681160de..6f6c5e9d05 100644
--- a/nuclei-templates/2023/CVE-2023-38393-706995907d69bd14e09ce77802032800.yaml
+++ b/nuclei-templates/2023/CVE-2023-38393-706995907d69bd14e09ce77802032800.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms <= 3.6.25 - Missing Authorization to Form Submission Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the processing() function in versions up to, and including, 3.6.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to export form submissions via the nf_download_all_subs AJAX action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2023-38393'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38394-bfeb7be408c868527d6e4e4ae715a094.yaml b/nuclei-templates/2023/CVE-2023-38394-bfeb7be408c868527d6e4e4ae715a094.yaml
index 13dffb6547..a19b381610 100644
--- a/nuclei-templates/2023/CVE-2023-38394-bfeb7be408c868527d6e4e4ae715a094.yaml
+++ b/nuclei-templates/2023/CVE-2023-38394-bfeb7be408c868527d6e4e4ae715a094.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JupiterX Core  3.0.0 - 3.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JupiterX Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on multiple functions in versions 3.0.0 through 3.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to perform unauthorized actions. NOTE: This issue only affects the premium version of the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jupiterx-core/"
     google-query: inurl:"/wp-content/plugins/jupiterx-core/"
     shodan-query: 'vuln:CVE-2023-38394'
-  tags: cve,wordpress,wp-plugin,jupiterx-core,medium
+  tags: cve,wordpress,wp-plugin,jupiterx-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38395-bb2e17c35167609647005349850505d1.yaml b/nuclei-templates/2023/CVE-2023-38395-bb2e17c35167609647005349850505d1.yaml
index d52c84f6ff..44dabd2100 100644
--- a/nuclei-templates/2023/CVE-2023-38395-bb2e17c35167609647005349850505d1.yaml
+++ b/nuclei-templates/2023/CVE-2023-38395-bb2e17c35167609647005349850505d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Clone Menu <= 1.0.1 - Missing Authorization to Menu Clone
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Clone Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clone_menu_cb() function hooked via an AJAX action in versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to clone menus.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clone-menu/"
     google-query: inurl:"/wp-content/plugins/clone-menu/"
     shodan-query: 'vuln:CVE-2023-38395'
-  tags: cve,wordpress,wp-plugin,clone-menu,medium
+  tags: cve,wordpress,wp-plugin,clone-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38397-ea5c3acfd64b155268d32c3228d1c82f.yaml b/nuclei-templates/2023/CVE-2023-38397-ea5c3acfd64b155268d32c3228d1c82f.yaml
index dbd067982e..cd1b8eb0dd 100644
--- a/nuclei-templates/2023/CVE-2023-38397-ea5c3acfd64b155268d32c3228d1c82f.yaml
+++ b/nuclei-templates/2023/CVE-2023-38397-ea5c3acfd64b155268d32c3228d1c82f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gestion-Pymes <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gestion-Pymes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gestion-pymes/"
     google-query: inurl:"/wp-content/plugins/gestion-pymes/"
     shodan-query: 'vuln:CVE-2023-38397'
-  tags: cve,wordpress,wp-plugin,gestion-pymes,medium
+  tags: cve,wordpress,wp-plugin,gestion-pymes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38475-a9d63cf96793705be5a47f94a1b589be.yaml b/nuclei-templates/2023/CVE-2023-38475-a9d63cf96793705be5a47f94a1b589be.yaml
index 8e95d083d4..5f906ea3f5 100644
--- a/nuclei-templates/2023/CVE-2023-38475-a9d63cf96793705be5a47f94a1b589be.yaml
+++ b/nuclei-templates/2023/CVE-2023-38475-a9d63cf96793705be5a47f94a1b589be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donations Made Easy – Smart Donations <= 4.0.12 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Donations Made Easy – Smart Donations plugin for WordPress is vulnerable to unauthorized actions due to a missing capability check on an unknown function in versions up to, and including, 4.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-donations/"
     google-query: inurl:"/wp-content/plugins/smart-donations/"
     shodan-query: 'vuln:CVE-2023-38475'
-  tags: cve,wordpress,wp-plugin,smart-donations,medium
+  tags: cve,wordpress,wp-plugin,smart-donations,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38476-0b15ae4e67ed167e4179722b43d42dc7.yaml b/nuclei-templates/2023/CVE-2023-38476-0b15ae4e67ed167e4179722b43d42dc7.yaml
index 45aeac7f70..73a854bcea 100644
--- a/nuclei-templates/2023/CVE-2023-38476-0b15ae4e67ed167e4179722b43d42dc7.yaml
+++ b/nuclei-templates/2023/CVE-2023-38476-0b15ae4e67ed167e4179722b43d42dc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Client Portal : SuiteDash Direct Login <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Client Portal : SuiteDash Direct Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/client-portal-suitedash-login/"
     google-query: inurl:"/wp-content/plugins/client-portal-suitedash-login/"
     shodan-query: 'vuln:CVE-2023-38476'
-  tags: cve,wordpress,wp-plugin,client-portal-suitedash-login,medium
+  tags: cve,wordpress,wp-plugin,client-portal-suitedash-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38477-800d1ab574434819322506f176feb04a.yaml b/nuclei-templates/2023/CVE-2023-38477-800d1ab574434819322506f176feb04a.yaml
index 217fa1171b..a946622dc0 100644
--- a/nuclei-templates/2023/CVE-2023-38477-800d1ab574434819322506f176feb04a.yaml
+++ b/nuclei-templates/2023/CVE-2023-38477-800d1ab574434819322506f176feb04a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     QR code MeCard/vCard generator <= 1.6.0 - Missing Authorization via wqm_make_url_permanent
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The QR code MeCard/vCard generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wqm_make_url_permanent() function in versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the url for QR codes generated by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-qrcode-me-v-card/"
     google-query: inurl:"/wp-content/plugins/wp-qrcode-me-v-card/"
     shodan-query: 'vuln:CVE-2023-38477'
-  tags: cve,wordpress,wp-plugin,wp-qrcode-me-v-card,medium
+  tags: cve,wordpress,wp-plugin,wp-qrcode-me-v-card,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38479-5d0daee3984605beba0293322e7ea274.yaml b/nuclei-templates/2023/CVE-2023-38479-5d0daee3984605beba0293322e7ea274.yaml
index d367eca1ff..1f75dc5bc0 100644
--- a/nuclei-templates/2023/CVE-2023-38479-5d0daee3984605beba0293322e7ea274.yaml
+++ b/nuclei-templates/2023/CVE-2023-38479-5d0daee3984605beba0293322e7ea274.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Googlebot Visit <= 1.2.4 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Googlebot Visit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function hooked via a nopriv AJAX action in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-googlebot-visit/"
     google-query: inurl:"/wp-content/plugins/simple-googlebot-visit/"
     shodan-query: 'vuln:CVE-2023-38479'
-  tags: cve,wordpress,wp-plugin,simple-googlebot-visit,medium
+  tags: cve,wordpress,wp-plugin,simple-googlebot-visit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38480-37d5b7622ee837d13b79238620e127af.yaml b/nuclei-templates/2023/CVE-2023-38480-37d5b7622ee837d13b79238620e127af.yaml
index 532796e517..c5a042d39b 100644
--- a/nuclei-templates/2023/CVE-2023-38480-37d5b7622ee837d13b79238620e127af.yaml
+++ b/nuclei-templates/2023/CVE-2023-38480-37d5b7622ee837d13b79238620e127af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster Elementor Addons <= 1.4.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booster Elementor Addons plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions called via nopriv AJAX actions in the ~/base/core/ajax_handler.php file in versions up to, and including, 1.4.9. This makes it possible for unauthenticated attackers to perform a variety of actions such as load the icon chooser and save active widgets and extensions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booster-for-elementor/"
     google-query: inurl:"/wp-content/plugins/booster-for-elementor/"
     shodan-query: 'vuln:CVE-2023-38480'
-  tags: cve,wordpress,wp-plugin,booster-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,booster-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38482-107104bc14e921090e757f0c5c64d34d.yaml b/nuclei-templates/2023/CVE-2023-38482-107104bc14e921090e757f0c5c64d34d.yaml
index 915c557c9a..a1e1c706e9 100644
--- a/nuclei-templates/2023/CVE-2023-38482-107104bc14e921090e757f0c5c64d34d.yaml
+++ b/nuclei-templates/2023/CVE-2023-38482-107104bc14e921090e757f0c5c64d34d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Affiliate Pro <= 1.24.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Affiliate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.24.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/postaffiliatepro/"
     google-query: inurl:"/wp-content/plugins/postaffiliatepro/"
     shodan-query: 'vuln:CVE-2023-38482'
-  tags: cve,wordpress,wp-plugin,postaffiliatepro,medium
+  tags: cve,wordpress,wp-plugin,postaffiliatepro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38483-417113d5b23fd45edbcf8209f3cff8e9.yaml b/nuclei-templates/2023/CVE-2023-38483-417113d5b23fd45edbcf8209f3cff8e9.yaml
index b1794500f6..e7b6bb3e4a 100644
--- a/nuclei-templates/2023/CVE-2023-38483-417113d5b23fd45edbcf8209f3cff8e9.yaml
+++ b/nuclei-templates/2023/CVE-2023-38483-417113d5b23fd45edbcf8209f3cff8e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Instant CSS <= 1.1.4 - Missing Authorization via AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Instant CSS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions called via AJAX actions in the ~/classes/class.instantcss_ajax.php file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform a wide variety of actions such as retrieving css, theme, and minify data, along with updating the options for those. The unprotected AJAX actions present can be used to exploit a site via Cross-Site Scripting as well.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instant-css/"
     google-query: inurl:"/wp-content/plugins/instant-css/"
     shodan-query: 'vuln:CVE-2023-38483'
-  tags: cve,wordpress,wp-plugin,instant-css,medium
+  tags: cve,wordpress,wp-plugin,instant-css,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38513-3bdb0d0ea9cf8219d34566c6858ae4f8.yaml b/nuclei-templates/2023/CVE-2023-38513-3bdb0d0ea9cf8219d34566c6858ae4f8.yaml
index 7dcd652042..570f3bd48f 100644
--- a/nuclei-templates/2023/CVE-2023-38513-3bdb0d0ea9cf8219d34566c6858ae4f8.yaml
+++ b/nuclei-templates/2023/CVE-2023-38513-3bdb0d0ea9cf8219d34566c6858ae4f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Engine <= 6.2.5 - Authenticated (Author+) Insecure Direct Object Reference in ajax_generate_auth_token
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Engine plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.2.5. This is due to missing validation on a user controlled key within the ajax_generate_auth_token function. This makes it possible for unauthenticated attackers to generate authentication tokens on behalf of another user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wplr-sync/"
     google-query: inurl:"/wp-content/plugins/wplr-sync/"
     shodan-query: 'vuln:CVE-2023-38513'
-  tags: cve,wordpress,wp-plugin,wplr-sync,medium
+  tags: cve,wordpress,wp-plugin,wplr-sync,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38516-4a822bfcb4b13bd5154ea0a206a03b5b.yaml b/nuclei-templates/2023/CVE-2023-38516-4a822bfcb4b13bd5154ea0a206a03b5b.yaml
index dc26f6bd65..711f1be46b 100644
--- a/nuclei-templates/2023/CVE-2023-38516-4a822bfcb4b13bd5154ea0a206a03b5b.yaml
+++ b/nuclei-templates/2023/CVE-2023-38516-4a822bfcb4b13bd5154ea0a206a03b5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Audio Player with Playlist Ultimate <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Audio Player with Playlist Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/audio-player-with-playlist-ultimate/"
     google-query: inurl:"/wp-content/plugins/audio-player-with-playlist-ultimate/"
     shodan-query: 'vuln:CVE-2023-38516'
-  tags: cve,wordpress,wp-plugin,audio-player-with-playlist-ultimate,medium
+  tags: cve,wordpress,wp-plugin,audio-player-with-playlist-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38517-b7300a2ec84dffd7f0d27ca9d7ff574b.yaml b/nuclei-templates/2023/CVE-2023-38517-b7300a2ec84dffd7f0d27ca9d7ff574b.yaml
index 229c00181c..81f501f530 100644
--- a/nuclei-templates/2023/CVE-2023-38517-b7300a2ec84dffd7f0d27ca9d7ff574b.yaml
+++ b/nuclei-templates/2023/CVE-2023-38517-b7300a2ec84dffd7f0d27ca9d7ff574b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WRC Pricing Tables <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WRC Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wrc-pricing-tables/"
     google-query: inurl:"/wp-content/plugins/wrc-pricing-tables/"
     shodan-query: 'vuln:CVE-2023-38517'
-  tags: cve,wordpress,wp-plugin,wrc-pricing-tables,medium
+  tags: cve,wordpress,wp-plugin,wrc-pricing-tables,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38518-2504b2285582e1e86e6e013779bb055f.yaml b/nuclei-templates/2023/CVE-2023-38518-2504b2285582e1e86e6e013779bb055f.yaml
index 1dace9f954..f2f903bd3f 100644
--- a/nuclei-templates/2023/CVE-2023-38518-2504b2285582e1e86e6e013779bb055f.yaml
+++ b/nuclei-templates/2023/CVE-2023-38518-2504b2285582e1e86e6e013779bb055f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/borderless/"
     google-query: inurl:"/wp-content/plugins/borderless/"
     shodan-query: 'vuln:CVE-2023-38518'
-  tags: cve,wordpress,wp-plugin,borderless,medium
+  tags: cve,wordpress,wp-plugin,borderless,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38519-373c4ea18f9baeef2872a78ab527c078.yaml b/nuclei-templates/2023/CVE-2023-38519-373c4ea18f9baeef2872a78ab527c078.yaml
index d7e208892e..32b97b6627 100644
--- a/nuclei-templates/2023/CVE-2023-38519-373c4ea18f9baeef2872a78ab527c078.yaml
+++ b/nuclei-templates/2023/CVE-2023-38519-373c4ea18f9baeef2872a78ab527c078.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP <= 4.4.3.3 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MainWP plugin for WordPress is vulnerable to SQL Injection via the 'tags' parameter in versions up to, and including, 4.4.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp/"
     google-query: inurl:"/wp-content/plugins/mainwp/"
     shodan-query: 'vuln:CVE-2023-38519'
-  tags: cve,wordpress,wp-plugin,mainwp,high
+  tags: cve,wordpress,wp-plugin,mainwp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-38521-4f6c9e5f134bc3a7357c0b3f26384141.yaml b/nuclei-templates/2023/CVE-2023-38521-4f6c9e5f134bc3a7357c0b3f26384141.yaml
index df4343528b..2c05dd01c5 100644
--- a/nuclei-templates/2023/CVE-2023-38521-4f6c9e5f134bc3a7357c0b3f26384141.yaml
+++ b/nuclei-templates/2023/CVE-2023-38521-4f6c9e5f134bc3a7357c0b3f26384141.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exifography <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exifography plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thesography/"
     google-query: inurl:"/wp-content/plugins/thesography/"
     shodan-query: 'vuln:CVE-2023-38521'
-  tags: cve,wordpress,wp-plugin,thesography,medium
+  tags: cve,wordpress,wp-plugin,thesography,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39157-cdc0a1afbf2cc009eea0f7deda8a5515.yaml b/nuclei-templates/2023/CVE-2023-39157-cdc0a1afbf2cc009eea0f7deda8a5515.yaml
index 8de77e2e7f..6203c39a4a 100644
--- a/nuclei-templates/2023/CVE-2023-39157-cdc0a1afbf2cc009eea0f7deda8a5515.yaml
+++ b/nuclei-templates/2023/CVE-2023-39157-cdc0a1afbf2cc009eea0f7deda8a5515.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JetElements <= 2.6.10 - Authenticated (Contributor+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The JetElements plugins for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.6.10 via the render_meta() function that passes user supplied input to call_user_func_array(). This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jet-elements/"
     google-query: inurl:"/wp-content/plugins/jet-elements/"
     shodan-query: 'vuln:CVE-2023-39157'
-  tags: cve,wordpress,wp-plugin,jet-elements,high
+  tags: cve,wordpress,wp-plugin,jet-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39161-78755e457e479cae23d5dca42eeac5db.yaml b/nuclei-templates/2023/CVE-2023-39161-78755e457e479cae23d5dca42eeac5db.yaml
index 21abb48509..6b3acb3922 100644
--- a/nuclei-templates/2023/CVE-2023-39161-78755e457e479cae23d5dca42eeac5db.yaml
+++ b/nuclei-templates/2023/CVE-2023-39161-78755e457e479cae23d5dca42eeac5db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Discussion Board <= 2.4.8 - Authenticated (Subscriber+) Content Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Discussion Board plugin for WordPress is vulnerable to Content Injection in versions up to, and including, 2.4.8 via the discussion feature. This vulnerability makes it possible for authenticated attackers, subscribers and higher, to inject new content onto the website, through the manipulation of posts to create new web pages, spam, or phishing.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-discussion-board/"
     google-query: inurl:"/wp-content/plugins/wp-discussion-board/"
     shodan-query: 'vuln:CVE-2023-39161'
-  tags: cve,wordpress,wp-plugin,wp-discussion-board,medium
+  tags: cve,wordpress,wp-plugin,wp-discussion-board,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39305-c1cf31deca47ab06031c32c6f87e918a.yaml b/nuclei-templates/2023/CVE-2023-39305-c1cf31deca47ab06031c32c6f87e918a.yaml
index afcc4c93f3..9df41cf5d9 100644
--- a/nuclei-templates/2023/CVE-2023-39305-c1cf31deca47ab06031c32c6f87e918a.yaml
+++ b/nuclei-templates/2023/CVE-2023-39305-c1cf31deca47ab06031c32c6f87e918a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yet Another Stars Rating <= 3.4.3 - Missing Authorization via init
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Yet Another Stars Rating plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the init function in versions up to, and including, 3.4.3. This makes it possible for unauthenticated attackers to vote on private or nonexistent posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-stars-rating/"
     google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/"
     shodan-query: 'vuln:CVE-2023-39305'
-  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,medium
+  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39307-e3ee06b08069cc90d373b87f289545a0.yaml b/nuclei-templates/2023/CVE-2023-39307-e3ee06b08069cc90d373b87f289545a0.yaml
index 1697e83e8d..bf192d648f 100644
--- a/nuclei-templates/2023/CVE-2023-39307-e3ee06b08069cc90d373b87f289545a0.yaml
+++ b/nuclei-templates/2023/CVE-2023-39307-e3ee06b08069cc90d373b87f289545a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 7.11.1 - Authenticated(Contributor+) Arbitrary File Upload via 'ajax_import_options'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Avada theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_import_options' function in versions up to, and including, 7.11.1. This makes it possible for authenticated attackers with contributor permissions to upload arbitrary files on the affected site's server which may make remote code execution possible if they are able to successfully exploit a race condition.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2023-39307'
-  tags: cve,wordpress,wp-theme,Avada,high
+  tags: cve,wordpress,wp-theme,Avada,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39309-b40b112aba812047c066895073435f9d.yaml b/nuclei-templates/2023/CVE-2023-39309-b40b112aba812047c066895073435f9d.yaml
index e820952be8..161daf1537 100644
--- a/nuclei-templates/2023/CVE-2023-39309-b40b112aba812047c066895073435f9d.yaml
+++ b/nuclei-templates/2023/CVE-2023-39309-b40b112aba812047c066895073435f9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fusion Builder <= 3.11.1 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Fusion Builder plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 3.11.1 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fusion-builder/"
     google-query: inurl:"/wp-content/plugins/fusion-builder/"
     shodan-query: 'vuln:CVE-2023-39309'
-  tags: cve,wordpress,wp-plugin,fusion-builder,high
+  tags: cve,wordpress,wp-plugin,fusion-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39310-5a8b95e9d623c8f7e9c70ff9c8a761a0.yaml b/nuclei-templates/2023/CVE-2023-39310-5a8b95e9d623c8f7e9c70ff9c8a761a0.yaml
index 2f39614d65..37cffefceb 100644
--- a/nuclei-templates/2023/CVE-2023-39310-5a8b95e9d623c8f7e9c70ff9c8a761a0.yaml
+++ b/nuclei-templates/2023/CVE-2023-39310-5a8b95e9d623c8f7e9c70ff9c8a761a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fusion Builder <= 3.11.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Fusion Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 3.11.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to save Portfolio Permalinks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fusion-builder/"
     google-query: inurl:"/wp-content/plugins/fusion-builder/"
     shodan-query: 'vuln:CVE-2023-39310'
-  tags: cve,wordpress,wp-plugin,fusion-builder,medium
+  tags: cve,wordpress,wp-plugin,fusion-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39312-bb65f92eeb63b478b2f218d634d42a06.yaml b/nuclei-templates/2023/CVE-2023-39312-bb65f92eeb63b478b2f218d634d42a06.yaml
index f3223f9d03..cff8a5d8f6 100644
--- a/nuclei-templates/2023/CVE-2023-39312-bb65f92eeb63b478b2f218d634d42a06.yaml
+++ b/nuclei-templates/2023/CVE-2023-39312-bb65f92eeb63b478b2f218d634d42a06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 7.11.1 - Authenticated(Author+) Arbitrary File Upload via Zip Extraction
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Avada theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation when extracting zip files in the 'process_upload' and 'regenerate_icon_files' functions in versions up to, and including, 7.11.1. This makes it possible for authenticated attackers with author permissions to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2023-39312'
-  tags: cve,wordpress,wp-theme,Avada,high
+  tags: cve,wordpress,wp-theme,Avada,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39313-e6b2cb8bfdcceb721cbe5b7ffbe02c9a.yaml b/nuclei-templates/2023/CVE-2023-39313-e6b2cb8bfdcceb721cbe5b7ffbe02c9a.yaml
index 541b9430cd..be3c7a5e1f 100644
--- a/nuclei-templates/2023/CVE-2023-39313-e6b2cb8bfdcceb721cbe5b7ffbe02c9a.yaml
+++ b/nuclei-templates/2023/CVE-2023-39313-e6b2cb8bfdcceb721cbe5b7ffbe02c9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 7.11.1 - Authenticated(Contributor+) Server Side Request Forgery via 'ajax_import_options'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Avada theme for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 7.11.1 via the 'ajax_import_options' function. This can allow authenticated attackers with contributor privileges to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2023-39313'
-  tags: cve,wordpress,wp-theme,Avada,high
+  tags: cve,wordpress,wp-theme,Avada,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3956-54fd19cb983e5e5bd13d627c9c0487ab.yaml b/nuclei-templates/2023/CVE-2023-3956-54fd19cb983e5e5bd13d627c9c0487ab.yaml
index af4d5c5ccc..252f0daaf4 100644
--- a/nuclei-templates/2023/CVE-2023-3956-54fd19cb983e5e5bd13d627c9c0487ab.yaml
+++ b/nuclei-templates/2023/CVE-2023-3956-54fd19cb983e5e5bd13d627c9c0487ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate or deactivate plugin, change customizer settings, add or modify or delete user including administrator user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instawp-connect/"
     google-query: inurl:"/wp-content/plugins/instawp-connect/"
     shodan-query: 'vuln:CVE-2023-3956'
-  tags: cve,wordpress,wp-plugin,instawp-connect,critical
+  tags: cve,wordpress,wp-plugin,instawp-connect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3957-54c49ed92754fe9b72ea28cef486ac0b.yaml b/nuclei-templates/2023/CVE-2023-3957-54c49ed92754fe9b72ea28cef486ac0b.yaml
index 9431e37cad..4318cf8d07 100644
--- a/nuclei-templates/2023/CVE-2023-3957-54c49ed92754fe9b72ea28cef486ac0b.yaml
+++ b/nuclei-templates/2023/CVE-2023-3957-54c49ed92754fe9b72ea28cef486ac0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the user metas arbitrarily. The meta value can only be a string.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/navz-photo-gallery/"
     google-query: inurl:"/wp-content/plugins/navz-photo-gallery/"
     shodan-query: 'vuln:CVE-2023-3957'
-  tags: cve,wordpress,wp-plugin,navz-photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,navz-photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3958-be653cd14bcab55a461716f49e0f0156.yaml b/nuclei-templates/2023/CVE-2023-3958-be653cd14bcab55a461716f49e0f0156.yaml
index 1c1ccbd838..da12aaa429 100644
--- a/nuclei-templates/2023/CVE-2023-3958-be653cd14bcab55a461716f49e0f0156.yaml
+++ b/nuclei-templates/2023/CVE-2023-3958-be653cd14bcab55a461716f49e0f0156.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-remote-users-sync/"
     google-query: inurl:"/wp-content/plugins/wp-remote-users-sync/"
     shodan-query: 'vuln:CVE-2023-3958'
-  tags: cve,wordpress,wp-plugin,wp-remote-users-sync,high
+  tags: cve,wordpress,wp-plugin,wp-remote-users-sync,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3977-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/2023/CVE-2023-3977-c451f687ef3559dbeeebe92c1e87ed44.yaml
index 654f2f8092..1f226cb202 100644
--- a/nuclei-templates/2023/CVE-2023-3977-c451f687ef3559dbeeebe92c1e87ed44.yaml
+++ b/nuclei-templates/2023/CVE-2023-3977-c451f687ef3559dbeeebe92c1e87ed44.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-3977
   metadata:
-    fofa-query: "wp-content/plugins/http-https-remover/"
-    google-query: inurl:"/wp-content/plugins/http-https-remover/"
+    fofa-query: "wp-content/plugins/enhanced-text-widget/"
+    google-query: inurl:"/wp-content/plugins/enhanced-text-widget/"
     shodan-query: 'vuln:CVE-2023-3977'
-  tags: cve,wordpress,wp-plugin,http-https-remover,medium
+  tags: cve,wordpress,wp-plugin,enhanced-text-widget,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/http-https-remover/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/enhanced-text-widget/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "http-https-remover"
+          - "enhanced-text-widget"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.2.3')
\ No newline at end of file
+          - compare_versions(version, '<= 1.5.7')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-39919-c41eb0b63074858e7a2ad3fb4237d823.yaml b/nuclei-templates/2023/CVE-2023-39919-c41eb0b63074858e7a2ad3fb4237d823.yaml
index 4a66858b62..c72f23f354 100644
--- a/nuclei-templates/2023/CVE-2023-39919-c41eb0b63074858e7a2ad3fb4237d823.yaml
+++ b/nuclei-templates/2023/CVE-2023-39919-c41eb0b63074858e7a2ad3fb4237d823.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpShopGermany - Protected Shops <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpShopGermany - Protected Shops plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpshopgermany-protectedshops/"
     google-query: inurl:"/wp-content/plugins/wpshopgermany-protectedshops/"
     shodan-query: 'vuln:CVE-2023-39919'
-  tags: cve,wordpress,wp-plugin,wpshopgermany-protectedshops,medium
+  tags: cve,wordpress,wp-plugin,wpshopgermany-protectedshops,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39920-fc89ed1d43552a7a477f16e3ec9d6e29.yaml b/nuclei-templates/2023/CVE-2023-39920-fc89ed1d43552a7a477f16e3ec9d6e29.yaml
index daa8fd5c7d..b66432782f 100644
--- a/nuclei-templates/2023/CVE-2023-39920-fc89ed1d43552a7a477f16e3ec9d6e29.yaml
+++ b/nuclei-templates/2023/CVE-2023-39920-fc89ed1d43552a7a477f16e3ec9d6e29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirection for Contact Form 7 <= 2.9.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirection for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_current_filtered_view() function hooked via admin_init in versions up to, and including, 2.9.2. This makes it possible for unauthenticated attackers to export lead data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpcf7-redirect/"
     google-query: inurl:"/wp-content/plugins/wpcf7-redirect/"
     shodan-query: 'vuln:CVE-2023-39920'
-  tags: cve,wordpress,wp-plugin,wpcf7-redirect,medium
+  tags: cve,wordpress,wp-plugin,wpcf7-redirect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39921-1a6bdad9f927d9cadf5b74b8297f6ad5.yaml b/nuclei-templates/2023/CVE-2023-39921-1a6bdad9f927d9cadf5b74b8297f6ad5.yaml
index fa2308f875..de9f3ea818 100644
--- a/nuclei-templates/2023/CVE-2023-39921-1a6bdad9f927d9cadf5b74b8297f6ad5.yaml
+++ b/nuclei-templates/2023/CVE-2023-39921-1a6bdad9f927d9cadf5b74b8297f6ad5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Molongui <= 4.6.19 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.6.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/molongui-authorship/"
     google-query: inurl:"/wp-content/plugins/molongui-authorship/"
     shodan-query: 'vuln:CVE-2023-39921'
-  tags: cve,wordpress,wp-plugin,molongui-authorship,medium
+  tags: cve,wordpress,wp-plugin,molongui-authorship,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39922-855366bc54f67a90854fe071e412ecdb.yaml b/nuclei-templates/2023/CVE-2023-39922-855366bc54f67a90854fe071e412ecdb.yaml
index 97b3d595e9..df15477d25 100644
--- a/nuclei-templates/2023/CVE-2023-39922-855366bc54f67a90854fe071e412ecdb.yaml
+++ b/nuclei-templates/2023/CVE-2023-39922-855366bc54f67a90854fe071e412ecdb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 7.11.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Avada theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 7.11.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to save Portfolio permalinks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2023-39922'
-  tags: cve,wordpress,wp-theme,Avada,medium
+  tags: cve,wordpress,wp-theme,Avada,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39924-99f94d5f6f5961794646e333f2e12898.yaml b/nuclei-templates/2023/CVE-2023-39924-99f94d5f6f5961794646e333f2e12898.yaml
index aab964a57b..e671a1cec7 100644
--- a/nuclei-templates/2023/CVE-2023-39924-99f94d5f6f5961794646e333f2e12898.yaml
+++ b/nuclei-templates/2023/CVE-2023-39924-99f94d5f6f5961794646e333f2e12898.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple File List <= 6.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple File List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-file-list/"
     google-query: inurl:"/wp-content/plugins/simple-file-list/"
     shodan-query: 'vuln:CVE-2023-39924'
-  tags: cve,wordpress,wp-plugin,simple-file-list,medium
+  tags: cve,wordpress,wp-plugin,simple-file-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39926-90c77c994b57286cd58b89b0a94442a5.yaml b/nuclei-templates/2023/CVE-2023-39926-90c77c994b57286cd58b89b0a94442a5.yaml
index 0cc1ae5633..5cceb7a85a 100644
--- a/nuclei-templates/2023/CVE-2023-39926-90c77c994b57286cd58b89b0a94442a5.yaml
+++ b/nuclei-templates/2023/CVE-2023-39926-90c77c994b57286cd58b89b0a94442a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Under Construction / Maintenance Mode from Acurax <= 2.6 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coming-soon-maintenance-mode-from-acurax/"
     google-query: inurl:"/wp-content/plugins/coming-soon-maintenance-mode-from-acurax/"
     shodan-query: 'vuln:CVE-2023-39926'
-  tags: cve,wordpress,wp-plugin,coming-soon-maintenance-mode-from-acurax,medium
+  tags: cve,wordpress,wp-plugin,coming-soon-maintenance-mode-from-acurax,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3996-0786d35a357f001d251a3bbf5eef2d35.yaml b/nuclei-templates/2023/CVE-2023-3996-0786d35a357f001d251a3bbf5eef2d35.yaml
index ae190da471..b6df79d9b6 100644
--- a/nuclei-templates/2023/CVE-2023-3996-0786d35a357f001d251a3bbf5eef2d35.yaml
+++ b/nuclei-templates/2023/CVE-2023-3996-0786d35a357f001d251a3bbf5eef2d35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/armember-membership/"
     google-query: inurl:"/wp-content/plugins/armember-membership/"
     shodan-query: 'vuln:CVE-2023-3996'
-  tags: cve,wordpress,wp-plugin,armember-membership,medium
+  tags: cve,wordpress,wp-plugin,armember-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39987-9b48b8479f4c58ab28f6369c437cd823.yaml b/nuclei-templates/2023/CVE-2023-39987-9b48b8479f4c58ab28f6369c437cd823.yaml
index 2f9b1a2f59..eeb79a6523 100644
--- a/nuclei-templates/2023/CVE-2023-39987-9b48b8479f4c58ab28f6369c437cd823.yaml
+++ b/nuclei-templates/2023/CVE-2023-39987-9b48b8479f4c58ab28f6369c437cd823.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wSecure Lite <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wSecure Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wsecure/"
     google-query: inurl:"/wp-content/plugins/wsecure/"
     shodan-query: 'vuln:CVE-2023-39987'
-  tags: cve,wordpress,wp-plugin,wsecure,medium
+  tags: cve,wordpress,wp-plugin,wsecure,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39988-506b320d59fe9094f7b88764f2b3b6fd.yaml b/nuclei-templates/2023/CVE-2023-39988-506b320d59fe9094f7b88764f2b3b6fd.yaml
index ce26efd761..5659692f0d 100644
--- a/nuclei-templates/2023/CVE-2023-39988-506b320d59fe9094f7b88764f2b3b6fd.yaml
+++ b/nuclei-templates/2023/CVE-2023-39988-506b320d59fe9094f7b88764f2b3b6fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WxSync <= 2.7.24 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WxSync plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wxsync/"
     google-query: inurl:"/wp-content/plugins/wxsync/"
     shodan-query: 'vuln:CVE-2023-39988'
-  tags: cve,wordpress,wp-plugin,wxsync,medium
+  tags: cve,wordpress,wp-plugin,wxsync,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-3999-1209e60c33aa42384c4d16b88f0a5ed8.yaml b/nuclei-templates/2023/CVE-2023-3999-1209e60c33aa42384c4d16b88f0a5ed8.yaml
index b77c9c85a1..fb6378566f 100644
--- a/nuclei-templates/2023/CVE-2023-3999-1209e60c33aa42384c4d16b88f0a5ed8.yaml
+++ b/nuclei-templates/2023/CVE-2023-3999-1209e60c33aa42384c4d16b88f0a5ed8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Waiting: One-click countdowns <= 0.6.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create and delete countdowns as well as manipulate other plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/waiting/"
     google-query: inurl:"/wp-content/plugins/waiting/"
     shodan-query: 'vuln:CVE-2023-3999'
-  tags: cve,wordpress,wp-plugin,waiting,medium
+  tags: cve,wordpress,wp-plugin,waiting,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39990-001a8dbb2842e703a09732c4c42c632c.yaml b/nuclei-templates/2023/CVE-2023-39990-001a8dbb2842e703a09732c4c42c632c.yaml
index 7132067e9c..56f4423b7f 100644
--- a/nuclei-templates/2023/CVE-2023-39990-001a8dbb2842e703a09732c4c42c632c.yaml
+++ b/nuclei-templates/2023/CVE-2023-39990-001a8dbb2842e703a09732c4c42c632c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro - Courses for Membership Add On <= 1.2.3 - Missing Authorization to Authenticated (Subscriber+) Course Modifications
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Memberships Pro - Courses for Membership Add On plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the pmpro_courses_update_course_callback() and pmpro_courses_remove_course_callback() functions called via AJAX actions in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to update and remove courses from the course page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pmpro-courses/"
     google-query: inurl:"/wp-content/plugins/pmpro-courses/"
     shodan-query: 'vuln:CVE-2023-39990'
-  tags: cve,wordpress,wp-plugin,pmpro-courses,medium
+  tags: cve,wordpress,wp-plugin,pmpro-courses,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39992-c1f8f105aad937fe6b4d3f7e729e9b4d.yaml b/nuclei-templates/2023/CVE-2023-39992-c1f8f105aad937fe6b4d3f7e729e9b4d.yaml
index 87f41675ad..0442f38d1f 100644
--- a/nuclei-templates/2023/CVE-2023-39992-c1f8f105aad937fe6b4d3f7e729e9b4d.yaml
+++ b/nuclei-templates/2023/CVE-2023-39992-c1f8f105aad937fe6b4d3f7e729e9b4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/"
     google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/"
     shodan-query: 'vuln:CVE-2023-39992'
-  tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,medium
+  tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39993-01583a85c3bb765e7b9d1e3e575dd138.yaml b/nuclei-templates/2023/CVE-2023-39993-01583a85c3bb765e7b9d1e3e575dd138.yaml
index 8aaa601f65..8403b3fd97 100644
--- a/nuclei-templates/2023/CVE-2023-39993-01583a85c3bb765e7b9d1e3e575dd138.yaml
+++ b/nuclei-templates/2023/CVE-2023-39993-01583a85c3bb765e7b9d1e3e575dd138.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elements kit Elementor addons <= 2.9.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elements kit Elementor addons plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the dismiss_ajax_call function in versions up to, and including, 2.9.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices intended for admins. Version 2.9.1 addresses this while version 2.9.2 ensures these notices can only be viewed by admins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit-lite/"
     google-query: inurl:"/wp-content/plugins/elementskit-lite/"
     shodan-query: 'vuln:CVE-2023-39993'
-  tags: cve,wordpress,wp-plugin,elementskit-lite,medium
+  tags: cve,wordpress,wp-plugin,elementskit-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39994-744209b23a7e6299f52186bba738be87.yaml b/nuclei-templates/2023/CVE-2023-39994-744209b23a7e6299f52186bba738be87.yaml
index 1c06c5ec8f..5e01622d28 100644
--- a/nuclei-templates/2023/CVE-2023-39994-744209b23a7e6299f52186bba738be87.yaml
+++ b/nuclei-templates/2023/CVE-2023-39994-744209b23a7e6299f52186bba738be87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARMember Premium <= 5.9.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ARMember Premium plugin for WordPress is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 5.9.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to call the unprotected function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/armember/"
     google-query: inurl:"/wp-content/plugins/armember/"
     shodan-query: 'vuln:CVE-2023-39994'
-  tags: cve,wordpress,wp-plugin,armember,medium
+  tags: cve,wordpress,wp-plugin,armember,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39996-124a6a229ba4bdf103aa1881e7bf0b04.yaml b/nuclei-templates/2023/CVE-2023-39996-124a6a229ba4bdf103aa1881e7bf0b04.yaml
index 1ccfaae715..36752d0c3e 100644
--- a/nuclei-templates/2023/CVE-2023-39996-124a6a229ba4bdf103aa1881e7bf0b04.yaml
+++ b/nuclei-templates/2023/CVE-2023-39996-124a6a229ba4bdf103aa1881e7bf0b04.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordion and Accordion Slider <= 1.2.4 - Missing Authorization via 'wp_aas_get_attachment_edit_form' and 'wp_aas_save_attachment_data'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Accordion and Accordion Slider plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'wp_aas_get_attachment_edit_form' and 'wp_aas_save_attachment_data' nopriv_ AJAX functions in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to retrieve and save attachment data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordion-and-accordion-slider/"
     google-query: inurl:"/wp-content/plugins/accordion-and-accordion-slider/"
     shodan-query: 'vuln:CVE-2023-39996'
-  tags: cve,wordpress,wp-plugin,accordion-and-accordion-slider,medium
+  tags: cve,wordpress,wp-plugin,accordion-and-accordion-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39998-6bcabc3b4e69486405e1172846710922.yaml b/nuclei-templates/2023/CVE-2023-39998-6bcabc3b4e69486405e1172846710922.yaml
index 953d587cdb..64a2cd056a 100644
--- a/nuclei-templates/2023/CVE-2023-39998-6bcabc3b4e69486405e1172846710922.yaml
+++ b/nuclei-templates/2023/CVE-2023-39998-6bcabc3b4e69486405e1172846710922.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Betheme <= 27.1.1 - Missing Authorization via '_tool_history_delete'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Betheme theme for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '_tool_history_delete' AJAX function in versions up to, and including, 27.1.1. This makes it possible for authenticated attackers, with author-level access and above, to delete site design revisions and backups.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/betheme/"
     google-query: inurl:"/wp-content/themes/betheme/"
     shodan-query: 'vuln:CVE-2023-39998'
-  tags: cve,wordpress,wp-theme,betheme,medium
+  tags: cve,wordpress,wp-theme,betheme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-39999-42b34351cf4116e30de29d20e17168cb.yaml b/nuclei-templates/2023/CVE-2023-39999-42b34351cf4116e30de29d20e17168cb.yaml
index aadb4a247b..0acd9679a2 100644
--- a/nuclei-templates/2023/CVE-2023-39999-42b34351cf4116e30de29d20e17168cb.yaml
+++ b/nuclei-templates/2023/CVE-2023-39999-42b34351cf4116e30de29d20e17168cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core <= 6.3.1 - Authenticated(Contributor+) Sensitive Information Exposure via Comments on Protected Posts
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.3.1 via the comments listing. This allows authenticated users, with contributor-level privileges or above, to view comments on protected posts.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: CVE-2023-39999
   metadata:
     shodan-query: 'vuln:CVE-2023-39999'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40002-21b746fb77ead6544f6c7dbfa1edc718.yaml b/nuclei-templates/2023/CVE-2023-40002-21b746fb77ead6544f6c7dbfa1edc718.yaml
index 76e05cc93f..5dc67eebf3 100644
--- a/nuclei-templates/2023/CVE-2023-40002-21b746fb77ead6544f6c7dbfa1edc718.yaml
+++ b/nuclei-templates/2023/CVE-2023-40002-21b746fb77ead6544f6c7dbfa1edc718.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 7.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_get_option' shortcode in versions up to, and including, 7.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2023-40002'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40003-b61b6ac3b97f0d01cb8ed1723488895c.yaml b/nuclei-templates/2023/CVE-2023-40003-b61b6ac3b97f0d01cb8ed1723488895c.yaml
index 1c504b9cb0..38bfb05c88 100644
--- a/nuclei-templates/2023/CVE-2023-40003-b61b6ac3b97f0d01cb8ed1723488895c.yaml
+++ b/nuclei-templates/2023/CVE-2023-40003-b61b6ac3b97f0d01cb8ed1723488895c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Project Manager <= 2.6.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Project Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wedevs-project-manager/"
     google-query: inurl:"/wp-content/plugins/wedevs-project-manager/"
     shodan-query: 'vuln:CVE-2023-40003'
-  tags: cve,wordpress,wp-plugin,wedevs-project-manager,medium
+  tags: cve,wordpress,wp-plugin,wedevs-project-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40004-9c485cf198874e1abdd12011232fd4df.yaml b/nuclei-templates/2023/CVE-2023-40004-9c485cf198874e1abdd12011232fd4df.yaml
index 11b7ea4260..d2a04f408a 100644
--- a/nuclei-templates/2023/CVE-2023-40004-9c485cf198874e1abdd12011232fd4df.yaml
+++ b/nuclei-templates/2023/CVE-2023-40004-9c485cf198874e1abdd12011232fd4df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple ServMask Plugins for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the init() function hooked via admin_init in various versions. This makes it possible for unauthenticated attackers to modify the access token which could result in sensitive information disclosure or unauthorized back-up restoration.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2023-40004
   metadata:
-    fofa-query: "wp-content/plugins/all-in-one-wp-migration-dropbox-extension/"
-    google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration-dropbox-extension/"
+    fofa-query: "wp-content/plugins/all-in-one-wp-migration-box-extension/"
+    google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration-box-extension/"
     shodan-query: 'vuln:CVE-2023-40004'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-migration-dropbox-extension,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-migration-box-extension,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration-dropbox-extension/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration-box-extension/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "all-in-one-wp-migration-dropbox-extension"
+          - "all-in-one-wp-migration-box-extension"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.75')
\ No newline at end of file
+          - compare_versions(version, '<= 1.53')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-40005-3e264890774be501312d562a2e66b9a4.yaml b/nuclei-templates/2023/CVE-2023-40005-3e264890774be501312d562a2e66b9a4.yaml
index d1972d758b..bd8447e662 100644
--- a/nuclei-templates/2023/CVE-2023-40005-3e264890774be501312d562a2e66b9a4.yaml
+++ b/nuclei-templates/2023/CVE-2023-40005-3e264890774be501312d562a2e66b9a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads <= 3.1.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.5. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-digital-downloads/"
     google-query: inurl:"/wp-content/plugins/easy-digital-downloads/"
     shodan-query: 'vuln:CVE-2023-40005'
-  tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium
+  tags: cve,wordpress,wp-plugin,easy-digital-downloads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40007-62cb33b4f205d311d390e62fba25cd36.yaml b/nuclei-templates/2023/CVE-2023-40007-62cb33b4f205d311d390e62fba25cd36.yaml
index d1d0823aee..42c78786e4 100644
--- a/nuclei-templates/2023/CVE-2023-40007-62cb33b4f205d311d390e62fba25cd36.yaml
+++ b/nuclei-templates/2023/CVE-2023-40007-62cb33b4f205d311d390e62fba25cd36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CT Commerce <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CT Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ct-commerce/"
     google-query: inurl:"/wp-content/plugins/ct-commerce/"
     shodan-query: 'vuln:CVE-2023-40007'
-  tags: cve,wordpress,wp-plugin,ct-commerce,medium
+  tags: cve,wordpress,wp-plugin,ct-commerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40068-62768c2e4740e3e20150e0c67af690b3.yaml b/nuclei-templates/2023/CVE-2023-40068-62768c2e4740e3e20150e0c67af690b3.yaml
index 821e226f79..432ce4a76f 100644
--- a/nuclei-templates/2023/CVE-2023-40068-62768c2e4740e3e20150e0c67af690b3.yaml
+++ b/nuclei-templates/2023/CVE-2023-40068-62768c2e4740e3e20150e0c67af690b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  Advanced Custom Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF post type and taxonomy labels in versions 6.1 to 6.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-custom-fields/"
     google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
     shodan-query: 'vuln:CVE-2023-40068'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4019-c3c6f65072fe37bbbc2ef7dbe119003d.yaml b/nuclei-templates/2023/CVE-2023-4019-c3c6f65072fe37bbbc2ef7dbe119003d.yaml
index 221f37d509..93179de4a0 100644
--- a/nuclei-templates/2023/CVE-2023-4019-c3c6f65072fe37bbbc2ef7dbe119003d.yaml
+++ b/nuclei-templates/2023/CVE-2023-4019-c3c6f65072fe37bbbc2ef7dbe119003d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media from FTP <= 11.16 - Authenticated (Author+) Improper Privilege Management
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media from FTP plugin for WordPress is vulnerable to improper privilege management due to an insufficient capability check on the plugin's menu pages in versions up to, and including, 11.16. This makes it possible for authenticated attackers, with author-level permissions and above, to modify plugin settings on multi-site installations.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-from-ftp/"
     google-query: inurl:"/wp-content/plugins/media-from-ftp/"
     shodan-query: 'vuln:CVE-2023-4019'
-  tags: cve,wordpress,wp-plugin,media-from-ftp,medium
+  tags: cve,wordpress,wp-plugin,media-from-ftp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40197-652d56be5b505867587dc16b9cc45713.yaml b/nuclei-templates/2023/CVE-2023-40197-652d56be5b505867587dc16b9cc45713.yaml
index 8a2476ee29..d6fd30967c 100644
--- a/nuclei-templates/2023/CVE-2023-40197-652d56be5b505867587dc16b9cc45713.yaml
+++ b/nuclei-templates/2023/CVE-2023-40197-652d56be5b505867587dc16b9cc45713.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     flowpaper <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flowpaper-lite-pdf-flipbook/"
     google-query: inurl:"/wp-content/plugins/flowpaper-lite-pdf-flipbook/"
     shodan-query: 'vuln:CVE-2023-40197'
-  tags: cve,wordpress,wp-plugin,flowpaper-lite-pdf-flipbook,medium
+  tags: cve,wordpress,wp-plugin,flowpaper-lite-pdf-flipbook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40200-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/2023/CVE-2023-40200-9f65d6fc085d85b53357bd33fa3d4834.yaml
index c7440b8279..c59a33e3a3 100644
--- a/nuclei-templates/2023/CVE-2023-40200-9f65d6fc085d85b53357bd33fa3d4834.yaml
+++ b/nuclei-templates/2023/CVE-2023-40200-9f65d6fc085d85b53357bd33fa3d4834.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple WPOnlineSupport plugins for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the wpos_anylc_admin_init_process() function hooked via admin_init in various versions. This makes it possible for unauthenticated attackers to dismiss a license notice.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2023-40200
   metadata:
-    fofa-query: "wp-content/plugins/portfolio-and-projects/"
-    google-query: inurl:"/wp-content/plugins/portfolio-and-projects/"
+    fofa-query: "wp-content/plugins/wp-responsive-recent-post-slider/"
+    google-query: inurl:"/wp-content/plugins/wp-responsive-recent-post-slider/"
     shodan-query: 'vuln:CVE-2023-40200'
-  tags: cve,wordpress,wp-plugin,portfolio-and-projects,medium
+  tags: cve,wordpress,wp-plugin,wp-responsive-recent-post-slider,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/portfolio-and-projects/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-responsive-recent-post-slider/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "portfolio-and-projects"
+          - "wp-responsive-recent-post-slider"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.3.7')
\ No newline at end of file
+          - compare_versions(version, '<= 3.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-40203-8aaee0ca0357561b8fb5f4652479c99b.yaml b/nuclei-templates/2023/CVE-2023-40203-8aaee0ca0357561b8fb5f4652479c99b.yaml
index 7fa8391d8c..2e3d960516 100644
--- a/nuclei-templates/2023/CVE-2023-40203-8aaee0ca0357561b8fb5f4652479c99b.yaml
+++ b/nuclei-templates/2023/CVE-2023-40203-8aaee0ca0357561b8fb5f4652479c99b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailChimp Forms by MailMunch <= 3.1.4 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'delete_widget', 'change_email_status', and 'delete_email' AJAX functions in versions up to, and including, 3.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete widgets and change or delete arbitrary email subscriber records.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-forms-by-mailmunch/"
     google-query: inurl:"/wp-content/plugins/mailchimp-forms-by-mailmunch/"
     shodan-query: 'vuln:CVE-2023-40203'
-  tags: cve,wordpress,wp-plugin,mailchimp-forms-by-mailmunch,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-forms-by-mailmunch,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40204-aa05d3117d6e609391e83e8b970f2625.yaml b/nuclei-templates/2023/CVE-2023-40204-aa05d3117d6e609391e83e8b970f2625.yaml
index cf20e5fde7..e8a4dac347 100644
--- a/nuclei-templates/2023/CVE-2023-40204-aa05d3117d6e609391e83e8b970f2625.yaml
+++ b/nuclei-templates/2023/CVE-2023-40204-aa05d3117d6e609391e83e8b970f2625.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Folders plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_folders_file_upload function in versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with author-level permissions or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/folders/"
     google-query: inurl:"/wp-content/plugins/folders/"
     shodan-query: 'vuln:CVE-2023-40204'
-  tags: cve,wordpress,wp-plugin,folders,high
+  tags: cve,wordpress,wp-plugin,folders,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40206-aab17c6b24a2dfba03255d9a47e0c674.yaml b/nuclei-templates/2023/CVE-2023-40206-aab17c6b24a2dfba03255d9a47e0c674.yaml
index d846dad09b..2dc53bb545 100644
--- a/nuclei-templates/2023/CVE-2023-40206-aab17c6b24a2dfba03255d9a47e0c674.yaml
+++ b/nuclei-templates/2023/CVE-2023-40206-aab17c6b24a2dfba03255d9a47e0c674.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP 404 Auto Redirect to Similar Post <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-404-auto-redirect-to-similar-post/"
     google-query: inurl:"/wp-content/plugins/wp-404-auto-redirect-to-similar-post/"
     shodan-query: 'vuln:CVE-2023-40206'
-  tags: cve,wordpress,wp-plugin,wp-404-auto-redirect-to-similar-post,high
+  tags: cve,wordpress,wp-plugin,wp-404-auto-redirect-to-similar-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40207-6f7b5cdd2c06fd389f02600d38bca12e.yaml b/nuclei-templates/2023/CVE-2023-40207-6f7b5cdd2c06fd389f02600d38bca12e.yaml
index cfaf20ae20..14c5e9283a 100644
--- a/nuclei-templates/2023/CVE-2023-40207-6f7b5cdd2c06fd389f02600d38bca12e.yaml
+++ b/nuclei-templates/2023/CVE-2023-40207-6f7b5cdd2c06fd389f02600d38bca12e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Donations Made Easy – Smart Donations plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 4.0.12 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-donations/"
     google-query: inurl:"/wp-content/plugins/smart-donations/"
     shodan-query: 'vuln:CVE-2023-40207'
-  tags: cve,wordpress,wp-plugin,smart-donations,high
+  tags: cve,wordpress,wp-plugin,smart-donations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40209-a3e9ff26d980a2a3e39533f0b78e5d83.yaml b/nuclei-templates/2023/CVE-2023-40209-a3e9ff26d980a2a3e39533f0b78e5d83.yaml
index 87a44e8af7..7fc46db6f5 100644
--- a/nuclei-templates/2023/CVE-2023-40209-a3e9ff26d980a2a3e39533f0b78e5d83.yaml
+++ b/nuclei-templates/2023/CVE-2023-40209-a3e9ff26d980a2a3e39533f0b78e5d83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Highcompress Image Compressor <= 5.0.0 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Highcompress Image Compressor plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the 'verify_highcompress_process_auto', 'verify_highcompress_process_images', and 'verify_highcompress_api_key' AJAX functions in versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to compress images and verify or modify the plugin's API key.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/high-compress/"
     google-query: inurl:"/wp-content/plugins/high-compress/"
     shodan-query: 'vuln:CVE-2023-40209'
-  tags: cve,wordpress,wp-plugin,high-compress,medium
+  tags: cve,wordpress,wp-plugin,high-compress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4021-4092810de68e3fe8831c5002fea9ea96.yaml b/nuclei-templates/2023/CVE-2023-4021-4092810de68e3fe8831c5002fea9ea96.yaml
index 1e81910289..8024baaede 100644
--- a/nuclei-templates/2023/CVE-2023-4021-4092810de68e3fe8831c5002fea9ea96.yaml
+++ b/nuclei-templates/2023/CVE-2023-4021-4092810de68e3fe8831c5002fea9ea96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-events-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/"
     shodan-query: 'vuln:CVE-2023-4021'
-  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40213-d3b5c660c8e70bcaeca06e534455619d.yaml b/nuclei-templates/2023/CVE-2023-40213-d3b5c660c8e70bcaeca06e534455619d.yaml
index 1877c1a438..e38a2c4b78 100644
--- a/nuclei-templates/2023/CVE-2023-40213-d3b5c660c8e70bcaeca06e534455619d.yaml
+++ b/nuclei-templates/2023/CVE-2023-40213-d3b5c660c8e70bcaeca06e534455619d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Justified Gallery <= 1.7.3 - Missing Authorization via 'dismiss_how_to_use_notice' and 'dismiss_notice'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Justified Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dismiss_how_to_use_notice' and 'dismiss_notice' functions in versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss admin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/justified-gallery/"
     google-query: inurl:"/wp-content/plugins/justified-gallery/"
     shodan-query: 'vuln:CVE-2023-40213'
-  tags: cve,wordpress,wp-plugin,justified-gallery,medium
+  tags: cve,wordpress,wp-plugin,justified-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40215-9c1a7ab296fd9381f729867ce6c145d6.yaml b/nuclei-templates/2023/CVE-2023-40215-9c1a7ab296fd9381f729867ce6c145d6.yaml
index a9b25bd192..3672edbd99 100644
--- a/nuclei-templates/2023/CVE-2023-40215-9c1a7ab296fd9381f729867ce6c145d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-40215-9c1a7ab296fd9381f729867ce6c145d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Demon image annotation <= 5.3 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Demon image annotation plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 5.3 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/demon-image-annotation/"
     google-query: inurl:"/wp-content/plugins/demon-image-annotation/"
     shodan-query: 'vuln:CVE-2023-40215'
-  tags: cve,wordpress,wp-plugin,demon-image-annotation,high
+  tags: cve,wordpress,wp-plugin,demon-image-annotation,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40219-c85d6be596b55b91d137e8053b85f064.yaml b/nuclei-templates/2023/CVE-2023-40219-c85d6be596b55b91d137e8053b85f064.yaml
index 210f49044c..94dadb42c3 100644
--- a/nuclei-templates/2023/CVE-2023-40219-c85d6be596b55b91d137e8053b85f064.yaml
+++ b/nuclei-templates/2023/CVE-2023-40219-c85d6be596b55b91d137e8053b85f064.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_mail_page() function in versions up to, and including, 2.8.21. This makes it possible for authenticated attackers, with editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2023-40219'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4022-ab1eb5a48a622a49086f766ee1ce86ba.yaml b/nuclei-templates/2023/CVE-2023-4022-ab1eb5a48a622a49086f766ee1ce86ba.yaml
index fb0e678605..6af55fd956 100644
--- a/nuclei-templates/2023/CVE-2023-4022-ab1eb5a48a622a49086f766ee1ce86ba.yaml
+++ b/nuclei-templates/2023/CVE-2023-4022-ab1eb5a48a622a49086f766ee1ce86ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Herd Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mwp-herd-effect/"
     google-query: inurl:"/wp-content/plugins/mwp-herd-effect/"
     shodan-query: 'vuln:CVE-2023-4022'
-  tags: cve,wordpress,wp-plugin,mwp-herd-effect,medium
+  tags: cve,wordpress,wp-plugin,mwp-herd-effect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4023-64408a501c37fbcf42b9db6bc5338336.yaml b/nuclei-templates/2023/CVE-2023-4023-64408a501c37fbcf42b9db6bc5338336.yaml
index d34215be84..71ab0dc237 100644
--- a/nuclei-templates/2023/CVE-2023-4023-64408a501c37fbcf42b9db6bc5338336.yaml
+++ b/nuclei-templates/2023/CVE-2023-4023-64408a501c37fbcf42b9db6bc5338336.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All Users Messenger <= 1.24 - Authenticated (Subscriber+) Insecure Direct Object Reference to Message Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All Users Messenger plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.24 due to missing validation on a user controlled key. This can allow authenticated attackers with subscriber access to delete arbitrary messages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-users-messenger/"
     google-query: inurl:"/wp-content/plugins/all-users-messenger/"
     shodan-query: 'vuln:CVE-2023-4023'
-  tags: cve,wordpress,wp-plugin,all-users-messenger,medium
+  tags: cve,wordpress,wp-plugin,all-users-messenger,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40326-cb9adf9824210ad3d3e7d6f714b65556.yaml b/nuclei-templates/2023/CVE-2023-40326-cb9adf9824210ad3d3e7d6f714b65556.yaml
index 9a2f919717..9173b0efe3 100644
--- a/nuclei-templates/2023/CVE-2023-40326-cb9adf9824210ad3d3e7d6f714b65556.yaml
+++ b/nuclei-templates/2023/CVE-2023-40326-cb9adf9824210ad3d3e7d6f714b65556.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'send_resync_request'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Putler Connector for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_resync_request() function called via an AJAX action in versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a sync request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-putler-connector/"
     google-query: inurl:"/wp-content/plugins/woocommerce-putler-connector/"
     shodan-query: 'vuln:CVE-2023-40326'
-  tags: cve,wordpress,wp-plugin,woocommerce-putler-connector,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-putler-connector,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40327-0c5c03e535c02675bf0d5fbe19ae065d.yaml b/nuclei-templates/2023/CVE-2023-40327-0c5c03e535c02675bf0d5fbe19ae065d.yaml
index 2503972fe2..c7bbc74648 100644
--- a/nuclei-templates/2023/CVE-2023-40327-0c5c03e535c02675bf0d5fbe19ae065d.yaml
+++ b/nuclei-templates/2023/CVE-2023-40327-0c5c03e535c02675bf0d5fbe19ae065d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'putler_connector_sync_complete'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Putler Connector for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the putler_connector_sync_complete() function in versions up to, and including, 2.12.0. This makes it possible for unauthenticated attackers to delete the putler_connector_resync transient value.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-putler-connector/"
     google-query: inurl:"/wp-content/plugins/woocommerce-putler-connector/"
     shodan-query: 'vuln:CVE-2023-40327'
-  tags: cve,wordpress,wp-plugin,woocommerce-putler-connector,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-putler-connector,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40328-d0bff2c3c4777b0c5230adf64beddf0b.yaml b/nuclei-templates/2023/CVE-2023-40328-d0bff2c3c4777b0c5230adf64beddf0b.yaml
index ad80247a13..beb8a5882f 100644
--- a/nuclei-templates/2023/CVE-2023-40328-d0bff2c3c4777b0c5230adf64beddf0b.yaml
+++ b/nuclei-templates/2023/CVE-2023-40328-d0bff2c3c4777b0c5230adf64beddf0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carrot <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Carrot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/carrrot/"
     google-query: inurl:"/wp-content/plugins/carrrot/"
     shodan-query: 'vuln:CVE-2023-40328'
-  tags: cve,wordpress,wp-plugin,carrrot,medium
+  tags: cve,wordpress,wp-plugin,carrrot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40329-0e96d2ec3c953050a17aaa45bf8227cd.yaml b/nuclei-templates/2023/CVE-2023-40329-0e96d2ec3c953050a17aaa45bf8227cd.yaml
index 23b8668fdb..9aca05155c 100644
--- a/nuclei-templates/2023/CVE-2023-40329-0e96d2ec3c953050a17aaa45bf8227cd.yaml
+++ b/nuclei-templates/2023/CVE-2023-40329-0e96d2ec3c953050a17aaa45bf8227cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Admin Login Page | WPZest <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Admin Login Page | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-admin-login-styler-wpzest/"
     google-query: inurl:"/wp-content/plugins/custom-admin-login-styler-wpzest/"
     shodan-query: 'vuln:CVE-2023-40329'
-  tags: cve,wordpress,wp-plugin,custom-admin-login-styler-wpzest,medium
+  tags: cve,wordpress,wp-plugin,custom-admin-login-styler-wpzest,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40331-9ea3c82ee3ff18eecbc44a826a19457f.yaml b/nuclei-templates/2023/CVE-2023-40331-9ea3c82ee3ff18eecbc44a826a19457f.yaml
index db0a26d2c0..49d1261f11 100644
--- a/nuclei-templates/2023/CVE-2023-40331-9ea3c82ee3ff18eecbc44a826a19457f.yaml
+++ b/nuclei-templates/2023/CVE-2023-40331-9ea3c82ee3ff18eecbc44a826a19457f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordion Slider <= 1.9.6 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions such as ajax_getting_started_close(), ajax_close_custom_css_js_warning(), ajax_close_image_size_warning in versions up to, and including, 1.9.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss dashboard notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordion-slider/"
     google-query: inurl:"/wp-content/plugins/accordion-slider/"
     shodan-query: 'vuln:CVE-2023-40331'
-  tags: cve,wordpress,wp-plugin,accordion-slider,medium
+  tags: cve,wordpress,wp-plugin,accordion-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40334-b127fca718a0b357c2daf67816c8cec2.yaml b/nuclei-templates/2023/CVE-2023-40334-b127fca718a0b357c2daf67816c8cec2.yaml
index b25c02d3db..7891367358 100644
--- a/nuclei-templates/2023/CVE-2023-40334-b127fca718a0b357c2daf67816c8cec2.yaml
+++ b/nuclei-templates/2023/CVE-2023-40334-b127fca718a0b357c2daf67816c8cec2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Missing Authorization via woof_meta_get_keys()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The HUSKY – Products Filter for WooCommerce (formerly WOOF) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the woof_meta_get_keys() function in versions up to, and including, 1.3.4.2. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve meta key values.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-products-filter/"
     google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/"
     shodan-query: 'vuln:CVE-2023-40334'
-  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40335-38c76ee17f970b2f9f7455a9aafdaf8f.yaml b/nuclei-templates/2023/CVE-2023-40335-38c76ee17f970b2f9f7455a9aafdaf8f.yaml
index 3bfa1cc8b4..197e289d45 100644
--- a/nuclei-templates/2023/CVE-2023-40335-38c76ee17f970b2f9f7455a9aafdaf8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-40335-38c76ee17f970b2f9f7455a9aafdaf8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cleverwise Daily Quotes <= 3.2 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Cleverwise Daily Quotes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cleverwise-daily-quotes/"
     google-query: inurl:"/wp-content/plugins/cleverwise-daily-quotes/"
     shodan-query: 'vuln:CVE-2023-40335'
-  tags: cve,wordpress,wp-plugin,cleverwise-daily-quotes,high
+  tags: cve,wordpress,wp-plugin,cleverwise-daily-quotes,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4035-38f522639c782f75ecbda00625777030.yaml b/nuclei-templates/2023/CVE-2023-4035-38f522639c782f75ecbda00625777030.yaml
index d155194524..40fbb7cb97 100644
--- a/nuclei-templates/2023/CVE-2023-4035-38f522639c782f75ecbda00625777030.yaml
+++ b/nuclei-templates/2023/CVE-2023-4035-38f522639c782f75ecbda00625777030.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Blog Card <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Blog Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-blog-card/"
     google-query: inurl:"/wp-content/plugins/simple-blog-card/"
     shodan-query: 'vuln:CVE-2023-4035'
-  tags: cve,wordpress,wp-plugin,simple-blog-card,medium
+  tags: cve,wordpress,wp-plugin,simple-blog-card,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4040-1c5c778d8970e8a4e068e0dd69740d62.yaml b/nuclei-templates/2023/CVE-2023-4040-1c5c778d8970e8a4e068e0dd69740d62.yaml
index f23bcf6522..ba7109ecd1 100644
--- a/nuclei-templates/2023/CVE-2023-4040-1c5c778d8970e8a4e068e0dd69740d62.yaml
+++ b/nuclei-templates/2023/CVE-2023-4040-1c5c778d8970e8a4e068e0dd69740d62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stripe Payment Plugin for WooCommerce <= 3.7.9 - Missing Authorization to Arbitrary Order Status Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/"
     google-query: inurl:"/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/"
     shodan-query: 'vuln:CVE-2023-4040'
-  tags: cve,wordpress,wp-plugin,payment-gateway-stripe-and-woocommerce-integration,medium
+  tags: cve,wordpress,wp-plugin,payment-gateway-stripe-and-woocommerce-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40552-642950df2f7522b38841579e45f2fa32.yaml b/nuclei-templates/2023/CVE-2023-40552-642950df2f7522b38841579e45f2fa32.yaml
index d3e7ba1cae..12daeff901 100644
--- a/nuclei-templates/2023/CVE-2023-40552-642950df2f7522b38841579e45f2fa32.yaml
+++ b/nuclei-templates/2023/CVE-2023-40552-642950df2f7522b38841579e45f2fa32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fitness calculators plugin <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fitness calculators plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fitness-calculators/"
     google-query: inurl:"/wp-content/plugins/fitness-calculators/"
     shodan-query: 'vuln:CVE-2023-40552'
-  tags: cve,wordpress,wp-plugin,fitness-calculators,medium
+  tags: cve,wordpress,wp-plugin,fitness-calculators,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40557-1aa0e79be369c61efc2c0807922659cb.yaml b/nuclei-templates/2023/CVE-2023-40557-1aa0e79be369c61efc2c0807922659cb.yaml
index 1267e8721a..3609ba939a 100644
--- a/nuclei-templates/2023/CVE-2023-40557-1aa0e79be369c61efc2c0807922659cb.yaml
+++ b/nuclei-templates/2023/CVE-2023-40557-1aa0e79be369c61efc2c0807922659cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tabs & Accordion <= 1.3.10 - Authenticated (Contributor+) Content Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tabs & Accordion plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 1.3.10. The cause of this vulnerability is undisclosed at this time. However, this vulnerability makes it possible for unauthenticated attackers to inject new content onto the website, possibly through the manipulation of posts to create new web pages, spam, or phishing.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tabs/"
     google-query: inurl:"/wp-content/plugins/tabs/"
     shodan-query: 'vuln:CVE-2023-40557'
-  tags: cve,wordpress,wp-plugin,tabs,medium
+  tags: cve,wordpress,wp-plugin,tabs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40560-53afece9446695901fc03dfbb692e04f.yaml b/nuclei-templates/2023/CVE-2023-40560-53afece9446695901fc03dfbb692e04f.yaml
index 1b34e0038a..c55dfc2647 100644
--- a/nuclei-templates/2023/CVE-2023-40560-53afece9446695901fc03dfbb692e04f.yaml
+++ b/nuclei-templates/2023/CVE-2023-40560-53afece9446695901fc03dfbb692e04f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schedule Posts Calendar <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Schedule Posts Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/schedule-posts-calendar/"
     google-query: inurl:"/wp-content/plugins/schedule-posts-calendar/"
     shodan-query: 'vuln:CVE-2023-40560'
-  tags: cve,wordpress,wp-plugin,schedule-posts-calendar,medium
+  tags: cve,wordpress,wp-plugin,schedule-posts-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4059-00e848a455a7983930f44875cace1026.yaml b/nuclei-templates/2023/CVE-2023-4059-00e848a455a7983930f44875cace1026.yaml
index 65a271d436..b14a8993a0 100644
--- a/nuclei-templates/2023/CVE-2023-4059-00e848a455a7983930f44875cace1026.yaml
+++ b/nuclei-templates/2023/CVE-2023-4059-00e848a455a7983930f44875cace1026.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder <= 3.9.7 - Missing Authorization to Initial Page Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Profile Builder plugin for WordPress is vulnerable to unauthorized page creation due to a missing capability check on the wppb_create_form_pages() function called via an admin_init action in versions up to, and including, 3.9.7. This makes it possible for unauthenticated attackers to trigger the initial page creation to support the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder/"
     google-query: inurl:"/wp-content/plugins/profile-builder/"
     shodan-query: 'vuln:CVE-2023-4059'
-  tags: cve,wordpress,wp-plugin,profile-builder,medium
+  tags: cve,wordpress,wp-plugin,profile-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4060-41758ee37f85a4ada05dbd855bba9b0b.yaml b/nuclei-templates/2023/CVE-2023-4060-41758ee37f85a4ada05dbd855bba9b0b.yaml
index 9337f4ea2e..fd8f7257cb 100644
--- a/nuclei-templates/2023/CVE-2023-4060-41758ee37f85a4ada05dbd855bba9b0b.yaml
+++ b/nuclei-templates/2023/CVE-2023-4060-41758ee37f85a4ada05dbd855bba9b0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Adminify <= 3.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Adminify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adminify/"
     google-query: inurl:"/wp-content/plugins/adminify/"
     shodan-query: 'vuln:CVE-2023-4060'
-  tags: cve,wordpress,wp-plugin,adminify,medium
+  tags: cve,wordpress,wp-plugin,adminify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40603-7a420ee74601bcf08094df0c89e9ad5e.yaml b/nuclei-templates/2023/CVE-2023-40603-7a420ee74601bcf08094df0c89e9ad5e.yaml
index 8cb114be49..660e32915a 100644
--- a/nuclei-templates/2023/CVE-2023-40603-7a420ee74601bcf08094df0c89e9ad5e.yaml
+++ b/nuclei-templates/2023/CVE-2023-40603-7a420ee74601bcf08094df0c89e9ad5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Org Chart <= 2.3.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Org Chart plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the myajax() function in versions up to, and including, 2.3.4. This makes it possible for unauthenticated attackers to invoke the function and update the plugin's tree option.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-org-chart/"
     google-query: inurl:"/wp-content/plugins/simple-org-chart/"
     shodan-query: 'vuln:CVE-2023-40603'
-  tags: cve,wordpress,wp-plugin,simple-org-chart,medium
+  tags: cve,wordpress,wp-plugin,simple-org-chart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40604-b9008bcb5ccd36f2981a1df579798a3b.yaml b/nuclei-templates/2023/CVE-2023-40604-b9008bcb5ccd36f2981a1df579798a3b.yaml
index 5cd58d8342..1c34e73c62 100644
--- a/nuclei-templates/2023/CVE-2023-40604-b9008bcb5ccd36f2981a1df579798a3b.yaml
+++ b/nuclei-templates/2023/CVE-2023-40604-b9008bcb5ccd36f2981a1df579798a3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookies by JM <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cookies by JM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookies-by-jm/"
     google-query: inurl:"/wp-content/plugins/cookies-by-jm/"
     shodan-query: 'vuln:CVE-2023-40604'
-  tags: cve,wordpress,wp-plugin,cookies-by-jm,medium
+  tags: cve,wordpress,wp-plugin,cookies-by-jm,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40605-8a6899bd3b3c6951efcee5344ca06fff.yaml b/nuclei-templates/2023/CVE-2023-40605-8a6899bd3b3c6951efcee5344ca06fff.yaml
index 76eb4ce16e..f45877cf7c 100644
--- a/nuclei-templates/2023/CVE-2023-40605-8a6899bd3b3c6951efcee5344ca06fff.yaml
+++ b/nuclei-templates/2023/CVE-2023-40605-8a6899bd3b3c6951efcee5344ca06fff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Typing Effect <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Typing Effect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/animated-typing-effect/"
     google-query: inurl:"/wp-content/plugins/animated-typing-effect/"
     shodan-query: 'vuln:CVE-2023-40605'
-  tags: cve,wordpress,wp-plugin,animated-typing-effect,medium
+  tags: cve,wordpress,wp-plugin,animated-typing-effect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40606-b7ae92a9935669b4053689b9e0cbb221.yaml b/nuclei-templates/2023/CVE-2023-40606-b7ae92a9935669b4053689b9e0cbb221.yaml
index 60b164c33e..6e98658c45 100644
--- a/nuclei-templates/2023/CVE-2023-40606-b7ae92a9935669b4053689b9e0cbb221.yaml
+++ b/nuclei-templates/2023/CVE-2023-40606-b7ae92a9935669b4053689b9e0cbb221.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kanban Boards <= 2.5.21 - Authenticated (Administrator+) Remote Code Execution
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Kanban Boards plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.21. This allows authenticated attackers with administrator access to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kanban/"
     google-query: inurl:"/wp-content/plugins/kanban/"
     shodan-query: 'vuln:CVE-2023-40606'
-  tags: cve,wordpress,wp-plugin,kanban,critical
+  tags: cve,wordpress,wp-plugin,kanban,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40664-183ebb9bdb87985c4ca10ea8af8836ec.yaml b/nuclei-templates/2023/CVE-2023-40664-183ebb9bdb87985c4ca10ea8af8836ec.yaml
index 64156f431d..64066108a2 100644
--- a/nuclei-templates/2023/CVE-2023-40664-183ebb9bdb87985c4ca10ea8af8836ec.yaml
+++ b/nuclei-templates/2023/CVE-2023-40664-183ebb9bdb87985c4ca10ea8af8836ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donations Made Easy – Smart Donations <= 4.0.12 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Donations Made Easy – Smart Donations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rednao_smart_donations_save_form_values() function called via a nopriv AJAX in versions up to, and including, 4.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-donations/"
     google-query: inurl:"/wp-content/plugins/smart-donations/"
     shodan-query: 'vuln:CVE-2023-40664'
-  tags: cve,wordpress,wp-plugin,smart-donations,medium
+  tags: cve,wordpress,wp-plugin,smart-donations,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40665-67ad930884b5b87d29530a8be64ff268.yaml b/nuclei-templates/2023/CVE-2023-40665-67ad930884b5b87d29530a8be64ff268.yaml
index d551c156dc..2977ec6656 100644
--- a/nuclei-templates/2023/CVE-2023-40665-67ad930884b5b87d29530a8be64ff268.yaml
+++ b/nuclei-templates/2023/CVE-2023-40665-67ad930884b5b87d29530a8be64ff268.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Save as Image plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Save as Image plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.16.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/save-as-image-by-pdfcrowd/"
     google-query: inurl:"/wp-content/plugins/save-as-image-by-pdfcrowd/"
     shodan-query: 'vuln:CVE-2023-40665'
-  tags: cve,wordpress,wp-plugin,save-as-image-by-pdfcrowd,medium
+  tags: cve,wordpress,wp-plugin,save-as-image-by-pdfcrowd,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40668-b2cea8a198e9a575447977f949754486.yaml b/nuclei-templates/2023/CVE-2023-40668-b2cea8a198e9a575447977f949754486.yaml
index d2c92cd500..74a37b69e6 100644
--- a/nuclei-templates/2023/CVE-2023-40668-b2cea8a198e9a575447977f949754486.yaml
+++ b/nuclei-templates/2023/CVE-2023-40668-b2cea8a198e9a575447977f949754486.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Save as PDF plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Save as PDF plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.16.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/save-as-pdf-by-pdfcrowd/"
     google-query: inurl:"/wp-content/plugins/save-as-pdf-by-pdfcrowd/"
     shodan-query: 'vuln:CVE-2023-40668'
-  tags: cve,wordpress,wp-plugin,save-as-pdf-by-pdfcrowd,medium
+  tags: cve,wordpress,wp-plugin,save-as-pdf-by-pdfcrowd,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40669-4783eb0d865a9f683c0f42594f272a3d.yaml b/nuclei-templates/2023/CVE-2023-40669-4783eb0d865a9f683c0f42594f272a3d.yaml
index 352b439b8d..6944cf4cfc 100644
--- a/nuclei-templates/2023/CVE-2023-40669-4783eb0d865a9f683c0f42594f272a3d.yaml
+++ b/nuclei-templates/2023/CVE-2023-40669-4783eb0d865a9f683c0f42594f272a3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jquery-collapse-o-matic/"
     google-query: inurl:"/wp-content/plugins/jquery-collapse-o-matic/"
     shodan-query: 'vuln:CVE-2023-40669'
-  tags: cve,wordpress,wp-plugin,jquery-collapse-o-matic,medium
+  tags: cve,wordpress,wp-plugin,jquery-collapse-o-matic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40670-6663c4e8258a97ca80d8e61f0b37ac68.yaml b/nuclei-templates/2023/CVE-2023-40670-6663c4e8258a97ca80d8e61f0b37ac68.yaml
index 604ed24c29..9332a86096 100644
--- a/nuclei-templates/2023/CVE-2023-40670-6663c4e8258a97ca80d8e61f0b37ac68.yaml
+++ b/nuclei-templates/2023/CVE-2023-40670-6663c4e8258a97ca80d8e61f0b37ac68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ReviewX <= 1.6.17 - Missing Authorization in rx_coupon_from_submit
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ReviewX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rx_coupon_from_submit function in versions up to, and including, 1.6.17. This makes it possible for authenticated attackers, with subscriber-level access and above, to update options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reviewx/"
     google-query: inurl:"/wp-content/plugins/reviewx/"
     shodan-query: 'vuln:CVE-2023-40670'
-  tags: cve,wordpress,wp-plugin,reviewx,medium
+  tags: cve,wordpress,wp-plugin,reviewx,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40672-c9799f12c2184eb30d64cc5143268b5b.yaml b/nuclei-templates/2023/CVE-2023-40672-c9799f12c2184eb30d64cc5143268b5b.yaml
index f6ae68ad1d..68fb78d90d 100644
--- a/nuclei-templates/2023/CVE-2023-40672-c9799f12c2184eb30d64cc5143268b5b.yaml
+++ b/nuclei-templates/2023/CVE-2023-40672-c9799f12c2184eb30d64cc5143268b5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sticky Social Media Icons <= 2.0 - Missing Authorization via ajax_request_handle
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sticky Social Media Icons plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_request_handle function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sticky-social-media-icons/"
     google-query: inurl:"/wp-content/plugins/sticky-social-media-icons/"
     shodan-query: 'vuln:CVE-2023-40672'
-  tags: cve,wordpress,wp-plugin,sticky-social-media-icons,medium
+  tags: cve,wordpress,wp-plugin,sticky-social-media-icons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40674-2b45864828a1aff6937ee7dc2951db60.yaml b/nuclei-templates/2023/CVE-2023-40674-2b45864828a1aff6937ee7dc2951db60.yaml
index c93f5a9b10..a7913ef206 100644
--- a/nuclei-templates/2023/CVE-2023-40674-2b45864828a1aff6937ee7dc2951db60.yaml
+++ b/nuclei-templates/2023/CVE-2023-40674-2b45864828a1aff6937ee7dc2951db60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple URLs <= 118 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple URLs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 119 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-urls/"
     google-query: inurl:"/wp-content/plugins/simple-urls/"
     shodan-query: 'vuln:CVE-2023-40674'
-  tags: cve,wordpress,wp-plugin,simple-urls,medium
+  tags: cve,wordpress,wp-plugin,simple-urls,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40675-8417ca6ea2b385ef6685bba03ed8d8b5.yaml b/nuclei-templates/2023/CVE-2023-40675-8417ca6ea2b385ef6685bba03ed8d8b5.yaml
index 2c897e6738..5b4073ed10 100644
--- a/nuclei-templates/2023/CVE-2023-40675-8417ca6ea2b385ef6685bba03ed8d8b5.yaml
+++ b/nuclei-templates/2023/CVE-2023-40675-8417ca6ea2b385ef6685bba03ed8d8b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Landing Page Builder <= 1.5.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Landing Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-builder-add/"
     google-query: inurl:"/wp-content/plugins/page-builder-add/"
     shodan-query: 'vuln:CVE-2023-40675'
-  tags: cve,wordpress,wp-plugin,page-builder-add,medium
+  tags: cve,wordpress,wp-plugin,page-builder-add,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40676-423f90da633eb79297c96d8f0abf8be5.yaml b/nuclei-templates/2023/CVE-2023-40676-423f90da633eb79297c96d8f0abf8be5.yaml
index 9cd1f10c30..55af3d051a 100644
--- a/nuclei-templates/2023/CVE-2023-40676-423f90da633eb79297c96d8f0abf8be5.yaml
+++ b/nuclei-templates/2023/CVE-2023-40676-423f90da633eb79297c96d8f0abf8be5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2023-40676'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,medium
+  tags: cve,wordpress,wp-plugin,wp-slimstat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40677-673a5e282a31715aadad077526dcf5b4.yaml b/nuclei-templates/2023/CVE-2023-40677-673a5e282a31715aadad077526dcf5b4.yaml
index 7cb3986cf9..5d353c1002 100644
--- a/nuclei-templates/2023/CVE-2023-40677-673a5e282a31715aadad077526dcf5b4.yaml
+++ b/nuclei-templates/2023/CVE-2023-40677-673a5e282a31715aadad077526dcf5b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vertical Marquee Plugin <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Vertical Marquee Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the admin settings in versions up to, and including, 7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vertical-marquee-plugin/"
     google-query: inurl:"/wp-content/plugins/vertical-marquee-plugin/"
     shodan-query: 'vuln:CVE-2023-40677'
-  tags: cve,wordpress,wp-plugin,vertical-marquee-plugin,medium
+  tags: cve,wordpress,wp-plugin,vertical-marquee-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40678-675d927de3b1b53ecaa9209929290da6.yaml b/nuclei-templates/2023/CVE-2023-40678-675d927de3b1b53ecaa9209929290da6.yaml
index dec6a718a2..4722bbc61c 100644
--- a/nuclei-templates/2023/CVE-2023-40678-675d927de3b1b53ecaa9209929290da6.yaml
+++ b/nuclei-templates/2023/CVE-2023-40678-675d927de3b1b53ecaa9209929290da6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple URLs <= 117 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple URLs plugin for WordPress is vulnerable to unauthorized utilization of AJAX functionality due to a missing capability check on its AJAX handler functions in versions up to, and including, 117. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke those functions and change plugin behavior and settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-urls/"
     google-query: inurl:"/wp-content/plugins/simple-urls/"
     shodan-query: 'vuln:CVE-2023-40678'
-  tags: cve,wordpress,wp-plugin,simple-urls,medium
+  tags: cve,wordpress,wp-plugin,simple-urls,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40680-a3fa83da79405e5abf7cb2c0fd1ed37b.yaml b/nuclei-templates/2023/CVE-2023-40680-a3fa83da79405e5abf7cb2c0fd1ed37b.yaml
index bd5d993d0e..af24b5068c 100644
--- a/nuclei-templates/2023/CVE-2023-40680-a3fa83da79405e5abf7cb2c0fd1ed37b.yaml
+++ b/nuclei-templates/2023/CVE-2023-40680-a3fa83da79405e5abf7cb2c0fd1ed37b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO <= 21.0 - Authenticated (Seo Manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with seo manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-seo/"
     google-query: inurl:"/wp-content/plugins/wordpress-seo/"
     shodan-query: 'vuln:CVE-2023-40680'
-  tags: cve,wordpress,wp-plugin,wordpress-seo,medium
+  tags: cve,wordpress,wp-plugin,wordpress-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-40681-b86dfb6f9dd8aa205cbc3842be669c7a.yaml b/nuclei-templates/2023/CVE-2023-40681-b86dfb6f9dd8aa205cbc3842be669c7a.yaml
index 7071ed60c4..c2b29ca59b 100644
--- a/nuclei-templates/2023/CVE-2023-40681-b86dfb6f9dd8aa205cbc3842be669c7a.yaml
+++ b/nuclei-templates/2023/CVE-2023-40681-b86dfb6f9dd8aa205cbc3842be669c7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Groundhogg <= 2.7.11.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via Task Data
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via task data in versions up to, and including, 2.7.11.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/groundhogg/"
     google-query: inurl:"/wp-content/plugins/groundhogg/"
     shodan-query: 'vuln:CVE-2023-40681'
-  tags: cve,wordpress,wp-plugin,groundhogg,medium
+  tags: cve,wordpress,wp-plugin,groundhogg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4109-3c9dac2ddd3bec2b9b5eb5b21c8ec91e.yaml b/nuclei-templates/2023/CVE-2023-4109-3c9dac2ddd3bec2b9b5eb5b21c8ec91e.yaml
index c6219a0bfc..ae2da9a4f0 100644
--- a/nuclei-templates/2023/CVE-2023-4109-3c9dac2ddd3bec2b9b5eb5b21c8ec91e.yaml
+++ b/nuclei-templates/2023/CVE-2023-4109-3c9dac2ddd3bec2b9b5eb5b21c8ec91e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms <= 3.6.25 - Authenticated (Administrator+) Stored HTML Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ninja Forms plugin for WordPress is vulnerable to Stored HTML Injection in versions up to, and including, 3.6.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator access to inject arbitrary HTML content in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2023-4109'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41127-92de377343f9b56c26e4f5ac1766852a.yaml b/nuclei-templates/2023/CVE-2023-41127-92de377343f9b56c26e4f5ac1766852a.yaml
index 37f0d2918f..579a50bff2 100644
--- a/nuclei-templates/2023/CVE-2023-41127-92de377343f9b56c26e4f5ac1766852a.yaml
+++ b/nuclei-templates/2023/CVE-2023-41127-92de377343f9b56c26e4f5ac1766852a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Evergreen Content Poster <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/evergreen-content-poster/"
     google-query: inurl:"/wp-content/plugins/evergreen-content-poster/"
     shodan-query: 'vuln:CVE-2023-41127'
-  tags: cve,wordpress,wp-plugin,evergreen-content-poster,medium
+  tags: cve,wordpress,wp-plugin,evergreen-content-poster,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41128-1c48d6771b0e3d17023908b8bdc75005.yaml b/nuclei-templates/2023/CVE-2023-41128-1c48d6771b0e3d17023908b8bdc75005.yaml
index 69a38c7ed0..eb3a07edae 100644
--- a/nuclei-templates/2023/CVE-2023-41128-1c48d6771b0e3d17023908b8bdc75005.yaml
+++ b/nuclei-templates/2023/CVE-2023-41128-1c48d6771b0e3d17023908b8bdc75005.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Roadmap <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Roadmap – Product Feedback Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-roadmap/"
     google-query: inurl:"/wp-content/plugins/wp-roadmap/"
     shodan-query: 'vuln:CVE-2023-41128'
-  tags: cve,wordpress,wp-plugin,wp-roadmap,medium
+  tags: cve,wordpress,wp-plugin,wp-roadmap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41132-9d69b5dedc1dea8d291f6cedb75f3be2.yaml b/nuclei-templates/2023/CVE-2023-41132-9d69b5dedc1dea8d291f6cedb75f3be2.yaml
index 4c58a548fd..e1fb61e3fe 100644
--- a/nuclei-templates/2023/CVE-2023-41132-9d69b5dedc1dea8d291f6cedb75f3be2.yaml
+++ b/nuclei-templates/2023/CVE-2023-41132-9d69b5dedc1dea8d291f6cedb75f3be2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Category Slider for WooCommerce <= 1.4.15 - Missing Authorization via notice dismissal functionality
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Category Slider for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability and nonce check on various admin notice dismissal functions in versions up to, and including, 1.4.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss administrative notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-category-slider-grid/"
     google-query: inurl:"/wp-content/plugins/woo-category-slider-grid/"
     shodan-query: 'vuln:CVE-2023-41132'
-  tags: cve,wordpress,wp-plugin,woo-category-slider-grid,medium
+  tags: cve,wordpress,wp-plugin,woo-category-slider-grid,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41133-eed5959a62db993b12da83da9d803446.yaml b/nuclei-templates/2023/CVE-2023-41133-eed5959a62db993b12da83da9d803446.yaml
index 0b9817bb53..96d5a37aca 100644
--- a/nuclei-templates/2023/CVE-2023-41133-eed5959a62db993b12da83da9d803446.yaml
+++ b/nuclei-templates/2023/CVE-2023-41133-eed5959a62db993b12da83da9d803446.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Secure Admin IP <= 2.0 - Missing Authorization via 'saveSettings'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Secure Admin IP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSettings' function that runs on 'admin_init' in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/secure-admin-ip/"
     google-query: inurl:"/wp-content/plugins/secure-admin-ip/"
     shodan-query: 'vuln:CVE-2023-41133'
-  tags: cve,wordpress,wp-plugin,secure-admin-ip,medium
+  tags: cve,wordpress,wp-plugin,secure-admin-ip,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41136-5a0364c13a90f16b0ef1e911c302d0f2.yaml b/nuclei-templates/2023/CVE-2023-41136-5a0364c13a90f16b0ef1e911c302d0f2.yaml
index 349b05d7ec..afe7444a17 100644
--- a/nuclei-templates/2023/CVE-2023-41136-5a0364c13a90f16b0ef1e911c302d0f2.yaml
+++ b/nuclei-templates/2023/CVE-2023-41136-5a0364c13a90f16b0ef1e911c302d0f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Long Form <= 2.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Long Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-long-form/"
     google-query: inurl:"/wp-content/plugins/simple-long-form/"
     shodan-query: 'vuln:CVE-2023-41136'
-  tags: cve,wordpress,wp-plugin,simple-long-form,medium
+  tags: cve,wordpress,wp-plugin,simple-long-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41239-09573bbd55ffbde9d233ad38438e8f66.yaml b/nuclei-templates/2023/CVE-2023-41239-09573bbd55ffbde9d233ad38438e8f66.yaml
index 2e2de71ab1..0597dca37f 100644
--- a/nuclei-templates/2023/CVE-2023-41239-09573bbd55ffbde9d233ad38438e8f66.yaml
+++ b/nuclei-templates/2023/CVE-2023-41239-09573bbd55ffbde9d233ad38438e8f66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPress <= 11.0.6 - Authenticated (Contributor+) Server-Side Request Forgery via wp_ajax_powerpress_media_info
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PowerPress plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 11.0.6 via the wp_ajax_powerpress_media_info AJAX action. This can allow authenticated attackers, with contributor-level permission and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpress/"
     google-query: inurl:"/wp-content/plugins/powerpress/"
     shodan-query: 'vuln:CVE-2023-41239'
-  tags: cve,wordpress,wp-plugin,powerpress,medium
+  tags: cve,wordpress,wp-plugin,powerpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41240-8930cf2379d26f27d4dfc818449f89c9.yaml b/nuclei-templates/2023/CVE-2023-41240-8930cf2379d26f27d4dfc818449f89c9.yaml
index 082dc02833..b9d28cb704 100644
--- a/nuclei-templates/2023/CVE-2023-41240-8930cf2379d26f27d4dfc818449f89c9.yaml
+++ b/nuclei-templates/2023/CVE-2023-41240-8930cf2379d26f27d4dfc818449f89c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pricing Deals for WooCommerce <= 2.0.3.2 - Missing Authorization via vtprd_ajax_clone_rule
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Pricing Deals for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the 'vtprd_ajax_clone_rule' function in versions up to, and including, 2.0.3.2. This makes it possible for unauthenticated attackers to clone rules.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pricing-deals-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/pricing-deals-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-41240'
-  tags: cve,wordpress,wp-plugin,pricing-deals-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,pricing-deals-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41241-3d8dd9beb9e2d1b17d8d01ef045ea5d3.yaml b/nuclei-templates/2023/CVE-2023-41241-3d8dd9beb9e2d1b17d8d01ef045ea5d3.yaml
index f2823fbac2..6ddbc99f22 100644
--- a/nuclei-templates/2023/CVE-2023-41241-3d8dd9beb9e2d1b17d8d01ef045ea5d3.yaml
+++ b/nuclei-templates/2023/CVE-2023-41241-3d8dd9beb9e2d1b17d8d01ef045ea5d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SureCart <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SureCart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/surecart/"
     google-query: inurl:"/wp-content/plugins/surecart/"
     shodan-query: 'vuln:CVE-2023-41241'
-  tags: cve,wordpress,wp-plugin,surecart,medium
+  tags: cve,wordpress,wp-plugin,surecart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41242-ed4eb2c4883d6e7594e77a8d9e41fb0a.yaml b/nuclei-templates/2023/CVE-2023-41242-ed4eb2c4883d6e7594e77a8d9e41fb0a.yaml
index 002fc731e7..ec0f604171 100644
--- a/nuclei-templates/2023/CVE-2023-41242-ed4eb2c4883d6e7594e77a8d9e41fb0a.yaml
+++ b/nuclei-templates/2023/CVE-2023-41242-ed4eb2c4883d6e7594e77a8d9e41fb0a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Snap Pixel <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Snap Pixel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/snap-pixel/"
     google-query: inurl:"/wp-content/plugins/snap-pixel/"
     shodan-query: 'vuln:CVE-2023-41242'
-  tags: cve,wordpress,wp-plugin,snap-pixel,medium
+  tags: cve,wordpress,wp-plugin,snap-pixel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4140-51b67c232457e0e4e3e29917fed2f232.yaml b/nuclei-templates/2023/CVE-2023-4140-51b67c232457e0e4e3e29917fed2f232.yaml
index 5061e6e6dc..77fe0aa4a2 100644
--- a/nuclei-templates/2023/CVE-2023-4140-51b67c232457e0e4e3e29917fed2f232.yaml
+++ b/nuclei-templates/2023/CVE-2023-4140-51b67c232457e0e4e3e29917fed2f232.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/"
     shodan-query: 'vuln:CVE-2023-4140'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,medium
+  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4141-0d112b75baa32165ac17ae118d62fed2.yaml b/nuclei-templates/2023/CVE-2023-4141-0d112b75baa32165ac17ae118d62fed2.yaml
index fdaff48fe3..54938434c8 100644
--- a/nuclei-templates/2023/CVE-2023-4141-0d112b75baa32165ac17ae118d62fed2.yaml
+++ b/nuclei-templates/2023/CVE-2023-4141-0d112b75baa32165ac17ae118d62fed2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/"
     shodan-query: 'vuln:CVE-2023-4141'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high
+  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4142-7705126a4ed4d1dc1d9561088cab0d7f.yaml b/nuclei-templates/2023/CVE-2023-4142-7705126a4ed4d1dc1d9561088cab0d7f.yaml
index 94d2f30a75..ef5aed8982 100644
--- a/nuclei-templates/2023/CVE-2023-4142-7705126a4ed4d1dc1d9561088cab0d7f.yaml
+++ b/nuclei-templates/2023/CVE-2023-4142-7705126a4ed4d1dc1d9561088cab0d7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/"
     shodan-query: 'vuln:CVE-2023-4142'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high
+  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4153-137251846c7319666c4983642238e856.yaml b/nuclei-templates/2023/CVE-2023-4153-137251846c7319666c4983642238e856.yaml
index f6e6a86361..6ea47cd921 100644
--- a/nuclei-templates/2023/CVE-2023-4153-137251846c7319666c4983642238e856.yaml
+++ b/nuclei-templates/2023/CVE-2023-4153-137251846c7319666c4983642238e856.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify the plugin settings to access the ban and unban functionality and set the role of the unbanned user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ban-users/"
     google-query: inurl:"/wp-content/plugins/ban-users/"
     shodan-query: 'vuln:CVE-2023-4153'
-  tags: cve,wordpress,wp-plugin,ban-users,high
+  tags: cve,wordpress,wp-plugin,ban-users,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4160-669481af47f05337ab733ec932b4b377.yaml b/nuclei-templates/2023/CVE-2023-4160-669481af47f05337ab733ec932b4b377.yaml
index f1c5f954e4..25b6a177e1 100644
--- a/nuclei-templates/2023/CVE-2023-4160-669481af47f05337ab733ec932b4b377.yaml
+++ b/nuclei-templates/2023/CVE-2023-4160-669481af47f05337ab733ec932b4b377.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/"
     google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/"
     shodan-query: 'vuln:CVE-2023-4160'
-  tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,medium
+  tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41649-c5037c5f6ce141975f7a422878dcc1cf.yaml b/nuclei-templates/2023/CVE-2023-41649-c5037c5f6ce141975f7a422878dcc1cf.yaml
index ed13670602..04a59fb0c7 100644
--- a/nuclei-templates/2023/CVE-2023-41649-c5037c5f6ce141975f7a422878dcc1cf.yaml
+++ b/nuclei-templates/2023/CVE-2023-41649-c5037c5f6ce141975f7a422878dcc1cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ovic Product Bundle <= 1.1.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ovic Product Bundle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_bundle_product() function hooked via a nopriv AJAX action in versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to remove bundled products.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ovic-product-bundle/"
     google-query: inurl:"/wp-content/plugins/ovic-product-bundle/"
     shodan-query: 'vuln:CVE-2023-41649'
-  tags: cve,wordpress,wp-plugin,ovic-product-bundle,medium
+  tags: cve,wordpress,wp-plugin,ovic-product-bundle,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41656-267d7435385a9582ef7c8199e8931303.yaml b/nuclei-templates/2023/CVE-2023-41656-267d7435385a9582ef7c8199e8931303.yaml
index 6ec99e5001..02bf3d3fe8 100644
--- a/nuclei-templates/2023/CVE-2023-41656-267d7435385a9582ef7c8199e8931303.yaml
+++ b/nuclei-templates/2023/CVE-2023-41656-267d7435385a9582ef7c8199e8931303.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Elementor Addons <= 1.3.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Better Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bea_admin_ajax() function hooked via an AJAX action in versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to save and reset the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/better-elementor-addons/"
     shodan-query: 'vuln:CVE-2023-41656'
-  tags: cve,wordpress,wp-plugin,better-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,better-elementor-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41657-ca4ae9210ad5c6416e62ede162724557.yaml b/nuclei-templates/2023/CVE-2023-41657-ca4ae9210ad5c6416e62ede162724557.yaml
index 800bb9fc9f..f163b1e40f 100644
--- a/nuclei-templates/2023/CVE-2023-41657-ca4ae9210ad5c6416e62ede162724557.yaml
+++ b/nuclei-templates/2023/CVE-2023-41657-ca4ae9210ad5c6416e62ede162724557.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HollerBox <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HollerBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/holler-box/"
     google-query: inurl:"/wp-content/plugins/holler-box/"
     shodan-query: 'vuln:CVE-2023-41657'
-  tags: cve,wordpress,wp-plugin,holler-box,medium
+  tags: cve,wordpress,wp-plugin,holler-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41661-714adebc0f79250fa11c7babb8af735a.yaml b/nuclei-templates/2023/CVE-2023-41661-714adebc0f79250fa11c7babb8af735a.yaml
index dda3c48dcc..3cfe744339 100644
--- a/nuclei-templates/2023/CVE-2023-41661-714adebc0f79250fa11c7babb8af735a.yaml
+++ b/nuclei-templates/2023/CVE-2023-41661-714adebc0f79250fa11c7babb8af735a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smarty for WordPress <= 3.1.35 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smarty for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smarty-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/smarty-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-41661'
-  tags: cve,wordpress,wp-plugin,smarty-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,smarty-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41664-e1e05c3d687b12217db0b7b57b7d94d7.yaml b/nuclei-templates/2023/CVE-2023-41664-e1e05c3d687b12217db0b7b57b7d94d7.yaml
index d6690545ee..4bddd30600 100644
--- a/nuclei-templates/2023/CVE-2023-41664-e1e05c3d687b12217db0b7b57b7d94d7.yaml
+++ b/nuclei-templates/2023/CVE-2023-41664-e1e05c3d687b12217db0b7b57b7d94d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Newsletter Signups <= 1.0.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Newsletter Signups plugin for WordPress is vulnerable to unauthorized modification and disclosure of data due to a missing capability check on the wpesn_ltable_process_bulk_action() function hooked via admin_init in versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to delete and export subscriber lists.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-newsletter-signups/"
     google-query: inurl:"/wp-content/plugins/easy-newsletter-signups/"
     shodan-query: 'vuln:CVE-2023-41664'
-  tags: cve,wordpress,wp-plugin,easy-newsletter-signups,medium
+  tags: cve,wordpress,wp-plugin,easy-newsletter-signups,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41665-941ef3ed4e3d287ad92a76b5c6b10f89.yaml b/nuclei-templates/2023/CVE-2023-41665-941ef3ed4e3d287ad92a76b5c6b10f89.yaml
index bdbdf17d09..25694a3255 100644
--- a/nuclei-templates/2023/CVE-2023-41665-941ef3ed4e3d287ad92a76b5c6b10f89.yaml
+++ b/nuclei-templates/2023/CVE-2023-41665-941ef3ed4e3d287ad92a76b5c6b10f89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Give - Donation Plugin <= 2.33.0 - Authenticated(Give Manager+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Give - Donation Plugin plugin for WordPress is vulnerable to privilege escalation due to an insufficient capability check when updating default roles in versions up to, and including, 2.33.0. This makes it possible for authenticated attackers with Give Manager privileges to elevate their privileges to those of an administrator by setting the default role in the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2023-41665'
-  tags: cve,wordpress,wp-plugin,give,high
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41666-9bd703646402672c6e3df139cb8847d8.yaml b/nuclei-templates/2023/CVE-2023-41666-9bd703646402672c6e3df139cb8847d8.yaml
index a0aa6068a9..dd2d49c3c6 100644
--- a/nuclei-templates/2023/CVE-2023-41666-9bd703646402672c6e3df139cb8847d8.yaml
+++ b/nuclei-templates/2023/CVE-2023-41666-9bd703646402672c6e3df139cb8847d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stock Quotes List <= 2.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Stock Quotes List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.9.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stock-quotes-list/"
     google-query: inurl:"/wp-content/plugins/stock-quotes-list/"
     shodan-query: 'vuln:CVE-2023-41666'
-  tags: cve,wordpress,wp-plugin,stock-quotes-list,medium
+  tags: cve,wordpress,wp-plugin,stock-quotes-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41671-d3760060833c9e24b772fab4457401bf.yaml b/nuclei-templates/2023/CVE-2023-41671-d3760060833c9e24b772fab4457401bf.yaml
index c2764ea7cf..550e2ee68b 100644
--- a/nuclei-templates/2023/CVE-2023-41671-d3760060833c9e24b772fab4457401bf.yaml
+++ b/nuclei-templates/2023/CVE-2023-41671-d3760060833c9e24b772fab4457401bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 5.16.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss admin notifications, toggle templates, view abandoned cart details, and preview emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-abandoned-cart/"
     google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart/"
     shodan-query: 'vuln:CVE-2023-41671'
-  tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41683-4150b6c5ffc14f9f916be876839f27fe.yaml b/nuclei-templates/2023/CVE-2023-41683-4150b6c5ffc14f9f916be876839f27fe.yaml
index 98e94222c4..2e2525ae5b 100644
--- a/nuclei-templates/2023/CVE-2023-41683-4150b6c5ffc14f9f916be876839f27fe.yaml
+++ b/nuclei-templates/2023/CVE-2023-41683-4150b6c5ffc14f9f916be876839f27fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TelSender <= 1.14.11 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TelSender plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tscfwc_form_ajax_reqest() function hooked via an AJAX action in versions up to, and including, 1.14.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/telsender/"
     google-query: inurl:"/wp-content/plugins/telsender/"
     shodan-query: 'vuln:CVE-2023-41683'
-  tags: cve,wordpress,wp-plugin,telsender,medium
+  tags: cve,wordpress,wp-plugin,telsender,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41685-1b283946c80a7878d62493f2e843e97b.yaml b/nuclei-templates/2023/CVE-2023-41685-1b283946c80a7878d62493f2e843e97b.yaml
index cf860266b4..29e93095bf 100644
--- a/nuclei-templates/2023/CVE-2023-41685-1b283946c80a7878d62493f2e843e97b.yaml
+++ b/nuclei-templates/2023/CVE-2023-41685-1b283946c80a7878d62493f2e843e97b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Woocommerce Support System plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-support-system/"
     google-query: inurl:"/wp-content/plugins/wc-support-system/"
     shodan-query: 'vuln:CVE-2023-41685'
-  tags: cve,wordpress,wp-plugin,wc-support-system,high
+  tags: cve,wordpress,wp-plugin,wc-support-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41687-5354899032ab4aab5f7e436527798ae7.yaml b/nuclei-templates/2023/CVE-2023-41687-5354899032ab4aab5f7e436527798ae7.yaml
index dedb22f291..b61cfb32d6 100644
--- a/nuclei-templates/2023/CVE-2023-41687-5354899032ab4aab5f7e436527798ae7.yaml
+++ b/nuclei-templates/2023/CVE-2023-41687-5354899032ab4aab5f7e436527798ae7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Goods Catalog <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Goods Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/goods-catalog/"
     google-query: inurl:"/wp-content/plugins/goods-catalog/"
     shodan-query: 'vuln:CVE-2023-41687'
-  tags: cve,wordpress,wp-plugin,goods-catalog,medium
+  tags: cve,wordpress,wp-plugin,goods-catalog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41688-cf39fd16fb8f788c8db751f0dadfb29c.yaml b/nuclei-templates/2023/CVE-2023-41688-cf39fd16fb8f788c8db751f0dadfb29c.yaml
index ab0ab55ff2..1029f8db11 100644
--- a/nuclei-templates/2023/CVE-2023-41688-cf39fd16fb8f788c8db751f0dadfb29c.yaml
+++ b/nuclei-templates/2023/CVE-2023-41688-cf39fd16fb8f788c8db751f0dadfb29c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bulk NoIndex & NoFollow Toolkit <= 1.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_page_callback() and update_page_bulk_callback() functions called via AJAX actions in versions up to, and including, 1.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update post and page's noindex and nofollow statuses.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/"
     google-query: inurl:"/wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/"
     shodan-query: 'vuln:CVE-2023-41688'
-  tags: cve,wordpress,wp-plugin,bulk-noindex-nofollow-toolkit-by-mad-fish,medium
+  tags: cve,wordpress,wp-plugin,bulk-noindex-nofollow-toolkit-by-mad-fish,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41690-6b2cae5676cc752aa89b0a0ababa3a92.yaml b/nuclei-templates/2023/CVE-2023-41690-6b2cae5676cc752aa89b0a0ababa3a92.yaml
index 7f50b2d095..2cf86af44e 100644
--- a/nuclei-templates/2023/CVE-2023-41690-6b2cae5676cc752aa89b0a0ababa3a92.yaml
+++ b/nuclei-templates/2023/CVE-2023-41690-6b2cae5676cc752aa89b0a0ababa3a92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WiserNotify Social Proof <= 2.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WiserNotify Social Proof plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the varify_api() function hooked via an AJAX action in versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to trigger API verification.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wiser-notify/"
     google-query: inurl:"/wp-content/plugins/wiser-notify/"
     shodan-query: 'vuln:CVE-2023-41690'
-  tags: cve,wordpress,wp-plugin,wiser-notify,medium
+  tags: cve,wordpress,wp-plugin,wiser-notify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41695-d12af8e80ae1c421ffa919ff53dc2e47.yaml b/nuclei-templates/2023/CVE-2023-41695-d12af8e80ae1c421ffa919ff53dc2e47.yaml
index d969c97ca7..188a311b9b 100644
--- a/nuclei-templates/2023/CVE-2023-41695-d12af8e80ae1c421ffa919ff53dc2e47.yaml
+++ b/nuclei-templates/2023/CVE-2023-41695-d12af8e80ae1c421ffa919ff53dc2e47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Analytify Dashboard <= 5.1.0 - Missing Authorization to Opt-In
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Analytify Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optin_yes() function in versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber-level and above access, to optin the the plugin's tracking.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-analytify/"
     google-query: inurl:"/wp-content/plugins/wp-analytify/"
     shodan-query: 'vuln:CVE-2023-41695'
-  tags: cve,wordpress,wp-plugin,wp-analytify,medium
+  tags: cve,wordpress,wp-plugin,wp-analytify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41728-dd783793d1579786f0da18d50db26b6a.yaml b/nuclei-templates/2023/CVE-2023-41728-dd783793d1579786f0da18d50db26b6a.yaml
index 41bb4623cc..3cedc0c4de 100644
--- a/nuclei-templates/2023/CVE-2023-41728-dd783793d1579786f0da18d50db26b6a.yaml
+++ b/nuclei-templates/2023/CVE-2023-41728-dd783793d1579786f0da18d50db26b6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rescue Shortcodes <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes/s in versions up to, and including, 2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rescue-shortcodes/"
     google-query: inurl:"/wp-content/plugins/rescue-shortcodes/"
     shodan-query: 'vuln:CVE-2023-41728'
-  tags: cve,wordpress,wp-plugin,rescue-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,rescue-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41729-572ada3e2b5cfd266bbe4d55b671ea76.yaml b/nuclei-templates/2023/CVE-2023-41729-572ada3e2b5cfd266bbe4d55b671ea76.yaml
index 5081037227..6bd4380fd7 100644
--- a/nuclei-templates/2023/CVE-2023-41729-572ada3e2b5cfd266bbe4d55b671ea76.yaml
+++ b/nuclei-templates/2023/CVE-2023-41729-572ada3e2b5cfd266bbe4d55b671ea76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SendPress Newsletters <= 1.23.11.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.11.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. CVE-2024-1588 and CVE-2024-1589 could be duplicates of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sendpress/"
     google-query: inurl:"/wp-content/plugins/sendpress/"
     shodan-query: 'vuln:CVE-2023-41729'
-  tags: cve,wordpress,wp-plugin,sendpress,medium
+  tags: cve,wordpress,wp-plugin,sendpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41731-a18a9d03d5ff2c74e7d4dd874ea75ae5.yaml b/nuclei-templates/2023/CVE-2023-41731-a18a9d03d5ff2c74e7d4dd874ea75ae5.yaml
index 1cecb126ec..af62f4489f 100644
--- a/nuclei-templates/2023/CVE-2023-41731-a18a9d03d5ff2c74e7d4dd874ea75ae5.yaml
+++ b/nuclei-templates/2023/CVE-2023-41731-a18a9d03d5ff2c74e7d4dd874ea75ae5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wordpress publish post email notification <= 1.0.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wordpress publish post email notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/publish-post-email-notification/"
     google-query: inurl:"/wp-content/plugins/publish-post-email-notification/"
     shodan-query: 'vuln:CVE-2023-41731'
-  tags: cve,wordpress,wp-plugin,publish-post-email-notification,medium
+  tags: cve,wordpress,wp-plugin,publish-post-email-notification,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41733-0adc72a8beddf445761ccd2b42cda0f5.yaml b/nuclei-templates/2023/CVE-2023-41733-0adc72a8beddf445761ccd2b42cda0f5.yaml
index 5e9e4b036a..f9ced1c828 100644
--- a/nuclei-templates/2023/CVE-2023-41733-0adc72a8beddf445761ccd2b42cda0f5.yaml
+++ b/nuclei-templates/2023/CVE-2023-41733-0adc72a8beddf445761ccd2b42cda0f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Back To The Top Button <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Back To The Top Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/back-to-the-top-button/"
     google-query: inurl:"/wp-content/plugins/back-to-the-top-button/"
     shodan-query: 'vuln:CVE-2023-41733'
-  tags: cve,wordpress,wp-plugin,back-to-the-top-button,medium
+  tags: cve,wordpress,wp-plugin,back-to-the-top-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41734-027f8eecce0a5762cf1bc3cc2ca92e8d.yaml b/nuclei-templates/2023/CVE-2023-41734-027f8eecce0a5762cf1bc3cc2ca92e8d.yaml
index 1934c46665..eaeec21413 100644
--- a/nuclei-templates/2023/CVE-2023-41734-027f8eecce0a5762cf1bc3cc2ca92e8d.yaml
+++ b/nuclei-templates/2023/CVE-2023-41734-027f8eecce0a5762cf1bc3cc2ca92e8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Insert Estimated Reading Time <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Insert Estimated Reading Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insert-estimated-reading-time/"
     google-query: inurl:"/wp-content/plugins/insert-estimated-reading-time/"
     shodan-query: 'vuln:CVE-2023-41734'
-  tags: cve,wordpress,wp-plugin,insert-estimated-reading-time,medium
+  tags: cve,wordpress,wp-plugin,insert-estimated-reading-time,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41735-4eac7176009c682727808e01e866ef23.yaml b/nuclei-templates/2023/CVE-2023-41735-4eac7176009c682727808e01e866ef23.yaml
index cb9c381420..86a20945f4 100644
--- a/nuclei-templates/2023/CVE-2023-41735-4eac7176009c682727808e01e866ef23.yaml
+++ b/nuclei-templates/2023/CVE-2023-41735-4eac7176009c682727808e01e866ef23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email posts to subscribers <= 6.2 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Email posts to subscribers for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elp_plugin_parse_request() function in versions up to, and including 6.2. This makes it possible for unauthenticated attackers to invoke additional functions and export the email addresses of subscribers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-posts-to-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-posts-to-subscribers/"
     shodan-query: 'vuln:CVE-2023-41735'
-  tags: cve,wordpress,wp-plugin,email-posts-to-subscribers,medium
+  tags: cve,wordpress,wp-plugin,email-posts-to-subscribers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41736-8758f22404dd62cde026b1679050e44a.yaml b/nuclei-templates/2023/CVE-2023-41736-8758f22404dd62cde026b1679050e44a.yaml
index aff9e9fee5..64e9f33b65 100644
--- a/nuclei-templates/2023/CVE-2023-41736-8758f22404dd62cde026b1679050e44a.yaml
+++ b/nuclei-templates/2023/CVE-2023-41736-8758f22404dd62cde026b1679050e44a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email posts to subscribers <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Email posts to subscribers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-posts-to-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-posts-to-subscribers/"
     shodan-query: 'vuln:CVE-2023-41736'
-  tags: cve,wordpress,wp-plugin,email-posts-to-subscribers,medium
+  tags: cve,wordpress,wp-plugin,email-posts-to-subscribers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41737-861a2a6e66a953eb50c087718b438c88.yaml b/nuclei-templates/2023/CVE-2023-41737-861a2a6e66a953eb50c087718b438c88.yaml
index c55540d16a..3a0f1fef29 100644
--- a/nuclei-templates/2023/CVE-2023-41737-861a2a6e66a953eb50c087718b438c88.yaml
+++ b/nuclei-templates/2023/CVE-2023-41737-861a2a6e66a953eb50c087718b438c88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Swifty Bar, sticky bar by WPGens <= 1.2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Swifty Bar, sticky bar by WPGens plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/swifty-bar/"
     google-query: inurl:"/wp-content/plugins/swifty-bar/"
     shodan-query: 'vuln:CVE-2023-41737'
-  tags: cve,wordpress,wp-plugin,swifty-bar,medium
+  tags: cve,wordpress,wp-plugin,swifty-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41797-9e153a23809280911bab79339940a337.yaml b/nuclei-templates/2023/CVE-2023-41797-9e153a23809280911bab79339940a337.yaml
index c746d6e0b7..2780ab0151 100644
--- a/nuclei-templates/2023/CVE-2023-41797-9e153a23809280911bab79339940a337.yaml
+++ b/nuclei-templates/2023/CVE-2023-41797-9e153a23809280911bab79339940a337.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Locations <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/locations/"
     google-query: inurl:"/wp-content/plugins/locations/"
     shodan-query: 'vuln:CVE-2023-41797'
-  tags: cve,wordpress,wp-plugin,locations,medium
+  tags: cve,wordpress,wp-plugin,locations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41800-52d99f3d726c6a2b0f9591cf7e9202f7.yaml b/nuclei-templates/2023/CVE-2023-41800-52d99f3d726c6a2b0f9591cf7e9202f7.yaml
index 5c52e0343c..30b17540e6 100644
--- a/nuclei-templates/2023/CVE-2023-41800-52d99f3d726c6a2b0f9591cf7e9202f7.yaml
+++ b/nuclei-templates/2023/CVE-2023-41800-52d99f3d726c6a2b0f9591cf7e9202f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UniConsent Cookie Consent CMP for GDPR / CCPA <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The UniConsent Cookie Consent CMP for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uniconsent-cmp/"
     google-query: inurl:"/wp-content/plugins/uniconsent-cmp/"
     shodan-query: 'vuln:CVE-2023-41800'
-  tags: cve,wordpress,wp-plugin,uniconsent-cmp,medium
+  tags: cve,wordpress,wp-plugin,uniconsent-cmp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41802-9a23102fb64a765611d796440b87f458.yaml b/nuclei-templates/2023/CVE-2023-41802-9a23102fb64a765611d796440b87f458.yaml
index d0ebd494da..84b5744a58 100644
--- a/nuclei-templates/2023/CVE-2023-41802-9a23102fb64a765611d796440b87f458.yaml
+++ b/nuclei-templates/2023/CVE-2023-41802-9a23102fb64a765611d796440b87f458.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Super Socializer <= 7.13.54 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Super Socializer plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions such as heateor_ss_twitcount_notification_read, heateor_ss_gdpr_notification_read, heateor_ss_fb_redirection_notification_read, heateor_ss_twitter_callback_notification_read, heateor_ss_linkedin_redirect_url_notification_read, heateor_ss_fb_count_notification_read, heateor_ss_twitter_new_callback_notification_read, and more in versions up to, and including, 7.13.54. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark messages as read
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-socializer/"
     google-query: inurl:"/wp-content/plugins/super-socializer/"
     shodan-query: 'vuln:CVE-2023-41802'
-  tags: cve,wordpress,wp-plugin,super-socializer,medium
+  tags: cve,wordpress,wp-plugin,super-socializer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41803-bb0ef31fb16bd70576b63c47a36e1c9e.yaml b/nuclei-templates/2023/CVE-2023-41803-bb0ef31fb16bd70576b63c47a36e1c9e.yaml
index c7f8159bce..4f33c11bc9 100644
--- a/nuclei-templates/2023/CVE-2023-41803-bb0ef31fb16bd70576b63c47a36e1c9e.yaml
+++ b/nuclei-templates/2023/CVE-2023-41803-bb0ef31fb16bd70576b63c47a36e1c9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BitPay Checkout for WooCommerce <= 4.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BitPay Checkout for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bitpay-checkout-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/bitpay-checkout-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-41803'
-  tags: cve,wordpress,wp-plugin,bitpay-checkout-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,bitpay-checkout-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41804-53fb886a588d15854380c3b94bdeab19.yaml b/nuclei-templates/2023/CVE-2023-41804-53fb886a588d15854380c3b94bdeab19.yaml
index ad28362cd8..c00ce3fb17 100644
--- a/nuclei-templates/2023/CVE-2023-41804-53fb886a588d15854380c3b94bdeab19.yaml
+++ b/nuclei-templates/2023/CVE-2023-41804-53fb886a588d15854380c3b94bdeab19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Starter Templates (free and premium) plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.2.4 via the remote_request. This can allow authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. CVE-2023-34370 appears to be a duplicate of this.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2023-41804
   metadata:
-    fofa-query: "wp-content/plugins/astra-sites/"
-    google-query: inurl:"/wp-content/plugins/astra-sites/"
+    fofa-query: "wp-content/plugins/astra-pro-sites/"
+    google-query: inurl:"/wp-content/plugins/astra-pro-sites/"
     shodan-query: 'vuln:CVE-2023-41804'
-  tags: cve,wordpress,wp-plugin,astra-sites,medium
+  tags: cve,wordpress,wp-plugin,astra-pro-sites,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/astra-pro-sites/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "astra-sites"
+          - "astra-pro-sites"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-41805-27ee53c7765f3cc7ca36cbf7ac963e20.yaml b/nuclei-templates/2023/CVE-2023-41805-27ee53c7765f3cc7ca36cbf7ac963e20.yaml
index b458c4011d..f3d8be470f 100644
--- a/nuclei-templates/2023/CVE-2023-41805-27ee53c7765f3cc7ca36cbf7ac963e20.yaml
+++ b/nuclei-templates/2023/CVE-2023-41805-27ee53c7765f3cc7ca36cbf7ac963e20.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-41805
   metadata:
-    fofa-query: "wp-content/plugins/astra-sites/"
-    google-query: inurl:"/wp-content/plugins/astra-sites/"
+    fofa-query: "wp-content/plugins/astra-pro-sites/"
+    google-query: inurl:"/wp-content/plugins/astra-pro-sites/"
     shodan-query: 'vuln:CVE-2023-41805'
-  tags: cve,wordpress,wp-plugin,astra-sites,medium
+  tags: cve,wordpress,wp-plugin,astra-pro-sites,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/astra-pro-sites/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "astra-sites"
+          - "astra-pro-sites"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-41847-18ae8fd1e9cb93487e81ac53ef4e167a.yaml b/nuclei-templates/2023/CVE-2023-41847-18ae8fd1e9cb93487e81ac53ef4e167a.yaml
index cb9438384e..3d3a3e4624 100644
--- a/nuclei-templates/2023/CVE-2023-41847-18ae8fd1e9cb93487e81ac53ef4e167a.yaml
+++ b/nuclei-templates/2023/CVE-2023-41847-18ae8fd1e9cb93487e81ac53ef4e167a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Notice Bar <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Notice Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several style settings in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/notice-bar/"
     google-query: inurl:"/wp-content/plugins/notice-bar/"
     shodan-query: 'vuln:CVE-2023-41847'
-  tags: cve,wordpress,wp-plugin,notice-bar,medium
+  tags: cve,wordpress,wp-plugin,notice-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41848-24a3397fbf299aff4ecd7a231ef53936.yaml b/nuclei-templates/2023/CVE-2023-41848-24a3397fbf299aff4ecd7a231ef53936.yaml
index 82c7964f19..147d43567f 100644
--- a/nuclei-templates/2023/CVE-2023-41848-24a3397fbf299aff4ecd7a231ef53936.yaml
+++ b/nuclei-templates/2023/CVE-2023-41848-24a3397fbf299aff4ecd7a231ef53936.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carousel Slider <= 2.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Carousel Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function hooked via 'admin_init' in versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to opt in and opt out of tracking for the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/carousel-slider/"
     google-query: inurl:"/wp-content/plugins/carousel-slider/"
     shodan-query: 'vuln:CVE-2023-41848'
-  tags: cve,wordpress,wp-plugin,carousel-slider,medium
+  tags: cve,wordpress,wp-plugin,carousel-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41849-a6ade812b7794f2ce71092e01b3f3441.yaml b/nuclei-templates/2023/CVE-2023-41849-a6ade812b7794f2ce71092e01b3f3441.yaml
index f459e4acce..25e38eba8c 100644
--- a/nuclei-templates/2023/CVE-2023-41849-a6ade812b7794f2ce71092e01b3f3441.yaml
+++ b/nuclei-templates/2023/CVE-2023-41849-a6ade812b7794f2ce71092e01b3f3441.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Posts Like Dislike <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Posts Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in versions up to, and including, 1.1.1. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to reset the plugin's settings. Note: this issue was only partially patched in 1.1.1 as the nonce is still visible to subscriber-level users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/posts-like-dislike/"
     google-query: inurl:"/wp-content/plugins/posts-like-dislike/"
     shodan-query: 'vuln:CVE-2023-41849'
-  tags: cve,wordpress,wp-plugin,posts-like-dislike,medium
+  tags: cve,wordpress,wp-plugin,posts-like-dislike,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41855-6c7076324759f17d9672657f46020f5a.yaml b/nuclei-templates/2023/CVE-2023-41855-6c7076324759f17d9672657f46020f5a.yaml
index 0e9d6a2ef5..efc4a5bb5a 100644
--- a/nuclei-templates/2023/CVE-2023-41855-6c7076324759f17d9672657f46020f5a.yaml
+++ b/nuclei-templates/2023/CVE-2023-41855-6c7076324759f17d9672657f46020f5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Regpack <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Regpack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/regpack/"
     google-query: inurl:"/wp-content/plugins/regpack/"
     shodan-query: 'vuln:CVE-2023-41855'
-  tags: cve,wordpress,wp-plugin,regpack,medium
+  tags: cve,wordpress,wp-plugin,regpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41857-b512f326cf614df599ebd00014aea201.yaml b/nuclei-templates/2023/CVE-2023-41857-b512f326cf614df599ebd00014aea201.yaml
index a69e02574c..28b525000a 100644
--- a/nuclei-templates/2023/CVE-2023-41857-b512f326cf614df599ebd00014aea201.yaml
+++ b/nuclei-templates/2023/CVE-2023-41857-b512f326cf614df599ebd00014aea201.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Click To Tweet <= 2.0.14 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Click To Tweet plugin for WordPress is vulnerable to unauthorized access, loss or modification of data due to a missing capability check on one of its functions in versions up to, and including, 2.0.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of this functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/click-to-tweet/"
     google-query: inurl:"/wp-content/plugins/click-to-tweet/"
     shodan-query: 'vuln:CVE-2023-41857'
-  tags: cve,wordpress,wp-plugin,click-to-tweet,medium
+  tags: cve,wordpress,wp-plugin,click-to-tweet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41859-b3374ece5f330b0776522f2f5130afbd.yaml b/nuclei-templates/2023/CVE-2023-41859-b3374ece5f330b0776522f2f5130afbd.yaml
index 6a0493d9b1..c14ca6c80a 100644
--- a/nuclei-templates/2023/CVE-2023-41859-b3374ece5f330b0776522f2f5130afbd.yaml
+++ b/nuclei-templates/2023/CVE-2023-41859-b3374ece5f330b0776522f2f5130afbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order Delivery Date for WP e-Commerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/order-delivery-date/"
     google-query: inurl:"/wp-content/plugins/order-delivery-date/"
     shodan-query: 'vuln:CVE-2023-41859'
-  tags: cve,wordpress,wp-plugin,order-delivery-date,medium
+  tags: cve,wordpress,wp-plugin,order-delivery-date,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41862-6cdecc6c25d61ef54d3cce62a39d5781.yaml b/nuclei-templates/2023/CVE-2023-41862-6cdecc6c25d61ef54d3cce62a39d5781.yaml
index 14ccdb8be5..5e4d64aa1b 100644
--- a/nuclei-templates/2023/CVE-2023-41862-6cdecc6c25d61ef54d3cce62a39d5781.yaml
+++ b/nuclei-templates/2023/CVE-2023-41862-6cdecc6c25d61ef54d3cce62a39d5781.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VS Contact Form <= 13.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The VS Contact Form plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 13.9. Exact implications of this vulnerability are unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/very-simple-contact-form/"
     google-query: inurl:"/wp-content/plugins/very-simple-contact-form/"
     shodan-query: 'vuln:CVE-2023-41862'
-  tags: cve,wordpress,wp-plugin,very-simple-contact-form,medium
+  tags: cve,wordpress,wp-plugin,very-simple-contact-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41865-55b1133e21935d007c80035f80fa6446.yaml b/nuclei-templates/2023/CVE-2023-41865-55b1133e21935d007c80035f80fa6446.yaml
index f8d06abb65..3392ee22df 100644
--- a/nuclei-templates/2023/CVE-2023-41865-55b1133e21935d007c80035f80fa6446.yaml
+++ b/nuclei-templates/2023/CVE-2023-41865-55b1133e21935d007c80035f80fa6446.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Pro <= 4.8.6 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slider Pro plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in versions up to, and including, 4.8.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to hide warnings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sliderpro/"
     google-query: inurl:"/wp-content/plugins/sliderpro/"
     shodan-query: 'vuln:CVE-2023-41865'
-  tags: cve,wordpress,wp-plugin,sliderpro,medium
+  tags: cve,wordpress,wp-plugin,sliderpro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41866-41e70074e724b3d58c82d2325b25db5e.yaml b/nuclei-templates/2023/CVE-2023-41866-41e70074e724b3d58c82d2325b25db5e.yaml
index d62b3169a8..9c2f3eb822 100644
--- a/nuclei-templates/2023/CVE-2023-41866-41e70074e724b3d58c82d2325b25db5e.yaml
+++ b/nuclei-templates/2023/CVE-2023-41866-41e70074e724b3d58c82d2325b25db5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Automatic YouTube Gallery <= 2.3.3 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Automatic YouTube Gallery plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on the ajax_callback_save_api_key and ajax_callback_delete_cache functions in versions up to, and including, 2.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin API key and delete the plugin cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/automatic-youtube-gallery/"
     google-query: inurl:"/wp-content/plugins/automatic-youtube-gallery/"
     shodan-query: 'vuln:CVE-2023-41866'
-  tags: cve,wordpress,wp-plugin,automatic-youtube-gallery,medium
+  tags: cve,wordpress,wp-plugin,automatic-youtube-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41869-bd68d113848e70b56a089eb9f2977075.yaml b/nuclei-templates/2023/CVE-2023-41869-bd68d113848e70b56a089eb9f2977075.yaml
index a09cb304d4..09c3cb3308 100644
--- a/nuclei-templates/2023/CVE-2023-41869-bd68d113848e70b56a089eb9f2977075.yaml
+++ b/nuclei-templates/2023/CVE-2023-41869-bd68d113848e70b56a089eb9f2977075.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Accessibility Helper (WAH) <= 0.6.2.4 - Missing Authorization via AJAX action
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to a missing capability check on the wah_update_attachment_title function in versions up to, and including, 0.6.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change attachment titles.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-accessibility-helper/"
     google-query: inurl:"/wp-content/plugins/wp-accessibility-helper/"
     shodan-query: 'vuln:CVE-2023-41869'
-  tags: cve,wordpress,wp-plugin,wp-accessibility-helper,medium
+  tags: cve,wordpress,wp-plugin,wp-accessibility-helper,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41870-53abed64d2c7da6e29618b2b45471eff.yaml b/nuclei-templates/2023/CVE-2023-41870-53abed64d2c7da6e29618b2b45471eff.yaml
index a4d304c368..760bb47308 100644
--- a/nuclei-templates/2023/CVE-2023-41870-53abed64d2c7da6e29618b2b45471eff.yaml
+++ b/nuclei-templates/2023/CVE-2023-41870-53abed64d2c7da6e29618b2b45471eff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Crowdfunding <= 2.1.4 - Missing Authorization via settings_reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized settings reset due to a missing capability check on the settings_reset function in versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-crowdfunding/"
     google-query: inurl:"/wp-content/plugins/wp-crowdfunding/"
     shodan-query: 'vuln:CVE-2023-41870'
-  tags: cve,wordpress,wp-plugin,wp-crowdfunding,medium
+  tags: cve,wordpress,wp-plugin,wp-crowdfunding,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41873-cef3df52a6e193270f584096ae2ab14a.yaml b/nuclei-templates/2023/CVE-2023-41873-cef3df52a6e193270f584096ae2ab14a.yaml
index 5d2da8ad4b..096dc12d24 100644
--- a/nuclei-templates/2023/CVE-2023-41873-cef3df52a6e193270f584096ae2ab14a.yaml
+++ b/nuclei-templates/2023/CVE-2023-41873-cef3df52a6e193270f584096ae2ab14a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SAML SP Single Sign On <= 5.0.4 - Missing Authorization to notice dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SAML SP Single Sign On plugin for WordPress is vulnerable to unauthorized notice dismissal due to a missing capability check on the close_welcome_modal function in versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss the welcome tour of the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-saml-20-single-sign-on/"
     google-query: inurl:"/wp-content/plugins/miniorange-saml-20-single-sign-on/"
     shodan-query: 'vuln:CVE-2023-41873'
-  tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,medium
+  tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41875-169725f2f4440d7e4d2c8758f176453b.yaml b/nuclei-templates/2023/CVE-2023-41875-169725f2f4440d7e4d2c8758f176453b.yaml
index d1235de20e..c63f25ba76 100644
--- a/nuclei-templates/2023/CVE-2023-41875-169725f2f4440d7e4d2c8758f176453b.yaml
+++ b/nuclei-templates/2023/CVE-2023-41875-169725f2f4440d7e4d2c8758f176453b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Directory Kit <= 1.2.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Directory Kit plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on one of its functions in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to make use of functionality intended for users with higher access levels.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdirectorykit/"
     google-query: inurl:"/wp-content/plugins/wpdirectorykit/"
     shodan-query: 'vuln:CVE-2023-41875'
-  tags: cve,wordpress,wp-plugin,wpdirectorykit,medium
+  tags: cve,wordpress,wp-plugin,wpdirectorykit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41948-bd04f483d63aabca8f2d0d86dcbe84f9.yaml b/nuclei-templates/2023/CVE-2023-41948-bd04f483d63aabca8f2d0d86dcbe84f9.yaml
index 0ea9487b1f..ec01a24c30 100644
--- a/nuclei-templates/2023/CVE-2023-41948-bd04f483d63aabca8f2d0d86dcbe84f9.yaml
+++ b/nuclei-templates/2023/CVE-2023-41948-bd04f483d63aabca8f2d0d86dcbe84f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Notice & Consent 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookie-notice-consent/"
     google-query: inurl:"/wp-content/plugins/cookie-notice-consent/"
     shodan-query: 'vuln:CVE-2023-41948'
-  tags: cve,wordpress,wp-plugin,cookie-notice-consent,medium
+  tags: cve,wordpress,wp-plugin,cookie-notice-consent,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41949-7c92e9b689e3db3a0760660dea080463.yaml b/nuclei-templates/2023/CVE-2023-41949-7c92e9b689e3db3a0760660dea080463.yaml
index e31a91ba7d..64aa3000aa 100644
--- a/nuclei-templates/2023/CVE-2023-41949-7c92e9b689e3db3a0760660dea080463.yaml
+++ b/nuclei-templates/2023/CVE-2023-41949-7c92e9b689e3db3a0760660dea080463.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iFolders <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iFolders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ifolders/"
     google-query: inurl:"/wp-content/plugins/ifolders/"
     shodan-query: 'vuln:CVE-2023-41949'
-  tags: cve,wordpress,wp-plugin,ifolders,medium
+  tags: cve,wordpress,wp-plugin,ifolders,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41951-85898493501c4d75829911d4553b254e.yaml b/nuclei-templates/2023/CVE-2023-41951-85898493501c4d75829911d4553b254e.yaml
index c357f9c941..c9a54ffc43 100644
--- a/nuclei-templates/2023/CVE-2023-41951-85898493501c4d75829911d4553b254e.yaml
+++ b/nuclei-templates/2023/CVE-2023-41951-85898493501c4d75829911d4553b254e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization via export_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the export_settings function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to export plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-media/"
     google-query: inurl:"/wp-content/plugins/buddypress-media/"
     shodan-query: 'vuln:CVE-2023-41951'
-  tags: cve,wordpress,wp-plugin,buddypress-media,medium
+  tags: cve,wordpress,wp-plugin,buddypress-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-41955-e5a55bdcc25518bd7b994104c01d9391.yaml b/nuclei-templates/2023/CVE-2023-41955-e5a55bdcc25518bd7b994104c01d9391.yaml
index cc08a57545..5081ca571d 100644
--- a/nuclei-templates/2023/CVE-2023-41955-e5a55bdcc25518bd7b994104c01d9391.yaml
+++ b/nuclei-templates/2023/CVE-2023-41955-e5a55bdcc25518bd7b994104c01d9391.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor <= 5.8.8 - Authenticated (Contributor+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Essential Addons for Elementor  plugin for WordPress is vulnerable to privilege escalation in versions up to and including 5.8.8 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user. Note that this is difficult to exploit without publishing capabilities and appears to be a regression, as an identical issue was patched in version 4.6.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2023-41955'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,high
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4213-669be7a13bf58d1940739fe39615ab4b.yaml b/nuclei-templates/2023/CVE-2023-4213-669be7a13bf58d1940739fe39615ab4b.yaml
index 63d23acffa..3b59318d06 100644
--- a/nuclei-templates/2023/CVE-2023-4213-669be7a13bf58d1940739fe39615ab4b.yaml
+++ b/nuclei-templates/2023/CVE-2023-4213-669be7a13bf58d1940739fe39615ab4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simplr-registration-form/"
     google-query: inurl:"/wp-content/plugins/simplr-registration-form/"
     shodan-query: 'vuln:CVE-2023-4213'
-  tags: cve,wordpress,wp-plugin,simplr-registration-form,high
+  tags: cve,wordpress,wp-plugin,simplr-registration-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4238-0dc878d77e3a3194c72fdd6ba3814c5b.yaml b/nuclei-templates/2023/CVE-2023-4238-0dc878d77e3a3194c72fdd6ba3814c5b.yaml
index b2bd1e5ab6..65ac3f0469 100644
--- a/nuclei-templates/2023/CVE-2023-4238-0dc878d77e3a3194c72fdd6ba3814c5b.yaml
+++ b/nuclei-templates/2023/CVE-2023-4238-0dc878d77e3a3194c72fdd6ba3814c5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prevent files / folders access <= 2.5.1 - Authenticated (Administrator+) Arbitrary File Upload in mo_media_restrict_page
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Prevent files / folders access plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mo_media_restrict_page function in versions up to, and including, 2.5.1. This makes it possible for authenticated attackers, with administrator-level privileges and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/prevent-file-access/"
     google-query: inurl:"/wp-content/plugins/prevent-file-access/"
     shodan-query: 'vuln:CVE-2023-4238'
-  tags: cve,wordpress,wp-plugin,prevent-file-access,high
+  tags: cve,wordpress,wp-plugin,prevent-file-access,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4239-ce5b36195b53746aaff59fc078e530e9.yaml b/nuclei-templates/2023/CVE-2023-4239-ce5b36195b53746aaff59fc078e530e9.yaml
index d86c1650ca..d811f8db1b 100644
--- a/nuclei-templates/2023/CVE-2023-4239-ce5b36195b53746aaff59fc078e530e9.yaml
+++ b/nuclei-templates/2023/CVE-2023-4239-ce5b36195b53746aaff59fc078e530e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Estate Manager <= 7.2 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/real-estate-manager/"
     google-query: inurl:"/wp-content/plugins/real-estate-manager/"
     shodan-query: 'vuln:CVE-2023-4239'
-  tags: cve,wordpress,wp-plugin,real-estate-manager,high
+  tags: cve,wordpress,wp-plugin,real-estate-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4242-cb4a0a7493c7105139c64a6aefea1dd1.yaml b/nuclei-templates/2023/CVE-2023-4242-cb4a0a7493c7105139c64a6aefea1dd1.yaml
index 15a9489da7..ceeaa29cb7 100644
--- a/nuclei-templates/2023/CVE-2023-4242-cb4a0a7493c7105139c64a6aefea1dd1.yaml
+++ b/nuclei-templates/2023/CVE-2023-4242-cb4a0a7493c7105139c64a6aefea1dd1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/full-customer/"
     google-query: inurl:"/wp-content/plugins/full-customer/"
     shodan-query: 'vuln:CVE-2023-4242'
-  tags: cve,wordpress,wp-plugin,full-customer,medium
+  tags: cve,wordpress,wp-plugin,full-customer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4243-1e47a59c0ad1f7f985e2120ccff4f8d1.yaml b/nuclei-templates/2023/CVE-2023-4243-1e47a59c0ad1f7f985e2120ccff4f8d1.yaml
index ae9f5e5ebb..66e186dec4 100644
--- a/nuclei-templates/2023/CVE-2023-4243-1e47a59c0ad1f7f985e2120ccff4f8d1.yaml
+++ b/nuclei-templates/2023/CVE-2023-4243-1e47a59c0ad1f7f985e2120ccff4f8d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin Installation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/full-customer/"
     google-query: inurl:"/wp-content/plugins/full-customer/"
     shodan-query: 'vuln:CVE-2023-4243'
-  tags: cve,wordpress,wp-plugin,full-customer,high
+  tags: cve,wordpress,wp-plugin,full-customer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4245-6173b7b86957899221b3529556dc4a8a.yaml b/nuclei-templates/2023/CVE-2023-4245-6173b7b86957899221b3529556dc4a8a.yaml
index f942e780f4..3fc9c49bf4 100644
--- a/nuclei-templates/2023/CVE-2023-4245-6173b7b86957899221b3529556dc4a8a.yaml
+++ b/nuclei-templates/2023/CVE-2023-4245-6173b7b86957899221b3529556dc4a8a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce PDF Invoice Builder <= 1.2.89 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the order id and invoice id.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/"
     google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/"
     shodan-query: 'vuln:CVE-2023-4245'
-  tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,medium
+  tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4253-67e61488b97755fd204f3e38d91bbcf2.yaml b/nuclei-templates/2023/CVE-2023-4253-67e61488b97755fd204f3e38d91bbcf2.yaml
index fe8c0a58a7..81360fd112 100644
--- a/nuclei-templates/2023/CVE-2023-4253-67e61488b97755fd204f3e38d91bbcf2.yaml
+++ b/nuclei-templates/2023/CVE-2023-4253-67e61488b97755fd204f3e38d91bbcf2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ChatBot <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions up to, and including, 4.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-4253'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4254-584e49f9f9bb47c562f3e0a8463d6240.yaml b/nuclei-templates/2023/CVE-2023-4254-584e49f9f9bb47c562f3e0a8463d6240.yaml
index 4836955d21..f5758b0f6f 100644
--- a/nuclei-templates/2023/CVE-2023-4254-584e49f9f9bb47c562f3e0a8463d6240.yaml
+++ b/nuclei-templates/2023/CVE-2023-4254-584e49f9f9bb47c562f3e0a8463d6240.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via Language Settings in versions up to, and including, 4.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-4254'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4271-27268d0b59c1274c726da2859a7e1b6d.yaml b/nuclei-templates/2023/CVE-2023-4271-27268d0b59c1274c726da2859a7e1b6d.yaml
index 7dd92902bf..bdababdfba 100644
--- a/nuclei-templates/2023/CVE-2023-4271-27268d0b59c1274c726da2859a7e1b6d.yaml
+++ b/nuclei-templates/2023/CVE-2023-4271-27268d0b59c1274c726da2859a7e1b6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photospace-responsive/"
     google-query: inurl:"/wp-content/plugins/photospace-responsive/"
     shodan-query: 'vuln:CVE-2023-4271'
-  tags: cve,wordpress,wp-plugin,photospace-responsive,medium
+  tags: cve,wordpress,wp-plugin,photospace-responsive,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4274-6fc26492de3e14b8a03318635a942d46.yaml b/nuclei-templates/2023/CVE-2023-4274-6fc26492de3e14b8a03318635a942d46.yaml
index 54348922b2..fa20dd489b 100644
--- a/nuclei-templates/2023/CVE-2023-4274-6fc26492de3e14b8a03318635a942d46.yaml
+++ b/nuclei-templates/2023/CVE-2023-4274-6fc26492de3e14b8a03318635a942d46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:CVE-2023-4274'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,high
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4276-08a30537532865cd761666366968e42d.yaml b/nuclei-templates/2023/CVE-2023-4276-08a30537532865cd761666366968e42d.yaml
index 7ecf5df3d2..24345ac940 100644
--- a/nuclei-templates/2023/CVE-2023-4276-08a30537532865cd761666366968e42d.yaml
+++ b/nuclei-templates/2023/CVE-2023-4276-08a30537532865cd761666366968e42d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Absolute Privacy <= 2.1 - Cross-Site Request Forgery to User Email/Password Change
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/absolute-privacy/"
     google-query: inurl:"/wp-content/plugins/absolute-privacy/"
     shodan-query: 'vuln:CVE-2023-4276'
-  tags: cve,wordpress,wp-plugin,absolute-privacy,high
+  tags: cve,wordpress,wp-plugin,absolute-privacy,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4277-be08bf68983d62c13cc53ac7ac785641.yaml b/nuclei-templates/2023/CVE-2023-4277-be08bf68983d62c13cc53ac7ac785641.yaml
index 54512d965b..81ee740706 100644
--- a/nuclei-templates/2023/CVE-2023-4277-be08bf68983d62c13cc53ac7ac785641.yaml
+++ b/nuclei-templates/2023/CVE-2023-4277-be08bf68983d62c13cc53ac7ac785641.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Realia <= 1.4.0 - Cross-Site Request Forgery to User Email Change
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/realia/"
     google-query: inurl:"/wp-content/plugins/realia/"
     shodan-query: 'vuln:CVE-2023-4277'
-  tags: cve,wordpress,wp-plugin,realia,high
+  tags: cve,wordpress,wp-plugin,realia,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4282-735922333648d19765f3918bee1c33f6.yaml b/nuclei-templates/2023/CVE-2023-4282-735922333648d19765f3918bee1c33f6.yaml
index 7ebeb74156..79bf07a09c 100644
--- a/nuclei-templates/2023/CVE-2023-4282-735922333648d19765f3918bee1c33f6.yaml
+++ b/nuclei-templates/2023/CVE-2023-4282-735922333648d19765f3918bee1c33f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2023-4282'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4283-7ebfb915654b21bb1907517d4349fa05.yaml b/nuclei-templates/2023/CVE-2023-4283-7ebfb915654b21bb1907517d4349fa05.yaml
index e199791e3c..f5b98214a0 100644
--- a/nuclei-templates/2023/CVE-2023-4283-7ebfb915654b21bb1907517d4349fa05.yaml
+++ b/nuclei-templates/2023/CVE-2023-4283-7ebfb915654b21bb1907517d4349fa05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2023-4283'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4289-619a199c4aef0c8ec4b0e45c8c920810.yaml b/nuclei-templates/2023/CVE-2023-4289-619a199c4aef0c8ec4b0e45c8c920810.yaml
index 471d2c9e1d..5c6050c96d 100644
--- a/nuclei-templates/2023/CVE-2023-4289-619a199c4aef0c8ec4b0e45c8c920810.yaml
+++ b/nuclei-templates/2023/CVE-2023-4289-619a199c4aef0c8ec4b0e45c8c920810.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Matterport Shortcode <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Matterport Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-gallery-for-matterport-showcase/"
     google-query: inurl:"/wp-content/plugins/shortcode-gallery-for-matterport-showcase/"
     shodan-query: 'vuln:CVE-2023-4289'
-  tags: cve,wordpress,wp-plugin,shortcode-gallery-for-matterport-showcase,medium
+  tags: cve,wordpress,wp-plugin,shortcode-gallery-for-matterport-showcase,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4293-1a67baf6167d3af7ea57dc54d855070a.yaml b/nuclei-templates/2023/CVE-2023-4293-1a67baf6167d3af7ea57dc54d855070a.yaml
index afad8058d6..dea30aa6e6 100644
--- a/nuclei-templates/2023/CVE-2023-4293-1a67baf6167d3af7ea57dc54d855070a.yaml
+++ b/nuclei-templates/2023/CVE-2023-4293-1a67baf6167d3af7ea57dc54d855070a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'profile[role]' parameter during a profile update.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdm-premium-packages/"
     google-query: inurl:"/wp-content/plugins/wpdm-premium-packages/"
     shodan-query: 'vuln:CVE-2023-4293'
-  tags: cve,wordpress,wp-plugin,wpdm-premium-packages,high
+  tags: cve,wordpress,wp-plugin,wpdm-premium-packages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4297-0ce6b6a0e9e78d060d6ca04414281584.yaml b/nuclei-templates/2023/CVE-2023-4297-0ce6b6a0e9e78d060d6ca04414281584.yaml
index 90cffaa352..1c9babe76e 100644
--- a/nuclei-templates/2023/CVE-2023-4297-0ce6b6a0e9e78d060d6ca04414281584.yaml
+++ b/nuclei-templates/2023/CVE-2023-4297-0ce6b6a0e9e78d060d6ca04414281584.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mmm Simple File List <= 2.3 - Authenticated (Subscriber+) Directory Traversal
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Mmm Simple File List plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 2.3. This makes it possible for authenticated attackers, with subscriber access or higher to read the contents of arbitrary folders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mmm-file-list/"
     google-query: inurl:"/wp-content/plugins/mmm-file-list/"
     shodan-query: 'vuln:CVE-2023-4297'
-  tags: cve,wordpress,wp-plugin,mmm-file-list,high
+  tags: cve,wordpress,wp-plugin,mmm-file-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4298-93f5b1d9d41a68948272932dc6addd39.yaml b/nuclei-templates/2023/CVE-2023-4298-93f5b1d9d41a68948272932dc6addd39.yaml
index 080d95b2f3..2f1a284255 100644
--- a/nuclei-templates/2023/CVE-2023-4298-93f5b1d9d41a68948272932dc6addd39.yaml
+++ b/nuclei-templates/2023/CVE-2023-4298-93f5b1d9d41a68948272932dc6addd39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     123.chat <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 123.chat  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/123-chat-videochat/"
     google-query: inurl:"/wp-content/plugins/123-chat-videochat/"
     shodan-query: 'vuln:CVE-2023-4298'
-  tags: cve,wordpress,wp-plugin,123-chat-videochat,medium
+  tags: cve,wordpress,wp-plugin,123-chat-videochat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4300-9ab53108097247c27c02dfd755c3ffcf.yaml b/nuclei-templates/2023/CVE-2023-4300-9ab53108097247c27c02dfd755c3ffcf.yaml
index 5a7fe1d2ed..9d144a9142 100644
--- a/nuclei-templates/2023/CVE-2023-4300-9ab53108097247c27c02dfd755c3ffcf.yaml
+++ b/nuclei-templates/2023/CVE-2023-4300-9ab53108097247c27c02dfd755c3ffcf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import XML and RSS Feeds <= 2.1.3 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Import XML and RSS Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moove_save_import_template() function in versions up to, and including, 2.1.3. This makes it possible for authenticated attackers with administrative-level access to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-xml-feed/"
     google-query: inurl:"/wp-content/plugins/import-xml-feed/"
     shodan-query: 'vuln:CVE-2023-4300'
-  tags: cve,wordpress,wp-plugin,import-xml-feed,high
+  tags: cve,wordpress,wp-plugin,import-xml-feed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4311-739af30ba304d3e19c7edf50976bcb67.yaml b/nuclei-templates/2023/CVE-2023-4311-739af30ba304d3e19c7edf50976bcb67.yaml
index 5bbfdf7c2e..a980b2d09e 100644
--- a/nuclei-templates/2023/CVE-2023-4311-739af30ba304d3e19c7edf50976bcb67.yaml
+++ b/nuclei-templates/2023/CVE-2023-4311-739af30ba304d3e19c7edf50976bcb67.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vrm 360 3D Model Viewer <= 1.2.1 - Authenticated (Contributor+) Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Vrm 360 3D Model Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the vrm360 shortcode functionality in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vrm360/"
     google-query: inurl:"/wp-content/plugins/vrm360/"
     shodan-query: 'vuln:CVE-2023-4311'
-  tags: cve,wordpress,wp-plugin,vrm360,medium
+  tags: cve,wordpress,wp-plugin,vrm360,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4314-23d1479acb7980e0e80c8871beec9664.yaml b/nuclei-templates/2023/CVE-2023-4314-23d1479acb7980e0e80c8871beec9664.yaml
index 9774693d6c..5317b7c817 100644
--- a/nuclei-templates/2023/CVE-2023-4314-23d1479acb7980e0e80c8871beec9664.yaml
+++ b/nuclei-templates/2023/CVE-2023-4314-23d1479acb7980e0e80c8871beec9664.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDataTables - Tables & Table Charts <= 2.1.65 - Authenticated(Administrator+) PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpDataTables - Tables & Table Charts plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.65 via deserialization of untrusted input in multiple functions. This allows authenticated attackers with administrator capabilities to inject a PHP Object. The additional presence of a POP chain may allow attackers to delete arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdatatables/"
     google-query: inurl:"/wp-content/plugins/wpdatatables/"
     shodan-query: 'vuln:CVE-2023-4314'
-  tags: cve,wordpress,wp-plugin,wpdatatables,medium
+  tags: cve,wordpress,wp-plugin,wpdatatables,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-43493-f56dc5bbdc913e57ded42347de5ef8aa.yaml b/nuclei-templates/2023/CVE-2023-43493-f56dc5bbdc913e57ded42347de5ef8aa.yaml
index c5af06271f..e375261aeb 100644
--- a/nuclei-templates/2023/CVE-2023-43493-f56dc5bbdc913e57ded42347de5ef8aa.yaml
+++ b/nuclei-templates/2023/CVE-2023-43493-f56dc5bbdc913e57ded42347de5ef8aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.8.21 - Authenticated(level_5+) SQL Injection via get_logs
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via multiple parameters in the 'get_logs' functionality in versions up to, and including, 2.8.21 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with user level 5 or higher (which corresponds roughly to Author-level capabilities) to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2023-43493'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-43610-fc6e5379eaab092cc08185fd85a10348.yaml b/nuclei-templates/2023/CVE-2023-43610-fc6e5379eaab092cc08185fd85a10348.yaml
index 6cd375f482..995437f77b 100644
--- a/nuclei-templates/2023/CVE-2023-43610-fc6e5379eaab092cc08185fd85a10348.yaml
+++ b/nuclei-templates/2023/CVE-2023-43610-fc6e5379eaab092cc08185fd85a10348.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the order data edit page in versions up to, and including, 2.8.21 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2023-43610'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4372-e320d6afe142ff2886379823eb8759ba.yaml b/nuclei-templates/2023/CVE-2023-4372-e320d6afe142ff2886379823eb8759ba.yaml
index b974488279..f79643c642 100644
--- a/nuclei-templates/2023/CVE-2023-4372-e320d6afe142ff2886379823eb8759ba.yaml
+++ b/nuclei-templates/2023/CVE-2023-4372-e320d6afe142ff2886379823eb8759ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LiteSpeed Cache <= 5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/litespeed-cache/"
     google-query: inurl:"/wp-content/plugins/litespeed-cache/"
     shodan-query: 'vuln:CVE-2023-4372'
-  tags: cve,wordpress,wp-plugin,litespeed-cache,medium
+  tags: cve,wordpress,wp-plugin,litespeed-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4374-b5b3726a38a0d1a56eeda75879ed92d9.yaml b/nuclei-templates/2023/CVE-2023-4374-b5b3726a38a0d1a56eeda75879ed92d9.yaml
index 5251571cda..0aaed9572e 100644
--- a/nuclei-templates/2023/CVE-2023-4374-b5b3726a38a0d1a56eeda75879ed92d9.yaml
+++ b/nuclei-templates/2023/CVE-2023-4374-b5b3726a38a0d1a56eeda75879ed92d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-remote-users-sync/"
     google-query: inurl:"/wp-content/plugins/wp-remote-users-sync/"
     shodan-query: 'vuln:CVE-2023-4374'
-  tags: cve,wordpress,wp-plugin,wp-remote-users-sync,medium
+  tags: cve,wordpress,wp-plugin,wp-remote-users-sync,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4376-0bd471365f33bde2fc9b3cf18367b907.yaml b/nuclei-templates/2023/CVE-2023-4376-0bd471365f33bde2fc9b3cf18367b907.yaml
index 7e32c4f86d..466f61710f 100644
--- a/nuclei-templates/2023/CVE-2023-4376-0bd471365f33bde2fc9b3cf18367b907.yaml
+++ b/nuclei-templates/2023/CVE-2023-4376-0bd471365f33bde2fc9b3cf18367b907.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Serial Codes Generator and Validator with WooCommerce Support <= 2.4.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Serial Codes Generator and Validator with WooCommerce Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data[codes]' parameter saved through the sngmbhSerialcodesValidator_executeAdminSettings AJAX action in versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/serial-codes-generator-and-validator/"
     google-query: inurl:"/wp-content/plugins/serial-codes-generator-and-validator/"
     shodan-query: 'vuln:CVE-2023-4376'
-  tags: cve,wordpress,wp-plugin,serial-codes-generator-and-validator,medium
+  tags: cve,wordpress,wp-plugin,serial-codes-generator-and-validator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4386-daec7d39bacac9f0d791f41eb89b64b4.yaml b/nuclei-templates/2023/CVE-2023-4386-daec7d39bacac9f0d791f41eb89b64b4.yaml
index affbd9d44d..13ee01a62c 100644
--- a/nuclei-templates/2023/CVE-2023-4386-daec7d39bacac9f0d791f41eb89b64b4.yaml
+++ b/nuclei-templates/2023/CVE-2023-4386-daec7d39bacac9f0d791f41eb89b64b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2023-4386
   metadata:
-    fofa-query: "wp-content/plugins/essential-blocks-pro/"
-    google-query: inurl:"/wp-content/plugins/essential-blocks-pro/"
+    fofa-query: "wp-content/plugins/essential-blocks/"
+    google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2023-4386'
-  tags: cve,wordpress,wp-plugin,essential-blocks-pro,high
+  tags: cve,wordpress,wp-plugin,essential-blocks,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/essential-blocks-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "essential-blocks-pro"
+          - "essential-blocks"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.1.0')
\ No newline at end of file
+          - compare_versions(version, '<= 4.2.0')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-4388-fb01f61580a3daa6743e2536b3904a23.yaml b/nuclei-templates/2023/CVE-2023-4388-fb01f61580a3daa6743e2536b3904a23.yaml
index 6eb94f43e1..bea26bdeaf 100644
--- a/nuclei-templates/2023/CVE-2023-4388-fb01f61580a3daa6743e2536b3904a23.yaml
+++ b/nuclei-templates/2023/CVE-2023-4388-fb01f61580a3daa6743e2536b3904a23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventON <= 2.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EventON plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventon-lite/"
     google-query: inurl:"/wp-content/plugins/eventon-lite/"
     shodan-query: 'vuln:CVE-2023-4388'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4390-ffda73ee0ac47c439700ae8ebfad208d.yaml b/nuclei-templates/2023/CVE-2023-4390-ffda73ee0ac47c439700ae8ebfad208d.yaml
index 51fc0fb772..96ae9c28af 100644
--- a/nuclei-templates/2023/CVE-2023-4390-ffda73ee0ac47c439700ae8ebfad208d.yaml
+++ b/nuclei-templates/2023/CVE-2023-4390-ffda73ee0ac47c439700ae8ebfad208d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Box <= 3.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-popup-box/"
     google-query: inurl:"/wp-content/plugins/ays-popup-box/"
     shodan-query: 'vuln:CVE-2023-4390'
-  tags: cve,wordpress,wp-plugin,ays-popup-box,medium
+  tags: cve,wordpress,wp-plugin,ays-popup-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4402-de6bb81e5776b8853821078d5af9e37e.yaml b/nuclei-templates/2023/CVE-2023-4402-de6bb81e5776b8853821078d5af9e37e.yaml
index 4cd257ad8e..7ec8a58597 100644
--- a/nuclei-templates/2023/CVE-2023-4402-de6bb81e5776b8853821078d5af9e37e.yaml
+++ b/nuclei-templates/2023/CVE-2023-4402-de6bb81e5776b8853821078d5af9e37e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2023-4402
   metadata:
-    fofa-query: "wp-content/plugins/essential-blocks-pro/"
-    google-query: inurl:"/wp-content/plugins/essential-blocks-pro/"
+    fofa-query: "wp-content/plugins/essential-blocks/"
+    google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2023-4402'
-  tags: cve,wordpress,wp-plugin,essential-blocks-pro,high
+  tags: cve,wordpress,wp-plugin,essential-blocks,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/essential-blocks-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "essential-blocks-pro"
+          - "essential-blocks"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.1.0')
\ No newline at end of file
+          - compare_versions(version, '<= 4.2.0')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-44142-a7d769783ca2c437e9a1a4760da51769.yaml b/nuclei-templates/2023/CVE-2023-44142-a7d769783ca2c437e9a1a4760da51769.yaml
index 671b3e0746..fc68834b60 100644
--- a/nuclei-templates/2023/CVE-2023-44142-a7d769783ca2c437e9a1a4760da51769.yaml
+++ b/nuclei-templates/2023/CVE-2023-44142-a7d769783ca2c437e9a1a4760da51769.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inactive Logout <= 3.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Inactive Logout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ina_reset_adv_settings() function in versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/inactive-logout/"
     google-query: inurl:"/wp-content/plugins/inactive-logout/"
     shodan-query: 'vuln:CVE-2023-44142'
-  tags: cve,wordpress,wp-plugin,inactive-logout,medium
+  tags: cve,wordpress,wp-plugin,inactive-logout,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44145-843f515046670d7a382e75e7e4f584c1.yaml b/nuclei-templates/2023/CVE-2023-44145-843f515046670d7a382e75e7e4f584c1.yaml
index 4224f4e94a..31267b3c41 100644
--- a/nuclei-templates/2023/CVE-2023-44145-843f515046670d7a382e75e7e4f584c1.yaml
+++ b/nuclei-templates/2023/CVE-2023-44145-843f515046670d7a382e75e7e4f584c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Anchor Episodes Index (Spotify for Podcasters) <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anchor-episodes-index/"
     google-query: inurl:"/wp-content/plugins/anchor-episodes-index/"
     shodan-query: 'vuln:CVE-2023-44145'
-  tags: cve,wordpress,wp-plugin,anchor-episodes-index,medium
+  tags: cve,wordpress,wp-plugin,anchor-episodes-index,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44148-3e0d971821f286a488f83631df3f9e8f.yaml b/nuclei-templates/2023/CVE-2023-44148-3e0d971821f286a488f83631df3f9e8f.yaml
index e8c7784500..28469c6162 100644
--- a/nuclei-templates/2023/CVE-2023-44148-3e0d971821f286a488f83631df3f9e8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-44148-3e0d971821f286a488f83631df3f9e8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Astra Bulk Edit <= 1.2.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Astra Bulk Edit plugin for WordPress is vulnerable to unauthorized missing authorization due to a missing capability check on the save_post_bulk_edit function in versions up to, and including, 1.2.7. This makes it possible for attackers with contributor-level access or higher to bulk edit posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/astra-bulk-edit/"
     google-query: inurl:"/wp-content/plugins/astra-bulk-edit/"
     shodan-query: 'vuln:CVE-2023-44148'
-  tags: cve,wordpress,wp-plugin,astra-bulk-edit,medium
+  tags: cve,wordpress,wp-plugin,astra-bulk-edit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44149-825f1e0aa5ff97544f2d8803cf6504ca.yaml b/nuclei-templates/2023/CVE-2023-44149-825f1e0aa5ff97544f2d8803cf6504ca.yaml
index ab09b621ae..7cc47a01b7 100644
--- a/nuclei-templates/2023/CVE-2023-44149-825f1e0aa5ff97544f2d8803cf6504ca.yaml
+++ b/nuclei-templates/2023/CVE-2023-44149-825f1e0aa5ff97544f2d8803cf6504ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brands for WooCommerce <= 3.8.2.2 - Missing Authorization to Unauthenticated Order Manipulation and Information Retrieval
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Brands for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.8.2.2. This is due to missing capability checks on the clear_cache_ajax, save_order, br_get_products, br_get_brands, and save_all_orders functions hooked via AJAX nopriv actions. This makes it possible for unauthenticated attackers to modify orders and clear the plugin's cache. Please note that while the plugin author only added nonces to the functions, and not capability checks, the nonces are not disclosed to unauthorized users making this issue patched, though not perfectly.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brands-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/brands-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-44149'
-  tags: cve,wordpress,wp-plugin,brands-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,brands-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44228-a274b1ec9586c121ed58c6cb9eda6a2b.yaml b/nuclei-templates/2023/CVE-2023-44228-a274b1ec9586c121ed58c6cb9eda6a2b.yaml
index 3ec4676207..b6d18c9c90 100644
--- a/nuclei-templates/2023/CVE-2023-44228-a274b1ec9586c121ed58c6cb9eda6a2b.yaml
+++ b/nuclei-templates/2023/CVE-2023-44228-a274b1ec9586c121ed58c6cb9eda6a2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Onclick Show Popup <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Onclick Show Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/onclick-show-popup/"
     google-query: inurl:"/wp-content/plugins/onclick-show-popup/"
     shodan-query: 'vuln:CVE-2023-44228'
-  tags: cve,wordpress,wp-plugin,onclick-show-popup,medium
+  tags: cve,wordpress,wp-plugin,onclick-show-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44229-54520ac61a70e176cb0b123fca675fcd.yaml b/nuclei-templates/2023/CVE-2023-44229-54520ac61a70e176cb0b123fca675fcd.yaml
index 1e80b3db1a..e9542d9086 100644
--- a/nuclei-templates/2023/CVE-2023-44229-54520ac61a70e176cb0b123fca675fcd.yaml
+++ b/nuclei-templates/2023/CVE-2023-44229-54520ac61a70e176cb0b123fca675fcd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tiny Carousel Horizontal Slider <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tiny Carousel Horizontal Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tiny-carousel-horizontal-slider/"
     google-query: inurl:"/wp-content/plugins/tiny-carousel-horizontal-slider/"
     shodan-query: 'vuln:CVE-2023-44229'
-  tags: cve,wordpress,wp-plugin,tiny-carousel-horizontal-slider,medium
+  tags: cve,wordpress,wp-plugin,tiny-carousel-horizontal-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4423-5dfd39caa2a4a17a9d81b2bcb48fe7a9.yaml b/nuclei-templates/2023/CVE-2023-4423-5dfd39caa2a4a17a9d81b2bcb48fe7a9.yaml
index 26f50b4a5d..fee8e63333 100644
--- a/nuclei-templates/2023/CVE-2023-4423-5dfd39caa2a4a17a9d81b2bcb48fe7a9.yaml
+++ b/nuclei-templates/2023/CVE-2023-4423-5dfd39caa2a4a17a9d81b2bcb48fe7a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-event-manager/"
     google-query: inurl:"/wp-content/plugins/wp-event-manager/"
     shodan-query: 'vuln:CVE-2023-4423'
-  tags: cve,wordpress,wp-plugin,wp-event-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-event-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44230-584864f4cdfe17f88fd042ba6424f8ca.yaml b/nuclei-templates/2023/CVE-2023-44230-584864f4cdfe17f88fd042ba6424f8ca.yaml
index fbc2a52eb2..3ac1c2c8ce 100644
--- a/nuclei-templates/2023/CVE-2023-44230-584864f4cdfe17f88fd042ba6424f8ca.yaml
+++ b/nuclei-templates/2023/CVE-2023-44230-584864f4cdfe17f88fd042ba6424f8ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-contact-form/"
     google-query: inurl:"/wp-content/plugins/popup-contact-form/"
     shodan-query: 'vuln:CVE-2023-44230'
-  tags: cve,wordpress,wp-plugin,popup-contact-form,medium
+  tags: cve,wordpress,wp-plugin,popup-contact-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44234-87f838d84fa79999236dcd79f1342013.yaml b/nuclei-templates/2023/CVE-2023-44234-87f838d84fa79999236dcd79f1342013.yaml
index 3a055eac0a..a5c69c80cb 100644
--- a/nuclei-templates/2023/CVE-2023-44234-87f838d84fa79999236dcd79f1342013.yaml
+++ b/nuclei-templates/2023/CVE-2023-44234-87f838d84fa79999236dcd79f1342013.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP GPX Map <= 1.7.05 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP GPX Map plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpgpxmaps_dismiss_notice() function in versions up to, and including, 1.7.05. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss plugin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-gpx-maps/"
     google-query: inurl:"/wp-content/plugins/wp-gpx-maps/"
     shodan-query: 'vuln:CVE-2023-44234'
-  tags: cve,wordpress,wp-plugin,wp-gpx-maps,medium
+  tags: cve,wordpress,wp-plugin,wp-gpx-maps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44239-92ee681763fb9cdadb89c1275ea24df6.yaml b/nuclei-templates/2023/CVE-2023-44239-92ee681763fb9cdadb89c1275ea24df6.yaml
index 36d3d370da..3ef1184edf 100644
--- a/nuclei-templates/2023/CVE-2023-44239-92ee681763fb9cdadb89c1275ea24df6.yaml
+++ b/nuclei-templates/2023/CVE-2023-44239-92ee681763fb9cdadb89c1275ea24df6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WWM Social Share On Image Hover <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WWM Social Share On Image Hover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wwm-social-share-on-image-hover/"
     google-query: inurl:"/wp-content/plugins/wwm-social-share-on-image-hover/"
     shodan-query: 'vuln:CVE-2023-44239'
-  tags: cve,wordpress,wp-plugin,wwm-social-share-on-image-hover,medium
+  tags: cve,wordpress,wp-plugin,wwm-social-share-on-image-hover,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44242-c5c3a05f327c9f5ee9273cd2dd422a24.yaml b/nuclei-templates/2023/CVE-2023-44242-c5c3a05f327c9f5ee9273cd2dd422a24.yaml
index afeef07e2c..3e0e3cf027 100644
--- a/nuclei-templates/2023/CVE-2023-44242-c5c3a05f327c9f5ee9273cd2dd422a24.yaml
+++ b/nuclei-templates/2023/CVE-2023-44242-c5c3a05f327c9f5ee9273cd2dd422a24.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow, Image Slider by 2J <= 1.3.54 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/2j-slideshow/"
     google-query: inurl:"/wp-content/plugins/2j-slideshow/"
     shodan-query: 'vuln:CVE-2023-44242'
-  tags: cve,wordpress,wp-plugin,2j-slideshow,medium
+  tags: cve,wordpress,wp-plugin,2j-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44244-b1493cf8f77a9e357e523e1844c8f281.yaml b/nuclei-templates/2023/CVE-2023-44244-b1493cf8f77a9e357e523e1844c8f281.yaml
index 9a46d8980e..c3791c1385 100644
--- a/nuclei-templates/2023/CVE-2023-44244-b1493cf8f77a9e357e523e1844c8f281.yaml
+++ b/nuclei-templates/2023/CVE-2023-44244-b1493cf8f77a9e357e523e1844c8f281.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FooGallery <= 2.2.44 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The FooGallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' and 'extension' parameters in versions up to, and including, 2.2.44 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foogallery/"
     google-query: inurl:"/wp-content/plugins/foogallery/"
     shodan-query: 'vuln:CVE-2023-44244'
-  tags: cve,wordpress,wp-plugin,foogallery,high
+  tags: cve,wordpress,wp-plugin,foogallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44258-d4b2be233d46cfcba65da98993b34434.yaml b/nuclei-templates/2023/CVE-2023-44258-d4b2be233d46cfcba65da98993b34434.yaml
index 39cb98335f..0d53785d62 100644
--- a/nuclei-templates/2023/CVE-2023-44258-d4b2be233d46cfcba65da98993b34434.yaml
+++ b/nuclei-templates/2023/CVE-2023-44258-d4b2be233d46cfcba65da98993b34434.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schema App Structured Data <= 1.22.3 - Missing Authorization via page_init
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the page_init function in versions up to, and including, 1.22.3. This makes it possible for unauthenticated attackers to delete the plugin's transients.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/schema-app-structured-data-for-schemaorg/"
     google-query: inurl:"/wp-content/plugins/schema-app-structured-data-for-schemaorg/"
     shodan-query: 'vuln:CVE-2023-44258'
-  tags: cve,wordpress,wp-plugin,schema-app-structured-data-for-schemaorg,medium
+  tags: cve,wordpress,wp-plugin,schema-app-structured-data-for-schemaorg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44262-3d078edbe634b7f5d57ec87a78fa8d02.yaml b/nuclei-templates/2023/CVE-2023-44262-3d078edbe634b7f5d57ec87a78fa8d02.yaml
index 53e53c0ae6..9326fe655a 100644
--- a/nuclei-templates/2023/CVE-2023-44262-3d078edbe634b7f5d57ec87a78fa8d02.yaml
+++ b/nuclei-templates/2023/CVE-2023-44262-3d078edbe634b7f5d57ec87a78fa8d02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blocks <= 1.6.42 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.6.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blocks/"
     google-query: inurl:"/wp-content/plugins/blocks/"
     shodan-query: 'vuln:CVE-2023-44262'
-  tags: cve,wordpress,wp-plugin,blocks,medium
+  tags: cve,wordpress,wp-plugin,blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44263-6685df96c78b040fc19a70ee58d84842.yaml b/nuclei-templates/2023/CVE-2023-44263-6685df96c78b040fc19a70ee58d84842.yaml
index a86ba7a328..2f2457d207 100644
--- a/nuclei-templates/2023/CVE-2023-44263-6685df96c78b040fc19a70ee58d84842.yaml
+++ b/nuclei-templates/2023/CVE-2023-44263-6685df96c78b040fc19a70ee58d84842.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Metrics <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Metrics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-metrics/"
     google-query: inurl:"/wp-content/plugins/social-metrics/"
     shodan-query: 'vuln:CVE-2023-44263'
-  tags: cve,wordpress,wp-plugin,social-metrics,medium
+  tags: cve,wordpress,wp-plugin,social-metrics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44264-19cdc4c29e421f2a623449d500d3da59.yaml b/nuclei-templates/2023/CVE-2023-44264-19cdc4c29e421f2a623449d500d3da59.yaml
index 77f5ca1236..86825541c6 100644
--- a/nuclei-templates/2023/CVE-2023-44264-19cdc4c29e421f2a623449d500d3da59.yaml
+++ b/nuclei-templates/2023/CVE-2023-44264-19cdc4c29e421f2a623449d500d3da59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Awesome Feed – Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Awesome Feed – Custom Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-facebook-feed/"
     google-query: inurl:"/wp-content/plugins/wp-facebook-feed/"
     shodan-query: 'vuln:CVE-2023-44264'
-  tags: cve,wordpress,wp-plugin,wp-facebook-feed,medium
+  tags: cve,wordpress,wp-plugin,wp-facebook-feed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44265-3c0e91d24d36a9cd6d874ce52fecf15c.yaml b/nuclei-templates/2023/CVE-2023-44265-3c0e91d24d36a9cd6d874ce52fecf15c.yaml
index 07fe1318ee..aec93c1202 100644
--- a/nuclei-templates/2023/CVE-2023-44265-3c0e91d24d36a9cd6d874ce52fecf15c.yaml
+++ b/nuclei-templates/2023/CVE-2023-44265-3c0e91d24d36a9cd6d874ce52fecf15c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including,  7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-contact-form/"
     google-query: inurl:"/wp-content/plugins/popup-contact-form/"
     shodan-query: 'vuln:CVE-2023-44265'
-  tags: cve,wordpress,wp-plugin,popup-contact-form,medium
+  tags: cve,wordpress,wp-plugin,popup-contact-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44266-01ec13470a183f703d9497a5409e83a8.yaml b/nuclei-templates/2023/CVE-2023-44266-01ec13470a183f703d9497a5409e83a8.yaml
index 1c82477aed..509a25d651 100644
--- a/nuclei-templates/2023/CVE-2023-44266-01ec13470a183f703d9497a5409e83a8.yaml
+++ b/nuclei-templates/2023/CVE-2023-44266-01ec13470a183f703d9497a5409e83a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Adminify <= 3.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Adminify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adminify/"
     google-query: inurl:"/wp-content/plugins/adminify/"
     shodan-query: 'vuln:CVE-2023-44266'
-  tags: cve,wordpress,wp-plugin,adminify,medium
+  tags: cve,wordpress,wp-plugin,adminify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44472-90e033d103f597ab6ef613db20a319e8.yaml b/nuclei-templates/2023/CVE-2023-44472-90e033d103f597ab6ef613db20a319e8.yaml
index 7b8dd4386a..a53774dfeb 100644
--- a/nuclei-templates/2023/CVE-2023-44472-90e033d103f597ab6ef613db20a319e8.yaml
+++ b/nuclei-templates/2023/CVE-2023-44472-90e033d103f597ab6ef613db20a319e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unyson <= 2.7.28 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Unyson plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions in versions up to, and including, 2.7.28. This makes it possible for authenticated attackers, with subscriber-level access and above, to  perform unauthorized actions such as dismissing notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unyson/"
     google-query: inurl:"/wp-content/plugins/unyson/"
     shodan-query: 'vuln:CVE-2023-44472'
-  tags: cve,wordpress,wp-plugin,unyson,medium
+  tags: cve,wordpress,wp-plugin,unyson,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44477-6e286583f72963c211e1187360769087.yaml b/nuclei-templates/2023/CVE-2023-44477-6e286583f72963c211e1187360769087.yaml
index e239760e9b..55e71b600b 100644
--- a/nuclei-templates/2023/CVE-2023-44477-6e286583f72963c211e1187360769087.yaml
+++ b/nuclei-templates/2023/CVE-2023-44477-6e286583f72963c211e1187360769087.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cooked <= 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cooked plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cooked/"
     google-query: inurl:"/wp-content/plugins/cooked/"
     shodan-query: 'vuln:CVE-2023-44477'
-  tags: cve,wordpress,wp-plugin,cooked,medium
+  tags: cve,wordpress,wp-plugin,cooked,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44478-0a2ecbcc02c5fdd93dc20fd7c66c9f62.yaml b/nuclei-templates/2023/CVE-2023-44478-0a2ecbcc02c5fdd93dc20fd7c66c9f62.yaml
index 8aaf90802b..f6ee95b790 100644
--- a/nuclei-templates/2023/CVE-2023-44478-0a2ecbcc02c5fdd93dc20fd7c66c9f62.yaml
+++ b/nuclei-templates/2023/CVE-2023-44478-0a2ecbcc02c5fdd93dc20fd7c66c9f62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Events Rich Snippets for Google plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8. This is due to missing or incorrect nonce validation on the handleEventSettings() function. This makes it possible for unauthenticated attackers to update arbitrary options which can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rich-snippets-vevents/"
     google-query: inurl:"/wp-content/plugins/rich-snippets-vevents/"
     shodan-query: 'vuln:CVE-2023-44478'
-  tags: cve,wordpress,wp-plugin,rich-snippets-vevents,high
+  tags: cve,wordpress,wp-plugin,rich-snippets-vevents,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44479-9a1755a05c804d6305bb91e5146a62c4.yaml b/nuclei-templates/2023/CVE-2023-44479-9a1755a05c804d6305bb91e5146a62c4.yaml
index ea1aafbe93..d98ace4b9d 100644
--- a/nuclei-templates/2023/CVE-2023-44479-9a1755a05c804d6305bb91e5146a62c4.yaml
+++ b/nuclei-templates/2023/CVE-2023-44479-9a1755a05c804d6305bb91e5146a62c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Jump Menu <= 3.6.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Jump Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-jump-menu/"
     google-query: inurl:"/wp-content/plugins/wp-jump-menu/"
     shodan-query: 'vuln:CVE-2023-44479'
-  tags: cve,wordpress,wp-plugin,wp-jump-menu,medium
+  tags: cve,wordpress,wp-plugin,wp-jump-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4460-3e6fcba7da4eb2d07480c9678c589c91.yaml b/nuclei-templates/2023/CVE-2023-4460-3e6fcba7da4eb2d07480c9678c589c91.yaml
index 5cf9c300f2..fb634653f5 100644
--- a/nuclei-templates/2023/CVE-2023-4460-3e6fcba7da4eb2d07480c9678c589c91.yaml
+++ b/nuclei-templates/2023/CVE-2023-4460-3e6fcba7da4eb2d07480c9678c589c91.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uploading SVG, WEBP and ICO files <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Uploading SVG, WEBP and ICO files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG images in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uploading-svgwebp-and-ico-files/"
     google-query: inurl:"/wp-content/plugins/uploading-svgwebp-and-ico-files/"
     shodan-query: 'vuln:CVE-2023-4460'
-  tags: cve,wordpress,wp-plugin,uploading-svgwebp-and-ico-files,medium
+  tags: cve,wordpress,wp-plugin,uploading-svgwebp-and-ico-files,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4469-be030cdf4529b191ea63fd886a20439f.yaml b/nuclei-templates/2023/CVE-2023-4469-be030cdf4529b191ea63fd886a20439f.yaml
index 83200e6b2a..13712d6507 100644
--- a/nuclei-templates/2023/CVE-2023-4469-be030cdf4529b191ea63fd886a20439f.yaml
+++ b/nuclei-templates/2023/CVE-2023-4469-be030cdf4529b191ea63fd886a20439f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-extra-fields/"
     google-query: inurl:"/wp-content/plugins/profile-extra-fields/"
     shodan-query: 'vuln:CVE-2023-4469'
-  tags: cve,wordpress,wp-plugin,profile-extra-fields,medium
+  tags: cve,wordpress,wp-plugin,profile-extra-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4482-9d2a99598a00b93d061f40c1f9bcc177.yaml b/nuclei-templates/2023/CVE-2023-4482-9d2a99598a00b93d061f40c1f9bcc177.yaml
index 4c57ccbbbd..4807e2319d 100644
--- a/nuclei-templates/2023/CVE-2023-4482-9d2a99598a00b93d061f40c1f9bcc177.yaml
+++ b/nuclei-templates/2023/CVE-2023-4482-9d2a99598a00b93d061f40c1f9bcc177.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Amazon Links <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via style
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amazon-auto-links/"
     google-query: inurl:"/wp-content/plugins/amazon-auto-links/"
     shodan-query: 'vuln:CVE-2023-4482'
-  tags: cve,wordpress,wp-plugin,amazon-auto-links,medium
+  tags: cve,wordpress,wp-plugin,amazon-auto-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44984-a8af060628ffa49f9121f24c1f544243.yaml b/nuclei-templates/2023/CVE-2023-44984-a8af060628ffa49f9121f24c1f544243.yaml
index 24acc34a78..17507ba5ad 100644
--- a/nuclei-templates/2023/CVE-2023-44984-a8af060628ffa49f9121f24c1f544243.yaml
+++ b/nuclei-templates/2023/CVE-2023-44984-a8af060628ffa49f9121f24c1f544243.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     bbp style pack <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The bbp style pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'display-top-users' shortcode in versions up to, and including, 5.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbp-style-pack/"
     google-query: inurl:"/wp-content/plugins/bbp-style-pack/"
     shodan-query: 'vuln:CVE-2023-44984'
-  tags: cve,wordpress,wp-plugin,bbp-style-pack,medium
+  tags: cve,wordpress,wp-plugin,bbp-style-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44985-848807325cc6df7207551325cd628ce9.yaml b/nuclei-templates/2023/CVE-2023-44985-848807325cc6df7207551325cd628ce9.yaml
index 0b45aadf61..514a4b7ce7 100644
--- a/nuclei-templates/2023/CVE-2023-44985-848807325cc6df7207551325cd628ce9.yaml
+++ b/nuclei-templates/2023/CVE-2023-44985-848807325cc6df7207551325cd628ce9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyMeet <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BuddyMeet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddymeet/"
     google-query: inurl:"/wp-content/plugins/buddymeet/"
     shodan-query: 'vuln:CVE-2023-44985'
-  tags: cve,wordpress,wp-plugin,buddymeet,medium
+  tags: cve,wordpress,wp-plugin,buddymeet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44986-af9a5eb02914599951c2e164f6765355.yaml b/nuclei-templates/2023/CVE-2023-44986-af9a5eb02914599951c2e164f6765355.yaml
index 3f68410db8..c7e1908032 100644
--- a/nuclei-templates/2023/CVE-2023-44986-af9a5eb02914599951c2e164f6765355.yaml
+++ b/nuclei-templates/2023/CVE-2023-44986-af9a5eb02914599951c2e164f6765355.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Abandoned Cart Lite for WooCommerce <= 5.15.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-abandoned-cart/"
     google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart/"
     shodan-query: 'vuln:CVE-2023-44986'
-  tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44987-a2f77566f40955cc7451f648aaec112c.yaml b/nuclei-templates/2023/CVE-2023-44987-a2f77566f40955cc7451f648aaec112c.yaml
index 3604f65c84..781aa6ea6a 100644
--- a/nuclei-templates/2023/CVE-2023-44987-a2f77566f40955cc7451f648aaec112c.yaml
+++ b/nuclei-templates/2023/CVE-2023-44987-a2f77566f40955cc7451f648aaec112c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Timely Booking Button <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Timely Booking Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/timely-booking-button/"
     google-query: inurl:"/wp-content/plugins/timely-booking-button/"
     shodan-query: 'vuln:CVE-2023-44987'
-  tags: cve,wordpress,wp-plugin,timely-booking-button,medium
+  tags: cve,wordpress,wp-plugin,timely-booking-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44988-5bdecbba58ada95bd7bc5fd2be57ef44.yaml b/nuclei-templates/2023/CVE-2023-44988-5bdecbba58ada95bd7bc5fd2be57ef44.yaml
index 2206ceb67b..695d29c3ed 100644
--- a/nuclei-templates/2023/CVE-2023-44988-5bdecbba58ada95bd7bc5fd2be57ef44.yaml
+++ b/nuclei-templates/2023/CVE-2023-44988-5bdecbba58ada95bd7bc5fd2be57ef44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Admin Interface <= 7.32 - Missing Authorization to Transients Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Custom Admin Interface plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_custom_admin_interface_delete_transients function in versions up to, and including, 7.32. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to delete plugin transients.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-admin-interface/"
     google-query: inurl:"/wp-content/plugins/wp-custom-admin-interface/"
     shodan-query: 'vuln:CVE-2023-44988'
-  tags: cve,wordpress,wp-plugin,wp-custom-admin-interface,medium
+  tags: cve,wordpress,wp-plugin,wp-custom-admin-interface,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-44990-10360815e5a20aeed5671b4b975451a1.yaml b/nuclei-templates/2023/CVE-2023-44990-10360815e5a20aeed5671b4b975451a1.yaml
index 4e4a094aa7..e99bfeddcb 100644
--- a/nuclei-templates/2023/CVE-2023-44990-10360815e5a20aeed5671b4b975451a1.yaml
+++ b/nuclei-templates/2023/CVE-2023-44990-10360815e5a20aeed5671b4b975451a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WOLF <= 1.0.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WOLF  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-editor/"
     google-query: inurl:"/wp-content/plugins/bulk-editor/"
     shodan-query: 'vuln:CVE-2023-44990'
-  tags: cve,wordpress,wp-plugin,bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,bulk-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4500-32b3fdbe7b7f22c46479a3e9393eb06a.yaml b/nuclei-templates/2023/CVE-2023-4500-32b3fdbe7b7f22c46479a3e9393eb06a.yaml
index c53ef8389f..40731eea34 100644
--- a/nuclei-templates/2023/CVE-2023-4500-32b3fdbe7b7f22c46479a3e9393eb06a.yaml
+++ b/nuclei-templates/2023/CVE-2023-4500-32b3fdbe7b7f22c46479a3e9393eb06a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order Tracking Pro <= 3.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers (admin or higher) to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/order-tracking/"
     google-query: inurl:"/wp-content/plugins/order-tracking/"
     shodan-query: 'vuln:CVE-2023-4500'
-  tags: cve,wordpress,wp-plugin,order-tracking,medium
+  tags: cve,wordpress,wp-plugin,order-tracking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45000-0436bd17a7ce2057f085dec6812cf1d3.yaml b/nuclei-templates/2023/CVE-2023-45000-0436bd17a7ce2057f085dec6812cf1d3.yaml
index b81e92e440..de5b2ba67e 100644
--- a/nuclei-templates/2023/CVE-2023-45000-0436bd17a7ce2057f085dec6812cf1d3.yaml
+++ b/nuclei-templates/2023/CVE-2023-45000-0436bd17a7ce2057f085dec6812cf1d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LiteSpeed Cache <= 5.7 - Missing Authorization via update_cdn_status
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LiteSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the 'update_cdn_status' function in versions up to, and including, 5.7. This makes it possible for unauthenticated attackers to modify the plugin's CDN status.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/litespeed-cache/"
     google-query: inurl:"/wp-content/plugins/litespeed-cache/"
     shodan-query: 'vuln:CVE-2023-45000'
-  tags: cve,wordpress,wp-plugin,litespeed-cache,medium
+  tags: cve,wordpress,wp-plugin,litespeed-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45001-80f967b027a6da96dccfd0c385ae1ac0.yaml b/nuclei-templates/2023/CVE-2023-45001-80f967b027a6da96dccfd0c385ae1ac0.yaml
index 1cedd50e5c..f408cbc854 100644
--- a/nuclei-templates/2023/CVE-2023-45001-80f967b027a6da96dccfd0c385ae1ac0.yaml
+++ b/nuclei-templates/2023/CVE-2023-45001-80f967b027a6da96dccfd0c385ae1ac0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seriously Simple Stats <= 1.5.0 - Authenticated (Podcast manager+) SQL Injection via order_by
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Seriously Simple Stats plugin for WordPress is vulnerable to SQL Injection via the order_by parameter in versions up to, and including, 1.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with podcast manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seriously-simple-stats/"
     google-query: inurl:"/wp-content/plugins/seriously-simple-stats/"
     shodan-query: 'vuln:CVE-2023-45001'
-  tags: cve,wordpress,wp-plugin,seriously-simple-stats,high
+  tags: cve,wordpress,wp-plugin,seriously-simple-stats,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45002-009b7c3c01cbc1b8e5b1583fe598205f.yaml b/nuclei-templates/2023/CVE-2023-45002-009b7c3c01cbc1b8e5b1583fe598205f.yaml
index e205f2d207..fe70f27d88 100644
--- a/nuclei-templates/2023/CVE-2023-45002-009b7c3c01cbc1b8e5b1583fe598205f.yaml
+++ b/nuclei-templates/2023/CVE-2023-45002-009b7c3c01cbc1b8e5b1583fe598205f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Frontend <= 3.6.8 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP User Frontend plugin for WordPress is vulnerable to unauthorized functionality use due to a missing capability check on several functions corresponding to AJAX actions in versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to install some plugins, delete user packages, list taxonomies, dismiss promotional offers, and review notices, and preview forms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-frontend/"
     google-query: inurl:"/wp-content/plugins/wp-user-frontend/"
     shodan-query: 'vuln:CVE-2023-45002'
-  tags: cve,wordpress,wp-plugin,wp-user-frontend,medium
+  tags: cve,wordpress,wp-plugin,wp-user-frontend,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45008-2958b08ce41d2a089d276808ef68e4bc.yaml b/nuclei-templates/2023/CVE-2023-45008-2958b08ce41d2a089d276808ef68e4bc.yaml
index 5e505292ae..56acbfa6be 100644
--- a/nuclei-templates/2023/CVE-2023-45008-2958b08ce41d2a089d276808ef68e4bc.yaml
+++ b/nuclei-templates/2023/CVE-2023-45008-2958b08ce41d2a089d276808ef68e4bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comment Reply Email <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Comment Reply Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting settings in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comment-reply-email/"
     google-query: inurl:"/wp-content/plugins/comment-reply-email/"
     shodan-query: 'vuln:CVE-2023-45008'
-  tags: cve,wordpress,wp-plugin,comment-reply-email,medium
+  tags: cve,wordpress,wp-plugin,comment-reply-email,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45010-036ea79db83fe96391d5364e9f6a5d01.yaml b/nuclei-templates/2023/CVE-2023-45010-036ea79db83fe96391d5364e9f6a5d01.yaml
index b8bcf6eb80..5d5d275250 100644
--- a/nuclei-templates/2023/CVE-2023-45010-036ea79db83fe96391d5364e9f6a5d01.yaml
+++ b/nuclei-templates/2023/CVE-2023-45010-036ea79db83fe96391d5364e9f6a5d01.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Complete Open Graph <= 3.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Complete Open Graph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/complete-open-graph/"
     google-query: inurl:"/wp-content/plugins/complete-open-graph/"
     shodan-query: 'vuln:CVE-2023-45010'
-  tags: cve,wordpress,wp-plugin,complete-open-graph,medium
+  tags: cve,wordpress,wp-plugin,complete-open-graph,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4502-5ebef968ecfba23771708b1d7c8b6112.yaml b/nuclei-templates/2023/CVE-2023-4502-5ebef968ecfba23771708b1d7c8b6112.yaml
index 043d1addf8..89c8271383 100644
--- a/nuclei-templates/2023/CVE-2023-4502-5ebef968ecfba23771708b1d7c8b6112.yaml
+++ b/nuclei-templates/2023/CVE-2023-4502-5ebef968ecfba23771708b1d7c8b6112.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GTranslate <= 3.0.3 - Authenticated (Administrator+) Cross-Site Scripting via Multiple Parameters
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GTranslate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fincl_langs', 'incl_langs' and 'alt_flags' parameters in versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.  This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gtranslate/"
     google-query: inurl:"/wp-content/plugins/gtranslate/"
     shodan-query: 'vuln:CVE-2023-4502'
-  tags: cve,wordpress,wp-plugin,gtranslate,medium
+  tags: cve,wordpress,wp-plugin,gtranslate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45045-23aac587b81f89d6096ca89681943380.yaml b/nuclei-templates/2023/CVE-2023-45045-23aac587b81f89d6096ca89681943380.yaml
index e1e4d57277..efa30d64f1 100644
--- a/nuclei-templates/2023/CVE-2023-45045-23aac587b81f89d6096ca89681943380.yaml
+++ b/nuclei-templates/2023/CVE-2023-45045-23aac587b81f89d6096ca89681943380.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Widget area <= 1.2.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Custom Widget area plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions corresponding to AJAX actions in versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of functionality intended for users with higher privileges. This can lead to the deletion and modification of widgets and menus created using the plugin. CVE-2023-6066 may be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-widget-area/"
     google-query: inurl:"/wp-content/plugins/wp-custom-widget-area/"
     shodan-query: 'vuln:CVE-2023-45045'
-  tags: cve,wordpress,wp-plugin,wp-custom-widget-area,medium
+  tags: cve,wordpress,wp-plugin,wp-custom-widget-area,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45046-86e875acdb3922f4740414dff44b0215.yaml b/nuclei-templates/2023/CVE-2023-45046-86e875acdb3922f4740414dff44b0215.yaml
index 48e0801081..8269a72ae3 100644
--- a/nuclei-templates/2023/CVE-2023-45046-86e875acdb3922f4740414dff44b0215.yaml
+++ b/nuclei-templates/2023/CVE-2023-45046-86e875acdb3922f4740414dff44b0215.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pressference Exporter <= 1.0.3 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Pressference Exporter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pressference-exporter/"
     google-query: inurl:"/wp-content/plugins/pressference-exporter/"
     shodan-query: 'vuln:CVE-2023-45046'
-  tags: cve,wordpress,wp-plugin,pressference-exporter,high
+  tags: cve,wordpress,wp-plugin,pressference-exporter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45049-803fd151825baa056b93685e93955a54.yaml b/nuclei-templates/2023/CVE-2023-45049-803fd151825baa056b93685e93955a54.yaml
index df44585cac..a9f5f73f77 100644
--- a/nuclei-templates/2023/CVE-2023-45049-803fd151825baa056b93685e93955a54.yaml
+++ b/nuclei-templates/2023/CVE-2023-45049-803fd151825baa056b93685e93955a54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YouTube Playlist Player <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YouTube Playlist Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-playlist-player/"
     google-query: inurl:"/wp-content/plugins/youtube-playlist-player/"
     shodan-query: 'vuln:CVE-2023-45049'
-  tags: cve,wordpress,wp-plugin,youtube-playlist-player,medium
+  tags: cve,wordpress,wp-plugin,youtube-playlist-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45050-9fc3c2f298b108af257176fa3092141b.yaml b/nuclei-templates/2023/CVE-2023-45050-9fc3c2f298b108af257176fa3092141b.yaml
index 555dbeb22c..70e5b631c6 100644
--- a/nuclei-templates/2023/CVE-2023-45050-9fc3c2f298b108af257176fa3092141b.yaml
+++ b/nuclei-templates/2023/CVE-2023-45050-9fc3c2f298b108af257176fa3092141b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack <= 12.8-a.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jetpack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attribute in versions up to, and including, 12.8-a.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetpack/"
     google-query: inurl:"/wp-content/plugins/jetpack/"
     shodan-query: 'vuln:CVE-2023-45050'
-  tags: cve,wordpress,wp-plugin,jetpack,medium
+  tags: cve,wordpress,wp-plugin,jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45051-7348256da9fa27f63ea541c99917352a.yaml b/nuclei-templates/2023/CVE-2023-45051-7348256da9fa27f63ea541c99917352a.yaml
index 5ac1f3dfa7..67a933f904 100644
--- a/nuclei-templates/2023/CVE-2023-45051-7348256da9fa27f63ea541c99917352a.yaml
+++ b/nuclei-templates/2023/CVE-2023-45051-7348256da9fa27f63ea541c99917352a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image vertical reel scroll slideshow <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-vertical-reel-scroll-slideshow/"
     google-query: inurl:"/wp-content/plugins/image-vertical-reel-scroll-slideshow/"
     shodan-query: 'vuln:CVE-2023-45051'
-  tags: cve,wordpress,wp-plugin,image-vertical-reel-scroll-slideshow,medium
+  tags: cve,wordpress,wp-plugin,image-vertical-reel-scroll-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45053-0eba82d1fba78dd21145988eca694adc.yaml b/nuclei-templates/2023/CVE-2023-45053-0eba82d1fba78dd21145988eca694adc.yaml
index ec3dca272c..5d8a36be32 100644
--- a/nuclei-templates/2023/CVE-2023-45053-0eba82d1fba78dd21145988eca694adc.yaml
+++ b/nuclei-templates/2023/CVE-2023-45053-0eba82d1fba78dd21145988eca694adc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Content Pilot – Autoblogging & Affiliate Marketing Plugin <= 1.3.3 - Authenticated (Contributor+) Content Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Content Pilot plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 1.3.3. This vulnerability makes it possible for authenticated attackers, with contributor access or higher to inject new content onto the website, possibly through the manipulation of posts to create new web pages, spam, or phishing.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-content-pilot/"
     google-query: inurl:"/wp-content/plugins/wp-content-pilot/"
     shodan-query: 'vuln:CVE-2023-45053'
-  tags: cve,wordpress,wp-plugin,wp-content-pilot,medium
+  tags: cve,wordpress,wp-plugin,wp-content-pilot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45055-8b6490d616c3b0afd9a25ca2623da6a2.yaml b/nuclei-templates/2023/CVE-2023-45055-8b6490d616c3b0afd9a25ca2623da6a2.yaml
index 54e5ab3a7c..852cb27e43 100644
--- a/nuclei-templates/2023/CVE-2023-45055-8b6490d616c3b0afd9a25ca2623da6a2.yaml
+++ b/nuclei-templates/2023/CVE-2023-45055-8b6490d616c3b0afd9a25ca2623da6a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MStore API <= 4.0.6 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MStore API plugin for WordPress is vulnerable to SQL Injection via the $name and $search variables in versions up to, and including, 4.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mstore-api/"
     google-query: inurl:"/wp-content/plugins/mstore-api/"
     shodan-query: 'vuln:CVE-2023-45055'
-  tags: cve,wordpress,wp-plugin,mstore-api,high
+  tags: cve,wordpress,wp-plugin,mstore-api,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45056-d517a1f1b39fbb25ce31405c236e39dc.yaml b/nuclei-templates/2023/CVE-2023-45056-d517a1f1b39fbb25ce31405c236e39dc.yaml
index 9a312d8b1d..c461df3639 100644
--- a/nuclei-templates/2023/CVE-2023-45056-d517a1f1b39fbb25ce31405c236e39dc.yaml
+++ b/nuclei-templates/2023/CVE-2023-45056-d517a1f1b39fbb25ce31405c236e39dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Open User Map | Everybody can add locations <= 1.3.26 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Open User Map | Everybody can add locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/open-user-map/"
     google-query: inurl:"/wp-content/plugins/open-user-map/"
     shodan-query: 'vuln:CVE-2023-45056'
-  tags: cve,wordpress,wp-plugin,open-user-map,medium
+  tags: cve,wordpress,wp-plugin,open-user-map,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45057-c0963c297f9f408e178419f30ee7e022.yaml b/nuclei-templates/2023/CVE-2023-45057-c0963c297f9f408e178419f30ee7e022.yaml
index f9844db3c9..7fb2deb4b4 100644
--- a/nuclei-templates/2023/CVE-2023-45057-c0963c297f9f408e178419f30ee7e022.yaml
+++ b/nuclei-templates/2023/CVE-2023-45057-c0963c297f9f408e178419f30ee7e022.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hitsteps Web Analytics <= 5.86 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hitsteps Web Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hitsteps-visitor-manager/"
     google-query: inurl:"/wp-content/plugins/hitsteps-visitor-manager/"
     shodan-query: 'vuln:CVE-2023-45057'
-  tags: cve,wordpress,wp-plugin,hitsteps-visitor-manager,medium
+  tags: cve,wordpress,wp-plugin,hitsteps-visitor-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45059-f295e8a8427ef02d3b3be1982f4ae5fa.yaml b/nuclei-templates/2023/CVE-2023-45059-f295e8a8427ef02d3b3be1982f4ae5fa.yaml
index 001d40d49b..1d05b433b1 100644
--- a/nuclei-templates/2023/CVE-2023-45059-f295e8a8427ef02d3b3be1982f4ae5fa.yaml
+++ b/nuclei-templates/2023/CVE-2023-45059-f295e8a8427ef02d3b3be1982f4ae5fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gumroad <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gumroad plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gumroad/"
     google-query: inurl:"/wp-content/plugins/gumroad/"
     shodan-query: 'vuln:CVE-2023-45059'
-  tags: cve,wordpress,wp-plugin,gumroad,medium
+  tags: cve,wordpress,wp-plugin,gumroad,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45067-be653a8d2bee2421f88f0e6d66ccc0f3.yaml b/nuclei-templates/2023/CVE-2023-45067-be653a8d2bee2421f88f0e6d66ccc0f3.yaml
index 587322cb37..8e6a4ff538 100644
--- a/nuclei-templates/2023/CVE-2023-45067-be653a8d2bee2421f88f0e6d66ccc0f3.yaml
+++ b/nuclei-templates/2023/CVE-2023-45067-be653a8d2bee2421f88f0e6d66ccc0f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Simple HTML Sitemap <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Simple HTML Sitemap plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-simple-html-sitemap/"
     google-query: inurl:"/wp-content/plugins/wp-simple-html-sitemap/"
     shodan-query: 'vuln:CVE-2023-45067'
-  tags: cve,wordpress,wp-plugin,wp-simple-html-sitemap,medium
+  tags: cve,wordpress,wp-plugin,wp-simple-html-sitemap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45069-ff831311ec70debdd240fd0dff910b29.yaml b/nuclei-templates/2023/CVE-2023-45069-ff831311ec70debdd240fd0dff910b29.yaml
index f755fbc0d7..da90c195d0 100644
--- a/nuclei-templates/2023/CVE-2023-45069-ff831311ec70debdd240fd0dff910b29.yaml
+++ b/nuclei-templates/2023/CVE-2023-45069-ff831311ec70debdd240fd0dff910b29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Gallery – YouTube Gallery <= 2.1.4 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Video Gallery – YouTube Gallery plugin for WordPress is vulnerable to SQL Injection via 's' and 'orderby' in versions up to, and including, 2.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-videos/"
     google-query: inurl:"/wp-content/plugins/gallery-videos/"
     shodan-query: 'vuln:CVE-2023-45069'
-  tags: cve,wordpress,wp-plugin,gallery-videos,high
+  tags: cve,wordpress,wp-plugin,gallery-videos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45072-feb8c11c4ef0641488804a4e83e4b8c9.yaml b/nuclei-templates/2023/CVE-2023-45072-feb8c11c4ef0641488804a4e83e4b8c9.yaml
index aa21d5917b..e4145cc46a 100644
--- a/nuclei-templates/2023/CVE-2023-45072-feb8c11c4ef0641488804a4e83e4b8c9.yaml
+++ b/nuclei-templates/2023/CVE-2023-45072-feb8c11c4ef0641488804a4e83e4b8c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order auto complete for WooCommerce <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Order auto complete for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/order-auto-complete-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/order-auto-complete-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-45072'
-  tags: cve,wordpress,wp-plugin,order-auto-complete-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,order-auto-complete-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45073-9cb69a500db940ecfdbb3ba869c26c38.yaml b/nuclei-templates/2023/CVE-2023-45073-9cb69a500db940ecfdbb3ba869c26c38.yaml
index 0bee656b90..34c7dabe80 100644
--- a/nuclei-templates/2023/CVE-2023-45073-9cb69a500db940ecfdbb3ba869c26c38.yaml
+++ b/nuclei-templates/2023/CVE-2023-45073-9cb69a500db940ecfdbb3ba869c26c38.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mendeley <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mendeley plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mendeleyplugin/"
     google-query: inurl:"/wp-content/plugins/mendeleyplugin/"
     shodan-query: 'vuln:CVE-2023-45073'
-  tags: cve,wordpress,wp-plugin,mendeleyplugin,medium
+  tags: cve,wordpress,wp-plugin,mendeleyplugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45074-9c6b12242aa8d580a35fa22bad685fff.yaml b/nuclei-templates/2023/CVE-2023-45074-9c6b12242aa8d580a35fa22bad685fff.yaml
index 99f158812f..4f5118082c 100644
--- a/nuclei-templates/2023/CVE-2023-45074-9c6b12242aa8d580a35fa22bad685fff.yaml
+++ b/nuclei-templates/2023/CVE-2023-45074-9c6b12242aa8d580a35fa22bad685fff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Page Visit Counter <= 7.1.1 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Advanced Page Visit Counter plugin for WordPress is vulnerable toSQL Injection in versions up to, and including, 7.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-page-visit-counter/"
     google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/"
     shodan-query: 'vuln:CVE-2023-45074'
-  tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,high
+  tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45101-72807f145d4d787ee0d78e0f3adf0196.yaml b/nuclei-templates/2023/CVE-2023-45101-72807f145d4d787ee0d78e0f3adf0196.yaml
index c5840f096d..03cd8af511 100644
--- a/nuclei-templates/2023/CVE-2023-45101-72807f145d4d787ee0d78e0f3adf0196.yaml
+++ b/nuclei-templates/2023/CVE-2023-45101-72807f145d4d787ee0d78e0f3adf0196.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization in Reviews Exporter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the check_progress and cancel_export functions in versions up to, and including, 5.36.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to check the progress of or cancel a reviews export.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-reviews-woocommerce/"
     google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/"
     shodan-query: 'vuln:CVE-2023-45101'
-  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45110-d090aa5f37413bd2a82801bde518653e.yaml b/nuclei-templates/2023/CVE-2023-45110-d090aa5f37413bd2a82801bde518653e.yaml
index 2c7d2e6452..c977f0e62c 100644
--- a/nuclei-templates/2023/CVE-2023-45110-d090aa5f37413bd2a82801bde518653e.yaml
+++ b/nuclei-templates/2023/CVE-2023-45110-d090aa5f37413bd2a82801bde518653e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Timeline Lite <= 1.1.9 - Missing Authorization to Admin Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bold Timeline Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a logic error on the bold_timeline_wpdocs_this_screen function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss a plugin notice intended for administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-timeline-lite/"
     google-query: inurl:"/wp-content/plugins/bold-timeline-lite/"
     shodan-query: 'vuln:CVE-2023-45110'
-  tags: cve,wordpress,wp-plugin,bold-timeline-lite,medium
+  tags: cve,wordpress,wp-plugin,bold-timeline-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4514-d3e919ff7a9e64072ba58c94844a6e21.yaml b/nuclei-templates/2023/CVE-2023-4514-d3e919ff7a9e64072ba58c94844a6e21.yaml
index 58dee7b290..a7b90408c4 100644
--- a/nuclei-templates/2023/CVE-2023-4514-d3e919ff7a9e64072ba58c94844a6e21.yaml
+++ b/nuclei-templates/2023/CVE-2023-4514-d3e919ff7a9e64072ba58c94844a6e21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mmm Simple File List <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mmm Simple File List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mmm-file-list/"
     google-query: inurl:"/wp-content/plugins/mmm-file-list/"
     shodan-query: 'vuln:CVE-2023-4514'
-  tags: cve,wordpress,wp-plugin,mmm-file-list,medium
+  tags: cve,wordpress,wp-plugin,mmm-file-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4520-4f8b60559007de9693d6bd6dbd7b9937.yaml b/nuclei-templates/2023/CVE-2023-4520-4f8b60559007de9693d6bd6dbd7b9937.yaml
index 5ee67bf720..15ef221300 100644
--- a/nuclei-templates/2023/CVE-2023-4520-4f8b60559007de9693d6bd6dbd7b9937.yaml
+++ b/nuclei-templates/2023/CVE-2023-4520-4f8b60559007de9693d6bd6dbd7b9937.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and makes it possible to update the user metas arbitrarily, but the meta value can only be a string.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:CVE-2023-4520'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45271-1a920eb903d024c035ef8c5bd825169f.yaml b/nuclei-templates/2023/CVE-2023-45271-1a920eb903d024c035ef8c5bd825169f.yaml
index c3e343a668..3866816395 100644
--- a/nuclei-templates/2023/CVE-2023-45271-1a920eb903d024c035ef8c5bd825169f.yaml
+++ b/nuclei-templates/2023/CVE-2023-45271-1a920eb903d024c035ef8c5bd825169f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProductX – Gutenberg WooCommerce Blocks <= 2.7.8 - Missing Authorization via option_data_save
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ProductX – Gutenberg WooCommerce Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the option_data_save function in versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-blocks/"
     google-query: inurl:"/wp-content/plugins/product-blocks/"
     shodan-query: 'vuln:CVE-2023-45271'
-  tags: cve,wordpress,wp-plugin,product-blocks,medium
+  tags: cve,wordpress,wp-plugin,product-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45272-beb09afd16c7dbf0c14aa5a401d0f673.yaml b/nuclei-templates/2023/CVE-2023-45272-beb09afd16c7dbf0c14aa5a401d0f673.yaml
index 7732faf7ad..8e12571c6e 100644
--- a/nuclei-templates/2023/CVE-2023-45272-beb09afd16c7dbf0c14aa5a401d0f673.yaml
+++ b/nuclei-templates/2023/CVE-2023-45272-beb09afd16c7dbf0c14aa5a401d0f673.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10Web Map Builder for Google Maps <= 1.0.73 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 10Web Map Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gmwd_bp_install_notice_status function in versions up to, and including, 1.0.73. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to dismiss installation notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wd-google-maps/"
     google-query: inurl:"/wp-content/plugins/wd-google-maps/"
     shodan-query: 'vuln:CVE-2023-45272'
-  tags: cve,wordpress,wp-plugin,wd-google-maps,medium
+  tags: cve,wordpress,wp-plugin,wd-google-maps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45275-b8ab2dfdf20e4fafe82ff439f5e1b3cf.yaml b/nuclei-templates/2023/CVE-2023-45275-b8ab2dfdf20e4fafe82ff439f5e1b3cf.yaml
index b9847ca732..10967b7fff 100644
--- a/nuclei-templates/2023/CVE-2023-45275-b8ab2dfdf20e4fafe82ff439f5e1b3cf.yaml
+++ b/nuclei-templates/2023/CVE-2023-45275-b8ab2dfdf20e4fafe82ff439f5e1b3cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form builder with drag & drop - Kali Forms <= 2.3.28 - Missing Authorization via get_log
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form builder with drag & drop - Kali Forms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_log function in versions up to, and including, 2.3.28. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the submission log.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kali-forms/"
     google-query: inurl:"/wp-content/plugins/kali-forms/"
     shodan-query: 'vuln:CVE-2023-45275'
-  tags: cve,wordpress,wp-plugin,kali-forms,medium
+  tags: cve,wordpress,wp-plugin,kali-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4536-decd0181d7e39da44fe0e5d9af5455c7.yaml b/nuclei-templates/2023/CVE-2023-4536-decd0181d7e39da44fe0e5d9af5455c7.yaml
index b61b0692b2..19754d269a 100644
--- a/nuclei-templates/2023/CVE-2023-4536-decd0181d7e39da44fe0e5d9af5455c7.yaml
+++ b/nuclei-templates/2023/CVE-2023-4536-decd0181d7e39da44fe0e5d9af5455c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The My Account Page Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on profile picture uploads in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-account-page-editor/"
     google-query: inurl:"/wp-content/plugins/my-account-page-editor/"
     shodan-query: 'vuln:CVE-2023-4536'
-  tags: cve,wordpress,wp-plugin,my-account-page-editor,high
+  tags: cve,wordpress,wp-plugin,my-account-page-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45604-c4a2060e848f8147ede668274113eb5f.yaml b/nuclei-templates/2023/CVE-2023-45604-c4a2060e848f8147ede668274113eb5f.yaml
index b024f3fdc7..6f516f96a7 100644
--- a/nuclei-templates/2023/CVE-2023-45604-c4a2060e848f8147ede668274113eb5f.yaml
+++ b/nuclei-templates/2023/CVE-2023-45604-c4a2060e848f8147ede668274113eb5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Get Custom Field Values <= 4.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Get Custom Field Values plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin widget in versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/get-custom-field-values/"
     google-query: inurl:"/wp-content/plugins/get-custom-field-values/"
     shodan-query: 'vuln:CVE-2023-45604'
-  tags: cve,wordpress,wp-plugin,get-custom-field-values,medium
+  tags: cve,wordpress,wp-plugin,get-custom-field-values,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45607-93d2bfa4a5e5debcba57e4ef188367d5.yaml b/nuclei-templates/2023/CVE-2023-45607-93d2bfa4a5e5debcba57e4ef188367d5.yaml
index 82cab0227b..e4df104ed0 100644
--- a/nuclei-templates/2023/CVE-2023-45607-93d2bfa4a5e5debcba57e4ef188367d5.yaml
+++ b/nuclei-templates/2023/CVE-2023-45607-93d2bfa4a5e5debcba57e4ef188367d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Popular Posts <= 6.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Popular Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 6.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-popular-posts/"
     google-query: inurl:"/wp-content/plugins/wordpress-popular-posts/"
     shodan-query: 'vuln:CVE-2023-45607'
-  tags: cve,wordpress,wp-plugin,wordpress-popular-posts,medium
+  tags: cve,wordpress,wp-plugin,wordpress-popular-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45608-66eed7c58e1298fa04981c6c1b2ea3cc.yaml b/nuclei-templates/2023/CVE-2023-45608-66eed7c58e1298fa04981c6c1b2ea3cc.yaml
index 8817c032ee..0abb02a521 100644
--- a/nuclei-templates/2023/CVE-2023-45608-66eed7c58e1298fa04981c6c1b2ea3cc.yaml
+++ b/nuclei-templates/2023/CVE-2023-45608-66eed7c58e1298fa04981c6c1b2ea3cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Cookie Kit <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart Cookie Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied 'class' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-cookie-kit/"
     google-query: inurl:"/wp-content/plugins/smart-cookie-kit/"
     shodan-query: 'vuln:CVE-2023-45608'
-  tags: cve,wordpress,wp-plugin,smart-cookie-kit,medium
+  tags: cve,wordpress,wp-plugin,smart-cookie-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45609-788f2a7e634374198c6c99e174e2830a.yaml b/nuclei-templates/2023/CVE-2023-45609-788f2a7e634374198c6c99e174e2830a.yaml
index 9f30142c0f..ce8b284aa3 100644
--- a/nuclei-templates/2023/CVE-2023-45609-788f2a7e634374198c6c99e174e2830a.yaml
+++ b/nuclei-templates/2023/CVE-2023-45609-788f2a7e634374198c6c99e174e2830a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Powr Pack <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form – Custom Builder, Payment Form, and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this appears to be a duplicate of CVE-2023-5741
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powr-pack/"
     google-query: inurl:"/wp-content/plugins/powr-pack/"
     shodan-query: 'vuln:CVE-2023-45609'
-  tags: cve,wordpress,wp-plugin,powr-pack,medium
+  tags: cve,wordpress,wp-plugin,powr-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45628-95716c495ba3e1d4d76a3b64760b338f.yaml b/nuclei-templates/2023/CVE-2023-45628-95716c495ba3e1d4d76a3b64760b338f.yaml
index 4ff025fb39..9d77d2bac4 100644
--- a/nuclei-templates/2023/CVE-2023-45628-95716c495ba3e1d4d76a3b64760b338f.yaml
+++ b/nuclei-templates/2023/CVE-2023-45628-95716c495ba3e1d4d76a3b64760b338f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     QR Twitter Widget <= 0.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The QR Twitter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 0.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qr-twitter-widget/"
     google-query: inurl:"/wp-content/plugins/qr-twitter-widget/"
     shodan-query: 'vuln:CVE-2023-45628'
-  tags: cve,wordpress,wp-plugin,qr-twitter-widget,medium
+  tags: cve,wordpress,wp-plugin,qr-twitter-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45630-f65c67e968e15596bef3448601bb7b39.yaml b/nuclei-templates/2023/CVE-2023-45630-f65c67e968e15596bef3448601bb7b39.yaml
index 51ec928823..d579a1ecb7 100644
--- a/nuclei-templates/2023/CVE-2023-45630-f65c67e968e15596bef3448601bb7b39.yaml
+++ b/nuclei-templates/2023/CVE-2023-45630-f65c67e968e15596bef3448601bb7b39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-album/"
     google-query: inurl:"/wp-content/plugins/gallery-album/"
     shodan-query: 'vuln:CVE-2023-45630'
-  tags: cve,wordpress,wp-plugin,gallery-album,medium
+  tags: cve,wordpress,wp-plugin,gallery-album,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45631-63e26d4ba1974966e333b4b151a2c5df.yaml b/nuclei-templates/2023/CVE-2023-45631-63e26d4ba1974966e333b4b151a2c5df.yaml
index 83b1ab440c..fd2af9c66d 100644
--- a/nuclei-templates/2023/CVE-2023-45631-63e26d4ba1974966e333b4b151a2c5df.yaml
+++ b/nuclei-templates/2023/CVE-2023-45631-63e26d4ba1974966e333b4b151a2c5df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Image Gallery, Gallery Album <= 2.0.3 - Missing Authorization via Multiple AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to e.g. create galleries, delete galleries, rename albums, delete albums, and more.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-album/"
     google-query: inurl:"/wp-content/plugins/gallery-album/"
     shodan-query: 'vuln:CVE-2023-45631'
-  tags: cve,wordpress,wp-plugin,gallery-album,medium
+  tags: cve,wordpress,wp-plugin,gallery-album,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45633-828d5e38dbe1047738a24a003f9a3134.yaml b/nuclei-templates/2023/CVE-2023-45633-828d5e38dbe1047738a24a003f9a3134.yaml
index 78c3811142..c6467f9f26 100644
--- a/nuclei-templates/2023/CVE-2023-45633-828d5e38dbe1047738a24a003f9a3134.yaml
+++ b/nuclei-templates/2023/CVE-2023-45633-828d5e38dbe1047738a24a003f9a3134.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IMPress Listings <= 2.6.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The IMPress Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-listings/"
     google-query: inurl:"/wp-content/plugins/wp-listings/"
     shodan-query: 'vuln:CVE-2023-45633'
-  tags: cve,wordpress,wp-plugin,wp-listings,medium
+  tags: cve,wordpress,wp-plugin,wp-listings,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45635-dd8a374519ab8fd8464df00ba9945d8b.yaml b/nuclei-templates/2023/CVE-2023-45635-dd8a374519ab8fd8464df00ba9945d8b.yaml
index 2b3284b340..c50aeafab9 100644
--- a/nuclei-templates/2023/CVE-2023-45635-dd8a374519ab8fd8464df00ba9945d8b.yaml
+++ b/nuclei-templates/2023/CVE-2023-45635-dd8a374519ab8fd8464df00ba9945d8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Tabs < 4.0.6 - Authenticated (Contributor+) Content Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Tabs plugin for WordPress is vulnerable to Arbitrary Content Injection in versions prior to 4.0.6. This vulnerability makes it possible for authenticated attackers, with contributor-level permissions and above, to inject new content onto the website, possibly through the manipulation of posts to create new web pages, spam, or phishing.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-tabs/"
     google-query: inurl:"/wp-content/plugins/responsive-tabs/"
     shodan-query: 'vuln:CVE-2023-45635'
-  tags: cve,wordpress,wp-plugin,responsive-tabs,medium
+  tags: cve,wordpress,wp-plugin,responsive-tabs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45636-f9b95c5df8218e5c27a0db54debfd7c6.yaml b/nuclei-templates/2023/CVE-2023-45636-f9b95c5df8218e5c27a0db54debfd7c6.yaml
index e84af98ead..2c1533f6c0 100644
--- a/nuclei-templates/2023/CVE-2023-45636-f9b95c5df8218e5c27a0db54debfd7c6.yaml
+++ b/nuclei-templates/2023/CVE-2023-45636-f9b95c5df8218e5c27a0db54debfd7c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Backup & Migration <= 1.4.1 - Missing Authorization to Settings and Schedule Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_save_settings and save_schedule functions in versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify plugin settings or the cron schedule.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-migration-duplicator/"
     google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/"
     shodan-query: 'vuln:CVE-2023-45636'
-  tags: cve,wordpress,wp-plugin,wp-migration-duplicator,medium
+  tags: cve,wordpress,wp-plugin,wp-migration-duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45640-44f7bceac9641de69745cf2de93af035.yaml b/nuclei-templates/2023/CVE-2023-45640-44f7bceac9641de69745cf2de93af035.yaml
index d649844173..e6a41f1c4a 100644
--- a/nuclei-templates/2023/CVE-2023-45640-44f7bceac9641de69745cf2de93af035.yaml
+++ b/nuclei-templates/2023/CVE-2023-45640-44f7bceac9641de69745cf2de93af035.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ULike <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ulike/"
     google-query: inurl:"/wp-content/plugins/wp-ulike/"
     shodan-query: 'vuln:CVE-2023-45640'
-  tags: cve,wordpress,wp-plugin,wp-ulike,medium
+  tags: cve,wordpress,wp-plugin,wp-ulike,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45644-62cbd308ef66719516de2026de43669c.yaml b/nuclei-templates/2023/CVE-2023-45644-62cbd308ef66719516de2026de43669c.yaml
index a54301ce9e..273748223d 100644
--- a/nuclei-templates/2023/CVE-2023-45644-62cbd308ef66719516de2026de43669c.yaml
+++ b/nuclei-templates/2023/CVE-2023-45644-62cbd308ef66719516de2026de43669c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CPT Shortcode Generator <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CPT Shortcode Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cpt-shortcode/"
     google-query: inurl:"/wp-content/plugins/cpt-shortcode/"
     shodan-query: 'vuln:CVE-2023-45644'
-  tags: cve,wordpress,wp-plugin,cpt-shortcode,medium
+  tags: cve,wordpress,wp-plugin,cpt-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45646-d7c844e32ca0ede6715df38694de53b3.yaml b/nuclei-templates/2023/CVE-2023-45646-d7c844e32ca0ede6715df38694de53b3.yaml
index 8ea4fc8882..3c486a5fe9 100644
--- a/nuclei-templates/2023/CVE-2023-45646-d7c844e32ca0ede6715df38694de53b3.yaml
+++ b/nuclei-templates/2023/CVE-2023-45646-d7c844e32ca0ede6715df38694de53b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PDF Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-block/"
     google-query: inurl:"/wp-content/plugins/pdf-block/"
     shodan-query: 'vuln:CVE-2023-45646'
-  tags: cve,wordpress,wp-plugin,pdf-block,medium
+  tags: cve,wordpress,wp-plugin,pdf-block,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45652-894688b32a41816c9ef521e84f097274.yaml b/nuclei-templates/2023/CVE-2023-45652-894688b32a41816c9ef521e84f097274.yaml
index a47dbd5205..905d3a6453 100644
--- a/nuclei-templates/2023/CVE-2023-45652-894688b32a41816c9ef521e84f097274.yaml
+++ b/nuclei-templates/2023/CVE-2023-45652-894688b32a41816c9ef521e84f097274.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Remote Content Shortcode plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5 via the plugin's shortcode. This allows authenticated attackers with contributor-level privileges and above to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/remote-content-shortcode/"
     google-query: inurl:"/wp-content/plugins/remote-content-shortcode/"
     shodan-query: 'vuln:CVE-2023-45652'
-  tags: cve,wordpress,wp-plugin,remote-content-shortcode,medium
+  tags: cve,wordpress,wp-plugin,remote-content-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45657-fad17491d46d93aa052a2c5d2ff91e1e.yaml b/nuclei-templates/2023/CVE-2023-45657-fad17491d46d93aa052a2c5d2ff91e1e.yaml
index 211afe812a..8811e52f11 100644
--- a/nuclei-templates/2023/CVE-2023-45657-fad17491d46d93aa052a2c5d2ff91e1e.yaml
+++ b/nuclei-templates/2023/CVE-2023-45657-fad17491d46d93aa052a2c5d2ff91e1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nexter <= 2.0.3 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Nexter theme for WordPress is vulnerable to  SQL Injection via the 'to' and 'from' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of valid preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/nexter/"
     google-query: inurl:"/wp-content/themes/nexter/"
     shodan-query: 'vuln:CVE-2023-45657'
-  tags: cve,wordpress,wp-theme,nexter,high
+  tags: cve,wordpress,wp-theme,nexter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45658-4671c56fe35cfb879a2471b3343a30c7.yaml b/nuclei-templates/2023/CVE-2023-45658-4671c56fe35cfb879a2471b3343a30c7.yaml
index d5974af7e0..3e76791820 100644
--- a/nuclei-templates/2023/CVE-2023-45658-4671c56fe35cfb879a2471b3343a30c7.yaml
+++ b/nuclei-templates/2023/CVE-2023-45658-4671c56fe35cfb879a2471b3343a30c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nexter <= 2.0.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Nexter theme for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions such as nexter_extra_ext_active_ajax, nexter_extra_ext_deactivate_ajax, nexter_ext_wp_replace_url_settings_ajax, nexter_ext_wp_duplicate_post_settings_ajax, nexter_ext_save_data_ajax, and more in versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate posts, modify settings, and more.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/nexter/"
     google-query: inurl:"/wp-content/themes/nexter/"
     shodan-query: 'vuln:CVE-2023-45658'
-  tags: cve,wordpress,wp-theme,nexter,medium
+  tags: cve,wordpress,wp-theme,nexter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45747-9d391b643840d9b9d7ead6e546f2d7b1.yaml b/nuclei-templates/2023/CVE-2023-45747-9d391b643840d9b9d7ead6e546f2d7b1.yaml
index 24a7f93a99..91759fe943 100644
--- a/nuclei-templates/2023/CVE-2023-45747-9d391b643840d9b9d7ead6e546f2d7b1.yaml
+++ b/nuclei-templates/2023/CVE-2023-45747-9d391b643840d9b9d7ead6e546f2d7b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Lightbox 2 <= 3.0.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 3.0.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-lightbox-2/"
     google-query: inurl:"/wp-content/plugins/wp-lightbox-2/"
     shodan-query: 'vuln:CVE-2023-45747'
-  tags: cve,wordpress,wp-plugin,wp-lightbox-2,medium
+  tags: cve,wordpress,wp-plugin,wp-lightbox-2,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45751-45f2df14510cef20714306c6b2b6f810.yaml b/nuclei-templates/2023/CVE-2023-45751-45f2df14510cef20714306c6b2b6f810.yaml
index 9873314f34..6f2d7a7e23 100644
--- a/nuclei-templates/2023/CVE-2023-45751-45f2df14510cef20714306c6b2b6f810.yaml
+++ b/nuclei-templates/2023/CVE-2023-45751-45f2df14510cef20714306c6b2b6f810.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nexter Extension <= 2.0.3 - Authenticated(Editor+) Remote Code Execution via metabox
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Nexter Extension plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.3 via the nxt-code-php-snippet metabox. This allows authenticated attackers with editor-level privileges and above to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nexter-extension/"
     google-query: inurl:"/wp-content/plugins/nexter-extension/"
     shodan-query: 'vuln:CVE-2023-45751'
-  tags: cve,wordpress,wp-plugin,nexter-extension,high
+  tags: cve,wordpress,wp-plugin,nexter-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45754-95ad70daa5a42e22046c057a639de555.yaml b/nuclei-templates/2023/CVE-2023-45754-95ad70daa5a42e22046c057a639de555.yaml
index 796328ad45..ef0f5dd10d 100644
--- a/nuclei-templates/2023/CVE-2023-45754-95ad70daa5a42e22046c057a639de555.yaml
+++ b/nuclei-templates/2023/CVE-2023-45754-95ad70daa5a42e22046c057a639de555.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Testimonial Slider and Form <= 1.0.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Testimonial Slider and Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-testimonial-rotator/"
     google-query: inurl:"/wp-content/plugins/easy-testimonial-rotator/"
     shodan-query: 'vuln:CVE-2023-45754'
-  tags: cve,wordpress,wp-plugin,easy-testimonial-rotator,medium
+  tags: cve,wordpress,wp-plugin,easy-testimonial-rotator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45755-ed89c8160fc54a5150ed5e4f427981e4.yaml b/nuclei-templates/2023/CVE-2023-45755-ed89c8160fc54a5150ed5e4f427981e4.yaml
index d875138d5f..ea876fe2b5 100644
--- a/nuclei-templates/2023/CVE-2023-45755-ed89c8160fc54a5150ed5e4f427981e4.yaml
+++ b/nuclei-templates/2023/CVE-2023-45755-ed89c8160fc54a5150ed5e4f427981e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress Global Search <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BuddyPress Global Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-global-search/"
     google-query: inurl:"/wp-content/plugins/buddypress-global-search/"
     shodan-query: 'vuln:CVE-2023-45755'
-  tags: cve,wordpress,wp-plugin,buddypress-global-search,medium
+  tags: cve,wordpress,wp-plugin,buddypress-global-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45758-cd1cf1735f71561e3ab5315052ee03d0.yaml b/nuclei-templates/2023/CVE-2023-45758-cd1cf1735f71561e3ab5315052ee03d0.yaml
index 789099d4a1..98fe028113 100644
--- a/nuclei-templates/2023/CVE-2023-45758-cd1cf1735f71561e3ab5315052ee03d0.yaml
+++ b/nuclei-templates/2023/CVE-2023-45758-cd1cf1735f71561e3ab5315052ee03d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Amministrazione Trasparente <= 8.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 8.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amministrazione-trasparente/"
     google-query: inurl:"/wp-content/plugins/amministrazione-trasparente/"
     shodan-query: 'vuln:CVE-2023-45758'
-  tags: cve,wordpress,wp-plugin,amministrazione-trasparente,medium
+  tags: cve,wordpress,wp-plugin,amministrazione-trasparente,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45760-b26f381c9f7354f3462011430c6f3516.yaml b/nuclei-templates/2023/CVE-2023-45760-b26f381c9f7354f3462011430c6f3516.yaml
index 6edeab1ebc..49f614bcef 100644
--- a/nuclei-templates/2023/CVE-2023-45760-b26f381c9f7354f3462011430c6f3516.yaml
+++ b/nuclei-templates/2023/CVE-2023-45760-b26f381c9f7354f3462011430c6f3516.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDiscuz <= 7.6.3 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wpDiscuz plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on functions corresponding to AJAX actions in versions up to, and including, 7.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to view user stats and perform other actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdiscuz/"
     google-query: inurl:"/wp-content/plugins/wpdiscuz/"
     shodan-query: 'vuln:CVE-2023-45760'
-  tags: cve,wordpress,wp-plugin,wpdiscuz,medium
+  tags: cve,wordpress,wp-plugin,wpdiscuz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45764-4634b65a3b88602069115a32b9310bb1.yaml b/nuclei-templates/2023/CVE-2023-45764-4634b65a3b88602069115a32b9310bb1.yaml
index e38497c17e..8006da09e6 100644
--- a/nuclei-templates/2023/CVE-2023-45764-4634b65a3b88602069115a32b9310bb1.yaml
+++ b/nuclei-templates/2023/CVE-2023-45764-4634b65a3b88602069115a32b9310bb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scroll post excerpt <= 8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Scroll post excerpt plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scroll-post-excerpt/"
     google-query: inurl:"/wp-content/plugins/scroll-post-excerpt/"
     shodan-query: 'vuln:CVE-2023-45764'
-  tags: cve,wordpress,wp-plugin,scroll-post-excerpt,medium
+  tags: cve,wordpress,wp-plugin,scroll-post-excerpt,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45765-028f2396fc3224cdf799828543a80de4.yaml b/nuclei-templates/2023/CVE-2023-45765-028f2396fc3224cdf799828543a80de4.yaml
index 4ea5fbc448..6002b61ee3 100644
--- a/nuclei-templates/2023/CVE-2023-45765-028f2396fc3224cdf799828543a80de4.yaml
+++ b/nuclei-templates/2023/CVE-2023-45765-028f2396fc3224cdf799828543a80de4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ERP <= 1.12.6 - Missing Authorization via admin notice dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP ERP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple admin notice dismissal function in versions up to, and including, 1.12.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss admin notifications.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erp/"
     google-query: inurl:"/wp-content/plugins/erp/"
     shodan-query: 'vuln:CVE-2023-45765'
-  tags: cve,wordpress,wp-plugin,erp,medium
+  tags: cve,wordpress,wp-plugin,erp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45766-b01ef863c43e07a65402f06b0d7b0757.yaml b/nuclei-templates/2023/CVE-2023-45766-b01ef863c43e07a65402f06b0d7b0757.yaml
index 8031b7000e..bd53a5bf00 100644
--- a/nuclei-templates/2023/CVE-2023-45766-b01ef863c43e07a65402f06b0d7b0757.yaml
+++ b/nuclei-templates/2023/CVE-2023-45766-b01ef863c43e07a65402f06b0d7b0757.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poll Maker <= 4.7.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Poll Maker plugin for WordPress is vulnerable to unauthorized access of data or functionality due to a missing capability check on one of its functions in all versions up to, and including, 4.7.1. This makes it possible for unauthenticated attackers to make use of this function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/poll-maker/"
     google-query: inurl:"/wp-content/plugins/poll-maker/"
     shodan-query: 'vuln:CVE-2023-45766'
-  tags: cve,wordpress,wp-plugin,poll-maker,medium
+  tags: cve,wordpress,wp-plugin,poll-maker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45767-27310a1dc2397e2cac54db00506a62d4.yaml b/nuclei-templates/2023/CVE-2023-45767-27310a1dc2397e2cac54db00506a62d4.yaml
index 49c7fe6e01..9ccde36b06 100644
--- a/nuclei-templates/2023/CVE-2023-45767-27310a1dc2397e2cac54db00506a62d4.yaml
+++ b/nuclei-templates/2023/CVE-2023-45767-27310a1dc2397e2cac54db00506a62d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Tweet <= 1.4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-tweet/"
     google-query: inurl:"/wp-content/plugins/simple-tweet/"
     shodan-query: 'vuln:CVE-2023-45767'
-  tags: cve,wordpress,wp-plugin,simple-tweet,medium
+  tags: cve,wordpress,wp-plugin,simple-tweet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45768-cd42ea5f361eb592a86690da9944867b.yaml b/nuclei-templates/2023/CVE-2023-45768-cd42ea5f361eb592a86690da9944867b.yaml
index 6cd4b2b3b0..9b3295da6c 100644
--- a/nuclei-templates/2023/CVE-2023-45768-cd42ea5f361eb592a86690da9944867b.yaml
+++ b/nuclei-templates/2023/CVE-2023-45768-cd42ea5f361eb592a86690da9944867b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Next Page <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Next Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/next-page/"
     google-query: inurl:"/wp-content/plugins/next-page/"
     shodan-query: 'vuln:CVE-2023-45768'
-  tags: cve,wordpress,wp-plugin,next-page,medium
+  tags: cve,wordpress,wp-plugin,next-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45829-72d17698c8eeb0073ce356c8f5c5e968.yaml b/nuclei-templates/2023/CVE-2023-45829-72d17698c8eeb0073ce356c8f5c5e968.yaml
index 2b3fee19f3..d8b5a32e9d 100644
--- a/nuclei-templates/2023/CVE-2023-45829-72d17698c8eeb0073ce356c8f5c5e968.yaml
+++ b/nuclei-templates/2023/CVE-2023-45829-72d17698c8eeb0073ce356c8f5c5e968.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter & Bulk Email Sender <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Newsletter & Bulk Email Sender plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletter-bulk-email/"
     google-query: inurl:"/wp-content/plugins/newsletter-bulk-email/"
     shodan-query: 'vuln:CVE-2023-45829'
-  tags: cve,wordpress,wp-plugin,newsletter-bulk-email,medium
+  tags: cve,wordpress,wp-plugin,newsletter-bulk-email,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45830-2cc161db9aab9dca8c45963425559bbc.yaml b/nuclei-templates/2023/CVE-2023-45830-2cc161db9aab9dca8c45963425559bbc.yaml
index 6b325605b1..9be82bc8d6 100644
--- a/nuclei-templates/2023/CVE-2023-45830-2cc161db9aab9dca8c45963425559bbc.yaml
+++ b/nuclei-templates/2023/CVE-2023-45830-2cc161db9aab9dca8c45963425559bbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accessibility Suite by Online ADA <= 4.11 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Accessibility Suite by Online ADA plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/online-accessibility/"
     google-query: inurl:"/wp-content/plugins/online-accessibility/"
     shodan-query: 'vuln:CVE-2023-45830'
-  tags: cve,wordpress,wp-plugin,online-accessibility,critical
+  tags: cve,wordpress,wp-plugin,online-accessibility,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45832-352c9721f769a69dbdfdbca5d48088a2.yaml b/nuclei-templates/2023/CVE-2023-45832-352c9721f769a69dbdfdbca5d48088a2.yaml
index 54f38be857..52a5b6d043 100644
--- a/nuclei-templates/2023/CVE-2023-45832-352c9721f769a69dbdfdbca5d48088a2.yaml
+++ b/nuclei-templates/2023/CVE-2023-45832-352c9721f769a69dbdfdbca5d48088a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP GoToWebinar <= 14.45 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP GoToWebinar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 14.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-gotowebinar/"
     google-query: inurl:"/wp-content/plugins/wp-gotowebinar/"
     shodan-query: 'vuln:CVE-2023-45832'
-  tags: cve,wordpress,wp-plugin,wp-gotowebinar,medium
+  tags: cve,wordpress,wp-plugin,wp-gotowebinar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45833-8668394708fedca0791c9dce209e6c21.yaml b/nuclei-templates/2023/CVE-2023-45833-8668394708fedca0791c9dce209e6c21.yaml
index 2fa085c196..a88ff3dc7d 100644
--- a/nuclei-templates/2023/CVE-2023-45833-8668394708fedca0791c9dce209e6c21.yaml
+++ b/nuclei-templates/2023/CVE-2023-45833-8668394708fedca0791c9dce209e6c21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LeadSquared Suite <= 0.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LeadSquared Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leadsquared-suite/"
     google-query: inurl:"/wp-content/plugins/leadsquared-suite/"
     shodan-query: 'vuln:CVE-2023-45833'
-  tags: cve,wordpress,wp-plugin,leadsquared-suite,medium
+  tags: cve,wordpress,wp-plugin,leadsquared-suite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45835-04c216a7711f03f2d76acb6a4f7b0e8c.yaml b/nuclei-templates/2023/CVE-2023-45835-04c216a7711f03f2d76acb6a4f7b0e8c.yaml
index 3d4e2cbdd0..de6ae454af 100644
--- a/nuclei-templates/2023/CVE-2023-45835-04c216a7711f03f2d76acb6a4f7b0e8c.yaml
+++ b/nuclei-templates/2023/CVE-2023-45835-04c216a7711f03f2d76acb6a4f7b0e8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Libsyn Publisher Hub <= 1.4.4 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Libsyn Publisher Hub plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/libsyn-podcasting/"
     google-query: inurl:"/wp-content/plugins/libsyn-podcasting/"
     shodan-query: 'vuln:CVE-2023-45835'
-  tags: cve,wordpress,wp-plugin,libsyn-podcasting,medium
+  tags: cve,wordpress,wp-plugin,libsyn-podcasting,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-45837-b8296fd7e9d3d8c36b36cd4afd336fd3.yaml b/nuclei-templates/2023/CVE-2023-45837-b8296fd7e9d3d8c36b36cd4afd336fd3.yaml
index eb2e877020..8dfb694da2 100644
--- a/nuclei-templates/2023/CVE-2023-45837-b8296fd7e9d3d8c36b36cd4afd336fd3.yaml
+++ b/nuclei-templates/2023/CVE-2023-45837-b8296fd7e9d3d8c36b36cd4afd336fd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Taxonomy Manager <= 2.0 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Taxonomy Manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-taxonomy-manager/"
     google-query: inurl:"/wp-content/plugins/ultimate-taxonomy-manager/"
     shodan-query: 'vuln:CVE-2023-45837'
-  tags: cve,wordpress,wp-plugin,ultimate-taxonomy-manager,medium
+  tags: cve,wordpress,wp-plugin,ultimate-taxonomy-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4597-64166b21a8975f062b52f4886bce7163.yaml b/nuclei-templates/2023/CVE-2023-4597-64166b21a8975f062b52f4886bce7163.yaml
index fe60a1d6e5..8254a512ef 100644
--- a/nuclei-templates/2023/CVE-2023-4597-64166b21a8975f062b52f4886bce7163.yaml
+++ b/nuclei-templates/2023/CVE-2023-4597-64166b21a8975f062b52f4886bce7163.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2023-4597'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,medium
+  tags: cve,wordpress,wp-plugin,wp-slimstat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4598-49bd4bae2777384dde2f9b06bf68d410.yaml b/nuclei-templates/2023/CVE-2023-4598-49bd4bae2777384dde2f9b06bf68d410.yaml
index e030633f41..74cce6a08e 100644
--- a/nuclei-templates/2023/CVE-2023-4598-49bd4bae2777384dde2f9b06bf68d410.yaml
+++ b/nuclei-templates/2023/CVE-2023-4598-49bd4bae2777384dde2f9b06bf68d410.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2023-4598'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,high
+  tags: cve,wordpress,wp-plugin,wp-slimstat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4599-9c882237ff7863bee4225b027eaf1086.yaml b/nuclei-templates/2023/CVE-2023-4599-9c882237ff7863bee4225b027eaf1086.yaml
index 7c1b560409..93036f2b7c 100644
--- a/nuclei-templates/2023/CVE-2023-4599-9c882237ff7863bee4225b027eaf1086.yaml
+++ b/nuclei-templates/2023/CVE-2023-4599-9c882237ff7863bee4225b027eaf1086.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Encoder <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Email Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was issued in version 2.1.8. The vulnerability was fully patched in 2.1.9.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-encoder-bundle/"
     google-query: inurl:"/wp-content/plugins/email-encoder-bundle/"
     shodan-query: 'vuln:CVE-2023-4599'
-  tags: cve,wordpress,wp-plugin,email-encoder-bundle,medium
+  tags: cve,wordpress,wp-plugin,email-encoder-bundle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4600-9d0741a170ac5d20bebb10f83abadeaa.yaml b/nuclei-templates/2023/CVE-2023-4600-9d0741a170ac5d20bebb10f83abadeaa.yaml
index eabb7a7581..3ebaf0db87 100644
--- a/nuclei-templates/2023/CVE-2023-4600-9d0741a170ac5d20bebb10f83abadeaa.yaml
+++ b/nuclei-templates/2023/CVE-2023-4600-9d0741a170ac5d20bebb10f83abadeaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AffiliateWP <= 2.14.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/AffiliateWP/"
     google-query: inurl:"/wp-content/plugins/AffiliateWP/"
     shodan-query: 'vuln:CVE-2023-4600'
-  tags: cve,wordpress,wp-plugin,AffiliateWP,medium
+  tags: cve,wordpress,wp-plugin,AffiliateWP,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46066-b53850514eba837c1bf2ca4cf00a35b7.yaml b/nuclei-templates/2023/CVE-2023-46066-b53850514eba837c1bf2ca4cf00a35b7.yaml
index 8cb1eeebf9..e8abadf5f3 100644
--- a/nuclei-templates/2023/CVE-2023-46066-b53850514eba837c1bf2ca4cf00a35b7.yaml
+++ b/nuclei-templates/2023/CVE-2023-46066-b53850514eba837c1bf2ca4cf00a35b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mediabay <= 1.6 - Authenticated (Editor+) Stored Cross-Site Scripting Vulnerability
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mediabay – Media Library Folders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mediabay-lite/"
     google-query: inurl:"/wp-content/plugins/mediabay-lite/"
     shodan-query: 'vuln:CVE-2023-46066'
-  tags: cve,wordpress,wp-plugin,mediabay-lite,medium
+  tags: cve,wordpress,wp-plugin,mediabay-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46068-4589a6370d5dbea689df46df9c5577a1.yaml b/nuclei-templates/2023/CVE-2023-46068-4589a6370d5dbea689df46df9c5577a1.yaml
index 1eae4c0716..70ae5e4b5b 100644
--- a/nuclei-templates/2023/CVE-2023-46068-4589a6370d5dbea689df46df9c5577a1.yaml
+++ b/nuclei-templates/2023/CVE-2023-46068-4589a6370d5dbea689df46df9c5577a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Maileon <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Maileon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.16.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xqueue-maileon/"
     google-query: inurl:"/wp-content/plugins/xqueue-maileon/"
     shodan-query: 'vuln:CVE-2023-46068'
-  tags: cve,wordpress,wp-plugin,xqueue-maileon,medium
+  tags: cve,wordpress,wp-plugin,xqueue-maileon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46069-2689d661f3ccd51f254bc58895e1f11d.yaml b/nuclei-templates/2023/CVE-2023-46069-2689d661f3ccd51f254bc58895e1f11d.yaml
index e0da885a13..821a522c85 100644
--- a/nuclei-templates/2023/CVE-2023-46069-2689d661f3ccd51f254bc58895e1f11d.yaml
+++ b/nuclei-templates/2023/CVE-2023-46069-2689d661f3ccd51f254bc58895e1f11d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ajax Archive Calendar <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ajax Archive Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-archive-calendar/"
     google-query: inurl:"/wp-content/plugins/ajax-archive-calendar/"
     shodan-query: 'vuln:CVE-2023-46069'
-  tags: cve,wordpress,wp-plugin,ajax-archive-calendar,medium
+  tags: cve,wordpress,wp-plugin,ajax-archive-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46079-c4ac8ff1dfd268623baae850718c4ab2.yaml b/nuclei-templates/2023/CVE-2023-46079-c4ac8ff1dfd268623baae850718c4ab2.yaml
index 13edd8b793..f8aef294a9 100644
--- a/nuclei-templates/2023/CVE-2023-46079-c4ac8ff1dfd268623baae850718c4ab2.yaml
+++ b/nuclei-templates/2023/CVE-2023-46079-c4ac8ff1dfd268623baae850718c4ab2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ashe Extra <= 1.2.9 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ashe Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in the ashe-extra.php file in versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate companion plugins and import content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ashe-extra/"
     google-query: inurl:"/wp-content/plugins/ashe-extra/"
     shodan-query: 'vuln:CVE-2023-46079'
-  tags: cve,wordpress,wp-plugin,ashe-extra,medium
+  tags: cve,wordpress,wp-plugin,ashe-extra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46080-5543057e7022cfec9b8ae11fa6f72d5e.yaml b/nuclei-templates/2023/CVE-2023-46080-5543057e7022cfec9b8ae11fa6f72d5e.yaml
index 33c0337c5d..1c666f1f83 100644
--- a/nuclei-templates/2023/CVE-2023-46080-5543057e7022cfec9b8ae11fa6f72d5e.yaml
+++ b/nuclei-templates/2023/CVE-2023-46080-5543057e7022cfec9b8ae11fa6f72d5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ApplyOnline – Application Form Builder and Manager <= 2.5.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access due to a missing or improper capability check on an unknown function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/apply-online/"
     google-query: inurl:"/wp-content/plugins/apply-online/"
     shodan-query: 'vuln:CVE-2023-46080'
-  tags: cve,wordpress,wp-plugin,apply-online,medium
+  tags: cve,wordpress,wp-plugin,apply-online,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46082-ae16dab4cf6e57b86cebb9a4da6eafa8.yaml b/nuclei-templates/2023/CVE-2023-46082-ae16dab4cf6e57b86cebb9a4da6eafa8.yaml
index 7dc1f99075..444756ed3b 100644
--- a/nuclei-templates/2023/CVE-2023-46082-ae16dab4cf6e57b86cebb9a4da6eafa8.yaml
+++ b/nuclei-templates/2023/CVE-2023-46082-ae16dab4cf6e57b86cebb9a4da6eafa8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broken Link Checker | Finder <= 2.4.2 - Missing Authorization via moblc_auth_save_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Broken Link Checker | Finder plugin for WordPress is vulnerable to modification of data due to a missing capability check on the moblc_auth_save_settings function in versions up to, and including, 2.4.2. This makes it possible for unauthenticated attackers to dismiss admin notifications
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/broken-link-finder/"
     google-query: inurl:"/wp-content/plugins/broken-link-finder/"
     shodan-query: 'vuln:CVE-2023-46082'
-  tags: cve,wordpress,wp-plugin,broken-link-finder,medium
+  tags: cve,wordpress,wp-plugin,broken-link-finder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46083-7de52979e23084c59771c8210cf92e97.yaml b/nuclei-templates/2023/CVE-2023-46083-7de52979e23084c59771c8210cf92e97.yaml
index 5d86c599e5..34f21b715a 100644
--- a/nuclei-templates/2023/CVE-2023-46083-7de52979e23084c59771c8210cf92e97.yaml
+++ b/nuclei-templates/2023/CVE-2023-46083-7de52979e23084c59771c8210cf92e97.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form builder with drag & drop - Kali Forms <= 2.3.27 - Missing Authorization via Contact Form
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form builder with drag & drop - Kali Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the run_form_process_checks function in versions up to, and including, 2.3.27. This makes it possible for unauthenticated attackers to submit forms even when they are not currently published.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kali-forms/"
     google-query: inurl:"/wp-content/plugins/kali-forms/"
     shodan-query: 'vuln:CVE-2023-46083'
-  tags: cve,wordpress,wp-plugin,kali-forms,medium
+  tags: cve,wordpress,wp-plugin,kali-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46084-d61c42f727c04f01365911b7fc14a3d5.yaml b/nuclei-templates/2023/CVE-2023-46084-d61c42f727c04f01365911b7fc14a3d5.yaml
index be78890dc6..d7c8377bdf 100644
--- a/nuclei-templates/2023/CVE-2023-46084-d61c42f727c04f01365911b7fc14a3d5.yaml
+++ b/nuclei-templates/2023/CVE-2023-46084-d61c42f727c04f01365911b7fc14a3d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icons Font Loader <= 1.1.2 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Icons Font Loader plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 1.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icons-font-loader/"
     google-query: inurl:"/wp-content/plugins/icons-font-loader/"
     shodan-query: 'vuln:CVE-2023-46084'
-  tags: cve,wordpress,wp-plugin,icons-font-loader,high
+  tags: cve,wordpress,wp-plugin,icons-font-loader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46088-667e350f42b763781ac08f9d6c648e0b.yaml b/nuclei-templates/2023/CVE-2023-46088-667e350f42b763781ac08f9d6c648e0b.yaml
index a7f0b40c31..2a9a5866fd 100644
--- a/nuclei-templates/2023/CVE-2023-46088-667e350f42b763781ac08f9d6c648e0b.yaml
+++ b/nuclei-templates/2023/CVE-2023-46088-667e350f42b763781ac08f9d6c648e0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Full Stripe Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-full-stripe-free/"
     google-query: inurl:"/wp-content/plugins/wp-full-stripe-free/"
     shodan-query: 'vuln:CVE-2023-46088'
-  tags: cve,wordpress,wp-plugin,wp-full-stripe-free,medium
+  tags: cve,wordpress,wp-plugin,wp-full-stripe-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46091-44b23b8882e9805e87909dc573565952.yaml b/nuclei-templates/2023/CVE-2023-46091-44b23b8882e9805e87909dc573565952.yaml
index a90b1f4b53..73bda67a0f 100644
--- a/nuclei-templates/2023/CVE-2023-46091-44b23b8882e9805e87909dc573565952.yaml
+++ b/nuclei-templates/2023/CVE-2023-46091-44b23b8882e9805e87909dc573565952.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Category SEO Meta Tags <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Category SEO Meta Tags plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/category-seo-meta-tags/"
     google-query: inurl:"/wp-content/plugins/category-seo-meta-tags/"
     shodan-query: 'vuln:CVE-2023-46091'
-  tags: cve,wordpress,wp-plugin,category-seo-meta-tags,medium
+  tags: cve,wordpress,wp-plugin,category-seo-meta-tags,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46093-ed6d1649ba9976ebdf4a57c36e036026.yaml b/nuclei-templates/2023/CVE-2023-46093-ed6d1649ba9976ebdf4a57c36e036026.yaml
index 7eeeeb6967..c4d6dbb207 100644
--- a/nuclei-templates/2023/CVE-2023-46093-ed6d1649ba9976ebdf4a57c36e036026.yaml
+++ b/nuclei-templates/2023/CVE-2023-46093-ed6d1649ba9976ebdf4a57c36e036026.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Webmaster Tools <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Webmaster Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webmaster-tools/"
     google-query: inurl:"/wp-content/plugins/webmaster-tools/"
     shodan-query: 'vuln:CVE-2023-46093'
-  tags: cve,wordpress,wp-plugin,webmaster-tools,medium
+  tags: cve,wordpress,wp-plugin,webmaster-tools,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46146-e85a48bb53d03fe4f0288a0ec1595649.yaml b/nuclei-templates/2023/CVE-2023-46146-e85a48bb53d03fe4f0288a0ec1595649.yaml
index ee930c350f..9501b65af5 100644
--- a/nuclei-templates/2023/CVE-2023-46146-e85a48bb53d03fe4f0288a0ec1595649.yaml
+++ b/nuclei-templates/2023/CVE-2023-46146-e85a48bb53d03fe4f0288a0ec1595649.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Ultra <= 7.3.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Themify Ultra theme for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 7.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of this functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/themify-ultra/"
     google-query: inurl:"/wp-content/themes/themify-ultra/"
     shodan-query: 'vuln:CVE-2023-46146'
-  tags: cve,wordpress,wp-theme,themify-ultra,medium
+  tags: cve,wordpress,wp-theme,themify-ultra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46147-3d30a7e8f0b8f6bc4309468a15c7f314.yaml b/nuclei-templates/2023/CVE-2023-46147-3d30a7e8f0b8f6bc4309468a15c7f314.yaml
index d084d0d982..9e8107368a 100644
--- a/nuclei-templates/2023/CVE-2023-46147-3d30a7e8f0b8f6bc4309468a15c7f314.yaml
+++ b/nuclei-templates/2023/CVE-2023-46147-3d30a7e8f0b8f6bc4309468a15c7f314.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The themify-ultra theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.3.5 via deserialization of untrusted input. This makes it possible for authenticated attackers with subscriber access and above to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/themify-ultra/"
     google-query: inurl:"/wp-content/themes/themify-ultra/"
     shodan-query: 'vuln:CVE-2023-46147'
-  tags: cve,wordpress,wp-theme,themify-ultra,high
+  tags: cve,wordpress,wp-theme,themify-ultra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46148-f655e8b1894773f9d99ee26fcaeba800.yaml b/nuclei-templates/2023/CVE-2023-46148-f655e8b1894773f9d99ee26fcaeba800.yaml
index 13ee96187c..5fb6ed6b0e 100644
--- a/nuclei-templates/2023/CVE-2023-46148-f655e8b1894773f9d99ee26fcaeba800.yaml
+++ b/nuclei-templates/2023/CVE-2023-46148-f655e8b1894773f9d99ee26fcaeba800.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Ultra <= 7.3.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The themify-ultra theme for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on an unknown function in all versions up to, and including, 7.3.5. This makes it possible for authenticated attackers with subscriber access or higher to utilize this functionality intended for higher privileged users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/themify-ultra/"
     google-query: inurl:"/wp-content/themes/themify-ultra/"
     shodan-query: 'vuln:CVE-2023-46148'
-  tags: cve,wordpress,wp-theme,themify-ultra,medium
+  tags: cve,wordpress,wp-theme,themify-ultra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46149-c842576ba599cc503a47eb67c0e70851.yaml b/nuclei-templates/2023/CVE-2023-46149-c842576ba599cc503a47eb67c0e70851.yaml
index 4c0d9d75af..e14e30a0fc 100644
--- a/nuclei-templates/2023/CVE-2023-46149-c842576ba599cc503a47eb67c0e70851.yaml
+++ b/nuclei-templates/2023/CVE-2023-46149-c842576ba599cc503a47eb67c0e70851.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The themify-ultra theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in during a file upload in all versions up to, and including, 7.3.5. This makes it possible for authenticated attackers with subscriber access or higher to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/themify-ultra/"
     google-query: inurl:"/wp-content/themes/themify-ultra/"
     shodan-query: 'vuln:CVE-2023-46149'
-  tags: cve,wordpress,wp-theme,themify-ultra,high
+  tags: cve,wordpress,wp-theme,themify-ultra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46154-a6097b32439b60cacd59d47b3a1c8c61.yaml b/nuclei-templates/2023/CVE-2023-46154-a6097b32439b60cacd59d47b3a1c8c61.yaml
index e8c00b2d11..98571511c4 100644
--- a/nuclei-templates/2023/CVE-2023-46154-a6097b32439b60cacd59d47b3a1c8c61.yaml
+++ b/nuclei-templates/2023/CVE-2023-46154-a6097b32439b60cacd59d47b3a1c8c61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     E2Pdf <= 1.20.18 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The E2Pdf plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.20.18 via deserialization of untrusted input within the import_action and ajax_upload functions. This makes it possible for authenticated attackers, with administrative-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/e2pdf/"
     google-query: inurl:"/wp-content/plugins/e2pdf/"
     shodan-query: 'vuln:CVE-2023-46154'
-  tags: cve,wordpress,wp-plugin,e2pdf,high
+  tags: cve,wordpress,wp-plugin,e2pdf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46192-5f27ace6d76e064e4061fdf808767b2d.yaml b/nuclei-templates/2023/CVE-2023-46192-5f27ace6d76e064e4061fdf808767b2d.yaml
index a2d86867d5..4cc152a603 100644
--- a/nuclei-templates/2023/CVE-2023-46192-5f27ace6d76e064e4061fdf808767b2d.yaml
+++ b/nuclei-templates/2023/CVE-2023-46192-5f27ace6d76e064e4061fdf808767b2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Internal Link Building <= 1.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Internal Link Building plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/internal-link-building-plugin/"
     google-query: inurl:"/wp-content/plugins/internal-link-building-plugin/"
     shodan-query: 'vuln:CVE-2023-46192'
-  tags: cve,wordpress,wp-plugin,internal-link-building-plugin,medium
+  tags: cve,wordpress,wp-plugin,internal-link-building-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46195-8cd08637ffa8c2d1ca3b360f63505422.yaml b/nuclei-templates/2023/CVE-2023-46195-8cd08637ffa8c2d1ca3b360f63505422.yaml
index 077a79330e..1dbaf25ffc 100644
--- a/nuclei-templates/2023/CVE-2023-46195-8cd08637ffa8c2d1ca3b360f63505422.yaml
+++ b/nuclei-templates/2023/CVE-2023-46195-8cd08637ffa8c2d1ca3b360f63505422.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Headline Analyzer <= 1.3.1 - Missing Authorization via REST APIs
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Headline Analyzer plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions called via REST API endpoints in versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to retrieve and update headline post data as well as disconnect and connect an account for the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/headline-analyzer/"
     google-query: inurl:"/wp-content/plugins/headline-analyzer/"
     shodan-query: 'vuln:CVE-2023-46195'
-  tags: cve,wordpress,wp-plugin,headline-analyzer,medium
+  tags: cve,wordpress,wp-plugin,headline-analyzer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46196-109bcc0df2db9108727b125f1715f024.yaml b/nuclei-templates/2023/CVE-2023-46196-109bcc0df2db9108727b125f1715f024.yaml
index adfd3d5d16..ad2292ef75 100644
--- a/nuclei-templates/2023/CVE-2023-46196-109bcc0df2db9108727b125f1715f024.yaml
+++ b/nuclei-templates/2023/CVE-2023-46196-109bcc0df2db9108727b125f1715f024.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social proof testimonials and reviews by Repuso <= 4.97 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to unauthorized access of data due to missing capability checks on several functions hooked via AJAX actions in versions up to, and including, 4.97. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve information about the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-testimonials-and-reviews-widget/"
     google-query: inurl:"/wp-content/plugins/social-testimonials-and-reviews-widget/"
     shodan-query: 'vuln:CVE-2023-46196'
-  tags: cve,wordpress,wp-plugin,social-testimonials-and-reviews-widget,medium
+  tags: cve,wordpress,wp-plugin,social-testimonials-and-reviews-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46197-aaf49aa53f803817d024c6faf4d05d87.yaml b/nuclei-templates/2023/CVE-2023-46197-aaf49aa53f803817d024c6faf4d05d87.yaml
index fcc39e43e2..81e9277ac3 100644
--- a/nuclei-templates/2023/CVE-2023-46197-aaf49aa53f803817d024c6faf4d05d87.yaml
+++ b/nuclei-templates/2023/CVE-2023-46197-aaf49aa53f803817d024c6faf4d05d87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup by Supsystic <= 1.10.19 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup by Supsystic plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.19 via the getWpCsvList action. This makes it possible for authenticated attackers with subscriber level access or higher to extract sensitive data including subscriber email addresses. CVE-2023-51353 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/popup-by-supsystic/"
     shodan-query: 'vuln:CVE-2023-46197'
-  tags: cve,wordpress,wp-plugin,popup-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,popup-by-supsystic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46199-feb2ed9a776f1da5d8e1058653f64bda.yaml b/nuclei-templates/2023/CVE-2023-46199-feb2ed9a776f1da5d8e1058653f64bda.yaml
index 64dedfb612..5caf2be226 100644
--- a/nuclei-templates/2023/CVE-2023-46199-feb2ed9a776f1da5d8e1058653f64bda.yaml
+++ b/nuclei-templates/2023/CVE-2023-46199-feb2ed9a776f1da5d8e1058653f64bda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Triberr <= 4.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Triberr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/triberr-wordpress-plugin/"
     google-query: inurl:"/wp-content/plugins/triberr-wordpress-plugin/"
     shodan-query: 'vuln:CVE-2023-46199'
-  tags: cve,wordpress,wp-plugin,triberr-wordpress-plugin,medium
+  tags: cve,wordpress,wp-plugin,triberr-wordpress-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4620-b3c2fa102dc78b18cc1d35e379c8dc7a.yaml b/nuclei-templates/2023/CVE-2023-4620-b3c2fa102dc78b18cc1d35e379c8dc7a.yaml
index 8558d640fc..c3301dd1d4 100644
--- a/nuclei-templates/2023/CVE-2023-4620-b3c2fa102dc78b18cc1d35e379c8dc7a.yaml
+++ b/nuclei-templates/2023/CVE-2023-4620-b3c2fa102dc78b18cc1d35e379c8dc7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the booking form fields in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking/"
     google-query: inurl:"/wp-content/plugins/booking/"
     shodan-query: 'vuln:CVE-2023-4620'
-  tags: cve,wordpress,wp-plugin,booking,medium
+  tags: cve,wordpress,wp-plugin,booking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46200-4d6efde8bb592c906d33a37bc632b9bf.yaml b/nuclei-templates/2023/CVE-2023-46200-4d6efde8bb592c906d33a37bc632b9bf.yaml
index 670cb3390e..34ff8693a5 100644
--- a/nuclei-templates/2023/CVE-2023-46200-4d6efde8bb592c906d33a37bc632b9bf.yaml
+++ b/nuclei-templates/2023/CVE-2023-46200-4d6efde8bb592c906d33a37bc632b9bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart App Banner <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart App Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-app-banner/"
     google-query: inurl:"/wp-content/plugins/smart-app-banner/"
     shodan-query: 'vuln:CVE-2023-46200'
-  tags: cve,wordpress,wp-plugin,smart-app-banner,medium
+  tags: cve,wordpress,wp-plugin,smart-app-banner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46201-cbd733c7ebdd096e6d282497c4c8eb45.yaml b/nuclei-templates/2023/CVE-2023-46201-cbd733c7ebdd096e6d282497c4c8eb45.yaml
index 404181c5c2..f0d1218a32 100644
--- a/nuclei-templates/2023/CVE-2023-46201-cbd733c7ebdd096e6d282497c4c8eb45.yaml
+++ b/nuclei-templates/2023/CVE-2023-46201-cbd733c7ebdd096e6d282497c4c8eb45.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Login New User After Registration <= 1.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via alnuar_auto_login_new_user_after_registration_redirect
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Auto Login New User After Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alnuar_auto_login_new_user_after_registration_redirect' parameter in all versions up to, and including, 1.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is exploitable via Cross-Site Request Forgery (CVE-2023-46202).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-login-new-user-after-registration/"
     google-query: inurl:"/wp-content/plugins/auto-login-new-user-after-registration/"
     shodan-query: 'vuln:CVE-2023-46201'
-  tags: cve,wordpress,wp-plugin,auto-login-new-user-after-registration,medium
+  tags: cve,wordpress,wp-plugin,auto-login-new-user-after-registration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46203-2e06d0c89a5dc3c234768757cec7f855.yaml b/nuclei-templates/2023/CVE-2023-46203-2e06d0c89a5dc3c234768757cec7f855.yaml
index b4af44f641..3caa0b7405 100644
--- a/nuclei-templates/2023/CVE-2023-46203-2e06d0c89a5dc3c234768757cec7f855.yaml
+++ b/nuclei-templates/2023/CVE-2023-46203-2e06d0c89a5dc3c234768757cec7f855.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Just Custom Fields <= 3.3.2 - Missing Authorization on AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Just Custom Fields plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on various AJAX actions in versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create, modify, and delete custom fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/just-custom-fields/"
     google-query: inurl:"/wp-content/plugins/just-custom-fields/"
     shodan-query: 'vuln:CVE-2023-46203'
-  tags: cve,wordpress,wp-plugin,just-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,just-custom-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46205-c12fe9671d21c1c91257ccad7444bd6a.yaml b/nuclei-templates/2023/CVE-2023-46205-c12fe9671d21c1c91257ccad7444bd6a.yaml
index 5c94cef8a4..9fbe6430ca 100644
--- a/nuclei-templates/2023/CVE-2023-46205-c12fe9671d21c1c91257ccad7444bd6a.yaml
+++ b/nuclei-templates/2023/CVE-2023-46205-c12fe9671d21c1c91257ccad7444bd6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.19.14. This makes it possible for authenticated attackers, with contributor access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/Ultimate_VC_Addons/"
     google-query: inurl:"/wp-content/plugins/Ultimate_VC_Addons/"
     shodan-query: 'vuln:CVE-2023-46205'
-  tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,high
+  tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46206-7c87e8f104753303f633f63d1aeebd8d.yaml b/nuclei-templates/2023/CVE-2023-46206-7c87e8f104753303f633f63d1aeebd8d.yaml
index dea861d9aa..c2279c25ce 100644
--- a/nuclei-templates/2023/CVE-2023-46206-7c87e8f104753303f633f63d1aeebd8d.yaml
+++ b/nuclei-templates/2023/CVE-2023-46206-7c87e8f104753303f633f63d1aeebd8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MW WP Form <= 4.4.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MW WP Form plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 4.4.5. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mw-wp-form/"
     google-query: inurl:"/wp-content/plugins/mw-wp-form/"
     shodan-query: 'vuln:CVE-2023-46206'
-  tags: cve,wordpress,wp-plugin,mw-wp-form,medium
+  tags: cve,wordpress,wp-plugin,mw-wp-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46210-59d95b9687e55d617dd1230a739e9c20.yaml b/nuclei-templates/2023/CVE-2023-46210-59d95b9687e55d617dd1230a739e9c20.yaml
index de82d71884..8b36f82a67 100644
--- a/nuclei-templates/2023/CVE-2023-46210-59d95b9687e55d617dd1230a739e9c20.yaml
+++ b/nuclei-templates/2023/CVE-2023-46210-59d95b9687e55d617dd1230a739e9c20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WC Captcha <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WC Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-captcha/"
     google-query: inurl:"/wp-content/plugins/wc-captcha/"
     shodan-query: 'vuln:CVE-2023-46210'
-  tags: cve,wordpress,wp-plugin,wc-captcha,medium
+  tags: cve,wordpress,wp-plugin,wc-captcha,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46211-42a6391e7ed0fe5a4ef825a270130c8a.yaml b/nuclei-templates/2023/CVE-2023-46211-42a6391e7ed0fe5a4ef825a270130c8a.yaml
index 152641b6b6..52401a0e18 100644
--- a/nuclei-templates/2023/CVE-2023-46211-42a6391e7ed0fe5a4ef825a270130c8a.yaml
+++ b/nuclei-templates/2023/CVE-2023-46211-42a6391e7ed0fe5a4ef825a270130c8a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Addons for WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.19.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/Ultimate_VC_Addons/"
     google-query: inurl:"/wp-content/plugins/Ultimate_VC_Addons/"
     shodan-query: 'vuln:CVE-2023-46211'
-  tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,medium
+  tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46212-1bacae6a1e466eb95d42535d2732f49e.yaml b/nuclei-templates/2023/CVE-2023-46212-1bacae6a1e466eb95d42535d2732f49e.yaml
index 4000116ba1..ae3d02b1c1 100644
--- a/nuclei-templates/2023/CVE-2023-46212-1bacae6a1e466eb95d42535d2732f49e.yaml
+++ b/nuclei-templates/2023/CVE-2023-46212-1bacae6a1e466eb95d42535d2732f49e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP EXtra <= 6.2 - Missing Authorization to Export Settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP EXtra plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to export plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-extra/"
     google-query: inurl:"/wp-content/plugins/wp-extra/"
     shodan-query: 'vuln:CVE-2023-46212'
-  tags: cve,wordpress,wp-plugin,wp-extra,medium
+  tags: cve,wordpress,wp-plugin,wp-extra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4626-75b95cd57aa6f181317402e50b5298ac.yaml b/nuclei-templates/2023/CVE-2023-4626-75b95cd57aa6f181317402e50b5298ac.yaml
index c1d320d6d9..8d20eb7de8 100644
--- a/nuclei-templates/2023/CVE-2023-4626-75b95cd57aa6f181317402e50b5298ac.yaml
+++ b/nuclei-templates/2023/CVE-2023-4626-75b95cd57aa6f181317402e50b5298ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LadiApp <= 4.4 - Missing Authorization via ladiflow_save_hook()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladiflow_hook_configs' option.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ladipage/"
     google-query: inurl:"/wp-content/plugins/ladipage/"
     shodan-query: 'vuln:CVE-2023-4626'
-  tags: cve,wordpress,wp-plugin,ladipage,medium
+  tags: cve,wordpress,wp-plugin,ladipage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4627-cc5f050077abe9bc4430ea7311dee63b.yaml b/nuclei-templates/2023/CVE-2023-4627-cc5f050077abe9bc4430ea7311dee63b.yaml
index 6e5d19b172..b77c2bfaa6 100644
--- a/nuclei-templates/2023/CVE-2023-4627-cc5f050077abe9bc4430ea7311dee63b.yaml
+++ b/nuclei-templates/2023/CVE-2023-4627-cc5f050077abe9bc4430ea7311dee63b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LadiApp <= 4.4 - Missing Authorization via save_config()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladipage_config' option.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ladipage/"
     google-query: inurl:"/wp-content/plugins/ladipage/"
     shodan-query: 'vuln:CVE-2023-4627'
-  tags: cve,wordpress,wp-plugin,ladipage,medium
+  tags: cve,wordpress,wp-plugin,ladipage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4636-34d2a65b3d8097e555cf3aab3134db2d.yaml b/nuclei-templates/2023/CVE-2023-4636-34d2a65b3d8097e555cf3aab3134db2d.yaml
index dc26cd5181..0462c51d72 100644
--- a/nuclei-templates/2023/CVE-2023-4636-34d2a65b3d8097e555cf3aab3134db2d.yaml
+++ b/nuclei-templates/2023/CVE-2023-4636-34d2a65b3d8097e555cf3aab3134db2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Sharing Plugin <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-private-files/"
     google-query: inurl:"/wp-content/plugins/user-private-files/"
     shodan-query: 'vuln:CVE-2023-4636'
-  tags: cve,wordpress,wp-plugin,user-private-files,medium
+  tags: cve,wordpress,wp-plugin,user-private-files,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4637-a6bc1c4f18d7c787b94d2c3a536d60d6.yaml b/nuclei-templates/2023/CVE-2023-4637-a6bc1c4f18d7c787b94d2c3a536d60d6.yaml
index d723bb9960..5dc0c47fe9 100644
--- a/nuclei-templates/2023/CVE-2023-4637-a6bc1c4f18d7c787b94d2c3a536d60d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-4637-a6bc1c4f18d7c787b94d2c3a536d60d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPvivid <= 0.9.94 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:CVE-2023-4637'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,medium
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4643-bbc7fa54925890b55e253bb27ea68d3f.yaml b/nuclei-templates/2023/CVE-2023-4643-bbc7fa54925890b55e253bb27ea68d3f.yaml
index ee5b3d03da..9f90b5e335 100644
--- a/nuclei-templates/2023/CVE-2023-4643-bbc7fa54925890b55e253bb27ea68d3f.yaml
+++ b/nuclei-templates/2023/CVE-2023-4643-bbc7fa54925890b55e253bb27ea68d3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enable Media Replace <= 4.1.2 - Authenticated(Author+) PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Enable Media Replace plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.1.2 via deserialization of untrusted input in post content. This allows authenticated attackers with editor capabilities or above to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enable-media-replace/"
     google-query: inurl:"/wp-content/plugins/enable-media-replace/"
     shodan-query: 'vuln:CVE-2023-4643'
-  tags: cve,wordpress,wp-plugin,enable-media-replace,medium
+  tags: cve,wordpress,wp-plugin,enable-media-replace,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4646-9431aa52549a30a720033bb06c5049ca.yaml b/nuclei-templates/2023/CVE-2023-4646-9431aa52549a30a720033bb06c5049ca.yaml
index 884d759704..7218ea95a7 100644
--- a/nuclei-templates/2023/CVE-2023-4646-9431aa52549a30a720033bb06c5049ca.yaml
+++ b/nuclei-templates/2023/CVE-2023-4646-9431aa52549a30a720033bb06c5049ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Posts Ticker <= 1.1.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Posts Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-posts-ticker/"
     google-query: inurl:"/wp-content/plugins/simple-posts-ticker/"
     shodan-query: 'vuln:CVE-2023-4646'
-  tags: cve,wordpress,wp-plugin,simple-posts-ticker,medium
+  tags: cve,wordpress,wp-plugin,simple-posts-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4648-a0746efee95fbf7d166096b25b7d8be2.yaml b/nuclei-templates/2023/CVE-2023-4648-a0746efee95fbf7d166096b25b7d8be2.yaml
index 288c15538a..b5f2b70ed9 100644
--- a/nuclei-templates/2023/CVE-2023-4648-a0746efee95fbf7d166096b25b7d8be2.yaml
+++ b/nuclei-templates/2023/CVE-2023-4648-a0746efee95fbf7d166096b25b7d8be2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-customer-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-customer-reviews/"
     shodan-query: 'vuln:CVE-2023-4648'
-  tags: cve,wordpress,wp-plugin,wp-customer-reviews,medium
+  tags: cve,wordpress,wp-plugin,wp-customer-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46605-0f483e5b57556e64c6fcbf6984188e67.yaml b/nuclei-templates/2023/CVE-2023-46605-0f483e5b57556e64c6fcbf6984188e67.yaml
index 3c6adbf709..ecbf31539a 100644
--- a/nuclei-templates/2023/CVE-2023-46605-0f483e5b57556e64c6fcbf6984188e67.yaml
+++ b/nuclei-templates/2023/CVE-2023-46605-0f483e5b57556e64c6fcbf6984188e67.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Convertful – Your Ultimate On-Site Conversion Tool <= 2.5 - Missing Authorization via add_woo_coupon
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Convertful – Your Ultimate On-Site Conversion Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_woo_coupon' REST function in versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to generate coupons for arbitrary amounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/convertful/"
     google-query: inurl:"/wp-content/plugins/convertful/"
     shodan-query: 'vuln:CVE-2023-46605'
-  tags: cve,wordpress,wp-plugin,convertful,medium
+  tags: cve,wordpress,wp-plugin,convertful,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46606-f021a9b99ee30b184dab1f6f57a36751.yaml b/nuclei-templates/2023/CVE-2023-46606-f021a9b99ee30b184dab1f6f57a36751.yaml
index c9e921561c..2c5336ec0f 100644
--- a/nuclei-templates/2023/CVE-2023-46606-f021a9b99ee30b184dab1f6f57a36751.yaml
+++ b/nuclei-templates/2023/CVE-2023-46606-f021a9b99ee30b184dab1f6f57a36751.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AtomChat <= 1.1.4 - Missing Authorization via credits REST API Endpoint
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'credits' REST API function in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to manipulate user credits when the myCred plugin is installed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/atomchat/"
     google-query: inurl:"/wp-content/plugins/atomchat/"
     shodan-query: 'vuln:CVE-2023-46606'
-  tags: cve,wordpress,wp-plugin,atomchat,medium
+  tags: cve,wordpress,wp-plugin,atomchat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46607-e3f695a2140d0d6b1618f7ffa872601f.yaml b/nuclei-templates/2023/CVE-2023-46607-e3f695a2140d0d6b1618f7ffa872601f.yaml
index b48dc2077f..2e36370b2a 100644
--- a/nuclei-templates/2023/CVE-2023-46607-e3f695a2140d0d6b1618f7ffa872601f.yaml
+++ b/nuclei-templates/2023/CVE-2023-46607-e3f695a2140d0d6b1618f7ffa872601f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP iCal Availability <= 1.0.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP iCal Availability plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke this function. The exact impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ical-availability/"
     google-query: inurl:"/wp-content/plugins/wp-ical-availability/"
     shodan-query: 'vuln:CVE-2023-46607'
-  tags: cve,wordpress,wp-plugin,wp-ical-availability,medium
+  tags: cve,wordpress,wp-plugin,wp-ical-availability,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46608-bd8336f3b7891bca7cf2acd9eb9176f8.yaml b/nuclei-templates/2023/CVE-2023-46608-bd8336f3b7891bca7cf2acd9eb9176f8.yaml
index 7edac44032..a02b50e5b1 100644
--- a/nuclei-templates/2023/CVE-2023-46608-bd8336f3b7891bca7cf2acd9eb9176f8.yaml
+++ b/nuclei-templates/2023/CVE-2023-46608-bd8336f3b7891bca7cf2acd9eb9176f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DoLogin Security <= 3.7.1 - Missing Authorization via REST Endpoints
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The DoLogin Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple REST functions in versions up to, and including, 3.7.1. This makes it possible for unauthenticated attackers to send test SMS messages to arbitrary phone numbers, bypass brute force protections by making unlimited login attempts, and make use of the plugin's IP geolocation functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dologin/"
     google-query: inurl:"/wp-content/plugins/dologin/"
     shodan-query: 'vuln:CVE-2023-46608'
-  tags: cve,wordpress,wp-plugin,dologin,medium
+  tags: cve,wordpress,wp-plugin,dologin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46609-033552000c57d4d0e9b8f1077c9a1953.yaml b/nuclei-templates/2023/CVE-2023-46609-033552000c57d4d0e9b8f1077c9a1953.yaml
index 160b99de5f..151fb360e6 100644
--- a/nuclei-templates/2023/CVE-2023-46609-033552000c57d4d0e9b8f1077c9a1953.yaml
+++ b/nuclei-templates/2023/CVE-2023-46609-033552000c57d4d0e9b8f1077c9a1953.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FeedFocal <= 1.2.2 - Missing Authorization via feedfocal_api_setup REST function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FeedFocal plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the feedfocal_api_setup function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update the 'feedfocal_survey_code' option.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedfocal/"
     google-query: inurl:"/wp-content/plugins/feedfocal/"
     shodan-query: 'vuln:CVE-2023-46609'
-  tags: cve,wordpress,wp-plugin,feedfocal,medium
+  tags: cve,wordpress,wp-plugin,feedfocal,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46610-b2aa6adf9a3ecfeb3a1e73b7feaface1.yaml b/nuclei-templates/2023/CVE-2023-46610-b2aa6adf9a3ecfeb3a1e73b7feaface1.yaml
index 9f8a0cde7a..a518a579bc 100644
--- a/nuclei-templates/2023/CVE-2023-46610-b2aa6adf9a3ecfeb3a1e73b7feaface1.yaml
+++ b/nuclei-templates/2023/CVE-2023-46610-b2aa6adf9a3ecfeb3a1e73b7feaface1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quill Forms <= 3.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quill Forms plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of this functionality. The exact impact of the vulnerability is not known.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quillforms/"
     google-query: inurl:"/wp-content/plugins/quillforms/"
     shodan-query: 'vuln:CVE-2023-46610'
-  tags: cve,wordpress,wp-plugin,quillforms,medium
+  tags: cve,wordpress,wp-plugin,quillforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46612-dee11a999eea8acc0c1d0780e652bd48.yaml b/nuclei-templates/2023/CVE-2023-46612-dee11a999eea8acc0c1d0780e652bd48.yaml
index bca0ff00af..692039cdba 100644
--- a/nuclei-templates/2023/CVE-2023-46612-dee11a999eea8acc0c1d0780e652bd48.yaml
+++ b/nuclei-templates/2023/CVE-2023-46612-dee11a999eea8acc0c1d0780e652bd48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mediabay <= 1.6 - Missing Authorization via AJAC actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mediabay plugin for WordPress is vulnerable to unauthorized use of functionality due to missing capability checks on several AJAX actions in versions up to, and including, 1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to make changes to sidebars created with this plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mediabay-lite/"
     google-query: inurl:"/wp-content/plugins/mediabay-lite/"
     shodan-query: 'vuln:CVE-2023-46612'
-  tags: cve,wordpress,wp-plugin,mediabay-lite,medium
+  tags: cve,wordpress,wp-plugin,mediabay-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46613-2e36e1fd5443dd09871a6501069bddbb.yaml b/nuclei-templates/2023/CVE-2023-46613-2e36e1fd5443dd09871a6501069bddbb.yaml
index 29c5294f9d..1bbb497aed 100644
--- a/nuclei-templates/2023/CVE-2023-46613-2e36e1fd5443dd09871a6501069bddbb.yaml
+++ b/nuclei-templates/2023/CVE-2023-46613-2e36e1fd5443dd09871a6501069bddbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add to Calendar Button <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add to Calendar Button for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-to-calendar-button/"
     google-query: inurl:"/wp-content/plugins/add-to-calendar-button/"
     shodan-query: 'vuln:CVE-2023-46613'
-  tags: cve,wordpress,wp-plugin,add-to-calendar-button,medium
+  tags: cve,wordpress,wp-plugin,add-to-calendar-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46615-0ab200e48d96a6ca5d84cfe7a3d18007.yaml b/nuclei-templates/2023/CVE-2023-46615-0ab200e48d96a6ca5d84cfe7a3d18007.yaml
index 1daba816d8..5adf455fe6 100644
--- a/nuclei-templates/2023/CVE-2023-46615-0ab200e48d96a6ca5d84cfe7a3d18007.yaml
+++ b/nuclei-templates/2023/CVE-2023-46615-0ab200e48d96a6ca5d84cfe7a3d18007.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KD Coming Soon <= 1.7 - Unauthenticated PHP Object Injection via cetitle
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The KD Coming Soon plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7 via deserialization of untrusted input cetitle in the vulnerable kd_cemailer function. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kd-coming-soon/"
     google-query: inurl:"/wp-content/plugins/kd-coming-soon/"
     shodan-query: 'vuln:CVE-2023-46615'
-  tags: cve,wordpress,wp-plugin,kd-coming-soon,high
+  tags: cve,wordpress,wp-plugin,kd-coming-soon,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46628-12dbefa5509a29120cd218ac3cfa3bd8.yaml b/nuclei-templates/2023/CVE-2023-46628-12dbefa5509a29120cd218ac3cfa3bd8.yaml
index 9d78a63996..9f9e77bc42 100644
--- a/nuclei-templates/2023/CVE-2023-46628-12dbefa5509a29120cd218ac3cfa3bd8.yaml
+++ b/nuclei-templates/2023/CVE-2023-46628-12dbefa5509a29120cd218ac3cfa3bd8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Word Count <= 3.2.4 - Missing Authorization via calculate_statistics
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Word Count plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the calculate_statistics function in versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger a "Calculate Word Counts" operation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-word-count/"
     google-query: inurl:"/wp-content/plugins/wp-word-count/"
     shodan-query: 'vuln:CVE-2023-46628'
-  tags: cve,wordpress,wp-plugin,wp-word-count,medium
+  tags: cve,wordpress,wp-plugin,wp-word-count,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46631-bc983a8f571310dd96f9e038e97c3ba7.yaml b/nuclei-templates/2023/CVE-2023-46631-bc983a8f571310dd96f9e038e97c3ba7.yaml
index 4ae3380d79..6667b25b04 100644
--- a/nuclei-templates/2023/CVE-2023-46631-bc983a8f571310dd96f9e038e97c3ba7.yaml
+++ b/nuclei-templates/2023/CVE-2023-46631-bc983a8f571310dd96f9e038e97c3ba7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Recommendation Quiz for eCommerce <= 2.1.0 - Missing Authorization in prq_set_token
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Recommendation Quiz for eCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the prq_set_token function in versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to modify plugin settings via a request to the 'settoken' REST API endpoint.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-recommendation-quiz-for-ecommerce/"
     google-query: inurl:"/wp-content/plugins/product-recommendation-quiz-for-ecommerce/"
     shodan-query: 'vuln:CVE-2023-46631'
-  tags: cve,wordpress,wp-plugin,product-recommendation-quiz-for-ecommerce,medium
+  tags: cve,wordpress,wp-plugin,product-recommendation-quiz-for-ecommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46632-de64d2f517270fa27d42f881da4c6d98.yaml b/nuclei-templates/2023/CVE-2023-46632-de64d2f517270fa27d42f881da4c6d98.yaml
index 06d6ccc6ed..969774a5f2 100644
--- a/nuclei-templates/2023/CVE-2023-46632-de64d2f517270fa27d42f881da4c6d98.yaml
+++ b/nuclei-templates/2023/CVE-2023-46632-de64d2f517270fa27d42f881da4c6d98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Shortcodes <= 2.3 - Missing Authorization via Multiple AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The My Shortcodes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX actions in versions up to, and including, 2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-shortcodes/"
     google-query: inurl:"/wp-content/plugins/my-shortcodes/"
     shodan-query: 'vuln:CVE-2023-46632'
-  tags: cve,wordpress,wp-plugin,my-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,my-shortcodes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46633-782e75e9ade7cd09f2f9dfc0e07ecdf7.yaml b/nuclei-templates/2023/CVE-2023-46633-782e75e9ade7cd09f2f9dfc0e07ecdf7.yaml
index 4bf084c7f3..b4780b30fb 100644
--- a/nuclei-templates/2023/CVE-2023-46633-782e75e9ade7cd09f2f9dfc0e07ecdf7.yaml
+++ b/nuclei-templates/2023/CVE-2023-46633-782e75e9ade7cd09f2f9dfc0e07ecdf7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Glossary <= 3.1.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Glossary plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of this functionality. The exact impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-glossary/"
     google-query: inurl:"/wp-content/plugins/wp-glossary/"
     shodan-query: 'vuln:CVE-2023-46633'
-  tags: cve,wordpress,wp-plugin,wp-glossary,medium
+  tags: cve,wordpress,wp-plugin,wp-glossary,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46635-255ea4aa4e6fb6ceab7bcf43313eab50.yaml b/nuclei-templates/2023/CVE-2023-46635-255ea4aa4e6fb6ceab7bcf43313eab50.yaml
index 880da8a264..f07264ef64 100644
--- a/nuclei-templates/2023/CVE-2023-46635-255ea4aa4e6fb6ceab7bcf43313eab50.yaml
+++ b/nuclei-templates/2023/CVE-2023-46635-255ea4aa4e6fb6ceab7bcf43313eab50.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH WooCommerce Product Add-Ons <= 4.2.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to unauthorized functionality due to a missing capability check on two of its AJAX actions in versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to make use of this functionality and allows them to enable and disable blocks and addons.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-woocommerce-product-add-ons/"
     google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-add-ons/"
     shodan-query: 'vuln:CVE-2023-46635'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,medium
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46637-177a143182cd744b54e19a39a4cfbfd2.yaml b/nuclei-templates/2023/CVE-2023-46637-177a143182cd744b54e19a39a4cfbfd2.yaml
index 68c7548814..4a59e1c143 100644
--- a/nuclei-templates/2023/CVE-2023-46637-177a143182cd744b54e19a39a4cfbfd2.yaml
+++ b/nuclei-templates/2023/CVE-2023-46637-177a143182cd744b54e19a39a4cfbfd2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Generate Dummy Posts <= 1.0.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Generate Dummy Posts plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to make use of this functionality. Exact impacts are unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/generate-dummy-posts/"
     google-query: inurl:"/wp-content/plugins/generate-dummy-posts/"
     shodan-query: 'vuln:CVE-2023-46637'
-  tags: cve,wordpress,wp-plugin,generate-dummy-posts,medium
+  tags: cve,wordpress,wp-plugin,generate-dummy-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46639-31e1dd2369472619e89b67df12c89fa8.yaml b/nuclei-templates/2023/CVE-2023-46639-31e1dd2369472619e89b67df12c89fa8.yaml
index 6466ee75cd..5ef173ee8c 100644
--- a/nuclei-templates/2023/CVE-2023-46639-31e1dd2369472619e89b67df12c89fa8.yaml
+++ b/nuclei-templates/2023/CVE-2023-46639-31e1dd2369472619e89b67df12c89fa8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     kk Star Ratings <= 5.4.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The kk Star Ratings plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 5.4.5. This makes it possible for unauthenticated attackers to make use of this functionality. The exact impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kk-star-ratings/"
     google-query: inurl:"/wp-content/plugins/kk-star-ratings/"
     shodan-query: 'vuln:CVE-2023-46639'
-  tags: cve,wordpress,wp-plugin,kk-star-ratings,medium
+  tags: cve,wordpress,wp-plugin,kk-star-ratings,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46640-9a2c39e647de10bdf5506fe83c7446b4.yaml b/nuclei-templates/2023/CVE-2023-46640-9a2c39e647de10bdf5506fe83c7446b4.yaml
index 3859757350..4a42394bac 100644
--- a/nuclei-templates/2023/CVE-2023-46640-9a2c39e647de10bdf5506fe83c7446b4.yaml
+++ b/nuclei-templates/2023/CVE-2023-46640-9a2c39e647de10bdf5506fe83c7446b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Medialist <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Medialist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-list/"
     google-query: inurl:"/wp-content/plugins/media-list/"
     shodan-query: 'vuln:CVE-2023-46640'
-  tags: cve,wordpress,wp-plugin,media-list,medium
+  tags: cve,wordpress,wp-plugin,media-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46641-3884d9a5a5a83b7a3dc7015b6e93594e.yaml b/nuclei-templates/2023/CVE-2023-46641-3884d9a5a5a83b7a3dc7015b6e93594e.yaml
index 54b3065eb6..326bc67755 100644
--- a/nuclei-templates/2023/CVE-2023-46641-3884d9a5a5a83b7a3dc7015b6e93594e.yaml
+++ b/nuclei-templates/2023/CVE-2023-46641-3884d9a5a5a83b7a3dc7015b6e93594e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     12 Step Meeting List <= 3.14.24 - Authenticated (Contributor+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 12 Step Meeting List plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.14.24 via the tsml_add_data_source parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/12-step-meeting-list/"
     google-query: inurl:"/wp-content/plugins/12-step-meeting-list/"
     shodan-query: 'vuln:CVE-2023-46641'
-  tags: cve,wordpress,wp-plugin,12-step-meeting-list,medium
+  tags: cve,wordpress,wp-plugin,12-step-meeting-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46642-c3f117930fe59986e129269f444e98be.yaml b/nuclei-templates/2023/CVE-2023-46642-c3f117930fe59986e129269f444e98be.yaml
index 1705f36c27..6971bf2549 100644
--- a/nuclei-templates/2023/CVE-2023-46642-c3f117930fe59986e129269f444e98be.yaml
+++ b/nuclei-templates/2023/CVE-2023-46642-c3f117930fe59986e129269f444e98be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SAHU TikTok Pixel for E-Commerce <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SAHU TikTok Pixel for E-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sahu-tiktok-pixel/"
     google-query: inurl:"/wp-content/plugins/sahu-tiktok-pixel/"
     shodan-query: 'vuln:CVE-2023-46642'
-  tags: cve,wordpress,wp-plugin,sahu-tiktok-pixel,medium
+  tags: cve,wordpress,wp-plugin,sahu-tiktok-pixel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46644-98193019af2a73f9695ff639de4023e0.yaml b/nuclei-templates/2023/CVE-2023-46644-98193019af2a73f9695ff639de4023e0.yaml
index a8d1f5b9cf..95c6eea7ea 100644
--- a/nuclei-templates/2023/CVE-2023-46644-98193019af2a73f9695ff639de4023e0.yaml
+++ b/nuclei-templates/2023/CVE-2023-46644-98193019af2a73f9695ff639de4023e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress CTA <= 1.5.8 - Missing Authorization via Multiple AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress CTA plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX actions in versions up to, and including, 1.5.8. This makes it possible for unauthenticated attackers to perform unauthorized actions, such as adding new call to actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-sticky-sidebar/"
     google-query: inurl:"/wp-content/plugins/easy-sticky-sidebar/"
     shodan-query: 'vuln:CVE-2023-46644'
-  tags: cve,wordpress,wp-plugin,easy-sticky-sidebar,medium
+  tags: cve,wordpress,wp-plugin,easy-sticky-sidebar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46782-549edad2ce245fbc28f77db9aee80ff6.yaml b/nuclei-templates/2023/CVE-2023-46782-549edad2ce245fbc28f77db9aee80ff6.yaml
index 0a096175e0..9a84e2fb32 100644
--- a/nuclei-templates/2023/CVE-2023-46782-549edad2ce245fbc28f77db9aee80ff6.yaml
+++ b/nuclei-templates/2023/CVE-2023-46782-549edad2ce245fbc28f77db9aee80ff6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MomentoPress for Momento360 <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MomentoPress for Momento360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cmyee-momentopress/"
     google-query: inurl:"/wp-content/plugins/cmyee-momentopress/"
     shodan-query: 'vuln:CVE-2023-46782'
-  tags: cve,wordpress,wp-plugin,cmyee-momentopress,medium
+  tags: cve,wordpress,wp-plugin,cmyee-momentopress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46783-f8654e70b61d2e52e5f038a5f0414371.yaml b/nuclei-templates/2023/CVE-2023-46783-f8654e70b61d2e52e5f038a5f0414371.yaml
index e2074d30f7..40b0b5c814 100644
--- a/nuclei-templates/2023/CVE-2023-46783-f8654e70b61d2e52e5f038a5f0414371.yaml
+++ b/nuclei-templates/2023/CVE-2023-46783-f8654e70b61d2e52e5f038a5f0414371.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pre-Orders for WooCommerce <= 1.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pre-Orders for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.2.13 due to insufficient input sanitization and output escaping on the 'columns' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pre-orders-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/pre-orders-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-46783'
-  tags: cve,wordpress,wp-plugin,pre-orders-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,pre-orders-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46784-13f1e3e1ecb400323f6ac6db56c9c266.yaml b/nuclei-templates/2023/CVE-2023-46784-13f1e3e1ecb400323f6ac6db56c9c266.yaml
index a330e6757e..5736062918 100644
--- a/nuclei-templates/2023/CVE-2023-46784-13f1e3e1ecb400323f6ac6db56c9c266.yaml
+++ b/nuclei-templates/2023/CVE-2023-46784-13f1e3e1ecb400323f6ac6db56c9c266.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ICS Calendar <= 10.12.0.1 - Authenticated(Contributor+) Directory Traversal via _url_get_contents
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ICS Calendar plugin for WordPress is vulnerable to Directory Traversal in all versions up, and including, 10.12.0.1 via the _url_get_contents function. This makes it possible for authenticated attackers, with contributor access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ics-calendar/"
     google-query: inurl:"/wp-content/plugins/ics-calendar/"
     shodan-query: 'vuln:CVE-2023-46784'
-  tags: cve,wordpress,wp-plugin,ics-calendar,medium
+  tags: cve,wordpress,wp-plugin,ics-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46784-145fd589f9d6e521c8599d0e3d4550d9.yaml b/nuclei-templates/2023/CVE-2023-46784-145fd589f9d6e521c8599d0e3d4550d9.yaml
index 6425c45916..5c05698d9f 100644
--- a/nuclei-templates/2023/CVE-2023-46784-145fd589f9d6e521c8599d0e3d4550d9.yaml
+++ b/nuclei-templates/2023/CVE-2023-46784-145fd589f9d6e521c8599d0e3d4550d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ICS Calendar <= 10.12.0.2 - Authenticated (Contributor+) Arbitrary File Read and Server-Side Request Forgery
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ICS Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 10.12.0.2. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ics-calendar/"
     google-query: inurl:"/wp-content/plugins/ics-calendar/"
     shodan-query: 'vuln:CVE-2023-46784'
-  tags: cve,wordpress,wp-plugin,ics-calendar,high
+  tags: cve,wordpress,wp-plugin,ics-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46821-c051ed74380d85e155152ed23876ff43.yaml b/nuclei-templates/2023/CVE-2023-46821-c051ed74380d85e155152ed23876ff43.yaml
index 2b5fde9207..fba7948794 100644
--- a/nuclei-templates/2023/CVE-2023-46821-c051ed74380d85e155152ed23876ff43.yaml
+++ b/nuclei-templates/2023/CVE-2023-46821-c051ed74380d85e155152ed23876ff43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Security Headers <= 1.7 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The GD Security Headers plugin for WordPress is vulnerable to union-based SQL Injection via the 'filter-vd' and 'filter-ed' parameters in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-security-headers/"
     google-query: inurl:"/wp-content/plugins/gd-security-headers/"
     shodan-query: 'vuln:CVE-2023-46821'
-  tags: cve,wordpress,wp-plugin,gd-security-headers,high
+  tags: cve,wordpress,wp-plugin,gd-security-headers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46823-d16be1a4a8c6ae781f11c50d01685d10.yaml b/nuclei-templates/2023/CVE-2023-46823-d16be1a4a8c6ae781f11c50d01685d10.yaml
index c9009481c4..e7dcf450e1 100644
--- a/nuclei-templates/2023/CVE-2023-46823-d16be1a4a8c6ae781f11c50d01685d10.yaml
+++ b/nuclei-templates/2023/CVE-2023-46823-d16be1a4a8c6ae781f11c50d01685d10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageLinks <= 1.5.4 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ImageLinks Interactive Image Builder for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagelinks-interactive-image-builder-lite/"
     google-query: inurl:"/wp-content/plugins/imagelinks-interactive-image-builder-lite/"
     shodan-query: 'vuln:CVE-2023-46823'
-  tags: cve,wordpress,wp-plugin,imagelinks-interactive-image-builder-lite,high
+  tags: cve,wordpress,wp-plugin,imagelinks-interactive-image-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-46824-fe295018c777f28527f026c1db66229d.yaml b/nuclei-templates/2023/CVE-2023-46824-fe295018c777f28527f026c1db66229d.yaml
index 919fd7d90d..13a1edbf95 100644
--- a/nuclei-templates/2023/CVE-2023-46824-fe295018c777f28527f026c1db66229d.yaml
+++ b/nuclei-templates/2023/CVE-2023-46824-fe295018c777f28527f026c1db66229d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slick Popup: Contact Form 7 Popup Plugin <= 1.7.14 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slick Popup: Contact Form 7 Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the main heading parameter in all versions up to 1.7.15 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slick-popup/"
     google-query: inurl:"/wp-content/plugins/slick-popup/"
     shodan-query: 'vuln:CVE-2023-46824'
-  tags: cve,wordpress,wp-plugin,slick-popup,medium
+  tags: cve,wordpress,wp-plugin,slick-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4686-c2b458a87e9095667109688e878e4bb7.yaml b/nuclei-templates/2023/CVE-2023-4686-c2b458a87e9095667109688e878e4bb7.yaml
index b9758fc568..915bbb835e 100644
--- a/nuclei-templates/2023/CVE-2023-4686-c2b458a87e9095667109688e878e4bb7.yaml
+++ b/nuclei-templates/2023/CVE-2023-4686-c2b458a87e9095667109688e878e4bb7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Customer Reviews <= 3.6.6 - Authenticated (Subscriber+) Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-customer-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-customer-reviews/"
     shodan-query: 'vuln:CVE-2023-4686'
-  tags: cve,wordpress,wp-plugin,wp-customer-reviews,medium
+  tags: cve,wordpress,wp-plugin,wp-customer-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4691-8558d7a24f00d0b4c6ef650bca69a892.yaml b/nuclei-templates/2023/CVE-2023-4691-8558d7a24f00d0b4c6ef650bca69a892.yaml
index 4463c9adaa..444094284f 100644
--- a/nuclei-templates/2023/CVE-2023-4691-8558d7a24f00d0b4c6ef650bca69a892.yaml
+++ b/nuclei-templates/2023/CVE-2023-4691-8558d7a24f00d0b4c6ef650bca69a892.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bookly <= 22.3.1 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bookly plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 22.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/"
     google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/"
     shodan-query: 'vuln:CVE-2023-4691'
-  tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,medium
+  tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4716-cd5bfb58064b9745ccbd3f1f59ac312b.yaml b/nuclei-templates/2023/CVE-2023-4716-cd5bfb58064b9745ccbd3f1f59ac312b.yaml
index dd09f48532..bca6ba72c9 100644
--- a/nuclei-templates/2023/CVE-2023-4716-cd5bfb58064b9745ccbd3f1f59ac312b.yaml
+++ b/nuclei-templates/2023/CVE-2023-4716-cd5bfb58064b9745ccbd3f1f59ac312b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Assistant <= 3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-assistant/"
     google-query: inurl:"/wp-content/plugins/media-library-assistant/"
     shodan-query: 'vuln:CVE-2023-4716'
-  tags: cve,wordpress,wp-plugin,media-library-assistant,medium
+  tags: cve,wordpress,wp-plugin,media-library-assistant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47177-dc961a43bf6645987863e2268d4c98e4.yaml b/nuclei-templates/2023/CVE-2023-47177-dc961a43bf6645987863e2268d4c98e4.yaml
index 9207ac24b4..cb5419bb53 100644
--- a/nuclei-templates/2023/CVE-2023-47177-dc961a43bf6645987863e2268d4c98e4.yaml
+++ b/nuclei-templates/2023/CVE-2023-47177-dc961a43bf6645987863e2268d4c98e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Linker <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/linker/"
     google-query: inurl:"/wp-content/plugins/linker/"
     shodan-query: 'vuln:CVE-2023-47177'
-  tags: cve,wordpress,wp-plugin,linker,medium
+  tags: cve,wordpress,wp-plugin,linker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4718-bb75a2fa99f691c300cd6cf18948e14d.yaml b/nuclei-templates/2023/CVE-2023-4718-bb75a2fa99f691c300cd6cf18948e14d.yaml
index 2a4bb040e5..5de4bf865e 100644
--- a/nuclei-templates/2023/CVE-2023-4718-bb75a2fa99f691c300cd6cf18948e14d.yaml
+++ b/nuclei-templates/2023/CVE-2023-4718-bb75a2fa99f691c300cd6cf18948e14d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Font Awesome 4 Menus <= 4.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa' and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/font-awesome-4-menus/"
     google-query: inurl:"/wp-content/plugins/font-awesome-4-menus/"
     shodan-query: 'vuln:CVE-2023-4718'
-  tags: cve,wordpress,wp-plugin,font-awesome-4-menus,medium
+  tags: cve,wordpress,wp-plugin,font-awesome-4-menus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47181-147226d7fc59bc73ef79b60eb67e7365.yaml b/nuclei-templates/2023/CVE-2023-47181-147226d7fc59bc73ef79b60eb67e7365.yaml
index bf7a190377..c74831bc6a 100644
--- a/nuclei-templates/2023/CVE-2023-47181-147226d7fc59bc73ef79b60eb67e7365.yaml
+++ b/nuclei-templates/2023/CVE-2023-47181-147226d7fc59bc73ef79b60eb67e7365.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IdeaPush <= 8.52 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The IdeaPush plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.52 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ideapush/"
     google-query: inurl:"/wp-content/plugins/ideapush/"
     shodan-query: 'vuln:CVE-2023-47181'
-  tags: cve,wordpress,wp-plugin,ideapush,medium
+  tags: cve,wordpress,wp-plugin,ideapush,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47183-fa1fef40b905a2c3c8c8c056ae496c09.yaml b/nuclei-templates/2023/CVE-2023-47183-fa1fef40b905a2c3c8c8c056ae496c09.yaml
index b40314675c..e7b7f4f6dc 100644
--- a/nuclei-templates/2023/CVE-2023-47183-fa1fef40b905a2c3c8c8c056ae496c09.yaml
+++ b/nuclei-templates/2023/CVE-2023-47183-fa1fef40b905a2c3c8c8c056ae496c09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 2.33.1 - Missing Authorization via handleBeforeGateway
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GiveWP plugin for WordPress is vulnerable to unauthorized donation form access due to a missing check on the handleBeforeGateway function that would ensure that a donation form can be used and is not trashed in versions up to, and including, 2.33.1. There is no real security impact, but such trashed donation forms could still receive donations in vulnerable versions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2023-47183'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47184-11e3031fc351fbc9a833e9b97e46b6a6.yaml b/nuclei-templates/2023/CVE-2023-47184-11e3031fc351fbc9a833e9b97e46b6a6.yaml
index aab75f948c..9f56d9aad1 100644
--- a/nuclei-templates/2023/CVE-2023-47184-11e3031fc351fbc9a833e9b97e46b6a6.yaml
+++ b/nuclei-templates/2023/CVE-2023-47184-11e3031fc351fbc9a833e9b97e46b6a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Bar & Dashboard Control <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Admin Bar & Dashboard Access Control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.2.9 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-bar-dashboard-control/"
     google-query: inurl:"/wp-content/plugins/admin-bar-dashboard-control/"
     shodan-query: 'vuln:CVE-2023-47184'
-  tags: cve,wordpress,wp-plugin,admin-bar-dashboard-control,medium
+  tags: cve,wordpress,wp-plugin,admin-bar-dashboard-control,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47187-8fa029836e390a41910a91e1df99c734.yaml b/nuclei-templates/2023/CVE-2023-47187-8fa029836e390a41910a91e1df99c734.yaml
index fdb3d97a13..7f1b13d294 100644
--- a/nuclei-templates/2023/CVE-2023-47187-8fa029836e390a41910a91e1df99c734.yaml
+++ b/nuclei-templates/2023/CVE-2023-47187-8fa029836e390a41910a91e1df99c734.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Animated Rotating Words <= 5.4 - Missing Authorization via save_admin_options
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Animated Rotating Words plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_admin_options function in versions up to, and including, 5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/css3-rotating-words/"
     google-query: inurl:"/wp-content/plugins/css3-rotating-words/"
     shodan-query: 'vuln:CVE-2023-47187'
-  tags: cve,wordpress,wp-plugin,css3-rotating-words,medium
+  tags: cve,wordpress,wp-plugin,css3-rotating-words,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47188-290105b1777b3869c2f6dcc0140c3419.yaml b/nuclei-templates/2023/CVE-2023-47188-290105b1777b3869c2f6dcc0140c3419.yaml
index 7233232ddf..409807f4f9 100644
--- a/nuclei-templates/2023/CVE-2023-47188-290105b1777b3869c2f6dcc0140c3419.yaml
+++ b/nuclei-templates/2023/CVE-2023-47188-290105b1777b3869c2f6dcc0140c3419.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Job Board <= 2.10.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Job Board plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.10.5. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-job-board/"
     google-query: inurl:"/wp-content/plugins/simple-job-board/"
     shodan-query: 'vuln:CVE-2023-47188'
-  tags: cve,wordpress,wp-plugin,simple-job-board,medium
+  tags: cve,wordpress,wp-plugin,simple-job-board,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4719-3af100998fbed69cbdecde044b4ff026.yaml b/nuclei-templates/2023/CVE-2023-4719-3af100998fbed69cbdecde044b4ff026.yaml
index 5be59aa4e1..2b090d90fc 100644
--- a/nuclei-templates/2023/CVE-2023-4719-3af100998fbed69cbdecde044b4ff026.yaml
+++ b/nuclei-templates/2023/CVE-2023-4719-3af100998fbed69cbdecde044b4ff026.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could inject arbitrary web scripts into pages that are being executed if they can successfully trick a user into taking an action, such as clicking a malicious link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership/"
     google-query: inurl:"/wp-content/plugins/simple-membership/"
     shodan-query: 'vuln:CVE-2023-4719'
-  tags: cve,wordpress,wp-plugin,simple-membership,high
+  tags: cve,wordpress,wp-plugin,simple-membership,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47190-2c1fdb69500dc831bd46062ddc0d2b02.yaml b/nuclei-templates/2023/CVE-2023-47190-2c1fdb69500dc831bd46062ddc0d2b02.yaml
index fa6f81592c..b1deec0c72 100644
--- a/nuclei-templates/2023/CVE-2023-47190-2c1fdb69500dc831bd46062ddc0d2b02.yaml
+++ b/nuclei-templates/2023/CVE-2023-47190-2c1fdb69500dc831bd46062ddc0d2b02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Apollo13 Framework Extensions <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level and above permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/apollo13-framework-extensions/"
     google-query: inurl:"/wp-content/plugins/apollo13-framework-extensions/"
     shodan-query: 'vuln:CVE-2023-47190'
-  tags: cve,wordpress,wp-plugin,apollo13-framework-extensions,medium
+  tags: cve,wordpress,wp-plugin,apollo13-framework-extensions,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47223-b5b7bc46aa5c73951c7934c79faf05ff.yaml b/nuclei-templates/2023/CVE-2023-47223-b5b7bc46aa5c73951c7934c79faf05ff.yaml
index 8dc5b00de9..3e19030d65 100644
--- a/nuclei-templates/2023/CVE-2023-47223-b5b7bc46aa5c73951c7934c79faf05ff.yaml
+++ b/nuclei-templates/2023/CVE-2023-47223-b5b7bc46aa5c73951c7934c79faf05ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Basic Interactive World Map <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Basic Interactive World Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/basic-interactive-world-map/"
     google-query: inurl:"/wp-content/plugins/basic-interactive-world-map/"
     shodan-query: 'vuln:CVE-2023-47223'
-  tags: cve,wordpress,wp-plugin,basic-interactive-world-map,medium
+  tags: cve,wordpress,wp-plugin,basic-interactive-world-map,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47225-258545baa917b7571f477b428889162e.yaml b/nuclei-templates/2023/CVE-2023-47225-258545baa917b7571f477b428889162e.yaml
index 45ce8a6a89..0c83e4c06a 100644
--- a/nuclei-templates/2023/CVE-2023-47225-258545baa917b7571f477b428889162e.yaml
+++ b/nuclei-templates/2023/CVE-2023-47225-258545baa917b7571f477b428889162e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Short URL <= 1.6.8 - Missing Authorization via multiple AJAX functions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Short URL plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.6.8. This makes it possible for authenticated attackers such as subscribers to add, modify, or delete translations and plugin options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shorten-url/"
     google-query: inurl:"/wp-content/plugins/shorten-url/"
     shodan-query: 'vuln:CVE-2023-47225'
-  tags: cve,wordpress,wp-plugin,shorten-url,medium
+  tags: cve,wordpress,wp-plugin,shorten-url,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47226-43333653570b3a1b8a29a02f94914583.yaml b/nuclei-templates/2023/CVE-2023-47226-43333653570b3a1b8a29a02f94914583.yaml
index f26ce09f1c..83789c7ee6 100644
--- a/nuclei-templates/2023/CVE-2023-47226-43333653570b3a1b8a29a02f94914583.yaml
+++ b/nuclei-templates/2023/CVE-2023-47226-43333653570b3a1b8a29a02f94914583.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Sliders & Post Grids <= 1.0.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Sliders & Post Grids plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-slider-carousel/"
     google-query: inurl:"/wp-content/plugins/post-slider-carousel/"
     shodan-query: 'vuln:CVE-2023-47226'
-  tags: cve,wordpress,wp-plugin,post-slider-carousel,medium
+  tags: cve,wordpress,wp-plugin,post-slider-carousel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47227-3329f436b3e9299453177bb21ca6d4b2.yaml b/nuclei-templates/2023/CVE-2023-47227-3329f436b3e9299453177bb21ca6d4b2.yaml
index 5834b07b89..70f17422dd 100644
--- a/nuclei-templates/2023/CVE-2023-47227-3329f436b3e9299453177bb21ca6d4b2.yaml
+++ b/nuclei-templates/2023/CVE-2023-47227-3329f436b3e9299453177bb21ca6d4b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Feed | All social media in one place <= 1.5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting]
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Feed | All social media in one place plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-facebook/"
     google-query: inurl:"/wp-content/plugins/add-facebook/"
     shodan-query: 'vuln:CVE-2023-47227'
-  tags: cve,wordpress,wp-plugin,add-facebook,medium
+  tags: cve,wordpress,wp-plugin,add-facebook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47228-ba96af4ca3ffeaa3bcc3879d978146cb.yaml b/nuclei-templates/2023/CVE-2023-47228-ba96af4ca3ffeaa3bcc3879d978146cb.yaml
index 5348728ed7..f8c4890a89 100644
--- a/nuclei-templates/2023/CVE-2023-47228-ba96af4ca3ffeaa3bcc3879d978146cb.yaml
+++ b/nuclei-templates/2023/CVE-2023-47228-ba96af4ca3ffeaa3bcc3879d978146cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Layer Slider <= 1.1.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Layer Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-slideshow/"
     google-query: inurl:"/wp-content/plugins/slider-slideshow/"
     shodan-query: 'vuln:CVE-2023-47228'
-  tags: cve,wordpress,wp-plugin,slider-slideshow,medium
+  tags: cve,wordpress,wp-plugin,slider-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47229-34bed79fb50712c291365a8ff729b6f4.yaml b/nuclei-templates/2023/CVE-2023-47229-34bed79fb50712c291365a8ff729b6f4.yaml
index 9357575b34..910d2cf32e 100644
--- a/nuclei-templates/2023/CVE-2023-47229-34bed79fb50712c291365a8ff729b6f4.yaml
+++ b/nuclei-templates/2023/CVE-2023-47229-34bed79fb50712c291365a8ff729b6f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Top 25 Social Icons <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Top 25 Social Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level and above permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/top-25-social-icons/"
     google-query: inurl:"/wp-content/plugins/top-25-social-icons/"
     shodan-query: 'vuln:CVE-2023-47229'
-  tags: cve,wordpress,wp-plugin,top-25-social-icons,medium
+  tags: cve,wordpress,wp-plugin,top-25-social-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4723-ce4e21b72cfe20823efba4862db87109.yaml b/nuclei-templates/2023/CVE-2023-4723-ce4e21b72cfe20823efba4862db87109.yaml
index 6c82ee1908..c4a85a475d 100644
--- a/nuclei-templates/2023/CVE-2023-4723-ce4e21b72cfe20823efba4862db87109.yaml
+++ b/nuclei-templates/2023/CVE-2023-4723-ce4e21b72cfe20823efba4862db87109.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including  those of with pending/draft/future/private status.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2023-4723'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47231-2dbf94e1363346187fd0d9415f21a87d.yaml b/nuclei-templates/2023/CVE-2023-47231-2dbf94e1363346187fd0d9415f21a87d.yaml
index 4a00e45a26..784e6e7547 100644
--- a/nuclei-templates/2023/CVE-2023-47231-2dbf94e1363346187fd0d9415f21a87d.yaml
+++ b/nuclei-templates/2023/CVE-2023-47231-2dbf94e1363346187fd0d9415f21a87d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShortCodes UI <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ShortCodes UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ui/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ui/"
     shodan-query: 'vuln:CVE-2023-47231'
-  tags: cve,wordpress,wp-plugin,shortcodes-ui,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ui,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47236-1ae1b0bb4039a24aa303fbc722996071.yaml b/nuclei-templates/2023/CVE-2023-47236-1ae1b0bb4039a24aa303fbc722996071.yaml
index 80869968cd..dc58ada7de 100644
--- a/nuclei-templates/2023/CVE-2023-47236-1ae1b0bb4039a24aa303fbc722996071.yaml
+++ b/nuclei-templates/2023/CVE-2023-47236-1ae1b0bb4039a24aa303fbc722996071.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iPages Flipbook < 1.5.0 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The iPages Flipbook For WordPress plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in all versions up to 1.5.0 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with admin access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ipages-flipbook/"
     google-query: inurl:"/wp-content/plugins/ipages-flipbook/"
     shodan-query: 'vuln:CVE-2023-47236'
-  tags: cve,wordpress,wp-plugin,ipages-flipbook,high
+  tags: cve,wordpress,wp-plugin,ipages-flipbook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47239-6956ece992f5fba93947f810cb6c0062.yaml b/nuclei-templates/2023/CVE-2023-47239-6956ece992f5fba93947f810cb6c0062.yaml
index 556a7a8d57..7a910128de 100644
--- a/nuclei-templates/2023/CVE-2023-47239-6956ece992f5fba93947f810cb6c0062.yaml
+++ b/nuclei-templates/2023/CVE-2023-47239-6956ece992f5fba93947f810cb6c0062.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy PayPal Shopping Cart <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy PayPal Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level and above permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-paypal-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/easy-paypal-shopping-cart/"
     shodan-query: 'vuln:CVE-2023-47239'
-  tags: cve,wordpress,wp-plugin,easy-paypal-shopping-cart,medium
+  tags: cve,wordpress,wp-plugin,easy-paypal-shopping-cart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4724-3e761f82934df2ab4021a24d8a5d3f17.yaml b/nuclei-templates/2023/CVE-2023-4724-3e761f82934df2ab4021a24d8a5d3f17.yaml
index e8166119ec..316b88a67c 100644
--- a/nuclei-templates/2023/CVE-2023-4724-3e761f82934df2ab4021a24d8a5d3f17.yaml
+++ b/nuclei-templates/2023/CVE-2023-4724-3e761f82934df2ab4021a24d8a5d3f17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Authenticated (Admin+) Remote Code Execution
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Export any WordPress data to XML/CSV plugin for WordPress is vulnerable to Remote Code Execution in versions up to 1.4.1, and in versions up to 1.8.6 in the PRO version via the 'wp_query' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2023-4724
   metadata:
-    fofa-query: "wp-content/plugins/wp-all-export-pro/"
-    google-query: inurl:"/wp-content/plugins/wp-all-export-pro/"
+    fofa-query: "wp-content/plugins/wp-all-export/"
+    google-query: inurl:"/wp-content/plugins/wp-all-export/"
     shodan-query: 'vuln:CVE-2023-4724'
-  tags: cve,wordpress,wp-plugin,wp-all-export-pro,medium
+  tags: cve,wordpress,wp-plugin,wp-all-export,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-all-export-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-all-export/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wp-all-export-pro"
+          - "wp-all-export"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.8.6')
\ No newline at end of file
+          - compare_versions(version, '< 1.4.1')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-47240-4965c11c4afc77625d19c06034b78a11.yaml b/nuclei-templates/2023/CVE-2023-47240-4965c11c4afc77625d19c06034b78a11.yaml
index d1f736b687..5d1a3778fd 100644
--- a/nuclei-templates/2023/CVE-2023-47240-4965c11c4afc77625d19c06034b78a11.yaml
+++ b/nuclei-templates/2023/CVE-2023-47240-4965c11c4afc77625d19c06034b78a11.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CBX Map for Google Map & OpenStreetMap <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cbxgooglemap/"
     google-query: inurl:"/wp-content/plugins/cbxgooglemap/"
     shodan-query: 'vuln:CVE-2023-47240'
-  tags: cve,wordpress,wp-plugin,cbxgooglemap,medium
+  tags: cve,wordpress,wp-plugin,cbxgooglemap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47241-f86a366b83ee22a3c8a02c83ac209077.yaml b/nuclei-templates/2023/CVE-2023-47241-f86a366b83ee22a3c8a02c83ac209077.yaml
index d384497270..c6d872a37f 100644
--- a/nuclei-templates/2023/CVE-2023-47241-f86a366b83ee22a3c8a02c83ac209077.yaml
+++ b/nuclei-templates/2023/CVE-2023-47241-f86a366b83ee22a3c8a02c83ac209077.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CoCart – Headless ecommerce <= 3.11.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CoCart – Headless ecommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 3.11.2. This makes it possible for unauthenticated attackers to make unauthorized use of the unprotected function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cart-rest-api-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/cart-rest-api-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-47241'
-  tags: cve,wordpress,wp-plugin,cart-rest-api-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,cart-rest-api-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47242-28b0382bdb3605846c741b0b29e57d1e.yaml b/nuclei-templates/2023/CVE-2023-47242-28b0382bdb3605846c741b0b29e57d1e.yaml
index 595bcc4f13..59ad3bcbeb 100644
--- a/nuclei-templates/2023/CVE-2023-47242-28b0382bdb3605846c741b0b29e57d1e.yaml
+++ b/nuclei-templates/2023/CVE-2023-47242-28b0382bdb3605846c741b0b29e57d1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ANAC XML Bandi di Gara <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/avcp/"
     google-query: inurl:"/wp-content/plugins/avcp/"
     shodan-query: 'vuln:CVE-2023-47242'
-  tags: cve,wordpress,wp-plugin,avcp,medium
+  tags: cve,wordpress,wp-plugin,avcp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47243-13034f6a839e821ee8d8b6496142d778.yaml b/nuclei-templates/2023/CVE-2023-47243-13034f6a839e821ee8d8b6496142d778.yaml
index ed6f81796b..0161dfeba8 100644
--- a/nuclei-templates/2023/CVE-2023-47243-13034f6a839e821ee8d8b6496142d778.yaml
+++ b/nuclei-templates/2023/CVE-2023-47243-13034f6a839e821ee8d8b6496142d778.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MSHOP MY SITE <= 1.1.7 - Missing Authorization via update_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MSHOP MY SITE plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mshop-mysite/"
     google-query: inurl:"/wp-content/plugins/mshop-mysite/"
     shodan-query: 'vuln:CVE-2023-47243'
-  tags: cve,wordpress,wp-plugin,mshop-mysite,medium
+  tags: cve,wordpress,wp-plugin,mshop-mysite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47245-16ea15328c267590894ffee4442a84eb.yaml b/nuclei-templates/2023/CVE-2023-47245-16ea15328c267590894ffee4442a84eb.yaml
index 144f6db1e6..c04d7486f9 100644
--- a/nuclei-templates/2023/CVE-2023-47245-16ea15328c267590894ffee4442a84eb.yaml
+++ b/nuclei-templates/2023/CVE-2023-47245-16ea15328c267590894ffee4442a84eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ANAC XML Viewer <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ANAC XML Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anac-xml-viewer/"
     google-query: inurl:"/wp-content/plugins/anac-xml-viewer/"
     shodan-query: 'vuln:CVE-2023-47245'
-  tags: cve,wordpress,wp-plugin,anac-xml-viewer,medium
+  tags: cve,wordpress,wp-plugin,anac-xml-viewer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4725-f09df8170b914522627f58aeacdfb8a8.yaml b/nuclei-templates/2023/CVE-2023-4725-f09df8170b914522627f58aeacdfb8a8.yaml
index 8a9840476c..90f25f6059 100644
--- a/nuclei-templates/2023/CVE-2023-4725-f09df8170b914522627f58aeacdfb8a8.yaml
+++ b/nuclei-templates/2023/CVE-2023-4725-f09df8170b914522627f58aeacdfb8a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Posts Ticker <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Posts Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-posts-ticker/"
     google-query: inurl:"/wp-content/plugins/simple-posts-ticker/"
     shodan-query: 'vuln:CVE-2023-4725'
-  tags: cve,wordpress,wp-plugin,simple-posts-ticker,medium
+  tags: cve,wordpress,wp-plugin,simple-posts-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4726-b6be8c11fad37e887646a283e9c47ba4.yaml b/nuclei-templates/2023/CVE-2023-4726-b6be8c11fad37e887646a283e9c47ba4.yaml
index 57102ca28e..392bbf28ae 100644
--- a/nuclei-templates/2023/CVE-2023-4726-b6be8c11fad37e887646a283e9c47ba4.yaml
+++ b/nuclei-templates/2023/CVE-2023-4726-b6be8c11fad37e887646a283e9c47ba4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Dashboard <= 3.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-dashboard/"
     google-query: inurl:"/wp-content/plugins/ultimate-dashboard/"
     shodan-query: 'vuln:CVE-2023-4726'
-  tags: cve,wordpress,wp-plugin,ultimate-dashboard,medium
+  tags: cve,wordpress,wp-plugin,ultimate-dashboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4728-60eda95192a20425ef3765da3a807a07.yaml b/nuclei-templates/2023/CVE-2023-4728-60eda95192a20425ef3765da3a807a07.yaml
index 30b9ffaf25..45717bc9a8 100644
--- a/nuclei-templates/2023/CVE-2023-4728-60eda95192a20425ef3765da3a807a07.yaml
+++ b/nuclei-templates/2023/CVE-2023-4728-60eda95192a20425ef3765da3a807a07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Missing Authorization on publish_lp()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ladipage/"
     google-query: inurl:"/wp-content/plugins/ladipage/"
     shodan-query: 'vuln:CVE-2023-4728'
-  tags: cve,wordpress,wp-plugin,ladipage,medium
+  tags: cve,wordpress,wp-plugin,ladipage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47504-b58bfdaaa39d4e7d694c40523cac0a71.yaml b/nuclei-templates/2023/CVE-2023-47504-b58bfdaaa39d4e7d694c40523cac0a71.yaml
index abffd2f656..b45cc919c7 100644
--- a/nuclei-templates/2023/CVE-2023-47504-b58bfdaaa39d4e7d694c40523cac0a71.yaml
+++ b/nuclei-templates/2023/CVE-2023-47504-b58bfdaaa39d4e7d694c40523cac0a71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 3.16.4 - Missing Authorization to Arbitrary Attachment Read
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_inline_svg function in all versions up to, and including, 3.16.4. This makes it possible for authenticated attackers, with contributor-level access and above, to read arbitrary attachment files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2023-47504'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47505-ed7ec795a9e5769e2593c8bc7106e945.yaml b/nuclei-templates/2023/CVE-2023-47505-ed7ec795a9e5769e2593c8bc7106e945.yaml
index b0acc7144f..215b5677fe 100644
--- a/nuclei-templates/2023/CVE-2023-47505-ed7ec795a9e5769e2593c8bc7106e945.yaml
+++ b/nuclei-templates/2023/CVE-2023-47505-ed7ec795a9e5769e2593c8bc7106e945.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 3.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_inline_svg()
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the get_inline_svg() function in versions up to, and including, 3.16.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2023-47505'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47506-624a2aa57869ce0516a56db0d2b7ba1e.yaml b/nuclei-templates/2023/CVE-2023-47506-624a2aa57869ce0516a56db0d2b7ba1e.yaml
index 273a1d1434..5bc2866545 100644
--- a/nuclei-templates/2023/CVE-2023-47506-624a2aa57869ce0516a56db0d2b7ba1e.yaml
+++ b/nuclei-templates/2023/CVE-2023-47506-624a2aa57869ce0516a56db0d2b7ba1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Slider Pro <= 3.6.5 - Authenticated (Editor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Master Slider Pro plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 3.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/masterslider/"
     google-query: inurl:"/wp-content/plugins/masterslider/"
     shodan-query: 'vuln:CVE-2023-47506'
-  tags: cve,wordpress,wp-plugin,masterslider,high
+  tags: cve,wordpress,wp-plugin,masterslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47509-fd2527f160b6f8cee6c4ddf5aa4628c1.yaml b/nuclei-templates/2023/CVE-2023-47509-fd2527f160b6f8cee6c4ddf5aa4628c1.yaml
index feba7a1259..4489d86442 100644
--- a/nuclei-templates/2023/CVE-2023-47509-fd2527f160b6f8cee6c4ddf5aa4628c1.yaml
+++ b/nuclei-templates/2023/CVE-2023-47509-fd2527f160b6f8cee6c4ddf5aa4628c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Edit WooCommerce Templates <= 1.1.1 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Edit WooCommerce Templates plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-edit-templates/"
     google-query: inurl:"/wp-content/plugins/woo-edit-templates/"
     shodan-query: 'vuln:CVE-2023-47509'
-  tags: cve,wordpress,wp-plugin,woo-edit-templates,medium
+  tags: cve,wordpress,wp-plugin,woo-edit-templates,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47511-8f29322bf5d9ac8d382567725e776aae.yaml b/nuclei-templates/2023/CVE-2023-47511-8f29322bf5d9ac8d382567725e776aae.yaml
index fa69fec30b..04b439ecb9 100644
--- a/nuclei-templates/2023/CVE-2023-47511-8f29322bf5d9ac8d382567725e776aae.yaml
+++ b/nuclei-templates/2023/CVE-2023-47511-8f29322bf5d9ac8d382567725e776aae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pinyin Slugs <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pinyin Slugs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/so-pinyin-slugs/"
     google-query: inurl:"/wp-content/plugins/so-pinyin-slugs/"
     shodan-query: 'vuln:CVE-2023-47511'
-  tags: cve,wordpress,wp-plugin,so-pinyin-slugs,medium
+  tags: cve,wordpress,wp-plugin,so-pinyin-slugs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47512-bc43f57bd35ee24fbcd374ea171e9e72.yaml b/nuclei-templates/2023/CVE-2023-47512-bc43f57bd35ee24fbcd374ea171e9e72.yaml
index 41c348edc5..9c70c9eee1 100644
--- a/nuclei-templates/2023/CVE-2023-47512-bc43f57bd35ee24fbcd374ea171e9e72.yaml
+++ b/nuclei-templates/2023/CVE-2023-47512-bc43f57bd35ee24fbcd374ea171e9e72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Enquiry for WooCommerce <= 3.1 - Unauthenticated Stored Cross-Site Scripting via name
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Enquiry for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2023-47696 appears to be a potential duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gm-woocommerce-quote-popup/"
     google-query: inurl:"/wp-content/plugins/gm-woocommerce-quote-popup/"
     shodan-query: 'vuln:CVE-2023-47512'
-  tags: cve,wordpress,wp-plugin,gm-woocommerce-quote-popup,medium
+  tags: cve,wordpress,wp-plugin,gm-woocommerce-quote-popup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47513-3587db01a7a28244ee4173daa03a691b.yaml b/nuclei-templates/2023/CVE-2023-47513-3587db01a7a28244ee4173daa03a691b.yaml
index d0b6b18051..ac1010cb73 100644
--- a/nuclei-templates/2023/CVE-2023-47513-3587db01a7a28244ee4173daa03a691b.yaml
+++ b/nuclei-templates/2023/CVE-2023-47513-3587db01a7a28244ee4173daa03a691b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARI Stream Quiz <= 1.3.2 - Authenticated(Contributor+) Content Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ARI Stream Quiz – WordPress Quizzes Builder plugin for WordPress is vulnerable to content injection due to improper capability checks on the quiz editing functionality in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with contributor access and above, to publish quizzes containing arbitrary content on the site without review.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ari-stream-quiz/"
     google-query: inurl:"/wp-content/plugins/ari-stream-quiz/"
     shodan-query: 'vuln:CVE-2023-47513'
-  tags: cve,wordpress,wp-plugin,ari-stream-quiz,medium
+  tags: cve,wordpress,wp-plugin,ari-stream-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47514-68ab25be74477c215ab2a821dbee384e.yaml b/nuclei-templates/2023/CVE-2023-47514-68ab25be74477c215ab2a821dbee384e.yaml
index 2c39950c77..04ec7b7b1d 100644
--- a/nuclei-templates/2023/CVE-2023-47514-68ab25be74477c215ab2a821dbee384e.yaml
+++ b/nuclei-templates/2023/CVE-2023-47514-68ab25be74477c215ab2a821dbee384e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Star CloudPRNT for WooCommerce <= 2.0.3 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/star-cloudprnt-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/star-cloudprnt-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-47514'
-  tags: cve,wordpress,wp-plugin,star-cloudprnt-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,star-cloudprnt-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47515-99cc5f18cba37431e326c7c04591a219.yaml b/nuclei-templates/2023/CVE-2023-47515-99cc5f18cba37431e326c7c04591a219.yaml
index e9a69a87fb..1d1c971c4e 100644
--- a/nuclei-templates/2023/CVE-2023-47515-99cc5f18cba37431e326c7c04591a219.yaml
+++ b/nuclei-templates/2023/CVE-2023-47515-99cc5f18cba37431e326c7c04591a219.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seers <= 8.1.1 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Seers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax functions in versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to modify the cookie policy and change the consent cookie name.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seers-cookie-consent-banner-privacy-policy/"
     google-query: inurl:"/wp-content/plugins/seers-cookie-consent-banner-privacy-policy/"
     shodan-query: 'vuln:CVE-2023-47515'
-  tags: cve,wordpress,wp-plugin,seers-cookie-consent-banner-privacy-policy,medium
+  tags: cve,wordpress,wp-plugin,seers-cookie-consent-banner-privacy-policy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47516-4f664c5f9a6ed3cf0ca52dbb21a8c73c.yaml b/nuclei-templates/2023/CVE-2023-47516-4f664c5f9a6ed3cf0ca52dbb21a8c73c.yaml
index cb45fd0356..370fae99e5 100644
--- a/nuclei-templates/2023/CVE-2023-47516-4f664c5f9a6ed3cf0ca52dbb21a8c73c.yaml
+++ b/nuclei-templates/2023/CVE-2023-47516-4f664c5f9a6ed3cf0ca52dbb21a8c73c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Category Post List Widget <= 2.0 - Unauthenticated Stored Cross-Site Scripting via custom_css
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Category Post List Widget plugin for WordPress is vulnerable to stored Cross-Site Scripting via the ‘custom_css’ parameter in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping and a lack of a nonce check on the 'get_cplw_settings' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/category-post-list-widget/"
     google-query: inurl:"/wp-content/plugins/category-post-list-widget/"
     shodan-query: 'vuln:CVE-2023-47516'
-  tags: cve,wordpress,wp-plugin,category-post-list-widget,medium
+  tags: cve,wordpress,wp-plugin,category-post-list-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47523-ef92930a59c0704397081e4543f7586d.yaml b/nuclei-templates/2023/CVE-2023-47523-ef92930a59c0704397081e4543f7586d.yaml
index 161444fb41..8458982db0 100644
--- a/nuclei-templates/2023/CVE-2023-47523-ef92930a59c0704397081e4543f7586d.yaml
+++ b/nuclei-templates/2023/CVE-2023-47523-ef92930a59c0704397081e4543f7586d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Tag Creator <= 1.0.2 - Missing Authorization via tag_save_settings_callback
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Auto Tag Creator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_save_settings_callback function in versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-tag-creator/"
     google-query: inurl:"/wp-content/plugins/auto-tag-creator/"
     shodan-query: 'vuln:CVE-2023-47523'
-  tags: cve,wordpress,wp-plugin,auto-tag-creator,medium
+  tags: cve,wordpress,wp-plugin,auto-tag-creator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47525-5b36fd20286674ebec29c5f8c3b598c9.yaml b/nuclei-templates/2023/CVE-2023-47525-5b36fd20286674ebec29c5f8c3b598c9.yaml
index c6c33287e8..73c0e528b3 100644
--- a/nuclei-templates/2023/CVE-2023-47525-5b36fd20286674ebec29c5f8c3b598c9.yaml
+++ b/nuclei-templates/2023/CVE-2023-47525-5b36fd20286674ebec29c5f8c3b598c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Management Tickets Booking <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-monster/"
     google-query: inurl:"/wp-content/plugins/event-monster/"
     shodan-query: 'vuln:CVE-2023-47525'
-  tags: cve,wordpress,wp-plugin,event-monster,medium
+  tags: cve,wordpress,wp-plugin,event-monster,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47526-9c920cf674baacb0579f3b1f4946e20e.yaml b/nuclei-templates/2023/CVE-2023-47526-9c920cf674baacb0579f3b1f4946e20e.yaml
index fe775d5911..f16b14ab82 100644
--- a/nuclei-templates/2023/CVE-2023-47526-9c920cf674baacb0579f3b1f4946e20e.yaml
+++ b/nuclei-templates/2023/CVE-2023-47526-9c920cf674baacb0579f3b1f4946e20e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chartify <= 2.0.6 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chart-builder/"
     google-query: inurl:"/wp-content/plugins/chart-builder/"
     shodan-query: 'vuln:CVE-2023-47526'
-  tags: cve,wordpress,wp-plugin,chart-builder,medium
+  tags: cve,wordpress,wp-plugin,chart-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47527-267f0e0e2934a72d1de6f6f1105dcde9.yaml b/nuclei-templates/2023/CVE-2023-47527-267f0e0e2934a72d1de6f6f1105dcde9.yaml
index a5b77d5e45..7d1a4fd94e 100644
--- a/nuclei-templates/2023/CVE-2023-47527-267f0e0e2934a72d1de6f6f1105dcde9.yaml
+++ b/nuclei-templates/2023/CVE-2023-47527-267f0e0e2934a72d1de6f6f1105dcde9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Edit Username <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Edit Username plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-edit-username/"
     google-query: inurl:"/wp-content/plugins/wp-edit-username/"
     shodan-query: 'vuln:CVE-2023-47527'
-  tags: cve,wordpress,wp-plugin,wp-edit-username,medium
+  tags: cve,wordpress,wp-plugin,wp-edit-username,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47528-7b1e0db7c2338cbba544192fa7f81810.yaml b/nuclei-templates/2023/CVE-2023-47528-7b1e0db7c2338cbba544192fa7f81810.yaml
index ac239e91f2..aba8026a3d 100644
--- a/nuclei-templates/2023/CVE-2023-47528-7b1e0db7c2338cbba544192fa7f81810.yaml
+++ b/nuclei-templates/2023/CVE-2023-47528-7b1e0db7c2338cbba544192fa7f81810.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Edit Username <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Edit Username plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-edit-username/"
     google-query: inurl:"/wp-content/plugins/wp-edit-username/"
     shodan-query: 'vuln:CVE-2023-47528'
-  tags: cve,wordpress,wp-plugin,wp-edit-username,medium
+  tags: cve,wordpress,wp-plugin,wp-edit-username,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47530-20764e34dd96746ac27cacdf816c512f.yaml b/nuclei-templates/2023/CVE-2023-47530-20764e34dd96746ac27cacdf816c512f.yaml
index 5731703164..e38055c315 100644
--- a/nuclei-templates/2023/CVE-2023-47530-20764e34dd96746ac27cacdf816c512f.yaml
+++ b/nuclei-templates/2023/CVE-2023-47530-20764e34dd96746ac27cacdf816c512f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Redirect 404 Error Page to Homepage or Custom Page with Logs plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.8.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-404-error-page-to-homepage-or-custom-page/"
     google-query: inurl:"/wp-content/plugins/redirect-404-error-page-to-homepage-or-custom-page/"
     shodan-query: 'vuln:CVE-2023-47530'
-  tags: cve,wordpress,wp-plugin,redirect-404-error-page-to-homepage-or-custom-page,high
+  tags: cve,wordpress,wp-plugin,redirect-404-error-page-to-homepage-or-custom-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47533-c8561a6d177892f154af9b7c10500c01.yaml b/nuclei-templates/2023/CVE-2023-47533-c8561a6d177892f154af9b7c10500c01.yaml
index 32e785b39c..daf94c1db3 100644
--- a/nuclei-templates/2023/CVE-2023-47533-c8561a6d177892f154af9b7c10500c01.yaml
+++ b/nuclei-templates/2023/CVE-2023-47533-c8561a6d177892f154af9b7c10500c01.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Countdown and CountUp, WooCommerce Sales Timer <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Countdown and CountUp, WooCommerce Sales Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/countdown-wpdevart-extended/"
     google-query: inurl:"/wp-content/plugins/countdown-wpdevart-extended/"
     shodan-query: 'vuln:CVE-2023-47533'
-  tags: cve,wordpress,wp-plugin,countdown-wpdevart-extended,medium
+  tags: cve,wordpress,wp-plugin,countdown-wpdevart-extended,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47544-b5350d73ee034ae7067ab3d2b696ae06.yaml b/nuclei-templates/2023/CVE-2023-47544-b5350d73ee034ae7067ab3d2b696ae06.yaml
index f5b0e3916c..6248f7a55d 100644
--- a/nuclei-templates/2023/CVE-2023-47544-b5350d73ee034ae7067ab3d2b696ae06.yaml
+++ b/nuclei-templates/2023/CVE-2023-47544-b5350d73ee034ae7067ab3d2b696ae06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Atarim <= 3.12 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Atarim plugin for WordPress is vulnerable to Cross-Site Scripting via the new_task parameter in versions up to, and including, 3.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/atarim-visual-collaboration/"
     google-query: inurl:"/wp-content/plugins/atarim-visual-collaboration/"
     shodan-query: 'vuln:CVE-2023-47544'
-  tags: cve,wordpress,wp-plugin,atarim-visual-collaboration,medium
+  tags: cve,wordpress,wp-plugin,atarim-visual-collaboration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47545-6d25ab79e6e7aca51a4387e7aae24c9c.yaml b/nuclei-templates/2023/CVE-2023-47545-6d25ab79e6e7aca51a4387e7aae24c9c.yaml
index dcb840c98d..0551e02906 100644
--- a/nuclei-templates/2023/CVE-2023-47545-6d25ab79e6e7aca51a4387e7aae24c9c.yaml
+++ b/nuclei-templates/2023/CVE-2023-47545-6d25ab79e6e7aca51a4387e7aae24c9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forms for Mailchimp by Optin Cat <= 2.5.4 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Forms for Mailchimp by Optin Cat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the params_str function in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-wp/"
     google-query: inurl:"/wp-content/plugins/mailchimp-wp/"
     shodan-query: 'vuln:CVE-2023-47545'
-  tags: cve,wordpress,wp-plugin,mailchimp-wp,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47546-78ddb3e5efc137c9989117bb477a197f.yaml b/nuclei-templates/2023/CVE-2023-47546-78ddb3e5efc137c9989117bb477a197f.yaml
index 3e71536a0a..69d54f3474 100644
--- a/nuclei-templates/2023/CVE-2023-47546-78ddb3e5efc137c9989117bb477a197f.yaml
+++ b/nuclei-templates/2023/CVE-2023-47546-78ddb3e5efc137c9989117bb477a197f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OneClick Chat to Order <= 1.0.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OneClick Chat to Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oneclick-whatsapp-order/"
     google-query: inurl:"/wp-content/plugins/oneclick-whatsapp-order/"
     shodan-query: 'vuln:CVE-2023-47546'
-  tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,medium
+  tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47549-19e34a16c1a810dff7996ec5d94f691f.yaml b/nuclei-templates/2023/CVE-2023-47549-19e34a16c1a810dff7996ec5d94f691f.yaml
index 4df4f664dd..119ff009a0 100644
--- a/nuclei-templates/2023/CVE-2023-47549-19e34a16c1a810dff7996ec5d94f691f.yaml
+++ b/nuclei-templates/2023/CVE-2023-47549-19e34a16c1a810dff7996ec5d94f691f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EazyDocs <= 2.3.5 - Unauthenticated Stored Cross-Site Scripting via edit_doc_one_page
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EazyDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘edit_doc_one_page’ parameter in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eazydocs/"
     google-query: inurl:"/wp-content/plugins/eazydocs/"
     shodan-query: 'vuln:CVE-2023-47549'
-  tags: cve,wordpress,wp-plugin,eazydocs,medium
+  tags: cve,wordpress,wp-plugin,eazydocs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47550-37dbc4d1c954090682035935efde0d58.yaml b/nuclei-templates/2023/CVE-2023-47550-37dbc4d1c954090682035935efde0d58.yaml
index c33089c605..d5d74c67eb 100644
--- a/nuclei-templates/2023/CVE-2023-47550-37dbc4d1c954090682035935efde0d58.yaml
+++ b/nuclei-templates/2023/CVE-2023-47550-37dbc4d1c954090682035935efde0d58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Donations Made Easy – Smart Donations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-donations/"
     google-query: inurl:"/wp-content/plugins/smart-donations/"
     shodan-query: 'vuln:CVE-2023-47550'
-  tags: cve,wordpress,wp-plugin,smart-donations,medium
+  tags: cve,wordpress,wp-plugin,smart-donations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47554-2e3087c002dc76b9a7567526587e8736.yaml b/nuclei-templates/2023/CVE-2023-47554-2e3087c002dc76b9a7567526587e8736.yaml
index 3c794a59bf..2648cfcaa9 100644
--- a/nuclei-templates/2023/CVE-2023-47554-2e3087c002dc76b9a7567526587e8736.yaml
+++ b/nuclei-templates/2023/CVE-2023-47554-2e3087c002dc76b9a7567526587e8736.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Actueel Financieel Nieuws – Denk Internet Solutions <= 5.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Actueel Financieel Nieuws – Denk Internet Solutions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/denk-internet-solutions/"
     google-query: inurl:"/wp-content/plugins/denk-internet-solutions/"
     shodan-query: 'vuln:CVE-2023-47554'
-  tags: cve,wordpress,wp-plugin,denk-internet-solutions,medium
+  tags: cve,wordpress,wp-plugin,denk-internet-solutions,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47557-5a91aad28267261ebd2de3c8343f1995.yaml b/nuclei-templates/2023/CVE-2023-47557-5a91aad28267261ebd2de3c8343f1995.yaml
index c03e2cef71..0d78093d26 100644
--- a/nuclei-templates/2023/CVE-2023-47557-5a91aad28267261ebd2de3c8343f1995.yaml
+++ b/nuclei-templates/2023/CVE-2023-47557-5a91aad28267261ebd2de3c8343f1995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visitors Traffic Real Time Statistics <= 7.2 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Visitors Traffic Real Time Statistics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to view visitor statistics.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/"
     google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/"
     shodan-query: 'vuln:CVE-2023-47557'
-  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,medium
+  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47558-4d3c4e1a467914ea53537050432b3938.yaml b/nuclei-templates/2023/CVE-2023-47558-4d3c4e1a467914ea53537050432b3938.yaml
index 0da985475e..abe88c26d8 100644
--- a/nuclei-templates/2023/CVE-2023-47558-4d3c4e1a467914ea53537050432b3938.yaml
+++ b/nuclei-templates/2023/CVE-2023-47558-4d3c4e1a467914ea53537050432b3938.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Who Hit The Page – Hit Counter <= 1.4.14.3 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Who Hit The Page – Hit Counter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.14.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/who-hit-the-page-hit-counter/"
     google-query: inurl:"/wp-content/plugins/who-hit-the-page-hit-counter/"
     shodan-query: 'vuln:CVE-2023-47558'
-  tags: cve,wordpress,wp-plugin,who-hit-the-page-hit-counter,high
+  tags: cve,wordpress,wp-plugin,who-hit-the-page-hit-counter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47646-3efeefb310fc267db6d3c82c2278b44a.yaml b/nuclei-templates/2023/CVE-2023-47646-3efeefb310fc267db6d3c82c2278b44a.yaml
index 2d052f8cef..cc761b31cb 100644
--- a/nuclei-templates/2023/CVE-2023-47646-3efeefb310fc267db6d3c82c2278b44a.yaml
+++ b/nuclei-templates/2023/CVE-2023-47646-3efeefb310fc267db6d3c82c2278b44a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Recently viewed and most viewed products <= 1.1.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Recently viewed and most viewed products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recently-viewed-and-most-viewed-products/"
     google-query: inurl:"/wp-content/plugins/recently-viewed-and-most-viewed-products/"
     shodan-query: 'vuln:CVE-2023-47646'
-  tags: cve,wordpress,wp-plugin,recently-viewed-and-most-viewed-products,medium
+  tags: cve,wordpress,wp-plugin,recently-viewed-and-most-viewed-products,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47647-99d724e78c6e3ca9e817c7ab41561c22.yaml b/nuclei-templates/2023/CVE-2023-47647-99d724e78c6e3ca9e817c7ab41561c22.yaml
index bf5f82752f..ebde85638c 100644
--- a/nuclei-templates/2023/CVE-2023-47647-99d724e78c6e3ca9e817c7ab41561c22.yaml
+++ b/nuclei-templates/2023/CVE-2023-47647-99d724e78c6e3ca9e817c7ab41561c22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BadgeOS <= 3.7.1.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BadgeOS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions such as listing users
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/badgeos/"
     google-query: inurl:"/wp-content/plugins/badgeos/"
     shodan-query: 'vuln:CVE-2023-47647'
-  tags: cve,wordpress,wp-plugin,badgeos,medium
+  tags: cve,wordpress,wp-plugin,badgeos,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47648-405b16e90fe11a6da428eb58c52f2070.yaml b/nuclei-templates/2023/CVE-2023-47648-405b16e90fe11a6da428eb58c52f2070.yaml
index f05db7e29d..4bc26398a3 100644
--- a/nuclei-templates/2023/CVE-2023-47648-405b16e90fe11a6da428eb58c52f2070.yaml
+++ b/nuclei-templates/2023/CVE-2023-47648-405b16e90fe11a6da428eb58c52f2070.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EazyDocs <= 2.3.5 - Missing Authorization via doc_one_page and edit_doc_one_page
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EazyDocs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the doc_one_page and edit_doc_one_page functions in versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to publish and edit the plugin's OnePage document. CVE-2023-6029 may be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eazydocs/"
     google-query: inurl:"/wp-content/plugins/eazydocs/"
     shodan-query: 'vuln:CVE-2023-47648'
-  tags: cve,wordpress,wp-plugin,eazydocs,medium
+  tags: cve,wordpress,wp-plugin,eazydocs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47653-276bf528dcf846639fd31e2f34582a53.yaml b/nuclei-templates/2023/CVE-2023-47653-276bf528dcf846639fd31e2f34582a53.yaml
index 3cbb72487c..4b0441689b 100644
--- a/nuclei-templates/2023/CVE-2023-47653-276bf528dcf846639fd31e2f34582a53.yaml
+++ b/nuclei-templates/2023/CVE-2023-47653-276bf528dcf846639fd31e2f34582a53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TWB Woocommerce Reviews <= 1.7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TWB Woocommerce Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twb-woocommerce-reviews/"
     google-query: inurl:"/wp-content/plugins/twb-woocommerce-reviews/"
     shodan-query: 'vuln:CVE-2023-47653'
-  tags: cve,wordpress,wp-plugin,twb-woocommerce-reviews,medium
+  tags: cve,wordpress,wp-plugin,twb-woocommerce-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47654-192e415b611335b3538e5f2af9fbc394.yaml b/nuclei-templates/2023/CVE-2023-47654-192e415b611335b3538e5f2af9fbc394.yaml
index d02bfa9b93..fe3f475799 100644
--- a/nuclei-templates/2023/CVE-2023-47654-192e415b611335b3538e5f2af9fbc394.yaml
+++ b/nuclei-templates/2023/CVE-2023-47654-192e415b611335b3538e5f2af9fbc394.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BZScore – Live Score <= 1.03 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BZScore – Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bzscore-live-score/"
     google-query: inurl:"/wp-content/plugins/bzscore-live-score/"
     shodan-query: 'vuln:CVE-2023-47654'
-  tags: cve,wordpress,wp-plugin,bzscore-live-score,medium
+  tags: cve,wordpress,wp-plugin,bzscore-live-score,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47656-33bea64d5937abef2b137f0af05c7eb5.yaml b/nuclei-templates/2023/CVE-2023-47656-33bea64d5937abef2b137f0af05c7eb5.yaml
index 62150520dc..97cee9953b 100644
--- a/nuclei-templates/2023/CVE-2023-47656-33bea64d5937abef2b137f0af05c7eb5.yaml
+++ b/nuclei-templates/2023/CVE-2023-47656-33bea64d5937abef2b137f0af05c7eb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ANAC XML Bandi di Gara <= 7.5 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/avcp/"
     google-query: inurl:"/wp-content/plugins/avcp/"
     shodan-query: 'vuln:CVE-2023-47656'
-  tags: cve,wordpress,wp-plugin,avcp,medium
+  tags: cve,wordpress,wp-plugin,avcp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47657-66d0aaa8dc75cc7c0b323f4705b3d63d.yaml b/nuclei-templates/2023/CVE-2023-47657-66d0aaa8dc75cc7c0b323f4705b3d63d.yaml
index acf6738d26..c6c080a0fb 100644
--- a/nuclei-templates/2023/CVE-2023-47657-66d0aaa8dc75cc7c0b323f4705b3d63d.yaml
+++ b/nuclei-templates/2023/CVE-2023-47657-66d0aaa8dc75cc7c0b323f4705b3d63d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Direct Checkout – Quick View – Buy Now For WooCommerce <= 1.5.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Custom CSS Code
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Direct Checkout – Quick View – Buy Now For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom CSS code in versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-view-and-buy-now-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/quick-view-and-buy-now-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-47657'
-  tags: cve,wordpress,wp-plugin,quick-view-and-buy-now-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,quick-view-and-buy-now-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47658-17ad0651e8a5c8de6d9430b66387dde0.yaml b/nuclei-templates/2023/CVE-2023-47658-17ad0651e8a5c8de6d9430b66387dde0.yaml
index 52307207fd..0323447c69 100644
--- a/nuclei-templates/2023/CVE-2023-47658-17ad0651e8a5c8de6d9430b66387dde0.yaml
+++ b/nuclei-templates/2023/CVE-2023-47658-17ad0651e8a5c8de6d9430b66387dde0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Extra Product Options for WooCommerce <= 3.0.3 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Extra Product Options for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/extra-product-options-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/extra-product-options-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-47658'
-  tags: cve,wordpress,wp-plugin,extra-product-options-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,extra-product-options-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47659-dcfc7774787e2e0bae54fdcbcdce15a5.yaml b/nuclei-templates/2023/CVE-2023-47659-dcfc7774787e2e0bae54fdcbcdce15a5.yaml
index 5afd803fc2..63e8f9df7c 100644
--- a/nuclei-templates/2023/CVE-2023-47659-dcfc7774787e2e0bae54fdcbcdce15a5.yaml
+++ b/nuclei-templates/2023/CVE-2023-47659-dcfc7774787e2e0bae54fdcbcdce15a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lava Directory Manager <= 1.1.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Lava Directory Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.1.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lava-directory-manager/"
     google-query: inurl:"/wp-content/plugins/lava-directory-manager/"
     shodan-query: 'vuln:CVE-2023-47659'
-  tags: cve,wordpress,wp-plugin,lava-directory-manager,medium
+  tags: cve,wordpress,wp-plugin,lava-directory-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47660-aa1854785cf9c11ed11fbc4dacf9e3b9.yaml b/nuclei-templates/2023/CVE-2023-47660-aa1854785cf9c11ed11fbc4dacf9e3b9.yaml
index b47cf90e38..a650e5a978 100644
--- a/nuclei-templates/2023/CVE-2023-47660-aa1854785cf9c11ed11fbc4dacf9e3b9.yaml
+++ b/nuclei-templates/2023/CVE-2023-47660-aa1854785cf9c11ed11fbc4dacf9e3b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Visibility by Country for WooCommerce <= 1.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product Visibility by Country for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-visibility-by-country-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/product-visibility-by-country-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-47660'
-  tags: cve,wordpress,wp-plugin,product-visibility-by-country-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,product-visibility-by-country-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47661-93d3ba9b108e1112ee15e322299a4fea.yaml b/nuclei-templates/2023/CVE-2023-47661-93d3ba9b108e1112ee15e322299a4fea.yaml
index ea2be990bc..4cf892b062 100644
--- a/nuclei-templates/2023/CVE-2023-47661-93d3ba9b108e1112ee15e322299a4fea.yaml
+++ b/nuclei-templates/2023/CVE-2023-47661-93d3ba9b108e1112ee15e322299a4fea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dragfy Addons for Elementor <= 1.0.2 - Missing Authorization via save_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Dragfy Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dragfy-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/dragfy-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2023-47661'
-  tags: cve,wordpress,wp-plugin,dragfy-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,dragfy-addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47662-af9b404439d9589515c5ec4e6d7f1ef0.yaml b/nuclei-templates/2023/CVE-2023-47662-af9b404439d9589515c5ec4e6d7f1ef0.yaml
index c6dd5ab836..65323a3cc2 100644
--- a/nuclei-templates/2023/CVE-2023-47662-af9b404439d9589515c5ec4e6d7f1ef0.yaml
+++ b/nuclei-templates/2023/CVE-2023-47662-af9b404439d9589515c5ec4e6d7f1ef0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Live Gold Price & Silver Price Charts Widgets <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Live Gold Price & Silver Price Charts Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gold-price-chart-widget/"
     google-query: inurl:"/wp-content/plugins/gold-price-chart-widget/"
     shodan-query: 'vuln:CVE-2023-47662'
-  tags: cve,wordpress,wp-plugin,gold-price-chart-widget,medium
+  tags: cve,wordpress,wp-plugin,gold-price-chart-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47669-cdefed7ec787c02fefebf6f17656a114.yaml b/nuclei-templates/2023/CVE-2023-47669-cdefed7ec787c02fefebf6f17656a114.yaml
index 3fabc7996c..0557f7cd30 100644
--- a/nuclei-templates/2023/CVE-2023-47669-cdefed7ec787c02fefebf6f17656a114.yaml
+++ b/nuclei-templates/2023/CVE-2023-47669-cdefed7ec787c02fefebf6f17656a114.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder <= 3.10.3 - Cross-Site Request Forgery via pms-cross-promotion.php
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the wppb_activate_pms_plugin and wppb_deactivate_pms_plugin functions. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder/"
     google-query: inurl:"/wp-content/plugins/profile-builder/"
     shodan-query: 'vuln:CVE-2023-47669'
-  tags: cve,wordpress,wp-plugin,profile-builder,high
+  tags: cve,wordpress,wp-plugin,profile-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47679-fc19ca606bef9f853ea0565c4043c5ce.yaml b/nuclei-templates/2023/CVE-2023-47679-fc19ca606bef9f853ea0565c4043c5ce.yaml
index 52a47ad744..0c9e3199b8 100644
--- a/nuclei-templates/2023/CVE-2023-47679-fc19ca606bef9f853ea0565c4043c5ce.yaml
+++ b/nuclei-templates/2023/CVE-2023-47679-fc19ca606bef9f853ea0565c4043c5ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qi Addons For Elementor <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qi-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/qi-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2023-47679'
-  tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,high
+  tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47680-d88df7a254a138ad74fa62f540e9ec2c.yaml b/nuclei-templates/2023/CVE-2023-47680-d88df7a254a138ad74fa62f540e9ec2c.yaml
index 03720875ba..d9e9245425 100644
--- a/nuclei-templates/2023/CVE-2023-47680-d88df7a254a138ad74fa62f540e9ec2c.yaml
+++ b/nuclei-templates/2023/CVE-2023-47680-d88df7a254a138ad74fa62f540e9ec2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qi Addons For Elementor <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qi-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/qi-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2023-47680'
-  tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47681-c27f182f563d1fb6d07ba79eda84b6fe.yaml b/nuclei-templates/2023/CVE-2023-47681-c27f182f563d1fb6d07ba79eda84b6fe.yaml
index 8d439f5417..17c1953cc4 100644
--- a/nuclei-templates/2023/CVE-2023-47681-c27f182f563d1fb6d07ba79eda84b6fe.yaml
+++ b/nuclei-templates/2023/CVE-2023-47681-c27f182f563d1fb6d07ba79eda84b6fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Checkout Manager <= 7.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Checkout Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_order_attachment_upload and ajax_delete_attachment functions hooked via AJAX in versions up to, and including, 7.3.0. This makes it possible for unauthenticated attackers to update arbitrary order attachments and delete them.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-checkout-manager/"
     google-query: inurl:"/wp-content/plugins/woocommerce-checkout-manager/"
     shodan-query: 'vuln:CVE-2023-47681'
-  tags: cve,wordpress,wp-plugin,woocommerce-checkout-manager,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-checkout-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47682-878f413ec190d0a95a0db0404871c06a.yaml b/nuclei-templates/2023/CVE-2023-47682-878f413ec190d0a95a0db0404871c06a.yaml
index 44b8f9fc60..053470508d 100644
--- a/nuclei-templates/2023/CVE-2023-47682-878f413ec190d0a95a0db0404871c06a.yaml
+++ b/nuclei-templates/2023/CVE-2023-47682-878f413ec190d0a95a0db0404871c06a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Frontend <= 3.6.5 - Authenticated (Author+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.6.5. This is due to the plugin not providing sufficient controls on the ability to supply a role on the registration form shortcode rendered via the registration_form function. This makes it possible for authenticated attackers, with author-level access and above, to add a registration form to a page with the role set to administrator and then subsequently use the form to register as an administrator.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-frontend/"
     google-query: inurl:"/wp-content/plugins/wp-user-frontend/"
     shodan-query: 'vuln:CVE-2023-47682'
-  tags: cve,wordpress,wp-plugin,wp-user-frontend,high
+  tags: cve,wordpress,wp-plugin,wp-user-frontend,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47683-5e2f11a884ccbe34c9944f9c84b1340e.yaml b/nuclei-templates/2023/CVE-2023-47683-5e2f11a884ccbe34c9944f9c84b1340e.yaml
index 24f7b5bb3b..75cc6af547 100644
--- a/nuclei-templates/2023/CVE-2023-47683-5e2f11a884ccbe34c9944f9c84b1340e.yaml
+++ b/nuclei-templates/2023/CVE-2023-47683-5e2f11a884ccbe34c9944f9c84b1340e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.6 - Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 7.6.6. This is due to the plugin improperly restricting user meta values that can be updated and allowing users to control a user role update during a social login through the custom registration form. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. We believe that this vulnerability requires the Custom Registration Add-on to be enabled, however, this is simply based on our assessment with the limited information available.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-login-openid/"
     google-query: inurl:"/wp-content/plugins/miniorange-login-openid/"
     shodan-query: 'vuln:CVE-2023-47683'
-  tags: cve,wordpress,wp-plugin,miniorange-login-openid,high
+  tags: cve,wordpress,wp-plugin,miniorange-login-openid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47689-a2f2e6465cf5db9cbb966e235c714c1c.yaml b/nuclei-templates/2023/CVE-2023-47689-a2f2e6465cf5db9cbb966e235c714c1c.yaml
index 83f7998c30..1d2a86b8b0 100644
--- a/nuclei-templates/2023/CVE-2023-47689-a2f2e6465cf5db9cbb966e235c714c1c.yaml
+++ b/nuclei-templates/2023/CVE-2023-47689-a2f2e6465cf5db9cbb966e235c714c1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Animator <= 3.0.10 - Missing Authorization to Plugin Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Animator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sta_update_options() function in versions up to, and including, 3.0.10. This makes it possible for subscribers to modify the plugin's settings. Version 3.0.9 used to provide a nopriv action hook, which allowed unauthenticated individuals to perform this task.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scroll-triggered-animations/"
     google-query: inurl:"/wp-content/plugins/scroll-triggered-animations/"
     shodan-query: 'vuln:CVE-2023-47689'
-  tags: cve,wordpress,wp-plugin,scroll-triggered-animations,medium
+  tags: cve,wordpress,wp-plugin,scroll-triggered-animations,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47691-e884ca510b37335b1134220e4cc6625b.yaml b/nuclei-templates/2023/CVE-2023-47691-e884ca510b37335b1134220e4cc6625b.yaml
index 5c860372e8..83c05c1072 100644
--- a/nuclei-templates/2023/CVE-2023-47691-e884ca510b37335b1134220e4cc6625b.yaml
+++ b/nuclei-templates/2023/CVE-2023-47691-e884ca510b37335b1134220e4cc6625b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Web Player <= 5.7.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-web-player/"
     google-query: inurl:"/wp-content/plugins/podlove-web-player/"
     shodan-query: 'vuln:CVE-2023-47691'
-  tags: cve,wordpress,wp-plugin,podlove-web-player,medium
+  tags: cve,wordpress,wp-plugin,podlove-web-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47692-31993563048effdc0827881e9344d84c.yaml b/nuclei-templates/2023/CVE-2023-47692-31993563048effdc0827881e9344d84c.yaml
index 063537d22f..5be02d45aa 100644
--- a/nuclei-templates/2023/CVE-2023-47692-31993563048effdc0827881e9344d84c.yaml
+++ b/nuclei-templates/2023/CVE-2023-47692-31993563048effdc0827881e9344d84c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flo Forms <= 1.0.41 - Missing Authorization via flo_send_test_email
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Flo Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flo_send_test_email function in versions up to, and including, 1.0.41. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test email to an arbitrary address.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flo-forms/"
     google-query: inurl:"/wp-content/plugins/flo-forms/"
     shodan-query: 'vuln:CVE-2023-47692'
-  tags: cve,wordpress,wp-plugin,flo-forms,medium
+  tags: cve,wordpress,wp-plugin,flo-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47693-b8421311d76851450148e6c1e68c8aa3.yaml b/nuclei-templates/2023/CVE-2023-47693-b8421311d76851450148e6c1e68c8aa3.yaml
index 32c6bd2e24..26edb5e903 100644
--- a/nuclei-templates/2023/CVE-2023-47693-b8421311d76851450148e6c1e68c8aa3.yaml
+++ b/nuclei-templates/2023/CVE-2023-47693-b8421311d76851450148e6c1e68c8aa3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Contact Form 7 <= 3.2.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the uacf7_database_export_csv() function hooked via init in versions up to, and including, 3.2.10. This makes it possible for unauthenticated attackers to export data from contact forms. This has been "partially" patched in 3.2.7, however, since the nonce is exposed to subscribers this can still be exploited by subscriber-level users and above. Version 3.2.11 introduces a capability check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2023-47693'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47698-010c2fa504f8e0c5ce7acdd2e0b14e5d.yaml b/nuclei-templates/2023/CVE-2023-47698-010c2fa504f8e0c5ce7acdd2e0b14e5d.yaml
index ea38edfb00..89a7961e54 100644
--- a/nuclei-templates/2023/CVE-2023-47698-010c2fa504f8e0c5ce7acdd2e0b14e5d.yaml
+++ b/nuclei-templates/2023/CVE-2023-47698-010c2fa504f8e0c5ce7acdd2e0b14e5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Japanized For WooCommerce <= 2.6.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Japanized For WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification due to missing capability checks on several functions called via REST API function in versions up to, and including, 2.6.4. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as updating the plugin's settings and retrieving information about settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-for-japan/"
     google-query: inurl:"/wp-content/plugins/woocommerce-for-japan/"
     shodan-query: 'vuln:CVE-2023-47698'
-  tags: cve,wordpress,wp-plugin,woocommerce-for-japan,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-for-japan,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4772-8fcdb0b13a5576b5ff2b34a21c31cbb9.yaml b/nuclei-templates/2023/CVE-2023-4772-8fcdb0b13a5576b5ff2b34a21c31cbb9.yaml
index 7eb875a1dd..f167bd7e6b 100644
--- a/nuclei-templates/2023/CVE-2023-4772-8fcdb0b13a5576b5ff2b34a21c31cbb9.yaml
+++ b/nuclei-templates/2023/CVE-2023-4772-8fcdb0b13a5576b5ff2b34a21c31cbb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter <= 7.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletter/"
     google-query: inurl:"/wp-content/plugins/newsletter/"
     shodan-query: 'vuln:CVE-2023-4772'
-  tags: cve,wordpress,wp-plugin,newsletter,medium
+  tags: cve,wordpress,wp-plugin,newsletter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4773-40cf6c93cbbc13dcb57a60ba2f57fb5f.yaml b/nuclei-templates/2023/CVE-2023-4773-40cf6c93cbbc13dcb57a60ba2f57fb5f.yaml
index 761feb3337..334a36df74 100644
--- a/nuclei-templates/2023/CVE-2023-4773-40cf6c93cbbc13dcb57a60ba2f57fb5f.yaml
+++ b/nuclei-templates/2023/CVE-2023-4773-40cf6c93cbbc13dcb57a60ba2f57fb5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Social Login <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-social-login/"
     google-query: inurl:"/wp-content/plugins/wordpress-social-login/"
     shodan-query: 'vuln:CVE-2023-4773'
-  tags: cve,wordpress,wp-plugin,wordpress-social-login,medium
+  tags: cve,wordpress,wp-plugin,wordpress-social-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4774-9872ae4cefad3c4ed3119e4c32d1b891.yaml b/nuclei-templates/2023/CVE-2023-4774-9872ae4cefad3c4ed3119e4c32d1b891.yaml
index f539b26ab3..b6f35ba6a3 100644
--- a/nuclei-templates/2023/CVE-2023-4774-9872ae4cefad3c4ed3119e4c32d1b891.yaml
+++ b/nuclei-templates/2023/CVE-2023-4774-9872ae4cefad3c4ed3119e4c32d1b891.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Matomo Integration (WP-Piwik) <= 1.0.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-piwik/"
     google-query: inurl:"/wp-content/plugins/wp-piwik/"
     shodan-query: 'vuln:CVE-2023-4774'
-  tags: cve,wordpress,wp-plugin,wp-piwik,medium
+  tags: cve,wordpress,wp-plugin,wp-piwik,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4775-5ef4900200b4415e3b14a42418354f64.yaml b/nuclei-templates/2023/CVE-2023-4775-5ef4900200b4415e3b14a42418354f64.yaml
index db95d0c036..fc5e893cf9 100644
--- a/nuclei-templates/2023/CVE-2023-4775-5ef4900200b4415e3b14a42418354f64.yaml
+++ b/nuclei-templates/2023/CVE-2023-4775-5ef4900200b4415e3b14a42418354f64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced iFrame <= 2023.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 	CVE-2023-51690 appears to be a potential duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-iframe/"
     google-query: inurl:"/wp-content/plugins/advanced-iframe/"
     shodan-query: 'vuln:CVE-2023-4775'
-  tags: cve,wordpress,wp-plugin,advanced-iframe,medium
+  tags: cve,wordpress,wp-plugin,advanced-iframe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47754-7b26661f47c6a54bac357fc46b5b57fd.yaml b/nuclei-templates/2023/CVE-2023-47754-7b26661f47c6a54bac357fc46b5b57fd.yaml
index 1bf4613394..194ebede25 100644
--- a/nuclei-templates/2023/CVE-2023-47754-7b26661f47c6a54bac357fc46b5b57fd.yaml
+++ b/nuclei-templates/2023/CVE-2023-47754-7b26661f47c6a54bac357fc46b5b57fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Delete Duplicate Posts <= 4.8.9 - Missing Authorization via AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Delete Duplicate Posts plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on some of its AJAX actions in all versions up to 4.9 (exclusive). This makes it possible for authenticated attackers, with subscriber access or higher, to delete duplicate posts, access plugin logs, and opt in to Freemius data gathering.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/delete-duplicate-posts/"
     google-query: inurl:"/wp-content/plugins/delete-duplicate-posts/"
     shodan-query: 'vuln:CVE-2023-47754'
-  tags: cve,wordpress,wp-plugin,delete-duplicate-posts,medium
+  tags: cve,wordpress,wp-plugin,delete-duplicate-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47755-c121370e7ba5758271f409501c03a844.yaml b/nuclei-templates/2023/CVE-2023-47755-c121370e7ba5758271f409501c03a844.yaml
index 44e98d7002..5d9e88e2c3 100644
--- a/nuclei-templates/2023/CVE-2023-47755-c121370e7ba5758271f409501c03a844.yaml
+++ b/nuclei-templates/2023/CVE-2023-47755-c121370e7ba5758271f409501c03a844.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Product Carousel Slider <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Product Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-carousel-slider-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/product-carousel-slider-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-47755'
-  tags: cve,wordpress,wp-plugin,product-carousel-slider-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,product-carousel-slider-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47756-9ad568f26d284db1bbd80573c9ce9895.yaml b/nuclei-templates/2023/CVE-2023-47756-9ad568f26d284db1bbd80573c9ce9895.yaml
index a5b379e8bc..e8836f29c6 100644
--- a/nuclei-templates/2023/CVE-2023-47756-9ad568f26d284db1bbd80573c9ce9895.yaml
+++ b/nuclei-templates/2023/CVE-2023-47756-9ad568f26d284db1bbd80573c9ce9895.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcome Email Editor <= 5.0.5 - Missing Authorization via ajax_handler
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Welcome Email Editor plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ajax_handler function in versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a variety of emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/welcome-email-editor/"
     google-query: inurl:"/wp-content/plugins/welcome-email-editor/"
     shodan-query: 'vuln:CVE-2023-47756'
-  tags: cve,wordpress,wp-plugin,welcome-email-editor,medium
+  tags: cve,wordpress,wp-plugin,welcome-email-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47757-cbc652a67aafb71a7a53197a032b3a41.yaml b/nuclei-templates/2023/CVE-2023-47757-cbc652a67aafb71a7a53197a032b3a41.yaml
index eef3961899..c4ce06cb93 100644
--- a/nuclei-templates/2023/CVE-2023-47757-cbc652a67aafb71a7a53197a032b3a41.yaml
+++ b/nuclei-templates/2023/CVE-2023-47757-cbc652a67aafb71a7a53197a032b3a41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AWeber <= 7.3.9 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on  several functions hooked by AJAX actions in all versions up to, and including, 7.3.9. This makes it possible for subscribers and higher to create and publish pages and modify landing pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aweber-web-form-widget/"
     google-query: inurl:"/wp-content/plugins/aweber-web-form-widget/"
     shodan-query: 'vuln:CVE-2023-47757'
-  tags: cve,wordpress,wp-plugin,aweber-web-form-widget,medium
+  tags: cve,wordpress,wp-plugin,aweber-web-form-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47759-6fb60bc9485708489fdd72c16e1fb82c.yaml b/nuclei-templates/2023/CVE-2023-47759-6fb60bc9485708489fdd72c16e1fb82c.yaml
index cc73a17b3b..232103516f 100644
--- a/nuclei-templates/2023/CVE-2023-47759-6fb60bc9485708489fdd72c16e1fb82c.yaml
+++ b/nuclei-templates/2023/CVE-2023-47759-6fb60bc9485708489fdd72c16e1fb82c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chaty <= 3.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chaty/"
     google-query: inurl:"/wp-content/plugins/chaty/"
     shodan-query: 'vuln:CVE-2023-47759'
-  tags: cve,wordpress,wp-plugin,chaty,medium
+  tags: cve,wordpress,wp-plugin,chaty,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4776-a9a638b4142268e1bac6a40ef293c66b.yaml b/nuclei-templates/2023/CVE-2023-4776-a9a638b4142268e1bac6a40ef293c66b.yaml
index 855552c0e1..f246a65635 100644
--- a/nuclei-templates/2023/CVE-2023-4776-a9a638b4142268e1bac6a40ef293c66b.yaml
+++ b/nuclei-templates/2023/CVE-2023-4776-a9a638b4142268e1bac6a40ef293c66b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPSchoolPress <= 2.2.4 - Authenticated(Teacher+) SQL Injection via ClassID
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WPSchoolPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the ‘ClassID’ parameter in versions up to, and including, 2.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with Teacher permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpschoolpress/"
     google-query: inurl:"/wp-content/plugins/wpschoolpress/"
     shodan-query: 'vuln:CVE-2023-4776'
-  tags: cve,wordpress,wp-plugin,wpschoolpress,high
+  tags: cve,wordpress,wp-plugin,wpschoolpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47760-6092ac059aadb6e2fb447935fafb717a.yaml b/nuclei-templates/2023/CVE-2023-47760-6092ac059aadb6e2fb447935fafb717a.yaml
index b2e1c6d664..cc66d0b035 100644
--- a/nuclei-templates/2023/CVE-2023-47760-6092ac059aadb6e2fb447935fafb717a.yaml
+++ b/nuclei-templates/2023/CVE-2023-47760-6092ac059aadb6e2fb447935fafb717a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks for Gutenberg <= 4.2.0 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Essential Blocks for Gutenberg plugin for WordPress is vulnerable to unauthorized access to AJAX actions due to a missing capability check on several functions in versions up to, and including, 4.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke those functions. A nonce check was performed in all of them. However, the nonce was leaked on the profile page. CVE-2023-51360 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2023-47760'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47761-0a3a5e7befa978af91189dd0693b7678.yaml b/nuclei-templates/2023/CVE-2023-47761-0a3a5e7befa978af91189dd0693b7678.yaml
index af622a7259..e7af90cb2e 100644
--- a/nuclei-templates/2023/CVE-2023-47761-0a3a5e7befa978af91189dd0693b7678.yaml
+++ b/nuclei-templates/2023/CVE-2023-47761-0a3a5e7befa978af91189dd0693b7678.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple 301 Redirects by BetterLinks <= 2.0.7 - Missing Authorization via clicked
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple 301 Redirects by BetterLinks plugin for WordPress is vulnerable to unauthorized enabling of plugin usage tracking due to a missing capability check on the clicked function in all versions up to, and including, 2.0.7. This makes it possible for subscribers to enable plugin tracking.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-301-redirects/"
     google-query: inurl:"/wp-content/plugins/simple-301-redirects/"
     shodan-query: 'vuln:CVE-2023-47761'
-  tags: cve,wordpress,wp-plugin,simple-301-redirects,medium
+  tags: cve,wordpress,wp-plugin,simple-301-redirects,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47762-808772ef0715e55e48845eb09fe27708.yaml b/nuclei-templates/2023/CVE-2023-47762-808772ef0715e55e48845eb09fe27708.yaml
index 080f9fb618..b0ae2f3bbe 100644
--- a/nuclei-templates/2023/CVE-2023-47762-808772ef0715e55e48845eb09fe27708.yaml
+++ b/nuclei-templates/2023/CVE-2023-47762-808772ef0715e55e48845eb09fe27708.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BetterDocs <= 2.5.2 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BetterDocs plugin for WordPress is vulnerable to unauthorized document modification due to a missing capability check on several AJAX functions in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify documents.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/betterdocs/"
     google-query: inurl:"/wp-content/plugins/betterdocs/"
     shodan-query: 'vuln:CVE-2023-47762'
-  tags: cve,wordpress,wp-plugin,betterdocs,medium
+  tags: cve,wordpress,wp-plugin,betterdocs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47763-440ba93423360c612c2bdc92f81276f2.yaml b/nuclei-templates/2023/CVE-2023-47763-440ba93423360c612c2bdc92f81276f2.yaml
index 4bb210296e..d0906d1d36 100644
--- a/nuclei-templates/2023/CVE-2023-47763-440ba93423360c612c2bdc92f81276f2.yaml
+++ b/nuclei-templates/2023/CVE-2023-47763-440ba93423360c612c2bdc92f81276f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Admin Interface <= 7.31 - Missing Authorization via wpcai_pro_notice_disable
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Custom Admin Interface plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the wpcai_pro_notice_disable function in versions up to, and including, 7.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices intended for admins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-admin-interface/"
     google-query: inurl:"/wp-content/plugins/wp-custom-admin-interface/"
     shodan-query: 'vuln:CVE-2023-47763'
-  tags: cve,wordpress,wp-plugin,wp-custom-admin-interface,medium
+  tags: cve,wordpress,wp-plugin,wp-custom-admin-interface,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47764-2fe97b6a7d11daeda44ed66f389013e0.yaml b/nuclei-templates/2023/CVE-2023-47764-2fe97b6a7d11daeda44ed66f389013e0.yaml
index 8d892e8f81..dd2c1812a7 100644
--- a/nuclei-templates/2023/CVE-2023-47764-2fe97b6a7d11daeda44ed66f389013e0.yaml
+++ b/nuclei-templates/2023/CVE-2023-47764-2fe97b6a7d11daeda44ed66f389013e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ditty <= 3.1.24 - Missing Authorization via save_ditty_permissions_check
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ditty plugin for WordPress is vulnerable to unauthorized editing of dittys due to a missing capability check on the save_ditty_permissions_check function in versions up to, and including, 3.1.24. This makes it possible for unauthenticated attackers to edit dittys.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ditty-news-ticker/"
     google-query: inurl:"/wp-content/plugins/ditty-news-ticker/"
     shodan-query: 'vuln:CVE-2023-47764'
-  tags: cve,wordpress,wp-plugin,ditty-news-ticker,medium
+  tags: cve,wordpress,wp-plugin,ditty-news-ticker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47770-f83868d3a00a9fcf53648bc46fb152f1.yaml b/nuclei-templates/2023/CVE-2023-47770-f83868d3a00a9fcf53648bc46fb152f1.yaml
index 1ee00b0070..4b2ea55161 100644
--- a/nuclei-templates/2023/CVE-2023-47770-f83868d3a00a9fcf53648bc46fb152f1.yaml
+++ b/nuclei-templates/2023/CVE-2023-47770-f83868d3a00a9fcf53648bc46fb152f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Betheme <= 27.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Betheme theme for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 27.1.1. This makes it possible for authenticated attackers, with contributor-level access and above, to invoke this function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/betheme/"
     google-query: inurl:"/wp-content/themes/betheme/"
     shodan-query: 'vuln:CVE-2023-47770'
-  tags: cve,wordpress,wp-theme,betheme,medium
+  tags: cve,wordpress,wp-theme,betheme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47772-2e2946ff7ceba7ce385ae21a430029fb.yaml b/nuclei-templates/2023/CVE-2023-47772-2e2946ff7ceba7ce385ae21a430029fb.yaml
index 81d6033adc..21f9d4cbd0 100644
--- a/nuclei-templates/2023/CVE-2023-47772-2e2946ff7ceba7ce385ae21a430029fb.yaml
+++ b/nuclei-templates/2023/CVE-2023-47772-2e2946ff7ceba7ce385ae21a430029fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Revolution <= 6.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/revslider/"
     google-query: inurl:"/wp-content/plugins/revslider/"
     shodan-query: 'vuln:CVE-2023-47772'
-  tags: cve,wordpress,wp-plugin,revslider,medium
+  tags: cve,wordpress,wp-plugin,revslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47774-b9a10340d1ee615f8f2aaccc216ca7f7.yaml b/nuclei-templates/2023/CVE-2023-47774-b9a10340d1ee615f8f2aaccc216ca7f7.yaml
index c8df925396..730663d2ce 100644
--- a/nuclei-templates/2023/CVE-2023-47774-b9a10340d1ee615f8f2aaccc216ca7f7.yaml
+++ b/nuclei-templates/2023/CVE-2023-47774-b9a10340d1ee615f8f2aaccc216ca7f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Clickjacking via iframe injection due to an unknown parameter in all versions up to and including 12.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject iframes in pages that can be used to make users perform actions on untrusted sites.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetpack/"
     google-query: inurl:"/wp-content/plugins/jetpack/"
     shodan-query: 'vuln:CVE-2023-47774'
-  tags: cve,wordpress,wp-plugin,jetpack,medium
+  tags: cve,wordpress,wp-plugin,jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47776-0cc0c3f4bf4487c2d84931d62250a698.yaml b/nuclei-templates/2023/CVE-2023-47776-0cc0c3f4bf4487c2d84931d62250a698.yaml
index 6f58aa925a..49ab62170e 100644
--- a/nuclei-templates/2023/CVE-2023-47776-0cc0c3f4bf4487c2d84931d62250a698.yaml
+++ b/nuclei-templates/2023/CVE-2023-47776-0cc0c3f4bf4487c2d84931d62250a698.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     miniorange otp verification <= 4.2.1 - Missing Authorization via dismiss_notice
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The miniorange otp verification plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the dismiss_notice function in versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices intended for admins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-otp-verification/"
     google-query: inurl:"/wp-content/plugins/miniorange-otp-verification/"
     shodan-query: 'vuln:CVE-2023-47776'
-  tags: cve,wordpress,wp-plugin,miniorange-otp-verification,medium
+  tags: cve,wordpress,wp-plugin,miniorange-otp-verification,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47777-03ab94cbc5738569e6dbfc88111c85a5.yaml b/nuclei-templates/2023/CVE-2023-47777-03ab94cbc5738569e6dbfc88111c85a5.yaml
index 222bd8f748..c198dc8b49 100644
--- a/nuclei-templates/2023/CVE-2023-47777-03ab94cbc5738569e6dbfc88111c85a5.yaml
+++ b/nuclei-templates/2023/CVE-2023-47777-03ab94cbc5738569e6dbfc88111c85a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 8.1.1 & WooCommerce Blocks <= 11.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image alt Attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a featured image 'alt' attribute in versions up to, and including, 8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The WooCommerce Blocks plugin for WordPress is vulnerable to the same issue in versions up to, and including, 11.1.1.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2023-47777
   metadata:
-    fofa-query: "wp-content/plugins/woocommerce/"
-    google-query: inurl:"/wp-content/plugins/woocommerce/"
+    fofa-query: "wp-content/plugins/woo-gutenberg-products-block/"
+    google-query: inurl:"/wp-content/plugins/woo-gutenberg-products-block/"
     shodan-query: 'vuln:CVE-2023-47777'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woo-gutenberg-products-block,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/woo-gutenberg-products-block/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "woocommerce"
+          - "woo-gutenberg-products-block"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 8.1.1')
\ No newline at end of file
+          - compare_versions(version, '<= 11.1.1')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-47778-def2f7014de695ca135f23616af5b3ad.yaml b/nuclei-templates/2023/CVE-2023-47778-def2f7014de695ca135f23616af5b3ad.yaml
index 0f13b8d0b1..1295c19593 100644
--- a/nuclei-templates/2023/CVE-2023-47778-def2f7014de695ca135f23616af5b3ad.yaml
+++ b/nuclei-templates/2023/CVE-2023-47778-def2f7014de695ca135f23616af5b3ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LuckyWP Scripts Control <= 1.2.1  - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LuckyWP Scripts Control plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/luckywp-scripts-control/"
     google-query: inurl:"/wp-content/plugins/luckywp-scripts-control/"
     shodan-query: 'vuln:CVE-2023-47778'
-  tags: cve,wordpress,wp-plugin,luckywp-scripts-control,medium
+  tags: cve,wordpress,wp-plugin,luckywp-scripts-control,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47780-78a77e4a1a5aa34cbb515f8d429a5d22.yaml b/nuclei-templates/2023/CVE-2023-47780-78a77e4a1a5aa34cbb515f8d429a5d22.yaml
index d51f2c1795..3b4d796f0d 100644
--- a/nuclei-templates/2023/CVE-2023-47780-78a77e4a1a5aa34cbb515f8d429a5d22.yaml
+++ b/nuclei-templates/2023/CVE-2023-47780-78a77e4a1a5aa34cbb515f8d429a5d22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EasyAzon – Amazon Associates Affiliate <= 5.1.0 - Missing Authorization on AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EasyAzon – Amazon Associates Affiliate plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to a missing capability check on the corresponding functions in versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of those actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easyazon/"
     google-query: inurl:"/wp-content/plugins/easyazon/"
     shodan-query: 'vuln:CVE-2023-47780'
-  tags: cve,wordpress,wp-plugin,easyazon,medium
+  tags: cve,wordpress,wp-plugin,easyazon,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47781-c88aacc0c258c2583886d5df08f00e4f.yaml b/nuclei-templates/2023/CVE-2023-47781-c88aacc0c258c2583886d5df08f00e4f.yaml
index b61a74dfec..efe85f8e16 100644
--- a/nuclei-templates/2023/CVE-2023-47781-c88aacc0c258c2583886d5df08f00e4f.yaml
+++ b/nuclei-templates/2023/CVE-2023-47781-c88aacc0c258c2583886d5df08f00e4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thrive Theme Builder < 3.24.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Thrive Theme Builder theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions prior to 3.24.2. This is due to missing or incorrect nonce validation on the affected function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/thrive-theme/"
     google-query: inurl:"/wp-content/themes/thrive-theme/"
     shodan-query: 'vuln:CVE-2023-47781'
-  tags: cve,wordpress,wp-theme,thrive-theme,high
+  tags: cve,wordpress,wp-theme,thrive-theme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47784-be4d0822a09dabbfb60c56eb78326475.yaml b/nuclei-templates/2023/CVE-2023-47784-be4d0822a09dabbfb60c56eb78326475.yaml
index 8c59137dda..57161b2ed8 100644
--- a/nuclei-templates/2023/CVE-2023-47784-be4d0822a09dabbfb60c56eb78326475.yaml
+++ b/nuclei-templates/2023/CVE-2023-47784-be4d0822a09dabbfb60c56eb78326475.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Slider Revolution plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 6.6.15. This makes it possible for attackers with author-level access and higher to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/revslider/"
     google-query: inurl:"/wp-content/plugins/revslider/"
     shodan-query: 'vuln:CVE-2023-47784'
-  tags: cve,wordpress,wp-plugin,revslider,high
+  tags: cve,wordpress,wp-plugin,revslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47786-9e79ec7559a564921e41d0c7103ccb78.yaml b/nuclei-templates/2023/CVE-2023-47786-9e79ec7559a564921e41d0c7103ccb78.yaml
index b7501b051e..d1933e54a5 100644
--- a/nuclei-templates/2023/CVE-2023-47786-9e79ec7559a564921e41d0c7103ccb78.yaml
+++ b/nuclei-templates/2023/CVE-2023-47786-9e79ec7559a564921e41d0c7103ccb78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LayerSlider <= 7.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/LayerSlider/"
     google-query: inurl:"/wp-content/plugins/LayerSlider/"
     shodan-query: 'vuln:CVE-2023-47786'
-  tags: cve,wordpress,wp-plugin,LayerSlider,medium
+  tags: cve,wordpress,wp-plugin,LayerSlider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4779-ef952e49d818ad8d9f5105858ddc8b74.yaml b/nuclei-templates/2023/CVE-2023-4779-ef952e49d818ad8d9f5105858ddc8b74.yaml
index f4ceb35735..d256b4f615 100644
--- a/nuclei-templates/2023/CVE-2023-4779-ef952e49d818ad8d9f5105858ddc8b74.yaml
+++ b/nuclei-templates/2023/CVE-2023-4779-ef952e49d818ad8d9f5105858ddc8b74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-submitted-posts/"
     google-query: inurl:"/wp-content/plugins/user-submitted-posts/"
     shodan-query: 'vuln:CVE-2023-4779'
-  tags: cve,wordpress,wp-plugin,user-submitted-posts,medium
+  tags: cve,wordpress,wp-plugin,user-submitted-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47793-4ba662d6b707785ba4b6d4f4f14b8096.yaml b/nuclei-templates/2023/CVE-2023-47793-4ba662d6b707785ba4b6d4f4f14b8096.yaml
index 7b34a4468b..6b6bd6e88f 100644
--- a/nuclei-templates/2023/CVE-2023-47793-4ba662d6b707785ba4b6d4f4f14b8096.yaml
+++ b/nuclei-templates/2023/CVE-2023-47793-4ba662d6b707785ba4b6d4f4f14b8096.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Acme Fix Images <= 1.0.0 - Missing Authorization via acme_fix_images_ajax_callback
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Acme Fix Images plugin for WordPress is vulnerable to unauthorized access to the acme_fix_images_ajax_callback function in versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to resize images.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acme-fix-images/"
     google-query: inurl:"/wp-content/plugins/acme-fix-images/"
     shodan-query: 'vuln:CVE-2023-47793'
-  tags: cve,wordpress,wp-plugin,acme-fix-images,medium
+  tags: cve,wordpress,wp-plugin,acme-fix-images,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47805-34721fea6a2d4e3ec618e5f696ce767f.yaml b/nuclei-templates/2023/CVE-2023-47805-34721fea6a2d4e3ec618e5f696ce767f.yaml
index 09347b2471..ce8aa761ff 100644
--- a/nuclei-templates/2023/CVE-2023-47805-34721fea6a2d4e3ec618e5f696ce767f.yaml
+++ b/nuclei-templates/2023/CVE-2023-47805-34721fea6a2d4e3ec618e5f696ce767f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPCafe <= 2.2.22 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPCafe plugin for WordPress is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on several functions in versions up to, and including, 2.2.22. This makes it possible for unauthenticated attackers to make use of the unprotected functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cafe/"
     google-query: inurl:"/wp-content/plugins/wp-cafe/"
     shodan-query: 'vuln:CVE-2023-47805'
-  tags: cve,wordpress,wp-plugin,wp-cafe,medium
+  tags: cve,wordpress,wp-plugin,wp-cafe,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47807-68962a84ced90a9ac882bf37153f6810.yaml b/nuclei-templates/2023/CVE-2023-47807-68962a84ced90a9ac882bf37153f6810.yaml
index 29351bedae..4d61852b73 100644
--- a/nuclei-templates/2023/CVE-2023-47807-68962a84ced90a9ac882bf37153f6810.yaml
+++ b/nuclei-templates/2023/CVE-2023-47807-68962a84ced90a9ac882bf37153f6810.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 10WebAnalytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gawd_wd_bp_install_notice_status function in versions up to, and including, 1.2.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss admin notifications.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wd-google-analytics/"
     google-query: inurl:"/wp-content/plugins/wd-google-analytics/"
     shodan-query: 'vuln:CVE-2023-47807'
-  tags: cve,wordpress,wp-plugin,wd-google-analytics,medium
+  tags: cve,wordpress,wp-plugin,wd-google-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47808-7c19600be6bfdb748bd3e60c37bbe32a.yaml b/nuclei-templates/2023/CVE-2023-47808-7c19600be6bfdb748bd3e60c37bbe32a.yaml
index cd5c80d3a5..5fb1e9687b 100644
--- a/nuclei-templates/2023/CVE-2023-47808-7c19600be6bfdb748bd3e60c37bbe32a.yaml
+++ b/nuclei-templates/2023/CVE-2023-47808-7c19600be6bfdb748bd3e60c37bbe32a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Widgets to Page <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add Widgets to Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-widgets-to-page/"
     google-query: inurl:"/wp-content/plugins/add-widgets-to-page/"
     shodan-query: 'vuln:CVE-2023-47808'
-  tags: cve,wordpress,wp-plugin,add-widgets-to-page,medium
+  tags: cve,wordpress,wp-plugin,add-widgets-to-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47809-cdf9a047d5c0c62c170cfb4f220b5807.yaml b/nuclei-templates/2023/CVE-2023-47809-cdf9a047d5c0c62c170cfb4f220b5807.yaml
index 2a169c21e8..2d84ef30b2 100644
--- a/nuclei-templates/2023/CVE-2023-47809-cdf9a047d5c0c62c170cfb4f220b5807.yaml
+++ b/nuclei-templates/2023/CVE-2023-47809-cdf9a047d5c0c62c170cfb4f220b5807.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordion <= 2.6 - Authenticated (Editor+) Stored Cross-Site Scripting via accordion settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-wp/"
     google-query: inurl:"/wp-content/plugins/accordions-wp/"
     shodan-query: 'vuln:CVE-2023-47809'
-  tags: cve,wordpress,wp-plugin,accordions-wp,medium
+  tags: cve,wordpress,wp-plugin,accordions-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47810-61e6a79f794c5261dca1b1de62bb1bb1.yaml b/nuclei-templates/2023/CVE-2023-47810-61e6a79f794c5261dca1b1de62bb1bb1.yaml
index d2c7bc0eba..63553a06c9 100644
--- a/nuclei-templates/2023/CVE-2023-47810-61e6a79f794c5261dca1b1de62bb1bb1.yaml
+++ b/nuclei-templates/2023/CVE-2023-47810-61e6a79f794c5261dca1b1de62bb1bb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ajax Domain Checker <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ajax Domain Checker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-domain-checker/"
     google-query: inurl:"/wp-content/plugins/ajax-domain-checker/"
     shodan-query: 'vuln:CVE-2023-47810'
-  tags: cve,wordpress,wp-plugin,ajax-domain-checker,medium
+  tags: cve,wordpress,wp-plugin,ajax-domain-checker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47811-881cc93528fb94be5fa214f77b12a3dc.yaml b/nuclei-templates/2023/CVE-2023-47811-881cc93528fb94be5fa214f77b12a3dc.yaml
index 74ec8fa0f6..3095141d8d 100644
--- a/nuclei-templates/2023/CVE-2023-47811-881cc93528fb94be5fa214f77b12a3dc.yaml
+++ b/nuclei-templates/2023/CVE-2023-47811-881cc93528fb94be5fa214f77b12a3dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Anywhere Flash Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Anywhere Flash Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anywhere-flash-embed/"
     google-query: inurl:"/wp-content/plugins/anywhere-flash-embed/"
     shodan-query: 'vuln:CVE-2023-47811'
-  tags: cve,wordpress,wp-plugin,anywhere-flash-embed,medium
+  tags: cve,wordpress,wp-plugin,anywhere-flash-embed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47812-414a4199455e61f63d4f1a06e321a38b.yaml b/nuclei-templates/2023/CVE-2023-47812-414a4199455e61f63d4f1a06e321a38b.yaml
index c34aa64c09..e9bdb8c7a0 100644
--- a/nuclei-templates/2023/CVE-2023-47812-414a4199455e61f63d4f1a06e321a38b.yaml
+++ b/nuclei-templates/2023/CVE-2023-47812-414a4199455e61f63d4f1a06e321a38b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bamboo Columns <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bamboo Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2023-44143 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bamboo-columns/"
     google-query: inurl:"/wp-content/plugins/bamboo-columns/"
     shodan-query: 'vuln:CVE-2023-47812'
-  tags: cve,wordpress,wp-plugin,bamboo-columns,medium
+  tags: cve,wordpress,wp-plugin,bamboo-columns,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47813-e9bfeb55edc6f8bed127152a2312d037.yaml b/nuclei-templates/2023/CVE-2023-47813-e9bfeb55edc6f8bed127152a2312d037.yaml
index d45ee3ef63..b884524000 100644
--- a/nuclei-templates/2023/CVE-2023-47813-e9bfeb55edc6f8bed127152a2312d037.yaml
+++ b/nuclei-templates/2023/CVE-2023-47813-e9bfeb55edc6f8bed127152a2312d037.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better RSS Widget <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Better RSS Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-rss-widget/"
     google-query: inurl:"/wp-content/plugins/better-rss-widget/"
     shodan-query: 'vuln:CVE-2023-47813'
-  tags: cve,wordpress,wp-plugin,better-rss-widget,medium
+  tags: cve,wordpress,wp-plugin,better-rss-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47814-0d15cc8e701957684f6f3b30c5023ccf.yaml b/nuclei-templates/2023/CVE-2023-47814-0d15cc8e701957684f6f3b30c5023ccf.yaml
index ff7c7dd09a..6a80c38e06 100644
--- a/nuclei-templates/2023/CVE-2023-47814-0d15cc8e701957684f6f3b30c5023ccf.yaml
+++ b/nuclei-templates/2023/CVE-2023-47814-0d15cc8e701957684f6f3b30c5023ccf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BMI Calculator Plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BMI Calculator Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bmi-calculator-shortcode/"
     google-query: inurl:"/wp-content/plugins/bmi-calculator-shortcode/"
     shodan-query: 'vuln:CVE-2023-47814'
-  tags: cve,wordpress,wp-plugin,bmi-calculator-shortcode,medium
+  tags: cve,wordpress,wp-plugin,bmi-calculator-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47815-1c0f40dcfb4caae9a4327cd7172a7b18.yaml b/nuclei-templates/2023/CVE-2023-47815-1c0f40dcfb4caae9a4327cd7172a7b18.yaml
index 9f6620e014..640895301f 100644
--- a/nuclei-templates/2023/CVE-2023-47815-1c0f40dcfb4caae9a4327cd7172a7b18.yaml
+++ b/nuclei-templates/2023/CVE-2023-47815-1c0f40dcfb4caae9a4327cd7172a7b18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BP Profile Shortcodes Extra <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-profile-shortcodes-extra/"
     google-query: inurl:"/wp-content/plugins/bp-profile-shortcodes-extra/"
     shodan-query: 'vuln:CVE-2023-47815'
-  tags: cve,wordpress,wp-plugin,bp-profile-shortcodes-extra,medium
+  tags: cve,wordpress,wp-plugin,bp-profile-shortcodes-extra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47816-3ebd40bb61580d15dfcd12d2fb7e83aa.yaml b/nuclei-templates/2023/CVE-2023-47816-3ebd40bb61580d15dfcd12d2fb7e83aa.yaml
index cab9c5a161..201b1bf6f0 100644
--- a/nuclei-templates/2023/CVE-2023-47816-3ebd40bb61580d15dfcd12d2fb7e83aa.yaml
+++ b/nuclei-templates/2023/CVE-2023-47816-3ebd40bb61580d15dfcd12d2fb7e83aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Charitable <= 1.7.0.13 - Authenticated(Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Charitable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.7.0.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/charitable/"
     google-query: inurl:"/wp-content/plugins/charitable/"
     shodan-query: 'vuln:CVE-2023-47816'
-  tags: cve,wordpress,wp-plugin,charitable,medium
+  tags: cve,wordpress,wp-plugin,charitable,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47817-1c709780f30cba2883c1f114a8ebe301.yaml b/nuclei-templates/2023/CVE-2023-47817-1c709780f30cba2883c1f114a8ebe301.yaml
index d5bac3d220..90bbd79bc4 100644
--- a/nuclei-templates/2023/CVE-2023-47817-1c709780f30cba2883c1f114a8ebe301.yaml
+++ b/nuclei-templates/2023/CVE-2023-47817-1c709780f30cba2883c1f114a8ebe301.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Daily Prayer Time <= 2023.10.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Daily Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2023.10.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/daily-prayer-time-for-mosques/"
     google-query: inurl:"/wp-content/plugins/daily-prayer-time-for-mosques/"
     shodan-query: 'vuln:CVE-2023-47817'
-  tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,medium
+  tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47820-00aa1f64cb2e6c80b8a5546f8e6d1be0.yaml b/nuclei-templates/2023/CVE-2023-47820-00aa1f64cb2e6c80b8a5546f8e6d1be0.yaml
index 921482f298..60ac08d11d 100644
--- a/nuclei-templates/2023/CVE-2023-47820-00aa1f64cb2e6c80b8a5546f8e6d1be0.yaml
+++ b/nuclei-templates/2023/CVE-2023-47820-00aa1f64cb2e6c80b8a5546f8e6d1be0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Like Button <= 1.7.0 - Missing Authorization via crublabFBLBAjax
   author: topscoder
-  severity: low
+  severity: high
   description: >
     The WP Like Button plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the crublabFBLBAjax function in versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable and disable the like button if they are able to retrieve a nonce via a nonce leak.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-like-button/"
     google-query: inurl:"/wp-content/plugins/wp-like-button/"
     shodan-query: 'vuln:CVE-2023-47820'
-  tags: cve,wordpress,wp-plugin,wp-like-button,low
+  tags: cve,wordpress,wp-plugin,wp-like-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47821-c754ba54f7d343b7382e51da7c21880e.yaml b/nuclei-templates/2023/CVE-2023-47821-c754ba54f7d343b7382e51da7c21880e.yaml
index e68d067269..4fd9a44083 100644
--- a/nuclei-templates/2023/CVE-2023-47821-c754ba54f7d343b7382e51da7c21880e.yaml
+++ b/nuclei-templates/2023/CVE-2023-47821-c754ba54f7d343b7382e51da7c21880e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Encoder Bundle <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This entry appears to be a duplicate of CVE-2023-4599.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-encoder-bundle/"
     google-query: inurl:"/wp-content/plugins/email-encoder-bundle/"
     shodan-query: 'vuln:CVE-2023-47821'
-  tags: cve,wordpress,wp-plugin,email-encoder-bundle,medium
+  tags: cve,wordpress,wp-plugin,email-encoder-bundle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47822-50550f19ed80806cbfb18739f79665ee.yaml b/nuclei-templates/2023/CVE-2023-47822-50550f19ed80806cbfb18739f79665ee.yaml
index 75f98b5382..bbb2c63abb 100644
--- a/nuclei-templates/2023/CVE-2023-47822-50550f19ed80806cbfb18739f79665ee.yaml
+++ b/nuclei-templates/2023/CVE-2023-47822-50550f19ed80806cbfb18739f79665ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 4.10 - Missing Authorization to Template Import
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_srmp3_template function in all versions up to, and including, 4.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to import Elementor templates.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mp3-music-player-by-sonaar/"
     google-query: inurl:"/wp-content/plugins/mp3-music-player-by-sonaar/"
     shodan-query: 'vuln:CVE-2023-47822'
-  tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,medium
+  tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47823-27f44594eb9e99ef9e1059fc3d01b99d.yaml b/nuclei-templates/2023/CVE-2023-47823-27f44594eb9e99ef9e1059fc3d01b99d.yaml
index d14e11bd90..80127679bf 100644
--- a/nuclei-templates/2023/CVE-2023-47823-27f44594eb9e99ef9e1059fc3d01b99d.yaml
+++ b/nuclei-templates/2023/CVE-2023-47823-27f44594eb9e99ef9e1059fc3d01b99d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FormCraft <= 1.2.7 - Missing Authorization via formcraft_nag_update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FormCraft plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the formcraft_nag_update AJAX nopriv_ function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to delay or disable update notifications.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formcraft-form-builder/"
     google-query: inurl:"/wp-content/plugins/formcraft-form-builder/"
     shodan-query: 'vuln:CVE-2023-47823'
-  tags: cve,wordpress,wp-plugin,formcraft-form-builder,medium
+  tags: cve,wordpress,wp-plugin,formcraft-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47826-a27c4dd18076acddac4a93fd8d6716aa.yaml b/nuclei-templates/2023/CVE-2023-47826-a27c4dd18076acddac4a93fd8d6716aa.yaml
index bcd332f2f4..3f29752b52 100644
--- a/nuclei-templates/2023/CVE-2023-47826-a27c4dd18076acddac4a93fd8d6716aa.yaml
+++ b/nuclei-templates/2023/CVE-2023-47826-a27c4dd18076acddac4a93fd8d6716aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restaurant & Cafe Addon for Elementor <= 1.5.3 - Missing Authorization via multiple AJAX functions
   author: topscoder
-  severity: low
+  severity: high
   description: >
     The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to update the plugin's settings if they are able to retrieve a nonce that is only displayed on an admin page which is protected by a capability check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restaurant-cafe-addon-for-elementor/"
     google-query: inurl:"/wp-content/plugins/restaurant-cafe-addon-for-elementor/"
     shodan-query: 'vuln:CVE-2023-47826'
-  tags: cve,wordpress,wp-plugin,restaurant-cafe-addon-for-elementor,low
+  tags: cve,wordpress,wp-plugin,restaurant-cafe-addon-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47827-a83b5885cc29169b3a804ccaa82ed3fd.yaml b/nuclei-templates/2023/CVE-2023-47827-a83b5885cc29169b3a804ccaa82ed3fd.yaml
index b9ca331c40..6f9b9335dc 100644
--- a/nuclei-templates/2023/CVE-2023-47827-a83b5885cc29169b3a804ccaa82ed3fd.yaml
+++ b/nuclei-templates/2023/CVE-2023-47827-a83b5885cc29169b3a804ccaa82ed3fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Addon for Elementor <= 2.1.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Addon for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the naevents_bw_settings_save_func(), naevents_bw_toggle_submit_func(), naevents_pro_settings_save_func(), naevents_pro_toggle_submit_func() and naevents_uw_settings_save_func() functions all hooked via nopriv AJAX actions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-addon-for-elementor/"
     google-query: inurl:"/wp-content/plugins/events-addon-for-elementor/"
     shodan-query: 'vuln:CVE-2023-47827'
-  tags: cve,wordpress,wp-plugin,events-addon-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,events-addon-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47828-12a5a8360002b901fa077eaf0cb0a07a.yaml b/nuclei-templates/2023/CVE-2023-47828-12a5a8360002b901fa077eaf0cb0a07a.yaml
index 649981eac9..46d2f97c63 100644
--- a/nuclei-templates/2023/CVE-2023-47828-12a5a8360002b901fa077eaf0cb0a07a.yaml
+++ b/nuclei-templates/2023/CVE-2023-47828-12a5a8360002b901fa077eaf0cb0a07a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpMandrill <= 1.33 - Missing Authorization via getAjaxStats
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wpMandrill plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAjaxStats function in versions up to, and including, 1.33. This makes it possible for authenticated attackers, with subscriber-level access and above, to view mailing statistics.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpmandrill/"
     google-query: inurl:"/wp-content/plugins/wpmandrill/"
     shodan-query: 'vuln:CVE-2023-47828'
-  tags: cve,wordpress,wp-plugin,wpmandrill,medium
+  tags: cve,wordpress,wp-plugin,wpmandrill,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47829-5e36e98c6255c04628e65e3d6f66d61f.yaml b/nuclei-templates/2023/CVE-2023-47829-5e36e98c6255c04628e65e3d6f66d61f.yaml
index 07c0e55104..b431e3c10f 100644
--- a/nuclei-templates/2023/CVE-2023-47829-5e36e98c6255c04628e65e3d6f66d61f.yaml
+++ b/nuclei-templates/2023/CVE-2023-47829-5e36e98c6255c04628e65e3d6f66d61f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Call Button <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick Call Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-call-button/"
     google-query: inurl:"/wp-content/plugins/quick-call-button/"
     shodan-query: 'vuln:CVE-2023-47829'
-  tags: cve,wordpress,wp-plugin,quick-call-button,medium
+  tags: cve,wordpress,wp-plugin,quick-call-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4783-7b378f7b5f801637805b2f7c350d9359.yaml b/nuclei-templates/2023/CVE-2023-4783-7b378f7b5f801637805b2f7c350d9359.yaml
index 6598a51b3a..1c9839171b 100644
--- a/nuclei-templates/2023/CVE-2023-4783-7b378f7b5f801637805b2f7c350d9359.yaml
+++ b/nuclei-templates/2023/CVE-2023-4783-7b378f7b5f801637805b2f7c350d9359.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Magee Shortcodes <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Magee Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/magee-shortcodes/"
     google-query: inurl:"/wp-content/plugins/magee-shortcodes/"
     shodan-query: 'vuln:CVE-2023-4783'
-  tags: cve,wordpress,wp-plugin,magee-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,magee-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47830-a6d4da7080e5e33e606a2bdd628cb1b5.yaml b/nuclei-templates/2023/CVE-2023-47830-a6d4da7080e5e33e606a2bdd628cb1b5.yaml
index 21ccc1001d..09d62f79fc 100644
--- a/nuclei-templates/2023/CVE-2023-47830-a6d4da7080e5e33e606a2bdd628cb1b5.yaml
+++ b/nuclei-templates/2023/CVE-2023-47830-a6d4da7080e5e33e606a2bdd628cb1b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Live Preview for Contact Form 7 <= 1.2.0 - Missing Authorization via update_option
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Live Preview for Contact Form 7 plugin for WordPress is vulnerable to unauthorized plugin option update due to a missing capability check on the update_option function in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update the plugin's options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-live-preview/"
     google-query: inurl:"/wp-content/plugins/cf7-live-preview/"
     shodan-query: 'vuln:CVE-2023-47830'
-  tags: cve,wordpress,wp-plugin,cf7-live-preview,medium
+  tags: cve,wordpress,wp-plugin,cf7-live-preview,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47831-697b1f32d4ef6920c80a41e74d1c7116.yaml b/nuclei-templates/2023/CVE-2023-47831-697b1f32d4ef6920c80a41e74d1c7116.yaml
index 624acd0fcc..c819b5acda 100644
--- a/nuclei-templates/2023/CVE-2023-47831-697b1f32d4ef6920c80a41e74d1c7116.yaml
+++ b/nuclei-templates/2023/CVE-2023-47831-697b1f32d4ef6920c80a41e74d1c7116.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DrawIt (draw.io) <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DrawIt (draw.io) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drawit/"
     google-query: inurl:"/wp-content/plugins/drawit/"
     shodan-query: 'vuln:CVE-2023-47831'
-  tags: cve,wordpress,wp-plugin,drawit,medium
+  tags: cve,wordpress,wp-plugin,drawit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47832-aa754ad2c8b3fd090579a6c1c7b9d91c.yaml b/nuclei-templates/2023/CVE-2023-47832-aa754ad2c8b3fd090579a6c1c7b9d91c.yaml
index 29fa1620f0..08b751a232 100644
--- a/nuclei-templates/2023/CVE-2023-47832-aa754ad2c8b3fd090579a6c1c7b9d91c.yaml
+++ b/nuclei-templates/2023/CVE-2023-47832-aa754ad2c8b3fd090579a6c1c7b9d91c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SearchIQ <= 4.4 - Missing Authorization via getSIQPluginSettings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SearchIQ plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getSIQPluginSettings function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to view information such as the plugin settings, theme, and WordPress and PHP version.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/searchiq/"
     google-query: inurl:"/wp-content/plugins/searchiq/"
     shodan-query: 'vuln:CVE-2023-47832'
-  tags: cve,wordpress,wp-plugin,searchiq,medium
+  tags: cve,wordpress,wp-plugin,searchiq,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47833-69bd71812f8b19e052624d1ea9f84cfd.yaml b/nuclei-templates/2023/CVE-2023-47833-69bd71812f8b19e052624d1ea9f84cfd.yaml
index 5b27f8a827..dae387b3b9 100644
--- a/nuclei-templates/2023/CVE-2023-47833-69bd71812f8b19e052624d1ea9f84cfd.yaml
+++ b/nuclei-templates/2023/CVE-2023-47833-69bd71812f8b19e052624d1ea9f84cfd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theater for WordPress <= 0.18.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Theater for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theatre/"
     google-query: inurl:"/wp-content/plugins/theatre/"
     shodan-query: 'vuln:CVE-2023-47833'
-  tags: cve,wordpress,wp-plugin,theatre,medium
+  tags: cve,wordpress,wp-plugin,theatre,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47834-d813a33aa115d1d1e87017777577752a.yaml b/nuclei-templates/2023/CVE-2023-47834-d813a33aa115d1d1e87017777577752a.yaml
index 210aeba129..d517f76b9c 100644
--- a/nuclei-templates/2023/CVE-2023-47834-d813a33aa115d1d1e87017777577752a.yaml
+++ b/nuclei-templates/2023/CVE-2023-47834-d813a33aa115d1d1e87017777577752a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 8.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 8.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2023-47834'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47835-a088cd6d5872bf40384c1e2afa0283ab.yaml b/nuclei-templates/2023/CVE-2023-47835-a088cd6d5872bf40384c1e2afa0283ab.yaml
index ac05972d1e..a4cdbf020f 100644
--- a/nuclei-templates/2023/CVE-2023-47835-a088cd6d5872bf40384c1e2afa0283ab.yaml
+++ b/nuclei-templates/2023/CVE-2023-47835-a088cd6d5872bf40384c1e2afa0283ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARI Stream Quiz <= 1.2.32 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ARI Stream Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ari-stream-quiz/"
     google-query: inurl:"/wp-content/plugins/ari-stream-quiz/"
     shodan-query: 'vuln:CVE-2023-47835'
-  tags: cve,wordpress,wp-plugin,ari-stream-quiz,medium
+  tags: cve,wordpress,wp-plugin,ari-stream-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47838-c2bf3837de0efe09eb976b0292e9ae9c.yaml b/nuclei-templates/2023/CVE-2023-47838-c2bf3837de0efe09eb976b0292e9ae9c.yaml
index 919d370a3e..6e938e2304 100644
--- a/nuclei-templates/2023/CVE-2023-47838-c2bf3837de0efe09eb976b0292e9ae9c.yaml
+++ b/nuclei-templates/2023/CVE-2023-47838-c2bf3837de0efe09eb976b0292e9ae9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conditional Fields for Contact Form 7 <= 2.4.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on an unknown function in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of this function and dismiss notifications intended for admins. There is no security impact.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-conditional-fields/"
     google-query: inurl:"/wp-content/plugins/cf7-conditional-fields/"
     shodan-query: 'vuln:CVE-2023-47838'
-  tags: cve,wordpress,wp-plugin,cf7-conditional-fields,medium
+  tags: cve,wordpress,wp-plugin,cf7-conditional-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47839-9daff448e161c27a1010bad80a987a15.yaml b/nuclei-templates/2023/CVE-2023-47839-9daff448e161c27a1010bad80a987a15.yaml
index d2ae580c7b..d2d3f9407e 100644
--- a/nuclei-templates/2023/CVE-2023-47839-9daff448e161c27a1010bad80a987a15.yaml
+++ b/nuclei-templates/2023/CVE-2023-47839-9daff448e161c27a1010bad80a987a15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eCommerce Product Catalog for WordPress <= 3.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ic_container shortcode in all versions up to, and including, 3.3.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ecommerce-product-catalog/"
     google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/"
     shodan-query: 'vuln:CVE-2023-47839'
-  tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,medium
+  tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47840-204d25ca766e5be5a84be69d8f92acaa.yaml b/nuclei-templates/2023/CVE-2023-47840-204d25ca766e5be5a84be69d8f92acaa.yaml
index c62fccb02d..5d967ea619 100644
--- a/nuclei-templates/2023/CVE-2023-47840-204d25ca766e5be5a84be69d8f92acaa.yaml
+++ b/nuclei-templates/2023/CVE-2023-47840-204d25ca766e5be5a84be69d8f92acaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qode Essential Addons  <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Qode Essential Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin() function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qode-essential-addons/"
     google-query: inurl:"/wp-content/plugins/qode-essential-addons/"
     shodan-query: 'vuln:CVE-2023-47840'
-  tags: cve,wordpress,wp-plugin,qode-essential-addons,medium
+  tags: cve,wordpress,wp-plugin,qode-essential-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47842-457555c66db611fbfa678adc71e787e6.yaml b/nuclei-templates/2023/CVE-2023-47842-457555c66db611fbfa678adc71e787e6.yaml
index 716c32ad3f..f111029595 100644
--- a/nuclei-templates/2023/CVE-2023-47842-457555c66db611fbfa678adc71e787e6.yaml
+++ b/nuclei-templates/2023/CVE-2023-47842-457555c66db611fbfa678adc71e787e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The CataBlog plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with editor access and above to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/catablog/"
     google-query: inurl:"/wp-content/plugins/catablog/"
     shodan-query: 'vuln:CVE-2023-47842'
-  tags: cve,wordpress,wp-plugin,catablog,high
+  tags: cve,wordpress,wp-plugin,catablog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47843-1319960b548fb4b068018632e6f16db7.yaml b/nuclei-templates/2023/CVE-2023-47843-1319960b548fb4b068018632e6f16db7.yaml
index ba06326237..a84a629f3a 100644
--- a/nuclei-templates/2023/CVE-2023-47843-1319960b548fb4b068018632e6f16db7.yaml
+++ b/nuclei-templates/2023/CVE-2023-47843-1319960b548fb4b068018632e6f16db7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CataBlog plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with editor access or higher to delete arbitrary files on the affected site's server which may make site takeovers possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/catablog/"
     google-query: inurl:"/wp-content/plugins/catablog/"
     shodan-query: 'vuln:CVE-2023-47843'
-  tags: cve,wordpress,wp-plugin,catablog,medium
+  tags: cve,wordpress,wp-plugin,catablog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47846-37948e20cc8aeb00d7f629d9bf7d79ee.yaml b/nuclei-templates/2023/CVE-2023-47846-37948e20cc8aeb00d7f629d9bf7d79ee.yaml
index 5d283f3192..57cb09b39a 100644
--- a/nuclei-templates/2023/CVE-2023-47846-37948e20cc8aeb00d7f629d9bf7d79ee.yaml
+++ b/nuclei-templates/2023/CVE-2023-47846-37948e20cc8aeb00d7f629d9bf7d79ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Githuber MD – WordPress Markdown Editor plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.16.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-githuber-md/"
     google-query: inurl:"/wp-content/plugins/wp-githuber-md/"
     shodan-query: 'vuln:CVE-2023-47846'
-  tags: cve,wordpress,wp-plugin,wp-githuber-md,high
+  tags: cve,wordpress,wp-plugin,wp-githuber-md,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47847-fd0b6587604276cef3b941ba57f9f4bd.yaml b/nuclei-templates/2023/CVE-2023-47847-fd0b6587604276cef3b941ba57f9f4bd.yaml
index aeec04b246..8431159117 100644
--- a/nuclei-templates/2023/CVE-2023-47847-fd0b6587604276cef3b941ba57f9f4bd.yaml
+++ b/nuclei-templates/2023/CVE-2023-47847-fd0b6587604276cef3b941ba57f9f4bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PayTR Taksit Tablosu <= 1.3.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PayTR Taksit Tablosu plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on one of its functions in versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to invoke this function with an unclear impact.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytr-taksit-tablosu-woocommerce/"
     google-query: inurl:"/wp-content/plugins/paytr-taksit-tablosu-woocommerce/"
     shodan-query: 'vuln:CVE-2023-47847'
-  tags: cve,wordpress,wp-plugin,paytr-taksit-tablosu-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,paytr-taksit-tablosu-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47849-9c222eb6bd53905ec6dff84bf0b52c03.yaml b/nuclei-templates/2023/CVE-2023-47849-9c222eb6bd53905ec6dff84bf0b52c03.yaml
index fdd889e4c3..8fd9ea8adb 100644
--- a/nuclei-templates/2023/CVE-2023-47849-9c222eb6bd53905ec6dff84bf0b52c03.yaml
+++ b/nuclei-templates/2023/CVE-2023-47849-9c222eb6bd53905ec6dff84bf0b52c03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BlossomThemes Email Newsletter <= 2.2.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BlossomThemes Email Newsletter plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bten_get_mailing_list function in versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to obtain a mailing list.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blossomthemes-email-newsletter/"
     google-query: inurl:"/wp-content/plugins/blossomthemes-email-newsletter/"
     shodan-query: 'vuln:CVE-2023-47849'
-  tags: cve,wordpress,wp-plugin,blossomthemes-email-newsletter,medium
+  tags: cve,wordpress,wp-plugin,blossomthemes-email-newsletter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47850-efd8e3487b0ad4544e466658a022b655.yaml b/nuclei-templates/2023/CVE-2023-47850-efd8e3487b0ad4544e466658a022b655.yaml
index 9d81fa46b7..165d2b1010 100644
--- a/nuclei-templates/2023/CVE-2023-47850-efd8e3487b0ad4544e466658a022b655.yaml
+++ b/nuclei-templates/2023/CVE-2023-47850-efd8e3487b0ad4544e466658a022b655.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Community by PeepSo <= 6.2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user avatars in all versions up to, and including, 6.2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/peepso-core/"
     google-query: inurl:"/wp-content/plugins/peepso-core/"
     shodan-query: 'vuln:CVE-2023-47850'
-  tags: cve,wordpress,wp-plugin,peepso-core,medium
+  tags: cve,wordpress,wp-plugin,peepso-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47851-c6a7ed723d2b968d4f9df70823302086.yaml b/nuclei-templates/2023/CVE-2023-47851-c6a7ed723d2b968d4f9df70823302086.yaml
index 4709526f89..86324aed28 100644
--- a/nuclei-templates/2023/CVE-2023-47851-c6a7ed723d2b968d4f9df70823302086.yaml
+++ b/nuclei-templates/2023/CVE-2023-47851-c6a7ed723d2b968d4f9df70823302086.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bootstrap Shortcodes Ultimate <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bootstrap Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bs-shortcode-ultimate/"
     google-query: inurl:"/wp-content/plugins/bs-shortcode-ultimate/"
     shodan-query: 'vuln:CVE-2023-47851'
-  tags: cve,wordpress,wp-plugin,bs-shortcode-ultimate,medium
+  tags: cve,wordpress,wp-plugin,bs-shortcode-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47852-da040359bca67615913785734db30059.yaml b/nuclei-templates/2023/CVE-2023-47852-da040359bca67615913785734db30059.yaml
index 66d6dd2005..edae3f4794 100644
--- a/nuclei-templates/2023/CVE-2023-47852-da040359bca67615913785734db30059.yaml
+++ b/nuclei-templates/2023/CVE-2023-47852-da040359bca67615913785734db30059.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link Whisper Free <= 0.6.5 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Link Whisper Free plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-whisper/"
     google-query: inurl:"/wp-content/plugins/link-whisper/"
     shodan-query: 'vuln:CVE-2023-47852'
-  tags: cve,wordpress,wp-plugin,link-whisper,high
+  tags: cve,wordpress,wp-plugin,link-whisper,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47853-6ae7e30bc28b46b135c2064dc2c025e6.yaml b/nuclei-templates/2023/CVE-2023-47853-6ae7e30bc28b46b135c2064dc2c025e6.yaml
index 1c3024ce34..3cc5da1147 100644
--- a/nuclei-templates/2023/CVE-2023-47853-6ae7e30bc28b46b135c2064dc2c025e6.yaml
+++ b/nuclei-templates/2023/CVE-2023-47853-6ae7e30bc28b46b135c2064dc2c025e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     myCred <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mycred/"
     google-query: inurl:"/wp-content/plugins/mycred/"
     shodan-query: 'vuln:CVE-2023-47853'
-  tags: cve,wordpress,wp-plugin,mycred,medium
+  tags: cve,wordpress,wp-plugin,mycred,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47854-b5b52d178ac9e73e1f7151b15d18b267.yaml b/nuclei-templates/2023/CVE-2023-47854-b5b52d178ac9e73e1f7151b15d18b267.yaml
index 4299e2046f..e3a755c68c 100644
--- a/nuclei-templates/2023/CVE-2023-47854-b5b52d178ac9e73e1f7151b15d18b267.yaml
+++ b/nuclei-templates/2023/CVE-2023-47854-b5b52d178ac9e73e1f7151b15d18b267.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Parallax Image <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/parallax-image/"
     google-query: inurl:"/wp-content/plugins/parallax-image/"
     shodan-query: 'vuln:CVE-2023-47854'
-  tags: cve,wordpress,wp-plugin,parallax-image,medium
+  tags: cve,wordpress,wp-plugin,parallax-image,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47869-026833d334ad1214ad9b4e4b3b4251a9.yaml b/nuclei-templates/2023/CVE-2023-47869-026833d334ad1214ad9b4e4b3b4251a9.yaml
index bc74c562d4..d42e6a6e1f 100644
--- a/nuclei-templates/2023/CVE-2023-47869-026833d334ad1214ad9b4e4b3b4251a9.yaml
+++ b/nuclei-templates/2023/CVE-2023-47869-026833d334ad1214ad9b4e4b3b4251a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 2.2.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wpForo Forum plugin for WordPress is vulnerable to unauthorized control of data due to a missing capability check on an unknown function in all versions up to, and including, 2.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2023-47869'
-  tags: cve,wordpress,wp-plugin,wpforo,medium
+  tags: cve,wordpress,wp-plugin,wpforo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47871-d34228fe0ea5aea58ceb8ad3c32ed940.yaml b/nuclei-templates/2023/CVE-2023-47871-d34228fe0ea5aea58ceb8ad3c32ed940.yaml
index 0c5f2754a0..5b1d732dc4 100644
--- a/nuclei-templates/2023/CVE-2023-47871-d34228fe0ea5aea58ceb8ad3c32ed940.yaml
+++ b/nuclei-templates/2023/CVE-2023-47871-d34228fe0ea5aea58ceb8ad3c32ed940.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form to Any API <= 1.1.6 - Missing Authorization via delete_cf7_records()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form to Any API plugin for WordPress is vulnerable to unauthorized modification/loss of data due to a missing capability check on the delete_cf7_records() function in versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete CF7 API entry records
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-any-api/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-any-api/"
     shodan-query: 'vuln:CVE-2023-47871'
-  tags: cve,wordpress,wp-plugin,contact-form-to-any-api,medium
+  tags: cve,wordpress,wp-plugin,contact-form-to-any-api,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47872-ee5b4c2ac22e2de04acc625e8a8d31f3.yaml b/nuclei-templates/2023/CVE-2023-47872-ee5b4c2ac22e2de04acc625e8a8d31f3.yaml
index 7a2cd0264c..7123767ea2 100644
--- a/nuclei-templates/2023/CVE-2023-47872-ee5b4c2ac22e2de04acc625e8a8d31f3.yaml
+++ b/nuclei-templates/2023/CVE-2023-47872-ee5b4c2ac22e2de04acc625e8a8d31f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpForo Forum <= 2.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforo/"
     google-query: inurl:"/wp-content/plugins/wpforo/"
     shodan-query: 'vuln:CVE-2023-47872'
-  tags: cve,wordpress,wp-plugin,wpforo,medium
+  tags: cve,wordpress,wp-plugin,wpforo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47873-c4cf1ef74f307e3d974c13ea6edd24eb.yaml b/nuclei-templates/2023/CVE-2023-47873-c4cf1ef74f307e3d974c13ea6edd24eb.yaml
index 7d0b0f3df0..05f8419c49 100644
--- a/nuclei-templates/2023/CVE-2023-47873-c4cf1ef74f307e3d974c13ea6edd24eb.yaml
+++ b/nuclei-templates/2023/CVE-2023-47873-c4cf1ef74f307e3d974c13ea6edd24eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Child Theme Generator <= 1.1.0 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WP Child Theme Generator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.0. This makes it possible for administrators to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-child-theme-generator/"
     google-query: inurl:"/wp-content/plugins/wp-child-theme-generator/"
     shodan-query: 'vuln:CVE-2023-47873'
-  tags: cve,wordpress,wp-plugin,wp-child-theme-generator,critical
+  tags: cve,wordpress,wp-plugin,wp-child-theme-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47874-7bfb8a8c7905e357c4c4b5df9d93b6e7.yaml b/nuclei-templates/2023/CVE-2023-47874-7bfb8a8c7905e357c4c4b5df9d93b6e7.yaml
index 3e3633e5b4..ee57568ab9 100644
--- a/nuclei-templates/2023/CVE-2023-47874-7bfb8a8c7905e357c4c4b5df9d93b6e7.yaml
+++ b/nuclei-templates/2023/CVE-2023-47874-7bfb8a8c7905e357c4c4b5df9d93b6e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Perfmatters <= 2.1.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Perfmatters plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions in all versions up to, and including, 2.1.6. This makes it possible for subscriber-level attackers to invoke this function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/perfmatters/"
     google-query: inurl:"/wp-content/plugins/perfmatters/"
     shodan-query: 'vuln:CVE-2023-47874'
-  tags: cve,wordpress,wp-plugin,perfmatters,medium
+  tags: cve,wordpress,wp-plugin,perfmatters,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-47877-14db06c015099db1b01fba0887a78991.yaml b/nuclei-templates/2023/CVE-2023-47877-14db06c015099db1b01fba0887a78991.yaml
index 2c0be834a0..98c0d51d18 100644
--- a/nuclei-templates/2023/CVE-2023-47877-14db06c015099db1b01fba0887a78991.yaml
+++ b/nuclei-templates/2023/CVE-2023-47877-14db06c015099db1b01fba0887a78991.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Perfmatters < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Perfmatters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to 2.2.0 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/perfmatters/"
     google-query: inurl:"/wp-content/plugins/perfmatters/"
     shodan-query: 'vuln:CVE-2023-47877'
-  tags: cve,wordpress,wp-plugin,perfmatters,medium
+  tags: cve,wordpress,wp-plugin,perfmatters,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4792-87909a557eede328b649d626c4448f38.yaml b/nuclei-templates/2023/CVE-2023-4792-87909a557eede328b649d626c4448f38.yaml
index dbe906086a..629056fa4e 100644
--- a/nuclei-templates/2023/CVE-2023-4792-87909a557eede328b649d626c4448f38.yaml
+++ b/nuclei-templates/2023/CVE-2023-4792-87909a557eede328b649d626c4448f38.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization to Post Duplication
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-post-page-menu-custom-post-type/"
     google-query: inurl:"/wp-content/plugins/duplicate-post-page-menu-custom-post-type/"
     shodan-query: 'vuln:CVE-2023-4792'
-  tags: cve,wordpress,wp-plugin,duplicate-post-page-menu-custom-post-type,medium
+  tags: cve,wordpress,wp-plugin,duplicate-post-page-menu-custom-post-type,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4795-43c13d89c14426ecb661544b7d24f058.yaml b/nuclei-templates/2023/CVE-2023-4795-43c13d89c14426ecb661544b7d24f058.yaml
index 1c8177ab52..7098ed35d4 100644
--- a/nuclei-templates/2023/CVE-2023-4795-43c13d89c14426ecb661544b7d24f058.yaml
+++ b/nuclei-templates/2023/CVE-2023-4795-43c13d89c14426ecb661544b7d24f058.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial Slider Shortcode <= 1.1.8 - Authenticated (Contributor+) Cross-Site Scripting Vulnerability via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Testimonial Slider Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-slider-shortcode/"
     google-query: inurl:"/wp-content/plugins/testimonial-slider-shortcode/"
     shodan-query: 'vuln:CVE-2023-4795'
-  tags: cve,wordpress,wp-plugin,testimonial-slider-shortcode,medium
+  tags: cve,wordpress,wp-plugin,testimonial-slider-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4796-cba7d92a9ae2afc427a931dcb7ec0c7f.yaml b/nuclei-templates/2023/CVE-2023-4796-cba7d92a9ae2afc427a931dcb7ec0c7f.yaml
index 802eee32e7..002ac4c85f 100644
--- a/nuclei-templates/2023/CVE-2023-4796-cba7d92a9ae2afc427a931dcb7ec0c7f.yaml
+++ b/nuclei-templates/2023/CVE-2023-4796-cba7d92a9ae2afc427a931dcb7ec0c7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 7.1.0 - Authenticated (Subscriber+) Information Disclosure via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2023-4796'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4797-6341ec05f42eea92884ac2a29b84c8c0.yaml b/nuclei-templates/2023/CVE-2023-4797-6341ec05f42eea92884ac2a29b84c8c0.yaml
index c44d236d73..f6ffc025c8 100644
--- a/nuclei-templates/2023/CVE-2023-4797-6341ec05f42eea92884ac2a29b84c8c0.yaml
+++ b/nuclei-templates/2023/CVE-2023-4797-6341ec05f42eea92884ac2a29b84c8c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter Lite <= 4.9.2 - Authenticated (Admin+) Command Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Newsletters plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.9.2 via the emailarchive_olderthan parameter. This is due to insuffcient validation on user supplied input being passed to eval. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletters-lite/"
     google-query: inurl:"/wp-content/plugins/newsletters-lite/"
     shodan-query: 'vuln:CVE-2023-4797'
-  tags: cve,wordpress,wp-plugin,newsletters-lite,medium
+  tags: cve,wordpress,wp-plugin,newsletters-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4798-48546947f3dbea6a3d1c0687b8db90bb.yaml b/nuclei-templates/2023/CVE-2023-4798-48546947f3dbea6a3d1c0687b8db90bb.yaml
index c049d7c04d..11b78c1a7e 100644
--- a/nuclei-templates/2023/CVE-2023-4798-48546947f3dbea6a3d1c0687b8db90bb.yaml
+++ b/nuclei-templates/2023/CVE-2023-4798-48546947f3dbea6a3d1c0687b8db90bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Avatar – Reloaded <= 1.2.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Avatar – Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-avatar-reloaded/"
     google-query: inurl:"/wp-content/plugins/user-avatar-reloaded/"
     shodan-query: 'vuln:CVE-2023-4798'
-  tags: cve,wordpress,wp-plugin,user-avatar-reloaded,medium
+  tags: cve,wordpress,wp-plugin,user-avatar-reloaded,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4799-d255ee9fa48bc6c366622d018f796d6c.yaml b/nuclei-templates/2023/CVE-2023-4799-d255ee9fa48bc6c366622d018f796d6c.yaml
index 74e305501d..8e513d6778 100644
--- a/nuclei-templates/2023/CVE-2023-4799-d255ee9fa48bc6c366622d018f796d6c.yaml
+++ b/nuclei-templates/2023/CVE-2023-4799-d255ee9fa48bc6c366622d018f796d6c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Magic Embeds <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Magic Embeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-embed-facebook/"
     google-query: inurl:"/wp-content/plugins/wp-embed-facebook/"
     shodan-query: 'vuln:CVE-2023-4799'
-  tags: cve,wordpress,wp-plugin,wp-embed-facebook,medium
+  tags: cve,wordpress,wp-plugin,wp-embed-facebook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4800-76c4f32766bf14b6bbf96fbeaaac68ab.yaml b/nuclei-templates/2023/CVE-2023-4800-76c4f32766bf14b6bbf96fbeaaac68ab.yaml
index 6405e44774..24b9a490be 100644
--- a/nuclei-templates/2023/CVE-2023-4800-76c4f32766bf14b6bbf96fbeaaac68ab.yaml
+++ b/nuclei-templates/2023/CVE-2023-4800-76c4f32766bf14b6bbf96fbeaaac68ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DoLogin Security <= 3.7 - Missing Authorization on Dashboard Widget
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The DoLogin Security plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dashboard widget in versions up to, and including, 3.7. This makes it possible for authenticated attackers to view the login attempts log.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dologin/"
     google-query: inurl:"/wp-content/plugins/dologin/"
     shodan-query: 'vuln:CVE-2023-4800'
-  tags: cve,wordpress,wp-plugin,dologin,medium
+  tags: cve,wordpress,wp-plugin,dologin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4805-728966d9c09b57c99055d67de463c279.yaml b/nuclei-templates/2023/CVE-2023-4805-728966d9c09b57c99055d67de463c279.yaml
index 0d0b2bb58b..6976daa25f 100644
--- a/nuclei-templates/2023/CVE-2023-4805-728966d9c09b57c99055d67de463c279.yaml
+++ b/nuclei-templates/2023/CVE-2023-4805-728966d9c09b57c99055d67de463c279.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 2.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tutor LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2023-4805'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4808-8e3b2acb0664262c6a53a39a282fbea3.yaml b/nuclei-templates/2023/CVE-2023-4808-8e3b2acb0664262c6a53a39a282fbea3.yaml
index d962074f6a..da508be798 100644
--- a/nuclei-templates/2023/CVE-2023-4808-8e3b2acb0664262c6a53a39a282fbea3.yaml
+++ b/nuclei-templates/2023/CVE-2023-4808-8e3b2acb0664262c6a53a39a282fbea3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Post Popup <= 3.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Post Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-post-modal/"
     google-query: inurl:"/wp-content/plugins/wp-post-modal/"
     shodan-query: 'vuln:CVE-2023-4808'
-  tags: cve,wordpress,wp-plugin,wp-post-modal,medium
+  tags: cve,wordpress,wp-plugin,wp-post-modal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4810-932d8591d976abf910e4179bc489f078.yaml b/nuclei-templates/2023/CVE-2023-4810-932d8591d976abf910e4179bc489f078.yaml
index 09aaa03d64..36a3649ee4 100644
--- a/nuclei-templates/2023/CVE-2023-4810-932d8591d976abf910e4179bc489f078.yaml
+++ b/nuclei-templates/2023/CVE-2023-4810-932d8591d976abf910e4179bc489f078.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Pricing Table < 5.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 5.1.8 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dk-pricr-responsive-pricing-table/"
     google-query: inurl:"/wp-content/plugins/dk-pricr-responsive-pricing-table/"
     shodan-query: 'vuln:CVE-2023-4810'
-  tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,medium
+  tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4810-c74224b712fc0c2fb7b3dedfadd9ee64.yaml b/nuclei-templates/2023/CVE-2023-4810-c74224b712fc0c2fb7b3dedfadd9ee64.yaml
index ad31c87132..4c7b6c55fd 100644
--- a/nuclei-templates/2023/CVE-2023-4810-c74224b712fc0c2fb7b3dedfadd9ee64.yaml
+++ b/nuclei-templates/2023/CVE-2023-4810-c74224b712fc0c2fb7b3dedfadd9ee64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Pricing Table <= 5.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dk-pricr-responsive-pricing-table/"
     google-query: inurl:"/wp-content/plugins/dk-pricr-responsive-pricing-table/"
     shodan-query: 'vuln:CVE-2023-4810'
-  tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,medium
+  tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4811-392e3e13340828fa089ab176edcbfb0e.yaml b/nuclei-templates/2023/CVE-2023-4811-392e3e13340828fa089ab176edcbfb0e.yaml
index 8e92f99c57..c6d8b83cfa 100644
--- a/nuclei-templates/2023/CVE-2023-4811-392e3e13340828fa089ab176edcbfb0e.yaml
+++ b/nuclei-templates/2023/CVE-2023-4811-392e3e13340828fa089ab176edcbfb0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wordpress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute in versions up to, and including, 4.23.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-upload/"
     google-query: inurl:"/wp-content/plugins/wp-file-upload/"
     shodan-query: 'vuln:CVE-2023-4811'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,medium
+  tags: cve,wordpress,wp-plugin,wp-file-upload,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4820-e8a960f3022a61734bef50d7f60e4d17.yaml b/nuclei-templates/2023/CVE-2023-4820-e8a960f3022a61734bef50d7f60e4d17.yaml
index 28d4cb3276..3f67b643ae 100644
--- a/nuclei-templates/2023/CVE-2023-4820-e8a960f3022a61734bef50d7f60e4d17.yaml
+++ b/nuclei-templates/2023/CVE-2023-4820-e8a960f3022a61734bef50d7f60e4d17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPress <= 11.0.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Media URL
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the media URL in versions up to, and including, 11.0.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue was partially patched in 11.0.11, and fully patched in 11.0.12.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpress/"
     google-query: inurl:"/wp-content/plugins/powerpress/"
     shodan-query: 'vuln:CVE-2023-4820'
-  tags: cve,wordpress,wp-plugin,powerpress,medium
+  tags: cve,wordpress,wp-plugin,powerpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4823-9a466e34216ffe71aad25917ff6bfb32.yaml b/nuclei-templates/2023/CVE-2023-4823-9a466e34216ffe71aad25917ff6bfb32.yaml
index 6f1ebdb1a0..9032725580 100644
--- a/nuclei-templates/2023/CVE-2023-4823-9a466e34216ffe71aad25917ff6bfb32.yaml
+++ b/nuclei-templates/2023/CVE-2023-4823-9a466e34216ffe71aad25917ff6bfb32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meta and Date Remover < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Meta and Date Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to 2.2.0 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber level access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-and-date-remover/"
     google-query: inurl:"/wp-content/plugins/wp-meta-and-date-remover/"
     shodan-query: 'vuln:CVE-2023-4823'
-  tags: cve,wordpress,wp-plugin,wp-meta-and-date-remover,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-and-date-remover,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4827-3a0b06a228abc56684c0fecc37877b4c.yaml b/nuclei-templates/2023/CVE-2023-4827-3a0b06a228abc56684c0fecc37877b4c.yaml
index 2c07fde98e..fb6c47acdd 100644
--- a/nuclei-templates/2023/CVE-2023-4827-3a0b06a228abc56684c0fecc37877b4c.yaml
+++ b/nuclei-templates/2023/CVE-2023-4827-3a0b06a228abc56684c0fecc37877b4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Manager Pro – Filester - <= 1.7.6 - Cross-Site Request Forgery to Arbitrary File Rename
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the fsConnector function. This makes it possible for unauthenticated attackers to rename an arbitrary file and ultimately execute arbitrary code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filester/"
     google-query: inurl:"/wp-content/plugins/filester/"
     shodan-query: 'vuln:CVE-2023-4827'
-  tags: cve,wordpress,wp-plugin,filester,high
+  tags: cve,wordpress,wp-plugin,filester,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48272-20311a33f3f379efbba8f0342b6a65da.yaml b/nuclei-templates/2023/CVE-2023-48272-20311a33f3f379efbba8f0342b6a65da.yaml
index 8958703eb7..22f42c1519 100644
--- a/nuclei-templates/2023/CVE-2023-48272-20311a33f3f379efbba8f0342b6a65da.yaml
+++ b/nuclei-templates/2023/CVE-2023-48272-20311a33f3f379efbba8f0342b6a65da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Maspik – Spam blacklist <= 0.9.2 - Unauthenticated Stored Cross-Site Scripting via efas_add_to_log
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Maspik – Spam Blacklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the efas_add_to_log function in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-forms-anti-spam/"
     google-query: inurl:"/wp-content/plugins/contact-forms-anti-spam/"
     shodan-query: 'vuln:CVE-2023-48272'
-  tags: cve,wordpress,wp-plugin,contact-forms-anti-spam,medium
+  tags: cve,wordpress,wp-plugin,contact-forms-anti-spam,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48273-2c9e7a14e26b36ebcb4ba9bbe208df94.yaml b/nuclei-templates/2023/CVE-2023-48273-2c9e7a14e26b36ebcb4ba9bbe208df94.yaml
index 9e5c762384..38b169b3db 100644
--- a/nuclei-templates/2023/CVE-2023-48273-2c9e7a14e26b36ebcb4ba9bbe208df94.yaml
+++ b/nuclei-templates/2023/CVE-2023-48273-2c9e7a14e26b36ebcb4ba9bbe208df94.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Preloader for Website <= 1.2.2 - Missing Authorization via plwao_register_settings()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Preloader for Website plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the plwao_register_settings() function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to reset the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/preloader-for-website/"
     google-query: inurl:"/wp-content/plugins/preloader-for-website/"
     shodan-query: 'vuln:CVE-2023-48273'
-  tags: cve,wordpress,wp-plugin,preloader-for-website,medium
+  tags: cve,wordpress,wp-plugin,preloader-for-website,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48274-7255e5fa9e3ec3cf7fa69588c79329ad.yaml b/nuclei-templates/2023/CVE-2023-48274-7255e5fa9e3ec3cf7fa69588c79329ad.yaml
index 5f32f21409..26b0d97106 100644
--- a/nuclei-templates/2023/CVE-2023-48274-7255e5fa9e3ec3cf7fa69588c79329ad.yaml
+++ b/nuclei-templates/2023/CVE-2023-48274-7255e5fa9e3ec3cf7fa69588c79329ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WCMultiShipping <= 2.3.5 - Missing Authorization to Log Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WCMultiShipping plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wms_export_log function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and view the plugins log file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-multishipping/"
     google-query: inurl:"/wp-content/plugins/wc-multishipping/"
     shodan-query: 'vuln:CVE-2023-48274'
-  tags: cve,wordpress,wp-plugin,wc-multishipping,medium
+  tags: cve,wordpress,wp-plugin,wc-multishipping,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48275-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/2023/CVE-2023-48275-61b7e681fc2aebd347be4e6d876bf4f7.yaml
index 94fdf49b31..c738b6d5ee 100644
--- a/nuclei-templates/2023/CVE-2023-48275-61b7e681fc2aebd347be4e6d876bf4f7.yaml
+++ b/nuclei-templates/2023/CVE-2023-48275-61b7e681fc2aebd347be4e6d876bf4f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Multiple plugins for WordPress by Trustindex.io are vulnerable to arbitrary file uploads due to missing file type validation in the ~/tabs/feature_request.php file in various versions. This makes it possible for authenticated attackers, with editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This vulnerability may only be fully exploitable for RCE in unique scenarios where the server is overloaded and the unlink() is not triggered immediately following move_uploaded_file().
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.6
     cve-id: CVE-2023-48275
   metadata:
-    fofa-query: "wp-content/plugins/customer-reviews-collector-for-woocommerce/"
-    google-query: inurl:"/wp-content/plugins/customer-reviews-collector-for-woocommerce/"
+    fofa-query: "wp-content/plugins/widgets-for-sourceforge-reviews/"
+    google-query: inurl:"/wp-content/plugins/widgets-for-sourceforge-reviews/"
     shodan-query: 'vuln:CVE-2023-48275'
-  tags: cve,wordpress,wp-plugin,customer-reviews-collector-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,widgets-for-sourceforge-reviews,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/customer-reviews-collector-for-woocommerce/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/widgets-for-sourceforge-reviews/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "customer-reviews-collector-for-woocommerce"
+          - "widgets-for-sourceforge-reviews"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.9')
\ No newline at end of file
+          - compare_versions(version, '<= 11.0.2')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-48277-86c50499cb2301a82786d4f168d5a72c.yaml b/nuclei-templates/2023/CVE-2023-48277-86c50499cb2301a82786d4f168d5a72c.yaml
index 231a07ddf7..fa5f342ded 100644
--- a/nuclei-templates/2023/CVE-2023-48277-86c50499cb2301a82786d4f168d5a72c.yaml
+++ b/nuclei-templates/2023/CVE-2023-48277-86c50499cb2301a82786d4f168d5a72c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Super Progressive Web Apps <= 2.2.21 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Super Progressive Web Apps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the superpwa_newsletter_submit() function hooked via a nopriv AJAX action in versions up to, and including, 2.2.21. This makes it possible for unauthenticated attackers to subscribe to the plugin author's newsletter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-progressive-web-apps/"
     google-query: inurl:"/wp-content/plugins/super-progressive-web-apps/"
     shodan-query: 'vuln:CVE-2023-48277'
-  tags: cve,wordpress,wp-plugin,super-progressive-web-apps,medium
+  tags: cve,wordpress,wp-plugin,super-progressive-web-apps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48280-f1b98a2e76b778879a86c711e73365c4.yaml b/nuclei-templates/2023/CVE-2023-48280-f1b98a2e76b778879a86c711e73365c4.yaml
index a1f0727192..3c49b5f7d1 100644
--- a/nuclei-templates/2023/CVE-2023-48280-f1b98a2e76b778879a86c711e73365c4.yaml
+++ b/nuclei-templates/2023/CVE-2023-48280-f1b98a2e76b778879a86c711e73365c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Consensu.io <= 1.0.2 - Missing Authorization via update_config_db()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Consensu.io plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_config_db() function in versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to modify the plugin's setting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/consensu-io/"
     google-query: inurl:"/wp-content/plugins/consensu-io/"
     shodan-query: 'vuln:CVE-2023-48280'
-  tags: cve,wordpress,wp-plugin,consensu-io,medium
+  tags: cve,wordpress,wp-plugin,consensu-io,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48287-3832b3b7c5502757f733258a03de8f45.yaml b/nuclei-templates/2023/CVE-2023-48287-3832b3b7c5502757f733258a03de8f45.yaml
index 108435a3a6..4418ee1533 100644
--- a/nuclei-templates/2023/CVE-2023-48287-3832b3b7c5502757f733258a03de8f45.yaml
+++ b/nuclei-templates/2023/CVE-2023-48287-3832b3b7c5502757f733258a03de8f45.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TextMe SMS <= 1.9.0 - Missing Authorization via tetxme_update_option_page()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TextMe SMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tetxme_update_option_page() function called via AJAX in all versions up to, and including, 1.9.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/textme-sms-integration/"
     google-query: inurl:"/wp-content/plugins/textme-sms-integration/"
     shodan-query: 'vuln:CVE-2023-48287'
-  tags: cve,wordpress,wp-plugin,textme-sms-integration,medium
+  tags: cve,wordpress,wp-plugin,textme-sms-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48289-a4a103535f33f8f1f9687c4a0228f8b0.yaml b/nuclei-templates/2023/CVE-2023-48289-a4a103535f33f8f1f9687c4a0228f8b0.yaml
index 37bd72c16f..cb31e63afc 100644
--- a/nuclei-templates/2023/CVE-2023-48289-a4a103535f33f8f1f9687c4a0228f8b0.yaml
+++ b/nuclei-templates/2023/CVE-2023-48289-a4a103535f33f8f1f9687c4a0228f8b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import Spreadsheets from Microsoft Excel <= 10.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Import Spreadsheets from Microsoft Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 10.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-spreadsheets-from-microsoft-excel/"
     google-query: inurl:"/wp-content/plugins/import-spreadsheets-from-microsoft-excel/"
     shodan-query: 'vuln:CVE-2023-48289'
-  tags: cve,wordpress,wp-plugin,import-spreadsheets-from-microsoft-excel,medium
+  tags: cve,wordpress,wp-plugin,import-spreadsheets-from-microsoft-excel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48300-bf9717887c7854e5283687233b3eaf88.yaml b/nuclei-templates/2023/CVE-2023-48300-bf9717887c7854e5283687233b3eaf88.yaml
index c58208e4b5..e5316cff21 100644
--- a/nuclei-templates/2023/CVE-2023-48300-bf9717887c7854e5283687233b3eaf88.yaml
+++ b/nuclei-templates/2023/CVE-2023-48300-bf9717887c7854e5283687233b3eaf88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Embed Privacy <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Embed Privacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_privacy_opt_out ' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2023-51694 appears to be a duplicate of this vulnerability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embed-privacy/"
     google-query: inurl:"/wp-content/plugins/embed-privacy/"
     shodan-query: 'vuln:CVE-2023-48300'
-  tags: cve,wordpress,wp-plugin,embed-privacy,medium
+  tags: cve,wordpress,wp-plugin,embed-privacy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48317-5b28a734c59e3ed66297833eac37980a.yaml b/nuclei-templates/2023/CVE-2023-48317-5b28a734c59e3ed66297833eac37980a.yaml
index e39b621e70..fbead811d4 100644
--- a/nuclei-templates/2023/CVE-2023-48317-5b28a734c59e3ed66297833eac37980a.yaml
+++ b/nuclei-templates/2023/CVE-2023-48317-5b28a734c59e3ed66297833eac37980a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Display Custom Post <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Display Custom Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/display-custom-post/"
     google-query: inurl:"/wp-content/plugins/display-custom-post/"
     shodan-query: 'vuln:CVE-2023-48317'
-  tags: cve,wordpress,wp-plugin,display-custom-post,medium
+  tags: cve,wordpress,wp-plugin,display-custom-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48319-12219750d7664db4408ea75c73fa706d.yaml b/nuclei-templates/2023/CVE-2023-48319-12219750d7664db4408ea75c73fa706d.yaml
index add1cd8a2c..501529b643 100644
--- a/nuclei-templates/2023/CVE-2023-48319-12219750d7664db4408ea75c73fa706d.yaml
+++ b/nuclei-templates/2023/CVE-2023-48319-12219750d7664db4408ea75c73fa706d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salon booking system < 8.7 - Authenticated (Editor+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Salon booking system plugin for WordPress is vulnerable to privilege escalation in all versions up to, but excluding, 8.7. This makes it possible for authenticated attackers, with editor-level access and above, to escalate their privileges to that of an administrator.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salon-booking-system/"
     google-query: inurl:"/wp-content/plugins/salon-booking-system/"
     shodan-query: 'vuln:CVE-2023-48319'
-  tags: cve,wordpress,wp-plugin,salon-booking-system,high
+  tags: cve,wordpress,wp-plugin,salon-booking-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48320-f4526bcdafc950c9e06f1e8880692066.yaml b/nuclei-templates/2023/CVE-2023-48320-f4526bcdafc950c9e06f1e8880692066.yaml
index 335a64d75b..a0b824890e 100644
--- a/nuclei-templates/2023/CVE-2023-48320-f4526bcdafc950c9e06f1e8880692066.yaml
+++ b/nuclei-templates/2023/CVE-2023-48320-f4526bcdafc950c9e06f1e8880692066.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Player <= 1.5.22 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SpiderVPlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/player/"
     google-query: inurl:"/wp-content/plugins/player/"
     shodan-query: 'vuln:CVE-2023-48320'
-  tags: cve,wordpress,wp-plugin,player,medium
+  tags: cve,wordpress,wp-plugin,player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48321-779279c30a67e49a16a563a554fb708b.yaml b/nuclei-templates/2023/CVE-2023-48321-779279c30a67e49a16a563a554fb708b.yaml
index d0aec49182..a9819931de 100644
--- a/nuclei-templates/2023/CVE-2023-48321-779279c30a67e49a16a563a554fb708b.yaml
+++ b/nuclei-templates/2023/CVE-2023-48321-779279c30a67e49a16a563a554fb708b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accelerated Mobile Pages <= 1.0.88.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.88.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accelerated-mobile-pages/"
     google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/"
     shodan-query: 'vuln:CVE-2023-48321'
-  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,medium
+  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48324-de2f88d15a1b5aecd6a16f406646e9a9.yaml b/nuclei-templates/2023/CVE-2023-48324-de2f88d15a1b5aecd6a16f406646e9a9.yaml
index d79ac34e3f..4f46eeddeb 100644
--- a/nuclei-templates/2023/CVE-2023-48324-de2f88d15a1b5aecd6a16f406646e9a9.yaml
+++ b/nuclei-templates/2023/CVE-2023-48324-de2f88d15a1b5aecd6a16f406646e9a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support <= 6.1.4 - Missing Authorization via wpas_edit_reply_ajax()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Awesome Support plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpas_edit_reply_ajax() function in versions up to, and including, 6.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to edit replies.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2023-48324'
-  tags: cve,wordpress,wp-plugin,awesome-support,medium
+  tags: cve,wordpress,wp-plugin,awesome-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48327-07b010f0b7d81d013a7b9731f936031d.yaml b/nuclei-templates/2023/CVE-2023-48327-07b010f0b7d81d013a7b9731f936031d.yaml
index ef38c618f8..b0b1433a38 100644
--- a/nuclei-templates/2023/CVE-2023-48327-07b010f0b7d81d013a7b9731f936031d.yaml
+++ b/nuclei-templates/2023/CVE-2023-48327-07b010f0b7d81d013a7b9731f936031d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WC Vendors Marketplace <= 2.4.7 - Authenticated (Shop manager+) SQL Injection via search dates
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WC Vendors Marketplace plugin for WordPress is vulnerable to SQL Injection via search date parameters in versions up to, and including, 2.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-vendors/"
     google-query: inurl:"/wp-content/plugins/wc-vendors/"
     shodan-query: 'vuln:CVE-2023-48327'
-  tags: cve,wordpress,wp-plugin,wc-vendors,high
+  tags: cve,wordpress,wp-plugin,wc-vendors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48329-67c3c53f919818b53462cf301e3b0e2a.yaml b/nuclei-templates/2023/CVE-2023-48329-67c3c53f919818b53462cf301e3b0e2a.yaml
index 03a8e280c2..199e3f076b 100644
--- a/nuclei-templates/2023/CVE-2023-48329-67c3c53f919818b53462cf301e3b0e2a.yaml
+++ b/nuclei-templates/2023/CVE-2023-48329-67c3c53f919818b53462cf301e3b0e2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fast Custom Social Share by CodeBard <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fast Custom Social Share by CodeBard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fast-custom-social-share-by-codebard/"
     google-query: inurl:"/wp-content/plugins/fast-custom-social-share-by-codebard/"
     shodan-query: 'vuln:CVE-2023-48329'
-  tags: cve,wordpress,wp-plugin,fast-custom-social-share-by-codebard,medium
+  tags: cve,wordpress,wp-plugin,fast-custom-social-share-by-codebard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48332-7bbbf63e0874145284bff009623a4860.yaml b/nuclei-templates/2023/CVE-2023-48332-7bbbf63e0874145284bff009623a4860.yaml
index a2dd94f5cf..3f8949b090 100644
--- a/nuclei-templates/2023/CVE-2023-48332-7bbbf63e0874145284bff009623a4860.yaml
+++ b/nuclei-templates/2023/CVE-2023-48332-7bbbf63e0874145284bff009623a4860.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Bank - #1 Mail SMTP Plugin for WordPress <= 4.0.14 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mail Bank - #1 Mail SMTP Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the post_user_feedback_mail_bank() function in versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to send user feedback to the plugin author that appears to come from the targeted site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-bank/"
     google-query: inurl:"/wp-content/plugins/wp-mail-bank/"
     shodan-query: 'vuln:CVE-2023-48332'
-  tags: cve,wordpress,wp-plugin,wp-mail-bank,medium
+  tags: cve,wordpress,wp-plugin,wp-mail-bank,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48333-9c19725e7330d8a4aba8b2ac8de32961.yaml b/nuclei-templates/2023/CVE-2023-48333-9c19725e7330d8a4aba8b2ac8de32961.yaml
index 09f6384b26..22b8647da9 100644
--- a/nuclei-templates/2023/CVE-2023-48333-9c19725e7330d8a4aba8b2ac8de32961.yaml
+++ b/nuclei-templates/2023/CVE-2023-48333-9c19725e7330d8a4aba8b2ac8de32961.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+) Order Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_atts() function in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2023-48333'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48336-ecb72206512391b63853fcec98ca443c.yaml b/nuclei-templates/2023/CVE-2023-48336-ecb72206512391b63853fcec98ca443c.yaml
index 483a9ed97f..ff3fcfd71e 100644
--- a/nuclei-templates/2023/CVE-2023-48336-ecb72206512391b63853fcec98ca443c.yaml
+++ b/nuclei-templates/2023/CVE-2023-48336-ecb72206512391b63853fcec98ca443c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Icons <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Social Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-icons/"
     google-query: inurl:"/wp-content/plugins/easy-social-icons/"
     shodan-query: 'vuln:CVE-2023-48336'
-  tags: cve,wordpress,wp-plugin,easy-social-icons,medium
+  tags: cve,wordpress,wp-plugin,easy-social-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4838-a54fbae2de8a8e13d0527ba702d34945.yaml b/nuclei-templates/2023/CVE-2023-4838-a54fbae2de8a8e13d0527ba702d34945.yaml
index 4279d2b114..dc3a020ef3 100644
--- a/nuclei-templates/2023/CVE-2023-4838-a54fbae2de8a8e13d0527ba702d34945.yaml
+++ b/nuclei-templates/2023/CVE-2023-4838-a54fbae2de8a8e13d0527ba702d34945.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Download Counter <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-download-counter/"
     google-query: inurl:"/wp-content/plugins/simple-download-counter/"
     shodan-query: 'vuln:CVE-2023-4838'
-  tags: cve,wordpress,wp-plugin,simple-download-counter,medium
+  tags: cve,wordpress,wp-plugin,simple-download-counter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4839-69657f4112d937c57fc4155d562b7525.yaml b/nuclei-templates/2023/CVE-2023-4839-69657f4112d937c57fc4155d562b7525.yaml
index 0bf30331ff..5c3f50eabc 100644
--- a/nuclei-templates/2023/CVE-2023-4839-69657f4112d937c57fc4155d562b7525.yaml
+++ b/nuclei-templates/2023/CVE-2023-4839-69657f4112d937c57fc4155d562b7525.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Go Maps <= 9.0.32 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-maps/"
     google-query: inurl:"/wp-content/plugins/wp-google-maps/"
     shodan-query: 'vuln:CVE-2023-4839'
-  tags: cve,wordpress,wp-plugin,wp-google-maps,medium
+  tags: cve,wordpress,wp-plugin,wp-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4840-7b6a78f327e3069338279750b3f26ae1.yaml b/nuclei-templates/2023/CVE-2023-4840-7b6a78f327e3069338279750b3f26ae1.yaml
index dd8fb4b9a1..475efc50e3 100644
--- a/nuclei-templates/2023/CVE-2023-4840-7b6a78f327e3069338279750b3f26ae1.yaml
+++ b/nuclei-templates/2023/CVE-2023-4840-7b6a78f327e3069338279750b3f26ae1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MapPress Maps for WordPress <= 2.88.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-4840'
-  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4841-50baee01b43a26ee8e4d58a0c9e6da8f.yaml b/nuclei-templates/2023/CVE-2023-4841-50baee01b43a26ee8e4d58a0c9e6da8f.yaml
index 69c1eacb01..5281370098 100644
--- a/nuclei-templates/2023/CVE-2023-4841-50baee01b43a26ee8e4d58a0c9e6da8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-4841-50baee01b43a26ee8e4d58a0c9e6da8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feeds for YouTube <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feeds-for-youtube/"
     google-query: inurl:"/wp-content/plugins/feeds-for-youtube/"
     shodan-query: 'vuln:CVE-2023-4841'
-  tags: cve,wordpress,wp-plugin,feeds-for-youtube,medium
+  tags: cve,wordpress,wp-plugin,feeds-for-youtube,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4842-aa4bf5d698c5cb8e5401cc2cfa4e07c6.yaml b/nuclei-templates/2023/CVE-2023-4842-aa4bf5d698c5cb8e5401cc2cfa4e07c6.yaml
index 7b0ef56177..c7218c6220 100644
--- a/nuclei-templates/2023/CVE-2023-4842-aa4bf5d698c5cb8e5401cc2cfa4e07c6.yaml
+++ b/nuclei-templates/2023/CVE-2023-4842-aa4bf5d698c5cb8e5401cc2cfa4e07c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Sharing Plugin - Social Warfare <= 4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-warfare/"
     google-query: inurl:"/wp-content/plugins/social-warfare/"
     shodan-query: 'vuln:CVE-2023-4842'
-  tags: cve,wordpress,wp-plugin,social-warfare,medium
+  tags: cve,wordpress,wp-plugin,social-warfare,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4858-51cc1e2fa9b76200d8c0e1cffbbd6dc5.yaml b/nuclei-templates/2023/CVE-2023-4858-51cc1e2fa9b76200d8c0e1cffbbd6dc5.yaml
index ba1df7951f..d434ccef5b 100644
--- a/nuclei-templates/2023/CVE-2023-4858-51cc1e2fa9b76200d8c0e1cffbbd6dc5.yaml
+++ b/nuclei-templates/2023/CVE-2023-4858-51cc1e2fa9b76200d8c0e1cffbbd6dc5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Table Manager <= 1.5.6 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Table Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-table-manager/"
     google-query: inurl:"/wp-content/plugins/simple-table-manager/"
     shodan-query: 'vuln:CVE-2023-4858'
-  tags: cve,wordpress,wp-plugin,simple-table-manager,medium
+  tags: cve,wordpress,wp-plugin,simple-table-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4861-0fbaccf0dcc3983d2d26c8ef7aee1143.yaml b/nuclei-templates/2023/CVE-2023-4861-0fbaccf0dcc3983d2d26c8ef7aee1143.yaml
index 8072249647..bd78530c38 100644
--- a/nuclei-templates/2023/CVE-2023-4861-0fbaccf0dcc3983d2d26c8ef7aee1143.yaml
+++ b/nuclei-templates/2023/CVE-2023-4861-0fbaccf0dcc3983d2d26c8ef7aee1143.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Manager Pro – Filester <=  1.8 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient permission controls on file uploads in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with administrative-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may only be an issue on multi-site installations where users shouldn't have access to upload files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filester/"
     google-query: inurl:"/wp-content/plugins/filester/"
     shodan-query: 'vuln:CVE-2023-4861'
-  tags: cve,wordpress,wp-plugin,filester,high
+  tags: cve,wordpress,wp-plugin,filester,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4862-a9fb42c2dd47680db83577cec894ace4.yaml b/nuclei-templates/2023/CVE-2023-4862-a9fb42c2dd47680db83577cec894ace4.yaml
index 9fac815f04..7c642477db 100644
--- a/nuclei-templates/2023/CVE-2023-4862-a9fb42c2dd47680db83577cec894ace4.yaml
+++ b/nuclei-templates/2023/CVE-2023-4862-a9fb42c2dd47680db83577cec894ace4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Manager Pro <= 1.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The File Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filester/"
     google-query: inurl:"/wp-content/plugins/filester/"
     shodan-query: 'vuln:CVE-2023-4862'
-  tags: cve,wordpress,wp-plugin,filester,medium
+  tags: cve,wordpress,wp-plugin,filester,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48737-3b9f3653c0029d132688d85fbc757af3.yaml b/nuclei-templates/2023/CVE-2023-48737-3b9f3653c0029d132688d85fbc757af3.yaml
index 50cf860540..65730aff85 100644
--- a/nuclei-templates/2023/CVE-2023-48737-3b9f3653c0029d132688d85fbc757af3.yaml
+++ b/nuclei-templates/2023/CVE-2023-48737-3b9f3653c0029d132688d85fbc757af3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TriPay Payment Gateway <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TriPay Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tripay-payment-gateway/"
     google-query: inurl:"/wp-content/plugins/tripay-payment-gateway/"
     shodan-query: 'vuln:CVE-2023-48737'
-  tags: cve,wordpress,wp-plugin,tripay-payment-gateway,medium
+  tags: cve,wordpress,wp-plugin,tripay-payment-gateway,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48739-23f358a9d40cae78b36e38b231af07ae.yaml b/nuclei-templates/2023/CVE-2023-48739-23f358a9d40cae78b36e38b231af07ae.yaml
index 5ec42c33ea..23cf0d1de8 100644
--- a/nuclei-templates/2023/CVE-2023-48739-23f358a9d40cae78b36e38b231af07ae.yaml
+++ b/nuclei-templates/2023/CVE-2023-48739-23f358a9d40cae78b36e38b231af07ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Porto Theme - Functionality <= 2.11.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Porto Theme - Functionality plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/porto-functionality/"
     google-query: inurl:"/wp-content/plugins/porto-functionality/"
     shodan-query: 'vuln:CVE-2023-48739'
-  tags: cve,wordpress,wp-plugin,porto-functionality,medium
+  tags: cve,wordpress,wp-plugin,porto-functionality,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48740-308ac408c3111d0f21a07a5be08fe876.yaml b/nuclei-templates/2023/CVE-2023-48740-308ac408c3111d0f21a07a5be08fe876.yaml
index 0fbc68f631..3acea8bd24 100644
--- a/nuclei-templates/2023/CVE-2023-48740-308ac408c3111d0f21a07a5be08fe876.yaml
+++ b/nuclei-templates/2023/CVE-2023-48740-308ac408c3111d0f21a07a5be08fe876.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Feed <= 6.5.1 - Missing Authorization via hide_free_sidebar()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_free_sidebar() function in versions up to, and including, 6.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss a sidebar notification.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-facebook-likebox/"
     google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/"
     shodan-query: 'vuln:CVE-2023-48740'
-  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium
+  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48741-9f74a97e65247db4961da7465a48826a.yaml b/nuclei-templates/2023/CVE-2023-48741-9f74a97e65247db4961da7465a48826a.yaml
index a3b6d04172..c84fc8a543 100644
--- a/nuclei-templates/2023/CVE-2023-48741-9f74a97e65247db4961da7465a48826a.yaml
+++ b/nuclei-templates/2023/CVE-2023-48741-9f74a97e65247db4961da7465a48826a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The AI ChatBot plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in all versions up to, and including, 4.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrators to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-48741'
-  tags: cve,wordpress,wp-plugin,chatbot,high
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48742-c66ec1dc83585f4762c2bc3e6a57c02b.yaml b/nuclei-templates/2023/CVE-2023-48742-c66ec1dc83585f4762c2bc3e6a57c02b.yaml
index 1a15cee1a7..fc03d451a2 100644
--- a/nuclei-templates/2023/CVE-2023-48742-c66ec1dc83585f4762c2bc3e6a57c02b.yaml
+++ b/nuclei-templates/2023/CVE-2023-48742-c66ec1dc83585f4762c2bc3e6a57c02b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The License Manager for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/license-manager-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/license-manager-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-48742'
-  tags: cve,wordpress,wp-plugin,license-manager-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,license-manager-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48747-38cbe872337aaa11f53f5f047e11de00.yaml b/nuclei-templates/2023/CVE-2023-48747-38cbe872337aaa11f53f5f047e11de00.yaml
index b0b4ad66d2..1c50042b6a 100644
--- a/nuclei-templates/2023/CVE-2023-48747-38cbe872337aaa11f53f5f047e11de00.yaml
+++ b/nuclei-templates/2023/CVE-2023-48747-38cbe872337aaa11f53f5f047e11de00.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 7.1.2 - Missing Authorization to Product Creation/Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcj_product_add_new() function in all versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create and modify products
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2023-48747'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48749-80c6230c139aaee435c35c9df894dae1.yaml b/nuclei-templates/2023/CVE-2023-48749-80c6230c139aaee435c35c9df894dae1.yaml
index 279b58621b..973abfba24 100644
--- a/nuclei-templates/2023/CVE-2023-48749-80c6230c139aaee435c35c9df894dae1.yaml
+++ b/nuclei-templates/2023/CVE-2023-48749-80c6230c139aaee435c35c9df894dae1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salient Core <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The salient-core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salient-core/"
     google-query: inurl:"/wp-content/plugins/salient-core/"
     shodan-query: 'vuln:CVE-2023-48749'
-  tags: cve,wordpress,wp-plugin,salient-core,medium
+  tags: cve,wordpress,wp-plugin,salient-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48750-e26003fb15eb8dfdd3862b141bc3094e.yaml b/nuclei-templates/2023/CVE-2023-48750-e26003fb15eb8dfdd3862b141bc3094e.yaml
index 07ec6928cc..71db20eb4f 100644
--- a/nuclei-templates/2023/CVE-2023-48750-e26003fb15eb8dfdd3862b141bc3094e.yaml
+++ b/nuclei-templates/2023/CVE-2023-48750-e26003fb15eb8dfdd3862b141bc3094e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Void Elementor Post Grid Addon for Elementor Page builder <= 2.1.10 - Missing Authorization to Review Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Void Elementor Post Grid Addon for Elementor Page builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the void_grid_spare_me() function hooked via admin_init in versions up to, and including, 2.1.10. This makes it possible for unauthenticated attackers to dismiss review notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/void-elementor-post-grid-addon-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/void-elementor-post-grid-addon-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2023-48750'
-  tags: cve,wordpress,wp-plugin,void-elementor-post-grid-addon-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,void-elementor-post-grid-addon-for-elementor-page-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48751-c5af09461da9c502c3934cc475901e6e.yaml b/nuclei-templates/2023/CVE-2023-48751-c5af09461da9c502c3934cc475901e6e.yaml
index 402c2342d8..16c207064c 100644
--- a/nuclei-templates/2023/CVE-2023-48751-c5af09461da9c502c3934cc475901e6e.yaml
+++ b/nuclei-templates/2023/CVE-2023-48751-c5af09461da9c502c3934cc475901e6e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Participants Database <= 2.5.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Participants Database plugin for WordPress is vulnerable to unauthorized manipulation of data due to a missing capability check on several functions hooked via admin-post in all versions up to, and including, 2.5.5. This makes it possible for unauthenticated attackers to add and modify record fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/participants-database/"
     google-query: inurl:"/wp-content/plugins/participants-database/"
     shodan-query: 'vuln:CVE-2023-48751'
-  tags: cve,wordpress,wp-plugin,participants-database,medium
+  tags: cve,wordpress,wp-plugin,participants-database,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48757-f12b5bbfc5d1dcce9a91a5751dceea95.yaml b/nuclei-templates/2023/CVE-2023-48757-f12b5bbfc5d1dcce9a91a5751dceea95.yaml
index 408b6cdd82..5aa3e439ae 100644
--- a/nuclei-templates/2023/CVE-2023-48757-f12b5bbfc5d1dcce9a91a5751dceea95.yaml
+++ b/nuclei-templates/2023/CVE-2023-48757-f12b5bbfc5d1dcce9a91a5751dceea95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JetEngine <= 3.2.4 - Authenticated (Contributor+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The JetEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.2.4. This is due to an unknown issue. This makes it possible for authenticated attackers, with contributor-level access and above, to gain elevated privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jet-engine/"
     google-query: inurl:"/wp-content/plugins/jet-engine/"
     shodan-query: 'vuln:CVE-2023-48757'
-  tags: cve,wordpress,wp-plugin,jet-engine,high
+  tags: cve,wordpress,wp-plugin,jet-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48759-7ba0ab8627448e04a3557ed6ccce144f.yaml b/nuclei-templates/2023/CVE-2023-48759-7ba0ab8627448e04a3557ed6ccce144f.yaml
index ea28140966..dc0e85d5de 100644
--- a/nuclei-templates/2023/CVE-2023-48759-7ba0ab8627448e04a3557ed6ccce144f.yaml
+++ b/nuclei-templates/2023/CVE-2023-48759-7ba0ab8627448e04a3557ed6ccce144f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JetElements For Elementor <= 2.6.13 - Missing Authorization to Unauthenticated Arbitrary Attachment Download
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JetElements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to, and including, 2.6.13. This makes it possible for unauthenticated attackers to download arbitrary attachments.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jet-elements/"
     google-query: inurl:"/wp-content/plugins/jet-elements/"
     shodan-query: 'vuln:CVE-2023-48759'
-  tags: cve,wordpress,wp-plugin,jet-elements,medium
+  tags: cve,wordpress,wp-plugin,jet-elements,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48760-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/2023/CVE-2023-48760-320a6f011d285ddb19c436d57e994504.yaml
index 2b9a16d66b..7d201946fc 100644
--- a/nuclei-templates/2023/CVE-2023-48760-320a6f011d285ddb19c436d57e994504.yaml
+++ b/nuclei-templates/2023/CVE-2023-48760-320a6f011d285ddb19c436d57e994504.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 7.3
     cve-id: CVE-2023-48760
   metadata:
-    fofa-query: "wp-content/plugins/jet-tabs/"
-    google-query: inurl:"/wp-content/plugins/jet-tabs/"
+    fofa-query: "wp-content/plugins/jet-smart-filters/"
+    google-query: inurl:"/wp-content/plugins/jet-smart-filters/"
     shodan-query: 'vuln:CVE-2023-48760'
-  tags: cve,wordpress,wp-plugin,jet-tabs,high
+  tags: cve,wordpress,wp-plugin,jet-smart-filters,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/jet-tabs/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/jet-smart-filters/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "jet-tabs"
+          - "jet-smart-filters"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.1.25.1')
\ No newline at end of file
+          - compare_versions(version, '<= 3.2.2')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-48761-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/2023/CVE-2023-48761-fd87adc782adc661fc2721ea4df8055a.yaml
index 2dccecab5e..43b13a3496 100644
--- a/nuclei-templates/2023/CVE-2023-48761-fd87adc782adc661fc2721ea4df8055a.yaml
+++ b/nuclei-templates/2023/CVE-2023-48761-fd87adc782adc661fc2721ea4df8055a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple plugins by Crocoblock for WordPress are vulnerable to unauthorized access due to a missing capability check on an unknown function in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.3
     cve-id: CVE-2023-48761
   metadata:
-    fofa-query: "wp-content/plugins/jet-search/"
-    google-query: inurl:"/wp-content/plugins/jet-search/"
+    fofa-query: "wp-content/plugins/jet-smart-filters/"
+    google-query: inurl:"/wp-content/plugins/jet-smart-filters/"
     shodan-query: 'vuln:CVE-2023-48761'
-  tags: cve,wordpress,wp-plugin,jet-search,medium
+  tags: cve,wordpress,wp-plugin,jet-smart-filters,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/jet-search/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/jet-smart-filters/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "jet-search"
+          - "jet-smart-filters"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.1.2')
\ No newline at end of file
+          - compare_versions(version, '<= 3.2.2')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-48762-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/2023/CVE-2023-48762-dfd0d896b1397455913caf7f911dd62c.yaml
index efe2f236c1..4755189980 100644
--- a/nuclei-templates/2023/CVE-2023-48762-dfd0d896b1397455913caf7f911dd62c.yaml
+++ b/nuclei-templates/2023/CVE-2023-48762-dfd0d896b1397455913caf7f911dd62c.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-48762
   metadata:
-    fofa-query: "wp-content/plugins/jet-search/"
-    google-query: inurl:"/wp-content/plugins/jet-search/"
+    fofa-query: "wp-content/plugins/jet-smart-filters/"
+    google-query: inurl:"/wp-content/plugins/jet-smart-filters/"
     shodan-query: 'vuln:CVE-2023-48762'
-  tags: cve,wordpress,wp-plugin,jet-search,medium
+  tags: cve,wordpress,wp-plugin,jet-smart-filters,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/jet-search/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/jet-smart-filters/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "jet-search"
+          - "jet-smart-filters"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.1.2')
\ No newline at end of file
+          - compare_versions(version, '<= 3.2.2')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-48764-ca496e63542b74a88b0b8dd7fd0ebb0c.yaml b/nuclei-templates/2023/CVE-2023-48764-ca496e63542b74a88b0b8dd7fd0ebb0c.yaml
index 75d4e3a0c4..a353bdebea 100644
--- a/nuclei-templates/2023/CVE-2023-48764-ca496e63542b74a88b0b8dd7fd0ebb0c.yaml
+++ b/nuclei-templates/2023/CVE-2023-48764-ca496e63542b74a88b0b8dd7fd0ebb0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Brute Force Protection – Stop Brute Force Attacks <= 2.2.5 - Authenticated (Administrator+) SQL Injection via orderby
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Brute Force Protection – Stop Brute Force Attacks plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 2.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/guardgiant/"
     google-query: inurl:"/wp-content/plugins/guardgiant/"
     shodan-query: 'vuln:CVE-2023-48764'
-  tags: cve,wordpress,wp-plugin,guardgiant,medium
+  tags: cve,wordpress,wp-plugin,guardgiant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48765-b24c287a46f17f82649a53242631be85.yaml b/nuclei-templates/2023/CVE-2023-48765-b24c287a46f17f82649a53242631be85.yaml
index 6b17ee540a..f4efd843e6 100644
--- a/nuclei-templates/2023/CVE-2023-48765-b24c287a46f17f82649a53242631be85.yaml
+++ b/nuclei-templates/2023/CVE-2023-48765-b24c287a46f17f82649a53242631be85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Address Encoder 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Email Address Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eae_shortcode shortcode in version 1.0.22 due to insufficient input sanitization and output escaping on the 'link' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-address-encoder/"
     google-query: inurl:"/wp-content/plugins/email-address-encoder/"
     shodan-query: 'vuln:CVE-2023-48765'
-  tags: cve,wordpress,wp-plugin,email-address-encoder,medium
+  tags: cve,wordpress,wp-plugin,email-address-encoder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48766-20391a519d77c31bd1c976dfdc89ed20.yaml b/nuclei-templates/2023/CVE-2023-48766-20391a519d77c31bd1c976dfdc89ed20.yaml
index db1418bf3f..5c6153aca6 100644
--- a/nuclei-templates/2023/CVE-2023-48766-20391a519d77c31bd1c976dfdc89ed20.yaml
+++ b/nuclei-templates/2023/CVE-2023-48766-20391a519d77c31bd1c976dfdc89ed20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SVGator – Add Animated SVG Easily <= 1.2.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SVGator – Add Animated SVG Easily plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the svgatorLogOut function. This makes it possible for unauthenticated attackers to modify or delete the victim's API token and import projects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/svgator/"
     google-query: inurl:"/wp-content/plugins/svgator/"
     shodan-query: 'vuln:CVE-2023-48766'
-  tags: cve,wordpress,wp-plugin,svgator,high
+  tags: cve,wordpress,wp-plugin,svgator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48770-7c5c2b955a800f0567ad6425eb1a8e69.yaml b/nuclei-templates/2023/CVE-2023-48770-7c5c2b955a800f0567ad6425eb1a8e69.yaml
index 1f9ee4aa73..4be1af28f4 100644
--- a/nuclei-templates/2023/CVE-2023-48770-7c5c2b955a800f0567ad6425eb1a8e69.yaml
+++ b/nuclei-templates/2023/CVE-2023-48770-7c5c2b955a800f0567ad6425eb1a8e69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Aparat <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Aparat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aparat/"
     google-query: inurl:"/wp-content/plugins/aparat/"
     shodan-query: 'vuln:CVE-2023-48770'
-  tags: cve,wordpress,wp-plugin,aparat,medium
+  tags: cve,wordpress,wp-plugin,aparat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48774-99da104892c6f75f32c9288294b2b02d.yaml b/nuclei-templates/2023/CVE-2023-48774-99da104892c6f75f32c9288294b2b02d.yaml
index 242ba734db..57b07b9d1c 100644
--- a/nuclei-templates/2023/CVE-2023-48774-99da104892c6f75f32c9288294b2b02d.yaml
+++ b/nuclei-templates/2023/CVE-2023-48774-99da104892c6f75f32c9288294b2b02d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IdeaPush <= 8.57 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several AJAX hooked functions in the ~/ideapush.php file in versions up to, and including, 8.57. This makes it possible for authenticated attackers, with subscriber-level access and above, to save memory tabs, routines, and add taxonomy items.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ideapush/"
     google-query: inurl:"/wp-content/plugins/ideapush/"
     shodan-query: 'vuln:CVE-2023-48774'
-  tags: cve,wordpress,wp-plugin,ideapush,medium
+  tags: cve,wordpress,wp-plugin,ideapush,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48776-85fcd9779448a368c2c74d702cd2f30d.yaml b/nuclei-templates/2023/CVE-2023-48776-85fcd9779448a368c2c74d702cd2f30d.yaml
index f2701e6948..349f79747f 100644
--- a/nuclei-templates/2023/CVE-2023-48776-85fcd9779448a368c2c74d702cd2f30d.yaml
+++ b/nuclei-templates/2023/CVE-2023-48776-85fcd9779448a368c2c74d702cd2f30d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download canvasio3D Light <= 2.5.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Download canvasio3D Light plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the caARConnect() function in versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data from the plugin and save/delete entries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/canvasio3d-light/"
     google-query: inurl:"/wp-content/plugins/canvasio3d-light/"
     shodan-query: 'vuln:CVE-2023-48776'
-  tags: cve,wordpress,wp-plugin,canvasio3d-light,medium
+  tags: cve,wordpress,wp-plugin,canvasio3d-light,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48777-bdfd3cb15fc22fa823679d0ba1d3fc73.yaml b/nuclei-templates/2023/CVE-2023-48777-bdfd3cb15fc22fa823679d0ba1d3fc73.yaml
index ce4689b993..23cd1e213d 100644
--- a/nuclei-templates/2023/CVE-2023-48777-bdfd3cb15fc22fa823679d0ba1d3fc73.yaml
+++ b/nuclei-templates/2023/CVE-2023-48777-bdfd3cb15fc22fa823679d0ba1d3fc73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor <= 3.18.1 - Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Remote Code Execution via file upload in all versions up to and including 3.18.1 via the template import functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2023-48777'
-  tags: cve,wordpress,wp-plugin,elementor,high
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48779-de737cfbceda5a83bf3527f7e7cd5395.yaml b/nuclei-templates/2023/CVE-2023-48779-de737cfbceda5a83bf3527f7e7cd5395.yaml
index fc111e7779..0a6389a914 100644
--- a/nuclei-templates/2023/CVE-2023-48779-de737cfbceda5a83bf3527f7e7cd5395.yaml
+++ b/nuclei-templates/2023/CVE-2023-48779-de737cfbceda5a83bf3527f7e7cd5395.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     360 Javascript Viewer <= 1.7.11 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveSettings() function hooked via a norpriv AJAX in versions up to, and including, 1.7.11. This makes it possible for unauthenticated attackers to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/360deg-javascript-viewer/"
     google-query: inurl:"/wp-content/plugins/360deg-javascript-viewer/"
     shodan-query: 'vuln:CVE-2023-48779'
-  tags: cve,wordpress,wp-plugin,360deg-javascript-viewer,medium
+  tags: cve,wordpress,wp-plugin,360deg-javascript-viewer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-48780-525630ec5598f74dd721d94a531fba2f.yaml b/nuclei-templates/2023/CVE-2023-48780-525630ec5598f74dd721d94a531fba2f.yaml
index 392175ee21..2a45df6116 100644
--- a/nuclei-templates/2023/CVE-2023-48780-525630ec5598f74dd721d94a531fba2f.yaml
+++ b/nuclei-templates/2023/CVE-2023-48780-525630ec5598f74dd721d94a531fba2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Catalogue <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Catalogue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-catalogue/"
     google-query: inurl:"/wp-content/plugins/wp-catalogue/"
     shodan-query: 'vuln:CVE-2023-48780'
-  tags: cve,wordpress,wp-plugin,wp-catalogue,medium
+  tags: cve,wordpress,wp-plugin,wp-catalogue,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4887-51944a4f6212afc8f585f1bcea51f2d6.yaml b/nuclei-templates/2023/CVE-2023-4887-51944a4f6212afc8f585f1bcea51f2d6.yaml
index e65792fbaf..ca24aa4042 100644
--- a/nuclei-templates/2023/CVE-2023-4887-51944a4f6212afc8f585f1bcea51f2d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-4887-51944a4f6212afc8f585f1bcea51f2d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Maps Plugin by Intergeo <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/intergeo-maps/"
     google-query: inurl:"/wp-content/plugins/intergeo-maps/"
     shodan-query: 'vuln:CVE-2023-4887'
-  tags: cve,wordpress,wp-plugin,intergeo-maps,medium
+  tags: cve,wordpress,wp-plugin,intergeo-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4888-0fc896a4acc44efa8900b336ff580b9b.yaml b/nuclei-templates/2023/CVE-2023-4888-0fc896a4acc44efa8900b336ff580b9b.yaml
index 60d856a28a..7e67577221 100644
--- a/nuclei-templates/2023/CVE-2023-4888-0fc896a4acc44efa8900b336ff580b9b.yaml
+++ b/nuclei-templates/2023/CVE-2023-4888-0fc896a4acc44efa8900b336ff580b9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Like Page Plugin <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-facebook-plugin/"
     google-query: inurl:"/wp-content/plugins/simple-facebook-plugin/"
     shodan-query: 'vuln:CVE-2023-4888'
-  tags: cve,wordpress,wp-plugin,simple-facebook-plugin,medium
+  tags: cve,wordpress,wp-plugin,simple-facebook-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4889-f19f31f075dbc06538f36ae8e36c55d3.yaml b/nuclei-templates/2023/CVE-2023-4889-f19f31f075dbc06538f36ae8e36c55d3.yaml
index c318de4637..b241249bed 100644
--- a/nuclei-templates/2023/CVE-2023-4889-f19f31f075dbc06538f36ae8e36c55d3.yaml
+++ b/nuclei-templates/2023/CVE-2023-4889-f19f31f075dbc06538f36ae8e36c55d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shareaholic <= 9.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shareaholic/"
     google-query: inurl:"/wp-content/plugins/shareaholic/"
     shodan-query: 'vuln:CVE-2023-4889'
-  tags: cve,wordpress,wp-plugin,shareaholic,medium
+  tags: cve,wordpress,wp-plugin,shareaholic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4890-c27c21f00fd5cfc7fcc406cc847e2987.yaml b/nuclei-templates/2023/CVE-2023-4890-c27c21f00fd5cfc7fcc406cc847e2987.yaml
index d5be906209..26642653b5 100644
--- a/nuclei-templates/2023/CVE-2023-4890-c27c21f00fd5cfc7fcc406cc847e2987.yaml
+++ b/nuclei-templates/2023/CVE-2023-4890-c27c21f00fd5cfc7fcc406cc847e2987.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JQuery Accordion Menu Widget <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jquery-vertical-accordion-menu/"
     google-query: inurl:"/wp-content/plugins/jquery-vertical-accordion-menu/"
     shodan-query: 'vuln:CVE-2023-4890'
-  tags: cve,wordpress,wp-plugin,jquery-vertical-accordion-menu,medium
+  tags: cve,wordpress,wp-plugin,jquery-vertical-accordion-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4893-b80148cb4f7c1ba75ee55b0181d810f7.yaml b/nuclei-templates/2023/CVE-2023-4893-b80148cb4f7c1ba75ee55b0181d810f7.yaml
index 507ca29733..fb74455a53 100644
--- a/nuclei-templates/2023/CVE-2023-4893-b80148cb4f7c1ba75ee55b0181d810f7.yaml
+++ b/nuclei-templates/2023/CVE-2023-4893-b80148cb4f7c1ba75ee55b0181d810f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crayon-syntax-highlighter/"
     google-query: inurl:"/wp-content/plugins/crayon-syntax-highlighter/"
     shodan-query: 'vuln:CVE-2023-4893'
-  tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,medium
+  tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49149-d34575a4acf043c178e1c507a8583e51.yaml b/nuclei-templates/2023/CVE-2023-49149-d34575a4acf043c178e1c507a8583e51.yaml
index 49be109ecf..9591c178ea 100644
--- a/nuclei-templates/2023/CVE-2023-49149-d34575a4acf043c178e1c507a8583e51.yaml
+++ b/nuclei-templates/2023/CVE-2023-49149-d34575a4acf043c178e1c507a8583e51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Currency Converter Calculator <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Currency Converter Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/currency-converter-calculator/"
     google-query: inurl:"/wp-content/plugins/currency-converter-calculator/"
     shodan-query: 'vuln:CVE-2023-49149'
-  tags: cve,wordpress,wp-plugin,currency-converter-calculator,medium
+  tags: cve,wordpress,wp-plugin,currency-converter-calculator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49150-56a618b5c71170cabc6b19e08404193b.yaml b/nuclei-templates/2023/CVE-2023-49150-56a618b5c71170cabc6b19e08404193b.yaml
index fb19a7914d..5fd6f6d287 100644
--- a/nuclei-templates/2023/CVE-2023-49150-56a618b5c71170cabc6b19e08404193b.yaml
+++ b/nuclei-templates/2023/CVE-2023-49150-56a618b5c71170cabc6b19e08404193b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crypto Converter Widget <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Crypto Converter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crypto-converter-widget/"
     google-query: inurl:"/wp-content/plugins/crypto-converter-widget/"
     shodan-query: 'vuln:CVE-2023-49150'
-  tags: cve,wordpress,wp-plugin,crypto-converter-widget,medium
+  tags: cve,wordpress,wp-plugin,crypto-converter-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49151-fc53f712d57ef35888a981283b03a790.yaml b/nuclei-templates/2023/CVE-2023-49151-fc53f712d57ef35888a981283b03a790.yaml
index e7dae9b38e..63924d7bee 100644
--- a/nuclei-templates/2023/CVE-2023-49151-fc53f712d57ef35888a981283b03a790.yaml
+++ b/nuclei-templates/2023/CVE-2023-49151-fc53f712d57ef35888a981283b03a790.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Calendar Events <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-calendar-events/"
     google-query: inurl:"/wp-content/plugins/google-calendar-events/"
     shodan-query: 'vuln:CVE-2023-49151'
-  tags: cve,wordpress,wp-plugin,google-calendar-events,medium
+  tags: cve,wordpress,wp-plugin,google-calendar-events,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49152-1adc9982ddc5e20d6e411f5dbc1caf02.yaml b/nuclei-templates/2023/CVE-2023-49152-1adc9982ddc5e20d6e411f5dbc1caf02.yaml
index 2a61757fbd..514a03b015 100644
--- a/nuclei-templates/2023/CVE-2023-49152-1adc9982ddc5e20d6e411f5dbc1caf02.yaml
+++ b/nuclei-templates/2023/CVE-2023-49152-1adc9982ddc5e20d6e411f5dbc1caf02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Credit Tracker <= 1.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Credit Tracker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/credit-tracker/"
     google-query: inurl:"/wp-content/plugins/credit-tracker/"
     shodan-query: 'vuln:CVE-2023-49152'
-  tags: cve,wordpress,wp-plugin,credit-tracker,medium
+  tags: cve,wordpress,wp-plugin,credit-tracker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49154-82603c2847e2ca1ee15bc23d829fbc4a.yaml b/nuclei-templates/2023/CVE-2023-49154-82603c2847e2ca1ee15bc23d829fbc4a.yaml
index a714d9026a..c88f9dcf05 100644
--- a/nuclei-templates/2023/CVE-2023-49154-82603c2847e2ca1ee15bc23d829fbc4a.yaml
+++ b/nuclei-templates/2023/CVE-2023-49154-82603c2847e2ca1ee15bc23d829fbc4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Button Generator – easily Button Builder <= 2.3.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Button Generator – easily Button Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the function btg_count() function in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to reset the button counter.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/button-generation/"
     google-query: inurl:"/wp-content/plugins/button-generation/"
     shodan-query: 'vuln:CVE-2023-49154'
-  tags: cve,wordpress,wp-plugin,button-generation,medium
+  tags: cve,wordpress,wp-plugin,button-generation,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49156-e6ae143c6a0d21493b73e68beda81a51.yaml b/nuclei-templates/2023/CVE-2023-49156-e6ae143c6a0d21493b73e68beda81a51.yaml
index 1e18b141fb..06bc59e14a 100644
--- a/nuclei-templates/2023/CVE-2023-49156-e6ae143c6a0d21493b73e68beda81a51.yaml
+++ b/nuclei-templates/2023/CVE-2023-49156-e6ae143c6a0d21493b73e68beda81a51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GoDaddy Email Marketing <= 1.4.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GoDaddy Email Marketing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_gem_form() function hooked via AJAX in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve/render forms from the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/godaddy-email-marketing-sign-up-forms/"
     google-query: inurl:"/wp-content/plugins/godaddy-email-marketing-sign-up-forms/"
     shodan-query: 'vuln:CVE-2023-49156'
-  tags: cve,wordpress,wp-plugin,godaddy-email-marketing-sign-up-forms,medium
+  tags: cve,wordpress,wp-plugin,godaddy-email-marketing-sign-up-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49157-308319ee878eb47d99190ad100843184.yaml b/nuclei-templates/2023/CVE-2023-49157-308319ee878eb47d99190ad100843184.yaml
index e5177620d6..9e5856a032 100644
--- a/nuclei-templates/2023/CVE-2023-49157-308319ee878eb47d99190ad100843184.yaml
+++ b/nuclei-templates/2023/CVE-2023-49157-308319ee878eb47d99190ad100843184.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Post Passwords <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Multiple Post Passwords plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multiple-post-passwords/"
     google-query: inurl:"/wp-content/plugins/multiple-post-passwords/"
     shodan-query: 'vuln:CVE-2023-49157'
-  tags: cve,wordpress,wp-plugin,multiple-post-passwords,medium
+  tags: cve,wordpress,wp-plugin,multiple-post-passwords,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49158-c2e6ea5d855361966f47fc5dcb8b0259.yaml b/nuclei-templates/2023/CVE-2023-49158-c2e6ea5d855361966f47fc5dcb8b0259.yaml
index 726754ce5c..a49006c0a5 100644
--- a/nuclei-templates/2023/CVE-2023-49158-c2e6ea5d855361966f47fc5dcb8b0259.yaml
+++ b/nuclei-templates/2023/CVE-2023-49158-c2e6ea5d855361966f47fc5dcb8b0259.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LadiApp <= 4.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LadiApp plugin for WordPress is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of the unprotected functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ladipage/"
     google-query: inurl:"/wp-content/plugins/ladipage/"
     shodan-query: 'vuln:CVE-2023-49158'
-  tags: cve,wordpress,wp-plugin,ladipage,medium
+  tags: cve,wordpress,wp-plugin,ladipage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4916-ec75720f681f6e8a0dfa73dc2af48726.yaml b/nuclei-templates/2023/CVE-2023-4916-ec75720f681f6e8a0dfa73dc2af48726.yaml
index 14c600d090..57f5436e27 100644
--- a/nuclei-templates/2023/CVE-2023-4916-ec75720f681f6e8a0dfa73dc2af48726.yaml
+++ b/nuclei-templates/2023/CVE-2023-4916-ec75720f681f6e8a0dfa73dc2af48726.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login with phone number <= 1.5.6 - Cross-Site Request Forgery to User Password Change
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-phone-number/"
     google-query: inurl:"/wp-content/plugins/login-with-phone-number/"
     shodan-query: 'vuln:CVE-2023-4916'
-  tags: cve,wordpress,wp-plugin,login-with-phone-number,high
+  tags: cve,wordpress,wp-plugin,login-with-phone-number,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49160-69291e6d8dee217b57f3dde758dcad0f.yaml b/nuclei-templates/2023/CVE-2023-49160-69291e6d8dee217b57f3dde758dcad0f.yaml
index 49dabee94b..0ceb3fcc7d 100644
--- a/nuclei-templates/2023/CVE-2023-49160-69291e6d8dee217b57f3dde758dcad0f.yaml
+++ b/nuclei-templates/2023/CVE-2023-49160-69291e6d8dee217b57f3dde758dcad0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formzu WP <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Formzu WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formzu-wp/"
     google-query: inurl:"/wp-content/plugins/formzu-wp/"
     shodan-query: 'vuln:CVE-2023-49160'
-  tags: cve,wordpress,wp-plugin,formzu-wp,medium
+  tags: cve,wordpress,wp-plugin,formzu-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49161-ce76e5efada5037a3e4a2325d3d70d7f.yaml b/nuclei-templates/2023/CVE-2023-49161-ce76e5efada5037a3e4a2325d3d70d7f.yaml
index ba5542565f..487808936f 100644
--- a/nuclei-templates/2023/CVE-2023-49161-ce76e5efada5037a3e4a2325d3d70d7f.yaml
+++ b/nuclei-templates/2023/CVE-2023-49161-ce76e5efada5037a3e4a2325d3d70d7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bravo Translate <= 1.2 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bravo Translate plugin for WordPress is vulnerable to  SQL Injection via multiple parameters in versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bravo-translate/"
     google-query: inurl:"/wp-content/plugins/bravo-translate/"
     shodan-query: 'vuln:CVE-2023-49161'
-  tags: cve,wordpress,wp-plugin,bravo-translate,medium
+  tags: cve,wordpress,wp-plugin,bravo-translate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49165-0f5e9e59b2ad6fbf734b7cc14c76890d.yaml b/nuclei-templates/2023/CVE-2023-49165-0f5e9e59b2ad6fbf734b7cc14c76890d.yaml
index 04e5fa28b0..3553b08c04 100644
--- a/nuclei-templates/2023/CVE-2023-49165-0f5e9e59b2ad6fbf734b7cc14c76890d.yaml
+++ b/nuclei-templates/2023/CVE-2023-49165-0f5e9e59b2ad6fbf734b7cc14c76890d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Client Dash <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Client Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Note that this may be a duplicate of CVE-2019-17071
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/client-dash/"
     google-query: inurl:"/wp-content/plugins/client-dash/"
     shodan-query: 'vuln:CVE-2023-49165'
-  tags: cve,wordpress,wp-plugin,client-dash,medium
+  tags: cve,wordpress,wp-plugin,client-dash,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49166-a37d3498c6bbcc050576781692b33c90.yaml b/nuclei-templates/2023/CVE-2023-49166-a37d3498c6bbcc050576781692b33c90.yaml
index c68bbc2915..c4982dd4d9 100644
--- a/nuclei-templates/2023/CVE-2023-49166-a37d3498c6bbcc050576781692b33c90.yaml
+++ b/nuclei-templates/2023/CVE-2023-49166-a37d3498c6bbcc050576781692b33c90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MSync plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/msync/"
     google-query: inurl:"/wp-content/plugins/msync/"
     shodan-query: 'vuln:CVE-2023-49166'
-  tags: cve,wordpress,wp-plugin,msync,high
+  tags: cve,wordpress,wp-plugin,msync,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49167-95d14048da02f26059f2e07a39b028ec.yaml b/nuclei-templates/2023/CVE-2023-49167-95d14048da02f26059f2e07a39b028ec.yaml
index 5f21f8dae5..4a768a7bc3 100644
--- a/nuclei-templates/2023/CVE-2023-49167-95d14048da02f26059f2e07a39b028ec.yaml
+++ b/nuclei-templates/2023/CVE-2023-49167-95d14048da02f26059f2e07a39b028ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Database for CF7 <= 1.2.4 - Missing Authorization via wpcf7db_delete AJAX action
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Database for CF7 plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpcf7db_delete AJAX function in versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete CF7 Database entries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/database-for-cf7/"
     google-query: inurl:"/wp-content/plugins/database-for-cf7/"
     shodan-query: 'vuln:CVE-2023-49167'
-  tags: cve,wordpress,wp-plugin,database-for-cf7,medium
+  tags: cve,wordpress,wp-plugin,database-for-cf7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49168-b9ebb0412655a1be395c1fd4d44393e3.yaml b/nuclei-templates/2023/CVE-2023-49168-b9ebb0412655a1be395c1fd4d44393e3.yaml
index 356128d2ea..70f35e686f 100644
--- a/nuclei-templates/2023/CVE-2023-49168-b9ebb0412655a1be395c1fd4d44393e3.yaml
+++ b/nuclei-templates/2023/CVE-2023-49168-b9ebb0412655a1be395c1fd4d44393e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BP Better Messages <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-better-messages/"
     google-query: inurl:"/wp-content/plugins/bp-better-messages/"
     shodan-query: 'vuln:CVE-2023-49168'
-  tags: cve,wordpress,wp-plugin,bp-better-messages,medium
+  tags: cve,wordpress,wp-plugin,bp-better-messages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49169-b6c1a6adb8481fecb3d92549d2f5a5bd.yaml b/nuclei-templates/2023/CVE-2023-49169-b6c1a6adb8481fecb3d92549d2f5a5bd.yaml
index d1057632b1..0d936f117e 100644
--- a/nuclei-templates/2023/CVE-2023-49169-b6c1a6adb8481fecb3d92549d2f5a5bd.yaml
+++ b/nuclei-templates/2023/CVE-2023-49169-b6c1a6adb8481fecb3d92549d2f5a5bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ads by datafeedr.com <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ads by datafeedr.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ads-by-datafeedrcom/"
     google-query: inurl:"/wp-content/plugins/ads-by-datafeedrcom/"
     shodan-query: 'vuln:CVE-2023-49169'
-  tags: cve,wordpress,wp-plugin,ads-by-datafeedrcom,medium
+  tags: cve,wordpress,wp-plugin,ads-by-datafeedrcom,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4917-ec4b1b9fc14ecc8856f3a0b0d90e5205.yaml b/nuclei-templates/2023/CVE-2023-4917-ec4b1b9fc14ecc8856f3a0b0d90e5205.yaml
index 1d66eee337..ba7809340d 100644
--- a/nuclei-templates/2023/CVE-2023-4917-ec4b1b9fc14ecc8856f3a0b0d90e5205.yaml
+++ b/nuclei-templates/2023/CVE-2023-4917-ec4b1b9fc14ecc8856f3a0b0d90e5205.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leyka/"
     google-query: inurl:"/wp-content/plugins/leyka/"
     shodan-query: 'vuln:CVE-2023-4917'
-  tags: cve,wordpress,wp-plugin,leyka,medium
+  tags: cve,wordpress,wp-plugin,leyka,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49173-22fe25cfef73eeb94b97da8f9108cc4a.yaml b/nuclei-templates/2023/CVE-2023-49173-22fe25cfef73eeb94b97da8f9108cc4a.yaml
index a6adfb1276..afc0aa473f 100644
--- a/nuclei-templates/2023/CVE-2023-49173-22fe25cfef73eeb94b97da8f9108cc4a.yaml
+++ b/nuclei-templates/2023/CVE-2023-49173-22fe25cfef73eeb94b97da8f9108cc4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10to8 Online Appointment Booking System <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sign In Scheduling Online Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/10to8-online-booking/"
     google-query: inurl:"/wp-content/plugins/10to8-online-booking/"
     shodan-query: 'vuln:CVE-2023-49173'
-  tags: cve,wordpress,wp-plugin,10to8-online-booking,medium
+  tags: cve,wordpress,wp-plugin,10to8-online-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49174-12fb9fdf8190804b70dbaba2fb2c9085.yaml b/nuclei-templates/2023/CVE-2023-49174-12fb9fdf8190804b70dbaba2fb2c9085.yaml
index ac9c3db774..f30fa4b0fa 100644
--- a/nuclei-templates/2023/CVE-2023-49174-12fb9fdf8190804b70dbaba2fb2c9085.yaml
+++ b/nuclei-templates/2023/CVE-2023-49174-12fb9fdf8190804b70dbaba2fb2c9085.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Lightbox <= 2.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-lightbox/"
     google-query: inurl:"/wp-content/plugins/responsive-lightbox/"
     shodan-query: 'vuln:CVE-2023-49174'
-  tags: cve,wordpress,wp-plugin,responsive-lightbox,medium
+  tags: cve,wordpress,wp-plugin,responsive-lightbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49175-44b3ba415f16865ebb1bd98068348f19.yaml b/nuclei-templates/2023/CVE-2023-49175-44b3ba415f16865ebb1bd98068348f19.yaml
index 30e572eeb1..f9d7b7a5ac 100644
--- a/nuclei-templates/2023/CVE-2023-49175-44b3ba415f16865ebb1bd98068348f19.yaml
+++ b/nuclei-templates/2023/CVE-2023-49175-44b3ba415f16865ebb1bd98068348f19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KP Fastest Tawk.to Chat <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The KP Fastest Tawk.to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kp-fastest-tawk-to-chat/"
     google-query: inurl:"/wp-content/plugins/kp-fastest-tawk-to-chat/"
     shodan-query: 'vuln:CVE-2023-49175'
-  tags: cve,wordpress,wp-plugin,kp-fastest-tawk-to-chat,medium
+  tags: cve,wordpress,wp-plugin,kp-fastest-tawk-to-chat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49177-c6789a8c4ddf7f4894074b67cbbeecc0.yaml b/nuclei-templates/2023/CVE-2023-49177-c6789a8c4ddf7f4894074b67cbbeecc0.yaml
index 45d67b05fc..43ebe6f025 100644
--- a/nuclei-templates/2023/CVE-2023-49177-c6789a8c4ddf7f4894074b67cbbeecc0.yaml
+++ b/nuclei-templates/2023/CVE-2023-49177-c6789a8c4ddf7f4894074b67cbbeecc0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     which template file <= 5.0.0 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The which template file plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/which-template-file/"
     google-query: inurl:"/wp-content/plugins/which-template-file/"
     shodan-query: 'vuln:CVE-2023-49177'
-  tags: cve,wordpress,wp-plugin,which-template-file,medium
+  tags: cve,wordpress,wp-plugin,which-template-file,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49178-a27af52ed355aaf16d2ba0f06827a926.yaml b/nuclei-templates/2023/CVE-2023-49178-a27af52ed355aaf16d2ba0f06827a926.yaml
index 62ac4ce07b..fe1b2f5bbb 100644
--- a/nuclei-templates/2023/CVE-2023-49178-a27af52ed355aaf16d2ba0f06827a926.yaml
+++ b/nuclei-templates/2023/CVE-2023-49178-a27af52ed355aaf16d2ba0f06827a926.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HDW Player Plugin (Video Player & Video Gallery) <= 5.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The HDW Player Plugin (Video Player & Video Gallery) plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hdw-player-video-player-video-gallery/"
     google-query: inurl:"/wp-content/plugins/hdw-player-video-player-video-gallery/"
     shodan-query: 'vuln:CVE-2023-49178'
-  tags: cve,wordpress,wp-plugin,hdw-player-video-player-video-gallery,medium
+  tags: cve,wordpress,wp-plugin,hdw-player-video-player-video-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49179-7d0df8a0008135defe46e0244de6dafd.yaml b/nuclei-templates/2023/CVE-2023-49179-7d0df8a0008135defe46e0244de6dafd.yaml
index 0cbb666398..a25ce271a6 100644
--- a/nuclei-templates/2023/CVE-2023-49179-7d0df8a0008135defe46e0244de6dafd.yaml
+++ b/nuclei-templates/2023/CVE-2023-49179-7d0df8a0008135defe46e0244de6dafd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event post <= 5.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-post/"
     google-query: inurl:"/wp-content/plugins/event-post/"
     shodan-query: 'vuln:CVE-2023-49179'
-  tags: cve,wordpress,wp-plugin,event-post,medium
+  tags: cve,wordpress,wp-plugin,event-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49180-0a33d637c29ba75c2b509bcefbd3461e.yaml b/nuclei-templates/2023/CVE-2023-49180-0a33d637c29ba75c2b509bcefbd3461e.yaml
index 38af6ec4d9..5284e084ee 100644
--- a/nuclei-templates/2023/CVE-2023-49180-0a33d637c29ba75c2b509bcefbd3461e.yaml
+++ b/nuclei-templates/2023/CVE-2023-49180-0a33d637c29ba75c2b509bcefbd3461e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Automatic Youtube Video Posts Plugin <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Automatic Youtube Video Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/automatic-youtube-video-posts/"
     google-query: inurl:"/wp-content/plugins/automatic-youtube-video-posts/"
     shodan-query: 'vuln:CVE-2023-49180'
-  tags: cve,wordpress,wp-plugin,automatic-youtube-video-posts,medium
+  tags: cve,wordpress,wp-plugin,automatic-youtube-video-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49181-0d45a6acc266b9099e698fb6465812c3.yaml b/nuclei-templates/2023/CVE-2023-49181-0d45a6acc266b9099e698fb6465812c3.yaml
index ddbdd80c80..fd6507610e 100644
--- a/nuclei-templates/2023/CVE-2023-49181-0d45a6acc266b9099e698fb6465812c3.yaml
+++ b/nuclei-templates/2023/CVE-2023-49181-0d45a6acc266b9099e698fb6465812c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Event Manager <= 3.1.41 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-event-manager/"
     google-query: inurl:"/wp-content/plugins/wp-event-manager/"
     shodan-query: 'vuln:CVE-2023-49181'
-  tags: cve,wordpress,wp-plugin,wp-event-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-event-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49182-802be145d30a4aee303b74232b95831e.yaml b/nuclei-templates/2023/CVE-2023-49182-802be145d30a4aee303b74232b95831e.yaml
index 18910ff105..69fa64cf57 100644
--- a/nuclei-templates/2023/CVE-2023-49182-802be145d30a4aee303b74232b95831e.yaml
+++ b/nuclei-templates/2023/CVE-2023-49182-802be145d30a4aee303b74232b95831e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     List all posts by Authors, nested Categories and Title <= 2.8.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The List all posts by Authors, nested Categories and Title plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/list-all-posts-by-authors-nested-categories-and-titles/"
     google-query: inurl:"/wp-content/plugins/list-all-posts-by-authors-nested-categories-and-titles/"
     shodan-query: 'vuln:CVE-2023-49182'
-  tags: cve,wordpress,wp-plugin,list-all-posts-by-authors-nested-categories-and-titles,medium
+  tags: cve,wordpress,wp-plugin,list-all-posts-by-authors-nested-categories-and-titles,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49184-39f54e5675da547fbcee34c5030b35da.yaml b/nuclei-templates/2023/CVE-2023-49184-39f54e5675da547fbcee34c5030b35da.yaml
index 3608781708..91e6a2dfbb 100644
--- a/nuclei-templates/2023/CVE-2023-49184-39f54e5675da547fbcee34c5030b35da.yaml
+++ b/nuclei-templates/2023/CVE-2023-49184-39f54e5675da547fbcee34c5030b35da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Parallax Slider Block <= 1.2.5 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Parallax Slider Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/parallax-slider-block/"
     google-query: inurl:"/wp-content/plugins/parallax-slider-block/"
     shodan-query: 'vuln:CVE-2023-49184'
-  tags: cve,wordpress,wp-plugin,parallax-slider-block,medium
+  tags: cve,wordpress,wp-plugin,parallax-slider-block,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49188-5fc14f2bf72ff01c08c1f94583d480b0.yaml b/nuclei-templates/2023/CVE-2023-49188-5fc14f2bf72ff01c08c1f94583d480b0.yaml
index e56367b337..43e7b5322f 100644
--- a/nuclei-templates/2023/CVE-2023-49188-5fc14f2bf72ff01c08c1f94583d480b0.yaml
+++ b/nuclei-templates/2023/CVE-2023-49188-5fc14f2bf72ff01c08c1f94583d480b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Track Geolocation Of Users Using Contact Form 7 <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Track Geolocation Of Users Using Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/track-geolocation-of-users-using-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/track-geolocation-of-users-using-contact-form-7/"
     shodan-query: 'vuln:CVE-2023-49188'
-  tags: cve,wordpress,wp-plugin,track-geolocation-of-users-using-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,track-geolocation-of-users-using-contact-form-7,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49189-28f21eddf2463cba2cb6b77e1419e5f9.yaml b/nuclei-templates/2023/CVE-2023-49189-28f21eddf2463cba2cb6b77e1419e5f9.yaml
index 14e0ce8ef5..af014d799e 100644
--- a/nuclei-templates/2023/CVE-2023-49189-28f21eddf2463cba2cb6b77e1419e5f9.yaml
+++ b/nuclei-templates/2023/CVE-2023-49189-28f21eddf2463cba2cb6b77e1419e5f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Share Buttons & Analytics Plugin – GetSocial.io <= 4.3.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Share Buttons & Analytics Plugin – GetSocial.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-share-buttons-analytics-by-getsocial/"
     google-query: inurl:"/wp-content/plugins/wp-share-buttons-analytics-by-getsocial/"
     shodan-query: 'vuln:CVE-2023-49189'
-  tags: cve,wordpress,wp-plugin,wp-share-buttons-analytics-by-getsocial,medium
+  tags: cve,wordpress,wp-plugin,wp-share-buttons-analytics-by-getsocial,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4919-c1259d5d6340f1a9bb2b4b54cbfddf23.yaml b/nuclei-templates/2023/CVE-2023-4919-c1259d5d6340f1a9bb2b4b54cbfddf23.yaml
index 961c7f5d6e..b4c19c58d8 100644
--- a/nuclei-templates/2023/CVE-2023-4919-c1259d5d6340f1a9bb2b4b54cbfddf23.yaml
+++ b/nuclei-templates/2023/CVE-2023-4919-c1259d5d6340f1a9bb2b4b54cbfddf23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iframe/"
     google-query: inurl:"/wp-content/plugins/iframe/"
     shodan-query: 'vuln:CVE-2023-4919'
-  tags: cve,wordpress,wp-plugin,iframe,medium
+  tags: cve,wordpress,wp-plugin,iframe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49190-f94ad2e40424de33128764065d19c984.yaml b/nuclei-templates/2023/CVE-2023-49190-f94ad2e40424de33128764065d19c984.yaml
index af45889ad5..911bf5e67a 100644
--- a/nuclei-templates/2023/CVE-2023-49190-f94ad2e40424de33128764065d19c984.yaml
+++ b/nuclei-templates/2023/CVE-2023-49190-f94ad2e40424de33128764065d19c984.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Offline <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Site Offline Or Coming Soon Or Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-offline/"
     google-query: inurl:"/wp-content/plugins/site-offline/"
     shodan-query: 'vuln:CVE-2023-49190'
-  tags: cve,wordpress,wp-plugin,site-offline,medium
+  tags: cve,wordpress,wp-plugin,site-offline,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49191-d52f1aa2c59f42390d8192c949633ea4.yaml b/nuclei-templates/2023/CVE-2023-49191-d52f1aa2c59f42390d8192c949633ea4.yaml
index ac09dbe66a..fda9bc86a7 100644
--- a/nuclei-templates/2023/CVE-2023-49191-d52f1aa2c59f42390d8192c949633ea4.yaml
+++ b/nuclei-templates/2023/CVE-2023-49191-d52f1aa2c59f42390d8192c949633ea4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GDPR Cookie Consent by Supsystic <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GDPR Cookie Consent by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gdpr-compliance-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/gdpr-compliance-by-supsystic/"
     shodan-query: 'vuln:CVE-2023-49191'
-  tags: cve,wordpress,wp-plugin,gdpr-compliance-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,gdpr-compliance-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49192-a9a1d45bfcbca6c173ea125c110bda5d.yaml b/nuclei-templates/2023/CVE-2023-49192-a9a1d45bfcbca6c173ea125c110bda5d.yaml
index 317ea403ec..7597e61700 100644
--- a/nuclei-templates/2023/CVE-2023-49192-a9a1d45bfcbca6c173ea125c110bda5d.yaml
+++ b/nuclei-templates/2023/CVE-2023-49192-a9a1d45bfcbca6c173ea125c110bda5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enhanced Text Widget <= 1.6.3 - Missing Authorization via etw_hide_admin_notification_callback
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the etw_hide_admin_notification_callback function in versions up to, and including, 1.6.3. This makes it possible for unauthenticated attackers to hide admin notifications.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-text-widget/"
     google-query: inurl:"/wp-content/plugins/enhanced-text-widget/"
     shodan-query: 'vuln:CVE-2023-49192'
-  tags: cve,wordpress,wp-plugin,enhanced-text-widget,medium
+  tags: cve,wordpress,wp-plugin,enhanced-text-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49193-614c612f12b893f0f92f502ce23d7035.yaml b/nuclei-templates/2023/CVE-2023-49193-614c612f12b893f0f92f502ce23d7035.yaml
index 862418afcc..a27a9b233e 100644
--- a/nuclei-templates/2023/CVE-2023-49193-614c612f12b893f0f92f502ce23d7035.yaml
+++ b/nuclei-templates/2023/CVE-2023-49193-614c612f12b893f0f92f502ce23d7035.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Pug <= 1.30.0 - Missing Authorization via multiple admin_init actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Pug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions that run on admin_init in versions up to, and including, 1.20.3. This makes it possible for unauthenticated attackers to dismiss admin notifications and update the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-pug/"
     google-query: inurl:"/wp-content/plugins/social-pug/"
     shodan-query: 'vuln:CVE-2023-49193'
-  tags: cve,wordpress,wp-plugin,social-pug,medium
+  tags: cve,wordpress,wp-plugin,social-pug,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49195-a5430dc528533c2edeaccbfbb9028a8f.yaml b/nuclei-templates/2023/CVE-2023-49195-a5430dc528533c2edeaccbfbb9028a8f.yaml
index cc209aed15..a1e0908fd9 100644
--- a/nuclei-templates/2023/CVE-2023-49195-a5430dc528533c2edeaccbfbb9028a8f.yaml
+++ b/nuclei-templates/2023/CVE-2023-49195-a5430dc528533c2edeaccbfbb9028a8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nested Pages <= 3.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Nested Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-nested-pages/"
     google-query: inurl:"/wp-content/plugins/wp-nested-pages/"
     shodan-query: 'vuln:CVE-2023-49195'
-  tags: cve,wordpress,wp-plugin,wp-nested-pages,medium
+  tags: cve,wordpress,wp-plugin,wp-nested-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4924-c7c8e86fe8e5b4d368e1042cf3070ec8.yaml b/nuclei-templates/2023/CVE-2023-4924-c7c8e86fe8e5b4d368e1042cf3070ec8.yaml
index ebb1b13b56..c9e4318fee 100644
--- a/nuclei-templates/2023/CVE-2023-4924-c7c8e86fe8e5b4d368e1042cf3070ec8.yaml
+++ b/nuclei-templates/2023/CVE-2023-4924-c7c8e86fe8e5b4d368e1042cf3070ec8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-bulk-editor/"
     google-query: inurl:"/wp-content/plugins/woo-bulk-editor/"
     shodan-query: 'vuln:CVE-2023-4924'
-  tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,woo-bulk-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4925-03e1e5461591c1057ed60beb9b3bae79.yaml b/nuclei-templates/2023/CVE-2023-4925-03e1e5461591c1057ed60beb9b3bae79.yaml
index 260f6ae4a5..e3ad4afb14 100644
--- a/nuclei-templates/2023/CVE-2023-4925-03e1e5461591c1057ed60beb9b3bae79.yaml
+++ b/nuclei-templates/2023/CVE-2023-4925-03e1e5461591c1057ed60beb9b3bae79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Forms for Mailchimp <= 6.8.10 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Forms for Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.8.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/"
     google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/"
     shodan-query: 'vuln:CVE-2023-4925'
-  tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,medium
+  tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4938-1a98182627ada5df6f3381c144225d78.yaml b/nuclei-templates/2023/CVE-2023-4938-1a98182627ada5df6f3381c144225d78.yaml
index 46cfa4acd6..cc613bb5c6 100644
--- a/nuclei-templates/2023/CVE-2023-4938-1a98182627ada5df6f3381c144225d78.yaml
+++ b/nuclei-templates/2023/CVE-2023-4938-1a98182627ada5df6f3381c144225d78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-bulk-editor/"
     google-query: inurl:"/wp-content/plugins/woo-bulk-editor/"
     shodan-query: 'vuln:CVE-2023-4938'
-  tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,woo-bulk-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4941-b5f79719a2f0199ef2281b12f3375388.yaml b/nuclei-templates/2023/CVE-2023-4941-b5f79719a2f0199ef2281b12f3375388.yaml
index edd0c77bae..8fae41156a 100644
--- a/nuclei-templates/2023/CVE-2023-4941-b5f79719a2f0199ef2281b12f3375388.yaml
+++ b/nuclei-templates/2023/CVE-2023-4941-b5f79719a2f0199ef2281b12f3375388.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-bulk-editor/"
     google-query: inurl:"/wp-content/plugins/woo-bulk-editor/"
     shodan-query: 'vuln:CVE-2023-4941'
-  tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,woo-bulk-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4943-df6b45b19424e9077c2131a407f92c61.yaml b/nuclei-templates/2023/CVE-2023-4943-df6b45b19424e9077c2131a407f92c61.yaml
index 5278e1610f..c96160b21e 100644
--- a/nuclei-templates/2023/CVE-2023-4943-df6b45b19424e9077c2131a407f92c61.yaml
+++ b/nuclei-templates/2023/CVE-2023-4943-df6b45b19424e9077c2131a407f92c61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-bulk-editor/"
     google-query: inurl:"/wp-content/plugins/woo-bulk-editor/"
     shodan-query: 'vuln:CVE-2023-4943'
-  tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,woo-bulk-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4944-24dc0fb35229c989c41ed2754572ea29.yaml b/nuclei-templates/2023/CVE-2023-4944-24dc0fb35229c989c41ed2754572ea29.yaml
index ad67c484b3..e02bc0d8d4 100644
--- a/nuclei-templates/2023/CVE-2023-4944-24dc0fb35229c989c41ed2754572ea29.yaml
+++ b/nuclei-templates/2023/CVE-2023-4944-24dc0fb35229c989c41ed2754572ea29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Weather Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-weather/"
     google-query: inurl:"/wp-content/plugins/awesome-weather/"
     shodan-query: 'vuln:CVE-2023-4944'
-  tags: cve,wordpress,wp-plugin,awesome-weather,medium
+  tags: cve,wordpress,wp-plugin,awesome-weather,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4945-885fb17b6662f56f045b926c01f35175.yaml b/nuclei-templates/2023/CVE-2023-4945-885fb17b6662f56f045b926c01f35175.yaml
index bdcaca6b8f..d04defba74 100644
--- a/nuclei-templates/2023/CVE-2023-4945-885fb17b6662f56f045b926c01f35175.yaml
+++ b/nuclei-templates/2023/CVE-2023-4945-885fb17b6662f56f045b926c01f35175.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 7.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2023-4945'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4947-327db16d1bb219d0ce7124ea14eed0f3.yaml b/nuclei-templates/2023/CVE-2023-4947-327db16d1bb219d0ce7124ea14eed0f3.yaml
index f71d7b345d..fa9695fc77 100644
--- a/nuclei-templates/2023/CVE-2023-4947-327db16d1bb219d0ce7124ea14eed0f3.yaml
+++ b/nuclei-templates/2023/CVE-2023-4947-327db16d1bb219d0ce7124ea14eed0f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-ean-payment-gateway/"
     google-query: inurl:"/wp-content/plugins/woocommerce-ean-payment-gateway/"
     shodan-query: 'vuln:CVE-2023-4947'
-  tags: cve,wordpress,wp-plugin,woocommerce-ean-payment-gateway,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-ean-payment-gateway,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4948-47a69422b8abe1dcc847b3db9997fa97.yaml b/nuclei-templates/2023/CVE-2023-4948-47a69422b8abe1dcc847b3db9997fa97.yaml
index 10b74e11f2..0ee69fccfa 100644
--- a/nuclei-templates/2023/CVE-2023-4948-47a69422b8abe1dcc847b3db9997fa97.yaml
+++ b/nuclei-templates/2023/CVE-2023-4948-47a69422b8abe1dcc847b3db9997fa97.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update CVR numbers for orders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-cvr-payment-gateway/"
     google-query: inurl:"/wp-content/plugins/woocommerce-cvr-payment-gateway/"
     shodan-query: 'vuln:CVE-2023-4948'
-  tags: cve,wordpress,wp-plugin,woocommerce-cvr-payment-gateway,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-cvr-payment-gateway,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4950-706745fef06bc5b6b3083d2b8e19d2e9.yaml b/nuclei-templates/2023/CVE-2023-4950-706745fef06bc5b6b3083d2b8e19d2e9.yaml
index acdcdf9893..bf0f9d22ea 100644
--- a/nuclei-templates/2023/CVE-2023-4950-706745fef06bc5b6b3083d2b8e19d2e9.yaml
+++ b/nuclei-templates/2023/CVE-2023-4950-706745fef06bc5b6b3083d2b8e19d2e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnelforms Free <= 3.3.9 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Funnelforms Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission answers in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funnelforms-free/"
     google-query: inurl:"/wp-content/plugins/funnelforms-free/"
     shodan-query: 'vuln:CVE-2023-4950'
-  tags: cve,wordpress,wp-plugin,funnelforms-free,medium
+  tags: cve,wordpress,wp-plugin,funnelforms-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4960-09629550fe11748b689836fcea30749f.yaml b/nuclei-templates/2023/CVE-2023-4960-09629550fe11748b689836fcea30749f.yaml
index dba484e9e6..fd88b65185 100644
--- a/nuclei-templates/2023/CVE-2023-4960-09629550fe11748b689836fcea30749f.yaml
+++ b/nuclei-templates/2023/CVE-2023-4960-09629550fe11748b689836fcea30749f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-multivendor-marketplace/"
     google-query: inurl:"/wp-content/plugins/wc-multivendor-marketplace/"
     shodan-query: 'vuln:CVE-2023-4960'
-  tags: cve,wordpress,wp-plugin,wc-multivendor-marketplace,medium
+  tags: cve,wordpress,wp-plugin,wc-multivendor-marketplace,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4961-fa365da8fb7be5a7c14e80d68226de79.yaml b/nuclei-templates/2023/CVE-2023-4961-fa365da8fb7be5a7c14e80d68226de79.yaml
index 38df9111c7..ad0441683a 100644
--- a/nuclei-templates/2023/CVE-2023-4961-fa365da8fb7be5a7c14e80d68226de79.yaml
+++ b/nuclei-templates/2023/CVE-2023-4961-fa365da8fb7be5a7c14e80d68226de79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poptin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/poptin/"
     google-query: inurl:"/wp-content/plugins/poptin/"
     shodan-query: 'vuln:CVE-2023-4961'
-  tags: cve,wordpress,wp-plugin,poptin,medium
+  tags: cve,wordpress,wp-plugin,poptin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4962-73b8394a2820dad4a75a3855507d242d.yaml b/nuclei-templates/2023/CVE-2023-4962-73b8394a2820dad4a75a3855507d242d.yaml
index a238c765e2..142bfb1039 100644
--- a/nuclei-templates/2023/CVE-2023-4962-73b8394a2820dad4a75a3855507d242d.yaml
+++ b/nuclei-templates/2023/CVE-2023-4962-73b8394a2820dad4a75a3855507d242d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video PopUp <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-popup/"
     google-query: inurl:"/wp-content/plugins/video-popup/"
     shodan-query: 'vuln:CVE-2023-4962'
-  tags: cve,wordpress,wp-plugin,video-popup,medium
+  tags: cve,wordpress,wp-plugin,video-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4963-4ece1b2368b1b6541fd5808b6263c140.yaml b/nuclei-templates/2023/CVE-2023-4963-4ece1b2368b1b6541fd5808b6263c140.yaml
index 7bf1b8d536..4e4675c219 100644
--- a/nuclei-templates/2023/CVE-2023-4963-4ece1b2368b1b6541fd5808b6263c140.yaml
+++ b/nuclei-templates/2023/CVE-2023-4963-4ece1b2368b1b6541fd5808b6263c140.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WS Facebook Like Box Widget <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ws-facebook-likebox/"
     google-query: inurl:"/wp-content/plugins/ws-facebook-likebox/"
     shodan-query: 'vuln:CVE-2023-4963'
-  tags: cve,wordpress,wp-plugin,ws-facebook-likebox,medium
+  tags: cve,wordpress,wp-plugin,ws-facebook-likebox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4968-7251846dd87f32952c517012f5416bb3.yaml b/nuclei-templates/2023/CVE-2023-4968-7251846dd87f32952c517012f5416bb3.yaml
index 1a2ebed54f..84f332df15 100644
--- a/nuclei-templates/2023/CVE-2023-4968-7251846dd87f32952c517012f5416bb3.yaml
+++ b/nuclei-templates/2023/CVE-2023-4968-7251846dd87f32952c517012f5416bb3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPLegalPages <= 2.9.2 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wplegalpages/"
     google-query: inurl:"/wp-content/plugins/wplegalpages/"
     shodan-query: 'vuln:CVE-2023-4968'
-  tags: cve,wordpress,wp-plugin,wplegalpages,medium
+  tags: cve,wordpress,wp-plugin,wplegalpages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4970-04f39942fc16c2a7c2f6145e385c8d07.yaml b/nuclei-templates/2023/CVE-2023-4970-04f39942fc16c2a7c2f6145e385c8d07.yaml
index 929ba69652..fc3cf010e5 100644
--- a/nuclei-templates/2023/CVE-2023-4970-04f39942fc16c2a7c2f6145e385c8d07.yaml
+++ b/nuclei-templates/2023/CVE-2023-4970-04f39942fc16c2a7c2f6145e385c8d07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PubyDoc <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PubyDoc – Data Tables and Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pubydoc-data-tables-and-charts/"
     google-query: inurl:"/wp-content/plugins/pubydoc-data-tables-and-charts/"
     shodan-query: 'vuln:CVE-2023-4970'
-  tags: cve,wordpress,wp-plugin,pubydoc-data-tables-and-charts,medium
+  tags: cve,wordpress,wp-plugin,pubydoc-data-tables-and-charts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4971-5614f511e973e614fd375402d8486642.yaml b/nuclei-templates/2023/CVE-2023-4971-5614f511e973e614fd375402d8486642.yaml
index 180e2d3521..4ff9b3a183 100644
--- a/nuclei-templates/2023/CVE-2023-4971-5614f511e973e614fd375402d8486642.yaml
+++ b/nuclei-templates/2023/CVE-2023-4971-5614f511e973e614fd375402d8486642.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weaver Xtreme Theme Support <= 6.3.0 - Authenticated (Administrator+) PHP Object Injection via Imported File
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.3.0 via deserialization of untrusted input from imported files. This allows authenticated attackers, with administrator-level privileges and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weaverx-theme-support/"
     google-query: inurl:"/wp-content/plugins/weaverx-theme-support/"
     shodan-query: 'vuln:CVE-2023-4971'
-  tags: cve,wordpress,wp-plugin,weaverx-theme-support,high
+  tags: cve,wordpress,wp-plugin,weaverx-theme-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49742-d0405f3a6546530ea0089cf284177266.yaml b/nuclei-templates/2023/CVE-2023-49742-d0405f3a6546530ea0089cf284177266.yaml
index 18753aef25..bbeb49550f 100644
--- a/nuclei-templates/2023/CVE-2023-49742-d0405f3a6546530ea0089cf284177266.yaml
+++ b/nuclei-templates/2023/CVE-2023-49742-d0405f3a6546530ea0089cf284177266.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Support Genix <= 1.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Support Genix plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions such as uploading arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/support-genix-lite/"
     google-query: inurl:"/wp-content/plugins/support-genix-lite/"
     shodan-query: 'vuln:CVE-2023-49742'
-  tags: cve,wordpress,wp-plugin,support-genix-lite,medium
+  tags: cve,wordpress,wp-plugin,support-genix-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49743-669f088fb31a1c784e368a7e51016243.yaml b/nuclei-templates/2023/CVE-2023-49743-669f088fb31a1c784e368a7e51016243.yaml
index b32761295f..82faf0fdcd 100644
--- a/nuclei-templates/2023/CVE-2023-49743-669f088fb31a1c784e368a7e51016243.yaml
+++ b/nuclei-templates/2023/CVE-2023-49743-669f088fb31a1c784e368a7e51016243.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dashboard Widgets Suite <= 3.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dashboard Widgets Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dashboard-widgets-suite/"
     google-query: inurl:"/wp-content/plugins/dashboard-widgets-suite/"
     shodan-query: 'vuln:CVE-2023-49743'
-  tags: cve,wordpress,wp-plugin,dashboard-widgets-suite,medium
+  tags: cve,wordpress,wp-plugin,dashboard-widgets-suite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49745-1777236d571c6ec2a8def6ba8c1b858a.yaml b/nuclei-templates/2023/CVE-2023-49745-1777236d571c6ec2a8def6ba8c1b858a.yaml
index dfaa0c827f..58a8b4a42a 100644
--- a/nuclei-templates/2023/CVE-2023-49745-1777236d571c6ec2a8def6ba8c1b858a.yaml
+++ b/nuclei-templates/2023/CVE-2023-49745-1777236d571c6ec2a8def6ba8c1b858a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spiffy Calendar <= 4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Spiffy Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to 4.9.6 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spiffy-calendar/"
     google-query: inurl:"/wp-content/plugins/spiffy-calendar/"
     shodan-query: 'vuln:CVE-2023-49745'
-  tags: cve,wordpress,wp-plugin,spiffy-calendar,medium
+  tags: cve,wordpress,wp-plugin,spiffy-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49746-e22a3c007f773a45322f383ac43c3a2c.yaml b/nuclei-templates/2023/CVE-2023-49746-e22a3c007f773a45322f383ac43c3a2c.yaml
index 985bc91907..45cfc010ca 100644
--- a/nuclei-templates/2023/CVE-2023-49746-e22a3c007f773a45322f383ac43c3a2c.yaml
+++ b/nuclei-templates/2023/CVE-2023-49746-e22a3c007f773a45322f383ac43c3a2c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SpeedyCache <= 1.1.2 -  Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SpeedyCache – Cache, Optimization, Performance plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.2 via the speedycache_create_test_cache() function. This makes it possible for authenticated attackers, subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/speedycache/"
     google-query: inurl:"/wp-content/plugins/speedycache/"
     shodan-query: 'vuln:CVE-2023-49746'
-  tags: cve,wordpress,wp-plugin,speedycache,medium
+  tags: cve,wordpress,wp-plugin,speedycache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49747-bcd6b988167c1612bb5048004783e4f5.yaml b/nuclei-templates/2023/CVE-2023-49747-bcd6b988167c1612bb5048004783e4f5.yaml
index 649fe48d41..dfeb7557d4 100644
--- a/nuclei-templates/2023/CVE-2023-49747-bcd6b988167c1612bb5048004783e4f5.yaml
+++ b/nuclei-templates/2023/CVE-2023-49747-bcd6b988167c1612bb5048004783e4f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Guest Author <= 2.3 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Guest Author plugin for WordPress is vulnerable to Stored Cross-Site Scripting via author name in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/guest-author/"
     google-query: inurl:"/wp-content/plugins/guest-author/"
     shodan-query: 'vuln:CVE-2023-49747'
-  tags: cve,wordpress,wp-plugin,guest-author,medium
+  tags: cve,wordpress,wp-plugin,guest-author,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49754-d1e689eb00e15a822c5a4bc69f8d4926.yaml b/nuclei-templates/2023/CVE-2023-49754-d1e689eb00e15a822c5a4bc69f8d4926.yaml
index 855d8cd6e5..69e9fd11e5 100644
--- a/nuclei-templates/2023/CVE-2023-49754-d1e689eb00e15a822c5a4bc69f8d4926.yaml
+++ b/nuclei-templates/2023/CVE-2023-49754-d1e689eb00e15a822c5a4bc69f8d4926.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bulk Edit Post Titles <= 5.0.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-edit-post-titles/"
     google-query: inurl:"/wp-content/plugins/bulk-edit-post-titles/"
     shodan-query: 'vuln:CVE-2023-49754'
-  tags: cve,wordpress,wp-plugin,bulk-edit-post-titles,medium
+  tags: cve,wordpress,wp-plugin,bulk-edit-post-titles,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49755-1c97daee437b7051f2d3a3601380f79a.yaml b/nuclei-templates/2023/CVE-2023-49755-1c97daee437b7051f2d3a3601380f79a.yaml
index 27de65a063..be4cee5519 100644
--- a/nuclei-templates/2023/CVE-2023-49755-1c97daee437b7051f2d3a3601380f79a.yaml
+++ b/nuclei-templates/2023/CVE-2023-49755-1c97daee437b7051f2d3a3601380f79a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Timeline Widget <= 2.2 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor Timeline Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3r-elementor-timeline-widget/"
     google-query: inurl:"/wp-content/plugins/3r-elementor-timeline-widget/"
     shodan-query: 'vuln:CVE-2023-49755'
-  tags: cve,wordpress,wp-plugin,3r-elementor-timeline-widget,medium
+  tags: cve,wordpress,wp-plugin,3r-elementor-timeline-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49756-0b82fadb36c481a1a5ef36694d259943.yaml b/nuclei-templates/2023/CVE-2023-49756-0b82fadb36c481a1a5ef36694d259943.yaml
index d0c69da9bb..177fb68738 100644
--- a/nuclei-templates/2023/CVE-2023-49756-0b82fadb36c481a1a5ef36694d259943.yaml
+++ b/nuclei-templates/2023/CVE-2023-49756-0b82fadb36c481a1a5ef36694d259943.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Eventin <= 3.3.52 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Eventin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_file() function in versions up to, and including, 3.3.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to import events.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-event-solution/"
     google-query: inurl:"/wp-content/plugins/wp-event-solution/"
     shodan-query: 'vuln:CVE-2023-49756'
-  tags: cve,wordpress,wp-plugin,wp-event-solution,medium
+  tags: cve,wordpress,wp-plugin,wp-event-solution,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49757-44e9c5f94ff15d80337fbc26acc2f9ad.yaml b/nuclei-templates/2023/CVE-2023-49757-44e9c5f94ff15d80337fbc26acc2f9ad.yaml
index e0272e4a1c..e0ab11d799 100644
--- a/nuclei-templates/2023/CVE-2023-49757-44e9c5f94ff15d80337fbc26acc2f9ad.yaml
+++ b/nuclei-templates/2023/CVE-2023-49757-44e9c5f94ff15d80337fbc26acc2f9ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support <= 6.1.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Awesome Support plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 6.1.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2023-49757'
-  tags: cve,wordpress,wp-plugin,awesome-support,medium
+  tags: cve,wordpress,wp-plugin,awesome-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49758-bba48b2b3db8c722b3183d512e2cbe2e.yaml b/nuclei-templates/2023/CVE-2023-49758-bba48b2b3db8c722b3183d512e2cbe2e.yaml
index 852466bb14..bb70067010 100644
--- a/nuclei-templates/2023/CVE-2023-49758-bba48b2b3db8c722b3183d512e2cbe2e.yaml
+++ b/nuclei-templates/2023/CVE-2023-49758-bba48b2b3db8c722b3183d512e2cbe2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Booking System <= 2.0.19.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Booking System plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpbs_save_calendar_data function in versions up to, and including, 2.0.19.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to save calendar data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-booking-system/"
     google-query: inurl:"/wp-content/plugins/wp-booking-system/"
     shodan-query: 'vuln:CVE-2023-49758'
-  tags: cve,wordpress,wp-plugin,wp-booking-system,medium
+  tags: cve,wordpress,wp-plugin,wp-booking-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49764-662b0d4e06b53c4127af628452071119.yaml b/nuclei-templates/2023/CVE-2023-49764-662b0d4e06b53c4127af628452071119.yaml
index 1743fc98cd..7fcb3a0b78 100644
--- a/nuclei-templates/2023/CVE-2023-49764-662b0d4e06b53c4127af628452071119.yaml
+++ b/nuclei-templates/2023/CVE-2023-49764-662b0d4e06b53c4127af628452071119.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Advanced Database Cleaner plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-database-cleaner/"
     google-query: inurl:"/wp-content/plugins/advanced-database-cleaner/"
     shodan-query: 'vuln:CVE-2023-49764'
-  tags: cve,wordpress,wp-plugin,advanced-database-cleaner,high
+  tags: cve,wordpress,wp-plugin,advanced-database-cleaner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49767-a18213c9c980e2ab86f946c3cc789f65.yaml b/nuclei-templates/2023/CVE-2023-49767-a18213c9c980e2ab86f946c3cc789f65.yaml
index 2977c2086c..8c90f1e92c 100644
--- a/nuclei-templates/2023/CVE-2023-49767-a18213c9c980e2ab86f946c3cc789f65.yaml
+++ b/nuclei-templates/2023/CVE-2023-49767-a18213c9c980e2ab86f946c3cc789f65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Biteship <= 2.2.27 - Authenticated (Shop manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Biteship plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 2.2.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/biteship/"
     google-query: inurl:"/wp-content/plugins/biteship/"
     shodan-query: 'vuln:CVE-2023-49767'
-  tags: cve,wordpress,wp-plugin,biteship,medium
+  tags: cve,wordpress,wp-plugin,biteship,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49768-40b17fbc397976bb918c3ad479c78a68.yaml b/nuclei-templates/2023/CVE-2023-49768-40b17fbc397976bb918c3ad479c78a68.yaml
index 69f8faf502..e4a3e61e9c 100644
--- a/nuclei-templates/2023/CVE-2023-49768-40b17fbc397976bb918c3ad479c78a68.yaml
+++ b/nuclei-templates/2023/CVE-2023-49768-40b17fbc397976bb918c3ad479c78a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-FormAssembly <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formassembly-web-forms/"
     google-query: inurl:"/wp-content/plugins/formassembly-web-forms/"
     shodan-query: 'vuln:CVE-2023-49768'
-  tags: cve,wordpress,wp-plugin,formassembly-web-forms,medium
+  tags: cve,wordpress,wp-plugin,formassembly-web-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49770-a70d444a7f2c0c5012e01420603941d1.yaml b/nuclei-templates/2023/CVE-2023-49770-a70d444a7f2c0c5012e01420603941d1.yaml
index 034770e010..e07a57d74d 100644
--- a/nuclei-templates/2023/CVE-2023-49770-a70d444a7f2c0c5012e01420603941d1.yaml
+++ b/nuclei-templates/2023/CVE-2023-49770-a70d444a7f2c0c5012e01420603941d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart External Link Click Monitor [Link Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-log/"
     google-query: inurl:"/wp-content/plugins/link-log/"
     shodan-query: 'vuln:CVE-2023-49770'
-  tags: cve,wordpress,wp-plugin,link-log,medium
+  tags: cve,wordpress,wp-plugin,link-log,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49777-61ed528306912302d784398edae3cbb2.yaml b/nuclei-templates/2023/CVE-2023-49777-61ed528306912302d784398edae3cbb2.yaml
index bf084dc8a8..0701bc4a52 100644
--- a/nuclei-templates/2023/CVE-2023-49777-61ed528306912302d784398edae3cbb2.yaml
+++ b/nuclei-templates/2023/CVE-2023-49777-61ed528306912302d784398edae3cbb2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH WooCommerce Product Add-Ons <= 4.3.0 - Authenticated(Shop Manager+) PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 4.3.1 (exclusive) via deserialization of untrusted input in the 'save_addon' function. This makes it possible for authenticated attackers, with Shop Manager access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-woocommerce-product-add-ons/"
     google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-add-ons/"
     shodan-query: 'vuln:CVE-2023-49777'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,medium
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49813-6e313c2d32fa44151bb5398004b93815.yaml b/nuclei-templates/2023/CVE-2023-49813-6e313c2d32fa44151bb5398004b93815.yaml
index 6732384d1f..25e52be456 100644
--- a/nuclei-templates/2023/CVE-2023-49813-6e313c2d32fa44151bb5398004b93815.yaml
+++ b/nuclei-templates/2023/CVE-2023-49813-6e313c2d32fa44151bb5398004b93815.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Photo Album Plus <= 8.5.02.005 -  Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 8.5.02.005 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-photo-album-plus/"
     google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/"
     shodan-query: 'vuln:CVE-2023-49813'
-  tags: cve,wordpress,wp-plugin,wp-photo-album-plus,medium
+  tags: cve,wordpress,wp-plugin,wp-photo-album-plus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49814-5e582ef605e9fe0c0d1cac86ea21ae85.yaml b/nuclei-templates/2023/CVE-2023-49814-5e582ef605e9fe0c0d1cac86ea21ae85.yaml
index c43a4df564..e464a2850c 100644
--- a/nuclei-templates/2023/CVE-2023-49814-5e582ef605e9fe0c0d1cac86ea21ae85.yaml
+++ b/nuclei-templates/2023/CVE-2023-49814-5e582ef605e9fe0c0d1cac86ea21ae85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Symbiostock – Sell Photos Online For Free! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with shop manager-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/symbiostock/"
     google-query: inurl:"/wp-content/plugins/symbiostock/"
     shodan-query: 'vuln:CVE-2023-49814'
-  tags: cve,wordpress,wp-plugin,symbiostock,high
+  tags: cve,wordpress,wp-plugin,symbiostock,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49817-40dad92f1e274f70a2212adefbc68e38.yaml b/nuclei-templates/2023/CVE-2023-49817-40dad92f1e274f70a2212adefbc68e38.yaml
index 90fd3a2ba1..d0395373b0 100644
--- a/nuclei-templates/2023/CVE-2023-49817-40dad92f1e274f70a2212adefbc68e38.yaml
+++ b/nuclei-templates/2023/CVE-2023-49817-40dad92f1e274f70a2212adefbc68e38.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flexible Woocommerce Checkout Field Editor <= 2.0.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Flexible Woocommerce Checkout Field Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function function in versions up to, and including, 2.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flexible-woocommerce-checkout-field-editor/"
     google-query: inurl:"/wp-content/plugins/flexible-woocommerce-checkout-field-editor/"
     shodan-query: 'vuln:CVE-2023-49817'
-  tags: cve,wordpress,wp-plugin,flexible-woocommerce-checkout-field-editor,medium
+  tags: cve,wordpress,wp-plugin,flexible-woocommerce-checkout-field-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49818-d242d8704b7ccc1eaddd7fe775c62763.yaml b/nuclei-templates/2023/CVE-2023-49818-d242d8704b7ccc1eaddd7fe775c62763.yaml
index bb8cbe41c8..53c4b38ab1 100644
--- a/nuclei-templates/2023/CVE-2023-49818-d242d8704b7ccc1eaddd7fe775c62763.yaml
+++ b/nuclei-templates/2023/CVE-2023-49818-d242d8704b7ccc1eaddd7fe775c62763.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Webflow Pages <= 1.0.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Webflow Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webflow-pages/"
     google-query: inurl:"/wp-content/plugins/webflow-pages/"
     shodan-query: 'vuln:CVE-2023-49818'
-  tags: cve,wordpress,wp-plugin,webflow-pages,medium
+  tags: cve,wordpress,wp-plugin,webflow-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49819-bb8100b665f7be766e2f2566af0a9770.yaml b/nuclei-templates/2023/CVE-2023-49819-bb8100b665f7be766e2f2566af0a9770.yaml
index 0f525195c4..2913dc3750 100644
--- a/nuclei-templates/2023/CVE-2023-49819-bb8100b665f7be766e2f2566af0a9770.yaml
+++ b/nuclei-templates/2023/CVE-2023-49819-bb8100b665f7be766e2f2566af0a9770.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Structured Content <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Structured Content (JSON-LD) #wpsc plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input. This makes it possible for attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/structured-content/"
     google-query: inurl:"/wp-content/plugins/structured-content/"
     shodan-query: 'vuln:CVE-2023-49819'
-  tags: cve,wordpress,wp-plugin,structured-content,high
+  tags: cve,wordpress,wp-plugin,structured-content,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49820-b240c0fd3b8e35e0e7b7374ee39360eb.yaml b/nuclei-templates/2023/CVE-2023-49820-b240c0fd3b8e35e0e7b7374ee39360eb.yaml
index a2625fb32f..244ebfe0d4 100644
--- a/nuclei-templates/2023/CVE-2023-49820-b240c0fd3b8e35e0e7b7374ee39360eb.yaml
+++ b/nuclei-templates/2023/CVE-2023-49820-b240c0fd3b8e35e0e7b7374ee39360eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Structured Content <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/structured-content/"
     google-query: inurl:"/wp-content/plugins/structured-content/"
     shodan-query: 'vuln:CVE-2023-49820'
-  tags: cve,wordpress,wp-plugin,structured-content,medium
+  tags: cve,wordpress,wp-plugin,structured-content,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49823-48cb8d5c20069dd21ff6f85ee4f57b84.yaml b/nuclei-templates/2023/CVE-2023-49823-48cb8d5c20069dd21ff6f85ee4f57b84.yaml
index 789856b659..be8ddd1cb5 100644
--- a/nuclei-templates/2023/CVE-2023-49823-48cb8d5c20069dd21ff6f85ee4f57b84.yaml
+++ b/nuclei-templates/2023/CVE-2023-49823-48cb8d5c20069dd21ff6f85ee4f57b84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2023-49823'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49825-f1943d1009d5a9a5f1799b0883b7d043.yaml b/nuclei-templates/2023/CVE-2023-49825-f1943d1009d5a9a5f1799b0883b7d043.yaml
index b65aeebeda..dea03e697d 100644
--- a/nuclei-templates/2023/CVE-2023-49825-f1943d1009d5a9a5f1799b0883b7d043.yaml
+++ b/nuclei-templates/2023/CVE-2023-49825-f1943d1009d5a9a5f1799b0883b7d043.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Soledad <= 8.4.1 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Soledad theme for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/soledad/"
     google-query: inurl:"/wp-content/themes/soledad/"
     shodan-query: 'vuln:CVE-2023-49825'
-  tags: cve,wordpress,wp-theme,soledad,high
+  tags: cve,wordpress,wp-theme,soledad,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49828-8f2275f20711e7ff52e234ab96188172.yaml b/nuclei-templates/2023/CVE-2023-49828-8f2275f20711e7ff52e234ab96188172.yaml
index c3be3df5a5..b4a0a3fcf8 100644
--- a/nuclei-templates/2023/CVE-2023-49828-8f2275f20711e7ff52e234ab96188172.yaml
+++ b/nuclei-templates/2023/CVE-2023-49828-8f2275f20711e7ff52e234ab96188172.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Payments <= 6.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-payments/"
     google-query: inurl:"/wp-content/plugins/woocommerce-payments/"
     shodan-query: 'vuln:CVE-2023-49828'
-  tags: cve,wordpress,wp-plugin,woocommerce-payments,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-payments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49829-cb03fd3d39a18ba5fc9dfbdcafc632b1.yaml b/nuclei-templates/2023/CVE-2023-49829-cb03fd3d39a18ba5fc9dfbdcafc632b1.yaml
index f258ac6717..c39d4bf54d 100644
--- a/nuclei-templates/2023/CVE-2023-49829-cb03fd3d39a18ba5fc9dfbdcafc632b1.yaml
+++ b/nuclei-templates/2023/CVE-2023-49829-cb03fd3d39a18ba5fc9dfbdcafc632b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 2.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2023-49829'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49830-349353b08ad0d6204581635fb97a9527.yaml b/nuclei-templates/2023/CVE-2023-49830-349353b08ad0d6204581635fb97a9527.yaml
index 0b619e83a7..e33d56a4ff 100644
--- a/nuclei-templates/2023/CVE-2023-49830-349353b08ad0d6204581635fb97a9527.yaml
+++ b/nuclei-templates/2023/CVE-2023-49830-349353b08ad0d6204581635fb97a9527.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Astra Pro <= 4.3.1 - Authenticated(Contributor+) Remote Code Execution via Metabox
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Astra Pro Addon plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.3.1 via the ast-advanced-hook-php-code meta field. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/astra-addon/"
     google-query: inurl:"/wp-content/plugins/astra-addon/"
     shodan-query: 'vuln:CVE-2023-49830'
-  tags: cve,wordpress,wp-plugin,astra-addon,high
+  tags: cve,wordpress,wp-plugin,astra-addon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49831-bb05c43d4858d2cd6e99aeda4ad6534f.yaml b/nuclei-templates/2023/CVE-2023-49831-bb05c43d4858d2cd6e99aeda4ad6534f.yaml
index 50adae8e16..023f6713ae 100644
--- a/nuclei-templates/2023/CVE-2023-49831-bb05c43d4858d2cd6e99aeda4ad6534f.yaml
+++ b/nuclei-templates/2023/CVE-2023-49831-bb05c43d4858d2cd6e99aeda4ad6534f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic <= 5.2.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RegistrationMagic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_user_profile() function in versions up to, and including, 5.2.3.0. This makes it possible for unauthenticated attackers to update other user's profiles.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2023-49831'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49832-27b5597908113501f4beb8489633cce4.yaml b/nuclei-templates/2023/CVE-2023-49832-27b5597908113501f4beb8489633cce4.yaml
index d196b3ec26..6f99b1e65c 100644
--- a/nuclei-templates/2023/CVE-2023-49832-27b5597908113501f4beb8489633cce4.yaml
+++ b/nuclei-templates/2023/CVE-2023-49832-27b5597908113501f4beb8489633cce4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Reviews <= 6.10.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Site Reviews plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'assignPost' and 'unassignPost' functions in versions up to, and including, 6.10.2. This makes it possible for authenticated attackers to assign and unassign posts to reviews.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-reviews/"
     google-query: inurl:"/wp-content/plugins/site-reviews/"
     shodan-query: 'vuln:CVE-2023-49832'
-  tags: cve,wordpress,wp-plugin,site-reviews,medium
+  tags: cve,wordpress,wp-plugin,site-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49833-e57055214b95f532f53777eeb789b4ce.yaml b/nuclei-templates/2023/CVE-2023-49833-e57055214b95f532f53777eeb789b4ce.yaml
index 1954924e04..f6aded44d2 100644
--- a/nuclei-templates/2023/CVE-2023-49833-e57055214b95f532f53777eeb789b4ce.yaml
+++ b/nuclei-templates/2023/CVE-2023-49833-e57055214b95f532f53777eeb789b4ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spectra <= 2.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Spectra plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/"
     shodan-query: 'vuln:CVE-2023-49833'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49835-757377e3d1b7b4a16326ff93c76bfa77.yaml b/nuclei-templates/2023/CVE-2023-49835-757377e3d1b7b4a16326ff93c76bfa77.yaml
index 1ca5977edc..83e65c23ef 100644
--- a/nuclei-templates/2023/CVE-2023-49835-757377e3d1b7b4a16326ff93c76bfa77.yaml
+++ b/nuclei-templates/2023/CVE-2023-49835-757377e3d1b7b4a16326ff93c76bfa77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Duplicator <= 2.31 - Missing Authorization via mtphr_duplicate_post
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtphr_duplicate_post function in versions up to, and including, 2.31. This makes it possible for authenticated attackers, with contributor-level access and above, to publish posts upon duplication.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-duplicator/"
     google-query: inurl:"/wp-content/plugins/post-duplicator/"
     shodan-query: 'vuln:CVE-2023-49835'
-  tags: cve,wordpress,wp-plugin,post-duplicator,medium
+  tags: cve,wordpress,wp-plugin,post-duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49836-5f63dbab28102f21dce668e1dd09a569.yaml b/nuclei-templates/2023/CVE-2023-49836-5f63dbab28102f21dce668e1dd09a569.yaml
index 44da645d6b..5b85c479bc 100644
--- a/nuclei-templates/2023/CVE-2023-49836-5f63dbab28102f21dce668e1dd09a569.yaml
+++ b/nuclei-templates/2023/CVE-2023-49836-5f63dbab28102f21dce668e1dd09a569.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Bar <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cookie Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookie-bar/"
     google-query: inurl:"/wp-content/plugins/cookie-bar/"
     shodan-query: 'vuln:CVE-2023-49836'
-  tags: cve,wordpress,wp-plugin,cookie-bar,medium
+  tags: cve,wordpress,wp-plugin,cookie-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49837-b2367564b8e810af49ec2f68b7f40f1d.yaml b/nuclei-templates/2023/CVE-2023-49837-b2367564b8e810af49ec2f68b7f40f1d.yaml
index 79942086ad..6c626d1cbe 100644
--- a/nuclei-templates/2023/CVE-2023-49837-b2367564b8e810af49ec2f68b7f40f1d.yaml
+++ b/nuclei-templates/2023/CVE-2023-49837-b2367564b8e810af49ec2f68b7f40f1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Code Embed <= 2.3.6 - Authenticated(Contributor+) Denial of Service
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Code Embed plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with contributor access and above, to disrupt access to the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-embed-code/"
     google-query: inurl:"/wp-content/plugins/simple-embed-code/"
     shodan-query: 'vuln:CVE-2023-49837'
-  tags: cve,wordpress,wp-plugin,simple-embed-code,medium
+  tags: cve,wordpress,wp-plugin,simple-embed-code,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49838-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml b/nuclei-templates/2023/CVE-2023-49838-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml
index af0c0540c4..d09c580114 100644
--- a/nuclei-templates/2023/CVE-2023-49838-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml
+++ b/nuclei-templates/2023/CVE-2023-49838-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2023-49838
   metadata:
-    fofa-query: "wp-content/themes/medibazar/"
-    google-query: inurl:"/wp-content/themes/medibazar/"
+    fofa-query: "wp-content/themes/partdo/"
+    google-query: inurl:"/wp-content/themes/partdo/"
     shodan-query: 'vuln:CVE-2023-49838'
-  tags: cve,wordpress,wp-theme,medibazar,medium
+  tags: cve,wordpress,wp-theme,partdo,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/medibazar/style.css"
+      - "{{BaseURL}}/wp-content/themes/partdo/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "medibazar"
+          - "partdo"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.8.6')
\ No newline at end of file
+          - compare_versions(version, '<= 1.1.1')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-49839-0e249eccad21574e2f41d6b727c12756.yaml b/nuclei-templates/2023/CVE-2023-49839-0e249eccad21574e2f41d6b727c12756.yaml
index efd2c45b5b..8a788ebb59 100644
--- a/nuclei-templates/2023/CVE-2023-49839-0e249eccad21574e2f41d6b727c12756.yaml
+++ b/nuclei-templates/2023/CVE-2023-49839-0e249eccad21574e2f41d6b727c12756.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-49839
   metadata:
-    fofa-query: "wp-content/plugins/cosmetsy-core/"
-    google-query: inurl:"/wp-content/plugins/cosmetsy-core/"
+    fofa-query: "wp-content/plugins/furnob-core/"
+    google-query: inurl:"/wp-content/plugins/furnob-core/"
     shodan-query: 'vuln:CVE-2023-49839'
-  tags: cve,wordpress,wp-plugin,cosmetsy-core,medium
+  tags: cve,wordpress,wp-plugin,furnob-core,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/cosmetsy-core/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/furnob-core/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "cosmetsy-core"
+          - "furnob-core"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.3.0')
\ No newline at end of file
+          - compare_versions(version, '<= 1.1.7')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-49841-d9b7d332948d93ec19ade23944fe8ee3.yaml b/nuclei-templates/2023/CVE-2023-49841-d9b7d332948d93ec19ade23944fe8ee3.yaml
index 6890381ae7..c8db64fde0 100644
--- a/nuclei-templates/2023/CVE-2023-49841-d9b7d332948d93ec19ade23944fe8ee3.yaml
+++ b/nuclei-templates/2023/CVE-2023-49841-d9b7d332948d93ec19ade23944fe8ee3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Optin Forms <= 1.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Optin Forms – Simple List Building Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/optin-forms/"
     google-query: inurl:"/wp-content/plugins/optin-forms/"
     shodan-query: 'vuln:CVE-2023-49841'
-  tags: cve,wordpress,wp-plugin,optin-forms,medium
+  tags: cve,wordpress,wp-plugin,optin-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49842-28d27bb70102b6a3ff9c97ba43afec20.yaml b/nuclei-templates/2023/CVE-2023-49842-28d27bb70102b6a3ff9c97ba43afec20.yaml
index ead684c932..791478547c 100644
--- a/nuclei-templates/2023/CVE-2023-49842-28d27bb70102b6a3ff9c97ba43afec20.yaml
+++ b/nuclei-templates/2023/CVE-2023-49842-28d27bb70102b6a3ff9c97ba43afec20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rocket Maintenance Mode & Coming Soon Page <= 4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rocket Maintenance Mode & Coming Soon Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rocket-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/rocket-maintenance-mode/"
     shodan-query: 'vuln:CVE-2023-49842'
-  tags: cve,wordpress,wp-plugin,rocket-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,rocket-maintenance-mode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49845-05abcb4b1243c795ddc0ecd996fc16e3.yaml b/nuclei-templates/2023/CVE-2023-49845-05abcb4b1243c795ddc0ecd996fc16e3.yaml
index b455b02b56..65d359e686 100644
--- a/nuclei-templates/2023/CVE-2023-49845-05abcb4b1243c795ddc0ecd996fc16e3.yaml
+++ b/nuclei-templates/2023/CVE-2023-49845-05abcb4b1243c795ddc0ecd996fc16e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirects <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirects plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on tan unknown function in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirects/"
     google-query: inurl:"/wp-content/plugins/redirects/"
     shodan-query: 'vuln:CVE-2023-49845'
-  tags: cve,wordpress,wp-plugin,redirects,medium
+  tags: cve,wordpress,wp-plugin,redirects,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49846-2ba7e464285026388de6685dba844dbc.yaml b/nuclei-templates/2023/CVE-2023-49846-2ba7e464285026388de6685dba844dbc.yaml
index 3c4e59994f..db416ef2a5 100644
--- a/nuclei-templates/2023/CVE-2023-49846-2ba7e464285026388de6685dba844dbc.yaml
+++ b/nuclei-templates/2023/CVE-2023-49846-2ba7e464285026388de6685dba844dbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Author Avatars List/Block <= 2.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Author Avatars List/Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/author-avatars/"
     google-query: inurl:"/wp-content/plugins/author-avatars/"
     shodan-query: 'vuln:CVE-2023-49846'
-  tags: cve,wordpress,wp-plugin,author-avatars,medium
+  tags: cve,wordpress,wp-plugin,author-avatars,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49847-c19853d6227a07842c1d1043daa343e2.yaml b/nuclei-templates/2023/CVE-2023-49847-c19853d6227a07842c1d1043daa343e2.yaml
index e5e40f1f99..76f53cda58 100644
--- a/nuclei-templates/2023/CVE-2023-49847-c19853d6227a07842c1d1043daa343e2.yaml
+++ b/nuclei-templates/2023/CVE-2023-49847-c19853d6227a07842c1d1043daa343e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Annual Archive <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Annual Archive plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anual-archive/"
     google-query: inurl:"/wp-content/plugins/anual-archive/"
     shodan-query: 'vuln:CVE-2023-49847'
-  tags: cve,wordpress,wp-plugin,anual-archive,medium
+  tags: cve,wordpress,wp-plugin,anual-archive,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49848-b53f2739c791cac0974587f72b226309.yaml b/nuclei-templates/2023/CVE-2023-49848-b53f2739c791cac0974587f72b226309.yaml
index deb05775e9..acc01c1312 100644
--- a/nuclei-templates/2023/CVE-2023-49848-b53f2739c791cac0974587f72b226309.yaml
+++ b/nuclei-templates/2023/CVE-2023-49848-b53f2739c791cac0974587f72b226309.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-aliexpress-dropshipping/"
     google-query: inurl:"/wp-content/plugins/woo-aliexpress-dropshipping/"
     shodan-query: 'vuln:CVE-2023-49848'
-  tags: cve,wordpress,wp-plugin,woo-aliexpress-dropshipping,medium
+  tags: cve,wordpress,wp-plugin,woo-aliexpress-dropshipping,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49849-30441a12301c990d7aaae2342a03a490.yaml b/nuclei-templates/2023/CVE-2023-49849-30441a12301c990d7aaae2342a03a490.yaml
index c3aa993938..bd13103827 100644
--- a/nuclei-templates/2023/CVE-2023-49849-30441a12301c990d7aaae2342a03a490.yaml
+++ b/nuclei-templates/2023/CVE-2023-49849-30441a12301c990d7aaae2342a03a490.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcoder <= 6.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shortcoder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcoder/"
     google-query: inurl:"/wp-content/plugins/shortcoder/"
     shodan-query: 'vuln:CVE-2023-49849'
-  tags: cve,wordpress,wp-plugin,shortcoder,medium
+  tags: cve,wordpress,wp-plugin,shortcoder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49850-1697fb18453f32ca7e1c0790f12f9bda.yaml b/nuclei-templates/2023/CVE-2023-49850-1697fb18453f32ca7e1c0790f12f9bda.yaml
index a82bf27dae..4b19bed999 100644
--- a/nuclei-templates/2023/CVE-2023-49850-1697fb18453f32ca7e1c0790f12f9bda.yaml
+++ b/nuclei-templates/2023/CVE-2023-49850-1697fb18453f32ca7e1c0790f12f9bda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Simple HTML Sitemap <= 2.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Simple HTML Sitemap plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an several functions in versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-simple-html-sitemap/"
     google-query: inurl:"/wp-content/plugins/wp-simple-html-sitemap/"
     shodan-query: 'vuln:CVE-2023-49850'
-  tags: cve,wordpress,wp-plugin,wp-simple-html-sitemap,medium
+  tags: cve,wordpress,wp-plugin,wp-simple-html-sitemap,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49851-e4179682cad3bde3b1674a51f6f83b60.yaml b/nuclei-templates/2023/CVE-2023-49851-e4179682cad3bde3b1674a51f6f83b60.yaml
index 35ae21b8f2..6d10456beb 100644
--- a/nuclei-templates/2023/CVE-2023-49851-e4179682cad3bde3b1674a51f6f83b60.yaml
+++ b/nuclei-templates/2023/CVE-2023-49851-e4179682cad3bde3b1674a51f6f83b60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Square Thumbnails <= 1.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Square Thumbnails plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/square-thumbnails/"
     google-query: inurl:"/wp-content/plugins/square-thumbnails/"
     shodan-query: 'vuln:CVE-2023-49851'
-  tags: cve,wordpress,wp-plugin,square-thumbnails,medium
+  tags: cve,wordpress,wp-plugin,square-thumbnails,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49852-62cee29d32c85b3a5dc1219c65c05aa1.yaml b/nuclei-templates/2023/CVE-2023-49852-62cee29d32c85b3a5dc1219c65c05aa1.yaml
index cc243b5f3a..e5f64d6331 100644
--- a/nuclei-templates/2023/CVE-2023-49852-62cee29d32c85b3a5dc1219c65c05aa1.yaml
+++ b/nuclei-templates/2023/CVE-2023-49852-62cee29d32c85b3a5dc1219c65c05aa1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Slick Slider WordPress <= 1.4 - Authenticated (Contributor+) Content Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Slick Slider WordPress plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-slick-slider/"
     google-query: inurl:"/wp-content/plugins/responsive-slick-slider/"
     shodan-query: 'vuln:CVE-2023-49852'
-  tags: cve,wordpress,wp-plugin,responsive-slick-slider,medium
+  tags: cve,wordpress,wp-plugin,responsive-slick-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49856-9c331f426cf6396a6a2c802b7f7eeb8d.yaml b/nuclei-templates/2023/CVE-2023-49856-9c331f426cf6396a6a2c802b7f7eeb8d.yaml
index c12c902503..c035d50662 100644
--- a/nuclei-templates/2023/CVE-2023-49856-9c331f426cf6396a6a2c802b7f7eeb8d.yaml
+++ b/nuclei-templates/2023/CVE-2023-49856-9c331f426cf6396a6a2c802b7f7eeb8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Forms <= 2.6.84 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the smart_forms_save_settings() function hooked via AJAX in versions up to, and including, 2.6.84. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be used for remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-forms/"
     google-query: inurl:"/wp-content/plugins/smart-forms/"
     shodan-query: 'vuln:CVE-2023-49856'
-  tags: cve,wordpress,wp-plugin,smart-forms,high
+  tags: cve,wordpress,wp-plugin,smart-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49858-325931d9fc1c27761908e3875605b580.yaml b/nuclei-templates/2023/CVE-2023-49858-325931d9fc1c27761908e3875605b580.yaml
index aa6f8611db..ab5c604602 100644
--- a/nuclei-templates/2023/CVE-2023-49858-325931d9fc1c27761908e3875605b580.yaml
+++ b/nuclei-templates/2023/CVE-2023-49858-325931d9fc1c27761908e3875605b580.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Login <= 4.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Custom Login plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-login/"
     google-query: inurl:"/wp-content/plugins/custom-login/"
     shodan-query: 'vuln:CVE-2023-49858'
-  tags: cve,wordpress,wp-plugin,custom-login,medium
+  tags: cve,wordpress,wp-plugin,custom-login,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49859-fe796847eb830527572fd03364591cba.yaml b/nuclei-templates/2023/CVE-2023-49859-fe796847eb830527572fd03364591cba.yaml
index 5717e02c91..8ab42c2ca5 100644
--- a/nuclei-templates/2023/CVE-2023-49859-fe796847eb830527572fd03364591cba.yaml
+++ b/nuclei-templates/2023/CVE-2023-49859-fe796847eb830527572fd03364591cba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login With Ajax <= 4.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Login With Ajax plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-ajax/"
     google-query: inurl:"/wp-content/plugins/login-with-ajax/"
     shodan-query: 'vuln:CVE-2023-49859'
-  tags: cve,wordpress,wp-plugin,login-with-ajax,medium
+  tags: cve,wordpress,wp-plugin,login-with-ajax,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49860-4c439a45b0012520f242bad12e03107a.yaml b/nuclei-templates/2023/CVE-2023-49860-4c439a45b0012520f242bad12e03107a.yaml
index e8498669b3..086116e5d7 100644
--- a/nuclei-templates/2023/CVE-2023-49860-4c439a45b0012520f242bad12e03107a.yaml
+++ b/nuclei-templates/2023/CVE-2023-49860-4c439a45b0012520f242bad12e03107a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Project Manager <= 2.6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wedevs-project-manager/"
     google-query: inurl:"/wp-content/plugins/wedevs-project-manager/"
     shodan-query: 'vuln:CVE-2023-49860'
-  tags: cve,wordpress,wp-plugin,wedevs-project-manager,medium
+  tags: cve,wordpress,wp-plugin,wedevs-project-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-49861-fb9c081792eb804457cb99e8fe8f106d.yaml b/nuclei-templates/2023/CVE-2023-49861-fb9c081792eb804457cb99e8fe8f106d.yaml
index 716c9edc38..775aaf2f9f 100644
--- a/nuclei-templates/2023/CVE-2023-49861-fb9c081792eb804457cb99e8fe8f106d.yaml
+++ b/nuclei-templates/2023/CVE-2023-49861-fb9c081792eb804457cb99e8fe8f106d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Feather <= 2.1.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Media Feather plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on two functions in versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to hide notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-media-feather/"
     google-query: inurl:"/wp-content/plugins/social-media-feather/"
     shodan-query: 'vuln:CVE-2023-49861'
-  tags: cve,wordpress,wp-plugin,social-media-feather,medium
+  tags: cve,wordpress,wp-plugin,social-media-feather,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4994-ab57e6fe4cbafa10ab5f9c2c276102ac.yaml b/nuclei-templates/2023/CVE-2023-4994-ab57e6fe4cbafa10ab5f9c2c276102ac.yaml
index ffa7dd2791..a247530d67 100644
--- a/nuclei-templates/2023/CVE-2023-4994-ab57e6fe4cbafa10ab5f9c2c276102ac.yaml
+++ b/nuclei-templates/2023/CVE-2023-4994-ab57e6fe4cbafa10ab5f9c2c276102ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/allow-php-in-posts-and-pages/"
     google-query: inurl:"/wp-content/plugins/allow-php-in-posts-and-pages/"
     shodan-query: 'vuln:CVE-2023-4994'
-  tags: cve,wordpress,wp-plugin,allow-php-in-posts-and-pages,critical
+  tags: cve,wordpress,wp-plugin,allow-php-in-posts-and-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4995-6520a4a851336aa904cc04b7b33623a5.yaml b/nuclei-templates/2023/CVE-2023-4995-6520a4a851336aa904cc04b7b33623a5.yaml
index 327e0d6d24..e56273c737 100644
--- a/nuclei-templates/2023/CVE-2023-4995-6520a4a851336aa904cc04b7b33623a5.yaml
+++ b/nuclei-templates/2023/CVE-2023-4995-6520a4a851336aa904cc04b7b33623a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Embed Calendly <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embed-calendly-scheduling/"
     google-query: inurl:"/wp-content/plugins/embed-calendly-scheduling/"
     shodan-query: 'vuln:CVE-2023-4995'
-  tags: cve,wordpress,wp-plugin,embed-calendly-scheduling,medium
+  tags: cve,wordpress,wp-plugin,embed-calendly-scheduling,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-4999-c7a804f58a12769a69ea7efb7fd135b4.yaml b/nuclei-templates/2023/CVE-2023-4999-c7a804f58a12769a69ea7efb7fd135b4.yaml
index 4e9e5e846e..5f5f475781 100644
--- a/nuclei-templates/2023/CVE-2023-4999-c7a804f58a12769a69ea7efb7fd135b4.yaml
+++ b/nuclei-templates/2023/CVE-2023-4999-c7a804f58a12769a69ea7efb7fd135b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Horizontal scrolling announcement <= 9.2 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/horizontal-scrolling-announcement/"
     google-query: inurl:"/wp-content/plugins/horizontal-scrolling-announcement/"
     shodan-query: 'vuln:CVE-2023-4999'
-  tags: cve,wordpress,wp-plugin,horizontal-scrolling-announcement,high
+  tags: cve,wordpress,wp-plugin,horizontal-scrolling-announcement,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5001-797d8c237b397ae53a63dd9186307bf3.yaml b/nuclei-templates/2023/CVE-2023-5001-797d8c237b397ae53a63dd9186307bf3.yaml
index b88b96cab9..256af5281b 100644
--- a/nuclei-templates/2023/CVE-2023-5001-797d8c237b397ae53a63dd9186307bf3.yaml
+++ b/nuclei-templates/2023/CVE-2023-5001-797d8c237b397ae53a63dd9186307bf3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Horizontal scrolling announcement <= 9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Horizontal scrolling announcement for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/horizontal-scrolling-announcement/"
     google-query: inurl:"/wp-content/plugins/horizontal-scrolling-announcement/"
     shodan-query: 'vuln:CVE-2023-5001'
-  tags: cve,wordpress,wp-plugin,horizontal-scrolling-announcement,medium
+  tags: cve,wordpress,wp-plugin,horizontal-scrolling-announcement,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5005-4113301795a9f6abc828e53db152bc61.yaml b/nuclei-templates/2023/CVE-2023-5005-4113301795a9f6abc828e53db152bc61.yaml
index ed8464483e..4a4dd1c6d7 100644
--- a/nuclei-templates/2023/CVE-2023-5005-4113301795a9f6abc828e53db152bc61.yaml
+++ b/nuclei-templates/2023/CVE-2023-5005-4113301795a9f6abc828e53db152bc61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Autocomplete Location field Contact Form 7 <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Autocomplete Location field Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autocomplete-location-field-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/autocomplete-location-field-contact-form-7/"
     shodan-query: 'vuln:CVE-2023-5005'
-  tags: cve,wordpress,wp-plugin,autocomplete-location-field-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,autocomplete-location-field-contact-form-7,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50368-700e36ec39fe3e8c88c494279e29f4d3.yaml b/nuclei-templates/2023/CVE-2023-50368-700e36ec39fe3e8c88c494279e29f4d3.yaml
index ebdca58391..80a7c39254 100644
--- a/nuclei-templates/2023/CVE-2023-50368-700e36ec39fe3e8c88c494279e29f4d3.yaml
+++ b/nuclei-templates/2023/CVE-2023-50368-700e36ec39fe3e8c88c494279e29f4d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes and extra features for Phlox theme <= 2.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.15.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auxin-elements/"
     google-query: inurl:"/wp-content/plugins/auxin-elements/"
     shodan-query: 'vuln:CVE-2023-50368'
-  tags: cve,wordpress,wp-plugin,auxin-elements,medium
+  tags: cve,wordpress,wp-plugin,auxin-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50369-046fbaec2a225aa81dc9d68e003387fa.yaml b/nuclei-templates/2023/CVE-2023-50369-046fbaec2a225aa81dc9d68e003387fa.yaml
index 7d4af7e0a0..9c738ffb26 100644
--- a/nuclei-templates/2023/CVE-2023-50369-046fbaec2a225aa81dc9d68e003387fa.yaml
+++ b/nuclei-templates/2023/CVE-2023-50369-046fbaec2a225aa81dc9d68e003387fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Alma – Pay in installments or later for WooCommerce <= 5.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Alma – Pay in installments or later for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alma-gateway-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/alma-gateway-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-50369'
-  tags: cve,wordpress,wp-plugin,alma-gateway-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,alma-gateway-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50370-43cb177771740873ed7f858ac79c4db6.yaml b/nuclei-templates/2023/CVE-2023-50370-43cb177771740873ed7f858ac79c4db6.yaml
index b9d96ed918..d1190d6aea 100644
--- a/nuclei-templates/2023/CVE-2023-50370-43cb177771740873ed7f858ac79c4db6.yaml
+++ b/nuclei-templates/2023/CVE-2023-50370-43cb177771740873ed7f858ac79c4db6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Livemesh Addons for WPBakery Page Builder <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Livemesh Addons for WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-visual-composer/"
     google-query: inurl:"/wp-content/plugins/addons-for-visual-composer/"
     shodan-query: 'vuln:CVE-2023-50370'
-  tags: cve,wordpress,wp-plugin,addons-for-visual-composer,medium
+  tags: cve,wordpress,wp-plugin,addons-for-visual-composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50371-51ed12a9f2c55cf6d27dee66a25ab3d5.yaml b/nuclei-templates/2023/CVE-2023-50371-51ed12a9f2c55cf6d27dee66a25ab3d5.yaml
index 4c20f11d8f..70f886ab7c 100644
--- a/nuclei-templates/2023/CVE-2023-50371-51ed12a9f2c55cf6d27dee66a25ab3d5.yaml
+++ b/nuclei-templates/2023/CVE-2023-50371-51ed12a9f2c55cf6d27dee66a25ab3d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Page Visit Counter <= 8.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Page Visit Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-page-visit-counter/"
     google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/"
     shodan-query: 'vuln:CVE-2023-50371'
-  tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,medium
+  tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50373-d805d4a834d45dbc023ff957c63ddbf7.yaml b/nuclei-templates/2023/CVE-2023-50373-d805d4a834d45dbc023ff957c63ddbf7.yaml
index f878d43a67..e47ef32954 100644
--- a/nuclei-templates/2023/CVE-2023-50373-d805d4a834d45dbc023ff957c63ddbf7.yaml
+++ b/nuclei-templates/2023/CVE-2023-50373-d805d4a834d45dbc023ff957c63ddbf7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Alt Manager <= 1.6.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Alt Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alt-manager/"
     google-query: inurl:"/wp-content/plugins/alt-manager/"
     shodan-query: 'vuln:CVE-2023-50373'
-  tags: cve,wordpress,wp-plugin,alt-manager,medium
+  tags: cve,wordpress,wp-plugin,alt-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50374-4532b4dbcf2e547347daa5207db523f5.yaml b/nuclei-templates/2023/CVE-2023-50374-4532b4dbcf2e547347daa5207db523f5.yaml
index 25f715c702..c88befa866 100644
--- a/nuclei-templates/2023/CVE-2023-50374-4532b4dbcf2e547347daa5207db523f5.yaml
+++ b/nuclei-templates/2023/CVE-2023-50374-4532b4dbcf2e547347daa5207db523f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CMP – Coming Soon & Maintenance <= 4.1.10 - Authenticated (Admin+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.10. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cmp-coming-soon-maintenance/"
     google-query: inurl:"/wp-content/plugins/cmp-coming-soon-maintenance/"
     shodan-query: 'vuln:CVE-2023-50374'
-  tags: cve,wordpress,wp-plugin,cmp-coming-soon-maintenance,medium
+  tags: cve,wordpress,wp-plugin,cmp-coming-soon-maintenance,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50375-1cc23bdae3a780fc80463f59518007e6.yaml b/nuclei-templates/2023/CVE-2023-50375-1cc23bdae3a780fc80463f59518007e6.yaml
index 1687db441e..d2036ced26 100644
--- a/nuclei-templates/2023/CVE-2023-50375-1cc23bdae3a780fc80463f59518007e6.yaml
+++ b/nuclei-templates/2023/CVE-2023-50375-1cc23bdae3a780fc80463f59518007e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Language Translator <= 6.0.19 - Missing Authorization via admin notifications
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Google Language Translator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple admin notification functions in versions up to, and including, 6.0.19. This makes it possible for unauthenticated attackers to set admin notifications to an ignored status.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-language-translator/"
     google-query: inurl:"/wp-content/plugins/google-language-translator/"
     shodan-query: 'vuln:CVE-2023-50375'
-  tags: cve,wordpress,wp-plugin,google-language-translator,medium
+  tags: cve,wordpress,wp-plugin,google-language-translator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50377-2583c8c1dd1479446cbf085c6134c883.yaml b/nuclei-templates/2023/CVE-2023-50377-2583c8c1dd1479446cbf085c6134c883.yaml
index aeb04ab26f..46c051dc20 100644
--- a/nuclei-templates/2023/CVE-2023-50377-2583c8c1dd1479446cbf085c6134c883.yaml
+++ b/nuclei-templates/2023/CVE-2023-50377-2583c8c1dd1479446cbf085c6134c883.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Counter <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/abwp-simple-counter/"
     google-query: inurl:"/wp-content/plugins/abwp-simple-counter/"
     shodan-query: 'vuln:CVE-2023-50377'
-  tags: cve,wordpress,wp-plugin,abwp-simple-counter,medium
+  tags: cve,wordpress,wp-plugin,abwp-simple-counter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5041-61b51e0560f095cce3544140b3170777.yaml b/nuclei-templates/2023/CVE-2023-5041-61b51e0560f095cce3544140b3170777.yaml
index 9d1fa29191..0de1ce0679 100644
--- a/nuclei-templates/2023/CVE-2023-5041-61b51e0560f095cce3544140b3170777.yaml
+++ b/nuclei-templates/2023/CVE-2023-5041-61b51e0560f095cce3544140b3170777.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Track The Click <= 0.3.11 - Authenticated (Author+) SQL Injection via 'stats' REST Endpoint
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Track The Click plugin for WordPress is vulnerable to time-based SQL Injection in versions up to, and including, 0.3.11 due to insufficient escaping on user supplied data submitted via the 'stats' REST endpoint and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with author-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: This issue was partially fixed in 0.3.11 and completely fixed in 0.3.12.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/track-the-click/"
     google-query: inurl:"/wp-content/plugins/track-the-click/"
     shodan-query: 'vuln:CVE-2023-5041'
-  tags: cve,wordpress,wp-plugin,track-the-click,high
+  tags: cve,wordpress,wp-plugin,track-the-click,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5048-eff7610d5a81227a5c58edb7e81bb7b8.yaml b/nuclei-templates/2023/CVE-2023-5048-eff7610d5a81227a5c58edb7e81bb7b8.yaml
index 7bfda793e3..899d91d9a7 100644
--- a/nuclei-templates/2023/CVE-2023-5048-eff7610d5a81227a5c58edb7e81bb7b8.yaml
+++ b/nuclei-templates/2023/CVE-2023-5048-eff7610d5a81227a5c58edb7e81bb7b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WDContactFormBuilder <= 1.0.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Contact_Form_Builder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-builder/"
     google-query: inurl:"/wp-content/plugins/contact-form-builder/"
     shodan-query: 'vuln:CVE-2023-5048'
-  tags: cve,wordpress,wp-plugin,contact-form-builder,medium
+  tags: cve,wordpress,wp-plugin,contact-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5049-1a4de07092fc301c92fce8ed74ad446d.yaml b/nuclei-templates/2023/CVE-2023-5049-1a4de07092fc301c92fce8ed74ad446d.yaml
index d5aaaa7518..e730550ea6 100644
--- a/nuclei-templates/2023/CVE-2023-5049-1a4de07092fc301c92fce8ed74ad446d.yaml
+++ b/nuclei-templates/2023/CVE-2023-5049-1a4de07092fc301c92fce8ed74ad446d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rafflepress/"
     google-query: inurl:"/wp-content/plugins/rafflepress/"
     shodan-query: 'vuln:CVE-2023-5049'
-  tags: cve,wordpress,wp-plugin,rafflepress,medium
+  tags: cve,wordpress,wp-plugin,rafflepress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5050-5c2752426bec20e3d652e4f604fa0685.yaml b/nuclei-templates/2023/CVE-2023-5050-5c2752426bec20e3d652e4f604fa0685.yaml
index 6e69f2a134..3b548814b0 100644
--- a/nuclei-templates/2023/CVE-2023-5050-5c2752426bec20e3d652e4f604fa0685.yaml
+++ b/nuclei-templates/2023/CVE-2023-5050-5c2752426bec20e3d652e4f604fa0685.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaflet Map <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaflet-map/"
     google-query: inurl:"/wp-content/plugins/leaflet-map/"
     shodan-query: 'vuln:CVE-2023-5050'
-  tags: cve,wordpress,wp-plugin,leaflet-map,medium
+  tags: cve,wordpress,wp-plugin,leaflet-map,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5051-1c049cc07d2d3d3aff9e887e6aede6d7.yaml b/nuclei-templates/2023/CVE-2023-5051-1c049cc07d2d3d3aff9e887e6aede6d7.yaml
index c4280e2b99..3ba11d2f16 100644
--- a/nuclei-templates/2023/CVE-2023-5051-1c049cc07d2d3d3aff9e887e6aede6d7.yaml
+++ b/nuclei-templates/2023/CVE-2023-5051-1c049cc07d2d3d3aff9e887e6aede6d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CallRail Phone Call Tracking <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'form_id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/callrail-phone-call-tracking/"
     google-query: inurl:"/wp-content/plugins/callrail-phone-call-tracking/"
     shodan-query: 'vuln:CVE-2023-5051'
-  tags: cve,wordpress,wp-plugin,callrail-phone-call-tracking,medium
+  tags: cve,wordpress,wp-plugin,callrail-phone-call-tracking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5057-e408b7193fb2b136537798455a49df5e.yaml b/nuclei-templates/2023/CVE-2023-5057-e408b7193fb2b136537798455a49df5e.yaml
index df4da2859d..0634c82f8f 100644
--- a/nuclei-templates/2023/CVE-2023-5057-e408b7193fb2b136537798455a49df5e.yaml
+++ b/nuclei-templates/2023/CVE-2023-5057-e408b7193fb2b136537798455a49df5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Metadata
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ActivityPub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user metadata in versions up to, and including, 0.17.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activitypub/"
     google-query: inurl:"/wp-content/plugins/activitypub/"
     shodan-query: 'vuln:CVE-2023-5057'
-  tags: cve,wordpress,wp-plugin,activitypub,medium
+  tags: cve,wordpress,wp-plugin,activitypub,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5062-c499c5763cb0c8fadcbd79a7862db8b4.yaml b/nuclei-templates/2023/CVE-2023-5062-c499c5763cb0c8fadcbd79a7862db8b4.yaml
index 67b613298e..98705a7f01 100644
--- a/nuclei-templates/2023/CVE-2023-5062-c499c5763cb0c8fadcbd79a7862db8b4.yaml
+++ b/nuclei-templates/2023/CVE-2023-5062-c499c5763cb0c8fadcbd79a7862db8b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Charts <= 0.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-charts/"
     google-query: inurl:"/wp-content/plugins/wp-charts/"
     shodan-query: 'vuln:CVE-2023-5062'
-  tags: cve,wordpress,wp-plugin,wp-charts,medium
+  tags: cve,wordpress,wp-plugin,wp-charts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5063-d5afc9936d3ec0ef2f1ebf204d2b6f90.yaml b/nuclei-templates/2023/CVE-2023-5063-d5afc9936d3ec0ef2f1ebf204d2b6f90.yaml
index 58c3f1ee39..d46c14e5d5 100644
--- a/nuclei-templates/2023/CVE-2023-5063-d5afc9936d3ec0ef2f1ebf204d2b6f90.yaml
+++ b/nuclei-templates/2023/CVE-2023-5063-d5afc9936d3ec0ef2f1ebf204d2b6f90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Widget Responsive for Youtube <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youtube-widget-responsive/"
     google-query: inurl:"/wp-content/plugins/youtube-widget-responsive/"
     shodan-query: 'vuln:CVE-2023-5063'
-  tags: cve,wordpress,wp-plugin,youtube-widget-responsive,medium
+  tags: cve,wordpress,wp-plugin,youtube-widget-responsive,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5071-1db1c2d5f1fad40eb6b6cd9715e502a3.yaml b/nuclei-templates/2023/CVE-2023-5071-1db1c2d5f1fad40eb6b6cd9715e502a3.yaml
index 13e65db2b4..83bb717f5e 100644
--- a/nuclei-templates/2023/CVE-2023-5071-1db1c2d5f1fad40eb6b6cd9715e502a3.yaml
+++ b/nuclei-templates/2023/CVE-2023-5071-1db1c2d5f1fad40eb6b6cd9715e502a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sitekit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe' shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitekit/"
     google-query: inurl:"/wp-content/plugins/sitekit/"
     shodan-query: 'vuln:CVE-2023-5071'
-  tags: cve,wordpress,wp-plugin,sitekit,medium
+  tags: cve,wordpress,wp-plugin,sitekit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5073-0e32b41ab13a7d99daea1bd1091ef1a3.yaml b/nuclei-templates/2023/CVE-2023-5073-0e32b41ab13a7d99daea1bd1091ef1a3.yaml
index 3c736dd900..afb16603a1 100644
--- a/nuclei-templates/2023/CVE-2023-5073-0e32b41ab13a7d99daea1bd1091ef1a3.yaml
+++ b/nuclei-templates/2023/CVE-2023-5073-0e32b41ab13a7d99daea1bd1091ef1a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iframe forms <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframe Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iframe-forms/"
     google-query: inurl:"/wp-content/plugins/iframe-forms/"
     shodan-query: 'vuln:CVE-2023-5073'
-  tags: cve,wordpress,wp-plugin,iframe-forms,medium
+  tags: cve,wordpress,wp-plugin,iframe-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5076-a3ba5f2761ca9302a85775ee3b727b37.yaml b/nuclei-templates/2023/CVE-2023-5076-a3ba5f2761ca9302a85775ee3b727b37.yaml
index b956c1e883..efef74546f 100644
--- a/nuclei-templates/2023/CVE-2023-5076-a3ba5f2761ca9302a85775ee3b727b37.yaml
+++ b/nuclei-templates/2023/CVE-2023-5076-a3ba5f2761ca9302a85775ee3b727b37.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ziteboard Online Whiteboard <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ziteboard Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ziteboard-online-whiteboard/"
     google-query: inurl:"/wp-content/plugins/ziteboard-online-whiteboard/"
     shodan-query: 'vuln:CVE-2023-5076'
-  tags: cve,wordpress,wp-plugin,ziteboard-online-whiteboard,medium
+  tags: cve,wordpress,wp-plugin,ziteboard-online-whiteboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5082-8c87a28bec934dcd5364cbdca924c771.yaml b/nuclei-templates/2023/CVE-2023-5082-8c87a28bec934dcd5364cbdca924c771.yaml
index e36a4cfcae..ea15f82878 100644
--- a/nuclei-templates/2023/CVE-2023-5082-8c87a28bec934dcd5364cbdca924c771.yaml
+++ b/nuclei-templates/2023/CVE-2023-5082-8c87a28bec934dcd5364cbdca924c771.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     History Log by click5 <= 1.0.12 - Authenticated(Administrator+) Time-Based Blind SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The History Log by click5 plugin for WordPress is vulnerable to time-based SQL Injection via the mail log functionality in all versions up to, and including, 1.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/history-log-by-click5/"
     google-query: inurl:"/wp-content/plugins/history-log-by-click5/"
     shodan-query: 'vuln:CVE-2023-5082'
-  tags: cve,wordpress,wp-plugin,history-log-by-click5,medium
+  tags: cve,wordpress,wp-plugin,history-log-by-click5,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50822-07141f22dbd69d711616f0823783fd10.yaml b/nuclei-templates/2023/CVE-2023-50822-07141f22dbd69d711616f0823783fd10.yaml
index 7688ca944b..20385266c3 100644
--- a/nuclei-templates/2023/CVE-2023-50822-07141f22dbd69d711616f0823783fd10.yaml
+++ b/nuclei-templates/2023/CVE-2023-50822-07141f22dbd69d711616f0823783fd10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Currency Converter Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Currency Converter Widget – Exchange Rates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/currency-converter-widget/"
     google-query: inurl:"/wp-content/plugins/currency-converter-widget/"
     shodan-query: 'vuln:CVE-2023-50822'
-  tags: cve,wordpress,wp-plugin,currency-converter-widget,medium
+  tags: cve,wordpress,wp-plugin,currency-converter-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50823-72b05538a975fe47e341442f2bdeeabf.yaml b/nuclei-templates/2023/CVE-2023-50823-72b05538a975fe47e341442f2bdeeabf.yaml
index f058313ef5..f842cb98bd 100644
--- a/nuclei-templates/2023/CVE-2023-50823-72b05538a975fe47e341442f2bdeeabf.yaml
+++ b/nuclei-templates/2023/CVE-2023-50823-72b05538a975fe47e341442f2bdeeabf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CSS & JavaScript Toolbox <= 11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CSS & JavaScript Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 11.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/css-javascript-toolbox/"
     google-query: inurl:"/wp-content/plugins/css-javascript-toolbox/"
     shodan-query: 'vuln:CVE-2023-50823'
-  tags: cve,wordpress,wp-plugin,css-javascript-toolbox,medium
+  tags: cve,wordpress,wp-plugin,css-javascript-toolbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50824-a841f648b0bdbeeaa745d6da10e2cfec.yaml b/nuclei-templates/2023/CVE-2023-50824-a841f648b0bdbeeaa745d6da10e2cfec.yaml
index 7d2e9f5adf..14eaac55e1 100644
--- a/nuclei-templates/2023/CVE-2023-50824-a841f648b0bdbeeaa745d6da10e2cfec.yaml
+++ b/nuclei-templates/2023/CVE-2023-50824-a841f648b0bdbeeaa745d6da10e2cfec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Insert or Embed Articulate Content into WordPress <= 4.3000000021 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3000000021 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/"
     google-query: inurl:"/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/"
     shodan-query: 'vuln:CVE-2023-50824'
-  tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,medium
+  tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50825-ff7d4698a1b99dc4dd381f78e045f0a7.yaml b/nuclei-templates/2023/CVE-2023-50825-ff7d4698a1b99dc4dd381f78e045f0a7.yaml
index da7502856c..2c754e324a 100644
--- a/nuclei-templates/2023/CVE-2023-50825-ff7d4698a1b99dc4dd381f78e045f0a7.yaml
+++ b/nuclei-templates/2023/CVE-2023-50825-ff7d4698a1b99dc4dd381f78e045f0a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iframe Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iframe Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iframe-shortcode/"
     google-query: inurl:"/wp-content/plugins/iframe-shortcode/"
     shodan-query: 'vuln:CVE-2023-50825'
-  tags: cve,wordpress,wp-plugin,iframe-shortcode,medium
+  tags: cve,wordpress,wp-plugin,iframe-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50826-34dac14ec559cdbb5998de7d415317dc.yaml b/nuclei-templates/2023/CVE-2023-50826-34dac14ec559cdbb5998de7d415317dc.yaml
index 2a2c92e735..2734d80fd6 100644
--- a/nuclei-templates/2023/CVE-2023-50826-34dac14ec559cdbb5998de7d415317dc.yaml
+++ b/nuclei-templates/2023/CVE-2023-50826-34dac14ec559cdbb5998de7d415317dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Menu Image, Icons made easy <= 3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Menu Image, Icons made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/menu-image/"
     google-query: inurl:"/wp-content/plugins/menu-image/"
     shodan-query: 'vuln:CVE-2023-50826'
-  tags: cve,wordpress,wp-plugin,menu-image,medium
+  tags: cve,wordpress,wp-plugin,menu-image,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50827-35886a1535b89d1815cbc273329902f1.yaml b/nuclei-templates/2023/CVE-2023-50827-35886a1535b89d1815cbc273329902f1.yaml
index 1827858d28..39de2f10dd 100644
--- a/nuclei-templates/2023/CVE-2023-50827-35886a1535b89d1815cbc273329902f1.yaml
+++ b/nuclei-templates/2023/CVE-2023-50827-35886a1535b89d1815cbc273329902f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accredible Certificates & Open Badges <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accredible-certificates/"
     google-query: inurl:"/wp-content/plugins/accredible-certificates/"
     shodan-query: 'vuln:CVE-2023-50827'
-  tags: cve,wordpress,wp-plugin,accredible-certificates,medium
+  tags: cve,wordpress,wp-plugin,accredible-certificates,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50828-74982fb1ee6ee7e80b9e6c7f6db4f09f.yaml b/nuclei-templates/2023/CVE-2023-50828-74982fb1ee6ee7e80b9e6c7f6db4f09f.yaml
index 9982c8603d..bef412710a 100644
--- a/nuclei-templates/2023/CVE-2023-50828-74982fb1ee6ee7e80b9e6c7f6db4f09f.yaml
+++ b/nuclei-templates/2023/CVE-2023-50828-74982fb1ee6ee7e80b9e6c7f6db4f09f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Dashboard <= 3.7.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-dashboard/"
     google-query: inurl:"/wp-content/plugins/ultimate-dashboard/"
     shodan-query: 'vuln:CVE-2023-50828'
-  tags: cve,wordpress,wp-plugin,ultimate-dashboard,medium
+  tags: cve,wordpress,wp-plugin,ultimate-dashboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50829-c0866523c68fe7ee32f439546ea1ce87.yaml b/nuclei-templates/2023/CVE-2023-50829-c0866523c68fe7ee32f439546ea1ce87.yaml
index aa45fdc8ab..8d845d2bc8 100644
--- a/nuclei-templates/2023/CVE-2023-50829-c0866523c68fe7ee32f439546ea1ce87.yaml
+++ b/nuclei-templates/2023/CVE-2023-50829-c0866523c68fe7ee32f439546ea1ce87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Loan Repayment Calculator and Application Form <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Loan Repayment Calculator and Application Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-interest-slider/"
     google-query: inurl:"/wp-content/plugins/quick-interest-slider/"
     shodan-query: 'vuln:CVE-2023-50829'
-  tags: cve,wordpress,wp-plugin,quick-interest-slider,medium
+  tags: cve,wordpress,wp-plugin,quick-interest-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50830-54eacca3ec158df026692c600567e01e.yaml b/nuclei-templates/2023/CVE-2023-50830-54eacca3ec158df026692c600567e01e.yaml
index b21af8fbb2..30ffd6ab62 100644
--- a/nuclei-templates/2023/CVE-2023-50830-54eacca3ec158df026692c600567e01e.yaml
+++ b/nuclei-templates/2023/CVE-2023-50830-54eacca3ec158df026692c600567e01e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seos Contact Form <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Seos Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seos-contact-form/"
     google-query: inurl:"/wp-content/plugins/seos-contact-form/"
     shodan-query: 'vuln:CVE-2023-50830'
-  tags: cve,wordpress,wp-plugin,seos-contact-form,medium
+  tags: cve,wordpress,wp-plugin,seos-contact-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50831-f3d1f4048a78d100d7199aa687dd970a.yaml b/nuclei-templates/2023/CVE-2023-50831-f3d1f4048a78d100d7199aa687dd970a.yaml
index 74beaf083f..5bb716ab80 100644
--- a/nuclei-templates/2023/CVE-2023-50831-f3d1f4048a78d100d7199aa687dd970a.yaml
+++ b/nuclei-templates/2023/CVE-2023-50831-f3d1f4048a78d100d7199aa687dd970a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CURCY – Multi Currency for WooCommerce <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CURCY – Multi Currency for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied input. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-50831-1/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-50831-1/"
     shodan-query: 'vuln:CVE-2023-50831'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-50831-1,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-50831-1,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50832-26e086c596fe6398b20ed3be8129cc9d.yaml b/nuclei-templates/2023/CVE-2023-50832-26e086c596fe6398b20ed3be8129cc9d.yaml
index 73dc6618f8..0409ab6a2b 100644
--- a/nuclei-templates/2023/CVE-2023-50832-26e086c596fe6398b20ed3be8129cc9d.yaml
+++ b/nuclei-templates/2023/CVE-2023-50832-26e086c596fe6398b20ed3be8129cc9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multi Step Form <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Multi Step Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multi-step-form/"
     google-query: inurl:"/wp-content/plugins/multi-step-form/"
     shodan-query: 'vuln:CVE-2023-50832'
-  tags: cve,wordpress,wp-plugin,multi-step-form,medium
+  tags: cve,wordpress,wp-plugin,multi-step-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50833-aaee16898f3cb4f4d7a9fcaef31839c3.yaml b/nuclei-templates/2023/CVE-2023-50833-aaee16898f3cb4f4d7a9fcaef31839c3.yaml
index 8c063f4dae..7f0af9eba6 100644
--- a/nuclei-templates/2023/CVE-2023-50833-aaee16898f3cb4f4d7a9fcaef31839c3.yaml
+++ b/nuclei-templates/2023/CVE-2023-50833-aaee16898f3cb4f4d7a9fcaef31839c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Colibri Page Builder <= 1.0.240 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0.240 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/colibri-page-builder/"
     google-query: inurl:"/wp-content/plugins/colibri-page-builder/"
     shodan-query: 'vuln:CVE-2023-50833'
-  tags: cve,wordpress,wp-plugin,colibri-page-builder,medium
+  tags: cve,wordpress,wp-plugin,colibri-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50834-a56026625ece44a82e5e6eba005e9ec0.yaml b/nuclei-templates/2023/CVE-2023-50834-a56026625ece44a82e5e6eba005e9ec0.yaml
index 1784f24c05..3f74bdccfe 100644
--- a/nuclei-templates/2023/CVE-2023-50834-a56026625ece44a82e5e6eba005e9ec0.yaml
+++ b/nuclei-templates/2023/CVE-2023-50834-a56026625ece44a82e5e6eba005e9ec0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Menu Extension <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Menu Extension plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-menu-extension/"
     google-query: inurl:"/wp-content/plugins/woocommerce-menu-extension/"
     shodan-query: 'vuln:CVE-2023-50834'
-  tags: cve,wordpress,wp-plugin,woocommerce-menu-extension,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-menu-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50836-418ebe6c7dbfef34adbdede493bce943.yaml b/nuclei-templates/2023/CVE-2023-50836-418ebe6c7dbfef34adbdede493bce943.yaml
index a8cb87728a..2ce936c9ae 100644
--- a/nuclei-templates/2023/CVE-2023-50836-418ebe6c7dbfef34adbdede493bce943.yaml
+++ b/nuclei-templates/2023/CVE-2023-50836-418ebe6c7dbfef34adbdede493bce943.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML Forms <= 1.3.28 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HTML Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html-forms/"
     google-query: inurl:"/wp-content/plugins/html-forms/"
     shodan-query: 'vuln:CVE-2023-50836'
-  tags: cve,wordpress,wp-plugin,html-forms,medium
+  tags: cve,wordpress,wp-plugin,html-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50837-e2d3306782ffc6dc1c4428ce58ed053c.yaml b/nuclei-templates/2023/CVE-2023-50837-e2d3306782ffc6dc1c4428ce58ed053c.yaml
index 5c22e676ad..c1b9482113 100644
--- a/nuclei-templates/2023/CVE-2023-50837-e2d3306782ffc6dc1c4428ce58ed053c.yaml
+++ b/nuclei-templates/2023/CVE-2023-50837-e2d3306782ffc6dc1c4428ce58ed053c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login Lockdown – Protect Login Form <= 2.06 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to SQL Injection via the 'iDisplayStart' parameter in all versions up to 2.07 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-lockdown/"
     google-query: inurl:"/wp-content/plugins/login-lockdown/"
     shodan-query: 'vuln:CVE-2023-50837'
-  tags: cve,wordpress,wp-plugin,login-lockdown,medium
+  tags: cve,wordpress,wp-plugin,login-lockdown,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50838-65a7e9e5db9a5af53a8c05db52ac919a.yaml b/nuclei-templates/2023/CVE-2023-50838-65a7e9e5db9a5af53a8c05db52ac919a.yaml
index 1cbeae4acb..d25c3699c2 100644
--- a/nuclei-templates/2023/CVE-2023-50838-65a7e9e5db9a5af53a8c05db52ac919a.yaml
+++ b/nuclei-templates/2023/CVE-2023-50838-65a7e9e5db9a5af53a8c05db52ac919a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.5 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 8.5.6 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2023-50838'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50840-701997e59be83cd9ba4ad233278f4aaf.yaml b/nuclei-templates/2023/CVE-2023-50840-701997e59be83cd9ba4ad233278f4aaf.yaml
index 35eabe9069..62837ce14c 100644
--- a/nuclei-templates/2023/CVE-2023-50840-701997e59be83cd9ba4ad233278f4aaf.yaml
+++ b/nuclei-templates/2023/CVE-2023-50840-701997e59be83cd9ba4ad233278f4aaf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Manager <= 2.1.5 - Authenticated(Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Booking Manager plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode attributes in all versions up to 2.1.6 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-manager/"
     google-query: inurl:"/wp-content/plugins/booking-manager/"
     shodan-query: 'vuln:CVE-2023-50840'
-  tags: cve,wordpress,wp-plugin,booking-manager,high
+  tags: cve,wordpress,wp-plugin,booking-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50841-31c57dd6605d62ca0d6cd98ec04a3787.yaml b/nuclei-templates/2023/CVE-2023-50841-31c57dd6605d62ca0d6cd98ec04a3787.yaml
index bf2cb0e05a..763cd309cb 100644
--- a/nuclei-templates/2023/CVE-2023-50841-31c57dd6605d62ca0d6cd98ec04a3787.yaml
+++ b/nuclei-templates/2023/CVE-2023-50841-31c57dd6605d62ca0d6cd98ec04a3787.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BookingPress <= 1.0.72 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 1.0.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor level or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookingpress-appointment-booking/"
     google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/"
     shodan-query: 'vuln:CVE-2023-50841'
-  tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,high
+  tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50842-4e3d792205a2fddf6adf72e5213cb0d5.yaml b/nuclei-templates/2023/CVE-2023-50842-4e3d792205a2fddf6adf72e5213cb0d5.yaml
index f71430e457..e84eef61c5 100644
--- a/nuclei-templates/2023/CVE-2023-50842-4e3d792205a2fddf6adf72e5213cb0d5.yaml
+++ b/nuclei-templates/2023/CVE-2023-50842-4e3d792205a2fddf6adf72e5213cb0d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MF Gig Calendar <=1.2.1 - Authenticated(Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MF Gig Calendar plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mf-gig-calendar/"
     google-query: inurl:"/wp-content/plugins/mf-gig-calendar/"
     shodan-query: 'vuln:CVE-2023-50842'
-  tags: cve,wordpress,wp-plugin,mf-gig-calendar,high
+  tags: cve,wordpress,wp-plugin,mf-gig-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50843-030658ba5cc0f002fdffef84e42ae14b.yaml b/nuclei-templates/2023/CVE-2023-50843-030658ba5cc0f002fdffef84e42ae14b.yaml
index f0e872bac3..58feed8635 100644
--- a/nuclei-templates/2023/CVE-2023-50843-030658ba5cc0f002fdffef84e42ae14b.yaml
+++ b/nuclei-templates/2023/CVE-2023-50843-030658ba5cc0f002fdffef84e42ae14b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clockwork SMS Notfications <= 3.0.4 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Clockwork SMS Notfications plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 3.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mediaburst-email-to-sms/"
     google-query: inurl:"/wp-content/plugins/mediaburst-email-to-sms/"
     shodan-query: 'vuln:CVE-2023-50843'
-  tags: cve,wordpress,wp-plugin,mediaburst-email-to-sms,medium
+  tags: cve,wordpress,wp-plugin,mediaburst-email-to-sms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50844-2f15c2e1797d3dce53478e732579afa9.yaml b/nuclei-templates/2023/CVE-2023-50844-2f15c2e1797d3dce53478e732579afa9.yaml
index 615557c30e..ff1affb099 100644
--- a/nuclei-templates/2023/CVE-2023-50844-2f15c2e1797d3dce53478e732579afa9.yaml
+++ b/nuclei-templates/2023/CVE-2023-50844-2f15c2e1797d3dce53478e732579afa9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail logging – WP Mail Catcher <= 2.1.3 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mail logging – WP Mail Catcher plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.1.4 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-catcher/"
     google-query: inurl:"/wp-content/plugins/wp-mail-catcher/"
     shodan-query: 'vuln:CVE-2023-50844'
-  tags: cve,wordpress,wp-plugin,wp-mail-catcher,medium
+  tags: cve,wordpress,wp-plugin,wp-mail-catcher,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50845-7539302587926b426117aef883b56a59.yaml b/nuclei-templates/2023/CVE-2023-50845-7539302587926b426117aef883b56a59.yaml
index 8a838c457e..cde5c904e8 100644
--- a/nuclei-templates/2023/CVE-2023-50845-7539302587926b426117aef883b56a59.yaml
+++ b/nuclei-templates/2023/CVE-2023-50845-7539302587926b426117aef883b56a59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GeoDirectory <= 2.3.28 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.3.29 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geodirectory/"
     google-query: inurl:"/wp-content/plugins/geodirectory/"
     shodan-query: 'vuln:CVE-2023-50845'
-  tags: cve,wordpress,wp-plugin,geodirectory,medium
+  tags: cve,wordpress,wp-plugin,geodirectory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50846-d2f77ed0cac474a6437fa2cee0cecb6e.yaml b/nuclei-templates/2023/CVE-2023-50846-d2f77ed0cac474a6437fa2cee0cecb6e.yaml
index c659668811..7907969c1c 100644
--- a/nuclei-templates/2023/CVE-2023-50846-d2f77ed0cac474a6437fa2cee0cecb6e.yaml
+++ b/nuclei-templates/2023/CVE-2023-50846-d2f77ed0cac474a6437fa2cee0cecb6e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic Plugin <= 5.2.4.5 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to and including 5.2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2023-50846'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50847-2ddf644540fef01e3b57f8fb75bbef89.yaml b/nuclei-templates/2023/CVE-2023-50847-2ddf644540fef01e3b57f8fb75bbef89.yaml
index b11df48791..fc245a36fb 100644
--- a/nuclei-templates/2023/CVE-2023-50847-2ddf644540fef01e3b57f8fb75bbef89.yaml
+++ b/nuclei-templates/2023/CVE-2023-50847-2ddf644540fef01e3b57f8fb75bbef89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.9.3 - Authenticated(Editor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.9.4 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with editor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2023-50847'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50848-e8f10c1130d647962cf4e7ae1be8e563.yaml b/nuclei-templates/2023/CVE-2023-50848-e8f10c1130d647962cf4e7ae1be8e563.yaml
index a6ed07b067..8b83493338 100644
--- a/nuclei-templates/2023/CVE-2023-50848-e8f10c1130d647962cf4e7ae1be8e563.yaml
+++ b/nuclei-templates/2023/CVE-2023-50848-e8f10c1130d647962cf4e7ae1be8e563.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     404 Solution <= 2.34.0 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 404 Solution plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.35.0 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/404-solution/"
     google-query: inurl:"/wp-content/plugins/404-solution/"
     shodan-query: 'vuln:CVE-2023-50848'
-  tags: cve,wordpress,wp-plugin,404-solution,medium
+  tags: cve,wordpress,wp-plugin,404-solution,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50849-aa33e37a5a268fafeb4ae3c73aa43c7a.yaml b/nuclei-templates/2023/CVE-2023-50849-aa33e37a5a268fafeb4ae3c73aa43c7a.yaml
index 2dd6b365f1..9ffa74149f 100644
--- a/nuclei-templates/2023/CVE-2023-50849-aa33e37a5a268fafeb4ae3c73aa43c7a.yaml
+++ b/nuclei-templates/2023/CVE-2023-50849-aa33e37a5a268fafeb4ae3c73aa43c7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     E2Pdf <= 1.20.23 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The E2Pdf – Export To Pdf Tool for WordPress plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.20.24 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/e2pdf/"
     google-query: inurl:"/wp-content/plugins/e2pdf/"
     shodan-query: 'vuln:CVE-2023-50849'
-  tags: cve,wordpress,wp-plugin,e2pdf,medium
+  tags: cve,wordpress,wp-plugin,e2pdf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5085-95d0775d6527d5eae5d7126ad333b363.yaml b/nuclei-templates/2023/CVE-2023-5085-95d0775d6527d5eae5d7126ad333b363.yaml
index 85760c92b5..f7fcf40a8b 100644
--- a/nuclei-templates/2023/CVE-2023-5085-95d0775d6527d5eae5d7126ad333b363.yaml
+++ b/nuclei-templates/2023/CVE-2023-5085-95d0775d6527d5eae5d7126ad333b363.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Menu Widget <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-menu-widget/"
     google-query: inurl:"/wp-content/plugins/advanced-menu-widget/"
     shodan-query: 'vuln:CVE-2023-5085'
-  tags: cve,wordpress,wp-plugin,advanced-menu-widget,medium
+  tags: cve,wordpress,wp-plugin,advanced-menu-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50850-5d14f17d0a9567bc2e5e172cd96c2e2f.yaml b/nuclei-templates/2023/CVE-2023-50850-5d14f17d0a9567bc2e5e172cd96c2e2f.yaml
index c97e052b4a..4719380cca 100644
--- a/nuclei-templates/2023/CVE-2023-50850-5d14f17d0a9567bc2e5e172cd96c2e2f.yaml
+++ b/nuclei-templates/2023/CVE-2023-50850-5d14f17d0a9567bc2e5e172cd96c2e2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Subscriptions < 5.8.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Subscriptions plugin for WordPress is vulnerable to unauthorized access of data or modification of data due to a missing capability check on an unknown low-severity function in versions up to 5.8.0. This makes it possible for authenticated attackers, with contributor-level access and above, to make use of that function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-subscriptions/"
     google-query: inurl:"/wp-content/plugins/woocommerce-subscriptions/"
     shodan-query: 'vuln:CVE-2023-50850'
-  tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50851-fb1f94792250765f89467bf81e536614.yaml b/nuclei-templates/2023/CVE-2023-50851-fb1f94792250765f89467bf81e536614.yaml
index 8a575eba5d..56fb4ef3db 100644
--- a/nuclei-templates/2023/CVE-2023-50851-fb1f94792250765f89467bf81e536614.yaml
+++ b/nuclei-templates/2023/CVE-2023-50851-fb1f94792250765f89467bf81e536614.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simply Schedule Appointments <= 1.6.5.27 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.6.6.1 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simply-schedule-appointments/"
     google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/"
     shodan-query: 'vuln:CVE-2023-50851'
-  tags: cve,wordpress,wp-plugin,simply-schedule-appointments,medium
+  tags: cve,wordpress,wp-plugin,simply-schedule-appointments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50852-3617ec07999a872e306f9b352b63ebdd.yaml b/nuclei-templates/2023/CVE-2023-50852-3617ec07999a872e306f9b352b63ebdd.yaml
index 1c44a45e30..8ee09c93a9 100644
--- a/nuclei-templates/2023/CVE-2023-50852-3617ec07999a872e306f9b352b63ebdd.yaml
+++ b/nuclei-templates/2023/CVE-2023-50852-3617ec07999a872e306f9b352b63ebdd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BookIt <= 2.4.3 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booking Calendar | Appointment Booking | BookIt plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.4.4 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookit/"
     google-query: inurl:"/wp-content/plugins/bookit/"
     shodan-query: 'vuln:CVE-2023-50852'
-  tags: cve,wordpress,wp-plugin,bookit,medium
+  tags: cve,wordpress,wp-plugin,bookit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50853-796ca63acc83e02954fe943ab729646a.yaml b/nuclei-templates/2023/CVE-2023-50853-796ca63acc83e02954fe943ab729646a.yaml
index 51b13b109d..82d0a9a7dd 100644
--- a/nuclei-templates/2023/CVE-2023-50853-796ca63acc83e02954fe943ab729646a.yaml
+++ b/nuclei-templates/2023/CVE-2023-50853-796ca63acc83e02954fe943ab729646a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Form Integration <= 1.75.0 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.76.0 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-form-integration/"
     google-query: inurl:"/wp-content/plugins/advanced-form-integration/"
     shodan-query: 'vuln:CVE-2023-50853'
-  tags: cve,wordpress,wp-plugin,advanced-form-integration,medium
+  tags: cve,wordpress,wp-plugin,advanced-form-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50854-24ebe2280a642d19c25498acc13aa5f7.yaml b/nuclei-templates/2023/CVE-2023-50854-24ebe2280a642d19c25498acc13aa5f7.yaml
index 9febcbf6ab..e52e3e3a74 100644
--- a/nuclei-templates/2023/CVE-2023-50854-24ebe2280a642d19c25498acc13aa5f7.yaml
+++ b/nuclei-templates/2023/CVE-2023-50854-24ebe2280a642d19c25498acc13aa5f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Squirrly SEO - Advanced Pack <= 2.3.8 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Squirrly SEO - Advanced Pack plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 2.3.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/squirrly-seo-pack/"
     google-query: inurl:"/wp-content/plugins/squirrly-seo-pack/"
     shodan-query: 'vuln:CVE-2023-50854'
-  tags: cve,wordpress,wp-plugin,squirrly-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,squirrly-seo-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50855-c47827133b1c48070f46a59d37c27728.yaml b/nuclei-templates/2023/CVE-2023-50855-c47827133b1c48070f46a59d37c27728.yaml
index b5b40ada34..545b6e605f 100644
--- a/nuclei-templates/2023/CVE-2023-50855-c47827133b1c48070f46a59d37c27728.yaml
+++ b/nuclei-templates/2023/CVE-2023-50855-c47827133b1c48070f46a59d37c27728.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pre* Party Resource Hints < 1.8.19 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions before 1.8.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that the vulnerability appears to have been patched without a version update - users on version 1.8.19 should reinstall the plugin to ensure that they are running the patched version.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pre-party-browser-hints/"
     google-query: inurl:"/wp-content/plugins/pre-party-browser-hints/"
     shodan-query: 'vuln:CVE-2023-50855'
-  tags: cve,wordpress,wp-plugin,pre-party-browser-hints,medium
+  tags: cve,wordpress,wp-plugin,pre-party-browser-hints,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50856-156cbee34f493f34443d5f3b942f355c.yaml b/nuclei-templates/2023/CVE-2023-50856-156cbee34f493f34443d5f3b942f355c.yaml
index d6476606cd..c4766e4bff 100644
--- a/nuclei-templates/2023/CVE-2023-50856-156cbee34f493f34443d5f3b942f355c.yaml
+++ b/nuclei-templates/2023/CVE-2023-50856-156cbee34f493f34443d5f3b942f355c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnel Builder for WordPress by FunnelKit <= 2.14.3 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits plugin for WordPress is vulnerable to SQL Injection in all versions up to 2.14.4 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funnel-builder/"
     google-query: inurl:"/wp-content/plugins/funnel-builder/"
     shodan-query: 'vuln:CVE-2023-50856'
-  tags: cve,wordpress,wp-plugin,funnel-builder,medium
+  tags: cve,wordpress,wp-plugin,funnel-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50857-2d0f997ee92e7b6c06625a4a937305f5.yaml b/nuclei-templates/2023/CVE-2023-50857-2d0f997ee92e7b6c06625a4a937305f5.yaml
index 583e77c8f0..6cffcad7ba 100644
--- a/nuclei-templates/2023/CVE-2023-50857-2d0f997ee92e7b6c06625a4a937305f5.yaml
+++ b/nuclei-templates/2023/CVE-2023-50857-2d0f997ee92e7b6c06625a4a937305f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Automation By Autonami <= 2.6.1 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.7.0 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-marketing-automations/"
     google-query: inurl:"/wp-content/plugins/wp-marketing-automations/"
     shodan-query: 'vuln:CVE-2023-50857'
-  tags: cve,wordpress,wp-plugin,wp-marketing-automations,medium
+  tags: cve,wordpress,wp-plugin,wp-marketing-automations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50859-1ed0f12e4f8286a9294dfd9901458db7.yaml b/nuclei-templates/2023/CVE-2023-50859-1ed0f12e4f8286a9294dfd9901458db7.yaml
index 743ae3c092..23e40f47dc 100644
--- a/nuclei-templates/2023/CVE-2023-50859-1ed0f12e4f8286a9294dfd9901458db7.yaml
+++ b/nuclei-templates/2023/CVE-2023-50859-1ed0f12e4f8286a9294dfd9901458db7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Crowdfunding <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-crowdfunding/"
     google-query: inurl:"/wp-content/plugins/wp-crowdfunding/"
     shodan-query: 'vuln:CVE-2023-50859'
-  tags: cve,wordpress,wp-plugin,wp-crowdfunding,medium
+  tags: cve,wordpress,wp-plugin,wp-crowdfunding,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5086-54ab7472cf90fa30b87c2b5f7b48020b.yaml b/nuclei-templates/2023/CVE-2023-5086-54ab7472cf90fa30b87c2b5f7b48020b.yaml
index 56e991e97e..d88350a22d 100644
--- a/nuclei-templates/2023/CVE-2023-5086-54ab7472cf90fa30b87c2b5f7b48020b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5086-54ab7472cf90fa30b87c2b5f7b48020b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Copy Anything to Clipboard <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/copy-the-code/"
     google-query: inurl:"/wp-content/plugins/copy-the-code/"
     shodan-query: 'vuln:CVE-2023-5086'
-  tags: cve,wordpress,wp-plugin,copy-the-code,medium
+  tags: cve,wordpress,wp-plugin,copy-the-code,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50860-1dec4b557f1e0bf62d3ecb5bf357937d.yaml b/nuclei-templates/2023/CVE-2023-50860-1dec4b557f1e0bf62d3ecb5bf357937d.yaml
index 0db38b3870..33859d5ad5 100644
--- a/nuclei-templates/2023/CVE-2023-50860-1dec4b557f1e0bf62d3ecb5bf357937d.yaml
+++ b/nuclei-templates/2023/CVE-2023-50860-1dec4b557f1e0bf62d3ecb5bf357937d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking for Appointments and Events Calendar – Amelia <= 1.0.85 - Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ameliabooking/"
     google-query: inurl:"/wp-content/plugins/ameliabooking/"
     shodan-query: 'vuln:CVE-2023-50860'
-  tags: cve,wordpress,wp-plugin,ameliabooking,medium
+  tags: cve,wordpress,wp-plugin,ameliabooking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5087-f28d0839e906933601f8e3530cfcec02.yaml b/nuclei-templates/2023/CVE-2023-5087-f28d0839e906933601f8e3530cfcec02.yaml
index 791f22871a..58bf1bdeb8 100644
--- a/nuclei-templates/2023/CVE-2023-5087-f28d0839e906933601f8e3530cfcec02.yaml
+++ b/nuclei-templates/2023/CVE-2023-5087-f28d0839e906933601f8e3530cfcec02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: Pagelayer <= 1.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via Header/Footer
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via header/footer post content in all versions up to, and including, 1.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagelayer/"
     google-query: inurl:"/wp-content/plugins/pagelayer/"
     shodan-query: 'vuln:CVE-2023-5087'
-  tags: cve,wordpress,wp-plugin,pagelayer,medium
+  tags: cve,wordpress,wp-plugin,pagelayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50874-ed883dae9c66c1836affaf918e96286d.yaml b/nuclei-templates/2023/CVE-2023-50874-ed883dae9c66c1836affaf918e96286d.yaml
index 3089ff9c54..06a1d03235 100644
--- a/nuclei-templates/2023/CVE-2023-50874-ed883dae9c66c1836affaf918e96286d.yaml
+++ b/nuclei-templates/2023/CVE-2023-50874-ed883dae9c66c1836affaf918e96286d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Infinite Scroll – Ajax Load More <= 6.1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to 6.1.0.1 (inclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-load-more/"
     google-query: inurl:"/wp-content/plugins/ajax-load-more/"
     shodan-query: 'vuln:CVE-2023-50874'
-  tags: cve,wordpress,wp-plugin,ajax-load-more,medium
+  tags: cve,wordpress,wp-plugin,ajax-load-more,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50875-6892cd1d0b697581c7511a564b22d2f3.yaml b/nuclei-templates/2023/CVE-2023-50875-6892cd1d0b697581c7511a564b22d2f3.yaml
index 14ae72df65..5d9200f7ac 100644
--- a/nuclei-templates/2023/CVE-2023-50875-6892cd1d0b697581c7511a564b22d2f3.yaml
+++ b/nuclei-templates/2023/CVE-2023-50875-6892cd1d0b697581c7511a564b22d2f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sensei LMS <= 4.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sensei LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.17.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sensei-lms/"
     google-query: inurl:"/wp-content/plugins/sensei-lms/"
     shodan-query: 'vuln:CVE-2023-50875'
-  tags: cve,wordpress,wp-plugin,sensei-lms,medium
+  tags: cve,wordpress,wp-plugin,sensei-lms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50876-8085a553b4ae6877292f03c349db3efa.yaml b/nuclei-templates/2023/CVE-2023-50876-8085a553b4ae6877292f03c349db3efa.yaml
index c1fc1f7c63..d090310f79 100644
--- a/nuclei-templates/2023/CVE-2023-50876-8085a553b4ae6877292f03c349db3efa.yaml
+++ b/nuclei-templates/2023/CVE-2023-50876-8085a553b4ae6877292f03c349db3efa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Molongui <= 4.7.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Molongui plugin for WordPress is vulnerable to unauthorized modification and access of data due to missing capability checks on the authorship_export_options() and authorship_save_options() functions hooked via AJAX in versions up to, and including, 4.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to  export and modify plugin options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/molongui-authorship/"
     google-query: inurl:"/wp-content/plugins/molongui-authorship/"
     shodan-query: 'vuln:CVE-2023-50876'
-  tags: cve,wordpress,wp-plugin,molongui-authorship,medium
+  tags: cve,wordpress,wp-plugin,molongui-authorship,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50877-44c408e8dae2b7e08323b9972af77572.yaml b/nuclei-templates/2023/CVE-2023-50877-44c408e8dae2b7e08323b9972af77572.yaml
index 3cf986e524..727e475f70 100644
--- a/nuclei-templates/2023/CVE-2023-50877-44c408e8dae2b7e08323b9972af77572.yaml
+++ b/nuclei-templates/2023/CVE-2023-50877-44c408e8dae2b7e08323b9972af77572.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Filter by WBW <= 2.5.0 - Missing Authorization via getListForTbl
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getListForTbl() function hooked via AJAX in versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve table data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-filter/"
     google-query: inurl:"/wp-content/plugins/woo-product-filter/"
     shodan-query: 'vuln:CVE-2023-50877'
-  tags: cve,wordpress,wp-plugin,woo-product-filter,medium
+  tags: cve,wordpress,wp-plugin,woo-product-filter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50879-405731b58f15425302771df60a27b5be.yaml b/nuclei-templates/2023/CVE-2023-50879-405731b58f15425302771df60a27b5be.yaml
index 39345c2b75..658ebd9f2c 100644
--- a/nuclei-templates/2023/CVE-2023-50879-405731b58f15425302771df60a27b5be.yaml
+++ b/nuclei-templates/2023/CVE-2023-50879-405731b58f15425302771df60a27b5be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress.com Editing Toolkit <= 3.78784 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress.com Editing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.78784 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/full-site-editing/"
     google-query: inurl:"/wp-content/plugins/full-site-editing/"
     shodan-query: 'vuln:CVE-2023-50879'
-  tags: cve,wordpress,wp-plugin,full-site-editing,medium
+  tags: cve,wordpress,wp-plugin,full-site-editing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50880-376f3b7be651ac6251ca8825ec683915.yaml b/nuclei-templates/2023/CVE-2023-50880-376f3b7be651ac6251ca8825ec683915.yaml
index 120e174875..a4470ad0c6 100644
--- a/nuclei-templates/2023/CVE-2023-50880-376f3b7be651ac6251ca8825ec683915.yaml
+++ b/nuclei-templates/2023/CVE-2023-50880-376f3b7be651ac6251ca8825ec683915.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress <= 11.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Members/Groups block properties in all versions up to, and including, 11.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress/"
     google-query: inurl:"/wp-content/plugins/buddypress/"
     shodan-query: 'vuln:CVE-2023-50880'
-  tags: cve,wordpress,wp-plugin,buddypress,medium
+  tags: cve,wordpress,wp-plugin,buddypress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50881-304412fedec296474e9a664baa039b40.yaml b/nuclei-templates/2023/CVE-2023-50881-304412fedec296474e9a664baa039b40.yaml
index 099671ff79..76423b6d1e 100644
--- a/nuclei-templates/2023/CVE-2023-50881-304412fedec296474e9a664baa039b40.yaml
+++ b/nuclei-templates/2023/CVE-2023-50881-304412fedec296474e9a664baa039b40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Access Manager <= 6.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Access Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 6.9.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-access-manager/"
     google-query: inurl:"/wp-content/plugins/advanced-access-manager/"
     shodan-query: 'vuln:CVE-2023-50881'
-  tags: cve,wordpress,wp-plugin,advanced-access-manager,medium
+  tags: cve,wordpress,wp-plugin,advanced-access-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50884-393e2e191f65056b760ec314dc828cfa.yaml b/nuclei-templates/2023/CVE-2023-50884-393e2e191f65056b760ec314dc828cfa.yaml
index a72edc9a49..b8b12622af 100644
--- a/nuclei-templates/2023/CVE-2023-50884-393e2e191f65056b760ec314dc828cfa.yaml
+++ b/nuclei-templates/2023/CVE-2023-50884-393e2e191f65056b760ec314dc828cfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LA-Studio Element Kit for Elementor <= 1.1.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a REST-API endpoint in versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lastudio-element-kit/"
     google-query: inurl:"/wp-content/plugins/lastudio-element-kit/"
     shodan-query: 'vuln:CVE-2023-50884'
-  tags: cve,wordpress,wp-plugin,lastudio-element-kit,medium
+  tags: cve,wordpress,wp-plugin,lastudio-element-kit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50885-589dfcdba354fa240bd819df50a6a8aa.yaml b/nuclei-templates/2023/CVE-2023-50885-589dfcdba354fa240bd819df50a6a8aa.yaml
index c522d0ae02..2ff75d5571 100644
--- a/nuclei-templates/2023/CVE-2023-50885-589dfcdba354fa240bd819df50a6a8aa.yaml
+++ b/nuclei-templates/2023/CVE-2023-50885-589dfcdba354fa240bd819df50a6a8aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Store Locator WordPress <= 1.4.14 - Authenticated(Administrator+) Directory Traversal to Arbitrary File Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Store Locator WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.4.14. This makes it possible for authenticated attackers, with administrator access and above, to delete arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/agile-store-locator/"
     google-query: inurl:"/wp-content/plugins/agile-store-locator/"
     shodan-query: 'vuln:CVE-2023-50885'
-  tags: cve,wordpress,wp-plugin,agile-store-locator,medium
+  tags: cve,wordpress,wp-plugin,agile-store-locator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50886-873e76363814bb4471e426a80a606dee.yaml b/nuclei-templates/2023/CVE-2023-50886-873e76363814bb4471e426a80a606dee.yaml
index 11b99b82e8..a90dab678e 100644
--- a/nuclei-templates/2023/CVE-2023-50886-873e76363814bb4471e426a80a606dee.yaml
+++ b/nuclei-templates/2023/CVE-2023-50886-873e76363814bb4471e426a80a606dee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Legal Pages <= 1.3.7 - Missing Authorization on 'deleteLegalTemplate'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteLegalTemplate() function in versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete legal templates.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/legal-pages/"
     google-query: inurl:"/wp-content/plugins/legal-pages/"
     shodan-query: 'vuln:CVE-2023-50886'
-  tags: cve,wordpress,wp-plugin,legal-pages,medium
+  tags: cve,wordpress,wp-plugin,legal-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50887-bdeaf570096cf99a20e12f37d41beaeb.yaml b/nuclei-templates/2023/CVE-2023-50887-bdeaf570096cf99a20e12f37d41beaeb.yaml
index ce366dcfef..520ce30ae8 100644
--- a/nuclei-templates/2023/CVE-2023-50887-bdeaf570096cf99a20e12f37d41beaeb.yaml
+++ b/nuclei-templates/2023/CVE-2023-50887-bdeaf570096cf99a20e12f37d41beaeb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Feedback <= 1.0.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Feedback plugin for WordPress is vulnerable to unauthorized access of data due to insufficient  authorization checking on the save_survey_response function in versions up to, and including, 1.0.10. This makes it possible for unauthenticated attackers to provide feedback on unpublished surveys.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userfeedback-lite/"
     google-query: inurl:"/wp-content/plugins/userfeedback-lite/"
     shodan-query: 'vuln:CVE-2023-50887'
-  tags: cve,wordpress,wp-plugin,userfeedback-lite,medium
+  tags: cve,wordpress,wp-plugin,userfeedback-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50889-4a6425bd134427fc325c845997202a57.yaml b/nuclei-templates/2023/CVE-2023-50889-4a6425bd134427fc325c845997202a57.yaml
index 3a6166f553..e3534cf4ac 100644
--- a/nuclei-templates/2023/CVE-2023-50889-4a6425bd134427fc325c845997202a57.yaml
+++ b/nuclei-templates/2023/CVE-2023-50889-4a6425bd134427fc325c845997202a57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2023-50889'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50891-f34776806e968812940c4c4d5f82b503.yaml b/nuclei-templates/2023/CVE-2023-50891-f34776806e968812940c4c4d5f82b503.yaml
index 5bc05b5869..d85350a4d2 100644
--- a/nuclei-templates/2023/CVE-2023-50891-f34776806e968812940c4c4d5f82b503.yaml
+++ b/nuclei-templates/2023/CVE-2023-50891-f34776806e968812940c4c4d5f82b503.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zoho Forms <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Zoho Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zoho-forms/"
     google-query: inurl:"/wp-content/plugins/zoho-forms/"
     shodan-query: 'vuln:CVE-2023-50891'
-  tags: cve,wordpress,wp-plugin,zoho-forms,medium
+  tags: cve,wordpress,wp-plugin,zoho-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50896-22ec989ac05e231b0a72ec153f660e8e.yaml b/nuclei-templates/2023/CVE-2023-50896-22ec989ac05e231b0a72ec153f660e8e.yaml
index e7f66c2066..e32164e932 100644
--- a/nuclei-templates/2023/CVE-2023-50896-22ec989ac05e231b0a72ec153f660e8e.yaml
+++ b/nuclei-templates/2023/CVE-2023-50896-22ec989ac05e231b0a72ec153f660e8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     weForms – Easy Drag & Drop Contact Form Builder For WordPress <= 1.6.17 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The weForms – Easy Drag & Drop Contact Form Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.6.18 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weforms/"
     google-query: inurl:"/wp-content/plugins/weforms/"
     shodan-query: 'vuln:CVE-2023-50896'
-  tags: cve,wordpress,wp-plugin,weforms,medium
+  tags: cve,wordpress,wp-plugin,weforms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50897-6e4ac4275a14e860f6690b3cd168f08e.yaml b/nuclei-templates/2023/CVE-2023-50897-6e4ac4275a14e860f6690b3cd168f08e.yaml
index 9f6f654348..50e9aa41fd 100644
--- a/nuclei-templates/2023/CVE-2023-50897-6e4ac4275a14e860f6690b3cd168f08e.yaml
+++ b/nuclei-templates/2023/CVE-2023-50897-6e4ac4275a14e860f6690b3cd168f08e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media File Renamer <= 5.7.7 - Authenticated(Administrator+) Remote Code Execution
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media File Renamer: Rename Files (Manual, Auto & AI) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.7.7. This makes it possible for authenticated attackers, with administrator access and above, to execute code on the server by renaming files containing PHP code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-file-renamer/"
     google-query: inurl:"/wp-content/plugins/media-file-renamer/"
     shodan-query: 'vuln:CVE-2023-50897'
-  tags: cve,wordpress,wp-plugin,media-file-renamer,medium
+  tags: cve,wordpress,wp-plugin,media-file-renamer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50898-da89f8a86000f654eccfee96ffe3f6a3.yaml b/nuclei-templates/2023/CVE-2023-50898-da89f8a86000f654eccfee96ffe3f6a3.yaml
index 28048a5557..71a0432750 100644
--- a/nuclei-templates/2023/CVE-2023-50898-da89f8a86000f654eccfee96ffe3f6a3.yaml
+++ b/nuclei-templates/2023/CVE-2023-50898-da89f8a86000f654eccfee96ffe3f6a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sirv <= 7.1.2 - Missing Authorization via sirv_disconnect
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirv_disconnect function hooked via AJAX in versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to disconnect the sites serv account.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sirv/"
     google-query: inurl:"/wp-content/plugins/sirv/"
     shodan-query: 'vuln:CVE-2023-50898'
-  tags: cve,wordpress,wp-plugin,sirv,medium
+  tags: cve,wordpress,wp-plugin,sirv,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50899-b8512840012a562de1323a1815a4b21e.yaml b/nuclei-templates/2023/CVE-2023-50899-b8512840012a562de1323a1815a4b21e.yaml
index 177f7fe3dc..4c08cb3ae9 100644
--- a/nuclei-templates/2023/CVE-2023-50899-b8512840012a562de1323a1815a4b21e.yaml
+++ b/nuclei-templates/2023/CVE-2023-50899-b8512840012a562de1323a1815a4b21e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Catalog Enquiry <= 5.0.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Catalog Mode For Woocommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to an improper capability check on the catalog_rest_routes_react_module REST endpoints in all versions up to 5.0.3 (exclusive). This makes it possible for unauthenticated attackers to view data from admin tabs and save enquiries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-catalog-enquiry/"
     google-query: inurl:"/wp-content/plugins/woocommerce-catalog-enquiry/"
     shodan-query: 'vuln:CVE-2023-50899'
-  tags: cve,wordpress,wp-plugin,woocommerce-catalog-enquiry,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-catalog-enquiry,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50903-dc74f0149670643ede0c882a9a3fc584.yaml b/nuclei-templates/2023/CVE-2023-50903-dc74f0149670643ede0c882a9a3fc584.yaml
index 2e2eed87f6..9abfe914c6 100644
--- a/nuclei-templates/2023/CVE-2023-50903-dc74f0149670643ede0c882a9a3fc584.yaml
+++ b/nuclei-templates/2023/CVE-2023-50903-dc74f0149670643ede0c882a9a3fc584.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.4.0 - Missing Authorization via submit
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit' function in versions up to, and including, 3.4.0. This makes it possible for unauthenticated attackers to enter form submissions for forms that are in trash or draft status.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2023-50903'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50904-79decf1a0edb8491c84a287af6c9aee1.yaml b/nuclei-templates/2023/CVE-2023-50904-79decf1a0edb8491c84a287af6c9aee1.yaml
index 8115277013..de22d7dbbc 100644
--- a/nuclei-templates/2023/CVE-2023-50904-79decf1a0edb8491c84a287af6c9aee1.yaml
+++ b/nuclei-templates/2023/CVE-2023-50904-79decf1a0edb8491c84a287af6c9aee1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poll Maker <= 4.8.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Poll Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.8.0. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/poll-maker/"
     google-query: inurl:"/wp-content/plugins/poll-maker/"
     shodan-query: 'vuln:CVE-2023-50904'
-  tags: cve,wordpress,wp-plugin,poll-maker,medium
+  tags: cve,wordpress,wp-plugin,poll-maker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-50905-896c32b149ebcd3122663a40d0461f18.yaml b/nuclei-templates/2023/CVE-2023-50905-896c32b149ebcd3122663a40d0461f18.yaml
index 35127ad491..3539f242d1 100644
--- a/nuclei-templates/2023/CVE-2023-50905-896c32b149ebcd3122663a40d0461f18.yaml
+++ b/nuclei-templates/2023/CVE-2023-50905-896c32b149ebcd3122663a40d0461f18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Activity Log <= 4.6.1 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-security-audit-log/"
     google-query: inurl:"/wp-content/plugins/wp-security-audit-log/"
     shodan-query: 'vuln:CVE-2023-50905'
-  tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium
+  tags: cve,wordpress,wp-plugin,wp-security-audit-log,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5096-ec9f1feec044e5447ec3ac663c7a05af.yaml b/nuclei-templates/2023/CVE-2023-5096-ec9f1feec044e5447ec3ac663c7a05af.yaml
index bb9155f29a..59b50be711 100644
--- a/nuclei-templates/2023/CVE-2023-5096-ec9f1feec044e5447ec3ac663c7a05af.yaml
+++ b/nuclei-templates/2023/CVE-2023-5096-ec9f1feec044e5447ec3ac663c7a05af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hk-filter-and-search/"
     google-query: inurl:"/wp-content/plugins/hk-filter-and-search/"
     shodan-query: 'vuln:CVE-2023-5096'
-  tags: cve,wordpress,wp-plugin,hk-filter-and-search,medium
+  tags: cve,wordpress,wp-plugin,hk-filter-and-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5098-c8dbdfc73ab33e8afe0f3263d7ef0673.yaml b/nuclei-templates/2023/CVE-2023-5098-c8dbdfc73ab33e8afe0f3263d7ef0673.yaml
index 575fc78a54..f5151d29dc 100644
--- a/nuclei-templates/2023/CVE-2023-5098-c8dbdfc73ab33e8afe0f3263d7ef0673.yaml
+++ b/nuclei-templates/2023/CVE-2023-5098-c8dbdfc73ab33e8afe0f3263d7ef0673.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Campaign Monitor Forms <= 2.5.5 - Missing Authorization to Authenticated(Subscriber+) Options Update via ajax_dismiss_notice
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Campaign Monitor Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss_notice function in versions up to, and including, 2.5.5. This makes it possible for authenticated attackers to update arbitrary options to a value of 'true'.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/campaign-monitor-wp/"
     google-query: inurl:"/wp-content/plugins/campaign-monitor-wp/"
     shodan-query: 'vuln:CVE-2023-5098'
-  tags: cve,wordpress,wp-plugin,campaign-monitor-wp,high
+  tags: cve,wordpress,wp-plugin,campaign-monitor-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5099-dd02ae8823de431da5d5d52246acd7ff.yaml b/nuclei-templates/2023/CVE-2023-5099-dd02ae8823de431da5d5d52246acd7ff.yaml
index 03afab9d59..57e5522c3d 100644
--- a/nuclei-templates/2023/CVE-2023-5099-dd02ae8823de431da5d5d52246acd7ff.yaml
+++ b/nuclei-templates/2023/CVE-2023-5099-dd02ae8823de431da5d5d52246acd7ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hk-filter-and-search/"
     google-query: inurl:"/wp-content/plugins/hk-filter-and-search/"
     shodan-query: 'vuln:CVE-2023-5099'
-  tags: cve,wordpress,wp-plugin,hk-filter-and-search,high
+  tags: cve,wordpress,wp-plugin,hk-filter-and-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5105-f4c2701ff75483ce690141623ec5eff4.yaml b/nuclei-templates/2023/CVE-2023-5105-f4c2701ff75483ce690141623ec5eff4.yaml
index 153551aaee..cc000efd07 100644
--- a/nuclei-templates/2023/CVE-2023-5105-f4c2701ff75483ce690141623ec5eff4.yaml
+++ b/nuclei-templates/2023/CVE-2023-5105-f4c2701ff75483ce690141623ec5eff4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Frontend File Manager Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 22.5. This makes it possible for authenticated attackers, with editor access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nmedia-user-file-uploader/"
     google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/"
     shodan-query: 'vuln:CVE-2023-5105'
-  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,critical
+  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5108-2b77677bf3f1770d1f2637876cb7abee.yaml b/nuclei-templates/2023/CVE-2023-5108-2b77677bf3f1770d1f2637876cb7abee.yaml
index 8be7e5b6e1..540cb68976 100644
--- a/nuclei-templates/2023/CVE-2023-5108-2b77677bf3f1770d1f2637876cb7abee.yaml
+++ b/nuclei-templates/2023/CVE-2023-5108-2b77677bf3f1770d1f2637876cb7abee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Newsletter Signups <= 1.0.4 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Easy Newsletter Signups plugin for WordPress is vulnerable to SQL Injection via the 'nsl_id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-newsletter-signups/"
     google-query: inurl:"/wp-content/plugins/easy-newsletter-signups/"
     shodan-query: 'vuln:CVE-2023-5108'
-  tags: cve,wordpress,wp-plugin,easy-newsletter-signups,high
+  tags: cve,wordpress,wp-plugin,easy-newsletter-signups,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5109-d9f0423766ca387f95476b5cd1e1b1e4.yaml b/nuclei-templates/2023/CVE-2023-5109-d9f0423766ca387f95476b5cd1e1b1e4.yaml
index 5cf2faf326..3a1ff9137a 100644
--- a/nuclei-templates/2023/CVE-2023-5109-d9f0423766ca387f95476b5cd1e1b1e4.yaml
+++ b/nuclei-templates/2023/CVE-2023-5109-d9f0423766ca387f95476b5cd1e1b1e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mailto Links – Protect Email Addresses <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 3.1.3 and fully patched in version 3.1.4.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mailto-links/"
     google-query: inurl:"/wp-content/plugins/wp-mailto-links/"
     shodan-query: 'vuln:CVE-2023-5109'
-  tags: cve,wordpress,wp-plugin,wp-mailto-links,medium
+  tags: cve,wordpress,wp-plugin,wp-mailto-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5110-127715120e5f598c6f6d3ae7380f9898.yaml b/nuclei-templates/2023/CVE-2023-5110-127715120e5f598c6f6d3ae7380f9898.yaml
index 884df516a7..befda4d260 100644
--- a/nuclei-templates/2023/CVE-2023-5110-127715120e5f598c6f6d3ae7380f9898.yaml
+++ b/nuclei-templates/2023/CVE-2023-5110-127715120e5f598c6f6d3ae7380f9898.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BSK PDF Manager <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bsk-pdf-manager/"
     google-query: inurl:"/wp-content/plugins/bsk-pdf-manager/"
     shodan-query: 'vuln:CVE-2023-5110'
-  tags: cve,wordpress,wp-plugin,bsk-pdf-manager,medium
+  tags: cve,wordpress,wp-plugin,bsk-pdf-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5114-6f26e9f01d61af85a0a5abec46c6e923.yaml b/nuclei-templates/2023/CVE-2023-5114-6f26e9f01d61af85a0a5abec46c6e923.yaml
index 5584424761..d58624bfae 100644
--- a/nuclei-templates/2023/CVE-2023-5114-6f26e9f01d61af85a0a5abec46c6e923.yaml
+++ b/nuclei-templates/2023/CVE-2023-5114-6f26e9f01d61af85a0a5abec46c6e923.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     idbbee <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/idbbee/"
     google-query: inurl:"/wp-content/plugins/idbbee/"
     shodan-query: 'vuln:CVE-2023-5114'
-  tags: cve,wordpress,wp-plugin,idbbee,medium
+  tags: cve,wordpress,wp-plugin,idbbee,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5116-1a055ae19ed953176d3ae4b152c78d6b.yaml b/nuclei-templates/2023/CVE-2023-5116-1a055ae19ed953176d3ae4b152c78d6b.yaml
index 12659c8850..98f02011f8 100644
--- a/nuclei-templates/2023/CVE-2023-5116-1a055ae19ed953176d3ae4b152c78d6b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5116-1a055ae19ed953176d3ae4b152c78d6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Live updates from Excel <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ipushpull/"
     google-query: inurl:"/wp-content/plugins/ipushpull/"
     shodan-query: 'vuln:CVE-2023-5116'
-  tags: cve,wordpress,wp-plugin,ipushpull,medium
+  tags: cve,wordpress,wp-plugin,ipushpull,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5119-292cb08d9cd5bb1cf7550652732f7a0a.yaml b/nuclei-templates/2023/CVE-2023-5119-292cb08d9cd5bb1cf7550652732f7a0a.yaml
index 3e0a89734a..317ec00815 100644
--- a/nuclei-templates/2023/CVE-2023-5119-292cb08d9cd5bb1cf7550652732f7a0a.yaml
+++ b/nuclei-templates/2023/CVE-2023-5119-292cb08d9cd5bb1cf7550652732f7a0a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.27.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'redirect-url' field located in the form submission settings in all versions up to, and including, 1.26.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forminator/"
     google-query: inurl:"/wp-content/plugins/forminator/"
     shodan-query: 'vuln:CVE-2023-5119'
-  tags: cve,wordpress,wp-plugin,forminator,medium
+  tags: cve,wordpress,wp-plugin,forminator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5120-549345c10b291ab93f71309abaa38002.yaml b/nuclei-templates/2023/CVE-2023-5120-549345c10b291ab93f71309abaa38002.yaml
index 1a0edb7a66..d7901979fd 100644
--- a/nuclei-templates/2023/CVE-2023-5120-549345c10b291ab93f71309abaa38002.yaml
+++ b/nuclei-templates/2023/CVE-2023-5120-549345c10b291ab93f71309abaa38002.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:CVE-2023-5120'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,medium
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5121-66174d632ca5e11403564d89ab52d0f1.yaml b/nuclei-templates/2023/CVE-2023-5121-66174d632ca5e11403564d89ab52d0f1.yaml
index f2ef06fa18..392d718c42 100644
--- a/nuclei-templates/2023/CVE-2023-5121-66174d632ca5e11403564d89ab52d0f1.yaml
+++ b/nuclei-templates/2023/CVE-2023-5121-66174d632ca5e11403564d89ab52d0f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings (the backup path parameter) in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:CVE-2023-5121'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,medium
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5124-6c1bbce4c7a429a52d508c4dfbc689a9.yaml b/nuclei-templates/2023/CVE-2023-5124-6c1bbce4c7a429a52d508c4dfbc689a9.yaml
index cfcf8b2baf..f9d73584b1 100644
--- a/nuclei-templates/2023/CVE-2023-5124-6c1bbce4c7a429a52d508c4dfbc689a9.yaml
+++ b/nuclei-templates/2023/CVE-2023-5124-6c1bbce4c7a429a52d508c4dfbc689a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pagelayer <= 1.7.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via Header/Footer code
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via header/footer code in all versions up to and including 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagelayer/"
     google-query: inurl:"/wp-content/plugins/pagelayer/"
     shodan-query: 'vuln:CVE-2023-5124'
-  tags: cve,wordpress,wp-plugin,pagelayer,medium
+  tags: cve,wordpress,wp-plugin,pagelayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5125-2abba35343647b8a829e092f6dec80ee.yaml b/nuclei-templates/2023/CVE-2023-5125-2abba35343647b8a829e092f6dec80ee.yaml
index b93d63b35d..da4bd1db99 100644
--- a/nuclei-templates/2023/CVE-2023-5125-2abba35343647b8a829e092f6dec80ee.yaml
+++ b/nuclei-templates/2023/CVE-2023-5125-2abba35343647b8a829e092f6dec80ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by FormGet <= 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formget-contact-form/"
     google-query: inurl:"/wp-content/plugins/formget-contact-form/"
     shodan-query: 'vuln:CVE-2023-5125'
-  tags: cve,wordpress,wp-plugin,formget-contact-form,medium
+  tags: cve,wordpress,wp-plugin,formget-contact-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5126-da29ae9abf29175dd27fb6efb7642506.yaml b/nuclei-templates/2023/CVE-2023-5126-da29ae9abf29175dd27fb6efb7642506.yaml
index 7e09a4a002..8a499ad227 100644
--- a/nuclei-templates/2023/CVE-2023-5126-da29ae9abf29175dd27fb6efb7642506.yaml
+++ b/nuclei-templates/2023/CVE-2023-5126-da29ae9abf29175dd27fb6efb7642506.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Delete Me <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The shortcode is not displayed to administrators, so it cannot be used against administrator users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/delete-me/"
     google-query: inurl:"/wp-content/plugins/delete-me/"
     shodan-query: 'vuln:CVE-2023-5126'
-  tags: cve,wordpress,wp-plugin,delete-me,medium
+  tags: cve,wordpress,wp-plugin,delete-me,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5127-cedcad8fb42c104219ce15d5179e2ec0.yaml b/nuclei-templates/2023/CVE-2023-5127-cedcad8fb42c104219ce15d5179e2ec0.yaml
index 2d463083da..b7350d7a1d 100644
--- a/nuclei-templates/2023/CVE-2023-5127-cedcad8fb42c104219ce15d5179e2ec0.yaml
+++ b/nuclei-templates/2023/CVE-2023-5127-cedcad8fb42c104219ce15d5179e2ec0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Font Awesome <= 1.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-font-awesome/"
     google-query: inurl:"/wp-content/plugins/wp-font-awesome/"
     shodan-query: 'vuln:CVE-2023-5127'
-  tags: cve,wordpress,wp-plugin,wp-font-awesome,medium
+  tags: cve,wordpress,wp-plugin,wp-font-awesome,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5128-91e768f9e801d14e24ca5019cd490f0a.yaml b/nuclei-templates/2023/CVE-2023-5128-91e768f9e801d14e24ca5019cd490f0a.yaml
index 0c4e9d773b..672b2a3675 100644
--- a/nuclei-templates/2023/CVE-2023-5128-91e768f9e801d14e24ca5019cd490f0a.yaml
+++ b/nuclei-templates/2023/CVE-2023-5128-91e768f9e801d14e24ca5019cd490f0a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TCD Google Maps <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tcd-google-maps/"
     google-query: inurl:"/wp-content/plugins/tcd-google-maps/"
     shodan-query: 'vuln:CVE-2023-5128'
-  tags: cve,wordpress,wp-plugin,tcd-google-maps,medium
+  tags: cve,wordpress,wp-plugin,tcd-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5134-d3595d30820755045dbe80d57c0f600c.yaml b/nuclei-templates/2023/CVE-2023-5134-d3595d30820755045dbe80d57c0f600c.yaml
index e2f8d211f1..4e1b27f4c9 100644
--- a/nuclei-templates/2023/CVE-2023-5134-d3595d30820755045dbe80d57c0f600c.yaml
+++ b/nuclei-templates/2023/CVE-2023-5134-d3595d30820755045dbe80d57c0f600c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-registration-forms/"
     google-query: inurl:"/wp-content/plugins/easy-registration-forms/"
     shodan-query: 'vuln:CVE-2023-5134'
-  tags: cve,wordpress,wp-plugin,easy-registration-forms,medium
+  tags: cve,wordpress,wp-plugin,easy-registration-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5135-0591772600d7345412c5914adc415e3f.yaml b/nuclei-templates/2023/CVE-2023-5135-0591772600d7345412c5914adc415e3f.yaml
index 4e78468ee6..af26905ff6 100644
--- a/nuclei-templates/2023/CVE-2023-5135-0591772600d7345412c5914adc415e3f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5135-0591772600d7345412c5914adc415e3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Cloudflare Turnstile <= 1.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-cloudflare-turnstile/"
     google-query: inurl:"/wp-content/plugins/simple-cloudflare-turnstile/"
     shodan-query: 'vuln:CVE-2023-5135'
-  tags: cve,wordpress,wp-plugin,simple-cloudflare-turnstile,medium
+  tags: cve,wordpress,wp-plugin,simple-cloudflare-turnstile,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51356-12b01b43b57b8f272157206cf06dc3ef.yaml b/nuclei-templates/2023/CVE-2023-51356-12b01b43b57b8f272157206cf06dc3ef.yaml
index ecd242b206..ee51641ae4 100644
--- a/nuclei-templates/2023/CVE-2023-51356-12b01b43b57b8f272157206cf06dc3ef.yaml
+++ b/nuclei-templates/2023/CVE-2023-51356-12b01b43b57b8f272157206cf06dc3ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARMember <= 4.0.10 - Authenticated(Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to privilege escalation due to insufficient input validation in all versions up to, and including, 4.0.10. This makes it possible for authenticated attackers, with subscriber access and above, to escalate their privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/armember-membership/"
     google-query: inurl:"/wp-content/plugins/armember-membership/"
     shodan-query: 'vuln:CVE-2023-51356'
-  tags: cve,wordpress,wp-plugin,armember-membership,high
+  tags: cve,wordpress,wp-plugin,armember-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51357-9549871153d587a10461e3eb973b5757.yaml b/nuclei-templates/2023/CVE-2023-51357-9549871153d587a10461e3eb973b5757.yaml
index 09c11d8dec..a92c37c896 100644
--- a/nuclei-templates/2023/CVE-2023-51357-9549871153d587a10461e3eb973b5757.yaml
+++ b/nuclei-templates/2023/CVE-2023-51357-9549871153d587a10461e3eb973b5757.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conversios.io <= 6.5.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Conversios.io plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the conversios-productsync/v1/cron-productsync REST API endpoint in versions up to, and including, 6.5.0. This makes it possible for unauthenticated attackers to trigger a product sync.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/"
     google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/"
     shodan-query: 'vuln:CVE-2023-51357'
-  tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,medium
+  tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51361-081b4b5984322d0654bd5e7e3e37d073.yaml b/nuclei-templates/2023/CVE-2023-51361-081b4b5984322d0654bd5e7e3e37d073.yaml
index 2c5f4d161f..49d9bc4078 100644
--- a/nuclei-templates/2023/CVE-2023-51361-081b4b5984322d0654bd5e7e3e37d073.yaml
+++ b/nuclei-templates/2023/CVE-2023-51361-081b4b5984322d0654bd5e7e3e37d073.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sticky Chat Widget <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sticky Chat Widget: WhatsApp, Messenger, Click to chat, SMS, Email, Messages, Call Button, Contact form and more Chat buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sticky-chat-widget/"
     google-query: inurl:"/wp-content/plugins/sticky-chat-widget/"
     shodan-query: 'vuln:CVE-2023-51361'
-  tags: cve,wordpress,wp-plugin,sticky-chat-widget,medium
+  tags: cve,wordpress,wp-plugin,sticky-chat-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51362-b8cf7f35198731bb7bfb27771c37478a.yaml b/nuclei-templates/2023/CVE-2023-51362-b8cf7f35198731bb7bfb27771c37478a.yaml
index 70cb9eb667..73e53ff0ee 100644
--- a/nuclei-templates/2023/CVE-2023-51362-b8cf7f35198731bb7bfb27771c37478a.yaml
+++ b/nuclei-templates/2023/CVE-2023-51362-b8cf7f35198731bb7bfb27771c37478a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-one Floating Contact Form – My Sticky Elements <= 2.1.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The All-in-one Floating Contact Form – My Sticky Elements plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mystickyelements/"
     google-query: inurl:"/wp-content/plugins/mystickyelements/"
     shodan-query: 'vuln:CVE-2023-51362'
-  tags: cve,wordpress,wp-plugin,mystickyelements,medium
+  tags: cve,wordpress,wp-plugin,mystickyelements,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5137-01f45554766c9d4c4656369fac530065.yaml b/nuclei-templates/2023/CVE-2023-5137-01f45554766c9d4c4656369fac530065.yaml
index 6ba826bc90..9845b1119a 100644
--- a/nuclei-templates/2023/CVE-2023-5137-01f45554766c9d4c4656369fac530065.yaml
+++ b/nuclei-templates/2023/CVE-2023-5137-01f45554766c9d4c4656369fac530065.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simply Excerpts <= 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simply Excerpts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simply-excerpts/"
     google-query: inurl:"/wp-content/plugins/simply-excerpts/"
     shodan-query: 'vuln:CVE-2023-5137'
-  tags: cve,wordpress,wp-plugin,simply-excerpts,medium
+  tags: cve,wordpress,wp-plugin,simply-excerpts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51370-b8a0ef29774cb506ae49e9736f363d94.yaml b/nuclei-templates/2023/CVE-2023-51370-b8a0ef29774cb506ae49e9736f363d94.yaml
index 97e0b4878f..c29f19ba0d 100644
--- a/nuclei-templates/2023/CVE-2023-51370-b8a0ef29774cb506ae49e9736f363d94.yaml
+++ b/nuclei-templates/2023/CVE-2023-51370-b8a0ef29774cb506ae49e9736f363d94.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Chat App <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-whatsapp/"
     google-query: inurl:"/wp-content/plugins/wp-whatsapp/"
     shodan-query: 'vuln:CVE-2023-51370'
-  tags: cve,wordpress,wp-plugin,wp-whatsapp,medium
+  tags: cve,wordpress,wp-plugin,wp-whatsapp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51371-5ca89842f69cd4e87dbd74d08645e3d9.yaml b/nuclei-templates/2023/CVE-2023-51371-5ca89842f69cd4e87dbd74d08645e3d9.yaml
index c3549a68ff..6adafceec6 100644
--- a/nuclei-templates/2023/CVE-2023-51371-5ca89842f69cd4e87dbd74d08645e3d9.yaml
+++ b/nuclei-templates/2023/CVE-2023-51371-5ca89842f69cd4e87dbd74d08645e3d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bit Assist <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bit Assist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bit-assist/"
     google-query: inurl:"/wp-content/plugins/bit-assist/"
     shodan-query: 'vuln:CVE-2023-51371'
-  tags: cve,wordpress,wp-plugin,bit-assist,medium
+  tags: cve,wordpress,wp-plugin,bit-assist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51372-cc04fc647a83c5a0bf41904a11665f19.yaml b/nuclei-templates/2023/CVE-2023-51372-cc04fc647a83c5a0bf41904a11665f19.yaml
index 09d98ebac9..c10bcfb39c 100644
--- a/nuclei-templates/2023/CVE-2023-51372-cc04fc647a83c5a0bf41904a11665f19.yaml
+++ b/nuclei-templates/2023/CVE-2023-51372-cc04fc647a83c5a0bf41904a11665f19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HashBar – WordPress Notification Bar <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HashBar – WordPress Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hashbar-wp-notification-bar/"
     google-query: inurl:"/wp-content/plugins/hashbar-wp-notification-bar/"
     shodan-query: 'vuln:CVE-2023-51372'
-  tags: cve,wordpress,wp-plugin,hashbar-wp-notification-bar,medium
+  tags: cve,wordpress,wp-plugin,hashbar-wp-notification-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51374-3b122e7dd636f2979e4419665efeeeb4.yaml b/nuclei-templates/2023/CVE-2023-51374-3b122e7dd636f2979e4419665efeeeb4.yaml
index f0630b6e15..a1a9165d4c 100644
--- a/nuclei-templates/2023/CVE-2023-51374-3b122e7dd636f2979e4419665efeeeb4.yaml
+++ b/nuclei-templates/2023/CVE-2023-51374-3b122e7dd636f2979e4419665efeeeb4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ZeroBounce Email Verification & Validation <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ZeroBounce Email Verification & Validation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zerobounce/"
     google-query: inurl:"/wp-content/plugins/zerobounce/"
     shodan-query: 'vuln:CVE-2023-51374'
-  tags: cve,wordpress,wp-plugin,zerobounce,medium
+  tags: cve,wordpress,wp-plugin,zerobounce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51376-c6a13766dfee309169a154d6bf63adc3.yaml b/nuclei-templates/2023/CVE-2023-51376-c6a13766dfee309169a154d6bf63adc3.yaml
index 2a77b390d5..40fc29002d 100644
--- a/nuclei-templates/2023/CVE-2023-51376-c6a13766dfee309169a154d6bf63adc3.yaml
+++ b/nuclei-templates/2023/CVE-2023-51376-c6a13766dfee309169a154d6bf63adc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProjectHuddle Client Site <= 1.0.34 - Missing Authorization via ph_child_ajax_notice_handler
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ProjectHuddle Client Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ph_child_ajax_notice_handler' function in versions up to, and including, 1.0.34. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss admin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/projecthuddle-child-site/"
     google-query: inurl:"/wp-content/plugins/projecthuddle-child-site/"
     shodan-query: 'vuln:CVE-2023-51376'
-  tags: cve,wordpress,wp-plugin,projecthuddle-child-site,medium
+  tags: cve,wordpress,wp-plugin,projecthuddle-child-site,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51396-9ac7de23b3d67dbdcd278f6e1494759d.yaml b/nuclei-templates/2023/CVE-2023-51396-9ac7de23b3d67dbdcd278f6e1494759d.yaml
index a99576d7a5..4f4b4369c4 100644
--- a/nuclei-templates/2023/CVE-2023-51396-9ac7de23b3d67dbdcd278f6e1494759d.yaml
+++ b/nuclei-templates/2023/CVE-2023-51396-9ac7de23b3d67dbdcd278f6e1494759d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy <= 2.4.29 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:CVE-2023-51396'
-  tags: cve,wordpress,wp-plugin,brizy,medium
+  tags: cve,wordpress,wp-plugin,brizy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51397-07a16aaf94526ab4a5492ec25d7bc965.yaml b/nuclei-templates/2023/CVE-2023-51397-07a16aaf94526ab4a5492ec25d7bc965.yaml
index 7b65e673e1..e321a4cfc3 100644
--- a/nuclei-templates/2023/CVE-2023-51397-07a16aaf94526ab4a5492ec25d7bc965.yaml
+++ b/nuclei-templates/2023/CVE-2023-51397-07a16aaf94526ab4a5492ec25d7bc965.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Remote Site Search <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Remote Site Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 
     'max_results' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
@@ -18,7 +18,7 @@ info:
     fofa-query: "wp-content/plugins/wp-remote-site-search/"
     google-query: inurl:"/wp-content/plugins/wp-remote-site-search/"
     shodan-query: 'vuln:CVE-2023-51397'
-  tags: cve,wordpress,wp-plugin,wp-remote-site-search,medium
+  tags: cve,wordpress,wp-plugin,wp-remote-site-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51398-1c74e3df9173084b9bb7ea805c234e58.yaml b/nuclei-templates/2023/CVE-2023-51398-1c74e3df9173084b9bb7ea805c234e58.yaml
index 822d8c04ee..a88ba1cd3d 100644
--- a/nuclei-templates/2023/CVE-2023-51398-1c74e3df9173084b9bb7ea805c234e58.yaml
+++ b/nuclei-templates/2023/CVE-2023-51398-1c74e3df9173084b9bb7ea805c234e58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Beaver Builder <= 1.35.14 - Authenticated(Contributor+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ultimate Addons for Beaver Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.35.14. This makes it possible for authenticated attackers, with contributor access and above, to escalate their privileges to those of a higher level user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bb-ultimate-addon/"
     google-query: inurl:"/wp-content/plugins/bb-ultimate-addon/"
     shodan-query: 'vuln:CVE-2023-51398'
-  tags: cve,wordpress,wp-plugin,bb-ultimate-addon,high
+  tags: cve,wordpress,wp-plugin,bb-ultimate-addon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51399-9a6e06a6f52e0f7856e09ef8ac51eff2.yaml b/nuclei-templates/2023/CVE-2023-51399-9a6e06a6f52e0f7856e09ef8ac51eff2.yaml
index 7eec2ac221..05822889c1 100644
--- a/nuclei-templates/2023/CVE-2023-51399-9a6e06a6f52e0f7856e09ef8ac51eff2.yaml
+++ b/nuclei-templates/2023/CVE-2023-51399-9a6e06a6f52e0f7856e09ef8ac51eff2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Back Button Widget <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Back Button Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/back-button-widget/"
     google-query: inurl:"/wp-content/plugins/back-button-widget/"
     shodan-query: 'vuln:CVE-2023-51399'
-  tags: cve,wordpress,wp-plugin,back-button-widget,medium
+  tags: cve,wordpress,wp-plugin,back-button-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51401-8495527ac09a59599c4f06adeea443c8.yaml b/nuclei-templates/2023/CVE-2023-51401-8495527ac09a59599c4f06adeea443c8.yaml
index 4f291a4d49..96a409de79 100644
--- a/nuclei-templates/2023/CVE-2023-51401-8495527ac09a59599c4f06adeea443c8.yaml
+++ b/nuclei-templates/2023/CVE-2023-51401-8495527ac09a59599c4f06adeea443c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Beaver Builder <= 1.35.13 - Authenticated(Contributor+) Directory Traversal to Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Addons for Beaver Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.35.13. This makes it possible for authenticated attackers, with Contributor access and above, to read the contents of a limited subset of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bb-ultimate-addon/"
     google-query: inurl:"/wp-content/plugins/bb-ultimate-addon/"
     shodan-query: 'vuln:CVE-2023-51401'
-  tags: cve,wordpress,wp-plugin,bb-ultimate-addon,medium
+  tags: cve,wordpress,wp-plugin,bb-ultimate-addon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51403-bb149be73e11ebe0c3b568543b54c91e.yaml b/nuclei-templates/2023/CVE-2023-51403-bb149be73e11ebe0c3b568543b54c91e.yaml
index a4669fc152..10057d19bd 100644
--- a/nuclei-templates/2023/CVE-2023-51403-bb149be73e11ebe0c3b568543b54c91e.yaml
+++ b/nuclei-templates/2023/CVE-2023-51403-bb149be73e11ebe0c3b568543b54c91e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restaurant Reservations <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Restaurant Reservations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-restaurant-reservations/"
     google-query: inurl:"/wp-content/plugins/nd-restaurant-reservations/"
     shodan-query: 'vuln:CVE-2023-51403'
-  tags: cve,wordpress,wp-plugin,nd-restaurant-reservations,medium
+  tags: cve,wordpress,wp-plugin,nd-restaurant-reservations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51404-b91180f6c8ba3f8d6ff100d044a9837c.yaml b/nuclei-templates/2023/CVE-2023-51404-b91180f6c8ba3f8d6ff100d044a9837c.yaml
index 8b941d5462..69cbd1c193 100644
--- a/nuclei-templates/2023/CVE-2023-51404-b91180f6c8ba3f8d6ff100d044a9837c.yaml
+++ b/nuclei-templates/2023/CVE-2023-51404-b91180f6c8ba3f8d6ff100d044a9837c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Agile Privacy <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vis Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The My Agile Privacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/myagileprivacy/"
     google-query: inurl:"/wp-content/plugins/myagileprivacy/"
     shodan-query: 'vuln:CVE-2023-51404'
-  tags: cve,wordpress,wp-plugin,myagileprivacy,medium
+  tags: cve,wordpress,wp-plugin,myagileprivacy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51410-31c57eb5baf7bb0acd957fca651b5df2.yaml b/nuclei-templates/2023/CVE-2023-51410-31c57eb5baf7bb0acd957fca651b5df2.yaml
index 56883a8ed3..b786c046bd 100644
--- a/nuclei-templates/2023/CVE-2023-51410-31c57eb5baf7bb0acd957fca651b5df2.yaml
+++ b/nuclei-templates/2023/CVE-2023-51410-31c57eb5baf7bb0acd957fca651b5df2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mail Log Plugin <= 1.1.2 - Authenticated(Contributor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Mail Log plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'send_email' function in all versions up to and including 1.1.2. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2023-5673 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-log/"
     google-query: inurl:"/wp-content/plugins/wp-mail-log/"
     shodan-query: 'vuln:CVE-2023-51410'
-  tags: cve,wordpress,wp-plugin,wp-mail-log,high
+  tags: cve,wordpress,wp-plugin,wp-mail-log,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51413-7ac0863d03c3cdd406341dca9d25711a.yaml b/nuclei-templates/2023/CVE-2023-51413-7ac0863d03c3cdd406341dca9d25711a.yaml
index 18a3892dde..15a43750cd 100644
--- a/nuclei-templates/2023/CVE-2023-51413-7ac0863d03c3cdd406341dca9d25711a.yaml
+++ b/nuclei-templates/2023/CVE-2023-51413-7ac0863d03c3cdd406341dca9d25711a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Piotnet Forms <= 1.0.25 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Piotnet Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.0.25. This makes it possible for unauthenticated attackers to save draft posts and download arbitrary JSON files from the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/piotnetforms/"
     google-query: inurl:"/wp-content/plugins/piotnetforms/"
     shodan-query: 'vuln:CVE-2023-51413'
-  tags: cve,wordpress,wp-plugin,piotnetforms,medium
+  tags: cve,wordpress,wp-plugin,piotnetforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51414-514cd5f6862b902abdfe45e0c2ceab5f.yaml b/nuclei-templates/2023/CVE-2023-51414-514cd5f6862b902abdfe45e0c2ceab5f.yaml
index a8545036fc..8fe07fca83 100644
--- a/nuclei-templates/2023/CVE-2023-51414-514cd5f6862b902abdfe45e0c2ceab5f.yaml
+++ b/nuclei-templates/2023/CVE-2023-51414-514cd5f6862b902abdfe45e0c2ceab5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EnvíaloSimple <= 2.1 Unauthenticated PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/"
     google-query: inurl:"/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/"
     shodan-query: 'vuln:CVE-2023-51414'
-  tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,medium
+  tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51415-57ba3dbc250a048ad4a278836ea777a0.yaml b/nuclei-templates/2023/CVE-2023-51415-57ba3dbc250a048ad4a278836ea777a0.yaml
index 136771a0e6..6e021ff053 100644
--- a/nuclei-templates/2023/CVE-2023-51415-57ba3dbc250a048ad4a278836ea777a0.yaml
+++ b/nuclei-templates/2023/CVE-2023-51415-57ba3dbc250a048ad4a278836ea777a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2023-51415'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51417-f64345cda7b5204d1b37828da4e7e5ea.yaml b/nuclei-templates/2023/CVE-2023-51417-f64345cda7b5204d1b37828da4e7e5ea.yaml
index 9a8d767ee6..d6e8200d7b 100644
--- a/nuclei-templates/2023/CVE-2023-51417-f64345cda7b5204d1b37828da4e7e5ea.yaml
+++ b/nuclei-templates/2023/CVE-2023-51417-f64345cda7b5204d1b37828da4e7e5ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JVM rich text icons <= 1.2.3 - Authenticated(Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The JVM Gutenberg Rich Text Icons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload_icon' function in all versions up to and including 1.2.3. This makes it possible for authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jvm-rich-text-icons/"
     google-query: inurl:"/wp-content/plugins/jvm-rich-text-icons/"
     shodan-query: 'vuln:CVE-2023-51417'
-  tags: cve,wordpress,wp-plugin,jvm-rich-text-icons,high
+  tags: cve,wordpress,wp-plugin,jvm-rich-text-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51418-cbde558e3503539352816240255a9c09.yaml b/nuclei-templates/2023/CVE-2023-51418-cbde558e3503539352816240255a9c09.yaml
index ba861ae759..63a65b7a23 100644
--- a/nuclei-templates/2023/CVE-2023-51418-cbde558e3503539352816240255a9c09.yaml
+++ b/nuclei-templates/2023/CVE-2023-51418-cbde558e3503539352816240255a9c09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JVM rich text icons <= 1.2.6 - Directory Traversal to Authenticated(Subscriber+) Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The JVM Gutenberg Rich Text Icons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the 'file' parameter. This makes it possible for authenticated attackers, with subscriber access and above, to delete arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jvm-rich-text-icons/"
     google-query: inurl:"/wp-content/plugins/jvm-rich-text-icons/"
     shodan-query: 'vuln:CVE-2023-51418'
-  tags: cve,wordpress,wp-plugin,jvm-rich-text-icons,high
+  tags: cve,wordpress,wp-plugin,jvm-rich-text-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51421-61bd18cfe47ff36978c91845f9ffc1e4.yaml b/nuclei-templates/2023/CVE-2023-51421-61bd18cfe47ff36978c91845f9ffc1e4.yaml
index c6a83881b5..0e6a320b90 100644
--- a/nuclei-templates/2023/CVE-2023-51421-61bd18cfe47ff36978c91845f9ffc1e4.yaml
+++ b/nuclei-templates/2023/CVE-2023-51421-61bd18cfe47ff36978c91845f9ffc1e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Verge3D <= 4.5.2 - Authenticated(Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Verge3D Publishing and E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'v3d_upload_app_file' function in all versions up to, and including, 4.5.2. This makes it possible for authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2023-51420 may be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/verge3d/"
     google-query: inurl:"/wp-content/plugins/verge3d/"
     shodan-query: 'vuln:CVE-2023-51421'
-  tags: cve,wordpress,wp-plugin,verge3d,high
+  tags: cve,wordpress,wp-plugin,verge3d,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51422-5178d59b66e68e951d4f7950c9fe1897.yaml b/nuclei-templates/2023/CVE-2023-51422-5178d59b66e68e951d4f7950c9fe1897.yaml
index 166e85fe89..9e22b39844 100644
--- a/nuclei-templates/2023/CVE-2023-51422-5178d59b66e68e951d4f7950c9fe1897.yaml
+++ b/nuclei-templates/2023/CVE-2023-51422-5178d59b66e68e951d4f7950c9fe1897.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebinarIgnition <= 3.05.0 - Authenticated(Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.05.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webinar-ignition/"
     google-query: inurl:"/wp-content/plugins/webinar-ignition/"
     shodan-query: 'vuln:CVE-2023-51422'
-  tags: cve,wordpress,wp-plugin,webinar-ignition,high
+  tags: cve,wordpress,wp-plugin,webinar-ignition,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51424-248f6a7272fbf1cbf24050ac1a199f58.yaml b/nuclei-templates/2023/CVE-2023-51424-248f6a7272fbf1cbf24050ac1a199f58.yaml
index 490f05adb5..d0811bf030 100644
--- a/nuclei-templates/2023/CVE-2023-51424-248f6a7272fbf1cbf24050ac1a199f58.yaml
+++ b/nuclei-templates/2023/CVE-2023-51424-248f6a7272fbf1cbf24050ac1a199f58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebinarIgnition <= 3.05.0 - Missing Authorization to Unauthenticated Privilege Escalation
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.05.0. This makes it possible for unauthenticated attackers to escalate their privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webinar-ignition/"
     google-query: inurl:"/wp-content/plugins/webinar-ignition/"
     shodan-query: 'vuln:CVE-2023-51424'
-  tags: cve,wordpress,wp-plugin,webinar-ignition,critical
+  tags: cve,wordpress,wp-plugin,webinar-ignition,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51470-219b72efe5cc6f0e217f743d6fbc88d5.yaml b/nuclei-templates/2023/CVE-2023-51470-219b72efe5cc6f0e217f743d6fbc88d5.yaml
index df98ad12aa..057173355d 100644
--- a/nuclei-templates/2023/CVE-2023-51470-219b72efe5cc6f0e217f743d6fbc88d5.yaml
+++ b/nuclei-templates/2023/CVE-2023-51470-219b72efe5cc6f0e217f743d6fbc88d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rencontre – Dating Site <= 3.11.1 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Rencontre – Dating Site plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.11.1 via deserialization of untrusted input through the 'SearchResultP' parameter. This makes it possible for attackers with subscriber level access or higher to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rencontre/"
     google-query: inurl:"/wp-content/plugins/rencontre/"
     shodan-query: 'vuln:CVE-2023-51470'
-  tags: cve,wordpress,wp-plugin,rencontre,high
+  tags: cve,wordpress,wp-plugin,rencontre,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51471-1e6a2a2317e6c0646d9912b475c2283c.yaml b/nuclei-templates/2023/CVE-2023-51471-1e6a2a2317e6c0646d9912b475c2283c.yaml
index 61e67284ee..657d40e817 100644
--- a/nuclei-templates/2023/CVE-2023-51471-1e6a2a2317e6c0646d9912b475c2283c.yaml
+++ b/nuclei-templates/2023/CVE-2023-51471-1e6a2a2317e6c0646d9912b475c2283c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Checkout Mestres WP <= 7.1.9.6 - Missing Authorization to Unauthenticated Arbitrary Options Update
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Checkout Mestres WP plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.1.9.6. This makes it possible for unauthenticated attackers to update arbitrary site options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/checkout-mestres-wp/"
     google-query: inurl:"/wp-content/plugins/checkout-mestres-wp/"
     shodan-query: 'vuln:CVE-2023-51471'
-  tags: cve,wordpress,wp-plugin,checkout-mestres-wp,critical
+  tags: cve,wordpress,wp-plugin,checkout-mestres-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51474-4be3fece7979d31adacbce90e5c628f3.yaml b/nuclei-templates/2023/CVE-2023-51474-4be3fece7979d31adacbce90e5c628f3.yaml
index 3ddac834a0..8ca505142e 100644
--- a/nuclei-templates/2023/CVE-2023-51474-4be3fece7979d31adacbce90e5c628f3.yaml
+++ b/nuclei-templates/2023/CVE-2023-51474-4be3fece7979d31adacbce90e5c628f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TerraClassifieds <= 2.0.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The TerraClassifieds plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to initiate a site takeover via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/terraclassifieds/"
     google-query: inurl:"/wp-content/plugins/terraclassifieds/"
     shodan-query: 'vuln:CVE-2023-51474'
-  tags: cve,wordpress,wp-plugin,terraclassifieds,high
+  tags: cve,wordpress,wp-plugin,terraclassifieds,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51477-ab3814e3ae070036041f3fc37ac29f36.yaml b/nuclei-templates/2023/CVE-2023-51477-ab3814e3ae070036041f3fc37ac29f36.yaml
index 09c7d4b12a..7709fa2d20 100644
--- a/nuclei-templates/2023/CVE-2023-51477-ab3814e3ae070036041f3fc37ac29f36.yaml
+++ b/nuclei-templates/2023/CVE-2023-51477-ab3814e3ae070036041f3fc37ac29f36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyBoss Theme <= 2.4.60 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BuddyBoss Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unspecified function in all versions up to, and including, 2.4.60. This makes it possible for unauthenticated attackers to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/buddyboss-theme/"
     google-query: inurl:"/wp-content/themes/buddyboss-theme/"
     shodan-query: 'vuln:CVE-2023-51477'
-  tags: cve,wordpress,wp-theme,buddyboss-theme,medium
+  tags: cve,wordpress,wp-theme,buddyboss-theme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51479-26189f152df8893b52731b2bdd16e94e.yaml b/nuclei-templates/2023/CVE-2023-51479-26189f152df8893b52731b2bdd16e94e.yaml
index 6be651b046..13e31cb59b 100644
--- a/nuclei-templates/2023/CVE-2023-51479-26189f152df8893b52731b2bdd16e94e.yaml
+++ b/nuclei-templates/2023/CVE-2023-51479-26189f152df8893b52731b2bdd16e94e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Build App Online <= 1.0.19 - Missing Authorization Authenticated(Subscriber+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Build App Online plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_user_meta_value' function in all versions up to, and including, 1.0.19. This makes it possible for authenticated attackers, with subscriber access and above, to update arbitrary user meta values and grant themselves administrator privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/build-app-online/"
     google-query: inurl:"/wp-content/plugins/build-app-online/"
     shodan-query: 'vuln:CVE-2023-51479'
-  tags: cve,wordpress,wp-plugin,build-app-online,high
+  tags: cve,wordpress,wp-plugin,build-app-online,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51480-6a4904a703851349707d8d3d078c2123.yaml b/nuclei-templates/2023/CVE-2023-51480-6a4904a703851349707d8d3d078c2123.yaml
index 11a9e657c9..bd9346c7e2 100644
--- a/nuclei-templates/2023/CVE-2023-51480-6a4904a703851349707d8d3d078c2123.yaml
+++ b/nuclei-templates/2023/CVE-2023-51480-6a4904a703851349707d8d3d078c2123.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Active Products Tables for WooCommerce <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-51480'
-  tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51482-f1ab4812b24f2e95426a9a9673c2032b.yaml b/nuclei-templates/2023/CVE-2023-51482-f1ab4812b24f2e95426a9a9673c2032b.yaml
index 306a3f575e..884e497669 100644
--- a/nuclei-templates/2023/CVE-2023-51482-f1ab4812b24f2e95426a9a9673c2032b.yaml
+++ b/nuclei-templates/2023/CVE-2023-51482-f1ab4812b24f2e95426a9a9673c2032b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Eazy Plugin Manager <= 4.1.2 - Missing Authorization via update_options
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Eazy Plugin Manager – Powerful Plugin Management Solution for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_options' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/plugins-on-steroids/"
     google-query: inurl:"/wp-content/plugins/plugins-on-steroids/"
     shodan-query: 'vuln:CVE-2023-51482'
-  tags: cve,wordpress,wp-plugin,plugins-on-steroids,medium
+  tags: cve,wordpress,wp-plugin,plugins-on-steroids,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51485-e6cf650c13f11df4cb2b334fe314415e.yaml b/nuclei-templates/2023/CVE-2023-51485-e6cf650c13f11df4cb2b334fe314415e.yaml
index a589aaa3fd..953298bfc5 100644
--- a/nuclei-templates/2023/CVE-2023-51485-e6cf650c13f11df4cb2b334fe314415e.yaml
+++ b/nuclei-templates/2023/CVE-2023-51485-e6cf650c13f11df4cb2b334fe314415e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pay with Vipps for WooCommerce <= 1.14.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pay with Vipps for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the buy now button in versions up to, and including, 1.14.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-vipps/"
     google-query: inurl:"/wp-content/plugins/woo-vipps/"
     shodan-query: 'vuln:CVE-2023-51485'
-  tags: cve,wordpress,wp-plugin,woo-vipps,medium
+  tags: cve,wordpress,wp-plugin,woo-vipps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51492-a5beaca14051398b5a8cac72b33e8606.yaml b/nuclei-templates/2023/CVE-2023-51492-a5beaca14051398b5a8cac72b33e8606.yaml
index f10284e708..ff9c071427 100644
--- a/nuclei-templates/2023/CVE-2023-51492-a5beaca14051398b5a8cac72b33e8606.yaml
+++ b/nuclei-templates/2023/CVE-2023-51492-a5beaca14051398b5a8cac72b33e8606.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     If-So Dynamic Content Personalization <= 1.6.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/if-so/"
     google-query: inurl:"/wp-content/plugins/if-so/"
     shodan-query: 'vuln:CVE-2023-51492'
-  tags: cve,wordpress,wp-plugin,if-so,medium
+  tags: cve,wordpress,wp-plugin,if-so,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51493-90dc0d96ef7711389c28489eadab8c4d.yaml b/nuclei-templates/2023/CVE-2023-51493-90dc0d96ef7711389c28489eadab8c4d.yaml
index cab7439e61..c9cd3773e2 100644
--- a/nuclei-templates/2023/CVE-2023-51493-90dc0d96ef7711389c28489eadab8c4d.yaml
+++ b/nuclei-templates/2023/CVE-2023-51493-90dc0d96ef7711389c28489eadab8c4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Post Carousels with Owl <= 1.4.6 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Post Carousels with Owl plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dd-post-carousel/"
     google-query: inurl:"/wp-content/plugins/dd-post-carousel/"
     shodan-query: 'vuln:CVE-2023-51493'
-  tags: cve,wordpress,wp-plugin,dd-post-carousel,medium
+  tags: cve,wordpress,wp-plugin,dd-post-carousel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51494-e78a0243a637937a0520333d07ecbb4e.yaml b/nuclei-templates/2023/CVE-2023-51494-e78a0243a637937a0520333d07ecbb4e.yaml
index 34e7271371..3aed13e3fa 100644
--- a/nuclei-templates/2023/CVE-2023-51494-e78a0243a637937a0520333d07ecbb4e.yaml
+++ b/nuclei-templates/2023/CVE-2023-51494-e78a0243a637937a0520333d07ecbb4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Product Vendors <= 2.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-vendors/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-vendors/"
     shodan-query: 'vuln:CVE-2023-51494'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51495-17db65035566800d21b599e4302d577c.yaml b/nuclei-templates/2023/CVE-2023-51495-17db65035566800d21b599e4302d577c.yaml
index 8af0fb1b4e..728d18444c 100644
--- a/nuclei-templates/2023/CVE-2023-51495-17db65035566800d21b599e4302d577c.yaml
+++ b/nuclei-templates/2023/CVE-2023-51495-17db65035566800d21b599e4302d577c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Warranty Requests <= 2.2.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-warranty/"
     google-query: inurl:"/wp-content/plugins/woocommerce-warranty/"
     shodan-query: 'vuln:CVE-2023-51495'
-  tags: cve,wordpress,wp-plugin,woocommerce-warranty,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-warranty,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51496-90191aff4f4fd94ead6048a6f9309bb7.yaml b/nuclei-templates/2023/CVE-2023-51496-90191aff4f4fd94ead6048a6f9309bb7.yaml
index fa5ccae9ce..f8f9021147 100644
--- a/nuclei-templates/2023/CVE-2023-51496-90191aff4f4fd94ead6048a6f9309bb7.yaml
+++ b/nuclei-templates/2023/CVE-2023-51496-90191aff4f4fd94ead6048a6f9309bb7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Warranty Requests <= 2.2.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-warranty/"
     google-query: inurl:"/wp-content/plugins/woocommerce-warranty/"
     shodan-query: 'vuln:CVE-2023-51496'
-  tags: cve,wordpress,wp-plugin,woocommerce-warranty,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-warranty,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51497-2fa400cde48ebbb1e062c53ea041ad86.yaml b/nuclei-templates/2023/CVE-2023-51497-2fa400cde48ebbb1e062c53ea041ad86.yaml
index c04a09976f..6e7bff8f02 100644
--- a/nuclei-templates/2023/CVE-2023-51497-2fa400cde48ebbb1e062c53ea041ad86.yaml
+++ b/nuclei-templates/2023/CVE-2023-51497-2fa400cde48ebbb1e062c53ea041ad86.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Ship to Multiple Addresses <= 3.8.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized action due to a missing capability check on a function in versions up to, and including, 3.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-shipping-multiple-addresses/"
     google-query: inurl:"/wp-content/plugins/woocommerce-shipping-multiple-addresses/"
     shodan-query: 'vuln:CVE-2023-51497'
-  tags: cve,wordpress,wp-plugin,woocommerce-shipping-multiple-addresses,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-shipping-multiple-addresses,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51498-df5510828b9908f177a3676bf0d29efa.yaml b/nuclei-templates/2023/CVE-2023-51498-df5510828b9908f177a3676bf0d29efa.yaml
index 6a71ab1098..e1f591aee6 100644
--- a/nuclei-templates/2023/CVE-2023-51498-df5510828b9908f177a3676bf0d29efa.yaml
+++ b/nuclei-templates/2023/CVE-2023-51498-df5510828b9908f177a3676bf0d29efa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Canada Post Shipping <= 2.8.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Canada Post Shipping plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a  function in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-shipping-canada-post/"
     google-query: inurl:"/wp-content/plugins/woocommerce-shipping-canada-post/"
     shodan-query: 'vuln:CVE-2023-51498'
-  tags: cve,wordpress,wp-plugin,woocommerce-shipping-canada-post,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-shipping-canada-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51499-40b2ce035ef569465fd6e4b21f17410c.yaml b/nuclei-templates/2023/CVE-2023-51499-40b2ce035ef569465fd6e4b21f17410c.yaml
index 03b15d53d4..e61410eeb2 100644
--- a/nuclei-templates/2023/CVE-2023-51499-40b2ce035ef569465fd6e4b21f17410c.yaml
+++ b/nuclei-templates/2023/CVE-2023-51499-40b2ce035ef569465fd6e4b21f17410c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Shipping Per Product <= 2.5.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Shipping Per Product plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with customer-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-shipping-per-product/"
     google-query: inurl:"/wp-content/plugins/woocommerce-shipping-per-product/"
     shodan-query: 'vuln:CVE-2023-51499'
-  tags: cve,wordpress,wp-plugin,woocommerce-shipping-per-product,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-shipping-per-product,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51500-9ed7e89f3675608a54d511e5410f33f1.yaml b/nuclei-templates/2023/CVE-2023-51500-9ed7e89f3675608a54d511e5410f33f1.yaml
index 039691fac4..4c4b3c0f50 100644
--- a/nuclei-templates/2023/CVE-2023-51500-9ed7e89f3675608a54d511e5410f33f1.yaml
+++ b/nuclei-templates/2023/CVE-2023-51500-9ed7e89f3675608a54d511e5410f33f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uncode Core <= 2.8.8 - Authenticated (Subscriber+) Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The uncode-core plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers with subscriber level access or higher to delete arbitrary files on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uncode-core/"
     google-query: inurl:"/wp-content/plugins/uncode-core/"
     shodan-query: 'vuln:CVE-2023-51500'
-  tags: cve,wordpress,wp-plugin,uncode-core,high
+  tags: cve,wordpress,wp-plugin,uncode-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51504-1c6832c32d7ec7d1a800137a443af3a0.yaml b/nuclei-templates/2023/CVE-2023-51504-1c6832c32d7ec7d1a800137a443af3a0.yaml
index 236bc9131e..1a362d96f1 100644
--- a/nuclei-templates/2023/CVE-2023-51504-1c6832c32d7ec7d1a800137a443af3a0.yaml
+++ b/nuclei-templates/2023/CVE-2023-51504-1c6832c32d7ec7d1a800137a443af3a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dan's Embedder for Google Calendar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dan's Embedder for Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dans-gcal/"
     google-query: inurl:"/wp-content/plugins/dans-gcal/"
     shodan-query: 'vuln:CVE-2023-51504'
-  tags: cve,wordpress,wp-plugin,dans-gcal,medium
+  tags: cve,wordpress,wp-plugin,dans-gcal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51506-d88f90595d62f553e29356fc831883af.yaml b/nuclei-templates/2023/CVE-2023-51506-d88f90595d62f553e29356fc831883af.yaml
index 6246c56743..4f5f0a370c 100644
--- a/nuclei-templates/2023/CVE-2023-51506-d88f90595d62f553e29356fc831883af.yaml
+++ b/nuclei-templates/2023/CVE-2023-51506-d88f90595d62f553e29356fc831883af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPCS – WordPress Currency Switcher Professional <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/currency-switcher/"
     google-query: inurl:"/wp-content/plugins/currency-switcher/"
     shodan-query: 'vuln:CVE-2023-51506'
-  tags: cve,wordpress,wp-plugin,currency-switcher,medium
+  tags: cve,wordpress,wp-plugin,currency-switcher,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51507-be8ed34a1e61e6308ab867606f425e64.yaml b/nuclei-templates/2023/CVE-2023-51507-be8ed34a1e61e6308ab867606f425e64.yaml
index e331ce49ef..029a0fb503 100644
--- a/nuclei-templates/2023/CVE-2023-51507-be8ed34a1e61e6308ab867606f425e64.yaml
+++ b/nuclei-templates/2023/CVE-2023-51507-be8ed34a1e61e6308ab867606f425e64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 8.1.16 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quiz And Survey Master plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions in versions up to, and including, 8.1.16. This makes it possible for unauthenticated attackers to invoke this function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2023-51507'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51511-a64fce4b936462ae9966af0a7b1ddcf3.yaml b/nuclei-templates/2023/CVE-2023-51511-a64fce4b936462ae9966af0a7b1ddcf3.yaml
index f5eeb7e177..c4d260d798 100644
--- a/nuclei-templates/2023/CVE-2023-51511-a64fce4b936462ae9966af0a7b1ddcf3.yaml
+++ b/nuclei-templates/2023/CVE-2023-51511-a64fce4b936462ae9966af0a7b1ddcf3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster Elite for WooCommerce <= 7.1.2 - Authenticated(Subscriber+) Content Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster Elite for WooCommerce plugin for WordPress is vulnerable to content injection via an unknown parameter in all versions up to and including 7.1.2 due to insufficient capability checks. This makes it possible for authenticated attackers, with subscriber access and above, to create and edit content using the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-51511'
-  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51513-51cc9e8778ef47abd167df4053287906.yaml b/nuclei-templates/2023/CVE-2023-51513-51cc9e8778ef47abd167df4053287906.yaml
index 8c553886a5..765af147f4 100644
--- a/nuclei-templates/2023/CVE-2023-51513-51cc9e8778ef47abd167df4053287906.yaml
+++ b/nuclei-templates/2023/CVE-2023-51513-51cc9e8778ef47abd167df4053287906.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Geo Controller <= 8.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Geo Controller plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 8.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf-geoplugin/"
     google-query: inurl:"/wp-content/plugins/cf-geoplugin/"
     shodan-query: 'vuln:CVE-2023-51513'
-  tags: cve,wordpress,wp-plugin,cf-geoplugin,medium
+  tags: cve,wordpress,wp-plugin,cf-geoplugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51514-de7d8d5a0d1dee1ddf8eeecb2547d31f.yaml b/nuclei-templates/2023/CVE-2023-51514-de7d8d5a0d1dee1ddf8eeecb2547d31f.yaml
index ce6575e569..96c1b44d25 100644
--- a/nuclei-templates/2023/CVE-2023-51514-de7d8d5a0d1dee1ddf8eeecb2547d31f.yaml
+++ b/nuclei-templates/2023/CVE-2023-51514-de7d8d5a0d1dee1ddf8eeecb2547d31f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CBX Bookmark & Favorite <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CBX Bookmark & Favorite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cbxwpbookmark/"
     google-query: inurl:"/wp-content/plugins/cbxwpbookmark/"
     shodan-query: 'vuln:CVE-2023-51514'
-  tags: cve,wordpress,wp-plugin,cbxwpbookmark,medium
+  tags: cve,wordpress,wp-plugin,cbxwpbookmark,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51516-3fa1d19f6ab4b3b413035e0d19283cea.yaml b/nuclei-templates/2023/CVE-2023-51516-3fa1d19f6ab4b3b413035e0d19283cea.yaml
index a67bc2624b..a2391b6246 100644
--- a/nuclei-templates/2023/CVE-2023-51516-3fa1d19f6ab4b3b413035e0d19283cea.yaml
+++ b/nuclei-templates/2023/CVE-2023-51516-3fa1d19f6ab4b3b413035e0d19283cea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Business Directory Plugin <= 6.3.9 - Missing Authorization via dispatch
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'dispatch' function in versions up to, and including, 6.3.9. This makes it possible for authenticated attackers, with contributor-level access and above, to delete listings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/business-directory-plugin/"
     google-query: inurl:"/wp-content/plugins/business-directory-plugin/"
     shodan-query: 'vuln:CVE-2023-51516'
-  tags: cve,wordpress,wp-plugin,business-directory-plugin,medium
+  tags: cve,wordpress,wp-plugin,business-directory-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51517-13cb55c1f508982488cee2289cc6f8a4.yaml b/nuclei-templates/2023/CVE-2023-51517-13cb55c1f508982488cee2289cc6f8a4.yaml
index 7f8f1055bd..6583ff11dc 100644
--- a/nuclei-templates/2023/CVE-2023-51517-13cb55c1f508982488cee2289cc6f8a4.yaml
+++ b/nuclei-templates/2023/CVE-2023-51517-13cb55c1f508982488cee2289cc6f8a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calculated Fields Form <= 1.2.28 - Authenticated (Contributor+) Open Redirect via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Calculated Fields Form plugin for WordPress is vulnerable to Open Redirect via the plugin's shortcode(s) in all versions up to 1.2.29 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to redirect users when they visit an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calculated-fields-form/"
     google-query: inurl:"/wp-content/plugins/calculated-fields-form/"
     shodan-query: 'vuln:CVE-2023-51517'
-  tags: cve,wordpress,wp-plugin,calculated-fields-form,medium
+  tags: cve,wordpress,wp-plugin,calculated-fields-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51519-6360ed6ca296565a491121426d09e439.yaml b/nuclei-templates/2023/CVE-2023-51519-6360ed6ca296565a491121426d09e439.yaml
index eb6936937d..abf9cbb4ce 100644
--- a/nuclei-templates/2023/CVE-2023-51519-6360ed6ca296565a491121426d09e439.yaml
+++ b/nuclei-templates/2023/CVE-2023-51519-6360ed6ca296565a491121426d09e439.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider by Soliloquy <= 2.7.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slider by Soliloquy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a function in versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to view draft slider data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/soliloquy-lite/"
     google-query: inurl:"/wp-content/plugins/soliloquy-lite/"
     shodan-query: 'vuln:CVE-2023-51519'
-  tags: cve,wordpress,wp-plugin,soliloquy-lite,medium
+  tags: cve,wordpress,wp-plugin,soliloquy-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51520-a720a32e95724b99f716e58fddc9c585.yaml b/nuclei-templates/2023/CVE-2023-51520-a720a32e95724b99f716e58fddc9c585.yaml
index 64740927b2..59e8284c7d 100644
--- a/nuclei-templates/2023/CVE-2023-51520-a720a32e95724b99f716e58fddc9c585.yaml
+++ b/nuclei-templates/2023/CVE-2023-51520-a720a32e95724b99f716e58fddc9c585.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Calendar <= 9.7.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 9.7.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking/"
     google-query: inurl:"/wp-content/plugins/booking/"
     shodan-query: 'vuln:CVE-2023-51520'
-  tags: cve,wordpress,wp-plugin,booking,medium
+  tags: cve,wordpress,wp-plugin,booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51523-7afdbaf504234dadcc9587b5a57a9cbb.yaml b/nuclei-templates/2023/CVE-2023-51523-7afdbaf504234dadcc9587b5a57a9cbb.yaml
index bf4ff348fa..3420c60e6a 100644
--- a/nuclei-templates/2023/CVE-2023-51523-7afdbaf504234dadcc9587b5a57a9cbb.yaml
+++ b/nuclei-templates/2023/CVE-2023-51523-7afdbaf504234dadcc9587b5a57a9cbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Easy Duplicate Product <= 0.3.0.7 - Missing Authorization via wedp_duplicate_product_action
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Easy Duplicate Product plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wedp_duplicate_product_action() function hooked via AJAX in versions up to, and including, 0.3.0.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate products.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-easy-duplicate-product/"
     google-query: inurl:"/wp-content/plugins/woo-easy-duplicate-product/"
     shodan-query: 'vuln:CVE-2023-51523'
-  tags: cve,wordpress,wp-plugin,woo-easy-duplicate-product,medium
+  tags: cve,wordpress,wp-plugin,woo-easy-duplicate-product,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51524-20aadb46b84139edf712ada2a54996af.yaml b/nuclei-templates/2023/CVE-2023-51524-20aadb46b84139edf712ada2a54996af.yaml
index b1cdb9ebc8..b5b883ef40 100644
--- a/nuclei-templates/2023/CVE-2023-51524-20aadb46b84139edf712ada2a54996af.yaml
+++ b/nuclei-templates/2023/CVE-2023-51524-20aadb46b84139edf712ada2a54996af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     weForms <= 1.6.18 - Missing Authorization via export_form_entries
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The weForms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_form_entries' function in versions up to, and including, 1.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to export form entries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weforms/"
     google-query: inurl:"/wp-content/plugins/weforms/"
     shodan-query: 'vuln:CVE-2023-51524'
-  tags: cve,wordpress,wp-plugin,weforms,medium
+  tags: cve,wordpress,wp-plugin,weforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51526-7d02fb68117844792850ad968e93d6a6.yaml b/nuclei-templates/2023/CVE-2023-51526-7d02fb68117844792850ad968e93d6a6.yaml
index 46f47fdb2c..3eebfbed7e 100644
--- a/nuclei-templates/2023/CVE-2023-51526-7d02fb68117844792850ad968e93d6a6.yaml
+++ b/nuclei-templates/2023/CVE-2023-51526-7d02fb68117844792850ad968e93d6a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Staff List <= 2.2.4 - Missing Authorization via ajax_flush_rewrite_rules and staff_member_export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Staff List plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the ajax_flush_rewrite_rules and staff_member_export functions in versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to flush rewrite rules and export a list of staff members.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-staff-list/"
     google-query: inurl:"/wp-content/plugins/simple-staff-list/"
     shodan-query: 'vuln:CVE-2023-51526'
-  tags: cve,wordpress,wp-plugin,simple-staff-list,medium
+  tags: cve,wordpress,wp-plugin,simple-staff-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51527-e9e7f1f63804b5a7bd339f4d7bcd16e9.yaml b/nuclei-templates/2023/CVE-2023-51527-e9e7f1f63804b5a7bd339f4d7bcd16e9.yaml
index 11645e4e6f..2faa634081 100644
--- a/nuclei-templates/2023/CVE-2023-51527-e9e7f1f63804b5a7bd339f4d7bcd16e9.yaml
+++ b/nuclei-templates/2023/CVE-2023-51527-e9e7f1f63804b5a7bd339f4d7bcd16e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI Power: Complete AI Pack – Powered by GPT-4 <= 1.8.1 - Missing Authorization to Sensitive Data Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AI Power: Complete AI Pack – Powered by GPT-4 plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_export_logs_callback() function in all versions up to, and including, 1.8.2. This makes it possible for unauthenticated attackers to export the plugin's logs which may contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gpt3-ai-content-generator/"
     google-query: inurl:"/wp-content/plugins/gpt3-ai-content-generator/"
     shodan-query: 'vuln:CVE-2023-51527'
-  tags: cve,wordpress,wp-plugin,gpt3-ai-content-generator,medium
+  tags: cve,wordpress,wp-plugin,gpt3-ai-content-generator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51532-88a06d86ce607df4ff6b1b9039ea93cb.yaml b/nuclei-templates/2023/CVE-2023-51532-88a06d86ce607df4ff6b1b9039ea93cb.yaml
index 636dced1fc..a22aea2d79 100644
--- a/nuclei-templates/2023/CVE-2023-51532-88a06d86ce607df4ff6b1b9039ea93cb.yaml
+++ b/nuclei-templates/2023/CVE-2023-51532-88a06d86ce607df4ff6b1b9039ea93cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram <= 3.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Message
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Icegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the campaign message field in versions up to, and including, 3.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icegram/"
     google-query: inurl:"/wp-content/plugins/icegram/"
     shodan-query: 'vuln:CVE-2023-51532'
-  tags: cve,wordpress,wp-plugin,icegram,medium
+  tags: cve,wordpress,wp-plugin,icegram,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51534-997d1000e8574991f2c13cb7aa2ef7b7.yaml b/nuclei-templates/2023/CVE-2023-51534-997d1000e8574991f2c13cb7aa2ef7b7.yaml
index 58b0abe2f0..294b6cea0b 100644
--- a/nuclei-templates/2023/CVE-2023-51534-997d1000e8574991f2c13cb7aa2ef7b7.yaml
+++ b/nuclei-templates/2023/CVE-2023-51534-997d1000e8574991f2c13cb7aa2ef7b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brave Popup Builder <= 0.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brave-popup-builder/"
     google-query: inurl:"/wp-content/plugins/brave-popup-builder/"
     shodan-query: 'vuln:CVE-2023-51534'
-  tags: cve,wordpress,wp-plugin,brave-popup-builder,medium
+  tags: cve,wordpress,wp-plugin,brave-popup-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51536-f99e157b145b06140fa576ea488dbce3.yaml b/nuclei-templates/2023/CVE-2023-51536-f99e157b145b06140fa576ea488dbce3.yaml
index a3c6424a1a..473b75bb96 100644
--- a/nuclei-templates/2023/CVE-2023-51536-f99e157b145b06140fa576ea488dbce3.yaml
+++ b/nuclei-templates/2023/CVE-2023-51536-f99e157b145b06140fa576ea488dbce3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CRM Perks Forms <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CRM Perks Forms – WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on the label field. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crm-perks-forms/"
     google-query: inurl:"/wp-content/plugins/crm-perks-forms/"
     shodan-query: 'vuln:CVE-2023-51536'
-  tags: cve,wordpress,wp-plugin,crm-perks-forms,medium
+  tags: cve,wordpress,wp-plugin,crm-perks-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51537-b6e9ca61c7913b93778f0505c3d8b45b.yaml b/nuclei-templates/2023/CVE-2023-51537-b6e9ca61c7913b93778f0505c3d8b45b.yaml
index 0aca47a055..cc85d90cb6 100644
--- a/nuclei-templates/2023/CVE-2023-51537-b6e9ca61c7913b93778f0505c3d8b45b.yaml
+++ b/nuclei-templates/2023/CVE-2023-51537-b6e9ca61c7913b93778f0505c3d8b45b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support <= 6.1.5 - Missing Authorization via wpas_load_reply_history
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Awesome Support plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpas_load_reply_history function in versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to load reply history.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2023-51537'
-  tags: cve,wordpress,wp-plugin,awesome-support,medium
+  tags: cve,wordpress,wp-plugin,awesome-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51541-389e4423679f1c467a852761b85f3cfd.yaml b/nuclei-templates/2023/CVE-2023-51541-389e4423679f1c467a852761b85f3cfd.yaml
index 0808e15d12..e58ed75f59 100644
--- a/nuclei-templates/2023/CVE-2023-51541-389e4423679f1c467a852761b85f3cfd.yaml
+++ b/nuclei-templates/2023/CVE-2023-51541-389e4423679f1c467a852761b85f3cfd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stock Ticker <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scritping
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stock-ticker/"
     google-query: inurl:"/wp-content/plugins/stock-ticker/"
     shodan-query: 'vuln:CVE-2023-51541'
-  tags: cve,wordpress,wp-plugin,stock-ticker,medium
+  tags: cve,wordpress,wp-plugin,stock-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51545-27d8b6ae177490f4dc5980ca233d4dfe.yaml b/nuclei-templates/2023/CVE-2023-51545-27d8b6ae177490f4dc5980ca233d4dfe.yaml
index 4a724ced1f..f5267dcd5f 100644
--- a/nuclei-templates/2023/CVE-2023-51545-27d8b6ae177490f4dc5980ca233d4dfe.yaml
+++ b/nuclei-templates/2023/CVE-2023-51545-27d8b6ae177490f4dc5980ca233d4dfe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Job Manager & Career – Manage job board listings, and recruitments <= 1.4.4 - Cross-Site Request Forgery to PHP Object Injection
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Job Manager & Career – Manage job board listings, and recruitments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the save_plugin_settings() function. This makes it possible for unauthenticated attackers to update the plugins settings and perform deserialization that can be leveraged for RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-manager-career/"
     google-query: inurl:"/wp-content/plugins/job-manager-career/"
     shodan-query: 'vuln:CVE-2023-51545'
-  tags: cve,wordpress,wp-plugin,job-manager-career,high
+  tags: cve,wordpress,wp-plugin,job-manager-career,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51546-b658c34d6189136c251e0b8d8e225774.yaml b/nuclei-templates/2023/CVE-2023-51546-b658c34d6189136c251e0b8d8e225774.yaml
index 3794b4a71f..012d5e5f6c 100644
--- a/nuclei-templates/2023/CVE-2023-51546-b658c34d6189136c251e0b8d8e225774.yaml
+++ b/nuclei-templates/2023/CVE-2023-51546-b658c34d6189136c251e0b8d8e225774.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce PDF Invoices <= 4.2.1 - Authenticated(Shop Manager+) Arbitrary Options Update via JSON Import
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to arbitrary options updates via the JSON import functionality in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Shop Manager access and above, to update arbitrary site options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-51546'
-  tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51547-239bba6a118f3c2dcf8340e2790b882b.yaml b/nuclei-templates/2023/CVE-2023-51547-239bba6a118f3c2dcf8340e2790b882b.yaml
index ec5dd9891a..17a4a244e6 100644
--- a/nuclei-templates/2023/CVE-2023-51547-239bba6a118f3c2dcf8340e2790b882b.yaml
+++ b/nuclei-templates/2023/CVE-2023-51547-239bba6a118f3c2dcf8340e2790b882b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fluent Support <= 1.7.6 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.7.7 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluent-support/"
     google-query: inurl:"/wp-content/plugins/fluent-support/"
     shodan-query: 'vuln:CVE-2023-51547'
-  tags: cve,wordpress,wp-plugin,fluent-support,medium
+  tags: cve,wordpress,wp-plugin,fluent-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51548-5644317bfa18cf11b8235cb40790b4ed.yaml b/nuclei-templates/2023/CVE-2023-51548-5644317bfa18cf11b8235cb40790b4ed.yaml
index 46b48d70c4..1093885714 100644
--- a/nuclei-templates/2023/CVE-2023-51548-5644317bfa18cf11b8235cb40790b4ed.yaml
+++ b/nuclei-templates/2023/CVE-2023-51548-5644317bfa18cf11b8235cb40790b4ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SlickNav Mobile Menu <= 1.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SlickNav Mobile Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slicknav-mobile-menu/"
     google-query: inurl:"/wp-content/plugins/slicknav-mobile-menu/"
     shodan-query: 'vuln:CVE-2023-51548'
-  tags: cve,wordpress,wp-plugin,slicknav-mobile-menu,medium
+  tags: cve,wordpress,wp-plugin,slicknav-mobile-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5161-cc4b9c34f1deaedc9df4457eb9089929.yaml b/nuclei-templates/2023/CVE-2023-5161-cc4b9c34f1deaedc9df4457eb9089929.yaml
index f49637bd30..eec955ff09 100644
--- a/nuclei-templates/2023/CVE-2023-5161-cc4b9c34f1deaedc9df4457eb9089929.yaml
+++ b/nuclei-templates/2023/CVE-2023-5161-cc4b9c34f1deaedc9df4457eb9089929.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modal-window/"
     google-query: inurl:"/wp-content/plugins/modal-window/"
     shodan-query: 'vuln:CVE-2023-5161'
-  tags: cve,wordpress,wp-plugin,modal-window,medium
+  tags: cve,wordpress,wp-plugin,modal-window,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5162-0aceb58e1789a00f8987ade1ad5f4576.yaml b/nuclei-templates/2023/CVE-2023-5162-0aceb58e1789a00f8987ade1ad5f4576.yaml
index f32495fcf0..a0b5d31bbb 100644
--- a/nuclei-templates/2023/CVE-2023-5162-0aceb58e1789a00f8987ade1ad5f4576.yaml
+++ b/nuclei-templates/2023/CVE-2023-5162-0aceb58e1789a00f8987ade1ad5f4576.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Options for Twenty Seventeen <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/options-for-twenty-seventeen/"
     google-query: inurl:"/wp-content/plugins/options-for-twenty-seventeen/"
     shodan-query: 'vuln:CVE-2023-5162'
-  tags: cve,wordpress,wp-plugin,options-for-twenty-seventeen,medium
+  tags: cve,wordpress,wp-plugin,options-for-twenty-seventeen,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5163-f48e8a5fbf1e696f1cc387a7e678c77c.yaml b/nuclei-templates/2023/CVE-2023-5163-f48e8a5fbf1e696f1cc387a7e678c77c.yaml
index 3befaaf9f4..06ab61a291 100644
--- a/nuclei-templates/2023/CVE-2023-5163-f48e8a5fbf1e696f1cc387a7e678c77c.yaml
+++ b/nuclei-templates/2023/CVE-2023-5163-f48e8a5fbf1e696f1cc387a7e678c77c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weather Atlas Widget <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weather-atlas/"
     google-query: inurl:"/wp-content/plugins/weather-atlas/"
     shodan-query: 'vuln:CVE-2023-5163'
-  tags: cve,wordpress,wp-plugin,weather-atlas,medium
+  tags: cve,wordpress,wp-plugin,weather-atlas,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5164-a2e597896da84d8e5ead12576f9d50bb.yaml b/nuclei-templates/2023/CVE-2023-5164-a2e597896da84d8e5ead12576f9d50bb.yaml
index cd67e20fad..864401bcc6 100644
--- a/nuclei-templates/2023/CVE-2023-5164-a2e597896da84d8e5ead12576f9d50bb.yaml
+++ b/nuclei-templates/2023/CVE-2023-5164-a2e597896da84d8e5ead12576f9d50bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bellows Accordion Menu <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bellows-accordion-menu/"
     google-query: inurl:"/wp-content/plugins/bellows-accordion-menu/"
     shodan-query: 'vuln:CVE-2023-5164'
-  tags: cve,wordpress,wp-plugin,bellows-accordion-menu,medium
+  tags: cve,wordpress,wp-plugin,bellows-accordion-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51666-a1b975d388fb5bea73a488037353b7d6.yaml b/nuclei-templates/2023/CVE-2023-51666-a1b975d388fb5bea73a488037353b7d6.yaml
index 4ead8c1d10..d53c64ebc9 100644
--- a/nuclei-templates/2023/CVE-2023-51666-a1b975d388fb5bea73a488037353b7d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-51666-a1b975d388fb5bea73a488037353b7d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Related Post <= 2.0.53 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Related Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.0.53 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/related-post/"
     google-query: inurl:"/wp-content/plugins/related-post/"
     shodan-query: 'vuln:CVE-2023-51666'
-  tags: cve,wordpress,wp-plugin,related-post,medium
+  tags: cve,wordpress,wp-plugin,related-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51669-e4183cf6c320dd4a4188939a38d36eca.yaml b/nuclei-templates/2023/CVE-2023-51669-e4183cf6c320dd4a4188939a38d36eca.yaml
index c46ae815fa..997c9d64f8 100644
--- a/nuclei-templates/2023/CVE-2023-51669-e4183cf6c320dd4a4188939a38d36eca.yaml
+++ b/nuclei-templates/2023/CVE-2023-51669-e4183cf6c320dd4a4188939a38d36eca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Code for WooCommerce <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product Code for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-code-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/product-code-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-51669'
-  tags: cve,wordpress,wp-plugin,product-code-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,product-code-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51670-211b4e2e29da3a6c7a3f6f46fc11c764.yaml b/nuclei-templates/2023/CVE-2023-51670-211b4e2e29da3a6c7a3f6f46fc11c764.yaml
index 70d6182f29..49291262d3 100644
--- a/nuclei-templates/2023/CVE-2023-51670-211b4e2e29da3a6c7a3f6f46fc11c764.yaml
+++ b/nuclei-templates/2023/CVE-2023-51670-211b4e2e29da3a6c7a3f6f46fc11c764.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FunnelKit Checkout <= 3.10.3 - Authenticated(Subscriber+) Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FunnelKit Checkout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 3.10.3. This makes it possible for authenticated attackers, with subscriber access and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woofunnels-aero-checkout/"
     google-query: inurl:"/wp-content/plugins/woofunnels-aero-checkout/"
     shodan-query: 'vuln:CVE-2023-51670'
-  tags: cve,wordpress,wp-plugin,woofunnels-aero-checkout,medium
+  tags: cve,wordpress,wp-plugin,woofunnels-aero-checkout,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51671-a3e402dfd0b7363889b8931013656dea.yaml b/nuclei-templates/2023/CVE-2023-51671-a3e402dfd0b7363889b8931013656dea.yaml
index f7bf005fd8..79237d9c58 100644
--- a/nuclei-templates/2023/CVE-2023-51671-a3e402dfd0b7363889b8931013656dea.yaml
+++ b/nuclei-templates/2023/CVE-2023-51671-a3e402dfd0b7363889b8931013656dea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FunnelKit Checkout <= 3.10.3 - Authenticated(Subscriber+) Missing Authorization to Settings Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FunnelKit Checkout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 3.10.3. This makes it possible for authenticated attackers, with subscriber access and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woofunnels-aero-checkout/"
     google-query: inurl:"/wp-content/plugins/woofunnels-aero-checkout/"
     shodan-query: 'vuln:CVE-2023-51671'
-  tags: cve,wordpress,wp-plugin,woofunnels-aero-checkout,medium
+  tags: cve,wordpress,wp-plugin,woofunnels-aero-checkout,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51673-1162e5c3375a29dda16c38290874b6a7.yaml b/nuclei-templates/2023/CVE-2023-51673-1162e5c3375a29dda16c38290874b6a7.yaml
index e04c4b2329..54bf2f235c 100644
--- a/nuclei-templates/2023/CVE-2023-51673-1162e5c3375a29dda16c38290874b6a7.yaml
+++ b/nuclei-templates/2023/CVE-2023-51673-1162e5c3375a29dda16c38290874b6a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stylish Price List <= 7.0.17 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Stylish Price List plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on multiple functions in versions up to, and including, 7.0.17. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate and delete price lists.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stylish-price-list/"
     google-query: inurl:"/wp-content/plugins/stylish-price-list/"
     shodan-query: 'vuln:CVE-2023-51673'
-  tags: cve,wordpress,wp-plugin,stylish-price-list,medium
+  tags: cve,wordpress,wp-plugin,stylish-price-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51674-3b7a2e7b6f89f58e23d11ffebc1efd41.yaml b/nuclei-templates/2023/CVE-2023-51674-3b7a2e7b6f89f58e23d11ffebc1efd41.yaml
index 6917345ad0..8a19328de1 100644
--- a/nuclei-templates/2023/CVE-2023-51674-3b7a2e7b6f89f58e23d11ffebc1efd41.yaml
+++ b/nuclei-templates/2023/CVE-2023-51674-3b7a2e7b6f89f58e23d11ffebc1efd41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Access Manager <= 6.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Access Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-access-manager/"
     google-query: inurl:"/wp-content/plugins/advanced-access-manager/"
     shodan-query: 'vuln:CVE-2023-51674'
-  tags: cve,wordpress,wp-plugin,advanced-access-manager,medium
+  tags: cve,wordpress,wp-plugin,advanced-access-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51675-1cbbbacebab6eafbabdd1ea3e6ed8c33.yaml b/nuclei-templates/2023/CVE-2023-51675-1cbbbacebab6eafbabdd1ea3e6ed8c33.yaml
index 52eaa3e203..b693532320 100644
--- a/nuclei-templates/2023/CVE-2023-51675-1cbbbacebab6eafbabdd1ea3e6ed8c33.yaml
+++ b/nuclei-templates/2023/CVE-2023-51675-1cbbbacebab6eafbabdd1ea3e6ed8c33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Access Manager <= 6.9.18 - Authenticated (Author+) Open Redirect
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.9.18. This is due to insufficient validation on the redirect url supplied via params->redirect parameter. This makes it possible for authenticated attackers (author and higher) to redirect users to potentially malicious sites if they can successfully trick them into performing an action such as logging in.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-access-manager/"
     google-query: inurl:"/wp-content/plugins/advanced-access-manager/"
     shodan-query: 'vuln:CVE-2023-51675'
-  tags: cve,wordpress,wp-plugin,advanced-access-manager,medium
+  tags: cve,wordpress,wp-plugin,advanced-access-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51677-157cdd8bc992e58c6e6f6337bc97b4c2.yaml b/nuclei-templates/2023/CVE-2023-51677-157cdd8bc992e58c6e6f6337bc97b4c2.yaml
index e37b07515b..fc0741445f 100644
--- a/nuclei-templates/2023/CVE-2023-51677-157cdd8bc992e58c6e6f6337bc97b4c2.yaml
+++ b/nuclei-templates/2023/CVE-2023-51677-157cdd8bc992e58c6e6f6337bc97b4c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schema & Structured Data for WP & AMP <= 1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/schema-and-structured-data-for-wp/"
     google-query: inurl:"/wp-content/plugins/schema-and-structured-data-for-wp/"
     shodan-query: 'vuln:CVE-2023-51677'
-  tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,medium
+  tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51678-5e9722517850435a4c6751ba68e3f182.yaml b/nuclei-templates/2023/CVE-2023-51678-5e9722517850435a4c6751ba68e3f182.yaml
index 63fdbc16ff..631a027c52 100644
--- a/nuclei-templates/2023/CVE-2023-51678-5e9722517850435a4c6751ba68e3f182.yaml
+++ b/nuclei-templates/2023/CVE-2023-51678-5e9722517850435a4c6751ba68e3f182.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Doofinder for WooCommerce <= 2.0.33 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Doofinder for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'doofinder_reset_credentials' and 'doofinder_force_update_on_save' anonymous AJAX functions in versions up to, and including, 2.0.33. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset credentials and modify the update on save settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/doofinder-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/doofinder-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-51678'
-  tags: cve,wordpress,wp-plugin,doofinder-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,doofinder-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51679-9cbc81546b21a100994e807b3ec7d261.yaml b/nuclei-templates/2023/CVE-2023-51679-9cbc81546b21a100994e807b3ec7d261.yaml
index 3e8a096cfc..3e5fdd4f8d 100644
--- a/nuclei-templates/2023/CVE-2023-51679-9cbc81546b21a100994e807b3ec7d261.yaml
+++ b/nuclei-templates/2023/CVE-2023-51679-9cbc81546b21a100994e807b3ec7d261.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BulkGate SMS Plugin for WooCommerce <= 3.0.2 - Missing Authorization via Multiple AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BulkGate SMS Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to save module settings among other actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woosms-sms-module-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/woosms-sms-module-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-51679'
-  tags: cve,wordpress,wp-plugin,woosms-sms-module-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woosms-sms-module-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51680-24df3873e0b9065e19944f2b69074a09.yaml b/nuclei-templates/2023/CVE-2023-51680-24df3873e0b9065e19944f2b69074a09.yaml
index 6333ebba15..712238e8e3 100644
--- a/nuclei-templates/2023/CVE-2023-51680-24df3873e0b9065e19944f2b69074a09.yaml
+++ b/nuclei-templates/2023/CVE-2023-51680-24df3873e0b9065e19944f2b69074a09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quotes for WooCommerce <= 2.0.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quotes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the qwc_update_status() and qwc_send_quote() functions hooked via AJAX in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify quote status and send quotes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quotes-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/quotes-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-51680'
-  tags: cve,wordpress,wp-plugin,quotes-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,quotes-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51682-be854f0427cbc7550be4b51c5093b09f.yaml b/nuclei-templates/2023/CVE-2023-51682-be854f0427cbc7550be4b51c5093b09f.yaml
index a0dc2d69eb..2562d721a6 100644
--- a/nuclei-templates/2023/CVE-2023-51682-be854f0427cbc7550be4b51c5093b09f.yaml
+++ b/nuclei-templates/2023/CVE-2023-51682-be854f0427cbc7550be4b51c5093b09f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MC4WP <= 4.9.9 - Missing Authorization via listen
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MC4WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'listen' function in versions up to, and including, 4.9.9. This makes it possible for unauthenticated attackers to preview unpublished forms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-for-wp/"
     google-query: inurl:"/wp-content/plugins/mailchimp-for-wp/"
     shodan-query: 'vuln:CVE-2023-51682'
-  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51684-a21c37325364d975a3c7e649a4cca551.yaml b/nuclei-templates/2023/CVE-2023-51684-a21c37325364d975a3c7e649a4cca551.yaml
index c870f99147..e30ee6e859 100644
--- a/nuclei-templates/2023/CVE-2023-51684-a21c37325364d975a3c7e649a4cca551.yaml
+++ b/nuclei-templates/2023/CVE-2023-51684-a21c37325364d975a3c7e649a4cca551.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads <= 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Digital Downloads plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-digital-downloads/"
     google-query: inurl:"/wp-content/plugins/easy-digital-downloads/"
     shodan-query: 'vuln:CVE-2023-51684'
-  tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium
+  tags: cve,wordpress,wp-plugin,easy-digital-downloads,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51685-a6734b6686a1620a7fb5250d66545fe3.yaml b/nuclei-templates/2023/CVE-2023-51685-a6734b6686a1620a7fb5250d66545fe3.yaml
index d1db0562bd..600b7bc4e3 100644
--- a/nuclei-templates/2023/CVE-2023-51685-a6734b6686a1620a7fb5250d66545fe3.yaml
+++ b/nuclei-templates/2023/CVE-2023-51685-a6734b6686a1620a7fb5250d66545fe3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Review Slider <= 12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-facebook-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-facebook-reviews/"
     shodan-query: 'vuln:CVE-2023-51685'
-  tags: cve,wordpress,wp-plugin,wp-facebook-reviews,medium
+  tags: cve,wordpress,wp-plugin,wp-facebook-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51689-b2f775a90d3415bc2313e385ff781703.yaml b/nuclei-templates/2023/CVE-2023-51689-b2f775a90d3415bc2313e385ff781703.yaml
index 6752921098..90cfd5f93b 100644
--- a/nuclei-templates/2023/CVE-2023-51689-b2f775a90d3415bc2313e385ff781703.yaml
+++ b/nuclei-templates/2023/CVE-2023-51689-b2f775a90d3415bc2313e385ff781703.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Video Player <= 1.2.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level acccess and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-video-player/"
     google-query: inurl:"/wp-content/plugins/easy-video-player/"
     shodan-query: 'vuln:CVE-2023-51689'
-  tags: cve,wordpress,wp-plugin,easy-video-player,medium
+  tags: cve,wordpress,wp-plugin,easy-video-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51691-bb1322086ee5fb78a847811248987555.yaml b/nuclei-templates/2023/CVE-2023-51691-bb1322086ee5fb78a847811248987555.yaml
index c9da626ca9..13fb3e9ec5 100644
--- a/nuclei-templates/2023/CVE-2023-51691-bb1322086ee5fb78a847811248987555.yaml
+++ b/nuclei-templates/2023/CVE-2023-51691-bb1322086ee5fb78a847811248987555.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDiscuz <= 7.6.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.6.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdiscuz/"
     google-query: inurl:"/wp-content/plugins/wpdiscuz/"
     shodan-query: 'vuln:CVE-2023-51691'
-  tags: cve,wordpress,wp-plugin,wpdiscuz,medium
+  tags: cve,wordpress,wp-plugin,wpdiscuz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51692-704e8a4e646ad70dffa4b5a4a231b7e5.yaml b/nuclei-templates/2023/CVE-2023-51692-704e8a4e646ad70dffa4b5a4a231b7e5.yaml
index 2110e0d272..ac2d588adf 100644
--- a/nuclei-templates/2023/CVE-2023-51692-704e8a4e646ad70dffa4b5a4a231b7e5.yaml
+++ b/nuclei-templates/2023/CVE-2023-51692-704e8a4e646ad70dffa4b5a4a231b7e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Reviews for WooCommerce <= 5.38.1 - Missing Authorization via CR_Manual
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in the 'CR_Manual' class versions up to, and including, 5.38.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send manual review reminders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-reviews-woocommerce/"
     google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/"
     shodan-query: 'vuln:CVE-2023-51692'
-  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51693-2317e44c2f1aa246df478fdf378e128f.yaml b/nuclei-templates/2023/CVE-2023-51693-2317e44c2f1aa246df478fdf378e128f.yaml
index 4b259b8bdd..150c39b8a7 100644
--- a/nuclei-templates/2023/CVE-2023-51693-2317e44c2f1aa246df478fdf378e128f.yaml
+++ b/nuclei-templates/2023/CVE-2023-51693-2317e44c2f1aa246df478fdf378e128f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Themify Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-icons/"
     google-query: inurl:"/wp-content/plugins/themify-icons/"
     shodan-query: 'vuln:CVE-2023-51693'
-  tags: cve,wordpress,wp-plugin,themify-icons,medium
+  tags: cve,wordpress,wp-plugin,themify-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-51695-f3431b49cff580f3171934059274a2a5.yaml b/nuclei-templates/2023/CVE-2023-51695-f3431b49cff580f3171934059274a2a5.yaml
index 6b1af4d447..5e38ad611d 100644
--- a/nuclei-templates/2023/CVE-2023-51695-f3431b49cff580f3171934059274a2a5.yaml
+++ b/nuclei-templates/2023/CVE-2023-51695-f3431b49cff580f3171934059274a2a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Everest Forms <= 2.0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Everest Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/everest-forms/"
     google-query: inurl:"/wp-content/plugins/everest-forms/"
     shodan-query: 'vuln:CVE-2023-51695'
-  tags: cve,wordpress,wp-plugin,everest-forms,medium
+  tags: cve,wordpress,wp-plugin,everest-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5177-902c45e06d6e22c072a9fbbf19901e92.yaml b/nuclei-templates/2023/CVE-2023-5177-902c45e06d6e22c072a9fbbf19901e92.yaml
index 42b6997c8f..1a77a26202 100644
--- a/nuclei-templates/2023/CVE-2023-5177-902c45e06d6e22c072a9fbbf19901e92.yaml
+++ b/nuclei-templates/2023/CVE-2023-5177-902c45e06d6e22c072a9fbbf19901e92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vrm 360 3D Model Viewer <= 1.2.1 - Authenticated(Subscriber+) Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Vrm 360 3D Model Viewer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.1 via the plugin's shortcode. This can allow authenticated attackers to extract sensitive data including the full path of the filesystem.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vrm360/"
     google-query: inurl:"/wp-content/plugins/vrm360/"
     shodan-query: 'vuln:CVE-2023-5177'
-  tags: cve,wordpress,wp-plugin,vrm360,medium
+  tags: cve,wordpress,wp-plugin,vrm360,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5181-9f99c3916170112c6519a28e2f1378e6.yaml b/nuclei-templates/2023/CVE-2023-5181-9f99c3916170112c6519a28e2f1378e6.yaml
index 11a14a211d..75fee1500e 100644
--- a/nuclei-templates/2023/CVE-2023-5181-9f99c3916170112c6519a28e2f1378e6.yaml
+++ b/nuclei-templates/2023/CVE-2023-5181-9f99c3916170112c6519a28e2f1378e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Discord Invite <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Discord Invite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-discord-invite/"
     google-query: inurl:"/wp-content/plugins/wp-discord-invite/"
     shodan-query: 'vuln:CVE-2023-5181'
-  tags: cve,wordpress,wp-plugin,wp-discord-invite,medium
+  tags: cve,wordpress,wp-plugin,wp-discord-invite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5199-ae8fa6f84b5149157cb1430a27dde4d8.yaml b/nuclei-templates/2023/CVE-2023-5199-ae8fa6f84b5149157cb1430a27dde4d8.yaml
index 3e9a65de2e..e565c748d0 100644
--- a/nuclei-templates/2023/CVE-2023-5199-ae8fa6f84b5149157cb1430a27dde4d8.yaml
+++ b/nuclei-templates/2023/CVE-2023-5199-ae8fa6f84b5149157cb1430a27dde4d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/php-to-page/"
     google-query: inurl:"/wp-content/plugins/php-to-page/"
     shodan-query: 'vuln:CVE-2023-5199'
-  tags: cve,wordpress,wp-plugin,php-to-page,critical
+  tags: cve,wordpress,wp-plugin,php-to-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5200-d7435fb5e236cc613a20b63eff30b011.yaml b/nuclei-templates/2023/CVE-2023-5200-d7435fb5e236cc613a20b63eff30b011.yaml
index b977c4d27b..284b9f43fa 100644
--- a/nuclei-templates/2023/CVE-2023-5200-d7435fb5e236cc613a20b63eff30b011.yaml
+++ b/nuclei-templates/2023/CVE-2023-5200-d7435fb5e236cc613a20b63eff30b011.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     flowpaper <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flowpaper-lite-pdf-flipbook/"
     google-query: inurl:"/wp-content/plugins/flowpaper-lite-pdf-flipbook/"
     shodan-query: 'vuln:CVE-2023-5200'
-  tags: cve,wordpress,wp-plugin,flowpaper-lite-pdf-flipbook,medium
+  tags: cve,wordpress,wp-plugin,flowpaper-lite-pdf-flipbook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5201-a514048fb251bf33fbe7f38a2147dc40.yaml b/nuclei-templates/2023/CVE-2023-5201-a514048fb251bf33fbe7f38a2147dc40.yaml
index 42f708ba78..090e32e334 100644
--- a/nuclei-templates/2023/CVE-2023-5201-a514048fb251bf33fbe7f38a2147dc40.yaml
+++ b/nuclei-templates/2023/CVE-2023-5201-a514048fb251bf33fbe7f38a2147dc40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OpenHook <= 4.3.0 - Authenticated (Subscriber+) Remote Code Execution via Shortcode
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thesis-openhook/"
     google-query: inurl:"/wp-content/plugins/thesis-openhook/"
     shodan-query: 'vuln:CVE-2023-5201'
-  tags: cve,wordpress,wp-plugin,thesis-openhook,critical
+  tags: cve,wordpress,wp-plugin,thesis-openhook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5205-e958f1600aa0e32635d67ccd172b77c5.yaml b/nuclei-templates/2023/CVE-2023-5205-e958f1600aa0e32635d67ccd172b77c5.yaml
index a725eb84ca..c5c84a6e29 100644
--- a/nuclei-templates/2023/CVE-2023-5205-e958f1600aa0e32635d67ccd172b77c5.yaml
+++ b/nuclei-templates/2023/CVE-2023-5205-e958f1600aa0e32635d67ccd172b77c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Custom Body Class <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-custom-body-class/"
     google-query: inurl:"/wp-content/plugins/add-custom-body-class/"
     shodan-query: 'vuln:CVE-2023-5205'
-  tags: cve,wordpress,wp-plugin,add-custom-body-class,medium
+  tags: cve,wordpress,wp-plugin,add-custom-body-class,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5209-9fa7c4fbd0089213898129a94fb855e3.yaml b/nuclei-templates/2023/CVE-2023-5209-9fa7c4fbd0089213898129a94fb855e3.yaml
index 734eb7ef77..f49325865e 100644
--- a/nuclei-templates/2023/CVE-2023-5209-9fa7c4fbd0089213898129a94fb855e3.yaml
+++ b/nuclei-templates/2023/CVE-2023-5209-9fa7c4fbd0089213898129a94fb855e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Online Booking and Scheduling Plugin – Bookly <= 22.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 22.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/"
     google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/"
     shodan-query: 'vuln:CVE-2023-5209'
-  tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,medium
+  tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52117-639feb49244de37ebd2501828b79541b.yaml b/nuclei-templates/2023/CVE-2023-52117-639feb49244de37ebd2501828b79541b.yaml
index b19832fd44..bdd1b52724 100644
--- a/nuclei-templates/2023/CVE-2023-52117-639feb49244de37ebd2501828b79541b.yaml
+++ b/nuclei-templates/2023/CVE-2023-52117-639feb49244de37ebd2501828b79541b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid  <= 5.6.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ProfileGrid  plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 5.6.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2023-52117'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52118-af96d1868fb4ef94535942e6a7a96e89.yaml b/nuclei-templates/2023/CVE-2023-52118-af96d1868fb4ef94535942e6a7a96e89.yaml
index b409bb4f8f..cc663d5501 100644
--- a/nuclei-templates/2023/CVE-2023-52118-af96d1868fb4ef94535942e6a7a96e89.yaml
+++ b/nuclei-templates/2023/CVE-2023-52118-af96d1868fb4ef94535942e6a7a96e89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Profile Avatar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP User Profile Avatar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-profile-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-profile-avatar/"
     shodan-query: 'vuln:CVE-2023-52118'
-  tags: cve,wordpress,wp-plugin,wp-user-profile-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-profile-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5212-5d770457008ba85c2ccd6a7b3ee7247f.yaml b/nuclei-templates/2023/CVE-2023-5212-5d770457008ba85c2ccd6a7b3ee7247f.yaml
index 3aadeeb328..ac007d3a0b 100644
--- a/nuclei-templates/2023/CVE-2023-5212-5d770457008ba85c2ccd6a7b3ee7247f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5212-5d770457008ba85c2ccd6a7b3ee7247f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI ChatBot <= 4.8.9  and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-5212'
-  tags: cve,wordpress,wp-plugin,chatbot,critical
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52124-e835818e3176559c0f65d870084d0fe9.yaml b/nuclei-templates/2023/CVE-2023-52124-e835818e3176559c0f65d870084d0fe9.yaml
index 38e41fe5d1..62ac71a842 100644
--- a/nuclei-templates/2023/CVE-2023-52124-e835818e3176559c0f65d870084d0fe9.yaml
+++ b/nuclei-templates/2023/CVE-2023-52124-e835818e3176559c0f65d870084d0fe9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Tabs <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Tabs – Responsive Tabs Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-expand-tabs-free/"
     google-query: inurl:"/wp-content/plugins/wp-expand-tabs-free/"
     shodan-query: 'vuln:CVE-2023-52124'
-  tags: cve,wordpress,wp-plugin,wp-expand-tabs-free,medium
+  tags: cve,wordpress,wp-plugin,wp-expand-tabs-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52125-f282e15c376140f7b66d206f8f96f3e6.yaml b/nuclei-templates/2023/CVE-2023-52125-f282e15c376140f7b66d206f8f96f3e6.yaml
index 5db9d4da85..ec13d5b706 100644
--- a/nuclei-templates/2023/CVE-2023-52125-f282e15c376140f7b66d206f8f96f3e6.yaml
+++ b/nuclei-templates/2023/CVE-2023-52125-f282e15c376140f7b66d206f8f96f3e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iFrame <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via srcdoc
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the srcdoc parameter in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Since the malicious JS is limited to the scope of the iframe, there is no practical way to steal admin cookies or sessions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iframe/"
     google-query: inurl:"/wp-content/plugins/iframe/"
     shodan-query: 'vuln:CVE-2023-52125'
-  tags: cve,wordpress,wp-plugin,iframe,medium
+  tags: cve,wordpress,wp-plugin,iframe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52131-02e1028b272d28de63335e7341b29e10.yaml b/nuclei-templates/2023/CVE-2023-52131-02e1028b272d28de63335e7341b29e10.yaml
index 7349603766..1830549e4d 100644
--- a/nuclei-templates/2023/CVE-2023-52131-02e1028b272d28de63335e7341b29e10.yaml
+++ b/nuclei-templates/2023/CVE-2023-52131-02e1028b272d28de63335e7341b29e10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Generator <= 1.7.1 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Generator plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.7.2 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-generator/"
     google-query: inurl:"/wp-content/plugins/page-generator/"
     shodan-query: 'vuln:CVE-2023-52131'
-  tags: cve,wordpress,wp-plugin,page-generator,medium
+  tags: cve,wordpress,wp-plugin,page-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52132-bc021f50f994b63de0e089ca7983044c.yaml b/nuclei-templates/2023/CVE-2023-52132-bc021f50f994b63de0e089ca7983044c.yaml
index e2f1f898e6..60a14ced45 100644
--- a/nuclei-templates/2023/CVE-2023-52132-bc021f50f994b63de0e089ca7983044c.yaml
+++ b/nuclei-templates/2023/CVE-2023-52132-bc021f50f994b63de0e089ca7983044c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Adminify <= 3.1.6 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Adminify plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 3.1.7 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adminify/"
     google-query: inurl:"/wp-content/plugins/adminify/"
     shodan-query: 'vuln:CVE-2023-52132'
-  tags: cve,wordpress,wp-plugin,adminify,medium
+  tags: cve,wordpress,wp-plugin,adminify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52133-9cd32e924e90d865dad41a30260e1347.yaml b/nuclei-templates/2023/CVE-2023-52133-9cd32e924e90d865dad41a30260e1347.yaml
index cbef4da7b7..70bc41db7b 100644
--- a/nuclei-templates/2023/CVE-2023-52133-9cd32e924e90d865dad41a30260e1347.yaml
+++ b/nuclei-templates/2023/CVE-2023-52133-9cd32e924e90d865dad41a30260e1347.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Most And Least Read Posts Widget <=2.5.16 - Authenticated(Contributor+) SQL Injection via Widget settings
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Most And Least Read Posts Widget plugin for WordPress is vulnerable to SQL Injection via the widget settings in all versions up to 2.5.17 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/most-and-least-read-posts-widget/"
     google-query: inurl:"/wp-content/plugins/most-and-least-read-posts-widget/"
     shodan-query: 'vuln:CVE-2023-52133'
-  tags: cve,wordpress,wp-plugin,most-and-least-read-posts-widget,high
+  tags: cve,wordpress,wp-plugin,most-and-least-read-posts-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52134-9764fa1268021fb445ed7c1cafd9a12b.yaml b/nuclei-templates/2023/CVE-2023-52134-9764fa1268021fb445ed7c1cafd9a12b.yaml
index 57ac5a1963..133c2e9830 100644
--- a/nuclei-templates/2023/CVE-2023-52134-9764fa1268021fb445ed7c1cafd9a12b.yaml
+++ b/nuclei-templates/2023/CVE-2023-52134-9764fa1268021fb445ed7c1cafd9a12b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GEO my WordPress <= 4.0.2 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GEO my WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to 4.0.3 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geo-my-wp/"
     google-query: inurl:"/wp-content/plugins/geo-my-wp/"
     shodan-query: 'vuln:CVE-2023-52134'
-  tags: cve,wordpress,wp-plugin,geo-my-wp,medium
+  tags: cve,wordpress,wp-plugin,geo-my-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52135-b4ff9a96de0f409f95e972962d7a3e6d.yaml b/nuclei-templates/2023/CVE-2023-52135-b4ff9a96de0f409f95e972962d7a3e6d.yaml
index 0d8965f13c..da2b20097a 100644
--- a/nuclei-templates/2023/CVE-2023-52135-b4ff9a96de0f409f95e972962d7a3e6d.yaml
+++ b/nuclei-templates/2023/CVE-2023-52135-b4ff9a96de0f409f95e972962d7a3e6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WS Form LITE <= 1.9.170 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.9.171 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ws-form/"
     google-query: inurl:"/wp-content/plugins/ws-form/"
     shodan-query: 'vuln:CVE-2023-52135'
-  tags: cve,wordpress,wp-plugin,ws-form,medium
+  tags: cve,wordpress,wp-plugin,ws-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52142-803648dc94dbeaf482d25b8433d5ee7f.yaml b/nuclei-templates/2023/CVE-2023-52142-803648dc94dbeaf482d25b8433d5ee7f.yaml
index 8459ac8d45..a0a569765f 100644
--- a/nuclei-templates/2023/CVE-2023-52142-803648dc94dbeaf482d25b8433d5ee7f.yaml
+++ b/nuclei-templates/2023/CVE-2023-52142-803648dc94dbeaf482d25b8433d5ee7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Shortcodes & Templates For The Events Calendar <= 2.3.1 - Authenticated (Contributor+) SQL Injection via shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Events Shortcodes & Templates For The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 2.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/template-events-calendar/"
     google-query: inurl:"/wp-content/plugins/template-events-calendar/"
     shodan-query: 'vuln:CVE-2023-52142'
-  tags: cve,wordpress,wp-plugin,template-events-calendar,high
+  tags: cve,wordpress,wp-plugin,template-events-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52175-2e0473e7d7a7731e63b2d6908a232799.yaml b/nuclei-templates/2023/CVE-2023-52175-2e0473e7d7a7731e63b2d6908a232799.yaml
index a23cc8d001..a5bcc5ec0d 100644
--- a/nuclei-templates/2023/CVE-2023-52175-2e0473e7d7a7731e63b2d6908a232799.yaml
+++ b/nuclei-templates/2023/CVE-2023-52175-2e0473e7d7a7731e63b2d6908a232799.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Amazon Links <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amazon-auto-links/"
     google-query: inurl:"/wp-content/plugins/amazon-auto-links/"
     shodan-query: 'vuln:CVE-2023-52175'
-  tags: cve,wordpress,wp-plugin,amazon-auto-links,medium
+  tags: cve,wordpress,wp-plugin,amazon-auto-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52177-cf6efc26f721b1dd6c09ef244ad0a9a5.yaml b/nuclei-templates/2023/CVE-2023-52177-cf6efc26f721b1dd6c09ef244ad0a9a5.yaml
index 7bf68b95c8..e533da2d48 100644
--- a/nuclei-templates/2023/CVE-2023-52177-cf6efc26f721b1dd6c09ef244ad0a9a5.yaml
+++ b/nuclei-templates/2023/CVE-2023-52177-cf6efc26f721b1dd6c09ef244ad0a9a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Integrate Google Drive <= 1.3.3 - Missing Authorization via save_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integrate-google-drive/"
     google-query: inurl:"/wp-content/plugins/integrate-google-drive/"
     shodan-query: 'vuln:CVE-2023-52177'
-  tags: cve,wordpress,wp-plugin,integrate-google-drive,medium
+  tags: cve,wordpress,wp-plugin,integrate-google-drive,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52178-78aa7f4c0fd135cd902e3c93c245e07f.yaml b/nuclei-templates/2023/CVE-2023-52178-78aa7f4c0fd135cd902e3c93c245e07f.yaml
index c550dd1353..93180a469d 100644
--- a/nuclei-templates/2023/CVE-2023-52178-78aa7f4c0fd135cd902e3c93c245e07f.yaml
+++ b/nuclei-templates/2023/CVE-2023-52178-78aa7f4c0fd135cd902e3c93c245e07f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Affiliate Disclosure <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via $id
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Affiliate Disclosure plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $id variable in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-affiliate-disclosure/"
     google-query: inurl:"/wp-content/plugins/wp-affiliate-disclosure/"
     shodan-query: 'vuln:CVE-2023-52178'
-  tags: cve,wordpress,wp-plugin,wp-affiliate-disclosure,medium
+  tags: cve,wordpress,wp-plugin,wp-affiliate-disclosure,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52180-dafddc9bea1e241db1766d412621b738.yaml b/nuclei-templates/2023/CVE-2023-52180-dafddc9bea1e241db1766d412621b738.yaml
index 5053365cb3..a392e3cf54 100644
--- a/nuclei-templates/2023/CVE-2023-52180-dafddc9bea1e241db1766d412621b738.yaml
+++ b/nuclei-templates/2023/CVE-2023-52180-dafddc9bea1e241db1766d412621b738.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 - Authenticated(Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress is vulnerable to SQL Injection via the ‘order’ and 'orderby' parameters in all versions up to 8.1.1 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zip-recipes/"
     google-query: inurl:"/wp-content/plugins/zip-recipes/"
     shodan-query: 'vuln:CVE-2023-52180'
-  tags: cve,wordpress,wp-plugin,zip-recipes,high
+  tags: cve,wordpress,wp-plugin,zip-recipes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52182-6f4ecb36b96c9dd745bf20e36b1a7043.yaml b/nuclei-templates/2023/CVE-2023-52182-6f4ecb36b96c9dd745bf20e36b1a7043.yaml
index 5097f84970..9736166425 100644
--- a/nuclei-templates/2023/CVE-2023-52182-6f4ecb36b96c9dd745bf20e36b1a7043.yaml
+++ b/nuclei-templates/2023/CVE-2023-52182-6f4ecb36b96c9dd745bf20e36b1a7043.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARI Stream Quiz <= 1.3.0 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ARI Stream Quiz – WordPress Quizzes Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor access or higher to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ari-stream-quiz/"
     google-query: inurl:"/wp-content/plugins/ari-stream-quiz/"
     shodan-query: 'vuln:CVE-2023-52182'
-  tags: cve,wordpress,wp-plugin,ari-stream-quiz,high
+  tags: cve,wordpress,wp-plugin,ari-stream-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52186-85987e7f67f649cd4fc002f1b0337124.yaml b/nuclei-templates/2023/CVE-2023-52186-85987e7f67f649cd4fc002f1b0337124.yaml
index cbb3d57c6d..cf0605425c 100644
--- a/nuclei-templates/2023/CVE-2023-52186-85987e7f67f649cd4fc002f1b0337124.yaml
+++ b/nuclei-templates/2023/CVE-2023-52186-85987e7f67f649cd4fc002f1b0337124.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Product Vendors <= 2.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-vendors/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-vendors/"
     shodan-query: 'vuln:CVE-2023-52186'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52189-9f41ca20cf9aa5ad6ef84f69ddb6f680.yaml b/nuclei-templates/2023/CVE-2023-52189-9f41ca20cf9aa5ad6ef84f69ddb6f680.yaml
index d0d10706a7..b756e1ec1a 100644
--- a/nuclei-templates/2023/CVE-2023-52189-9f41ca20cf9aa5ad6ef84f69ddb6f680.yaml
+++ b/nuclei-templates/2023/CVE-2023-52189-9f41ca20cf9aa5ad6ef84f69ddb6f680.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ideal Interactive Map <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ideal Interactive Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ideal-interactive-map/"
     google-query: inurl:"/wp-content/plugins/ideal-interactive-map/"
     shodan-query: 'vuln:CVE-2023-52189'
-  tags: cve,wordpress,wp-plugin,ideal-interactive-map,medium
+  tags: cve,wordpress,wp-plugin,ideal-interactive-map,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52191-b0923245191ee8b19827587a90615915.yaml b/nuclei-templates/2023/CVE-2023-52191-b0923245191ee8b19827587a90615915.yaml
index 69d247260a..3bed7f1f54 100644
--- a/nuclei-templates/2023/CVE-2023-52191-b0923245191ee8b19827587a90615915.yaml
+++ b/nuclei-templates/2023/CVE-2023-52191-b0923245191ee8b19827587a90615915.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Infogram <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Infogram plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/infogram/"
     google-query: inurl:"/wp-content/plugins/infogram/"
     shodan-query: 'vuln:CVE-2023-52191'
-  tags: cve,wordpress,wp-plugin,infogram,medium
+  tags: cve,wordpress,wp-plugin,infogram,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52192-3c962311490d35eba5d44b2a55482b65.yaml b/nuclei-templates/2023/CVE-2023-52192-3c962311490d35eba5d44b2a55482b65.yaml
index 162d49cf69..eb1d19683a 100644
--- a/nuclei-templates/2023/CVE-2023-52192-3c962311490d35eba5d44b2a55482b65.yaml
+++ b/nuclei-templates/2023/CVE-2023-52192-3c962311490d35eba5d44b2a55482b65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/infusionsoft-official-opt-in-forms/"
     google-query: inurl:"/wp-content/plugins/infusionsoft-official-opt-in-forms/"
     shodan-query: 'vuln:CVE-2023-52192'
-  tags: cve,wordpress,wp-plugin,infusionsoft-official-opt-in-forms,medium
+  tags: cve,wordpress,wp-plugin,infusionsoft-official-opt-in-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52193-99586092e2e0a8d37b070fc12b9ea29f.yaml b/nuclei-templates/2023/CVE-2023-52193-99586092e2e0a8d37b070fc12b9ea29f.yaml
index 3b7be338fa..b6ba056cf8 100644
--- a/nuclei-templates/2023/CVE-2023-52193-99586092e2e0a8d37b070fc12b9ea29f.yaml
+++ b/nuclei-templates/2023/CVE-2023-52193-99586092e2e0a8d37b070fc12b9ea29f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: Live Composer <= 1.5.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder: Live Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 1.5.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/live-composer-page-builder/"
     google-query: inurl:"/wp-content/plugins/live-composer-page-builder/"
     shodan-query: 'vuln:CVE-2023-52193'
-  tags: cve,wordpress,wp-plugin,live-composer-page-builder,medium
+  tags: cve,wordpress,wp-plugin,live-composer-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52194-d5fb85be1bce7f68e1b15520cd177f7a.yaml b/nuclei-templates/2023/CVE-2023-52194-d5fb85be1bce7f68e1b15520cd177f7a.yaml
index 350705b5db..3609220c4b 100644
--- a/nuclei-templates/2023/CVE-2023-52194-d5fb85be1bce7f68e1b15520cd177f7a.yaml
+++ b/nuclei-templates/2023/CVE-2023-52194-d5fb85be1bce7f68e1b15520cd177f7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     oEmbed Gist <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The oEmbed Gist plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oembed-gist/"
     google-query: inurl:"/wp-content/plugins/oembed-gist/"
     shodan-query: 'vuln:CVE-2023-52194'
-  tags: cve,wordpress,wp-plugin,oembed-gist,medium
+  tags: cve,wordpress,wp-plugin,oembed-gist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52195-f4bf91007a25d09c25ce2d7dd70ab2fa.yaml b/nuclei-templates/2023/CVE-2023-52195-f4bf91007a25d09c25ce2d7dd70ab2fa.yaml
index 6742fb90de..f7dff5e5e3 100644
--- a/nuclei-templates/2023/CVE-2023-52195-f4bf91007a25d09c25ce2d7dd70ab2fa.yaml
+++ b/nuclei-templates/2023/CVE-2023-52195-f4bf91007a25d09c25ce2d7dd70ab2fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Posts to Page <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Posts to Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/posts-to-page/"
     google-query: inurl:"/wp-content/plugins/posts-to-page/"
     shodan-query: 'vuln:CVE-2023-52195'
-  tags: cve,wordpress,wp-plugin,posts-to-page,medium
+  tags: cve,wordpress,wp-plugin,posts-to-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52197-d53d7fc7db0d940484e982ea2d1a452b.yaml b/nuclei-templates/2023/CVE-2023-52197-d53d7fc7db0d940484e982ea2d1a452b.yaml
index 0e75609bf0..e7d66334c0 100644
--- a/nuclei-templates/2023/CVE-2023-52197-d53d7fc7db0d940484e982ea2d1a452b.yaml
+++ b/nuclei-templates/2023/CVE-2023-52197-d53d7fc7db0d940484e982ea2d1a452b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ads Invalid Click Protection <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ads Invalid Click Protection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ads-invalid-click-protection/"
     google-query: inurl:"/wp-content/plugins/ads-invalid-click-protection/"
     shodan-query: 'vuln:CVE-2023-52197'
-  tags: cve,wordpress,wp-plugin,ads-invalid-click-protection,medium
+  tags: cve,wordpress,wp-plugin,ads-invalid-click-protection,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52198-9e0ed51792e9270a576ac0d1dc550b71.yaml b/nuclei-templates/2023/CVE-2023-52198-9e0ed51792e9270a576ac0d1dc550b71.yaml
index a6a61f46dc..1c380857a6 100644
--- a/nuclei-templates/2023/CVE-2023-52198-9e0ed51792e9270a576ac0d1dc550b71.yaml
+++ b/nuclei-templates/2023/CVE-2023-52198-9e0ed51792e9270a576ac0d1dc550b71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Private Google Calendars <= 20231125 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Private Google Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 20231125 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/private-google-calendars/"
     google-query: inurl:"/wp-content/plugins/private-google-calendars/"
     shodan-query: 'vuln:CVE-2023-52198'
-  tags: cve,wordpress,wp-plugin,private-google-calendars,medium
+  tags: cve,wordpress,wp-plugin,private-google-calendars,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52199-ec1e17ee6b9dff2a9b24906383f33988.yaml b/nuclei-templates/2023/CVE-2023-52199-ec1e17ee6b9dff2a9b24906383f33988.yaml
index 07ffc34020..11cb1e48c2 100644
--- a/nuclei-templates/2023/CVE-2023-52199-ec1e17ee6b9dff2a9b24906383f33988.yaml
+++ b/nuclei-templates/2023/CVE-2023-52199-ec1e17ee6b9dff2a9b24906383f33988.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ActivityPub <= 1.0.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ActivityPub plugin for WordPress is vulnerable to unauthorized access of data due to a unsufficient authorization checks on two REST routes in versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to call those endpoints.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activitypub/"
     google-query: inurl:"/wp-content/plugins/activitypub/"
     shodan-query: 'vuln:CVE-2023-52199'
-  tags: cve,wordpress,wp-plugin,activitypub,medium
+  tags: cve,wordpress,wp-plugin,activitypub,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52201-bc684639838d61cf579a672d96063b79.yaml b/nuclei-templates/2023/CVE-2023-52201-bc684639838d61cf579a672d96063b79.yaml
index f3ca98e34a..66c87ba091 100644
--- a/nuclei-templates/2023/CVE-2023-52201-bc684639838d61cf579a672d96063b79.yaml
+++ b/nuclei-templates/2023/CVE-2023-52201-bc684639838d61cf579a672d96063b79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     pTypeConverter <= 0.2.8.1 - Authenticated (Editor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The pTypeConverter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.2.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ptypeconverter/"
     google-query: inurl:"/wp-content/plugins/ptypeconverter/"
     shodan-query: 'vuln:CVE-2023-52201'
-  tags: cve,wordpress,wp-plugin,ptypeconverter,high
+  tags: cve,wordpress,wp-plugin,ptypeconverter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52202-bd39f2dcd48837d67c4b40b69f78df98.yaml b/nuclei-templates/2023/CVE-2023-52202-bd39f2dcd48837d67c4b40b69f78df98.yaml
index 47175c2768..8f80c018b8 100644
--- a/nuclei-templates/2023/CVE-2023-52202-bd39f2dcd48837d67c4b40b69f78df98.yaml
+++ b/nuclei-templates/2023/CVE-2023-52202-bd39f2dcd48837d67c4b40b69f78df98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML5 MP3 Player with Folder Feedburner <= 2.8.0 - Authenticated (Author+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The HTML5 MP3 Player with Folder Feedburner Playlist Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.8.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-mp3-player-with-mp3-folder-feedburner-playlist/"
     google-query: inurl:"/wp-content/plugins/html5-mp3-player-with-mp3-folder-feedburner-playlist/"
     shodan-query: 'vuln:CVE-2023-52202'
-  tags: cve,wordpress,wp-plugin,html5-mp3-player-with-mp3-folder-feedburner-playlist,high
+  tags: cve,wordpress,wp-plugin,html5-mp3-player-with-mp3-folder-feedburner-playlist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52203-746dbfeca03bdbf3d2fc4d83e4a0ed40.yaml b/nuclei-templates/2023/CVE-2023-52203-746dbfeca03bdbf3d2fc4d83e4a0ed40.yaml
index c6416a162d..da9791b883 100644
--- a/nuclei-templates/2023/CVE-2023-52203-746dbfeca03bdbf3d2fc4d83e4a0ed40.yaml
+++ b/nuclei-templates/2023/CVE-2023-52203-746dbfeca03bdbf3d2fc4d83e4a0ed40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CformsII <= 15.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The cformsII plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 15.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cforms2/"
     google-query: inurl:"/wp-content/plugins/cforms2/"
     shodan-query: 'vuln:CVE-2023-52203'
-  tags: cve,wordpress,wp-plugin,cforms2,medium
+  tags: cve,wordpress,wp-plugin,cforms2,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52204-2c6114a75a15d3b058a7dc1004291c25.yaml b/nuclei-templates/2023/CVE-2023-52204-2c6114a75a15d3b058a7dc1004291c25.yaml
index 6f6a2e1a8a..8f2cb47d3a 100644
--- a/nuclei-templates/2023/CVE-2023-52204-2c6114a75a15d3b058a7dc1004291c25.yaml
+++ b/nuclei-templates/2023/CVE-2023-52204-2c6114a75a15d3b058a7dc1004291c25.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Randomize <= 1.4.3 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Randomize plugin for WordPress is vulnerable toSQL Injection in versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/randomize/"
     google-query: inurl:"/wp-content/plugins/randomize/"
     shodan-query: 'vuln:CVE-2023-52204'
-  tags: cve,wordpress,wp-plugin,randomize,high
+  tags: cve,wordpress,wp-plugin,randomize,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52205-c00b8bf14565edfcbae67925492b03f1.yaml b/nuclei-templates/2023/CVE-2023-52205-c00b8bf14565edfcbae67925492b03f1.yaml
index 42d127b0c7..13af37f438 100644
--- a/nuclei-templates/2023/CVE-2023-52205-c00b8bf14565edfcbae67925492b03f1.yaml
+++ b/nuclei-templates/2023/CVE-2023-52205-c00b8bf14565edfcbae67925492b03f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML5 SoundCloud Player <= 2.8.0 - Authenticated (Author+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The HTML5 SoundCloud Player with Playlist Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.8.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-soundcloud-player-with-playlist/"
     google-query: inurl:"/wp-content/plugins/html5-soundcloud-player-with-playlist/"
     shodan-query: 'vuln:CVE-2023-52205'
-  tags: cve,wordpress,wp-plugin,html5-soundcloud-player-with-playlist,high
+  tags: cve,wordpress,wp-plugin,html5-soundcloud-player-with-playlist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52206-130eab166dc7b7692723d0cf797df7b0.yaml b/nuclei-templates/2023/CVE-2023-52206-130eab166dc7b7692723d0cf797df7b0.yaml
index 82e4bb2cc2..72be792054 100644
--- a/nuclei-templates/2023/CVE-2023-52206-130eab166dc7b7692723d0cf797df7b0.yaml
+++ b/nuclei-templates/2023/CVE-2023-52206-130eab166dc7b7692723d0cf797df7b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: Live Composer <= 1.5.25 -  Authenticated (Author+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Page Builder: Live Composer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.25 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/live-composer-page-builder/"
     google-query: inurl:"/wp-content/plugins/live-composer-page-builder/"
     shodan-query: 'vuln:CVE-2023-52206'
-  tags: cve,wordpress,wp-plugin,live-composer-page-builder,high
+  tags: cve,wordpress,wp-plugin,live-composer-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52207-0df580dacb0df6a2ca5f274d2d7147c5.yaml b/nuclei-templates/2023/CVE-2023-52207-0df580dacb0df6a2ca5f274d2d7147c5.yaml
index a218b951b5..907194fbe5 100644
--- a/nuclei-templates/2023/CVE-2023-52207-0df580dacb0df6a2ca5f274d2d7147c5.yaml
+++ b/nuclei-templates/2023/CVE-2023-52207-0df580dacb0df6a2ca5f274d2d7147c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML5 MP3 Player with Playlist Free <= 3.0.0 - Authenticated (Author+) PHP Object Injecton
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The HTML5 MP3 Player with Playlist Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-mp3-player-with-playlist/"
     google-query: inurl:"/wp-content/plugins/html5-mp3-player-with-playlist/"
     shodan-query: 'vuln:CVE-2023-52207'
-  tags: cve,wordpress,wp-plugin,html5-mp3-player-with-playlist,high
+  tags: cve,wordpress,wp-plugin,html5-mp3-player-with-playlist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52210-84ccfe3dbfa257fc01b0e4c65174ef35.yaml b/nuclei-templates/2023/CVE-2023-52210-84ccfe3dbfa257fc01b0e4c65174ef35.yaml
index e8d84ee199..556de24432 100644
--- a/nuclei-templates/2023/CVE-2023-52210-84ccfe3dbfa257fc01b0e4c65174ef35.yaml
+++ b/nuclei-templates/2023/CVE-2023-52210-84ccfe3dbfa257fc01b0e4c65174ef35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Delivery Date for WooCommerce – Lite <= 2.7.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the prdd_delete_all_special_delivery() function in versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to delete special deliveries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-delivery-date-for-woocommerce-lite/"
     google-query: inurl:"/wp-content/plugins/product-delivery-date-for-woocommerce-lite/"
     shodan-query: 'vuln:CVE-2023-52210'
-  tags: cve,wordpress,wp-plugin,product-delivery-date-for-woocommerce-lite,medium
+  tags: cve,wordpress,wp-plugin,product-delivery-date-for-woocommerce-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52211-ab18ce3ab5c885047a8f794ed3023e87.yaml b/nuclei-templates/2023/CVE-2023-52211-ab18ce3ab5c885047a8f794ed3023e87.yaml
index 2043000222..15e0283932 100644
--- a/nuclei-templates/2023/CVE-2023-52211-ab18ce3ab5c885047a8f794ed3023e87.yaml
+++ b/nuclei-templates/2023/CVE-2023-52211-ab18ce3ab5c885047a8f794ed3023e87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Job Manager <= 2.0.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Job Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rest route associated with the update_job_status function in versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to update job statuses.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-job-manager/"
     google-query: inurl:"/wp-content/plugins/wp-job-manager/"
     shodan-query: 'vuln:CVE-2023-52211'
-  tags: cve,wordpress,wp-plugin,wp-job-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-job-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52214-0a3c0452d5847fbc8bf97c2978948097.yaml b/nuclei-templates/2023/CVE-2023-52214-0a3c0452d5847fbc8bf97c2978948097.yaml
index 462d2f55e1..e561afc439 100644
--- a/nuclei-templates/2023/CVE-2023-52214-0a3c0452d5847fbc8bf97c2978948097.yaml
+++ b/nuclei-templates/2023/CVE-2023-52214-0a3c0452d5847fbc8bf97c2978948097.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Void Contact Form 7 Widget For Elementor Page Builder <= 2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions in the /helper/helper.php file in versions up to, and including, 2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices and retrieve contact form data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-widget-elementor/"
     google-query: inurl:"/wp-content/plugins/cf7-widget-elementor/"
     shodan-query: 'vuln:CVE-2023-52214'
-  tags: cve,wordpress,wp-plugin,cf7-widget-elementor,medium
+  tags: cve,wordpress,wp-plugin,cf7-widget-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52217-8f3437550e10d6083b697e38767da0b0.yaml b/nuclei-templates/2023/CVE-2023-52217-8f3437550e10d6083b697e38767da0b0.yaml
index e28c4e0a7f..d19f804ef8 100644
--- a/nuclei-templates/2023/CVE-2023-52217-8f3437550e10d6083b697e38767da0b0.yaml
+++ b/nuclei-templates/2023/CVE-2023-52217-8f3437550e10d6083b697e38767da0b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Conversion Tracking <= 2.0.11 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Conversion Tracking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-conversion-tracking/"
     google-query: inurl:"/wp-content/plugins/woocommerce-conversion-tracking/"
     shodan-query: 'vuln:CVE-2023-52217'
-  tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52219-3ddf708feedcea3e47167b185d508195.yaml b/nuclei-templates/2023/CVE-2023-52219-3ddf708feedcea3e47167b185d508195.yaml
index 5374015cc2..f315f4ea21 100644
--- a/nuclei-templates/2023/CVE-2023-52219-3ddf708feedcea3e47167b185d508195.yaml
+++ b/nuclei-templates/2023/CVE-2023-52219-3ddf708feedcea3e47167b185d508195.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gecka Terms Thumbnails <= 1.1 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Gecka Terms Thumbnails plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gecka-terms-thumbnails/"
     google-query: inurl:"/wp-content/plugins/gecka-terms-thumbnails/"
     shodan-query: 'vuln:CVE-2023-52219'
-  tags: cve,wordpress,wp-plugin,gecka-terms-thumbnails,high
+  tags: cve,wordpress,wp-plugin,gecka-terms-thumbnails,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52220-6589f8f5c2b9c61e1e02d46bf871ed81.yaml b/nuclei-templates/2023/CVE-2023-52220-6589f8f5c2b9c61e1e02d46bf871ed81.yaml
index ad9fa4b81c..868becafab 100644
--- a/nuclei-templates/2023/CVE-2023-52220-6589f8f5c2b9c61e1e02d46bf871ed81.yaml
+++ b/nuclei-templates/2023/CVE-2023-52220-6589f8f5c2b9c61e1e02d46bf871ed81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Analytics by Monster Insights <= 8.21.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Google Analytics by Monster Insights plugin for WordPress is vulnerable to unauthorized access  due to a missing capability check  in versions up to, and including, 8.21.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-52220'
-  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52224-b6ad60014841f75188893319dd4470b9.yaml b/nuclei-templates/2023/CVE-2023-52224-b6ad60014841f75188893319dd4470b9.yaml
index aa54a3aa69..95b1ec1668 100644
--- a/nuclei-templates/2023/CVE-2023-52224-b6ad60014841f75188893319dd4470b9.yaml
+++ b/nuclei-templates/2023/CVE-2023-52224-b6ad60014841f75188893319dd4470b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Revolut Gateway for WooCommerce <= 4.9.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the wc_revolut_clear_records and wc_revolut_onboard_applepay_domain functions in versions up to, and including, 4.9.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear records and trigger applepay onboarding.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/revolut-gateway-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/revolut-gateway-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-52224'
-  tags: cve,wordpress,wp-plugin,revolut-gateway-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,revolut-gateway-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52227-88cd9d196e2b824c736badcdf2c60486.yaml b/nuclei-templates/2023/CVE-2023-52227-88cd9d196e2b824c736badcdf2c60486.yaml
index bc2d7a0205..f3cea913e4 100644
--- a/nuclei-templates/2023/CVE-2023-52227-88cd9d196e2b824c736badcdf2c60486.yaml
+++ b/nuclei-templates/2023/CVE-2023-52227-88cd9d196e2b824c736badcdf2c60486.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailerLite – WooCommerce integration <= 2.0.8 - Missing Authorization via Multiple Functions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MailerLite – WooCommerce integration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-mailerlite/"
     google-query: inurl:"/wp-content/plugins/woo-mailerlite/"
     shodan-query: 'vuln:CVE-2023-52227'
-  tags: cve,wordpress,wp-plugin,woo-mailerlite,medium
+  tags: cve,wordpress,wp-plugin,woo-mailerlite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52228-843511a1c7a253d8815f1011e5416ca7.yaml b/nuclei-templates/2023/CVE-2023-52228-843511a1c7a253d8815f1011e5416ca7.yaml
index 5dd8222aee..63018125a8 100644
--- a/nuclei-templates/2023/CVE-2023-52228-843511a1c7a253d8815f1011e5416ca7.yaml
+++ b/nuclei-templates/2023/CVE-2023-52228-843511a1c7a253d8815f1011e5416ca7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beds24 Online Booking <= 2.0.24 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beds24-online-booking/"
     google-query: inurl:"/wp-content/plugins/beds24-online-booking/"
     shodan-query: 'vuln:CVE-2023-52228'
-  tags: cve,wordpress,wp-plugin,beds24-online-booking,medium
+  tags: cve,wordpress,wp-plugin,beds24-online-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52229-ca80be8d82d9f4b7b474971b5f658d56.yaml b/nuclei-templates/2023/CVE-2023-52229-ca80be8d82d9f4b7b474971b5f658d56.yaml
index c4f4ab9a09..2a14ec55b9 100644
--- a/nuclei-templates/2023/CVE-2023-52229-ca80be8d82d9f4b7b474971b5f658d56.yaml
+++ b/nuclei-templates/2023/CVE-2023-52229-ca80be8d82d9f4b7b474971b5f658d56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Word Replacer Pro <= 1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/word-replacer-ultra/"
     google-query: inurl:"/wp-content/plugins/word-replacer-ultra/"
     shodan-query: 'vuln:CVE-2023-52229'
-  tags: cve,wordpress,wp-plugin,word-replacer-ultra,medium
+  tags: cve,wordpress,wp-plugin,word-replacer-ultra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52230-672dfc933502a4edaa8116764ba522b6.yaml b/nuclei-templates/2023/CVE-2023-52230-672dfc933502a4edaa8116764ba522b6.yaml
index 7103ab5c90..9e68e72869 100644
--- a/nuclei-templates/2023/CVE-2023-52230-672dfc933502a4edaa8116764ba522b6.yaml
+++ b/nuclei-templates/2023/CVE-2023-52230-672dfc933502a4edaa8116764ba522b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster Plus for WooCommerce < 7.1.3 - Missing Authorization to Arbitrary Options Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.3 (exclusive). This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary WordPress option values.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-52230'
-  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52231-1fe649382158471b98650df856d70fee.yaml b/nuclei-templates/2023/CVE-2023-52231-1fe649382158471b98650df856d70fee.yaml
index 7cc1b5074c..1efe6a781d 100644
--- a/nuclei-templates/2023/CVE-2023-52231-1fe649382158471b98650df856d70fee.yaml
+++ b/nuclei-templates/2023/CVE-2023-52231-1fe649382158471b98650df856d70fee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with susbcriber-level access and above, to access arbitrary order information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-52231'
-  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52232-0927d29209569b3fa6ca414e42a83816.yaml b/nuclei-templates/2023/CVE-2023-52232-0927d29209569b3fa6ca414e42a83816.yaml
index 7e4d4072ae..fd035cd48d 100644
--- a/nuclei-templates/2023/CVE-2023-52232-0927d29209569b3fa6ca414e42a83816.yaml
+++ b/nuclei-templates/2023/CVE-2023-52232-0927d29209569b3fa6ca414e42a83816.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Arbitrary Page/Post Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary pages and posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-52232'
-  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-52234-2b5138240155c353b3e1835e93054ec3.yaml b/nuclei-templates/2023/CVE-2023-52234-2b5138240155c353b3e1835e93054ec3.yaml
index fd9be1a586..79579a423d 100644
--- a/nuclei-templates/2023/CVE-2023-52234-2b5138240155c353b3e1835e93054ec3.yaml
+++ b/nuclei-templates/2023/CVE-2023-52234-2b5138240155c353b3e1835e93054ec3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster Elite for WooCommerce < 7.1.2 -  Missing Authorization to Order Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booster Elite for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with subscriber-level access and above, to view arbitrary order information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-52234'
-  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5228-5a06b4b0b81af48987e3d90166388572.yaml b/nuclei-templates/2023/CVE-2023-5228-5a06b4b0b81af48987e3d90166388572.yaml
index 6b6fd21e2e..5ea7cd59bb 100644
--- a/nuclei-templates/2023/CVE-2023-5228-5a06b4b0b81af48987e3d90166388572.yaml
+++ b/nuclei-templates/2023/CVE-2023-5228-5a06b4b0b81af48987e3d90166388572.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration – Custom Registration Form, Login Form And User Profile For WordPress <= 3.0.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-registration/"
     google-query: inurl:"/wp-content/plugins/user-registration/"
     shodan-query: 'vuln:CVE-2023-5228'
-  tags: cve,wordpress,wp-plugin,user-registration,medium
+  tags: cve,wordpress,wp-plugin,user-registration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5229-4c337287b3ea29b58d22de863f5e59bf.yaml b/nuclei-templates/2023/CVE-2023-5229-4c337287b3ea29b58d22de863f5e59bf.yaml
index 57a03da7aa..0fa2d2dcb2 100644
--- a/nuclei-templates/2023/CVE-2023-5229-4c337287b3ea29b58d22de863f5e59bf.yaml
+++ b/nuclei-templates/2023/CVE-2023-5229-4c337287b3ea29b58d22de863f5e59bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     e2pdf < 1.20.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The E2Pdf – Export To Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.20.20 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/e2pdf/"
     google-query: inurl:"/wp-content/plugins/e2pdf/"
     shodan-query: 'vuln:CVE-2023-5229'
-  tags: cve,wordpress,wp-plugin,e2pdf,medium
+  tags: cve,wordpress,wp-plugin,e2pdf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5230-4951c2f84359ebbaf9ae45fa01138a5f.yaml b/nuclei-templates/2023/CVE-2023-5230-4951c2f84359ebbaf9ae45fa01138a5f.yaml
index 23cba15528..e9efecad8c 100644
--- a/nuclei-templates/2023/CVE-2023-5230-4951c2f84359ebbaf9ae45fa01138a5f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5230-4951c2f84359ebbaf9ae45fa01138a5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TM WooCommerce Compare & Wishlist <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tm-woocommerce-compare-wishlist/"
     google-query: inurl:"/wp-content/plugins/tm-woocommerce-compare-wishlist/"
     shodan-query: 'vuln:CVE-2023-5230'
-  tags: cve,wordpress,wp-plugin,tm-woocommerce-compare-wishlist,medium
+  tags: cve,wordpress,wp-plugin,tm-woocommerce-compare-wishlist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5231-423344ebaf15b72d32ea50cd38a95167.yaml b/nuclei-templates/2023/CVE-2023-5231-423344ebaf15b72d32ea50cd38a95167.yaml
index 4d71f3d816..d5def5404a 100644
--- a/nuclei-templates/2023/CVE-2023-5231-423344ebaf15b72d32ea50cd38a95167.yaml
+++ b/nuclei-templates/2023/CVE-2023-5231-423344ebaf15b72d32ea50cd38a95167.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Magic Action Box <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Magic Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/magic-action-box/"
     google-query: inurl:"/wp-content/plugins/magic-action-box/"
     shodan-query: 'vuln:CVE-2023-5231'
-  tags: cve,wordpress,wp-plugin,magic-action-box,medium
+  tags: cve,wordpress,wp-plugin,magic-action-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5232-a57182d433f774a0b7467b555b805817.yaml b/nuclei-templates/2023/CVE-2023-5232-a57182d433f774a0b7467b555b805817.yaml
index a04411b4e5..1da8450f32 100644
--- a/nuclei-templates/2023/CVE-2023-5232-a57182d433f774a0b7467b555b805817.yaml
+++ b/nuclei-templates/2023/CVE-2023-5232-a57182d433f774a0b7467b555b805817.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Font Awesome More Icons <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/font-awesome-more-icons/"
     google-query: inurl:"/wp-content/plugins/font-awesome-more-icons/"
     shodan-query: 'vuln:CVE-2023-5232'
-  tags: cve,wordpress,wp-plugin,font-awesome-more-icons,medium
+  tags: cve,wordpress,wp-plugin,font-awesome-more-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5233-238d49dd6e9480e47ebe9505e3055120.yaml b/nuclei-templates/2023/CVE-2023-5233-238d49dd6e9480e47ebe9505e3055120.yaml
index fa0d89c1fb..20ee1d9c46 100644
--- a/nuclei-templates/2023/CVE-2023-5233-238d49dd6e9480e47ebe9505e3055120.yaml
+++ b/nuclei-templates/2023/CVE-2023-5233-238d49dd6e9480e47ebe9505e3055120.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Font Awesome Integration <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/font-awesome-integration/"
     google-query: inurl:"/wp-content/plugins/font-awesome-integration/"
     shodan-query: 'vuln:CVE-2023-5233'
-  tags: cve,wordpress,wp-plugin,font-awesome-integration,medium
+  tags: cve,wordpress,wp-plugin,font-awesome-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5234-f9f7aa614950622531a31e76990cf4c8.yaml b/nuclei-templates/2023/CVE-2023-5234-f9f7aa614950622531a31e76990cf4c8.yaml
index 346a1b4b97..798741e276 100644
--- a/nuclei-templates/2023/CVE-2023-5234-f9f7aa614950622531a31e76990cf4c8.yaml
+++ b/nuclei-templates/2023/CVE-2023-5234-f9f7aa614950622531a31e76990cf4c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Related Products for WooCommerce <= 3.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Related Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'woo-related' shortcode in versions up to, and including, 3.3.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-related-products-refresh-on-reload/"
     google-query: inurl:"/wp-content/plugins/woo-related-products-refresh-on-reload/"
     shodan-query: 'vuln:CVE-2023-5234'
-  tags: cve,wordpress,wp-plugin,woo-related-products-refresh-on-reload,medium
+  tags: cve,wordpress,wp-plugin,woo-related-products-refresh-on-reload,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5235-7f87928645d2c31cf00fa75d4b3905c3.yaml b/nuclei-templates/2023/CVE-2023-5235-7f87928645d2c31cf00fa75d4b3905c3.yaml
index bc2ed57e23..afb15ea481 100644
--- a/nuclei-templates/2023/CVE-2023-5235-7f87928645d2c31cf00fa75d4b3905c3.yaml
+++ b/nuclei-templates/2023/CVE-2023-5235-7f87928645d2c31cf00fa75d4b3905c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ovic Responsive WPBakery <= 1.2.8 - Authenticated (Subscriber+) Arbitrary Option Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ovic Responsive WPBakery plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on the import_options() function hooked via AJAX n in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options that can be used for easily privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ovic-vc-addon/"
     google-query: inurl:"/wp-content/plugins/ovic-vc-addon/"
     shodan-query: 'vuln:CVE-2023-5235'
-  tags: cve,wordpress,wp-plugin,ovic-vc-addon,high
+  tags: cve,wordpress,wp-plugin,ovic-vc-addon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5237-e0d43cef694a102644215555aaaf71de.yaml b/nuclei-templates/2023/CVE-2023-5237-e0d43cef694a102644215555aaaf71de.yaml
index 22c3cc8f64..0462949770 100644
--- a/nuclei-templates/2023/CVE-2023-5237-e0d43cef694a102644215555aaaf71de.yaml
+++ b/nuclei-templates/2023/CVE-2023-5237-e0d43cef694a102644215555aaaf71de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Memberlite Shortcodes <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/memberlite-shortcodes/"
     google-query: inurl:"/wp-content/plugins/memberlite-shortcodes/"
     shodan-query: 'vuln:CVE-2023-5237'
-  tags: cve,wordpress,wp-plugin,memberlite-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,memberlite-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5241-d3213062fc9b1a2c7b785c61361d34fc.yaml b/nuclei-templates/2023/CVE-2023-5241-d3213062fc9b1a2c7b785c61361d34fc.yaml
index ab6d32387f..4e47c17b4e 100644
--- a/nuclei-templates/2023/CVE-2023-5241-d3213062fc9b1a2c7b785c61361d34fc.yaml
+++ b/nuclei-templates/2023/CVE-2023-5241-d3213062fc9b1a2c7b785c61361d34fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI ChatBot <= 4.8.9 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-5241'
-  tags: cve,wordpress,wp-plugin,chatbot,critical
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5243-16cbd69900a20c2a15cc998b66c6e30e.yaml b/nuclei-templates/2023/CVE-2023-5243-16cbd69900a20c2a15cc998b66c6e30e.yaml
index d1fc8ab1e0..1a33adc1b0 100644
--- a/nuclei-templates/2023/CVE-2023-5243-16cbd69900a20c2a15cc998b66c6e30e.yaml
+++ b/nuclei-templates/2023/CVE-2023-5243-16cbd69900a20c2a15cc998b66c6e30e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login Screen Manager <= 3.5.2 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login Screen Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. CVE-2023-47182 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-screen-manager/"
     google-query: inurl:"/wp-content/plugins/login-screen-manager/"
     shodan-query: 'vuln:CVE-2023-5243'
-  tags: cve,wordpress,wp-plugin,login-screen-manager,medium
+  tags: cve,wordpress,wp-plugin,login-screen-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5250-12eb7534db6d3a6b596836d9096b1dfc.yaml b/nuclei-templates/2023/CVE-2023-5250-12eb7534db6d3a6b596836d9096b1dfc.yaml
index a39317963c..ee49610918 100644
--- a/nuclei-templates/2023/CVE-2023-5250-12eb7534db6d3a6b596836d9096b1dfc.yaml
+++ b/nuclei-templates/2023/CVE-2023-5250-12eb7534db6d3a6b596836d9096b1dfc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/grid-plus/"
     google-query: inurl:"/wp-content/plugins/grid-plus/"
     shodan-query: 'vuln:CVE-2023-5250'
-  tags: cve,wordpress,wp-plugin,grid-plus,high
+  tags: cve,wordpress,wp-plugin,grid-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5251-a7efe3d7340eefdf74e75d3be0901882.yaml b/nuclei-templates/2023/CVE-2023-5251-a7efe3d7340eefdf74e75d3be0901882.yaml
index 0bdc920df3..5b63cd6e79 100644
--- a/nuclei-templates/2023/CVE-2023-5251-a7efe3d7340eefdf74e75d3be0901882.yaml
+++ b/nuclei-templates/2023/CVE-2023-5251-a7efe3d7340eefdf74e75d3be0901882.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Grid Plus <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Grid Layout Add/Update/Delete
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout. CVE-2023-34014 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/grid-plus/"
     google-query: inurl:"/wp-content/plugins/grid-plus/"
     shodan-query: 'vuln:CVE-2023-5251'
-  tags: cve,wordpress,wp-plugin,grid-plus,medium
+  tags: cve,wordpress,wp-plugin,grid-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5252-64d859df68bf3f0a0838ef413ae7d21e.yaml b/nuclei-templates/2023/CVE-2023-5252-64d859df68bf3f0a0838ef413ae7d21e.yaml
index 11415a9765..666b84350b 100644
--- a/nuclei-templates/2023/CVE-2023-5252-64d859df68bf3f0a0838ef413ae7d21e.yaml
+++ b/nuclei-templates/2023/CVE-2023-5252-64d859df68bf3f0a0838ef413ae7d21e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FareHarbor for WordPress <= 3.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fareharbor/"
     google-query: inurl:"/wp-content/plugins/fareharbor/"
     shodan-query: 'vuln:CVE-2023-5252'
-  tags: cve,wordpress,wp-plugin,fareharbor,medium
+  tags: cve,wordpress,wp-plugin,fareharbor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5291-0fe998643673fbc89bdce1d6f1c4acbf.yaml b/nuclei-templates/2023/CVE-2023-5291-0fe998643673fbc89bdce1d6f1c4acbf.yaml
index e55f7d5ec3..061514a32f 100644
--- a/nuclei-templates/2023/CVE-2023-5291-0fe998643673fbc89bdce1d6f1c4acbf.yaml
+++ b/nuclei-templates/2023/CVE-2023-5291-0fe998643673fbc89bdce1d6f1c4acbf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blog Filter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog-filter/"
     google-query: inurl:"/wp-content/plugins/blog-filter/"
     shodan-query: 'vuln:CVE-2023-5291'
-  tags: cve,wordpress,wp-plugin,blog-filter,medium
+  tags: cve,wordpress,wp-plugin,blog-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5292-dea0414e4a9baf8defc1d9528b3ab197.yaml b/nuclei-templates/2023/CVE-2023-5292-dea0414e4a9baf8defc1d9528b3ab197.yaml
index 64fa4840ed..93217fb100 100644
--- a/nuclei-templates/2023/CVE-2023-5292-dea0414e4a9baf8defc1d9528b3ab197.yaml
+++ b/nuclei-templates/2023/CVE-2023-5292-dea0414e4a9baf8defc1d9528b3ab197.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields: Extended <= 0.8.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfe_form' shortcode in versions up to, and including, 0.8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acf-extended/"
     google-query: inurl:"/wp-content/plugins/acf-extended/"
     shodan-query: 'vuln:CVE-2023-5292'
-  tags: cve,wordpress,wp-plugin,acf-extended,medium
+  tags: cve,wordpress,wp-plugin,acf-extended,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5295-ec95efd2e63d9d89b0c3d769bde2a40b.yaml b/nuclei-templates/2023/CVE-2023-5295-ec95efd2e63d9d89b0c3d769bde2a40b.yaml
index 944b204e95..a010e106d7 100644
--- a/nuclei-templates/2023/CVE-2023-5295-ec95efd2e63d9d89b0c3d769bde2a40b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5295-ec95efd2e63d9d89b0c3d769bde2a40b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comments by Startbit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Comments by Startbit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-comment-by-vivacity/"
     google-query: inurl:"/wp-content/plugins/facebook-comment-by-vivacity/"
     shodan-query: 'vuln:CVE-2023-5295'
-  tags: cve,wordpress,wp-plugin,facebook-comment-by-vivacity,medium
+  tags: cve,wordpress,wp-plugin,facebook-comment-by-vivacity,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5307-9580adf700b409fcf11b1b8ce6a8f986.yaml b/nuclei-templates/2023/CVE-2023-5307-9580adf700b409fcf11b1b8ce6a8f986.yaml
index 60aef3e711..7ed799b0d8 100644
--- a/nuclei-templates/2023/CVE-2023-5307-9580adf700b409fcf11b1b8ce6a8f986.yaml
+++ b/nuclei-templates/2023/CVE-2023-5307-9580adf700b409fcf11b1b8ce6a8f986.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery < 21.2.8.1 - Unauthenticated Stored Cross-Site Scripting via headers
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via headers in all versions up to 21.2.8.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:CVE-2023-5307'
-  tags: cve,wordpress,wp-plugin,contest-gallery,medium
+  tags: cve,wordpress,wp-plugin,contest-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5308-a5c381dc4cbdb7060fc30ca87a13ef99.yaml b/nuclei-templates/2023/CVE-2023-5308-a5c381dc4cbdb7060fc30ca87a13ef99.yaml
index 8e9e98ea01..320793e496 100644
--- a/nuclei-templates/2023/CVE-2023-5308-a5c381dc4cbdb7060fc30ca87a13ef99.yaml
+++ b/nuclei-templates/2023/CVE-2023-5308-a5c381dc4cbdb7060fc30ca87a13ef99.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podcast Subscribe Buttons <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podcast-subscribe-buttons/"
     google-query: inurl:"/wp-content/plugins/podcast-subscribe-buttons/"
     shodan-query: 'vuln:CVE-2023-5308'
-  tags: cve,wordpress,wp-plugin,podcast-subscribe-buttons,medium
+  tags: cve,wordpress,wp-plugin,podcast-subscribe-buttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5314-04bca0e78f8b136ea82b1c4e9e1fafd4.yaml b/nuclei-templates/2023/CVE-2023-5314-04bca0e78f8b136ea82b1c4e9e1fafd4.yaml
index 48299d88f2..b3af40d1a0 100644
--- a/nuclei-templates/2023/CVE-2023-5314-04bca0e78f8b136ea82b1c4e9e1fafd4.yaml
+++ b/nuclei-templates/2023/CVE-2023-5314-04bca0e78f8b136ea82b1c4e9e1fafd4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP EXtra <= 6.2 - Missing Authorization to Arbitrary Email Sending
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-extra/"
     google-query: inurl:"/wp-content/plugins/wp-extra/"
     shodan-query: 'vuln:CVE-2023-5314'
-  tags: cve,wordpress,wp-plugin,wp-extra,medium
+  tags: cve,wordpress,wp-plugin,wp-extra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5315-8f06cbf2f40450a7e41adaa2e12c5c0e.yaml b/nuclei-templates/2023/CVE-2023-5315-8f06cbf2f40450a7e41adaa2e12c5c0e.yaml
index 2728edb614..85dbaa9dbc 100644
--- a/nuclei-templates/2023/CVE-2023-5315-8f06cbf2f40450a7e41adaa2e12c5c0e.yaml
+++ b/nuclei-templates/2023/CVE-2023-5315-8f06cbf2f40450a7e41adaa2e12c5c0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Maps made Simple <= 0.6 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-gmappity-easy-google-maps/"
     google-query: inurl:"/wp-content/plugins/wp-gmappity-easy-google-maps/"
     shodan-query: 'vuln:CVE-2023-5315'
-  tags: cve,wordpress,wp-plugin,wp-gmappity-easy-google-maps,high
+  tags: cve,wordpress,wp-plugin,wp-gmappity-easy-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5334-2196f2a72b0d78d150ae68d55da0fd92.yaml b/nuclei-templates/2023/CVE-2023-5334-2196f2a72b0d78d150ae68d55da0fd92.yaml
index 28365f054a..9400682b7d 100644
--- a/nuclei-templates/2023/CVE-2023-5334-2196f2a72b0d78d150ae68d55da0fd92.yaml
+++ b/nuclei-templates/2023/CVE-2023-5334-2196f2a72b0d78d150ae68d55da0fd92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Responsive header image slider <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-header-image-slider/"
     google-query: inurl:"/wp-content/plugins/responsive-header-image-slider/"
     shodan-query: 'vuln:CVE-2023-5334'
-  tags: cve,wordpress,wp-plugin,responsive-header-image-slider,medium
+  tags: cve,wordpress,wp-plugin,responsive-header-image-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5335-469ce07115e491efc4cb1c8371dce59b.yaml b/nuclei-templates/2023/CVE-2023-5335-469ce07115e491efc4cb1c8371dce59b.yaml
index a80ba253bb..99cf9c8ba9 100644
--- a/nuclei-templates/2023/CVE-2023-5335-469ce07115e491efc4cb1c8371dce59b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5335-469ce07115e491efc4cb1c8371dce59b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Buzzsprout Podcasting <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buzzsprout-podcasting/"
     google-query: inurl:"/wp-content/plugins/buzzsprout-podcasting/"
     shodan-query: 'vuln:CVE-2023-5335'
-  tags: cve,wordpress,wp-plugin,buzzsprout-podcasting,medium
+  tags: cve,wordpress,wp-plugin,buzzsprout-podcasting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5336-93a89e746de1b01ce58a8098e6937879.yaml b/nuclei-templates/2023/CVE-2023-5336-93a89e746de1b01ce58a8098e6937879.yaml
index d131b530fc..bb00efc26a 100644
--- a/nuclei-templates/2023/CVE-2023-5336-93a89e746de1b01ce58a8098e6937879.yaml
+++ b/nuclei-templates/2023/CVE-2023-5336-93a89e746de1b01ce58a8098e6937879.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 -  Authenticated (Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/"
     shodan-query: 'vuln:CVE-2023-5336'
-  tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,high
+  tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5337-76bb7b1a62378179c2a3a748f3a4ef7c.yaml b/nuclei-templates/2023/CVE-2023-5337-76bb7b1a62378179c2a3a748f3a4ef7c.yaml
index 89e1a49268..6c0fd35dc5 100644
--- a/nuclei-templates/2023/CVE-2023-5337-76bb7b1a62378179c2a3a748f3a4ef7c.yaml
+++ b/nuclei-templates/2023/CVE-2023-5337-76bb7b1a62378179c2a3a748f3a4ef7c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact form Form For All <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formforall/"
     google-query: inurl:"/wp-content/plugins/formforall/"
     shodan-query: 'vuln:CVE-2023-5337'
-  tags: cve,wordpress,wp-plugin,formforall,medium
+  tags: cve,wordpress,wp-plugin,formforall,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5338-7ba8529af3436a78498f1c21893b7e85.yaml b/nuclei-templates/2023/CVE-2023-5338-7ba8529af3436a78498f1c21893b7e85.yaml
index d3ae1981bd..5349464db1 100644
--- a/nuclei-templates/2023/CVE-2023-5338-7ba8529af3436a78498f1c21893b7e85.yaml
+++ b/nuclei-templates/2023/CVE-2023-5338-7ba8529af3436a78498f1c21893b7e85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme Blvd Shortcodes <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-blvd-shortcodes/"
     google-query: inurl:"/wp-content/plugins/theme-blvd-shortcodes/"
     shodan-query: 'vuln:CVE-2023-5338'
-  tags: cve,wordpress,wp-plugin,theme-blvd-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,theme-blvd-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5343-c01322d993d29040f70fca990f38339c.yaml b/nuclei-templates/2023/CVE-2023-5343-c01322d993d29040f70fca990f38339c.yaml
index 966796c612..1b5f474936 100644
--- a/nuclei-templates/2023/CVE-2023-5343-c01322d993d29040f70fca990f38339c.yaml
+++ b/nuclei-templates/2023/CVE-2023-5343-c01322d993d29040f70fca990f38339c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Box – Best WordPress Popup Plugin <= 3.7.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-popup-box/"
     google-query: inurl:"/wp-content/plugins/ays-popup-box/"
     shodan-query: 'vuln:CVE-2023-5343'
-  tags: cve,wordpress,wp-plugin,ays-popup-box,medium
+  tags: cve,wordpress,wp-plugin,ays-popup-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5352-89ce07ac930dc51991979cb98280bbb8.yaml b/nuclei-templates/2023/CVE-2023-5352-89ce07ac930dc51991979cb98280bbb8.yaml
index 8deb2f2210..f2bca0d8d7 100644
--- a/nuclei-templates/2023/CVE-2023-5352-89ce07ac930dc51991979cb98280bbb8.yaml
+++ b/nuclei-templates/2023/CVE-2023-5352-89ce07ac930dc51991979cb98280bbb8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support <= 6.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpas_edit_reply function in all versions up to, and including, 6.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary posts that they do not own.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2023-5352'
-  tags: cve,wordpress,wp-plugin,awesome-support,medium
+  tags: cve,wordpress,wp-plugin,awesome-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5355-d27639e06760fb0c9830c5a72e87ab5f.yaml b/nuclei-templates/2023/CVE-2023-5355-d27639e06760fb0c9830c5a72e87ab5f.yaml
index 4d1c444848..3203775b25 100644
--- a/nuclei-templates/2023/CVE-2023-5355-d27639e06760fb0c9830c5a72e87ab5f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5355-d27639e06760fb0c9830c5a72e87ab5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support <= 6.1.4 - Authenticated (Submitter+) Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 6.1.4. This is due to insufficient controls on paths being supplied when a user deletes an attachment from a ticket. This makes it possible for authenticated attackers, with ticket submitting-level access to delete arbitrary files on the site which can be used to achieve remote code execution and take over the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2023-5355'
-  tags: cve,wordpress,wp-plugin,awesome-support,high
+  tags: cve,wordpress,wp-plugin,awesome-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5357-b915266e3686714da03f11dc90c6893b.yaml b/nuclei-templates/2023/CVE-2023-5357-b915266e3686714da03f11dc90c6893b.yaml
index 56153f03bf..fc94966b3f 100644
--- a/nuclei-templates/2023/CVE-2023-5357-b915266e3686714da03f11dc90c6893b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5357-b915266e3686714da03f11dc90c6893b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Instagram for WordPress <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instagram-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/instagram-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-5357'
-  tags: cve,wordpress,wp-plugin,instagram-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,instagram-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5362-65a9626411491f24b8c3f89e82e2b81b.yaml b/nuclei-templates/2023/CVE-2023-5362-65a9626411491f24b8c3f89e82e2b81b.yaml
index 6e1406443a..b4a4c338c2 100644
--- a/nuclei-templates/2023/CVE-2023-5362-65a9626411491f24b8c3f89e82e2b81b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5362-65a9626411491f24b8c3f89e82e2b81b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carousel, Recent Post Slider and Banner Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spice-post-slider/"
     google-query: inurl:"/wp-content/plugins/spice-post-slider/"
     shodan-query: 'vuln:CVE-2023-5362'
-  tags: cve,wordpress,wp-plugin,spice-post-slider,medium
+  tags: cve,wordpress,wp-plugin,spice-post-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5381-b1bb95f8c4ff39f12ce42050633fe6ba.yaml b/nuclei-templates/2023/CVE-2023-5381-b1bb95f8c4ff39f12ce42050633fe6ba.yaml
index 6487feb698..e023d2ecc1 100644
--- a/nuclei-templates/2023/CVE-2023-5381-b1bb95f8c4ff39f12ce42050633fe6ba.yaml
+++ b/nuclei-templates/2023/CVE-2023-5381-b1bb95f8c4ff39f12ce42050633fe6ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2023-5381'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5385-e1ad7ec25f4d848d78b5d1ca911d7ff1.yaml b/nuclei-templates/2023/CVE-2023-5385-e1ad7ec25f4d848d78b5d1ca911d7ff1.yaml
index a09ef6f5e6..22c3ed3b0d 100644
--- a/nuclei-templates/2023/CVE-2023-5385-e1ad7ec25f4d848d78b5d1ca911d7ff1.yaml
+++ b/nuclei-templates/2023/CVE-2023-5385-e1ad7ec25f4d848d78b5d1ca911d7ff1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Duplication
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create copies of arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funnelforms-free/"
     google-query: inurl:"/wp-content/plugins/funnelforms-free/"
     shodan-query: 'vuln:CVE-2023-5385'
-  tags: cve,wordpress,wp-plugin,funnelforms-free,medium
+  tags: cve,wordpress,wp-plugin,funnelforms-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5386-8cbb632e23e9fd1207c7a31fa3fa33cd.yaml b/nuclei-templates/2023/CVE-2023-5386-8cbb632e23e9fd1207c7a31fa3fa33cd.yaml
index b4e90694a9..cb84577677 100644
--- a/nuclei-templates/2023/CVE-2023-5386-8cbb632e23e9fd1207c7a31fa3fa33cd.yaml
+++ b/nuclei-templates/2023/CVE-2023-5386-8cbb632e23e9fd1207c7a31fa3fa33cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funnelforms-free/"
     google-query: inurl:"/wp-content/plugins/funnelforms-free/"
     shodan-query: 'vuln:CVE-2023-5386'
-  tags: cve,wordpress,wp-plugin,funnelforms-free,medium
+  tags: cve,wordpress,wp-plugin,funnelforms-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5387-1389f4413b4c34ddc59ef4e67e6f0a3f.yaml b/nuclei-templates/2023/CVE-2023-5387-1389f4413b4c34ddc59ef4e67e6f0a3f.yaml
index d1fdc1b884..14de11c7e9 100644
--- a/nuclei-templates/2023/CVE-2023-5387-1389f4413b4c34ddc59ef4e67e6f0a3f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5387-1389f4413b4c34ddc59ef4e67e6f0a3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable the dark mode plugin setting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funnelforms-free/"
     google-query: inurl:"/wp-content/plugins/funnelforms-free/"
     shodan-query: 'vuln:CVE-2023-5387'
-  tags: cve,wordpress,wp-plugin,funnelforms-free,medium
+  tags: cve,wordpress,wp-plugin,funnelforms-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5411-1d54b8b23176b36e6deb663d5a8ceaf5.yaml b/nuclei-templates/2023/CVE-2023-5411-1d54b8b23176b36e6deb663d5a8ceaf5.yaml
index f4332f260e..7ec9847e55 100644
--- a/nuclei-templates/2023/CVE-2023-5411-1d54b8b23176b36e6deb663d5a8ceaf5.yaml
+++ b/nuclei-templates/2023/CVE-2023-5411-1d54b8b23176b36e6deb663d5a8ceaf5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnelforms Free <= 3.4 - Missing Authorization to Post Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify certain post values. Note that the extent of modification is limited due to fixed values passed to the wp_update_post function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funnelforms-free/"
     google-query: inurl:"/wp-content/plugins/funnelforms-free/"
     shodan-query: 'vuln:CVE-2023-5411'
-  tags: cve,wordpress,wp-plugin,funnelforms-free,medium
+  tags: cve,wordpress,wp-plugin,funnelforms-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5412-09c9edd801d535f8b0dc361310e2bb14.yaml b/nuclei-templates/2023/CVE-2023-5412-09c9edd801d535f8b0dc361310e2bb14.yaml
index ff5f86e1bd..3ec31a7554 100644
--- a/nuclei-templates/2023/CVE-2023-5412-09c9edd801d535f8b0dc361310e2bb14.yaml
+++ b/nuclei-templates/2023/CVE-2023-5412-09c9edd801d535f8b0dc361310e2bb14.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image horizontal reel scroll slideshow <= 13.2 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-horizontal-reel-scroll-slideshow/"
     google-query: inurl:"/wp-content/plugins/image-horizontal-reel-scroll-slideshow/"
     shodan-query: 'vuln:CVE-2023-5412'
-  tags: cve,wordpress,wp-plugin,image-horizontal-reel-scroll-slideshow,high
+  tags: cve,wordpress,wp-plugin,image-horizontal-reel-scroll-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5413-21bae7dd0ccc10547daf0010edb807de.yaml b/nuclei-templates/2023/CVE-2023-5413-21bae7dd0ccc10547daf0010edb807de.yaml
index 1df89f2d2c..25ab9e55e1 100644
--- a/nuclei-templates/2023/CVE-2023-5413-21bae7dd0ccc10547daf0010edb807de.yaml
+++ b/nuclei-templates/2023/CVE-2023-5413-21bae7dd0ccc10547daf0010edb807de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image horizontal reel scroll slideshow <= 13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-horizontal-reel-scroll-slideshow/"
     google-query: inurl:"/wp-content/plugins/image-horizontal-reel-scroll-slideshow/"
     shodan-query: 'vuln:CVE-2023-5413'
-  tags: cve,wordpress,wp-plugin,image-horizontal-reel-scroll-slideshow,medium
+  tags: cve,wordpress,wp-plugin,image-horizontal-reel-scroll-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5414-fedbaf9b75c3966253ac9d4ff4472b7e.yaml b/nuclei-templates/2023/CVE-2023-5414-fedbaf9b75c3966253ac9d4ff4472b7e.yaml
index f7f82a68eb..17e7800fd0 100644
--- a/nuclei-templates/2023/CVE-2023-5414-fedbaf9b75c3966253ac9d4ff4472b7e.yaml
+++ b/nuclei-templates/2023/CVE-2023-5414-fedbaf9b75c3966253ac9d4ff4472b7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2023-5414'
-  tags: cve,wordpress,wp-plugin,email-subscribers,critical
+  tags: cve,wordpress,wp-plugin,email-subscribers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5415-21adcc5933f66f0dc2a717df7e950d3b.yaml b/nuclei-templates/2023/CVE-2023-5415-21adcc5933f66f0dc2a717df7e950d3b.yaml
index 1a898bc2a8..32e3e10972 100644
--- a/nuclei-templates/2023/CVE-2023-5415-21adcc5933f66f0dc2a717df7e950d3b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5415-21adcc5933f66f0dc2a717df7e950d3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnelforms Free <= 3.4 - Missing Authorization to New Category Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add new categories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funnelforms-free/"
     google-query: inurl:"/wp-content/plugins/funnelforms-free/"
     shodan-query: 'vuln:CVE-2023-5415'
-  tags: cve,wordpress,wp-plugin,funnelforms-free,medium
+  tags: cve,wordpress,wp-plugin,funnelforms-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5416-a0259835bb015f0f8ae0efa060f9f185.yaml b/nuclei-templates/2023/CVE-2023-5416-a0259835bb015f0f8ae0efa060f9f185.yaml
index 23370d73d7..3292545f03 100644
--- a/nuclei-templates/2023/CVE-2023-5416-a0259835bb015f0f8ae0efa060f9f185.yaml
+++ b/nuclei-templates/2023/CVE-2023-5416-a0259835bb015f0f8ae0efa060f9f185.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete categories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funnelforms-free/"
     google-query: inurl:"/wp-content/plugins/funnelforms-free/"
     shodan-query: 'vuln:CVE-2023-5416'
-  tags: cve,wordpress,wp-plugin,funnelforms-free,medium
+  tags: cve,wordpress,wp-plugin,funnelforms-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5417-e27d960770a662cb31ee7005dde8fb3c.yaml b/nuclei-templates/2023/CVE-2023-5417-e27d960770a662cb31ee7005dde8fb3c.yaml
index 483c67615b..e533b586a3 100644
--- a/nuclei-templates/2023/CVE-2023-5417-e27d960770a662cb31ee7005dde8fb3c.yaml
+++ b/nuclei-templates/2023/CVE-2023-5417-e27d960770a662cb31ee7005dde8fb3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnelforms Free <= 3.4 - Missing Authorization to Category Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the Funnelforms category for a given post ID.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funnelforms-free/"
     google-query: inurl:"/wp-content/plugins/funnelforms-free/"
     shodan-query: 'vuln:CVE-2023-5417'
-  tags: cve,wordpress,wp-plugin,funnelforms-free,medium
+  tags: cve,wordpress,wp-plugin,funnelforms-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5419-7e168d2cbd20b0d5ec60c962781efa94.yaml b/nuclei-templates/2023/CVE-2023-5419-7e168d2cbd20b0d5ec60c962781efa94.yaml
index 94328aff5a..4b1da5c42b 100644
--- a/nuclei-templates/2023/CVE-2023-5419-7e168d2cbd20b0d5ec60c962781efa94.yaml
+++ b/nuclei-templates/2023/CVE-2023-5419-7e168d2cbd20b0d5ec60c962781efa94.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnelforms Free <= 3.4 - Missing Authorization to Test Email Sending
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to send test emails to an arbitrary email address.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funnelforms-free/"
     google-query: inurl:"/wp-content/plugins/funnelforms-free/"
     shodan-query: 'vuln:CVE-2023-5419'
-  tags: cve,wordpress,wp-plugin,funnelforms-free,medium
+  tags: cve,wordpress,wp-plugin,funnelforms-free,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5425-91dbc533a6be524b4d3d9619ad71cbbc.yaml b/nuclei-templates/2023/CVE-2023-5425-91dbc533a6be524b4d3d9619ad71cbbc.yaml
index 89ed31d984..6c2c653329 100644
--- a/nuclei-templates/2023/CVE-2023-5425-91dbc533a6be524b4d3d9619ad71cbbc.yaml
+++ b/nuclei-templates/2023/CVE-2023-5425-91dbc533a6be524b4d3d9619ad71cbbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Meta Data Manager <=1.2.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-meta-data-manager/"
     google-query: inurl:"/wp-content/plugins/post-meta-data-manager/"
     shodan-query: 'vuln:CVE-2023-5425'
-  tags: cve,wordpress,wp-plugin,post-meta-data-manager,high
+  tags: cve,wordpress,wp-plugin,post-meta-data-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5428-f917f02f001372c0ed6a2cbacd402eae.yaml b/nuclei-templates/2023/CVE-2023-5428-f917f02f001372c0ed6a2cbacd402eae.yaml
index 949b67e9f2..ad07bd7ec0 100644
--- a/nuclei-templates/2023/CVE-2023-5428-f917f02f001372c0ed6a2cbacd402eae.yaml
+++ b/nuclei-templates/2023/CVE-2023-5428-f917f02f001372c0ed6a2cbacd402eae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image vertical reel scroll slideshow <= 9.0 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-vertical-reel-scroll-slideshow/"
     google-query: inurl:"/wp-content/plugins/image-vertical-reel-scroll-slideshow/"
     shodan-query: 'vuln:CVE-2023-5428'
-  tags: cve,wordpress,wp-plugin,image-vertical-reel-scroll-slideshow,high
+  tags: cve,wordpress,wp-plugin,image-vertical-reel-scroll-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5429-2e8c881d695b74f611068f96c80b3487.yaml b/nuclei-templates/2023/CVE-2023-5429-2e8c881d695b74f611068f96c80b3487.yaml
index 894d6566a2..3afc4cee53 100644
--- a/nuclei-templates/2023/CVE-2023-5429-2e8c881d695b74f611068f96c80b3487.yaml
+++ b/nuclei-templates/2023/CVE-2023-5429-2e8c881d695b74f611068f96c80b3487.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Information Reel <= 10.0 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/information-reel/"
     google-query: inurl:"/wp-content/plugins/information-reel/"
     shodan-query: 'vuln:CVE-2023-5429'
-  tags: cve,wordpress,wp-plugin,information-reel,high
+  tags: cve,wordpress,wp-plugin,information-reel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5430-ec203a9e69230c2878eb1812f2101d77.yaml b/nuclei-templates/2023/CVE-2023-5430-ec203a9e69230c2878eb1812f2101d77.yaml
index 7de5157a3a..fd01c78794 100644
--- a/nuclei-templates/2023/CVE-2023-5430-ec203a9e69230c2878eb1812f2101d77.yaml
+++ b/nuclei-templates/2023/CVE-2023-5430-ec203a9e69230c2878eb1812f2101d77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jquery news ticker <= 3.0 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jquery-news-ticker/"
     google-query: inurl:"/wp-content/plugins/jquery-news-ticker/"
     shodan-query: 'vuln:CVE-2023-5430'
-  tags: cve,wordpress,wp-plugin,jquery-news-ticker,high
+  tags: cve,wordpress,wp-plugin,jquery-news-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5431-74c124627aef7bceecd485cb551c158e.yaml b/nuclei-templates/2023/CVE-2023-5431-74c124627aef7bceecd485cb551c158e.yaml
index 8a7a2a123b..50b953770c 100644
--- a/nuclei-templates/2023/CVE-2023-5431-74c124627aef7bceecd485cb551c158e.yaml
+++ b/nuclei-templates/2023/CVE-2023-5431-74c124627aef7bceecd485cb551c158e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Left right image slideshow gallery <= 12.0 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/left-right-image-slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/left-right-image-slideshow-gallery/"
     shodan-query: 'vuln:CVE-2023-5431'
-  tags: cve,wordpress,wp-plugin,left-right-image-slideshow-gallery,high
+  tags: cve,wordpress,wp-plugin,left-right-image-slideshow-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5432-179abbcb3a9b789dc00b8e0d8f532b6a.yaml b/nuclei-templates/2023/CVE-2023-5432-179abbcb3a9b789dc00b8e0d8f532b6a.yaml
index c5bdbfb319..eb730212cd 100644
--- a/nuclei-templates/2023/CVE-2023-5432-179abbcb3a9b789dc00b8e0d8f532b6a.yaml
+++ b/nuclei-templates/2023/CVE-2023-5432-179abbcb3a9b789dc00b8e0d8f532b6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jquery news ticker <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jquery-news-ticker/"
     google-query: inurl:"/wp-content/plugins/jquery-news-ticker/"
     shodan-query: 'vuln:CVE-2023-5432'
-  tags: cve,wordpress,wp-plugin,jquery-news-ticker,medium
+  tags: cve,wordpress,wp-plugin,jquery-news-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5433-5b0c7f3f3f3d8554824f38539044b215.yaml b/nuclei-templates/2023/CVE-2023-5433-5b0c7f3f3f3d8554824f38539044b215.yaml
index c7ac590472..d4ea04121a 100644
--- a/nuclei-templates/2023/CVE-2023-5433-5b0c7f3f3f3d8554824f38539044b215.yaml
+++ b/nuclei-templates/2023/CVE-2023-5433-5b0c7f3f3f3d8554824f38539044b215.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Message ticker <= 9.2 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/message-ticker/"
     google-query: inurl:"/wp-content/plugins/message-ticker/"
     shodan-query: 'vuln:CVE-2023-5433'
-  tags: cve,wordpress,wp-plugin,message-ticker,high
+  tags: cve,wordpress,wp-plugin,message-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5434-d47a1b6b1cff7517a2e9c1cfb877c153.yaml b/nuclei-templates/2023/CVE-2023-5434-d47a1b6b1cff7517a2e9c1cfb877c153.yaml
index e99b5e483f..98971b52a5 100644
--- a/nuclei-templates/2023/CVE-2023-5434-d47a1b6b1cff7517a2e9c1cfb877c153.yaml
+++ b/nuclei-templates/2023/CVE-2023-5434-d47a1b6b1cff7517a2e9c1cfb877c153.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Superb slideshow gallery <= 13.1 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/superb-slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/superb-slideshow-gallery/"
     shodan-query: 'vuln:CVE-2023-5434'
-  tags: cve,wordpress,wp-plugin,superb-slideshow-gallery,high
+  tags: cve,wordpress,wp-plugin,superb-slideshow-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5435-7138d2ba8421f62a9d8f037aab75e745.yaml b/nuclei-templates/2023/CVE-2023-5435-7138d2ba8421f62a9d8f037aab75e745.yaml
index 51755f6e16..74cd188b96 100644
--- a/nuclei-templates/2023/CVE-2023-5435-7138d2ba8421f62a9d8f037aab75e745.yaml
+++ b/nuclei-templates/2023/CVE-2023-5435-7138d2ba8421f62a9d8f037aab75e745.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Up down image slideshow gallery <= 12.0 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/up-down-image-slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/up-down-image-slideshow-gallery/"
     shodan-query: 'vuln:CVE-2023-5435'
-  tags: cve,wordpress,wp-plugin,up-down-image-slideshow-gallery,high
+  tags: cve,wordpress,wp-plugin,up-down-image-slideshow-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5436-67a5e177b639db224cce52014e47431a.yaml b/nuclei-templates/2023/CVE-2023-5436-67a5e177b639db224cce52014e47431a.yaml
index 649ffacba7..0ac07f4ab9 100644
--- a/nuclei-templates/2023/CVE-2023-5436-67a5e177b639db224cce52014e47431a.yaml
+++ b/nuclei-templates/2023/CVE-2023-5436-67a5e177b639db224cce52014e47431a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vertical marquee plugin <= 7.1 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vertical-marquee-plugin/"
     google-query: inurl:"/wp-content/plugins/vertical-marquee-plugin/"
     shodan-query: 'vuln:CVE-2023-5436'
-  tags: cve,wordpress,wp-plugin,vertical-marquee-plugin,high
+  tags: cve,wordpress,wp-plugin,vertical-marquee-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5437-eac77b73e6b9904c178e050ff0c75895.yaml b/nuclei-templates/2023/CVE-2023-5437-eac77b73e6b9904c178e050ff0c75895.yaml
index 04e85a4d99..c34779f177 100644
--- a/nuclei-templates/2023/CVE-2023-5437-eac77b73e6b9904c178e050ff0c75895.yaml
+++ b/nuclei-templates/2023/CVE-2023-5437-eac77b73e6b9904c178e050ff0c75895.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP fade in text news <= 12.0 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fade-in-text-news/"
     google-query: inurl:"/wp-content/plugins/wp-fade-in-text-news/"
     shodan-query: 'vuln:CVE-2023-5437'
-  tags: cve,wordpress,wp-plugin,wp-fade-in-text-news,high
+  tags: cve,wordpress,wp-plugin,wp-fade-in-text-news,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5438-b5617dec0fcbbbc761aa88231d94be83.yaml b/nuclei-templates/2023/CVE-2023-5438-b5617dec0fcbbbc761aa88231d94be83.yaml
index 535d535f7a..89408a0de0 100644
--- a/nuclei-templates/2023/CVE-2023-5438-b5617dec0fcbbbc761aa88231d94be83.yaml
+++ b/nuclei-templates/2023/CVE-2023-5438-b5617dec0fcbbbc761aa88231d94be83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wp image slideshow <= 12.0 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-image-slideshow/"
     google-query: inurl:"/wp-content/plugins/wp-image-slideshow/"
     shodan-query: 'vuln:CVE-2023-5438'
-  tags: cve,wordpress,wp-plugin,wp-image-slideshow,high
+  tags: cve,wordpress,wp-plugin,wp-image-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5439-6068fa535a8253f59a90a4115ac59459.yaml b/nuclei-templates/2023/CVE-2023-5439-6068fa535a8253f59a90a4115ac59459.yaml
index 71585d0fbf..b423a229e0 100644
--- a/nuclei-templates/2023/CVE-2023-5439-6068fa535a8253f59a90a4115ac59459.yaml
+++ b/nuclei-templates/2023/CVE-2023-5439-6068fa535a8253f59a90a4115ac59459.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp photo text slider 50 <= 8.0 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-photo-text-slider-50/"
     google-query: inurl:"/wp-content/plugins/wp-photo-text-slider-50/"
     shodan-query: 'vuln:CVE-2023-5439'
-  tags: cve,wordpress,wp-plugin,wp-photo-text-slider-50,high
+  tags: cve,wordpress,wp-plugin,wp-photo-text-slider-50,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5448-7ae915288e9c3c74b018a1157e470354.yaml b/nuclei-templates/2023/CVE-2023-5448-7ae915288e9c3c74b018a1157e470354.yaml
index c5fa44be1d..9f950bee4d 100644
--- a/nuclei-templates/2023/CVE-2023-5448-7ae915288e9c3c74b018a1157e470354.yaml
+++ b/nuclei-templates/2023/CVE-2023-5448-7ae915288e9c3c74b018a1157e470354.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Register Profile With Shortcode <= 3.5.9 - Cross-Site Request Forgery to User Password Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for unauthenticated attackers to reset a user's password via a forged request granted they can trick the user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-register-profile-with-shortcode/"
     google-query: inurl:"/wp-content/plugins/wp-register-profile-with-shortcode/"
     shodan-query: 'vuln:CVE-2023-5448'
-  tags: cve,wordpress,wp-plugin,wp-register-profile-with-shortcode,high
+  tags: cve,wordpress,wp-plugin,wp-register-profile-with-shortcode,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5458-4e81e30f96ac2459f5d1b33071468659.yaml b/nuclei-templates/2023/CVE-2023-5458-4e81e30f96ac2459f5d1b33071468659.yaml
index 62d29f949c..e6c862c480 100644
--- a/nuclei-templates/2023/CVE-2023-5458-4e81e30f96ac2459f5d1b33071468659.yaml
+++ b/nuclei-templates/2023/CVE-2023-5458-4e81e30f96ac2459f5d1b33071468659.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CITS Support svg, webp Media and TTF,OTF File Upload <= 2.1.0 - Authenticated(Author+) Stored Cross-Site Scripting via SVG Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CITS Support svg, webp Media and TTF,OTF File Upload  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG upload in versions up to, and including, 2.1.0 due to insufficient SVG sanitization. This makes it possible for authenticated attackers with Author permissions or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cits-support-svg-webp-media-upload/"
     google-query: inurl:"/wp-content/plugins/cits-support-svg-webp-media-upload/"
     shodan-query: 'vuln:CVE-2023-5458'
-  tags: cve,wordpress,wp-plugin,cits-support-svg-webp-media-upload,medium
+  tags: cve,wordpress,wp-plugin,cits-support-svg-webp-media-upload,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5464-08b8cede6b6ee0e0f3a91f475dfd1447.yaml b/nuclei-templates/2023/CVE-2023-5464-08b8cede6b6ee0e0f3a91f475dfd1447.yaml
index c019c98789..ab50037324 100644
--- a/nuclei-templates/2023/CVE-2023-5464-08b8cede6b6ee0e0f3a91f475dfd1447.yaml
+++ b/nuclei-templates/2023/CVE-2023-5464-08b8cede6b6ee0e0f3a91f475dfd1447.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jquery accordion slideshow <= 8.1 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jquery-accordion-slideshow/"
     google-query: inurl:"/wp-content/plugins/jquery-accordion-slideshow/"
     shodan-query: 'vuln:CVE-2023-5464'
-  tags: cve,wordpress,wp-plugin,jquery-accordion-slideshow,high
+  tags: cve,wordpress,wp-plugin,jquery-accordion-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5465-bee21ffa7faff706d4db361bca23b6c3.yaml b/nuclei-templates/2023/CVE-2023-5465-bee21ffa7faff706d4db361bca23b6c3.yaml
index 73eb5c3c7d..b4aec3b7cf 100644
--- a/nuclei-templates/2023/CVE-2023-5465-bee21ffa7faff706d4db361bca23b6c3.yaml
+++ b/nuclei-templates/2023/CVE-2023-5465-bee21ffa7faff706d4db361bca23b6c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup with fancybox <= 3.5 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-with-fancybox/"
     google-query: inurl:"/wp-content/plugins/popup-with-fancybox/"
     shodan-query: 'vuln:CVE-2023-5465'
-  tags: cve,wordpress,wp-plugin,popup-with-fancybox,high
+  tags: cve,wordpress,wp-plugin,popup-with-fancybox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5466-aaaf4480d575f84ecd3c01a63e4a0287.yaml b/nuclei-templates/2023/CVE-2023-5466-aaaf4480d575f84ecd3c01a63e4a0287.yaml
index 8d3aaa3aaa..b4ee0f025c 100644
--- a/nuclei-templates/2023/CVE-2023-5466-aaaf4480d575f84ecd3c01a63e4a0287.yaml
+++ b/nuclei-templates/2023/CVE-2023-5466-aaaf4480d575f84ecd3c01a63e4a0287.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp anything slider <= 9.1 -  Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-anything-slider/"
     google-query: inurl:"/wp-content/plugins/wp-anything-slider/"
     shodan-query: 'vuln:CVE-2023-5466'
-  tags: cve,wordpress,wp-plugin,wp-anything-slider,high
+  tags: cve,wordpress,wp-plugin,wp-anything-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5467-fcc1cf4316d93103b20ebe799631fe04.yaml b/nuclei-templates/2023/CVE-2023-5467-fcc1cf4316d93103b20ebe799631fe04.yaml
index 0d4f0c8623..cd7a4f7628 100644
--- a/nuclei-templates/2023/CVE-2023-5467-fcc1cf4316d93103b20ebe799631fe04.yaml
+++ b/nuclei-templates/2023/CVE-2023-5467-fcc1cf4316d93103b20ebe799631fe04.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GEO my WordPress <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geo-my-wp/"
     google-query: inurl:"/wp-content/plugins/geo-my-wp/"
     shodan-query: 'vuln:CVE-2023-5467'
-  tags: cve,wordpress,wp-plugin,geo-my-wp,medium
+  tags: cve,wordpress,wp-plugin,geo-my-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5468-5e71c24603564ca342c0b82fb64d9b20.yaml b/nuclei-templates/2023/CVE-2023-5468-5e71c24603564ca342c0b82fb64d9b20.yaml
index 1ce410aca1..39e83801d9 100644
--- a/nuclei-templates/2023/CVE-2023-5468-5e71c24603564ca342c0b82fb64d9b20.yaml
+++ b/nuclei-templates/2023/CVE-2023-5468-5e71c24603564ca342c0b82fb64d9b20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slick Contact Forms <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slick-contact-forms/"
     google-query: inurl:"/wp-content/plugins/slick-contact-forms/"
     shodan-query: 'vuln:CVE-2023-5468'
-  tags: cve,wordpress,wp-plugin,slick-contact-forms,medium
+  tags: cve,wordpress,wp-plugin,slick-contact-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5469-7907c4688f5f43998579c328082a69f9.yaml b/nuclei-templates/2023/CVE-2023-5469-7907c4688f5f43998579c328082a69f9.yaml
index 1e0c62cafd..86339d1aa2 100644
--- a/nuclei-templates/2023/CVE-2023-5469-7907c4688f5f43998579c328082a69f9.yaml
+++ b/nuclei-templates/2023/CVE-2023-5469-7907c4688f5f43998579c328082a69f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Drop Shadow Boxes <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drop-shadow-boxes/"
     google-query: inurl:"/wp-content/plugins/drop-shadow-boxes/"
     shodan-query: 'vuln:CVE-2023-5469'
-  tags: cve,wordpress,wp-plugin,drop-shadow-boxes,medium
+  tags: cve,wordpress,wp-plugin,drop-shadow-boxes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5470-12af00d20d6054e6e52d985c87c55f02.yaml b/nuclei-templates/2023/CVE-2023-5470-12af00d20d6054e6e52d985c87c55f02.yaml
index 6baa9fa4bf..1b6de6a002 100644
--- a/nuclei-templates/2023/CVE-2023-5470-12af00d20d6054e6e52d985c87c55f02.yaml
+++ b/nuclei-templates/2023/CVE-2023-5470-12af00d20d6054e6e52d985c87c55f02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Etsy Shop <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/etsy-shop/"
     google-query: inurl:"/wp-content/plugins/etsy-shop/"
     shodan-query: 'vuln:CVE-2023-5470'
-  tags: cve,wordpress,wp-plugin,etsy-shop,medium
+  tags: cve,wordpress,wp-plugin,etsy-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5504-2bca208b2748ce062cd1cca09cfae994.yaml b/nuclei-templates/2023/CVE-2023-5504-2bca208b2748ce062cd1cca09cfae994.yaml
index 5c6a0f5ad9..68196431b0 100644
--- a/nuclei-templates/2023/CVE-2023-5504-2bca208b2748ce062cd1cca09cfae994.yaml
+++ b/nuclei-templates/2023/CVE-2023-5504-2bca208b2748ce062cd1cca09cfae994.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backwpup/"
     google-query: inurl:"/wp-content/plugins/backwpup/"
     shodan-query: 'vuln:CVE-2023-5504'
-  tags: cve,wordpress,wp-plugin,backwpup,high
+  tags: cve,wordpress,wp-plugin,backwpup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5506-6bb3656a861d0a80040f9af45e87952f.yaml b/nuclei-templates/2023/CVE-2023-5506-6bb3656a861d0a80040f9af45e87952f.yaml
index 8433f59c8a..61344ee0aa 100644
--- a/nuclei-templates/2023/CVE-2023-5506-6bb3656a861d0a80040f9af45e87952f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5506-6bb3656a861d0a80040f9af45e87952f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageMapper <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page/Post Deletion via imgmap_delete_area_ajax
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts and pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagemapper/"
     google-query: inurl:"/wp-content/plugins/imagemapper/"
     shodan-query: 'vuln:CVE-2023-5506'
-  tags: cve,wordpress,wp-plugin,imagemapper,medium
+  tags: cve,wordpress,wp-plugin,imagemapper,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5507-a73f55993da6bf41bdb201284b107f4f.yaml b/nuclei-templates/2023/CVE-2023-5507-a73f55993da6bf41bdb201284b107f4f.yaml
index 8e00a66785..91ed6ab3e5 100644
--- a/nuclei-templates/2023/CVE-2023-5507-a73f55993da6bf41bdb201284b107f4f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5507-a73f55993da6bf41bdb201284b107f4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageMapper <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagemapper/"
     google-query: inurl:"/wp-content/plugins/imagemapper/"
     shodan-query: 'vuln:CVE-2023-5507'
-  tags: cve,wordpress,wp-plugin,imagemapper,medium
+  tags: cve,wordpress,wp-plugin,imagemapper,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5509-b9ee2994c48a1ce98dffc9faf5d855b8.yaml b/nuclei-templates/2023/CVE-2023-5509-b9ee2994c48a1ce98dffc9faf5d855b8.yaml
index 7d7e8cdf16..7525cc1c73 100644
--- a/nuclei-templates/2023/CVE-2023-5509-b9ee2994c48a1ce98dffc9faf5d855b8.yaml
+++ b/nuclei-templates/2023/CVE-2023-5509-b9ee2994c48a1ce98dffc9faf5d855b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     myStickymenu <= 2.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Lead Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the my_sticky_menu_bulks() function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with subscruber-level access and above, to delete arbitrary form leads. There were several additional AJAX actions in the plugin with missing capability checks as well such as mystickymenu_admin_send_message_to_owner(), stickymenu_widget_delete(), mystickymenu_widget_status() and more that make is possible for authenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mystickymenu/"
     google-query: inurl:"/wp-content/plugins/mystickymenu/"
     shodan-query: 'vuln:CVE-2023-5509'
-  tags: cve,wordpress,wp-plugin,mystickymenu,medium
+  tags: cve,wordpress,wp-plugin,mystickymenu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5525-83eca41cb757159390f58937921ee2df.yaml b/nuclei-templates/2023/CVE-2023-5525-83eca41cb757159390f58937921ee2df.yaml
index 17fa06fab2..e44a6d24de 100644
--- a/nuclei-templates/2023/CVE-2023-5525-83eca41cb757159390f58937921ee2df.yaml
+++ b/nuclei-templates/2023/CVE-2023-5525-83eca41cb757159390f58937921ee2df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Limit Login Attempts Reloaded <= 2.25.25 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_auto_update() function hooked via AJAX in all versions up to, and including, 2.25.25. This makes it possible for authenticated attackers, with access to a valid nonce, to toggle auto-updates for the plugin on and off.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/limit-login-attempts-reloaded/"
     google-query: inurl:"/wp-content/plugins/limit-login-attempts-reloaded/"
     shodan-query: 'vuln:CVE-2023-5525'
-  tags: cve,wordpress,wp-plugin,limit-login-attempts-reloaded,medium
+  tags: cve,wordpress,wp-plugin,limit-login-attempts-reloaded,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5530-7e83efd5775fb18032b0a614d3a4dbf4.yaml b/nuclei-templates/2023/CVE-2023-5530-7e83efd5775fb18032b0a614d3a4dbf4.yaml
index c9e772773a..fc4c6380cf 100644
--- a/nuclei-templates/2023/CVE-2023-5530-7e83efd5775fb18032b0a614d3a4dbf4.yaml
+++ b/nuclei-templates/2023/CVE-2023-5530-7e83efd5775fb18032b0a614d3a4dbf4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 3.6.33 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ninja Forms Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-5530-1/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-5530-1/"
     shodan-query: 'vuln:CVE-2023-5530'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-5530-1,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-5530-1,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5533-196434d911f0f2030523284b9ab4ed7d.yaml b/nuclei-templates/2023/CVE-2023-5533-196434d911f0f2030523284b9ab4ed7d.yaml
index 20c74e7333..453cc22956 100644
--- a/nuclei-templates/2023/CVE-2023-5533-196434d911f0f2030523284b9ab4ed7d.yaml
+++ b/nuclei-templates/2023/CVE-2023-5533-196434d911f0f2030523284b9ab4ed7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-5533'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5565-0d3480d611d68322f3807ad912f13fa3.yaml b/nuclei-templates/2023/CVE-2023-5565-0d3480d611d68322f3807ad912f13fa3.yaml
index d797468240..fe8debf3dd 100644
--- a/nuclei-templates/2023/CVE-2023-5565-0d3480d611d68322f3807ad912f13fa3.yaml
+++ b/nuclei-templates/2023/CVE-2023-5565-0d3480d611d68322f3807ad912f13fa3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcode Menu <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-menu/"
     google-query: inurl:"/wp-content/plugins/shortcode-menu/"
     shodan-query: 'vuln:CVE-2023-5565'
-  tags: cve,wordpress,wp-plugin,shortcode-menu,medium
+  tags: cve,wordpress,wp-plugin,shortcode-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5566-c3292186ff6270827e326f6eecd76002.yaml b/nuclei-templates/2023/CVE-2023-5566-c3292186ff6270827e326f6eecd76002.yaml
index cdb7ea2667..74f2dcd006 100644
--- a/nuclei-templates/2023/CVE-2023-5566-c3292186ff6270827e326f6eecd76002.yaml
+++ b/nuclei-templates/2023/CVE-2023-5566-c3292186ff6270827e326f6eecd76002.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Shortcodes <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smpl-shortcodes/"
     google-query: inurl:"/wp-content/plugins/smpl-shortcodes/"
     shodan-query: 'vuln:CVE-2023-5566'
-  tags: cve,wordpress,wp-plugin,smpl-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,smpl-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5567-01bea8ce6854ad71bd30075dcae56490.yaml b/nuclei-templates/2023/CVE-2023-5567-01bea8ce6854ad71bd30075dcae56490.yaml
index aacb5639ec..398cadb48b 100644
--- a/nuclei-templates/2023/CVE-2023-5567-01bea8ce6854ad71bd30075dcae56490.yaml
+++ b/nuclei-templates/2023/CVE-2023-5567-01bea8ce6854ad71bd30075dcae56490.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     QR Code Tag <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qr-code-tag/"
     google-query: inurl:"/wp-content/plugins/qr-code-tag/"
     shodan-query: 'vuln:CVE-2023-5567'
-  tags: cve,wordpress,wp-plugin,qr-code-tag,medium
+  tags: cve,wordpress,wp-plugin,qr-code-tag,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5577-d6f90ea934e0ed467a2133d2d162346d.yaml b/nuclei-templates/2023/CVE-2023-5577-d6f90ea934e0ed467a2133d2d162346d.yaml
index b9fa28087b..279f074b29 100644
--- a/nuclei-templates/2023/CVE-2023-5577-d6f90ea934e0ed467a2133d2d162346d.yaml
+++ b/nuclei-templates/2023/CVE-2023-5577-d6f90ea934e0ed467a2133d2d162346d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bitly's WordPress Plugin <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-bitly/"
     google-query: inurl:"/wp-content/plugins/wp-bitly/"
     shodan-query: 'vuln:CVE-2023-5577'
-  tags: cve,wordpress,wp-plugin,wp-bitly,medium
+  tags: cve,wordpress,wp-plugin,wp-bitly,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5583-49548450e8e603c888246b4324b9abfb.yaml b/nuclei-templates/2023/CVE-2023-5583-49548450e8e603c888246b4324b9abfb.yaml
index 9fb73cbd44..93aab4856a 100644
--- a/nuclei-templates/2023/CVE-2023-5583-49548450e8e603c888246b4324b9abfb.yaml
+++ b/nuclei-templates/2023/CVE-2023-5583-49548450e8e603c888246b4324b9abfb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Simple Galleries <= 1.34 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-simple-galleries/"
     google-query: inurl:"/wp-content/plugins/wp-simple-galleries/"
     shodan-query: 'vuln:CVE-2023-5583'
-  tags: cve,wordpress,wp-plugin,wp-simple-galleries,high
+  tags: cve,wordpress,wp-plugin,wp-simple-galleries,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5604-9f49ea16b14f6c2511df8453564cbeeb.yaml b/nuclei-templates/2023/CVE-2023-5604-9f49ea16b14f6c2511df8453564cbeeb.yaml
index 4d4091d88a..38279d33dd 100644
--- a/nuclei-templates/2023/CVE-2023-5604-9f49ea16b14f6c2511df8453564cbeeb.yaml
+++ b/nuclei-templates/2023/CVE-2023-5604-9f49ea16b14f6c2511df8453564cbeeb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Asgaros Forum <= 2.7.0 - Insufficient Authorization to Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Asgaros Forum plugin for WordPress is vulnerable to unauthorized control of the plugin's settings due to an insufficient capability check on the forum options update in all versions up to 2.7.1 (exclusive). This makes it possible for authenticated attackers, with administrator-level access and above, to modify the plugin's settings so that they can upload malicious PHP files that can be used for remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/asgaros-forum/"
     google-query: inurl:"/wp-content/plugins/asgaros-forum/"
     shodan-query: 'vuln:CVE-2023-5604'
-  tags: cve,wordpress,wp-plugin,asgaros-forum,medium
+  tags: cve,wordpress,wp-plugin,asgaros-forum,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5605-c2468d3ae2dd3b63e789f3e42f85078a.yaml b/nuclei-templates/2023/CVE-2023-5605-c2468d3ae2dd3b63e789f3e42f85078a.yaml
index 78041b5599..3eb10aabdd 100644
--- a/nuclei-templates/2023/CVE-2023-5605-c2468d3ae2dd3b63e789f3e42f85078a.yaml
+++ b/nuclei-templates/2023/CVE-2023-5605-c2468d3ae2dd3b63e789f3e42f85078a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     URL Shortify <= 1.7.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/url-shortify/"
     google-query: inurl:"/wp-content/plugins/url-shortify/"
     shodan-query: 'vuln:CVE-2023-5605'
-  tags: cve,wordpress,wp-plugin,url-shortify,medium
+  tags: cve,wordpress,wp-plugin,url-shortify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5606-dacff2143dd0506c8bdad1a273f67459.yaml b/nuclei-templates/2023/CVE-2023-5606-dacff2143dd0506c8bdad1a273f67459.yaml
index 46e1d7fa0b..810674dcef 100644
--- a/nuclei-templates/2023/CVE-2023-5606-dacff2143dd0506c8bdad1a273f67459.yaml
+++ b/nuclei-templates/2023/CVE-2023-5606-dacff2143dd0506c8bdad1a273f67459.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:CVE-2023-5606'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5613-a39aab4c2ab62bbbd835d18cf4082e05.yaml b/nuclei-templates/2023/CVE-2023-5613-a39aab4c2ab62bbbd835d18cf4082e05.yaml
index 9982a52019..b6f5931a75 100644
--- a/nuclei-templates/2023/CVE-2023-5613-a39aab4c2ab62bbbd835d18cf4082e05.yaml
+++ b/nuclei-templates/2023/CVE-2023-5613-a39aab4c2ab62bbbd835d18cf4082e05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Super Testimonials <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-testimonial/"
     google-query: inurl:"/wp-content/plugins/super-testimonial/"
     shodan-query: 'vuln:CVE-2023-5613'
-  tags: cve,wordpress,wp-plugin,super-testimonial,medium
+  tags: cve,wordpress,wp-plugin,super-testimonial,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5614-b4a41681eefe755efd70571167096dd9.yaml b/nuclei-templates/2023/CVE-2023-5614-b4a41681eefe755efd70571167096dd9.yaml
index 618869b9b0..1501b3c6eb 100644
--- a/nuclei-templates/2023/CVE-2023-5614-b4a41681eefe755efd70571167096dd9.yaml
+++ b/nuclei-templates/2023/CVE-2023-5614-b4a41681eefe755efd70571167096dd9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme Switcha <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-switcha/"
     google-query: inurl:"/wp-content/plugins/theme-switcha/"
     shodan-query: 'vuln:CVE-2023-5614'
-  tags: cve,wordpress,wp-plugin,theme-switcha,medium
+  tags: cve,wordpress,wp-plugin,theme-switcha,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5615-05ead7ef23623d246fc2b9a535b5761b.yaml b/nuclei-templates/2023/CVE-2023-5615-05ead7ef23623d246fc2b9a535b5761b.yaml
index e96972211a..c2aa97821b 100644
--- a/nuclei-templates/2023/CVE-2023-5615-05ead7ef23623d246fc2b9a535b5761b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5615-05ead7ef23623d246fc2b9a535b5761b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Skype Legacy Buttons <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/skype-online-status/"
     google-query: inurl:"/wp-content/plugins/skype-online-status/"
     shodan-query: 'vuln:CVE-2023-5615'
-  tags: cve,wordpress,wp-plugin,skype-online-status,medium
+  tags: cve,wordpress,wp-plugin,skype-online-status,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5618-2885ef88741e4fead832f53749584e1b.yaml b/nuclei-templates/2023/CVE-2023-5618-2885ef88741e4fead832f53749584e1b.yaml
index 866beacd11..81a52e5548 100644
--- a/nuclei-templates/2023/CVE-2023-5618-2885ef88741e4fead832f53749584e1b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5618-2885ef88741e4fead832f53749584e1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modern Footnotes <= 1.4.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-footnotes/"
     google-query: inurl:"/wp-content/plugins/modern-footnotes/"
     shodan-query: 'vuln:CVE-2023-5618'
-  tags: cve,wordpress,wp-plugin,modern-footnotes,medium
+  tags: cve,wordpress,wp-plugin,modern-footnotes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5621-f125bb3227f74edc5c60e8c9d6eb9da3.yaml b/nuclei-templates/2023/CVE-2023-5621-f125bb3227f74edc5c60e8c9d6eb9da3.yaml
index 82087e580a..d0d94660c4 100644
--- a/nuclei-templates/2023/CVE-2023-5621-f125bb3227f74edc5c60e8c9d6eb9da3.yaml
+++ b/nuclei-templates/2023/CVE-2023-5621-f125bb3227f74edc5c60e8c9d6eb9da3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thumbnail Slider With Lightbox <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Image Title
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-responsive-slider-with-lightbox/"
     google-query: inurl:"/wp-content/plugins/wp-responsive-slider-with-lightbox/"
     shodan-query: 'vuln:CVE-2023-5621'
-  tags: cve,wordpress,wp-plugin,wp-responsive-slider-with-lightbox,medium
+  tags: cve,wordpress,wp-plugin,wp-responsive-slider-with-lightbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5638-4281d6cbf86b1cb2ecab3675e42347ac.yaml b/nuclei-templates/2023/CVE-2023-5638-4281d6cbf86b1cb2ecab3675e42347ac.yaml
index 4d24b8f74b..a9fbf69345 100644
--- a/nuclei-templates/2023/CVE-2023-5638-4281d6cbf86b1cb2ecab3675e42347ac.yaml
+++ b/nuclei-templates/2023/CVE-2023-5638-4281d6cbf86b1cb2ecab3675e42347ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2023-5638'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5639-50a35a271362419338fef58cbfdfbd44.yaml b/nuclei-templates/2023/CVE-2023-5639-50a35a271362419338fef58cbfdfbd44.yaml
index aecc01a048..57c602e991 100644
--- a/nuclei-templates/2023/CVE-2023-5639-50a35a271362419338fef58cbfdfbd44.yaml
+++ b/nuclei-templates/2023/CVE-2023-5639-50a35a271362419338fef58cbfdfbd44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Team Showcase <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/team-showcase/"
     google-query: inurl:"/wp-content/plugins/team-showcase/"
     shodan-query: 'vuln:CVE-2023-5639'
-  tags: cve,wordpress,wp-plugin,team-showcase,medium
+  tags: cve,wordpress,wp-plugin,team-showcase,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5644-e4f7324bab65bcd3d88d8e669baede29.yaml b/nuclei-templates/2023/CVE-2023-5644-e4f7324bab65bcd3d88d8e669baede29.yaml
index 8d6645c95d..eefe4b5833 100644
--- a/nuclei-templates/2023/CVE-2023-5644-e4f7324bab65bcd3d88d8e669baede29.yaml
+++ b/nuclei-templates/2023/CVE-2023-5644-e4f7324bab65bcd3d88d8e669baede29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mail Log <= 1.1.2 - Incorrect Authorization to Authenticated (Contributor+) Data Viewing and Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Mail Log plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the check_permission() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with contributor-level access and above, to access REST routes that they should not have access to and delete data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-log/"
     google-query: inurl:"/wp-content/plugins/wp-mail-log/"
     shodan-query: 'vuln:CVE-2023-5644'
-  tags: cve,wordpress,wp-plugin,wp-mail-log,medium
+  tags: cve,wordpress,wp-plugin,wp-mail-log,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5645-74effda90864a740ff398e9c12c52b1c.yaml b/nuclei-templates/2023/CVE-2023-5645-74effda90864a740ff398e9c12c52b1c.yaml
index a20992e01c..ba646f0cb6 100644
--- a/nuclei-templates/2023/CVE-2023-5645-74effda90864a740ff398e9c12c52b1c.yaml
+++ b/nuclei-templates/2023/CVE-2023-5645-74effda90864a740ff398e9c12c52b1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mail Log <= 1.1.2 - Authenticated (Contributor+) SQL injection via key
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Mail Log plugin for WordPress is vulnerable to SQL Injection via the 'key'’ parameter in all versions up to, and including, 1.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-log/"
     google-query: inurl:"/wp-content/plugins/wp-mail-log/"
     shodan-query: 'vuln:CVE-2023-5645'
-  tags: cve,wordpress,wp-plugin,wp-mail-log,high
+  tags: cve,wordpress,wp-plugin,wp-mail-log,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5651-b9f4dda3ee3f676f0c301784c74a1eb5.yaml b/nuclei-templates/2023/CVE-2023-5651-b9f4dda3ee3f676f0c301784c74a1eb5.yaml
index 52811f4c66..c16b0f2c72 100644
--- a/nuclei-templates/2023/CVE-2023-5651-b9f4dda3ee3f676f0c301784c74a1eb5.yaml
+++ b/nuclei-templates/2023/CVE-2023-5651-b9f4dda3ee3f676f0c301784c74a1eb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Hotel Booking <= 2.0.7 - Missing Authorization to (Subscriber+) Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tp_extra_package_remove() function hooked via AJAX in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-hotel-booking/"
     google-query: inurl:"/wp-content/plugins/wp-hotel-booking/"
     shodan-query: 'vuln:CVE-2023-5651'
-  tags: cve,wordpress,wp-plugin,wp-hotel-booking,medium
+  tags: cve,wordpress,wp-plugin,wp-hotel-booking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5658-76a5d195529e4a00633fd456330950cc.yaml b/nuclei-templates/2023/CVE-2023-5658-76a5d195529e4a00633fd456330950cc.yaml
index 21a722abc3..6c015371f0 100644
--- a/nuclei-templates/2023/CVE-2023-5658-76a5d195529e4a00633fd456330950cc.yaml
+++ b/nuclei-templates/2023/CVE-2023-5658-76a5d195529e4a00633fd456330950cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP MapIt <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_mapit' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mapit/"
     google-query: inurl:"/wp-content/plugins/wp-mapit/"
     shodan-query: 'vuln:CVE-2023-5658'
-  tags: cve,wordpress,wp-plugin,wp-mapit,medium
+  tags: cve,wordpress,wp-plugin,wp-mapit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5659-8e5650d777bfcceefcb0d09b97742288.yaml b/nuclei-templates/2023/CVE-2023-5659-8e5650d777bfcceefcb0d09b97742288.yaml
index 8221e6ae88..ab87380e11 100644
--- a/nuclei-templates/2023/CVE-2023-5659-8e5650d777bfcceefcb0d09b97742288.yaml
+++ b/nuclei-templates/2023/CVE-2023-5659-8e5650d777bfcceefcb0d09b97742288.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Interact: Embed A Quiz On Your Site <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interact-quiz' shortcode in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interact-quiz-embed/"
     google-query: inurl:"/wp-content/plugins/interact-quiz-embed/"
     shodan-query: 'vuln:CVE-2023-5659'
-  tags: cve,wordpress,wp-plugin,interact-quiz-embed,medium
+  tags: cve,wordpress,wp-plugin,interact-quiz-embed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5660-359a63479caac5270f841c962366bff8.yaml b/nuclei-templates/2023/CVE-2023-5660-359a63479caac5270f841c962366bff8.yaml
index 8c638a17c7..2c2db2f8a2 100644
--- a/nuclei-templates/2023/CVE-2023-5660-359a63479caac5270f841c962366bff8.yaml
+++ b/nuclei-templates/2023/CVE-2023-5660-359a63479caac5270f841c962366bff8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SendPress Newsletters <= 1.22.3.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sendpress/"
     google-query: inurl:"/wp-content/plugins/sendpress/"
     shodan-query: 'vuln:CVE-2023-5660'
-  tags: cve,wordpress,wp-plugin,sendpress,medium
+  tags: cve,wordpress,wp-plugin,sendpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5661-0445d2e77118d710e79ad9b8b4807a1f.yaml b/nuclei-templates/2023/CVE-2023-5661-0445d2e77118d710e79ad9b8b4807a1f.yaml
index c26305e447..5263a1e345 100644
--- a/nuclei-templates/2023/CVE-2023-5661-0445d2e77118d710e79ad9b8b4807a1f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5661-0445d2e77118d710e79ad9b8b4807a1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Feed <= 1.5.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-facebook/"
     google-query: inurl:"/wp-content/plugins/add-facebook/"
     shodan-query: 'vuln:CVE-2023-5661'
-  tags: cve,wordpress,wp-plugin,add-facebook,medium
+  tags: cve,wordpress,wp-plugin,add-facebook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5662-6e76234b4d1dbafb645996466faffb64.yaml b/nuclei-templates/2023/CVE-2023-5662-6e76234b4d1dbafb645996466faffb64.yaml
index b621375336..2ebde8e774 100644
--- a/nuclei-templates/2023/CVE-2023-5662-6e76234b4d1dbafb645996466faffb64.yaml
+++ b/nuclei-templates/2023/CVE-2023-5662-6e76234b4d1dbafb645996466faffb64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sponsors <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-sponsors/"
     google-query: inurl:"/wp-content/plugins/wp-sponsors/"
     shodan-query: 'vuln:CVE-2023-5662'
-  tags: cve,wordpress,wp-plugin,wp-sponsors,medium
+  tags: cve,wordpress,wp-plugin,wp-sponsors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5663-433814dea51a33a792f1c14558ec0d69.yaml b/nuclei-templates/2023/CVE-2023-5663-433814dea51a33a792f1c14558ec0d69.yaml
index 06e249a04a..f6053fb86e 100644
--- a/nuclei-templates/2023/CVE-2023-5663-433814dea51a33a792f1c14558ec0d69.yaml
+++ b/nuclei-templates/2023/CVE-2023-5663-433814dea51a33a792f1c14558ec0d69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     News Announcement Scroll <= 9.0.0 -  Authenticated (Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/news-announcement-scroll/"
     google-query: inurl:"/wp-content/plugins/news-announcement-scroll/"
     shodan-query: 'vuln:CVE-2023-5663'
-  tags: cve,wordpress,wp-plugin,news-announcement-scroll,high
+  tags: cve,wordpress,wp-plugin,news-announcement-scroll,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5664-597aa63a54783e43984bca6c0a5bda16.yaml b/nuclei-templates/2023/CVE-2023-5664-597aa63a54783e43984bca6c0a5bda16.yaml
index ffd09982f2..4e6104ad7d 100644
--- a/nuclei-templates/2023/CVE-2023-5664-597aa63a54783e43984bca6c0a5bda16.yaml
+++ b/nuclei-templates/2023/CVE-2023-5664-597aa63a54783e43984bca6c0a5bda16.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Garden Gnome Package <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 2.2.7 and fully patched in version 2.2.9.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/garden-gnome-package/"
     google-query: inurl:"/wp-content/plugins/garden-gnome-package/"
     shodan-query: 'vuln:CVE-2023-5664'
-  tags: cve,wordpress,wp-plugin,garden-gnome-package,medium
+  tags: cve,wordpress,wp-plugin,garden-gnome-package,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5665-b7d244a1858960d6b7b8f5a6b3a02579.yaml b/nuclei-templates/2023/CVE-2023-5665-b7d244a1858960d6b7b8f5a6b3a02579.yaml
index 9314cd3be7..0710ecc171 100644
--- a/nuclei-templates/2023/CVE-2023-5665-b7d244a1858960d6b7b8f5a6b3a02579.yaml
+++ b/nuclei-templates/2023/CVE-2023-5665-b7d244a1858960d6b7b8f5a6b3a02579.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32130 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/payment-forms-for-paystack/"
     google-query: inurl:"/wp-content/plugins/payment-forms-for-paystack/"
     shodan-query: 'vuln:CVE-2023-5665'
-  tags: cve,wordpress,wp-plugin,payment-forms-for-paystack,medium
+  tags: cve,wordpress,wp-plugin,payment-forms-for-paystack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5666-5600898416ea4451dceafd9acde6424d.yaml b/nuclei-templates/2023/CVE-2023-5666-5600898416ea4451dceafd9acde6424d.yaml
index 13ce2dca65..7a5b3c2cd1 100644
--- a/nuclei-templates/2023/CVE-2023-5666-5600898416ea4451dceafd9acde6424d.yaml
+++ b/nuclei-templates/2023/CVE-2023-5666-5600898416ea4451dceafd9acde6424d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordion <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions-wp/"
     google-query: inurl:"/wp-content/plugins/accordions-wp/"
     shodan-query: 'vuln:CVE-2023-5666'
-  tags: cve,wordpress,wp-plugin,accordions-wp,medium
+  tags: cve,wordpress,wp-plugin,accordions-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5667-20d48d249a9d91a3d81b3c5c649e28eb.yaml b/nuclei-templates/2023/CVE-2023-5667-20d48d249a9d91a3d81b3c5c649e28eb.yaml
index 616fae8acf..23e0e43a01 100644
--- a/nuclei-templates/2023/CVE-2023-5667-20d48d249a9d91a3d81b3c5c649e28eb.yaml
+++ b/nuclei-templates/2023/CVE-2023-5667-20d48d249a9d91a3d81b3c5c649e28eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tab Ultimate <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tabs-pro/"
     google-query: inurl:"/wp-content/plugins/tabs-pro/"
     shodan-query: 'vuln:CVE-2023-5667'
-  tags: cve,wordpress,wp-plugin,tabs-pro,medium
+  tags: cve,wordpress,wp-plugin,tabs-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5668-35617caa27e1534d5543f128d4268283.yaml b/nuclei-templates/2023/CVE-2023-5668-35617caa27e1534d5543f128d4268283.yaml
index f2ce163b30..032fe3355a 100644
--- a/nuclei-templates/2023/CVE-2023-5668-35617caa27e1534d5543f128d4268283.yaml
+++ b/nuclei-templates/2023/CVE-2023-5668-35617caa27e1534d5543f128d4268283.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WhatsApp Share Button <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/whatsapp/"
     google-query: inurl:"/wp-content/plugins/whatsapp/"
     shodan-query: 'vuln:CVE-2023-5668'
-  tags: cve,wordpress,wp-plugin,whatsapp,medium
+  tags: cve,wordpress,wp-plugin,whatsapp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5669-b18da97ec3842241538c439eaed13219.yaml b/nuclei-templates/2023/CVE-2023-5669-b18da97ec3842241538c439eaed13219.yaml
index 10650ab71b..fec9c702da 100644
--- a/nuclei-templates/2023/CVE-2023-5669-b18da97ec3842241538c439eaed13219.yaml
+++ b/nuclei-templates/2023/CVE-2023-5669-b18da97ec3842241538c439eaed13219.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Featured Image Caption <= 0.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/featured-image-caption/"
     google-query: inurl:"/wp-content/plugins/featured-image-caption/"
     shodan-query: 'vuln:CVE-2023-5669'
-  tags: cve,wordpress,wp-plugin,featured-image-caption,medium
+  tags: cve,wordpress,wp-plugin,featured-image-caption,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5672-8be88bbbbf187ed081686352f66fd170.yaml b/nuclei-templates/2023/CVE-2023-5672-8be88bbbbf187ed081686352f66fd170.yaml
index d89172d6ff..db24a6c409 100644
--- a/nuclei-templates/2023/CVE-2023-5672-8be88bbbbf187ed081686352f66fd170.yaml
+++ b/nuclei-templates/2023/CVE-2023-5672-8be88bbbbf187ed081686352f66fd170.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mail Log <= 1.1.2 - Authenticated (Contributor+) Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Mail Log plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.1.2 via the includeAttachment parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to include and read arbitrary files on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-log/"
     google-query: inurl:"/wp-content/plugins/wp-mail-log/"
     shodan-query: 'vuln:CVE-2023-5672'
-  tags: cve,wordpress,wp-plugin,wp-mail-log,medium
+  tags: cve,wordpress,wp-plugin,wp-mail-log,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5674-95ff4ff837620d6ea480a2d73422a590.yaml b/nuclei-templates/2023/CVE-2023-5674-95ff4ff837620d6ea480a2d73422a590.yaml
index 6c8bfa9969..b1263ff426 100644
--- a/nuclei-templates/2023/CVE-2023-5674-95ff4ff837620d6ea480a2d73422a590.yaml
+++ b/nuclei-templates/2023/CVE-2023-5674-95ff4ff837620d6ea480a2d73422a590.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mail Log <= 1.1.2 - Authenticated (Contributor+) SQL Injection via id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Mail Log plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for contributor and higher users to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-log/"
     google-query: inurl:"/wp-content/plugins/wp-mail-log/"
     shodan-query: 'vuln:CVE-2023-5674'
-  tags: cve,wordpress,wp-plugin,wp-mail-log,high
+  tags: cve,wordpress,wp-plugin,wp-mail-log,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5691-fdf2ccd0e27bd38fe570f70f1b82c105.yaml b/nuclei-templates/2023/CVE-2023-5691-fdf2ccd0e27bd38fe570f70f1b82c105.yaml
index 3d2e39d7a4..270cb40dc8 100644
--- a/nuclei-templates/2023/CVE-2023-5691-fdf2ccd0e27bd38fe570f70f1b82c105.yaml
+++ b/nuclei-templates/2023/CVE-2023-5691-fdf2ccd0e27bd38fe570f70f1b82c105.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chatbot for WordPress <= 2.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/collectchat/"
     google-query: inurl:"/wp-content/plugins/collectchat/"
     shodan-query: 'vuln:CVE-2023-5691'
-  tags: cve,wordpress,wp-plugin,collectchat,medium
+  tags: cve,wordpress,wp-plugin,collectchat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5703-a045ed71aa954e6a2d839e45661eb192.yaml b/nuclei-templates/2023/CVE-2023-5703-a045ed71aa954e6a2d839e45661eb192.yaml
index f541367ec6..b2ae32e791 100644
--- a/nuclei-templates/2023/CVE-2023-5703-a045ed71aa954e6a2d839e45661eb192.yaml
+++ b/nuclei-templates/2023/CVE-2023-5703-a045ed71aa954e6a2d839e45661eb192.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gift Up Gift Cards for WordPress and WooCommerce <= 2.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gift-up/"
     google-query: inurl:"/wp-content/plugins/gift-up/"
     shodan-query: 'vuln:CVE-2023-5703'
-  tags: cve,wordpress,wp-plugin,gift-up,medium
+  tags: cve,wordpress,wp-plugin,gift-up,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5704-95b40623fcd88a0f55eead954c03a159.yaml b/nuclei-templates/2023/CVE-2023-5704-95b40623fcd88a0f55eead954c03a159.yaml
index 7f9f2935f0..fb09852112 100644
--- a/nuclei-templates/2023/CVE-2023-5704-95b40623fcd88a0f55eead954c03a159.yaml
+++ b/nuclei-templates/2023/CVE-2023-5704-95b40623fcd88a0f55eead954c03a159.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CPO Shortcodes <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cpo-shortcodes/"
     google-query: inurl:"/wp-content/plugins/cpo-shortcodes/"
     shodan-query: 'vuln:CVE-2023-5704'
-  tags: cve,wordpress,wp-plugin,cpo-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,cpo-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5705-0ade74287dacdefe3e19153b1abafe0f.yaml b/nuclei-templates/2023/CVE-2023-5705-0ade74287dacdefe3e19153b1abafe0f.yaml
index 0f9f7dc2ec..5d98032d8d 100644
--- a/nuclei-templates/2023/CVE-2023-5705-0ade74287dacdefe3e19153b1abafe0f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5705-0ade74287dacdefe3e19153b1abafe0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK Filter Search <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vk-filter-search/"
     google-query: inurl:"/wp-content/plugins/vk-filter-search/"
     shodan-query: 'vuln:CVE-2023-5705'
-  tags: cve,wordpress,wp-plugin,vk-filter-search,medium
+  tags: cve,wordpress,wp-plugin,vk-filter-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5706-768fa7749718c2471763f91755f4694f.yaml b/nuclei-templates/2023/CVE-2023-5706-768fa7749718c2471763f91755f4694f.yaml
index 09871abde2..025f782d4e 100644
--- a/nuclei-templates/2023/CVE-2023-5706-768fa7749718c2471763f91755f4694f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5706-768fa7749718c2471763f91755f4694f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK Blocks <= 1.63.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vk-blocks/"
     google-query: inurl:"/wp-content/plugins/vk-blocks/"
     shodan-query: 'vuln:CVE-2023-5706'
-  tags: cve,wordpress,wp-plugin,vk-blocks,medium
+  tags: cve,wordpress,wp-plugin,vk-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5707-afa388cb5079dcd3f29d050e7cf600e7.yaml b/nuclei-templates/2023/CVE-2023-5707-afa388cb5079dcd3f29d050e7cf600e7.yaml
index 402a04403b..96d8bd0145 100644
--- a/nuclei-templates/2023/CVE-2023-5707-afa388cb5079dcd3f29d050e7cf600e7.yaml
+++ b/nuclei-templates/2023/CVE-2023-5707-afa388cb5079dcd3f29d050e7cf600e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Slider <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-slider/"
     google-query: inurl:"/wp-content/plugins/seo-slider/"
     shodan-query: 'vuln:CVE-2023-5707'
-  tags: cve,wordpress,wp-plugin,seo-slider,medium
+  tags: cve,wordpress,wp-plugin,seo-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5708-2e27bbe1226fc43e3aceee610de45550.yaml b/nuclei-templates/2023/CVE-2023-5708-2e27bbe1226fc43e3aceee610de45550.yaml
index 42274dc5d2..bff4ebe7e9 100644
--- a/nuclei-templates/2023/CVE-2023-5708-2e27bbe1226fc43e3aceee610de45550.yaml
+++ b/nuclei-templates/2023/CVE-2023-5708-2e27bbe1226fc43e3aceee610de45550.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Post Columns <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-post-columns/"
     google-query: inurl:"/wp-content/plugins/wp-post-columns/"
     shodan-query: 'vuln:CVE-2023-5708'
-  tags: cve,wordpress,wp-plugin,wp-post-columns,medium
+  tags: cve,wordpress,wp-plugin,wp-post-columns,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5709-b5c74375abda0734f64c322204bc8108.yaml b/nuclei-templates/2023/CVE-2023-5709-b5c74375abda0734f64c322204bc8108.yaml
index dac60e1b61..5cadeb2b33 100644
--- a/nuclei-templates/2023/CVE-2023-5709-b5c74375abda0734f64c322204bc8108.yaml
+++ b/nuclei-templates/2023/CVE-2023-5709-b5c74375abda0734f64c322204bc8108.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WD WidgetTwitter <= 1.0.9 -  Authenticated (Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-twitter/"
     google-query: inurl:"/wp-content/plugins/widget-twitter/"
     shodan-query: 'vuln:CVE-2023-5709'
-  tags: cve,wordpress,wp-plugin,widget-twitter,high
+  tags: cve,wordpress,wp-plugin,widget-twitter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5710-6d13564fb4f4f025b03f3bb2e7eff230.yaml b/nuclei-templates/2023/CVE-2023-5710-6d13564fb4f4f025b03f3bb2e7eff230.yaml
index 341c337190..7f40f1253f 100644
--- a/nuclei-templates/2023/CVE-2023-5710-6d13564fb4f4f025b03f3bb2e7eff230.yaml
+++ b/nuclei-templates/2023/CVE-2023-5710-6d13564fb4f4f025b03f3bb2e7eff230.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_constants)
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/system-dashboard/"
     google-query: inurl:"/wp-content/plugins/system-dashboard/"
     shodan-query: 'vuln:CVE-2023-5710'
-  tags: cve,wordpress,wp-plugin,system-dashboard,medium
+  tags: cve,wordpress,wp-plugin,system-dashboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5711-50be407197651ee72b3d338a1eac693d.yaml b/nuclei-templates/2023/CVE-2023-5711-50be407197651ee72b3d338a1eac693d.yaml
index 70d0ef8f78..366a923600 100644
--- a/nuclei-templates/2023/CVE-2023-5711-50be407197651ee72b3d338a1eac693d.yaml
+++ b/nuclei-templates/2023/CVE-2023-5711-50be407197651ee72b3d338a1eac693d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     System Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/system-dashboard/"
     google-query: inurl:"/wp-content/plugins/system-dashboard/"
     shodan-query: 'vuln:CVE-2023-5711'
-  tags: cve,wordpress,wp-plugin,system-dashboard,medium
+  tags: cve,wordpress,wp-plugin,system-dashboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5712-d08dba75a00314181a7ea312016fdabc.yaml b/nuclei-templates/2023/CVE-2023-5712-d08dba75a00314181a7ea312016fdabc.yaml
index c8a627e3bd..5a7b279df9 100644
--- a/nuclei-templates/2023/CVE-2023-5712-d08dba75a00314181a7ea312016fdabc.yaml
+++ b/nuclei-templates/2023/CVE-2023-5712-d08dba75a00314181a7ea312016fdabc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value)
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/system-dashboard/"
     google-query: inurl:"/wp-content/plugins/system-dashboard/"
     shodan-query: 'vuln:CVE-2023-5712'
-  tags: cve,wordpress,wp-plugin,system-dashboard,medium
+  tags: cve,wordpress,wp-plugin,system-dashboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5713-00f8b2060d8c742440ee6fd7c2090104.yaml b/nuclei-templates/2023/CVE-2023-5713-00f8b2060d8c742440ee6fd7c2090104.yaml
index a7e744e8c5..ac32649bca 100644
--- a/nuclei-templates/2023/CVE-2023-5713-00f8b2060d8c742440ee6fd7c2090104.yaml
+++ b/nuclei-templates/2023/CVE-2023-5713-00f8b2060d8c742440ee6fd7c2090104.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/system-dashboard/"
     google-query: inurl:"/wp-content/plugins/system-dashboard/"
     shodan-query: 'vuln:CVE-2023-5713'
-  tags: cve,wordpress,wp-plugin,system-dashboard,medium
+  tags: cve,wordpress,wp-plugin,system-dashboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5714-6bb233f728b21686bbc5b5d256c952f1.yaml b/nuclei-templates/2023/CVE-2023-5714-6bb233f728b21686bbc5b5d256c952f1.yaml
index 2f799f14a0..df735dbf2b 100644
--- a/nuclei-templates/2023/CVE-2023-5714-6bb233f728b21686bbc5b5d256c952f1.yaml
+++ b/nuclei-templates/2023/CVE-2023-5714-6bb233f728b21686bbc5b5d256c952f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs)
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/system-dashboard/"
     google-query: inurl:"/wp-content/plugins/system-dashboard/"
     shodan-query: 'vuln:CVE-2023-5714'
-  tags: cve,wordpress,wp-plugin,system-dashboard,medium
+  tags: cve,wordpress,wp-plugin,system-dashboard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5715-2c3170861d7bd02e32a5482d1f26ddd0.yaml b/nuclei-templates/2023/CVE-2023-5715-2c3170861d7bd02e32a5482d1f26ddd0.yaml
index c5ef8a4b7d..16b0b19199 100644
--- a/nuclei-templates/2023/CVE-2023-5715-2c3170861d7bd02e32a5482d1f26ddd0.yaml
+++ b/nuclei-templates/2023/CVE-2023-5715-2c3170861d7bd02e32a5482d1f26ddd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Website Optimization – Plerdy <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/plerdy-heatmap/"
     google-query: inurl:"/wp-content/plugins/plerdy-heatmap/"
     shodan-query: 'vuln:CVE-2023-5715'
-  tags: cve,wordpress,wp-plugin,plerdy-heatmap,medium
+  tags: cve,wordpress,wp-plugin,plerdy-heatmap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5737-9cffec44ea772b6c67672a3ffd4bf0f4.yaml b/nuclei-templates/2023/CVE-2023-5737-9cffec44ea772b6c67672a3ffd4bf0f4.yaml
index fa773a4224..d82897f8f3 100644
--- a/nuclei-templates/2023/CVE-2023-5737-9cffec44ea772b6c67672a3ffd4bf0f4.yaml
+++ b/nuclei-templates/2023/CVE-2023-5737-9cffec44ea772b6c67672a3ffd4bf0f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Backup & Migration <= 1.4.3 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_save_import_settings function in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform a settings update. CVE-2023-52183 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-migration-duplicator/"
     google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/"
     shodan-query: 'vuln:CVE-2023-5737'
-  tags: cve,wordpress,wp-plugin,wp-migration-duplicator,medium
+  tags: cve,wordpress,wp-plugin,wp-migration-duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5738-4b9b30de695a6c7d318c6f418b6450d0.yaml b/nuclei-templates/2023/CVE-2023-5738-4b9b30de695a6c7d318c6f418b6450d0.yaml
index 55bfa3627b..20c745929b 100644
--- a/nuclei-templates/2023/CVE-2023-5738-4b9b30de695a6c7d318c6f418b6450d0.yaml
+++ b/nuclei-templates/2023/CVE-2023-5738-4b9b30de695a6c7d318c6f418b6450d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Backup & Migration <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Backup & Migration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 1.4.4, but still allowed exploitation by authenticated attackers with administrator-level permissions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-migration-duplicator/"
     google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/"
     shodan-query: 'vuln:CVE-2023-5738'
-  tags: cve,wordpress,wp-plugin,wp-migration-duplicator,medium
+  tags: cve,wordpress,wp-plugin,wp-migration-duplicator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5740-e11138180e51155554e951dfca6551c2.yaml b/nuclei-templates/2023/CVE-2023-5740-e11138180e51155554e951dfca6551c2.yaml
index 171a18695d..e4efc549e8 100644
--- a/nuclei-templates/2023/CVE-2023-5740-e11138180e51155554e951dfca6551c2.yaml
+++ b/nuclei-templates/2023/CVE-2023-5740-e11138180e51155554e951dfca6551c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Live Chat with Facebook Messenger <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-facebook-messenger/"
     google-query: inurl:"/wp-content/plugins/wp-facebook-messenger/"
     shodan-query: 'vuln:CVE-2023-5740'
-  tags: cve,wordpress,wp-plugin,wp-facebook-messenger,medium
+  tags: cve,wordpress,wp-plugin,wp-facebook-messenger,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5741-eda45ed9fd55d54d8bc8631b38650581.yaml b/nuclei-templates/2023/CVE-2023-5741-eda45ed9fd55d54d8bc8631b38650581.yaml
index f5a77f581c..51fc0b71ff 100644
--- a/nuclei-templates/2023/CVE-2023-5741-eda45ed9fd55d54d8bc8631b38650581.yaml
+++ b/nuclei-templates/2023/CVE-2023-5741-eda45ed9fd55d54d8bc8631b38650581.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     POWR <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powr-pack/"
     google-query: inurl:"/wp-content/plugins/powr-pack/"
     shodan-query: 'vuln:CVE-2023-5741'
-  tags: cve,wordpress,wp-plugin,powr-pack,medium
+  tags: cve,wordpress,wp-plugin,powr-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5742-078c8808dfcbfebd119f13a67915c352.yaml b/nuclei-templates/2023/CVE-2023-5742-078c8808dfcbfebd119f13a67915c352.yaml
index d3b63b2b64..6a185026bd 100644
--- a/nuclei-templates/2023/CVE-2023-5742-078c8808dfcbfebd119f13a67915c352.yaml
+++ b/nuclei-templates/2023/CVE-2023-5742-078c8808dfcbfebd119f13a67915c352.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EasyRotator for WordPress <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easyrotator-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/easyrotator-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-5742'
-  tags: cve,wordpress,wp-plugin,easyrotator-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,easyrotator-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5743-a6d339b3bc08ee880c9c68cfd52a0937.yaml b/nuclei-templates/2023/CVE-2023-5743-a6d339b3bc08ee880c9c68cfd52a0937.yaml
index 87ed7147ca..ec4fd2caac 100644
--- a/nuclei-templates/2023/CVE-2023-5743-a6d339b3bc08ee880c9c68cfd52a0937.yaml
+++ b/nuclei-templates/2023/CVE-2023-5743-a6d339b3bc08ee880c9c68cfd52a0937.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Telephone Number Linker <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/telephone-number-linker/"
     google-query: inurl:"/wp-content/plugins/telephone-number-linker/"
     shodan-query: 'vuln:CVE-2023-5743'
-  tags: cve,wordpress,wp-plugin,telephone-number-linker,medium
+  tags: cve,wordpress,wp-plugin,telephone-number-linker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5744-3937fc851cb1ff4a5bb8e086fcf8881e.yaml b/nuclei-templates/2023/CVE-2023-5744-3937fc851cb1ff4a5bb8e086fcf8881e.yaml
index b5d2b54186..deafbc083d 100644
--- a/nuclei-templates/2023/CVE-2023-5744-3937fc851cb1ff4a5bb8e086fcf8881e.yaml
+++ b/nuclei-templates/2023/CVE-2023-5744-3937fc851cb1ff4a5bb8e086fcf8881e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Very Simple Google Maps <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/very-simple-google-maps/"
     google-query: inurl:"/wp-content/plugins/very-simple-google-maps/"
     shodan-query: 'vuln:CVE-2023-5744'
-  tags: cve,wordpress,wp-plugin,very-simple-google-maps,medium
+  tags: cve,wordpress,wp-plugin,very-simple-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5745-ccb9140dfd14809f1b9eb83224f5c145.yaml b/nuclei-templates/2023/CVE-2023-5745-ccb9140dfd14809f1b9eb83224f5c145.yaml
index 5728cc3b14..cb331950e3 100644
--- a/nuclei-templates/2023/CVE-2023-5745-ccb9140dfd14809f1b9eb83224f5c145.yaml
+++ b/nuclei-templates/2023/CVE-2023-5745-ccb9140dfd14809f1b9eb83224f5c145.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Reusable Text Blocks <= 1.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reusable-text-blocks/"
     google-query: inurl:"/wp-content/plugins/reusable-text-blocks/"
     shodan-query: 'vuln:CVE-2023-5745'
-  tags: cve,wordpress,wp-plugin,reusable-text-blocks,medium
+  tags: cve,wordpress,wp-plugin,reusable-text-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5757-91cfe4c5d855055ec913db3b32084f9f.yaml b/nuclei-templates/2023/CVE-2023-5757-91cfe4c5d855055ec913db3b32084f9f.yaml
index 9929a54130..1e19280a0d 100644
--- a/nuclei-templates/2023/CVE-2023-5757-91cfe4c5d855055ec913db3b32084f9f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5757-91cfe4c5d855055ec913db3b32084f9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Crowdfunding <= 2.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-crowdfunding/"
     google-query: inurl:"/wp-content/plugins/wp-crowdfunding/"
     shodan-query: 'vuln:CVE-2023-5757'
-  tags: cve,wordpress,wp-plugin,wp-crowdfunding,medium
+  tags: cve,wordpress,wp-plugin,wp-crowdfunding,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5761-106e6826f0718372efc6e503171c8663.yaml b/nuclei-templates/2023/CVE-2023-5761-106e6826f0718372efc6e503171c8663.yaml
index aaf7ae9722..2a3d9d33e8 100644
--- a/nuclei-templates/2023/CVE-2023-5761-106e6826f0718372efc6e503171c8663.yaml
+++ b/nuclei-templates/2023/CVE-2023-5761-106e6826f0718372efc6e503171c8663.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2023-5761
   metadata:
-    fofa-query: "wp-content/plugins/burst-statistics/"
-    google-query: inurl:"/wp-content/plugins/burst-statistics/"
+    fofa-query: "wp-content/plugins/burst-pro/"
+    google-query: inurl:"/wp-content/plugins/burst-pro/"
     shodan-query: 'vuln:CVE-2023-5761'
-  tags: cve,wordpress,wp-plugin,burst-statistics,critical
+  tags: cve,wordpress,wp-plugin,burst-pro,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/burst-statistics/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/burst-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "burst-statistics"
+          - "burst-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '>= 1.4.0', '<= 1.4.6.1')
\ No newline at end of file
+          - compare_versions(version, '>= 1.4.0', '<= 1.5.0')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-5762-3978ba038f6fabf500896400bafac46f.yaml b/nuclei-templates/2023/CVE-2023-5762-3978ba038f6fabf500896400bafac46f.yaml
index 5bff05bfcd..8b94699f73 100644
--- a/nuclei-templates/2023/CVE-2023-5762-3978ba038f6fabf500896400bafac46f.yaml
+++ b/nuclei-templates/2023/CVE-2023-5762-3978ba038f6fabf500896400bafac46f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Filr – Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Filr – Secure document library plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.2.3.5 (inclusive). This makes it possible for authenticated attackers, with author-level or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filr-protection/"
     google-query: inurl:"/wp-content/plugins/filr-protection/"
     shodan-query: 'vuln:CVE-2023-5762'
-  tags: cve,wordpress,wp-plugin,filr-protection,high
+  tags: cve,wordpress,wp-plugin,filr-protection,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5774-4187eb8bb2c5fe78d6c93246f1bd60b8.yaml b/nuclei-templates/2023/CVE-2023-5774-4187eb8bb2c5fe78d6c93246f1bd60b8.yaml
index 30cdbac0b7..86eb7edc50 100644
--- a/nuclei-templates/2023/CVE-2023-5774-4187eb8bb2c5fe78d6c93246f1bd60b8.yaml
+++ b/nuclei-templates/2023/CVE-2023-5774-4187eb8bb2c5fe78d6c93246f1bd60b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Animated Counters <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/animated-counters/"
     google-query: inurl:"/wp-content/plugins/animated-counters/"
     shodan-query: 'vuln:CVE-2023-5774'
-  tags: cve,wordpress,wp-plugin,animated-counters,medium
+  tags: cve,wordpress,wp-plugin,animated-counters,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5798-c365c40f61838d38a40469cd2e67b28b.yaml b/nuclei-templates/2023/CVE-2023-5798-c365c40f61838d38a40469cd2e67b28b.yaml
index 07c6fc2161..3701f32001 100644
--- a/nuclei-templates/2023/CVE-2023-5798-c365c40f61838d38a40469cd2e67b28b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5798-c365c40f61838d38a40469cd2e67b28b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Assistant <= 1.4.3 -  Authenticated (Editor+) Server Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Assistant plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.4.3 via the /posts/(?P<id>\d+)/library/(?P<library_id>\d+) REST API endpoint. This can allow authenticated attackers, with editor-level capabilities and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/assistant/"
     google-query: inurl:"/wp-content/plugins/assistant/"
     shodan-query: 'vuln:CVE-2023-5798'
-  tags: cve,wordpress,wp-plugin,assistant,medium
+  tags: cve,wordpress,wp-plugin,assistant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5809-248e31ef2c55014a53d3afdb1f6ae07b.yaml b/nuclei-templates/2023/CVE-2023-5809-248e31ef2c55014a53d3afdb1f6ae07b.yaml
index bbfe2957c0..d06eafb99f 100644
--- a/nuclei-templates/2023/CVE-2023-5809-248e31ef2c55014a53d3afdb1f6ae07b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5809-248e31ef2c55014a53d3afdb1f6ae07b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 3.8.7 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-popup-box/"
     google-query: inurl:"/wp-content/plugins/ays-popup-box/"
     shodan-query: 'vuln:CVE-2023-5809'
-  tags: cve,wordpress,wp-plugin,ays-popup-box,medium
+  tags: cve,wordpress,wp-plugin,ays-popup-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5815-940c3e462fa88340681bbbfe05c2ceb9.yaml b/nuclei-templates/2023/CVE-2023-5815-940c3e462fa88340681bbbfe05c2ceb9.yaml
index 5a51025e24..2ec187ea1a 100644
--- a/nuclei-templates/2023/CVE-2023-5815-940c3e462fa88340681bbbfe05c2ceb9.yaml
+++ b/nuclei-templates/2023/CVE-2023-5815-940c3e462fa88340681bbbfe05c2ceb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     News & Blog Designer Pack – WordPress Blog Plugin  <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog-designer-pack/"
     google-query: inurl:"/wp-content/plugins/blog-designer-pack/"
     shodan-query: 'vuln:CVE-2023-5815'
-  tags: cve,wordpress,wp-plugin,blog-designer-pack,high
+  tags: cve,wordpress,wp-plugin,blog-designer-pack,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5817-f3d8bdcc3c7e14d05b34d12f8fc7e52b.yaml b/nuclei-templates/2023/CVE-2023-5817-f3d8bdcc3c7e14d05b34d12f8fc7e52b.yaml
index c31022b651..270c7c4d5e 100644
--- a/nuclei-templates/2023/CVE-2023-5817-f3d8bdcc3c7e14d05b34d12f8fc7e52b.yaml
+++ b/nuclei-templates/2023/CVE-2023-5817-f3d8bdcc3c7e14d05b34d12f8fc7e52b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Neon text <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/neon-text/"
     google-query: inurl:"/wp-content/plugins/neon-text/"
     shodan-query: 'vuln:CVE-2023-5817'
-  tags: cve,wordpress,wp-plugin,neon-text,medium
+  tags: cve,wordpress,wp-plugin,neon-text,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5819-0b5a4c4a0addd6f794e40840ce70fde3.yaml b/nuclei-templates/2023/CVE-2023-5819-0b5a4c4a0addd6f794e40840ce70fde3.yaml
index f68fbab8f2..831bb397a4 100644
--- a/nuclei-templates/2023/CVE-2023-5819-0b5a4c4a0addd6f794e40840ce70fde3.yaml
+++ b/nuclei-templates/2023/CVE-2023-5819-0b5a4c4a0addd6f794e40840ce70fde3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Amazonify <= 0.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. However, please note that this can also be combined with CVE-2023-5818 for CSRF to XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amazonify/"
     google-query: inurl:"/wp-content/plugins/amazonify/"
     shodan-query: 'vuln:CVE-2023-5819'
-  tags: cve,wordpress,wp-plugin,amazonify,medium
+  tags: cve,wordpress,wp-plugin,amazonify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5820-25a9f7730c5842083500e9e166082efc.yaml b/nuclei-templates/2023/CVE-2023-5820-25a9f7730c5842083500e9e166082efc.yaml
index 98556f6aa3..d46d41ba17 100644
--- a/nuclei-templates/2023/CVE-2023-5820-25a9f7730c5842083500e9e166082efc.yaml
+++ b/nuclei-templates/2023/CVE-2023-5820-25a9f7730c5842083500e9e166082efc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thumbnail Slider With Lightbox <= 1.0 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-responsive-slider-with-lightbox/"
     google-query: inurl:"/wp-content/plugins/wp-responsive-slider-with-lightbox/"
     shodan-query: 'vuln:CVE-2023-5820'
-  tags: cve,wordpress,wp-plugin,wp-responsive-slider-with-lightbox,high
+  tags: cve,wordpress,wp-plugin,wp-responsive-slider-with-lightbox,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5822-230e494196dc43c26e1062437fc400cf.yaml b/nuclei-templates/2023/CVE-2023-5822-230e494196dc43c26e1062437fc400cf.yaml
index 61e1d554e3..c7f3c6387f 100644
--- a/nuclei-templates/2023/CVE-2023-5822-230e494196dc43c26e1062437fc400cf.yaml
+++ b/nuclei-templates/2023/CVE-2023-5822-230e494196dc43c26e1062437fc400cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/"
     shodan-query: 'vuln:CVE-2023-5822'
-  tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-contact-form-7,high
+  tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-contact-form-7,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5823-0439b5ba8ec01f6ad565e8fbfefdff7e.yaml b/nuclei-templates/2023/CVE-2023-5823-0439b5ba8ec01f6ad565e8fbfefdff7e.yaml
index 05f18c5ad5..cc18ee7a4c 100644
--- a/nuclei-templates/2023/CVE-2023-5823-0439b5ba8ec01f6ad565e8fbfefdff7e.yaml
+++ b/nuclei-templates/2023/CVE-2023-5823-0439b5ba8ec01f6ad565e8fbfefdff7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TK Google Fonts GDPR Compliant <= 2.2.11 - Missing Authorization to Font Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TK Google Fonts GDPR Compliant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tk_google_fonts_delete_font function in all versions up to, and including, 2.2.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to deelete arbitrary Google fonts. We believe CVE-2023-5823 may be misreported as a CSRF as there is no nonce check that was added in 2.2.12, but instead a capability check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tk-google-fonts/"
     google-query: inurl:"/wp-content/plugins/tk-google-fonts/"
     shodan-query: 'vuln:CVE-2023-5823'
-  tags: cve,wordpress,wp-plugin,tk-google-fonts,medium
+  tags: cve,wordpress,wp-plugin,tk-google-fonts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5823-75dc3c235e29287a43892beb13ca3ae4.yaml b/nuclei-templates/2023/CVE-2023-5823-75dc3c235e29287a43892beb13ca3ae4.yaml
index eb020c7e84..dd9831af89 100644
--- a/nuclei-templates/2023/CVE-2023-5823-75dc3c235e29287a43892beb13ca3ae4.yaml
+++ b/nuclei-templates/2023/CVE-2023-5823-75dc3c235e29287a43892beb13ca3ae4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TK Google Fonts GDPR Compliant <= 2.2.11 - Missing Authorization to Font Addition
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TK Google Fonts GDPR Compliant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tk_google_fonts_add_font function in all versions up to, and including, 2.2.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add arbitrary Google fonts. We believe CVE-2023-5823 may be misreported as a CSRF as there is no nonce check that was added in 2.2.12, but instead a capability check.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tk-google-fonts/"
     google-query: inurl:"/wp-content/plugins/tk-google-fonts/"
     shodan-query: 'vuln:CVE-2023-5823'
-  tags: cve,wordpress,wp-plugin,tk-google-fonts,medium
+  tags: cve,wordpress,wp-plugin,tk-google-fonts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5860-cecbfeb5d8e878e2a09fb45c42f38adc.yaml b/nuclei-templates/2023/CVE-2023-5860-cecbfeb5d8e878e2a09fb45c42f38adc.yaml
index a94fe960cd..0e5260ea7b 100644
--- a/nuclei-templates/2023/CVE-2023-5860-cecbfeb5d8e878e2a09fb45c42f38adc.yaml
+++ b/nuclei-templates/2023/CVE-2023-5860-cecbfeb5d8e878e2a09fb45c42f38adc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icons-font-loader/"
     google-query: inurl:"/wp-content/plugins/icons-font-loader/"
     shodan-query: 'vuln:CVE-2023-5860'
-  tags: cve,wordpress,wp-plugin,icons-font-loader,high
+  tags: cve,wordpress,wp-plugin,icons-font-loader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5874-838e3be64c22dc1203b2c46a22794d70.yaml b/nuclei-templates/2023/CVE-2023-5874-838e3be64c22dc1203b2c46a22794d70.yaml
index 14b2319a67..c42f951263 100644
--- a/nuclei-templates/2023/CVE-2023-5874-838e3be64c22dc1203b2c46a22794d70.yaml
+++ b/nuclei-templates/2023/CVE-2023-5874-838e3be64c22dc1203b2c46a22794d70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 3.8.7 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-popup-box/"
     google-query: inurl:"/wp-content/plugins/ays-popup-box/"
     shodan-query: 'vuln:CVE-2023-5874'
-  tags: cve,wordpress,wp-plugin,ays-popup-box,medium
+  tags: cve,wordpress,wp-plugin,ays-popup-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5882-54815dfa4753d9cdf9883b354532f577.yaml b/nuclei-templates/2023/CVE-2023-5882-54815dfa4753d9cdf9883b354532f577.yaml
index ae4de7d5e9..6bd6f1634e 100644
--- a/nuclei-templates/2023/CVE-2023-5882-54815dfa4753d9cdf9883b354532f577.yaml
+++ b/nuclei-templates/2023/CVE-2023-5882-54815dfa4753d9cdf9883b354532f577.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Cross-Site Request Forgery to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Export any WordPress data to XML/CSV plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.4.1, and in versions up to 1.8.6 in the PRO version. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2023-5882
   metadata:
-    fofa-query: "wp-content/plugins/wp-all-export-pro/"
-    google-query: inurl:"/wp-content/plugins/wp-all-export-pro/"
+    fofa-query: "wp-content/plugins/wp-all-export/"
+    google-query: inurl:"/wp-content/plugins/wp-all-export/"
     shodan-query: 'vuln:CVE-2023-5882'
-  tags: cve,wordpress,wp-plugin,wp-all-export-pro,high
+  tags: cve,wordpress,wp-plugin,wp-all-export,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-all-export-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-all-export/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wp-all-export-pro"
+          - "wp-all-export"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.8.6')
\ No newline at end of file
+          - compare_versions(version, '< 1.4.1')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-5886-a04852934ccd4497c8403afda3917aa6.yaml b/nuclei-templates/2023/CVE-2023-5886-a04852934ccd4497c8403afda3917aa6.yaml
index bdf45c7e77..9379c832a0 100644
--- a/nuclei-templates/2023/CVE-2023-5886-a04852934ccd4497c8403afda3917aa6.yaml
+++ b/nuclei-templates/2023/CVE-2023-5886-a04852934ccd4497c8403afda3917aa6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Cross-Site Request Forgery to PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Export any WordPress data to XML/CSV plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.4.1, and in versions up to 1.8.6 in the PRO version. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions and deserialize a PHAR object and potentially achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2023-5886
   metadata:
-    fofa-query: "wp-content/plugins/wp-all-export-pro/"
-    google-query: inurl:"/wp-content/plugins/wp-all-export-pro/"
+    fofa-query: "wp-content/plugins/wp-all-export/"
+    google-query: inurl:"/wp-content/plugins/wp-all-export/"
     shodan-query: 'vuln:CVE-2023-5886'
-  tags: cve,wordpress,wp-plugin,wp-all-export-pro,high
+  tags: cve,wordpress,wp-plugin,wp-all-export,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-all-export-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-all-export/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wp-all-export-pro"
+          - "wp-all-export"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 1.8.6')
\ No newline at end of file
+          - compare_versions(version, '< 1.4.1')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-5905-5c8e28251cab5b1205b7a87c4a2a1426.yaml b/nuclei-templates/2023/CVE-2023-5905-5c8e28251cab5b1205b7a87c4a2a1426.yaml
index 3d529ac090..896e5a97d5 100644
--- a/nuclei-templates/2023/CVE-2023-5905-5c8e28251cab5b1205b7a87c4a2a1426.yaml
+++ b/nuclei-templates/2023/CVE-2023-5905-5c8e28251cab5b1205b7a87c4a2a1426.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Missing Authorization to Blog Data Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The DeMomentSomTres WordPress Export Posts With Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dms3export functionality in all versions up to, and including, 20220825. This makes it possible for authenticated attackers, with subscriber-level access and above, to export data and read protected posts as well as their passwords
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/demomentsomtres-wp-export/"
     google-query: inurl:"/wp-content/plugins/demomentsomtres-wp-export/"
     shodan-query: 'vuln:CVE-2023-5905'
-  tags: cve,wordpress,wp-plugin,demomentsomtres-wp-export,medium
+  tags: cve,wordpress,wp-plugin,demomentsomtres-wp-export,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5911-5c48a008fb4b7cf800ee3deda45c5f7c.yaml b/nuclei-templates/2023/CVE-2023-5911-5c48a008fb4b7cf800ee3deda45c5f7c.yaml
index 81b66afefb..4693b27f5d 100644
--- a/nuclei-templates/2023/CVE-2023-5911-5c48a008fb4b7cf800ee3deda45c5f7c.yaml
+++ b/nuclei-templates/2023/CVE-2023-5911-5c48a008fb4b7cf800ee3deda45c5f7c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Custom Cursors | WordPress Cursor <= 3.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Custom Cursors | WordPress Cursor Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-custom-cursors/"
     google-query: inurl:"/wp-content/plugins/wp-custom-cursors/"
     shodan-query: 'vuln:CVE-2023-5911'
-  tags: cve,wordpress,wp-plugin,wp-custom-cursors,medium
+  tags: cve,wordpress,wp-plugin,wp-custom-cursors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5922-427e946f25b6c94eeb7fca443cbb0fb9.yaml b/nuclei-templates/2023/CVE-2023-5922-427e946f25b6c94eeb7fca443cbb0fb9.yaml
index 9875df4048..9a66a3a063 100644
--- a/nuclei-templates/2023/CVE-2023-5922-427e946f25b6c94eeb7fca443cbb0fb9.yaml
+++ b/nuclei-templates/2023/CVE-2023-5922-427e946f25b6c94eeb7fca443cbb0fb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons and Templates <= 1.3.80 - Missing Authorization to Private/Password Protected Post Read
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpr_get_page_content AJAX action in all versions up to, and including, 1.3.80. This makes it possible for unauthenticated attackers to view password protected posts and pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2023-5922'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5931-58b37148ce0bdaa5522c3559b2f37ff0.yaml b/nuclei-templates/2023/CVE-2023-5931-58b37148ce0bdaa5522c3559b2f37ff0.yaml
index 6991dfdee3..c2a160a34f 100644
--- a/nuclei-templates/2023/CVE-2023-5931-58b37148ce0bdaa5522c3559b2f37ff0.yaml
+++ b/nuclei-templates/2023/CVE-2023-5931-58b37148ce0bdaa5522c3559b2f37ff0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rtmedia_api_process_rtmedia_upload_media_request() function in all versions up to, and including, 4.6.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-media/"
     google-query: inurl:"/wp-content/plugins/buddypress-media/"
     shodan-query: 'vuln:CVE-2023-5931'
-  tags: cve,wordpress,wp-plugin,buddypress-media,high
+  tags: cve,wordpress,wp-plugin,buddypress-media,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5939-5185077331b584e736df6ae601c45310.yaml b/nuclei-templates/2023/CVE-2023-5939-5185077331b584e736df6ae601c45310.yaml
index 093bc7afe7..8645a736f0 100644
--- a/nuclei-templates/2023/CVE-2023-5939-5185077331b584e736df6ae601c45310.yaml
+++ b/nuclei-templates/2023/CVE-2023-5939-5185077331b584e736df6ae601c45310.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     rtMedia for WordPress, BuddyPress and bbPress WordPress <= 4.6.15 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Import rtMedia Settings functionality in all versions up to, and including, 4.6.15. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-media/"
     google-query: inurl:"/wp-content/plugins/buddypress-media/"
     shodan-query: 'vuln:CVE-2023-5939'
-  tags: cve,wordpress,wp-plugin,buddypress-media,high
+  tags: cve,wordpress,wp-plugin,buddypress-media,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5940-e4874305a11ba506fee5f820a68e7e63.yaml b/nuclei-templates/2023/CVE-2023-5940-e4874305a11ba506fee5f820a68e7e63.yaml
index 1a1d928ef1..2b02e7edb4 100644
--- a/nuclei-templates/2023/CVE-2023-5940-e4874305a11ba506fee5f820a68e7e63.yaml
+++ b/nuclei-templates/2023/CVE-2023-5940-e4874305a11ba506fee5f820a68e7e63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Not Login Hide <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Not Login Hide (WPNLH) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-not-login-hide-wpnlh/"
     google-query: inurl:"/wp-content/plugins/wp-not-login-hide-wpnlh/"
     shodan-query: 'vuln:CVE-2023-5940'
-  tags: cve,wordpress,wp-plugin,wp-not-login-hide-wpnlh,medium
+  tags: cve,wordpress,wp-plugin,wp-not-login-hide-wpnlh,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5942-62fa04687cc3a59a6c68564d31d19c75.yaml b/nuclei-templates/2023/CVE-2023-5942-62fa04687cc3a59a6c68564d31d19c75.yaml
index 6efb761b5d..f3637cb6bf 100644
--- a/nuclei-templates/2023/CVE-2023-5942-62fa04687cc3a59a6c68564d31d19c75.yaml
+++ b/nuclei-templates/2023/CVE-2023-5942-62fa04687cc3a59a6c68564d31d19c75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Medialist <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Medialist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-list/"
     google-query: inurl:"/wp-content/plugins/media-list/"
     shodan-query: 'vuln:CVE-2023-5942'
-  tags: cve,wordpress,wp-plugin,media-list,medium
+  tags: cve,wordpress,wp-plugin,media-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5943-84ca5039f02eeb82650dbead88aee202.yaml b/nuclei-templates/2023/CVE-2023-5943-84ca5039f02eeb82650dbead88aee202.yaml
index ff3d7b230e..37d42e9697 100644
--- a/nuclei-templates/2023/CVE-2023-5943-84ca5039f02eeb82650dbead88aee202.yaml
+++ b/nuclei-templates/2023/CVE-2023-5943-84ca5039f02eeb82650dbead88aee202.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp-Adv-Quiz <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Question and Message
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wp-Adv-Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a quiz question and message in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-quiz/"
     google-query: inurl:"/wp-content/plugins/advanced-quiz/"
     shodan-query: 'vuln:CVE-2023-5943'
-  tags: cve,wordpress,wp-plugin,advanced-quiz,medium
+  tags: cve,wordpress,wp-plugin,advanced-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5953-fdd08ff4357466d1ef831234fd4686a2.yaml b/nuclei-templates/2023/CVE-2023-5953-fdd08ff4357466d1ef831234fd4686a2.yaml
index ad8776121f..885fc30148 100644
--- a/nuclei-templates/2023/CVE-2023-5953-fdd08ff4357466d1ef831234fd4686a2.yaml
+++ b/nuclei-templates/2023/CVE-2023-5953-fdd08ff4357466d1ef831234fd4686a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_certificate_file function in all versions up to, and including, 2.9.4. This makes it possible for subscribers or higher to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2023-5953'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5955-73e00ca7db916ed6c728c1ea942e0577.yaml b/nuclei-templates/2023/CVE-2023-5955-73e00ca7db916ed6c728c1ea942e0577.yaml
index b71eab5a7c..d81b26256b 100644
--- a/nuclei-templates/2023/CVE-2023-5955-73e00ca7db916ed6c728c1ea942e0577.yaml
+++ b/nuclei-templates/2023/CVE-2023-5955-73e00ca7db916ed6c728c1ea942e0577.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Email <= 1.3.43 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-email/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-email/"
     shodan-query: 'vuln:CVE-2023-5955'
-  tags: cve,wordpress,wp-plugin,contact-form-to-email,medium
+  tags: cve,wordpress,wp-plugin,contact-form-to-email,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5956-1044e73f9f4c90a4318631b027811f47.yaml b/nuclei-templates/2023/CVE-2023-5956-1044e73f9f4c90a4318631b027811f47.yaml
index 421d7f30e2..e7fc9dd9e2 100644
--- a/nuclei-templates/2023/CVE-2023-5956-1044e73f9f4c90a4318631b027811f47.yaml
+++ b/nuclei-templates/2023/CVE-2023-5956-1044e73f9f4c90a4318631b027811f47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp-Adv-Quiz <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Title
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Wp-Adv-Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a quiz title in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-quiz/"
     google-query: inurl:"/wp-content/plugins/advanced-quiz/"
     shodan-query: 'vuln:CVE-2023-5956'
-  tags: cve,wordpress,wp-plugin,advanced-quiz,medium
+  tags: cve,wordpress,wp-plugin,advanced-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-5980-e0096662f4021341254048a6332cbd3c.yaml b/nuclei-templates/2023/CVE-2023-5980-e0096662f4021341254048a6332cbd3c.yaml
index b8e8b24f21..5e1b8945cc 100644
--- a/nuclei-templates/2023/CVE-2023-5980-e0096662f4021341254048a6332cbd3c.yaml
+++ b/nuclei-templates/2023/CVE-2023-5980-e0096662f4021341254048a6332cbd3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BSK Forms Blacklist <= 3.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BSK Forms Blacklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bsk-gravityforms-blacklist/"
     google-query: inurl:"/wp-content/plugins/bsk-gravityforms-blacklist/"
     shodan-query: 'vuln:CVE-2023-5980'
-  tags: cve,wordpress,wp-plugin,bsk-gravityforms-blacklist,medium
+  tags: cve,wordpress,wp-plugin,bsk-gravityforms-blacklist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6000-f3aaaced779e642f2bb1c29db02ea02e.yaml b/nuclei-templates/2023/CVE-2023-6000-f3aaaced779e642f2bb1c29db02ea02e.yaml
index c8e0209407..be4e9f0776 100644
--- a/nuclei-templates/2023/CVE-2023-6000-f3aaaced779e642f2bb1c29db02ea02e.yaml
+++ b/nuclei-templates/2023/CVE-2023-6000-f3aaaced779e642f2bb1c29db02ea02e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via popups in versions up to 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-builder/"
     google-query: inurl:"/wp-content/plugins/popup-builder/"
     shodan-query: 'vuln:CVE-2023-6000'
-  tags: cve,wordpress,wp-plugin,popup-builder,medium
+  tags: cve,wordpress,wp-plugin,popup-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6005-34378358cea5d52c68afc57717376111.yaml b/nuclei-templates/2023/CVE-2023-6005-34378358cea5d52c68afc57717376111.yaml
index 3e8c5febf3..a538e4ac46 100644
--- a/nuclei-templates/2023/CVE-2023-6005-34378358cea5d52c68afc57717376111.yaml
+++ b/nuclei-templates/2023/CVE-2023-6005-34378358cea5d52c68afc57717376111.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Authenticated (Admin+) Stored Cross-Site  Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EventON plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.5.4 (premium) & 2.2.7 (free) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.4
     cve-id: CVE-2023-6005
   metadata:
-    fofa-query: "wp-content/plugins/eventon-lite/"
-    google-query: inurl:"/wp-content/plugins/eventon-lite/"
+    fofa-query: "wp-content/plugins/eventon/"
+    google-query: inurl:"/wp-content/plugins/eventon/"
     shodan-query: 'vuln:CVE-2023-6005'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "eventon-lite"
+          - "eventon"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.2.7')
\ No newline at end of file
+          - compare_versions(version, '<= 4.5.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-6009-caff8f6f354132f41c0e30a99b04fa75.yaml b/nuclei-templates/2023/CVE-2023-6009-caff8f6f354132f41c0e30a99b04fa75.yaml
index d142694e62..53cb9d8f7e 100644
--- a/nuclei-templates/2023/CVE-2023-6009-caff8f6f354132f41c0e30a99b04fa75.yaml
+++ b/nuclei-templates/2023/CVE-2023-6009-caff8f6f354132f41c0e30a99b04fa75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userpro/"
     google-query: inurl:"/wp-content/plugins/userpro/"
     shodan-query: 'vuln:CVE-2023-6009'
-  tags: cve,wordpress,wp-plugin,userpro,high
+  tags: cve,wordpress,wp-plugin,userpro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6035-be6b3b7884ff27a71c7f24387abeb572.yaml b/nuclei-templates/2023/CVE-2023-6035-be6b3b7884ff27a71c7f24387abeb572.yaml
index 350109455c..7f9000e051 100644
--- a/nuclei-templates/2023/CVE-2023-6035-be6b3b7884ff27a71c7f24387abeb572.yaml
+++ b/nuclei-templates/2023/CVE-2023-6035-be6b3b7884ff27a71c7f24387abeb572.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EazyDocs <= 2.3.3 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase) plugin for WordPress is vulnerable to SQL Injection via the 'data' parameter in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eazydocs/"
     google-query: inurl:"/wp-content/plugins/eazydocs/"
     shodan-query: 'vuln:CVE-2023-6035'
-  tags: cve,wordpress,wp-plugin,eazydocs,high
+  tags: cve,wordpress,wp-plugin,eazydocs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6037-60704a9704a6bd75205a7bd8179ee4be.yaml b/nuclei-templates/2023/CVE-2023-6037-60704a9704a6bd75205a7bd8179ee4be.yaml
index 375d1b93ad..8b3033be30 100644
--- a/nuclei-templates/2023/CVE-2023-6037-60704a9704a6bd75205a7bd8179ee4be.yaml
+++ b/nuclei-templates/2023/CVE-2023-6037-60704a9704a6bd75205a7bd8179ee4be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP TripAdvisor Review Slider  <= 11.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP TripAdvisor Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-tripadvisor-review-slider/"
     google-query: inurl:"/wp-content/plugins/wp-tripadvisor-review-slider/"
     shodan-query: 'vuln:CVE-2023-6037'
-  tags: cve,wordpress,wp-plugin,wp-tripadvisor-review-slider,medium
+  tags: cve,wordpress,wp-plugin,wp-tripadvisor-review-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6048-c13a04653b2bd4332fed19d99c861058.yaml b/nuclei-templates/2023/CVE-2023-6048-c13a04653b2bd4332fed19d99c861058.yaml
index 2570320d7a..2b6060f0e5 100644
--- a/nuclei-templates/2023/CVE-2023-6048-c13a04653b2bd4332fed19d99c861058.yaml
+++ b/nuclei-templates/2023/CVE-2023-6048-c13a04653b2bd4332fed19d99c861058.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Estatik Real Estate Plugin <= 4.1.0 - Missing Authorization to Limited Arbitrary Options Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Estatik Real Estate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the es_dismiss_notices() function in all versions up to, and including, 4.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options values to "1" which could ultimately lead to a denial of service.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/estatik/"
     google-query: inurl:"/wp-content/plugins/estatik/"
     shodan-query: 'vuln:CVE-2023-6048'
-  tags: cve,wordpress,wp-plugin,estatik,medium
+  tags: cve,wordpress,wp-plugin,estatik,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6067-8d7a863f5c4efdd21d67e64b56b84820.yaml b/nuclei-templates/2023/CVE-2023-6067-8d7a863f5c4efdd21d67e64b56b84820.yaml
index 4549392508..6d8f2f97e6 100644
--- a/nuclei-templates/2023/CVE-2023-6067-8d7a863f5c4efdd21d67e64b56b84820.yaml
+++ b/nuclei-templates/2023/CVE-2023-6067-8d7a863f5c4efdd21d67e64b56b84820.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Profile Avatar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP User Profile Avatar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-profile-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-profile-avatar/"
     shodan-query: 'vuln:CVE-2023-6067'
-  tags: cve,wordpress,wp-plugin,wp-user-profile-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-profile-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6077-5ed7439fdc6a179319e68a6091db0e8d.yaml b/nuclei-templates/2023/CVE-2023-6077-5ed7439fdc6a179319e68a6091db0e8d.yaml
index 23a3610de9..0288a4d0ce 100644
--- a/nuclei-templates/2023/CVE-2023-6077-5ed7439fdc6a179319e68a6091db0e8d.yaml
+++ b/nuclei-templates/2023/CVE-2023-6077-5ed7439fdc6a179319e68a6091db0e8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Responsive Image Slider <= 3.5.11 - Missing Authorization via AJAX action
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slider – Ultimate Responsive Image Slider plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_thumbnail_uris function in all versions up to 3.5.11 (inclusive). This makes it possible for subscriber-level attackers to access the meta-information associated with sliders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-responsive-image-slider/"
     google-query: inurl:"/wp-content/plugins/ultimate-responsive-image-slider/"
     shodan-query: 'vuln:CVE-2023-6077'
-  tags: cve,wordpress,wp-plugin,ultimate-responsive-image-slider,medium
+  tags: cve,wordpress,wp-plugin,ultimate-responsive-image-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6081-1d70e5d002efa976ab87b56edcf9f0b9.yaml b/nuclei-templates/2023/CVE-2023-6081-1d70e5d002efa976ab87b56edcf9f0b9.yaml
index 3d2fcebaec..8e8f320db0 100644
--- a/nuclei-templates/2023/CVE-2023-6081-1d70e5d002efa976ab87b56edcf9f0b9.yaml
+++ b/nuclei-templates/2023/CVE-2023-6081-1d70e5d002efa976ab87b56edcf9f0b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chartjs <= 2023.2 - Authenticated(Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The enigma-chartjs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to and including 2023.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enigma-chartjs/"
     google-query: inurl:"/wp-content/plugins/enigma-chartjs/"
     shodan-query: 'vuln:CVE-2023-6081'
-  tags: cve,wordpress,wp-plugin,enigma-chartjs,medium
+  tags: cve,wordpress,wp-plugin,enigma-chartjs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6082-ace575e194919fed8a75c5778dd0bfab.yaml b/nuclei-templates/2023/CVE-2023-6082-ace575e194919fed8a75c5778dd0bfab.yaml
index c27a43f64b..960b3acc1b 100644
--- a/nuclei-templates/2023/CVE-2023-6082-ace575e194919fed8a75c5778dd0bfab.yaml
+++ b/nuclei-templates/2023/CVE-2023-6082-ace575e194919fed8a75c5778dd0bfab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chartjs <= 2023.2 - Authenticated(Editor+) Stored Cross-Site Scripting via chart
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The enigma-chartjs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chart functionality in versions up to and including 2023.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enigma-chartjs/"
     google-query: inurl:"/wp-content/plugins/enigma-chartjs/"
     shodan-query: 'vuln:CVE-2023-6082'
-  tags: cve,wordpress,wp-plugin,enigma-chartjs,medium
+  tags: cve,wordpress,wp-plugin,enigma-chartjs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6090-27287fd1e5df71f58411b21feefa43bc.yaml b/nuclei-templates/2023/CVE-2023-6090-27287fd1e5df71f58411b21feefa43bc.yaml
index 037761c3c6..72043b47ac 100644
--- a/nuclei-templates/2023/CVE-2023-6090-27287fd1e5df71f58411b21feefa43bc.yaml
+++ b/nuclei-templates/2023/CVE-2023-6090-27287fd1e5df71f58411b21feefa43bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mollie Payments for WooCommerce <= 7.3.11 - Authenticated (Shop Manager+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in one of its functions in all versions up to, and including, 7.3.11. This makes it possible for authenticated attackers, with Shop Manager access to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mollie-payments-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/mollie-payments-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-6090'
-  tags: cve,wordpress,wp-plugin,mollie-payments-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,mollie-payments-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6091-fd1e677494c37ae823f0277f9b7da0c4.yaml b/nuclei-templates/2023/CVE-2023-6091-fd1e677494c37ae823f0277f9b7da0c4.yaml
index 9a5cbe532c..a2d7d1a490 100644
--- a/nuclei-templates/2023/CVE-2023-6091-fd1e677494c37ae823f0277f9b7da0c4.yaml
+++ b/nuclei-templates/2023/CVE-2023-6091-fd1e677494c37ae823f0277f9b7da0c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme Editor <= 2.7.1 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers with administrator privileges or higher to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-editor/"
     google-query: inurl:"/wp-content/plugins/theme-editor/"
     shodan-query: 'vuln:CVE-2023-6091'
-  tags: cve,wordpress,wp-plugin,theme-editor,high
+  tags: cve,wordpress,wp-plugin,theme-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6113-84e23826180e38f8c23713de5476118f.yaml b/nuclei-templates/2023/CVE-2023-6113-84e23826180e38f8c23713de5476118f.yaml
index 8d7fa4b5d2..8c7ea3a634 100644
--- a/nuclei-templates/2023/CVE-2023-6113-84e23826180e38f8c23713de5476118f.yaml
+++ b/nuclei-templates/2023/CVE-2023-6113-84e23826180e38f8c23713de5476118f.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2023-6113
   metadata:
-    fofa-query: "wp-content/plugins/wp-staging/"
-    google-query: inurl:"/wp-content/plugins/wp-staging/"
+    fofa-query: "wp-content/plugins/wp-staging-pro/"
+    google-query: inurl:"/wp-content/plugins/wp-staging-pro/"
     shodan-query: 'vuln:CVE-2023-6113'
-  tags: cve,wordpress,wp-plugin,wp-staging,medium
+  tags: cve,wordpress,wp-plugin,wp-staging-pro,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-staging/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-staging-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wp-staging"
+          - "wp-staging-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 3.1.3')
\ No newline at end of file
+          - compare_versions(version, '< 5.1.3')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-6114-cf9463289c46f678c704f21fa0d76e71.yaml b/nuclei-templates/2023/CVE-2023-6114-cf9463289c46f678c704f21fa0d76e71.yaml
index 7087f9f1dd..2efc1df463 100644
--- a/nuclei-templates/2023/CVE-2023-6114-cf9463289c46f678c704f21fa0d76e71.yaml
+++ b/nuclei-templates/2023/CVE-2023-6114-cf9463289c46f678c704f21fa0d76e71.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2023-6114
   metadata:
-    fofa-query: "wp-content/plugins/duplicator-pro/"
-    google-query: inurl:"/wp-content/plugins/duplicator-pro/"
+    fofa-query: "wp-content/plugins/duplicator/"
+    google-query: inurl:"/wp-content/plugins/duplicator/"
     shodan-query: 'vuln:CVE-2023-6114'
-  tags: cve,wordpress,wp-plugin,duplicator-pro,critical
+  tags: cve,wordpress,wp-plugin,duplicator,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/duplicator-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "duplicator-pro"
+          - "duplicator"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 4.5.14.2')
\ No newline at end of file
+          - compare_versions(version, '<= 1.5.7')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-6120-2711228331aed4ad8d57b410230e7202.yaml b/nuclei-templates/2023/CVE-2023-6120-2711228331aed4ad8d57b410230e7202.yaml
index e07bbcdece..186d7f6b22 100644
--- a/nuclei-templates/2023/CVE-2023-6120-2711228331aed4ad8d57b410230e7202.yaml
+++ b/nuclei-templates/2023/CVE-2023-6120-2711228331aed4ad8d57b410230e7202.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.9.6 - Authenticated (Administrator+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2023-6120'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6133-956616cf620f8b1a830cdf6f68014a5e.yaml b/nuclei-templates/2023/CVE-2023-6133-956616cf620f8b1a830cdf6f68014a5e.yaml
index 9c76044494..f061960670 100644
--- a/nuclei-templates/2023/CVE-2023-6133-956616cf620f8b1a830cdf6f68014a5e.yaml
+++ b/nuclei-templates/2023/CVE-2023-6133-956616cf620f8b1a830cdf6f68014a5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forminator/"
     google-query: inurl:"/wp-content/plugins/forminator/"
     shodan-query: 'vuln:CVE-2023-6133'
-  tags: cve,wordpress,wp-plugin,forminator,medium
+  tags: cve,wordpress,wp-plugin,forminator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6136-f18de85deaea25c6fbd01540999d6426.yaml b/nuclei-templates/2023/CVE-2023-6136-f18de85deaea25c6fbd01540999d6426.yaml
index 5707a28ee9..93cc4927d1 100644
--- a/nuclei-templates/2023/CVE-2023-6136-f18de85deaea25c6fbd01540999d6426.yaml
+++ b/nuclei-templates/2023/CVE-2023-6136-f18de85deaea25c6fbd01540999d6426.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Debug Log Manager <= 2.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Debug Log Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_log() function hooked via AJAX in all versions up to, and including, 2.2.1. This makes it possible for attackers, with subscriber-level access and above, to clear the debug logs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/debug-log-manager/"
     google-query: inurl:"/wp-content/plugins/debug-log-manager/"
     shodan-query: 'vuln:CVE-2023-6136'
-  tags: cve,wordpress,wp-plugin,debug-log-manager,medium
+  tags: cve,wordpress,wp-plugin,debug-log-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6139-54b8dea2a513397d549565f2d6307194.yaml b/nuclei-templates/2023/CVE-2023-6139-54b8dea2a513397d549565f2d6307194.yaml
index 98defd2b54..8d278d6c1e 100644
--- a/nuclei-templates/2023/CVE-2023-6139-54b8dea2a513397d549565f2d6307194.yaml
+++ b/nuclei-templates/2023/CVE-2023-6139-54b8dea2a513397d549565f2d6307194.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Real Estate <= 4.3.5 - Missing Authorization to Denial of Service
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the gsf_save_options AJAX action in all versions up to, and including, 4.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin's settings which can lead to a denial of service.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-real-estate/"
     google-query: inurl:"/wp-content/plugins/essential-real-estate/"
     shodan-query: 'vuln:CVE-2023-6139'
-  tags: cve,wordpress,wp-plugin,essential-real-estate,medium
+  tags: cve,wordpress,wp-plugin,essential-real-estate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6141-00a2a2e9797fc1a0dfdb2c0093e34725.yaml b/nuclei-templates/2023/CVE-2023-6141-00a2a2e9797fc1a0dfdb2c0093e34725.yaml
index 88077b1b96..9480e2d913 100644
--- a/nuclei-templates/2023/CVE-2023-6141-00a2a2e9797fc1a0dfdb2c0093e34725.yaml
+++ b/nuclei-templates/2023/CVE-2023-6141-00a2a2e9797fc1a0dfdb2c0093e34725.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Real Estate <= 4.3.5 - Missing Authorization to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'font[0][selector]' parameter in all versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above,]to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-real-estate/"
     google-query: inurl:"/wp-content/plugins/essential-real-estate/"
     shodan-query: 'vuln:CVE-2023-6141'
-  tags: cve,wordpress,wp-plugin,essential-real-estate,medium
+  tags: cve,wordpress,wp-plugin,essential-real-estate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6155-933559cdad5a8cb46fa09f456890e810.yaml b/nuclei-templates/2023/CVE-2023-6155-933559cdad5a8cb46fa09f456890e810.yaml
index 2335c19c04..60697be3a2 100644
--- a/nuclei-templates/2023/CVE-2023-6155-933559cdad5a8cb46fa09f456890e810.yaml
+++ b/nuclei-templates/2023/CVE-2023-6155-933559cdad5a8cb46fa09f456890e810.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz Maker <= 6.4.9.4 - Missing Authorization to Email Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_quiz_author_user_search function in all versions up to 6.4.9.5 (exclusive). This makes it possible for unauthenticated attackers to perform a search for users and obtain user email addresses.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-maker/"
     google-query: inurl:"/wp-content/plugins/quiz-maker/"
     shodan-query: 'vuln:CVE-2023-6155'
-  tags: cve,wordpress,wp-plugin,quiz-maker,medium
+  tags: cve,wordpress,wp-plugin,quiz-maker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6158-537515ca49a9f4b41a11d36cd380e6f4.yaml b/nuclei-templates/2023/CVE-2023-6158-537515ca49a9f4b41a11d36cd380e6f4.yaml
index aced5bcbb7..b925430958 100644
--- a/nuclei-templates/2023/CVE-2023-6158-537515ca49a9f4b41a11d36cd380e6f4.yaml
+++ b/nuclei-templates/2023/CVE-2023-6158-537515ca49a9f4b41a11d36cd380e6f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). This makes it possible for unauthenticated attackers to update and remove arbitrary post metadata. Note that certain parameters may allow for content injection. CVE-2024-0238 appears to be a duplicate of this issue.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2023-6158
   metadata:
-    fofa-query: "wp-content/plugins/eventon-lite/"
-    google-query: inurl:"/wp-content/plugins/eventon-lite/"
+    fofa-query: "wp-content/plugins/eventon/"
+    google-query: inurl:"/wp-content/plugins/eventon/"
     shodan-query: 'vuln:CVE-2023-6158'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "eventon-lite"
+          - "eventon"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.2.7')
\ No newline at end of file
+          - compare_versions(version, '<= 4.5.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-6163-1dcb303214a4e16964564ee6c958b8e1.yaml b/nuclei-templates/2023/CVE-2023-6163-1dcb303214a4e16964564ee6c958b8e1.yaml
index 5b5014a24c..732fb21dc7 100644
--- a/nuclei-templates/2023/CVE-2023-6163-1dcb303214a4e16964564ee6c958b8e1.yaml
+++ b/nuclei-templates/2023/CVE-2023-6163-1dcb303214a4e16964564ee6c958b8e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Crowdfunding <= 2.1.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-crowdfunding/"
     google-query: inurl:"/wp-content/plugins/wp-crowdfunding/"
     shodan-query: 'vuln:CVE-2023-6163'
-  tags: cve,wordpress,wp-plugin,wp-crowdfunding,medium
+  tags: cve,wordpress,wp-plugin,wp-crowdfunding,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6165-00fcc0e6d0a51f0c0f6ca9266dccfbaf.yaml b/nuclei-templates/2023/CVE-2023-6165-00fcc0e6d0a51f0c0f6ca9266dccfbaf.yaml
index fa1971a990..06f92b2c21 100644
--- a/nuclei-templates/2023/CVE-2023-6165-00fcc0e6d0a51f0c0f6ca9266dccfbaf.yaml
+++ b/nuclei-templates/2023/CVE-2023-6165-00fcc0e6d0a51f0c0f6ca9266dccfbaf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restrict Usernames Emails Characters <= 3.1.3 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Restrict Usernames Emails Characters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restrict-usernames-emails-characters/"
     google-query: inurl:"/wp-content/plugins/restrict-usernames-emails-characters/"
     shodan-query: 'vuln:CVE-2023-6165'
-  tags: cve,wordpress,wp-plugin,restrict-usernames-emails-characters,medium
+  tags: cve,wordpress,wp-plugin,restrict-usernames-emails-characters,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6187-68293564bc63bf678c3143661b510396.yaml b/nuclei-templates/2023/CVE-2023-6187-68293564bc63bf678c3143661b510396.yaml
index 8849e4602a..a89b587a62 100644
--- a/nuclei-templates/2023/CVE-2023-6187-68293564bc63bf678c3143661b510396.yaml
+++ b/nuclei-templates/2023/CVE-2023-6187-68293564bc63bf678c3143661b510396.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:CVE-2023-6187'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,high
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6196-07cf727b65166fc33c537ed10a4a1542.yaml b/nuclei-templates/2023/CVE-2023-6196-07cf727b65166fc33c537ed10a4a1542.yaml
index b1085df219..2a23fc2c3f 100644
--- a/nuclei-templates/2023/CVE-2023-6196-07cf727b65166fc33c537ed10a4a1542.yaml
+++ b/nuclei-templates/2023/CVE-2023-6196-07cf727b65166fc33c537ed10a4a1542.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audio_merchant_add_audio_file function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/audio-merchant/"
     google-query: inurl:"/wp-content/plugins/audio-merchant/"
     shodan-query: 'vuln:CVE-2023-6196'
-  tags: cve,wordpress,wp-plugin,audio-merchant,high
+  tags: cve,wordpress,wp-plugin,audio-merchant,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6219-631d4cb99a459c16e4abfaa250ae1a0d.yaml b/nuclei-templates/2023/CVE-2023-6219-631d4cb99a459c16e4abfaa250ae1a0d.yaml
index e5d4bf3abf..7ac3e35664 100644
--- a/nuclei-templates/2023/CVE-2023-6219-631d4cb99a459c16e4abfaa250ae1a0d.yaml
+++ b/nuclei-templates/2023/CVE-2023-6219-631d4cb99a459c16e4abfaa250ae1a0d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookingpress-appointment-booking/"
     google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/"
     shodan-query: 'vuln:CVE-2023-6219'
-  tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,high
+  tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6220-3e3dbd541f7f8bdbabf98ab3f7d5763f.yaml b/nuclei-templates/2023/CVE-2023-6220-3e3dbd541f7f8bdbabf98ab3f7d5763f.yaml
index f6b3873b91..2da75dffc4 100644
--- a/nuclei-templates/2023/CVE-2023-6220-3e3dbd541f7f8bdbabf98ab3f7d5763f.yaml
+++ b/nuclei-templates/2023/CVE-2023-6220-3e3dbd541f7f8bdbabf98ab3f7d5763f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/piotnetforms/"
     google-query: inurl:"/wp-content/plugins/piotnetforms/"
     shodan-query: 'vuln:CVE-2023-6220'
-  tags: cve,wordpress,wp-plugin,piotnetforms,high
+  tags: cve,wordpress,wp-plugin,piotnetforms,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6222-f4e8b028120d672af95b84876878fcae.yaml b/nuclei-templates/2023/CVE-2023-6222-f4e8b028120d672af95b84876878fcae.yaml
index 74626c7a24..8b3ea6076b 100644
--- a/nuclei-templates/2023/CVE-2023-6222-f4e8b028120d672af95b84876878fcae.yaml
+++ b/nuclei-templates/2023/CVE-2023-6222-f4e8b028120d672af95b84876878fcae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quttera Web Malware Scanner <= 3.4.1.48 - Authenticated (Administrator+) Directory Traversal via ShowFile
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.1.48 via the ShowFile function. This allows an administrator to view arbitrary files on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quttera-web-malware-scanner/"
     google-query: inurl:"/wp-content/plugins/quttera-web-malware-scanner/"
     shodan-query: 'vuln:CVE-2023-6222'
-  tags: cve,wordpress,wp-plugin,quttera-web-malware-scanner,medium
+  tags: cve,wordpress,wp-plugin,quttera-web-malware-scanner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6225-63222bd033aa9c6bf238fe6f7d23725d.yaml b/nuclei-templates/2023/CVE-2023-6225-63222bd033aa9c6bf238fe6f7d23725d.yaml
index 3bc057de73..fd83b9535c 100644
--- a/nuclei-templates/2023/CVE-2023-6225-63222bd033aa9c6bf238fe6f7d23725d.yaml
+++ b/nuclei-templates/2023/CVE-2023-6225-63222bd033aa9c6bf238fe6f7d23725d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2023-6225'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6242-187d65743de5f807e3a3561c30924b2f.yaml b/nuclei-templates/2023/CVE-2023-6242-187d65743de5f807e3a3561c30924b2f.yaml
index 620d4dd977..2f071ec381 100644
--- a/nuclei-templates/2023/CVE-2023-6242-187d65743de5f807e3a3561c30924b2f.yaml
+++ b/nuclei-templates/2023/CVE-2023-6242-187d65743de5f807e3a3561c30924b2f.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2023-6242
   metadata:
-    fofa-query: "wp-content/plugins/eventon-lite/"
-    google-query: inurl:"/wp-content/plugins/eventon-lite/"
+    fofa-query: "wp-content/plugins/eventon/"
+    google-query: inurl:"/wp-content/plugins/eventon/"
     shodan-query: 'vuln:CVE-2023-6242'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "eventon-lite"
+          - "eventon"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.2.7')
\ No newline at end of file
+          - compare_versions(version, '<= 4.5.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-6244-68358961295abb7462ad91426e0c3310.yaml b/nuclei-templates/2023/CVE-2023-6244-68358961295abb7462ad91426e0c3310.yaml
index f5868cd084..1635d60c1a 100644
--- a/nuclei-templates/2023/CVE-2023-6244-68358961295abb7462ad91426e0c3310.yaml
+++ b/nuclei-templates/2023/CVE-2023-6244-68358961295abb7462ad91426e0c3310.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2023-6244
   metadata:
-    fofa-query: "wp-content/plugins/eventon-lite/"
-    google-query: inurl:"/wp-content/plugins/eventon-lite/"
+    fofa-query: "wp-content/plugins/eventon/"
+    google-query: inurl:"/wp-content/plugins/eventon/"
     shodan-query: 'vuln:CVE-2023-6244'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "eventon-lite"
+          - "eventon"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.2.8')
\ No newline at end of file
+          - compare_versions(version, '<= 4.5.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-6289-7dfff8c4900f7bbdbc49f6aa2df77488.yaml b/nuclei-templates/2023/CVE-2023-6289-7dfff8c4900f7bbdbc49f6aa2df77488.yaml
index 98ab830e14..63ee91dd3f 100644
--- a/nuclei-templates/2023/CVE-2023-6289-7dfff8c4900f7bbdbc49f6aa2df77488.yaml
+++ b/nuclei-templates/2023/CVE-2023-6289-7dfff8c4900f7bbdbc49f6aa2df77488.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Swift Performance Lite <= 2.3.6.14 - Missing Authorization to Unauthenticated Settings Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the on functionality hooked via admin_init function in all versions up to, and including, 2.3.6.14. This makes it possible for unauthenticated attackers to export the settings of the plugin which can contain Cloudflare API tokens.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/swift-performance-lite/"
     google-query: inurl:"/wp-content/plugins/swift-performance-lite/"
     shodan-query: 'vuln:CVE-2023-6289'
-  tags: cve,wordpress,wp-plugin,swift-performance-lite,medium
+  tags: cve,wordpress,wp-plugin,swift-performance-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6290-fb48c2712fa8a78f7a012c1644582d5a.yaml b/nuclei-templates/2023/CVE-2023-6290-fb48c2712fa8a78f7a012c1644582d5a.yaml
index 16b04a562f..3759ba4851 100644
--- a/nuclei-templates/2023/CVE-2023-6290-fb48c2712fa8a78f7a012c1644582d5a.yaml
+++ b/nuclei-templates/2023/CVE-2023-6290-fb48c2712fa8a78f7a012c1644582d5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEOPress – On-site SEO <= 7.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-seopress/"
     google-query: inurl:"/wp-content/plugins/wp-seopress/"
     shodan-query: 'vuln:CVE-2023-6290'
-  tags: cve,wordpress,wp-plugin,wp-seopress,medium
+  tags: cve,wordpress,wp-plugin,wp-seopress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6294-9df0586fa1f03eb4aff1b246f09e907b.yaml b/nuclei-templates/2023/CVE-2023-6294-9df0586fa1f03eb4aff1b246f09e907b.yaml
index bf9f82cd22..a7e69600ad 100644
--- a/nuclei-templates/2023/CVE-2023-6294-9df0586fa1f03eb4aff1b246f09e907b.yaml
+++ b/nuclei-templates/2023/CVE-2023-6294-9df0586fa1f03eb4aff1b246f09e907b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder <= 4.2.5 - Authenticated (Admin+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.2.5. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-builder/"
     google-query: inurl:"/wp-content/plugins/popup-builder/"
     shodan-query: 'vuln:CVE-2023-6294'
-  tags: cve,wordpress,wp-plugin,popup-builder,medium
+  tags: cve,wordpress,wp-plugin,popup-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6295-81727806f0ca35ac1a1911812f8bc5ed.yaml b/nuclei-templates/2023/CVE-2023-6295-81727806f0ca35ac1a1911812f8bc5ed.yaml
index 8406999efa..757c8b26ad 100644
--- a/nuclei-templates/2023/CVE-2023-6295-81727806f0ca35ac1a1911812f8bc5ed.yaml
+++ b/nuclei-templates/2023/CVE-2023-6295-81727806f0ca35ac1a1911812f8bc5ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SiteOrigin Widgets Bundle < 1.51.0 - Authenticated (Admin+) Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.50.1. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/so-widgets-bundle/"
     google-query: inurl:"/wp-content/plugins/so-widgets-bundle/"
     shodan-query: 'vuln:CVE-2023-6295'
-  tags: cve,wordpress,wp-plugin,so-widgets-bundle,medium
+  tags: cve,wordpress,wp-plugin,so-widgets-bundle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6327-f19b67578553b4899e4857d2a0013f9e.yaml b/nuclei-templates/2023/CVE-2023-6327-f19b67578553b4899e4857d2a0013f9e.yaml
index 6e0bdcf344..2f221891b1 100644
--- a/nuclei-templates/2023/CVE-2023-6327-f19b67578553b4899e4857d2a0013f9e.yaml
+++ b/nuclei-templates/2023/CVE-2023-6327-f19b67578553b4899e4857d2a0013f9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShopLentor (formerly WooLentor)  <= 2.8.7 - Missing Authorization via purchased_new_products
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woolentor-addons/"
     google-query: inurl:"/wp-content/plugins/woolentor-addons/"
     shodan-query: 'vuln:CVE-2023-6327'
-  tags: cve,wordpress,wp-plugin,woolentor-addons,medium
+  tags: cve,wordpress,wp-plugin,woolentor-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6369-96488db43481ee059de402cf95554483.yaml b/nuclei-templates/2023/CVE-2023-6369-96488db43481ee059de402cf95554483.yaml
index f2ec4ca598..1792817fd2 100644
--- a/nuclei-templates/2023/CVE-2023-6369-96488db43481ee059de402cf95554483.yaml
+++ b/nuclei-templates/2023/CVE-2023-6369-96488db43481ee059de402cf95554483.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/export-wp-page-to-static-html/"
     google-query: inurl:"/wp-content/plugins/export-wp-page-to-static-html/"
     shodan-query: 'vuln:CVE-2023-6369'
-  tags: cve,wordpress,wp-plugin,export-wp-page-to-static-html,medium
+  tags: cve,wordpress,wp-plugin,export-wp-page-to-static-html,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6373-ab0a99467dd011ce171b426da9ac5ab8.yaml b/nuclei-templates/2023/CVE-2023-6373-ab0a99467dd011ce171b426da9ac5ab8.yaml
index 8a7e39408f..3eae702409 100644
--- a/nuclei-templates/2023/CVE-2023-6373-ab0a99467dd011ce171b426da9ac5ab8.yaml
+++ b/nuclei-templates/2023/CVE-2023-6373-ab0a99467dd011ce171b426da9ac5ab8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ArtPlacer Widget <= 2.20.6 - Authenticated (Editor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ArtPlacer Widget plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 2.20.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/artplacer-widget/"
     google-query: inurl:"/wp-content/plugins/artplacer-widget/"
     shodan-query: 'vuln:CVE-2023-6373'
-  tags: cve,wordpress,wp-plugin,artplacer-widget,high
+  tags: cve,wordpress,wp-plugin,artplacer-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6384-ec4121cea31885fa26a199486b7f74e3.yaml b/nuclei-templates/2023/CVE-2023-6384-ec4121cea31885fa26a199486b7f74e3.yaml
index d4dcbd6d04..b5d4c35246 100644
--- a/nuclei-templates/2023/CVE-2023-6384-ec4121cea31885fa26a199486b7f74e3.yaml
+++ b/nuclei-templates/2023/CVE-2023-6384-ec4121cea31885fa26a199486b7f74e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Profile Avatar <= 1.0.0 - Authenticated (Author+) Insecure Direct Object Reference to Avatar Deletion/Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP User Profile Avatar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.0 via the remove_user_avatar and update_user_avatar functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to update and delete arbitrary avatars.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-profile-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-profile-avatar/"
     shodan-query: 'vuln:CVE-2023-6384'
-  tags: cve,wordpress,wp-plugin,wp-user-profile-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-profile-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6446-447e8d03dfe04fdb92ac705bfa6b054a.yaml b/nuclei-templates/2023/CVE-2023-6446-447e8d03dfe04fdb92ac705bfa6b054a.yaml
index 944aee147f..c11bdec676 100644
--- a/nuclei-templates/2023/CVE-2023-6446-447e8d03dfe04fdb92ac705bfa6b054a.yaml
+++ b/nuclei-templates/2023/CVE-2023-6446-447e8d03dfe04fdb92ac705bfa6b054a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calculated Fields Form <= 1.2.40 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calculated-fields-form/"
     google-query: inurl:"/wp-content/plugins/calculated-fields-form/"
     shodan-query: 'vuln:CVE-2023-6446'
-  tags: cve,wordpress,wp-plugin,calculated-fields-form,medium
+  tags: cve,wordpress,wp-plugin,calculated-fields-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6447-3d6ad1520c77aad1133699654b17aff7.yaml b/nuclei-templates/2023/CVE-2023-6447-3d6ad1520c77aad1133699654b17aff7.yaml
index 2de51d80b5..21d1d44039 100644
--- a/nuclei-templates/2023/CVE-2023-6447-3d6ad1520c77aad1133699654b17aff7.yaml
+++ b/nuclei-templates/2023/CVE-2023-6447-3d6ad1520c77aad1133699654b17aff7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventPrime <= 3.3.5 - Missing Authorization to Private Event Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to retrieve password protected and private events.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventprime-event-calendar-management/"
     google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/"
     shodan-query: 'vuln:CVE-2023-6447'
-  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium
+  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6449-8d379cb370e88332eb6d842ed734aa6a.yaml b/nuclei-templates/2023/CVE-2023-6449-8d379cb370e88332eb6d842ed734aa6a.yaml
index 87abbeb7b3..bece4f0ab1 100644
--- a/nuclei-templates/2023/CVE-2023-6449-8d379cb370e88332eb6d842ed734aa6a.yaml
+++ b/nuclei-templates/2023/CVE-2023-6449-8d379cb370e88332eb6d842ed734aa6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form 7 <= 5.8.3 - Authenticated (Editor+) Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7/"
     google-query: inurl:"/wp-content/plugins/contact-form-7/"
     shodan-query: 'vuln:CVE-2023-6449'
-  tags: cve,wordpress,wp-plugin,contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,contact-form-7,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6456-1f98c7de637a490b84e9178dba93c59d.yaml b/nuclei-templates/2023/CVE-2023-6456-1f98c7de637a490b84e9178dba93c59d.yaml
index 9c6e6dcc77..3d122704a7 100644
--- a/nuclei-templates/2023/CVE-2023-6456-1f98c7de637a490b84e9178dba93c59d.yaml
+++ b/nuclei-templates/2023/CVE-2023-6456-1f98c7de637a490b84e9178dba93c59d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Review Slider <= 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-facebook-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-facebook-reviews/"
     shodan-query: 'vuln:CVE-2023-6456'
-  tags: cve,wordpress,wp-plugin,wp-facebook-reviews,medium
+  tags: cve,wordpress,wp-plugin,wp-facebook-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6485-a517ff8b627b981a1fe850768f04bf42.yaml b/nuclei-templates/2023/CVE-2023-6485-a517ff8b627b981a1fe850768f04bf42.yaml
index 99de0a36a1..03b432cf7b 100644
--- a/nuclei-templates/2023/CVE-2023-6485-a517ff8b627b981a1fe850768f04bf42.yaml
+++ b/nuclei-templates/2023/CVE-2023-6485-a517ff8b627b981a1fe850768f04bf42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Html5 Video Player <= 2.5.18 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Html5 Video Player – mp4 player, Video Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-video-player/"
     google-query: inurl:"/wp-content/plugins/html5-video-player/"
     shodan-query: 'vuln:CVE-2023-6485'
-  tags: cve,wordpress,wp-plugin,html5-video-player,medium
+  tags: cve,wordpress,wp-plugin,html5-video-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6486-da3f3594c596e882f29a46f5eb088351.yaml b/nuclei-templates/2023/CVE-2023-6486-da3f3594c596e882f29a46f5eb088351.yaml
index 2f24e45c6e..b2da68f63f 100644
--- a/nuclei-templates/2023/CVE-2023-6486-da3f3594c596e882f29a46f5eb088351.yaml
+++ b/nuclei-templates/2023/CVE-2023-6486-da3f3594c596e882f29a46f5eb088351.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/"
     shodan-query: 'vuln:CVE-2023-6486'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6488-dca1a97a6a5540d73d22b80fbffbb729.yaml b/nuclei-templates/2023/CVE-2023-6488-dca1a97a6a5540d73d22b80fbffbb729.yaml
index 900cc62ab3..3106c87138 100644
--- a/nuclei-templates/2023/CVE-2023-6488-dca1a97a6a5540d73d22b80fbffbb729.yaml
+++ b/nuclei-templates/2023/CVE-2023-6488-dca1a97a6a5540d73d22b80fbffbb729.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2023-6488'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6494-a4bcc5ba22f6cf25dbecf393d91d5f77.yaml b/nuclei-templates/2023/CVE-2023-6494-a4bcc5ba22f6cf25dbecf393d91d5f77.yaml
index 2fb38764d3..6904a1caf9 100644
--- a/nuclei-templates/2023/CVE-2023-6494-a4bcc5ba22f6cf25dbecf393d91d5f77.yaml
+++ b/nuclei-templates/2023/CVE-2023-6494-a4bcc5ba22f6cf25dbecf393d91d5f77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPC Smart Quick View for WooCommerce <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-smart-quick-view/"
     google-query: inurl:"/wp-content/plugins/woo-smart-quick-view/"
     shodan-query: 'vuln:CVE-2023-6494'
-  tags: cve,wordpress,wp-plugin,woo-smart-quick-view,medium
+  tags: cve,wordpress,wp-plugin,woo-smart-quick-view,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6496-a2bc40be2dd87e9dcd0977a6fdf140d6.yaml b/nuclei-templates/2023/CVE-2023-6496-a2bc40be2dd87e9dcd0977a6fdf140d6.yaml
index 5c84ff7cfe..79a85b6bd2 100644
--- a/nuclei-templates/2023/CVE-2023-6496-a2bc40be2dd87e9dcd0977a6fdf140d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-6496-a2bc40be2dd87e9dcd0977a6fdf140d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Manage Notification E-mails <= 1.8.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. This makes it possible for unauthenticated attackers to obtain plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/manage-notification-emails/"
     google-query: inurl:"/wp-content/plugins/manage-notification-emails/"
     shodan-query: 'vuln:CVE-2023-6496'
-  tags: cve,wordpress,wp-plugin,manage-notification-emails,medium
+  tags: cve,wordpress,wp-plugin,manage-notification-emails,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6497-6b95e055e3edeffca7582f29e2098070.yaml b/nuclei-templates/2023/CVE-2023-6497-6b95e055e3edeffca7582f29e2098070.yaml
index e8f12a3722..83f5df056e 100644
--- a/nuclei-templates/2023/CVE-2023-6497-6b95e055e3edeffca7582f29e2098070.yaml
+++ b/nuclei-templates/2023/CVE-2023-6497-6b95e055e3edeffca7582f29e2098070.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Simple Shopping Cart <= 4.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-simple-paypal-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/wordpress-simple-paypal-shopping-cart/"
     shodan-query: 'vuln:CVE-2023-6497'
-  tags: cve,wordpress,wp-plugin,wordpress-simple-paypal-shopping-cart,medium
+  tags: cve,wordpress,wp-plugin,wordpress-simple-paypal-shopping-cart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6498-5e5f3cf37fc64d7bac2aaac542661852.yaml b/nuclei-templates/2023/CVE-2023-6498-5e5f3cf37fc64d7bac2aaac542661852.yaml
index 6f2881aa72..d0c4ba9e57 100644
--- a/nuclei-templates/2023/CVE-2023-6498-5e5f3cf37fc64d7bac2aaac542661852.yaml
+++ b/nuclei-templates/2023/CVE-2023-6498-5e5f3cf37fc64d7bac2aaac542661852.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Complianz | GDPR/CCPA Cookie Consent <= 6.5.5 - Authenticated(Administrator+) Stored Cross-site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/complianz-gdpr/"
     google-query: inurl:"/wp-content/plugins/complianz-gdpr/"
     shodan-query: 'vuln:CVE-2023-6498'
-  tags: cve,wordpress,wp-plugin,complianz-gdpr,medium
+  tags: cve,wordpress,wp-plugin,complianz-gdpr,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6500-9868f32ae613992060ba083e76a3d3bf.yaml b/nuclei-templates/2023/CVE-2023-6500-9868f32ae613992060ba083e76a3d3bf.yaml
index 9f1f01a38a..ff841c1ac8 100644
--- a/nuclei-templates/2023/CVE-2023-6500-9868f32ae613992060ba083e76a3d3bf.yaml
+++ b/nuclei-templates/2023/CVE-2023-6500-9868f32ae613992060ba083e76a3d3bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'secondarycolor' and 'maincolor'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shariff/"
     google-query: inurl:"/wp-content/plugins/shariff/"
     shodan-query: 'vuln:CVE-2023-6500'
-  tags: cve,wordpress,wp-plugin,shariff,medium
+  tags: cve,wordpress,wp-plugin,shariff,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6524-bed91f2c82382c1fad6f81b58becdcb8.yaml b/nuclei-templates/2023/CVE-2023-6524-bed91f2c82382c1fad6f81b58becdcb8.yaml
index 3ab1513a93..c53fd86bd5 100644
--- a/nuclei-templates/2023/CVE-2023-6524-bed91f2c82382c1fad6f81b58becdcb8.yaml
+++ b/nuclei-templates/2023/CVE-2023-6524-bed91f2c82382c1fad6f81b58becdcb8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-6524'
-  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6525-55933111032f4be98ad6ab7b8ab899fc.yaml b/nuclei-templates/2023/CVE-2023-6525-55933111032f4be98ad6ab7b8ab899fc.yaml
index c4c58f3755..1f0e31ff53 100644
--- a/nuclei-templates/2023/CVE-2023-6525-55933111032f4be98ad6ab7b8ab899fc.yaml
+++ b/nuclei-templates/2023/CVE-2023-6525-55933111032f4be98ad6ab7b8ab899fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsKit Elementor addons <= 3.0.3 - Authenticated(Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit-lite/"
     google-query: inurl:"/wp-content/plugins/elementskit-lite/"
     shodan-query: 'vuln:CVE-2023-6525'
-  tags: cve,wordpress,wp-plugin,elementskit-lite,medium
+  tags: cve,wordpress,wp-plugin,elementskit-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6526-00301543cb972104eceace7da89e80f4.yaml b/nuclei-templates/2023/CVE-2023-6526-00301543cb972104eceace7da89e80f4.yaml
index 01152825c1..d1e31fa3d6 100644
--- a/nuclei-templates/2023/CVE-2023-6526-00301543cb972104eceace7da89e80f4.yaml
+++ b/nuclei-templates/2023/CVE-2023-6526-00301543cb972104eceace7da89e80f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meta Box – WordPress Custom Fields Framework <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meta-box/"
     google-query: inurl:"/wp-content/plugins/meta-box/"
     shodan-query: 'vuln:CVE-2023-6526'
-  tags: cve,wordpress,wp-plugin,meta-box,medium
+  tags: cve,wordpress,wp-plugin,meta-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6528-37ebb1547ffcf7ee914afd4ab2a7338e.yaml b/nuclei-templates/2023/CVE-2023-6528-37ebb1547ffcf7ee914afd4ab2a7338e.yaml
index d0c959a37a..f8359a1648 100644
--- a/nuclei-templates/2023/CVE-2023-6528-37ebb1547ffcf7ee914afd4ab2a7338e.yaml
+++ b/nuclei-templates/2023/CVE-2023-6528-37ebb1547ffcf7ee914afd4ab2a7338e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Slider Revolution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 6.6.19 (exclusive) via deserialization of untrusted input when importing a new slider. This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/revslider/"
     google-query: inurl:"/wp-content/plugins/revslider/"
     shodan-query: 'vuln:CVE-2023-6528'
-  tags: cve,wordpress,wp-plugin,revslider,high
+  tags: cve,wordpress,wp-plugin,revslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6529-0e6778305a28eacf186b54844a0e5ea0.yaml b/nuclei-templates/2023/CVE-2023-6529-0e6778305a28eacf186b54844a0e5ea0.yaml
index a111c4e8ce..da173fe427 100644
--- a/nuclei-templates/2023/CVE-2023-6529-0e6778305a28eacf186b54844a0e5ea0.yaml
+++ b/nuclei-templates/2023/CVE-2023-6529-0e6778305a28eacf186b54844a0e5ea0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP VR <= 8.3.14 - Missing Authorization to Plugin Version Downgrade
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the trigger_rollback() function in all versions up to, and including, 8.3.14. This makes it possible for unauthenticated attackers to downgrade the plugins version which can be used to exploit older vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvr/"
     google-query: inurl:"/wp-content/plugins/wpvr/"
     shodan-query: 'vuln:CVE-2023-6529'
-  tags: cve,wordpress,wp-plugin,wpvr,medium
+  tags: cve,wordpress,wp-plugin,wpvr,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6530-4f1dddafa18fba59ec7aef53cc2b0d3d.yaml b/nuclei-templates/2023/CVE-2023-6530-4f1dddafa18fba59ec7aef53cc2b0d3d.yaml
index b2d67d3b65..8ea9405e27 100644
--- a/nuclei-templates/2023/CVE-2023-6530-4f1dddafa18fba59ec7aef53cc2b0d3d.yaml
+++ b/nuclei-templates/2023/CVE-2023-6530-4f1dddafa18fba59ec7aef53cc2b0d3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TJ Shortcodes 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TJ Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-junkie-shortcodes/"
     google-query: inurl:"/wp-content/plugins/theme-junkie-shortcodes/"
     shodan-query: 'vuln:CVE-2023-6530'
-  tags: cve,wordpress,wp-plugin,theme-junkie-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,theme-junkie-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6541-3108293e567a66e53a5d8bbabea561b6.yaml b/nuclei-templates/2023/CVE-2023-6541-3108293e567a66e53a5d8bbabea561b6.yaml
index 7aeb264b92..93df5e1ae5 100644
--- a/nuclei-templates/2023/CVE-2023-6541-3108293e567a66e53a5d8bbabea561b6.yaml
+++ b/nuclei-templates/2023/CVE-2023-6541-3108293e567a66e53a5d8bbabea561b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Allow SVG <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Allow SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/allow-svg/"
     google-query: inurl:"/wp-content/plugins/allow-svg/"
     shodan-query: 'vuln:CVE-2023-6541'
-  tags: cve,wordpress,wp-plugin,allow-svg,medium
+  tags: cve,wordpress,wp-plugin,allow-svg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6556-94b50ea832a6fb6b13dcb5407b94970f.yaml b/nuclei-templates/2023/CVE-2023-6556-94b50ea832a6fb6b13dcb5407b94970f.yaml
index 883e34a8ad..68266d71f0 100644
--- a/nuclei-templates/2023/CVE-2023-6556-94b50ea832a6fb6b13dcb5407b94970f.yaml
+++ b/nuclei-templates/2023/CVE-2023-6556-94b50ea832a6fb6b13dcb5407b94970f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-currency-switcher/"
     google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/"
     shodan-query: 'vuln:CVE-2023-6556'
-  tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6558-0ced1508729f529a88bdefd2f552e467.yaml b/nuclei-templates/2023/CVE-2023-6558-0ced1508729f529a88bdefd2f552e467.yaml
index c2c7a3b981..489e4a61f7 100644
--- a/nuclei-templates/2023/CVE-2023-6558-0ced1508729f529a88bdefd2f552e467.yaml
+++ b/nuclei-templates/2023/CVE-2023-6558-0ced1508729f529a88bdefd2f552e467.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export and Import Users and Customers <= 2.4.8 - Authenticated (Shop Manager+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-customers-import-export-for-wp-woocommerce/"
     google-query: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/"
     shodan-query: 'vuln:CVE-2023-6558'
-  tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,high
+  tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6561-f05edbcd117bd78991a113d104243207.yaml b/nuclei-templates/2023/CVE-2023-6561-f05edbcd117bd78991a113d104243207.yaml
index a522a2fedb..3bbc252c18 100644
--- a/nuclei-templates/2023/CVE-2023-6561-f05edbcd117bd78991a113d104243207.yaml
+++ b/nuclei-templates/2023/CVE-2023-6561-f05edbcd117bd78991a113d104243207.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Featured Image from URL (FIFU) <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/featured-image-from-url/"
     google-query: inurl:"/wp-content/plugins/featured-image-from-url/"
     shodan-query: 'vuln:CVE-2023-6561'
-  tags: cve,wordpress,wp-plugin,featured-image-from-url,medium
+  tags: cve,wordpress,wp-plugin,featured-image-from-url,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6583-7e3d963887f74672e4d9f1a2c2d7ff76.yaml b/nuclei-templates/2023/CVE-2023-6583-7e3d963887f74672e4d9f1a2c2d7ff76.yaml
index 9bb34cdbb0..6c080185f1 100644
--- a/nuclei-templates/2023/CVE-2023-6583-7e3d963887f74672e4d9f1a2c2d7ff76.yaml
+++ b/nuclei-templates/2023/CVE-2023-6583-7e3d963887f74672e4d9f1a2c2d7ff76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import and export users and customers <= 1.24.2 - Authenticated(Administrator+) Directory Traversal via Recurring Import Functionality
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2023-6583'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6591-4f73bdbdeaed18569d9edce85c2c628c.yaml b/nuclei-templates/2023/CVE-2023-6591-4f73bdbdeaed18569d9edce85c2c628c.yaml
index 0006127cf5..1a66606185 100644
--- a/nuclei-templates/2023/CVE-2023-6591-4f73bdbdeaed18569d9edce85c2c628c.yaml
+++ b/nuclei-templates/2023/CVE-2023-6591-4f73bdbdeaed18569d9edce85c2c628c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Box Pro < 20.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 20.9.0 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Please note this affects the premium version of the plugin despite the shared slug.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-popup-box/"
     google-query: inurl:"/wp-content/plugins/ays-popup-box/"
     shodan-query: 'vuln:CVE-2023-6591'
-  tags: cve,wordpress,wp-plugin,ays-popup-box,medium
+  tags: cve,wordpress,wp-plugin,ays-popup-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6594-3394a8c6bca4050b8fcb857b11ee3b36.yaml b/nuclei-templates/2023/CVE-2023-6594-3394a8c6bca4050b8fcb857b11ee3b36.yaml
index 5fb2f8dc51..8b527cad98 100644
--- a/nuclei-templates/2023/CVE-2023-6594-3394a8c6bca4050b8fcb857b11ee3b36.yaml
+++ b/nuclei-templates/2023/CVE-2023-6594-3394a8c6bca4050b8fcb857b11ee3b36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Button Plugin MaxButtons <= 9.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Administrators can give button creation privileges to users with lower levels (contributor+) which would allow those lower-privileged users to carry out attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maxbuttons/"
     google-query: inurl:"/wp-content/plugins/maxbuttons/"
     shodan-query: 'vuln:CVE-2023-6594'
-  tags: cve,wordpress,wp-plugin,maxbuttons,medium
+  tags: cve,wordpress,wp-plugin,maxbuttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6598-54778688cb39f84f341e249c6ffef279.yaml b/nuclei-templates/2023/CVE-2023-6598-54778688cb39f84f341e249c6ffef279.yaml
index 5e0ed9487b..019bfc0c96 100644
--- a/nuclei-templates/2023/CVE-2023-6598-54778688cb39f84f341e249c6ffef279.yaml
+++ b/nuclei-templates/2023/CVE-2023-6598-54778688cb39f84f341e249c6ffef279.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SpeedyCache <= 1.1.3 - Missing Authorization to Plugin Options Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/speedycache/"
     google-query: inurl:"/wp-content/plugins/speedycache/"
     shodan-query: 'vuln:CVE-2023-6598'
-  tags: cve,wordpress,wp-plugin,speedycache,medium
+  tags: cve,wordpress,wp-plugin,speedycache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6620-9886017b189939b50d12738a1b1a19c5.yaml b/nuclei-templates/2023/CVE-2023-6620-9886017b189939b50d12738a1b1a19c5.yaml
index 88a2342c77..e916b22dba 100644
--- a/nuclei-templates/2023/CVE-2023-6620-9886017b189939b50d12738a1b1a19c5.yaml
+++ b/nuclei-templates/2023/CVE-2023-6620-9886017b189939b50d12738a1b1a19c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.6 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator access or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-smtp/"
     google-query: inurl:"/wp-content/plugins/post-smtp/"
     shodan-query: 'vuln:CVE-2023-6620'
-  tags: cve,wordpress,wp-plugin,post-smtp,high
+  tags: cve,wordpress,wp-plugin,post-smtp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6624-0c813c83aee456b071e95980f729e012.yaml b/nuclei-templates/2023/CVE-2023-6624-0c813c83aee456b071e95980f729e012.yaml
index 7243b364e4..17e93eeaed 100644
--- a/nuclei-templates/2023/CVE-2023-6624-0c813c83aee456b071e95980f729e012.yaml
+++ b/nuclei-templates/2023/CVE-2023-6624-0c813c83aee456b071e95980f729e012.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2023-6624'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6626-628e944f1865bad285b75e5824e5bb82.yaml b/nuclei-templates/2023/CVE-2023-6626-628e944f1865bad285b75e5824e5bb82.yaml
index 4c89f24e10..917ac6fb10 100644
--- a/nuclei-templates/2023/CVE-2023-6626-628e944f1865bad285b75e5824e5bb82.yaml
+++ b/nuclei-templates/2023/CVE-2023-6626-628e944f1865bad285b75e5824e5bb82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Enquiry for WooCommerce <= 3.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product Enquiry for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gm-woocommerce-quote-popup/"
     google-query: inurl:"/wp-content/plugins/gm-woocommerce-quote-popup/"
     shodan-query: 'vuln:CVE-2023-6626'
-  tags: cve,wordpress,wp-plugin,gm-woocommerce-quote-popup,medium
+  tags: cve,wordpress,wp-plugin,gm-woocommerce-quote-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6627-7b9a92238f85900b8c03567a6a71f188.yaml b/nuclei-templates/2023/CVE-2023-6627-7b9a92238f85900b8c03567a6a71f188.yaml
index 91e136847f..3f268e5af5 100644
--- a/nuclei-templates/2023/CVE-2023-6627-7b9a92238f85900b8c03567a6a71f188.yaml
+++ b/nuclei-templates/2023/CVE-2023-6627-7b9a92238f85900b8c03567a6a71f188.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Maps <= 9.0.27 - Unauthenticated Stored Cross-Site Scripting via REST API
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 9.0.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-maps/"
     google-query: inurl:"/wp-content/plugins/wp-google-maps/"
     shodan-query: 'vuln:CVE-2023-6627'
-  tags: cve,wordpress,wp-plugin,wp-google-maps,medium
+  tags: cve,wordpress,wp-plugin,wp-google-maps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6632-5f5be8778a8041dd72149d1e03212c77.yaml b/nuclei-templates/2023/CVE-2023-6632-5f5be8778a8041dd72149d1e03212c77.yaml
index 909ee509ea..c3c2633fb2 100644
--- a/nuclei-templates/2023/CVE-2023-6632-5f5be8778a8041dd72149d1e03212c77.yaml
+++ b/nuclei-templates/2023/CVE-2023-6632-5f5be8778a8041dd72149d1e03212c77.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2023-6632
   metadata:
-    fofa-query: "wp-content/plugins/happy-elementor-addons-pro/"
-    google-query: inurl:"/wp-content/plugins/happy-elementor-addons-pro/"
+    fofa-query: "wp-content/plugins/happy-elementor-addons/"
+    google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2023-6632'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons-pro,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons-pro/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "happy-elementor-addons-pro"
+          - "happy-elementor-addons"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.9.1.1')
\ No newline at end of file
+          - compare_versions(version, '<= 3.9.1.1')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-6635-009566ddcb125b1bb12196db82871dc9.yaml b/nuclei-templates/2023/CVE-2023-6635-009566ddcb125b1bb12196db82871dc9.yaml
index c57e26aab3..71f1489607 100644
--- a/nuclei-templates/2023/CVE-2023-6635-009566ddcb125b1bb12196db82871dc9.yaml
+++ b/nuclei-templates/2023/CVE-2023-6635-009566ddcb125b1bb12196db82871dc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EditorsKit <= 1.40.3 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/block-options/"
     google-query: inurl:"/wp-content/plugins/block-options/"
     shodan-query: 'vuln:CVE-2023-6635'
-  tags: cve,wordpress,wp-plugin,block-options,high
+  tags: cve,wordpress,wp-plugin,block-options,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6636-c16c01b270f8ba46731b798dbc4b70f0.yaml b/nuclei-templates/2023/CVE-2023-6636-c16c01b270f8ba46731b798dbc4b70f0.yaml
index b4b51b9fd4..318cbc83cb 100644
--- a/nuclei-templates/2023/CVE-2023-6636-c16c01b270f8ba46731b798dbc4b70f0.yaml
+++ b/nuclei-templates/2023/CVE-2023-6636-c16c01b270f8ba46731b798dbc4b70f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Greenshift – animation and page builder blocks <= 7.6.2 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/greenshift-animation-and-page-builder-blocks/"
     google-query: inurl:"/wp-content/plugins/greenshift-animation-and-page-builder-blocks/"
     shodan-query: 'vuln:CVE-2023-6636'
-  tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,high
+  tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6637-8450871a53e20b19adaa61e1434e59d8.yaml b/nuclei-templates/2023/CVE-2023-6637-8450871a53e20b19adaa61e1434e59d8.yaml
index 9a0c3667af..21aa2dd83e 100644
--- a/nuclei-templates/2023/CVE-2023-6637-8450871a53e20b19adaa61e1434e59d8.yaml
+++ b/nuclei-templates/2023/CVE-2023-6637-8450871a53e20b19adaa61e1434e59d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CAOS | Host Google Analytics Locally <= 4.7.14 - Missing Authorization to Unauthenticated Plugin Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/host-analyticsjs-local/"
     google-query: inurl:"/wp-content/plugins/host-analyticsjs-local/"
     shodan-query: 'vuln:CVE-2023-6637'
-  tags: cve,wordpress,wp-plugin,host-analyticsjs-local,medium
+  tags: cve,wordpress,wp-plugin,host-analyticsjs-local,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6638-53d09e4ac030b1b8d99973338cf6e155.yaml b/nuclei-templates/2023/CVE-2023-6638-53d09e4ac030b1b8d99973338cf6e155.yaml
index d92ed5e40e..25c22e38c8 100644
--- a/nuclei-templates/2023/CVE-2023-6638-53d09e4ac030b1b8d99973338cf6e155.yaml
+++ b/nuclei-templates/2023/CVE-2023-6638-53d09e4ac030b1b8d99973338cf6e155.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GTG Product Feed for Shopping <= 1.2.8 - Missing Authorization to Unauthenticated Plugin Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.8. This makes it possible for unauthenticated attackers to update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gg-woo-feed/"
     google-query: inurl:"/wp-content/plugins/gg-woo-feed/"
     shodan-query: 'vuln:CVE-2023-6638'
-  tags: cve,wordpress,wp-plugin,gg-woo-feed,medium
+  tags: cve,wordpress,wp-plugin,gg-woo-feed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6645-035b152afda993b6317a93d2886e872e.yaml b/nuclei-templates/2023/CVE-2023-6645-035b152afda993b6317a93d2886e872e.yaml
index 8c34499f91..9bc24413a4 100644
--- a/nuclei-templates/2023/CVE-2023-6645-035b152afda993b6317a93d2886e872e.yaml
+++ b/nuclei-templates/2023/CVE-2023-6645-035b152afda993b6317a93d2886e872e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-grid/"
     google-query: inurl:"/wp-content/plugins/post-grid/"
     shodan-query: 'vuln:CVE-2023-6645'
-  tags: cve,wordpress,wp-plugin,post-grid,medium
+  tags: cve,wordpress,wp-plugin,post-grid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6684-912a26e9536c81b126d2560cabd51139.yaml b/nuclei-templates/2023/CVE-2023-6684-912a26e9536c81b126d2560cabd51139.yaml
index 46789e2c0f..2d976fa72e 100644
--- a/nuclei-templates/2023/CVE-2023-6684-912a26e9536c81b126d2560cabd51139.yaml
+++ b/nuclei-templates/2023/CVE-2023-6684-912a26e9536c81b126d2560cabd51139.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ibtana – WordPress Website Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ibtana-visual-editor/"
     google-query: inurl:"/wp-content/plugins/ibtana-visual-editor/"
     shodan-query: 'vuln:CVE-2023-6684'
-  tags: cve,wordpress,wp-plugin,ibtana-visual-editor,medium
+  tags: cve,wordpress,wp-plugin,ibtana-visual-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6694-b957cb5f454b449f583a6eef42317102.yaml b/nuclei-templates/2023/CVE-2023-6694-b957cb5f454b449f583a6eef42317102.yaml
index edfc1f1d00..c3e84335d7 100644
--- a/nuclei-templates/2023/CVE-2023-6694-b957cb5f454b449f583a6eef42317102.yaml
+++ b/nuclei-templates/2023/CVE-2023-6694-b957cb5f454b449f583a6eef42317102.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Themer <= 1.4.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-themer/"
     google-query: inurl:"/wp-content/plugins/beaver-themer/"
     shodan-query: 'vuln:CVE-2023-6694'
-  tags: cve,wordpress,wp-plugin,beaver-themer,medium
+  tags: cve,wordpress,wp-plugin,beaver-themer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6695-c8a7f0039447f90c8cdf2d5bac0144d4.yaml b/nuclei-templates/2023/CVE-2023-6695-c8a7f0039447f90c8cdf2d5bac0144d4.yaml
index 2abe67e3a9..b47237de25 100644
--- a/nuclei-templates/2023/CVE-2023-6695-c8a7f0039447f90c8cdf2d5bac0144d4.yaml
+++ b/nuclei-templates/2023/CVE-2023-6695-c8a7f0039447f90c8cdf2d5bac0144d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-themer/"
     google-query: inurl:"/wp-content/plugins/beaver-themer/"
     shodan-query: 'vuln:CVE-2023-6695'
-  tags: cve,wordpress,wp-plugin,beaver-themer,medium
+  tags: cve,wordpress,wp-plugin,beaver-themer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6700-9a25bf02d1d516ebfa83ea0a4af36e6d.yaml b/nuclei-templates/2023/CVE-2023-6700-9a25bf02d1d516ebfa83ea0a4af36e6d.yaml
index f1d84b6e2b..15e0d2fbe1 100644
--- a/nuclei-templates/2023/CVE-2023-6700-9a25bf02d1d516ebfa83ea0a4af36e6d.yaml
+++ b/nuclei-templates/2023/CVE-2023-6700-9a25bf02d1d516ebfa83ea0a4af36e6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-gdpr-compliance/"
     google-query: inurl:"/wp-content/plugins/wp-gdpr-compliance/"
     shodan-query: 'vuln:CVE-2023-6700'
-  tags: cve,wordpress,wp-plugin,wp-gdpr-compliance,high
+  tags: cve,wordpress,wp-plugin,wp-gdpr-compliance,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6701-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml b/nuclei-templates/2023/CVE-2023-6701-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml
index 008bfea3c5..8b86977c68 100644
--- a/nuclei-templates/2023/CVE-2023-6701-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml
+++ b/nuclei-templates/2023/CVE-2023-6701-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2023-6701
   metadata:
-    fofa-query: "wp-content/plugins/advanced-custom-fields/"
-    google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
+    fofa-query: "wp-content/plugins/advanced-custom-fields-pro/"
+    google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/"
     shodan-query: 'vuln:CVE-2023-6701'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "advanced-custom-fields"
+          - "advanced-custom-fields-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2023/CVE-2023-6732-d90dc94bb51dfa2f24514c386a4ae9c2.yaml b/nuclei-templates/2023/CVE-2023-6732-d90dc94bb51dfa2f24514c386a4ae9c2.yaml
index f4491ca415..23a13bb6fb 100644
--- a/nuclei-templates/2023/CVE-2023-6732-d90dc94bb51dfa2f24514c386a4ae9c2.yaml
+++ b/nuclei-templates/2023/CVE-2023-6732-d90dc94bb51dfa2f24514c386a4ae9c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Maps by Supsystic <= 1.2.15 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-maps-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/ultimate-maps-by-supsystic/"
     shodan-query: 'vuln:CVE-2023-6732'
-  tags: cve,wordpress,wp-plugin,ultimate-maps-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,ultimate-maps-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6733-00ca2c99ad053400f72b1ad04cedfa49.yaml b/nuclei-templates/2023/CVE-2023-6733-00ca2c99ad053400f72b1ad04cedfa49.yaml
index 1ee1e385b0..8ce055eb71 100644
--- a/nuclei-templates/2023/CVE-2023-6733-00ca2c99ad053400f72b1ad04cedfa49.yaml
+++ b/nuclei-templates/2023/CVE-2023-6733-00ca2c99ad053400f72b1ad04cedfa49.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-members/"
     google-query: inurl:"/wp-content/plugins/wp-members/"
     shodan-query: 'vuln:CVE-2023-6733'
-  tags: cve,wordpress,wp-plugin,wp-members,medium
+  tags: cve,wordpress,wp-plugin,wp-members,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6738-98aaf1a94b96eeb1d120f5b84c22c6ea.yaml b/nuclei-templates/2023/CVE-2023-6738-98aaf1a94b96eeb1d120f5b84c22c6ea.yaml
index e9ddf04b33..98efe052c5 100644
--- a/nuclei-templates/2023/CVE-2023-6738-98aaf1a94b96eeb1d120f5b84c22c6ea.yaml
+++ b/nuclei-templates/2023/CVE-2023-6738-98aaf1a94b96eeb1d120f5b84c22c6ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagelayer/"
     google-query: inurl:"/wp-content/plugins/pagelayer/"
     shodan-query: 'vuln:CVE-2023-6738'
-  tags: cve,wordpress,wp-plugin,pagelayer,medium
+  tags: cve,wordpress,wp-plugin,pagelayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6742-d0a21350c57dcbddba5f33bc0580065b.yaml b/nuclei-templates/2023/CVE-2023-6742-d0a21350c57dcbddba5f33bc0580065b.yaml
index 50ee22b4fd..3caa6388ba 100644
--- a/nuclei-templates/2023/CVE-2023-6742-d0a21350c57dcbddba5f33bc0580065b.yaml
+++ b/nuclei-templates/2023/CVE-2023-6742-d0a21350c57dcbddba5f33bc0580065b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/envira-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/envira-gallery-lite/"
     shodan-query: 'vuln:CVE-2023-6742'
-  tags: cve,wordpress,wp-plugin,envira-gallery-lite,medium
+  tags: cve,wordpress,wp-plugin,envira-gallery-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6744-e37e5d73321c4c6eb17ee3379b565090.yaml b/nuclei-templates/2023/CVE-2023-6744-e37e5d73321c4c6eb17ee3379b565090.yaml
index 2de68d1de8..00d9c21b10 100644
--- a/nuclei-templates/2023/CVE-2023-6744-e37e5d73321c4c6eb17ee3379b565090.yaml
+++ b/nuclei-templates/2023/CVE-2023-6744-e37e5d73321c4c6eb17ee3379b565090.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Divi <= 4.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Divi/"
     google-query: inurl:"/wp-content/themes/Divi/"
     shodan-query: 'vuln:CVE-2023-6744'
-  tags: cve,wordpress,wp-theme,Divi,medium
+  tags: cve,wordpress,wp-theme,Divi,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6747-a94721f1db6a21d7268903bae3160d03.yaml b/nuclei-templates/2023/CVE-2023-6747-a94721f1db6a21d7268903bae3160d03.yaml
index f2677025cd..0a09b8c40e 100644
--- a/nuclei-templates/2023/CVE-2023-6747-a94721f1db6a21d7268903bae3160d03.yaml
+++ b/nuclei-templates/2023/CVE-2023-6747-a94721f1db6a21d7268903bae3160d03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2023-6747
   metadata:
-    fofa-query: "wp-content/plugins/foogallery-premium/"
-    google-query: inurl:"/wp-content/plugins/foogallery-premium/"
+    fofa-query: "wp-content/plugins/foogallery/"
+    google-query: inurl:"/wp-content/plugins/foogallery/"
     shodan-query: 'vuln:CVE-2023-6747'
-  tags: cve,wordpress,wp-plugin,foogallery-premium,medium
+  tags: cve,wordpress,wp-plugin,foogallery,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/foogallery-premium/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "foogallery-premium"
+          - "foogallery"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.3.3')
\ No newline at end of file
+          - compare_versions(version, '<= 2.4.8')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-6776-d37560ff6c6a3603574d27509821e565.yaml b/nuclei-templates/2023/CVE-2023-6776-d37560ff6c6a3603574d27509821e565.yaml
index c17322d732..c284bb96da 100644
--- a/nuclei-templates/2023/CVE-2023-6776-d37560ff6c6a3603574d27509821e565.yaml
+++ b/nuclei-templates/2023/CVE-2023-6776-d37560ff6c6a3603574d27509821e565.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3D Flipbook <= 1.15.2 - Authenticated (Contributor+) Cross-Site Scripting via Ready Function
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Function’ field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/"
     google-query: inurl:"/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/"
     shodan-query: 'vuln:CVE-2023-6776'
-  tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,medium
+  tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6781-058a642e0573877c079f2c954605d344.yaml b/nuclei-templates/2023/CVE-2023-6781-058a642e0573877c079f2c954605d344.yaml
index 27579e9cec..cc7639acb8 100644
--- a/nuclei-templates/2023/CVE-2023-6781-058a642e0573877c079f2c954605d344.yaml
+++ b/nuclei-templates/2023/CVE-2023-6781-058a642e0573877c079f2c954605d344.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themeisle-companion/"
     google-query: inurl:"/wp-content/plugins/themeisle-companion/"
     shodan-query: 'vuln:CVE-2023-6781'
-  tags: cve,wordpress,wp-plugin,themeisle-companion,medium
+  tags: cve,wordpress,wp-plugin,themeisle-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6782-d0f1f9dc5f8553a777fe29b0dbac4733.yaml b/nuclei-templates/2023/CVE-2023-6782-d0f1f9dc5f8553a777fe29b0dbac4733.yaml
index 3d3a565603..39d3c4d281 100644
--- a/nuclei-templates/2023/CVE-2023-6782-d0f1f9dc5f8553a777fe29b0dbac4733.yaml
+++ b/nuclei-templates/2023/CVE-2023-6782-d0f1f9dc5f8553a777fe29b0dbac4733.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AMP for WP – Accelerated Mobile Pages <= 1.0.92 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accelerated-mobile-pages/"
     google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/"
     shodan-query: 'vuln:CVE-2023-6782'
-  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,medium
+  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6783-b64173f040b81fec7a1fc17ca0c0ce07.yaml b/nuclei-templates/2023/CVE-2023-6783-b64173f040b81fec7a1fc17ca0c0ce07.yaml
index ab88b4cf42..8bf21d5c5a 100644
--- a/nuclei-templates/2023/CVE-2023-6783-b64173f040b81fec7a1fc17ca0c0ce07.yaml
+++ b/nuclei-templates/2023/CVE-2023-6783-b64173f040b81fec7a1fc17ca0c0ce07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WolfNet IDX for WordPress <= 1.19.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WolfNet IDX for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wolfnet-idx-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/wolfnet-idx-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-6783'
-  tags: cve,wordpress,wp-plugin,wolfnet-idx-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,wolfnet-idx-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6785-baeb593e80daf8c0e9aa6de629d61f7e.yaml b/nuclei-templates/2023/CVE-2023-6785-baeb593e80daf8c0e9aa6de629d61f7e.yaml
index ad15dbef9f..6549841f60 100644
--- a/nuclei-templates/2023/CVE-2023-6785-baeb593e80daf8c0e9aa6de629d61f7e.yaml
+++ b/nuclei-templates/2023/CVE-2023-6785-baeb593e80daf8c0e9aa6de629d61f7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.84 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2023-6785'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6798-a69ba668991cc895684ef6a2a0130022.yaml b/nuclei-templates/2023/CVE-2023-6798-a69ba668991cc895684ef6a2a0130022.yaml
index 8e6ce5d4fa..6125abb4aa 100644
--- a/nuclei-templates/2023/CVE-2023-6798-a69ba668991cc895684ef6a2a0130022.yaml
+++ b/nuclei-templates/2023/CVE-2023-6798-a69ba668991cc895684ef6a2a0130022.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedzy-rss-feeds/"
     google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/"
     shodan-query: 'vuln:CVE-2023-6798'
-  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,medium
+  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6801-915f28ed1e0ddfda2fff50d4304f5401.yaml b/nuclei-templates/2023/CVE-2023-6801-915f28ed1e0ddfda2fff50d4304f5401.yaml
index 19383173ba..b8d66b4399 100644
--- a/nuclei-templates/2023/CVE-2023-6801-915f28ed1e0ddfda2fff50d4304f5401.yaml
+++ b/nuclei-templates/2023/CVE-2023-6801-915f28ed1e0ddfda2fff50d4304f5401.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedzy-rss-feeds/"
     google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/"
     shodan-query: 'vuln:CVE-2023-6801'
-  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,medium
+  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6805-e0ef3d1097adeccc2f12bfdbdbab9d9c.yaml b/nuclei-templates/2023/CVE-2023-6805-e0ef3d1097adeccc2f12bfdbdbab9d9c.yaml
index 4cce2eb145..c70f39884e 100644
--- a/nuclei-templates/2023/CVE-2023-6805-e0ef3d1097adeccc2f12bfdbdbab9d9c.yaml
+++ b/nuclei-templates/2023/CVE-2023-6805-e0ef3d1097adeccc2f12bfdbdbab9d9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.7 - Authenticated(Contributor+) Blind Server-Side Request Forgery (SSRF)
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers, with contributor access and above, to make web requests to arbitrary locations originating from the web application and can be used to modify information from internal services. NOTE: This vulnerability, exploitable by contributor-level users, was was fixed in version 4.4.7. The same vulnerability was fixed for author-level users in version 4.4.8.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedzy-rss-feeds/"
     google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/"
     shodan-query: 'vuln:CVE-2023-6805'
-  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,medium
+  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6806-55749978c55c3ff34eeaa5813711f342.yaml b/nuclei-templates/2023/CVE-2023-6806-55749978c55c3ff34eeaa5813711f342.yaml
index 02f2339508..c2362f2f6c 100644
--- a/nuclei-templates/2023/CVE-2023-6806-55749978c55c3ff34eeaa5813711f342.yaml
+++ b/nuclei-templates/2023/CVE-2023-6806-55749978c55c3ff34eeaa5813711f342.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/starbox/"
     google-query: inurl:"/wp-content/plugins/starbox/"
     shodan-query: 'vuln:CVE-2023-6806'
-  tags: cve,wordpress,wp-plugin,starbox,medium
+  tags: cve,wordpress,wp-plugin,starbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6807-616c8823c1cd69f1db936287f2d1fa7d.yaml b/nuclei-templates/2023/CVE-2023-6807-616c8823c1cd69f1db936287f2d1fa7d.yaml
index 9ec8c10d82..efee3ee8bb 100644
--- a/nuclei-templates/2023/CVE-2023-6807-616c8823c1cd69f1db936287f2d1fa7d.yaml
+++ b/nuclei-templates/2023/CVE-2023-6807-616c8823c1cd69f1db936287f2d1fa7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GeneratePress Premium <= 2.3.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom Meta
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/generatepress-premium/"
     google-query: inurl:"/wp-content/plugins/generatepress-premium/"
     shodan-query: 'vuln:CVE-2023-6807'
-  tags: cve,wordpress,wp-plugin,generatepress-premium,medium
+  tags: cve,wordpress,wp-plugin,generatepress-premium,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6808-d7b2973ce1bce5f224e9a3aa96df9db7.yaml b/nuclei-templates/2023/CVE-2023-6808-d7b2973ce1bce5f224e9a3aa96df9db7.yaml
index 228ea4e7f6..af6adc91c4 100644
--- a/nuclei-templates/2023/CVE-2023-6808-d7b2973ce1bce5f224e9a3aa96df9db7.yaml
+++ b/nuclei-templates/2023/CVE-2023-6808-d7b2973ce1bce5f224e9a3aa96df9db7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ameliabooking/"
     google-query: inurl:"/wp-content/plugins/ameliabooking/"
     shodan-query: 'vuln:CVE-2023-6808'
-  tags: cve,wordpress,wp-plugin,ameliabooking,medium
+  tags: cve,wordpress,wp-plugin,ameliabooking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6809-8199a4f2b40a6eabf0daf50bba86ea3b.yaml b/nuclei-templates/2023/CVE-2023-6809-8199a4f2b40a6eabf0daf50bba86ea3b.yaml
index 0ab4f1ff86..b615c54bd1 100644
--- a/nuclei-templates/2023/CVE-2023-6809-8199a4f2b40a6eabf0daf50bba86ea3b.yaml
+++ b/nuclei-templates/2023/CVE-2023-6809-8199a4f2b40a6eabf0daf50bba86ea3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-fields-shortcode/"
     google-query: inurl:"/wp-content/plugins/custom-fields-shortcode/"
     shodan-query: 'vuln:CVE-2023-6809'
-  tags: cve,wordpress,wp-plugin,custom-fields-shortcode,medium
+  tags: cve,wordpress,wp-plugin,custom-fields-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6825-8ce49b249ec2d999d67fd390598bddc7.yaml b/nuclei-templates/2023/CVE-2023-6825-8ce49b249ec2d999d67fd390598bddc7.yaml
index c1b0346f27..a37f05ecd6 100644
--- a/nuclei-templates/2023/CVE-2023-6825-8ce49b249ec2d999d67fd390598bddc7.yaml
+++ b/nuclei-templates/2023/CVE-2023-6825-8ce49b249ec2d999d67fd390598bddc7.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.9
     cve-id: CVE-2023-6825
   metadata:
-    fofa-query: "wp-content/plugins/wp-file-manager/"
-    google-query: inurl:"/wp-content/plugins/wp-file-manager/"
+    fofa-query: "wp-content/plugins/wp-file-manager-pro/"
+    google-query: inurl:"/wp-content/plugins/wp-file-manager-pro/"
     shodan-query: 'vuln:CVE-2023-6825'
-  tags: cve,wordpress,wp-plugin,wp-file-manager,critical
+  tags: cve,wordpress,wp-plugin,wp-file-manager-pro,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-file-manager-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wp-file-manager"
+          - "wp-file-manager-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 7.2.1')
\ No newline at end of file
+          - compare_versions(version, '<= 8.3.4')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-6826-d89b8d067839983b7d38b29c3f8dcaaa.yaml b/nuclei-templates/2023/CVE-2023-6826-d89b8d067839983b7d38b29c3f8dcaaa.yaml
index 448207ab16..a5381138d6 100644
--- a/nuclei-templates/2023/CVE-2023-6826-d89b8d067839983b7d38b29c3f8dcaaa.yaml
+++ b/nuclei-templates/2023/CVE-2023-6826-d89b8d067839983b7d38b29c3f8dcaaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/e2pdf/"
     google-query: inurl:"/wp-content/plugins/e2pdf/"
     shodan-query: 'vuln:CVE-2023-6826'
-  tags: cve,wordpress,wp-plugin,e2pdf,high
+  tags: cve,wordpress,wp-plugin,e2pdf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6827-79c84a24ae01cae4e07f5d580bc271de.yaml b/nuclei-templates/2023/CVE-2023-6827-79c84a24ae01cae4e07f5d580bc271de.yaml
index 7a0652ad94..08fb2e70fc 100644
--- a/nuclei-templates/2023/CVE-2023-6827-79c84a24ae01cae4e07f5d580bc271de.yaml
+++ b/nuclei-templates/2023/CVE-2023-6827-79c84a24ae01cae4e07f5d580bc271de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Real Estate <= 4.3.5 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2023-6140 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-real-estate/"
     google-query: inurl:"/wp-content/plugins/essential-real-estate/"
     shodan-query: 'vuln:CVE-2023-6827'
-  tags: cve,wordpress,wp-plugin,essential-real-estate,high
+  tags: cve,wordpress,wp-plugin,essential-real-estate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6842-987b044c3bb6f7d497d7cc053aa32728.yaml b/nuclei-templates/2023/CVE-2023-6842-987b044c3bb6f7d497d7cc053aa32728.yaml
index f78d4101c0..b27c374ca6 100644
--- a/nuclei-templates/2023/CVE-2023-6842-987b044c3bb6f7d497d7cc053aa32728.yaml
+++ b/nuclei-templates/2023/CVE-2023-6842-987b044c3bb6f7d497d7cc053aa32728.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 (inclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this only affects multi-site installations and installations where unfiltered_html has been disabled. However, in the formidable settings admins can extend form creation, deletion and other management permissions to other user types, which makes it possible for this vulnerability to be exploited by lower level user types as long as they have been granted the proper permissions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidable/"
     google-query: inurl:"/wp-content/plugins/formidable/"
     shodan-query: 'vuln:CVE-2023-6842'
-  tags: cve,wordpress,wp-plugin,formidable,medium
+  tags: cve,wordpress,wp-plugin,formidable,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6843-1a89597b1bd6bb139b0cbb0c2a6cdcf9.yaml b/nuclei-templates/2023/CVE-2023-6843-1a89597b1bd6bb139b0cbb0c2a6cdcf9.yaml
index 05a2f86da5..3a6425a2a9 100644
--- a/nuclei-templates/2023/CVE-2023-6843-1a89597b1bd6bb139b0cbb0c2a6cdcf9.yaml
+++ b/nuclei-templates/2023/CVE-2023-6843-1a89597b1bd6bb139b0cbb0c2a6cdcf9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     easy.jobs <= 2.4.6 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easyjobs_save_basic_info AJAX action (and many other AJAX actions) in all versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easyjobs/"
     google-query: inurl:"/wp-content/plugins/easyjobs/"
     shodan-query: 'vuln:CVE-2023-6843'
-  tags: cve,wordpress,wp-plugin,easyjobs,medium
+  tags: cve,wordpress,wp-plugin,easyjobs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6846-d3109a73b6d87d8103efae9f126590cb.yaml b/nuclei-templates/2023/CVE-2023-6846-d3109a73b6d87d8103efae9f126590cb.yaml
index cfb9ebe9fa..d82d643452 100644
--- a/nuclei-templates/2023/CVE-2023-6846-d3109a73b6d87d8103efae9f126590cb.yaml
+++ b/nuclei-templates/2023/CVE-2023-6846-d3109a73b6d87d8103efae9f126590cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-manager-pro/"
     google-query: inurl:"/wp-content/plugins/wp-file-manager-pro/"
     shodan-query: 'vuln:CVE-2023-6846'
-  tags: cve,wordpress,wp-plugin,wp-file-manager-pro,high
+  tags: cve,wordpress,wp-plugin,wp-file-manager-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6854-b2885ea30200f7cd94ec6f28c25609a5.yaml b/nuclei-templates/2023/CVE-2023-6854-b2885ea30200f7cd94ec6f28c25609a5.yaml
index 8e38d7262d..bc7167a8c0 100644
--- a/nuclei-templates/2023/CVE-2023-6854-b2885ea30200f7cd94ec6f28c25609a5.yaml
+++ b/nuclei-templates/2023/CVE-2023-6854-b2885ea30200f7cd94ec6f28c25609a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Breakdance <= 1.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom postmeta
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/breakdance/"
     google-query: inurl:"/wp-content/plugins/breakdance/"
     shodan-query: 'vuln:CVE-2023-6854'
-  tags: cve,wordpress,wp-plugin,breakdance,medium
+  tags: cve,wordpress,wp-plugin,breakdance,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6855-e8a21df86ab8f777d41e6648745d6563.yaml b/nuclei-templates/2023/CVE-2023-6855-e8a21df86ab8f777d41e6648745d6563.yaml
index 81ff722a12..f9cae91943 100644
--- a/nuclei-templates/2023/CVE-2023-6855-e8a21df86ab8f777d41e6648745d6563.yaml
+++ b/nuclei-templates/2023/CVE-2023-6855-e8a21df86ab8f777d41e6648745d6563.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro <= 2.12.5 - Missing Authorization via API
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:CVE-2023-6855'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6875-95f3dcaa4b86abab69cc1c0fd09f80aa.yaml b/nuclei-templates/2023/CVE-2023-6875-95f3dcaa4b86abab69cc1c0fd09f80aa.yaml
index b09a0f8613..f785d79085 100644
--- a/nuclei-templates/2023/CVE-2023-6875-95f3dcaa4b86abab69cc1c0fd09f80aa.yaml
+++ b/nuclei-templates/2023/CVE-2023-6875-95f3dcaa4b86abab69cc1c0fd09f80aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. CVE-2023-52233 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-smtp/"
     google-query: inurl:"/wp-content/plugins/post-smtp/"
     shodan-query: 'vuln:CVE-2023-6875'
-  tags: cve,wordpress,wp-plugin,post-smtp,critical
+  tags: cve,wordpress,wp-plugin,post-smtp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6877-a371f0288a138d0c57e459d338c39157.yaml b/nuclei-templates/2023/CVE-2023-6877-a371f0288a138d0c57e459d338c39157.yaml
index 2c68111ad8..a15593cc40 100644
--- a/nuclei-templates/2023/CVE-2023-6877-a371f0288a138d0c57e459d338c39157.yaml
+++ b/nuclei-templates/2023/CVE-2023-6877-a371f0288a138d0c57e459d338c39157.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedzy-rss-feeds/"
     google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/"
     shodan-query: 'vuln:CVE-2023-6877'
-  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,medium
+  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6878-40d20dcfc0a9c20d06ce00b51231e085.yaml b/nuclei-templates/2023/CVE-2023-6878-40d20dcfc0a9c20d06ce00b51231e085.yaml
index 1eb75e158d..77ef3f1400 100644
--- a/nuclei-templates/2023/CVE-2023-6878-40d20dcfc0a9c20d06ce00b51231e085.yaml
+++ b/nuclei-templates/2023/CVE-2023-6878-40d20dcfc0a9c20d06ce00b51231e085.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slick-social-share-buttons/"
     google-query: inurl:"/wp-content/plugins/slick-social-share-buttons/"
     shodan-query: 'vuln:CVE-2023-6878'
-  tags: cve,wordpress,wp-plugin,slick-social-share-buttons,high
+  tags: cve,wordpress,wp-plugin,slick-social-share-buttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6880-1390282d7da53f6dd62f69c33ae3d8da.yaml b/nuclei-templates/2023/CVE-2023-6880-1390282d7da53f6dd62f69c33ae3d8da.yaml
index a30bb453cd..c50c658a66 100644
--- a/nuclei-templates/2023/CVE-2023-6880-1390282d7da53f6dd62f69c33ae3d8da.yaml
+++ b/nuclei-templates/2023/CVE-2023-6880-1390282d7da53f6dd62f69c33ae3d8da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Composer Premium <= 45.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visualcomposer/"
     google-query: inurl:"/wp-content/plugins/visualcomposer/"
     shodan-query: 'vuln:CVE-2023-6880'
-  tags: cve,wordpress,wp-plugin,visualcomposer,medium
+  tags: cve,wordpress,wp-plugin,visualcomposer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6883-6a4b9abd38157d4627731558a0b86be9.yaml b/nuclei-templates/2023/CVE-2023-6883-6a4b9abd38157d4627731558a0b86be9.yaml
index b56465013a..633810783e 100644
--- a/nuclei-templates/2023/CVE-2023-6883-6a4b9abd38157d4627731558a0b86be9.yaml
+++ b/nuclei-templates/2023/CVE-2023-6883-6a4b9abd38157d4627731558a0b86be9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Feed <= 6.5.2 - Missing Authorization to Settings Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's Facebook and Instagram access tokens and updating group IDs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-facebook-likebox/"
     google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/"
     shodan-query: 'vuln:CVE-2023-6883'
-  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium
+  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6884-459b18886f45ada6d060921939e88905.yaml b/nuclei-templates/2023/CVE-2023-6884-459b18886f45ada6d060921939e88905.yaml
index 1bcf100bb3..b28f6fba86 100644
--- a/nuclei-templates/2023/CVE-2023-6884-459b18886f45ada6d060921939e88905.yaml
+++ b/nuclei-templates/2023/CVE-2023-6884-459b18886f45ada6d060921939e88905.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plugin for Google Reviews <= 3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-google-reviews/"
     google-query: inurl:"/wp-content/plugins/widget-google-reviews/"
     shodan-query: 'vuln:CVE-2023-6884'
-  tags: cve,wordpress,wp-plugin,widget-google-reviews,medium
+  tags: cve,wordpress,wp-plugin,widget-google-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6892-c34557dbe7e75a157fffc6005c83f4ba.yaml b/nuclei-templates/2023/CVE-2023-6892-c34557dbe7e75a157fffc6005c83f4ba.yaml
index fb46f9e3b4..f03a9b9b25 100644
--- a/nuclei-templates/2023/CVE-2023-6892-c34557dbe7e75a157fffc6005c83f4ba.yaml
+++ b/nuclei-templates/2023/CVE-2023-6892-c34557dbe7e75a157fffc6005c83f4ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EAN for WooCommerce <= 4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_ean_product_meta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ean-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/ean-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-6892'
-  tags: cve,wordpress,wp-plugin,ean-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,ean-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6922-801d1a90cceafe559a3466d4f67a8f10.yaml b/nuclei-templates/2023/CVE-2023-6922-801d1a90cceafe559a3466d4f67a8f10.yaml
index 722f0bf334..ec77194206 100644
--- a/nuclei-templates/2023/CVE-2023-6922-801d1a90cceafe559a3466d4f67a8f10.yaml
+++ b/nuclei-templates/2023/CVE-2023-6922-801d1a90cceafe559a3466d4f67a8f10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coming-soon-maintenance-mode-from-acurax/"
     google-query: inurl:"/wp-content/plugins/coming-soon-maintenance-mode-from-acurax/"
     shodan-query: 'vuln:CVE-2023-6922'
-  tags: cve,wordpress,wp-plugin,coming-soon-maintenance-mode-from-acurax,medium
+  tags: cve,wordpress,wp-plugin,coming-soon-maintenance-mode-from-acurax,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6924-8372eec64ff21987a44ee27a8993e766.yaml b/nuclei-templates/2023/CVE-2023-6924-8372eec64ff21987a44ee27a8993e766.yaml
index 4bf5a3269c..e116d8db34 100644
--- a/nuclei-templates/2023/CVE-2023-6924-8372eec64ff21987a44ee27a8993e766.yaml
+++ b/nuclei-templates/2023/CVE-2023-6924-8372eec64ff21987a44ee27a8993e766.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.8.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2023-6924'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6925-7222dd54a342eb0ec1d2eb49f0d0425a.yaml b/nuclei-templates/2023/CVE-2023-6925-7222dd54a342eb0ec1d2eb49f0d0425a.yaml
index d8cf377f51..e74c4f8044 100644
--- a/nuclei-templates/2023/CVE-2023-6925-7222dd54a342eb0ec1d2eb49f0d0425a.yaml
+++ b/nuclei-templates/2023/CVE-2023-6925-7222dd54a342eb0ec1d2eb49f0d0425a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin (the default is editor role, but access can also be granted to contributor role), to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-addons-for-wpbakery-page-builder/"
     google-query: inurl:"/wp-content/plugins/unlimited-addons-for-wpbakery-page-builder/"
     shodan-query: 'vuln:CVE-2023-6925'
-  tags: cve,wordpress,wp-plugin,unlimited-addons-for-wpbakery-page-builder,high
+  tags: cve,wordpress,wp-plugin,unlimited-addons-for-wpbakery-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6933-116a3711d1ab72d436ec5c35678ceddf.yaml b/nuclei-templates/2023/CVE-2023-6933-116a3711d1ab72d436ec5c35678ceddf.yaml
index ba687bcc60..c003c7f301 100644
--- a/nuclei-templates/2023/CVE-2023-6933-116a3711d1ab72d436ec5c35678ceddf.yaml
+++ b/nuclei-templates/2023/CVE-2023-6933-116a3711d1ab72d436ec5c35678ceddf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-search-replace/"
     google-query: inurl:"/wp-content/plugins/better-search-replace/"
     shodan-query: 'vuln:CVE-2023-6933'
-  tags: cve,wordpress,wp-plugin,better-search-replace,high
+  tags: cve,wordpress,wp-plugin,better-search-replace,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6934-b0fbe8ed2bd5ede12fc8dff6720e9fab.yaml b/nuclei-templates/2023/CVE-2023-6934-b0fbe8ed2bd5ede12fc8dff6720e9fab.yaml
index ef0998606c..d91221e810 100644
--- a/nuclei-templates/2023/CVE-2023-6934-b0fbe8ed2bd5ede12fc8dff6720e9fab.yaml
+++ b/nuclei-templates/2023/CVE-2023-6934-b0fbe8ed2bd5ede12fc8dff6720e9fab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Limit Login Attempts Reloaded <= 2.25.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/limit-login-attempts-reloaded/"
     google-query: inurl:"/wp-content/plugins/limit-login-attempts-reloaded/"
     shodan-query: 'vuln:CVE-2023-6934'
-  tags: cve,wordpress,wp-plugin,limit-login-attempts-reloaded,medium
+  tags: cve,wordpress,wp-plugin,limit-login-attempts-reloaded,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6938-c7a8bc13237071ee5b2f66d58803bacf.yaml b/nuclei-templates/2023/CVE-2023-6938-c7a8bc13237071ee5b2f66d58803bacf.yaml
index 992f4a082f..fde4f6a3cb 100644
--- a/nuclei-templates/2023/CVE-2023-6938-c7a8bc13237071ee5b2f66d58803bacf.yaml
+++ b/nuclei-templates/2023/CVE-2023-6938-c7a8bc13237071ee5b2f66d58803bacf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Oxygen Builder <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an optional filter to provide output escaping for dynamic data. Please see https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data for more details.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oxygenbuilder/"
     google-query: inurl:"/wp-content/plugins/oxygenbuilder/"
     shodan-query: 'vuln:CVE-2023-6938'
-  tags: cve,wordpress,wp-plugin,oxygenbuilder,medium
+  tags: cve,wordpress,wp-plugin,oxygenbuilder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6941-fa11673c89d7f49c85f8e69d02b295a6.yaml b/nuclei-templates/2023/CVE-2023-6941-fa11673c89d7f49c85f8e69d02b295a6.yaml
index 47ad02d8b5..139574358d 100644
--- a/nuclei-templates/2023/CVE-2023-6941-fa11673c89d7f49c85f8e69d02b295a6.yaml
+++ b/nuclei-templates/2023/CVE-2023-6941-fa11673c89d7f49c85f8e69d02b295a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/infusionsoft-official-opt-in-forms/"
     google-query: inurl:"/wp-content/plugins/infusionsoft-official-opt-in-forms/"
     shodan-query: 'vuln:CVE-2023-6941'
-  tags: cve,wordpress,wp-plugin,infusionsoft-official-opt-in-forms,medium
+  tags: cve,wordpress,wp-plugin,infusionsoft-official-opt-in-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6953-150204c3648be383cc7b37e155a5d6bc.yaml b/nuclei-templates/2023/CVE-2023-6953-150204c3648be383cc7b37e155a5d6bc.yaml
index 60ad81fcb3..ecf0ac066b 100644
--- a/nuclei-templates/2023/CVE-2023-6953-150204c3648be383cc7b37e155a5d6bc.yaml
+++ b/nuclei-templates/2023/CVE-2023-6953-150204c3648be383cc7b37e155a5d6bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluentforms-pdf/"
     google-query: inurl:"/wp-content/plugins/fluentforms-pdf/"
     shodan-query: 'vuln:CVE-2023-6953'
-  tags: cve,wordpress,wp-plugin,fluentforms-pdf,medium
+  tags: cve,wordpress,wp-plugin,fluentforms-pdf,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6954-de1ce77814c2edc391436dd273126a1e.yaml b/nuclei-templates/2023/CVE-2023-6954-de1ce77814c2edc391436dd273126a1e.yaml
index 1e162775e9..0b2f5c456b 100644
--- a/nuclei-templates/2023/CVE-2023-6954-de1ce77814c2edc391436dd273126a1e.yaml
+++ b/nuclei-templates/2023/CVE-2023-6954-de1ce77814c2edc391436dd273126a1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2023-6954'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6957-31bfcad1a946ead477cc4d9cae0f33ff.yaml b/nuclei-templates/2023/CVE-2023-6957-31bfcad1a946ead477cc4d9cae0f33ff.yaml
index 49362b51ec..619d0ab16d 100644
--- a/nuclei-templates/2023/CVE-2023-6957-31bfcad1a946ead477cc4d9cae0f33ff.yaml
+++ b/nuclei-templates/2023/CVE-2023-6957-31bfcad1a946ead477cc4d9cae0f33ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluentform/"
     google-query: inurl:"/wp-content/plugins/fluentform/"
     shodan-query: 'vuln:CVE-2023-6957'
-  tags: cve,wordpress,wp-plugin,fluentform,medium
+  tags: cve,wordpress,wp-plugin,fluentform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6958-c3b5c2246526b047e580623567471684.yaml b/nuclei-templates/2023/CVE-2023-6958-c3b5c2246526b047e580623567471684.yaml
index 18a80212a2..f542628716 100644
--- a/nuclei-templates/2023/CVE-2023-6958-c3b5c2246526b047e580623567471684.yaml
+++ b/nuclei-templates/2023/CVE-2023-6958-c3b5c2246526b047e580623567471684.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Recipe Maker <= 9.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recipe-maker/"
     google-query: inurl:"/wp-content/plugins/wp-recipe-maker/"
     shodan-query: 'vuln:CVE-2023-6958'
-  tags: cve,wordpress,wp-plugin,wp-recipe-maker,medium
+  tags: cve,wordpress,wp-plugin,wp-recipe-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6959-9bf910117bdf6862d3ee1c26c92e6b91.yaml b/nuclei-templates/2023/CVE-2023-6959-9bf910117bdf6862d3ee1c26c92e6b91.yaml
index 8761ffe9cf..df42de9163 100644
--- a/nuclei-templates/2023/CVE-2023-6959-9bf910117bdf6862d3ee1c26c92e6b91.yaml
+++ b/nuclei-templates/2023/CVE-2023-6959-9bf910117bdf6862d3ee1c26c92e6b91.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Getwid – Gutenberg Blocks <= 2.0.4 - Missing Authorization to Recaptcha API Key Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/getwid/"
     google-query: inurl:"/wp-content/plugins/getwid/"
     shodan-query: 'vuln:CVE-2023-6959'
-  tags: cve,wordpress,wp-plugin,getwid,medium
+  tags: cve,wordpress,wp-plugin,getwid,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6964-92efa25c2b07bccd1145767fcc736dac.yaml b/nuclei-templates/2023/CVE-2023-6964-92efa25c2b07bccd1145767fcc736dac.yaml
index 50eccf6031..e640f855e7 100644
--- a/nuclei-templates/2023/CVE-2023-6964-92efa25c2b07bccd1145767fcc736dac.yaml
+++ b/nuclei-templates/2023/CVE-2023-6964-92efa25c2b07bccd1145767fcc736dac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF)
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2023-6964'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,high
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6965-33493821da381511f179da2cf195b351.yaml b/nuclei-templates/2023/CVE-2023-6965-33493821da381511f179da2cf195b351.yaml
index 6e5080984a..36f798171c 100644
--- a/nuclei-templates/2023/CVE-2023-6965-33493821da381511f179da2cf195b351.yaml
+++ b/nuclei-templates/2023/CVE-2023-6965-33493821da381511f179da2cf195b351.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pods - Custom Content Types and Fields - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pods/"
     google-query: inurl:"/wp-content/plugins/pods/"
     shodan-query: 'vuln:CVE-2023-6965'
-  tags: cve,wordpress,wp-plugin,pods,medium
+  tags: cve,wordpress,wp-plugin,pods,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6967-85f6ac4895a90413fa74a9e82058c7a0.yaml b/nuclei-templates/2023/CVE-2023-6967-85f6ac4895a90413fa74a9e82058c7a0.yaml
index 468e553086..fe17d00f9f 100644
--- a/nuclei-templates/2023/CVE-2023-6967-85f6ac4895a90413fa74a9e82058c7a0.yaml
+++ b/nuclei-templates/2023/CVE-2023-6967-85f6ac4895a90413fa74a9e82058c7a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pods/"
     google-query: inurl:"/wp-content/plugins/pods/"
     shodan-query: 'vuln:CVE-2023-6967'
-  tags: cve,wordpress,wp-plugin,pods,high
+  tags: cve,wordpress,wp-plugin,pods,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6969-4c45cf0c9392dc7bd44f9128bee077ba.yaml b/nuclei-templates/2023/CVE-2023-6969-4c45cf0c9392dc7bd44f9128bee077ba.yaml
index 66cf85b175..efb04460a1 100644
--- a/nuclei-templates/2023/CVE-2023-6969-4c45cf0c9392dc7bd44f9128bee077ba.yaml
+++ b/nuclei-templates/2023/CVE-2023-6969-4c45cf0c9392dc7bd44f9128bee077ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-shortcodes-plus/"
     google-query: inurl:"/wp-content/plugins/user-shortcodes-plus/"
     shodan-query: 'vuln:CVE-2023-6969'
-  tags: cve,wordpress,wp-plugin,user-shortcodes-plus,medium
+  tags: cve,wordpress,wp-plugin,user-shortcodes-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6971-5143c97c48d7dbc931ae167f87839db5.yaml b/nuclei-templates/2023/CVE-2023-6971-5143c97c48d7dbc931ae167f87839db5.yaml
index b79c6c72c7..f913b3cdb8 100644
--- a/nuclei-templates/2023/CVE-2023-6971-5143c97c48d7dbc931ae167f87839db5.yaml
+++ b/nuclei-templates/2023/CVE-2023-6971-5143c97c48d7dbc931ae167f87839db5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup Migration 1.0.8 - 1.3.9 - Remote File Inclusion via content-dir
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup-backup/"
     google-query: inurl:"/wp-content/plugins/backup-backup/"
     shodan-query: 'vuln:CVE-2023-6971'
-  tags: cve,wordpress,wp-plugin,backup-backup,high
+  tags: cve,wordpress,wp-plugin,backup-backup,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6979-2d6698f89f32609adbc6e12eed98ca62.yaml b/nuclei-templates/2023/CVE-2023-6979-2d6698f89f32609adbc6e12eed98ca62.yaml
index b635533397..8121fa05ba 100644
--- a/nuclei-templates/2023/CVE-2023-6979-2d6698f89f32609adbc6e12eed98ca62.yaml
+++ b/nuclei-templates/2023/CVE-2023-6979-2d6698f89f32609adbc6e12eed98ca62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-reviews-woocommerce/"
     google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/"
     shodan-query: 'vuln:CVE-2023-6979'
-  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,high
+  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6981-2a19a88ce4a92a9c8fbf2df45764b32f.yaml b/nuclei-templates/2023/CVE-2023-6981-2a19a88ce4a92a9c8fbf2df45764b32f.yaml
index 1179c31569..5d019e4cbb 100644
--- a/nuclei-templates/2023/CVE-2023-6981-2a19a88ce4a92a9c8fbf2df45764b32f.yaml
+++ b/nuclei-templates/2023/CVE-2023-6981-2a19a88ce4a92a9c8fbf2df45764b32f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can leveraged to achieve Reflected Cross-site Scripting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-sms/"
     google-query: inurl:"/wp-content/plugins/wp-sms/"
     shodan-query: 'vuln:CVE-2023-6981'
-  tags: cve,wordpress,wp-plugin,wp-sms,medium
+  tags: cve,wordpress,wp-plugin,wp-sms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6982-6d61e0b46b881d3a5609918a45b30992.yaml b/nuclei-templates/2023/CVE-2023-6982-6d61e0b46b881d3a5609918a45b30992.yaml
index be5327eb09..7527fdff75 100644
--- a/nuclei-templates/2023/CVE-2023-6982-6d61e0b46b881d3a5609918a45b30992.yaml
+++ b/nuclei-templates/2023/CVE-2023-6982-6d61e0b46b881d3a5609918a45b30992.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-to-display-post-and-user-data/"
     google-query: inurl:"/wp-content/plugins/shortcode-to-display-post-and-user-data/"
     shodan-query: 'vuln:CVE-2023-6982'
-  tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,medium
+  tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6983-a8aacb001d1b5ea46e16ff44cb2daa72.yaml b/nuclei-templates/2023/CVE-2023-6983-a8aacb001d1b5ea46e16ff44cb2daa72.yaml
index 5179deb8f8..30f0eee197 100644
--- a/nuclei-templates/2023/CVE-2023-6983-a8aacb001d1b5ea46e16ff44cb2daa72.yaml
+++ b/nuclei-templates/2023/CVE-2023-6983-a8aacb001d1b5ea46e16ff44cb2daa72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-to-display-post-and-user-data/"
     google-query: inurl:"/wp-content/plugins/shortcode-to-display-post-and-user-data/"
     shodan-query: 'vuln:CVE-2023-6983'
-  tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,medium
+  tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6985-3a0831746763e4cc6e13a3b507a11959.yaml b/nuclei-templates/2023/CVE-2023-6985-3a0831746763e4cc6e13a3b507a11959.yaml
index 7e04b08d41..939b88ed39 100644
--- a/nuclei-templates/2023/CVE-2023-6985-3a0831746763e4cc6e13a3b507a11959.yaml
+++ b/nuclei-templates/2023/CVE-2023-6985-3a0831746763e4cc6e13a3b507a11959.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ai-assistant-by-10web/"
     google-query: inurl:"/wp-content/plugins/ai-assistant-by-10web/"
     shodan-query: 'vuln:CVE-2023-6985'
-  tags: cve,wordpress,wp-plugin,ai-assistant-by-10web,medium
+  tags: cve,wordpress,wp-plugin,ai-assistant-by-10web,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6986-1f31c2ba6ee46d152a9920d8ef0adb22.yaml b/nuclei-templates/2023/CVE-2023-6986-1f31c2ba6ee46d152a9920d8ef0adb22.yaml
index 7f72202352..5be686e8b2 100644
--- a/nuclei-templates/2023/CVE-2023-6986-1f31c2ba6ee46d152a9920d8ef0adb22.yaml
+++ b/nuclei-templates/2023/CVE-2023-6986-1f31c2ba6ee46d152a9920d8ef0adb22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2023-6986'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6988-411de6e419140a33390e4cf84e25eb26.yaml b/nuclei-templates/2023/CVE-2023-6988-411de6e419140a33390e4cf84e25eb26.yaml
index a9017d83cc..300bc9eca4 100644
--- a/nuclei-templates/2023/CVE-2023-6988-411de6e419140a33390e4cf84e25eb26.yaml
+++ b/nuclei-templates/2023/CVE-2023-6988-411de6e419140a33390e4cf84e25eb26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Colibri Page Builder <= 1.0.239 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/colibri-page-builder/"
     google-query: inurl:"/wp-content/plugins/colibri-page-builder/"
     shodan-query: 'vuln:CVE-2023-6988'
-  tags: cve,wordpress,wp-plugin,colibri-page-builder,medium
+  tags: cve,wordpress,wp-plugin,colibri-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6990-17ab37dbc7beb458edc5925614c59dfa.yaml b/nuclei-templates/2023/CVE-2023-6990-17ab37dbc7beb458edc5925614c59dfa.yaml
index 188f156a76..d424e92304 100644
--- a/nuclei-templates/2023/CVE-2023-6990-17ab37dbc7beb458edc5925614c59dfa.yaml
+++ b/nuclei-templates/2023/CVE-2023-6990-17ab37dbc7beb458edc5925614c59dfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weaver Xtreme <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head-code). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/weaver-xtreme/"
     google-query: inurl:"/wp-content/themes/weaver-xtreme/"
     shodan-query: 'vuln:CVE-2023-6990'
-  tags: cve,wordpress,wp-theme,weaver-xtreme,medium
+  tags: cve,wordpress,wp-theme,weaver-xtreme,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6991-255053b922939496ac6eb4ab1dee395c.yaml b/nuclei-templates/2023/CVE-2023-6991-255053b922939496ac6eb4ab1dee395c.yaml
index 5abde128d5..fc66b4df29 100644
--- a/nuclei-templates/2023/CVE-2023-6991-255053b922939496ac6eb4ab1dee395c.yaml
+++ b/nuclei-templates/2023/CVE-2023-6991-255053b922939496ac6eb4ab1dee395c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JSM file_get_contents() Shortcode <= 2.7.0 - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JSM file_get_contents() Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 2.7.0 via the wpfgc shortcode. This makes it possible for authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-get-contents/"
     google-query: inurl:"/wp-content/plugins/wp-file-get-contents/"
     shodan-query: 'vuln:CVE-2023-6991'
-  tags: cve,wordpress,wp-plugin,wp-file-get-contents,medium
+  tags: cve,wordpress,wp-plugin,wp-file-get-contents,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6993-134091eb792475d128936c227b127601.yaml b/nuclei-templates/2023/CVE-2023-6993-134091eb792475d128936c227b127601.yaml
index 5fa69070b0..66a47c8d71 100644
--- a/nuclei-templates/2023/CVE-2023-6993-134091eb792475d128936c227b127601.yaml
+++ b/nuclei-templates/2023/CVE-2023-6993-134091eb792475d128936c227b127601.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-post-types/"
     google-query: inurl:"/wp-content/plugins/custom-post-types/"
     shodan-query: 'vuln:CVE-2023-6993'
-  tags: cve,wordpress,wp-plugin,custom-post-types,medium
+  tags: cve,wordpress,wp-plugin,custom-post-types,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6994-7ec69e14aaa720fc8a2decec00730012.yaml b/nuclei-templates/2023/CVE-2023-6994-7ec69e14aaa720fc8a2decec00730012.yaml
index e28741f292..047dfc39ea 100644
--- a/nuclei-templates/2023/CVE-2023-6994-7ec69e14aaa720fc8a2decec00730012.yaml
+++ b/nuclei-templates/2023/CVE-2023-6994-7ec69e14aaa720fc8a2decec00730012.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     List category posts <= 0.89.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/list-category-posts/"
     google-query: inurl:"/wp-content/plugins/list-category-posts/"
     shodan-query: 'vuln:CVE-2023-6994'
-  tags: cve,wordpress,wp-plugin,list-category-posts,medium
+  tags: cve,wordpress,wp-plugin,list-category-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6996-3558264fbd3bd3c84b28ca0ff40cd986.yaml b/nuclei-templates/2023/CVE-2023-6996-3558264fbd3bd3c84b28ca0ff40cd986.yaml
index ac4737c405..2d1a349220 100644
--- a/nuclei-templates/2023/CVE-2023-6996-3558264fbd3bd3c84b28ca0ff40cd986.yaml
+++ b/nuclei-templates/2023/CVE-2023-6996-3558264fbd3bd3c84b28ca0ff40cd986.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Code Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This makes it possible for authenticated attackers with contributor-level and above permissions to call arbitrary functions and execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-to-display-post-and-user-data/"
     google-query: inurl:"/wp-content/plugins/shortcode-to-display-post-and-user-data/"
     shodan-query: 'vuln:CVE-2023-6996'
-  tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,high
+  tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-6999-7a55c80cef31b1897125e271418538f4.yaml b/nuclei-templates/2023/CVE-2023-6999-7a55c80cef31b1897125e271418538f4.yaml
index fe9d1b0c60..b22777231d 100644
--- a/nuclei-templates/2023/CVE-2023-6999-7a55c80cef31b1897125e271418538f4.yaml
+++ b/nuclei-templates/2023/CVE-2023-6999-7a55c80cef31b1897125e271418538f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pods/"
     google-query: inurl:"/wp-content/plugins/pods/"
     shodan-query: 'vuln:CVE-2023-6999'
-  tags: cve,wordpress,wp-plugin,pods,high
+  tags: cve,wordpress,wp-plugin,pods,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7002-69b19f14e2d5ec73b6d0b29b5ce933ea.yaml b/nuclei-templates/2023/CVE-2023-7002-69b19f14e2d5ec73b6d0b29b5ce933ea.yaml
index d068053d91..a02247aa48 100644
--- a/nuclei-templates/2023/CVE-2023-7002-69b19f14e2d5ec73b6d0b29b5ce933ea.yaml
+++ b/nuclei-templates/2023/CVE-2023-7002-69b19f14e2d5ec73b6d0b29b5ce933ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup Migration <= 1.3.9 - Authenticated (Admin+) OS Command Injection via url
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9  via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup-backup/"
     google-query: inurl:"/wp-content/plugins/backup-backup/"
     shodan-query: 'vuln:CVE-2023-7002'
-  tags: cve,wordpress,wp-plugin,backup-backup,high
+  tags: cve,wordpress,wp-plugin,backup-backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7019-c03b6eeac707e2faa28a70a9e28fd5e0.yaml b/nuclei-templates/2023/CVE-2023-7019-c03b6eeac707e2faa28a70a9e28fd5e0.yaml
index f9817311d5..5324a52695 100644
--- a/nuclei-templates/2023/CVE-2023-7019-c03b6eeac707e2faa28a70a9e28fd5e0.yaml
+++ b/nuclei-templates/2023/CVE-2023-7019-c03b6eeac707e2faa28a70a9e28fd5e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LightStart – Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to change page designs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/"
     shodan-query: 'vuln:CVE-2023-7019'
-  tags: cve,wordpress,wp-plugin,wp-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,wp-maintenance-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7029-6576cec6cc72bf932987474c7e82dbd1.yaml b/nuclei-templates/2023/CVE-2023-7029-6576cec6cc72bf932987474c7e82dbd1.yaml
index a01ef921e8..ac2474dde8 100644
--- a/nuclei-templates/2023/CVE-2023-7029-6576cec6cc72bf932987474c7e82dbd1.yaml
+++ b/nuclei-templates/2023/CVE-2023-7029-6576cec6cc72bf932987474c7e82dbd1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Button Plugin MaxButtons <= 9.7.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maxbuttons/"
     google-query: inurl:"/wp-content/plugins/maxbuttons/"
     shodan-query: 'vuln:CVE-2023-7029'
-  tags: cve,wordpress,wp-plugin,maxbuttons,medium
+  tags: cve,wordpress,wp-plugin,maxbuttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7030-fd0ae4740c5dfc4422b8f4b3f77edf83.yaml b/nuclei-templates/2023/CVE-2023-7030-fd0ae4740c5dfc4422b8f4b3f77edf83.yaml
index 21b4bd02bd..f881879a3d 100644
--- a/nuclei-templates/2023/CVE-2023-7030-fd0ae4740c5dfc4422b8f4b3f77edf83.yaml
+++ b/nuclei-templates/2023/CVE-2023-7030-fd0ae4740c5dfc4422b8f4b3f77edf83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jquery-collapse-o-matic/"
     google-query: inurl:"/wp-content/plugins/jquery-collapse-o-matic/"
     shodan-query: 'vuln:CVE-2023-7030'
-  tags: cve,wordpress,wp-plugin,jquery-collapse-o-matic,medium
+  tags: cve,wordpress,wp-plugin,jquery-collapse-o-matic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7044-c7afeb04136868c455da71b1177f088f.yaml b/nuclei-templates/2023/CVE-2023-7044-c7afeb04136868c455da71b1177f088f.yaml
index 6c9ca402c9..e9531350f6 100644
--- a/nuclei-templates/2023/CVE-2023-7044-c7afeb04136868c455da71b1177f088f.yaml
+++ b/nuclei-templates/2023/CVE-2023-7044-c7afeb04136868c455da71b1177f088f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2023-7044'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7048-06b7c4127350d50d75ab6e5a40c02f95.yaml b/nuclei-templates/2023/CVE-2023-7048-06b7c4127350d50d75ab6e5a40c02f95.yaml
index 0552b3ef76..9154f177ed 100644
--- a/nuclei-templates/2023/CVE-2023-7048-06b7c4127350d50d75ab6e5a40c02f95.yaml
+++ b/nuclei-templates/2023/CVE-2023-7048-06b7c4127350d50d75ab6e5a40c02f95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Sticky Bar <= 2.6.6 - Cross-Site Request Forgery to Sensitive Information Exposure
   author: topscoder
-  severity: low
+  severity: medium
   description: >
     The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a CSV file containing contact leads via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Because the CSV file is exported to a public location, it can be downloaded during a very short window of time before it is automatically deleted by the export function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mystickymenu/"
     google-query: inurl:"/wp-content/plugins/mystickymenu/"
     shodan-query: 'vuln:CVE-2023-7048'
-  tags: cve,wordpress,wp-plugin,mystickymenu,low
+  tags: cve,wordpress,wp-plugin,mystickymenu,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7064-d5f51941abb9e332fec6da6716857cba.yaml b/nuclei-templates/2023/CVE-2023-7064-d5f51941abb9e332fec6da6716857cba.yaml
index b2e21e34d3..551be38964 100644
--- a/nuclei-templates/2023/CVE-2023-7064-d5f51941abb9e332fec6da6716857cba.yaml
+++ b/nuclei-templates/2023/CVE-2023-7064-d5f51941abb9e332fec6da6716857cba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes and extra features for Phlox theme <= 2.15.2 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inject a PHP Object, though the action itself is available to subscribers. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auxin-elements/"
     google-query: inurl:"/wp-content/plugins/auxin-elements/"
     shodan-query: 'vuln:CVE-2023-7064'
-  tags: cve,wordpress,wp-plugin,auxin-elements,high
+  tags: cve,wordpress,wp-plugin,auxin-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7068-4e625904aaffe65e8919040e5c5d03d6.yaml b/nuclei-templates/2023/CVE-2023-7068-4e625904aaffe65e8919040e5c5d03d6.yaml
index be6a22e285..759235ec1c 100644
--- a/nuclei-templates/2023/CVE-2023-7068-4e625904aaffe65e8919040e5c5d03d6.yaml
+++ b/nuclei-templates/2023/CVE-2023-7068-4e625904aaffe65e8919040e5c5d03d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.3.0 - Missing Authorization to Order Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/"
     shodan-query: 'vuln:CVE-2023-7068'
-  tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7069-750d46ec675a067e58f6ca5aa716c8bb.yaml b/nuclei-templates/2023/CVE-2023-7069-750d46ec675a067e58f6ca5aa716c8bb.yaml
index c974eb12ae..74358f145e 100644
--- a/nuclei-templates/2023/CVE-2023-7069-750d46ec675a067e58f6ca5aa716c8bb.yaml
+++ b/nuclei-templates/2023/CVE-2023-7069-750d46ec675a067e58f6ca5aa716c8bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced iFrame <= 2023.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-24870 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-iframe/"
     google-query: inurl:"/wp-content/plugins/advanced-iframe/"
     shodan-query: 'vuln:CVE-2023-7069'
-  tags: cve,wordpress,wp-plugin,advanced-iframe,medium
+  tags: cve,wordpress,wp-plugin,advanced-iframe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7070-9a66ad8b0967001fd55d0d45f6e42869.yaml b/nuclei-templates/2023/CVE-2023-7070-9a66ad8b0967001fd55d0d45f6e42869.yaml
index 93c19712e2..fb8e5cbaeb 100644
--- a/nuclei-templates/2023/CVE-2023-7070-9a66ad8b0967001fd55d0d45f6e42869.yaml
+++ b/nuclei-templates/2023/CVE-2023-7070-9a66ad8b0967001fd55d0d45f6e42869.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Encoder – Protect Email Addresses and Phone Numbers <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-encoder-bundle/"
     google-query: inurl:"/wp-content/plugins/email-encoder-bundle/"
     shodan-query: 'vuln:CVE-2023-7070'
-  tags: cve,wordpress,wp-plugin,email-encoder-bundle,medium
+  tags: cve,wordpress,wp-plugin,email-encoder-bundle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7071-1092f82974f0d44c05422ba456183db5.yaml b/nuclei-templates/2023/CVE-2023-7071-1092f82974f0d44c05422ba456183db5.yaml
index 610d9aafb8..daec3c99de 100644
--- a/nuclei-templates/2023/CVE-2023-7071-1092f82974f0d44c05422ba456183db5.yaml
+++ b/nuclei-templates/2023/CVE-2023-7071-1092f82974f0d44c05422ba456183db5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2023-7071'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7082-e69997328ca18e69bd3343eedbb036ad.yaml b/nuclei-templates/2023/CVE-2023-7082-e69997328ca18e69bd3343eedbb036ad.yaml
index 7de5fbc2b1..84ccaf1b7d 100644
--- a/nuclei-templates/2023/CVE-2023-7082-e69997328ca18e69bd3343eedbb036ad.yaml
+++ b/nuclei-templates/2023/CVE-2023-7082-e69997328ca18e69bd3343eedbb036ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import any XML or CSV File <= 3.7.2 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Import any XML or CSV File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload functionality in all versions up to, and including, 3.7.2 . This makes it possible for authenticated attackers with admin-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:CVE-2023-7082'
-  tags: cve,wordpress,wp-plugin,wp-all-import,high
+  tags: cve,wordpress,wp-plugin,wp-all-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7084-d7a48a2145831cedc1837e88079bf034.yaml b/nuclei-templates/2023/CVE-2023-7084-d7a48a2145831cedc1837e88079bf034.yaml
index 170b8a097c..34a3f616e8 100644
--- a/nuclei-templates/2023/CVE-2023-7084-d7a48a2145831cedc1837e88079bf034.yaml
+++ b/nuclei-templates/2023/CVE-2023-7084-d7a48a2145831cedc1837e88079bf034.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Voting Record <= 2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Voting Record plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/voting-record/"
     google-query: inurl:"/wp-content/plugins/voting-record/"
     shodan-query: 'vuln:CVE-2023-7084'
-  tags: cve,wordpress,wp-plugin,voting-record,medium
+  tags: cve,wordpress,wp-plugin,voting-record,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7085-9a645fa828e0b867db978ce345a20000.yaml b/nuclei-templates/2023/CVE-2023-7085-9a645fa828e0b867db978ce345a20000.yaml
index afec6b6570..f61471c4f7 100644
--- a/nuclei-templates/2023/CVE-2023-7085-9a645fa828e0b867db978ce345a20000.yaml
+++ b/nuclei-templates/2023/CVE-2023-7085-9a645fa828e0b867db978ce345a20000.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scalable Vector Graphics (SVG) <= 3.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Scalable Vector Graphics (SVG) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVGs in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scalable-vector-graphics-svg/"
     google-query: inurl:"/wp-content/plugins/scalable-vector-graphics-svg/"
     shodan-query: 'vuln:CVE-2023-7085'
-  tags: cve,wordpress,wp-plugin,scalable-vector-graphics-svg,medium
+  tags: cve,wordpress,wp-plugin,scalable-vector-graphics-svg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7086-4d2ea21aa8044b97f6f856b2ca032bba.yaml b/nuclei-templates/2023/CVE-2023-7086-4d2ea21aa8044b97f6f856b2ca032bba.yaml
index a604bbfa12..9ceb944d8c 100644
--- a/nuclei-templates/2023/CVE-2023-7086-4d2ea21aa8044b97f6f856b2ca032bba.yaml
+++ b/nuclei-templates/2023/CVE-2023-7086-4d2ea21aa8044b97f6f856b2ca032bba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SVG Uploads Support <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SVG Uploads Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG files in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/svg-uploads-support/"
     google-query: inurl:"/wp-content/plugins/svg-uploads-support/"
     shodan-query: 'vuln:CVE-2023-7086'
-  tags: cve,wordpress,wp-plugin,svg-uploads-support,medium
+  tags: cve,wordpress,wp-plugin,svg-uploads-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7088-71268622d169b66d5da459dba61f1b1c.yaml b/nuclei-templates/2023/CVE-2023-7088-71268622d169b66d5da459dba61f1b1c.yaml
index 79f3a6c2fc..cd6925ed1f 100644
--- a/nuclei-templates/2023/CVE-2023-7088-71268622d169b66d5da459dba61f1b1c.yaml
+++ b/nuclei-templates/2023/CVE-2023-7088-71268622d169b66d5da459dba61f1b1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add SVG Support for Media Uploader | inventivo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG files in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-svg-support-for-media-uploader-inventivo/"
     google-query: inurl:"/wp-content/plugins/add-svg-support-for-media-uploader-inventivo/"
     shodan-query: 'vuln:CVE-2023-7088'
-  tags: cve,wordpress,wp-plugin,add-svg-support-for-media-uploader-inventivo,medium
+  tags: cve,wordpress,wp-plugin,add-svg-support-for-media-uploader-inventivo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7089-99ad02b61917183fbf0c75dc39e4e9c8.yaml b/nuclei-templates/2023/CVE-2023-7089-99ad02b61917183fbf0c75dc39e4e9c8.yaml
index 2aee8b0e9e..b03ae926b9 100644
--- a/nuclei-templates/2023/CVE-2023-7089-99ad02b61917183fbf0c75dc39e4e9c8.yaml
+++ b/nuclei-templates/2023/CVE-2023-7089-99ad02b61917183fbf0c75dc39e4e9c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy SVG Allow <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy SVG Allow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded SVG file in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-svg-image-allow/"
     google-query: inurl:"/wp-content/plugins/easy-svg-image-allow/"
     shodan-query: 'vuln:CVE-2023-7089'
-  tags: cve,wordpress,wp-plugin,easy-svg-image-allow,medium
+  tags: cve,wordpress,wp-plugin,easy-svg-image-allow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7115-891807496f9388f784feeff012bb9ac8.yaml b/nuclei-templates/2023/CVE-2023-7115-891807496f9388f784feeff012bb9ac8.yaml
index ae08dc4159..d349d08796 100644
--- a/nuclei-templates/2023/CVE-2023-7115-891807496f9388f784feeff012bb9ac8.yaml
+++ b/nuclei-templates/2023/CVE-2023-7115-891807496f9388f784feeff012bb9ac8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: Pagelayer <= 1.7.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagelayer/"
     google-query: inurl:"/wp-content/plugins/pagelayer/"
     shodan-query: 'vuln:CVE-2023-7115'
-  tags: cve,wordpress,wp-plugin,pagelayer,medium
+  tags: cve,wordpress,wp-plugin,pagelayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7154-870c7bd1810589217dfd341e2045182a.yaml b/nuclei-templates/2023/CVE-2023-7154-870c7bd1810589217dfd341e2045182a.yaml
index e59e7b87c0..6182843782 100644
--- a/nuclei-templates/2023/CVE-2023-7154-870c7bd1810589217dfd341e2045182a.yaml
+++ b/nuclei-templates/2023/CVE-2023-7154-870c7bd1810589217dfd341e2045182a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hubbub Lite <= 1.31.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hubbub Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.31.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-pug/"
     google-query: inurl:"/wp-content/plugins/social-pug/"
     shodan-query: 'vuln:CVE-2023-7154'
-  tags: cve,wordpress,wp-plugin,social-pug,medium
+  tags: cve,wordpress,wp-plugin,social-pug,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7167-8ee86188c71251e99a8f09d6e9fff31b.yaml b/nuclei-templates/2023/CVE-2023-7167-8ee86188c71251e99a8f09d6e9fff31b.yaml
index 15b24c8cab..7465fc041d 100644
--- a/nuclei-templates/2023/CVE-2023-7167-8ee86188c71251e99a8f09d6e9fff31b.yaml
+++ b/nuclei-templates/2023/CVE-2023-7167-8ee86188c71251e99a8f09d6e9fff31b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Persian Fonts <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Persian Fonts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/persian-fonts/"
     google-query: inurl:"/wp-content/plugins/persian-fonts/"
     shodan-query: 'vuln:CVE-2023-7167'
-  tags: cve,wordpress,wp-plugin,persian-fonts,medium
+  tags: cve,wordpress,wp-plugin,persian-fonts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7168-bf3890ad3455b3c44beacb3bebc6b11a.yaml b/nuclei-templates/2023/CVE-2023-7168-bf3890ad3455b3c44beacb3bebc6b11a.yaml
index a80a27679c..eef997bb7f 100644
--- a/nuclei-templates/2023/CVE-2023-7168-bf3890ad3455b3c44beacb3bebc6b11a.yaml
+++ b/nuclei-templates/2023/CVE-2023-7168-bf3890ad3455b3c44beacb3bebc6b11a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Follow Button for Jetpack <= 8.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Better Follow Button for Jetpack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-follow-button-for-jetpack/"
     google-query: inurl:"/wp-content/plugins/better-follow-button-for-jetpack/"
     shodan-query: 'vuln:CVE-2023-7168'
-  tags: cve,wordpress,wp-plugin,better-follow-button-for-jetpack,medium
+  tags: cve,wordpress,wp-plugin,better-follow-button-for-jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7198-d64722e01dc579e8e1b721ed84873800.yaml b/nuclei-templates/2023/CVE-2023-7198-d64722e01dc579e8e1b721ed84873800.yaml
index a6bf59054f..0730e9d953 100644
--- a/nuclei-templates/2023/CVE-2023-7198-d64722e01dc579e8e1b721ed84873800.yaml
+++ b/nuclei-templates/2023/CVE-2023-7198-d64722e01dc579e8e1b721ed84873800.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Dashboard Notes <= 1.0.10 - Insecure Direct Object References to Authenticated Private Note Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Dashboard Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.10 via the 'post_id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers to delete private notes associated with other user accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dashboard-notes/"
     google-query: inurl:"/wp-content/plugins/wp-dashboard-notes/"
     shodan-query: 'vuln:CVE-2023-7198'
-  tags: cve,wordpress,wp-plugin,wp-dashboard-notes,medium
+  tags: cve,wordpress,wp-plugin,wp-dashboard-notes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7199-54a6c2fc6f1decd20e0ec9cd229454ec.yaml b/nuclei-templates/2023/CVE-2023-7199-54a6c2fc6f1decd20e0ec9cd229454ec.yaml
index e44d181344..3be8737567 100644
--- a/nuclei-templates/2023/CVE-2023-7199-54a6c2fc6f1decd20e0ec9cd229454ec.yaml
+++ b/nuclei-templates/2023/CVE-2023-7199-54a6c2fc6f1decd20e0ec9cd229454ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevanssi <= 4.21.2 (Free) and < 2.25.0 (Premium) - Missing Authorization to Unauthorized Post Access
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to insufficient limitation of a user controlled key in all versions up to, and including, 4.21.2 (Free) and < 2.25.0 (Premium). This makes it possible for unauthenticated attackers to view private and draft posts that may contain sensitive information.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2023-7199
   metadata:
-    fofa-query: "wp-content/plugins/relevanssi-premium/"
-    google-query: inurl:"/wp-content/plugins/relevanssi-premium/"
+    fofa-query: "wp-content/plugins/relevanssi/"
+    google-query: inurl:"/wp-content/plugins/relevanssi/"
     shodan-query: 'vuln:CVE-2023-7199'
-  tags: cve,wordpress,wp-plugin,relevanssi-premium,medium
+  tags: cve,wordpress,wp-plugin,relevanssi,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/relevanssi-premium/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/relevanssi/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "relevanssi-premium"
+          - "relevanssi"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 2.25.0')
\ No newline at end of file
+          - compare_versions(version, '<= 4.21.2')
\ No newline at end of file
diff --git a/nuclei-templates/2023/CVE-2023-7201-5c5b5355efecc468361938b2443e7783.yaml b/nuclei-templates/2023/CVE-2023-7201-5c5b5355efecc468361938b2443e7783.yaml
index e35d9f9e20..303c51ab2c 100644
--- a/nuclei-templates/2023/CVE-2023-7201-5c5b5355efecc468361938b2443e7783.yaml
+++ b/nuclei-templates/2023/CVE-2023-7201-5c5b5355efecc468361938b2443e7783.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Everest Backup <= 2.2.4 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Everest Backup plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the backup file upload functionality in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/everest-backup/"
     google-query: inurl:"/wp-content/plugins/everest-backup/"
     shodan-query: 'vuln:CVE-2023-7201'
-  tags: cve,wordpress,wp-plugin,everest-backup,high
+  tags: cve,wordpress,wp-plugin,everest-backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7202-e34616bfa39928844a257bee23d26881.yaml b/nuclei-templates/2023/CVE-2023-7202-e34616bfa39928844a257bee23d26881.yaml
index 716806b522..f5fc56b82e 100644
--- a/nuclei-templates/2023/CVE-2023-7202-e34616bfa39928844a257bee23d26881.yaml
+++ b/nuclei-templates/2023/CVE-2023-7202-e34616bfa39928844a257bee23d26881.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fatal Error Notify <= 1.5.2 - Missing Authorization to Test Error Email Sending
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Fatal Error Notify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the test_error AJAX action in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to send test error emails to the administrator email address without restriction. CVE-2024-32455 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fatal-error-notify/"
     google-query: inurl:"/wp-content/plugins/fatal-error-notify/"
     shodan-query: 'vuln:CVE-2023-7202'
-  tags: cve,wordpress,wp-plugin,fatal-error-notify,medium
+  tags: cve,wordpress,wp-plugin,fatal-error-notify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7203-280e3b3d0994374de6814f38b2990648.yaml b/nuclei-templates/2023/CVE-2023-7203-280e3b3d0994374de6814f38b2990648.yaml
index 74c74d6d9c..dc7ff8708f 100644
--- a/nuclei-templates/2023/CVE-2023-7203-280e3b3d0994374de6814f38b2990648.yaml
+++ b/nuclei-templates/2023/CVE-2023-7203-280e3b3d0994374de6814f38b2990648.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Forms <= 2.6.86 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the rednao_smart_form_delete_entries() AJAX action in all versions up to, and including, 2.6.86. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete form entries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-forms/"
     google-query: inurl:"/wp-content/plugins/smart-forms/"
     shodan-query: 'vuln:CVE-2023-7203'
-  tags: cve,wordpress,wp-plugin,smart-forms,medium
+  tags: cve,wordpress,wp-plugin,smart-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7225-001b828c3c08777c5f66954153002511.yaml b/nuclei-templates/2023/CVE-2023-7225-001b828c3c08777c5f66954153002511.yaml
index b4c95c3280..f3c6843416 100644
--- a/nuclei-templates/2023/CVE-2023-7225-001b828c3c08777c5f66954153002511.yaml
+++ b/nuclei-templates/2023/CVE-2023-7225-001b828c3c08777c5f66954153002511.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MapPress <= 2.88.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/"
     shodan-query: 'vuln:CVE-2023-7225'
-  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7230-4fbe78a27e0a415c3958fe330e75a188.yaml b/nuclei-templates/2023/CVE-2023-7230-4fbe78a27e0a415c3958fe330e75a188.yaml
index 776f128d38..cbe9de181c 100644
--- a/nuclei-templates/2023/CVE-2023-7230-4fbe78a27e0a415c3958fe330e75a188.yaml
+++ b/nuclei-templates/2023/CVE-2023-7230-4fbe78a27e0a415c3958fe330e75a188.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     illi Link Party! <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The illi Link Party! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-party/"
     google-query: inurl:"/wp-content/plugins/link-party/"
     shodan-query: 'vuln:CVE-2023-7230'
-  tags: cve,wordpress,wp-plugin,link-party,medium
+  tags: cve,wordpress,wp-plugin,link-party,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7231-a8c0b404c2334a1ce94afe05ce1ef335.yaml b/nuclei-templates/2023/CVE-2023-7231-a8c0b404c2334a1ce94afe05ce1ef335.yaml
index fc26a0009a..da4a40827e 100644
--- a/nuclei-templates/2023/CVE-2023-7231-a8c0b404c2334a1ce94afe05ce1ef335.yaml
+++ b/nuclei-templates/2023/CVE-2023-7231-a8c0b404c2334a1ce94afe05ce1ef335.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     illi Link Party! <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Link Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The illi Link Party! plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to delete arbitrary links.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-party/"
     google-query: inurl:"/wp-content/plugins/link-party/"
     shodan-query: 'vuln:CVE-2023-7231'
-  tags: cve,wordpress,wp-plugin,link-party,medium
+  tags: cve,wordpress,wp-plugin,link-party,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7233-9b85cc5dac11e87b56eb1483e446220f.yaml b/nuclei-templates/2023/CVE-2023-7233-9b85cc5dac11e87b56eb1483e446220f.yaml
index 7db9aeb687..046e69a51a 100644
--- a/nuclei-templates/2023/CVE-2023-7233-9b85cc5dac11e87b56eb1483e446220f.yaml
+++ b/nuclei-templates/2023/CVE-2023-7233-9b85cc5dac11e87b56eb1483e446220f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GigPress <= 2.3.29 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GigPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gigpress/"
     google-query: inurl:"/wp-content/plugins/gigpress/"
     shodan-query: 'vuln:CVE-2023-7233'
-  tags: cve,wordpress,wp-plugin,gigpress,medium
+  tags: cve,wordpress,wp-plugin,gigpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7239-49ce77ee7ff4dfc9b11f4efe4714eccb.yaml b/nuclei-templates/2023/CVE-2023-7239-49ce77ee7ff4dfc9b11f4efe4714eccb.yaml
index 3f7bb45b54..bcf67023a3 100644
--- a/nuclei-templates/2023/CVE-2023-7239-49ce77ee7ff4dfc9b11f4efe4714eccb.yaml
+++ b/nuclei-templates/2023/CVE-2023-7239-49ce77ee7ff4dfc9b11f4efe4714eccb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Dashboard Notes <= 1.0.10 - Missing Authorization to Arbitrary Private Notes Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Dashboard Notes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdn_update_note AJAX action in all versions up to, and including, 1.0.10. This makes it possible for authenticated attackers, with contributor-level access and above, to modify private notes created by other users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dashboard-notes/"
     google-query: inurl:"/wp-content/plugins/wp-dashboard-notes/"
     shodan-query: 'vuln:CVE-2023-7239'
-  tags: cve,wordpress,wp-plugin,wp-dashboard-notes,medium
+  tags: cve,wordpress,wp-plugin,wp-dashboard-notes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7246-b60f7befa67eb443974e00d882b10881.yaml b/nuclei-templates/2023/CVE-2023-7246-b60f7befa67eb443974e00d882b10881.yaml
index a5edee8b6d..f1d853b12d 100644
--- a/nuclei-templates/2023/CVE-2023-7246-b60f7befa67eb443974e00d882b10881.yaml
+++ b/nuclei-templates/2023/CVE-2023-7246-b60f7befa67eb443974e00d882b10881.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     System Dashboard  <= 2.8.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The System Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 2.8.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/system-dashboard/"
     google-query: inurl:"/wp-content/plugins/system-dashboard/"
     shodan-query: 'vuln:CVE-2023-7246'
-  tags: cve,wordpress,wp-plugin,system-dashboard,medium
+  tags: cve,wordpress,wp-plugin,system-dashboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7251-ec6e68cb23a447be8fad62b8d99d082d.yaml b/nuclei-templates/2023/CVE-2023-7251-ec6e68cb23a447be8fad62b8d99d082d.yaml
index b779f5bd09..c31d9bb8e3 100644
--- a/nuclei-templates/2023/CVE-2023-7251-ec6e68cb23a447be8fad62b8d99d082d.yaml
+++ b/nuclei-templates/2023/CVE-2023-7251-ec6e68cb23a447be8fad62b8d99d082d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Submitted Posts <= 20230901 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 20230901 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-submitted-posts/"
     google-query: inurl:"/wp-content/plugins/user-submitted-posts/"
     shodan-query: 'vuln:CVE-2023-7251'
-  tags: cve,wordpress,wp-plugin,user-submitted-posts,medium
+  tags: cve,wordpress,wp-plugin,user-submitted-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2023/CVE-2023-7253-6ceb62cda68f33df94c6d2d8223676b0.yaml b/nuclei-templates/2023/CVE-2023-7253-6ceb62cda68f33df94c6d2d8223676b0.yaml
index a1489d4ae7..2bf0be35db 100644
--- a/nuclei-templates/2023/CVE-2023-7253-6ceb62cda68f33df94c6d2d8223676b0.yaml
+++ b/nuclei-templates/2023/CVE-2023-7253-6ceb62cda68f33df94c6d2d8223676b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import WP – Export and Import CSV and XML files to WordPress <= 2.13.0 - Authenticated (Admin+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.13.0 via the /wp-json/iwp/v1/importer/$IMPORTERID/upload REST API endpoint. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jc-importer/"
     google-query: inurl:"/wp-content/plugins/jc-importer/"
     shodan-query: 'vuln:CVE-2023-7253'
-  tags: cve,wordpress,wp-plugin,jc-importer,medium
+  tags: cve,wordpress,wp-plugin,jc-importer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0201-c7b36bc8204aa5070cf82a1f950c7e42.yaml b/nuclei-templates/2024/CVE-2024-0201-c7b36bc8204aa5070cf82a1f950c7e42.yaml
index 29399cde23..86350b7ebb 100644
--- a/nuclei-templates/2024/CVE-2024-0201-c7b36bc8204aa5070cf82a1f950c7e42.yaml
+++ b/nuclei-templates/2024/CVE-2024-0201-c7b36bc8204aa5070cf82a1f950c7e42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Expiry for WooCommerce <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings. CVE-2023-52179 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-expiry-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/product-expiry-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-0201'
-  tags: cve,wordpress,wp-plugin,product-expiry-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,product-expiry-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0203-b7d7504fc6882ec831aaed54e5e753c7.yaml b/nuclei-templates/2024/CVE-2024-0203-b7d7504fc6882ec831aaed54e5e753c7.yaml
index ae5fa2278b..882b291b18 100644
--- a/nuclei-templates/2024/CVE-2024-0203-b7d7504fc6882ec831aaed54e5e753c7.yaml
+++ b/nuclei-templates/2024/CVE-2024-0203-b7d7504fc6882ec831aaed54e5e753c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Digits <= 8.4.1 - Cross-Site Request Forgery to Privilege Escalation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/digits/"
     google-query: inurl:"/wp-content/plugins/digits/"
     shodan-query: 'vuln:CVE-2024-0203'
-  tags: cve,wordpress,wp-plugin,digits,high
+  tags: cve,wordpress,wp-plugin,digits,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0212-82dd6e10056d4e2acdde095ee3c87000.yaml b/nuclei-templates/2024/CVE-2024-0212-82dd6e10056d4e2acdde095ee3c87000.yaml
index bd7c877f11..8656a6159b 100644
--- a/nuclei-templates/2024/CVE-2024-0212-82dd6e10056d4e2acdde095ee3c87000.yaml
+++ b/nuclei-templates/2024/CVE-2024-0212-82dd6e10056d4e2acdde095ee3c87000.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cloudflare <= 4.12.2 - Missing Authorization via initProxy
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cloudflare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'initProxy' function in versions up to and including 4.12.2. This makes it possible for authenticated attackers, with subscriber access and above, to send requests proxied through Cloudflare to arbitrary URLs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cloudflare/"
     google-query: inurl:"/wp-content/plugins/cloudflare/"
     shodan-query: 'vuln:CVE-2024-0212'
-  tags: cve,wordpress,wp-plugin,cloudflare,medium
+  tags: cve,wordpress,wp-plugin,cloudflare,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0216-cc3e06da44808e338c8d593b5ba332ad.yaml b/nuclei-templates/2024/CVE-2024-0216-cc3e06da44808e338c8d593b5ba332ad.yaml
index a9e6980cc4..4008494ea1 100644
--- a/nuclei-templates/2024/CVE-2024-0216-cc3e06da44808e338c8d593b5ba332ad.yaml
+++ b/nuclei-templates/2024/CVE-2024-0216-cc3e06da44808e338c8d593b5ba332ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Doc Embedder <= 2.6.4 - Authenticated (Contributor+) Blind Server Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-document-embedder/"
     google-query: inurl:"/wp-content/plugins/google-document-embedder/"
     shodan-query: 'vuln:CVE-2024-0216'
-  tags: cve,wordpress,wp-plugin,google-document-embedder,medium
+  tags: cve,wordpress,wp-plugin,google-document-embedder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0233-83c99024de6733ef722985ade6213db3.yaml b/nuclei-templates/2024/CVE-2024-0233-83c99024de6733ef722985ade6213db3.yaml
index 9d6a207af8..bbcce7ecd2 100644
--- a/nuclei-templates/2024/CVE-2024-0233-83c99024de6733ef722985ade6213db3.yaml
+++ b/nuclei-templates/2024/CVE-2024-0233-83c99024de6733ef722985ade6213db3.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2024-0233
   metadata:
-    fofa-query: "wp-content/plugins/eventon-lite/"
-    google-query: inurl:"/wp-content/plugins/eventon-lite/"
+    fofa-query: "wp-content/plugins/eventon/"
+    google-query: inurl:"/wp-content/plugins/eventon/"
     shodan-query: 'vuln:CVE-2024-0233'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "eventon-lite"
+          - "eventon"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.2.7')
\ No newline at end of file
+          - compare_versions(version, '<= 4.5.4')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-0235-4534912fcab3ecf2a9fe501762efc225.yaml b/nuclei-templates/2024/CVE-2024-0235-4534912fcab3ecf2a9fe501762efc225.yaml
index ee4b06613b..c9993b391b 100644
--- a/nuclei-templates/2024/CVE-2024-0235-4534912fcab3ecf2a9fe501762efc225.yaml
+++ b/nuclei-templates/2024/CVE-2024-0235-4534912fcab3ecf2a9fe501762efc225.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Missing Authorization via get_virtual_users
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EventON plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_virtual_users() function in all versions up, and including to 4.5.4 (premium) & 2.2.7 (free). This makes it possible for unauthenticated attackers to retrieve email addresses from the blog.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2024-0235
   metadata:
-    fofa-query: "wp-content/plugins/eventon-lite/"
-    google-query: inurl:"/wp-content/plugins/eventon-lite/"
+    fofa-query: "wp-content/plugins/eventon/"
+    google-query: inurl:"/wp-content/plugins/eventon/"
     shodan-query: 'vuln:CVE-2024-0235'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "eventon-lite"
+          - "eventon"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.2.7')
\ No newline at end of file
+          - compare_versions(version, '<= 4.5.4')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-0236-2c733617d0e1924a092044fd73aaa5a5.yaml b/nuclei-templates/2024/CVE-2024-0236-2c733617d0e1924a092044fd73aaa5a5.yaml
index 8eddef5517..9af359c009 100644
--- a/nuclei-templates/2024/CVE-2024-0236-2c733617d0e1924a092044fd73aaa5a5.yaml
+++ b/nuclei-templates/2024/CVE-2024-0236-2c733617d0e1924a092044fd73aaa5a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Missing Authorization via config_virtual_event
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the config_virtual_event() function in various versions. This makes it possible for unauthenticated attackers to retrieve the settings of arbitrary virtual events which can contain password data.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2024-0236
   metadata:
-    fofa-query: "wp-content/plugins/eventon-lite/"
-    google-query: inurl:"/wp-content/plugins/eventon-lite/"
+    fofa-query: "wp-content/plugins/eventon/"
+    google-query: inurl:"/wp-content/plugins/eventon/"
     shodan-query: 'vuln:CVE-2024-0236'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "eventon-lite"
+          - "eventon"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.2.7')
\ No newline at end of file
+          - compare_versions(version, '<= 4.5.4')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-0237-9a365d69136d08070aadedc43ca85c95.yaml b/nuclei-templates/2024/CVE-2024-0237-9a365d69136d08070aadedc43ca85c95.yaml
index 2c28ca6657..ed33d83e68 100644
--- a/nuclei-templates/2024/CVE-2024-0237-9a365d69136d08070aadedc43ca85c95.yaml
+++ b/nuclei-templates/2024/CVE-2024-0237-9a365d69136d08070aadedc43ca85c95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventON - WordPress Virtual Event Calendar Plugin <= 4.5.8 (Pro) & <= 2.2.7 (Free) - Missing Authorization via eventon_save_virtual_event_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple plugins and/or themes for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on several function in various versions. This makes it possible for unauthenticated attackers to save virtual event settings.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2024-0237
   metadata:
-    fofa-query: "wp-content/plugins/eventon-lite/"
-    google-query: inurl:"/wp-content/plugins/eventon-lite/"
+    fofa-query: "wp-content/plugins/eventon/"
+    google-query: inurl:"/wp-content/plugins/eventon/"
     shodan-query: 'vuln:CVE-2024-0237'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "eventon-lite"
+          - "eventon"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.2.7')
\ No newline at end of file
+          - compare_versions(version, '<= 4.5.8')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-0248-15118c222c3d3efe10e0b60b12d7cf6e.yaml b/nuclei-templates/2024/CVE-2024-0248-15118c222c3d3efe10e0b60b12d7cf6e.yaml
index 99d8b9c819..63f1851be2 100644
--- a/nuclei-templates/2024/CVE-2024-0248-15118c222c3d3efe10e0b60b12d7cf6e.yaml
+++ b/nuclei-templates/2024/CVE-2024-0248-15118c222c3d3efe10e0b60b12d7cf6e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EazyDocs 2.3.8 - 2.3.9 -  Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EazyDocs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on various functions in versions 2.3.8 to 2.3.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and add/delete documents and sections.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eazydocs/"
     google-query: inurl:"/wp-content/plugins/eazydocs/"
     shodan-query: 'vuln:CVE-2024-0248'
-  tags: cve,wordpress,wp-plugin,eazydocs,medium
+  tags: cve,wordpress,wp-plugin,eazydocs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0254-982e9cfa43c440d5e945696eaf09286b.yaml b/nuclei-templates/2024/CVE-2024-0254-982e9cfa43c440d5e945696eaf09286b.yaml
index 7a1ee0908c..1de78b6508 100644
--- a/nuclei-templates/2024/CVE-2024-0254-982e9cfa43c440d5e945696eaf09286b.yaml
+++ b/nuclei-templates/2024/CVE-2024-0254-982e9cfa43c440d5e945696eaf09286b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     (Simply) Guest Author Name <= 4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/guest-author-name/"
     google-query: inurl:"/wp-content/plugins/guest-author-name/"
     shodan-query: 'vuln:CVE-2024-0254'
-  tags: cve,wordpress,wp-plugin,guest-author-name,medium
+  tags: cve,wordpress,wp-plugin,guest-author-name,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0255-f594e103526836b64061a1f68427567d.yaml b/nuclei-templates/2024/CVE-2024-0255-f594e103526836b64061a1f68427567d.yaml
index 1062465337..2c89fe38cb 100644
--- a/nuclei-templates/2024/CVE-2024-0255-f594e103526836b64061a1f68427567d.yaml
+++ b/nuclei-templates/2024/CVE-2024-0255-f594e103526836b64061a1f68427567d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icon_color
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recipe-maker/"
     google-query: inurl:"/wp-content/plugins/wp-recipe-maker/"
     shodan-query: 'vuln:CVE-2024-0255'
-  tags: cve,wordpress,wp-plugin,wp-recipe-maker,medium
+  tags: cve,wordpress,wp-plugin,wp-recipe-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0256-97fda38a75735b5bdc9de194b151a883.yaml b/nuclei-templates/2024/CVE-2024-0256-97fda38a75735b5bdc9de194b151a883.yaml
index 483cda80af..665ae3571f 100644
--- a/nuclei-templates/2024/CVE-2024-0256-97fda38a75735b5bdc9de194b151a883.yaml
+++ b/nuclei-templates/2024/CVE-2024-0256-97fda38a75735b5bdc9de194b151a883.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Display Name and Social Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/starbox/"
     google-query: inurl:"/wp-content/plugins/starbox/"
     shodan-query: 'vuln:CVE-2024-0256'
-  tags: cve,wordpress,wp-plugin,starbox,medium
+  tags: cve,wordpress,wp-plugin,starbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0326-63b73f38de8e42ff42c365ddf35b05de.yaml b/nuclei-templates/2024/CVE-2024-0326-63b73f38de8e42ff42c365ddf35b05de.yaml
index 970ae6d5fc..b743415b40 100644
--- a/nuclei-templates/2024/CVE-2024-0326-63b73f38de8e42ff42c365ddf35b05de.yaml
+++ b/nuclei-templates/2024/CVE-2024-0326-63b73f38de8e42ff42c365ddf35b05de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's onClick Event functionality in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping on user supplied events. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-0326'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0326-d5a4a92d920eb71aaeb7667326f31fb1.yaml b/nuclei-templates/2024/CVE-2024-0326-d5a4a92d920eb71aaeb7667326f31fb1.yaml
index abf55313c8..7e9ffce138 100644
--- a/nuclei-templates/2024/CVE-2024-0326-d5a4a92d920eb71aaeb7667326f31fb1.yaml
+++ b/nuclei-templates/2024/CVE-2024-0326-d5a4a92d920eb71aaeb7667326f31fb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Link Wrapper
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-0326'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0334-9ac2eb6aa79c6ee262cfc473810b750d.yaml b/nuclei-templates/2024/CVE-2024-0334-9ac2eb6aa79c6ee262cfc473810b750d.yaml
index fb69dd97f3..303e78e6ae 100644
--- a/nuclei-templates/2024/CVE-2024-0334-9ac2eb6aa79c6ee262cfc473810b750d.yaml
+++ b/nuclei-templates/2024/CVE-2024-0334-9ac2eb6aa79c6ee262cfc473810b750d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attribute of a link in several Elementor widgets in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jeg-elementor-kit/"
     google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/"
     shodan-query: 'vuln:CVE-2024-0334'
-  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,medium
+  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0365-4e867da6f1b40e5f079dbf8385eca830.yaml b/nuclei-templates/2024/CVE-2024-0365-4e867da6f1b40e5f079dbf8385eca830.yaml
index 437c677d66..209824d32b 100644
--- a/nuclei-templates/2024/CVE-2024-0365-4e867da6f1b40e5f079dbf8385eca830.yaml
+++ b/nuclei-templates/2024/CVE-2024-0365-4e867da6f1b40e5f079dbf8385eca830.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fancy Product Designer <= 6.1.4 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Fancy Product Designer plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancy-product-designer/"
     google-query: inurl:"/wp-content/plugins/fancy-product-designer/"
     shodan-query: 'vuln:CVE-2024-0365'
-  tags: cve,wordpress,wp-plugin,fancy-product-designer,critical
+  tags: cve,wordpress,wp-plugin,fancy-product-designer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0367-8b1647a7cae04c475a434c97e40430f4.yaml b/nuclei-templates/2024/CVE-2024-0367-8b1647a7cae04c475a434c97e40430f4.yaml
index 402536d518..7943cb58f7 100644
--- a/nuclei-templates/2024/CVE-2024-0367-8b1647a7cae04c475a434c97e40430f4.yaml
+++ b/nuclei-templates/2024/CVE-2024-0367-8b1647a7cae04c475a434c97e40430f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., 'Button Link') in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/"
     google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/"
     shodan-query: 'vuln:CVE-2024-0367'
-  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0369-e79dfaa6d6a126465f94617b43a94699.yaml b/nuclei-templates/2024/CVE-2024-0369-e79dfaa6d6a126465f94617b43a94699.yaml
index c5d27a92b9..79c3be1570 100644
--- a/nuclei-templates/2024/CVE-2024-0369-e79dfaa6d6a126465f94617b43a94699.yaml
+++ b/nuclei-templates/2024/CVE-2024-0369-e79dfaa6d6a126465f94617b43a94699.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bulk Edit Post Titles <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-edit-post-titles/"
     google-query: inurl:"/wp-content/plugins/bulk-edit-post-titles/"
     shodan-query: 'vuln:CVE-2024-0369'
-  tags: cve,wordpress,wp-plugin,bulk-edit-post-titles,medium
+  tags: cve,wordpress,wp-plugin,bulk-edit-post-titles,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0370-0b7d0113722a4b24cdf6bdf7adba767c.yaml b/nuclei-templates/2024/CVE-2024-0370-0b7d0113722a4b24cdf6bdf7adba767c.yaml
index 4928e2d4f6..9ce7860292 100644
--- a/nuclei-templates/2024/CVE-2024-0370-0b7d0113722a4b24cdf6bdf7adba767c.yaml
+++ b/nuclei-templates/2024/CVE-2024-0370-0b7d0113722a4b24cdf6bdf7adba767c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Views for WPForms <= 3.2.2 - Missing Authorization via save_view
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/views-for-wpforms-lite/"
     google-query: inurl:"/wp-content/plugins/views-for-wpforms-lite/"
     shodan-query: 'vuln:CVE-2024-0370'
-  tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,medium
+  tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0371-8cd4e41bc9637a2e580f2b8d0e6a5222.yaml b/nuclei-templates/2024/CVE-2024-0371-8cd4e41bc9637a2e580f2b8d0e6a5222.yaml
index a51f55faad..19f57edc68 100644
--- a/nuclei-templates/2024/CVE-2024-0371-8cd4e41bc9637a2e580f2b8d0e6a5222.yaml
+++ b/nuclei-templates/2024/CVE-2024-0371-8cd4e41bc9637a2e580f2b8d0e6a5222.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Views for WPForms <= 3.2.2 - Missing Authorization via create_view
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/views-for-wpforms-lite/"
     google-query: inurl:"/wp-content/plugins/views-for-wpforms-lite/"
     shodan-query: 'vuln:CVE-2024-0371'
-  tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,medium
+  tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0372-56d2c56931ff57a31974c2c98619fbfb.yaml b/nuclei-templates/2024/CVE-2024-0372-56d2c56931ff57a31974c2c98619fbfb.yaml
index 9c05a75c26..40ab87a284 100644
--- a/nuclei-templates/2024/CVE-2024-0372-56d2c56931ff57a31974c2c98619fbfb.yaml
+++ b/nuclei-templates/2024/CVE-2024-0372-56d2c56931ff57a31974c2c98619fbfb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/views-for-wpforms-lite/"
     google-query: inurl:"/wp-content/plugins/views-for-wpforms-lite/"
     shodan-query: 'vuln:CVE-2024-0372'
-  tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,medium
+  tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0376-c1aa3c18402d6565768dc2655ac439f3.yaml b/nuclei-templates/2024/CVE-2024-0376-c1aa3c18402d6565768dc2655ac439f3.yaml
index 3ffd45fca1..33562ea7e6 100644
--- a/nuclei-templates/2024/CVE-2024-0376-c1aa3c18402d6565768dc2655ac439f3.yaml
+++ b/nuclei-templates/2024/CVE-2024-0376-c1aa3c18402d6565768dc2655ac439f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-0376'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0377-a12053c70cb8a7dc00df12e53f227856.yaml b/nuclei-templates/2024/CVE-2024-0377-a12053c70cb8a7dc00df12e53f227856.yaml
index 3106637345..da3942110d 100644
--- a/nuclei-templates/2024/CVE-2024-0377-a12053c70cb8a7dc00df12e53f227856.yaml
+++ b/nuclei-templates/2024/CVE-2024-0377-a12053c70cb8a7dc00df12e53f227856.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LifterLMS – WordPress LMS Plugin for eLearning <= 7.5.1 - Missing Authorization via process_review
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lifterlms/"
     google-query: inurl:"/wp-content/plugins/lifterlms/"
     shodan-query: 'vuln:CVE-2024-0377'
-  tags: cve,wordpress,wp-plugin,lifterlms,medium
+  tags: cve,wordpress,wp-plugin,lifterlms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0378-e074a411b9f033a38afc60d73e72553d.yaml b/nuclei-templates/2024/CVE-2024-0378-e074a411b9f033a38afc60d73e72553d.yaml
index 201b7c7970..7406021b22 100644
--- a/nuclei-templates/2024/CVE-2024-0378-e074a411b9f033a38afc60d73e72553d.yaml
+++ b/nuclei-templates/2024/CVE-2024-0378-e074a411b9f033a38afc60d73e72553d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI Engine <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ai-engine/"
     google-query: inurl:"/wp-content/plugins/ai-engine/"
     shodan-query: 'vuln:CVE-2024-0378'
-  tags: cve,wordpress,wp-plugin,ai-engine,medium
+  tags: cve,wordpress,wp-plugin,ai-engine,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0381-948461229b764fced19a13ef5ba11252.yaml b/nuclei-templates/2024/CVE-2024-0381-948461229b764fced19a13ef5ba11252.yaml
index d0fc2d8498..0d6d01ccfc 100644
--- a/nuclei-templates/2024/CVE-2024-0381-948461229b764fced19a13ef5ba11252.yaml
+++ b/nuclei-templates/2024/CVE-2024-0381-948461229b764fced19a13ef5ba11252.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recipe-maker/"
     google-query: inurl:"/wp-content/plugins/wp-recipe-maker/"
     shodan-query: 'vuln:CVE-2024-0381'
-  tags: cve,wordpress,wp-plugin,wp-recipe-maker,medium
+  tags: cve,wordpress,wp-plugin,wp-recipe-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0382-563c86924064bbeed4e8a4af90017e06.yaml b/nuclei-templates/2024/CVE-2024-0382-563c86924064bbeed4e8a4af90017e06.yaml
index bbf368ce0a..a446b440fc 100644
--- a/nuclei-templates/2024/CVE-2024-0382-563c86924064bbeed4e8a4af90017e06.yaml
+++ b/nuclei-templates/2024/CVE-2024-0382-563c86924064bbeed4e8a4af90017e06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recipe-maker/"
     google-query: inurl:"/wp-content/plugins/wp-recipe-maker/"
     shodan-query: 'vuln:CVE-2024-0382'
-  tags: cve,wordpress,wp-plugin,wp-recipe-maker,medium
+  tags: cve,wordpress,wp-plugin,wp-recipe-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0384-55265bc94a3e60f3cd5f796b692a1dbf.yaml b/nuclei-templates/2024/CVE-2024-0384-55265bc94a3e60f3cd5f796b692a1dbf.yaml
index 3a3a55a9d9..c6dc65b616 100644
--- a/nuclei-templates/2024/CVE-2024-0384-55265bc94a3e60f3cd5f796b692a1dbf.yaml
+++ b/nuclei-templates/2024/CVE-2024-0384-55265bc94a3e60f3cd5f796b692a1dbf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Recipe Notes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recipe-maker/"
     google-query: inurl:"/wp-content/plugins/wp-recipe-maker/"
     shodan-query: 'vuln:CVE-2024-0384'
-  tags: cve,wordpress,wp-plugin,wp-recipe-maker,medium
+  tags: cve,wordpress,wp-plugin,wp-recipe-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0385-5f87f741e48b627a6080cd7b2aa94d46.yaml b/nuclei-templates/2024/CVE-2024-0385-5f87f741e48b627a6080cd7b2aa94d46.yaml
index 7066a6d241..fc41cc7698 100644
--- a/nuclei-templates/2024/CVE-2024-0385-5f87f741e48b627a6080cd7b2aa94d46.yaml
+++ b/nuclei-templates/2024/CVE-2024-0385-5f87f741e48b627a6080cd7b2aa94d46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/categorify/"
     google-query: inurl:"/wp-content/plugins/categorify/"
     shodan-query: 'vuln:CVE-2024-0385'
-  tags: cve,wordpress,wp-plugin,categorify,medium
+  tags: cve,wordpress,wp-plugin,categorify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0399-1cb42f62394546a329e0486aa05cce34.yaml b/nuclei-templates/2024/CVE-2024-0399-1cb42f62394546a329e0486aa05cce34.yaml
index 362c870cf5..0363bfea9a 100644
--- a/nuclei-templates/2024/CVE-2024-0399-1cb42f62394546a329e0486aa05cce34.yaml
+++ b/nuclei-templates/2024/CVE-2024-0399-1cb42f62394546a329e0486aa05cce34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Customers Manager <= 29.6 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WooCommerce Customers Manager plugin for WordPress is vulnerable to SQL Injection via the 'max_amount_total' parameter in all versions up to, and including, 29.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-customers-manager/"
     google-query: inurl:"/wp-content/plugins/woocommerce-customers-manager/"
     shodan-query: 'vuln:CVE-2024-0399'
-  tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,critical
+  tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0405-fd93b73cf46336153d1b2692824ed6b3.yaml b/nuclei-templates/2024/CVE-2024-0405-fd93b73cf46336153d1b2692824ed6b3.yaml
index b5b58a5cfb..d6eb409fd2 100644
--- a/nuclei-templates/2024/CVE-2024-0405-fd93b73cf46336153d1b2692824ed6b3.yaml
+++ b/nuclei-templates/2024/CVE-2024-0405-fd93b73cf46336153d1b2692824ed6b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/burst-statistics/"
     google-query: inurl:"/wp-content/plugins/burst-statistics/"
     shodan-query: 'vuln:CVE-2024-0405'
-  tags: cve,wordpress,wp-plugin,burst-statistics,high
+  tags: cve,wordpress,wp-plugin,burst-statistics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0420-f49ac78d75e6d3fb0dc3afda46d041dc.yaml b/nuclei-templates/2024/CVE-2024-0420-f49ac78d75e6d3fb0dc3afda46d041dc.yaml
index f80435b121..1d7e54841c 100644
--- a/nuclei-templates/2024/CVE-2024-0420-f49ac78d75e6d3fb0dc3afda46d041dc.yaml
+++ b/nuclei-templates/2024/CVE-2024-0420-f49ac78d75e6d3fb0dc3afda46d041dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MapPress Maps for WordPress <= 2.88.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via map titles in all versions up to, and including, 2.88.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/"
     shodan-query: 'vuln:CVE-2024-0420'
-  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0428-5f88cf9fcaa2bf2f8f88d764e30b12bd.yaml b/nuclei-templates/2024/CVE-2024-0428-5f88cf9fcaa2bf2f8f88d764e30b12bd.yaml
index 42235d92bb..84bd068e35 100644
--- a/nuclei-templates/2024/CVE-2024-0428-5f88cf9fcaa2bf2f8f88d764e30b12bd.yaml
+++ b/nuclei-templates/2024/CVE-2024-0428-5f88cf9fcaa2bf2f8f88d764e30b12bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Index Now <= 2.6.3 - Cross-Site Request Forgery via reset_form
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mihdan-index-now/"
     google-query: inurl:"/wp-content/plugins/mihdan-index-now/"
     shodan-query: 'vuln:CVE-2024-0428'
-  tags: cve,wordpress,wp-plugin,mihdan-index-now,high
+  tags: cve,wordpress,wp-plugin,mihdan-index-now,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0438-a01bc9677b84a6e36d4cf67ad2a5dc30.yaml b/nuclei-templates/2024/CVE-2024-0438-a01bc9677b84a6e36d4cf67ad2a5dc30.yaml
index ee73260beb..5f5d629ef5 100644
--- a/nuclei-templates/2024/CVE-2024-0438-a01bc9677b84a6e36d4cf67ad2a5dc30.yaml
+++ b/nuclei-templates/2024/CVE-2024-0438-a01bc9677b84a6e36d4cf67ad2a5dc30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-29108 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-0438'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0442-a8dfb144a96e09ab6fe557b583b0e2e1.yaml b/nuclei-templates/2024/CVE-2024-0442-a8dfb144a96e09ab6fe557b583b0e2e1.yaml
index e329601564..a0d5db3337 100644
--- a/nuclei-templates/2024/CVE-2024-0442-a8dfb144a96e09ab6fe557b583b0e2e1.yaml
+++ b/nuclei-templates/2024/CVE-2024-0442-a8dfb144a96e09ab6fe557b583b0e2e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons and Templates <= 1.3.87 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-0442'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0445-c3136cf32a8ee994d42daa37c82bd5e1.yaml b/nuclei-templates/2024/CVE-2024-0445-c3136cf32a8ee994d42daa37c82bd5e1.yaml
index 239a1315a2..c83e8a4316 100644
--- a/nuclei-templates/2024/CVE-2024-0445-c3136cf32a8ee994d42daa37c82bd5e1.yaml
+++ b/nuclei-templates/2024/CVE-2024-0445-c3136cf32a8ee994d42daa37c82bd5e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-34373 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-0445'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0447-a516963ffdc1c41b00bc8d54c0948a03.yaml b/nuclei-templates/2024/CVE-2024-0447-a516963ffdc1c41b00bc8d54c0948a03.yaml
index 8e83a24ea3..70ea9cdf2b 100644
--- a/nuclei-templates/2024/CVE-2024-0447-a516963ffdc1c41b00bc8d54c0948a03.yaml
+++ b/nuclei-templates/2024/CVE-2024-0447-a516963ffdc1c41b00bc8d54c0948a03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/artibot/"
     google-query: inurl:"/wp-content/plugins/artibot/"
     shodan-query: 'vuln:CVE-2024-0447'
-  tags: cve,wordpress,wp-plugin,artibot,medium
+  tags: cve,wordpress,wp-plugin,artibot,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0448-e5a323ffcfde2fc677ad46470b3d50f7.yaml b/nuclei-templates/2024/CVE-2024-0448-e5a323ffcfde2fc677ad46470b3d50f7.yaml
index 5af7c1ac6c..f9e06c66f7 100644
--- a/nuclei-templates/2024/CVE-2024-0448-e5a323ffcfde2fc677ad46470b3d50f7.yaml
+++ b/nuclei-templates/2024/CVE-2024-0448-e5a323ffcfde2fc677ad46470b3d50f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons by Livemesh <= 8.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-0448'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0449-a33517bbb57428ced1cfd6968a2c3a6b.yaml b/nuclei-templates/2024/CVE-2024-0449-a33517bbb57428ced1cfd6968a2c3a6b.yaml
index bb5a508d3f..d99d59163a 100644
--- a/nuclei-templates/2024/CVE-2024-0449-a33517bbb57428ced1cfd6968a2c3a6b.yaml
+++ b/nuclei-templates/2024/CVE-2024-0449-a33517bbb57428ced1cfd6968a2c3a6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/artibot/"
     google-query: inurl:"/wp-content/plugins/artibot/"
     shodan-query: 'vuln:CVE-2024-0449'
-  tags: cve,wordpress,wp-plugin,artibot,medium
+  tags: cve,wordpress,wp-plugin,artibot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0506-2a3ca00c5df2d9ec07efb3c8b755e2fe.yaml b/nuclei-templates/2024/CVE-2024-0506-2a3ca00c5df2d9ec07efb3c8b755e2fe.yaml
index 6d88dc0411..0edda3649a 100644
--- a/nuclei-templates/2024/CVE-2024-0506-2a3ca00c5df2d9ec07efb3c8b755e2fe.yaml
+++ b/nuclei-templates/2024/CVE-2024-0506-2a3ca00c5df2d9ec07efb3c8b755e2fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder – More than Just a Page Builder <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] parameter in the get_image_alt function in all versions up to, and including, 3.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2024-0506'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0508-6738f168d7a8aa50cafb43b72d6946b9.yaml b/nuclei-templates/2024/CVE-2024-0508-6738f168d7a8aa50cafb43b72d6946b9.yaml
index 246d5c5265..745428b1ba 100644
--- a/nuclei-templates/2024/CVE-2024-0508-6738f168d7a8aa50cafb43b72d6946b9.yaml
+++ b/nuclei-templates/2024/CVE-2024-0508-6738f168d7a8aa50cafb43b72d6946b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themeisle-companion/"
     google-query: inurl:"/wp-content/plugins/themeisle-companion/"
     shodan-query: 'vuln:CVE-2024-0508'
-  tags: cve,wordpress,wp-plugin,themeisle-companion,medium
+  tags: cve,wordpress,wp-plugin,themeisle-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0516-aba156d650d00c8cf56ce115df0a8a51.yaml b/nuclei-templates/2024/CVE-2024-0516-aba156d650d00c8cf56ce115df0a8a51.yaml
index 7b7cd19895..020efb267d 100644
--- a/nuclei-templates/2024/CVE-2024-0516-aba156d650d00c8cf56ce115df0a8a51.yaml
+++ b/nuclei-templates/2024/CVE-2024-0516-aba156d650d00c8cf56ce115df0a8a51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons and Templates <= 1.3.87 - Missing Authorization via wpr_update_form_action_meta
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-0516'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0559-d68b3bd827fa2538356da72861992193.yaml b/nuclei-templates/2024/CVE-2024-0559-d68b3bd827fa2538356da72861992193.yaml
index 57a1242789..340ea31263 100644
--- a/nuclei-templates/2024/CVE-2024-0559-d68b3bd827fa2538356da72861992193.yaml
+++ b/nuclei-templates/2024/CVE-2024-0559-d68b3bd827fa2538356da72861992193.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enhanced Text Widget <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Enhanced Text Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget options in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-text-widget/"
     google-query: inurl:"/wp-content/plugins/enhanced-text-widget/"
     shodan-query: 'vuln:CVE-2024-0559'
-  tags: cve,wordpress,wp-plugin,enhanced-text-widget,medium
+  tags: cve,wordpress,wp-plugin,enhanced-text-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0561-36882e902da34c7275792dd2c6fee99b.yaml b/nuclei-templates/2024/CVE-2024-0561-36882e902da34c7275792dd2c6fee99b.yaml
index d656295ad4..f0c879bf37 100644
--- a/nuclei-templates/2024/CVE-2024-0561-36882e902da34c7275792dd2c6fee99b.yaml
+++ b/nuclei-templates/2024/CVE-2024-0561-36882e902da34c7275792dd2c6fee99b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Posts Widget <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Posts Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-posts-widget/"
     google-query: inurl:"/wp-content/plugins/ultimate-posts-widget/"
     shodan-query: 'vuln:CVE-2024-0561'
-  tags: cve,wordpress,wp-plugin,ultimate-posts-widget,medium
+  tags: cve,wordpress,wp-plugin,ultimate-posts-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0566-0489a9c545313d7845eb08297287eaa5.yaml b/nuclei-templates/2024/CVE-2024-0566-0489a9c545313d7845eb08297287eaa5.yaml
index ace35e5126..530caaa348 100644
--- a/nuclei-templates/2024/CVE-2024-0566-0489a9c545313d7845eb08297287eaa5.yaml
+++ b/nuclei-templates/2024/CVE-2024-0566-0489a9c545313d7845eb08297287eaa5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Manager - WooCommerce Advanced Bulk Edit, Inventory Management & more... <= 8.27.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) plugin for WordPress is vulnerable to SQL Injection via the 'sortOrder' parameter in all versions up to, and including, 8.27.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-manager-for-wp-e-commerce/"
     google-query: inurl:"/wp-content/plugins/smart-manager-for-wp-e-commerce/"
     shodan-query: 'vuln:CVE-2024-0566'
-  tags: cve,wordpress,wp-plugin,smart-manager-for-wp-e-commerce,high
+  tags: cve,wordpress,wp-plugin,smart-manager-for-wp-e-commerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0585-1a9b2b84b94bf133577af40ec3afb2be.yaml b/nuclei-templates/2024/CVE-2024-0585-1a9b2b84b94bf133577af40ec3afb2be.yaml
index b4f7ae7c4f..bbfb139452 100644
--- a/nuclei-templates/2024/CVE-2024-0585-1a9b2b84b94bf133577af40ec3afb2be.yaml
+++ b/nuclei-templates/2024/CVE-2024-0585-1a9b2b84b94bf133577af40ec3afb2be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image URl
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-0585'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0586-c945e86e64bc195e431c6da83e2cc2c3.yaml b/nuclei-templates/2024/CVE-2024-0586-c945e86e64bc195e431c6da83e2cc2c3.yaml
index 0e852ec80b..6988fdf5f6 100644
--- a/nuclei-templates/2024/CVE-2024-0586-c945e86e64bc195e431c6da83e2cc2c3.yaml
+++ b/nuclei-templates/2024/CVE-2024-0586-c945e86e64bc195e431c6da83e2cc2c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scritping
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-0586'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0593-020ad3f8f39e050397b159e81ed4f1b3.yaml b/nuclei-templates/2024/CVE-2024-0593-020ad3f8f39e050397b159e81ed4f1b3.yaml
index 99e1286aa7..af37d985c6 100644
--- a/nuclei-templates/2024/CVE-2024-0593-020ad3f8f39e050397b159e81ed4f1b3.yaml
+++ b/nuclei-templates/2024/CVE-2024-0593-020ad3f8f39e050397b159e81ed4f1b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Job Board <= 2.10.8 - Missing Authorization to Unauthenticated Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-job-board/"
     google-query: inurl:"/wp-content/plugins/simple-job-board/"
     shodan-query: 'vuln:CVE-2024-0593'
-  tags: cve,wordpress,wp-plugin,simple-job-board,medium
+  tags: cve,wordpress,wp-plugin,simple-job-board,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0594-f3efba04fcdce6cec3efa7cec92aedc6.yaml b/nuclei-templates/2024/CVE-2024-0594-f3efba04fcdce6cec3efa7cec92aedc6.yaml
index ad05871ea0..842f5dfb4d 100644
--- a/nuclei-templates/2024/CVE-2024-0594-f3efba04fcdce6cec3efa7cec92aedc6.yaml
+++ b/nuclei-templates/2024/CVE-2024-0594-f3efba04fcdce6cec3efa7cec92aedc6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2024-0594'
-  tags: cve,wordpress,wp-plugin,awesome-support,high
+  tags: cve,wordpress,wp-plugin,awesome-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0595-d4c78d8203546198e179a467ececd0d8.yaml b/nuclei-templates/2024/CVE-2024-0595-d4c78d8203546198e179a467ececd0d8.yaml
index 33d578ab82..91f882e9c7 100644
--- a/nuclei-templates/2024/CVE-2024-0595-d4c78d8203546198e179a467ececd0d8.yaml
+++ b/nuclei-templates/2024/CVE-2024-0595-d4c78d8203546198e179a467ececd0d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via wpas_get_users()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2024-0595'
-  tags: cve,wordpress,wp-plugin,awesome-support,medium
+  tags: cve,wordpress,wp-plugin,awesome-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0596-1dd9869669e4a7c4f20b2235d2df68c5.yaml b/nuclei-templates/2024/CVE-2024-0596-1dd9869669e4a7c4f20b2235d2df68c5.yaml
index 23fad489bc..2869eeaca9 100644
--- a/nuclei-templates/2024/CVE-2024-0596-1dd9869669e4a7c4f20b2235d2df68c5.yaml
+++ b/nuclei-templates/2024/CVE-2024-0596-1dd9869669e4a7c4f20b2235d2df68c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via editor_html()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2024-0596'
-  tags: cve,wordpress,wp-plugin,awesome-support,medium
+  tags: cve,wordpress,wp-plugin,awesome-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0597-f98418e2a88f3c300252df6d0a548031.yaml b/nuclei-templates/2024/CVE-2024-0597-f98418e2a88f3c300252df6d0a548031.yaml
index 0fc7c95060..250b51614b 100644
--- a/nuclei-templates/2024/CVE-2024-0597-f98418e2a88f3c300252df6d0a548031.yaml
+++ b/nuclei-templates/2024/CVE-2024-0597-f98418e2a88f3c300252df6d0a548031.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Plugin by Squirrly SEO <= 12.3.15 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/squirrly-seo/"
     google-query: inurl:"/wp-content/plugins/squirrly-seo/"
     shodan-query: 'vuln:CVE-2024-0597'
-  tags: cve,wordpress,wp-plugin,squirrly-seo,medium
+  tags: cve,wordpress,wp-plugin,squirrly-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0598-1af00ca27a5fbf01cb83385e2b154d55.yaml b/nuclei-templates/2024/CVE-2024-0598-1af00ca27a5fbf01cb83385e2b154d55.yaml
index bf0dff1254..4f3b4866fd 100644
--- a/nuclei-templates/2024/CVE-2024-0598-1af00ca27a5fbf01cb83385e2b154d55.yaml
+++ b/nuclei-templates/2024/CVE-2024-0598-1af00ca27a5fbf01cb83385e2b154d55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2024-0598'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,medium
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0602-bff9375a673f8d2d232dddd7e1d5201a.yaml b/nuclei-templates/2024/CVE-2024-0602-bff9375a673f8d2d232dddd7e1d5201a.yaml
index a27e1aaaa4..834a522871 100644
--- a/nuclei-templates/2024/CVE-2024-0602-bff9375a673f8d2d232dddd7e1d5201a.yaml
+++ b/nuclei-templates/2024/CVE-2024-0602-bff9375a673f8d2d232dddd7e1d5201a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yet Another Related Posts Plugin (YARPP) <= 5.30.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/"
     google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/"
     shodan-query: 'vuln:CVE-2024-0602'
-  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,medium
+  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0604-2c9cfaa1b4268406a1d78df84c0cb895.yaml b/nuclei-templates/2024/CVE-2024-0604-2c9cfaa1b4268406a1d78df84c0cb895.yaml
index 7edf256272..7567f32804 100644
--- a/nuclei-templates/2024/CVE-2024-0604-2c9cfaa1b4268406a1d78df84c0cb895.yaml
+++ b/nuclei-templates/2024/CVE-2024-0604-2c9cfaa1b4268406a1d78df84c0cb895.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foogallery/"
     google-query: inurl:"/wp-content/plugins/foogallery/"
     shodan-query: 'vuln:CVE-2024-0604'
-  tags: cve,wordpress,wp-plugin,foogallery,medium
+  tags: cve,wordpress,wp-plugin,foogallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0608-b10ae50c79331d4dcb069789ed2ad609.yaml b/nuclei-templates/2024/CVE-2024-0608-b10ae50c79331d4dcb069789ed2ad609.yaml
index 894d76688a..70964a27d7 100644
--- a/nuclei-templates/2024/CVE-2024-0608-b10ae50c79331d4dcb069789ed2ad609.yaml
+++ b/nuclei-templates/2024/CVE-2024-0608-b10ae50c79331d4dcb069789ed2ad609.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erp/"
     google-query: inurl:"/wp-content/plugins/erp/"
     shodan-query: 'vuln:CVE-2024-0608'
-  tags: cve,wordpress,wp-plugin,erp,high
+  tags: cve,wordpress,wp-plugin,erp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0611-af6803b7659222cbe48ed01e4976d1d1.yaml b/nuclei-templates/2024/CVE-2024-0611-af6803b7659222cbe48ed01e4976d1d1.yaml
index 5c84b583c5..f3f92d9c3b 100644
--- a/nuclei-templates/2024/CVE-2024-0611-af6803b7659222cbe48ed01e4976d1d1.yaml
+++ b/nuclei-templates/2024/CVE-2024-0611-af6803b7659222cbe48ed01e4976d1d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-slider/"
     google-query: inurl:"/wp-content/plugins/master-slider/"
     shodan-query: 'vuln:CVE-2024-0611'
-  tags: cve,wordpress,wp-plugin,master-slider,medium
+  tags: cve,wordpress,wp-plugin,master-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0612-96403daec96064716d990b4ed68fc604.yaml b/nuclei-templates/2024/CVE-2024-0612-96403daec96064716d990b4ed68fc604.yaml
index e5fc2276f6..832f237a83 100644
--- a/nuclei-templates/2024/CVE-2024-0612-96403daec96064716d990b4ed68fc604.yaml
+++ b/nuclei-templates/2024/CVE-2024-0612-96403daec96064716d990b4ed68fc604.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Views <= 3.6.2 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Content Views – Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-views-query-and-display-post-page/"
     google-query: inurl:"/wp-content/plugins/content-views-query-and-display-post-page/"
     shodan-query: 'vuln:CVE-2024-0612'
-  tags: cve,wordpress,wp-plugin,content-views-query-and-display-post-page,medium
+  tags: cve,wordpress,wp-plugin,content-views-query-and-display-post-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0614-9dd081367b7c3b91dad73b336bd866df.yaml b/nuclei-templates/2024/CVE-2024-0614-9dd081367b7c3b91dad73b336bd866df.yaml
index 26b3d8d847..26ba089858 100644
--- a/nuclei-templates/2024/CVE-2024-0614-9dd081367b7c3b91dad73b336bd866df.yaml
+++ b/nuclei-templates/2024/CVE-2024-0614-9dd081367b7c3b91dad73b336bd866df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2024-0614'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0615-6cd803f0fa2a9a46d6f2307a3acf4872.yaml b/nuclei-templates/2024/CVE-2024-0615-6cd803f0fa2a9a46d6f2307a3acf4872.yaml
index d9e8ffbd48..cf4a177da5 100644
--- a/nuclei-templates/2024/CVE-2024-0615-6cd803f0fa2a9a46d6f2307a3acf4872.yaml
+++ b/nuclei-templates/2024/CVE-2024-0615-6cd803f0fa2a9a46d6f2307a3acf4872.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Control <= 2.1.0 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to extract post titles, IDs, slugs, statuses and other information including post content. This includes published content only.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-control/"
     google-query: inurl:"/wp-content/plugins/content-control/"
     shodan-query: 'vuln:CVE-2024-0615'
-  tags: cve,wordpress,wp-plugin,content-control,medium
+  tags: cve,wordpress,wp-plugin,content-control,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0616-bd26cb20f513a11738059a698b560137.yaml b/nuclei-templates/2024/CVE-2024-0616-bd26cb20f513a11738059a698b560137.yaml
index c7837fa3ab..9d0a602cc5 100644
--- a/nuclei-templates/2024/CVE-2024-0616-bd26cb20f513a11738059a698b560137.yaml
+++ b/nuclei-templates/2024/CVE-2024-0616-bd26cb20f513a11738059a698b560137.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Passster – Password Protect Pages and Content <= 4.2.6.2 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-protector/"
     google-query: inurl:"/wp-content/plugins/content-protector/"
     shodan-query: 'vuln:CVE-2024-0616'
-  tags: cve,wordpress,wp-plugin,content-protector,medium
+  tags: cve,wordpress,wp-plugin,content-protector,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0617-01c368446b8700dac5340c9b9ddef1fe.yaml b/nuclei-templates/2024/CVE-2024-0617-01c368446b8700dac5340c9b9ddef1fe.yaml
index a06aeebc9e..66c1067abb 100644
--- a/nuclei-templates/2024/CVE-2024-0617-01c368446b8700dac5340c9b9ddef1fe.yaml
+++ b/nuclei-templates/2024/CVE-2024-0617-01c368446b8700dac5340c9b9ddef1fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Category Discount Woocommerce <= 4.12 - Missing Authorization via wpcd_save_discount()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-category-discount/"
     google-query: inurl:"/wp-content/plugins/woo-product-category-discount/"
     shodan-query: 'vuln:CVE-2024-0617'
-  tags: cve,wordpress,wp-plugin,woo-product-category-discount,medium
+  tags: cve,wordpress,wp-plugin,woo-product-category-discount,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0618-875a676a20644f9b257dd61453cbe7b9.yaml b/nuclei-templates/2024/CVE-2024-0618-875a676a20644f9b257dd61453cbe7b9.yaml
index 1fa71c26a3..6cbf6646f8 100644
--- a/nuclei-templates/2024/CVE-2024-0618-875a676a20644f9b257dd61453cbe7b9.yaml
+++ b/nuclei-templates/2024/CVE-2024-0618-875a676a20644f9b257dd61453cbe7b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluentform/"
     google-query: inurl:"/wp-content/plugins/fluentform/"
     shodan-query: 'vuln:CVE-2024-0618'
-  tags: cve,wordpress,wp-plugin,fluentform,medium
+  tags: cve,wordpress,wp-plugin,fluentform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0621-ce6741d54beed2d67ba4497c046c28fc.yaml b/nuclei-templates/2024/CVE-2024-0621-ce6741d54beed2d67ba4497c046c28fc.yaml
index 9919fab937..0fc743ad7d 100644
--- a/nuclei-templates/2024/CVE-2024-0621-ce6741d54beed2d67ba4497c046c28fc.yaml
+++ b/nuclei-templates/2024/CVE-2024-0621-ce6741d54beed2d67ba4497c046c28fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Share Buttons Adder <= 8.4.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-share-buttons-adder/"
     google-query: inurl:"/wp-content/plugins/simple-share-buttons-adder/"
     shodan-query: 'vuln:CVE-2024-0621'
-  tags: cve,wordpress,wp-plugin,simple-share-buttons-adder,medium
+  tags: cve,wordpress,wp-plugin,simple-share-buttons-adder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0625-b0586fa88a487c798158f25ead9b6004.yaml b/nuclei-templates/2024/CVE-2024-0625-b0586fa88a487c798158f25ead9b6004.yaml
index fb479f45ef..d260d8895a 100644
--- a/nuclei-templates/2024/CVE-2024-0625-b0586fa88a487c798158f25ead9b6004.yaml
+++ b/nuclei-templates/2024/CVE-2024-0625-b0586fa88a487c798158f25ead9b6004.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPFront Notification Bar <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class]
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpfront-notification-bar/"
     google-query: inurl:"/wp-content/plugins/wpfront-notification-bar/"
     shodan-query: 'vuln:CVE-2024-0625'
-  tags: cve,wordpress,wp-plugin,wpfront-notification-bar,medium
+  tags: cve,wordpress,wp-plugin,wpfront-notification-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0626-bfd48818a8f8d2ed09939883a8a76d0e.yaml b/nuclei-templates/2024/CVE-2024-0626-bfd48818a8f8d2ed09939883a8a76d0e.yaml
index c8f64943b6..cb92fab24e 100644
--- a/nuclei-templates/2024/CVE-2024-0626-bfd48818a8f8d2ed09939883a8a76d0e.yaml
+++ b/nuclei-templates/2024/CVE-2024-0626-bfd48818a8f8d2ed09939883a8a76d0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Clover Payment Gateway <= 1.3.1 - Missing Authorization via callback_handler
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-clover-gateway-by-zaytech/"
     google-query: inurl:"/wp-content/plugins/woo-clover-gateway-by-zaytech/"
     shodan-query: 'vuln:CVE-2024-0626'
-  tags: cve,wordpress,wp-plugin,woo-clover-gateway-by-zaytech,medium
+  tags: cve,wordpress,wp-plugin,woo-clover-gateway-by-zaytech,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0629-ff847df8e45ccd8c8631d5e2f3e5787c.yaml b/nuclei-templates/2024/CVE-2024-0629-ff847df8e45ccd8c8631d5e2f3e5787c.yaml
index 2f03b90c5c..b5ecd12c34 100644
--- a/nuclei-templates/2024/CVE-2024-0629-ff847df8e45ccd8c8631d5e2f3e5787c.yaml
+++ b/nuclei-templates/2024/CVE-2024-0629-ff847df8e45ccd8c8631d5e2f3e5787c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to orders and mark them as paid.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-2checkout-payment/"
     google-query: inurl:"/wp-content/plugins/woocommerce-2checkout-payment/"
     shodan-query: 'vuln:CVE-2024-0629'
-  tags: cve,wordpress,wp-plugin,woocommerce-2checkout-payment,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-2checkout-payment,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0630-2565b37cf24425d8b3b9a64e0058d4a4.yaml b/nuclei-templates/2024/CVE-2024-0630-2565b37cf24425d8b3b9a64e0058d4a4.yaml
index c71c3e4671..f89396c397 100644
--- a/nuclei-templates/2024/CVE-2024-0630-2565b37cf24425d8b3b9a64e0058d4a4.yaml
+++ b/nuclei-templates/2024/CVE-2024-0630-2565b37cf24425d8b3b9a64e0058d4a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP RSS Aggregator <= 4.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rss-aggregator/"
     google-query: inurl:"/wp-content/plugins/wp-rss-aggregator/"
     shodan-query: 'vuln:CVE-2024-0630'
-  tags: cve,wordpress,wp-plugin,wp-rss-aggregator,medium
+  tags: cve,wordpress,wp-plugin,wp-rss-aggregator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0631-3f2cad5626e189b4a9fbbf4f777a78e7.yaml b/nuclei-templates/2024/CVE-2024-0631-3f2cad5626e189b4a9fbbf4f777a78e7.yaml
index 007703d8d0..933cc9058b 100644
--- a/nuclei-templates/2024/CVE-2024-0631-3f2cad5626e189b4a9fbbf4f777a78e7.yaml
+++ b/nuclei-templates/2024/CVE-2024-0631-3f2cad5626e189b4a9fbbf4f777a78e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duitku Payment Gateway <= 2.11.6 - Missing Authorization via check_duitku_response
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.6. This makes it possible for unauthenticated attackers to change the payment status of orders to failed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duitku-social-payment-gateway/"
     google-query: inurl:"/wp-content/plugins/duitku-social-payment-gateway/"
     shodan-query: 'vuln:CVE-2024-0631'
-  tags: cve,wordpress,wp-plugin,duitku-social-payment-gateway,medium
+  tags: cve,wordpress,wp-plugin,duitku-social-payment-gateway,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0656-fb622d8a3e8e58dd4ad557e902dc2f9e.yaml b/nuclei-templates/2024/CVE-2024-0656-fb622d8a3e8e58dd4ad557e902dc2f9e.yaml
index 7fd6b31aed..b54c2e23db 100644
--- a/nuclei-templates/2024/CVE-2024-0656-fb622d8a3e8e58dd4ad557e902dc2f9e.yaml
+++ b/nuclei-templates/2024/CVE-2024-0656-fb622d8a3e8e58dd4ad557e902dc2f9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Password Protected <= 2.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/password-protected/"
     google-query: inurl:"/wp-content/plugins/password-protected/"
     shodan-query: 'vuln:CVE-2024-0656'
-  tags: cve,wordpress,wp-plugin,password-protected,medium
+  tags: cve,wordpress,wp-plugin,password-protected,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0657-75603149f92181c053a67aa413d7458b.yaml b/nuclei-templates/2024/CVE-2024-0657-75603149f92181c053a67aa413d7458b.yaml
index 5162f4892e..d29a59246f 100644
--- a/nuclei-templates/2024/CVE-2024-0657-75603149f92181c053a67aa413d7458b.yaml
+++ b/nuclei-templates/2024/CVE-2024-0657-75603149f92181c053a67aa413d7458b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Internal Link Juicer <= 2.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page'  in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/internal-links/"
     google-query: inurl:"/wp-content/plugins/internal-links/"
     shodan-query: 'vuln:CVE-2024-0657'
-  tags: cve,wordpress,wp-plugin,internal-links,medium
+  tags: cve,wordpress,wp-plugin,internal-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0658-2f6907ee5c2cac6fd791f40374c04e13.yaml b/nuclei-templates/2024/CVE-2024-0658-2f6907ee5c2cac6fd791f40374c04e13.yaml
index bd58893f74..47f2b367eb 100644
--- a/nuclei-templates/2024/CVE-2024-0658-2f6907ee5c2cac6fd791f40374c04e13.yaml
+++ b/nuclei-templates/2024/CVE-2024-0658-2f6907ee5c2cac6fd791f40374c04e13.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Insert PHP Code Snippet <= 1.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insert-php-code-snippet/"
     google-query: inurl:"/wp-content/plugins/insert-php-code-snippet/"
     shodan-query: 'vuln:CVE-2024-0658'
-  tags: cve,wordpress,wp-plugin,insert-php-code-snippet,medium
+  tags: cve,wordpress,wp-plugin,insert-php-code-snippet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0659-da73522010deacccd257b4e9a1315635.yaml b/nuclei-templates/2024/CVE-2024-0659-da73522010deacccd257b4e9a1315635.yaml
index 0bcb565358..f082c659d3 100644
--- a/nuclei-templates/2024/CVE-2024-0659-da73522010deacccd257b4e9a1315635.yaml
+++ b/nuclei-templates/2024/CVE-2024-0659-da73522010deacccd257b4e9a1315635.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-digital-downloads/"
     google-query: inurl:"/wp-content/plugins/easy-digital-downloads/"
     shodan-query: 'vuln:CVE-2024-0659'
-  tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium
+  tags: cve,wordpress,wp-plugin,easy-digital-downloads,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0662-f5917cabea5f4d2844b07d04e1880958.yaml b/nuclei-templates/2024/CVE-2024-0662-f5917cabea5f4d2844b07d04e1880958.yaml
index 3b9099fb3a..740e6a39c1 100644
--- a/nuclei-templates/2024/CVE-2024-0662-f5917cabea5f4d2844b07d04e1880958.yaml
+++ b/nuclei-templates/2024/CVE-2024-0662-f5917cabea5f4d2844b07d04e1880958.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FancyBox for WordPress 3.0.2 - 3.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancybox-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/fancybox-for-wordpress/"
     shodan-query: 'vuln:CVE-2024-0662'
-  tags: cve,wordpress,wp-plugin,fancybox-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,fancybox-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0664-12cfc5e2c42c1035bf0a62b514ef0564.yaml b/nuclei-templates/2024/CVE-2024-0664-12cfc5e2c42c1035bf0a62b514ef0564.yaml
index d388ed7bcd..1a55bd4113 100644
--- a/nuclei-templates/2024/CVE-2024-0664-12cfc5e2c42c1035bf0a62b514ef0564.yaml
+++ b/nuclei-templates/2024/CVE-2024-0664-12cfc5e2c42c1035bf0a62b514ef0564.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meks Smart Social Widget <= 1.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meks-smart-social-widget/"
     google-query: inurl:"/wp-content/plugins/meks-smart-social-widget/"
     shodan-query: 'vuln:CVE-2024-0664'
-  tags: cve,wordpress,wp-plugin,meks-smart-social-widget,medium
+  tags: cve,wordpress,wp-plugin,meks-smart-social-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0668-f22c4e2a2ebc3ea71e41c368cf894811.yaml b/nuclei-templates/2024/CVE-2024-0668-f22c4e2a2ebc3ea71e41c368cf894811.yaml
index 0995f2f130..637b7297fc 100644
--- a/nuclei-templates/2024/CVE-2024-0668-f22c4e2a2ebc3ea71e41c368cf894811.yaml
+++ b/nuclei-templates/2024/CVE-2024-0668-f22c4e2a2ebc3ea71e41c368cf894811.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Database Cleaner <= 3.1.3 - Authenticated(Administrator+) PHP Object Injection via process_bulk_action
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-database-cleaner/"
     google-query: inurl:"/wp-content/plugins/advanced-database-cleaner/"
     shodan-query: 'vuln:CVE-2024-0668'
-  tags: cve,wordpress,wp-plugin,advanced-database-cleaner,medium
+  tags: cve,wordpress,wp-plugin,advanced-database-cleaner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0673-d7741f047915382e7e65e25c2ecaf00c.yaml b/nuclei-templates/2024/CVE-2024-0673-d7741f047915382e7e65e25c2ecaf00c.yaml
index bb1bab6472..1b24b01714 100644
--- a/nuclei-templates/2024/CVE-2024-0673-d7741f047915382e7e65e25c2ecaf00c.yaml
+++ b/nuclei-templates/2024/CVE-2024-0673-d7741f047915382e7e65e25c2ecaf00c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pz-LinkCard <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pz-linkcard/"
     google-query: inurl:"/wp-content/plugins/pz-linkcard/"
     shodan-query: 'vuln:CVE-2024-0673'
-  tags: cve,wordpress,wp-plugin,pz-linkcard,medium
+  tags: cve,wordpress,wp-plugin,pz-linkcard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0678-eee696eab23205a2046e2b67a8b48808.yaml b/nuclei-templates/2024/CVE-2024-0678-eee696eab23205a2046e2b67a8b48808.yaml
index e665d62191..ebe661691a 100644
--- a/nuclei-templates/2024/CVE-2024-0678-eee696eab23205a2046e2b67a8b48808.yaml
+++ b/nuclei-templates/2024/CVE-2024-0678-eee696eab23205a2046e2b67a8b48808.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only affects the version of the "order-delivery-date" plugin for WP Ecommerce which was hosted in the WordPress repository and is discontinued now. The version of the plugin hosted off of the repository titled 'Order Delivery Date' for WooCommerce is not affected.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/order-delivery-date/"
     google-query: inurl:"/wp-content/plugins/order-delivery-date/"
     shodan-query: 'vuln:CVE-2024-0678'
-  tags: cve,wordpress,wp-plugin,order-delivery-date,medium
+  tags: cve,wordpress,wp-plugin,order-delivery-date,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0679-15626a5f31201ec9a6bcc2f5d39038c5.yaml b/nuclei-templates/2024/CVE-2024-0679-15626a5f31201ec9a6bcc2f5d39038c5.yaml
index 0e49045db2..9636d93262 100644
--- a/nuclei-templates/2024/CVE-2024-0679-15626a5f31201ec9a6bcc2f5d39038c5.yaml
+++ b/nuclei-templates/2024/CVE-2024-0679-15626a5f31201ec9a6bcc2f5d39038c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/colormag/"
     google-query: inurl:"/wp-content/themes/colormag/"
     shodan-query: 'vuln:CVE-2024-0679'
-  tags: cve,wordpress,wp-theme,colormag,medium
+  tags: cve,wordpress,wp-theme,colormag,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0685-6eed35694a75496bc23819374091960c.yaml b/nuclei-templates/2024/CVE-2024-0685-6eed35694a75496bc23819374091960c.yaml
index 7e73fdf130..56080d38a6 100644
--- a/nuclei-templates/2024/CVE-2024-0685-6eed35694a75496bc23819374091960c.yaml
+++ b/nuclei-templates/2024/CVE-2024-0685-6eed35694a75496bc23819374091960c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2024-0685'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0688-380fec032d7d63f91e53bba15b6960ee.yaml b/nuclei-templates/2024/CVE-2024-0688-380fec032d7d63f91e53bba15b6960ee.yaml
index 45bb7ff0bb..3f91928e1e 100644
--- a/nuclei-templates/2024/CVE-2024-0688-380fec032d7d63f91e53bba15b6960ee.yaml
+++ b/nuclei-templates/2024/CVE-2024-0688-380fec032d7d63f91e53bba15b6960ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WebSub (FKA. PubSubHubbub) <= 3.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pubsubhubbub/"
     google-query: inurl:"/wp-content/plugins/pubsubhubbub/"
     shodan-query: 'vuln:CVE-2024-0688'
-  tags: cve,wordpress,wp-plugin,pubsubhubbub,medium
+  tags: cve,wordpress,wp-plugin,pubsubhubbub,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0689-30ced7d36e2903b8ecf83d1c6ae8e869.yaml b/nuclei-templates/2024/CVE-2024-0689-30ced7d36e2903b8ecf83d1c6ae8e869.yaml
index 5026d7ecb2..618c49fd23 100644
--- a/nuclei-templates/2024/CVE-2024-0689-30ced7d36e2903b8ecf83d1c6ae8e869.yaml
+++ b/nuclei-templates/2024/CVE-2024-0689-30ced7d36e2903b8ecf83d1c6ae8e869.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Field Suite <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-field-suite/"
     google-query: inurl:"/wp-content/plugins/custom-field-suite/"
     shodan-query: 'vuln:CVE-2024-0689'
-  tags: cve,wordpress,wp-plugin,custom-field-suite,medium
+  tags: cve,wordpress,wp-plugin,custom-field-suite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0691-7d0952eb6cd34263da0c111b4d2da259.yaml b/nuclei-templates/2024/CVE-2024-0691-7d0952eb6cd34263da0c111b4d2da259.yaml
index 1cbfae4e60..70ff6ee54d 100644
--- a/nuclei-templates/2024/CVE-2024-0691-7d0952eb6cd34263da0c111b4d2da259.yaml
+++ b/nuclei-templates/2024/CVE-2024-0691-7d0952eb6cd34263da0c111b4d2da259.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filebird/"
     google-query: inurl:"/wp-content/plugins/filebird/"
     shodan-query: 'vuln:CVE-2024-0691'
-  tags: cve,wordpress,wp-plugin,filebird,medium
+  tags: cve,wordpress,wp-plugin,filebird,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0697-6cad3fdbb1d6f65f827e62fa999a9d63.yaml b/nuclei-templates/2024/CVE-2024-0697-6cad3fdbb1d6f65f827e62fa999a9d63.yaml
index d154f7a146..3c0492dae1 100644
--- a/nuclei-templates/2024/CVE-2024-0697-6cad3fdbb1d6f65f827e62fa999a9d63.yaml
+++ b/nuclei-templates/2024/CVE-2024-0697-6cad3fdbb1d6f65f827e62fa999a9d63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backuply/"
     google-query: inurl:"/wp-content/plugins/backuply/"
     shodan-query: 'vuln:CVE-2024-0697'
-  tags: cve,wordpress,wp-plugin,backuply,medium
+  tags: cve,wordpress,wp-plugin,backuply,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0698-72000fe0c780a49eca561c11357809c0.yaml b/nuclei-templates/2024/CVE-2024-0698-72000fe0c780a49eca561c11357809c0.yaml
index 57c97dc299..9c70a14784 100644
--- a/nuclei-templates/2024/CVE-2024-0698-72000fe0c780a49eca561c11357809c0.yaml
+++ b/nuclei-templates/2024/CVE-2024-0698-72000fe0c780a49eca561c11357809c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy!Appointments < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easyappointments/"
     google-query: inurl:"/wp-content/plugins/easyappointments/"
     shodan-query: 'vuln:CVE-2024-0698'
-  tags: cve,wordpress,wp-plugin,easyappointments,medium
+  tags: cve,wordpress,wp-plugin,easyappointments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0699-780696e15f2e9c20283c58547979c77d.yaml b/nuclei-templates/2024/CVE-2024-0699-780696e15f2e9c20283c58547979c77d.yaml
index e955e2fbe3..0af1725be2 100644
--- a/nuclei-templates/2024/CVE-2024-0699-780696e15f2e9c20283c58547979c77d.yaml
+++ b/nuclei-templates/2024/CVE-2024-0699-780696e15f2e9c20283c58547979c77d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2024-29100 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ai-engine/"
     google-query: inurl:"/wp-content/plugins/ai-engine/"
     shodan-query: 'vuln:CVE-2024-0699'
-  tags: cve,wordpress,wp-plugin,ai-engine,medium
+  tags: cve,wordpress,wp-plugin,ai-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0700-0cd1e08a1b0cf9639f9192490f465d8f.yaml b/nuclei-templates/2024/CVE-2024-0700-0cd1e08a1b0cf9639f9192490f465d8f.yaml
index 370a60f663..3d66f2562e 100644
--- a/nuclei-templates/2024/CVE-2024-0700-0cd1e08a1b0cf9639f9192490f465d8f.yaml
+++ b/nuclei-templates/2024/CVE-2024-0700-0cd1e08a1b0cf9639f9192490f465d8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Tweet <= 1.4.0.2 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-tweet/"
     google-query: inurl:"/wp-content/plugins/simple-tweet/"
     shodan-query: 'vuln:CVE-2024-0700'
-  tags: cve,wordpress,wp-plugin,simple-tweet,medium
+  tags: cve,wordpress,wp-plugin,simple-tweet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0703-7e2dc330bdadb62eadfb9a21217d5798.yaml b/nuclei-templates/2024/CVE-2024-0703-7e2dc330bdadb62eadfb9a21217d5798.yaml
index b916b680eb..f4bcdef182 100644
--- a/nuclei-templates/2024/CVE-2024-0703-7e2dc330bdadb62eadfb9a21217d5798.yaml
+++ b/nuclei-templates/2024/CVE-2024-0703-7e2dc330bdadb62eadfb9a21217d5798.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sticky Buttons <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sticky-buttons/"
     google-query: inurl:"/wp-content/plugins/sticky-buttons/"
     shodan-query: 'vuln:CVE-2024-0703'
-  tags: cve,wordpress,wp-plugin,sticky-buttons,medium
+  tags: cve,wordpress,wp-plugin,sticky-buttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0719-713789bc3ffbd71b9430af55e34d0b0b.yaml b/nuclei-templates/2024/CVE-2024-0719-713789bc3ffbd71b9430af55e34d0b0b.yaml
index d9022c7c39..2add611c08 100644
--- a/nuclei-templates/2024/CVE-2024-0719-713789bc3ffbd71b9430af55e34d0b0b.yaml
+++ b/nuclei-templates/2024/CVE-2024-0719-713789bc3ffbd71b9430af55e34d0b0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tabs Shortcode and Widget <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tabs Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tabs-shortcode-and-widget/"
     google-query: inurl:"/wp-content/plugins/tabs-shortcode-and-widget/"
     shodan-query: 'vuln:CVE-2024-0719'
-  tags: cve,wordpress,wp-plugin,tabs-shortcode-and-widget,medium
+  tags: cve,wordpress,wp-plugin,tabs-shortcode-and-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0766-aa0d08f997d780bef53fffda596a65a2.yaml b/nuclei-templates/2024/CVE-2024-0766-aa0d08f997d780bef53fffda596a65a2.yaml
index 3baa5bf2b6..5ddc3d89dc 100644
--- a/nuclei-templates/2024/CVE-2024-0766-aa0d08f997d780bef53fffda596a65a2.yaml
+++ b/nuclei-templates/2024/CVE-2024-0766-aa0d08f997d780bef53fffda596a65a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to create templates.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/envo-elementor-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/envo-elementor-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-0766'
-  tags: cve,wordpress,wp-plugin,envo-elementor-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,envo-elementor-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0779-8100bca7f40bd5eec7ce73b26e775600.yaml b/nuclei-templates/2024/CVE-2024-0779-8100bca7f40bd5eec7ce73b26e775600.yaml
index 9a4bbd32a8..f468f39be0 100644
--- a/nuclei-templates/2024/CVE-2024-0779-8100bca7f40bd5eec7ce73b26e775600.yaml
+++ b/nuclei-templates/2024/CVE-2024-0779-8100bca7f40bd5eec7ce73b26e775600.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enjoy Social Feed <= 6.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Enjoy Social Feed plugin for WordPress website plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions hooked via admin_init in all versions up to, and including, 6.2.2. This makes it possible for unauthenticated attackers to perform actions like unlinking a users instagram account.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/"
     google-query: inurl:"/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/"
     shodan-query: 'vuln:CVE-2024-0779'
-  tags: cve,wordpress,wp-plugin,enjoy-instagram-instagram-responsive-images-gallery-and-carousel,medium
+  tags: cve,wordpress,wp-plugin,enjoy-instagram-instagram-responsive-images-gallery-and-carousel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0780-47817571e00845c157bd7b162b48263f.yaml b/nuclei-templates/2024/CVE-2024-0780-47817571e00845c157bd7b162b48263f.yaml
index c48118c238..2a50e9ba1b 100644
--- a/nuclei-templates/2024/CVE-2024-0780-47817571e00845c157bd7b162b48263f.yaml
+++ b/nuclei-templates/2024/CVE-2024-0780-47817571e00845c157bd7b162b48263f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enjoy Social Feed plugin for WordPress website <= 6.2.2 - Missing Authorization to Database Reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Enjoy Social Feed plugin for WordPress website plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check when accessing the enjoyinstagram_plugin_options page in all versions up to, and including, 6.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the plugin's database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/"
     google-query: inurl:"/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/"
     shodan-query: 'vuln:CVE-2024-0780'
-  tags: cve,wordpress,wp-plugin,enjoy-instagram-instagram-responsive-images-gallery-and-carousel,medium
+  tags: cve,wordpress,wp-plugin,enjoy-instagram-instagram-responsive-images-gallery-and-carousel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0786-d482e085c2e103ed9accb9a0cd94ae4d.yaml b/nuclei-templates/2024/CVE-2024-0786-d482e085c2e103ed9accb9a0cd94ae4d.yaml
index 8e3e33fb56..26e097c197 100644
--- a/nuclei-templates/2024/CVE-2024-0786-d482e085c2e103ed9accb9a0cd94ae4d.yaml
+++ b/nuclei-templates/2024/CVE-2024-0786-d482e085c2e103ed9accb9a0cd94ae4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conversios <= 7.0.7 - Authenticated (Subscriber+) SQL Injection via ee_syncProductCategory
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ee_syncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/"
     google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/"
     shodan-query: 'vuln:CVE-2024-0786'
-  tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,high
+  tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0791-89b2790236539e015ae4e5bc957d832c.yaml b/nuclei-templates/2024/CVE-2024-0791-89b2790236539e015ae4e5bc957d832c.yaml
index e07cfa3ead..45fc2823b5 100644
--- a/nuclei-templates/2024/CVE-2024-0791-89b2790236539e015ae4e5bc957d832c.yaml
+++ b/nuclei-templates/2024/CVE-2024-0791-89b2790236539e015ae4e5bc957d832c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-editor/"
     google-query: inurl:"/wp-content/plugins/bulk-editor/"
     shodan-query: 'vuln:CVE-2024-0791'
-  tags: cve,wordpress,wp-plugin,bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,bulk-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0792-cdab814f5acb52d3219d4930f7ee1f81.yaml b/nuclei-templates/2024/CVE-2024-0792-cdab814f5acb52d3219d4930f7ee1f81.yaml
index 82b969543b..1958622c18 100644
--- a/nuclei-templates/2024/CVE-2024-0792-cdab814f5acb52d3219d4930f7ee1f81.yaml
+++ b/nuclei-templates/2024/CVE-2024-0792-cdab814f5acb52d3219d4930f7ee1f81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2024-0792'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0797-1fba8e9934d599624fea9971897c6598.yaml b/nuclei-templates/2024/CVE-2024-0797-1fba8e9934d599624fea9971897c6598.yaml
index 3da4986482..fa0109fa10 100644
--- a/nuclei-templates/2024/CVE-2024-0797-1fba8e9934d599624fea9971897c6598.yaml
+++ b/nuclei-templates/2024/CVE-2024-0797-1fba8e9934d599624fea9971897c6598.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-0797'
-  tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0820-654c8b4c06cccd2b893fe7f42cd13fff.yaml b/nuclei-templates/2024/CVE-2024-0820-654c8b4c06cccd2b893fe7f42cd13fff.yaml
index fb93c87aea..e5cc41c073 100644
--- a/nuclei-templates/2024/CVE-2024-0820-654c8b4c06cccd2b893fe7f42cd13fff.yaml
+++ b/nuclei-templates/2024/CVE-2024-0820-654c8b4c06cccd2b893fe7f42cd13fff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jobs for WordPress <= 2.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jobs for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via "Working Hours" in all versions up to, and including, 2.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-postings/"
     google-query: inurl:"/wp-content/plugins/job-postings/"
     shodan-query: 'vuln:CVE-2024-0820'
-  tags: cve,wordpress,wp-plugin,job-postings,medium
+  tags: cve,wordpress,wp-plugin,job-postings,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0823-2f36bf28ff455df3f6e5bee8596dc834.yaml b/nuclei-templates/2024/CVE-2024-0823-2f36bf28ff455df3f6e5bee8596dc834.yaml
index b4e7a39f8a..d50593488e 100644
--- a/nuclei-templates/2024/CVE-2024-0823-2f36bf28ff455df3f6e5bee8596dc834.yaml
+++ b/nuclei-templates/2024/CVE-2024-0823-2f36bf28ff455df3f6e5bee8596dc834.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-0823'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0824-d0e696248d665e9f0a517c6587bde743.yaml b/nuclei-templates/2024/CVE-2024-0824-d0e696248d665e9f0a517c6587bde743.yaml
index 5910e8fa0b..b6500ab176 100644
--- a/nuclei-templates/2024/CVE-2024-0824-d0e696248d665e9f0a517c6587bde743.yaml
+++ b/nuclei-templates/2024/CVE-2024-0824-d0e696248d665e9f0a517c6587bde743.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Anything
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-0824'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0825-bebe54861e63e8c1edcba180c7d233b2.yaml b/nuclei-templates/2024/CVE-2024-0825-bebe54861e63e8c1edcba180c7d233b2.yaml
index c21c53d824..b1560115b4 100644
--- a/nuclei-templates/2024/CVE-2024-0825-bebe54861e63e8c1edcba180c7d233b2.yaml
+++ b/nuclei-templates/2024/CVE-2024-0825-bebe54861e63e8c1edcba180c7d233b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vimeography: Vimeo Video Gallery WordPress Plugin <= 2.3.2 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vimeography/"
     google-query: inurl:"/wp-content/plugins/vimeography/"
     shodan-query: 'vuln:CVE-2024-0825'
-  tags: cve,wordpress,wp-plugin,vimeography,high
+  tags: cve,wordpress,wp-plugin,vimeography,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0826-5f28fbeb41c87c1968016458f52b73af.yaml b/nuclei-templates/2024/CVE-2024-0826-5f28fbeb41c87c1968016458f52b73af.yaml
index d1b4b59968..599a57c640 100644
--- a/nuclei-templates/2024/CVE-2024-0826-5f28fbeb41c87c1968016458f52b73af.yaml
+++ b/nuclei-templates/2024/CVE-2024-0826-5f28fbeb41c87c1968016458f52b73af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qi Addons For Elementor <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qi-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/qi-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-0826'
-  tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0828-4eaf37cfdef1b74dc7b626ac3436d2c6.yaml b/nuclei-templates/2024/CVE-2024-0828-4eaf37cfdef1b74dc7b626ac3436d2c6.yaml
index 1118298068..15b157e4e2 100644
--- a/nuclei-templates/2024/CVE-2024-0828-4eaf37cfdef1b74dc7b626ac3436d2c6.yaml
+++ b/nuclei-templates/2024/CVE-2024-0828-4eaf37cfdef1b74dc7b626ac3436d2c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/play-ht/"
     google-query: inurl:"/wp-content/plugins/play-ht/"
     shodan-query: 'vuln:CVE-2024-0828'
-  tags: cve,wordpress,wp-plugin,play-ht,medium
+  tags: cve,wordpress,wp-plugin,play-ht,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0829-6fee77f4c30ccce8c47c0e8979fa4163.yaml b/nuclei-templates/2024/CVE-2024-0829-6fee77f4c30ccce8c47c0e8979fa4163.yaml
index cdbbaaa715..1908465649 100644
--- a/nuclei-templates/2024/CVE-2024-0829-6fee77f4c30ccce8c47c0e8979fa4163.yaml
+++ b/nuclei-templates/2024/CVE-2024-0829-6fee77f4c30ccce8c47c0e8979fa4163.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-comment-fields/"
     google-query: inurl:"/wp-content/plugins/wp-comment-fields/"
     shodan-query: 'vuln:CVE-2024-0829'
-  tags: cve,wordpress,wp-plugin,wp-comment-fields,medium
+  tags: cve,wordpress,wp-plugin,wp-comment-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0834-0fb47ccc27ee413d414cd8b0ba979166.yaml b/nuclei-templates/2024/CVE-2024-0834-0fb47ccc27ee413d414cd8b0ba979166.yaml
index 1504dd4a38..854b5fe33c 100644
--- a/nuclei-templates/2024/CVE-2024-0834-0fb47ccc27ee413d414cd8b0ba979166.yaml
+++ b/nuclei-templates/2024/CVE-2024-0834-0fb47ccc27ee413d414cd8b0ba979166.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.12.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-0834'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0835-a2114fc45474e481aea36dcc9b5f1c4d.yaml b/nuclei-templates/2024/CVE-2024-0835-a2114fc45474e481aea36dcc9b5f1c4d.yaml
index d368d50037..cbf3670c2d 100644
--- a/nuclei-templates/2024/CVE-2024-0835-a2114fc45474e481aea36dcc9b5f1c4d.yaml
+++ b/nuclei-templates/2024/CVE-2024-0835-a2114fc45474e481aea36dcc9b5f1c4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/royal-elementor-kit/"
     google-query: inurl:"/wp-content/themes/royal-elementor-kit/"
     shodan-query: 'vuln:CVE-2024-0835'
-  tags: cve,wordpress,wp-theme,royal-elementor-kit,medium
+  tags: cve,wordpress,wp-theme,royal-elementor-kit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0836-6a28dfe4469613c00410a3afcd856457.yaml b/nuclei-templates/2024/CVE-2024-0836-6a28dfe4469613c00410a3afcd856457.yaml
index a62e83b11b..4e09dfa534 100644
--- a/nuclei-templates/2024/CVE-2024-0836-6a28dfe4469613c00410a3afcd856457.yaml
+++ b/nuclei-templates/2024/CVE-2024-0836-6a28dfe4469613c00410a3afcd856457.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Review & Structure Data Schema Plugin – Review Schema <= 2.1.14 - Missing Authorization to Arbitrary Review Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/review-schema/"
     google-query: inurl:"/wp-content/plugins/review-schema/"
     shodan-query: 'vuln:CVE-2024-0836'
-  tags: cve,wordpress,wp-plugin,review-schema,medium
+  tags: cve,wordpress,wp-plugin,review-schema,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0837-91833325e07473e81e8f172735b05fa1.yaml b/nuclei-templates/2024/CVE-2024-0837-91833325e07473e81e8f172735b05fa1.yaml
index 94bdcc88ca..50cd310402 100644
--- a/nuclei-templates/2024/CVE-2024-0837-91833325e07473e81e8f172735b05fa1.yaml
+++ b/nuclei-templates/2024/CVE-2024-0837-91833325e07473e81e8f172735b05fa1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/"
     shodan-query: 'vuln:CVE-2024-0837'
-  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0838-dbb7ef50cd218fd39017d67c755de559.yaml b/nuclei-templates/2024/CVE-2024-0838-dbb7ef50cd218fd39017d67c755de559.yaml
index 5aa37d7355..349aae1d3e 100644
--- a/nuclei-templates/2024/CVE-2024-0838-dbb7ef50cd218fd39017d67c755de559.yaml
+++ b/nuclei-templates/2024/CVE-2024-0838-dbb7ef50cd218fd39017d67c755de559.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-29108 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-0838'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0844-7d2e01fb5142e419d7f12bc8417804ab.yaml b/nuclei-templates/2024/CVE-2024-0844-7d2e01fb5142e419d7f12bc8417804ab.yaml
index 2c8957570e..e376b65634 100644
--- a/nuclei-templates/2024/CVE-2024-0844-7d2e01fb5142e419d7f12bc8417804ab.yaml
+++ b/nuclei-templates/2024/CVE-2024-0844-7d2e01fb5142e419d7f12bc8417804ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup More <= 2.2.4 - Authenticated (Admin+) Directory Traversal to Limited Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-more/"
     google-query: inurl:"/wp-content/plugins/popup-more/"
     shodan-query: 'vuln:CVE-2024-0844'
-  tags: cve,wordpress,wp-plugin,popup-more,medium
+  tags: cve,wordpress,wp-plugin,popup-more,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0869-f64da1b37b4c50e68b9872eff4ca509b.yaml b/nuclei-templates/2024/CVE-2024-0869-f64da1b37b4c50e68b9872eff4ca509b.yaml
index 88bc985eb5..bb3016d0e6 100644
--- a/nuclei-templates/2024/CVE-2024-0869-f64da1b37b4c50e68b9872eff4ca509b.yaml
+++ b/nuclei-templates/2024/CVE-2024-0869-f64da1b37b4c50e68b9872eff4ca509b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. CVE-2024-33569 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instant-images/"
     google-query: inurl:"/wp-content/plugins/instant-images/"
     shodan-query: 'vuln:CVE-2024-0869'
-  tags: cve,wordpress,wp-plugin,instant-images,high
+  tags: cve,wordpress,wp-plugin,instant-images,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0871-31a5f54f51f59ec02334f6066d4afc3a.yaml b/nuclei-templates/2024/CVE-2024-0871-31a5f54f51f59ec02334f6066d4afc3a.yaml
index 537966dd9a..0376710058 100644
--- a/nuclei-templates/2024/CVE-2024-0871-31a5f54f51f59ec02334f6066d4afc3a.yaml
+++ b/nuclei-templates/2024/CVE-2024-0871-31a5f54f51f59ec02334f6066d4afc3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2024-0871'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0873-498902087f55cd027211cbff49f69fac.yaml b/nuclei-templates/2024/CVE-2024-0873-498902087f55cd027211cbff49f69fac.yaml
index 7317ed6709..6cc9af6a7a 100644
--- a/nuclei-templates/2024/CVE-2024-0873-498902087f55cd027211cbff49f69fac.yaml
+++ b/nuclei-templates/2024/CVE-2024-0873-498902087f55cd027211cbff49f69fac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Watu Quiz <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/watu/"
     google-query: inurl:"/wp-content/plugins/watu/"
     shodan-query: 'vuln:CVE-2024-0873'
-  tags: cve,wordpress,wp-plugin,watu,medium
+  tags: cve,wordpress,wp-plugin,watu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0895-2c9be73a62038f3d8273efbfe3ddeeff.yaml b/nuclei-templates/2024/CVE-2024-0895-2c9be73a62038f3d8273efbfe3ddeeff.yaml
index 5bd09c01a2..831a054985 100644
--- a/nuclei-templates/2024/CVE-2024-0895-2c9be73a62038f3d8273efbfe3ddeeff.yaml
+++ b/nuclei-templates/2024/CVE-2024-0895-2c9be73a62038f3d8273efbfe3ddeeff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Flipbook, 3D Flipbook – DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3d-flipbook-dflip-lite/"
     google-query: inurl:"/wp-content/plugins/3d-flipbook-dflip-lite/"
     shodan-query: 'vuln:CVE-2024-0895'
-  tags: cve,wordpress,wp-plugin,3d-flipbook-dflip-lite,medium
+  tags: cve,wordpress,wp-plugin,3d-flipbook-dflip-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0896-a48a705bfc66279fa96d49ee01ec64a4.yaml b/nuclei-templates/2024/CVE-2024-0896-a48a705bfc66279fa96d49ee01ec64a4.yaml
index d8a8eafe9e..326e86bbd2 100644
--- a/nuclei-templates/2024/CVE-2024-0896-a48a705bfc66279fa96d49ee01ec64a4.yaml
+++ b/nuclei-templates/2024/CVE-2024-0896-a48a705bfc66279fa96d49ee01ec64a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2024-0896'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0897-b00000526bce4d638ca8288e0858fb40.yaml b/nuclei-templates/2024/CVE-2024-0897-b00000526bce4d638ca8288e0858fb40.yaml
index d5e4da7946..278c8b4472 100644
--- a/nuclei-templates/2024/CVE-2024-0897-b00000526bce4d638ca8288e0858fb40.yaml
+++ b/nuclei-templates/2024/CVE-2024-0897-b00000526bce4d638ca8288e0858fb40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2024-0897'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0898-9273f5ba0fae5fff2a4a50e2ed96c406.yaml b/nuclei-templates/2024/CVE-2024-0898-9273f5ba0fae5fff2a4a50e2ed96c406.yaml
index cdbc4ae730..052ae4c5dd 100644
--- a/nuclei-templates/2024/CVE-2024-0898-9273f5ba0fae5fff2a4a50e2ed96c406.yaml
+++ b/nuclei-templates/2024/CVE-2024-0898-9273f5ba0fae5fff2a4a50e2ed96c406.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chat Bubble <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chat-bubble/"
     google-query: inurl:"/wp-content/plugins/chat-bubble/"
     shodan-query: 'vuln:CVE-2024-0898'
-  tags: cve,wordpress,wp-plugin,chat-bubble,medium
+  tags: cve,wordpress,wp-plugin,chat-bubble,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0900-e41adc177b897ccc45ae52e5f4de56b3.yaml b/nuclei-templates/2024/CVE-2024-0900-e41adc177b897ccc45ae52e5f4de56b3.yaml
index e1a4f7b0c6..b4fd687c5e 100644
--- a/nuclei-templates/2024/CVE-2024-0900-e41adc177b897ccc45ae52e5f4de56b3.yaml
+++ b/nuclei-templates/2024/CVE-2024-0900-e41adc177b897ccc45ae52e5f4de56b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elespare/"
     google-query: inurl:"/wp-content/plugins/elespare/"
     shodan-query: 'vuln:CVE-2024-0900'
-  tags: cve,wordpress,wp-plugin,elespare,medium
+  tags: cve,wordpress,wp-plugin,elespare,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0902-9feb5154944f3d4b90bd9e0974af5d4e.yaml b/nuclei-templates/2024/CVE-2024-0902-9feb5154944f3d4b90bd9e0974af5d4e.yaml
index 1456a967e4..1802eb4ae2 100644
--- a/nuclei-templates/2024/CVE-2024-0902-9feb5154944f3d4b90bd9e0974af5d4e.yaml
+++ b/nuclei-templates/2024/CVE-2024-0902-9feb5154944f3d4b90bd9e0974af5d4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via Product Title
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 6.1.81 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancy-product-designer/"
     google-query: inurl:"/wp-content/plugins/fancy-product-designer/"
     shodan-query: 'vuln:CVE-2024-0902'
-  tags: cve,wordpress,wp-plugin,fancy-product-designer,medium
+  tags: cve,wordpress,wp-plugin,fancy-product-designer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0903-61ee64923a0fe1e6df3a4bb79ec27733.yaml b/nuclei-templates/2024/CVE-2024-0903-61ee64923a0fe1e6df3a4bb79ec27733.yaml
index 8cca48b903..4d34c57f17 100644
--- a/nuclei-templates/2024/CVE-2024-0903-61ee64923a0fe1e6df3a4bb79ec27733.yaml
+++ b/nuclei-templates/2024/CVE-2024-0903-61ee64923a0fe1e6df3a4bb79ec27733.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execute when a user clicks the link, while also pressing the command key.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userfeedback-lite/"
     google-query: inurl:"/wp-content/plugins/userfeedback-lite/"
     shodan-query: 'vuln:CVE-2024-0903'
-  tags: cve,wordpress,wp-plugin,userfeedback-lite,medium
+  tags: cve,wordpress,wp-plugin,userfeedback-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0904-fccc44e164a0cbb0e0c232ae976cbb5f.yaml b/nuclei-templates/2024/CVE-2024-0904-fccc44e164a0cbb0e0c232ae976cbb5f.yaml
index ba3fc4d369..088c8c1999 100644
--- a/nuclei-templates/2024/CVE-2024-0904-fccc44e164a0cbb0e0c232ae976cbb5f.yaml
+++ b/nuclei-templates/2024/CVE-2024-0904-fccc44e164a0cbb0e0c232ae976cbb5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via License Field
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 6.1.81 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancy-product-designer/"
     google-query: inurl:"/wp-content/plugins/fancy-product-designer/"
     shodan-query: 'vuln:CVE-2024-0904'
-  tags: cve,wordpress,wp-plugin,fancy-product-designer,medium
+  tags: cve,wordpress,wp-plugin,fancy-product-designer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0907-6e45966d9ef8042467981ba9a26f57f6.yaml b/nuclei-templates/2024/CVE-2024-0907-6e45966d9ef8042467981ba9a26f57f6.yaml
index 6e59842c26..015bb37940 100644
--- a/nuclei-templates/2024/CVE-2024-0907-6e45966d9ef8042467981ba9a26f57f6.yaml
+++ b/nuclei-templates/2024/CVE-2024-0907-6e45966d9ef8042467981ba9a26f57f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2024-0907'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0908-504571f3f4f99ae23a7efdf0aa6a64d7.yaml b/nuclei-templates/2024/CVE-2024-0908-504571f3f4f99ae23a7efdf0aa6a64d7.yaml
index 13b0711bf2..c9d58f7c28 100644
--- a/nuclei-templates/2024/CVE-2024-0908-504571f3f4f99ae23a7efdf0aa6a64d7.yaml
+++ b/nuclei-templates/2024/CVE-2024-0908-504571f3f4f99ae23a7efdf0aa6a64d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-post-block/"
     google-query: inurl:"/wp-content/plugins/advanced-post-block/"
     shodan-query: 'vuln:CVE-2024-0908'
-  tags: cve,wordpress,wp-plugin,advanced-post-block,medium
+  tags: cve,wordpress,wp-plugin,advanced-post-block,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0913-d1fe516e72277a6efd50d79a0cef3b2d.yaml b/nuclei-templates/2024/CVE-2024-0913-d1fe516e72277a6efd50d79a0cef3b2d.yaml
index 732e90e42b..fa6a6483a9 100644
--- a/nuclei-templates/2024/CVE-2024-0913-d1fe516e72277a6efd50d79a0cef3b2d.yaml
+++ b/nuclei-templates/2024/CVE-2024-0913-d1fe516e72277a6efd50d79a0cef3b2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied status and customer_id parameters and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with accounting manager or admin privileges and higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erp/"
     google-query: inurl:"/wp-content/plugins/erp/"
     shodan-query: 'vuln:CVE-2024-0913'
-  tags: cve,wordpress,wp-plugin,erp,high
+  tags: cve,wordpress,wp-plugin,erp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0951-04f6cc7c3ad39880573726a5f936d0a4.yaml b/nuclei-templates/2024/CVE-2024-0951-04f6cc7c3ad39880573726a5f936d0a4.yaml
index 604e3bd529..edc2841976 100644
--- a/nuclei-templates/2024/CVE-2024-0951-04f6cc7c3ad39880573726a5f936d0a4.yaml
+++ b/nuclei-templates/2024/CVE-2024-0951-04f6cc7c3ad39880573726a5f936d0a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Social Feeds Widget & Shortcode <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Social Feeds Widget & Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-facebook-twitter-widget/"
     google-query: inurl:"/wp-content/plugins/advanced-facebook-twitter-widget/"
     shodan-query: 'vuln:CVE-2024-0951'
-  tags: cve,wordpress,wp-plugin,advanced-facebook-twitter-widget,medium
+  tags: cve,wordpress,wp-plugin,advanced-facebook-twitter-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0952-4ba36f479c72328d41a5d7367a3a95ba.yaml b/nuclei-templates/2024/CVE-2024-0952-4ba36f479c72328d41a5d7367a3a95ba.yaml
index 9c8109d741..891db352ea 100644
--- a/nuclei-templates/2024/CVE-2024-0952-4ba36f479c72328d41a5d7367a3a95ba.yaml
+++ b/nuclei-templates/2024/CVE-2024-0952-4ba36f479c72328d41a5d7367a3a95ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erp/"
     google-query: inurl:"/wp-content/plugins/erp/"
     shodan-query: 'vuln:CVE-2024-0952'
-  tags: cve,wordpress,wp-plugin,erp,high
+  tags: cve,wordpress,wp-plugin,erp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0954-c784400f0eb0916fb123587bb1f7a008.yaml b/nuclei-templates/2024/CVE-2024-0954-c784400f0eb0916fb123587bb1f7a008.yaml
index af58a70894..aaf70ad942 100644
--- a/nuclei-templates/2024/CVE-2024-0954-c784400f0eb0916fb123587bb1f7a008.yaml
+++ b/nuclei-templates/2024/CVE-2024-0954-c784400f0eb0916fb123587bb1f7a008.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-0954'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0956-4cd083213286b4e4a8589cde5bcde660.yaml b/nuclei-templates/2024/CVE-2024-0956-4cd083213286b4e4a8589cde5bcde660.yaml
index b2187a4fbd..bba6d261aa 100644
--- a/nuclei-templates/2024/CVE-2024-0956-4cd083213286b4e4a8589cde5bcde660.yaml
+++ b/nuclei-templates/2024/CVE-2024-0956-4cd083213286b4e4a8589cde5bcde660.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ERP <= 1.12.9 - Authenticated (AccountingManager+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with admin or accounting manager privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erp/"
     google-query: inurl:"/wp-content/plugins/erp/"
     shodan-query: 'vuln:CVE-2024-0956'
-  tags: cve,wordpress,wp-plugin,erp,high
+  tags: cve,wordpress,wp-plugin,erp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0957-c1749d6ed9c579e061b6c82357a7d855.yaml b/nuclei-templates/2024/CVE-2024-0957-c1749d6ed9c579e061b6c82357a7d855.yaml
index e85189bd0d..4641cded26 100644
--- a/nuclei-templates/2024/CVE-2024-0957-c1749d6ed9c579e061b6c82357a7d855.yaml
+++ b/nuclei-templates/2024/CVE-2024-0957-c1749d6ed9c579e061b6c82357a7d855.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.1 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-0957'
-  tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0961-9b450d4afbc0c12b819c42370b2e9a09.yaml b/nuclei-templates/2024/CVE-2024-0961-9b450d4afbc0c12b819c42370b2e9a09.yaml
index f88ec39ee0..c8094f47dd 100644
--- a/nuclei-templates/2024/CVE-2024-0961-9b450d4afbc0c12b819c42370b2e9a09.yaml
+++ b/nuclei-templates/2024/CVE-2024-0961-9b450d4afbc0c12b819c42370b2e9a09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SiteOrigin Widgets Bundle <= 1.58.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/so-widgets-bundle/"
     google-query: inurl:"/wp-content/plugins/so-widgets-bundle/"
     shodan-query: 'vuln:CVE-2024-0961'
-  tags: cve,wordpress,wp-plugin,so-widgets-bundle,medium
+  tags: cve,wordpress,wp-plugin,so-widgets-bundle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0963-b6900545e2e4c40eddb286d1788c8880.yaml b/nuclei-templates/2024/CVE-2024-0963-b6900545e2e4c40eddb286d1788c8880.yaml
index 460732310b..91d726ffc1 100644
--- a/nuclei-templates/2024/CVE-2024-0963-b6900545e2e4c40eddb286d1788c8880.yaml
+++ b/nuclei-templates/2024/CVE-2024-0963-b6900545e2e4c40eddb286d1788c8880.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calculated Fields Form <= 1.2.52 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calculated-fields-form/"
     google-query: inurl:"/wp-content/plugins/calculated-fields-form/"
     shodan-query: 'vuln:CVE-2024-0963'
-  tags: cve,wordpress,wp-plugin,calculated-fields-form,medium
+  tags: cve,wordpress,wp-plugin,calculated-fields-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0966-76ebe4a4bfefd9bdb89c2aafde46a61c.yaml b/nuclei-templates/2024/CVE-2024-0966-76ebe4a4bfefd9bdb89c2aafde46a61c.yaml
index fc55b92e76..194fdb90ea 100644
--- a/nuclei-templates/2024/CVE-2024-0966-76ebe4a4bfefd9bdb89c2aafde46a61c.yaml
+++ b/nuclei-templates/2024/CVE-2024-0966-76ebe4a4bfefd9bdb89c2aafde46a61c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shariff Wrapper <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'info_text'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks the information icon.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shariff/"
     google-query: inurl:"/wp-content/plugins/shariff/"
     shodan-query: 'vuln:CVE-2024-0966'
-  tags: cve,wordpress,wp-plugin,shariff,medium
+  tags: cve,wordpress,wp-plugin,shariff,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0973-f5225829b9851280f9730cc7388f8c93.yaml b/nuclei-templates/2024/CVE-2024-0973-f5225829b9851280f9730cc7388f8c93.yaml
index e5884331fc..7ce2232f1a 100644
--- a/nuclei-templates/2024/CVE-2024-0973-f5225829b9851280f9730cc7388f8c93.yaml
+++ b/nuclei-templates/2024/CVE-2024-0973-f5225829b9851280f9730cc7388f8c93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Widget for Social Page Feeds <= 6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Widget for Social Page Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-pagelike-widget/"
     google-query: inurl:"/wp-content/plugins/facebook-pagelike-widget/"
     shodan-query: 'vuln:CVE-2024-0973'
-  tags: cve,wordpress,wp-plugin,facebook-pagelike-widget,medium
+  tags: cve,wordpress,wp-plugin,facebook-pagelike-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0977-e56f591ae1b5802507934b44dcafdc98.yaml b/nuclei-templates/2024/CVE-2024-0977-e56f591ae1b5802507934b44dcafdc98.yaml
index 52f2c2f08e..c313f90a60 100644
--- a/nuclei-templates/2024/CVE-2024-0977-e56f591ae1b5802507934b44dcafdc98.yaml
+++ b/nuclei-templates/2024/CVE-2024-0977-e56f591ae1b5802507934b44dcafdc98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/timeline-widget-addon-for-elementor/"
     google-query: inurl:"/wp-content/plugins/timeline-widget-addon-for-elementor/"
     shodan-query: 'vuln:CVE-2024-0977'
-  tags: cve,wordpress,wp-plugin,timeline-widget-addon-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,timeline-widget-addon-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0983-326d3f5baee82478e64ca11a4a66dbf4.yaml b/nuclei-templates/2024/CVE-2024-0983-326d3f5baee82478e64ca11a4a66dbf4.yaml
index c62daf4026..133eaf6b10 100644
--- a/nuclei-templates/2024/CVE-2024-0983-326d3f5baee82478e64ca11a4a66dbf4.yaml
+++ b/nuclei-templates/2024/CVE-2024-0983-326d3f5baee82478e64ca11a4a66dbf4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in enableOptimization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable image optimization.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/"
     google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/"
     shodan-query: 'vuln:CVE-2024-0983'
-  tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium
+  tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-0984-4d89ea84ae0150939c78e1551488e87a.yaml b/nuclei-templates/2024/CVE-2024-0984-4d89ea84ae0150939c78e1551488e87a.yaml
index cdd94431c2..bbf9a13afc 100644
--- a/nuclei-templates/2024/CVE-2024-0984-4d89ea84ae0150939c78e1551488e87a.yaml
+++ b/nuclei-templates/2024/CVE-2024-0984-4d89ea84ae0150939c78e1551488e87a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in disableOptimization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to disable the image optimization setting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/"
     google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/"
     shodan-query: 'vuln:CVE-2024-0984'
-  tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium
+  tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1038-a0f8dbe86bd25cb76ecd0536100264a1.yaml b/nuclei-templates/2024/CVE-2024-1038-a0f8dbe86bd25cb76ecd0536100264a1.yaml
index a6c1b08012..59e7b57a52 100644
--- a/nuclei-templates/2024/CVE-2024-1038-a0f8dbe86bd25cb76ecd0536100264a1.yaml
+++ b/nuclei-templates/2024/CVE-2024-1038-a0f8dbe86bd25cb76ecd0536100264a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Reflected (DOM-Based) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2024-1038'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1041-785b1c3458487127cc883fbac1f1ef7f.yaml b/nuclei-templates/2024/CVE-2024-1041-785b1c3458487127cc883fbac1f1ef7f.yaml
index 3d499ffa34..1bc0fca867 100644
--- a/nuclei-templates/2024/CVE-2024-1041-785b1c3458487127cc883fbac1f1ef7f.yaml
+++ b/nuclei-templates/2024/CVE-2024-1041-785b1c3458487127cc883fbac1f1ef7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-radio/"
     google-query: inurl:"/wp-content/plugins/wp-radio/"
     shodan-query: 'vuln:CVE-2024-1041'
-  tags: cve,wordpress,wp-plugin,wp-radio,medium
+  tags: cve,wordpress,wp-plugin,wp-radio,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1042-4750f217b4fbd830bf2a4ee2b5c1530d.yaml b/nuclei-templates/2024/CVE-2024-1042-4750f217b4fbd830bf2a4ee2b5c1530d.yaml
index 8fcc83d146..e1894003ab 100644
--- a/nuclei-templates/2024/CVE-2024-1042-4750f217b4fbd830bf2a4ee2b5c1530d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1042-4750f217b4fbd830bf2a4ee2b5c1530d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-radio/"
     google-query: inurl:"/wp-content/plugins/wp-radio/"
     shodan-query: 'vuln:CVE-2024-1042'
-  tags: cve,wordpress,wp-plugin,wp-radio,medium
+  tags: cve,wordpress,wp-plugin,wp-radio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1043-2f9298ab3f6a9cf7ac470aa68de57def.yaml b/nuclei-templates/2024/CVE-2024-1043-2f9298ab3f6a9cf7ac470aa68de57def.yaml
index d3eafeffa1..5f352da44b 100644
--- a/nuclei-templates/2024/CVE-2024-1043-2f9298ab3f6a9cf7ac470aa68de57def.yaml
+++ b/nuclei-templates/2024/CVE-2024-1043-2f9298ab3f6a9cf7ac470aa68de57def.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AMP for WP <= 1.0.93.1 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accelerated-mobile-pages/"
     google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/"
     shodan-query: 'vuln:CVE-2024-1043'
-  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,medium
+  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1046-813e33d3439eeca37bb846e820e1b423.yaml b/nuclei-templates/2024/CVE-2024-1046-813e33d3439eeca37bb846e820e1b423.yaml
index 9b2343ee43..5e247ef92b 100644
--- a/nuclei-templates/2024/CVE-2024-1046-813e33d3439eeca37bb846e820e1b423.yaml
+++ b/nuclei-templates/2024/CVE-2024-1046-813e33d3439eeca37bb846e820e1b423.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2024-1046'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1047-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/2024/CVE-2024-1047-92df025ccfa89a1351393b8f44caea90.yaml
index d1bd8309be..1ddda76602 100644
--- a/nuclei-templates/2024/CVE-2024-1047-92df025ccfa89a1351393b8f44caea90.yaml
+++ b/nuclei-templates/2024/CVE-2024-1047-92df025ccfa89a1351393b8f44caea90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeIsle SDK  <= Various Versions - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in various versions. This makes it possible for unauthenticated attackers to update options values that allow ThemeIsle to track promotional activities via utm_source.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2024-1047
   metadata:
-    fofa-query: "wp-content/plugins/woocommerce-product-addon/"
-    google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/"
+    fofa-query: "wp-content/plugins/themeisle-companion/"
+    google-query: inurl:"/wp-content/plugins/themeisle-companion/"
     shodan-query: 'vuln:CVE-2024-1047'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-addon,medium
+  tags: cve,wordpress,wp-plugin,themeisle-companion,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/woocommerce-product-addon/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "woocommerce-product-addon"
+          - "themeisle-companion"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 32.0.9')
\ No newline at end of file
+          - compare_versions(version, '<= 2.10.28')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-1049-4086933ae9a93ef9f0adb45c61ef5080.yaml b/nuclei-templates/2024/CVE-2024-1049-4086933ae9a93ef9f0adb45c61ef5080.yaml
index d2e03e87fe..c7c2db303a 100644
--- a/nuclei-templates/2024/CVE-2024-1049-4086933ae9a93ef9f0adb45c61ef5080.yaml
+++ b/nuclei-templates/2024/CVE-2024-1049-4086933ae9a93ef9f0adb45c61ef5080.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder Gutenberg Blocks – CoBlocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coblocks/"
     google-query: inurl:"/wp-content/plugins/coblocks/"
     shodan-query: 'vuln:CVE-2024-1049'
-  tags: cve,wordpress,wp-plugin,coblocks,medium
+  tags: cve,wordpress,wp-plugin,coblocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1050-67ac2a423d1da6f86cbac7c3e9485c2b.yaml b/nuclei-templates/2024/CVE-2024-1050-67ac2a423d1da6f86cbac7c3e9485c2b.yaml
index f02f6a36dc..418e93c327 100644
--- a/nuclei-templates/2024/CVE-2024-1050-67ac2a423d1da6f86cbac7c3e9485c2b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1050-67ac2a423d1da6f86cbac7c3e9485c2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import and export users and customers <= 1.26.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all forced password resets.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2024-1050'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1051-3b8bb6063c635c2a8333462322de6a1f.yaml b/nuclei-templates/2024/CVE-2024-1051-3b8bb6063c635c2a8333462322de6a1f.yaml
index 3cb4d3889b..4ad7a6a1ab 100644
--- a/nuclei-templates/2024/CVE-2024-1051-3b8bb6063c635c2a8333462322de6a1f.yaml
+++ b/nuclei-templates/2024/CVE-2024-1051-3b8bb6063c635c2a8333462322de6a1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     List category posts <= 0.89.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/list-category-posts/"
     google-query: inurl:"/wp-content/plugins/list-category-posts/"
     shodan-query: 'vuln:CVE-2024-1051'
-  tags: cve,wordpress,wp-plugin,list-category-posts,medium
+  tags: cve,wordpress,wp-plugin,list-category-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1053-2f07eb6c891e38765db750c63d86a120.yaml b/nuclei-templates/2024/CVE-2024-1053-2f07eb6c891e38765db750c63d86a120.yaml
index 44bc8bab0a..751bc5f150 100644
--- a/nuclei-templates/2024/CVE-2024-1053-2f07eb6c891e38765db750c63d86a120.yaml
+++ b/nuclei-templates/2024/CVE-2024-1053-2f07eb6c891e38765db750c63d86a120.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Tickets and Registration <= 5.8.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-tickets/"
     google-query: inurl:"/wp-content/plugins/event-tickets/"
     shodan-query: 'vuln:CVE-2024-1053'
-  tags: cve,wordpress,wp-plugin,event-tickets,medium
+  tags: cve,wordpress,wp-plugin,event-tickets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1054-a2e4cd3309d1f111f649373058fb4d50.yaml b/nuclei-templates/2024/CVE-2024-1054-a2e4cd3309d1f111f649373058fb4d50.yaml
index c810825058..0213d749aa 100644
--- a/nuclei-templates/2024/CVE-2024-1054-a2e4cd3309d1f111f649373058fb4d50.yaml
+++ b/nuclei-templates/2024/CVE-2024-1054-a2e4cd3309d1f111f649373058fb4d50.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 
     'wcj_product_barcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
@@ -18,7 +18,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2024-1054'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1055-6a1e6967396b1126582c6ee0a5fede17.yaml b/nuclei-templates/2024/CVE-2024-1055-6a1e6967396b1126582c6ee0a5fede17.yaml
index 1c79a9b340..93efa7e39a 100644
--- a/nuclei-templates/2024/CVE-2024-1055-6a1e6967396b1126582c6ee0a5fede17.yaml
+++ b/nuclei-templates/2024/CVE-2024-1055-6a1e6967396b1126582c6ee0a5fede17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/"
     google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1055'
-  tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1057-a09c2c9abc79ca137e522820700cc3d7.yaml b/nuclei-templates/2024/CVE-2024-1057-a09c2c9abc79ca137e522820700cc3d7.yaml
index 8f491ea012..254b2ed32b 100644
--- a/nuclei-templates/2024/CVE-2024-1057-a09c2c9abc79ca137e522820700cc3d7.yaml
+++ b/nuclei-templates/2024/CVE-2024-1057-a09c2c9abc79ca137e522820700cc3d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes like 'button_class'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woolentor-addons/"
     google-query: inurl:"/wp-content/plugins/woolentor-addons/"
     shodan-query: 'vuln:CVE-2024-1057'
-  tags: cve,wordpress,wp-plugin,woolentor-addons,medium
+  tags: cve,wordpress,wp-plugin,woolentor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1058-e42a9ef463fb91cd20488d17488f8aed.yaml b/nuclei-templates/2024/CVE-2024-1058-e42a9ef463fb91cd20488d17488f8aed.yaml
index deb25564f8..37be70b0fa 100644
--- a/nuclei-templates/2024/CVE-2024-1058-e42a9ef463fb91cd20488d17488f8aed.yaml
+++ b/nuclei-templates/2024/CVE-2024-1058-e42a9ef463fb91cd20488d17488f8aed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SiteOrigin Widgets Bundle <= 1.58.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 1.58.3 offers a partial fix.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/so-widgets-bundle/"
     google-query: inurl:"/wp-content/plugins/so-widgets-bundle/"
     shodan-query: 'vuln:CVE-2024-1058'
-  tags: cve,wordpress,wp-plugin,so-widgets-bundle,medium
+  tags: cve,wordpress,wp-plugin,so-widgets-bundle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1061-3e71b451d444e56f20cac2bd5a92795e.yaml b/nuclei-templates/2024/CVE-2024-1061-3e71b451d444e56f20cac2bd5a92795e.yaml
index c8a2b5b7a7..b31145e0e5 100644
--- a/nuclei-templates/2024/CVE-2024-1061-3e71b451d444e56f20cac2bd5a92795e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1061-3e71b451d444e56f20cac2bd5a92795e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Html5 Video Player plugin for WordPress is vulnerable to SQL Injection via the 'id’ parameter in all versions up to, and including, 2.5.24 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-6485-1/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-6485-1/"
     shodan-query: 'vuln:CVE-2024-1061'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-6485-1,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-6485-1,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1068-64f66ce5bf8a7c60ba469ac77d7c053d.yaml b/nuclei-templates/2024/CVE-2024-1068-64f66ce5bf8a7c60ba469ac77d7c053d.yaml
index 5517555a09..7223dfd37d 100644
--- a/nuclei-templates/2024/CVE-2024-1068-64f66ce5bf8a7c60ba469ac77d7c053d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1068-64f66ce5bf8a7c60ba469ac77d7c053d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     404 Solution <= 2.35.7 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.35.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/404-solution/"
     google-query: inurl:"/wp-content/plugins/404-solution/"
     shodan-query: 'vuln:CVE-2024-1068'
-  tags: cve,wordpress,wp-plugin,404-solution,critical
+  tags: cve,wordpress,wp-plugin,404-solution,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1069-b1d3b6bac2cc1e1f3e245ca1837d27ff.yaml b/nuclei-templates/2024/CVE-2024-1069-b1d3b6bac2cc1e1f3e245ca1837d27ff.yaml
index 6617dc9e1e..e0f8545907 100644
--- a/nuclei-templates/2024/CVE-2024-1069-b1d3b6bac2cc1e1f3e245ca1837d27ff.yaml
+++ b/nuclei-templates/2024/CVE-2024-1069-b1d3b6bac2cc1e1f3e245ca1837d27ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-entries/"
     google-query: inurl:"/wp-content/plugins/contact-form-entries/"
     shodan-query: 'vuln:CVE-2024-1069'
-  tags: cve,wordpress,wp-plugin,contact-form-entries,high
+  tags: cve,wordpress,wp-plugin,contact-form-entries,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1070-c33a17581ea3c88326cc98d137f0e313.yaml b/nuclei-templates/2024/CVE-2024-1070-c33a17581ea3c88326cc98d137f0e313.yaml
index d26c295135..8387624ab2 100644
--- a/nuclei-templates/2024/CVE-2024-1070-c33a17581ea3c88326cc98d137f0e313.yaml
+++ b/nuclei-templates/2024/CVE-2024-1070-c33a17581ea3c88326cc98d137f0e313.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SiteOrigin Widgets Bundle <= 1.58.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/so-widgets-bundle/"
     google-query: inurl:"/wp-content/plugins/so-widgets-bundle/"
     shodan-query: 'vuln:CVE-2024-1070'
-  tags: cve,wordpress,wp-plugin,so-widgets-bundle,medium
+  tags: cve,wordpress,wp-plugin,so-widgets-bundle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1073-3171c38b67df36d18560a0a3bce363f3.yaml b/nuclei-templates/2024/CVE-2024-1073-3171c38b67df36d18560a0a3bce363f3.yaml
index c660032ada..1c93b3e92d 100644
--- a/nuclei-templates/2024/CVE-2024-1073-3171c38b67df36d18560a0a3bce363f3.yaml
+++ b/nuclei-templates/2024/CVE-2024-1073-3171c38b67df36d18560a0a3bce363f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:CVE-2024-1073'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,medium
+  tags: cve,wordpress,wp-plugin,wp-slimstat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1074-73d0b7fc0e78937e14e64656fc0eec81.yaml b/nuclei-templates/2024/CVE-2024-1074-73d0b7fc0e78937e14e64656fc0eec81.yaml
index 3064fb5c98..d16058ebb9 100644
--- a/nuclei-templates/2024/CVE-2024-1074-73d0b7fc0e78937e14e64656fc0eec81.yaml
+++ b/nuclei-templates/2024/CVE-2024-1074-73d0b7fc0e78937e14e64656fc0eec81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2024-1074'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1078-e8c4ecddb52fde1de74da4b2c7a57560.yaml b/nuclei-templates/2024/CVE-2024-1078-e8c4ecddb52fde1de74da4b2c7a57560.yaml
index 182587569a..d8583e49e5 100644
--- a/nuclei-templates/2024/CVE-2024-1078-e8c4ecddb52fde1de74da4b2c7a57560.yaml
+++ b/nuclei-templates/2024/CVE-2024-1078-e8c4ecddb52fde1de74da4b2c7a57560.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz Maker <= 6.5.2.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-maker/"
     google-query: inurl:"/wp-content/plugins/quiz-maker/"
     shodan-query: 'vuln:CVE-2024-1078'
-  tags: cve,wordpress,wp-plugin,quiz-maker,medium
+  tags: cve,wordpress,wp-plugin,quiz-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1079-64b00495d7288bbf7260545472f9a87a.yaml b/nuclei-templates/2024/CVE-2024-1079-64b00495d7288bbf7260545472f9a87a.yaml
index 91b8bc2dfd..daecfe75e7 100644
--- a/nuclei-templates/2024/CVE-2024-1079-64b00495d7288bbf7260545472f9a87a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1079-64b00495d7288bbf7260545472f9a87a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz Maker <= 6.5.2.4 - Missing Authorization to Unauthenticated Quiz Data Retrieval
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-maker/"
     google-query: inurl:"/wp-content/plugins/quiz-maker/"
     shodan-query: 'vuln:CVE-2024-1079'
-  tags: cve,wordpress,wp-plugin,quiz-maker,medium
+  tags: cve,wordpress,wp-plugin,quiz-maker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1080-ac5ea49d172b7aeae239859f4682fe56.yaml b/nuclei-templates/2024/CVE-2024-1080-ac5ea49d172b7aeae239859f4682fe56.yaml
index 32b49c0776..151987790d 100644
--- a/nuclei-templates/2024/CVE-2024-1080-ac5ea49d172b7aeae239859f4682fe56.yaml
+++ b/nuclei-templates/2024/CVE-2024-1080-ac5ea49d172b7aeae239859f4682fe56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.7.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via heading tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-30425 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2024-1080'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1081-f9ee3cd75d7f36da24c7816038266548.yaml b/nuclei-templates/2024/CVE-2024-1081-f9ee3cd75d7f36da24c7816038266548.yaml
index 922a71f011..d094bd3763 100644
--- a/nuclei-templates/2024/CVE-2024-1081-f9ee3cd75d7f36da24c7816038266548.yaml
+++ b/nuclei-templates/2024/CVE-2024-1081-f9ee3cd75d7f36da24c7816038266548.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3D FlipBook – PDF Flipbook WordPress <= 1.15.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/"
     google-query: inurl:"/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/"
     shodan-query: 'vuln:CVE-2024-1081'
-  tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,medium
+  tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1083-aa5a6a671fb5da473aaf8781afbfa3bd.yaml b/nuclei-templates/2024/CVE-2024-1083-aa5a6a671fb5da473aaf8781afbfa3bd.yaml
index ee2a56e3b7..3167a9c14c 100644
--- a/nuclei-templates/2024/CVE-2024-1083-aa5a6a671fb5da473aaf8781afbfa3bd.yaml
+++ b/nuclei-templates/2024/CVE-2024-1083-aa5a6a671fb5da473aaf8781afbfa3bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Restrict <= 1.2.6 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-restrict/"
     google-query: inurl:"/wp-content/plugins/simple-restrict/"
     shodan-query: 'vuln:CVE-2024-1083'
-  tags: cve,wordpress,wp-plugin,simple-restrict,medium
+  tags: cve,wordpress,wp-plugin,simple-restrict,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1089-4f4ea79c6be4308e1d54d5b19b226c52.yaml b/nuclei-templates/2024/CVE-2024-1089-4f4ea79c6be4308e1d54d5b19b226c52.yaml
index ea920a54fe..c17a32c927 100644
--- a/nuclei-templates/2024/CVE-2024-1089-4f4ea79c6be4308e1d54d5b19b226c52.yaml
+++ b/nuclei-templates/2024/CVE-2024-1089-4f4ea79c6be4308e1d54d5b19b226c52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in optimizeAllOn
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/"
     google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/"
     shodan-query: 'vuln:CVE-2024-1089'
-  tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium
+  tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1090-0f06a0233bd37a56c0b489be748f0408.yaml b/nuclei-templates/2024/CVE-2024-1090-0f06a0233bd37a56c0b489be748f0408.yaml
index a1adeeba63..e5c37db76d 100644
--- a/nuclei-templates/2024/CVE-2024-1090-0f06a0233bd37a56c0b489be748f0408.yaml
+++ b/nuclei-templates/2024/CVE-2024-1090-0f06a0233bd37a56c0b489be748f0408.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in stopOptimizeAll
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/"
     google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/"
     shodan-query: 'vuln:CVE-2024-1090'
-  tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium
+  tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1091-433406de2bcd419520bb9dde58f80311.yaml b/nuclei-templates/2024/CVE-2024-1091-433406de2bcd419520bb9dde58f80311.yaml
index eeab57ed9b..dd6344657e 100644
--- a/nuclei-templates/2024/CVE-2024-1091-433406de2bcd419520bb9dde58f80311.yaml
+++ b/nuclei-templates/2024/CVE-2024-1091-433406de2bcd419520bb9dde58f80311.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Plugin Data Removal in reinitialize
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to remove all plugin data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/"
     google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/"
     shodan-query: 'vuln:CVE-2024-1091'
-  tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium
+  tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1092-9e24f5f31aefd98727b13ebb0dfe3151.yaml b/nuclei-templates/2024/CVE-2024-1092-9e24f5f31aefd98727b13ebb0dfe3151.yaml
index ad4dfbbe6e..eecfd36dbd 100644
--- a/nuclei-templates/2024/CVE-2024-1092-9e24f5f31aefd98727b13ebb0dfe3151.yaml
+++ b/nuclei-templates/2024/CVE-2024-1092-9e24f5f31aefd98727b13ebb0dfe3151.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedzy-rss-feeds/"
     google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/"
     shodan-query: 'vuln:CVE-2024-1092'
-  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,medium
+  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1093-37d8f4614be006df7ea5c5c8ccf22b6a.yaml b/nuclei-templates/2024/CVE-2024-1093-37d8f4614be006df7ea5c5c8ccf22b6a.yaml
index a6f49cc2d9..cd1261c077 100644
--- a/nuclei-templates/2024/CVE-2024-1093-37d8f4614be006df7ea5c5c8ccf22b6a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1093-37d8f4614be006df7ea5c5c8ccf22b6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Change Memory Limit <= 1.0 - Missing Authorization via admin_logic()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/change-memory-limit/"
     google-query: inurl:"/wp-content/plugins/change-memory-limit/"
     shodan-query: 'vuln:CVE-2024-1093'
-  tags: cve,wordpress,wp-plugin,change-memory-limit,medium
+  tags: cve,wordpress,wp-plugin,change-memory-limit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1095-c4ae84dae7d5de9c58b9c493377ad809.yaml b/nuclei-templates/2024/CVE-2024-1095-c4ae84dae7d5de9c58b9c493377ad809.yaml
index 3601b21936..5cce1b48fb 100644
--- a/nuclei-templates/2024/CVE-2024-1095-c4ae84dae7d5de9c58b9c493377ad809.yaml
+++ b/nuclei-templates/2024/CVE-2024-1095-c4ae84dae7d5de9c58b9c493377ad809.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Build & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/control-block-patterns/"
     google-query: inurl:"/wp-content/plugins/control-block-patterns/"
     shodan-query: 'vuln:CVE-2024-1095'
-  tags: cve,wordpress,wp-plugin,control-block-patterns,medium
+  tags: cve,wordpress,wp-plugin,control-block-patterns,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1106-91995026ff620283dce0ded1573ce367.yaml b/nuclei-templates/2024/CVE-2024-1106-91995026ff620283dce0ded1573ce367.yaml
index 215ee8989c..c9876cc08a 100644
--- a/nuclei-templates/2024/CVE-2024-1106-91995026ff620283dce0ded1573ce367.yaml
+++ b/nuclei-templates/2024/CVE-2024-1106-91995026ff620283dce0ded1573ce367.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shariff Wrapper <= 4.6.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shariff/"
     google-query: inurl:"/wp-content/plugins/shariff/"
     shodan-query: 'vuln:CVE-2024-1106'
-  tags: cve,wordpress,wp-plugin,shariff,medium
+  tags: cve,wordpress,wp-plugin,shariff,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1108-f9def0ceb1a6b24330f85d2a5c68b378.yaml b/nuclei-templates/2024/CVE-2024-1108-f9def0ceb1a6b24330f85d2a5c68b378.yaml
index 3912789139..bce2edb22c 100644
--- a/nuclei-templates/2024/CVE-2024-1108-f9def0ceb1a6b24330f85d2a5c68b378.yaml
+++ b/nuclei-templates/2024/CVE-2024-1108-f9def0ceb1a6b24330f85d2a5c68b378.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plugin Groups <= 2.0.6 - Missing Authorization to Unauthenticated Denial of Service
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/plugin-groups/"
     google-query: inurl:"/wp-content/plugins/plugin-groups/"
     shodan-query: 'vuln:CVE-2024-1108'
-  tags: cve,wordpress,wp-plugin,plugin-groups,medium
+  tags: cve,wordpress,wp-plugin,plugin-groups,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1109-3472d41d965a1eba1565dbf3f6f91c0c.yaml b/nuclei-templates/2024/CVE-2024-1109-3472d41d965a1eba1565dbf3f6f91c0c.yaml
index 97d1c736f7..f833b79365 100644
--- a/nuclei-templates/2024/CVE-2024-1109-3472d41d965a1eba1565dbf3f6f91c0c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1109-3472d41d965a1eba1565dbf3f6f91c0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2024-1109'
-  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1110-2e10545dd7017e6f584fc20c4f8e8985.yaml b/nuclei-templates/2024/CVE-2024-1110-2e10545dd7017e6f584fc20c4f8e8985.yaml
index 7fa588d2b3..e619dcb804 100644
--- a/nuclei-templates/2024/CVE-2024-1110-2e10545dd7017e6f584fc20c4f8e8985.yaml
+++ b/nuclei-templates/2024/CVE-2024-1110-2e10545dd7017e6f584fc20c4f8e8985.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2024-1110'
-  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1118-f884e1e5931aac898c331db3ff9b0a47.yaml b/nuclei-templates/2024/CVE-2024-1118-f884e1e5931aac898c331db3ff9b0a47.yaml
index 213fca6149..9ee5f4df0d 100644
--- a/nuclei-templates/2024/CVE-2024-1118-f884e1e5931aac898c331db3ff9b0a47.yaml
+++ b/nuclei-templates/2024/CVE-2024-1118-f884e1e5931aac898c331db3ff9b0a47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-subscribe-button/"
     google-query: inurl:"/wp-content/plugins/podlove-subscribe-button/"
     shodan-query: 'vuln:CVE-2024-1118'
-  tags: cve,wordpress,wp-plugin,podlove-subscribe-button,high
+  tags: cve,wordpress,wp-plugin,podlove-subscribe-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1119-788617c7c507dc55ce43d126204f73e2.yaml b/nuclei-templates/2024/CVE-2024-1119-788617c7c507dc55ce43d126204f73e2.yaml
index 3740e51fd2..6b0edbffaf 100644
--- a/nuclei-templates/2024/CVE-2024-1119-788617c7c507dc55ce43d126204f73e2.yaml
+++ b/nuclei-templates/2024/CVE-2024-1119-788617c7c507dc55ce43d126204f73e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order Tip for WooCommerce <= 1.3.1 - Missing Authorization to Unauthenticated Data Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/order-tip-woo/"
     google-query: inurl:"/wp-content/plugins/order-tip-woo/"
     shodan-query: 'vuln:CVE-2024-1119'
-  tags: cve,wordpress,wp-plugin,order-tip-woo,medium
+  tags: cve,wordpress,wp-plugin,order-tip-woo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1120-13f75b4807aa41447c76b6287198f0e6.yaml b/nuclei-templates/2024/CVE-2024-1120-13f75b4807aa41447c76b6287198f0e6.yaml
index c2a16105ab..bef4529fe3 100644
--- a/nuclei-templates/2024/CVE-2024-1120-13f75b4807aa41447c76b6287198f0e6.yaml
+++ b/nuclei-templates/2024/CVE-2024-1120-13f75b4807aa41447c76b6287198f0e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2024-1120
   metadata:
-    fofa-query: "wp-content/plugins/woo-thank-you-page-nextmove-lite/"
-    google-query: inurl:"/wp-content/plugins/woo-thank-you-page-nextmove-lite/"
+    fofa-query: "wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/"
+    google-query: inurl:"/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/"
     shodan-query: 'vuln:CVE-2024-1120'
-  tags: cve,wordpress,wp-plugin,woo-thank-you-page-nextmove-lite,medium
+  tags: cve,wordpress,wp-plugin,finale-woocommerce-sales-countdown-timer-discount,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/woo-thank-you-page-nextmove-lite/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "woo-thank-you-page-nextmove-lite"
+          - "finale-woocommerce-sales-countdown-timer-discount"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.18.0')
\ No newline at end of file
+          - compare_versions(version, '<= 2.17.0')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-1121-019da25ecceb2c42293b8bf9c83a7180.yaml b/nuclei-templates/2024/CVE-2024-1121-019da25ecceb2c42293b8bf9c83a7180.yaml
index e6e5648d67..2119746085 100644
--- a/nuclei-templates/2024/CVE-2024-1121-019da25ecceb2c42293b8bf9c83a7180.yaml
+++ b/nuclei-templates/2024/CVE-2024-1121-019da25ecceb2c42293b8bf9c83a7180.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Forms for ACF <= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-forms/"
     google-query: inurl:"/wp-content/plugins/advanced-forms/"
     shodan-query: 'vuln:CVE-2024-1121'
-  tags: cve,wordpress,wp-plugin,advanced-forms,medium
+  tags: cve,wordpress,wp-plugin,advanced-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1122-470fcf5d296c10b95ff256d3ed543789.yaml b/nuclei-templates/2024/CVE-2024-1122-470fcf5d296c10b95ff256d3ed543789.yaml
index c926a835f7..5e094e2859 100644
--- a/nuclei-templates/2024/CVE-2024-1122-470fcf5d296c10b95ff256d3ed543789.yaml
+++ b/nuclei-templates/2024/CVE-2024-1122-470fcf5d296c10b95ff256d3ed543789.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-event-solution/"
     google-query: inurl:"/wp-content/plugins/wp-event-solution/"
     shodan-query: 'vuln:CVE-2024-1122'
-  tags: cve,wordpress,wp-plugin,wp-event-solution,medium
+  tags: cve,wordpress,wp-plugin,wp-event-solution,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1123-8aeb2b8f9fd8f5408bc5cbce23cde23a.yaml b/nuclei-templates/2024/CVE-2024-1123-8aeb2b8f9fd8f5408bc5cbce23cde23a.yaml
index 21260830c0..592a5e4eac 100644
--- a/nuclei-templates/2024/CVE-2024-1123-8aeb2b8f9fd8f5408bc5cbce23cde23a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1123-8aeb2b8f9fd8f5408bc5cbce23cde23a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the title and content of arbitrary posts. This can also be exploited by unauthenticated attackers when the allow_submission_by_anonymous_user setting is enabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventprime-event-calendar-management/"
     google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/"
     shodan-query: 'vuln:CVE-2024-1123'
-  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium
+  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1124-0518a583283f442e889b7000a0f04a7c.yaml b/nuclei-templates/2024/CVE-2024-1124-0518a583283f442e889b7000a0f04a7c.yaml
index 765f7c45c4..80bb609382 100644
--- a/nuclei-templates/2024/CVE-2024-1124-0518a583283f442e889b7000a0f04a7c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1124-0518a583283f442e889b7000a0f04a7c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails with arbitrary content from the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventprime-event-calendar-management/"
     google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/"
     shodan-query: 'vuln:CVE-2024-1124'
-  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium
+  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1125-42040b470560c747a13bf2788592d50b.yaml b/nuclei-templates/2024/CVE-2024-1125-42040b470560c747a13bf2788592d50b.yaml
index 67f7d6027a..b85cc742c9 100644
--- a/nuclei-templates/2024/CVE-2024-1125-42040b470560c747a13bf2788592d50b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1125-42040b470560c747a13bf2788592d50b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventprime-event-calendar-management/"
     google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/"
     shodan-query: 'vuln:CVE-2024-1125'
-  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium
+  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1126-5610b8d447f64bccab677eca7d6526f5.yaml b/nuclei-templates/2024/CVE-2024-1126-5610b8d447f64bccab677eca7d6526f5.yaml
index 827514ff04..e8135663c4 100644
--- a/nuclei-templates/2024/CVE-2024-1126-5610b8d447f64bccab677eca7d6526f5.yaml
+++ b/nuclei-templates/2024/CVE-2024-1126-5610b8d447f64bccab677eca7d6526f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventprime-event-calendar-management/"
     google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/"
     shodan-query: 'vuln:CVE-2024-1126'
-  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium
+  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1127-3fbde3febf513db2a577aee06321eb0b.yaml b/nuclei-templates/2024/CVE-2024-1127-3fbde3febf513db2a577aee06321eb0b.yaml
index c0d0d9f0b4..cacf7de804 100644
--- a/nuclei-templates/2024/CVE-2024-1127-3fbde3febf513db2a577aee06321eb0b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1127-3fbde3febf513db2a577aee06321eb0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve all event booking which can contain PII.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventprime-event-calendar-management/"
     google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/"
     shodan-query: 'vuln:CVE-2024-1127'
-  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium
+  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1128-7feda050b3f384761620a931ffec2f7f.yaml b/nuclei-templates/2024/CVE-2024-1128-7feda050b3f384761620a931ffec2f7f.yaml
index 806592ae11..66418e0ed4 100644
--- a/nuclei-templates/2024/CVE-2024-1128-7feda050b3f384761620a931ffec2f7f.yaml
+++ b/nuclei-templates/2024/CVE-2024-1128-7feda050b3f384761620a931ffec2f7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student access and above, to inject arbitrary HTML onto a site, though it does not allow Cross-Site Scripting
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2024-1128'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1129-f0ac080b3744a919181119313b1bddf9.yaml b/nuclei-templates/2024/CVE-2024-1129-f0ac080b3744a919181119313b1bddf9.yaml
index c687f508d0..c87d14a35e 100644
--- a/nuclei-templates/2024/CVE-2024-1129-f0ac080b3744a919181119313b1bddf9.yaml
+++ b/nuclei-templates/2024/CVE-2024-1129-f0ac080b3744a919181119313b1bddf9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2024-1129'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1130-2d87227c0a1b8cce209867e1a3357d5b.yaml b/nuclei-templates/2024/CVE-2024-1130-2d87227c0a1b8cce209867e1a3357d5b.yaml
index f10478e18e..2a8d58fb18 100644
--- a/nuclei-templates/2024/CVE-2024-1130-2d87227c0a1b8cce209867e1a3357d5b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1130-2d87227c0a1b8cce209867e1a3357d5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as read.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2024-1130'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1133-015631a41e17e7c68847b5f1f1c1e6e5.yaml b/nuclei-templates/2024/CVE-2024-1133-015631a41e17e7c68847b5f1f1c1e6e5.yaml
index 08eaa5f2c5..4bd799f20c 100644
--- a/nuclei-templates/2024/CVE-2024-1133-015631a41e17e7c68847b5f1f1c1e6e5.yaml
+++ b/nuclei-templates/2024/CVE-2024-1133-015631a41e17e7c68847b5f1f1c1e6e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 2.6.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with subscriber access or higher, to interact with questions in courses in which they are not enrolled including private courses.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2024-1133'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1157-005e163e7b395198e1ed48634c687240.yaml b/nuclei-templates/2024/CVE-2024-1157-005e163e7b395198e1ed48634c687240.yaml
index 081d8fde13..49afd5ab19 100644
--- a/nuclei-templates/2024/CVE-2024-1157-005e163e7b395198e1ed48634c687240.yaml
+++ b/nuclei-templates/2024/CVE-2024-1157-005e163e7b395198e1ed48634c687240.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2024-1157'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1158-5a3c975faaff05174a403394f594d251.yaml b/nuclei-templates/2024/CVE-2024-1158-5a3c975faaff05174a403394f594d251.yaml
index d003368956..dc7f1ce72a 100644
--- a/nuclei-templates/2024/CVE-2024-1158-5a3c975faaff05174a403394f594d251.yaml
+++ b/nuclei-templates/2024/CVE-2024-1158-5a3c975faaff05174a403394f594d251.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyforms/"
     google-query: inurl:"/wp-content/plugins/buddyforms/"
     shodan-query: 'vuln:CVE-2024-1158'
-  tags: cve,wordpress,wp-plugin,buddyforms,medium
+  tags: cve,wordpress,wp-plugin,buddyforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1159-2109981df34c3c3e10e9a3ff3ab51437.yaml b/nuclei-templates/2024/CVE-2024-1159-2109981df34c3c3e10e9a3ff3ab51437.yaml
index d9756c17dd..00f0cfaa4d 100644
--- a/nuclei-templates/2024/CVE-2024-1159-2109981df34c3c3e10e9a3ff3ab51437.yaml
+++ b/nuclei-templates/2024/CVE-2024-1159-2109981df34c3c3e10e9a3ff3ab51437.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2024-1159'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1160-e2f4a51da7010a4270e848488a346f79.yaml b/nuclei-templates/2024/CVE-2024-1160-e2f4a51da7010a4270e848488a346f79.yaml
index b8885fbb23..f4be96410c 100644
--- a/nuclei-templates/2024/CVE-2024-1160-e2f4a51da7010a4270e848488a346f79.yaml
+++ b/nuclei-templates/2024/CVE-2024-1160-e2f4a51da7010a4270e848488a346f79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-30442 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2024-1160'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1165-a6227d9d923140efcf18978d7c277e53.yaml b/nuclei-templates/2024/CVE-2024-1165-a6227d9d923140efcf18978d7c277e53.yaml
index 0292877af1..597c73c113 100644
--- a/nuclei-templates/2024/CVE-2024-1165-a6227d9d923140efcf18978d7c277e53.yaml
+++ b/nuclei-templates/2024/CVE-2024-1165-a6227d9d923140efcf18978d7c277e53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy – Page Builder <= 2.4.39 - Authenticated (Contributor+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:CVE-2024-1165'
-  tags: cve,wordpress,wp-plugin,brizy,medium
+  tags: cve,wordpress,wp-plugin,brizy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1166-23084d0a675ec1fe2de5f06c696330cf.yaml b/nuclei-templates/2024/CVE-2024-1166-23084d0a675ec1fe2de5f06c696330cf.yaml
index 3515a00c63..27559e25cd 100644
--- a/nuclei-templates/2024/CVE-2024-1166-23084d0a675ec1fe2de5f06c696330cf.yaml
+++ b/nuclei-templates/2024/CVE-2024-1166-23084d0a675ec1fe2de5f06c696330cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects - Elementor Addon <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-addon-for-elementor/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-addon-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1166'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-addon-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,image-hover-effects-addon-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1171-200d6c881afb4e097be1558e49c07780.yaml b/nuclei-templates/2024/CVE-2024-1171-200d6c881afb4e097be1558e49c07780.yaml
index 06da969851..4a1f808c1e 100644
--- a/nuclei-templates/2024/CVE-2024-1171-200d6c881afb4e097be1558e49c07780.yaml
+++ b/nuclei-templates/2024/CVE-2024-1171-200d6c881afb4e097be1558e49c07780.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-1171'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1172-1a4b02751bb2128579758045cc80caa1.yaml b/nuclei-templates/2024/CVE-2024-1172-1a4b02751bb2128579758045cc80caa1.yaml
index 9f97d32302..7f138e2514 100644
--- a/nuclei-templates/2024/CVE-2024-1172-1a4b02751bb2128579758045cc80caa1.yaml
+++ b/nuclei-templates/2024/CVE-2024-1172-1a4b02751bb2128579758045cc80caa1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-1172'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1173-b7e69e83c8c59004ad0e6d101ab301ac.yaml b/nuclei-templates/2024/CVE-2024-1173-b7e69e83c8c59004ad0e6d101ab301ac.yaml
index 5c1b393ffb..1d0fb32541 100644
--- a/nuclei-templates/2024/CVE-2024-1173-b7e69e83c8c59004ad0e6d101ab301ac.yaml
+++ b/nuclei-templates/2024/CVE-2024-1173-b7e69e83c8c59004ad0e6d101ab301ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with accounting manager or admin access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erp/"
     google-query: inurl:"/wp-content/plugins/erp/"
     shodan-query: 'vuln:CVE-2024-1173'
-  tags: cve,wordpress,wp-plugin,erp,high
+  tags: cve,wordpress,wp-plugin,erp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1176-164d8e023bea2a9cf66601d6c8d87f66.yaml b/nuclei-templates/2024/CVE-2024-1176-164d8e023bea2a9cf66601d6c8d87f66.yaml
index 2cc10690ac..ab21cb6035 100644
--- a/nuclei-templates/2024/CVE-2024-1176-164d8e023bea2a9cf66601d6c8d87f66.yaml
+++ b/nuclei-templates/2024/CVE-2024-1176-164d8e023bea2a9cf66601d6c8d87f66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-easy-google-analytics/"
     google-query: inurl:"/wp-content/plugins/ht-easy-google-analytics/"
     shodan-query: 'vuln:CVE-2024-1176'
-  tags: cve,wordpress,wp-plugin,ht-easy-google-analytics,medium
+  tags: cve,wordpress,wp-plugin,ht-easy-google-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1177-dabe11ac9a89ef7717da39d4e9cb7dcc.yaml b/nuclei-templates/2024/CVE-2024-1177-dabe11ac9a89ef7717da39d4e9cb7dcc.yaml
index a05fa83c90..0dbb9566ad 100644
--- a/nuclei-templates/2024/CVE-2024-1177-dabe11ac9a89ef7717da39d4e9cb7dcc.yaml
+++ b/nuclei-templates/2024/CVE-2024-1177-dabe11ac9a89ef7717da39d4e9cb7dcc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Club Manager – WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-club-manager/"
     google-query: inurl:"/wp-content/plugins/wp-club-manager/"
     shodan-query: 'vuln:CVE-2024-1177'
-  tags: cve,wordpress,wp-plugin,wp-club-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-club-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1178-12303619a441af1cb4218513536dee14.yaml b/nuclei-templates/2024/CVE-2024-1178-12303619a441af1cb4218513536dee14.yaml
index b7f580c1df..e1219fe9bf 100644
--- a/nuclei-templates/2024/CVE-2024-1178-12303619a441af1cb4218513536dee14.yaml
+++ b/nuclei-templates/2024/CVE-2024-1178-12303619a441af1cb4218513536dee14.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sportspress/"
     google-query: inurl:"/wp-content/plugins/sportspress/"
     shodan-query: 'vuln:CVE-2024-1178'
-  tags: cve,wordpress,wp-plugin,sportspress,medium
+  tags: cve,wordpress,wp-plugin,sportspress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1203-ed938d6748a55c68d3afc00fc2604d10.yaml b/nuclei-templates/2024/CVE-2024-1203-ed938d6748a55c68d3afc00fc2604d10.yaml
index 9938bc0c8e..d2730cfca4 100644
--- a/nuclei-templates/2024/CVE-2024-1203-ed938d6748a55c68d3afc00fc2604d10.yaml
+++ b/nuclei-templates/2024/CVE-2024-1203-ed938d6748a55c68d3afc00fc2604d10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/"
     google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/"
     shodan-query: 'vuln:CVE-2024-1203'
-  tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,high
+  tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1204-dc129067ca38c26e19992abcd62ec625.yaml b/nuclei-templates/2024/CVE-2024-1204-dc129067ca38c26e19992abcd62ec625.yaml
index 070236a326..16d121f117 100644
--- a/nuclei-templates/2024/CVE-2024-1204-dc129067ca38c26e19992abcd62ec625.yaml
+++ b/nuclei-templates/2024/CVE-2024-1204-dc129067ca38c26e19992abcd62ec625.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meta Box – WordPress Custom Fields Framework <= 5.9.3 - Authenticated (Contributor+) Information Exposure via Post Meta
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 5.9.3. This is due to the plugin not properly restricting the post meta that can be displayed through the 'rwmb_meta' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meta-box/"
     google-query: inurl:"/wp-content/plugins/meta-box/"
     shodan-query: 'vuln:CVE-2024-1204'
-  tags: cve,wordpress,wp-plugin,meta-box,medium
+  tags: cve,wordpress,wp-plugin,meta-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1205-5b8de369a947d5ef9762408c0a15df35.yaml b/nuclei-templates/2024/CVE-2024-1205-5b8de369a947d5ef9762408c0a15df35.yaml
index 42db17dec0..4252e7eb61 100644
--- a/nuclei-templates/2024/CVE-2024-1205-5b8de369a947d5ef9762408c0a15df35.yaml
+++ b/nuclei-templates/2024/CVE-2024-1205-5b8de369a947d5ef9762408c0a15df35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring <= 1.2.2 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvello_upload_csv_file function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wemanage-app-worker/"
     google-query: inurl:"/wp-content/plugins/wemanage-app-worker/"
     shodan-query: 'vuln:CVE-2024-1205'
-  tags: cve,wordpress,wp-plugin,wemanage-app-worker,high
+  tags: cve,wordpress,wp-plugin,wemanage-app-worker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1206-827537b84b4ae3840c51006c12ccc5df.yaml b/nuclei-templates/2024/CVE-2024-1206-827537b84b4ae3840c51006c12ccc5df.yaml
index 59090fd992..3ddd86e058 100644
--- a/nuclei-templates/2024/CVE-2024-1206-827537b84b4ae3840c51006c12ccc5df.yaml
+++ b/nuclei-templates/2024/CVE-2024-1206-827537b84b4ae3840c51006c12ccc5df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Recipe Maker <= 9.1.2 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recipe-maker/"
     google-query: inurl:"/wp-content/plugins/wp-recipe-maker/"
     shodan-query: 'vuln:CVE-2024-1206'
-  tags: cve,wordpress,wp-plugin,wp-recipe-maker,high
+  tags: cve,wordpress,wp-plugin,wp-recipe-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1218-5837868c169d6f2b8a500d8da35501e2.yaml b/nuclei-templates/2024/CVE-2024-1218-5837868c169d6f2b8a500d8da35501e2.yaml
index 59fce94d2c..aee65c22c0 100644
--- a/nuclei-templates/2024/CVE-2024-1218-5837868c169d6f2b8a500d8da35501e2.yaml
+++ b/nuclei-templates/2024/CVE-2024-1218-5837868c169d6f2b8a500d8da35501e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kali-forms/"
     google-query: inurl:"/wp-content/plugins/kali-forms/"
     shodan-query: 'vuln:CVE-2024-1218'
-  tags: cve,wordpress,wp-plugin,kali-forms,medium
+  tags: cve,wordpress,wp-plugin,kali-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1219-455ef09d7d7d2085e1e76af071d802ad.yaml b/nuclei-templates/2024/CVE-2024-1219-455ef09d7d7d2085e1e76af071d802ad.yaml
index 24b097dcc4..8c3fb6f12c 100644
--- a/nuclei-templates/2024/CVE-2024-1219-455ef09d7d7d2085e1e76af071d802ad.yaml
+++ b/nuclei-templates/2024/CVE-2024-1219-455ef09d7d7d2085e1e76af071d802ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Feed <= 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-facebook-likebox/"
     google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/"
     shodan-query: 'vuln:CVE-2024-1219'
-  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium
+  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1229-ebdc4e179afbae0e73d5291d7befe15e.yaml b/nuclei-templates/2024/CVE-2024-1229-ebdc4e179afbae0e73d5291d7befe15e.yaml
index 085cf7e86a..6764703bcf 100644
--- a/nuclei-templates/2024/CVE-2024-1229-ebdc4e179afbae0e73d5291d7befe15e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1229-ebdc4e179afbae0e73d5291d7befe15e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SimpleShop <= 2.10.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect the SimpleShop.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simpleshop-cz/"
     google-query: inurl:"/wp-content/plugins/simpleshop-cz/"
     shodan-query: 'vuln:CVE-2024-1229'
-  tags: cve,wordpress,wp-plugin,simpleshop-cz,medium
+  tags: cve,wordpress,wp-plugin,simpleshop-cz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1234-f3fab83347fba28adb4199c2198991f2.yaml b/nuclei-templates/2024/CVE-2024-1234-f3fab83347fba28adb4199c2198991f2.yaml
index 0cf9baab1b..7c18774504 100644
--- a/nuclei-templates/2024/CVE-2024-1234-f3fab83347fba28adb4199c2198991f2.yaml
+++ b/nuclei-templates/2024/CVE-2024-1234-f3fab83347fba28adb4199c2198991f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1234'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1235-3c3007d2c808c5107195ff3e0b9f940c.yaml b/nuclei-templates/2024/CVE-2024-1235-3c3007d2c808c5107195ff3e0b9f940c.yaml
index 8f6f2f71a9..cf747c59cd 100644
--- a/nuclei-templates/2024/CVE-2024-1235-3c3007d2c808c5107195ff3e0b9f940c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1235-3c3007d2c808c5107195ff3e0b9f940c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons by Livemesh <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1235'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1236-84d7b8eee39d9201723ad33de86e3865.yaml b/nuclei-templates/2024/CVE-2024-1236-84d7b8eee39d9201723ad33de86e3865.yaml
index 17ba2fdc6e..e5f5a0de98 100644
--- a/nuclei-templates/2024/CVE-2024-1236-84d7b8eee39d9201723ad33de86e3865.yaml
+++ b/nuclei-templates/2024/CVE-2024-1236-84d7b8eee39d9201723ad33de86e3865.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-1236'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1237-5adfa5eb8fa56a7df3a28304be530aa5.yaml b/nuclei-templates/2024/CVE-2024-1237-5adfa5eb8fa56a7df3a28304be530aa5.yaml
index 6f1f2c0f66..f12ec3aff1 100644
--- a/nuclei-templates/2024/CVE-2024-1237-5adfa5eb8fa56a7df3a28304be530aa5.yaml
+++ b/nuclei-templates/2024/CVE-2024-1237-5adfa5eb8fa56a7df3a28304be530aa5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Header & Footer Builder <= 1.6.24 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/header-footer-elementor/"
     google-query: inurl:"/wp-content/plugins/header-footer-elementor/"
     shodan-query: 'vuln:CVE-2024-1237'
-  tags: cve,wordpress,wp-plugin,header-footer-elementor,medium
+  tags: cve,wordpress,wp-plugin,header-footer-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1238-e064b41fe8a39fcee76359d8531bca53.yaml b/nuclei-templates/2024/CVE-2024-1238-e064b41fe8a39fcee76359d8531bca53.yaml
index a68434f532..4c4ab86102 100644
--- a/nuclei-templates/2024/CVE-2024-1238-e064b41fe8a39fcee76359d8531bca53.yaml
+++ b/nuclei-templates/2024/CVE-2024-1238-e064b41fe8a39fcee76359d8531bca53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32505 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit-lite/"
     google-query: inurl:"/wp-content/plugins/elementskit-lite/"
     shodan-query: 'vuln:CVE-2024-1238'
-  tags: cve,wordpress,wp-plugin,elementskit-lite,medium
+  tags: cve,wordpress,wp-plugin,elementskit-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1239-998f619282ed25afacc39847ff214ad0.yaml b/nuclei-templates/2024/CVE-2024-1239-998f619282ed25afacc39847ff214ad0.yaml
index 8f8e591e62..fa41a86fe1 100644
--- a/nuclei-templates/2024/CVE-2024-1239-998f619282ed25afacc39847ff214ad0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1239-998f619282ed25afacc39847ff214ad0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsKit Elementor addons <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit-lite/"
     google-query: inurl:"/wp-content/plugins/elementskit-lite/"
     shodan-query: 'vuln:CVE-2024-1239'
-  tags: cve,wordpress,wp-plugin,elementskit-lite,medium
+  tags: cve,wordpress,wp-plugin,elementskit-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1242-53bbdc5768caf77b3864368c8b4ad9d8.yaml b/nuclei-templates/2024/CVE-2024-1242-53bbdc5768caf77b3864368c8b4ad9d8.yaml
index 4d37572f85..8fa30f2486 100644
--- a/nuclei-templates/2024/CVE-2024-1242-53bbdc5768caf77b3864368c8b4ad9d8.yaml
+++ b/nuclei-templates/2024/CVE-2024-1242-53bbdc5768caf77b3864368c8b4ad9d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1242'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1273-750a764136a41cb3d1ef7fa35a4e6897.yaml b/nuclei-templates/2024/CVE-2024-1273-750a764136a41cb3d1ef7fa35a4e6897.yaml
index a0dfaa8beb..ceecb80a9b 100644
--- a/nuclei-templates/2024/CVE-2024-1273-750a764136a41cb3d1ef7fa35a4e6897.yaml
+++ b/nuclei-templates/2024/CVE-2024-1273-750a764136a41cb3d1ef7fa35a4e6897.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Starbox <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/starbox/"
     google-query: inurl:"/wp-content/plugins/starbox/"
     shodan-query: 'vuln:CVE-2024-1273'
-  tags: cve,wordpress,wp-plugin,starbox,medium
+  tags: cve,wordpress,wp-plugin,starbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1274-7598877f4e713405d9e74bfad63425fb.yaml b/nuclei-templates/2024/CVE-2024-1274-7598877f4e713405d9e74bfad63425fb.yaml
index 7a89d9d933..256ae20823 100644
--- a/nuclei-templates/2024/CVE-2024-1274-7598877f4e713405d9e74bfad63425fb.yaml
+++ b/nuclei-templates/2024/CVE-2024-1274-7598877f4e713405d9e74bfad63425fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Calendar <= 3.4.23 - Authenticated (Admin+) Stored Cross-Site Scripting via Events
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The My Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via events in all versions up to, and including, 3.4.23 due to insufficient input sanitization and output escaping on event dates. This makes it possible for authenticated attackers with, admin-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-calendar/"
     google-query: inurl:"/wp-content/plugins/my-calendar/"
     shodan-query: 'vuln:CVE-2024-1274'
-  tags: cve,wordpress,wp-plugin,my-calendar,medium
+  tags: cve,wordpress,wp-plugin,my-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1276-8e520f19b2730c335f2344f32b135ff7.yaml b/nuclei-templates/2024/CVE-2024-1276-8e520f19b2730c335f2344f32b135ff7.yaml
index 730970acdb..12b7d65a7f 100644
--- a/nuclei-templates/2024/CVE-2024-1276-8e520f19b2730c335f2344f32b135ff7.yaml
+++ b/nuclei-templates/2024/CVE-2024-1276-8e520f19b2730c335f2344f32b135ff7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-1276'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1277-1fa0a5990488e25fdbc5ceea9aa094d8.yaml b/nuclei-templates/2024/CVE-2024-1277-1fa0a5990488e25fdbc5ceea9aa094d8.yaml
index 5ec97ce795..529e6d7ebf 100644
--- a/nuclei-templates/2024/CVE-2024-1277-1fa0a5990488e25fdbc5ceea9aa094d8.yaml
+++ b/nuclei-templates/2024/CVE-2024-1277-1fa0a5990488e25fdbc5ceea9aa094d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ocean Extra <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ocean-extra/"
     google-query: inurl:"/wp-content/plugins/ocean-extra/"
     shodan-query: 'vuln:CVE-2024-1277'
-  tags: cve,wordpress,wp-plugin,ocean-extra,medium
+  tags: cve,wordpress,wp-plugin,ocean-extra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1278-7e2aa27b61aaa1e5ca65bdc32112a6a9.yaml b/nuclei-templates/2024/CVE-2024-1278-7e2aa27b61aaa1e5ca65bdc32112a6a9.yaml
index 13cbb39a59..2982412549 100644
--- a/nuclei-templates/2024/CVE-2024-1278-7e2aa27b61aaa1e5ca65bdc32112a6a9.yaml
+++ b/nuclei-templates/2024/CVE-2024-1278-7e2aa27b61aaa1e5ca65bdc32112a6a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'efb_likebox' shortcode in all versions up to, and including, 6.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-facebook-likebox/"
     google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/"
     shodan-query: 'vuln:CVE-2024-1278'
-  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium
+  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1279-fce0c7de1ac72dbab0de3f1d5f219540.yaml b/nuclei-templates/2024/CVE-2024-1279-fce0c7de1ac72dbab0de3f1d5f219540.yaml
index 6c4c831066..b07dbed179 100644
--- a/nuclei-templates/2024/CVE-2024-1279-fce0c7de1ac72dbab0de3f1d5f219540.yaml
+++ b/nuclei-templates/2024/CVE-2024-1279-fce0c7de1ac72dbab0de3f1d5f219540.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) Information Disclosure via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.12.8. This makes it possible for authenticated attackers, with contributor-level access and above, to extract user meta data utilizing the pmpro_member shortcode.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:CVE-2024-1279'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1282-83be75cbe83d286de0e56bf13cde5945.yaml b/nuclei-templates/2024/CVE-2024-1282-83be75cbe83d286de0e56bf13cde5945.yaml
index bf748fe3ce..8d0af00bbf 100644
--- a/nuclei-templates/2024/CVE-2024-1282-83be75cbe83d286de0e56bf13cde5945.yaml
+++ b/nuclei-templates/2024/CVE-2024-1282-83be75cbe83d286de0e56bf13cde5945.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Encoder – Protect Email Addresses and Phone Numbers <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-encoder-bundle/"
     google-query: inurl:"/wp-content/plugins/email-encoder-bundle/"
     shodan-query: 'vuln:CVE-2024-1282'
-  tags: cve,wordpress,wp-plugin,email-encoder-bundle,medium
+  tags: cve,wordpress,wp-plugin,email-encoder-bundle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1285-f83002599a8aabe9f476ac830785a4d7.yaml b/nuclei-templates/2024/CVE-2024-1285-f83002599a8aabe9f476ac830785a4d7.yaml
index c30d13867f..14ed79d2ef 100644
--- a/nuclei-templates/2024/CVE-2024-1285-f83002599a8aabe9f476ac830785a4d7.yaml
+++ b/nuclei-templates/2024/CVE-2024-1285-f83002599a8aabe9f476ac830785a4d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-builder-sandwich/"
     google-query: inurl:"/wp-content/plugins/page-builder-sandwich/"
     shodan-query: 'vuln:CVE-2024-1285'
-  tags: cve,wordpress,wp-plugin,page-builder-sandwich,medium
+  tags: cve,wordpress,wp-plugin,page-builder-sandwich,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1288-84ecfe35530dba1d6d850c87907091be.yaml b/nuclei-templates/2024/CVE-2024-1288-84ecfe35530dba1d6d850c87907091be.yaml
index 929f11f86f..6e7cd8fa9b 100644
--- a/nuclei-templates/2024/CVE-2024-1288-84ecfe35530dba1d6d850c87907091be.yaml
+++ b/nuclei-templates/2024/CVE-2024-1288-84ecfe35530dba1d6d850c87907091be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially breaking the reCaptcha functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/schema-and-structured-data-for-wp/"
     google-query: inurl:"/wp-content/plugins/schema-and-structured-data-for-wp/"
     shodan-query: 'vuln:CVE-2024-1288'
-  tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,medium
+  tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1290-96ed0838fd20f84264d3c063e2ba926e.yaml b/nuclei-templates/2024/CVE-2024-1290-96ed0838fd20f84264d3c063e2ba926e.yaml
index 54ab3c531a..11e6e18ebd 100644
--- a/nuclei-templates/2024/CVE-2024-1290-96ed0838fd20f84264d3c063e2ba926e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1290-96ed0838fd20f84264d3c063e2ba926e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable Registration <= 2.11 - Authenticated (Contributor+) Arbitrary User Password Reset To Account Takeover
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WordPress User Registration Forms by Formidable Forms plugin for WordPress is vulnerable to arbitrary user password reset and account takeover in all versions up to, and including, 2.11. This is due to the plugin allowing users with access to the editor to utilize the frm-set-password-link shortcode and supply any user ID. This makes it possible for authenticated attackers, with contributor-level access and above, to reset the password of any user account and achieve account takeover
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidable-registration/"
     google-query: inurl:"/wp-content/plugins/formidable-registration/"
     shodan-query: 'vuln:CVE-2024-1290'
-  tags: cve,wordpress,wp-plugin,formidable-registration,high
+  tags: cve,wordpress,wp-plugin,formidable-registration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1291-7d6d564d16561c7bab08d495e46b51fb.yaml b/nuclei-templates/2024/CVE-2024-1291-7d6d564d16561c7bab08d495e46b51fb.yaml
index d86c4e280a..877cc679b8 100644
--- a/nuclei-templates/2024/CVE-2024-1291-7d6d564d16561c7bab08d495e46b51fb.yaml
+++ b/nuclei-templates/2024/CVE-2024-1291-7d6d564d16561c7bab08d495e46b51fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:CVE-2024-1291'
-  tags: cve,wordpress,wp-plugin,brizy,medium
+  tags: cve,wordpress,wp-plugin,brizy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1293-44eea350bc1338780b2a377c7a4acfdc.yaml b/nuclei-templates/2024/CVE-2024-1293-44eea350bc1338780b2a377c7a4acfdc.yaml
index ecfe9c455f..27bd2ba61d 100644
--- a/nuclei-templates/2024/CVE-2024-1293-44eea350bc1338780b2a377c7a4acfdc.yaml
+++ b/nuclei-templates/2024/CVE-2024-1293-44eea350bc1338780b2a377c7a4acfdc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:CVE-2024-1293'
-  tags: cve,wordpress,wp-plugin,brizy,medium
+  tags: cve,wordpress,wp-plugin,brizy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1296-4f15003c85cf67398b6ba79713bb96a7.yaml b/nuclei-templates/2024/CVE-2024-1296-4f15003c85cf67398b6ba79713bb96a7.yaml
index 9e8cc617c0..d755ff502e 100644
--- a/nuclei-templates/2024/CVE-2024-1296-4f15003c85cf67398b6ba79713bb96a7.yaml
+++ b/nuclei-templates/2024/CVE-2024-1296-4f15003c85cf67398b6ba79713bb96a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:CVE-2024-1296'
-  tags: cve,wordpress,wp-plugin,brizy,medium
+  tags: cve,wordpress,wp-plugin,brizy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1307-305aa37d733d46f38e2d556cd38a63ea.yaml b/nuclei-templates/2024/CVE-2024-1307-305aa37d733d46f38e2d556cd38a63ea.yaml
index f5f646e3f4..b4e8797ba9 100644
--- a/nuclei-templates/2024/CVE-2024-1307-305aa37d733d46f38e2d556cd38a63ea.yaml
+++ b/nuclei-templates/2024/CVE-2024-1307-305aa37d733d46f38e2d556cd38a63ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Forms <= 2.6.93 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the smart-forms-ajax.php file in all versions up to, and including, 2.6.93. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-forms/"
     google-query: inurl:"/wp-content/plugins/smart-forms/"
     shodan-query: 'vuln:CVE-2024-1307'
-  tags: cve,wordpress,wp-plugin,smart-forms,medium
+  tags: cve,wordpress,wp-plugin,smart-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1310-6b050fdad6f07dfeb11a710487994604.yaml b/nuclei-templates/2024/CVE-2024-1310-6b050fdad6f07dfeb11a710487994604.yaml
index 19f5f93f98..ec914af192 100644
--- a/nuclei-templates/2024/CVE-2024-1310-6b050fdad6f07dfeb11a710487994604.yaml
+++ b/nuclei-templates/2024/CVE-2024-1310-6b050fdad6f07dfeb11a710487994604.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 8.5.2 - Missing Authorization to Private/Draft Product Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to insufficient restrictions in the product shortcode in all versions up to, and including, 8.5.2. This makes it possible for authenticated attackers, with contributor-level access and above, to view private and draft products.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-new/"
     google-query: inurl:"/wp-content/plugins/post-new/"
     shodan-query: 'vuln:CVE-2024-1310'
-  tags: cve,wordpress,wp-plugin,post-new,medium
+  tags: cve,wordpress,wp-plugin,post-new,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1311-7310ba3269deb60929ca945cac8767e0.yaml b/nuclei-templates/2024/CVE-2024-1311-7310ba3269deb60929ca945cac8767e0.yaml
index 7d43a390d2..d4407cc8ea 100644
--- a/nuclei-templates/2024/CVE-2024-1311-7310ba3269deb60929ca945cac8767e0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1311-7310ba3269deb60929ca945cac8767e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:CVE-2024-1311'
-  tags: cve,wordpress,wp-plugin,brizy,high
+  tags: cve,wordpress,wp-plugin,brizy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1315-e39757704ab66d7ab58f6ee33ac96e65.yaml b/nuclei-templates/2024/CVE-2024-1315-e39757704ab66d7ab58f6ee33ac96e65.yaml
index c05bce11b6..1b86863b48 100644
--- a/nuclei-templates/2024/CVE-2024-1315-e39757704ab66d7ab58f6ee33ac96e65.yaml
+++ b/nuclei-templates/2024/CVE-2024-1315-e39757704ab66d7ab58f6ee33ac96e65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Classified Listing <= 3.0.4 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_account
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/classified-listing/"
     google-query: inurl:"/wp-content/plugins/classified-listing/"
     shodan-query: 'vuln:CVE-2024-1315'
-  tags: cve,wordpress,wp-plugin,classified-listing,high
+  tags: cve,wordpress,wp-plugin,classified-listing,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1316-2581131a04f529b6a1d76a0e92f4b955.yaml b/nuclei-templates/2024/CVE-2024-1316-2581131a04f529b6a1d76a0e92f4b955.yaml
index 2209627f99..b336641115 100644
--- a/nuclei-templates/2024/CVE-2024-1316-2581131a04f529b6a1d76a0e92f4b955.yaml
+++ b/nuclei-templates/2024/CVE-2024-1316-2581131a04f529b6a1d76a0e92f4b955.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Tickets and Registration  <= 5.8.0  Events Tickets Plus <= 5.9.0 - Authenticated (Contributor+) Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Event Tickets and Registration plugin for WordPress is vulnerable to Information Exposure in all versions up to 5.8.0 (free) & 5.9.1 (premium). This makes it possible for authenticated attackers, with contributor-level access and above, to view events they should not have access to such as password protected and trashed events.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2024-1316
   metadata:
-    fofa-query: "wp-content/plugins/event-tickets-plus/"
-    google-query: inurl:"/wp-content/plugins/event-tickets-plus/"
+    fofa-query: "wp-content/plugins/event-tickets/"
+    google-query: inurl:"/wp-content/plugins/event-tickets/"
     shodan-query: 'vuln:CVE-2024-1316'
-  tags: cve,wordpress,wp-plugin,event-tickets-plus,medium
+  tags: cve,wordpress,wp-plugin,event-tickets,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/event-tickets-plus/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/event-tickets/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "event-tickets-plus"
+          - "event-tickets"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 5.9.0')
\ No newline at end of file
+          - compare_versions(version, '<= 5.8.0')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-1317-566fe474170295f900e413573209c71a.yaml b/nuclei-templates/2024/CVE-2024-1317-566fe474170295f900e413573209c71a.yaml
index 6705d5bf9d..cd7cfdd10e 100644
--- a/nuclei-templates/2024/CVE-2024-1317-566fe474170295f900e413573209c71a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1317-566fe474170295f900e413573209c71a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedzy-rss-feeds/"
     google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/"
     shodan-query: 'vuln:CVE-2024-1317'
-  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,high
+  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1318-49fc80b8d756a56dfe95c5a6032f1087.yaml b/nuclei-templates/2024/CVE-2024-1318-49fc80b8d756a56dfe95c5a6032f1087.yaml
index 7a487120bc..e7f778d515 100644
--- a/nuclei-templates/2024/CVE-2024-1318-49fc80b8d756a56dfe95c5a6032f1087.yaml
+++ b/nuclei-templates/2024/CVE-2024-1318-49fc80b8d756a56dfe95c5a6032f1087.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Aggregator by Feedzy <= 4.4.2 - Missing Authorization to Arbitrary Page Creation and Publication
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with Contributor access and above, who are normally restricted to only being able to create posts rather than pages, to draft and publish posts with arbitrary content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedzy-rss-feeds/"
     google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/"
     shodan-query: 'vuln:CVE-2024-1318'
-  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,medium
+  tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1319-4df3cdb7c674def16735b8e037827c43.yaml b/nuclei-templates/2024/CVE-2024-1319-4df3cdb7c674def16735b8e037827c43.yaml
index 5b8258e54c..a72f3a8bf7 100644
--- a/nuclei-templates/2024/CVE-2024-1319-4df3cdb7c674def16735b8e037827c43.yaml
+++ b/nuclei-templates/2024/CVE-2024-1319-4df3cdb7c674def16735b8e037827c43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Tickets Plus <= 5.9.0 - Missing Authorization to Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Tickets Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.0 via the tribe_attendees_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract attendees lists.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-tickets-plus/"
     google-query: inurl:"/wp-content/plugins/event-tickets-plus/"
     shodan-query: 'vuln:CVE-2024-1319'
-  tags: cve,wordpress,wp-plugin,event-tickets-plus,medium
+  tags: cve,wordpress,wp-plugin,event-tickets-plus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1320-98364cc3fafc257904edef9d7b1a931a.yaml b/nuclei-templates/2024/CVE-2024-1320-98364cc3fafc257904edef9d7b1a931a.yaml
index ed8ae49d34..a94f915720 100644
--- a/nuclei-templates/2024/CVE-2024-1320-98364cc3fafc257904edef9d7b1a931a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1320-98364cc3fafc257904edef9d7b1a931a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventprime-event-calendar-management/"
     google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/"
     shodan-query: 'vuln:CVE-2024-1320'
-  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium
+  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1322-a3e8c0ce1e12ba9e5616261592070d69.yaml b/nuclei-templates/2024/CVE-2024-1322-a3e8c0ce1e12ba9e5616261592070d69.yaml
index 990d20e2e3..7c022cd2fa 100644
--- a/nuclei-templates/2024/CVE-2024-1322-a3e8c0ce1e12ba9e5616261592070d69.yaml
+++ b/nuclei-templates/2024/CVE-2024-1322-a3e8c0ce1e12ba9e5616261592070d69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:CVE-2024-1322'
-  tags: cve,wordpress,wp-plugin,directorist,medium
+  tags: cve,wordpress,wp-plugin,directorist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1323-6440d16b09a3de3d5784ee99cd71888c.yaml b/nuclei-templates/2024/CVE-2024-1323-6440d16b09a3de3d5784ee99cd71888c.yaml
index 107f44017f..2beca7ab5c 100644
--- a/nuclei-templates/2024/CVE-2024-1323-6440d16b09a3de3d5784ee99cd71888c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1323-6440d16b09a3de3d5784ee99cd71888c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themeisle-companion/"
     google-query: inurl:"/wp-content/plugins/themeisle-companion/"
     shodan-query: 'vuln:CVE-2024-1323'
-  tags: cve,wordpress,wp-plugin,themeisle-companion,medium
+  tags: cve,wordpress,wp-plugin,themeisle-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1326-045b6020dfc1ed99134f3177a28e643d.yaml b/nuclei-templates/2024/CVE-2024-1326-045b6020dfc1ed99134f3177a28e643d.yaml
index 823e19c958..2a4c89596e 100644
--- a/nuclei-templates/2024/CVE-2024-1326-045b6020dfc1ed99134f3177a28e643d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1326-045b6020dfc1ed99134f3177a28e643d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jeg Elementor Kit <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 	CVE-2024-29101 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jeg-elementor-kit/"
     google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/"
     shodan-query: 'vuln:CVE-2024-1326'
-  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,medium
+  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1327-0b6d48f80755becad907191d56a4faea.yaml b/nuclei-templates/2024/CVE-2024-1327-0b6d48f80755becad907191d56a4faea.yaml
index 0863b92cec..356842f43e 100644
--- a/nuclei-templates/2024/CVE-2024-1327-0b6d48f80755becad907191d56a4faea.yaml
+++ b/nuclei-templates/2024/CVE-2024-1327-0b6d48f80755becad907191d56a4faea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jeg-elementor-kit/"
     google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/"
     shodan-query: 'vuln:CVE-2024-1327'
-  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,medium
+  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1328-d7690abd96f47b63d2e6b2b27468ddeb.yaml b/nuclei-templates/2024/CVE-2024-1328-d7690abd96f47b63d2e6b2b27468ddeb.yaml
index 8b975594f6..2e9e1168ef 100644
--- a/nuclei-templates/2024/CVE-2024-1328-d7690abd96f47b63d2e6b2b27468ddeb.yaml
+++ b/nuclei-templates/2024/CVE-2024-1328-d7690abd96f47b63d2e6b2b27468ddeb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter2Go <= 4.0.13 - Authenticated(Subscriber+) Stored Cross-Site Scripting via style
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletter2go/"
     google-query: inurl:"/wp-content/plugins/newsletter2go/"
     shodan-query: 'vuln:CVE-2024-1328'
-  tags: cve,wordpress,wp-plugin,newsletter2go,medium
+  tags: cve,wordpress,wp-plugin,newsletter2go,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1331-97f6d832d77568cb83cbfd8ed5696c11.yaml b/nuclei-templates/2024/CVE-2024-1331-97f6d832d77568cb83cbfd8ed5696c11.yaml
index 62f1201e3b..d1e774b318 100644
--- a/nuclei-templates/2024/CVE-2024-1331-97f6d832d77568cb83cbfd8ed5696c11.yaml
+++ b/nuclei-templates/2024/CVE-2024-1331-97f6d832d77568cb83cbfd8ed5696c11.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Team Members <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/team-members/"
     google-query: inurl:"/wp-content/plugins/team-members/"
     shodan-query: 'vuln:CVE-2024-1331'
-  tags: cve,wordpress,wp-plugin,team-members,medium
+  tags: cve,wordpress,wp-plugin,team-members,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1333-05afb40274ed6e7e7ee85f9181367788.yaml b/nuclei-templates/2024/CVE-2024-1333-05afb40274ed6e7e7ee85f9181367788.yaml
index 25da6f3546..bab5eb9bec 100644
--- a/nuclei-templates/2024/CVE-2024-1333-05afb40274ed6e7e7ee85f9181367788.yaml
+++ b/nuclei-templates/2024/CVE-2024-1333-05afb40274ed6e7e7ee85f9181367788.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Pricing Table <= 5.1.10 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pricing table options in all versions up to, and including, 5.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dk-pricr-responsive-pricing-table/"
     google-query: inurl:"/wp-content/plugins/dk-pricr-responsive-pricing-table/"
     shodan-query: 'vuln:CVE-2024-1333'
-  tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,medium
+  tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1337-b8c540477ad8f7b59e43be9ed6a57e18.yaml b/nuclei-templates/2024/CVE-2024-1337-b8c540477ad8f7b59e43be9ed6a57e18.yaml
index f8ee5272ee..fa763c17d4 100644
--- a/nuclei-templates/2024/CVE-2024-1337-b8c540477ad8f7b59e43be9ed6a57e18.yaml
+++ b/nuclei-templates/2024/CVE-2024-1337-b8c540477ad8f7b59e43be9ed6a57e18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SKT Page Builder <= 4.1 - Missing Authorization to Authenticated(Subscriber+) Content Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary content into pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/skt-builder/"
     google-query: inurl:"/wp-content/plugins/skt-builder/"
     shodan-query: 'vuln:CVE-2024-1337'
-  tags: cve,wordpress,wp-plugin,skt-builder,medium
+  tags: cve,wordpress,wp-plugin,skt-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1340-88f9434afbf3660fe0710b500aa999f9.yaml b/nuclei-templates/2024/CVE-2024-1340-88f9434afbf3660fe0710b500aa999f9.yaml
index 2cda17aa0c..ce01ecef98 100644
--- a/nuclei-templates/2024/CVE-2024-1340-88f9434afbf3660fe0710b500aa999f9.yaml
+++ b/nuclei-templates/2024/CVE-2024-1340-88f9434afbf3660fe0710b500aa999f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login Lockdown – Protect Login Form <= 2.08 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin's settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-lockdown/"
     google-query: inurl:"/wp-content/plugins/login-lockdown/"
     shodan-query: 'vuln:CVE-2024-1340'
-  tags: cve,wordpress,wp-plugin,login-lockdown,medium
+  tags: cve,wordpress,wp-plugin,login-lockdown,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1341-4d70d402016d1f4b86f60918b22119da.yaml b/nuclei-templates/2024/CVE-2024-1341-4d70d402016d1f4b86f60918b22119da.yaml
index 42cd806dc5..c38d5cd460 100644
--- a/nuclei-templates/2024/CVE-2024-1341-4d70d402016d1f4b86f60918b22119da.yaml
+++ b/nuclei-templates/2024/CVE-2024-1341-4d70d402016d1f4b86f60918b22119da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-iframe/"
     google-query: inurl:"/wp-content/plugins/advanced-iframe/"
     shodan-query: 'vuln:CVE-2024-1341'
-  tags: cve,wordpress,wp-plugin,advanced-iframe,medium
+  tags: cve,wordpress,wp-plugin,advanced-iframe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1348-efcaa0147762fa54393728f49e9affeb.yaml b/nuclei-templates/2024/CVE-2024-1348-efcaa0147762fa54393728f49e9affeb.yaml
index 6932128ce4..ce162bf6c9 100644
--- a/nuclei-templates/2024/CVE-2024-1348-efcaa0147762fa54393728f49e9affeb.yaml
+++ b/nuclei-templates/2024/CVE-2024-1348-efcaa0147762fa54393728f49e9affeb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auxin-elements/"
     google-query: inurl:"/wp-content/plugins/auxin-elements/"
     shodan-query: 'vuln:CVE-2024-1348'
-  tags: cve,wordpress,wp-plugin,auxin-elements,medium
+  tags: cve,wordpress,wp-plugin,auxin-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1349-70a205acd44742a9f8e261e79a40ad0f.yaml b/nuclei-templates/2024/CVE-2024-1349-70a205acd44742a9f8e261e79a40ad0f.yaml
index 71ebd18496..800e448fe7 100644
--- a/nuclei-templates/2024/CVE-2024-1349-70a205acd44742a9f8e261e79a40ad0f.yaml
+++ b/nuclei-templates/2024/CVE-2024-1349-70a205acd44742a9f8e261e79a40ad0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-1349'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1352-095d7ac917f72e37e9bb35fbb61b06e5.yaml b/nuclei-templates/2024/CVE-2024-1352-095d7ac917f72e37e9bb35fbb61b06e5.yaml
index 4e8acf8244..dfb475c3cd 100644
--- a/nuclei-templates/2024/CVE-2024-1352-095d7ac917f72e37e9bb35fbb61b06e5.yaml
+++ b/nuclei-templates/2024/CVE-2024-1352-095d7ac917f72e37e9bb35fbb61b06e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Classified Listing – Classified ads & Business Directory Plugin <= 3.0.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/classified-listing/"
     google-query: inurl:"/wp-content/plugins/classified-listing/"
     shodan-query: 'vuln:CVE-2024-1352'
-  tags: cve,wordpress,wp-plugin,classified-listing,medium
+  tags: cve,wordpress,wp-plugin,classified-listing,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1357-7cb2639ce12fe262360726f38fcd9d92.yaml b/nuclei-templates/2024/CVE-2024-1357-7cb2639ce12fe262360726f38fcd9d92.yaml
index 54348ffd84..71108b8b6c 100644
--- a/nuclei-templates/2024/CVE-2024-1357-7cb2639ce12fe262360726f38fcd9d92.yaml
+++ b/nuclei-templates/2024/CVE-2024-1357-7cb2639ce12fe262360726f38fcd9d92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes such as thumb_mode and date_type. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auxin-elements/"
     google-query: inurl:"/wp-content/plugins/auxin-elements/"
     shodan-query: 'vuln:CVE-2024-1357'
-  tags: cve,wordpress,wp-plugin,auxin-elements,medium
+  tags: cve,wordpress,wp-plugin,auxin-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1358-974e69c005824474ea421d11c0a2e8fa.yaml b/nuclei-templates/2024/CVE-2024-1358-974e69c005824474ea421d11c0a2e8fa.yaml
index cb04199a92..d7fc4c964f 100644
--- a/nuclei-templates/2024/CVE-2024-1358-974e69c005824474ea421d11c0a2e8fa.yaml
+++ b/nuclei-templates/2024/CVE-2024-1358-974e69c005824474ea421d11c0a2e8fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.12.12 - Directory Traversal to Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-1358'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,high
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1363-5c300627494a1ad1099275af163a3e49.yaml b/nuclei-templates/2024/CVE-2024-1363-5c300627494a1ad1099275af163a3e49.yaml
index 0f6956aab2..a9a2e70c19 100644
--- a/nuclei-templates/2024/CVE-2024-1363-5c300627494a1ad1099275af163a3e49.yaml
+++ b/nuclei-templates/2024/CVE-2024-1363-5c300627494a1ad1099275af163a3e49.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Accordion – Best Accordion FAQ Plugin for WordPress <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordion_content_source' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-accordion-free/"
     google-query: inurl:"/wp-content/plugins/easy-accordion-free/"
     shodan-query: 'vuln:CVE-2024-1363'
-  tags: cve,wordpress,wp-plugin,easy-accordion-free,medium
+  tags: cve,wordpress,wp-plugin,easy-accordion-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1364-6b5638f86300bb8cb925bbc8ddae3c32.yaml b/nuclei-templates/2024/CVE-2024-1364-6b5638f86300bb8cb925bbc8ddae3c32.yaml
index d1cd03c9e8..de894bf21f 100644
--- a/nuclei-templates/2024/CVE-2024-1364-6b5638f86300bb8cb925bbc8ddae3c32.yaml
+++ b/nuclei-templates/2024/CVE-2024-1364-6b5638f86300bb8cb925bbc8ddae3c32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2024-1364'
-  tags: cve,wordpress,wp-plugin,elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,elementor-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1366-e3b2d19a0133da498045d08d6862f535.yaml b/nuclei-templates/2024/CVE-2024-1366-e3b2d19a0133da498045d08d6862f535.yaml
index 52672c1c13..d59f99ba83 100644
--- a/nuclei-templates/2024/CVE-2024-1366-e3b2d19a0133da498045d08d6862f535.yaml
+++ b/nuclei-templates/2024/CVE-2024-1366-e3b2d19a0133da498045d08d6862f535.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-1366'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1368-73f67eef9808ee2307cc661b7742b37f.yaml b/nuclei-templates/2024/CVE-2024-1368-73f67eef9808ee2307cc661b7742b37f.yaml
index 6a7e0808f9..1ad5f794b9 100644
--- a/nuclei-templates/2024/CVE-2024-1368-73f67eef9808ee2307cc661b7742b37f.yaml
+++ b/nuclei-templates/2024/CVE-2024-1368-73f67eef9808ee2307cc661b7742b37f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Duplicator <= 0.1.1 - Missing Authorization to Unauthenticated Post/Page Duplication
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and including, 0.1.1. This makes it possible for unauthenticated attackers to duplicate arbitrary posts and pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-page-duplicator/"
     google-query: inurl:"/wp-content/plugins/wp-page-duplicator/"
     shodan-query: 'vuln:CVE-2024-1368'
-  tags: cve,wordpress,wp-plugin,wp-page-duplicator,medium
+  tags: cve,wordpress,wp-plugin,wp-page-duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1370-7a445b6bbe1f19472fb82aa1ab2d7a3a.yaml b/nuclei-templates/2024/CVE-2024-1370-7a445b6bbe1f19472fb82aa1ab2d7a3a.yaml
index 49a51facb6..ac59fa8053 100644
--- a/nuclei-templates/2024/CVE-2024-1370-7a445b6bbe1f19472fb82aa1ab2d7a3a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1370-7a445b6bbe1f19472fb82aa1ab2d7a3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maintenance-page/"
     google-query: inurl:"/wp-content/plugins/maintenance-page/"
     shodan-query: 'vuln:CVE-2024-1370'
-  tags: cve,wordpress,wp-plugin,maintenance-page,medium
+  tags: cve,wordpress,wp-plugin,maintenance-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1371-ffa89e4112fdba734a5ff64b0534aeff.yaml b/nuclei-templates/2024/CVE-2024-1371-ffa89e4112fdba734a5ff64b0534aeff.yaml
index 1ecce6d923..2306514f1b 100644
--- a/nuclei-templates/2024/CVE-2024-1371-ffa89e4112fdba734a5ff64b0534aeff.yaml
+++ b/nuclei-templates/2024/CVE-2024-1371-ffa89e4112fdba734a5ff64b0534aeff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts. CVE-2024-34378 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leadconnector/"
     google-query: inurl:"/wp-content/plugins/leadconnector/"
     shodan-query: 'vuln:CVE-2024-1371'
-  tags: cve,wordpress,wp-plugin,leadconnector,medium
+  tags: cve,wordpress,wp-plugin,leadconnector,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1377-14492d14fdb2635abb58842e5c9c262d.yaml b/nuclei-templates/2024/CVE-2024-1377-14492d14fdb2635abb58842e5c9c262d.yaml
index f51a39a2f2..aa04aa28e8 100644
--- a/nuclei-templates/2024/CVE-2024-1377-14492d14fdb2635abb58842e5c9c262d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1377-14492d14fdb2635abb58842e5c9c262d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-1377'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1379-9f77fe459a0e5283ffcbf11ae93f5733.yaml b/nuclei-templates/2024/CVE-2024-1379-9f77fe459a0e5283ffcbf11ae93f5733.yaml
index 2ad568746e..99cd8051dd 100644
--- a/nuclei-templates/2024/CVE-2024-1379-9f77fe459a0e5283ffcbf11ae93f5733.yaml
+++ b/nuclei-templates/2024/CVE-2024-1379-9f77fe459a0e5283ffcbf11ae93f5733.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Website Article Monetization By MageNet <= 1.0.11 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abp_auth_key' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/website-article-monetization-by-magenet/"
     google-query: inurl:"/wp-content/plugins/website-article-monetization-by-magenet/"
     shodan-query: 'vuln:CVE-2024-1379'
-  tags: cve,wordpress,wp-plugin,website-article-monetization-by-magenet,medium
+  tags: cve,wordpress,wp-plugin,website-article-monetization-by-magenet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1380-459e9e8ff0ce6dbbd756036aacf40336.yaml b/nuclei-templates/2024/CVE-2024-1380-459e9e8ff0ce6dbbd756036aacf40336.yaml
index ad4daa3ea6..364ad833ac 100644
--- a/nuclei-templates/2024/CVE-2024-1380-459e9e8ff0ce6dbbd756036aacf40336.yaml
+++ b/nuclei-templates/2024/CVE-2024-1380-459e9e8ff0ce6dbbd756036aacf40336.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevanssi – A Better Search <= 4.22.0 - Missing Authorization to Unauthenticated Query Log Export
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/relevanssi/"
     google-query: inurl:"/wp-content/plugins/relevanssi/"
     shodan-query: 'vuln:CVE-2024-1380'
-  tags: cve,wordpress,wp-plugin,relevanssi,medium
+  tags: cve,wordpress,wp-plugin,relevanssi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1382-8665b291868b7068ace3fa9c23d3b9d6.yaml b/nuclei-templates/2024/CVE-2024-1382-8665b291868b7068ace3fa9c23d3b9d6.yaml
index f9c8fa5019..90422897a2 100644
--- a/nuclei-templates/2024/CVE-2024-1382-8665b291868b7068ace3fa9c23d3b9d6.yaml
+++ b/nuclei-templates/2024/CVE-2024-1382-8665b291868b7068ace3fa9c23d3b9d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restaurant Reservations <= 1.9 - Directory Traversal to Authenticated (Contributor+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an uploaded PHP file may not be directly accessible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-restaurant-reservations/"
     google-query: inurl:"/wp-content/plugins/nd-restaurant-reservations/"
     shodan-query: 'vuln:CVE-2024-1382'
-  tags: cve,wordpress,wp-plugin,nd-restaurant-reservations,high
+  tags: cve,wordpress,wp-plugin,nd-restaurant-reservations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1386-26c3585e6e7fad9c8d3a82c1982ff984.yaml b/nuclei-templates/2024/CVE-2024-1386-26c3585e6e7fad9c8d3a82c1982ff984.yaml
index 6090edd42a..bf270f9c93 100644
--- a/nuclei-templates/2024/CVE-2024-1386-26c3585e6e7fad9c8d3a82c1982ff984.yaml
+++ b/nuclei-templates/2024/CVE-2024-1386-26c3585e6e7fad9c8d3a82c1982ff984.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailerLite – Signup forms (official) 1.5.0 - 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/official-mailerlite-sign-up-forms/"
     google-query: inurl:"/wp-content/plugins/official-mailerlite-sign-up-forms/"
     shodan-query: 'vuln:CVE-2024-1386'
-  tags: cve,wordpress,wp-plugin,official-mailerlite-sign-up-forms,medium
+  tags: cve,wordpress,wp-plugin,official-mailerlite-sign-up-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1388-3787d9c397d58c6e8f2c674f16ffe8c1.yaml b/nuclei-templates/2024/CVE-2024-1388-3787d9c397d58c6e8f2c674f16ffe8c1.yaml
index 4db2de6ca8..a4b2cc56e3 100644
--- a/nuclei-templates/2024/CVE-2024-1388-3787d9c397d58c6e8f2c674f16ffe8c1.yaml
+++ b/nuclei-templates/2024/CVE-2024-1388-3787d9c397d58c6e8f2c674f16ffe8c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/yuki/"
     google-query: inurl:"/wp-content/themes/yuki/"
     shodan-query: 'vuln:CVE-2024-1388'
-  tags: cve,wordpress,wp-theme,yuki,medium
+  tags: cve,wordpress,wp-theme,yuki,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1389-ca8deb8cc99a7e80212ae873b89f0b6b.yaml b/nuclei-templates/2024/CVE-2024-1389-ca8deb8cc99a7e80212ae873b89f0b6b.yaml
index 1ee0039c30..935e1cec2c 100644
--- a/nuclei-templates/2024/CVE-2024-1389-ca8deb8cc99a7e80212ae873b89f0b6b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1389-ca8deb8cc99a7e80212ae873b89f0b6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-member-subscriptions/"
     google-query: inurl:"/wp-content/plugins/paid-member-subscriptions/"
     shodan-query: 'vuln:CVE-2024-1389'
-  tags: cve,wordpress,wp-plugin,paid-member-subscriptions,medium
+  tags: cve,wordpress,wp-plugin,paid-member-subscriptions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1390-134f2819e254034a77fb510bfe9b93c9.yaml b/nuclei-templates/2024/CVE-2024-1390-134f2819e254034a77fb510bfe9b93c9.yaml
index 862565a562..a5c8cc4c8b 100644
--- a/nuclei-templates/2024/CVE-2024-1390-134f2819e254034a77fb510bfe9b93c9.yaml
+++ b/nuclei-templates/2024/CVE-2024-1390-134f2819e254034a77fb510bfe9b93c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via creating_pricing_table_page
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create pricing tables.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-member-subscriptions/"
     google-query: inurl:"/wp-content/plugins/paid-member-subscriptions/"
     shodan-query: 'vuln:CVE-2024-1390'
-  tags: cve,wordpress,wp-plugin,paid-member-subscriptions,medium
+  tags: cve,wordpress,wp-plugin,paid-member-subscriptions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1391-54120e3f5fb914e9169ba2eee6152b5b.yaml b/nuclei-templates/2024/CVE-2024-1391-54120e3f5fb914e9169ba2eee6152b5b.yaml
index e8d88882f5..30afefbb5f 100644
--- a/nuclei-templates/2024/CVE-2024-1391-54120e3f5fb914e9169ba2eee6152b5b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1391-54120e3f5fb914e9169ba2eee6152b5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-1391'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1392-68cc06979ff8bb95723bb04a557ffaae.yaml b/nuclei-templates/2024/CVE-2024-1392-68cc06979ff8bb95723bb04a557ffaae.yaml
index 07ea6ba681..59c3685e4a 100644
--- a/nuclei-templates/2024/CVE-2024-1392-68cc06979ff8bb95723bb04a557ffaae.yaml
+++ b/nuclei-templates/2024/CVE-2024-1392-68cc06979ff8bb95723bb04a557ffaae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-1392'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1393-3546c72d408f5a6ead5d764bba6d4ef6.yaml b/nuclei-templates/2024/CVE-2024-1393-3546c72d408f5a6ead5d764bba6d4ef6.yaml
index 3509f5ff3d..24b822d3fb 100644
--- a/nuclei-templates/2024/CVE-2024-1393-3546c72d408f5a6ead5d764bba6d4ef6.yaml
+++ b/nuclei-templates/2024/CVE-2024-1393-3546c72d408f5a6ead5d764bba6d4ef6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Switcher Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-1393'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1396-a06dc2822d205c30829a39942b5c0aee.yaml b/nuclei-templates/2024/CVE-2024-1396-a06dc2822d205c30829a39942b5c0aee.yaml
index ef7e83c5d4..abe4a3342c 100644
--- a/nuclei-templates/2024/CVE-2024-1396-a06dc2822d205c30829a39942b5c0aee.yaml
+++ b/nuclei-templates/2024/CVE-2024-1396-a06dc2822d205c30829a39942b5c0aee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auxin-elements/"
     google-query: inurl:"/wp-content/plugins/auxin-elements/"
     shodan-query: 'vuln:CVE-2024-1396'
-  tags: cve,wordpress,wp-plugin,auxin-elements,medium
+  tags: cve,wordpress,wp-plugin,auxin-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1397-b8980aa84f8cc55308551be159a27546.yaml b/nuclei-templates/2024/CVE-2024-1397-b8980aa84f8cc55308551be159a27546.yaml
index 5228728ccf..88e643c72a 100644
--- a/nuclei-templates/2024/CVE-2024-1397-b8980aa84f8cc55308551be159a27546.yaml
+++ b/nuclei-templates/2024/CVE-2024-1397-b8980aa84f8cc55308551be159a27546.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleTag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1397'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1398-b7beb3a7782030a0bf8580cffcb377f0.yaml b/nuclei-templates/2024/CVE-2024-1398-b7beb3a7782030a0bf8580cffcb377f0.yaml
index 81adb3263c..092c28851c 100644
--- a/nuclei-templates/2024/CVE-2024-1398-b7beb3a7782030a0bf8580cffcb377f0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1398-b7beb3a7782030a0bf8580cffcb377f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Bootstrap Elements for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_title_tag’ and ’heading_sub_title_tag’ parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-bootstrap-elements-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ultimate-bootstrap-elements-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1398'
-  tags: cve,wordpress,wp-plugin,ultimate-bootstrap-elements-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ultimate-bootstrap-elements-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1400-50358f3970bdc1205a29969915a6519c.yaml b/nuclei-templates/2024/CVE-2024-1400-50358f3970bdc1205a29969915a6519c.yaml
index c2d8d1d307..e5205c0ef8 100644
--- a/nuclei-templates/2024/CVE-2024-1400-50358f3970bdc1205a29969915a6519c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1400-50358f3970bdc1205a29969915a6519c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mollie Forms <= 2.6.3 - Missing Authorization to Arbitrary Post Duplication
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mollie-forms/"
     google-query: inurl:"/wp-content/plugins/mollie-forms/"
     shodan-query: 'vuln:CVE-2024-1400'
-  tags: cve,wordpress,wp-plugin,mollie-forms,medium
+  tags: cve,wordpress,wp-plugin,mollie-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1401-81e5332e3881680e9eac9f42ea7f36ca.yaml b/nuclei-templates/2024/CVE-2024-1401-81e5332e3881680e9eac9f42ea7f36ca.yaml
index be1508b779..6cffa85e90 100644
--- a/nuclei-templates/2024/CVE-2024-1401-81e5332e3881680e9eac9f42ea7f36ca.yaml
+++ b/nuclei-templates/2024/CVE-2024-1401-81e5332e3881680e9eac9f42ea7f36ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Box Shortcode And Widget <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Profile Box Shortcode And Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-likebox-widget-and-shortcode/"
     google-query: inurl:"/wp-content/plugins/facebook-likebox-widget-and-shortcode/"
     shodan-query: 'vuln:CVE-2024-1401'
-  tags: cve,wordpress,wp-plugin,facebook-likebox-widget-and-shortcode,medium
+  tags: cve,wordpress,wp-plugin,facebook-likebox-widget-and-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1408-ce05c14849e5f32e89c54867b5580301.yaml b/nuclei-templates/2024/CVE-2024-1408-ce05c14849e5f32e89c54867b5580301.yaml
index 3d2e1491ef..128cadddfb 100644
--- a/nuclei-templates/2024/CVE-2024-1408-ce05c14849e5f32e89c54867b5580301.yaml
+++ b/nuclei-templates/2024/CVE-2024-1408-ce05c14849e5f32e89c54867b5580301.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes such as 'type'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2024-1408'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1409-0e94d67e78f08a20056789a0d440afe2.yaml b/nuclei-templates/2024/CVE-2024-1409-0e94d67e78f08a20056789a0d440afe2.yaml
index 1bdaee37a6..b13ca7a02b 100644
--- a/nuclei-templates/2024/CVE-2024-1409-0e94d67e78f08a20056789a0d440afe2.yaml
+++ b/nuclei-templates/2024/CVE-2024-1409-0e94d67e78f08a20056789a0d440afe2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2024-1409'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1411-328a1085ce78b77ac077833dbb3621ab.yaml b/nuclei-templates/2024/CVE-2024-1411-328a1085ce78b77ac077833dbb3621ab.yaml
index ab80bd3607..6fd3583837 100644
--- a/nuclei-templates/2024/CVE-2024-1411-328a1085ce78b77ac077833dbb3621ab.yaml
+++ b/nuclei-templates/2024/CVE-2024-1411-328a1085ce78b77ac077833dbb3621ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPack Addons for Elementor <= 2.7.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/"
     google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1411'
-  tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1413-4ab49877e45f4a964303177554e78a85.yaml b/nuclei-templates/2024/CVE-2024-1413-4ab49877e45f4a964303177554e78a85.yaml
index b17fb5bf71..779186a194 100644
--- a/nuclei-templates/2024/CVE-2024-1413-4ab49877e45f4a964303177554e78a85.yaml
+++ b/nuclei-templates/2024/CVE-2024-1413-4ab49877e45f4a964303177554e78a85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1413'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1414-824dccfdb78b425ce34b0edfaef506c4.yaml b/nuclei-templates/2024/CVE-2024-1414-824dccfdb78b425ce34b0edfaef506c4.yaml
index 91367efde5..c450871388 100644
--- a/nuclei-templates/2024/CVE-2024-1414-824dccfdb78b425ce34b0edfaef506c4.yaml
+++ b/nuclei-templates/2024/CVE-2024-1414-824dccfdb78b425ce34b0edfaef506c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1414'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1416-a64ff7d479ea82b36b6d5de70a97fbae.yaml b/nuclei-templates/2024/CVE-2024-1416-a64ff7d479ea82b36b6d5de70a97fbae.yaml
index d58e6a917e..feca9c2fdb 100644
--- a/nuclei-templates/2024/CVE-2024-1416-a64ff7d479ea82b36b6d5de70a97fbae.yaml
+++ b/nuclei-templates/2024/CVE-2024-1416-a64ff7d479ea82b36b6d5de70a97fbae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke those functions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lead-form-builder/"
     google-query: inurl:"/wp-content/plugins/lead-form-builder/"
     shodan-query: 'vuln:CVE-2024-1416'
-  tags: cve,wordpress,wp-plugin,lead-form-builder,medium
+  tags: cve,wordpress,wp-plugin,lead-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1419-421c48e1cd35997d3959562c69cf5279.yaml b/nuclei-templates/2024/CVE-2024-1419-421c48e1cd35997d3959562c69cf5279.yaml
index 8b48191439..7388cd5e41 100644
--- a/nuclei-templates/2024/CVE-2024-1419-421c48e1cd35997d3959562c69cf5279.yaml
+++ b/nuclei-templates/2024/CVE-2024-1419-421c48e1cd35997d3959562c69cf5279.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-1419'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1421-cbef84b88c0a2eb6e68bde27c710114f.yaml b/nuclei-templates/2024/CVE-2024-1421-cbef84b88c0a2eb6e68bde27c710114f.yaml
index 4bf3a090c6..d4695c65de 100644
--- a/nuclei-templates/2024/CVE-2024-1421-cbef84b88c0a2eb6e68bde27c710114f.yaml
+++ b/nuclei-templates/2024/CVE-2024-1421-cbef84b88c0a2eb6e68bde27c710114f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons For Elementor <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1421'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1422-9260b43e6ac9e5101461f0e5b3ca5c55.yaml b/nuclei-templates/2024/CVE-2024-1422-9260b43e6ac9e5101461f0e5b3ca5c55.yaml
index 41b91b3f0c..25fe75d2cd 100644
--- a/nuclei-templates/2024/CVE-2024-1422-9260b43e6ac9e5101461f0e5b3ca5c55.yaml
+++ b/nuclei-templates/2024/CVE-2024-1422-9260b43e6ac9e5101461f0e5b3ca5c55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.12.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Modal Popup effet
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-1422'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1424-b1b366ca92b9c54e2c2fcc9208d3c99a.yaml b/nuclei-templates/2024/CVE-2024-1424-b1b366ca92b9c54e2c2fcc9208d3c99a.yaml
index a36a9c4749..d9218220ce 100644
--- a/nuclei-templates/2024/CVE-2024-1424-b1b366ca92b9c54e2c2fcc9208d3c99a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1424-b1b366ca92b9c54e2c2fcc9208d3c99a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP – Donation Plugin and Fundraising Platform <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2024-1424'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1425-ebf721c6b992d7c7bdcbf869b188ed93.yaml b/nuclei-templates/2024/CVE-2024-1425-ebf721c6b992d7c7bdcbf869b188ed93.yaml
index 82d2af1a29..f029bc4928 100644
--- a/nuclei-templates/2024/CVE-2024-1425-ebf721c6b992d7c7bdcbf869b188ed93.yaml
+++ b/nuclei-templates/2024/CVE-2024-1425-ebf721c6b992d7c7bdcbf869b188ed93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress <= 3.9.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-1425'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1426-e5cbcd667f6374a7cacb1531a9b3233c.yaml b/nuclei-templates/2024/CVE-2024-1426-e5cbcd667f6374a7cacb1531a9b3233c.yaml
index 2d105f8f5c..72418f62be 100644
--- a/nuclei-templates/2024/CVE-2024-1426-e5cbcd667f6374a7cacb1531a9b3233c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1426-e5cbcd667f6374a7cacb1531a9b3233c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute of the Price List widget in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/"
     shodan-query: 'vuln:CVE-2024-1426'
-  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1428-f4f911fdf61cb94da9a5aa199fbba441.yaml b/nuclei-templates/2024/CVE-2024-1428-f4f911fdf61cb94da9a5aa199fbba441.yaml
index ec67c20a2b..be843be7c9 100644
--- a/nuclei-templates/2024/CVE-2024-1428-f4f911fdf61cb94da9a5aa199fbba441.yaml
+++ b/nuclei-templates/2024/CVE-2024-1428-f4f911fdf61cb94da9a5aa199fbba441.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘element_pack_wrapper_link’ attribute of the Trailer Box widget in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/"
     shodan-query: 'vuln:CVE-2024-1428'
-  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1429-88c402ced2fc7c5811d5e082ac94297b.yaml b/nuclei-templates/2024/CVE-2024-1429-88c402ced2fc7c5811d5e082ac94297b.yaml
index 3dc6fd0c29..824f1a4408 100644
--- a/nuclei-templates/2024/CVE-2024-1429-88c402ced2fc7c5811d5e082ac94297b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1429-88c402ced2fc7c5811d5e082ac94297b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32572 is likely a duplicate of this or CVE-2024-1426.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/"
     shodan-query: 'vuln:CVE-2024-1429'
-  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1434-7678a4c43bf3743b099ecbdc547aa500.yaml b/nuclei-templates/2024/CVE-2024-1434-7678a4c43bf3743b099ecbdc547aa500.yaml
index 7356d27252..a1835b4f01 100644
--- a/nuclei-templates/2024/CVE-2024-1434-7678a4c43bf3743b099ecbdc547aa500.yaml
+++ b/nuclei-templates/2024/CVE-2024-1434-7678a4c43bf3743b099ecbdc547aa500.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Alt Renamer  0.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via _wp_attachment_image_alt postmeta
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media Alt Renamer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_wp_attachment_image_alt’ postmeta parameter in versions up to 0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-alt-renamer/"
     google-query: inurl:"/wp-content/plugins/media-alt-renamer/"
     shodan-query: 'vuln:CVE-2024-1434'
-  tags: cve,wordpress,wp-plugin,media-alt-renamer,medium
+  tags: cve,wordpress,wp-plugin,media-alt-renamer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1438-47760446230886f970132bba81795035.yaml b/nuclei-templates/2024/CVE-2024-1438-47760446230886f970132bba81795035.yaml
index 732dd3c5dd..cbb386a637 100644
--- a/nuclei-templates/2024/CVE-2024-1438-47760446230886f970132bba81795035.yaml
+++ b/nuclei-templates/2024/CVE-2024-1438-47760446230886f970132bba81795035.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rolo Slider <= 1.0.9 - Missing Authorization to Authenticated(Subscriber+) Settings Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rolo Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_callback' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber access and above, to modify the plugin's settings via the import functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rolo-slider/"
     google-query: inurl:"/wp-content/plugins/rolo-slider/"
     shodan-query: 'vuln:CVE-2024-1438'
-  tags: cve,wordpress,wp-plugin,rolo-slider,medium
+  tags: cve,wordpress,wp-plugin,rolo-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1445-ffddbf496e7aaec02b6e7ddf918beed0.yaml b/nuclei-templates/2024/CVE-2024-1445-ffddbf496e7aaec02b6e7ddf918beed0.yaml
index a2809efacb..9de01c4618 100644
--- a/nuclei-templates/2024/CVE-2024-1445-ffddbf496e7aaec02b6e7ddf918beed0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1445-ffddbf496e7aaec02b6e7ddf918beed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page scroll to id <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page scroll to id plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-scroll-to-id/"
     google-query: inurl:"/wp-content/plugins/page-scroll-to-id/"
     shodan-query: 'vuln:CVE-2024-1445'
-  tags: cve,wordpress,wp-plugin,page-scroll-to-id,medium
+  tags: cve,wordpress,wp-plugin,page-scroll-to-id,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1447-5adaf21161b5d5d8e7d95c715efbd0e3.yaml b/nuclei-templates/2024/CVE-2024-1447-5adaf21161b5d5d8e7d95c715efbd0e3.yaml
index e6fcd92590..409d104c57 100644
--- a/nuclei-templates/2024/CVE-2024-1447-5adaf21161b5d5d8e7d95c715efbd0e3.yaml
+++ b/nuclei-templates/2024/CVE-2024-1447-5adaf21161b5d5d8e7d95c715efbd0e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sydney Toolbox <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sydney-toolbox/"
     google-query: inurl:"/wp-content/plugins/sydney-toolbox/"
     shodan-query: 'vuln:CVE-2024-1447'
-  tags: cve,wordpress,wp-plugin,sydney-toolbox,medium
+  tags: cve,wordpress,wp-plugin,sydney-toolbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1448-6150ea7134cb72d73e6e7ce3f51ab46c.yaml b/nuclei-templates/2024/CVE-2024-1448-6150ea7134cb72d73e6e7ce3f51ab46c.yaml
index ec7fd5e509..3b2876836e 100644
--- a/nuclei-templates/2024/CVE-2024-1448-6150ea7134cb72d73e6e7ce3f51ab46c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1448-6150ea7134cb72d73e6e7ce3f51ab46c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sassy Social Share <= 3.3.56 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sassy-social-share/"
     google-query: inurl:"/wp-content/plugins/sassy-social-share/"
     shodan-query: 'vuln:CVE-2024-1448'
-  tags: cve,wordpress,wp-plugin,sassy-social-share,medium
+  tags: cve,wordpress,wp-plugin,sassy-social-share,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1449-2278ff8679ddb3e8d29bcac77bb31452.yaml b/nuclei-templates/2024/CVE-2024-1449-2278ff8679ddb3e8d29bcac77bb31452.yaml
index 67f2235da1..a7cdd21637 100644
--- a/nuclei-templates/2024/CVE-2024-1449-2278ff8679ddb3e8d29bcac77bb31452.yaml
+++ b/nuclei-templates/2024/CVE-2024-1449-2278ff8679ddb3e8d29bcac77bb31452.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Slider – Responsive Touch Slider <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-slider/"
     google-query: inurl:"/wp-content/plugins/master-slider/"
     shodan-query: 'vuln:CVE-2024-1449'
-  tags: cve,wordpress,wp-plugin,master-slider,medium
+  tags: cve,wordpress,wp-plugin,master-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1450-373cd634451823c6ebf5fcda405d8cd5.yaml b/nuclei-templates/2024/CVE-2024-1450-373cd634451823c6ebf5fcda405d8cd5.yaml
index ac17db07b4..f5104c4785 100644
--- a/nuclei-templates/2024/CVE-2024-1450-373cd634451823c6ebf5fcda405d8cd5.yaml
+++ b/nuclei-templates/2024/CVE-2024-1450-373cd634451823c6ebf5fcda405d8cd5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shariff Wrapper <= 4.6.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'align'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-29109 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shariff/"
     google-query: inurl:"/wp-content/plugins/shariff/"
     shodan-query: 'vuln:CVE-2024-1450'
-  tags: cve,wordpress,wp-plugin,shariff,medium
+  tags: cve,wordpress,wp-plugin,shariff,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1458-f7fd1f97dac21964944e06746d183317.yaml b/nuclei-templates/2024/CVE-2024-1458-f7fd1f97dac21964944e06746d183317.yaml
index 0712f77238..cb8305b062 100644
--- a/nuclei-templates/2024/CVE-2024-1458-f7fd1f97dac21964944e06746d183317.yaml
+++ b/nuclei-templates/2024/CVE-2024-1458-f7fd1f97dac21964944e06746d183317.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1458'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1461-fc5e0217c3dc9969d4594ab0394109b5.yaml b/nuclei-templates/2024/CVE-2024-1461-fc5e0217c3dc9969d4594ab0394109b5.yaml
index 042987d451..e02a0aeac3 100644
--- a/nuclei-templates/2024/CVE-2024-1461-fc5e0217c3dc9969d4594ab0394109b5.yaml
+++ b/nuclei-templates/2024/CVE-2024-1461-fc5e0217c3dc9969d4594ab0394109b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1461'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1463-ffbfea6a2970df28e2afd4173682647a.yaml b/nuclei-templates/2024/CVE-2024-1463-ffbfea6a2970df28e2afd4173682647a.yaml
index af4ca994d4..8b31ef8610 100644
--- a/nuclei-templates/2024/CVE-2024-1463-ffbfea6a2970df28e2afd4173682647a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1463-ffbfea6a2970df28e2afd4173682647a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with LP Instructor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2024-1463'
-  tags: cve,wordpress,wp-plugin,learnpress,medium
+  tags: cve,wordpress,wp-plugin,learnpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1464-7278c1d5f51388c1851434ad959c1788.yaml b/nuclei-templates/2024/CVE-2024-1464-7278c1d5f51388c1851434ad959c1788.yaml
index bce592baf4..5057fbc826 100644
--- a/nuclei-templates/2024/CVE-2024-1464-7278c1d5f51388c1851434ad959c1788.yaml
+++ b/nuclei-templates/2024/CVE-2024-1464-7278c1d5f51388c1851434ad959c1788.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1464'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1465-c4f6d0a939cffb23c47ad426a3f0d45f.yaml b/nuclei-templates/2024/CVE-2024-1465-c4f6d0a939cffb23c47ad426a3f0d45f.yaml
index f0dda0101b..147f90688e 100644
--- a/nuclei-templates/2024/CVE-2024-1465-c4f6d0a939cffb23c47ad426a3f0d45f.yaml
+++ b/nuclei-templates/2024/CVE-2024-1465-c4f6d0a939cffb23c47ad426a3f0d45f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1465'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1466-6b0cd31bdd2edf441adfecb677828dc9.yaml b/nuclei-templates/2024/CVE-2024-1466-6b0cd31bdd2edf441adfecb677828dc9.yaml
index 72d9e53dde..311cf74fd5 100644
--- a/nuclei-templates/2024/CVE-2024-1466-6b0cd31bdd2edf441adfecb677828dc9.yaml
+++ b/nuclei-templates/2024/CVE-2024-1466-6b0cd31bdd2edf441adfecb677828dc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-27986 may be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1466'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1467-9449b2c65db0c3fbbcb51d4c753869a4.yaml b/nuclei-templates/2024/CVE-2024-1467-9449b2c65db0c3fbbcb51d4c753869a4.yaml
index c736ac552f..3acd7ca09e 100644
--- a/nuclei-templates/2024/CVE-2024-1467-9449b2c65db0c3fbbcb51d4c753869a4.yaml
+++ b/nuclei-templates/2024/CVE-2024-1467-9449b2c65db0c3fbbcb51d4c753869a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/astra-sites/"
     google-query: inurl:"/wp-content/plugins/astra-sites/"
     shodan-query: 'vuln:CVE-2024-1467'
-  tags: cve,wordpress,wp-plugin,astra-sites,medium
+  tags: cve,wordpress,wp-plugin,astra-sites,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1468-49fe6661a7e83dfa08fd330a80312c71.yaml b/nuclei-templates/2024/CVE-2024-1468-49fe6661a7e83dfa08fd330a80312c71.yaml
index 6756c9cf00..8f42a0a226 100644
--- a/nuclei-templates/2024/CVE-2024-1468-49fe6661a7e83dfa08fd330a80312c71.yaml
+++ b/nuclei-templates/2024/CVE-2024-1468-49fe6661a7e83dfa08fd330a80312c71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2024-1468'
-  tags: cve,wordpress,wp-theme,Avada,high
+  tags: cve,wordpress,wp-theme,Avada,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1487-8e81f52602da7d34f1be2c2a8e304501.yaml b/nuclei-templates/2024/CVE-2024-1487-8e81f52602da7d34f1be2c2a8e304501.yaml
index ba7fc1e374..9ac3272ae4 100644
--- a/nuclei-templates/2024/CVE-2024-1487-8e81f52602da7d34f1be2c2a8e304501.yaml
+++ b/nuclei-templates/2024/CVE-2024-1487-8e81f52602da7d34f1be2c2a8e304501.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress <= 21.3.0 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 21.3.0 due to insufficient input sanitization and output escaping on content descriptions. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:CVE-2024-1487'
-  tags: cve,wordpress,wp-plugin,contest-gallery,medium
+  tags: cve,wordpress,wp-plugin,contest-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1492-739e325811d595a476c8a9d5ed5b690b.yaml b/nuclei-templates/2024/CVE-2024-1492-739e325811d595a476c8a9d5ed5b690b.yaml
index 58b33ec353..2653eccf9f 100644
--- a/nuclei-templates/2024/CVE-2024-1492-739e325811d595a476c8a9d5ed5b690b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1492-739e325811d595a476c8a9d5ed5b690b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPify Woo Czech <= 4.0.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpify-woo/"
     google-query: inurl:"/wp-content/plugins/wpify-woo/"
     shodan-query: 'vuln:CVE-2024-1492'
-  tags: cve,wordpress,wp-plugin,wpify-woo,medium
+  tags: cve,wordpress,wp-plugin,wpify-woo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1496-ec1b9ba6cd34426926dd05163ef9cdaf.yaml b/nuclei-templates/2024/CVE-2024-1496-ec1b9ba6cd34426926dd05163ef9cdaf.yaml
index 041e0dce47..351c7803c4 100644
--- a/nuclei-templates/2024/CVE-2024-1496-ec1b9ba6cd34426926dd05163ef9cdaf.yaml
+++ b/nuclei-templates/2024/CVE-2024-1496-ec1b9ba6cd34426926dd05163ef9cdaf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Featured Image from URL (FIFU) <= 4.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/featured-image-from-url/"
     google-query: inurl:"/wp-content/plugins/featured-image-from-url/"
     shodan-query: 'vuln:CVE-2024-1496'
-  tags: cve,wordpress,wp-plugin,featured-image-from-url,medium
+  tags: cve,wordpress,wp-plugin,featured-image-from-url,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1497-6f08ab84e1cb8caf7e2c6c058fbbbb3c.yaml b/nuclei-templates/2024/CVE-2024-1497-6f08ab84e1cb8caf7e2c6c058fbbbb3c.yaml
index 513d6999b1..c80504c84d 100644
--- a/nuclei-templates/2024/CVE-2024-1497-6f08ab84e1cb8caf7e2c6c058fbbbb3c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1497-6f08ab84e1cb8caf7e2c6c058fbbbb3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themeisle-companion/"
     google-query: inurl:"/wp-content/plugins/themeisle-companion/"
     shodan-query: 'vuln:CVE-2024-1497'
-  tags: cve,wordpress,wp-plugin,themeisle-companion,medium
+  tags: cve,wordpress,wp-plugin,themeisle-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1498-70c45809c8b9b14259a0bbce1a7bc3da.yaml b/nuclei-templates/2024/CVE-2024-1498-70c45809c8b9b14259a0bbce1a7bc3da.yaml
index fadadde204..411505eb4c 100644
--- a/nuclei-templates/2024/CVE-2024-1498-70c45809c8b9b14259a0bbce1a7bc3da.yaml
+++ b/nuclei-templates/2024/CVE-2024-1498-70c45809c8b9b14259a0bbce1a7bc3da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-1498'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1499-911f38a48744ee0cba908ae42a0febe1.yaml b/nuclei-templates/2024/CVE-2024-1499-911f38a48744ee0cba908ae42a0febe1.yaml
index ff64e7aeb7..bdfce83076 100644
--- a/nuclei-templates/2024/CVE-2024-1499-911f38a48744ee0cba908ae42a0febe1.yaml
+++ b/nuclei-templates/2024/CVE-2024-1499-911f38a48744ee0cba908ae42a0febe1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the  $settings['title_tags'] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themeisle-companion/"
     google-query: inurl:"/wp-content/plugins/themeisle-companion/"
     shodan-query: 'vuln:CVE-2024-1499'
-  tags: cve,wordpress,wp-plugin,themeisle-companion,medium
+  tags: cve,wordpress,wp-plugin,themeisle-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1500-7df172b3edf3e84909e57255e5af7560.yaml b/nuclei-templates/2024/CVE-2024-1500-7df172b3edf3e84909e57255e5af7560.yaml
index 78f1aefae9..e54ebce9d4 100644
--- a/nuclei-templates/2024/CVE-2024-1500-7df172b3edf3e84909e57255e5af7560.yaml
+++ b/nuclei-templates/2024/CVE-2024-1500-7df172b3edf3e84909e57255e5af7560.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons and Templates <= 1.3.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-1500'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1502-78fae6f744a75ffe299dd93a24365b9f.yaml b/nuclei-templates/2024/CVE-2024-1502-78fae6f744a75ffe299dd93a24365b9f.yaml
index e18a1d2cd7..1a635107e2 100644
--- a/nuclei-templates/2024/CVE-2024-1502-78fae6f744a75ffe299dd93a24365b9f.yaml
+++ b/nuclei-templates/2024/CVE-2024-1502-78fae6f744a75ffe299dd93a24365b9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2024-1502'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1505-9f9b469ed3c99cc2601f251ee6ef9e63.yaml b/nuclei-templates/2024/CVE-2024-1505-9f9b469ed3c99cc2601f251ee6ef9e63.yaml
index bfea8acecd..a2ec291ee5 100644
--- a/nuclei-templates/2024/CVE-2024-1505-9f9b469ed3c99cc2601f251ee6ef9e63.yaml
+++ b/nuclei-templates/2024/CVE-2024-1505-9f9b469ed3c99cc2601f251ee6ef9e63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Academy LMS – eLearning and online course solution for WordPress <= 1.9.19 -  Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/academy/"
     google-query: inurl:"/wp-content/plugins/academy/"
     shodan-query: 'vuln:CVE-2024-1505'
-  tags: cve,wordpress,wp-plugin,academy,high
+  tags: cve,wordpress,wp-plugin,academy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1506-4856ea4fa23608af898ff19809065029.yaml b/nuclei-templates/2024/CVE-2024-1506-4856ea4fa23608af898ff19809065029.yaml
index 77c5d98b87..70a2f0ff6f 100644
--- a/nuclei-templates/2024/CVE-2024-1506-4856ea4fa23608af898ff19809065029.yaml
+++ b/nuclei-templates/2024/CVE-2024-1506-4856ea4fa23608af898ff19809065029.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Fiestar widget in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/"
     shodan-query: 'vuln:CVE-2024-1506'
-  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1507-889847d33809b1d03070e688df75ac6b.yaml b/nuclei-templates/2024/CVE-2024-1507-889847d33809b1d03070e688df75ac6b.yaml
index 50afb56b66..4b5e788cdb 100644
--- a/nuclei-templates/2024/CVE-2024-1507-889847d33809b1d03070e688df75ac6b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1507-889847d33809b1d03070e688df75ac6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and including, 3.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/"
     shodan-query: 'vuln:CVE-2024-1507'
-  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1508-7c8990ed736a3cb5113e28a3af38b444.yaml b/nuclei-templates/2024/CVE-2024-1508-7c8990ed736a3cb5113e28a3af38b444.yaml
index 850d245845..f26265f8d9 100644
--- a/nuclei-templates/2024/CVE-2024-1508-7c8990ed736a3cb5113e28a3af38b444.yaml
+++ b/nuclei-templates/2024/CVE-2024-1508-7c8990ed736a3cb5113e28a3af38b444.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/"
     shodan-query: 'vuln:CVE-2024-1508'
-  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1510-edf5537839b9111e9296303d5a76a556.yaml b/nuclei-templates/2024/CVE-2024-1510-edf5537839b9111e9296303d5a76a556.yaml
index bae395fe59..91bb7d3013 100644
--- a/nuclei-templates/2024/CVE-2024-1510-edf5537839b9111e9296303d5a76a556.yaml
+++ b/nuclei-templates/2024/CVE-2024-1510-edf5537839b9111e9296303d5a76a556.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2024-1510'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1516-bf5cbdf8020a636cc9f21e15a59d9023.yaml b/nuclei-templates/2024/CVE-2024-1516-bf5cbdf8020a636cc9f21e15a59d9023.yaml
index 38f9efbcad..5886faa94f 100644
--- a/nuclei-templates/2024/CVE-2024-1516-bf5cbdf8020a636cc9f21e15a59d9023.yaml
+++ b/nuclei-templates/2024/CVE-2024-1516-bf5cbdf8020a636cc9f21e15a59d9023.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP eCommerce <= 3.15.1 - Missing Authorization to Unauthenticated Arbitrary Post Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrary content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-e-commerce/"
     google-query: inurl:"/wp-content/plugins/wp-e-commerce/"
     shodan-query: 'vuln:CVE-2024-1516'
-  tags: cve,wordpress,wp-plugin,wp-e-commerce,medium
+  tags: cve,wordpress,wp-plugin,wp-e-commerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1519-6819e71a564d878e4f4419dfc409235b.yaml b/nuclei-templates/2024/CVE-2024-1519-6819e71a564d878e4f4419dfc409235b.yaml
index d699804d7b..99a95931e3 100644
--- a/nuclei-templates/2024/CVE-2024-1519-6819e71a564d878e4f4419dfc409235b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1519-6819e71a564d878e4f4419dfc409235b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires a member listing page to be active and using the Gerbera theme.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2024-1519'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1521-52d465c21905272814a823dbfaac019a.yaml b/nuclei-templates/2024/CVE-2024-1521-52d465c21905272814a823dbfaac019a.yaml
index 1ada4fec4c..9ead8af247 100644
--- a/nuclei-templates/2024/CVE-2024-1521-52d465c21905272814a823dbfaac019a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1521-52d465c21905272814a823dbfaac019a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability is only exploitable on web servers running NGINX. It is not exploitable on web servers running Apache HTTP Server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2024-1521'
-  tags: cve,wordpress,wp-plugin,elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,elementor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1533-a3c60d763b55ba109d8e7ef5cc4b73cf.yaml b/nuclei-templates/2024/CVE-2024-1533-a3c60d763b55ba109d8e7ef5cc4b73cf.yaml
index 9cde51694e..3c21f46d9c 100644
--- a/nuclei-templates/2024/CVE-2024-1533-a3c60d763b55ba109d8e7ef5cc4b73cf.yaml
+++ b/nuclei-templates/2024/CVE-2024-1533-a3c60d763b55ba109d8e7ef5cc4b73cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Requires Elementor and the Phlox theme to be installed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auxin-elements/"
     google-query: inurl:"/wp-content/plugins/auxin-elements/"
     shodan-query: 'vuln:CVE-2024-1533'
-  tags: cve,wordpress,wp-plugin,auxin-elements,medium
+  tags: cve,wordpress,wp-plugin,auxin-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1534-7832435d7568bbf632e364a36f5e57e1.yaml b/nuclei-templates/2024/CVE-2024-1534-7832435d7568bbf632e364a36f5e57e1.yaml
index e841ec3145..f2e5836f98 100644
--- a/nuclei-templates/2024/CVE-2024-1534-7832435d7568bbf632e364a36f5e57e1.yaml
+++ b/nuclei-templates/2024/CVE-2024-1534-7832435d7568bbf632e364a36f5e57e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:CVE-2024-1534'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1535-ea7c82866444834be834917feb8c07e7.yaml b/nuclei-templates/2024/CVE-2024-1535-ea7c82866444834be834917feb8c07e7.yaml
index 9bd1f07b46..125c611519 100644
--- a/nuclei-templates/2024/CVE-2024-1535-ea7c82866444834be834917feb8c07e7.yaml
+++ b/nuclei-templates/2024/CVE-2024-1535-ea7c82866444834be834917feb8c07e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2024-1535'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1536-cbede89175ad7b3a47d5ac8fb29d35bb.yaml b/nuclei-templates/2024/CVE-2024-1536-cbede89175ad7b3a47d5ac8fb29d35bb.yaml
index eef3ea9c02..c5d185d624 100644
--- a/nuclei-templates/2024/CVE-2024-1536-cbede89175ad7b3a47d5ac8fb29d35bb.yaml
+++ b/nuclei-templates/2024/CVE-2024-1536-cbede89175ad7b3a47d5ac8fb29d35bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-1536'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,high
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1537-8bd60d8d3ae1eb23eefce0f380d89e1c.yaml b/nuclei-templates/2024/CVE-2024-1537-8bd60d8d3ae1eb23eefce0f380d89e1c.yaml
index e22d3a6177..d0c7e548cd 100644
--- a/nuclei-templates/2024/CVE-2024-1537-8bd60d8d3ae1eb23eefce0f380d89e1c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1537-8bd60d8d3ae1eb23eefce0f380d89e1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Data Table
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-1537'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1538-125b5a46ac07b4fbf1d6669e65082c22.yaml b/nuclei-templates/2024/CVE-2024-1538-125b5a46ac07b4fbf1d6669e65082c22.yaml
index a470484abe..1ea0038218 100644
--- a/nuclei-templates/2024/CVE-2024-1538-125b5a46ac07b4fbf1d6669e65082c22.yaml
+++ b/nuclei-templates/2024/CVE-2024-1538-125b5a46ac07b4fbf1d6669e65082c22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Manager <= 7.2.4 - Cross-Site Request Forgery to Local JS File Inclusion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-manager/"
     google-query: inurl:"/wp-content/plugins/wp-file-manager/"
     shodan-query: 'vuln:CVE-2024-1538'
-  tags: cve,wordpress,wp-plugin,wp-file-manager,high
+  tags: cve,wordpress,wp-plugin,wp-file-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1541-b108894447f4647f7c71dc35d7e7ee8f.yaml b/nuclei-templates/2024/CVE-2024-1541-b108894447f4647f7c71dc35d7e7ee8f.yaml
index 124afd45af..e64a94825d 100644
--- a/nuclei-templates/2024/CVE-2024-1541-b108894447f4647f7c71dc35d7e7ee8f.yaml
+++ b/nuclei-templates/2024/CVE-2024-1541-b108894447f4647f7c71dc35d7e7ee8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2024-1541'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,medium
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1559-8eaf2fbb99993016796df5f74fcedae5.yaml b/nuclei-templates/2024/CVE-2024-1559-8eaf2fbb99993016796df5f74fcedae5.yaml
index 93b34314cc..eb9f70127a 100644
--- a/nuclei-templates/2024/CVE-2024-1559-8eaf2fbb99993016796df5f74fcedae5.yaml
+++ b/nuclei-templates/2024/CVE-2024-1559-8eaf2fbb99993016796df5f74fcedae5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link Library <= 7.6 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-library/"
     google-query: inurl:"/wp-content/plugins/link-library/"
     shodan-query: 'vuln:CVE-2024-1559'
-  tags: cve,wordpress,wp-plugin,link-library,medium
+  tags: cve,wordpress,wp-plugin,link-library,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1562-792043f233fdfdf73c23cd58a8394e1e.yaml b/nuclei-templates/2024/CVE-2024-1562-792043f233fdfdf73c23cd58a8394e1e.yaml
index b4e63cde7a..c3d4e402c2 100644
--- a/nuclei-templates/2024/CVE-2024-1562-792043f233fdfdf73c23cd58a8394e1e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1562-792043f233fdfdf73c23cd58a8394e1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Google Sheet Connector <= 1.3.11 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-gsheetconnector/"
     google-query: inurl:"/wp-content/plugins/wc-gsheetconnector/"
     shodan-query: 'vuln:CVE-2024-1562'
-  tags: cve,wordpress,wp-plugin,wc-gsheetconnector,medium
+  tags: cve,wordpress,wp-plugin,wc-gsheetconnector,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1564-8bdef51e6a9551cb787f034110fc0fe2.yaml b/nuclei-templates/2024/CVE-2024-1564-8bdef51e6a9551cb787f034110fc0fe2.yaml
index 6908c64610..2b28cdce8b 100644
--- a/nuclei-templates/2024/CVE-2024-1564-8bdef51e6a9551cb787f034110fc0fe2.yaml
+++ b/nuclei-templates/2024/CVE-2024-1564-8bdef51e6a9551cb787f034110fc0fe2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schema Pro <= 2.7.15 - Authenticated (Contributor+) Custom Field Access
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Schema Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability check in all versions up to, and including 2.7.15. This makes it possible for authenticated attackers, with contributor-level access and above, to access arbitrary custom fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-schema-pro/"
     google-query: inurl:"/wp-content/plugins/wp-schema-pro/"
     shodan-query: 'vuln:CVE-2024-1564'
-  tags: cve,wordpress,wp-plugin,wp-schema-pro,medium
+  tags: cve,wordpress,wp-plugin,wp-schema-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1566-b6235d62fa0b8b99245758e77840a37a.yaml b/nuclei-templates/2024/CVE-2024-1566-b6235d62fa0b8b99245758e77840a37a.yaml
index 3c53ab1395..44dfb058f2 100644
--- a/nuclei-templates/2024/CVE-2024-1566-b6235d62fa0b8b99245758e77840a37a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1566-b6235d62fa0b8b99245758e77840a37a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirects <= 1.2.1 - Missing Authorization via save
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could lead to undesired redirection to phishing sites or malicious web pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirects/"
     google-query: inurl:"/wp-content/plugins/redirects/"
     shodan-query: 'vuln:CVE-2024-1566'
-  tags: cve,wordpress,wp-plugin,redirects,medium
+  tags: cve,wordpress,wp-plugin,redirects,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1568-d2de41ee5b97d7c9433fd01d3f1c9751.yaml b/nuclei-templates/2024/CVE-2024-1568-d2de41ee5b97d7c9433fd01d3f1c9751.yaml
index 4f2df49f79..11f1716e80 100644
--- a/nuclei-templates/2024/CVE-2024-1568-d2de41ee5b97d7c9433fd01d3f1c9751.yaml
+++ b/nuclei-templates/2024/CVE-2024-1568-d2de41ee5b97d7c9433fd01d3f1c9751.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Seraphinite Accelerator <= 2.20.52 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seraphinite-accelerator/"
     google-query: inurl:"/wp-content/plugins/seraphinite-accelerator/"
     shodan-query: 'vuln:CVE-2024-1568'
-  tags: cve,wordpress,wp-plugin,seraphinite-accelerator,medium
+  tags: cve,wordpress,wp-plugin,seraphinite-accelerator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1570-88e8a642963113f357e180145695e08e.yaml b/nuclei-templates/2024/CVE-2024-1570-88e8a642963113f357e180145695e08e.yaml
index 8dfe909394..94f8c17e85 100644
--- a/nuclei-templates/2024/CVE-2024-1570-88e8a642963113f357e180145695e08e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1570-88e8a642963113f357e180145695e08e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2024-1570'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1571-348b2d2c08f931f9d2b3643ac2152b3a.yaml b/nuclei-templates/2024/CVE-2024-1571-348b2d2c08f931f9d2b3643ac2152b3a.yaml
index 463b1ef28b..5352f096ae 100644
--- a/nuclei-templates/2024/CVE-2024-1571-348b2d2c08f931f9d2b3643ac2152b3a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1571-348b2d2c08f931f9d2b3643ac2152b3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Recipe Maker <= 9.2.1 - Authenticated Stored Cross-Site Scripting via Video Embed
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe dashboard (which is administrator-only by default but can be assigned to arbitrary capabilities), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recipe-maker/"
     google-query: inurl:"/wp-content/plugins/wp-recipe-maker/"
     shodan-query: 'vuln:CVE-2024-1571'
-  tags: cve,wordpress,wp-plugin,wp-recipe-maker,medium
+  tags: cve,wordpress,wp-plugin,wp-recipe-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1572-bd4d77259e44439674b77141abd7a906.yaml b/nuclei-templates/2024/CVE-2024-1572-bd4d77259e44439674b77141abd7a906.yaml
index cfdb376a5d..e8649d181b 100644
--- a/nuclei-templates/2024/CVE-2024-1572-bd4d77259e44439674b77141abd7a906.yaml
+++ b/nuclei-templates/2024/CVE-2024-1572-bd4d77259e44439674b77141abd7a906.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ULike <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_ulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapper_class' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ulike/"
     google-query: inurl:"/wp-content/plugins/wp-ulike/"
     shodan-query: 'vuln:CVE-2024-1572'
-  tags: cve,wordpress,wp-plugin,wp-ulike,medium
+  tags: cve,wordpress,wp-plugin,wp-ulike,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1582-73bf56678d08f13f561affd2573b6e8a.yaml b/nuclei-templates/2024/CVE-2024-1582-73bf56678d08f13f561affd2573b6e8a.yaml
index 57bb8a4589..bb41ae2d54 100644
--- a/nuclei-templates/2024/CVE-2024-1582-73bf56678d08f13f561affd2573b6e8a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1582-73bf56678d08f13f561affd2573b6e8a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Go Maps (formerly WP Google Maps) <= 9.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-maps/"
     google-query: inurl:"/wp-content/plugins/wp-google-maps/"
     shodan-query: 'vuln:CVE-2024-1582'
-  tags: cve,wordpress,wp-plugin,wp-google-maps,medium
+  tags: cve,wordpress,wp-plugin,wp-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1584-8fa6b82859e5d82c0a64a9973f57957b.yaml b/nuclei-templates/2024/CVE-2024-1584-8fa6b82859e5d82c0a64a9973f57957b.yaml
index bee94d5a37..fbf9bebf21 100644
--- a/nuclei-templates/2024/CVE-2024-1584-8fa6b82859e5d82c0a64a9973f57957b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1584-8fa6b82859e5d82c0a64a9973f57957b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-analytify/"
     google-query: inurl:"/wp-content/plugins/wp-analytify/"
     shodan-query: 'vuln:CVE-2024-1584'
-  tags: cve,wordpress,wp-plugin,wp-analytify,medium
+  tags: cve,wordpress,wp-plugin,wp-analytify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1585-80129a218b0d8978bbb5382fd0cace63.yaml b/nuclei-templates/2024/CVE-2024-1585-80129a218b0d8978bbb5382fd0cace63.yaml
index 056c18c922..fda9e1e2c2 100644
--- a/nuclei-templates/2024/CVE-2024-1585-80129a218b0d8978bbb5382fd0cace63.yaml
+++ b/nuclei-templates/2024/CVE-2024-1585-80129a218b0d8978bbb5382fd0cace63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.8.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2024-1585'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1586-24a60434e502bd4fe3a3e9f654b441e8.yaml b/nuclei-templates/2024/CVE-2024-1586-24a60434e502bd4fe3a3e9f654b441e8.yaml
index ab502f6697..50e6bcc98f 100644
--- a/nuclei-templates/2024/CVE-2024-1586-24a60434e502bd4fe3a3e9f654b441e8.yaml
+++ b/nuclei-templates/2024/CVE-2024-1586-24a60434e502bd4fe3a3e9f654b441e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schema & Structured Data for WP & AMP <= 1.26 - Authenticated (Custom) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default the required authentication level is admin, but administrators have the ability to assign role based access to users as low as subscriber.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/schema-and-structured-data-for-wp/"
     google-query: inurl:"/wp-content/plugins/schema-and-structured-data-for-wp/"
     shodan-query: 'vuln:CVE-2024-1586'
-  tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,medium
+  tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1590-05c61ba0f98849485be0002b6c76289c.yaml b/nuclei-templates/2024/CVE-2024-1590-05c61ba0f98849485be0002b6c76289c.yaml
index b1af78b49a..3ceb90250e 100644
--- a/nuclei-templates/2024/CVE-2024-1590-05c61ba0f98849485be0002b6c76289c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1590-05c61ba0f98849485be0002b6c76289c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagelayer/"
     google-query: inurl:"/wp-content/plugins/pagelayer/"
     shodan-query: 'vuln:CVE-2024-1590'
-  tags: cve,wordpress,wp-plugin,pagelayer,medium
+  tags: cve,wordpress,wp-plugin,pagelayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1637-b160f2225fa61e39751381696b9f32c3.yaml b/nuclei-templates/2024/CVE-2024-1637-b160f2225fa61e39751381696b9f32c3.yaml
index 86a7d9191c..6f4dbe0da0 100644
--- a/nuclei-templates/2024/CVE-2024-1637-b160f2225fa61e39751381696b9f32c3.yaml
+++ b/nuclei-templates/2024/CVE-2024-1637-b160f2225fa61e39751381696b9f32c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     360 Javascript Viewer <= 1.7.12 - Missing Authorization to Plugin Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/360deg-javascript-viewer/"
     google-query: inurl:"/wp-content/plugins/360deg-javascript-viewer/"
     shodan-query: 'vuln:CVE-2024-1637'
-  tags: cve,wordpress,wp-plugin,360deg-javascript-viewer,medium
+  tags: cve,wordpress,wp-plugin,360deg-javascript-viewer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1641-0a2080d70a92fba8a8847abac6eea304.yaml b/nuclei-templates/2024/CVE-2024-1641-0a2080d70a92fba8a8847abac6eea304.yaml
index b05ba33626..5b039bc6e7 100644
--- a/nuclei-templates/2024/CVE-2024-1641-0a2080d70a92fba8a8847abac6eea304.yaml
+++ b/nuclei-templates/2024/CVE-2024-1641-0a2080d70a92fba8a8847abac6eea304.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions/"
     google-query: inurl:"/wp-content/plugins/accordions/"
     shodan-query: 'vuln:CVE-2024-1641'
-  tags: cve,wordpress,wp-plugin,accordions,medium
+  tags: cve,wordpress,wp-plugin,accordions,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1645-8b372eebc313c06900867e460f19a6e4.yaml b/nuclei-templates/2024/CVE-2024-1645-8b372eebc313c06900867e460f19a6e4.yaml
index 882ebbd6b0..41249e2578 100644
--- a/nuclei-templates/2024/CVE-2024-1645-8b372eebc313c06900867e460f19a6e4.yaml
+++ b/nuclei-templates/2024/CVE-2024-1645-8b372eebc313c06900867e460f19a6e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mollie Forms <= 2.6.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mollie-forms/"
     google-query: inurl:"/wp-content/plugins/mollie-forms/"
     shodan-query: 'vuln:CVE-2024-1645'
-  tags: cve,wordpress,wp-plugin,mollie-forms,medium
+  tags: cve,wordpress,wp-plugin,mollie-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1649-dd16da990120154a69703f2e9dcba084.yaml b/nuclei-templates/2024/CVE-2024-1649-dd16da990120154a69703f2e9dcba084.yaml
index a2548f06c5..6a53e9e38b 100644
--- a/nuclei-templates/2024/CVE-2024-1649-dd16da990120154a69703f2e9dcba084.yaml
+++ b/nuclei-templates/2024/CVE-2024-1649-dd16da990120154a69703f2e9dcba084.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete categories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/categorify/"
     google-query: inurl:"/wp-content/plugins/categorify/"
     shodan-query: 'vuln:CVE-2024-1649'
-  tags: cve,wordpress,wp-plugin,categorify,medium
+  tags: cve,wordpress,wp-plugin,categorify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1650-2f5fc8a76419fe6bea249f884a02d85d.yaml b/nuclei-templates/2024/CVE-2024-1650-2f5fc8a76419fe6bea249f884a02d85d.yaml
index f895799a02..f8a40692ae 100644
--- a/nuclei-templates/2024/CVE-2024-1650-2f5fc8a76419fe6bea249f884a02d85d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1650-2f5fc8a76419fe6bea249f884a02d85d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to rename categories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/categorify/"
     google-query: inurl:"/wp-content/plugins/categorify/"
     shodan-query: 'vuln:CVE-2024-1650'
-  tags: cve,wordpress,wp-plugin,categorify,medium
+  tags: cve,wordpress,wp-plugin,categorify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1652-bf5e4013e055d945f3801300e58d2936.yaml b/nuclei-templates/2024/CVE-2024-1652-bf5e4013e055d945f3801300e58d2936.yaml
index 329156b229..022dc638e3 100644
--- a/nuclei-templates/2024/CVE-2024-1652-bf5e4013e055d945f3801300e58d2936.yaml
+++ b/nuclei-templates/2024/CVE-2024-1652-bf5e4013e055d945f3801300e58d2936.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear categories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/categorify/"
     google-query: inurl:"/wp-content/plugins/categorify/"
     shodan-query: 'vuln:CVE-2024-1652'
-  tags: cve,wordpress,wp-plugin,categorify,medium
+  tags: cve,wordpress,wp-plugin,categorify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1653-c408e44047c03520c426eb804c18a88a.yaml b/nuclei-templates/2024/CVE-2024-1653-c408e44047c03520c426eb804c18a88a.yaml
index 06d2b11e40..1e38b962e5 100644
--- a/nuclei-templates/2024/CVE-2024-1653-c408e44047c03520c426eb804c18a88a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1653-c408e44047c03520c426eb804c18a88a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxUpdateFolderPosition
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the folder position of categories as well as update the metadata of other taxonomies.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/categorify/"
     google-query: inurl:"/wp-content/plugins/categorify/"
     shodan-query: 'vuln:CVE-2024-1653'
-  tags: cve,wordpress,wp-plugin,categorify,medium
+  tags: cve,wordpress,wp-plugin,categorify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1660-7b68da6e2373d2ac5c585efcf03c710b.yaml b/nuclei-templates/2024/CVE-2024-1660-7b68da6e2373d2ac5c585efcf03c710b.yaml
index e003ff173b..85a5bec938 100644
--- a/nuclei-templates/2024/CVE-2024-1660-7b68da6e2373d2ac5c585efcf03c710b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1660-7b68da6e2373d2ac5c585efcf03c710b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Top Bar  <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/top-bar/"
     google-query: inurl:"/wp-content/plugins/top-bar/"
     shodan-query: 'vuln:CVE-2024-1660'
-  tags: cve,wordpress,wp-plugin,top-bar,medium
+  tags: cve,wordpress,wp-plugin,top-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1664-41e0b9bc5daa86f41c29f0c4deb81563.yaml b/nuclei-templates/2024/CVE-2024-1664-41e0b9bc5daa86f41c29f0c4deb81563.yaml
index 08a042210c..2343f80d10 100644
--- a/nuclei-templates/2024/CVE-2024-1664-41e0b9bc5daa86f41c29f0c4deb81563.yaml
+++ b/nuclei-templates/2024/CVE-2024-1664-41e0b9bc5daa86f41c29f0c4deb81563.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Gallery Grid <= 2.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Gallery Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-gallery-grid/"
     google-query: inurl:"/wp-content/plugins/responsive-gallery-grid/"
     shodan-query: 'vuln:CVE-2024-1664'
-  tags: cve,wordpress,wp-plugin,responsive-gallery-grid,medium
+  tags: cve,wordpress,wp-plugin,responsive-gallery-grid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1668-9abc850c93257e8269e3f6780cf7c973.yaml b/nuclei-templates/2024/CVE-2024-1668-9abc850c93257e8269e3f6780cf7c973.yaml
index 1a5db4419b..4779c6c16b 100644
--- a/nuclei-templates/2024/CVE-2024-1668-9abc850c93257e8269e3f6780cf7c973.yaml
+++ b/nuclei-templates/2024/CVE-2024-1668-9abc850c93257e8269e3f6780cf7c973.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 7.11.5 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's "password" field).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2024-1668'
-  tags: cve,wordpress,wp-theme,Avada,medium
+  tags: cve,wordpress,wp-theme,Avada,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1679-1003d8c4cbec4c692768d02c2deb833d.yaml b/nuclei-templates/2024/CVE-2024-1679-1003d8c4cbec4c692768d02c2deb833d.yaml
index 109e9160d7..c498a350da 100644
--- a/nuclei-templates/2024/CVE-2024-1679-1003d8c4cbec4c692768d02c2deb833d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1679-1003d8c4cbec4c692768d02c2deb833d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Templates
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template and javascript label fields in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/a4-barcode-generator/"
     google-query: inurl:"/wp-content/plugins/a4-barcode-generator/"
     shodan-query: 'vuln:CVE-2024-1679'
-  tags: cve,wordpress,wp-plugin,a4-barcode-generator,medium
+  tags: cve,wordpress,wp-plugin,a4-barcode-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1680-5332275b2ed1bab71594c8fbd6d44f11.yaml b/nuclei-templates/2024/CVE-2024-1680-5332275b2ed1bab71594c8fbd6d44f11.yaml
index 2b071daaa7..07b8b453ff 100644
--- a/nuclei-templates/2024/CVE-2024-1680-5332275b2ed1bab71594c8fbd6d44f11.yaml
+++ b/nuclei-templates/2024/CVE-2024-1680-5332275b2ed1bab71594c8fbd6d44f11.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner, Team Members, and Image Scroll Widgets
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1680'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1684-89238e69360283d59cda9a307dc44ad9.yaml b/nuclei-templates/2024/CVE-2024-1684-89238e69360283d59cda9a307dc44ad9.yaml
index e51ee6c30d..533cefb8e8 100644
--- a/nuclei-templates/2024/CVE-2024-1684-89238e69360283d59cda9a307dc44ad9.yaml
+++ b/nuclei-templates/2024/CVE-2024-1684-89238e69360283d59cda9a307dc44ad9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Otter Blocks PRO <= 2.6.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via File Field CSS
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/otter-pro/"
     google-query: inurl:"/wp-content/plugins/otter-pro/"
     shodan-query: 'vuln:CVE-2024-1684'
-  tags: cve,wordpress,wp-plugin,otter-pro,medium
+  tags: cve,wordpress,wp-plugin,otter-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1685-d57b4e44c91b72a924430dae58b27aa4.yaml b/nuclei-templates/2024/CVE-2024-1685-d57b4e44c91b72a924430dae58b27aa4.yaml
index 07e0212d33..9d9ea5e0c0 100644
--- a/nuclei-templates/2024/CVE-2024-1685-d57b4e44c91b72a924430dae58b27aa4.yaml
+++ b/nuclei-templates/2024/CVE-2024-1685-d57b4e44c91b72a924430dae58b27aa4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Share Buttons <= 2.1.0 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. CVE-2024-2721 is likely a duplicate to this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-media-builder/"
     google-query: inurl:"/wp-content/plugins/social-media-builder/"
     shodan-query: 'vuln:CVE-2024-1685'
-  tags: cve,wordpress,wp-plugin,social-media-builder,high
+  tags: cve,wordpress,wp-plugin,social-media-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1686-179df283f6f4faa0dd973e427dd4bc30.yaml b/nuclei-templates/2024/CVE-2024-1686-179df283f6f4faa0dd973e427dd4bc30.yaml
index 732549ea27..6d378ee05d 100644
--- a/nuclei-templates/2024/CVE-2024-1686-179df283f6f4faa0dd973e427dd4bc30.yaml
+++ b/nuclei-templates/2024/CVE-2024-1686-179df283f6f4faa0dd973e427dd4bc30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-thank-you-page-customizer/"
     google-query: inurl:"/wp-content/plugins/woo-thank-you-page-customizer/"
     shodan-query: 'vuln:CVE-2024-1686'
-  tags: cve,wordpress,wp-plugin,woo-thank-you-page-customizer,medium
+  tags: cve,wordpress,wp-plugin,woo-thank-you-page-customizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1687-5cee27767ae5190db018a1cdcac6e39b.yaml b/nuclei-templates/2024/CVE-2024-1687-5cee27767ae5190db018a1cdcac6e39b.yaml
index 69237b2718..0ea49be83f 100644
--- a/nuclei-templates/2024/CVE-2024-1687-5cee27767ae5190db018a1cdcac6e39b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1687-5cee27767ae5190db018a1cdcac6e39b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-thank-you-page-customizer/"
     google-query: inurl:"/wp-content/plugins/woo-thank-you-page-customizer/"
     shodan-query: 'vuln:CVE-2024-1687'
-  tags: cve,wordpress,wp-plugin,woo-thank-you-page-customizer,medium
+  tags: cve,wordpress,wp-plugin,woo-thank-you-page-customizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1688-60fd57f03f391911c0b737f75f701788.yaml b/nuclei-templates/2024/CVE-2024-1688-60fd57f03f391911c0b737f75f701788.yaml
index 4d2d6f0e9c..cc9fbc1809 100644
--- a/nuclei-templates/2024/CVE-2024-1688-60fd57f03f391911c0b737f75f701788.yaml
+++ b/nuclei-templates/2024/CVE-2024-1688-60fd57f03f391911c0b737f75f701788.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woo Total Sales <= 3.1.4 - Missing Authorization to Unauthenticated Sales Report Retrieval
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to retrieve sales reports for the store.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-total-sales/"
     google-query: inurl:"/wp-content/plugins/woo-total-sales/"
     shodan-query: 'vuln:CVE-2024-1688'
-  tags: cve,wordpress,wp-plugin,woo-total-sales,medium
+  tags: cve,wordpress,wp-plugin,woo-total-sales,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1690-fcef50fc4ab0d04c6eb8673c640961fc.yaml b/nuclei-templates/2024/CVE-2024-1690-fcef50fc4ab0d04c6eb8673c640961fc.yaml
index 10bacf209e..d7db8a75d9 100644
--- a/nuclei-templates/2024/CVE-2024-1690-fcef50fc4ab0d04c6eb8673c640961fc.yaml
+++ b/nuclei-templates/2024/CVE-2024-1690-fcef50fc4ab0d04c6eb8673c640961fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.4.10 - Missing Authorization to Authenticated (Subscriber+) User Email Export
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in all versions up to, and including, 1.4.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to export a list of registered users and their emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-wallet/"
     google-query: inurl:"/wp-content/plugins/woo-wallet/"
     shodan-query: 'vuln:CVE-2024-1690'
-  tags: cve,wordpress,wp-plugin,woo-wallet,medium
+  tags: cve,wordpress,wp-plugin,woo-wallet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1691-9f787a2ef36698ab9d958e79e9a7609e.yaml b/nuclei-templates/2024/CVE-2024-1691-9f787a2ef36698ab9d958e79e9a7609e.yaml
index 0c558b89eb..a6519abd6b 100644
--- a/nuclei-templates/2024/CVE-2024-1691-9f787a2ef36698ab9d958e79e9a7609e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1691-9f787a2ef36698ab9d958e79e9a7609e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Otter Blocks PRO <= 2.6.3 - Unauthenticated Stored Cross-Site Scripting via SVG Upload
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that the patch in 2.6.4 allows SVG uploads but the uploaded SVG files are sanitized.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/otter-pro/"
     google-query: inurl:"/wp-content/plugins/otter-pro/"
     shodan-query: 'vuln:CVE-2024-1691'
-  tags: cve,wordpress,wp-plugin,otter-pro,medium
+  tags: cve,wordpress,wp-plugin,otter-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1692-facd15a60590ce98592dd0da5f942c33.yaml b/nuclei-templates/2024/CVE-2024-1692-facd15a60590ce98592dd0da5f942c33.yaml
index 4516d8c3bc..decf812f05 100644
--- a/nuclei-templates/2024/CVE-2024-1692-facd15a60590ce98592dd0da5f942c33.yaml
+++ b/nuclei-templates/2024/CVE-2024-1692-facd15a60590ce98592dd0da5f942c33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/boldgrid-easy-seo/"
     google-query: inurl:"/wp-content/plugins/boldgrid-easy-seo/"
     shodan-query: 'vuln:CVE-2024-1692'
-  tags: cve,wordpress,wp-plugin,boldgrid-easy-seo,medium
+  tags: cve,wordpress,wp-plugin,boldgrid-easy-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1693-3992d1400a14226b637a309e355d88df.yaml b/nuclei-templates/2024/CVE-2024-1693-3992d1400a14226b637a309e355d88df.yaml
index cd3101a473..3971dc584d 100644
--- a/nuclei-templates/2024/CVE-2024-1693-3992d1400a14226b637a309e355d88df.yaml
+++ b/nuclei-templates/2024/CVE-2024-1693-3992d1400a14226b637a309e355d88df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary folder name that do not belong to them.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:CVE-2024-1693'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,medium
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1697-b9bdab270fe39bf9e158152b28713054.yaml b/nuclei-templates/2024/CVE-2024-1697-b9bdab270fe39bf9e158152b28713054.yaml
index c0d99632e3..0555e8fa8f 100644
--- a/nuclei-templates/2024/CVE-2024-1697-b9bdab270fe39bf9e158152b28713054.yaml
+++ b/nuclei-templates/2024/CVE-2024-1697-b9bdab270fe39bf9e158152b28713054.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-fields-to-checkout-page-woocommerce/"
     google-query: inurl:"/wp-content/plugins/add-fields-to-checkout-page-woocommerce/"
     shodan-query: 'vuln:CVE-2024-1697'
-  tags: cve,wordpress,wp-plugin,add-fields-to-checkout-page-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,add-fields-to-checkout-page-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1710-1b768170ce1555d79635fdd71ff99339.yaml b/nuclei-templates/2024/CVE-2024-1710-1b768170ce1555d79635fdd71ff99339.yaml
index 504308d83b..77b0f82e10 100644
--- a/nuclei-templates/2024/CVE-2024-1710-1b768170ce1555d79635fdd71ff99339.yaml
+++ b/nuclei-templates/2024/CVE-2024-1710-1b768170ce1555d79635fdd71ff99339.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Addon Library <= 1.3.76 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-library/"
     google-query: inurl:"/wp-content/plugins/addon-library/"
     shodan-query: 'vuln:CVE-2024-1710'
-  tags: cve,wordpress,wp-plugin,addon-library,high
+  tags: cve,wordpress,wp-plugin,addon-library,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1712-1ad6aee2c1707dc46ec5695ab78feced.yaml b/nuclei-templates/2024/CVE-2024-1712-1ad6aee2c1707dc46ec5695ab78feced.yaml
index 9e1884a15f..6c3d4cdae9 100644
--- a/nuclei-templates/2024/CVE-2024-1712-1ad6aee2c1707dc46ec5695ab78feced.yaml
+++ b/nuclei-templates/2024/CVE-2024-1712-1ad6aee2c1707dc46ec5695ab78feced.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carousel Slider <= 2.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Slides Per View parameter in all versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-tabs/"
     google-query: inurl:"/wp-content/plugins/responsive-tabs/"
     shodan-query: 'vuln:CVE-2024-1712'
-  tags: cve,wordpress,wp-plugin,responsive-tabs,medium
+  tags: cve,wordpress,wp-plugin,responsive-tabs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1716-7fb9197171618e79a095c113a75de482.yaml b/nuclei-templates/2024/CVE-2024-1716-7fb9197171618e79a095c113a75de482.yaml
index 0330a2b4cc..d46575b07d 100644
--- a/nuclei-templates/2024/CVE-2024-1716-7fb9197171618e79a095c113a75de482.yaml
+++ b/nuclei-templates/2024/CVE-2024-1716-7fb9197171618e79a095c113a75de482.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable or disable the admin bar on the front-end of the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-bar/"
     google-query: inurl:"/wp-content/plugins/admin-bar/"
     shodan-query: 'vuln:CVE-2024-1716'
-  tags: cve,wordpress,wp-plugin,admin-bar,medium
+  tags: cve,wordpress,wp-plugin,admin-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1719-a742d112c80df865f27dc03fd5bad80a.yaml b/nuclei-templates/2024/CVE-2024-1719-a742d112c80df865f27dc03fd5bad80a.yaml
index 0452301544..ccc2e1784e 100644
--- a/nuclei-templates/2024/CVE-2024-1719-a742d112c80df865f27dc03fd5bad80a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1719-a742d112c80df865f27dc03fd5bad80a.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2024-1719
   metadata:
-    fofa-query: "wp-content/plugins/contact-form-7-paypal-add-on/"
-    google-query: inurl:"/wp-content/plugins/contact-form-7-paypal-add-on/"
+    fofa-query: "wp-content/plugins/wp-ecommerce-paypal/"
+    google-query: inurl:"/wp-content/plugins/wp-ecommerce-paypal/"
     shodan-query: 'vuln:CVE-2024-1719'
-  tags: cve,wordpress,wp-plugin,contact-form-7-paypal-add-on,medium
+  tags: cve,wordpress,wp-plugin,wp-ecommerce-paypal,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/contact-form-7-paypal-add-on/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-paypal/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "contact-form-7-paypal-add-on"
+          - "wp-ecommerce-paypal"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.1')
\ No newline at end of file
+          - compare_versions(version, '<= 1.8.3')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-1720-1ab35ec2ada14325b98997bb858be8c8.yaml b/nuclei-templates/2024/CVE-2024-1720-1ab35ec2ada14325b98997bb858be8c8.yaml
index 30dbd938a3..b5b00d0951 100644
--- a/nuclei-templates/2024/CVE-2024-1720-1ab35ec2ada14325b98997bb858be8c8.yaml
+++ b/nuclei-templates/2024/CVE-2024-1720-1ab35ec2ada14325b98997bb858be8c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-registration/"
     google-query: inurl:"/wp-content/plugins/user-registration/"
     shodan-query: 'vuln:CVE-2024-1720'
-  tags: cve,wordpress,wp-plugin,user-registration,medium
+  tags: cve,wordpress,wp-plugin,user-registration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1723-dee8b4970935a0806a128f5493b5e0f3.yaml b/nuclei-templates/2024/CVE-2024-1723-dee8b4970935a0806a128f5493b5e0f3.yaml
index 2374a34979..c5913d0be3 100644
--- a/nuclei-templates/2024/CVE-2024-1723-dee8b4970935a0806a128f5493b5e0f3.yaml
+++ b/nuclei-templates/2024/CVE-2024-1723-dee8b4970935a0806a128f5493b5e0f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SiteOrigin Widgets Bundle <= 1.58.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Affected parameters include: $instance['fonts']['title_options']['tag'], $headline_tag, $sub_headline_tag, $feature['icon'].
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/so-widgets-bundle/"
     google-query: inurl:"/wp-content/plugins/so-widgets-bundle/"
     shodan-query: 'vuln:CVE-2024-1723'
-  tags: cve,wordpress,wp-plugin,so-widgets-bundle,medium
+  tags: cve,wordpress,wp-plugin,so-widgets-bundle,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1730-b5d8ae30fccbde3a30e869d152e37902.yaml b/nuclei-templates/2024/CVE-2024-1730-b5d8ae30fccbde3a30e869d152e37902.yaml
index 5f96c516a2..d71e729f2b 100644
--- a/nuclei-templates/2024/CVE-2024-1730-b5d8ae30fccbde3a30e869d152e37902.yaml
+++ b/nuclei-templates/2024/CVE-2024-1730-b5d8ae30fccbde3a30e869d152e37902.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in all versions up to, and including, 3.14.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/"
     shodan-query: 'vuln:CVE-2024-1730'
-  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1731-176d59252e2a1ced83fc8440cad1b0f5.yaml b/nuclei-templates/2024/CVE-2024-1731-176d59252e2a1ced83fc8440cad1b0f5.yaml
index 16239f4f53..91a1aa0a37 100644
--- a/nuclei-templates/2024/CVE-2024-1731-176d59252e2a1ced83fc8440cad1b0f5.yaml
+++ b/nuclei-templates/2024/CVE-2024-1731-176d59252e2a1ced83fc8440cad1b0f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Refresh Single Page <= 1.1 -  Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post meta option. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-refresh-single-page/"
     google-query: inurl:"/wp-content/plugins/auto-refresh-single-page/"
     shodan-query: 'vuln:CVE-2024-1731'
-  tags: cve,wordpress,wp-plugin,auto-refresh-single-page,high
+  tags: cve,wordpress,wp-plugin,auto-refresh-single-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1732-b2a85d8fd51446e550fee890b46b39fe.yaml b/nuclei-templates/2024/CVE-2024-1732-b2a85d8fd51446e550fee890b46b39fe.yaml
index f253c1e701..ded97b2d57 100644
--- a/nuclei-templates/2024/CVE-2024-1732-b2a85d8fd51446e550fee890b46b39fe.yaml
+++ b/nuclei-templates/2024/CVE-2024-1732-b2a85d8fd51446e550fee890b46b39fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wads_removeProductFromShop() function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to delete arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wooshark-aliexpress-importer/"
     google-query: inurl:"/wp-content/plugins/wooshark-aliexpress-importer/"
     shodan-query: 'vuln:CVE-2024-1732'
-  tags: cve,wordpress,wp-plugin,wooshark-aliexpress-importer,medium
+  tags: cve,wordpress,wp-plugin,wooshark-aliexpress-importer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1733-82ccd5e1aeac71fd905aec731ee6d6b0.yaml b/nuclei-templates/2024/CVE-2024-1733-82ccd5e1aeac71fd905aec731ee6d6b0.yaml
index 276d2c6c5e..48d2ae9a47 100644
--- a/nuclei-templates/2024/CVE-2024-1733-82ccd5e1aeac71fd905aec731ee6d6b0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1733-82ccd5e1aeac71fd905aec731ee6d6b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Word Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/word-replacer-ultra/"
     google-query: inurl:"/wp-content/plugins/word-replacer-ultra/"
     shodan-query: 'vuln:CVE-2024-1733'
-  tags: cve,wordpress,wp-plugin,word-replacer-ultra,medium
+  tags: cve,wordpress,wp-plugin,word-replacer-ultra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1745-3fcde9cc662e3ad45e20c993057641fd.yaml b/nuclei-templates/2024/CVE-2024-1745-3fcde9cc662e3ad45e20c993057641fd.yaml
index c7649aa84e..829e2c7173 100644
--- a/nuclei-templates/2024/CVE-2024-1745-3fcde9cc662e3ad45e20c993057641fd.yaml
+++ b/nuclei-templates/2024/CVE-2024-1745-3fcde9cc662e3ad45e20c993057641fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial Slider <= 2.3.6 - Missing Authorization to Authenticated (Author+) Settings Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Testimonial Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tssSettingsUpdate() function in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with author-level access and above, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-slider-and-showcase/"
     google-query: inurl:"/wp-content/plugins/testimonial-slider-and-showcase/"
     shodan-query: 'vuln:CVE-2024-1745'
-  tags: cve,wordpress,wp-plugin,testimonial-slider-and-showcase,medium
+  tags: cve,wordpress,wp-plugin,testimonial-slider-and-showcase,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1746-9fed5404f994e2e62aad7f01b29dde3c.yaml b/nuclei-templates/2024/CVE-2024-1746-9fed5404f994e2e62aad7f01b29dde3c.yaml
index 6bd51422b7..30920678c3 100644
--- a/nuclei-templates/2024/CVE-2024-1746-9fed5404f994e2e62aad7f01b29dde3c.yaml
+++ b/nuclei-templates/2024/CVE-2024-1746-9fed5404f994e2e62aad7f01b29dde3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial Slider <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial/"
     google-query: inurl:"/wp-content/plugins/testimonial/"
     shodan-query: 'vuln:CVE-2024-1746'
-  tags: cve,wordpress,wp-plugin,testimonial,medium
+  tags: cve,wordpress,wp-plugin,testimonial,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1751-ee13651f12379100949dbc5d6ec901e8.yaml b/nuclei-templates/2024/CVE-2024-1751-ee13651f12379100949dbc5d6ec901e8.yaml
index aed3ef6867..194cf0a6aa 100644
--- a/nuclei-templates/2024/CVE-2024-1751-ee13651f12379100949dbc5d6ec901e8.yaml
+++ b/nuclei-templates/2024/CVE-2024-1751-ee13651f12379100949dbc5d6ec901e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber/student access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2024-1751'
-  tags: cve,wordpress,wp-plugin,tutor,high
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1752-bbb0e39e4c65975737c298f09a794bf6.yaml b/nuclei-templates/2024/CVE-2024-1752-bbb0e39e4c65975737c298f09a794bf6.yaml
index 7c197f0aaa..ce09443a07 100644
--- a/nuclei-templates/2024/CVE-2024-1752-bbb0e39e4c65975737c298f09a794bf6.yaml
+++ b/nuclei-templates/2024/CVE-2024-1752-bbb0e39e4c65975737c298f09a794bf6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Font Farsi <= 1.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/font-farsi/"
     google-query: inurl:"/wp-content/plugins/font-farsi/"
     shodan-query: 'vuln:CVE-2024-1752'
-  tags: cve,wordpress,wp-plugin,font-farsi,medium
+  tags: cve,wordpress,wp-plugin,font-farsi,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1754-9980c05da6f848a401a8e11f20123173.yaml b/nuclei-templates/2024/CVE-2024-1754-9980c05da6f848a401a8e11f20123173.yaml
index 0f1ef4473f..e3da4cb06c 100644
--- a/nuclei-templates/2024/CVE-2024-1754-9980c05da6f848a401a8e11f20123173.yaml
+++ b/nuclei-templates/2024/CVE-2024-1754-9980c05da6f848a401a8e11f20123173.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NPS computy <= 2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NPS computy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nps-computy/"
     google-query: inurl:"/wp-content/plugins/nps-computy/"
     shodan-query: 'vuln:CVE-2024-1754'
-  tags: cve,wordpress,wp-plugin,nps-computy,medium
+  tags: cve,wordpress,wp-plugin,nps-computy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1756-fc1bee3fb68d7c35aad200db5adf3590.yaml b/nuclei-templates/2024/CVE-2024-1756-fc1bee3fb68d7c35aad200db5adf3590.yaml
index 2657589226..4fa1b117ec 100644
--- a/nuclei-templates/2024/CVE-2024-1756-fc1bee3fb68d7c35aad200db5adf3590.yaml
+++ b/nuclei-templates/2024/CVE-2024-1756-fc1bee3fb68d7c35aad200db5adf3590.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Customers Manager <= 29.7 - Missing Authorization to Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Customers Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wccm_get_customers_list AJAX action in all versions up to, and including, 29.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve a list of customers and their data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-customers-manager/"
     google-query: inurl:"/wp-content/plugins/woocommerce-customers-manager/"
     shodan-query: 'vuln:CVE-2024-1756'
-  tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1758-c713f885667125d83707da22fe966bb2.yaml b/nuclei-templates/2024/CVE-2024-1758-c713f885667125d83707da22fe966bb2.yaml
index a8b59ff188..7ae7d39e9c 100644
--- a/nuclei-templates/2024/CVE-2024-1758-c713f885667125d83707da22fe966bb2.yaml
+++ b/nuclei-templates/2024/CVE-2024-1758-c713f885667125d83707da22fe966bb2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SuperFaktura WooCommerce <= 1.40.3 - Authenticated (Subscriber+) Blind Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. CVE-2024-32803 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-superfaktura/"
     google-query: inurl:"/wp-content/plugins/woocommerce-superfaktura/"
     shodan-query: 'vuln:CVE-2024-1758'
-  tags: cve,wordpress,wp-plugin,woocommerce-superfaktura,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-superfaktura,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1759-5e4d2604a5e90cd0dc912e39171976ad.yaml b/nuclei-templates/2024/CVE-2024-1759-5e4d2604a5e90cd0dc912e39171976ad.yaml
index b0d1cec807..778e873b39 100644
--- a/nuclei-templates/2024/CVE-2024-1759-5e4d2604a5e90cd0dc912e39171976ad.yaml
+++ b/nuclei-templates/2024/CVE-2024-1759-5e4d2604a5e90cd0dc912e39171976ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ULike <= 4.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ulike/"
     google-query: inurl:"/wp-content/plugins/wp-ulike/"
     shodan-query: 'vuln:CVE-2024-1759'
-  tags: cve,wordpress,wp-plugin,wp-ulike,medium
+  tags: cve,wordpress,wp-plugin,wp-ulike,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1761-50ffb87c6ba7528dcf0d0be367e8a965.yaml b/nuclei-templates/2024/CVE-2024-1761-50ffb87c6ba7528dcf0d0be367e8a965.yaml
index 9f06e80d62..fe0a5fa8f8 100644
--- a/nuclei-templates/2024/CVE-2024-1761-50ffb87c6ba7528dcf0d0be367e8a965.yaml
+++ b/nuclei-templates/2024/CVE-2024-1761-50ffb87c6ba7528dcf0d0be367e8a965.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Chat App <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-whatsapp/"
     google-query: inurl:"/wp-content/plugins/wp-whatsapp/"
     shodan-query: 'vuln:CVE-2024-1761'
-  tags: cve,wordpress,wp-plugin,wp-whatsapp,medium
+  tags: cve,wordpress,wp-plugin,wp-whatsapp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1763-0f9348eac96a42ea06d72213f997cb8e.yaml b/nuclei-templates/2024/CVE-2024-1763-0f9348eac96a42ea06d72213f997cb8e.yaml
index d9deafd827..17e714f5c9 100644
--- a/nuclei-templates/2024/CVE-2024-1763-0f9348eac96a42ea06d72213f997cb8e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1763-0f9348eac96a42ea06d72213f997cb8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp Social Login and Register Social Counter <= 3.0.0 - Missing Authorization to Unauthenticated Social Login/Share Status Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-social/"
     google-query: inurl:"/wp-content/plugins/wp-social/"
     shodan-query: 'vuln:CVE-2024-1763'
-  tags: cve,wordpress,wp-plugin,wp-social,medium
+  tags: cve,wordpress,wp-plugin,wp-social,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1767-07a77988897e3af64d686b49eda84d8d.yaml b/nuclei-templates/2024/CVE-2024-1767-07a77988897e3af64d686b49eda84d8d.yaml
index 62daf9d6cd..83afdc1ed9 100644
--- a/nuclei-templates/2024/CVE-2024-1767-07a77988897e3af64d686b49eda84d8d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1767-07a77988897e3af64d686b49eda84d8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blocksy <= 2.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/blocksy/"
     google-query: inurl:"/wp-content/themes/blocksy/"
     shodan-query: 'vuln:CVE-2024-1767'
-  tags: cve,wordpress,wp-theme,blocksy,medium
+  tags: cve,wordpress,wp-theme,blocksy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1770-85f58ceac5f2aff68a6dbc6ee57ae093.yaml b/nuclei-templates/2024/CVE-2024-1770-85f58ceac5f2aff68a6dbc6ee57ae093.yaml
index cf79131cc9..9f0a8231a8 100644
--- a/nuclei-templates/2024/CVE-2024-1770-85f58ceac5f2aff68a6dbc6ee57ae093.yaml
+++ b/nuclei-templates/2024/CVE-2024-1770-85f58ceac5f2aff68a6dbc6ee57ae093.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meta-tag-manager/"
     google-query: inurl:"/wp-content/plugins/meta-tag-manager/"
     shodan-query: 'vuln:CVE-2024-1770'
-  tags: cve,wordpress,wp-plugin,meta-tag-manager,high
+  tags: cve,wordpress,wp-plugin,meta-tag-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1771-e9ad128afe18da7565a18caa795c2ef0.yaml b/nuclei-templates/2024/CVE-2024-1771-e9ad128afe18da7565a18caa795c2ef0.yaml
index a023388bf3..c4f235283b 100644
--- a/nuclei-templates/2024/CVE-2024-1771-e9ad128afe18da7565a18caa795c2ef0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1771-e9ad128afe18da7565a18caa795c2ef0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat sections on the homepage.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/total/"
     google-query: inurl:"/wp-content/themes/total/"
     shodan-query: 'vuln:CVE-2024-1771'
-  tags: cve,wordpress,wp-theme,total,medium
+  tags: cve,wordpress,wp-theme,total,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1772-6182145f7b993029088ccd0a82af0476.yaml b/nuclei-templates/2024/CVE-2024-1772-6182145f7b993029088ccd0a82af0476.yaml
index 174f39348e..aa9a718617 100644
--- a/nuclei-templates/2024/CVE-2024-1772-6182145f7b993029088ccd0a82af0476.yaml
+++ b/nuclei-templates/2024/CVE-2024-1772-6182145f7b993029088ccd0a82af0476.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_data post meta. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/play-ht/"
     google-query: inurl:"/wp-content/plugins/play-ht/"
     shodan-query: 'vuln:CVE-2024-1772'
-  tags: cve,wordpress,wp-plugin,play-ht,high
+  tags: cve,wordpress,wp-plugin,play-ht,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1773-3f477473c5a3237b1cf487ce20b4000a.yaml b/nuclei-templates/2024/CVE-2024-1773-3f477473c5a3237b1cf487ce20b4000a.yaml
index 9de48a97dd..1368b57d32 100644
--- a/nuclei-templates/2024/CVE-2024-1773-3f477473c5a3237b1cf487ce20b4000a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1773-3f477473c5a3237b1cf487ce20b4000a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the order_id parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-1773'
-  tags: cve,wordpress,wp-plugin,pdf-invoices-and-packing-slips-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,pdf-invoices-and-packing-slips-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1775-b5ffaf80d661d564c9b660398c6daa12.yaml b/nuclei-templates/2024/CVE-2024-1775-b5ffaf80d661d564c9b660398c6daa12.yaml
index 205b6d61a7..dc3d4f7b43 100644
--- a/nuclei-templates/2024/CVE-2024-1775-b5ffaf80d661d564c9b660398c6daa12.yaml
+++ b/nuclei-templates/2024/CVE-2024-1775-b5ffaf80d661d564c9b660398c6daa12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_description
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘error_description’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers, with access to a subscriber-level account, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: This vulnerability can be successfully exploited on a vulnerable WordPress instance against an OAuth pre-authenticated higher-level user (e.g., administrator) by leveraging a cross-site request forgery in conjunction with a certain social engineering technique to achieve a critical impact scenario (cross-site scripting to administrator-level account creation). However, successful exploitation requires "Debug mode" to be enabled in the plugin's "Global Settings".
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextend-facebook-connect/"
     google-query: inurl:"/wp-content/plugins/nextend-facebook-connect/"
     shodan-query: 'vuln:CVE-2024-1775'
-  tags: cve,wordpress,wp-plugin,nextend-facebook-connect,medium
+  tags: cve,wordpress,wp-plugin,nextend-facebook-connect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1776-6038d8499b4a66981281a09913dec32b.yaml b/nuclei-templates/2024/CVE-2024-1776-6038d8499b4a66981281a09913dec32b.yaml
index 4086913fa3..58e05eb85d 100644
--- a/nuclei-templates/2024/CVE-2024-1776-6038d8499b4a66981281a09913dec32b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1776-6038d8499b4a66981281a09913dec32b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin side data storage for Contact Form 7 <= 1.1.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-side-data-storage-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/admin-side-data-storage-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2024-1776'
-  tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,high
+  tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1778-338378bbb7402de89fbb870142f8402e.yaml b/nuclei-templates/2024/CVE-2024-1778-338378bbb7402de89fbb870142f8402e.yaml
index fd5d52c541..238de49b85 100644
--- a/nuclei-templates/2024/CVE-2024-1778-338378bbb7402de89fbb870142f8402e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1778-338378bbb7402de89fbb870142f8402e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin side data storage for Contact Form 7 <= 1.1.1 - Missing Authorization to Unauthenticated Bookmark Status Alteration
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-side-data-storage-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/admin-side-data-storage-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2024-1778'
-  tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1779-1c83a92e446554fa5dca6a3142ee08a1.yaml b/nuclei-templates/2024/CVE-2024-1779-1c83a92e446554fa5dca6a3142ee08a1.yaml
index 39eb0c3ffd..ee039fd7ee 100644
--- a/nuclei-templates/2024/CVE-2024-1779-1c83a92e446554fa5dca6a3142ee08a1.yaml
+++ b/nuclei-templates/2024/CVE-2024-1779-1c83a92e446554fa5dca6a3142ee08a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-side-data-storage-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/admin-side-data-storage-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2024-1779'
-  tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1787-45ed5bc2a620f7b73012888c5d094ada.yaml b/nuclei-templates/2024/CVE-2024-1787-45ed5bc2a620f7b73012888c5d094ada.yaml
index 407f3708ec..298526aa58 100644
--- a/nuclei-templates/2024/CVE-2024-1787-45ed5bc2a620f7b73012888c5d094ada.yaml
+++ b/nuclei-templates/2024/CVE-2024-1787-45ed5bc2a620f7b73012888c5d094ada.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contests by Rewards Fuel <= 2.0.64 - Authenticated (Contributor+) Stored Cross-Site Scripting via update_rewards_fuel_api_key
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'update_rewards_fuel_api_key' parameter in all versions up to, and including, 2.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contests-from-rewards-fuel/"
     google-query: inurl:"/wp-content/plugins/contests-from-rewards-fuel/"
     shodan-query: 'vuln:CVE-2024-1787'
-  tags: cve,wordpress,wp-plugin,contests-from-rewards-fuel,medium
+  tags: cve,wordpress,wp-plugin,contests-from-rewards-fuel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1789-4cb0701b6db05c073e2060623ec2f204.yaml b/nuclei-templates/2024/CVE-2024-1789-4cb0701b6db05c073e2060623ec2f204.yaml
index 6118ba0d18..34d1fd056c 100644
--- a/nuclei-templates/2024/CVE-2024-1789-4cb0701b6db05c073e2060623ec2f204.yaml
+++ b/nuclei-templates/2024/CVE-2024-1789-4cb0701b6db05c073e2060623ec2f204.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SMTP 1.2 - 1.2.6 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-smtp/"
     google-query: inurl:"/wp-content/plugins/wp-smtp/"
     shodan-query: 'vuln:CVE-2024-1789'
-  tags: cve,wordpress,wp-plugin,wp-smtp,high
+  tags: cve,wordpress,wp-plugin,wp-smtp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1790-8d9637ff6f7495cd146495e0fed931b5.yaml b/nuclei-templates/2024/CVE-2024-1790-8d9637ff6f7495cd146495e0fed931b5.yaml
index a51ce473de..09aac337c3 100644
--- a/nuclei-templates/2024/CVE-2024-1790-8d9637ff6f7495cd146495e0fed931b5.yaml
+++ b/nuclei-templates/2024/CVE-2024-1790-8d9637ff6f7495cd146495e0fed931b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ajax Load More <= 7.0.1 - Authenticated (Admin+) Directory Traversal to Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-load-more/"
     google-query: inurl:"/wp-content/plugins/ajax-load-more/"
     shodan-query: 'vuln:CVE-2024-1790'
-  tags: cve,wordpress,wp-plugin,ajax-load-more,medium
+  tags: cve,wordpress,wp-plugin,ajax-load-more,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1791-291a48e25bfa003aa951458172971d46.yaml b/nuclei-templates/2024/CVE-2024-1791-291a48e25bfa003aa951458172971d46.yaml
index 0ff9c3e7a0..73d3b3356c 100644
--- a/nuclei-templates/2024/CVE-2024-1791-291a48e25bfa003aa951458172971d46.yaml
+++ b/nuclei-templates/2024/CVE-2024-1791-291a48e25bfa003aa951458172971d46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CodeMirror Blocks <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-codemirror-block/"
     google-query: inurl:"/wp-content/plugins/wp-codemirror-block/"
     shodan-query: 'vuln:CVE-2024-1791'
-  tags: cve,wordpress,wp-plugin,wp-codemirror-block,medium
+  tags: cve,wordpress,wp-plugin,wp-codemirror-block,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1792-8c74a48bb6b992ea1d77056b8703ebf9.yaml b/nuclei-templates/2024/CVE-2024-1792-8c74a48bb6b992ea1d77056b8703ebf9.yaml
index 0433ffa920..e19588487e 100644
--- a/nuclei-templates/2024/CVE-2024-1792-8c74a48bb6b992ea1d77056b8703ebf9.yaml
+++ b/nuclei-templates/2024/CVE-2024-1792-8c74a48bb6b992ea1d77056b8703ebf9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Please note that the plugin is a developer toolkit. For the vulnerability to become exploitable, the presence of a metabox activation in your code (via functions.php for example) is required.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cmb2/"
     google-query: inurl:"/wp-content/plugins/cmb2/"
     shodan-query: 'vuln:CVE-2024-1792'
-  tags: cve,wordpress,wp-plugin,cmb2,high
+  tags: cve,wordpress,wp-plugin,cmb2,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1793-16c74e447f178d9a81be3266e07ecdda.yaml b/nuclei-templates/2024/CVE-2024-1793-16c74e447f178d9a81be3266e07ecdda.yaml
index 23d036e772..abf264040e 100644
--- a/nuclei-templates/2024/CVE-2024-1793-16c74e447f178d9a81be3266e07ecdda.yaml
+++ b/nuclei-templates/2024/CVE-2024-1793-16c74e447f178d9a81be3266e07ecdda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth By AWeber <= 7.3.14 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aweber-web-form-widget/"
     google-query: inurl:"/wp-content/plugins/aweber-web-form-widget/"
     shodan-query: 'vuln:CVE-2024-1793'
-  tags: cve,wordpress,wp-plugin,aweber-web-form-widget,high
+  tags: cve,wordpress,wp-plugin,aweber-web-form-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1795-fc942581b6d806c7e158aaa084482451.yaml b/nuclei-templates/2024/CVE-2024-1795-fc942581b6d806c7e158aaa084482451.yaml
index 0cf4deac28..960d480d6a 100644
--- a/nuclei-templates/2024/CVE-2024-1795-fc942581b6d806c7e158aaa084482451.yaml
+++ b/nuclei-templates/2024/CVE-2024-1795-fc942581b6d806c7e158aaa084482451.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.2 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-products-filter/"
     google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/"
     shodan-query: 'vuln:CVE-2024-1795'
-  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,high
+  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1796-d97caddab7bd05fd7de5182cc29d4629.yaml b/nuclei-templates/2024/CVE-2024-1796-d97caddab7bd05fd7de5182cc29d4629.yaml
index 33ec8f4fc2..2de3943279 100644
--- a/nuclei-templates/2024/CVE-2024-1796-d97caddab7bd05fd7de5182cc29d4629.yaml
+++ b/nuclei-templates/2024/CVE-2024-1796-d97caddab7bd05fd7de5182cc29d4629.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'swoof_slug'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-products-filter/"
     google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/"
     shodan-query: 'vuln:CVE-2024-1796'
-  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1797-dea805289f838218c2f4999e6fa41c84.yaml b/nuclei-templates/2024/CVE-2024-1797-dea805289f838218c2f4999e6fa41c84.yaml
index 5a635e8f57..83405dcf4b 100644
--- a/nuclei-templates/2024/CVE-2024-1797-dea805289f838218c2f4999e6fa41c84.yaml
+++ b/nuclei-templates/2024/CVE-2024-1797-dea805289f838218c2f4999e6fa41c84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wp_ulike_counter' and 'wp_ulike' shortcodes in all versions up to, and including, 4.6.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ulike/"
     google-query: inurl:"/wp-content/plugins/wp-ulike/"
     shodan-query: 'vuln:CVE-2024-1797'
-  tags: cve,wordpress,wp-plugin,wp-ulike,high
+  tags: cve,wordpress,wp-plugin,wp-ulike,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1799-aec7b68517be6133995e008e368392d0.yaml b/nuclei-templates/2024/CVE-2024-1799-aec7b68517be6133995e008e368392d0.yaml
index 23d7e7ae5f..14adf5e4db 100644
--- a/nuclei-templates/2024/CVE-2024-1799-aec7b68517be6133995e008e368392d0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1799-aec7b68517be6133995e008e368392d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.8.6 - Authenticated (Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gamipress/"
     google-query: inurl:"/wp-content/plugins/gamipress/"
     shodan-query: 'vuln:CVE-2024-1799'
-  tags: cve,wordpress,wp-plugin,gamipress,high
+  tags: cve,wordpress,wp-plugin,gamipress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1802-1d3dbd02fa5b7205872c8a687215c897.yaml b/nuclei-templates/2024/CVE-2024-1802-1d3dbd02fa5b7205872c8a687215c897.yaml
index 6201548411..5d28b80f5b 100644
--- a/nuclei-templates/2024/CVE-2024-1802-1d3dbd02fa5b7205872c8a687215c897.yaml
+++ b/nuclei-templates/2024/CVE-2024-1802-1d3dbd02fa5b7205872c8a687215c897.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the user supplied url. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-1802'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1805-16bf911b12f5300e0830fe4fc1eb1ed0.yaml b/nuclei-templates/2024/CVE-2024-1805-16bf911b12f5300e0830fe4fc1eb1ed0.yaml
index dced073b51..3028fdec7d 100644
--- a/nuclei-templates/2024/CVE-2024-1805-16bf911b12f5300e0830fe4fc1eb1ed0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1805-16bf911b12f5300e0830fe4fc1eb1ed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button onclick attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js_composer/"
     google-query: inurl:"/wp-content/plugins/js_composer/"
     shodan-query: 'vuln:CVE-2024-1805'
-  tags: cve,wordpress,wp-plugin,js_composer,medium
+  tags: cve,wordpress,wp-plugin,js_composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1806-0698a66e8bb0aa2a8b088a7a1889cbc2.yaml b/nuclei-templates/2024/CVE-2024-1806-0698a66e8bb0aa2a8b088a7a1889cbc2.yaml
index ba15a02de6..6af0313abb 100644
--- a/nuclei-templates/2024/CVE-2024-1806-0698a66e8bb0aa2a8b088a7a1889cbc2.yaml
+++ b/nuclei-templates/2024/CVE-2024-1806-0698a66e8bb0aa2a8b088a7a1889cbc2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2024-1806'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1807-65c990e02c196c01529c8a603f8098c6.yaml b/nuclei-templates/2024/CVE-2024-1807-65c990e02c196c01529c8a603f8098c6.yaml
index e2eb0b6bc3..badd0c8bfb 100644
--- a/nuclei-templates/2024/CVE-2024-1807-65c990e02c196c01529c8a603f8098c6.yaml
+++ b/nuclei-templates/2024/CVE-2024-1807-65c990e02c196c01529c8a603f8098c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Sort and Display for WooCommerce <= 2.4.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psad_update_product_cat_custom_meta_ajax function in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attackers to hide product categories.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-sort-and-display/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-sort-and-display/"
     shodan-query: 'vuln:CVE-2024-1807'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-sort-and-display,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-product-sort-and-display,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1808-5f9c4587b984a64216df76781ce699a0.yaml b/nuclei-templates/2024/CVE-2024-1808-5f9c4587b984a64216df76781ce699a0.yaml
index 0caa1faf00..1773f26c5d 100644
--- a/nuclei-templates/2024/CVE-2024-1808-5f9c4587b984a64216df76781ce699a0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1808-5f9c4587b984a64216df76781ce699a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2024-1808'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1809-70ab06ad0d2802465de5c71330534e85.yaml b/nuclei-templates/2024/CVE-2024-1809-70ab06ad0d2802465de5c71330534e85.yaml
index b6510316e8..99a56b0db1 100644
--- a/nuclei-templates/2024/CVE-2024-1809-70ab06ad0d2802465de5c71330534e85.yaml
+++ b/nuclei-templates/2024/CVE-2024-1809-70ab06ad0d2802465de5c71330534e85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-analytify/"
     google-query: inurl:"/wp-content/plugins/wp-analytify/"
     shodan-query: 'vuln:CVE-2024-1809'
-  tags: cve,wordpress,wp-plugin,wp-analytify,medium
+  tags: cve,wordpress,wp-plugin,wp-analytify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1840-9af98782950e2bb2fdcec622ba259511.yaml b/nuclei-templates/2024/CVE-2024-1840-9af98782950e2bb2fdcec622ba259511.yaml
index e912eb468a..06a3c4c1eb 100644
--- a/nuclei-templates/2024/CVE-2024-1840-9af98782950e2bb2fdcec622ba259511.yaml
+++ b/nuclei-templates/2024/CVE-2024-1840-9af98782950e2bb2fdcec622ba259511.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js_composer/"
     google-query: inurl:"/wp-content/plugins/js_composer/"
     shodan-query: 'vuln:CVE-2024-1840'
-  tags: cve,wordpress,wp-plugin,js_composer,medium
+  tags: cve,wordpress,wp-plugin,js_composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1841-86b92217e832cff4cd144076070304be.yaml b/nuclei-templates/2024/CVE-2024-1841-86b92217e832cff4cd144076070304be.yaml
index 8371a24c84..5f8e028c8c 100644
--- a/nuclei-templates/2024/CVE-2024-1841-86b92217e832cff4cd144076070304be.yaml
+++ b/nuclei-templates/2024/CVE-2024-1841-86b92217e832cff4cd144076070304be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js_composer/"
     google-query: inurl:"/wp-content/plugins/js_composer/"
     shodan-query: 'vuln:CVE-2024-1841'
-  tags: cve,wordpress,wp-plugin,js_composer,medium
+  tags: cve,wordpress,wp-plugin,js_composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1842-83ebb5cd5f6dc281ececf75915c27b14.yaml b/nuclei-templates/2024/CVE-2024-1842-83ebb5cd5f6dc281ececf75915c27b14.yaml
index 1d8d7b8fbe..57feb3c83c 100644
--- a/nuclei-templates/2024/CVE-2024-1842-83ebb5cd5f6dc281ececf75915c27b14.yaml
+++ b/nuclei-templates/2024/CVE-2024-1842-83ebb5cd5f6dc281ececf75915c27b14.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js_composer/"
     google-query: inurl:"/wp-content/plugins/js_composer/"
     shodan-query: 'vuln:CVE-2024-1842'
-  tags: cve,wordpress,wp-plugin,js_composer,medium
+  tags: cve,wordpress,wp-plugin,js_composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1843-5a61a27c8209633543dc7131ccce0c7b.yaml b/nuclei-templates/2024/CVE-2024-1843-5a61a27c8209633543dc7131ccce0c7b.yaml
index 2b5e268202..bef5bd0834 100644
--- a/nuclei-templates/2024/CVE-2024-1843-5a61a27c8209633543dc7131ccce0c7b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1843-5a61a27c8209633543dc7131ccce0c7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Affiliate Links <= 6.4.3 - Missing Authorization via aalAddLink
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-auto-affiliate-links/"
     google-query: inurl:"/wp-content/plugins/wp-auto-affiliate-links/"
     shodan-query: 'vuln:CVE-2024-1843'
-  tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,medium
+  tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1844-83c485f2e43507746d6f598a094e8632.yaml b/nuclei-templates/2024/CVE-2024-1844-83c485f2e43507746d6f598a094e8632.yaml
index 9006e4966c..08e50c9629 100644
--- a/nuclei-templates/2024/CVE-2024-1844-83c485f2e43507746d6f598a094e8632.yaml
+++ b/nuclei-templates/2024/CVE-2024-1844-83c485f2e43507746d6f598a094e8632.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RevivePress – Keep your Old Content Evergreen <= 1.5.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and copy_data functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-auto-republish/"
     google-query: inurl:"/wp-content/plugins/wp-auto-republish/"
     shodan-query: 'vuln:CVE-2024-1844'
-  tags: cve,wordpress,wp-plugin,wp-auto-republish,medium
+  tags: cve,wordpress,wp-plugin,wp-auto-republish,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1846-36493737cc718a786fc3dabd10944cc2.yaml b/nuclei-templates/2024/CVE-2024-1846-36493737cc718a786fc3dabd10944cc2.yaml
index 1435cf13f4..0b2e290c9f 100644
--- a/nuclei-templates/2024/CVE-2024-1846-36493737cc718a786fc3dabd10944cc2.yaml
+++ b/nuclei-templates/2024/CVE-2024-1846-36493737cc718a786fc3dabd10944cc2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Tabs <= 4.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-tabs/"
     google-query: inurl:"/wp-content/plugins/responsive-tabs/"
     shodan-query: 'vuln:CVE-2024-1846'
-  tags: cve,wordpress,wp-plugin,responsive-tabs,medium
+  tags: cve,wordpress,wp-plugin,responsive-tabs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1849-11af501cd400c11d4471a7dd2fad2f1e.yaml b/nuclei-templates/2024/CVE-2024-1849-11af501cd400c11d4471a7dd2fad2f1e.yaml
index d0161a27d1..376b2031f1 100644
--- a/nuclei-templates/2024/CVE-2024-1849-11af501cd400c11d4471a7dd2fad2f1e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1849-11af501cd400c11d4471a7dd2fad2f1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Customer Reviews <= 3.7.0 - Authenticated (Contributor+) Malicious Redirect via HTTP-EQUIV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Customer Reviews plugin for WordPress is vulnerable to malicious redirects in all versions up to, and including, 3.7.0. This is due to the plugin not properly validating the Business Name field. This makes it possible for authenticated attackers, with contributor-level access and above, to inject malicious redirects.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-customer-reviews/"
     google-query: inurl:"/wp-content/plugins/wp-customer-reviews/"
     shodan-query: 'vuln:CVE-2024-1849'
-  tags: cve,wordpress,wp-plugin,wp-customer-reviews,medium
+  tags: cve,wordpress,wp-plugin,wp-customer-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1850-9eed014edec42d5cd4860053e291ce89.yaml b/nuclei-templates/2024/CVE-2024-1850-9eed014edec42d5cd4860053e291ce89.yaml
index 81f3ce6e1b..6caff8595b 100644
--- a/nuclei-templates/2024/CVE-2024-1850-9eed014edec42d5cd4860053e291ce89.yaml
+++ b/nuclei-templates/2024/CVE-2024-1850-9eed014edec42d5cd4860053e291ce89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI Post Generator | AutoWriter <= 3.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions. CVE-2024-32713 may be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ai-post-generator/"
     google-query: inurl:"/wp-content/plugins/ai-post-generator/"
     shodan-query: 'vuln:CVE-2024-1850'
-  tags: cve,wordpress,wp-plugin,ai-post-generator,medium
+  tags: cve,wordpress,wp-plugin,ai-post-generator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1851-67b32c2b2aa638ff335d272cd6273e53.yaml b/nuclei-templates/2024/CVE-2024-1851-67b32c2b2aa638ff335d272cd6273e53.yaml
index 3838da9322..222ab6c870 100644
--- a/nuclei-templates/2024/CVE-2024-1851-67b32c2b2aa638ff335d272cd6273e53.yaml
+++ b/nuclei-templates/2024/CVE-2024-1851-67b32c2b2aa638ff335d272cd6273e53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_create_list
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliate-toolkit-starter/"
     google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/"
     shodan-query: 'vuln:CVE-2024-1851'
-  tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,medium
+  tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1854-61d212d2e307b78bf3e793271bc28e50.yaml b/nuclei-templates/2024/CVE-2024-1854-61d212d2e307b78bf3e793271bc28e50.yaml
index f310e5100b..cb2cd1b0ee 100644
--- a/nuclei-templates/2024/CVE-2024-1854-61d212d2e307b78bf3e793271bc28e50.yaml
+++ b/nuclei-templates/2024/CVE-2024-1854-61d212d2e307b78bf3e793271bc28e50.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2024-1854'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1857-3a32b3729ec435ff7a8be0b786f133fc.yaml b/nuclei-templates/2024/CVE-2024-1857-3a32b3729ec435ff7a8be0b786f133fc.yaml
index eb70c1caa5..7e9c6ceea9 100644
--- a/nuclei-templates/2024/CVE-2024-1857-3a32b3729ec435ff7a8be0b786f133fc.yaml
+++ b/nuclei-templates/2024/CVE-2024-1857-3a32b3729ec435ff7a8be0b786f133fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates <= 2.6.6 - Missing Authorization to Unauthenticated Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-gift-cards-lite/"
     google-query: inurl:"/wp-content/plugins/woo-gift-cards-lite/"
     shodan-query: 'vuln:CVE-2024-1857'
-  tags: cve,wordpress,wp-plugin,woo-gift-cards-lite,medium
+  tags: cve,wordpress,wp-plugin,woo-gift-cards-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1858-e6650062a97ccf46abe2dbd6696321ce.yaml b/nuclei-templates/2024/CVE-2024-1858-e6650062a97ccf46abe2dbd6696321ce.yaml
index c51937322d..c02eec6fc7 100644
--- a/nuclei-templates/2024/CVE-2024-1858-e6650062a97ccf46abe2dbd6696321ce.yaml
+++ b/nuclei-templates/2024/CVE-2024-1858-e6650062a97ccf46abe2dbd6696321ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-lightbox-gallery/"
     google-query: inurl:"/wp-content/plugins/simple-lightbox-gallery/"
     shodan-query: 'vuln:CVE-2024-1858'
-  tags: cve,wordpress,wp-plugin,simple-lightbox-gallery,medium
+  tags: cve,wordpress,wp-plugin,simple-lightbox-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1859-091efbe9d1188b98a534caa4402e018b.yaml b/nuclei-templates/2024/CVE-2024-1859-091efbe9d1188b98a534caa4402e018b.yaml
index 6b1d3eeb67..a992466502 100644
--- a/nuclei-templates/2024/CVE-2024-1859-091efbe9d1188b98a534caa4402e018b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1859-091efbe9d1188b98a534caa4402e018b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Responsive Slideshow – Image slider, Gallery slideshow <= 1.3.8 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-responsive-slideshow/"
     google-query: inurl:"/wp-content/plugins/slider-responsive-slideshow/"
     shodan-query: 'vuln:CVE-2024-1859'
-  tags: cve,wordpress,wp-plugin,slider-responsive-slideshow,high
+  tags: cve,wordpress,wp-plugin,slider-responsive-slideshow,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1860-1198314be1810779166a4e03d8729a10.yaml b/nuclei-templates/2024/CVE-2024-1860-1198314be1810779166a4e03d8729a10.yaml
index 074263ee32..4395a7aa7a 100644
--- a/nuclei-templates/2024/CVE-2024-1860-1198314be1810779166a4e03d8729a10.yaml
+++ b/nuclei-templates/2024/CVE-2024-1860-1198314be1810779166a4e03d8729a10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/antihacker/"
     google-query: inurl:"/wp-content/plugins/antihacker/"
     shodan-query: 'vuln:CVE-2024-1860'
-  tags: cve,wordpress,wp-plugin,antihacker,medium
+  tags: cve,wordpress,wp-plugin,antihacker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1861-52d5b418dd2173338819829d8805e340.yaml b/nuclei-templates/2024/CVE-2024-1861-52d5b418dd2173338819829d8805e340.yaml
index 00df01fd46..61b494538a 100644
--- a/nuclei-templates/2024/CVE-2024-1861-52d5b418dd2173338819829d8805e340.yaml
+++ b/nuclei-templates/2024/CVE-2024-1861-52d5b418dd2173338819829d8805e340.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/antihacker/"
     google-query: inurl:"/wp-content/plugins/antihacker/"
     shodan-query: 'vuln:CVE-2024-1861'
-  tags: cve,wordpress,wp-plugin,antihacker,medium
+  tags: cve,wordpress,wp-plugin,antihacker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1862-754ce0f32f23ec71660fa4b4da98462b.yaml b/nuclei-templates/2024/CVE-2024-1862-754ce0f32f23ec71660fa4b4da98462b.yaml
index 4804cdbe2a..28a4d7747a 100644
--- a/nuclei-templates/2024/CVE-2024-1862-754ce0f32f23ec71660fa4b4da98462b.yaml
+++ b/nuclei-templates/2024/CVE-2024-1862-754ce0f32f23ec71660fa4b4da98462b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with contributor access and above, to update the values of arbitrary site options to 'dismissed'.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-add-to-cart-custom-redirect/"
     google-query: inurl:"/wp-content/plugins/woocommerce-add-to-cart-custom-redirect/"
     shodan-query: 'vuln:CVE-2024-1862'
-  tags: cve,wordpress,wp-plugin,woocommerce-add-to-cart-custom-redirect,high
+  tags: cve,wordpress,wp-plugin,woocommerce-add-to-cart-custom-redirect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1870-7af76cb753c181fa25d318d1a52543d2.yaml b/nuclei-templates/2024/CVE-2024-1870-7af76cb753c181fa25d318d1a52543d2.yaml
index 4eca167a4b..1b6869db3b 100644
--- a/nuclei-templates/2024/CVE-2024-1870-7af76cb753c181fa25d318d1a52543d2.yaml
+++ b/nuclei-templates/2024/CVE-2024-1870-7af76cb753c181fa25d318d1a52543d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Colibri Page Builder <= 1.0.260 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/colibri-page-builder/"
     google-query: inurl:"/wp-content/plugins/colibri-page-builder/"
     shodan-query: 'vuln:CVE-2024-1870'
-  tags: cve,wordpress,wp-plugin,colibri-page-builder,medium
+  tags: cve,wordpress,wp-plugin,colibri-page-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1872-3e24dfff2b5771f43f4fe5ad4a241e28.yaml b/nuclei-templates/2024/CVE-2024-1872-3e24dfff2b5771f43f4fe5ad4a241e28.yaml
index 0c70e08945..35b97bde3f 100644
--- a/nuclei-templates/2024/CVE-2024-1872-3e24dfff2b5771f43f4fe5ad4a241e28.yaml
+++ b/nuclei-templates/2024/CVE-2024-1872-3e24dfff2b5771f43f4fe5ad4a241e28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/button/"
     google-query: inurl:"/wp-content/plugins/button/"
     shodan-query: 'vuln:CVE-2024-1872'
-  tags: cve,wordpress,wp-plugin,button,high
+  tags: cve,wordpress,wp-plugin,button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1893-7e74a978e0fcd8ce34e332a78ac6415d.yaml b/nuclei-templates/2024/CVE-2024-1893-7e74a978e0fcd8ce34e332a78ac6415d.yaml
index 0b185cfee4..a21c9c4c82 100644
--- a/nuclei-templates/2024/CVE-2024-1893-7e74a978e0fcd8ce34e332a78ac6415d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1893-7e74a978e0fcd8ce34e332a78ac6415d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Property Listings <= 3.5.2 - Authenticated(Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-property-listings/"
     google-query: inurl:"/wp-content/plugins/easy-property-listings/"
     shodan-query: 'vuln:CVE-2024-1893'
-  tags: cve,wordpress,wp-plugin,easy-property-listings,high
+  tags: cve,wordpress,wp-plugin,easy-property-listings,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1894-a36b6c8064388eb19a8195201a1f8d8d.yaml b/nuclei-templates/2024/CVE-2024-1894-a36b6c8064388eb19a8195201a1f8d8d.yaml
index dd4b4279ec..35168c9672 100644
--- a/nuclei-templates/2024/CVE-2024-1894-a36b6c8064388eb19a8195201a1f8d8d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1894-a36b6c8064388eb19a8195201a1f8d8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Burst Statistics – Privacy-Friendly Analytics for WordPress <= 1.5.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via burst_total_pageviews_count
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this exploit only functions if the victim has the 'Show Toolbar when viewing site' option enabled in their profile.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/burst-statistics/"
     google-query: inurl:"/wp-content/plugins/burst-statistics/"
     shodan-query: 'vuln:CVE-2024-1894'
-  tags: cve,wordpress,wp-plugin,burst-statistics,medium
+  tags: cve,wordpress,wp-plugin,burst-statistics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1895-86218768d044c8a0a41ad3c63743810a.yaml b/nuclei-templates/2024/CVE-2024-1895-86218768d044c8a0a41ad3c63743810a.yaml
index 46f724bfca..7ab007fd48 100644
--- a/nuclei-templates/2024/CVE-2024-1895-86218768d044c8a0a41ad3c63743810a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1895-86218768d044c8a0a41ad3c63743810a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Monster <= 1.3.4 - Authenticated(Contributor+) PHP Object Injection via Custom Meta
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-monster/"
     google-query: inurl:"/wp-content/plugins/event-monster/"
     shodan-query: 'vuln:CVE-2024-1895'
-  tags: cve,wordpress,wp-plugin,event-monster,high
+  tags: cve,wordpress,wp-plugin,event-monster,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1896-1064e143eb72cf1f7f6e0379aeb06d2d.yaml b/nuclei-templates/2024/CVE-2024-1896-1064e143eb72cf1f7f6e0379aeb06d2d.yaml
index 02d3a39a6e..cd06886ea9 100644
--- a/nuclei-templates/2024/CVE-2024-1896-1064e143eb72cf1f7f6e0379aeb06d2d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1896-1064e143eb72cf1f7f6e0379aeb06d2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery <= 1.4.1 - Authenticated(Contributor+) PHP Object Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.1 via deserialization via shortcode of untrusted input from the 'awl_lg_settings_' attribute. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/new-photo-gallery/"
     google-query: inurl:"/wp-content/plugins/new-photo-gallery/"
     shodan-query: 'vuln:CVE-2024-1896'
-  tags: cve,wordpress,wp-plugin,new-photo-gallery,high
+  tags: cve,wordpress,wp-plugin,new-photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1897-b56d867b606b433de9a6f7e49a5d4259.yaml b/nuclei-templates/2024/CVE-2024-1897-b56d867b606b433de9a6f7e49a5d4259.yaml
index f374e9a971..121984ace7 100644
--- a/nuclei-templates/2024/CVE-2024-1897-b56d867b606b433de9a6f7e49a5d4259.yaml
+++ b/nuclei-templates/2024/CVE-2024-1897-b56d867b606b433de9a6f7e49a5d4259.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated(Contributor+) PHP Object Injection via shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awl_gg_settings_ meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/new-grid-gallery/"
     google-query: inurl:"/wp-content/plugins/new-grid-gallery/"
     shodan-query: 'vuln:CVE-2024-1897'
-  tags: cve,wordpress,wp-plugin,new-grid-gallery,high
+  tags: cve,wordpress,wp-plugin,new-grid-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1904-55dfb8067a9d9a28485a43b25b96a7c4.yaml b/nuclei-templates/2024/CVE-2024-1904-55dfb8067a9d9a28485a43b25b96a7c4.yaml
index ac7148495a..bf973325bb 100644
--- a/nuclei-templates/2024/CVE-2024-1904-55dfb8067a9d9a28485a43b25b96a7c4.yaml
+++ b/nuclei-templates/2024/CVE-2024-1904-55dfb8067a9d9a28485a43b25b96a7c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MasterStudy LMS  <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/"
     google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/"
     shodan-query: 'vuln:CVE-2024-1904'
-  tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,medium
+  tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1905-96ab3b40e77e6543e8b3a6fdd1944579.yaml b/nuclei-templates/2024/CVE-2024-1905-96ab3b40e77e6543e8b3a6fdd1944579.yaml
index 0deb0d3601..87220b25de 100644
--- a/nuclei-templates/2024/CVE-2024-1905-96ab3b40e77e6543e8b3a6fdd1944579.yaml
+++ b/nuclei-templates/2024/CVE-2024-1905-96ab3b40e77e6543e8b3a6fdd1944579.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Forms – when you need more than just a contact form <= 2.9.95 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.95 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-forms/"
     google-query: inurl:"/wp-content/plugins/smart-forms/"
     shodan-query: 'vuln:CVE-2024-1905'
-  tags: cve,wordpress,wp-plugin,smart-forms,medium
+  tags: cve,wordpress,wp-plugin,smart-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1945-2b5549b3c83c7777a1b6e0311c345bd4.yaml b/nuclei-templates/2024/CVE-2024-1945-2b5549b3c83c7777a1b6e0311c345bd4.yaml
index 06d633d470..783587460a 100644
--- a/nuclei-templates/2024/CVE-2024-1945-2b5549b3c83c7777a1b6e0311c345bd4.yaml
+++ b/nuclei-templates/2024/CVE-2024-1945-2b5549b3c83c7777a1b6e0311c345bd4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contact Form, Survey & Popup Form Plugin for WordPress –  ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber access and above, to delete arbitrary site options, resulting in loss of availability.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/arforms-form-builder/"
     google-query: inurl:"/wp-content/plugins/arforms-form-builder/"
     shodan-query: 'vuln:CVE-2024-1945'
-  tags: cve,wordpress,wp-plugin,arforms-form-builder,high
+  tags: cve,wordpress,wp-plugin,arforms-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1946-81d04df7ff5b0fa9ae3cc7f6b2f9eb6d.yaml b/nuclei-templates/2024/CVE-2024-1946-81d04df7ff5b0fa9ae3cc7f6b2f9eb6d.yaml
index ad5d532e31..a2710d23f1 100644
--- a/nuclei-templates/2024/CVE-2024-1946-81d04df7ff5b0fa9ae3cc7f6b2f9eb6d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1946-81d04df7ff5b0fa9ae3cc7f6b2f9eb6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Genesis Blocks <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Content
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/genesis-blocks/"
     google-query: inurl:"/wp-content/plugins/genesis-blocks/"
     shodan-query: 'vuln:CVE-2024-1946'
-  tags: cve,wordpress,wp-plugin,genesis-blocks,medium
+  tags: cve,wordpress,wp-plugin,genesis-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1948-860548571db1d3ac7f3a8905c5f28f8d.yaml b/nuclei-templates/2024/CVE-2024-1948-860548571db1d3ac7f3a8905c5f28f8d.yaml
index 5421a49b27..0bb9bccdce 100644
--- a/nuclei-templates/2024/CVE-2024-1948-860548571db1d3ac7f3a8905c5f28f8d.yaml
+++ b/nuclei-templates/2024/CVE-2024-1948-860548571db1d3ac7f3a8905c5f28f8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/getwid/"
     google-query: inurl:"/wp-content/plugins/getwid/"
     shodan-query: 'vuln:CVE-2024-1948'
-  tags: cve,wordpress,wp-plugin,getwid,medium
+  tags: cve,wordpress,wp-plugin,getwid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1950-26d0ee067e8dc6608c7e062864b37750.yaml b/nuclei-templates/2024/CVE-2024-1950-26d0ee067e8dc6608c7e062864b37750.yaml
index 333ab02ccb..0d1376698e 100644
--- a/nuclei-templates/2024/CVE-2024-1950-26d0ee067e8dc6608c7e062864b37750.yaml
+++ b/nuclei-templates/2024/CVE-2024-1950-26d0ee067e8dc6608c7e062864b37750.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.7 - Authenticated(Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/"
     google-query: inurl:"/wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/"
     shodan-query: 'vuln:CVE-2024-1950'
-  tags: cve,wordpress,wp-plugin,woo-product-carousel-slider-and-grid-ultimate,high
+  tags: cve,wordpress,wp-plugin,woo-product-carousel-slider-and-grid-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1951-bbfdb718b30267886c66b70ab8a80fee.yaml b/nuclei-templates/2024/CVE-2024-1951-bbfdb718b30267886c66b70ab8a80fee.yaml
index 3c03af5f94..caad0aa195 100644
--- a/nuclei-templates/2024/CVE-2024-1951-bbfdb718b30267886c66b70ab8a80fee.yaml
+++ b/nuclei-templates/2024/CVE-2024-1951-bbfdb718b30267886c66b70ab8a80fee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/logo-showcase-ultimate/"
     google-query: inurl:"/wp-content/plugins/logo-showcase-ultimate/"
     shodan-query: 'vuln:CVE-2024-1951'
-  tags: cve,wordpress,wp-plugin,logo-showcase-ultimate,high
+  tags: cve,wordpress,wp-plugin,logo-showcase-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1957-86bbc19d9e21d4915eb630a058d87bcf.yaml b/nuclei-templates/2024/CVE-2024-1957-86bbc19d9e21d4915eb630a058d87bcf.yaml
index eab1949682..b8c980211c 100644
--- a/nuclei-templates/2024/CVE-2024-1957-86bbc19d9e21d4915eb630a058d87bcf.yaml
+++ b/nuclei-templates/2024/CVE-2024-1957-86bbc19d9e21d4915eb630a058d87bcf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP – Donation Plugin and Fundraising Platform <= 3.6.1 -- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2024-1957'
-  tags: cve,wordpress,wp-plugin,give,medium
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1959-cf2b6bb9f998ed8bc8db5b63bcf57bd0.yaml b/nuclei-templates/2024/CVE-2024-1959-cf2b6bb9f998ed8bc8db5b63bcf57bd0.yaml
index 647666f6f4..dd8411d6da 100644
--- a/nuclei-templates/2024/CVE-2024-1959-cf2b6bb9f998ed8bc8db5b63bcf57bd0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1959-cf2b6bb9f998ed8bc8db5b63bcf57bd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Sharing Plugin – Social Warfare <= 4.4.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode in all versions up to, and including, 4.4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-warfare/"
     google-query: inurl:"/wp-content/plugins/social-warfare/"
     shodan-query: 'vuln:CVE-2024-1959'
-  tags: cve,wordpress,wp-plugin,social-warfare,medium
+  tags: cve,wordpress,wp-plugin,social-warfare,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1960-9d840efd84947ddae0da773e8bea6c66.yaml b/nuclei-templates/2024/CVE-2024-1960-9d840efd84947ddae0da773e8bea6c66.yaml
index 11fd09db4e..d6ec1d9e68 100644
--- a/nuclei-templates/2024/CVE-2024-1960-9d840efd84947ddae0da773e8bea6c66.yaml
+++ b/nuclei-templates/2024/CVE-2024-1960-9d840efd84947ddae0da773e8bea6c66.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woolentor-addons/"
     google-query: inurl:"/wp-content/plugins/woolentor-addons/"
     shodan-query: 'vuln:CVE-2024-1960'
-  tags: cve,wordpress,wp-plugin,woolentor-addons,medium
+  tags: cve,wordpress,wp-plugin,woolentor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1974-c8bc0703f7a40b6110052093d1b42354.yaml b/nuclei-templates/2024/CVE-2024-1974-c8bc0703f7a40b6110052093d1b42354.yaml
index 546ea3fbfe..9833ac3deb 100644
--- a/nuclei-templates/2024/CVE-2024-1974-c8bc0703f7a40b6110052093d1b42354.yaml
+++ b/nuclei-templates/2024/CVE-2024-1974-c8bc0703f7a40b6110052093d1b42354.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Directory Traversal
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-1974'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,high
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1977-49049729ee40c19e1754ddd17e7749a5.yaml b/nuclei-templates/2024/CVE-2024-1977-49049729ee40c19e1754ddd17e7749a5.yaml
index 2f0b08810e..db7889cd9e 100644
--- a/nuclei-templates/2024/CVE-2024-1977-49049729ee40c19e1754ddd17e7749a5.yaml
+++ b/nuclei-templates/2024/CVE-2024-1977-49049729ee40c19e1754ddd17e7749a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restaurant Solutions – Checklist 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restaurant-solutions-checklist/"
     google-query: inurl:"/wp-content/plugins/restaurant-solutions-checklist/"
     shodan-query: 'vuln:CVE-2024-1977'
-  tags: cve,wordpress,wp-plugin,restaurant-solutions-checklist,medium
+  tags: cve,wordpress,wp-plugin,restaurant-solutions-checklist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1978-5ca6e072da0718d54bf45a16b11714b0.yaml b/nuclei-templates/2024/CVE-2024-1978-5ca6e072da0718d54bf45a16b11714b0.yaml
index 787e96cb19..3c388593b9 100644
--- a/nuclei-templates/2024/CVE-2024-1978-5ca6e072da0718d54bf45a16b11714b0.yaml
+++ b/nuclei-templates/2024/CVE-2024-1978-5ca6e072da0718d54bf45a16b11714b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Friends <= 2.8.5 - Authenticated (Admin+) Blind Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/friends/"
     google-query: inurl:"/wp-content/plugins/friends/"
     shodan-query: 'vuln:CVE-2024-1978'
-  tags: cve,wordpress,wp-plugin,friends,medium
+  tags: cve,wordpress,wp-plugin,friends,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1982-70efeee5b28a1c15fdfabb1bea0a8d31.yaml b/nuclei-templates/2024/CVE-2024-1982-70efeee5b28a1c15fdfabb1bea0a8d31.yaml
index 765a5ca048..2911ac83cf 100644
--- a/nuclei-templates/2024/CVE-2024-1982-70efeee5b28a1c15fdfabb1bea0a8d31.yaml
+++ b/nuclei-templates/2024/CVE-2024-1982-70efeee5b28a1c15fdfabb1bea0a8d31.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPvivid Backup and Migration <= 0.9.68 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:CVE-2024-1982'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,medium
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1984-3f304f35d6ee539a7dae259777309bd7.yaml b/nuclei-templates/2024/CVE-2024-1984-3f304f35d6ee539a7dae259777309bd7.yaml
index 5c3c78cba8..ec134384bd 100644
--- a/nuclei-templates/2024/CVE-2024-1984-3f304f35d6ee539a7dae259777309bd7.yaml
+++ b/nuclei-templates/2024/CVE-2024-1984-3f304f35d6ee539a7dae259777309bd7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Graphene <= 2.9.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/graphene/"
     google-query: inurl:"/wp-content/themes/graphene/"
     shodan-query: 'vuln:CVE-2024-1984'
-  tags: cve,wordpress,wp-theme,graphene,medium
+  tags: cve,wordpress,wp-theme,graphene,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1985-59892014ec81eb27e2ab381aff54e186.yaml b/nuclei-templates/2024/CVE-2024-1985-59892014ec81eb27e2ab381aff54e186.yaml
index 19e6fd1b00..fd3f209f43 100644
--- a/nuclei-templates/2024/CVE-2024-1985-59892014ec81eb27e2ab381aff54e186.yaml
+++ b/nuclei-templates/2024/CVE-2024-1985-59892014ec81eb27e2ab381aff54e186.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership <= 4.4.2 - Unauthenticated Stored Self-Based Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership/"
     google-query: inurl:"/wp-content/plugins/simple-membership/"
     shodan-query: 'vuln:CVE-2024-1985'
-  tags: cve,wordpress,wp-plugin,simple-membership,medium
+  tags: cve,wordpress,wp-plugin,simple-membership,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1986-da8ac31a9cff4acdc3e67efcf5be4751.yaml b/nuclei-templates/2024/CVE-2024-1986-da8ac31a9cff4acdc3e67efcf5be4751.yaml
index 17c9b709de..97abc6402b 100644
--- a/nuclei-templates/2024/CVE-2024-1986-da8ac31a9cff4acdc3e67efcf5be4751.yaml
+++ b/nuclei-templates/2024/CVE-2024-1986-da8ac31a9cff4acdc3e67efcf5be4751.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elite Booster for WooCommerce  <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable when the user product upload functionality is enabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-1986'
-  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1987-e2f5ffd9a4d18c5b5627131fa4317643.yaml b/nuclei-templates/2024/CVE-2024-1987-e2f5ffd9a4d18c5b5627131fa4317643.yaml
index 685d2ee357..4f835c0935 100644
--- a/nuclei-templates/2024/CVE-2024-1987-e2f5ffd9a4d18c5b5627131fa4317643.yaml
+++ b/nuclei-templates/2024/CVE-2024-1987-e2f5ffd9a4d18c5b5627131fa4317643.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Members Membership Plugin <= 3.4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-members/"
     google-query: inurl:"/wp-content/plugins/wp-members/"
     shodan-query: 'vuln:CVE-2024-1987'
-  tags: cve,wordpress,wp-plugin,wp-members,medium
+  tags: cve,wordpress,wp-plugin,wp-members,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1989-c564c36d083131df8b70721d4380612a.yaml b/nuclei-templates/2024/CVE-2024-1989-c564c36d083131df8b70721d4380612a.yaml
index 80843716dd..48619e84e3 100644
--- a/nuclei-templates/2024/CVE-2024-1989-c564c36d083131df8b70721d4380612a.yaml
+++ b/nuclei-templates/2024/CVE-2024-1989-c564c36d083131df8b70721d4380612a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Sharing Plugin – Sassy Social Share <= 3.3.58 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such as 'url'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sassy-social-share/"
     google-query: inurl:"/wp-content/plugins/sassy-social-share/"
     shodan-query: 'vuln:CVE-2024-1989'
-  tags: cve,wordpress,wp-plugin,sassy-social-share,medium
+  tags: cve,wordpress,wp-plugin,sassy-social-share,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1990-03faf5c8e4483bcb72677008477fdf8f.yaml b/nuclei-templates/2024/CVE-2024-1990-03faf5c8e4483bcb72677008477fdf8f.yaml
index 412b4f044d..410134a078 100644
--- a/nuclei-templates/2024/CVE-2024-1990-03faf5c8e4483bcb72677008477fdf8f.yaml
+++ b/nuclei-templates/2024/CVE-2024-1990-03faf5c8e4483bcb72677008477fdf8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2024-1990'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1991-7db9573a3e8af958ed29c7bf6f04dd8e.yaml b/nuclei-templates/2024/CVE-2024-1991-7db9573a3e8af958ed29c7bf6f04dd8e.yaml
index 0f0158e7dd..65dfbed60b 100644
--- a/nuclei-templates/2024/CVE-2024-1991-7db9573a3e8af958ed29c7bf6f04dd8e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1991-7db9573a3e8af958ed29c7bf6f04dd8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:CVE-2024-1991'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1993-3d89fb86525a43be8c098b0f455b9af2.yaml b/nuclei-templates/2024/CVE-2024-1993-3d89fb86525a43be8c098b0f455b9af2.yaml
index 21167cef5f..2b14e72622 100644
--- a/nuclei-templates/2024/CVE-2024-1993-3d89fb86525a43be8c098b0f455b9af2.yaml
+++ b/nuclei-templates/2024/CVE-2024-1993-3d89fb86525a43be8c098b0f455b9af2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icon Widget <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icon-widget/"
     google-query: inurl:"/wp-content/plugins/icon-widget/"
     shodan-query: 'vuln:CVE-2024-1993'
-  tags: cve,wordpress,wp-plugin,icon-widget,medium
+  tags: cve,wordpress,wp-plugin,icon-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1994-cc02f6870e1e296858d0d36136b32112.yaml b/nuclei-templates/2024/CVE-2024-1994-cc02f6870e1e296858d0d36136b32112.yaml
index cf6a55f505..aa862b057b 100644
--- a/nuclei-templates/2024/CVE-2024-1994-cc02f6870e1e296858d0d36136b32112.yaml
+++ b/nuclei-templates/2024/CVE-2024-1994-cc02f6870e1e296858d0d36136b32112.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to apply and remove watermarks from images.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-watermark/"
     google-query: inurl:"/wp-content/plugins/image-watermark/"
     shodan-query: 'vuln:CVE-2024-1994'
-  tags: cve,wordpress,wp-plugin,image-watermark,medium
+  tags: cve,wordpress,wp-plugin,image-watermark,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1995-0d0a2f550b1652e990ebb3d0da6393ae.yaml b/nuclei-templates/2024/CVE-2024-1995-0d0a2f550b1652e990ebb3d0da6393ae.yaml
index 854c8e3be9..532961ac8e 100644
--- a/nuclei-templates/2024/CVE-2024-1995-0d0a2f550b1652e990ebb3d0da6393ae.yaml
+++ b/nuclei-templates/2024/CVE-2024-1995-0d0a2f550b1652e990ebb3d0da6393ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above, to retrieve post content that is password protected and/or private.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-custom-fields/"
     google-query: inurl:"/wp-content/plugins/smart-custom-fields/"
     shodan-query: 'vuln:CVE-2024-1995'
-  tags: cve,wordpress,wp-plugin,smart-custom-fields,medium
+  tags: cve,wordpress,wp-plugin,smart-custom-fields,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1996-24ae12d6b29ac4b2b659477fd814db52.yaml b/nuclei-templates/2024/CVE-2024-1996-24ae12d6b29ac4b2b659477fd814db52.yaml
index 403293b912..907b3f993a 100644
--- a/nuclei-templates/2024/CVE-2024-1996-24ae12d6b29ac4b2b659477fd814db52.yaml
+++ b/nuclei-templates/2024/CVE-2024-1996-24ae12d6b29ac4b2b659477fd814db52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor PRO <= 2.9.12 -  Authenticated(Contributor+) Stored Cross-Site Scripting via widget link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-pro/"
     google-query: inurl:"/wp-content/plugins/premium-addons-pro/"
     shodan-query: 'vuln:CVE-2024-1996'
-  tags: cve,wordpress,wp-plugin,premium-addons-pro,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1997-a6cbba6a06f8c16a716b48b44610ad62.yaml b/nuclei-templates/2024/CVE-2024-1997-a6cbba6a06f8c16a716b48b44610ad62.yaml
index 32b2a0d1c2..3c069ba52b 100644
--- a/nuclei-templates/2024/CVE-2024-1997-a6cbba6a06f8c16a716b48b44610ad62.yaml
+++ b/nuclei-templates/2024/CVE-2024-1997-a6cbba6a06f8c16a716b48b44610ad62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-pro/"
     google-query: inurl:"/wp-content/plugins/premium-addons-pro/"
     shodan-query: 'vuln:CVE-2024-1997'
-  tags: cve,wordpress,wp-plugin,premium-addons-pro,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-1999-7faa2f91e19a5cd476ef97768ff54f4e.yaml b/nuclei-templates/2024/CVE-2024-1999-7faa2f91e19a5cd476ef97768ff54f4e.yaml
index 2e10a2291b..6c71f87884 100644
--- a/nuclei-templates/2024/CVE-2024-1999-7faa2f91e19a5cd476ef97768ff54f4e.yaml
+++ b/nuclei-templates/2024/CVE-2024-1999-7faa2f91e19a5cd476ef97768ff54f4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2024-1999'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,medium
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2000-7dae15c1486a66b7dbaca3afb1f366c1.yaml b/nuclei-templates/2024/CVE-2024-2000-7dae15c1486a66b7dbaca3afb1f366c1.yaml
index 1bed4d5992..1a850efa11 100644
--- a/nuclei-templates/2024/CVE-2024-2000-7dae15c1486a66b7dbaca3afb1f366c1.yaml
+++ b/nuclei-templates/2024/CVE-2024-2000-7dae15c1486a66b7dbaca3afb1f366c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-pro/"
     google-query: inurl:"/wp-content/plugins/premium-addons-pro/"
     shodan-query: 'vuln:CVE-2024-2000'
-  tags: cve,wordpress,wp-plugin,premium-addons-pro,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2006-c9946499e4c79e58a3887d0481784464.yaml b/nuclei-templates/2024/CVE-2024-2006-c9946499e4c79e58a3887d0481784464.yaml
index 0376b22f11..d882c1b944 100644
--- a/nuclei-templates/2024/CVE-2024-2006-c9946499e4c79e58a3887d0481784464.yaml
+++ b/nuclei-templates/2024/CVE-2024-2006-c9946499e4c79e58a3887d0481784464.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-grid-carousel-ultimate/"
     google-query: inurl:"/wp-content/plugins/post-grid-carousel-ultimate/"
     shodan-query: 'vuln:CVE-2024-2006'
-  tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,high
+  tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2008-033ec25d9b806257f1f1c6f477525749.yaml b/nuclei-templates/2024/CVE-2024-2008-033ec25d9b806257f1f1c6f477525749.yaml
index e0b9ffd9c6..7bdf92428e 100644
--- a/nuclei-templates/2024/CVE-2024-2008-033ec25d9b806257f1f1c6f477525749.yaml
+++ b/nuclei-templates/2024/CVE-2024-2008-033ec25d9b806257f1f1c6f477525749.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awl_modal_popup_box_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modal-popup-box/"
     google-query: inurl:"/wp-content/plugins/modal-popup-box/"
     shodan-query: 'vuln:CVE-2024-2008'
-  tags: cve,wordpress,wp-plugin,modal-popup-box,high
+  tags: cve,wordpress,wp-plugin,modal-popup-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2018-b55e1b34aba62c4a9df9aec2a27f5d8a.yaml b/nuclei-templates/2024/CVE-2024-2018-b55e1b34aba62c4a9df9aec2a27f5d8a.yaml
index 409af47bf0..ff027d0aa8 100644
--- a/nuclei-templates/2024/CVE-2024-2018-b55e1b34aba62c4a9df9aec2a27f5d8a.yaml
+++ b/nuclei-templates/2024/CVE-2024-2018-b55e1b34aba62c4a9df9aec2a27f5d8a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Activity Log Premium <= 4.6.4 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. One demonstrated attack included the injection of a PHP Object.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-security-audit-log-premium/"
     google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/"
     shodan-query: 'vuln:CVE-2024-2018'
-  tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,high
+  tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2025-bf0f79649962d2d1514ad595e16e29b6.yaml b/nuclei-templates/2024/CVE-2024-2025-bf0f79649962d2d1514ad595e16e29b6.yaml
index 1c9c714e80..b1da1fbf0c 100644
--- a/nuclei-templates/2024/CVE-2024-2025-bf0f79649962d2d1514ad595e16e29b6.yaml
+++ b/nuclei-templates/2024/CVE-2024-2025-bf0f79649962d2d1514ad595e16e29b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. CVE-2024-32603 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc4bp/"
     google-query: inurl:"/wp-content/plugins/wc4bp/"
     shodan-query: 'vuln:CVE-2024-2025'
-  tags: cve,wordpress,wp-plugin,wc4bp,high
+  tags: cve,wordpress,wp-plugin,wc4bp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2026-0585d1bea582d0ee6fb87cab95609406.yaml b/nuclei-templates/2024/CVE-2024-2026-0585d1bea582d0ee6fb87cab95609406.yaml
index ab3971c517..4bf74b461e 100644
--- a/nuclei-templates/2024/CVE-2024-2026-0585d1bea582d0ee6fb87cab95609406.yaml
+++ b/nuclei-templates/2024/CVE-2024-2026-0585d1bea582d0ee6fb87cab95609406.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Passster <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protector Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-protector/"
     google-query: inurl:"/wp-content/plugins/content-protector/"
     shodan-query: 'vuln:CVE-2024-2026'
-  tags: cve,wordpress,wp-plugin,content-protector,medium
+  tags: cve,wordpress,wp-plugin,content-protector,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2027-426ec193e6b1f2e068f34932123c6dcd.yaml b/nuclei-templates/2024/CVE-2024-2027-426ec193e6b1f2e068f34932123c6dcd.yaml
index 568bc8fbd5..a711e15721 100644
--- a/nuclei-templates/2024/CVE-2024-2027-426ec193e6b1f2e068f34932123c6dcd.yaml
+++ b/nuclei-templates/2024/CVE-2024-2027-426ec193e6b1f2e068f34932123c6dcd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Media Library: Media Library Folder & File Manager <= 4.22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/real-media-library-lite/"
     google-query: inurl:"/wp-content/plugins/real-media-library-lite/"
     shodan-query: 'vuln:CVE-2024-2027'
-  tags: cve,wordpress,wp-plugin,real-media-library-lite,medium
+  tags: cve,wordpress,wp-plugin,real-media-library-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2028-03413c94281e9bdcb28cf85f17f56cbd.yaml b/nuclei-templates/2024/CVE-2024-2028-03413c94281e9bdcb28cf85f17f56cbd.yaml
index 28f1bd5459..d2f496afd0 100644
--- a/nuclei-templates/2024/CVE-2024-2028-03413c94281e9bdcb28cf85f17f56cbd.yaml
+++ b/nuclei-templates/2024/CVE-2024-2028-03413c94281e9bdcb28cf85f17f56cbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Covid-19 Stats Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2028'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2030-a7ecc95184b3ade18a4afbbf2cc86f31.yaml b/nuclei-templates/2024/CVE-2024-2030-a7ecc95184b3ade18a4afbbf2cc86f31.yaml
index 35ed347a97..891373ccbd 100644
--- a/nuclei-templates/2024/CVE-2024-2030-a7ecc95184b3ade18a4afbbf2cc86f31.yaml
+++ b/nuclei-templates/2024/CVE-2024-2030-a7ecc95184b3ade18a4afbbf2cc86f31.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Database for Contact Form 7, WPforms, Elementor forms <= 1.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-entries/"
     google-query: inurl:"/wp-content/plugins/contact-form-entries/"
     shodan-query: 'vuln:CVE-2024-2030'
-  tags: cve,wordpress,wp-plugin,contact-form-entries,medium
+  tags: cve,wordpress,wp-plugin,contact-form-entries,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2031-f10237083d4fb8765ca105c0d369da21.yaml b/nuclei-templates/2024/CVE-2024-2031-f10237083d4fb8765ca105c0d369da21.yaml
index b5b0bc56c9..00831de3d8 100644
--- a/nuclei-templates/2024/CVE-2024-2031-f10237083d4fb8765ca105c0d369da21.yaml
+++ b/nuclei-templates/2024/CVE-2024-2031-f10237083d4fb8765ca105c0d369da21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Conferencing with Zoom <= 4.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoom_recordings_by_meeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-conferencing-with-zoom-api/"
     google-query: inurl:"/wp-content/plugins/video-conferencing-with-zoom-api/"
     shodan-query: 'vuln:CVE-2024-2031'
-  tags: cve,wordpress,wp-plugin,video-conferencing-with-zoom-api,medium
+  tags: cve,wordpress,wp-plugin,video-conferencing-with-zoom-api,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2039-36fca09be33f968137213dd9d8d406cb.yaml b/nuclei-templates/2024/CVE-2024-2039-36fca09be33f968137213dd9d8d406cb.yaml
index 5f06527e84..3b0750eaef 100644
--- a/nuclei-templates/2024/CVE-2024-2039-36fca09be33f968137213dd9d8d406cb.yaml
+++ b/nuclei-templates/2024/CVE-2024-2039-36fca09be33f968137213dd9d8d406cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stackable – Page Builder Gutenberg Blocks <= 3.12.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Posts Block
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stackable-ultimate-gutenberg-blocks/"
     google-query: inurl:"/wp-content/plugins/stackable-ultimate-gutenberg-blocks/"
     shodan-query: 'vuln:CVE-2024-2039'
-  tags: cve,wordpress,wp-plugin,stackable-ultimate-gutenberg-blocks,medium
+  tags: cve,wordpress,wp-plugin,stackable-ultimate-gutenberg-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2042-a391f7553cca71ac204345c2d728e50d.yaml b/nuclei-templates/2024/CVE-2024-2042-a391f7553cca71ac204345c2d728e50d.yaml
index 9516861656..35905099cd 100644
--- a/nuclei-templates/2024/CVE-2024-2042-a391f7553cca71ac204345c2d728e50d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2042-a391f7553cca71ac204345c2d728e50d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsKit Elementor addons <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit-lite/"
     google-query: inurl:"/wp-content/plugins/elementskit-lite/"
     shodan-query: 'vuln:CVE-2024-2042'
-  tags: cve,wordpress,wp-plugin,elementskit-lite,medium
+  tags: cve,wordpress,wp-plugin,elementskit-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2043-561149d23bc984dc77ee30065a13dd2f.yaml b/nuclei-templates/2024/CVE-2024-2043-561149d23bc984dc77ee30065a13dd2f.yaml
index ba0a35fd2b..f24c01f450 100644
--- a/nuclei-templates/2024/CVE-2024-2043-561149d23bc984dc77ee30065a13dd2f.yaml
+++ b/nuclei-templates/2024/CVE-2024-2043-561149d23bc984dc77ee30065a13dd2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated attackers to view form submissions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-contact-form-integration-for-elementor/"
     google-query: inurl:"/wp-content/plugins/all-contact-form-integration-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2043'
-  tags: cve,wordpress,wp-plugin,all-contact-form-integration-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,all-contact-form-integration-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2047-7a76232802e20b0ab3fa4ab939317696.yaml b/nuclei-templates/2024/CVE-2024-2047-7a76232802e20b0ab3fa4ab939317696.yaml
index e57237a2b2..5c2592f021 100644
--- a/nuclei-templates/2024/CVE-2024-2047-7a76232802e20b0ab3fa4ab939317696.yaml
+++ b/nuclei-templates/2024/CVE-2024-2047-7a76232802e20b0ab3fa4ab939317696.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit-lite/"
     google-query: inurl:"/wp-content/plugins/elementskit-lite/"
     shodan-query: 'vuln:CVE-2024-2047'
-  tags: cve,wordpress,wp-plugin,elementskit-lite,high
+  tags: cve,wordpress,wp-plugin,elementskit-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2079-92680d6145a8b866d3fbe1493fdcbbd3.yaml b/nuclei-templates/2024/CVE-2024-2079-92680d6145a8b866d3fbe1493fdcbbd3.yaml
index 8b4c40f711..8055877655 100644
--- a/nuclei-templates/2024/CVE-2024-2079-92680d6145a8b866d3fbe1493fdcbbd3.yaml
+++ b/nuclei-templates/2024/CVE-2024-2079-92680d6145a8b866d3fbe1493fdcbbd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBakery Page Builder Addons by Livemesh <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'per_line_mobile' shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-visual-composer/"
     google-query: inurl:"/wp-content/plugins/addons-for-visual-composer/"
     shodan-query: 'vuln:CVE-2024-2079'
-  tags: cve,wordpress,wp-plugin,addons-for-visual-composer,medium
+  tags: cve,wordpress,wp-plugin,addons-for-visual-composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2081-3ced01544afaf258ab773262adacbb46.yaml b/nuclei-templates/2024/CVE-2024-2081-3ced01544afaf258ab773262adacbb46.yaml
index 0e55400361..aa25fe2f23 100644
--- a/nuclei-templates/2024/CVE-2024-2081-3ced01544afaf258ab773262adacbb46.yaml
+++ b/nuclei-templates/2024/CVE-2024-2081-3ced01544afaf258ab773262adacbb46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foogallery/"
     google-query: inurl:"/wp-content/plugins/foogallery/"
     shodan-query: 'vuln:CVE-2024-2081'
-  tags: cve,wordpress,wp-plugin,foogallery,medium
+  tags: cve,wordpress,wp-plugin,foogallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2084-7648aa79e50b7fbff0359c4b0f9eb60d.yaml b/nuclei-templates/2024/CVE-2024-2084-7648aa79e50b7fbff0359c4b0f9eb60d.yaml
index e26205e80d..6844670d21 100644
--- a/nuclei-templates/2024/CVE-2024-2084-7648aa79e50b7fbff0359c4b0f9eb60d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2084-7648aa79e50b7fbff0359c4b0f9eb60d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2084'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2085-d1cffa60eaefa9d562794ce4c0d0f8a6.yaml b/nuclei-templates/2024/CVE-2024-2085-d1cffa60eaefa9d562794ce4c0d0f8a6.yaml
index b33e15b019..089a52cae9 100644
--- a/nuclei-templates/2024/CVE-2024-2085-d1cffa60eaefa9d562794ce4c0d0f8a6.yaml
+++ b/nuclei-templates/2024/CVE-2024-2085-d1cffa60eaefa9d562794ce4c0d0f8a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2085'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2086-d69e956d6cb0947d53013e6316065cae.yaml b/nuclei-templates/2024/CVE-2024-2086-d69e956d6cb0947d53013e6316065cae.yaml
index 88fca79277..30a3bdf234 100644
--- a/nuclei-templates/2024/CVE-2024-2086-d69e956d6cb0947d53013e6316065cae.yaml
+++ b/nuclei-templates/2024/CVE-2024-2086-d69e956d6cb0947d53013e6316065cae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Integrate Google Drive <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integrate-google-drive/"
     google-query: inurl:"/wp-content/plugins/integrate-google-drive/"
     shodan-query: 'vuln:CVE-2024-2086'
-  tags: cve,wordpress,wp-plugin,integrate-google-drive,critical
+  tags: cve,wordpress,wp-plugin,integrate-google-drive,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2091-214593575ac1d3e95584c0521e8c5928.yaml b/nuclei-templates/2024/CVE-2024-2091-214593575ac1d3e95584c0521e8c5928.yaml
index 48c9192850..0179358664 100644
--- a/nuclei-templates/2024/CVE-2024-2091-214593575ac1d3e95584c0521e8c5928.yaml
+++ b/nuclei-templates/2024/CVE-2024-2091-214593575ac1d3e95584c0521e8c5928.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-2091'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2101-f991f9853892bf031ebb72c811af6b0f.yaml b/nuclei-templates/2024/CVE-2024-2101-f991f9853892bf031ebb72c811af6b0f.yaml
index 9bca6c1894..050ce4c89d 100644
--- a/nuclei-templates/2024/CVE-2024-2101-f991f9853892bf031ebb72c811af6b0f.yaml
+++ b/nuclei-templates/2024/CVE-2024-2101-f991f9853892bf031ebb72c811af6b0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Salon booking system plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Mobile Phone' parameter in all versions up to, and including, 9.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with customer-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salon-booking-system/"
     google-query: inurl:"/wp-content/plugins/salon-booking-system/"
     shodan-query: 'vuln:CVE-2024-2101'
-  tags: cve,wordpress,wp-plugin,salon-booking-system,medium
+  tags: cve,wordpress,wp-plugin,salon-booking-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2102-473ae39f2c9b117fd21ddfea3f742daa.yaml b/nuclei-templates/2024/CVE-2024-2102-473ae39f2c9b117fd21ddfea3f742daa.yaml
index b15284e7f6..74a455925c 100644
--- a/nuclei-templates/2024/CVE-2024-2102-473ae39f2c9b117fd21ddfea3f742daa.yaml
+++ b/nuclei-templates/2024/CVE-2024-2102-473ae39f2c9b117fd21ddfea3f742daa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting via 'sms_prefix'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Salon booking system plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sms_prefix' parameter in all versions up to, and including, 9.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with customer-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salon-booking-system/"
     google-query: inurl:"/wp-content/plugins/salon-booking-system/"
     shodan-query: 'vuln:CVE-2024-2102'
-  tags: cve,wordpress,wp-plugin,salon-booking-system,high
+  tags: cve,wordpress,wp-plugin,salon-booking-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2108-9158a4f23cb6df7f396a1ff79ad04a19.yaml b/nuclei-templates/2024/CVE-2024-2108-9158a4f23cb6df7f396a1ff79ad04a19.yaml
index b7ccab4135..0532cccad0 100644
--- a/nuclei-templates/2024/CVE-2024-2108-9158a4f23cb6df7f396a1ff79ad04a19.yaml
+++ b/nuclei-templates/2024/CVE-2024-2108-9158a4f23cb6df7f396a1ff79ad04a19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2024-2108'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2111-33af423ffa646dbaa07cc6063b09bc62.yaml b/nuclei-templates/2024/CVE-2024-2111-33af423ffa646dbaa07cc6063b09bc62.yaml
index 4f1b795488..780cc5f050 100644
--- a/nuclei-templates/2024/CVE-2024-2111-33af423ffa646dbaa07cc6063b09bc62.yaml
+++ b/nuclei-templates/2024/CVE-2024-2111-33af423ffa646dbaa07cc6063b09bc62.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 6.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2024-2111'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2115-b383deabc0a5d3fd85420cbb993138a3.yaml b/nuclei-templates/2024/CVE-2024-2115-b383deabc0a5d3fd85420cbb993138a3.yaml
index b188fd12bb..0c57d9b1e7 100644
--- a/nuclei-templates/2024/CVE-2024-2115-b383deabc0a5d3fd85420cbb993138a3.yaml
+++ b/nuclei-templates/2024/CVE-2024-2115-b383deabc0a5d3fd85420cbb993138a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it possible for unauthenticated attackers to elevate their privileges to that of a teacher via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2024-2115'
-  tags: cve,wordpress,wp-plugin,learnpress,high
+  tags: cve,wordpress,wp-plugin,learnpress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2117-97ebb96fdd3db87faf02d7c0a7e706c7.yaml b/nuclei-templates/2024/CVE-2024-2117-97ebb96fdd3db87faf02d7c0a7e706c7.yaml
index 2a92218289..f54940b4cb 100644
--- a/nuclei-templates/2024/CVE-2024-2117-97ebb96fdd3db87faf02d7c0a7e706c7.yaml
+++ b/nuclei-templates/2024/CVE-2024-2117-97ebb96fdd3db87faf02d7c0a7e706c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder – More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2024-2117'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2118-87dbe2addf6a62fa336594e2b679e9d7.yaml b/nuclei-templates/2024/CVE-2024-2118-87dbe2addf6a62fa336594e2b679e9d7.yaml
index f441a81da6..93a217806d 100644
--- a/nuclei-templates/2024/CVE-2024-2118-87dbe2addf6a62fa336594e2b679e9d7.yaml
+++ b/nuclei-templates/2024/CVE-2024-2118-87dbe2addf6a62fa336594e2b679e9d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Share Buttons <= 2.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-social-media-icons/"
     google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/"
     shodan-query: 'vuln:CVE-2024-2118'
-  tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,medium
+  tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2120-25aa395084f363ecfd02447bcee9b684.yaml b/nuclei-templates/2024/CVE-2024-2120-25aa395084f363ecfd02447bcee9b684.yaml
index bf22823215..ccee74dd19 100644
--- a/nuclei-templates/2024/CVE-2024-2120-25aa395084f363ecfd02447bcee9b684.yaml
+++ b/nuclei-templates/2024/CVE-2024-2120-25aa395084f363ecfd02447bcee9b684.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2024-2120'
-  tags: cve,wordpress,wp-plugin,elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,elementor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2121-5ecb61edb8f014ffed25792497a59fa8.yaml b/nuclei-templates/2024/CVE-2024-2121-5ecb61edb8f014ffed25792497a59fa8.yaml
index a7d775d3c6..b5b7aad746 100644
--- a/nuclei-templates/2024/CVE-2024-2121-5ecb61edb8f014ffed25792497a59fa8.yaml
+++ b/nuclei-templates/2024/CVE-2024-2121-5ecb61edb8f014ffed25792497a59fa8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2024-2121'
-  tags: cve,wordpress,wp-plugin,elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,elementor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2124-9b9cbf166c5c9952b460a90920fbb492.yaml b/nuclei-templates/2024/CVE-2024-2124-9b9cbf166c5c9952b460a90920fbb492.yaml
index b88ffffb8c..6030bd1051 100644
--- a/nuclei-templates/2024/CVE-2024-2124-9b9cbf166c5c9952b460a90920fbb492.yaml
+++ b/nuclei-templates/2024/CVE-2024-2124-9b9cbf166c5c9952b460a90920fbb492.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Translate WordPress and go Multilingual – Weglot <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weglot/"
     google-query: inurl:"/wp-content/plugins/weglot/"
     shodan-query: 'vuln:CVE-2024-2124'
-  tags: cve,wordpress,wp-plugin,weglot,medium
+  tags: cve,wordpress,wp-plugin,weglot,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2125-6b955e7831b4476315ace7bb8d5f3ecb.yaml b/nuclei-templates/2024/CVE-2024-2125-6b955e7831b4476315ace7bb8d5f3ecb.yaml
index 51215078cf..435110d0be 100644
--- a/nuclei-templates/2024/CVE-2024-2125-6b955e7831b4476315ace7bb8d5f3ecb.yaml
+++ b/nuclei-templates/2024/CVE-2024-2125-6b955e7831b4476315ace7bb8d5f3ecb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The Cross-Site Request Forgery was patched in 2.4, however, nothing was done about the ability to upload arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/"
     google-query: inurl:"/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/"
     shodan-query: 'vuln:CVE-2024-2125'
-  tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,high
+  tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2126-46672cc6093b70f0f99b8c9c1af2d835.yaml b/nuclei-templates/2024/CVE-2024-2126-46672cc6093b70f0f99b8c9c1af2d835.yaml
index cde572118d..91e59a308f 100644
--- a/nuclei-templates/2024/CVE-2024-2126-46672cc6093b70f0f99b8c9c1af2d835.yaml
+++ b/nuclei-templates/2024/CVE-2024-2126-46672cc6093b70f0f99b8c9c1af2d835.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themeisle-companion/"
     google-query: inurl:"/wp-content/plugins/themeisle-companion/"
     shodan-query: 'vuln:CVE-2024-2126'
-  tags: cve,wordpress,wp-plugin,themeisle-companion,medium
+  tags: cve,wordpress,wp-plugin,themeisle-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2127-37e749759243317adc52896293ee760e.yaml b/nuclei-templates/2024/CVE-2024-2127-37e749759243317adc52896293ee760e.yaml
index 777fe7afcf..83fe879412 100644
--- a/nuclei-templates/2024/CVE-2024-2127-37e749759243317adc52896293ee760e.yaml
+++ b/nuclei-templates/2024/CVE-2024-2127-37e749759243317adc52896293ee760e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagelayer/"
     google-query: inurl:"/wp-content/plugins/pagelayer/"
     shodan-query: 'vuln:CVE-2024-2127'
-  tags: cve,wordpress,wp-plugin,pagelayer,medium
+  tags: cve,wordpress,wp-plugin,pagelayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2128-880737228fe55f5d920474a43f87af97.yaml b/nuclei-templates/2024/CVE-2024-2128-880737228fe55f5d920474a43f87af97.yaml
index a9702e93bd..66a75bb9e5 100644
--- a/nuclei-templates/2024/CVE-2024-2128-880737228fe55f5d920474a43f87af97.yaml
+++ b/nuclei-templates/2024/CVE-2024-2128-880737228fe55f5d920474a43f87af97.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-2128'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2129-23e0e7010272bc0edbef97452d9c2437.yaml b/nuclei-templates/2024/CVE-2024-2129-23e0e7010272bc0edbef97452d9c2437.yaml
index 4ac016d583..81e1c0afbf 100644
--- a/nuclei-templates/2024/CVE-2024-2129-23e0e7010272bc0edbef97452d9c2437.yaml
+++ b/nuclei-templates/2024/CVE-2024-2129-23e0e7010272bc0edbef97452d9c2437.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBITS Addons For Elementor Page Builder <= 1.3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32593 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpbits-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/wpbits-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2129'
-  tags: cve,wordpress,wp-plugin,wpbits-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,wpbits-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2130-3712f3d2b17172eb0c737744e9767b9d.yaml b/nuclei-templates/2024/CVE-2024-2130-3712f3d2b17172eb0c737744e9767b9d.yaml
index df5855f552..9554a42e9f 100644
--- a/nuclei-templates/2024/CVE-2024-2130-3712f3d2b17172eb0c737744e9767b9d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2130-3712f3d2b17172eb0c737744e9767b9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CWW Companion <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cww-companion/"
     google-query: inurl:"/wp-content/plugins/cww-companion/"
     shodan-query: 'vuln:CVE-2024-2130'
-  tags: cve,wordpress,wp-plugin,cww-companion,medium
+  tags: cve,wordpress,wp-plugin,cww-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2131-ca90bdb25f0c955406427bf755373f05.yaml b/nuclei-templates/2024/CVE-2024-2131-ca90bdb25f0c955406427bf755373f05.yaml
index f4c69bed17..6cbd5a0b28 100644
--- a/nuclei-templates/2024/CVE-2024-2131-ca90bdb25f0c955406427bf755373f05.yaml
+++ b/nuclei-templates/2024/CVE-2024-2131-ca90bdb25f0c955406427bf755373f05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Move Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-29920 may be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/move-addons/"
     google-query: inurl:"/wp-content/plugins/move-addons/"
     shodan-query: 'vuln:CVE-2024-2131'
-  tags: cve,wordpress,wp-plugin,move-addons,medium
+  tags: cve,wordpress,wp-plugin,move-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2132-825ff2ff95290127035d7fc582cf6f47.yaml b/nuclei-templates/2024/CVE-2024-2132-825ff2ff95290127035d7fc582cf6f47.yaml
index 0c8def192f..704fef8683 100644
--- a/nuclei-templates/2024/CVE-2024-2132-825ff2ff95290127035d7fc582cf6f47.yaml
+++ b/nuclei-templates/2024/CVE-2024-2132-825ff2ff95290127035d7fc582cf6f47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Bootstrap Elements for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-bootstrap-elements-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ultimate-bootstrap-elements-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2132'
-  tags: cve,wordpress,wp-plugin,ultimate-bootstrap-elements-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ultimate-bootstrap-elements-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2136-13b1426aee2c11f321401f7155b3cd3d.yaml b/nuclei-templates/2024/CVE-2024-2136-13b1426aee2c11f321401f7155b3cd3d.yaml
index 93f8def8fc..5e995cf5fb 100644
--- a/nuclei-templates/2024/CVE-2024-2136-13b1426aee2c11f321401f7155b3cd3d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2136-13b1426aee2c11f321401f7155b3cd3d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPKoi Templates for Elementor <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpkoi-templates-for-elementor/"
     google-query: inurl:"/wp-content/plugins/wpkoi-templates-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2136'
-  tags: cve,wordpress,wp-plugin,wpkoi-templates-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,wpkoi-templates-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2137-f92fdb8def6ac7c07ce14435754a7ffa.yaml b/nuclei-templates/2024/CVE-2024-2137-f92fdb8def6ac7c07ce14435754a7ffa.yaml
index f9ea45cecc..f6fdbacc88 100644
--- a/nuclei-templates/2024/CVE-2024-2137-f92fdb8def6ac7c07ce14435754a7ffa.yaml
+++ b/nuclei-templates/2024/CVE-2024-2137-f92fdb8def6ac7c07ce14435754a7ffa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-One Addons for Elementor – WidgetKit <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widgetkit-for-elementor/"
     google-query: inurl:"/wp-content/plugins/widgetkit-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2137'
-  tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2138-93b41408a78e1823934fe3d9ee7379d0.yaml b/nuclei-templates/2024/CVE-2024-2138-93b41408a78e1823934fe3d9ee7379d0.yaml
index 7e865e5e3e..03cdaa2f1b 100644
--- a/nuclei-templates/2024/CVE-2024-2138-93b41408a78e1823934fe3d9ee7379d0.yaml
+++ b/nuclei-templates/2024/CVE-2024-2138-93b41408a78e1823934fe3d9ee7379d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JetWidgets For Elementor <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Box Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetwidgets-for-elementor/"
     google-query: inurl:"/wp-content/plugins/jetwidgets-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2138'
-  tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2139-e3418f180f0cc9cfc471a66e2f29ee79.yaml b/nuclei-templates/2024/CVE-2024-2139-e3418f180f0cc9cfc471a66e2f29ee79.yaml
index 849cbb0d74..c4e59a35a2 100644
--- a/nuclei-templates/2024/CVE-2024-2139-e3418f180f0cc9cfc471a66e2f29ee79.yaml
+++ b/nuclei-templates/2024/CVE-2024-2139-e3418f180f0cc9cfc471a66e2f29ee79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Addons for Elementor <= 2.0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-addons/"
     google-query: inurl:"/wp-content/plugins/master-addons/"
     shodan-query: 'vuln:CVE-2024-2139'
-  tags: cve,wordpress,wp-plugin,master-addons,medium
+  tags: cve,wordpress,wp-plugin,master-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2140-6a22eab260469991c892609c3554e5c2.yaml b/nuclei-templates/2024/CVE-2024-2140-6a22eab260469991c892609c3554e5c2.yaml
index 824f7409db..10e46951a6 100644
--- a/nuclei-templates/2024/CVE-2024-2140-6a22eab260469991c892609c3554e5c2.yaml
+++ b/nuclei-templates/2024/CVE-2024-2140-6a22eab260469991c892609c3554e5c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     shodan-query: 'vuln:CVE-2024-2140'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2141-b79883c3437a6dd7938862f157254782.yaml b/nuclei-templates/2024/CVE-2024-2141-b79883c3437a6dd7938862f157254782.yaml
index 87aa1b7307..2c9c077564 100644
--- a/nuclei-templates/2024/CVE-2024-2141-b79883c3437a6dd7938862f157254782.yaml
+++ b/nuclei-templates/2024/CVE-2024-2141-b79883c3437a6dd7938862f157254782.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     shodan-query: 'vuln:CVE-2024-2141'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2142-909eee3c64db045125d6a0e9ea1350a2.yaml b/nuclei-templates/2024/CVE-2024-2142-909eee3c64db045125d6a0e9ea1350a2.yaml
index 970daea4ca..0f11a38b6a 100644
--- a/nuclei-templates/2024/CVE-2024-2142-909eee3c64db045125d6a0e9ea1350a2.yaml
+++ b/nuclei-templates/2024/CVE-2024-2142-909eee3c64db045125d6a0e9ea1350a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     shodan-query: 'vuln:CVE-2024-2142'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2143-74e928a44773876c1faeda39f648c8c1.yaml b/nuclei-templates/2024/CVE-2024-2143-74e928a44773876c1faeda39f648c8c1.yaml
index 58e64cd0bc..a866fdb425 100644
--- a/nuclei-templates/2024/CVE-2024-2143-74e928a44773876c1faeda39f648c8c1.yaml
+++ b/nuclei-templates/2024/CVE-2024-2143-74e928a44773876c1faeda39f648c8c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     shodan-query: 'vuln:CVE-2024-2143'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2144-71c8544bfd8e2585abc3fe4c509dc5e8.yaml b/nuclei-templates/2024/CVE-2024-2144-71c8544bfd8e2585abc3fe4c509dc5e8.yaml
index 1cf509bf65..c379df70b5 100644
--- a/nuclei-templates/2024/CVE-2024-2144-71c8544bfd8e2585abc3fe4c509dc5e8.yaml
+++ b/nuclei-templates/2024/CVE-2024-2144-71c8544bfd8e2585abc3fe4c509dc5e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     shodan-query: 'vuln:CVE-2024-2144'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2159-4d80f38d93d7f5f929f7caeb5348b571.yaml b/nuclei-templates/2024/CVE-2024-2159-4d80f38d93d7f5f929f7caeb5348b571.yaml
index 0d689991d8..9ee26c894f 100644
--- a/nuclei-templates/2024/CVE-2024-2159-4d80f38d93d7f5f929f7caeb5348b571.yaml
+++ b/nuclei-templates/2024/CVE-2024-2159-4d80f38d93d7f5f929f7caeb5348b571.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sassy Social Share <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sassy-social-share/"
     google-query: inurl:"/wp-content/plugins/sassy-social-share/"
     shodan-query: 'vuln:CVE-2024-2159'
-  tags: cve,wordpress,wp-plugin,sassy-social-share,medium
+  tags: cve,wordpress,wp-plugin,sassy-social-share,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2165-e3109d7817fd480896a3a3bc464556af.yaml b/nuclei-templates/2024/CVE-2024-2165-e3109d7817fd480896a3a3bc464556af.yaml
index 86bde97ce2..c673eae144 100644
--- a/nuclei-templates/2024/CVE-2024-2165-e3109d7817fd480896a3a3bc464556af.yaml
+++ b/nuclei-templates/2024/CVE-2024-2165-e3109d7817fd480896a3a3bc464556af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEOPress – On-site SEO <= 7.5.2.1 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-seopress/"
     google-query: inurl:"/wp-content/plugins/wp-seopress/"
     shodan-query: 'vuln:CVE-2024-2165'
-  tags: cve,wordpress,wp-plugin,wp-seopress,medium
+  tags: cve,wordpress,wp-plugin,wp-seopress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2170-12bc74e09861e7d74d799801df685593.yaml b/nuclei-templates/2024/CVE-2024-2170-12bc74e09861e7d74d799801df685593.yaml
index 9e9e5837d6..a82ce892a9 100644
--- a/nuclei-templates/2024/CVE-2024-2170-12bc74e09861e7d74d799801df685593.yaml
+++ b/nuclei-templates/2024/CVE-2024-2170-12bc74e09861e7d74d799801df685593.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK All in One Expansion Unit <= 9.96.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className.' This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vk-all-in-one-expansion-unit/"
     google-query: inurl:"/wp-content/plugins/vk-all-in-one-expansion-unit/"
     shodan-query: 'vuln:CVE-2024-2170'
-  tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,medium
+  tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2172-504399029097a5e86b5ba9c9da19637b.yaml b/nuclei-templates/2024/CVE-2024-2172-504399029097a5e86b5ba9c9da19637b.yaml
index 074d5f9e4c..2b46274dd5 100644
--- a/nuclei-templates/2024/CVE-2024-2172-504399029097a5e86b5ba9c9da19637b.yaml
+++ b/nuclei-templates/2024/CVE-2024-2172-504399029097a5e86b5ba9c9da19637b.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2024-2172
   metadata:
-    fofa-query: "wp-content/plugins/web-application-firewall/"
-    google-query: inurl:"/wp-content/plugins/web-application-firewall/"
+    fofa-query: "wp-content/plugins/miniorange-malware-protection/"
+    google-query: inurl:"/wp-content/plugins/miniorange-malware-protection/"
     shodan-query: 'vuln:CVE-2024-2172'
-  tags: cve,wordpress,wp-plugin,web-application-firewall,critical
+  tags: cve,wordpress,wp-plugin,miniorange-malware-protection,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/web-application-firewall/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/miniorange-malware-protection/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "web-application-firewall"
+          - "miniorange-malware-protection"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.1.1')
\ No newline at end of file
+          - compare_versions(version, '<= 4.7.2')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-21743-dd16f95f6d8f39d62500d48f9193456c.yaml b/nuclei-templates/2024/CVE-2024-21743-dd16f95f6d8f39d62500d48f9193456c.yaml
index 86b65f2f40..24ccf9dc81 100644
--- a/nuclei-templates/2024/CVE-2024-21743-dd16f95f6d8f39d62500d48f9193456c.yaml
+++ b/nuclei-templates/2024/CVE-2024-21743-dd16f95f6d8f39d62500d48f9193456c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz Maker <= 6.5.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quiz Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 6.5.1.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-maker/"
     google-query: inurl:"/wp-content/plugins/quiz-maker/"
     shodan-query: 'vuln:CVE-2024-21743'
-  tags: cve,wordpress,wp-plugin,quiz-maker,medium
+  tags: cve,wordpress,wp-plugin,quiz-maker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-21744-e101fa87e9e9a3f0059378f1f396b6c6.yaml b/nuclei-templates/2024/CVE-2024-21744-e101fa87e9e9a3f0059378f1f396b6c6.yaml
index ab48143255..657326957a 100644
--- a/nuclei-templates/2024/CVE-2024-21744-e101fa87e9e9a3f0059378f1f396b6c6.yaml
+++ b/nuclei-templates/2024/CVE-2024-21744-e101fa87e9e9a3f0059378f1f396b6c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mapster WP Maps <= 1.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mapster-wp-maps/"
     google-query: inurl:"/wp-content/plugins/mapster-wp-maps/"
     shodan-query: 'vuln:CVE-2024-21744'
-  tags: cve,wordpress,wp-plugin,mapster-wp-maps,medium
+  tags: cve,wordpress,wp-plugin,mapster-wp-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-21745-ae9a6b8dc34a1a7bd8079dc738c03df9.yaml b/nuclei-templates/2024/CVE-2024-21745-ae9a6b8dc34a1a7bd8079dc738c03df9.yaml
index 46cd57c2bf..539c2cb992 100644
--- a/nuclei-templates/2024/CVE-2024-21745-ae9a6b8dc34a1a7bd8079dc738c03df9.yaml
+++ b/nuclei-templates/2024/CVE-2024-21745-ae9a6b8dc34a1a7bd8079dc738c03df9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Laybuy Payment Extension for WooCommerce <= 5.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Laybuy Payment Extension for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/laybuy-gateway-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/laybuy-gateway-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-21745'
-  tags: cve,wordpress,wp-plugin,laybuy-gateway-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,laybuy-gateway-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-21747-1ecaadeb4176f89b0523e2b0bb90c06a.yaml b/nuclei-templates/2024/CVE-2024-21747-1ecaadeb4176f89b0523e2b0bb90c06a.yaml
index cf322d57ad..af68bbc740 100644
--- a/nuclei-templates/2024/CVE-2024-21747-1ecaadeb4176f89b0523e2b0bb90c06a.yaml
+++ b/nuclei-templates/2024/CVE-2024-21747-1ecaadeb4176f89b0523e2b0bb90c06a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP ERP <= 1.12.8 - Authenticated (Accounting manager+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP ERP plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in versions up to, and including, 1.12.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with accounting manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erp/"
     google-query: inurl:"/wp-content/plugins/erp/"
     shodan-query: 'vuln:CVE-2024-21747'
-  tags: cve,wordpress,wp-plugin,erp,high
+  tags: cve,wordpress,wp-plugin,erp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-21748-fad6995dafdb43e5ee26d12d1d4dc9b6.yaml b/nuclei-templates/2024/CVE-2024-21748-fad6995dafdb43e5ee26d12d1d4dc9b6.yaml
index 8bea350bbe..1202e3122d 100644
--- a/nuclei-templates/2024/CVE-2024-21748-fad6995dafdb43e5ee26d12d1d4dc9b6.yaml
+++ b/nuclei-templates/2024/CVE-2024-21748-fad6995dafdb43e5ee26d12d1d4dc9b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram <= 3.1.21 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Icegram plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.1.21. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icegram/"
     google-query: inurl:"/wp-content/plugins/icegram/"
     shodan-query: 'vuln:CVE-2024-21748'
-  tags: cve,wordpress,wp-plugin,icegram,medium
+  tags: cve,wordpress,wp-plugin,icegram,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-21751-9593057fd73362b3675fc833e6f4bac6.yaml b/nuclei-templates/2024/CVE-2024-21751-9593057fd73362b3675fc833e6f4bac6.yaml
index 7a2d49421d..09cc6897e8 100644
--- a/nuclei-templates/2024/CVE-2024-21751-9593057fd73362b3675fc833e6f4bac6.yaml
+++ b/nuclei-templates/2024/CVE-2024-21751-9593057fd73362b3675fc833e6f4bac6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RabbitLoader <= 2.19.13 - Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RabbitLoader plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 2.19.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to purge site cache or switch caching modes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rabbit-loader/"
     google-query: inurl:"/wp-content/plugins/rabbit-loader/"
     shodan-query: 'vuln:CVE-2024-21751'
-  tags: cve,wordpress,wp-plugin,rabbit-loader,medium
+  tags: cve,wordpress,wp-plugin,rabbit-loader,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2181-46443215df27c06259cb9cb549f79f5d.yaml b/nuclei-templates/2024/CVE-2024-2181-46443215df27c06259cb9cb549f79f5d.yaml
index 3ab27784cc..82decaaf7f 100644
--- a/nuclei-templates/2024/CVE-2024-2181-46443215df27c06259cb9cb549f79f5d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2181-46443215df27c06259cb9cb549f79f5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpzoom-addons-for-beaver-builder/"
     google-query: inurl:"/wp-content/plugins/wpzoom-addons-for-beaver-builder/"
     shodan-query: 'vuln:CVE-2024-2181'
-  tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,medium
+  tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2183-c8eb6bc5db7f4876cb01e7f978c6ef1d.yaml b/nuclei-templates/2024/CVE-2024-2183-c8eb6bc5db7f4876cb01e7f978c6ef1d.yaml
index f41762653f..4b70ed0839 100644
--- a/nuclei-templates/2024/CVE-2024-2183-c8eb6bc5db7f4876cb01e7f978c6ef1d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2183-c8eb6bc5db7f4876cb01e7f978c6ef1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-30424 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpzoom-addons-for-beaver-builder/"
     google-query: inurl:"/wp-content/plugins/wpzoom-addons-for-beaver-builder/"
     shodan-query: 'vuln:CVE-2024-2183'
-  tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,medium
+  tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2185-1453924550bc29c555e5d4ba1d470f33.yaml b/nuclei-templates/2024/CVE-2024-2185-1453924550bc29c555e5d4ba1d470f33.yaml
index deedaaedc8..bec1309645 100644
--- a/nuclei-templates/2024/CVE-2024-2185-1453924550bc29c555e5d4ba1d470f33.yaml
+++ b/nuclei-templates/2024/CVE-2024-2185-1453924550bc29c555e5d4ba1d470f33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpzoom-addons-for-beaver-builder/"
     google-query: inurl:"/wp-content/plugins/wpzoom-addons-for-beaver-builder/"
     shodan-query: 'vuln:CVE-2024-2185'
-  tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,medium
+  tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2186-6fe1ccb7efc24357409ad5ff0b713ab1.yaml b/nuclei-templates/2024/CVE-2024-2186-6fe1ccb7efc24357409ad5ff0b713ab1.yaml
index ed96376996..1b5a04b527 100644
--- a/nuclei-templates/2024/CVE-2024-2186-6fe1ccb7efc24357409ad5ff0b713ab1.yaml
+++ b/nuclei-templates/2024/CVE-2024-2186-6fe1ccb7efc24357409ad5ff0b713ab1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpzoom-addons-for-beaver-builder/"
     google-query: inurl:"/wp-content/plugins/wpzoom-addons-for-beaver-builder/"
     shodan-query: 'vuln:CVE-2024-2186'
-  tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,medium
+  tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2187-435ab56c3c78663cfa598710697f9daf.yaml b/nuclei-templates/2024/CVE-2024-2187-435ab56c3c78663cfa598710697f9daf.yaml
index 418ce2a340..fbfd2113c4 100644
--- a/nuclei-templates/2024/CVE-2024-2187-435ab56c3c78663cfa598710697f9daf.yaml
+++ b/nuclei-templates/2024/CVE-2024-2187-435ab56c3c78663cfa598710697f9daf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpzoom-addons-for-beaver-builder/"
     google-query: inurl:"/wp-content/plugins/wpzoom-addons-for-beaver-builder/"
     shodan-query: 'vuln:CVE-2024-2187'
-  tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,medium
+  tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2189-88c1256a33fa14ef83ca4797e8fc907d.yaml b/nuclei-templates/2024/CVE-2024-2189-88c1256a33fa14ef83ca4797e8fc907d.yaml
index 1b72ddacdd..15c66779f7 100644
--- a/nuclei-templates/2024/CVE-2024-2189-88c1256a33fa14ef83ca4797e8fc907d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2189-88c1256a33fa14ef83ca4797e8fc907d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Icons Widget & Block <= 4.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-icons-widget-by-wpzoom/"
     google-query: inurl:"/wp-content/plugins/social-icons-widget-by-wpzoom/"
     shodan-query: 'vuln:CVE-2024-2189'
-  tags: cve,wordpress,wp-plugin,social-icons-widget-by-wpzoom,medium
+  tags: cve,wordpress,wp-plugin,social-icons-widget-by-wpzoom,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2202-7b1460489673c879f7bd7cd256d22891.yaml b/nuclei-templates/2024/CVE-2024-2202-7b1460489673c879f7bd7cd256d22891.yaml
index 2f078e950f..9fc291550e 100644
--- a/nuclei-templates/2024/CVE-2024-2202-7b1460489673c879f7bd7cd256d22891.yaml
+++ b/nuclei-templates/2024/CVE-2024-2202-7b1460489673c879f7bd7cd256d22891.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder by SiteOrigin <= 2.29.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/siteorigin-panels/"
     google-query: inurl:"/wp-content/plugins/siteorigin-panels/"
     shodan-query: 'vuln:CVE-2024-2202'
-  tags: cve,wordpress,wp-plugin,siteorigin-panels,medium
+  tags: cve,wordpress,wp-plugin,siteorigin-panels,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2203-6b109b8afc142f70c57afa63265ae2e5.yaml b/nuclei-templates/2024/CVE-2024-2203-6b109b8afc142f70c57afa63265ae2e5.yaml
index 7e6d84981b..d5ca99449b 100644
--- a/nuclei-templates/2024/CVE-2024-2203-6b109b8afc142f70c57afa63265ae2e5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2203-6b109b8afc142f70c57afa63265ae2e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Clients Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-2203'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2210-712959520f4dede71b7a2d9e44002c33.yaml b/nuclei-templates/2024/CVE-2024-2210-712959520f4dede71b7a2d9e44002c33.yaml
index 00a59c04d6..43733582d6 100644
--- a/nuclei-templates/2024/CVE-2024-2210-712959520f4dede71b7a2d9e44002c33.yaml
+++ b/nuclei-templates/2024/CVE-2024-2210-712959520f4dede71b7a2d9e44002c33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-2210'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22134-905c45437d6ba639495cb537666e1306.yaml b/nuclei-templates/2024/CVE-2024-22134-905c45437d6ba639495cb537666e1306.yaml
index 451118d111..dae4a1876b 100644
--- a/nuclei-templates/2024/CVE-2024-22134-905c45437d6ba639495cb537666e1306.yaml
+++ b/nuclei-templates/2024/CVE-2024-22134-905c45437d6ba639495cb537666e1306.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form 7 Extension For Mailchimp <= 0.5.70 - Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form 7 Extension For Mailchimp plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.5.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7-mailchimp-extension/"
     google-query: inurl:"/wp-content/plugins/contact-form-7-mailchimp-extension/"
     shodan-query: 'vuln:CVE-2024-22134'
-  tags: cve,wordpress,wp-plugin,contact-form-7-mailchimp-extension,medium
+  tags: cve,wordpress,wp-plugin,contact-form-7-mailchimp-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22135-bb5370676c8e655ad72a3791cdb04f1e.yaml b/nuclei-templates/2024/CVE-2024-22135-bb5370676c8e655ad72a3791cdb04f1e.yaml
index cfa43f6fca..269a659c47 100644
--- a/nuclei-templates/2024/CVE-2024-22135-bb5370676c8e655ad72a3791cdb04f1e.yaml
+++ b/nuclei-templates/2024/CVE-2024-22135-bb5370676c8e655ad72a3791cdb04f1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order Export & Order Import for WooCommerce <= 2.4.3 - Authenticated (Shop Manager+) Arbitrary File Upload via upload_import_file
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_import_file function in all versions up to, and including, 2.4.3. This makes it possible for authenticated attackers, with shop manager-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/order-import-export-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/order-import-export-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-22135'
-  tags: cve,wordpress,wp-plugin,order-import-export-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,order-import-export-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22137-437bae7c2a82ed4347741e0e69e1ae61.yaml b/nuclei-templates/2024/CVE-2024-22137-437bae7c2a82ed4347741e0e69e1ae61.yaml
index 25e2b4078f..9bc79069f3 100644
--- a/nuclei-templates/2024/CVE-2024-22137-437bae7c2a82ed4347741e0e69e1ae61.yaml
+++ b/nuclei-templates/2024/CVE-2024-22137-437bae7c2a82ed4347741e0e69e1ae61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Constant Contact Forms by MailMunch <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/constant-contact-forms-by-mailmunch/"
     google-query: inurl:"/wp-content/plugins/constant-contact-forms-by-mailmunch/"
     shodan-query: 'vuln:CVE-2024-22137'
-  tags: cve,wordpress,wp-plugin,constant-contact-forms-by-mailmunch,medium
+  tags: cve,wordpress,wp-plugin,constant-contact-forms-by-mailmunch,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22140-b32ca2d76fc3293d68526cfa723e6bfe.yaml b/nuclei-templates/2024/CVE-2024-22140-b32ca2d76fc3293d68526cfa723e6bfe.yaml
index 4aa7547050..a6a25e4ee6 100644
--- a/nuclei-templates/2024/CVE-2024-22140-b32ca2d76fc3293d68526cfa723e6bfe.yaml
+++ b/nuclei-templates/2024/CVE-2024-22140-b32ca2d76fc3293d68526cfa723e6bfe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder Pro <= 3.10.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Profile Builder Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.10.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder-pro/"
     google-query: inurl:"/wp-content/plugins/profile-builder-pro/"
     shodan-query: 'vuln:CVE-2024-22140'
-  tags: cve,wordpress,wp-plugin,profile-builder-pro,high
+  tags: cve,wordpress,wp-plugin,profile-builder-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22141-47d88a978c6902943e13680f899b8407.yaml b/nuclei-templates/2024/CVE-2024-22141-47d88a978c6902943e13680f899b8407.yaml
index 272f808ad4..c4e0042bc0 100644
--- a/nuclei-templates/2024/CVE-2024-22141-47d88a978c6902943e13680f899b8407.yaml
+++ b/nuclei-templates/2024/CVE-2024-22141-47d88a978c6902943e13680f899b8407.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder Pro <= 3.10.0 - Authenticated (Subscriber+) Time-Based One-Time Password Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Profile Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.10.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract a sensitive time-based one-time password (TOTP).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder-pro/"
     google-query: inurl:"/wp-content/plugins/profile-builder-pro/"
     shodan-query: 'vuln:CVE-2024-22141'
-  tags: cve,wordpress,wp-plugin,profile-builder-pro,medium
+  tags: cve,wordpress,wp-plugin,profile-builder-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22146-62957aaeb6104548f77744232edc7490.yaml b/nuclei-templates/2024/CVE-2024-22146-62957aaeb6104548f77744232edc7490.yaml
index cbfdd5d79c..d129960055 100644
--- a/nuclei-templates/2024/CVE-2024-22146-62957aaeb6104548f77744232edc7490.yaml
+++ b/nuclei-templates/2024/CVE-2024-22146-62957aaeb6104548f77744232edc7490.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schema & Structured Data for WP & AMP <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/schema-and-structured-data-for-wp/"
     google-query: inurl:"/wp-content/plugins/schema-and-structured-data-for-wp/"
     shodan-query: 'vuln:CVE-2024-22146'
-  tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,medium
+  tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22147-20e967f496e19df1e9123f3c23d87252.yaml b/nuclei-templates/2024/CVE-2024-22147-20e967f496e19df1e9123f3c23d87252.yaml
index 02134678a3..03283bc989 100644
--- a/nuclei-templates/2024/CVE-2024-22147-20e967f496e19df1e9123f3c23d87252.yaml
+++ b/nuclei-templates/2024/CVE-2024-22147-20e967f496e19df1e9123f3c23d87252.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Invoices & Packing Slips for WooCommerce <= 3.7.6 - Authenticated (Shop Manager+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the get_numbers() function in all versions up to, and including, 3.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/"
     google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/"
     shodan-query: 'vuln:CVE-2024-22147'
-  tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,high
+  tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22150-20c420e00e7776a25487d5218d4e77bb.yaml b/nuclei-templates/2024/CVE-2024-22150-20c420e00e7776a25487d5218d4e77bb.yaml
index 9dd0d7adec..50c97c6c86 100644
--- a/nuclei-templates/2024/CVE-2024-22150-20c420e00e7776a25487d5218d4e77bb.yaml
+++ b/nuclei-templates/2024/CVE-2024-22150-20c420e00e7776a25487d5218d4e77bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Portfolio & Image Gallery for WordPress | PowerFolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/portfolio-elementor/"
     google-query: inurl:"/wp-content/plugins/portfolio-elementor/"
     shodan-query: 'vuln:CVE-2024-22150'
-  tags: cve,wordpress,wp-plugin,portfolio-elementor,medium
+  tags: cve,wordpress,wp-plugin,portfolio-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22151-bd9f222927714cfcc0530ce81d7d73ca.yaml b/nuclei-templates/2024/CVE-2024-22151-bd9f222927714cfcc0530ce81d7d73ca.yaml
index 6a324c03cb..bb8668af23 100644
--- a/nuclei-templates/2024/CVE-2024-22151-bd9f222927714cfcc0530ce81d7d73ca.yaml
+++ b/nuclei-templates/2024/CVE-2024-22151-bd9f222927714cfcc0530ce81d7d73ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import and export users and customers <= 1.24.6 - Missing Authorization via fire_cron REST endpoint
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the fire_cron function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to trigger the plugin's cron job.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2024-22151'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22152-d62fba94114c42d1399d83bf9ba0a989.yaml b/nuclei-templates/2024/CVE-2024-22152-d62fba94114c42d1399d83bf9ba0a989.yaml
index 044bf8b015..c47d989dc6 100644
--- a/nuclei-templates/2024/CVE-2024-22152-d62fba94114c42d1399d83bf9ba0a989.yaml
+++ b/nuclei-templates/2024/CVE-2024-22152-d62fba94114c42d1399d83bf9ba0a989.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Import Export for WooCommerce <= 2.3.7 - Authenticated(Shop Manager+) Arbitrary File Upload via upload_import_file
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Product Import Export for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_import_file' function n all versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Shop Manager access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-import-export-for-woo/"
     google-query: inurl:"/wp-content/plugins/product-import-export-for-woo/"
     shodan-query: 'vuln:CVE-2024-22152'
-  tags: cve,wordpress,wp-plugin,product-import-export-for-woo,high
+  tags: cve,wordpress,wp-plugin,product-import-export-for-woo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22153-56e0af85bfab5155d836999c55aea415.yaml b/nuclei-templates/2024/CVE-2024-22153-56e0af85bfab5155d836999c55aea415.yaml
index ae2add0e25..5b8aaf60ce 100644
--- a/nuclei-templates/2024/CVE-2024-22153-56e0af85bfab5155d836999c55aea415.yaml
+++ b/nuclei-templates/2024/CVE-2024-22153-56e0af85bfab5155d836999c55aea415.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stock Locations for WooCommerce <= 2.5.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Stock Locations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stock-locations-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/stock-locations-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-22153'
-  tags: cve,wordpress,wp-plugin,stock-locations-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,stock-locations-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22156-c34456b0a354174a8b99c79db450a526.yaml b/nuclei-templates/2024/CVE-2024-22156-c34456b0a354174a8b99c79db450a526.yaml
index 77fde74cb1..7ce74d8ead 100644
--- a/nuclei-templates/2024/CVE-2024-22156-c34456b0a354174a8b99c79db450a526.yaml
+++ b/nuclei-templates/2024/CVE-2024-22156-c34456b0a354174a8b99c79db450a526.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SalesKing <= 1.6.15 - Missing Authorization to Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SalesKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 1.6.15. This makes it possible for unauthenticated attackers to modify plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salesking/"
     google-query: inurl:"/wp-content/plugins/salesking/"
     shodan-query: 'vuln:CVE-2024-22156'
-  tags: cve,wordpress,wp-plugin,salesking,medium
+  tags: cve,wordpress,wp-plugin,salesking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22158-635219c62d7cd225129022aedb4232a9.yaml b/nuclei-templates/2024/CVE-2024-22158-635219c62d7cd225129022aedb4232a9.yaml
index 505c975697..bbdcf9a86e 100644
--- a/nuclei-templates/2024/CVE-2024-22158-635219c62d7cd225129022aedb4232a9.yaml
+++ b/nuclei-templates/2024/CVE-2024-22158-635219c62d7cd225129022aedb4232a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PeepSo Core: Photos < 6.3.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PeepSo Core: Photos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to 6.3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/peepso-photos/"
     google-query: inurl:"/wp-content/plugins/peepso-photos/"
     shodan-query: 'vuln:CVE-2024-22158'
-  tags: cve,wordpress,wp-plugin,peepso-photos,medium
+  tags: cve,wordpress,wp-plugin,peepso-photos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22159-c2e59525aa8afa93502c3fb0824f336b.yaml b/nuclei-templates/2024/CVE-2024-22159-c2e59525aa8afa93502c3fb0824f336b.yaml
index 678f5236c9..338016f780 100644
--- a/nuclei-templates/2024/CVE-2024-22159-c2e59525aa8afa93502c3fb0824f336b.yaml
+++ b/nuclei-templates/2024/CVE-2024-22159-c2e59525aa8afa93502c3fb0824f336b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WOLF <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via profile_title
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WOLF plugin for WordPress is vulnerable to stored Cross-Site Scripting via the ‘profile_title’ parameter in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-editor/"
     google-query: inurl:"/wp-content/plugins/bulk-editor/"
     shodan-query: 'vuln:CVE-2024-22159'
-  tags: cve,wordpress,wp-plugin,bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,bulk-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22161-48f754f17606d4479811452c8745b0f0.yaml b/nuclei-templates/2024/CVE-2024-22161-48f754f17606d4479811452c8745b0f0.yaml
index 0b57a26d7c..e89884b997 100644
--- a/nuclei-templates/2024/CVE-2024-22161-48f754f17606d4479811452c8745b0f0.yaml
+++ b/nuclei-templates/2024/CVE-2024-22161-48f754f17606d4479811452c8745b0f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HD Quiz <= 1.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HD Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hd-quiz/"
     google-query: inurl:"/wp-content/plugins/hd-quiz/"
     shodan-query: 'vuln:CVE-2024-22161'
-  tags: cve,wordpress,wp-plugin,hd-quiz,medium
+  tags: cve,wordpress,wp-plugin,hd-quiz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2220-978cbd8cd586092e7c39e28ce0b70684.yaml b/nuclei-templates/2024/CVE-2024-2220-978cbd8cd586092e7c39e28ce0b70684.yaml
index 322eaa8d1e..fe3e850f0b 100644
--- a/nuclei-templates/2024/CVE-2024-2220-978cbd8cd586092e7c39e28ce0b70684.yaml
+++ b/nuclei-templates/2024/CVE-2024-2220-978cbd8cd586092e7c39e28ce0b70684.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Button contact VR <= 4.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Button contact VR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/button-contact-vr/"
     google-query: inurl:"/wp-content/plugins/button-contact-vr/"
     shodan-query: 'vuln:CVE-2024-2220'
-  tags: cve,wordpress,wp-plugin,button-contact-vr,medium
+  tags: cve,wordpress,wp-plugin,button-contact-vr,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2222-7909b368603f8e81e96e69064ab1be28.yaml b/nuclei-templates/2024/CVE-2024-2222-7909b368603f8e81e96e69064ab1be28.yaml
index f7096f0780..97bc7bd8c7 100644
--- a/nuclei-templates/2024/CVE-2024-2222-7909b368603f8e81e96e69064ab1be28.yaml
+++ b/nuclei-templates/2024/CVE-2024-2222-7909b368603f8e81e96e69064ab1be28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-classifieds-and-directory-pro/"
     google-query: inurl:"/wp-content/plugins/advanced-classifieds-and-directory-pro/"
     shodan-query: 'vuln:CVE-2024-2222'
-  tags: cve,wordpress,wp-plugin,advanced-classifieds-and-directory-pro,medium
+  tags: cve,wordpress,wp-plugin,advanced-classifieds-and-directory-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2226-eb48e0d7cc280c7a495d24563f61a7d5.yaml b/nuclei-templates/2024/CVE-2024-2226-eb48e0d7cc280c7a495d24563f61a7d5.yaml
index 9aab313da1..7b2057ef1a 100644
--- a/nuclei-templates/2024/CVE-2024-2226-eb48e0d7cc280c7a495d24563f61a7d5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2226-eb48e0d7cc280c7a495d24563f61a7d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/otter-blocks/"
     google-query: inurl:"/wp-content/plugins/otter-blocks/"
     shodan-query: 'vuln:CVE-2024-2226'
-  tags: cve,wordpress,wp-plugin,otter-blocks,medium
+  tags: cve,wordpress,wp-plugin,otter-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22283-c21b3a23e799a524e3a35bb5025290a6.yaml b/nuclei-templates/2024/CVE-2024-22283-c21b3a23e799a524e3a35bb5025290a6.yaml
index cfc926ec59..4c45414f7a 100644
--- a/nuclei-templates/2024/CVE-2024-22283-c21b3a23e799a524e3a35bb5025290a6.yaml
+++ b/nuclei-templates/2024/CVE-2024-22283-c21b3a23e799a524e3a35bb5025290a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Delhivery Logistics Courier <= 1.0.107 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Delhivery Logistics Courier plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/delhivery-logistics-courier/"
     google-query: inurl:"/wp-content/plugins/delhivery-logistics-courier/"
     shodan-query: 'vuln:CVE-2024-22283'
-  tags: cve,wordpress,wp-plugin,delhivery-logistics-courier,high
+  tags: cve,wordpress,wp-plugin,delhivery-logistics-courier,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22290-521091f698c90705cd994fe26c1eef68.yaml b/nuclei-templates/2024/CVE-2024-22290-521091f698c90705cd994fe26c1eef68.yaml
index af360fa118..89724fe8bc 100644
--- a/nuclei-templates/2024/CVE-2024-22290-521091f698c90705cd994fe26c1eef68.yaml
+++ b/nuclei-templates/2024/CVE-2024-22290-521091f698c90705cd994fe26c1eef68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Dashboard Widgets <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via cdw_DashboardWidgets
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Custom Dashboard Widgets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'cdw_DashboardWidgets' function. This makes it possible for unauthenticated attackers to modify the plugin's settings, including adding a Cross-Site Scripting payload, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-dashboard-widgets/"
     google-query: inurl:"/wp-content/plugins/custom-dashboard-widgets/"
     shodan-query: 'vuln:CVE-2024-22290'
-  tags: cve,wordpress,wp-plugin,custom-dashboard-widgets,high
+  tags: cve,wordpress,wp-plugin,custom-dashboard-widgets,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22292-0c05bed3e63ebe0076e41774e5d167dd.yaml b/nuclei-templates/2024/CVE-2024-22292-0c05bed3e63ebe0076e41774e5d167dd.yaml
index 622bbac1be..454cb4079c 100644
--- a/nuclei-templates/2024/CVE-2024-22292-0c05bed3e63ebe0076e41774e5d167dd.yaml
+++ b/nuclei-templates/2024/CVE-2024-22292-0c05bed3e63ebe0076e41774e5d167dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP To Do <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-todo/"
     google-query: inurl:"/wp-content/plugins/wp-todo/"
     shodan-query: 'vuln:CVE-2024-22292'
-  tags: cve,wordpress,wp-plugin,wp-todo,medium
+  tags: cve,wordpress,wp-plugin,wp-todo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22295-21d5c5e61124efe0fdb8d063c0f79f9f.yaml b/nuclei-templates/2024/CVE-2024-22295-21d5c5e61124efe0fdb8d063c0f79f9f.yaml
index 5d66015717..f28b6c4166 100644
--- a/nuclei-templates/2024/CVE-2024-22295-21d5c5e61124efe0fdb8d063c0f79f9f.yaml
+++ b/nuclei-templates/2024/CVE-2024-22295-21d5c5e61124efe0fdb8d063c0f79f9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Robo Gallery <= 3.2.17 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/robo-gallery/"
     google-query: inurl:"/wp-content/plugins/robo-gallery/"
     shodan-query: 'vuln:CVE-2024-22295'
-  tags: cve,wordpress,wp-plugin,robo-gallery,medium
+  tags: cve,wordpress,wp-plugin,robo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22296-63b258c691616cbc41ef567bfa0329d4.yaml b/nuclei-templates/2024/CVE-2024-22296-63b258c691616cbc41ef567bfa0329d4.yaml
index a422efc249..bb910fdfd5 100644
--- a/nuclei-templates/2024/CVE-2024-22296-63b258c691616cbc41ef567bfa0329d4.yaml
+++ b/nuclei-templates/2024/CVE-2024-22296-63b258c691616cbc41ef567bfa0329d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     12 Step Meeting List <= 3.14.28 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 12 Step Meeting List plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.14.28. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/12-step-meeting-list/"
     google-query: inurl:"/wp-content/plugins/12-step-meeting-list/"
     shodan-query: 'vuln:CVE-2024-22296'
-  tags: cve,wordpress,wp-plugin,12-step-meeting-list,medium
+  tags: cve,wordpress,wp-plugin,12-step-meeting-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22297-3af00e1da087fccdad50b389a0a1a76d.yaml b/nuclei-templates/2024/CVE-2024-22297-3af00e1da087fccdad50b389a0a1a76d.yaml
index 17fdbfada6..4a58c43c4c 100644
--- a/nuclei-templates/2024/CVE-2024-22297-3af00e1da087fccdad50b389a0a1a76d.yaml
+++ b/nuclei-templates/2024/CVE-2024-22297-3af00e1da087fccdad50b389a0a1a76d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CBX Map for Google Map & OpenStreetMap <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cbxgooglemap/"
     google-query: inurl:"/wp-content/plugins/cbxgooglemap/"
     shodan-query: 'vuln:CVE-2024-22297'
-  tags: cve,wordpress,wp-plugin,cbxgooglemap,medium
+  tags: cve,wordpress,wp-plugin,cbxgooglemap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22298-7aade2b2966b32522e64422bd2ebd245.yaml b/nuclei-templates/2024/CVE-2024-22298-7aade2b2966b32522e64422bd2ebd245.yaml
index 16dcfd45ef..dbe7c8bbaa 100644
--- a/nuclei-templates/2024/CVE-2024-22298-7aade2b2966b32522e64422bd2ebd245.yaml
+++ b/nuclei-templates/2024/CVE-2024-22298-7aade2b2966b32522e64422bd2ebd245.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Amelia <= 1.0.98 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.98. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ameliabooking/"
     google-query: inurl:"/wp-content/plugins/ameliabooking/"
     shodan-query: 'vuln:CVE-2024-22298'
-  tags: cve,wordpress,wp-plugin,ameliabooking,medium
+  tags: cve,wordpress,wp-plugin,ameliabooking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22302-79d3f2b9565b075a8be7591881880990.yaml b/nuclei-templates/2024/CVE-2024-22302-79d3f2b9565b075a8be7591881880990.yaml
index 552da0cc91..3c60cd9adb 100644
--- a/nuclei-templates/2024/CVE-2024-22302-79d3f2b9565b075a8be7591881880990.yaml
+++ b/nuclei-templates/2024/CVE-2024-22302-79d3f2b9565b075a8be7591881880990.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Albo Pretorio Online <= 4.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Albo Pretorio Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 4.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/albo-pretorio-on-line/"
     google-query: inurl:"/wp-content/plugins/albo-pretorio-on-line/"
     shodan-query: 'vuln:CVE-2024-22302'
-  tags: cve,wordpress,wp-plugin,albo-pretorio-on-line,medium
+  tags: cve,wordpress,wp-plugin,albo-pretorio-on-line,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22303-8e2647d10010d639fca262268ba703d9.yaml b/nuclei-templates/2024/CVE-2024-22303-8e2647d10010d639fca262268ba703d9.yaml
index 060a629059..12ebab2e56 100644
--- a/nuclei-templates/2024/CVE-2024-22303-8e2647d10010d639fca262268ba703d9.yaml
+++ b/nuclei-templates/2024/CVE-2024-22303-8e2647d10010d639fca262268ba703d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider by Supsystic <= 1.8.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slider by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/slider-by-supsystic/"
     shodan-query: 'vuln:CVE-2024-22303'
-  tags: cve,wordpress,wp-plugin,slider-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,slider-by-supsystic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22306-b9040953fd9d7380144b780f2d4080d6.yaml b/nuclei-templates/2024/CVE-2024-22306-b9040953fd9d7380144b780f2d4080d6.yaml
index 634b432256..bd5e56b4eb 100644
--- a/nuclei-templates/2024/CVE-2024-22306-b9040953fd9d7380144b780f2d4080d6.yaml
+++ b/nuclei-templates/2024/CVE-2024-22306-b9040953fd9d7380144b780f2d4080d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mang Board WP <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mangboard/"
     google-query: inurl:"/wp-content/plugins/mangboard/"
     shodan-query: 'vuln:CVE-2024-22306'
-  tags: cve,wordpress,wp-plugin,mangboard,medium
+  tags: cve,wordpress,wp-plugin,mangboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-22310-f48987de7fcf2018d5328a03cdd21065.yaml b/nuclei-templates/2024/CVE-2024-22310-f48987de7fcf2018d5328a03cdd21065.yaml
index 48c1583a6c..cd3ec4a3d0 100644
--- a/nuclei-templates/2024/CVE-2024-22310-f48987de7fcf2018d5328a03cdd21065.yaml
+++ b/nuclei-templates/2024/CVE-2024-22310-f48987de7fcf2018d5328a03cdd21065.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formzu WP <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Formzu WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formzu-wp/"
     google-query: inurl:"/wp-content/plugins/formzu-wp/"
     shodan-query: 'vuln:CVE-2024-22310'
-  tags: cve,wordpress,wp-plugin,formzu-wp,medium
+  tags: cve,wordpress,wp-plugin,formzu-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2237-fe65855ff8de2259da21136e19e15ee9.yaml b/nuclei-templates/2024/CVE-2024-2237-fe65855ff8de2259da21136e19e15ee9.yaml
index 84ca153398..6a6545c2f6 100644
--- a/nuclei-templates/2024/CVE-2024-2237-fe65855ff8de2259da21136e19e15ee9.yaml
+++ b/nuclei-templates/2024/CVE-2024-2237-fe65855ff8de2259da21136e19e15ee9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-pro/"
     google-query: inurl:"/wp-content/plugins/premium-addons-pro/"
     shodan-query: 'vuln:CVE-2024-2237'
-  tags: cve,wordpress,wp-plugin,premium-addons-pro,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2238-3bfe779738faac39c2783a057e7fba45.yaml b/nuclei-templates/2024/CVE-2024-2238-3bfe779738faac39c2783a057e7fba45.yaml
index f5d7f58fad..0bd68f5f2d 100644
--- a/nuclei-templates/2024/CVE-2024-2238-3bfe779738faac39c2783a057e7fba45.yaml
+++ b/nuclei-templates/2024/CVE-2024-2238-3bfe779738faac39c2783a057e7fba45.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-pro/"
     google-query: inurl:"/wp-content/plugins/premium-addons-pro/"
     shodan-query: 'vuln:CVE-2024-2238'
-  tags: cve,wordpress,wp-plugin,premium-addons-pro,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2239-b898553c18a3c26f0a1b011522df0006.yaml b/nuclei-templates/2024/CVE-2024-2239-b898553c18a3c26f0a1b011522df0006.yaml
index 160b8b6983..1514388b20 100644
--- a/nuclei-templates/2024/CVE-2024-2239-b898553c18a3c26f0a1b011522df0006.yaml
+++ b/nuclei-templates/2024/CVE-2024-2239-b898553c18a3c26f0a1b011522df0006.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-pro/"
     google-query: inurl:"/wp-content/plugins/premium-addons-pro/"
     shodan-query: 'vuln:CVE-2024-2239'
-  tags: cve,wordpress,wp-plugin,premium-addons-pro,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2249-dd731c24df053ea79b95f5153fe19979.yaml b/nuclei-templates/2024/CVE-2024-2249-dd731c24df053ea79b95f5153fe19979.yaml
index e789517d54..78972079ea 100644
--- a/nuclei-templates/2024/CVE-2024-2249-dd731c24df053ea79b95f5153fe19979.yaml
+++ b/nuclei-templates/2024/CVE-2024-2249-dd731c24df053ea79b95f5153fe19979.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LA-Studio Element Kit for Elementor <= 1.3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lastudio-element-kit/"
     google-query: inurl:"/wp-content/plugins/lastudio-element-kit/"
     shodan-query: 'vuln:CVE-2024-2249'
-  tags: cve,wordpress,wp-plugin,lastudio-element-kit,medium
+  tags: cve,wordpress,wp-plugin,lastudio-element-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2250-85070818b2a0ed18993539089f99013d.yaml b/nuclei-templates/2024/CVE-2024-2250-85070818b2a0ed18993539089f99013d.yaml
index 935c83fa2e..235a71e293 100644
--- a/nuclei-templates/2024/CVE-2024-2250-85070818b2a0ed18993539089f99013d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2250-85070818b2a0ed18993539089f99013d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     130+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xpro-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/xpro-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-2250'
-  tags: cve,wordpress,wp-plugin,xpro-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,xpro-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2252-e42d0569342324174ad2b7b5b34acfd1.yaml b/nuclei-templates/2024/CVE-2024-2252-e42d0569342324174ad2b7b5b34acfd1.yaml
index 21f06037b1..468bd5333d 100644
--- a/nuclei-templates/2024/CVE-2024-2252-e42d0569342324174ad2b7b5b34acfd1.yaml
+++ b/nuclei-templates/2024/CVE-2024-2252-e42d0569342324174ad2b7b5b34acfd1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes such as URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/droit-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/droit-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-2252'
-  tags: cve,wordpress,wp-plugin,droit-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,droit-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2255-65769acec1aefbf22b461433a4ab976c.yaml b/nuclei-templates/2024/CVE-2024-2255-65769acec1aefbf22b461433a4ab976c.yaml
index 4b0c699e0c..a04e554a81 100644
--- a/nuclei-templates/2024/CVE-2024-2255-65769acec1aefbf22b461433a4ab976c.yaml
+++ b/nuclei-templates/2024/CVE-2024-2255-65769acec1aefbf22b461433a4ab976c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2024-2255'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2256-31709e141c457255c2ab0ae7529088be.yaml b/nuclei-templates/2024/CVE-2024-2256-31709e141c457255c2ab0ae7529088be.yaml
index 26bc4000b7..de7060db27 100644
--- a/nuclei-templates/2024/CVE-2024-2256-31709e141c457255c2ab0ae7529088be.yaml
+++ b/nuclei-templates/2024/CVE-2024-2256-31709e141c457255c2ab0ae7529088be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     oik <= 4.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oik/"
     google-query: inurl:"/wp-content/plugins/oik/"
     shodan-query: 'vuln:CVE-2024-2256'
-  tags: cve,wordpress,wp-plugin,oik,medium
+  tags: cve,wordpress,wp-plugin,oik,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2258-5ab78d017180c321a2a306a692c78211.yaml b/nuclei-templates/2024/CVE-2024-2258-5ab78d017180c321a2a306a692c78211.yaml
index 0e4dea4e7c..451608d199 100644
--- a/nuclei-templates/2024/CVE-2024-2258-5ab78d017180c321a2a306a692c78211.yaml
+++ b/nuclei-templates/2024/CVE-2024-2258-5ab78d017180c321a2a306a692c78211.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-maker/"
     google-query: inurl:"/wp-content/plugins/form-maker/"
     shodan-query: 'vuln:CVE-2024-2258'
-  tags: cve,wordpress,wp-plugin,form-maker,medium
+  tags: cve,wordpress,wp-plugin,form-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2273-f0d72e9f2bbc50f42260a8f158b94cfc.yaml b/nuclei-templates/2024/CVE-2024-2273-f0d72e9f2bbc50f42260a8f158b94cfc.yaml
index 43f4fe553d..70de00ebe2 100644
--- a/nuclei-templates/2024/CVE-2024-2273-f0d72e9f2bbc50f42260a8f158b94cfc.yaml
+++ b/nuclei-templates/2024/CVE-2024-2273-f0d72e9f2bbc50f42260a8f158b94cfc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2024-2273'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,medium
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2278-d0c7733d559f41b4b35373b971b25453.yaml b/nuclei-templates/2024/CVE-2024-2278-d0c7733d559f41b4b35373b971b25453.yaml
index d4ff0ee97b..80191afe94 100644
--- a/nuclei-templates/2024/CVE-2024-2278-d0c7733d559f41b4b35373b971b25453.yaml
+++ b/nuclei-templates/2024/CVE-2024-2278-d0c7733d559f41b4b35373b971b25453.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify – WooCommerce Product Filter <= 1.4.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-wc-product-filter/"
     google-query: inurl:"/wp-content/plugins/themify-wc-product-filter/"
     shodan-query: 'vuln:CVE-2024-2278'
-  tags: cve,wordpress,wp-plugin,themify-wc-product-filter,medium
+  tags: cve,wordpress,wp-plugin,themify-wc-product-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2280-b4d70a86acec874506b4ab2dcb06e399.yaml b/nuclei-templates/2024/CVE-2024-2280-b4d70a86acec874506b4ab2dcb06e399.yaml
index b5217dde6b..f4f7d33195 100644
--- a/nuclei-templates/2024/CVE-2024-2280-b4d70a86acec874506b4ab2dcb06e399.yaml
+++ b/nuclei-templates/2024/CVE-2024-2280-b4d70a86acec874506b4ab2dcb06e399.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/better-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-2280'
-  tags: cve,wordpress,wp-plugin,better-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,better-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2286-f0d3919ed390e73df44ed1542e1a826f.yaml b/nuclei-templates/2024/CVE-2024-2286-f0d3919ed390e73df44ed1542e1a826f.yaml
index 1c2ba800c3..9953df76ea 100644
--- a/nuclei-templates/2024/CVE-2024-2286-f0d3919ed390e73df44ed1542e1a826f.yaml
+++ b/nuclei-templates/2024/CVE-2024-2286-f0d3919ed390e73df44ed1542e1a826f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sky Addons for Elementor <= 2.4.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sky-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/sky-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-2286'
-  tags: cve,wordpress,wp-plugin,sky-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,sky-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2287-f1c3c3df1834bde215592ceeafa99ec0.yaml b/nuclei-templates/2024/CVE-2024-2287-f1c3c3df1834bde215592ceeafa99ec0.yaml
index 5c8cc78900..3acc2e14b5 100644
--- a/nuclei-templates/2024/CVE-2024-2287-f1c3c3df1834bde215592ceeafa99ec0.yaml
+++ b/nuclei-templates/2024/CVE-2024-2287-f1c3c3df1834bde215592ceeafa99ec0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Knight Lab Timeline <= 3.9.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/knight-lab-timelinejs/"
     google-query: inurl:"/wp-content/plugins/knight-lab-timelinejs/"
     shodan-query: 'vuln:CVE-2024-2287'
-  tags: cve,wordpress,wp-plugin,knight-lab-timelinejs,medium
+  tags: cve,wordpress,wp-plugin,knight-lab-timelinejs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2289-97dd2eef8600f91fddf3cdf090566811.yaml b/nuclei-templates/2024/CVE-2024-2289-97dd2eef8600f91fddf3cdf090566811.yaml
index 9e356b0d40..e72a845bba 100644
--- a/nuclei-templates/2024/CVE-2024-2289-97dd2eef8600f91fddf3cdf090566811.yaml
+++ b/nuclei-templates/2024/CVE-2024-2289-97dd2eef8600f91fddf3cdf090566811.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPack Lite for Beaver Builder <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via element link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpack-addon-for-beaver-builder/"
     google-query: inurl:"/wp-content/plugins/powerpack-addon-for-beaver-builder/"
     shodan-query: 'vuln:CVE-2024-2289'
-  tags: cve,wordpress,wp-plugin,powerpack-addon-for-beaver-builder,medium
+  tags: cve,wordpress,wp-plugin,powerpack-addon-for-beaver-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2290-83e91dab60d5a445ab0bd5d25903d462.yaml b/nuclei-templates/2024/CVE-2024-2290-83e91dab60d5a445ab0bd5d25903d462.yaml
index 08dfaff3a3..8901de0b8a 100644
--- a/nuclei-templates/2024/CVE-2024-2290-83e91dab60d5a445ab0bd5d25903d462.yaml
+++ b/nuclei-templates/2024/CVE-2024-2290-83e91dab60d5a445ab0bd5d25903d462.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-ads/"
     google-query: inurl:"/wp-content/plugins/advanced-ads/"
     shodan-query: 'vuln:CVE-2024-2290'
-  tags: cve,wordpress,wp-plugin,advanced-ads,high
+  tags: cve,wordpress,wp-plugin,advanced-ads,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2293-5d6957b18909422bd5f841b070340ee6.yaml b/nuclei-templates/2024/CVE-2024-2293-5d6957b18909422bd5f841b070340ee6.yaml
index eb92804c85..68e465ba85 100644
--- a/nuclei-templates/2024/CVE-2024-2293-5d6957b18909422bd5f841b070340ee6.yaml
+++ b/nuclei-templates/2024/CVE-2024-2293-5d6957b18909422bd5f841b070340ee6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-reviews/"
     google-query: inurl:"/wp-content/plugins/site-reviews/"
     shodan-query: 'vuln:CVE-2024-2293'
-  tags: cve,wordpress,wp-plugin,site-reviews,medium
+  tags: cve,wordpress,wp-plugin,site-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2294-471be969472b8d0ef26e1ed1be3ca7b8.yaml b/nuclei-templates/2024/CVE-2024-2294-471be969472b8d0ef26e1ed1be3ca7b8.yaml
index 2085ff6c8c..6605778cb6 100644
--- a/nuclei-templates/2024/CVE-2024-2294-471be969472b8d0ef26e1ed1be3ca7b8.yaml
+++ b/nuclei-templates/2024/CVE-2024-2294-471be969472b8d0ef26e1ed1be3ca7b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backuply – Backup, Restore, Migrate and Clone <= 1.2.7 - Authenticated (Admin+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backuply/"
     google-query: inurl:"/wp-content/plugins/backuply/"
     shodan-query: 'vuln:CVE-2024-2294'
-  tags: cve,wordpress,wp-plugin,backuply,medium
+  tags: cve,wordpress,wp-plugin,backuply,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2296-730408927df5a002660d3bc7f56fa1f5.yaml b/nuclei-templates/2024/CVE-2024-2296-730408927df5a002660d3bc7f56fa1f5.yaml
index 160fd5a4a8..6f5a8c6f7f 100644
--- a/nuclei-templates/2024/CVE-2024-2296-730408927df5a002660d3bc7f56fa1f5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2296-730408927df5a002660d3bc7f56fa1f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. CVE-2024-29833 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2024-2296'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2298-6af7c3d9958b5f30ac2537a2fdf59735.yaml b/nuclei-templates/2024/CVE-2024-2298-6af7c3d9958b5f30ac2537a2fdf59735.yaml
index 104b2f87da..9ca7d512d8 100644
--- a/nuclei-templates/2024/CVE-2024-2298-6af7c3d9958b5f30ac2537a2fdf59735.yaml
+++ b/nuclei-templates/2024/CVE-2024-2298-6af7c3d9958b5f30ac2537a2fdf59735.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_import_product
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating importing products.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliate-toolkit-starter/"
     google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/"
     shodan-query: 'vuln:CVE-2024-2298'
-  tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,medium
+  tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2303-2411b4426d78f7ca35565f6c5d4b0e5b.yaml b/nuclei-templates/2024/CVE-2024-2303-2411b4426d78f7ca35565f6c5d4b0e5b.yaml
index 4f331a362b..18b3364d9f 100644
--- a/nuclei-templates/2024/CVE-2024-2303-2411b4426d78f7ca35565f6c5d4b0e5b.yaml
+++ b/nuclei-templates/2024/CVE-2024-2303-2411b4426d78f7ca35565f6c5d4b0e5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Textillate <= 2.01 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'textillate' shortcode in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-textillate/"
     google-query: inurl:"/wp-content/plugins/easy-textillate/"
     shodan-query: 'vuln:CVE-2024-2303'
-  tags: cve,wordpress,wp-plugin,easy-textillate,medium
+  tags: cve,wordpress,wp-plugin,easy-textillate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2304-b8a793584d2186fb4e0aa8046771e551.yaml b/nuclei-templates/2024/CVE-2024-2304-b8a793584d2186fb4e0aa8046771e551.yaml
index 92d423279c..206db27a7c 100644
--- a/nuclei-templates/2024/CVE-2024-2304-b8a793584d2186fb4e0aa8046771e551.yaml
+++ b/nuclei-templates/2024/CVE-2024-2304-b8a793584d2186fb4e0aa8046771e551.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Animated Headline <= 4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/animated-headline/"
     google-query: inurl:"/wp-content/plugins/animated-headline/"
     shodan-query: 'vuln:CVE-2024-2304'
-  tags: cve,wordpress,wp-plugin,animated-headline,medium
+  tags: cve,wordpress,wp-plugin,animated-headline,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2305-42392b45ae66f65286752e395147b8a3.yaml b/nuclei-templates/2024/CVE-2024-2305-42392b45ae66f65286752e395147b8a3.yaml
index 6faf8668ef..08ddc807b4 100644
--- a/nuclei-templates/2024/CVE-2024-2305-42392b45ae66f65286752e395147b8a3.yaml
+++ b/nuclei-templates/2024/CVE-2024-2305-42392b45ae66f65286752e395147b8a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cards for Beaver Builder <= 1.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via bootstrapcard link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link  in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bb-bootstrap-cards/"
     google-query: inurl:"/wp-content/plugins/bb-bootstrap-cards/"
     shodan-query: 'vuln:CVE-2024-2305'
-  tags: cve,wordpress,wp-plugin,bb-bootstrap-cards,medium
+  tags: cve,wordpress,wp-plugin,bb-bootstrap-cards,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2306-ea2d65615410e5461dba977dc309841e.yaml b/nuclei-templates/2024/CVE-2024-2306-ea2d65615410e5461dba977dc309841e.yaml
index 75db6fa735..79d746bc14 100644
--- a/nuclei-templates/2024/CVE-2024-2306-ea2d65615410e5461dba977dc309841e.yaml
+++ b/nuclei-templates/2024/CVE-2024-2306-ea2d65615410e5461dba977dc309841e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure revslider can be extended to authors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/revslider/"
     google-query: inurl:"/wp-content/plugins/revslider/"
     shodan-query: 'vuln:CVE-2024-2306'
-  tags: cve,wordpress,wp-plugin,revslider,medium
+  tags: cve,wordpress,wp-plugin,revslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2308-1b9ddc8767486e6841efc7560084f93c.yaml b/nuclei-templates/2024/CVE-2024-2308-1b9ddc8767486e6841efc7560084f93c.yaml
index 9e1157370d..b722ac537d 100644
--- a/nuclei-templates/2024/CVE-2024-2308-1b9ddc8767486e6841efc7560084f93c.yaml
+++ b/nuclei-templates/2024/CVE-2024-2308-1b9ddc8767486e6841efc7560084f93c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementInvader Addons for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementinvader-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/elementinvader-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2308'
-  tags: cve,wordpress,wp-plugin,elementinvader-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,elementinvader-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2309-f1e3da63f99b2cc6fa2a68c3535839bf.yaml b/nuclei-templates/2024/CVE-2024-2309-f1e3da63f99b2cc6fa2a68c3535839bf.yaml
index 885700ba9d..06f838f8ce 100644
--- a/nuclei-templates/2024/CVE-2024-2309-f1e3da63f99b2cc6fa2a68c3535839bf.yaml
+++ b/nuclei-templates/2024/CVE-2024-2309-f1e3da63f99b2cc6fa2a68c3535839bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Staging (Free <= 3.3.3, Pro <= 5.3.3) - Authenticated (Administrator+) Stored Cross-Site-Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Staging (Free <= 3.3.3, Pro <= 5.3.3) plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in various versions due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.4
     cve-id: CVE-2024-2309
   metadata:
-    fofa-query: "wp-content/plugins/wp-staging/"
-    google-query: inurl:"/wp-content/plugins/wp-staging/"
+    fofa-query: "wp-content/plugins/wp-staging-pro/"
+    google-query: inurl:"/wp-content/plugins/wp-staging-pro/"
     shodan-query: 'vuln:CVE-2024-2309'
-  tags: cve,wordpress,wp-plugin,wp-staging,medium
+  tags: cve,wordpress,wp-plugin,wp-staging-pro,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-staging/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-staging-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wp-staging"
+          - "wp-staging-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.3.3')
\ No newline at end of file
+          - compare_versions(version, '<= 5.3.3')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-2310-12c0516e02b16dc0e022502178a348b1.yaml b/nuclei-templates/2024/CVE-2024-2310-12c0516e02b16dc0e022502178a348b1.yaml
index a46077968f..9ffdf5c7d2 100644
--- a/nuclei-templates/2024/CVE-2024-2310-12c0516e02b16dc0e022502178a348b1.yaml
+++ b/nuclei-templates/2024/CVE-2024-2310-12c0516e02b16dc0e022502178a348b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Review Slider <= 13.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Google Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-places-review-slider/"
     google-query: inurl:"/wp-content/plugins/wp-google-places-review-slider/"
     shodan-query: 'vuln:CVE-2024-2310'
-  tags: cve,wordpress,wp-plugin,wp-google-places-review-slider,medium
+  tags: cve,wordpress,wp-plugin,wp-google-places-review-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2311-c75774e4c2c9b9851693b07aeb2b25ad.yaml b/nuclei-templates/2024/CVE-2024-2311-c75774e4c2c9b9851693b07aeb2b25ad.yaml
index 9da76b4dc5..835b515653 100644
--- a/nuclei-templates/2024/CVE-2024-2311-c75774e4c2c9b9851693b07aeb2b25ad.yaml
+++ b/nuclei-templates/2024/CVE-2024-2311-c75774e4c2c9b9851693b07aeb2b25ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 7.11.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2024-2311'
-  tags: cve,wordpress,wp-theme,Avada,medium
+  tags: cve,wordpress,wp-theme,Avada,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2324-fe85729fdce83d2abcd870326a089bf5.yaml b/nuclei-templates/2024/CVE-2024-2324-fe85729fdce83d2abcd870326a089bf5.yaml
index 4e1c39f2c4..e434611936 100644
--- a/nuclei-templates/2024/CVE-2024-2324-fe85729fdce83d2abcd870326a089bf5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2324-fe85729fdce83d2abcd870326a089bf5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. For the free version, this is limited to administrators. The pro version is also vulnerable and exploitable by administrators, but also offers the functionality to lower level users (as low as subscribers) if enabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fileorganizer/"
     google-query: inurl:"/wp-content/plugins/fileorganizer/"
     shodan-query: 'vuln:CVE-2024-2324'
-  tags: cve,wordpress,wp-plugin,fileorganizer,medium
+  tags: cve,wordpress,wp-plugin,fileorganizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2327-13ea368d9bd0647c7fbc9fa83359351c.yaml b/nuclei-templates/2024/CVE-2024-2327-13ea368d9bd0647c7fbc9fa83359351c.yaml
index 4910a2b4cb..e4da9bb03b 100644
--- a/nuclei-templates/2024/CVE-2024-2327-13ea368d9bd0647c7fbc9fa83359351c.yaml
+++ b/nuclei-templates/2024/CVE-2024-2327-13ea368d9bd0647c7fbc9fa83359351c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Global Elementor Buttons <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/global-elementor-buttons/"
     google-query: inurl:"/wp-content/plugins/global-elementor-buttons/"
     shodan-query: 'vuln:CVE-2024-2327'
-  tags: cve,wordpress,wp-plugin,global-elementor-buttons,medium
+  tags: cve,wordpress,wp-plugin,global-elementor-buttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2328-458c0d6ab63df27e3e21cbe7fc77cfd2.yaml b/nuclei-templates/2024/CVE-2024-2328-458c0d6ab63df27e3e21cbe7fc77cfd2.yaml
index d98c31fece..4da076f100 100644
--- a/nuclei-templates/2024/CVE-2024-2328-458c0d6ab63df27e3e21cbe7fc77cfd2.yaml
+++ b/nuclei-templates/2024/CVE-2024-2328-458c0d6ab63df27e3e21cbe7fc77cfd2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/real-media-library-lite/"
     google-query: inurl:"/wp-content/plugins/real-media-library-lite/"
     shodan-query: 'vuln:CVE-2024-2328'
-  tags: cve,wordpress,wp-plugin,real-media-library-lite,medium
+  tags: cve,wordpress,wp-plugin,real-media-library-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2334-1024fb2bb768926b2f10b7f06d6c4de1.yaml b/nuclei-templates/2024/CVE-2024-2334-1024fb2bb768926b2f10b7f06d6c4de1.yaml
index 3fa11ebaec..18ae39bf22 100644
--- a/nuclei-templates/2024/CVE-2024-2334-1024fb2bb768926b2f10b7f06d6c4de1.yaml
+++ b/nuclei-templates/2024/CVE-2024-2334-1024fb2bb768926b2f10b7f06d6c4de1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Template Kit – Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/template-kit-import/"
     google-query: inurl:"/wp-content/plugins/template-kit-import/"
     shodan-query: 'vuln:CVE-2024-2334'
-  tags: cve,wordpress,wp-plugin,template-kit-import,medium
+  tags: cve,wordpress,wp-plugin,template-kit-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2335-3da99f6ccd8b569aa4895183dacec31a.yaml b/nuclei-templates/2024/CVE-2024-2335-3da99f6ccd8b569aa4895183dacec31a.yaml
index 2f99262220..2b31b1bc73 100644
--- a/nuclei-templates/2024/CVE-2024-2335-3da99f6ccd8b569aa4895183dacec31a.yaml
+++ b/nuclei-templates/2024/CVE-2024-2335-3da99f6ccd8b569aa4895183dacec31a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elements Plus! <= 2.16.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elements-plus/"
     google-query: inurl:"/wp-content/plugins/elements-plus/"
     shodan-query: 'vuln:CVE-2024-2335'
-  tags: cve,wordpress,wp-plugin,elements-plus,medium
+  tags: cve,wordpress,wp-plugin,elements-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2336-c446e0b00a3a4561bee5779481d638d6.yaml b/nuclei-templates/2024/CVE-2024-2336-c446e0b00a3a4561bee5779481d638d6.yaml
index 2bcdd6ed0d..cc51ca842e 100644
--- a/nuclei-templates/2024/CVE-2024-2336-c446e0b00a3a4561bee5779481d638d6.yaml
+++ b/nuclei-templates/2024/CVE-2024-2336-c446e0b00a3a4561bee5779481d638d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Maker – Popup for opt-ins, lead gen, & more <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-maker/"
     google-query: inurl:"/wp-content/plugins/popup-maker/"
     shodan-query: 'vuln:CVE-2024-2336'
-  tags: cve,wordpress,wp-plugin,popup-maker,medium
+  tags: cve,wordpress,wp-plugin,popup-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2341-8913b61e532a835b143f97f633aefd8d.yaml b/nuclei-templates/2024/CVE-2024-2341-8913b61e532a835b143f97f633aefd8d.yaml
index a559f8e761..27c2272719 100644
--- a/nuclei-templates/2024/CVE-2024-2341-8913b61e532a835b143f97f633aefd8d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2341-8913b61e532a835b143f97f633aefd8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber access and above,  to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simply-schedule-appointments/"
     google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/"
     shodan-query: 'vuln:CVE-2024-2341'
-  tags: cve,wordpress,wp-plugin,simply-schedule-appointments,high
+  tags: cve,wordpress,wp-plugin,simply-schedule-appointments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2342-4875a2fe8d20d1fa49a472eba79255a0.yaml b/nuclei-templates/2024/CVE-2024-2342-4875a2fe8d20d1fa49a472eba79255a0.yaml
index c27651773c..abc46c57b4 100644
--- a/nuclei-templates/2024/CVE-2024-2342-4875a2fe8d20d1fa49a472eba79255a0.yaml
+++ b/nuclei-templates/2024/CVE-2024-2342-4875a2fe8d20d1fa49a472eba79255a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simply-schedule-appointments/"
     google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/"
     shodan-query: 'vuln:CVE-2024-2342'
-  tags: cve,wordpress,wp-plugin,simply-schedule-appointments,high
+  tags: cve,wordpress,wp-plugin,simply-schedule-appointments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2343-003889b218e2b00be9012c017586c0d2.yaml b/nuclei-templates/2024/CVE-2024-2343-003889b218e2b00be9012c017586c0d2.yaml
index 62083fa8c1..b064f2293b 100644
--- a/nuclei-templates/2024/CVE-2024-2343-003889b218e2b00be9012c017586c0d2.yaml
+++ b/nuclei-templates/2024/CVE-2024-2343-003889b218e2b00be9012c017586c0d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2024-2343'
-  tags: cve,wordpress,wp-theme,Avada,medium
+  tags: cve,wordpress,wp-theme,Avada,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2344-907496c3b43ef59b87d499ec04fd4467.yaml b/nuclei-templates/2024/CVE-2024-2344-907496c3b43ef59b87d499ec04fd4467.yaml
index 661f19fa8f..37c23f6602 100644
--- a/nuclei-templates/2024/CVE-2024-2344-907496c3b43ef59b87d499ec04fd4467.yaml
+++ b/nuclei-templates/2024/CVE-2024-2344-907496c3b43ef59b87d499ec04fd4467.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 7.11.6 - Authenticated (Editor+) SQL Injection via entry
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:CVE-2024-2344'
-  tags: cve,wordpress,wp-theme,Avada,high
+  tags: cve,wordpress,wp-theme,Avada,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2345-16b2d22f9ed4777d1430ed12968eaafe.yaml b/nuclei-templates/2024/CVE-2024-2345-16b2d22f9ed4777d1430ed12968eaafe.yaml
index 0960cf8b11..1426a84a3c 100644
--- a/nuclei-templates/2024/CVE-2024-2345-16b2d22f9ed4777d1430ed12968eaafe.yaml
+++ b/nuclei-templates/2024/CVE-2024-2345-16b2d22f9ed4777d1430ed12968eaafe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including, 5.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filebird/"
     google-query: inurl:"/wp-content/plugins/filebird/"
     shodan-query: 'vuln:CVE-2024-2345'
-  tags: cve,wordpress,wp-plugin,filebird,medium
+  tags: cve,wordpress,wp-plugin,filebird,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2346-61cc715601cb540fc69b978e74da1091.yaml b/nuclei-templates/2024/CVE-2024-2346-61cc715601cb540fc69b978e74da1091.yaml
index 24fb5c3b64..a7b2aba463 100644
--- a/nuclei-templates/2024/CVE-2024-2346-61cc715601cb540fc69b978e74da1091.yaml
+++ b/nuclei-templates/2024/CVE-2024-2346-61cc715601cb540fc69b978e74da1091.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author access or higher, to delete folders created by other users and make their file uploads visible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filebird/"
     google-query: inurl:"/wp-content/plugins/filebird/"
     shodan-query: 'vuln:CVE-2024-2346'
-  tags: cve,wordpress,wp-plugin,filebird,medium
+  tags: cve,wordpress,wp-plugin,filebird,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2347-4d6ff8c8afd1310bcbc6da555c1c2ca4.yaml b/nuclei-templates/2024/CVE-2024-2347-4d6ff8c8afd1310bcbc6da555c1c2ca4.yaml
index 0673f28bd6..ea8397c011 100644
--- a/nuclei-templates/2024/CVE-2024-2347-4d6ff8c8afd1310bcbc6da555c1c2ca4.yaml
+++ b/nuclei-templates/2024/CVE-2024-2347-4d6ff8c8afd1310bcbc6da555c1c2ca4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Astra <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/astra/"
     google-query: inurl:"/wp-content/themes/astra/"
     shodan-query: 'vuln:CVE-2024-2347'
-  tags: cve,wordpress,wp-theme,astra,medium
+  tags: cve,wordpress,wp-theme,astra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2348-dd93174b0504049ccc03e08eec846159.yaml b/nuclei-templates/2024/CVE-2024-2348-dd93174b0504049ccc03e08eec846159.yaml
index 25ec391517..cfcc4d999d 100644
--- a/nuclei-templates/2024/CVE-2024-2348-dd93174b0504049ccc03e08eec846159.yaml
+++ b/nuclei-templates/2024/CVE-2024-2348-dd93174b0504049ccc03e08eec846159.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gum Elementor Addon <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gum-elementor-addon/"
     google-query: inurl:"/wp-content/plugins/gum-elementor-addon/"
     shodan-query: 'vuln:CVE-2024-2348'
-  tags: cve,wordpress,wp-plugin,gum-elementor-addon,medium
+  tags: cve,wordpress,wp-plugin,gum-elementor-addon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2349-4eb5559b22a18e9337a5880d5e2f32aa.yaml b/nuclei-templates/2024/CVE-2024-2349-4eb5559b22a18e9337a5880d5e2f32aa.yaml
index 7d3b5e4d95..a11491e1d8 100644
--- a/nuclei-templates/2024/CVE-2024-2349-4eb5559b22a18e9337a5880d5e2f32aa.yaml
+++ b/nuclei-templates/2024/CVE-2024-2349-4eb5559b22a18e9337a5880d5e2f32aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fancy Elementor Flipbox <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Elementor Flipbox Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fancy Elementor Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Elementor Flipbox widget in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancy-elementor-flipbox/"
     google-query: inurl:"/wp-content/plugins/fancy-elementor-flipbox/"
     shodan-query: 'vuln:CVE-2024-2349'
-  tags: cve,wordpress,wp-plugin,fancy-elementor-flipbox,medium
+  tags: cve,wordpress,wp-plugin,fancy-elementor-flipbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23500-73e0ed91223d9a0bf611aaf9c6ef87bb.yaml b/nuclei-templates/2024/CVE-2024-23500-73e0ed91223d9a0bf611aaf9c6ef87bb.yaml
index f7300650b4..50755ecf53 100644
--- a/nuclei-templates/2024/CVE-2024-23500-73e0ed91223d9a0bf611aaf9c6ef87bb.yaml
+++ b/nuclei-templates/2024/CVE-2024-23500-73e0ed91223d9a0bf611aaf9c6ef87bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.19 - Authenticated (Contributor+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.19. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2024-23500'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,medium
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23501-b6e604dc0c4bb898e75726aff1be1de2.yaml b/nuclei-templates/2024/CVE-2024-23501-b6e604dc0c4bb898e75726aff1be1de2.yaml
index 78bd92e9f7..98afcb3a83 100644
--- a/nuclei-templates/2024/CVE-2024-23501-b6e604dc0c4bb898e75726aff1be1de2.yaml
+++ b/nuclei-templates/2024/CVE-2024-23501-b6e604dc0c4bb898e75726aff1be1de2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ebook Store <= 5.8001 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ebook-store/"
     google-query: inurl:"/wp-content/plugins/ebook-store/"
     shodan-query: 'vuln:CVE-2024-23501'
-  tags: cve,wordpress,wp-plugin,ebook-store,medium
+  tags: cve,wordpress,wp-plugin,ebook-store,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23502-dd54abc9fa7f2f5d5c6010fa1c8c3d7f.yaml b/nuclei-templates/2024/CVE-2024-23502-dd54abc9fa7f2f5d5c6010fa1c8c3d7f.yaml
index 36c2311017..0f7f6df3f6 100644
--- a/nuclei-templates/2024/CVE-2024-23502-dd54abc9fa7f2f5d5c6010fa1c8c3d7f.yaml
+++ b/nuclei-templates/2024/CVE-2024-23502-dd54abc9fa7f2f5d5c6010fa1c8c3d7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Posts List Designer by Category – List Category Posts Or Recent Posts <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Posts List Designer by Category – List Category Posts Or Recent Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-list-designer/"
     google-query: inurl:"/wp-content/plugins/post-list-designer/"
     shodan-query: 'vuln:CVE-2024-23502'
-  tags: cve,wordpress,wp-plugin,post-list-designer,medium
+  tags: cve,wordpress,wp-plugin,post-list-designer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23504-208c19b89658d8f67c58a70365a86a8d.yaml b/nuclei-templates/2024/CVE-2024-23504-208c19b89658d8f67c58a70365a86a8d.yaml
index 3560f70d3d..32ac7fafd5 100644
--- a/nuclei-templates/2024/CVE-2024-23504-208c19b89658d8f67c58a70365a86a8d.yaml
+++ b/nuclei-templates/2024/CVE-2024-23504-208c19b89658d8f67c58a70365a86a8d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Tables <= 5.0.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ninja Tables plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the defaultExport() and dragAndDropExport() functions in versions up to, and including, 5.0.5. This makes it possible for unauthenticated attackers to export table data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-tables/"
     google-query: inurl:"/wp-content/plugins/ninja-tables/"
     shodan-query: 'vuln:CVE-2024-23504'
-  tags: cve,wordpress,wp-plugin,ninja-tables,medium
+  tags: cve,wordpress,wp-plugin,ninja-tables,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23505-68faa1f3e16f9348cbcda9eee2cb1dfc.yaml b/nuclei-templates/2024/CVE-2024-23505-68faa1f3e16f9348cbcda9eee2cb1dfc.yaml
index c440a70105..67f9958669 100644
--- a/nuclei-templates/2024/CVE-2024-23505-68faa1f3e16f9348cbcda9eee2cb1dfc.yaml
+++ b/nuclei-templates/2024/CVE-2024-23505-68faa1f3e16f9348cbcda9eee2cb1dfc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Viewer & 3D PDF Flipbook – DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PDF Viewer & 3D PDF Flipbook – DearPDF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dearpdf-lite/"
     google-query: inurl:"/wp-content/plugins/dearpdf-lite/"
     shodan-query: 'vuln:CVE-2024-23505'
-  tags: cve,wordpress,wp-plugin,dearpdf-lite,medium
+  tags: cve,wordpress,wp-plugin,dearpdf-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23505-6fd235aefa59090c5fd7d5db3ca17c7f.yaml b/nuclei-templates/2024/CVE-2024-23505-6fd235aefa59090c5fd7d5db3ca17c7f.yaml
index 8297912c86..41c97fedfd 100644
--- a/nuclei-templates/2024/CVE-2024-23505-6fd235aefa59090c5fd7d5db3ca17c7f.yaml
+++ b/nuclei-templates/2024/CVE-2024-23505-6fd235aefa59090c5fd7d5db3ca17c7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Viewer & 3D PDF Flipbook – DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PDF Viewer & 3D PDF Flipbook – DearPDF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dearpdf-lite/"
     google-query: inurl:"/wp-content/plugins/dearpdf-lite/"
     shodan-query: 'vuln:CVE-2024-23505'
-  tags: cve,wordpress,wp-plugin,dearpdf-lite,medium
+  tags: cve,wordpress,wp-plugin,dearpdf-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23506-6e954d80cfdd10ddfc11dcc5cbf99755.yaml b/nuclei-templates/2024/CVE-2024-23506-6e954d80cfdd10ddfc11dcc5cbf99755.yaml
index 34f2fb6a84..8de7802240 100644
--- a/nuclei-templates/2024/CVE-2024-23506-6e954d80cfdd10ddfc11dcc5cbf99755.yaml
+++ b/nuclei-templates/2024/CVE-2024-23506-6e954d80cfdd10ddfc11dcc5cbf99755.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     InstaWP Connect <= 0.1.0.9 - Missing Authorization to Sensitive Information Dislcosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 0.1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instawp-connect/"
     google-query: inurl:"/wp-content/plugins/instawp-connect/"
     shodan-query: 'vuln:CVE-2024-23506'
-  tags: cve,wordpress,wp-plugin,instawp-connect,medium
+  tags: cve,wordpress,wp-plugin,instawp-connect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23507-124137503555ee97714094a30a8333d0.yaml b/nuclei-templates/2024/CVE-2024-23507-124137503555ee97714094a30a8333d0.yaml
index 2d905c0c20..21d95727f0 100644
--- a/nuclei-templates/2024/CVE-2024-23507-124137503555ee97714094a30a8333d0.yaml
+++ b/nuclei-templates/2024/CVE-2024-23507-124137503555ee97714094a30a8333d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     InstaWP Connect <= 0.1.0.9 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The InstaWP Connect plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instawp-connect/"
     google-query: inurl:"/wp-content/plugins/instawp-connect/"
     shodan-query: 'vuln:CVE-2024-23507'
-  tags: cve,wordpress,wp-plugin,instawp-connect,high
+  tags: cve,wordpress,wp-plugin,instawp-connect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23511-53696e5218de6a7c32a3a9109583afd7.yaml b/nuclei-templates/2024/CVE-2024-23511-53696e5218de6a7c32a3a9109583afd7.yaml
index ef05e8b4a9..b67716bf54 100644
--- a/nuclei-templates/2024/CVE-2024-23511-53696e5218de6a7c32a3a9109583afd7.yaml
+++ b/nuclei-templates/2024/CVE-2024-23511-53696e5218de6a7c32a3a9109583afd7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor <= 5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-23511'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23513-f53efc19e67fc15708f7aff7dc031f4c.yaml b/nuclei-templates/2024/CVE-2024-23513-f53efc19e67fc15708f7aff7dc031f4c.yaml
index de24b9b36d..4e88517229 100644
--- a/nuclei-templates/2024/CVE-2024-23513-f53efc19e67fc15708f7aff7dc031f4c.yaml
+++ b/nuclei-templates/2024/CVE-2024-23513-f53efc19e67fc15708f7aff7dc031f4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PropertyHive <= 2.0.5 - Unauthenticated PHP Object Injection via propertyhive_currency
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The PropertyHive plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.5 via deserialization of untrusted input from the 'propertyhive_currency' cookie value. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/propertyhive/"
     google-query: inurl:"/wp-content/plugins/propertyhive/"
     shodan-query: 'vuln:CVE-2024-23513'
-  tags: cve,wordpress,wp-plugin,propertyhive,high
+  tags: cve,wordpress,wp-plugin,propertyhive,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23514-935ebeacc0c73d89223e844fd2aaeaeb.yaml b/nuclei-templates/2024/CVE-2024-23514-935ebeacc0c73d89223e844fd2aaeaeb.yaml
index cbee9294bc..14c6e47b82 100644
--- a/nuclei-templates/2024/CVE-2024-23514-935ebeacc0c73d89223e844fd2aaeaeb.yaml
+++ b/nuclei-templates/2024/CVE-2024-23514-935ebeacc0c73d89223e844fd2aaeaeb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Click To Tweet <= 2.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Click To Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/click-to-tweet/"
     google-query: inurl:"/wp-content/plugins/click-to-tweet/"
     shodan-query: 'vuln:CVE-2024-23514'
-  tags: cve,wordpress,wp-plugin,click-to-tweet,medium
+  tags: cve,wordpress,wp-plugin,click-to-tweet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23516-3049339e7a57ef7848a40fe1f1e47b95.yaml b/nuclei-templates/2024/CVE-2024-23516-3049339e7a57ef7848a40fe1f1e47b95.yaml
index ecf416cc38..fce30bd378 100644
--- a/nuclei-templates/2024/CVE-2024-23516-3049339e7a57ef7848a40fe1f1e47b95.yaml
+++ b/nuclei-templates/2024/CVE-2024-23516-3049339e7a57ef7848a40fe1f1e47b95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CC BMI Calculator <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CC BMI Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cc-bmi-calculator/"
     google-query: inurl:"/wp-content/plugins/cc-bmi-calculator/"
     shodan-query: 'vuln:CVE-2024-23516'
-  tags: cve,wordpress,wp-plugin,cc-bmi-calculator,medium
+  tags: cve,wordpress,wp-plugin,cc-bmi-calculator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23517-b0ee79ee6bfacccc5c859ba67a33f0de.yaml b/nuclei-templates/2024/CVE-2024-23517-b0ee79ee6bfacccc5c859ba67a33f0de.yaml
index cd6a9c75f6..2a5abd211c 100644
--- a/nuclei-templates/2024/CVE-2024-23517-b0ee79ee6bfacccc5c859ba67a33f0de.yaml
+++ b/nuclei-templates/2024/CVE-2024-23517-b0ee79ee6bfacccc5c859ba67a33f0de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calendar-booking/"
     google-query: inurl:"/wp-content/plugins/calendar-booking/"
     shodan-query: 'vuln:CVE-2024-23517'
-  tags: cve,wordpress,wp-plugin,calendar-booking,medium
+  tags: cve,wordpress,wp-plugin,calendar-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23518-ac40665ad4ef3b69656a095a1b2358ab.yaml b/nuclei-templates/2024/CVE-2024-23518-ac40665ad4ef3b69656a095a1b2358ab.yaml
index 36c9a5e950..cc6c924c6c 100644
--- a/nuclei-templates/2024/CVE-2024-23518-ac40665ad4ef3b69656a095a1b2358ab.yaml
+++ b/nuclei-templates/2024/CVE-2024-23518-ac40665ad4ef3b69656a095a1b2358ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ACF Photo Gallery Field <= 2.6 - Missing Authorization in apgf_update_donation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the apgf_update_donation function in versions up to and including 2.6. This makes it possible for authenticated attackers, with subscriber access and above, to update a plugin option.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/navz-photo-gallery/"
     google-query: inurl:"/wp-content/plugins/navz-photo-gallery/"
     shodan-query: 'vuln:CVE-2024-23518'
-  tags: cve,wordpress,wp-plugin,navz-photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,navz-photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23521-7145c40ff1e0db4687c083ce378fc607.yaml b/nuclei-templates/2024/CVE-2024-23521-7145c40ff1e0db4687c083ce378fc607.yaml
index 11b7c61e78..4d4bab8746 100644
--- a/nuclei-templates/2024/CVE-2024-23521-7145c40ff1e0db4687c083ce378fc607.yaml
+++ b/nuclei-templates/2024/CVE-2024-23521-7145c40ff1e0db4687c083ce378fc607.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happyforms <= 1.25.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Happyforms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in all versions up to, and including, 1.25.10. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happyforms/"
     google-query: inurl:"/wp-content/plugins/happyforms/"
     shodan-query: 'vuln:CVE-2024-23521'
-  tags: cve,wordpress,wp-plugin,happyforms,medium
+  tags: cve,wordpress,wp-plugin,happyforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23523-0f93fc1c537d4354bd5e942ea05347cf.yaml b/nuclei-templates/2024/CVE-2024-23523-0f93fc1c537d4354bd5e942ea05347cf.yaml
index 769ac073f2..628afd14c9 100644
--- a/nuclei-templates/2024/CVE-2024-23523-0f93fc1c537d4354bd5e942ea05347cf.yaml
+++ b/nuclei-templates/2024/CVE-2024-23523-0f93fc1c537d4354bd5e942ea05347cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Pro <= 3.19.2 - Authenticated (Contributor+) Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.19.2 . This makes it possible for authenticated attackers, with contributor-level access and above, to extract arbitrary user meta values.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2024-23523'
-  tags: cve,wordpress,wp-plugin,elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,elementor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23524-2498bc224a94ac1ba539a681f69b7ef6.yaml b/nuclei-templates/2024/CVE-2024-23524-2498bc224a94ac1ba539a681f69b7ef6.yaml
index 10665d4d2b..629de1e3ff 100644
--- a/nuclei-templates/2024/CVE-2024-23524-2498bc224a94ac1ba539a681f69b7ef6.yaml
+++ b/nuclei-templates/2024/CVE-2024-23524-2498bc224a94ac1ba539a681f69b7ef6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PilotPress <= 2.0.30 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX functions
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PilotPress plugin for WordPress is vulnerable to unauthorized access to data and loss of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 2.0.30. This makes it possible for authenticated attackers, with subscriber access and above, to view reports and purge database transients.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pilotpress/"
     google-query: inurl:"/wp-content/plugins/pilotpress/"
     shodan-query: 'vuln:CVE-2024-23524'
-  tags: cve,wordpress,wp-plugin,pilotpress,medium
+  tags: cve,wordpress,wp-plugin,pilotpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2369-fdd365ece4b9b292b937aee693d1c5a6.yaml b/nuclei-templates/2024/CVE-2024-2369-fdd365ece4b9b292b937aee693d1c5a6.yaml
index cf6b09256b..83e88af01e 100644
--- a/nuclei-templates/2024/CVE-2024-2369-fdd365ece4b9b292b937aee693d1c5a6.yaml
+++ b/nuclei-templates/2024/CVE-2024-2369-fdd365ece4b9b292b937aee693d1c5a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder Gutenberg Blocks – CoBlocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coblocks/"
     google-query: inurl:"/wp-content/plugins/coblocks/"
     shodan-query: 'vuln:CVE-2024-2369'
-  tags: cve,wordpress,wp-plugin,coblocks,medium
+  tags: cve,wordpress,wp-plugin,coblocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-23825-5d739fff0b557fdd4318a7044651d1e4.yaml b/nuclei-templates/2024/CVE-2024-23825-5d739fff0b557fdd4318a7044651d1e4.yaml
index a1574a5f6d..743fe03583 100644
--- a/nuclei-templates/2024/CVE-2024-23825-5d739fff0b557fdd4318a7044651d1e4.yaml
+++ b/nuclei-templates/2024/CVE-2024-23825-5d739fff0b557fdd4318a7044651d1e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TablePress <= 2.2.4 - Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to and including 2.2.4 via the '_get_import_files' function. This makes it possible for authenticated attackers, with author access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tablepress/"
     google-query: inurl:"/wp-content/plugins/tablepress/"
     shodan-query: 'vuln:CVE-2024-23825'
-  tags: cve,wordpress,wp-plugin,tablepress,high
+  tags: cve,wordpress,wp-plugin,tablepress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2384-c5f695dbb7b3e9a0ae3b6a589e6824c0.yaml b/nuclei-templates/2024/CVE-2024-2384-c5f695dbb7b3e9a0ae3b6a589e6824c0.yaml
index 4ffe537f8e..78a9350844 100644
--- a/nuclei-templates/2024/CVE-2024-2384-c5f695dbb7b3e9a0ae3b6a589e6824c0.yaml
+++ b/nuclei-templates/2024/CVE-2024-2384-c5f695dbb7b3e9a0ae3b6a589e6824c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce POS <= 1.4.11 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-pos/"
     google-query: inurl:"/wp-content/plugins/woocommerce-pos/"
     shodan-query: 'vuln:CVE-2024-2384'
-  tags: cve,wordpress,wp-plugin,woocommerce-pos,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-pos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2392-10dffc5e6c324ec1dc8ebf67decddde7.yaml b/nuclei-templates/2024/CVE-2024-2392-10dffc5e6c324ec1dc8ebf67decddde7.yaml
index 34f20803d6..e95b39a621 100644
--- a/nuclei-templates/2024/CVE-2024-2392-10dffc5e6c324ec1dc8ebf67decddde7.yaml
+++ b/nuclei-templates/2024/CVE-2024-2392-10dffc5e6c324ec1dc8ebf67decddde7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blocksy Companion <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blocksy-companion/"
     google-query: inurl:"/wp-content/plugins/blocksy-companion/"
     shodan-query: 'vuln:CVE-2024-2392'
-  tags: cve,wordpress,wp-plugin,blocksy-companion,medium
+  tags: cve,wordpress,wp-plugin,blocksy-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2395-b71f43cf539320adcdf753a5632e031f.yaml b/nuclei-templates/2024/CVE-2024-2395-b71f43cf539320adcdf753a5632e031f.yaml
index d77030c928..e10ad37ed1 100644
--- a/nuclei-templates/2024/CVE-2024-2395-b71f43cf539320adcdf753a5632e031f.yaml
+++ b/nuclei-templates/2024/CVE-2024-2395-b71f43cf539320adcdf753a5632e031f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bulgarisation for WooCommerce <= 3.0.14 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to generate and delete labels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulgarisation-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/bulgarisation-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-2395'
-  tags: cve,wordpress,wp-plugin,bulgarisation-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,bulgarisation-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2399-ee8591e5f3f55c96d9835c88a6740c39.yaml b/nuclei-templates/2024/CVE-2024-2399-ee8591e5f3f55c96d9835c88a6740c39.yaml
index 1bc8584f41..ba2f230a22 100644
--- a/nuclei-templates/2024/CVE-2024-2399-ee8591e5f3f55c96d9835c88a6740c39.yaml
+++ b/nuclei-templates/2024/CVE-2024-2399-ee8591e5f3f55c96d9835c88a6740c39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable with the premium version of the plugin is also installed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2399'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2401-a7d2f24ba1d738c469db3701e7d249a6.yaml b/nuclei-templates/2024/CVE-2024-2401-a7d2f24ba1d738c469db3701e7d249a6.yaml
index 2a096aeee8..928ec0fcb7 100644
--- a/nuclei-templates/2024/CVE-2024-2401-a7d2f24ba1d738c469db3701e7d249a6.yaml
+++ b/nuclei-templates/2024/CVE-2024-2401-a7d2f24ba1d738c469db3701e7d249a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Page Spider <= 3.30 -  Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Admin Page Spider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-page-spider/"
     google-query: inurl:"/wp-content/plugins/admin-page-spider/"
     shodan-query: 'vuln:CVE-2024-2401'
-  tags: cve,wordpress,wp-plugin,admin-page-spider,medium
+  tags: cve,wordpress,wp-plugin,admin-page-spider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2402-7585bdd855a3ce213df577df1a0cf7c5.yaml b/nuclei-templates/2024/CVE-2024-2402-7585bdd855a3ce213df577df1a0cf7c5.yaml
index 3296bab15e..10d31b2be1 100644
--- a/nuclei-templates/2024/CVE-2024-2402-7585bdd855a3ce213df577df1a0cf7c5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2402-7585bdd855a3ce213df577df1a0cf7c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Comments <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Better Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-comments/"
     google-query: inurl:"/wp-content/plugins/better-comments/"
     shodan-query: 'vuln:CVE-2024-2402'
-  tags: cve,wordpress,wp-plugin,better-comments,medium
+  tags: cve,wordpress,wp-plugin,better-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2404-cca7855a039dbac1182b0b2fae34c3b0.yaml b/nuclei-templates/2024/CVE-2024-2404-cca7855a039dbac1182b0b2fae34c3b0.yaml
index d8ae6ed63b..f93125b9a4 100644
--- a/nuclei-templates/2024/CVE-2024-2404-cca7855a039dbac1182b0b2fae34c3b0.yaml
+++ b/nuclei-templates/2024/CVE-2024-2404-cca7855a039dbac1182b0b2fae34c3b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Comments <= 1.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Better Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nickname' field in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-comments/"
     google-query: inurl:"/wp-content/plugins/better-comments/"
     shodan-query: 'vuln:CVE-2024-2404'
-  tags: cve,wordpress,wp-plugin,better-comments,medium
+  tags: cve,wordpress,wp-plugin,better-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2417-a3ab87ca43ceb26b3f09e3ed0047a2de.yaml b/nuclei-templates/2024/CVE-2024-2417-a3ab87ca43ceb26b3f09e3ed0047a2de.yaml
index cdafb9a3ed..799ff5a094 100644
--- a/nuclei-templates/2024/CVE-2024-2417-a3ab87ca43ceb26b3f09e3ed0047a2de.yaml
+++ b/nuclei-templates/2024/CVE-2024-2417-a3ab87ca43ceb26b3f09e3ed0047a2de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the registration form and make the default registration role administrator. This subsequently allows the attacker to register an account as an administrator on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-registration/"
     google-query: inurl:"/wp-content/plugins/user-registration/"
     shodan-query: 'vuln:CVE-2024-2417'
-  tags: cve,wordpress,wp-plugin,user-registration,high
+  tags: cve,wordpress,wp-plugin,user-registration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2423-467ae4d6a0b8db0e5b6c781618b2d3ee.yaml b/nuclei-templates/2024/CVE-2024-2423-467ae4d6a0b8db0e5b6c781618b2d3ee.yaml
index c6574076dd..072c934ce6 100644
--- a/nuclei-templates/2024/CVE-2024-2423-467ae4d6a0b8db0e5b6c781618b2d3ee.yaml
+++ b/nuclei-templates/2024/CVE-2024-2423-467ae4d6a0b8db0e5b6c781618b2d3ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/userswp/"
     google-query: inurl:"/wp-content/plugins/userswp/"
     shodan-query: 'vuln:CVE-2024-2423'
-  tags: cve,wordpress,wp-plugin,userswp,medium
+  tags: cve,wordpress,wp-plugin,userswp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2428-ffd9211fd118d563cf07134a00f95502.yaml b/nuclei-templates/2024/CVE-2024-2428-ffd9211fd118d563cf07134a00f95502.yaml
index 8459ef35be..165d576e95 100644
--- a/nuclei-templates/2024/CVE-2024-2428-ffd9211fd118d563cf07134a00f95502.yaml
+++ b/nuclei-templates/2024/CVE-2024-2428-ffd9211fd118d563cf07134a00f95502.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Ultimate Video Player For WordPress <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Ultimate Video Player For WordPress – by Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 2.2.2 due to missing authorization on a REST API endpoint and  insufficient input sanitization and output escaping on the settinfs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/presto-player/"
     google-query: inurl:"/wp-content/plugins/presto-player/"
     shodan-query: 'vuln:CVE-2024-2428'
-  tags: cve,wordpress,wp-plugin,presto-player,medium
+  tags: cve,wordpress,wp-plugin,presto-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2436-85706ca0d20495fdfed005cc638cab53.yaml b/nuclei-templates/2024/CVE-2024-2436-85706ca0d20495fdfed005cc638cab53.yaml
index 534e050610..491c4a9db5 100644
--- a/nuclei-templates/2024/CVE-2024-2436-85706ca0d20495fdfed005cc638cab53.yaml
+++ b/nuclei-templates/2024/CVE-2024-2436-85706ca0d20495fdfed005cc638cab53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lightweight Accordion <= 1.5.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lightweight-accordion/"
     google-query: inurl:"/wp-content/plugins/lightweight-accordion/"
     shodan-query: 'vuln:CVE-2024-2436'
-  tags: cve,wordpress,wp-plugin,lightweight-accordion,medium
+  tags: cve,wordpress,wp-plugin,lightweight-accordion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2439-c957720e1b76962412e197bc09cb35e8.yaml b/nuclei-templates/2024/CVE-2024-2439-c957720e1b76962412e197bc09cb35e8.yaml
index b0f5ac7a8f..5cbbe318e9 100644
--- a/nuclei-templates/2024/CVE-2024-2439-c957720e1b76962412e197bc09cb35e8.yaml
+++ b/nuclei-templates/2024/CVE-2024-2439-c957720e1b76962412e197bc09cb35e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Salon booking system plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 9.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salon-booking-system/"
     google-query: inurl:"/wp-content/plugins/salon-booking-system/"
     shodan-query: 'vuln:CVE-2024-2439'
-  tags: cve,wordpress,wp-plugin,salon-booking-system,medium
+  tags: cve,wordpress,wp-plugin,salon-booking-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2444-b76f091c58ac292a18fb46e2a8af44ec.yaml b/nuclei-templates/2024/CVE-2024-2444-b76f091c58ac292a18fb46e2a8af44ec.yaml
index dff911371d..562e820ebe 100644
--- a/nuclei-templates/2024/CVE-2024-2444-b76f091c58ac292a18fb46e2a8af44ec.yaml
+++ b/nuclei-templates/2024/CVE-2024-2444-b76f091c58ac292a18fb46e2a8af44ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inline Related Posts <= 3.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Inline Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/intelly-related-posts/"
     google-query: inurl:"/wp-content/plugins/intelly-related-posts/"
     shodan-query: 'vuln:CVE-2024-2444'
-  tags: cve,wordpress,wp-plugin,intelly-related-posts,medium
+  tags: cve,wordpress,wp-plugin,intelly-related-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2456-e96409adbbb169ea331189d4d409f4de.yaml b/nuclei-templates/2024/CVE-2024-2456-e96409adbbb169ea331189d4d409f4de.yaml
index b595073b5b..2e9d5d6b8d 100644
--- a/nuclei-templates/2024/CVE-2024-2456-e96409adbbb169ea331189d4d409f4de.yaml
+++ b/nuclei-templates/2024/CVE-2024-2456-e96409adbbb169ea331189d4d409f4de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ecwid Ecommerce Shopping Cart <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ecwid-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/ecwid-shopping-cart/"
     shodan-query: 'vuln:CVE-2024-2456'
-  tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,medium
+  tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2457-b0b1da93e1bc1134b2188925015af3dc.yaml b/nuclei-templates/2024/CVE-2024-2457-b0b1da93e1bc1134b2188925015af3dc.yaml
index 752da3b715..1c6f9f0346 100644
--- a/nuclei-templates/2024/CVE-2024-2457-b0b1da93e1bc1134b2188925015af3dc.yaml
+++ b/nuclei-templates/2024/CVE-2024-2457-b0b1da93e1bc1134b2188925015af3dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Modal Window – create popup modal window <= 5.3.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modal-window/"
     google-query: inurl:"/wp-content/plugins/modal-window/"
     shodan-query: 'vuln:CVE-2024-2457'
-  tags: cve,wordpress,wp-plugin,modal-window,medium
+  tags: cve,wordpress,wp-plugin,modal-window,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2458-54dc33c4a20161d9ec4e865b2de44997.yaml b/nuclei-templates/2024/CVE-2024-2458-54dc33c4a20161d9ec4e865b2de44997.yaml
index 0546b53c6c..aaa598f17b 100644
--- a/nuclei-templates/2024/CVE-2024-2458-54dc33c4a20161d9ec4e865b2de44997.yaml
+++ b/nuclei-templates/2024/CVE-2024-2458-54dc33c4a20161d9ec4e865b2de44997.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Powerkit – Supercharge your WordPress Site <= 2.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerkit/"
     google-query: inurl:"/wp-content/plugins/powerkit/"
     shodan-query: 'vuln:CVE-2024-2458'
-  tags: cve,wordpress,wp-plugin,powerkit,medium
+  tags: cve,wordpress,wp-plugin,powerkit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2459-58b2abf7cb460597ca6a6d20fc9fbdcc.yaml b/nuclei-templates/2024/CVE-2024-2459-58b2abf7cb460597ca6a6d20fc9fbdcc.yaml
index c6db2dcd19..94941ff08d 100644
--- a/nuclei-templates/2024/CVE-2024-2459-58b2abf7cb460597ca6a6d20fc9fbdcc.yaml
+++ b/nuclei-templates/2024/CVE-2024-2459-58b2abf7cb460597ca6a6d20fc9fbdcc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UX Flat <= 4.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ux-flat/"
     google-query: inurl:"/wp-content/plugins/ux-flat/"
     shodan-query: 'vuln:CVE-2024-2459'
-  tags: cve,wordpress,wp-plugin,ux-flat,high
+  tags: cve,wordpress,wp-plugin,ux-flat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2460-778205eb09884149dafbca785f8423fc.yaml b/nuclei-templates/2024/CVE-2024-2460-778205eb09884149dafbca785f8423fc.yaml
index 1788545637..9ed4c0c1c0 100644
--- a/nuclei-templates/2024/CVE-2024-2460-778205eb09884149dafbca785f8423fc.yaml
+++ b/nuclei-templates/2024/CVE-2024-2460-778205eb09884149dafbca785f8423fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GamiPress – Button <= 1.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gamipress-button/"
     google-query: inurl:"/wp-content/plugins/gamipress-button/"
     shodan-query: 'vuln:CVE-2024-2460'
-  tags: cve,wordpress,wp-plugin,gamipress-button,medium
+  tags: cve,wordpress,wp-plugin,gamipress-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2468-f70dc70f946daa66696d6fbc7263d880.yaml b/nuclei-templates/2024/CVE-2024-2468-f70dc70f946daa66696d6fbc7263d880.yaml
index 0e76fcaa1c..9cf0e90674 100644
--- a/nuclei-templates/2024/CVE-2024-2468-f70dc70f946daa66696d6fbc7263d880.yaml
+++ b/nuclei-templates/2024/CVE-2024-2468-f70dc70f946daa66696d6fbc7263d880.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress <= 3.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-2468'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24704-d42480a2d6aa4bbbab085fa708ce9549.yaml b/nuclei-templates/2024/CVE-2024-24704-d42480a2d6aa4bbbab085fa708ce9549.yaml
index 288d6546f0..ac68547488 100644
--- a/nuclei-templates/2024/CVE-2024-24704-d42480a2d6aa4bbbab085fa708ce9549.yaml
+++ b/nuclei-templates/2024/CVE-2024-24704-d42480a2d6aa4bbbab085fa708ce9549.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Load More Anything <= 3.3.3 - Missing Authorization to Plugin Settings Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Load More Anything plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ald_save_option_ajax_function function in all versions up to, and including, 3.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-load-more-anything/"
     google-query: inurl:"/wp-content/plugins/ajax-load-more-anything/"
     shodan-query: 'vuln:CVE-2024-24704'
-  tags: cve,wordpress,wp-plugin,ajax-load-more-anything,medium
+  tags: cve,wordpress,wp-plugin,ajax-load-more-anything,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24707-62e4a961ffac0b881f8af1cc15505b69.yaml b/nuclei-templates/2024/CVE-2024-24707-62e4a961ffac0b881f8af1cc15505b69.yaml
index df267964c9..c201fddf07 100644
--- a/nuclei-templates/2024/CVE-2024-24707-62e4a961ffac0b881f8af1cc15505b69.yaml
+++ b/nuclei-templates/2024/CVE-2024-24707-62e4a961ffac0b881f8af1cc15505b69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cwicly <= 1.4.0.2 - Authenticated (Contributor+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Cwicly plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.0.2. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cwicly/"
     google-query: inurl:"/wp-content/plugins/cwicly/"
     shodan-query: 'vuln:CVE-2024-24707'
-  tags: cve,wordpress,wp-plugin,cwicly,high
+  tags: cve,wordpress,wp-plugin,cwicly,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24709-71a9b86af5e18a20f6a7538c29ad1df9.yaml b/nuclei-templates/2024/CVE-2024-24709-71a9b86af5e18a20f6a7538c29ad1df9.yaml
index 0d1356a23b..dbaf544c2f 100644
--- a/nuclei-templates/2024/CVE-2024-24709-71a9b86af5e18a20f6a7538c29ad1df9.yaml
+++ b/nuclei-templates/2024/CVE-2024-24709-71a9b86af5e18a20f6a7538c29ad1df9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shareaholic <= 9.7.11 - Missing Authorization via accept_terms_of_service
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'accept_terms_of_service' function in all versions up to, and including, 9.7.11. This makes it possible for authenticated attackers, with subscriber access and above, to accept the plugin's terms of service.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shareaholic/"
     google-query: inurl:"/wp-content/plugins/shareaholic/"
     shodan-query: 'vuln:CVE-2024-24709'
-  tags: cve,wordpress,wp-plugin,shareaholic,medium
+  tags: cve,wordpress,wp-plugin,shareaholic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2471-c4af1e64fbcb95f3b91e16ac0f449bf5.yaml b/nuclei-templates/2024/CVE-2024-2471-c4af1e64fbcb95f3b91e16ac0f449bf5.yaml
index 783ed5e760..1d1622abdc 100644
--- a/nuclei-templates/2024/CVE-2024-2471-c4af1e64fbcb95f3b91e16ac0f449bf5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2471-c4af1e64fbcb95f3b91e16ac0f449bf5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields (such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type') in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foogallery/"
     google-query: inurl:"/wp-content/plugins/foogallery/"
     shodan-query: 'vuln:CVE-2024-2471'
-  tags: cve,wordpress,wp-plugin,foogallery,medium
+  tags: cve,wordpress,wp-plugin,foogallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24710-59dd174ba212cc11295537a27e4487d1.yaml b/nuclei-templates/2024/CVE-2024-24710-59dd174ba212cc11295537a27e4487d1.yaml
index c36a22fbca..6bcd9d85d6 100644
--- a/nuclei-templates/2024/CVE-2024-24710-59dd174ba212cc11295537a27e4487d1.yaml
+++ b/nuclei-templates/2024/CVE-2024-24710-59dd174ba212cc11295537a27e4487d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feed Them Social <= 4.2.0 - Cross-Site Request Forgery via review_nag_check
   author: topscoder
-  severity: low
+  severity: medium
   description: >
     The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.0. This is due to missing or incorrect nonce validation on the 'review_nag_check' function. This makes it possible for unauthenticated attackers to dismiss admin notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feed-them-social/"
     google-query: inurl:"/wp-content/plugins/feed-them-social/"
     shodan-query: 'vuln:CVE-2024-24710'
-  tags: cve,wordpress,wp-plugin,feed-them-social,low
+  tags: cve,wordpress,wp-plugin,feed-them-social,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24711-f4f0c2c884affbdbf175616a0bb1ff76.yaml b/nuclei-templates/2024/CVE-2024-24711-f4f0c2c884affbdbf175616a0bb1ff76.yaml
index 48d28ffa7d..ac914fbf0f 100644
--- a/nuclei-templates/2024/CVE-2024-24711-f4f0c2c884affbdbf175616a0bb1ff76.yaml
+++ b/nuclei-templates/2024/CVE-2024-24711-f4f0c2c884affbdbf175616a0bb1ff76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Conversion Tracking <= 2.0.11 - Missing Authorization via wcct_install_happy_addons
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Conversion Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcct_install_happy_addons' function in versions up to and including 2.0.11. This makes it possible for authenticated attackers, with subscriber access and above, to install the Happy Elementor Addons plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-conversion-tracking/"
     google-query: inurl:"/wp-content/plugins/woocommerce-conversion-tracking/"
     shodan-query: 'vuln:CVE-2024-24711'
-  tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24712-132f29f7cba1678c467fb85b9d9b820e.yaml b/nuclei-templates/2024/CVE-2024-24712-132f29f7cba1678c467fb85b9d9b820e.yaml
index 16ec63b372..113f23de4c 100644
--- a/nuclei-templates/2024/CVE-2024-24712-132f29f7cba1678c467fb85b9d9b820e.yaml
+++ b/nuclei-templates/2024/CVE-2024-24712-132f29f7cba1678c467fb85b9d9b820e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Heateor Social Login <= 1.1.30 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to and including 1.1.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/heateor-social-login/"
     google-query: inurl:"/wp-content/plugins/heateor-social-login/"
     shodan-query: 'vuln:CVE-2024-24712'
-  tags: cve,wordpress,wp-plugin,heateor-social-login,medium
+  tags: cve,wordpress,wp-plugin,heateor-social-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24713-8b6ee3af1a9508cfbedefd1fe07951b6.yaml b/nuclei-templates/2024/CVE-2024-24713-8b6ee3af1a9508cfbedefd1fe07951b6.yaml
index 6f91914a32..263f9c6049 100644
--- a/nuclei-templates/2024/CVE-2024-24713-8b6ee3af1a9508cfbedefd1fe07951b6.yaml
+++ b/nuclei-templates/2024/CVE-2024-24713-8b6ee3af1a9508cfbedefd1fe07951b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Listings <= 2.6.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Auto Listings – Car Listings & Car Dealership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-listings/"
     google-query: inurl:"/wp-content/plugins/auto-listings/"
     shodan-query: 'vuln:CVE-2024-24713'
-  tags: cve,wordpress,wp-plugin,auto-listings,medium
+  tags: cve,wordpress,wp-plugin,auto-listings,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24714-8140a3945a877628cd9d34a767c59437.yaml b/nuclei-templates/2024/CVE-2024-24714-8140a3945a877628cd9d34a767c59437.yaml
index cb9e3fbd6e..b19803b7a9 100644
--- a/nuclei-templates/2024/CVE-2024-24714-8140a3945a877628cd9d34a767c59437.yaml
+++ b/nuclei-templates/2024/CVE-2024-24714-8140a3945a877628cd9d34a767c59437.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icons Font Loader <= 1.1.4 - Authenticated(Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with administrator access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icons-font-loader/"
     google-query: inurl:"/wp-content/plugins/icons-font-loader/"
     shodan-query: 'vuln:CVE-2024-24714'
-  tags: cve,wordpress,wp-plugin,icons-font-loader,medium
+  tags: cve,wordpress,wp-plugin,icons-font-loader,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24717-362ca4d6e33d614fc53fac12799f63e4.yaml b/nuclei-templates/2024/CVE-2024-24717-362ca4d6e33d614fc53fac12799f63e4.yaml
index 340c6da073..b7f8f5dca3 100644
--- a/nuclei-templates/2024/CVE-2024-24717-362ca4d6e33d614fc53fac12799f63e4.yaml
+++ b/nuclei-templates/2024/CVE-2024-24717-362ca4d6e33d614fc53fac12799f63e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beds24 Online Booking <= 2.0.23 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beds24-online-booking/"
     google-query: inurl:"/wp-content/plugins/beds24-online-booking/"
     shodan-query: 'vuln:CVE-2024-24717'
-  tags: cve,wordpress,wp-plugin,beds24-online-booking,medium
+  tags: cve,wordpress,wp-plugin,beds24-online-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24718-453cdccb9ec27998718a08f552017bc2.yaml b/nuclei-templates/2024/CVE-2024-24718-453cdccb9ec27998718a08f552017bc2.yaml
index 28db0b8817..8159f253dc 100644
--- a/nuclei-templates/2024/CVE-2024-24718-453cdccb9ec27998718a08f552017bc2.yaml
+++ b/nuclei-templates/2024/CVE-2024-24718-453cdccb9ec27998718a08f552017bc2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PropertyHive <= 2.0.6 - Missing Authorization via activate_pro_feature
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PropertyHive plugin for WordPress is vulnerable to unauthorized access of premium features due to a missing capability check on the activate_pro_feature() function in versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to activate pro features.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/propertyhive/"
     google-query: inurl:"/wp-content/plugins/propertyhive/"
     shodan-query: 'vuln:CVE-2024-24718'
-  tags: cve,wordpress,wp-plugin,propertyhive,medium
+  tags: cve,wordpress,wp-plugin,propertyhive,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24719-33149871db85e014a52f28e4a7d38f17.yaml b/nuclei-templates/2024/CVE-2024-24719-33149871db85e014a52f28e4a7d38f17.yaml
index 62ab394b42..657827f2f7 100644
--- a/nuclei-templates/2024/CVE-2024-24719-33149871db85e014a52f28e4a7d38f17.yaml
+++ b/nuclei-templates/2024/CVE-2024-24719-33149871db85e014a52f28e4a7d38f17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Location Picker at Checkout for WooCommerce <= 1.8.9 - Missing Authorization via checkout_map_rules_order_ajax_handler
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Location Picker at Checkout for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkout_map_rules_order_ajax_handler function in versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify rule orders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-24719'
-  tags: cve,wordpress,wp-plugin,map-location-picker-at-checkout-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,map-location-picker-at-checkout-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2474-b00282494ef0f9932dc7277c14e145b9.yaml b/nuclei-templates/2024/CVE-2024-2474-b00282494ef0f9932dc7277c14e145b9.yaml
index 1a0fed54cb..4e8b42d7ed 100644
--- a/nuclei-templates/2024/CVE-2024-2474-b00282494ef0f9932dc7277c14e145b9.yaml
+++ b/nuclei-templates/2024/CVE-2024-2474-b00282494ef0f9932dc7277c14e145b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Standout Color Boxes and Buttons <= 0.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/standout-color-boxes-and-buttons/"
     google-query: inurl:"/wp-content/plugins/standout-color-boxes-and-buttons/"
     shodan-query: 'vuln:CVE-2024-2474'
-  tags: cve,wordpress,wp-plugin,standout-color-boxes-and-buttons,medium
+  tags: cve,wordpress,wp-plugin,standout-color-boxes-and-buttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2475-1071684e8b4fbe11ac61e0256dfaba92.yaml b/nuclei-templates/2024/CVE-2024-2475-1071684e8b4fbe11ac61e0256dfaba92.yaml
index e655385acd..c97495d049 100644
--- a/nuclei-templates/2024/CVE-2024-2475-1071684e8b4fbe11ac61e0256dfaba92.yaml
+++ b/nuclei-templates/2024/CVE-2024-2475-1071684e8b4fbe11ac61e0256dfaba92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Assistant <= 3.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-assistant/"
     google-query: inurl:"/wp-content/plugins/media-library-assistant/"
     shodan-query: 'vuln:CVE-2024-2475'
-  tags: cve,wordpress,wp-plugin,media-library-assistant,medium
+  tags: cve,wordpress,wp-plugin,media-library-assistant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2476-e5433fd914f5f7bdfa5093c95eaa7f18.yaml b/nuclei-templates/2024/CVE-2024-2476-e5433fd914f5f7bdfa5093c95eaa7f18.yaml
index 027abb766d..9a7da5fa33 100644
--- a/nuclei-templates/2024/CVE-2024-2476-e5433fd914f5f7bdfa5093c95eaa7f18.yaml
+++ b/nuclei-templates/2024/CVE-2024-2476-e5433fd914f5f7bdfa5093c95eaa7f18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OceanWP <= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/oceanwp/"
     google-query: inurl:"/wp-content/themes/oceanwp/"
     shodan-query: 'vuln:CVE-2024-2476'
-  tags: cve,wordpress,wp-theme,oceanwp,medium
+  tags: cve,wordpress,wp-theme,oceanwp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2477-16a0db053a94923b7846b57810e1f6c8.yaml b/nuclei-templates/2024/CVE-2024-2477-16a0db053a94923b7846b57810e1f6c8.yaml
index dbeca36a17..6578f47ec2 100644
--- a/nuclei-templates/2024/CVE-2024-2477-16a0db053a94923b7846b57810e1f6c8.yaml
+++ b/nuclei-templates/2024/CVE-2024-2477-16a0db053a94923b7846b57810e1f6c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDiscuz <= 7.6.15 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdiscuz/"
     google-query: inurl:"/wp-content/plugins/wpdiscuz/"
     shodan-query: 'vuln:CVE-2024-2477'
-  tags: cve,wordpress,wp-plugin,wpdiscuz,medium
+  tags: cve,wordpress,wp-plugin,wpdiscuz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24796-2b95a61584d1fb1af349c6d1aaeab17d.yaml b/nuclei-templates/2024/CVE-2024-24796-2b95a61584d1fb1af349c6d1aaeab17d.yaml
index b1ae108897..40fb9edf3d 100644
--- a/nuclei-templates/2024/CVE-2024-24796-2b95a61584d1fb1af349c6d1aaeab17d.yaml
+++ b/nuclei-templates/2024/CVE-2024-24796-2b95a61584d1fb1af349c6d1aaeab17d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently <= 4.1.1 - Authenticated (Contributor+) PHP Object Injection in mep_event_meta_save
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.1 via deserialization of untrusted input in the mep_event_meta_save function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mage-eventpress/"
     google-query: inurl:"/wp-content/plugins/mage-eventpress/"
     shodan-query: 'vuln:CVE-2024-24796'
-  tags: cve,wordpress,wp-plugin,mage-eventpress,high
+  tags: cve,wordpress,wp-plugin,mage-eventpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24799-26df4386152f6b2123dc8be12dc2c025.yaml b/nuclei-templates/2024/CVE-2024-24799-26df4386152f6b2123dc8be12dc2c025.yaml
index bac1e94398..0852a97de3 100644
--- a/nuclei-templates/2024/CVE-2024-24799-26df4386152f6b2123dc8be12dc2c025.yaml
+++ b/nuclei-templates/2024/CVE-2024-24799-26df4386152f6b2123dc8be12dc2c025.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Box Office <= 1.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-box-office/"
     google-query: inurl:"/wp-content/plugins/woocommerce-box-office/"
     shodan-query: 'vuln:CVE-2024-24799'
-  tags: cve,wordpress,wp-plugin,woocommerce-box-office,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-box-office,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24801-881bf0ba98d7fd08888e0831b881248d.yaml b/nuclei-templates/2024/CVE-2024-24801-881bf0ba98d7fd08888e0831b881248d.yaml
index ceee8f26f3..18dec767ed 100644
--- a/nuclei-templates/2024/CVE-2024-24801-881bf0ba98d7fd08888e0831b881248d.yaml
+++ b/nuclei-templates/2024/CVE-2024-24801-881bf0ba98d7fd08888e0831b881248d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OWL Carousel <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OWL Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lgx-owl-carousel/"
     google-query: inurl:"/wp-content/plugins/lgx-owl-carousel/"
     shodan-query: 'vuln:CVE-2024-24801'
-  tags: cve,wordpress,wp-plugin,lgx-owl-carousel,medium
+  tags: cve,wordpress,wp-plugin,lgx-owl-carousel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24803-c2d16b936c79c5f7cc118ed34032bc44.yaml b/nuclei-templates/2024/CVE-2024-24803-c2d16b936c79c5f7cc118ed34032bc44.yaml
index 3de02d0b74..e4230c114f 100644
--- a/nuclei-templates/2024/CVE-2024-24803-c2d16b936c79c5f7cc118ed34032bc44.yaml
+++ b/nuclei-templates/2024/CVE-2024-24803-c2d16b936c79c5f7cc118ed34032bc44.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultra Companion <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultra Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultra-companion/"
     google-query: inurl:"/wp-content/plugins/ultra-companion/"
     shodan-query: 'vuln:CVE-2024-24803'
-  tags: cve,wordpress,wp-plugin,ultra-companion,medium
+  tags: cve,wordpress,wp-plugin,ultra-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24804-d1c63a8bf0beafb1c82149091059ec86.yaml b/nuclei-templates/2024/CVE-2024-24804-d1c63a8bf0beafb1c82149091059ec86.yaml
index ac57168635..8239a43c71 100644
--- a/nuclei-templates/2024/CVE-2024-24804-d1c63a8bf0beafb1c82149091059ec86.yaml
+++ b/nuclei-templates/2024/CVE-2024-24804-d1c63a8bf0beafb1c82149091059ec86.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MW WP Form <= 5.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mw-wp-form/"
     google-query: inurl:"/wp-content/plugins/mw-wp-form/"
     shodan-query: 'vuln:CVE-2024-24804'
-  tags: cve,wordpress,wp-plugin,mw-wp-form,medium
+  tags: cve,wordpress,wp-plugin,mw-wp-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24805-65d839a96475e08e7231c85cc5b59ef7.yaml b/nuclei-templates/2024/CVE-2024-24805-65d839a96475e08e7231c85cc5b59ef7.yaml
index 2a4dfa4e3c..9da799a8d3 100644
--- a/nuclei-templates/2024/CVE-2024-24805-65d839a96475e08e7231c85cc5b59ef7.yaml
+++ b/nuclei-templates/2024/CVE-2024-24805-65d839a96475e08e7231c85cc5b59ef7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Dummy Content Generator <= 3.1.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Dummy Content Generator plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability check son the wp_dummy_content_generatorDeletePosts() and wp_dummy_content_generatorAjaxGenPosts() functions in versions up to, and including, 3.1.2. This makes it possible for unauthenticated attackers to delete and generate posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dummy-content-generator/"
     google-query: inurl:"/wp-content/plugins/wp-dummy-content-generator/"
     shodan-query: 'vuln:CVE-2024-24805'
-  tags: cve,wordpress,wp-plugin,wp-dummy-content-generator,medium
+  tags: cve,wordpress,wp-plugin,wp-dummy-content-generator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24831-7346b5c5cde69749b42ec0dfced7a750.yaml b/nuclei-templates/2024/CVE-2024-24831-7346b5c5cde69749b42ec0dfced7a750.yaml
index 9db3f230f7..75b63bd7ef 100644
--- a/nuclei-templates/2024/CVE-2024-24831-7346b5c5cde69749b42ec0dfced7a750.yaml
+++ b/nuclei-templates/2024/CVE-2024-24831-7346b5c5cde69749b42ec0dfced7a750.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.16 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-29106 appears to be a possible duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-24831'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24833-857593f7e35e0afc65d726bb57f2b738.yaml b/nuclei-templates/2024/CVE-2024-24833-857593f7e35e0afc65d726bb57f2b738.yaml
index 70325c48f9..16546a2966 100644
--- a/nuclei-templates/2024/CVE-2024-24833-857593f7e35e0afc65d726bb57f2b738.yaml
+++ b/nuclei-templates/2024/CVE-2024-24833-857593f7e35e0afc65d726bb57f2b738.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.1 - Missing Authorization via add_row_actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the add_row_actions() function in versions up to, and including, 3.10.1. This makes it possible for authenticated attackers, with contributor-level access and above, to clone arbitrary posts, including password protected posts which may allow them to access the restricted posts content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-24833'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24834-a16906c099275dafdc8327b1b913b90b.yaml b/nuclei-templates/2024/CVE-2024-24834-a16906c099275dafdc8327b1b913b90b.yaml
index 3197908981..f95bb12e0d 100644
--- a/nuclei-templates/2024/CVE-2024-24834-a16906c099275dafdc8327b1b913b90b.yaml
+++ b/nuclei-templates/2024/CVE-2024-24834-a16906c099275dafdc8327b1b913b90b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BEAR <= 1.1.4 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Plugin Options
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin options in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-bulk-editor/"
     google-query: inurl:"/wp-content/plugins/woo-bulk-editor/"
     shodan-query: 'vuln:CVE-2024-24834'
-  tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,woo-bulk-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24835-b9712f471d4d13ca925287df646b0e0b.yaml b/nuclei-templates/2024/CVE-2024-24835-b9712f471d4d13ca925287df646b0e0b.yaml
index b7abd6f213..972fac8b81 100644
--- a/nuclei-templates/2024/CVE-2024-24835-b9712f471d4d13ca925287df646b0e0b.yaml
+++ b/nuclei-templates/2024/CVE-2024-24835-b9712f471d4d13ca925287df646b0e0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BEAR <= 1.1.4 - Missing Authorization via Several Functions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BEAR plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the /ext/history/history.php  file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-bulk-editor/"
     google-query: inurl:"/wp-content/plugins/woo-bulk-editor/"
     shodan-query: 'vuln:CVE-2024-24835'
-  tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,woo-bulk-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24836-aafc1366408bf54fb9b81d829a07db37.yaml b/nuclei-templates/2024/CVE-2024-24836-aafc1366408bf54fb9b81d829a07db37.yaml
index 8684ed6e2a..cec4657b7e 100644
--- a/nuclei-templates/2024/CVE-2024-24836-aafc1366408bf54fb9b81d829a07db37.yaml
+++ b/nuclei-templates/2024/CVE-2024-24836-aafc1366408bf54fb9b81d829a07db37.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GDPR Data Request Form <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GDPR Data Request Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form_id  parameter in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gdpr-data-request-form/"
     google-query: inurl:"/wp-content/plugins/gdpr-data-request-form/"
     shodan-query: 'vuln:CVE-2024-24836'
-  tags: cve,wordpress,wp-plugin,gdpr-data-request-form,medium
+  tags: cve,wordpress,wp-plugin,gdpr-data-request-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24837-bb1647b449a57413306bcf1ebbfb2090.yaml b/nuclei-templates/2024/CVE-2024-24837-bb1647b449a57413306bcf1ebbfb2090.yaml
index 9e4363da7b..9fa48ad88b 100644
--- a/nuclei-templates/2024/CVE-2024-24837-bb1647b449a57413306bcf1ebbfb2090.yaml
+++ b/nuclei-templates/2024/CVE-2024-24837-bb1647b449a57413306bcf1ebbfb2090.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2024-24837
   metadata:
-    fofa-query: "wp-content/plugins/fg-joomla-to-wordpress/"
-    google-query: inurl:"/wp-content/plugins/fg-joomla-to-wordpress/"
+    fofa-query: "wp-content/plugins/fg-drupal-to-wp/"
+    google-query: inurl:"/wp-content/plugins/fg-drupal-to-wp/"
     shodan-query: 'vuln:CVE-2024-24837'
-  tags: cve,wordpress,wp-plugin,fg-joomla-to-wordpress,medium
+  tags: cve,wordpress,wp-plugin,fg-drupal-to-wp,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/fg-joomla-to-wordpress/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/fg-drupal-to-wp/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "fg-joomla-to-wordpress"
+          - "fg-drupal-to-wp"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 4.15.0')
\ No newline at end of file
+          - compare_versions(version, '<= 3.67.0')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-24838-600afe426493b29bf5509da4cbb82add.yaml b/nuclei-templates/2024/CVE-2024-24838-600afe426493b29bf5509da4cbb82add.yaml
index c30e475f46..40d3be3f8d 100644
--- a/nuclei-templates/2024/CVE-2024-24838-600afe426493b29bf5509da4cbb82add.yaml
+++ b/nuclei-templates/2024/CVE-2024-24838-600afe426493b29bf5509da4cbb82add.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Five Star Restaurant Reviews <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Review URL
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Five Star Restaurant Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the review url parameter in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/good-reviews-wp/"
     google-query: inurl:"/wp-content/plugins/good-reviews-wp/"
     shodan-query: 'vuln:CVE-2024-24838'
-  tags: cve,wordpress,wp-plugin,good-reviews-wp,medium
+  tags: cve,wordpress,wp-plugin,good-reviews-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24839-b00e5b46c74081e9862bff90f3aaef92.yaml b/nuclei-templates/2024/CVE-2024-24839-b00e5b46c74081e9862bff90f3aaef92.yaml
index ad71792008..50ddffb0b8 100644
--- a/nuclei-templates/2024/CVE-2024-24839-b00e5b46c74081e9862bff90f3aaef92.yaml
+++ b/nuclei-templates/2024/CVE-2024-24839-b00e5b46c74081e9862bff90f3aaef92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Structured Content <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Classic Editor Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Classic Editor shortcodes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/structured-content/"
     google-query: inurl:"/wp-content/plugins/structured-content/"
     shodan-query: 'vuln:CVE-2024-24839'
-  tags: cve,wordpress,wp-plugin,structured-content,medium
+  tags: cve,wordpress,wp-plugin,structured-content,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24840-a5718896caa8539c5806c104b13a2ecf.yaml b/nuclei-templates/2024/CVE-2024-24840-a5718896caa8539c5806c104b13a2ecf.yaml
index 2afe164165..5ba68ceefb 100644
--- a/nuclei-templates/2024/CVE-2024-24840-a5718896caa8539c5806c104b13a2ecf.yaml
+++ b/nuclei-templates/2024/CVE-2024-24840-a5718896caa8539c5806c104b13a2ecf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Element Pack Elementor Addons <= 5.4.11 - Missing Authorization via bdt_duplicate_as_draft
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Element Pack Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bdt_duplicate_as_draft' function in versions up to, and including, 5.4.11. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate other user's posts and set their user as the author of the duplicated post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/"
     shodan-query: 'vuln:CVE-2024-24840'
-  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24841-073e94466d93432fc20ff7757afbfb89.yaml b/nuclei-templates/2024/CVE-2024-24841-073e94466d93432fc20ff7757afbfb89.yaml
index 58401535b3..3f7b5388a3 100644
--- a/nuclei-templates/2024/CVE-2024-24841-073e94466d93432fc20ff7757afbfb89.yaml
+++ b/nuclei-templates/2024/CVE-2024-24841-073e94466d93432fc20ff7757afbfb89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Customer for WooCommerce <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add Customer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-customer-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/add-customer-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-24841'
-  tags: cve,wordpress,wp-plugin,add-customer-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,add-customer-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24848-061a0160582ddd92c54f532180e67c97.yaml b/nuclei-templates/2024/CVE-2024-24848-061a0160582ddd92c54f532180e67c97.yaml
index af63afd2f3..441e7bc108 100644
--- a/nuclei-templates/2024/CVE-2024-24848-061a0160582ddd92c54f532180e67c97.yaml
+++ b/nuclei-templates/2024/CVE-2024-24848-061a0160582ddd92c54f532180e67c97.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PT Sign Ups <= 1.0.4 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PT Sign Ups plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ptoffice-sign-ups/"
     google-query: inurl:"/wp-content/plugins/ptoffice-sign-ups/"
     shodan-query: 'vuln:CVE-2024-24848'
-  tags: cve,wordpress,wp-plugin,ptoffice-sign-ups,medium
+  tags: cve,wordpress,wp-plugin,ptoffice-sign-ups,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24850-bf3863997447d609f7f8dc8d30e7d4d2.yaml b/nuclei-templates/2024/CVE-2024-24850-bf3863997447d609f7f8dc8d30e7d4d2.yaml
index 9932cb4ebb..a02ce4e359 100644
--- a/nuclei-templates/2024/CVE-2024-24850-bf3863997447d609f7f8dc8d30e7d4d2.yaml
+++ b/nuclei-templates/2024/CVE-2024-24850-bf3863997447d609f7f8dc8d30e7d4d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quicksand Post Filter jQuery Plugin <= 3.1.1 - Missing Authorization via quicksand_admin_ajax
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'quicksand_admin_ajax' function in versions up to, and including, 3.1.1. This makes it possible for unauthenticated attackers to delete arbitrary site options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quicksand-jquery-post-filter/"
     google-query: inurl:"/wp-content/plugins/quicksand-jquery-post-filter/"
     shodan-query: 'vuln:CVE-2024-24850'
-  tags: cve,wordpress,wp-plugin,quicksand-jquery-post-filter,critical
+  tags: cve,wordpress,wp-plugin,quicksand-jquery-post-filter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24865-b33caca512f21869a1112d26d070a67d.yaml b/nuclei-templates/2024/CVE-2024-24865-b33caca512f21869a1112d26d070a67d.yaml
index 2ede6d7d77..4e2ba88513 100644
--- a/nuclei-templates/2024/CVE-2024-24865-b33caca512f21869a1112d26d070a67d.yaml
+++ b/nuclei-templates/2024/CVE-2024-24865-b33caca512f21869a1112d26d070a67d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scroll Triggered Box <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Scroll Triggered Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dreamgrow-scroll-triggered-box/"
     google-query: inurl:"/wp-content/plugins/dreamgrow-scroll-triggered-box/"
     shodan-query: 'vuln:CVE-2024-24865'
-  tags: cve,wordpress,wp-plugin,dreamgrow-scroll-triggered-box,medium
+  tags: cve,wordpress,wp-plugin,dreamgrow-scroll-triggered-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24868-2d5254568244460078b2f5ebf11d2614.yaml b/nuclei-templates/2024/CVE-2024-24868-2d5254568244460078b2f5ebf11d2614.yaml
index f689052247..cf16d65297 100644
--- a/nuclei-templates/2024/CVE-2024-24868-2d5254568244460078b2f5ebf11d2614.yaml
+++ b/nuclei-templates/2024/CVE-2024-24868-2d5254568244460078b2f5ebf11d2614.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager  <= 4.69 - Authenticated (Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SP Project & Document Manager  plugin for WordPress is vulnerable to SQL Injection via the sp_cdm_display_project_shortcode_show function in versions up to, and including, 4.69 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:CVE-2024-24868'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,high
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24871-9f5f23c716774bbd462d447842ecf871.yaml b/nuclei-templates/2024/CVE-2024-24871-9f5f23c716774bbd462d447842ecf871.yaml
index c8398a4354..10a7b07d61 100644
--- a/nuclei-templates/2024/CVE-2024-24871-9f5f23c716774bbd462d447842ecf871.yaml
+++ b/nuclei-templates/2024/CVE-2024-24871-9f5f23c716774bbd462d447842ecf871.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blocksy <= 2.0.19 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via headers/footers in all versions up to, and including, 2.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/blocksy/"
     google-query: inurl:"/wp-content/themes/blocksy/"
     shodan-query: 'vuln:CVE-2024-24871'
-  tags: cve,wordpress,wp-theme,blocksy,medium
+  tags: cve,wordpress,wp-theme,blocksy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24880-783d77b98a5b328f4a28ee2d5345a1f8.yaml b/nuclei-templates/2024/CVE-2024-24880-783d77b98a5b328f4a28ee2d5345a1f8.yaml
index dd840790d6..31dcbb38bf 100644
--- a/nuclei-templates/2024/CVE-2024-24880-783d77b98a5b328f4a28ee2d5345a1f8.yaml
+++ b/nuclei-templates/2024/CVE-2024-24880-783d77b98a5b328f4a28ee2d5345a1f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Apollo13 Framework Extensions <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/apollo13-framework-extensions/"
     google-query: inurl:"/wp-content/plugins/apollo13-framework-extensions/"
     shodan-query: 'vuln:CVE-2024-24880'
-  tags: cve,wordpress,wp-plugin,apollo13-framework-extensions,medium
+  tags: cve,wordpress,wp-plugin,apollo13-framework-extensions,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24885-b2ee5069c05c98988181a6b0620a514c.yaml b/nuclei-templates/2024/CVE-2024-24885-b2ee5069c05c98988181a6b0620a514c.yaml
index 3077b8ca17..3f57306525 100644
--- a/nuclei-templates/2024/CVE-2024-24885-b2ee5069c05c98988181a6b0620a514c.yaml
+++ b/nuclei-templates/2024/CVE-2024-24885-b2ee5069c05c98988181a6b0620a514c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woocommerce Vietnam Checkout <= 2.0.7 - Authenticated (Shop manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Woocommerce Vietnam Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $currency variable in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-vietnam-checkout/"
     google-query: inurl:"/wp-content/plugins/woo-vietnam-checkout/"
     shodan-query: 'vuln:CVE-2024-24885'
-  tags: cve,wordpress,wp-plugin,woo-vietnam-checkout,medium
+  tags: cve,wordpress,wp-plugin,woo-vietnam-checkout,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24886-3ec6520097de3a68210e828e99c83fad.yaml b/nuclei-templates/2024/CVE-2024-24886-3ec6520097de3a68210e828e99c83fad.yaml
index 4ae8a8fe4e..0d6c38eea4 100644
--- a/nuclei-templates/2024/CVE-2024-24886-3ec6520097de3a68210e828e99c83fad.yaml
+++ b/nuclei-templates/2024/CVE-2024-24886-3ec6520097de3a68210e828e99c83fad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Labels For Woocommerce <= 1.5.3 - Authenticated (Shop manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Product Labels For Woocommerce (Sale Badges) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘'badgeLabel' parameter in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aco-product-labels-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/aco-product-labels-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-24886'
-  tags: cve,wordpress,wp-plugin,aco-product-labels-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,aco-product-labels-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24888-1ed8420474aea4653c484035b79e8e05.yaml b/nuclei-templates/2024/CVE-2024-24888-1ed8420474aea4653c484035b79e8e05.yaml
index 4d6b52d15b..46bbfba0b5 100644
--- a/nuclei-templates/2024/CVE-2024-24888-1ed8420474aea4653c484035b79e8e05.yaml
+++ b/nuclei-templates/2024/CVE-2024-24888-1ed8420474aea4653c484035b79e8e05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Author+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.25. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2024-24888'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,medium
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24889-bef2b57812116d5514b05222293f3067.yaml b/nuclei-templates/2024/CVE-2024-24889-bef2b57812116d5514b05222293f3067.yaml
index 1b9e5ec9e1..a200851404 100644
--- a/nuclei-templates/2024/CVE-2024-24889-bef2b57812116d5514b05222293f3067.yaml
+++ b/nuclei-templates/2024/CVE-2024-24889-bef2b57812116d5514b05222293f3067.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All 404 Pages Redirect to Homepage <= 1.9 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The All 404 Pages Redirect to Homepage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters including IP address and 404 page URL in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-404-pages-redirect-to-homepage/"
     google-query: inurl:"/wp-content/plugins/all-404-pages-redirect-to-homepage/"
     shodan-query: 'vuln:CVE-2024-24889'
-  tags: cve,wordpress,wp-plugin,all-404-pages-redirect-to-homepage,medium
+  tags: cve,wordpress,wp-plugin,all-404-pages-redirect-to-homepage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2491-b041552e80a8d76e86ae11341bcea94f.yaml b/nuclei-templates/2024/CVE-2024-2491-b041552e80a8d76e86ae11341bcea94f.yaml
index 590f6841e5..d2756aa7e7 100644
--- a/nuclei-templates/2024/CVE-2024-2491-b041552e80a8d76e86ae11341bcea94f.yaml
+++ b/nuclei-templates/2024/CVE-2024-2491-b041552e80a8d76e86ae11341bcea94f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPack Addons for Elementor <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via *_html_tag*
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/"
     google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2491'
-  tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2492-1e3008e9a413fca6d1323b62a2743a7d.yaml b/nuclei-templates/2024/CVE-2024-2492-1e3008e9a413fca6d1323b62a2743a7d.yaml
index 1bb020147c..49732416c6 100644
--- a/nuclei-templates/2024/CVE-2024-2492-1e3008e9a413fca6d1323b62a2743a7d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2492-1e3008e9a413fca6d1323b62a2743a7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPack Addons for Elementor <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/"
     google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2492'
-  tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24928-c0ae11bcf65a3a05752255a9835cc822.yaml b/nuclei-templates/2024/CVE-2024-24928-c0ae11bcf65a3a05752255a9835cc822.yaml
index f9019f1902..22e9bc3ccb 100644
--- a/nuclei-templates/2024/CVE-2024-24928-c0ae11bcf65a3a05752255a9835cc822.yaml
+++ b/nuclei-templates/2024/CVE-2024-24928-c0ae11bcf65a3a05752255a9835cc822.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Cards <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Content Cards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-cards/"
     google-query: inurl:"/wp-content/plugins/content-cards/"
     shodan-query: 'vuln:CVE-2024-24928'
-  tags: cve,wordpress,wp-plugin,content-cards,medium
+  tags: cve,wordpress,wp-plugin,content-cards,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24930-b4d222d7f6fbba49026992c33a4f820f.yaml b/nuclei-templates/2024/CVE-2024-24930-b4d222d7f6fbba49026992c33a4f820f.yaml
index 600e1d0ab5..a04737f3c5 100644
--- a/nuclei-templates/2024/CVE-2024-24930-b4d222d7f6fbba49026992c33a4f820f.yaml
+++ b/nuclei-templates/2024/CVE-2024-24930-b4d222d7f6fbba49026992c33a4f820f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Buttons Shortcode and Widget <= 1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Buttons Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-0711 may be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buttons-shortcode-and-widget/"
     google-query: inurl:"/wp-content/plugins/buttons-shortcode-and-widget/"
     shodan-query: 'vuln:CVE-2024-24930'
-  tags: cve,wordpress,wp-plugin,buttons-shortcode-and-widget,medium
+  tags: cve,wordpress,wp-plugin,buttons-shortcode-and-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24931-c52273b2cf56d5474ff79f10bc5133f6.yaml b/nuclei-templates/2024/CVE-2024-24931-c52273b2cf56d5474ff79f10bc5133f6.yaml
index 8d4bfa5d71..26d4e5c1d9 100644
--- a/nuclei-templates/2024/CVE-2024-24931-c52273b2cf56d5474ff79f10bc5133f6.yaml
+++ b/nuclei-templates/2024/CVE-2024-24931-c52273b2cf56d5474ff79f10bc5133f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Before After Image Slider WP <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Before After Image Slider WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/before-after-image-slider/"
     google-query: inurl:"/wp-content/plugins/before-after-image-slider/"
     shodan-query: 'vuln:CVE-2024-24931'
-  tags: cve,wordpress,wp-plugin,before-after-image-slider,medium
+  tags: cve,wordpress,wp-plugin,before-after-image-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-24934-fa47ef3a071af26f7cb8467307b46f4c.yaml b/nuclei-templates/2024/CVE-2024-24934-fa47ef3a071af26f7cb8467307b46f4c.yaml
index 5faba74535..4b8fbc00a1 100644
--- a/nuclei-templates/2024/CVE-2024-24934-fa47ef3a071af26f7cb8467307b46f4c.yaml
+++ b/nuclei-templates/2024/CVE-2024-24934-fa47ef3a071af26f7cb8467307b46f4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor <= 3.19.0 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to arbitrary file deletions and PHAR deserialization in version up to, and including 3.19.0. This is due to the plugin not providing sufficient path validation on the 'tmp_name' parameter . This makes it possible for authenticated attackers, with contributor-level access and above, to delete arbitrary files and inject PHP Objects through the use of a phar wrapper, both of which can lead to remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:CVE-2024-24934'
-  tags: cve,wordpress,wp-plugin,elementor,high
+  tags: cve,wordpress,wp-plugin,elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2499-a40320a58f3885e7d8eeeafc625b97f0.yaml b/nuclei-templates/2024/CVE-2024-2499-a40320a58f3885e7d8eeeafc625b97f0.yaml
index 2ac77a49c7..2db4577d8f 100644
--- a/nuclei-templates/2024/CVE-2024-2499-a40320a58f3885e7d8eeeafc625b97f0.yaml
+++ b/nuclei-templates/2024/CVE-2024-2499-a40320a58f3885e7d8eeeafc625b97f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Squelch Tabs and Accordions Shortcodes <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/squelch-tabs-and-accordions-shortcodes/"
     google-query: inurl:"/wp-content/plugins/squelch-tabs-and-accordions-shortcodes/"
     shodan-query: 'vuln:CVE-2024-2499'
-  tags: cve,wordpress,wp-plugin,squelch-tabs-and-accordions-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,squelch-tabs-and-accordions-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2500-be833eb15318e91b50173179ef1ced63.yaml b/nuclei-templates/2024/CVE-2024-2500-be833eb15318e91b50173179ef1ced63.yaml
index d344ca3bc8..839f3db678 100644
--- a/nuclei-templates/2024/CVE-2024-2500-be833eb15318e91b50173179ef1ced63.yaml
+++ b/nuclei-templates/2024/CVE-2024-2500-be833eb15318e91b50173179ef1ced63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ColorMag <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/colormag/"
     google-query: inurl:"/wp-content/themes/colormag/"
     shodan-query: 'vuln:CVE-2024-2500'
-  tags: cve,wordpress,wp-theme,colormag,medium
+  tags: cve,wordpress,wp-theme,colormag,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2503-f6158c89533171b67393d05399849800.yaml b/nuclei-templates/2024/CVE-2024-2503-f6158c89533171b67393d05399849800.yaml
index 25fff5f4d3..9755118a6f 100644
--- a/nuclei-templates/2024/CVE-2024-2503-f6158c89533171b67393d05399849800.yaml
+++ b/nuclei-templates/2024/CVE-2024-2503-f6158c89533171b67393d05399849800.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid Widget in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping on user supplied tags. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32557 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2503'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2504-a19b0ea5f3c4659620b13f7e795adf29.yaml b/nuclei-templates/2024/CVE-2024-2504-a19b0ea5f3c4659620b13f7e795adf29.yaml
index b646d8bb62..12b0eb44a8 100644
--- a/nuclei-templates/2024/CVE-2024-2504-a19b0ea5f3c4659620b13f7e795adf29.yaml
+++ b/nuclei-templates/2024/CVE-2024-2504-a19b0ea5f3c4659620b13f7e795adf29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagelayer/"
     google-query: inurl:"/wp-content/plugins/pagelayer/"
     shodan-query: 'vuln:CVE-2024-2504'
-  tags: cve,wordpress,wp-plugin,pagelayer,medium
+  tags: cve,wordpress,wp-plugin,pagelayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2507-600dd698b59252da2334c219e30a3a4b.yaml b/nuclei-templates/2024/CVE-2024-2507-600dd698b59252da2334c219e30a3a4b.yaml
index 2696a5abc2..a0fa41bf61 100644
--- a/nuclei-templates/2024/CVE-2024-2507-600dd698b59252da2334c219e30a3a4b.yaml
+++ b/nuclei-templates/2024/CVE-2024-2507-600dd698b59252da2334c219e30a3a4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JetWidgets For Elementor <= 1.0.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Button URL
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetwidgets-for-elementor/"
     google-query: inurl:"/wp-content/plugins/jetwidgets-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2507'
-  tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2509-e67596c37a8f5cfdbaa53a0b072da6d5.yaml b/nuclei-templates/2024/CVE-2024-2509-e67596c37a8f5cfdbaa53a0b072da6d5.yaml
index 6c31928d89..9e958168ae 100644
--- a/nuclei-templates/2024/CVE-2024-2509-e67596c37a8f5cfdbaa53a0b072da6d5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2509-e67596c37a8f5cfdbaa53a0b072da6d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Form widget in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping on user supplied attributes such as 'placeholder'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2024-2509'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,medium
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25092-87df5cc36f24c1b7dd693537f9d2db36.yaml b/nuclei-templates/2024/CVE-2024-25092-87df5cc36f24c1b7dd693537f9d2db36.yaml
index 6597463765..15d60bd68b 100644
--- a/nuclei-templates/2024/CVE-2024-25092-87df5cc36f24c1b7dd693537f9d2db36.yaml
+++ b/nuclei-templates/2024/CVE-2024-25092-87df5cc36f24c1b7dd693537f9d2db36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextMove Lite <= 2.17.0 -  Missing Authorization to Authenticated(Subscriber+) Plugin Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'xl_addon_installation' function in all versions up to, and including, 2.17.0. This makes it possible for authenticated attackers, with subscriber access and above, to install and activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-thank-you-page-nextmove-lite/"
     google-query: inurl:"/wp-content/plugins/woo-thank-you-page-nextmove-lite/"
     shodan-query: 'vuln:CVE-2024-25092'
-  tags: cve,wordpress,wp-plugin,woo-thank-you-page-nextmove-lite,medium
+  tags: cve,wordpress,wp-plugin,woo-thank-you-page-nextmove-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25093-96454af8a6ce5f0b120ae58c0cde8af3.yaml b/nuclei-templates/2024/CVE-2024-25093-96454af8a6ce5f0b120ae58c0cde8af3.yaml
index 1285802a94..723864ee94 100644
--- a/nuclei-templates/2024/CVE-2024-25093-96454af8a6ce5f0b120ae58c0cde8af3.yaml
+++ b/nuclei-templates/2024/CVE-2024-25093-96454af8a6ce5f0b120ae58c0cde8af3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Rating System <= 3.5.0 - Unauthenticated Stored Cross-Site Scripting via IP
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via IP Address values in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-rating-system/"
     google-query: inurl:"/wp-content/plugins/gd-rating-system/"
     shodan-query: 'vuln:CVE-2024-25093'
-  tags: cve,wordpress,wp-plugin,gd-rating-system,medium
+  tags: cve,wordpress,wp-plugin,gd-rating-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25094-14d59d1dd0d6c11dea03161b864cfb49.yaml b/nuclei-templates/2024/CVE-2024-25094-14d59d1dd0d6c11dea03161b864cfb49.yaml
index d4cd8ac55b..f61ef000ff 100644
--- a/nuclei-templates/2024/CVE-2024-25094-14d59d1dd0d6c11dea03161b864cfb49.yaml
+++ b/nuclei-templates/2024/CVE-2024-25094-14d59d1dd0d6c11dea03161b864cfb49.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PJ News Ticker <= 6.8.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PJ News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pj-news-ticker/"
     google-query: inurl:"/wp-content/plugins/pj-news-ticker/"
     shodan-query: 'vuln:CVE-2024-25094'
-  tags: cve,wordpress,wp-plugin,pj-news-ticker,medium
+  tags: cve,wordpress,wp-plugin,pj-news-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25097-a904a832d065a78b4632aa6c156ad613.yaml b/nuclei-templates/2024/CVE-2024-25097-a904a832d065a78b4632aa6c156ad613.yaml
index 3138ca9a97..84dbbb5c4a 100644
--- a/nuclei-templates/2024/CVE-2024-25097-a904a832d065a78b4632aa6c156ad613.yaml
+++ b/nuclei-templates/2024/CVE-2024-25097-a904a832d065a78b4632aa6c156ad613.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TNC PDF viewer <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TNC PDF viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-viewer-by-themencode/"
     google-query: inurl:"/wp-content/plugins/pdf-viewer-by-themencode/"
     shodan-query: 'vuln:CVE-2024-25097'
-  tags: cve,wordpress,wp-plugin,pdf-viewer-by-themencode,medium
+  tags: cve,wordpress,wp-plugin,pdf-viewer-by-themencode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25098-d431a2f9901a2f7f0f42332dd7577612.yaml b/nuclei-templates/2024/CVE-2024-25098-d431a2f9901a2f7f0f42332dd7577612.yaml
index 7b49817f54..0342616d10 100644
--- a/nuclei-templates/2024/CVE-2024-25098-d431a2f9901a2f7f0f42332dd7577612.yaml
+++ b/nuclei-templates/2024/CVE-2024-25098-d431a2f9901a2f7f0f42332dd7577612.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PB oEmbed HTML5 Audio <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PB oEmbed HTML5 Audio – with Cache Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pb-oembed-html5-audio-with-cache-support/"
     google-query: inurl:"/wp-content/plugins/pb-oembed-html5-audio-with-cache-support/"
     shodan-query: 'vuln:CVE-2024-25098'
-  tags: cve,wordpress,wp-plugin,pb-oembed-html5-audio-with-cache-support,medium
+  tags: cve,wordpress,wp-plugin,pb-oembed-html5-audio-with-cache-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25099-9b90abd6d830325819c48ecc09f52c5d.yaml b/nuclei-templates/2024/CVE-2024-25099-9b90abd6d830325819c48ecc09f52c5d.yaml
index 9af7f4b24f..82a9772838 100644
--- a/nuclei-templates/2024/CVE-2024-25099-9b90abd6d830325819c48ecc09f52c5d.yaml
+++ b/nuclei-templates/2024/CVE-2024-25099-9b90abd6d830325819c48ecc09f52c5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytium: Mollie payment forms & donations <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytium/"
     google-query: inurl:"/wp-content/plugins/paytium/"
     shodan-query: 'vuln:CVE-2024-25099'
-  tags: cve,wordpress,wp-plugin,paytium,medium
+  tags: cve,wordpress,wp-plugin,paytium,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25101-87058e9c1b26afbdd8a6e1c7e1f576f5.yaml b/nuclei-templates/2024/CVE-2024-25101-87058e9c1b26afbdd8a6e1c7e1f576f5.yaml
index a28d07cd02..cc15935d6a 100644
--- a/nuclei-templates/2024/CVE-2024-25101-87058e9c1b26afbdd8a6e1c7e1f576f5.yaml
+++ b/nuclei-templates/2024/CVE-2024-25101-87058e9c1b26afbdd8a6e1c7e1f576f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Maspik – Spam blacklist <= 0.10.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Maspik – Spam Blacklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-forms-anti-spam/"
     google-query: inurl:"/wp-content/plugins/contact-forms-anti-spam/"
     shodan-query: 'vuln:CVE-2024-25101'
-  tags: cve,wordpress,wp-plugin,contact-forms-anti-spam,medium
+  tags: cve,wordpress,wp-plugin,contact-forms-anti-spam,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2513-15be6de4677a81d9742115b7d4dbf93c.yaml b/nuclei-templates/2024/CVE-2024-2513-15be6de4677a81d9742115b7d4dbf93c.yaml
index cb7891f8b0..328c338ddb 100644
--- a/nuclei-templates/2024/CVE-2024-2513-15be6de4677a81d9742115b7d4dbf93c.yaml
+++ b/nuclei-templates/2024/CVE-2024-2513-15be6de4677a81d9742115b7d4dbf93c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-whatsapp/"
     google-query: inurl:"/wp-content/plugins/wp-whatsapp/"
     shodan-query: 'vuln:CVE-2024-2513'
-  tags: cve,wordpress,wp-plugin,wp-whatsapp,medium
+  tags: cve,wordpress,wp-plugin,wp-whatsapp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2536-0412effdb25dc1c079b5ac901ba8eb41.yaml b/nuclei-templates/2024/CVE-2024-2536-0412effdb25dc1c079b5ac901ba8eb41.yaml
index 5b1d38ffec..6fb1e95ee4 100644
--- a/nuclei-templates/2024/CVE-2024-2536-0412effdb25dc1c079b5ac901ba8eb41.yaml
+++ b/nuclei-templates/2024/CVE-2024-2536-0412effdb25dc1c079b5ac901ba8eb41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rank Math SEO with AI SEO Tools <= 1.0.214 - Authenticated(Contributor+) Stored Cross-Site Scripting via HowTo block attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-by-rank-math/"
     google-query: inurl:"/wp-content/plugins/seo-by-rank-math/"
     shodan-query: 'vuln:CVE-2024-2536'
-  tags: cve,wordpress,wp-plugin,seo-by-rank-math,medium
+  tags: cve,wordpress,wp-plugin,seo-by-rank-math,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2538-48da01905911b9839c3e0f5a4a5539b0.yaml b/nuclei-templates/2024/CVE-2024-2538-48da01905911b9839c3e0f5a4a5539b0.yaml
index 3ae3e9a63f..59bd9080e9 100644
--- a/nuclei-templates/2024/CVE-2024-2538-48da01905911b9839c3e0f5a4a5539b0.yaml
+++ b/nuclei-templates/2024/CVE-2024-2538-48da01905911b9839c3e0f5a4a5539b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/permalink-manager/"
     google-query: inurl:"/wp-content/plugins/permalink-manager/"
     shodan-query: 'vuln:CVE-2024-2538'
-  tags: cve,wordpress,wp-plugin,permalink-manager,medium
+  tags: cve,wordpress,wp-plugin,permalink-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2539-0a02674a461ee92c9bdab38333dc64d2.yaml b/nuclei-templates/2024/CVE-2024-2539-0a02674a461ee92c9bdab38333dc64d2.yaml
index 934c48d243..4d6a41dfe5 100644
--- a/nuclei-templates/2024/CVE-2024-2539-0a02674a461ee92c9bdab38333dc64d2.yaml
+++ b/nuclei-templates/2024/CVE-2024-2539-0a02674a461ee92c9bdab38333dc64d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons by Livemesh <= 8.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget '_id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2539'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2542-22880b987be0b07f46689049fd2458ff.yaml b/nuclei-templates/2024/CVE-2024-2542-22880b987be0b07f46689049fd2458ff.yaml
index d296b539a1..9bceb47d75 100644
--- a/nuclei-templates/2024/CVE-2024-2542-22880b987be0b07f46689049fd2458ff.yaml
+++ b/nuclei-templates/2024/CVE-2024-2542-22880b987be0b07f46689049fd2458ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jotform Online Forms  <= 1.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32527 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embed-form/"
     google-query: inurl:"/wp-content/plugins/embed-form/"
     shodan-query: 'vuln:CVE-2024-2542'
-  tags: cve,wordpress,wp-plugin,embed-form,medium
+  tags: cve,wordpress,wp-plugin,embed-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2543-954c99838450703e2f9d2a807b32e669.yaml b/nuclei-templates/2024/CVE-2024-2543-954c99838450703e2f9d2a807b32e669.yaml
index e009122097..7cc7cd8ed5 100644
--- a/nuclei-templates/2024/CVE-2024-2543-954c99838450703e2f9d2a807b32e669.yaml
+++ b/nuclei-templates/2024/CVE-2024-2543-954c99838450703e2f9d2a807b32e669.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/permalink-manager/"
     google-query: inurl:"/wp-content/plugins/permalink-manager/"
     shodan-query: 'vuln:CVE-2024-2543'
-  tags: cve,wordpress,wp-plugin,permalink-manager,medium
+  tags: cve,wordpress,wp-plugin,permalink-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25592-2c732f7d3e8ac28c93dbfa9cd10c3d81.yaml b/nuclei-templates/2024/CVE-2024-25592-2c732f7d3e8ac28c93dbfa9cd10c3d81.yaml
index f75aecdd12..66b4aebe68 100644
--- a/nuclei-templates/2024/CVE-2024-25592-2c732f7d3e8ac28c93dbfa9cd10c3d81.yaml
+++ b/nuclei-templates/2024/CVE-2024-25592-2c732f7d3e8ac28c93dbfa9cd10c3d81.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broken Link Checker <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Broken Link Checker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/broken-link-checker/"
     google-query: inurl:"/wp-content/plugins/broken-link-checker/"
     shodan-query: 'vuln:CVE-2024-25592'
-  tags: cve,wordpress,wp-plugin,broken-link-checker,medium
+  tags: cve,wordpress,wp-plugin,broken-link-checker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25593-320cc739be80667a41b7c33bc9c3ac5f.yaml b/nuclei-templates/2024/CVE-2024-25593-320cc739be80667a41b7c33bc9c3ac5f.yaml
index 0a214a005e..84d95a4d4d 100644
--- a/nuclei-templates/2024/CVE-2024-25593-320cc739be80667a41b7c33bc9c3ac5f.yaml
+++ b/nuclei-templates/2024/CVE-2024-25593-320cc739be80667a41b7c33bc9c3ac5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NEX-Forms – Ultimate Form Builder <= 8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 8.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/"
     google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/"
     shodan-query: 'vuln:CVE-2024-25593'
-  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium
+  tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25594-94a42c523ccdb6324d7b897f6e9c739d.yaml b/nuclei-templates/2024/CVE-2024-25594-94a42c523ccdb6324d7b897f6e9c739d.yaml
index 138d38452b..d550b4c0ba 100644
--- a/nuclei-templates/2024/CVE-2024-25594-94a42c523ccdb6324d7b897f6e9c739d.yaml
+++ b/nuclei-templates/2024/CVE-2024-25594-94a42c523ccdb6324d7b897f6e9c739d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MyWaze <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MyWaze plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-waze/"
     google-query: inurl:"/wp-content/plugins/my-waze/"
     shodan-query: 'vuln:CVE-2024-25594'
-  tags: cve,wordpress,wp-plugin,my-waze,medium
+  tags: cve,wordpress,wp-plugin,my-waze,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25596-ccf7ae7c58d11c91be50450cab57d66e.yaml b/nuclei-templates/2024/CVE-2024-25596-ccf7ae7c58d11c91be50450cab57d66e.yaml
index 083b8d6839..53e5f270fa 100644
--- a/nuclei-templates/2024/CVE-2024-25596-ccf7ae7c58d11c91be50450cab57d66e.yaml
+++ b/nuclei-templates/2024/CVE-2024-25596-ccf7ae7c58d11c91be50450cab57d66e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Doofinder for WooCommerce <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Doofinder WP & WooCommerce Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/doofinder-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/doofinder-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-25596'
-  tags: cve,wordpress,wp-plugin,doofinder-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,doofinder-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25597-c2f057b1286b0479a330a6cf26c60c67.yaml b/nuclei-templates/2024/CVE-2024-25597-c2f057b1286b0479a330a6cf26c60c67.yaml
index f742e903ce..5ff2057e85 100644
--- a/nuclei-templates/2024/CVE-2024-25597-c2f057b1286b0479a330a6cf26c60c67.yaml
+++ b/nuclei-templates/2024/CVE-2024-25597-c2f057b1286b0479a330a6cf26c60c67.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Reviews <= 3.2.8 - Unauthenticated stored Cross-Site Scripting via reviews
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Reviews plugin for WordPress is vulnerable to stored Cross-Site Scripting via the review functionality in versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-reviews/"
     google-query: inurl:"/wp-content/plugins/ultimate-reviews/"
     shodan-query: 'vuln:CVE-2024-25597'
-  tags: cve,wordpress,wp-plugin,ultimate-reviews,medium
+  tags: cve,wordpress,wp-plugin,ultimate-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25598-c2bef3c139a7a3ae094de8e562cf6429.yaml b/nuclei-templates/2024/CVE-2024-25598-c2bef3c139a7a3ae094de8e562cf6429.yaml
index edd8609b25..6694e17d9b 100644
--- a/nuclei-templates/2024/CVE-2024-25598-c2bef3c139a7a3ae094de8e562cf6429.yaml
+++ b/nuclei-templates/2024/CVE-2024-25598-c2bef3c139a7a3ae094de8e562cf6429.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Livemesh Addons for Elementor <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via animated_text_class
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘animated_text_class’ attribute in versions up to, and including, 8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-25598'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2578-245098f6b0653f99e8181fe1d0b4d9ec.yaml b/nuclei-templates/2024/CVE-2024-2578-245098f6b0653f99e8181fe1d0b4d9ec.yaml
index c378401123..70b85b5ee1 100644
--- a/nuclei-templates/2024/CVE-2024-2578-245098f6b0653f99e8181fe1d0b4d9ec.yaml
+++ b/nuclei-templates/2024/CVE-2024-2578-245098f6b0653f99e8181fe1d0b4d9ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Coder <= 3.5 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Coder – Powerful HTML, CSS, JS and PHP Injection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-coder/"
     google-query: inurl:"/wp-content/plugins/wp-coder/"
     shodan-query: 'vuln:CVE-2024-2578'
-  tags: cve,wordpress,wp-plugin,wp-coder,medium
+  tags: cve,wordpress,wp-plugin,wp-coder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2579-421ea02f0f2faaa78ee159ebbd1f2ea2.yaml b/nuclei-templates/2024/CVE-2024-2579-421ea02f0f2faaa78ee159ebbd1f2ea2.yaml
index 8cff2c06ee..362efb49fa 100644
--- a/nuclei-templates/2024/CVE-2024-2579-421ea02f0f2faaa78ee159ebbd1f2ea2.yaml
+++ b/nuclei-templates/2024/CVE-2024-2579-421ea02f0f2faaa78ee159ebbd1f2ea2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tracking Code Manager <= 2.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tracking-code-manager/"
     google-query: inurl:"/wp-content/plugins/tracking-code-manager/"
     shodan-query: 'vuln:CVE-2024-2579'
-  tags: cve,wordpress,wp-plugin,tracking-code-manager,medium
+  tags: cve,wordpress,wp-plugin,tracking-code-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2580-d18e40088a787bdccb931530c8848277.yaml b/nuclei-templates/2024/CVE-2024-2580-d18e40088a787bdccb931530c8848277.yaml
index 70c04c0204..c5db3b4cae 100644
--- a/nuclei-templates/2024/CVE-2024-2580-d18e40088a787bdccb931530c8848277.yaml
+++ b/nuclei-templates/2024/CVE-2024-2580-d18e40088a787bdccb931530c8848277.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Automation By Autonami <= 2.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Automation By Autonami plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-marketing-automations/"
     google-query: inurl:"/wp-content/plugins/wp-marketing-automations/"
     shodan-query: 'vuln:CVE-2024-2580'
-  tags: cve,wordpress,wp-plugin,wp-marketing-automations,medium
+  tags: cve,wordpress,wp-plugin,wp-marketing-automations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2583-40c38cbf6914f34e30e735daee9d90f9.yaml b/nuclei-templates/2024/CVE-2024-2583-40c38cbf6914f34e30e735daee9d90f9.yaml
index 00ed5a5fa4..85d6431642 100644
--- a/nuclei-templates/2024/CVE-2024-2583-40c38cbf6914f34e30e735daee9d90f9.yaml
+++ b/nuclei-templates/2024/CVE-2024-2583-40c38cbf6914f34e30e735daee9d90f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes Ultimate <= 7.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'note_color' Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'note_color' shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2024-2583'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25902-65d716f9ae4f07532a2c4f0b876ee91a.yaml b/nuclei-templates/2024/CVE-2024-25902-65d716f9ae4f07532a2c4f0b876ee91a.yaml
index ebebf5d970..a62c261fe0 100644
--- a/nuclei-templates/2024/CVE-2024-25902-65d716f9ae4f07532a2c4f0b876ee91a.yaml
+++ b/nuclei-templates/2024/CVE-2024-25902-65d716f9ae4f07532a2c4f0b876ee91a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Malware Scanner <= 4.7.2 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Malware Scanner plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 4.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-malware-protection/"
     google-query: inurl:"/wp-content/plugins/miniorange-malware-protection/"
     shodan-query: 'vuln:CVE-2024-25902'
-  tags: cve,wordpress,wp-plugin,miniorange-malware-protection,medium
+  tags: cve,wordpress,wp-plugin,miniorange-malware-protection,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25907-2da7a3f2515edfb050506d62d2d86fdd.yaml b/nuclei-templates/2024/CVE-2024-25907-2da7a3f2515edfb050506d62d2d86fdd.yaml
index 57c8b77618..4f48bea6ac 100644
--- a/nuclei-templates/2024/CVE-2024-25907-2da7a3f2515edfb050506d62d2d86fdd.yaml
+++ b/nuclei-templates/2024/CVE-2024-25907-2da7a3f2515edfb050506d62d2d86fdd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Media folder <= 5.7.2 - Missing Authorization to Authenticated(Subscriber+) Plugin settings change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-media-folder/"
     google-query: inurl:"/wp-content/plugins/wp-media-folder/"
     shodan-query: 'vuln:CVE-2024-25907'
-  tags: cve,wordpress,wp-plugin,wp-media-folder,medium
+  tags: cve,wordpress,wp-plugin,wp-media-folder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25908-a0b0c399b7514c70fcf0e05e68ca4408.yaml b/nuclei-templates/2024/CVE-2024-25908-a0b0c399b7514c70fcf0e05e68ca4408.yaml
index 944c6d2a04..905fb64bdd 100644
--- a/nuclei-templates/2024/CVE-2024-25908-a0b0c399b7514c70fcf0e05e68ca4408.yaml
+++ b/nuclei-templates/2024/CVE-2024-25908-a0b0c399b7514c70fcf0e05e68ca4408.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Media folder <= 5.7.2 - Missing Authorization to Authenticated(Subscriber+) Title Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify titles of posts and pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-media-folder/"
     google-query: inurl:"/wp-content/plugins/wp-media-folder/"
     shodan-query: 'vuln:CVE-2024-25908'
-  tags: cve,wordpress,wp-plugin,wp-media-folder,medium
+  tags: cve,wordpress,wp-plugin,wp-media-folder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25909-1196705650803cf1c8c204bb4b542a25.yaml b/nuclei-templates/2024/CVE-2024-25909-1196705650803cf1c8c204bb4b542a25.yaml
index 588d5afcff..dbb6964943 100644
--- a/nuclei-templates/2024/CVE-2024-25909-1196705650803cf1c8c204bb4b542a25.yaml
+++ b/nuclei-templates/2024/CVE-2024-25909-1196705650803cf1c8c204bb4b542a25.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Media folder <= 5.7.2 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Media folder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-media-folder/"
     google-query: inurl:"/wp-content/plugins/wp-media-folder/"
     shodan-query: 'vuln:CVE-2024-25909'
-  tags: cve,wordpress,wp-plugin,wp-media-folder,high
+  tags: cve,wordpress,wp-plugin,wp-media-folder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25912-aa8a8d1534c979b4a72d9c8bec09fbff.yaml b/nuclei-templates/2024/CVE-2024-25912-aa8a8d1534c979b4a72d9c8bec09fbff.yaml
index 34b8ac2343..178f48a440 100644
--- a/nuclei-templates/2024/CVE-2024-25912-aa8a8d1534c979b4a72d9c8bec09fbff.yaml
+++ b/nuclei-templates/2024/CVE-2024-25912-aa8a8d1534c979b4a72d9c8bec09fbff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MoveTo <= 6.2 - Missing Authorization to Unauthenticated Options Update
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The moveto plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to update arbitrary WordPress options, potentially leading to site takeover.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/moveto/"
     google-query: inurl:"/wp-content/plugins/moveto/"
     shodan-query: 'vuln:CVE-2024-25912'
-  tags: cve,wordpress,wp-plugin,moveto,critical
+  tags: cve,wordpress,wp-plugin,moveto,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25915-f9cd598e625ead7b114953b55ded2f31.yaml b/nuclei-templates/2024/CVE-2024-25915-f9cd598e625ead7b114953b55ded2f31.yaml
index 7351db7a3f..cefbf3bc70 100644
--- a/nuclei-templates/2024/CVE-2024-25915-f9cd598e625ead7b114953b55ded2f31.yaml
+++ b/nuclei-templates/2024/CVE-2024-25915-f9cd598e625ead7b114953b55ded2f31.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pexels: Free Stock Photos  <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pexels: Free Stock Photos plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.2 via the pexels_fsp_images_options_validate() function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-pexels-free-stock-photos/"
     google-query: inurl:"/wp-content/plugins/wp-pexels-free-stock-photos/"
     shodan-query: 'vuln:CVE-2024-25915'
-  tags: cve,wordpress,wp-plugin,wp-pexels-free-stock-photos,medium
+  tags: cve,wordpress,wp-plugin,wp-pexels-free-stock-photos,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25916-0fa49314c689285a17b374209d3a5887.yaml b/nuclei-templates/2024/CVE-2024-25916-0fa49314c689285a17b374209d3a5887.yaml
index c9b691c915..442702a2a4 100644
--- a/nuclei-templates/2024/CVE-2024-25916-0fa49314c689285a17b374209d3a5887.yaml
+++ b/nuclei-templates/2024/CVE-2024-25916-0fa49314c689285a17b374209d3a5887.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Calendar <= 3.4.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The My Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with, contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-calendar/"
     google-query: inurl:"/wp-content/plugins/my-calendar/"
     shodan-query: 'vuln:CVE-2024-25916'
-  tags: cve,wordpress,wp-plugin,my-calendar,medium
+  tags: cve,wordpress,wp-plugin,my-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25917-c10fda9bfdd3663d875e2a0fc2207f2e.yaml b/nuclei-templates/2024/CVE-2024-25917-c10fda9bfdd3663d875e2a0fc2207f2e.yaml
index a4e502ca27..38dbd677b1 100644
--- a/nuclei-templates/2024/CVE-2024-25917-c10fda9bfdd3663d875e2a0fc2207f2e.yaml
+++ b/nuclei-templates/2024/CVE-2024-25917-c10fda9bfdd3663d875e2a0fc2207f2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Setup Wizard <= 1.0.8.1 - Authenticated (Subscriber+) Full Database Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Setup Wizard plugin for WordPress is vulnerable to unauthorized access of datadue to a missing capability check in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to download the entire database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-setup-wizard/"
     google-query: inurl:"/wp-content/plugins/wp-setup-wizard/"
     shodan-query: 'vuln:CVE-2024-25917'
-  tags: cve,wordpress,wp-plugin,wp-setup-wizard,medium
+  tags: cve,wordpress,wp-plugin,wp-setup-wizard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25918-bb8913e248b8c353b00d004e9ca5f930.yaml b/nuclei-templates/2024/CVE-2024-25918-bb8913e248b8c353b00d004e9ca5f930.yaml
index de7729ceb1..800f485e8f 100644
--- a/nuclei-templates/2024/CVE-2024-25918-bb8913e248b8c353b00d004e9ca5f930.yaml
+++ b/nuclei-templates/2024/CVE-2024-25918-bb8913e248b8c353b00d004e9ca5f930.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     InstaWP Connect <= 0.1.0.8 - Authenticated (Subscriber+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.1.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instawp-connect/"
     google-query: inurl:"/wp-content/plugins/instawp-connect/"
     shodan-query: 'vuln:CVE-2024-25918'
-  tags: cve,wordpress,wp-plugin,instawp-connect,high
+  tags: cve,wordpress,wp-plugin,instawp-connect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25919-d21e7c2b8075bc32648e9e728716b83f.yaml b/nuclei-templates/2024/CVE-2024-25919-d21e7c2b8075bc32648e9e728716b83f.yaml
index b7fbcd15cc..e172cd5540 100644
--- a/nuclei-templates/2024/CVE-2024-25919-d21e7c2b8075bc32648e9e728716b83f.yaml
+++ b/nuclei-templates/2024/CVE-2024-25919-d21e7c2b8075bc32648e9e728716b83f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Field Template <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via $search_label
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $search_label parameter in versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-field-template/"
     google-query: inurl:"/wp-content/plugins/custom-field-template/"
     shodan-query: 'vuln:CVE-2024-25919'
-  tags: cve,wordpress,wp-plugin,custom-field-template,medium
+  tags: cve,wordpress,wp-plugin,custom-field-template,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25920-84f2aef7f11acfd2b73b896d3ef7cd04.yaml b/nuclei-templates/2024/CVE-2024-25920-84f2aef7f11acfd2b73b896d3ef7cd04.yaml
index bc53d91b22..bf61b2695d 100644
--- a/nuclei-templates/2024/CVE-2024-25920-84f2aef7f11acfd2b73b896d3ef7cd04.yaml
+++ b/nuclei-templates/2024/CVE-2024-25920-84f2aef7f11acfd2b73b896d3ef7cd04.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SMS <= 6.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-sms/"
     google-query: inurl:"/wp-content/plugins/wp-sms/"
     shodan-query: 'vuln:CVE-2024-25920'
-  tags: cve,wordpress,wp-plugin,wp-sms,medium
+  tags: cve,wordpress,wp-plugin,wp-sms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25922-bf0e4365c0a80682381fd05937032a09.yaml b/nuclei-templates/2024/CVE-2024-25922-bf0e4365c0a80682381fd05937032a09.yaml
index 5e633f4839..bfa0233294 100644
--- a/nuclei-templates/2024/CVE-2024-25922-bf0e4365c0a80682381fd05937032a09.yaml
+++ b/nuclei-templates/2024/CVE-2024-25922-bf0e4365c0a80682381fd05937032a09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Peach Payments Gateway <= 3.1.9 - Missing Authorization via peach_core_version_rollback()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Peach Payments Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the peach_core_version_rollback() function in versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to rollback the plugin's version.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-peach-payments-gateway/"
     google-query: inurl:"/wp-content/plugins/wc-peach-payments-gateway/"
     shodan-query: 'vuln:CVE-2024-25922'
-  tags: cve,wordpress,wp-plugin,wc-peach-payments-gateway,medium
+  tags: cve,wordpress,wp-plugin,wc-peach-payments-gateway,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25924-0a08727c9a8cc242989bfe2a49030a2a.yaml b/nuclei-templates/2024/CVE-2024-25924-0a08727c9a8cc242989bfe2a49030a2a.yaml
index 03a8c6ed47..a439671a43 100644
--- a/nuclei-templates/2024/CVE-2024-25924-0a08727c9a8cc242989bfe2a49030a2a.yaml
+++ b/nuclei-templates/2024/CVE-2024-25924-0a08727c9a8cc242989bfe2a49030a2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Testimonials <= 1.4.3 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Testimonials plugin for WordPress is vulnerable to SQL Injection via the 'widget_id' parameter in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-widgets/"
     google-query: inurl:"/wp-content/plugins/testimonial-widgets/"
     shodan-query: 'vuln:CVE-2024-25924'
-  tags: cve,wordpress,wp-plugin,testimonial-widgets,high
+  tags: cve,wordpress,wp-plugin,testimonial-widgets,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25926-bcfdb3c82ae0485dc6fcdad4aba69c36.yaml b/nuclei-templates/2024/CVE-2024-25926-bcfdb3c82ae0485dc6fcdad4aba69c36.yaml
index a9e4ef49ac..697b596031 100644
--- a/nuclei-templates/2024/CVE-2024-25926-bcfdb3c82ae0485dc6fcdad4aba69c36.yaml
+++ b/nuclei-templates/2024/CVE-2024-25926-bcfdb3c82ae0485dc6fcdad4aba69c36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Widgets Controller <= 1.1 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Widgets Controller plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widgets-controller/"
     google-query: inurl:"/wp-content/plugins/widgets-controller/"
     shodan-query: 'vuln:CVE-2024-25926'
-  tags: cve,wordpress,wp-plugin,widgets-controller,medium
+  tags: cve,wordpress,wp-plugin,widgets-controller,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25932-ca722f2c2467f4f9c95321209d16faa6.yaml b/nuclei-templates/2024/CVE-2024-25932-ca722f2c2467f4f9c95321209d16faa6.yaml
index 1841495cc9..8aa741dccd 100644
--- a/nuclei-templates/2024/CVE-2024-25932-ca722f2c2467f4f9c95321209d16faa6.yaml
+++ b/nuclei-templates/2024/CVE-2024-25932-ca722f2c2467f4f9c95321209d16faa6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Change Table Prefix <= 2.0 - Cross-Site Request Forgery via change_prefix_form
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Change Table Prefix plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'change_prefix_form' function. This makes it possible for unauthenticated attackers to toggle maintenance mode via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/change-table-prefix/"
     google-query: inurl:"/wp-content/plugins/change-table-prefix/"
     shodan-query: 'vuln:CVE-2024-25932'
-  tags: cve,wordpress,wp-plugin,change-table-prefix,high
+  tags: cve,wordpress,wp-plugin,change-table-prefix,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25934-240756f87690e8bd859858034bc8c975.yaml b/nuclei-templates/2024/CVE-2024-25934-240756f87690e8bd859858034bc8c975.yaml
index 76a6280e2e..2e0541983a 100644
--- a/nuclei-templates/2024/CVE-2024-25934-240756f87690e8bd859858034bc8c975.yaml
+++ b/nuclei-templates/2024/CVE-2024-25934-240756f87690e8bd859858034bc8c975.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FormFacade <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formfacade/"
     google-query: inurl:"/wp-content/plugins/formfacade/"
     shodan-query: 'vuln:CVE-2024-25934'
-  tags: cve,wordpress,wp-plugin,formfacade,medium
+  tags: cve,wordpress,wp-plugin,formfacade,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-25936-dc226a4fd8674625d0b38158fd388bcd.yaml b/nuclei-templates/2024/CVE-2024-25936-dc226a4fd8674625d0b38158fd388bcd.yaml
index e44726a7eb..ef107525f9 100644
--- a/nuclei-templates/2024/CVE-2024-25936-dc226a4fd8674625d0b38158fd388bcd.yaml
+++ b/nuclei-templates/2024/CVE-2024-25936-dc226a4fd8674625d0b38158fd388bcd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SoundCloud Shortcode <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SoundCloud Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/soundcloud-shortcode/"
     google-query: inurl:"/wp-content/plugins/soundcloud-shortcode/"
     shodan-query: 'vuln:CVE-2024-25936'
-  tags: cve,wordpress,wp-plugin,soundcloud-shortcode,medium
+  tags: cve,wordpress,wp-plugin,soundcloud-shortcode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-26019-57cd30237a115f155e6a16a851952284.yaml b/nuclei-templates/2024/CVE-2024-26019-57cd30237a115f155e6a16a851952284.yaml
index 26dc970db2..7a034d3093 100644
--- a/nuclei-templates/2024/CVE-2024-26019-57cd30237a115f155e6a16a851952284.yaml
+++ b/nuclei-templates/2024/CVE-2024-26019-57cd30237a115f155e6a16a851952284.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form fields in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2024-26019'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2603-0bea880f7043c5054d61f7e9d6ba4d2f.yaml b/nuclei-templates/2024/CVE-2024-2603-0bea880f7043c5054d61f7e9d6ba4d2f.yaml
index 6583e4108a..ef4717f8d1 100644
--- a/nuclei-templates/2024/CVE-2024-2603-0bea880f7043c5054d61f7e9d6ba4d2f.yaml
+++ b/nuclei-templates/2024/CVE-2024-2603-0bea880f7043c5054d61f7e9d6ba4d2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting via Email Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Salon booking system plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email settings in all versions up to, and including, 9.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salon-booking-system/"
     google-query: inurl:"/wp-content/plugins/salon-booking-system/"
     shodan-query: 'vuln:CVE-2024-2603'
-  tags: cve,wordpress,wp-plugin,salon-booking-system,medium
+  tags: cve,wordpress,wp-plugin,salon-booking-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2623-b4aa2ee32c8d094c0d7d3b9c1a221104.yaml b/nuclei-templates/2024/CVE-2024-2623-b4aa2ee32c8d094c0d7d3b9c1a221104.yaml
index e5883e824c..23dc7eb083 100644
--- a/nuclei-templates/2024/CVE-2024-2623-b4aa2ee32c8d094c0d7d3b9c1a221104.yaml
+++ b/nuclei-templates/2024/CVE-2024-2623-b4aa2ee32c8d094c0d7d3b9c1a221104.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's message parameter in all versions up to, and including, 5.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-2623'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2650-d621d242ab564fd8e6e924445af60a72.yaml b/nuclei-templates/2024/CVE-2024-2650-d621d242ab564fd8e6e924445af60a72.yaml
index ed77040b21..6e3ab25988 100644
--- a/nuclei-templates/2024/CVE-2024-2650-d621d242ab564fd8e6e924445af60a72.yaml
+++ b/nuclei-templates/2024/CVE-2024-2650-d621d242ab564fd8e6e924445af60a72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-2650'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2654-f02efca96aea9cf0bcb75d72789d8419.yaml b/nuclei-templates/2024/CVE-2024-2654-f02efca96aea9cf0bcb75d72789d8419.yaml
index 979666a4da..da54d4a1fa 100644
--- a/nuclei-templates/2024/CVE-2024-2654-f02efca96aea9cf0bcb75d72789d8419.yaml
+++ b/nuclei-templates/2024/CVE-2024-2654-f02efca96aea9cf0bcb75d72789d8419.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Manager <= 7.2.5 - Authenticated (Administrator+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-manager/"
     google-query: inurl:"/wp-content/plugins/wp-file-manager/"
     shodan-query: 'vuln:CVE-2024-2654'
-  tags: cve,wordpress,wp-plugin,wp-file-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-file-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2655-a2edba0b6f9194a358b22756bbd79a75.yaml b/nuclei-templates/2024/CVE-2024-2655-a2edba0b6f9194a358b22756bbd79a75.yaml
index 49a6187dad..1d0767b041 100644
--- a/nuclei-templates/2024/CVE-2024-2655-a2edba0b6f9194a358b22756bbd79a75.yaml
+++ b/nuclei-templates/2024/CVE-2024-2655-a2edba0b6f9194a358b22756bbd79a75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2655'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2656-9fe142798845207512b358a2cd4c8c4d.yaml b/nuclei-templates/2024/CVE-2024-2656-9fe142798845207512b358a2cd4c8c4d.yaml
index 7df5201ba1..dffbe8b252 100644
--- a/nuclei-templates/2024/CVE-2024-2656-9fe142798845207512b358a2cd4c8c4d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2656-9fe142798845207512b358a2cd4c8c4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2024-2656'
-  tags: cve,wordpress,wp-plugin,email-subscribers,medium
+  tags: cve,wordpress,wp-plugin,email-subscribers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2661-3fe433fa04cbd74a4139a79417d6ceaa.yaml b/nuclei-templates/2024/CVE-2024-2661-3fe433fa04cbd74a4139a79417d6ceaa.yaml
index 275708d0e1..0e20248b56 100644
--- a/nuclei-templates/2024/CVE-2024-2661-3fe433fa04cbd74a4139a79417d6ceaa.yaml
+++ b/nuclei-templates/2024/CVE-2024-2661-3fe433fa04cbd74a4139a79417d6ceaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the ‘currentIds’ parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/"
     google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/"
     shodan-query: 'vuln:CVE-2024-2661'
-  tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,high
+  tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2662-a4e1a6eed6af75293ee8acc33aa5bb7f.yaml b/nuclei-templates/2024/CVE-2024-2662-a4e1a6eed6af75293ee8acc33aa5bb7f.yaml
index 6d9cb14ad8..a69cefde13 100644
--- a/nuclei-templates/2024/CVE-2024-2662-a4e1a6eed6af75293ee8acc33aa5bb7f.yaml
+++ b/nuclei-templates/2024/CVE-2024-2662-a4e1a6eed6af75293ee8acc33aa5bb7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/"
     google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2662'
-  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,high
+  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2664-5f4d629f81f40ae82d44c4c8c94e12ba.yaml b/nuclei-templates/2024/CVE-2024-2664-5f4d629f81f40ae82d44c4c8c94e12ba.yaml
index 3b50ab7ed7..20df844f2e 100644
--- a/nuclei-templates/2024/CVE-2024-2664-5f4d629f81f40ae82d44c4c8c94e12ba.yaml
+++ b/nuclei-templates/2024/CVE-2024-2664-5f4d629f81f40ae82d44c4c8c94e12ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2664'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2665-07fd6d4168c19a2706208ce105fc7279.yaml b/nuclei-templates/2024/CVE-2024-2665-07fd6d4168c19a2706208ce105fc7279.yaml
index 4cbeeafddb..22c1570ddf 100644
--- a/nuclei-templates/2024/CVE-2024-2665-07fd6d4168c19a2706208ce105fc7279.yaml
+++ b/nuclei-templates/2024/CVE-2024-2665-07fd6d4168c19a2706208ce105fc7279.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2665'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2666-9196735e9e9fe6dd44235b7e0a53bb60.yaml b/nuclei-templates/2024/CVE-2024-2666-9196735e9e9fe6dd44235b7e0a53bb60.yaml
index 600b3b6ab1..5d73beb34a 100644
--- a/nuclei-templates/2024/CVE-2024-2666-9196735e9e9fe6dd44235b7e0a53bb60.yaml
+++ b/nuclei-templates/2024/CVE-2024-2666-9196735e9e9fe6dd44235b7e0a53bb60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2666'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2688-1fc5887f904fbbe1b31241f4769801b5.yaml b/nuclei-templates/2024/CVE-2024-2688-1fc5887f904fbbe1b31241f4769801b5.yaml
index 0b34c4afd3..15ebfb1f4c 100644
--- a/nuclei-templates/2024/CVE-2024-2688-1fc5887f904fbbe1b31241f4769801b5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2688-1fc5887f904fbbe1b31241f4769801b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-2688'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2693-c53a6d31c98dcde7fc34b4079f07942b.yaml b/nuclei-templates/2024/CVE-2024-2693-c53a6d31c98dcde7fc34b4079f07942b.yaml
index e3ef5b7862..2aa647853b 100644
--- a/nuclei-templates/2024/CVE-2024-2693-c53a6d31c98dcde7fc34b4079f07942b.yaml
+++ b/nuclei-templates/2024/CVE-2024-2693-c53a6d31c98dcde7fc34b4079f07942b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link Whisper Free <= 0.7.1 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-whisper/"
     google-query: inurl:"/wp-content/plugins/link-whisper/"
     shodan-query: 'vuln:CVE-2024-2693'
-  tags: cve,wordpress,wp-plugin,link-whisper,high
+  tags: cve,wordpress,wp-plugin,link-whisper,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2702-5d017f957b0d5736d3f04d80942cf97a.yaml b/nuclei-templates/2024/CVE-2024-2702-5d017f957b0d5736d3f04d80942cf97a.yaml
index 2781526648..d816f4166e 100644
--- a/nuclei-templates/2024/CVE-2024-2702-5d017f957b0d5736d3f04d80942cf97a.yaml
+++ b/nuclei-templates/2024/CVE-2024-2702-5d017f957b0d5736d3f04d80942cf97a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Olive One Click Demo Import <= 1.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Olive One Click Demo Import plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability checking on several rest routes in versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to perform unauthorized actions. CVE-2024-32715 appears to be a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/olive-one-click-demo-import/"
     google-query: inurl:"/wp-content/plugins/olive-one-click-demo-import/"
     shodan-query: 'vuln:CVE-2024-2702'
-  tags: cve,wordpress,wp-plugin,olive-one-click-demo-import,medium
+  tags: cve,wordpress,wp-plugin,olive-one-click-demo-import,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27188-59a7cb3ce7ab42429819a5af71285080.yaml b/nuclei-templates/2024/CVE-2024-27188-59a7cb3ce7ab42429819a5af71285080.yaml
index b804cd05dd..6905fc7653 100644
--- a/nuclei-templates/2024/CVE-2024-27188-59a7cb3ce7ab42429819a5af71285080.yaml
+++ b/nuclei-templates/2024/CVE-2024-27188-59a7cb3ce7ab42429819a5af71285080.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Breeze <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via breeze_api_token
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Breeze plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘breeze_api_token’ parameter in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/breeze/"
     google-query: inurl:"/wp-content/plugins/breeze/"
     shodan-query: 'vuln:CVE-2024-27188'
-  tags: cve,wordpress,wp-plugin,breeze,medium
+  tags: cve,wordpress,wp-plugin,breeze,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27189-877e1c3b42118075385c29c980e6d4e6.yaml b/nuclei-templates/2024/CVE-2024-27189-877e1c3b42118075385c29c980e6d4e6.yaml
index 1c5d57e4bb..90f5e44cfb 100644
--- a/nuclei-templates/2024/CVE-2024-27189-877e1c3b42118075385c29c980e6d4e6.yaml
+++ b/nuclei-templates/2024/CVE-2024-27189-877e1c3b42118075385c29c980e6d4e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Social Widget <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-social-widget/"
     google-query: inurl:"/wp-content/plugins/wp-social-widget/"
     shodan-query: 'vuln:CVE-2024-27189'
-  tags: cve,wordpress,wp-plugin,wp-social-widget,medium
+  tags: cve,wordpress,wp-plugin,wp-social-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27190-43eedc047028750edf0998930243bbd6.yaml b/nuclei-templates/2024/CVE-2024-27190-43eedc047028750edf0998930243bbd6.yaml
index 39e7cc7d82..3312b15a44 100644
--- a/nuclei-templates/2024/CVE-2024-27190-43eedc047028750edf0998930243bbd6.yaml
+++ b/nuclei-templates/2024/CVE-2024-27190-43eedc047028750edf0998930243bbd6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Media <= 1.4.2 - Missing Authorization via generate_link_for_media
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Download Media plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'generate_link_for_media' function in versions up to, and including, 1.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to generate media download links.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-media/"
     google-query: inurl:"/wp-content/plugins/download-media/"
     shodan-query: 'vuln:CVE-2024-27190'
-  tags: cve,wordpress,wp-plugin,download-media,medium
+  tags: cve,wordpress,wp-plugin,download-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27191-5621a7def81227d66a22e352451dbd2f.yaml b/nuclei-templates/2024/CVE-2024-27191-5621a7def81227d66a22e352451dbd2f.yaml
index 4063c01023..60b3530072 100644
--- a/nuclei-templates/2024/CVE-2024-27191-5621a7def81227d66a22e352451dbd2f.yaml
+++ b/nuclei-templates/2024/CVE-2024-27191-5621a7def81227d66a22e352451dbd2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slivery Extender <= 1.0.2 - Authenticated(Contributor+) Remote Code Execution via shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Slivery Extender plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the 'slider_theme_section' function. This is due to the use of call_user_func on one of the shortcode attributes. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slivery-extender/"
     google-query: inurl:"/wp-content/plugins/slivery-extender/"
     shodan-query: 'vuln:CVE-2024-27191'
-  tags: cve,wordpress,wp-plugin,slivery-extender,high
+  tags: cve,wordpress,wp-plugin,slivery-extender,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27194-7524f5b14f92599cfeabd0dc20123b14.yaml b/nuclei-templates/2024/CVE-2024-27194-7524f5b14f92599cfeabd0dc20123b14.yaml
index 30c267e567..6d78267bb8 100644
--- a/nuclei-templates/2024/CVE-2024-27194-7524f5b14f92599cfeabd0dc20123b14.yaml
+++ b/nuclei-templates/2024/CVE-2024-27194-7524f5b14f92599cfeabd0dc20123b14.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fontific | Google Fonts <= 0.1.6 - Cross-Site Request Forgery via ajax_fontific_save_all
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Fontific | Google Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.6. This is due to missing or incorrect nonce validation on the 'ajax_fontific_save_all' function. This makes it possible for unauthenticated attackers to modify the plugin's settings, which includes injecting malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fontific/"
     google-query: inurl:"/wp-content/plugins/fontific/"
     shodan-query: 'vuln:CVE-2024-27194'
-  tags: cve,wordpress,wp-plugin,fontific,high
+  tags: cve,wordpress,wp-plugin,fontific,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27195-b5016fe0cbf526aff24bd66f2a8d0464.yaml b/nuclei-templates/2024/CVE-2024-27195-b5016fe0cbf526aff24bd66f2a8d0464.yaml
index 5bf66a43ce..4538aaa341 100644
--- a/nuclei-templates/2024/CVE-2024-27195-b5016fe0cbf526aff24bd66f2a8d0464.yaml
+++ b/nuclei-templates/2024/CVE-2024-27195-b5016fe0cbf526aff24bd66f2a8d0464.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Watermark RELOADED plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on the 'optionsPage' function. This makes it possible for unauthenticated attackers to update plugin options, which includes the ability to inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/watermark-reloaded/"
     google-query: inurl:"/wp-content/plugins/watermark-reloaded/"
     shodan-query: 'vuln:CVE-2024-27195'
-  tags: cve,wordpress,wp-plugin,watermark-reloaded,high
+  tags: cve,wordpress,wp-plugin,watermark-reloaded,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2729-e70c973ee52c3a8cad3d00694281c5e4.yaml b/nuclei-templates/2024/CVE-2024-2729-e70c973ee52c3a8cad3d00694281c5e4.yaml
index 52da0451fd..48787f1535 100644
--- a/nuclei-templates/2024/CVE-2024-2729-e70c973ee52c3a8cad3d00694281c5e4.yaml
+++ b/nuclei-templates/2024/CVE-2024-2729-e70c973ee52c3a8cad3d00694281c5e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Otter Blocks <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via new post creation in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/otter-blocks/"
     google-query: inurl:"/wp-content/plugins/otter-blocks/"
     shodan-query: 'vuln:CVE-2024-2729'
-  tags: cve,wordpress,wp-plugin,otter-blocks,medium
+  tags: cve,wordpress,wp-plugin,otter-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2732-6d39c5dd9e079ccbe9ac0c1a99d74a94.yaml b/nuclei-templates/2024/CVE-2024-2732-6d39c5dd9e079ccbe9ac0c1a99d74a94.yaml
index ada7147ef5..2af57350b0 100644
--- a/nuclei-templates/2024/CVE-2024-2732-6d39c5dd9e079ccbe9ac0c1a99d74a94.yaml
+++ b/nuclei-templates/2024/CVE-2024-2732-6d39c5dd9e079ccbe9ac0c1a99d74a94.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Shortcodes <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-shortcodes/"
     google-query: inurl:"/wp-content/plugins/themify-shortcodes/"
     shodan-query: 'vuln:CVE-2024-2732'
-  tags: cve,wordpress,wp-plugin,themify-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,themify-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2733-8e1e2ed917edbc0807da4afd84ddc7ed.yaml b/nuclei-templates/2024/CVE-2024-2733-8e1e2ed917edbc0807da4afd84ddc7ed.yaml
index 4ad10f9acc..149d7cc79a 100644
--- a/nuclei-templates/2024/CVE-2024-2733-8e1e2ed917edbc0807da4afd84ddc7ed.yaml
+++ b/nuclei-templates/2024/CVE-2024-2733-8e1e2ed917edbc0807da4afd84ddc7ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2024-2733'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2734-1c83761e8850a90348fc378dc1547a09.yaml b/nuclei-templates/2024/CVE-2024-2734-1c83761e8850a90348fc378dc1547a09.yaml
index b37298529a..2575ba6b6c 100644
--- a/nuclei-templates/2024/CVE-2024-2734-1c83761e8850a90348fc378dc1547a09.yaml
+++ b/nuclei-templates/2024/CVE-2024-2734-1c83761e8850a90348fc378dc1547a09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2024-2734'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2735-7f9f186670238d7e784b2f81e1301181.yaml b/nuclei-templates/2024/CVE-2024-2735-7f9f186670238d7e784b2f81e1301181.yaml
index 7de38bac89..1cd8e3207e 100644
--- a/nuclei-templates/2024/CVE-2024-2735-7f9f186670238d7e784b2f81e1301181.yaml
+++ b/nuclei-templates/2024/CVE-2024-2735-7f9f186670238d7e784b2f81e1301181.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2024-2735'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2736-dd7568e4d3ea5ea32920ba4a6563336b.yaml b/nuclei-templates/2024/CVE-2024-2736-dd7568e4d3ea5ea32920ba4a6563336b.yaml
index 7ad051ad3b..d873410da9 100644
--- a/nuclei-templates/2024/CVE-2024-2736-dd7568e4d3ea5ea32920ba4a6563336b.yaml
+++ b/nuclei-templates/2024/CVE-2024-2736-dd7568e4d3ea5ea32920ba4a6563336b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2024-2736'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2738-8536531e312b5b608fd436fcd26ad3ab.yaml b/nuclei-templates/2024/CVE-2024-2738-8536531e312b5b608fd436fcd26ad3ab.yaml
index 59560946e9..2d83a4b19a 100644
--- a/nuclei-templates/2024/CVE-2024-2738-8536531e312b5b608fd436fcd26ad3ab.yaml
+++ b/nuclei-templates/2024/CVE-2024-2738-8536531e312b5b608fd436fcd26ad3ab.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2024-2738
   metadata:
-    fofa-query: "wp-content/plugins/permalink-manager/"
-    google-query: inurl:"/wp-content/plugins/permalink-manager/"
+    fofa-query: "wp-content/plugins/permalink-manager-pro/"
+    google-query: inurl:"/wp-content/plugins/permalink-manager-pro/"
     shodan-query: 'vuln:CVE-2024-2738'
-  tags: cve,wordpress,wp-plugin,permalink-manager,medium
+  tags: cve,wordpress,wp-plugin,permalink-manager-pro,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/permalink-manager-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "permalink-manager"
+          - "permalink-manager-pro"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2024/CVE-2024-2744-13599838064c197e9952281d09390ec7.yaml b/nuclei-templates/2024/CVE-2024-2744-13599838064c197e9952281d09390ec7.yaml
index 221be1ef67..98afc0893a 100644
--- a/nuclei-templates/2024/CVE-2024-2744-13599838064c197e9952281d09390ec7.yaml
+++ b/nuclei-templates/2024/CVE-2024-2744-13599838064c197e9952281d09390ec7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nextgen Gallery <= 3.59 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NextGEN Gallery – Create an Amazing Photo Gallery in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.59 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2024-2744'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2750-dc46778586f851feacb609ba4df93bd9.yaml b/nuclei-templates/2024/CVE-2024-2750-dc46778586f851feacb609ba4df93bd9.yaml
index 7d8a1e1d55..fd2898f9c6 100644
--- a/nuclei-templates/2024/CVE-2024-2750-dc46778586f851feacb609ba4df93bd9.yaml
+++ b/nuclei-templates/2024/CVE-2024-2750-dc46778586f851feacb609ba4df93bd9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2750'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2751-b68fc6d974fd5ff5ec00e24e4a23388f.yaml b/nuclei-templates/2024/CVE-2024-2751-b68fc6d974fd5ff5ec00e24e4a23388f.yaml
index e52ac8e0bf..1851432e6c 100644
--- a/nuclei-templates/2024/CVE-2024-2751-b68fc6d974fd5ff5ec00e24e4a23388f.yaml
+++ b/nuclei-templates/2024/CVE-2024-2751-b68fc6d974fd5ff5ec00e24e4a23388f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘exad_infobox_animating_mask_style’ parameter in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2751'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2752-324d03958cfaceefa9e17d53cf4690e2.yaml b/nuclei-templates/2024/CVE-2024-2752-324d03958cfaceefa9e17d53cf4690e2.yaml
index f45c5e2d5b..279900a49d 100644
--- a/nuclei-templates/2024/CVE-2024-2752-324d03958cfaceefa9e17d53cf4690e2.yaml
+++ b/nuclei-templates/2024/CVE-2024-2752-324d03958cfaceefa9e17d53cf4690e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Where Did You Hear About Us Checkout Field for WooCommerce <= 1.3.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via order meta in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-customer-source/"
     google-query: inurl:"/wp-content/plugins/wc-customer-source/"
     shodan-query: 'vuln:CVE-2024-2752'
-  tags: cve,wordpress,wp-plugin,wc-customer-source,medium
+  tags: cve,wordpress,wp-plugin,wc-customer-source,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2761-cc71ce3f07c7a7f6d2e0e309f25463b5.yaml b/nuclei-templates/2024/CVE-2024-2761-cc71ce3f07c7a7f6d2e0e309f25463b5.yaml
index bc228d729e..3e2d3364c0 100644
--- a/nuclei-templates/2024/CVE-2024-2761-cc71ce3f07c7a7f6d2e0e309f25463b5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2761-cc71ce3f07c7a7f6d2e0e309f25463b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Genesis Blocks <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via postTitleTag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the postTitleTag in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/genesis-blocks/"
     google-query: inurl:"/wp-content/plugins/genesis-blocks/"
     shodan-query: 'vuln:CVE-2024-2761'
-  tags: cve,wordpress,wp-plugin,genesis-blocks,medium
+  tags: cve,wordpress,wp-plugin,genesis-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2765-7f5926ab268dbc1681fd3a5de983583a.yaml b/nuclei-templates/2024/CVE-2024-2765-7f5926ab268dbc1681fd3a5de983583a.yaml
index d4c22e2769..de1a695ec5 100644
--- a/nuclei-templates/2024/CVE-2024-2765-7f5926ab268dbc1681fd3a5de983583a.yaml
+++ b/nuclei-templates/2024/CVE-2024-2765-7f5926ab268dbc1681fd3a5de983583a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:CVE-2024-2765'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2781-4227a0d8303b8be51d7b7784befed50f.yaml b/nuclei-templates/2024/CVE-2024-2781-4227a0d8303b8be51d7b7784befed50f.yaml
index 09e1b222e3..850eaf2a83 100644
--- a/nuclei-templates/2024/CVE-2024-2781-4227a0d8303b8be51d7b7784befed50f.yaml
+++ b/nuclei-templates/2024/CVE-2024-2781-4227a0d8303b8be51d7b7784befed50f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2024-2781'
-  tags: cve,wordpress,wp-plugin,elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,elementor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2783-b5027c0ff3d1a1043ee2d2b4a208d677.yaml b/nuclei-templates/2024/CVE-2024-2783-b5027c0ff3d1a1043ee2d2b4a208d677.yaml
index 7ee051afe0..137d292cba 100644
--- a/nuclei-templates/2024/CVE-2024-2783-b5027c0ff3d1a1043ee2d2b4a208d677.yaml
+++ b/nuclei-templates/2024/CVE-2024-2783-b5027c0ff3d1a1043ee2d2b4a208d677.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gamipress/"
     google-query: inurl:"/wp-content/plugins/gamipress/"
     shodan-query: 'vuln:CVE-2024-2783'
-  tags: cve,wordpress,wp-plugin,gamipress,medium
+  tags: cve,wordpress,wp-plugin,gamipress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2785-cd4c918fd5ff72f1664fbf0ef99c4299.yaml b/nuclei-templates/2024/CVE-2024-2785-cd4c918fd5ff72f1664fbf0ef99c4299.yaml
index 2cc0924279..b5fb629da1 100644
--- a/nuclei-templates/2024/CVE-2024-2785-cd4c918fd5ff72f1664fbf0ef99c4299.yaml
+++ b/nuclei-templates/2024/CVE-2024-2785-cd4c918fd5ff72f1664fbf0ef99c4299.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-2785'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2786-e18fa2425147eac664779a4e7540108b.yaml b/nuclei-templates/2024/CVE-2024-2786-e18fa2425147eac664779a4e7540108b.yaml
index 1768ed85f6..2ae090c1d2 100644
--- a/nuclei-templates/2024/CVE-2024-2786-e18fa2425147eac664779a4e7540108b.yaml
+++ b/nuclei-templates/2024/CVE-2024-2786-e18fa2425147eac664779a4e7540108b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-2786'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2787-40e8b36488a6eac28e891fecfb75c2fd.yaml b/nuclei-templates/2024/CVE-2024-2787-40e8b36488a6eac28e891fecfb75c2fd.yaml
index 993362d17d..aac5e73652 100644
--- a/nuclei-templates/2024/CVE-2024-2787-40e8b36488a6eac28e891fecfb75c2fd.yaml
+++ b/nuclei-templates/2024/CVE-2024-2787-40e8b36488a6eac28e891fecfb75c2fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-2787'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2788-3ed56e73a3a43b54020334fdf48e4e7f.yaml b/nuclei-templates/2024/CVE-2024-2788-3ed56e73a3a43b54020334fdf48e4e7f.yaml
index 0b319e57a9..b7a0f2bcb8 100644
--- a/nuclei-templates/2024/CVE-2024-2788-3ed56e73a3a43b54020334fdf48e4e7f.yaml
+++ b/nuclei-templates/2024/CVE-2024-2788-3ed56e73a3a43b54020334fdf48e4e7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32698 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-2788'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2789-47a1a7c3503abffa7dc09bb7e0a3a05e.yaml b/nuclei-templates/2024/CVE-2024-2789-47a1a7c3503abffa7dc09bb7e0a3a05e.yaml
index bf81c83d25..24fce4d00b 100644
--- a/nuclei-templates/2024/CVE-2024-2789-47a1a7c3503abffa7dc09bb7e0a3a05e.yaml
+++ b/nuclei-templates/2024/CVE-2024-2789-47a1a7c3503abffa7dc09bb7e0a3a05e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-2789'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2790-8dd7019aa8a80d139d621978f8455f94.yaml b/nuclei-templates/2024/CVE-2024-2790-8dd7019aa8a80d139d621978f8455f94.yaml
index 99f9268be8..1bc84e84de 100644
--- a/nuclei-templates/2024/CVE-2024-2790-8dd7019aa8a80d139d621978f8455f94.yaml
+++ b/nuclei-templates/2024/CVE-2024-2790-8dd7019aa8a80d139d621978f8455f94.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons For Elementor <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion/FAQ
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Accordion widget in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2790'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2791-4069751e80b8d8e6ebfbb3d8b76ab1b9.yaml b/nuclei-templates/2024/CVE-2024-2791-4069751e80b8d8e6ebfbb3d8b76ab1b9.yaml
index 8a37d3385d..04389f1424 100644
--- a/nuclei-templates/2024/CVE-2024-2791-4069751e80b8d8e6ebfbb3d8b76ab1b9.yaml
+++ b/nuclei-templates/2024/CVE-2024-2791-4069751e80b8d8e6ebfbb3d8b76ab1b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2024-2791'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2792-ea8fafa1914b33a7541d6d71c9272dbd.yaml b/nuclei-templates/2024/CVE-2024-2792-ea8fafa1914b33a7541d6d71c9272dbd.yaml
index f87ee4520f..c5cc11ae5c 100644
--- a/nuclei-templates/2024/CVE-2024-2792-ea8fafa1914b33a7541d6d71c9272dbd.yaml
+++ b/nuclei-templates/2024/CVE-2024-2792-ea8fafa1914b33a7541d6d71c9272dbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Text Separator' and 'Image Compare' Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-2792'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2794-b24d1d3e12abe16b131b78c39c76f1e6.yaml b/nuclei-templates/2024/CVE-2024-2794-b24d1d3e12abe16b131b78c39c76f1e6.yaml
index faf77efc44..723d1803b3 100644
--- a/nuclei-templates/2024/CVE-2024-2794-b24d1d3e12abe16b131b78c39c76f1e6.yaml
+++ b/nuclei-templates/2024/CVE-2024-2794-b24d1d3e12abe16b131b78c39c76f1e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Block Editor Toolkit – EditorsKit <= 1.40.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32586 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/block-options/"
     google-query: inurl:"/wp-content/plugins/block-options/"
     shodan-query: 'vuln:CVE-2024-2794'
-  tags: cve,wordpress,wp-plugin,block-options,medium
+  tags: cve,wordpress,wp-plugin,block-options,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27949-56de812058629ef41442e0db5d74e172.yaml b/nuclei-templates/2024/CVE-2024-27949-56de812058629ef41442e0db5d74e172.yaml
index b95ea8b81d..467d2efaa5 100644
--- a/nuclei-templates/2024/CVE-2024-27949-56de812058629ef41442e0db5d74e172.yaml
+++ b/nuclei-templates/2024/CVE-2024-27949-56de812058629ef41442e0db5d74e172.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Optimizer, Resizer and CDN – Sirv <= 7.2.0 - Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sirv/"
     google-query: inurl:"/wp-content/plugins/sirv/"
     shodan-query: 'vuln:CVE-2024-27949'
-  tags: cve,wordpress,wp-plugin,sirv,medium
+  tags: cve,wordpress,wp-plugin,sirv,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27950-20f2364245cca99badf62beb26ca57f1.yaml b/nuclei-templates/2024/CVE-2024-27950-20f2364245cca99badf62beb26ca57f1.yaml
index 02d18856ae..f34cea1152 100644
--- a/nuclei-templates/2024/CVE-2024-27950-20f2364245cca99badf62beb26ca57f1.yaml
+++ b/nuclei-templates/2024/CVE-2024-27950-20f2364245cca99badf62beb26ca57f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Optimizer, Resizer and CDN – Sirv <= 7.2.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including 7.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sirv/"
     google-query: inurl:"/wp-content/plugins/sirv/"
     shodan-query: 'vuln:CVE-2024-27950'
-  tags: cve,wordpress,wp-plugin,sirv,medium
+  tags: cve,wordpress,wp-plugin,sirv,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27951-410043251186f9da5efcd4c944487f1e.yaml b/nuclei-templates/2024/CVE-2024-27951-410043251186f9da5efcd4c944487f1e.yaml
index 8483e599de..c086cd3163 100644
--- a/nuclei-templates/2024/CVE-2024-27951-410043251186f9da5efcd4c944487f1e.yaml
+++ b/nuclei-templates/2024/CVE-2024-27951-410043251186f9da5efcd4c944487f1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Page Generator Plugin – MPG <= 3.4.0 - Authenticated (Editor+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with editor-level access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/"
     google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/"
     shodan-query: 'vuln:CVE-2024-27951'
-  tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,high
+  tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27953-d5383d4e717242611eb588cd04425c5a.yaml b/nuclei-templates/2024/CVE-2024-27953-d5383d4e717242611eb588cd04425c5a.yaml
index 01dca32ea4..2bd8f9499d 100644
--- a/nuclei-templates/2024/CVE-2024-27953-d5383d4e717242611eb588cd04425c5a.yaml
+++ b/nuclei-templates/2024/CVE-2024-27953-d5383d4e717242611eb588cd04425c5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cryptocurrency Widgets – Price Ticker & Coins List <= 2.6.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to unauthorized access  due to an insufficient capability check on the ccpw_post_type() function in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with author-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cryptocurrency-price-ticker-widget/"
     google-query: inurl:"/wp-content/plugins/cryptocurrency-price-ticker-widget/"
     shodan-query: 'vuln:CVE-2024-27953'
-  tags: cve,wordpress,wp-plugin,cryptocurrency-price-ticker-widget,medium
+  tags: cve,wordpress,wp-plugin,cryptocurrency-price-ticker-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27955-90f8c1652860b9223ed16176900d2afd.yaml b/nuclei-templates/2024/CVE-2024-27955-90f8c1652860b9223ed16176900d2afd.yaml
index adc8e8a035..cf82ff76b2 100644
--- a/nuclei-templates/2024/CVE-2024-27955-90f8c1652860b9223ed16176900d2afd.yaml
+++ b/nuclei-templates/2024/CVE-2024-27955-90f8c1652860b9223ed16176900d2afd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Automatic <= 3.92.0 - Cross-Site Request Forgery to Privilege Escalation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Automatic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.92.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to escalate their privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-automatic/"
     google-query: inurl:"/wp-content/plugins/wp-automatic/"
     shodan-query: 'vuln:CVE-2024-27955'
-  tags: cve,wordpress,wp-plugin,wp-automatic,high
+  tags: cve,wordpress,wp-plugin,wp-automatic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27960-61d643ab5e58be99a89f898a95037035.yaml b/nuclei-templates/2024/CVE-2024-27960-61d643ab5e58be99a89f898a95037035.yaml
index 2e970577f6..ba72ca677e 100644
--- a/nuclei-templates/2024/CVE-2024-27960-61d643ab5e58be99a89f898a95037035.yaml
+++ b/nuclei-templates/2024/CVE-2024-27960-61d643ab5e58be99a89f898a95037035.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Subscription Popup <= 1.2.20 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '$email' parameter in versions up to, and including, 1.2.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribe/"
     google-query: inurl:"/wp-content/plugins/email-subscribe/"
     shodan-query: 'vuln:CVE-2024-27960'
-  tags: cve,wordpress,wp-plugin,email-subscribe,medium
+  tags: cve,wordpress,wp-plugin,email-subscribe,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27963-2b1c5b57df30a34984198b5c1016c519.yaml b/nuclei-templates/2024/CVE-2024-27963-2b1c5b57df30a34984198b5c1016c519.yaml
index 8586dc9f3d..346620f8cf 100644
--- a/nuclei-templates/2024/CVE-2024-27963-2b1c5b57df30a34984198b5c1016c519.yaml
+++ b/nuclei-templates/2024/CVE-2024-27963-2b1c5b57df30a34984198b5c1016c519.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crisp <= 0.44 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Crisp plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.44 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crisp/"
     google-query: inurl:"/wp-content/plugins/crisp/"
     shodan-query: 'vuln:CVE-2024-27963'
-  tags: cve,wordpress,wp-plugin,crisp,medium
+  tags: cve,wordpress,wp-plugin,crisp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27964-79737b0e5975df19862e5152b14611f3.yaml b/nuclei-templates/2024/CVE-2024-27964-79737b0e5975df19862e5152b14611f3.yaml
index b78c9bebc2..a047a1dd4e 100644
--- a/nuclei-templates/2024/CVE-2024-27964-79737b0e5975df19862e5152b14611f3.yaml
+++ b/nuclei-templates/2024/CVE-2024-27964-79737b0e5975df19862e5152b14611f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zippy <= 1.6.9 - Authenticated (Editor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Zippy plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ZippyCore.php file in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zippy/"
     google-query: inurl:"/wp-content/plugins/zippy/"
     shodan-query: 'vuln:CVE-2024-27964'
-  tags: cve,wordpress,wp-plugin,zippy,high
+  tags: cve,wordpress,wp-plugin,zippy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27965-6ab516426049dc622ee1b94cc628b61c.yaml b/nuclei-templates/2024/CVE-2024-27965-6ab516426049dc622ee1b94cc628b61c.yaml
index 2115ce5138..00a56b3257 100644
--- a/nuclei-templates/2024/CVE-2024-27965-6ab516426049dc622ee1b94cc628b61c.yaml
+++ b/nuclei-templates/2024/CVE-2024-27965-6ab516426049dc622ee1b94cc628b61c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPFunnels <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpfunnels/"
     google-query: inurl:"/wp-content/plugins/wpfunnels/"
     shodan-query: 'vuln:CVE-2024-27965'
-  tags: cve,wordpress,wp-plugin,wpfunnels,medium
+  tags: cve,wordpress,wp-plugin,wpfunnels,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27966-63d1e14f304a4cf01bbcbf655abc19a8.yaml b/nuclei-templates/2024/CVE-2024-27966-63d1e14f304a4cf01bbcbf655abc19a8.yaml
index 8e23888e28..a4760aa44f 100644
--- a/nuclei-templates/2024/CVE-2024-27966-63d1e14f304a4cf01bbcbf655abc19a8.yaml
+++ b/nuclei-templates/2024/CVE-2024-27966-63d1e14f304a4cf01bbcbf655abc19a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 8.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:CVE-2024-27966'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27969-d82977967e8370fff3f7aa446912e4fd.yaml b/nuclei-templates/2024/CVE-2024-27969-d82977967e8370fff3f7aa446912e4fd.yaml
index b06db66c9b..9c696b380b 100644
--- a/nuclei-templates/2024/CVE-2024-27969-d82977967e8370fff3f7aa446912e4fd.yaml
+++ b/nuclei-templates/2024/CVE-2024-27969-d82977967e8370fff3f7aa446912e4fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Free Downloads WooCommerce <= 3.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Free Downloads WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-now-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/download-now-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-27969'
-  tags: cve,wordpress,wp-plugin,download-now-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,download-now-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2797-72b3ee0aa0ee9a6370b95e5e332c6b93.yaml b/nuclei-templates/2024/CVE-2024-2797-72b3ee0aa0ee9a6370b95e5e332c6b93.yaml
index a9c6ae47e5..4c6a2bba1e 100644
--- a/nuclei-templates/2024/CVE-2024-2797-72b3ee0aa0ee9a6370b95e5e332c6b93.yaml
+++ b/nuclei-templates/2024/CVE-2024-2797-72b3ee0aa0ee9a6370b95e5e332c6b93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailerLite – Signup forms (official) <= 1.7.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to allow lower level users to modify forms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/official-mailerlite-sign-up-forms/"
     google-query: inurl:"/wp-content/plugins/official-mailerlite-sign-up-forms/"
     shodan-query: 'vuln:CVE-2024-2797'
-  tags: cve,wordpress,wp-plugin,official-mailerlite-sign-up-forms,medium
+  tags: cve,wordpress,wp-plugin,official-mailerlite-sign-up-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27970-492dc981351dd6fd004e149962bdd870.yaml b/nuclei-templates/2024/CVE-2024-27970-492dc981351dd6fd004e149962bdd870.yaml
index fdb1fa4dbd..efe65a6d2e 100644
--- a/nuclei-templates/2024/CVE-2024-27970-492dc981351dd6fd004e149962bdd870.yaml
+++ b/nuclei-templates/2024/CVE-2024-27970-492dc981351dd6fd004e149962bdd870.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SendFox <= 1.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP SendFox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the gb_sf4wp_process_sync() function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to process synchronization.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-sendfox/"
     google-query: inurl:"/wp-content/plugins/wp-sendfox/"
     shodan-query: 'vuln:CVE-2024-27970'
-  tags: cve,wordpress,wp-plugin,wp-sendfox,medium
+  tags: cve,wordpress,wp-plugin,wp-sendfox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27972-815613664281ce9641a420b93ff49909.yaml b/nuclei-templates/2024/CVE-2024-27972-815613664281ce9641a420b93ff49909.yaml
index ad5c4f9c4f..a22fe18c5f 100644
--- a/nuclei-templates/2024/CVE-2024-27972-815613664281ce9641a420b93ff49909.yaml
+++ b/nuclei-templates/2024/CVE-2024-27972-815613664281ce9641a420b93ff49909.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fusion Lite <= 3.41.24 - Authenticated (Contributor+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.41.24. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fusion-lite/"
     google-query: inurl:"/wp-content/plugins/wp-fusion-lite/"
     shodan-query: 'vuln:CVE-2024-27972'
-  tags: cve,wordpress,wp-plugin,wp-fusion-lite,high
+  tags: cve,wordpress,wp-plugin,wp-fusion-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2798-af78f3c1214fac33b65ff5feb5cc1cdc.yaml b/nuclei-templates/2024/CVE-2024-2798-af78f3c1214fac33b65ff5feb5cc1cdc.yaml
index 28518d0036..8d47459510 100644
--- a/nuclei-templates/2024/CVE-2024-2798-af78f3c1214fac33b65ff5feb5cc1cdc.yaml
+++ b/nuclei-templates/2024/CVE-2024-2798-af78f3c1214fac33b65ff5feb5cc1cdc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-2798'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27985-0e504336a10f995a3d5ffd0688becb4a.yaml b/nuclei-templates/2024/CVE-2024-27985-0e504336a10f995a3d5ffd0688becb4a.yaml
index b8f1fdc558..d2d165235e 100644
--- a/nuclei-templates/2024/CVE-2024-27985-0e504336a10f995a3d5ffd0688becb4a.yaml
+++ b/nuclei-templates/2024/CVE-2024-27985-0e504336a10f995a3d5ffd0688becb4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PropertyHive <= 2.0.9 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The PropertyHive plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.9 via deserialization of untrusted input through the 'body' parameter. This makes it possible for attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/propertyhive/"
     google-query: inurl:"/wp-content/plugins/propertyhive/"
     shodan-query: 'vuln:CVE-2024-27985'
-  tags: cve,wordpress,wp-plugin,propertyhive,high
+  tags: cve,wordpress,wp-plugin,propertyhive,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27988-c849c5ba3c9b4616d8436c9196e9a011.yaml b/nuclei-templates/2024/CVE-2024-27988-c849c5ba3c9b4616d8436c9196e9a011.yaml
index ca17badf2c..579123ff45 100644
--- a/nuclei-templates/2024/CVE-2024-27988-c849c5ba3c9b4616d8436c9196e9a011.yaml
+++ b/nuclei-templates/2024/CVE-2024-27988-c849c5ba3c9b4616d8436c9196e9a011.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WEN Responsive Columns <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WEN Responsive Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wen-responsive-columns/"
     google-query: inurl:"/wp-content/plugins/wen-responsive-columns/"
     shodan-query: 'vuln:CVE-2024-27988'
-  tags: cve,wordpress,wp-plugin,wen-responsive-columns,medium
+  tags: cve,wordpress,wp-plugin,wen-responsive-columns,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27989-950a4b8c92825a575ac3cedca47edcba.yaml b/nuclei-templates/2024/CVE-2024-27989-950a4b8c92825a575ac3cedca47edcba.yaml
index c10a421282..0add394c0d 100644
--- a/nuclei-templates/2024/CVE-2024-27989-950a4b8c92825a575ac3cedca47edcba.yaml
+++ b/nuclei-templates/2024/CVE-2024-27989-950a4b8c92825a575ac3cedca47edcba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/"
     google-query: inurl:"/wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/"
     shodan-query: 'vuln:CVE-2024-27989'
-  tags: cve,wordpress,wp-plugin,responsive-horizontal-vertical-and-accordion-tabs,medium
+  tags: cve,wordpress,wp-plugin,responsive-horizontal-vertical-and-accordion-tabs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2799-234019268f52489cd57bd03c8706abb6.yaml b/nuclei-templates/2024/CVE-2024-2799-234019268f52489cd57bd03c8706abb6.yaml
index 046337f8a1..2f60ba2f8a 100644
--- a/nuclei-templates/2024/CVE-2024-2799-234019268f52489cd57bd03c8706abb6.yaml
+++ b/nuclei-templates/2024/CVE-2024-2799-234019268f52489cd57bd03c8706abb6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-2799'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27990-fb202acb909978e8641eabe44749f8ea.yaml b/nuclei-templates/2024/CVE-2024-27990-fb202acb909978e8641eabe44749f8ea.yaml
index ba89ad187b..3c0cdc8c7a 100644
--- a/nuclei-templates/2024/CVE-2024-27990-fb202acb909978e8641eabe44749f8ea.yaml
+++ b/nuclei-templates/2024/CVE-2024-27990-fb202acb909978e8641eabe44749f8ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Moneytizer <= 9.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Moneytizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.5.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-moneytizer/"
     google-query: inurl:"/wp-content/plugins/the-moneytizer/"
     shodan-query: 'vuln:CVE-2024-27990'
-  tags: cve,wordpress,wp-plugin,the-moneytizer,medium
+  tags: cve,wordpress,wp-plugin,the-moneytizer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27991-1e4fd26a738e660824e15332d3d7697a.yaml b/nuclei-templates/2024/CVE-2024-27991-1e4fd26a738e660824e15332d3d7697a.yaml
index 66d3bde5b9..62b25050c8 100644
--- a/nuclei-templates/2024/CVE-2024-27991-1e4fd26a738e660824e15332d3d7697a.yaml
+++ b/nuclei-templates/2024/CVE-2024-27991-1e4fd26a738e660824e15332d3d7697a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SupportCandy <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SupportCandy plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportcandy/"
     google-query: inurl:"/wp-content/plugins/supportcandy/"
     shodan-query: 'vuln:CVE-2024-27991'
-  tags: cve,wordpress,wp-plugin,supportcandy,medium
+  tags: cve,wordpress,wp-plugin,supportcandy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27993-be21de51738bde44b4ff85eb79707aec.yaml b/nuclei-templates/2024/CVE-2024-27993-be21de51738bde44b4ff85eb79707aec.yaml
index 5631d90410..8ea4e9d429 100644
--- a/nuclei-templates/2024/CVE-2024-27993-be21de51738bde44b4ff85eb79707aec.yaml
+++ b/nuclei-templates/2024/CVE-2024-27993-be21de51738bde44b4ff85eb79707aec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calendarista Basic Edition <= 3.0.2 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Calendarista Basic Edition plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calendarista-basic-edition/"
     google-query: inurl:"/wp-content/plugins/calendarista-basic-edition/"
     shodan-query: 'vuln:CVE-2024-27993'
-  tags: cve,wordpress,wp-plugin,calendarista-basic-edition,medium
+  tags: cve,wordpress,wp-plugin,calendarista-basic-edition,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27994-27280f97d7c2f094c66e491abb0e38cf.yaml b/nuclei-templates/2024/CVE-2024-27994-27280f97d7c2f094c66e491abb0e38cf.yaml
index 8e9c6aa053..8a37ead36e 100644
--- a/nuclei-templates/2024/CVE-2024-27994-27280f97d7c2f094c66e491abb0e38cf.yaml
+++ b/nuclei-templates/2024/CVE-2024-27994-27280f97d7c2f094c66e491abb0e38cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH WooCommerce Product Add-Ons <= 4.5.0 - Unuathenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-woocommerce-product-add-ons/"
     google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-add-ons/"
     shodan-query: 'vuln:CVE-2024-27994'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,medium
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27995-77d3a7baf2067b9573aef8e72c5d2033.yaml b/nuclei-templates/2024/CVE-2024-27995-77d3a7baf2067b9573aef8e72c5d2033.yaml
index 0fe456f3f2..4161e35c7b 100644
--- a/nuclei-templates/2024/CVE-2024-27995-77d3a7baf2067b9573aef8e72c5d2033.yaml
+++ b/nuclei-templates/2024/CVE-2024-27995-77d3a7baf2067b9573aef8e72c5d2033.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARMember <= 4.0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/armember-membership/"
     google-query: inurl:"/wp-content/plugins/armember-membership/"
     shodan-query: 'vuln:CVE-2024-27995'
-  tags: cve,wordpress,wp-plugin,armember-membership,medium
+  tags: cve,wordpress,wp-plugin,armember-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27996-643403eb7ff5706c9caf1f0a5a756401.yaml b/nuclei-templates/2024/CVE-2024-27996-643403eb7ff5706c9caf1f0a5a756401.yaml
index 34b7b3c3d6..47d917d081 100644
--- a/nuclei-templates/2024/CVE-2024-27996-643403eb7ff5706c9caf1f0a5a756401.yaml
+++ b/nuclei-templates/2024/CVE-2024-27996-643403eb7ff5706c9caf1f0a5a756401.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Survey Maker <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Survey Maker – Best WordPress Survey Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/survey-maker/"
     google-query: inurl:"/wp-content/plugins/survey-maker/"
     shodan-query: 'vuln:CVE-2024-27996'
-  tags: cve,wordpress,wp-plugin,survey-maker,medium
+  tags: cve,wordpress,wp-plugin,survey-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-27997-f7c4402196deebd8e7afa93ed50fb9fe.yaml b/nuclei-templates/2024/CVE-2024-27997-f7c4402196deebd8e7afa93ed50fb9fe.yaml
index e1e9f8c195..611330bde9 100644
--- a/nuclei-templates/2024/CVE-2024-27997-f7c4402196deebd8e7afa93ed50fb9fe.yaml
+++ b/nuclei-templates/2024/CVE-2024-27997-f7c4402196deebd8e7afa93ed50fb9fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Composer Website Builder <= 45.6.0 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 45.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visualcomposer/"
     google-query: inurl:"/wp-content/plugins/visualcomposer/"
     shodan-query: 'vuln:CVE-2024-27997'
-  tags: cve,wordpress,wp-plugin,visualcomposer,medium
+  tags: cve,wordpress,wp-plugin,visualcomposer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-28003-fc3a86631dfc485c0a87a802663d412e.yaml b/nuclei-templates/2024/CVE-2024-28003-fc3a86631dfc485c0a87a802663d412e.yaml
index d12954f4c8..ce36a5f9f6 100644
--- a/nuclei-templates/2024/CVE-2024-28003-fc3a86631dfc485c0a87a802663d412e.yaml
+++ b/nuclei-templates/2024/CVE-2024-28003-fc3a86631dfc485c0a87a802663d412e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Max Mega Menu <= 3.3. - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Max Mega Menu plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sandbox() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger the sandbox.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/megamenu/"
     google-query: inurl:"/wp-content/plugins/megamenu/"
     shodan-query: 'vuln:CVE-2024-28003'
-  tags: cve,wordpress,wp-plugin,megamenu,medium
+  tags: cve,wordpress,wp-plugin,megamenu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-28004-21f9461e5270818af4357d314ab90f57.yaml b/nuclei-templates/2024/CVE-2024-28004-21f9461e5270818af4357d314ab90f57.yaml
index 078869349c..9720ff3235 100644
--- a/nuclei-templates/2024/CVE-2024-28004-21f9461e5270818af4357d314ab90f57.yaml
+++ b/nuclei-templates/2024/CVE-2024-28004-21f9461e5270818af4357d314ab90f57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Colibri Page Builder <= 1.0.248 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_colibri_page_builder_wpmu_setting AJAX action in all versions up to, and including, 1.0.248. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/colibri-page-builder/"
     google-query: inurl:"/wp-content/plugins/colibri-page-builder/"
     shodan-query: 'vuln:CVE-2024-28004'
-  tags: cve,wordpress,wp-plugin,colibri-page-builder,medium
+  tags: cve,wordpress,wp-plugin,colibri-page-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2801-248ab13a1cecf5e500d9ad5e3403c1b5.yaml b/nuclei-templates/2024/CVE-2024-2801-248ab13a1cecf5e500d9ad5e3403c1b5.yaml
index e3305adc65..5e81a3ecc9 100644
--- a/nuclei-templates/2024/CVE-2024-2801-248ab13a1cecf5e500d9ad5e3403c1b5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2801-248ab13a1cecf5e500d9ad5e3403c1b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shopkeeper Extender <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shopkeeper-extender/"
     google-query: inurl:"/wp-content/plugins/shopkeeper-extender/"
     shodan-query: 'vuln:CVE-2024-2801'
-  tags: cve,wordpress,wp-plugin,shopkeeper-extender,medium
+  tags: cve,wordpress,wp-plugin,shopkeeper-extender,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2803-8951eb99c398a311cfe985bad4ff4e0c.yaml b/nuclei-templates/2024/CVE-2024-2803-8951eb99c398a311cfe985bad4ff4e0c.yaml
index ecf7e748b6..49b9c3a789 100644
--- a/nuclei-templates/2024/CVE-2024-2803-8951eb99c398a311cfe985bad4ff4e0c.yaml
+++ b/nuclei-templates/2024/CVE-2024-2803-8951eb99c398a311cfe985bad4ff4e0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit-lite/"
     google-query: inurl:"/wp-content/plugins/elementskit-lite/"
     shodan-query: 'vuln:CVE-2024-2803'
-  tags: cve,wordpress,wp-plugin,elementskit-lite,medium
+  tags: cve,wordpress,wp-plugin,elementskit-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2830-f897c75665f54f7b712469c3a1014b0b.yaml b/nuclei-templates/2024/CVE-2024-2830-f897c75665f54f7b712469c3a1014b0b.yaml
index c9b10aacd3..7a3743d7af 100644
--- a/nuclei-templates/2024/CVE-2024-2830-f897c75665f54f7b712469c3a1014b0b.yaml
+++ b/nuclei-templates/2024/CVE-2024-2830-f897c75665f54f7b712469c3a1014b0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Tag and Category Manager – AI Autotagger <= 3.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-tags/"
     google-query: inurl:"/wp-content/plugins/simple-tags/"
     shodan-query: 'vuln:CVE-2024-2830'
-  tags: cve,wordpress,wp-plugin,simple-tags,medium
+  tags: cve,wordpress,wp-plugin,simple-tags,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2831-2ac1b11dfdd4d8aec9aef19739eee675.yaml b/nuclei-templates/2024/CVE-2024-2831-2ac1b11dfdd4d8aec9aef19739eee675.yaml
index 47815cd8e5..7b39b07d3a 100644
--- a/nuclei-templates/2024/CVE-2024-2831-2ac1b11dfdd4d8aec9aef19739eee675.yaml
+++ b/nuclei-templates/2024/CVE-2024-2831-2ac1b11dfdd4d8aec9aef19739eee675.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calendar/"
     google-query: inurl:"/wp-content/plugins/calendar/"
     shodan-query: 'vuln:CVE-2024-2831'
-  tags: cve,wordpress,wp-plugin,calendar,high
+  tags: cve,wordpress,wp-plugin,calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2836-46d7cdc90f6e4788d19f634ed2b57174.yaml b/nuclei-templates/2024/CVE-2024-2836-46d7cdc90f6e4788d19f634ed2b57174.yaml
index 772870d6fa..172a195025 100644
--- a/nuclei-templates/2024/CVE-2024-2836-46d7cdc90f6e4788d19f634ed2b57174.yaml
+++ b/nuclei-templates/2024/CVE-2024-2836-46d7cdc90f6e4788d19f634ed2b57174.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.63 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.13.63 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-socializer/"
     google-query: inurl:"/wp-content/plugins/super-socializer/"
     shodan-query: 'vuln:CVE-2024-2836'
-  tags: cve,wordpress,wp-plugin,super-socializer,medium
+  tags: cve,wordpress,wp-plugin,super-socializer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2837-45fa634ab986eb98d5523af1f02322fd.yaml b/nuclei-templates/2024/CVE-2024-2837-45fa634ab986eb98d5523af1f02322fd.yaml
index 7effa7cc6a..3a92db397d 100644
--- a/nuclei-templates/2024/CVE-2024-2837-45fa634ab986eb98d5523af1f02322fd.yaml
+++ b/nuclei-templates/2024/CVE-2024-2837-45fa634ab986eb98d5523af1f02322fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Chat App <= 3.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-whatsapp/"
     google-query: inurl:"/wp-content/plugins/wp-whatsapp/"
     shodan-query: 'vuln:CVE-2024-2837'
-  tags: cve,wordpress,wp-plugin,wp-whatsapp,medium
+  tags: cve,wordpress,wp-plugin,wp-whatsapp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2838-7d701d3a30fca3143559ca73fdb370ec.yaml b/nuclei-templates/2024/CVE-2024-2838-7d701d3a30fca3143559ca73fdb370ec.yaml
index 77b29464b8..38a77da286 100644
--- a/nuclei-templates/2024/CVE-2024-2838-7d701d3a30fca3143559ca73fdb370ec.yaml
+++ b/nuclei-templates/2024/CVE-2024-2838-7d701d3a30fca3143559ca73fdb370ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpc-composite-products/"
     google-query: inurl:"/wp-content/plugins/wpc-composite-products/"
     shodan-query: 'vuln:CVE-2024-2838'
-  tags: cve,wordpress,wp-plugin,wpc-composite-products,medium
+  tags: cve,wordpress,wp-plugin,wpc-composite-products,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2839-3bb3b1b877c8539475d5edd92db3636e.yaml b/nuclei-templates/2024/CVE-2024-2839-3bb3b1b877c8539475d5edd92db3636e.yaml
index 2ad72b5adc..9a847c7799 100644
--- a/nuclei-templates/2024/CVE-2024-2839-3bb3b1b877c8539475d5edd92db3636e.yaml
+++ b/nuclei-templates/2024/CVE-2024-2839-3bb3b1b877c8539475d5edd92db3636e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'heading_type'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/colibri-page-builder/"
     google-query: inurl:"/wp-content/plugins/colibri-page-builder/"
     shodan-query: 'vuln:CVE-2024-2839'
-  tags: cve,wordpress,wp-plugin,colibri-page-builder,medium
+  tags: cve,wordpress,wp-plugin,colibri-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2840-6039d2569df090d7d3093a78e0441287.yaml b/nuclei-templates/2024/CVE-2024-2840-6039d2569df090d7d3093a78e0441287.yaml
index 67711cf67b..17db1d1698 100644
--- a/nuclei-templates/2024/CVE-2024-2840-6039d2569df090d7d3093a78e0441287.yaml
+++ b/nuclei-templates/2024/CVE-2024-2840-6039d2569df090d7d3093a78e0441287.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enhanced Media Library <= 2.8.9 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload functionality in all versions up to, and including, 2.8.9 due to the plugin allowing 'dfxp' files to be uploaded. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-media-library/"
     google-query: inurl:"/wp-content/plugins/enhanced-media-library/"
     shodan-query: 'vuln:CVE-2024-2840'
-  tags: cve,wordpress,wp-plugin,enhanced-media-library,medium
+  tags: cve,wordpress,wp-plugin,enhanced-media-library,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2841-46f9477f32da89d305905e8493b5f75e.yaml b/nuclei-templates/2024/CVE-2024-2841-46f9477f32da89d305905e8493b5f75e.yaml
index 3ff4930cfe..ec26838eb3 100644
--- a/nuclei-templates/2024/CVE-2024-2841-46f9477f32da89d305905e8493b5f75e.yaml
+++ b/nuclei-templates/2024/CVE-2024-2841-46f9477f32da89d305905e8493b5f75e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/otter-blocks/"
     google-query: inurl:"/wp-content/plugins/otter-blocks/"
     shodan-query: 'vuln:CVE-2024-2841'
-  tags: cve,wordpress,wp-plugin,otter-blocks,medium
+  tags: cve,wordpress,wp-plugin,otter-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2842-b4ee9cff24049609b5e28a42cf47dee5.yaml b/nuclei-templates/2024/CVE-2024-2842-b4ee9cff24049609b5e28a42cf47dee5.yaml
index feb500469f..ed4d05f082 100644
--- a/nuclei-templates/2024/CVE-2024-2842-b4ee9cff24049609b5e28a42cf47dee5.yaml
+++ b/nuclei-templates/2024/CVE-2024-2842-b4ee9cff24049609b5e28a42cf47dee5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Appointments <= 3.11.18 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-appointments/"
     google-query: inurl:"/wp-content/plugins/easy-appointments/"
     shodan-query: 'vuln:CVE-2024-2842'
-  tags: cve,wordpress,wp-plugin,easy-appointments,medium
+  tags: cve,wordpress,wp-plugin,easy-appointments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2845-757fc98134d873ee7c2bce4cfa1cf695.yaml b/nuclei-templates/2024/CVE-2024-2845-757fc98134d873ee7c2bce4cfa1cf695.yaml
index 09f8621404..d2173653a5 100644
--- a/nuclei-templates/2024/CVE-2024-2845-757fc98134d873ee7c2bce4cfa1cf695.yaml
+++ b/nuclei-templates/2024/CVE-2024-2845-757fc98134d873ee7c2bce4cfa1cf695.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/betterdocs/"
     google-query: inurl:"/wp-content/plugins/betterdocs/"
     shodan-query: 'vuln:CVE-2024-2845'
-  tags: cve,wordpress,wp-plugin,betterdocs,medium
+  tags: cve,wordpress,wp-plugin,betterdocs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2846-364c4ddc9c54073c09edf9a8678d0eaa.yaml b/nuclei-templates/2024/CVE-2024-2846-364c4ddc9c54073c09edf9a8678d0eaa.yaml
index 9da00abe9c..7dc22ec48f 100644
--- a/nuclei-templates/2024/CVE-2024-2846-364c4ddc9c54073c09edf9a8678d0eaa.yaml
+++ b/nuclei-templates/2024/CVE-2024-2846-364c4ddc9c54073c09edf9a8678d0eaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visual-footer-credit-remover/"
     google-query: inurl:"/wp-content/plugins/visual-footer-credit-remover/"
     shodan-query: 'vuln:CVE-2024-2846'
-  tags: cve,wordpress,wp-plugin,visual-footer-credit-remover,medium
+  tags: cve,wordpress,wp-plugin,visual-footer-credit-remover,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2847-8e67911649c9d62ea26bf9814db29d96.yaml b/nuclei-templates/2024/CVE-2024-2847-8e67911649c9d62ea26bf9814db29d96.yaml
index 02746e80c1..cc8f6866ab 100644
--- a/nuclei-templates/2024/CVE-2024-2847-8e67911649c9d62ea26bf9814db29d96.yaml
+++ b/nuclei-templates/2024/CVE-2024-2847-8e67911649c9d62ea26bf9814db29d96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-upload/"
     google-query: inurl:"/wp-content/plugins/wp-file-upload/"
     shodan-query: 'vuln:CVE-2024-2847'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,medium
+  tags: cve,wordpress,wp-plugin,wp-file-upload,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2864-deb298ce4863a239756c2bf229347f46.yaml b/nuclei-templates/2024/CVE-2024-2864-deb298ce4863a239756c2bf229347f46.yaml
index 8532383852..c1ebc96218 100644
--- a/nuclei-templates/2024/CVE-2024-2864-deb298ce4863a239756c2bf229347f46.yaml
+++ b/nuclei-templates/2024/CVE-2024-2864-deb298ce4863a239756c2bf229347f46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Buddypress Moderation <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Buddypress Moderation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/youzify-moderation/"
     google-query: inurl:"/wp-content/plugins/youzify-moderation/"
     shodan-query: 'vuln:CVE-2024-2864'
-  tags: cve,wordpress,wp-plugin,youzify-moderation,medium
+  tags: cve,wordpress,wp-plugin,youzify-moderation,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2867-77904fe78351f83bbdf488cb644ca3d1.yaml b/nuclei-templates/2024/CVE-2024-2867-77904fe78351f83bbdf488cb644ca3d1.yaml
index 859b9ea76c..b9e3406c30 100644
--- a/nuclei-templates/2024/CVE-2024-2867-77904fe78351f83bbdf488cb644ca3d1.yaml
+++ b/nuclei-templates/2024/CVE-2024-2867-77904fe78351f83bbdf488cb644ca3d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2024-2867'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2868-00621ef6c76184f88ccca1414d74fac7.yaml b/nuclei-templates/2024/CVE-2024-2868-00621ef6c76184f88ccca1414d74fac7.yaml
index 1843bbb635..4fd6c59ada 100644
--- a/nuclei-templates/2024/CVE-2024-2868-00621ef6c76184f88ccca1414d74fac7.yaml
+++ b/nuclei-templates/2024/CVE-2024-2868-00621ef6c76184f88ccca1414d74fac7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woolentor-addons/"
     google-query: inurl:"/wp-content/plugins/woolentor-addons/"
     shodan-query: 'vuln:CVE-2024-2868'
-  tags: cve,wordpress,wp-plugin,woolentor-addons,medium
+  tags: cve,wordpress,wp-plugin,woolentor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2871-eb721251db16f750bb7b6d9b4bcc4dbd.yaml b/nuclei-templates/2024/CVE-2024-2871-eb721251db16f750bb7b6d9b4bcc4dbd.yaml
index b749a34821..0851a050dc 100644
--- a/nuclei-templates/2024/CVE-2024-2871-eb721251db16f750bb7b6d9b4bcc4dbd.yaml
+++ b/nuclei-templates/2024/CVE-2024-2871-eb721251db16f750bb7b6d9b4bcc4dbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Assistant <= 3.13 - Authenticated (Contributor+) SQL Injection via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-assistant/"
     google-query: inurl:"/wp-content/plugins/media-library-assistant/"
     shodan-query: 'vuln:CVE-2024-2871'
-  tags: cve,wordpress,wp-plugin,media-library-assistant,medium
+  tags: cve,wordpress,wp-plugin,media-library-assistant,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-28850-ab25c765042411f076e2c34c06b3fa2a.yaml b/nuclei-templates/2024/CVE-2024-28850-ab25c765042411f076e2c34c06b3fa2a.yaml
index 823d0076e3..852fee3bb6 100644
--- a/nuclei-templates/2024/CVE-2024-28850-ab25c765042411f076e2c34c06b3fa2a.yaml
+++ b/nuclei-templates/2024/CVE-2024-28850-ab25c765042411f076e2c34c06b3fa2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Crontrol <= 1.16.1 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Crontrol plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.1 when another vulnerability is present on the site that allows access to editing the database. This makes it possible for attackers to execute code on the server. Please see the advisory in references for more in depth details.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-crontrol/"
     google-query: inurl:"/wp-content/plugins/wp-crontrol/"
     shodan-query: 'vuln:CVE-2024-28850'
-  tags: cve,wordpress,wp-plugin,wp-crontrol,high
+  tags: cve,wordpress,wp-plugin,wp-crontrol,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2888-55e2a4b9a97cda212301452238552f00.yaml b/nuclei-templates/2024/CVE-2024-2888-55e2a4b9a97cda212301452238552f00.yaml
index 1e356f6807..fa02d7ae13 100644
--- a/nuclei-templates/2024/CVE-2024-2888-55e2a4b9a97cda212301452238552f00.yaml
+++ b/nuclei-templates/2024/CVE-2024-2888-55e2a4b9a97cda212301452238552f00.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Block HTML in all versions up to, and including, 1.26.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-and-page-builder/"
     google-query: inurl:"/wp-content/plugins/post-and-page-builder/"
     shodan-query: 'vuln:CVE-2024-2888'
-  tags: cve,wordpress,wp-plugin,post-and-page-builder,medium
+  tags: cve,wordpress,wp-plugin,post-and-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2889-fbce84a8ee57be3789217c9b7a75a712.yaml b/nuclei-templates/2024/CVE-2024-2889-fbce84a8ee57be3789217c9b7a75a712.yaml
index 2aaa14484e..629fcdd775 100644
--- a/nuclei-templates/2024/CVE-2024-2889-fbce84a8ee57be3789217c9b7a75a712.yaml
+++ b/nuclei-templates/2024/CVE-2024-2889-fbce84a8ee57be3789217c9b7a75a712.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Lister Lite for Amazon <= 2.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-lister-for-amazon/"
     google-query: inurl:"/wp-content/plugins/wp-lister-for-amazon/"
     shodan-query: 'vuln:CVE-2024-2889'
-  tags: cve,wordpress,wp-plugin,wp-lister-for-amazon,medium
+  tags: cve,wordpress,wp-plugin,wp-lister-for-amazon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2890-6b17719b7745b3293d6a68a531034051.yaml b/nuclei-templates/2024/CVE-2024-2890-6b17719b7745b3293d6a68a531034051.yaml
index 53203887d0..cc577268f3 100644
--- a/nuclei-templates/2024/CVE-2024-2890-6b17719b7745b3293d6a68a531034051.yaml
+++ b/nuclei-templates/2024/CVE-2024-2890-6b17719b7745b3293d6a68a531034051.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tumult Hype Animations <= 1.9.12 - Authenticated (Author+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the hypeanimations_panel_upload() functionin all versions up to, and including, 1.9.12. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tumult-hype-animations/"
     google-query: inurl:"/wp-content/plugins/tumult-hype-animations/"
     shodan-query: 'vuln:CVE-2024-2890'
-  tags: cve,wordpress,wp-plugin,tumult-hype-animations,high
+  tags: cve,wordpress,wp-plugin,tumult-hype-animations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2906-74ed56a742e6bfe4ae7f688057f0e58c.yaml b/nuclei-templates/2024/CVE-2024-2906-74ed56a742e6bfe4ae7f688057f0e58c.yaml
index ac545cc946..59244c9632 100644
--- a/nuclei-templates/2024/CVE-2024-2906-74ed56a742e6bfe4ae7f688057f0e58c.yaml
+++ b/nuclei-templates/2024/CVE-2024-2906-74ed56a742e6bfe4ae7f688057f0e58c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Radio Player <= 2.0.73 - Missing Authorization via get_players
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Radio Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_players' function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to  retrieve a list of radio players.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/radio-player/"
     google-query: inurl:"/wp-content/plugins/radio-player/"
     shodan-query: 'vuln:CVE-2024-2906'
-  tags: cve,wordpress,wp-plugin,radio-player,medium
+  tags: cve,wordpress,wp-plugin,radio-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2907-0fe1889336697580123eb1971e124832.yaml b/nuclei-templates/2024/CVE-2024-2907-0fe1889336697580123eb1971e124832.yaml
index 85a3ba9cd9..728746a159 100644
--- a/nuclei-templates/2024/CVE-2024-2907-0fe1889336697580123eb1971e124832.yaml
+++ b/nuclei-templates/2024/CVE-2024-2907-0fe1889336697580123eb1971e124832.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AGCA – Custom Dashboard & Login Page <= 7.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AGCA – Custom Dashboard & Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ag-custom-admin/"
     google-query: inurl:"/wp-content/plugins/ag-custom-admin/"
     shodan-query: 'vuln:CVE-2024-2907'
-  tags: cve,wordpress,wp-plugin,ag-custom-admin,medium
+  tags: cve,wordpress,wp-plugin,ag-custom-admin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2908-62601b5430c03a6d792da3905efea1b8.yaml b/nuclei-templates/2024/CVE-2024-2908-62601b5430c03a6d792da3905efea1b8.yaml
index 90c7132ca0..a3dacf4d7c 100644
--- a/nuclei-templates/2024/CVE-2024-2908-62601b5430c03a6d792da3905efea1b8.yaml
+++ b/nuclei-templates/2024/CVE-2024-2908-62601b5430c03a6d792da3905efea1b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Call Now Button <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Call Now Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/UNKNOWN-CVE-2024-2908-1/"
     google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2024-2908-1/"
     shodan-query: 'vuln:CVE-2024-2908'
-  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2024-2908-1,medium
+  tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2024-2908-1,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29089-414dd30601a3a8e396da28322c360c9c.yaml b/nuclei-templates/2024/CVE-2024-29089-414dd30601a3a8e396da28322c360c9c.yaml
index 74b5c70e93..a8f65d8d3f 100644
--- a/nuclei-templates/2024/CVE-2024-29089-414dd30601a3a8e396da28322c360c9c.yaml
+++ b/nuclei-templates/2024/CVE-2024-29089-414dd30601a3a8e396da28322c360c9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Five Star Restaurant Menu <= 2.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Five Star Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/food-and-drink-menu/"
     google-query: inurl:"/wp-content/plugins/food-and-drink-menu/"
     shodan-query: 'vuln:CVE-2024-29089'
-  tags: cve,wordpress,wp-plugin,food-and-drink-menu,medium
+  tags: cve,wordpress,wp-plugin,food-and-drink-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29090-f6ef0668f114bdc3d35c493842c984d6.yaml b/nuclei-templates/2024/CVE-2024-29090-f6ef0668f114bdc3d35c493842c984d6.yaml
index 33a21e7295..99af234bdd 100644
--- a/nuclei-templates/2024/CVE-2024-29090-f6ef0668f114bdc3d35c493842c984d6.yaml
+++ b/nuclei-templates/2024/CVE-2024-29090-f6ef0668f114bdc3d35c493842c984d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI Engine <= 2.1.4 - Authenticated (Editor+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.1.4 via the download_image function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ai-engine/"
     google-query: inurl:"/wp-content/plugins/ai-engine/"
     shodan-query: 'vuln:CVE-2024-29090'
-  tags: cve,wordpress,wp-plugin,ai-engine,medium
+  tags: cve,wordpress,wp-plugin,ai-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29095-c2ad47353175f44f004de63cfd387b37.yaml b/nuclei-templates/2024/CVE-2024-29095-c2ad47353175f44f004de63cfd387b37.yaml
index 34a7cd4d65..ac82ad4c00 100644
--- a/nuclei-templates/2024/CVE-2024-29095-c2ad47353175f44f004de63cfd387b37.yaml
+++ b/nuclei-templates/2024/CVE-2024-29095-c2ad47353175f44f004de63cfd387b37.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Site Reviews <= 6.11.6 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.11.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/site-reviews/"
     google-query: inurl:"/wp-content/plugins/site-reviews/"
     shodan-query: 'vuln:CVE-2024-29095'
-  tags: cve,wordpress,wp-plugin,site-reviews,medium
+  tags: cve,wordpress,wp-plugin,site-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29096-df39b25c059b85a56edd3d99d606296d.yaml b/nuclei-templates/2024/CVE-2024-29096-df39b25c059b85a56edd3d99d606296d.yaml
index 195719ec31..836febf95e 100644
--- a/nuclei-templates/2024/CVE-2024-29096-df39b25c059b85a56edd3d99d606296d.yaml
+++ b/nuclei-templates/2024/CVE-2024-29096-df39b25c059b85a56edd3d99d606296d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MJM Clinic <= 1.1.22 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MJM Clinic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mjm-clinic/"
     google-query: inurl:"/wp-content/plugins/mjm-clinic/"
     shodan-query: 'vuln:CVE-2024-29096'
-  tags: cve,wordpress,wp-plugin,mjm-clinic,medium
+  tags: cve,wordpress,wp-plugin,mjm-clinic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29097-103b877d6c6654d012dcfb8c68378ae3.yaml b/nuclei-templates/2024/CVE-2024-29097-103b877d6c6654d012dcfb8c68378ae3.yaml
index 053a3aa91b..d1f776fe6a 100644
--- a/nuclei-templates/2024/CVE-2024-29097-103b877d6c6654d012dcfb8c68378ae3.yaml
+++ b/nuclei-templates/2024/CVE-2024-29097-103b877d6c6654d012dcfb8c68378ae3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User profile <= 2.0.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The User profile plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-profile/"
     google-query: inurl:"/wp-content/plugins/user-profile/"
     shodan-query: 'vuln:CVE-2024-29097'
-  tags: cve,wordpress,wp-plugin,user-profile,medium
+  tags: cve,wordpress,wp-plugin,user-profile,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29098-d827c61ecd6e1b49bd9f088b6451ceb2.yaml b/nuclei-templates/2024/CVE-2024-29098-d827c61ecd6e1b49bd9f088b6451ceb2.yaml
index 61a0b9e644..aebe205cad 100644
--- a/nuclei-templates/2024/CVE-2024-29098-d827c61ecd6e1b49bd9f088b6451ceb2.yaml
+++ b/nuclei-templates/2024/CVE-2024-29098-d827c61ecd6e1b49bd9f088b6451ceb2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Calameo <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Calameo plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-calameo/"
     google-query: inurl:"/wp-content/plugins/wp-calameo/"
     shodan-query: 'vuln:CVE-2024-29098'
-  tags: cve,wordpress,wp-plugin,wp-calameo,medium
+  tags: cve,wordpress,wp-plugin,wp-calameo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29103-406a8beae5e2073e89eddace606a906a.yaml b/nuclei-templates/2024/CVE-2024-29103-406a8beae5e2073e89eddace606a906a.yaml
index 81f1747622..0407db38c8 100644
--- a/nuclei-templates/2024/CVE-2024-29103-406a8beae5e2073e89eddace606a906a.yaml
+++ b/nuclei-templates/2024/CVE-2024-29103-406a8beae5e2073e89eddace606a906a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Database for Contact Form 7 <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Database for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-database/"
     google-query: inurl:"/wp-content/plugins/cf7-database/"
     shodan-query: 'vuln:CVE-2024-29103'
-  tags: cve,wordpress,wp-plugin,cf7-database,medium
+  tags: cve,wordpress,wp-plugin,cf7-database,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29104-64923c9a5ffa9c7e5e2ff84955e346c3.yaml b/nuclei-templates/2024/CVE-2024-29104-64923c9a5ffa9c7e5e2ff84955e346c3.yaml
index aaf55960d2..985823206d 100644
--- a/nuclei-templates/2024/CVE-2024-29104-64923c9a5ffa9c7e5e2ff84955e346c3.yaml
+++ b/nuclei-templates/2024/CVE-2024-29104-64923c9a5ffa9c7e5e2ff84955e346c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ticket Tailor <= 1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ticket Tailor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ticket-tailor/"
     google-query: inurl:"/wp-content/plugins/ticket-tailor/"
     shodan-query: 'vuln:CVE-2024-29104'
-  tags: cve,wordpress,wp-plugin,ticket-tailor,medium
+  tags: cve,wordpress,wp-plugin,ticket-tailor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29105-2aa273895136d445a6cf0ea6a1d06c8e.yaml b/nuclei-templates/2024/CVE-2024-29105-2aa273895136d445a6cf0ea6a1d06c8e.yaml
index 8f64d0f62e..b21a6a9ae9 100644
--- a/nuclei-templates/2024/CVE-2024-29105-2aa273895136d445a6cf0ea6a1d06c8e.yaml
+++ b/nuclei-templates/2024/CVE-2024-29105-2aa273895136d445a6cf0ea6a1d06c8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Popups <= 2.1.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-popups-lite/"
     google-query: inurl:"/wp-content/plugins/wp-popups-lite/"
     shodan-query: 'vuln:CVE-2024-29105'
-  tags: cve,wordpress,wp-plugin,wp-popups-lite,medium
+  tags: cve,wordpress,wp-plugin,wp-popups-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29107-19c52dd7e875a0e50693de27a767788f.yaml b/nuclei-templates/2024/CVE-2024-29107-19c52dd7e875a0e50693de27a767788f.yaml
index f467960dd4..4085550113 100644
--- a/nuclei-templates/2024/CVE-2024-29107-19c52dd7e875a0e50693de27a767788f.yaml
+++ b/nuclei-templates/2024/CVE-2024-29107-19c52dd7e875a0e50693de27a767788f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-wts-url' value in versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-29107'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29111-d10ca8810c9a238a95e8c428f2cea03d.yaml b/nuclei-templates/2024/CVE-2024-29111-d10ca8810c9a238a95e8c428f2cea03d.yaml
index 3eb81c09bb..0c0db5c3ec 100644
--- a/nuclei-templates/2024/CVE-2024-29111-d10ca8810c9a238a95e8c428f2cea03d.yaml
+++ b/nuclei-templates/2024/CVE-2024-29111-d10ca8810c9a238a95e8c428f2cea03d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sitekit <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sitekit/"
     google-query: inurl:"/wp-content/plugins/sitekit/"
     shodan-query: 'vuln:CVE-2024-29111'
-  tags: cve,wordpress,wp-plugin,sitekit,medium
+  tags: cve,wordpress,wp-plugin,sitekit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29112-ac3cdb02dfa19f5b0080855ac08f88be.yaml b/nuclei-templates/2024/CVE-2024-29112-ac3cdb02dfa19f5b0080855ac08f88be.yaml
index 2bc352ac44..3489807d20 100644
--- a/nuclei-templates/2024/CVE-2024-29112-ac3cdb02dfa19f5b0080855ac08f88be.yaml
+++ b/nuclei-templates/2024/CVE-2024-29112-ac3cdb02dfa19f5b0080855ac08f88be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Google Feed Manager <= 2.2.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-product-feed-manager/"
     google-query: inurl:"/wp-content/plugins/wp-product-feed-manager/"
     shodan-query: 'vuln:CVE-2024-29112'
-  tags: cve,wordpress,wp-plugin,wp-product-feed-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-product-feed-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29114-c1281bc3be6489439619d6a7c7e1abac.yaml b/nuclei-templates/2024/CVE-2024-29114-c1281bc3be6489439619d6a7c7e1abac.yaml
index 713a90502b..3af0d417aa 100644
--- a/nuclei-templates/2024/CVE-2024-29114-c1281bc3be6489439619d6a7c7e1abac.yaml
+++ b/nuclei-templates/2024/CVE-2024-29114-c1281bc3be6489439619d6a7c7e1abac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.2.84 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.84 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:CVE-2024-29114'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29115-0f96dcc46121deff356e0d1a5d840b39.yaml b/nuclei-templates/2024/CVE-2024-29115-0f96dcc46121deff356e0d1a5d840b39.yaml
index dc3a0fb726..3e6cd65712 100644
--- a/nuclei-templates/2024/CVE-2024-29115-0f96dcc46121deff356e0d1a5d840b39.yaml
+++ b/nuclei-templates/2024/CVE-2024-29115-0f96dcc46121deff356e0d1a5d840b39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Online Order for Clover <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clover-online-orders/"
     google-query: inurl:"/wp-content/plugins/clover-online-orders/"
     shodan-query: 'vuln:CVE-2024-29115'
-  tags: cve,wordpress,wp-plugin,clover-online-orders,medium
+  tags: cve,wordpress,wp-plugin,clover-online-orders,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29118-d8b5bd57572fb9305d66b7bd52b02101.yaml b/nuclei-templates/2024/CVE-2024-29118-d8b5bd57572fb9305d66b7bd52b02101.yaml
index 29f772e407..e0ae91c6b2 100644
--- a/nuclei-templates/2024/CVE-2024-29118-d8b5bd57572fb9305d66b7bd52b02101.yaml
+++ b/nuclei-templates/2024/CVE-2024-29118-d8b5bd57572fb9305d66b7bd52b02101.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scrollsequence <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Scrollsequence plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scrollsequence/"
     google-query: inurl:"/wp-content/plugins/scrollsequence/"
     shodan-query: 'vuln:CVE-2024-29118'
-  tags: cve,wordpress,wp-plugin,scrollsequence,medium
+  tags: cve,wordpress,wp-plugin,scrollsequence,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29122-768117af17895fd2573e769996b5a89f.yaml b/nuclei-templates/2024/CVE-2024-29122-768117af17895fd2573e769996b5a89f.yaml
index e5338b3883..ea3468d75a 100644
--- a/nuclei-templates/2024/CVE-2024-29122-768117af17895fd2573e769996b5a89f.yaml
+++ b/nuclei-templates/2024/CVE-2024-29122-768117af17895fd2573e769996b5a89f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player <= 7.5.41.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:CVE-2024-29122'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29124-1c25b9d9b10bd77a049e735bb0a8965a.yaml b/nuclei-templates/2024/CVE-2024-29124-1c25b9d9b10bd77a049e735bb0a8965a.yaml
index 28f478f8da..f06f0bf12d 100644
--- a/nuclei-templates/2024/CVE-2024-29124-1c25b9d9b10bd77a049e735bb0a8965a.yaml
+++ b/nuclei-templates/2024/CVE-2024-29124-1c25b9d9b10bd77a049e735bb0a8965a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Access Manager <= 6.9.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.9.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-access-manager/"
     google-query: inurl:"/wp-content/plugins/advanced-access-manager/"
     shodan-query: 'vuln:CVE-2024-29124'
-  tags: cve,wordpress,wp-plugin,advanced-access-manager,medium
+  tags: cve,wordpress,wp-plugin,advanced-access-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29129-453edd08020fcb6cf7997bc23916e6f1.yaml b/nuclei-templates/2024/CVE-2024-29129-453edd08020fcb6cf7997bc23916e6f1.yaml
index 10406c786d..d330581b7b 100644
--- a/nuclei-templates/2024/CVE-2024-29129-453edd08020fcb6cf7997bc23916e6f1.yaml
+++ b/nuclei-templates/2024/CVE-2024-29129-453edd08020fcb6cf7997bc23916e6f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OxyExtras <= 1.4.4 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The OxyExtras plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oxyextras/"
     google-query: inurl:"/wp-content/plugins/oxyextras/"
     shodan-query: 'vuln:CVE-2024-29129'
-  tags: cve,wordpress,wp-plugin,oxyextras,medium
+  tags: cve,wordpress,wp-plugin,oxyextras,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29134-f0ebaf7908d2916224db8f5d1ff59d88.yaml b/nuclei-templates/2024/CVE-2024-29134-f0ebaf7908d2916224db8f5d1ff59d88.yaml
index 0af8b52cc4..8e877cf8d9 100644
--- a/nuclei-templates/2024/CVE-2024-29134-f0ebaf7908d2916224db8f5d1ff59d88.yaml
+++ b/nuclei-templates/2024/CVE-2024-29134-f0ebaf7908d2916224db8f5d1ff59d88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tourfic <= 2.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tourfic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tourfic/"
     google-query: inurl:"/wp-content/plugins/tourfic/"
     shodan-query: 'vuln:CVE-2024-29134'
-  tags: cve,wordpress,wp-plugin,tourfic,medium
+  tags: cve,wordpress,wp-plugin,tourfic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29135-98b35360d65753a713db3a25c694f42c.yaml b/nuclei-templates/2024/CVE-2024-29135-98b35360d65753a713db3a25c694f42c.yaml
index 10debd8495..63db61c43e 100644
--- a/nuclei-templates/2024/CVE-2024-29135-98b35360d65753a713db3a25c694f42c.yaml
+++ b/nuclei-templates/2024/CVE-2024-29135-98b35360d65753a713db3a25c694f42c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.11.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tourfic/"
     google-query: inurl:"/wp-content/plugins/tourfic/"
     shodan-query: 'vuln:CVE-2024-29135'
-  tags: cve,wordpress,wp-plugin,tourfic,high
+  tags: cve,wordpress,wp-plugin,tourfic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29136-edd8e3c62f3b71f626ad36553a59802b.yaml b/nuclei-templates/2024/CVE-2024-29136-edd8e3c62f3b71f626ad36553a59802b.yaml
index 426ada476e..ddd2a3c120 100644
--- a/nuclei-templates/2024/CVE-2024-29136-edd8e3c62f3b71f626ad36553a59802b.yaml
+++ b/nuclei-templates/2024/CVE-2024-29136-edd8e3c62f3b71f626ad36553a59802b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tourfic <= 2.11.17 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.17 via deserialization of untrusted input . This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tourfic/"
     google-query: inurl:"/wp-content/plugins/tourfic/"
     shodan-query: 'vuln:CVE-2024-29136'
-  tags: cve,wordpress,wp-plugin,tourfic,high
+  tags: cve,wordpress,wp-plugin,tourfic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29140-9d05bf270be054dfc1695e62a3911511.yaml b/nuclei-templates/2024/CVE-2024-29140-9d05bf270be054dfc1695e62a3911511.yaml
index fba523481a..7dbb01fea7 100644
--- a/nuclei-templates/2024/CVE-2024-29140-9d05bf270be054dfc1695e62a3911511.yaml
+++ b/nuclei-templates/2024/CVE-2024-29140-9d05bf270be054dfc1695e62a3911511.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MJM Clinic <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MJM Clinic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mjm-clinic/"
     google-query: inurl:"/wp-content/plugins/mjm-clinic/"
     shodan-query: 'vuln:CVE-2024-29140'
-  tags: cve,wordpress,wp-plugin,mjm-clinic,medium
+  tags: cve,wordpress,wp-plugin,mjm-clinic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29141-6736ec787d23e7bd8e0a13fc8e0e88d8.yaml b/nuclei-templates/2024/CVE-2024-29141-6736ec787d23e7bd8e0a13fc8e0e88d8.yaml
index bf00ce2685..6e2bbd7e85 100644
--- a/nuclei-templates/2024/CVE-2024-29141-6736ec787d23e7bd8e0a13fc8e0e88d8.yaml
+++ b/nuclei-templates/2024/CVE-2024-29141-6736ec787d23e7bd8e0a13fc8e0e88d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Embedder <= 4.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PDF Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-embedder/"
     google-query: inurl:"/wp-content/plugins/pdf-embedder/"
     shodan-query: 'vuln:CVE-2024-29141'
-  tags: cve,wordpress,wp-plugin,pdf-embedder,medium
+  tags: cve,wordpress,wp-plugin,pdf-embedder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29143-8f38e1cb39832821632517021044a8d0.yaml b/nuclei-templates/2024/CVE-2024-29143-8f38e1cb39832821632517021044a8d0.yaml
index 121ec523d0..26732051e3 100644
--- a/nuclei-templates/2024/CVE-2024-29143-8f38e1cb39832821632517021044a8d0.yaml
+++ b/nuclei-templates/2024/CVE-2024-29143-8f38e1cb39832821632517021044a8d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Passwordless Login <= 1.1.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Passwordless Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/passwordless-login/"
     google-query: inurl:"/wp-content/plugins/passwordless-login/"
     shodan-query: 'vuln:CVE-2024-29143'
-  tags: cve,wordpress,wp-plugin,passwordless-login,medium
+  tags: cve,wordpress,wp-plugin,passwordless-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2919-ae54bb23e01b89e4ec06d2fb932844c4.yaml b/nuclei-templates/2024/CVE-2024-2919-ae54bb23e01b89e4ec06d2fb932844c4.yaml
index 4f76d6f0f9..5ad3adac86 100644
--- a/nuclei-templates/2024/CVE-2024-2919-ae54bb23e01b89e4ec06d2fb932844c4.yaml
+++ b/nuclei-templates/2024/CVE-2024-2919-ae54bb23e01b89e4ec06d2fb932844c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2024-2919'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,medium
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29220-ba28eba12a04215286d701e542084879.yaml b/nuclei-templates/2024/CVE-2024-29220-ba28eba12a04215286d701e542084879.yaml
index baed8d2b57..138340c6d4 100644
--- a/nuclei-templates/2024/CVE-2024-29220-ba28eba12a04215286d701e542084879.yaml
+++ b/nuclei-templates/2024/CVE-2024-29220-ba28eba12a04215286d701e542084879.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a form field in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:CVE-2024-29220'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2923-ff7e8af2c4256f9a091a352140252d3e.yaml b/nuclei-templates/2024/CVE-2024-2923-ff7e8af2c4256f9a091a352140252d3e.yaml
index 773fd72a72..3b15443752 100644
--- a/nuclei-templates/2024/CVE-2024-2923-ff7e8af2c4256f9a091a352140252d3e.yaml
+++ b/nuclei-templates/2024/CVE-2024-2923-ff7e8af2c4256f9a091a352140252d3e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and including, 1.1.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/magical-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/magical-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2923'
-  tags: cve,wordpress,wp-plugin,magical-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,magical-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2924-20f6bee077964f1739b79a57d0927952.yaml b/nuclei-templates/2024/CVE-2024-2924-20f6bee077964f1739b79a57d0927952.yaml
index 63b2202a24..a046154ae4 100644
--- a/nuclei-templates/2024/CVE-2024-2924-20f6bee077964f1739b79a57d0927952.yaml
+++ b/nuclei-templates/2024/CVE-2024-2924-20f6bee077964f1739b79a57d0927952.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/creative-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/creative-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-2924'
-  tags: cve,wordpress,wp-plugin,creative-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,creative-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2925-49f8c3ec41639ad41107106a61b3b652.yaml b/nuclei-templates/2024/CVE-2024-2925-49f8c3ec41639ad41107106a61b3b652.yaml
index d7d96190e8..e5ef447441 100644
--- a/nuclei-templates/2024/CVE-2024-2925-49f8c3ec41639ad41107106a61b3b652.yaml
+++ b/nuclei-templates/2024/CVE-2024-2925-49f8c3ec41639ad41107106a61b3b652.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.8.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2024-2925'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2936-49b75b404a9ba001add19a1df795abd7.yaml b/nuclei-templates/2024/CVE-2024-2936-49b75b404a9ba001add19a1df795abd7.yaml
index 033162b3a9..2736a873b8 100644
--- a/nuclei-templates/2024/CVE-2024-2936-49b75b404a9ba001add19a1df795abd7.yaml
+++ b/nuclei-templates/2024/CVE-2024-2936-49b75b404a9ba001add19a1df795abd7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sydney Toolbox <= 1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sydney-toolbox/"
     google-query: inurl:"/wp-content/plugins/sydney-toolbox/"
     shodan-query: 'vuln:CVE-2024-2936'
-  tags: cve,wordpress,wp-plugin,sydney-toolbox,medium
+  tags: cve,wordpress,wp-plugin,sydney-toolbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2946-925ecf8dc9bb2b2baefb9be7dfe4e0e0.yaml b/nuclei-templates/2024/CVE-2024-2946-925ecf8dc9bb2b2baefb9be7dfe4e0e0.yaml
index 4dc0572121..ee575f57b5 100644
--- a/nuclei-templates/2024/CVE-2024-2946-925ecf8dc9bb2b2baefb9be7dfe4e0e0.yaml
+++ b/nuclei-templates/2024/CVE-2024-2946-925ecf8dc9bb2b2baefb9be7dfe4e0e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woolentor-addons/"
     google-query: inurl:"/wp-content/plugins/woolentor-addons/"
     shodan-query: 'vuln:CVE-2024-2946'
-  tags: cve,wordpress,wp-plugin,woolentor-addons,medium
+  tags: cve,wordpress,wp-plugin,woolentor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2948-46a2cdc68c7e07f12ed856fe3a47afc0.yaml b/nuclei-templates/2024/CVE-2024-2948-46a2cdc68c7e07f12ed856fe3a47afc0.yaml
index 72599134a5..1c68bde32a 100644
--- a/nuclei-templates/2024/CVE-2024-2948-46a2cdc68c7e07f12ed856fe3a47afc0.yaml
+++ b/nuclei-templates/2024/CVE-2024-2948-46a2cdc68c7e07f12ed856fe3a47afc0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Favorites <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user_favorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'no_favorites'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/favorites/"
     google-query: inurl:"/wp-content/plugins/favorites/"
     shodan-query: 'vuln:CVE-2024-2948'
-  tags: cve,wordpress,wp-plugin,favorites,high
+  tags: cve,wordpress,wp-plugin,favorites,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2949-6ae6ba71c1c511094e234e44db33e39b.yaml b/nuclei-templates/2024/CVE-2024-2949-6ae6ba71c1c511094e234e44db33e39b.yaml
index 6327dd9a44..b9c8038676 100644
--- a/nuclei-templates/2024/CVE-2024-2949-6ae6ba71c1c511094e234e44db33e39b.yaml
+++ b/nuclei-templates/2024/CVE-2024-2949-6ae6ba71c1c511094e234e44db33e39b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-carousel-free/"
     google-query: inurl:"/wp-content/plugins/wp-carousel-free/"
     shodan-query: 'vuln:CVE-2024-2949'
-  tags: cve,wordpress,wp-plugin,wp-carousel-free,medium
+  tags: cve,wordpress,wp-plugin,wp-carousel-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2954-8fe65facf4fd0cb40e8b7fae00de182d.yaml b/nuclei-templates/2024/CVE-2024-2954-8fe65facf4fd0cb40e8b7fae00de182d.yaml
index 5a9873a1d4..1954aeaf52 100644
--- a/nuclei-templates/2024/CVE-2024-2954-8fe65facf4fd0cb40e8b7fae00de182d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2954-8fe65facf4fd0cb40e8b7fae00de182d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Action Network 1.4.3 -Authentcated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-action-network/"
     google-query: inurl:"/wp-content/plugins/wp-action-network/"
     shodan-query: 'vuln:CVE-2024-2954'
-  tags: cve,wordpress,wp-plugin,wp-action-network,high
+  tags: cve,wordpress,wp-plugin,wp-action-network,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2956-6d7a079131a28ced1afc399eed5de96c.yaml b/nuclei-templates/2024/CVE-2024-2956-6d7a079131a28ced1afc399eed5de96c.yaml
index ee84080d3b..4253ebf33c 100644
--- a/nuclei-templates/2024/CVE-2024-2956-6d7a079131a28ced1afc399eed5de96c.yaml
+++ b/nuclei-templates/2024/CVE-2024-2956-6d7a079131a28ced1afc399eed5de96c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Ajax Chat <= 20231101 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-ajax-chat/"
     google-query: inurl:"/wp-content/plugins/simple-ajax-chat/"
     shodan-query: 'vuln:CVE-2024-2956'
-  tags: cve,wordpress,wp-plugin,simple-ajax-chat,medium
+  tags: cve,wordpress,wp-plugin,simple-ajax-chat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2958-59d35e08e05da774933855f91366b645.yaml b/nuclei-templates/2024/CVE-2024-2958-59d35e08e05da774933855f91366b645.yaml
index ba1853d71f..e41d3c6e34 100644
--- a/nuclei-templates/2024/CVE-2024-2958-59d35e08e05da774933855f91366b645.yaml
+++ b/nuclei-templates/2024/CVE-2024-2958-59d35e08e05da774933855f91366b645.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SVS Pricing Tables <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SVS Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pricing table settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/svs-pricing-tables/"
     google-query: inurl:"/wp-content/plugins/svs-pricing-tables/"
     shodan-query: 'vuln:CVE-2024-2958'
-  tags: cve,wordpress,wp-plugin,svs-pricing-tables,medium
+  tags: cve,wordpress,wp-plugin,svs-pricing-tables,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2962-68d0e40bde0f989b020b573553c376d1.yaml b/nuclei-templates/2024/CVE-2024-2962-68d0e40bde0f989b020b573553c376d1.yaml
index 6c6ec08009..b1375c8725 100644
--- a/nuclei-templates/2024/CVE-2024-2962-68d0e40bde0f989b020b573553c376d1.yaml
+++ b/nuclei-templates/2024/CVE-2024-2962-68d0e40bde0f989b020b573553c376d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/networker/"
     google-query: inurl:"/wp-content/themes/networker/"
     shodan-query: 'vuln:CVE-2024-2962'
-  tags: cve,wordpress,wp-theme,networker,medium
+  tags: cve,wordpress,wp-theme,networker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2963-e23aa6f9657419fe19f8c4bed7c9e59d.yaml b/nuclei-templates/2024/CVE-2024-2963-e23aa6f9657419fe19f8c4bed7c9e59d.yaml
index 90c5629dda..7b968e5972 100644
--- a/nuclei-templates/2024/CVE-2024-2963-e23aa6f9657419fe19f8c4bed7c9e59d.yaml
+++ b/nuclei-templates/2024/CVE-2024-2963-e23aa6f9657419fe19f8c4bed7c9e59d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pocket News Generator <= 0.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pocket-news-generator/"
     google-query: inurl:"/wp-content/plugins/pocket-news-generator/"
     shodan-query: 'vuln:CVE-2024-2963'
-  tags: cve,wordpress,wp-plugin,pocket-news-generator,medium
+  tags: cve,wordpress,wp-plugin,pocket-news-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2967-6d00e8bb2297cf89cd61e97ee33f9584.yaml b/nuclei-templates/2024/CVE-2024-2967-6d00e8bb2297cf89cd61e97ee33f9584.yaml
index e20e7efa17..15b09f8ef4 100644
--- a/nuclei-templates/2024/CVE-2024-2967-6d00e8bb2297cf89cd61e97ee33f9584.yaml
+++ b/nuclei-templates/2024/CVE-2024-2967-6d00e8bb2297cf89cd61e97ee33f9584.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/front-editor/"
     google-query: inurl:"/wp-content/plugins/front-editor/"
     shodan-query: 'vuln:CVE-2024-2967'
-  tags: cve,wordpress,wp-plugin,front-editor,medium
+  tags: cve,wordpress,wp-plugin,front-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2968-f0134606fede470163532ed054b5ffbb.yaml b/nuclei-templates/2024/CVE-2024-2968-f0134606fede470163532ed054b5ffbb.yaml
index 39c25c609d..e6e4846496 100644
--- a/nuclei-templates/2024/CVE-2024-2968-f0134606fede470163532ed054b5ffbb.yaml
+++ b/nuclei-templates/2024/CVE-2024-2968-f0134606fede470163532ed054b5ffbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Eggdrop <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-eggdrop/"
     google-query: inurl:"/wp-content/plugins/wp-eggdrop/"
     shodan-query: 'vuln:CVE-2024-2968'
-  tags: cve,wordpress,wp-plugin,wp-eggdrop,medium
+  tags: cve,wordpress,wp-plugin,wp-eggdrop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-2972-1afdb113a8eb638275401757c0567e46.yaml b/nuclei-templates/2024/CVE-2024-2972-1afdb113a8eb638275401757c0567e46.yaml
index c7e351025a..84bb0c3ad1 100644
--- a/nuclei-templates/2024/CVE-2024-2972-1afdb113a8eb638275401757c0567e46.yaml
+++ b/nuclei-templates/2024/CVE-2024-2972-1afdb113a8eb638275401757c0567e46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Floating Chat Widget <= 3.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cht_social_Whatsapp[bg_color] parameter in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticted attackers, with editor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chaty/"
     google-query: inurl:"/wp-content/plugins/chaty/"
     shodan-query: 'vuln:CVE-2024-2972'
-  tags: cve,wordpress,wp-plugin,chaty,medium
+  tags: cve,wordpress,wp-plugin,chaty,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29761-1387aa003d8d347fdc448b66fea447f4.yaml b/nuclei-templates/2024/CVE-2024-29761-1387aa003d8d347fdc448b66fea447f4.yaml
index f406e24696..7843023a70 100644
--- a/nuclei-templates/2024/CVE-2024-29761-1387aa003d8d347fdc448b66fea447f4.yaml
+++ b/nuclei-templates/2024/CVE-2024-29761-1387aa003d8d347fdc448b66fea447f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Post Disclaimer <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Post Disclaimer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the content disclaimer in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-post-disclaimer/"
     google-query: inurl:"/wp-content/plugins/wp-post-disclaimer/"
     shodan-query: 'vuln:CVE-2024-29761'
-  tags: cve,wordpress,wp-plugin,wp-post-disclaimer,medium
+  tags: cve,wordpress,wp-plugin,wp-post-disclaimer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29762-aedb89e2581210acfc64d10b1fcd7670.yaml b/nuclei-templates/2024/CVE-2024-29762-aedb89e2581210acfc64d10b1fcd7670.yaml
index 483ac32520..4e8a036479 100644
--- a/nuclei-templates/2024/CVE-2024-29762-aedb89e2581210acfc64d10b1fcd7670.yaml
+++ b/nuclei-templates/2024/CVE-2024-29762-aedb89e2581210acfc64d10b1fcd7670.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Off-Canvas Sidebars & Menus (Slidebars) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/off-canvas-sidebars/"
     google-query: inurl:"/wp-content/plugins/off-canvas-sidebars/"
     shodan-query: 'vuln:CVE-2024-29762'
-  tags: cve,wordpress,wp-plugin,off-canvas-sidebars,medium
+  tags: cve,wordpress,wp-plugin,off-canvas-sidebars,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29763-a210c90325ac6434534abb97976ad7c8.yaml b/nuclei-templates/2024/CVE-2024-29763-a210c90325ac6434534abb97976ad7c8.yaml
index 040e7d4887..90b33eba97 100644
--- a/nuclei-templates/2024/CVE-2024-29763-a210c90325ac6434534abb97976ad7c8.yaml
+++ b/nuclei-templates/2024/CVE-2024-29763-a210c90325ac6434534abb97976ad7c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Meta Data and Taxonomies Filter (MDTF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     shodan-query: 'vuln:CVE-2024-29763'
-  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29764-49b132283a9d5d5c8363ef530fb522a7.yaml b/nuclei-templates/2024/CVE-2024-29764-49b132283a9d5d5c8363ef530fb522a7.yaml
index 7f281ea64c..ffcfa0d666 100644
--- a/nuclei-templates/2024/CVE-2024-29764-49b132283a9d5d5c8363ef530fb522a7.yaml
+++ b/nuclei-templates/2024/CVE-2024-29764-49b132283a9d5d5c8363ef530fb522a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Molongui <= 4.7.7 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/molongui-authorship/"
     google-query: inurl:"/wp-content/plugins/molongui-authorship/"
     shodan-query: 'vuln:CVE-2024-29764'
-  tags: cve,wordpress,wp-plugin,molongui-authorship,medium
+  tags: cve,wordpress,wp-plugin,molongui-authorship,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29765-098bdb5ff12e782e87bacda8082a6346.yaml b/nuclei-templates/2024/CVE-2024-29765-098bdb5ff12e782e87bacda8082a6346.yaml
index 8e8069800f..1a7536c685 100644
--- a/nuclei-templates/2024/CVE-2024-29765-098bdb5ff12e782e87bacda8082a6346.yaml
+++ b/nuclei-templates/2024/CVE-2024-29765-098bdb5ff12e782e87bacda8082a6346.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Aparat for WordPress <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Aparat for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-aparat/"
     google-query: inurl:"/wp-content/plugins/wp-aparat/"
     shodan-query: 'vuln:CVE-2024-29765'
-  tags: cve,wordpress,wp-plugin,wp-aparat,medium
+  tags: cve,wordpress,wp-plugin,wp-aparat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29766-2d2a726dfea1c83cf2d93df104a8c8d5.yaml b/nuclei-templates/2024/CVE-2024-29766-2d2a726dfea1c83cf2d93df104a8c8d5.yaml
index 674decf26a..4224486689 100644
--- a/nuclei-templates/2024/CVE-2024-29766-2d2a726dfea1c83cf2d93df104a8c8d5.yaml
+++ b/nuclei-templates/2024/CVE-2024-29766-2d2a726dfea1c83cf2d93df104a8c8d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     StreamWeasels Twitch Integration <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/streamweasels-twitch-integration/"
     google-query: inurl:"/wp-content/plugins/streamweasels-twitch-integration/"
     shodan-query: 'vuln:CVE-2024-29766'
-  tags: cve,wordpress,wp-plugin,streamweasels-twitch-integration,medium
+  tags: cve,wordpress,wp-plugin,streamweasels-twitch-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29768-069688784bb13290b6aea0da4a233825.yaml b/nuclei-templates/2024/CVE-2024-29768-069688784bb13290b6aea0da4a233825.yaml
index 37e37c9f49..b8372ad169 100644
--- a/nuclei-templates/2024/CVE-2024-29768-069688784bb13290b6aea0da4a233825.yaml
+++ b/nuclei-templates/2024/CVE-2024-29768-069688784bb13290b6aea0da4a233825.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Astra <= 4.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Theme Header/Footer
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme header and footer content in all versions up to, and including, 4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/astra/"
     google-query: inurl:"/wp-content/themes/astra/"
     shodan-query: 'vuln:CVE-2024-29768'
-  tags: cve,wordpress,wp-theme,astra,medium
+  tags: cve,wordpress,wp-theme,astra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29769-6a48e7c9d0ebe158b3f7430c9e7962df.yaml b/nuclei-templates/2024/CVE-2024-29769-6a48e7c9d0ebe158b3f7430c9e7962df.yaml
index cdee0b7225..7dc6532e6b 100644
--- a/nuclei-templates/2024/CVE-2024-29769-6a48e7c9d0ebe158b3f7430c9e7962df.yaml
+++ b/nuclei-templates/2024/CVE-2024-29769-6a48e7c9d0ebe158b3f7430c9e7962df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Portfolio Gallery – Image Gallery Plugin <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/portfolio-filter-gallery/"
     google-query: inurl:"/wp-content/plugins/portfolio-filter-gallery/"
     shodan-query: 'vuln:CVE-2024-29769'
-  tags: cve,wordpress,wp-plugin,portfolio-filter-gallery,medium
+  tags: cve,wordpress,wp-plugin,portfolio-filter-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29771-e474bd135ff4b7c6170c11705966b7d8.yaml b/nuclei-templates/2024/CVE-2024-29771-e474bd135ff4b7c6170c11705966b7d8.yaml
index 476a1afae1..58b9903d47 100644
--- a/nuclei-templates/2024/CVE-2024-29771-e474bd135ff4b7c6170c11705966b7d8.yaml
+++ b/nuclei-templates/2024/CVE-2024-29771-e474bd135ff4b7c6170c11705966b7d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dracula Dark Mode –  Enhanced Accessibility, Dark Mode & Reading Mode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dracula-dark-mode/"
     google-query: inurl:"/wp-content/plugins/dracula-dark-mode/"
     shodan-query: 'vuln:CVE-2024-29771'
-  tags: cve,wordpress,wp-plugin,dracula-dark-mode,medium
+  tags: cve,wordpress,wp-plugin,dracula-dark-mode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29772-c4c3dacc97e2d49842f4e491e4abe511.yaml b/nuclei-templates/2024/CVE-2024-29772-c4c3dacc97e2d49842f4e491e4abe511.yaml
index 0643114a32..0668f73c8a 100644
--- a/nuclei-templates/2024/CVE-2024-29772-c4c3dacc97e2d49842f4e491e4abe511.yaml
+++ b/nuclei-templates/2024/CVE-2024-29772-c4c3dacc97e2d49842f4e491e4abe511.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MyBookTable Bookstore <= 3.3.7 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MyBookTable Bookstore plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SEO post data in versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mybooktable/"
     google-query: inurl:"/wp-content/plugins/mybooktable/"
     shodan-query: 'vuln:CVE-2024-29772'
-  tags: cve,wordpress,wp-plugin,mybooktable,medium
+  tags: cve,wordpress,wp-plugin,mybooktable,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29775-d5fd81597164f2848144dc46b48d8bc3.yaml b/nuclei-templates/2024/CVE-2024-29775-d5fd81597164f2848144dc46b48d8bc3.yaml
index d6fd978301..f1e6b548f4 100644
--- a/nuclei-templates/2024/CVE-2024-29775-d5fd81597164f2848144dc46b48d8bc3.yaml
+++ b/nuclei-templates/2024/CVE-2024-29775-d5fd81597164f2848144dc46b48d8bc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend Dashboard <= 2.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Frontend Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/frontend-dashboard/"
     google-query: inurl:"/wp-content/plugins/frontend-dashboard/"
     shodan-query: 'vuln:CVE-2024-29775'
-  tags: cve,wordpress,wp-plugin,frontend-dashboard,medium
+  tags: cve,wordpress,wp-plugin,frontend-dashboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29776-3bc30bc01f7305f10a41312e9c39291f.yaml b/nuclei-templates/2024/CVE-2024-29776-3bc30bc01f7305f10a41312e9c39291f.yaml
index 8e1fcbfcf6..7aab24f308 100644
--- a/nuclei-templates/2024/CVE-2024-29776-3bc30bc01f7305f10a41312e9c39291f.yaml
+++ b/nuclei-templates/2024/CVE-2024-29776-3bc30bc01f7305f10a41312e9c39291f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventPrime <= 3.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EventPrime plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventprime-event-calendar-management/"
     google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/"
     shodan-query: 'vuln:CVE-2024-29776'
-  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium
+  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29788-5b013c9961d2008bd8c1b51839f147f0.yaml b/nuclei-templates/2024/CVE-2024-29788-5b013c9961d2008bd8c1b51839f147f0.yaml
index 897007670d..d9ae08bf56 100644
--- a/nuclei-templates/2024/CVE-2024-29788-5b013c9961d2008bd8c1b51839f147f0.yaml
+++ b/nuclei-templates/2024/CVE-2024-29788-5b013c9961d2008bd8c1b51839f147f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Web Player <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Podlove Web Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' variable in versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-web-player/"
     google-query: inurl:"/wp-content/plugins/podlove-web-player/"
     shodan-query: 'vuln:CVE-2024-29788'
-  tags: cve,wordpress,wp-plugin,podlove-web-player,high
+  tags: cve,wordpress,wp-plugin,podlove-web-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29789-5fad00879c22741100673bb27b7a3e06.yaml b/nuclei-templates/2024/CVE-2024-29789-5fad00879c22741100673bb27b7a3e06.yaml
index 8fb0e82c12..a315dce0cd 100644
--- a/nuclei-templates/2024/CVE-2024-29789-5fad00879c22741100673bb27b7a3e06.yaml
+++ b/nuclei-templates/2024/CVE-2024-29789-5fad00879c22741100673bb27b7a3e06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OneClick Chat to Order <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OneClick Chat to Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oneclick-whatsapp-order/"
     google-query: inurl:"/wp-content/plugins/oneclick-whatsapp-order/"
     shodan-query: 'vuln:CVE-2024-29789'
-  tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,medium
+  tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29793-ef3aa6c6954785fff0d13c0cd6f5cb85.yaml b/nuclei-templates/2024/CVE-2024-29793-ef3aa6c6954785fff0d13c0cd6f5cb85.yaml
index 790002b46a..484403610f 100644
--- a/nuclei-templates/2024/CVE-2024-29793-ef3aa6c6954785fff0d13c0cd6f5cb85.yaml
+++ b/nuclei-templates/2024/CVE-2024-29793-ef3aa6c6954785fff0d13c0cd6f5cb85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailChimp Forms by MailMunch <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-forms-by-mailmunch/"
     google-query: inurl:"/wp-content/plugins/mailchimp-forms-by-mailmunch/"
     shodan-query: 'vuln:CVE-2024-29793'
-  tags: cve,wordpress,wp-plugin,mailchimp-forms-by-mailmunch,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-forms-by-mailmunch,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29795-babf60986b5038101853937d0a274e12.yaml b/nuclei-templates/2024/CVE-2024-29795-babf60986b5038101853937d0a274e12.yaml
index 5089e90950..4b4cd17ce6 100644
--- a/nuclei-templates/2024/CVE-2024-29795-babf60986b5038101853937d0a274e12.yaml
+++ b/nuclei-templates/2024/CVE-2024-29795-babf60986b5038101853937d0a274e12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more <= 4.5.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 4.5.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ilab-media-tools/"
     google-query: inurl:"/wp-content/plugins/ilab-media-tools/"
     shodan-query: 'vuln:CVE-2024-29795'
-  tags: cve,wordpress,wp-plugin,ilab-media-tools,medium
+  tags: cve,wordpress,wp-plugin,ilab-media-tools,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29796-ac9cb365e503376aa31ed761706bf88b.yaml b/nuclei-templates/2024/CVE-2024-29796-ac9cb365e503376aa31ed761706bf88b.yaml
index 46b3fe7991..19184ab5be 100644
--- a/nuclei-templates/2024/CVE-2024-29796-ac9cb365e503376aa31ed761706bf88b.yaml
+++ b/nuclei-templates/2024/CVE-2024-29796-ac9cb365e503376aa31ed761706bf88b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hot Random Image <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hot-random-image/"
     google-query: inurl:"/wp-content/plugins/hot-random-image/"
     shodan-query: 'vuln:CVE-2024-29796'
-  tags: cve,wordpress,wp-plugin,hot-random-image,medium
+  tags: cve,wordpress,wp-plugin,hot-random-image,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29797-0ddb5ade9834993cf7b74808814bcc80.yaml b/nuclei-templates/2024/CVE-2024-29797-0ddb5ade9834993cf7b74808814bcc80.yaml
index 980196a893..9dee270049 100644
--- a/nuclei-templates/2024/CVE-2024-29797-0ddb5ade9834993cf7b74808814bcc80.yaml
+++ b/nuclei-templates/2024/CVE-2024-29797-0ddb5ade9834993cf7b74808814bcc80.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Grid Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Grid Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-1658 is potentially a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/grid-shortcodes/"
     google-query: inurl:"/wp-content/plugins/grid-shortcodes/"
     shodan-query: 'vuln:CVE-2024-29797'
-  tags: cve,wordpress,wp-plugin,grid-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,grid-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29798-b4bd8b09c6fbcb29788bc8bbefcbcdc0.yaml b/nuclei-templates/2024/CVE-2024-29798-b4bd8b09c6fbcb29788bc8bbefcbcdc0.yaml
index 74e09e5625..e3c2f74f40 100644
--- a/nuclei-templates/2024/CVE-2024-29798-b4bd8b09c6fbcb29788bc8bbefcbcdc0.yaml
+++ b/nuclei-templates/2024/CVE-2024-29798-b4bd8b09c6fbcb29788bc8bbefcbcdc0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gratisfaction <= 4.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gratisfaction plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-29798'
-  tags: cve,wordpress,wp-plugin,gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29799-b0298fb4feee8bd9ed9da9efccd4ef90.yaml b/nuclei-templates/2024/CVE-2024-29799-b0298fb4feee8bd9ed9da9efccd4ef90.yaml
index 097c4482b5..413c001201 100644
--- a/nuclei-templates/2024/CVE-2024-29799-b0298fb4feee8bd9ed9da9efccd4ef90.yaml
+++ b/nuclei-templates/2024/CVE-2024-29799-b0298fb4feee8bd9ed9da9efccd4ef90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fast Total Search <= 1.59.211 - Authenticated (Contributor+) Stored Cross-Site Scripting via WPFTS Live Search Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Fast Total Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the WPFTS Live Search widget in versions up to, and including, 1.59.211 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fulltext-search/"
     google-query: inurl:"/wp-content/plugins/fulltext-search/"
     shodan-query: 'vuln:CVE-2024-29799'
-  tags: cve,wordpress,wp-plugin,fulltext-search,medium
+  tags: cve,wordpress,wp-plugin,fulltext-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29801-5800bdb88427729dfe9beda3923c95e4.yaml b/nuclei-templates/2024/CVE-2024-29801-5800bdb88427729dfe9beda3923c95e4.yaml
index 1c8d65edcf..68bcdb90e9 100644
--- a/nuclei-templates/2024/CVE-2024-29801-5800bdb88427729dfe9beda3923c95e4.yaml
+++ b/nuclei-templates/2024/CVE-2024-29801-5800bdb88427729dfe9beda3923c95e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fullscreen Galleria <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fullscreen Galleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fullscreen-galleria/"
     google-query: inurl:"/wp-content/plugins/fullscreen-galleria/"
     shodan-query: 'vuln:CVE-2024-29801'
-  tags: cve,wordpress,wp-plugin,fullscreen-galleria,medium
+  tags: cve,wordpress,wp-plugin,fullscreen-galleria,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29802-749aff0fcc167e558bca750035ba1596.yaml b/nuclei-templates/2024/CVE-2024-29802-749aff0fcc167e558bca750035ba1596.yaml
index 9e74aacbea..70e2240d37 100644
--- a/nuclei-templates/2024/CVE-2024-29802-749aff0fcc167e558bca750035ba1596.yaml
+++ b/nuclei-templates/2024/CVE-2024-29802-749aff0fcc167e558bca750035ba1596.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Football pool <= 2.11.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.11.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/football-pool/"
     google-query: inurl:"/wp-content/plugins/football-pool/"
     shodan-query: 'vuln:CVE-2024-29802'
-  tags: cve,wordpress,wp-plugin,football-pool,medium
+  tags: cve,wordpress,wp-plugin,football-pool,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29803-783b91bae7d265f558a1870f59bc1ef0.yaml b/nuclei-templates/2024/CVE-2024-29803-783b91bae7d265f558a1870f59bc1ef0.yaml
index 266529feea..fb7402a3d0 100644
--- a/nuclei-templates/2024/CVE-2024-29803-783b91bae7d265f558a1870f59bc1ef0.yaml
+++ b/nuclei-templates/2024/CVE-2024-29803-783b91bae7d265f558a1870f59bc1ef0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FlatPM < 3.1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FlatPM plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 3.1.05 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flatpm-wp/"
     google-query: inurl:"/wp-content/plugins/flatpm-wp/"
     shodan-query: 'vuln:CVE-2024-29803'
-  tags: cve,wordpress,wp-plugin,flatpm-wp,medium
+  tags: cve,wordpress,wp-plugin,flatpm-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29804-0cc8ff0d29654f0f83c0bf1830dddb43.yaml b/nuclei-templates/2024/CVE-2024-29804-0cc8ff0d29654f0f83c0bf1830dddb43.yaml
index 1dfed6dc18..a5a756c5b3 100644
--- a/nuclei-templates/2024/CVE-2024-29804-0cc8ff0d29654f0f83c0bf1830dddb43.yaml
+++ b/nuclei-templates/2024/CVE-2024-29804-0cc8ff0d29654f0f83c0bf1830dddb43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fancy Comments WordPress <= 1.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fancy Comments WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's facebook_comments_shortcode shortcode function in all versions up to, and including, 1.2.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancy-facebook-comments/"
     google-query: inurl:"/wp-content/plugins/fancy-facebook-comments/"
     shodan-query: 'vuln:CVE-2024-29804'
-  tags: cve,wordpress,wp-plugin,fancy-facebook-comments,medium
+  tags: cve,wordpress,wp-plugin,fancy-facebook-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29807-6970693f733e5a846cb7f76630b73d22.yaml b/nuclei-templates/2024/CVE-2024-29807-6970693f733e5a846cb7f76630b73d22.yaml
index 780623e5f5..ba7f90e58f 100644
--- a/nuclei-templates/2024/CVE-2024-29807-6970693f733e5a846cb7f76630b73d22.yaml
+++ b/nuclei-templates/2024/CVE-2024-29807-6970693f733e5a846cb7f76630b73d22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via force_fit
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'force_fit ' parameter in versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3d-flipbook-dflip-lite/"
     google-query: inurl:"/wp-content/plugins/3d-flipbook-dflip-lite/"
     shodan-query: 'vuln:CVE-2024-29807'
-  tags: cve,wordpress,wp-plugin,3d-flipbook-dflip-lite,medium
+  tags: cve,wordpress,wp-plugin,3d-flipbook-dflip-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29811-ced2048e66568ff23a7c9306db5ed20b.yaml b/nuclei-templates/2024/CVE-2024-29811-ced2048e66568ff23a7c9306db5ed20b.yaml
index 91ec948c7d..9630c2041e 100644
--- a/nuclei-templates/2024/CVE-2024-29811-ced2048e66568ff23a7c9306db5ed20b.yaml
+++ b/nuclei-templates/2024/CVE-2024-29811-ced2048e66568ff23a7c9306db5ed20b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Radio Player <= 2.0.73 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.73 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/radio-player/"
     google-query: inurl:"/wp-content/plugins/radio-player/"
     shodan-query: 'vuln:CVE-2024-29811'
-  tags: cve,wordpress,wp-plugin,radio-player,medium
+  tags: cve,wordpress,wp-plugin,radio-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29812-ada9bfaee2bdcdae8c612fda04e8585f.yaml b/nuclei-templates/2024/CVE-2024-29812-ada9bfaee2bdcdae8c612fda04e8585f.yaml
index de78dbb00f..f36d6322cd 100644
--- a/nuclei-templates/2024/CVE-2024-29812-ada9bfaee2bdcdae8c612fda04e8585f.yaml
+++ b/nuclei-templates/2024/CVE-2024-29812-ada9bfaee2bdcdae8c612fda04e8585f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ReviewX <= 1.6.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ReviewX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reviewx/"
     google-query: inurl:"/wp-content/plugins/reviewx/"
     shodan-query: 'vuln:CVE-2024-29812'
-  tags: cve,wordpress,wp-plugin,reviewx,medium
+  tags: cve,wordpress,wp-plugin,reviewx,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29813-ef918f495b11d984490181ededbf81f0.yaml b/nuclei-templates/2024/CVE-2024-29813-ef918f495b11d984490181ededbf81f0.yaml
index dea87d2f12..51bc9a3195 100644
--- a/nuclei-templates/2024/CVE-2024-29813-ef918f495b11d984490181ededbf81f0.yaml
+++ b/nuclei-templates/2024/CVE-2024-29813-ef918f495b11d984490181ededbf81f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Funnel Builder by CartFlows <= 2.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cartflows/"
     google-query: inurl:"/wp-content/plugins/cartflows/"
     shodan-query: 'vuln:CVE-2024-29813'
-  tags: cve,wordpress,wp-plugin,cartflows,medium
+  tags: cve,wordpress,wp-plugin,cartflows,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29814-776b8b2ca961da26b6b406dc75d9298e.yaml b/nuclei-templates/2024/CVE-2024-29814-776b8b2ca961da26b6b406dc75d9298e.yaml
index 939a879c2f..76255e70e7 100644
--- a/nuclei-templates/2024/CVE-2024-29814-776b8b2ca961da26b6b406dc75d9298e.yaml
+++ b/nuclei-templates/2024/CVE-2024-29814-776b8b2ca961da26b6b406dc75d9298e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exchange Rates Widget <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exchange Rates Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exchange-rates-widget/"
     google-query: inurl:"/wp-content/plugins/exchange-rates-widget/"
     shodan-query: 'vuln:CVE-2024-29814'
-  tags: cve,wordpress,wp-plugin,exchange-rates-widget,medium
+  tags: cve,wordpress,wp-plugin,exchange-rates-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29815-f5fc5ba02aa4560ef332189f36172c97.yaml b/nuclei-templates/2024/CVE-2024-29815-f5fc5ba02aa4560ef332189f36172c97.yaml
index 126b95ca4d..9e4112ddbf 100644
--- a/nuclei-templates/2024/CVE-2024-29815-f5fc5ba02aa4560ef332189f36172c97.yaml
+++ b/nuclei-templates/2024/CVE-2024-29815-f5fc5ba02aa4560ef332189f36172c97.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Change Email Sender <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Change Email Sender plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-change-email-sender/"
     google-query: inurl:"/wp-content/plugins/wp-change-email-sender/"
     shodan-query: 'vuln:CVE-2024-29815'
-  tags: cve,wordpress,wp-plugin,wp-change-email-sender,medium
+  tags: cve,wordpress,wp-plugin,wp-change-email-sender,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29816-4246ff71c6ef488c4b4e4889ffbb362f.yaml b/nuclei-templates/2024/CVE-2024-29816-4246ff71c6ef488c4b4e4889ffbb362f.yaml
index c4685c8091..1722c36de0 100644
--- a/nuclei-templates/2024/CVE-2024-29816-4246ff71c6ef488c4b4e4889ffbb362f.yaml
+++ b/nuclei-templates/2024/CVE-2024-29816-4246ff71c6ef488c4b4e4889ffbb362f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woo Viet <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Woo Viet – WooCommerce for Vietnam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-viet/"
     google-query: inurl:"/wp-content/plugins/woo-viet/"
     shodan-query: 'vuln:CVE-2024-29816'
-  tags: cve,wordpress,wp-plugin,woo-viet,medium
+  tags: cve,wordpress,wp-plugin,woo-viet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29817-c364b3be5ae879c7f6b82ff2d4ab8d09.yaml b/nuclei-templates/2024/CVE-2024-29817-c364b3be5ae879c7f6b82ff2d4ab8d09.yaml
index c622845055..bada55ccd2 100644
--- a/nuclei-templates/2024/CVE-2024-29817-c364b3be5ae879c7f6b82ff2d4ab8d09.yaml
+++ b/nuclei-templates/2024/CVE-2024-29817-c364b3be5ae879c7f6b82ff2d4ab8d09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     affiliate-toolkit <= 3.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via ratings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various ratings postmeta parameters in versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliate-toolkit-starter/"
     google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/"
     shodan-query: 'vuln:CVE-2024-29817'
-  tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,medium
+  tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29818-e39a71ad2e4c4fe07f9341861c3e2c8f.yaml b/nuclei-templates/2024/CVE-2024-29818-e39a71ad2e4c4fe07f9341861c3e2c8f.yaml
index 193bcb1961..242c752185 100644
--- a/nuclei-templates/2024/CVE-2024-29818-e39a71ad2e4c4fe07f9341861c3e2c8f.yaml
+++ b/nuclei-templates/2024/CVE-2024-29818-e39a71ad2e4c4fe07f9341861c3e2c8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Poll Maker <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/epoll-wp-voting/"
     google-query: inurl:"/wp-content/plugins/epoll-wp-voting/"
     shodan-query: 'vuln:CVE-2024-29818'
-  tags: cve,wordpress,wp-plugin,epoll-wp-voting,medium
+  tags: cve,wordpress,wp-plugin,epoll-wp-voting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29819-450b5eb205eb4e03e4e00eea052c76d9.yaml b/nuclei-templates/2024/CVE-2024-29819-450b5eb205eb4e03e4e00eea052c76d9.yaml
index a52f8867a2..fcc4ecba69 100644
--- a/nuclei-templates/2024/CVE-2024-29819-450b5eb205eb4e03e4e00eea052c76d9.yaml
+++ b/nuclei-templates/2024/CVE-2024-29819-450b5eb205eb4e03e4e00eea052c76d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPFront Notification Bar <= 3.3.2 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpfront-notification-bar/"
     google-query: inurl:"/wp-content/plugins/wpfront-notification-bar/"
     shodan-query: 'vuln:CVE-2024-29819'
-  tags: cve,wordpress,wp-plugin,wpfront-notification-bar,medium
+  tags: cve,wordpress,wp-plugin,wpfront-notification-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29820-439e5eee55387eb3328692c215048cd9.yaml b/nuclei-templates/2024/CVE-2024-29820-439e5eee55387eb3328692c215048cd9.yaml
index 920c9b6d2b..35b3633c6c 100644
--- a/nuclei-templates/2024/CVE-2024-29820-439e5eee55387eb3328692c215048cd9.yaml
+++ b/nuclei-templates/2024/CVE-2024-29820-439e5eee55387eb3328692c215048cd9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Builder for WPForms <= 1.2.88 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PDF Builder for WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' variable in versions up to, and including, 1.2.88 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-builder-for-wpforms/"
     google-query: inurl:"/wp-content/plugins/pdf-builder-for-wpforms/"
     shodan-query: 'vuln:CVE-2024-29820'
-  tags: cve,wordpress,wp-plugin,pdf-builder-for-wpforms,medium
+  tags: cve,wordpress,wp-plugin,pdf-builder-for-wpforms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29906-cd3ec729b30fa6c24f2c8dc5202be75f.yaml b/nuclei-templates/2024/CVE-2024-29906-cd3ec729b30fa6c24f2c8dc5202be75f.yaml
index e5dd5a9858..48b3b7ef31 100644
--- a/nuclei-templates/2024/CVE-2024-29906-cd3ec729b30fa6c24f2c8dc5202be75f.yaml
+++ b/nuclei-templates/2024/CVE-2024-29906-cd3ec729b30fa6c24f2c8dc5202be75f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Meta Data and Taxonomies Filter (MDTF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     shodan-query: 'vuln:CVE-2024-29906'
-  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29908-baef1d0e01440a39ac30bd5826a2469a.yaml b/nuclei-templates/2024/CVE-2024-29908-baef1d0e01440a39ac30bd5826a2469a.yaml
index ffe007d183..70f2b64657 100644
--- a/nuclei-templates/2024/CVE-2024-29908-baef1d0e01440a39ac30bd5826a2469a.yaml
+++ b/nuclei-templates/2024/CVE-2024-29908-baef1d0e01440a39ac30bd5826a2469a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Co-marquage service-public.fr <= 0.5.71 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Co-marquage service-public.fr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 0.5.71 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/co-marquage-service-public/"
     google-query: inurl:"/wp-content/plugins/co-marquage-service-public/"
     shodan-query: 'vuln:CVE-2024-29908'
-  tags: cve,wordpress,wp-plugin,co-marquage-service-public,medium
+  tags: cve,wordpress,wp-plugin,co-marquage-service-public,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29909-d60ef1067dd86b18895f878c5b5156fd.yaml b/nuclei-templates/2024/CVE-2024-29909-d60ef1067dd86b18895f878c5b5156fd.yaml
index 355608123a..d5e3dcd693 100644
--- a/nuclei-templates/2024/CVE-2024-29909-d60ef1067dd86b18895f878c5b5156fd.yaml
+++ b/nuclei-templates/2024/CVE-2024-29909-d60ef1067dd86b18895f878c5b5156fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Travelers' Map <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Travelers' Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/travelers-map/"
     google-query: inurl:"/wp-content/plugins/travelers-map/"
     shodan-query: 'vuln:CVE-2024-29909'
-  tags: cve,wordpress,wp-plugin,travelers-map,medium
+  tags: cve,wordpress,wp-plugin,travelers-map,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29910-7156ef80890822c55e70bd957b9a6411.yaml b/nuclei-templates/2024/CVE-2024-29910-7156ef80890822c55e70bd957b9a6411.yaml
index 39cdb5d940..255e449cb9 100644
--- a/nuclei-templates/2024/CVE-2024-29910-7156ef80890822c55e70bd957b9a6411.yaml
+++ b/nuclei-templates/2024/CVE-2024-29910-7156ef80890822c55e70bd957b9a6411.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dropdown Multisite selector <= 0.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dropdown multisite selector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dropdown-multisite-selector/"
     google-query: inurl:"/wp-content/plugins/dropdown-multisite-selector/"
     shodan-query: 'vuln:CVE-2024-29910'
-  tags: cve,wordpress,wp-plugin,dropdown-multisite-selector,medium
+  tags: cve,wordpress,wp-plugin,dropdown-multisite-selector,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29911-e068f616c0efa424554358743fa4c2b1.yaml b/nuclei-templates/2024/CVE-2024-29911-e068f616c0efa424554358743fa4c2b1.yaml
index a2a42733be..c4044d9706 100644
--- a/nuclei-templates/2024/CVE-2024-29911-e068f616c0efa424554358743fa4c2b1.yaml
+++ b/nuclei-templates/2024/CVE-2024-29911-e068f616c0efa424554358743fa4c2b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Addons for Elementor <= 2.0.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.5.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-addons/"
     google-query: inurl:"/wp-content/plugins/master-addons/"
     shodan-query: 'vuln:CVE-2024-29911'
-  tags: cve,wordpress,wp-plugin,master-addons,medium
+  tags: cve,wordpress,wp-plugin,master-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29912-9fca0dd0c7f34e6a746c8a219eb28b95.yaml b/nuclei-templates/2024/CVE-2024-29912-9fca0dd0c7f34e6a746c8a219eb28b95.yaml
index 93859dd355..ab48d5a3be 100644
--- a/nuclei-templates/2024/CVE-2024-29912-9fca0dd0c7f34e6a746c8a219eb28b95.yaml
+++ b/nuclei-templates/2024/CVE-2024-29912-9fca0dd0c7f34e6a746c8a219eb28b95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iCalendrier <= 1.80 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iCalendrier plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icalendrier/"
     google-query: inurl:"/wp-content/plugins/icalendrier/"
     shodan-query: 'vuln:CVE-2024-29912'
-  tags: cve,wordpress,wp-plugin,icalendrier,medium
+  tags: cve,wordpress,wp-plugin,icalendrier,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29913-57be4142bba97742b3c54d88f289eda5.yaml b/nuclei-templates/2024/CVE-2024-29913-57be4142bba97742b3c54d88f289eda5.yaml
index 97c049d5cd..6487040592 100644
--- a/nuclei-templates/2024/CVE-2024-29913-57be4142bba97742b3c54d88f289eda5.yaml
+++ b/nuclei-templates/2024/CVE-2024-29913-57be4142bba97742b3c54d88f289eda5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS Elementor Addons <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor-lms-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/tutor-lms-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-29913'
-  tags: cve,wordpress,wp-plugin,tutor-lms-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,tutor-lms-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29914-b90da7474429ff0560b494c992f7386d.yaml b/nuclei-templates/2024/CVE-2024-29914-b90da7474429ff0560b494c992f7386d.yaml
index 6a4ec77aff..b9e3591ae0 100644
--- a/nuclei-templates/2024/CVE-2024-29914-b90da7474429ff0560b494c992f7386d.yaml
+++ b/nuclei-templates/2024/CVE-2024-29914-b90da7474429ff0560b494c992f7386d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Stratum <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Stratum plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stratum/"
     google-query: inurl:"/wp-content/plugins/stratum/"
     shodan-query: 'vuln:CVE-2024-29914'
-  tags: cve,wordpress,wp-plugin,stratum,medium
+  tags: cve,wordpress,wp-plugin,stratum,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29917-313b605e10bb673c24b20248a65978eb.yaml b/nuclei-templates/2024/CVE-2024-29917-313b605e10bb673c24b20248a65978eb.yaml
index 086c79b0b2..8fc22a0d70 100644
--- a/nuclei-templates/2024/CVE-2024-29917-313b605e10bb673c24b20248a65978eb.yaml
+++ b/nuclei-templates/2024/CVE-2024-29917-313b605e10bb673c24b20248a65978eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Compact WP Audio Player <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fileurl
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fileurl’ parameter in versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/compact-wp-audio-player/"
     google-query: inurl:"/wp-content/plugins/compact-wp-audio-player/"
     shodan-query: 'vuln:CVE-2024-29917'
-  tags: cve,wordpress,wp-plugin,compact-wp-audio-player,medium
+  tags: cve,wordpress,wp-plugin,compact-wp-audio-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29921-a442b3cb4140cc0565b34b0085780b5e.yaml b/nuclei-templates/2024/CVE-2024-29921-a442b3cb4140cc0565b34b0085780b5e.yaml
index 8430cf77ba..e1f1f0df1f 100644
--- a/nuclei-templates/2024/CVE-2024-29921-a442b3cb4140cc0565b34b0085780b5e.yaml
+++ b/nuclei-templates/2024/CVE-2024-29921-a442b3cb4140cc0565b34b0085780b5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by Supsystic <= 1.15.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/gallery-by-supsystic/"
     shodan-query: 'vuln:CVE-2024-29921'
-  tags: cve,wordpress,wp-plugin,gallery-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,gallery-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29922-3adbda03e672466ae4cf2477d48f1715.yaml b/nuclei-templates/2024/CVE-2024-29922-3adbda03e672466ae4cf2477d48f1715.yaml
index ba3a0500da..8461626d18 100644
--- a/nuclei-templates/2024/CVE-2024-29922-3adbda03e672466ae4cf2477d48f1715.yaml
+++ b/nuclei-templates/2024/CVE-2024-29922-3adbda03e672466ae4cf2477d48f1715.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Hero <= 8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slider Hero with Animation, Video Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-hero/"
     google-query: inurl:"/wp-content/plugins/slider-hero/"
     shodan-query: 'vuln:CVE-2024-29922'
-  tags: cve,wordpress,wp-plugin,slider-hero,medium
+  tags: cve,wordpress,wp-plugin,slider-hero,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29925-2f1e25e867c081cf048f4dbc7240dbff.yaml b/nuclei-templates/2024/CVE-2024-29925-2f1e25e867c081cf048f4dbc7240dbff.yaml
index dc344f7c82..cf44d7b945 100644
--- a/nuclei-templates/2024/CVE-2024-29925-2f1e25e867c081cf048f4dbc7240dbff.yaml
+++ b/nuclei-templates/2024/CVE-2024-29925-2f1e25e867c081cf048f4dbc7240dbff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-grid-carousel-ultimate/"
     google-query: inurl:"/wp-content/plugins/post-grid-carousel-ultimate/"
     shodan-query: 'vuln:CVE-2024-29925'
-  tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,medium
+  tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29926-898754090db0c7c53df1a53b0a6b37dc.yaml b/nuclei-templates/2024/CVE-2024-29926-898754090db0c7c53df1a53b0a6b37dc.yaml
index 1050b6543c..d2a2983da0 100644
--- a/nuclei-templates/2024/CVE-2024-29926-898754090db0c7c53df1a53b0a6b37dc.yaml
+++ b/nuclei-templates/2024/CVE-2024-29926-898754090db0c7c53df1a53b0a6b37dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WC Builder <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WC Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-builder/"
     google-query: inurl:"/wp-content/plugins/wc-builder/"
     shodan-query: 'vuln:CVE-2024-29926'
-  tags: cve,wordpress,wp-plugin,wc-builder,medium
+  tags: cve,wordpress,wp-plugin,wc-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29927-b1e2122cdc23a9d17ef80227bd4601b9.yaml b/nuclei-templates/2024/CVE-2024-29927-b1e2122cdc23a9d17ef80227bd4601b9.yaml
index b76cf12d9d..fb1359f42b 100644
--- a/nuclei-templates/2024/CVE-2024-29927-b1e2122cdc23a9d17ef80227bd4601b9.yaml
+++ b/nuclei-templates/2024/CVE-2024-29927-b1e2122cdc23a9d17ef80227bd4601b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WishSuite <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wishsuite/"
     google-query: inurl:"/wp-content/plugins/wishsuite/"
     shodan-query: 'vuln:CVE-2024-29927'
-  tags: cve,wordpress,wp-plugin,wishsuite,medium
+  tags: cve,wordpress,wp-plugin,wishsuite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29929-678114ef3e2b187e51ff0be3e7f2cb83.yaml b/nuclei-templates/2024/CVE-2024-29929-678114ef3e2b187e51ff0be3e7f2cb83.yaml
index 35ea711e82..f15fbb9f6c 100644
--- a/nuclei-templates/2024/CVE-2024-29929-678114ef3e2b187e51ff0be3e7f2cb83.yaml
+++ b/nuclei-templates/2024/CVE-2024-29929-678114ef3e2b187e51ff0be3e7f2cb83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WCFM – Frontend Manager for WooCommerce <= 6.7.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-frontend-manager/"
     google-query: inurl:"/wp-content/plugins/wc-frontend-manager/"
     shodan-query: 'vuln:CVE-2024-29929'
-  tags: cve,wordpress,wp-plugin,wc-frontend-manager,medium
+  tags: cve,wordpress,wp-plugin,wc-frontend-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29930-306b847d2e6035c47912eb7c67152660.yaml b/nuclei-templates/2024/CVE-2024-29930-306b847d2e6035c47912eb7c67152660.yaml
index 38ed7894c6..7a34d299f5 100644
--- a/nuclei-templates/2024/CVE-2024-29930-306b847d2e6035c47912eb7c67152660.yaml
+++ b/nuclei-templates/2024/CVE-2024-29930-306b847d2e6035c47912eb7c67152660.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crypto Converter Widget <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Crypto Converter ⚡ Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crypto-converter-widget/"
     google-query: inurl:"/wp-content/plugins/crypto-converter-widget/"
     shodan-query: 'vuln:CVE-2024-29930'
-  tags: cve,wordpress,wp-plugin,crypto-converter-widget,medium
+  tags: cve,wordpress,wp-plugin,crypto-converter-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29932-407035e57e51b9b24244b7b6677f36c6.yaml b/nuclei-templates/2024/CVE-2024-29932-407035e57e51b9b24244b7b6677f36c6.yaml
index c9a38ec22d..a236a31a82 100644
--- a/nuclei-templates/2024/CVE-2024-29932-407035e57e51b9b24244b7b6677f36c6.yaml
+++ b/nuclei-templates/2024/CVE-2024-29932-407035e57e51b9b24244b7b6677f36c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Meta Data and Taxonomies Filter (MDTF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     shodan-query: 'vuln:CVE-2024-29932'
-  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29933-1b71c9c29fdfc5dbc008529fa648dbe1.yaml b/nuclei-templates/2024/CVE-2024-29933-1b71c9c29fdfc5dbc008529fa648dbe1.yaml
index 7eb28956f8..117a8004db 100644
--- a/nuclei-templates/2024/CVE-2024-29933-1b71c9c29fdfc5dbc008529fa648dbe1.yaml
+++ b/nuclei-templates/2024/CVE-2024-29933-1b71c9c29fdfc5dbc008529fa648dbe1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Web Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.0.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icon/"
     google-query: inurl:"/wp-content/plugins/icon/"
     shodan-query: 'vuln:CVE-2024-29933'
-  tags: cve,wordpress,wp-plugin,icon,medium
+  tags: cve,wordpress,wp-plugin,icon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29934-b5ac41047b1437d9d41eb11c7b522d30.yaml b/nuclei-templates/2024/CVE-2024-29934-b5ac41047b1437d9d41eb11c7b522d30.yaml
index 8b574bb919..59a1a01e69 100644
--- a/nuclei-templates/2024/CVE-2024-29934-b5ac41047b1437d9d41eb11c7b522d30.yaml
+++ b/nuclei-templates/2024/CVE-2024-29934-b5ac41047b1437d9d41eb11c7b522d30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Piotnet Addons For Elementor <= 2.4.25 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/piotnet-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-29934'
-  tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29935-e224a4cb8b7e311ea14d699136e59c51.yaml b/nuclei-templates/2024/CVE-2024-29935-e224a4cb8b7e311ea14d699136e59c51.yaml
index ba7fb77845..1d6d443647 100644
--- a/nuclei-templates/2024/CVE-2024-29935-e224a4cb8b7e311ea14d699136e59c51.yaml
+++ b/nuclei-templates/2024/CVE-2024-29935-e224a4cb8b7e311ea14d699136e59c51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sina Extension for Elementor <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sina-extension-for-elementor/"
     google-query: inurl:"/wp-content/plugins/sina-extension-for-elementor/"
     shodan-query: 'vuln:CVE-2024-29935'
-  tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-29936-026772a7c84514935eb2f122e1212bd7.yaml b/nuclei-templates/2024/CVE-2024-29936-026772a7c84514935eb2f122e1212bd7.yaml
index 53c23bc715..4001e39e4a 100644
--- a/nuclei-templates/2024/CVE-2024-29936-026772a7c84514935eb2f122e1212bd7.yaml
+++ b/nuclei-templates/2024/CVE-2024-29936-026772a7c84514935eb2f122e1212bd7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Hover Effects – Elementor Addon <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'eihe_align'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eihe_align' parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-hover-effects-addon-for-elementor/"
     google-query: inurl:"/wp-content/plugins/image-hover-effects-addon-for-elementor/"
     shodan-query: 'vuln:CVE-2024-29936'
-  tags: cve,wordpress,wp-plugin,image-hover-effects-addon-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,image-hover-effects-addon-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3005-c82aa7ec69ca20e438896d99f7ba7b77.yaml b/nuclei-templates/2024/CVE-2024-3005-c82aa7ec69ca20e438896d99f7ba7b77.yaml
index e9291e79df..61dae7f94b 100644
--- a/nuclei-templates/2024/CVE-2024-3005-c82aa7ec69ca20e438896d99f7ba7b77.yaml
+++ b/nuclei-templates/2024/CVE-2024-3005-c82aa7ec69ca20e438896d99f7ba7b77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LA-Studio Element Kit for Elementor <= 1.3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's LaStudioKit Post Author widget in all versions up to, and including, 1.3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lastudio-element-kit/"
     google-query: inurl:"/wp-content/plugins/lastudio-element-kit/"
     shodan-query: 'vuln:CVE-2024-3005'
-  tags: cve,wordpress,wp-plugin,lastudio-element-kit,medium
+  tags: cve,wordpress,wp-plugin,lastudio-element-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30177-34bbbe6df5443652a8ecc2885cf36469.yaml b/nuclei-templates/2024/CVE-2024-30177-34bbbe6df5443652a8ecc2885cf36469.yaml
index 0a82bbfa3c..5e48a39d0b 100644
--- a/nuclei-templates/2024/CVE-2024-30177-34bbbe6df5443652a8ecc2885cf36469.yaml
+++ b/nuclei-templates/2024/CVE-2024-30177-34bbbe6df5443652a8ecc2885cf36469.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-30177'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30178-7a5d96cd355dcc2c5701c024f2ba7043.yaml b/nuclei-templates/2024/CVE-2024-30178-7a5d96cd355dcc2c5701c024f2ba7043.yaml
index b930bfa782..d8901dd7a1 100644
--- a/nuclei-templates/2024/CVE-2024-30178-7a5d96cd355dcc2c5701c024f2ba7043.yaml
+++ b/nuclei-templates/2024/CVE-2024-30178-7a5d96cd355dcc2c5701c024f2ba7043.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simply Static <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simply Static plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simply-static/"
     google-query: inurl:"/wp-content/plugins/simply-static/"
     shodan-query: 'vuln:CVE-2024-30178'
-  tags: cve,wordpress,wp-plugin,simply-static,medium
+  tags: cve,wordpress,wp-plugin,simply-static,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30179-8b94055b335b8fd181b35e0e5b73b692.yaml b/nuclei-templates/2024/CVE-2024-30179-8b94055b335b8fd181b35e0e5b73b692.yaml
index 9178d4160f..b973c34dcf 100644
--- a/nuclei-templates/2024/CVE-2024-30179-8b94055b335b8fd181b35e0e5b73b692.yaml
+++ b/nuclei-templates/2024/CVE-2024-30179-8b94055b335b8fd181b35e0e5b73b692.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via class
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the css class in versions up to, and including, 4.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2024-30179'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3018-b90105c25730b4d746a6acc92069913e.yaml b/nuclei-templates/2024/CVE-2024-3018-b90105c25730b4d746a6acc92069913e.yaml
index 85e68586e0..614e6286dd 100644
--- a/nuclei-templates/2024/CVE-2024-3018-b90105c25730b4d746a6acc92069913e.yaml
+++ b/nuclei-templates/2024/CVE-2024-3018-b90105c25730b4d746a6acc92069913e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'error_resetpassword' attribute of the "Login | Register Form" widget (disabled by default). This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-3018'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,high
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30180-5e1243e1e25d813c82b94fbe494798e2.yaml b/nuclei-templates/2024/CVE-2024-30180-5e1243e1e25d813c82b94fbe494798e2.yaml
index 0355c1684d..e7358f5a70 100644
--- a/nuclei-templates/2024/CVE-2024-30180-5e1243e1e25d813c82b94fbe494798e2.yaml
+++ b/nuclei-templates/2024/CVE-2024-30180-5e1243e1e25d813c82b94fbe494798e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Feed <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via fb_appid
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fb_appid' parameter in versions up to, and including, 6.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-facebook-likebox/"
     google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/"
     shodan-query: 'vuln:CVE-2024-30180'
-  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium
+  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30181-95d961d91144502a2fa4a99f5da6e669.yaml b/nuclei-templates/2024/CVE-2024-30181-95d961d91144502a2fa4a99f5da6e669.yaml
index 839c9b14ab..f799d7f966 100644
--- a/nuclei-templates/2024/CVE-2024-30181-95d961d91144502a2fa4a99f5da6e669.yaml
+++ b/nuclei-templates/2024/CVE-2024-30181-95d961d91144502a2fa4a99f5da6e669.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Locatoraid Store Locator <= 3.9.30 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.9.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/locatoraid/"
     google-query: inurl:"/wp-content/plugins/locatoraid/"
     shodan-query: 'vuln:CVE-2024-30181'
-  tags: cve,wordpress,wp-plugin,locatoraid,medium
+  tags: cve,wordpress,wp-plugin,locatoraid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30182-54345d40684c0a52baa3c3ff4f72b60d.yaml b/nuclei-templates/2024/CVE-2024-30182-54345d40684c0a52baa3c3ff4f72b60d.yaml
index 71b8321308..f65e62e847 100644
--- a/nuclei-templates/2024/CVE-2024-30182-54345d40684c0a52baa3c3ff4f72b60d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30182-54345d40684c0a52baa3c3ff4f72b60d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HT Mega plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-30182'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30183-eb66f71390c85b359c35c7747a93043f.yaml b/nuclei-templates/2024/CVE-2024-30183-eb66f71390c85b359c35c7747a93043f.yaml
index c188401445..a596690413 100644
--- a/nuclei-templates/2024/CVE-2024-30183-eb66f71390c85b359c35c7747a93043f.yaml
+++ b/nuclei-templates/2024/CVE-2024-30183-eb66f71390c85b359c35c7747a93043f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Livemesh Addons for WPBakery Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-visual-composer/"
     google-query: inurl:"/wp-content/plugins/addons-for-visual-composer/"
     shodan-query: 'vuln:CVE-2024-30183'
-  tags: cve,wordpress,wp-plugin,addons-for-visual-composer,medium
+  tags: cve,wordpress,wp-plugin,addons-for-visual-composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30184-a665c3284fcafde64dfe52ce15a964ef.yaml b/nuclei-templates/2024/CVE-2024-30184-a665c3284fcafde64dfe52ce15a964ef.yaml
index a21f9973bb..e9e142e413 100644
--- a/nuclei-templates/2024/CVE-2024-30184-a665c3284fcafde64dfe52ce15a964ef.yaml
+++ b/nuclei-templates/2024/CVE-2024-30184-a665c3284fcafde64dfe52ce15a964ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sg_popup shortcode in all versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-builder/"
     google-query: inurl:"/wp-content/plugins/popup-builder/"
     shodan-query: 'vuln:CVE-2024-30184'
-  tags: cve,wordpress,wp-plugin,popup-builder,medium
+  tags: cve,wordpress,wp-plugin,popup-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30185-e0e7d7ae87e3b7c89bbdeabc1a752e7d.yaml b/nuclei-templates/2024/CVE-2024-30185-e0e7d7ae87e3b7c89bbdeabc1a752e7d.yaml
index 5a2c17c503..87e6110e7d 100644
--- a/nuclei-templates/2024/CVE-2024-30185-e0e7d7ae87e3b7c89bbdeabc1a752e7d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30185-e0e7d7ae87e3b7c89bbdeabc1a752e7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Element Pack Elementor Addons <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Element Pack Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link URL in versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a duplicate of CVE-2024-1429.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/"
     shodan-query: 'vuln:CVE-2024-30185'
-  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30186-58cf3685b6d061649f14b9a15a1de69b.yaml b/nuclei-templates/2024/CVE-2024-30186-58cf3685b6d061649f14b9a15a1de69b.yaml
index 740ced7df3..8051340470 100644
--- a/nuclei-templates/2024/CVE-2024-30186-58cf3685b6d061649f14b9a15a1de69b.yaml
+++ b/nuclei-templates/2024/CVE-2024-30186-58cf3685b6d061649f14b9a15a1de69b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via title
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title tag in versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: this appear to be a duplicate of CVE-2024-1506
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/"
     shodan-query: 'vuln:CVE-2024-30186'
-  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30192-565c3a27c2a7060808c53a2711e80a32.yaml b/nuclei-templates/2024/CVE-2024-30192-565c3a27c2a7060808c53a2711e80a32.yaml
index 232dac778e..65b0ad6234 100644
--- a/nuclei-templates/2024/CVE-2024-30192-565c3a27c2a7060808c53a2711e80a32.yaml
+++ b/nuclei-templates/2024/CVE-2024-30192-565c3a27c2a7060808c53a2711e80a32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Pins for Pinterest <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-pinterest-portfolio/"
     google-query: inurl:"/wp-content/plugins/gs-pinterest-portfolio/"
     shodan-query: 'vuln:CVE-2024-30192'
-  tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,medium
+  tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30193-dada2db55c799a5508c295a160b1fcaf.yaml b/nuclei-templates/2024/CVE-2024-30193-dada2db55c799a5508c295a160b1fcaf.yaml
index 4cf9d55a2a..fe41e8d33d 100644
--- a/nuclei-templates/2024/CVE-2024-30193-dada2db55c799a5508c295a160b1fcaf.yaml
+++ b/nuclei-templates/2024/CVE-2024-30193-dada2db55c799a5508c295a160b1fcaf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Church Admin <= 4.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via meta-text
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Church Admin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘meta-text’ parameter in versions up to, and including, 4.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/church-admin/"
     google-query: inurl:"/wp-content/plugins/church-admin/"
     shodan-query: 'vuln:CVE-2024-30193'
-  tags: cve,wordpress,wp-plugin,church-admin,medium
+  tags: cve,wordpress,wp-plugin,church-admin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30197-5b5631c6755ba3e58cfcfbe9ec90f71c.yaml b/nuclei-templates/2024/CVE-2024-30197-5b5631c6755ba3e58cfcfbe9ec90f71c.yaml
index e7559b695b..06e7f03117 100644
--- a/nuclei-templates/2024/CVE-2024-30197-5b5631c6755ba3e58cfcfbe9ec90f71c.yaml
+++ b/nuclei-templates/2024/CVE-2024-30197-5b5631c6755ba3e58cfcfbe9ec90f71c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Church Admin <= 4.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Church Admin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.0.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/church-admin/"
     google-query: inurl:"/wp-content/plugins/church-admin/"
     shodan-query: 'vuln:CVE-2024-30197'
-  tags: cve,wordpress,wp-plugin,church-admin,medium
+  tags: cve,wordpress,wp-plugin,church-admin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3020-91917d1d663ea184f4f2f69e04c99474.yaml b/nuclei-templates/2024/CVE-2024-3020-91917d1d663ea184f4f2f69e04c99474.yaml
index 6fb0c36db9..cef3035e16 100644
--- a/nuclei-templates/2024/CVE-2024-3020-91917d1d663ea184f4f2f69e04c99474.yaml
+++ b/nuclei-templates/2024/CVE-2024-3020-91917d1d663ea184f4f2f69e04c99474.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-carousel-free/"
     google-query: inurl:"/wp-content/plugins/wp-carousel-free/"
     shodan-query: 'vuln:CVE-2024-3020'
-  tags: cve,wordpress,wp-plugin,wp-carousel-free,high
+  tags: cve,wordpress,wp-plugin,wp-carousel-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3021-ff23d770fb11fdc3c77523a1486cf3a6.yaml b/nuclei-templates/2024/CVE-2024-3021-ff23d770fb11fdc3c77523a1486cf3a6.yaml
index f5a62bdabf..3938eb3088 100644
--- a/nuclei-templates/2024/CVE-2024-3021-ff23d770fb11fdc3c77523a1486cf3a6.yaml
+++ b/nuclei-templates/2024/CVE-2024-3021-ff23d770fb11fdc3c77523a1486cf3a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mhr Post Ticker <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Header Title value in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mhr-post-ticker/"
     google-query: inurl:"/wp-content/plugins/mhr-post-ticker/"
     shodan-query: 'vuln:CVE-2024-3021'
-  tags: cve,wordpress,wp-plugin,mhr-post-ticker,medium
+  tags: cve,wordpress,wp-plugin,mhr-post-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3022-65f544c282d9d1cc0fbf1f6438a4d682.yaml b/nuclei-templates/2024/CVE-2024-3022-65f544c282d9d1cc0fbf1f6438a4d682.yaml
index c4cd2d00b8..86d54cd6aa 100644
--- a/nuclei-templates/2024/CVE-2024-3022-65f544c282d9d1cc0fbf1f6438a4d682.yaml
+++ b/nuclei-templates/2024/CVE-2024-3022-65f544c282d9d1cc0fbf1f6438a4d682.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookingpress-appointment-booking/"
     google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/"
     shodan-query: 'vuln:CVE-2024-3022'
-  tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,high
+  tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30222-fe13beada39d84f2847878b7d4da45e8.yaml b/nuclei-templates/2024/CVE-2024-30222-fe13beada39d84f2847878b7d4da45e8.yaml
index 39506b5e00..523f4589e0 100644
--- a/nuclei-templates/2024/CVE-2024-30222-fe13beada39d84f2847878b7d4da45e8.yaml
+++ b/nuclei-templates/2024/CVE-2024-30222-fe13beada39d84f2847878b7d4da45e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.0.26 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/armember-membership/"
     google-query: inurl:"/wp-content/plugins/armember-membership/"
     shodan-query: 'vuln:CVE-2024-30222'
-  tags: cve,wordpress,wp-plugin,armember-membership,critical
+  tags: cve,wordpress,wp-plugin,armember-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30228-59d8f9139af0fff2996b4a871907966d.yaml b/nuclei-templates/2024/CVE-2024-30228-59d8f9139af0fff2996b4a871907966d.yaml
index 713f09bce7..70203a7787 100644
--- a/nuclei-templates/2024/CVE-2024-30228-59d8f9139af0fff2996b4a871907966d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30228-59d8f9139af0fff2996b4a871907966d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hercules Core <= 6.4 - Authenticated (Subscriber+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Hercules Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hercules-core/"
     google-query: inurl:"/wp-content/plugins/hercules-core/"
     shodan-query: 'vuln:CVE-2024-30228'
-  tags: cve,wordpress,wp-plugin,hercules-core,high
+  tags: cve,wordpress,wp-plugin,hercules-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30229-87bce74e2816b9152b22f0db777f7371.yaml b/nuclei-templates/2024/CVE-2024-30229-87bce74e2816b9152b22f0db777f7371.yaml
index 4785404107..a9ac5b1cc1 100644
--- a/nuclei-templates/2024/CVE-2024-30229-87bce74e2816b9152b22f0db777f7371.yaml
+++ b/nuclei-templates/2024/CVE-2024-30229-87bce74e2816b9152b22f0db777f7371.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GiveWP – Donation Plugin and Fundraising Platform <= 3.4.2 - Authenticated (GiveWP Manager+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The GiveWP plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with give manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/give/"
     google-query: inurl:"/wp-content/plugins/give/"
     shodan-query: 'vuln:CVE-2024-30229'
-  tags: cve,wordpress,wp-plugin,give,high
+  tags: cve,wordpress,wp-plugin,give,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3023-59df5359f3dd97e1bd86b18fcb289b4e.yaml b/nuclei-templates/2024/CVE-2024-3023-59df5359f3dd97e1bd86b18fcb289b4e.yaml
index 9731adc404..df73675ab0 100644
--- a/nuclei-templates/2024/CVE-2024-3023-59df5359f3dd97e1bd86b18fcb289b4e.yaml
+++ b/nuclei-templates/2024/CVE-2024-3023-59df5359f3dd97e1bd86b18fcb289b4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AnnounceKit <= 2.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AnnounceKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/announcekit/"
     google-query: inurl:"/wp-content/plugins/announcekit/"
     shodan-query: 'vuln:CVE-2024-3023'
-  tags: cve,wordpress,wp-plugin,announcekit,medium
+  tags: cve,wordpress,wp-plugin,announcekit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30231-ab754796885789e2785d22756395f374.yaml b/nuclei-templates/2024/CVE-2024-30231-ab754796885789e2785d22756395f374.yaml
index d67848db1a..c9c858a29e 100644
--- a/nuclei-templates/2024/CVE-2024-30231-ab754796885789e2785d22756395f374.yaml
+++ b/nuclei-templates/2024/CVE-2024-30231-ab754796885789e2785d22756395f374.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Import Export for WooCommerce <= 2.4.1 - Authenticated(Shop Manager+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Product Import Export for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'image_library_attachment' function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Shop Manager access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-import-export-for-woo/"
     google-query: inurl:"/wp-content/plugins/product-import-export-for-woo/"
     shodan-query: 'vuln:CVE-2024-30231'
-  tags: cve,wordpress,wp-plugin,product-import-export-for-woo,high
+  tags: cve,wordpress,wp-plugin,product-import-export-for-woo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30232-007d55abdcc3037b38fa1f4866ebcef6.yaml b/nuclei-templates/2024/CVE-2024-30232-007d55abdcc3037b38fa1f4866ebcef6.yaml
index 88b05c8cf4..aad0efb1de 100644
--- a/nuclei-templates/2024/CVE-2024-30232-007d55abdcc3037b38fa1f4866ebcef6.yaml
+++ b/nuclei-templates/2024/CVE-2024-30232-007d55abdcc3037b38fa1f4866ebcef6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-30232'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30234-dee36755177c71d5de078f0f334f5c8c.yaml b/nuclei-templates/2024/CVE-2024-30234-dee36755177c71d5de078f0f334f5c8c.yaml
index 1553e9818e..e8dc197466 100644
--- a/nuclei-templates/2024/CVE-2024-30234-dee36755177c71d5de078f0f334f5c8c.yaml
+++ b/nuclei-templates/2024/CVE-2024-30234-dee36755177c71d5de078f0f334f5c8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WholesaleX <= 1.3.1 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WholesaleX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wc_install_callback AJAX function in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to install woocommerce.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wholesalex/"
     google-query: inurl:"/wp-content/plugins/wholesalex/"
     shodan-query: 'vuln:CVE-2024-30234'
-  tags: cve,wordpress,wp-plugin,wholesalex,medium
+  tags: cve,wordpress,wp-plugin,wholesalex,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30235-2428c4eb87b4651b0b610c5b37e29f17.yaml b/nuclei-templates/2024/CVE-2024-30235-2428c4eb87b4651b0b610c5b37e29f17.yaml
index 8c17d2ebbc..22091dd2c1 100644
--- a/nuclei-templates/2024/CVE-2024-30235-2428c4eb87b4651b0b610c5b37e29f17.yaml
+++ b/nuclei-templates/2024/CVE-2024-30235-2428c4eb87b4651b0b610c5b37e29f17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Page Generator Plugin – MPG <= 3.4.0 - Missing Authorization via mpg_get_log_by_project_id
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mpg_get_log_by_project_id' function in versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to view project logs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/"
     google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/"
     shodan-query: 'vuln:CVE-2024-30235'
-  tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,medium
+  tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30236-1fcba72eb855bf7a2b762f45f8e9327d.yaml b/nuclei-templates/2024/CVE-2024-30236-1fcba72eb855bf7a2b762f45f8e9327d.yaml
index e5d463dc6c..64ea3da241 100644
--- a/nuclei-templates/2024/CVE-2024-30236-1fcba72eb855bf7a2b762f45f8e9327d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30236-1fcba72eb855bf7a2b762f45f8e9327d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photos and Files Contest Gallery <= 21.3.4 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 21.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:CVE-2024-30236'
-  tags: cve,wordpress,wp-plugin,contest-gallery,critical
+  tags: cve,wordpress,wp-plugin,contest-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30237-63a1aadd7fd62f660af4d37169d1f541.yaml b/nuclei-templates/2024/CVE-2024-30237-63a1aadd7fd62f660af4d37169d1f541.yaml
index 858a44663b..39d19cc23e 100644
--- a/nuclei-templates/2024/CVE-2024-30237-63a1aadd7fd62f660af4d37169d1f541.yaml
+++ b/nuclei-templates/2024/CVE-2024-30237-63a1aadd7fd62f660af4d37169d1f541.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider by Supsystic <= 1.8.10 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Slider by Supsystic plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.8.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/slider-by-supsystic/"
     shodan-query: 'vuln:CVE-2024-30237'
-  tags: cve,wordpress,wp-plugin,slider-by-supsystic,critical
+  tags: cve,wordpress,wp-plugin,slider-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30238-534d85fc0380423c37750b4f71b369b0.yaml b/nuclei-templates/2024/CVE-2024-30238-534d85fc0380423c37750b4f71b369b0.yaml
index b0fd9e318e..0a1cea1761 100644
--- a/nuclei-templates/2024/CVE-2024-30238-534d85fc0380423c37750b4f71b369b0.yaml
+++ b/nuclei-templates/2024/CVE-2024-30238-534d85fc0380423c37750b4f71b369b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 21.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:CVE-2024-30238'
-  tags: cve,wordpress,wp-plugin,contest-gallery,critical
+  tags: cve,wordpress,wp-plugin,contest-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30239-51be17f4121e81eef8733d9b91f0a025.yaml b/nuclei-templates/2024/CVE-2024-30239-51be17f4121e81eef8733d9b91f0a025.yaml
index b11f85099c..7a6bbb6af6 100644
--- a/nuclei-templates/2024/CVE-2024-30239-51be17f4121e81eef8733d9b91f0a025.yaml
+++ b/nuclei-templates/2024/CVE-2024-30239-51be17f4121e81eef8733d9b91f0a025.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zoho Campaigns <= 2.0.6 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Zoho Campaigns plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zoho-campaigns/"
     google-query: inurl:"/wp-content/plugins/zoho-campaigns/"
     shodan-query: 'vuln:CVE-2024-30239'
-  tags: cve,wordpress,wp-plugin,zoho-campaigns,critical
+  tags: cve,wordpress,wp-plugin,zoho-campaigns,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30240-dc0d3deddd939ceb7da2b7a2e45dc103.yaml b/nuclei-templates/2024/CVE-2024-30240-dc0d3deddd939ceb7da2b7a2e45dc103.yaml
index 349be6c129..f5afc37b0d 100644
--- a/nuclei-templates/2024/CVE-2024-30240-dc0d3deddd939ceb7da2b7a2e45dc103.yaml
+++ b/nuclei-templates/2024/CVE-2024-30240-dc0d3deddd939ceb7da2b7a2e45dc103.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calendarista <= 15.5.7 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Calendarista plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 15.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calendarista/"
     google-query: inurl:"/wp-content/plugins/calendarista/"
     shodan-query: 'vuln:CVE-2024-30240'
-  tags: cve,wordpress,wp-plugin,calendarista,critical
+  tags: cve,wordpress,wp-plugin,calendarista,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30241-4ca548e170bb0185c3dab51f55775413.yaml b/nuclei-templates/2024/CVE-2024-30241-4ca548e170bb0185c3dab51f55775413.yaml
index 0ebf86308d..5a2acb623d 100644
--- a/nuclei-templates/2024/CVE-2024-30241-4ca548e170bb0185c3dab51f55775413.yaml
+++ b/nuclei-templates/2024/CVE-2024-30241-4ca548e170bb0185c3dab51f55775413.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid <= 5.7.1 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2024-30241'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30242-23ce5fe03a72b8b92f4c0373c289ac85.yaml b/nuclei-templates/2024/CVE-2024-30242-23ce5fe03a72b8b92f4c0373c289ac85.yaml
index b35705efcb..59ffd75a09 100644
--- a/nuclei-templates/2024/CVE-2024-30242-23ce5fe03a72b8b92f4c0373c289ac85.yaml
+++ b/nuclei-templates/2024/CVE-2024-30242-23ce5fe03a72b8b92f4c0373c289ac85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form to Any API <= 1.1.8 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Contact Form to Any API plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.1.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-any-api/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-any-api/"
     shodan-query: 'vuln:CVE-2024-30242'
-  tags: cve,wordpress,wp-plugin,contact-form-to-any-api,critical
+  tags: cve,wordpress,wp-plugin,contact-form-to-any-api,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30243-8904938c0e9840b0a2511b1de74ee529.yaml b/nuclei-templates/2024/CVE-2024-30243-8904938c0e9840b0a2511b1de74ee529.yaml
index 369d6bd2b1..3632c809b3 100644
--- a/nuclei-templates/2024/CVE-2024-30243-8904938c0e9840b0a2511b1de74ee529.yaml
+++ b/nuclei-templates/2024/CVE-2024-30243-8904938c0e9840b0a2511b1de74ee529.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Tooltips <= 9.4.3 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WordPress Tooltips plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 9.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-tooltips/"
     google-query: inurl:"/wp-content/plugins/wordpress-tooltips/"
     shodan-query: 'vuln:CVE-2024-30243'
-  tags: cve,wordpress,wp-plugin,wordpress-tooltips,critical
+  tags: cve,wordpress,wp-plugin,wordpress-tooltips,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30244-62fad85c6fa5b7fb3d8634d94c62f43f.yaml b/nuclei-templates/2024/CVE-2024-30244-62fad85c6fa5b7fb3d8634d94c62f43f.yaml
index c901202951..1537c58a88 100644
--- a/nuclei-templates/2024/CVE-2024-30244-62fad85c6fa5b7fb3d8634d94c62f43f.yaml
+++ b/nuclei-templates/2024/CVE-2024-30244-62fad85c6fa5b7fb3d8634d94c62f43f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Church Admin <= 4.0.27 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Church Admin plugin for WordPress is vulnerable to SQL Injection via the 'weeks' value in all versions up to, and including, 4.0.27 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/church-admin/"
     google-query: inurl:"/wp-content/plugins/church-admin/"
     shodan-query: 'vuln:CVE-2024-30244'
-  tags: cve,wordpress,wp-plugin,church-admin,high
+  tags: cve,wordpress,wp-plugin,church-admin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30245-2701fe0e6794c06d119a81cdcc54c2d8.yaml b/nuclei-templates/2024/CVE-2024-30245-2701fe0e6794c06d119a81cdcc54c2d8.yaml
index c0ee7fc88d..2e6fa2539d 100644
--- a/nuclei-templates/2024/CVE-2024-30245-2701fe0e6794c06d119a81cdcc54c2d8.yaml
+++ b/nuclei-templates/2024/CVE-2024-30245-2701fe0e6794c06d119a81cdcc54c2d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DecaLog <= 3.9.0 - Authenticated (Admin+) SQL injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The DecaLog plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/decalog/"
     google-query: inurl:"/wp-content/plugins/decalog/"
     shodan-query: 'vuln:CVE-2024-30245'
-  tags: cve,wordpress,wp-plugin,decalog,critical
+  tags: cve,wordpress,wp-plugin,decalog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3027-7fcf2911100968a88895e890aa0259dd.yaml b/nuclei-templates/2024/CVE-2024-3027-7fcf2911100968a88895e890aa0259dd.yaml
index 958195170e..5582fddb62 100644
--- a/nuclei-templates/2024/CVE-2024-3027-7fcf2911100968a88895e890aa0259dd.yaml
+++ b/nuclei-templates/2024/CVE-2024-3027-7fcf2911100968a88895e890aa0259dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-slider-3/"
     google-query: inurl:"/wp-content/plugins/smart-slider-3/"
     shodan-query: 'vuln:CVE-2024-3027'
-  tags: cve,wordpress,wp-plugin,smart-slider-3,medium
+  tags: cve,wordpress,wp-plugin,smart-slider-3,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3030-05ea715911776cce9345bba9207f2978.yaml b/nuclei-templates/2024/CVE-2024-3030-05ea715911776cce9345bba9207f2978.yaml
index dd9ad96c59..9504d3b00a 100644
--- a/nuclei-templates/2024/CVE-2024-3030-05ea715911776cce9345bba9207f2978.yaml
+++ b/nuclei-templates/2024/CVE-2024-3030-05ea715911776cce9345bba9207f2978.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Announce from the Dashboard <= 1.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/announce-from-the-dashboard/"
     google-query: inurl:"/wp-content/plugins/announce-from-the-dashboard/"
     shodan-query: 'vuln:CVE-2024-3030'
-  tags: cve,wordpress,wp-plugin,announce-from-the-dashboard,medium
+  tags: cve,wordpress,wp-plugin,announce-from-the-dashboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30422-8305b529a6785da6470d8457740ff920.yaml b/nuclei-templates/2024/CVE-2024-30422-8305b529a6785da6470d8457740ff920.yaml
index a36c61996a..b5d25140a3 100644
--- a/nuclei-templates/2024/CVE-2024-30422-8305b529a6785da6470d8457740ff920.yaml
+++ b/nuclei-templates/2024/CVE-2024-30422-8305b529a6785da6470d8457740ff920.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-30422'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30423-9167001bdde424000d6bf79c1d596a20.yaml b/nuclei-templates/2024/CVE-2024-30423-9167001bdde424000d6bf79c1d596a20.yaml
index a6ef0fd0be..3784b37a25 100644
--- a/nuclei-templates/2024/CVE-2024-30423-9167001bdde424000d6bf79c1d596a20.yaml
+++ b/nuclei-templates/2024/CVE-2024-30423-9167001bdde424000d6bf79c1d596a20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Elementor Addons <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/better-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-30423'
-  tags: cve,wordpress,wp-plugin,better-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,better-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30426-70740ef575420bdce3307b7d6efb0e97.yaml b/nuclei-templates/2024/CVE-2024-30426-70740ef575420bdce3307b7d6efb0e97.yaml
index c0b9f5971a..ed31d66015 100644
--- a/nuclei-templates/2024/CVE-2024-30426-70740ef575420bdce3307b7d6efb0e97.yaml
+++ b/nuclei-templates/2024/CVE-2024-30426-70740ef575420bdce3307b7d6efb0e97.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hash Elements <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hash-elements/"
     google-query: inurl:"/wp-content/plugins/hash-elements/"
     shodan-query: 'vuln:CVE-2024-30426'
-  tags: cve,wordpress,wp-plugin,hash-elements,medium
+  tags: cve,wordpress,wp-plugin,hash-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30429-ac7ff3acb8eeb83f868977100c1901f2.yaml b/nuclei-templates/2024/CVE-2024-30429-ac7ff3acb8eeb83f868977100c1901f2.yaml
index 5b17b74c61..4cb616db31 100644
--- a/nuclei-templates/2024/CVE-2024-30429-ac7ff3acb8eeb83f868977100c1901f2.yaml
+++ b/nuclei-templates/2024/CVE-2024-30429-ac7ff3acb8eeb83f868977100c1901f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wp-forecast <= 9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wp-forecast plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-forecast/"
     google-query: inurl:"/wp-content/plugins/wp-forecast/"
     shodan-query: 'vuln:CVE-2024-30429'
-  tags: cve,wordpress,wp-plugin,wp-forecast,medium
+  tags: cve,wordpress,wp-plugin,wp-forecast,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30430-2021aef7227818f1c21db36c31bdbd79.yaml b/nuclei-templates/2024/CVE-2024-30430-2021aef7227818f1c21db36c31bdbd79.yaml
index a4addcabca..37b5119638 100644
--- a/nuclei-templates/2024/CVE-2024-30430-2021aef7227818f1c21db36c31bdbd79.yaml
+++ b/nuclei-templates/2024/CVE-2024-30430-2021aef7227818f1c21db36c31bdbd79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fluent CRM <= 2.8.44 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.8.44 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluent-crm/"
     google-query: inurl:"/wp-content/plugins/fluent-crm/"
     shodan-query: 'vuln:CVE-2024-30430'
-  tags: cve,wordpress,wp-plugin,fluent-crm,medium
+  tags: cve,wordpress,wp-plugin,fluent-crm,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30432-f176e53a42ca2011d6f5c8a03ade6f30.yaml b/nuclei-templates/2024/CVE-2024-30432-f176e53a42ca2011d6f5c8a03ade6f30.yaml
index 83b87baa7c..da8d609a04 100644
--- a/nuclei-templates/2024/CVE-2024-30432-f176e53a42ca2011d6f5c8a03ade6f30.yaml
+++ b/nuclei-templates/2024/CVE-2024-30432-f176e53a42ca2011d6f5c8a03ade6f30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     B Slider - Slider for your block editor <= 1.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The B Slider - Slider for your block editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/b-slider/"
     google-query: inurl:"/wp-content/plugins/b-slider/"
     shodan-query: 'vuln:CVE-2024-30432'
-  tags: cve,wordpress,wp-plugin,b-slider,medium
+  tags: cve,wordpress,wp-plugin,b-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30433-050701771ca0e37751fe39d80669e4d1.yaml b/nuclei-templates/2024/CVE-2024-30433-050701771ca0e37751fe39d80669e4d1.yaml
index 11a3a66e57..c6e2451033 100644
--- a/nuclei-templates/2024/CVE-2024-30433-050701771ca0e37751fe39d80669e4d1.yaml
+++ b/nuclei-templates/2024/CVE-2024-30433-050701771ca0e37751fe39d80669e4d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WC Marketplace <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WC Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/"
     google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/"
     shodan-query: 'vuln:CVE-2024-30433'
-  tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,medium
+  tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30434-0f98500a56d8bff1fd15d46c8720db00.yaml b/nuclei-templates/2024/CVE-2024-30434-0f98500a56d8bff1fd15d46c8720db00.yaml
index 7314165380..49e9b62599 100644
--- a/nuclei-templates/2024/CVE-2024-30434-0f98500a56d8bff1fd15d46c8720db00.yaml
+++ b/nuclei-templates/2024/CVE-2024-30434-0f98500a56d8bff1fd15d46c8720db00.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-CRM System <= 3.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress CRM Plugin – WP-CRM System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-crm-system/"
     google-query: inurl:"/wp-content/plugins/wp-crm-system/"
     shodan-query: 'vuln:CVE-2024-30434'
-  tags: cve,wordpress,wp-plugin,wp-crm-system,medium
+  tags: cve,wordpress,wp-plugin,wp-crm-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30436-a85aa1b9a47ecb9d1b901a00495b06ae.yaml b/nuclei-templates/2024/CVE-2024-30436-a85aa1b9a47ecb9d1b901a00495b06ae.yaml
index bc14ab1477..67ba35bfb7 100644
--- a/nuclei-templates/2024/CVE-2024-30436-a85aa1b9a47ecb9d1b901a00495b06ae.yaml
+++ b/nuclei-templates/2024/CVE-2024-30436-a85aa1b9a47ecb9d1b901a00495b06ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     collectchat <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The collectchat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/collectchat/"
     google-query: inurl:"/wp-content/plugins/collectchat/"
     shodan-query: 'vuln:CVE-2024-30436'
-  tags: cve,wordpress,wp-plugin,collectchat,medium
+  tags: cve,wordpress,wp-plugin,collectchat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30437-c115c2b38773f756d29db80a784da83d.yaml b/nuclei-templates/2024/CVE-2024-30437-c115c2b38773f756d29db80a784da83d.yaml
index 1a89043d29..3016f40504 100644
--- a/nuclei-templates/2024/CVE-2024-30437-c115c2b38773f756d29db80a784da83d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30437-c115c2b38773f756d29db80a784da83d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Webinar and Video Conference with Jitsi Meet <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Webinar and Video Conference with Jitsi Meet plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webinar-and-video-conference-with-jitsi-meet/"
     google-query: inurl:"/wp-content/plugins/webinar-and-video-conference-with-jitsi-meet/"
     shodan-query: 'vuln:CVE-2024-30437'
-  tags: cve,wordpress,wp-plugin,webinar-and-video-conference-with-jitsi-meet,medium
+  tags: cve,wordpress,wp-plugin,webinar-and-video-conference-with-jitsi-meet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30438-2ff60d0958c013f69d2bb2b8a6cd708d.yaml b/nuclei-templates/2024/CVE-2024-30438-2ff60d0958c013f69d2bb2b8a6cd708d.yaml
index 10afd8a480..d4e8edc4a8 100644
--- a/nuclei-templates/2024/CVE-2024-30438-2ff60d0958c013f69d2bb2b8a6cd708d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30438-2ff60d0958c013f69d2bb2b8a6cd708d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Print Page block <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Print Page block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-page/"
     google-query: inurl:"/wp-content/plugins/print-page/"
     shodan-query: 'vuln:CVE-2024-30438'
-  tags: cve,wordpress,wp-plugin,print-page,medium
+  tags: cve,wordpress,wp-plugin,print-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30440-9036b0b68d189e2a08606b1361a322c6.yaml b/nuclei-templates/2024/CVE-2024-30440-9036b0b68d189e2a08606b1361a322c6.yaml
index 3e04c30f51..917f6e8d41 100644
--- a/nuclei-templates/2024/CVE-2024-30440-9036b0b68d189e2a08606b1361a322c6.yaml
+++ b/nuclei-templates/2024/CVE-2024-30440-9036b0b68d189e2a08606b1361a322c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Event Post <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Themify Event Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-event-post/"
     google-query: inurl:"/wp-content/plugins/themify-event-post/"
     shodan-query: 'vuln:CVE-2024-30440'
-  tags: cve,wordpress,wp-plugin,themify-event-post,medium
+  tags: cve,wordpress,wp-plugin,themify-event-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30443-7cf1733a0fcabc72e1599e5c6fa6e184.yaml b/nuclei-templates/2024/CVE-2024-30443-7cf1733a0fcabc72e1599e5c6fa6e184.yaml
index 0bda247d14..0e6f3cfb0c 100644
--- a/nuclei-templates/2024/CVE-2024-30443-7cf1733a0fcabc72e1599e5c6fa6e184.yaml
+++ b/nuclei-templates/2024/CVE-2024-30443-7cf1733a0fcabc72e1599e5c6fa6e184.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Testimonial Slider <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GS Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-testimonial/"
     google-query: inurl:"/wp-content/plugins/gs-testimonial/"
     shodan-query: 'vuln:CVE-2024-30443'
-  tags: cve,wordpress,wp-plugin,gs-testimonial,medium
+  tags: cve,wordpress,wp-plugin,gs-testimonial,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30444-c982dae5e8a9922c1cd4de17c56c6264.yaml b/nuclei-templates/2024/CVE-2024-30444-c982dae5e8a9922c1cd4de17c56c6264.yaml
index 208e06061e..1092bdd125 100644
--- a/nuclei-templates/2024/CVE-2024-30444-c982dae5e8a9922c1cd4de17c56c6264.yaml
+++ b/nuclei-templates/2024/CVE-2024-30444-c982dae5e8a9922c1cd4de17c56c6264.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Page Builder – Zion Builder <= 3.6.9 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Page Builder – Zion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zionbuilder/"
     google-query: inurl:"/wp-content/plugins/zionbuilder/"
     shodan-query: 'vuln:CVE-2024-30444'
-  tags: cve,wordpress,wp-plugin,zionbuilder,medium
+  tags: cve,wordpress,wp-plugin,zionbuilder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30445-d0db52345c07a6211225ddd6537e55c1.yaml b/nuclei-templates/2024/CVE-2024-30445-d0db52345c07a6211225ddd6537e55c1.yaml
index e1f0a25905..7258ff7261 100644
--- a/nuclei-templates/2024/CVE-2024-30445-d0db52345c07a6211225ddd6537e55c1.yaml
+++ b/nuclei-templates/2024/CVE-2024-30445-d0db52345c07a6211225ddd6537e55c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Web Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/icon/"
     google-query: inurl:"/wp-content/plugins/icon/"
     shodan-query: 'vuln:CVE-2024-30445'
-  tags: cve,wordpress,wp-plugin,icon,medium
+  tags: cve,wordpress,wp-plugin,icon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30446-6323dfe519d667ba98cb2cb3a674b49d.yaml b/nuclei-templates/2024/CVE-2024-30446-6323dfe519d667ba98cb2cb3a674b49d.yaml
index 7ff21c1682..ea24a2f555 100644
--- a/nuclei-templates/2024/CVE-2024-30446-6323dfe519d667ba98cb2cb3a674b49d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30446-6323dfe519d667ba98cb2cb3a674b49d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crm-perks-forms/"
     google-query: inurl:"/wp-content/plugins/crm-perks-forms/"
     shodan-query: 'vuln:CVE-2024-30446'
-  tags: cve,wordpress,wp-plugin,crm-perks-forms,medium
+  tags: cve,wordpress,wp-plugin,crm-perks-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30448-d94ab49d4d8adfed309a34be052981f9.yaml b/nuclei-templates/2024/CVE-2024-30448-d94ab49d4d8adfed309a34be052981f9.yaml
index 90d22fbf73..9fa048482a 100644
--- a/nuclei-templates/2024/CVE-2024-30448-d94ab49d4d8adfed309a34be052981f9.yaml
+++ b/nuclei-templates/2024/CVE-2024-30448-d94ab49d4d8adfed309a34be052981f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider by Supsystic <= 1.8.10 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slider by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/slider-by-supsystic/"
     shodan-query: 'vuln:CVE-2024-30448'
-  tags: cve,wordpress,wp-plugin,slider-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,slider-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30450-e82baab8930846897895cd56a53f4176.yaml b/nuclei-templates/2024/CVE-2024-30450-e82baab8930846897895cd56a53f4176.yaml
index 4eade51dae..7b9b900c99 100644
--- a/nuclei-templates/2024/CVE-2024-30450-e82baab8930846897895cd56a53f4176.yaml
+++ b/nuclei-templates/2024/CVE-2024-30450-e82baab8930846897895cd56a53f4176.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stepbyteservice-openstreetmap/"
     google-query: inurl:"/wp-content/plugins/stepbyteservice-openstreetmap/"
     shodan-query: 'vuln:CVE-2024-30450'
-  tags: cve,wordpress,wp-plugin,stepbyteservice-openstreetmap,medium
+  tags: cve,wordpress,wp-plugin,stepbyteservice-openstreetmap,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30451-682168a7f6b8d8c54e16ca072c08d0b8.yaml b/nuclei-templates/2024/CVE-2024-30451-682168a7f6b8d8c54e16ca072c08d0b8.yaml
index e7e6f84b1c..6eb2385e03 100644
--- a/nuclei-templates/2024/CVE-2024-30451-682168a7f6b8d8c54e16ca072c08d0b8.yaml
+++ b/nuclei-templates/2024/CVE-2024-30451-682168a7f6b8d8c54e16ca072c08d0b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Geo Controller <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Geo Controller plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf-geoplugin/"
     google-query: inurl:"/wp-content/plugins/cf-geoplugin/"
     shodan-query: 'vuln:CVE-2024-30451'
-  tags: cve,wordpress,wp-plugin,cf-geoplugin,medium
+  tags: cve,wordpress,wp-plugin,cf-geoplugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30452-1320225def4406c9e713cc329abaeb70.yaml b/nuclei-templates/2024/CVE-2024-30452-1320225def4406c9e713cc329abaeb70.yaml
index d45931f728..f514661cb4 100644
--- a/nuclei-templates/2024/CVE-2024-30452-1320225def4406c9e713cc329abaeb70.yaml
+++ b/nuclei-templates/2024/CVE-2024-30452-1320225def4406c9e713cc329abaeb70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Landing Page Builder <= 1.5.1.7 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.5.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-builder-add/"
     google-query: inurl:"/wp-content/plugins/page-builder-add/"
     shodan-query: 'vuln:CVE-2024-30452'
-  tags: cve,wordpress,wp-plugin,page-builder-add,medium
+  tags: cve,wordpress,wp-plugin,page-builder-add,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30459-77df5424b8737ee4b8f9f9f20e1fee34.yaml b/nuclei-templates/2024/CVE-2024-30459-77df5424b8737ee4b8f9f9f20e1fee34.yaml
index 4aae68bc01..d79c69d6a4 100644
--- a/nuclei-templates/2024/CVE-2024-30459-77df5424b8737ee4b8f9f9f20e1fee34.yaml
+++ b/nuclei-templates/2024/CVE-2024-30459-77df5424b8737ee4b8f9f9f20e1fee34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI WP Writer <= 3.6.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AI WP Writer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 3.6.5. This makes it possible for unauthenticated attackers to perform a variety of unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ai-wp-writer/"
     google-query: inurl:"/wp-content/plugins/ai-wp-writer/"
     shodan-query: 'vuln:CVE-2024-30459'
-  tags: cve,wordpress,wp-plugin,ai-wp-writer,medium
+  tags: cve,wordpress,wp-plugin,ai-wp-writer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30463-3174ef274fa543dfe91589efb1d4f079.yaml b/nuclei-templates/2024/CVE-2024-30463-3174ef274fa543dfe91589efb1d4f079.yaml
index 1c262762a6..68c0041d23 100644
--- a/nuclei-templates/2024/CVE-2024-30463-3174ef274fa543dfe91589efb1d4f079.yaml
+++ b/nuclei-templates/2024/CVE-2024-30463-3174ef274fa543dfe91589efb1d4f079.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BEAR <= 1.1.4.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BEAR plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woobe_update_page_field() function in versions up to, and including, 1.1.4.3. This makes it possible for unauthenticated attackers to update page details.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-bulk-editor/"
     google-query: inurl:"/wp-content/plugins/woo-bulk-editor/"
     shodan-query: 'vuln:CVE-2024-30463'
-  tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,woo-bulk-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30464-9590c9a713d41dcccd250e79c2d68a75.yaml b/nuclei-templates/2024/CVE-2024-30464-9590c9a713d41dcccd250e79c2d68a75.yaml
index 2f8b3fb134..8e7f8787cc 100644
--- a/nuclei-templates/2024/CVE-2024-30464-9590c9a713d41dcccd250e79c2d68a75.yaml
+++ b/nuclei-templates/2024/CVE-2024-30464-9590c9a713d41dcccd250e79c2d68a75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Icons Widget & Block by WPZOOM <= 4.2.15 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the zoom_ajax_set_pointer_transient() function in versions up to, and including, 4.2.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to set pointer transients.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-icons-widget-by-wpzoom/"
     google-query: inurl:"/wp-content/plugins/social-icons-widget-by-wpzoom/"
     shodan-query: 'vuln:CVE-2024-30464'
-  tags: cve,wordpress,wp-plugin,social-icons-widget-by-wpzoom,medium
+  tags: cve,wordpress,wp-plugin,social-icons-widget-by-wpzoom,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30465-822954310f58c5920d9c99a5b8f20e8a.yaml b/nuclei-templates/2024/CVE-2024-30465-822954310f58c5920d9c99a5b8f20e8a.yaml
index c636b83996..16b4d30fa4 100644
--- a/nuclei-templates/2024/CVE-2024-30465-822954310f58c5920d9c99a5b8f20e8a.yaml
+++ b/nuclei-templates/2024/CVE-2024-30465-822954310f58c5920d9c99a5b8f20e8a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PageLayer <= 1.8.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PageLayer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the pagelayer_trash_post() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to delete arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagelayer/"
     google-query: inurl:"/wp-content/plugins/pagelayer/"
     shodan-query: 'vuln:CVE-2024-30465'
-  tags: cve,wordpress,wp-plugin,pagelayer,medium
+  tags: cve,wordpress,wp-plugin,pagelayer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30466-405af1244e8e91b41a724bfd16213a75.yaml b/nuclei-templates/2024/CVE-2024-30466-405af1244e8e91b41a724bfd16213a75.yaml
index bc0535f962..cb389213c7 100644
--- a/nuclei-templates/2024/CVE-2024-30466-405af1244e8e91b41a724bfd16213a75.yaml
+++ b/nuclei-templates/2024/CVE-2024-30466-405af1244e8e91b41a724bfd16213a75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Multilingual & Multicurrency <= 5.3.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Multilingual & Multicurrency plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-multilingual/"
     google-query: inurl:"/wp-content/plugins/woocommerce-multilingual/"
     shodan-query: 'vuln:CVE-2024-30466'
-  tags: cve,wordpress,wp-plugin,woocommerce-multilingual,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-multilingual,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30467-86a5e7d3d7ed00baf83310ad8f227a5e.yaml b/nuclei-templates/2024/CVE-2024-30467-86a5e7d3d7ed00baf83310ad8f227a5e.yaml
index a05de7ca5b..481e9ca325 100644
--- a/nuclei-templates/2024/CVE-2024-30467-86a5e7d3d7ed00baf83310ad8f227a5e.yaml
+++ b/nuclei-templates/2024/CVE-2024-30467-86a5e7d3d7ed00baf83310ad8f227a5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks for Gutenberg <= 4.4.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Essential Blocks for Gutenberg plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with contributor-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2024-30467'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30470-982ffbf6beec794e0b1ae79fe9b1aaa9.yaml b/nuclei-templates/2024/CVE-2024-30470-982ffbf6beec794e0b1ae79fe9b1aaa9.yaml
index 164766178a..085c051842 100644
--- a/nuclei-templates/2024/CVE-2024-30470-982ffbf6beec794e0b1ae79fe9b1aaa9.yaml
+++ b/nuclei-templates/2024/CVE-2024-30470-982ffbf6beec794e0b1ae79fe9b1aaa9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH WooCommerce Account Funds Premium <= 1.33.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YITH WooCommerce Account Funds Premium plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.33.0. This makes it possible for authenticated attackers, with customer-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-woocommerce-account-funds-premium/"
     google-query: inurl:"/wp-content/plugins/yith-woocommerce-account-funds-premium/"
     shodan-query: 'vuln:CVE-2024-30470'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-account-funds-premium,medium
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-account-funds-premium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30477-db671eee30eadb2b3e6d738cfc02d4cf.yaml b/nuclei-templates/2024/CVE-2024-30477-db671eee30eadb2b3e6d738cfc02d4cf.yaml
index 376638ec8d..d2eb549e8a 100644
--- a/nuclei-templates/2024/CVE-2024-30477-db671eee30eadb2b3e6d738cfc02d4cf.yaml
+++ b/nuclei-templates/2024/CVE-2024-30477-db671eee30eadb2b3e6d738cfc02d4cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Klarna Payments for WooCommerce <= 3.2.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Klarna Payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/klarna-payments-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/klarna-payments-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-30477'
-  tags: cve,wordpress,wp-plugin,klarna-payments-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,klarna-payments-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30478-5eb89c28ff961004bce910abdba4c1a6.yaml b/nuclei-templates/2024/CVE-2024-30478-5eb89c28ff961004bce910abdba4c1a6.yaml
index 9abdd7b4a0..79727594d1 100644
--- a/nuclei-templates/2024/CVE-2024-30478-5eb89c28ff961004bce910abdba4c1a6.yaml
+++ b/nuclei-templates/2024/CVE-2024-30478-5eb89c28ff961004bce910abdba4c1a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Announcement & Notification Banner Plugin – Bulletin <= 3.8.5 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WordPress Announcement & Notification Banner Plugin – Bulletin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletin-announcements/"
     google-query: inurl:"/wp-content/plugins/bulletin-announcements/"
     shodan-query: 'vuln:CVE-2024-30478'
-  tags: cve,wordpress,wp-plugin,bulletin-announcements,high
+  tags: cve,wordpress,wp-plugin,bulletin-announcements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30483-dfaf8f13c7a5730a90b10c23bd27623b.yaml b/nuclei-templates/2024/CVE-2024-30483-dfaf8f13c7a5730a90b10c23bd27623b.yaml
index c7cf3c8d90..ae58201f5f 100644
--- a/nuclei-templates/2024/CVE-2024-30483-dfaf8f13c7a5730a90b10c23bd27623b.yaml
+++ b/nuclei-templates/2024/CVE-2024-30483-dfaf8f13c7a5730a90b10c23bd27623b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sponsors <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-sponsors/"
     google-query: inurl:"/wp-content/plugins/wp-sponsors/"
     shodan-query: 'vuln:CVE-2024-30483'
-  tags: cve,wordpress,wp-plugin,wp-sponsors,medium
+  tags: cve,wordpress,wp-plugin,wp-sponsors,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30484-f0986ec848116bdaf85ff2fe79a684cc.yaml b/nuclei-templates/2024/CVE-2024-30484-f0986ec848116bdaf85ff2fe79a684cc.yaml
index 0f3e7ac334..2a40bf3b5c 100644
--- a/nuclei-templates/2024/CVE-2024-30484-f0986ec848116bdaf85ff2fe79a684cc.yaml
+++ b/nuclei-templates/2024/CVE-2024-30484-f0986ec848116bdaf85ff2fe79a684cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RT Easy Builder – Advanced addons for Elementor <= 2.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the ajax_activate_plugins() function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-30484'
-  tags: cve,wordpress,wp-plugin,rt-easy-builder-advanced-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,rt-easy-builder-advanced-addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30485-b7d8017025d96230e362095b35be8556.yaml b/nuclei-templates/2024/CVE-2024-30485-b7d8017025d96230e362095b35be8556.yaml
index 4b1a8871b5..02866b83f1 100644
--- a/nuclei-templates/2024/CVE-2024-30485-b7d8017025d96230e362095b35be8556.yaml
+++ b/nuclei-templates/2024/CVE-2024-30485-b7d8017025d96230e362095b35be8556.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Finale Lite <= 2.18.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 2.18.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/"
     google-query: inurl:"/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/"
     shodan-query: 'vuln:CVE-2024-30485'
-  tags: cve,wordpress,wp-plugin,finale-woocommerce-sales-countdown-timer-discount,medium
+  tags: cve,wordpress,wp-plugin,finale-woocommerce-sales-countdown-timer-discount,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30486-15ea5684525ea85792493d1e42c50ee1.yaml b/nuclei-templates/2024/CVE-2024-30486-15ea5684525ea85792493d1e42c50ee1.yaml
index 40878fb114..810a2e3db8 100644
--- a/nuclei-templates/2024/CVE-2024-30486-15ea5684525ea85792493d1e42c50ee1.yaml
+++ b/nuclei-templates/2024/CVE-2024-30486-15ea5684525ea85792493d1e42c50ee1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Media Library Folders plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with author-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-plus/"
     google-query: inurl:"/wp-content/plugins/media-library-plus/"
     shodan-query: 'vuln:CVE-2024-30486'
-  tags: cve,wordpress,wp-plugin,media-library-plus,critical
+  tags: cve,wordpress,wp-plugin,media-library-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30487-48b15a3295f54b70d085f78d5d278b00.yaml b/nuclei-templates/2024/CVE-2024-30487-48b15a3295f54b70d085f78d5d278b00.yaml
index 5507109b9d..7aa7b5dbc0 100644
--- a/nuclei-templates/2024/CVE-2024-30487-48b15a3295f54b70d085f78d5d278b00.yaml
+++ b/nuclei-templates/2024/CVE-2024-30487-48b15a3295f54b70d085f78d5d278b00.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mp3-music-player-by-sonaar/"
     google-query: inurl:"/wp-content/plugins/mp3-music-player-by-sonaar/"
     shodan-query: 'vuln:CVE-2024-30487'
-  tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,medium
+  tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30488-1c48bf4d484ac338c2e58423c802cdcb.yaml b/nuclei-templates/2024/CVE-2024-30488-1c48bf4d484ac338c2e58423c802cdcb.yaml
index fce61db309..fdeca846f5 100644
--- a/nuclei-templates/2024/CVE-2024-30488-1c48bf4d484ac338c2e58423c802cdcb.yaml
+++ b/nuclei-templates/2024/CVE-2024-30488-1c48bf4d484ac338c2e58423c802cdcb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zotpress <= 7.3.7 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Zotpress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 7.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zotpress/"
     google-query: inurl:"/wp-content/plugins/zotpress/"
     shodan-query: 'vuln:CVE-2024-30488'
-  tags: cve,wordpress,wp-plugin,zotpress,critical
+  tags: cve,wordpress,wp-plugin,zotpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30489-55c899bce76676ae0bd2f27011d06ab7.yaml b/nuclei-templates/2024/CVE-2024-30489-55c899bce76676ae0bd2f27011d06ab7.yaml
index 9709926aed..b2ef84562d 100644
--- a/nuclei-templates/2024/CVE-2024-30489-55c899bce76676ae0bd2f27011d06ab7.yaml
+++ b/nuclei-templates/2024/CVE-2024-30489-55c899bce76676ae0bd2f27011d06ab7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WP Cost Estimation & Payment Forms Builder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 10.1.75 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-estimation-form/"
     google-query: inurl:"/wp-content/plugins/wp-estimation-form/"
     shodan-query: 'vuln:CVE-2024-30489'
-  tags: cve,wordpress,wp-plugin,wp-estimation-form,critical
+  tags: cve,wordpress,wp-plugin,wp-estimation-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30491-865589c83192a271d43a839d1c2dd482.yaml b/nuclei-templates/2024/CVE-2024-30491-865589c83192a271d43a839d1c2dd482.yaml
index 1a951c7df8..ebf6ee26d2 100644
--- a/nuclei-templates/2024/CVE-2024-30491-865589c83192a271d43a839d1c2dd482.yaml
+++ b/nuclei-templates/2024/CVE-2024-30491-865589c83192a271d43a839d1c2dd482.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid  <= 5.7.8 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The ProfileGrid  plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2024-30491'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,critical
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30494-60929a68cddca1a94650b63066730255.yaml b/nuclei-templates/2024/CVE-2024-30494-60929a68cddca1a94650b63066730255.yaml
index 2905597300..928bd2c080 100644
--- a/nuclei-templates/2024/CVE-2024-30494-60929a68cddca1a94650b63066730255.yaml
+++ b/nuclei-templates/2024/CVE-2024-30494-60929a68cddca1a94650b63066730255.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OSS Aliyun <= 1.4.10 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The OSS Aliyun plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oss-aliyun/"
     google-query: inurl:"/wp-content/plugins/oss-aliyun/"
     shodan-query: 'vuln:CVE-2024-30494'
-  tags: cve,wordpress,wp-plugin,oss-aliyun,critical
+  tags: cve,wordpress,wp-plugin,oss-aliyun,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30495-32c41bb49a17f6a6d495a0dfbe10790b.yaml b/nuclei-templates/2024/CVE-2024-30495-32c41bb49a17f6a6d495a0dfbe10790b.yaml
index 0e918bba39..d34678e5fb 100644
--- a/nuclei-templates/2024/CVE-2024-30495-32c41bb49a17f6a6d495a0dfbe10790b.yaml
+++ b/nuclei-templates/2024/CVE-2024-30495-32c41bb49a17f6a6d495a0dfbe10790b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Falang multilanguage <= 1.3.47 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Falang multilanguage plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3.47 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/falang/"
     google-query: inurl:"/wp-content/plugins/falang/"
     shodan-query: 'vuln:CVE-2024-30495'
-  tags: cve,wordpress,wp-plugin,falang,high
+  tags: cve,wordpress,wp-plugin,falang,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30496-7e6a3b2c412bc3d13ddc87f480a49f5e.yaml b/nuclei-templates/2024/CVE-2024-30496-7e6a3b2c412bc3d13ddc87f480a49f5e.yaml
index fbeabdb469..405a46f335 100644
--- a/nuclei-templates/2024/CVE-2024-30496-7e6a3b2c412bc3d13ddc87f480a49f5e.yaml
+++ b/nuclei-templates/2024/CVE-2024-30496-7e6a3b2c412bc3d13ddc87f480a49f5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Element Pack Elementor Addons <= 5.5.3 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Element Pack Elementor Addons plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/"
     shodan-query: 'vuln:CVE-2024-30496'
-  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,critical
+  tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30497-00eeb6c21c5d722501b60770e277f490.yaml b/nuclei-templates/2024/CVE-2024-30497-00eeb6c21c5d722501b60770e277f490.yaml
index 8619be1b53..4ed5d7727d 100644
--- a/nuclei-templates/2024/CVE-2024-30497-00eeb6c21c5d722501b60770e277f490.yaml
+++ b/nuclei-templates/2024/CVE-2024-30497-00eeb6c21c5d722501b60770e277f490.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/"
     google-query: inurl:"/wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/"
     shodan-query: 'vuln:CVE-2024-30497'
-  tags: cve,wordpress,wp-plugin,responsive-horizontal-vertical-and-accordion-tabs,critical
+  tags: cve,wordpress,wp-plugin,responsive-horizontal-vertical-and-accordion-tabs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30499-aa8353adb3620cf0044ffd866cd1ea46.yaml b/nuclei-templates/2024/CVE-2024-30499-aa8353adb3620cf0044ffd866cd1ea46.yaml
index 7ae582136b..1ff5ebd354 100644
--- a/nuclei-templates/2024/CVE-2024-30499-aa8353adb3620cf0044ffd866cd1ea46.yaml
+++ b/nuclei-templates/2024/CVE-2024-30499-aa8353adb3620cf0044ffd866cd1ea46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crm-perks-forms/"
     google-query: inurl:"/wp-content/plugins/crm-perks-forms/"
     shodan-query: 'vuln:CVE-2024-30499'
-  tags: cve,wordpress,wp-plugin,crm-perks-forms,critical
+  tags: cve,wordpress,wp-plugin,crm-perks-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30500-c805577cc74fac959884880eefb7ff71.yaml b/nuclei-templates/2024/CVE-2024-30500-c805577cc74fac959884880eefb7ff71.yaml
index 2000b7c31a..03cc7b5730 100644
--- a/nuclei-templates/2024/CVE-2024-30500-c805577cc74fac959884880eefb7ff71.yaml
+++ b/nuclei-templates/2024/CVE-2024-30500-c805577cc74fac959884880eefb7ff71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CubeWP – All-in-One Dynamic Content Framework <= 1.1.12 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cwp_import_data_callback() function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cubewp-framework/"
     google-query: inurl:"/wp-content/plugins/cubewp-framework/"
     shodan-query: 'vuln:CVE-2024-30500'
-  tags: cve,wordpress,wp-plugin,cubewp-framework,critical
+  tags: cve,wordpress,wp-plugin,cubewp-framework,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30501-9ecbfebe7e10d279275667a070df122b.yaml b/nuclei-templates/2024/CVE-2024-30501-9ecbfebe7e10d279275667a070df122b.yaml
index 334b6ef3b9..2232cb12aa 100644
--- a/nuclei-templates/2024/CVE-2024-30501-9ecbfebe7e10d279275667a070df122b.yaml
+++ b/nuclei-templates/2024/CVE-2024-30501-9ecbfebe7e10d279275667a070df122b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 4.9.4 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Download Monitor plugin for WordPress is vulnerable to SQL Injection via the 'limit' parameter in all versions up to 4.9.5 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:CVE-2024-30501'
-  tags: cve,wordpress,wp-plugin,download-monitor,high
+  tags: cve,wordpress,wp-plugin,download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30504-12373fb4bdec1cf1197ea716e420bdce.yaml b/nuclei-templates/2024/CVE-2024-30504-12373fb4bdec1cf1197ea716e420bdce.yaml
index 6f577d5960..bed85420ea 100644
--- a/nuclei-templates/2024/CVE-2024-30504-12373fb4bdec1cf1197ea716e420bdce.yaml
+++ b/nuclei-templates/2024/CVE-2024-30504-12373fb4bdec1cf1197ea716e420bdce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Travel Engine <= 5.7.9 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WP Travel Engine plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-travel-engine/"
     google-query: inurl:"/wp-content/plugins/wp-travel-engine/"
     shodan-query: 'vuln:CVE-2024-30504'
-  tags: cve,wordpress,wp-plugin,wp-travel-engine,critical
+  tags: cve,wordpress,wp-plugin,wp-travel-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30505-dd67ce4e359afe3a28fa3105db87a235.yaml b/nuclei-templates/2024/CVE-2024-30505-dd67ce4e359afe3a28fa3105db87a235.yaml
index 4009271b55..cd2084c170 100644
--- a/nuclei-templates/2024/CVE-2024-30505-dd67ce4e359afe3a28fa3105db87a235.yaml
+++ b/nuclei-templates/2024/CVE-2024-30505-dd67ce4e359afe3a28fa3105db87a235.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Church Admin <= 4.1.18 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Church Admin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 4.1.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/church-admin/"
     google-query: inurl:"/wp-content/plugins/church-admin/"
     shodan-query: 'vuln:CVE-2024-30505'
-  tags: cve,wordpress,wp-plugin,church-admin,medium
+  tags: cve,wordpress,wp-plugin,church-admin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30507-bc5e92508a73c7bd5e881af5254740d1.yaml b/nuclei-templates/2024/CVE-2024-30507-bc5e92508a73c7bd5e881af5254740d1.yaml
index ec96397048..d7a28c6c18 100644
--- a/nuclei-templates/2024/CVE-2024-30507-bc5e92508a73c7bd5e881af5254740d1.yaml
+++ b/nuclei-templates/2024/CVE-2024-30507-bc5e92508a73c7bd5e881af5254740d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Molongui <= 4.7.7 - Authenticated (Author+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.7.7 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/molongui-authorship/"
     google-query: inurl:"/wp-content/plugins/molongui-authorship/"
     shodan-query: 'vuln:CVE-2024-30507'
-  tags: cve,wordpress,wp-plugin,molongui-authorship,medium
+  tags: cve,wordpress,wp-plugin,molongui-authorship,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30508-e2b770c20c0fc55c7a4f89e727dd45de.yaml b/nuclei-templates/2024/CVE-2024-30508-e2b770c20c0fc55c7a4f89e727dd45de.yaml
index 3386ec40d9..d65f8c0a7b 100644
--- a/nuclei-templates/2024/CVE-2024-30508-e2b770c20c0fc55c7a4f89e727dd45de.yaml
+++ b/nuclei-templates/2024/CVE-2024-30508-e2b770c20c0fc55c7a4f89e727dd45de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Hotel Booking <= 2.0.9.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.0.9.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-hotel-booking/"
     google-query: inurl:"/wp-content/plugins/wp-hotel-booking/"
     shodan-query: 'vuln:CVE-2024-30508'
-  tags: cve,wordpress,wp-plugin,wp-hotel-booking,medium
+  tags: cve,wordpress,wp-plugin,wp-hotel-booking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30509-eb3ea92b0c5a4b0e8e1f707fd264374b.yaml b/nuclei-templates/2024/CVE-2024-30509-eb3ea92b0c5a4b0e8e1f707fd264374b.yaml
index 15e27ea5c3..019b1d6b0f 100644
--- a/nuclei-templates/2024/CVE-2024-30509-eb3ea92b0c5a4b0e8e1f707fd264374b.yaml
+++ b/nuclei-templates/2024/CVE-2024-30509-eb3ea92b0c5a4b0e8e1f707fd264374b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SellKit <= 1.8.1 - Authenticated (Subscriber+) Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 1.8.1. This is due to insufficient file validation in the handle_file_download function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sellkit/"
     google-query: inurl:"/wp-content/plugins/sellkit/"
     shodan-query: 'vuln:CVE-2024-30509'
-  tags: cve,wordpress,wp-plugin,sellkit,medium
+  tags: cve,wordpress,wp-plugin,sellkit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30512-38f8a2f1ccb6fa8679c01ae474dc43d3.yaml b/nuclei-templates/2024/CVE-2024-30512-38f8a2f1ccb6fa8679c01ae474dc43d3.yaml
index f58e41fb40..9dd30c0787 100644
--- a/nuclei-templates/2024/CVE-2024-30512-38f8a2f1ccb6fa8679c01ae474dc43d3.yaml
+++ b/nuclei-templates/2024/CVE-2024-30512-38f8a2f1ccb6fa8679c01ae474dc43d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     weForms <= 1.6.20 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The weForms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handle_frontend_submission() function in versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to submit forms that are not open. CVE-2024-32512 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weforms/"
     google-query: inurl:"/wp-content/plugins/weforms/"
     shodan-query: 'vuln:CVE-2024-30512'
-  tags: cve,wordpress,wp-plugin,weforms,medium
+  tags: cve,wordpress,wp-plugin,weforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30513-8781e1672be1a467451ab0b40e4c7713.yaml b/nuclei-templates/2024/CVE-2024-30513-8781e1672be1a467451ab0b40e4c7713.yaml
index 240c007e2a..4298ead2fb 100644
--- a/nuclei-templates/2024/CVE-2024-30513-8781e1672be1a467451ab0b40e4c7713.yaml
+++ b/nuclei-templates/2024/CVE-2024-30513-8781e1672be1a467451ab0b40e4c7713.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid  <= 5.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.2 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2024-30513'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30515-644174d3b6cb573b8ad1e776e7aafb01.yaml b/nuclei-templates/2024/CVE-2024-30515-644174d3b6cb573b8ad1e776e7aafb01.yaml
index c840675e61..1b5365c5f2 100644
--- a/nuclei-templates/2024/CVE-2024-30515-644174d3b6cb573b8ad1e776e7aafb01.yaml
+++ b/nuclei-templates/2024/CVE-2024-30515-644174d3b6cb573b8ad1e776e7aafb01.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Manager <= 6.4.6.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 6.4.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-manager/"
     google-query: inurl:"/wp-content/plugins/events-manager/"
     shodan-query: 'vuln:CVE-2024-30515'
-  tags: cve,wordpress,wp-plugin,events-manager,medium
+  tags: cve,wordpress,wp-plugin,events-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30517-3f5afe1c06de95e459f12d16b7792b0b.yaml b/nuclei-templates/2024/CVE-2024-30517-3f5afe1c06de95e459f12d16b7792b0b.yaml
index bfca924e1c..e4509dbce9 100644
--- a/nuclei-templates/2024/CVE-2024-30517-3f5afe1c06de95e459f12d16b7792b0b.yaml
+++ b/nuclei-templates/2024/CVE-2024-30517-3f5afe1c06de95e459f12d16b7792b0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sliced Invoices <= 3.9.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sliced Invoices plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sure_to_email() function in versions up to, and including, 3.9.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sliced-invoices/"
     google-query: inurl:"/wp-content/plugins/sliced-invoices/"
     shodan-query: 'vuln:CVE-2024-30517'
-  tags: cve,wordpress,wp-plugin,sliced-invoices,medium
+  tags: cve,wordpress,wp-plugin,sliced-invoices,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30519-6765d661ee89fff8539766bb02e51a4e.yaml b/nuclei-templates/2024/CVE-2024-30519-6765d661ee89fff8539766bb02e51a4e.yaml
index 88e11cba42..2a150eb220 100644
--- a/nuclei-templates/2024/CVE-2024-30519-6765d661ee89fff8539766bb02e51a4e.yaml
+++ b/nuclei-templates/2024/CVE-2024-30519-6765d661ee89fff8539766bb02e51a4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lordicon Animated Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Lordicon Animated Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lordicon-interactive-icons/"
     google-query: inurl:"/wp-content/plugins/lordicon-interactive-icons/"
     shodan-query: 'vuln:CVE-2024-30519'
-  tags: cve,wordpress,wp-plugin,lordicon-interactive-icons,medium
+  tags: cve,wordpress,wp-plugin,lordicon-interactive-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30520-894cd49c8916bb82c60619f3c2cf8165.yaml b/nuclei-templates/2024/CVE-2024-30520-894cd49c8916bb82c60619f3c2cf8165.yaml
index 0f381f0c9a..c087bf20f5 100644
--- a/nuclei-templates/2024/CVE-2024-30520-894cd49c8916bb82c60619f3c2cf8165.yaml
+++ b/nuclei-templates/2024/CVE-2024-30520-894cd49c8916bb82c60619f3c2cf8165.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carousel Anything For WPBakery Page Builder <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Carousel Anything For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/carousel-anything/"
     google-query: inurl:"/wp-content/plugins/carousel-anything/"
     shodan-query: 'vuln:CVE-2024-30520'
-  tags: cve,wordpress,wp-plugin,carousel-anything,medium
+  tags: cve,wordpress,wp-plugin,carousel-anything,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30524-8b4bc04c0594b1b6d09d20b68880906b.yaml b/nuclei-templates/2024/CVE-2024-30524-8b4bc04c0594b1b6d09d20b68880906b.yaml
index 1e24429952..7c67dd04ba 100644
--- a/nuclei-templates/2024/CVE-2024-30524-8b4bc04c0594b1b6d09d20b68880906b.yaml
+++ b/nuclei-templates/2024/CVE-2024-30524-8b4bc04c0594b1b6d09d20b68880906b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-viewer-for-elementor/"
     google-query: inurl:"/wp-content/plugins/pdf-viewer-for-elementor/"
     shodan-query: 'vuln:CVE-2024-30524'
-  tags: cve,wordpress,wp-plugin,pdf-viewer-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,pdf-viewer-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30525-b4011099159d4b47f74f5b5034151fc1.yaml b/nuclei-templates/2024/CVE-2024-30525-b4011099159d4b47f74f5b5034151fc1.yaml
index cb6d418e64..e454bffd47 100644
--- a/nuclei-templates/2024/CVE-2024-30525-b4011099159d4b47f74f5b5034151fc1.yaml
+++ b/nuclei-templates/2024/CVE-2024-30525-b4011099159d4b47f74f5b5034151fc1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Move Addons for Elementor <= 1.2.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Move Addons for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/move-addons/"
     google-query: inurl:"/wp-content/plugins/move-addons/"
     shodan-query: 'vuln:CVE-2024-30525'
-  tags: cve,wordpress,wp-plugin,move-addons,medium
+  tags: cve,wordpress,wp-plugin,move-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30528-08f37baf7169a857040ffc59c0868398.yaml b/nuclei-templates/2024/CVE-2024-30528-08f37baf7169a857040ffc59c0868398.yaml
index 476ae779fa..36a1ecb501 100644
--- a/nuclei-templates/2024/CVE-2024-30528-08f37baf7169a857040ffc59c0868398.yaml
+++ b/nuclei-templates/2024/CVE-2024-30528-08f37baf7169a857040ffc59c0868398.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spiffy Calendar <= 4.9.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Spiffy Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the admin_menu_output() function in versions up to, and including, 4.9.10. This makes it possible for authenticated attackers, with contributor-level access and above, to update an option.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spiffy-calendar/"
     google-query: inurl:"/wp-content/plugins/spiffy-calendar/"
     shodan-query: 'vuln:CVE-2024-30528'
-  tags: cve,wordpress,wp-plugin,spiffy-calendar,medium
+  tags: cve,wordpress,wp-plugin,spiffy-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30529-8e6b1c0313de5c2d10a529693b2cd5e4.yaml b/nuclei-templates/2024/CVE-2024-30529-8e6b1c0313de5c2d10a529693b2cd5e4.yaml
index 2415dee347..649292f8ca 100644
--- a/nuclei-templates/2024/CVE-2024-30529-8e6b1c0313de5c2d10a529693b2cd5e4.yaml
+++ b/nuclei-templates/2024/CVE-2024-30529-8e6b1c0313de5c2d10a529693b2cd5e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tainacan <= 0.20.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tainacan plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 0.20.7. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tainacan/"
     google-query: inurl:"/wp-content/plugins/tainacan/"
     shodan-query: 'vuln:CVE-2024-30529'
-  tags: cve,wordpress,wp-plugin,tainacan,medium
+  tags: cve,wordpress,wp-plugin,tainacan,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3053-42f191921072c4fed5defc1af6bdccae.yaml b/nuclei-templates/2024/CVE-2024-3053-42f191921072c4fed5defc1af6bdccae.yaml
index 79914dd00f..7c62974664 100644
--- a/nuclei-templates/2024/CVE-2024-3053-42f191921072c4fed5defc1af6bdccae.yaml
+++ b/nuclei-templates/2024/CVE-2024-3053-42f191921072c4fed5defc1af6bdccae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forminator/"
     google-query: inurl:"/wp-content/plugins/forminator/"
     shodan-query: 'vuln:CVE-2024-3053'
-  tags: cve,wordpress,wp-plugin,forminator,medium
+  tags: cve,wordpress,wp-plugin,forminator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30530-8661844c33fd37e07467aee782d9dedc.yaml b/nuclei-templates/2024/CVE-2024-30530-8661844c33fd37e07467aee782d9dedc.yaml
index 332627e4da..6e1178d508 100644
--- a/nuclei-templates/2024/CVE-2024-30530-8661844c33fd37e07467aee782d9dedc.yaml
+++ b/nuclei-templates/2024/CVE-2024-30530-8661844c33fd37e07467aee782d9dedc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mp3-music-player-by-sonaar/"
     google-query: inurl:"/wp-content/plugins/mp3-music-player-by-sonaar/"
     shodan-query: 'vuln:CVE-2024-30530'
-  tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,medium
+  tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30531-ca8f431f36e53f60c13e3a9b6d7eff7f.yaml b/nuclei-templates/2024/CVE-2024-30531-ca8f431f36e53f60c13e3a9b6d7eff7f.yaml
index 61871fa134..f7bab2cf86 100644
--- a/nuclei-templates/2024/CVE-2024-30531-ca8f431f36e53f60c13e3a9b6d7eff7f.yaml
+++ b/nuclei-templates/2024/CVE-2024-30531-ca8f431f36e53f60c13e3a9b6d7eff7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nelio Content <= 3.2.0 - Authenticated (Contributor+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Nelio Content – Best Editorial Calendar & Social Media Scheduling plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nelio-content/"
     google-query: inurl:"/wp-content/plugins/nelio-content/"
     shodan-query: 'vuln:CVE-2024-30531'
-  tags: cve,wordpress,wp-plugin,nelio-content,medium
+  tags: cve,wordpress,wp-plugin,nelio-content,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30533-64461a08e8c73126cafa25fcfb24f7b4.yaml b/nuclei-templates/2024/CVE-2024-30533-64461a08e8c73126cafa25fcfb24f7b4.yaml
index c3513a85fd..be0f76fc03 100644
--- a/nuclei-templates/2024/CVE-2024-30533-64461a08e8c73126cafa25fcfb24f7b4.yaml
+++ b/nuclei-templates/2024/CVE-2024-30533-64461a08e8c73126cafa25fcfb24f7b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Layouts for Elementor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the handle_import() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to upload arbitrary files that can be used to achieve remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/layouts-for-elementor/"
     google-query: inurl:"/wp-content/plugins/layouts-for-elementor/"
     shodan-query: 'vuln:CVE-2024-30533'
-  tags: cve,wordpress,wp-plugin,layouts-for-elementor,critical
+  tags: cve,wordpress,wp-plugin,layouts-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30534-7ca52430035acd6a97700e0a1293791e.yaml b/nuclei-templates/2024/CVE-2024-30534-7ca52430035acd6a97700e0a1293791e.yaml
index d0ca331a49..b6879099ef 100644
--- a/nuclei-templates/2024/CVE-2024-30534-7ca52430035acd6a97700e0a1293791e.yaml
+++ b/nuclei-templates/2024/CVE-2024-30534-7ca52430035acd6a97700e0a1293791e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calendarista Basic Edition <= 3.0.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Calendarista Basic Edition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calendarista-basic-edition/"
     google-query: inurl:"/wp-content/plugins/calendarista-basic-edition/"
     shodan-query: 'vuln:CVE-2024-30534'
-  tags: cve,wordpress,wp-plugin,calendarista-basic-edition,medium
+  tags: cve,wordpress,wp-plugin,calendarista-basic-edition,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30535-bdcfb7f870a9c9d99dad2a66d5149c6d.yaml b/nuclei-templates/2024/CVE-2024-30535-bdcfb7f870a9c9d99dad2a66d5149c6d.yaml
index 4f902ce3e9..82ae5d161a 100644
--- a/nuclei-templates/2024/CVE-2024-30535-bdcfb7f870a9c9d99dad2a66d5149c6d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30535-bdcfb7f870a9c9d99dad2a66d5149c6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Form Builder <= 3.7.4 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Easy Form Builder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.7.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-form-builder/"
     google-query: inurl:"/wp-content/plugins/easy-form-builder/"
     shodan-query: 'vuln:CVE-2024-30535'
-  tags: cve,wordpress,wp-plugin,easy-form-builder,critical
+  tags: cve,wordpress,wp-plugin,easy-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30537-0c0c3155e7f5976c6ad290b0d35fa570.yaml b/nuclei-templates/2024/CVE-2024-30537-0c0c3155e7f5976c6ad290b0d35fa570.yaml
index 256fdd3119..18679c3818 100644
--- a/nuclei-templates/2024/CVE-2024-30537-0c0c3155e7f5976c6ad290b0d35fa570.yaml
+++ b/nuclei-templates/2024/CVE-2024-30537-0c0c3155e7f5976c6ad290b0d35fa570.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPC Badge Management for WooCommerce <= 2.4.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpc-badge-management/"
     google-query: inurl:"/wp-content/plugins/wpc-badge-management/"
     shodan-query: 'vuln:CVE-2024-30537'
-  tags: cve,wordpress,wp-plugin,wpc-badge-management,medium
+  tags: cve,wordpress,wp-plugin,wpc-badge-management,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30538-5457d1ce3892ed5603310b359ae787b8.yaml b/nuclei-templates/2024/CVE-2024-30538-5457d1ce3892ed5603310b359ae787b8.yaml
index 2e5ce8cf85..508609773b 100644
--- a/nuclei-templates/2024/CVE-2024-30538-5457d1ce3892ed5603310b359ae787b8.yaml
+++ b/nuclei-templates/2024/CVE-2024-30538-5457d1ce3892ed5603310b359ae787b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DELUCKS SEO <= 2.5.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The DELUCKS SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_reason() function in versions up to, and including, 2.5.4. This makes it possible for unauthenticated attackers to send an uninstall reason to the plugin's vendor on behalf of the site owner.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/delucks-seo/"
     google-query: inurl:"/wp-content/plugins/delucks-seo/"
     shodan-query: 'vuln:CVE-2024-30538'
-  tags: cve,wordpress,wp-plugin,delucks-seo,medium
+  tags: cve,wordpress,wp-plugin,delucks-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30539-8712cc1632e225c594b19df34ae596ee.yaml b/nuclei-templates/2024/CVE-2024-30539-8712cc1632e225c594b19df34ae596ee.yaml
index 2e2697869b..3662976890 100644
--- a/nuclei-templates/2024/CVE-2024-30539-8712cc1632e225c594b19df34ae596ee.yaml
+++ b/nuclei-templates/2024/CVE-2024-30539-8712cc1632e225c594b19df34ae596ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Awesome Support <= 6.1.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Awesome Support plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 6.1.7. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-support/"
     google-query: inurl:"/wp-content/plugins/awesome-support/"
     shodan-query: 'vuln:CVE-2024-30539'
-  tags: cve,wordpress,wp-plugin,awesome-support,medium
+  tags: cve,wordpress,wp-plugin,awesome-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3054-ed94652247c936f26c87589210c8b78f.yaml b/nuclei-templates/2024/CVE-2024-3054-ed94652247c936f26c87589210c8b78f.yaml
index 236cc54853..7979f138b9 100644
--- a/nuclei-templates/2024/CVE-2024-3054-ed94652247c936f26c87589210c8b78f.yaml
+++ b/nuclei-templates/2024/CVE-2024-3054-ed94652247c936f26c87589210c8b78f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the tree_node[node][id] parameter. This makes it possible for authenticated attackers, with admin-level access and above, to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:CVE-2024-3054'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,high
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30543-41404190c9a7f512053b049611a997bf.yaml b/nuclei-templates/2024/CVE-2024-30543-41404190c9a7f512053b049611a997bf.yaml
index 87a498099d..c509bbcdb0 100644
--- a/nuclei-templates/2024/CVE-2024-30543-41404190c9a7f512053b049611a997bf.yaml
+++ b/nuclei-templates/2024/CVE-2024-30543-41404190c9a7f512053b049611a997bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Whizzy <= 1.1.18 - Authenticated (Subscriber+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Whizzy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.18 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/whizzy/"
     google-query: inurl:"/wp-content/plugins/whizzy/"
     shodan-query: 'vuln:CVE-2024-30543'
-  tags: cve,wordpress,wp-plugin,whizzy,medium
+  tags: cve,wordpress,wp-plugin,whizzy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30544-6ab5c2b9e9da3c807bbb85a9044847fe.yaml b/nuclei-templates/2024/CVE-2024-30544-6ab5c2b9e9da3c807bbb85a9044847fe.yaml
index 2e273aad0e..e6c1d35659 100644
--- a/nuclei-templates/2024/CVE-2024-30544-6ab5c2b9e9da3c807bbb85a9044847fe.yaml
+++ b/nuclei-templates/2024/CVE-2024-30544-6ab5c2b9e9da3c807bbb85a9044847fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Whizzy <= 1.1.18 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Whizzy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.18. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/whizzy/"
     google-query: inurl:"/wp-content/plugins/whizzy/"
     shodan-query: 'vuln:CVE-2024-30544'
-  tags: cve,wordpress,wp-plugin,whizzy,medium
+  tags: cve,wordpress,wp-plugin,whizzy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30548-931565033fc7a18f04b3f4a474f02d5f.yaml b/nuclei-templates/2024/CVE-2024-30548-931565033fc7a18f04b3f4a474f02d5f.yaml
index bec9efc003..f4314dc6d7 100644
--- a/nuclei-templates/2024/CVE-2024-30548-931565033fc7a18f04b3f4a474f02d5f.yaml
+++ b/nuclei-templates/2024/CVE-2024-30548-931565033fc7a18f04b3f4a474f02d5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     underConstruction <= 1.21 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The underConstruction plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/underconstruction/"
     google-query: inurl:"/wp-content/plugins/underconstruction/"
     shodan-query: 'vuln:CVE-2024-30548'
-  tags: cve,wordpress,wp-plugin,underconstruction,medium
+  tags: cve,wordpress,wp-plugin,underconstruction,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30549-6077f7a94c87d9a1b005a233e3c6fd5d.yaml b/nuclei-templates/2024/CVE-2024-30549-6077f7a94c87d9a1b005a233e3c6fd5d.yaml
index b2d201e3f3..62b9266127 100644
--- a/nuclei-templates/2024/CVE-2024-30549-6077f7a94c87d9a1b005a233e3c6fd5d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30549-6077f7a94c87d9a1b005a233e3c6fd5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Forms by Cimatti <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-forms/"
     google-query: inurl:"/wp-content/plugins/contact-forms/"
     shodan-query: 'vuln:CVE-2024-30549'
-  tags: cve,wordpress,wp-plugin,contact-forms,medium
+  tags: cve,wordpress,wp-plugin,contact-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3055-2304b21574018f9296b7348b5813fb8e.yaml b/nuclei-templates/2024/CVE-2024-3055-2304b21574018f9296b7348b5813fb8e.yaml
index 126ed7bca1..375b593304 100644
--- a/nuclei-templates/2024/CVE-2024-3055-2304b21574018f9296b7348b5813fb8e.yaml
+++ b/nuclei-templates/2024/CVE-2024-3055-2304b21574018f9296b7348b5813fb8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/"
     google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3055'
-  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,high
+  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30552-2bf5272ec6d886fad7b7b1d47db7c04d.yaml b/nuclei-templates/2024/CVE-2024-30552-2bf5272ec6d886fad7b7b1d47db7c04d.yaml
index bde8bd85b6..ba3fb59612 100644
--- a/nuclei-templates/2024/CVE-2024-30552-2bf5272ec6d886fad7b7b1d47db7c04d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30552-2bf5272ec6d886fad7b7b1d47db7c04d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive flipbook <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive flipbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wppdf/"
     google-query: inurl:"/wp-content/plugins/wppdf/"
     shodan-query: 'vuln:CVE-2024-30552'
-  tags: cve,wordpress,wp-plugin,wppdf,medium
+  tags: cve,wordpress,wp-plugin,wppdf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30553-f762f226f7d0453e8c9973d68200bc39.yaml b/nuclei-templates/2024/CVE-2024-30553-f762f226f7d0453e8c9973d68200bc39.yaml
index 12360a5c88..bdb68505d6 100644
--- a/nuclei-templates/2024/CVE-2024-30553-f762f226f7d0453e8c9973d68200bc39.yaml
+++ b/nuclei-templates/2024/CVE-2024-30553-f762f226f7d0453e8c9973d68200bc39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Twitter Mega Fan Box Widget  <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Twitter Mega Fan Box Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-twitter-mega-fan-box/"
     google-query: inurl:"/wp-content/plugins/wp-twitter-mega-fan-box/"
     shodan-query: 'vuln:CVE-2024-30553'
-  tags: cve,wordpress,wp-plugin,wp-twitter-mega-fan-box,medium
+  tags: cve,wordpress,wp-plugin,wp-twitter-mega-fan-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30554-ab9e9f7a6a475ad09ac9f13cde54db19.yaml b/nuclei-templates/2024/CVE-2024-30554-ab9e9f7a6a475ad09ac9f13cde54db19.yaml
index 7cb6e3edba..2d5c25d9a2 100644
--- a/nuclei-templates/2024/CVE-2024-30554-ab9e9f7a6a475ad09ac9f13cde54db19.yaml
+++ b/nuclei-templates/2024/CVE-2024-30554-ab9e9f7a6a475ad09ac9f13cde54db19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DD Rating <= 1.7.1 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DD Rating plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dd-rating/"
     google-query: inurl:"/wp-content/plugins/dd-rating/"
     shodan-query: 'vuln:CVE-2024-30554'
-  tags: cve,wordpress,wp-plugin,dd-rating,medium
+  tags: cve,wordpress,wp-plugin,dd-rating,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30555-507dc7ea634baa930020adb83f291cb6.yaml b/nuclei-templates/2024/CVE-2024-30555-507dc7ea634baa930020adb83f291cb6.yaml
index ee17ada8c9..e4235a8843 100644
--- a/nuclei-templates/2024/CVE-2024-30555-507dc7ea634baa930020adb83f291cb6.yaml
+++ b/nuclei-templates/2024/CVE-2024-30555-507dc7ea634baa930020adb83f291cb6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Social Comments – Email Notification & Lazy Load <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Social Comments – Email Notification & Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-facebook-comments/"
     google-query: inurl:"/wp-content/plugins/ultimate-facebook-comments/"
     shodan-query: 'vuln:CVE-2024-30555'
-  tags: cve,wordpress,wp-plugin,ultimate-facebook-comments,medium
+  tags: cve,wordpress,wp-plugin,ultimate-facebook-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30556-fcb752a84e136c08d10cbe281ed9acb9.yaml b/nuclei-templates/2024/CVE-2024-30556-fcb752a84e136c08d10cbe281ed9acb9.yaml
index 221a5fb4a6..df2b61c2b9 100644
--- a/nuclei-templates/2024/CVE-2024-30556-fcb752a84e136c08d10cbe281ed9acb9.yaml
+++ b/nuclei-templates/2024/CVE-2024-30556-fcb752a84e136c08d10cbe281ed9acb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mighty Classic Pros And Cons <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mighty Classic Pros And Cons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/joomdev-wp-pros-cons/"
     google-query: inurl:"/wp-content/plugins/joomdev-wp-pros-cons/"
     shodan-query: 'vuln:CVE-2024-30556'
-  tags: cve,wordpress,wp-plugin,joomdev-wp-pros-cons,medium
+  tags: cve,wordpress,wp-plugin,joomdev-wp-pros-cons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30557-d882520450a9e95c908e1ad71ca03592.yaml b/nuclei-templates/2024/CVE-2024-30557-d882520450a9e95c908e1ad71ca03592.yaml
index 82096b9486..5dc02f1b27 100644
--- a/nuclei-templates/2024/CVE-2024-30557-d882520450a9e95c908e1ad71ca03592.yaml
+++ b/nuclei-templates/2024/CVE-2024-30557-d882520450a9e95c908e1ad71ca03592.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Aesop Story Engine <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Aesop Story Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aesop-story-engine/"
     google-query: inurl:"/wp-content/plugins/aesop-story-engine/"
     shodan-query: 'vuln:CVE-2024-30557'
-  tags: cve,wordpress,wp-plugin,aesop-story-engine,medium
+  tags: cve,wordpress,wp-plugin,aesop-story-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-30559-8be8bdb7ee929f691ca61327631de08d.yaml b/nuclei-templates/2024/CVE-2024-30559-8be8bdb7ee929f691ca61327631de08d.yaml
index b78d4b24e1..321df22100 100644
--- a/nuclei-templates/2024/CVE-2024-30559-8be8bdb7ee929f691ca61327631de08d.yaml
+++ b/nuclei-templates/2024/CVE-2024-30559-8be8bdb7ee929f691ca61327631de08d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spin 360 deg and 3D Model Viewer <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Spin 360 deg and 3D Model Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spin360/"
     google-query: inurl:"/wp-content/plugins/spin360/"
     shodan-query: 'vuln:CVE-2024-30559'
-  tags: cve,wordpress,wp-plugin,spin360,medium
+  tags: cve,wordpress,wp-plugin,spin360,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3060-eca3d823dd426887bd9194913fe758fe.yaml b/nuclei-templates/2024/CVE-2024-3060-eca3d823dd426887bd9194913fe758fe.yaml
index 098eb48938..ecd09355fa 100644
--- a/nuclei-templates/2024/CVE-2024-3060-eca3d823dd426887bd9194913fe758fe.yaml
+++ b/nuclei-templates/2024/CVE-2024-3060-eca3d823dd426887bd9194913fe758fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The ENL Newsletter plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enl-newsletter/"
     google-query: inurl:"/wp-content/plugins/enl-newsletter/"
     shodan-query: 'vuln:CVE-2024-3060'
-  tags: cve,wordpress,wp-plugin,enl-newsletter,critical
+  tags: cve,wordpress,wp-plugin,enl-newsletter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3061-4d5b5eea5b0d303e259444505b764438.yaml b/nuclei-templates/2024/CVE-2024-3061-4d5b5eea5b0d303e259444505b764438.yaml
index 94582fbee2..c33648cad1 100644
--- a/nuclei-templates/2024/CVE-2024-3061-4d5b5eea5b0d303e259444505b764438.yaml
+++ b/nuclei-templates/2024/CVE-2024-3061-4d5b5eea5b0d303e259444505b764438.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.2 - Authenticated (Admin+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-products-filter/"
     google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/"
     shodan-query: 'vuln:CVE-2024-3061'
-  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,high
+  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3064-cebe60a1cf2dde46346583e6502d2df4.yaml b/nuclei-templates/2024/CVE-2024-3064-cebe60a1cf2dde46346583e6502d2df4.yaml
index 7e69a8d149..f10d5e5c99 100644
--- a/nuclei-templates/2024/CVE-2024-3064-cebe60a1cf2dde46346583e6502d2df4.yaml
+++ b/nuclei-templates/2024/CVE-2024-3064-cebe60a1cf2dde46346583e6502d2df4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stax-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/stax-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3064'
-  tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3067-68254971cbcf2fc6d5bd7c51c76b34c5.yaml b/nuclei-templates/2024/CVE-2024-3067-68254971cbcf2fc6d5bd7c51c76b34c5.yaml
index a4dece9fe2..a3b390ca1c 100644
--- a/nuclei-templates/2024/CVE-2024-3067-68254971cbcf2fc6d5bd7c51c76b34c5.yaml
+++ b/nuclei-templates/2024/CVE-2024-3067-68254971cbcf2fc6d5bd7c51c76b34c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can also be used by unauthenticated attackers to inject malicious web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-product-feed-manager/"
     google-query: inurl:"/wp-content/plugins/wp-product-feed-manager/"
     shodan-query: 'vuln:CVE-2024-3067'
-  tags: cve,wordpress,wp-plugin,wp-product-feed-manager,high
+  tags: cve,wordpress,wp-plugin,wp-product-feed-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3068-f388cd40277e7ac72bbf02fcf8235c63.yaml b/nuclei-templates/2024/CVE-2024-3068-f388cd40277e7ac72bbf02fcf8235c63.yaml
index c3aa8dfbea..12f3dae42a 100644
--- a/nuclei-templates/2024/CVE-2024-3068-f388cd40277e7ac72bbf02fcf8235c63.yaml
+++ b/nuclei-templates/2024/CVE-2024-3068-f388cd40277e7ac72bbf02fcf8235c63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Field Suite <= 2.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-field-suite/"
     google-query: inurl:"/wp-content/plugins/custom-field-suite/"
     shodan-query: 'vuln:CVE-2024-3068'
-  tags: cve,wordpress,wp-plugin,custom-field-suite,medium
+  tags: cve,wordpress,wp-plugin,custom-field-suite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3071-e066b94b3267fad45f35322be08f0f07.yaml b/nuclei-templates/2024/CVE-2024-3071-e066b94b3267fad45f35322be08f0f07.yaml
index 29d51737f2..17e918daca 100644
--- a/nuclei-templates/2024/CVE-2024-3071-e066b94b3267fad45f35322be08f0f07.yaml
+++ b/nuclei-templates/2024/CVE-2024-3071-e066b94b3267fad45f35322be08f0f07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ACF On-The-Go <= 1.0.1 -  Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfg_update_fields() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary post titles, descriptions, and ACF values.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acf-on-the-go/"
     google-query: inurl:"/wp-content/plugins/acf-on-the-go/"
     shodan-query: 'vuln:CVE-2024-3071'
-  tags: cve,wordpress,wp-plugin,acf-on-the-go,medium
+  tags: cve,wordpress,wp-plugin,acf-on-the-go,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3072-f830b550290522c771fc5d5f581ec239.yaml b/nuclei-templates/2024/CVE-2024-3072-f830b550290522c771fc5d5f581ec239.yaml
index f878f13baa..c39bca3c8e 100644
--- a/nuclei-templates/2024/CVE-2024-3072-f830b550290522c771fc5d5f581ec239.yaml
+++ b/nuclei-templates/2024/CVE-2024-3072-f830b550290522c771fc5d5f581ec239.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary post title, content, and ACF data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acf-front-end-editor/"
     google-query: inurl:"/wp-content/plugins/acf-front-end-editor/"
     shodan-query: 'vuln:CVE-2024-3072'
-  tags: cve,wordpress,wp-plugin,acf-front-end-editor,medium
+  tags: cve,wordpress,wp-plugin,acf-front-end-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3074-c24b6fa8b7a5214338fb56e211d63730.yaml b/nuclei-templates/2024/CVE-2024-3074-c24b6fa8b7a5214338fb56e211d63730.yaml
index 555f1ea190..8cbfa82e78 100644
--- a/nuclei-templates/2024/CVE-2024-3074-c24b6fa8b7a5214338fb56e211d63730.yaml
+++ b/nuclei-templates/2024/CVE-2024-3074-c24b6fa8b7a5214338fb56e211d63730.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor ImageBox <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor ImageBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image box widget in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fd-elementor-imagebox/"
     google-query: inurl:"/wp-content/plugins/fd-elementor-imagebox/"
     shodan-query: 'vuln:CVE-2024-3074'
-  tags: cve,wordpress,wp-plugin,fd-elementor-imagebox,medium
+  tags: cve,wordpress,wp-plugin,fd-elementor-imagebox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3075-bbfbe8576da0ded63051e9606f0a7198.yaml b/nuclei-templates/2024/CVE-2024-3075-bbfbe8576da0ded63051e9606f0a7198.yaml
index 2ddce075ca..36ec03ba36 100644
--- a/nuclei-templates/2024/CVE-2024-3075-bbfbe8576da0ded63051e9606f0a7198.yaml
+++ b/nuclei-templates/2024/CVE-2024-3075-bbfbe8576da0ded63051e9606f0a7198.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MM-email2image <= 0.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MM-email2image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 0.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mm-email2image/"
     google-query: inurl:"/wp-content/plugins/mm-email2image/"
     shodan-query: 'vuln:CVE-2024-3075'
-  tags: cve,wordpress,wp-plugin,mm-email2image,medium
+  tags: cve,wordpress,wp-plugin,mm-email2image,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3097-2964883e1950fef80d801f06f14eb92b.yaml b/nuclei-templates/2024/CVE-2024-3097-2964883e1950fef80d801f06f14eb92b.yaml
index c3216bf257..504745cf28 100644
--- a/nuclei-templates/2024/CVE-2024-3097-2964883e1950fef80d801f06f14eb92b.yaml
+++ b/nuclei-templates/2024/CVE-2024-3097-2964883e1950fef80d801f06f14eb92b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:CVE-2024-3097'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3107-11a2580b3d0abb5ce4a2d1b75225b077.yaml b/nuclei-templates/2024/CVE-2024-3107-11a2580b3d0abb5ce4a2d1b75225b077.yaml
index 96f5fc1598..1938c6e279 100644
--- a/nuclei-templates/2024/CVE-2024-3107-11a2580b3d0abb5ce4a2d1b75225b077.yaml
+++ b/nuclei-templates/2024/CVE-2024-3107-11a2580b3d0abb5ce4a2d1b75225b077.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/"
     shodan-query: 'vuln:CVE-2024-3107'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31077-bc2f6ff7db9bb1af0cb3049e6fc69b8c.yaml b/nuclei-templates/2024/CVE-2024-31077-bc2f6ff7db9bb1af0cb3049e6fc69b8c.yaml
index 7e0a7846cb..a6cbaf4b23 100644
--- a/nuclei-templates/2024/CVE-2024-31077-bc2f6ff7db9bb1af0cb3049e6fc69b8c.yaml
+++ b/nuclei-templates/2024/CVE-2024-31077-bc2f6ff7db9bb1af0cb3049e6fc69b8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.29.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forminator/"
     google-query: inurl:"/wp-content/plugins/forminator/"
     shodan-query: 'vuln:CVE-2024-31077'
-  tags: cve,wordpress,wp-plugin,forminator,critical
+  tags: cve,wordpress,wp-plugin,forminator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31089-74239a2c7d59745dfff630629648ba8b.yaml b/nuclei-templates/2024/CVE-2024-31089-74239a2c7d59745dfff630629648ba8b.yaml
index e706caa00a..15b21705db 100644
--- a/nuclei-templates/2024/CVE-2024-31089-74239a2c7d59745dfff630629648ba8b.yaml
+++ b/nuclei-templates/2024/CVE-2024-31089-74239a2c7d59745dfff630629648ba8b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Platinum SEO <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Platinum SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/platinum-seo-pack/"
     google-query: inurl:"/wp-content/plugins/platinum-seo-pack/"
     shodan-query: 'vuln:CVE-2024-31089'
-  tags: cve,wordpress,wp-plugin,platinum-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,platinum-seo-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31094-8cd6ae2b6361cbc9077a21e229786a98.yaml b/nuclei-templates/2024/CVE-2024-31094-8cd6ae2b6361cbc9077a21e229786a98.yaml
index 622892658d..7a38fde554 100644
--- a/nuclei-templates/2024/CVE-2024-31094-8cd6ae2b6361cbc9077a21e229786a98.yaml
+++ b/nuclei-templates/2024/CVE-2024-31094-8cd6ae2b6361cbc9077a21e229786a98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Filter Custom Fields & Taxonomies Light <= 1.05 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Filter Custom Fields & Taxonomies Light plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.05 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filter-custom-fields-taxonomies-light/"
     google-query: inurl:"/wp-content/plugins/filter-custom-fields-taxonomies-light/"
     shodan-query: 'vuln:CVE-2024-31094'
-  tags: cve,wordpress,wp-plugin,filter-custom-fields-taxonomies-light,high
+  tags: cve,wordpress,wp-plugin,filter-custom-fields-taxonomies-light,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31098-0732f852b649541967c753671f29b37b.yaml b/nuclei-templates/2024/CVE-2024-31098-0732f852b649541967c753671f29b37b.yaml
index f4086a545d..6d9f502f60 100644
--- a/nuclei-templates/2024/CVE-2024-31098-0732f852b649541967c753671f29b37b.yaml
+++ b/nuclei-templates/2024/CVE-2024-31098-0732f852b649541967c753671f29b37b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     New Order Notification for Woocommerce <= 2.0.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The New Order Notification for Woocommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/new-order-notification-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/new-order-notification-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-31098'
-  tags: cve,wordpress,wp-plugin,new-order-notification-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,new-order-notification-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31099-ce1baa6ffb742e3e4c86c030e2aaf287.yaml b/nuclei-templates/2024/CVE-2024-31099-ce1baa6ffb742e3e4c86c030e2aaf287.yaml
index 1361fb002a..6482ca5b9f 100644
--- a/nuclei-templates/2024/CVE-2024-31099-ce1baa6ffb742e3e4c86c030e2aaf287.yaml
+++ b/nuclei-templates/2024/CVE-2024-31099-ce1baa6ffb742e3e4c86c030e2aaf287.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes and extra features for Phlox theme <= 2.15.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.15.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auxin-elements/"
     google-query: inurl:"/wp-content/plugins/auxin-elements/"
     shodan-query: 'vuln:CVE-2024-31099'
-  tags: cve,wordpress,wp-plugin,auxin-elements,medium
+  tags: cve,wordpress,wp-plugin,auxin-elements,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31101-bec7b3aa816a59f17fd4e32834f42e90.yaml b/nuclei-templates/2024/CVE-2024-31101-bec7b3aa816a59f17fd4e32834f42e90.yaml
index 9ed3ccf04a..d1644f3c88 100644
--- a/nuclei-templates/2024/CVE-2024-31101-bec7b3aa816a59f17fd4e32834f42e90.yaml
+++ b/nuclei-templates/2024/CVE-2024-31101-bec7b3aa816a59f17fd4e32834f42e90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI Twitter Feeds (Twitter widget & shortcode) <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AI Twitter Feeds (Twitter widget & shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ai-twitter-feeds/"
     google-query: inurl:"/wp-content/plugins/ai-twitter-feeds/"
     shodan-query: 'vuln:CVE-2024-31101'
-  tags: cve,wordpress,wp-plugin,ai-twitter-feeds,medium
+  tags: cve,wordpress,wp-plugin,ai-twitter-feeds,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31102-0b0d398d1a79ae77845de8705631a4db.yaml b/nuclei-templates/2024/CVE-2024-31102-0b0d398d1a79ae77845de8705631a4db.yaml
index a75c58c072..850fcd7cc8 100644
--- a/nuclei-templates/2024/CVE-2024-31102-0b0d398d1a79ae77845de8705631a4db.yaml
+++ b/nuclei-templates/2024/CVE-2024-31102-0b0d398d1a79ae77845de8705631a4db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prenotazioni <= 1.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Prenotazioni plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/prenotazioni/"
     google-query: inurl:"/wp-content/plugins/prenotazioni/"
     shodan-query: 'vuln:CVE-2024-31102'
-  tags: cve,wordpress,wp-plugin,prenotazioni,medium
+  tags: cve,wordpress,wp-plugin,prenotazioni,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31104-ecee6fe6f960c3e32d930eed8f81ac9e.yaml b/nuclei-templates/2024/CVE-2024-31104-ecee6fe6f960c3e32d930eed8f81ac9e.yaml
index bbfb126e89..ba48887918 100644
--- a/nuclei-templates/2024/CVE-2024-31104-ecee6fe6f960c3e32d930eed8f81ac9e.yaml
+++ b/nuclei-templates/2024/CVE-2024-31104-ecee6fe6f960c3e32d930eed8f81ac9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GetResponse for WordPress <= 5.5.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GetResponse for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/getresponse-integration/"
     google-query: inurl:"/wp-content/plugins/getresponse-integration/"
     shodan-query: 'vuln:CVE-2024-31104'
-  tags: cve,wordpress,wp-plugin,getresponse-integration,medium
+  tags: cve,wordpress,wp-plugin,getresponse-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31108-a5c9dfe234305fe9b3c82a7200b4785c.yaml b/nuclei-templates/2024/CVE-2024-31108-a5c9dfe234305fe9b3c82a7200b4785c.yaml
index 86c1e94499..517d13d925 100644
--- a/nuclei-templates/2024/CVE-2024-31108-a5c9dfe234305fe9b3c82a7200b4785c.yaml
+++ b/nuclei-templates/2024/CVE-2024-31108-a5c9dfe234305fe9b3c82a7200b4785c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iFlyChat – WordPress Chat <= 4.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The iFlyChat – WordPress Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iflychat/"
     google-query: inurl:"/wp-content/plugins/iflychat/"
     shodan-query: 'vuln:CVE-2024-31108'
-  tags: cve,wordpress,wp-plugin,iflychat,medium
+  tags: cve,wordpress,wp-plugin,iflychat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31114-e51458c52ee75e442332748b235c894d.yaml b/nuclei-templates/2024/CVE-2024-31114-e51458c52ee75e442332748b235c894d.yaml
index 44cdd3f35f..d28b5fd0c8 100644
--- a/nuclei-templates/2024/CVE-2024-31114-e51458c52ee75e442332748b235c894d.yaml
+++ b/nuclei-templates/2024/CVE-2024-31114-e51458c52ee75e442332748b235c894d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-addons/"
     google-query: inurl:"/wp-content/plugins/shortcode-addons/"
     shodan-query: 'vuln:CVE-2024-31114'
-  tags: cve,wordpress,wp-plugin,shortcode-addons,critical
+  tags: cve,wordpress,wp-plugin,shortcode-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31116-2dba3f9d9e05a82800f2a05f03266828.yaml b/nuclei-templates/2024/CVE-2024-31116-2dba3f9d9e05a82800f2a05f03266828.yaml
index 2eb9df92a0..33bcf263f2 100644
--- a/nuclei-templates/2024/CVE-2024-31116-2dba3f9d9e05a82800f2a05f03266828.yaml
+++ b/nuclei-templates/2024/CVE-2024-31116-2dba3f9d9e05a82800f2a05f03266828.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10Web Map Builder for Google Maps <= 1.0.74 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The 10Web Map Builder for Google Maps plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.74 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wd-google-maps/"
     google-query: inurl:"/wp-content/plugins/wd-google-maps/"
     shodan-query: 'vuln:CVE-2024-31116'
-  tags: cve,wordpress,wp-plugin,wd-google-maps,critical
+  tags: cve,wordpress,wp-plugin,wd-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31117-beebd9357e523ac8ce9429685a86283c.yaml b/nuclei-templates/2024/CVE-2024-31117-beebd9357e523ac8ce9429685a86283c.yaml
index 84006212d1..49ed4266fb 100644
--- a/nuclei-templates/2024/CVE-2024-31117-beebd9357e523ac8ce9429685a86283c.yaml
+++ b/nuclei-templates/2024/CVE-2024-31117-beebd9357e523ac8ce9429685a86283c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Bookings Calendar <= 1.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Bookings Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-bookings-calendar/"
     google-query: inurl:"/wp-content/plugins/woo-bookings-calendar/"
     shodan-query: 'vuln:CVE-2024-31117'
-  tags: cve,wordpress,wp-plugin,woo-bookings-calendar,medium
+  tags: cve,wordpress,wp-plugin,woo-bookings-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31118-06564215bf3fbac51cfe3cf6be605864.yaml b/nuclei-templates/2024/CVE-2024-31118-06564215bf3fbac51cfe3cf6be605864.yaml
index da85bb4021..6b358d5df1 100644
--- a/nuclei-templates/2024/CVE-2024-31118-06564215bf3fbac51cfe3cf6be605864.yaml
+++ b/nuclei-templates/2024/CVE-2024-31118-06564215bf3fbac51cfe3cf6be605864.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager  <= 4.70 - Missing Authorization Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SP Project & Document Manager  plugin for WordPress is vulnerable to unauthorized access due to a missing capability check function in versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject malicious web scripts into pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:CVE-2024-31118'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,medium
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31119-abc7b516295a7f19088f575460d378b0.yaml b/nuclei-templates/2024/CVE-2024-31119-abc7b516295a7f19088f575460d378b0.yaml
index b85b8c65b5..a9346548b7 100644
--- a/nuclei-templates/2024/CVE-2024-31119-abc7b516295a7f19088f575460d378b0.yaml
+++ b/nuclei-templates/2024/CVE-2024-31119-abc7b516295a7f19088f575460d378b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Special Box for Content <= 1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Special Box for Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/special-box-for-content/"
     google-query: inurl:"/wp-content/plugins/special-box-for-content/"
     shodan-query: 'vuln:CVE-2024-31119'
-  tags: cve,wordpress,wp-plugin,special-box-for-content,medium
+  tags: cve,wordpress,wp-plugin,special-box-for-content,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31120-d39f34ed184a71d23a5de1e368d430bb.yaml b/nuclei-templates/2024/CVE-2024-31120-d39f34ed184a71d23a5de1e368d430bb.yaml
index 15cc5efa41..5d6c379826 100644
--- a/nuclei-templates/2024/CVE-2024-31120-d39f34ed184a71d23a5de1e368d430bb.yaml
+++ b/nuclei-templates/2024/CVE-2024-31120-d39f34ed184a71d23a5de1e368d430bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Image Gallery, Gallery Album <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-album/"
     google-query: inurl:"/wp-content/plugins/gallery-album/"
     shodan-query: 'vuln:CVE-2024-31120'
-  tags: cve,wordpress,wp-plugin,gallery-album,medium
+  tags: cve,wordpress,wp-plugin,gallery-album,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31121-f0164790773e35acb9b1d44f4c95382b.yaml b/nuclei-templates/2024/CVE-2024-31121-f0164790773e35acb9b1d44f4c95382b.yaml
index b953c426cb..d50b2f81dd 100644
--- a/nuclei-templates/2024/CVE-2024-31121-f0164790773e35acb9b1d44f4c95382b.yaml
+++ b/nuclei-templates/2024/CVE-2024-31121-f0164790773e35acb9b1d44f4c95382b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HeartThis <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HeartThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/heart-this/"
     google-query: inurl:"/wp-content/plugins/heart-this/"
     shodan-query: 'vuln:CVE-2024-31121'
-  tags: cve,wordpress,wp-plugin,heart-this,medium
+  tags: cve,wordpress,wp-plugin,heart-this,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31229-a2af19cf083e10d02f6ef64bbfb896ec.yaml b/nuclei-templates/2024/CVE-2024-31229-a2af19cf083e10d02f6ef64bbfb896ec.yaml
index d7ba271ed6..cb1c63db96 100644
--- a/nuclei-templates/2024/CVE-2024-31229-a2af19cf083e10d02f6ef64bbfb896ec.yaml
+++ b/nuclei-templates/2024/CVE-2024-31229-a2af19cf083e10d02f6ef64bbfb896ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Really Simple SSL <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Really Simple SSL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.2.3. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/really-simple-ssl/"
     google-query: inurl:"/wp-content/plugins/really-simple-ssl/"
     shodan-query: 'vuln:CVE-2024-31229'
-  tags: cve,wordpress,wp-plugin,really-simple-ssl,medium
+  tags: cve,wordpress,wp-plugin,really-simple-ssl,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31230-0cf023eb74228b9523fd8b71152bf7de.yaml b/nuclei-templates/2024/CVE-2024-31230-0cf023eb74228b9523fd8b71152bf7de.yaml
index cf1a4d18eb..5419b2b185 100644
--- a/nuclei-templates/2024/CVE-2024-31230-0cf023eb74228b9523fd8b71152bf7de.yaml
+++ b/nuclei-templates/2024/CVE-2024-31230-0cf023eb74228b9523fd8b71152bf7de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShortPixel Adaptive Images <= 3.8.2 - Missing Authorization in activate_ai_handler and deactivate_ai_handler
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ShortPixel Adaptive Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate_ai_handler and deactivate_ai_handler functions in versions up to, and including, 3.8.2. This makes it possible for unauthenticated attackers to activate or deactivate the AI handler functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortpixel-adaptive-images/"
     google-query: inurl:"/wp-content/plugins/shortpixel-adaptive-images/"
     shodan-query: 'vuln:CVE-2024-31230'
-  tags: cve,wordpress,wp-plugin,shortpixel-adaptive-images,medium
+  tags: cve,wordpress,wp-plugin,shortpixel-adaptive-images,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31232-b4a06dd8a8b5f551ef3c31a46e092a4e.yaml b/nuclei-templates/2024/CVE-2024-31232-b4a06dd8a8b5f551ef3c31a46e092a4e.yaml
index f642180a79..0f63ed404d 100644
--- a/nuclei-templates/2024/CVE-2024-31232-b4a06dd8a8b5f551ef3c31a46e092a4e.yaml
+++ b/nuclei-templates/2024/CVE-2024-31232-b4a06dd8a8b5f551ef3c31a46e092a4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Rehub theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 19.6.1. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/rehub-theme/"
     google-query: inurl:"/wp-content/themes/rehub-theme/"
     shodan-query: 'vuln:CVE-2024-31232'
-  tags: cve,wordpress,wp-theme,rehub-theme,high
+  tags: cve,wordpress,wp-theme,rehub-theme,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31233-7848dbbabd9f06e0c602290bde397eb1.yaml b/nuclei-templates/2024/CVE-2024-31233-7848dbbabd9f06e0c602290bde397eb1.yaml
index d3ecafbf01..795c691e16 100644
--- a/nuclei-templates/2024/CVE-2024-31233-7848dbbabd9f06e0c602290bde397eb1.yaml
+++ b/nuclei-templates/2024/CVE-2024-31233-7848dbbabd9f06e0c602290bde397eb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rehub <= 19.6.1 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Rehub theme for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/rehub-theme/"
     google-query: inurl:"/wp-content/themes/rehub-theme/"
     shodan-query: 'vuln:CVE-2024-31233'
-  tags: cve,wordpress,wp-theme,rehub-theme,high
+  tags: cve,wordpress,wp-theme,rehub-theme,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31234-5f2b7d6e36647de882c9475f5d8d8b2a.yaml b/nuclei-templates/2024/CVE-2024-31234-5f2b7d6e36647de882c9475f5d8d8b2a.yaml
index d3c9c01ba6..d1bbe7a51a 100644
--- a/nuclei-templates/2024/CVE-2024-31234-5f2b7d6e36647de882c9475f5d8d8b2a.yaml
+++ b/nuclei-templates/2024/CVE-2024-31234-5f2b7d6e36647de882c9475f5d8d8b2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The REHub Framework plugin for WordPress is vulnerable to SQL Injection in versions prior to 19.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rehub-framework/"
     google-query: inurl:"/wp-content/plugins/rehub-framework/"
     shodan-query: 'vuln:CVE-2024-31234'
-  tags: cve,wordpress,wp-plugin,rehub-framework,high
+  tags: cve,wordpress,wp-plugin,rehub-framework,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31236-1e54d333594befa754c49d164d26005e.yaml b/nuclei-templates/2024/CVE-2024-31236-1e54d333594befa754c49d164d26005e.yaml
index 64da5a06d9..1c0fd19636 100644
--- a/nuclei-templates/2024/CVE-2024-31236-1e54d333594befa754c49d164d26005e.yaml
+++ b/nuclei-templates/2024/CVE-2024-31236-1e54d333594befa754c49d164d26005e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons <= 1.3.93 - Authenticated (Contributor+) Stored Cross-Site Scriting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-31236'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31240-17700405f02a76d34273fd6f63bdac56.yaml b/nuclei-templates/2024/CVE-2024-31240-17700405f02a76d34273fd6f63bdac56.yaml
index 612e1d5cba..f3e886bfa7 100644
--- a/nuclei-templates/2024/CVE-2024-31240-17700405f02a76d34273fd6f63bdac56.yaml
+++ b/nuclei-templates/2024/CVE-2024-31240-17700405f02a76d34273fd6f63bdac56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Poll Maker <= 3.1 - Authenticated (Subscriber+) Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the it_epoll_theme_action_uninstall() function and insufficient file path validation in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files that may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/epoll-wp-voting/"
     google-query: inurl:"/wp-content/plugins/epoll-wp-voting/"
     shodan-query: 'vuln:CVE-2024-31240'
-  tags: cve,wordpress,wp-plugin,epoll-wp-voting,high
+  tags: cve,wordpress,wp-plugin,epoll-wp-voting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31241-3bfe2176ab2d6339c4363df34b9c843f.yaml b/nuclei-templates/2024/CVE-2024-31241-3bfe2176ab2d6339c4363df34b9c843f.yaml
index e57f1a6de1..41e7070c5d 100644
--- a/nuclei-templates/2024/CVE-2024-31241-3bfe2176ab2d6339c4363df34b9c843f.yaml
+++ b/nuclei-templates/2024/CVE-2024-31241-3bfe2176ab2d6339c4363df34b9c843f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The LearnPress Export Import plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress-import-export/"
     google-query: inurl:"/wp-content/plugins/learnpress-import-export/"
     shodan-query: 'vuln:CVE-2024-31241'
-  tags: cve,wordpress,wp-plugin,learnpress-import-export,critical
+  tags: cve,wordpress,wp-plugin,learnpress-import-export,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31242-08c2f711dab885b1524ebbd7b0782f00.yaml b/nuclei-templates/2024/CVE-2024-31242-08c2f711dab885b1524ebbd7b0782f00.yaml
index 7f7ad50196..738607b387 100644
--- a/nuclei-templates/2024/CVE-2024-31242-08c2f711dab885b1524ebbd7b0782f00.yaml
+++ b/nuclei-templates/2024/CVE-2024-31242-08c2f711dab885b1524ebbd7b0782f00.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated Arbitrary Email Sending
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bricksforge plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the a function in versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to send arbitrary emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bricksforge/"
     google-query: inurl:"/wp-content/plugins/bricksforge/"
     shodan-query: 'vuln:CVE-2024-31242'
-  tags: cve,wordpress,wp-plugin,bricksforge,medium
+  tags: cve,wordpress,wp-plugin,bricksforge,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31243-20d94fa7cbaa795926bd10e9c360bcb7.yaml b/nuclei-templates/2024/CVE-2024-31243-20d94fa7cbaa795926bd10e9c360bcb7.yaml
index 0517b29fca..2ec96881b9 100644
--- a/nuclei-templates/2024/CVE-2024-31243-20d94fa7cbaa795926bd10e9c360bcb7.yaml
+++ b/nuclei-templates/2024/CVE-2024-31243-20d94fa7cbaa795926bd10e9c360bcb7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated WordPress Settings Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bricksforge plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to delete arbitrary WordPress settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bricksforge/"
     google-query: inurl:"/wp-content/plugins/bricksforge/"
     shodan-query: 'vuln:CVE-2024-31243'
-  tags: cve,wordpress,wp-plugin,bricksforge,medium
+  tags: cve,wordpress,wp-plugin,bricksforge,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31244-fe10205699bf88a71e4460031e80e0cf.yaml b/nuclei-templates/2024/CVE-2024-31244-fe10205699bf88a71e4460031e80e0cf.yaml
index 2d5412dbfb..dff86169b9 100644
--- a/nuclei-templates/2024/CVE-2024-31244-fe10205699bf88a71e4460031e80e0cf.yaml
+++ b/nuclei-templates/2024/CVE-2024-31244-fe10205699bf88a71e4460031e80e0cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated WordPress Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bricksforge plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to update arbitrary WordPress settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bricksforge/"
     google-query: inurl:"/wp-content/plugins/bricksforge/"
     shodan-query: 'vuln:CVE-2024-31244'
-  tags: cve,wordpress,wp-plugin,bricksforge,medium
+  tags: cve,wordpress,wp-plugin,bricksforge,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31248-bcb990d5b998ea9f0d9516d80108b489.yaml b/nuclei-templates/2024/CVE-2024-31248-bcb990d5b998ea9f0d9516d80108b489.yaml
index 660c068a86..61d63053bf 100644
--- a/nuclei-templates/2024/CVE-2024-31248-bcb990d5b998ea9f0d9516d80108b489.yaml
+++ b/nuclei-templates/2024/CVE-2024-31248-bcb990d5b998ea9f0d9516d80108b489.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-One Video Gallery <= 3.5.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check  in versions up to, and including, 3.5.2. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-video-gallery/"
     google-query: inurl:"/wp-content/plugins/all-in-one-video-gallery/"
     shodan-query: 'vuln:CVE-2024-31248'
-  tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31252-a59e139d7834d1f343a41f6f77f479a9.yaml b/nuclei-templates/2024/CVE-2024-31252-a59e139d7834d1f343a41f6f77f479a9.yaml
index e5563568a2..5f28b4c66e 100644
--- a/nuclei-templates/2024/CVE-2024-31252-a59e139d7834d1f343a41f6f77f479a9.yaml
+++ b/nuclei-templates/2024/CVE-2024-31252-a59e139d7834d1f343a41f6f77f479a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Responsive Lightbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the gallery_attributes() function in versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with contributor-level access and above, to view post content they shouldn't have access to.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-lightbox/"
     google-query: inurl:"/wp-content/plugins/responsive-lightbox/"
     shodan-query: 'vuln:CVE-2024-31252'
-  tags: cve,wordpress,wp-plugin,responsive-lightbox,medium
+  tags: cve,wordpress,wp-plugin,responsive-lightbox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31257-064670bf29900df44464bedf16a7db27.yaml b/nuclei-templates/2024/CVE-2024-31257-064670bf29900df44464bedf16a7db27.yaml
index d807e44742..bc7d8d59a6 100644
--- a/nuclei-templates/2024/CVE-2024-31257-064670bf29900df44464bedf16a7db27.yaml
+++ b/nuclei-templates/2024/CVE-2024-31257-064670bf29900df44464bedf16a7db27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formsite | Embed online forms to collect orders, registrations, leads, and surveys <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Formsite | Embed online forms to collect orders, registrations, leads, and surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formsite/"
     google-query: inurl:"/wp-content/plugins/formsite/"
     shodan-query: 'vuln:CVE-2024-31257'
-  tags: cve,wordpress,wp-plugin,formsite,medium
+  tags: cve,wordpress,wp-plugin,formsite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31258-08841c16939c6ce6bfc6679725ea1281.yaml b/nuclei-templates/2024/CVE-2024-31258-08841c16939c6ce6bfc6679725ea1281.yaml
index 575b1a102b..d6907564a9 100644
--- a/nuclei-templates/2024/CVE-2024-31258-08841c16939c6ce6bfc6679725ea1281.yaml
+++ b/nuclei-templates/2024/CVE-2024-31258-08841c16939c6ce6bfc6679725ea1281.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form to Chat App <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Form to Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-to-chat/"
     google-query: inurl:"/wp-content/plugins/form-to-chat/"
     shodan-query: 'vuln:CVE-2024-31258'
-  tags: cve,wordpress,wp-plugin,form-to-chat,medium
+  tags: cve,wordpress,wp-plugin,form-to-chat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31260-44337a15956fb6efe76c43a84f40d4df.yaml b/nuclei-templates/2024/CVE-2024-31260-44337a15956fb6efe76c43a84f40d4df.yaml
index 2f72a2ccb6..866e9735d8 100644
--- a/nuclei-templates/2024/CVE-2024-31260-44337a15956fb6efe76c43a84f40d4df.yaml
+++ b/nuclei-templates/2024/CVE-2024-31260-44337a15956fb6efe76c43a84f40d4df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Edwiser Bridge <= 3.0.2 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Edwiser Bridge plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edwiser-bridge/"
     google-query: inurl:"/wp-content/plugins/edwiser-bridge/"
     shodan-query: 'vuln:CVE-2024-31260'
-  tags: cve,wordpress,wp-plugin,edwiser-bridge,critical
+  tags: cve,wordpress,wp-plugin,edwiser-bridge,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31261-e3632f2772b0c1ed9b46e568946ebc5c.yaml b/nuclei-templates/2024/CVE-2024-31261-e3632f2772b0c1ed9b46e568946ebc5c.yaml
index 13c17d48ab..6c25900249 100644
--- a/nuclei-templates/2024/CVE-2024-31261-e3632f2772b0c1ed9b46e568946ebc5c.yaml
+++ b/nuclei-templates/2024/CVE-2024-31261-e3632f2772b0c1ed9b46e568946ebc5c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Announcer – Notification & message bars <= 6.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Announcer – Notification & message bars plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the admin_ajax() function in versions up to, and including, 6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update some settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/announcer/"
     google-query: inurl:"/wp-content/plugins/announcer/"
     shodan-query: 'vuln:CVE-2024-31261'
-  tags: cve,wordpress,wp-plugin,announcer,medium
+  tags: cve,wordpress,wp-plugin,announcer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31266-b59d3f14536598579f52eca567b11500.yaml b/nuclei-templates/2024/CVE-2024-31266-b59d3f14536598579f52eca567b11500.yaml
index 3e227b6fb3..f2e0d6c360 100644
--- a/nuclei-templates/2024/CVE-2024-31266-b59d3f14536598579f52eca567b11500.yaml
+++ b/nuclei-templates/2024/CVE-2024-31266-b59d3f14536598579f52eca567b11500.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Order Export For WooCommerce <= 3.4.4 - Authenticated (Shop Manager+) Remote Code Execution
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.4. This makes it possible for authenticated attackers, with shop manager-level access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-order-export-lite/"
     google-query: inurl:"/wp-content/plugins/woo-order-export-lite/"
     shodan-query: 'vuln:CVE-2024-31266'
-  tags: cve,wordpress,wp-plugin,woo-order-export-lite,critical
+  tags: cve,wordpress,wp-plugin,woo-order-export-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31267-af1c4837148181f6207e66eb6c3b9ff3.yaml b/nuclei-templates/2024/CVE-2024-31267-af1c4837148181f6207e66eb6c3b9ff3.yaml
index 1f57ababf0..5f8ba56e92 100644
--- a/nuclei-templates/2024/CVE-2024-31267-af1c4837148181f6207e66eb6c3b9ff3.yaml
+++ b/nuclei-templates/2024/CVE-2024-31267-af1c4837148181f6207e66eb6c3b9ff3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flexible Checkout Fields for WooCommerce <= 4.1.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flexible-checkout-fields/"
     google-query: inurl:"/wp-content/plugins/flexible-checkout-fields/"
     shodan-query: 'vuln:CVE-2024-31267'
-  tags: cve,wordpress,wp-plugin,flexible-checkout-fields,medium
+  tags: cve,wordpress,wp-plugin,flexible-checkout-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31270-74c47f2edddbb589b4230d596bf5f1e4.yaml b/nuclei-templates/2024/CVE-2024-31270-74c47f2edddbb589b4230d596bf5f1e4.yaml
index ff2d27f294..e65431ab0b 100644
--- a/nuclei-templates/2024/CVE-2024-31270-74c47f2edddbb589b4230d596bf5f1e4.yaml
+++ b/nuclei-templates/2024/CVE-2024-31270-74c47f2edddbb589b4230d596bf5f1e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARForms Form Builder <= 1.6.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ARForms Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/arforms-form-builder/"
     google-query: inurl:"/wp-content/plugins/arforms-form-builder/"
     shodan-query: 'vuln:CVE-2024-31270'
-  tags: cve,wordpress,wp-plugin,arforms-form-builder,medium
+  tags: cve,wordpress,wp-plugin,arforms-form-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31273-32e7faa52a05f68e7c002ae73c9e64c8.yaml b/nuclei-templates/2024/CVE-2024-31273-32e7faa52a05f68e7c002ae73c9e64c8.yaml
index 31bcfc44ba..eddcb50110 100644
--- a/nuclei-templates/2024/CVE-2024-31273-32e7faa52a05f68e7c002ae73c9e64c8.yaml
+++ b/nuclei-templates/2024/CVE-2024-31273-32e7faa52a05f68e7c002ae73c9e64c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/js-support-ticket/"
     google-query: inurl:"/wp-content/plugins/js-support-ticket/"
     shodan-query: 'vuln:CVE-2024-31273'
-  tags: cve,wordpress,wp-plugin,js-support-ticket,medium
+  tags: cve,wordpress,wp-plugin,js-support-ticket,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31274-8d8dc52792f8d60124d8fa4fa4f53a0c.yaml b/nuclei-templates/2024/CVE-2024-31274-8d8dc52792f8d60124d8fa4fa4f53a0c.yaml
index 2a39470b0f..b48181926d 100644
--- a/nuclei-templates/2024/CVE-2024-31274-8d8dc52792f8d60124d8fa4fa4f53a0c.yaml
+++ b/nuclei-templates/2024/CVE-2024-31274-8d8dc52792f8d60124d8fa4fa4f53a0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress <= 3.9.11 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_source_data and save_source_data functions in versions up to, and including, 3.9.11. This makes it possible for unauthenticated attackers to modify data sources.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-31274'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31275-e40a3e8ea03e0231ec1106a753934528.yaml b/nuclei-templates/2024/CVE-2024-31275-e40a3e8ea03e0231ec1106a753934528.yaml
index da440ae019..ebc6d9ae3d 100644
--- a/nuclei-templates/2024/CVE-2024-31275-e40a3e8ea03e0231ec1106a753934528.yaml
+++ b/nuclei-templates/2024/CVE-2024-31275-e40a3e8ea03e0231ec1106a753934528.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventPrime <= 3.3.4 - Missing Authorization to Booking Price Maniputlation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EventPrime plugin for WordPress is vulnerable to booking price manipulations due to insufficient validation and control of booking prices in versions up to, and including, 3.3.4. This makes it possible for unauthenticated attackers to make bookings with lower prices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventprime-event-calendar-management/"
     google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/"
     shodan-query: 'vuln:CVE-2024-31275'
-  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium
+  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31276-466267eb695f096848ba3c66efa093ba.yaml b/nuclei-templates/2024/CVE-2024-31276-466267eb695f096848ba3c66efa093ba.yaml
index cf4733a992..d956364167 100644
--- a/nuclei-templates/2024/CVE-2024-31276-466267eb695f096848ba3c66efa093ba.yaml
+++ b/nuclei-templates/2024/CVE-2024-31276-466267eb695f096848ba3c66efa093ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Products & Order Export for WooCommerce <= 2.0.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the alg_wc_export_admin_product_preview and alg_wc_export_admin_product_change_date_filter functions in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to export product features and change date filters.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/export-woocommerce/"
     google-query: inurl:"/wp-content/plugins/export-woocommerce/"
     shodan-query: 'vuln:CVE-2024-31276'
-  tags: cve,wordpress,wp-plugin,export-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,export-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31278-5830898462cdce464207b0d4b8cd2848.yaml b/nuclei-templates/2024/CVE-2024-31278-5830898462cdce464207b0d4b8cd2848.yaml
index 2238094a33..3b93e689e4 100644
--- a/nuclei-templates/2024/CVE-2024-31278-5830898462cdce464207b0d4b8cd2848.yaml
+++ b/nuclei-templates/2024/CVE-2024-31278-5830898462cdce464207b0d4b8cd2848.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.22 - Authenticated (Contributor+) Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.22. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user or configuration data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-31278'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31280-211d17907ac598fe9fa7fe583c9712b5.yaml b/nuclei-templates/2024/CVE-2024-31280-211d17907ac598fe9fa7fe583c9712b5.yaml
index 19f34407a5..8bf7661baf 100644
--- a/nuclei-templates/2024/CVE-2024-31280-211d17907ac598fe9fa7fe583c9712b5.yaml
+++ b/nuclei-templates/2024/CVE-2024-31280-211d17907ac598fe9fa7fe583c9712b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Church Admin <= 4.1.5 -  Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Church Admin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/church-admin/"
     google-query: inurl:"/wp-content/plugins/church-admin/"
     shodan-query: 'vuln:CVE-2024-31280'
-  tags: cve,wordpress,wp-plugin,church-admin,high
+  tags: cve,wordpress,wp-plugin,church-admin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31281-2552c36873674cea120ccc38e69f7427.yaml b/nuclei-templates/2024/CVE-2024-31281-2552c36873674cea120ccc38e69f7427.yaml
index b64c99effa..fd83c4e061 100644
--- a/nuclei-templates/2024/CVE-2024-31281-2552c36873674cea120ccc38e69f7427.yaml
+++ b/nuclei-templates/2024/CVE-2024-31281-2552c36873674cea120ccc38e69f7427.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Church Admin <= 4.1.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Church Admin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the several functions in versions up to, and including, 4.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/church-admin/"
     google-query: inurl:"/wp-content/plugins/church-admin/"
     shodan-query: 'vuln:CVE-2024-31281'
-  tags: cve,wordpress,wp-plugin,church-admin,medium
+  tags: cve,wordpress,wp-plugin,church-admin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31283-eb7c2afb91d54b1e8be36c66e317f588.yaml b/nuclei-templates/2024/CVE-2024-31283-eb7c2afb91d54b1e8be36c66e317f588.yaml
index 6cb1fc25f4..8fcd1c17a7 100644
--- a/nuclei-templates/2024/CVE-2024-31283-eb7c2afb91d54b1e8be36c66e317f588.yaml
+++ b/nuclei-templates/2024/CVE-2024-31283-eb7c2afb91d54b1e8be36c66e317f588.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Local Pickup for WooCommerce <= 1.6.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/include/customizer/customizer-admin.php  file in versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to update plugin settings and send test emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-local-pickup-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-local-pickup-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-31283'
-  tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31284-ef5a725ea594e708f6f726a1ed538862.yaml b/nuclei-templates/2024/CVE-2024-31284-ef5a725ea594e708f6f726a1ed538862.yaml
index 278287d878..6093fe8ad7 100644
--- a/nuclei-templates/2024/CVE-2024-31284-ef5a725ea594e708f6f726a1ed538862.yaml
+++ b/nuclei-templates/2024/CVE-2024-31284-ef5a725ea594e708f6f726a1ed538862.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress <= 3.9.8 - Missing Authorization via handle_calendly_data
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handle_calendly_data() function in versions up to, and including, 3.9.8. This makes it possible for unauthenticated attackers to update calendly settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-31284'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31286-20a2e4a6290983370284d76170f55741.yaml b/nuclei-templates/2024/CVE-2024-31286-20a2e4a6290983370284d76170f55741.yaml
index 9fe275ae6b..ea63969201 100644
--- a/nuclei-templates/2024/CVE-2024-31286-20a2e4a6290983370284d76170f55741.yaml
+++ b/nuclei-templates/2024/CVE-2024-31286-20a2e4a6290983370284d76170f55741.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wppa_user_upload() function in all versions up to, and including, 8.6.03.004. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-photo-album-plus/"
     google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/"
     shodan-query: 'vuln:CVE-2024-31286'
-  tags: cve,wordpress,wp-plugin,wp-photo-album-plus,critical
+  tags: cve,wordpress,wp-plugin,wp-photo-album-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31287-33bc7d755c896ae147d69853031aefe1.yaml b/nuclei-templates/2024/CVE-2024-31287-33bc7d755c896ae147d69853031aefe1.yaml
index 531e1a1bbf..05f8708dcf 100644
--- a/nuclei-templates/2024/CVE-2024-31287-33bc7d755c896ae147d69853031aefe1.yaml
+++ b/nuclei-templates/2024/CVE-2024-31287-33bc7d755c896ae147d69853031aefe1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Media Library Folders <= 8.1.8 - Authenticated (Author+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Media Library Folders plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.1.8. This makes it possible for authenticated attackers, with author-level access and above, to read/access the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-library-plus/"
     google-query: inurl:"/wp-content/plugins/media-library-plus/"
     shodan-query: 'vuln:CVE-2024-31287'
-  tags: cve,wordpress,wp-plugin,media-library-plus,medium
+  tags: cve,wordpress,wp-plugin,media-library-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31291-4a6b08579b21c259b0bca4ce2e0b2904.yaml b/nuclei-templates/2024/CVE-2024-31291-4a6b08579b21c259b0bca4ce2e0b2904.yaml
index f4b984d86e..60690d4082 100644
--- a/nuclei-templates/2024/CVE-2024-31291-4a6b08579b21c259b0bca4ce2e0b2904.yaml
+++ b/nuclei-templates/2024/CVE-2024-31291-4a6b08579b21c259b0bca4ce2e0b2904.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid  <= 5.7.6 - Authenticated (Subscriber+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.6 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2024-31291'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31292-467a5580ac1383352cd27bfadc2d264b.yaml b/nuclei-templates/2024/CVE-2024-31292-467a5580ac1383352cd27bfadc2d264b.yaml
index 1cf9efae11..9a6ff34828 100644
--- a/nuclei-templates/2024/CVE-2024-31292-467a5580ac1383352cd27bfadc2d264b.yaml
+++ b/nuclei-templates/2024/CVE-2024-31292-467a5580ac1383352cd27bfadc2d264b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import XML and RSS Feeds <= 2.1.5 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Import XML and RSS Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moove_set_featured_image() function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-xml-feed/"
     google-query: inurl:"/wp-content/plugins/import-xml-feed/"
     shodan-query: 'vuln:CVE-2024-31292'
-  tags: cve,wordpress,wp-plugin,import-xml-feed,critical
+  tags: cve,wordpress,wp-plugin,import-xml-feed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31294-a561a450756c85ce3eedf88a4f646811.yaml b/nuclei-templates/2024/CVE-2024-31294-a561a450756c85ce3eedf88a4f646811.yaml
index 93dbf13c78..71e64f15a6 100644
--- a/nuclei-templates/2024/CVE-2024-31294-a561a450756c85ce3eedf88a4f646811.yaml
+++ b/nuclei-templates/2024/CVE-2024-31294-a561a450756c85ce3eedf88a4f646811.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Sort Order <= 1.3.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Sort Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions such as update_menu_order() in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update menu orders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-sort-order/"
     google-query: inurl:"/wp-content/plugins/wp-sort-order/"
     shodan-query: 'vuln:CVE-2024-31294'
-  tags: cve,wordpress,wp-plugin,wp-sort-order,medium
+  tags: cve,wordpress,wp-plugin,wp-sort-order,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31296-6afeb2ce393f64d78e2ee60294c65cf9.yaml b/nuclei-templates/2024/CVE-2024-31296-6afeb2ce393f64d78e2ee60294c65cf9.yaml
index d38040ff60..5918f8b5b5 100644
--- a/nuclei-templates/2024/CVE-2024-31296-6afeb2ce393f64d78e2ee60294c65cf9.yaml
+++ b/nuclei-templates/2024/CVE-2024-31296-6afeb2ce393f64d78e2ee60294c65cf9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BookingPress <= 1.0.81 - Authenticated (Customer+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.81 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with customer-level access and above, to access or perform an action on an object they should not have access to.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookingpress-appointment-booking/"
     google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/"
     shodan-query: 'vuln:CVE-2024-31296'
-  tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,medium
+  tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31300-731324aeee016bb6f029892372fbf4ce.yaml b/nuclei-templates/2024/CVE-2024-31300-731324aeee016bb6f029892372fbf4ce.yaml
index d233dfe459..7e5bfe254c 100644
--- a/nuclei-templates/2024/CVE-2024-31300-731324aeee016bb6f029892372fbf4ce.yaml
+++ b/nuclei-templates/2024/CVE-2024-31300-731324aeee016bb6f029892372fbf4ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Share Buttons <= 9.4 - Authenticated (Subscriber+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Easy Social Share Buttons for WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-share-buttons3/"
     google-query: inurl:"/wp-content/plugins/easy-social-share-buttons3/"
     shodan-query: 'vuln:CVE-2024-31300'
-  tags: cve,wordpress,wp-plugin,easy-social-share-buttons3,high
+  tags: cve,wordpress,wp-plugin,easy-social-share-buttons3,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31304-d57f8fd6151dd1d65a65a746b8a04b7a.yaml b/nuclei-templates/2024/CVE-2024-31304-d57f8fd6151dd1d65a65a746b8a04b7a.yaml
index ab4758dccd..c1ce9f429c 100644
--- a/nuclei-templates/2024/CVE-2024-31304-d57f8fd6151dd1d65a65a746b8a04b7a.yaml
+++ b/nuclei-templates/2024/CVE-2024-31304-d57f8fd6151dd1d65a65a746b8a04b7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WC Marketplace <= 4.1.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WC Marketplace plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/"
     google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/"
     shodan-query: 'vuln:CVE-2024-31304'
-  tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,medium
+  tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31306-6bd5ec9d4799550acfbe6978f43129c9.yaml b/nuclei-templates/2024/CVE-2024-31306-6bd5ec9d4799550acfbe6978f43129c9.yaml
index 8bc8286769..d551fecfa0 100644
--- a/nuclei-templates/2024/CVE-2024-31306-6bd5ec9d4799550acfbe6978f43129c9.yaml
+++ b/nuclei-templates/2024/CVE-2024-31306-6bd5ec9d4799550acfbe6978f43129c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks for Gutenberg <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2024-31306'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31307-d90e5ac159925d0ab3971b3b6d358c41.yaml b/nuclei-templates/2024/CVE-2024-31307-d90e5ac159925d0ab3971b3b6d358c41.yaml
index 7f57124ef5..605bc04a1c 100644
--- a/nuclei-templates/2024/CVE-2024-31307-d90e5ac159925d0ab3971b3b6d358c41.yaml
+++ b/nuclei-templates/2024/CVE-2024-31307-d90e5ac159925d0ab3971b3b6d358c41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Share Buttons <= 9.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Social Share Buttons plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 9.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-share-buttons3/"
     google-query: inurl:"/wp-content/plugins/easy-social-share-buttons3/"
     shodan-query: 'vuln:CVE-2024-31307'
-  tags: cve,wordpress,wp-plugin,easy-social-share-buttons3,medium
+  tags: cve,wordpress,wp-plugin,easy-social-share-buttons3,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31308-5f94fd73fc44e0e8d375d47e5fc1e6c1.yaml b/nuclei-templates/2024/CVE-2024-31308-5f94fd73fc44e0e8d375d47e5fc1e6c1.yaml
index 6858a184b5..0b9db8b3a2 100644
--- a/nuclei-templates/2024/CVE-2024-31308-5f94fd73fc44e0e8d375d47e5fc1e6c1.yaml
+++ b/nuclei-templates/2024/CVE-2024-31308-5f94fd73fc44e0e8d375d47e5fc1e6c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Import Export Lite <= 3.9.26 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Import Export Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.9.26 via deserialization of untrusted input. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-import-export-lite/"
     google-query: inurl:"/wp-content/plugins/wp-import-export-lite/"
     shodan-query: 'vuln:CVE-2024-31308'
-  tags: cve,wordpress,wp-plugin,wp-import-export-lite,high
+  tags: cve,wordpress,wp-plugin,wp-import-export-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31344-7876e3e9a0cea227500debf5d1a1674e.yaml b/nuclei-templates/2024/CVE-2024-31344-7876e3e9a0cea227500debf5d1a1674e.yaml
index 07af3e65f2..08fc5492a3 100644
--- a/nuclei-templates/2024/CVE-2024-31344-7876e3e9a0cea227500debf5d1a1674e.yaml
+++ b/nuclei-templates/2024/CVE-2024-31344-7876e3e9a0cea227500debf5d1a1674e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Login Styler – White Label Admin Login Page for WordPress <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Login Styler – White Label Admin Login Page for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-login-styler/"
     google-query: inurl:"/wp-content/plugins/easy-login-styler/"
     shodan-query: 'vuln:CVE-2024-31344'
-  tags: cve,wordpress,wp-plugin,easy-login-styler,medium
+  tags: cve,wordpress,wp-plugin,easy-login-styler,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31345-d78cf00c59cb04a1784e89b4d96527fd.yaml b/nuclei-templates/2024/CVE-2024-31345-d78cf00c59cb04a1784e89b4d96527fd.yaml
index 59dd2884b2..b27bc1b589 100644
--- a/nuclei-templates/2024/CVE-2024-31345-d78cf00c59cb04a1784e89b4d96527fd.yaml
+++ b/nuclei-templates/2024/CVE-2024-31345-d78cf00c59cb04a1784e89b4d96527fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Poster <= 1.2 - Authenticated (Administrator+) Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-poster/"
     google-query: inurl:"/wp-content/plugins/auto-poster/"
     shodan-query: 'vuln:CVE-2024-31345'
-  tags: cve,wordpress,wp-plugin,auto-poster,critical
+  tags: cve,wordpress,wp-plugin,auto-poster,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31346-2b7b5dc8c00ef5d0c5596161adf932c4.yaml b/nuclei-templates/2024/CVE-2024-31346-2b7b5dc8c00ef5d0c5596161adf932c4.yaml
index 6a314f237b..59873359e3 100644
--- a/nuclei-templates/2024/CVE-2024-31346-2b7b5dc8c00ef5d0c5596161adf932c4.yaml
+++ b/nuclei-templates/2024/CVE-2024-31346-2b7b5dc8c00ef5d0c5596161adf932c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gradient Text Widget for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gradient Text Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gradient-text-widget-for-elementor/"
     google-query: inurl:"/wp-content/plugins/gradient-text-widget-for-elementor/"
     shodan-query: 'vuln:CVE-2024-31346'
-  tags: cve,wordpress,wp-plugin,gradient-text-widget-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,gradient-text-widget-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31347-6e8a9152de2bbc5b83be5ce9d45091f1.yaml b/nuclei-templates/2024/CVE-2024-31347-6e8a9152de2bbc5b83be5ce9d45091f1.yaml
index 52884fe897..b1767ac42a 100644
--- a/nuclei-templates/2024/CVE-2024-31347-6e8a9152de2bbc5b83be5ce9d45091f1.yaml
+++ b/nuclei-templates/2024/CVE-2024-31347-6e8a9152de2bbc5b83be5ce9d45091f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tracking Code Manager <= 2.1.0 - Missing Authorization via change_order()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tracking Code Manager plugin for WordPress is vulnerable to unauthorized modification due to a missing capability check on the change_order() function in versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the order of a menu.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tracking-code-manager/"
     google-query: inurl:"/wp-content/plugins/tracking-code-manager/"
     shodan-query: 'vuln:CVE-2024-31347'
-  tags: cve,wordpress,wp-plugin,tracking-code-manager,medium
+  tags: cve,wordpress,wp-plugin,tracking-code-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31348-f50a0c6a3334b6a9833d56ea2fa95097.yaml b/nuclei-templates/2024/CVE-2024-31348-f50a0c6a3334b6a9833d56ea2fa95097.yaml
index 6f3e5306ea..65a63a6fd3 100644
--- a/nuclei-templates/2024/CVE-2024-31348-f50a0c6a3334b6a9833d56ea2fa95097.yaml
+++ b/nuclei-templates/2024/CVE-2024-31348-f50a0c6a3334b6a9833d56ea2fa95097.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonials <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-testimonial/"
     google-query: inurl:"/wp-content/plugins/super-testimonial/"
     shodan-query: 'vuln:CVE-2024-31348'
-  tags: cve,wordpress,wp-plugin,super-testimonial,medium
+  tags: cve,wordpress,wp-plugin,super-testimonial,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31349-827f2e843a499f08614a8388df30f388.yaml b/nuclei-templates/2024/CVE-2024-31349-827f2e843a499f08614a8388df30f388.yaml
index b6901cea6d..99d88df66e 100644
--- a/nuclei-templates/2024/CVE-2024-31349-827f2e843a499f08614a8388df30f388.yaml
+++ b/nuclei-templates/2024/CVE-2024-31349-827f2e843a499f08614a8388df30f388.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailMunch – Grow your Email List <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MailMunch – Grow your Email List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailmunch/"
     google-query: inurl:"/wp-content/plugins/mailmunch/"
     shodan-query: 'vuln:CVE-2024-31349'
-  tags: cve,wordpress,wp-plugin,mailmunch,medium
+  tags: cve,wordpress,wp-plugin,mailmunch,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31350-a0dc813b81ea3eaaf35abcdfd0e51d08.yaml b/nuclei-templates/2024/CVE-2024-31350-a0dc813b81ea3eaaf35abcdfd0e51d08.yaml
index 2965d7348a..b480af3f10 100644
--- a/nuclei-templates/2024/CVE-2024-31350-a0dc813b81ea3eaaf35abcdfd0e51d08.yaml
+++ b/nuclei-templates/2024/CVE-2024-31350-a0dc813b81ea3eaaf35abcdfd0e51d08.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AWP Classifieds <= 4.3.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AWP Classifieds plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/"
     google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/"
     shodan-query: 'vuln:CVE-2024-31350'
-  tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,medium
+  tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31352-bbb33bf45ae299a4c2e1d54441bd6458.yaml b/nuclei-templates/2024/CVE-2024-31352-bbb33bf45ae299a4c2e1d54441bd6458.yaml
index ebef49f2f0..08bc2e4702 100644
--- a/nuclei-templates/2024/CVE-2024-31352-bbb33bf45ae299a4c2e1d54441bd6458.yaml
+++ b/nuclei-templates/2024/CVE-2024-31352-bbb33bf45ae299a4c2e1d54441bd6458.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Email Subscribers & Newsletters plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 5.7.13. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:CVE-2024-31352'
-  tags: cve,wordpress,wp-plugin,email-subscribers,medium
+  tags: cve,wordpress,wp-plugin,email-subscribers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31355-9ed3ad19217255e206c74e32650683d5.yaml b/nuclei-templates/2024/CVE-2024-31355-9ed3ad19217255e206c74e32650683d5.yaml
index 9e1406214c..b92e66fc31 100644
--- a/nuclei-templates/2024/CVE-2024-31355-9ed3ad19217255e206c74e32650683d5.yaml
+++ b/nuclei-templates/2024/CVE-2024-31355-9ed3ad19217255e206c74e32650683d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow Gallery <= 1.7.8 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Slideshow Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-gallery/"
     shodan-query: 'vuln:CVE-2024-31355'
-  tags: cve,wordpress,wp-plugin,slideshow-gallery,critical
+  tags: cve,wordpress,wp-plugin,slideshow-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31356-e27368e4785bcd7f22809f69244573f8.yaml b/nuclei-templates/2024/CVE-2024-31356-e27368e4785bcd7f22809f69244573f8.yaml
index 67ccbf6781..7cd3edb539 100644
--- a/nuclei-templates/2024/CVE-2024-31356-e27368e4785bcd7f22809f69244573f8.yaml
+++ b/nuclei-templates/2024/CVE-2024-31356-e27368e4785bcd7f22809f69244573f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Activity Log <= 1.9 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The User Activity Log plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-activity-log/"
     google-query: inurl:"/wp-content/plugins/user-activity-log/"
     shodan-query: 'vuln:CVE-2024-31356'
-  tags: cve,wordpress,wp-plugin,user-activity-log,critical
+  tags: cve,wordpress,wp-plugin,user-activity-log,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31357-dd1f48796d4f00ba40c7555318c798d9.yaml b/nuclei-templates/2024/CVE-2024-31357-dd1f48796d4f00ba40c7555318c798d9.yaml
index 4db882c4fc..570e0cff88 100644
--- a/nuclei-templates/2024/CVE-2024-31357-dd1f48796d4f00ba40c7555318c798d9.yaml
+++ b/nuclei-templates/2024/CVE-2024-31357-dd1f48796d4f00ba40c7555318c798d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Store Kit Elementor Addons <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Store Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-store-kit/"
     google-query: inurl:"/wp-content/plugins/ultimate-store-kit/"
     shodan-query: 'vuln:CVE-2024-31357'
-  tags: cve,wordpress,wp-plugin,ultimate-store-kit,medium
+  tags: cve,wordpress,wp-plugin,ultimate-store-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31358-aa9afd9a4b3e913533a4ca30d7c2f62e.yaml b/nuclei-templates/2024/CVE-2024-31358-aa9afd9a4b3e913533a4ca30d7c2f62e.yaml
index 8ddbd77a3c..224f208e9f 100644
--- a/nuclei-templates/2024/CVE-2024-31358-aa9afd9a4b3e913533a4ca30d7c2f62e.yaml
+++ b/nuclei-templates/2024/CVE-2024-31358-aa9afd9a4b3e913533a4ca30d7c2f62e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg <= 1.2.67 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.2.67. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/5-stars-rating-funnel/"
     google-query: inurl:"/wp-content/plugins/5-stars-rating-funnel/"
     shodan-query: 'vuln:CVE-2024-31358'
-  tags: cve,wordpress,wp-plugin,5-stars-rating-funnel,medium
+  tags: cve,wordpress,wp-plugin,5-stars-rating-funnel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31359-9460e33e1600fa49d2559c8b2959f093.yaml b/nuclei-templates/2024/CVE-2024-31359-9460e33e1600fa49d2559c8b2959f093.yaml
index 39e051dba0..306911411c 100644
--- a/nuclei-templates/2024/CVE-2024-31359-9460e33e1600fa49d2559c8b2959f093.yaml
+++ b/nuclei-templates/2024/CVE-2024-31359-9460e33e1600fa49d2559c8b2959f093.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premmerce Product Filter for WooCommerce <= 3.7.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Premmerce Product Filter for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-woocommerce-product-filter/"
     google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-product-filter/"
     shodan-query: 'vuln:CVE-2024-31359'
-  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-product-filter,medium
+  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-product-filter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31361-c7b13d17993dc7e235bed80189f9bc22.yaml b/nuclei-templates/2024/CVE-2024-31361-c7b13d17993dc7e235bed80189f9bc22.yaml
index dca1dc5aed..5e4f632e8c 100644
--- a/nuclei-templates/2024/CVE-2024-31361-c7b13d17993dc7e235bed80189f9bc22.yaml
+++ b/nuclei-templates/2024/CVE-2024-31361-c7b13d17993dc7e235bed80189f9bc22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     bunny.net – WordPress CDN Plugin <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The bunny.net – WordPress CDN Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bunnycdn/"
     google-query: inurl:"/wp-content/plugins/bunnycdn/"
     shodan-query: 'vuln:CVE-2024-31361'
-  tags: cve,wordpress,wp-plugin,bunnycdn,medium
+  tags: cve,wordpress,wp-plugin,bunnycdn,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31366-1cf2042a7f76cab8ad8de631e6023745.yaml b/nuclei-templates/2024/CVE-2024-31366-1cf2042a7f76cab8ad8de631e6023745.yaml
index 5a9675330a..85fa2f107f 100644
--- a/nuclei-templates/2024/CVE-2024-31366-1cf2042a7f76cab8ad8de631e6023745.yaml
+++ b/nuclei-templates/2024/CVE-2024-31366-1cf2042a7f76cab8ad8de631e6023745.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Type Builder <= 2.0.8 - Missing Authorization to Arbitrary Post/Page Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Type Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary pages and posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-ptb/"
     google-query: inurl:"/wp-content/plugins/themify-ptb/"
     shodan-query: 'vuln:CVE-2024-31366'
-  tags: cve,wordpress,wp-plugin,themify-ptb,medium
+  tags: cve,wordpress,wp-plugin,themify-ptb,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31367-4f22cc4c7f59ad21868eda159380a421.yaml b/nuclei-templates/2024/CVE-2024-31367-4f22cc4c7f59ad21868eda159380a421.yaml
index 8ddd01d97a..3ad2263e5b 100644
--- a/nuclei-templates/2024/CVE-2024-31367-4f22cc4c7f59ad21868eda159380a421.yaml
+++ b/nuclei-templates/2024/CVE-2024-31367-4f22cc4c7f59ad21868eda159380a421.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Soledad <= 8.4.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Soledad theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 8.4.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/soledad/"
     google-query: inurl:"/wp-content/themes/soledad/"
     shodan-query: 'vuln:CVE-2024-31367'
-  tags: cve,wordpress,wp-theme,soledad,medium
+  tags: cve,wordpress,wp-theme,soledad,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31368-6a8cda00f1080a3aa286a272f860fd12.yaml b/nuclei-templates/2024/CVE-2024-31368-6a8cda00f1080a3aa286a272f860fd12.yaml
index fc23606367..d472440e4c 100644
--- a/nuclei-templates/2024/CVE-2024-31368-6a8cda00f1080a3aa286a272f860fd12.yaml
+++ b/nuclei-templates/2024/CVE-2024-31368-6a8cda00f1080a3aa286a272f860fd12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Soledad <= 8.4.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Soledad theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 8.4.5. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/soledad/"
     google-query: inurl:"/wp-content/themes/soledad/"
     shodan-query: 'vuln:CVE-2024-31368'
-  tags: cve,wordpress,wp-theme,soledad,medium
+  tags: cve,wordpress,wp-theme,soledad,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31370-9466631ad739782449cdf9fdc36419ff.yaml b/nuclei-templates/2024/CVE-2024-31370-9466631ad739782449cdf9fdc36419ff.yaml
index 75de938aea..49d0e0a3a9 100644
--- a/nuclei-templates/2024/CVE-2024-31370-9466631ad739782449cdf9fdc36419ff.yaml
+++ b/nuclei-templates/2024/CVE-2024-31370-9466631ad739782449cdf9fdc36419ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AIKit <= 4.14.1 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The AIKit plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aikit-wordpress-ai-writing-assistant-using-gpt3/"
     google-query: inurl:"/wp-content/plugins/aikit-wordpress-ai-writing-assistant-using-gpt3/"
     shodan-query: 'vuln:CVE-2024-31370'
-  tags: cve,wordpress,wp-plugin,aikit-wordpress-ai-writing-assistant-using-gpt3,critical
+  tags: cve,wordpress,wp-plugin,aikit-wordpress-ai-writing-assistant-using-gpt3,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31375-867cda99b5370418b92599a3b962874f.yaml b/nuclei-templates/2024/CVE-2024-31375-867cda99b5370418b92599a3b962874f.yaml
index 6abc67f2c8..2ea4db8383 100644
--- a/nuclei-templates/2024/CVE-2024-31375-867cda99b5370418b92599a3b962874f.yaml
+++ b/nuclei-templates/2024/CVE-2024-31375-867cda99b5370418b92599a3b962874f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP2LEADS <= 3.2.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP2LEADS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions such as import_maps in versions up to, and including, 3.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp2leads/"
     google-query: inurl:"/wp-content/plugins/wp2leads/"
     shodan-query: 'vuln:CVE-2024-31375'
-  tags: cve,wordpress,wp-plugin,wp2leads,medium
+  tags: cve,wordpress,wp-plugin,wp2leads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31386-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/2024/CVE-2024-31386-086335e3764d29c07c7d7cc4e2750c93.yaml
index ebd2963c26..4861521115 100644
--- a/nuclei-templates/2024/CVE-2024-31386-086335e3764d29c07c7d7cc4e2750c93.yaml
+++ b/nuclei-templates/2024/CVE-2024-31386-086335e3764d29c07c7d7cc4e2750c93.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2024-31386
   metadata:
-    fofa-query: "wp-content/themes/sliding-door/"
-    google-query: inurl:"/wp-content/themes/sliding-door/"
+    fofa-query: "wp-content/themes/panoramic/"
+    google-query: inurl:"/wp-content/themes/panoramic/"
     shodan-query: 'vuln:CVE-2024-31386'
-  tags: cve,wordpress,wp-theme,sliding-door,medium
+  tags: cve,wordpress,wp-theme,panoramic,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/sliding-door/style.css"
+      - "{{BaseURL}}/wp-content/themes/panoramic/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "sliding-door"
+          - "panoramic"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '< 3.4')
\ No newline at end of file
+          - compare_versions(version, '< 1.1.57')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-31387-90c4cbfb7712449319d9759e0ded5087.yaml b/nuclei-templates/2024/CVE-2024-31387-90c4cbfb7712449319d9759e0ded5087.yaml
index c85ba6a539..e6a1d19e9f 100644
--- a/nuclei-templates/2024/CVE-2024-31387-90c4cbfb7712449319d9759e0ded5087.yaml
+++ b/nuclei-templates/2024/CVE-2024-31387-90c4cbfb7712449319d9759e0ded5087.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Like box – Page <= 3.7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Like box – Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-facebook-popup-likebox/"
     google-query: inurl:"/wp-content/plugins/ays-facebook-popup-likebox/"
     shodan-query: 'vuln:CVE-2024-31387'
-  tags: cve,wordpress,wp-plugin,ays-facebook-popup-likebox,medium
+  tags: cve,wordpress,wp-plugin,ays-facebook-popup-likebox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31421-4a55514451127aed8c9fafcd15f7c892.yaml b/nuclei-templates/2024/CVE-2024-31421-4a55514451127aed8c9fafcd15f7c892.yaml
index 9c3dbeb415..f34d529069 100644
--- a/nuclei-templates/2024/CVE-2024-31421-4a55514451127aed8c9fafcd15f7c892.yaml
+++ b/nuclei-templates/2024/CVE-2024-31421-4a55514451127aed8c9fafcd15f7c892.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup by Supsystic <= 1.10.27 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.10.27. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/popup-by-supsystic/"
     shodan-query: 'vuln:CVE-2024-31421'
-  tags: cve,wordpress,wp-plugin,popup-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,popup-by-supsystic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31423-6194829f785c406e2e428c86316d96c5.yaml b/nuclei-templates/2024/CVE-2024-31423-6194829f785c406e2e428c86316d96c5.yaml
index c8e6cf3f08..4d9d88e3ba 100644
--- a/nuclei-templates/2024/CVE-2024-31423-6194829f785c406e2e428c86316d96c5.yaml
+++ b/nuclei-templates/2024/CVE-2024-31423-6194829f785c406e2e428c86316d96c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Accessibility Helper (WAH) <= 0.6.2.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_attachment_alt() function in versions up to, and including, 0.6.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update attachment alts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-accessibility-helper/"
     google-query: inurl:"/wp-content/plugins/wp-accessibility-helper/"
     shodan-query: 'vuln:CVE-2024-31423'
-  tags: cve,wordpress,wp-plugin,wp-accessibility-helper,medium
+  tags: cve,wordpress,wp-plugin,wp-accessibility-helper,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31430-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml b/nuclei-templates/2024/CVE-2024-31430-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml
index c334b679c6..b9f8870972 100644
--- a/nuclei-templates/2024/CVE-2024-31430-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml
+++ b/nuclei-templates/2024/CVE-2024-31430-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2024-31430
   metadata:
-    fofa-query: "wp-content/plugins/woo-bulk-editor/"
-    google-query: inurl:"/wp-content/plugins/woo-bulk-editor/"
+    fofa-query: "wp-content/plugins/bulk-editor/"
+    google-query: inurl:"/wp-content/plugins/bulk-editor/"
     shodan-query: 'vuln:CVE-2024-31430'
-  tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,bulk-editor,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/bulk-editor/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "woo-bulk-editor"
+          - "bulk-editor"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.1.4.1')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.8.1')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-31432-bf0fefcefc90da6dc2662202215f7095.yaml b/nuclei-templates/2024/CVE-2024-31432-bf0fefcefc90da6dc2662202215f7095.yaml
index a42012b709..47d2cc6b93 100644
--- a/nuclei-templates/2024/CVE-2024-31432-bf0fefcefc90da6dc2662202215f7095.yaml
+++ b/nuclei-templates/2024/CVE-2024-31432-bf0fefcefc90da6dc2662202215f7095.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restrict Content <= 3.2.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Restrict Content plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_opt_in_get_status() function in versions up to, and including, 3.2.8. This makes it possible for unauthenticated attackers to update opt in status.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restrict-content/"
     google-query: inurl:"/wp-content/plugins/restrict-content/"
     shodan-query: 'vuln:CVE-2024-31432'
-  tags: cve,wordpress,wp-plugin,restrict-content,medium
+  tags: cve,wordpress,wp-plugin,restrict-content,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31435-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/2024/CVE-2024-31435-6ac56b73dfbde68009426ab1366ff6c2.yaml
index bfd2ce8e24..4478cbaae6 100644
--- a/nuclei-templates/2024/CVE-2024-31435-6ac56b73dfbde68009426ab1366ff6c2.yaml
+++ b/nuclei-templates/2024/CVE-2024-31435-6ac56b73dfbde68009426ab1366ff6c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inisev Analyst Module <= Various Versions - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple plugins and/or themes by Inisev for WordPress are vulnerable to unauthorized access due to a missing capability check on several functions in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2024-31435
   metadata:
-    fofa-query: "wp-content/plugins/http-https-remover/"
-    google-query: inurl:"/wp-content/plugins/http-https-remover/"
+    fofa-query: "wp-content/plugins/enhanced-text-widget/"
+    google-query: inurl:"/wp-content/plugins/enhanced-text-widget/"
     shodan-query: 'vuln:CVE-2024-31435'
-  tags: cve,wordpress,wp-plugin,http-https-remover,medium
+  tags: cve,wordpress,wp-plugin,enhanced-text-widget,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/http-https-remover/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/enhanced-text-widget/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "http-https-remover"
+          - "enhanced-text-widget"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.2.6')
\ No newline at end of file
+          - compare_versions(version, '<= 1.6.4')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-3161-a2e686465d8672ec5bf29632e66237cf.yaml b/nuclei-templates/2024/CVE-2024-3161-a2e686465d8672ec5bf29632e66237cf.yaml
index c569aa183a..26d6166103 100644
--- a/nuclei-templates/2024/CVE-2024-3161-a2e686465d8672ec5bf29632e66237cf.yaml
+++ b/nuclei-templates/2024/CVE-2024-3161-a2e686465d8672ec5bf29632e66237cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jeg-elementor-kit/"
     google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/"
     shodan-query: 'vuln:CVE-2024-3161'
-  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,medium
+  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3162-fc806cfd6ed4dc072c39a0980e8091bc.yaml b/nuclei-templates/2024/CVE-2024-3162-fc806cfd6ed4dc072c39a0980e8091bc.yaml
index 462668cd7d..a8f539c02d 100644
--- a/nuclei-templates/2024/CVE-2024-3162-fc806cfd6ed4dc072c39a0980e8091bc.yaml
+++ b/nuclei-templates/2024/CVE-2024-3162-fc806cfd6ed4dc072c39a0980e8091bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32721 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jeg-elementor-kit/"
     google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/"
     shodan-query: 'vuln:CVE-2024-3162'
-  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,medium
+  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3167-675e6b4bb186a17f8fbe362e07f780dc.yaml b/nuclei-templates/2024/CVE-2024-3167-675e6b4bb186a17f8fbe362e07f780dc.yaml
index 1aad9e1543..faba315395 100644
--- a/nuclei-templates/2024/CVE-2024-3167-675e6b4bb186a17f8fbe362e07f780dc.yaml
+++ b/nuclei-templates/2024/CVE-2024-3167-675e6b4bb186a17f8fbe362e07f780dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ocean Extra <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ocean-extra/"
     google-query: inurl:"/wp-content/plugins/ocean-extra/"
     shodan-query: 'vuln:CVE-2024-3167'
-  tags: cve,wordpress,wp-plugin,ocean-extra,medium
+  tags: cve,wordpress,wp-plugin,ocean-extra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3188-f46955793d003bf5208172175382fed1.yaml b/nuclei-templates/2024/CVE-2024-3188-f46955793d003bf5208172175382fed1.yaml
index 0e285686dc..836aafde2b 100644
--- a/nuclei-templates/2024/CVE-2024-3188-f46955793d003bf5208172175382fed1.yaml
+++ b/nuclei-templates/2024/CVE-2024-3188-f46955793d003bf5208172175382fed1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes Ultimate <= 7.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_dailymotion shortcode in all versions, up to and including 7.0.5, due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2024-3188'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31925-0ef9782b82fa8d84264b6b12b21ce750.yaml b/nuclei-templates/2024/CVE-2024-31925-0ef9782b82fa8d84264b6b12b21ce750.yaml
index 4177fca06d..4a422e0369 100644
--- a/nuclei-templates/2024/CVE-2024-31925-0ef9782b82fa8d84264b6b12b21ce750.yaml
+++ b/nuclei-templates/2024/CVE-2024-31925-0ef9782b82fa8d84264b6b12b21ce750.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     F4 Improvements <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/f4-improvements/"
     google-query: inurl:"/wp-content/plugins/f4-improvements/"
     shodan-query: 'vuln:CVE-2024-31925'
-  tags: cve,wordpress,wp-plugin,f4-improvements,medium
+  tags: cve,wordpress,wp-plugin,f4-improvements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31926-330ef9633d0984d1501cc01b4833593f.yaml b/nuclei-templates/2024/CVE-2024-31926-330ef9633d0984d1501cc01b4833593f.yaml
index 6cdfcc4585..facfa2e9ff 100644
--- a/nuclei-templates/2024/CVE-2024-31926-330ef9633d0984d1501cc01b4833593f.yaml
+++ b/nuclei-templates/2024/CVE-2024-31926-330ef9633d0984d1501cc01b4833593f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Cron Manager – debug & control  <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Cron Manager – debug & control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-cron-manager/"
     google-query: inurl:"/wp-content/plugins/advanced-cron-manager/"
     shodan-query: 'vuln:CVE-2024-31926'
-  tags: cve,wordpress,wp-plugin,advanced-cron-manager,medium
+  tags: cve,wordpress,wp-plugin,advanced-cron-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31927-73c1cd9e5bfe098bfeb3d4b81b96f05b.yaml b/nuclei-templates/2024/CVE-2024-31927-73c1cd9e5bfe098bfeb3d4b81b96f05b.yaml
index e175780b24..db6b5365be 100644
--- a/nuclei-templates/2024/CVE-2024-31927-73c1cd9e5bfe098bfeb3d4b81b96f05b.yaml
+++ b/nuclei-templates/2024/CVE-2024-31927-73c1cd9e5bfe098bfeb3d4b81b96f05b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Login and Logout Redirect <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Login and Logout Redirect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-login-and-logout-redirect/"
     google-query: inurl:"/wp-content/plugins/wp-login-and-logout-redirect/"
     shodan-query: 'vuln:CVE-2024-31927'
-  tags: cve,wordpress,wp-plugin,wp-login-and-logout-redirect,medium
+  tags: cve,wordpress,wp-plugin,wp-login-and-logout-redirect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31928-f8df3f710c2acd675329722d570c9bc9.yaml b/nuclei-templates/2024/CVE-2024-31928-f8df3f710c2acd675329722d570c9bc9.yaml
index 491db66035..225f1adbe3 100644
--- a/nuclei-templates/2024/CVE-2024-31928-f8df3f710c2acd675329722d570c9bc9.yaml
+++ b/nuclei-templates/2024/CVE-2024-31928-f8df3f710c2acd675329722d570c9bc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Top Bar  <= 3.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/top-bar/"
     google-query: inurl:"/wp-content/plugins/top-bar/"
     shodan-query: 'vuln:CVE-2024-31928'
-  tags: cve,wordpress,wp-plugin,top-bar,medium
+  tags: cve,wordpress,wp-plugin,top-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31929-87fe64aef58d57af2256ba27b8518630.yaml b/nuclei-templates/2024/CVE-2024-31929-87fe64aef58d57af2256ba27b8518630.yaml
index e0c0b5f2db..3569e029c0 100644
--- a/nuclei-templates/2024/CVE-2024-31929-87fe64aef58d57af2256ba27b8518630.yaml
+++ b/nuclei-templates/2024/CVE-2024-31929-87fe64aef58d57af2256ba27b8518630.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Intagrate Lite <= 1.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Intagrate Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instagrate-to-wordpress/"
     google-query: inurl:"/wp-content/plugins/instagrate-to-wordpress/"
     shodan-query: 'vuln:CVE-2024-31929'
-  tags: cve,wordpress,wp-plugin,instagrate-to-wordpress,medium
+  tags: cve,wordpress,wp-plugin,instagrate-to-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31930-1cdee5629acdb013a2031fc71ce18e3f.yaml b/nuclei-templates/2024/CVE-2024-31930-1cdee5629acdb013a2031fc71ce18e3f.yaml
index 4ee1dc5c59..7c4ae3889b 100644
--- a/nuclei-templates/2024/CVE-2024-31930-1cdee5629acdb013a2031fc71ce18e3f.yaml
+++ b/nuclei-templates/2024/CVE-2024-31930-1cdee5629acdb013a2031fc71ce18e3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Save as PDF  <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/save-as-pdf-by-pdfcrowd/"
     google-query: inurl:"/wp-content/plugins/save-as-pdf-by-pdfcrowd/"
     shodan-query: 'vuln:CVE-2024-31930'
-  tags: cve,wordpress,wp-plugin,save-as-pdf-by-pdfcrowd,medium
+  tags: cve,wordpress,wp-plugin,save-as-pdf-by-pdfcrowd,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31931-e66b394b6ca847ce34ca3e1d63c12c27.yaml b/nuclei-templates/2024/CVE-2024-31931-e66b394b6ca847ce34ca3e1d63c12c27.yaml
index 56c598727e..723ed7bf34 100644
--- a/nuclei-templates/2024/CVE-2024-31931-e66b394b6ca847ce34ca3e1d63c12c27.yaml
+++ b/nuclei-templates/2024/CVE-2024-31931-e66b394b6ca847ce34ca3e1d63c12c27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Save as Image  <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Save as Image Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/save-as-image-by-pdfcrowd/"
     google-query: inurl:"/wp-content/plugins/save-as-image-by-pdfcrowd/"
     shodan-query: 'vuln:CVE-2024-31931'
-  tags: cve,wordpress,wp-plugin,save-as-image-by-pdfcrowd,medium
+  tags: cve,wordpress,wp-plugin,save-as-image-by-pdfcrowd,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-31937-8e9a9f02c6675b20e9272fbaa352217c.yaml b/nuclei-templates/2024/CVE-2024-31937-8e9a9f02c6675b20e9272fbaa352217c.yaml
index e7e7ccc997..e477af6ac9 100644
--- a/nuclei-templates/2024/CVE-2024-31937-8e9a9f02c6675b20e9272fbaa352217c.yaml
+++ b/nuclei-templates/2024/CVE-2024-31937-8e9a9f02c6675b20e9272fbaa352217c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TWIPLA (Visitor Analytics IO) <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visitor-analytics-io/"
     google-query: inurl:"/wp-content/plugins/visitor-analytics-io/"
     shodan-query: 'vuln:CVE-2024-31937'
-  tags: cve,wordpress,wp-plugin,visitor-analytics-io,medium
+  tags: cve,wordpress,wp-plugin,visitor-analytics-io,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3197-20984fc62bd28bb51dbd02e6ae5eacfc.yaml b/nuclei-templates/2024/CVE-2024-3197-20984fc62bd28bb51dbd02e6ae5eacfc.yaml
index efef84367e..7c197b92d5 100644
--- a/nuclei-templates/2024/CVE-2024-3197-20984fc62bd28bb51dbd02e6ae5eacfc.yaml
+++ b/nuclei-templates/2024/CVE-2024-3197-20984fc62bd28bb51dbd02e6ae5eacfc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-3197'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3199-3d06eee6979cba3a65776c3770040194.yaml b/nuclei-templates/2024/CVE-2024-3199-3d06eee6979cba3a65776c3770040194.yaml
index 8045a24674..1a3aa8d834 100644
--- a/nuclei-templates/2024/CVE-2024-3199-3d06eee6979cba3a65776c3770040194.yaml
+++ b/nuclei-templates/2024/CVE-2024-3199-3d06eee6979cba3a65776c3770040194.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-3199'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3206-793865077bcac4ea4b5fe53bac436ec4.yaml b/nuclei-templates/2024/CVE-2024-3206-793865077bcac4ea4b5fe53bac436ec4.yaml
index 33ed1e442e..70959cdd8e 100644
--- a/nuclei-templates/2024/CVE-2024-3206-793865077bcac4ea4b5fe53bac436ec4.yaml
+++ b/nuclei-templates/2024/CVE-2024-3206-793865077bcac4ea4b5fe53bac436ec4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Different Menu in Different Pages – Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax() function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate menus.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/different-menus-in-different-pages/"
     google-query: inurl:"/wp-content/plugins/different-menus-in-different-pages/"
     shodan-query: 'vuln:CVE-2024-3206'
-  tags: cve,wordpress,wp-plugin,different-menus-in-different-pages,medium
+  tags: cve,wordpress,wp-plugin,different-menus-in-different-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32078-351dfe17aa9c41d161fbfba3138330fd.yaml b/nuclei-templates/2024/CVE-2024-32078-351dfe17aa9c41d161fbfba3138330fd.yaml
index d454f79cc0..dda808c1bb 100644
--- a/nuclei-templates/2024/CVE-2024-32078-351dfe17aa9c41d161fbfba3138330fd.yaml
+++ b/nuclei-templates/2024/CVE-2024-32078-351dfe17aa9c41d161fbfba3138330fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player <= 7.5.44.7212 - Authenticated (Contributor+) Arbitrary Redirect
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FV Flowplayer Video Player plugin for WordPress is vulnerable to unauthorized redirects in all versions up to, and including, 7.5.44.7212. This is due to the plugin not restricting contributor and above users from being able to add redirects at the end of videos. This makes it possible for authenticated attackers, with contributor-level access and above, to redirect administrators to arbitrary sites that can be malicious.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:CVE-2024-32078'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32079-8cb4e5d28c572c7b2415f308b23aba3c.yaml b/nuclei-templates/2024/CVE-2024-32079-8cb4e5d28c572c7b2415f308b23aba3c.yaml
index 2ee2eb06c6..7d0432fa2b 100644
--- a/nuclei-templates/2024/CVE-2024-32079-8cb4e5d28c572c7b2415f308b23aba3c.yaml
+++ b/nuclei-templates/2024/CVE-2024-32079-8cb4e5d28c572c7b2415f308b23aba3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced iFrame <= 2024.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2024.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-iframe/"
     google-query: inurl:"/wp-content/plugins/advanced-iframe/"
     shodan-query: 'vuln:CVE-2024-32079'
-  tags: cve,wordpress,wp-plugin,advanced-iframe,medium
+  tags: cve,wordpress,wp-plugin,advanced-iframe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3208-c87a07214ae94f7db769181aa46e6e3e.yaml b/nuclei-templates/2024/CVE-2024-3208-c87a07214ae94f7db769181aa46e6e3e.yaml
index 6a4861da57..d663d941b9 100644
--- a/nuclei-templates/2024/CVE-2024-3208-c87a07214ae94f7db769181aa46e6e3e.yaml
+++ b/nuclei-templates/2024/CVE-2024-3208-c87a07214ae94f7db769181aa46e6e3e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sydney Toolbox <= 1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sydney-toolbox/"
     google-query: inurl:"/wp-content/plugins/sydney-toolbox/"
     shodan-query: 'vuln:CVE-2024-3208'
-  tags: cve,wordpress,wp-plugin,sydney-toolbox,medium
+  tags: cve,wordpress,wp-plugin,sydney-toolbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32080-f19084b39601e7bc7ba34fa7ad78104e.yaml b/nuclei-templates/2024/CVE-2024-32080-f19084b39601e7bc7ba34fa7ad78104e.yaml
index a854e3be05..c4040c6a56 100644
--- a/nuclei-templates/2024/CVE-2024-32080-f19084b39601e7bc7ba34fa7ad78104e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32080-f19084b39601e7bc7ba34fa7ad78104e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Search Keyword Redirect <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Search Keyword Redirect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-search-keyword-redirect/"
     google-query: inurl:"/wp-content/plugins/wp-search-keyword-redirect/"
     shodan-query: 'vuln:CVE-2024-32080'
-  tags: cve,wordpress,wp-plugin,wp-search-keyword-redirect,medium
+  tags: cve,wordpress,wp-plugin,wp-search-keyword-redirect,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32081-7ec734b1370cfa2c11baf0ce838e63f7.yaml b/nuclei-templates/2024/CVE-2024-32081-7ec734b1370cfa2c11baf0ce838e63f7.yaml
index 29ddf999a3..63b26ed23b 100644
--- a/nuclei-templates/2024/CVE-2024-32081-7ec734b1370cfa2c11baf0ce838e63f7.yaml
+++ b/nuclei-templates/2024/CVE-2024-32081-7ec734b1370cfa2c11baf0ce838e63f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Filter Custom Fields & Taxonomies Light <= 1.05 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Filter Custom Fields & Taxonomies Light plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.05. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filter-custom-fields-taxonomies-light/"
     google-query: inurl:"/wp-content/plugins/filter-custom-fields-taxonomies-light/"
     shodan-query: 'vuln:CVE-2024-32081'
-  tags: cve,wordpress,wp-plugin,filter-custom-fields-taxonomies-light,medium
+  tags: cve,wordpress,wp-plugin,filter-custom-fields-taxonomies-light,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32083-27956200aea3cb3bd27e1108bb27c97b.yaml b/nuclei-templates/2024/CVE-2024-32083-27956200aea3cb3bd27e1108bb27c97b.yaml
index f74919ee78..31c5b33968 100644
--- a/nuclei-templates/2024/CVE-2024-32083-27956200aea3cb3bd27e1108bb27c97b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32083-27956200aea3cb3bd27e1108bb27c97b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Logo <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easylogo/"
     google-query: inurl:"/wp-content/plugins/easylogo/"
     shodan-query: 'vuln:CVE-2024-32083'
-  tags: cve,wordpress,wp-plugin,easylogo,medium
+  tags: cve,wordpress,wp-plugin,easylogo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32087-0c6025826e5726423a84ca94ebcaa441.yaml b/nuclei-templates/2024/CVE-2024-32087-0c6025826e5726423a84ca94ebcaa441.yaml
index 29b3291f9b..c8e2e3de8a 100644
--- a/nuclei-templates/2024/CVE-2024-32087-0c6025826e5726423a84ca94ebcaa441.yaml
+++ b/nuclei-templates/2024/CVE-2024-32087-0c6025826e5726423a84ca94ebcaa441.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Product Feed on WooCommerce for Google plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-32087'
-  tags: cve,wordpress,wp-plugin,purple-xmls-google-product-feed-for-woocommerce,critical
+  tags: cve,wordpress,wp-plugin,purple-xmls-google-product-feed-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32098-6868a3f667554717afcb5780d663774e.yaml b/nuclei-templates/2024/CVE-2024-32098-6868a3f667554717afcb5780d663774e.yaml
index fff3e3decd..567449b7cb 100644
--- a/nuclei-templates/2024/CVE-2024-32098-6868a3f667554717afcb5780d663774e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32098-6868a3f667554717afcb5780d663774e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Advanced Page Visit Counter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-page-visit-counter/"
     google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/"
     shodan-query: 'vuln:CVE-2024-32098'
-  tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,critical
+  tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3210-1f71e71cd24bceed84937a152a603cb2.yaml b/nuclei-templates/2024/CVE-2024-3210-1f71e71cd24bceed84937a152a603cb2.yaml
index e16cb8c658..b5b4764a22 100644
--- a/nuclei-templates/2024/CVE-2024-3210-1f71e71cd24bceed84937a152a603cb2.yaml
+++ b/nuclei-templates/2024/CVE-2024-3210-1f71e71cd24bceed84937a152a603cb2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-avatar/"
     google-query: inurl:"/wp-content/plugins/wp-user-avatar/"
     shodan-query: 'vuln:CVE-2024-3210'
-  tags: cve,wordpress,wp-plugin,wp-user-avatar,medium
+  tags: cve,wordpress,wp-plugin,wp-user-avatar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3211-2b72a770047348328de1929b10696b75.yaml b/nuclei-templates/2024/CVE-2024-3211-2b72a770047348328de1929b10696b75.yaml
index 5bd876c09e..1dbc6e4dc0 100644
--- a/nuclei-templates/2024/CVE-2024-3211-2b72a770047348328de1929b10696b75.yaml
+++ b/nuclei-templates/2024/CVE-2024-3211-2b72a770047348328de1929b10696b75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easycart/"
     google-query: inurl:"/wp-content/plugins/wp-easycart/"
     shodan-query: 'vuln:CVE-2024-3211'
-  tags: cve,wordpress,wp-plugin,wp-easycart,high
+  tags: cve,wordpress,wp-plugin,wp-easycart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32110-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/2024/CVE-2024-32110-83be4877901e862ff402253df3e3d6d7.yaml
index e19c2ec97e..6a0c23cddc 100644
--- a/nuclei-templates/2024/CVE-2024-32110-83be4877901e862ff402253df3e3d6d7.yaml
+++ b/nuclei-templates/2024/CVE-2024-32110-83be4877901e862ff402253df3e3d6d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout function in versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to opt-in or opt-out of tracking. This was patched in version 2.0.1 of Appsero with a nonce check.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2024-32110
   metadata:
-    fofa-query: "wp-content/plugins/subscribe2/"
-    google-query: inurl:"/wp-content/plugins/subscribe2/"
+    fofa-query: "wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/"
+    google-query: inurl:"/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/"
     shodan-query: 'vuln:CVE-2024-32110'
-  tags: cve,wordpress,wp-plugin,subscribe2,medium
+  tags: cve,wordpress,wp-plugin,unlimited-elementor-inner-sections-by-boomdevs,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/subscribe2/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "subscribe2"
+          - "unlimited-elementor-inner-sections-by-boomdevs"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 10.42')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.4')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-32125-32308cb2a86eba1af06f28c633448e1e.yaml b/nuclei-templates/2024/CVE-2024-32125-32308cb2a86eba1af06f28c633448e1e.yaml
index 2190dc2a8b..ed07311918 100644
--- a/nuclei-templates/2024/CVE-2024-32125-32308cb2a86eba1af06f28c633448e1e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32125-32308cb2a86eba1af06f28c633448e1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BA Book Everything <= 1.6.4 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The BA Book Everything plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ba-book-everything/"
     google-query: inurl:"/wp-content/plugins/ba-book-everything/"
     shodan-query: 'vuln:CVE-2024-32125'
-  tags: cve,wordpress,wp-plugin,ba-book-everything,critical
+  tags: cve,wordpress,wp-plugin,ba-book-everything,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32126-25e251a3406c9b35d33175212bd58aef.yaml b/nuclei-templates/2024/CVE-2024-32126-25e251a3406c9b35d33175212bd58aef.yaml
index 1193b979ce..e907f188e0 100644
--- a/nuclei-templates/2024/CVE-2024-32126-25e251a3406c9b35d33175212bd58aef.yaml
+++ b/nuclei-templates/2024/CVE-2024-32126-25e251a3406c9b35d33175212bd58aef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Navigation menu as Dropdown Widget <= 1.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Navigation menu as Dropdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/navigation-menu-as-dropdown-widget/"
     google-query: inurl:"/wp-content/plugins/navigation-menu-as-dropdown-widget/"
     shodan-query: 'vuln:CVE-2024-32126'
-  tags: cve,wordpress,wp-plugin,navigation-menu-as-dropdown-widget,medium
+  tags: cve,wordpress,wp-plugin,navigation-menu-as-dropdown-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32127-4976580f662d856b0ec790e30c784e5a.yaml b/nuclei-templates/2024/CVE-2024-32127-4976580f662d856b0ec790e30c784e5a.yaml
index 47b7a243f3..2e30f33021 100644
--- a/nuclei-templates/2024/CVE-2024-32127-4976580f662d856b0ec790e30c784e5a.yaml
+++ b/nuclei-templates/2024/CVE-2024-32127-4976580f662d856b0ec790e30c784e5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Find Duplicates plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/find-duplicates/"
     google-query: inurl:"/wp-content/plugins/find-duplicates/"
     shodan-query: 'vuln:CVE-2024-32127'
-  tags: cve,wordpress,wp-plugin,find-duplicates,critical
+  tags: cve,wordpress,wp-plugin,find-duplicates,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3213-b595d6fc7446c3f09ff44c55f79ffecc.yaml b/nuclei-templates/2024/CVE-2024-3213-b595d6fc7446c3f09ff44c55f79ffecc.yaml
index dc32b5c85c..c6526731b6 100644
--- a/nuclei-templates/2024/CVE-2024-3213-b595d6fc7446c3f09ff44c55f79ffecc.yaml
+++ b/nuclei-templates/2024/CVE-2024-3213-b595d6fc7446c3f09ff44c55f79ffecc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevanssi – A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2024-3213
   metadata:
-    fofa-query: "wp-content/plugins/relevanssi-premium/"
-    google-query: inurl:"/wp-content/plugins/relevanssi-premium/"
+    fofa-query: "wp-content/plugins/relevanssi/"
+    google-query: inurl:"/wp-content/plugins/relevanssi/"
     shodan-query: 'vuln:CVE-2024-3213'
-  tags: cve,wordpress,wp-plugin,relevanssi-premium,medium
+  tags: cve,wordpress,wp-plugin,relevanssi,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/relevanssi-premium/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/relevanssi/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "relevanssi-premium"
+          - "relevanssi"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.25.1')
\ No newline at end of file
+          - compare_versions(version, '<= 4.22.1')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-32132-4eab0b03120e29e0608c25e79fc1f7b1.yaml b/nuclei-templates/2024/CVE-2024-32132-4eab0b03120e29e0608c25e79fc1f7b1.yaml
index e88a110b47..9f20974a76 100644
--- a/nuclei-templates/2024/CVE-2024-32132-4eab0b03120e29e0608c25e79fc1f7b1.yaml
+++ b/nuclei-templates/2024/CVE-2024-32132-4eab0b03120e29e0608c25e79fc1f7b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CBX Bookmark & Favorite <= 1.7.20 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The CBX Bookmark & Favorite plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cbxwpbookmark/"
     google-query: inurl:"/wp-content/plugins/cbxwpbookmark/"
     shodan-query: 'vuln:CVE-2024-32132'
-  tags: cve,wordpress,wp-plugin,cbxwpbookmark,critical
+  tags: cve,wordpress,wp-plugin,cbxwpbookmark,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32134-fdb7464284f0e3f92d05bc404992df2d.yaml b/nuclei-templates/2024/CVE-2024-32134-fdb7464284f0e3f92d05bc404992df2d.yaml
index 8481cfb976..4d7b69d7c1 100644
--- a/nuclei-templates/2024/CVE-2024-32134-fdb7464284f0e3f92d05bc404992df2d.yaml
+++ b/nuclei-templates/2024/CVE-2024-32134-fdb7464284f0e3f92d05bc404992df2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook <= 1.1.12 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forms-to-zapier/"
     google-query: inurl:"/wp-content/plugins/forms-to-zapier/"
     shodan-query: 'vuln:CVE-2024-32134'
-  tags: cve,wordpress,wp-plugin,forms-to-zapier,critical
+  tags: cve,wordpress,wp-plugin,forms-to-zapier,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32135-51b13cbe3f0c79746e5808bdafa8107c.yaml b/nuclei-templates/2024/CVE-2024-32135-51b13cbe3f0c79746e5808bdafa8107c.yaml
index 5a3baac778..cfe8761063 100644
--- a/nuclei-templates/2024/CVE-2024-32135-51b13cbe3f0c79746e5808bdafa8107c.yaml
+++ b/nuclei-templates/2024/CVE-2024-32135-51b13cbe3f0c79746e5808bdafa8107c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Disable Comments | WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Disable Comments | WPZest plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.51 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/disable-comments-wpz/"
     google-query: inurl:"/wp-content/plugins/disable-comments-wpz/"
     shodan-query: 'vuln:CVE-2024-32135'
-  tags: cve,wordpress,wp-plugin,disable-comments-wpz,critical
+  tags: cve,wordpress,wp-plugin,disable-comments-wpz,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32136-1fb9c20f2dc722c53163029233b7680b.yaml b/nuclei-templates/2024/CVE-2024-32136-1fb9c20f2dc722c53163029233b7680b.yaml
index be69bbe4f9..958c419cc7 100644
--- a/nuclei-templates/2024/CVE-2024-32136-1fb9c20f2dc722c53163029233b7680b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32136-1fb9c20f2dc722c53163029233b7680b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BWL Advanced FAQ Manager <= 2.0.3 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bwl-advanced-faq-manager/"
     google-query: inurl:"/wp-content/plugins/bwl-advanced-faq-manager/"
     shodan-query: 'vuln:CVE-2024-32136'
-  tags: cve,wordpress,wp-plugin,bwl-advanced-faq-manager,critical
+  tags: cve,wordpress,wp-plugin,bwl-advanced-faq-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32137-580004f61a42f3e8c462a7bbd946dd47.yaml b/nuclei-templates/2024/CVE-2024-32137-580004f61a42f3e8c462a7bbd946dd47.yaml
index 8ad11440a5..38645d369b 100644
--- a/nuclei-templates/2024/CVE-2024-32137-580004f61a42f3e8c462a7bbd946dd47.yaml
+++ b/nuclei-templates/2024/CVE-2024-32137-580004f61a42f3e8c462a7bbd946dd47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The User Activity Log Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-activity-log-pro/"
     google-query: inurl:"/wp-content/plugins/user-activity-log-pro/"
     shodan-query: 'vuln:CVE-2024-32137'
-  tags: cve,wordpress,wp-plugin,user-activity-log-pro,critical
+  tags: cve,wordpress,wp-plugin,user-activity-log-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32139-f7d71098b8867ed535059e5ab72f5309.yaml b/nuclei-templates/2024/CVE-2024-32139-f7d71098b8867ed535059e5ab72f5309.yaml
index 40001489d2..d3c872c1c4 100644
--- a/nuclei-templates/2024/CVE-2024-32139-f7d71098b8867ed535059e5ab72f5309.yaml
+++ b/nuclei-templates/2024/CVE-2024-32139-f7d71098b8867ed535059e5ab72f5309.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Podcast Publisher <= 4.0.12 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Podlove Podcast Publisher plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2024-32139'
-  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,critical
+  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3214-9456cea40ce6ea28f05bb2ff20b05594.yaml b/nuclei-templates/2024/CVE-2024-3214-9456cea40ce6ea28f05bb2ff20b05594.yaml
index a852db5548..4b89b2064c 100644
--- a/nuclei-templates/2024/CVE-2024-3214-9456cea40ce6ea28f05bb2ff20b05594.yaml
+++ b/nuclei-templates/2024/CVE-2024-3214-9456cea40ce6ea28f05bb2ff20b05594.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.8
     cve-id: CVE-2024-3214
   metadata:
-    fofa-query: "wp-content/plugins/relevanssi-premium/"
-    google-query: inurl:"/wp-content/plugins/relevanssi-premium/"
+    fofa-query: "wp-content/plugins/relevanssi/"
+    google-query: inurl:"/wp-content/plugins/relevanssi/"
     shodan-query: 'vuln:CVE-2024-3214'
-  tags: cve,wordpress,wp-plugin,relevanssi-premium,medium
+  tags: cve,wordpress,wp-plugin,relevanssi,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/relevanssi-premium/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/relevanssi/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "relevanssi-premium"
+          - "relevanssi"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.25.1')
\ No newline at end of file
+          - compare_versions(version, '<= 4.22.1')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-32140-61f36ff0df93fb03b2b83d8b189aa894.yaml b/nuclei-templates/2024/CVE-2024-32140-61f36ff0df93fb03b2b83d8b189aa894.yaml
index 9653025339..c0741abce6 100644
--- a/nuclei-templates/2024/CVE-2024-32140-61f36ff0df93fb03b2b83d8b189aa894.yaml
+++ b/nuclei-templates/2024/CVE-2024-32140-61f36ff0df93fb03b2b83d8b189aa894.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Libsyn Publisher Hub <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Libsyn Publisher Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/libsyn-podcasting/"
     google-query: inurl:"/wp-content/plugins/libsyn-podcasting/"
     shodan-query: 'vuln:CVE-2024-32140'
-  tags: cve,wordpress,wp-plugin,libsyn-podcasting,medium
+  tags: cve,wordpress,wp-plugin,libsyn-podcasting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32142-965d06634426ae72a55053fa07ab23f9.yaml b/nuclei-templates/2024/CVE-2024-32142-965d06634426ae72a55053fa07ab23f9.yaml
index 43f5d4a5b7..e0dadabe80 100644
--- a/nuclei-templates/2024/CVE-2024-32142-965d06634426ae72a55053fa07ab23f9.yaml
+++ b/nuclei-templates/2024/CVE-2024-32142-965d06634426ae72a55053fa07ab23f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ovic Responsive WPBakery <= 1.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ovic Responsive WPBakery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ovic-vc-addon/"
     google-query: inurl:"/wp-content/plugins/ovic-vc-addon/"
     shodan-query: 'vuln:CVE-2024-32142'
-  tags: cve,wordpress,wp-plugin,ovic-vc-addon,medium
+  tags: cve,wordpress,wp-plugin,ovic-vc-addon,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32143-5bb8fe4f6089667dd51c2e2e1a9444ca.yaml b/nuclei-templates/2024/CVE-2024-32143-5bb8fe4f6089667dd51c2e2e1a9444ca.yaml
index f196e125f7..750314a88e 100644
--- a/nuclei-templates/2024/CVE-2024-32143-5bb8fe4f6089667dd51c2e2e1a9444ca.yaml
+++ b/nuclei-templates/2024/CVE-2024-32143-5bb8fe4f6089667dd51c2e2e1a9444ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Podcast Publisher <= 4.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions such as do_repair() in versions up to, and including, 4.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2024-32143'
-  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32144-4cfd2c744e2f57cb62950af3a51becf5.yaml b/nuclei-templates/2024/CVE-2024-32144-4cfd2c744e2f57cb62950af3a51becf5.yaml
index 49b24e05e0..5a56d6a055 100644
--- a/nuclei-templates/2024/CVE-2024-32144-4cfd2c744e2f57cb62950af3a51becf5.yaml
+++ b/nuclei-templates/2024/CVE-2024-32144-4cfd2c744e2f57cb62950af3a51becf5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.9.14 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the usces_item_duplicate() function in versions up to, and including, 2.9.14. This makes it possible for authenticated attackers, with author-level access and above, to duplicate other authors posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:CVE-2024-32144'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
+  tags: cve,wordpress,wp-plugin,usc-e-shop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32146-5012da2be4de20cb472aea0abf71670b.yaml b/nuclei-templates/2024/CVE-2024-32146-5012da2be4de20cb472aea0abf71670b.yaml
index 964dfa32fb..4ee5161340 100644
--- a/nuclei-templates/2024/CVE-2024-32146-5012da2be4de20cb472aea0abf71670b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32146-5012da2be4de20cb472aea0abf71670b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Aspose.Words Exporter <= 6.3.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Aspose.Words – Import and Export word documents plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aspose-doc-exporter/"
     google-query: inurl:"/wp-content/plugins/aspose-doc-exporter/"
     shodan-query: 'vuln:CVE-2024-32146'
-  tags: cve,wordpress,wp-plugin,aspose-doc-exporter,medium
+  tags: cve,wordpress,wp-plugin,aspose-doc-exporter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32147-97d382f4c9bc6b17c25a76a092e5b852.yaml b/nuclei-templates/2024/CVE-2024-32147-97d382f4c9bc6b17c25a76a092e5b852.yaml
index d0cc4f550b..7f1961f19a 100644
--- a/nuclei-templates/2024/CVE-2024-32147-97d382f4c9bc6b17c25a76a092e5b852.yaml
+++ b/nuclei-templates/2024/CVE-2024-32147-97d382f4c9bc6b17c25a76a092e5b852.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Contact Form Lite  <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Contact Form Lite  plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-lite/"
     google-query: inurl:"/wp-content/plugins/contact-form-lite/"
     shodan-query: 'vuln:CVE-2024-32147'
-  tags: cve,wordpress,wp-plugin,contact-form-lite,medium
+  tags: cve,wordpress,wp-plugin,contact-form-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32148-700d1cfad4bd0fa3b320c8b805e07813.yaml b/nuclei-templates/2024/CVE-2024-32148-700d1cfad4bd0fa3b320c8b805e07813.yaml
index 0c75cbea0d..2a2895689d 100644
--- a/nuclei-templates/2024/CVE-2024-32148-700d1cfad4bd0fa3b320c8b805e07813.yaml
+++ b/nuclei-templates/2024/CVE-2024-32148-700d1cfad4bd0fa3b320c8b805e07813.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pardot <= 2.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Pardot plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset cache among other actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pardot/"
     google-query: inurl:"/wp-content/plugins/pardot/"
     shodan-query: 'vuln:CVE-2024-32148'
-  tags: cve,wordpress,wp-plugin,pardot,medium
+  tags: cve,wordpress,wp-plugin,pardot,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3216-b989c8fa7ed8639e2ece01754bff0c0b.yaml b/nuclei-templates/2024/CVE-2024-3216-b989c8fa7ed8639e2ece01754bff0c0b.yaml
index 24c17a9af8..7db5f6c255 100644
--- a/nuclei-templates/2024/CVE-2024-3216-b989c8fa7ed8639e2ece01754bff0c0b.yaml
+++ b/nuclei-templates/2024/CVE-2024-3216-b989c8fa7ed8639e2ece01754bff0c0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This makes it possible for unauthenticated attackers to reset all of the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-3216'
-  tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3217-6bec264de722325d8055d26873b10d23.yaml b/nuclei-templates/2024/CVE-2024-3217-6bec264de722325d8055d26873b10d23.yaml
index 1f6810a129..c5520ccba2 100644
--- a/nuclei-templates/2024/CVE-2024-3217-6bec264de722325d8055d26873b10d23.yaml
+++ b/nuclei-templates/2024/CVE-2024-3217-6bec264de722325d8055d26873b10d23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdirectorykit/"
     google-query: inurl:"/wp-content/plugins/wpdirectorykit/"
     shodan-query: 'vuln:CVE-2024-3217'
-  tags: cve,wordpress,wp-plugin,wpdirectorykit,high
+  tags: cve,wordpress,wp-plugin,wpdirectorykit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3233-f9cdd85e870155975fbf07ebd6c11543.yaml b/nuclei-templates/2024/CVE-2024-3233-f9cdd85e870155975fbf07ebd6c11543.yaml
index 71d63fe4ac..4a57bd094f 100644
--- a/nuclei-templates/2024/CVE-2024-3233-f9cdd85e870155975fbf07ebd6c11543.yaml
+++ b/nuclei-templates/2024/CVE-2024-3233-f9cdd85e870155975fbf07ebd6c11543.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ivory Search – WordPress Search Plugin <= 5.5.5 - Missing Authorization to Authenticated (Subscriber+) Index Creation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_create_index() function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index creation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-search-to-menu/"
     google-query: inurl:"/wp-content/plugins/add-search-to-menu/"
     shodan-query: 'vuln:CVE-2024-3233'
-  tags: cve,wordpress,wp-plugin,add-search-to-menu,medium
+  tags: cve,wordpress,wp-plugin,add-search-to-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3237-c180a9b603d8380fb7d1168376590f63.yaml b/nuclei-templates/2024/CVE-2024-3237-c180a9b603d8380fb7d1168376590f63.yaml
index 908c7e240b..d439125463 100644
--- a/nuclei-templates/2024/CVE-2024-3237-c180a9b603d8380fb7d1168376590f63.yaml
+++ b/nuclei-templates/2024/CVE-2024-3237-c180a9b603d8380fb7d1168376590f63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ConvertPlug <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/convertplug/"
     google-query: inurl:"/wp-content/plugins/convertplug/"
     shodan-query: 'vuln:CVE-2024-3237'
-  tags: cve,wordpress,wp-plugin,convertplug,medium
+  tags: cve,wordpress,wp-plugin,convertplug,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3239-769f278ef7d8854e596567a95f8b276a.yaml b/nuclei-templates/2024/CVE-2024-3239-769f278ef7d8854e596567a95f8b276a.yaml
index 1ca7f183cf..d9a2124ae7 100644
--- a/nuclei-templates/2024/CVE-2024-3239-769f278ef7d8854e596567a95f8b276a.yaml
+++ b/nuclei-templates/2024/CVE-2024-3239-769f278ef7d8854e596567a95f8b276a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied block attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-post/"
     google-query: inurl:"/wp-content/plugins/ultimate-post/"
     shodan-query: 'vuln:CVE-2024-3239'
-  tags: cve,wordpress,wp-plugin,ultimate-post,medium
+  tags: cve,wordpress,wp-plugin,ultimate-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3240-3445f10edb771a060415612c26e8b8f1.yaml b/nuclei-templates/2024/CVE-2024-3240-3445f10edb771a060415612c26e8b8f1.yaml
index fadec200bd..d0ccb27ed5 100644
--- a/nuclei-templates/2024/CVE-2024-3240-3445f10edb771a060415612c26e8b8f1.yaml
+++ b/nuclei-templates/2024/CVE-2024-3240-3445f10edb771a060415612c26e8b8f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ConvertPlug <= 3.5.25 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/convertplug/"
     google-query: inurl:"/wp-content/plugins/convertplug/"
     shodan-query: 'vuln:CVE-2024-3240'
-  tags: cve,wordpress,wp-plugin,convertplug,high
+  tags: cve,wordpress,wp-plugin,convertplug,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3241-8ecac7c0d333dc76f1706559fa2ff22f.yaml b/nuclei-templates/2024/CVE-2024-3241-8ecac7c0d333dc76f1706559fa2ff22f.yaml
index 6e5b7c51eb..ccb4215cf9 100644
--- a/nuclei-templates/2024/CVE-2024-3241-8ecac7c0d333dc76f1706559fa2ff22f.yaml
+++ b/nuclei-templates/2024/CVE-2024-3241-8ecac7c0d333dc76f1706559fa2ff22f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Blocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading Widget in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-blocks/"
     google-query: inurl:"/wp-content/plugins/ultimate-blocks/"
     shodan-query: 'vuln:CVE-2024-3241'
-  tags: cve,wordpress,wp-plugin,ultimate-blocks,medium
+  tags: cve,wordpress,wp-plugin,ultimate-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32428-164235cec7e149cb5686d35550cc5b45.yaml b/nuclei-templates/2024/CVE-2024-32428-164235cec7e149cb5686d35550cc5b45.yaml
index 334c9de970..71052041b7 100644
--- a/nuclei-templates/2024/CVE-2024-32428-164235cec7e149cb5686d35550cc5b45.yaml
+++ b/nuclei-templates/2024/CVE-2024-32428-164235cec7e149cb5686d35550cc5b45.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MWW Disclaimer Buttons <= 3.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MWW Disclaimer Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mww-disclaimer-buttons/"
     google-query: inurl:"/wp-content/plugins/mww-disclaimer-buttons/"
     shodan-query: 'vuln:CVE-2024-32428'
-  tags: cve,wordpress,wp-plugin,mww-disclaimer-buttons,medium
+  tags: cve,wordpress,wp-plugin,mww-disclaimer-buttons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32429-012dc707b39ddca593987305dcc50476.yaml b/nuclei-templates/2024/CVE-2024-32429-012dc707b39ddca593987305dcc50476.yaml
index c692d49e03..66dbf13a15 100644
--- a/nuclei-templates/2024/CVE-2024-32429-012dc707b39ddca593987305dcc50476.yaml
+++ b/nuclei-templates/2024/CVE-2024-32429-012dc707b39ddca593987305dcc50476.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Remove Footer Credit <= 1.0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Remove Footer Credit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/remove-footer-credit/"
     google-query: inurl:"/wp-content/plugins/remove-footer-credit/"
     shodan-query: 'vuln:CVE-2024-32429'
-  tags: cve,wordpress,wp-plugin,remove-footer-credit,medium
+  tags: cve,wordpress,wp-plugin,remove-footer-credit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3243-087ab6a6409aed64b5c6d0e8d25ec639.yaml b/nuclei-templates/2024/CVE-2024-3243-087ab6a6409aed64b5c6d0e8d25ec639.yaml
index a2a4049c57..be533e2f27 100644
--- a/nuclei-templates/2024/CVE-2024-3243-087ab6a6409aed64b5c6d0e8d25ec639.yaml
+++ b/nuclei-templates/2024/CVE-2024-3243-087ab6a6409aed64b5c6d0e8d25ec639.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-reviews-woocommerce/"
     google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/"
     shodan-query: 'vuln:CVE-2024-3243'
-  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32430-910b5f5663169fdea4f0325e6cf734a0.yaml b/nuclei-templates/2024/CVE-2024-32430-910b5f5663169fdea4f0325e6cf734a0.yaml
index 182ad2f614..d0b7a3de9f 100644
--- a/nuclei-templates/2024/CVE-2024-32430-910b5f5663169fdea4f0325e6cf734a0.yaml
+++ b/nuclei-templates/2024/CVE-2024-32430-910b5f5663169fdea4f0325e6cf734a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ActiveCampaign <= 8.1.14 - Authenticated (Administrator+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ActiveCampaign – Forms, Site Tracking, Live Chat plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.1.14 via the api3. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activecampaign-subscription-forms/"
     google-query: inurl:"/wp-content/plugins/activecampaign-subscription-forms/"
     shodan-query: 'vuln:CVE-2024-32430'
-  tags: cve,wordpress,wp-plugin,activecampaign-subscription-forms,medium
+  tags: cve,wordpress,wp-plugin,activecampaign-subscription-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32431-da2b51f042521776402cd06473b8ac45.yaml b/nuclei-templates/2024/CVE-2024-32431-da2b51f042521776402cd06473b8ac45.yaml
index d1c10c8ece..41b934c9fd 100644
--- a/nuclei-templates/2024/CVE-2024-32431-da2b51f042521776402cd06473b8ac45.yaml
+++ b/nuclei-templates/2024/CVE-2024-32431-da2b51f042521776402cd06473b8ac45.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import Users from CSV <= 1.2 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Import Users from CSV plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv/"
     shodan-query: 'vuln:CVE-2024-32431'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv,high
+  tags: cve,wordpress,wp-plugin,import-users-from-csv,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32432-01230d7023712cf52d185f89bc18a400.yaml b/nuclei-templates/2024/CVE-2024-32432-01230d7023712cf52d185f89bc18a400.yaml
index 557ea63149..eab5ae5f5c 100644
--- a/nuclei-templates/2024/CVE-2024-32432-01230d7023712cf52d185f89bc18a400.yaml
+++ b/nuclei-templates/2024/CVE-2024-32432-01230d7023712cf52d185f89bc18a400.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ovic Addon Toolkit <= 2.6.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ovic Addon Toolkit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ovic-addon-toolkit/"
     google-query: inurl:"/wp-content/plugins/ovic-addon-toolkit/"
     shodan-query: 'vuln:CVE-2024-32432'
-  tags: cve,wordpress,wp-plugin,ovic-addon-toolkit,medium
+  tags: cve,wordpress,wp-plugin,ovic-addon-toolkit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3244-cefa3854b69334bef3c2d36906bda58c.yaml b/nuclei-templates/2024/CVE-2024-3244-cefa3854b69334bef3c2d36906bda58c.yaml
index c465a3708b..60adb88095 100644
--- a/nuclei-templates/2024/CVE-2024-3244-cefa3854b69334bef3c2d36906bda58c.yaml
+++ b/nuclei-templates/2024/CVE-2024-3244-cefa3854b69334bef3c2d36906bda58c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 
     'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
@@ -18,7 +18,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-3244'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3245-af797cbd3361f1f4f2cd0edf1a785a5a.yaml b/nuclei-templates/2024/CVE-2024-3245-af797cbd3361f1f4f2cd0edf1a785a5a.yaml
index 6d7d01ced3..4bfc54d7f4 100644
--- a/nuclei-templates/2024/CVE-2024-3245-af797cbd3361f1f4f2cd0edf1a785a5a.yaml
+++ b/nuclei-templates/2024/CVE-2024-3245-af797cbd3361f1f4f2cd0edf1a785a5a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-3245'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32453-30d5fcaaf29f4724e74da8c497e40f5f.yaml b/nuclei-templates/2024/CVE-2024-32453-30d5fcaaf29f4724e74da8c497e40f5f.yaml
index a7be3040f6..46bfcfd7dd 100644
--- a/nuclei-templates/2024/CVE-2024-32453-30d5fcaaf29f4724e74da8c497e40f5f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32453-30d5fcaaf29f4724e74da8c497e40f5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     POEditor <= 0.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The POEditor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/poeditor/"
     google-query: inurl:"/wp-content/plugins/poeditor/"
     shodan-query: 'vuln:CVE-2024-32453'
-  tags: cve,wordpress,wp-plugin,poeditor,medium
+  tags: cve,wordpress,wp-plugin,poeditor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32454-169d659b2a655a618a75f90fea3adcb4.yaml b/nuclei-templates/2024/CVE-2024-32454-169d659b2a655a618a75f90fea3adcb4.yaml
index 5cd36f8cf2..e3b6b7d55e 100644
--- a/nuclei-templates/2024/CVE-2024-32454-169d659b2a655a618a75f90fea3adcb4.yaml
+++ b/nuclei-templates/2024/CVE-2024-32454-169d659b2a655a618a75f90fea3adcb4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wappointment/"
     google-query: inurl:"/wp-content/plugins/wappointment/"
     shodan-query: 'vuln:CVE-2024-32454'
-  tags: cve,wordpress,wp-plugin,wappointment,medium
+  tags: cve,wordpress,wp-plugin,wappointment,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32456-c26f84b3b737dca9d0e2ab2c400f43b7.yaml b/nuclei-templates/2024/CVE-2024-32456-c26f84b3b737dca9d0e2ab2c400f43b7.yaml
index dd9a60e358..95f1a9af81 100644
--- a/nuclei-templates/2024/CVE-2024-32456-c26f84b3b737dca9d0e2ab2c400f43b7.yaml
+++ b/nuclei-templates/2024/CVE-2024-32456-c26f84b3b737dca9d0e2ab2c400f43b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Envo Extra <= 1.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.8.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/envo-extra/"
     google-query: inurl:"/wp-content/plugins/envo-extra/"
     shodan-query: 'vuln:CVE-2024-32456'
-  tags: cve,wordpress,wp-plugin,envo-extra,medium
+  tags: cve,wordpress,wp-plugin,envo-extra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32457-c23e4efbffee4d6fedc761f6f4283de6.yaml b/nuclei-templates/2024/CVE-2024-32457-c23e4efbffee4d6fedc761f6f4283de6.yaml
index 827624c64d..55ee83665f 100644
--- a/nuclei-templates/2024/CVE-2024-32457-c23e4efbffee4d6fedc761f6f4283de6.yaml
+++ b/nuclei-templates/2024/CVE-2024-32457-c23e4efbffee4d6fedc761f6f4283de6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elements Plus! <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elements-plus/"
     google-query: inurl:"/wp-content/plugins/elements-plus/"
     shodan-query: 'vuln:CVE-2024-32457'
-  tags: cve,wordpress,wp-plugin,elements-plus,medium
+  tags: cve,wordpress,wp-plugin,elements-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32506-0f0d0d2c6b89a442a33118c19c04ca9f.yaml b/nuclei-templates/2024/CVE-2024-32506-0f0d0d2c6b89a442a33118c19c04ca9f.yaml
index 066b95348f..e1efd9bd7e 100644
--- a/nuclei-templates/2024/CVE-2024-32506-0f0d0d2c6b89a442a33118c19c04ca9f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32506-0f0d0d2c6b89a442a33118c19c04ca9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress <= 2.0.73 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Radio Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.73. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/radio-player/"
     google-query: inurl:"/wp-content/plugins/radio-player/"
     shodan-query: 'vuln:CVE-2024-32506'
-  tags: cve,wordpress,wp-plugin,radio-player,medium
+  tags: cve,wordpress,wp-plugin,radio-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32508-f509147c445359dac8de4743426be1bb.yaml b/nuclei-templates/2024/CVE-2024-32508-f509147c445359dac8de4743426be1bb.yaml
index d17e2284db..3edf3f1c27 100644
--- a/nuclei-templates/2024/CVE-2024-32508-f509147c445359dac8de4743426be1bb.yaml
+++ b/nuclei-templates/2024/CVE-2024-32508-f509147c445359dac8de4743426be1bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DethemeKit For Elementor <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dethemekit-for-elementor/"
     google-query: inurl:"/wp-content/plugins/dethemekit-for-elementor/"
     shodan-query: 'vuln:CVE-2024-32508'
-  tags: cve,wordpress,wp-plugin,dethemekit-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,dethemekit-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32509-f77ac51d7f87288e232b2c219c40d8d5.yaml b/nuclei-templates/2024/CVE-2024-32509-f77ac51d7f87288e232b2c219c40d8d5.yaml
index 2d93617d7e..90362c7ddb 100644
--- a/nuclei-templates/2024/CVE-2024-32509-f77ac51d7f87288e232b2c219c40d8d5.yaml
+++ b/nuclei-templates/2024/CVE-2024-32509-f77ac51d7f87288e232b2c219c40d8d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Cost Estimation & Payment Forms Builder <= 10.1.76 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Cost Estimation & Payment Forms Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 10.1.76. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-estimation-form/"
     google-query: inurl:"/wp-content/plugins/wp-estimation-form/"
     shodan-query: 'vuln:CVE-2024-32509'
-  tags: cve,wordpress,wp-plugin,wp-estimation-form,medium
+  tags: cve,wordpress,wp-plugin,wp-estimation-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32514-8119e5403d3a32487dee582a940781b5.yaml b/nuclei-templates/2024/CVE-2024-32514-8119e5403d3a32487dee582a940781b5.yaml
index 7de98a0b8c..d52aa98508 100644
--- a/nuclei-templates/2024/CVE-2024-32514-8119e5403d3a32487dee582a940781b5.yaml
+++ b/nuclei-templates/2024/CVE-2024-32514-8119e5403d3a32487dee582a940781b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/epoll-wp-voting/"
     google-query: inurl:"/wp-content/plugins/epoll-wp-voting/"
     shodan-query: 'vuln:CVE-2024-32514'
-  tags: cve,wordpress,wp-plugin,epoll-wp-voting,critical
+  tags: cve,wordpress,wp-plugin,epoll-wp-voting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32515-688329ccf7bb0b49cbf94f9e95fe056a.yaml b/nuclei-templates/2024/CVE-2024-32515-688329ccf7bb0b49cbf94f9e95fe056a.yaml
index dc907ca9dd..d45a74ecb7 100644
--- a/nuclei-templates/2024/CVE-2024-32515-688329ccf7bb0b49cbf94f9e95fe056a.yaml
+++ b/nuclei-templates/2024/CVE-2024-32515-688329ccf7bb0b49cbf94f9e95fe056a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mega Addons For Elementor <= 1.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mega Addons For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-32515'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32516-4ff702381866f61703ebf71fe12af15e.yaml b/nuclei-templates/2024/CVE-2024-32516-4ff702381866f61703ebf71fe12af15e.yaml
index a4af1e1039..8ef2495ac1 100644
--- a/nuclei-templates/2024/CVE-2024-32516-4ff702381866f61703ebf71fe12af15e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32516-4ff702381866f61703ebf71fe12af15e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multi Currency For WooCommerce <= 1.5.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Multi Currency For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the AddAdminAjaxAction() function in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-multi-currency/"
     google-query: inurl:"/wp-content/plugins/wc-multi-currency/"
     shodan-query: 'vuln:CVE-2024-32516'
-  tags: cve,wordpress,wp-plugin,wc-multi-currency,medium
+  tags: cve,wordpress,wp-plugin,wc-multi-currency,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32517-b81dbbcc402e93364fc6c79f5c55b224.yaml b/nuclei-templates/2024/CVE-2024-32517-b81dbbcc402e93364fc6c79f5c55b224.yaml
index c3ec711d3e..ed42b88290 100644
--- a/nuclei-templates/2024/CVE-2024-32517-b81dbbcc402e93364fc6c79f5c55b224.yaml
+++ b/nuclei-templates/2024/CVE-2024-32517-b81dbbcc402e93364fc6c79f5c55b224.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Thank You Page Customize For WooCommerce by Binary Carpenter <= 1.4.13 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Custom Thank You Page Customize For WooCommerce by Binary Carpenter plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the activation_callback() function in all versions up to, and including, 1.4.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the activation license.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bc-woo-custom-thank-you-pages/"
     google-query: inurl:"/wp-content/plugins/bc-woo-custom-thank-you-pages/"
     shodan-query: 'vuln:CVE-2024-32517'
-  tags: cve,wordpress,wp-plugin,bc-woo-custom-thank-you-pages,medium
+  tags: cve,wordpress,wp-plugin,bc-woo-custom-thank-you-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32518-fe3ee4088bc486320d241799be9d47af.yaml b/nuclei-templates/2024/CVE-2024-32518-fe3ee4088bc486320d241799be9d47af.yaml
index abc41eef69..dd8c4923b3 100644
--- a/nuclei-templates/2024/CVE-2024-32518-fe3ee4088bc486320d241799be9d47af.yaml
+++ b/nuclei-templates/2024/CVE-2024-32518-fe3ee4088bc486320d241799be9d47af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PeproDev Ultimate Invoice <= 2.0.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.0. This makes it possible for an unauthenticated attacker to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pepro-ultimate-invoice/"
     google-query: inurl:"/wp-content/plugins/pepro-ultimate-invoice/"
     shodan-query: 'vuln:CVE-2024-32518'
-  tags: cve,wordpress,wp-plugin,pepro-ultimate-invoice,medium
+  tags: cve,wordpress,wp-plugin,pepro-ultimate-invoice,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32519-e977a8524d61ac2824626ef17aa0bef1.yaml b/nuclei-templates/2024/CVE-2024-32519-e977a8524d61ac2824626ef17aa0bef1.yaml
index cbbab43ca8..bd0df192f9 100644
--- a/nuclei-templates/2024/CVE-2024-32519-e977a8524d61ac2824626ef17aa0bef1.yaml
+++ b/nuclei-templates/2024/CVE-2024-32519-e977a8524d61ac2824626ef17aa0bef1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GG Woo Feed for WooCommerce Shopping Feed <= 1.2.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gg-woo-feed/"
     google-query: inurl:"/wp-content/plugins/gg-woo-feed/"
     shodan-query: 'vuln:CVE-2024-32519'
-  tags: cve,wordpress,wp-plugin,gg-woo-feed,medium
+  tags: cve,wordpress,wp-plugin,gg-woo-feed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32520-5207af68b5cb6f829d0bffea5881c5d4.yaml b/nuclei-templates/2024/CVE-2024-32520-5207af68b5cb6f829d0bffea5881c5d4.yaml
index 95a46db622..93af16a511 100644
--- a/nuclei-templates/2024/CVE-2024-32520-5207af68b5cb6f829d0bffea5881c5d4.yaml
+++ b/nuclei-templates/2024/CVE-2024-32520-5207af68b5cb6f829d0bffea5881c5d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPC Grouped Product for WooCommerce <= 4.4.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPC Grouped Product for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_update_search_settings, ajax_get_plugins, and ajax_get_essential_kit functions in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpc-grouped-product/"
     google-query: inurl:"/wp-content/plugins/wpc-grouped-product/"
     shodan-query: 'vuln:CVE-2024-32520'
-  tags: cve,wordpress,wp-plugin,wpc-grouped-product,medium
+  tags: cve,wordpress,wp-plugin,wpc-grouped-product,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32522-4690da6a9cd43936031eeb63dbe5ba89.yaml b/nuclei-templates/2024/CVE-2024-32522-4690da6a9cd43936031eeb63dbe5ba89.yaml
index 0457ff120f..72e8e8bc68 100644
--- a/nuclei-templates/2024/CVE-2024-32522-4690da6a9cd43936031eeb63dbe5ba89.yaml
+++ b/nuclei-templates/2024/CVE-2024-32522-4690da6a9cd43936031eeb63dbe5ba89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Open Close WooCommerce Store <= 4.9.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Open Close WooCommerce Store – Best Business Schedules Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_active and ajax_update_timezone functions in all versions up to, and including, 4.9.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the active status and timezone.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woc-open-close/"
     google-query: inurl:"/wp-content/plugins/woc-open-close/"
     shodan-query: 'vuln:CVE-2024-32522'
-  tags: cve,wordpress,wp-plugin,woc-open-close,medium
+  tags: cve,wordpress,wp-plugin,woc-open-close,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32524-2862da944ba4b374cef11881cc898ccb.yaml b/nuclei-templates/2024/CVE-2024-32524-2862da944ba4b374cef11881cc898ccb.yaml
index bd13d9d146..f971d064f0 100644
--- a/nuclei-templates/2024/CVE-2024-32524-2862da944ba4b374cef11881cc898ccb.yaml
+++ b/nuclei-templates/2024/CVE-2024-32524-2862da944ba4b374cef11881cc898ccb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Order Statuses for WooCommerce <= 1.5.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Custom Order Statuses for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-order-statuses-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/custom-order-statuses-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-32524'
-  tags: cve,wordpress,wp-plugin,custom-order-statuses-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,custom-order-statuses-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32525-755306c8577963b7e9a15f996cc38136.yaml b/nuclei-templates/2024/CVE-2024-32525-755306c8577963b7e9a15f996cc38136.yaml
index 6182999e17..0575025961 100644
--- a/nuclei-templates/2024/CVE-2024-32525-755306c8577963b7e9a15f996cc38136.yaml
+++ b/nuclei-templates/2024/CVE-2024-32525-755306c8577963b7e9a15f996cc38136.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme My Login <= 7.1.6 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Theme My Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tml_admin_ajax_dismiss_notice() function in all versions up to, and including, 7.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-my-login/"
     google-query: inurl:"/wp-content/plugins/theme-my-login/"
     shodan-query: 'vuln:CVE-2024-32525'
-  tags: cve,wordpress,wp-plugin,theme-my-login,medium
+  tags: cve,wordpress,wp-plugin,theme-my-login,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32526-52d571dc3064574a067b92facc54ed54.yaml b/nuclei-templates/2024/CVE-2024-32526-52d571dc3064574a067b92facc54ed54.yaml
index ce0c0e4817..5584750d0c 100644
--- a/nuclei-templates/2024/CVE-2024-32526-52d571dc3064574a067b92facc54ed54.yaml
+++ b/nuclei-templates/2024/CVE-2024-32526-52d571dc3064574a067b92facc54ed54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Textillate <= 2.02 - Authenticated(Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-textillate/"
     google-query: inurl:"/wp-content/plugins/easy-textillate/"
     shodan-query: 'vuln:CVE-2024-32526'
-  tags: cve,wordpress,wp-plugin,easy-textillate,medium
+  tags: cve,wordpress,wp-plugin,easy-textillate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32529-179886cc2bdc18bcdb57983a57be1a6f.yaml b/nuclei-templates/2024/CVE-2024-32529-179886cc2bdc18bcdb57983a57be1a6f.yaml
index e9cbc8ee10..95822d9846 100644
--- a/nuclei-templates/2024/CVE-2024-32529-179886cc2bdc18bcdb57983a57be1a6f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32529-179886cc2bdc18bcdb57983a57be1a6f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoga Schedule Momoyoga <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/momoyoga-integration/"
     google-query: inurl:"/wp-content/plugins/momoyoga-integration/"
     shodan-query: 'vuln:CVE-2024-32529'
-  tags: cve,wordpress,wp-plugin,momoyoga-integration,medium
+  tags: cve,wordpress,wp-plugin,momoyoga-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32530-f4692d4ecdfbe84f92ac77014c0e0a83.yaml b/nuclei-templates/2024/CVE-2024-32530-f4692d4ecdfbe84f92ac77014c0e0a83.yaml
index f2f8036b62..a511e083cb 100644
--- a/nuclei-templates/2024/CVE-2024-32530-f4692d4ecdfbe84f92ac77014c0e0a83.yaml
+++ b/nuclei-templates/2024/CVE-2024-32530-f4692d4ecdfbe84f92ac77014c0e0a83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Testimonials Showcase  <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Testimonials Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-testimonials-showcase/"
     google-query: inurl:"/wp-content/plugins/simple-testimonials-showcase/"
     shodan-query: 'vuln:CVE-2024-32530'
-  tags: cve,wordpress,wp-plugin,simple-testimonials-showcase,medium
+  tags: cve,wordpress,wp-plugin,simple-testimonials-showcase,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32532-43f4c20972d989cec8564607e81e3507.yaml b/nuclei-templates/2024/CVE-2024-32532-43f4c20972d989cec8564607e81e3507.yaml
index c7759162af..3765530585 100644
--- a/nuclei-templates/2024/CVE-2024-32532-43f4c20972d989cec8564607e81e3507.yaml
+++ b/nuclei-templates/2024/CVE-2024-32532-43f4c20972d989cec8564607e81e3507.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Speed Optimizer  <= 7.4.6 - Missing Authorization via purge_on_other_events()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the purge_on_other_events() function in all versions up to, and including, 7.4.6. This makes it possible for unauthenticated attackers to purge the cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sg-cachepress/"
     google-query: inurl:"/wp-content/plugins/sg-cachepress/"
     shodan-query: 'vuln:CVE-2024-32532'
-  tags: cve,wordpress,wp-plugin,sg-cachepress,medium
+  tags: cve,wordpress,wp-plugin,sg-cachepress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32534-b107934a8aab930d1fab2cf0f27d13f6.yaml b/nuclei-templates/2024/CVE-2024-32534-b107934a8aab930d1fab2cf0f27d13f6.yaml
index c1b2cd793f..2e615c4382 100644
--- a/nuclei-templates/2024/CVE-2024-32534-b107934a8aab930d1fab2cf0f27d13f6.yaml
+++ b/nuclei-templates/2024/CVE-2024-32534-b107934a8aab930d1fab2cf0f27d13f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.23 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-maker/"
     google-query: inurl:"/wp-content/plugins/form-maker/"
     shodan-query: 'vuln:CVE-2024-32534'
-  tags: cve,wordpress,wp-plugin,form-maker,medium
+  tags: cve,wordpress,wp-plugin,form-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32536-28c3e191fb5a4aac43fb323a1cacb211.yaml b/nuclei-templates/2024/CVE-2024-32536-28c3e191fb5a4aac43fb323a1cacb211.yaml
index c5b163eb2e..bb047fb604 100644
--- a/nuclei-templates/2024/CVE-2024-32536-28c3e191fb5a4aac43fb323a1cacb211.yaml
+++ b/nuclei-templates/2024/CVE-2024-32536-28c3e191fb5a4aac43fb323a1cacb211.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP TradingView <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP TradingView plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-tradingview/"
     google-query: inurl:"/wp-content/plugins/wp-tradingview/"
     shodan-query: 'vuln:CVE-2024-32536'
-  tags: cve,wordpress,wp-plugin,wp-tradingview,medium
+  tags: cve,wordpress,wp-plugin,wp-tradingview,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32539-91e729c82f2d9f67d872d81509700a6c.yaml b/nuclei-templates/2024/CVE-2024-32539-91e729c82f2d9f67d872d81509700a6c.yaml
index 824fc7c82b..65763c3790 100644
--- a/nuclei-templates/2024/CVE-2024-32539-91e729c82f2d9f67d872d81509700a6c.yaml
+++ b/nuclei-templates/2024/CVE-2024-32539-91e729c82f2d9f67d872d81509700a6c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP File Download Light <= 1.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP File Download Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-download-light/"
     google-query: inurl:"/wp-content/plugins/wp-file-download-light/"
     shodan-query: 'vuln:CVE-2024-32539'
-  tags: cve,wordpress,wp-plugin,wp-file-download-light,medium
+  tags: cve,wordpress,wp-plugin,wp-file-download-light,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32540-39995b4a98bd80010d8be7d8f66f2d38.yaml b/nuclei-templates/2024/CVE-2024-32540-39995b4a98bd80010d8be7d8f66f2d38.yaml
index 52b165f29b..2cfe05fd92 100644
--- a/nuclei-templates/2024/CVE-2024-32540-39995b4a98bd80010d8be7d8f66f2d38.yaml
+++ b/nuclei-templates/2024/CVE-2024-32540-39995b4a98bd80010d8be7d8f66f2d38.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fixed HTML Toolbar <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fixed HTML Toolbar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fixed-html-toolbar/"
     google-query: inurl:"/wp-content/plugins/fixed-html-toolbar/"
     shodan-query: 'vuln:CVE-2024-32540'
-  tags: cve,wordpress,wp-plugin,fixed-html-toolbar,medium
+  tags: cve,wordpress,wp-plugin,fixed-html-toolbar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32548-4f768a2e6ed5431813ce2815c2416c7e.yaml b/nuclei-templates/2024/CVE-2024-32548-4f768a2e6ed5431813ce2815c2416c7e.yaml
index abef43151f..f1bab956ae 100644
--- a/nuclei-templates/2024/CVE-2024-32548-4f768a2e6ed5431813ce2815c2416c7e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32548-4f768a2e6ed5431813ce2815c2416c7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     What's New Generator <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The What's New Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/whats-new-genarator/"
     google-query: inurl:"/wp-content/plugins/whats-new-genarator/"
     shodan-query: 'vuln:CVE-2024-32548'
-  tags: cve,wordpress,wp-plugin,whats-new-genarator,medium
+  tags: cve,wordpress,wp-plugin,whats-new-genarator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32551-ac1431b1561b6c549c99a1b7125f3596.yaml b/nuclei-templates/2024/CVE-2024-32551-ac1431b1561b6c549c99a1b7125f3596.yaml
index b41568e6e4..e4c5d070e5 100644
--- a/nuclei-templates/2024/CVE-2024-32551-ac1431b1561b6c549c99a1b7125f3596.yaml
+++ b/nuclei-templates/2024/CVE-2024-32551-ac1431b1561b6c549c99a1b7125f3596.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The SP Project & Document Manager plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 4.71 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with author-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:CVE-2024-32551'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,critical
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32552-460e4d77e94c99909f00493d8717ec60.yaml b/nuclei-templates/2024/CVE-2024-32552-460e4d77e94c99909f00493d8717ec60.yaml
index 1ac20a8e42..d25386ee81 100644
--- a/nuclei-templates/2024/CVE-2024-32552-460e4d77e94c99909f00493d8717ec60.yaml
+++ b/nuclei-templates/2024/CVE-2024-32552-460e4d77e94c99909f00493d8717ec60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/taggbox-widget/"
     google-query: inurl:"/wp-content/plugins/taggbox-widget/"
     shodan-query: 'vuln:CVE-2024-32552'
-  tags: cve,wordpress,wp-plugin,taggbox-widget,medium
+  tags: cve,wordpress,wp-plugin,taggbox-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32553-683819db80183ccca71d3fa32fe3879a.yaml b/nuclei-templates/2024/CVE-2024-32553-683819db80183ccca71d3fa32fe3879a.yaml
index 51051a5077..536e9bf060 100644
--- a/nuclei-templates/2024/CVE-2024-32553-683819db80183ccca71d3fa32fe3879a.yaml
+++ b/nuclei-templates/2024/CVE-2024-32553-683819db80183ccca71d3fa32fe3879a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.25 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.0.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/superfly-menu/"
     google-query: inurl:"/wp-content/plugins/superfly-menu/"
     shodan-query: 'vuln:CVE-2024-32553'
-  tags: cve,wordpress,wp-plugin,superfly-menu,medium
+  tags: cve,wordpress,wp-plugin,superfly-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32554-aa7769527923a5d7ef3aff0dbf4c6e9e.yaml b/nuclei-templates/2024/CVE-2024-32554-aa7769527923a5d7ef3aff0dbf4c6e9e.yaml
index f0783fca8e..f3914a4377 100644
--- a/nuclei-templates/2024/CVE-2024-32554-aa7769527923a5d7ef3aff0dbf4c6e9e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32554-aa7769527923a5d7ef3aff0dbf4c6e9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Knight Lab Timeline <= 3.9.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/knight-lab-timelinejs/"
     google-query: inurl:"/wp-content/plugins/knight-lab-timelinejs/"
     shodan-query: 'vuln:CVE-2024-32554'
-  tags: cve,wordpress,wp-plugin,knight-lab-timelinejs,medium
+  tags: cve,wordpress,wp-plugin,knight-lab-timelinejs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32556-268b053a1bfe487ee9a98a976d059155.yaml b/nuclei-templates/2024/CVE-2024-32556-268b053a1bfe487ee9a98a976d059155.yaml
index bb2ecf4f62..f56afacaeb 100644
--- a/nuclei-templates/2024/CVE-2024-32556-268b053a1bfe487ee9a98a976d059155.yaml
+++ b/nuclei-templates/2024/CVE-2024-32556-268b053a1bfe487ee9a98a976d059155.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hurrytimer/"
     google-query: inurl:"/wp-content/plugins/hurrytimer/"
     shodan-query: 'vuln:CVE-2024-32556'
-  tags: cve,wordpress,wp-plugin,hurrytimer,medium
+  tags: cve,wordpress,wp-plugin,hurrytimer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32560-d93a6b7f14b256d2a3a93d0625fdf894.yaml b/nuclei-templates/2024/CVE-2024-32560-d93a6b7f14b256d2a3a93d0625fdf894.yaml
index 95a237a110..f28ec97dc0 100644
--- a/nuclei-templates/2024/CVE-2024-32560-d93a6b7f14b256d2a3a93d0625fdf894.yaml
+++ b/nuclei-templates/2024/CVE-2024-32560-d93a6b7f14b256d2a3a93d0625fdf894.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     QR Code Composer – Automatic QR code Generator <= 2.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The QR Code Composer – Automatic QR code Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qr-code-composer/"
     google-query: inurl:"/wp-content/plugins/qr-code-composer/"
     shodan-query: 'vuln:CVE-2024-32560'
-  tags: cve,wordpress,wp-plugin,qr-code-composer,medium
+  tags: cve,wordpress,wp-plugin,qr-code-composer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32561-9ebf12f531ac825152bdbeecae0483e1.yaml b/nuclei-templates/2024/CVE-2024-32561-9ebf12f531ac825152bdbeecae0483e1.yaml
index a9a6550f03..9a9474ab6e 100644
--- a/nuclei-templates/2024/CVE-2024-32561-9ebf12f531ac825152bdbeecae0483e1.yaml
+++ b/nuclei-templates/2024/CVE-2024-32561-9ebf12f531ac825152bdbeecae0483e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tagembed-widget/"
     google-query: inurl:"/wp-content/plugins/tagembed-widget/"
     shodan-query: 'vuln:CVE-2024-32561'
-  tags: cve,wordpress,wp-plugin,tagembed-widget,medium
+  tags: cve,wordpress,wp-plugin,tagembed-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32564-cd3ebd9e5b8349096037121f145eb200.yaml b/nuclei-templates/2024/CVE-2024-32564-cd3ebd9e5b8349096037121f145eb200.yaml
index 3de14e36de..393de770c6 100644
--- a/nuclei-templates/2024/CVE-2024-32564-cd3ebd9e5b8349096037121f145eb200.yaml
+++ b/nuclei-templates/2024/CVE-2024-32564-cd3ebd9e5b8349096037121f145eb200.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX  <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-post/"
     google-query: inurl:"/wp-content/plugins/ultimate-post/"
     shodan-query: 'vuln:CVE-2024-32564'
-  tags: cve,wordpress,wp-plugin,ultimate-post,medium
+  tags: cve,wordpress,wp-plugin,ultimate-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32565-41d7dedc3e3a9c3e6b69d336c29a1195.yaml b/nuclei-templates/2024/CVE-2024-32565-41d7dedc3e3a9c3e6b69d336c29a1195.yaml
index 5790f394fe..5d6ae8de8a 100644
--- a/nuclei-templates/2024/CVE-2024-32565-41d7dedc3e3a9c3e6b69d336c29a1195.yaml
+++ b/nuclei-templates/2024/CVE-2024-32565-41d7dedc3e3a9c3e6b69d336c29a1195.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     App Builder <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/app-builder/"
     google-query: inurl:"/wp-content/plugins/app-builder/"
     shodan-query: 'vuln:CVE-2024-32565'
-  tags: cve,wordpress,wp-plugin,app-builder,high
+  tags: cve,wordpress,wp-plugin,app-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32566-88ba893aacf7da3ba8fb038d6bba0a0b.yaml b/nuclei-templates/2024/CVE-2024-32566-88ba893aacf7da3ba8fb038d6bba0a0b.yaml
index a79f82ec9a..7785e4cd0b 100644
--- a/nuclei-templates/2024/CVE-2024-32566-88ba893aacf7da3ba8fb038d6bba0a0b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32566-88ba893aacf7da3ba8fb038d6bba0a0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Club Manager <= 2.2.11 - Authenticated (Player+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with player-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-club-manager/"
     google-query: inurl:"/wp-content/plugins/wp-club-manager/"
     shodan-query: 'vuln:CVE-2024-32566'
-  tags: cve,wordpress,wp-plugin,wp-club-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-club-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32567-63e9460ae343812c425f6b6a9cf8cd2b.yaml b/nuclei-templates/2024/CVE-2024-32567-63e9460ae343812c425f6b6a9cf8cd2b.yaml
index 12bc391610..3c4c0fab97 100644
--- a/nuclei-templates/2024/CVE-2024-32567-63e9460ae343812c425f6b6a9cf8cd2b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32567-63e9460ae343812c425f6b6a9cf8cd2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.7 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorypress/"
     google-query: inurl:"/wp-content/plugins/directorypress/"
     shodan-query: 'vuln:CVE-2024-32567'
-  tags: cve,wordpress,wp-plugin,directorypress,high
+  tags: cve,wordpress,wp-plugin,directorypress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32569-f9974cc25b2b5474809876c63c837de9.yaml b/nuclei-templates/2024/CVE-2024-32569-f9974cc25b2b5474809876c63c837de9.yaml
index 8fbaad3876..7a79a9a9cd 100644
--- a/nuclei-templates/2024/CVE-2024-32569-f9974cc25b2b5474809876c63c837de9.yaml
+++ b/nuclei-templates/2024/CVE-2024-32569-f9974cc25b2b5474809876c63c837de9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.31 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ditty plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ditty-news-ticker/"
     google-query: inurl:"/wp-content/plugins/ditty-news-ticker/"
     shodan-query: 'vuln:CVE-2024-32569'
-  tags: cve,wordpress,wp-plugin,ditty-news-ticker,medium
+  tags: cve,wordpress,wp-plugin,ditty-news-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32571-deed3fa156af1c41e337b8275419b59f.yaml b/nuclei-templates/2024/CVE-2024-32571-deed3fa156af1c41e337b8275419b59f.yaml
index 8735e90468..dfe700d29f 100644
--- a/nuclei-templates/2024/CVE-2024-32571-deed3fa156af1c41e337b8275419b59f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32571-deed3fa156af1c41e337b8275419b59f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Stripe Checkout <= 1.2.2.41 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.2.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-stripe-checkout/"
     google-query: inurl:"/wp-content/plugins/wp-stripe-checkout/"
     shodan-query: 'vuln:CVE-2024-32571'
-  tags: cve,wordpress,wp-plugin,wp-stripe-checkout,medium
+  tags: cve,wordpress,wp-plugin,wp-stripe-checkout,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32573-dc87f7ad02889b2fba3b573d8f507b49.yaml b/nuclei-templates/2024/CVE-2024-32573-dc87f7ad02889b2fba3b573d8f507b49.yaml
index 807bd0e5b4..8ffcdbb238 100644
--- a/nuclei-templates/2024/CVE-2024-32573-dc87f7ad02889b2fba3b573d8f507b49.yaml
+++ b/nuclei-templates/2024/CVE-2024-32573-dc87f7ad02889b2fba3b573d8f507b49.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Lister Lite for eBay <= 3.5.11 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.5.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-lister-for-ebay/"
     google-query: inurl:"/wp-content/plugins/wp-lister-for-ebay/"
     shodan-query: 'vuln:CVE-2024-32573'
-  tags: cve,wordpress,wp-plugin,wp-lister-for-ebay,medium
+  tags: cve,wordpress,wp-plugin,wp-lister-for-ebay,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32575-e12b4eb0afaf97081bdd86d34fb980c9.yaml b/nuclei-templates/2024/CVE-2024-32575-e12b4eb0afaf97081bdd86d34fb980c9.yaml
index 0240907f8f..f2477fb04c 100644
--- a/nuclei-templates/2024/CVE-2024-32575-e12b4eb0afaf97081bdd86d34fb980c9.yaml
+++ b/nuclei-templates/2024/CVE-2024-32575-e12b4eb0afaf97081bdd86d34fb980c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mega Elements <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mega-elements-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/mega-elements-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-32575'
-  tags: cve,wordpress,wp-plugin,mega-elements-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,mega-elements-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32577-c8761ad8d517d60679bd97ecd8a6c050.yaml b/nuclei-templates/2024/CVE-2024-32577-c8761ad8d517d60679bd97ecd8a6c050.yaml
index 602bcda2ab..0e7784a7a5 100644
--- a/nuclei-templates/2024/CVE-2024-32577-c8761ad8d517d60679bd97ecd8a6c050.yaml
+++ b/nuclei-templates/2024/CVE-2024-32577-c8761ad8d517d60679bd97ecd8a6c050.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CBX Bookmark & Favorite <= 1.7.21 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CBX Bookmark & Favorite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cbxwpbookmark/"
     google-query: inurl:"/wp-content/plugins/cbxwpbookmark/"
     shodan-query: 'vuln:CVE-2024-32577'
-  tags: cve,wordpress,wp-plugin,cbxwpbookmark,medium
+  tags: cve,wordpress,wp-plugin,cbxwpbookmark,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32579-901a8544f8fe096e9fdc9630ea2bd15f.yaml b/nuclei-templates/2024/CVE-2024-32579-901a8544f8fe096e9fdc9630ea2bd15f.yaml
index 944b51d5c3..a8229d2ce9 100644
--- a/nuclei-templates/2024/CVE-2024-32579-901a8544f8fe096e9fdc9630ea2bd15f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32579-901a8544f8fe096e9fdc9630ea2bd15f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restaurant Menu – Food Ordering System – Table Reservation <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/menu-ordering-reservations/"
     google-query: inurl:"/wp-content/plugins/menu-ordering-reservations/"
     shodan-query: 'vuln:CVE-2024-32579'
-  tags: cve,wordpress,wp-plugin,menu-ordering-reservations,medium
+  tags: cve,wordpress,wp-plugin,menu-ordering-reservations,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32580-f99c7ac14f9b6aff3ca4eaa0306e77ee.yaml b/nuclei-templates/2024/CVE-2024-32580-f99c7ac14f9b6aff3ca4eaa0306e77ee.yaml
index 13c5c005e9..0e61043ee6 100644
--- a/nuclei-templates/2024/CVE-2024-32580-f99c7ac14f9b6aff3ca4eaa0306e77ee.yaml
+++ b/nuclei-templates/2024/CVE-2024-32580-f99c7ac14f9b6aff3ca4eaa0306e77ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Slider – Responsive Touch Slider <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-slider/"
     google-query: inurl:"/wp-content/plugins/master-slider/"
     shodan-query: 'vuln:CVE-2024-32580'
-  tags: cve,wordpress,wp-plugin,master-slider,medium
+  tags: cve,wordpress,wp-plugin,master-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32581-fa0a09e9f8b4c6d9a874ba45527ab6cd.yaml b/nuclei-templates/2024/CVE-2024-32581-fa0a09e9f8b4c6d9a874ba45527ab6cd.yaml
index 96f37284a0..248ea408f3 100644
--- a/nuclei-templates/2024/CVE-2024-32581-fa0a09e9f8b4c6d9a874ba45527ab6cd.yaml
+++ b/nuclei-templates/2024/CVE-2024-32581-fa0a09e9f8b4c6d9a874ba45527ab6cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mortgage Calculators WP <= 1.56 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mortgage Calculators WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mortgage-calculators-wp/"
     google-query: inurl:"/wp-content/plugins/mortgage-calculators-wp/"
     shodan-query: 'vuln:CVE-2024-32581'
-  tags: cve,wordpress,wp-plugin,mortgage-calculators-wp,medium
+  tags: cve,wordpress,wp-plugin,mortgage-calculators-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32584-d844d4bb69ae6b349312f77792834a3c.yaml b/nuclei-templates/2024/CVE-2024-32584-d844d4bb69ae6b349312f77792834a3c.yaml
index 4603f34025..8f09c900aa 100644
--- a/nuclei-templates/2024/CVE-2024-32584-d844d4bb69ae6b349312f77792834a3c.yaml
+++ b/nuclei-templates/2024/CVE-2024-32584-d844d4bb69ae6b349312f77792834a3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.5.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-wallet/"
     google-query: inurl:"/wp-content/plugins/woo-wallet/"
     shodan-query: 'vuln:CVE-2024-32584'
-  tags: cve,wordpress,wp-plugin,woo-wallet,medium
+  tags: cve,wordpress,wp-plugin,woo-wallet,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32589-40a18728cfe568ff4c836d2215f1bab4.yaml b/nuclei-templates/2024/CVE-2024-32589-40a18728cfe568ff4c836d2215f1bab4.yaml
index f15e3e56ff..c0b082bc51 100644
--- a/nuclei-templates/2024/CVE-2024-32589-40a18728cfe568ff4c836d2215f1bab4.yaml
+++ b/nuclei-templates/2024/CVE-2024-32589-40a18728cfe568ff4c836d2215f1bab4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject malicious web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/"
     google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/"
     shodan-query: 'vuln:CVE-2024-32589'
-  tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,medium
+  tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32590-668f9a8a460ad561a2838627b58d495b.yaml b/nuclei-templates/2024/CVE-2024-32590-668f9a8a460ad561a2838627b58d495b.yaml
index 2fb0e8ac11..0fa5622df9 100644
--- a/nuclei-templates/2024/CVE-2024-32590-668f9a8a460ad561a2838627b58d495b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32590-668f9a8a460ad561a2838627b58d495b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kattene <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Kattene plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kattene/"
     google-query: inurl:"/wp-content/plugins/kattene/"
     shodan-query: 'vuln:CVE-2024-32590'
-  tags: cve,wordpress,wp-plugin,kattene,medium
+  tags: cve,wordpress,wp-plugin,kattene,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32591-8a00d4110806870e5118fa117a1c5da6.yaml b/nuclei-templates/2024/CVE-2024-32591-8a00d4110806870e5118fa117a1c5da6.yaml
index a9a6aa5a8c..742875bb20 100644
--- a/nuclei-templates/2024/CVE-2024-32591-8a00d4110806870e5118fa117a1c5da6.yaml
+++ b/nuclei-templates/2024/CVE-2024-32591-8a00d4110806870e5118fa117a1c5da6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backend Designer <= 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Backend Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backend-designer/"
     google-query: inurl:"/wp-content/plugins/backend-designer/"
     shodan-query: 'vuln:CVE-2024-32591'
-  tags: cve,wordpress,wp-plugin,backend-designer,medium
+  tags: cve,wordpress,wp-plugin,backend-designer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32592-261bb3f8fcb24ed57cf7abcc44aedfa4.yaml b/nuclei-templates/2024/CVE-2024-32592-261bb3f8fcb24ed57cf7abcc44aedfa4.yaml
index 3a90f334dd..52fcd7f6d2 100644
--- a/nuclei-templates/2024/CVE-2024-32592-261bb3f8fcb24ed57cf7abcc44aedfa4.yaml
+++ b/nuclei-templates/2024/CVE-2024-32592-261bb3f8fcb24ed57cf7abcc44aedfa4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Void Elementor WHMCS Elements For Elementor Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Void Elementor WHMCS Elements For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/void-elementor-whmcs-elements/"
     google-query: inurl:"/wp-content/plugins/void-elementor-whmcs-elements/"
     shodan-query: 'vuln:CVE-2024-32592'
-  tags: cve,wordpress,wp-plugin,void-elementor-whmcs-elements,medium
+  tags: cve,wordpress,wp-plugin,void-elementor-whmcs-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32594-76e71bc12b464dcb30907399a9d0eccf.yaml b/nuclei-templates/2024/CVE-2024-32594-76e71bc12b464dcb30907399a9d0eccf.yaml
index fb37e6e298..0c6a2db2e8 100644
--- a/nuclei-templates/2024/CVE-2024-32594-76e71bc12b464dcb30907399a9d0eccf.yaml
+++ b/nuclei-templates/2024/CVE-2024-32594-76e71bc12b464dcb30907399a9d0eccf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Attesa Extra <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Attesa Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/attesa-extra/"
     google-query: inurl:"/wp-content/plugins/attesa-extra/"
     shodan-query: 'vuln:CVE-2024-32594'
-  tags: cve,wordpress,wp-plugin,attesa-extra,medium
+  tags: cve,wordpress,wp-plugin,attesa-extra,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32596-eeffd2576729af4c20ea0d0989cea07e.yaml b/nuclei-templates/2024/CVE-2024-32596-eeffd2576729af4c20ea0d0989cea07e.yaml
index 91ee674c6d..c7f79b924d 100644
--- a/nuclei-templates/2024/CVE-2024-32596-eeffd2576729af4c20ea0d0989cea07e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32596-eeffd2576729af4c20ea0d0989cea07e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DSGVO Youtube <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The DSGVO Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dsgvo-youtube/"
     google-query: inurl:"/wp-content/plugins/dsgvo-youtube/"
     shodan-query: 'vuln:CVE-2024-32596'
-  tags: cve,wordpress,wp-plugin,dsgvo-youtube,medium
+  tags: cve,wordpress,wp-plugin,dsgvo-youtube,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32597-ccfe47d5faf99f962197429daac2a562.yaml b/nuclei-templates/2024/CVE-2024-32597-ccfe47d5faf99f962197429daac2a562.yaml
index d60fe7382e..7651d702c0 100644
--- a/nuclei-templates/2024/CVE-2024-32597-ccfe47d5faf99f962197429daac2a562.yaml
+++ b/nuclei-templates/2024/CVE-2024-32597-ccfe47d5faf99f962197429daac2a562.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Smart Import : Import any XML File to WordPress <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-smart-import/"
     google-query: inurl:"/wp-content/plugins/wp-smart-import/"
     shodan-query: 'vuln:CVE-2024-32597'
-  tags: cve,wordpress,wp-plugin,wp-smart-import,medium
+  tags: cve,wordpress,wp-plugin,wp-smart-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32598-4012f134749539452de47052e41b95bf.yaml b/nuclei-templates/2024/CVE-2024-32598-4012f134749539452de47052e41b95bf.yaml
index 81b1c5c5a0..d38a240463 100644
--- a/nuclei-templates/2024/CVE-2024-32598-4012f134749539452de47052e41b95bf.yaml
+++ b/nuclei-templates/2024/CVE-2024-32598-4012f134749539452de47052e41b95bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.6.9 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ba-book-everything/"
     google-query: inurl:"/wp-content/plugins/ba-book-everything/"
     shodan-query: 'vuln:CVE-2024-32598'
-  tags: cve,wordpress,wp-plugin,ba-book-everything,medium
+  tags: cve,wordpress,wp-plugin,ba-book-everything,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32601-a738a6df1d7af94fbdfc3f2ebe12ab82.yaml b/nuclei-templates/2024/CVE-2024-32601-a738a6df1d7af94fbdfc3f2ebe12ab82.yaml
index 57907a2a04..6a56f1410e 100644
--- a/nuclei-templates/2024/CVE-2024-32601-a738a6df1d7af94fbdfc3f2ebe12ab82.yaml
+++ b/nuclei-templates/2024/CVE-2024-32601-a738a6df1d7af94fbdfc3f2ebe12ab82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Anything <= 2.8.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup Anything – Popup for opt-ins and Lead Generation Conversions plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the popupaoc_render_popup_preview() function in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to view popup previews.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-anything-on-click/"
     google-query: inurl:"/wp-content/plugins/popup-anything-on-click/"
     shodan-query: 'vuln:CVE-2024-32601'
-  tags: cve,wordpress,wp-plugin,popup-anything-on-click,medium
+  tags: cve,wordpress,wp-plugin,popup-anything-on-click,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32602-a3fe0d186555bfccf2ee6cc4060fb41e.yaml b/nuclei-templates/2024/CVE-2024-32602-a3fe0d186555bfccf2ee6cc4060fb41e.yaml
index 6fc15e9468..5aa88794ef 100644
--- a/nuclei-templates/2024/CVE-2024-32602-a3fe0d186555bfccf2ee6cc4060fb41e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32602-a3fe0d186555bfccf2ee6cc4060fb41e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Multilingual & Multicurrency with WPML <= 5.3.3.1 - Authenticated (Shop Manager+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.3.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-multilingual/"
     google-query: inurl:"/wp-content/plugins/woocommerce-multilingual/"
     shodan-query: 'vuln:CVE-2024-32602'
-  tags: cve,wordpress,wp-plugin,woocommerce-multilingual,critical
+  tags: cve,wordpress,wp-plugin,woocommerce-multilingual,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3261-4c7136348e958aecb57a2e8c3842e1af.yaml b/nuclei-templates/2024/CVE-2024-3261-4c7136348e958aecb57a2e8c3842e1af.yaml
index 720cd28187..d19d412f91 100644
--- a/nuclei-templates/2024/CVE-2024-3261-4c7136348e958aecb57a2e8c3842e1af.yaml
+++ b/nuclei-templates/2024/CVE-2024-3261-4c7136348e958aecb57a2e8c3842e1af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Strong Testimonials <= 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Full Name field parameter in all versions up to, and including, 3.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/strong-testimonials/"
     google-query: inurl:"/wp-content/plugins/strong-testimonials/"
     shodan-query: 'vuln:CVE-2024-3261'
-  tags: cve,wordpress,wp-plugin,strong-testimonials,medium
+  tags: cve,wordpress,wp-plugin,strong-testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3265-223f6e5ecb381f112c575b56d5d37f09.yaml b/nuclei-templates/2024/CVE-2024-3265-223f6e5ecb381f112c575b56d5d37f09.yaml
index 330bb378f3..88d17922b3 100644
--- a/nuclei-templates/2024/CVE-2024-3265-223f6e5ecb381f112c575b56d5d37f09.yaml
+++ b/nuclei-templates/2024/CVE-2024-3265-223f6e5ecb381f112c575b56d5d37f09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Advanced Search <= 1.1.6 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Advanced Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advance-search/"
     google-query: inurl:"/wp-content/plugins/advance-search/"
     shodan-query: 'vuln:CVE-2024-3265'
-  tags: cve,wordpress,wp-plugin,advance-search,high
+  tags: cve,wordpress,wp-plugin,advance-search,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3266-5289bbf92c9bdc3c3c0e4f0086563240.yaml b/nuclei-templates/2024/CVE-2024-3266-5289bbf92c9bdc3c3c0e4f0086563240.yaml
index c91e5ea45c..4fe35d873c 100644
--- a/nuclei-templates/2024/CVE-2024-3266-5289bbf92c9bdc3c3c0e4f0086563240.yaml
+++ b/nuclei-templates/2024/CVE-2024-3266-5289bbf92c9bdc3c3c0e4f0086563240.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2024-3266'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3267-7fcbda1cfae66ee74a18ccdfe4753dbb.yaml b/nuclei-templates/2024/CVE-2024-3267-7fcbda1cfae66ee74a18ccdfe4753dbb.yaml
index 9f782d9383..da8ea829fb 100644
--- a/nuclei-templates/2024/CVE-2024-3267-7fcbda1cfae66ee74a18ccdfe4753dbb.yaml
+++ b/nuclei-templates/2024/CVE-2024-3267-7fcbda1cfae66ee74a18ccdfe4753dbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bold-page-builder/"
     google-query: inurl:"/wp-content/plugins/bold-page-builder/"
     shodan-query: 'vuln:CVE-2024-3267'
-  tags: cve,wordpress,wp-plugin,bold-page-builder,medium
+  tags: cve,wordpress,wp-plugin,bold-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32675-87d943234d9fd7c1b966ece253dc1110.yaml b/nuclei-templates/2024/CVE-2024-32675-87d943234d9fd7c1b966ece253dc1110.yaml
index b772dae718..afdb104100 100644
--- a/nuclei-templates/2024/CVE-2024-32675-87d943234d9fd7c1b966ece253dc1110.yaml
+++ b/nuclei-templates/2024/CVE-2024-32675-87d943234d9fd7c1b966ece253dc1110.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order Limit for WooCommerce <= 2.0.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Order Limit for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_rules, save_wcol_options, xsollwc_support_form, and wcol_load_new_row functions in versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-order-limit-lite/"
     google-query: inurl:"/wp-content/plugins/wc-order-limit-lite/"
     shodan-query: 'vuln:CVE-2024-32675'
-  tags: cve,wordpress,wp-plugin,wc-order-limit-lite,medium
+  tags: cve,wordpress,wp-plugin,wc-order-limit-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32677-6243447eedf5d12aac34558af1ea267e.yaml b/nuclei-templates/2024/CVE-2024-32677-6243447eedf5d12aac34558af1ea267e.yaml
index bde75b90c6..9f0e29dc99 100644
--- a/nuclei-templates/2024/CVE-2024-32677-6243447eedf5d12aac34558af1ea267e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32677-6243447eedf5d12aac34558af1ea267e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LoginPress Pro < 3.0 - Missing Authorization to License Status Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LoginPress Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, but not including, 3.0. This makes it possible for unauthenticated attacks to activate and deactivate licenses.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/loginpress-pro/"
     google-query: inurl:"/wp-content/plugins/loginpress-pro/"
     shodan-query: 'vuln:CVE-2024-32677'
-  tags: cve,wordpress,wp-plugin,loginpress-pro,medium
+  tags: cve,wordpress,wp-plugin,loginpress-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32678-8c789a924b584ff9b2a3b88bc5b7e816.yaml b/nuclei-templates/2024/CVE-2024-32678-8c789a924b584ff9b2a3b88bc5b7e816.yaml
index eae5431588..96870fcaef 100644
--- a/nuclei-templates/2024/CVE-2024-32678-8c789a924b584ff9b2a3b88bc5b7e816.yaml
+++ b/nuclei-templates/2024/CVE-2024-32678-8c789a924b584ff9b2a3b88bc5b7e816.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TrackShip for WooCommerce <= 1.7.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TrackShip for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.5. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/trackship-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/trackship-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-32678'
-  tags: cve,wordpress,wp-plugin,trackship-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,trackship-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32679-31aeecdc666490a1580c3359e75e5fff.yaml b/nuclei-templates/2024/CVE-2024-32679-31aeecdc666490a1580c3359e75e5fff.yaml
index a761b580eb..935db6c7de 100644
--- a/nuclei-templates/2024/CVE-2024-32679-31aeecdc666490a1580c3359e75e5fff.yaml
+++ b/nuclei-templates/2024/CVE-2024-32679-31aeecdc666490a1580c3359e75e5fff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shared Files <= 1.7.16 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shared Files plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_notifications function in versions up to, and including, 1.7.16. This makes it possible for unauthenticated attackers to dismiss notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shared-files/"
     google-query: inurl:"/wp-content/plugins/shared-files/"
     shodan-query: 'vuln:CVE-2024-32679'
-  tags: cve,wordpress,wp-plugin,shared-files,medium
+  tags: cve,wordpress,wp-plugin,shared-files,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32680-f93c186c199b2993e134631be68ea0a1.yaml b/nuclei-templates/2024/CVE-2024-32680-f93c186c199b2993e134631be68ea0a1.yaml
index 5bd25bd5fb..824b9a3db1 100644
--- a/nuclei-templates/2024/CVE-2024-32680-f93c186c199b2993e134631be68ea0a1.yaml
+++ b/nuclei-templates/2024/CVE-2024-32680-f93c186c199b2993e134631be68ea0a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.2 - Authenticated (Subscriber+) Remote Code Execution
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-products-filter/"
     google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/"
     shodan-query: 'vuln:CVE-2024-32680'
-  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,critical
+  tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32681-332edd099b0a24d5cedbd6ff5e1c921f.yaml b/nuclei-templates/2024/CVE-2024-32681-332edd099b0a24d5cedbd6ff5e1c921f.yaml
index 59e156efc5..3a1e1baff3 100644
--- a/nuclei-templates/2024/CVE-2024-32681-332edd099b0a24d5cedbd6ff5e1c921f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32681-332edd099b0a24d5cedbd6ff5e1c921f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization
   author: topscoder
-  severity: low
+  severity: high
   description: >
     The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the dci_sdk_insights, dci_sdk_dismiss_notice, and rc_sdk_dismiss_notice functions in versions up to, and including, 3.13.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/"
     shodan-query: 'vuln:CVE-2024-32681'
-  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low
+  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32682-c0add8aac27f340c1c289e5c63a1598d.yaml b/nuclei-templates/2024/CVE-2024-32682-c0add8aac27f340c1c289e5c63a1598d.yaml
index bbcaa1711a..efcb209dc9 100644
--- a/nuclei-templates/2024/CVE-2024-32682-c0add8aac27f340c1c289e5c63a1598d.yaml
+++ b/nuclei-templates/2024/CVE-2024-32682-c0add8aac27f340c1c289e5c63a1598d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the dismiss() function in versions up to, and including, 3.13.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/"
     shodan-query: 'vuln:CVE-2024-32682'
-  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32684-f59ad0e4ed3c2f1220e9486cbde45cae.yaml b/nuclei-templates/2024/CVE-2024-32684-f59ad0e4ed3c2f1220e9486cbde45cae.yaml
index 2a03341f59..a3ee476f82 100644
--- a/nuclei-templates/2024/CVE-2024-32684-f59ad0e4ed3c2f1220e9486cbde45cae.yaml
+++ b/nuclei-templates/2024/CVE-2024-32684-f59ad0e4ed3c2f1220e9486cbde45cae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wp Ultimate Review <= 2.2.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wp Ultimate Review plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wur_meta_box_content_save() function in versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to leave reviews on password protected posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-review/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-review/"
     shodan-query: 'vuln:CVE-2024-32684'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-review,medium
+  tags: cve,wordpress,wp-plugin,wp-ultimate-review,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32687-75a6b15f48d4510d78d2b82a83179681.yaml b/nuclei-templates/2024/CVE-2024-32687-75a6b15f48d4510d78d2b82a83179681.yaml
index 9d5f23cfc4..f7d18e5bdc 100644
--- a/nuclei-templates/2024/CVE-2024-32687-75a6b15f48d4510d78d2b82a83179681.yaml
+++ b/nuclei-templates/2024/CVE-2024-32687-75a6b15f48d4510d78d2b82a83179681.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPC Frequently Bought Together for WooCommerce <= 7.0.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPC Frequently Bought Together for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_get_search_results, ajax_import_export, and ajax_import_export_save functions in versions up to, and including, 7.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-bought-together/"
     google-query: inurl:"/wp-content/plugins/woo-bought-together/"
     shodan-query: 'vuln:CVE-2024-32687'
-  tags: cve,wordpress,wp-plugin,woo-bought-together,medium
+  tags: cve,wordpress,wp-plugin,woo-bought-together,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32688-9d13f1d3852ef39a0de552cc88d8fec7.yaml b/nuclei-templates/2024/CVE-2024-32688-9d13f1d3852ef39a0de552cc88d8fec7.yaml
index 7e6df4528a..2fe38824d3 100644
--- a/nuclei-templates/2024/CVE-2024-32688-9d13f1d3852ef39a0de552cc88d8fec7.yaml
+++ b/nuclei-templates/2024/CVE-2024-32688-9d13f1d3852ef39a0de552cc88d8fec7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MyRewards <= 5.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MyRewards plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /assets/lws-adminpanel/include/internal/ajax.php file in versions up to, and including, 5.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woorewards/"
     google-query: inurl:"/wp-content/plugins/woorewards/"
     shodan-query: 'vuln:CVE-2024-32688'
-  tags: cve,wordpress,wp-plugin,woorewards,medium
+  tags: cve,wordpress,wp-plugin,woorewards,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32689-51018cf0109648dade76eaf03756855f.yaml b/nuclei-templates/2024/CVE-2024-32689-51018cf0109648dade76eaf03756855f.yaml
index 564175d2d3..2d61a9ad4c 100644
--- a/nuclei-templates/2024/CVE-2024-32689-51018cf0109648dade76eaf03756855f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32689-51018cf0109648dade76eaf03756855f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Social Comments <= 1.7.3 - Missing Authorization via wpfc_allow_comments()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Social Comments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_allow_comments() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to turn on comments for posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-facebook-comments/"
     google-query: inurl:"/wp-content/plugins/gs-facebook-comments/"
     shodan-query: 'vuln:CVE-2024-32689'
-  tags: cve,wordpress,wp-plugin,gs-facebook-comments,medium
+  tags: cve,wordpress,wp-plugin,gs-facebook-comments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32690-cad14760637700672da85dda380a58c3.yaml b/nuclei-templates/2024/CVE-2024-32690-cad14760637700672da85dda380a58c3.yaml
index b1f0f53320..93d9635180 100644
--- a/nuclei-templates/2024/CVE-2024-32690-cad14760637700672da85dda380a58c3.yaml
+++ b/nuclei-templates/2024/CVE-2024-32690-cad14760637700672da85dda380a58c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Feed Widget <= 2.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rss-feed-widget/"
     google-query: inurl:"/wp-content/plugins/rss-feed-widget/"
     shodan-query: 'vuln:CVE-2024-32690'
-  tags: cve,wordpress,wp-plugin,rss-feed-widget,medium
+  tags: cve,wordpress,wp-plugin,rss-feed-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32691-7734e62aac4f36040cb75f80a344eeea.yaml b/nuclei-templates/2024/CVE-2024-32691-7734e62aac4f36040cb75f80a344eeea.yaml
index 7225a44059..4adc199730 100644
--- a/nuclei-templates/2024/CVE-2024-32691-7734e62aac4f36040cb75f80a344eeea.yaml
+++ b/nuclei-templates/2024/CVE-2024-32691-7734e62aac4f36040cb75f80a344eeea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Active Products Tables for WooCommerce <= 1.0.6.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_smth() function in all versions up to, and including, 1.0.6.2. This makes it possible for unauthenticated attackers to import and export tables.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-32691'
-  tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32696-d3e0f1a758bd59446de5b7d7cf2ab987.yaml b/nuclei-templates/2024/CVE-2024-32696-d3e0f1a758bd59446de5b7d7cf2ab987.yaml
index d705b02ba2..00476dd81c 100644
--- a/nuclei-templates/2024/CVE-2024-32696-d3e0f1a758bd59446de5b7d7cf2ab987.yaml
+++ b/nuclei-templates/2024/CVE-2024-32696-d3e0f1a758bd59446de5b7d7cf2ab987.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI Infographic Maker <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AI Infographic Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/infographic-and-list-builder-ilist/"
     google-query: inurl:"/wp-content/plugins/infographic-and-list-builder-ilist/"
     shodan-query: 'vuln:CVE-2024-32696'
-  tags: cve,wordpress,wp-plugin,infographic-and-list-builder-ilist,medium
+  tags: cve,wordpress,wp-plugin,infographic-and-list-builder-ilist,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32697-3b452da100c4d01a4273d3119ce13da9.yaml b/nuclei-templates/2024/CVE-2024-32697-3b452da100c4d01a4273d3119ce13da9.yaml
index 5e19a04059..8cbd31e7f3 100644
--- a/nuclei-templates/2024/CVE-2024-32697-3b452da100c4d01a4273d3119ce13da9.yaml
+++ b/nuclei-templates/2024/CVE-2024-32697-3b452da100c4d01a4273d3119ce13da9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HelloAsso <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HelloAsso plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/helloasso/"
     google-query: inurl:"/wp-content/plugins/helloasso/"
     shodan-query: 'vuln:CVE-2024-32697'
-  tags: cve,wordpress,wp-plugin,helloasso,medium
+  tags: cve,wordpress,wp-plugin,helloasso,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32701-26e6b2b2c87cae333c1a6a8f12b3eb26.yaml b/nuclei-templates/2024/CVE-2024-32701-26e6b2b2c87cae333c1a6a8f12b3eb26.yaml
index 3226f48d94..a150f2fe1c 100644
--- a/nuclei-templates/2024/CVE-2024-32701-26e6b2b2c87cae333c1a6a8f12b3eb26.yaml
+++ b/nuclei-templates/2024/CVE-2024-32701-26e6b2b2c87cae333c1a6a8f12b3eb26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     InstaWP Connect <= 0.1.0.24 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 0.1.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instawp-connect/"
     google-query: inurl:"/wp-content/plugins/instawp-connect/"
     shodan-query: 'vuln:CVE-2024-32701'
-  tags: cve,wordpress,wp-plugin,instawp-connect,medium
+  tags: cve,wordpress,wp-plugin,instawp-connect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32704-a84b96611f097506467644350038a82b.yaml b/nuclei-templates/2024/CVE-2024-32704-a84b96611f097506467644350038a82b.yaml
index 8342909aa2..dbc4b98af3 100644
--- a/nuclei-templates/2024/CVE-2024-32704-a84b96611f097506467644350038a82b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32704-a84b96611f097506467644350038a82b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARForms <= 6.4 - Missing Authorization to Arbitrary Option Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/arforms/"
     google-query: inurl:"/wp-content/plugins/arforms/"
     shodan-query: 'vuln:CVE-2024-32704'
-  tags: cve,wordpress,wp-plugin,arforms,medium
+  tags: cve,wordpress,wp-plugin,arforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32705-3e021672a349a4fa909b6c3fa423b85d.yaml b/nuclei-templates/2024/CVE-2024-32705-3e021672a349a4fa909b6c3fa423b85d.yaml
index 38524abdb1..1f1ff1fef4 100644
--- a/nuclei-templates/2024/CVE-2024-32705-3e021672a349a4fa909b6c3fa423b85d.yaml
+++ b/nuclei-templates/2024/CVE-2024-32705-3e021672a349a4fa909b6c3fa423b85d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARForms <= 6.4 - Missing Authorization to Arbitrary Plugin Activation/Deactivation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate and deactivate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/arforms/"
     google-query: inurl:"/wp-content/plugins/arforms/"
     shodan-query: 'vuln:CVE-2024-32705'
-  tags: cve,wordpress,wp-plugin,arforms,medium
+  tags: cve,wordpress,wp-plugin,arforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32706-a0061c960a93fff2adc1360d0d280001.yaml b/nuclei-templates/2024/CVE-2024-32706-a0061c960a93fff2adc1360d0d280001.yaml
index 05d6855aa1..422b6ed79c 100644
--- a/nuclei-templates/2024/CVE-2024-32706-a0061c960a93fff2adc1360d0d280001.yaml
+++ b/nuclei-templates/2024/CVE-2024-32706-a0061c960a93fff2adc1360d0d280001.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARforms <= 6.4 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ARforms plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/arforms/"
     google-query: inurl:"/wp-content/plugins/arforms/"
     shodan-query: 'vuln:CVE-2024-32706'
-  tags: cve,wordpress,wp-plugin,arforms,high
+  tags: cve,wordpress,wp-plugin,arforms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32707-bd950fa0617ccb3a0edff5978b31a09b.yaml b/nuclei-templates/2024/CVE-2024-32707-bd950fa0617ccb3a0edff5978b31a09b.yaml
index afd6f73d4a..2f23e0153e 100644
--- a/nuclei-templates/2024/CVE-2024-32707-bd950fa0617ccb3a0edff5978b31a09b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32707-bd950fa0617ccb3a0edff5978b31a09b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Slider <= 1.1.125 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.1.125 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-slider-widget/"
     google-query: inurl:"/wp-content/plugins/image-slider-widget/"
     shodan-query: 'vuln:CVE-2024-32707'
-  tags: cve,wordpress,wp-plugin,image-slider-widget,medium
+  tags: cve,wordpress,wp-plugin,image-slider-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32710-c0cb61dd6fecf2d07db617deb2e20095.yaml b/nuclei-templates/2024/CVE-2024-32710-c0cb61dd6fecf2d07db617deb2e20095.yaml
index fa1d82ab0b..cb586aa56e 100644
--- a/nuclei-templates/2024/CVE-2024-32710-c0cb61dd6fecf2d07db617deb2e20095.yaml
+++ b/nuclei-templates/2024/CVE-2024-32710-c0cb61dd6fecf2d07db617deb2e20095.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recall/"
     google-query: inurl:"/wp-content/plugins/wp-recall/"
     shodan-query: 'vuln:CVE-2024-32710'
-  tags: cve,wordpress,wp-plugin,wp-recall,critical
+  tags: cve,wordpress,wp-plugin,wp-recall,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32711-4696541fdc76b8ee098f38a67fea2a75.yaml b/nuclei-templates/2024/CVE-2024-32711-4696541fdc76b8ee098f38a67fea2a75.yaml
index acebc10c20..77bb9c876a 100644
--- a/nuclei-templates/2024/CVE-2024-32711-4696541fdc76b8ee098f38a67fea2a75.yaml
+++ b/nuclei-templates/2024/CVE-2024-32711-4696541fdc76b8ee098f38a67fea2a75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.6.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mycred/"
     google-query: inurl:"/wp-content/plugins/mycred/"
     shodan-query: 'vuln:CVE-2024-32711'
-  tags: cve,wordpress,wp-plugin,mycred,medium
+  tags: cve,wordpress,wp-plugin,mycred,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32714-74f803f6a35ab9fee5ff5f4a7905da8e.yaml b/nuclei-templates/2024/CVE-2024-32714-74f803f6a35ab9fee5ff5f4a7905da8e.yaml
index 3b0c85dd74..a0bb53ef31 100644
--- a/nuclei-templates/2024/CVE-2024-32714-74f803f6a35ab9fee5ff5f4a7905da8e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32714-74f803f6a35ab9fee5ff5f4a7905da8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Academy LMS <= 1.9.16 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Academy LMS plugin for WordPress is vulnerable to unauthorized access due to insufficient validation on the enroll_course() function in versions up to, and including, 1.9.16. This makes it possible for authenticated attackers, with subscriber-level access and above, to enroll in paid courses for free.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/academy/"
     google-query: inurl:"/wp-content/plugins/academy/"
     shodan-query: 'vuln:CVE-2024-32714'
-  tags: cve,wordpress,wp-plugin,academy,medium
+  tags: cve,wordpress,wp-plugin,academy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32717-49f4f7442b45f88ffafdd0b100d2831c.yaml b/nuclei-templates/2024/CVE-2024-32717-49f4f7442b45f88ffafdd0b100d2831c.yaml
index bb37ed468c..aae6f70074 100644
--- a/nuclei-templates/2024/CVE-2024-32717-49f4f7442b45f88ffafdd0b100d2831c.yaml
+++ b/nuclei-templates/2024/CVE-2024-32717-49f4f7442b45f88ffafdd0b100d2831c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SchedulePress <= 5.0.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SchedulePress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 5.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-scheduled-posts/"
     google-query: inurl:"/wp-content/plugins/wp-scheduled-posts/"
     shodan-query: 'vuln:CVE-2024-32717'
-  tags: cve,wordpress,wp-plugin,wp-scheduled-posts,medium
+  tags: cve,wordpress,wp-plugin,wp-scheduled-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32718-d8bfc01f0d93fad4fb2e1a339254a3ed.yaml b/nuclei-templates/2024/CVE-2024-32718-d8bfc01f0d93fad4fb2e1a339254a3ed.yaml
index 1e045d5620..166e604c4f 100644
--- a/nuclei-templates/2024/CVE-2024-32718-d8bfc01f0d93fad4fb2e1a339254a3ed.yaml
+++ b/nuclei-templates/2024/CVE-2024-32718-d8bfc01f0d93fad4fb2e1a339254a3ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.2 - Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The The Pack Elementor addons (Header Footer & WooCommerce Builder,  Template Library) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.8.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-pack-addon/"
     google-query: inurl:"/wp-content/plugins/the-pack-addon/"
     shodan-query: 'vuln:CVE-2024-32718'
-  tags: cve,wordpress,wp-plugin,the-pack-addon,medium
+  tags: cve,wordpress,wp-plugin,the-pack-addon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32719-980a1e8d0e2c9d6875260534aa15c2ab.yaml b/nuclei-templates/2024/CVE-2024-32719-980a1e8d0e2c9d6875260534aa15c2ab.yaml
index d6aea561d5..83510ebfec 100644
--- a/nuclei-templates/2024/CVE-2024-32719-980a1e8d0e2c9d6875260534aa15c2ab.yaml
+++ b/nuclei-templates/2024/CVE-2024-32719-980a1e8d0e2c9d6875260534aa15c2ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Club Manager <= 2.2.11 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Club Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcm_match_players_item_order() function in versions up to, and including, 2.2.11. This makes it possible for unauthenticated attackers to modify an order sort.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-club-manager/"
     google-query: inurl:"/wp-content/plugins/wp-club-manager/"
     shodan-query: 'vuln:CVE-2024-32719'
-  tags: cve,wordpress,wp-plugin,wp-club-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-club-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32722-058f94a7273615ab6b78bfcaa4aea16c.yaml b/nuclei-templates/2024/CVE-2024-32722-058f94a7273615ab6b78bfcaa4aea16c.yaml
index c910e5bc47..bd680b922a 100644
--- a/nuclei-templates/2024/CVE-2024-32722-058f94a7273615ab6b78bfcaa4aea16c.yaml
+++ b/nuclei-templates/2024/CVE-2024-32722-058f94a7273615ab6b78bfcaa4aea16c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coupon & Discount Code Reveal Button <= 1.2.5 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Coupon & Discount Code Reveal Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coupon-reveal-button/"
     google-query: inurl:"/wp-content/plugins/coupon-reveal-button/"
     shodan-query: 'vuln:CVE-2024-32722'
-  tags: cve,wordpress,wp-plugin,coupon-reveal-button,medium
+  tags: cve,wordpress,wp-plugin,coupon-reveal-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32723-18a7728320d1ae3570e8bc349a822d19.yaml b/nuclei-templates/2024/CVE-2024-32723-18a7728320d1ae3570e8bc349a822d19.yaml
index 44a3495460..cf2d45b1f1 100644
--- a/nuclei-templates/2024/CVE-2024-32723-18a7728320d1ae3570e8bc349a822d19.yaml
+++ b/nuclei-templates/2024/CVE-2024-32723-18a7728320d1ae3570e8bc349a822d19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Floating Content Lite <= 1.2.5 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Floating Content Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-floating-content-lite/"
     google-query: inurl:"/wp-content/plugins/advanced-floating-content-lite/"
     shodan-query: 'vuln:CVE-2024-32723'
-  tags: cve,wordpress,wp-plugin,advanced-floating-content-lite,medium
+  tags: cve,wordpress,wp-plugin,advanced-floating-content-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32725-078909fc07244cccae3451c5f9a6996f.yaml b/nuclei-templates/2024/CVE-2024-32725-078909fc07244cccae3451c5f9a6996f.yaml
index 222e7b2357..993abeccfa 100644
--- a/nuclei-templates/2024/CVE-2024-32725-078909fc07244cccae3451c5f9a6996f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32725-078909fc07244cccae3451c5f9a6996f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     5 Stars Rating Funnel <= 1.2.67 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 5 Stars Rating Funnel plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the includes/RRTNGG_Ajax.php file in versions up to, and including, 1.2.67. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/5-stars-rating-funnel/"
     google-query: inurl:"/wp-content/plugins/5-stars-rating-funnel/"
     shodan-query: 'vuln:CVE-2024-32725'
-  tags: cve,wordpress,wp-plugin,5-stars-rating-funnel,medium
+  tags: cve,wordpress,wp-plugin,5-stars-rating-funnel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32727-9fc19dd6fd6294d34dede89f8670266f.yaml b/nuclei-templates/2024/CVE-2024-32727-9fc19dd6fd6294d34dede89f8670266f.yaml
index 34e3b5158c..3fbdbf537a 100644
--- a/nuclei-templates/2024/CVE-2024-32727-9fc19dd6fd6294d34dede89f8670266f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32727-9fc19dd6fd6294d34dede89f8670266f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RomethemeForm For Elementor <= 1.1.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to modify forms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/romethemeform/"
     google-query: inurl:"/wp-content/plugins/romethemeform/"
     shodan-query: 'vuln:CVE-2024-32727'
-  tags: cve,wordpress,wp-plugin,romethemeform,medium
+  tags: cve,wordpress,wp-plugin,romethemeform,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3275-5ea4e509f820ba7667284a234b2ed4c9.yaml b/nuclei-templates/2024/CVE-2024-3275-5ea4e509f820ba7667284a234b2ed4c9.yaml
index da436b8f1f..636b898a6f 100644
--- a/nuclei-templates/2024/CVE-2024-3275-5ea4e509f820ba7667284a234b2ed4c9.yaml
+++ b/nuclei-templates/2024/CVE-2024-3275-5ea4e509f820ba7667284a234b2ed4c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     eRoom – Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts including those of draft and pending posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eroom-zoom-meetings-webinar/"
     google-query: inurl:"/wp-content/plugins/eroom-zoom-meetings-webinar/"
     shodan-query: 'vuln:CVE-2024-3275'
-  tags: cve,wordpress,wp-plugin,eroom-zoom-meetings-webinar,medium
+  tags: cve,wordpress,wp-plugin,eroom-zoom-meetings-webinar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32775-83ccb1e8ea2bc379358acbb752bc4542.yaml b/nuclei-templates/2024/CVE-2024-32775-83ccb1e8ea2bc379358acbb752bc4542.yaml
index 94836d9f59..81ceb8a8bf 100644
--- a/nuclei-templates/2024/CVE-2024-32775-83ccb1e8ea2bc379358acbb752bc4542.yaml
+++ b/nuclei-templates/2024/CVE-2024-32775-83ccb1e8ea2bc379358acbb752bc4542.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Embed Google Photos album <= 2.1.9 - Authenticated (Contributor+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Embed Google Photos album plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.0 via the Pavex_embed_google_photos_album class. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embed-google-photos-album-easily/"
     google-query: inurl:"/wp-content/plugins/embed-google-photos-album-easily/"
     shodan-query: 'vuln:CVE-2024-32775'
-  tags: cve,wordpress,wp-plugin,embed-google-photos-album-easily,medium
+  tags: cve,wordpress,wp-plugin,embed-google-photos-album-easily,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32776-2f1276a08770749aab26a12f9e94025f.yaml b/nuclei-templates/2024/CVE-2024-32776-2f1276a08770749aab26a12f9e94025f.yaml
index 93d5325d52..73c31361d4 100644
--- a/nuclei-templates/2024/CVE-2024-32776-2f1276a08770749aab26a12f9e94025f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32776-2f1276a08770749aab26a12f9e94025f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AppPresser <= 4.3.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AppPresser plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_logging_callback() function in versions up to, and including, 4.3.0. This makes it possible for unauthenticated attackers to enable and disable logging.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/apppresser/"
     google-query: inurl:"/wp-content/plugins/apppresser/"
     shodan-query: 'vuln:CVE-2024-32776'
-  tags: cve,wordpress,wp-plugin,apppresser,medium
+  tags: cve,wordpress,wp-plugin,apppresser,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32777-ef0878d0c845446e359ff8868f1f69d3.yaml b/nuclei-templates/2024/CVE-2024-32777-ef0878d0c845446e359ff8868f1f69d3.yaml
index bd824fe4d8..55d70f1167 100644
--- a/nuclei-templates/2024/CVE-2024-32777-ef0878d0c845446e359ff8868f1f69d3.yaml
+++ b/nuclei-templates/2024/CVE-2024-32777-ef0878d0c845446e359ff8868f1f69d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BizPrint <= 4.3.39 - Missing Authorization via showTemplatePreview()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BizPrint plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview() function in versions up to, and including, 4.3.39. This makes it possible for unauthenticated attackers to preview templates.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-google-cloud-print-gcp-woocommerce/"
     google-query: inurl:"/wp-content/plugins/print-google-cloud-print-gcp-woocommerce/"
     shodan-query: 'vuln:CVE-2024-32777'
-  tags: cve,wordpress,wp-plugin,print-google-cloud-print-gcp-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,print-google-cloud-print-gcp-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32778-2613b63d2aee689ccf6be1c1b97a178f.yaml b/nuclei-templates/2024/CVE-2024-32778-2613b63d2aee689ccf6be1c1b97a178f.yaml
index b02f7ffb6b..75ab4c6622 100644
--- a/nuclei-templates/2024/CVE-2024-32778-2613b63d2aee689ccf6be1c1b97a178f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32778-2613b63d2aee689ccf6be1c1b97a178f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery <= 21.3.4 - Authenticated (Author+) Arbitrary File Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 21.3.4. This makes it possible for authenticated attackers, with author-level access and above, to delete arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:CVE-2024-32778'
-  tags: cve,wordpress,wp-plugin,contest-gallery,medium
+  tags: cve,wordpress,wp-plugin,contest-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32779-c13eb59a9d6116b65835e8ca21a2d0eb.yaml b/nuclei-templates/2024/CVE-2024-32779-c13eb59a9d6116b65835e8ca21a2d0eb.yaml
index 5ab53c285d..3d347b0273 100644
--- a/nuclei-templates/2024/CVE-2024-32779-c13eb59a9d6116b65835e8ca21a2d0eb.yaml
+++ b/nuclei-templates/2024/CVE-2024-32779-c13eb59a9d6116b65835e8ca21a2d0eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vision Interactive <= 1.7.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Vision Interactive plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a function in versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to view deactivated items.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vision/"
     google-query: inurl:"/wp-content/plugins/vision/"
     shodan-query: 'vuln:CVE-2024-32779'
-  tags: cve,wordpress,wp-plugin,vision,medium
+  tags: cve,wordpress,wp-plugin,vision,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32782-77f47958ca9f6f3aca917f2faa21c35a.yaml b/nuclei-templates/2024/CVE-2024-32782-77f47958ca9f6f3aca917f2faa21c35a.yaml
index 2d3f3bc8c2..3fef448336 100644
--- a/nuclei-templates/2024/CVE-2024-32782-77f47958ca9f6f3aca917f2faa21c35a.yaml
+++ b/nuclei-templates/2024/CVE-2024-32782-77f47958ca9f6f3aca917f2faa21c35a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons For Elementor <= 2.4.7 - Missing Authorization to Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The HT Mega plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the duplicate() function in all versions up to, and including, 2.4.7. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate arbitrary posts that may contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-32782'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32783-afe32fcbbc30cab4f3e35a08cf6d7b9b.yaml b/nuclei-templates/2024/CVE-2024-32783-afe32fcbbc30cab4f3e35a08cf6d7b9b.yaml
index a2dee2f8e6..16ebfd0b30 100644
--- a/nuclei-templates/2024/CVE-2024-32783-afe32fcbbc30cab4f3e35a08cf6d7b9b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32783-afe32fcbbc30cab4f3e35a08cf6d7b9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Testimonial Carousel for Elementor <= 3.0.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Testimonial Carousel for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handleAjaxCalls() function in versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform a plethora of actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-testimonial-carousel-for-elementor/"
     google-query: inurl:"/wp-content/plugins/advanced-testimonial-carousel-for-elementor/"
     shodan-query: 'vuln:CVE-2024-32783'
-  tags: cve,wordpress,wp-plugin,advanced-testimonial-carousel-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,advanced-testimonial-carousel-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32784-2606febac98b5b77708f94f9707ab5ad.yaml b/nuclei-templates/2024/CVE-2024-32784-2606febac98b5b77708f94f9707ab5ad.yaml
index 8f74b487ab..5dfd71f579 100644
--- a/nuclei-templates/2024/CVE-2024-32784-2606febac98b5b77708f94f9707ab5ad.yaml
+++ b/nuclei-templates/2024/CVE-2024-32784-2606febac98b5b77708f94f9707ab5ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CookieHub <= 1.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CookieHub plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_domain_code and update_advanced_settings functions in versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookiehub/"
     google-query: inurl:"/wp-content/plugins/cookiehub/"
     shodan-query: 'vuln:CVE-2024-32784'
-  tags: cve,wordpress,wp-plugin,cookiehub,medium
+  tags: cve,wordpress,wp-plugin,cookiehub,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32787-a8ed8c08b34ae95a0c525696512c70ee.yaml b/nuclei-templates/2024/CVE-2024-32787-a8ed8c08b34ae95a0c525696512c70ee.yaml
index ed25fce524..35c438ad2e 100644
--- a/nuclei-templates/2024/CVE-2024-32787-a8ed8c08b34ae95a0c525696512c70ee.yaml
+++ b/nuclei-templates/2024/CVE-2024-32787-a8ed8c08b34ae95a0c525696512c70ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Secure Copy Content Protection and Content Locking <= 3.7.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/secure-copy-content-protection/"
     google-query: inurl:"/wp-content/plugins/secure-copy-content-protection/"
     shodan-query: 'vuln:CVE-2024-32787'
-  tags: cve,wordpress,wp-plugin,secure-copy-content-protection,medium
+  tags: cve,wordpress,wp-plugin,secure-copy-content-protection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32791-b940c9ab9a01a68eea4a5776ab2199d7.yaml b/nuclei-templates/2024/CVE-2024-32791-b940c9ab9a01a68eea4a5776ab2199d7.yaml
index b166fc060c..00f696ff30 100644
--- a/nuclei-templates/2024/CVE-2024-32791-b940c9ab9a01a68eea4a5776ab2199d7.yaml
+++ b/nuclei-templates/2024/CVE-2024-32791-b940c9ab9a01a68eea4a5776ab2199d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor  <= 4.10.25 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting  in all versions up to, and including, 4.10.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-32791'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32792-ec5f1fa417ea6d6d86b4d82ac0f5e65d.yaml b/nuclei-templates/2024/CVE-2024-32792-ec5f1fa417ea6d6d86b4d82ac0f5e65d.yaml
index 83401142e7..16b038cdc5 100644
--- a/nuclei-templates/2024/CVE-2024-32792-ec5f1fa417ea6d6d86b4d82ac0f5e65d.yaml
+++ b/nuclei-templates/2024/CVE-2024-32792-ec5f1fa417ea6d6d86b4d82ac0f5e65d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hummingbird <= 3.7.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Hummingbird plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /admin/class-ajax.php file in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to perform unauthorized actions like clearing cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hummingbird-performance/"
     google-query: inurl:"/wp-content/plugins/hummingbird-performance/"
     shodan-query: 'vuln:CVE-2024-32792'
-  tags: cve,wordpress,wp-plugin,hummingbird-performance,medium
+  tags: cve,wordpress,wp-plugin,hummingbird-performance,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32797-e30e15a9c4996773efb6051e3f90c9c4.yaml b/nuclei-templates/2024/CVE-2024-32797-e30e15a9c4996773efb6051e3f90c9c4.yaml
index 202253ed17..9b66d64301 100644
--- a/nuclei-templates/2024/CVE-2024-32797-e30e15a9c4996773efb6051e3f90c9c4.yaml
+++ b/nuclei-templates/2024/CVE-2024-32797-e30e15a9c4996773efb6051e3f90c9c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP LinkedIn Auto Publish <= 8.11 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP LinkedIn Auto Publish plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_linkedin_autopublish_delete_all_linkedin_settings() function in versions up to, and including, 8.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-linkedin-auto-publish/"
     google-query: inurl:"/wp-content/plugins/wp-linkedin-auto-publish/"
     shodan-query: 'vuln:CVE-2024-32797'
-  tags: cve,wordpress,wp-plugin,wp-linkedin-auto-publish,medium
+  tags: cve,wordpress,wp-plugin,wp-linkedin-auto-publish,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32799-f26d5492f0770f1b4f41cabb1dbfd120.yaml b/nuclei-templates/2024/CVE-2024-32799-f26d5492f0770f1b4f41cabb1dbfd120.yaml
index 45e07dd6c3..47a64c87ab 100644
--- a/nuclei-templates/2024/CVE-2024-32799-f26d5492f0770f1b4f41cabb1dbfd120.yaml
+++ b/nuclei-templates/2024/CVE-2024-32799-f26d5492f0770f1b4f41cabb1dbfd120.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Property Listings <= 3.5.3 - Missing Authorization via epl_update_listing_coordinates()
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Property Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the epl_update_listing_coordinates function in versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to update listing co-ordinates.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-property-listings/"
     google-query: inurl:"/wp-content/plugins/easy-property-listings/"
     shodan-query: 'vuln:CVE-2024-32799'
-  tags: cve,wordpress,wp-plugin,easy-property-listings,medium
+  tags: cve,wordpress,wp-plugin,easy-property-listings,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3280-c3fe9adbef48906de6288ff04a6a51a9.yaml b/nuclei-templates/2024/CVE-2024-3280-c3fe9adbef48906de6288ff04a6a51a9.yaml
index e0c1eab5c6..a54334664e 100644
--- a/nuclei-templates/2024/CVE-2024-3280-c3fe9adbef48906de6288ff04a6a51a9.yaml
+++ b/nuclei-templates/2024/CVE-2024-3280-c3fe9adbef48906de6288ff04a6a51a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Follow Us Badges <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsite_follow_us_badges shortcode in all versions up to, and including, 3.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpsite-follow-us-badges/"
     google-query: inurl:"/wp-content/plugins/wpsite-follow-us-badges/"
     shodan-query: 'vuln:CVE-2024-3280'
-  tags: cve,wordpress,wp-plugin,wpsite-follow-us-badges,medium
+  tags: cve,wordpress,wp-plugin,wpsite-follow-us-badges,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32801-7bdd14c359e34ad7380502271a0ac656.yaml b/nuclei-templates/2024/CVE-2024-32801-7bdd14c359e34ad7380502271a0ac656.yaml
index ad0633d5aa..d40c0fa357 100644
--- a/nuclei-templates/2024/CVE-2024-32801-7bdd14c359e34ad7380502271a0ac656.yaml
+++ b/nuclei-templates/2024/CVE-2024-32801-7bdd14c359e34ad7380502271a0ac656.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Widget Post Slider <= 1.3.5. - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Widget Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-post-slider/"
     google-query: inurl:"/wp-content/plugins/widget-post-slider/"
     shodan-query: 'vuln:CVE-2024-32801'
-  tags: cve,wordpress,wp-plugin,widget-post-slider,medium
+  tags: cve,wordpress,wp-plugin,widget-post-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32802-bcaba1132a8ac1a695b97d03ca9be0db.yaml b/nuclei-templates/2024/CVE-2024-32802-bcaba1132a8ac1a695b97d03ca9be0db.yaml
index a0384fd074..b996f0ca21 100644
--- a/nuclei-templates/2024/CVE-2024-32802-bcaba1132a8ac1a695b97d03ca9be0db.yaml
+++ b/nuclei-templates/2024/CVE-2024-32802-bcaba1132a8ac1a695b97d03ca9be0db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BP Better Messages <= 2.4.32 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 2.4.32. This is due to the plugin not properly verifying if a user should have access to a chatoom. This makes it possible for unauthenticated attackers to access chat rooms they should not have access to.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-better-messages/"
     google-query: inurl:"/wp-content/plugins/bp-better-messages/"
     shodan-query: 'vuln:CVE-2024-32802'
-  tags: cve,wordpress,wp-plugin,bp-better-messages,medium
+  tags: cve,wordpress,wp-plugin,bp-better-messages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32804-7ef847bd47bcec43447f7d6368de1312.yaml b/nuclei-templates/2024/CVE-2024-32804-7ef847bd47bcec43447f7d6368de1312.yaml
index 94b13b43a8..14831737ea 100644
--- a/nuclei-templates/2024/CVE-2024-32804-7ef847bd47bcec43447f7d6368de1312.yaml
+++ b/nuclei-templates/2024/CVE-2024-32804-7ef847bd47bcec43447f7d6368de1312.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP GoToWebinar <= 14.46 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP GoToWebinar plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wp_gotowebinar_delete_log_callback() function in versions up to, and including, 14.46. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete logs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-gotowebinar/"
     google-query: inurl:"/wp-content/plugins/wp-gotowebinar/"
     shodan-query: 'vuln:CVE-2024-32804'
-  tags: cve,wordpress,wp-plugin,wp-gotowebinar,medium
+  tags: cve,wordpress,wp-plugin,wp-gotowebinar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32805-7cc4115eca0cf9c161547f1b88d6e0eb.yaml b/nuclei-templates/2024/CVE-2024-32805-7cc4115eca0cf9c161547f1b88d6e0eb.yaml
index 206df8d993..d8e55e1fc7 100644
--- a/nuclei-templates/2024/CVE-2024-32805-7cc4115eca0cf9c161547f1b88d6e0eb.yaml
+++ b/nuclei-templates/2024/CVE-2024-32805-7cc4115eca0cf9c161547f1b88d6e0eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Snap <= 1.3.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Snap plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in versions up to, and including, 1.3.5. This makes it possible for unauthenticated attackers to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/socialsnap/"
     google-query: inurl:"/wp-content/plugins/socialsnap/"
     shodan-query: 'vuln:CVE-2024-32805'
-  tags: cve,wordpress,wp-plugin,socialsnap,medium
+  tags: cve,wordpress,wp-plugin,socialsnap,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32807-a4d2edadf2ab61a5bc7487773709b53f.yaml b/nuclei-templates/2024/CVE-2024-32807-a4d2edadf2ab61a5bc7487773709b53f.yaml
index 8ca63405c2..7b51680eed 100644
--- a/nuclei-templates/2024/CVE-2024-32807-a4d2edadf2ab61a5bc7487773709b53f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32807-a4d2edadf2ab61a5bc7487773709b53f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sendinblue for WooCommerce <= 4.0.17 - Authenticated (Editor+) Arbitrary File Download and Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Brevo for WooCommerce plugin for WordPress is vulnerable to arbitrary file download and deletion in all versions up to, and including, 4.0.17. This is due to the plugin not properly validating file names in the get_file_contents and delete_attachment functions. This makes it possible for authenticated attackers, with editor-level access and above, to download and delete arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-sendinblue-newsletter-subscription/"
     google-query: inurl:"/wp-content/plugins/woocommerce-sendinblue-newsletter-subscription/"
     shodan-query: 'vuln:CVE-2024-32807'
-  tags: cve,wordpress,wp-plugin,woocommerce-sendinblue-newsletter-subscription,high
+  tags: cve,wordpress,wp-plugin,woocommerce-sendinblue-newsletter-subscription,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32810-d937680a60653a1af5b2a6c9c069ec41.yaml b/nuclei-templates/2024/CVE-2024-32810-d937680a60653a1af5b2a6c9c069ec41.yaml
index b63b8f8b03..c3cf6670ce 100644
--- a/nuclei-templates/2024/CVE-2024-32810-d937680a60653a1af5b2a6c9c069ec41.yaml
+++ b/nuclei-templates/2024/CVE-2024-32810-d937680a60653a1af5b2a6c9c069ec41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShortPixel Critical CSS <= 1.0.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ShortPixel Critical CSS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several function sin versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortpixel-critical-css/"
     google-query: inurl:"/wp-content/plugins/shortpixel-critical-css/"
     shodan-query: 'vuln:CVE-2024-32810'
-  tags: cve,wordpress,wp-plugin,shortpixel-critical-css,medium
+  tags: cve,wordpress,wp-plugin,shortpixel-critical-css,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32812-4a1b15e037b0e674a6b8abd0386af8e9.yaml b/nuclei-templates/2024/CVE-2024-32812-4a1b15e037b0e674a6b8abd0386af8e9.yaml
index 875af8921b..7250a79314 100644
--- a/nuclei-templates/2024/CVE-2024-32812-4a1b15e037b0e674a6b8abd0386af8e9.yaml
+++ b/nuclei-templates/2024/CVE-2024-32812-4a1b15e037b0e674a6b8abd0386af8e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Podlove Podcast Publisher <= 4.0.11 - Authenticated (Contributor+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Podlove Podcast Publisher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.11 via the fetch_url_meta function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/"
     shodan-query: 'vuln:CVE-2024-32812'
-  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32813-c380050a7e76482fb19d38cf49fcde28.yaml b/nuclei-templates/2024/CVE-2024-32813-c380050a7e76482fb19d38cf49fcde28.yaml
index 75765ea5fd..ddd8cd0ae3 100644
--- a/nuclei-templates/2024/CVE-2024-32813-c380050a7e76482fb19d38cf49fcde28.yaml
+++ b/nuclei-templates/2024/CVE-2024-32813-c380050a7e76482fb19d38cf49fcde28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Integrate Google Drive <= 1.3.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in versions up to, and including, 1.3.9. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integrate-google-drive/"
     google-query: inurl:"/wp-content/plugins/integrate-google-drive/"
     shodan-query: 'vuln:CVE-2024-32813'
-  tags: cve,wordpress,wp-plugin,integrate-google-drive,medium
+  tags: cve,wordpress,wp-plugin,integrate-google-drive,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32814-bf4905bcfa1e978b4bbdcf9e3f9b15d3.yaml b/nuclei-templates/2024/CVE-2024-32814-bf4905bcfa1e978b4bbdcf9e3f9b15d3.yaml
index 6ac14432a7..80aad2d289 100644
--- a/nuclei-templates/2024/CVE-2024-32814-bf4905bcfa1e978b4bbdcf9e3f9b15d3.yaml
+++ b/nuclei-templates/2024/CVE-2024-32814-bf4905bcfa1e978b4bbdcf9e3f9b15d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Local Pickup for WooCommerce <= 1.6.1 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_notices_for_alp_pro() function in versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to dismiss upgrade notices
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-local-pickup-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-local-pickup-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-32814'
-  tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32815-ab9e9f1fd2829128e3bb4bce435b5cf7.yaml b/nuclei-templates/2024/CVE-2024-32815-ab9e9f1fd2829128e3bb4bce435b5cf7.yaml
index b72c742ddf..2317f67064 100644
--- a/nuclei-templates/2024/CVE-2024-32815-ab9e9f1fd2829128e3bb4bce435b5cf7.yaml
+++ b/nuclei-templates/2024/CVE-2024-32815-ab9e9f1fd2829128e3bb4bce435b5cf7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-one Like Widget <= 2.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All-in-one Like Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-facebook-like-widget/"
     google-query: inurl:"/wp-content/plugins/all-in-one-facebook-like-widget/"
     shodan-query: 'vuln:CVE-2024-32815'
-  tags: cve,wordpress,wp-plugin,all-in-one-facebook-like-widget,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-facebook-like-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32817-916825c2b82546703e1e58fc1213738b.yaml b/nuclei-templates/2024/CVE-2024-32817-916825c2b82546703e1e58fc1213738b.yaml
index c6ec079f63..d7a30d9d48 100644
--- a/nuclei-templates/2024/CVE-2024-32817-916825c2b82546703e1e58fc1213738b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32817-916825c2b82546703e1e58fc1213738b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import and export users and customers <= 1.26.2 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Import and export users and customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.26.2 via deserialization of untrusted input in the import.php file. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/"
     google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/"
     shodan-query: 'vuln:CVE-2024-32817'
-  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high
+  tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32818-4f95fbf5d542e431aaee4d569011a0a0.yaml b/nuclei-templates/2024/CVE-2024-32818-4f95fbf5d542e431aaee4d569011a0a0.yaml
index ba16a25ae5..c2d37ef1c5 100644
--- a/nuclei-templates/2024/CVE-2024-32818-4f95fbf5d542e431aaee4d569011a0a0.yaml
+++ b/nuclei-templates/2024/CVE-2024-32818-4f95fbf5d542e431aaee4d569011a0a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Meta Data and Taxonomies Filter (MDTF) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajx_set_sequence() function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to change a sequence.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     shodan-query: 'vuln:CVE-2024-32818'
-  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32819-36e8e0f9a5511d98ca66f925304a3a33.yaml b/nuclei-templates/2024/CVE-2024-32819-36e8e0f9a5511d98ca66f925304a3a33.yaml
index caf8ae2685..e0424dd09b 100644
--- a/nuclei-templates/2024/CVE-2024-32819-36e8e0f9a5511d98ca66f925304a3a33.yaml
+++ b/nuclei-templates/2024/CVE-2024-32819-36e8e0f9a5511d98ca66f925304a3a33.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Culqi <= 3.0.14 - Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Culqi plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.14 via the get_merchants function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/culqi-checkout/"
     google-query: inurl:"/wp-content/plugins/culqi-checkout/"
     shodan-query: 'vuln:CVE-2024-32819'
-  tags: cve,wordpress,wp-plugin,culqi-checkout,medium
+  tags: cve,wordpress,wp-plugin,culqi-checkout,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32820-ea8ebad551118883e1feafe80a786b1f.yaml b/nuclei-templates/2024/CVE-2024-32820-ea8ebad551118883e1feafe80a786b1f.yaml
index 07d46513fd..ac41e6e9e6 100644
--- a/nuclei-templates/2024/CVE-2024-32820-ea8ebad551118883e1feafe80a786b1f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32820-ea8ebad551118883e1feafe80a786b1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Share Icons & Social Share Buttons <= 3.6.2 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Share Icons & Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 3.6.2. This makes it possible for unauthenticated attackers to dismiss notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-social-media-plus/"
     google-query: inurl:"/wp-content/plugins/ultimate-social-media-plus/"
     shodan-query: 'vuln:CVE-2024-32820'
-  tags: cve,wordpress,wp-plugin,ultimate-social-media-plus,medium
+  tags: cve,wordpress,wp-plugin,ultimate-social-media-plus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32821-79e3222cd5781d3ee2de3dbd9ec9763f.yaml b/nuclei-templates/2024/CVE-2024-32821-79e3222cd5781d3ee2de3dbd9ec9763f.yaml
index 9164f2694e..ccfba52a74 100644
--- a/nuclei-templates/2024/CVE-2024-32821-79e3222cd5781d3ee2de3dbd9ec9763f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32821-79e3222cd5781d3ee2de3dbd9ec9763f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Total Poll Lite <= 4.9.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Total Poll Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetPoll() function in versions up to, and including, 4.9.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset polls.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/totalpoll-lite/"
     google-query: inurl:"/wp-content/plugins/totalpoll-lite/"
     shodan-query: 'vuln:CVE-2024-32821'
-  tags: cve,wordpress,wp-plugin,totalpoll-lite,medium
+  tags: cve,wordpress,wp-plugin,totalpoll-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32822-153f878c481a2d3c062b001804128554.yaml b/nuclei-templates/2024/CVE-2024-32822-153f878c481a2d3c062b001804128554.yaml
index d16cba3367..27ccd227fe 100644
--- a/nuclei-templates/2024/CVE-2024-32822-153f878c481a2d3c062b001804128554.yaml
+++ b/nuclei-templates/2024/CVE-2024-32822-153f878c481a2d3c062b001804128554.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Reviews Plus <= 1.3.4 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Reviews Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_hide_revs_translation_notice() function in versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reviews-plus/"
     google-query: inurl:"/wp-content/plugins/reviews-plus/"
     shodan-query: 'vuln:CVE-2024-32822'
-  tags: cve,wordpress,wp-plugin,reviews-plus,medium
+  tags: cve,wordpress,wp-plugin,reviews-plus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32824-8c8032347c8a676583142ccf856ffd1b.yaml b/nuclei-templates/2024/CVE-2024-32824-8c8032347c8a676583142ccf856ffd1b.yaml
index 9481e872f2..03f06205f5 100644
--- a/nuclei-templates/2024/CVE-2024-32824-8c8032347c8a676583142ccf856ffd1b.yaml
+++ b/nuclei-templates/2024/CVE-2024-32824-8c8032347c8a676583142ccf856ffd1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Evergreen Content Poster <= 1.4.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Evergreen Content Poster plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_network_post() function in versions up to, and including, 1.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to  create network posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/evergreen-content-poster/"
     google-query: inurl:"/wp-content/plugins/evergreen-content-poster/"
     shodan-query: 'vuln:CVE-2024-32824'
-  tags: cve,wordpress,wp-plugin,evergreen-content-poster,medium
+  tags: cve,wordpress,wp-plugin,evergreen-content-poster,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32826-0d1db255d715c554771e21ce6d36684e.yaml b/nuclei-templates/2024/CVE-2024-32826-0d1db255d715c554771e21ce6d36684e.yaml
index 0b0b1bae9a..c4a8993fa4 100644
--- a/nuclei-templates/2024/CVE-2024-32826-0d1db255d715c554771e21ce6d36684e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32826-0d1db255d715c554771e21ce6d36684e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VK Block Patterns <= 1.31.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The VK Block Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vbp_clear_patterns_cache() function in versions up to, and including, 1.31.0. This makes it possible for unauthenticated attackers to clear the patterns cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vk-block-patterns/"
     google-query: inurl:"/wp-content/plugins/vk-block-patterns/"
     shodan-query: 'vuln:CVE-2024-32826'
-  tags: cve,wordpress,wp-plugin,vk-block-patterns,medium
+  tags: cve,wordpress,wp-plugin,vk-block-patterns,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32828-cb1263fe7cf23ae55fdda5b42af76fdf.yaml b/nuclei-templates/2024/CVE-2024-32828-cb1263fe7cf23ae55fdda5b42af76fdf.yaml
index 48ae6e8006..928b92b713 100644
--- a/nuclei-templates/2024/CVE-2024-32828-cb1263fe7cf23ae55fdda5b42af76fdf.yaml
+++ b/nuclei-templates/2024/CVE-2024-32828-cb1263fe7cf23ae55fdda5b42af76fdf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flexible Shipping <= 4.24.15 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Flexible Shipping plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flexible-shipping/"
     google-query: inurl:"/wp-content/plugins/flexible-shipping/"
     shodan-query: 'vuln:CVE-2024-32828'
-  tags: cve,wordpress,wp-plugin,flexible-shipping,medium
+  tags: cve,wordpress,wp-plugin,flexible-shipping,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32829-c639be60406ab3b6aefe17af97aa1a3c.yaml b/nuclei-templates/2024/CVE-2024-32829-c639be60406ab3b6aefe17af97aa1a3c.yaml
index 42802898c3..1deb4f3033 100644
--- a/nuclei-templates/2024/CVE-2024-32829-c639be60406ab3b6aefe17af97aa1a3c.yaml
+++ b/nuclei-templates/2024/CVE-2024-32829-c639be60406ab3b6aefe17af97aa1a3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Data Tables Generator by Supsystic <= 1.10.31 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.10.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/"
     shodan-query: 'vuln:CVE-2024-32829'
-  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32831-7e7c2d3094ebf66ce262024cc34ea145.yaml b/nuclei-templates/2024/CVE-2024-32831-7e7c2d3094ebf66ce262024cc34ea145.yaml
index 0249c16951..8adcdc5447 100644
--- a/nuclei-templates/2024/CVE-2024-32831-7e7c2d3094ebf66ce262024cc34ea145.yaml
+++ b/nuclei-templates/2024/CVE-2024-32831-7e7c2d3094ebf66ce262024cc34ea145.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accessibility Widget <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accessibility Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accessibility-widget/"
     google-query: inurl:"/wp-content/plugins/accessibility-widget/"
     shodan-query: 'vuln:CVE-2024-32831'
-  tags: cve,wordpress,wp-plugin,accessibility-widget,medium
+  tags: cve,wordpress,wp-plugin,accessibility-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32832-64bb9b276a0e4073663c51a2aaebe19f.yaml b/nuclei-templates/2024/CVE-2024-32832-64bb9b276a0e4073663c51a2aaebe19f.yaml
index ce1dcce307..2ca90672ae 100644
--- a/nuclei-templates/2024/CVE-2024-32832-64bb9b276a0e4073663c51a2aaebe19f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32832-64bb9b276a0e4073663c51a2aaebe19f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login with phone number <= 1.6.93 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Login with phone number plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a function in versions up to, and including, 1.6.93. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-phone-number/"
     google-query: inurl:"/wp-content/plugins/login-with-phone-number/"
     shodan-query: 'vuln:CVE-2024-32832'
-  tags: cve,wordpress,wp-plugin,login-with-phone-number,medium
+  tags: cve,wordpress,wp-plugin,login-with-phone-number,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32833-53b64c2cc89e0070db555cf593bc5061.yaml b/nuclei-templates/2024/CVE-2024-32833-53b64c2cc89e0070db555cf593bc5061.yaml
index 9d3b16f0df..b3b0828748 100644
--- a/nuclei-templates/2024/CVE-2024-32833-53b64c2cc89e0070db555cf593bc5061.yaml
+++ b/nuclei-templates/2024/CVE-2024-32833-53b64c2cc89e0070db555cf593bc5061.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     List Custom Taxonomy Widget <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The List Custom Taxonomy Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/list-custom-taxonomy-widget/"
     google-query: inurl:"/wp-content/plugins/list-custom-taxonomy-widget/"
     shodan-query: 'vuln:CVE-2024-32833'
-  tags: cve,wordpress,wp-plugin,list-custom-taxonomy-widget,medium
+  tags: cve,wordpress,wp-plugin,list-custom-taxonomy-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32835-2178e4e9767ddbb5794b39d1005e082d.yaml b/nuclei-templates/2024/CVE-2024-32835-2178e4e9767ddbb5794b39d1005e082d.yaml
index 012db0c6e6..5e745d6f5b 100644
--- a/nuclei-templates/2024/CVE-2024-32835-2178e4e9767ddbb5794b39d1005e082d.yaml
+++ b/nuclei-templates/2024/CVE-2024-32835-2178e4e9767ddbb5794b39d1005e082d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Export and Import Users and Customers <= 2.5.3 - Authenticated (Admin+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserialization of untrusted input in the input.php file. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-customers-import-export-for-wp-woocommerce/"
     google-query: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/"
     shodan-query: 'vuln:CVE-2024-32835'
-  tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,high
+  tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32836-1691930e201b6c9ce529fab20806ab3a.yaml b/nuclei-templates/2024/CVE-2024-32836-1691930e201b6c9ce529fab20806ab3a.yaml
index 0d8b5e5182..25925ebc26 100644
--- a/nuclei-templates/2024/CVE-2024-32836-1691930e201b6c9ce529fab20806ab3a.yaml
+++ b/nuclei-templates/2024/CVE-2024-32836-1691930e201b6c9ce529fab20806ab3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Lister Lite for eBay <= 3.5.11 - Authenticated (Shop Manager+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP-Lister Lite for eBay plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 3.6.0 (exclusive). This makes it possible for authenticated attackers, with shop manager-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-lister-for-ebay/"
     google-query: inurl:"/wp-content/plugins/wp-lister-for-ebay/"
     shodan-query: 'vuln:CVE-2024-32836'
-  tags: cve,wordpress,wp-plugin,wp-lister-for-ebay,high
+  tags: cve,wordpress,wp-plugin,wp-lister-for-ebay,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3285-511ef268c5ca19fe7d62dddd9e13f37e.yaml b/nuclei-templates/2024/CVE-2024-3285-511ef268c5ca19fe7d62dddd9e13f37e.yaml
index b03b719fb8..48eb8c291b 100644
--- a/nuclei-templates/2024/CVE-2024-3285-511ef268c5ca19fe7d62dddd9e13f37e.yaml
+++ b/nuclei-templates/2024/CVE-2024-3285-511ef268c5ca19fe7d62dddd9e13f37e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows <= 3.70.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'metaslider' shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ml-slider/"
     google-query: inurl:"/wp-content/plugins/ml-slider/"
     shodan-query: 'vuln:CVE-2024-3285'
-  tags: cve,wordpress,wp-plugin,ml-slider,medium
+  tags: cve,wordpress,wp-plugin,ml-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3287-0f5c5f0145a23c33dd91c0c052718e6c.yaml b/nuclei-templates/2024/CVE-2024-3287-0f5c5f0145a23c33dd91c0c052718e6c.yaml
index 540b30bf79..95536882aa 100644
--- a/nuclei-templates/2024/CVE-2024-3287-0f5c5f0145a23c33dd91c0c052718e6c.yaml
+++ b/nuclei-templates/2024/CVE-2024-3287-0f5c5f0145a23c33dd91c0c052718e6c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smartcrawl-seo/"
     google-query: inurl:"/wp-content/plugins/smartcrawl-seo/"
     shodan-query: 'vuln:CVE-2024-3287'
-  tags: cve,wordpress,wp-plugin,smartcrawl-seo,medium
+  tags: cve,wordpress,wp-plugin,smartcrawl-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3293-aeff462ac51a8748cbda344eafd679be.yaml b/nuclei-templates/2024/CVE-2024-3293-aeff462ac51a8748cbda344eafd679be.yaml
index 21d674db50..0e708a965c 100644
--- a/nuclei-templates/2024/CVE-2024-3293-aeff462ac51a8748cbda344eafd679be.yaml
+++ b/nuclei-templates/2024/CVE-2024-3293-aeff462ac51a8748cbda344eafd679be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-media/"
     google-query: inurl:"/wp-content/plugins/buddypress-media/"
     shodan-query: 'vuln:CVE-2024-3293'
-  tags: cve,wordpress,wp-plugin,buddypress-media,high
+  tags: cve,wordpress,wp-plugin,buddypress-media,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32948-cb6fa6f6958986304e8bc18c130022ba.yaml b/nuclei-templates/2024/CVE-2024-32948-cb6fa6f6958986304e8bc18c130022ba.yaml
index 16b6ed7a14..fe95dd1f77 100644
--- a/nuclei-templates/2024/CVE-2024-32948-cb6fa6f6958986304e8bc18c130022ba.yaml
+++ b/nuclei-templates/2024/CVE-2024-32948-cb6fa6f6958986304e8bc18c130022ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.28 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.0.28. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/armember-membership/"
     google-query: inurl:"/wp-content/plugins/armember-membership/"
     shodan-query: 'vuln:CVE-2024-32948'
-  tags: cve,wordpress,wp-plugin,armember-membership,medium
+  tags: cve,wordpress,wp-plugin,armember-membership,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32949-2143d39c6a447e17fa955c9d29e9190e.yaml b/nuclei-templates/2024/CVE-2024-32949-2143d39c6a447e17fa955c9d29e9190e.yaml
index 20d940e248..9669657faa 100644
--- a/nuclei-templates/2024/CVE-2024-32949-2143d39c6a447e17fa955c9d29e9190e.yaml
+++ b/nuclei-templates/2024/CVE-2024-32949-2143d39c6a447e17fa955c9d29e9190e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Integrate Google Drive <= 1.3.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.3.8. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integrate-google-drive/"
     google-query: inurl:"/wp-content/plugins/integrate-google-drive/"
     shodan-query: 'vuln:CVE-2024-32949'
-  tags: cve,wordpress,wp-plugin,integrate-google-drive,medium
+  tags: cve,wordpress,wp-plugin,integrate-google-drive,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3295-89a71e03ca88d2c02f3be0f2c0d21756.yaml b/nuclei-templates/2024/CVE-2024-3295-89a71e03ca88d2c02f3be0f2c0d21756.yaml
index 776ea87df0..61a210b7bd 100644
--- a/nuclei-templates/2024/CVE-2024-3295-89a71e03ca88d2c02f3be0f2c0d21756.yaml
+++ b/nuclei-templates/2024/CVE-2024-3295-89a71e03ca88d2c02f3be0f2c0d21756.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This makes it possible for unauthenticated attackers to delete any media file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-registration/"
     google-query: inurl:"/wp-content/plugins/user-registration/"
     shodan-query: 'vuln:CVE-2024-3295'
-  tags: cve,wordpress,wp-plugin,user-registration,medium
+  tags: cve,wordpress,wp-plugin,user-registration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32951-cb8a70925c9490ee47d5d493a807b6ac.yaml b/nuclei-templates/2024/CVE-2024-32951-cb8a70925c9490ee47d5d493a807b6ac.yaml
index b8bfc3e1a8..d9acce1f71 100644
--- a/nuclei-templates/2024/CVE-2024-32951-cb8a70925c9490ee47d5d493a807b6ac.yaml
+++ b/nuclei-templates/2024/CVE-2024-32951-cb8a70925c9490ee47d5d493a807b6ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Max Addons Pro for Bricks <= 1.6.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Max Addons Pro for Bricks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to reset the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/max-addons-pro-bricks/"
     google-query: inurl:"/wp-content/plugins/max-addons-pro-bricks/"
     shodan-query: 'vuln:CVE-2024-32951'
-  tags: cve,wordpress,wp-plugin,max-addons-pro-bricks,medium
+  tags: cve,wordpress,wp-plugin,max-addons-pro-bricks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32954-f3852e2e998f0a9723c8ace5e7ebc48d.yaml b/nuclei-templates/2024/CVE-2024-32954-f3852e2e998f0a9723c8ace5e7ebc48d.yaml
index 55ff4f5b4f..93f62afacb 100644
--- a/nuclei-templates/2024/CVE-2024-32954-f3852e2e998f0a9723c8ace5e7ebc48d.yaml
+++ b/nuclei-templates/2024/CVE-2024-32954-f3852e2e998f0a9723c8ace5e7ebc48d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletters <= 4.9.5 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Newsletters plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletters-lite/"
     google-query: inurl:"/wp-content/plugins/newsletters-lite/"
     shodan-query: 'vuln:CVE-2024-32954'
-  tags: cve,wordpress,wp-plugin,newsletters-lite,critical
+  tags: cve,wordpress,wp-plugin,newsletters-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32955-61c688c55eb7ee42da571c3fb1a2e6d3.yaml b/nuclei-templates/2024/CVE-2024-32955-61c688c55eb7ee42da571c3fb1a2e6d3.yaml
index df5ee82695..4c7eaf7f98 100644
--- a/nuclei-templates/2024/CVE-2024-32955-61c688c55eb7ee42da571c3fb1a2e6d3.yaml
+++ b/nuclei-templates/2024/CVE-2024-32955-61c688c55eb7ee42da571c3fb1a2e6d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The FV Flowplayer Video Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.5.43.7212. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:CVE-2024-32955'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32956-8e63763711ef860c6f3f1ec391c10df2.yaml b/nuclei-templates/2024/CVE-2024-32956-8e63763711ef860c6f3f1ec391c10df2.yaml
index 3e500b91d2..e22ee8fb3b 100644
--- a/nuclei-templates/2024/CVE-2024-32956-8e63763711ef860c6f3f1ec391c10df2.yaml
+++ b/nuclei-templates/2024/CVE-2024-32956-8e63763711ef860c6f3f1ec391c10df2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RomethemeKit For Elementor <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The RomethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rometheme-for-elementor/"
     google-query: inurl:"/wp-content/plugins/rometheme-for-elementor/"
     shodan-query: 'vuln:CVE-2024-32956'
-  tags: cve,wordpress,wp-plugin,rometheme-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,rometheme-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32957-72add1c0a6273b20aaa451b8bcfd56cd.yaml b/nuclei-templates/2024/CVE-2024-32957-72add1c0a6273b20aaa451b8bcfd56cd.yaml
index bc1d7dddac..6b7fdb99ce 100644
--- a/nuclei-templates/2024/CVE-2024-32957-72add1c0a6273b20aaa451b8bcfd56cd.yaml
+++ b/nuclei-templates/2024/CVE-2024-32957-72add1c0a6273b20aaa451b8bcfd56cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: Live Composer <= 1.5.38 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Page Builder: Live Composer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dslc_ajax_add_module() function in versions up to, and including, 1.5.38. This makes it possible for authenticated attackers, with author-level access and above, to add modules.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/live-composer-page-builder/"
     google-query: inurl:"/wp-content/plugins/live-composer-page-builder/"
     shodan-query: 'vuln:CVE-2024-32957'
-  tags: cve,wordpress,wp-plugin,live-composer-page-builder,medium
+  tags: cve,wordpress,wp-plugin,live-composer-page-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32959-0e449c9a497e53b142f5674fb22e2a1f.yaml b/nuclei-templates/2024/CVE-2024-32959-0e449c9a497e53b142f5674fb22e2a1f.yaml
index adbab22971..391016efca 100644
--- a/nuclei-templates/2024/CVE-2024-32959-0e449c9a497e53b142f5674fb22e2a1f.yaml
+++ b/nuclei-templates/2024/CVE-2024-32959-0e449c9a497e53b142f5674fb22e2a1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sirv <= 7.2.2 - Missing Authorization to Arbitrary Options Update
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirv_dismiss_notice() function in all versions up to, and including, 7.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which could lead to privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sirv/"
     google-query: inurl:"/wp-content/plugins/sirv/"
     shodan-query: 'vuln:CVE-2024-32959'
-  tags: cve,wordpress,wp-plugin,sirv,critical
+  tags: cve,wordpress,wp-plugin,sirv,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32960-cec3580e3bef11008dce66e6706b0fc0.yaml b/nuclei-templates/2024/CVE-2024-32960-cec3580e3bef11008dce66e6706b0fc0.yaml
index d95a846098..a7244f43b4 100644
--- a/nuclei-templates/2024/CVE-2024-32960-cec3580e3bef11008dce66e6706b0fc0.yaml
+++ b/nuclei-templates/2024/CVE-2024-32960-cec3580e3bef11008dce66e6706b0fc0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Ultra Pro <= 1.1.12 - Authenticated (Contributor+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12.  This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-ultra-pro/"
     google-query: inurl:"/wp-content/plugins/booking-ultra-pro/"
     shodan-query: 'vuln:CVE-2024-32960'
-  tags: cve,wordpress,wp-plugin,booking-ultra-pro,high
+  tags: cve,wordpress,wp-plugin,booking-ultra-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-32961-db7f8fed7cd5746da95374c4a1d925a5.yaml b/nuclei-templates/2024/CVE-2024-32961-db7f8fed7cd5746da95374c4a1d925a5.yaml
index 0a4ac82a55..c0d2d327fd 100644
--- a/nuclei-templates/2024/CVE-2024-32961-db7f8fed7cd5746da95374c4a1d925a5.yaml
+++ b/nuclei-templates/2024/CVE-2024-32961-db7f8fed7cd5746da95374c4a1d925a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blocksy <= 2.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/blocksy/"
     google-query: inurl:"/wp-content/themes/blocksy/"
     shodan-query: 'vuln:CVE-2024-32961'
-  tags: cve,wordpress,wp-theme,blocksy,medium
+  tags: cve,wordpress,wp-theme,blocksy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3307-7bd8b052dc6ab5494250ef14b3571b9d.yaml b/nuclei-templates/2024/CVE-2024-3307-7bd8b052dc6ab5494250ef14b3571b9d.yaml
index 430f69677e..be258538d0 100644
--- a/nuclei-templates/2024/CVE-2024-3307-7bd8b052dc6ab5494250ef14b3571b9d.yaml
+++ b/nuclei-templates/2024/CVE-2024-3307-7bd8b052dc6ab5494250ef14b3571b9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3307'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3308-c9c8b6f666802b2f51aa7a2059e8cf31.yaml b/nuclei-templates/2024/CVE-2024-3308-c9c8b6f666802b2f51aa7a2059e8cf31.yaml
index 05c19e2dea..0e4f8f527f 100644
--- a/nuclei-templates/2024/CVE-2024-3308-c9c8b6f666802b2f51aa7a2059e8cf31.yaml
+++ b/nuclei-templates/2024/CVE-2024-3308-c9c8b6f666802b2f51aa7a2059e8cf31.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Grid Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3308'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3309-236ec29d3a581237ffdca9038176da82.yaml b/nuclei-templates/2024/CVE-2024-3309-236ec29d3a581237ffdca9038176da82.yaml
index 86290d014b..21f83e1996 100644
--- a/nuclei-templates/2024/CVE-2024-3309-236ec29d3a581237ffdca9038176da82.yaml
+++ b/nuclei-templates/2024/CVE-2024-3309-236ec29d3a581237ffdca9038176da82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qi Addons For Elementor <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qi-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/qi-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3309'
-  tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3333-c900b7eac90dcb368c77b66b5bee17b3.yaml b/nuclei-templates/2024/CVE-2024-3333-c900b7eac90dcb368c77b66b5bee17b3.yaml
index ee7c2e76af..70178c1db8 100644
--- a/nuclei-templates/2024/CVE-2024-3333-c900b7eac90dcb368c77b66b5bee17b3.yaml
+++ b/nuclei-templates/2024/CVE-2024-3333-c900b7eac90dcb368c77b66b5bee17b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-3333'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3337-01e0b89afcfee7ee0b87257825f06c59.yaml b/nuclei-templates/2024/CVE-2024-3337-01e0b89afcfee7ee0b87257825f06c59.yaml
index 3e028b4978..9edcebf387 100644
--- a/nuclei-templates/2024/CVE-2024-3337-01e0b89afcfee7ee0b87257825f06c59.yaml
+++ b/nuclei-templates/2024/CVE-2024-3337-01e0b89afcfee7ee0b87257825f06c59.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/colibri-page-builder/"
     google-query: inurl:"/wp-content/plugins/colibri-page-builder/"
     shodan-query: 'vuln:CVE-2024-3337'
-  tags: cve,wordpress,wp-plugin,colibri-page-builder,medium
+  tags: cve,wordpress,wp-plugin,colibri-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3338-f731e8529b33108bde99e03616dec459.yaml b/nuclei-templates/2024/CVE-2024-3338-f731e8529b33108bde99e03616dec459.yaml
index 0c2c5c5464..da559d2dfe 100644
--- a/nuclei-templates/2024/CVE-2024-3338-f731e8529b33108bde99e03616dec459.yaml
+++ b/nuclei-templates/2024/CVE-2024-3338-f731e8529b33108bde99e03616dec459.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/colibri-page-builder/"
     google-query: inurl:"/wp-content/plugins/colibri-page-builder/"
     shodan-query: 'vuln:CVE-2024-3338'
-  tags: cve,wordpress,wp-plugin,colibri-page-builder,medium
+  tags: cve,wordpress,wp-plugin,colibri-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3340-72c77f134254f33afbd956d2661ee799.yaml b/nuclei-templates/2024/CVE-2024-3340-72c77f134254f33afbd956d2661ee799.yaml
index 7c88358817..cb4f3bb1d1 100644
--- a/nuclei-templates/2024/CVE-2024-3340-72c77f134254f33afbd956d2661ee799.yaml
+++ b/nuclei-templates/2024/CVE-2024-3340-72c77f134254f33afbd956d2661ee799.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/colibri-page-builder/"
     google-query: inurl:"/wp-content/plugins/colibri-page-builder/"
     shodan-query: 'vuln:CVE-2024-3340'
-  tags: cve,wordpress,wp-plugin,colibri-page-builder,medium
+  tags: cve,wordpress,wp-plugin,colibri-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3341-c1fa4ca90d68aef3b1e407c4bbb8f6e9.yaml b/nuclei-templates/2024/CVE-2024-3341-c1fa4ca90d68aef3b1e407c4bbb8f6e9.yaml
index ac3ba79305..e5ff951ce8 100644
--- a/nuclei-templates/2024/CVE-2024-3341-c1fa4ca90d68aef3b1e407c4bbb8f6e9.yaml
+++ b/nuclei-templates/2024/CVE-2024-3341-c1fa4ca90d68aef3b1e407c4bbb8f6e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auxin-elements/"
     google-query: inurl:"/wp-content/plugins/auxin-elements/"
     shodan-query: 'vuln:CVE-2024-3341'
-  tags: cve,wordpress,wp-plugin,auxin-elements,medium
+  tags: cve,wordpress,wp-plugin,auxin-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3342-b16f008700574256ab90c1f92968c3fa.yaml b/nuclei-templates/2024/CVE-2024-3342-b16f008700574256ab90c1f92968c3fa.yaml
index 4869b0cdce..01016318ac 100644
--- a/nuclei-templates/2024/CVE-2024-3342-b16f008700574256ab90c1f92968c3fa.yaml
+++ b/nuclei-templates/2024/CVE-2024-3342-b16f008700574256ab90c1f92968c3fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mp-timetable/"
     google-query: inurl:"/wp-content/plugins/mp-timetable/"
     shodan-query: 'vuln:CVE-2024-3342'
-  tags: cve,wordpress,wp-plugin,mp-timetable,critical
+  tags: cve,wordpress,wp-plugin,mp-timetable,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3343-74e59a3e9ea29768b5d0afa832d7eb55.yaml b/nuclei-templates/2024/CVE-2024-3343-74e59a3e9ea29768b5d0afa832d7eb55.yaml
index d8f63bf895..3cb07a9896 100644
--- a/nuclei-templates/2024/CVE-2024-3343-74e59a3e9ea29768b5d0afa832d7eb55.yaml
+++ b/nuclei-templates/2024/CVE-2024-3343-74e59a3e9ea29768b5d0afa832d7eb55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/otter-blocks/"
     google-query: inurl:"/wp-content/plugins/otter-blocks/"
     shodan-query: 'vuln:CVE-2024-3343'
-  tags: cve,wordpress,wp-plugin,otter-blocks,medium
+  tags: cve,wordpress,wp-plugin,otter-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3344-d1fde79ddb6f5cce29eedf02f3d4b354.yaml b/nuclei-templates/2024/CVE-2024-3344-d1fde79ddb6f5cce29eedf02f3d4b354.yaml
index 4a925c6a3c..f211444543 100644
--- a/nuclei-templates/2024/CVE-2024-3344-d1fde79ddb6f5cce29eedf02f3d4b354.yaml
+++ b/nuclei-templates/2024/CVE-2024-3344-d1fde79ddb6f5cce29eedf02f3d4b354.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/otter-blocks/"
     google-query: inurl:"/wp-content/plugins/otter-blocks/"
     shodan-query: 'vuln:CVE-2024-3344'
-  tags: cve,wordpress,wp-plugin,otter-blocks,medium
+  tags: cve,wordpress,wp-plugin,otter-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33537-10655f6004e5353e2b6a2b5ad40ac777.yaml b/nuclei-templates/2024/CVE-2024-33537-10655f6004e5353e2b6a2b5ad40ac777.yaml
index df235252f0..b2aac46574 100644
--- a/nuclei-templates/2024/CVE-2024-33537-10655f6004e5353e2b6a2b5ad40ac777.yaml
+++ b/nuclei-templates/2024/CVE-2024-33537-10655f6004e5353e2b6a2b5ad40ac777.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Portfolio <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Portfolio theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/wp-portfolio/"
     google-query: inurl:"/wp-content/themes/wp-portfolio/"
     shodan-query: 'vuln:CVE-2024-33537'
-  tags: cve,wordpress,wp-theme,wp-portfolio,medium
+  tags: cve,wordpress,wp-theme,wp-portfolio,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33539-0c1df7bc0f650153d4deab14ee137704.yaml b/nuclei-templates/2024/CVE-2024-33539-0c1df7bc0f650153d4deab14ee137704.yaml
index 670114f269..a69a703256 100644
--- a/nuclei-templates/2024/CVE-2024-33539-0c1df7bc0f650153d4deab14ee137704.yaml
+++ b/nuclei-templates/2024/CVE-2024-33539-0c1df7bc0f650153d4deab14ee137704.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPZOOM Addons for Elementor (Templates, Widgets) <= <=1.1.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.1.35 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag.' This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpzoom-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/wpzoom-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-33539'
-  tags: cve,wordpress,wp-plugin,wpzoom-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,wpzoom-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33540-a2599bd3c91638fd59172f5a65248fdd.yaml b/nuclei-templates/2024/CVE-2024-33540-a2599bd3c91638fd59172f5a65248fdd.yaml
index 6693ff63f9..29af5e2d14 100644
--- a/nuclei-templates/2024/CVE-2024-33540-a2599bd3c91638fd59172f5a65248fdd.yaml
+++ b/nuclei-templates/2024/CVE-2024-33540-a2599bd3c91638fd59172f5a65248fdd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ColorNews <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ColorNews theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/colornews/"
     google-query: inurl:"/wp-content/themes/colornews/"
     shodan-query: 'vuln:CVE-2024-33540'
-  tags: cve,wordpress,wp-theme,colornews,medium
+  tags: cve,wordpress,wp-theme,colornews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33541-c71bf414dec349bec3e4220e85ee81e5.yaml b/nuclei-templates/2024/CVE-2024-33541-c71bf414dec349bec3e4220e85ee81e5.yaml
index bc9256ac9e..dee8cd7070 100644
--- a/nuclei-templates/2024/CVE-2024-33541-c71bf414dec349bec3e4220e85ee81e5.yaml
+++ b/nuclei-templates/2024/CVE-2024-33541-c71bf414dec349bec3e4220e85ee81e5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Better Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/better-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-33541'
-  tags: cve,wordpress,wp-plugin,better-elementor-addons,high
+  tags: cve,wordpress,wp-plugin,better-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33542-4ff3f91a93b3247cebd7620836598b68.yaml b/nuclei-templates/2024/CVE-2024-33542-4ff3f91a93b3247cebd7620836598b68.yaml
index fefa7b6323..3cde918d4d 100644
--- a/nuclei-templates/2024/CVE-2024-33542-4ff3f91a93b3247cebd7620836598b68.yaml
+++ b/nuclei-templates/2024/CVE-2024-33542-4ff3f91a93b3247cebd7620836598b68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crelly Slider <= 1.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Crelly Slider plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crelly-slider/"
     google-query: inurl:"/wp-content/plugins/crelly-slider/"
     shodan-query: 'vuln:CVE-2024-33542'
-  tags: cve,wordpress,wp-plugin,crelly-slider,medium
+  tags: cve,wordpress,wp-plugin,crelly-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33545-854e0c6e8605c626361126b016b08a27.yaml b/nuclei-templates/2024/CVE-2024-33545-854e0c6e8605c626361126b016b08a27.yaml
index 3ee5253f20..eeff5c6013 100644
--- a/nuclei-templates/2024/CVE-2024-33545-854e0c6e8605c626361126b016b08a27.yaml
+++ b/nuclei-templates/2024/CVE-2024-33545-854e0c6e8605c626361126b016b08a27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 14.0.10. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woozone/"
     google-query: inurl:"/wp-content/plugins/woozone/"
     shodan-query: 'vuln:CVE-2024-33545'
-  tags: cve,wordpress,wp-plugin,woozone,medium
+  tags: cve,wordpress,wp-plugin,woozone,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33546-e261de97ae518fadfa674900f6884131.yaml b/nuclei-templates/2024/CVE-2024-33546-e261de97ae518fadfa674900f6884131.yaml
index 2df3e96025..8a5eadf7fe 100644
--- a/nuclei-templates/2024/CVE-2024-33546-e261de97ae518fadfa674900f6884131.yaml
+++ b/nuclei-templates/2024/CVE-2024-33546-e261de97ae518fadfa674900f6884131.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 14.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woozone/"
     google-query: inurl:"/wp-content/plugins/woozone/"
     shodan-query: 'vuln:CVE-2024-33546'
-  tags: cve,wordpress,wp-plugin,woozone,critical
+  tags: cve,wordpress,wp-plugin,woozone,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33547-9fc89469f8a530afdf83c67ae386fe4e.yaml b/nuclei-templates/2024/CVE-2024-33547-9fc89469f8a530afdf83c67ae386fe4e.yaml
index 0d4e3f32ce..e41949aabf 100644
--- a/nuclei-templates/2024/CVE-2024-33547-9fc89469f8a530afdf83c67ae386fe4e.yaml
+++ b/nuclei-templates/2024/CVE-2024-33547-9fc89469f8a530afdf83c67ae386fe4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WZone <= 14.0.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WZone plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 14.0.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woozone/"
     google-query: inurl:"/wp-content/plugins/woozone/"
     shodan-query: 'vuln:CVE-2024-33547'
-  tags: cve,wordpress,wp-plugin,woozone,medium
+  tags: cve,wordpress,wp-plugin,woozone,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33549-e2b6dedf58550635a9af3b0cb010148d.yaml b/nuclei-templates/2024/CVE-2024-33549-e2b6dedf58550635a9af3b0cb010148d.yaml
index 5a06c1e1b8..199be04554 100644
--- a/nuclei-templates/2024/CVE-2024-33549-e2b6dedf58550635a9af3b0cb010148d.yaml
+++ b/nuclei-templates/2024/CVE-2024-33549-e2b6dedf58550635a9af3b0cb010148d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 14.0.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to elevate their privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woozone/"
     google-query: inurl:"/wp-content/plugins/woozone/"
     shodan-query: 'vuln:CVE-2024-33549'
-  tags: cve,wordpress,wp-plugin,woozone,high
+  tags: cve,wordpress,wp-plugin,woozone,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33550-923b7799c6c4b8b6606ee152480bc325.yaml b/nuclei-templates/2024/CVE-2024-33550-923b7799c6c4b8b6606ee152480bc325.yaml
index b071e50fdd..23a5bc4d2c 100644
--- a/nuclei-templates/2024/CVE-2024-33550-923b7799c6c4b8b6606ee152480bc325.yaml
+++ b/nuclei-templates/2024/CVE-2024-33550-923b7799c6c4b8b6606ee152480bc325.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Masquerade <= 1.1.0 - Authenticated (Subscriber+) Account Takeover
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Masquerade plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.0.  This makes it possible for authenticated attackers, with subscriber-level access and above, to access other users accounts which may be higher in privilege.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-masquerade/"
     google-query: inurl:"/wp-content/plugins/wp-masquerade/"
     shodan-query: 'vuln:CVE-2024-33550'
-  tags: cve,wordpress,wp-plugin,wp-masquerade,high
+  tags: cve,wordpress,wp-plugin,wp-masquerade,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33555-2b061e047e658e61d8ebbd4e7e809bba.yaml b/nuclei-templates/2024/CVE-2024-33555-2b061e047e658e61d8ebbd4e7e809bba.yaml
index 593f8071dd..fbcec31afe 100644
--- a/nuclei-templates/2024/CVE-2024-33555-2b061e047e658e61d8ebbd4e7e809bba.yaml
+++ b/nuclei-templates/2024/CVE-2024-33555-2b061e047e658e61d8ebbd4e7e809bba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XStore Core <= 5.3.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The XStore Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/et-core-plugin/"
     google-query: inurl:"/wp-content/plugins/et-core-plugin/"
     shodan-query: 'vuln:CVE-2024-33555'
-  tags: cve,wordpress,wp-plugin,et-core-plugin,medium
+  tags: cve,wordpress,wp-plugin,et-core-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33556-4a822947b182a8ad769234c031d65105.yaml b/nuclei-templates/2024/CVE-2024-33556-4a822947b182a8ad769234c031d65105.yaml
index 9e589a6aa3..04291ba480 100644
--- a/nuclei-templates/2024/CVE-2024-33556-4a822947b182a8ad769234c031d65105.yaml
+++ b/nuclei-templates/2024/CVE-2024-33556-4a822947b182a8ad769234c031d65105.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The XStore Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/et-core-plugin/"
     google-query: inurl:"/wp-content/plugins/et-core-plugin/"
     shodan-query: 'vuln:CVE-2024-33556'
-  tags: cve,wordpress,wp-plugin,et-core-plugin,critical
+  tags: cve,wordpress,wp-plugin,et-core-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33557-778530516424ce1a3968690bf84c44c4.yaml b/nuclei-templates/2024/CVE-2024-33557-778530516424ce1a3968690bf84c44c4.yaml
index a23e0860b0..7aeda00960 100644
--- a/nuclei-templates/2024/CVE-2024-33557-778530516424ce1a3968690bf84c44c4.yaml
+++ b/nuclei-templates/2024/CVE-2024-33557-778530516424ce1a3968690bf84c44c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XStore Core <= 5.3.5 - Authenticated (Subscriber+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The XStore Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/et-core-plugin/"
     google-query: inurl:"/wp-content/plugins/et-core-plugin/"
     shodan-query: 'vuln:CVE-2024-33557'
-  tags: cve,wordpress,wp-plugin,et-core-plugin,high
+  tags: cve,wordpress,wp-plugin,et-core-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33558-69dc88dae2977364ee23f133476679d5.yaml b/nuclei-templates/2024/CVE-2024-33558-69dc88dae2977364ee23f133476679d5.yaml
index 3ba08be67f..b71ca0c9b4 100644
--- a/nuclei-templates/2024/CVE-2024-33558-69dc88dae2977364ee23f133476679d5.yaml
+++ b/nuclei-templates/2024/CVE-2024-33558-69dc88dae2977364ee23f133476679d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The et-core-plugin plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 5.3.5. This is due to the plugin not properly restricting which files can be downloaded. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/et-core-plugin/"
     google-query: inurl:"/wp-content/plugins/et-core-plugin/"
     shodan-query: 'vuln:CVE-2024-33558'
-  tags: cve,wordpress,wp-plugin,et-core-plugin,medium
+  tags: cve,wordpress,wp-plugin,et-core-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33561-bf873db96785a26a3145cbfaa5b26d6e.yaml b/nuclei-templates/2024/CVE-2024-33561-bf873db96785a26a3145cbfaa5b26d6e.yaml
index b5c185a623..961f53cec4 100644
--- a/nuclei-templates/2024/CVE-2024-33561-bf873db96785a26a3145cbfaa5b26d6e.yaml
+++ b/nuclei-templates/2024/CVE-2024-33561-bf873db96785a26a3145cbfaa5b26d6e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XStore <= 9.3.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The XStore theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 9.3.5. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/xstore/"
     google-query: inurl:"/wp-content/themes/xstore/"
     shodan-query: 'vuln:CVE-2024-33561'
-  tags: cve,wordpress,wp-theme,xstore,medium
+  tags: cve,wordpress,wp-theme,xstore,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33563-38fb7f7c173d005d7a2c4887d0346c93.yaml b/nuclei-templates/2024/CVE-2024-33563-38fb7f7c173d005d7a2c4887d0346c93.yaml
index 5b5ef41667..fca346801b 100644
--- a/nuclei-templates/2024/CVE-2024-33563-38fb7f7c173d005d7a2c4887d0346c93.yaml
+++ b/nuclei-templates/2024/CVE-2024-33563-38fb7f7c173d005d7a2c4887d0346c93.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XStore <= 9.3.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The XStore theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 9.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/xstore/"
     google-query: inurl:"/wp-content/themes/xstore/"
     shodan-query: 'vuln:CVE-2024-33563'
-  tags: cve,wordpress,wp-theme,xstore,medium
+  tags: cve,wordpress,wp-theme,xstore,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33564-8a9cd0a3b3bf0281b86f1864c19141dc.yaml b/nuclei-templates/2024/CVE-2024-33564-8a9cd0a3b3bf0281b86f1864c19141dc.yaml
index 433e17bdbd..20a806fab1 100644
--- a/nuclei-templates/2024/CVE-2024-33564-8a9cd0a3b3bf0281b86f1864c19141dc.yaml
+++ b/nuclei-templates/2024/CVE-2024-33564-8a9cd0a3b3bf0281b86f1864c19141dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XStore <= 9.3.5 - Authenticated (Subscriber+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The XStore theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 9.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be used to achieve privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/xstore/"
     google-query: inurl:"/wp-content/themes/xstore/"
     shodan-query: 'vuln:CVE-2024-33564'
-  tags: cve,wordpress,wp-theme,xstore,high
+  tags: cve,wordpress,wp-theme,xstore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33565-ea61aaf0b841c4447233caa711d245e0.yaml b/nuclei-templates/2024/CVE-2024-33565-ea61aaf0b841c4447233caa711d245e0.yaml
index 877f72c4aa..47dfec884c 100644
--- a/nuclei-templates/2024/CVE-2024-33565-ea61aaf0b841c4447233caa711d245e0.yaml
+++ b/nuclei-templates/2024/CVE-2024-33565-ea61aaf0b841c4447233caa711d245e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/"
     google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/"
     shodan-query: 'vuln:CVE-2024-33565'
-  tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,medium
+  tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33566-5b3434af05805f54d95301c9d2bfe97f.yaml b/nuclei-templates/2024/CVE-2024-33566-5b3434af05805f54d95301c9d2bfe97f.yaml
index f70312d6bc..e0ea8ea0c6 100644
--- a/nuclei-templates/2024/CVE-2024-33566-5b3434af05805f54d95301c9d2bfe97f.yaml
+++ b/nuclei-templates/2024/CVE-2024-33566-5b3434af05805f54d95301c9d2bfe97f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OrderConvo <= 12.4 - Missing Authorization to Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on a REST API endpoint in all versions up to, and including, 12.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-and-client-message-after-order-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/admin-and-client-message-after-order-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-33566'
-  tags: cve,wordpress,wp-plugin,admin-and-client-message-after-order-for-woocommerce,critical
+  tags: cve,wordpress,wp-plugin,admin-and-client-message-after-order-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33568-c32e665e9be4b817092efeaf96853d74.yaml b/nuclei-templates/2024/CVE-2024-33568-c32e665e9be4b817092efeaf96853d74.yaml
index 2e855967b1..d7644b8df4 100644
--- a/nuclei-templates/2024/CVE-2024-33568-c32e665e9be4b817092efeaf96853d74.yaml
+++ b/nuclei-templates/2024/CVE-2024-33568-c32e665e9be4b817092efeaf96853d74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Element Pack Pro <= 7.7.4 - Authenticated (Contributor+) Arbitrary File Read and PHAR Deserialization
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.7.4. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-element-pack/"
     google-query: inurl:"/wp-content/plugins/bdthemes-element-pack/"
     shodan-query: 'vuln:CVE-2024-33568'
-  tags: cve,wordpress,wp-plugin,bdthemes-element-pack,critical
+  tags: cve,wordpress,wp-plugin,bdthemes-element-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33570-a94be3f467ceacb837ea20db05393018.yaml b/nuclei-templates/2024/CVE-2024-33570-a94be3f467ceacb837ea20db05393018.yaml
index bcc917805d..4af5a7d157 100644
--- a/nuclei-templates/2024/CVE-2024-33570-a94be3f467ceacb837ea20db05393018.yaml
+++ b/nuclei-templates/2024/CVE-2024-33570-a94be3f467ceacb837ea20db05393018.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Metform Elementor Contact Form Builder <= 3.8.3 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dismiss_ajax_call function in versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/metform/"
     google-query: inurl:"/wp-content/plugins/metform/"
     shodan-query: 'vuln:CVE-2024-33570'
-  tags: cve,wordpress,wp-plugin,metform,medium
+  tags: cve,wordpress,wp-plugin,metform,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33572-fdbe6ed30963d2d89b9e4d6d9ea6d03d.yaml b/nuclei-templates/2024/CVE-2024-33572-fdbe6ed30963d2d89b9e4d6d9ea6d03d.yaml
index e662fac824..f2c0b72ffd 100644
--- a/nuclei-templates/2024/CVE-2024-33572-fdbe6ed30963d2d89b9e4d6d9ea6d03d.yaml
+++ b/nuclei-templates/2024/CVE-2024-33572-fdbe6ed30963d2d89b9e4d6d9ea6d03d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Plus Blocks for Block Editor | Gutenberg <= 3.2.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Tp_f_delete_transient() function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete transients.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-plus-addons-for-block-editor/"
     google-query: inurl:"/wp-content/plugins/the-plus-addons-for-block-editor/"
     shodan-query: 'vuln:CVE-2024-33572'
-  tags: cve,wordpress,wp-plugin,the-plus-addons-for-block-editor,medium
+  tags: cve,wordpress,wp-plugin,the-plus-addons-for-block-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33573-ad0ff157f5be17af68fa4347894dd5e7.yaml b/nuclei-templates/2024/CVE-2024-33573-ad0ff157f5be17af68fa4347894dd5e7.yaml
index 4db971e644..d1fc5f0f66 100644
--- a/nuclei-templates/2024/CVE-2024-33573-ad0ff157f5be17af68fa4347894dd5e7.yaml
+++ b/nuclei-templates/2024/CVE-2024-33573-ad0ff157f5be17af68fa4347894dd5e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EPROLO Dropshipping <= 1.7.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eprolo_disconnect, eprolo_reflsh, and eprolo_connect_key functions in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eprolo-dropshipping/"
     google-query: inurl:"/wp-content/plugins/eprolo-dropshipping/"
     shodan-query: 'vuln:CVE-2024-33573'
-  tags: cve,wordpress,wp-plugin,eprolo-dropshipping,medium
+  tags: cve,wordpress,wp-plugin,eprolo-dropshipping,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33574-d6b6bc643ec1ba18798cef4b6b37fe69.yaml b/nuclei-templates/2024/CVE-2024-33574-d6b6bc643ec1ba18798cef4b6b37fe69.yaml
index f3ae283ef9..38f1d977ed 100644
--- a/nuclei-templates/2024/CVE-2024-33574-d6b6bc643ec1ba18798cef4b6b37fe69.yaml
+++ b/nuclei-templates/2024/CVE-2024-33574-d6b6bc643ec1ba18798cef4b6b37fe69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Vitepos <= 3.0.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Vitepos plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vitepos-lite/"
     google-query: inurl:"/wp-content/plugins/vitepos-lite/"
     shodan-query: 'vuln:CVE-2024-33574'
-  tags: cve,wordpress,wp-plugin,vitepos-lite,medium
+  tags: cve,wordpress,wp-plugin,vitepos-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33576-e4bdb79e642b57f61de774ae24d8a0ad.yaml b/nuclei-templates/2024/CVE-2024-33576-e4bdb79e642b57f61de774ae24d8a0ad.yaml
index f18f4998bc..731feb0e2d 100644
--- a/nuclei-templates/2024/CVE-2024-33576-e4bdb79e642b57f61de774ae24d8a0ad.yaml
+++ b/nuclei-templates/2024/CVE-2024-33576-e4bdb79e642b57f61de774ae24d8a0ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPPizza <= 3.18.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPPizza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_ajax function found in several files in versions up to, and including, 3.18.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify several plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wppizza/"
     google-query: inurl:"/wp-content/plugins/wppizza/"
     shodan-query: 'vuln:CVE-2024-33576'
-  tags: cve,wordpress,wp-plugin,wppizza,medium
+  tags: cve,wordpress,wp-plugin,wppizza,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33586-f6467ad8511f5004bea6f7b6c2cbc45b.yaml b/nuclei-templates/2024/CVE-2024-33586-f6467ad8511f5004bea6f7b6c2cbc45b.yaml
index fadfd7132a..eaf7f45ffd 100644
--- a/nuclei-templates/2024/CVE-2024-33586-f6467ad8511f5004bea6f7b6c2cbc45b.yaml
+++ b/nuclei-templates/2024/CVE-2024-33586-f6467ad8511f5004bea6f7b6c2cbc45b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.8.20 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.20. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:CVE-2024-33586'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33587-80ad6ff6a41f2684b99adffd0cc6275a.yaml b/nuclei-templates/2024/CVE-2024-33587-80ad6ff6a41f2684b99adffd0cc6275a.yaml
index 3f2c56e6d6..4e8f7b368c 100644
--- a/nuclei-templates/2024/CVE-2024-33587-80ad6ff6a41f2684b99adffd0cc6275a.yaml
+++ b/nuclei-templates/2024/CVE-2024-33587-80ad6ff6a41f2684b99adffd0cc6275a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Secure Copy Content Protection and Content Locking <= 3.9.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_sccp_option function in versions up to, and including, 3.9.0. This makes it possible for unauthenticated attackers to modify an option. It does not appear this was adequately patched in 3.9.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/secure-copy-content-protection/"
     google-query: inurl:"/wp-content/plugins/secure-copy-content-protection/"
     shodan-query: 'vuln:CVE-2024-33587'
-  tags: cve,wordpress,wp-plugin,secure-copy-content-protection,medium
+  tags: cve,wordpress,wp-plugin,secure-copy-content-protection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33588-a5afc25e9a9bba6762e73f63456f868e.yaml b/nuclei-templates/2024/CVE-2024-33588-a5afc25e9a9bba6762e73f63456f868e.yaml
index 91abbf1408..ec6b5efe29 100644
--- a/nuclei-templates/2024/CVE-2024-33588-a5afc25e9a9bba6762e73f63456f868e.yaml
+++ b/nuclei-templates/2024/CVE-2024-33588-a5afc25e9a9bba6762e73f63456f868e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Knowledge Base documentation & wiki plugin – BasePress <= 2.16.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Knowledge Base documentation & wiki plugin – BasePress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in versions up to, and including, 2.16.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/basepress/"
     google-query: inurl:"/wp-content/plugins/basepress/"
     shodan-query: 'vuln:CVE-2024-33588'
-  tags: cve,wordpress,wp-plugin,basepress,medium
+  tags: cve,wordpress,wp-plugin,basepress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33589-7229f0a7ed96aafb75936c9e304ee19f.yaml b/nuclei-templates/2024/CVE-2024-33589-7229f0a7ed96aafb75936c9e304ee19f.yaml
index 88c1e8ddc6..85e3a551f0 100644
--- a/nuclei-templates/2024/CVE-2024-33589-7229f0a7ed96aafb75936c9e304ee19f.yaml
+++ b/nuclei-templates/2024/CVE-2024-33589-7229f0a7ed96aafb75936c9e304ee19f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KB Support <= 1.6.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The KB Support plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the kbs_ajax_display_ticket_notes and kbs_ajax_display_ticket_replies function in versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to view ticket notes and replies.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kb-support/"
     google-query: inurl:"/wp-content/plugins/kb-support/"
     shodan-query: 'vuln:CVE-2024-33589'
-  tags: cve,wordpress,wp-plugin,kb-support,medium
+  tags: cve,wordpress,wp-plugin,kb-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33590-fdf5e229c491f2ee061576794ec1d5c1.yaml b/nuclei-templates/2024/CVE-2024-33590-fdf5e229c491f2ee061576794ec1d5c1.yaml
index fa8d1d1076..ffbdb5c8f4 100644
--- a/nuclei-templates/2024/CVE-2024-33590-fdf5e229c491f2ee061576794ec1d5c1.yaml
+++ b/nuclei-templates/2024/CVE-2024-33590-fdf5e229c491f2ee061576794ec1d5c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Knowledge Base documentation & wiki plugin – BasePress <= 2.16.1 - Authenticated (Subscriber+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.16.1 via the theme_style_render() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/basepress/"
     google-query: inurl:"/wp-content/plugins/basepress/"
     shodan-query: 'vuln:CVE-2024-33590'
-  tags: cve,wordpress,wp-plugin,basepress,medium
+  tags: cve,wordpress,wp-plugin,basepress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33591-b86559278d78c8a80909bf3088ee795a.yaml b/nuclei-templates/2024/CVE-2024-33591-b86559278d78c8a80909bf3088ee795a.yaml
index 8a26acc0f0..8752a91f1e 100644
--- a/nuclei-templates/2024/CVE-2024-33591-b86559278d78c8a80909bf3088ee795a.yaml
+++ b/nuclei-templates/2024/CVE-2024-33591-b86559278d78c8a80909bf3088ee795a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Accept Payments <= 4.9.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Accept Payments via PayPal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.9.10. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/"
     google-query: inurl:"/wp-content/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/"
     shodan-query: 'vuln:CVE-2024-33591'
-  tags: cve,wordpress,wp-plugin,wordpress-easy-paypal-payment-or-donation-accept-plugin,medium
+  tags: cve,wordpress,wp-plugin,wordpress-easy-paypal-payment-or-donation-accept-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33593-a4a6f5b9e735cb14d76827d4a578ff1c.yaml b/nuclei-templates/2024/CVE-2024-33593-a4a6f5b9e735cb14d76827d4a578ff1c.yaml
index 5525587cbf..6f53d60066 100644
--- a/nuclei-templates/2024/CVE-2024-33593-a4a6f5b9e735cb14d76827d4a578ff1c.yaml
+++ b/nuclei-templates/2024/CVE-2024-33593-a4a6f5b9e735cb14d76827d4a578ff1c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Forms <= 2.6.91 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rednao_smart_forms_dont_show_again() function in versions up to, and including, 2.6.91. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-forms/"
     google-query: inurl:"/wp-content/plugins/smart-forms/"
     shodan-query: 'vuln:CVE-2024-33593'
-  tags: cve,wordpress,wp-plugin,smart-forms,medium
+  tags: cve,wordpress,wp-plugin,smart-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33594-9dd9621e217d263471711af1462b33c0.yaml b/nuclei-templates/2024/CVE-2024-33594-9dd9621e217d263471711af1462b33c0.yaml
index 67418e1225..aa77cd6068 100644
--- a/nuclei-templates/2024/CVE-2024-33594-9dd9621e217d263471711af1462b33c0.yaml
+++ b/nuclei-templates/2024/CVE-2024-33594-9dd9621e217d263471711af1462b33c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaky Paywall <= 4.20.8 - Missing Authorization to Price Manipulation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Leaky Paywall plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 4.20.8. This is due to the plugin allowing the price field to be user supplied. This makes it possible for unauthenticated attackers to alter the price of memberships.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaky-paywall/"
     google-query: inurl:"/wp-content/plugins/leaky-paywall/"
     shodan-query: 'vuln:CVE-2024-33594'
-  tags: cve,wordpress,wp-plugin,leaky-paywall,medium
+  tags: cve,wordpress,wp-plugin,leaky-paywall,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33595-5ad76356f82ec882d88e003164818843.yaml b/nuclei-templates/2024/CVE-2024-33595-5ad76356f82ec882d88e003164818843.yaml
index 3746954434..23764f3ac6 100644
--- a/nuclei-templates/2024/CVE-2024-33595-5ad76356f82ec882d88e003164818843.yaml
+++ b/nuclei-templates/2024/CVE-2024-33595-5ad76356f82ec882d88e003164818843.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Addons for Elementor <= 2.0.5.4.1 - Missing Authorization on Duplicate Post
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the jltma_duplicator_row_actions() function in versions up to, and including, 2.0.5.4.1. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate posts that may contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-addons/"
     google-query: inurl:"/wp-content/plugins/master-addons/"
     shodan-query: 'vuln:CVE-2024-33595'
-  tags: cve,wordpress,wp-plugin,master-addons,medium
+  tags: cve,wordpress,wp-plugin,master-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33596-2e12923b4994409fb95da9b1bf700385.yaml b/nuclei-templates/2024/CVE-2024-33596-2e12923b4994409fb95da9b1bf700385.yaml
index 5633b21d1e..ac93e8ee99 100644
--- a/nuclei-templates/2024/CVE-2024-33596-2e12923b4994409fb95da9b1bf700385.yaml
+++ b/nuclei-templates/2024/CVE-2024-33596-2e12923b4994409fb95da9b1bf700385.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Five Star Restaurant Reservations <= 2.6.16 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Five Star Restaurant Reservations plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 2.6.16. This makes it possible for unauthenticated attackers to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restaurant-reservations/"
     google-query: inurl:"/wp-content/plugins/restaurant-reservations/"
     shodan-query: 'vuln:CVE-2024-33596'
-  tags: cve,wordpress,wp-plugin,restaurant-reservations,medium
+  tags: cve,wordpress,wp-plugin,restaurant-reservations,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33597-00fe1d8fca57ad1440836b41da0ce6fd.yaml b/nuclei-templates/2024/CVE-2024-33597-00fe1d8fca57ad1440836b41da0ce6fd.yaml
index 5d257ee63e..9ce46169d1 100644
--- a/nuclei-templates/2024/CVE-2024-33597-00fe1d8fca57ad1440836b41da0ce6fd.yaml
+++ b/nuclei-templates/2024/CVE-2024-33597-00fe1d8fca57ad1440836b41da0ce6fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SSU <= 1.5.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SSU plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_aws_options() function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to delete AWS options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-s3-smart-upload/"
     google-query: inurl:"/wp-content/plugins/wp-s3-smart-upload/"
     shodan-query: 'vuln:CVE-2024-33597'
-  tags: cve,wordpress,wp-plugin,wp-s3-smart-upload,medium
+  tags: cve,wordpress,wp-plugin,wp-s3-smart-upload,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33598-498bbeebfd7d1067e2db21072dfc82ff.yaml b/nuclei-templates/2024/CVE-2024-33598-498bbeebfd7d1067e2db21072dfc82ff.yaml
index 1292dadcbd..98b5a391b6 100644
--- a/nuclei-templates/2024/CVE-2024-33598-498bbeebfd7d1067e2db21072dfc82ff.yaml
+++ b/nuclei-templates/2024/CVE-2024-33598-498bbeebfd7d1067e2db21072dfc82ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Annual Archive <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Annual Archive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anual-archive/"
     google-query: inurl:"/wp-content/plugins/anual-archive/"
     shodan-query: 'vuln:CVE-2024-33598'
-  tags: cve,wordpress,wp-plugin,anual-archive,medium
+  tags: cve,wordpress,wp-plugin,anual-archive,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33627-b0c570c63a16100d4cac08a03560c9a1.yaml b/nuclei-templates/2024/CVE-2024-33627-b0c570c63a16100d4cac08a03560c9a1.yaml
index efd1850c27..ce485af87b 100644
--- a/nuclei-templates/2024/CVE-2024-33627-b0c570c63a16100d4cac08a03560c9a1.yaml
+++ b/nuclei-templates/2024/CVE-2024-33627-b0c570c63a16100d4cac08a03560c9a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Absolutely Glamorous Custom Admin <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AGCA – Custom Dashboard & Login Page plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.2.3. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ag-custom-admin/"
     google-query: inurl:"/wp-content/plugins/ag-custom-admin/"
     shodan-query: 'vuln:CVE-2024-33627'
-  tags: cve,wordpress,wp-plugin,ag-custom-admin,medium
+  tags: cve,wordpress,wp-plugin,ag-custom-admin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33628-ad605f98f0b12012c381eafdf54cfada.yaml b/nuclei-templates/2024/CVE-2024-33628-ad605f98f0b12012c381eafdf54cfada.yaml
index 14ecc399e6..3f888868f9 100644
--- a/nuclei-templates/2024/CVE-2024-33628-ad605f98f0b12012c381eafdf54cfada.yaml
+++ b/nuclei-templates/2024/CVE-2024-33628-ad605f98f0b12012c381eafdf54cfada.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The XforWooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xforwoocommerce/"
     google-query: inurl:"/wp-content/plugins/xforwoocommerce/"
     shodan-query: 'vuln:CVE-2024-33628'
-  tags: cve,wordpress,wp-plugin,xforwoocommerce,high
+  tags: cve,wordpress,wp-plugin,xforwoocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33629-272755bdeeb1adc01a4352f800652c09.yaml b/nuclei-templates/2024/CVE-2024-33629-272755bdeeb1adc01a4352f800652c09.yaml
index e455471f6e..7f061cc949 100644
--- a/nuclei-templates/2024/CVE-2024-33629-272755bdeeb1adc01a4352f800652c09.yaml
+++ b/nuclei-templates/2024/CVE-2024-33629-272755bdeeb1adc01a4352f800652c09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-post-thumbnail/"
     google-query: inurl:"/wp-content/plugins/auto-post-thumbnail/"
     shodan-query: 'vuln:CVE-2024-33629'
-  tags: cve,wordpress,wp-plugin,auto-post-thumbnail,medium
+  tags: cve,wordpress,wp-plugin,auto-post-thumbnail,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33630-e66a7b75dd0639134f09eee91026a929.yaml b/nuclei-templates/2024/CVE-2024-33630-e66a7b75dd0639134f09eee91026a929.yaml
index 43f5b2abf7..5a2adaa92d 100644
--- a/nuclei-templates/2024/CVE-2024-33630-e66a7b75dd0639134f09eee91026a929.yaml
+++ b/nuclei-templates/2024/CVE-2024-33630-e66a7b75dd0639134f09eee91026a929.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/piotnet-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-33630'
-  tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33631-7188ef26349164dd23042500cdbf31b3.yaml b/nuclei-templates/2024/CVE-2024-33631-7188ef26349164dd23042500cdbf31b3.yaml
index ac481d80ab..524cb22c00 100644
--- a/nuclei-templates/2024/CVE-2024-33631-7188ef26349164dd23042500cdbf31b3.yaml
+++ b/nuclei-templates/2024/CVE-2024-33631-7188ef26349164dd23042500cdbf31b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Piotnet Addons For Elementor Pro <= 7.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/piotnet-addons-for-elementor-pro/"
     google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor-pro/"
     shodan-query: 'vuln:CVE-2024-33631'
-  tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33635-a073e10124aebcae7675d30da8592a4c.yaml b/nuclei-templates/2024/CVE-2024-33635-a073e10124aebcae7675d30da8592a4c.yaml
index 8c378876d3..cdf7a7061c 100644
--- a/nuclei-templates/2024/CVE-2024-33635-a073e10124aebcae7675d30da8592a4c.yaml
+++ b/nuclei-templates/2024/CVE-2024-33635-a073e10124aebcae7675d30da8592a4c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Piotnet Addons For Elementor Pro <= 7.1.17 - Missing Authorization to Arbitrary Post/Page Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 7.1.17. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/piotnet-addons-for-elementor-pro/"
     google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor-pro/"
     shodan-query: 'vuln:CVE-2024-33635'
-  tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33636-f6874af8a1671c63716fd288efc17414.yaml b/nuclei-templates/2024/CVE-2024-33636-f6874af8a1671c63716fd288efc17414.yaml
index 8ef8efc120..54f7f0c7e7 100644
--- a/nuclei-templates/2024/CVE-2024-33636-f6874af8a1671c63716fd288efc17414.yaml
+++ b/nuclei-templates/2024/CVE-2024-33636-f6874af8a1671c63716fd288efc17414.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Page Post Widget Clone <= 1.0.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Page Post Widget Clone plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with contributor-level access and above, to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-page-post-widget-clone/"
     google-query: inurl:"/wp-content/plugins/wp-page-post-widget-clone/"
     shodan-query: 'vuln:CVE-2024-33636'
-  tags: cve,wordpress,wp-plugin,wp-page-post-widget-clone,medium
+  tags: cve,wordpress,wp-plugin,wp-page-post-widget-clone,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33639-104344c0b7a013be4ee55f379fbf7b52.yaml b/nuclei-templates/2024/CVE-2024-33639-104344c0b7a013be4ee55f379fbf7b52.yaml
index dd8fc26690..3b3af91654 100644
--- a/nuclei-templates/2024/CVE-2024-33639-104344c0b7a013be4ee55f379fbf7b52.yaml
+++ b/nuclei-templates/2024/CVE-2024-33639-104344c0b7a013be4ee55f379fbf7b52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PopupAlly <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PopupAlly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popupally/"
     google-query: inurl:"/wp-content/plugins/popupally/"
     shodan-query: 'vuln:CVE-2024-33639'
-  tags: cve,wordpress,wp-plugin,popupally,medium
+  tags: cve,wordpress,wp-plugin,popupally,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33640-f9b0e5543d8b6fde32af392e9a980e57.yaml b/nuclei-templates/2024/CVE-2024-33640-f9b0e5543d8b6fde32af392e9a980e57.yaml
index c9b099bdb1..50429eae7a 100644
--- a/nuclei-templates/2024/CVE-2024-33640-f9b0e5543d8b6fde32af392e9a980e57.yaml
+++ b/nuclei-templates/2024/CVE-2024-33640-f9b0e5543d8b6fde32af392e9a980e57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pretty Google Calendar <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pretty Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pretty-google-calendar/"
     google-query: inurl:"/wp-content/plugins/pretty-google-calendar/"
     shodan-query: 'vuln:CVE-2024-33640'
-  tags: cve,wordpress,wp-plugin,pretty-google-calendar,medium
+  tags: cve,wordpress,wp-plugin,pretty-google-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33641-38fb53416dee6ab7b6bba5cadf55c4c5.yaml b/nuclei-templates/2024/CVE-2024-33641-38fb53416dee6ab7b6bba5cadf55c4c5.yaml
index 47774795d5..8c3c67c6d0 100644
--- a/nuclei-templates/2024/CVE-2024-33641-38fb53416dee6ab7b6bba5cadf55c4c5.yaml
+++ b/nuclei-templates/2024/CVE-2024-33641-38fb53416dee6ab7b6bba5cadf55c4c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom field finder <= 0.3 - Authenticated (Author+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Custom field finder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.3 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-field-finder/"
     google-query: inurl:"/wp-content/plugins/custom-field-finder/"
     shodan-query: 'vuln:CVE-2024-33641'
-  tags: cve,wordpress,wp-plugin,custom-field-finder,high
+  tags: cve,wordpress,wp-plugin,custom-field-finder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33642-dd776d5a9d71139420b6706ccdb1e25f.yaml b/nuclei-templates/2024/CVE-2024-33642-dd776d5a9d71139420b6706ccdb1e25f.yaml
index 6f51c265f5..c6e769dac5 100644
--- a/nuclei-templates/2024/CVE-2024-33642-dd776d5a9d71139420b6706ccdb1e25f.yaml
+++ b/nuclei-templates/2024/CVE-2024-33642-dd776d5a9d71139420b6706ccdb1e25f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Post List  <= 0.5.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Post List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.5.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-post-list/"
     google-query: inurl:"/wp-content/plugins/advanced-post-list/"
     shodan-query: 'vuln:CVE-2024-33642'
-  tags: cve,wordpress,wp-plugin,advanced-post-list,medium
+  tags: cve,wordpress,wp-plugin,advanced-post-list,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33643-b02147be7bebef844df5583704a48a3c.yaml b/nuclei-templates/2024/CVE-2024-33643-b02147be7bebef844df5583704a48a3c.yaml
index 00a28a36f8..0fcee19e58 100644
--- a/nuclei-templates/2024/CVE-2024-33643-b02147be7bebef844df5583704a48a3c.yaml
+++ b/nuclei-templates/2024/CVE-2024-33643-b02147be7bebef844df5583704a48a3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Most Recent Posts Mod <= 1.6.5.2 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Most Recent Posts Mod plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-most-recent-posts-mod/"
     google-query: inurl:"/wp-content/plugins/advanced-most-recent-posts-mod/"
     shodan-query: 'vuln:CVE-2024-33643'
-  tags: cve,wordpress,wp-plugin,advanced-most-recent-posts-mod,medium
+  tags: cve,wordpress,wp-plugin,advanced-most-recent-posts-mod,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33648-7675af1bd6eb113efdfef786b75aea68.yaml b/nuclei-templates/2024/CVE-2024-33648-7675af1bd6eb113efdfef786b75aea68.yaml
index bfacba4c4b..e1e7eb59d0 100644
--- a/nuclei-templates/2024/CVE-2024-33648-7675af1bd6eb113efdfef786b75aea68.yaml
+++ b/nuclei-templates/2024/CVE-2024-33648-7675af1bd6eb113efdfef786b75aea68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Recencio Book Reviews <= 1.66.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Recencio Book Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.66.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recencio-book-reviews/"
     google-query: inurl:"/wp-content/plugins/recencio-book-reviews/"
     shodan-query: 'vuln:CVE-2024-33648'
-  tags: cve,wordpress,wp-plugin,recencio-book-reviews,medium
+  tags: cve,wordpress,wp-plugin,recencio-book-reviews,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33649-75f9430e21b1ffadf43723a73937595b.yaml b/nuclei-templates/2024/CVE-2024-33649-75f9430e21b1ffadf43723a73937595b.yaml
index ea7ff67201..f8e0eb0bd7 100644
--- a/nuclei-templates/2024/CVE-2024-33649-75f9430e21b1ffadf43723a73937595b.yaml
+++ b/nuclei-templates/2024/CVE-2024-33649-75f9430e21b1ffadf43723a73937595b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Opal Widgets For Elementor <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Opal Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/opal-widgets-for-elementor/"
     google-query: inurl:"/wp-content/plugins/opal-widgets-for-elementor/"
     shodan-query: 'vuln:CVE-2024-33649'
-  tags: cve,wordpress,wp-plugin,opal-widgets-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,opal-widgets-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33652-c20c39f747c7f70cb8ab495d6417a431.yaml b/nuclei-templates/2024/CVE-2024-33652-c20c39f747c7f70cb8ab495d6417a431.yaml
index 4c5e3df9e8..583a3cbf68 100644
--- a/nuclei-templates/2024/CVE-2024-33652-c20c39f747c7f70cb8ab495d6417a431.yaml
+++ b/nuclei-templates/2024/CVE-2024-33652-c20c39f747c7f70cb8ab495d6417a431.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Client Dash <= 2.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Client Dash plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/client-dash/"
     google-query: inurl:"/wp-content/plugins/client-dash/"
     shodan-query: 'vuln:CVE-2024-33652'
-  tags: cve,wordpress,wp-plugin,client-dash,medium
+  tags: cve,wordpress,wp-plugin,client-dash,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33684-2aaf513c887290d1b06e4a97482b6da3.yaml b/nuclei-templates/2024/CVE-2024-33684-2aaf513c887290d1b06e4a97482b6da3.yaml
index 18d5d3fac1..badd179e65 100644
--- a/nuclei-templates/2024/CVE-2024-33684-2aaf513c887290d1b06e4a97482b6da3.yaml
+++ b/nuclei-templates/2024/CVE-2024-33684-2aaf513c887290d1b06e4a97482b6da3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Save as PDF plugin by Pdfcrowd <= 3.2.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Save as PDF plugin by Pdfcrowd plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_sample_button() function in versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject malicious web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/save-as-pdf-by-pdfcrowd/"
     google-query: inurl:"/wp-content/plugins/save-as-pdf-by-pdfcrowd/"
     shodan-query: 'vuln:CVE-2024-33684'
-  tags: cve,wordpress,wp-plugin,save-as-pdf-by-pdfcrowd,medium
+  tags: cve,wordpress,wp-plugin,save-as-pdf-by-pdfcrowd,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33685-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml b/nuclei-templates/2024/CVE-2024-33685-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml
index 5e168392f0..1b2db82ac5 100644
--- a/nuclei-templates/2024/CVE-2024-33685-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml
+++ b/nuclei-templates/2024/CVE-2024-33685-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple theme for WordPress by jegstudio are vulnerable to unauthorized modification of data due to a missing capability check on the notice_closed() function in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notifications.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2024-33685
   metadata:
-    fofa-query: "wp-content/themes/intrace/"
-    google-query: inurl:"/wp-content/themes/intrace/"
+    fofa-query: "wp-content/themes/accountra/"
+    google-query: inurl:"/wp-content/themes/accountra/"
     shodan-query: 'vuln:CVE-2024-33685'
-  tags: cve,wordpress,wp-theme,intrace,medium
+  tags: cve,wordpress,wp-theme,accountra,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/intrace/style.css"
+      - "{{BaseURL}}/wp-content/themes/accountra/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "intrace"
+          - "accountra"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.1.0')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.3')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-33686-37917ea4c5b30e9a2f479f087050ff0a.yaml b/nuclei-templates/2024/CVE-2024-33686-37917ea4c5b30e9a2f479f087050ff0a.yaml
index 4b8c4f7fc8..b5c0d11e4c 100644
--- a/nuclei-templates/2024/CVE-2024-33686-37917ea4c5b30e9a2f479f087050ff0a.yaml
+++ b/nuclei-templates/2024/CVE-2024-33686-37917ea4c5b30e9a2f479f087050ff0a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ColibriWP Theme framework <= (Various Versions) - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ColibriWP Theme framework used by multiple themes for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_plugin' AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. CVE-2024-33688 and CVE-2024-2904 should be a part of this CVE.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2024-33686
   metadata:
-    fofa-query: "wp-content/themes/colibri-wp/"
-    google-query: inurl:"/wp-content/themes/colibri-wp/"
+    fofa-query: "wp-content/themes/vertice/"
+    google-query: inurl:"/wp-content/themes/vertice/"
     shodan-query: 'vuln:CVE-2024-33686'
-  tags: cve,wordpress,wp-theme,colibri-wp,medium
+  tags: cve,wordpress,wp-theme,vertice,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/colibri-wp/style.css"
+      - "{{BaseURL}}/wp-content/themes/vertice/style.css"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "colibri-wp"
+          - "vertice"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.0.94')
\ No newline at end of file
+          - compare_versions(version, '<= 1.0.7')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-33692-0b26b05fd72223ab78d0eb64dadbd40a.yaml b/nuclei-templates/2024/CVE-2024-33692-0b26b05fd72223ab78d0eb64dadbd40a.yaml
index 28953190f3..3f290dd7a0 100644
--- a/nuclei-templates/2024/CVE-2024-33692-0b26b05fd72223ab78d0eb64dadbd40a.yaml
+++ b/nuclei-templates/2024/CVE-2024-33692-0b26b05fd72223ab78d0eb64dadbd40a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Recent Posts Widget <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Smart Recent Posts Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-recent-posts-widget/"
     google-query: inurl:"/wp-content/plugins/smart-recent-posts-widget/"
     shodan-query: 'vuln:CVE-2024-33692'
-  tags: cve,wordpress,wp-plugin,smart-recent-posts-widget,medium
+  tags: cve,wordpress,wp-plugin,smart-recent-posts-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33693-065fb6634c2979f9a8dbb1a289a68a9b.yaml b/nuclei-templates/2024/CVE-2024-33693-065fb6634c2979f9a8dbb1a289a68a9b.yaml
index 053ccffdbf..eee3844c68 100644
--- a/nuclei-templates/2024/CVE-2024-33693-065fb6634c2979f9a8dbb1a289a68a9b.yaml
+++ b/nuclei-templates/2024/CVE-2024-33693-065fb6634c2979f9a8dbb1a289a68a9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meks Smart Social Widget <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meks-smart-social-widget/"
     google-query: inurl:"/wp-content/plugins/meks-smart-social-widget/"
     shodan-query: 'vuln:CVE-2024-33693'
-  tags: cve,wordpress,wp-plugin,meks-smart-social-widget,medium
+  tags: cve,wordpress,wp-plugin,meks-smart-social-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33694-e224c1cc32d6c05f266106ae47b5db38.yaml b/nuclei-templates/2024/CVE-2024-33694-e224c1cc32d6c05f266106ae47b5db38.yaml
index eebcf81025..1501349c77 100644
--- a/nuclei-templates/2024/CVE-2024-33694-e224c1cc32d6c05f266106ae47b5db38.yaml
+++ b/nuclei-templates/2024/CVE-2024-33694-e224c1cc32d6c05f266106ae47b5db38.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meks ThemeForest Smart Widget <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Meks ThemeForest Smart Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meks-themeforest-smart-widget/"
     google-query: inurl:"/wp-content/plugins/meks-themeforest-smart-widget/"
     shodan-query: 'vuln:CVE-2024-33694'
-  tags: cve,wordpress,wp-plugin,meks-themeforest-smart-widget,medium
+  tags: cve,wordpress,wp-plugin,meks-themeforest-smart-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33695-c912d868bff6df29fc1013dc04c342d0.yaml b/nuclei-templates/2024/CVE-2024-33695-c912d868bff6df29fc1013dc04c342d0.yaml
index f55425d3d0..6b62ce04fb 100644
--- a/nuclei-templates/2024/CVE-2024-33695-c912d868bff6df29fc1013dc04c342d0.yaml
+++ b/nuclei-templates/2024/CVE-2024-33695-c912d868bff6df29fc1013dc04c342d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fan Page Widget by ThemeNcode <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fan Page Widget by ThemeNcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-fan-page-widget/"
     google-query: inurl:"/wp-content/plugins/facebook-fan-page-widget/"
     shodan-query: 'vuln:CVE-2024-33695'
-  tags: cve,wordpress,wp-plugin,facebook-fan-page-widget,medium
+  tags: cve,wordpress,wp-plugin,facebook-fan-page-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33696-7559c037fdee829f7bf9775d464accd0.yaml b/nuclei-templates/2024/CVE-2024-33696-7559c037fdee829f7bf9775d464accd0.yaml
index 1eb1661bbc..04d67c28e2 100644
--- a/nuclei-templates/2024/CVE-2024-33696-7559c037fdee829f7bf9775d464accd0.yaml
+++ b/nuclei-templates/2024/CVE-2024-33696-7559c037fdee829f7bf9775d464accd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Ad Widget <= 2.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Ad Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.20.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ad-widget/"
     google-query: inurl:"/wp-content/plugins/ad-widget/"
     shodan-query: 'vuln:CVE-2024-33696'
-  tags: cve,wordpress,wp-plugin,ad-widget,medium
+  tags: cve,wordpress,wp-plugin,ad-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33697-d3779debb6d6eb8ad0d25988128d76ec.yaml b/nuclei-templates/2024/CVE-2024-33697-d3779debb6d6eb8ad0d25988128d76ec.yaml
index 33ad8d767a..a88da34ed9 100644
--- a/nuclei-templates/2024/CVE-2024-33697-d3779debb6d6eb8ad0d25988128d76ec.yaml
+++ b/nuclei-templates/2024/CVE-2024-33697-d3779debb6d6eb8ad0d25988128d76ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CF7 File Download – File Download for CF7 <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CF7 File Download – File Download for CF7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-file-download/"
     google-query: inurl:"/wp-content/plugins/cf7-file-download/"
     shodan-query: 'vuln:CVE-2024-33697'
-  tags: cve,wordpress,wp-plugin,cf7-file-download,medium
+  tags: cve,wordpress,wp-plugin,cf7-file-download,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33907-15e90fc31ab3dfba5bcef7edbbc05f6d.yaml b/nuclei-templates/2024/CVE-2024-33907-15e90fc31ab3dfba5bcef7edbbc05f6d.yaml
index df5be9e5dd..edefbbfd23 100644
--- a/nuclei-templates/2024/CVE-2024-33907-15e90fc31ab3dfba5bcef7edbbc05f6d.yaml
+++ b/nuclei-templates/2024/CVE-2024-33907-15e90fc31ab3dfba5bcef7edbbc05f6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.26.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Print My Blog – Print, PDF, & eBook Converter WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions like the saveProjectGenerate() function in all versions up to, and including, 3.26.2. This makes it possible for unauthenticated attackers, to update projects.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-my-blog/"
     google-query: inurl:"/wp-content/plugins/print-my-blog/"
     shodan-query: 'vuln:CVE-2024-33907'
-  tags: cve,wordpress,wp-plugin,print-my-blog,medium
+  tags: cve,wordpress,wp-plugin,print-my-blog,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33908-bc4814d8e32bebe97767bb786c515063.yaml b/nuclei-templates/2024/CVE-2024-33908-bc4814d8e32bebe97767bb786c515063.yaml
index b3600bf8f8..f7cf282bc6 100644
--- a/nuclei-templates/2024/CVE-2024-33908-bc4814d8e32bebe97767bb786c515063.yaml
+++ b/nuclei-templates/2024/CVE-2024-33908-bc4814d8e32bebe97767bb786c515063.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WidgetKit <= 2.5.0 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WidgetKit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wk_td_ads_dismiss_notice() function in versions up to, and including, 2.4.8. This makes it possible for unauthenticated attackers to dismiss notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widgetkit-for-elementor/"
     google-query: inurl:"/wp-content/plugins/widgetkit-for-elementor/"
     shodan-query: 'vuln:CVE-2024-33908'
-  tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33909-238730b48c414c2efa3f90f95ede4e1a.yaml b/nuclei-templates/2024/CVE-2024-33909-238730b48c414c2efa3f90f95ede4e1a.yaml
index 3ebe41e41d..79838153e1 100644
--- a/nuclei-templates/2024/CVE-2024-33909-238730b48c414c2efa3f90f95ede4e1a.yaml
+++ b/nuclei-templates/2024/CVE-2024-33909-238730b48c414c2efa3f90f95ede4e1a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iPages Flipbook <= 1.5.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The iPages Flipbook plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a REST API endpoint in versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to view deactivated items
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ipages-flipbook/"
     google-query: inurl:"/wp-content/plugins/ipages-flipbook/"
     shodan-query: 'vuln:CVE-2024-33909'
-  tags: cve,wordpress,wp-plugin,ipages-flipbook,medium
+  tags: cve,wordpress,wp-plugin,ipages-flipbook,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33910-317667951b7644dbd1a4529b628afac3.yaml b/nuclei-templates/2024/CVE-2024-33910-317667951b7644dbd1a4529b628afac3.yaml
index bcdb361017..0b41c17294 100644
--- a/nuclei-templates/2024/CVE-2024-33910-317667951b7644dbd1a4529b628afac3.yaml
+++ b/nuclei-templates/2024/CVE-2024-33910-317667951b7644dbd1a4529b628afac3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Digital Publications by Supsystic <= 1.7.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.7. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/digital-publications-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/digital-publications-by-supsystic/"
     shodan-query: 'vuln:CVE-2024-33910'
-  tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33911-c85a39b22a9266777e8fa557a3826f56.yaml b/nuclei-templates/2024/CVE-2024-33911-c85a39b22a9266777e8fa557a3826f56.yaml
index 63535fb685..38c6bff0bb 100644
--- a/nuclei-templates/2024/CVE-2024-33911-c85a39b22a9266777e8fa557a3826f56.yaml
+++ b/nuclei-templates/2024/CVE-2024-33911-c85a39b22a9266777e8fa557a3826f56.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     School Management Pro <= 10.3.4 - Authenticated (School Admin+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The The School Management Pro plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 10.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with school admin-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/school-management-pro/"
     google-query: inurl:"/wp-content/plugins/school-management-pro/"
     shodan-query: 'vuln:CVE-2024-33911'
-  tags: cve,wordpress,wp-plugin,school-management-pro,critical
+  tags: cve,wordpress,wp-plugin,school-management-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33912-2f3fe53a50f6ba1e34fffa48d4d3ffac.yaml b/nuclei-templates/2024/CVE-2024-33912-2f3fe53a50f6ba1e34fffa48d4d3ffac.yaml
index 731c44c006..58a6446e85 100644
--- a/nuclei-templates/2024/CVE-2024-33912-2f3fe53a50f6ba1e34fffa48d4d3ffac.yaml
+++ b/nuclei-templates/2024/CVE-2024-33912-2f3fe53a50f6ba1e34fffa48d4d3ffac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Academy LMS <= 1.9.16 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Academy LMS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on afunction in versions up to, and including, 1.9.16. This makes it possible for authenticated attackers, with student-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/academy/"
     google-query: inurl:"/wp-content/plugins/academy/"
     shodan-query: 'vuln:CVE-2024-33912'
-  tags: cve,wordpress,wp-plugin,academy,medium
+  tags: cve,wordpress,wp-plugin,academy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33913-5b3901e02ad2424b1793990cd718f093.yaml b/nuclei-templates/2024/CVE-2024-33913-5b3901e02ad2424b1793990cd718f093.yaml
index 9444a6e937..d9ff3da7e0 100644
--- a/nuclei-templates/2024/CVE-2024-33913-5b3901e02ad2424b1793990cd718f093.yaml
+++ b/nuclei-templates/2024/CVE-2024-33913-5b3901e02ad2424b1793990cd718f093.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Xserver Migrator <= 1.6.1 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Xserver Migrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to upload arbitrary files granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xserver-migrator/"
     google-query: inurl:"/wp-content/plugins/xserver-migrator/"
     shodan-query: 'vuln:CVE-2024-33913'
-  tags: cve,wordpress,wp-plugin,xserver-migrator,high
+  tags: cve,wordpress,wp-plugin,xserver-migrator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33914-ba61abda2c1a03aab77d7d30f615bf9e.yaml b/nuclei-templates/2024/CVE-2024-33914-ba61abda2c1a03aab77d7d30f615bf9e.yaml
index fcf79e8754..6113173ecd 100644
--- a/nuclei-templates/2024/CVE-2024-33914-ba61abda2c1a03aab77d7d30f615bf9e.yaml
+++ b/nuclei-templates/2024/CVE-2024-33914-ba61abda2c1a03aab77d7d30f615bf9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons Elementor <= 2.6.9.1 - Missing Authorization to Post Duplication
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Exclusive Addons Elementor plugin for WordPress is vulnerable to unauthorized access of datadue to an insufficient capability check on the duplicate_post() function in versions up to, and including, 2.6.9.1. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate other users posts which can lead to information disclosure for private posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-33914'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33915-b42518648b89a6c8b5bea17f9a27b0ef.yaml b/nuclei-templates/2024/CVE-2024-33915-b42518648b89a6c8b5bea17f9a27b0ef.yaml
index c14eee7ad8..7d11f592fc 100644
--- a/nuclei-templates/2024/CVE-2024-33915-b42518648b89a6c8b5bea17f9a27b0ef.yaml
+++ b/nuclei-templates/2024/CVE-2024-33915-b42518648b89a6c8b5bea17f9a27b0ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Debug Log Manager <= 2.3.1 - Missing Authorization via toggle_debugging
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Debug Log Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_debugging function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to toggle debugging.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/debug-log-manager/"
     google-query: inurl:"/wp-content/plugins/debug-log-manager/"
     shodan-query: 'vuln:CVE-2024-33915'
-  tags: cve,wordpress,wp-plugin,debug-log-manager,medium
+  tags: cve,wordpress,wp-plugin,debug-log-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33916-4e988801588842dadfebdadb774a426e.yaml b/nuclei-templates/2024/CVE-2024-33916-4e988801588842dadfebdadb774a426e.yaml
index 8cf4ae8d62..f66adb7792 100644
--- a/nuclei-templates/2024/CVE-2024-33916-4e988801588842dadfebdadb774a426e.yaml
+++ b/nuclei-templates/2024/CVE-2024-33916-4e988801588842dadfebdadb774a426e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CPO Companion <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cpo-companion/"
     google-query: inurl:"/wp-content/plugins/cpo-companion/"
     shodan-query: 'vuln:CVE-2024-33916'
-  tags: cve,wordpress,wp-plugin,cpo-companion,medium
+  tags: cve,wordpress,wp-plugin,cpo-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33918-d5f5796dec9da2bb7306be7b46162089.yaml b/nuclei-templates/2024/CVE-2024-33918-d5f5796dec9da2bb7306be7b46162089.yaml
index 05c47755b5..fa8b9359ea 100644
--- a/nuclei-templates/2024/CVE-2024-33918-d5f5796dec9da2bb7306be7b46162089.yaml
+++ b/nuclei-templates/2024/CVE-2024-33918-d5f5796dec9da2bb7306be7b46162089.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AJAX Login and Registration modal popup + inline form <= 2.23 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-login-and-registration-modal-popup/"
     google-query: inurl:"/wp-content/plugins/ajax-login-and-registration-modal-popup/"
     shodan-query: 'vuln:CVE-2024-33918'
-  tags: cve,wordpress,wp-plugin,ajax-login-and-registration-modal-popup,medium
+  tags: cve,wordpress,wp-plugin,ajax-login-and-registration-modal-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33919-3b2e242a0e8c63c5936cb035e1688322.yaml b/nuclei-templates/2024/CVE-2024-33919-3b2e242a0e8c63c5936cb035e1688322.yaml
index d9d801c5aa..2e9605bbdd 100644
--- a/nuclei-templates/2024/CVE-2024-33919-3b2e242a0e8c63c5936cb035e1688322.yaml
+++ b/nuclei-templates/2024/CVE-2024-33919-3b2e242a0e8c63c5936cb035e1688322.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RomethemeKit For Elementor <= 1.4.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addNewPost() function in versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to add new posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rometheme-for-elementor/"
     google-query: inurl:"/wp-content/plugins/rometheme-for-elementor/"
     shodan-query: 'vuln:CVE-2024-33919'
-  tags: cve,wordpress,wp-plugin,rometheme-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,rometheme-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33920-9547ac03aa22594531f4f7ecb05105d2.yaml b/nuclei-templates/2024/CVE-2024-33920-9547ac03aa22594531f4f7ecb05105d2.yaml
index 6b1aa0282b..4789bbb261 100644
--- a/nuclei-templates/2024/CVE-2024-33920-9547ac03aa22594531f4f7ecb05105d2.yaml
+++ b/nuclei-templates/2024/CVE-2024-33920-9547ac03aa22594531f4f7ecb05105d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Democracy Poll <= 6.0.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Democracy Poll plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.0.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/democracy-poll/"
     google-query: inurl:"/wp-content/plugins/democracy-poll/"
     shodan-query: 'vuln:CVE-2024-33920'
-  tags: cve,wordpress,wp-plugin,democracy-poll,medium
+  tags: cve,wordpress,wp-plugin,democracy-poll,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33921-1f09731ddd1d1af88db90bbc4fec3ba8.yaml b/nuclei-templates/2024/CVE-2024-33921-1f09731ddd1d1af88db90bbc4fec3ba8.yaml
index b619c9c2f1..44afb4d28b 100644
--- a/nuclei-templates/2024/CVE-2024-33921-1f09731ddd1d1af88db90bbc4fec3ba8.yaml
+++ b/nuclei-templates/2024/CVE-2024-33921-1f09731ddd1d1af88db90bbc4fec3ba8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ReviewX <= 1.6.21 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ReviewX plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the remote_post() function in versions up to, and including, 1.6.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform a post request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reviewx/"
     google-query: inurl:"/wp-content/plugins/reviewx/"
     shodan-query: 'vuln:CVE-2024-33921'
-  tags: cve,wordpress,wp-plugin,reviewx,medium
+  tags: cve,wordpress,wp-plugin,reviewx,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33923-2850eb23becb886717557cbcc134de27.yaml b/nuclei-templates/2024/CVE-2024-33923-2850eb23becb886717557cbcc134de27.yaml
index 3cc8958f59..639ff690c0 100644
--- a/nuclei-templates/2024/CVE-2024-33923-2850eb23becb886717557cbcc134de27.yaml
+++ b/nuclei-templates/2024/CVE-2024-33923-2850eb23becb886717557cbcc134de27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager  <= 4.69 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SP Project & Document Manager  plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.69. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:CVE-2024-33923'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,medium
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33925-48e682e482ecb4079ded015fff88c4de.yaml b/nuclei-templates/2024/CVE-2024-33925-48e682e482ecb4079ded015fff88c4de.yaml
index fb902129c3..2d85e9206d 100644
--- a/nuclei-templates/2024/CVE-2024-33925-48e682e482ecb4079ded015fff88c4de.yaml
+++ b/nuclei-templates/2024/CVE-2024-33925-48e682e482ecb4079ded015fff88c4de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Embed Google Fonts <= 3.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Embed Google Fonts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embed-google-fonts/"
     google-query: inurl:"/wp-content/plugins/embed-google-fonts/"
     shodan-query: 'vuln:CVE-2024-33925'
-  tags: cve,wordpress,wp-plugin,embed-google-fonts,medium
+  tags: cve,wordpress,wp-plugin,embed-google-fonts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33926-e3f2fb4bebde6fbab715925584422191.yaml b/nuclei-templates/2024/CVE-2024-33926-e3f2fb4bebde6fbab715925584422191.yaml
index f3ffbdec56..2cee7edcf9 100644
--- a/nuclei-templates/2024/CVE-2024-33926-e3f2fb4bebde6fbab715925584422191.yaml
+++ b/nuclei-templates/2024/CVE-2024-33926-e3f2fb4bebde6fbab715925584422191.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GWP-Histats <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GWP-Histats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gwp-histats/"
     google-query: inurl:"/wp-content/plugins/gwp-histats/"
     shodan-query: 'vuln:CVE-2024-33926'
-  tags: cve,wordpress,wp-plugin,gwp-histats,medium
+  tags: cve,wordpress,wp-plugin,gwp-histats,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33927-43352935e72ef2b8411f13007515e249.yaml b/nuclei-templates/2024/CVE-2024-33927-43352935e72ef2b8411f13007515e249.yaml
index 63a033c02a..9f8ac1a17d 100644
--- a/nuclei-templates/2024/CVE-2024-33927-43352935e72ef2b8411f13007515e249.yaml
+++ b/nuclei-templates/2024/CVE-2024-33927-43352935e72ef2b8411f13007515e249.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Giphypress <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Giphypress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/giphypress/"
     google-query: inurl:"/wp-content/plugins/giphypress/"
     shodan-query: 'vuln:CVE-2024-33927'
-  tags: cve,wordpress,wp-plugin,giphypress,medium
+  tags: cve,wordpress,wp-plugin,giphypress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33929-9461e6fbc59ff2af30e33bb31e92efcb.yaml b/nuclei-templates/2024/CVE-2024-33929-9461e6fbc59ff2af30e33bb31e92efcb.yaml
index c95ea1ffd3..77e3814e54 100644
--- a/nuclei-templates/2024/CVE-2024-33929-9461e6fbc59ff2af30e33bb31e92efcb.yaml
+++ b/nuclei-templates/2024/CVE-2024-33929-9461e6fbc59ff2af30e33bb31e92efcb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Directorist <= 7.8.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.8.6. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:CVE-2024-33929'
-  tags: cve,wordpress,wp-plugin,directorist,medium
+  tags: cve,wordpress,wp-plugin,directorist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33931-8564c9ce49cff70553493d3be285f932.yaml b/nuclei-templates/2024/CVE-2024-33931-8564c9ce49cff70553493d3be285f932.yaml
index 082a3816bd..873fcd0449 100644
--- a/nuclei-templates/2024/CVE-2024-33931-8564c9ce49cff70553493d3be285f932.yaml
+++ b/nuclei-templates/2024/CVE-2024-33931-8564c9ce49cff70553493d3be285f932.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JW Player for WordPress <= 2.3.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JW Player for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jw-player-7-for-wp/"
     google-query: inurl:"/wp-content/plugins/jw-player-7-for-wp/"
     shodan-query: 'vuln:CVE-2024-33931'
-  tags: cve,wordpress,wp-plugin,jw-player-7-for-wp,medium
+  tags: cve,wordpress,wp-plugin,jw-player-7-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33932-1b2984fc633af00dfb52c6ca6adba0af.yaml b/nuclei-templates/2024/CVE-2024-33932-1b2984fc633af00dfb52c6ca6adba0af.yaml
index 3e7f048cc9..31a2e42c94 100644
--- a/nuclei-templates/2024/CVE-2024-33932-1b2984fc633af00dfb52c6ca6adba0af.yaml
+++ b/nuclei-templates/2024/CVE-2024-33932-1b2984fc633af00dfb52c6ca6adba0af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-logout-register-menu/"
     google-query: inurl:"/wp-content/plugins/login-logout-register-menu/"
     shodan-query: 'vuln:CVE-2024-33932'
-  tags: cve,wordpress,wp-plugin,login-logout-register-menu,medium
+  tags: cve,wordpress,wp-plugin,login-logout-register-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33934-43b8fe08466d27ab3e4146e678872b9a.yaml b/nuclei-templates/2024/CVE-2024-33934-43b8fe08466d27ab3e4146e678872b9a.yaml
index f580273028..ee565e23b0 100644
--- a/nuclei-templates/2024/CVE-2024-33934-43b8fe08466d27ab3e4146e678872b9a.yaml
+++ b/nuclei-templates/2024/CVE-2024-33934-43b8fe08466d27ab3e4146e678872b9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mini Loops <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mini Loops plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mini-loops/"
     google-query: inurl:"/wp-content/plugins/mini-loops/"
     shodan-query: 'vuln:CVE-2024-33934'
-  tags: cve,wordpress,wp-plugin,mini-loops,medium
+  tags: cve,wordpress,wp-plugin,mini-loops,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33935-063d32b817099e0883314c45f9a14882.yaml b/nuclei-templates/2024/CVE-2024-33935-063d32b817099e0883314c45f9a14882.yaml
index 5271f047a3..68c0a4d3ac 100644
--- a/nuclei-templates/2024/CVE-2024-33935-063d32b817099e0883314c45f9a14882.yaml
+++ b/nuclei-templates/2024/CVE-2024-33935-063d32b817099e0883314c45f9a14882.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PB MailCrypt <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PB MailCrypt plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pb-mailcrypt-antispam-email-encryption/"
     google-query: inurl:"/wp-content/plugins/pb-mailcrypt-antispam-email-encryption/"
     shodan-query: 'vuln:CVE-2024-33935'
-  tags: cve,wordpress,wp-plugin,pb-mailcrypt-antispam-email-encryption,medium
+  tags: cve,wordpress,wp-plugin,pb-mailcrypt-antispam-email-encryption,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33936-2a1202a3beb6f69088b7b47e3927398f.yaml b/nuclei-templates/2024/CVE-2024-33936-2a1202a3beb6f69088b7b47e3927398f.yaml
index 22a9ea96c0..5521b6f3ff 100644
--- a/nuclei-templates/2024/CVE-2024-33936-2a1202a3beb6f69088b7b47e3927398f.yaml
+++ b/nuclei-templates/2024/CVE-2024-33936-2a1202a3beb6f69088b7b47e3927398f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-o-matic/"
     google-query: inurl:"/wp-content/plugins/print-o-matic/"
     shodan-query: 'vuln:CVE-2024-33936'
-  tags: cve,wordpress,wp-plugin,print-o-matic,medium
+  tags: cve,wordpress,wp-plugin,print-o-matic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33937-87e99280c7fbf3c8ad55c6ac46aa584a.yaml b/nuclei-templates/2024/CVE-2024-33937-87e99280c7fbf3c8ad55c6ac46aa584a.yaml
index 6f7cf2fa32..5bea0c1926 100644
--- a/nuclei-templates/2024/CVE-2024-33937-87e99280c7fbf3c8ad55c6ac46aa584a.yaml
+++ b/nuclei-templates/2024/CVE-2024-33937-87e99280c7fbf3c8ad55c6ac46aa584a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Progressive WordPress (PWA) <= 2.1.13 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Progressive WordPress (PWA) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/progressive-wp/"
     google-query: inurl:"/wp-content/plugins/progressive-wp/"
     shodan-query: 'vuln:CVE-2024-33937'
-  tags: cve,wordpress,wp-plugin,progressive-wp,medium
+  tags: cve,wordpress,wp-plugin,progressive-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33938-74b3b474a158916fea4c408dcdc1f32e.yaml b/nuclei-templates/2024/CVE-2024-33938-74b3b474a158916fea4c408dcdc1f32e.yaml
index bf062be5cf..04dfd8d60f 100644
--- a/nuclei-templates/2024/CVE-2024-33938-74b3b474a158916fea4c408dcdc1f32e.yaml
+++ b/nuclei-templates/2024/CVE-2024-33938-74b3b474a158916fea4c408dcdc1f32e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sliding Widgets <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sliding Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sliding-widgets/"
     google-query: inurl:"/wp-content/plugins/sliding-widgets/"
     shodan-query: 'vuln:CVE-2024-33938'
-  tags: cve,wordpress,wp-plugin,sliding-widgets,medium
+  tags: cve,wordpress,wp-plugin,sliding-widgets,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33940-eb5eba3fb055e3f1a65941e7a11b92d0.yaml b/nuclei-templates/2024/CVE-2024-33940-eb5eba3fb055e3f1a65941e7a11b92d0.yaml
index e074d2a25e..8ed581bf13 100644
--- a/nuclei-templates/2024/CVE-2024-33940-eb5eba3fb055e3f1a65941e7a11b92d0.yaml
+++ b/nuclei-templates/2024/CVE-2024-33940-eb5eba3fb055e3f1a65941e7a11b92d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventON <= 2.2.14 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EventON plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventon-lite/"
     google-query: inurl:"/wp-content/plugins/eventon-lite/"
     shodan-query: 'vuln:CVE-2024-33940'
-  tags: cve,wordpress,wp-plugin,eventon-lite,medium
+  tags: cve,wordpress,wp-plugin,eventon-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33941-db0b66a5d47c2843954a651061f51619.yaml b/nuclei-templates/2024/CVE-2024-33941-db0b66a5d47c2843954a651061f51619.yaml
index 6295eb26bb..5672217c53 100644
--- a/nuclei-templates/2024/CVE-2024-33941-db0b66a5d47c2843954a651061f51619.yaml
+++ b/nuclei-templates/2024/CVE-2024-33941-db0b66a5d47c2843954a651061f51619.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iPanorama 360 WordPress Virtual Tour Builder <= 1.8.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a REST API endpoint in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to view deactivated panoramas.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/"
     shodan-query: 'vuln:CVE-2024-33941'
-  tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33942-cff018203a21cbec2137aca8bbff35f1.yaml b/nuclei-templates/2024/CVE-2024-33942-cff018203a21cbec2137aca8bbff35f1.yaml
index a5ee95cd75..0c78c92fb9 100644
--- a/nuclei-templates/2024/CVE-2024-33942-cff018203a21cbec2137aca8bbff35f1.yaml
+++ b/nuclei-templates/2024/CVE-2024-33942-cff018203a21cbec2137aca8bbff35f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Typography <= 1.1.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Google Typography plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-typography/"
     google-query: inurl:"/wp-content/plugins/google-typography/"
     shodan-query: 'vuln:CVE-2024-33942'
-  tags: cve,wordpress,wp-plugin,google-typography,medium
+  tags: cve,wordpress,wp-plugin,google-typography,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33943-4d6b9908316d738d104a51fdd9ba9967.yaml b/nuclei-templates/2024/CVE-2024-33943-4d6b9908316d738d104a51fdd9ba9967.yaml
index 9ea83ed3ca..9f7e707d6e 100644
--- a/nuclei-templates/2024/CVE-2024-33943-4d6b9908316d738d104a51fdd9ba9967.yaml
+++ b/nuclei-templates/2024/CVE-2024-33943-4d6b9908316d738d104a51fdd9ba9967.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Under Construction <= 1.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Under Construction plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-under-construction/"
     google-query: inurl:"/wp-content/plugins/ultimate-under-construction/"
     shodan-query: 'vuln:CVE-2024-33943'
-  tags: cve,wordpress,wp-plugin,ultimate-under-construction,medium
+  tags: cve,wordpress,wp-plugin,ultimate-under-construction,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33944-31cb28ae35765828074fe75a48e7d24a.yaml b/nuclei-templates/2024/CVE-2024-33944-31cb28ae35765828074fe75a48e7d24a.yaml
index 4179595dca..ce019bc92f 100644
--- a/nuclei-templates/2024/CVE-2024-33944-31cb28ae35765828074fe75a48e7d24a.yaml
+++ b/nuclei-templates/2024/CVE-2024-33944-31cb28ae35765828074fe75a48e7d24a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce AWeber Newsletter Subscription <= 4.0.2 - Missing Authorization to Access Token Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce AWeber Newsletter Subscription plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to reset and change the plugin's access token.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-aweber-newsletter-subscription/"
     google-query: inurl:"/wp-content/plugins/woocommerce-aweber-newsletter-subscription/"
     shodan-query: 'vuln:CVE-2024-33944'
-  tags: cve,wordpress,wp-plugin,woocommerce-aweber-newsletter-subscription,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-aweber-newsletter-subscription,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33945-fd2502bc424033ec4b34f2309e987add.yaml b/nuclei-templates/2024/CVE-2024-33945-fd2502bc424033ec4b34f2309e987add.yaml
index 16654654e2..5a5c608358 100644
--- a/nuclei-templates/2024/CVE-2024-33945-fd2502bc424033ec4b34f2309e987add.yaml
+++ b/nuclei-templates/2024/CVE-2024-33945-fd2502bc424033ec4b34f2309e987add.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ele-blog/"
     google-query: inurl:"/wp-content/plugins/ele-blog/"
     shodan-query: 'vuln:CVE-2024-33945'
-  tags: cve,wordpress,wp-plugin,ele-blog,medium
+  tags: cve,wordpress,wp-plugin,ele-blog,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33948-a75aed58343a47e8c366c92bf6c30f08.yaml b/nuclei-templates/2024/CVE-2024-33948-a75aed58343a47e8c366c92bf6c30f08.yaml
index 86f96d570d..34b359fc12 100644
--- a/nuclei-templates/2024/CVE-2024-33948-a75aed58343a47e8c366c92bf6c30f08.yaml
+++ b/nuclei-templates/2024/CVE-2024-33948-a75aed58343a47e8c366c92bf6c30f08.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TweetScroll Widget <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TweetScroll Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tweetscroll-widget/"
     google-query: inurl:"/wp-content/plugins/tweetscroll-widget/"
     shodan-query: 'vuln:CVE-2024-33948'
-  tags: cve,wordpress,wp-plugin,tweetscroll-widget,medium
+  tags: cve,wordpress,wp-plugin,tweetscroll-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33949-e69e5ad6d5e1c350a8e72b9f067b0efd.yaml b/nuclei-templates/2024/CVE-2024-33949-e69e5ad6d5e1c350a8e72b9f067b0efd.yaml
index d649133131..b56997dfeb 100644
--- a/nuclei-templates/2024/CVE-2024-33949-e69e5ad6d5e1c350a8e72b9f067b0efd.yaml
+++ b/nuclei-templates/2024/CVE-2024-33949-e69e5ad6d5e1c350a8e72b9f067b0efd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Min and Max Purchase for WooCommerce <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Min and Max Purchase for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/min-and-max-purchase-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/min-and-max-purchase-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-33949'
-  tags: cve,wordpress,wp-plugin,min-and-max-purchase-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,min-and-max-purchase-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33950-e83ff3d04c646c58cf810db301109219.yaml b/nuclei-templates/2024/CVE-2024-33950-e83ff3d04c646c58cf810db301109219.yaml
index b0a4bb1053..d4089ba39a 100644
--- a/nuclei-templates/2024/CVE-2024-33950-e83ff3d04c646c58cf810db301109219.yaml
+++ b/nuclei-templates/2024/CVE-2024-33950-e83ff3d04c646c58cf810db301109219.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Archives Calendar Widget <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Archives Calendar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/archives-calendar-widget/"
     google-query: inurl:"/wp-content/plugins/archives-calendar-widget/"
     shodan-query: 'vuln:CVE-2024-33950'
-  tags: cve,wordpress,wp-plugin,archives-calendar-widget,medium
+  tags: cve,wordpress,wp-plugin,archives-calendar-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33951-8d6f7061c576076509b8f92171f21824.yaml b/nuclei-templates/2024/CVE-2024-33951-8d6f7061c576076509b8f92171f21824.yaml
index 68078873b3..db9bd40547 100644
--- a/nuclei-templates/2024/CVE-2024-33951-8d6f7061c576076509b8f92171f21824.yaml
+++ b/nuclei-templates/2024/CVE-2024-33951-8d6f7061c576076509b8f92171f21824.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Perfect Pullquotes <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Perfect Pullquotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/perfect-pullquotes/"
     google-query: inurl:"/wp-content/plugins/perfect-pullquotes/"
     shodan-query: 'vuln:CVE-2024-33951'
-  tags: cve,wordpress,wp-plugin,perfect-pullquotes,medium
+  tags: cve,wordpress,wp-plugin,perfect-pullquotes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33952-df4c2356c55ce196a7dc2c935ff36c73.yaml b/nuclei-templates/2024/CVE-2024-33952-df4c2356c55ce196a7dc2c935ff36c73.yaml
index 29d33355bc..9b92768287 100644
--- a/nuclei-templates/2024/CVE-2024-33952-df4c2356c55ce196a7dc2c935ff36c73.yaml
+++ b/nuclei-templates/2024/CVE-2024-33952-df4c2356c55ce196a7dc2c935ff36c73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unique <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Unique theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/unique/"
     google-query: inurl:"/wp-content/themes/unique/"
     shodan-query: 'vuln:CVE-2024-33952'
-  tags: cve,wordpress,wp-theme,unique,medium
+  tags: cve,wordpress,wp-theme,unique,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33953-e75bbb3acde201345699c9ea2b1c0b80.yaml b/nuclei-templates/2024/CVE-2024-33953-e75bbb3acde201345699c9ea2b1c0b80.yaml
index 6803a1d14d..0622a01067 100644
--- a/nuclei-templates/2024/CVE-2024-33953-e75bbb3acde201345699c9ea2b1c0b80.yaml
+++ b/nuclei-templates/2024/CVE-2024-33953-e75bbb3acde201345699c9ea2b1c0b80.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Adventure Journal <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Adventure Journal theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/adventure-journal/"
     google-query: inurl:"/wp-content/themes/adventure-journal/"
     shodan-query: 'vuln:CVE-2024-33953'
-  tags: cve,wordpress,wp-theme,adventure-journal,medium
+  tags: cve,wordpress,wp-theme,adventure-journal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33954-a2a9df8b3604a4aa48635001d225e7fd.yaml b/nuclei-templates/2024/CVE-2024-33954-a2a9df8b3604a4aa48635001d225e7fd.yaml
index cb703e76d9..53e65850b0 100644
--- a/nuclei-templates/2024/CVE-2024-33954-a2a9df8b3604a4aa48635001d225e7fd.yaml
+++ b/nuclei-templates/2024/CVE-2024-33954-a2a9df8b3604a4aa48635001d225e7fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pliska <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pliska theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display names in all versions up to, and including, 0.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/pliska/"
     google-query: inurl:"/wp-content/themes/pliska/"
     shodan-query: 'vuln:CVE-2024-33954'
-  tags: cve,wordpress,wp-theme,pliska,medium
+  tags: cve,wordpress,wp-theme,pliska,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33955-81558dbfc1c686b52278115bcc212692.yaml b/nuclei-templates/2024/CVE-2024-33955-81558dbfc1c686b52278115bcc212692.yaml
index 7c338bcf65..a1eb027655 100644
--- a/nuclei-templates/2024/CVE-2024-33955-81558dbfc1c686b52278115bcc212692.yaml
+++ b/nuclei-templates/2024/CVE-2024-33955-81558dbfc1c686b52278115bcc212692.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freesia Empire <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Freesia Empire theme for WordPress is vulnerable to Stored Cross-Site Scripting via post author display names in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/freesia-empire/"
     google-query: inurl:"/wp-content/themes/freesia-empire/"
     shodan-query: 'vuln:CVE-2024-33955'
-  tags: cve,wordpress,wp-theme,freesia-empire,medium
+  tags: cve,wordpress,wp-theme,freesia-empire,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-33956-a100f718edfa547990462b4c8b9cca8f.yaml b/nuclei-templates/2024/CVE-2024-33956-a100f718edfa547990462b4c8b9cca8f.yaml
index 87e7025c07..8447fb8e72 100644
--- a/nuclei-templates/2024/CVE-2024-33956-a100f718edfa547990462b4c8b9cca8f.yaml
+++ b/nuclei-templates/2024/CVE-2024-33956-a100f718edfa547990462b4c8b9cca8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-fields-to-checkout-page-woocommerce/"
     google-query: inurl:"/wp-content/plugins/add-fields-to-checkout-page-woocommerce/"
     shodan-query: 'vuln:CVE-2024-33956'
-  tags: cve,wordpress,wp-plugin,add-fields-to-checkout-page-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,add-fields-to-checkout-page-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34366-39af102f2f1fef516b0141731bd29ae6.yaml b/nuclei-templates/2024/CVE-2024-34366-39af102f2f1fef516b0141731bd29ae6.yaml
index fbb6881820..0f86fa707c 100644
--- a/nuclei-templates/2024/CVE-2024-34366-39af102f2f1fef516b0141731bd29ae6.yaml
+++ b/nuclei-templates/2024/CVE-2024-34366-39af102f2f1fef516b0141731bd29ae6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Alt Text AI <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alttext-ai/"
     google-query: inurl:"/wp-content/plugins/alttext-ai/"
     shodan-query: 'vuln:CVE-2024-34366'
-  tags: cve,wordpress,wp-plugin,alttext-ai,medium
+  tags: cve,wordpress,wp-plugin,alttext-ai,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34370-7aa0e1773e8e5c34cf563aa138c0d2da.yaml b/nuclei-templates/2024/CVE-2024-34370-7aa0e1773e8e5c34cf563aa138c0d2da.yaml
index e5e92cbbb7..0dbdb77c16 100644
--- a/nuclei-templates/2024/CVE-2024-34370-7aa0e1773e8e5c34cf563aa138c0d2da.yaml
+++ b/nuclei-templates/2024/CVE-2024-34370-7aa0e1773e8e5c34cf563aa138c0d2da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EAN for WooCommerce <= 4.8.9 - Authenticated (Shop Manager+) Arbitrary Options Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EAN for WooCommerce plugin for WordPress is vulnerable to arbitrary options updates n all versions up to, and including, 4.8.9. This is due to insufficient restrictions on option values that can be supplied. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options that can be leveraged for privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ean-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/ean-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-34370'
-  tags: cve,wordpress,wp-plugin,ean-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,ean-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34371-ac531ca44d844146efaf8a60c7e71d41.yaml b/nuclei-templates/2024/CVE-2024-34371-ac531ca44d844146efaf8a60c7e71d41.yaml
index f988cc09f4..f60c4bf321 100644
--- a/nuclei-templates/2024/CVE-2024-34371-ac531ca44d844146efaf8a60c7e71d41.yaml
+++ b/nuclei-templates/2024/CVE-2024-34371-ac531ca44d844146efaf8a60c7e71d41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login with phone number <= 1.7.18 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Login with phone number plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idehweb_lwp_update_billing_phones function in versions up to, and including, 1.7.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify billing phone numbers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-phone-number/"
     google-query: inurl:"/wp-content/plugins/login-with-phone-number/"
     shodan-query: 'vuln:CVE-2024-34371'
-  tags: cve,wordpress,wp-plugin,login-with-phone-number,medium
+  tags: cve,wordpress,wp-plugin,login-with-phone-number,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34372-de3ad2c14ae092820725df486681b852.yaml b/nuclei-templates/2024/CVE-2024-34372-de3ad2c14ae092820725df486681b852.yaml
index 5878fd7791..094e0774aa 100644
--- a/nuclei-templates/2024/CVE-2024-34372-de3ad2c14ae092820725df486681b852.yaml
+++ b/nuclei-templates/2024/CVE-2024-34372-de3ad2c14ae092820725df486681b852.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid Master <= 3.4.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Grid Master plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the am_post_grid_load_posts_ajax_functions function in versions up to, and including, 3.4.7. This makes it possible for unauthenticated attackers to load posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-filter-posts/"
     google-query: inurl:"/wp-content/plugins/ajax-filter-posts/"
     shodan-query: 'vuln:CVE-2024-34372'
-  tags: cve,wordpress,wp-plugin,ajax-filter-posts,medium
+  tags: cve,wordpress,wp-plugin,ajax-filter-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34374-e8533877c8cc904267c19512d475d608.yaml b/nuclei-templates/2024/CVE-2024-34374-e8533877c8cc904267c19512d475d608.yaml
index 561dbd4544..a98e93015a 100644
--- a/nuclei-templates/2024/CVE-2024-34374-e8533877c8cc904267c19512d475d608.yaml
+++ b/nuclei-templates/2024/CVE-2024-34374-e8533877c8cc904267c19512d475d608.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsReady Addons for Elementor <= 5.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/element-ready-lite/"
     google-query: inurl:"/wp-content/plugins/element-ready-lite/"
     shodan-query: 'vuln:CVE-2024-34374'
-  tags: cve,wordpress,wp-plugin,element-ready-lite,medium
+  tags: cve,wordpress,wp-plugin,element-ready-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34375-2681315eb5322b6e8d1489c4efcc7445.yaml b/nuclei-templates/2024/CVE-2024-34375-2681315eb5322b6e8d1489c4efcc7445.yaml
index eaa1db154b..9d43425bfb 100644
--- a/nuclei-templates/2024/CVE-2024-34375-2681315eb5322b6e8d1489c4efcc7445.yaml
+++ b/nuclei-templates/2024/CVE-2024-34375-2681315eb5322b6e8d1489c4efcc7445.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sheets To WP Table Live Sync <= 3.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sheets-to-wp-table-live-sync/"
     google-query: inurl:"/wp-content/plugins/sheets-to-wp-table-live-sync/"
     shodan-query: 'vuln:CVE-2024-34375'
-  tags: cve,wordpress,wp-plugin,sheets-to-wp-table-live-sync,medium
+  tags: cve,wordpress,wp-plugin,sheets-to-wp-table-live-sync,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34376-48efc81cbefdf18882ef324fd2ff057b.yaml b/nuclei-templates/2024/CVE-2024-34376-48efc81cbefdf18882ef324fd2ff057b.yaml
index b475bfee2e..8fa62faaf6 100644
--- a/nuclei-templates/2024/CVE-2024-34376-48efc81cbefdf18882ef324fd2ff057b.yaml
+++ b/nuclei-templates/2024/CVE-2024-34376-48efc81cbefdf18882ef324fd2ff057b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Edge <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Edge theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/edge/"
     google-query: inurl:"/wp-content/themes/edge/"
     shodan-query: 'vuln:CVE-2024-34376'
-  tags: cve,wordpress,wp-theme,edge,medium
+  tags: cve,wordpress,wp-theme,edge,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34377-278430bfff21cdcd8521969c19275f0f.yaml b/nuclei-templates/2024/CVE-2024-34377-278430bfff21cdcd8521969c19275f0f.yaml
index 554e2d636b..43ae2c9a30 100644
--- a/nuclei-templates/2024/CVE-2024-34377-278430bfff21cdcd8521969c19275f0f.yaml
+++ b/nuclei-templates/2024/CVE-2024-34377-278430bfff21cdcd8521969c19275f0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery <= 1.5.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the _ajax_video_gallery function in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve video galleries.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/new-video-gallery/"
     google-query: inurl:"/wp-content/plugins/new-video-gallery/"
     shodan-query: 'vuln:CVE-2024-34377'
-  tags: cve,wordpress,wp-plugin,new-video-gallery,medium
+  tags: cve,wordpress,wp-plugin,new-video-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34380-d06ae0bd2926a035277d571533319f2e.yaml b/nuclei-templates/2024/CVE-2024-34380-d06ae0bd2926a035277d571533319f2e.yaml
index c726525a21..57efdb91d2 100644
--- a/nuclei-templates/2024/CVE-2024-34380-d06ae0bd2926a035277d571533319f2e.yaml
+++ b/nuclei-templates/2024/CVE-2024-34380-d06ae0bd2926a035277d571533319f2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conversational Forms for ChatBot <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ChatBot Conversational Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/conversational-forms/"
     google-query: inurl:"/wp-content/plugins/conversational-forms/"
     shodan-query: 'vuln:CVE-2024-34380'
-  tags: cve,wordpress,wp-plugin,conversational-forms,medium
+  tags: cve,wordpress,wp-plugin,conversational-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34381-269c54556a1ca81f568118ffc940071f.yaml b/nuclei-templates/2024/CVE-2024-34381-269c54556a1ca81f568118ffc940071f.yaml
index d94e51572a..489ec73427 100644
--- a/nuclei-templates/2024/CVE-2024-34381-269c54556a1ca81f568118ffc940071f.yaml
+++ b/nuclei-templates/2024/CVE-2024-34381-269c54556a1ca81f568118ffc940071f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PropertyHive <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PropertyHive plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/propertyhive/"
     google-query: inurl:"/wp-content/plugins/propertyhive/"
     shodan-query: 'vuln:CVE-2024-34381'
-  tags: cve,wordpress,wp-plugin,propertyhive,medium
+  tags: cve,wordpress,wp-plugin,propertyhive,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34384-9a44744af3993590fe3bf014b0ad32e9.yaml b/nuclei-templates/2024/CVE-2024-34384-9a44744af3993590fe3bf014b0ad32e9.yaml
index bc2184fc04..601d97206f 100644
--- a/nuclei-templates/2024/CVE-2024-34384-9a44744af3993590fe3bf014b0ad32e9.yaml
+++ b/nuclei-templates/2024/CVE-2024-34384-9a44744af3993590fe3bf014b0ad32e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sina Extension for Elementor <= 3.5.1 - Authenticated (Contributor+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sina-extension-for-elementor/"
     google-query: inurl:"/wp-content/plugins/sina-extension-for-elementor/"
     shodan-query: 'vuln:CVE-2024-34384'
-  tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,high
+  tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34386-599f329db78aa16926991b18378d93d9.yaml b/nuclei-templates/2024/CVE-2024-34386-599f329db78aa16926991b18378d93d9.yaml
index 8d247a9bf1..1cee43b931 100644
--- a/nuclei-templates/2024/CVE-2024-34386-599f329db78aa16926991b18378d93d9.yaml
+++ b/nuclei-templates/2024/CVE-2024-34386-599f329db78aa16926991b18378d93d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Affiliate Links <= 6.4.3.1 - Authenticated (Editor+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Auto Affiliate Links plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-auto-affiliate-links/"
     google-query: inurl:"/wp-content/plugins/wp-auto-affiliate-links/"
     shodan-query: 'vuln:CVE-2024-34386'
-  tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,critical
+  tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34387-b3367042bf6f7f08c7f7fe623f66bded.yaml b/nuclei-templates/2024/CVE-2024-34387-b3367042bf6f7f08c7f7fe623f66bded.yaml
index 72fc389a2d..100d74c6f1 100644
--- a/nuclei-templates/2024/CVE-2024-34387-b3367042bf6f7f08c7f7fe623f66bded.yaml
+++ b/nuclei-templates/2024/CVE-2024-34387-b3367042bf6f7f08c7f7fe623f66bded.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization to Rating Manipulation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to manipulate ratings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-post-author/"
     google-query: inurl:"/wp-content/plugins/wp-post-author/"
     shodan-query: 'vuln:CVE-2024-34387'
-  tags: cve,wordpress,wp-plugin,wp-post-author,medium
+  tags: cve,wordpress,wp-plugin,wp-post-author,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34388-52a132f231403e0d19dffecc858bc7bc.yaml b/nuclei-templates/2024/CVE-2024-34388-52a132f231403e0d19dffecc858bc7bc.yaml
index ca3be8f9e6..86bd06077a 100644
--- a/nuclei-templates/2024/CVE-2024-34388-52a132f231403e0d19dffecc858bc7bc.yaml
+++ b/nuclei-templates/2024/CVE-2024-34388-52a132f231403e0d19dffecc858bc7bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GDPR Compliance <= 1.2.5 - Authenticated (Subscriber+) Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GDPR Compliance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user or configuration data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gdpr-compliance/"
     google-query: inurl:"/wp-content/plugins/gdpr-compliance/"
     shodan-query: 'vuln:CVE-2024-34388'
-  tags: cve,wordpress,wp-plugin,gdpr-compliance,medium
+  tags: cve,wordpress,wp-plugin,gdpr-compliance,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34389-de2cc205752867abbe773a0b92ad0ea7.yaml b/nuclei-templates/2024/CVE-2024-34389-de2cc205752867abbe773a0b92ad0ea7.yaml
index dbf9ab03b2..d1e10a4b81 100644
--- a/nuclei-templates/2024/CVE-2024-34389-de2cc205752867abbe773a0b92ad0ea7.yaml
+++ b/nuclei-templates/2024/CVE-2024-34389-de2cc205752867abbe773a0b92ad0ea7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Post Author plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-post-author/"
     google-query: inurl:"/wp-content/plugins/wp-post-author/"
     shodan-query: 'vuln:CVE-2024-34389'
-  tags: cve,wordpress,wp-plugin,wp-post-author,medium
+  tags: cve,wordpress,wp-plugin,wp-post-author,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34390-81e36fcfaba8f47f8b0cb1d0a7f67af8.yaml b/nuclei-templates/2024/CVE-2024-34390-81e36fcfaba8f47f8b0cb1d0a7f67af8.yaml
index 71e445a467..8eaa5fc604 100644
--- a/nuclei-templates/2024/CVE-2024-34390-81e36fcfaba8f47f8b0cb1d0a7f67af8.yaml
+++ b/nuclei-templates/2024/CVE-2024-34390-81e36fcfaba8f47f8b0cb1d0a7f67af8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid Master <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-filter-posts/"
     google-query: inurl:"/wp-content/plugins/ajax-filter-posts/"
     shodan-query: 'vuln:CVE-2024-34390'
-  tags: cve,wordpress,wp-plugin,ajax-filter-posts,medium
+  tags: cve,wordpress,wp-plugin,ajax-filter-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34412-00bc7306212a1f1532879484863c8f21.yaml b/nuclei-templates/2024/CVE-2024-34412-00bc7306212a1f1532879484863c8f21.yaml
index 40b383c607..57f6f8a100 100644
--- a/nuclei-templates/2024/CVE-2024-34412-00bc7306212a1f1532879484863c8f21.yaml
+++ b/nuclei-templates/2024/CVE-2024-34412-00bc7306212a1f1532879484863c8f21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/parcelpanel/"
     google-query: inurl:"/wp-content/plugins/parcelpanel/"
     shodan-query: 'vuln:CVE-2024-34412'
-  tags: cve,wordpress,wp-plugin,parcelpanel,critical
+  tags: cve,wordpress,wp-plugin,parcelpanel,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-34413-1e57a0095a9d05c5ba61b4bee5ed304a.yaml b/nuclei-templates/2024/CVE-2024-34413-1e57a0095a9d05c5ba61b4bee5ed304a.yaml
index 0551a4a9ee..7faed9fb48 100644
--- a/nuclei-templates/2024/CVE-2024-34413-1e57a0095a9d05c5ba61b4bee5ed304a.yaml
+++ b/nuclei-templates/2024/CVE-2024-34413-1e57a0095a9d05c5ba61b4bee5ed304a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Affiliates Plugin — SliceWP Affiliates <= 1.1.10 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slicewp/"
     google-query: inurl:"/wp-content/plugins/slicewp/"
     shodan-query: 'vuln:CVE-2024-34413'
-  tags: cve,wordpress,wp-plugin,slicewp,medium
+  tags: cve,wordpress,wp-plugin,slicewp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3489-8639b20a2b1f76694c89791c1b2d91eb.yaml b/nuclei-templates/2024/CVE-2024-3489-8639b20a2b1f76694c89791c1b2d91eb.yaml
index 8e4de21faa..0843e73a85 100644
--- a/nuclei-templates/2024/CVE-2024-3489-8639b20a2b1f76694c89791c1b2d91eb.yaml
+++ b/nuclei-templates/2024/CVE-2024-3489-8639b20a2b1f76694c89791c1b2d91eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3489'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3490-96587021500f654fee1593a976493ca2.yaml b/nuclei-templates/2024/CVE-2024-3490-96587021500f654fee1593a976493ca2.yaml
index eab053314b..51ab75cf72 100644
--- a/nuclei-templates/2024/CVE-2024-3490-96587021500f654fee1593a976493ca2.yaml
+++ b/nuclei-templates/2024/CVE-2024-3490-96587021500f654fee1593a976493ca2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Recipe Maker <= 9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode in all versions up to, and including, 9.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-recipe-maker/"
     google-query: inurl:"/wp-content/plugins/wp-recipe-maker/"
     shodan-query: 'vuln:CVE-2024-3490'
-  tags: cve,wordpress,wp-plugin,wp-recipe-maker,medium
+  tags: cve,wordpress,wp-plugin,wp-recipe-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3491-1fa869ed52b230924c8c94b2bfb591af.yaml b/nuclei-templates/2024/CVE-2024-3491-1fa869ed52b230924c8c94b2bfb591af.yaml
index 6a100fe389..cba459c4a4 100644
--- a/nuclei-templates/2024/CVE-2024-3491-1fa869ed52b230924c8c94b2bfb591af.yaml
+++ b/nuclei-templates/2024/CVE-2024-3491-1fa869ed52b230924c8c94b2bfb591af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Schema & Structured Data for WP & AMP <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/schema-and-structured-data-for-wp/"
     google-query: inurl:"/wp-content/plugins/schema-and-structured-data-for-wp/"
     shodan-query: 'vuln:CVE-2024-3491'
-  tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,medium
+  tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3494-a94f9a8cf90bb953afc0d4af139b3df4.yaml b/nuclei-templates/2024/CVE-2024-3494-a94f9a8cf90bb953afc0d4af139b3df4.yaml
index f4db8a5c18..416b8890c4 100644
--- a/nuclei-templates/2024/CVE-2024-3494-a94f9a8cf90bb953afc0d4af139b3df4.yaml
+++ b/nuclei-templates/2024/CVE-2024-3494-a94f9a8cf90bb953afc0d4af139b3df4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mesmerize Companion <= 1.6.148 - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerize_contact_form' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mesmerize-companion/"
     google-query: inurl:"/wp-content/plugins/mesmerize-companion/"
     shodan-query: 'vuln:CVE-2024-3494'
-  tags: cve,wordpress,wp-plugin,mesmerize-companion,medium
+  tags: cve,wordpress,wp-plugin,mesmerize-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3499-c5f80f50585482477dae3983763ad356.yaml b/nuclei-templates/2024/CVE-2024-3499-c5f80f50585482477dae3983763ad356.yaml
index 067963df8c..af6419cf32 100644
--- a/nuclei-templates/2024/CVE-2024-3499-c5f80f50585482477dae3983763ad356.yaml
+++ b/nuclei-templates/2024/CVE-2024-3499-c5f80f50585482477dae3983763ad356.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generate_navigation_markup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit-lite/"
     google-query: inurl:"/wp-content/plugins/elementskit-lite/"
     shodan-query: 'vuln:CVE-2024-3499'
-  tags: cve,wordpress,wp-plugin,elementskit-lite,high
+  tags: cve,wordpress,wp-plugin,elementskit-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3500-7b0e7eea2756aa9a3fb9bd9d76ac83fe.yaml b/nuclei-templates/2024/CVE-2024-3500-7b0e7eea2756aa9a3fb9bd9d76ac83fe.yaml
index 880fc2006e..691e81f488 100644
--- a/nuclei-templates/2024/CVE-2024-3500-7b0e7eea2756aa9a3fb9bd9d76ac83fe.yaml
+++ b/nuclei-templates/2024/CVE-2024-3500-7b0e7eea2756aa9a3fb9bd9d76ac83fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit/"
     google-query: inurl:"/wp-content/plugins/elementskit/"
     shodan-query: 'vuln:CVE-2024-3500'
-  tags: cve,wordpress,wp-plugin,elementskit,high
+  tags: cve,wordpress,wp-plugin,elementskit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3517-7c56383fa31fa34806b79179038f9c39.yaml b/nuclei-templates/2024/CVE-2024-3517-7c56383fa31fa34806b79179038f9c39.yaml
index a549896616..f0ce8bee48 100644
--- a/nuclei-templates/2024/CVE-2024-3517-7c56383fa31fa34806b79179038f9c39.yaml
+++ b/nuclei-templates/2024/CVE-2024-3517-7c56383fa31fa34806b79179038f9c39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auxin-elements/"
     google-query: inurl:"/wp-content/plugins/auxin-elements/"
     shodan-query: 'vuln:CVE-2024-3517'
-  tags: cve,wordpress,wp-plugin,auxin-elements,medium
+  tags: cve,wordpress,wp-plugin,auxin-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3520-b77c5c4f0c4cc702e5668e3bdfcce6f7.yaml b/nuclei-templates/2024/CVE-2024-3520-b77c5c4f0c4cc702e5668e3bdfcce6f7.yaml
index 8c9d38f48a..f52a532353 100644
--- a/nuclei-templates/2024/CVE-2024-3520-b77c5c4f0c4cc702e5668e3bdfcce6f7.yaml
+++ b/nuclei-templates/2024/CVE-2024-3520-b77c5c4f0c4cc702e5668e3bdfcce6f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Country State City Dropdown CF7 <= 2.7.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber access and above, to add states or cities to the dropdown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/country-state-city-auto-dropdown/"
     google-query: inurl:"/wp-content/plugins/country-state-city-auto-dropdown/"
     shodan-query: 'vuln:CVE-2024-3520'
-  tags: cve,wordpress,wp-plugin,country-state-city-auto-dropdown,medium
+  tags: cve,wordpress,wp-plugin,country-state-city-auto-dropdown,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3546-766e921c63902196b3dd14a962737125.yaml b/nuclei-templates/2024/CVE-2024-3546-766e921c63902196b3dd14a962737125.yaml
index dee6d82f31..3b698cf39b 100644
--- a/nuclei-templates/2024/CVE-2024-3546-766e921c63902196b3dd14a962737125.yaml
+++ b/nuclei-templates/2024/CVE-2024-3546-766e921c63902196b3dd14a962737125.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above, to invoke this function and access log files maintained by the plugin. Additionally, the file name is user-provided and not properly sanitized, which allows attackers to read arbitrary log files on the file system.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-migration-duplicator/"
     google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/"
     shodan-query: 'vuln:CVE-2024-3546'
-  tags: cve,wordpress,wp-plugin,wp-migration-duplicator,medium
+  tags: cve,wordpress,wp-plugin,wp-migration-duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3550-61bcaa4eb5a8e67da44b4e8cf864a6f5.yaml b/nuclei-templates/2024/CVE-2024-3550-61bcaa4eb5a8e67da44b4e8cf864a6f5.yaml
index 4c8597e9e5..5f2b9f795d 100644
--- a/nuclei-templates/2024/CVE-2024-3550-61bcaa4eb5a8e67da44b4e8cf864a6f5.yaml
+++ b/nuclei-templates/2024/CVE-2024-3550-61bcaa4eb5a8e67da44b4e8cf864a6f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2024-3550'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3553-b38686638c5362ebcaa7af99aefa8146.yaml b/nuclei-templates/2024/CVE-2024-3553-b38686638c5362ebcaa7af99aefa8146.yaml
index ca7b75697e..ec6db926da 100644
--- a/nuclei-templates/2024/CVE-2024-3553-b38686638c5362ebcaa7af99aefa8146.yaml
+++ b/nuclei-templates/2024/CVE-2024-3553-b38686638c5362ebcaa7af99aefa8146.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to enable user registration on sites that may have it disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2024-3553'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3554-d92c57db44864e6e406520d1e97fd01f.yaml b/nuclei-templates/2024/CVE-2024-3554-d92c57db44864e6e406520d1e97fd01f.yaml
index 918c48401f..2e7366a838 100644
--- a/nuclei-templates/2024/CVE-2024-3554-d92c57db44864e6e406520d1e97fd01f.yaml
+++ b/nuclei-templates/2024/CVE-2024-3554-d92c57db44864e6e406520d1e97fd01f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:CVE-2024-3554'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3560-ecf4e36c0bf9bffe5d8065599df28f54.yaml b/nuclei-templates/2024/CVE-2024-3560-ecf4e36c0bf9bffe5d8065599df28f54.yaml
index 4c0636d6b0..fe59541a82 100644
--- a/nuclei-templates/2024/CVE-2024-3560-ecf4e36c0bf9bffe5d8065599df28f54.yaml
+++ b/nuclei-templates/2024/CVE-2024-3560-ecf4e36c0bf9bffe5d8065599df28f54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2024-3560'
-  tags: cve,wordpress,wp-plugin,learnpress,medium
+  tags: cve,wordpress,wp-plugin,learnpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3581-4d573fe9c428ad3a04750d4555eab402.yaml b/nuclei-templates/2024/CVE-2024-3581-4d573fe9c428ad3a04750d4555eab402.yaml
index 4ba4d69836..cbb2994194 100644
--- a/nuclei-templates/2024/CVE-2024-3581-4d573fe9c428ad3a04750d4555eab402.yaml
+++ b/nuclei-templates/2024/CVE-2024-3581-4d573fe9c428ad3a04750d4555eab402.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MaxGalleria <= 6.4.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the add_media_library_images_to_gallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or above, to upload arbitrary images to a gallery.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maxgalleria/"
     google-query: inurl:"/wp-content/plugins/maxgalleria/"
     shodan-query: 'vuln:CVE-2024-3581'
-  tags: cve,wordpress,wp-plugin,maxgalleria,medium
+  tags: cve,wordpress,wp-plugin,maxgalleria,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3585-5c801a046ddb1fac8004d7794f007242.yaml b/nuclei-templates/2024/CVE-2024-3585-5c801a046ddb1fac8004d7794f007242.yaml
index 53722dd0d7..02d31fbf58 100644
--- a/nuclei-templates/2024/CVE-2024-3585-5c801a046ddb1fac8004d7794f007242.yaml
+++ b/nuclei-templates/2024/CVE-2024-3585-5c801a046ddb1fac8004d7794f007242.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Send PDF for Contact Form 7 <= 1.0.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about contact form entries with PDFs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/send-pdf-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/send-pdf-for-contact-form-7/"
     shodan-query: 'vuln:CVE-2024-3585'
-  tags: cve,wordpress,wp-plugin,send-pdf-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,send-pdf-for-contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3588-7da918d3fc3e2e8630ac4c982d69874d.yaml b/nuclei-templates/2024/CVE-2024-3588-7da918d3fc3e2e8630ac4c982d69874d.yaml
index 3cc699a7e6..9004efa8dc 100644
--- a/nuclei-templates/2024/CVE-2024-3588-7da918d3fc3e2e8630ac4c982d69874d.yaml
+++ b/nuclei-templates/2024/CVE-2024-3588-7da918d3fc3e2e8630ac4c982d69874d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/getwid/"
     google-query: inurl:"/wp-content/plugins/getwid/"
     shodan-query: 'vuln:CVE-2024-3588'
-  tags: cve,wordpress,wp-plugin,getwid,medium
+  tags: cve,wordpress,wp-plugin,getwid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3591-dc2ceae7a9d01dd85dd05b54d27673ad.yaml b/nuclei-templates/2024/CVE-2024-3591-dc2ceae7a9d01dd85dd05b54d27673ad.yaml
index cddcf82159..e1e890ca19 100644
--- a/nuclei-templates/2024/CVE-2024-3591-dc2ceae7a9d01dd85dd05b54d27673ad.yaml
+++ b/nuclei-templates/2024/CVE-2024-3591-dc2ceae7a9d01dd85dd05b54d27673ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Geo Controller <= 8.6.4 - Unauthenticated PHP Object Injection via shortcode REST API Route
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Geo Controller plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 8.6.4 via deserialization of untrusted input supplied via the '/cache/shortcode' REST API route. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf-geoplugin/"
     google-query: inurl:"/wp-content/plugins/cf-geoplugin/"
     shodan-query: 'vuln:CVE-2024-3591'
-  tags: cve,wordpress,wp-plugin,cf-geoplugin,high
+  tags: cve,wordpress,wp-plugin,cf-geoplugin,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3595-388546e2e07357a0226d8ddb30b48362.yaml b/nuclei-templates/2024/CVE-2024-3595-388546e2e07357a0226d8ddb30b48362.yaml
index 274f54a35b..ad2da1e668 100644
--- a/nuclei-templates/2024/CVE-2024-3595-388546e2e07357a0226d8ddb30b48362.yaml
+++ b/nuclei-templates/2024/CVE-2024-3595-388546e2e07357a0226d8ddb30b48362.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pure Chat – Live Chat Plugin & More! <= 2.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pure Chat – Live Chat Plugin & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the purechatwid and purechatwname parameter in all versions up to, and including, 2.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pure-chat/"
     google-query: inurl:"/wp-content/plugins/pure-chat/"
     shodan-query: 'vuln:CVE-2024-3595'
-  tags: cve,wordpress,wp-plugin,pure-chat,medium
+  tags: cve,wordpress,wp-plugin,pure-chat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3598-7ccdd8fc797e3fab9fea1a77280ae2aa.yaml b/nuclei-templates/2024/CVE-2024-3598-7ccdd8fc797e3fab9fea1a77280ae2aa.yaml
index bbe8a58973..3f05bbacae 100644
--- a/nuclei-templates/2024/CVE-2024-3598-7ccdd8fc797e3fab9fea1a77280ae2aa.yaml
+++ b/nuclei-templates/2024/CVE-2024-3598-7ccdd8fc797e3fab9fea1a77280ae2aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit/"
     google-query: inurl:"/wp-content/plugins/elementskit/"
     shodan-query: 'vuln:CVE-2024-3598'
-  tags: cve,wordpress,wp-plugin,elementskit,medium
+  tags: cve,wordpress,wp-plugin,elementskit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3599-74ceb3dd0e91d385e16d6cd94c463dea.yaml b/nuclei-templates/2024/CVE-2024-3599-74ceb3dd0e91d385e16d6cd94c463dea.yaml
index 6018920edf..b16ab789ad 100644
--- a/nuclei-templates/2024/CVE-2024-3599-74ceb3dd0e91d385e16d6cd94c463dea.yaml
+++ b/nuclei-templates/2024/CVE-2024-3599-74ceb3dd0e91d385e16d6cd94c463dea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gdpr-cookie-consent/"
     google-query: inurl:"/wp-content/plugins/gdpr-cookie-consent/"
     shodan-query: 'vuln:CVE-2024-3599'
-  tags: cve,wordpress,wp-plugin,gdpr-cookie-consent,medium
+  tags: cve,wordpress,wp-plugin,gdpr-cookie-consent,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3601-3172cfdf5fc8b7e358c053d42d06583b.yaml b/nuclei-templates/2024/CVE-2024-3601-3172cfdf5fc8b7e358c053d42d06583b.yaml
index fe9d37602b..8a1b2771a8 100644
--- a/nuclei-templates/2024/CVE-2024-3601-3172cfdf5fc8b7e358c053d42d06583b.yaml
+++ b/nuclei-templates/2024/CVE-2024-3601-3172cfdf5fc8b7e358c053d42d06583b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poll Maker – Best WordPress Poll Plugin <= 5.1.8 -  Missing Authorization to Unauthenticated Email Enumeration
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email addresses by enumerating them one character at a time.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/poll-maker/"
     google-query: inurl:"/wp-content/plugins/poll-maker/"
     shodan-query: 'vuln:CVE-2024-3601'
-  tags: cve,wordpress,wp-plugin,poll-maker,medium
+  tags: cve,wordpress,wp-plugin,poll-maker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3606-a0b780503648451776551c0d1ff9b442.yaml b/nuclei-templates/2024/CVE-2024-3606-a0b780503648451776551c0d1ff9b442.yaml
index ce537af08c..7e111a7eaf 100644
--- a/nuclei-templates/2024/CVE-2024-3606-a0b780503648451776551c0d1ff9b442.yaml
+++ b/nuclei-templates/2024/CVE-2024-3606-a0b780503648451776551c0d1ff9b442.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image function in all versions up to, and including, 5.8.3. This makes it possible for authenticated attackers, with subscriber access or higher, to delete attachments.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/"
     shodan-query: 'vuln:CVE-2024-3606'
-  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium
+  tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3607-5e68a3cd88ecb3d8410d3d1d23bfef75.yaml b/nuclei-templates/2024/CVE-2024-3607-5e68a3cd88ecb3d8410d3d1d23bfef75.yaml
index 8a07f6a5ee..94574a8192 100644
--- a/nuclei-templates/2024/CVE-2024-3607-5e68a3cd88ecb3d8410d3d1d23bfef75.yaml
+++ b/nuclei-templates/2024/CVE-2024-3607-5e68a3cd88ecb3d8410d3d1d23bfef75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/propertyhive/"
     google-query: inurl:"/wp-content/plugins/propertyhive/"
     shodan-query: 'vuln:CVE-2024-3607'
-  tags: cve,wordpress,wp-plugin,propertyhive,medium
+  tags: cve,wordpress,wp-plugin,propertyhive,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3628-3155b6afdeb6949fabf56095cff40791.yaml b/nuclei-templates/2024/CVE-2024-3628-3155b6afdeb6949fabf56095cff40791.yaml
index ae46df7f64..29cc1a10fe 100644
--- a/nuclei-templates/2024/CVE-2024-3628-3155b6afdeb6949fabf56095cff40791.yaml
+++ b/nuclei-templates/2024/CVE-2024-3628-3155b6afdeb6949fabf56095cff40791.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EasyEvent <= 1.0.0 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EasyEvent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easyevent/"
     google-query: inurl:"/wp-content/plugins/easyevent/"
     shodan-query: 'vuln:CVE-2024-3628'
-  tags: cve,wordpress,wp-plugin,easyevent,medium
+  tags: cve,wordpress,wp-plugin,easyevent,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3637-d46f40f2ab613d8e339074ed1d986191.yaml b/nuclei-templates/2024/CVE-2024-3637-d46f40f2ab613d8e339074ed1d986191.yaml
index ee6aca2f2b..bc404a26cf 100644
--- a/nuclei-templates/2024/CVE-2024-3637-d46f40f2ab613d8e339074ed1d986191.yaml
+++ b/nuclei-templates/2024/CVE-2024-3637-d46f40f2ab613d8e339074ed1d986191.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lead-form-builder/"
     google-query: inurl:"/wp-content/plugins/lead-form-builder/"
     shodan-query: 'vuln:CVE-2024-3637'
-  tags: cve,wordpress,wp-plugin,lead-form-builder,medium
+  tags: cve,wordpress,wp-plugin,lead-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3645-298ee3ac56fa2818652ccdcf0f94081c.yaml b/nuclei-templates/2024/CVE-2024-3645-298ee3ac56fa2818652ccdcf0f94081c.yaml
index 6d88bdc2ae..4327f41331 100644
--- a/nuclei-templates/2024/CVE-2024-3645-298ee3ac56fa2818652ccdcf0f94081c.yaml
+++ b/nuclei-templates/2024/CVE-2024-3645-298ee3ac56fa2818652ccdcf0f94081c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor Pro <= 5.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-elementor/"
     google-query: inurl:"/wp-content/plugins/essential-addons-elementor/"
     shodan-query: 'vuln:CVE-2024-3645'
-  tags: cve,wordpress,wp-plugin,essential-addons-elementor,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3647-285480d3186a91d1e0ed6c347ab46652.yaml b/nuclei-templates/2024/CVE-2024-3647-285480d3186a91d1e0ed6c347ab46652.yaml
index dd034b565a..29ccd6aa9b 100644
--- a/nuclei-templates/2024/CVE-2024-3647-285480d3186a91d1e0ed6c347ab46652.yaml
+++ b/nuclei-templates/2024/CVE-2024-3647-285480d3186a91d1e0ed6c347ab46652.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires the premium version of the plugin to be installed and activated in order to be exploited.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3647'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3650-b81f70d3babfec3365a985059b1ef475.yaml b/nuclei-templates/2024/CVE-2024-3650-b81f70d3babfec3365a985059b1ef475.yaml
index 027a804fdf..65e448f7cc 100644
--- a/nuclei-templates/2024/CVE-2024-3650-b81f70d3babfec3365a985059b1ef475.yaml
+++ b/nuclei-templates/2024/CVE-2024-3650-b81f70d3babfec3365a985059b1ef475.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ElementsKit Elementor addons 3.0.7 - 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions 3.0.7 through 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementskit-lite/"
     google-query: inurl:"/wp-content/plugins/elementskit-lite/"
     shodan-query: 'vuln:CVE-2024-3650'
-  tags: cve,wordpress,wp-plugin,elementskit-lite,medium
+  tags: cve,wordpress,wp-plugin,elementskit-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3662-76fc4346fbb39fa45316aca65b7d5177.yaml b/nuclei-templates/2024/CVE-2024-3662-76fc4346fbb39fa45316aca65b7d5177.yaml
index a2fcd36818..6cd03e8831 100644
--- a/nuclei-templates/2024/CVE-2024-3662-76fc4346fbb39fa45316aca65b7d5177.yaml
+++ b/nuclei-templates/2024/CVE-2024-3662-76fc4346fbb39fa45316aca65b7d5177.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPZOOM Social Feed Widget & Block <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all Instagram images installed on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instagram-widget-by-wpzoom/"
     google-query: inurl:"/wp-content/plugins/instagram-widget-by-wpzoom/"
     shodan-query: 'vuln:CVE-2024-3662'
-  tags: cve,wordpress,wp-plugin,instagram-widget-by-wpzoom,medium
+  tags: cve,wordpress,wp-plugin,instagram-widget-by-wpzoom,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3664-5decd5b15e9e99b50c1cb7b49d2f0314.yaml b/nuclei-templates/2024/CVE-2024-3664-5decd5b15e9e99b50c1cb7b49d2f0314.yaml
index f3283ea2f9..ead5dc712b 100644
--- a/nuclei-templates/2024/CVE-2024-3664-5decd5b15e9e99b50c1cb7b49d2f0314.yaml
+++ b/nuclei-templates/2024/CVE-2024-3664-5decd5b15e9e99b50c1cb7b49d2f0314.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set_thumbnail and delete_thumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with contributor-level access and above, to delete thumbnails and add thumbnails to posts they did not author.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-featured-images/"
     google-query: inurl:"/wp-content/plugins/quick-featured-images/"
     shodan-query: 'vuln:CVE-2024-3664'
-  tags: cve,wordpress,wp-plugin,quick-featured-images,medium
+  tags: cve,wordpress,wp-plugin,quick-featured-images,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3665-149aa3cdb8f6dba02a1015d8c51445b9.yaml b/nuclei-templates/2024/CVE-2024-3665-149aa3cdb8f6dba02a1015d8c51445b9.yaml
index ba9e47ed03..8f51c88f63 100644
--- a/nuclei-templates/2024/CVE-2024-3665-149aa3cdb8f6dba02a1015d8c51445b9.yaml
+++ b/nuclei-templates/2024/CVE-2024-3665-149aa3cdb8f6dba02a1015d8c51445b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rank Math SEO with AI SEO Tools <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleWrapper'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-by-rank-math/"
     google-query: inurl:"/wp-content/plugins/seo-by-rank-math/"
     shodan-query: 'vuln:CVE-2024-3665'
-  tags: cve,wordpress,wp-plugin,seo-by-rank-math,medium
+  tags: cve,wordpress,wp-plugin,seo-by-rank-math,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3670-fb54b510af0f0d5e8604602a7c9ddbef.yaml b/nuclei-templates/2024/CVE-2024-3670-fb54b510af0f0d5e8604602a7c9ddbef.yaml
index b804d2128b..92b8d00b36 100644
--- a/nuclei-templates/2024/CVE-2024-3670-fb54b510af0f0d5e8604602a7c9ddbef.yaml
+++ b/nuclei-templates/2024/CVE-2024-3670-fb54b510af0f0d5e8604602a7c9ddbef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) <= 3.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'mapwidthunit'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaflet-maps-marker/"
     google-query: inurl:"/wp-content/plugins/leaflet-maps-marker/"
     shodan-query: 'vuln:CVE-2024-3670'
-  tags: cve,wordpress,wp-plugin,leaflet-maps-marker,medium
+  tags: cve,wordpress,wp-plugin,leaflet-maps-marker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3672-08de41cb2b0c0b28a5deead53bb308d8.yaml b/nuclei-templates/2024/CVE-2024-3672-08de41cb2b0c0b28a5deead53bb308d8.yaml
index feb83e276d..e2ad2b1ff8 100644
--- a/nuclei-templates/2024/CVE-2024-3672-08de41cb2b0c0b28a5deead53bb308d8.yaml
+++ b/nuclei-templates/2024/CVE-2024-3672-08de41cb2b0c0b28a5deead53bb308d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BA Book Everything <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32576 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ba-book-everything/"
     google-query: inurl:"/wp-content/plugins/ba-book-everything/"
     shodan-query: 'vuln:CVE-2024-3672'
-  tags: cve,wordpress,wp-plugin,ba-book-everything,medium
+  tags: cve,wordpress,wp-plugin,ba-book-everything,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3674-1f04a4a11c02a582deff94a7681096d8.yaml b/nuclei-templates/2024/CVE-2024-3674-1f04a4a11c02a582deff94a7681096d8.yaml
index fe376b3fc6..2f41a363d8 100644
--- a/nuclei-templates/2024/CVE-2024-3674-1f04a4a11c02a582deff94a7681096d8.yaml
+++ b/nuclei-templates/2024/CVE-2024-3674-1f04a4a11c02a582deff94a7681096d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inline Google Spreadsheet Viewer <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdoc' shortcode in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'chart_resolution'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/inline-google-spreadsheet-viewer/"
     google-query: inurl:"/wp-content/plugins/inline-google-spreadsheet-viewer/"
     shodan-query: 'vuln:CVE-2024-3674'
-  tags: cve,wordpress,wp-plugin,inline-google-spreadsheet-viewer,medium
+  tags: cve,wordpress,wp-plugin,inline-google-spreadsheet-viewer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3675-f2cad193bfdf87038af8a439971f7167.yaml b/nuclei-templates/2024/CVE-2024-3675-f2cad193bfdf87038af8a439971f7167.yaml
index fb28735e8f..f467a16535 100644
--- a/nuclei-templates/2024/CVE-2024-3675-f2cad193bfdf87038af8a439971f7167.yaml
+++ b/nuclei-templates/2024/CVE-2024-3675-f2cad193bfdf87038af8a439971f7167.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-3675'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3677-80866fdc72be2b54c095a4fd7f7db5e4.yaml b/nuclei-templates/2024/CVE-2024-3677-80866fdc72be2b54c095a4fd7f7db5e4.yaml
index caf3f2a7e8..b01930e740 100644
--- a/nuclei-templates/2024/CVE-2024-3677-80866fdc72be2b54c095a4fd7f7db5e4.yaml
+++ b/nuclei-templates/2024/CVE-2024-3677-80866fdc72be2b54c095a4fd7f7db5e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate 410 Gone Status Code <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 410 entries in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-410/"
     google-query: inurl:"/wp-content/plugins/ultimate-410/"
     shodan-query: 'vuln:CVE-2024-3677'
-  tags: cve,wordpress,wp-plugin,ultimate-410,medium
+  tags: cve,wordpress,wp-plugin,ultimate-410,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3680-0e079d604a8bf155d8a2cb48193c6100.yaml b/nuclei-templates/2024/CVE-2024-3680-0e079d604a8bf155d8a2cb48193c6100.yaml
index 072f808627..351fbd9a4d 100644
--- a/nuclei-templates/2024/CVE-2024-3680-0e079d604a8bf155d8a2cb48193c6100.yaml
+++ b/nuclei-templates/2024/CVE-2024-3680-0e079d604a8bf155d8a2cb48193c6100.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enteraddons/"
     google-query: inurl:"/wp-content/plugins/enteraddons/"
     shodan-query: 'vuln:CVE-2024-3680'
-  tags: cve,wordpress,wp-plugin,enteraddons,medium
+  tags: cve,wordpress,wp-plugin,enteraddons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3682-cb4f2a317f426735af573c79456925c6.yaml b/nuclei-templates/2024/CVE-2024-3682-cb4f2a317f426735af573c79456925c6.yaml
index 7af6ddb750..d4299435f7 100644
--- a/nuclei-templates/2024/CVE-2024-3682-cb4f2a317f426735af573c79456925c6.yaml
+++ b/nuclei-templates/2024/CVE-2024-3682-cb4f2a317f426735af573c79456925c6.yaml
@@ -14,17 +14,17 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2024-3682
   metadata:
-    fofa-query: "wp-content/plugins/wp-staging/"
-    google-query: inurl:"/wp-content/plugins/wp-staging/"
+    fofa-query: "wp-content/plugins/wp-staging-pro/"
+    google-query: inurl:"/wp-content/plugins/wp-staging-pro/"
     shodan-query: 'vuln:CVE-2024-3682'
-  tags: cve,wordpress,wp-plugin,wp-staging,medium
+  tags: cve,wordpress,wp-plugin,wp-staging-pro,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-staging/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wp-staging-pro/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "wp-staging"
+          - "wp-staging-pro"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 3.4.3')
\ No newline at end of file
+          - compare_versions(version, '<= 5.4.3')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-3692-c512399e58b223011a17608d4b51ac26.yaml b/nuclei-templates/2024/CVE-2024-3692-c512399e58b223011a17608d4b51ac26.yaml
index abb05b6368..436bb10f2f 100644
--- a/nuclei-templates/2024/CVE-2024-3692-c512399e58b223011a17608d4b51ac26.yaml
+++ b/nuclei-templates/2024/CVE-2024-3692-c512399e58b223011a17608d4b51ac26.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenverse <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gutenverse/"
     google-query: inurl:"/wp-content/plugins/gutenverse/"
     shodan-query: 'vuln:CVE-2024-3692'
-  tags: cve,wordpress,wp-plugin,gutenverse,medium
+  tags: cve,wordpress,wp-plugin,gutenverse,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3703-630df0c98158fef2598199d5ff83a48f.yaml b/nuclei-templates/2024/CVE-2024-3703-630df0c98158fef2598199d5ff83a48f.yaml
index 09a9e143f9..ec0b4bd8b7 100644
--- a/nuclei-templates/2024/CVE-2024-3703-630df0c98158fef2598199d5ff83a48f.yaml
+++ b/nuclei-templates/2024/CVE-2024-3703-630df0c98158fef2598199d5ff83a48f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carousel Slider <= 2.2.9 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via slide options settings in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/carousel-slider/"
     google-query: inurl:"/wp-content/plugins/carousel-slider/"
     shodan-query: 'vuln:CVE-2024-3703'
-  tags: cve,wordpress,wp-plugin,carousel-slider,medium
+  tags: cve,wordpress,wp-plugin,carousel-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3722-174bf1d87b8761ea6f77723705dffc85.yaml b/nuclei-templates/2024/CVE-2024-3722-174bf1d87b8761ea6f77723705dffc85.yaml
index d8d663c9ef..accec1aaee 100644
--- a/nuclei-templates/2024/CVE-2024-3722-174bf1d87b8761ea6f77723705dffc85.yaml
+++ b/nuclei-templates/2024/CVE-2024-3722-174bf1d87b8761ea6f77723705dffc85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve and modify settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/swift-performance-lite/"
     google-query: inurl:"/wp-content/plugins/swift-performance-lite/"
     shodan-query: 'vuln:CVE-2024-3722'
-  tags: cve,wordpress,wp-plugin,swift-performance-lite,medium
+  tags: cve,wordpress,wp-plugin,swift-performance-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3724-ab2437d4d93bac74a9eb7aad2f952033.yaml b/nuclei-templates/2024/CVE-2024-3724-ab2437d4d93bac74a9eb7aad2f952033.yaml
index 6a828824cc..92f08f9f0b 100644
--- a/nuclei-templates/2024/CVE-2024-3724-ab2437d4d93bac74a9eb7aad2f952033.yaml
+++ b/nuclei-templates/2024/CVE-2024-3724-ab2437d4d93bac74a9eb7aad2f952033.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-3724'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3725-c6ebd7f92a6a9f141b0c9e1fd40276a5.yaml b/nuclei-templates/2024/CVE-2024-3725-c6ebd7f92a6a9f141b0c9e1fd40276a5.yaml
index ba45b4774d..70a4b45f37 100644
--- a/nuclei-templates/2024/CVE-2024-3725-c6ebd7f92a6a9f141b0c9e1fd40276a5.yaml
+++ b/nuclei-templates/2024/CVE-2024-3725-c6ebd7f92a6a9f141b0c9e1fd40276a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'titleTag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/otter-blocks/"
     google-query: inurl:"/wp-content/plugins/otter-blocks/"
     shodan-query: 'vuln:CVE-2024-3725'
-  tags: cve,wordpress,wp-plugin,otter-blocks,medium
+  tags: cve,wordpress,wp-plugin,otter-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3728-eeb15b3523994497219c24e4ab9f075e.yaml b/nuclei-templates/2024/CVE-2024-3728-eeb15b3523994497219c24e4ab9f075e.yaml
index 59381cba5f..ccdc1a7563 100644
--- a/nuclei-templates/2024/CVE-2024-3728-eeb15b3523994497219c24e4ab9f075e.yaml
+++ b/nuclei-templates/2024/CVE-2024-3728-eeb15b3523994497219c24e4ab9f075e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery & Interactive Circle widgets in all versions up to, and including, 5.9.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-3728'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3730-3097ab413126701a31b2c663342da851.yaml b/nuclei-templates/2024/CVE-2024-3730-3097ab413126701a31b2c663342da851.yaml
index 9eb7b091b6..fdbd224bf3 100644
--- a/nuclei-templates/2024/CVE-2024-3730-3097ab413126701a31b2c663342da851.yaml
+++ b/nuclei-templates/2024/CVE-2024-3730-3097ab413126701a31b2c663342da851.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership/"
     google-query: inurl:"/wp-content/plugins/simple-membership/"
     shodan-query: 'vuln:CVE-2024-3730'
-  tags: cve,wordpress,wp-plugin,simple-membership,medium
+  tags: cve,wordpress,wp-plugin,simple-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3732-88d4547a92050d1b28fb4357c26c8ac0.yaml b/nuclei-templates/2024/CVE-2024-3732-88d4547a92050d1b28fb4357c26c8ac0.yaml
index 4d61a1219d..af1f897f21 100644
--- a/nuclei-templates/2024/CVE-2024-3732-88d4547a92050d1b28fb4357c26c8ac0.yaml
+++ b/nuclei-templates/2024/CVE-2024-3732-88d4547a92050d1b28fb4357c26c8ac0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GeoDirectory – WordPress Business Directory Plugin, or Classified Directory <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geodirectory/"
     google-query: inurl:"/wp-content/plugins/geodirectory/"
     shodan-query: 'vuln:CVE-2024-3732'
-  tags: cve,wordpress,wp-plugin,geodirectory,medium
+  tags: cve,wordpress,wp-plugin,geodirectory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3743-966b2e78a79b5d63896247b963e8d55a.yaml b/nuclei-templates/2024/CVE-2024-3743-966b2e78a79b5d63896247b963e8d55a.yaml
index cf12c3e215..265eb1d8da 100644
--- a/nuclei-templates/2024/CVE-2024-3743-966b2e78a79b5d63896247b963e8d55a.yaml
+++ b/nuclei-templates/2024/CVE-2024-3743-966b2e78a79b5d63896247b963e8d55a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:CVE-2024-3743'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3747-bc2b1b1b8cc260b904b43a53b27b1dc7.yaml b/nuclei-templates/2024/CVE-2024-3747-bc2b1b1b8cc260b904b43a53b27b1dc7.yaml
index 9f2ffe47d3..a76c4deb60 100644
--- a/nuclei-templates/2024/CVE-2024-3747-bc2b1b1b8cc260b904b43a53b27b1dc7.yaml
+++ b/nuclei-templates/2024/CVE-2024-3747-bc2b1b1b8cc260b904b43a53b27b1dc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blocksy <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/blocksy/"
     google-query: inurl:"/wp-content/themes/blocksy/"
     shodan-query: 'vuln:CVE-2024-3747'
-  tags: cve,wordpress,wp-theme,blocksy,medium
+  tags: cve,wordpress,wp-theme,blocksy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3752-f264ee9267574176bc2aef0a4dad14ac.yaml b/nuclei-templates/2024/CVE-2024-3752-f264ee9267574176bc2aef0a4dad14ac.yaml
index 9bf75b5712..f6b164a109 100644
--- a/nuclei-templates/2024/CVE-2024-3752-f264ee9267574176bc2aef0a4dad14ac.yaml
+++ b/nuclei-templates/2024/CVE-2024-3752-f264ee9267574176bc2aef0a4dad14ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crelly Slider <= 1.4.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Crelly Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crelly-slider/"
     google-query: inurl:"/wp-content/plugins/crelly-slider/"
     shodan-query: 'vuln:CVE-2024-3752'
-  tags: cve,wordpress,wp-plugin,crelly-slider,medium
+  tags: cve,wordpress,wp-plugin,crelly-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3755-d0c53aa3e05b1c3e9ba3c621e2806fb1.yaml b/nuclei-templates/2024/CVE-2024-3755-d0c53aa3e05b1c3e9ba3c621e2806fb1.yaml
index 7561b3ee70..41d4f78f8d 100644
--- a/nuclei-templates/2024/CVE-2024-3755-d0c53aa3e05b1c3e9ba3c621e2806fb1.yaml
+++ b/nuclei-templates/2024/CVE-2024-3755-d0c53aa3e05b1c3e9ba3c621e2806fb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MF Gig Calendar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MF Gig Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mf-gig-calendar/"
     google-query: inurl:"/wp-content/plugins/mf-gig-calendar/"
     shodan-query: 'vuln:CVE-2024-3755'
-  tags: cve,wordpress,wp-plugin,mf-gig-calendar,medium
+  tags: cve,wordpress,wp-plugin,mf-gig-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3807-68e18ce0101bb6035f701d461eb70415.yaml b/nuclei-templates/2024/CVE-2024-3807-68e18ce0101bb6035f701d461eb70415.yaml
index 1bd5ec05b8..9fc3e4d8fe 100644
--- a/nuclei-templates/2024/CVE-2024-3807-68e18ce0101bb6035f701d461eb70415.yaml
+++ b/nuclei-templates/2024/CVE-2024-3807-68e18ce0101bb6035f701d461eb70415.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. This was partially patched in version 7.1.0 and fully patched in version 7.1.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/porto/"
     google-query: inurl:"/wp-content/themes/porto/"
     shodan-query: 'vuln:CVE-2024-3807'
-  tags: cve,wordpress,wp-theme,porto,high
+  tags: cve,wordpress,wp-theme,porto,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3808-98b3c6ab8f905b035d160d1673b90dca.yaml b/nuclei-templates/2024/CVE-2024-3808-98b3c6ab8f905b035d160d1673b90dca.yaml
index 96b97b60d4..81ed594533 100644
--- a/nuclei-templates/2024/CVE-2024-3808-98b3c6ab8f905b035d160d1673b90dca.yaml
+++ b/nuclei-templates/2024/CVE-2024-3808-98b3c6ab8f905b035d160d1673b90dca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/porto-functionality/"
     google-query: inurl:"/wp-content/plugins/porto-functionality/"
     shodan-query: 'vuln:CVE-2024-3808'
-  tags: cve,wordpress,wp-plugin,porto-functionality,high
+  tags: cve,wordpress,wp-plugin,porto-functionality,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3809-10147d7844868b2801a0e636a99a05eb.yaml b/nuclei-templates/2024/CVE-2024-3809-10147d7844868b2801a0e636a99a05eb.yaml
index dc85629670..e95ac9a4a4 100644
--- a/nuclei-templates/2024/CVE-2024-3809-10147d7844868b2801a0e636a99a05eb.yaml
+++ b/nuclei-templates/2024/CVE-2024-3809-10147d7844868b2801a0e636a99a05eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/porto-functionality/"
     google-query: inurl:"/wp-content/plugins/porto-functionality/"
     shodan-query: 'vuln:CVE-2024-3809'
-  tags: cve,wordpress,wp-plugin,porto-functionality,high
+  tags: cve,wordpress,wp-plugin,porto-functionality,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3818-670002c777730edbb2cb892efe1340bc.yaml b/nuclei-templates/2024/CVE-2024-3818-670002c777730edbb2cb892efe1340bc.yaml
index e7b73d4cbb..a6a99c0e25 100644
--- a/nuclei-templates/2024/CVE-2024-3818-670002c777730edbb2cb892efe1340bc.yaml
+++ b/nuclei-templates/2024/CVE-2024-3818-670002c777730edbb2cb892efe1340bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-blocks/"
     google-query: inurl:"/wp-content/plugins/essential-blocks/"
     shodan-query: 'vuln:CVE-2024-3818'
-  tags: cve,wordpress,wp-plugin,essential-blocks,medium
+  tags: cve,wordpress,wp-plugin,essential-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3819-8abead7c575d5ff9d8bcc0c1daac4379.yaml b/nuclei-templates/2024/CVE-2024-3819-8abead7c575d5ff9d8bcc0c1daac4379.yaml
index d76df95a1a..f194b4b7f7 100644
--- a/nuclei-templates/2024/CVE-2024-3819-8abead7c575d5ff9d8bcc0c1daac4379.yaml
+++ b/nuclei-templates/2024/CVE-2024-3819-8abead7c575d5ff9d8bcc0c1daac4379.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jeg-elementor-kit/"
     google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/"
     shodan-query: 'vuln:CVE-2024-3819'
-  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,medium
+  tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3828-995df7f208463f40decef18bc20c7cae.yaml b/nuclei-templates/2024/CVE-2024-3828-995df7f208463f40decef18bc20c7cae.yaml
index ea7939d730..309c33f332 100644
--- a/nuclei-templates/2024/CVE-2024-3828-995df7f208463f40decef18bc20c7cae.yaml
+++ b/nuclei-templates/2024/CVE-2024-3828-995df7f208463f40decef18bc20c7cae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated attackers, with author-level access and above, to create administrator-level accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spectra-pro/"
     google-query: inurl:"/wp-content/plugins/spectra-pro/"
     shodan-query: 'vuln:CVE-2024-3828'
-  tags: cve,wordpress,wp-plugin,spectra-pro,high
+  tags: cve,wordpress,wp-plugin,spectra-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3831-82e1dbec0eac00504fe2d5c8d1c53a7b.yaml b/nuclei-templates/2024/CVE-2024-3831-82e1dbec0eac00504fe2d5c8d1c53a7b.yaml
index a223176ad5..3a2f97e622 100644
--- a/nuclei-templates/2024/CVE-2024-3831-82e1dbec0eac00504fe2d5c8d1c53a7b.yaml
+++ b/nuclei-templates/2024/CVE-2024-3831-82e1dbec0eac00504fe2d5c8d1c53a7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enteraddons/"
     google-query: inurl:"/wp-content/plugins/enteraddons/"
     shodan-query: 'vuln:CVE-2024-3831'
-  tags: cve,wordpress,wp-plugin,enteraddons,medium
+  tags: cve,wordpress,wp-plugin,enteraddons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3849-902cce6bbff4fff8307b6fb241b9a8f3.yaml b/nuclei-templates/2024/CVE-2024-3849-902cce6bbff4fff8307b6fb241b9a8f3.yaml
index 1027f507fb..165da95002 100644
--- a/nuclei-templates/2024/CVE-2024-3849-902cce6bbff4fff8307b6fb241b9a8f3.yaml
+++ b/nuclei-templates/2024/CVE-2024-3849-902cce6bbff4fff8307b6fb241b9a8f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Click to Chat – HoliThemes <= 3.35 - Authenticated (Contributor+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/click-to-chat-for-whatsapp/"
     google-query: inurl:"/wp-content/plugins/click-to-chat-for-whatsapp/"
     shodan-query: 'vuln:CVE-2024-3849'
-  tags: cve,wordpress,wp-plugin,click-to-chat-for-whatsapp,high
+  tags: cve,wordpress,wp-plugin,click-to-chat-for-whatsapp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3868-0a3b78fadad1468caa114f49c5837f3b.yaml b/nuclei-templates/2024/CVE-2024-3868-0a3b78fadad1468caa114f49c5837f3b.yaml
index e858a83ed6..99c5ff2077 100644
--- a/nuclei-templates/2024/CVE-2024-3868-0a3b78fadad1468caa114f49c5837f3b.yaml
+++ b/nuclei-templates/2024/CVE-2024-3868-0a3b78fadad1468caa114f49c5837f3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/folders/"
     google-query: inurl:"/wp-content/plugins/folders/"
     shodan-query: 'vuln:CVE-2024-3868'
-  tags: cve,wordpress,wp-plugin,folders,medium
+  tags: cve,wordpress,wp-plugin,folders,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3869-5b09804fb0f54f039756dc2dbfaca10d.yaml b/nuclei-templates/2024/CVE-2024-3869-5b09804fb0f54f039756dc2dbfaca10d.yaml
index db71e763a6..b7537f0084 100644
--- a/nuclei-templates/2024/CVE-2024-3869-5b09804fb0f54f039756dc2dbfaca10d.yaml
+++ b/nuclei-templates/2024/CVE-2024-3869-5b09804fb0f54f039756dc2dbfaca10d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-reviews-woocommerce/"
     google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/"
     shodan-query: 'vuln:CVE-2024-3869'
-  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3883-62c7b160f34bc3f3dc184557c1c06a9e.yaml b/nuclei-templates/2024/CVE-2024-3883-62c7b160f34bc3f3dc184557c1c06a9e.yaml
index ba5fc75246..a3134795be 100644
--- a/nuclei-templates/2024/CVE-2024-3883-62c7b160f34bc3f3dc184557c1c06a9e.yaml
+++ b/nuclei-templates/2024/CVE-2024-3883-62c7b160f34bc3f3dc184557c1c06a9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3D FlipBook <= 1.15.4 - Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/"
     google-query: inurl:"/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/"
     shodan-query: 'vuln:CVE-2024-3883'
-  tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,medium
+  tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3885-a48eaf0c735b82aaff5677d4812dc0a7.yaml b/nuclei-templates/2024/CVE-2024-3885-a48eaf0c735b82aaff5677d4812dc0a7.yaml
index fdcff62662..4d45214a79 100644
--- a/nuclei-templates/2024/CVE-2024-3885-a48eaf0c735b82aaff5677d4812dc0a7.yaml
+++ b/nuclei-templates/2024/CVE-2024-3885-a48eaf0c735b82aaff5677d4812dc0a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the subcontainer value parameter in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3885'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3889-fffeaa1f78027e80b8c9ac73b2739073.yaml b/nuclei-templates/2024/CVE-2024-3889-fffeaa1f78027e80b8c9ac73b2739073.yaml
index 4bd680ca82..850e20276b 100644
--- a/nuclei-templates/2024/CVE-2024-3889-fffeaa1f78027e80b8c9ac73b2739073.yaml
+++ b/nuclei-templates/2024/CVE-2024-3889-fffeaa1f78027e80b8c9ac73b2739073.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via  Advanced Accordion Title Tags
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes like 'accordion_title_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-3889'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3890-554f77c669d0419c047d6805cc30482d.yaml b/nuclei-templates/2024/CVE-2024-3890-554f77c669d0419c047d6805cc30482d.yaml
index 384e571f42..1c324ce156 100644
--- a/nuclei-templates/2024/CVE-2024-3890-554f77c669d0419c047d6805cc30482d.yaml
+++ b/nuclei-templates/2024/CVE-2024-3890-554f77c669d0419c047d6805cc30482d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-3890'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3891-72139ddfa4b65d7bc5dd06dc24f01748.yaml b/nuclei-templates/2024/CVE-2024-3891-72139ddfa4b65d7bc5dd06dc24f01748.yaml
index af76c5c726..86420160b4 100644
--- a/nuclei-templates/2024/CVE-2024-3891-72139ddfa4b65d7bc5dd06dc24f01748.yaml
+++ b/nuclei-templates/2024/CVE-2024-3891-72139ddfa4b65d7bc5dd06dc24f01748.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:CVE-2024-3891'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3893-f4bbfecaa3b9697ac9c466359f202f2b.yaml b/nuclei-templates/2024/CVE-2024-3893-f4bbfecaa3b9697ac9c466359f202f2b.yaml
index 3b0c4e7f29..a40c1d54b3 100644
--- a/nuclei-templates/2024/CVE-2024-3893-f4bbfecaa3b9697ac9c466359f202f2b.yaml
+++ b/nuclei-templates/2024/CVE-2024-3893-f4bbfecaa3b9697ac9c466359f202f2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/classified-listing/"
     google-query: inurl:"/wp-content/plugins/classified-listing/"
     shodan-query: 'vuln:CVE-2024-3893'
-  tags: cve,wordpress,wp-plugin,classified-listing,medium
+  tags: cve,wordpress,wp-plugin,classified-listing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3895-e6aa8433ac2636bbe0e1dd25466b1760.yaml b/nuclei-templates/2024/CVE-2024-3895-e6aa8433ac2636bbe0e1dd25466b1760.yaml
index d4de509f1d..c9aeffb708 100644
--- a/nuclei-templates/2024/CVE-2024-3895-e6aa8433ac2636bbe0e1dd25466b1760.yaml
+++ b/nuclei-templates/2024/CVE-2024-3895-e6aa8433ac2636bbe0e1dd25466b1760.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with  subscriber-level access and above, to update arbitrary options that can be used for privilege escalation. This was partially patched in 2.0.9 and 2.1.0, and fully patched in 2.1.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-datepicker/"
     google-query: inurl:"/wp-content/plugins/wp-datepicker/"
     shodan-query: 'vuln:CVE-2024-3895'
-  tags: cve,wordpress,wp-plugin,wp-datepicker,high
+  tags: cve,wordpress,wp-plugin,wp-datepicker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3897-74192cf75d7a306906b056f839712e82.yaml b/nuclei-templates/2024/CVE-2024-3897-74192cf75d7a306906b056f839712e82.yaml
index 7948d7fff2..d26d7a7a78 100644
--- a/nuclei-templates/2024/CVE-2024-3897-74192cf75d7a306906b056f839712e82.yaml
+++ b/nuclei-templates/2024/CVE-2024-3897-74192cf75d7a306906b056f839712e82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all emails registered on the website.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-popup-box/"
     google-query: inurl:"/wp-content/plugins/ays-popup-box/"
     shodan-query: 'vuln:CVE-2024-3897'
-  tags: cve,wordpress,wp-plugin,ays-popup-box,medium
+  tags: cve,wordpress,wp-plugin,ays-popup-box,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3915-0b02214c516fa5bc85822569a5b642f2.yaml b/nuclei-templates/2024/CVE-2024-3915-0b02214c516fa5bc85822569a5b642f2.yaml
index 6909be7973..2b9f05bde3 100644
--- a/nuclei-templates/2024/CVE-2024-3915-0b02214c516fa5bc85822569a5b642f2.yaml
+++ b/nuclei-templates/2024/CVE-2024-3915-0b02214c516fa5bc85822569a5b642f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Swift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary posts with arbitrary content. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/swift-framework/"
     google-query: inurl:"/wp-content/plugins/swift-framework/"
     shodan-query: 'vuln:CVE-2024-3915'
-  tags: cve,wordpress,wp-plugin,swift-framework,medium
+  tags: cve,wordpress,wp-plugin,swift-framework,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3916-f58e0fb779a935f032e6158130723d4e.yaml b/nuclei-templates/2024/CVE-2024-3916-f58e0fb779a935f032e6158130723d4e.yaml
index 434704d306..56e829a56b 100644
--- a/nuclei-templates/2024/CVE-2024-3916-f58e0fb779a935f032e6158130723d4e.yaml
+++ b/nuclei-templates/2024/CVE-2024-3916-f58e0fb779a935f032e6158130723d4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/swift-framework/"
     google-query: inurl:"/wp-content/plugins/swift-framework/"
     shodan-query: 'vuln:CVE-2024-3916'
-  tags: cve,wordpress,wp-plugin,swift-framework,medium
+  tags: cve,wordpress,wp-plugin,swift-framework,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3918-1e104d6bab1fb28ec84c0ed01b4f6113.yaml b/nuclei-templates/2024/CVE-2024-3918-1e104d6bab1fb28ec84c0ed01b4f6113.yaml
index 94dba000f3..4b5a401612 100644
--- a/nuclei-templates/2024/CVE-2024-3918-1e104d6bab1fb28ec84c0ed01b4f6113.yaml
+++ b/nuclei-templates/2024/CVE-2024-3918-1e104d6bab1fb28ec84c0ed01b4f6113.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pet Manager <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pet-manager/"
     google-query: inurl:"/wp-content/plugins/pet-manager/"
     shodan-query: 'vuln:CVE-2024-3918'
-  tags: cve,wordpress,wp-plugin,pet-manager,medium
+  tags: cve,wordpress,wp-plugin,pet-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3920-466a1f62f3b9e3cbc883b22ebc0c11de.yaml b/nuclei-templates/2024/CVE-2024-3920-466a1f62f3b9e3cbc883b22ebc0c11de.yaml
index 1fa03e71c5..fb3c218988 100644
--- a/nuclei-templates/2024/CVE-2024-3920-466a1f62f3b9e3cbc883b22ebc0c11de.yaml
+++ b/nuclei-templates/2024/CVE-2024-3920-466a1f62f3b9e3cbc883b22ebc0c11de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flattr <= 1.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Flattr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flattr/"
     google-query: inurl:"/wp-content/plugins/flattr/"
     shodan-query: 'vuln:CVE-2024-3920'
-  tags: cve,wordpress,wp-plugin,flattr,medium
+  tags: cve,wordpress,wp-plugin,flattr,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3923-c20cb20ff14b1ed9f84a7525784a41bc.yaml b/nuclei-templates/2024/CVE-2024-3923-c20cb20ff14b1ed9f84a7525784a41bc.yaml
index da9e9ee188..f16cd5c285 100644
--- a/nuclei-templates/2024/CVE-2024-3923-c20cb20ff14b1ed9f84a7525784a41bc.yaml
+++ b/nuclei-templates/2024/CVE-2024-3923-c20cb20ff14b1ed9f84a7525784a41bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2024-3923'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3929-f50e7448551c79441add3846b2a5874b.yaml b/nuclei-templates/2024/CVE-2024-3929-f50e7448551c79441add3846b2a5874b.yaml
index 222136302b..eb3f18ec43 100644
--- a/nuclei-templates/2024/CVE-2024-3929-f50e7448551c79441add3846b2a5874b.yaml
+++ b/nuclei-templates/2024/CVE-2024-3929-f50e7448551c79441add3846b2a5874b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the  Widget Post Overlay block in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-views-query-and-display-post-page/"
     google-query: inurl:"/wp-content/plugins/content-views-query-and-display-post-page/"
     shodan-query: 'vuln:CVE-2024-3929'
-  tags: cve,wordpress,wp-plugin,content-views-query-and-display-post-page,medium
+  tags: cve,wordpress,wp-plugin,content-views-query-and-display-post-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3936-aa24420637d5fac56ca63b2271fa8b9f.yaml b/nuclei-templates/2024/CVE-2024-3936-aa24420637d5fac56ca63b2271fa8b9f.yaml
index a16da3c97f..ec6b9c7661 100644
--- a/nuclei-templates/2024/CVE-2024-3936-aa24420637d5fac56ca63b2271fa8b9f.yaml
+++ b/nuclei-templates/2024/CVE-2024-3936-aa24420637d5fac56ca63b2271fa8b9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with subscriber access or higher, to change the plugin's settings and invoke other functions hooked by AJAX actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-post-grid/"
     google-query: inurl:"/wp-content/plugins/the-post-grid/"
     shodan-query: 'vuln:CVE-2024-3936'
-  tags: cve,wordpress,wp-plugin,the-post-grid,medium
+  tags: cve,wordpress,wp-plugin,the-post-grid,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3939-b0853238e27436d970fc9e4c9b697d95.yaml b/nuclei-templates/2024/CVE-2024-3939-b0853238e27436d970fc9e4c9b697d95.yaml
index d36f606f6e..1e626a50e7 100644
--- a/nuclei-templates/2024/CVE-2024-3939-b0853238e27436d970fc9e4c9b697d95.yaml
+++ b/nuclei-templates/2024/CVE-2024-3939-b0853238e27436d970fc9e4c9b697d95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ditty <= 3.1.35 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default new tab parameter in all versions up to, and including, 3.1.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ditty-news-ticker/"
     google-query: inurl:"/wp-content/plugins/ditty-news-ticker/"
     shodan-query: 'vuln:CVE-2024-3939'
-  tags: cve,wordpress,wp-plugin,ditty-news-ticker,medium
+  tags: cve,wordpress,wp-plugin,ditty-news-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3942-44e1f2ffb01f5ea3ea36f27a7c236058.yaml b/nuclei-templates/2024/CVE-2024-3942-44e1f2ffb01f5ea3ea36f27a7c236058.yaml
index f7f6a82799..748a506a20 100644
--- a/nuclei-templates/2024/CVE-2024-3942-44e1f2ffb01f5ea3ea36f27a7c236058.yaml
+++ b/nuclei-templates/2024/CVE-2024-3942-44e1f2ffb01f5ea3ea36f27a7c236058.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/"
     google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/"
     shodan-query: 'vuln:CVE-2024-3942'
-  tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,medium
+  tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3952-e81a4620e336feb8f24131c8ad7dbdcc.yaml b/nuclei-templates/2024/CVE-2024-3952-e81a4620e336feb8f24131c8ad7dbdcc.yaml
index 658b6fb1bf..aa2734c5e0 100644
--- a/nuclei-templates/2024/CVE-2024-3952-e81a4620e336feb8f24131c8ad7dbdcc.yaml
+++ b/nuclei-templates/2024/CVE-2024-3952-e81a4620e336feb8f24131c8ad7dbdcc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-ads/"
     google-query: inurl:"/wp-content/plugins/advanced-ads/"
     shodan-query: 'vuln:CVE-2024-3952'
-  tags: cve,wordpress,wp-plugin,advanced-ads,medium
+  tags: cve,wordpress,wp-plugin,advanced-ads,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3954-f95f25f2a333f8597e744c121fcbe5fe.yaml b/nuclei-templates/2024/CVE-2024-3954-f95f25f2a333f8597e744c121fcbe5fe.yaml
index c920b8b70a..c6c6f28608 100644
--- a/nuclei-templates/2024/CVE-2024-3954-f95f25f2a333f8597e744c121fcbe5fe.yaml
+++ b/nuclei-templates/2024/CVE-2024-3954-f95f25f2a333f8597e744c121fcbe5fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ditty-news-ticker/"
     google-query: inurl:"/wp-content/plugins/ditty-news-ticker/"
     shodan-query: 'vuln:CVE-2024-3954'
-  tags: cve,wordpress,wp-plugin,ditty-news-ticker,high
+  tags: cve,wordpress,wp-plugin,ditty-news-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3956-d5266edec4a9e9c793fa60a9c89f4ac5.yaml b/nuclei-templates/2024/CVE-2024-3956-d5266edec4a9e9c793fa60a9c89f4ac5.yaml
index e0b33a6a2c..c464bf2a2c 100644
--- a/nuclei-templates/2024/CVE-2024-3956-d5266edec4a9e9c793fa60a9c89f4ac5.yaml
+++ b/nuclei-templates/2024/CVE-2024-3956-d5266edec4a9e9c793fa60a9c89f4ac5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pods/"
     google-query: inurl:"/wp-content/plugins/pods/"
     shodan-query: 'vuln:CVE-2024-3956'
-  tags: cve,wordpress,wp-plugin,pods,medium
+  tags: cve,wordpress,wp-plugin,pods,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3974-430f35a9a91f48c97c43930a9ef1c8e0.yaml b/nuclei-templates/2024/CVE-2024-3974-430f35a9a91f48c97c43930a9ef1c8e0.yaml
index a502b5bffc..3861d35842 100644
--- a/nuclei-templates/2024/CVE-2024-3974-430f35a9a91f48c97c43930a9ef1c8e0.yaml
+++ b/nuclei-templates/2024/CVE-2024-3974-430f35a9a91f48c97c43930a9ef1c8e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress <= 12.4.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress/"
     google-query: inurl:"/wp-content/plugins/buddypress/"
     shodan-query: 'vuln:CVE-2024-3974'
-  tags: cve,wordpress,wp-plugin,buddypress,medium
+  tags: cve,wordpress,wp-plugin,buddypress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3985-27f5aa34f1beb8f61eb1e953a98567c3.yaml b/nuclei-templates/2024/CVE-2024-3985-27f5aa34f1beb8f61eb1e953a98567c3.yaml
index 9faaa77157..e431ac5418 100644
--- a/nuclei-templates/2024/CVE-2024-3985-27f5aa34f1beb8f61eb1e953a98567c3.yaml
+++ b/nuclei-templates/2024/CVE-2024-3985-27f5aa34f1beb8f61eb1e953a98567c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3985'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3988-4db0da089db1959632856d530ba9ce1d.yaml b/nuclei-templates/2024/CVE-2024-3988-4db0da089db1959632856d530ba9ce1d.yaml
index 6d62adeee5..e3dd68ff5b 100644
--- a/nuclei-templates/2024/CVE-2024-3988-4db0da089db1959632856d530ba9ce1d.yaml
+++ b/nuclei-templates/2024/CVE-2024-3988-4db0da089db1959632856d530ba9ce1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sina-extension-for-elementor/"
     google-query: inurl:"/wp-content/plugins/sina-extension-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3988'
-  tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3989-885b11bd05584acc3850df4149714f79.yaml b/nuclei-templates/2024/CVE-2024-3989-885b11bd05584acc3850df4149714f79.yaml
index a7fcc9a723..70b92615c2 100644
--- a/nuclei-templates/2024/CVE-2024-3989-885b11bd05584acc3850df4149714f79.yaml
+++ b/nuclei-templates/2024/CVE-2024-3989-885b11bd05584acc3850df4149714f79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3989'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3990-01300894d57947b3560cabf2dbbcd115.yaml b/nuclei-templates/2024/CVE-2024-3990-01300894d57947b3560cabf2dbbcd115.yaml
index 36c2adcd65..10989cdfdf 100644
--- a/nuclei-templates/2024/CVE-2024-3990-01300894d57947b3560cabf2dbbcd115.yaml
+++ b/nuclei-templates/2024/CVE-2024-3990-01300894d57947b3560cabf2dbbcd115.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ht-mega-for-elementor/"
     google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/"
     shodan-query: 'vuln:CVE-2024-3990'
-  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3991-092f1fde35361407c0c7db51482b885d.yaml b/nuclei-templates/2024/CVE-2024-3991-092f1fde35361407c0c7db51482b885d.yaml
index 668014803b..43ac43991c 100644
--- a/nuclei-templates/2024/CVE-2024-3991-092f1fde35361407c0c7db51482b885d.yaml
+++ b/nuclei-templates/2024/CVE-2024-3991-092f1fde35361407c0c7db51482b885d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.7 - Authenticated (contributor+) Stored Cross-Site Scripting via _id
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute in the Horizontal Product Filter in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woolentor-addons/"
     google-query: inurl:"/wp-content/plugins/woolentor-addons/"
     shodan-query: 'vuln:CVE-2024-3991'
-  tags: cve,wordpress,wp-plugin,woolentor-addons,medium
+  tags: cve,wordpress,wp-plugin,woolentor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-3994-1b5a3539f272e50644f8022d37b4430b.yaml b/nuclei-templates/2024/CVE-2024-3994-1b5a3539f272e50644f8022d37b4430b.yaml
index aa88f95ab2..a066faf851 100644
--- a/nuclei-templates/2024/CVE-2024-3994-1b5a3539f272e50644f8022d37b4430b.yaml
+++ b/nuclei-templates/2024/CVE-2024-3994-1b5a3539f272e50644f8022d37b4430b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:CVE-2024-3994'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4000-820928972f49f35fc134f49ec2dd204c.yaml b/nuclei-templates/2024/CVE-2024-4000-820928972f49f35fc134f49ec2dd204c.yaml
index 95e45316ac..8dfcc42531 100644
--- a/nuclei-templates/2024/CVE-2024-4000-820928972f49f35fc134f49ec2dd204c.yaml
+++ b/nuclei-templates/2024/CVE-2024-4000-820928972f49f35fc134f49ec2dd204c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Header Builder Plugin – Pearl <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_hb' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pearl-header-builder/"
     google-query: inurl:"/wp-content/plugins/pearl-header-builder/"
     shodan-query: 'vuln:CVE-2024-4000'
-  tags: cve,wordpress,wp-plugin,pearl-header-builder,medium
+  tags: cve,wordpress,wp-plugin,pearl-header-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4003-da6c348f533c2442c083b7568ed9771b.yaml b/nuclei-templates/2024/CVE-2024-4003-da6c348f533c2442c083b7568ed9771b.yaml
index e2f5778413..1c49bf614f 100644
--- a/nuclei-templates/2024/CVE-2024-4003-da6c348f533c2442c083b7568ed9771b.yaml
+++ b/nuclei-templates/2024/CVE-2024-4003-da6c348f533c2442c083b7568ed9771b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_team_members_image_rounded parameter in the Team Members widget in all versions up to, and including, 5.9.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-4003'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4014-7b33ec746697457281bd9e42aec2f348.yaml b/nuclei-templates/2024/CVE-2024-4014-7b33ec746697457281bd9e42aec2f348.yaml
index 1b666844c8..3e76212ba9 100644
--- a/nuclei-templates/2024/CVE-2024-4014-7b33ec746697457281bd9e42aec2f348.yaml
+++ b/nuclei-templates/2024/CVE-2024-4014-7b33ec746697457281bd9e42aec2f348.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     hCaptcha for WordPress <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hcaptcha-for-forms-and-more/"
     google-query: inurl:"/wp-content/plugins/hcaptcha-for-forms-and-more/"
     shodan-query: 'vuln:CVE-2024-4014'
-  tags: cve,wordpress,wp-plugin,hcaptcha-for-forms-and-more,medium
+  tags: cve,wordpress,wp-plugin,hcaptcha-for-forms-and-more,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4033-411b1116f71957083ea7a80c47e56945.yaml b/nuclei-templates/2024/CVE-2024-4033-411b1116f71957083ea7a80c47e56945.yaml
index 94ff2ee957..41688e8e26 100644
--- a/nuclei-templates/2024/CVE-2024-4033-411b1116f71957083ea7a80c47e56945.yaml
+++ b/nuclei-templates/2024/CVE-2024-4033-411b1116f71957083ea7a80c47e56945.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-video-gallery/"
     google-query: inurl:"/wp-content/plugins/all-in-one-video-gallery/"
     shodan-query: 'vuln:CVE-2024-4033'
-  tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,high
+  tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4034-2d42369e26f63aede3d7de3de1ae9995.yaml b/nuclei-templates/2024/CVE-2024-4034-2d42369e26f63aede3d7de3de1ae9995.yaml
index f42f30b45a..f4434b6689 100644
--- a/nuclei-templates/2024/CVE-2024-4034-2d42369e26f63aede3d7de3de1ae9995.yaml
+++ b/nuclei-templates/2024/CVE-2024-4034-2d42369e26f63aede3d7de3de1ae9995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Virtue <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/virtue/"
     google-query: inurl:"/wp-content/themes/virtue/"
     shodan-query: 'vuln:CVE-2024-4034'
-  tags: cve,wordpress,wp-theme,virtue,medium
+  tags: cve,wordpress,wp-theme,virtue,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4035-931f5de56d92dfa4c2d39579eb08aff8.yaml b/nuclei-templates/2024/CVE-2024-4035-931f5de56d92dfa4c2d39579eb08aff8.yaml
index 1ae7a0ee4d..caec450a3f 100644
--- a/nuclei-templates/2024/CVE-2024-4035-931f5de56d92dfa4c2d39579eb08aff8.yaml
+++ b/nuclei-templates/2024/CVE-2024-4035-931f5de56d92dfa4c2d39579eb08aff8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.21 - Authenticated (Author+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gt3-photo-video-gallery/"
     google-query: inurl:"/wp-content/plugins/gt3-photo-video-gallery/"
     shodan-query: 'vuln:CVE-2024-4035'
-  tags: cve,wordpress,wp-plugin,gt3-photo-video-gallery,medium
+  tags: cve,wordpress,wp-plugin,gt3-photo-video-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4036-f499e4efa4d99d7d76254d2c3b103977.yaml b/nuclei-templates/2024/CVE-2024-4036-f499e4efa4d99d7d76254d2c3b103977.yaml
index 1db64d0cb3..abcb4b3019 100644
--- a/nuclei-templates/2024/CVE-2024-4036-f499e4efa4d99d7d76254d2c3b103977.yaml
+++ b/nuclei-templates/2024/CVE-2024-4036-f499e4efa4d99d7d76254d2c3b103977.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sydney-toolbox/"
     google-query: inurl:"/wp-content/plugins/sydney-toolbox/"
     shodan-query: 'vuln:CVE-2024-4036'
-  tags: cve,wordpress,wp-plugin,sydney-toolbox,medium
+  tags: cve,wordpress,wp-plugin,sydney-toolbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4085-2b530454070b0701fff7ade24fa23420.yaml b/nuclei-templates/2024/CVE-2024-4085-2b530454070b0701fff7ade24fa23420.yaml
index 9e99f4eb42..bde17b3ec5 100644
--- a/nuclei-templates/2024/CVE-2024-4085-2b530454070b0701fff7ade24fa23420.yaml
+++ b/nuclei-templates/2024/CVE-2024-4085-2b530454070b0701fff7ade24fa23420.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tabellen von faustball.com <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Tabellen von faustball.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/docollipics-faustball-de/"
     google-query: inurl:"/wp-content/plugins/docollipics-faustball-de/"
     shodan-query: 'vuln:CVE-2024-4085'
-  tags: cve,wordpress,wp-plugin,docollipics-faustball-de,medium
+  tags: cve,wordpress,wp-plugin,docollipics-faustball-de,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4092-27d3cbadcfb0487ad424f81cd866c990.yaml b/nuclei-templates/2024/CVE-2024-4092-27d3cbadcfb0487ad424f81cd866c990.yaml
index e742b2f8a3..1828f8d630 100644
--- a/nuclei-templates/2024/CVE-2024-4092-27d3cbadcfb0487ad424f81cd866c990.yaml
+++ b/nuclei-templates/2024/CVE-2024-4092-27d3cbadcfb0487ad424f81cd866c990.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider Revolution <= 6.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/revslider/"
     google-query: inurl:"/wp-content/plugins/revslider/"
     shodan-query: 'vuln:CVE-2024-4092'
-  tags: cve,wordpress,wp-plugin,revslider,medium
+  tags: cve,wordpress,wp-plugin,revslider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4107-74f6871329004558f0dbc4c0f34288a7.yaml b/nuclei-templates/2024/CVE-2024-4107-74f6871329004558f0dbc4c0f34288a7.yaml
index b8a9291de4..c980e0158e 100644
--- a/nuclei-templates/2024/CVE-2024-4107-74f6871329004558f0dbc4c0f34288a7.yaml
+++ b/nuclei-templates/2024/CVE-2024-4107-74f6871329004558f0dbc4c0f34288a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor-pro/"
     google-query: inurl:"/wp-content/plugins/elementor-pro/"
     shodan-query: 'vuln:CVE-2024-4107'
-  tags: cve,wordpress,wp-plugin,elementor-pro,medium
+  tags: cve,wordpress,wp-plugin,elementor-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4135-2f5edb5bb8d4702a159f34742943af0d.yaml b/nuclei-templates/2024/CVE-2024-4135-2f5edb5bb8d4702a159f34742943af0d.yaml
index 443b960c61..a4850a5492 100644
--- a/nuclei-templates/2024/CVE-2024-4135-2f5edb5bb8d4702a159f34742943af0d.yaml
+++ b/nuclei-templates/2024/CVE-2024-4135-2f5edb5bb8d4702a159f34742943af0d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Latest Posts <= 5.0.7  - Authenticated (Subscriber+) Arbitrary Shortcode Execution
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-latest-posts/"
     google-query: inurl:"/wp-content/plugins/wp-latest-posts/"
     shodan-query: 'vuln:CVE-2024-4135'
-  tags: cve,wordpress,wp-plugin,wp-latest-posts,medium
+  tags: cve,wordpress,wp-plugin,wp-latest-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4156-622d5312417c1581aa63ff2faa690a9c.yaml b/nuclei-templates/2024/CVE-2024-4156-622d5312417c1581aa63ff2faa690a9c.yaml
index 4bb884e10d..2504303549 100644
--- a/nuclei-templates/2024/CVE-2024-4156-622d5312417c1581aa63ff2faa690a9c.yaml
+++ b/nuclei-templates/2024/CVE-2024-4156-622d5312417c1581aa63ff2faa690a9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_event_text_color’ parameter in versions up to, and including, 5.9.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-4156'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4158-924efae616f0032d8047ad716d24a484.yaml b/nuclei-templates/2024/CVE-2024-4158-924efae616f0032d8047ad716d24a484.yaml
index bc4906dd82..f6d30292b6 100644
--- a/nuclei-templates/2024/CVE-2024-4158-924efae616f0032d8047ad716d24a484.yaml
+++ b/nuclei-templates/2024/CVE-2024-4158-924efae616f0032d8047ad716d24a484.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blocksy <= 2.0.42 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/blocksy/"
     google-query: inurl:"/wp-content/themes/blocksy/"
     shodan-query: 'vuln:CVE-2024-4158'
-  tags: cve,wordpress,wp-theme,blocksy,medium
+  tags: cve,wordpress,wp-theme,blocksy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4185-4a3c747c05de1c383de7ec2aa84fdb32.yaml b/nuclei-templates/2024/CVE-2024-4185-4a3c747c05de1c383de7ec2aa84fdb32.yaml
index 9e5c6e30c7..be201d98dd 100644
--- a/nuclei-templates/2024/CVE-2024-4185-4a3c747c05de1c383de7ec2aa84fdb32.yaml
+++ b/nuclei-templates/2024/CVE-2024-4185-4a3c747c05de1c383de7ec2aa84fdb32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Email Verification for WooCommerce <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification, and if both the "Login the user automatically after the account is verified" and "Verify account for current users" options are checked, then it potentially makes it possible for attackers to bypass authentication for other users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/emails-verification-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/emails-verification-for-woocommerce/"
     shodan-query: 'vuln:CVE-2024-4185'
-  tags: cve,wordpress,wp-plugin,emails-verification-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,emails-verification-for-woocommerce,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4193-c2d76074465a6dcb60332d83861a2a8f.yaml b/nuclei-templates/2024/CVE-2024-4193-c2d76074465a6dcb60332d83861a2a8f.yaml
index f191359f79..3f3c944be6 100644
--- a/nuclei-templates/2024/CVE-2024-4193-c2d76074465a6dcb60332d83861a2a8f.yaml
+++ b/nuclei-templates/2024/CVE-2024-4193-c2d76074465a6dcb60332d83861a2a8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-slider/"
     google-query: inurl:"/wp-content/plugins/testimonial-slider/"
     shodan-query: 'vuln:CVE-2024-4193'
-  tags: cve,wordpress,wp-plugin,testimonial-slider,medium
+  tags: cve,wordpress,wp-plugin,testimonial-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4203-17011bf78eb7cb3c3509ef0727f15b97.yaml b/nuclei-templates/2024/CVE-2024-4203-17011bf78eb7cb3c3509ef0727f15b97.yaml
index ac3948e13b..74277f2f12 100644
--- a/nuclei-templates/2024/CVE-2024-4203-17011bf78eb7cb3c3509ef0727f15b97.yaml
+++ b/nuclei-templates/2024/CVE-2024-4203-17011bf78eb7cb3c3509ef0727f15b97.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only affects sites running the premium version of the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:CVE-2024-4203'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4209-19fda0443580ba364718d6332aa05bd3.yaml b/nuclei-templates/2024/CVE-2024-4209-19fda0443580ba364718d6332aa05bd3.yaml
index 0ad8275073..553214bfe6 100644
--- a/nuclei-templates/2024/CVE-2024-4209-19fda0443580ba364718d6332aa05bd3.yaml
+++ b/nuclei-templates/2024/CVE-2024-4209-19fda0443580ba364718d6332aa05bd3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2024-4209'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,medium
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4233-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml b/nuclei-templates/2024/CVE-2024-4233-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml
index 2fae82ab83..642f943f01 100644
--- a/nuclei-templates/2024/CVE-2024-4233-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml
+++ b/nuclei-templates/2024/CVE-2024-4233-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Plugins by tychesoftwares <= (Various Versions) - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Multiple plugins for WordPress by tychesoftwares are vulnerable to unauthorized modification of data due to a missing capability check on the ts_admin_notices() function in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss tracking notices.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2024-4233
   metadata:
-    fofa-query: "wp-content/plugins/arconix-shortcodes/"
-    google-query: inurl:"/wp-content/plugins/arconix-shortcodes/"
+    fofa-query: "wp-content/plugins/woocommerce-delivery-notes/"
+    google-query: inurl:"/wp-content/plugins/woocommerce-delivery-notes/"
     shodan-query: 'vuln:CVE-2024-4233'
-  tags: cve,wordpress,wp-plugin,arconix-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-delivery-notes,high
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/arconix-shortcodes/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/woocommerce-delivery-notes/readme.txt"
 
     extractors:
       - type: regex
@@ -50,9 +50,9 @@ http:
 
       - type: word
         words:
-          - "arconix-shortcodes"
+          - "woocommerce-delivery-notes"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 2.1.10')
\ No newline at end of file
+          - compare_versions(version, '<= 4.8.1')
\ No newline at end of file
diff --git a/nuclei-templates/2024/CVE-2024-4234-0f097e6e2a639803a729d611f2124080.yaml b/nuclei-templates/2024/CVE-2024-4234-0f097e6e2a639803a729d611f2124080.yaml
index 31e4987005..1c8fcda612 100644
--- a/nuclei-templates/2024/CVE-2024-4234-0f097e6e2a639803a729d611f2124080.yaml
+++ b/nuclei-templates/2024/CVE-2024-4234-0f097e6e2a639803a729d611f2124080.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Filterable Portfolio <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Filterable Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jungbillig-portfolio-gallery/"
     google-query: inurl:"/wp-content/plugins/jungbillig-portfolio-gallery/"
     shodan-query: 'vuln:CVE-2024-4234'
-  tags: cve,wordpress,wp-plugin,jungbillig-portfolio-gallery,medium
+  tags: cve,wordpress,wp-plugin,jungbillig-portfolio-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4265-5f2ebf4302880b4451790eb5366fdd55.yaml b/nuclei-templates/2024/CVE-2024-4265-5f2ebf4302880b4451790eb5366fdd55.yaml
index 4d11872ab0..a907334b47 100644
--- a/nuclei-templates/2024/CVE-2024-4265-5f2ebf4302880b4451790eb5366fdd55.yaml
+++ b/nuclei-templates/2024/CVE-2024-4265-5f2ebf4302880b4451790eb5366fdd55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.5.9 - Contributor+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-addons/"
     google-query: inurl:"/wp-content/plugins/master-addons/"
     shodan-query: 'vuln:CVE-2024-4265'
-  tags: cve,wordpress,wp-plugin,master-addons,medium
+  tags: cve,wordpress,wp-plugin,master-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4275-24bb86aa2326eca80531d492521a5d29.yaml b/nuclei-templates/2024/CVE-2024-4275-24bb86aa2326eca80531d492521a5d29.yaml
index 587a915ec7..6106649393 100644
--- a/nuclei-templates/2024/CVE-2024-4275-24bb86aa2326eca80531d492521a5d29.yaml
+++ b/nuclei-templates/2024/CVE-2024-4275-24bb86aa2326eca80531d492521a5d29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-4275'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4277-35cfad6b28404a58bea291114a1dac41.yaml b/nuclei-templates/2024/CVE-2024-4277-35cfad6b28404a58bea291114a1dac41.yaml
index cb7a942a92..f5770270eb 100644
--- a/nuclei-templates/2024/CVE-2024-4277-35cfad6b28404a58bea291114a1dac41.yaml
+++ b/nuclei-templates/2024/CVE-2024-4277-35cfad6b28404a58bea291114a1dac41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2024-4277'
-  tags: cve,wordpress,wp-plugin,learnpress,medium
+  tags: cve,wordpress,wp-plugin,learnpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4280-5442adae59d3e3922670d74f56222668.yaml b/nuclei-templates/2024/CVE-2024-4280-5442adae59d3e3922670d74f56222668.yaml
index b11302a013..b149b801f7 100644
--- a/nuclei-templates/2024/CVE-2024-4280-5442adae59d3e3922670d74f56222668.yaml
+++ b/nuclei-templates/2024/CVE-2024-4280-5442adae59d3e3922670d74f56222668.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/white-label-cms/"
     google-query: inurl:"/wp-content/plugins/white-label-cms/"
     shodan-query: 'vuln:CVE-2024-4280'
-  tags: cve,wordpress,wp-plugin,white-label-cms,medium
+  tags: cve,wordpress,wp-plugin,white-label-cms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4281-56c2ef2b70cad0dbe9025809ba135de2.yaml b/nuclei-templates/2024/CVE-2024-4281-56c2ef2b70cad0dbe9025809ba135de2.yaml
index 05ef2ee409..5409c1dcb0 100644
--- a/nuclei-templates/2024/CVE-2024-4281-56c2ef2b70cad0dbe9025809ba135de2.yaml
+++ b/nuclei-templates/2024/CVE-2024-4281-56c2ef2b70cad0dbe9025809ba135de2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link Library <= 7.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via link-library Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-library/"
     google-query: inurl:"/wp-content/plugins/link-library/"
     shodan-query: 'vuln:CVE-2024-4281'
-  tags: cve,wordpress,wp-plugin,link-library,medium
+  tags: cve,wordpress,wp-plugin,link-library,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4290-579cd3fc5c2399656d85cbe343c14eef.yaml b/nuclei-templates/2024/CVE-2024-4290-579cd3fc5c2399656d85cbe343c14eef.yaml
index fcd95bfc1a..d68f1460ee 100644
--- a/nuclei-templates/2024/CVE-2024-4290-579cd3fc5c2399656d85cbe343c14eef.yaml
+++ b/nuclei-templates/2024/CVE-2024-4290-579cd3fc5c2399656d85cbe343c14eef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sailthru Triggermail <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sailthru Triggermail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sailthru-triggermail/"
     google-query: inurl:"/wp-content/plugins/sailthru-triggermail/"
     shodan-query: 'vuln:CVE-2024-4290'
-  tags: cve,wordpress,wp-plugin,sailthru-triggermail,medium
+  tags: cve,wordpress,wp-plugin,sailthru-triggermail,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4316-55354669981e5b8e2367ee7fd327c426.yaml b/nuclei-templates/2024/CVE-2024-4316-55354669981e5b8e2367ee7fd327c426.yaml
index 9900cdfd53..570b9f8b26 100644
--- a/nuclei-templates/2024/CVE-2024-4316-55354669981e5b8e2367ee7fd327c426.yaml
+++ b/nuclei-templates/2024/CVE-2024-4316-55354669981e5b8e2367ee7fd327c426.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:CVE-2024-4316'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4324-d27fa19d4b96ffbe2e62694bb7f786a1.yaml b/nuclei-templates/2024/CVE-2024-4324-d27fa19d4b96ffbe2e62694bb7f786a1.yaml
index bce40cba6d..a8e5ba64f7 100644
--- a/nuclei-templates/2024/CVE-2024-4324-d27fa19d4b96ffbe2e62694bb7f786a1.yaml
+++ b/nuclei-templates/2024/CVE-2024-4324-d27fa19d4b96ffbe2e62694bb7f786a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Video Lightbox <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Video Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-video-lightbox/"
     google-query: inurl:"/wp-content/plugins/wp-video-lightbox/"
     shodan-query: 'vuln:CVE-2024-4324'
-  tags: cve,wordpress,wp-plugin,wp-video-lightbox,medium
+  tags: cve,wordpress,wp-plugin,wp-video-lightbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4329-1eee2854f94957b31e7d0d2d3c4c5271.yaml b/nuclei-templates/2024/CVE-2024-4329-1eee2854f94957b31e7d0d2d3c4c5271.yaml
index 8b14265135..a5400d24bf 100644
--- a/nuclei-templates/2024/CVE-2024-4329-1eee2854f94957b31e7d0d2d3c4c5271.yaml
+++ b/nuclei-templates/2024/CVE-2024-4329-1eee2854f94957b31e7d0d2d3c4c5271.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thim-elementor-kit/"
     google-query: inurl:"/wp-content/plugins/thim-elementor-kit/"
     shodan-query: 'vuln:CVE-2024-4329'
-  tags: cve,wordpress,wp-plugin,thim-elementor-kit,medium
+  tags: cve,wordpress,wp-plugin,thim-elementor-kit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4334-21942b6e9d955d0155ca56bc416fed6c.yaml b/nuclei-templates/2024/CVE-2024-4334-21942b6e9d955d0155ca56bc416fed6c.yaml
index 1e926d18cd..146bfb8d2e 100644
--- a/nuclei-templates/2024/CVE-2024-4334-21942b6e9d955d0155ca56bc416fed6c.yaml
+++ b/nuclei-templates/2024/CVE-2024-4334-21942b6e9d955d0155ca56bc416fed6c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the ‘typing_cursor’ parameter in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supreme-modules-for-divi/"
     google-query: inurl:"/wp-content/plugins/supreme-modules-for-divi/"
     shodan-query: 'vuln:CVE-2024-4334'
-  tags: cve,wordpress,wp-plugin,supreme-modules-for-divi,medium
+  tags: cve,wordpress,wp-plugin,supreme-modules-for-divi,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4335-3cd75b090f3018ee840ae18474ab15b1.yaml b/nuclei-templates/2024/CVE-2024-4335-3cd75b090f3018ee840ae18474ab15b1.yaml
index 79642d977a..159423f8d3 100644
--- a/nuclei-templates/2024/CVE-2024-4335-3cd75b090f3018ee840ae18474ab15b1.yaml
+++ b/nuclei-templates/2024/CVE-2024-4335-3cd75b090f3018ee840ae18474ab15b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-by-rank-math/"
     google-query: inurl:"/wp-content/plugins/seo-by-rank-math/"
     shodan-query: 'vuln:CVE-2024-4335'
-  tags: cve,wordpress,wp-plugin,seo-by-rank-math,medium
+  tags: cve,wordpress,wp-plugin,seo-by-rank-math,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4339-dea28b24d7e53b89e98cd471b0652d7a.yaml b/nuclei-templates/2024/CVE-2024-4339-dea28b24d7e53b89e98cd471b0652d7a.yaml
index 3b96e549c5..1eb881a862 100644
--- a/nuclei-templates/2024/CVE-2024-4339-dea28b24d7e53b89e98cd471b0652d7a.yaml
+++ b/nuclei-templates/2024/CVE-2024-4339-dea28b24d7e53b89e98cd471b0652d7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/"
     shodan-query: 'vuln:CVE-2024-4339'
-  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4372-0aea1b28544eff7de492a84d0e135b73.yaml b/nuclei-templates/2024/CVE-2024-4372-0aea1b28544eff7de492a84d0e135b73.yaml
index d3322d9086..0273158333 100644
--- a/nuclei-templates/2024/CVE-2024-4372-0aea1b28544eff7de492a84d0e135b73.yaml
+++ b/nuclei-templates/2024/CVE-2024-4372-0aea1b28544eff7de492a84d0e135b73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Carousel Slider <= 2.2.10 - Authenticated (Editor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url view parameter in all versions up to, and including, 2.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/carousel-slider/"
     google-query: inurl:"/wp-content/plugins/carousel-slider/"
     shodan-query: 'vuln:CVE-2024-4372'
-  tags: cve,wordpress,wp-plugin,carousel-slider,medium
+  tags: cve,wordpress,wp-plugin,carousel-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4383-e1512d94164bf44f71f33d2c22c01840.yaml b/nuclei-templates/2024/CVE-2024-4383-e1512d94164bf44f71f33d2c22c01840.yaml
index f4719a6b50..ae6625c7fc 100644
--- a/nuclei-templates/2024/CVE-2024-4383-e1512d94164bf44f71f33d2c22c01840.yaml
+++ b/nuclei-templates/2024/CVE-2024-4383-e1512d94164bf44f71f33d2c22c01840.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership/"
     google-query: inurl:"/wp-content/plugins/simple-membership/"
     shodan-query: 'vuln:CVE-2024-4383'
-  tags: cve,wordpress,wp-plugin,simple-membership,medium
+  tags: cve,wordpress,wp-plugin,simple-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4386-c5cb3504c5d5a8aca1e1480362831116.yaml b/nuclei-templates/2024/CVE-2024-4386-c5cb3504c5d5a8aca1e1480362831116.yaml
index 446f8e7773..7be9ccfe63 100644
--- a/nuclei-templates/2024/CVE-2024-4386-c5cb3504c5d5a8aca1e1480362831116.yaml
+++ b/nuclei-templates/2024/CVE-2024-4386-c5cb3504c5d5a8aca1e1480362831116.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data_atts’ parameter in versions up to, and including, 5.1.3  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meow-gallery/"
     google-query: inurl:"/wp-content/plugins/meow-gallery/"
     shodan-query: 'vuln:CVE-2024-4386'
-  tags: cve,wordpress,wp-plugin,meow-gallery,medium
+  tags: cve,wordpress,wp-plugin,meow-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4397-5b6638dc9ccd4becc08f9931fb9023fa.yaml b/nuclei-templates/2024/CVE-2024-4397-5b6638dc9ccd4becc08f9931fb9023fa.yaml
index f69a6e5ebf..e551abd959 100644
--- a/nuclei-templates/2024/CVE-2024-4397-5b6638dc9ccd4becc08f9931fb9023fa.yaml
+++ b/nuclei-templates/2024/CVE-2024-4397-5b6638dc9ccd4becc08f9931fb9023fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:CVE-2024-4397'
-  tags: cve,wordpress,wp-plugin,learnpress,high
+  tags: cve,wordpress,wp-plugin,learnpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4398-9cd02c8d638c4cb01b2d319013b9422d.yaml b/nuclei-templates/2024/CVE-2024-4398-9cd02c8d638c4cb01b2d319013b9422d.yaml
index aa06b49e96..f8d0ad27be 100644
--- a/nuclei-templates/2024/CVE-2024-4398-9cd02c8d638c4cb01b2d319013b9422d.yaml
+++ b/nuclei-templates/2024/CVE-2024-4398-9cd02c8d638c4cb01b2d319013b9422d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-audio-player/"
     google-query: inurl:"/wp-content/plugins/html5-audio-player/"
     shodan-query: 'vuln:CVE-2024-4398'
-  tags: cve,wordpress,wp-plugin,html5-audio-player,medium
+  tags: cve,wordpress,wp-plugin,html5-audio-player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4411-3155835b4a53204a1664eff58384d4a4.yaml b/nuclei-templates/2024/CVE-2024-4411-3155835b4a53204a1664eff58384d4a4.yaml
index 7caf9ee5f8..1cafe97e0e 100644
--- a/nuclei-templates/2024/CVE-2024-4411-3155835b4a53204a1664eff58384d4a4.yaml
+++ b/nuclei-templates/2024/CVE-2024-4411-3155835b4a53204a1664eff58384d4a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mihdan-yandex-turbo-feed/"
     google-query: inurl:"/wp-content/plugins/mihdan-yandex-turbo-feed/"
     shodan-query: 'vuln:CVE-2024-4411'
-  tags: cve,wordpress,wp-plugin,mihdan-yandex-turbo-feed,medium
+  tags: cve,wordpress,wp-plugin,mihdan-yandex-turbo-feed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4417-8f62194e57a27510760b3cae99e669fe.yaml b/nuclei-templates/2024/CVE-2024-4417-8f62194e57a27510760b3cae99e669fe.yaml
index ae8cf5a90c..ab75d2ffe1 100644
--- a/nuclei-templates/2024/CVE-2024-4417-8f62194e57a27510760b3cae99e669fe.yaml
+++ b/nuclei-templates/2024/CVE-2024-4417-8f62194e57a27510760b3cae99e669fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Falang multilanguage for WordPress <= 1.3.49 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/falang/"
     google-query: inurl:"/wp-content/plugins/falang/"
     shodan-query: 'vuln:CVE-2024-4417'
-  tags: cve,wordpress,wp-plugin,falang,medium
+  tags: cve,wordpress,wp-plugin,falang,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4430-dd8649decc08f39c4790db22c44b5be7.yaml b/nuclei-templates/2024/CVE-2024-4430-dd8649decc08f39c4790db22c44b5be7.yaml
index de035c715d..26f0b1b5de 100644
--- a/nuclei-templates/2024/CVE-2024-4430-dd8649decc08f39c4790db22c44b5be7.yaml
+++ b/nuclei-templates/2024/CVE-2024-4430-dd8649decc08f39c4790db22c44b5be7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:CVE-2024-4430'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4433-8279425e8ad5b9257ee709bdcae15c73.yaml b/nuclei-templates/2024/CVE-2024-4433-8279425e8ad5b9257ee709bdcae15c73.yaml
index 4408eb14ee..f237b300e8 100644
--- a/nuclei-templates/2024/CVE-2024-4433-8279425e8ad5b9257ee709bdcae15c73.yaml
+++ b/nuclei-templates/2024/CVE-2024-4433-8279425e8ad5b9257ee709bdcae15c73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Image Popup <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Image Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-image-popup/"
     google-query: inurl:"/wp-content/plugins/simple-image-popup/"
     shodan-query: 'vuln:CVE-2024-4433'
-  tags: cve,wordpress,wp-plugin,simple-image-popup,medium
+  tags: cve,wordpress,wp-plugin,simple-image-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4441-ed9d6de2b2caf08fa88d82aee7a4dacf.yaml b/nuclei-templates/2024/CVE-2024-4441-ed9d6de2b2caf08fa88d82aee7a4dacf.yaml
index c162b7533e..7dd7e9c4fe 100644
--- a/nuclei-templates/2024/CVE-2024-4441-ed9d6de2b2caf08fa88d82aee7a4dacf.yaml
+++ b/nuclei-templates/2024/CVE-2024-4441-ed9d6de2b2caf08fa88d82aee7a4dacf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xml-sitemap-feed/"
     google-query: inurl:"/wp-content/plugins/xml-sitemap-feed/"
     shodan-query: 'vuln:CVE-2024-4441'
-  tags: cve,wordpress,wp-plugin,xml-sitemap-feed,high
+  tags: cve,wordpress,wp-plugin,xml-sitemap-feed,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4446-32b155c617c0c335f9330107a2737ef9.yaml b/nuclei-templates/2024/CVE-2024-4446-32b155c617c0c335f9330107a2737ef9.yaml
index e2b0f7407d..4a9b28dbab 100644
--- a/nuclei-templates/2024/CVE-2024-4446-32b155c617c0c335f9330107a2737ef9.yaml
+++ b/nuclei-templates/2024/CVE-2024-4446-32b155c617c0c335f9330107a2737ef9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-views-query-and-display-post-page/"
     google-query: inurl:"/wp-content/plugins/content-views-query-and-display-post-page/"
     shodan-query: 'vuln:CVE-2024-4446'
-  tags: cve,wordpress,wp-plugin,content-views-query-and-display-post-page,medium
+  tags: cve,wordpress,wp-plugin,content-views-query-and-display-post-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4448-e9df6b62593e703fd734b693ccc67b68.yaml b/nuclei-templates/2024/CVE-2024-4448-e9df6b62593e703fd734b693ccc67b68.yaml
index 45f94ea48d..eaa6765d16 100644
--- a/nuclei-templates/2024/CVE-2024-4448-e9df6b62593e703fd734b693ccc67b68.yaml
+++ b/nuclei-templates/2024/CVE-2024-4448-e9df6b62593e703fd734b693ccc67b68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-4448'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4449-fd0c27ea93cffb5177b96e76bbc2aa5f.yaml b/nuclei-templates/2024/CVE-2024-4449-fd0c27ea93cffb5177b96e76bbc2aa5f.yaml
index 9437a1eff4..80f657031c 100644
--- a/nuclei-templates/2024/CVE-2024-4449-fd0c27ea93cffb5177b96e76bbc2aa5f.yaml
+++ b/nuclei-templates/2024/CVE-2024-4449-fd0c27ea93cffb5177b96e76bbc2aa5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor  <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:CVE-2024-4449'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4481-145ab093189c598c1d7c84674ba9b14b.yaml b/nuclei-templates/2024/CVE-2024-4481-145ab093189c598c1d7c84674ba9b14b.yaml
index 9b5580afdf..4e9b07b8ae 100644
--- a/nuclei-templates/2024/CVE-2024-4481-145ab093189c598c1d7c84674ba9b14b.yaml
+++ b/nuclei-templates/2024/CVE-2024-4481-145ab093189c598c1d7c84674ba9b14b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kadence-blocks/"
     google-query: inurl:"/wp-content/plugins/kadence-blocks/"
     shodan-query: 'vuln:CVE-2024-4481'
-  tags: cve,wordpress,wp-plugin,kadence-blocks,medium
+  tags: cve,wordpress,wp-plugin,kadence-blocks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4487-56a40035beb7c39c52fc3da1e76c20df.yaml b/nuclei-templates/2024/CVE-2024-4487-56a40035beb7c39c52fc3da1e76c20df.yaml
index 4248ac1614..eea420ad02 100644
--- a/nuclei-templates/2024/CVE-2024-4487-56a40035beb7c39c52fc3da1e76c20df.yaml
+++ b/nuclei-templates/2024/CVE-2024-4487-56a40035beb7c39c52fc3da1e76c20df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blocksy Companion <= 2.0.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blocksy-companion/"
     google-query: inurl:"/wp-content/plugins/blocksy-companion/"
     shodan-query: 'vuln:CVE-2024-4487'
-  tags: cve,wordpress,wp-plugin,blocksy-companion,medium
+  tags: cve,wordpress,wp-plugin,blocksy-companion,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4490-4f3dfe26281afe74af18534af8dcf024.yaml b/nuclei-templates/2024/CVE-2024-4490-4f3dfe26281afe74af18534af8dcf024.yaml
index 516264f7d7..3a5b0c51e8 100644
--- a/nuclei-templates/2024/CVE-2024-4490-4f3dfe26281afe74af18534af8dcf024.yaml
+++ b/nuclei-templates/2024/CVE-2024-4490-4f3dfe26281afe74af18534af8dcf024.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -14,17 +14,17 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2024-4490
   metadata:
-    fofa-query: "wp-content/plugins/divi-builder/"
-    google-query: inurl:"/wp-content/plugins/divi-builder/"
+    fofa-query: "wp-content/themes/extra/"
+    google-query: inurl:"/wp-content/themes/extra/"
     shodan-query: 'vuln:CVE-2024-4490'
-  tags: cve,wordpress,wp-plugin,divi-builder,medium
+  tags: cve,wordpress,wp-theme,extra,low
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/divi-builder/readme.txt"
+      - "{{BaseURL}}/wp-content/themes/extra/style.css"
 
     extractors:
       - type: regex
@@ -33,14 +33,14 @@ http:
         group: 1
         internal: true
         regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
       - type: regex
         name: version
         part: body
         group: 1
         regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
+          - "(?mi)Version: ([0-9.]+)"
 
     matchers-condition: and
     matchers:
@@ -50,7 +50,7 @@ http:
 
       - type: word
         words:
-          - "divi-builder"
+          - "extra"
         part: body
 
       - type: dsl
diff --git a/nuclei-templates/2024/CVE-2024-4542-7485c7376b8dcdbe05490b2d21b9e0de.yaml b/nuclei-templates/2024/CVE-2024-4542-7485c7376b8dcdbe05490b2d21b9e0de.yaml
index 9353be46aa..d7314d6b98 100644
--- a/nuclei-templates/2024/CVE-2024-4542-7485c7376b8dcdbe05490b2d21b9e0de.yaml
+++ b/nuclei-templates/2024/CVE-2024-4542-7485c7376b8dcdbe05490b2d21b9e0de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:CVE-2024-4542'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4567-52e89cc1870832c0bf35fd7b63eefddc.yaml b/nuclei-templates/2024/CVE-2024-4567-52e89cc1870832c0bf35fd7b63eefddc.yaml
index 8fd08d84b6..3b95c55611 100644
--- a/nuclei-templates/2024/CVE-2024-4567-52e89cc1870832c0bf35fd7b63eefddc.yaml
+++ b/nuclei-templates/2024/CVE-2024-4567-52e89cc1870832c0bf35fd7b63eefddc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Themify Shortcodes <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themify-shortcodes/"
     google-query: inurl:"/wp-content/plugins/themify-shortcodes/"
     shodan-query: 'vuln:CVE-2024-4567'
-  tags: cve,wordpress,wp-plugin,themify-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,themify-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4574-a96bb943a1852ea0b2e688a3b3910413.yaml b/nuclei-templates/2024/CVE-2024-4574-a96bb943a1852ea0b2e688a3b3910413.yaml
index 5ed07daa1c..0f4c66b129 100644
--- a/nuclei-templates/2024/CVE-2024-4574-a96bb943a1852ea0b2e688a3b3910413.yaml
+++ b/nuclei-templates/2024/CVE-2024-4574-a96bb943a1852ea0b2e688a3b3910413.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Graphina – Elementor Charts and Graphs <= 1.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/graphina-elementor-charts-and-graphs/"
     google-query: inurl:"/wp-content/plugins/graphina-elementor-charts-and-graphs/"
     shodan-query: 'vuln:CVE-2024-4574'
-  tags: cve,wordpress,wp-plugin,graphina-elementor-charts-and-graphs,medium
+  tags: cve,wordpress,wp-plugin,graphina-elementor-charts-and-graphs,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4605-f5d920633ee9565486368ab785adab3b.yaml b/nuclei-templates/2024/CVE-2024-4605-f5d920633ee9565486368ab785adab3b.yaml
index aad4b6c60e..310a533a7c 100644
--- a/nuclei-templates/2024/CVE-2024-4605-f5d920633ee9565486368ab785adab3b.yaml
+++ b/nuclei-templates/2024/CVE-2024-4605-f5d920633ee9565486368ab785adab3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/breakdance/"
     google-query: inurl:"/wp-content/plugins/breakdance/"
     shodan-query: 'vuln:CVE-2024-4605'
-  tags: cve,wordpress,wp-plugin,breakdance,high
+  tags: cve,wordpress,wp-plugin,breakdance,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/2024/CVE-2024-4630-b7edfb498be50e4270697b56ff65997c.yaml b/nuclei-templates/2024/CVE-2024-4630-b7edfb498be50e4270697b56ff65997c.yaml
index fd5da4370a..43149d257f 100644
--- a/nuclei-templates/2024/CVE-2024-4630-b7edfb498be50e4270697b56ff65997c.yaml
+++ b/nuclei-templates/2024/CVE-2024-4630-b7edfb498be50e4270697b56ff65997c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/astra-sites/"
     google-query: inurl:"/wp-content/plugins/astra-sites/"
     shodan-query: 'vuln:CVE-2024-4630'
-  tags: cve,wordpress,wp-plugin,astra-sites,medium
+  tags: cve,wordpress,wp-plugin,astra-sites,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/001-prime-strategy-translate-accelerator-5be710df65d6bc92f524c90909df2f99.yaml b/nuclei-templates/cve-less/plugins/001-prime-strategy-translate-accelerator-5be710df65d6bc92f524c90909df2f99.yaml
index 7287baff4c..4501632763 100644
--- a/nuclei-templates/cve-less/plugins/001-prime-strategy-translate-accelerator-5be710df65d6bc92f524c90909df2f99.yaml
+++ b/nuclei-templates/cve-less/plugins/001-prime-strategy-translate-accelerator-5be710df65d6bc92f524c90909df2f99.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     001 Prime Strategy Translate Accelerator <= 1.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 001 Prime Strategy Translate Accelerator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the  update_psta_settings() function called via a plugins_loaded action in versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to delete the plugin's cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/001-prime-strategy-translate-accelerator/"
     google-query: inurl:"/wp-content/plugins/001-prime-strategy-translate-accelerator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,001-prime-strategy-translate-accelerator,medium
+  tags: cve,wordpress,wp-plugin,001-prime-strategy-translate-accelerator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/1-flash-gallery-e9ae08724abba099d4b3758d3e5c0730.yaml b/nuclei-templates/cve-less/plugins/1-flash-gallery-e9ae08724abba099d4b3758d3e5c0730.yaml
index 3fbf5bc9fd..a705375d40 100644
--- a/nuclei-templates/cve-less/plugins/1-flash-gallery-e9ae08724abba099d4b3758d3e5c0730.yaml
+++ b/nuclei-templates/cve-less/plugins/1-flash-gallery-e9ae08724abba099d4b3758d3e5c0730.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     1 Flash Gallery <= 1.9.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 1 Flash Gallery plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/1-flash-gallery/"
     google-query: inurl:"/wp-content/plugins/1-flash-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,1-flash-gallery,medium
+  tags: cve,wordpress,wp-plugin,1-flash-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/1g-music-share-862c51605ec18beb1576064976f304a2.yaml b/nuclei-templates/cve-less/plugins/1g-music-share-862c51605ec18beb1576064976f304a2.yaml
index 86655388d4..a21a08314e 100644
--- a/nuclei-templates/cve-less/plugins/1g-music-share-862c51605ec18beb1576064976f304a2.yaml
+++ b/nuclei-templates/cve-less/plugins/1g-music-share-862c51605ec18beb1576064976f304a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     1g-music-share <= 1.5.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 1g-music-share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/1g-music-share/"
     google-query: inurl:"/wp-content/plugins/1g-music-share/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,1g-music-share,medium
+  tags: cve,wordpress,wp-plugin,1g-music-share,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/1player-98fa09468510e4f3d608da204df8d702.yaml b/nuclei-templates/cve-less/plugins/1player-98fa09468510e4f3d608da204df8d702.yaml
index bb8175a72b..cbd1605c9b 100644
--- a/nuclei-templates/cve-less/plugins/1player-98fa09468510e4f3d608da204df8d702.yaml
+++ b/nuclei-templates/cve-less/plugins/1player-98fa09468510e4f3d608da204df8d702.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VideoJS (Various Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The S3 Video, EasySqueezePage, External "Video for Everybody", Videopack, and 1player plugins for WordPress are vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of VideoJS in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/1player/"
     google-query: inurl:"/wp-content/plugins/1player/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,1player,medium
+  tags: cve,wordpress,wp-plugin,1player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/3d-viewer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/3d-viewer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1ffb5b407e..8fd6450ef0 100644
--- a/nuclei-templates/cve-less/plugins/3d-viewer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/3d-viewer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3d-viewer/"
     google-query: inurl:"/wp-content/plugins/3d-viewer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,3d-viewer,medium
+  tags: cve,wordpress,wp-plugin,3d-viewer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/3dady-real-time-web-stats-ea643024832757f9f2006e750b2fb2aa.yaml b/nuclei-templates/cve-less/plugins/3dady-real-time-web-stats-ea643024832757f9f2006e750b2fb2aa.yaml
index fe2b9a3165..afd3eb8480 100644
--- a/nuclei-templates/cve-less/plugins/3dady-real-time-web-stats-ea643024832757f9f2006e750b2fb2aa.yaml
+++ b/nuclei-templates/cve-less/plugins/3dady-real-time-web-stats-ea643024832757f9f2006e750b2fb2aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3dady real-time web stats <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 3dady real-time web stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dady_input_text’ parameter and others in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/3dady-real-time-web-stats/"
     google-query: inurl:"/wp-content/plugins/3dady-real-time-web-stats/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,3dady-real-time-web-stats,medium
+  tags: cve,wordpress,wp-plugin,3dady-real-time-web-stats,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/404-solution-dc23dda4be9febbbe1e1b634c133ec2a.yaml b/nuclei-templates/cve-less/plugins/404-solution-dc23dda4be9febbbe1e1b634c133ec2a.yaml
index addbb51413..ea1121e10f 100644
--- a/nuclei-templates/cve-less/plugins/404-solution-dc23dda4be9febbbe1e1b634c133ec2a.yaml
+++ b/nuclei-templates/cve-less/plugins/404-solution-dc23dda4be9febbbe1e1b634c133ec2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     404 Solution <= 2.33.2 - Authenticated (Administrator+) SQL Injection via orderby
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The 404 Solution plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.33.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/404-solution/"
     google-query: inurl:"/wp-content/plugins/404-solution/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,404-solution,high
+  tags: cve,wordpress,wp-plugin,404-solution,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/a3-lazy-load-2961759aa56e979f7c4730d8320eec28.yaml b/nuclei-templates/cve-less/plugins/a3-lazy-load-2961759aa56e979f7c4730d8320eec28.yaml
index af4922718c..739e87aeb5 100644
--- a/nuclei-templates/cve-less/plugins/a3-lazy-load-2961759aa56e979f7c4730d8320eec28.yaml
+++ b/nuclei-templates/cve-less/plugins/a3-lazy-load-2961759aa56e979f7c4730d8320eec28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The following plugins for WordPress are vulnerable to Cross-Site Request Forgery:
                                     
@@ -21,7 +21,7 @@ info:
     fofa-query: "wp-content/plugins/a3-lazy-load/"
     google-query: inurl:"/wp-content/plugins/a3-lazy-load/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,a3-lazy-load,high
+  tags: cve,wordpress,wp-plugin,a3-lazy-load,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/a3-lazy-load-b935aac9392ea74d48c16c20e8b0b995.yaml b/nuclei-templates/cve-less/plugins/a3-lazy-load-b935aac9392ea74d48c16c20e8b0b995.yaml
index 8b2b1622ff..ceaf059c52 100644
--- a/nuclei-templates/cve-less/plugins/a3-lazy-load-b935aac9392ea74d48c16c20e8b0b995.yaml
+++ b/nuclei-templates/cve-less/plugins/a3-lazy-load-b935aac9392ea74d48c16c20e8b0b995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The a3 Lazy Load, a3 Portfolio, Contact Us Page – Contact People, Dynamic Product Gallery for WooCommerce, a3 Responsive Slider, and Compare Products for WooCommerce plugins for WordPress are vulnerable to Cross-Site Request Forgery respectively in versions up to, and including, 2.5.0, 3.0.0, 3.6.0, 2.9.0, 2.0.12, 2.8.0. This is due to missing nonce validation on the save_settings function present in all three plugins. This makes it possible for unauthenticated attackers to to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.  
                         
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/a3-lazy-load/"
     google-query: inurl:"/wp-content/plugins/a3-lazy-load/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,a3-lazy-load,high
+  tags: cve,wordpress,wp-plugin,a3-lazy-load,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/a3-portfolio-2961759aa56e979f7c4730d8320eec28.yaml b/nuclei-templates/cve-less/plugins/a3-portfolio-2961759aa56e979f7c4730d8320eec28.yaml
index 8b88dac6f5..3c27b74cb4 100644
--- a/nuclei-templates/cve-less/plugins/a3-portfolio-2961759aa56e979f7c4730d8320eec28.yaml
+++ b/nuclei-templates/cve-less/plugins/a3-portfolio-2961759aa56e979f7c4730d8320eec28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The following plugins for WordPress are vulnerable to Cross-Site Request Forgery:
     
@@ -21,7 +21,7 @@ info:
     fofa-query: "wp-content/plugins/a3-portfolio/"
     google-query: inurl:"/wp-content/plugins/a3-portfolio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,a3-portfolio,high
+  tags: cve,wordpress,wp-plugin,a3-portfolio,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/a3-portfolio-b935aac9392ea74d48c16c20e8b0b995.yaml b/nuclei-templates/cve-less/plugins/a3-portfolio-b935aac9392ea74d48c16c20e8b0b995.yaml
index 94a2154803..9828413494 100644
--- a/nuclei-templates/cve-less/plugins/a3-portfolio-b935aac9392ea74d48c16c20e8b0b995.yaml
+++ b/nuclei-templates/cve-less/plugins/a3-portfolio-b935aac9392ea74d48c16c20e8b0b995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The a3 Lazy Load, a3 Portfolio, Contact Us Page – Contact People, Dynamic Product Gallery for WooCommerce, a3 Responsive Slider, and Compare Products for WooCommerce plugins for WordPress are vulnerable to Cross-Site Request Forgery respectively in versions up to, and including, 2.5.0, 3.0.0, 3.6.0, 2.9.0, 2.0.12, 2.8.0. This is due to missing nonce validation on the save_settings function present in all three plugins. This makes it possible for unauthenticated attackers to to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.  
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/a3-portfolio/"
     google-query: inurl:"/wp-content/plugins/a3-portfolio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,a3-portfolio,high
+  tags: cve,wordpress,wp-plugin,a3-portfolio,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/a3-responsive-slider-2961759aa56e979f7c4730d8320eec28.yaml b/nuclei-templates/cve-less/plugins/a3-responsive-slider-2961759aa56e979f7c4730d8320eec28.yaml
index f9b87d4ff5..93ba1eb2ce 100644
--- a/nuclei-templates/cve-less/plugins/a3-responsive-slider-2961759aa56e979f7c4730d8320eec28.yaml
+++ b/nuclei-templates/cve-less/plugins/a3-responsive-slider-2961759aa56e979f7c4730d8320eec28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The following plugins for WordPress are vulnerable to Cross-Site Request Forgery:
                     
@@ -21,7 +21,7 @@ info:
     fofa-query: "wp-content/plugins/a3-responsive-slider/"
     google-query: inurl:"/wp-content/plugins/a3-responsive-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,a3-responsive-slider,high
+  tags: cve,wordpress,wp-plugin,a3-responsive-slider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/a3-responsive-slider-ae8b89aaa7a588f83d4c4781cadfd7d8.yaml b/nuclei-templates/cve-less/plugins/a3-responsive-slider-ae8b89aaa7a588f83d4c4781cadfd7d8.yaml
index 69375c1917..b4c1fd2bf3 100644
--- a/nuclei-templates/cve-less/plugins/a3-responsive-slider-ae8b89aaa7a588f83d4c4781cadfd7d8.yaml
+++ b/nuclei-templates/cve-less/plugins/a3-responsive-slider-ae8b89aaa7a588f83d4c4781cadfd7d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Responsive Slider <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The a3 Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on the slider_form_action function. This makes it possible for unauthenticated attackers to inject malicious JavaScript, that will execute whenever a user accesses an injected page, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/a3-responsive-slider/"
     google-query: inurl:"/wp-content/plugins/a3-responsive-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,a3-responsive-slider,critical
+  tags: cve,wordpress,wp-plugin,a3-responsive-slider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/a3-responsive-slider-b935aac9392ea74d48c16c20e8b0b995.yaml b/nuclei-templates/cve-less/plugins/a3-responsive-slider-b935aac9392ea74d48c16c20e8b0b995.yaml
index 51a4b56a13..09415f0ac8 100644
--- a/nuclei-templates/cve-less/plugins/a3-responsive-slider-b935aac9392ea74d48c16c20e8b0b995.yaml
+++ b/nuclei-templates/cve-less/plugins/a3-responsive-slider-b935aac9392ea74d48c16c20e8b0b995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The a3 Lazy Load, a3 Portfolio, Contact Us Page – Contact People, Dynamic Product Gallery for WooCommerce, a3 Responsive Slider, and Compare Products for WooCommerce plugins for WordPress are vulnerable to Cross-Site Request Forgery respectively in versions up to, and including, 2.5.0, 3.0.0, 3.6.0, 2.9.0, 2.0.12, 2.8.0. This is due to missing nonce validation on the save_settings function present in all three plugins. This makes it possible for unauthenticated attackers to to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.  
                 
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/a3-responsive-slider/"
     google-query: inurl:"/wp-content/plugins/a3-responsive-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,a3-responsive-slider,high
+  tags: cve,wordpress,wp-plugin,a3-responsive-slider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/abeta-punchout-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/abeta-punchout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d3fc57cf69..7ffbd7657e 100644
--- a/nuclei-templates/cve-less/plugins/abeta-punchout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/abeta-punchout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/abeta-punchout/"
     google-query: inurl:"/wp-content/plugins/abeta-punchout/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,abeta-punchout,medium
+  tags: cve,wordpress,wp-plugin,abeta-punchout,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/about-author-c3b408a5f882549523fb91707173e697.yaml b/nuclei-templates/cve-less/plugins/about-author-c3b408a5f882549523fb91707173e697.yaml
index d33a703d05..7a15673b4c 100644
--- a/nuclei-templates/cve-less/plugins/about-author-c3b408a5f882549523fb91707173e697.yaml
+++ b/nuclei-templates/cve-less/plugins/about-author-c3b408a5f882549523fb91707173e697.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     About Author <= 1.3.9 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The About Author plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/about-author/"
     google-query: inurl:"/wp-content/plugins/about-author/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,about-author,medium
+  tags: cve,wordpress,wp-plugin,about-author,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-498e3e358d7cb9235d23b7fd787ad310.yaml b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-498e3e358d7cb9235d23b7fd787ad310.yaml
index 5f6ad7f0e3..ba467021ad 100644
--- a/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-498e3e358d7cb9235d23b7fd787ad310.yaml
+++ b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-498e3e358d7cb9235d23b7fd787ad310.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AMP for WP <= 0.9.97.19 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     TheAMP for WP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ampforwp_save_steps_data AJAX hook in versions up to, and including, 0.9.97.19. This makes it possible for authenticated attackers to make otherwise privilege locked administrative changes to the vulnerable website and create admin accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accelerated-mobile-pages/"
     google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,medium
+  tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/access-demo-importer-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/plugins/access-demo-importer-b05621ef791a4dad965a137ebf6fa48c.yaml
index 6be1aafc4c..5579797ab7 100644
--- a/nuclei-templates/cve-less/plugins/access-demo-importer-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/plugins/access-demo-importer-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/access-demo-importer/"
     google-query: inurl:"/wp-content/plugins/access-demo-importer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,access-demo-importer,high
+  tags: cve,wordpress,wp-plugin,access-demo-importer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/accessibe-d4ff7ccda72ef3d478471c54ece0f540.yaml b/nuclei-templates/cve-less/plugins/accessibe-d4ff7ccda72ef3d478471c54ece0f540.yaml
index 264aa6ddc4..0fe5985d07 100644
--- a/nuclei-templates/cve-less/plugins/accessibe-d4ff7ccda72ef3d478471c54ece0f540.yaml
+++ b/nuclei-templates/cve-less/plugins/accessibe-d4ff7ccda72ef3d478471c54ece0f540.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Web Accessibility By accessiBe <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accessibe/"
     google-query: inurl:"/wp-content/plugins/accessibe/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,accessibe,medium
+  tags: cve,wordpress,wp-plugin,accessibe,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/accessibility-c41141bd67c49cd259895cd7c78b521d.yaml b/nuclei-templates/cve-less/plugins/accessibility-c41141bd67c49cd259895cd7c78b521d.yaml
index 1aca74fd49..244e7313fa 100644
--- a/nuclei-templates/cve-less/plugins/accessibility-c41141bd67c49cd259895cd7c78b521d.yaml
+++ b/nuclei-templates/cve-less/plugins/accessibility-c41141bd67c49cd259895cd7c78b521d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accessibility <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accessibility plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attachments_alt' and 'attachments_title' parameters in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accessibility/"
     google-query: inurl:"/wp-content/plugins/accessibility/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,accessibility,medium
+  tags: cve,wordpress,wp-plugin,accessibility,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/accessibility-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/accessibility-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 986dda0240..89f1c02f58 100644
--- a/nuclei-templates/cve-less/plugins/accessibility-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/accessibility-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accessibility-checker/"
     google-query: inurl:"/wp-content/plugins/accessibility-checker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,accessibility-checker,medium
+  tags: cve,wordpress,wp-plugin,accessibility-checker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/accesspress-social-icons-c6ab36823a7ccb132d76b57507e4ea5c.yaml b/nuclei-templates/cve-less/plugins/accesspress-social-icons-c6ab36823a7ccb132d76b57507e4ea5c.yaml
index f9b16ca2f0..60b3103ee3 100644
--- a/nuclei-templates/cve-less/plugins/accesspress-social-icons-c6ab36823a7ccb132d76b57507e4ea5c.yaml
+++ b/nuclei-templates/cve-less/plugins/accesspress-social-icons-c6ab36823a7ccb132d76b57507e4ea5c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Social Icons <= 1.6.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AccessPress Social Icons plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accesspress-social-icons/"
     google-query: inurl:"/wp-content/plugins/accesspress-social-icons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,accesspress-social-icons,medium
+  tags: cve,wordpress,wp-plugin,accesspress-social-icons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/accordions-eb03f1b5d95ef0a7d7a29907029d610c.yaml b/nuclei-templates/cve-less/plugins/accordions-eb03f1b5d95ef0a7d7a29907029d610c.yaml
index e6fc909c21..8ceb7190f5 100644
--- a/nuclei-templates/cve-less/plugins/accordions-eb03f1b5d95ef0a7d7a29907029d610c.yaml
+++ b/nuclei-templates/cve-less/plugins/accordions-eb03f1b5d95ef0a7d7a29907029d610c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accordion <= 2.2.43 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameter keys through accordion imports in versions up to, and including, 2.2.40 due to insufficient input sanitization and output escaping. This makes it possible for attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/accordions/"
     google-query: inurl:"/wp-content/plugins/accordions/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,accordions,medium
+  tags: cve,wordpress,wp-plugin,accordions,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/acf-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/acf-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 518c22c2de..1d5622ec9d 100644
--- a/nuclei-templates/cve-less/plugins/acf-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/acf-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acf-blocks/"
     google-query: inurl:"/wp-content/plugins/acf-blocks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,acf-blocks,medium
+  tags: cve,wordpress,wp-plugin,acf-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/acf-for-woocommerce-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/acf-for-woocommerce-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cedf993082..9986f70a03 100644
--- a/nuclei-templates/cve-less/plugins/acf-for-woocommerce-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/acf-for-woocommerce-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acf-for-woocommerce-product/"
     google-query: inurl:"/wp-content/plugins/acf-for-woocommerce-product/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,acf-for-woocommerce-product,medium
+  tags: cve,wordpress,wp-plugin,acf-for-woocommerce-product,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/acf-frontend-form-element-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/acf-frontend-form-element-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 502ada58d8..b7da2e3b10 100644
--- a/nuclei-templates/cve-less/plugins/acf-frontend-form-element-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/acf-frontend-form-element-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acf-frontend-form-element/"
     google-query: inurl:"/wp-content/plugins/acf-frontend-form-element/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,acf-frontend-form-element,medium
+  tags: cve,wordpress,wp-plugin,acf-frontend-form-element,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/acf-options-importexport-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/acf-options-importexport-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4e7e05ee3b..c98bef9b37 100644
--- a/nuclei-templates/cve-less/plugins/acf-options-importexport-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/acf-options-importexport-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acf-options-importexport/"
     google-query: inurl:"/wp-content/plugins/acf-options-importexport/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,acf-options-importexport,medium
+  tags: cve,wordpress,wp-plugin,acf-options-importexport,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/acf-quickedit-fields-c99833151ca554dccf2540548a5b3a40.yaml b/nuclei-templates/cve-less/plugins/acf-quickedit-fields-c99833151ca554dccf2540548a5b3a40.yaml
index 947ed88103..4527bfe874 100644
--- a/nuclei-templates/cve-less/plugins/acf-quickedit-fields-c99833151ca554dccf2540548a5b3a40.yaml
+++ b/nuclei-templates/cve-less/plugins/acf-quickedit-fields-c99833151ca554dccf2540548a5b3a40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acf-quickedit-fields/"
     google-query: inurl:"/wp-content/plugins/acf-quickedit-fields/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,acf-quickedit-fields,medium
+  tags: cve,wordpress,wp-plugin,acf-quickedit-fields,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ach-for-stripe-plaid-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ach-for-stripe-plaid-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a87bdf4a37..da334df795 100644
--- a/nuclei-templates/cve-less/plugins/ach-for-stripe-plaid-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ach-for-stripe-plaid-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ach-for-stripe-plaid/"
     google-query: inurl:"/wp-content/plugins/ach-for-stripe-plaid/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ach-for-stripe-plaid,medium
+  tags: cve,wordpress,wp-plugin,ach-for-stripe-plaid,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/active-directory-integration-a7284d3f83c86c028a5b0cebbf2cf2ad.yaml b/nuclei-templates/cve-less/plugins/active-directory-integration-a7284d3f83c86c028a5b0cebbf2cf2ad.yaml
index 2ac5654d7a..0466438409 100644
--- a/nuclei-templates/cve-less/plugins/active-directory-integration-a7284d3f83c86c028a5b0cebbf2cf2ad.yaml
+++ b/nuclei-templates/cve-less/plugins/active-directory-integration-a7284d3f83c86c028a5b0cebbf2cf2ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Active Directory Integration <= 1.1.8 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Active Directory Integration plugin for WordPress is vulnerable to SQL Injection via the ‘userid’ parameter in versions up to, and including, 1.1.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/active-directory-integration/"
     google-query: inurl:"/wp-content/plugins/active-directory-integration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,active-directory-integration,high
+  tags: cve,wordpress,wp-plugin,active-directory-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/activity-log-mainwp-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/activity-log-mainwp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b44092cb51..4818c0b594 100644
--- a/nuclei-templates/cve-less/plugins/activity-log-mainwp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/activity-log-mainwp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activity-log-mainwp/"
     google-query: inurl:"/wp-content/plugins/activity-log-mainwp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,activity-log-mainwp,medium
+  tags: cve,wordpress,wp-plugin,activity-log-mainwp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/activitytime-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/activitytime-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3037818fb4..1ae0819c0d 100644
--- a/nuclei-templates/cve-less/plugins/activitytime-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/activitytime-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/activitytime/"
     google-query: inurl:"/wp-content/plugins/activitytime/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,activitytime,medium
+  tags: cve,wordpress,wp-plugin,activitytime,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/acurax-social-media-widget-1ccff55ca83ceb7924ebbc45fc9187e7.yaml b/nuclei-templates/cve-less/plugins/acurax-social-media-widget-1ccff55ca83ceb7924ebbc45fc9187e7.yaml
index 8e64cc5d49..b067f02513 100644
--- a/nuclei-templates/cve-less/plugins/acurax-social-media-widget-1ccff55ca83ceb7924ebbc45fc9187e7.yaml
+++ b/nuclei-templates/cve-less/plugins/acurax-social-media-widget-1ccff55ca83ceb7924ebbc45fc9187e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Widget <= 2.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Media Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acx_widget_si_theme', 'acx_widget_si_twitter', 'acx_widget_si_facebook', 'acx_widget_si_youtube', 'acx_widget_si_linkedin', 'acx_widget_si_gplus', 'acx_widget_si_credit', 'acx_widget_si_icon_size', 'acx_widget_si_pinterest', and 'acx_widget_si_feed' parameters in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/acurax-social-media-widget/"
     google-query: inurl:"/wp-content/plugins/acurax-social-media-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,acurax-social-media-widget,medium
+  tags: cve,wordpress,wp-plugin,acurax-social-media-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ad-inserter-2021111b9f6ef5ab3859ee3ee5bee180.yaml b/nuclei-templates/cve-less/plugins/ad-inserter-2021111b9f6ef5ab3859ee3ee5bee180.yaml
index df10c0c3a9..58dc946fb1 100644
--- a/nuclei-templates/cve-less/plugins/ad-inserter-2021111b9f6ef5ab3859ee3ee5bee180.yaml
+++ b/nuclei-templates/cve-less/plugins/ad-inserter-2021111b9f6ef5ab3859ee3ee5bee180.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ad Inserter < 2.7.11 - Authenticated (Admin+) Remote Code Execution
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ad Inserter plugin for WordPress is vulnerable to Remote Code Execution in versions before 2.7.11 via the settings.php file. This allows authenticated attackers with admin-level privileges to execute code on the server as well as perform stored cross-site scripting attacks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ad-inserter/"
     google-query: inurl:"/wp-content/plugins/ad-inserter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ad-inserter,high
+  tags: cve,wordpress,wp-plugin,ad-inserter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/adapta-rgpd-a8caff9400eec85f908551f99981c4c5.yaml b/nuclei-templates/cve-less/plugins/adapta-rgpd-a8caff9400eec85f908551f99981c4c5.yaml
index 1c8aa8f467..1d96de855c 100644
--- a/nuclei-templates/cve-less/plugins/adapta-rgpd-a8caff9400eec85f908551f99981c4c5.yaml
+++ b/nuclei-templates/cve-less/plugins/adapta-rgpd-a8caff9400eec85f908551f99981c4c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Adapta RGPD <= 1.3.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Adapta RGPD plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the accept_cookie_consent function. This makes it possible for unauthenticated attackers to grant user consent to all site cookies via a forged request granted they can trick a site user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adapta-rgpd/"
     google-query: inurl:"/wp-content/plugins/adapta-rgpd/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,adapta-rgpd,high
+  tags: cve,wordpress,wp-plugin,adapta-rgpd,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/add-any-extension-to-pages-f95a4bd79444a6bb4c86f62647865224.yaml b/nuclei-templates/cve-less/plugins/add-any-extension-to-pages-f95a4bd79444a6bb4c86f62647865224.yaml
index 1c06fae472..bf4fd52c79 100644
--- a/nuclei-templates/cve-less/plugins/add-any-extension-to-pages-f95a4bd79444a6bb4c86f62647865224.yaml
+++ b/nuclei-templates/cve-less/plugins/add-any-extension-to-pages-f95a4bd79444a6bb4c86f62647865224.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Any Extension to Pages <= 1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Add Any Extension to Pages plugin for WordPress is vulnerable to Cross-Site Scripting via the 'REQUEST_URI' value in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-any-extension-to-pages/"
     google-query: inurl:"/wp-content/plugins/add-any-extension-to-pages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,add-any-extension-to-pages,medium
+  tags: cve,wordpress,wp-plugin,add-any-extension-to-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/add-expires-headers-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/add-expires-headers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9bc10adfff..6dbfb096d6 100644
--- a/nuclei-templates/cve-less/plugins/add-expires-headers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/add-expires-headers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-expires-headers/"
     google-query: inurl:"/wp-content/plugins/add-expires-headers/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,add-expires-headers,medium
+  tags: cve,wordpress,wp-plugin,add-expires-headers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 25c6157e7a..4d62714b3d 100644
--- a/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-fields-to-checkout-page-woocommerce/"
     google-query: inurl:"/wp-content/plugins/add-fields-to-checkout-page-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,add-fields-to-checkout-page-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,add-fields-to-checkout-page-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/add-link-to-facebook-8ffb6f085ca0e1f89a621d273438f0fc.yaml b/nuclei-templates/cve-less/plugins/add-link-to-facebook-8ffb6f085ca0e1f89a621d273438f0fc.yaml
index 21b54228b2..9a066aea3e 100644
--- a/nuclei-templates/cve-less/plugins/add-link-to-facebook-8ffb6f085ca0e1f89a621d273438f0fc.yaml
+++ b/nuclei-templates/cve-less/plugins/add-link-to-facebook-8ffb6f085ca0e1f89a621d273438f0fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add Link to Facebook <= 1.215 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add Link to Facebook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c_al2fb_meta_client_id’ parameter in versions up to, and including, 1.215 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-link-to-facebook/"
     google-query: inurl:"/wp-content/plugins/add-link-to-facebook/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,add-link-to-facebook,medium
+  tags: cve,wordpress,wp-plugin,add-link-to-facebook,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/add-pinterest-conversion-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/add-pinterest-conversion-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1646348f47..51be24a58d 100644
--- a/nuclei-templates/cve-less/plugins/add-pinterest-conversion-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/add-pinterest-conversion-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-pinterest-conversion-tags/"
     google-query: inurl:"/wp-content/plugins/add-pinterest-conversion-tags/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,add-pinterest-conversion-tags,medium
+  tags: cve,wordpress,wp-plugin,add-pinterest-conversion-tags,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/add-search-to-menu-57689f801f3390e9106eb400e17d855b.yaml b/nuclei-templates/cve-less/plugins/add-search-to-menu-57689f801f3390e9106eb400e17d855b.yaml
index 030c7a585d..06ea77819e 100644
--- a/nuclei-templates/cve-less/plugins/add-search-to-menu-57689f801f3390e9106eb400e17d855b.yaml
+++ b/nuclei-templates/cve-less/plugins/add-search-to-menu-57689f801f3390e9106eb400e17d855b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ivory Search <= 4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ivory Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated Contributor+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-search-to-menu/"
     google-query: inurl:"/wp-content/plugins/add-search-to-menu/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,add-search-to-menu,medium
+  tags: cve,wordpress,wp-plugin,add-search-to-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/add-search-to-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/add-search-to-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 37cf8d96c5..1c26eb7ebc 100644
--- a/nuclei-templates/cve-less/plugins/add-search-to-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/add-search-to-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-search-to-menu/"
     google-query: inurl:"/wp-content/plugins/add-search-to-menu/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,add-search-to-menu,medium
+  tags: cve,wordpress,wp-plugin,add-search-to-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/add-tiktok-advertising-pixel-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/add-tiktok-advertising-pixel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 47d2203601..db273c9493 100644
--- a/nuclei-templates/cve-less/plugins/add-tiktok-advertising-pixel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/add-tiktok-advertising-pixel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-tiktok-advertising-pixel/"
     google-query: inurl:"/wp-content/plugins/add-tiktok-advertising-pixel/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,add-tiktok-advertising-pixel,medium
+  tags: cve,wordpress,wp-plugin,add-tiktok-advertising-pixel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/add-to-home-screen-wp-0eddba28d26b374b7f8490ca46c51c29.yaml b/nuclei-templates/cve-less/plugins/add-to-home-screen-wp-0eddba28d26b374b7f8490ca46c51c29.yaml
index 41a5cbdcf4..45dd30473a 100644
--- a/nuclei-templates/cve-less/plugins/add-to-home-screen-wp-0eddba28d26b374b7f8490ca46c51c29.yaml
+++ b/nuclei-templates/cve-less/plugins/add-to-home-screen-wp-0eddba28d26b374b7f8490ca46c51c29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Add to home screen WP Plugin <= 2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Add to home screen WP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters including the ‘message’ parameter in versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-to-home-screen-wp/"
     google-query: inurl:"/wp-content/plugins/add-to-home-screen-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,add-to-home-screen-wp,medium
+  tags: cve,wordpress,wp-plugin,add-to-home-screen-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/add-twitter-pixel-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/add-twitter-pixel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0c9ffe0abb..c52af65a38 100644
--- a/nuclei-templates/cve-less/plugins/add-twitter-pixel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/add-twitter-pixel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/add-twitter-pixel/"
     google-query: inurl:"/wp-content/plugins/add-twitter-pixel/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,add-twitter-pixel,medium
+  tags: cve,wordpress,wp-plugin,add-twitter-pixel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3e36ef2ccf..bc50718b3b 100644
--- a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/"
     google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium
+  tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/addons-for-beaver-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/addons-for-beaver-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cc3460184d..6c4a0985b9 100644
--- a/nuclei-templates/cve-less/plugins/addons-for-beaver-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/addons-for-beaver-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-beaver-builder/"
     google-query: inurl:"/wp-content/plugins/addons-for-beaver-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,addons-for-beaver-builder,medium
+  tags: cve,wordpress,wp-plugin,addons-for-beaver-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/addons-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/addons-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f51e619729..f95d90e2be 100644
--- a/nuclei-templates/cve-less/plugins/addons-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/addons-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-divi/"
     google-query: inurl:"/wp-content/plugins/addons-for-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,addons-for-divi,medium
+  tags: cve,wordpress,wp-plugin,addons-for-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e9a8372a28..9632d4ef2b 100644
--- a/nuclei-templates/cve-less/plugins/addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/addons-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/addons-for-visual-composer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/addons-for-visual-composer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6decd27083..ba0fa23559 100644
--- a/nuclei-templates/cve-less/plugins/addons-for-visual-composer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/addons-for-visual-composer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addons-for-visual-composer/"
     google-query: inurl:"/wp-content/plugins/addons-for-visual-composer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,addons-for-visual-composer,medium
+  tags: cve,wordpress,wp-plugin,addons-for-visual-composer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/address-autocomplete-using-google-place-api-60d12634c1b8de8d81af0efb8a90411b.yaml b/nuclei-templates/cve-less/plugins/address-autocomplete-using-google-place-api-60d12634c1b8de8d81af0efb8a90411b.yaml
index 48b41b621f..f16a6aae86 100644
--- a/nuclei-templates/cve-less/plugins/address-autocomplete-using-google-place-api-60d12634c1b8de8d81af0efb8a90411b.yaml
+++ b/nuclei-templates/cve-less/plugins/address-autocomplete-using-google-place-api-60d12634c1b8de8d81af0efb8a90411b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Address Autocomplete Using Google Place Api <= 1.0.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Address Autocomplete plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the gaaf_google_autocomplete_settings_tab function. This makes it possible for unauthenticated attackers to change plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/address-autocomplete-using-google-place-api/"
     google-query: inurl:"/wp-content/plugins/address-autocomplete-using-google-place-api/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,address-autocomplete-using-google-place-api,high
+  tags: cve,wordpress,wp-plugin,address-autocomplete-using-google-place-api,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/addthis-4df8f94a1b3a10a0e93c979447a9e37d.yaml b/nuclei-templates/cve-less/plugins/addthis-4df8f94a1b3a10a0e93c979447a9e37d.yaml
index 9f47c612f1..db665abab2 100644
--- a/nuclei-templates/cve-less/plugins/addthis-4df8f94a1b3a10a0e93c979447a9e37d.yaml
+++ b/nuclei-templates/cve-less/plugins/addthis-4df8f94a1b3a10a0e93c979447a9e37d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AddThis <= 5.0.12 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AddThis plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addthis/"
     google-query: inurl:"/wp-content/plugins/addthis/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,addthis,medium
+  tags: cve,wordpress,wp-plugin,addthis,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/addthis-63618d1b2772f81d989c25189b57727a.yaml b/nuclei-templates/cve-less/plugins/addthis-63618d1b2772f81d989c25189b57727a.yaml
index 5e55c3f881..029bf8281d 100644
--- a/nuclei-templates/cve-less/plugins/addthis-63618d1b2772f81d989c25189b57727a.yaml
+++ b/nuclei-templates/cve-less/plugins/addthis-63618d1b2772f81d989c25189b57727a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AddThis <= 5.0.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The AddThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘at_async_loading’ AJAX action in versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for Subscriber-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/addthis/"
     google-query: inurl:"/wp-content/plugins/addthis/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,addthis,medium
+  tags: cve,wordpress,wp-plugin,addthis,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/adfoxly-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/adfoxly-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cb6a99828e..b21b7f2c96 100644
--- a/nuclei-templates/cve-less/plugins/adfoxly-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/adfoxly-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adfoxly/"
     google-query: inurl:"/wp-content/plugins/adfoxly/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,adfoxly,medium
+  tags: cve,wordpress,wp-plugin,adfoxly,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/adif-log-search-widget-b022913a2c1b91275126aaf3b57a5b27.yaml b/nuclei-templates/cve-less/plugins/adif-log-search-widget-b022913a2c1b91275126aaf3b57a5b27.yaml
index 6704f0009e..59982b7b6e 100644
--- a/nuclei-templates/cve-less/plugins/adif-log-search-widget-b022913a2c1b91275126aaf3b57a5b27.yaml
+++ b/nuclei-templates/cve-less/plugins/adif-log-search-widget-b022913a2c1b91275126aaf3b57a5b27.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ADIF Log Search Widget <= 1.0f - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ADIF Log Search Widget plugin for WordPress is vulnerable to Cross-Site Scripting via the 'call' parameter in versions up to, and including, 1.0f due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adif-log-search-widget/"
     google-query: inurl:"/wp-content/plugins/adif-log-search-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,adif-log-search-widget,medium
+  tags: cve,wordpress,wp-plugin,adif-log-search-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/admin-custom-login-8e89a9166eb8a31b3f0788c884713593.yaml b/nuclei-templates/cve-less/plugins/admin-custom-login-8e89a9166eb8a31b3f0788c884713593.yaml
index adf587c875..ce3b4dbfd4 100644
--- a/nuclei-templates/cve-less/plugins/admin-custom-login-8e89a9166eb8a31b3f0788c884713593.yaml
+++ b/nuclei-templates/cve-less/plugins/admin-custom-login-8e89a9166eb8a31b3f0788c884713593.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Custom Login <= 2.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Admin Custom Login plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting via the ‘logo_url’ parameter in versions before 2.4.8 due to insufficient input sanitization and output escaping and missing nonce validation. This makes it possible for unauthenticated attackers to inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-custom-login/"
     google-query: inurl:"/wp-content/plugins/admin-custom-login/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,admin-custom-login,high
+  tags: cve,wordpress,wp-plugin,admin-custom-login,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/admin-notices-for-team-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/admin-notices-for-team-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 65b636d333..ed2f0b8a4d 100644
--- a/nuclei-templates/cve-less/plugins/admin-notices-for-team-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/admin-notices-for-team-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-notices-for-team/"
     google-query: inurl:"/wp-content/plugins/admin-notices-for-team/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,admin-notices-for-team,medium
+  tags: cve,wordpress,wp-plugin,admin-notices-for-team,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/admin-pack-by-site-caseiro-b56b643a394756ad5a6e6d10ca73e89c.yaml b/nuclei-templates/cve-less/plugins/admin-pack-by-site-caseiro-b56b643a394756ad5a6e6d10ca73e89c.yaml
index d0c05bbdbb..59c6447798 100644
--- a/nuclei-templates/cve-less/plugins/admin-pack-by-site-caseiro-b56b643a394756ad5a6e6d10ca73e89c.yaml
+++ b/nuclei-templates/cve-less/plugins/admin-pack-by-site-caseiro-b56b643a394756ad5a6e6d10ca73e89c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Admin Pack by SITE CASEIRO <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Admin Pack by SITE CASEIRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sc_plugin_admin_personalizado_imagem' parameter in the 'admin-pack-sc.php' file in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated Admin+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/admin-pack-by-site-caseiro/"
     google-query: inurl:"/wp-content/plugins/admin-pack-by-site-caseiro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,admin-pack-by-site-caseiro,medium
+  tags: cve,wordpress,wp-plugin,admin-pack-by-site-caseiro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/adminify-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/adminify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 67572c3bc3..4f1428bb6d 100644
--- a/nuclei-templates/cve-less/plugins/adminify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/adminify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adminify/"
     google-query: inurl:"/wp-content/plugins/adminify/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,adminify,medium
+  tags: cve,wordpress,wp-plugin,adminify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/adplugg-9a9ae078aa8492b142c833f71cc23292.yaml b/nuclei-templates/cve-less/plugins/adplugg-9a9ae078aa8492b142c833f71cc23292.yaml
index 3a42a394d5..f91fa74f14 100644
--- a/nuclei-templates/cve-less/plugins/adplugg-9a9ae078aa8492b142c833f71cc23292.yaml
+++ b/nuclei-templates/cve-less/plugins/adplugg-9a9ae078aa8492b142c833f71cc23292.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AdPlugg WordPress Ad Plugin < 1.1.34 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AdPlugg WordPress Ad Plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 1.1.34 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/adplugg/"
     google-query: inurl:"/wp-content/plugins/adplugg/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,adplugg,medium
+  tags: cve,wordpress,wp-plugin,adplugg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ads-for-wp-32ccd5e0c657d764432d8a2599e1ffbc.yaml b/nuclei-templates/cve-less/plugins/ads-for-wp-32ccd5e0c657d764432d8a2599e1ffbc.yaml
index b4e9dba27f..c8f636adda 100644
--- a/nuclei-templates/cve-less/plugins/ads-for-wp-32ccd5e0c657d764432d8a2599e1ffbc.yaml
+++ b/nuclei-templates/cve-less/plugins/ads-for-wp-32ccd5e0c657d764432d8a2599e1ffbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Adsense & Banner Ads by AdsforWP < 1.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Google Adsense & Banner Ads by AdsforWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘adsforwp_profile_entry’ parameter in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ads-for-wp/"
     google-query: inurl:"/wp-content/plugins/ads-for-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ads-for-wp,medium
+  tags: cve,wordpress,wp-plugin,ads-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ads-for-wp-97317cfba5a4e1ac31624c57d27d0191.yaml b/nuclei-templates/cve-less/plugins/ads-for-wp-97317cfba5a4e1ac31624c57d27d0191.yaml
index 663fd2b75f..1640772fd5 100644
--- a/nuclei-templates/cve-less/plugins/ads-for-wp-97317cfba5a4e1ac31624c57d27d0191.yaml
+++ b/nuclei-templates/cve-less/plugins/ads-for-wp-97317cfba5a4e1ac31624c57d27d0191.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Adsense & Banner Ads by AdsforWP <= 1.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The AdsforWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ads-for-wp/"
     google-query: inurl:"/wp-content/plugins/ads-for-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ads-for-wp,high
+  tags: cve,wordpress,wp-plugin,ads-for-wp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advance-menu-manager-0f106f68230dd3847df5cac404354f2e.yaml b/nuclei-templates/cve-less/plugins/advance-menu-manager-0f106f68230dd3847df5cac404354f2e.yaml
index 19141039c4..a2b6c91575 100644
--- a/nuclei-templates/cve-less/plugins/advance-menu-manager-0f106f68230dd3847df5cac404354f2e.yaml
+++ b/nuclei-templates/cve-less/plugins/advance-menu-manager-0f106f68230dd3847df5cac404354f2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Menu Manager <= 3.0.6 - Authenticated (Subscriber+) Menu Creation/Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Menu Manager plugin for WordPress is vulnerable to Arbitrary Menu Creation/Deletion in versions up to, and including, 3.0.6. This is due to missing capability and nonce checks in its 'my_action_delete_menu' and 'my_action_create_menu_ajax' AJAX actions. This makes it possible for authenticated attackers (unauthenticated if performed via CSRF) to create and/or delete arbitrary menus.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advance-menu-manager/"
     google-query: inurl:"/wp-content/plugins/advance-menu-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advance-menu-manager,medium
+  tags: cve,wordpress,wp-plugin,advance-menu-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advance-menu-manager-b07982a67f16a7148433f4d658429720.yaml b/nuclei-templates/cve-less/plugins/advance-menu-manager-b07982a67f16a7148433f4d658429720.yaml
index a383b62d35..0c7684edf3 100644
--- a/nuclei-templates/cve-less/plugins/advance-menu-manager-b07982a67f16a7148433f4d658429720.yaml
+++ b/nuclei-templates/cve-less/plugins/advance-menu-manager-b07982a67f16a7148433f4d658429720.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Menu Manager <= 2.9.6 - Cross-Site Request Forgery to Menu Edition
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Advanced Menu Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.6. This is due to missing or incorrect nonce validation on the 'amm_save_existing_menu' function. This makes it possible for unauthenticated attackers to edit the vulnerable services menu via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advance-menu-manager/"
     google-query: inurl:"/wp-content/plugins/advance-menu-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advance-menu-manager,high
+  tags: cve,wordpress,wp-plugin,advance-menu-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advance-menu-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/advance-menu-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 66ad86155e..3f4ad3bd2c 100644
--- a/nuclei-templates/cve-less/plugins/advance-menu-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/advance-menu-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advance-menu-manager/"
     google-query: inurl:"/wp-content/plugins/advance-menu-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advance-menu-manager,medium
+  tags: cve,wordpress,wp-plugin,advance-menu-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advance-menu-manager-c848309da304f217f6ed4776631e8c6d.yaml b/nuclei-templates/cve-less/plugins/advance-menu-manager-c848309da304f217f6ed4776631e8c6d.yaml
index 1b07bb4073..b9fb2af6ea 100644
--- a/nuclei-templates/cve-less/plugins/advance-menu-manager-c848309da304f217f6ed4776631e8c6d.yaml
+++ b/nuclei-templates/cve-less/plugins/advance-menu-manager-c848309da304f217f6ed4776631e8c6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advance Menu Manager <= 3.0.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advance Menu Manager plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the dsamm_action_ajax_for_delete_menu(), dsamm_amm_duplicate_menu(), and dsamm_action_ajax_for_create_menu() functions in all versions up to, and including, 3.0.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete, create, and duplicate menus. Please note version 3.0.7 did not introduce capability checks, however, it introduced nonce checks that prevent the missing authorization issue from being exploitable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advance-menu-manager/"
     google-query: inurl:"/wp-content/plugins/advance-menu-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advance-menu-manager,medium
+  tags: cve,wordpress,wp-plugin,advance-menu-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advance-wc-analytics-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/advance-wc-analytics-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b579f76687..1534363e61 100644
--- a/nuclei-templates/cve-less/plugins/advance-wc-analytics-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/advance-wc-analytics-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advance-wc-analytics/"
     google-query: inurl:"/wp-content/plugins/advance-wc-analytics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advance-wc-analytics,medium
+  tags: cve,wordpress,wp-plugin,advance-wc-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advanced-cf7-db-09b9a87909e1abd2b1771c596b468a9f.yaml b/nuclei-templates/cve-less/plugins/advanced-cf7-db-09b9a87909e1abd2b1771c596b468a9f.yaml
index 4f83178654..0436483bf1 100644
--- a/nuclei-templates/cve-less/plugins/advanced-cf7-db-09b9a87909e1abd2b1771c596b468a9f.yaml
+++ b/nuclei-templates/cve-less/plugins/advanced-cf7-db-09b9a87909e1abd2b1771c596b468a9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Contact form 7 DB <= 1.6.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Advanced Contact form 7 DB plugin for WordPress is vulnerable to SQL Injection via the 'acf7db' shortcode in versions before 1.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-cf7-db/"
     google-query: inurl:"/wp-content/plugins/advanced-cf7-db/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advanced-cf7-db,high
+  tags: cve,wordpress,wp-plugin,advanced-cf7-db,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advanced-classifieds-and-directory-pro-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/advanced-classifieds-and-directory-pro-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d25bc427f9..f058fe329c 100644
--- a/nuclei-templates/cve-less/plugins/advanced-classifieds-and-directory-pro-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/advanced-classifieds-and-directory-pro-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-classifieds-and-directory-pro/"
     google-query: inurl:"/wp-content/plugins/advanced-classifieds-and-directory-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advanced-classifieds-and-directory-pro,medium
+  tags: cve,wordpress,wp-plugin,advanced-classifieds-and-directory-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-74d01cddad4cc8a47fb2dbd74bd23ca7.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-74d01cddad4cc8a47fb2dbd74bd23ca7.yaml
index d7759b6e4f..cf7dd94d6d 100644
--- a/nuclei-templates/cve-less/plugins/advanced-custom-fields-74d01cddad4cc8a47fb2dbd74bd23ca7.yaml
+++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-74d01cddad4cc8a47fb2dbd74bd23ca7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields <= 3.5.1 - Remote Code Execution via Remote File Inclusion
   author: topscoder
-  severity: low
+  severity: critical
   description: >
     Advanced Custom Fields up to 3.5.1 is vulnerable to Remote Code Execution. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. This exploit only works when the php option allow_url_include is set to On (Default Off).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-custom-fields/"
     google-query: inurl:"/wp-content/plugins/advanced-custom-fields/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields,low
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-877a1559edb434fbb6761e8bcd1aaf40.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-877a1559edb434fbb6761e8bcd1aaf40.yaml
index d598aa05be..758b753bd9 100644
--- a/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-877a1559edb434fbb6761e8bcd1aaf40.yaml
+++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-877a1559edb434fbb6761e8bcd1aaf40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields PRO 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Custom Fields PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 6.1 through 6.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-custom-fields-pro/"
     google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-table-field-f0cdadcff316feb53fd77aca416bb2f6.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-table-field-f0cdadcff316feb53fd77aca416bb2f6.yaml
index 27fcd8e7a6..d0c7b93347 100644
--- a/nuclei-templates/cve-less/plugins/advanced-custom-fields-table-field-f0cdadcff316feb53fd77aca416bb2f6.yaml
+++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-table-field-f0cdadcff316feb53fd77aca416bb2f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Custom Fields: Table Field < 1.1.13 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Advanced Custom Fields: Table Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions before 1.1.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-custom-fields-table-field/"
     google-query: inurl:"/wp-content/plugins/advanced-custom-fields-table-field/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advanced-custom-fields-table-field,medium
+  tags: cve,wordpress,wp-plugin,advanced-custom-fields-table-field,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advanced-database-replacer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/advanced-database-replacer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cac77b4681..6b1c20895b 100644
--- a/nuclei-templates/cve-less/plugins/advanced-database-replacer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/advanced-database-replacer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-database-replacer/"
     google-query: inurl:"/wp-content/plugins/advanced-database-replacer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advanced-database-replacer,medium
+  tags: cve,wordpress,wp-plugin,advanced-database-replacer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-aa979abd3b3cb9b7bb1cd2ef795b502b.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-aa979abd3b3cb9b7bb1cd2ef795b502b.yaml
index e82f7e9414..40553a0596 100644
--- a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-aa979abd3b3cb9b7bb1cd2ef795b502b.yaml
+++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-aa979abd3b3cb9b7bb1cd2ef795b502b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing access control on the exportCSVBulkRangesAjaxCB() function, in addition to several other functions, in versions up to, and including, 4.1.5. This makes it possible for authenticated attackers with minimal permissions such as a subscriber to export pricing ranges among other actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advanced-form-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/advanced-form-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9937dc3246..a83d90b82e 100644
--- a/nuclei-templates/cve-less/plugins/advanced-form-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/advanced-form-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-form-integration/"
     google-query: inurl:"/wp-content/plugins/advanced-form-integration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advanced-form-integration,medium
+  tags: cve,wordpress,wp-plugin,advanced-form-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advanced-nocaptcha-recaptcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/advanced-nocaptcha-recaptcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9bac4a68b7..dc45e8564a 100644
--- a/nuclei-templates/cve-less/plugins/advanced-nocaptcha-recaptcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/advanced-nocaptcha-recaptcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-nocaptcha-recaptcha/"
     google-query: inurl:"/wp-content/plugins/advanced-nocaptcha-recaptcha/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advanced-nocaptcha-recaptcha,medium
+  tags: cve,wordpress,wp-plugin,advanced-nocaptcha-recaptcha,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 582682739b..180170643d 100644
--- a/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/advanced-page-visit-counter/"
     google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,medium
+  tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-0b8752438dda7aa69e32a586e9110978.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-0b8752438dda7aa69e32a586e9110978.yaml
index 9792a66175..8b8250716d 100644
--- a/nuclei-templates/cve-less/plugins/affiliates-manager-0b8752438dda7aa69e32a586e9110978.yaml
+++ b/nuclei-templates/cve-less/plugins/affiliates-manager-0b8752438dda7aa69e32a586e9110978.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Affiliates Manager <= 2.7.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.7.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliates-manager/"
     google-query: inurl:"/wp-content/plugins/affiliates-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,affiliates-manager,medium
+  tags: cve,wordpress,wp-plugin,affiliates-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-a17b58f6876bd5740a12242958831995.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-a17b58f6876bd5740a12242958831995.yaml
index 50226de185..4c0c886bd8 100644
--- a/nuclei-templates/cve-less/plugins/affiliates-manager-a17b58f6876bd5740a12242958831995.yaml
+++ b/nuclei-templates/cve-less/plugins/affiliates-manager-a17b58f6876bd5740a12242958831995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Affiliates Manager <= 2.9.13 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.13. This is due to missing or incorrect nonce validation on the process_individual_action function. This makes it possible for unauthenticated attackers to delete affiliates and commissions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/affiliates-manager/"
     google-query: inurl:"/wp-content/plugins/affiliates-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,affiliates-manager,high
+  tags: cve,wordpress,wp-plugin,affiliates-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/affiliatewp-3205ac6df5d6745a5d1c210179723168.yaml b/nuclei-templates/cve-less/plugins/affiliatewp-3205ac6df5d6745a5d1c210179723168.yaml
index fc65b256f8..e2384754e6 100644
--- a/nuclei-templates/cve-less/plugins/affiliatewp-3205ac6df5d6745a5d1c210179723168.yaml
+++ b/nuclei-templates/cve-less/plugins/affiliatewp-3205ac6df5d6745a5d1c210179723168.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AffiliateWP < 2.0.9.1 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The AffiliateWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filter_from’ parameter in versions before 2.0.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/AffiliateWP/"
     google-query: inurl:"/wp-content/plugins/AffiliateWP/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,AffiliateWP,high
+  tags: cve,wordpress,wp-plugin,AffiliateWP,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/age-gate-6748230cb5270a84b852b5bff3631f4d.yaml b/nuclei-templates/cve-less/plugins/age-gate-6748230cb5270a84b852b5bff3631f4d.yaml
index a4a3cbad2f..2809df2062 100644
--- a/nuclei-templates/cve-less/plugins/age-gate-6748230cb5270a84b852b5bff3631f4d.yaml
+++ b/nuclei-templates/cve-less/plugins/age-gate-6748230cb5270a84b852b5bff3631f4d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Age Gate <= 2.16.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Age Gate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Additional content’ field in versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for  authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/age-gate/"
     google-query: inurl:"/wp-content/plugins/age-gate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,age-gate,medium
+  tags: cve,wordpress,wp-plugin,age-gate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/age-verification-screen-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/age-verification-screen-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7bf0d401eb..b0635ccf0b 100644
--- a/nuclei-templates/cve-less/plugins/age-verification-screen-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/age-verification-screen-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/age-verification-screen-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/age-verification-screen-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,age-verification-screen-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,age-verification-screen-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/airpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/airpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5bc12d1f36..bedc95e732 100644
--- a/nuclei-templates/cve-less/plugins/airpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/airpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/airpress/"
     google-query: inurl:"/wp-content/plugins/airpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,airpress,medium
+  tags: cve,wordpress,wp-plugin,airpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-0d10f95dc02c34323ca2661d596c206b.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-0d10f95dc02c34323ca2661d596c206b.yaml
index 2274be6496..313850a53d 100644
--- a/nuclei-templates/cve-less/plugins/ajax-load-more-0d10f95dc02c34323ca2661d596c206b.yaml
+++ b/nuclei-templates/cve-less/plugins/ajax-load-more-0d10f95dc02c34323ca2661d596c206b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Infinite Scroll – Ajax Load More <= 2.8.1.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'alm_save_repeater()' function called via an AJAX action in versions up to, and including, 2.8.1.2. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-load-more/"
     google-query: inurl:"/wp-content/plugins/ajax-load-more/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ajax-load-more,high
+  tags: cve,wordpress,wp-plugin,ajax-load-more,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-28696fa61d6f901911f226ee59d9bc21.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-28696fa61d6f901911f226ee59d9bc21.yaml
index 976f154e68..ab20bbd580 100644
--- a/nuclei-templates/cve-less/plugins/ajax-load-more-28696fa61d6f901911f226ee59d9bc21.yaml
+++ b/nuclei-templates/cve-less/plugins/ajax-load-more-28696fa61d6f901911f226ee59d9bc21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Infinite Scroll – Ajax Load More <= 5.5.4 - Authenticated (Admin+) Arbitrary File Read via Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to arbitrary file download via directory traversal due to insufficient file path validation returned via the alm_repeaters_export() function in versions up to, and including, 5.5.4. This makes it possible administrative users to download sensitive files from the server, in addition to unauthenticated users triggering administrators to retrieve sensitive files from the server due to missing nonce protection on the function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-load-more/"
     google-query: inurl:"/wp-content/plugins/ajax-load-more/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ajax-load-more,medium
+  tags: cve,wordpress,wp-plugin,ajax-load-more,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-d42fbc843251d5f50991be5b8b42b3d6.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-d42fbc843251d5f50991be5b8b42b3d6.yaml
index 20087a964f..5873dad058 100644
--- a/nuclei-templates/cve-less/plugins/ajax-load-more-d42fbc843251d5f50991be5b8b42b3d6.yaml
+++ b/nuclei-templates/cve-less/plugins/ajax-load-more-d42fbc843251d5f50991be5b8b42b3d6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ajax Load More <= 7.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-load-more/"
     google-query: inurl:"/wp-content/plugins/ajax-load-more/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ajax-load-more,medium
+  tags: cve,wordpress,wp-plugin,ajax-load-more,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ajax-search-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ajax-search-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a5f1f0b03e..26972096bf 100644
--- a/nuclei-templates/cve-less/plugins/ajax-search-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ajax-search-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-search-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/ajax-search-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ajax-search-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,ajax-search-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ajax-search-pro-a0309fc6dada5d85650b4762bb282066.yaml b/nuclei-templates/cve-less/plugins/ajax-search-pro-a0309fc6dada5d85650b4762bb282066.yaml
index 59d20242a3..87b542a6ce 100644
--- a/nuclei-templates/cve-less/plugins/ajax-search-pro-a0309fc6dada5d85650b4762bb282066.yaml
+++ b/nuclei-templates/cve-less/plugins/ajax-search-pro-a0309fc6dada5d85650b4762bb282066.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ajax Search Pro <= 4.18.7 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ajax Search Pro plugin for WordPress is vulnerable to SQL Injection via the ‘p_blogid’ parameter in versions up to, and including, 4.18.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-search-pro/"
     google-query: inurl:"/wp-content/plugins/ajax-search-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ajax-search-pro,high
+  tags: cve,wordpress,wp-plugin,ajax-search-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ajax-search-pro-e17e90463e6889aa07cbb8b7927771be.yaml b/nuclei-templates/cve-less/plugins/ajax-search-pro-e17e90463e6889aa07cbb8b7927771be.yaml
index fa6254bda9..e6ab983320 100644
--- a/nuclei-templates/cve-less/plugins/ajax-search-pro-e17e90463e6889aa07cbb8b7927771be.yaml
+++ b/nuclei-templates/cve-less/plugins/ajax-search-pro-e17e90463e6889aa07cbb8b7927771be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ajax Search Pro <= 3.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ajax Search Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5. This is due to missing or incorrect nonce validation on the 'wpdreams_ajaxinputcallback' function. This makes it possible for unauthenticated attackers to execute any arbitrary function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ajax-search-pro/"
     google-query: inurl:"/wp-content/plugins/ajax-search-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ajax-search-pro,high
+  tags: cve,wordpress,wp-plugin,ajax-search-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/alkubot-515bfb8e519273db685ebdf46ba27554.yaml b/nuclei-templates/cve-less/plugins/alkubot-515bfb8e519273db685ebdf46ba27554.yaml
index 198168266f..d79d92b7d8 100644
--- a/nuclei-templates/cve-less/plugins/alkubot-515bfb8e519273db685ebdf46ba27554.yaml
+++ b/nuclei-templates/cve-less/plugins/alkubot-515bfb8e519273db685ebdf46ba27554.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Alkubot – Gamify discounts, sell more and give less at the right time < 3.0.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Alkubot – Gamify discounts, sell more and give less at the right time plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on the successfulBargain() function. This makes it possible for unauthenticated attackers to place arbitrary products in a shopping cart via a forged request granted they can trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alkubot/"
     google-query: inurl:"/wp-content/plugins/alkubot/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,alkubot,high
+  tags: cve,wordpress,wp-plugin,alkubot,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-404-redirect-to-homepage-4c92870ff7a0f182a44699dda7bffd35.yaml b/nuclei-templates/cve-less/plugins/all-404-redirect-to-homepage-4c92870ff7a0f182a44699dda7bffd35.yaml
index f1a5385937..4aa1702564 100644
--- a/nuclei-templates/cve-less/plugins/all-404-redirect-to-homepage-4c92870ff7a0f182a44699dda7bffd35.yaml
+++ b/nuclei-templates/cve-less/plugins/all-404-redirect-to-homepage-4c92870ff7a0f182a44699dda7bffd35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All 404 Redirect to Homepage & Broken images Redirection <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The All 404 Redirect to Homepage & Broken images Redirection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-404-redirect-to-homepage/"
     google-query: inurl:"/wp-content/plugins/all-404-redirect-to-homepage/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-404-redirect-to-homepage,medium
+  tags: cve,wordpress,wp-plugin,all-404-redirect-to-homepage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-event-calendar-9e62074ce42abae7e7fbef8d4e799261.yaml b/nuclei-templates/cve-less/plugins/all-in-one-event-calendar-9e62074ce42abae7e7fbef8d4e799261.yaml
index 04e143a313..ee77255de0 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-event-calendar-9e62074ce42abae7e7fbef8d4e799261.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-event-calendar-9e62074ce42abae7e7fbef8d4e799261.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Timely All-in-One Events Calendar <= 2.5.38 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Timely All-in-One Events Calendar plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters related to event input in versions up to, and including, 2.5.38 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-event-calendar/"
     google-query: inurl:"/wp-content/plugins/all-in-one-event-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-event-calendar,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-event-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-154de88e6cddd165b6ff204a5922a0ba.yaml b/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-154de88e6cddd165b6ff204a5922a0ba.yaml
index be5e2a9d70..6127950be8 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-154de88e6cddd165b6ff204a5922a0ba.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-154de88e6cddd165b6ff204a5922a0ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One Invite Codes <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All in One Invite Codes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '$message_text' parameter in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-invite-codes/"
     google-query: inurl:"/wp-content/plugins/all-in-one-invite-codes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-invite-codes,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-invite-codes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a002bc9e17..95325a7339 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-invite-codes/"
     google-query: inurl:"/wp-content/plugins/all-in-one-invite-codes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-invite-codes,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-invite-codes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-bbd2aa17be72216554254e2d8e755d19.yaml b/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-bbd2aa17be72216554254e2d8e755d19.yaml
index e6ce8005a0..89e433c417 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-bbd2aa17be72216554254e2d8e755d19.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-invite-codes-bbd2aa17be72216554254e2d8e755d19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One Invite Codes <= 1.0.14 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The All in One Invite Codes plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-invite-codes/"
     google-query: inurl:"/wp-content/plugins/all-in-one-invite-codes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-invite-codes,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-invite-codes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-6b8b57f1101c92df559274dfef436538.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-6b8b57f1101c92df559274dfef436538.yaml
index f0d1c99466..c5091246a9 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-6b8b57f1101c92df559274dfef436538.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-6b8b57f1101c92df559274dfef436538.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO  <= 2.1.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The All in One SEO plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the aioseop_ajax_save_meta() function in versions up to, and including, 2.1.5. This makes it possible for authenticated attackers with subscriber level permissions and above to modify some of the SEO settings of the plugin for any given post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-bc257f9f7078df85b51c2e5181af811d.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-bc257f9f7078df85b51c2e5181af811d.yaml
index 9fe3745bf0..82563ecacc 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-bc257f9f7078df85b51c2e5181af811d.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-bc257f9f7078df85b51c2e5181af811d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO <= 2.1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The All in One SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SEO settings for posts in versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-f0ea860f14b0b0ca566ac38e74715e9c.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-f0ea860f14b0b0ca566ac38e74715e9c.yaml
index 8f4341fead..982569dc59 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-f0ea860f14b0b0ca566ac38e74715e9c.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-f0ea860f14b0b0ca566ac38e74715e9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One SEO <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All in One SEO plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including 2.9.1.1, via post meta values. This makes it possible for attackers with Contributor level permissions and above to inject arbitrary web scripts in administrative pages that execute whenever a user accesses the page with the stored web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-seo-pack/"
     google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6df0be1b97..c3489ac248 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-video-gallery/"
     google-query: inurl:"/wp-content/plugins/all-in-one-video-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-7757d5b35907f5f49944633dfa8351f2.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-7757d5b35907f5f49944633dfa8351f2.yaml
index 98bac7d65c..d1277ba704 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-7757d5b35907f5f49944633dfa8351f2.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-7757d5b35907f5f49944633dfa8351f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-One WP Migration <= 6.97 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All-in-One WP Migration plugin for WordPress is vulnerable to Cross-Site Scripting due to the fact that the backup description on the backup history overview page does not sanitize/escape html entities when generating the input field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-migration/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-migration,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-migration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-baaba4f56b4f175e80057b4999371a96.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-baaba4f56b4f175e80057b4999371a96.yaml
index 013a1c8789..c1956e5947 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-baaba4f56b4f175e80057b4999371a96.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-baaba4f56b4f175e80057b4999371a96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All-in-One WP Migration <= 7.62 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The All-in-One WP Migration plugin for WordPress is vulnerable to cross-site scripting via the 'storage' parameter in versions up to, and including, 7.62 due to insufficient input sanitization and output escaping. This allows attackers to execute arbitrary web scripts in victim's browsers. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-migration/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-migration,medium
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-migration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-d6e02747846dc962e1ab5d119bbf94ea.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-d6e02747846dc962e1ab5d119bbf94ea.yaml
index 9dd9d32d6f..cb25436761 100644
--- a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-d6e02747846dc962e1ab5d119bbf94ea.yaml
+++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-d6e02747846dc962e1ab5d119bbf94ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The All In One WP Security & Firewall plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to modify the plugin's block list table, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/"
     google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high
+  tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/alley-business-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/alley-business-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8106d0fff0..603bd82725 100644
--- a/nuclei-templates/cve-less/plugins/alley-business-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/alley-business-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alley-business-toolkit/"
     google-query: inurl:"/wp-content/plugins/alley-business-toolkit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,alley-business-toolkit,medium
+  tags: cve,wordpress,wp-plugin,alley-business-toolkit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/alphabetic-pagination-090eaec5db6a3b5e9520804055acdec3.yaml b/nuclei-templates/cve-less/plugins/alphabetic-pagination-090eaec5db6a3b5e9520804055acdec3.yaml
index 242567b194..6ab7c01169 100644
--- a/nuclei-templates/cve-less/plugins/alphabetic-pagination-090eaec5db6a3b5e9520804055acdec3.yaml
+++ b/nuclei-templates/cve-less/plugins/alphabetic-pagination-090eaec5db6a3b5e9520804055acdec3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Alphabetic Pagination <= 3.0.7 - Missing Authorization to Unauthenticated Arbitrary Options Update
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Alphabetic Pagination plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the api_update_settings function in versions up to, and including, 3.0.7. This makes it possible for unauthenticated attackers update settings not limited to those of the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alphabetic-pagination/"
     google-query: inurl:"/wp-content/plugins/alphabetic-pagination/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,alphabetic-pagination,critical
+  tags: cve,wordpress,wp-plugin,alphabetic-pagination,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-instagram-87c10838d1b8a43254afbf05b7f964c2.yaml b/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-instagram-87c10838d1b8a43254afbf05b7f964c2.yaml
index 5377135cc3..a9051246bd 100644
--- a/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-instagram-87c10838d1b8a43254afbf05b7f964c2.yaml
+++ b/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-instagram-87c10838d1b8a43254afbf05b7f964c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Alpine PhotoTile For Instagram < 1.2.9  - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Alpine PhotoTile For Instagram plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to 1.2.9 due to insufficient input sanitization and output escaping on the 'general_lightbox_params' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alpine-photo-tile-for-instagram/"
     google-query: inurl:"/wp-content/plugins/alpine-photo-tile-for-instagram/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,alpine-photo-tile-for-instagram,medium
+  tags: cve,wordpress,wp-plugin,alpine-photo-tile-for-instagram,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/alt-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/alt-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 295fb65b89..7f620cfee6 100644
--- a/nuclei-templates/cve-less/plugins/alt-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/alt-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/alt-manager/"
     google-query: inurl:"/wp-content/plugins/alt-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,alt-manager,medium
+  tags: cve,wordpress,wp-plugin,alt-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/amazon-affiliate-link-localizer-aff79341750b1cf6ce299e2e5a87675c.yaml b/nuclei-templates/cve-less/plugins/amazon-affiliate-link-localizer-aff79341750b1cf6ce299e2e5a87675c.yaml
index 912f158ce2..de51ccb46d 100644
--- a/nuclei-templates/cve-less/plugins/amazon-affiliate-link-localizer-aff79341750b1cf6ce299e2e5a87675c.yaml
+++ b/nuclei-templates/cve-less/plugins/amazon-affiliate-link-localizer-aff79341750b1cf6ce299e2e5a87675c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Amazon Affiliate Link Localizer <= 1.8.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Amazon Affiliate Link Localizer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/amazon-affiliate-link-localizer/"
     google-query: inurl:"/wp-content/plugins/amazon-affiliate-link-localizer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,amazon-affiliate-link-localizer,medium
+  tags: cve,wordpress,wp-plugin,amazon-affiliate-link-localizer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/anfrageformular-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/anfrageformular-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 48c4c9ac2e..84e86d1d76 100644
--- a/nuclei-templates/cve-less/plugins/anfrageformular-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/anfrageformular-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anfrageformular/"
     google-query: inurl:"/wp-content/plugins/anfrageformular/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,anfrageformular,medium
+  tags: cve,wordpress,wp-plugin,anfrageformular,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/animate-everything-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/animate-everything-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ed6cfd052c..9b97e6edb1 100644
--- a/nuclei-templates/cve-less/plugins/animate-everything-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/animate-everything-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/animate-everything/"
     google-query: inurl:"/wp-content/plugins/animate-everything/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,animate-everything,medium
+  tags: cve,wordpress,wp-plugin,animate-everything,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/animate-it-9d4c7c94456d7936525f7973a9574896.yaml b/nuclei-templates/cve-less/plugins/animate-it-9d4c7c94456d7936525f7973a9574896.yaml
index 393854f761..f9a7b9ff88 100644
--- a/nuclei-templates/cve-less/plugins/animate-it-9d4c7c94456d7936525f7973a9574896.yaml
+++ b/nuclei-templates/cve-less/plugins/animate-it-9d4c7c94456d7936525f7973a9574896.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Animate It! < 2.4.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Animate It! for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onanimationend’ parameter in versions up to, and including, 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/animate-it/"
     google-query: inurl:"/wp-content/plugins/animate-it/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,animate-it,medium
+  tags: cve,wordpress,wp-plugin,animate-it,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/animated-fullscreen-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/animated-fullscreen-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9f9d996148..437aa9dc97 100644
--- a/nuclei-templates/cve-less/plugins/animated-fullscreen-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/animated-fullscreen-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/animated-fullscreen-menu/"
     google-query: inurl:"/wp-content/plugins/animated-fullscreen-menu/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,animated-fullscreen-menu,medium
+  tags: cve,wordpress,wp-plugin,animated-fullscreen-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/annasta-woocommerce-product-filters-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/annasta-woocommerce-product-filters-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1812320cb8..15e9d2e3e2 100644
--- a/nuclei-templates/cve-less/plugins/annasta-woocommerce-product-filters-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/annasta-woocommerce-product-filters-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/annasta-woocommerce-product-filters/"
     google-query: inurl:"/wp-content/plugins/annasta-woocommerce-product-filters/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,annasta-woocommerce-product-filters,medium
+  tags: cve,wordpress,wp-plugin,annasta-woocommerce-product-filters,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-d4f178ca51b9a3854e944ff01429b4d0.yaml b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-d4f178ca51b9a3854e944ff01429b4d0.yaml
index ae1e1f60d0..a0a1111574 100644
--- a/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-d4f178ca51b9a3854e944ff01429b4d0.yaml
+++ b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-d4f178ca51b9a3854e944ff01429b4d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds <= 3.3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘error_message’ parameter in versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/"
     google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,medium
+  tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/anti-spam-6dd6322d887c160ebd9dfa555a077a3f.yaml b/nuclei-templates/cve-less/plugins/anti-spam-6dd6322d887c160ebd9dfa555a077a3f.yaml
index d9de17095c..2d51ca9bce 100644
--- a/nuclei-templates/cve-less/plugins/anti-spam-6dd6322d887c160ebd9dfa555a077a3f.yaml
+++ b/nuclei-templates/cve-less/plugins/anti-spam-6dd6322d887c160ebd9dfa555a077a3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Titan Anti-spam & Security <= 4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Titan Anti-spam & Security plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on the `antspm-q` and `antspm-e-email-url-website` parameters. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anti-spam/"
     google-query: inurl:"/wp-content/plugins/anti-spam/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,anti-spam,medium
+  tags: cve,wordpress,wp-plugin,anti-spam,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/any-popup-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/any-popup-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cd07f393fd..25a6abebcb 100644
--- a/nuclei-templates/cve-less/plugins/any-popup-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/any-popup-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/any-popup/"
     google-query: inurl:"/wp-content/plugins/any-popup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,any-popup,medium
+  tags: cve,wordpress,wp-plugin,any-popup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/anywhere-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/anywhere-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 66e7dd5c7e..0a129ea5e6 100644
--- a/nuclei-templates/cve-less/plugins/anywhere-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/anywhere-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/anywhere-elementor/"
     google-query: inurl:"/wp-content/plugins/anywhere-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,anywhere-elementor,medium
+  tags: cve,wordpress,wp-plugin,anywhere-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/app-ads-txt-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/app-ads-txt-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 060a6b61bf..c4f2e32f88 100644
--- a/nuclei-templates/cve-less/plugins/app-ads-txt-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/app-ads-txt-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/app-ads-txt/"
     google-query: inurl:"/wp-content/plugins/app-ads-txt/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,app-ads-txt,medium
+  tags: cve,wordpress,wp-plugin,app-ads-txt,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/appexperts-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/appexperts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0d68e17bf8..1e80875c21 100644
--- a/nuclei-templates/cve-less/plugins/appexperts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/appexperts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/appexperts/"
     google-query: inurl:"/wp-content/plugins/appexperts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,appexperts,medium
+  tags: cve,wordpress,wp-plugin,appexperts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ar-contactus-34166a606544203d0a234746ff259ddd.yaml b/nuclei-templates/cve-less/plugins/ar-contactus-34166a606544203d0a234746ff259ddd.yaml
index 8b4acd9949..2858ce95d5 100644
--- a/nuclei-templates/cve-less/plugins/ar-contactus-34166a606544203d0a234746ff259ddd.yaml
+++ b/nuclei-templates/cve-less/plugins/ar-contactus-34166a606544203d0a234746ff259ddd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One Support Button + Callback Request <= 1.8.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The All in One Support Button + Callback Request plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ar-contactus/"
     google-query: inurl:"/wp-content/plugins/ar-contactus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ar-contactus,medium
+  tags: cve,wordpress,wp-plugin,ar-contactus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ar-contactus-5efe3bb103834ebca4e7ce81f7b0fd92.yaml b/nuclei-templates/cve-less/plugins/ar-contactus-5efe3bb103834ebca4e7ce81f7b0fd92.yaml
index 82a32f2bf1..75fdeaeed3 100644
--- a/nuclei-templates/cve-less/plugins/ar-contactus-5efe3bb103834ebca4e7ce81f7b0fd92.yaml
+++ b/nuclei-templates/cve-less/plugins/ar-contactus-5efe3bb103834ebca4e7ce81f7b0fd92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     All in One Support Button + Callback Request <= 1.8.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The All in One Support Button + Callback Request plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ar-contactus/"
     google-query: inurl:"/wp-content/plugins/ar-contactus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ar-contactus,high
+  tags: cve,wordpress,wp-plugin,ar-contactus,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/arabic-font-81f4538f2765df23f8b4f561b33039aa.yaml b/nuclei-templates/cve-less/plugins/arabic-font-81f4538f2765df23f8b4f561b33039aa.yaml
index 390cc8179f..a8da5ceb11 100644
--- a/nuclei-templates/cve-less/plugins/arabic-font-81f4538f2765df23f8b4f561b33039aa.yaml
+++ b/nuclei-templates/cve-less/plugins/arabic-font-81f4538f2765df23f8b4f561b33039aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Arabic Font <= 1.2 Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Arabic Font plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arabic-font.php' and '/inc/panel.php' files in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthorized attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/arabic-font/"
     google-query: inurl:"/wp-content/plugins/arabic-font/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,arabic-font,high
+  tags: cve,wordpress,wp-plugin,arabic-font,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/aryo-activity-log-e186fa859c9eb38cc8ef0cb73e6a43b4.yaml b/nuclei-templates/cve-less/plugins/aryo-activity-log-e186fa859c9eb38cc8ef0cb73e6a43b4.yaml
index 22d2579d48..dc2231d12c 100644
--- a/nuclei-templates/cve-less/plugins/aryo-activity-log-e186fa859c9eb38cc8ef0cb73e6a43b4.yaml
+++ b/nuclei-templates/cve-less/plugins/aryo-activity-log-e186fa859c9eb38cc8ef0cb73e6a43b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Activity Log 2.3.5 - 2.6.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Activity Log plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions 2.3.5 - 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/aryo-activity-log/"
     google-query: inurl:"/wp-content/plugins/aryo-activity-log/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,aryo-activity-log,high
+  tags: cve,wordpress,wp-plugin,aryo-activity-log,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/async-javascript-1487ac20915c63a985fc090bb178b2a8.yaml b/nuclei-templates/cve-less/plugins/async-javascript-1487ac20915c63a985fc090bb178b2a8.yaml
index 15604f9e2c..ed76702e6f 100644
--- a/nuclei-templates/cve-less/plugins/async-javascript-1487ac20915c63a985fc090bb178b2a8.yaml
+++ b/nuclei-templates/cve-less/plugins/async-javascript-1487ac20915c63a985fc090bb178b2a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Async JavaScript <= 2.19.07.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including,  2.19.07.14. This is due to missing authorization checks on the aj_steps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it possible for authenticated attackers with subscriber level permissions and above to inject malicious web scripts into a page that execute whenever a user accesses that page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/async-javascript/"
     google-query: inurl:"/wp-content/plugins/async-javascript/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,async-javascript,medium
+  tags: cve,wordpress,wp-plugin,async-javascript,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/async-javascript-3a24ca5d79101db2344acd5815fa20cf.yaml b/nuclei-templates/cve-less/plugins/async-javascript-3a24ca5d79101db2344acd5815fa20cf.yaml
index 3112366613..d9b55ace38 100644
--- a/nuclei-templates/cve-less/plugins/async-javascript-3a24ca5d79101db2344acd5815fa20cf.yaml
+++ b/nuclei-templates/cve-less/plugins/async-javascript-3a24ca5d79101db2344acd5815fa20cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Async Javascript <= 2.20.12.09 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Async Javascript plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '&aj_gtmetrix_username=' and '&aj_gtmetrix_api_key=' parameters in versions up to, and including, 2.20.12.09 due to insufficient input sanitization and output escaping. This makes it possible for authenticated (admin+) attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/async-javascript/"
     google-query: inurl:"/wp-content/plugins/async-javascript/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,async-javascript,medium
+  tags: cve,wordpress,wp-plugin,async-javascript,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/atarim-visual-collaboration-79139d2e0a7eb5022bea3408ba7847f1.yaml b/nuclei-templates/cve-less/plugins/atarim-visual-collaboration-79139d2e0a7eb5022bea3408ba7847f1.yaml
index 00dff21942..c046b8cf79 100644
--- a/nuclei-templates/cve-less/plugins/atarim-visual-collaboration-79139d2e0a7eb5022bea3408ba7847f1.yaml
+++ b/nuclei-templates/cve-less/plugins/atarim-visual-collaboration-79139d2e0a7eb5022bea3408ba7847f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Atarim - Client Interface <= 3.9.1 - Missing Authorization via AJAX actions
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Atarim - Client Interface plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the avc_send_invitations and avc_delete_invitations functions in versions up to, and including, 3.9.1. This makes it possible for unauthenticated attackers to delete arbitrary accounts (and the content they created) on the site. The creation of accounts is also possible although new accounts are limited to the default role or subscriber, whichever is higher.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/atarim-visual-collaboration/"
     google-query: inurl:"/wp-content/plugins/atarim-visual-collaboration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,atarim-visual-collaboration,critical
+  tags: cve,wordpress,wp-plugin,atarim-visual-collaboration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/atlas-knowledge-base-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/atlas-knowledge-base-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4dae26f205..fa330b3b9e 100644
--- a/nuclei-templates/cve-less/plugins/atlas-knowledge-base-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/atlas-knowledge-base-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/atlas-knowledge-base/"
     google-query: inurl:"/wp-content/plugins/atlas-knowledge-base/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,atlas-knowledge-base,medium
+  tags: cve,wordpress,wp-plugin,atlas-knowledge-base,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/auto-advance-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/auto-advance-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7ecd9c9fd8..cebfc8162a 100644
--- a/nuclei-templates/cve-less/plugins/auto-advance-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/auto-advance-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-advance-for-gravity-forms/"
     google-query: inurl:"/wp-content/plugins/auto-advance-for-gravity-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,auto-advance-for-gravity-forms,medium
+  tags: cve,wordpress,wp-plugin,auto-advance-for-gravity-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/auto-upload-images-7deebe50bd92a2450bb0ab52d4fabce8.yaml b/nuclei-templates/cve-less/plugins/auto-upload-images-7deebe50bd92a2450bb0ab52d4fabce8.yaml
index 9437620023..ed6b2cdc5c 100644
--- a/nuclei-templates/cve-less/plugins/auto-upload-images-7deebe50bd92a2450bb0ab52d4fabce8.yaml
+++ b/nuclei-templates/cve-less/plugins/auto-upload-images-7deebe50bd92a2450bb0ab52d4fabce8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Auto Upload Images <= 3.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Auto Upload Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auto-upload-images/"
     google-query: inurl:"/wp-content/plugins/auto-upload-images/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,auto-upload-images,medium
+  tags: cve,wordpress,wp-plugin,auto-upload-images,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/automatic-internal-links-for-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/automatic-internal-links-for-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 12aefaa86a..45a3bbe3d3 100644
--- a/nuclei-templates/cve-less/plugins/automatic-internal-links-for-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/automatic-internal-links-for-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/automatic-internal-links-for-seo/"
     google-query: inurl:"/wp-content/plugins/automatic-internal-links-for-seo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,automatic-internal-links-for-seo,medium
+  tags: cve,wordpress,wp-plugin,automatic-internal-links-for-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/automatic-youtube-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/automatic-youtube-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 95f466cbfc..3c519c7a8e 100644
--- a/nuclei-templates/cve-less/plugins/automatic-youtube-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/automatic-youtube-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/automatic-youtube-gallery/"
     google-query: inurl:"/wp-content/plugins/automatic-youtube-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,automatic-youtube-gallery,medium
+  tags: cve,wordpress,wp-plugin,automatic-youtube-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/automizy-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/automizy-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index fe3a4c014a..61c57aec5d 100644
--- a/nuclei-templates/cve-less/plugins/automizy-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/automizy-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/automizy-gravity-forms/"
     google-query: inurl:"/wp-content/plugins/automizy-gravity-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,automizy-gravity-forms,medium
+  tags: cve,wordpress,wp-plugin,automizy-gravity-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/autoresponder-gwa-1baba58fdf15d4d0a7d4d7886ec16e9b.yaml b/nuclei-templates/cve-less/plugins/autoresponder-gwa-1baba58fdf15d4d0a7d4d7886ec16e9b.yaml
index dc332c870f..0176ef7a62 100644
--- a/nuclei-templates/cve-less/plugins/autoresponder-gwa-1baba58fdf15d4d0a7d4d7886ec16e9b.yaml
+++ b/nuclei-templates/cve-less/plugins/autoresponder-gwa-1baba58fdf15d4d0a7d4d7886ec16e9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     [GWA] AutoResponder <= 2.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The [GWA] AutoResponder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing nonce validation on several functions. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autoresponder-gwa/"
     google-query: inurl:"/wp-content/plugins/autoresponder-gwa/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,autoresponder-gwa,high
+  tags: cve,wordpress,wp-plugin,autoresponder-gwa,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/autosave-net-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/autosave-net-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 07c4f1db63..86f3f2ead1 100644
--- a/nuclei-templates/cve-less/plugins/autosave-net-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/autosave-net-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/autosave-net/"
     google-query: inurl:"/wp-content/plugins/autosave-net/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,autosave-net,medium
+  tags: cve,wordpress,wp-plugin,autosave-net,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-d7661df8620c7b906e4301d69849100f.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-d7661df8620c7b906e4301d69849100f.yaml
index 897b73e7e6..6b8e900add 100644
--- a/nuclei-templates/cve-less/plugins/auxin-elements-d7661df8620c7b906e4301d69849100f.yaml
+++ b/nuclei-templates/cve-less/plugins/auxin-elements-d7661df8620c7b906e4301d69849100f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes and extra features for Phlox theme <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to stored Cross-Site Scripting via multiple Elementor Widgets in versions up to, and including, 2.9.8. This makes it possible for authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/auxin-elements/"
     google-query: inurl:"/wp-content/plugins/auxin-elements/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,auxin-elements,medium
+  tags: cve,wordpress,wp-plugin,auxin-elements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/avalex-00e15cae549764aa48f28dd7ae0bb1cd.yaml b/nuclei-templates/cve-less/plugins/avalex-00e15cae549764aa48f28dd7ae0bb1cd.yaml
index 80618b40dc..6d1fff22f6 100644
--- a/nuclei-templates/cve-less/plugins/avalex-00e15cae549764aa48f28dd7ae0bb1cd.yaml
+++ b/nuclei-templates/cve-less/plugins/avalex-00e15cae549764aa48f28dd7ae0bb1cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     avalex – Automatisch sichere Rechtstexte <= 3.0.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The avalex – Automatisch sichere Rechtstexte plugin for WordPress is vulnerable to unauthorized modifcation of data due to a missing capability check on the saveApiKey() function hooked via admin_init in all versions up to, and including, 3.0.8. This makes it possible for unauthenticated attackers to modify the API key for the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/avalex/"
     google-query: inurl:"/wp-content/plugins/avalex/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,avalex,medium
+  tags: cve,wordpress,wp-plugin,avalex,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/awesome-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/awesome-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b0fdeefa7a..96e7bbc152 100644
--- a/nuclei-templates/cve-less/plugins/awesome-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/awesome-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/awesome-ssl/"
     google-query: inurl:"/wp-content/plugins/awesome-ssl/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,awesome-ssl,medium
+  tags: cve,wordpress,wp-plugin,awesome-ssl,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-a5bc98329e35c128c91f3ce8a71c6a41.yaml b/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-a5bc98329e35c128c91f3ce8a71c6a41.yaml
index 3fbb518968..41bb533138 100644
--- a/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-a5bc98329e35c128c91f3ce8a71c6a41.yaml
+++ b/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-a5bc98329e35c128c91f3ce8a71c6a41.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Like box – Page Plugin <= 3.5.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "Popup Like box – Page Plugin" plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-facebook-popup-likebox/"
     google-query: inurl:"/wp-content/plugins/ays-facebook-popup-likebox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ays-facebook-popup-likebox,medium
+  tags: cve,wordpress,wp-plugin,ays-facebook-popup-likebox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-5174039d89c7d18d794fb10cf1a282f0.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-5174039d89c7d18d794fb10cf1a282f0.yaml
index ab1d47fdd1..7e692ddcb6 100644
--- a/nuclei-templates/cve-less/plugins/ays-popup-box-5174039d89c7d18d794fb10cf1a282f0.yaml
+++ b/nuclei-templates/cve-less/plugins/ays-popup-box-5174039d89c7d18d794fb10cf1a282f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Box <= 3.7.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Popup Box plugin is for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_html’ parameter in versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-popup-box/"
     google-query: inurl:"/wp-content/plugins/ays-popup-box/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ays-popup-box,medium
+  tags: cve,wordpress,wp-plugin,ays-popup-box,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-c5104058a36ba87cb65f65ec0059bc5e.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-c5104058a36ba87cb65f65ec0059bc5e.yaml
index 2c305b341e..1f631a5f3a 100644
--- a/nuclei-templates/cve-less/plugins/ays-popup-box-c5104058a36ba87cb65f65ec0059bc5e.yaml
+++ b/nuclei-templates/cve-less/plugins/ays-popup-box-c5104058a36ba87cb65f65ec0059bc5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup box <= 2.3.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ays-popup-box/"
     google-query: inurl:"/wp-content/plugins/ays-popup-box/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ays-popup-box,medium
+  tags: cve,wordpress,wp-plugin,ays-popup-box,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/azw-woocommerce-file-uploads-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/azw-woocommerce-file-uploads-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c16aed474e..a6544b037c 100644
--- a/nuclei-templates/cve-less/plugins/azw-woocommerce-file-uploads-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/azw-woocommerce-file-uploads-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/azw-woocommerce-file-uploads/"
     google-query: inurl:"/wp-content/plugins/azw-woocommerce-file-uploads/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,azw-woocommerce-file-uploads,medium
+  tags: cve,wordpress,wp-plugin,azw-woocommerce-file-uploads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ba-book-everything-e548c20619f1bf8ad1418368ebd16e42.yaml b/nuclei-templates/cve-less/plugins/ba-book-everything-e548c20619f1bf8ad1418368ebd16e42.yaml
index 15cf7cbaf1..408ab9e3f6 100644
--- a/nuclei-templates/cve-less/plugins/ba-book-everything-e548c20619f1bf8ad1418368ebd16e42.yaml
+++ b/nuclei-templates/cve-less/plugins/ba-book-everything-e548c20619f1bf8ad1418368ebd16e42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BA Book Everything Plugin < 1.3.25 - Cross-Site Scripting and Cross-Frame Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BA Book Everything plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘date_from’ and ‘date_to’ parameters in versions up to, and including, 1.3.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ba-book-everything/"
     google-query: inurl:"/wp-content/plugins/ba-book-everything/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ba-book-everything,medium
+  tags: cve,wordpress,wp-plugin,ba-book-everything,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/backup-and-restore-for-wp-90dcee7cddc408bda7d7da416498432f.yaml b/nuclei-templates/cve-less/plugins/backup-and-restore-for-wp-90dcee7cddc408bda7d7da416498432f.yaml
index c4a8a233a7..c255b25ce7 100644
--- a/nuclei-templates/cve-less/plugins/backup-and-restore-for-wp-90dcee7cddc408bda7d7da416498432f.yaml
+++ b/nuclei-templates/cve-less/plugins/backup-and-restore-for-wp-90dcee7cddc408bda7d7da416498432f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup and Restore plugin – WordPress <= 1.0.3 - Authenticated (Admin+) Arbitrary File Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Backup and Restore plugin – WordPress plugin for WordPress is vulnerable to Arbitrary File Deletion via the 'folder_name' parameter in versions up to, and including, 1.0.3. This is due to insufficient sanitization and validation of user-supplied input. This makes it possible for authenticated attackers with admin-level privileges to arbitrarily delete files on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup-and-restore-for-wp/"
     google-query: inurl:"/wp-content/plugins/backup-and-restore-for-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,backup-and-restore-for-wp,medium
+  tags: cve,wordpress,wp-plugin,backup-and-restore-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/backup-by-supsystic-d7479b175a0668ffbe5af726e8c140b2.yaml b/nuclei-templates/cve-less/plugins/backup-by-supsystic-d7479b175a0668ffbe5af726e8c140b2.yaml
index c4bb7bcdaa..fe43d4f353 100644
--- a/nuclei-templates/cve-less/plugins/backup-by-supsystic-d7479b175a0668ffbe5af726e8c140b2.yaml
+++ b/nuclei-templates/cve-less/plugins/backup-by-supsystic-d7479b175a0668ffbe5af726e8c140b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup by Supsystic <= 2.3.11 - Cross-Site Request Forgery to Arbitrary File Download/Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Backup by Supsystic plugin for WordPress is vulnerable to Arbitrary File Download and Deletion in versions up to, and including, 2.3.11. This is due to various path traversal attacks and missing CSRF checks. This makes it possible for authenticated Admin+ attackers to download and delete any file on the vulnerable server and also allows unauthenticated attackers to delete files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/backup-by-supsystic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,backup-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,backup-by-supsystic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/backup-e30a273c4e2ac5b93368dcb61feeb896.yaml b/nuclei-templates/cve-less/plugins/backup-e30a273c4e2ac5b93368dcb61feeb896.yaml
index 55560629dc..51b9bcbe06 100644
--- a/nuclei-templates/cve-less/plugins/backup-e30a273c4e2ac5b93368dcb61feeb896.yaml
+++ b/nuclei-templates/cve-less/plugins/backup-e30a273c4e2ac5b93368dcb61feeb896.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Backup and Migrate Plugin – Backup Guard < 1.0.3 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WordPress Backup and Migrate Plugin – Backup Guard plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the backup_guard_get_import_backup() function in versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup/"
     google-query: inurl:"/wp-content/plugins/backup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,backup,high
+  tags: cve,wordpress,wp-plugin,backup,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/backup-scheduler-2042c2ccb1432ca181653532b126746f.yaml b/nuclei-templates/cve-less/plugins/backup-scheduler-2042c2ccb1432ca181653532b126746f.yaml
index a67e8e4928..21a4a42d04 100644
--- a/nuclei-templates/cve-less/plugins/backup-scheduler-2042c2ccb1432ca181653532b126746f.yaml
+++ b/nuclei-templates/cve-less/plugins/backup-scheduler-2042c2ccb1432ca181653532b126746f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup Scheduler <= 1.5.13 - Missing Authorization to Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Backup Scheduler plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 1.5.13. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to download the logs of the plugin which can contain sensitive information, in addition to several other actions such as deleting and modifying back-ups.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/backup-scheduler/"
     google-query: inurl:"/wp-content/plugins/backup-scheduler/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,backup-scheduler,medium
+  tags: cve,wordpress,wp-plugin,backup-scheduler,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bangladeshi-payment-gateways-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/bangladeshi-payment-gateways-18966e8228314b8165d39d48519f43cc.yaml
index 2120aab2c9..6ad7321c06 100644
--- a/nuclei-templates/cve-less/plugins/bangladeshi-payment-gateways-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/bangladeshi-payment-gateways-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bangladeshi-payment-gateways/"
     google-query: inurl:"/wp-content/plugins/bangladeshi-payment-gateways/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bangladeshi-payment-gateways,medium
+  tags: cve,wordpress,wp-plugin,bangladeshi-payment-gateways,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/banner-management-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/banner-management-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e8d3c79542..ac4688c564 100644
--- a/nuclei-templates/cve-less/plugins/banner-management-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/banner-management-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/banner-management-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/banner-management-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,banner-management-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,banner-management-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/basepress-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/basepress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 70c1a92d73..fa92f9428c 100644
--- a/nuclei-templates/cve-less/plugins/basepress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/basepress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/basepress/"
     google-query: inurl:"/wp-content/plugins/basepress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,basepress,medium
+  tags: cve,wordpress,wp-plugin,basepress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bbp-members-only-de02ae500f9a57c33a0ee01cf27ee98f.yaml b/nuclei-templates/cve-less/plugins/bbp-members-only-de02ae500f9a57c33a0ee01cf27ee98f.yaml
index fd4e4e491c..df936daf59 100644
--- a/nuclei-templates/cve-less/plugins/bbp-members-only-de02ae500f9a57c33a0ee01cf27ee98f.yaml
+++ b/nuclei-templates/cve-less/plugins/bbp-members-only-de02ae500f9a57c33a0ee01cf27ee98f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     bbPress Members Only <= 1.2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The bbPress Members Only plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'Optional Settings' page. This makes it possible for unauthenticated attackers to gain access to otherwise restricted admin actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbp-members-only/"
     google-query: inurl:"/wp-content/plugins/bbp-members-only/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bbp-members-only,high
+  tags: cve,wordpress,wp-plugin,bbp-members-only,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bbpress-1f87f7a2adf09634e0df0bd21922373b.yaml b/nuclei-templates/cve-less/plugins/bbpress-1f87f7a2adf09634e0df0bd21922373b.yaml
index f1efc88c0e..c0ce5de20c 100644
--- a/nuclei-templates/cve-less/plugins/bbpress-1f87f7a2adf09634e0df0bd21922373b.yaml
+++ b/nuclei-templates/cve-less/plugins/bbpress-1f87f7a2adf09634e0df0bd21922373b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     bbPress <= 2.5.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The bbPress plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping on user profile fields. This makes it possible for unauthorized attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbpress/"
     google-query: inurl:"/wp-content/plugins/bbpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bbpress,medium
+  tags: cve,wordpress,wp-plugin,bbpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bbpress-50e1ba859aba6574e04bc19be7d2a72d.yaml b/nuclei-templates/cve-less/plugins/bbpress-50e1ba859aba6574e04bc19be7d2a72d.yaml
index e6c5f9a33c..01c9bf7523 100644
--- a/nuclei-templates/cve-less/plugins/bbpress-50e1ba859aba6574e04bc19be7d2a72d.yaml
+++ b/nuclei-templates/cve-less/plugins/bbpress-50e1ba859aba6574e04bc19be7d2a72d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     bbPress < 2.5.13 - Unauthenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The bbPress plugin for WordPress is vulnerable to blind SQL Injection via the ‘anonymous_data’ parameter in versions up to, and including, 2.5.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbpress/"
     google-query: inurl:"/wp-content/plugins/bbpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bbpress,high
+  tags: cve,wordpress,wp-plugin,bbpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bbpress-post-topics-e9ae76ec6425c2521c80399f801c780e.yaml b/nuclei-templates/cve-less/plugins/bbpress-post-topics-e9ae76ec6425c2521c80399f801c780e.yaml
index 318f0ea696..aa20cfc217 100644
--- a/nuclei-templates/cve-less/plugins/bbpress-post-topics-e9ae76ec6425c2521c80399f801c780e.yaml
+++ b/nuclei-templates/cve-less/plugins/bbpress-post-topics-e9ae76ec6425c2521c80399f801c780e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Comments as bbPress Topics <= 2.2.3 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Post Comments as bbPress Topics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various parameters, such as `bbpress_topic[display-extras][xcount]` in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with publishing capabilities, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbpress-post-topics/"
     google-query: inurl:"/wp-content/plugins/bbpress-post-topics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bbpress-post-topics,medium
+  tags: cve,wordpress,wp-plugin,bbpress-post-topics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bbresolutions-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bbresolutions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8b902583fc..f07ba2dd74 100644
--- a/nuclei-templates/cve-less/plugins/bbresolutions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bbresolutions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bbresolutions/"
     google-query: inurl:"/wp-content/plugins/bbresolutions/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bbresolutions,medium
+  tags: cve,wordpress,wp-plugin,bbresolutions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f34379c5d6..ce3f007314 100644
--- a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/"
     google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,medium
+  tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-811048b3ad2eacb5c29f4e0546b22dd5.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-811048b3ad2eacb5c29f4e0546b22dd5.yaml
index d8c03be775..32b4b6cefd 100644
--- a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-811048b3ad2eacb5c29f4e0546b22dd5.yaml
+++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-811048b3ad2eacb5c29f4e0546b22dd5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Beaver Builder – WordPress Page Builder (Free & Pro) <= 1.7 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.7 due to bypass in how the capability checking functionality works in the call_action() function. An attacker is able to supply '0' for the 'post_id' parameter which makes the check that a current user can edit the supplied post ID true. This makes it possible for authenticated attackers, with minimal permissions like a subscriber, to call any of the 40+ AJAX action available and perform many unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/beaver-builder-lite-version/"
     google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium
+  tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/before-and-after-product-images-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/before-and-after-product-images-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index dd90fe91ef..1d1c5b963a 100644
--- a/nuclei-templates/cve-less/plugins/before-and-after-product-images-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/before-and-after-product-images-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/before-and-after-product-images-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/before-and-after-product-images-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,before-and-after-product-images-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,before-and-after-product-images-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-click-to-tweet-d6f0e617de1a3c82f777a89829211e90.yaml b/nuclei-templates/cve-less/plugins/better-click-to-tweet-d6f0e617de1a3c82f777a89829211e90.yaml
index 9a51238134..9a5b623894 100644
--- a/nuclei-templates/cve-less/plugins/better-click-to-tweet-d6f0e617de1a3c82f777a89829211e90.yaml
+++ b/nuclei-templates/cve-less/plugins/better-click-to-tweet-d6f0e617de1a3c82f777a89829211e90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Click To Tweet <= 5.10.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Better Click To Tweet plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.10.3. This is due to missing or incorrect nonce validation on the welcome_page function. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-click-to-tweet/"
     google-query: inurl:"/wp-content/plugins/better-click-to-tweet/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-click-to-tweet,high
+  tags: cve,wordpress,wp-plugin,better-click-to-tweet,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/better-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a1bda3d93f..064d161ca4 100644
--- a/nuclei-templates/cve-less/plugins/better-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/better-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/better-elementor-addons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,better-elementor-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-font-awesome-1c7d78d4a78d0f2d3396fece72367d31.yaml b/nuclei-templates/cve-less/plugins/better-font-awesome-1c7d78d4a78d0f2d3396fece72367d31.yaml
index ea5f723f7f..bf97b687f3 100644
--- a/nuclei-templates/cve-less/plugins/better-font-awesome-1c7d78d4a78d0f2d3396fece72367d31.yaml
+++ b/nuclei-templates/cve-less/plugins/better-font-awesome-1c7d78d4a78d0f2d3396fece72367d31.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better Font Awesome <= 2.0.1 - Missing Authorization to Plugin Options Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Better Font Awesome plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_options function in versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-font-awesome/"
     google-query: inurl:"/wp-content/plugins/better-font-awesome/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-font-awesome,medium
+  tags: cve,wordpress,wp-plugin,better-font-awesome,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-messages-wc-vendors-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/better-messages-wc-vendors-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b8b03a73e5..b557a0c358 100644
--- a/nuclei-templates/cve-less/plugins/better-messages-wc-vendors-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/better-messages-wc-vendors-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-messages-wc-vendors-integration/"
     google-query: inurl:"/wp-content/plugins/better-messages-wc-vendors-integration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-messages-wc-vendors-integration,medium
+  tags: cve,wordpress,wp-plugin,better-messages-wc-vendors-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-messages-wcfm-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/better-messages-wcfm-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d11eb42e8f..a118ee3d11 100644
--- a/nuclei-templates/cve-less/plugins/better-messages-wcfm-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/better-messages-wcfm-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-messages-wcfm-integration/"
     google-query: inurl:"/wp-content/plugins/better-messages-wcfm-integration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-messages-wcfm-integration,medium
+  tags: cve,wordpress,wp-plugin,better-messages-wcfm-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-robots-txt-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/better-robots-txt-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 12b5dbb5a4..d683468979 100644
--- a/nuclei-templates/cve-less/plugins/better-robots-txt-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/better-robots-txt-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-robots-txt/"
     google-query: inurl:"/wp-content/plugins/better-robots-txt/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-robots-txt,medium
+  tags: cve,wordpress,wp-plugin,better-robots-txt,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-sharing-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/better-sharing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d1295fc8e9..0765a82dc5 100644
--- a/nuclei-templates/cve-less/plugins/better-sharing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/better-sharing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-sharing/"
     google-query: inurl:"/wp-content/plugins/better-sharing/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-sharing,medium
+  tags: cve,wordpress,wp-plugin,better-sharing,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-wp-security-607c512f0481cf565f88f66597dbe101.yaml b/nuclei-templates/cve-less/plugins/better-wp-security-607c512f0481cf565f88f66597dbe101.yaml
index e9dfaf9212..ab71b20fb5 100644
--- a/nuclei-templates/cve-less/plugins/better-wp-security-607c512f0481cf565f88f66597dbe101.yaml
+++ b/nuclei-templates/cve-less/plugins/better-wp-security-607c512f0481cf565f88f66597dbe101.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iThemes Security <= 4.6.12 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The iThemes Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 4.6.12 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-wp-security/"
     google-query: inurl:"/wp-content/plugins/better-wp-security/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-wp-security,medium
+  tags: cve,wordpress,wp-plugin,better-wp-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-wp-security-98d2f4e2c6a41f3ef336107b39e46630.yaml b/nuclei-templates/cve-less/plugins/better-wp-security-98d2f4e2c6a41f3ef336107b39e46630.yaml
index fd8a86bb06..04b2e571af 100644
--- a/nuclei-templates/cve-less/plugins/better-wp-security-98d2f4e2c6a41f3ef336107b39e46630.yaml
+++ b/nuclei-templates/cve-less/plugins/better-wp-security-98d2f4e2c6a41f3ef336107b39e46630.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Better WP Security <= 3.6.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Better WP Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘license’ parameter in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-wp-security/"
     google-query: inurl:"/wp-content/plugins/better-wp-security/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-wp-security,medium
+  tags: cve,wordpress,wp-plugin,better-wp-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-wp-security-bc0054c93edc82fecefb873208e2d77c.yaml b/nuclei-templates/cve-less/plugins/better-wp-security-bc0054c93edc82fecefb873208e2d77c.yaml
index 54f97d66f0..2187f272a8 100644
--- a/nuclei-templates/cve-less/plugins/better-wp-security-bc0054c93edc82fecefb873208e2d77c.yaml
+++ b/nuclei-templates/cve-less/plugins/better-wp-security-bc0054c93edc82fecefb873208e2d77c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iThemes Security <= 5.6.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The iThemes Security for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/better-wp-security/"
     google-query: inurl:"/wp-content/plugins/better-wp-security/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-wp-security,medium
+  tags: cve,wordpress,wp-plugin,better-wp-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/better-wp-security-ed72aeba76ce6c9e43fa074b4806ae70.yaml b/nuclei-templates/cve-less/plugins/better-wp-security-ed72aeba76ce6c9e43fa074b4806ae70.yaml
index 774160aef6..22da211931 100644
--- a/nuclei-templates/cve-less/plugins/better-wp-security-ed72aeba76ce6c9e43fa074b4806ae70.yaml
+++ b/nuclei-templates/cve-less/plugins/better-wp-security-ed72aeba76ce6c9e43fa074b4806ae70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iThemes Security < 3.4.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The iThemes Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/better-wp-security/"
     google-query: inurl:"/wp-content/plugins/better-wp-security/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,better-wp-security,medium
+  tags: cve,wordpress,wp-plugin,better-wp-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bigbluebutton-c390ab25927b32a9c95c398ffd819321.yaml b/nuclei-templates/cve-less/plugins/bigbluebutton-c390ab25927b32a9c95c398ffd819321.yaml
index 0d7af6f13d..4e3760666d 100644
--- a/nuclei-templates/cve-less/plugins/bigbluebutton-c390ab25927b32a9c95c398ffd819321.yaml
+++ b/nuclei-templates/cve-less/plugins/bigbluebutton-c390ab25927b32a9c95c398ffd819321.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BigBlueButton <= 3.0.0-beta.4 - Authenticated (Author+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author privileges or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bigbluebutton/"
     google-query: inurl:"/wp-content/plugins/bigbluebutton/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bigbluebutton,medium
+  tags: cve,wordpress,wp-plugin,bigbluebutton,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bigcontact-61a7db517f3679fdc65455e830f0b650.yaml b/nuclei-templates/cve-less/plugins/bigcontact-61a7db517f3679fdc65455e830f0b650.yaml
index d72d4a590e..7338cb9a99 100644
--- a/nuclei-templates/cve-less/plugins/bigcontact-61a7db517f3679fdc65455e830f0b650.yaml
+++ b/nuclei-templates/cve-less/plugins/bigcontact-61a7db517f3679fdc65455e830f0b650.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BigContact Contact Page < 1.4.7 - Authenticated SQL Injection
   author: topscoder
-  severity: critical
+  severity: low
   description: >
     The BigContact Contact Page plugin for WordPress is vulnerable to SQL Injection via several parameters in versions before 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bigcontact/"
     google-query: inurl:"/wp-content/plugins/bigcontact/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bigcontact,critical
+  tags: cve,wordpress,wp-plugin,bigcontact,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/blobinator-2817b00f145ff05ea405982ca6e4d8ab.yaml b/nuclei-templates/cve-less/plugins/blobinator-2817b00f145ff05ea405982ca6e4d8ab.yaml
index e6d2e84fdd..c4b651ee09 100644
--- a/nuclei-templates/cve-less/plugins/blobinator-2817b00f145ff05ea405982ca6e4d8ab.yaml
+++ b/nuclei-templates/cve-less/plugins/blobinator-2817b00f145ff05ea405982ca6e4d8ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KONTXT Content Advisor <= 2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The KONTXT Content Advisor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the blobinator_process_text function. This makes it possible for unauthenticated attackers to edit posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blobinator/"
     google-query: inurl:"/wp-content/plugins/blobinator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,blobinator,high
+  tags: cve,wordpress,wp-plugin,blobinator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/block-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/block-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 767511b622..0c65982a83 100644
--- a/nuclei-templates/cve-less/plugins/block-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/block-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/block-slider/"
     google-query: inurl:"/wp-content/plugins/block-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,block-slider,medium
+  tags: cve,wordpress,wp-plugin,block-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/block-styler-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/block-styler-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 856b538a14..fb8bd2c349 100644
--- a/nuclei-templates/cve-less/plugins/block-styler-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/block-styler-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/block-styler-for-gravity-forms/"
     google-query: inurl:"/wp-content/plugins/block-styler-for-gravity-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,block-styler-for-gravity-forms,medium
+  tags: cve,wordpress,wp-plugin,block-styler-for-gravity-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/block-wp-login-c30d74ab3c1dc1a9e7b14ed816c12f35.yaml b/nuclei-templates/cve-less/plugins/block-wp-login-c30d74ab3c1dc1a9e7b14ed816c12f35.yaml
index 752ab02272..132edd8068 100644
--- a/nuclei-templates/cve-less/plugins/block-wp-login-c30d74ab3c1dc1a9e7b14ed816c12f35.yaml
+++ b/nuclei-templates/cve-less/plugins/block-wp-login-c30d74ab3c1dc1a9e7b14ed816c12f35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Block WP Login <= 1.3.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Block WP Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the 'bwpl_configure_slug()' function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/block-wp-login/"
     google-query: inurl:"/wp-content/plugins/block-wp-login/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,block-wp-login,high
+  tags: cve,wordpress,wp-plugin,block-wp-login,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/blocked-in-china-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/blocked-in-china-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 99befa0e9a..e57a0aa6d5 100644
--- a/nuclei-templates/cve-less/plugins/blocked-in-china-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/blocked-in-china-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blocked-in-china/"
     google-query: inurl:"/wp-content/plugins/blocked-in-china/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,blocked-in-china,medium
+  tags: cve,wordpress,wp-plugin,blocked-in-china,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/blockmeister-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/blockmeister-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1f37d01417..26fdb6ab64 100644
--- a/nuclei-templates/cve-less/plugins/blockmeister-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/blockmeister-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blockmeister/"
     google-query: inurl:"/wp-content/plugins/blockmeister/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,blockmeister,medium
+  tags: cve,wordpress,wp-plugin,blockmeister,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/blockspare-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/blockspare-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index eb9c1c539d..eadf604445 100644
--- a/nuclei-templates/cve-less/plugins/blockspare-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/blockspare-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blockspare/"
     google-query: inurl:"/wp-content/plugins/blockspare/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,blockspare,medium
+  tags: cve,wordpress,wp-plugin,blockspare,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/blocksy-companion-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/blocksy-companion-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0933f5c9a6..03e33496ff 100644
--- a/nuclei-templates/cve-less/plugins/blocksy-companion-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/blocksy-companion-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blocksy-companion/"
     google-query: inurl:"/wp-content/plugins/blocksy-companion/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,blocksy-companion,medium
+  tags: cve,wordpress,wp-plugin,blocksy-companion,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/blockypage-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/blockypage-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0728281652..cf3954361a 100644
--- a/nuclei-templates/cve-less/plugins/blockypage-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/blockypage-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blockypage/"
     google-query: inurl:"/wp-content/plugins/blockypage/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,blockypage,medium
+  tags: cve,wordpress,wp-plugin,blockypage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/blog-designer-pack-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/blog-designer-pack-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 717e0ffa73..eba8560067 100644
--- a/nuclei-templates/cve-less/plugins/blog-designer-pack-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/blog-designer-pack-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog-designer-pack/"
     google-query: inurl:"/wp-content/plugins/blog-designer-pack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,blog-designer-pack,medium
+  tags: cve,wordpress,wp-plugin,blog-designer-pack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/blog-sidebar-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/blog-sidebar-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2c33eab609..970655abaa 100644
--- a/nuclei-templates/cve-less/plugins/blog-sidebar-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/blog-sidebar-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blog-sidebar-widget/"
     google-query: inurl:"/wp-content/plugins/blog-sidebar-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,blog-sidebar-widget,medium
+  tags: cve,wordpress,wp-plugin,blog-sidebar-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/blogvault-real-time-backup-81a6f5ecaf1c598cd2e1db2f58c01ff9.yaml b/nuclei-templates/cve-less/plugins/blogvault-real-time-backup-81a6f5ecaf1c598cd2e1db2f58c01ff9.yaml
index 4b4d9f2f3e..9ddb3735db 100644
--- a/nuclei-templates/cve-less/plugins/blogvault-real-time-backup-81a6f5ecaf1c598cd2e1db2f58c01ff9.yaml
+++ b/nuclei-templates/cve-less/plugins/blogvault-real-time-backup-81a6f5ecaf1c598cd2e1db2f58c01ff9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BlogVault WordPress Backup Plugin 1.40 - 1.44 - Unauthenticated PHP Object Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The BlogVault WordPress Backup Plugin for WordPress is vulnerable to PHP Object Injection in versions 1.40 - 1.44 via deserialization of untrusted input in the vulnerable function processApiRequest. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/blogvault-real-time-backup/"
     google-query: inurl:"/wp-content/plugins/blogvault-real-time-backup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,blogvault-real-time-backup,high
+  tags: cve,wordpress,wp-plugin,blogvault-real-time-backup,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bng-gateway-for-woocommerce-9c98e07f9de6c1ac362dea3f4f9b98af.yaml b/nuclei-templates/cve-less/plugins/bng-gateway-for-woocommerce-9c98e07f9de6c1ac362dea3f4f9b98af.yaml
index 84e540b011..35b4e515ca 100644
--- a/nuclei-templates/cve-less/plugins/bng-gateway-for-woocommerce-9c98e07f9de6c1ac362dea3f4f9b98af.yaml
+++ b/nuclei-templates/cve-less/plugins/bng-gateway-for-woocommerce-9c98e07f9de6c1ac362dea3f4f9b98af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BNG Gateway For WooCommerce <= 1.6.10 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The BNG Gateway For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.10. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to add, edit, and delete payment methods via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bng-gateway-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/bng-gateway-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bng-gateway-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,bng-gateway-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bo-wc-customer-review-watson-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bo-wc-customer-review-watson-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8640ca7360..47f6226a9e 100644
--- a/nuclei-templates/cve-less/plugins/bo-wc-customer-review-watson-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bo-wc-customer-review-watson-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bo-wc-customer-review-watson/"
     google-query: inurl:"/wp-content/plugins/bo-wc-customer-review-watson/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bo-wc-customer-review-watson,medium
+  tags: cve,wordpress,wp-plugin,bo-wc-customer-review-watson,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/boilerplate-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/boilerplate-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index db7d0aa6f4..d857f52e63 100644
--- a/nuclei-templates/cve-less/plugins/boilerplate-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/boilerplate-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/boilerplate-extension/"
     google-query: inurl:"/wp-content/plugins/boilerplate-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,boilerplate-extension,high
+  tags: cve,wordpress,wp-plugin,boilerplate-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bonuspressx-fa751f89fc374e558e8d01ea059343f2.yaml b/nuclei-templates/cve-less/plugins/bonuspressx-fa751f89fc374e558e8d01ea059343f2.yaml
index 8f412ece2c..0a73adf195 100644
--- a/nuclei-templates/cve-less/plugins/bonuspressx-fa751f89fc374e558e8d01ea059343f2.yaml
+++ b/nuclei-templates/cve-less/plugins/bonuspressx-fa751f89fc374e558e8d01ea059343f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bonuspressx (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bonuspressx plugin for WordPress is vulnerable to Cross-Site Scripting via the 'n' parameter in the 'ar_submit.php' file due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bonuspressx/"
     google-query: inurl:"/wp-content/plugins/bonuspressx/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bonuspressx,medium
+  tags: cve,wordpress,wp-plugin,bonuspressx,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/book-buyback-prices-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/book-buyback-prices-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 77e6a98259..31381a72b8 100644
--- a/nuclei-templates/cve-less/plugins/book-buyback-prices-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/book-buyback-prices-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/book-buyback-prices/"
     google-query: inurl:"/wp-content/plugins/book-buyback-prices/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,book-buyback-prices,medium
+  tags: cve,wordpress,wp-plugin,book-buyback-prices,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/book-press-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/book-press-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b33eb96cb0..9d3e5320f1 100644
--- a/nuclei-templates/cve-less/plugins/book-press-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/book-press-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/book-press/"
     google-query: inurl:"/wp-content/plugins/book-press/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,book-press,medium
+  tags: cve,wordpress,wp-plugin,book-press,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/booking-279486597ac6d210058519567f6297ca.yaml b/nuclei-templates/cve-less/plugins/booking-279486597ac6d210058519567f6297ca.yaml
index 2c0af209dd..c23a218823 100644
--- a/nuclei-templates/cve-less/plugins/booking-279486597ac6d210058519567f6297ca.yaml
+++ b/nuclei-templates/cve-less/plugins/booking-279486597ac6d210058519567f6297ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Calendar <= 6.2 - Cross-Site Request Forgery to SQL Injection
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booking Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on the wpdev_get_args_from_request_in_bk_listing function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking/"
     google-query: inurl:"/wp-content/plugins/booking/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,booking,high
+  tags: cve,wordpress,wp-plugin,booking,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/booking-2f651d26ae436687bdff9a8abab4a173.yaml b/nuclei-templates/cve-less/plugins/booking-2f651d26ae436687bdff9a8abab4a173.yaml
index b123f1cd30..5204d30402 100644
--- a/nuclei-templates/cve-less/plugins/booking-2f651d26ae436687bdff9a8abab4a173.yaml
+++ b/nuclei-templates/cve-less/plugins/booking-2f651d26ae436687bdff9a8abab4a173.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Calendar <= 6.2 - Cross-Site Request Forgery leading to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booking Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.2. This is due to missing or incorrect nonce validation in the plugin's Import tab. This makes it possible for unauthenticated attackers to to inject arbitrary web scripts that execute in a victim's browser via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking/"
     google-query: inurl:"/wp-content/plugins/booking/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,booking,high
+  tags: cve,wordpress,wp-plugin,booking,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/booking-6a265db2a9121f4da4875337b8e6751f.yaml b/nuclei-templates/cve-less/plugins/booking-6a265db2a9121f4da4875337b8e6751f.yaml
index e96da30b4f..6fe299d626 100644
--- a/nuclei-templates/cve-less/plugins/booking-6a265db2a9121f4da4875337b8e6751f.yaml
+++ b/nuclei-templates/cve-less/plugins/booking-6a265db2a9121f4da4875337b8e6751f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Calendar <= 6.2 - Authenticated (Editor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Booking Calendar plugin for WordPress is vulnerable to generic SQL Injection via the booking ID field in versions up to, and including, 6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for Editor-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking/"
     google-query: inurl:"/wp-content/plugins/booking/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,booking,high
+  tags: cve,wordpress,wp-plugin,booking,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-88138db1d1aea177c6151b845da287ff.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-88138db1d1aea177c6151b845da287ff.yaml
index 9a2cf726be..e343927991 100644
--- a/nuclei-templates/cve-less/plugins/booking-calendar-88138db1d1aea177c6151b845da287ff.yaml
+++ b/nuclei-templates/cve-less/plugins/booking-calendar-88138db1d1aea177c6151b845da287ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Calendar WpDevArt <= 3.2.11 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to SQL Injection via the '$email_address' variable in all versions up to, and including, 3.2.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-calendar/"
     google-query: inurl:"/wp-content/plugins/booking-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,booking-calendar,high
+  tags: cve,wordpress,wp-plugin,booking-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-88cc9361682247d3851fe23cf11de139.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-88cc9361682247d3851fe23cf11de139.yaml
index 7c352b6e73..7781539348 100644
--- a/nuclei-templates/cve-less/plugins/booking-calendar-88cc9361682247d3851fe23cf11de139.yaml
+++ b/nuclei-templates/cve-less/plugins/booking-calendar-88cc9361682247d3851fe23cf11de139.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking calendar, Appointment Booking System <= 3.2.8 - Multiple Authenticated(Editor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Booking calendar plugin for WordPress is vulnerable to SQL Injection via the search functionality on multiple administrative pages in versions up to, and including, 3.2.8 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with Editor privileges and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that the Pro version of the plugin allows administrators to grant access to the plugin's Administrative pages to any user role, so other roles may be able to exploit the vulnerability if they have been granted access.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-calendar/"
     google-query: inurl:"/wp-content/plugins/booking-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,booking-calendar,high
+  tags: cve,wordpress,wp-plugin,booking-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-ce69ee3276348a391868ff2589e7f8b7.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-ce69ee3276348a391868ff2589e7f8b7.yaml
index 2503492c4f..0a1cf92b50 100644
--- a/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-ce69ee3276348a391868ff2589e7f8b7.yaml
+++ b/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-ce69ee3276348a391868ff2589e7f8b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booking Calendar Contact Form <= 1.0.23 - Shortcode SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Booking Calendar Contact Form plugin for WordPress is vulnerable to SQL Injection via the ‘calendar’ atrribute in versions up to, and including, 1.0.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-calendar-contact-form/"
     google-query: inurl:"/wp-content/plugins/booking-calendar-contact-form/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,booking-calendar-contact-form,high
+  tags: cve,wordpress,wp-plugin,booking-calendar-contact-form,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/booking-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/booking-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a3943e5584..550a10dfc0 100644
--- a/nuclei-templates/cve-less/plugins/booking-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/booking-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booking-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booking-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,booking-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booking-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-8e84c6d55a38a50c9e90b28855791a03.yaml b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-8e84c6d55a38a50c9e90b28855791a03.yaml
index ffbc2a037f..a1a9806e1f 100644
--- a/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-8e84c6d55a38a50c9e90b28855791a03.yaml
+++ b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-8e84c6d55a38a50c9e90b28855791a03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BookingPress – Appointments Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.13 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The BookingPress – Appointments Booking Calendar Plugin and Online Scheduling Plugin for WordPress is vulnerable to SQL Injection via many parameters in versions up to, and including, 1.0.13.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookingpress-appointment-booking/"
     google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,medium
+  tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bookit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bookit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 85b5752e91..bf41488513 100644
--- a/nuclei-templates/cve-less/plugins/bookit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bookit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookit/"
     google-query: inurl:"/wp-content/plugins/bookit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bookit,medium
+  tags: cve,wordpress,wp-plugin,bookit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bookshelf-6ab8d1e005858a4b8a6347eda74e7ac7.yaml b/nuclei-templates/cve-less/plugins/bookshelf-6ab8d1e005858a4b8a6347eda74e7ac7.yaml
index 9ded31b0d4..41f0eb253b 100644
--- a/nuclei-templates/cve-less/plugins/bookshelf-6ab8d1e005858a4b8a6347eda74e7ac7.yaml
+++ b/nuclei-templates/cve-less/plugins/bookshelf-6ab8d1e005858a4b8a6347eda74e7ac7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bookshelf <= 2.0.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bookshelf plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the swfupload.swf file in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bookshelf/"
     google-query: inurl:"/wp-content/plugins/bookshelf/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bookshelf,medium
+  tags: cve,wordpress,wp-plugin,bookshelf,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-f91c2602522656e11d82af368c387634.yaml b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-f91c2602522656e11d82af368c387634.yaml
index a72c559148..f16a5b2ba5 100644
--- a/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-f91c2602522656e11d82af368c387634.yaml
+++ b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-f91c2602522656e11d82af368c387634.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce (Free <= 5.6.2 and Premium <= 5.6.0) - Authenticated (Subscriber+) Order Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to order modification due to a missing capability/authorization check in versions up to, and including, 5.6.2 (free) or 5.6.0 (premium). This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify their own orders, which includes the ability to mark them as paid.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/boostify-header-footer-builder-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/boostify-header-footer-builder-18966e8228314b8165d39d48519f43cc.yaml
index eb12acc9ed..de6f1b82d2 100644
--- a/nuclei-templates/cve-less/plugins/boostify-header-footer-builder-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/boostify-header-footer-builder-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/boostify-header-footer-builder/"
     google-query: inurl:"/wp-content/plugins/boostify-header-footer-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,boostify-header-footer-builder,medium
+  tags: cve,wordpress,wp-plugin,boostify-header-footer-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bp-better-messages-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bp-better-messages-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 87669de187..114a9c319c 100644
--- a/nuclei-templates/cve-less/plugins/bp-better-messages-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bp-better-messages-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-better-messages/"
     google-query: inurl:"/wp-content/plugins/bp-better-messages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bp-better-messages,medium
+  tags: cve,wordpress,wp-plugin,bp-better-messages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bp-group-documents-2954406cfff461fdbbd41cca0f0b5dbf.yaml b/nuclei-templates/cve-less/plugins/bp-group-documents-2954406cfff461fdbbd41cca0f0b5dbf.yaml
index c6c3c0c5da..00e25ca81f 100644
--- a/nuclei-templates/cve-less/plugins/bp-group-documents-2954406cfff461fdbbd41cca0f0b5dbf.yaml
+++ b/nuclei-templates/cve-less/plugins/bp-group-documents-2954406cfff461fdbbd41cca0f0b5dbf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BP Group Documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display name' and 'Description' fields in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-group-documents/"
     google-query: inurl:"/wp-content/plugins/bp-group-documents/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bp-group-documents,medium
+  tags: cve,wordpress,wp-plugin,bp-group-documents,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bp-group-documents-37fef8959e103795e5217ab4860bd85a.yaml b/nuclei-templates/cve-less/plugins/bp-group-documents-37fef8959e103795e5217ab4860bd85a.yaml
index a575879f53..2f747f2b4f 100644
--- a/nuclei-templates/cve-less/plugins/bp-group-documents-37fef8959e103795e5217ab4860bd85a.yaml
+++ b/nuclei-templates/cve-less/plugins/bp-group-documents-37fef8959e103795e5217ab4860bd85a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BP Group Documents <= 1.2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The BP Group Documents plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to modify any group document's name and description; the fields are also susceptible to XSS, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-group-documents/"
     google-query: inurl:"/wp-content/plugins/bp-group-documents/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bp-group-documents,high
+  tags: cve,wordpress,wp-plugin,bp-group-documents,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bp-group-documents-3a30cbb34610b918136a671069241bbf.yaml b/nuclei-templates/cve-less/plugins/bp-group-documents-3a30cbb34610b918136a671069241bbf.yaml
index f4cc132de2..14244f9b6c 100644
--- a/nuclei-templates/cve-less/plugins/bp-group-documents-3a30cbb34610b918136a671069241bbf.yaml
+++ b/nuclei-templates/cve-less/plugins/bp-group-documents-3a30cbb34610b918136a671069241bbf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BP Group Documents <= 1.2 -  Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BP Group Documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated Admin+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-group-documents/"
     google-query: inurl:"/wp-content/plugins/bp-group-documents/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bp-group-documents,medium
+  tags: cve,wordpress,wp-plugin,bp-group-documents,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bp-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bp-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3bcf2c687a..697c4c51bd 100644
--- a/nuclei-templates/cve-less/plugins/bp-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bp-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bp-toolkit/"
     google-query: inurl:"/wp-content/plugins/bp-toolkit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bp-toolkit,medium
+  tags: cve,wordpress,wp-plugin,bp-toolkit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bpcustomerio-25ee6eba4f05265a07353f4c20de2e87.yaml b/nuclei-templates/cve-less/plugins/bpcustomerio-25ee6eba4f05265a07353f4c20de2e87.yaml
index 5715702fee..4b71ea7b41 100644
--- a/nuclei-templates/cve-less/plugins/bpcustomerio-25ee6eba4f05265a07353f4c20de2e87.yaml
+++ b/nuclei-templates/cve-less/plugins/bpcustomerio-25ee6eba4f05265a07353f4c20de2e87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress Customer.io Analytics Integration <= 1.1.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The BuddyPress Customer.io Analytics Integration pluginfor WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to change plugin settings and perform other administrator-level actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bpcustomerio/"
     google-query: inurl:"/wp-content/plugins/bpcustomerio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bpcustomerio,high
+  tags: cve,wordpress,wp-plugin,bpcustomerio,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/branda-white-labeling-5394ed5bbbdcf7b65cff8921a9a68e7e.yaml b/nuclei-templates/cve-less/plugins/branda-white-labeling-5394ed5bbbdcf7b65cff8921a9a68e7e.yaml
index 40ae34dfe7..1b9abbd7b0 100644
--- a/nuclei-templates/cve-less/plugins/branda-white-labeling-5394ed5bbbdcf7b65cff8921a9a68e7e.yaml
+++ b/nuclei-templates/cve-less/plugins/branda-white-labeling-5394ed5bbbdcf7b65cff8921a9a68e7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Branda – White Label WordPress <= 3.4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Branda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.4.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/branda-white-labeling/"
     google-query: inurl:"/wp-content/plugins/branda-white-labeling/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,branda-white-labeling,medium
+  tags: cve,wordpress,wp-plugin,branda-white-labeling,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/breezing-forms-f47477188afe1a9a9b869f9c5c6fafbb.yaml b/nuclei-templates/cve-less/plugins/breezing-forms-f47477188afe1a9a9b869f9c5c6fafbb.yaml
index 7cf751126e..238be3a9ec 100644
--- a/nuclei-templates/cve-less/plugins/breezing-forms-f47477188afe1a9a9b869f9c5c6fafbb.yaml
+++ b/nuclei-templates/cve-less/plugins/breezing-forms-f47477188afe1a9a9b869f9c5c6fafbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Breezing Forms <= 1.2.7.30 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Breezing Forms plugin for WordPress is vulnerable to generic SQL Injection via the ‘page’ parameter in versions up to, and including, 1.2.7.30 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/breezing-forms/"
     google-query: inurl:"/wp-content/plugins/breezing-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,breezing-forms,high
+  tags: cve,wordpress,wp-plugin,breezing-forms,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/brizy-2ea9b11139987a1bb9095ad4e4be45bc.yaml b/nuclei-templates/cve-less/plugins/brizy-2ea9b11139987a1bb9095ad4e4be45bc.yaml
index 9a62b5aef4..9bcdb899c0 100644
--- a/nuclei-templates/cve-less/plugins/brizy-2ea9b11139987a1bb9095ad4e4be45bc.yaml
+++ b/nuclei-templates/cve-less/plugins/brizy-2ea9b11139987a1bb9095ad4e4be45bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brizy - Page Builder < 1.0.114 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Brizy - Page Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check and direct file access to /brizy/admin/site-settings.php in versions up to 1.0.114. This makes it possible for unauthenticated attackers to access the settings page and make modifications to the site's settings. This could be used to inject XSS.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/brizy/"
     google-query: inurl:"/wp-content/plugins/brizy/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,brizy,medium
+  tags: cve,wordpress,wp-plugin,brizy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/browser-and-operating-system-finder-48dead1c8e1154d67ccc9e390d285269.yaml b/nuclei-templates/cve-less/plugins/browser-and-operating-system-finder-48dead1c8e1154d67ccc9e390d285269.yaml
index daa45f839a..24579c2fc7 100644
--- a/nuclei-templates/cve-less/plugins/browser-and-operating-system-finder-48dead1c8e1154d67ccc9e390d285269.yaml
+++ b/nuclei-templates/cve-less/plugins/browser-and-operating-system-finder-48dead1c8e1154d67ccc9e390d285269.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Browser and Operating System Finder <= 1.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Browser and Operating System Finder plugin for WordPress is missing authorization checks on functionality that resets the plugin's settings in versions up to, and including 1.2. This makes it possible for unauthenticated attackers to reset the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/browser-and-operating-system-finder/"
     google-query: inurl:"/wp-content/plugins/browser-and-operating-system-finder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,browser-and-operating-system-finder,medium
+  tags: cve,wordpress,wp-plugin,browser-and-operating-system-finder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bsk-pdf-manager-f85f5bca86f0fe8e61b822a458c1b11f.yaml b/nuclei-templates/cve-less/plugins/bsk-pdf-manager-f85f5bca86f0fe8e61b822a458c1b11f.yaml
index 4ac622ac3c..8e83aeb2cd 100644
--- a/nuclei-templates/cve-less/plugins/bsk-pdf-manager-f85f5bca86f0fe8e61b822a458c1b11f.yaml
+++ b/nuclei-templates/cve-less/plugins/bsk-pdf-manager-f85f5bca86f0fe8e61b822a458c1b11f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BSK PDF Manager 1.3 - 2.9 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cat_title’ parameter from versions 1.3 to 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bsk-pdf-manager/"
     google-query: inurl:"/wp-content/plugins/bsk-pdf-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bsk-pdf-manager,medium
+  tags: cve,wordpress,wp-plugin,bsk-pdf-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddyboss-platform-122921564a68def720b196881ac65cfb.yaml b/nuclei-templates/cve-less/plugins/buddyboss-platform-122921564a68def720b196881ac65cfb.yaml
index 37574b2c3e..acd6e16487 100644
--- a/nuclei-templates/cve-less/plugins/buddyboss-platform-122921564a68def720b196881ac65cfb.yaml
+++ b/nuclei-templates/cve-less/plugins/buddyboss-platform-122921564a68def720b196881ac65cfb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Buddyboss Platform <= 1.7.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Buddyboss Platform plugin for WordPress is vulnerable to SQL Injection via the BP_Notifications_Notification::get_order_by_sql() and BP_Invitation::get_order_by_sql() functions in versions up to, and including, 1.7.8 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for subscriber-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyboss-platform/"
     google-query: inurl:"/wp-content/plugins/buddyboss-platform/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddyboss-platform,high
+  tags: cve,wordpress,wp-plugin,buddyboss-platform,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddyforms-4f1bcfb6c80585124e17859286f212d2.yaml b/nuclei-templates/cve-less/plugins/buddyforms-4f1bcfb6c80585124e17859286f212d2.yaml
index 31de24a156..ff528f2278 100644
--- a/nuclei-templates/cve-less/plugins/buddyforms-4f1bcfb6c80585124e17859286f212d2.yaml
+++ b/nuclei-templates/cve-less/plugins/buddyforms-4f1bcfb6c80585124e17859286f212d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.6.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyforms/"
     google-query: inurl:"/wp-content/plugins/buddyforms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddyforms,medium
+  tags: cve,wordpress,wp-plugin,buddyforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddyforms-acf-6f39f76c23209b8f553defb1d25caa0d.yaml b/nuclei-templates/cve-less/plugins/buddyforms-acf-6f39f76c23209b8f553defb1d25caa0d.yaml
index 9ce8c611fe..6ce09d5ddd 100644
--- a/nuclei-templates/cve-less/plugins/buddyforms-acf-6f39f76c23209b8f553defb1d25caa0d.yaml
+++ b/nuclei-templates/cve-less/plugins/buddyforms-acf-6f39f76c23209b8f553defb1d25caa0d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyForms ACF <= 1.3.8 - Authenticated (Contributor+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BuddyForms ACF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyforms-acf/"
     google-query: inurl:"/wp-content/plugins/buddyforms-acf/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddyforms-acf,medium
+  tags: cve,wordpress,wp-plugin,buddyforms-acf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddyforms-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/buddyforms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 01c2517b6f..ac51ec0d2e 100644
--- a/nuclei-templates/cve-less/plugins/buddyforms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/buddyforms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyforms/"
     google-query: inurl:"/wp-content/plugins/buddyforms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddyforms,medium
+  tags: cve,wordpress,wp-plugin,buddyforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddyforms-hook-fields-cff8c4e5924684eb6753231ae69511fb.yaml b/nuclei-templates/cve-less/plugins/buddyforms-hook-fields-cff8c4e5924684eb6753231ae69511fb.yaml
index ed64c319d8..b42edfcccd 100644
--- a/nuclei-templates/cve-less/plugins/buddyforms-hook-fields-cff8c4e5924684eb6753231ae69511fb.yaml
+++ b/nuclei-templates/cve-less/plugins/buddyforms-hook-fields-cff8c4e5924684eb6753231ae69511fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyForms Hook Fields <= 1.3.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The plugin BuddyForms Hook Fields for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyforms-hook-fields/"
     google-query: inurl:"/wp-content/plugins/buddyforms-hook-fields/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddyforms-hook-fields,medium
+  tags: cve,wordpress,wp-plugin,buddyforms-hook-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddyforms-members-aa1e46c69c06ec911dde69a16f67cb87.yaml b/nuclei-templates/cve-less/plugins/buddyforms-members-aa1e46c69c06ec911dde69a16f67cb87.yaml
index d7721dd7c8..7f5c3397ff 100644
--- a/nuclei-templates/cve-less/plugins/buddyforms-members-aa1e46c69c06ec911dde69a16f67cb87.yaml
+++ b/nuclei-templates/cve-less/plugins/buddyforms-members-aa1e46c69c06ec911dde69a16f67cb87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyForms Members <= 1.4.21 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The plugin BuddyForms Members is vulnerable to Cross-Site Scripting via various parameters in versions up to, and including, 1.4.21 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyforms-members/"
     google-query: inurl:"/wp-content/plugins/buddyforms-members/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddyforms-members,medium
+  tags: cve,wordpress,wp-plugin,buddyforms-members,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddyforms-review-3d4fe5743b4cfd3fb11de9a33d55f7f3.yaml b/nuclei-templates/cve-less/plugins/buddyforms-review-3d4fe5743b4cfd3fb11de9a33d55f7f3.yaml
index a15ef814e0..baafbb40b6 100644
--- a/nuclei-templates/cve-less/plugins/buddyforms-review-3d4fe5743b4cfd3fb11de9a33d55f7f3.yaml
+++ b/nuclei-templates/cve-less/plugins/buddyforms-review-3d4fe5743b4cfd3fb11de9a33d55f7f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyForms Moderation <= 1.4.16 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BuddyForms Moderation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buddyforms_moderators' parameter in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to edit BuddyForms to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddyforms-review/"
     google-query: inurl:"/wp-content/plugins/buddyforms-review/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddyforms-review,medium
+  tags: cve,wordpress,wp-plugin,buddyforms-review,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddypress-533ee8fa484df21d792f06431e1c5c50.yaml b/nuclei-templates/cve-less/plugins/buddypress-533ee8fa484df21d792f06431e1c5c50.yaml
index 6dac42594c..8ad521adca 100644
--- a/nuclei-templates/cve-less/plugins/buddypress-533ee8fa484df21d792f06431e1c5c50.yaml
+++ b/nuclei-templates/cve-less/plugins/buddypress-533ee8fa484df21d792f06431e1c5c50.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress <= 7.2.0 - Authorization Bypass to Private Message Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BuddyPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the BuddyPress Nouveau and the BuddyPress REST API /buddypress/v1/messages endpoint in versions 5.0.0 - 7.2.0. This makes it possible for non-privileged attackers to read private messages in a thread they were not invited to.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress/"
     google-query: inurl:"/wp-content/plugins/buddypress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddypress,medium
+  tags: cve,wordpress,wp-plugin,buddypress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddypress-863062f7cb6b2bf7365f623cc8d292ad.yaml b/nuclei-templates/cve-less/plugins/buddypress-863062f7cb6b2bf7365f623cc8d292ad.yaml
index 567489c28a..bc8e834f59 100644
--- a/nuclei-templates/cve-less/plugins/buddypress-863062f7cb6b2bf7365f623cc8d292ad.yaml
+++ b/nuclei-templates/cve-less/plugins/buddypress-863062f7cb6b2bf7365f623cc8d292ad.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress <= 7.2.1 - Missing Authorization to Group Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BuddyPress plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.2.1. This is due to missing authorization validation on the group membership REST-API Endpoint. This makes it possible for authenticated attackers to create new groups on behalf of another user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress/"
     google-query: inurl:"/wp-content/plugins/buddypress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddypress,medium
+  tags: cve,wordpress,wp-plugin,buddypress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddypress-af97e64423b75225062fc5e60d8e5fa3.yaml b/nuclei-templates/cve-less/plugins/buddypress-af97e64423b75225062fc5e60d8e5fa3.yaml
index 7051c17d8a..6be4824b9a 100644
--- a/nuclei-templates/cve-less/plugins/buddypress-af97e64423b75225062fc5e60d8e5fa3.yaml
+++ b/nuclei-templates/cve-less/plugins/buddypress-af97e64423b75225062fc5e60d8e5fa3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress <= 7.2.1 - Missing Authorization to Unauthorized Group Access
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BuddyPress plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.2.1. This is due to missing authorization validation on the group REST-API Endpoint. This makes it possible for authenticated attackers to join or request to join groups they are previously banned from.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress/"
     google-query: inurl:"/wp-content/plugins/buddypress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddypress,medium
+  tags: cve,wordpress,wp-plugin,buddypress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddypress-b60bae014d152f2a394bd09bd7490303.yaml b/nuclei-templates/cve-less/plugins/buddypress-b60bae014d152f2a394bd09bd7490303.yaml
index a3b390309d..ccf6b4230f 100644
--- a/nuclei-templates/cve-less/plugins/buddypress-b60bae014d152f2a394bd09bd7490303.yaml
+++ b/nuclei-templates/cve-less/plugins/buddypress-b60bae014d152f2a394bd09bd7490303.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress <= 7.2.0 - Authorization Bypass to Friend Invite
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BuddyPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the buddypress/v1/groups/invites REST-API endpoint in versions up to, and including, 7.2.0. This makes it possible for a member to invite another member to join a group without being friends when that group restricted invites to friends only.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress/"
     google-query: inurl:"/wp-content/plugins/buddypress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddypress,medium
+  tags: cve,wordpress,wp-plugin,buddypress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddypress-d0fd9cc44e353f2e6039b73677016f83.yaml b/nuclei-templates/cve-less/plugins/buddypress-d0fd9cc44e353f2e6039b73677016f83.yaml
index 9c81326023..11d91d4dfa 100644
--- a/nuclei-templates/cve-less/plugins/buddypress-d0fd9cc44e353f2e6039b73677016f83.yaml
+++ b/nuclei-templates/cve-less/plugins/buddypress-d0fd9cc44e353f2e6039b73677016f83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress <= 7.2.1 - Missing Authorization to Private Post Activity
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BuddyPress plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.2.1. This is due to missing authorization validation on the activity REST-API Endpoint. This makes it possible for authenticated attackers to favorite private and hidden activity they are not authorized to access.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress/"
     google-query: inurl:"/wp-content/plugins/buddypress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddypress,medium
+  tags: cve,wordpress,wp-plugin,buddypress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddypress-media-098044594b04ab841c349ed64a192c47.yaml b/nuclei-templates/cve-less/plugins/buddypress-media-098044594b04ab841c349ed64a192c47.yaml
index d1a551f6fe..4257f871ef 100644
--- a/nuclei-templates/cve-less/plugins/buddypress-media-098044594b04ab841c349ed64a192c47.yaml
+++ b/nuclei-templates/cve-less/plugins/buddypress-media-098044594b04ab841c349ed64a192c47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     rtMedia for WordPress, BuddyPress and bbPress < 3.7.19 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.7.18 via the 'template' parameter. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-media/"
     google-query: inurl:"/wp-content/plugins/buddypress-media/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddypress-media,high
+  tags: cve,wordpress,wp-plugin,buddypress-media,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddypress-media-af05e39beae4ccc85b4b7733a1dfc389.yaml b/nuclei-templates/cve-less/plugins/buddypress-media-af05e39beae4ccc85b4b7733a1dfc389.yaml
index ff137a640e..267d6732b3 100644
--- a/nuclei-templates/cve-less/plugins/buddypress-media-af05e39beae4ccc85b4b7733a1dfc389.yaml
+++ b/nuclei-templates/cve-less/plugins/buddypress-media-af05e39beae4ccc85b4b7733a1dfc389.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_settings function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to expose sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-media/"
     google-query: inurl:"/wp-content/plugins/buddypress-media/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddypress-media,medium
+  tags: cve,wordpress,wp-plugin,buddypress-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddypress-media-c87d935ed7b249bf9a1f11f3472af3e0.yaml b/nuclei-templates/cve-less/plugins/buddypress-media-c87d935ed7b249bf9a1f11f3472af3e0.yaml
index 700838aa7d..52c2397f2d 100644
--- a/nuclei-templates/cve-less/plugins/buddypress-media-c87d935ed7b249bf9a1f11f3472af3e0.yaml
+++ b/nuclei-templates/cve-less/plugins/buddypress-media-c87d935ed7b249bf9a1f11f3472af3e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     rtMedia for WordPress, BuddyPress and bbPress <= 3.10.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The rtMedia for WordPress, BuddyPress and bbPress Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘media_title’ parameter in versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-media/"
     google-query: inurl:"/wp-content/plugins/buddypress-media/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddypress-media,medium
+  tags: cve,wordpress,wp-plugin,buddypress-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddypress-media-d489286ed41649bac6a4b978b2c38ed0.yaml b/nuclei-templates/cve-less/plugins/buddypress-media-d489286ed41649bac6a4b978b2c38ed0.yaml
index 2dd7ebc61d..6565de2475 100644
--- a/nuclei-templates/cve-less/plugins/buddypress-media-d489286ed41649bac6a4b978b2c38ed0.yaml
+++ b/nuclei-templates/cve-less/plugins/buddypress-media-d489286ed41649bac6a4b978b2c38ed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtmedia_admin_upload function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload a settings file and modify plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-media/"
     google-query: inurl:"/wp-content/plugins/buddypress-media/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddypress-media,medium
+  tags: cve,wordpress,wp-plugin,buddypress-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buddypress-media-dc0051edab31221e49ae9364dcda380b.yaml b/nuclei-templates/cve-less/plugins/buddypress-media-dc0051edab31221e49ae9364dcda380b.yaml
index 2904df6e2f..1bc30fe7b0 100644
--- a/nuclei-templates/cve-less/plugins/buddypress-media-dc0051edab31221e49ae9364dcda380b.yaml
+++ b/nuclei-templates/cve-less/plugins/buddypress-media-dc0051edab31221e49ae9364dcda380b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the order_by parameter in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buddypress-media/"
     google-query: inurl:"/wp-content/plugins/buddypress-media/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buddypress-media,high
+  tags: cve,wordpress,wp-plugin,buddypress-media,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buffer-my-post-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/buffer-my-post-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 91f1fe590f..5925df0ed4 100644
--- a/nuclei-templates/cve-less/plugins/buffer-my-post-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/buffer-my-post-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buffer-my-post/"
     google-query: inurl:"/wp-content/plugins/buffer-my-post/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buffer-my-post,medium
+  tags: cve,wordpress,wp-plugin,buffer-my-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bulk-attachment-download-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bulk-attachment-download-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4bad43c543..6ef28a0d04 100644
--- a/nuclei-templates/cve-less/plugins/bulk-attachment-download-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bulk-attachment-download-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-attachment-download/"
     google-query: inurl:"/wp-content/plugins/bulk-attachment-download/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bulk-attachment-download,medium
+  tags: cve,wordpress,wp-plugin,bulk-attachment-download,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bulk-delete-24cf0801a4963f154c38e24267fc828d.yaml b/nuclei-templates/cve-less/plugins/bulk-delete-24cf0801a4963f154c38e24267fc828d.yaml
index 85c993865d..9e7caa2d70 100644
--- a/nuclei-templates/cve-less/plugins/bulk-delete-24cf0801a4963f154c38e24267fc828d.yaml
+++ b/nuclei-templates/cve-less/plugins/bulk-delete-24cf0801a4963f154c38e24267fc828d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bulk Delete <= 5.5.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Bulk Delete plugin for WordPress is vulnerable to missing authorization due to missing capability checks on several functions in versions before 5.5.4. This makes it possible for authenticated attackers to perform restricted actions which could lead to the arbitrary deletion of site content including pages, posts and users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-delete/"
     google-query: inurl:"/wp-content/plugins/bulk-delete/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bulk-delete,medium
+  tags: cve,wordpress,wp-plugin,bulk-delete,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bulk-edit-categories-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bulk-edit-categories-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ce8bd2db64..c03ce30d7f 100644
--- a/nuclei-templates/cve-less/plugins/bulk-edit-categories-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bulk-edit-categories-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-edit-categories-tags/"
     google-query: inurl:"/wp-content/plugins/bulk-edit-categories-tags/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bulk-edit-categories-tags,medium
+  tags: cve,wordpress,wp-plugin,bulk-edit-categories-tags,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bulk-edit-user-profiles-in-spreadsheet-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bulk-edit-user-profiles-in-spreadsheet-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6e5a0f9a04..c9c7aae6aa 100644
--- a/nuclei-templates/cve-less/plugins/bulk-edit-user-profiles-in-spreadsheet-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bulk-edit-user-profiles-in-spreadsheet-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/"
     google-query: inurl:"/wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bulk-edit-user-profiles-in-spreadsheet,medium
+  tags: cve,wordpress,wp-plugin,bulk-edit-user-profiles-in-spreadsheet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bulk-image-alt-text-with-yoast-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bulk-image-alt-text-with-yoast-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0cacb5b821..5904adb97f 100644
--- a/nuclei-templates/cve-less/plugins/bulk-image-alt-text-with-yoast-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bulk-image-alt-text-with-yoast-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-image-alt-text-with-yoast/"
     google-query: inurl:"/wp-content/plugins/bulk-image-alt-text-with-yoast/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bulk-image-alt-text-with-yoast,medium
+  tags: cve,wordpress,wp-plugin,bulk-image-alt-text-with-yoast,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bulk-image-title-attribute-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bulk-image-title-attribute-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c1d4eabe22..9de4dbf446 100644
--- a/nuclei-templates/cve-less/plugins/bulk-image-title-attribute-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bulk-image-title-attribute-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-image-title-attribute/"
     google-query: inurl:"/wp-content/plugins/bulk-image-title-attribute/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bulk-image-title-attribute,medium
+  tags: cve,wordpress,wp-plugin,bulk-image-title-attribute,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bulk-woocommerce-category-creator-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bulk-woocommerce-category-creator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6e404b501a..f61cad8dda 100644
--- a/nuclei-templates/cve-less/plugins/bulk-woocommerce-category-creator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bulk-woocommerce-category-creator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulk-woocommerce-category-creator/"
     google-query: inurl:"/wp-content/plugins/bulk-woocommerce-category-creator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bulk-woocommerce-category-creator,medium
+  tags: cve,wordpress,wp-plugin,bulk-woocommerce-category-creator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bulletin-announcements-246b8b56564018f48400096509996111.yaml b/nuclei-templates/cve-less/plugins/bulletin-announcements-246b8b56564018f48400096509996111.yaml
index d780968119..bbc39e8fc4 100644
--- a/nuclei-templates/cve-less/plugins/bulletin-announcements-246b8b56564018f48400096509996111.yaml
+++ b/nuclei-templates/cve-less/plugins/bulletin-announcements-246b8b56564018f48400096509996111.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Announcement & Notification Banner – Bulletin <= 3.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bulletinTitle' value found in the 'formData' parameters in versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletin-announcements/"
     google-query: inurl:"/wp-content/plugins/bulletin-announcements/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bulletin-announcements,medium
+  tags: cve,wordpress,wp-plugin,bulletin-announcements,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bulletin-announcements-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/bulletin-announcements-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 779cfccf15..d4d71ed4c4 100644
--- a/nuclei-templates/cve-less/plugins/bulletin-announcements-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/bulletin-announcements-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletin-announcements/"
     google-query: inurl:"/wp-content/plugins/bulletin-announcements/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bulletin-announcements,medium
+  tags: cve,wordpress,wp-plugin,bulletin-announcements,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/bulletproof-security-5dceb192e7c190761b3c97b152cbfe74.yaml b/nuclei-templates/cve-less/plugins/bulletproof-security-5dceb192e7c190761b3c97b152cbfe74.yaml
index 8aff82e445..33c1d45357 100644
--- a/nuclei-templates/cve-less/plugins/bulletproof-security-5dceb192e7c190761b3c97b152cbfe74.yaml
+++ b/nuclei-templates/cve-less/plugins/bulletproof-security-5dceb192e7c190761b3c97b152cbfe74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BulletProof Security <= .53.3 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The BulletProof Security plugin for WordPress is vulnerable to Cross-Site Scripting via the ‘user-agent-ignore’ parameter in versions up to, and including, .53.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/bulletproof-security/"
     google-query: inurl:"/wp-content/plugins/bulletproof-security/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,bulletproof-security,medium
+  tags: cve,wordpress,wp-plugin,bulletproof-security,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/buttonizer-multifunctional-button-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/buttonizer-multifunctional-button-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0d423e3e3e..54f144eb02 100644
--- a/nuclei-templates/cve-less/plugins/buttonizer-multifunctional-button-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/buttonizer-multifunctional-button-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/buttonizer-multifunctional-button/"
     google-query: inurl:"/wp-content/plugins/buttonizer-multifunctional-button/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,buttonizer-multifunctional-button,medium
+  tags: cve,wordpress,wp-plugin,buttonizer-multifunctional-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cache-images-0c97fc31b35102d21ddbee9abbb4d9fd.yaml b/nuclei-templates/cve-less/plugins/cache-images-0c97fc31b35102d21ddbee9abbb4d9fd.yaml
index 308ee7fbb3..12842c6b2f 100644
--- a/nuclei-templates/cve-less/plugins/cache-images-0c97fc31b35102d21ddbee9abbb4d9fd.yaml
+++ b/nuclei-templates/cve-less/plugins/cache-images-0c97fc31b35102d21ddbee9abbb4d9fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cache Images <= 3.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cache Images plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the cache_images_ajax() function in versions up to, and including, 3.1. This makes it possible for authenticated low-level attackers to upload image files to a site without the upload_files capabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cache-images/"
     google-query: inurl:"/wp-content/plugins/cache-images/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cache-images,medium
+  tags: cve,wordpress,wp-plugin,cache-images,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/calculated-fields-form-139d1504f66cd87031fd329a5f49ab94.yaml b/nuclei-templates/cve-less/plugins/calculated-fields-form-139d1504f66cd87031fd329a5f49ab94.yaml
index ca71cb55ad..e7df33223d 100644
--- a/nuclei-templates/cve-less/plugins/calculated-fields-form-139d1504f66cd87031fd329a5f49ab94.yaml
+++ b/nuclei-templates/cve-less/plugins/calculated-fields-form-139d1504f66cd87031fd329a5f49ab94.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calculated Fields Form <= 1.0.11 - Cross-Site Request Forgery to SQL Injection
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Calculated Fields Form plugin for WordPress is vulnerable to SQL Injection via Cross-Site Request Forgery in versions up to, and including, 1.0.11 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calculated-fields-form/"
     google-query: inurl:"/wp-content/plugins/calculated-fields-form/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,calculated-fields-form,critical
+  tags: cve,wordpress,wp-plugin,calculated-fields-form,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/caldera-forms-768674b25e725613816286a9dc3c4233.yaml b/nuclei-templates/cve-less/plugins/caldera-forms-768674b25e725613816286a9dc3c4233.yaml
index 6a79f409c9..6af7d3f4fb 100644
--- a/nuclei-templates/cve-less/plugins/caldera-forms-768674b25e725613816286a9dc3c4233.yaml
+++ b/nuclei-templates/cve-less/plugins/caldera-forms-768674b25e725613816286a9dc3c4233.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Caldera Forms <= 1.5.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Caldera Forms plugin for WordPress is vulnerable to Cross-Site Scripting via the "edit" parameter in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/caldera-forms/"
     google-query: inurl:"/wp-content/plugins/caldera-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,caldera-forms,medium
+  tags: cve,wordpress,wp-plugin,caldera-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/caldera-forms-pro-af5db143583f026b4ec13d0e53264642.yaml b/nuclei-templates/cve-less/plugins/caldera-forms-pro-af5db143583f026b4ec13d0e53264642.yaml
index 94f5df080e..fdaac0c95e 100644
--- a/nuclei-templates/cve-less/plugins/caldera-forms-pro-af5db143583f026b4ec13d0e53264642.yaml
+++ b/nuclei-templates/cve-less/plugins/caldera-forms-pro-af5db143583f026b4ec13d0e53264642.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Caldera Forms Pro < 1.8.2 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Caldera Forms Pro plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the register_rest_route function in versions, up to and including, 1.7.6 in the 1.7.x branch, and 1.8.1 in the 1.8.x branch. This makes it possible for unauthenticated attackers to read arbitrary files, including wp-config.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/caldera-forms-pro/"
     google-query: inurl:"/wp-content/plugins/caldera-forms-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,caldera-forms-pro,critical
+  tags: cve,wordpress,wp-plugin,caldera-forms-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/calendar-05d1ff035c1fc3b076e51a7b5c7af2a9.yaml b/nuclei-templates/cve-less/plugins/calendar-05d1ff035c1fc3b076e51a7b5c7af2a9.yaml
index b8cca44ac1..c103ed652a 100644
--- a/nuclei-templates/cve-less/plugins/calendar-05d1ff035c1fc3b076e51a7b5c7af2a9.yaml
+++ b/nuclei-templates/cve-less/plugins/calendar-05d1ff035c1fc3b076e51a7b5c7af2a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Calendar < 1.3.8 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions before 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/calendar/"
     google-query: inurl:"/wp-content/plugins/calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,calendar,high
+  tags: cve,wordpress,wp-plugin,calendar,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/campaign-url-builder-fdb6580a9b4fe182559a2e3ed6c65f0e.yaml b/nuclei-templates/cve-less/plugins/campaign-url-builder-fdb6580a9b4fe182559a2e3ed6c65f0e.yaml
index 089ae0767c..4d7f8f13cf 100644
--- a/nuclei-templates/cve-less/plugins/campaign-url-builder-fdb6580a9b4fe182559a2e3ed6c65f0e.yaml
+++ b/nuclei-templates/cve-less/plugins/campaign-url-builder-fdb6580a9b4fe182559a2e3ed6c65f0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Campaign URL Builder <= 1.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Create Link
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Campaign URL Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple form fields within the Create Link tab of the settings page in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/campaign-url-builder/"
     google-query: inurl:"/wp-content/plugins/campaign-url-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,campaign-url-builder,medium
+  tags: cve,wordpress,wp-plugin,campaign-url-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/campus-directory-aefc22c7a60a7d5e0b05b0ef2a479b2b.yaml b/nuclei-templates/cve-less/plugins/campus-directory-aefc22c7a60a7d5e0b05b0ef2a479b2b.yaml
index 627172a43c..0e81aa61db 100644
--- a/nuclei-templates/cve-less/plugins/campus-directory-aefc22c7a60a7d5e0b05b0ef2a479b2b.yaml
+++ b/nuclei-templates/cve-less/plugins/campus-directory-aefc22c7a60a7d5e0b05b0ef2a479b2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Faculty Staff and Student Directory Plugin – Campus Directory <= 1.7.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Faculty Staff and Student Directory Plugin – Campus Directory plugin for WordPress is vulnerable to authenticated stored cross-site scripting via several parameters found in versions up to and including 1.7.4.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/campus-directory/"
     google-query: inurl:"/wp-content/plugins/campus-directory/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,campus-directory,medium
+  tags: cve,wordpress,wp-plugin,campus-directory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/capability-manager-enhanced-df1f9aa06bdcfa30c9c48b598c66ff46.yaml b/nuclei-templates/cve-less/plugins/capability-manager-enhanced-df1f9aa06bdcfa30c9c48b598c66ff46.yaml
index 299c28e378..1ffa1b6677 100644
--- a/nuclei-templates/cve-less/plugins/capability-manager-enhanced-df1f9aa06bdcfa30c9c48b598c66ff46.yaml
+++ b/nuclei-templates/cve-less/plugins/capability-manager-enhanced-df1f9aa06bdcfa30c9c48b598c66ff46.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PublishPress Capabilities <= 1.5.8 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The PublishPress Capabilities plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 1.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for role-editing-capable attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/capability-manager-enhanced/"
     google-query: inurl:"/wp-content/plugins/capability-manager-enhanced/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,capability-manager-enhanced,high
+  tags: cve,wordpress,wp-plugin,capability-manager-enhanced,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/captchinoo-captcha-for-login-form-protection-8a7e1f1e76c1a5624370361e3f4014b1.yaml b/nuclei-templates/cve-less/plugins/captchinoo-captcha-for-login-form-protection-8a7e1f1e76c1a5624370361e3f4014b1.yaml
index 9d1e24ac19..acd68eb193 100644
--- a/nuclei-templates/cve-less/plugins/captchinoo-captcha-for-login-form-protection-8a7e1f1e76c1a5624370361e3f4014b1.yaml
+++ b/nuclei-templates/cve-less/plugins/captchinoo-captcha-for-login-form-protection-8a7e1f1e76c1a5624370361e3f4014b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Captchinoo, admin login page protection with Google recaptcha <= 2.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Captchinoo, admin login page protection with Google recaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to missing or incorrect nonce validation on the 'cp_plugins_do_button_job_later_callback' AJAX action. This makes it possible for unauthenticated attackers to install and activate other plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/captchinoo-captcha-for-login-form-protection/"
     google-query: inurl:"/wp-content/plugins/captchinoo-captcha-for-login-form-protection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,captchinoo-captcha-for-login-form-protection,high
+  tags: cve,wordpress,wp-plugin,captchinoo-captcha-for-login-form-protection,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/card-oracle-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/card-oracle-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c9e7ac0785..3a449186e2 100644
--- a/nuclei-templates/cve-less/plugins/card-oracle-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/card-oracle-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/card-oracle/"
     google-query: inurl:"/wp-content/plugins/card-oracle/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,card-oracle,medium
+  tags: cve,wordpress,wp-plugin,card-oracle,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cart-lift-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/cart-lift-18966e8228314b8165d39d48519f43cc.yaml
index a795656528..1bb8ece8ae 100644
--- a/nuclei-templates/cve-less/plugins/cart-lift-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/cart-lift-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cart-lift/"
     google-query: inurl:"/wp-content/plugins/cart-lift/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cart-lift,medium
+  tags: cve,wordpress,wp-plugin,cart-lift,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cart-link-for-woocommerce-691ef5f746f46ce4f71b48e893324dcb.yaml b/nuclei-templates/cve-less/plugins/cart-link-for-woocommerce-691ef5f746f46ce4f71b48e893324dcb.yaml
index 6a58b617af..9972224c8c 100644
--- a/nuclei-templates/cve-less/plugins/cart-link-for-woocommerce-691ef5f746f46ce4f71b48e893324dcb.yaml
+++ b/nuclei-templates/cve-less/plugins/cart-link-for-woocommerce-691ef5f746f46ce4f71b48e893324dcb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cart Link for WooCommerce <= 2.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Cart Link for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cart-link-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/cart-link-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cart-link-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,cart-link-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cartoon-url-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/cartoon-url-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 457507c694..abefdf4e6d 100644
--- a/nuclei-templates/cve-less/plugins/cartoon-url-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/cartoon-url-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cartoon-url/"
     google-query: inurl:"/wp-content/plugins/cartoon-url/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cartoon-url,medium
+  tags: cve,wordpress,wp-plugin,cartoon-url,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cartpops-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/cartpops-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index aac3d8fa61..3c7ce9e3e1 100644
--- a/nuclei-templates/cve-less/plugins/cartpops-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/cartpops-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cartpops/"
     google-query: inurl:"/wp-content/plugins/cartpops/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cartpops,medium
+  tags: cve,wordpress,wp-plugin,cartpops,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang-755b5e97b09ddabb36f708e4895b834c.yaml b/nuclei-templates/cve-less/plugins/casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang-755b5e97b09ddabb36f708e4895b834c.yaml
index cd2cd3333a..f3cc006312 100644
--- a/nuclei-templates/cve-less/plugins/casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang-755b5e97b09ddabb36f708e4895b834c.yaml
+++ b/nuclei-templates/cve-less/plugins/casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang-755b5e97b09ddabb36f708e4895b834c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Casso – Tự động xác nhận thanh toán chuyển khoản ngân hàng <= 2.8.6 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Casso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang/"
     google-query: inurl:"/wp-content/plugins/casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang,medium
+  tags: cve,wordpress,wp-plugin,casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/catch-web-tools-c59a23b4a74b5a776a9442e033941d2d.yaml b/nuclei-templates/cve-less/plugins/catch-web-tools-c59a23b4a74b5a776a9442e033941d2d.yaml
index 6aff6729e1..b07bcbeac3 100644
--- a/nuclei-templates/cve-less/plugins/catch-web-tools-c59a23b4a74b5a776a9442e033941d2d.yaml
+++ b/nuclei-templates/cve-less/plugins/catch-web-tools-c59a23b4a74b5a776a9442e033941d2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Catch Web Tools <= 2.7.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Catch Web Tools plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the catchwebtools_catchids_switch AJAX action in versions up to, and including, 2.7.0. This makes it possible for subscriber-level attackers to active or deactivate catch IDs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/catch-web-tools/"
     google-query: inurl:"/wp-content/plugins/catch-web-tools/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,catch-web-tools,medium
+  tags: cve,wordpress,wp-plugin,catch-web-tools,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/categorify-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/categorify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5a0fd360ca..9243c2470f 100644
--- a/nuclei-templates/cve-less/plugins/categorify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/categorify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/categorify/"
     google-query: inurl:"/wp-content/plugins/categorify/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,categorify,medium
+  tags: cve,wordpress,wp-plugin,categorify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/caxton-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/caxton-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0219add08e..4a8fc3afc8 100644
--- a/nuclei-templates/cve-less/plugins/caxton-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/caxton-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/caxton/"
     google-query: inurl:"/wp-content/plugins/caxton/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,caxton,medium
+  tags: cve,wordpress,wp-plugin,caxton,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cf7-conditional-fields-5f06348f7bb36613ac049dfd554c46bc.yaml b/nuclei-templates/cve-less/plugins/cf7-conditional-fields-5f06348f7bb36613ac049dfd554c46bc.yaml
index f2e5827c6d..b4671442d0 100644
--- a/nuclei-templates/cve-less/plugins/cf7-conditional-fields-5f06348f7bb36613ac049dfd554c46bc.yaml
+++ b/nuclei-templates/cve-less/plugins/cf7-conditional-fields-5f06348f7bb36613ac049dfd554c46bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conditional Fields for Contact Form 7 <= 2.4.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when showing admin notices in all versions up to 2.4.0 (inclusive). This makes it possible for attackers to read admin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-conditional-fields/"
     google-query: inurl:"/wp-content/plugins/cf7-conditional-fields/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cf7-conditional-fields,medium
+  tags: cve,wordpress,wp-plugin,cf7-conditional-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cf7-constant-contact-fields-mapping-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/cf7-constant-contact-fields-mapping-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e818c4ff9f..e4d9af2cb5 100644
--- a/nuclei-templates/cve-less/plugins/cf7-constant-contact-fields-mapping-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/cf7-constant-contact-fields-mapping-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-constant-contact-fields-mapping/"
     google-query: inurl:"/wp-content/plugins/cf7-constant-contact-fields-mapping/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cf7-constant-contact-fields-mapping,medium
+  tags: cve,wordpress,wp-plugin,cf7-constant-contact-fields-mapping,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cf7-easy-math-captcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/cf7-easy-math-captcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1dd0ffc8b5..9d0e30bdc2 100644
--- a/nuclei-templates/cve-less/plugins/cf7-easy-math-captcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/cf7-easy-math-captcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-easy-math-captcha/"
     google-query: inurl:"/wp-content/plugins/cf7-easy-math-captcha/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cf7-easy-math-captcha,medium
+  tags: cve,wordpress,wp-plugin,cf7-easy-math-captcha,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cf7-grid-and-styler-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/cf7-grid-and-styler-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 11e4bf8abf..82b19c2f93 100644
--- a/nuclei-templates/cve-less/plugins/cf7-grid-and-styler-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/cf7-grid-and-styler-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-grid-and-styler-for-divi/"
     google-query: inurl:"/wp-content/plugins/cf7-grid-and-styler-for-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cf7-grid-and-styler-for-divi,medium
+  tags: cve,wordpress,wp-plugin,cf7-grid-and-styler-for-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cf7-styler-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/cf7-styler-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e140e7156f..a717bf8f79 100644
--- a/nuclei-templates/cve-less/plugins/cf7-styler-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/cf7-styler-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-styler/"
     google-query: inurl:"/wp-content/plugins/cf7-styler/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cf7-styler,medium
+  tags: cve,wordpress,wp-plugin,cf7-styler,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cf7-styler-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/cf7-styler-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2d03a7dc68..b0d812a373 100644
--- a/nuclei-templates/cve-less/plugins/cf7-styler-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/cf7-styler-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-styler-for-divi/"
     google-query: inurl:"/wp-content/plugins/cf7-styler-for-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cf7-styler-for-divi,medium
+  tags: cve,wordpress,wp-plugin,cf7-styler-for-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cf7-zoho-22168446272a333f9aeaf32a63eb65ac.yaml b/nuclei-templates/cve-less/plugins/cf7-zoho-22168446272a333f9aeaf32a63eb65ac.yaml
index f25f22e2d7..f08541da6e 100644
--- a/nuclei-templates/cve-less/plugins/cf7-zoho-22168446272a333f9aeaf32a63eb65ac.yaml
+++ b/nuclei-templates/cve-less/plugins/cf7-zoho-22168446272a333f9aeaf32a63eb65ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Integration for Contact Form 7 and Zoho CRM, Bigin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘start_date’ and ‘end_date’ parameters in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cf7-zoho/"
     google-query: inurl:"/wp-content/plugins/cf7-zoho/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cf7-zoho,medium
+  tags: cve,wordpress,wp-plugin,cf7-zoho,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-5ad18bbfeb4c12a137de8b17b7553a5c.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-5ad18bbfeb4c12a137de8b17b7553a5c.yaml
index d1a09174bf..469a2dbce3 100644
--- a/nuclei-templates/cve-less/plugins/chained-quiz-5ad18bbfeb4c12a137de8b17b7553a5c.yaml
+++ b/nuclei-templates/cve-less/plugins/chained-quiz-5ad18bbfeb4c12a137de8b17b7553a5c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chained Quiz <= 0.9.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chained-quiz/"
     google-query: inurl:"/wp-content/plugins/chained-quiz/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,chained-quiz,medium
+  tags: cve,wordpress,wp-plugin,chained-quiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-bb66f4ac76af234c75b6841b7c13994a.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-bb66f4ac76af234c75b6841b7c13994a.yaml
index 829d10f292..225ed7f535 100644
--- a/nuclei-templates/cve-less/plugins/chained-quiz-bb66f4ac76af234c75b6841b7c13994a.yaml
+++ b/nuclei-templates/cve-less/plugins/chained-quiz-bb66f4ac76af234c75b6841b7c13994a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chained Quiz <= 1.1.9 -Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Chained Quiz for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘chained_admin_subject', 'chained_user_subject', 'chained_sender_name', 'chained_sender_email' and 'go_ahead_value' values in versions up to, and including, 1.1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authentication-level attackers Admin level access is required to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chained-quiz/"
     google-query: inurl:"/wp-content/plugins/chained-quiz/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,chained-quiz,medium
+  tags: cve,wordpress,wp-plugin,chained-quiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/change-prices-with-time-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/change-prices-with-time-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6f106c4a44..471a382944 100644
--- a/nuclei-templates/cve-less/plugins/change-prices-with-time-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/change-prices-with-time-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/change-prices-with-time-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/change-prices-with-time-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,change-prices-with-time-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,change-prices-with-time-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/change-wc-price-title-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/change-wc-price-title-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 80948f012e..1dc43b6bb2 100644
--- a/nuclei-templates/cve-less/plugins/change-wc-price-title-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/change-wc-price-title-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/change-wc-price-title/"
     google-query: inurl:"/wp-content/plugins/change-wc-price-title/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,change-wc-price-title,medium
+  tags: cve,wordpress,wp-plugin,change-wc-price-title,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/chart-builder-08b024925f5d1dcafa4385a333501904.yaml b/nuclei-templates/cve-less/plugins/chart-builder-08b024925f5d1dcafa4385a333501904.yaml
index df940b1301..e5b10a1052 100644
--- a/nuclei-templates/cve-less/plugins/chart-builder-08b024925f5d1dcafa4385a333501904.yaml
+++ b/nuclei-templates/cve-less/plugins/chart-builder-08b024925f5d1dcafa4385a333501904.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chart Builder <= 1.9.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Best Chart Plugin – Chartify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chart-builder/"
     google-query: inurl:"/wp-content/plugins/chart-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,chart-builder,medium
+  tags: cve,wordpress,wp-plugin,chart-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/chatbot-8142bc3541567011d52df62ad2e24883.yaml b/nuclei-templates/cve-less/plugins/chatbot-8142bc3541567011d52df62ad2e24883.yaml
index f08ebdfd4a..04004877e7 100644
--- a/nuclei-templates/cve-less/plugins/chatbot-8142bc3541567011d52df62ad2e24883.yaml
+++ b/nuclei-templates/cve-less/plugins/chatbot-8142bc3541567011d52df62ad2e24883.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AI ChatBot <= 4.4.7 - Missing Authorization on openai_settings_option_callback
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The AI ChatBot plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the openai_settings_option_callback function in versions up to, and including, 4.4.7. This makes it possible for subscriber-level attackers to change plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chatbot/"
     google-query: inurl:"/wp-content/plugins/chatbot/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,chatbot,medium
+  tags: cve,wordpress,wp-plugin,chatbot,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/chaty-54240ff4b4cecbac0ff14d99813212f2.yaml b/nuclei-templates/cve-less/plugins/chaty-54240ff4b4cecbac0ff14d99813212f2.yaml
index 2990915a65..be9ce316aa 100644
--- a/nuclei-templates/cve-less/plugins/chaty-54240ff4b4cecbac0ff14d99813212f2.yaml
+++ b/nuclei-templates/cve-less/plugins/chaty-54240ff4b4cecbac0ff14d99813212f2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chaty <= 3.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via chat widget settings like 'cht_close_button_text' in versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/chaty/"
     google-query: inurl:"/wp-content/plugins/chaty/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,chaty,medium
+  tags: cve,wordpress,wp-plugin,chaty,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/choice-payment-gateway-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/choice-payment-gateway-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 28b4f9976e..5c6c3d6b2c 100644
--- a/nuclei-templates/cve-less/plugins/choice-payment-gateway-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/choice-payment-gateway-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/choice-payment-gateway-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/choice-payment-gateway-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,choice-payment-gateway-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,choice-payment-gateway-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/citizen-space-d8f2805c892cce30b8ee704118111dfd.yaml b/nuclei-templates/cve-less/plugins/citizen-space-d8f2805c892cce30b8ee704118111dfd.yaml
index 5957fd3b74..f0ebf82802 100644
--- a/nuclei-templates/cve-less/plugins/citizen-space-d8f2805c892cce30b8ee704118111dfd.yaml
+++ b/nuclei-templates/cve-less/plugins/citizen-space-d8f2805c892cce30b8ee704118111dfd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Citizen Space <= 1.1 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Citizen Space plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘path’ parameter in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/citizen-space/"
     google-query: inurl:"/wp-content/plugins/citizen-space/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,citizen-space,high
+  tags: cve,wordpress,wp-plugin,citizen-space,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/claptastic-clap-button-f34bb308bdc8bf0abc4007f19af318c1.yaml b/nuclei-templates/cve-less/plugins/claptastic-clap-button-f34bb308bdc8bf0abc4007f19af318c1.yaml
index e037d7f43f..297ce035f9 100644
--- a/nuclei-templates/cve-less/plugins/claptastic-clap-button-f34bb308bdc8bf0abc4007f19af318c1.yaml
+++ b/nuclei-templates/cve-less/plugins/claptastic-clap-button-f34bb308bdc8bf0abc4007f19af318c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Claptastic Clap! Button <= 1.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Claptastic Clap! Button plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/claptastic-clap-button/"
     google-query: inurl:"/wp-content/plugins/claptastic-clap-button/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,claptastic-clap-button,medium
+  tags: cve,wordpress,wp-plugin,claptastic-clap-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/classic-editor-addon-cbd9c033d999d7b582bab8aeab6cd501.yaml b/nuclei-templates/cve-less/plugins/classic-editor-addon-cbd9c033d999d7b582bab8aeab6cd501.yaml
index 3a4c444ed7..aee74b0878 100644
--- a/nuclei-templates/cve-less/plugins/classic-editor-addon-cbd9c033d999d7b582bab8aeab6cd501.yaml
+++ b/nuclei-templates/cve-less/plugins/classic-editor-addon-cbd9c033d999d7b582bab8aeab6cd501.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Classic Editor Addon < 2.6.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Classic Editor Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.3. This is due to inclusion of a vulnerable version of the wp-dependency-installer library. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/classic-editor-addon/"
     google-query: inurl:"/wp-content/plugins/classic-editor-addon/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,classic-editor-addon,high
+  tags: cve,wordpress,wp-plugin,classic-editor-addon,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/clean-and-simple-contact-form-by-meg-nicholas-9b88069f10fdb904873358d79983304f.yaml b/nuclei-templates/cve-less/plugins/clean-and-simple-contact-form-by-meg-nicholas-9b88069f10fdb904873358d79983304f.yaml
index f734eaa1b9..427ecf42f9 100644
--- a/nuclei-templates/cve-less/plugins/clean-and-simple-contact-form-by-meg-nicholas-9b88069f10fdb904873358d79983304f.yaml
+++ b/nuclei-templates/cve-less/plugins/clean-and-simple-contact-form-by-meg-nicholas-9b88069f10fdb904873358d79983304f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Clean and Simple <= 4.7.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form Clean and Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/"
     google-query: inurl:"/wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,clean-and-simple-contact-form-by-meg-nicholas,medium
+  tags: cve,wordpress,wp-plugin,clean-and-simple-contact-form-by-meg-nicholas,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/clean-login-5ac185ae82fe98b391f7b0249d150337.yaml b/nuclei-templates/cve-less/plugins/clean-login-5ac185ae82fe98b391f7b0249d150337.yaml
index 5d08a13fc1..afd9186203 100644
--- a/nuclei-templates/cve-less/plugins/clean-login-5ac185ae82fe98b391f7b0249d150337.yaml
+++ b/nuclei-templates/cve-less/plugins/clean-login-5ac185ae82fe98b391f7b0249d150337.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clean Login 1.12.6.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Clean Login for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in version 1.12.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clean-login/"
     google-query: inurl:"/wp-content/plugins/clean-login/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,clean-login,medium
+  tags: cve,wordpress,wp-plugin,clean-login,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/clean-social-icons-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/clean-social-icons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 03422ec5da..ad7adcb18f 100644
--- a/nuclei-templates/cve-less/plugins/clean-social-icons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/clean-social-icons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clean-social-icons/"
     google-query: inurl:"/wp-content/plugins/clean-social-icons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,clean-social-icons,medium
+  tags: cve,wordpress,wp-plugin,clean-social-icons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/click-to-top-07e8e438f9983a0ea397db3cccfb2a0b.yaml b/nuclei-templates/cve-less/plugins/click-to-top-07e8e438f9983a0ea397db3cccfb2a0b.yaml
index e2546b3c27..073a005387 100644
--- a/nuclei-templates/cve-less/plugins/click-to-top-07e8e438f9983a0ea397db3cccfb2a0b.yaml
+++ b/nuclei-templates/cve-less/plugins/click-to-top-07e8e438f9983a0ea397db3cccfb2a0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Click to top <= 1.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The click-to-top plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Type scroll text' field in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/click-to-top/"
     google-query: inurl:"/wp-content/plugins/click-to-top/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,click-to-top,medium
+  tags: cve,wordpress,wp-plugin,click-to-top,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/click-to-top-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/click-to-top-18966e8228314b8165d39d48519f43cc.yaml
index 81afca8451..2b86d280b1 100644
--- a/nuclei-templates/cve-less/plugins/click-to-top-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/click-to-top-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/click-to-top/"
     google-query: inurl:"/wp-content/plugins/click-to-top/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,click-to-top,medium
+  tags: cve,wordpress,wp-plugin,click-to-top,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/clickdesk-live-support-chat-plugin-45e600351b047339fd78ec95bb2976bd.yaml b/nuclei-templates/cve-less/plugins/clickdesk-live-support-chat-plugin-45e600351b047339fd78ec95bb2976bd.yaml
index 417604ebdf..f13b1c0b43 100644
--- a/nuclei-templates/cve-less/plugins/clickdesk-live-support-chat-plugin-45e600351b047339fd78ec95bb2976bd.yaml
+++ b/nuclei-templates/cve-less/plugins/clickdesk-live-support-chat-plugin-45e600351b047339fd78ec95bb2976bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 4.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. Note that
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clickdesk-live-support-chat-plugin/"
     google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat-plugin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,clickdesk-live-support-chat-plugin,medium
+  tags: cve,wordpress,wp-plugin,clickdesk-live-support-chat-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/clickervolt-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/clickervolt-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e19961de12..6d12080c58 100644
--- a/nuclei-templates/cve-less/plugins/clickervolt-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/clickervolt-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clickervolt/"
     google-query: inurl:"/wp-content/plugins/clickervolt/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,clickervolt,medium
+  tags: cve,wordpress,wp-plugin,clickervolt,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/clicky-8edea37489d7d07897482f68884c7200.yaml b/nuclei-templates/cve-less/plugins/clicky-8edea37489d7d07897482f68884c7200.yaml
index 850f346f03..06d6f1a08f 100644
--- a/nuclei-templates/cve-less/plugins/clicky-8edea37489d7d07897482f68884c7200.yaml
+++ b/nuclei-templates/cve-less/plugins/clicky-8edea37489d7d07897482f68884c7200.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Clicky by Yoast <= 1.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Clicky by Yoast plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user settings in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on several parameters. This makes it possible for low-authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/clicky/"
     google-query: inurl:"/wp-content/plugins/clicky/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,clicky,medium
+  tags: cve,wordpress,wp-plugin,clicky,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cm-ad-changer-1c07181abecff4187bed7fdcd8d1afe4.yaml b/nuclei-templates/cve-less/plugins/cm-ad-changer-1c07181abecff4187bed7fdcd8d1afe4.yaml
index 10d5c93409..6c0335cf16 100644
--- a/nuclei-templates/cve-less/plugins/cm-ad-changer-1c07181abecff4187bed7fdcd8d1afe4.yaml
+++ b/nuclei-templates/cve-less/plugins/cm-ad-changer-1c07181abecff4187bed7fdcd8d1afe4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CM Ad Changer <= 1.7.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The CM Ad Changer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Banner Title field in versions up to, and including, 1.7.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, granted they can trick a site's administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cm-ad-changer/"
     google-query: inurl:"/wp-content/plugins/cm-ad-changer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cm-ad-changer,high
+  tags: cve,wordpress,wp-plugin,cm-ad-changer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cm-ad-changer-5c3ee68d8799e2236b3bc1333dfd2f35.yaml b/nuclei-templates/cve-less/plugins/cm-ad-changer-5c3ee68d8799e2236b3bc1333dfd2f35.yaml
index 2210366adb..caa70f83cd 100644
--- a/nuclei-templates/cve-less/plugins/cm-ad-changer-5c3ee68d8799e2236b3bc1333dfd2f35.yaml
+++ b/nuclei-templates/cve-less/plugins/cm-ad-changer-5c3ee68d8799e2236b3bc1333dfd2f35.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CM Ad Changer < 1.7.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CM Ad Changer plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions before 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cm-ad-changer/"
     google-query: inurl:"/wp-content/plugins/cm-ad-changer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cm-ad-changer,medium
+  tags: cve,wordpress,wp-plugin,cm-ad-changer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cm-pop-up-banners-9a8cd1490d53fe02691b7245088ba1a4.yaml b/nuclei-templates/cve-less/plugins/cm-pop-up-banners-9a8cd1490d53fe02691b7245088ba1a4.yaml
index 80b2c7b61f..a02f1beaab 100644
--- a/nuclei-templates/cve-less/plugins/cm-pop-up-banners-9a8cd1490d53fe02691b7245088ba1a4.yaml
+++ b/nuclei-templates/cve-less/plugins/cm-pop-up-banners-9a8cd1490d53fe02691b7245088ba1a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CM Pop-Up banners <= 1.4.10 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 'CM Pop-Up banners' plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cm-pop-up-banners/"
     google-query: inurl:"/wp-content/plugins/cm-pop-up-banners/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cm-pop-up-banners,medium
+  tags: cve,wordpress,wp-plugin,cm-pop-up-banners,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cms-tree-page-view-664f9708c952ef16850b76782a119235.yaml b/nuclei-templates/cve-less/plugins/cms-tree-page-view-664f9708c952ef16850b76782a119235.yaml
index f15ba8eee4..18b54055a9 100644
--- a/nuclei-templates/cve-less/plugins/cms-tree-page-view-664f9708c952ef16850b76782a119235.yaml
+++ b/nuclei-templates/cve-less/plugins/cms-tree-page-view-664f9708c952ef16850b76782a119235.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CMS Tree Page View < 1.4 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CMS Tree Page View plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the cms_tpv_move_page function in versions before 1.4. This makes it possible for authenticated attackers with subscriber-level privileges to move pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cms-tree-page-view/"
     google-query: inurl:"/wp-content/plugins/cms-tree-page-view/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cms-tree-page-view,medium
+  tags: cve,wordpress,wp-plugin,cms-tree-page-view,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/co2ok-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/co2ok-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6fe9722a8c..add272ee7e 100644
--- a/nuclei-templates/cve-less/plugins/co2ok-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/co2ok-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/co2ok-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/co2ok-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,co2ok-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,co2ok-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/co2ok-for-woocommerce-c148c7298cbf640c64f29d57d3ad5df1.yaml b/nuclei-templates/cve-less/plugins/co2ok-for-woocommerce-c148c7298cbf640c64f29d57d3ad5df1.yaml
index 13dbf38edd..4252e67afa 100644
--- a/nuclei-templates/cve-less/plugins/co2ok-for-woocommerce-c148c7298cbf640c64f29d57d3ad5df1.yaml
+++ b/nuclei-templates/cve-less/plugins/co2ok-for-woocommerce-c148c7298cbf640c64f29d57d3ad5df1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CO2ok: carbon offsetting for e-commerce <= 1.0.9.21 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The plugin CO2ok: carbon offsetting for e-commerce is vulnerable to Cross-Site Scripting via the several parameters in versions up to, and including, 1.0.9.21 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/co2ok-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/co2ok-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,co2ok-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,co2ok-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/code-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/code-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b366418bea..da4aa89375 100644
--- a/nuclei-templates/cve-less/plugins/code-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/code-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/code-manager/"
     google-query: inurl:"/wp-content/plugins/code-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,code-manager,medium
+  tags: cve,wordpress,wp-plugin,code-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/coditor-3030bade61470958bdc416b0e2c89b83.yaml b/nuclei-templates/cve-less/plugins/coditor-3030bade61470958bdc416b0e2c89b83.yaml
index f4b7b5dfe6..658c287b2a 100644
--- a/nuclei-templates/cve-less/plugins/coditor-3030bade61470958bdc416b0e2c89b83.yaml
+++ b/nuclei-templates/cve-less/plugins/coditor-3030bade61470958bdc416b0e2c89b83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coditor <= 1.1 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Coditor plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1 via the coditor_process_ajax function. This allows authenticated attackers at the subscriber-level or above to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coditor/"
     google-query: inurl:"/wp-content/plugins/coditor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,coditor,high
+  tags: cve,wordpress,wp-plugin,coditor,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/codup-woocommerce-dynamic-pricing-table-view-9a51dd537aff6d05f9d6a7c50a359270.yaml b/nuclei-templates/cve-less/plugins/codup-woocommerce-dynamic-pricing-table-view-9a51dd537aff6d05f9d6a7c50a359270.yaml
index 0fa01848cc..68c2cd185f 100644
--- a/nuclei-templates/cve-less/plugins/codup-woocommerce-dynamic-pricing-table-view-9a51dd537aff6d05f9d6a7c50a359270.yaml
+++ b/nuclei-templates/cve-less/plugins/codup-woocommerce-dynamic-pricing-table-view-9a51dd537aff6d05f9d6a7c50a359270.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Codup WooCommerce Dynamic Pricing Table View <= 1.2.1.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Codup WooCommerce Dynamic Pricing Table View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters found in the codup_wc_pricing_table_get_settings_of_table () function in versions up to, and including, 1.2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/codup-woocommerce-dynamic-pricing-table-view/"
     google-query: inurl:"/wp-content/plugins/codup-woocommerce-dynamic-pricing-table-view/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,codup-woocommerce-dynamic-pricing-table-view,medium
+  tags: cve,wordpress,wp-plugin,codup-woocommerce-dynamic-pricing-table-view,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/codup-wp-freshsales-0a55644b51a5df02f2cc7d960c48224c.yaml b/nuclei-templates/cve-less/plugins/codup-wp-freshsales-0a55644b51a5df02f2cc7d960c48224c.yaml
index 3cf6daa9cd..c0b1090d49 100644
--- a/nuclei-templates/cve-less/plugins/codup-wp-freshsales-0a55644b51a5df02f2cc7d960c48224c.yaml
+++ b/nuclei-templates/cve-less/plugins/codup-wp-freshsales-0a55644b51a5df02f2cc7d960c48224c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress to Freshsales Integration <= 1.3.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress to Freshsales Integration plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/codup-wp-freshsales/"
     google-query: inurl:"/wp-content/plugins/codup-wp-freshsales/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,codup-wp-freshsales,medium
+  tags: cve,wordpress,wp-plugin,codup-wp-freshsales,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/collage-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/collage-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 74dc86330e..516f46cb14 100644
--- a/nuclei-templates/cve-less/plugins/collage-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/collage-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/collage-for-divi/"
     google-query: inurl:"/wp-content/plugins/collage-for-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,collage-for-divi,medium
+  tags: cve,wordpress,wp-plugin,collage-for-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/commenting-feature-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/commenting-feature-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index faf07ecc2f..681eb067dd 100644
--- a/nuclei-templates/cve-less/plugins/commenting-feature-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/commenting-feature-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/commenting-feature/"
     google-query: inurl:"/wp-content/plugins/commenting-feature/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,commenting-feature,medium
+  tags: cve,wordpress,wp-plugin,commenting-feature,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/comments-not-replied-to-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/comments-not-replied-to-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4afa7bd316..70b6cbba49 100644
--- a/nuclei-templates/cve-less/plugins/comments-not-replied-to-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/comments-not-replied-to-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/comments-not-replied-to/"
     google-query: inurl:"/wp-content/plugins/comments-not-replied-to/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,comments-not-replied-to,medium
+  tags: cve,wordpress,wp-plugin,comments-not-replied-to,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/commerce-coinbase-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/commerce-coinbase-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3bb5bb53ff..20f070f1e1 100644
--- a/nuclei-templates/cve-less/plugins/commerce-coinbase-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/commerce-coinbase-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/commerce-coinbase-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/commerce-coinbase-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,commerce-coinbase-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,commerce-coinbase-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/companion-auto-update-2e35c0afd479ebddda5688f51cb87b9d.yaml b/nuclei-templates/cve-less/plugins/companion-auto-update-2e35c0afd479ebddda5688f51cb87b9d.yaml
index f62ec44ac9..d3e4959dc3 100644
--- a/nuclei-templates/cve-less/plugins/companion-auto-update-2e35c0afd479ebddda5688f51cb87b9d.yaml
+++ b/nuclei-templates/cve-less/plugins/companion-auto-update-2e35c0afd479ebddda5688f51cb87b9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Companion Auto Update <= 3.3.5 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Companion Auto Update plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on several existing SQL queries. This makes it possible for authenticated attackers, with administrative privileges and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/companion-auto-update/"
     google-query: inurl:"/wp-content/plugins/companion-auto-update/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,companion-auto-update,high
+  tags: cve,wordpress,wp-plugin,companion-auto-update,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/computer-repair-shop-23022d4d8e20d83e1b4a708870cdf48e.yaml b/nuclei-templates/cve-less/plugins/computer-repair-shop-23022d4d8e20d83e1b4a708870cdf48e.yaml
index 2c66529a9f..709e12b50e 100644
--- a/nuclei-templates/cve-less/plugins/computer-repair-shop-23022d4d8e20d83e1b4a708870cdf48e.yaml
+++ b/nuclei-templates/cve-less/plugins/computer-repair-shop-23022d4d8e20d83e1b4a708870cdf48e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CRM WordPress Plugin – RepairBuddy <= 3.72 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The plugin CRM WordPress Plugin for WordPress is vulnerable to SQL injection via several parameters in versions up to, and including, 3.72 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation of the SQL query. This makes it possible for an attacker to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/computer-repair-shop/"
     google-query: inurl:"/wp-content/plugins/computer-repair-shop/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,computer-repair-shop,high
+  tags: cve,wordpress,wp-plugin,computer-repair-shop,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/computer-repair-shop-dececf152f183ba1e4159b4797e96e29.yaml b/nuclei-templates/cve-less/plugins/computer-repair-shop-dececf152f183ba1e4159b4797e96e29.yaml
index 6e178435d5..af5dfd22de 100644
--- a/nuclei-templates/cve-less/plugins/computer-repair-shop-dececf152f183ba1e4159b4797e96e29.yaml
+++ b/nuclei-templates/cve-less/plugins/computer-repair-shop-dececf152f183ba1e4159b4797e96e29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Computer Repair Shop < 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Computer Repair Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions before 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with admin-level privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/computer-repair-shop/"
     google-query: inurl:"/wp-content/plugins/computer-repair-shop/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,computer-repair-shop,medium
+  tags: cve,wordpress,wp-plugin,computer-repair-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/coneblog-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/coneblog-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6dc6a2f45e..e3b4e563db 100644
--- a/nuclei-templates/cve-less/plugins/coneblog-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/coneblog-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coneblog-widgets/"
     google-query: inurl:"/wp-content/plugins/coneblog-widgets/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,coneblog-widgets,medium
+  tags: cve,wordpress,wp-plugin,coneblog-widgets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/connected-sermons-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/connected-sermons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ec6a5d082b..f93ee88a4c 100644
--- a/nuclei-templates/cve-less/plugins/connected-sermons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/connected-sermons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/connected-sermons/"
     google-query: inurl:"/wp-content/plugins/connected-sermons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,connected-sermons,medium
+  tags: cve,wordpress,wp-plugin,connected-sermons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/connections-db180c33b0677e46a0a6bb8bb9ad8a71.yaml b/nuclei-templates/cve-less/plugins/connections-db180c33b0677e46a0a6bb8bb9ad8a71.yaml
index eebd49e687..80fffbd3c8 100644
--- a/nuclei-templates/cve-less/plugins/connections-db180c33b0677e46a0a6bb8bb9ad8a71.yaml
+++ b/nuclei-templates/cve-less/plugins/connections-db180c33b0677e46a0a6bb8bb9ad8a71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Connections Business Directory < 0.7.9.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Connections Business Directory for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 0.7.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/connections/"
     google-query: inurl:"/wp-content/plugins/connections/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,connections,medium
+  tags: cve,wordpress,wp-plugin,connections,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/constant-contact-forms-7651cce817269ea91d5fbe788e52194b.yaml b/nuclei-templates/cve-less/plugins/constant-contact-forms-7651cce817269ea91d5fbe788e52194b.yaml
index 186912ca37..84da73879a 100644
--- a/nuclei-templates/cve-less/plugins/constant-contact-forms-7651cce817269ea91d5fbe788e52194b.yaml
+++ b/nuclei-templates/cve-less/plugins/constant-contact-forms-7651cce817269ea91d5fbe788e52194b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Constant Contact Forms <= 2.0.2 - Missing Authorization via constant_contact_privacy_ajax_handler
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Constant Contact Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the constant_contact_privacy_ajax_handler function in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's privacy agreement settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/constant-contact-forms/"
     google-query: inurl:"/wp-content/plugins/constant-contact-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,constant-contact-forms,medium
+  tags: cve,wordpress,wp-plugin,constant-contact-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-dynamic-text-extension-8ba7976e3e4bdeede76b4a3300e51140.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-dynamic-text-extension-8ba7976e3e4bdeede76b4a3300e51140.yaml
index f549738703..e2c1359978 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-7-dynamic-text-extension-8ba7976e3e4bdeede76b4a3300e51140.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-7-dynamic-text-extension-8ba7976e3e4bdeede76b4a3300e51140.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form 7 Dynamic Text Extension <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form 7 Dynamic Text Extension plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7-dynamic-text-extension/"
     google-query: inurl:"/wp-content/plugins/contact-form-7-dynamic-text-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-7-dynamic-text-extension,medium
+  tags: cve,wordpress,wp-plugin,contact-form-7-dynamic-text-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-multi-step-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-multi-step-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 25e404f75f..d7d036f0db 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-7-multi-step-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-7-multi-step-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-7-multi-step-module/"
     google-query: inurl:"/wp-content/plugins/contact-form-7-multi-step-module/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-7-multi-step-module,medium
+  tags: cve,wordpress,wp-plugin,contact-form-7-multi-step-module,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-add-2fc7a8d84b84e65f1ccfb4b2642e31b7.yaml b/nuclei-templates/cve-less/plugins/contact-form-add-2fc7a8d84b84e65f1ccfb4b2642e31b7.yaml
index 70f1b98c9d..52d56edced 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-add-2fc7a8d84b84e65f1ccfb4b2642e31b7.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-add-2fc7a8d84b84e65f1ccfb4b2642e31b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Builder | Create Responsive Contact Forms <= 1.9.8.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Form Builder | Create Responsive Contact Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘form_id’ parameter in versions up to, and including, 1.9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-add/"
     google-query: inurl:"/wp-content/plugins/contact-form-add/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-add,medium
+  tags: cve,wordpress,wp-plugin,contact-form-add,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-builder-e751943c96e8083bbd38ea46395e441a.yaml b/nuclei-templates/cve-less/plugins/contact-form-builder-e751943c96e8083bbd38ea46395e441a.yaml
index 6adb89bfc0..9e1b1a4e3f 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-builder-e751943c96e8083bbd38ea46395e441a.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-builder-e751943c96e8083bbd38ea46395e441a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WDContactFormBuilder <= 1.0.24 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contact Form Builder plugin for WordPress is vulnerable to blind SQL Injection via the 'order_by' parameter in versions up to, and including, 1.0.24 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated Admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-builder/"
     google-query: inurl:"/wp-content/plugins/contact-form-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-builder,high
+  tags: cve,wordpress,wp-plugin,contact-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-3f35ac18f9207e0d36c74b4e353744ff.yaml b/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-3f35ac18f9207e0d36c74b4e353744ff.yaml
index fc4c1f5d5d..6f636b9891 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-3f35ac18f9207e0d36c74b4e353744ff.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-3f35ac18f9207e0d36c74b4e353744ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by Supsystic < 1.7.20 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fields label in versions before 1.7.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with admin-level privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/contact-form-by-supsystic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,contact-form-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-8496d75762eb7cc39ecc911adbe09233.yaml b/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-8496d75762eb7cc39ecc911adbe09233.yaml
index b594b7e013..d8caf95d1c 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-8496d75762eb7cc39ecc911adbe09233.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-8496d75762eb7cc39ecc911adbe09233.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by Supsystic <= 1.7.10 - SQL Injections
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Contact Form by Supsystic plugin for WordPress is vulnerable to generic SQL Injection via the 'sidx' and 'sord' parameters in versions up to, and including, 1.7.10 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/contact-form-by-supsystic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,contact-form-by-supsystic,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-cfdb7-4804713458840c235ae2e000980eb782.yaml b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-4804713458840c235ae2e000980eb782.yaml
index f47500286a..5e03b23f7b 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-cfdb7-4804713458840c235ae2e000980eb782.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-4804713458840c235ae2e000980eb782.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form 7 Database Addon <= 1.2.5.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Contact Form 7 Database Addon plugin for WordPress is vulnerable to SQL Injection in versions up to, and including 1.2.5.3, that makes it possible for attackers to append arbitrary SQL queries into an existing query via the form_id parameter. This can be exploit by authenticated attackers to retrieve sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-cfdb7/"
     google-query: inurl:"/wp-content/plugins/contact-form-cfdb7/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-cfdb7,high
+  tags: cve,wordpress,wp-plugin,contact-form-cfdb7,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-maker-60c3cd16f2597496a4651e0715286bc1.yaml b/nuclei-templates/cve-less/plugins/contact-form-maker-60c3cd16f2597496a4651e0715286bc1.yaml
index d1b0030590..a604b4c385 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-maker-60c3cd16f2597496a4651e0715286bc1.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-maker-60c3cd16f2597496a4651e0715286bc1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Maker <= 1.7.30 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contact Form Maker plugin for WordPress is vulnerable to blind SQL Injection via the ‘form_id’ parameter in versions before 1.7.31 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-maker/"
     google-query: inurl:"/wp-content/plugins/contact-form-maker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-maker,high
+  tags: cve,wordpress,wp-plugin,contact-form-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-plugin-bfef76276701b6af6e198a50eb02c42f.yaml b/nuclei-templates/cve-less/plugins/contact-form-plugin-bfef76276701b6af6e198a50eb02c42f.yaml
index a9658c9e56..76e0e46961 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-plugin-bfef76276701b6af6e198a50eb02c42f.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-plugin-bfef76276701b6af6e198a50eb02c42f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form <= 3.82 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form plugin WordPress is vulnerable to authorization bypass in versions up to, and including, 3.82. This is due to missing capability checks and nonce validation on the add and remove language AJAX functions. This makes it possible for authenticated subscriber+ attackers to use the AJAX actions to manipulate the language of the vulnerable service and potentially inject malicious web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-plugin/"
     google-query: inurl:"/wp-content/plugins/contact-form-plugin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-plugin,medium
+  tags: cve,wordpress,wp-plugin,contact-form-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-db-681fa4a6fa6cb7b76b53c0bb6085cace.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-db-681fa4a6fa6cb7b76b53c0bb6085cace.yaml
index 9d9e631e6e..4d6b345439 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-to-db-681fa4a6fa6cb7b76b53c0bb6085cace.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-to-db-681fa4a6fa6cb7b76b53c0bb6085cace.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form to DB <= 1.7.0 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form to DB plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-db/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-db/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-to-db,medium
+  tags: cve,wordpress,wp-plugin,contact-form-to-db,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-441ea60f05f966e781a45c27f0c1432d.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-441ea60f05f966e781a45c27f0c1432d.yaml
index d49a483617..f9e983fd3a 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-to-email-441ea60f05f966e781a45c27f0c1432d.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-441ea60f05f966e781a45c27f0c1432d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Email <= 1.3.11 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Contact Form Email plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.11. This is due to missing nonce validation on the 'cp_cfte_rep_enable' action. This makes it possible for unauthenticated attackers to modify plugin settings and inject malicious JavaScript via the 'cp_cfte_rep_message' parameter (in versions less than or equal to 1.1.4) via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-email/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-email/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-to-email,high
+  tags: cve,wordpress,wp-plugin,contact-form-to-email,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-c9506f63ff82213ed0ffcd809196c6f9.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-c9506f63ff82213ed0ffcd809196c6f9.yaml
index 24e7300e4f..d9030e4c51 100644
--- a/nuclei-templates/cve-less/plugins/contact-form-to-email-c9506f63ff82213ed0ffcd809196c6f9.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-c9506f63ff82213ed0ffcd809196c6f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form Email < 1.1.48 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Contact Form Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cal’ parameter in versions before 1.1.48 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-form-to-email/"
     google-query: inurl:"/wp-content/plugins/contact-form-to-email/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-form-to-email,high
+  tags: cve,wordpress,wp-plugin,contact-form-to-email,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-list-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/contact-list-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7b4acc2680..8fb528cf34 100644
--- a/nuclei-templates/cve-less/plugins/contact-list-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-list-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-list/"
     google-query: inurl:"/wp-content/plugins/contact-list/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-list,medium
+  tags: cve,wordpress,wp-plugin,contact-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-2961759aa56e979f7c4730d8320eec28.yaml b/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-2961759aa56e979f7c4730d8320eec28.yaml
index feddd827b7..6b38353f78 100644
--- a/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-2961759aa56e979f7c4730d8320eec28.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-2961759aa56e979f7c4730d8320eec28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The following plugins for WordPress are vulnerable to Cross-Site Request Forgery:
             
@@ -21,7 +21,7 @@ info:
     fofa-query: "wp-content/plugins/contact-us-page-contact-people/"
     google-query: inurl:"/wp-content/plugins/contact-us-page-contact-people/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-us-page-contact-people,high
+  tags: cve,wordpress,wp-plugin,contact-us-page-contact-people,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-500d22096689e74a2a7a6d680b428339.yaml b/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-500d22096689e74a2a7a6d680b428339.yaml
index dc26554bec..475b582fc0 100644
--- a/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-500d22096689e74a2a7a6d680b428339.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-500d22096689e74a2a7a6d680b428339.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Us Page – Contact People <= 3.6.1 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Contact Us Page – Contact People plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the reset_settings function. This makes it possible for unauthenticated attackers to rest the plugin to its defaults, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-us-page-contact-people/"
     google-query: inurl:"/wp-content/plugins/contact-us-page-contact-people/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-us-page-contact-people,high
+  tags: cve,wordpress,wp-plugin,contact-us-page-contact-people,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-b935aac9392ea74d48c16c20e8b0b995.yaml b/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-b935aac9392ea74d48c16c20e8b0b995.yaml
index c0ee042c01..a48575aa3c 100644
--- a/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-b935aac9392ea74d48c16c20e8b0b995.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-b935aac9392ea74d48c16c20e8b0b995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The a3 Lazy Load, a3 Portfolio, Contact Us Page – Contact People, Dynamic Product Gallery for WooCommerce, a3 Responsive Slider, and Compare Products for WooCommerce plugins for WordPress are vulnerable to Cross-Site Request Forgery respectively in versions up to, and including, 2.5.0, 3.0.0, 3.6.0, 2.9.0, 2.0.12, 2.8.0. This is due to missing nonce validation on the save_settings function present in all three plugins. This makes it possible for unauthenticated attackers to to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.  
             
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/contact-us-page-contact-people/"
     google-query: inurl:"/wp-content/plugins/contact-us-page-contact-people/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-us-page-contact-people,high
+  tags: cve,wordpress,wp-plugin,contact-us-page-contact-people,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contact-widgets-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/contact-widgets-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ad67d31b72..b330e436d2 100644
--- a/nuclei-templates/cve-less/plugins/contact-widgets-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/contact-widgets-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contact-widgets-for-elementor/"
     google-query: inurl:"/wp-content/plugins/contact-widgets-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contact-widgets-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,contact-widgets-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/content-aware-sidebars-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/content-aware-sidebars-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c694c5429f..7504f19569 100644
--- a/nuclei-templates/cve-less/plugins/content-aware-sidebars-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/content-aware-sidebars-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-aware-sidebars/"
     google-query: inurl:"/wp-content/plugins/content-aware-sidebars/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,content-aware-sidebars,medium
+  tags: cve,wordpress,wp-plugin,content-aware-sidebars,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/content-protector-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/content-protector-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index daad031a7a..cd31e848f4 100644
--- a/nuclei-templates/cve-less/plugins/content-protector-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/content-protector-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-protector/"
     google-query: inurl:"/wp-content/plugins/content-protector/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,content-protector,medium
+  tags: cve,wordpress,wp-plugin,content-protector,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/content-restrictor-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/content-restrictor-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c89ce6c844..d174682d5d 100644
--- a/nuclei-templates/cve-less/plugins/content-restrictor-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/content-restrictor-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-restrictor-for-divi/"
     google-query: inurl:"/wp-content/plugins/content-restrictor-for-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,content-restrictor-for-divi,medium
+  tags: cve,wordpress,wp-plugin,content-restrictor-for-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/content-slide-d36d80c800d370d4009d1b192f222cc5.yaml b/nuclei-templates/cve-less/plugins/content-slide-d36d80c800d370d4009d1b192f222cc5.yaml
index a386a12a22..91e3a654f1 100644
--- a/nuclei-templates/cve-less/plugins/content-slide-d36d80c800d370d4009d1b192f222cc5.yaml
+++ b/nuclei-templates/cve-less/plugins/content-slide-d36d80c800d370d4009d1b192f222cc5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Content Slide <= 1.4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Content Slide plugin for WordPress is vulnerable to Cross-Site Scripting via the 'wpcs_options[slide_image1]' parameter in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-slide/"
     google-query: inurl:"/wp-content/plugins/content-slide/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,content-slide,medium
+  tags: cve,wordpress,wp-plugin,content-slide,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/content-warning-v2-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/content-warning-v2-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d2634a37dd..aa5bc644ef 100644
--- a/nuclei-templates/cve-less/plugins/content-warning-v2-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/content-warning-v2-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/content-warning-v2/"
     google-query: inurl:"/wp-content/plugins/content-warning-v2/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,content-warning-v2,medium
+  tags: cve,wordpress,wp-plugin,content-warning-v2,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contentstudio-573a62057c81ca4962d570ce03558e74.yaml b/nuclei-templates/cve-less/plugins/contentstudio-573a62057c81ca4962d570ce03558e74.yaml
index 3844b2ef0a..d147a51488 100644
--- a/nuclei-templates/cve-less/plugins/contentstudio-573a62057c81ca4962d570ce03558e74.yaml
+++ b/nuclei-templates/cve-less/plugins/contentstudio-573a62057c81ca4962d570ce03558e74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ContentStudio <= 1.1.8 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The ContentStudio  plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the cstu_set_token functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to  set the plugin's API token (via cstu_set_token), which allows further actions such as creating posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contentstudio/"
     google-query: inurl:"/wp-content/plugins/contentstudio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contentstudio,critical
+  tags: cve,wordpress,wp-plugin,contentstudio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contest-code-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/contest-code-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4838a7ac01..70f2336fd7 100644
--- a/nuclei-templates/cve-less/plugins/contest-code-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/contest-code-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-code-checker/"
     google-query: inurl:"/wp-content/plugins/contest-code-checker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contest-code-checker,medium
+  tags: cve,wordpress,wp-plugin,contest-code-checker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-adf21f96bc20b891592eb95e06429f24.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-adf21f96bc20b891592eb95e06429f24.yaml
index 2c386ad3f2..e537917e5d 100644
--- a/nuclei-templates/cve-less/plugins/contest-gallery-adf21f96bc20b891592eb95e06429f24.yaml
+++ b/nuclei-templates/cve-less/plugins/contest-gallery-adf21f96bc20b891592eb95e06429f24.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery – Files Upload and Contest Plugin for WordPress <= 17.0.4 - Admin+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Contest Gallery – Files Upload and Contest Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the ID variable supplied via the post_contest_gallery_action_ajax AJAX action. This can only be exploited by administrative-level users and above to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contest-gallery,high
+  tags: cve,wordpress,wp-plugin,contest-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-f0c828ee470540e4c37a94d5e7637488.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-f0c828ee470540e4c37a94d5e7637488.yaml
index 73a1cf8893..65f03eeab9 100644
--- a/nuclei-templates/cve-less/plugins/contest-gallery-f0c828ee470540e4c37a94d5e7637488.yaml
+++ b/nuclei-templates/cve-less/plugins/contest-gallery-f0c828ee470540e4c37a94d5e7637488.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contest Gallery < 13.1.0.7 - Authenticated Email Address Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contest Gallery plugin for WordPress is vulnerable to Sensitive Data Exposure in versions before 13.1.0.7 via the cg_remove_not_required_coded_csvs function due to insufficient capability checks. This makes it possible for authenticated attackers with subscriber-level privileges and above to extract sensitive data including usernames and email addresses.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contest-gallery/"
     google-query: inurl:"/wp-content/plugins/contest-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contest-gallery,medium
+  tags: cve,wordpress,wp-plugin,contest-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contextual-adminbar-color-aaa55eb82dbd089503acfbd59b1c1516.yaml b/nuclei-templates/cve-less/plugins/contextual-adminbar-color-aaa55eb82dbd089503acfbd59b1c1516.yaml
index 2ee9aecc2d..26fc89d18c 100644
--- a/nuclei-templates/cve-less/plugins/contextual-adminbar-color-aaa55eb82dbd089503acfbd59b1c1516.yaml
+++ b/nuclei-templates/cve-less/plugins/contextual-adminbar-color-aaa55eb82dbd089503acfbd59b1c1516.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contextual Adminbar Color <= 0.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contextual Adminbar Color plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contextual-adminbar-color/"
     google-query: inurl:"/wp-content/plugins/contextual-adminbar-color/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contextual-adminbar-color,medium
+  tags: cve,wordpress,wp-plugin,contextual-adminbar-color,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contextual-related-posts-5edac4e24aea010bac0d630a89afdf47.yaml b/nuclei-templates/cve-less/plugins/contextual-related-posts-5edac4e24aea010bac0d630a89afdf47.yaml
index 7a2930a43a..1dbea912af 100644
--- a/nuclei-templates/cve-less/plugins/contextual-related-posts-5edac4e24aea010bac0d630a89afdf47.yaml
+++ b/nuclei-templates/cve-less/plugins/contextual-related-posts-5edac4e24aea010bac0d630a89afdf47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contextual Related Posts <= 3.3.1 - Missing Authorization in crp_ajax_clearcache
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contextual Related Posts plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the crp_ajax_clearcache function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the Contextual Related Posts cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contextual-related-posts/"
     google-query: inurl:"/wp-content/plugins/contextual-related-posts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contextual-related-posts,medium
+  tags: cve,wordpress,wp-plugin,contextual-related-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/contus-video-comments-5f9367f594e64f78f39747766e36b5a7.yaml b/nuclei-templates/cve-less/plugins/contus-video-comments-5f9367f594e64f78f39747766e36b5a7.yaml
index be0ce5758e..e8c6407eaa 100644
--- a/nuclei-templates/cve-less/plugins/contus-video-comments-5f9367f594e64f78f39747766e36b5a7.yaml
+++ b/nuclei-templates/cve-less/plugins/contus-video-comments-5f9367f594e64f78f39747766e36b5a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contus Video Comments <= 1.0 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contus Video Comments plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the file_put_contents function in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload .jpg images anywhere in the WordPress installation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/contus-video-comments/"
     google-query: inurl:"/wp-content/plugins/contus-video-comments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,contus-video-comments,medium
+  tags: cve,wordpress,wp-plugin,contus-video-comments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/conversion-de-moneda-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/conversion-de-moneda-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 316595bf0a..c949036b89 100644
--- a/nuclei-templates/cve-less/plugins/conversion-de-moneda-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/conversion-de-moneda-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/conversion-de-moneda/"
     google-query: inurl:"/wp-content/plugins/conversion-de-moneda/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,conversion-de-moneda,medium
+  tags: cve,wordpress,wp-plugin,conversion-de-moneda,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cookie-law-bar-daa176383a0d1a1f03b0870eb52cd5ab.yaml b/nuclei-templates/cve-less/plugins/cookie-law-bar-daa176383a0d1a1f03b0870eb52cd5ab.yaml
index 6c19b7ac6e..e2da27dfdd 100644
--- a/nuclei-templates/cve-less/plugins/cookie-law-bar-daa176383a0d1a1f03b0870eb52cd5ab.yaml
+++ b/nuclei-templates/cve-less/plugins/cookie-law-bar-daa176383a0d1a1f03b0870eb52cd5ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Law Bar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cookie Law Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cookie-law-bar/"
     google-query: inurl:"/wp-content/plugins/cookie-law-bar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cookie-law-bar,medium
+  tags: cve,wordpress,wp-plugin,cookie-law-bar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/coru-lfmember-62e533687797ef0b9325ac92a155944b.yaml b/nuclei-templates/cve-less/plugins/coru-lfmember-62e533687797ef0b9325ac92a155944b.yaml
index 0d3c8d24d2..cd585b29ae 100644
--- a/nuclei-templates/cve-less/plugins/coru-lfmember-62e533687797ef0b9325ac92a155944b.yaml
+++ b/nuclei-templates/cve-less/plugins/coru-lfmember-62e533687797ef0b9325ac92a155944b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coru LFMember <= 1.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Coru LFMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the /coru-lfmember-game-page.php function. This makes it possible for unauthenticated attackers to delete and activate arbitrary games via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/coru-lfmember/"
     google-query: inurl:"/wp-content/plugins/coru-lfmember/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,coru-lfmember,high
+  tags: cve,wordpress,wp-plugin,coru-lfmember,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/count-per-day-8219532133f7917d1e83bbff3f75f37b.yaml b/nuclei-templates/cve-less/plugins/count-per-day-8219532133f7917d1e83bbff3f75f37b.yaml
index f8f174faf6..cd3e77395a 100644
--- a/nuclei-templates/cve-less/plugins/count-per-day-8219532133f7917d1e83bbff3f75f37b.yaml
+++ b/nuclei-templates/cve-less/plugins/count-per-day-8219532133f7917d1e83bbff3f75f37b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Count per Day < 3.2.6 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Count per Day plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP Referer header in versions before 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/count-per-day/"
     google-query: inurl:"/wp-content/plugins/count-per-day/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,count-per-day,high
+  tags: cve,wordpress,wp-plugin,count-per-day,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/count-per-day-95e1c7301e20b06d93d00a27ff0164ee.yaml b/nuclei-templates/cve-less/plugins/count-per-day-95e1c7301e20b06d93d00a27ff0164ee.yaml
index 1b41bb047b..8514469206 100644
--- a/nuclei-templates/cve-less/plugins/count-per-day-95e1c7301e20b06d93d00a27ff0164ee.yaml
+++ b/nuclei-templates/cve-less/plugins/count-per-day-95e1c7301e20b06d93d00a27ff0164ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Count per Day < 3.5.5 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Count per Day plugin for WordPress is vulnerable to Cross-Site Scripting via the 'limit' parameter in versions up to, and including, 3.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/count-per-day/"
     google-query: inurl:"/wp-content/plugins/count-per-day/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,count-per-day,high
+  tags: cve,wordpress,wp-plugin,count-per-day,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/countdown-builder-fc7104705e7470f1c2f9c7438b20c375.yaml b/nuclei-templates/cve-less/plugins/countdown-builder-fc7104705e7470f1c2f9c7438b20c375.yaml
index 5cbf8f3d91..23c9020be9 100644
--- a/nuclei-templates/cve-less/plugins/countdown-builder-fc7104705e7470f1c2f9c7438b20c375.yaml
+++ b/nuclei-templates/cve-less/plugins/countdown-builder-fc7104705e7470f1c2f9c7438b20c375.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.3.9.5 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The plugin Countdown, Coming Soon, Maintenance – Countdown & Clock for WordPress is vulnerable to Stored Cross-Site Scripting. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/countdown-builder/"
     google-query: inurl:"/wp-content/plugins/countdown-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,countdown-builder,medium
+  tags: cve,wordpress,wp-plugin,countdown-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/counter-box-ac3838985ebca1d5500d58f039c66d50.yaml b/nuclei-templates/cve-less/plugins/counter-box-ac3838985ebca1d5500d58f039c66d50.yaml
index 32f8311125..288b6f33ff 100644
--- a/nuclei-templates/cve-less/plugins/counter-box-ac3838985ebca1d5500d58f039c66d50.yaml
+++ b/nuclei-templates/cve-less/plugins/counter-box-ac3838985ebca1d5500d58f039c66d50.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Counter Box – WordPress plugin for countdown, timer, counter <= 1.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Counter Box plugin for WordPress is vulnerable to time-based blind SQL Injection via the ‘s’ parameter in versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/counter-box/"
     google-query: inurl:"/wp-content/plugins/counter-box/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,counter-box,high
+  tags: cve,wordpress,wp-plugin,counter-box,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/court-reservation-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/court-reservation-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 609debd645..e81d7f16d4 100644
--- a/nuclei-templates/cve-less/plugins/court-reservation-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/court-reservation-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/court-reservation/"
     google-query: inurl:"/wp-content/plugins/court-reservation/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,court-reservation,medium
+  tags: cve,wordpress,wp-plugin,court-reservation,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cp-simple-newsletter-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/cp-simple-newsletter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0f7ef23e98..64c14a7318 100644
--- a/nuclei-templates/cve-less/plugins/cp-simple-newsletter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/cp-simple-newsletter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cp-simple-newsletter/"
     google-query: inurl:"/wp-content/plugins/cp-simple-newsletter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cp-simple-newsletter,medium
+  tags: cve,wordpress,wp-plugin,cp-simple-newsletter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-3b77b21efbe327e0220e81411dd8c94e.yaml b/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-3b77b21efbe327e0220e81411dd8c94e.yaml
index 0cf5384a07..e90b9cb6c3 100644
--- a/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-3b77b21efbe327e0220e81411dd8c94e.yaml
+++ b/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-3b77b21efbe327e0220e81411dd8c94e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crayon Syntax Highlighter  2.0 - 2.6.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Crayon Syntax Highlighter Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the crayon-theme-editor-save AJAX action in versions 2.0 - 2.6.10. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to overwrite theme files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crayon-syntax-highlighter/"
     google-query: inurl:"/wp-content/plugins/crayon-syntax-highlighter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,medium
+  tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/crelly-slider-c49e2e06de0a40bb63220fc2a17c181a.yaml b/nuclei-templates/cve-less/plugins/crelly-slider-c49e2e06de0a40bb63220fc2a17c181a.yaml
index 73815100ca..d3fc7dcd38 100644
--- a/nuclei-templates/cve-less/plugins/crelly-slider-c49e2e06de0a40bb63220fc2a17c181a.yaml
+++ b/nuclei-templates/cve-less/plugins/crelly-slider-c49e2e06de0a40bb63220fc2a17c181a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crelly Slider <= 1.1.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Crelly Slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter found in the ~/wordpress/admin.php file in versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/crelly-slider/"
     google-query: inurl:"/wp-content/plugins/crelly-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,crelly-slider,high
+  tags: cve,wordpress,wp-plugin,crelly-slider,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4622752095..a3f24c934c 100644
--- a/nuclei-templates/cve-less/plugins/cryptocurrency-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/cryptocurrency-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cryptocurrency/"
     google-query: inurl:"/wp-content/plugins/cryptocurrency/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cryptocurrency,medium
+  tags: cve,wordpress,wp-plugin,cryptocurrency,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-product-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-product-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0dabe63413..7d3cc33466 100644
--- a/nuclei-templates/cve-less/plugins/cryptocurrency-product-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/cryptocurrency-product-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cryptocurrency-product-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/cryptocurrency-product-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cryptocurrency-product-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,cryptocurrency-product-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-codes-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/custom-codes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b4d8f85450..e18d70c97c 100644
--- a/nuclei-templates/cve-less/plugins/custom-codes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-codes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-codes/"
     google-query: inurl:"/wp-content/plugins/custom-codes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-codes,medium
+  tags: cve,wordpress,wp-plugin,custom-codes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-colors-for-real-estate-manager-26658d0497122e0a7345c841c1d21163.yaml b/nuclei-templates/cve-less/plugins/custom-colors-for-real-estate-manager-26658d0497122e0a7345c841c1d21163.yaml
index 2dd125ede2..3aac05d669 100644
--- a/nuclei-templates/cve-less/plugins/custom-colors-for-real-estate-manager-26658d0497122e0a7345c841c1d21163.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-colors-for-real-estate-manager-26658d0497122e0a7345c841c1d21163.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Colors for Real Estate Manager <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Colors for Real Estate Manager plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to and including 1.0. This appears to require subscriber-level authentication to exploit.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-colors-for-real-estate-manager/"
     google-query: inurl:"/wp-content/plugins/custom-colors-for-real-estate-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-colors-for-real-estate-manager,medium
+  tags: cve,wordpress,wp-plugin,custom-colors-for-real-estate-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-contact-forms-b5107e8a16fdf42082a09176739d6a43.yaml b/nuclei-templates/cve-less/plugins/custom-contact-forms-b5107e8a16fdf42082a09176739d6a43.yaml
index 6c61d4e2a4..cf566ef756 100644
--- a/nuclei-templates/cve-less/plugins/custom-contact-forms-b5107e8a16fdf42082a09176739d6a43.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-contact-forms-b5107e8a16fdf42082a09176739d6a43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Contact Forms <= 5.1.0.3 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Custom Contact Forms plugin for WordPress is vulnerable to authentication bypass due to missing capability checks on admin_init() function called via an 'init' hook in versions before 5.1.0.4. This makes it possible for unauthenticated attackers to download and modify the database of the affected site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-contact-forms/"
     google-query: inurl:"/wp-content/plugins/custom-contact-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-contact-forms,critical
+  tags: cve,wordpress,wp-plugin,custom-contact-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-field-suite-f70de88be0d0ac1b3e5a362aa6fdf31c.yaml b/nuclei-templates/cve-less/plugins/custom-field-suite-f70de88be0d0ac1b3e5a362aa6fdf31c.yaml
index 62fbb56b43..85fc672566 100644
--- a/nuclei-templates/cve-less/plugins/custom-field-suite-f70de88be0d0ac1b3e5a362aa6fdf31c.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-field-suite-f70de88be0d0ac1b3e5a362aa6fdf31c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Field Suite <= 2.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Custom Field Suite plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in the ajax_handler() function in versions up to, and including, 2.4.1 This makes it possible for unauthorized attackers to access and execute otherwise restricted AJAX actions, such as importing and exporting custom fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-field-suite/"
     google-query: inurl:"/wp-content/plugins/custom-field-suite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-field-suite,medium
+  tags: cve,wordpress,wp-plugin,custom-field-suite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-page-templates-by-vegacorp-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/custom-page-templates-by-vegacorp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2f6a855cee..c3430a5045 100644
--- a/nuclei-templates/cve-less/plugins/custom-page-templates-by-vegacorp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-page-templates-by-vegacorp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-page-templates-by-vegacorp/"
     google-query: inurl:"/wp-content/plugins/custom-page-templates-by-vegacorp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-page-templates-by-vegacorp,medium
+  tags: cve,wordpress,wp-plugin,custom-page-templates-by-vegacorp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-permalinks-a4a1da4d7b74087a323eb167fd7b89be.yaml b/nuclei-templates/cve-less/plugins/custom-permalinks-a4a1da4d7b74087a323eb167fd7b89be.yaml
index 325560637c..95070a89d0 100644
--- a/nuclei-templates/cve-less/plugins/custom-permalinks-a4a1da4d7b74087a323eb167fd7b89be.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-permalinks-a4a1da4d7b74087a323eb167fd7b89be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Permalinks <= 1.1 -Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Custom Permalinks plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-permalinks/"
     google-query: inurl:"/wp-content/plugins/custom-permalinks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-permalinks,medium
+  tags: cve,wordpress,wp-plugin,custom-permalinks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-permalinks-b5323eb3191a74d0ae4ca412560414da.yaml b/nuclei-templates/cve-less/plugins/custom-permalinks-b5323eb3191a74d0ae4ca412560414da.yaml
index 426305a74d..3535f3b356 100644
--- a/nuclei-templates/cve-less/plugins/custom-permalinks-b5323eb3191a74d0ae4ca412560414da.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-permalinks-b5323eb3191a74d0ae4ca412560414da.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Permalinks <= 1.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Custom Permalinks plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-permalinks/"
     google-query: inurl:"/wp-content/plugins/custom-permalinks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-permalinks,high
+  tags: cve,wordpress,wp-plugin,custom-permalinks,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-post-type-ui-cc0bb9dcf67e5af12d7fa45c43bf04f1.yaml b/nuclei-templates/cve-less/plugins/custom-post-type-ui-cc0bb9dcf67e5af12d7fa45c43bf04f1.yaml
index 10d5625b8b..197a844a7d 100644
--- a/nuclei-templates/cve-less/plugins/custom-post-type-ui-cc0bb9dcf67e5af12d7fa45c43bf04f1.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-post-type-ui-cc0bb9dcf67e5af12d7fa45c43bf04f1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Post Type UI <= 1.7.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Custom Post Type UI plugin for WordPress is vulnerable to Cross-Site Request forgery in versions up to, and including 1.7.3, due missing nonce validation on the import functionality that makes it possible for attackers to trick site administrators into performing unwanted actions such as importing new post types containing malicious web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-post-type-ui/"
     google-query: inurl:"/wp-content/plugins/custom-post-type-ui/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-post-type-ui,high
+  tags: cve,wordpress,wp-plugin,custom-post-type-ui,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-post-types-dc2b0f4dde9149582362d961339fc430.yaml b/nuclei-templates/cve-less/plugins/custom-post-types-dc2b0f4dde9149582362d961339fc430.yaml
index 9d796941b6..5707e07bf2 100644
--- a/nuclei-templates/cve-less/plugins/custom-post-types-dc2b0f4dde9149582362d961339fc430.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-post-types-dc2b0f4dde9149582362d961339fc430.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom post types <= 4.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 5.0.0 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-post-types/"
     google-query: inurl:"/wp-content/plugins/custom-post-types/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-post-types,medium
+  tags: cve,wordpress,wp-plugin,custom-post-types,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-registration-and-login-forms-with-new-recaptcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/custom-registration-and-login-forms-with-new-recaptcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 664fb32d26..07df1fb0a5 100644
--- a/nuclei-templates/cve-less/plugins/custom-registration-and-login-forms-with-new-recaptcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-registration-and-login-forms-with-new-recaptcha-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-and-login-forms-with-new-recaptcha/"
     google-query: inurl:"/wp-content/plugins/custom-registration-and-login-forms-with-new-recaptcha/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-registration-and-login-forms-with-new-recaptcha,medium
+  tags: cve,wordpress,wp-plugin,custom-registration-and-login-forms-with-new-recaptcha,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-12554d58fa3f58e451e08d638496a899.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-12554d58fa3f58e451e08d638496a899.yaml
index 736519506b..b498112535 100644
--- a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-12554d58fa3f58e451e08d638496a899.yaml
+++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-12554d58fa3f58e451e08d638496a899.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The RegistrationMagic - Custom Registration Forms plugin for WordPress is vulnerable to generic SQL Injection via the 'rm_form_id' field in versions up to, and including, 3.8.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high
+  tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-c4c5307df5e11c4cb59893ef8ef58c8a.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-c4c5307df5e11c4cb59893ef8ef58c8a.yaml
index 5c1a57b2d7..f64a56d2a7 100644
--- a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-c4c5307df5e11c4cb59893ef8ef58c8a.yaml
+++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-c4c5307df5e11c4cb59893ef8ef58c8a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Reviews for WooCommerce <= 5.38.1 - Missing Authorization via manual review reminders
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the manual_review_reminder, manual_wa_review_reminder, and manual_review_reminder_conf functions in all versions up to 5.38.2 (exclusive). This makes it possible for authenticated attackers, with subscriber access and above, to configure and send manual review reminders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-reviews-woocommerce/"
     google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-d87bb9dcf525660329cf7bc1593d3596.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-d87bb9dcf525660329cf7bc1593d3596.yaml
index c4699bfce9..8bd2fb5fd8 100644
--- a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-d87bb9dcf525660329cf7bc1593d3596.yaml
+++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-d87bb9dcf525660329cf7bc1593d3596.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX actions in versions up to, and including, 5.36.0. This makes it possible for authenticated attackers with subscriber level access to cancel exports and obtain progress reports on exports.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customer-reviews-woocommerce/"
     google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/customize-login-aa4710021e6cea364e343185a5562523.yaml b/nuclei-templates/cve-less/plugins/customize-login-aa4710021e6cea364e343185a5562523.yaml
index 85d44fdb68..1a372a1a50 100644
--- a/nuclei-templates/cve-less/plugins/customize-login-aa4710021e6cea364e343185a5562523.yaml
+++ b/nuclei-templates/cve-less/plugins/customize-login-aa4710021e6cea364e343185a5562523.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Customize Login <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Customize Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘changelogourl’ and ‘cuslog_logotitle’ parameters in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/customize-login/"
     google-query: inurl:"/wp-content/plugins/customize-login/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,customize-login,medium
+  tags: cve,wordpress,wp-plugin,customize-login,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cyberus-key-ebb0aac77c202e0b9298617914b34a43.yaml b/nuclei-templates/cve-less/plugins/cyberus-key-ebb0aac77c202e0b9298617914b34a43.yaml
index fe8bb35e49..f3bfbc4220 100644
--- a/nuclei-templates/cve-less/plugins/cyberus-key-ebb0aac77c202e0b9298617914b34a43.yaml
+++ b/nuclei-templates/cve-less/plugins/cyberus-key-ebb0aac77c202e0b9298617914b34a43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cyberus Key <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Cyberus Key plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cyberus-key/"
     google-query: inurl:"/wp-content/plugins/cyberus-key/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cyberus-key,medium
+  tags: cve,wordpress,wp-plugin,cyberus-key,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/cyclone-slider-225f7f3db7dcaeda4fe6b0e7795cf610.yaml b/nuclei-templates/cve-less/plugins/cyclone-slider-225f7f3db7dcaeda4fe6b0e7795cf610.yaml
index 721c116f8c..73d9da9c44 100644
--- a/nuclei-templates/cve-less/plugins/cyclone-slider-225f7f3db7dcaeda4fe6b0e7795cf610.yaml
+++ b/nuclei-templates/cve-less/plugins/cyclone-slider-225f7f3db7dcaeda4fe6b0e7795cf610.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cyclone Slider <= 3.2.0 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Cyclone Slider Plugin is vulnerable to Remote Code Execution via the slider import functionality in versions up to, and including, 3.2.0, due to the use of the 'createfromimage' function as the sole method of validating file type. This allows authenticated users with administrative privileges to upload and extract zip files containing polyglot PHP webshells that are also valid images.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/cyclone-slider/"
     google-query: inurl:"/wp-content/plugins/cyclone-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,cyclone-slider,high
+  tags: cve,wordpress,wp-plugin,cyclone-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/da-reactions-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/da-reactions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b3d8f691e4..52a2d8513a 100644
--- a/nuclei-templates/cve-less/plugins/da-reactions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/da-reactions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/da-reactions/"
     google-query: inurl:"/wp-content/plugins/da-reactions/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,da-reactions,medium
+  tags: cve,wordpress,wp-plugin,da-reactions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dancepress-trwa-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/dancepress-trwa-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 57c75e478b..9ae20c2675 100644
--- a/nuclei-templates/cve-less/plugins/dancepress-trwa-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/dancepress-trwa-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dancepress-trwa/"
     google-query: inurl:"/wp-content/plugins/dancepress-trwa/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dancepress-trwa,medium
+  tags: cve,wordpress,wp-plugin,dancepress-trwa,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dark-mode-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/dark-mode-18966e8228314b8165d39d48519f43cc.yaml
index be0f45961b..b6e984a8eb 100644
--- a/nuclei-templates/cve-less/plugins/dark-mode-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/dark-mode-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dark-mode/"
     google-query: inurl:"/wp-content/plugins/dark-mode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dark-mode,medium
+  tags: cve,wordpress,wp-plugin,dark-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/darklup-lite-wp-dark-mode-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/darklup-lite-wp-dark-mode-18966e8228314b8165d39d48519f43cc.yaml
index 6a9d194e57..a907e9fa02 100644
--- a/nuclei-templates/cve-less/plugins/darklup-lite-wp-dark-mode-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/darklup-lite-wp-dark-mode-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/darklup-lite-wp-dark-mode/"
     google-query: inurl:"/wp-content/plugins/darklup-lite-wp-dark-mode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,darklup-lite-wp-dark-mode,medium
+  tags: cve,wordpress,wp-plugin,darklup-lite-wp-dark-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dashboard-welcome-for-elementor-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/dashboard-welcome-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
index 6e1b7dbaef..6f8ab9e0af 100644
--- a/nuclei-templates/cve-less/plugins/dashboard-welcome-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/dashboard-welcome-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dashboard-welcome-for-elementor/"
     google-query: inurl:"/wp-content/plugins/dashboard-welcome-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dashboard-welcome-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,dashboard-welcome-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dashylite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/dashylite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3459508a53..8ed150f7ab 100644
--- a/nuclei-templates/cve-less/plugins/dashylite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/dashylite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dashylite/"
     google-query: inurl:"/wp-content/plugins/dashylite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dashylite,medium
+  tags: cve,wordpress,wp-plugin,dashylite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-22fbc746f561f8f03289b13752af9220.yaml b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-22fbc746f561f8f03289b13752af9220.yaml
index ea8bed5023..6ad67c4e92 100644
--- a/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-22fbc746f561f8f03289b13752af9220.yaml
+++ b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-22fbc746f561f8f03289b13752af9220.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Data Tables Generator by Supsystic <= 1.9.99 - Time-Based Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to time-based blind SQL Injection via the ‘data[search][text_like]’ parameter in versions up to, and including, 1.9.99 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/database-browser-e2758e6d7a956b70bbb3456d32eb61ef.yaml b/nuclei-templates/cve-less/plugins/database-browser-e2758e6d7a956b70bbb3456d32eb61ef.yaml
index 6c6fab94c2..cdb8a5c0cc 100644
--- a/nuclei-templates/cve-less/plugins/database-browser-e2758e6d7a956b70bbb3456d32eb61ef.yaml
+++ b/nuclei-templates/cve-less/plugins/database-browser-e2758e6d7a956b70bbb3456d32eb61ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Database Browser <= 1.4.4 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Database Browser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters including query names in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the dashboard.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/database-browser/"
     google-query: inurl:"/wp-content/plugins/database-browser/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,database-browser,medium
+  tags: cve,wordpress,wp-plugin,database-browser,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/date-time-picker-field-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/date-time-picker-field-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 63f6a05b43..874d13bf52 100644
--- a/nuclei-templates/cve-less/plugins/date-time-picker-field-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/date-time-picker-field-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/date-time-picker-field/"
     google-query: inurl:"/wp-content/plugins/date-time-picker-field/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,date-time-picker-field,medium
+  tags: cve,wordpress,wp-plugin,date-time-picker-field,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-8cf78197e7d698f2f23c8fbd16dab60a.yaml b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-8cf78197e7d698f2f23c8fbd16dab60a.yaml
index 0e5766d884..d86e87a75a 100644
--- a/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-8cf78197e7d698f2f23c8fbd16dab60a.yaml
+++ b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-8cf78197e7d698f2f23c8fbd16dab60a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Multivendor Marketplace Solution for WooCommerce plugin is vulnerable to Local File Inclusion via the 'wcmp_announcements_refresh_tab_data' unprotected AJAX action in versions up to, and including, 3.8.11.8. This allows unauthenticated attackers to include arbitrary files on the local filesystem, potentially granting access to sensitive information or restricted areas.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/"
     google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,high
+  tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/deal-of-the-day-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/deal-of-the-day-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 679c192d29..e78c88db30 100644
--- a/nuclei-templates/cve-less/plugins/deal-of-the-day-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/deal-of-the-day-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/deal-of-the-day/"
     google-query: inurl:"/wp-content/plugins/deal-of-the-day/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,deal-of-the-day,medium
+  tags: cve,wordpress,wp-plugin,deal-of-the-day,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/deeper-comments-349bcd84d9f8de30085279d049beebc1.yaml b/nuclei-templates/cve-less/plugins/deeper-comments-349bcd84d9f8de30085279d049beebc1.yaml
index 04d55ae932..a64e30f534 100644
--- a/nuclei-templates/cve-less/plugins/deeper-comments-349bcd84d9f8de30085279d049beebc1.yaml
+++ b/nuclei-templates/cve-less/plugins/deeper-comments-349bcd84d9f8de30085279d049beebc1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Deeper Comments <= 2.1.1 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Deeper Comments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_options function in versions up to, and including, 2.1.1. This makes it possible for authenticated attackers with subscriber access and above, to modify arbitrary site options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/deeper-comments/"
     google-query: inurl:"/wp-content/plugins/deeper-comments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,deeper-comments,high
+  tags: cve,wordpress,wp-plugin,deeper-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/delete-all-comments-of-website-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/delete-all-comments-of-website-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 724f6509f2..e7748de8cc 100644
--- a/nuclei-templates/cve-less/plugins/delete-all-comments-of-website-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/delete-all-comments-of-website-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/delete-all-comments-of-website/"
     google-query: inurl:"/wp-content/plugins/delete-all-comments-of-website/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,delete-all-comments-of-website,medium
+  tags: cve,wordpress,wp-plugin,delete-all-comments-of-website,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/delete-duplicate-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/delete-duplicate-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ac6e002151..6c3009cd35 100644
--- a/nuclei-templates/cve-less/plugins/delete-duplicate-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/delete-duplicate-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/delete-duplicate-posts/"
     google-query: inurl:"/wp-content/plugins/delete-duplicate-posts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,delete-duplicate-posts,medium
+  tags: cve,wordpress,wp-plugin,delete-duplicate-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/delete-old-posts-programmatically-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/delete-old-posts-programmatically-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e507c4736e..4579b196cc 100644
--- a/nuclei-templates/cve-less/plugins/delete-old-posts-programmatically-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/delete-old-posts-programmatically-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/delete-old-posts-programmatically/"
     google-query: inurl:"/wp-content/plugins/delete-old-posts-programmatically/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,delete-old-posts-programmatically,medium
+  tags: cve,wordpress,wp-plugin,delete-old-posts-programmatically,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/delicious-recipes-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/delicious-recipes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7752ca5023..701d71d1cd 100644
--- a/nuclei-templates/cve-less/plugins/delicious-recipes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/delicious-recipes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/delicious-recipes/"
     google-query: inurl:"/wp-content/plugins/delicious-recipes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,delicious-recipes,medium
+  tags: cve,wordpress,wp-plugin,delicious-recipes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/delivery-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/delivery-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e885c49028..e21165ddc6 100644
--- a/nuclei-templates/cve-less/plugins/delivery-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/delivery-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/delivery-woo/"
     google-query: inurl:"/wp-content/plugins/delivery-woo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,delivery-woo,medium
+  tags: cve,wordpress,wp-plugin,delivery-woo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/demomentsomtres-address-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/demomentsomtres-address-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1d51bb2ebd..ab54d40f35 100644
--- a/nuclei-templates/cve-less/plugins/demomentsomtres-address-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/demomentsomtres-address-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/demomentsomtres-address/"
     google-query: inurl:"/wp-content/plugins/demomentsomtres-address/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,demomentsomtres-address,medium
+  tags: cve,wordpress,wp-plugin,demomentsomtres-address,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/demomentsomtres-grid-archive-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/demomentsomtres-grid-archive-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4dc00bf8bb..9d175dcd5e 100644
--- a/nuclei-templates/cve-less/plugins/demomentsomtres-grid-archive-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/demomentsomtres-grid-archive-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/demomentsomtres-grid-archive/"
     google-query: inurl:"/wp-content/plugins/demomentsomtres-grid-archive/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,demomentsomtres-grid-archive,medium
+  tags: cve,wordpress,wp-plugin,demomentsomtres-grid-archive,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/demomentsomtres-media-tools-auto-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/demomentsomtres-media-tools-auto-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index dd3a023964..6d7ad9b25d 100644
--- a/nuclei-templates/cve-less/plugins/demomentsomtres-media-tools-auto-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/demomentsomtres-media-tools-auto-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/demomentsomtres-media-tools-auto/"
     google-query: inurl:"/wp-content/plugins/demomentsomtres-media-tools-auto/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,demomentsomtres-media-tools-auto,medium
+  tags: cve,wordpress,wp-plugin,demomentsomtres-media-tools-auto,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/devformatter-26f3ee9e0b5d3d296c77f279bcf1dce7.yaml b/nuclei-templates/cve-less/plugins/devformatter-26f3ee9e0b5d3d296c77f279bcf1dce7.yaml
index 3f89bac76f..a4527afa66 100644
--- a/nuclei-templates/cve-less/plugins/devformatter-26f3ee9e0b5d3d296c77f279bcf1dce7.yaml
+++ b/nuclei-templates/cve-less/plugins/devformatter-26f3ee9e0b5d3d296c77f279bcf1dce7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Developer Formatter < 2013.0.1.41 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Developer Formatter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 2013.0.1.41. This is due to missing or incorrect nonce validation on the devfmt_addPage() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/devformatter/"
     google-query: inurl:"/wp-content/plugins/devformatter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,devformatter,high
+  tags: cve,wordpress,wp-plugin,devformatter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dewplayer-flash-mp3-player-1da0a6197b1106904178e0b8178f3b2f.yaml b/nuclei-templates/cve-less/plugins/dewplayer-flash-mp3-player-1da0a6197b1106904178e0b8178f3b2f.yaml
index c1d4538d8d..b18fc0c50a 100644
--- a/nuclei-templates/cve-less/plugins/dewplayer-flash-mp3-player-1da0a6197b1106904178e0b8178f3b2f.yaml
+++ b/nuclei-templates/cve-less/plugins/dewplayer-flash-mp3-player-1da0a6197b1106904178e0b8178f3b2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dewplayer <= 1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Dewplayer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the XML file supplied via the xml parameter. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dewplayer-flash-mp3-player/"
     google-query: inurl:"/wp-content/plugins/dewplayer-flash-mp3-player/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dewplayer-flash-mp3-player,medium
+  tags: cve,wordpress,wp-plugin,dewplayer-flash-mp3-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dexs-pm-system-9badde4161dcfe466c75ad211f71fa17.yaml b/nuclei-templates/cve-less/plugins/dexs-pm-system-9badde4161dcfe466c75ad211f71fa17.yaml
index 9ea2855180..51e8cfb1c8 100644
--- a/nuclei-templates/cve-less/plugins/dexs-pm-system-9badde4161dcfe466c75ad211f71fa17.yaml
+++ b/nuclei-templates/cve-less/plugins/dexs-pm-system-9badde4161dcfe466c75ad211f71fa17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dexs PM System <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Dexs PM System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level privileges and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dexs-pm-system/"
     google-query: inurl:"/wp-content/plugins/dexs-pm-system/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dexs-pm-system,medium
+  tags: cve,wordpress,wp-plugin,dexs-pm-system,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-4de4b5fb4c51e07373cc17e285c57285.yaml b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-4de4b5fb4c51e07373cc17e285c57285.yaml
index 28d2443e10..c990ae14db 100644
--- a/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-4de4b5fb4c51e07373cc17e285c57285.yaml
+++ b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-4de4b5fb4c51e07373cc17e285c57285.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Digital Publications by Supsystic <= 1.6.12 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Digital Publications by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via all of the input fields when editing a publication in versions up to, and including, 1.6.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/digital-publications-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/digital-publications-by-supsystic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-739db2cc0c9500d655d27c730225e398.yaml b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-739db2cc0c9500d655d27c730225e398.yaml
index ab31832dd2..57a71cd193 100644
--- a/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-739db2cc0c9500d655d27c730225e398.yaml
+++ b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-739db2cc0c9500d655d27c730225e398.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Digital Publications by Supsystic <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Digital Publications by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/digital-publications-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/digital-publications-by-supsystic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,medium
+  tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/direct-checkout-for-woocommerce-5db488a5ce4a9b749eec8867f89dee42.yaml b/nuclei-templates/cve-less/plugins/direct-checkout-for-woocommerce-5db488a5ce4a9b749eec8867f89dee42.yaml
index 5639bd29a1..e8d28e2cbb 100644
--- a/nuclei-templates/cve-less/plugins/direct-checkout-for-woocommerce-5db488a5ce4a9b749eec8867f89dee42.yaml
+++ b/nuclei-templates/cve-less/plugins/direct-checkout-for-woocommerce-5db488a5ce4a9b749eec8867f89dee42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Direct Checkout for WooCommerce – Skip Cart with Buy Buttons <= 1.2 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Direct Checkout for WooCommerce – Skip Cart with Buy Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/direct-checkout-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/direct-checkout-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,direct-checkout-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,direct-checkout-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/directorist-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/directorist-18966e8228314b8165d39d48519f43cc.yaml
index 32ec7beeb6..abbb56ea6c 100644
--- a/nuclei-templates/cve-less/plugins/directorist-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/directorist-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/directorist/"
     google-query: inurl:"/wp-content/plugins/directorist/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,directorist,medium
+  tags: cve,wordpress,wp-plugin,directorist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/display-admin-page-on-frontend-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/display-admin-page-on-frontend-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1f1045038c..ee12a1c187 100644
--- a/nuclei-templates/cve-less/plugins/display-admin-page-on-frontend-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/display-admin-page-on-frontend-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/display-admin-page-on-frontend/"
     google-query: inurl:"/wp-content/plugins/display-admin-page-on-frontend/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,display-admin-page-on-frontend,medium
+  tags: cve,wordpress,wp-plugin,display-admin-page-on-frontend,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/disqus-comment-system-10705e3d714d3c8649004193cb95f340.yaml b/nuclei-templates/cve-less/plugins/disqus-comment-system-10705e3d714d3c8649004193cb95f340.yaml
index 8575ccaf91..ed76e0e68e 100644
--- a/nuclei-templates/cve-less/plugins/disqus-comment-system-10705e3d714d3c8649004193cb95f340.yaml
+++ b/nuclei-templates/cve-less/plugins/disqus-comment-system-10705e3d714d3c8649004193cb95f340.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Disqus Comment System < 2.68 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Disqus Comment System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the User-Agent HTTP Header in versions before 2.68 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/disqus-comment-system/"
     google-query: inurl:"/wp-content/plugins/disqus-comment-system/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,disqus-comment-system,high
+  tags: cve,wordpress,wp-plugin,disqus-comment-system,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/divi-builder-aabb704338c74a997901edf2f42d1b76.yaml b/nuclei-templates/cve-less/plugins/divi-builder-aabb704338c74a997901edf2f42d1b76.yaml
index effaa617b9..75c65b9850 100644
--- a/nuclei-templates/cve-less/plugins/divi-builder-aabb704338c74a997901edf2f42d1b76.yaml
+++ b/nuclei-templates/cve-less/plugins/divi-builder-aabb704338c74a997901edf2f42d1b76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elegant Themes (Various Versions) - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elegant Themes Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.17.2 in addition to the following themes: Divi <= 3.17.2 and Extra <= 2.17.2 due to insufficient input sanitization and output escaping in the post builder. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/divi-builder/"
     google-query: inurl:"/wp-content/plugins/divi-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,divi-builder,medium
+  tags: cve,wordpress,wp-plugin,divi-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/domain-mapping-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/domain-mapping-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 17d3cd1e24..abd4a21847 100644
--- a/nuclei-templates/cve-less/plugins/domain-mapping-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/domain-mapping-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/domain-mapping-system/"
     google-query: inurl:"/wp-content/plugins/domain-mapping-system/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,domain-mapping-system,medium
+  tags: cve,wordpress,wp-plugin,domain-mapping-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/donate-with-qrcode-53c85ef54b387a398b144244c40bd611.yaml b/nuclei-templates/cve-less/plugins/donate-with-qrcode-53c85ef54b387a398b144244c40bd611.yaml
index 7651ba338b..b9ce19fa8d 100644
--- a/nuclei-templates/cve-less/plugins/donate-with-qrcode-53c85ef54b387a398b144244c40bd611.yaml
+++ b/nuclei-templates/cve-less/plugins/donate-with-qrcode-53c85ef54b387a398b144244c40bd611.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donate With QRCode <= 1.4.5 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Donate With QRCode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.5. This is due to missing or incorrect nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update arbitrary plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/donate-with-qrcode/"
     google-query: inurl:"/wp-content/plugins/donate-with-qrcode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,donate-with-qrcode,high
+  tags: cve,wordpress,wp-plugin,donate-with-qrcode,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/donorbox-donation-form-4667942accde23610dd8e0b089b22f23.yaml b/nuclei-templates/cve-less/plugins/donorbox-donation-form-4667942accde23610dd8e0b089b22f23.yaml
index f269365755..0b4c0ffdb6 100644
--- a/nuclei-templates/cve-less/plugins/donorbox-donation-form-4667942accde23610dd8e0b089b22f23.yaml
+++ b/nuclei-templates/cve-less/plugins/donorbox-donation-form-4667942accde23610dd8e0b089b22f23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Donorbox <= 7.1.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Donorbox plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 7.1.1 via storing shortcodes due to insufficient input sanitization and output escaping. This makes it possible for privileged attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/donorbox-donation-form/"
     google-query: inurl:"/wp-content/plugins/donorbox-donation-form/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,donorbox-donation-form,medium
+  tags: cve,wordpress,wp-plugin,donorbox-donation-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/double-opt-in-for-download-1963440e9d46a424a870f14bf4b601ac.yaml b/nuclei-templates/cve-less/plugins/double-opt-in-for-download-1963440e9d46a424a870f14bf4b601ac.yaml
index 8b5f4dfb50..3d0b5e6fd6 100644
--- a/nuclei-templates/cve-less/plugins/double-opt-in-for-download-1963440e9d46a424a870f14bf4b601ac.yaml
+++ b/nuclei-templates/cve-less/plugins/double-opt-in-for-download-1963440e9d46a424a870f14bf4b601ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Double Opt-In for Download <= 2.0.9 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Double Opt-In for Download Plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in versions up to, and including, 2.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/double-opt-in-for-download/"
     google-query: inurl:"/wp-content/plugins/double-opt-in-for-download/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,double-opt-in-for-download,high
+  tags: cve,wordpress,wp-plugin,double-opt-in-for-download,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-manager-02ae4a0720867671dd11925e4a221a75.yaml b/nuclei-templates/cve-less/plugins/download-manager-02ae4a0720867671dd11925e4a221a75.yaml
index 98c7321bd1..5d1c9248dc 100644
--- a/nuclei-templates/cve-less/plugins/download-manager-02ae4a0720867671dd11925e4a221a75.yaml
+++ b/nuclei-templates/cve-less/plugins/download-manager-02ae4a0720867671dd11925e4a221a75.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 2.9.45 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WordPress Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.45. This is due to missing or incorrect nonce validation on the request of saving settings. This makes it possible for unauthenticated attackers to modify administrative settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-manager-03366e13fcca1db85a35f2268a00796c.yaml b/nuclei-templates/cve-less/plugins/download-manager-03366e13fcca1db85a35f2268a00796c.yaml
index 343c94e779..072de3033c 100644
--- a/nuclei-templates/cve-less/plugins/download-manager-03366e13fcca1db85a35f2268a00796c.yaml
+++ b/nuclei-templates/cve-less/plugins/download-manager-03366e13fcca1db85a35f2268a00796c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 2.8.7 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Download Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the savePackage() function in versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to associate arbitrary files with posts and subsequently download those files causing sensitive information disclosure.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-manager,critical
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-manager-0fbbdf117a58185e2bf8aba144015927.yaml b/nuclei-templates/cve-less/plugins/download-manager-0fbbdf117a58185e2bf8aba144015927.yaml
index b9d106154f..0dc585f999 100644
--- a/nuclei-templates/cve-less/plugins/download-manager-0fbbdf117a58185e2bf8aba144015927.yaml
+++ b/nuclei-templates/cve-less/plugins/download-manager-0fbbdf117a58185e2bf8aba144015927.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager < 3.1.22 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WordPress Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 3.1.22. This is due to missing or incorrect nonce validation on the pluginUpdate() and Privacy() functions. This makes it possible for unauthenticated attackers to arbitrarily modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-manager-3654cd4919a2027fb17d521b494ff35a.yaml b/nuclei-templates/cve-less/plugins/download-manager-3654cd4919a2027fb17d521b494ff35a.yaml
index 82bb8c9dce..09a472ad67 100644
--- a/nuclei-templates/cve-less/plugins/download-manager-3654cd4919a2027fb17d521b494ff35a.yaml
+++ b/nuclei-templates/cve-less/plugins/download-manager-3654cd4919a2027fb17d521b494ff35a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 2.7.94 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file name of the uploaded file in versions up to, and including, 2.7.95 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-manager-7367ffe725d32472b793d84e3d0fe0d9.yaml b/nuclei-templates/cve-less/plugins/download-manager-7367ffe725d32472b793d84e3d0fe0d9.yaml
index 6fdbe7379b..ab7039479b 100644
--- a/nuclei-templates/cve-less/plugins/download-manager-7367ffe725d32472b793d84e3d0fe0d9.yaml
+++ b/nuclei-templates/cve-less/plugins/download-manager-7367ffe725d32472b793d84e3d0fe0d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 2.5.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Download Manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.5.8 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-manager-8c46bf632b1c3634dd29de610dae2727.yaml b/nuclei-templates/cve-less/plugins/download-manager-8c46bf632b1c3634dd29de610dae2727.yaml
index cdf9054e9b..02b4924a34 100644
--- a/nuclei-templates/cve-less/plugins/download-manager-8c46bf632b1c3634dd29de610dae2727.yaml
+++ b/nuclei-templates/cve-less/plugins/download-manager-8c46bf632b1c3634dd29de610dae2727.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager < 3.1.19 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WordPress Download Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpdm_admin_upload_file function in versions before 3.1.19. Dangerous extensions such as .php4 are not restricted. This makes it possible for authenticated attackers with Author-level privileges and above to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-manager-b1861af38d12189832b1b119b32a79ef.yaml b/nuclei-templates/cve-less/plugins/download-manager-b1861af38d12189832b1b119b32a79ef.yaml
index 51e6168c51..49cfaeb701 100644
--- a/nuclei-templates/cve-less/plugins/download-manager-b1861af38d12189832b1b119b32a79ef.yaml
+++ b/nuclei-templates/cve-less/plugins/download-manager-b1861af38d12189832b1b119b32a79ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 2.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Download Manager plugin for WordPress is vulnerable to Cross-Site Scripting via the 'cid' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-manager-da52023c7620366d69c94922efd73968.yaml b/nuclei-templates/cve-less/plugins/download-manager-da52023c7620366d69c94922efd73968.yaml
index 877a46ef39..658c0601f6 100644
--- a/nuclei-templates/cve-less/plugins/download-manager-da52023c7620366d69c94922efd73968.yaml
+++ b/nuclei-templates/cve-less/plugins/download-manager-da52023c7620366d69c94922efd73968.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Manager <= 3.1.17 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Download Manager plugin for WordPress is vulnerable to unauthorized download duplication in versions up to, and including, 3.1.17. This is due to missing authorization and nonce validation on the duplicate() function. This makes it possible for unauthenticated attackers to duplicate any of a vulnerable sites downloads.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-manager-de94c31f4187177567b889a40327a1d3.yaml b/nuclei-templates/cve-less/plugins/download-manager-de94c31f4187177567b889a40327a1d3.yaml
index 1e62d8568d..c465e46753 100644
--- a/nuclei-templates/cve-less/plugins/download-manager-de94c31f4187177567b889a40327a1d3.yaml
+++ b/nuclei-templates/cve-less/plugins/download-manager-de94c31f4187177567b889a40327a1d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 2.9.96 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Download Manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.9.96 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-manager,medium
+  tags: cve,wordpress,wp-plugin,download-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-manager-edb73da37a786109cf2a1c2cf12e6eb7.yaml b/nuclei-templates/cve-less/plugins/download-manager-edb73da37a786109cf2a1c2cf12e6eb7.yaml
index c2999c0963..44ef07f95e 100644
--- a/nuclei-templates/cve-less/plugins/download-manager-edb73da37a786109cf2a1c2cf12e6eb7.yaml
+++ b/nuclei-templates/cve-less/plugins/download-manager-edb73da37a786109cf2a1c2cf12e6eb7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Download Manager <= 3.2.12 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WordPress Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.12. This is due to missing or incorrect nonce validation on the preview() function. This makes it possible for unauthenticated attackers to save the plugins email settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-manager/"
     google-query: inurl:"/wp-content/plugins/download-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-manager,high
+  tags: cve,wordpress,wp-plugin,download-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-monitor-2f1f33bfd002c22ab758b0590571cc4a.yaml b/nuclei-templates/cve-less/plugins/download-monitor-2f1f33bfd002c22ab758b0590571cc4a.yaml
index de2bd5fc5f..cb6d399849 100644
--- a/nuclei-templates/cve-less/plugins/download-monitor-2f1f33bfd002c22ab758b0590571cc4a.yaml
+++ b/nuclei-templates/cve-less/plugins/download-monitor-2f1f33bfd002c22ab758b0590571cc4a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 1.9.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the delete_logs() and export_logs() functions in versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to delete and export several log types.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-monitor,medium
+  tags: cve,wordpress,wp-plugin,download-monitor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-monitor-95ac055a4400e480693a1f956a7737eb.yaml b/nuclei-templates/cve-less/plugins/download-monitor-95ac055a4400e480693a1f956a7737eb.yaml
index cd3aa10f24..48638c18c5 100644
--- a/nuclei-templates/cve-less/plugins/download-monitor-95ac055a4400e480693a1f956a7737eb.yaml
+++ b/nuclei-templates/cve-less/plugins/download-monitor-95ac055a4400e480693a1f956a7737eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 4.7.2 - Authenticated Directory Traversal to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Monitor plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.7.2 via the list_files function. This allows users with manage_downloads permissions to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-monitor,medium
+  tags: cve,wordpress,wp-plugin,download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/download-monitor-fa3ec4c554fb01ca3485de73728dd008.yaml b/nuclei-templates/cve-less/plugins/download-monitor-fa3ec4c554fb01ca3485de73728dd008.yaml
index 4a574788d8..7efdf4d21e 100644
--- a/nuclei-templates/cve-less/plugins/download-monitor-fa3ec4c554fb01ca3485de73728dd008.yaml
+++ b/nuclei-templates/cve-less/plugins/download-monitor-fa3ec4c554fb01ca3485de73728dd008.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Download Monitor <= 4.7.60 - Missing Authorization to Authenticated Data Export
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to an insufficient capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.60. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to view user data and other sensitive information intended for administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/download-monitor/"
     google-query: inurl:"/wp-content/plugins/download-monitor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,download-monitor,medium
+  tags: cve,wordpress,wp-plugin,download-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/drag-and-drop-form-builder-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/drag-and-drop-form-builder-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3295a75305..81cca6aeae 100644
--- a/nuclei-templates/cve-less/plugins/drag-and-drop-form-builder-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/drag-and-drop-form-builder-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drag-and-drop-form-builder-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/drag-and-drop-form-builder-for-contact-form-7/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,drag-and-drop-form-builder-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,drag-and-drop-form-builder-for-contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-for-woocommerce-0921939ba9d36b3bc7ef6782c794b5c5.yaml b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-for-woocommerce-0921939ba9d36b3bc7ef6782c794b5c5.yaml
index 4ce31e5aec..e6da6160c2 100644
--- a/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-for-woocommerce-0921939ba9d36b3bc7ef6782c794b5c5.yaml
+++ b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-for-woocommerce-0921939ba9d36b3bc7ef6782c794b5c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Missing Authorization in upload and delete_file
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload and delete_file functions in versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber-level permissions, to perform an unauthorized file upload or delete files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/drawblog-d1894aa72265b74c9b59e10ca93f4375.yaml b/nuclei-templates/cve-less/plugins/drawblog-d1894aa72265b74c9b59e10ca93f4375.yaml
index ca84905e5a..bfdaf6a3aa 100644
--- a/nuclei-templates/cve-less/plugins/drawblog-d1894aa72265b74c9b59e10ca93f4375.yaml
+++ b/nuclei-templates/cve-less/plugins/drawblog-d1894aa72265b74c9b59e10ca93f4375.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DrawBlog < 0.81 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The DrawBlog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 0.81. This is due to missing or incorrect nonce validation on the drawblog_update_options function. This makes it possible for unauthenticated attackers to arbitrarily change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drawblog/"
     google-query: inurl:"/wp-content/plugins/drawblog/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,drawblog,high
+  tags: cve,wordpress,wp-plugin,drawblog,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/drip-feed-content-extended-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/drip-feed-content-extended-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8416d42adc..d86a7bd30f 100644
--- a/nuclei-templates/cve-less/plugins/drip-feed-content-extended-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/drip-feed-content-extended-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drip-feed-content-extended-for-learndash/"
     google-query: inurl:"/wp-content/plugins/drip-feed-content-extended-for-learndash/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,drip-feed-content-extended-for-learndash,medium
+  tags: cve,wordpress,wp-plugin,drip-feed-content-extended-for-learndash,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/drop-shadow-boxes-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/drop-shadow-boxes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index be636b8945..3f54d1af49 100644
--- a/nuclei-templates/cve-less/plugins/drop-shadow-boxes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/drop-shadow-boxes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/drop-shadow-boxes/"
     google-query: inurl:"/wp-content/plugins/drop-shadow-boxes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,drop-shadow-boxes,medium
+  tags: cve,wordpress,wp-plugin,drop-shadow-boxes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dropdown-and-scrollable-text-746ab5fca61ed161758f284f4d55f254.yaml b/nuclei-templates/cve-less/plugins/dropdown-and-scrollable-text-746ab5fca61ed161758f284f4d55f254.yaml
index bbdac5b671..1a037157a7 100644
--- a/nuclei-templates/cve-less/plugins/dropdown-and-scrollable-text-746ab5fca61ed161758f284f4d55f254.yaml
+++ b/nuclei-templates/cve-less/plugins/dropdown-and-scrollable-text-746ab5fca61ed161758f284f4d55f254.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dropdown and scrollable Text <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The plugin Dropdown and scrollable Text for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dropdown-and-scrollable-text/"
     google-query: inurl:"/wp-content/plugins/dropdown-and-scrollable-text/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dropdown-and-scrollable-text,medium
+  tags: cve,wordpress,wp-plugin,dropdown-and-scrollable-text,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ds-suit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ds-suit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index eb468038be..f3602f7ad3 100644
--- a/nuclei-templates/cve-less/plugins/ds-suit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ds-suit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ds-suit/"
     google-query: inurl:"/wp-content/plugins/ds-suit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ds-suit,medium
+  tags: cve,wordpress,wp-plugin,ds-suit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dsp_dating-a4b85243ad36c1329732b5275f246278.yaml b/nuclei-templates/cve-less/plugins/dsp_dating-a4b85243ad36c1329732b5275f246278.yaml
index 9390d97176..f230615841 100644
--- a/nuclei-templates/cve-less/plugins/dsp_dating-a4b85243ad36c1329732b5275f246278.yaml
+++ b/nuclei-templates/cve-less/plugins/dsp_dating-a4b85243ad36c1329732b5275f246278.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPDating <= 7.4.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WPDating plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 7.4.1. This is due to missing file type validation on one of the plugin's functions. While the source of information claims that this is a cross-site request forgery vulnerability that requires tricking an administrative user to click a link in order to exploit the vulnerability, we believe that this may be exploitable by unauthenticated users as well after analyzing the provided proof of concepts. This makes it possible for unauthenticated attackers to upload malicious files to the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dsp_dating/"
     google-query: inurl:"/wp-content/plugins/dsp_dating/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dsp_dating,high
+  tags: cve,wordpress,wp-plugin,dsp_dating,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dsubscribers-58dabace517bb3fd14d9bc2e6628a726.yaml b/nuclei-templates/cve-less/plugins/dsubscribers-58dabace517bb3fd14d9bc2e6628a726.yaml
index 33c3d93ae0..c7237520ee 100644
--- a/nuclei-templates/cve-less/plugins/dsubscribers-58dabace517bb3fd14d9bc2e6628a726.yaml
+++ b/nuclei-templates/cve-less/plugins/dsubscribers-58dabace517bb3fd14d9bc2e6628a726.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DSubscribers < 1.2.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The DSubscribers plugin for WordPress is vulnerable to SQL Injection via the ‘dsubscribers’ parameter in versions before 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dsubscribers/"
     google-query: inurl:"/wp-content/plugins/dsubscribers/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dsubscribers,high
+  tags: cve,wordpress,wp-plugin,dsubscribers,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/duplicate-page-2d87c0364307edea9fea6b2a2be6834f.yaml b/nuclei-templates/cve-less/plugins/duplicate-page-2d87c0364307edea9fea6b2a2be6834f.yaml
index ca06c91255..d57e67b341 100644
--- a/nuclei-templates/cve-less/plugins/duplicate-page-2d87c0364307edea9fea6b2a2be6834f.yaml
+++ b/nuclei-templates/cve-less/plugins/duplicate-page-2d87c0364307edea9fea6b2a2be6834f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Page Plugins <= (Various Versions) - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Duplicate Page and Post, WP Post Page Clone and Duplicate Page plugins for WordPress are vulnerable to SQL Injection via the ‘post’ parameter in versions up to, and including, 2.5.6, 1.1, and 3.3 respectively, due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-page/"
     google-query: inurl:"/wp-content/plugins/duplicate-page/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,duplicate-page,high
+  tags: cve,wordpress,wp-plugin,duplicate-page,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/duplicate-page-fd184e22776918171b2daf7b166b3579.yaml b/nuclei-templates/cve-less/plugins/duplicate-page-fd184e22776918171b2daf7b166b3579.yaml
index 71b070eaae..2c006c57b1 100644
--- a/nuclei-templates/cve-less/plugins/duplicate-page-fd184e22776918171b2daf7b166b3579.yaml
+++ b/nuclei-templates/cve-less/plugins/duplicate-page-fd184e22776918171b2daf7b166b3579.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Page <= 3.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Duplicate Page plugin for WordPress is vulnerable to generic SQL Injection via the ‘post' parameter in versions up to, and including, 3.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for non-privileged attackers (Ex. subscribers) to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-page/"
     google-query: inurl:"/wp-content/plugins/duplicate-page/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,duplicate-page,high
+  tags: cve,wordpress,wp-plugin,duplicate-page,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/duplicate-post-517e55dfe7f60b7457c238ed215d0a10.yaml b/nuclei-templates/cve-less/plugins/duplicate-post-517e55dfe7f60b7457c238ed215d0a10.yaml
index 157b8f54d3..7b52d43314 100644
--- a/nuclei-templates/cve-less/plugins/duplicate-post-517e55dfe7f60b7457c238ed215d0a10.yaml
+++ b/nuclei-templates/cve-less/plugins/duplicate-post-517e55dfe7f60b7457c238ed215d0a10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast Duplicate Post <= 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yoast Duplicate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.3. This makes it possible for high-level authenticated users, such as administrators, to inject arbitrary web scripts into administrative pages via several parameters such as 'duplicate_post_title_prefix'. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-post/"
     google-query: inurl:"/wp-content/plugins/duplicate-post/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,duplicate-post,medium
+  tags: cve,wordpress,wp-plugin,duplicate-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/duplicate-variations-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/duplicate-variations-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 010df339d8..b6e19777f1 100644
--- a/nuclei-templates/cve-less/plugins/duplicate-variations-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/duplicate-variations-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-variations-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/duplicate-variations-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,duplicate-variations-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,duplicate-variations-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-2d87c0364307edea9fea6b2a2be6834f.yaml b/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-2d87c0364307edea9fea6b2a2be6834f.yaml
index fcc22492ba..e5b4663b9e 100644
--- a/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-2d87c0364307edea9fea6b2a2be6834f.yaml
+++ b/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-2d87c0364307edea9fea6b2a2be6834f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Page Plugins <= (Various Versions) - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Duplicate Page and Post, WP Post Page Clone and Duplicate Page plugins for WordPress are vulnerable to SQL Injection via the ‘post’ parameter in versions up to, and including, 2.5.6, 1.1, and 3.3 respectively, due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-wp-page-post/"
     google-query: inurl:"/wp-content/plugins/duplicate-wp-page-post/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,duplicate-wp-page-post,high
+  tags: cve,wordpress,wp-plugin,duplicate-wp-page-post,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-e4d1ad7c2888a8ba91b50fa79c134af9.yaml b/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-e4d1ad7c2888a8ba91b50fa79c134af9.yaml
index 942ff226d0..297a2efdfb 100644
--- a/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-e4d1ad7c2888a8ba91b50fa79c134af9.yaml
+++ b/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-e4d1ad7c2888a8ba91b50fa79c134af9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Duplicate Page and Post plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 2.7 on the dpp_page_settings page. This allows authenticated users with administrative permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicate-wp-page-post/"
     google-query: inurl:"/wp-content/plugins/duplicate-wp-page-post/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,duplicate-wp-page-post,medium
+  tags: cve,wordpress,wp-plugin,duplicate-wp-page-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/duplicator-22105b80b6b00742d7d1393ced18465f.yaml b/nuclei-templates/cve-less/plugins/duplicator-22105b80b6b00742d7d1393ced18465f.yaml
index 59c48ea685..ee0b2bd63f 100644
--- a/nuclei-templates/cve-less/plugins/duplicator-22105b80b6b00742d7d1393ced18465f.yaml
+++ b/nuclei-templates/cve-less/plugins/duplicator-22105b80b6b00742d7d1393ced18465f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicator <= 0.5.14 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Duplicator plugin for WordPress is vulnerable to SQL Injection in versions up to and including 0.5.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicator/"
     google-query: inurl:"/wp-content/plugins/duplicator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,duplicator,high
+  tags: cve,wordpress,wp-plugin,duplicator,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/duplicator-988ed918d003525e19a036e7fba12cab.yaml b/nuclei-templates/cve-less/plugins/duplicator-988ed918d003525e19a036e7fba12cab.yaml
index ecc4fa2a21..e9d4881d82 100644
--- a/nuclei-templates/cve-less/plugins/duplicator-988ed918d003525e19a036e7fba12cab.yaml
+++ b/nuclei-templates/cve-less/plugins/duplicator-988ed918d003525e19a036e7fba12cab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicator <= 0.5.26 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Duplicator plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.5.26 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/duplicator/"
     google-query: inurl:"/wp-content/plugins/duplicator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,duplicator,medium
+  tags: cve,wordpress,wp-plugin,duplicator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dw-question-answer-515c6f7cdb52a3563e73406fbbc7b42a.yaml b/nuclei-templates/cve-less/plugins/dw-question-answer-515c6f7cdb52a3563e73406fbbc7b42a.yaml
index 1589c63bb3..d25196da33 100644
--- a/nuclei-templates/cve-less/plugins/dw-question-answer-515c6f7cdb52a3563e73406fbbc7b42a.yaml
+++ b/nuclei-templates/cve-less/plugins/dw-question-answer-515c6f7cdb52a3563e73406fbbc7b42a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DW Question & Answer < 1.4.2.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The DW Question & Answer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dwqa_anonymous_name’ parameter in versions up to, and including, 1.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dw-question-answer/"
     google-query: inurl:"/wp-content/plugins/dw-question-answer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dw-question-answer,medium
+  tags: cve,wordpress,wp-plugin,dw-question-answer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dx-delete-attached-media-8b0729074646bdcd5148e643a832f062.yaml b/nuclei-templates/cve-less/plugins/dx-delete-attached-media-8b0729074646bdcd5148e643a832f062.yaml
index fe20aceea6..63bf5fdfb9 100644
--- a/nuclei-templates/cve-less/plugins/dx-delete-attached-media-8b0729074646bdcd5148e643a832f062.yaml
+++ b/nuclei-templates/cve-less/plugins/dx-delete-attached-media-8b0729074646bdcd5148e643a832f062.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DX Delete Attached Media <= 2.0.2 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The DX Delete Attached Media plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_to_base function in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dx-delete-attached-media/"
     google-query: inurl:"/wp-content/plugins/dx-delete-attached-media/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dx-delete-attached-media,medium
+  tags: cve,wordpress,wp-plugin,dx-delete-attached-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dyslexiefont-e3c56661b9733debd3e6fea53555b839.yaml b/nuclei-templates/cve-less/plugins/dyslexiefont-e3c56661b9733debd3e6fea53555b839.yaml
index 5a1938b019..74925e346e 100644
--- a/nuclei-templates/cve-less/plugins/dyslexiefont-e3c56661b9733debd3e6fea53555b839.yaml
+++ b/nuclei-templates/cve-less/plugins/dyslexiefont-e3c56661b9733debd3e6fea53555b839.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dyslexiefont Free <= 0.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Dyslexiefont Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dyslexiefont/"
     google-query: inurl:"/wp-content/plugins/dyslexiefont/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dyslexiefont,medium
+  tags: cve,wordpress,wp-plugin,dyslexiefont,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dzs-videogallery-b558d2c101e0c756483bb33734bc9369.yaml b/nuclei-templates/cve-less/plugins/dzs-videogallery-b558d2c101e0c756483bb33734bc9369.yaml
index 8ad03d1d9b..35ee827cef 100644
--- a/nuclei-templates/cve-less/plugins/dzs-videogallery-b558d2c101e0c756483bb33734bc9369.yaml
+++ b/nuclei-templates/cve-less/plugins/dzs-videogallery-b558d2c101e0c756483bb33734bc9369.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DZS Video Gallery <= 3.1.3 - Limited Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The DZS Video Gallery plugin for WordPress is vulnerable to remote/local file inclusion in versions up to, and including, 3.1.3. This can allow unauthenticated attackers to retrieve local and remote files with a .swf extension.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dzs-videogallery/"
     google-query: inurl:"/wp-content/plugins/dzs-videogallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dzs-videogallery,medium
+  tags: cve,wordpress,wp-plugin,dzs-videogallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/dzs-videogallery-bf282437cadf1ae50cc09a36bacba2a9.yaml b/nuclei-templates/cve-less/plugins/dzs-videogallery-bf282437cadf1ae50cc09a36bacba2a9.yaml
index f5275fdde3..ff946c309a 100644
--- a/nuclei-templates/cve-less/plugins/dzs-videogallery-bf282437cadf1ae50cc09a36bacba2a9.yaml
+++ b/nuclei-templates/cve-less/plugins/dzs-videogallery-bf282437cadf1ae50cc09a36bacba2a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DZS Video Gallery <= 8.60 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The DZS Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'initer' parameter in versions up to, and including, 8.60 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/dzs-videogallery/"
     google-query: inurl:"/wp-content/plugins/dzs-videogallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,dzs-videogallery,high
+  tags: cve,wordpress,wp-plugin,dzs-videogallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-age-verify-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-age-verify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index af0ad6694b..fd6c5e1166 100644
--- a/nuclei-templates/cve-less/plugins/easy-age-verify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-age-verify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-age-verify/"
     google-query: inurl:"/wp-content/plugins/easy-age-verify/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-age-verify,medium
+  tags: cve,wordpress,wp-plugin,easy-age-verify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-code-snippets-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-code-snippets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 45177986be..e98e8256ec 100644
--- a/nuclei-templates/cve-less/plugins/easy-code-snippets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-code-snippets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-code-snippets/"
     google-query: inurl:"/wp-content/plugins/easy-code-snippets/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-code-snippets,medium
+  tags: cve,wordpress,wp-plugin,easy-code-snippets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-coming-soon-a73a6cac5bd5a80c6a22adb8c250c687.yaml b/nuclei-templates/cve-less/plugins/easy-coming-soon-a73a6cac5bd5a80c6a22adb8c250c687.yaml
index 4e1d6e9d37..8bfe90c907 100644
--- a/nuclei-templates/cve-less/plugins/easy-coming-soon-a73a6cac5bd5a80c6a22adb8c250c687.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-coming-soon-a73a6cac5bd5a80c6a22adb8c250c687.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Coming Soon <= 1.6.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Coming Soon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘coming_soon_page_settings’ function in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-coming-soon/"
     google-query: inurl:"/wp-content/plugins/easy-coming-soon/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-coming-soon,medium
+  tags: cve,wordpress,wp-plugin,easy-coming-soon,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-coming-soon-ea0ca66e9eeeaa433f8d74bce5e52c45.yaml b/nuclei-templates/cve-less/plugins/easy-coming-soon-ea0ca66e9eeeaa433f8d74bce5e52c45.yaml
index 0cbd641cc6..767f57b0c2 100644
--- a/nuclei-templates/cve-less/plugins/easy-coming-soon-ea0ca66e9eeeaa433f8d74bce5e52c45.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-coming-soon-ea0ca66e9eeeaa433f8d74bce5e52c45.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Coming Soon < 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Easy Coming Soon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background_color' parameter in versions before 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This can also be exploited by unauthenticated users via Cross-Site Request Forgery.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-coming-soon/"
     google-query: inurl:"/wp-content/plugins/easy-coming-soon/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-coming-soon,high
+  tags: cve,wordpress,wp-plugin,easy-coming-soon,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c38898be46..c07e6fa858 100644
--- a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-facebook-likebox/"
     google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium
+  tags: cve,wordpress,wp-plugin,easy-facebook-likebox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-marijuana-age-verify-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-marijuana-age-verify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0336b7c65f..14a84b754b 100644
--- a/nuclei-templates/cve-less/plugins/easy-marijuana-age-verify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-marijuana-age-verify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-marijuana-age-verify/"
     google-query: inurl:"/wp-content/plugins/easy-marijuana-age-verify/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-marijuana-age-verify,medium
+  tags: cve,wordpress,wp-plugin,easy-marijuana-age-verify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-media-download-61b9b26895ba1396cd862550f59dfb02.yaml b/nuclei-templates/cve-less/plugins/easy-media-download-61b9b26895ba1396cd862550f59dfb02.yaml
index b92f05bfd5..9e5fa7a889 100644
--- a/nuclei-templates/cve-less/plugins/easy-media-download-61b9b26895ba1396cd862550f59dfb02.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-media-download-61b9b26895ba1396cd862550f59dfb02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Media Download <= 1.1.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Media Download plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the easy_media_download shortcode 'Text’ attribute in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-media-download/"
     google-query: inurl:"/wp-content/plugins/easy-media-download/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-media-download,medium
+  tags: cve,wordpress,wp-plugin,easy-media-download,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-media-gallery-28fafed38b204e7345a98c45e56c485e.yaml b/nuclei-templates/cve-less/plugins/easy-media-gallery-28fafed38b204e7345a98c45e56c485e.yaml
index 3238c9c23a..f0a7617f14 100644
--- a/nuclei-templates/cve-less/plugins/easy-media-gallery-28fafed38b204e7345a98c45e56c485e.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-media-gallery-28fafed38b204e7345a98c45e56c485e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery – Photo Albums Plugin < 1.2.29 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gallery – Photo Albums (formerly titled Easy Media Gallery) Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the spg_add_admin function in versions up to, and including, 1.2.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-media-gallery/"
     google-query: inurl:"/wp-content/plugins/easy-media-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-media-gallery,medium
+  tags: cve,wordpress,wp-plugin,easy-media-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-media-gallery-pro-9bee1adcf88eccf5bdf4a140784b69db.yaml b/nuclei-templates/cve-less/plugins/easy-media-gallery-pro-9bee1adcf88eccf5bdf4a140784b69db.yaml
index 35f25eb6f1..b0739317c0 100644
--- a/nuclei-templates/cve-less/plugins/easy-media-gallery-pro-9bee1adcf88eccf5bdf4a140784b69db.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-media-gallery-pro-9bee1adcf88eccf5bdf4a140784b69db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Media Gallery Pro <= 1.2.59 - Cross-Site Request Forgery and Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Easy Media Gallery Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.59. This is due to missing or incorrect nonce validation on the easymedia_imgresize_ajax function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-media-gallery-pro/"
     google-query: inurl:"/wp-content/plugins/easy-media-gallery-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-media-gallery-pro,high
+  tags: cve,wordpress,wp-plugin,easy-media-gallery-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-newsletter-signups-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-newsletter-signups-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0d8ed2967d..fff89a0ba5 100644
--- a/nuclei-templates/cve-less/plugins/easy-newsletter-signups-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-newsletter-signups-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-newsletter-signups/"
     google-query: inurl:"/wp-content/plugins/easy-newsletter-signups/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-newsletter-signups,medium
+  tags: cve,wordpress,wp-plugin,easy-newsletter-signups,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-paypal-shopping-cart-db5362134a2d7eadd5e40de928930826.yaml b/nuclei-templates/cve-less/plugins/easy-paypal-shopping-cart-db5362134a2d7eadd5e40de928930826.yaml
index 3d680a054d..19a4a3f7dd 100644
--- a/nuclei-templates/cve-less/plugins/easy-paypal-shopping-cart-db5362134a2d7eadd5e40de928930826.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-paypal-shopping-cart-db5362134a2d7eadd5e40de928930826.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy PayPal Shopping Cart <= 1.1.9 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Easy PayPal Shopping Cart for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing nonce validation on the wpepsc_plugin_options function. This makes it possible for unauthenticated attackers to modify the plugins setting and add malicious web scripts to the settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-paypal-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/easy-paypal-shopping-cart/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-paypal-shopping-cart,high
+  tags: cve,wordpress,wp-plugin,easy-paypal-shopping-cart,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-pie-coming-soon-f58f1d8f11140c3bf88a5bed98434fc1.yaml b/nuclei-templates/cve-less/plugins/easy-pie-coming-soon-f58f1d8f11140c3bf88a5bed98434fc1.yaml
index a8010e208e..fbaead0c26 100644
--- a/nuclei-templates/cve-less/plugins/easy-pie-coming-soon-f58f1d8f11140c3bf88a5bed98434fc1.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-pie-coming-soon-f58f1d8f11140c3bf88a5bed98434fc1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Pie Coming Soon < 1.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Pie Coming Soon plugin for WordPress is vulnerable to Cross-Site Scripting via the 'tab' parameter in versions up to, and including,1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-pie-coming-soon/"
     google-query: inurl:"/wp-content/plugins/easy-pie-coming-soon/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-pie-coming-soon,medium
+  tags: cve,wordpress,wp-plugin,easy-pie-coming-soon,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-post-views-count-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-post-views-count-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6960c7c820..609ec24aaf 100644
--- a/nuclei-templates/cve-less/plugins/easy-post-views-count-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-post-views-count-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-post-views-count/"
     google-query: inurl:"/wp-content/plugins/easy-post-views-count/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-post-views-count,medium
+  tags: cve,wordpress,wp-plugin,easy-post-views-count,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-prayer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-prayer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 93ea806fe4..c4ecf9af78 100644
--- a/nuclei-templates/cve-less/plugins/easy-prayer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-prayer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-prayer/"
     google-query: inurl:"/wp-content/plugins/easy-prayer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-prayer,medium
+  tags: cve,wordpress,wp-plugin,easy-prayer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-settings-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-settings-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8b302b085e..c3e5bc138d 100644
--- a/nuclei-templates/cve-less/plugins/easy-settings-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-settings-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-settings-for-learndash/"
     google-query: inurl:"/wp-content/plugins/easy-settings-for-learndash/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-settings-for-learndash,medium
+  tags: cve,wordpress,wp-plugin,easy-settings-for-learndash,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-smooth-scroll-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-smooth-scroll-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f66ebbe05c..fee4691211 100644
--- a/nuclei-templates/cve-less/plugins/easy-smooth-scroll-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-smooth-scroll-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-smooth-scroll-links/"
     google-query: inurl:"/wp-content/plugins/easy-smooth-scroll-links/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-smooth-scroll-links,medium
+  tags: cve,wordpress,wp-plugin,easy-smooth-scroll-links,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-social-icons-65f22b1513e1da3131ee1c2793b0624c.yaml b/nuclei-templates/cve-less/plugins/easy-social-icons-65f22b1513e1da3131ee1c2793b0624c.yaml
index 6cde703b3b..3d26d09152 100644
--- a/nuclei-templates/cve-less/plugins/easy-social-icons-65f22b1513e1da3131ee1c2793b0624c.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-social-icons-65f22b1513e1da3131ee1c2793b0624c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Icons <= 1.2.3.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Easy Social Icons plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in versions up to, and including, 1.2.3.1 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated Admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-icons/"
     google-query: inurl:"/wp-content/plugins/easy-social-icons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-social-icons,high
+  tags: cve,wordpress,wp-plugin,easy-social-icons,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-social-icons-9cfadb72ed62a1496ef5a1550e74d7ca.yaml b/nuclei-templates/cve-less/plugins/easy-social-icons-9cfadb72ed62a1496ef5a1550e74d7ca.yaml
index bce42d30b6..7fb47c333e 100644
--- a/nuclei-templates/cve-less/plugins/easy-social-icons-9cfadb72ed62a1496ef5a1550e74d7ca.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-social-icons-9cfadb72ed62a1496ef5a1550e74d7ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Icons <= 3.1.4 - Admin+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Social Icons plugin for WordPress is vulnerable to admin-level stored Cross-Site Scripting due to missing sanitization on several variables in versions up to, and including, 3.1.4.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-icons/"
     google-query: inurl:"/wp-content/plugins/easy-social-icons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-social-icons,medium
+  tags: cve,wordpress,wp-plugin,easy-social-icons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-social-icons-eb06b36db83cd57ff46c8ecced75bb58.yaml b/nuclei-templates/cve-less/plugins/easy-social-icons-eb06b36db83cd57ff46c8ecced75bb58.yaml
index 0e3e8bace4..f88d8cdaf4 100644
--- a/nuclei-templates/cve-less/plugins/easy-social-icons-eb06b36db83cd57ff46c8ecced75bb58.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-social-icons-eb06b36db83cd57ff46c8ecced75bb58.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Icons <= 3.2.2 - Admin+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Social Icons plugin for WordPress was vulnerable to admin+ stored Cross-Site Scripting due to missing sanitization on a few parameters in versions up to, and including, 3.2.2.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-icons/"
     google-query: inurl:"/wp-content/plugins/easy-social-icons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-social-icons,medium
+  tags: cve,wordpress,wp-plugin,easy-social-icons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-social-icons-f326c6f978051192fcd3f58deac7c7e7.yaml b/nuclei-templates/cve-less/plugins/easy-social-icons-f326c6f978051192fcd3f58deac7c7e7.yaml
index f4ad323bcc..3c1606fa13 100644
--- a/nuclei-templates/cve-less/plugins/easy-social-icons-f326c6f978051192fcd3f58deac7c7e7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-social-icons-f326c6f978051192fcd3f58deac7c7e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Icons <= 3.2.0 - Authenticated (Admin+) Cross-Site Scripting and Missing Authorization Checks
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Easy Social Icons plugin for WordPress is vulnerable to Admin+ cross-site scripting and unauthenticated icon deletion in versions up to and including 3.2.0.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-icons/"
     google-query: inurl:"/wp-content/plugins/easy-social-icons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-social-icons,high
+  tags: cve,wordpress,wp-plugin,easy-social-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-social-share-buttons-for-wordpress-7046ef2cfb73e30aa27cd120b026bf95.yaml b/nuclei-templates/cve-less/plugins/easy-social-share-buttons-for-wordpress-7046ef2cfb73e30aa27cd120b026bf95.yaml
index be5030e87b..2a9eb7c2e5 100644
--- a/nuclei-templates/cve-less/plugins/easy-social-share-buttons-for-wordpress-7046ef2cfb73e30aa27cd120b026bf95.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-social-share-buttons-for-wordpress-7046ef2cfb73e30aa27cd120b026bf95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Social Share Buttons for WordPress <= 3.4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Social Share Buttons for WordPress plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions before 3.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-social-share-buttons-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/easy-social-share-buttons-for-wordpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-social-share-buttons-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,easy-social-share-buttons-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-sticky-sidebar-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/easy-sticky-sidebar-18966e8228314b8165d39d48519f43cc.yaml
index 3e1868ea53..3a7304cffc 100644
--- a/nuclei-templates/cve-less/plugins/easy-sticky-sidebar-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-sticky-sidebar-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-sticky-sidebar/"
     google-query: inurl:"/wp-content/plugins/easy-sticky-sidebar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-sticky-sidebar,medium
+  tags: cve,wordpress,wp-plugin,easy-sticky-sidebar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-table-365c4967f8ed82c8fe8be419a127bb67.yaml b/nuclei-templates/cve-less/plugins/easy-table-365c4967f8ed82c8fe8be419a127bb67.yaml
index 981e519710..c09d3b347d 100644
--- a/nuclei-templates/cve-less/plugins/easy-table-365c4967f8ed82c8fe8be419a127bb67.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-table-365c4967f8ed82c8fe8be419a127bb67.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Table <= 1.5.2 - Authenticated Stored Cross-Site Scripting via easy-table-test-area parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Table plugin for WordPress is vulnerable to Cross-Site Scripting via easy-table-test-area parameter in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-table/"
     google-query: inurl:"/wp-content/plugins/easy-table/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-table,medium
+  tags: cve,wordpress,wp-plugin,easy-table,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-testimonials-6fa4b95e95d113650666ff28a08a093d.yaml b/nuclei-templates/cve-less/plugins/easy-testimonials-6fa4b95e95d113650666ff28a08a093d.yaml
index 79ae099408..8ad6de4d30 100644
--- a/nuclei-templates/cve-less/plugins/easy-testimonials-6fa4b95e95d113650666ff28a08a093d.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-testimonials-6fa4b95e95d113650666ff28a08a093d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Testimonials <= 1.36.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.36.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers of the Contributor-level or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-testimonials/"
     google-query: inurl:"/wp-content/plugins/easy-testimonials/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-testimonials,high
+  tags: cve,wordpress,wp-plugin,easy-testimonials,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-tiktok-feed-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-tiktok-feed-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c958896f86..e9bcbf8a61 100644
--- a/nuclei-templates/cve-less/plugins/easy-tiktok-feed-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-tiktok-feed-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-tiktok-feed/"
     google-query: inurl:"/wp-content/plugins/easy-tiktok-feed/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-tiktok-feed,medium
+  tags: cve,wordpress,wp-plugin,easy-tiktok-feed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-under-construction-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-under-construction-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 76727b7df3..149a4968f0 100644
--- a/nuclei-templates/cve-less/plugins/easy-under-construction-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-under-construction-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-under-construction/"
     google-query: inurl:"/wp-content/plugins/easy-under-construction/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-under-construction,medium
+  tags: cve,wordpress,wp-plugin,easy-under-construction,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-video-reviews-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/easy-video-reviews-18966e8228314b8165d39d48519f43cc.yaml
index f2f6aac178..63346608f7 100644
--- a/nuclei-templates/cve-less/plugins/easy-video-reviews-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-video-reviews-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-video-reviews/"
     google-query: inurl:"/wp-content/plugins/easy-video-reviews/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-video-reviews,medium
+  tags: cve,wordpress,wp-plugin,easy-video-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easy-zillow-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easy-zillow-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9880f32c75..8c213b4126 100644
--- a/nuclei-templates/cve-less/plugins/easy-zillow-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easy-zillow-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easy-zillow-reviews/"
     google-query: inurl:"/wp-content/plugins/easy-zillow-reviews/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easy-zillow-reviews,medium
+  tags: cve,wordpress,wp-plugin,easy-zillow-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easync-booking-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/easync-booking-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 03df85b508..fb6f95ea9e 100644
--- a/nuclei-templates/cve-less/plugins/easync-booking-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/easync-booking-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/easync-booking/"
     google-query: inurl:"/wp-content/plugins/easync-booking/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,easync-booking,medium
+  tags: cve,wordpress,wp-plugin,easync-booking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/easysqueezepage-98fa09468510e4f3d608da204df8d702.yaml b/nuclei-templates/cve-less/plugins/easysqueezepage-98fa09468510e4f3d608da204df8d702.yaml
index 2e36c169a7..1c28a583e1 100644
--- a/nuclei-templates/cve-less/plugins/easysqueezepage-98fa09468510e4f3d608da204df8d702.yaml
+++ b/nuclei-templates/cve-less/plugins/easysqueezepage-98fa09468510e4f3d608da204df8d702.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VideoJS (Various Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The S3 Video, EasySqueezePage, External "Video for Everybody", Videopack, and 1player plugins for WordPress are vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of VideoJS in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/EasySqueezePage/"
     google-query: inurl:"/wp-content/plugins/EasySqueezePage/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,EasySqueezePage,medium
+  tags: cve,wordpress,wp-plugin,EasySqueezePage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-3bc18d019b91d2de29e8f02de7016b9b.yaml b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-3bc18d019b91d2de29e8f02de7016b9b.yaml
index 47182834d5..ac077a2877 100644
--- a/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-3bc18d019b91d2de29e8f02de7016b9b.yaml
+++ b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-3bc18d019b91d2de29e8f02de7016b9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ecwid Ecommerce Shopping Cart <= 6.12.3 - Missing Authorization on multiple functions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple functions in all versions up to, and including, 6.12.3. This makes it possible for authenticated attackers to access developer tool pages.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ecwid-shopping-cart/"
     google-query: inurl:"/wp-content/plugins/ecwid-shopping-cart/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,medium
+  tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/edd-cashapp-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/edd-cashapp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b631508d37..444c4527ad 100644
--- a/nuclei-templates/cve-less/plugins/edd-cashapp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/edd-cashapp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-cashapp/"
     google-query: inurl:"/wp-content/plugins/edd-cashapp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,edd-cashapp,medium
+  tags: cve,wordpress,wp-plugin,edd-cashapp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/edd-venmo-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/edd-venmo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4ce8667fe7..f2181795ea 100644
--- a/nuclei-templates/cve-less/plugins/edd-venmo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/edd-venmo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edd-venmo/"
     google-query: inurl:"/wp-content/plugins/edd-venmo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,edd-venmo,medium
+  tags: cve,wordpress,wp-plugin,edd-venmo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/edge-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/edge-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c9474c24f2..34c30a5e2b 100644
--- a/nuclei-templates/cve-less/plugins/edge-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/edge-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/edge-gallery/"
     google-query: inurl:"/wp-content/plugins/edge-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,edge-gallery,medium
+  tags: cve,wordpress,wp-plugin,edge-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/educare-029b8e032e0fc0a8b295cb9989f4bc4f.yaml b/nuclei-templates/cve-less/plugins/educare-029b8e032e0fc0a8b295cb9989f4bc4f.yaml
index 3b29904723..1b004dce67 100644
--- a/nuclei-templates/cve-less/plugins/educare-029b8e032e0fc0a8b295cb9989f4bc4f.yaml
+++ b/nuclei-templates/cve-less/plugins/educare-029b8e032e0fc0a8b295cb9989f4bc4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Educare <= 1.4.6 - Missing Authorization to Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Educare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the educare_get_data_from_students function in versions up to, and including, 1.4.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to expose potentially sensitive student data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/educare/"
     google-query: inurl:"/wp-content/plugins/educare/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,educare,medium
+  tags: cve,wordpress,wp-plugin,educare,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/education-addon-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/education-addon-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 38d0421bdd..c5f6f8dd68 100644
--- a/nuclei-templates/cve-less/plugins/education-addon-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/education-addon-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/education-addon/"
     google-query: inurl:"/wp-content/plugins/education-addon/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,education-addon,medium
+  tags: cve,wordpress,wp-plugin,education-addon,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/elementor-1f2c4e6dec405aef3fd5e6566d223430.yaml b/nuclei-templates/cve-less/plugins/elementor-1f2c4e6dec405aef3fd5e6566d223430.yaml
index a5fdfc972f..22aa4df852 100644
--- a/nuclei-templates/cve-less/plugins/elementor-1f2c4e6dec405aef3fd5e6566d223430.yaml
+++ b/nuclei-templates/cve-less/plugins/elementor-1f2c4e6dec405aef3fd5e6566d223430.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor Website Builder <= 2.7.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor Website Builder  for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.5 that makes it possible for attackers to inject arbitrary web scripts via the elementor_js_log AJAX action. This requires low-level authenticated user access to exploit.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/elementor-5ccd429722cafafb64349730f5cc0669.yaml b/nuclei-templates/cve-less/plugins/elementor-5ccd429722cafafb64349730f5cc0669.yaml
index 7aaa52dcf8..cfe59a13e5 100644
--- a/nuclei-templates/cve-less/plugins/elementor-5ccd429722cafafb64349730f5cc0669.yaml
+++ b/nuclei-templates/cve-less/plugins/elementor-5ccd429722cafafb64349730f5cc0669.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elementor <= 3.13.1 - Missing Authorization to Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the register_as_beta_tester(), ajax_enable_safe_mode(), ajax_get_category_items(), and ajax_re_migrate_globals() functions called via AJAX actions in versions up to, and including, 3.13.1. This makes it possible for authenticated attackers with minimal permissions such as subscribers to perform many actions such as registering the site for beta testing, enabling safe mode, remigrating globals and retrieving category items.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elementor/"
     google-query: inurl:"/wp-content/plugins/elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,elementor,medium
+  tags: cve,wordpress,wp-plugin,elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/elements-for-lifterlms-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/elements-for-lifterlms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3aca1f7593..515723073e 100644
--- a/nuclei-templates/cve-less/plugins/elements-for-lifterlms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/elements-for-lifterlms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/elements-for-lifterlms/"
     google-query: inurl:"/wp-content/plugins/elements-for-lifterlms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,elements-for-lifterlms,medium
+  tags: cve,wordpress,wp-plugin,elements-for-lifterlms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ellipsis-human-presence-technology-e298d4cd6c60e1657aca279370a259b7.yaml b/nuclei-templates/cve-less/plugins/ellipsis-human-presence-technology-e298d4cd6c60e1657aca279370a259b7.yaml
index 207eb2b71b..507a0c93bf 100644
--- a/nuclei-templates/cve-less/plugins/ellipsis-human-presence-technology-e298d4cd6c60e1657aca279370a259b7.yaml
+++ b/nuclei-templates/cve-less/plugins/ellipsis-human-presence-technology-e298d4cd6c60e1657aca279370a259b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Human Presence – Stop Form Spam Without ReCaptcha < 2.0.9 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Human Presence – Stop Form Spam Without ReCaptcha plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions before 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ellipsis-human-presence-technology/"
     google-query: inurl:"/wp-content/plugins/ellipsis-human-presence-technology/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ellipsis-human-presence-technology,high
+  tags: cve,wordpress,wp-plugin,ellipsis-human-presence-technology,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/email-artillery-5969d2a7887ae66d8279d64632cb1bda.yaml b/nuclei-templates/cve-less/plugins/email-artillery-5969d2a7887ae66d8279d64632cb1bda.yaml
index eab2a035ae..402e5666c3 100644
--- a/nuclei-templates/cve-less/plugins/email-artillery-5969d2a7887ae66d8279d64632cb1bda.yaml
+++ b/nuclei-templates/cve-less/plugins/email-artillery-5969d2a7887ae66d8279d64632cb1bda.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Artillery (MASS EMAIL) <= 4.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Email Artillery (MASS EMAIL) plugin for WordPress is vulnerable to various SQL Injection via the 'post_id' and 'email_id' parameters in versions up to, and including, 4.1 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated Admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-artillery/"
     google-query: inurl:"/wp-content/plugins/email-artillery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,email-artillery,high
+  tags: cve,wordpress,wp-plugin,email-artillery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/email-encoder-bundle-8e9ca596ac830dab2177a8b85d591379.yaml b/nuclei-templates/cve-less/plugins/email-encoder-bundle-8e9ca596ac830dab2177a8b85d591379.yaml
index 06de675ebd..6dc88bda7d 100644
--- a/nuclei-templates/cve-less/plugins/email-encoder-bundle-8e9ca596ac830dab2177a8b85d591379.yaml
+++ b/nuclei-templates/cve-less/plugins/email-encoder-bundle-8e9ca596ac830dab2177a8b85d591379.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Encoder < 1.4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Email Encoder plugin for WordPress is vulnerable to Cross-Site Scripting via 'email' and 'display' parameters in versions before 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-encoder-bundle/"
     google-query: inurl:"/wp-content/plugins/email-encoder-bundle/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,email-encoder-bundle,medium
+  tags: cve,wordpress,wp-plugin,email-encoder-bundle,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/email-header-footer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/email-header-footer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ef588f448c..17614c2a27 100644
--- a/nuclei-templates/cve-less/plugins/email-header-footer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/email-header-footer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-header-footer/"
     google-query: inurl:"/wp-content/plugins/email-header-footer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,email-header-footer,medium
+  tags: cve,wordpress,wp-plugin,email-header-footer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/email-log-628e104d3a4b1ff3a2f651b79f8f25d3.yaml b/nuclei-templates/cve-less/plugins/email-log-628e104d3a4b1ff3a2f651b79f8f25d3.yaml
index 9bd1057d21..0f44ce8776 100644
--- a/nuclei-templates/cve-less/plugins/email-log-628e104d3a4b1ff3a2f651b79f8f25d3.yaml
+++ b/nuclei-templates/cve-less/plugins/email-log-628e104d3a4b1ff3a2f651b79f8f25d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Log <= 2.2.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '$log_item' variable in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authorized attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-log/"
     google-query: inurl:"/wp-content/plugins/email-log/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,email-log,medium
+  tags: cve,wordpress,wp-plugin,email-log,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/email-newsletter-72825f3aadd86474681e72f8f4d9931a.yaml b/nuclei-templates/cve-less/plugins/email-newsletter-72825f3aadd86474681e72f8f4d9931a.yaml
index 79f2077d7e..e0ab376d9e 100644
--- a/nuclei-templates/cve-less/plugins/email-newsletter-72825f3aadd86474681e72f8f4d9931a.yaml
+++ b/nuclei-templates/cve-less/plugins/email-newsletter-72825f3aadd86474681e72f8f4d9931a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Newsletter <= 20.13.6 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Email Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search’ parameter in versions up to, and including, 20.13.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-newsletter/"
     google-query: inurl:"/wp-content/plugins/email-newsletter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,email-newsletter,high
+  tags: cve,wordpress,wp-plugin,email-newsletter,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-13af706509ed275951fca2f87c67ca91.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-13af706509ed275951fca2f87c67ca91.yaml
index a846085f2f..238739727b 100644
--- a/nuclei-templates/cve-less/plugins/email-subscribers-13af706509ed275951fca2f87c67ca91.yaml
+++ b/nuclei-templates/cve-less/plugins/email-subscribers-13af706509ed275951fca2f87c67ca91.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Subscribers & Newsletters < 2.9.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Email Subscribers & Newsletters plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 2.9.1 via the following parameters: 1) 'search' and 'es_mail_group' parameters in sendmail.php 2) 'search', 'sts', and 'cnt' parameters in view-subscriber-show.php 3) 'pagemail' parameter in sentmail-preview.php. This is due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-subscribers/"
     google-query: inurl:"/wp-content/plugins/email-subscribers/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,email-subscribers,medium
+  tags: cve,wordpress,wp-plugin,email-subscribers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/email-tracker-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/email-tracker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7498520a24..b3aa483e9a 100644
--- a/nuclei-templates/cve-less/plugins/email-tracker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/email-tracker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-tracker/"
     google-query: inurl:"/wp-content/plugins/email-tracker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,email-tracker,medium
+  tags: cve,wordpress,wp-plugin,email-tracker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/email-verification-for-woocommerce-pro-ee48551d5debb82650756b153a85ffe4.yaml b/nuclei-templates/cve-less/plugins/email-verification-for-woocommerce-pro-ee48551d5debb82650756b153a85ffe4.yaml
index 8ccb5eda49..d3bf14719b 100644
--- a/nuclei-templates/cve-less/plugins/email-verification-for-woocommerce-pro-ee48551d5debb82650756b153a85ffe4.yaml
+++ b/nuclei-templates/cve-less/plugins/email-verification-for-woocommerce-pro-ee48551d5debb82650756b153a85ffe4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Verification for WooCommerce <= 1.8.1 - Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass due to insufficient validation on the alg_wc_ev_activation_code value found in the verify() function which makes it possible for users to spoof email validation for any user, including administrators, that will auto-log them in as that user through wp_set_auth_cookie(). This affects versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to log in as site administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/email-verification-for-woocommerce-pro/"
     google-query: inurl:"/wp-content/plugins/email-verification-for-woocommerce-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,email-verification-for-woocommerce-pro,high
+  tags: cve,wordpress,wp-plugin,email-verification-for-woocommerce-pro,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/emails-blacklist-everest-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/emails-blacklist-everest-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f63dd98733..89460f3bc4 100644
--- a/nuclei-templates/cve-less/plugins/emails-blacklist-everest-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/emails-blacklist-everest-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/emails-blacklist-everest-forms/"
     google-query: inurl:"/wp-content/plugins/emails-blacklist-everest-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,emails-blacklist-everest-forms,medium
+  tags: cve,wordpress,wp-plugin,emails-blacklist-everest-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/emails-verification-for-woocommerce-ee48551d5debb82650756b153a85ffe4.yaml b/nuclei-templates/cve-less/plugins/emails-verification-for-woocommerce-ee48551d5debb82650756b153a85ffe4.yaml
index b8f1c1614d..9d325b6610 100644
--- a/nuclei-templates/cve-less/plugins/emails-verification-for-woocommerce-ee48551d5debb82650756b153a85ffe4.yaml
+++ b/nuclei-templates/cve-less/plugins/emails-verification-for-woocommerce-ee48551d5debb82650756b153a85ffe4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Email Verification for WooCommerce <= 1.8.1 - Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass due to insufficient validation on the alg_wc_ev_activation_code value found in the verify() function which makes it possible for users to spoof email validation for any user, including administrators, that will auto-log them in as that user through wp_set_auth_cookie(). This affects versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to log in as site administrators.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/emails-verification-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/emails-verification-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,emails-verification-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,emails-verification-for-woocommerce,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/embed-office-viewer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/embed-office-viewer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1c23576c0a..e1b7f9b4d0 100644
--- a/nuclei-templates/cve-less/plugins/embed-office-viewer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/embed-office-viewer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embed-office-viewer/"
     google-query: inurl:"/wp-content/plugins/embed-office-viewer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,embed-office-viewer,medium
+  tags: cve,wordpress,wp-plugin,embed-office-viewer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/embed-power-bi-30c71081d6f65fd865fd605bc8ca0520.yaml b/nuclei-templates/cve-less/plugins/embed-power-bi-30c71081d6f65fd865fd605bc8ca0520.yaml
index 71d70ecb04..99556f3a18 100644
--- a/nuclei-templates/cve-less/plugins/embed-power-bi-30c71081d6f65fd865fd605bc8ca0520.yaml
+++ b/nuclei-templates/cve-less/plugins/embed-power-bi-30c71081d6f65fd865fd605bc8ca0520.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Power BI Embedded for WordPress <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Power BI Embedded for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_power_bi_width’ and '_power_bi_height' parameters editable from the 'Edit Power BI' page in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embed-power-bi/"
     google-query: inurl:"/wp-content/plugins/embed-power-bi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,embed-power-bi,medium
+  tags: cve,wordpress,wp-plugin,embed-power-bi,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/embedpress-e1343ff86b6c5b93b675136f5cf7bf16.yaml b/nuclei-templates/cve-less/plugins/embedpress-e1343ff86b6c5b93b675136f5cf7bf16.yaml
index 5c55bc3f3b..860d101914 100644
--- a/nuclei-templates/cve-less/plugins/embedpress-e1343ff86b6c5b93b675136f5cf7bf16.yaml
+++ b/nuclei-templates/cve-less/plugins/embedpress-e1343ff86b6c5b93b675136f5cf7bf16.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EmbedPress <= 3.9.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_source_data() and delete_source_data() functions in all versions up to 3.9.5 (exclusive). This makes it possible for unauthenticated attackers to save and delete source data
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/embedpress/"
     google-query: inurl:"/wp-content/plugins/embedpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,embedpress,medium
+  tags: cve,wordpress,wp-plugin,embedpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/enhanced-wordpress-contactform-d2114b88fcc067766472c75899b7fa23.yaml b/nuclei-templates/cve-less/plugins/enhanced-wordpress-contactform-d2114b88fcc067766472c75899b7fa23.yaml
index 3ef8e794ae..bc23ef5823 100644
--- a/nuclei-templates/cve-less/plugins/enhanced-wordpress-contactform-d2114b88fcc067766472c75899b7fa23.yaml
+++ b/nuclei-templates/cve-less/plugins/enhanced-wordpress-contactform-d2114b88fcc067766472c75899b7fa23.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Enhanced WP Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/enhanced-wordpress-contactform/"
     google-query: inurl:"/wp-content/plugins/enhanced-wordpress-contactform/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,enhanced-wordpress-contactform,medium
+  tags: cve,wordpress,wp-plugin,enhanced-wordpress-contactform,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/erident-custom-login-and-dashboard-b76f995a16535082b5686ca7f787e057.yaml b/nuclei-templates/cve-less/plugins/erident-custom-login-and-dashboard-b76f995a16535082b5686ca7f787e057.yaml
index 3bf9d65137..d82ffaca6f 100644
--- a/nuclei-templates/cve-less/plugins/erident-custom-login-and-dashboard-b76f995a16535082b5686ca7f787e057.yaml
+++ b/nuclei-templates/cve-less/plugins/erident-custom-login-and-dashboard-b76f995a16535082b5686ca7f787e057.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Erident Custom Login & Dashboard <= 3.4.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Erident Custom Login & Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.1. This is due to missing or incorrect nonce validation in the 'erident-custom-login-and-dashboard/trunk/er-custom-login.php' file. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/erident-custom-login-and-dashboard/"
     google-query: inurl:"/wp-content/plugins/erident-custom-login-and-dashboard/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,erident-custom-login-and-dashboard,high
+  tags: cve,wordpress,wp-plugin,erident-custom-login-and-dashboard,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/error-log-monitor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/error-log-monitor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8aa70e972d..076e563cc2 100644
--- a/nuclei-templates/cve-less/plugins/error-log-monitor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/error-log-monitor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/error-log-monitor/"
     google-query: inurl:"/wp-content/plugins/error-log-monitor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,error-log-monitor,medium
+  tags: cve,wordpress,wp-plugin,error-log-monitor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-1015b09d99817c2106e43f3451c30ac1.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-1015b09d99817c2106e43f3451c30ac1.yaml
index 26c11b50ef..35503b9e9e 100644
--- a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-1015b09d99817c2106e43f3451c30ac1.yaml
+++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-1015b09d99817c2106e43f3451c30ac1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Essential Addons for Elementor  plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,high
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-9319000e1757d81a7b4d434242e3b0b6.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-9319000e1757d81a7b4d434242e3b0b6.yaml
index 8321826805..4ef1d90058 100644
--- a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-9319000e1757d81a7b4d434242e3b0b6.yaml
+++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-9319000e1757d81a7b4d434242e3b0b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Essential Addons for Elementor <= 4.6.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/"
     google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium
+  tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ecea9f4484..f803cb1483 100644
--- a/nuclei-templates/cve-less/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway/"
     google-query: inurl:"/wp-content/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ether-and-erc20-tokens-woocommerce-payment-gateway,medium
+  tags: cve,wordpress,wp-plugin,ether-and-erc20-tokens-woocommerce-payment-gateway,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ethereum-wallet-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ethereum-wallet-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 78cff3a917..416df14bff 100644
--- a/nuclei-templates/cve-less/plugins/ethereum-wallet-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ethereum-wallet-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ethereum-wallet/"
     google-query: inurl:"/wp-content/plugins/ethereum-wallet/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ethereum-wallet,medium
+  tags: cve,wordpress,wp-plugin,ethereum-wallet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ethereumico-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ethereumico-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 02fc7780cd..46cd77ae30 100644
--- a/nuclei-templates/cve-less/plugins/ethereumico-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ethereumico-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ethereumico/"
     google-query: inurl:"/wp-content/plugins/ethereumico/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ethereumico,medium
+  tags: cve,wordpress,wp-plugin,ethereumico,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ethpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ethpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3b10413b1b..09811acfd7 100644
--- a/nuclei-templates/cve-less/plugins/ethpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ethpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ethpress/"
     google-query: inurl:"/wp-content/plugins/ethpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ethpress,medium
+  tags: cve,wordpress,wp-plugin,ethpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/event-calendar-wd-f5b60cb69c042e53c0624a4896969936.yaml b/nuclei-templates/cve-less/plugins/event-calendar-wd-f5b60cb69c042e53c0624a4896969936.yaml
index 7f6cd14b7c..ba20a62769 100644
--- a/nuclei-templates/cve-less/plugins/event-calendar-wd-f5b60cb69c042e53c0624a4896969936.yaml
+++ b/nuclei-templates/cve-less/plugins/event-calendar-wd-f5b60cb69c042e53c0624a4896969936.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventCalendar <= 1.1.45 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Event Calendar WD plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1.45 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-calendar-wd/"
     google-query: inurl:"/wp-content/plugins/event-calendar-wd/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,event-calendar-wd,medium
+  tags: cve,wordpress,wp-plugin,event-calendar-wd,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/event-easy-calendar-204a4a5eb1bb83f22931c8d30c356316.yaml b/nuclei-templates/cve-less/plugins/event-easy-calendar-204a4a5eb1bb83f22931c8d30c356316.yaml
index e0efb30872..b2b6f6dbbf 100644
--- a/nuclei-templates/cve-less/plugins/event-easy-calendar-204a4a5eb1bb83f22931c8d30c356316.yaml
+++ b/nuclei-templates/cve-less/plugins/event-easy-calendar-204a4a5eb1bb83f22931c8d30c356316.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Easy Calendar <= 1.0.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Event Easy Calendar plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 1.0.0due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-easy-calendar/"
     google-query: inurl:"/wp-content/plugins/event-easy-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,event-easy-calendar,medium
+  tags: cve,wordpress,wp-plugin,event-easy-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/event-easy-calendar-c4cddbbbf9510f7f05b91c86dc3dade6.yaml b/nuclei-templates/cve-less/plugins/event-easy-calendar-c4cddbbbf9510f7f05b91c86dc3dade6.yaml
index 6340d9091e..697a2ae3df 100644
--- a/nuclei-templates/cve-less/plugins/event-easy-calendar-c4cddbbbf9510f7f05b91c86dc3dade6.yaml
+++ b/nuclei-templates/cve-less/plugins/event-easy-calendar-c4cddbbbf9510f7f05b91c86dc3dade6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Easy Calendar <= 1.0.0 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Event Easy Calendar plugin for WordPress is vulnerable to Multiple Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. These actions include creating and updating customers, creating new services and coupons, changing settings, enabling reminders and auto approvals, deleting all bookings, modifying the PayPal recipient email address, and modifying cost of services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-easy-calendar/"
     google-query: inurl:"/wp-content/plugins/event-easy-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,event-easy-calendar,high
+  tags: cve,wordpress,wp-plugin,event-easy-calendar,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/event-tickets-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/event-tickets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f3eb200bf7..fc5c0800e3 100644
--- a/nuclei-templates/cve-less/plugins/event-tickets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/event-tickets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-tickets/"
     google-query: inurl:"/wp-content/plugins/event-tickets/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,event-tickets,medium
+  tags: cve,wordpress,wp-plugin,event-tickets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/event-tickets-with-ticket-scanner-eb93d0fd8aabb59ccf2ece6d36890f6a.yaml b/nuclei-templates/cve-less/plugins/event-tickets-with-ticket-scanner-eb93d0fd8aabb59ccf2ece6d36890f6a.yaml
index a6a08af9e2..e968f7f8e6 100644
--- a/nuclei-templates/cve-less/plugins/event-tickets-with-ticket-scanner-eb93d0fd8aabb59ccf2ece6d36890f6a.yaml
+++ b/nuclei-templates/cve-less/plugins/event-tickets-with-ticket-scanner-eb93d0fd8aabb59ccf2ece6d36890f6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Tickets with Ticket Scanner <= 1.5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting  in versions up to, and including, 1.5.4 via the 'data[codes]' parameter saved through the 'sasoEventtickets_executeAdminSettings' AJAX action, due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/event-tickets-with-ticket-scanner/"
     google-query: inurl:"/wp-content/plugins/event-tickets-with-ticket-scanner/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,event-tickets-with-ticket-scanner,medium
+  tags: cve,wordpress,wp-plugin,event-tickets-with-ticket-scanner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/eventify-5dad00a11bede1ceffdac71757dc57c7.yaml b/nuclei-templates/cve-less/plugins/eventify-5dad00a11bede1ceffdac71757dc57c7.yaml
index bcd23c2d8f..0bc659f6e2 100644
--- a/nuclei-templates/cve-less/plugins/eventify-5dad00a11bede1ceffdac71757dc57c7.yaml
+++ b/nuclei-templates/cve-less/plugins/eventify-5dad00a11bede1ceffdac71757dc57c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Eventify - Simple Events <= 1.7.f - SQL Injection via eventid
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Eventify - Simple Events plugin for WordPress is vulnerable to SQL Injection via the ‘eventid’ parameter in versions up to, and including, 1.7.f due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. magic_quotes has to be turned off for the exploit to work.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventify/"
     google-query: inurl:"/wp-content/plugins/eventify/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,eventify,high
+  tags: cve,wordpress,wp-plugin,eventify,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-d1b60cf010a4c4b99d620cf0f040e27a.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-d1b60cf010a4c4b99d620cf0f040e27a.yaml
index 50d0c6d431..a52dd7add5 100644
--- a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-d1b60cf010a4c4b99d620cf0f040e27a.yaml
+++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-d1b60cf010a4c4b99d620cf0f040e27a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EventPrime – Modern Events Calendar, Bookings and Tickets <= 3.3.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/eventprime-event-calendar-management/"
     google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium
+  tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/events-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/events-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e35b26d978..c8ee59bc7b 100644
--- a/nuclei-templates/cve-less/plugins/events-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/events-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-addon-for-elementor/"
     google-query: inurl:"/wp-content/plugins/events-addon-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,events-addon-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,events-addon-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/events-calendar-registration-booking-by-events-plus-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/events-calendar-registration-booking-by-events-plus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c03f063655..792844e93e 100644
--- a/nuclei-templates/cve-less/plugins/events-calendar-registration-booking-by-events-plus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/events-calendar-registration-booking-by-events-plus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-calendar-registration-booking-by-events-plus/"
     google-query: inurl:"/wp-content/plugins/events-calendar-registration-booking-by-events-plus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,events-calendar-registration-booking-by-events-plus,medium
+  tags: cve,wordpress,wp-plugin,events-calendar-registration-booking-by-events-plus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/events-made-easy-2f7fd4d18b200014ffe6ce74713f97bf.yaml b/nuclei-templates/cve-less/plugins/events-made-easy-2f7fd4d18b200014ffe6ce74713f97bf.yaml
index e55d84ebd3..22e0313930 100644
--- a/nuclei-templates/cve-less/plugins/events-made-easy-2f7fd4d18b200014ffe6ce74713f97bf.yaml
+++ b/nuclei-templates/cve-less/plugins/events-made-easy-2f7fd4d18b200014ffe6ce74713f97bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Made Easy < 1.5.50 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Events Made Easy plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in versions before 1.5.50 due to insufficient input sanitization and output escaping and missing nonce validation. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page if they can successfully trick an admin into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-made-easy/"
     google-query: inurl:"/wp-content/plugins/events-made-easy/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,events-made-easy,high
+  tags: cve,wordpress,wp-plugin,events-made-easy,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/events-made-easy-df8b0e3e82913bd73f66e923babf0341.yaml b/nuclei-templates/cve-less/plugins/events-made-easy-df8b0e3e82913bd73f66e923babf0341.yaml
index 18c219b28d..8775972c69 100644
--- a/nuclei-templates/cve-less/plugins/events-made-easy-df8b0e3e82913bd73f66e923babf0341.yaml
+++ b/nuclei-templates/cve-less/plugins/events-made-easy-df8b0e3e82913bd73f66e923babf0341.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Events Made Easy <= 1.6.20 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Events Made Easy plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting via the 'page' parameter in versions up to, and including, 1.6.20 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/events-made-easy/"
     google-query: inurl:"/wp-content/plugins/events-made-easy/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,events-made-easy,medium
+  tags: cve,wordpress,wp-plugin,events-made-easy,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/everlightbox-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/everlightbox-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index df492bf511..1142053d2a 100644
--- a/nuclei-templates/cve-less/plugins/everlightbox-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/everlightbox-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/everlightbox/"
     google-query: inurl:"/wp-content/plugins/everlightbox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,everlightbox,medium
+  tags: cve,wordpress,wp-plugin,everlightbox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/everse-starter-sites-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/everse-starter-sites-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9a3e64683f..66f1cb4d81 100644
--- a/nuclei-templates/cve-less/plugins/everse-starter-sites-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/everse-starter-sites-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/everse-starter-sites/"
     google-query: inurl:"/wp-content/plugins/everse-starter-sites/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,everse-starter-sites,medium
+  tags: cve,wordpress,wp-plugin,everse-starter-sites,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
index 00ec97e8e4..3f9c4d3c92 100644
--- a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/exclusive-team-for-elementor-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/exclusive-team-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
index d7ab4df371..3d003f5316 100644
--- a/nuclei-templates/cve-less/plugins/exclusive-team-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/exclusive-team-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/exclusive-team-for-elementor/"
     google-query: inurl:"/wp-content/plugins/exclusive-team-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,exclusive-team-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,exclusive-team-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/expire-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/expire-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8258e16b17..2efb8125db 100644
--- a/nuclei-templates/cve-less/plugins/expire-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/expire-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/expire-tags/"
     google-query: inurl:"/wp-content/plugins/expire-tags/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,expire-tags,medium
+  tags: cve,wordpress,wp-plugin,expire-tags,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/express-shop-3e4167472cc19aa7d5c770b7ff08e85b.yaml b/nuclei-templates/cve-less/plugins/express-shop-3e4167472cc19aa7d5c770b7ff08e85b.yaml
index 5631b789c5..66c209f2f3 100644
--- a/nuclei-templates/cve-less/plugins/express-shop-3e4167472cc19aa7d5c770b7ff08e85b.yaml
+++ b/nuclei-templates/cve-less/plugins/express-shop-3e4167472cc19aa7d5c770b7ff08e85b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Express Shop <= 4.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Express Shop plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.2. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to add products to a cart via a forged request granted they can trick a site user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/express-shop/"
     google-query: inurl:"/wp-content/plugins/express-shop/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,express-shop,high
+  tags: cve,wordpress,wp-plugin,express-shop,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/extend-filter-products-by-price-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/extend-filter-products-by-price-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8d90ffae24..c2d3824282 100644
--- a/nuclei-templates/cve-less/plugins/extend-filter-products-by-price-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/extend-filter-products-by-price-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/extend-filter-products-by-price-widget/"
     google-query: inurl:"/wp-content/plugins/extend-filter-products-by-price-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,extend-filter-products-by-price-widget,medium
+  tags: cve,wordpress,wp-plugin,extend-filter-products-by-price-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/extended-evaluation-for-statify-a6e54ba491e72f796e7b6e74aa4dfebc.yaml b/nuclei-templates/cve-less/plugins/extended-evaluation-for-statify-a6e54ba491e72f796e7b6e74aa4dfebc.yaml
index a9ec887207..b5d164f94e 100644
--- a/nuclei-templates/cve-less/plugins/extended-evaluation-for-statify-a6e54ba491e72f796e7b6e74aa4dfebc.yaml
+++ b/nuclei-templates/cve-less/plugins/extended-evaluation-for-statify-a6e54ba491e72f796e7b6e74aa4dfebc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Statify – Extended Evaluation <= 2.6.3 - Authenticated (Admin+) CSV Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Statify – Extended Evaluation plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 2.6.3 via the eefstatifyTableToCsv() function. This allows authenticated attackers, with administrative-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/extended-evaluation-for-statify/"
     google-query: inurl:"/wp-content/plugins/extended-evaluation-for-statify/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,extended-evaluation-for-statify,medium
+  tags: cve,wordpress,wp-plugin,extended-evaluation-for-statify,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/external-media-090b5ab75971c1cf3354717d50e20576.yaml b/nuclei-templates/cve-less/plugins/external-media-090b5ab75971c1cf3354717d50e20576.yaml
index e46b6ab130..d29ae2be11 100644
--- a/nuclei-templates/cve-less/plugins/external-media-090b5ab75971c1cf3354717d50e20576.yaml
+++ b/nuclei-templates/cve-less/plugins/external-media-090b5ab75971c1cf3354717d50e20576.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     External Media <= 1.0.36 - Authenticated(Author+) File Upload to Stored Cross-Site Scripting via SVG
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The External Media plugin for WordPress is vulnerable to File Upload due to insufficient file type validation in the isUnsafe function in versions up to, and including, 1.0.36. This makes it possible for authenticated attackers with the upload_files capability, such as authors, to upload dangerous file types such as unsanitized SVG files which can lead to Cross-Site Scripting.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/external-media/"
     google-query: inurl:"/wp-content/plugins/external-media/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,external-media,medium
+  tags: cve,wordpress,wp-plugin,external-media,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/external-video-for-everybody-98fa09468510e4f3d608da204df8d702.yaml b/nuclei-templates/cve-less/plugins/external-video-for-everybody-98fa09468510e4f3d608da204df8d702.yaml
index 7e7dca8620..3f368a5e49 100644
--- a/nuclei-templates/cve-less/plugins/external-video-for-everybody-98fa09468510e4f3d608da204df8d702.yaml
+++ b/nuclei-templates/cve-less/plugins/external-video-for-everybody-98fa09468510e4f3d608da204df8d702.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VideoJS (Various Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The S3 Video, EasySqueezePage, External "Video for Everybody", Videopack, and 1player plugins for WordPress are vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of VideoJS in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/external-video-for-everybody/"
     google-query: inurl:"/wp-content/plugins/external-video-for-everybody/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,external-video-for-everybody,medium
+  tags: cve,wordpress,wp-plugin,external-video-for-everybody,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ez-portfolio-05d549bbf43422565845abd53d01ba98.yaml b/nuclei-templates/cve-less/plugins/ez-portfolio-05d549bbf43422565845abd53d01ba98.yaml
index ffe15091d0..8b87a2c9a6 100644
--- a/nuclei-templates/cve-less/plugins/ez-portfolio-05d549bbf43422565845abd53d01ba98.yaml
+++ b/nuclei-templates/cve-less/plugins/ez-portfolio-05d549bbf43422565845abd53d01ba98.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EZ Portfolio (Unmaintained) < 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EZ Portfolio (Unmaintained) plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions before 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ez-portfolio/"
     google-query: inurl:"/wp-content/plugins/ez-portfolio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ez-portfolio,medium
+  tags: cve,wordpress,wp-plugin,ez-portfolio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ezpz-one-click-backup-d1f60a6312b998075106906482a83fc4.yaml b/nuclei-templates/cve-less/plugins/ezpz-one-click-backup-d1f60a6312b998075106906482a83fc4.yaml
index d3e97dd8f2..9f61da10aa 100644
--- a/nuclei-templates/cve-less/plugins/ezpz-one-click-backup-d1f60a6312b998075106906482a83fc4.yaml
+++ b/nuclei-templates/cve-less/plugins/ezpz-one-click-backup-d1f60a6312b998075106906482a83fc4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     EZPZ One Click Backup <= 12.03.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The EZPZ One Click Backup plugin for WordPress is vulnerable to Cross-Site Scripting via the 'mail' parameter in versions up to, and including, 12.03.10 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ezpz-one-click-backup/"
     google-query: inurl:"/wp-content/plugins/ezpz-one-click-backup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ezpz-one-click-backup,medium
+  tags: cve,wordpress,wp-plugin,ezpz-one-click-backup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/facebook-page-photo-gallery-358b0cd776c979c59cab288ffb33dfa2.yaml b/nuclei-templates/cve-less/plugins/facebook-page-photo-gallery-358b0cd776c979c59cab288ffb33dfa2.yaml
index bcade0f11f..287575b602 100644
--- a/nuclei-templates/cve-less/plugins/facebook-page-photo-gallery-358b0cd776c979c59cab288ffb33dfa2.yaml
+++ b/nuclei-templates/cve-less/plugins/facebook-page-photo-gallery-358b0cd776c979c59cab288ffb33dfa2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Facebook Page Photo Gallery <= 2.0.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Facebook Page Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the inclusion of a vulnerable version of prettyPhoto in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/facebook-page-photo-gallery/"
     google-query: inurl:"/wp-content/plugins/facebook-page-photo-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,facebook-page-photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,facebook-page-photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fancy-product-designer-29abd196b81aad745cf652b3ba722e02.yaml b/nuclei-templates/cve-less/plugins/fancy-product-designer-29abd196b81aad745cf652b3ba722e02.yaml
index 0edb9d03b6..d044dd80b5 100644
--- a/nuclei-templates/cve-less/plugins/fancy-product-designer-29abd196b81aad745cf652b3ba722e02.yaml
+++ b/nuclei-templates/cve-less/plugins/fancy-product-designer-29abd196b81aad745cf652b3ba722e02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fancy Product Designer <= 4.5.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in versions up to, and including, 4.5.0 due to insufficient file sanitization. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fancy-product-designer/"
     google-query: inurl:"/wp-content/plugins/fancy-product-designer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fancy-product-designer,medium
+  tags: cve,wordpress,wp-plugin,fancy-product-designer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/faq-manager-with-structured-data-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/faq-manager-with-structured-data-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e8a67e3cc3..fd9b7e9212 100644
--- a/nuclei-templates/cve-less/plugins/faq-manager-with-structured-data-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/faq-manager-with-structured-data-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/faq-manager-with-structured-data/"
     google-query: inurl:"/wp-content/plugins/faq-manager-with-structured-data/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,faq-manager-with-structured-data,medium
+  tags: cve,wordpress,wp-plugin,faq-manager-with-structured-data,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/faq-wd-37ac09d863363372a10edf05c9e9e76f.yaml b/nuclei-templates/cve-less/plugins/faq-wd-37ac09d863363372a10edf05c9e9e76f.yaml
index 0705235208..d0f6cb5735 100644
--- a/nuclei-templates/cve-less/plugins/faq-wd-37ac09d863363372a10edf05c9e9e76f.yaml
+++ b/nuclei-templates/cve-less/plugins/faq-wd-37ac09d863363372a10edf05c9e9e76f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10WebFAQ <= 1.0.14 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The10WebFAQ plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/faq-wd/"
     google-query: inurl:"/wp-content/plugins/faq-wd/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,faq-wd,medium
+  tags: cve,wordpress,wp-plugin,faq-wd,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/faqs-manager-45db54965982ed46b91f5576d8c56bfa.yaml b/nuclei-templates/cve-less/plugins/faqs-manager-45db54965982ed46b91f5576d8c56bfa.yaml
index 089fbb2523..1101d0c529 100644
--- a/nuclei-templates/cve-less/plugins/faqs-manager-45db54965982ed46b91f5576d8c56bfa.yaml
+++ b/nuclei-templates/cve-less/plugins/faqs-manager-45db54965982ed46b91f5576d8c56bfa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FAQs Manager <= 1.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The FAQs Manager plugin for WordPress is vulnerable to blind SQL Injection via the ‘order’ and 'orderby' parameters in versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with low-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/faqs-manager/"
     google-query: inurl:"/wp-content/plugins/faqs-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,faqs-manager,high
+  tags: cve,wordpress,wp-plugin,faqs-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/faqs-manager-7a87807daec2011fba4e64fcc9f8c9ff.yaml b/nuclei-templates/cve-less/plugins/faqs-manager-7a87807daec2011fba4e64fcc9f8c9ff.yaml
index bbc4f63646..cfea541a96 100644
--- a/nuclei-templates/cve-less/plugins/faqs-manager-7a87807daec2011fba4e64fcc9f8c9ff.yaml
+++ b/nuclei-templates/cve-less/plugins/faqs-manager-7a87807daec2011fba4e64fcc9f8c9ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FAQs Manager <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FAQs Manager plugin for WordPress is vulnerable to Cross-Site Scripting via the 'question' parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/faqs-manager/"
     google-query: inurl:"/wp-content/plugins/faqs-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,faqs-manager,medium
+  tags: cve,wordpress,wp-plugin,faqs-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/faqs-manager-8cda9bfd3e2c450e7c2c0a786c763ffc.yaml b/nuclei-templates/cve-less/plugins/faqs-manager-8cda9bfd3e2c450e7c2c0a786c763ffc.yaml
index 1df4ec0668..fefcf747c0 100644
--- a/nuclei-templates/cve-less/plugins/faqs-manager-8cda9bfd3e2c450e7c2c0a786c763ffc.yaml
+++ b/nuclei-templates/cve-less/plugins/faqs-manager-8cda9bfd3e2c450e7c2c0a786c763ffc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FAQs Manager <= 1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The FAQs Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the inic_faq_settings function. This makes it possible for unauthenticated attackers to arbitrarily change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/faqs-manager/"
     google-query: inurl:"/wp-content/plugins/faqs-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,faqs-manager,high
+  tags: cve,wordpress,wp-plugin,faqs-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fast-checkout-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/fast-checkout-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0b8de4487f..df590b7ccf 100644
--- a/nuclei-templates/cve-less/plugins/fast-checkout-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/fast-checkout-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fast-checkout-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/fast-checkout-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fast-checkout-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,fast-checkout-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fast-wp-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/fast-wp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 258a348c08..25f0040772 100644
--- a/nuclei-templates/cve-less/plugins/fast-wp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/fast-wp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fast-wp/"
     google-query: inurl:"/wp-content/plugins/fast-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fast-wp,medium
+  tags: cve,wordpress,wp-plugin,fast-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fathom-analytics-cf309d1aebaaa67d40cb82a03fbd96af.yaml b/nuclei-templates/cve-less/plugins/fathom-analytics-cf309d1aebaaa67d40cb82a03fbd96af.yaml
index 7941344ae4..8026d6c544 100644
--- a/nuclei-templates/cve-less/plugins/fathom-analytics-cf309d1aebaaa67d40cb82a03fbd96af.yaml
+++ b/nuclei-templates/cve-less/plugins/fathom-analytics-cf309d1aebaaa67d40cb82a03fbd96af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fathom Analytics <= 3.0.7 - Authenticated(Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Fathom Analytics for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fathom-analytics/"
     google-query: inurl:"/wp-content/plugins/fathom-analytics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fathom-analytics,medium
+  tags: cve,wordpress,wp-plugin,fathom-analytics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/featured-image-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/featured-image-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7d9504ca74..579ba98084 100644
--- a/nuclei-templates/cve-less/plugins/featured-image-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/featured-image-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/featured-image-toolkit/"
     google-query: inurl:"/wp-content/plugins/featured-image-toolkit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,featured-image-toolkit,medium
+  tags: cve,wordpress,wp-plugin,featured-image-toolkit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/featured-images-for-rss-feeds-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/featured-images-for-rss-feeds-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 283e76fb07..cb8b5b1a4a 100644
--- a/nuclei-templates/cve-less/plugins/featured-images-for-rss-feeds-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/featured-images-for-rss-feeds-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/featured-images-for-rss-feeds/"
     google-query: inurl:"/wp-content/plugins/featured-images-for-rss-feeds/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,featured-images-for-rss-feeds,medium
+  tags: cve,wordpress,wp-plugin,featured-images-for-rss-feeds,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/featured-products-first-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/featured-products-first-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 36a81c71f7..c0d5a0fe4c 100644
--- a/nuclei-templates/cve-less/plugins/featured-products-first-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/featured-products-first-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/featured-products-first-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/featured-products-first-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,featured-products-first-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,featured-products-first-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/feed-instagram-lite-6358c61bb5cba311cb2b24aa2921d29a.yaml b/nuclei-templates/cve-less/plugins/feed-instagram-lite-6358c61bb5cba311cb2b24aa2921d29a.yaml
index b548b5d0cf..8553eca432 100644
--- a/nuclei-templates/cve-less/plugins/feed-instagram-lite-6358c61bb5cba311cb2b24aa2921d29a.yaml
+++ b/nuclei-templates/cve-less/plugins/feed-instagram-lite-6358c61bb5cba311cb2b24aa2921d29a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery for Social Photo <= 1.0.0.25 - Subscriber+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The plugin Gallery for Social Photo is vulnerable to SQL Injection via the post parameter in the function gifeed_duplicate_feed in versions up to, and including 1.0.0.25 due to insufficient sanitization before using it in an unprepared SQL query. This make it possible for subscribers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feed-instagram-lite/"
     google-query: inurl:"/wp-content/plugins/feed-instagram-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,feed-instagram-lite,high
+  tags: cve,wordpress,wp-plugin,feed-instagram-lite,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/feed-them-gallery-5556a133daa1113e5966da5001155a19.yaml b/nuclei-templates/cve-less/plugins/feed-them-gallery-5556a133daa1113e5966da5001155a19.yaml
index 7bebe5d44c..4e64a749a9 100644
--- a/nuclei-templates/cve-less/plugins/feed-them-gallery-5556a133daa1113e5966da5001155a19.yaml
+++ b/nuclei-templates/cve-less/plugins/feed-them-gallery-5556a133daa1113e5966da5001155a19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feed Them Gallery <= 1.1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Feed Them Gallery plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feed-them-gallery/"
     google-query: inurl:"/wp-content/plugins/feed-them-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,feed-them-gallery,medium
+  tags: cve,wordpress,wp-plugin,feed-them-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-274b8b119cea9c35028782c46e1417bd.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-274b8b119cea9c35028782c46e1417bd.yaml
index 6da5032fdf..cadf216bd3 100644
--- a/nuclei-templates/cve-less/plugins/feed-them-social-274b8b119cea9c35028782c46e1417bd.yaml
+++ b/nuclei-templates/cve-less/plugins/feed-them-social-274b8b119cea9c35028782c46e1417bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Feed Them Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.8.5. This is due to missing or incorrect nonce validation on the fts_refresh_token_ajax function. This makes it possible for unauthenticated attackers to update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feed-them-social/"
     google-query: inurl:"/wp-content/plugins/feed-them-social/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,feed-them-social,critical
+  tags: cve,wordpress,wp-plugin,feed-them-social,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/feedback-suite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/feedback-suite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index de9c5100af..ce6f75ca5f 100644
--- a/nuclei-templates/cve-less/plugins/feedback-suite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/feedback-suite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedback-suite/"
     google-query: inurl:"/wp-content/plugins/feedback-suite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,feedback-suite,medium
+  tags: cve,wordpress,wp-plugin,feedback-suite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/feedbackscout-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/feedbackscout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5f184f0fd3..e0685b9c4a 100644
--- a/nuclei-templates/cve-less/plugins/feedbackscout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/feedbackscout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedbackscout/"
     google-query: inurl:"/wp-content/plugins/feedbackscout/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,feedbackscout,medium
+  tags: cve,wordpress,wp-plugin,feedbackscout,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/feedpress-generator-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/feedpress-generator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9865fb5ad3..711ad1decf 100644
--- a/nuclei-templates/cve-less/plugins/feedpress-generator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/feedpress-generator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedpress-generator/"
     google-query: inurl:"/wp-content/plugins/feedpress-generator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,feedpress-generator,medium
+  tags: cve,wordpress,wp-plugin,feedpress-generator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/feedweb-57aa4255793b420daa78a4aa19aedeff.yaml b/nuclei-templates/cve-less/plugins/feedweb-57aa4255793b420daa78a4aa19aedeff.yaml
index 08ed85aecb..c23b524921 100644
--- a/nuclei-templates/cve-less/plugins/feedweb-57aa4255793b420daa78a4aa19aedeff.yaml
+++ b/nuclei-templates/cve-less/plugins/feedweb-57aa4255793b420daa78a4aa19aedeff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Feedweb <= 3.0.10 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Feedweb plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the ~/feedweb_license.php file in versions up to, and including, 3.0.10 This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedweb/"
     google-query: inurl:"/wp-content/plugins/feedweb/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,feedweb,medium
+  tags: cve,wordpress,wp-plugin,feedweb,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/feedwordpress-1790bee47ee796caaff632f15b4d5f1f.yaml b/nuclei-templates/cve-less/plugins/feedwordpress-1790bee47ee796caaff632f15b4d5f1f.yaml
index 2b479bbfdf..46eeab164b 100644
--- a/nuclei-templates/cve-less/plugins/feedwordpress-1790bee47ee796caaff632f15b4d5f1f.yaml
+++ b/nuclei-templates/cve-less/plugins/feedwordpress-1790bee47ee796caaff632f15b4d5f1f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FeedWordPress < 2015.0426 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FeedWordPress plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions before 2015.0426 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/feedwordpress/"
     google-query: inurl:"/wp-content/plugins/feedwordpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,feedwordpress,medium
+  tags: cve,wordpress,wp-plugin,feedwordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fg-joomla-to-wordpress-e50a4295f2c4d9bb583975552d8db6c3.yaml b/nuclei-templates/cve-less/plugins/fg-joomla-to-wordpress-e50a4295f2c4d9bb583975552d8db6c3.yaml
index 35f5d93dcd..54459b690f 100644
--- a/nuclei-templates/cve-less/plugins/fg-joomla-to-wordpress-e50a4295f2c4d9bb583975552d8db6c3.yaml
+++ b/nuclei-templates/cve-less/plugins/fg-joomla-to-wordpress-e50a4295f2c4d9bb583975552d8db6c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FG Joomla to WordPress < 3.31.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The FG Joomla to WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions before 3.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fg-joomla-to-wordpress/"
     google-query: inurl:"/wp-content/plugins/fg-joomla-to-wordpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fg-joomla-to-wordpress,high
+  tags: cve,wordpress,wp-plugin,fg-joomla-to-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fg-prestashop-to-woocommerce-39c8c0331c249c6c886fabcd8bbe5a6c.yaml b/nuclei-templates/cve-less/plugins/fg-prestashop-to-woocommerce-39c8c0331c249c6c886fabcd8bbe5a6c.yaml
index d6f11490bc..e6c16bd2bb 100644
--- a/nuclei-templates/cve-less/plugins/fg-prestashop-to-woocommerce-39c8c0331c249c6c886fabcd8bbe5a6c.yaml
+++ b/nuclei-templates/cve-less/plugins/fg-prestashop-to-woocommerce-39c8c0331c249c6c886fabcd8bbe5a6c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FG PrestaShop to WooCommerce Plugin <= 3.19.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FG PrestaShop to WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ajax_importer() function in versions up to, and including, 3.19.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fg-prestashop-to-woocommerce/"
     google-query: inurl:"/wp-content/plugins/fg-prestashop-to-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fg-prestashop-to-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,fg-prestashop-to-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/file-manager-bd5e0701ad8f9d787d4f03d3c90929d9.yaml b/nuclei-templates/cve-less/plugins/file-manager-bd5e0701ad8f9d787d4f03d3c90929d9.yaml
index d8c6df117d..bcb0318092 100644
--- a/nuclei-templates/cve-less/plugins/file-manager-bd5e0701ad8f9d787d4f03d3c90929d9.yaml
+++ b/nuclei-templates/cve-less/plugins/file-manager-bd5e0701ad8f9d787d4f03d3c90929d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bit File Manager <= 4.1.4 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Bit File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation on the plugin's upload form. This makes it possible for unauthenticated attackers to upload arbitrary files to the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/file-manager/"
     google-query: inurl:"/wp-content/plugins/file-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,file-manager,high
+  tags: cve,wordpress,wp-plugin,file-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/filr-protection-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/filr-protection-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 462ca61e70..86cb75c829 100644
--- a/nuclei-templates/cve-less/plugins/filr-protection-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/filr-protection-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/filr-protection/"
     google-query: inurl:"/wp-content/plugins/filr-protection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,filr-protection,medium
+  tags: cve,wordpress,wp-plugin,filr-protection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/final-tiles-grid-gallery-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/final-tiles-grid-gallery-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e1c7a311b9..41d7fe035d 100644
--- a/nuclei-templates/cve-less/plugins/final-tiles-grid-gallery-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/final-tiles-grid-gallery-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/final-tiles-grid-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/final-tiles-grid-gallery-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,final-tiles-grid-gallery-lite,medium
+  tags: cve,wordpress,wp-plugin,final-tiles-grid-gallery-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-942278840325a3151a90aba61723bd9e.yaml b/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-942278840325a3151a90aba61723bd9e.yaml
index a111bef70a..b19570ca47 100644
--- a/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-942278840325a3151a90aba61723bd9e.yaml
+++ b/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-942278840325a3151a90aba61723bd9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Finale WooCommerce Sale Countdown <= 2.9.0 - Authenticated Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Finale WooCommerce Sale Countdown plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the xl_maybe_push_support_request function in versions up to, and including, 2.9.0. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/"
     google-query: inurl:"/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,finale-woocommerce-sales-countdown-timer-discount,high
+  tags: cve,wordpress,wp-plugin,finale-woocommerce-sales-countdown-timer-discount,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/finalist-65e3ebcdd517173ee2482f46a1239a5c.yaml b/nuclei-templates/cve-less/plugins/finalist-65e3ebcdd517173ee2482f46a1239a5c.yaml
index 30618ea9f1..65717e5be0 100644
--- a/nuclei-templates/cve-less/plugins/finalist-65e3ebcdd517173ee2482f46a1239a5c.yaml
+++ b/nuclei-templates/cve-less/plugins/finalist-65e3ebcdd517173ee2482f46a1239a5c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Finalist (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Finalist Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/finalist/"
     google-query: inurl:"/wp-content/plugins/finalist/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,finalist,medium
+  tags: cve,wordpress,wp-plugin,finalist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/find-and-replace-all-951a6c1e508507cf69c6b78271828a61.yaml b/nuclei-templates/cve-less/plugins/find-and-replace-all-951a6c1e508507cf69c6b78271828a61.yaml
index b734d30721..5da91372e7 100644
--- a/nuclei-templates/cve-less/plugins/find-and-replace-all-951a6c1e508507cf69c6b78271828a61.yaml
+++ b/nuclei-templates/cve-less/plugins/find-and-replace-all-951a6c1e508507cf69c6b78271828a61.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Find and Replace All <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Find and Replace All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘findstr’ and 'replacestr' parameters in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in the database that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/find-and-replace-all/"
     google-query: inurl:"/wp-content/plugins/find-and-replace-all/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,find-and-replace-all,medium
+  tags: cve,wordpress,wp-plugin,find-and-replace-all,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/five-star-ratings-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/five-star-ratings-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e246829bfa..9c5e7277bd 100644
--- a/nuclei-templates/cve-less/plugins/five-star-ratings-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/five-star-ratings-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/five-star-ratings-shortcode/"
     google-query: inurl:"/wp-content/plugins/five-star-ratings-shortcode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,five-star-ratings-shortcode,medium
+  tags: cve,wordpress,wp-plugin,five-star-ratings-shortcode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/flagem-ba981dbbf1ea06bbf2969e39bd0742cb.yaml b/nuclei-templates/cve-less/plugins/flagem-ba981dbbf1ea06bbf2969e39bd0742cb.yaml
index ff04b7efdf..c1a9456f34 100644
--- a/nuclei-templates/cve-less/plugins/flagem-ba981dbbf1ea06bbf2969e39bd0742cb.yaml
+++ b/nuclei-templates/cve-less/plugins/flagem-ba981dbbf1ea06bbf2969e39bd0742cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FlagEm (Unknown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FlagEm plugin for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping via the 'cID' parameter in the 'flagit.php' file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/FlagEm/"
     google-query: inurl:"/wp-content/plugins/FlagEm/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,FlagEm,medium
+  tags: cve,wordpress,wp-plugin,FlagEm,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/flash-album-gallery-5a8f9f4e46e4e9903571445b91cbd00c.yaml b/nuclei-templates/cve-less/plugins/flash-album-gallery-5a8f9f4e46e4e9903571445b91cbd00c.yaml
index 5674b69d02..5f4e9e3ab3 100644
--- a/nuclei-templates/cve-less/plugins/flash-album-gallery-5a8f9f4e46e4e9903571445b91cbd00c.yaml
+++ b/nuclei-templates/cve-less/plugins/flash-album-gallery-5a8f9f4e46e4e9903571445b91cbd00c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 2.00 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the lib/shortcodes.php file in versions up to, and including, 2.00 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flash-album-gallery/"
     google-query: inurl:"/wp-content/plugins/flash-album-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,flash-album-gallery,high
+  tags: cve,wordpress,wp-plugin,flash-album-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/flash-album-gallery-a6b7b9dbed28e3619b6105ab67bf1f0c.yaml b/nuclei-templates/cve-less/plugins/flash-album-gallery-a6b7b9dbed28e3619b6105ab67bf1f0c.yaml
index 8685b9a3d2..54affea5e8 100644
--- a/nuclei-templates/cve-less/plugins/flash-album-gallery-a6b7b9dbed28e3619b6105ab67bf1f0c.yaml
+++ b/nuclei-templates/cve-less/plugins/flash-album-gallery-a6b7b9dbed28e3619b6105ab67bf1f0c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 2.55 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio plugin for WordPress is vulnerable to SQL Injection via the ' $id' variable in the lib/shortcodes.php file in versions up to, and including, 2.55 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flash-album-gallery/"
     google-query: inurl:"/wp-content/plugins/flash-album-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,flash-album-gallery,high
+  tags: cve,wordpress,wp-plugin,flash-album-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/flash-album-gallery-bf1b5f8a23a62c1a6be7914495f430b8.yaml b/nuclei-templates/cve-less/plugins/flash-album-gallery-bf1b5f8a23a62c1a6be7914495f430b8.yaml
index 68b891e042..2017b2e7af 100644
--- a/nuclei-templates/cve-less/plugins/flash-album-gallery-bf1b5f8a23a62c1a6be7914495f430b8.yaml
+++ b/nuclei-templates/cve-less/plugins/flash-album-gallery-bf1b5f8a23a62c1a6be7914495f430b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.53 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio plugin for WordPress is vulnerable to generic SQL Injection via the 'description' parameter in the admin/manage.php file  in versions up to 2.53 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flash-album-gallery/"
     google-query: inurl:"/wp-content/plugins/flash-album-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,flash-album-gallery,high
+  tags: cve,wordpress,wp-plugin,flash-album-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/flash-album-gallery-daf27b66517334d1a8886ba5982e7461.yaml b/nuclei-templates/cve-less/plugins/flash-album-gallery-daf27b66517334d1a8886ba5982e7461.yaml
index 3c04c3d9b1..b2980602d7 100644
--- a/nuclei-templates/cve-less/plugins/flash-album-gallery-daf27b66517334d1a8886ba5982e7461.yaml
+++ b/nuclei-templates/cve-less/plugins/flash-album-gallery-daf27b66517334d1a8886ba5982e7461.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 2.00 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio plugin for WordPress is vulnerable to SQL Injection via the ‘form’ parameter in the admin/ajax.php file in versions up to, and including, 2.00 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flash-album-gallery/"
     google-query: inurl:"/wp-content/plugins/flash-album-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,flash-album-gallery,high
+  tags: cve,wordpress,wp-plugin,flash-album-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/flexi-quote-rotator-8041e4418d6dd5832b9d268c12d84f0f.yaml b/nuclei-templates/cve-less/plugins/flexi-quote-rotator-8041e4418d6dd5832b9d268c12d84f0f.yaml
index b15779e60f..38a2ca091c 100644
--- a/nuclei-templates/cve-less/plugins/flexi-quote-rotator-8041e4418d6dd5832b9d268c12d84f0f.yaml
+++ b/nuclei-templates/cve-less/plugins/flexi-quote-rotator-8041e4418d6dd5832b9d268c12d84f0f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flexi Quote Rotator <= 0.9.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flexi-quote-rotator/"
     google-query: inurl:"/wp-content/plugins/flexi-quote-rotator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,flexi-quote-rotator,medium
+  tags: cve,wordpress,wp-plugin,flexi-quote-rotator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/float-to-top-button-974e55fea877636d350ce5211a9f2278.yaml b/nuclei-templates/cve-less/plugins/float-to-top-button-974e55fea877636d350ce5211a9f2278.yaml
index b14f456813..a9a30244f6 100644
--- a/nuclei-templates/cve-less/plugins/float-to-top-button-974e55fea877636d350ce5211a9f2278.yaml
+++ b/nuclei-templates/cve-less/plugins/float-to-top-button-974e55fea877636d350ce5211a9f2278.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Float to Top Button <= 2.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Float to Top Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as 'arrow_img_url' in versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping that makes attribute based XSS possible. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/float-to-top-button/"
     google-query: inurl:"/wp-content/plugins/float-to-top-button/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,float-to-top-button,medium
+  tags: cve,wordpress,wp-plugin,float-to-top-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/floating-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/floating-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 94d1c53672..c0b5a56031 100644
--- a/nuclei-templates/cve-less/plugins/floating-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/floating-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/floating-links/"
     google-query: inurl:"/wp-content/plugins/floating-links/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,floating-links,medium
+  tags: cve,wordpress,wp-plugin,floating-links,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/floating-tweets-1e72c31c8795449e9c06e927fb97a2d9.yaml b/nuclei-templates/cve-less/plugins/floating-tweets-1e72c31c8795449e9c06e927fb97a2d9.yaml
index 74410418c6..25353308f4 100644
--- a/nuclei-templates/cve-less/plugins/floating-tweets-1e72c31c8795449e9c06e927fb97a2d9.yaml
+++ b/nuclei-templates/cve-less/plugins/floating-tweets-1e72c31c8795449e9c06e927fb97a2d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Floating Tweets <= 1.0.1 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Floating Tweets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/floating-tweets/"
     google-query: inurl:"/wp-content/plugins/floating-tweets/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,floating-tweets,high
+  tags: cve,wordpress,wp-plugin,floating-tweets,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/flow-flow-social-streams-765a9fd486d65b41296bb2e40f26d4d3.yaml b/nuclei-templates/cve-less/plugins/flow-flow-social-streams-765a9fd486d65b41296bb2e40f26d4d3.yaml
index bf3011492c..ec0ecc1563 100644
--- a/nuclei-templates/cve-less/plugins/flow-flow-social-streams-765a9fd486d65b41296bb2e40f26d4d3.yaml
+++ b/nuclei-templates/cve-less/plugins/flow-flow-social-streams-765a9fd486d65b41296bb2e40f26d4d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Flow-Flow Social Feed Stream <= 3.0.71 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.71 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flow-flow-social-streams/"
     google-query: inurl:"/wp-content/plugins/flow-flow-social-streams/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,flow-flow-social-streams,medium
+  tags: cve,wordpress,wp-plugin,flow-flow-social-streams,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fluid-responsive-slideshow-d0db0236c8bb93bbd9849f985e9c57df.yaml b/nuclei-templates/cve-less/plugins/fluid-responsive-slideshow-d0db0236c8bb93bbd9849f985e9c57df.yaml
index c84e8a3cc9..3a1072a2c2 100644
--- a/nuclei-templates/cve-less/plugins/fluid-responsive-slideshow-d0db0236c8bb93bbd9849f985e9c57df.yaml
+++ b/nuclei-templates/cve-less/plugins/fluid-responsive-slideshow-d0db0236c8bb93bbd9849f985e9c57df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fluid Responsive Slideshow < 2.2.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Fluid Responsive Slideshow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.6. This is due to missing or incorrect nonce validation on the frst_save() function. This makes it possible for unauthenticated attackers to edit content on all pages and posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fluid-responsive-slideshow/"
     google-query: inurl:"/wp-content/plugins/fluid-responsive-slideshow/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fluid-responsive-slideshow,high
+  tags: cve,wordpress,wp-plugin,fluid-responsive-slideshow,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/flv-embed-797a8ec8d14a7095c1401c88381f0455.yaml b/nuclei-templates/cve-less/plugins/flv-embed-797a8ec8d14a7095c1401c88381f0455.yaml
index 8e557d4118..f5bafbccb7 100644
--- a/nuclei-templates/cve-less/plugins/flv-embed-797a8ec8d14a7095c1401c88381f0455.yaml
+++ b/nuclei-templates/cve-less/plugins/flv-embed-797a8ec8d14a7095c1401c88381f0455.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FLV Embed <= 1.2.1 - Cross-Site Request Forgery to Options Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The FLV Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the flv_sitemap_options_panel function. This makes it possible for unauthenticated attackers to update plugin settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/flv-embed/"
     google-query: inurl:"/wp-content/plugins/flv-embed/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,flv-embed,high
+  tags: cve,wordpress,wp-plugin,flv-embed,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fma-additional-registration-attributes-f0a4fb1ab5ad45a43505bfb864975940.yaml b/nuclei-templates/cve-less/plugins/fma-additional-registration-attributes-f0a4fb1ab5ad45a43505bfb864975940.yaml
index aa505a7d49..e700aeead0 100644
--- a/nuclei-templates/cve-less/plugins/fma-additional-registration-attributes-f0a4fb1ab5ad45a43505bfb864975940.yaml
+++ b/nuclei-templates/cve-less/plugins/fma-additional-registration-attributes-f0a4fb1ab5ad45a43505bfb864975940.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Custom Registration Form <= 1.0.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WooCommerce Custom Registration Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the del_field and save_all_data functions. This makes it possible for unauthenticated attackers to edit and delete registration forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fma-additional-registration-attributes/"
     google-query: inurl:"/wp-content/plugins/fma-additional-registration-attributes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fma-additional-registration-attributes,high
+  tags: cve,wordpress,wp-plugin,fma-additional-registration-attributes,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fma-products-tabs-pro-c2b59c8389d71cf87b7fb1296201832f.yaml b/nuclei-templates/cve-less/plugins/fma-products-tabs-pro-c2b59c8389d71cf87b7fb1296201832f.yaml
index 513cbb23fc..556b20e7cb 100644
--- a/nuclei-templates/cve-less/plugins/fma-products-tabs-pro-c2b59c8389d71cf87b7fb1296201832f.yaml
+++ b/nuclei-templates/cve-less/plugins/fma-products-tabs-pro-c2b59c8389d71cf87b7fb1296201832f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woocommerce Tabs Plugin, Add Custom Product Tabs <= 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Woocommerce Tabs Plugin, Add Custom Product Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to edit session information via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fma-products-tabs-pro/"
     google-query: inurl:"/wp-content/plugins/fma-products-tabs-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fma-products-tabs-pro,high
+  tags: cve,wordpress,wp-plugin,fma-products-tabs-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/focus-on-reviews-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/focus-on-reviews-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 904f2c87dd..5cbeee7077 100644
--- a/nuclei-templates/cve-less/plugins/focus-on-reviews-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/focus-on-reviews-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/focus-on-reviews-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/focus-on-reviews-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,focus-on-reviews-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,focus-on-reviews-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/folders-346a08b5e01ce0a0fe29178ae41386f7.yaml b/nuclei-templates/cve-less/plugins/folders-346a08b5e01ce0a0fe29178ae41386f7.yaml
index ad1676f244..e0e2f0b8f8 100644
--- a/nuclei-templates/cve-less/plugins/folders-346a08b5e01ce0a0fe29178ae41386f7.yaml
+++ b/nuclei-templates/cve-less/plugins/folders-346a08b5e01ce0a0fe29178ae41386f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Folders plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_folders_file_upload function in versions up to, and including, 2.9.2. This makes it possible for authors or higher to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/folders/"
     google-query: inurl:"/wp-content/plugins/folders/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,folders,high
+  tags: cve,wordpress,wp-plugin,folders,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/foliopress-wysiwyg-6d24ca924659d60813d0c9beab91c29b.yaml b/nuclei-templates/cve-less/plugins/foliopress-wysiwyg-6d24ca924659d60813d0c9beab91c29b.yaml
index 87e2f6ea07..e1691ba370 100644
--- a/nuclei-templates/cve-less/plugins/foliopress-wysiwyg-6d24ca924659d60813d0c9beab91c29b.yaml
+++ b/nuclei-templates/cve-less/plugins/foliopress-wysiwyg-6d24ca924659d60813d0c9beab91c29b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Foliopress WYSIWYG < 2.6.16 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Foliopress WYSIWYG plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the swfupload.swf file in versions up to, and including, 2.6.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foliopress-wysiwyg/"
     google-query: inurl:"/wp-content/plugins/foliopress-wysiwyg/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,foliopress-wysiwyg,medium
+  tags: cve,wordpress,wp-plugin,foliopress-wysiwyg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fontsampler-a0f4536ea7bd1323c1b7b95c9e4b018e.yaml b/nuclei-templates/cve-less/plugins/fontsampler-a0f4536ea7bd1323c1b7b95c9e4b018e.yaml
index 3ba68605e8..123f042cd6 100644
--- a/nuclei-templates/cve-less/plugins/fontsampler-a0f4536ea7bd1323c1b7b95c9e4b018e.yaml
+++ b/nuclei-templates/cve-less/plugins/fontsampler-a0f4536ea7bd1323c1b7b95c9e4b018e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fontsampler <= 0.4.12 -  Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Fontsampler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_get_mock_fontsampler function in versions up to, and including, 0.4.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fontsampler/"
     google-query: inurl:"/wp-content/plugins/fontsampler/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fontsampler,high
+  tags: cve,wordpress,wp-plugin,fontsampler,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/foobar-notifications-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/foobar-notifications-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d5bfa7a413..cc14995b1b 100644
--- a/nuclei-templates/cve-less/plugins/foobar-notifications-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/foobar-notifications-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foobar-notifications-lite/"
     google-query: inurl:"/wp-content/plugins/foobar-notifications-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,foobar-notifications-lite,medium
+  tags: cve,wordpress,wp-plugin,foobar-notifications-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/foobox-image-lightbox-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/foobox-image-lightbox-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f28542e1cf..d1c7ba7cee 100644
--- a/nuclei-templates/cve-less/plugins/foobox-image-lightbox-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/foobox-image-lightbox-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foobox-image-lightbox/"
     google-query: inurl:"/wp-content/plugins/foobox-image-lightbox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,foobox-image-lightbox,medium
+  tags: cve,wordpress,wp-plugin,foobox-image-lightbox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/food-store-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/food-store-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c47b0cb370..3970907e76 100644
--- a/nuclei-templates/cve-less/plugins/food-store-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/food-store-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/food-store/"
     google-query: inurl:"/wp-content/plugins/food-store/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,food-store,medium
+  tags: cve,wordpress,wp-plugin,food-store,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/foogallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/foogallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 64fe24b77c..3fe9eb3257 100644
--- a/nuclei-templates/cve-less/plugins/foogallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/foogallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foogallery/"
     google-query: inurl:"/wp-content/plugins/foogallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,foogallery,medium
+  tags: cve,wordpress,wp-plugin,foogallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/foogallery-ea2db66e943b1038a7ee25bf53b0dcc6.yaml b/nuclei-templates/cve-less/plugins/foogallery-ea2db66e943b1038a7ee25bf53b0dcc6.yaml
index ad19dff6ae..3edde967f6 100644
--- a/nuclei-templates/cve-less/plugins/foogallery-ea2db66e943b1038a7ee25bf53b0dcc6.yaml
+++ b/nuclei-templates/cve-less/plugins/foogallery-ea2db66e943b1038a7ee25bf53b0dcc6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FooGallery <= 1.9.24 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The FooGallery plugin for WordPress is vulnerable to Cross-Site Scripting via the image title and caption parameters in the gallery media upload editor in versions up to, and including, 1.9.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foogallery/"
     google-query: inurl:"/wp-content/plugins/foogallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,foogallery,high
+  tags: cve,wordpress,wp-plugin,foogallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/football-live-scores-2d57f425ae40c364bab73a19021c28f3.yaml b/nuclei-templates/cve-less/plugins/football-live-scores-2d57f425ae40c364bab73a19021c28f3.yaml
index 9c46a03536..5c421d4e2b 100644
--- a/nuclei-templates/cve-less/plugins/football-live-scores-2d57f425ae40c364bab73a19021c28f3.yaml
+++ b/nuclei-templates/cve-less/plugins/football-live-scores-2d57f425ae40c364bab73a19021c28f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Football Live Scores <= 1.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Football Live Scores plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions such as ajax_set_lang, ajax_set_gmt, ajax_set_support_link, and ajax_set_support_time all called via AJAX hooks in versions up to, and including, 1.5. This makes it possible for authenticated attackers with subscriber level permissions and above to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/football-live-scores/"
     google-query: inurl:"/wp-content/plugins/football-live-scores/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,football-live-scores,medium
+  tags: cve,wordpress,wp-plugin,football-live-scores,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/forcefield-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/forcefield-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 891c4daf22..3ddd35d632 100644
--- a/nuclei-templates/cve-less/plugins/forcefield-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/forcefield-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forcefield/"
     google-query: inurl:"/wp-content/plugins/forcefield/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,forcefield,medium
+  tags: cve,wordpress,wp-plugin,forcefield,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/form-maker-bac514b6f0b1f8c0997d58523192fc7a.yaml b/nuclei-templates/cve-less/plugins/form-maker-bac514b6f0b1f8c0997d58523192fc7a.yaml
index 5c60a301ff..9f46089005 100644
--- a/nuclei-templates/cve-less/plugins/form-maker-bac514b6f0b1f8c0997d58523192fc7a.yaml
+++ b/nuclei-templates/cve-less/plugins/form-maker-bac514b6f0b1f8c0997d58523192fc7a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Maker <= 1.15.16 - Missing Authorization in check_score
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Form Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_score function in versions up to, and including, 1.15.16. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to reveal the score of posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-maker/"
     google-query: inurl:"/wp-content/plugins/form-maker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,form-maker,medium
+  tags: cve,wordpress,wp-plugin,form-maker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/form-maker-f99ce34ee4393dd151b2436ea69250e6.yaml b/nuclei-templates/cve-less/plugins/form-maker-f99ce34ee4393dd151b2436ea69250e6.yaml
index 8c389a444d..3db7189c61 100644
--- a/nuclei-templates/cve-less/plugins/form-maker-f99ce34ee4393dd151b2436ea69250e6.yaml
+++ b/nuclei-templates/cve-less/plugins/form-maker-f99ce34ee4393dd151b2436ea69250e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Form Maker by 10Web <= 1.13.35 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Form Maker plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in versions up to, and including, 1.13.35 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-maker/"
     google-query: inurl:"/wp-content/plugins/form-maker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,form-maker,high
+  tags: cve,wordpress,wp-plugin,form-maker,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/form-vibes-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/form-vibes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 69a4d7e690..ab04b2bd68 100644
--- a/nuclei-templates/cve-less/plugins/form-vibes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/form-vibes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/form-vibes/"
     google-query: inurl:"/wp-content/plugins/form-vibes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,form-vibes,medium
+  tags: cve,wordpress,wp-plugin,form-vibes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/formassembly-web-forms-d46aeb2acb3fb066be1f4ef24cb7b7ca.yaml b/nuclei-templates/cve-less/plugins/formassembly-web-forms-d46aeb2acb3fb066be1f4ef24cb7b7ca.yaml
index 082bd8659f..93aa77439c 100644
--- a/nuclei-templates/cve-less/plugins/formassembly-web-forms-d46aeb2acb3fb066be1f4ef24cb7b7ca.yaml
+++ b/nuclei-templates/cve-less/plugins/formassembly-web-forms-d46aeb2acb3fb066be1f4ef24cb7b7ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-FormAssembly <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formassembly-web-forms/"
     google-query: inurl:"/wp-content/plugins/formassembly-web-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,formassembly-web-forms,medium
+  tags: cve,wordpress,wp-plugin,formassembly-web-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/formbuilder-860302baac60a4494cef29bab34e785b.yaml b/nuclei-templates/cve-less/plugins/formbuilder-860302baac60a4494cef29bab34e785b.yaml
index 214c22d3f1..58ccbc90ef 100644
--- a/nuclei-templates/cve-less/plugins/formbuilder-860302baac60a4494cef29bab34e785b.yaml
+++ b/nuclei-templates/cve-less/plugins/formbuilder-860302baac60a4494cef29bab34e785b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FormBuilder < 1.08 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The FormBuilder plugin for WordPress is vulnerable to blind SQL Injection via the 'fbid' parameter used in various functions in versions up to, and including, 1.0.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with author-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formbuilder/"
     google-query: inurl:"/wp-content/plugins/formbuilder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,formbuilder,high
+  tags: cve,wordpress,wp-plugin,formbuilder,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/formget-contact-form-d7ca1dd38546745c43c763574d903819.yaml b/nuclei-templates/cve-less/plugins/formget-contact-form-d7ca1dd38546745c43c763574d903819.yaml
index 3cc77b043a..dcaa46615c 100644
--- a/nuclei-templates/cve-less/plugins/formget-contact-form-d7ca1dd38546745c43c763574d903819.yaml
+++ b/nuclei-templates/cve-less/plugins/formget-contact-form-d7ca1dd38546745c43c763574d903819.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by FormGet < 5.3.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘value’ parameter in versions before 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formget-contact-form/"
     google-query: inurl:"/wp-content/plugins/formget-contact-form/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,formget-contact-form,high
+  tags: cve,wordpress,wp-plugin,formget-contact-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/formidable-6c309d4fe4a7c00ec9f13abe6fdd70cc.yaml b/nuclei-templates/cve-less/plugins/formidable-6c309d4fe4a7c00ec9f13abe6fdd70cc.yaml
index edcbe03861..0cb349afc1 100644
--- a/nuclei-templates/cve-less/plugins/formidable-6c309d4fe4a7c00ec9f13abe6fdd70cc.yaml
+++ b/nuclei-templates/cve-less/plugins/formidable-6c309d4fe4a7c00ec9f13abe6fdd70cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable Forms <= 5.5.4 - Authenticated (Admin+) Server-Side Request Forgery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Formidable Form Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 5.5.4 due to insufficient URL restrictions on the 'plugin' parameter passed to the the install_addon function. This makes it possible for authenticated users, with administrative privileges, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidable/"
     google-query: inurl:"/wp-content/plugins/formidable/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,formidable,medium
+  tags: cve,wordpress,wp-plugin,formidable,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/formidable-aed9f1a9cf9e76b014fa4ceef2236366.yaml b/nuclei-templates/cve-less/plugins/formidable-aed9f1a9cf9e76b014fa4ceef2236366.yaml
index 15f2016566..49a7adbdbe 100644
--- a/nuclei-templates/cve-less/plugins/formidable-aed9f1a9cf9e76b014fa4ceef2236366.yaml
+++ b/nuclei-templates/cve-less/plugins/formidable-aed9f1a9cf9e76b014fa4ceef2236366.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable Form Builder < 2.05.03 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Formidable Form Builder plugin for WordPress is vulnerable to SQL Injection via the ‘display-frm-data’ shortcode in versions before 2.05.03 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidable/"
     google-query: inurl:"/wp-content/plugins/formidable/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,formidable,high
+  tags: cve,wordpress,wp-plugin,formidable,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/formidable-b198b20134bc1a80b2134b7e32b1d9f4.yaml b/nuclei-templates/cve-less/plugins/formidable-b198b20134bc1a80b2134b7e32b1d9f4.yaml
index bed5b0ee20..d45b5b4989 100644
--- a/nuclei-templates/cve-less/plugins/formidable-b198b20134bc1a80b2134b7e32b1d9f4.yaml
+++ b/nuclei-templates/cve-less/plugins/formidable-b198b20134bc1a80b2134b7e32b1d9f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formidable Form Builder <= 2.0.21 - Missing Authorization Checks
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Formidable Form Builder plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.21. This is due to missing nonce and capability checks on the 'frm_fill_licenses' and 'frm_ajax' AJAX actions. This makes it possible for unauthenticated attackers to access leaked nonces and modify form fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formidable/"
     google-query: inurl:"/wp-content/plugins/formidable/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,formidable,critical
+  tags: cve,wordpress,wp-plugin,formidable,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/formilla-chat-and-marketing-b49deb95fc00559c0721d2c968358861.yaml b/nuclei-templates/cve-less/plugins/formilla-chat-and-marketing-b49deb95fc00559c0721d2c968358861.yaml
index 88ff6f1727..11ddce1b8f 100644
--- a/nuclei-templates/cve-less/plugins/formilla-chat-and-marketing-b49deb95fc00559c0721d2c968358861.yaml
+++ b/nuclei-templates/cve-less/plugins/formilla-chat-and-marketing-b49deb95fc00559c0721d2c968358861.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formilla Chat and Marketing Automation <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaToolsID'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The  Formilla Chat and Marketing Automation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'FormillaToolsID' parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formilla-chat-and-marketing/"
     google-query: inurl:"/wp-content/plugins/formilla-chat-and-marketing/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,formilla-chat-and-marketing,medium
+  tags: cve,wordpress,wp-plugin,formilla-chat-and-marketing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/formilla-edge-ecf9407059e3582708411befde00831c.yaml b/nuclei-templates/cve-less/plugins/formilla-edge-ecf9407059e3582708411befde00831c.yaml
index 02d891f8c8..7bdcbc53a0 100644
--- a/nuclei-templates/cve-less/plugins/formilla-edge-ecf9407059e3582708411befde00831c.yaml
+++ b/nuclei-templates/cve-less/plugins/formilla-edge-ecf9407059e3582708411befde00831c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Formilla Edge <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaPluginID'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Formilla Chat and Marketing Automation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'FormillaPluginID' parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/formilla-edge/"
     google-query: inurl:"/wp-content/plugins/formilla-edge/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,formilla-edge,medium
+  tags: cve,wordpress,wp-plugin,formilla-edge,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/forminator-0b29757be7c9544b9f5309f3b1be1e0d.yaml b/nuclei-templates/cve-less/plugins/forminator-0b29757be7c9544b9f5309f3b1be1e0d.yaml
index 1d5167d731..30e0649b77 100644
--- a/nuclei-templates/cve-less/plugins/forminator-0b29757be7c9544b9f5309f3b1be1e0d.yaml
+++ b/nuclei-templates/cve-less/plugins/forminator-0b29757be7c9544b9f5309f3b1be1e0d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forminator <= 1.22.1 - Missing Authorization on 'hubspot_support_request' AJAX function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Forminator plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'hubspot_support_request' AJAX function in versions up to, and including, 1.22.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to submit support requests via the Hubspot API.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forminator/"
     google-query: inurl:"/wp-content/plugins/forminator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,forminator,medium
+  tags: cve,wordpress,wp-plugin,forminator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/forminator-950d0fecfa65a978eebec0d58fd1e9bc.yaml b/nuclei-templates/cve-less/plugins/forminator-950d0fecfa65a978eebec0d58fd1e9bc.yaml
index bb80c2f527..19891bc9fd 100644
--- a/nuclei-templates/cve-less/plugins/forminator-950d0fecfa65a978eebec0d58fd1e9bc.yaml
+++ b/nuclei-templates/cve-less/plugins/forminator-950d0fecfa65a978eebec0d58fd1e9bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forminator <= 1.22.1 - Missing Authorization on 'load_recaptcha_preview' AJAX function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Forminator plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'load_recaptcha_preview' AJAX function in versions up to, and including, 1.22.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to preview recaptcha functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forminator/"
     google-query: inurl:"/wp-content/plugins/forminator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,forminator,medium
+  tags: cve,wordpress,wp-plugin,forminator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/forminator-a6cb8bb474a298f0d13061a17830eac9.yaml b/nuclei-templates/cve-less/plugins/forminator-a6cb8bb474a298f0d13061a17830eac9.yaml
index 41eb450f67..9ee7e9653b 100644
--- a/nuclei-templates/cve-less/plugins/forminator-a6cb8bb474a298f0d13061a17830eac9.yaml
+++ b/nuclei-templates/cve-less/plugins/forminator-a6cb8bb474a298f0d13061a17830eac9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Forminator <= 1.22.1 - Missing Authorization on 'load_hcaptcha_preview' AJAX function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Forminator plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'load_hcaptcha_preview' AJAX function in versions up to, and including, 1.22.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to preview hcaptcha functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forminator/"
     google-query: inurl:"/wp-content/plugins/forminator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,forminator,medium
+  tags: cve,wordpress,wp-plugin,forminator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/forms-to-zapier-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/forms-to-zapier-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9b0937086d..eefae058bb 100644
--- a/nuclei-templates/cve-less/plugins/forms-to-zapier-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/forms-to-zapier-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/forms-to-zapier/"
     google-query: inurl:"/wp-content/plugins/forms-to-zapier/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,forms-to-zapier,medium
+  tags: cve,wordpress,wp-plugin,forms-to-zapier,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/foxypress-05da59639245e73e5006b3b27fd29b5e.yaml b/nuclei-templates/cve-less/plugins/foxypress-05da59639245e73e5006b3b27fd29b5e.yaml
index c9cb74f4f9..bba9706559 100644
--- a/nuclei-templates/cve-less/plugins/foxypress-05da59639245e73e5006b3b27fd29b5e.yaml
+++ b/nuclei-templates/cve-less/plugins/foxypress-05da59639245e73e5006b3b27fd29b5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FoxyPress <= 0.4.2.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FoxyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 0.4.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foxypress/"
     google-query: inurl:"/wp-content/plugins/foxypress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,foxypress,medium
+  tags: cve,wordpress,wp-plugin,foxypress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/foxypress-1ea57d4028638a993e3a1865c1c429fb.yaml b/nuclei-templates/cve-less/plugins/foxypress-1ea57d4028638a993e3a1865c1c429fb.yaml
index 2045a839a3..2b9b228289 100644
--- a/nuclei-templates/cve-less/plugins/foxypress-1ea57d4028638a993e3a1865c1c429fb.yaml
+++ b/nuclei-templates/cve-less/plugins/foxypress-1ea57d4028638a993e3a1865c1c429fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FoxyPress < 0.4.2.6 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the documenthandler.php file in versions up to, and including, 0.4.2.5. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foxypress/"
     google-query: inurl:"/wp-content/plugins/foxypress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,foxypress,high
+  tags: cve,wordpress,wp-plugin,foxypress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/foxypress-28cc3b436a054be9278bf9f654cf7298.yaml b/nuclei-templates/cve-less/plugins/foxypress-28cc3b436a054be9278bf9f654cf7298.yaml
index c980cab2e1..c2318427a0 100644
--- a/nuclei-templates/cve-less/plugins/foxypress-28cc3b436a054be9278bf9f654cf7298.yaml
+++ b/nuclei-templates/cve-less/plugins/foxypress-28cc3b436a054be9278bf9f654cf7298.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FoxyPress <= 0.4.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The FoxyPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform SQL Injection attacks via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foxypress/"
     google-query: inurl:"/wp-content/plugins/foxypress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,foxypress,high
+  tags: cve,wordpress,wp-plugin,foxypress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/foxypress-4392c790af392965f4ef8691acb00317.yaml b/nuclei-templates/cve-less/plugins/foxypress-4392c790af392965f4ef8691acb00317.yaml
index af9d7e0d82..4a2c204ba2 100644
--- a/nuclei-templates/cve-less/plugins/foxypress-4392c790af392965f4ef8691acb00317.yaml
+++ b/nuclei-templates/cve-less/plugins/foxypress-4392c790af392965f4ef8691acb00317.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FoxyPress <= 0.4.9 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The FoxyPress plugin for WordPress is vulnerable to SQL Injection via several parameters in versions up to, and including, 0.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/foxypress/"
     google-query: inurl:"/wp-content/plugins/foxypress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,foxypress,high
+  tags: cve,wordpress,wp-plugin,foxypress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-47ea4a03f1b0e77aad4910db22ee3336.yaml b/nuclei-templates/cve-less/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-47ea4a03f1b0e77aad4910db22ee3336.yaml
index 9f5678361c..8b33bdbacc 100644
--- a/nuclei-templates/cve-less/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-47ea4a03f1b0e77aad4910db22ee3336.yaml
+++ b/nuclei-templates/cve-less/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-47ea4a03f1b0e77aad4910db22ee3336.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Lead Plus X <= 0.99 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/"
     google-query: inurl:"/wp-content/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,free-sales-funnel-squeeze-pages-landing-page-builder-templates-make,high
+  tags: cve,wordpress,wp-plugin,free-sales-funnel-squeeze-pages-landing-page-builder-templates-make,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/freshdesk-support-7c89a34e4a8d83c3780278094a4e89a3.yaml b/nuclei-templates/cve-less/plugins/freshdesk-support-7c89a34e4a8d83c3780278094a4e89a3.yaml
index 720e46ebc9..c51e6bfca8 100644
--- a/nuclei-templates/cve-less/plugins/freshdesk-support-7c89a34e4a8d83c3780278094a4e89a3.yaml
+++ b/nuclei-templates/cve-less/plugins/freshdesk-support-7c89a34e4a8d83c3780278094a4e89a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freshdesk (official) <= 2.3.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Freshdesk (official) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.6. This is due to missing nonce validation on the wo_ajax_wo30notice_dismiss, wo_ajax_regenerate_secret, wo_ajax_remove_client, & wo_ajax_users_type_ahead functions. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/freshdesk-support/"
     google-query: inurl:"/wp-content/plugins/freshdesk-support/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,freshdesk-support,high
+  tags: cve,wordpress,wp-plugin,freshdesk-support,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/front-editor-442cb89e3902ba64d65dffe5c1dfe1c2.yaml b/nuclei-templates/cve-less/plugins/front-editor-442cb89e3902ba64d65dffe5c1dfe1c2.yaml
index 23fdf882f8..a89ec321cd 100644
--- a/nuclei-templates/cve-less/plugins/front-editor-442cb89e3902ba64d65dffe5c1dfe1c2.yaml
+++ b/nuclei-templates/cve-less/plugins/front-editor-442cb89e3902ba64d65dffe5c1dfe1c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Front User Submit | Front Editor <= 3.7.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Front User Submit | Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘formBuilderData’ parameter saved through the save_post_front_settings() function called via AJAX in versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/front-editor/"
     google-query: inurl:"/wp-content/plugins/front-editor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,front-editor,medium
+  tags: cve,wordpress,wp-plugin,front-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/front-editor-61e60e72ae19f21a2374d506ca4c56c0.yaml b/nuclei-templates/cve-less/plugins/front-editor-61e60e72ae19f21a2374d506ca4c56c0.yaml
index 19cd310a19..72ec9b4386 100644
--- a/nuclei-templates/cve-less/plugins/front-editor-61e60e72ae19f21a2374d506ca4c56c0.yaml
+++ b/nuclei-templates/cve-less/plugins/front-editor-61e60e72ae19f21a2374d506ca4c56c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Front User Submit | Front Editor <= 3.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Front User Submit | Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via field labels in versions up to, and including, 3.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/front-editor/"
     google-query: inurl:"/wp-content/plugins/front-editor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,front-editor,medium
+  tags: cve,wordpress,wp-plugin,front-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/front-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/front-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 59754e3e28..7a9d58ce44 100644
--- a/nuclei-templates/cve-less/plugins/front-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/front-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/front-editor/"
     google-query: inurl:"/wp-content/plugins/front-editor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,front-editor,medium
+  tags: cve,wordpress,wp-plugin,front-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/front-end-only-users-9934720aa2c12ee56875eafe6d4b5c05.yaml b/nuclei-templates/cve-less/plugins/front-end-only-users-9934720aa2c12ee56875eafe6d4b5c05.yaml
index 1847047931..1fed592516 100644
--- a/nuclei-templates/cve-less/plugins/front-end-only-users-9934720aa2c12ee56875eafe6d4b5c05.yaml
+++ b/nuclei-templates/cve-less/plugins/front-end-only-users-9934720aa2c12ee56875eafe6d4b5c05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Front End Users <= 3.2.24 - Missing Authorization to Unauthenticated Registered User Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Front End Users plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions such as Mass_Delete_EWD_FEUP_Users, Delete_All_EWD_FEUP_Users, and Mass_Delete_EWD_FEUP_Fields in versions up to, and including, 3.2.24. This makes it possible for unauthenticated users to perform restricted actions such as deleting users that have registered through the plugin configuration.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/front-end-only-users/"
     google-query: inurl:"/wp-content/plugins/front-end-only-users/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,front-end-only-users,medium
+  tags: cve,wordpress,wp-plugin,front-end-only-users,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/front-end-pm-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/front-end-pm-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8054a1c240..0cd2d53698 100644
--- a/nuclei-templates/cve-less/plugins/front-end-pm-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/front-end-pm-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/front-end-pm/"
     google-query: inurl:"/wp-content/plugins/front-end-pm/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,front-end-pm,medium
+  tags: cve,wordpress,wp-plugin,front-end-pm,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/frontend-admin-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/frontend-admin-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 65374278e3..680fcbb29f 100644
--- a/nuclei-templates/cve-less/plugins/frontend-admin-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/frontend-admin-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/frontend-admin/"
     google-query: inurl:"/wp-content/plugins/frontend-admin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,frontend-admin,medium
+  tags: cve,wordpress,wp-plugin,frontend-admin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/frontend-group-restriction-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/frontend-group-restriction-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9f1e8cd953..a934b38cb4 100644
--- a/nuclei-templates/cve-less/plugins/frontend-group-restriction-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/frontend-group-restriction-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/frontend-group-restriction-for-learndash/"
     google-query: inurl:"/wp-content/plugins/frontend-group-restriction-for-learndash/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,frontend-group-restriction-for-learndash,medium
+  tags: cve,wordpress,wp-plugin,frontend-group-restriction-for-learndash,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/full-page-blog-designer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/full-page-blog-designer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index fdfdea57dc..eb7a720404 100644
--- a/nuclei-templates/cve-less/plugins/full-page-blog-designer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/full-page-blog-designer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/full-page-blog-designer/"
     google-query: inurl:"/wp-content/plugins/full-page-blog-designer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,full-page-blog-designer,medium
+  tags: cve,wordpress,wp-plugin,full-page-blog-designer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fullworks-anti-spam-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/fullworks-anti-spam-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 39b6b14e17..f3b1bf541b 100644
--- a/nuclei-templates/cve-less/plugins/fullworks-anti-spam-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/fullworks-anti-spam-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fullworks-anti-spam/"
     google-query: inurl:"/wp-content/plugins/fullworks-anti-spam/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fullworks-anti-spam,medium
+  tags: cve,wordpress,wp-plugin,fullworks-anti-spam,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/funcaptcha-7c2f84ceedf786d66412b2ddd9745e29.yaml b/nuclei-templates/cve-less/plugins/funcaptcha-7c2f84ceedf786d66412b2ddd9745e29.yaml
index 8b94fa16f7..38db2221e6 100644
--- a/nuclei-templates/cve-less/plugins/funcaptcha-7c2f84ceedf786d66412b2ddd9745e29.yaml
+++ b/nuclei-templates/cve-less/plugins/funcaptcha-7c2f84ceedf786d66412b2ddd9745e29.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FunCaptcha – Anti-Spam CAPTCHA < 0.3.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The FunCaptcha – Anti-Spam CAPTCHA plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 0.3.3. This is due to missing or incorrect nonce validation on the funcaptcha_get_settings_post function. This makes it possible for unauthenticated attackers to manipulate plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/funcaptcha/"
     google-query: inurl:"/wp-content/plugins/funcaptcha/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,funcaptcha,high
+  tags: cve,wordpress,wp-plugin,funcaptcha,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-18966e8228314b8165d39d48519f43cc.yaml
index e5996c11fe..72f536eddb 100644
--- a/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fuse-social-floating-sidebar/"
     google-query: inurl:"/wp-content/plugins/fuse-social-floating-sidebar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fuse-social-floating-sidebar,medium
+  tags: cve,wordpress,wp-plugin,fuse-social-floating-sidebar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index daed458780..18bde5b707 100644
--- a/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fuse-social-floating-sidebar/"
     google-query: inurl:"/wp-content/plugins/fuse-social-floating-sidebar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fuse-social-floating-sidebar,medium
+  tags: cve,wordpress,wp-plugin,fuse-social-floating-sidebar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fusion-engage-b1b7cfcecf2de0389a1fca46f626041b.yaml b/nuclei-templates/cve-less/plugins/fusion-engage-b1b7cfcecf2de0389a1fca46f626041b.yaml
index fcde1b221d..d03932f4b0 100644
--- a/nuclei-templates/cve-less/plugins/fusion-engage-b1b7cfcecf2de0389a1fca46f626041b.yaml
+++ b/nuclei-templates/cve-less/plugins/fusion-engage-b1b7cfcecf2de0389a1fca46f626041b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fusion Engage <= 1.0.5 - Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Fusion Engage plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.5 via the 'video' parameter. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fusion-engage/"
     google-query: inurl:"/wp-content/plugins/fusion-engage/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fusion-engage,medium
+  tags: cve,wordpress,wp-plugin,fusion-engage,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fusionspan-impexium-single-sign-on-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/fusionspan-impexium-single-sign-on-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 399d07fc4b..e09c35396c 100644
--- a/nuclei-templates/cve-less/plugins/fusionspan-impexium-single-sign-on-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/fusionspan-impexium-single-sign-on-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fusionspan-impexium-single-sign-on/"
     google-query: inurl:"/wp-content/plugins/fusionspan-impexium-single-sign-on/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fusionspan-impexium-single-sign-on,medium
+  tags: cve,wordpress,wp-plugin,fusionspan-impexium-single-sign-on,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-4ec113a2f6c7cc34cbdb0b48aa39a566.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-4ec113a2f6c7cc34cbdb0b48aa39a566.yaml
index 8cf38ba60e..fbc631c1f4 100644
--- a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-4ec113a2f6c7cc34cbdb0b48aa39a566.yaml
+++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-4ec113a2f6c7cc34cbdb0b48aa39a566.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     FV Flowplayer Video Player <= 6.0.3.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 6.0.3.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/"
     google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium
+  tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/g-lock-double-opt-in-manager-9f4658b745b189d37014521dd6a95fe4.yaml b/nuclei-templates/cve-less/plugins/g-lock-double-opt-in-manager-9f4658b745b189d37014521dd6a95fe4.yaml
index 4ca2699143..66ee2ec2c9 100644
--- a/nuclei-templates/cve-less/plugins/g-lock-double-opt-in-manager-9f4658b745b189d37014521dd6a95fe4.yaml
+++ b/nuclei-templates/cve-less/plugins/g-lock-double-opt-in-manager-9f4658b745b189d37014521dd6a95fe4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     G-Lock Double Opt-in Manager <= 2.6.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The G-Lock Double Opt-in Manager plugin for WordPress is vulnerable to generic SQL Injection via the 'json' parameter in versions up to, and including, 2.6.5 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/g-lock-double-opt-in-manager/"
     google-query: inurl:"/wp-content/plugins/g-lock-double-opt-in-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,g-lock-double-opt-in-manager,high
+  tags: cve,wordpress,wp-plugin,g-lock-double-opt-in-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ga-backend-tracking-779d1e87dc368b31bfafa7f1aaae4f82.yaml b/nuclei-templates/cve-less/plugins/ga-backend-tracking-779d1e87dc368b31bfafa7f1aaae4f82.yaml
index 22ab91de9b..7f17a05d53 100644
--- a/nuclei-templates/cve-less/plugins/ga-backend-tracking-779d1e87dc368b31bfafa7f1aaae4f82.yaml
+++ b/nuclei-templates/cve-less/plugins/ga-backend-tracking-779d1e87dc368b31bfafa7f1aaae4f82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookieless Backend Server Tracking for Google Analytics – WordPress Plugin < 1.2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cookieless Backend Server Tracking for Google Analytics – WordPress Plugin for WordPress is vulnerable to Cross-Site Scripting via the 'attr' parameter in versions before 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ga-backend-tracking/"
     google-query: inurl:"/wp-content/plugins/ga-backend-tracking/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ga-backend-tracking,medium
+  tags: cve,wordpress,wp-plugin,ga-backend-tracking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ga-for-wp-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ga-for-wp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7df3425897..c604473eb0 100644
--- a/nuclei-templates/cve-less/plugins/ga-for-wp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ga-for-wp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ga-for-wp/"
     google-query: inurl:"/wp-content/plugins/ga-for-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ga-for-wp,medium
+  tags: cve,wordpress,wp-plugin,ga-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ga-universal-f581daf73a2ae47926782b6731f30bca.yaml b/nuclei-templates/cve-less/plugins/ga-universal-f581daf73a2ae47926782b6731f30bca.yaml
index 290b7d7f52..2cbb50914e 100644
--- a/nuclei-templates/cve-less/plugins/ga-universal-f581daf73a2ae47926782b6731f30bca.yaml
+++ b/nuclei-templates/cve-less/plugins/ga-universal-f581daf73a2ae47926782b6731f30bca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GA Universal < 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The GA Universal plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.0.1. This is due to missing or incorrect nonce validation in the ~/inc/screens/settings.php file. This makes it possible for unauthenticated attackers to manipulate plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ga-universal/"
     google-query: inurl:"/wp-content/plugins/ga-universal/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ga-universal,high
+  tags: cve,wordpress,wp-plugin,ga-universal,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-bank-12287cbd7ce878e9fd3267a0e01cf78a.yaml b/nuclei-templates/cve-less/plugins/gallery-bank-12287cbd7ce878e9fd3267a0e01cf78a.yaml
index f60fd5900a..d9644e5348 100644
--- a/nuclei-templates/cve-less/plugins/gallery-bank-12287cbd7ce878e9fd3267a0e01cf78a.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-bank-12287cbd7ce878e9fd3267a0e01cf78a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Bank – WordPress Photo Gallery <= 3.0.101 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Gallery Bank – WordPress Photo Gallery plugin for WordPress is vulnerable to generic SQL Injection via the ‘show_albums’ attribute in versions up to, and including, 3.0.101 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with editor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-bank/"
     google-query: inurl:"/wp-content/plugins/gallery-bank/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-bank,high
+  tags: cve,wordpress,wp-plugin,gallery-bank,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-bank-26bba1e52907934fbc2f76bbe8677ffb.yaml b/nuclei-templates/cve-less/plugins/gallery-bank-26bba1e52907934fbc2f76bbe8677ffb.yaml
index 2191e6d7f9..4ec3905c2e 100644
--- a/nuclei-templates/cve-less/plugins/gallery-bank-26bba1e52907934fbc2f76bbe8677ffb.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-bank-26bba1e52907934fbc2f76bbe8677ffb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Bank – WordPress Photo Gallery Plugin <= 3.0.229 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Gallery Bank – WordPress Photo Gallery plugin for WordPress is vulnerable to blind SQL Injection via the ‘delete_array’ parameter in versions up to, and including, 3.0.229 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-bank/"
     google-query: inurl:"/wp-content/plugins/gallery-bank/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-bank,high
+  tags: cve,wordpress,wp-plugin,gallery-bank,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-bank-4ba873ea604974c0a71c72511e63ccc8.yaml b/nuclei-templates/cve-less/plugins/gallery-bank-4ba873ea604974c0a71c72511e63ccc8.yaml
index d9b8226757..4a8aa3f2cb 100644
--- a/nuclei-templates/cve-less/plugins/gallery-bank-4ba873ea604974c0a71c72511e63ccc8.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-bank-4ba873ea604974c0a71c72511e63ccc8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Bank – WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Gallery Description
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "Gallery Bank – WordPress Photo Gallery Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a Gallery Description in versions up to, and including, 4.0.50. This can be exploited by author-level users and above.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-bank/"
     google-query: inurl:"/wp-content/plugins/gallery-bank/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-bank,medium
+  tags: cve,wordpress,wp-plugin,gallery-bank,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-bank-bb9ff775c7105fbb3a95361f39741664.yaml b/nuclei-templates/cve-less/plugins/gallery-bank-bb9ff775c7105fbb3a95361f39741664.yaml
index 55c937a9ce..20b5745504 100644
--- a/nuclei-templates/cve-less/plugins/gallery-bank-bb9ff775c7105fbb3a95361f39741664.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-bank-bb9ff775c7105fbb3a95361f39741664.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Bank – WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Media Upload
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "Gallery Bank – WordPress Photo Gallery Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the media upload module in versions up to, and including, 4.0.50. This can be exploited by author-level users and above.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-bank/"
     google-query: inurl:"/wp-content/plugins/gallery-bank/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-bank,medium
+  tags: cve,wordpress,wp-plugin,gallery-bank,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-box-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/gallery-box-18966e8228314b8165d39d48519f43cc.yaml
index 5dc343e065..5d46fbae50 100644
--- a/nuclei-templates/cve-less/plugins/gallery-box-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-box-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-box/"
     google-query: inurl:"/wp-content/plugins/gallery-box/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-box,medium
+  tags: cve,wordpress,wp-plugin,gallery-box,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-images-7029424562dcabc51ba988c294ceda39.yaml b/nuclei-templates/cve-less/plugins/gallery-images-7029424562dcabc51ba988c294ceda39.yaml
index 7b8d8c37b9..f34b99166c 100644
--- a/nuclei-templates/cve-less/plugins/gallery-images-7029424562dcabc51ba988c294ceda39.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-images-7029424562dcabc51ba988c294ceda39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Gallery - Responsive Photo Gallery <= 1.9.57 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Image Gallery - Responsive Photo Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.57. This is due to missing or incorrect nonce validation on the editgallery() function. This makes it possible for unauthenticated attackers to modify image galleries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-images/"
     google-query: inurl:"/wp-content/plugins/gallery-images/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-images,high
+  tags: cve,wordpress,wp-plugin,gallery-images,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-images-e236a1e5d3fb64e88e0ebd90fb6e2c1d.yaml b/nuclei-templates/cve-less/plugins/gallery-images-e236a1e5d3fb64e88e0ebd90fb6e2c1d.yaml
index f72e3d0123..84eea316a2 100644
--- a/nuclei-templates/cve-less/plugins/gallery-images-e236a1e5d3fb64e88e0ebd90fb6e2c1d.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-images-e236a1e5d3fb64e88e0ebd90fb6e2c1d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Gallery - Responsive Photo Gallery < 2.0.6 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Gallery - Responsive Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the requests to edit gallery images in versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-images/"
     google-query: inurl:"/wp-content/plugins/gallery-images/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-images,medium
+  tags: cve,wordpress,wp-plugin,gallery-images,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-plugin-db5c08fdc8b62ebeda31a66adc0254db.yaml b/nuclei-templates/cve-less/plugins/gallery-plugin-db5c08fdc8b62ebeda31a66adc0254db.yaml
index ca1b753767..3a3c9e7dfd 100644
--- a/nuclei-templates/cve-less/plugins/gallery-plugin-db5c08fdc8b62ebeda31a66adc0254db.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-plugin-db5c08fdc8b62ebeda31a66adc0254db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Gallery by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-plugin/"
     google-query: inurl:"/wp-content/plugins/gallery-plugin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-plugin,medium
+  tags: cve,wordpress,wp-plugin,gallery-plugin,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-portfolio-e03fc6f95e1cd7a63c181eae0df5daef.yaml b/nuclei-templates/cve-less/plugins/gallery-portfolio-e03fc6f95e1cd7a63c181eae0df5daef.yaml
index 2f825a30aa..6cffa59295 100644
--- a/nuclei-templates/cve-less/plugins/gallery-portfolio-e03fc6f95e1cd7a63c181eae0df5daef.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-portfolio-e03fc6f95e1cd7a63c181eae0df5daef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery Portfolio <= 1.4.6 - Missing Authorization via Multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gallery Portfolio plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability checks on multiple nopriv_ AJAX functions in versions up to, and including, 1.4.6. This makes it possible for unauthenticated attackers to edit and delete images, albums, and portfolios.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-portfolio/"
     google-query: inurl:"/wp-content/plugins/gallery-portfolio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-portfolio,medium
+  tags: cve,wordpress,wp-plugin,gallery-portfolio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-video-4499af25b68b47ad188a0b7fb55c9dba.yaml b/nuclei-templates/cve-less/plugins/gallery-video-4499af25b68b47ad188a0b7fb55c9dba.yaml
index 25326d2d85..86686e6904 100644
--- a/nuclei-templates/cve-less/plugins/gallery-video-4499af25b68b47ad188a0b7fb55c9dba.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-video-4499af25b68b47ad188a0b7fb55c9dba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery - Video Gallery and YouTube Gallery <= 2.0.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Video Gallery and Youtube Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform various other attacks and/or run scripts on the vulnerable site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-video/"
     google-query: inurl:"/wp-content/plugins/gallery-video/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-video,high
+  tags: cve,wordpress,wp-plugin,gallery-video,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gallery-video-f4a5dffea18f1f7d8c2a38499c203636.yaml b/nuclei-templates/cve-less/plugins/gallery-video-f4a5dffea18f1f7d8c2a38499c203636.yaml
index d9978a676e..a3f7ca7f3d 100644
--- a/nuclei-templates/cve-less/plugins/gallery-video-f4a5dffea18f1f7d8c2a38499c203636.yaml
+++ b/nuclei-templates/cve-less/plugins/gallery-video-f4a5dffea18f1f7d8c2a38499c203636.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery - Video Gallery and YouTube Gallery <= 1.7.01 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gallery - Video Gallery and YouTube Gallery  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unspecified parameters in versions up to, and including, 1.7.01 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gallery-video/"
     google-query: inurl:"/wp-content/plugins/gallery-video/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gallery-video,medium
+  tags: cve,wordpress,wp-plugin,gallery-video,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gamipress-button-c617abebc11fcaba875f8bc2aad4995e.yaml b/nuclei-templates/cve-less/plugins/gamipress-button-c617abebc11fcaba875f8bc2aad4995e.yaml
index cdf27570f1..d0ada48baa 100644
--- a/nuclei-templates/cve-less/plugins/gamipress-button-c617abebc11fcaba875f8bc2aad4995e.yaml
+++ b/nuclei-templates/cve-less/plugins/gamipress-button-c617abebc11fcaba875f8bc2aad4995e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GamiPress – Button <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gamipress-button/"
     google-query: inurl:"/wp-content/plugins/gamipress-button/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gamipress-button,medium
+  tags: cve,wordpress,wp-plugin,gamipress-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gamipress-youtube-integration-808442071b530e99e27528108f7402f0.yaml b/nuclei-templates/cve-less/plugins/gamipress-youtube-integration-808442071b530e99e27528108f7402f0.yaml
index 573a8dbfe2..bf7dfa584b 100644
--- a/nuclei-templates/cve-less/plugins/gamipress-youtube-integration-808442071b530e99e27528108f7402f0.yaml
+++ b/nuclei-templates/cve-less/plugins/gamipress-youtube-integration-808442071b530e99e27528108f7402f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GamiPress – Youtube integration <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GamiPress – Youtube integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gamipress-youtube-integration/"
     google-query: inurl:"/wp-content/plugins/gamipress-youtube-integration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gamipress-youtube-integration,medium
+  tags: cve,wordpress,wp-plugin,gamipress-youtube-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gantry-5e536ce02840d623d389b9ee218020ac.yaml b/nuclei-templates/cve-less/plugins/gantry-5e536ce02840d623d389b9ee218020ac.yaml
index f09143675a..93ebe07a30 100644
--- a/nuclei-templates/cve-less/plugins/gantry-5e536ce02840d623d389b9ee218020ac.yaml
+++ b/nuclei-templates/cve-less/plugins/gantry-5e536ce02840d623d389b9ee218020ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gantry 4 Framework <= 4.1.3 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Gantry Web Theme Framework for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.1.3 via the $_POST[‘data’] JSON that can passed to eval() when the right conditions are met. This makes it possible authenticated attackers, with minimal privileges such as a subscriber, to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gantry/"
     google-query: inurl:"/wp-content/plugins/gantry/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gantry,high
+  tags: cve,wordpress,wp-plugin,gantry,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/garees-flickr-feed-00a6e702537059b82f7d21b3c6087796.yaml b/nuclei-templates/cve-less/plugins/garees-flickr-feed-00a6e702537059b82f7d21b3c6087796.yaml
index bdcfd89f05..e7b27bb42c 100644
--- a/nuclei-templates/cve-less/plugins/garees-flickr-feed-00a6e702537059b82f7d21b3c6087796.yaml
+++ b/nuclei-templates/cve-less/plugins/garees-flickr-feed-00a6e702537059b82f7d21b3c6087796.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Garee's Flickr Feed <= 0.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Garee's Flickr Feed for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/garees-flickr-feed/"
     google-query: inurl:"/wp-content/plugins/garees-flickr-feed/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,garees-flickr-feed,medium
+  tags: cve,wordpress,wp-plugin,garees-flickr-feed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-fd5091b9ca6d56c1bb46823f06a6b82d.yaml b/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-fd5091b9ca6d56c1bb46823f06a6b82d.yaml
index a242a37a67..a2425e5542 100644
--- a/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-fd5091b9ca6d56c1bb46823f06a6b82d.yaml
+++ b/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-fd5091b9ca6d56c1bb46823f06a6b82d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD bbPress Attachments <= 2.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GD bbPress Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$error[‘file’]’ variable in versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authorized attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-bbpress-attachments/"
     google-query: inurl:"/wp-content/plugins/gd-bbpress-attachments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gd-bbpress-attachments,medium
+  tags: cve,wordpress,wp-plugin,gd-bbpress-attachments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gd-star-rating-df4cd9fee3d0d59fcdf3318f36c11feb.yaml b/nuclei-templates/cve-less/plugins/gd-star-rating-df4cd9fee3d0d59fcdf3318f36c11feb.yaml
index 98cac048da..f5a49c5ef8 100644
--- a/nuclei-templates/cve-less/plugins/gd-star-rating-df4cd9fee3d0d59fcdf3318f36c11feb.yaml
+++ b/nuclei-templates/cve-less/plugins/gd-star-rating-df4cd9fee3d0d59fcdf3318f36c11feb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Star Rating < 1.9.17 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GD Star Rating plugin for WordPress is vulnerable to Cross-Site Scripting via the 'tpl_section' parameter in versions before 1.9.17 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-star-rating/"
     google-query: inurl:"/wp-content/plugins/gd-star-rating/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gd-star-rating,medium
+  tags: cve,wordpress,wp-plugin,gd-star-rating,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gd-star-rating-ff4f16d3b72060599b9ed34018f0f5e7.yaml b/nuclei-templates/cve-less/plugins/gd-star-rating-ff4f16d3b72060599b9ed34018f0f5e7.yaml
index f06f0d8473..6ee083c8ac 100644
--- a/nuclei-templates/cve-less/plugins/gd-star-rating-ff4f16d3b72060599b9ed34018f0f5e7.yaml
+++ b/nuclei-templates/cve-less/plugins/gd-star-rating-ff4f16d3b72060599b9ed34018f0f5e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GD Star Rating <= 1.9.22 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The GD Star Rating plugin for WordPress is vulnerable to Cross-Site Scripting via the 'wpfn' parameter in versions up to, and including, 1.9.22 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gd-star-rating/"
     google-query: inurl:"/wp-content/plugins/gd-star-rating/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gd-star-rating,medium
+  tags: cve,wordpress,wp-plugin,gd-star-rating,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gdpr-cookie-consent-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/gdpr-cookie-consent-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7b279bc8b2..46f1233e52 100644
--- a/nuclei-templates/cve-less/plugins/gdpr-cookie-consent-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/gdpr-cookie-consent-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gdpr-cookie-consent/"
     google-query: inurl:"/wp-content/plugins/gdpr-cookie-consent/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gdpr-cookie-consent,medium
+  tags: cve,wordpress,wp-plugin,gdpr-cookie-consent,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/genealogical-tree-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/genealogical-tree-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 504c366ce7..6d3a580257 100644
--- a/nuclei-templates/cve-less/plugins/genealogical-tree-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/genealogical-tree-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/genealogical-tree/"
     google-query: inurl:"/wp-content/plugins/genealogical-tree/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,genealogical-tree,medium
+  tags: cve,wordpress,wp-plugin,genealogical-tree,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/geo-mashup-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/geo-mashup-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cf43ab14b7..62127f199d 100644
--- a/nuclei-templates/cve-less/plugins/geo-mashup-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/geo-mashup-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geo-mashup/"
     google-query: inurl:"/wp-content/plugins/geo-mashup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,geo-mashup,medium
+  tags: cve,wordpress,wp-plugin,geo-mashup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/geodirectory-ba7c20e930a8487a26eac0cfe90c0f74.yaml b/nuclei-templates/cve-less/plugins/geodirectory-ba7c20e930a8487a26eac0cfe90c0f74.yaml
index f87c16be25..d00ebc0297 100644
--- a/nuclei-templates/cve-less/plugins/geodirectory-ba7c20e930a8487a26eac0cfe90c0f74.yaml
+++ b/nuclei-templates/cve-less/plugins/geodirectory-ba7c20e930a8487a26eac0cfe90c0f74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GeoDirectory <= 2.3.28 - Authenticated (Administrator+) SQL Injection via orderby
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The GeoDirectory plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/geodirectory/"
     google-query: inurl:"/wp-content/plugins/geodirectory/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,geodirectory,high
+  tags: cve,wordpress,wp-plugin,geodirectory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/get-custom-field-values-328e4fc27caed74ff806a419cfdcc0b7.yaml b/nuclei-templates/cve-less/plugins/get-custom-field-values-328e4fc27caed74ff806a419cfdcc0b7.yaml
index 38b7ee42c4..5cb5b4a240 100644
--- a/nuclei-templates/cve-less/plugins/get-custom-field-values-328e4fc27caed74ff806a419cfdcc0b7.yaml
+++ b/nuclei-templates/cve-less/plugins/get-custom-field-values-328e4fc27caed74ff806a419cfdcc0b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Get Custom Field Values <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom Meta Widget
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Get Custom Field Values plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom Meta fields in versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/get-custom-field-values/"
     google-query: inurl:"/wp-content/plugins/get-custom-field-values/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,get-custom-field-values,medium
+  tags: cve,wordpress,wp-plugin,get-custom-field-values,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/get-directions-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/get-directions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5ac3c6618c..a30d2e0910 100644
--- a/nuclei-templates/cve-less/plugins/get-directions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/get-directions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/get-directions/"
     google-query: inurl:"/wp-content/plugins/get-directions/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,get-directions,medium
+  tags: cve,wordpress,wp-plugin,get-directions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gfirem-action-after-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/gfirem-action-after-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a62529196b..0702577c6a 100644
--- a/nuclei-templates/cve-less/plugins/gfirem-action-after-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/gfirem-action-after-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gfirem-action-after/"
     google-query: inurl:"/wp-content/plugins/gfirem-action-after/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gfirem-action-after,medium
+  tags: cve,wordpress,wp-plugin,gfirem-action-after,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gfirem-advance-search-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/gfirem-advance-search-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4d8ecc54c1..80044bee87 100644
--- a/nuclei-templates/cve-less/plugins/gfirem-advance-search-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/gfirem-advance-search-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gfirem-advance-search/"
     google-query: inurl:"/wp-content/plugins/gfirem-advance-search/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gfirem-advance-search,medium
+  tags: cve,wordpress,wp-plugin,gfirem-advance-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gfirem-fields-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/gfirem-fields-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2e65100091..76863e9fbf 100644
--- a/nuclei-templates/cve-less/plugins/gfirem-fields-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/gfirem-fields-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gfirem-fields/"
     google-query: inurl:"/wp-content/plugins/gfirem-fields/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gfirem-fields,medium
+  tags: cve,wordpress,wp-plugin,gfirem-fields,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gift-message-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/gift-message-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 386a452a45..31dcd0bfa2 100644
--- a/nuclei-templates/cve-less/plugins/gift-message-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/gift-message-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gift-message-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/gift-message-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gift-message-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,gift-message-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/giveasap-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/giveasap-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 47ac33dc0f..5f3bc17fe4 100644
--- a/nuclei-templates/cve-less/plugins/giveasap-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/giveasap-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/giveasap/"
     google-query: inurl:"/wp-content/plugins/giveasap/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,giveasap,medium
+  tags: cve,wordpress,wp-plugin,giveasap,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/giveaways-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/giveaways-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cc4639a6e6..0954a3bff7 100644
--- a/nuclei-templates/cve-less/plugins/giveaways-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/giveaways-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/giveaways-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/giveaways-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,giveaways-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,giveaways-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/global-flash-galleries-95f3b505db0bb5acbcaf86e1dd39e4eb.yaml b/nuclei-templates/cve-less/plugins/global-flash-galleries-95f3b505db0bb5acbcaf86e1dd39e4eb.yaml
index cb0768d25c..23ad006986 100644
--- a/nuclei-templates/cve-less/plugins/global-flash-galleries-95f3b505db0bb5acbcaf86e1dd39e4eb.yaml
+++ b/nuclei-templates/cve-less/plugins/global-flash-galleries-95f3b505db0bb5acbcaf86e1dd39e4eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Global Flash Gallery < 0.13.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Global Flash Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.13.3 due to inclusion of a vulnerable version of jPlayer. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/global-flash-galleries/"
     google-query: inurl:"/wp-content/plugins/global-flash-galleries/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,global-flash-galleries,medium
+  tags: cve,wordpress,wp-plugin,global-flash-galleries,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/global-multisite-search-76fd12ad8b7b78037046699e5ffa0377.yaml b/nuclei-templates/cve-less/plugins/global-multisite-search-76fd12ad8b7b78037046699e5ffa0377.yaml
index 930fed47db..6c0834a6d9 100644
--- a/nuclei-templates/cve-less/plugins/global-multisite-search-76fd12ad8b7b78037046699e5ffa0377.yaml
+++ b/nuclei-templates/cve-less/plugins/global-multisite-search-76fd12ad8b7b78037046699e5ffa0377.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Global Multisite Search <= 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Global Multisite Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the wpgms_ajax_result_function function. This makes it possible for unauthenticated attackers to query and read content from multiple sites via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/global-multisite-search/"
     google-query: inurl:"/wp-content/plugins/global-multisite-search/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,global-multisite-search,high
+  tags: cve,wordpress,wp-plugin,global-multisite-search,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/glorious-services-support-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/glorious-services-support-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e832f89184..2e46c0739d 100644
--- a/nuclei-templates/cve-less/plugins/glorious-services-support-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/glorious-services-support-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/glorious-services-support/"
     google-query: inurl:"/wp-content/plugins/glorious-services-support/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,glorious-services-support,medium
+  tags: cve,wordpress,wp-plugin,glorious-services-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/glorious-sites-installer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/glorious-sites-installer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 26c688cd84..a83d6ae483 100644
--- a/nuclei-templates/cve-less/plugins/glorious-sites-installer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/glorious-sites-installer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/glorious-sites-installer/"
     google-query: inurl:"/wp-content/plugins/glorious-sites-installer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,glorious-sites-installer,medium
+  tags: cve,wordpress,wp-plugin,glorious-sites-installer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/glossary-by-codeat-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/glossary-by-codeat-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e43b57fcb2..eb4732a9b8 100644
--- a/nuclei-templates/cve-less/plugins/glossary-by-codeat-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/glossary-by-codeat-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/glossary-by-codeat/"
     google-query: inurl:"/wp-content/plugins/glossary-by-codeat/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,glossary-by-codeat,medium
+  tags: cve,wordpress,wp-plugin,glossary-by-codeat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/go-fetch-jobs-wp-job-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/go-fetch-jobs-wp-job-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8c3c1adc04..11384166c5 100644
--- a/nuclei-templates/cve-less/plugins/go-fetch-jobs-wp-job-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/go-fetch-jobs-wp-job-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/go-fetch-jobs-wp-job-manager/"
     google-query: inurl:"/wp-content/plugins/go-fetch-jobs-wp-job-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,go-fetch-jobs-wp-job-manager,medium
+  tags: cve,wordpress,wp-plugin,go-fetch-jobs-wp-job-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/go-viral-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/go-viral-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2269b2696b..a29b6d794e 100644
--- a/nuclei-templates/cve-less/plugins/go-viral-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/go-viral-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/go-viral/"
     google-query: inurl:"/wp-content/plugins/go-viral/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,go-viral,medium
+  tags: cve,wordpress,wp-plugin,go-viral,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-01178f6672a2045cbc07066e22c4b9ed.yaml b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-01178f6672a2045cbc07066e22c4b9ed.yaml
index 13e71e2b90..be0f3eb340 100644
--- a/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-01178f6672a2045cbc07066e22c4b9ed.yaml
+++ b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-01178f6672a2045cbc07066e22c4b9ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MonsterInsights – Google Analytics Dashboard for WordPress <= 5.3.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MonsterInsights – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘manual_ua_code_field’ parameter in versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with admin-level privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-4c07ee1f8d9ca7766b852300f804ffcc.yaml b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-4c07ee1f8d9ca7766b852300f804ffcc.yaml
index b00d1cc162..b74c3aafb5 100644
--- a/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-4c07ee1f8d9ca7766b852300f804ffcc.yaml
+++ b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-4c07ee1f8d9ca7766b852300f804ffcc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MonsterInsights – Google Analytics Dashboard for WordPress <= 7.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MonsterInsights – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tab parameter in versions up to, and including 7.1. This makes it possible for lower-privileged attackers to inject arbitrary web scripts in administrative pages that execute whenever a user accesses the page with the stored web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/google-analytics-mu-1622f7025c888065199677a7f8c3a0a4.yaml b/nuclei-templates/cve-less/plugins/google-analytics-mu-1622f7025c888065199677a7f8c3a0a4.yaml
index b1c29ad73c..ae4446922e 100644
--- a/nuclei-templates/cve-less/plugins/google-analytics-mu-1622f7025c888065199677a7f8c3a0a4.yaml
+++ b/nuclei-templates/cve-less/plugins/google-analytics-mu-1622f7025c888065199677a7f8c3a0a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Analytics MU < 2.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Google Analytics MU plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 2.4. This is due to missing or incorrect nonce validation on the UAID function. This makes it possible for unauthenticated attackers to arbitrarily manipulate settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-analytics-mu/"
     google-query: inurl:"/wp-content/plugins/google-analytics-mu/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,google-analytics-mu,high
+  tags: cve,wordpress,wp-plugin,google-analytics-mu,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/google-language-translator-18429af9c071c8309e034a7d4d00a8e6.yaml b/nuclei-templates/cve-less/plugins/google-language-translator-18429af9c071c8309e034a7d4d00a8e6.yaml
index 291af3c91c..64b9f7bc47 100644
--- a/nuclei-templates/cve-less/plugins/google-language-translator-18429af9c071c8309e034a7d4d00a8e6.yaml
+++ b/nuclei-templates/cve-less/plugins/google-language-translator-18429af9c071c8309e034a7d4d00a8e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-language-translator/"
     google-query: inurl:"/wp-content/plugins/google-language-translator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,google-language-translator,high
+  tags: cve,wordpress,wp-plugin,google-language-translator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/google-language-translator-202ca74fdc1ed676814ee60bc8ef09cc.yaml b/nuclei-templates/cve-less/plugins/google-language-translator-202ca74fdc1ed676814ee60bc8ef09cc.yaml
index 24b9db4565..c7438f66c1 100644
--- a/nuclei-templates/cve-less/plugins/google-language-translator-202ca74fdc1ed676814ee60bc8ef09cc.yaml
+++ b/nuclei-templates/cve-less/plugins/google-language-translator-202ca74fdc1ed676814ee60bc8ef09cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Language Translator <= 6.0.20 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Translate WordPress – Google Language Translator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_notice_ignore() function in all versions up to 6.0.20 (exclusive). This makes it possible for unauthenticated attackers to dismiss admin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-language-translator/"
     google-query: inurl:"/wp-content/plugins/google-language-translator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,google-language-translator,medium
+  tags: cve,wordpress,wp-plugin,google-language-translator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/google-language-translator-c7a8789e2e14665dec08cabfa7ba8238.yaml b/nuclei-templates/cve-less/plugins/google-language-translator-c7a8789e2e14665dec08cabfa7ba8238.yaml
index 0991c4ce33..bf223550e6 100644
--- a/nuclei-templates/cve-less/plugins/google-language-translator-c7a8789e2e14665dec08cabfa7ba8238.yaml
+++ b/nuclei-templates/cve-less/plugins/google-language-translator-c7a8789e2e14665dec08cabfa7ba8238.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Language Translator <= 6.0.9 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Language Translator plugin for WordPress is vulnerable to Cross-Site Scripting via the glt shortcode in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers at the Author level to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-language-translator/"
     google-query: inurl:"/wp-content/plugins/google-language-translator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,google-language-translator,medium
+  tags: cve,wordpress,wp-plugin,google-language-translator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/google-language-translator-e0be71e8989abd7e932a8db49d3c409c.yaml b/nuclei-templates/cve-less/plugins/google-language-translator-e0be71e8989abd7e932a8db49d3c409c.yaml
index d6be15520a..1c5167a2ef 100644
--- a/nuclei-templates/cve-less/plugins/google-language-translator-e0be71e8989abd7e932a8db49d3c409c.yaml
+++ b/nuclei-templates/cve-less/plugins/google-language-translator-e0be71e8989abd7e932a8db49d3c409c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Language Translator <= 4.0.9 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Google Language Translator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.9 via 'the googlelanguagetranslator_flags_order' parameter due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-language-translator/"
     google-query: inurl:"/wp-content/plugins/google-language-translator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,google-language-translator,medium
+  tags: cve,wordpress,wp-plugin,google-language-translator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/google-maps-ready-42f393afcc63e1048ce48bee1feb1c00.yaml b/nuclei-templates/cve-less/plugins/google-maps-ready-42f393afcc63e1048ce48bee1feb1c00.yaml
index d55dc9eb23..23d92614b0 100644
--- a/nuclei-templates/cve-less/plugins/google-maps-ready-42f393afcc63e1048ce48bee1feb1c00.yaml
+++ b/nuclei-templates/cve-less/plugins/google-maps-ready-42f393afcc63e1048ce48bee1feb1c00.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ready! Google Maps <= 1.1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ready! Google Maps plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-maps-ready/"
     google-query: inurl:"/wp-content/plugins/google-maps-ready/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,google-maps-ready,medium
+  tags: cve,wordpress,wp-plugin,google-maps-ready,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/google-seo-author-snippets-3b1e2a032a6f302e2ccd9d18f56d17aa.yaml b/nuclei-templates/cve-less/plugins/google-seo-author-snippets-3b1e2a032a6f302e2ccd9d18f56d17aa.yaml
index 9c105c1708..37826def56 100644
--- a/nuclei-templates/cve-less/plugins/google-seo-author-snippets-3b1e2a032a6f302e2ccd9d18f56d17aa.yaml
+++ b/nuclei-templates/cve-less/plugins/google-seo-author-snippets-3b1e2a032a6f302e2ccd9d18f56d17aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google SEO Pressor for Rich snippets <= 1.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Google SEO Pressor for Rich snippets plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions before 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-seo-author-snippets/"
     google-query: inurl:"/wp-content/plugins/google-seo-author-snippets/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,google-seo-author-snippets,medium
+  tags: cve,wordpress,wp-plugin,google-seo-author-snippets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/google-xml-sitemaps-generator-1f82fcaacb5a6d3e18b98a66c9d7e3ab.yaml b/nuclei-templates/cve-less/plugins/google-xml-sitemaps-generator-1f82fcaacb5a6d3e18b98a66c9d7e3ab.yaml
index f22135382e..6b0907c482 100644
--- a/nuclei-templates/cve-less/plugins/google-xml-sitemaps-generator-1f82fcaacb5a6d3e18b98a66c9d7e3ab.yaml
+++ b/nuclei-templates/cve-less/plugins/google-xml-sitemaps-generator-1f82fcaacb5a6d3e18b98a66c9d7e3ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google XML Sitemaps Generator < 3.2.9 - Authenticated (Admin+) PHP Code Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Google XML Sitemaps Generator plugin for WordPress is vulnerable to PHP Code Injection in versions before 3.2.9 via the 'sm_cf_home' and 'sm_cf_posts' parameters. This allows authenticated attackers with admin-level privileges to inject code onto the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/google-xml-sitemaps-generator/"
     google-query: inurl:"/wp-content/plugins/google-xml-sitemaps-generator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,google-xml-sitemaps-generator,high
+  tags: cve,wordpress,wp-plugin,google-xml-sitemaps-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gotmls-0c5d9c3d25fdcac52f9189c83dcf8aeb.yaml b/nuclei-templates/cve-less/plugins/gotmls-0c5d9c3d25fdcac52f9189c83dcf8aeb.yaml
index fe08dde3a2..9fd4bcaf12 100644
--- a/nuclei-templates/cve-less/plugins/gotmls-0c5d9c3d25fdcac52f9189c83dcf8aeb.yaml
+++ b/nuclei-templates/cve-less/plugins/gotmls-0c5d9c3d25fdcac52f9189c83dcf8aeb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Anti-Malware Security and Brute-Force Firewall <= 4.15.22 - Cross-Site Request Forgery
   author: topscoder
-  severity: low
+  severity: medium
   description: >
     The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.22.  This makes it possible for unauthenticated attackers to consume resource utilization (by performing a large number of scans simultaneously), via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gotmls/"
     google-query: inurl:"/wp-content/plugins/gotmls/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gotmls,low
+  tags: cve,wordpress,wp-plugin,gotmls,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gotmls-dad4d79fe3688c4dbc2389dd7cd7a0c1.yaml b/nuclei-templates/cve-less/plugins/gotmls-dad4d79fe3688c4dbc2389dd7cd7a0c1.yaml
index 21bf3a8aa7..9674c4a151 100644
--- a/nuclei-templates/cve-less/plugins/gotmls-dad4d79fe3688c4dbc2389dd7cd7a0c1.yaml
+++ b/nuclei-templates/cve-less/plugins/gotmls-dad4d79fe3688c4dbc2389dd7cd7a0c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Anti-Malware Security and Brute-Force Firewall <= 4.15.22 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.15.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers, if they trick an administrator to visiting a form, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gotmls/"
     google-query: inurl:"/wp-content/plugins/gotmls/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gotmls,medium
+  tags: cve,wordpress,wp-plugin,gotmls,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/grand-media-3d97f53ad1e035f606fd358779aba41f.yaml b/nuclei-templates/cve-less/plugins/grand-media-3d97f53ad1e035f606fd358779aba41f.yaml
index 7db7a9d445..4c037cb3a4 100644
--- a/nuclei-templates/cve-less/plugins/grand-media-3d97f53ad1e035f606fd358779aba41f.yaml
+++ b/nuclei-templates/cve-less/plugins/grand-media-3d97f53ad1e035f606fd358779aba41f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gmedia Photo Gallery <= 1.18.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gmedia Photo Gallery plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 1.18.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/grand-media/"
     google-query: inurl:"/wp-content/plugins/grand-media/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,grand-media,medium
+  tags: cve,wordpress,wp-plugin,grand-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/grand-media-f89c8645dfcff6d7c8daa63e313b40dd.yaml b/nuclei-templates/cve-less/plugins/grand-media-f89c8645dfcff6d7c8daa63e313b40dd.yaml
index 89b4c2850d..0aebf9be9b 100644
--- a/nuclei-templates/cve-less/plugins/grand-media-f89c8645dfcff6d7c8daa63e313b40dd.yaml
+++ b/nuclei-templates/cve-less/plugins/grand-media-f89c8645dfcff6d7c8daa63e313b40dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gmedia Photo Gallery <= 1.6.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gmedia Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/grand-media/"
     google-query: inurl:"/wp-content/plugins/grand-media/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,grand-media,medium
+  tags: cve,wordpress,wp-plugin,grand-media,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gravityforms-77f0a0f1e7db36263a8aa9ab981e047e.yaml b/nuclei-templates/cve-less/plugins/gravityforms-77f0a0f1e7db36263a8aa9ab981e047e.yaml
index 4d70c318d8..3fd175a916 100644
--- a/nuclei-templates/cve-less/plugins/gravityforms-77f0a0f1e7db36263a8aa9ab981e047e.yaml
+++ b/nuclei-templates/cve-less/plugins/gravityforms-77f0a0f1e7db36263a8aa9ab981e047e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gravity Forms <= 2.0.6.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress Plugin Gravity Forms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress Plugin Gravity Forms version 2.0.6.5 is vulnerable; prior versions may also be affected.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gravityforms/"
     google-query: inurl:"/wp-content/plugins/gravityforms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gravityforms,medium
+  tags: cve,wordpress,wp-plugin,gravityforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gravityforms-af26d379855801f026d0f678221b9f09.yaml b/nuclei-templates/cve-less/plugins/gravityforms-af26d379855801f026d0f678221b9f09.yaml
index 0fdccbbb3c..755d27157f 100644
--- a/nuclei-templates/cve-less/plugins/gravityforms-af26d379855801f026d0f678221b9f09.yaml
+++ b/nuclei-templates/cve-less/plugins/gravityforms-af26d379855801f026d0f678221b9f09.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gravityforms <= 1.9.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gravityforms plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.9.6 due to insufficient input sanitization and output escaping alongside the use of add_query_arg or remove_query_arg(). This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gravityforms/"
     google-query: inurl:"/wp-content/plugins/gravityforms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gravityforms,medium
+  tags: cve,wordpress,wp-plugin,gravityforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gravityforms-f9a5aabd053da65d5b8f27e85e3ac8c7.yaml b/nuclei-templates/cve-less/plugins/gravityforms-f9a5aabd053da65d5b8f27e85e3ac8c7.yaml
index f65de0e1c8..fe3ba366d2 100644
--- a/nuclei-templates/cve-less/plugins/gravityforms-f9a5aabd053da65d5b8f27e85e3ac8c7.yaml
+++ b/nuclei-templates/cve-less/plugins/gravityforms-f9a5aabd053da65d5b8f27e85e3ac8c7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gravityforms <= 1.9.15.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gravityforms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting up to, and including, 1.9.15.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gravityforms/"
     google-query: inurl:"/wp-content/plugins/gravityforms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gravityforms,medium
+  tags: cve,wordpress,wp-plugin,gravityforms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 640d61e03e..b51fe275bc 100644
--- a/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/greenshift-animation-and-page-builder-blocks/"
     google-query: inurl:"/wp-content/plugins/greenshift-animation-and-page-builder-blocks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,medium
+  tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/groundhogg-6b4accb527f76b2e4224aaf45a24e723.yaml b/nuclei-templates/cve-less/plugins/groundhogg-6b4accb527f76b2e4224aaf45a24e723.yaml
index fde5d8577d..215722965a 100644
--- a/nuclei-templates/cve-less/plugins/groundhogg-6b4accb527f76b2e4224aaf45a24e723.yaml
+++ b/nuclei-templates/cve-less/plugins/groundhogg-6b4accb527f76b2e4224aaf45a24e723.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Groundhogg <= 1.3.11.13 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Groundhogg plugin for WordPress is vulnerable to generic SQL Injection via the '/wp-content/plugins/groundhogg/includes/class-wpgh-contact-query.php' file in versions up to, and including, 1.3.11.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/groundhogg/"
     google-query: inurl:"/wp-content/plugins/groundhogg/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,groundhogg,high
+  tags: cve,wordpress,wp-plugin,groundhogg,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gs-facebook-comments-36c5b3d7d876a774f8fd4aa153e32524.yaml b/nuclei-templates/cve-less/plugins/gs-facebook-comments-36c5b3d7d876a774f8fd4aa153e32524.yaml
index 1f2fce0488..431f78e587 100644
--- a/nuclei-templates/cve-less/plugins/gs-facebook-comments-36c5b3d7d876a774f8fd4aa153e32524.yaml
+++ b/nuclei-templates/cve-less/plugins/gs-facebook-comments-36c5b3d7d876a774f8fd4aa153e32524.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Social Comments <= 1.7.2 - Missing Authorization to Authenticated (Subscriber+) Settings Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Social Comments plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the 'wpfc_allow_comments' function in versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Subscriber-level permissions or above, to enable or disable Facebook comments on any post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-facebook-comments/"
     google-query: inurl:"/wp-content/plugins/gs-facebook-comments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gs-facebook-comments,medium
+  tags: cve,wordpress,wp-plugin,gs-facebook-comments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-0e5cb6701f47f915bf3484f8aa48343f.yaml b/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-0e5cb6701f47f915bf3484f8aa48343f.yaml
index 2e0816f2ce..ae9be86852 100644
--- a/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-0e5cb6701f47f915bf3484f8aa48343f.yaml
+++ b/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-0e5cb6701f47f915bf3484f8aa48343f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Pins for Pinterest Lite <= 1.8.0 - Missing Authorization via _update_shortcode
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a misconfigured nonce check on the _update_shortcode function in all versions up to and including 1.8.0. This makes it possible for authenticated attackers, with subscriber access and above, to update the plugin's shortcodes.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-pinterest-portfolio/"
     google-query: inurl:"/wp-content/plugins/gs-pinterest-portfolio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,medium
+  tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-18966e8228314b8165d39d48519f43cc.yaml
index 7c91283011..72b093c8d8 100644
--- a/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-pinterest-portfolio/"
     google-query: inurl:"/wp-content/plugins/gs-pinterest-portfolio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,medium
+  tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-51cfef8c45760573f4f3cc1655e5ab39.yaml b/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-51cfef8c45760573f4f3cc1655e5ab39.yaml
index b07a52b59d..a71670eacb 100644
--- a/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-51cfef8c45760573f4f3cc1655e5ab39.yaml
+++ b/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-51cfef8c45760573f4f3cc1655e5ab39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Pinterest Plugin <= 1.6.1 - Stored (Contributor+) Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Pinterest Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gs_pinterest' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-pinterest-portfolio/"
     google-query: inurl:"/wp-content/plugins/gs-pinterest-portfolio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,medium
+  tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gs-team-members-89d1ae974c3297f3be00b2900b223ee4.yaml b/nuclei-templates/cve-less/plugins/gs-team-members-89d1ae974c3297f3be00b2900b223ee4.yaml
index af2ba7a8a9..ec8cda5b03 100644
--- a/nuclei-templates/cve-less/plugins/gs-team-members-89d1ae974c3297f3be00b2900b223ee4.yaml
+++ b/nuclei-templates/cve-less/plugins/gs-team-members-89d1ae974c3297f3be00b2900b223ee4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GS Team Members <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-team-members/"
     google-query: inurl:"/wp-content/plugins/gs-team-members/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gs-team-members,medium
+  tags: cve,wordpress,wp-plugin,gs-team-members,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gs-team-members-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/gs-team-members-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7dd7dd1fb9..1c6fb3a83e 100644
--- a/nuclei-templates/cve-less/plugins/gs-team-members-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/gs-team-members-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-team-members/"
     google-query: inurl:"/wp-content/plugins/gs-team-members/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gs-team-members,medium
+  tags: cve,wordpress,wp-plugin,gs-team-members,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gs-testimonial-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/gs-testimonial-18966e8228314b8165d39d48519f43cc.yaml
index d0d38cdcef..de9b27289b 100644
--- a/nuclei-templates/cve-less/plugins/gs-testimonial-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/gs-testimonial-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gs-testimonial/"
     google-query: inurl:"/wp-content/plugins/gs-testimonial/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gs-testimonial,medium
+  tags: cve,wordpress,wp-plugin,gs-testimonial,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gtm-server-side-9d901cc0b99cacc346adcfb2e44aed31.yaml b/nuclei-templates/cve-less/plugins/gtm-server-side-9d901cc0b99cacc346adcfb2e44aed31.yaml
index ed367e6cec..0c18ff3cfb 100644
--- a/nuclei-templates/cve-less/plugins/gtm-server-side-9d901cc0b99cacc346adcfb2e44aed31.yaml
+++ b/nuclei-templates/cve-less/plugins/gtm-server-side-9d901cc0b99cacc346adcfb2e44aed31.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     GTM Server Side <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The GTM Server Side plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'GTM Server Side url' field in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gtm-server-side/"
     google-query: inurl:"/wp-content/plugins/gtm-server-side/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gtm-server-side,medium
+  tags: cve,wordpress,wp-plugin,gtm-server-side,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/guest-author-9b2b2cc106e50e817ce608f745dbdaed.yaml b/nuclei-templates/cve-less/plugins/guest-author-9b2b2cc106e50e817ce608f745dbdaed.yaml
index 9ef05ad7d0..813ff001f0 100644
--- a/nuclei-templates/cve-less/plugins/guest-author-9b2b2cc106e50e817ce608f745dbdaed.yaml
+++ b/nuclei-templates/cve-less/plugins/guest-author-9b2b2cc106e50e817ce608f745dbdaed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Guest Author <= 2.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Guest Author plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's guest author parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/guest-author/"
     google-query: inurl:"/wp-content/plugins/guest-author/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,guest-author,medium
+  tags: cve,wordpress,wp-plugin,guest-author,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/guestofy-restaurant-reservations-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/guestofy-restaurant-reservations-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6ee07ac8c5..9c67d4ab7d 100644
--- a/nuclei-templates/cve-less/plugins/guestofy-restaurant-reservations-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/guestofy-restaurant-reservations-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/guestofy-restaurant-reservations/"
     google-query: inurl:"/wp-content/plugins/guestofy-restaurant-reservations/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,guestofy-restaurant-reservations,medium
+  tags: cve,wordpress,wp-plugin,guestofy-restaurant-reservations,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gutenberg-08c53afd34ffbbd3059a2b6b66bcb1c4.yaml b/nuclei-templates/cve-less/plugins/gutenberg-08c53afd34ffbbd3059a2b6b66bcb1c4.yaml
index 306f3b85b5..902d19a320 100644
--- a/nuclei-templates/cve-less/plugins/gutenberg-08c53afd34ffbbd3059a2b6b66bcb1c4.yaml
+++ b/nuclei-templates/cve-less/plugins/gutenberg-08c53afd34ffbbd3059a2b6b66bcb1c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.0.3 & Gutenberg < 14.3.1 - Authenticated Cross-Site Scripting in Various Blocks
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core in versions up to 6.0.3 and the Gutenberg plugin for WordPress in versions up to 14.3.1 are vulnerable to Stored Cross-Site Scripting due to insufficient output escaping on user supplied input. The RSS widget, Search Block, Featured Image Block, RSS Block, and Navigation Block are all affected components. This makes it possible for authenticated users with access to the block editor to inject malicious web scripts that may execute whenever accessing the page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gutenberg/"
     google-query: inurl:"/wp-content/plugins/gutenberg/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gutenberg,medium
+  tags: cve,wordpress,wp-plugin,gutenberg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gutenberg-dea122a140ad8ae54d1e3b79712b8d73.yaml b/nuclei-templates/cve-less/plugins/gutenberg-dea122a140ad8ae54d1e3b79712b8d73.yaml
index 03349fed4d..9150fe96a4 100644
--- a/nuclei-templates/cve-less/plugins/gutenberg-dea122a140ad8ae54d1e3b79712b8d73.yaml
+++ b/nuclei-templates/cve-less/plugins/gutenberg-dea122a140ad8ae54d1e3b79712b8d73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg 12.9.0 - 18.0.0 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in versions 12.9.0 to 18.0.0 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.  In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gutenberg/"
     google-query: inurl:"/wp-content/plugins/gutenberg/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gutenberg,medium
+  tags: cve,wordpress,wp-plugin,gutenberg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gutenslider-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/gutenslider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8758f5c3b9..d8ad1998cc 100644
--- a/nuclei-templates/cve-less/plugins/gutenslider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/gutenslider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gutenslider/"
     google-query: inurl:"/wp-content/plugins/gutenslider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gutenslider,medium
+  tags: cve,wordpress,wp-plugin,gutenslider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gwolle-gb-b0dcd475ee39f280da0df0dd6993e407.yaml b/nuclei-templates/cve-less/plugins/gwolle-gb-b0dcd475ee39f280da0df0dd6993e407.yaml
index 6ddc30a4f9..890edd00f1 100644
--- a/nuclei-templates/cve-less/plugins/gwolle-gb-b0dcd475ee39f280da0df0dd6993e407.yaml
+++ b/nuclei-templates/cve-less/plugins/gwolle-gb-b0dcd475ee39f280da0df0dd6993e407.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gwolle Guestbook <= 2.1.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘/gwolle-gb/admin/page-editor.php’ file in versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gwolle-gb/"
     google-query: inurl:"/wp-content/plugins/gwolle-gb/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gwolle-gb,medium
+  tags: cve,wordpress,wp-plugin,gwolle-gb,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/gwolle-gb-def48545fc7b8f7aba56c88a829527ec.yaml b/nuclei-templates/cve-less/plugins/gwolle-gb-def48545fc7b8f7aba56c88a829527ec.yaml
index 5c525d9f6a..4e15e6c17e 100644
--- a/nuclei-templates/cve-less/plugins/gwolle-gb-def48545fc7b8f7aba56c88a829527ec.yaml
+++ b/nuclei-templates/cve-less/plugins/gwolle-gb-def48545fc7b8f7aba56c88a829527ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gwolle Guestbook <= 2.1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Gwolle Guestbook plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on the wp-nonces. This makes it possible for unauthenticated attackers to mass approve denied entries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/gwolle-gb/"
     google-query: inurl:"/wp-content/plugins/gwolle-gb/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,gwolle-gb,high
+  tags: cve,wordpress,wp-plugin,gwolle-gb,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-18966e8228314b8165d39d48519f43cc.yaml
index 29afa05b39..b999f85ef5 100644
--- a/nuclei-templates/cve-less/plugins/happy-elementor-addons-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-c9ff001e2ccdd465207fe5710fbe6c52.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-c9ff001e2ccdd465207fe5710fbe6c52.yaml
index b41c4018ca..b63723e890 100644
--- a/nuclei-templates/cve-less/plugins/happy-elementor-addons-c9ff001e2ccdd465207fe5710fbe6c52.yaml
+++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-c9ff001e2ccdd465207fe5710fbe6c52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Happy Elementor Addons <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AGe Gate Widget in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on the user supplied header URL value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/happy-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/happy-elementor-addons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,happy-elementor-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/haxcan-3db14e51e4cd401655d11f7aea7dbad4.yaml b/nuclei-templates/cve-less/plugins/haxcan-3db14e51e4cd401655d11f7aea7dbad4.yaml
index 2f61df7a35..1c7c7894f3 100644
--- a/nuclei-templates/cve-less/plugins/haxcan-3db14e51e4cd401655d11f7aea7dbad4.yaml
+++ b/nuclei-templates/cve-less/plugins/haxcan-3db14e51e4cd401655d11f7aea7dbad4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Haxcan <= 1.0.0 - Authenticated (Admin+) Path Traversal to Arbitrary File Read
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Haxcan plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.0.0 via improper limitation boundaries. This allows high-level authenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/haxcan/"
     google-query: inurl:"/wp-content/plugins/haxcan/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,haxcan,medium
+  tags: cve,wordpress,wp-plugin,haxcan,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/health-check-fa8bb26d319a4e03fd0e1e3bc361d9db.yaml b/nuclei-templates/cve-less/plugins/health-check-fa8bb26d319a4e03fd0e1e3bc361d9db.yaml
index 7cfa37bd37..6013bc876a 100644
--- a/nuclei-templates/cve-less/plugins/health-check-fa8bb26d319a4e03fd0e1e3bc361d9db.yaml
+++ b/nuclei-templates/cve-less/plugins/health-check-fa8bb26d319a4e03fd0e1e3bc361d9db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Health Check & Troubleshooting <= 1.2.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Health Check & Troubleshooting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation. This makes it possible for authenticated attackers to call AJAX actions (vulnerable actions listed in resource) via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/health-check/"
     google-query: inurl:"/wp-content/plugins/health-check/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,health-check,high
+  tags: cve,wordpress,wp-plugin,health-check,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/helpful-fdcfcbc977d2772beb04b8279c53f48d.yaml b/nuclei-templates/cve-less/plugins/helpful-fdcfcbc977d2772beb04b8279c53f48d.yaml
index 9163641cd9..b07d03cf5a 100644
--- a/nuclei-templates/cve-less/plugins/helpful-fdcfcbc977d2772beb04b8279c53f48d.yaml
+++ b/nuclei-templates/cve-less/plugins/helpful-fdcfcbc977d2772beb04b8279c53f48d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Helpful <= 4.5.14 - Authorization Bypass to Repeat Voting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Helpful plugin for WordPress is vulnerable to repeat voting in versions up to, and including, 4.5.14 due to insufficient voting verification/authorization. This makes it possible for authenticated attackers to vote more than once in polls created with the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/helpful/"
     google-query: inurl:"/wp-content/plugins/helpful/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,helpful,medium
+  tags: cve,wordpress,wp-plugin,helpful,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/helpie-faq-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/helpie-faq-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e639ede4f1..4ba430a8a4 100644
--- a/nuclei-templates/cve-less/plugins/helpie-faq-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/helpie-faq-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/helpie-faq/"
     google-query: inurl:"/wp-content/plugins/helpie-faq/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,helpie-faq,medium
+  tags: cve,wordpress,wp-plugin,helpie-faq,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/hide-shipping-method-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/hide-shipping-method-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0287d0eb9c..fbe4dd3f9f 100644
--- a/nuclei-templates/cve-less/plugins/hide-shipping-method-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/hide-shipping-method-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hide-shipping-method-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/hide-shipping-method-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,hide-shipping-method-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,hide-shipping-method-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/hide_my_wp-9d0b835dc24461b5e3c8d9cb0d3fe615.yaml b/nuclei-templates/cve-less/plugins/hide_my_wp-9d0b835dc24461b5e3c8d9cb0d3fe615.yaml
index 21d4f4ab18..72b20e2aff 100644
--- a/nuclei-templates/cve-less/plugins/hide_my_wp-9d0b835dc24461b5e3c8d9cb0d3fe615.yaml
+++ b/nuclei-templates/cve-less/plugins/hide_my_wp-9d0b835dc24461b5e3c8d9cb0d3fe615.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hide My WP <= 4.53 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Hide My WP plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.53 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hide_my_wp/"
     google-query: inurl:"/wp-content/plugins/hide_my_wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,hide_my_wp,medium
+  tags: cve,wordpress,wp-plugin,hide_my_wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/hide_my_wp-e1e09568d086f8fa80d5f87a6742ffc7.yaml b/nuclei-templates/cve-less/plugins/hide_my_wp-e1e09568d086f8fa80d5f87a6742ffc7.yaml
index 7190fc3a90..30a6df639a 100644
--- a/nuclei-templates/cve-less/plugins/hide_my_wp-e1e09568d086f8fa80d5f87a6742ffc7.yaml
+++ b/nuclei-templates/cve-less/plugins/hide_my_wp-e1e09568d086f8fa80d5f87a6742ffc7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hide My WP <= 4.51.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Hide My WP plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.51.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hide_my_wp/"
     google-query: inurl:"/wp-content/plugins/hide_my_wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,hide_my_wp,medium
+  tags: cve,wordpress,wp-plugin,hide_my_wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/hm-multiple-roles-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/hm-multiple-roles-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index eb10221edc..6f4562fa10 100644
--- a/nuclei-templates/cve-less/plugins/hm-multiple-roles-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/hm-multiple-roles-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hm-multiple-roles/"
     google-query: inurl:"/wp-content/plugins/hm-multiple-roles/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,hm-multiple-roles,medium
+  tags: cve,wordpress,wp-plugin,hm-multiple-roles,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/honeypot-4c06879b605c0ddf9d3252fe12dff25c.yaml b/nuclei-templates/cve-less/plugins/honeypot-4c06879b605c0ddf9d3252fe12dff25c.yaml
index 30a4c0f7f4..4e36a11f08 100644
--- a/nuclei-templates/cve-less/plugins/honeypot-4c06879b605c0ddf9d3252fe12dff25c.yaml
+++ b/nuclei-templates/cve-less/plugins/honeypot-4c06879b605c0ddf9d3252fe12dff25c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Armour Honeypot Anti Spam <= 1.5.6 -Cross-Site Request Forgery to Arbitrary Options Update
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Armour Honeypot Anti Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the wpa_save_settings() function in versions up to, and including, 1.5.6. This makes it possible for attackers to modify arbitrary site options granted they can trick an administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/honeypot/"
     google-query: inurl:"/wp-content/plugins/honeypot/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,honeypot,critical
+  tags: cve,wordpress,wp-plugin,honeypot,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/hooked-editable-content-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/hooked-editable-content-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 199a215e2d..7105e2f8a6 100644
--- a/nuclei-templates/cve-less/plugins/hooked-editable-content-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/hooked-editable-content-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hooked-editable-content/"
     google-query: inurl:"/wp-content/plugins/hooked-editable-content/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,hooked-editable-content,medium
+  tags: cve,wordpress,wp-plugin,hooked-editable-content,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/hotel-listing-5485a109494b4df54da4337a9efe8523.yaml b/nuclei-templates/cve-less/plugins/hotel-listing-5485a109494b4df54da4337a9efe8523.yaml
index 233b8be54c..fb2eaa8699 100644
--- a/nuclei-templates/cve-less/plugins/hotel-listing-5485a109494b4df54da4337a9efe8523.yaml
+++ b/nuclei-templates/cve-less/plugins/hotel-listing-5485a109494b4df54da4337a9efe8523.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hotel Listings < 1.3.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hotel Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions before 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hotel-listing/"
     google-query: inurl:"/wp-content/plugins/hotel-listing/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,hotel-listing,medium
+  tags: cve,wordpress,wp-plugin,hotel-listing,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/hqtheme-extra-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/hqtheme-extra-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9911846a06..492739ab78 100644
--- a/nuclei-templates/cve-less/plugins/hqtheme-extra-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/hqtheme-extra-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hqtheme-extra/"
     google-query: inurl:"/wp-content/plugins/hqtheme-extra/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,hqtheme-extra,medium
+  tags: cve,wordpress,wp-plugin,hqtheme-extra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/html5-jquery-audio-player-2ea89aa92910e09e4a0699a93e6b8771.yaml b/nuclei-templates/cve-less/plugins/html5-jquery-audio-player-2ea89aa92910e09e4a0699a93e6b8771.yaml
index c8d234d8ba..1532f42fd6 100644
--- a/nuclei-templates/cve-less/plugins/html5-jquery-audio-player-2ea89aa92910e09e4a0699a93e6b8771.yaml
+++ b/nuclei-templates/cve-less/plugins/html5-jquery-audio-player-2ea89aa92910e09e4a0699a93e6b8771.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML5 jQuery Audio Player <= 2.6.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The HTML5 jQuery Audio Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.2 due to inclusion of a vulnerable version of jPlayer. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-jquery-audio-player/"
     google-query: inurl:"/wp-content/plugins/html5-jquery-audio-player/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,html5-jquery-audio-player,medium
+  tags: cve,wordpress,wp-plugin,html5-jquery-audio-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/html5-lyrics-karaoke-player-c399c93eb04d9720bd4e74a57c352087.yaml b/nuclei-templates/cve-less/plugins/html5-lyrics-karaoke-player-c399c93eb04d9720bd4e74a57c352087.yaml
index eaf62a906a..2e335c326c 100644
--- a/nuclei-templates/cve-less/plugins/html5-lyrics-karaoke-player-c399c93eb04d9720bd4e74a57c352087.yaml
+++ b/nuclei-templates/cve-less/plugins/html5-lyrics-karaoke-player-c399c93eb04d9720bd4e74a57c352087.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     HTML5 Lyrics Karaoke Player <= 2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The HTML5 Lyrics Karaoke Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the swfupload.swf file in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/html5-lyrics-karaoke-player/"
     google-query: inurl:"/wp-content/plugins/html5-lyrics-karaoke-player/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,html5-lyrics-karaoke-player,medium
+  tags: cve,wordpress,wp-plugin,html5-lyrics-karaoke-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/hybrid-composer-b0e3fd5d9174b5eba29a79c0cda84c9b.yaml b/nuclei-templates/cve-less/plugins/hybrid-composer-b0e3fd5d9174b5eba29a79c0cda84c9b.yaml
index ac132a5aff..086200040b 100644
--- a/nuclei-templates/cve-less/plugins/hybrid-composer-b0e3fd5d9174b5eba29a79c0cda84c9b.yaml
+++ b/nuclei-templates/cve-less/plugins/hybrid-composer-b0e3fd5d9174b5eba29a79c0cda84c9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hybrid Composer <= 1.4.6 - Missing Authorization to Arbitrary Options Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Hybrid Composer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the hc_ajax_save_option function in versions up to, and including, 1.4.6. This makes it possible for unauthenticated attackers to fully access and modify administrative settings/actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/hybrid-composer/"
     google-query: inurl:"/wp-content/plugins/hybrid-composer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,hybrid-composer,medium
+  tags: cve,wordpress,wp-plugin,hybrid-composer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/iks-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/iks-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index bbe601d6d3..4d01075eb2 100644
--- a/nuclei-templates/cve-less/plugins/iks-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/iks-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iks-menu/"
     google-query: inurl:"/wp-content/plugins/iks-menu/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,iks-menu,medium
+  tags: cve,wordpress,wp-plugin,iks-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ilab-media-tools-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ilab-media-tools-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1bf50178ff..b942c25055 100644
--- a/nuclei-templates/cve-less/plugins/ilab-media-tools-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ilab-media-tools-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ilab-media-tools/"
     google-query: inurl:"/wp-content/plugins/ilab-media-tools/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ilab-media-tools,medium
+  tags: cve,wordpress,wp-plugin,ilab-media-tools,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/iloveimg-aa275ed39ac05dab3dd3b7cb9e8afc6d.yaml b/nuclei-templates/cve-less/plugins/iloveimg-aa275ed39ac05dab3dd3b7cb9e8afc6d.yaml
index 5ff3d293cd..a2e1545a22 100644
--- a/nuclei-templates/cve-less/plugins/iloveimg-aa275ed39ac05dab3dd3b7cb9e8afc6d.yaml
+++ b/nuclei-templates/cve-less/plugins/iloveimg-aa275ed39ac05dab3dd3b7cb9e8afc6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Compressor & Optimizer - iLoveIMG <= 1.0.5 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Image Compressor & Optimizer – iLoveIMG plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 1.0.6 (exclusive) via deserialization of untrusted input. This makes it possible for authenticated attackers, with admin access or higher to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iloveimg/"
     google-query: inurl:"/wp-content/plugins/iloveimg/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,iloveimg,high
+  tags: cve,wordpress,wp-plugin,iloveimg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/image-banner-widget-2f83ea3f51d28fac6369a0c731ce68eb.yaml b/nuclei-templates/cve-less/plugins/image-banner-widget-2f83ea3f51d28fac6369a0c731ce68eb.yaml
index 1e948a8d7d..a22e5dc051 100644
--- a/nuclei-templates/cve-less/plugins/image-banner-widget-2f83ea3f51d28fac6369a0c731ce68eb.yaml
+++ b/nuclei-templates/cve-less/plugins/image-banner-widget-2f83ea3f51d28fac6369a0c731ce68eb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image/Banner Widget <= 1.4.5 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image/Banner Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget title parameter in versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-banner-widget/"
     google-query: inurl:"/wp-content/plugins/image-banner-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,image-banner-widget,medium
+  tags: cve,wordpress,wp-plugin,image-banner-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/image-carousel-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/image-carousel-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index fe1bfeb94e..4a6f874cab 100644
--- a/nuclei-templates/cve-less/plugins/image-carousel-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/image-carousel-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-carousel-for-divi/"
     google-query: inurl:"/wp-content/plugins/image-carousel-for-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,image-carousel-for-divi,medium
+  tags: cve,wordpress,wp-plugin,image-carousel-for-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/image-intense-772b71a2d81ce555d5c9a0a38892bb34.yaml b/nuclei-templates/cve-less/plugins/image-intense-772b71a2d81ce555d5c9a0a38892bb34.yaml
index bb05e4a713..df791c79d1 100644
--- a/nuclei-templates/cve-less/plugins/image-intense-772b71a2d81ce555d5c9a0a38892bb34.yaml
+++ b/nuclei-templates/cve-less/plugins/image-intense-772b71a2d81ce555d5c9a0a38892bb34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Intense <= 3.2.5 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Image Intense plugin for WordPress is vulnerable to unspecified SQL Injection in versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for Contributor-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-intense/"
     google-query: inurl:"/wp-content/plugins/image-intense/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,image-intense,high
+  tags: cve,wordpress,wp-plugin,image-intense,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/image-optimizer-wd-0bbe2e9ad1b1c0a623ea6abfedb5595e.yaml b/nuclei-templates/cve-less/plugins/image-optimizer-wd-0bbe2e9ad1b1c0a623ea6abfedb5595e.yaml
index e8ec8bd87a..e1de87a3d0 100644
--- a/nuclei-templates/cve-less/plugins/image-optimizer-wd-0bbe2e9ad1b1c0a623ea6abfedb5595e.yaml
+++ b/nuclei-templates/cve-less/plugins/image-optimizer-wd-0bbe2e9ad1b1c0a623ea6abfedb5595e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Optimizer WD <= 1.0.26 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Image Optimizer WD  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-optimizer-wd/"
     google-query: inurl:"/wp-content/plugins/image-optimizer-wd/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,image-optimizer-wd,medium
+  tags: cve,wordpress,wp-plugin,image-optimizer-wd,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/image-regenerate-select-crop-20671ddf0d01a43586266ad4cb142fcf.yaml b/nuclei-templates/cve-less/plugins/image-regenerate-select-crop-20671ddf0d01a43586266ad4cb142fcf.yaml
index 9ae8c2a43d..c86982f683 100644
--- a/nuclei-templates/cve-less/plugins/image-regenerate-select-crop-20671ddf0d01a43586266ad4cb142fcf.yaml
+++ b/nuclei-templates/cve-less/plugins/image-regenerate-select-crop-20671ddf0d01a43586266ad4cb142fcf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Regenerate & Select Crop <= 7.1.0 - Missing Authorization on multiple AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Image Regenerate & Select Crop plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to missing capability and nonce checks on multiple AJAX functions in versions up to, and including, 7.1.0. This makes it possible for authenticated attackers to bulk rename, process, and delete image files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-regenerate-select-crop/"
     google-query: inurl:"/wp-content/plugins/image-regenerate-select-crop/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,image-regenerate-select-crop,medium
+  tags: cve,wordpress,wp-plugin,image-regenerate-select-crop,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/image-slider-widget-d5648214fbd82ebd55682a43fc8f813e.yaml b/nuclei-templates/cve-less/plugins/image-slider-widget-d5648214fbd82ebd55682a43fc8f813e.yaml
index 333d72326f..6793f6b4b2 100644
--- a/nuclei-templates/cve-less/plugins/image-slider-widget-d5648214fbd82ebd55682a43fc8f813e.yaml
+++ b/nuclei-templates/cve-less/plugins/image-slider-widget-d5648214fbd82ebd55682a43fc8f813e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Slider <= 1.1.119 - Subscriber+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The plugin Image Slider is vulnerable to SQL Injection via the post parameter in the function ewic_duplicate_slider in versions up to, and including 1.1.119 due to insufficient sanitization before using it in an unprepared SQL query. This make it possible for subscribers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-slider-widget/"
     google-query: inurl:"/wp-content/plugins/image-slider-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,image-slider-widget,high
+  tags: cve,wordpress,wp-plugin,image-slider-widget,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/image-zoom-5721436cde7e78cb58601bb592cde002.yaml b/nuclei-templates/cve-less/plugins/image-zoom-5721436cde7e78cb58601bb592cde002.yaml
index 8aa6def0a9..1959af7837 100644
--- a/nuclei-templates/cve-less/plugins/image-zoom-5721436cde7e78cb58601bb592cde002.yaml
+++ b/nuclei-templates/cve-less/plugins/image-zoom-5721436cde7e78cb58601bb592cde002.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Image Zoom <= 1.8.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Image Zoom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.8. This is due to missing or incorrect nonce validation on all of the plugin's AJAX endpoints. This makes it possible for unauthenticated attackers to invoke the functions associated with them, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/image-zoom/"
     google-query: inurl:"/wp-content/plugins/image-zoom/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,image-zoom,high
+  tags: cve,wordpress,wp-plugin,image-zoom,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/inazo-advanced-ads-management-824d93c3c9858047a50ed1387d69356d.yaml b/nuclei-templates/cve-less/plugins/inazo-advanced-ads-management-824d93c3c9858047a50ed1387d69356d.yaml
index d71ef49c1e..bb07b58bf6 100644
--- a/nuclei-templates/cve-less/plugins/inazo-advanced-ads-management-824d93c3c9858047a50ed1387d69356d.yaml
+++ b/nuclei-templates/cve-less/plugins/inazo-advanced-ads-management-824d93c3c9858047a50ed1387d69356d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inazo Advanced Ads Management < 1.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Inazo Advanced Ads Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘adds’ parameter in versions before 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with low-level privileges or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/inazo-advanced-ads-management/"
     google-query: inurl:"/wp-content/plugins/inazo-advanced-ads-management/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,inazo-advanced-ads-management,medium
+  tags: cve,wordpress,wp-plugin,inazo-advanced-ads-management,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/inbound-brew-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/inbound-brew-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9c6ae78363..0db3b17659 100644
--- a/nuclei-templates/cve-less/plugins/inbound-brew-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/inbound-brew-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/inbound-brew/"
     google-query: inurl:"/wp-content/plugins/inbound-brew/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,inbound-brew,medium
+  tags: cve,wordpress,wp-plugin,inbound-brew,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/indeed-affiliate-pro-ab0d13d34dc4621d3f125a7e5e405bf1.yaml b/nuclei-templates/cve-less/plugins/indeed-affiliate-pro-ab0d13d34dc4621d3f125a7e5e405bf1.yaml
index 47479836e0..ef4e6f534a 100644
--- a/nuclei-templates/cve-less/plugins/indeed-affiliate-pro-ab0d13d34dc4621d3f125a7e5e405bf1.yaml
+++ b/nuclei-templates/cve-less/plugins/indeed-affiliate-pro-ab0d13d34dc4621d3f125a7e5e405bf1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Affiliate Pro <= 3.9 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ultimate Affiliate Pro for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/indeed-affiliate-pro/"
     google-query: inurl:"/wp-content/plugins/indeed-affiliate-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,indeed-affiliate-pro,high
+  tags: cve,wordpress,wp-plugin,indeed-affiliate-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/indeed-membership-pro-c78abe8c9dafca582dd0f5c66a5e2eb9.yaml b/nuclei-templates/cve-less/plugins/indeed-membership-pro-c78abe8c9dafca582dd0f5c66a5e2eb9.yaml
index a5ff23190a..bdd6fb07e7 100644
--- a/nuclei-templates/cve-less/plugins/indeed-membership-pro-c78abe8c9dafca582dd0f5c66a5e2eb9.yaml
+++ b/nuclei-templates/cve-less/plugins/indeed-membership-pro-c78abe8c9dafca582dd0f5c66a5e2eb9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Membership Pro <= 8.6.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ultimate Membership Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.6.1. This is due to missing or incorrect nonce validation on various AJAX functions. This makes it possible for unauthenticated attackers to perform a variety of tasks, such as deleting users and coupons, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/indeed-membership-pro/"
     google-query: inurl:"/wp-content/plugins/indeed-membership-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,indeed-membership-pro,high
+  tags: cve,wordpress,wp-plugin,indeed-membership-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/indeed-membership-pro-d5e71f9286573633246d95fe18c6dc87.yaml b/nuclei-templates/cve-less/plugins/indeed-membership-pro-d5e71f9286573633246d95fe18c6dc87.yaml
index 1508b5cf2a..0e3ff5d7ef 100644
--- a/nuclei-templates/cve-less/plugins/indeed-membership-pro-d5e71f9286573633246d95fe18c6dc87.yaml
+++ b/nuclei-templates/cve-less/plugins/indeed-membership-pro-d5e71f9286573633246d95fe18c6dc87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Indeed Membership Pro 7.3 - 8.6 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/indeed-membership-pro/"
     google-query: inurl:"/wp-content/plugins/indeed-membership-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,indeed-membership-pro,medium
+  tags: cve,wordpress,wp-plugin,indeed-membership-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/indeed-membership-pro-e4eee191046305a40d967ee1ba037cbb.yaml b/nuclei-templates/cve-less/plugins/indeed-membership-pro-e4eee191046305a40d967ee1ba037cbb.yaml
index 5eb469cfeb..1eac9a63f1 100644
--- a/nuclei-templates/cve-less/plugins/indeed-membership-pro-e4eee191046305a40d967ee1ba037cbb.yaml
+++ b/nuclei-templates/cve-less/plugins/indeed-membership-pro-e4eee191046305a40d967ee1ba037cbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Membership Pro <= 8.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ultimate Membership Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.6. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to create, modify, or delete user accounts, including accounts with administrative permissions, granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/indeed-membership-pro/"
     google-query: inurl:"/wp-content/plugins/indeed-membership-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,indeed-membership-pro,high
+  tags: cve,wordpress,wp-plugin,indeed-membership-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/indeed-membership-pro-f7a99c10e9aa1ac19e91036f274d28b1.yaml b/nuclei-templates/cve-less/plugins/indeed-membership-pro-f7a99c10e9aa1ac19e91036f274d28b1.yaml
index 0c9f1b71a4..3350abea4a 100644
--- a/nuclei-templates/cve-less/plugins/indeed-membership-pro-f7a99c10e9aa1ac19e91036f274d28b1.yaml
+++ b/nuclei-templates/cve-less/plugins/indeed-membership-pro-f7a99c10e9aa1ac19e91036f274d28b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Indeed Membership Pro <= 7.5 - Remote Image File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Indeed Membership Pro plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 7.5 via the imgUrl feature. This allows unauthorized attackers to include remote files on the server, resulting in code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/indeed-membership-pro/"
     google-query: inurl:"/wp-content/plugins/indeed-membership-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,indeed-membership-pro,high
+  tags: cve,wordpress,wp-plugin,indeed-membership-pro,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/injection-guard-ca5a202b7756a1fb685216ed26367b36.yaml b/nuclei-templates/cve-less/plugins/injection-guard-ca5a202b7756a1fb685216ed26367b36.yaml
index 9a81aca94d..790fda4fdc 100644
--- a/nuclei-templates/cve-less/plugins/injection-guard-ca5a202b7756a1fb685216ed26367b36.yaml
+++ b/nuclei-templates/cve-less/plugins/injection-guard-ca5a202b7756a1fb685216ed26367b36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Injection Guard <= 1.2.1 - Missing Authorization to Whitelist Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Injection Guard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ig_update function in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's whitelist.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/injection-guard/"
     google-query: inurl:"/wp-content/plugins/injection-guard/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,injection-guard,medium
+  tags: cve,wordpress,wp-plugin,injection-guard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/inpost-gallery-ec29185ed2f65e10921961a5788cf99a.yaml b/nuclei-templates/cve-less/plugins/inpost-gallery-ec29185ed2f65e10921961a5788cf99a.yaml
index a80bafc8f3..d01fafb244 100644
--- a/nuclei-templates/cve-less/plugins/inpost-gallery-ec29185ed2f65e10921961a5788cf99a.yaml
+++ b/nuclei-templates/cve-less/plugins/inpost-gallery-ec29185ed2f65e10921961a5788cf99a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     InPost Gallery <= 2.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The InPost Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'admin_thumb_width' parameter in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/inpost-gallery/"
     google-query: inurl:"/wp-content/plugins/inpost-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,inpost-gallery,medium
+  tags: cve,wordpress,wp-plugin,inpost-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cf2d902cfd..4517c34ac6 100644
--- a/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/"
     google-query: inurl:"/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,medium
+  tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/instagram-feed-0dd37aac0a819da40009a99efded6eee.yaml b/nuclei-templates/cve-less/plugins/instagram-feed-0dd37aac0a819da40009a99efded6eee.yaml
index 3658649228..7bef085f9a 100644
--- a/nuclei-templates/cve-less/plugins/instagram-feed-0dd37aac0a819da40009a99efded6eee.yaml
+++ b/nuclei-templates/cve-less/plugins/instagram-feed-0dd37aac0a819da40009a99efded6eee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smash Balloon Social Photo Feed <= 1.11.3 - Cross-Site Request Forgery to Back-Up Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Smash Balloon Social Photo Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.3. This is due to missing or incorrect nonce validation on the sbi_clear_backups() function. This makes it possible for unauthenticated attackers to clear the plugins back-ups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instagram-feed/"
     google-query: inurl:"/wp-content/plugins/instagram-feed/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,instagram-feed,high
+  tags: cve,wordpress,wp-plugin,instagram-feed,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/instagram-slider-widget-c4bb8ef855ed7d5677231037db6f41b0.yaml b/nuclei-templates/cve-less/plugins/instagram-slider-widget-c4bb8ef855ed7d5677231037db6f41b0.yaml
index 25e1a63db2..740e0e862b 100644
--- a/nuclei-templates/cve-less/plugins/instagram-slider-widget-c4bb8ef855ed7d5677231037db6f41b0.yaml
+++ b/nuclei-templates/cve-less/plugins/instagram-slider-widget-c4bb8ef855ed7d5677231037db6f41b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Slider Feed <= 2.0.4 - Authenticated (Scubscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Slider Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instagram-slider-widget/"
     google-query: inurl:"/wp-content/plugins/instagram-slider-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,instagram-slider-widget,medium
+  tags: cve,wordpress,wp-plugin,instagram-slider-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/instagram-slider-widget-d922f6e78e39c496155eaa17b9a13762.yaml b/nuclei-templates/cve-less/plugins/instagram-slider-widget-d922f6e78e39c496155eaa17b9a13762.yaml
index 2224780888..5e642a6661 100644
--- a/nuclei-templates/cve-less/plugins/instagram-slider-widget-d922f6e78e39c496155eaa17b9a13762.yaml
+++ b/nuclei-templates/cve-less/plugins/instagram-slider-widget-d922f6e78e39c496155eaa17b9a13762.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Slider Feed <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Slider Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hashtag parameter in versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instagram-slider-widget/"
     google-query: inurl:"/wp-content/plugins/instagram-slider-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,instagram-slider-widget,medium
+  tags: cve,wordpress,wp-plugin,instagram-slider-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/instagram-slider-widget-da62044dc6f8ab5a6043df4bc628475e.yaml b/nuclei-templates/cve-less/plugins/instagram-slider-widget-da62044dc6f8ab5a6043df4bc628475e.yaml
index 8a6ad19c6c..614f68efcc 100644
--- a/nuclei-templates/cve-less/plugins/instagram-slider-widget-da62044dc6f8ab5a6043df4bc628475e.yaml
+++ b/nuclei-templates/cve-less/plugins/instagram-slider-widget-da62044dc6f8ab5a6043df4bc628475e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Slider Feed <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Slider Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via API key in versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/instagram-slider-widget/"
     google-query: inurl:"/wp-content/plugins/instagram-slider-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,instagram-slider-widget,medium
+  tags: cve,wordpress,wp-plugin,instagram-slider-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/integrate-google-drive-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/integrate-google-drive-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 87960839e7..071249fa0d 100644
--- a/nuclei-templates/cve-less/plugins/integrate-google-drive-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/integrate-google-drive-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integrate-google-drive/"
     google-query: inurl:"/wp-content/plugins/integrate-google-drive/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,integrate-google-drive,medium
+  tags: cve,wordpress,wp-plugin,integrate-google-drive,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/integration-of-capsule-crm-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/integration-of-capsule-crm-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0e4d28892a..857efb93fc 100644
--- a/nuclei-templates/cve-less/plugins/integration-of-capsule-crm-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/integration-of-capsule-crm-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integration-of-capsule-crm-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/integration-of-capsule-crm-for-contact-form-7/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,integration-of-capsule-crm-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,integration-of-capsule-crm-for-contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/integromat-connector-4f39f823882301049a61a7a769c354a9.yaml b/nuclei-templates/cve-less/plugins/integromat-connector-4f39f823882301049a61a7a769c354a9.yaml
index c4cf6e889b..93d546ccfc 100644
--- a/nuclei-templates/cve-less/plugins/integromat-connector-4f39f823882301049a61a7a769c354a9.yaml
+++ b/nuclei-templates/cve-less/plugins/integromat-connector-4f39f823882301049a61a7a769c354a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Make, formerly Integromat Connector <= 1.5.2 - Authenticated (Subscriber+) Information Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Make plugin for WordPress is vulnerable to authorization bypass due to a missing capability check and nonce verification on an admin_menu action in versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to download the plugin's logs which may contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/integromat-connector/"
     google-query: inurl:"/wp-content/plugins/integromat-connector/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,integromat-connector,medium
+  tags: cve,wordpress,wp-plugin,integromat-connector,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/intelly-related-posts-b1a9125711cb68f9ebd1c9d6ec3312c5.yaml b/nuclei-templates/cve-less/plugins/intelly-related-posts-b1a9125711cb68f9ebd1c9d6ec3312c5.yaml
index b8bf2f08a8..f5bc34723e 100644
--- a/nuclei-templates/cve-less/plugins/intelly-related-posts-b1a9125711cb68f9ebd1c9d6ec3312c5.yaml
+++ b/nuclei-templates/cve-less/plugins/intelly-related-posts-b1a9125711cb68f9ebd1c9d6ec3312c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Inline Related Posts <= 3.0.4 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Inline Related Posts plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative capabilities, to inject arbitrary web scripts that execute in a victim's browser. This only affects multi-site installations, and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/intelly-related-posts/"
     google-query: inurl:"/wp-content/plugins/intelly-related-posts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,intelly-related-posts,medium
+  tags: cve,wordpress,wp-plugin,intelly-related-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/intelly-welcome-bar-43e66df1f9172a258f7b4833c10ba64c.yaml b/nuclei-templates/cve-less/plugins/intelly-welcome-bar-43e66df1f9172a258f7b4833c10ba64c.yaml
index d504341f2c..2b37b6929e 100644
--- a/nuclei-templates/cve-less/plugins/intelly-welcome-bar-43e66df1f9172a258f7b4833c10ba64c.yaml
+++ b/nuclei-templates/cve-less/plugins/intelly-welcome-bar-43e66df1f9172a258f7b4833c10ba64c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcome Bar <= 2.0.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Welcome Bar for WordPress is vulnerable to unauthorized AJAX action access due to a missing capability check on the iwb_do_action function in versions up to, and including, 2.0.3. This makes it possible for subscriber-level attackers invoke this action.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/intelly-welcome-bar/"
     google-query: inurl:"/wp-content/plugins/intelly-welcome-bar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,intelly-welcome-bar,medium
+  tags: cve,wordpress,wp-plugin,intelly-welcome-bar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/interactive-geo-maps-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/interactive-geo-maps-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e0ad1229bc..fa3f211975 100644
--- a/nuclei-templates/cve-less/plugins/interactive-geo-maps-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/interactive-geo-maps-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-geo-maps/"
     google-query: inurl:"/wp-content/plugins/interactive-geo-maps/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,interactive-geo-maps,medium
+  tags: cve,wordpress,wp-plugin,interactive-geo-maps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/interactive-medical-drawing-of-human-body-162fd1b80a689c044d519624e2cd6bbb.yaml b/nuclei-templates/cve-less/plugins/interactive-medical-drawing-of-human-body-162fd1b80a689c044d519624e2cd6bbb.yaml
index 27a4d660df..d60b31f561 100644
--- a/nuclei-templates/cve-less/plugins/interactive-medical-drawing-of-human-body-162fd1b80a689c044d519624e2cd6bbb.yaml
+++ b/nuclei-templates/cve-less/plugins/interactive-medical-drawing-of-human-body-162fd1b80a689c044d519624e2cd6bbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Interactive Medical Drawing of Human Body <= 2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Interactive Medical Drawing of Human Body plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘anatomy_basic’ parameter in versions up to, and including, 2.4  due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/interactive-medical-drawing-of-human-body/"
     google-query: inurl:"/wp-content/plugins/interactive-medical-drawing-of-human-body/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,interactive-medical-drawing-of-human-body,medium
+  tags: cve,wordpress,wp-plugin,interactive-medical-drawing-of-human-body,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/internal-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/internal-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 505462c08c..7c162cb1ed 100644
--- a/nuclei-templates/cve-less/plugins/internal-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/internal-links-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/internal-links/"
     google-query: inurl:"/wp-content/plugins/internal-links/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,internal-links,medium
+  tags: cve,wordpress,wp-plugin,internal-links,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/intimate-io-cryptocurrency-payments-d27b7d21b5912a09ea3805333b4f7140.yaml b/nuclei-templates/cve-less/plugins/intimate-io-cryptocurrency-payments-d27b7d21b5912a09ea3805333b4f7140.yaml
index a636789b26..5b30402fba 100644
--- a/nuclei-templates/cve-less/plugins/intimate-io-cryptocurrency-payments-d27b7d21b5912a09ea3805333b4f7140.yaml
+++ b/nuclei-templates/cve-less/plugins/intimate-io-cryptocurrency-payments-d27b7d21b5912a09ea3805333b4f7140.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     intimate Payments Plugin <= 1.3.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Intimate Payments plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the handle_select_currency and handle_update_trx functions. This makes it possible for unauthenticated attackers to edit transaction data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/intimate-io-cryptocurrency-payments/"
     google-query: inurl:"/wp-content/plugins/intimate-io-cryptocurrency-payments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,intimate-io-cryptocurrency-payments,high
+  tags: cve,wordpress,wp-plugin,intimate-io-cryptocurrency-payments,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/intouch-5a4ceeb56cff119df02b4014ab6dd0d9.yaml b/nuclei-templates/cve-less/plugins/intouch-5a4ceeb56cff119df02b4014ab6dd0d9.yaml
index f523fbaffd..a1a49d3eff 100644
--- a/nuclei-templates/cve-less/plugins/intouch-5a4ceeb56cff119df02b4014ab6dd0d9.yaml
+++ b/nuclei-templates/cve-less/plugins/intouch-5a4ceeb56cff119df02b4014ab6dd0d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     intouch <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The intouch plugin for WordPress is vulnerable to Cross-Site Scripting via the 'intouch_failure' parameter in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/intouch/"
     google-query: inurl:"/wp-content/plugins/intouch/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,intouch,medium
+  tags: cve,wordpress,wp-plugin,intouch,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-5fce0179ad5dd3fa3f22de628e08db06.yaml b/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-5fce0179ad5dd3fa3f22de628e08db06.yaml
index 23473a43fa..bf6076f8bb 100644
--- a/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-5fce0179ad5dd3fa3f22de628e08db06.yaml
+++ b/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-5fce0179ad5dd3fa3f22de628e08db06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Intuitive Custom Post Order plugin for WordPress is vulnerable to authenticated settings change in versions up to and including 3.1.3 via the 'update-menu-order-sites' AJAX action. This allows authenticated attackers with subscriber privileges or above, to change the order of sites in the sites menu on multisite installations.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/intuitive-custom-post-order/"
     google-query: inurl:"/wp-content/plugins/intuitive-custom-post-order/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,intuitive-custom-post-order,medium
+  tags: cve,wordpress,wp-plugin,intuitive-custom-post-order,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ip-address-blocker-c2d506865b475e467cd410bd4ff9f703.yaml b/nuclei-templates/cve-less/plugins/ip-address-blocker-c2d506865b475e467cd410bd4ff9f703.yaml
index bfb31ab72d..6601afd74d 100644
--- a/nuclei-templates/cve-less/plugins/ip-address-blocker-c2d506865b475e467cd410bd4ff9f703.yaml
+++ b/nuclei-templates/cve-less/plugins/ip-address-blocker-c2d506865b475e467cd410bd4ff9f703.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LionScripts: IP Blocker Lite <= 10.4 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The LionScripts: IP Blocker Lite plugin for WordPress is vulnerable to arbitrary file uploads via Cross-Site Request Forgery due to missing nonce verification and file type validation in the ip-address-blocker/trunk/lib/lionscripts_plg_wib.class.php file in versions up to, and including, 10.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ip-address-blocker/"
     google-query: inurl:"/wp-content/plugins/ip-address-blocker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ip-address-blocker,high
+  tags: cve,wordpress,wp-plugin,ip-address-blocker,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ip2location-country-blocker-d1d5e763ed41a49986eaf738181a98d5.yaml b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-d1d5e763ed41a49986eaf738181a98d5.yaml
index ef9660c4ab..20a21af143 100644
--- a/nuclei-templates/cve-less/plugins/ip2location-country-blocker-d1d5e763ed41a49986eaf738181a98d5.yaml
+++ b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-d1d5e763ed41a49986eaf738181a98d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     IP2Location Country Blocker < 2.26.9 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The IP2Location Country Blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.26.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ip2location-country-blocker/"
     google-query: inurl:"/wp-content/plugins/ip2location-country-blocker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ip2location-country-blocker,medium
+  tags: cve,wordpress,wp-plugin,ip2location-country-blocker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-718a86b8fb614bfca1d835a5b1869915.yaml b/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-718a86b8fb614bfca1d835a5b1869915.yaml
index 75b8ac8c95..15a7b6dab8 100644
--- a/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-718a86b8fb614bfca1d835a5b1869915.yaml
+++ b/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-718a86b8fb614bfca1d835a5b1869915.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iPanorama 360 – WordPress Virtual Tour Builder <= 1.7.3 - Authenticated (Admin+) SQL injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The iPanorama 360 plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with admin-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,high
+  tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ithemes-sync-8253ee833cb2687572180cd975dbf588.yaml b/nuclei-templates/cve-less/plugins/ithemes-sync-8253ee833cb2687572180cd975dbf588.yaml
index 5bbff52deb..e404fc389c 100644
--- a/nuclei-templates/cve-less/plugins/ithemes-sync-8253ee833cb2687572180cd975dbf588.yaml
+++ b/nuclei-templates/cve-less/plugins/ithemes-sync-8253ee833cb2687572180cd975dbf588.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Solid Central <= 3.0.0 - Stored Cross-Site Scripting via packages
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Solid Central – Site Management, Backups, Security, and Reporting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via malicious package names in all versions up to and including 3.0.0 due to insufficient output escaping. This makes it possible for attackers able to compromise the packages retrieved from the iThemes API to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that such a compromise is considered highly unlikely.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ithemes-sync/"
     google-query: inurl:"/wp-content/plugins/ithemes-sync/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ithemes-sync,medium
+  tags: cve,wordpress,wp-plugin,ithemes-sync,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/iubenda-cookie-law-solution-34076a9fa6889f09a1439513a52a8cc3.yaml b/nuclei-templates/cve-less/plugins/iubenda-cookie-law-solution-34076a9fa6889f09a1439513a52a8cc3.yaml
index f2eafbe0ab..03b236b2dc 100644
--- a/nuclei-templates/cve-less/plugins/iubenda-cookie-law-solution-34076a9fa6889f09a1439513a52a8cc3.yaml
+++ b/nuclei-templates/cve-less/plugins/iubenda-cookie-law-solution-34076a9fa6889f09a1439513a52a8cc3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     iubenda <= 3.3.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The iubenda plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke them, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/iubenda-cookie-law-solution/"
     google-query: inurl:"/wp-content/plugins/iubenda-cookie-law-solution/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,iubenda-cookie-law-solution,high
+  tags: cve,wordpress,wp-plugin,iubenda-cookie-law-solution,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/jch-optimize-529055d3bc8d484bb022631bf8a543b2.yaml b/nuclei-templates/cve-less/plugins/jch-optimize-529055d3bc8d484bb022631bf8a543b2.yaml
index 03d2ca3333..cc6d07dc06 100644
--- a/nuclei-templates/cve-less/plugins/jch-optimize-529055d3bc8d484bb022631bf8a543b2.yaml
+++ b/nuclei-templates/cve-less/plugins/jch-optimize-529055d3bc8d484bb022631bf8a543b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JCH Optimize <= 4.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JCH Optimize plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the doAjaxConfigureSettings(), doAjaxOptimizeImages(), doAjaxOnClickIcon(), and doAjaxSmartCombine() functions in versions up to, and including, 4.0.0. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify and control plugin settings. CVE-2024-30481 is likely a duplicate of this issue.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jch-optimize/"
     google-query: inurl:"/wp-content/plugins/jch-optimize/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,jch-optimize,medium
+  tags: cve,wordpress,wp-plugin,jch-optimize,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/jds-portfolio-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/jds-portfolio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 42dadd759e..c9053a5f4c 100644
--- a/nuclei-templates/cve-less/plugins/jds-portfolio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/jds-portfolio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jds-portfolio/"
     google-query: inurl:"/wp-content/plugins/jds-portfolio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,jds-portfolio,medium
+  tags: cve,wordpress,wp-plugin,jds-portfolio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/jeeng-push-notifications-9f87cf742669dcbf6cbaabec0f8d8908.yaml b/nuclei-templates/cve-less/plugins/jeeng-push-notifications-9f87cf742669dcbf6cbaabec0f8d8908.yaml
index e9db1355e4..0324e26e85 100644
--- a/nuclei-templates/cve-less/plugins/jeeng-push-notifications-9f87cf742669dcbf6cbaabec0f8d8908.yaml
+++ b/nuclei-templates/cve-less/plugins/jeeng-push-notifications-9f87cf742669dcbf6cbaabec0f8d8908.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jeeng Push Notifications <= 2.0.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Jeeng Push Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing nonce validation on the jeeng_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jeeng-push-notifications/"
     google-query: inurl:"/wp-content/plugins/jeeng-push-notifications/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,jeeng-push-notifications,high
+  tags: cve,wordpress,wp-plugin,jeeng-push-notifications,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/jetpack-0e86932241c6ad3f70627e02c54dbc31.yaml b/nuclei-templates/cve-less/plugins/jetpack-0e86932241c6ad3f70627e02c54dbc31.yaml
index 5e15787a0a..cbcb52ac43 100644
--- a/nuclei-templates/cve-less/plugins/jetpack-0e86932241c6ad3f70627e02c54dbc31.yaml
+++ b/nuclei-templates/cve-less/plugins/jetpack-0e86932241c6ad3f70627e02c54dbc31.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack < 7.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Jetpack plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetpack/"
     google-query: inurl:"/wp-content/plugins/jetpack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,jetpack,medium
+  tags: cve,wordpress,wp-plugin,jetpack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/jetpack-9df4fd409a4edbb8572536db3f6715d1.yaml b/nuclei-templates/cve-less/plugins/jetpack-9df4fd409a4edbb8572536db3f6715d1.yaml
index f28122aff3..7d9658fa9e 100644
--- a/nuclei-templates/cve-less/plugins/jetpack-9df4fd409a4edbb8572536db3f6715d1.yaml
+++ b/nuclei-templates/cve-less/plugins/jetpack-9df4fd409a4edbb8572536db3f6715d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack <= 6.4.2 - Cross-Site Scripting via post_meta
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Jetpack up to 6.4.2 is vulnerable to stored Cross-Site Scripting. This allows attackers with contributor privileges to inject arbitrary JavaScript code into the HTML markup of a blog post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetpack/"
     google-query: inurl:"/wp-content/plugins/jetpack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,jetpack,medium
+  tags: cve,wordpress,wp-plugin,jetpack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/jetpack-d4b5db96e8a4cb8dde234da2c8c95905.yaml b/nuclei-templates/cve-less/plugins/jetpack-d4b5db96e8a4cb8dde234da2c8c95905.yaml
index 8a6381705a..2d72985fa3 100644
--- a/nuclei-templates/cve-less/plugins/jetpack-d4b5db96e8a4cb8dde234da2c8c95905.yaml
+++ b/nuclei-templates/cve-less/plugins/jetpack-d4b5db96e8a4cb8dde234da2c8c95905.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack <= 7.9 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Jetpack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a shortcode in versions up to, and including, 7.9. This makes it possible for medium-level authenticated attackers to inject arbitrary web scripts in administrative pages and posts that execute whenever a user accesses the page with the stored web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetpack/"
     google-query: inurl:"/wp-content/plugins/jetpack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,jetpack,medium
+  tags: cve,wordpress,wp-plugin,jetpack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/jetpack-fe6364297dbbdebcc849affd9cb5e248.yaml b/nuclei-templates/cve-less/plugins/jetpack-fe6364297dbbdebcc849affd9cb5e248.yaml
index 9cd9b9ab77..7403473c42 100644
--- a/nuclei-templates/cve-less/plugins/jetpack-fe6364297dbbdebcc849affd9cb5e248.yaml
+++ b/nuclei-templates/cve-less/plugins/jetpack-fe6364297dbbdebcc849affd9cb5e248.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Cross-Site Scripting via LaTeX markup within HTML elements
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Cross-Site Scripting via LaTeX markup within HTML elements in versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jetpack/"
     google-query: inurl:"/wp-content/plugins/jetpack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,jetpack,medium
+  tags: cve,wordpress,wp-plugin,jetpack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/jigoshop-store-toolkit-95537a5037076723ccef81d1fba789fa.yaml b/nuclei-templates/cve-less/plugins/jigoshop-store-toolkit-95537a5037076723ccef81d1fba789fa.yaml
index 3776f6b430..7558bc471e 100644
--- a/nuclei-templates/cve-less/plugins/jigoshop-store-toolkit-95537a5037076723ccef81d1fba789fa.yaml
+++ b/nuclei-templates/cve-less/plugins/jigoshop-store-toolkit-95537a5037076723ccef81d1fba789fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jigoshop – Store Toolkit <= 1.3.8 - Missing Authorization Checks
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Jigoshop – Store Toolkit plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'jigo_st_admin_init' function in versions up to, and including 1.3.8. This makes it possible for unauthenticated attackers to gain access to restricted actions like deleting inactive user accounts, unlinking downloads, and more.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jigoshop-store-toolkit/"
     google-query: inurl:"/wp-content/plugins/jigoshop-store-toolkit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,jigoshop-store-toolkit,critical
+  tags: cve,wordpress,wp-plugin,jigoshop-store-toolkit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/job-manager-988317a2aa68c393854967dc4677ab3f.yaml b/nuclei-templates/cve-less/plugins/job-manager-988317a2aa68c393854967dc4677ab3f.yaml
index 8a69e7beba..fde6ede5de 100644
--- a/nuclei-templates/cve-less/plugins/job-manager-988317a2aa68c393854967dc4677ab3f.yaml
+++ b/nuclei-templates/cve-less/plugins/job-manager-988317a2aa68c393854967dc4677ab3f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Job Manager <= 0.7.24 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘jobman-rating’ parameter in versions up to, and including, 0.7.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/job-manager/"
     google-query: inurl:"/wp-content/plugins/job-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,job-manager,high
+  tags: cve,wordpress,wp-plugin,job-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/jobboardwp-dc882a54ee21adad00f3c37faa34411b.yaml b/nuclei-templates/cve-less/plugins/jobboardwp-dc882a54ee21adad00f3c37faa34411b.yaml
index 7bae6e489b..b454242856 100644
--- a/nuclei-templates/cve-less/plugins/jobboardwp-dc882a54ee21adad00f3c37faa34411b.yaml
+++ b/nuclei-templates/cve-less/plugins/jobboardwp-dc882a54ee21adad00f3c37faa34411b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobBoardWP – Job Board Listings and Submissions <= 1.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JobBoardWP – Job Board Listings and Submissions WordPress plugin may be vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters which allow authenticated attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.1.0.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jobboardwp/"
     google-query: inurl:"/wp-content/plugins/jobboardwp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,jobboardwp,medium
+  tags: cve,wordpress,wp-plugin,jobboardwp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/jobcareer-00ad079b8c94204c38afc1d934554333.yaml b/nuclei-templates/cve-less/plugins/jobcareer-00ad079b8c94204c38afc1d934554333.yaml
index 11f89d7e86..44d87cd2e4 100644
--- a/nuclei-templates/cve-less/plugins/jobcareer-00ad079b8c94204c38afc1d934554333.yaml
+++ b/nuclei-templates/cve-less/plugins/jobcareer-00ad079b8c94204c38afc1d934554333.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobCareer <= 3.4 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JobCareer | Job Board Responsive plugin for WordPress is vulnerable to both authenticated Stored and unauthenticated Reflected Cross-Site Scripting in versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. The Reflected XSS is vulnerable to the following parameters: 'job_title', 'specialisms', and 'location' while the Stored XSS is vulnerable to the (Complete Address) text field. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/jobcareer/"
     google-query: inurl:"/wp-content/plugins/jobcareer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,jobcareer,medium
+  tags: cve,wordpress,wp-plugin,jobcareer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/joli-faq-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/joli-faq-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c89a4cd956..f8fc3160d9 100644
--- a/nuclei-templates/cve-less/plugins/joli-faq-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/joli-faq-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/joli-faq-seo/"
     google-query: inurl:"/wp-content/plugins/joli-faq-seo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,joli-faq-seo,medium
+  tags: cve,wordpress,wp-plugin,joli-faq-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/joli-table-of-contents-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/joli-table-of-contents-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1ae8286574..dc472cb456 100644
--- a/nuclei-templates/cve-less/plugins/joli-table-of-contents-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/joli-table-of-contents-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/joli-table-of-contents/"
     google-query: inurl:"/wp-content/plugins/joli-table-of-contents/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,joli-table-of-contents,medium
+  tags: cve,wordpress,wp-plugin,joli-table-of-contents,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/journey-analytics-6d795e6331799c55a6d3f3098ce86d6b.yaml b/nuclei-templates/cve-less/plugins/journey-analytics-6d795e6331799c55a6d3f3098ce86d6b.yaml
index 73f34828bc..4d7f2cb887 100644
--- a/nuclei-templates/cve-less/plugins/journey-analytics-6d795e6331799c55a6d3f3098ce86d6b.yaml
+++ b/nuclei-templates/cve-less/plugins/journey-analytics-6d795e6331799c55a6d3f3098ce86d6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Journey Analytics <= 1.0.12 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Journey Analytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing or incorrect nonce validation on the kontxt_analyze_results and kontxt_send_event functions. This makes it possible for unauthenticated attackers to read and edit analytics via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/journey-analytics/"
     google-query: inurl:"/wp-content/plugins/journey-analytics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,journey-analytics,high
+  tags: cve,wordpress,wp-plugin,journey-analytics,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/json-rest-api-5e1efa6ead2e9d16598b6140024797d0.yaml b/nuclei-templates/cve-less/plugins/json-rest-api-5e1efa6ead2e9d16598b6140024797d0.yaml
index 0de56d0622..f75e5fa9c7 100644
--- a/nuclei-templates/cve-less/plugins/json-rest-api-5e1efa6ead2e9d16598b6140024797d0.yaml
+++ b/nuclei-templates/cve-less/plugins/json-rest-api-5e1efa6ead2e9d16598b6140024797d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JSON REST API <= 1.1 - Potential Cross-Site Request Forgery Bypass
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The JSON REST API plugin for WordPress is possibly vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1 due to a potential SOP bypass. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to conduct JSON Flash attacks via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/json-rest-api/"
     google-query: inurl:"/wp-content/plugins/json-rest-api/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,json-rest-api,high
+  tags: cve,wordpress,wp-plugin,json-rest-api,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/json-rest-api-9d1887b8622dac2bd15f04e82a194689.yaml b/nuclei-templates/cve-less/plugins/json-rest-api-9d1887b8622dac2bd15f04e82a194689.yaml
index 7d34ed95db..d8508ab52f 100644
--- a/nuclei-templates/cve-less/plugins/json-rest-api-9d1887b8622dac2bd15f04e82a194689.yaml
+++ b/nuclei-templates/cve-less/plugins/json-rest-api-9d1887b8622dac2bd15f04e82a194689.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP REST API <= 1.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP REST API plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/json-rest-api/"
     google-query: inurl:"/wp-content/plugins/json-rest-api/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,json-rest-api,medium
+  tags: cve,wordpress,wp-plugin,json-rest-api,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/justified-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/justified-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 38f00f3e8f..86732ab58a 100644
--- a/nuclei-templates/cve-less/plugins/justified-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/justified-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/justified-gallery/"
     google-query: inurl:"/wp-content/plugins/justified-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,justified-gallery,medium
+  tags: cve,wordpress,wp-plugin,justified-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/kaya-qr-code-generator-da0185c8881b7837eb3ff9bef5017584.yaml b/nuclei-templates/cve-less/plugins/kaya-qr-code-generator-da0185c8881b7837eb3ff9bef5017584.yaml
index 117327e7b9..f3b7c7ae2c 100644
--- a/nuclei-templates/cve-less/plugins/kaya-qr-code-generator-da0185c8881b7837eb3ff9bef5017584.yaml
+++ b/nuclei-templates/cve-less/plugins/kaya-qr-code-generator-da0185c8881b7837eb3ff9bef5017584.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kaya QR Code Generator <= 1.5.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via url parameter
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Kaya QR Code Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter passed to the 'wpkqcg_doDisplayQRCode' function via multiple methods including shortcodes in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kaya-qr-code-generator/"
     google-query: inurl:"/wp-content/plugins/kaya-qr-code-generator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,kaya-qr-code-generator,medium
+  tags: cve,wordpress,wp-plugin,kaya-qr-code-generator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/kb-support-46afaecae6249c4e331df87e2126a4cd.yaml b/nuclei-templates/cve-less/plugins/kb-support-46afaecae6249c4e331df87e2126a4cd.yaml
index 113bdc373e..e9de3b5dd9 100644
--- a/nuclei-templates/cve-less/plugins/kb-support-46afaecae6249c4e331df87e2126a4cd.yaml
+++ b/nuclei-templates/cve-less/plugins/kb-support-46afaecae6249c4e331df87e2126a4cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KB Support <= 1.5.88 - Missing Authorization to Authenticated (Subscriber+) User Data Retrieval
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The KB Support plugin for WordPress is vulnerable to user data retrieval in versions up to, and including, 1.5.88. This is due to to a missing capability check on the kbs_ajax_get_customer_data() function. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to execute the function and retrieve limited user data like email, name, phone, and url.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kb-support/"
     google-query: inurl:"/wp-content/plugins/kb-support/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,kb-support,medium
+  tags: cve,wordpress,wp-plugin,kb-support,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/keyring-6adbed160e9381bd43ab920e4f4c10a6.yaml b/nuclei-templates/cve-less/plugins/keyring-6adbed160e9381bd43ab920e4f4c10a6.yaml
index b94ece181c..c5f3482840 100644
--- a/nuclei-templates/cve-less/plugins/keyring-6adbed160e9381bd43ab920e4f4c10a6.yaml
+++ b/nuclei-templates/cve-less/plugins/keyring-6adbed160e9381bd43ab920e4f4c10a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Keyring < 1.5.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Keyring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable OAuth SDK example file in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/keyring/"
     google-query: inurl:"/wp-content/plugins/keyring/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,keyring,medium
+  tags: cve,wordpress,wp-plugin,keyring,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/kingcomposer-6fd5ee2a697c02149752bc647f98085f.yaml b/nuclei-templates/cve-less/plugins/kingcomposer-6fd5ee2a697c02149752bc647f98085f.yaml
index 1101c17ab5..312baa4092 100644
--- a/nuclei-templates/cve-less/plugins/kingcomposer-6fd5ee2a697c02149752bc647f98085f.yaml
+++ b/nuclei-templates/cve-less/plugins/kingcomposer-6fd5ee2a697c02149752bc647f98085f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Builder: KingComposer < 2.8.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers able to access the post editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kingcomposer/"
     google-query: inurl:"/wp-content/plugins/kingcomposer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,kingcomposer,medium
+  tags: cve,wordpress,wp-plugin,kingcomposer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/kioken-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/kioken-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9c939126a1..09b9a3b0cb 100644
--- a/nuclei-templates/cve-less/plugins/kioken-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/kioken-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kioken-blocks/"
     google-query: inurl:"/wp-content/plugins/kioken-blocks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,kioken-blocks,medium
+  tags: cve,wordpress,wp-plugin,kioken-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/kioskprox-f629f1cbd9fba0b088aac877e4dc575f.yaml b/nuclei-templates/cve-less/plugins/kioskprox-f629f1cbd9fba0b088aac877e4dc575f.yaml
index 32ff5aafec..048e58c178 100644
--- a/nuclei-templates/cve-less/plugins/kioskprox-f629f1cbd9fba0b088aac877e4dc575f.yaml
+++ b/nuclei-templates/cve-less/plugins/kioskprox-f629f1cbd9fba0b088aac877e4dc575f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kioskprox (Unkown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The kioskprox plugin for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kioskprox/"
     google-query: inurl:"/wp-content/plugins/kioskprox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,kioskprox,medium
+  tags: cve,wordpress,wp-plugin,kioskprox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/kk-star-ratings-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/kk-star-ratings-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3b56c4a7db..cc0df006ee 100644
--- a/nuclei-templates/cve-less/plugins/kk-star-ratings-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/kk-star-ratings-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kk-star-ratings/"
     google-query: inurl:"/wp-content/plugins/kk-star-ratings/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,kk-star-ratings,medium
+  tags: cve,wordpress,wp-plugin,kk-star-ratings,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/knews-ab596007425584b1e79f9f5a75499083.yaml b/nuclei-templates/cve-less/plugins/knews-ab596007425584b1e79f9f5a75499083.yaml
index 3bbc5b693a..4ce7906db0 100644
--- a/nuclei-templates/cve-less/plugins/knews-ab596007425584b1e79f9f5a75499083.yaml
+++ b/nuclei-templates/cve-less/plugins/knews-ab596007425584b1e79f9f5a75499083.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Knews Multilingual Newsletters < 1.2.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Knews Multilingual Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the several functions. This makes it possible for unauthenticated attackers to inject SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/knews/"
     google-query: inurl:"/wp-content/plugins/knews/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,knews,high
+  tags: cve,wordpress,wp-plugin,knews,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/knowledge-center-154e2db41f3251206c18f35c16e169dc.yaml b/nuclei-templates/cve-less/plugins/knowledge-center-154e2db41f3251206c18f35c16e169dc.yaml
index be831f50f8..310c7bcaf7 100644
--- a/nuclei-templates/cve-less/plugins/knowledge-center-154e2db41f3251206c18f35c16e169dc.yaml
+++ b/nuclei-templates/cve-less/plugins/knowledge-center-154e2db41f3251206c18f35c16e169dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Knowledge Center <= 2.7 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Knowledge Center plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/knowledge-center/"
     google-query: inurl:"/wp-content/plugins/knowledge-center/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,knowledge-center,medium
+  tags: cve,wordpress,wp-plugin,knowledge-center,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/knowledgebase-41532dfb555f5a1e79f8f55e8febf84a.yaml b/nuclei-templates/cve-less/plugins/knowledgebase-41532dfb555f5a1e79f8f55e8febf84a.yaml
index 5fd8df74f1..497c1d6627 100644
--- a/nuclei-templates/cve-less/plugins/knowledgebase-41532dfb555f5a1e79f8f55e8febf84a.yaml
+++ b/nuclei-templates/cve-less/plugins/knowledgebase-41532dfb555f5a1e79f8f55e8febf84a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Knowledge Base <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via div classes that can be added to blocks in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/knowledgebase/"
     google-query: inurl:"/wp-content/plugins/knowledgebase/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,knowledgebase,medium
+  tags: cve,wordpress,wp-plugin,knowledgebase,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/kontxt-semantic-engine-23b35e5f653977b412c0dc708b752a30.yaml b/nuclei-templates/cve-less/plugins/kontxt-semantic-engine-23b35e5f653977b412c0dc708b752a30.yaml
index 625473cf6d..5832627a1e 100644
--- a/nuclei-templates/cve-less/plugins/kontxt-semantic-engine-23b35e5f653977b412c0dc708b752a30.yaml
+++ b/nuclei-templates/cve-less/plugins/kontxt-semantic-engine-23b35e5f653977b412c0dc708b752a30.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     KONTXT Improves WordPress Search <= 1.4.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The KONTXT Improves WordPress Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.6. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to read data such as an API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kontxt-semantic-engine/"
     google-query: inurl:"/wp-content/plugins/kontxt-semantic-engine/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,kontxt-semantic-engine,high
+  tags: cve,wordpress,wp-plugin,kontxt-semantic-engine,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/krsp-frontend-file-upload-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/krsp-frontend-file-upload-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c9ef14536b..4627537bb4 100644
--- a/nuclei-templates/cve-less/plugins/krsp-frontend-file-upload-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/krsp-frontend-file-upload-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/krsp-frontend-file-upload/"
     google-query: inurl:"/wp-content/plugins/krsp-frontend-file-upload/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,krsp-frontend-file-upload,medium
+  tags: cve,wordpress,wp-plugin,krsp-frontend-file-upload,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/kudos-donations-4283f13fe6bc4a6b024bd09e02f40c1e.yaml b/nuclei-templates/cve-less/plugins/kudos-donations-4283f13fe6bc4a6b024bd09e02f40c1e.yaml
index e50d2d9c23..4b4c914c35 100644
--- a/nuclei-templates/cve-less/plugins/kudos-donations-4283f13fe6bc4a6b024bd09e02f40c1e.yaml
+++ b/nuclei-templates/cve-less/plugins/kudos-donations-4283f13fe6bc4a6b024bd09e02f40c1e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Kudos Donations – Easy donations and payments with Mollie < 3.1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 3.1.2. This is due to incorrect nonce validation on the several delete functions. This makes it possible for unauthenticated attackers to arbitrarily delete items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kudos-donations/"
     google-query: inurl:"/wp-content/plugins/kudos-donations/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,kudos-donations,high
+  tags: cve,wordpress,wp-plugin,kudos-donations,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/kvoucher-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/kvoucher-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7b0ff867d3..45df7e06b6 100644
--- a/nuclei-templates/cve-less/plugins/kvoucher-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/kvoucher-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/kvoucher/"
     google-query: inurl:"/wp-content/plugins/kvoucher/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,kvoucher,medium
+  tags: cve,wordpress,wp-plugin,kvoucher,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/landing-pages-cdbf7ebff8c4d1a9b90da71e4a3d5b8e.yaml b/nuclei-templates/cve-less/plugins/landing-pages-cdbf7ebff8c4d1a9b90da71e4a3d5b8e.yaml
index 6f8d3c8b0f..4996f9ccb5 100644
--- a/nuclei-templates/cve-less/plugins/landing-pages-cdbf7ebff8c4d1a9b90da71e4a3d5b8e.yaml
+++ b/nuclei-templates/cve-less/plugins/landing-pages-cdbf7ebff8c4d1a9b90da71e4a3d5b8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Landing Pages <= 2.2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Landing Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘open-tab' parameter in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/landing-pages/"
     google-query: inurl:"/wp-content/plugins/landing-pages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,landing-pages,medium
+  tags: cve,wordpress,wp-plugin,landing-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/laposta-signup-basic-4888a583f0c17ec03ad6204f11cf19b4.yaml b/nuclei-templates/cve-less/plugins/laposta-signup-basic-4888a583f0c17ec03ad6204f11cf19b4.yaml
index 8a15b2bec3..2bbfa12cac 100644
--- a/nuclei-templates/cve-less/plugins/laposta-signup-basic-4888a583f0c17ec03ad6204f11cf19b4.yaml
+++ b/nuclei-templates/cve-less/plugins/laposta-signup-basic-4888a583f0c17ec03ad6204f11cf19b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Laposta Signup Basic <= 1.4.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Laposta Signup Basic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxResetCache function in versions up to, and including, 1.4.1. This makes it possible for subscriber-level attackers or higher to delete the plugin's cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/laposta-signup-basic/"
     google-query: inurl:"/wp-content/plugins/laposta-signup-basic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,laposta-signup-basic,medium
+  tags: cve,wordpress,wp-plugin,laposta-signup-basic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/laposta-signup-embed-5b2a6f112dc7d70910b36648c4b4675a.yaml b/nuclei-templates/cve-less/plugins/laposta-signup-embed-5b2a6f112dc7d70910b36648c4b4675a.yaml
index dd80a4ebd1..216bdb0ef7 100644
--- a/nuclei-templates/cve-less/plugins/laposta-signup-embed-5b2a6f112dc7d70910b36648c4b4675a.yaml
+++ b/nuclei-templates/cve-less/plugins/laposta-signup-embed-5b2a6f112dc7d70910b36648c4b4675a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Laposta Signup Embed <= 1.1.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Laposta Signup Embed plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.0. This is due to a missing capability check on the ajaxResetCache function. This makes it possible for subscriber-level attackers or higher to clear the plugin's cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/laposta-signup-embed/"
     google-query: inurl:"/wp-content/plugins/laposta-signup-embed/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,laposta-signup-embed,medium
+  tags: cve,wordpress,wp-plugin,laposta-signup-embed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/lawpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/lawpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1cfc74d9a2..f49ec031d6 100644
--- a/nuclei-templates/cve-less/plugins/lawpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/lawpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lawpress/"
     google-query: inurl:"/wp-content/plugins/lawpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,lawpress,medium
+  tags: cve,wordpress,wp-plugin,lawpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/layerslider-4c62f9807e53925857a04839b7f811f3.yaml b/nuclei-templates/cve-less/plugins/layerslider-4c62f9807e53925857a04839b7f811f3.yaml
index d2b8b46e6a..97ad3829d9 100644
--- a/nuclei-templates/cve-less/plugins/layerslider-4c62f9807e53925857a04839b7f811f3.yaml
+++ b/nuclei-templates/cve-less/plugins/layerslider-4c62f9807e53925857a04839b7f811f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LayerSlider <= 4.6.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The LayerSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.1. This is due to missing or incorrect nonce validation on the style editing functions in the settings page. This makes it possible for unauthenticated attackers to gain unauthorized admin privileges, actions, and/or access via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/LayerSlider/"
     google-query: inurl:"/wp-content/plugins/LayerSlider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,LayerSlider,high
+  tags: cve,wordpress,wp-plugin,LayerSlider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/layerslider-782d2a5a9a3b36ec02deacd0cc03dd91.yaml b/nuclei-templates/cve-less/plugins/layerslider-782d2a5a9a3b36ec02deacd0cc03dd91.yaml
index 66ffc9c496..09a5262ad3 100644
--- a/nuclei-templates/cve-less/plugins/layerslider-782d2a5a9a3b36ec02deacd0cc03dd91.yaml
+++ b/nuclei-templates/cve-less/plugins/layerslider-782d2a5a9a3b36ec02deacd0cc03dd91.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LayerSlider <= 6.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The LayerSlider plugin for WordPress is vulnerable to Cross-Site Request forgery in versions up to, and including 6.2.0, due missing nonce validation on an unspecified function that makes it possible for attackers to trick site administrators into performing unwanted actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/LayerSlider/"
     google-query: inurl:"/wp-content/plugins/LayerSlider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,LayerSlider,high
+  tags: cve,wordpress,wp-plugin,LayerSlider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/layerslider-9212eb6af9b06f0daa962811d04b3aed.yaml b/nuclei-templates/cve-less/plugins/layerslider-9212eb6af9b06f0daa962811d04b3aed.yaml
index 1da9b49563..55ebf6a63a 100644
--- a/nuclei-templates/cve-less/plugins/layerslider-9212eb6af9b06f0daa962811d04b3aed.yaml
+++ b/nuclei-templates/cve-less/plugins/layerslider-9212eb6af9b06f0daa962811d04b3aed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LayerSlider <= 6.2.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The LayerSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.2.0. This is due to missing or incorrect nonce validation on the ls_save_screen_options() function. This makes it possible for authenticated attackers to create an administrative account via XSS, which the attacker can use to perform SQLi attacks. Assuming they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/LayerSlider/"
     google-query: inurl:"/wp-content/plugins/LayerSlider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,LayerSlider,high
+  tags: cve,wordpress,wp-plugin,LayerSlider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/lazy-load-7a66706d231bb588b40ed996e42c0254.yaml b/nuclei-templates/cve-less/plugins/lazy-load-7a66706d231bb588b40ed996e42c0254.yaml
index cc710348bb..66471006a8 100644
--- a/nuclei-templates/cve-less/plugins/lazy-load-7a66706d231bb588b40ed996e42c0254.yaml
+++ b/nuclei-templates/cve-less/plugins/lazy-load-7a66706d231bb588b40ed996e42c0254.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lazy Load < 0.6.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in versions before 0.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lazy-load/"
     google-query: inurl:"/wp-content/plugins/lazy-load/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,lazy-load,high
+  tags: cve,wordpress,wp-plugin,lazy-load,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/lbg_zoominoutslider-20c21b977e576c86cae60978b4cded07.yaml b/nuclei-templates/cve-less/plugins/lbg_zoominoutslider-20c21b977e576c86cae60978b4cded07.yaml
index f1eeb5b50a..46a455b5b8 100644
--- a/nuclei-templates/cve-less/plugins/lbg_zoominoutslider-20c21b977e576c86cae60978b4cded07.yaml
+++ b/nuclei-templates/cve-less/plugins/lbg_zoominoutslider-20c21b977e576c86cae60978b4cded07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Zoom In/Out Slider WordPress Plugin (Unknown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Responsive Zoom In/Out Slider WordPress Plugin plugin for WordPress is vulnerable to Cross-Site Scripting via the 'add_banner.php' file due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lbg_zoominoutslider/"
     google-query: inurl:"/wp-content/plugins/lbg_zoominoutslider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,lbg_zoominoutslider,medium
+  tags: cve,wordpress,wp-plugin,lbg_zoominoutslider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/lbg_zoominoutslider-4bda697ca3ea7c8fca810d0d8ce167ae.yaml b/nuclei-templates/cve-less/plugins/lbg_zoominoutslider-4bda697ca3ea7c8fca810d0d8ce167ae.yaml
index 1e9200fb8a..9f28f4ba94 100644
--- a/nuclei-templates/cve-less/plugins/lbg_zoominoutslider-4bda697ca3ea7c8fca810d0d8ce167ae.yaml
+++ b/nuclei-templates/cve-less/plugins/lbg_zoominoutslider-4bda697ca3ea7c8fca810d0d8ce167ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Zoom In/Out Slider WordPress Plugin (Unknown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LBG Zoom In/Out Effect Slider for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all known versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lbg_zoominoutslider/"
     google-query: inurl:"/wp-content/plugins/lbg_zoominoutslider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,lbg_zoominoutslider,medium
+  tags: cve,wordpress,wp-plugin,lbg_zoominoutslider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/leads-5050-visitor-insights-f78d7ba708259da0523cabc0cbdbd7c5.yaml b/nuclei-templates/cve-less/plugins/leads-5050-visitor-insights-f78d7ba708259da0523cabc0cbdbd7c5.yaml
index 991b1cd6eb..3b0ffa2317 100644
--- a/nuclei-templates/cve-less/plugins/leads-5050-visitor-insights-f78d7ba708259da0523cabc0cbdbd7c5.yaml
+++ b/nuclei-templates/cve-less/plugins/leads-5050-visitor-insights-f78d7ba708259da0523cabc0cbdbd7c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     leads5050-visitor-insights <= 1.0.5 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The leads5050-visitor-insights plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the leads5050_set_license function in versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit the license data in the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leads-5050-visitor-insights/"
     google-query: inurl:"/wp-content/plugins/leads-5050-visitor-insights/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,leads-5050-visitor-insights,medium
+  tags: cve,wordpress,wp-plugin,leads-5050-visitor-insights,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/leads-bfe41c446963ca7621a719dd7519ca70.yaml b/nuclei-templates/cve-less/plugins/leads-bfe41c446963ca7621a719dd7519ca70.yaml
index 33b5603f13..686c627d9d 100644
--- a/nuclei-templates/cve-less/plugins/leads-bfe41c446963ca7621a719dd7519ca70.yaml
+++ b/nuclei-templates/cve-less/plugins/leads-bfe41c446963ca7621a719dd7519ca70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Leads < 1.6.3 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Leads plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on multiple functions in versions up to, and including, 1.6.2. This makes it possible for unathenticated attackers to include malicious content in Leads, which may be executed upon viewing in the dashboard at the current logged-in user's level of permissions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leads/"
     google-query: inurl:"/wp-content/plugins/leads/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,leads,medium
+  tags: cve,wordpress,wp-plugin,leads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/leaflet-maps-marker-2729f42afbb3a34107349dbe43cc49c6.yaml b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-2729f42afbb3a34107349dbe43cc49c6.yaml
index 70f6f65f36..fa777ef38d 100644
--- a/nuclei-templates/cve-less/plugins/leaflet-maps-marker-2729f42afbb3a34107349dbe43cc49c6.yaml
+++ b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-2729f42afbb3a34107349dbe43cc49c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.5.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaflet-maps-marker/"
     google-query: inurl:"/wp-content/plugins/leaflet-maps-marker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,leaflet-maps-marker,medium
+  tags: cve,wordpress,wp-plugin,leaflet-maps-marker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/leaflet-maps-marker-pro-8ad67d1554931a18fcf5c6d8fecb94f0.yaml b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-pro-8ad67d1554931a18fcf5c6d8fecb94f0.yaml
index 49d446673f..6efefd1afe 100644
--- a/nuclei-templates/cve-less/plugins/leaflet-maps-marker-pro-8ad67d1554931a18fcf5c6d8fecb94f0.yaml
+++ b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-pro-8ad67d1554931a18fcf5c6d8fecb94f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaflet Maps Marker Pro < 1.5.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Leaflet Maps Marker Pro plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/leaflet-maps-marker-pro/"
     google-query: inurl:"/wp-content/plugins/leaflet-maps-marker-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,leaflet-maps-marker-pro,medium
+  tags: cve,wordpress,wp-plugin,leaflet-maps-marker-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/lean-wp-6cdc10306b381cbc45add2c281d72434.yaml b/nuclei-templates/cve-less/plugins/lean-wp-6cdc10306b381cbc45add2c281d72434.yaml
index 9da8a8938c..b1c383a5e1 100644
--- a/nuclei-templates/cve-less/plugins/lean-wp-6cdc10306b381cbc45add2c281d72434.yaml
+++ b/nuclei-templates/cve-less/plugins/lean-wp-6cdc10306b381cbc45add2c281d72434.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lean WP <= 1.4.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Lean WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to inclusion of a vulnerable version of the wp-dependency-installer library. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lean-wp/"
     google-query: inurl:"/wp-content/plugins/lean-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,lean-wp,high
+  tags: cve,wordpress,wp-plugin,lean-wp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/learn-manager-e199f05b41749995376359e6d56e2316.yaml b/nuclei-templates/cve-less/plugins/learn-manager-e199f05b41749995376359e6d56e2316.yaml
index 06b3da8101..624206d16a 100644
--- a/nuclei-templates/cve-less/plugins/learn-manager-e199f05b41749995376359e6d56e2316.yaml
+++ b/nuclei-templates/cve-less/plugins/learn-manager-e199f05b41749995376359e6d56e2316.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP LMS – Best WordPress LMS Plugin <= 1.1.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP LMS – Best WordPress LMS Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to create and edit user-related data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learn-manager/"
     google-query: inurl:"/wp-content/plugins/learn-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,learn-manager,high
+  tags: cve,wordpress,wp-plugin,learn-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/learnpress-99975e67153f43d6158ad376c50faa87.yaml b/nuclei-templates/cve-less/plugins/learnpress-99975e67153f43d6158ad376c50faa87.yaml
index 2c0843b356..2b86f13424 100644
--- a/nuclei-templates/cve-less/plugins/learnpress-99975e67153f43d6158ad376c50faa87.yaml
+++ b/nuclei-templates/cve-less/plugins/learnpress-99975e67153f43d6158ad376c50faa87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress <= 4.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The LearnPress  plugin for WordPress is vulnerable to unauthorized access of user data due to a missing capability check on the search_users function in versions up to, and including, 4.2.3. This makes it possible for subscribers to enumerate users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,learnpress,medium
+  tags: cve,wordpress,wp-plugin,learnpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/learnpress-a3c23b348d99ad97eeba5901637fc834.yaml b/nuclei-templates/cve-less/plugins/learnpress-a3c23b348d99ad97eeba5901637fc834.yaml
index ec8481bae1..1d936d4777 100644
--- a/nuclei-templates/cve-less/plugins/learnpress-a3c23b348d99ad97eeba5901637fc834.yaml
+++ b/nuclei-templates/cve-less/plugins/learnpress-a3c23b348d99ad97eeba5901637fc834.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LearnPress – WordPress LMS Plugin <= 3.2.7.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including 3.2.7.2, that makes it possible for attackers to append arbitrary SQL queries into an existing query via the IP parameter found in the duplicator functionality. This can be exploit by contributor+ level attackers to retrieve sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/learnpress/"
     google-query: inurl:"/wp-content/plugins/learnpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,learnpress,high
+  tags: cve,wordpress,wp-plugin,learnpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/legal-pages-10dd9a3434e3d079623a841e75c86c90.yaml b/nuclei-templates/cve-less/plugins/legal-pages-10dd9a3434e3d079623a841e75c86c90.yaml
index 667c0d7008..945d21402f 100644
--- a/nuclei-templates/cve-less/plugins/legal-pages-10dd9a3434e3d079623a841e75c86c90.yaml
+++ b/nuclei-templates/cve-less/plugins/legal-pages-10dd9a3434e3d079623a841e75c86c90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Legal Pages <= 1.3.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the moveToTrash() and fetch_and_insert_template_data() functions hooked via AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and fetch/insert template data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/legal-pages/"
     google-query: inurl:"/wp-content/plugins/legal-pages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,legal-pages,medium
+  tags: cve,wordpress,wp-plugin,legal-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/legal-pages-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/legal-pages-18966e8228314b8165d39d48519f43cc.yaml
index 0e6962e54c..cbbc2e083b 100644
--- a/nuclei-templates/cve-less/plugins/legal-pages-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/legal-pages-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/legal-pages/"
     google-query: inurl:"/wp-content/plugins/legal-pages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,legal-pages,medium
+  tags: cve,wordpress,wp-plugin,legal-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/license-manager-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/license-manager-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 73314c6d82..e17c55ce86 100644
--- a/nuclei-templates/cve-less/plugins/license-manager-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/license-manager-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/license-manager-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/license-manager-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,license-manager-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,license-manager-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/limb-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/limb-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 265f103569..fa7166dc10 100644
--- a/nuclei-templates/cve-less/plugins/limb-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/limb-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/limb-gallery/"
     google-query: inurl:"/wp-content/plugins/limb-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,limb-gallery,medium
+  tags: cve,wordpress,wp-plugin,limb-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/limit-login-attempts-plus-09ecd7b1a7d7c81f548e33bf4bc7b580.yaml b/nuclei-templates/cve-less/plugins/limit-login-attempts-plus-09ecd7b1a7d7c81f548e33bf4bc7b580.yaml
index 0f296f852b..1605a8ee5b 100644
--- a/nuclei-templates/cve-less/plugins/limit-login-attempts-plus-09ecd7b1a7d7c81f548e33bf4bc7b580.yaml
+++ b/nuclei-templates/cve-less/plugins/limit-login-attempts-plus-09ecd7b1a7d7c81f548e33bf4bc7b580.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Limit Login Attempts Plus <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Limit Login Attempts Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/limit-login-attempts-plus/"
     google-query: inurl:"/wp-content/plugins/limit-login-attempts-plus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,limit-login-attempts-plus,medium
+  tags: cve,wordpress,wp-plugin,limit-login-attempts-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/lingotek-translation-f623978da0d0e7e73c44c7f970c44b06.yaml b/nuclei-templates/cve-less/plugins/lingotek-translation-f623978da0d0e7e73c44c7f970c44b06.yaml
index 5f6ea53696..e2bdbaa065 100644
--- a/nuclei-templates/cve-less/plugins/lingotek-translation-f623978da0d0e7e73c44c7f970c44b06.yaml
+++ b/nuclei-templates/cve-less/plugins/lingotek-translation-f623978da0d0e7e73c44c7f970c44b06.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lingotek Translation <= 1.1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Lingotek Translation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘sm’ parameter in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lingotek-translation/"
     google-query: inurl:"/wp-content/plugins/lingotek-translation/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,lingotek-translation,medium
+  tags: cve,wordpress,wp-plugin,lingotek-translation,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/link-library-263f0665c552df560e61f28530fa511b.yaml b/nuclei-templates/cve-less/plugins/link-library-263f0665c552df560e61f28530fa511b.yaml
index bb55f5f704..3c0b482710 100644
--- a/nuclei-templates/cve-less/plugins/link-library-263f0665c552df560e61f28530fa511b.yaml
+++ b/nuclei-templates/cve-less/plugins/link-library-263f0665c552df560e61f28530fa511b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link Library <= 5.9.13.26 – SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Link Library plugin for WordPress is vulnerable to generic SQL Injection via the "$_GET[‘linkid’]" parameter in versions up to, and including, 5.9.13.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrative privileges and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link-library/"
     google-query: inurl:"/wp-content/plugins/link-library/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,link-library,high
+  tags: cve,wordpress,wp-plugin,link-library,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/link2player-afdb73f09e63d9d93a801e87dd86e9bc.yaml b/nuclei-templates/cve-less/plugins/link2player-afdb73f09e63d9d93a801e87dd86e9bc.yaml
index c52adab894..6a2dbeb97b 100644
--- a/nuclei-templates/cve-less/plugins/link2player-afdb73f09e63d9d93a801e87dd86e9bc.yaml
+++ b/nuclei-templates/cve-less/plugins/link2player-afdb73f09e63d9d93a801e87dd86e9bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Link2Player <= 0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Link2Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.2 due to inclusion of a vulnerable version of jPlayer. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/link2player/"
     google-query: inurl:"/wp-content/plugins/link2player/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,link2player,medium
+  tags: cve,wordpress,wp-plugin,link2player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/listplus-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/listplus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cc4177a2e0..1a313ce7af 100644
--- a/nuclei-templates/cve-less/plugins/listplus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/listplus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/listplus/"
     google-query: inurl:"/wp-content/plugins/listplus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,listplus,medium
+  tags: cve,wordpress,wp-plugin,listplus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/littlebot-invoices-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/littlebot-invoices-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index bfc56cc30a..09f899a151 100644
--- a/nuclei-templates/cve-less/plugins/littlebot-invoices-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/littlebot-invoices-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/littlebot-invoices/"
     google-query: inurl:"/wp-content/plugins/littlebot-invoices/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,littlebot-invoices,medium
+  tags: cve,wordpress,wp-plugin,littlebot-invoices,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/live-scores-for-sportspress-3fe9089ec5b0f3ad95a1bd0baa9d49ae.yaml b/nuclei-templates/cve-less/plugins/live-scores-for-sportspress-3fe9089ec5b0f3ad95a1bd0baa9d49ae.yaml
index 2c92ad9f08..42addabdd6 100644
--- a/nuclei-templates/cve-less/plugins/live-scores-for-sportspress-3fe9089ec5b0f3ad95a1bd0baa9d49ae.yaml
+++ b/nuclei-templates/cve-less/plugins/live-scores-for-sportspress-3fe9089ec5b0f3ad95a1bd0baa9d49ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Live Scores for SportsPress <= 1.9.0 - Authenticated (Admin+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Live Scores for SportsPress plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.0 via the 'tab' parameter. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/live-scores-for-sportspress/"
     google-query: inurl:"/wp-content/plugins/live-scores-for-sportspress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,live-scores-for-sportspress,high
+  tags: cve,wordpress,wp-plugin,live-scores-for-sportspress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/live-scores-for-sportspress-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/live-scores-for-sportspress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3f98a3a20d..dd3faa81f6 100644
--- a/nuclei-templates/cve-less/plugins/live-scores-for-sportspress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/live-scores-for-sportspress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/live-scores-for-sportspress/"
     google-query: inurl:"/wp-content/plugins/live-scores-for-sportspress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,live-scores-for-sportspress,medium
+  tags: cve,wordpress,wp-plugin,live-scores-for-sportspress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/livefyre-comments-41a63082135d50f0e8bf2d19791a60a3.yaml b/nuclei-templates/cve-less/plugins/livefyre-comments-41a63082135d50f0e8bf2d19791a60a3.yaml
index 8fab71853c..cd88e0c598 100644
--- a/nuclei-templates/cve-less/plugins/livefyre-comments-41a63082135d50f0e8bf2d19791a60a3.yaml
+++ b/nuclei-templates/cve-less/plugins/livefyre-comments-41a63082135d50f0e8bf2d19791a60a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Livefyre Comments 3 <= 4.1.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Livefyre Comments 3 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘site_id’ and ‘secretkey’ parameters in versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/livefyre-comments/"
     google-query: inurl:"/wp-content/plugins/livefyre-comments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,livefyre-comments,medium
+  tags: cve,wordpress,wp-plugin,livefyre-comments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/livemesh-siteorigin-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/livemesh-siteorigin-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9b917dec72..d0b1dcacfd 100644
--- a/nuclei-templates/cve-less/plugins/livemesh-siteorigin-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/livemesh-siteorigin-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/livemesh-siteorigin-widgets/"
     google-query: inurl:"/wp-content/plugins/livemesh-siteorigin-widgets/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,livemesh-siteorigin-widgets,medium
+  tags: cve,wordpress,wp-plugin,livemesh-siteorigin-widgets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/lktags-linkedin-insight-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/lktags-linkedin-insight-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4c83a91f7b..3ab812dca0 100644
--- a/nuclei-templates/cve-less/plugins/lktags-linkedin-insight-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/lktags-linkedin-insight-tags-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/lktags-linkedin-insight-tags/"
     google-query: inurl:"/wp-content/plugins/lktags-linkedin-insight-tags/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,lktags-linkedin-insight-tags,medium
+  tags: cve,wordpress,wp-plugin,lktags-linkedin-insight-tags,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/local-delivery-drivers-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/local-delivery-drivers-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 69dab4d9ce..d26637586c 100644
--- a/nuclei-templates/cve-less/plugins/local-delivery-drivers-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/local-delivery-drivers-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/local-delivery-drivers-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/local-delivery-drivers-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,local-delivery-drivers-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,local-delivery-drivers-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/localseomap-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/localseomap-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0aea0d64fc..80a5c524d1 100644
--- a/nuclei-templates/cve-less/plugins/localseomap-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/localseomap-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/localseomap-for-elementor/"
     google-query: inurl:"/wp-content/plugins/localseomap-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,localseomap-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,localseomap-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/logaster-logo-generator-1593b88b276363eaaec5e0cb5dde84ae.yaml b/nuclei-templates/cve-less/plugins/logaster-logo-generator-1593b88b276363eaaec5e0cb5dde84ae.yaml
index dd427fff46..35d09f8e86 100644
--- a/nuclei-templates/cve-less/plugins/logaster-logo-generator-1593b88b276363eaaec5e0cb5dde84ae.yaml
+++ b/nuclei-templates/cve-less/plugins/logaster-logo-generator-1593b88b276363eaaec5e0cb5dde84ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Logaster Logo Generator <= 1.3 - Missing Authorization to Arbitrary Media Deletion and Creation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Logaster Logo Generator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the upload_logo_callback and delete_logo_callback functions called via AJAX actions in versions up to, and including, 1.3. This makes it possible for authenticated attackers with minimal permissions such as a subscriber to delete arbitrary media files and upload arbitrary media files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/logaster-logo-generator/"
     google-query: inurl:"/wp-content/plugins/logaster-logo-generator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,logaster-logo-generator,medium
+  tags: cve,wordpress,wp-plugin,logaster-logo-generator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/login-as-customer-or-user-7c535e169c75c3005c5d2941f3e6968b.yaml b/nuclei-templates/cve-less/plugins/login-as-customer-or-user-7c535e169c75c3005c5d2941f3e6968b.yaml
index e1cdf7a9ba..7457c8f1e8 100644
--- a/nuclei-templates/cve-less/plugins/login-as-customer-or-user-7c535e169c75c3005c5d2941f3e6968b.yaml
+++ b/nuclei-templates/cve-less/plugins/login-as-customer-or-user-7c535e169c75c3005c5d2941f3e6968b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login as User or Customer <= 2.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Login as User or Customer Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the 'cp_plugins_do_button_job_later_callback' AJAX action. This makes it possible for unauthenticated attackers to install and activate other plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-as-customer-or-user/"
     google-query: inurl:"/wp-content/plugins/login-as-customer-or-user/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,login-as-customer-or-user,high
+  tags: cve,wordpress,wp-plugin,login-as-customer-or-user,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/login-customizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/login-customizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1b10b9f118..4ddc7bcd1b 100644
--- a/nuclei-templates/cve-less/plugins/login-customizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/login-customizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-customizer/"
     google-query: inurl:"/wp-content/plugins/login-customizer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,login-customizer,medium
+  tags: cve,wordpress,wp-plugin,login-customizer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/login-lockdown-1bbaae2a7a498b205fb902506cd09f7f.yaml b/nuclei-templates/cve-less/plugins/login-lockdown-1bbaae2a7a498b205fb902506cd09f7f.yaml
index f1f89743b3..dd3a49aebe 100644
--- a/nuclei-templates/cve-less/plugins/login-lockdown-1bbaae2a7a498b205fb902506cd09f7f.yaml
+++ b/nuclei-templates/cve-less/plugins/login-lockdown-1bbaae2a7a498b205fb902506cd09f7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login Lockdown <= 2.06 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to SQL Injection via the ‘sort order and limit’ parameter in all versions up to 2.06 (inclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-lockdown/"
     google-query: inurl:"/wp-content/plugins/login-lockdown/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,login-lockdown,high
+  tags: cve,wordpress,wp-plugin,login-lockdown,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/login-with-ajax-08c2b329300ceeb5ec4ee1c1cf18abf3.yaml b/nuclei-templates/cve-less/plugins/login-with-ajax-08c2b329300ceeb5ec4ee1c1cf18abf3.yaml
index 4bfcefe7ab..4969253cb0 100644
--- a/nuclei-templates/cve-less/plugins/login-with-ajax-08c2b329300ceeb5ec4ee1c1cf18abf3.yaml
+++ b/nuclei-templates/cve-less/plugins/login-with-ajax-08c2b329300ceeb5ec4ee1c1cf18abf3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Login With Ajax <= 3.1.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Login With Ajax plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/login-with-ajax/"
     google-query: inurl:"/wp-content/plugins/login-with-ajax/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,login-with-ajax,medium
+  tags: cve,wordpress,wp-plugin,login-with-ajax,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/loginpress-62395a250bd2c0c27cc1d46d95105e15.yaml b/nuclei-templates/cve-less/plugins/loginpress-62395a250bd2c0c27cc1d46d95105e15.yaml
index 55750b938e..6d3d3c37e0 100644
--- a/nuclei-templates/cve-less/plugins/loginpress-62395a250bd2c0c27cc1d46d95105e15.yaml
+++ b/nuclei-templates/cve-less/plugins/loginpress-62395a250bd2c0c27cc1d46d95105e15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     LoginPress <= 1.1.15 - Authenticated Stored Cross-SIte Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The LoginPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/loginpress/"
     google-query: inurl:"/wp-content/plugins/loginpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,loginpress,medium
+  tags: cve,wordpress,wp-plugin,loginpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 94c3c557f5..646b525a76 100644
--- a/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/logo-showcase-with-slick-slider/"
     google-query: inurl:"/wp-content/plugins/logo-showcase-with-slick-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,logo-showcase-with-slick-slider,medium
+  tags: cve,wordpress,wp-plugin,logo-showcase-with-slick-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mabel-shoppable-images-lite-46180ef43d3becfddd0144fed7922297.yaml b/nuclei-templates/cve-less/plugins/mabel-shoppable-images-lite-46180ef43d3becfddd0144fed7922297.yaml
index efeba34b56..93d761ce31 100644
--- a/nuclei-templates/cve-less/plugins/mabel-shoppable-images-lite-46180ef43d3becfddd0144fed7922297.yaml
+++ b/nuclei-templates/cve-less/plugins/mabel-shoppable-images-lite-46180ef43d3becfddd0144fed7922297.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shoppable Images Lite <= 1.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shoppable Images Liteplugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on several functions used to manipulate images. This makes it possible for unauthenticated attackers to perform image manipulation tasks such as deletion, which can also be leveraged to delete arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mabel-shoppable-images-lite/"
     google-query: inurl:"/wp-content/plugins/mabel-shoppable-images-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mabel-shoppable-images-lite,medium
+  tags: cve,wordpress,wp-plugin,mabel-shoppable-images-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mage-eventpress-0d7d13b3763620f659067ef0ef4a2ecc.yaml b/nuclei-templates/cve-less/plugins/mage-eventpress-0d7d13b3763620f659067ef0ef4a2ecc.yaml
index fa96c5d913..6b9e141da3 100644
--- a/nuclei-templates/cve-less/plugins/mage-eventpress-0d7d13b3763620f659067ef0ef4a2ecc.yaml
+++ b/nuclei-templates/cve-less/plugins/mage-eventpress-0d7d13b3763620f659067ef0ef4a2ecc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Event Manager and Tickets Selling Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary template import in versions before 3.5.3 via the mep_import_ajax_template function. This is due to a missing capability check on this function. This makes it possible for unauthenticated attackers to arbitrarily import Elementor templates to the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mage-eventpress/"
     google-query: inurl:"/wp-content/plugins/mage-eventpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mage-eventpress,medium
+  tags: cve,wordpress,wp-plugin,mage-eventpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/magee-shortcodes-e9fde878e95431546f5a6d5b49c1a171.yaml b/nuclei-templates/cve-less/plugins/magee-shortcodes-e9fde878e95431546f5a6d5b49c1a171.yaml
index 6933a10f5f..935a4d388d 100644
--- a/nuclei-templates/cve-less/plugins/magee-shortcodes-e9fde878e95431546f5a6d5b49c1a171.yaml
+++ b/nuclei-templates/cve-less/plugins/magee-shortcodes-e9fde878e95431546f5a6d5b49c1a171.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Magee Shortcodes < 2.0.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Magee Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/magee-shortcodes/"
     google-query: inurl:"/wp-content/plugins/magee-shortcodes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,magee-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,magee-shortcodes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/magic-post-thumbnail-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/magic-post-thumbnail-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9394b14e27..f10fb3b2a8 100644
--- a/nuclei-templates/cve-less/plugins/magic-post-thumbnail-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/magic-post-thumbnail-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/magic-post-thumbnail/"
     google-query: inurl:"/wp-content/plugins/magic-post-thumbnail/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,magic-post-thumbnail,medium
+  tags: cve,wordpress,wp-plugin,magic-post-thumbnail,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/magical-posts-display-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/magical-posts-display-18966e8228314b8165d39d48519f43cc.yaml
index 8e7036a997..d2a9cf15c6 100644
--- a/nuclei-templates/cve-less/plugins/magical-posts-display-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/magical-posts-display-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/magical-posts-display/"
     google-query: inurl:"/wp-content/plugins/magical-posts-display/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,magical-posts-display,medium
+  tags: cve,wordpress,wp-plugin,magical-posts-display,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mail-subscribe-list-acb7010b85ecf2daba49fdd1b1643bd9.yaml b/nuclei-templates/cve-less/plugins/mail-subscribe-list-acb7010b85ecf2daba49fdd1b1643bd9.yaml
index 10459fc6cd..77b1de52d6 100644
--- a/nuclei-templates/cve-less/plugins/mail-subscribe-list-acb7010b85ecf2daba49fdd1b1643bd9.yaml
+++ b/nuclei-templates/cve-less/plugins/mail-subscribe-list-acb7010b85ecf2daba49fdd1b1643bd9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail Subscribe List <= 2.1.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The plugin Mail Subscribe List for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mail-subscribe-list/"
     google-query: inurl:"/wp-content/plugins/mail-subscribe-list/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mail-subscribe-list,medium
+  tags: cve,wordpress,wp-plugin,mail-subscribe-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mailchimp-for-wp-27461955b32dd7d4c16736c7fbdc5771.yaml b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-27461955b32dd7d4c16736c7fbdc5771.yaml
index 78f5409909..419e65b3d3 100644
--- a/nuclei-templates/cve-less/plugins/mailchimp-for-wp-27461955b32dd7d4c16736c7fbdc5771.yaml
+++ b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-27461955b32dd7d4c16736c7fbdc5771.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MC4WP: Mailchimp for WordPress < 4.8.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MC4WP: Mailchimp for WordPress for WordPress is vulnerable to Stored Cross-Site Scripting via the textarea form field in versions up to, and including, 4.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-for-wp/"
     google-query: inurl:"/wp-content/plugins/mailchimp-for-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,medium
+  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mailchimp-for-wp-b15c16122e094141ccb76dd4bc1e2cd2.yaml b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-b15c16122e094141ccb76dd4bc1e2cd2.yaml
index 40b66b622d..e80a1aceed 100644
--- a/nuclei-templates/cve-less/plugins/mailchimp-for-wp-b15c16122e094141ccb76dd4bc1e2cd2.yaml
+++ b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-b15c16122e094141ccb76dd4bc1e2cd2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MC4WP: Mailchimp for WordPress <= 4.8.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MC4WP: Mailchimp for WordPress for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.4. This is due to missing nonce validation on the 'listen_for_actions' function. This makes it possible for unauthenticated attackers to dismiss notices and delete log files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-for-wp/"
     google-query: inurl:"/wp-content/plugins/mailchimp-for-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,high
+  tags: cve,wordpress,wp-plugin,mailchimp-for-wp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mailchimp-subscribe-sm-45f25702e8ca4952a8a482198d36d226.yaml b/nuclei-templates/cve-less/plugins/mailchimp-subscribe-sm-45f25702e8ca4952a8a482198d36d226.yaml
index b2de07057f..021590b9f1 100644
--- a/nuclei-templates/cve-less/plugins/mailchimp-subscribe-sm-45f25702e8ca4952a8a482198d36d226.yaml
+++ b/nuclei-templates/cve-less/plugins/mailchimp-subscribe-sm-45f25702e8ca4952a8a482198d36d226.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder < 1.2 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder theme for WordPress is vulnerable to Remote Code Execution in versions before 1.2 via the email field. This allows authenticated attackers to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailchimp-subscribe-sm/"
     google-query: inurl:"/wp-content/plugins/mailchimp-subscribe-sm/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mailchimp-subscribe-sm,high
+  tags: cve,wordpress,wp-plugin,mailchimp-subscribe-sm,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mailjet-for-wordpress-bc4f6148886fd30cd6ed07bbbfa6c2c3.yaml b/nuclei-templates/cve-less/plugins/mailjet-for-wordpress-bc4f6148886fd30cd6ed07bbbfa6c2c3.yaml
index a8fdb56b17..9dd45f14b0 100644
--- a/nuclei-templates/cve-less/plugins/mailjet-for-wordpress-bc4f6148886fd30cd6ed07bbbfa6c2c3.yaml
+++ b/nuclei-templates/cve-less/plugins/mailjet-for-wordpress-bc4f6148886fd30cd6ed07bbbfa6c2c3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mailjet Email Marketing <= 5.3 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Mailjet Email Marketing plugin for WordPress is vulnerable to authenticated stored cross-site scripting in versions up to, and including, 5.3 via the 'mailjet_from_name' parameter. This allows authenticated attackers with administrator-level capabilities to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mailjet-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/mailjet-for-wordpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mailjet-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,mailjet-for-wordpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-article-uploader-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-article-uploader-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index f641c74e3e..54bc4223fa 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-article-uploader-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-article-uploader-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-article-uploader-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-article-uploader-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-article-uploader-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-article-uploader-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-article-uploader-extension-bbbf9046b8721bc306a1868ce9ab75b5.yaml b/nuclei-templates/cve-less/plugins/mainwp-article-uploader-extension-bbbf9046b8721bc306a1868ce9ab75b5.yaml
index eecaf64cec..f368e3957d 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-article-uploader-extension-bbbf9046b8721bc306a1868ce9ab75b5.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-article-uploader-extension-bbbf9046b8721bc306a1868ce9ab75b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Several MainWP extensions for WordPress are vulnerable to arbitrary file downloads. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary files from the affected site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-article-uploader-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-article-uploader-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-article-uploader-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-article-uploader-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-blogvault-backup-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-blogvault-backup-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 641944aad9..2ef4237b3a 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-blogvault-backup-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-blogvault-backup-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-blogvault-backup-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-blogvault-backup-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-blogvault-backup-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-blogvault-backup-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-blogvault-backup-extension-c7fec950a07b33ca805efa5f4526bb87.yaml b/nuclei-templates/cve-less/plugins/mainwp-blogvault-backup-extension-c7fec950a07b33ca805efa5f4526bb87.yaml
index 10107ad66d..63ffc0a5b8 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-blogvault-backup-extension-c7fec950a07b33ca805efa5f4526bb87.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-blogvault-backup-extension-c7fec950a07b33ca805efa5f4526bb87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary Plugin Installation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Several MainWP extensions for WordPress are vulnerable to authorization bypass due to a missing capability check on an unknown function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to install arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-blogvault-backup-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-blogvault-backup-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-blogvault-backup-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-blogvault-backup-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index c0eeff7f8c..74b4ceaedf 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-broken-links-checker-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-broken-links-checker-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-broken-links-checker-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-broken-links-checker-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-da3f36dbc6e00ae538ec7700a4a5da0a.yaml b/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-da3f36dbc6e00ae538ec7700a4a5da0a.yaml
index d4c768a8a7..70d561625f 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-da3f36dbc6e00ae538ec7700a4a5da0a.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-da3f36dbc6e00ae538ec7700a4a5da0a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Broken Link Checker <= 4.0 - Missing Authorization to Arbitrary Plugin Activation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Broken Link Checker plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 4.0 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-broken-links-checker-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-broken-links-checker-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-broken-links-checker-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-broken-links-checker-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-buddy-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-buddy-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 8dc3f88483..679c948c49 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-buddy-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-buddy-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-buddy-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-buddy-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-buddy-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-buddy-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-child-5c361cd216288a792b3417e2eea8c64b.yaml b/nuclei-templates/cve-less/plugins/mainwp-child-5c361cd216288a792b3417e2eea8c64b.yaml
index c837630196..03d6ae7361 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-child-5c361cd216288a792b3417e2eea8c64b.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-child-5c361cd216288a792b3417e2eea8c64b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Child <= 2.0.27 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Child plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.0.27 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-child/"
     google-query: inurl:"/wp-content/plugins/mainwp-child/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-child,medium
+  tags: cve,wordpress,wp-plugin,mainwp-child,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-child-de951cb1c07b8f1a00e6e15f2067e75c.yaml b/nuclei-templates/cve-less/plugins/mainwp-child-de951cb1c07b8f1a00e6e15f2067e75c.yaml
index d06361959b..8a52a11afb 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-child-de951cb1c07b8f1a00e6e15f2067e75c.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-child-de951cb1c07b8f1a00e6e15f2067e75c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Child < 3.4.5 - Authentication Bypass
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The MainWP Child plugin for WordPress is vulnerable to authentication bypass due to insufficient validation on the check_login function in versions up to, and including, 3.4.4. This makes it possible for attackers to become administrative users and take full control of the affected website.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-child/"
     google-query: inurl:"/wp-content/plugins/mainwp-child/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-child,high
+  tags: cve,wordpress,wp-plugin,mainwp-child,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-clone-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-clone-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 9e1467710e..519efff2b8 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-clone-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-clone-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-clone-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-clone-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-clone-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-clone-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index baef46847c..9c1603970f 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-code-snippets-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-code-snippets-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-comments-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-comments-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 004563355c..961885b5e9 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-comments-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-comments-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-comments-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-comments-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-comments-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-comments-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 447377bd16..6349de03a7 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-favorites-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-favorites-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-favorites-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-favorites-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-bbbf9046b8721bc306a1868ce9ab75b5.yaml b/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-bbbf9046b8721bc306a1868ce9ab75b5.yaml
index e6dce3e3a3..51838ea442 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-bbbf9046b8721bc306a1868ce9ab75b5.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-bbbf9046b8721bc306a1868ce9ab75b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     Several MainWP extensions for WordPress are vulnerable to arbitrary file downloads. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary files from the affected site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-favorites-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-favorites-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-favorites-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-favorites-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-c7fec950a07b33ca805efa5f4526bb87.yaml b/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-c7fec950a07b33ca805efa5f4526bb87.yaml
index 12743d6007..8107ab9da9 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-c7fec950a07b33ca805efa5f4526bb87.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-favorites-extension-c7fec950a07b33ca805efa5f4526bb87.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary Plugin Installation
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Several MainWP extensions for WordPress are vulnerable to authorization bypass due to a missing capability check on an unknown function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to install arbitrary plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-favorites-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-favorites-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-favorites-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-favorites-extension,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-file-uploader-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-file-uploader-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index bac1176691..fa64e35867 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-file-uploader-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-file-uploader-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-file-uploader-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-file-uploader-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-file-uploader-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-file-uploader-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-google-analytics-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-google-analytics-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index ea47910827..6ce016c9b5 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-google-analytics-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-google-analytics-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-google-analytics-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-google-analytics-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-google-analytics-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-google-analytics-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-ithemes-security-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-ithemes-security-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 89e9ffdad0..1c6e1f79ca 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-ithemes-security-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-ithemes-security-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-ithemes-security-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-ithemes-security-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-ithemes-security-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-ithemes-security-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-08e41a2e706bfd45d56edb520c5805b5.yaml b/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-08e41a2e706bfd45d56edb520c5805b5.yaml
index 794efd752a..61d17f2616 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-08e41a2e706bfd45d56edb520c5805b5.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-08e41a2e706bfd45d56edb520c5805b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP Maintenance Extension <= 4.1.1 - Missing Authorization to Plugin Settings Change
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP Maintenance Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.1.1 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-maintenance-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-maintenance-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-maintenance-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-maintenance-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index f14abe570b..684ed24fb3 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-maintenance-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-maintenance-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-maintenance-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-maintenance-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-page-speed-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-page-speed-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 004901851d..4ee7d2b23a 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-page-speed-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-page-speed-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-page-speed-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-page-speed-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-page-speed-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-page-speed-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-post-dripper-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-post-dripper-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index dc1ccd8c6b..b70132760b 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-post-dripper-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-post-dripper-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-post-dripper-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-post-dripper-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-post-dripper-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-post-dripper-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-post-plus-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-post-plus-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 963efeae5c..14375a3c80 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-post-plus-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-post-plus-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-post-plus-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-post-plus-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-post-plus-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-post-plus-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-rocket-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-rocket-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 649bdee63f..7c4faa3488 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-rocket-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-rocket-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-rocket-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-rocket-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-rocket-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-rocket-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-seo-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-seo-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 7b51ba663d..5a00da887b 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-seo-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-seo-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-seo-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-seo-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-seo-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-seo-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-staging-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-staging-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 3171bb939c..d1c42383d9 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-staging-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-staging-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-staging-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-staging-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-staging-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-staging-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index 44bcb1d6b5..949a89491a 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-updraftplus-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-updraftplus-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-updraftplus-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-updraftplus-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-853763a7a24f0714b558d69285e810e8.yaml b/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-853763a7a24f0714b558d69285e810e8.yaml
index ae8d0eb378..a375b69180 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-853763a7a24f0714b558d69285e810e8.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-853763a7a24f0714b558d69285e810e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP UpdraftPlus Extension <= 4.0.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MainWP UpdraftPlus Extension for WordPress is vulnerable to authorization bypass due to a missing capability check when updating settings in versions up to, and including, 4.0.6. This makes it possible for unauthenticated attackers to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-updraftplus-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-updraftplus-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-updraftplus-extension,medium
+  tags: cve,wordpress,wp-plugin,mainwp-updraftplus-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mainwp-wordfence-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml b/nuclei-templates/cve-less/plugins/mainwp-wordfence-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
index d3690fa718..fd2f16f9ee 100644
--- a/nuclei-templates/cve-less/plugins/mainwp-wordfence-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
+++ b/nuclei-templates/cve-less/plugins/mainwp-wordfence-extension-7cce7a2633974d7472d47a5e1fdbaed0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MainWP (Various extensions) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Several MainWP extensions for WordPress are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to invoke functions normally intended for higher-privileged users such as administrators via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mainwp-wordfence-extension/"
     google-query: inurl:"/wp-content/plugins/mainwp-wordfence-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mainwp-wordfence-extension,high
+  tags: cve,wordpress,wp-plugin,mainwp-wordfence-extension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/map-location-picker-at-checkout-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/map-location-picker-at-checkout-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8884f17e86..1110472a53 100644
--- a/nuclei-templates/cve-less/plugins/map-location-picker-at-checkout-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/map-location-picker-at-checkout-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,map-location-picker-at-checkout-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,map-location-picker-at-checkout-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mapifylite-276d9e37b697911176c96dd2534c5db7.yaml b/nuclei-templates/cve-less/plugins/mapifylite-276d9e37b697911176c96dd2534c5db7.yaml
index f4af44f7e1..960673da6d 100644
--- a/nuclei-templates/cve-less/plugins/mapifylite-276d9e37b697911176c96dd2534c5db7.yaml
+++ b/nuclei-templates/cve-less/plugins/mapifylite-276d9e37b697911176c96dd2534c5db7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MapifyLite and MapifyPro <= 3.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MapifyLite and MapifyPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mapifylite/"
     google-query: inurl:"/wp-content/plugins/mapifylite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mapifylite,medium
+  tags: cve,wordpress,wp-plugin,mapifylite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mapsmarker-13b8a58f1828f2c64647f6e908737c8f.yaml b/nuclei-templates/cve-less/plugins/mapsmarker-13b8a58f1828f2c64647f6e908737c8f.yaml
index 67ea8bf5bd..3dfd718fdc 100644
--- a/nuclei-templates/cve-less/plugins/mapsmarker-13b8a58f1828f2c64647f6e908737c8f.yaml
+++ b/nuclei-templates/cve-less/plugins/mapsmarker-13b8a58f1828f2c64647f6e908737c8f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaflet Maps Marker Pro < 1.5.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Leaflet Maps Marker Pro plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mapsmarker/"
     google-query: inurl:"/wp-content/plugins/mapsmarker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mapsmarker,medium
+  tags: cve,wordpress,wp-plugin,mapsmarker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mapsmarker-22c2313f6ddd97279a9a6e05569e552c.yaml b/nuclei-templates/cve-less/plugins/mapsmarker-22c2313f6ddd97279a9a6e05569e552c.yaml
index b1cad3ebd3..1887249a07 100644
--- a/nuclei-templates/cve-less/plugins/mapsmarker-22c2313f6ddd97279a9a6e05569e552c.yaml
+++ b/nuclei-templates/cve-less/plugins/mapsmarker-22c2313f6ddd97279a9a6e05569e552c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mapsmarker/"
     google-query: inurl:"/wp-content/plugins/mapsmarker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mapsmarker,medium
+  tags: cve,wordpress,wp-plugin,mapsmarker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/market-exporter-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/market-exporter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1ed431ad56..656e4a99c2 100644
--- a/nuclei-templates/cve-less/plugins/market-exporter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/market-exporter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/market-exporter/"
     google-query: inurl:"/wp-content/plugins/market-exporter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,market-exporter,medium
+  tags: cve,wordpress,wp-plugin,market-exporter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mashsharer-6b3f6a43a6261f36339646ed344d5b53.yaml b/nuclei-templates/cve-less/plugins/mashsharer-6b3f6a43a6261f36339646ed344d5b53.yaml
index a0455ecaa6..74ed9985c5 100644
--- a/nuclei-templates/cve-less/plugins/mashsharer-6b3f6a43a6261f36339646ed344d5b53.yaml
+++ b/nuclei-templates/cve-less/plugins/mashsharer-6b3f6a43a6261f36339646ed344d5b53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Share Buttons <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Media Share Buttons plugin for WordPress is vulnerable to stored cross-site scripting in versions up to, and including, 3.8.3, due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mashsharer/"
     google-query: inurl:"/wp-content/plugins/mashsharer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mashsharer,medium
+  tags: cve,wordpress,wp-plugin,mashsharer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mass-pagesposts-creator-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/mass-pagesposts-creator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index fcf3ab4fd9..445c7acac0 100644
--- a/nuclei-templates/cve-less/plugins/mass-pagesposts-creator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/mass-pagesposts-creator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mass-pagesposts-creator/"
     google-query: inurl:"/wp-content/plugins/mass-pagesposts-creator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mass-pagesposts-creator,medium
+  tags: cve,wordpress,wp-plugin,mass-pagesposts-creator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/master-addons-963646e7d7bb88af1ad24a0f5a61ee55.yaml b/nuclei-templates/cve-less/plugins/master-addons-963646e7d7bb88af1ad24a0f5a61ee55.yaml
index ddf2212752..d3f4181d31 100644
--- a/nuclei-templates/cve-less/plugins/master-addons-963646e7d7bb88af1ad24a0f5a61ee55.yaml
+++ b/nuclei-templates/cve-less/plugins/master-addons-963646e7d7bb88af1ad24a0f5a61ee55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Addons for Elementor <= 2.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the heading tag dropdown in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level privileges and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-addons/"
     google-query: inurl:"/wp-content/plugins/master-addons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,master-addons,medium
+  tags: cve,wordpress,wp-plugin,master-addons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/master-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/master-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a7e1a6b9a3..c16ee3ec1b 100644
--- a/nuclei-templates/cve-less/plugins/master-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/master-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-addons/"
     google-query: inurl:"/wp-content/plugins/master-addons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,master-addons,medium
+  tags: cve,wordpress,wp-plugin,master-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/master-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/master-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ca5ccc9ef8..ee5212700a 100644
--- a/nuclei-templates/cve-less/plugins/master-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/master-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-blocks/"
     google-query: inurl:"/wp-content/plugins/master-blocks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,master-blocks,medium
+  tags: cve,wordpress,wp-plugin,master-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/master-slider-b6500312e7eff76638bb1a536f1d8f8c.yaml b/nuclei-templates/cve-less/plugins/master-slider-b6500312e7eff76638bb1a536f1d8f8c.yaml
index 5134fce98b..4ac0947f0a 100644
--- a/nuclei-templates/cve-less/plugins/master-slider-b6500312e7eff76638bb1a536f1d8f8c.yaml
+++ b/nuclei-templates/cve-less/plugins/master-slider-b6500312e7eff76638bb1a536f1d8f8c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Slider <= 2.7.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Master Slider plugin for WordPress is vulnerable to Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-slider/"
     google-query: inurl:"/wp-content/plugins/master-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,master-slider,medium
+  tags: cve,wordpress,wp-plugin,master-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/master-slider-ec15f998366a90597f3ae6005cf6d8b3.yaml b/nuclei-templates/cve-less/plugins/master-slider-ec15f998366a90597f3ae6005cf6d8b3.yaml
index a927cc6c91..52242b99fe 100644
--- a/nuclei-templates/cve-less/plugins/master-slider-ec15f998366a90597f3ae6005cf6d8b3.yaml
+++ b/nuclei-templates/cve-less/plugins/master-slider-ec15f998366a90597f3ae6005cf6d8b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Master Slider - Responsive Touch Slider <= 2.5.1 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Master Slider - Responsive Touch Slider plugin for WordPress is vulnerable to blind SQL Injection via the ‘orderby’ parameter in versions up to, and including, 2.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/master-slider/"
     google-query: inurl:"/wp-content/plugins/master-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,master-slider,high
+  tags: cve,wordpress,wp-plugin,master-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-296c49b1bc6f342e92d02be77b2dbe14.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-296c49b1bc6f342e92d02be77b2dbe14.yaml
index 8d40482185..0727be28b7 100644
--- a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-296c49b1bc6f342e92d02be77b2dbe14.yaml
+++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-296c49b1bc6f342e92d02be77b2dbe14.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MasterStudy LMS WordPress Plugin  is vulnerable to unauthorized access of data due to a missing capability check on an anonymous function called by the stm_wpcfto_get_settings AJAX action in versions up to, and including, 2.9.345. This makes it possible for authenticated attackers with subscriber-level permissions or above to access settings data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/"
     google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,medium
+  tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mathjax-latex-c72bfd99ca891cab28a20713d4d5fa8e.yaml b/nuclei-templates/cve-less/plugins/mathjax-latex-c72bfd99ca891cab28a20713d4d5fa8e.yaml
index d2da2dcc54..adb5a7c617 100644
--- a/nuclei-templates/cve-less/plugins/mathjax-latex-c72bfd99ca891cab28a20713d4d5fa8e.yaml
+++ b/nuclei-templates/cve-less/plugins/mathjax-latex-c72bfd99ca891cab28a20713d4d5fa8e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MathJax-LaTeX < 1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MathJax LaTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.2. This is due to missing or incorrect nonce validation on the mathjax_plugin_options function. This may make it possible for unauthenticated attackers to arbitrarily change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mathjax-latex/"
     google-query: inurl:"/wp-content/plugins/mathjax-latex/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mathjax-latex,high
+  tags: cve,wordpress,wp-plugin,mathjax-latex,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/maxbuttons-47fd93f8dbf38d292961db96282356d5.yaml b/nuclei-templates/cve-less/plugins/maxbuttons-47fd93f8dbf38d292961db96282356d5.yaml
index 11b9c977b8..3bb7843749 100644
--- a/nuclei-templates/cve-less/plugins/maxbuttons-47fd93f8dbf38d292961db96282356d5.yaml
+++ b/nuclei-templates/cve-less/plugins/maxbuttons-47fd93f8dbf38d292961db96282356d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Button Plugin MaxButtons <= 9.2 - Shortcode-Based Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various shortcode attributes in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/maxbuttons/"
     google-query: inurl:"/wp-content/plugins/maxbuttons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,maxbuttons,medium
+  tags: cve,wordpress,wp-plugin,maxbuttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/media-download-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/media-download-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 424560087b..6b373e5e30 100644
--- a/nuclei-templates/cve-less/plugins/media-download-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/media-download-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/media-download/"
     google-query: inurl:"/wp-content/plugins/media-download/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,media-download,medium
+  tags: cve,wordpress,wp-plugin,media-download,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/meks-smart-social-widget-f41b10488dd7d69ac4748b8c313105e4.yaml b/nuclei-templates/cve-less/plugins/meks-smart-social-widget-f41b10488dd7d69ac4748b8c313105e4.yaml
index 72f070837a..f7e05a3990 100644
--- a/nuclei-templates/cve-less/plugins/meks-smart-social-widget-f41b10488dd7d69ac4748b8c313105e4.yaml
+++ b/nuclei-templates/cve-less/plugins/meks-smart-social-widget-f41b10488dd7d69ac4748b8c313105e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Meks Smart Social Widget <= 1.6 - Missing Authorization to notice dimissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Meks Smart Social Widget plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the meks_remove_notification function in versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to dismiss admin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meks-smart-social-widget/"
     google-query: inurl:"/wp-content/plugins/meks-smart-social-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,meks-smart-social-widget,medium
+  tags: cve,wordpress,wp-plugin,meks-smart-social-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/melhor-envio-cotacao-d9141583a795a1e4a70084cd717fd9ac.yaml b/nuclei-templates/cve-less/plugins/melhor-envio-cotacao-d9141583a795a1e4a70084cd717fd9ac.yaml
index 2696c09cb5..d91c12e2da 100644
--- a/nuclei-templates/cve-less/plugins/melhor-envio-cotacao-d9141583a795a1e4a70084cd717fd9ac.yaml
+++ b/nuclei-templates/cve-less/plugins/melhor-envio-cotacao-d9141583a795a1e4a70084cd717fd9ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Melhor Envio <= 2.11.19 - Cross-Site Request Forgery and Authenticated Settings Change
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Melhor Envio plugin for WordPress is vulnerable to authenticated settings changes and Cross-Site Request Forgery in versions up to, and including, 2.11.19. This allowed any authenticated user to directly modify plugin settings, and allowed unauthenticated users to modify the same settings if they could trick an authenticated user into performing an action, such as clicking a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/melhor-envio-cotacao/"
     google-query: inurl:"/wp-content/plugins/melhor-envio-cotacao/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,melhor-envio-cotacao,medium
+  tags: cve,wordpress,wp-plugin,melhor-envio-cotacao,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/memberpress-downloads-dd0bbd05ca9ba09666d0154a80a50eb1.yaml b/nuclei-templates/cve-less/plugins/memberpress-downloads-dd0bbd05ca9ba09666d0154a80a50eb1.yaml
index ea8e157adf..aa48a3e1ba 100644
--- a/nuclei-templates/cve-less/plugins/memberpress-downloads-dd0bbd05ca9ba09666d0154a80a50eb1.yaml
+++ b/nuclei-templates/cve-less/plugins/memberpress-downloads-dd0bbd05ca9ba09666d0154a80a50eb1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MemberPress Downloads <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The MemberPress Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capabilities checks on one of its AJAX endpoints in versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/memberpress-downloads/"
     google-query: inurl:"/wp-content/plugins/memberpress-downloads/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,memberpress-downloads,high
+  tags: cve,wordpress,wp-plugin,memberpress-downloads,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/members-import-3faf0e242f65e17c979c6f608e04b73e.yaml b/nuclei-templates/cve-less/plugins/members-import-3faf0e242f65e17c979c6f608e04b73e.yaml
index 1dd13b6978..6b111e8a95 100644
--- a/nuclei-templates/cve-less/plugins/members-import-3faf0e242f65e17c979c6f608e04b73e.yaml
+++ b/nuclei-templates/cve-less/plugins/members-import-3faf0e242f65e17c979c6f608e04b73e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Members Import <= 1.3 - Cross-Site Request Forgery to User Import and Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Members Import for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the memberimport_page function. This makes it possible for unauthenticated attackers to import new users or inject malicious JavaScript, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/members-import/"
     google-query: inurl:"/wp-content/plugins/members-import/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,members-import,high
+  tags: cve,wordpress,wp-plugin,members-import,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/membership-by-supsystic-6d746a5f0aa53afdd212e69305550ec1.yaml b/nuclei-templates/cve-less/plugins/membership-by-supsystic-6d746a5f0aa53afdd212e69305550ec1.yaml
index 58e642be45..c2bac6bcae 100644
--- a/nuclei-templates/cve-less/plugins/membership-by-supsystic-6d746a5f0aa53afdd212e69305550ec1.yaml
+++ b/nuclei-templates/cve-less/plugins/membership-by-supsystic-6d746a5f0aa53afdd212e69305550ec1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Membership by Supsystic <= 1.5.0 - Authenticated (Admin+) Time-Based Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Membership by Supsystic plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sidx' and 'search' parameters in versions up to, and including, 1.5.0 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/membership-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/membership-by-supsystic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,membership-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,membership-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/menu-image-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/menu-image-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 76b9ff40a5..3532d26a03 100644
--- a/nuclei-templates/cve-less/plugins/menu-image-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/menu-image-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/menu-image/"
     google-query: inurl:"/wp-content/plugins/menu-image/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,menu-image,medium
+  tags: cve,wordpress,wp-plugin,menu-image,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/menu-item-scheduler-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/menu-item-scheduler-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 69a749dd90..1bcd17ec05 100644
--- a/nuclei-templates/cve-less/plugins/menu-item-scheduler-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/menu-item-scheduler-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/menu-item-scheduler/"
     google-query: inurl:"/wp-content/plugins/menu-item-scheduler/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,menu-item-scheduler,medium
+  tags: cve,wordpress,wp-plugin,menu-item-scheduler,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/merge-minify-refresh-19904e18d7847af1a770f2d024bfee5b.yaml b/nuclei-templates/cve-less/plugins/merge-minify-refresh-19904e18d7847af1a770f2d024bfee5b.yaml
index ced3d9829e..66c451fa33 100644
--- a/nuclei-templates/cve-less/plugins/merge-minify-refresh-19904e18d7847af1a770f2d024bfee5b.yaml
+++ b/nuclei-templates/cve-less/plugins/merge-minify-refresh-19904e18d7847af1a770f2d024bfee5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Merge + Minify + Refresh <= 1.10.7 - Cross-Site Request Forgery leading to Arbitrary File Deletion and Site Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Merge + Minify + Refresh plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.7. This is due to missing nonce validation in the plugin. This makes it possible for unauthenticated attackers to exploit path traversal vulnerabilities via forged request granted they can trick any logged-in site user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/merge-minify-refresh/"
     google-query: inurl:"/wp-content/plugins/merge-minify-refresh/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,merge-minify-refresh,high
+  tags: cve,wordpress,wp-plugin,merge-minify-refresh,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/meta-tags-for-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/meta-tags-for-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8c6c730dc1..73752aa046 100644
--- a/nuclei-templates/cve-less/plugins/meta-tags-for-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/meta-tags-for-seo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/meta-tags-for-seo/"
     google-query: inurl:"/wp-content/plugins/meta-tags-for-seo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,meta-tags-for-seo,medium
+  tags: cve,wordpress,wp-plugin,meta-tags-for-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mihdan-public-post-preview-1e5ebadce2a1ab9a5fd9a23d7bb80d5b.yaml b/nuclei-templates/cve-less/plugins/mihdan-public-post-preview-1e5ebadce2a1ab9a5fd9a23d7bb80d5b.yaml
index d571773da9..829e0eb3ed 100644
--- a/nuclei-templates/cve-less/plugins/mihdan-public-post-preview-1e5ebadce2a1ab9a5fd9a23d7bb80d5b.yaml
+++ b/nuclei-templates/cve-less/plugins/mihdan-public-post-preview-1e5ebadce2a1ab9a5fd9a23d7bb80d5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mihdan: Public Post Preview <= 1.9.9 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Public Post Preview plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the mppp_toggle function in versions up to, and including, 1.9.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post metadata.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mihdan-public-post-preview/"
     google-query: inurl:"/wp-content/plugins/mihdan-public-post-preview/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mihdan-public-post-preview,medium
+  tags: cve,wordpress,wp-plugin,mihdan-public-post-preview,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mindbody-access-management-9f9a85cc7dcde674a13dc865058427ba.yaml b/nuclei-templates/cve-less/plugins/mindbody-access-management-9f9a85cc7dcde674a13dc865058427ba.yaml
index 0c81631ad1..f3d4648e36 100644
--- a/nuclei-templates/cve-less/plugins/mindbody-access-management-9f9a85cc7dcde674a13dc865058427ba.yaml
+++ b/nuclei-templates/cve-less/plugins/mindbody-access-management-9f9a85cc7dcde674a13dc865058427ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MZ MBO Access <= 2.0.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MZ MBO Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.8. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform multiple administrator-level actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mindbody-access-management/"
     google-query: inurl:"/wp-content/plugins/mindbody-access-management/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mindbody-access-management,high
+  tags: cve,wordpress,wp-plugin,mindbody-access-management,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mingle-forum-bb8b3412160ee9a77c9d2e3d86221321.yaml b/nuclei-templates/cve-less/plugins/mingle-forum-bb8b3412160ee9a77c9d2e3d86221321.yaml
index 12f2b7b4ca..ec1605375a 100644
--- a/nuclei-templates/cve-less/plugins/mingle-forum-bb8b3412160ee9a77c9d2e3d86221321.yaml
+++ b/nuclei-templates/cve-less/plugins/mingle-forum-bb8b3412160ee9a77c9d2e3d86221321.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mingle Forum <= 1.0.33 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Mingle Forum plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 1.0.33 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mingle-forum/"
     google-query: inurl:"/wp-content/plugins/mingle-forum/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mingle-forum,medium
+  tags: cve,wordpress,wp-plugin,mingle-forum,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mingle-forum-f35fe23400199bbe42a795d71f9a637a.yaml b/nuclei-templates/cve-less/plugins/mingle-forum-f35fe23400199bbe42a795d71f9a637a.yaml
index 64f72cdff7..267d0f6ab1 100644
--- a/nuclei-templates/cve-less/plugins/mingle-forum-f35fe23400199bbe42a795d71f9a637a.yaml
+++ b/nuclei-templates/cve-less/plugins/mingle-forum-f35fe23400199bbe42a795d71f9a637a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mingle Forum < 1.0.34 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Mingle Forum plugin for WordPress is vulnerable to generic SQL Injection in versions up to 1.0.34 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mingle-forum/"
     google-query: inurl:"/wp-content/plugins/mingle-forum/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mingle-forum,high
+  tags: cve,wordpress,wp-plugin,mingle-forum,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mini-cart-56a0c79ebe574b006dcddb57a105ed57.yaml b/nuclei-templates/cve-less/plugins/mini-cart-56a0c79ebe574b006dcddb57a105ed57.yaml
index f074a1b4ab..0cd59ba0ab 100644
--- a/nuclei-templates/cve-less/plugins/mini-cart-56a0c79ebe574b006dcddb57a105ed57.yaml
+++ b/nuclei-templates/cve-less/plugins/mini-cart-56a0c79ebe574b006dcddb57a105ed57.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mini Cart <= 1.00.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Mini Cart plugin for WordPress is vulnerable to SQL Injection via the ‘item’ parameter in versions up to, and including, 1.00.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mini-cart/"
     google-query: inurl:"/wp-content/plugins/mini-cart/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mini-cart,high
+  tags: cve,wordpress,wp-plugin,mini-cart,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-39eb4a9ab67b19c7b3e7b850c04221af.yaml b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-39eb4a9ab67b19c7b3e7b850c04221af.yaml
index 205184e3df..c6e08d4a89 100644
--- a/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-39eb4a9ab67b19c7b3e7b850c04221af.yaml
+++ b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-39eb4a9ab67b19c7b3e7b850c04221af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Minimal Coming Soon – Coming Soon Page <= 2.33 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Minimal Coming Soon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_css’ and 'custom_html' parameters in versions up to, and including, 2.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/minimal-coming-soon-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/minimal-coming-soon-maintenance-mode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-a7b78f7a058348bb841c19e95bd21064.yaml b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-a7b78f7a058348bb841c19e95bd21064.yaml
index 206883acf1..2c15beddbe 100644
--- a/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-a7b78f7a058348bb841c19e95bd21064.yaml
+++ b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-a7b78f7a058348bb841c19e95bd21064.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Minimal Coming Soon – Coming Soon Page <= 2.33 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_css value in versions up to, and including, 2.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/minimal-coming-soon-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/minimal-coming-soon-maintenance-mode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-0e334f8b94041fdfb0dbd420bf6d8572.yaml b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-0e334f8b94041fdfb0dbd420bf6d8572.yaml
index 5871a45153..c51f7eba8d 100644
--- a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-0e334f8b94041fdfb0dbd420bf6d8572.yaml
+++ b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-0e334f8b94041fdfb0dbd420bf6d8572.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     miniOrange's Google Authenticator <= 5.4.39 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The miniOrange's Google Authenticator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user’ parameter in versions up to, and including, 5.4.39 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-2-factor-authentication/"
     google-query: inurl:"/wp-content/plugins/miniorange-2-factor-authentication/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,medium
+  tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-2c78335d8d426bf0b25d79bcc3a1ab65.yaml b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-2c78335d8d426bf0b25d79bcc3a1ab65.yaml
index 013f2819df..a604fa84c0 100644
--- a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-2c78335d8d426bf0b25d79bcc3a1ab65.yaml
+++ b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-2c78335d8d426bf0b25d79bcc3a1ab65.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     miniOrange's Google Authenticator <= 5.6.1 - Cross-Site Request Forgery to Malware Scan Termination
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The miniOrange's Google Authenticator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.6.1. This is due to missing or incorrect nonce validation on the mo_wpns_stop_scan function. This makes it possible for unauthenticated attackers to terminate malware scans, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-2-factor-authentication/"
     google-query: inurl:"/wp-content/plugins/miniorange-2-factor-authentication/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,high
+  tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-7f9d8f2c0da9df1ec2dd98d448e2220f.yaml b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-7f9d8f2c0da9df1ec2dd98d448e2220f.yaml
index cf0f743c97..1c2f96a1ac 100644
--- a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-7f9d8f2c0da9df1ec2dd98d448e2220f.yaml
+++ b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-7f9d8f2c0da9df1ec2dd98d448e2220f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     miniOrange's Google Authenticator  <= 5.5.82 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an the mo_wpns_malware_redirect function in versions up to, and including, 5.5.82. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to initiate/terminate malware scans or obtain the malware scan status of a currently ongoing or the last scan. Terminating ongoing scans could aid an attacker who is attempting to infect a site, while repeatedly initiating new scans could lead to resource exhaustion. Additionally, knowing the status of the last scan might help an attacker who wishes to further compromise a site or server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-2-factor-authentication/"
     google-query: inurl:"/wp-content/plugins/miniorange-2-factor-authentication/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,medium
+  tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-security-de7221543e5e73690e1a713271a64c51.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-security-de7221543e5e73690e1a713271a64c51.yaml
index aae75da46e..ba56ceb8a6 100644
--- a/nuclei-templates/cve-less/plugins/miniorange-login-security-de7221543e5e73690e1a713271a64c51.yaml
+++ b/nuclei-templates/cve-less/plugins/miniorange-login-security-de7221543e5e73690e1a713271a64c51.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Two Factor Authentication (2FA , MFA, OTP SMS and Email) <= 1.0.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Two Factor Authentication (2FA , MFA, OTP SMS and Email) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user’ parameter in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-login-security/"
     google-query: inurl:"/wp-content/plugins/miniorange-login-security/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,miniorange-login-security,medium
+  tags: cve,wordpress,wp-plugin,miniorange-login-security,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-9db01b7b537550571e5aaebf6e7d1ee5.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-9db01b7b537550571e5aaebf6e7d1ee5.yaml
index e1ad1f0e6b..ecff2f0a6e 100644
--- a/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-9db01b7b537550571e5aaebf6e7d1ee5.yaml
+++ b/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-9db01b7b537550571e5aaebf6e7d1ee5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 6.22.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-login-with-eve-online-google-facebook/"
     google-query: inurl:"/wp-content/plugins/miniorange-login-with-eve-online-google-facebook/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,miniorange-login-with-eve-online-google-facebook,medium
+  tags: cve,wordpress,wp-plugin,miniorange-login-with-eve-online-google-facebook,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-18ed21ba8d359bbdba46edad48e67bc5.yaml b/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-18ed21ba8d359bbdba46edad48e67bc5.yaml
index fda79fd626..2c8136e28c 100644
--- a/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-18ed21ba8d359bbdba46edad48e67bc5.yaml
+++ b/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-18ed21ba8d359bbdba46edad48e67bc5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SAML Single Sign On – SAML SSO Login <= 4.8.75 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SAML Single Sign On plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.75. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miniorange-saml-20-single-sign-on/"
     google-query: inurl:"/wp-content/plugins/miniorange-saml-20-single-sign-on/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,high
+  tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/miwoftp-23e0e48f6d4b609b278b4fbd54ac10a1.yaml b/nuclei-templates/cve-less/plugins/miwoftp-23e0e48f6d4b609b278b4fbd54ac10a1.yaml
index fb2c6b0e05..cbe368d1d4 100644
--- a/nuclei-templates/cve-less/plugins/miwoftp-23e0e48f6d4b609b278b4fbd54ac10a1.yaml
+++ b/nuclei-templates/cve-less/plugins/miwoftp-23e0e48f6d4b609b278b4fbd54ac10a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MiwoFTP < 1.0.6 - Cross-Site Request Forgery leading to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MiwoFTP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.0.6. This makes it possible for unauthenticated attackers to upload arbitrary code and execute them via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miwoftp/"
     google-query: inurl:"/wp-content/plugins/miwoftp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,miwoftp,high
+  tags: cve,wordpress,wp-plugin,miwoftp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/miwoftp-d10118590b8b4520a15b5f492941e4d0.yaml b/nuclei-templates/cve-less/plugins/miwoftp-d10118590b8b4520a15b5f492941e4d0.yaml
index db730f4a68..08b8734276 100644
--- a/nuclei-templates/cve-less/plugins/miwoftp-d10118590b8b4520a15b5f492941e4d0.yaml
+++ b/nuclei-templates/cve-less/plugins/miwoftp-d10118590b8b4520a15b5f492941e4d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MiwoFTP < 1.0.6 - Cross-Site Request Forgery to Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MiwoFTP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to delete arbitrary files via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/miwoftp/"
     google-query: inurl:"/wp-content/plugins/miwoftp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,miwoftp,high
+  tags: cve,wordpress,wp-plugin,miwoftp,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ml-slider-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/ml-slider-18966e8228314b8165d39d48519f43cc.yaml
index c623114bf7..91c0c3f791 100644
--- a/nuclei-templates/cve-less/plugins/ml-slider-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/ml-slider-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ml-slider/"
     google-query: inurl:"/wp-content/plugins/ml-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ml-slider,medium
+  tags: cve,wordpress,wp-plugin,ml-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ml-slider-e13785deba801d5052c18262b9c1ec9f.yaml b/nuclei-templates/cve-less/plugins/ml-slider-e13785deba801d5052c18262b9c1ec9f.yaml
index 5e4c13d13d..785b772ba2 100644
--- a/nuclei-templates/cve-less/plugins/ml-slider-e13785deba801d5052c18262b9c1ec9f.yaml
+++ b/nuclei-templates/cve-less/plugins/ml-slider-e13785deba801d5052c18262b9c1ec9f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slider, Gallery, and Carousel by MetaSlider <= 3.17.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross Site Scripting in versions up to, and including, 3.17.1. The patch adds extra filtering of captions using HTML Purifier where there appeared to be a stored cross-site scripting vulnerability to accounts with sufficient privileges.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ml-slider/"
     google-query: inurl:"/wp-content/plugins/ml-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ml-slider,medium
+  tags: cve,wordpress,wp-plugin,ml-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mobile-login-woocommerce-2d6d4e818a96c6e23f130697cfe95544.yaml b/nuclei-templates/cve-less/plugins/mobile-login-woocommerce-2d6d4e818a96c6e23f130697cfe95544.yaml
index be3a43eafd..4c717a82b5 100644
--- a/nuclei-templates/cve-less/plugins/mobile-login-woocommerce-2d6d4e818a96c6e23f130697cfe95544.yaml
+++ b/nuclei-templates/cve-less/plugins/mobile-login-woocommerce-2d6d4e818a96c6e23f130697cfe95544.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OTP Login Woocommerce & Gravity Forms <= 2.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The plugin OTP Login Woocommerce & Gravity Forms for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mobile-login-woocommerce/"
     google-query: inurl:"/wp-content/plugins/mobile-login-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mobile-login-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,mobile-login-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mobile-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/mobile-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2c0b43df92..28cf629400 100644
--- a/nuclei-templates/cve-less/plugins/mobile-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/mobile-menu-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mobile-menu/"
     google-query: inurl:"/wp-content/plugins/mobile-menu/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mobile-menu,medium
+  tags: cve,wordpress,wp-plugin,mobile-menu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mobilechief-mobile-site-creator-9d62e328d915f4bc5d1fc97fbe0f1bbc.yaml b/nuclei-templates/cve-less/plugins/mobilechief-mobile-site-creator-9d62e328d915f4bc5d1fc97fbe0f1bbc.yaml
index 8a8e9631a4..a6462cd189 100644
--- a/nuclei-templates/cve-less/plugins/mobilechief-mobile-site-creator-9d62e328d915f4bc5d1fc97fbe0f1bbc.yaml
+++ b/nuclei-templates/cve-less/plugins/mobilechief-mobile-site-creator-9d62e328d915f4bc5d1fc97fbe0f1bbc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MobileChief – Mobile Site Builder <= 1.5.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MobileChief – Mobile Site Builder for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including,1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mobilechief-mobile-site-creator/"
     google-query: inurl:"/wp-content/plugins/mobilechief-mobile-site-creator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mobilechief-mobile-site-creator,medium
+  tags: cve,wordpress,wp-plugin,mobilechief-mobile-site-creator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mobilook-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/mobilook-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ceb44f54a0..0ada1ce88f 100644
--- a/nuclei-templates/cve-less/plugins/mobilook-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/mobilook-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mobilook/"
     google-query: inurl:"/wp-content/plugins/mobilook/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mobilook,medium
+  tags: cve,wordpress,wp-plugin,mobilook,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/modern-addons-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/modern-addons-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7099756944..3efe476c12 100644
--- a/nuclei-templates/cve-less/plugins/modern-addons-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/modern-addons-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-addons-elementor/"
     google-query: inurl:"/wp-content/plugins/modern-addons-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,modern-addons-elementor,medium
+  tags: cve,wordpress,wp-plugin,modern-addons-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/modern-designs-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/modern-designs-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cf86187284..7e06e6157f 100644
--- a/nuclei-templates/cve-less/plugins/modern-designs-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/modern-designs-for-gravity-forms-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/modern-designs-for-gravity-forms/"
     google-query: inurl:"/wp-content/plugins/modern-designs-for-gravity-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,modern-designs-for-gravity-forms,medium
+  tags: cve,wordpress,wp-plugin,modern-designs-for-gravity-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/moosend-email-marketing-e54ab178e0430008f60d1b3ffa4fc240.yaml b/nuclei-templates/cve-less/plugins/moosend-email-marketing-e54ab178e0430008f60d1b3ffa4fc240.yaml
index 0953da8af7..310f291613 100644
--- a/nuclei-templates/cve-less/plugins/moosend-email-marketing-e54ab178e0430008f60d1b3ffa4fc240.yaml
+++ b/nuclei-templates/cve-less/plugins/moosend-email-marketing-e54ab178e0430008f60d1b3ffa4fc240.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Moosend Website Connector <= 1.0.189 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Moosend Website Connector plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the updateSettings() function in versions up to, and including, 1.0.189. This makes it possible for unauthenticated attackers to set the Moosend Website Tracking ID.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/moosend-email-marketing/"
     google-query: inurl:"/wp-content/plugins/moosend-email-marketing/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,moosend-email-marketing,medium
+  tags: cve,wordpress,wp-plugin,moosend-email-marketing,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/more-better-reviews-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/more-better-reviews-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d383d529f1..42599d8ad4 100644
--- a/nuclei-templates/cve-less/plugins/more-better-reviews-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/more-better-reviews-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/more-better-reviews-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/more-better-reviews-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,more-better-reviews-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,more-better-reviews-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/more-featured-images-b073725ff3ce84124c4fbaa39058dd12.yaml b/nuclei-templates/cve-less/plugins/more-featured-images-b073725ff3ce84124c4fbaa39058dd12.yaml
index 4e6d716871..f174eceb1a 100644
--- a/nuclei-templates/cve-less/plugins/more-featured-images-b073725ff3ce84124c4fbaa39058dd12.yaml
+++ b/nuclei-templates/cve-less/plugins/more-featured-images-b073725ff3ce84124c4fbaa39058dd12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     More Featured Images <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The More Featured Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mfi_image' parameter in versions up to, and including, 1.0.0. This requires contributor level permissions and above to exploit.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/more-featured-images/"
     google-query: inurl:"/wp-content/plugins/more-featured-images/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,more-featured-images,medium
+  tags: cve,wordpress,wp-plugin,more-featured-images,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mp3-jplayer-f2f737655d264b31c43ad2bd812bd2dc.yaml b/nuclei-templates/cve-less/plugins/mp3-jplayer-f2f737655d264b31c43ad2bd812bd2dc.yaml
index 123fd15991..8615a3c005 100644
--- a/nuclei-templates/cve-less/plugins/mp3-jplayer-f2f737655d264b31c43ad2bd812bd2dc.yaml
+++ b/nuclei-templates/cve-less/plugins/mp3-jplayer-f2f737655d264b31c43ad2bd812bd2dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MP3-jPlayer <= 1.8.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MP3-jPlayer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘mp3’ parameter in versions up to, and including, 1.8.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mp3-jplayer/"
     google-query: inurl:"/wp-content/plugins/mp3-jplayer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mp3-jplayer,medium
+  tags: cve,wordpress,wp-plugin,mp3-jplayer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mrkwp-footer-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/mrkwp-footer-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1e60143d87..adb4b957aa 100644
--- a/nuclei-templates/cve-less/plugins/mrkwp-footer-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/mrkwp-footer-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mrkwp-footer-for-divi/"
     google-query: inurl:"/wp-content/plugins/mrkwp-footer-for-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mrkwp-footer-for-divi,medium
+  tags: cve,wordpress,wp-plugin,mrkwp-footer-for-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/msmc-redirect-after-comment-5ac91f4d7709824d7d324fcc63da5897.yaml b/nuclei-templates/cve-less/plugins/msmc-redirect-after-comment-5ac91f4d7709824d7d324fcc63da5897.yaml
index 7e0d110a7f..e876881200 100644
--- a/nuclei-templates/cve-less/plugins/msmc-redirect-after-comment-5ac91f4d7709824d7d324fcc63da5897.yaml
+++ b/nuclei-templates/cve-less/plugins/msmc-redirect-after-comment-5ac91f4d7709824d7d324fcc63da5897.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MSMC Redirect After Comment <= 2.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MSMC Redirect After Comment plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting via the ‘MSMC_redirect_location’ parameter in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to perform almost any action an admin can if they can successfully trick an admin into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/msmc-redirect-after-comment/"
     google-query: inurl:"/wp-content/plugins/msmc-redirect-after-comment/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,msmc-redirect-after-comment,high
+  tags: cve,wordpress,wp-plugin,msmc-redirect-after-comment,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/multi-meta-box-7dc2950e20e339de0e3c41a3a14e05fa.yaml b/nuclei-templates/cve-less/plugins/multi-meta-box-7dc2950e20e339de0e3c41a3a14e05fa.yaml
index 0523336d9c..d56279941f 100644
--- a/nuclei-templates/cve-less/plugins/multi-meta-box-7dc2950e20e339de0e3c41a3a14e05fa.yaml
+++ b/nuclei-templates/cve-less/plugins/multi-meta-box-7dc2950e20e339de0e3c41a3a14e05fa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Multiple Meta Box <= 1.0.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Multiple Meta Box plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter in versions up to, and including, 1.0.0 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multi-meta-box/"
     google-query: inurl:"/wp-content/plugins/multi-meta-box/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,multi-meta-box,high
+  tags: cve,wordpress,wp-plugin,multi-meta-box,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/multiple-domain-3a3edd25e4fa2cd1428645e4e1a051ab.yaml b/nuclei-templates/cve-less/plugins/multiple-domain-3a3edd25e4fa2cd1428645e4e1a051ab.yaml
index 14d0f05eb1..0ccbf86152 100644
--- a/nuclei-templates/cve-less/plugins/multiple-domain-3a3edd25e4fa2cd1428645e4e1a051ab.yaml
+++ b/nuclei-templates/cve-less/plugins/multiple-domain-3a3edd25e4fa2cd1428645e4e1a051ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Multiple Domain <= 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Multiple Domain plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping in the Canonical and Alternate Tags. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multiple-domain/"
     google-query: inurl:"/wp-content/plugins/multiple-domain/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,multiple-domain,medium
+  tags: cve,wordpress,wp-plugin,multiple-domain,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/multipurpose-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/multipurpose-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 60c15478ef..5f7c644763 100644
--- a/nuclei-templates/cve-less/plugins/multipurpose-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/multipurpose-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multipurpose-block/"
     google-query: inurl:"/wp-content/plugins/multipurpose-block/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,multipurpose-block,medium
+  tags: cve,wordpress,wp-plugin,multipurpose-block,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/multisite-robotstxt-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/multisite-robotstxt-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 82fa08ffdb..7953913d51 100644
--- a/nuclei-templates/cve-less/plugins/multisite-robotstxt-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/multisite-robotstxt-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/multisite-robotstxt-manager/"
     google-query: inurl:"/wp-content/plugins/multisite-robotstxt-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,multisite-robotstxt-manager,medium
+  tags: cve,wordpress,wp-plugin,multisite-robotstxt-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/music-player-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/music-player-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 938f31df5b..ac1187bf26 100644
--- a/nuclei-templates/cve-less/plugins/music-player-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/music-player-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/music-player-for-elementor/"
     google-query: inurl:"/wp-content/plugins/music-player-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,music-player-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,music-player-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/music-player-for-woocommerce-3e61760bac7d3dbcc4ad9810884d474f.yaml b/nuclei-templates/cve-less/plugins/music-player-for-woocommerce-3e61760bac7d3dbcc4ad9810884d474f.yaml
index 963bb4d1e8..bc13106830 100644
--- a/nuclei-templates/cve-less/plugins/music-player-for-woocommerce-3e61760bac7d3dbcc4ad9810884d474f.yaml
+++ b/nuclei-templates/cve-less/plugins/music-player-for-woocommerce-3e61760bac7d3dbcc4ad9810884d474f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Music Player for WooCommerce <= 1.0.172 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Music Player for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting several parameters in versions up to, and including, 1.0.172  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/music-player-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/music-player-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,music-player-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,music-player-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mwb-point-of-sale-pos-for-woocommerce-20415f311fdf676cb6dd436c829d557f.yaml b/nuclei-templates/cve-less/plugins/mwb-point-of-sale-pos-for-woocommerce-20415f311fdf676cb6dd436c829d557f.yaml
index 490ffed533..c1029d778c 100644
--- a/nuclei-templates/cve-less/plugins/mwb-point-of-sale-pos-for-woocommerce-20415f311fdf676cb6dd436c829d557f.yaml
+++ b/nuclei-templates/cve-less/plugins/mwb-point-of-sale-pos-for-woocommerce-20415f311fdf676cb6dd436c829d557f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MWB Point of Sale (POS) for WooCommerce <= 1.0.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MWB Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.0. This is due to missing nonce validation and capability checks on several AJAX actions found within the plugin . This makes it possible for authenticated attackers, with low-level privileges, such as subscriber, to execute otherwise restricted AJAX calls and modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mwb-point-of-sale-pos-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/mwb-point-of-sale-pos-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mwb-point-of-sale-pos-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,mwb-point-of-sale-pos-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/my-calendar-72451557ba7e0e914a18e1ce213f28d7.yaml b/nuclei-templates/cve-less/plugins/my-calendar-72451557ba7e0e914a18e1ce213f28d7.yaml
index 9009444166..ac67ba02a0 100644
--- a/nuclei-templates/cve-less/plugins/my-calendar-72451557ba7e0e914a18e1ce213f28d7.yaml
+++ b/nuclei-templates/cve-less/plugins/my-calendar-72451557ba7e0e914a18e1ce213f28d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Calendar <= 2.5.16 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The My Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘event_time_label’ parameter in versions up to, and including, 2.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-calendar/"
     google-query: inurl:"/wp-content/plugins/my-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,my-calendar,medium
+  tags: cve,wordpress,wp-plugin,my-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/my-calendar-a6b03d82501be09605ec3648f082c81b.yaml b/nuclei-templates/cve-less/plugins/my-calendar-a6b03d82501be09605ec3648f082c81b.yaml
index 86159151d0..f923b30a5d 100644
--- a/nuclei-templates/cve-less/plugins/my-calendar-a6b03d82501be09605ec3648f082c81b.yaml
+++ b/nuclei-templates/cve-less/plugins/my-calendar-a6b03d82501be09605ec3648f082c81b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Calendar <= 3.3.16 - Administrator+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The My Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various parameters including the ‘street’ parameter in versions up to, and including, 3.3.16  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-calendar/"
     google-query: inurl:"/wp-content/plugins/my-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,my-calendar,medium
+  tags: cve,wordpress,wp-plugin,my-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/my-category-order-46d83256b62bdfe4aa6f310ac82e97af.yaml b/nuclei-templates/cve-less/plugins/my-category-order-46d83256b62bdfe4aa6f310ac82e97af.yaml
index cee14698ec..753d3daeb4 100644
--- a/nuclei-templates/cve-less/plugins/my-category-order-46d83256b62bdfe4aa6f310ac82e97af.yaml
+++ b/nuclei-templates/cve-less/plugins/my-category-order-46d83256b62bdfe4aa6f310ac82e97af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Category Order <= 4.3 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The My Category Order plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3 due to missing nonce validation. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a site's administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-category-order/"
     google-query: inurl:"/wp-content/plugins/my-category-order/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,my-category-order,high
+  tags: cve,wordpress,wp-plugin,my-category-order,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/my-content-management-f493de201064a7faaee262b5cd71afb2.yaml b/nuclei-templates/cve-less/plugins/my-content-management-f493de201064a7faaee262b5cd71afb2.yaml
index ee1b082d69..4044b7c51a 100644
--- a/nuclei-templates/cve-less/plugins/my-content-management-f493de201064a7faaee262b5cd71afb2.yaml
+++ b/nuclei-templates/cve-less/plugins/my-content-management-f493de201064a7faaee262b5cd71afb2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Content Management <= 1.7.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The My Content Management plugin for WordPress may have been vulnerable to Cross-Site Scripting in versions less than or equal to 1.7.1. Version 1.7.2 of the plugin implemented extensive sanitization and escaping on user supplied inputs which means there may have been exploitable cross-site scripting vulnerabilities present in versions older than 1.7.2.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-content-management/"
     google-query: inurl:"/wp-content/plugins/my-content-management/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,my-content-management,medium
+  tags: cve,wordpress,wp-plugin,my-content-management,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/my-link-order-6e16524bd1d2a580c4988808ba69289d.yaml b/nuclei-templates/cve-less/plugins/my-link-order-6e16524bd1d2a580c4988808ba69289d.yaml
index 580836313f..457d3121bd 100644
--- a/nuclei-templates/cve-less/plugins/my-link-order-6e16524bd1d2a580c4988808ba69289d.yaml
+++ b/nuclei-templates/cve-less/plugins/my-link-order-6e16524bd1d2a580c4988808ba69289d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Link Order <= 4.3 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The My Link Order plugin for WordPress is vulnerable to Cross-Site Scripting via the 'cats' & 'hdnCatID' parameters in versions up to, and including, 4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/my-link-order/"
     google-query: inurl:"/wp-content/plugins/my-link-order/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,my-link-order,medium
+  tags: cve,wordpress,wp-plugin,my-link-order,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/my-page-order-a5940bfb7c2779df0f2c0ab2e0cfe4dd.yaml b/nuclei-templates/cve-less/plugins/my-page-order-a5940bfb7c2779df0f2c0ab2e0cfe4dd.yaml
index ed18ed0dbf..6e64f8ddb3 100644
--- a/nuclei-templates/cve-less/plugins/my-page-order-a5940bfb7c2779df0f2c0ab2e0cfe4dd.yaml
+++ b/nuclei-templates/cve-less/plugins/my-page-order-a5940bfb7c2779df0f2c0ab2e0cfe4dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My Page Order <= 4.3 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The  My Page Order plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting via the ‘pages' and 'hdnParentID’ parameters in versions up to, and including, 4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-page-order/"
     google-query: inurl:"/wp-content/plugins/my-page-order/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,my-page-order,high
+  tags: cve,wordpress,wp-plugin,my-page-order,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/my-wp-e034d0793fa530375c47c930a890a44e.yaml b/nuclei-templates/cve-less/plugins/my-wp-e034d0793fa530375c47c930a890a44e.yaml
index 4a3ff686d4..918e779b29 100644
--- a/nuclei-templates/cve-less/plugins/my-wp-e034d0793fa530375c47c930a890a44e.yaml
+++ b/nuclei-templates/cve-less/plugins/my-wp-e034d0793fa530375c47c930a890a44e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     My WP Customize Admin/Frontend <= 1.21.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The My WP Customize Admin/Frontend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.21.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/my-wp/"
     google-query: inurl:"/wp-content/plugins/my-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,my-wp,medium
+  tags: cve,wordpress,wp-plugin,my-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/myaliceai-40ddfa284deb87a97d4ffba35198f3b4.yaml b/nuclei-templates/cve-less/plugins/myaliceai-40ddfa284deb87a97d4ffba35198f3b4.yaml
index 0d1a52c6ee..443054708f 100644
--- a/nuclei-templates/cve-less/plugins/myaliceai-40ddfa284deb87a97d4ffba35198f3b4.yaml
+++ b/nuclei-templates/cve-less/plugins/myaliceai-40ddfa284deb87a97d4ffba35198f3b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MyAlice – Live Chat, WhatsApp, Facebook Messenger, Instagram, & Chatbot for WooCommerce <= 1.2.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MyAlice – Live Chat, WhatsApp, Facebook Messenger, Instagram, & Chatbot for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameter in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/myaliceai/"
     google-query: inurl:"/wp-content/plugins/myaliceai/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,myaliceai,medium
+  tags: cve,wordpress,wp-plugin,myaliceai,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mybooktable-8dbe7a3817fde028be9e786330407154.yaml b/nuclei-templates/cve-less/plugins/mybooktable-8dbe7a3817fde028be9e786330407154.yaml
index 98a32e9e68..7d1f6963a7 100644
--- a/nuclei-templates/cve-less/plugins/mybooktable-8dbe7a3817fde028be9e786330407154.yaml
+++ b/nuclei-templates/cve-less/plugins/mybooktable-8dbe7a3817fde028be9e786330407154.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MyBookTable Bookstore <= 3.2.2 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MyBookTable Bookstore plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser if they can trick an authenticated user into performing an action, such as clicking a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mybooktable/"
     google-query: inurl:"/wp-content/plugins/mybooktable/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mybooktable,high
+  tags: cve,wordpress,wp-plugin,mybooktable,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mybooktable-93938fbe21973f374f80c1d00bd023f7.yaml b/nuclei-templates/cve-less/plugins/mybooktable-93938fbe21973f374f80c1d00bd023f7.yaml
index e3b1203af0..8d6930f74c 100644
--- a/nuclei-templates/cve-less/plugins/mybooktable-93938fbe21973f374f80c1d00bd023f7.yaml
+++ b/nuclei-templates/cve-less/plugins/mybooktable-93938fbe21973f374f80c1d00bd023f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MyBookTable Bookstore by Stormhill Media <= 2.1.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MyBookTable Bookstore by Stormhill Media plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including 2.1.4, due to insufficient input sanitization and output escaping in the shadowbox feature.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mybooktable/"
     google-query: inurl:"/wp-content/plugins/mybooktable/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mybooktable,medium
+  tags: cve,wordpress,wp-plugin,mybooktable,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mycred-ab40c276cb9902f9d5e1087da672b8cb.yaml b/nuclei-templates/cve-less/plugins/mycred-ab40c276cb9902f9d5e1087da672b8cb.yaml
index 06e3b0d1ba..b9d6e2da36 100644
--- a/nuclei-templates/cve-less/plugins/mycred-ab40c276cb9902f9d5e1087da672b8cb.yaml
+++ b/nuclei-templates/cve-less/plugins/mycred-ab40c276cb9902f9d5e1087da672b8cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.6.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 2.4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mycred/"
     google-query: inurl:"/wp-content/plugins/mycred/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mycred,medium
+  tags: cve,wordpress,wp-plugin,mycred,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mycred-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/mycred-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1580ba30a4..eac64b1f24 100644
--- a/nuclei-templates/cve-less/plugins/mycred-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/mycred-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mycred/"
     google-query: inurl:"/wp-content/plugins/mycred/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mycred,medium
+  tags: cve,wordpress,wp-plugin,mycred,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/mz-mindbody-api-fdae69d4ebb419ff6e97487d1fa22ced.yaml b/nuclei-templates/cve-less/plugins/mz-mindbody-api-fdae69d4ebb419ff6e97487d1fa22ced.yaml
index 49312496ce..05c1cddc8a 100644
--- a/nuclei-templates/cve-less/plugins/mz-mindbody-api-fdae69d4ebb419ff6e97487d1fa22ced.yaml
+++ b/nuclei-templates/cve-less/plugins/mz-mindbody-api-fdae69d4ebb419ff6e97487d1fa22ced.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MZ Mindbody API <= 2.8.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The MZ Mindbody API for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.2. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to edit site content via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/mz-mindbody-api/"
     google-query: inurl:"/wp-content/plugins/mz-mindbody-api/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,mz-mindbody-api,high
+  tags: cve,wordpress,wp-plugin,mz-mindbody-api,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nd-elements-ef9b3c704d7fced594c5120e1a6fbd70.yaml b/nuclei-templates/cve-less/plugins/nd-elements-ef9b3c704d7fced594c5120e1a6fbd70.yaml
index 05c9c4973a..2ad474ce58 100644
--- a/nuclei-templates/cve-less/plugins/nd-elements-ef9b3c704d7fced594c5120e1a6fbd70.yaml
+++ b/nuclei-templates/cve-less/plugins/nd-elements-ef9b3c704d7fced594c5120e1a6fbd70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elements For Elementor <= 1.9 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elements For Elementor plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-elements/"
     google-query: inurl:"/wp-content/plugins/nd-elements/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nd-elements,medium
+  tags: cve,wordpress,wp-plugin,nd-elements,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-e721e32fa48eebd873371f94b4b26240.yaml b/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-e721e32fa48eebd873371f94b4b26240.yaml
index aa41cfcdce..1b9a9290c8 100644
--- a/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-e721e32fa48eebd873371f94b4b26240.yaml
+++ b/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-e721e32fa48eebd873371f94b4b26240.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restaurant Reservations <= 1.7 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The plugin Restaurant Reservations is vulnerable to SQL Injection via an several parameters in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-restaurant-reservations/"
     google-query: inurl:"/wp-content/plugins/nd-restaurant-reservations/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nd-restaurant-reservations,medium
+  tags: cve,wordpress,wp-plugin,nd-restaurant-reservations,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nd-shortcodes-ac14ec5ad7742e553d78dac3325ff055.yaml b/nuclei-templates/cve-less/plugins/nd-shortcodes-ac14ec5ad7742e553d78dac3325ff055.yaml
index 0f55aba676..af78c19e0d 100644
--- a/nuclei-templates/cve-less/plugins/nd-shortcodes-ac14ec5ad7742e553d78dac3325ff055.yaml
+++ b/nuclei-templates/cve-less/plugins/nd-shortcodes-ac14ec5ad7742e553d78dac3325ff055.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ND Shortcodes <= 6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ND Shortcodes plugin for WordPress is vulnerable to stored Cross-Site Scripting via multiple shortcodes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-shortcodes/"
     google-query: inurl:"/wp-content/plugins/nd-shortcodes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nd-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,nd-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nd-stats-for-envato-sales-by-item-48dc2938fe186fc758ec2763ee6f0d79.yaml b/nuclei-templates/cve-less/plugins/nd-stats-for-envato-sales-by-item-48dc2938fe186fc758ec2763ee6f0d79.yaml
index 0bc0468fc4..229fa1e39c 100644
--- a/nuclei-templates/cve-less/plugins/nd-stats-for-envato-sales-by-item-48dc2938fe186fc758ec2763ee6f0d79.yaml
+++ b/nuclei-templates/cve-less/plugins/nd-stats-for-envato-sales-by-item-48dc2938fe186fc758ec2763ee6f0d79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Envato Sales By Item <= 1.1 - Unauthenticated SQL Injection via AJAX call
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The Envato Sales By Item plugin for WordPress fails to sanitize user input that is subsequently used in an SQL. It also lacks capability checks. An unauthenticated attacker could exploit this in versions up to 1.1.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nd-stats-for-envato-sales-by-item/"
     google-query: inurl:"/wp-content/plugins/nd-stats-for-envato-sales-by-item/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nd-stats-for-envato-sales-by-item,medium
+  tags: cve,wordpress,wp-plugin,nd-stats-for-envato-sales-by-item,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/netroics-blog-posts-grid-5d20fde6dfb97e9f5d07e3e446eb155e.yaml b/nuclei-templates/cve-less/plugins/netroics-blog-posts-grid-5d20fde6dfb97e9f5d07e3e446eb155e.yaml
index 982591ffbc..04c7c228cf 100644
--- a/nuclei-templates/cve-less/plugins/netroics-blog-posts-grid-5d20fde6dfb97e9f5d07e3e446eb155e.yaml
+++ b/nuclei-templates/cve-less/plugins/netroics-blog-posts-grid-5d20fde6dfb97e9f5d07e3e446eb155e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Netroics Blog Posts Grid <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Netroics Blog Posts Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 1.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/netroics-blog-posts-grid/"
     google-query: inurl:"/wp-content/plugins/netroics-blog-posts-grid/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,netroics-blog-posts-grid,medium
+  tags: cve,wordpress,wp-plugin,netroics-blog-posts-grid,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/network-publisher-04eafceaed46e98686bbc255ebb274ab.yaml b/nuclei-templates/cve-less/plugins/network-publisher-04eafceaed46e98686bbc255ebb274ab.yaml
index 0cb3e91127..1613fcd43a 100644
--- a/nuclei-templates/cve-less/plugins/network-publisher-04eafceaed46e98686bbc255ebb274ab.yaml
+++ b/nuclei-templates/cve-less/plugins/network-publisher-04eafceaed46e98686bbc255ebb274ab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Network Publisher <= 5.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Network Publisher plugin for WordPress is vulnerable to Cross-Site Scripting via the 'networkpub_key' parameter in versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/network-publisher/"
     google-query: inurl:"/wp-content/plugins/network-publisher/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,network-publisher,medium
+  tags: cve,wordpress,wp-plugin,network-publisher,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/new-user-approve-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/new-user-approve-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 315653e7fd..2a54a4f7e7 100644
--- a/nuclei-templates/cve-less/plugins/new-user-approve-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/new-user-approve-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/new-user-approve/"
     google-query: inurl:"/wp-content/plugins/new-user-approve/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,new-user-approve,medium
+  tags: cve,wordpress,wp-plugin,new-user-approve,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/newsletter-by-supsystic-5a374355ec4537f847bbfe7d5d9419bb.yaml b/nuclei-templates/cve-less/plugins/newsletter-by-supsystic-5a374355ec4537f847bbfe7d5d9419bb.yaml
index 5846edb3c5..8efcc60cf2 100644
--- a/nuclei-templates/cve-less/plugins/newsletter-by-supsystic-5a374355ec4537f847bbfe7d5d9419bb.yaml
+++ b/nuclei-templates/cve-less/plugins/newsletter-by-supsystic-5a374355ec4537f847bbfe7d5d9419bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newsletter by Supsystic <= 1.5.6 - Authenticated (Admin+) Time-Based Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Newsletter by Supsystic plugin for WordPress is vulnerable to time-based blind SQL Injection via the ‘sidx’ parameter in versions up to, and including, 1.5.6 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/newsletter-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/newsletter-by-supsystic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,newsletter-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,newsletter-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/next-order-coupon-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/next-order-coupon-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5b031b938c..271c62f0cc 100644
--- a/nuclei-templates/cve-less/plugins/next-order-coupon-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/next-order-coupon-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/next-order-coupon-woocommerce/"
     google-query: inurl:"/wp-content/plugins/next-order-coupon-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,next-order-coupon-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,next-order-coupon-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nextend-facebook-connect-ca36ed6adf848cc827e64a29f8ea5b4f.yaml b/nuclei-templates/cve-less/plugins/nextend-facebook-connect-ca36ed6adf848cc827e64a29f8ea5b4f.yaml
index 5cccfe974c..75be13762a 100644
--- a/nuclei-templates/cve-less/plugins/nextend-facebook-connect-ca36ed6adf848cc827e64a29f8ea5b4f.yaml
+++ b/nuclei-templates/cve-less/plugins/nextend-facebook-connect-ca36ed6adf848cc827e64a29f8ea5b4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nextend Facebook Connect <= 1.5.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Nextend Facebook Connect plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing nonce validation on the store_settings() function. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextend-facebook-connect/"
     google-query: inurl:"/wp-content/plugins/nextend-facebook-connect/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nextend-facebook-connect,high
+  tags: cve,wordpress,wp-plugin,nextend-facebook-connect,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-39cf49efc2cfacf8bc667751cb10cb94.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-39cf49efc2cfacf8bc667751cb10cb94.yaml
index 8c398fa8d3..2132104b31 100644
--- a/nuclei-templates/cve-less/plugins/nextgen-gallery-39cf49efc2cfacf8bc667751cb10cb94.yaml
+++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-39cf49efc2cfacf8bc667751cb10cb94.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGen Gallery <= 2.1.77 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The NextGen Gallery plugin for WordPress is vulnerable to SQL Injection via the ‘$container_ids’ string in versions up to, and including, 2.1.77 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-d5553776b8e5331d8ec0787313ee2d60.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-d5553776b8e5331d8ec0787313ee2d60.yaml
index 5c183358d2..1df124d388 100644
--- a/nuclei-templates/cve-less/plugins/nextgen-gallery-d5553776b8e5331d8ec0787313ee2d60.yaml
+++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-d5553776b8e5331d8ec0787313ee2d60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGen Gallery <= 2.0.65 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The NextGen Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the is_image_file function in versions up to, and including, 2.0.65. This makes it possible for authenticated attackers with upload privileges to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery,high
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-sell-photo-b45eecf36500371522a7a91600b79df4.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-sell-photo-b45eecf36500371522a7a91600b79df4.yaml
index ee26250d7f..2b5aed1f5b 100644
--- a/nuclei-templates/cve-less/plugins/nextgen-gallery-sell-photo-b45eecf36500371522a7a91600b79df4.yaml
+++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-sell-photo-b45eecf36500371522a7a91600b79df4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGEN Gallery Sell Photo <= 1.0.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NextGEN Gallery Sell Photo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Button Text/Image' field in the settings page in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery-sell-photo/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery-sell-photo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery-sell-photo,medium
+  tags: cve,wordpress,wp-plugin,nextgen-gallery-sell-photo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-voting-c141b8b973ee71335be586680efd9177.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-voting-c141b8b973ee71335be586680efd9177.yaml
index 248e5b55eb..d1d2741fbc 100644
--- a/nuclei-templates/cve-less/plugins/nextgen-gallery-voting-c141b8b973ee71335be586680efd9177.yaml
+++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-voting-c141b8b973ee71335be586680efd9177.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGEN Gallery Voting <= 2.7.5 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The NextGEN Gallery Voting plugin for WordPress is vulnerable to SQL Injection via the 'nggv[limit]' parameter in versions up to, and including, [up to affected version] due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-gallery-voting/"
     google-query: inurl:"/wp-content/plugins/nextgen-gallery-voting/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nextgen-gallery-voting,high
+  tags: cve,wordpress,wp-plugin,nextgen-gallery-voting,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nextgen-smooth-gallery-fd1e125ffdeff47afb4a084c2351b847.yaml b/nuclei-templates/cve-less/plugins/nextgen-smooth-gallery-fd1e125ffdeff47afb4a084c2351b847.yaml
index 227b750c20..548292ca8c 100644
--- a/nuclei-templates/cve-less/plugins/nextgen-smooth-gallery-fd1e125ffdeff47afb4a084c2351b847.yaml
+++ b/nuclei-templates/cve-less/plugins/nextgen-smooth-gallery-fd1e125ffdeff47afb4a084c2351b847.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextGEN Smooth Gallery <= 1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NextGEN Smooth Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘galleryID’ parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nextgen-smooth-gallery/"
     google-query: inurl:"/wp-content/plugins/nextgen-smooth-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nextgen-smooth-gallery,medium
+  tags: cve,wordpress,wp-plugin,nextgen-smooth-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nexus-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/nexus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 23c30e4119..89903585f5 100644
--- a/nuclei-templates/cve-less/plugins/nexus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/nexus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nexus/"
     google-query: inurl:"/wp-content/plugins/nexus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nexus,medium
+  tags: cve,wordpress,wp-plugin,nexus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nichetable-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/nichetable-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a7c14a57a9..560bcdb72f 100644
--- a/nuclei-templates/cve-less/plugins/nichetable-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/nichetable-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nichetable/"
     google-query: inurl:"/wp-content/plugins/nichetable/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nichetable,medium
+  tags: cve,wordpress,wp-plugin,nichetable,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-624315d392127da9cdbb25a9ce0695f6.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-624315d392127da9cdbb25a9ce0695f6.yaml
index aea511ad1c..cb756cd0a2 100644
--- a/nuclei-templates/cve-less/plugins/ninja-forms-624315d392127da9cdbb25a9ce0695f6.yaml
+++ b/nuclei-templates/cve-less/plugins/ninja-forms-624315d392127da9cdbb25a9ce0695f6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 2.9.55.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ninja Forms Contact Form plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.9.55.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for Subscriber-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ninja-forms,high
+  tags: cve,wordpress,wp-plugin,ninja-forms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-7c7b836ffaa221f1b27ae77d75f66b3c.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-7c7b836ffaa221f1b27ae77d75f66b3c.yaml
index 91f68f8396..8fcb019981 100644
--- a/nuclei-templates/cve-less/plugins/ninja-forms-7c7b836ffaa221f1b27ae77d75f66b3c.yaml
+++ b/nuclei-templates/cve-less/plugins/ninja-forms-7c7b836ffaa221f1b27ae77d75f66b3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.9 - Cross-Site Request Forgery to Field Import and PHP Object Injection
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 3.6.9, due to missing nonce validation on the import_fields_listener() function that makes it possible for unauthenticated attackers to import new form fields granted that can trick an attacker into performing an action such as clicking on a link.
     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ninja-forms,high
+  tags: cve,wordpress,wp-plugin,ninja-forms,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-c27b108510956c02768a728e2ce3fea8.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-c27b108510956c02768a728e2ce3fea8.yaml
index a28418cac5..93c6b98587 100644
--- a/nuclei-templates/cve-less/plugins/ninja-forms-c27b108510956c02768a728e2ce3fea8.yaml
+++ b/nuclei-templates/cve-less/plugins/ninja-forms-c27b108510956c02768a728e2ce3fea8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ninja Forms Contact Form <= 2.9.18 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ninja Forms Contact Form plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.9.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthorized attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninja-forms/"
     google-query: inurl:"/wp-content/plugins/ninja-forms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ninja-forms,medium
+  tags: cve,wordpress,wp-plugin,ninja-forms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ninjafirewall-bfe7f25b364c1c551aace9e3b8962033.yaml b/nuclei-templates/cve-less/plugins/ninjafirewall-bfe7f25b364c1c551aace9e3b8962033.yaml
index 0751d5f5ff..3511fa2551 100644
--- a/nuclei-templates/cve-less/plugins/ninjafirewall-bfe7f25b364c1c551aace9e3b8962033.yaml
+++ b/nuclei-templates/cve-less/plugins/ninjafirewall-bfe7f25b364c1c551aace9e3b8962033.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server.  This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninjafirewall/"
     google-query: inurl:"/wp-content/plugins/ninjafirewall/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ninjafirewall,medium
+  tags: cve,wordpress,wp-plugin,ninjafirewall,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ninjalibs-ses-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ninjalibs-ses-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7a7efc9160..f1848e9710 100644
--- a/nuclei-templates/cve-less/plugins/ninjalibs-ses-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ninjalibs-ses-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ninjalibs-ses/"
     google-query: inurl:"/wp-content/plugins/ninjalibs-ses/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ninjalibs-ses,medium
+  tags: cve,wordpress,wp-plugin,ninjalibs-ses,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nitek-carousel-cool-transitions-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/nitek-carousel-cool-transitions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 55ed56c92e..0c6951265d 100644
--- a/nuclei-templates/cve-less/plugins/nitek-carousel-cool-transitions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/nitek-carousel-cool-transitions-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nitek-carousel-cool-transitions/"
     google-query: inurl:"/wp-content/plugins/nitek-carousel-cool-transitions/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nitek-carousel-cool-transitions,medium
+  tags: cve,wordpress,wp-plugin,nitek-carousel-cool-transitions,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nitropack-bd4439ed9a58ebca35ee43480cc063fc.yaml b/nuclei-templates/cve-less/plugins/nitropack-bd4439ed9a58ebca35ee43480cc063fc.yaml
index b35b88086b..841d11f5cc 100644
--- a/nuclei-templates/cve-less/plugins/nitropack-bd4439ed9a58ebca35ee43480cc063fc.yaml
+++ b/nuclei-templates/cve-less/plugins/nitropack-bd4439ed9a58ebca35ee43480cc063fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NitroPack <= 1.9.2 - Missing Authorization via multiple AJAX functions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access and above, to perform actions such as clearing cache, dismiss admin notifications, or enabling safe mode.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nitropack/"
     google-query: inurl:"/wp-content/plugins/nitropack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nitropack,medium
+  tags: cve,wordpress,wp-plugin,nitropack,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-f1f1da3dcd767a5d11f1b776e491f57d.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-f1f1da3dcd767a5d11f1b776e491f57d.yaml
index 2ab6f4002f..a1cd435015 100644
--- a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-f1f1da3dcd767a5d11f1b776e491f57d.yaml
+++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-f1f1da3dcd767a5d11f1b776e491f57d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Frontend File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 21.3. This is due to missing or incorrect nonce validation on the wpfm_save_settings function. This makes it possible for unauthenticated attackers to modify the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nmedia-user-file-uploader/"
     google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,high
+  tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/no-captcha-recaptcha-for-woocommerce-268f07777e79e9582f2676bd74ffb8e4.yaml b/nuclei-templates/cve-less/plugins/no-captcha-recaptcha-for-woocommerce-268f07777e79e9582f2676bd74ffb8e4.yaml
index dc8cdde71c..67a12d4977 100644
--- a/nuclei-templates/cve-less/plugins/no-captcha-recaptcha-for-woocommerce-268f07777e79e9582f2676bd74ffb8e4.yaml
+++ b/nuclei-templates/cve-less/plugins/no-captcha-recaptcha-for-woocommerce-268f07777e79e9582f2676bd74ffb8e4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     No CAPTCHA reCAPTCHA for WooCommerce <= 1.2.6 - Authenticated(Admin+) Stored Cross-Site Scripting via Plugin Settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The No CAPTCHA reCAPTCHA for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.6  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/no-captcha-recaptcha-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/no-captcha-recaptcha-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,no-captcha-recaptcha-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,no-captcha-recaptcha-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/no-captcha-recaptcha-for-woocommerce-94af6b10fc464ad700fcc3825517ff11.yaml b/nuclei-templates/cve-less/plugins/no-captcha-recaptcha-for-woocommerce-94af6b10fc464ad700fcc3825517ff11.yaml
index f375d6fcc1..614f42bf55 100644
--- a/nuclei-templates/cve-less/plugins/no-captcha-recaptcha-for-woocommerce-94af6b10fc464ad700fcc3825517ff11.yaml
+++ b/nuclei-templates/cve-less/plugins/no-captcha-recaptcha-for-woocommerce-94af6b10fc464ad700fcc3825517ff11.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     No CAPTCHA reCAPTCHA for WooCommerce <= 1.2.6 - Missing Authorization to Notification Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The No CAPTCHA reCAPTCHA for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dismiss_admin_notice function in versions up to, and including,1.2.6. This makes it possible for Unauthenticated attackers to dismiss the plugin's admin notice.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/no-captcha-recaptcha-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/no-captcha-recaptcha-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,no-captcha-recaptcha-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,no-captcha-recaptcha-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/nugget-by-ingot-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/nugget-by-ingot-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 503907542c..3cf29720d1 100644
--- a/nuclei-templates/cve-less/plugins/nugget-by-ingot-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/nugget-by-ingot-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/nugget-by-ingot/"
     google-query: inurl:"/wp-content/plugins/nugget-by-ingot/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,nugget-by-ingot,medium
+  tags: cve,wordpress,wp-plugin,nugget-by-ingot,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/number-chat-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/number-chat-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3c92f33cd0..1fc5e4023e 100644
--- a/nuclei-templates/cve-less/plugins/number-chat-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/number-chat-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/number-chat/"
     google-query: inurl:"/wp-content/plugins/number-chat/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,number-chat,medium
+  tags: cve,wordpress,wp-plugin,number-chat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/occasions-ffea4c38dbbf6eb29f1bb344ee6bae12.yaml b/nuclei-templates/cve-less/plugins/occasions-ffea4c38dbbf6eb29f1bb344ee6bae12.yaml
index fc64a5f4ea..6599362dd9 100644
--- a/nuclei-templates/cve-less/plugins/occasions-ffea4c38dbbf6eb29f1bb344ee6bae12.yaml
+++ b/nuclei-templates/cve-less/plugins/occasions-ffea4c38dbbf6eb29f1bb344ee6bae12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Occasions <= 1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Occasions plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation in the 'occasions.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions which can result in XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/occasions/"
     google-query: inurl:"/wp-content/plugins/occasions/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,occasions,high
+  tags: cve,wordpress,wp-plugin,occasions,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3d47172986..4efc45aa0a 100644
--- a/nuclei-templates/cve-less/plugins/ocean-extra-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ocean-extra-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ocean-extra/"
     google-query: inurl:"/wp-content/plugins/ocean-extra/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ocean-extra,medium
+  tags: cve,wordpress,wp-plugin,ocean-extra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/one-click-login-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/one-click-login-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b6a60b9723..39ca4b4c97 100644
--- a/nuclei-templates/cve-less/plugins/one-click-login-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/one-click-login-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/one-click-login/"
     google-query: inurl:"/wp-content/plugins/one-click-login/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,one-click-login,medium
+  tags: cve,wordpress,wp-plugin,one-click-login,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-96bf5a76ba4653bdf89616d82d0bf5c1.yaml b/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-96bf5a76ba4653bdf89616d82d0bf5c1.yaml
index 6d12854986..57a928d4a0 100644
--- a/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-96bf5a76ba4653bdf89616d82d0bf5c1.yaml
+++ b/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-96bf5a76ba4653bdf89616d82d0bf5c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OneClick Chat to Order <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The OneClick Chat to Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/oneclick-whatsapp-order/"
     google-query: inurl:"/wp-content/plugins/oneclick-whatsapp-order/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,medium
+  tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/online-accessibility-079b2f2c54a8b1fed68b5c27dcb96254.yaml b/nuclei-templates/cve-less/plugins/online-accessibility-079b2f2c54a8b1fed68b5c27dcb96254.yaml
index 4b3c84fd17..8ae037a749 100644
--- a/nuclei-templates/cve-less/plugins/online-accessibility-079b2f2c54a8b1fed68b5c27dcb96254.yaml
+++ b/nuclei-templates/cve-less/plugins/online-accessibility-079b2f2c54a8b1fed68b5c27dcb96254.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accessibility Suite by Online ADA < 2.0.11 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Accessibility Suite by Online ADA plugin for WordPress is vulnerable to generic SQL Injection via several parameters in versions up to, and including, 2.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/online-accessibility/"
     google-query: inurl:"/wp-content/plugins/online-accessibility/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,online-accessibility,high
+  tags: cve,wordpress,wp-plugin,online-accessibility,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/opening-hours-02f013b54b4f3674afd49b3afca90a89.yaml b/nuclei-templates/cve-less/plugins/opening-hours-02f013b54b4f3674afd49b3afca90a89.yaml
index 57fa15ce7c..16de19f74c 100644
--- a/nuclei-templates/cve-less/plugins/opening-hours-02f013b54b4f3674afd49b3afca90a89.yaml
+++ b/nuclei-templates/cve-less/plugins/opening-hours-02f013b54b4f3674afd49b3afca90a89.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     We’re Open! <= 1.37 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The We’re Open! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its setting parameters in versions up to, and including, 1.37 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/opening-hours/"
     google-query: inurl:"/wp-content/plugins/opening-hours/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,opening-hours,medium
+  tags: cve,wordpress,wp-plugin,opening-hours,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/opening-hours-55a39ce22d26293084937266d25d08be.yaml b/nuclei-templates/cve-less/plugins/opening-hours-55a39ce22d26293084937266d25d08be.yaml
index 9576f20dca..6834e8648e 100644
--- a/nuclei-templates/cve-less/plugins/opening-hours-55a39ce22d26293084937266d25d08be.yaml
+++ b/nuclei-templates/cve-less/plugins/opening-hours-55a39ce22d26293084937266d25d08be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     We’re Open! <= 1.44 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The We’re Open! plugin for WordPress is vulnerable to authorization bypass due to a missing capability checks on the admin_ajax function in versions up to, and including, 1.44. This function triggers multiple cases (google_business_credentials, google_data, google_business, separators, logo-delete, logo_delete, logo-remove, logo_remove, logo, structured-data, structured_data, google_data_preview, custom-styles, custom_styles, clear, cache, clear-cache, clear_cache, reset) and makes it possible for unauthenticated attackers to perform unauthorized administrative actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/opening-hours/"
     google-query: inurl:"/wp-content/plugins/opening-hours/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,opening-hours,medium
+  tags: cve,wordpress,wp-plugin,opening-hours,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/opensea-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/opensea-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 613779bbad..759fc7f43b 100644
--- a/nuclei-templates/cve-less/plugins/opensea-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/opensea-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/opensea/"
     google-query: inurl:"/wp-content/plugins/opensea/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,opensea,medium
+  tags: cve,wordpress,wp-plugin,opensea,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/opt-in-panda-e524be4e74a799805187c5341f4ea89f.yaml b/nuclei-templates/cve-less/plugins/opt-in-panda-e524be4e74a799805187c5341f4ea89f.yaml
index b52d848ba0..4f049568b2 100644
--- a/nuclei-templates/cve-less/plugins/opt-in-panda-e524be4e74a799805187c5341f4ea89f.yaml
+++ b/nuclei-templates/cve-less/plugins/opt-in-panda-e524be4e74a799805187c5341f4ea89f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     OnePress Opt-In Panda <= 2.6.2 - Missing Authorization on AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The OnePress Opt-In Panda plugin for WordPress is vulnerable to unauthorized modification of settings and retrieval of plugin settings due to missing capability checks on various AJAX actions in versions up to, and including 2.6.2.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/opt-in-panda/"
     google-query: inurl:"/wp-content/plugins/opt-in-panda/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,opt-in-panda,medium
+  tags: cve,wordpress,wp-plugin,opt-in-panda,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/optinfirex-487b45c8da9cac09ef28c95c49514ba6.yaml b/nuclei-templates/cve-less/plugins/optinfirex-487b45c8da9cac09ef28c95c49514ba6.yaml
index dae04cb7e2..3a1d95d89d 100644
--- a/nuclei-templates/cve-less/plugins/optinfirex-487b45c8da9cac09ef28c95c49514ba6.yaml
+++ b/nuclei-templates/cve-less/plugins/optinfirex-487b45c8da9cac09ef28c95c49514ba6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Optinferex Plugin (All Known Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Optinferex Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all known versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/optinfirex/"
     google-query: inurl:"/wp-content/plugins/optinfirex/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,optinfirex,medium
+  tags: cve,wordpress,wp-plugin,optinfirex,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/order-and-inventory-manager-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/order-and-inventory-manager-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1a9df19089..07ce7f36b1 100644
--- a/nuclei-templates/cve-less/plugins/order-and-inventory-manager-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/order-and-inventory-manager-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/order-and-inventory-manager-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/order-and-inventory-manager-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,order-and-inventory-manager-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,order-and-inventory-manager-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/order-on-chat-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/order-on-chat-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 606de0a33d..2c0c3cd53e 100644
--- a/nuclei-templates/cve-less/plugins/order-on-chat-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/order-on-chat-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/order-on-chat-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/order-on-chat-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,order-on-chat-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,order-on-chat-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/order-xml-file-export-import-for-woocommerce-2c636c041261dbec5d7ba4cab181df88.yaml b/nuclei-templates/cve-less/plugins/order-xml-file-export-import-for-woocommerce-2c636c041261dbec5d7ba4cab181df88.yaml
index ce279dab81..e213baa540 100644
--- a/nuclei-templates/cve-less/plugins/order-xml-file-export-import-for-woocommerce-2c636c041261dbec5d7ba4cab181df88.yaml
+++ b/nuclei-templates/cve-less/plugins/order-xml-file-export-import-for-woocommerce-2c636c041261dbec5d7ba4cab181df88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Order XML File Export Import for WooCommerce < 1.2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Order XML File Export Import for WooCommerce Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/order-xml-file-export-import-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/order-xml-file-export-import-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,order-xml-file-export-import-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,order-xml-file-export-import-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/organization-chart-7dc1fbd7e7abf281f194a7d7c03c76ee.yaml b/nuclei-templates/cve-less/plugins/organization-chart-7dc1fbd7e7abf281f194a7d7c03c76ee.yaml
index 1c5267e896..d36cc0e0ef 100644
--- a/nuclei-templates/cve-less/plugins/organization-chart-7dc1fbd7e7abf281f194a7d7c03c76ee.yaml
+++ b/nuclei-templates/cve-less/plugins/organization-chart-7dc1fbd7e7abf281f194a7d7c03c76ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Organization chart <= 1.4.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Organization chart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the post_page_content function. This makes it possible for unauthenticated attackers to invoke this function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/organization-chart/"
     google-query: inurl:"/wp-content/plugins/organization-chart/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,organization-chart,high
+  tags: cve,wordpress,wp-plugin,organization-chart,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/our-services-showcase-fa0b498c03b490f6a302c8923c66045e.yaml b/nuclei-templates/cve-less/plugins/our-services-showcase-fa0b498c03b490f6a302c8923c66045e.yaml
index e853a1e75c..28255190e2 100644
--- a/nuclei-templates/cve-less/plugins/our-services-showcase-fa0b498c03b490f6a302c8923c66045e.yaml
+++ b/nuclei-templates/cve-less/plugins/our-services-showcase-fa0b498c03b490f6a302c8923c66045e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Our Services Showcase <= 2.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Our Services Showcase plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the smartcat_services_update_order() function which is called via an AJAX action in versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber level permissions and above to modify the sc_member_order value for any post.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/our-services-showcase/"
     google-query: inurl:"/wp-content/plugins/our-services-showcase/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,our-services-showcase,medium
+  tags: cve,wordpress,wp-plugin,our-services-showcase,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/out-of-stock-display-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/out-of-stock-display-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3e22661745..e1539333b4 100644
--- a/nuclei-templates/cve-less/plugins/out-of-stock-display-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/out-of-stock-display-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/out-of-stock-display-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/out-of-stock-display-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,out-of-stock-display-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,out-of-stock-display-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/overlay-image-divi-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/overlay-image-divi-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a5fab5bee9..70b61876e8 100644
--- a/nuclei-templates/cve-less/plugins/overlay-image-divi-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/overlay-image-divi-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/overlay-image-divi-module/"
     google-query: inurl:"/wp-content/plugins/overlay-image-divi-module/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,overlay-image-divi-module,medium
+  tags: cve,wordpress,wp-plugin,overlay-image-divi-module,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/page-builder-sandwich-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/page-builder-sandwich-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 64cc193741..82f7e38e05 100644
--- a/nuclei-templates/cve-less/plugins/page-builder-sandwich-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/page-builder-sandwich-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-builder-sandwich/"
     google-query: inurl:"/wp-content/plugins/page-builder-sandwich/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,page-builder-sandwich,medium
+  tags: cve,wordpress,wp-plugin,page-builder-sandwich,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/page-generator-56d5619e454c2de075a4d59b6b36a2ce.yaml b/nuclei-templates/cve-less/plugins/page-generator-56d5619e454c2de075a4d59b6b36a2ce.yaml
index 8a6ae227b5..c7cf0c802d 100644
--- a/nuclei-templates/cve-less/plugins/page-generator-56d5619e454c2de075a4d59b6b36a2ce.yaml
+++ b/nuclei-templates/cve-less/plugins/page-generator-56d5619e454c2de075a4d59b6b36a2ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Generator <= 1.6.5 - Cross-Site Request Forgery to Arbitrary Keywords Deletion/Duplication
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Page Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the ajax function. This makes it possible for unauthenticated attackers to duplicate or deleted keywords granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/page-generator/"
     google-query: inurl:"/wp-content/plugins/page-generator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,page-generator,high
+  tags: cve,wordpress,wp-plugin,page-generator,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pagelayer-3368388a3eaf6ed2424923ab628b316b.yaml b/nuclei-templates/cve-less/plugins/pagelayer-3368388a3eaf6ed2424923ab628b316b.yaml
index d25af8ff78..3f8bcc02d5 100644
--- a/nuclei-templates/cve-less/plugins/pagelayer-3368388a3eaf6ed2424923ab628b316b.yaml
+++ b/nuclei-templates/cve-less/plugins/pagelayer-3368388a3eaf6ed2424923ab628b316b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PageLayer <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PageLayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ pagelayer_header_code’, 'pagelayer_body_code', and 'pagelayer_footer_code' parameters in versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagelayer/"
     google-query: inurl:"/wp-content/plugins/pagelayer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pagelayer,medium
+  tags: cve,wordpress,wp-plugin,pagelayer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pagerestrict-4d8ef6bd985f2d34f506708108c9100b.yaml b/nuclei-templates/cve-less/plugins/pagerestrict-4d8ef6bd985f2d34f506708108c9100b.yaml
index 5458c8068b..2a54640342 100644
--- a/nuclei-templates/cve-less/plugins/pagerestrict-4d8ef6bd985f2d34f506708108c9100b.yaml
+++ b/nuclei-templates/cve-less/plugins/pagerestrict-4d8ef6bd985f2d34f506708108c9100b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Page Restrict <= 2.2.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Page Restrict plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'message' parameter in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with admin level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This can also be exploited via Cross-Site Request Forgery.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagerestrict/"
     google-query: inurl:"/wp-content/plugins/pagerestrict/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pagerestrict,medium
+  tags: cve,wordpress,wp-plugin,pagerestrict,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pagination-4ed0ed5324b5c3f087d2833d0484d7f4.yaml b/nuclei-templates/cve-less/plugins/pagination-4ed0ed5324b5c3f087d2833d0484d7f4.yaml
index 5b69f7c946..ac7bbc82cb 100644
--- a/nuclei-templates/cve-less/plugins/pagination-4ed0ed5324b5c3f087d2833d0484d7f4.yaml
+++ b/nuclei-templates/cve-less/plugins/pagination-4ed0ed5324b5c3f087d2833d0484d7f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pagination by BestWebSoft < 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pagination by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pagination/"
     google-query: inurl:"/wp-content/plugins/pagination/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pagination,medium
+  tags: cve,wordpress,wp-plugin,pagination,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-410910e3bde9f58e737907bb1681caa1.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-410910e3bde9f58e737907bb1681caa1.yaml
index 715d025866..2b8ae626ca 100644
--- a/nuclei-templates/cve-less/plugins/paid-memberships-pro-410910e3bde9f58e737907bb1681caa1.yaml
+++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-410910e3bde9f58e737907bb1681caa1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paid Memberships Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the edit order page in versions up to, and including, 2.5.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-84d2d3378640513504438262d898e022.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-84d2d3378640513504438262d898e022.yaml
index 93eb51d6d3..82eb5d844d 100644
--- a/nuclei-templates/cve-less/plugins/paid-memberships-pro-84d2d3378640513504438262d898e022.yaml
+++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-84d2d3378640513504438262d898e022.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro <= 2.5.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-c3048e5abe91e890bbce0cc632e75565.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-c3048e5abe91e890bbce0cc632e75565.yaml
index 39eec85a0b..09ac91ee5b 100644
--- a/nuclei-templates/cve-less/plugins/paid-memberships-pro-c3048e5abe91e890bbce0cc632e75565.yaml
+++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-c3048e5abe91e890bbce0cc632e75565.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) User Meta Disclosure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.12.8 via the pmpro_member shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive data about users by utilizing the shortcode to display user meta field.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paid-memberships-pro/"
     google-query: inurl:"/wp-content/plugins/paid-memberships-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium
+  tags: cve,wordpress,wp-plugin,paid-memberships-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/panorama-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/panorama-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e58ebce22e..e8b2ff51cc 100644
--- a/nuclei-templates/cve-less/plugins/panorama-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/panorama-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/panorama/"
     google-query: inurl:"/wp-content/plugins/panorama/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,panorama,medium
+  tags: cve,wordpress,wp-plugin,panorama,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/parcel-tracker-ecourier-ce718587b1801a7c7537a48edc0e7766.yaml b/nuclei-templates/cve-less/plugins/parcel-tracker-ecourier-ce718587b1801a7c7537a48edc0e7766.yaml
index 7126676d4f..32ee0c7b22 100644
--- a/nuclei-templates/cve-less/plugins/parcel-tracker-ecourier-ce718587b1801a7c7537a48edc0e7766.yaml
+++ b/nuclei-templates/cve-less/plugins/parcel-tracker-ecourier-ce718587b1801a7c7537a48edc0e7766.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Parcel Tracker eCourier <= 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ship To eCourier plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the ecourier-settings function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/parcel-tracker-ecourier/"
     google-query: inurl:"/wp-content/plugins/parcel-tracker-ecourier/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,parcel-tracker-ecourier,high
+  tags: cve,wordpress,wp-plugin,parcel-tracker-ecourier,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/participants-database-74dfc45ecae7de304e8f9080bdfdb51d.yaml b/nuclei-templates/cve-less/plugins/participants-database-74dfc45ecae7de304e8f9080bdfdb51d.yaml
index 5296e836c9..5239e5e2ec 100644
--- a/nuclei-templates/cve-less/plugins/participants-database-74dfc45ecae7de304e8f9080bdfdb51d.yaml
+++ b/nuclei-templates/cve-less/plugins/participants-database-74dfc45ecae7de304e8f9080bdfdb51d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Participants Database <= 2.4.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Participants Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/participants-database/"
     google-query: inurl:"/wp-content/plugins/participants-database/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,participants-database,medium
+  tags: cve,wordpress,wp-plugin,participants-database,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/passwords-manager-d0bbc9ae1fbf2d240bae5f6283bcefb6.yaml b/nuclei-templates/cve-less/plugins/passwords-manager-d0bbc9ae1fbf2d240bae5f6283bcefb6.yaml
index 9bcd3a103a..e0c55fa3a1 100644
--- a/nuclei-templates/cve-less/plugins/passwords-manager-d0bbc9ae1fbf2d240bae5f6283bcefb6.yaml
+++ b/nuclei-templates/cve-less/plugins/passwords-manager-d0bbc9ae1fbf2d240bae5f6283bcefb6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Passwords Manager <= 1.4.4 - Cross-Site Scripting via pwdms_csv_category parameter
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Passwords Manager plugin is vulnerable to Cross-Site scripting via the pwdms_csv_category parameter in versions up to, and including, 1.4.4 due to insufficient sanitization and escaping. This makes it possible for administrators to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/passwords-manager/"
     google-query: inurl:"/wp-content/plugins/passwords-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,passwords-manager,medium
+  tags: cve,wordpress,wp-plugin,passwords-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/past-events-extension-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/past-events-extension-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f01b72c426..82f4b279fb 100644
--- a/nuclei-templates/cve-less/plugins/past-events-extension-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/past-events-extension-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/past-events-extension/"
     google-query: inurl:"/wp-content/plugins/past-events-extension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,past-events-extension,medium
+  tags: cve,wordpress,wp-plugin,past-events-extension,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/payment-gateway-payfabric-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/payment-gateway-payfabric-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f8628a4cd5..5b6aee67ce 100644
--- a/nuclei-templates/cve-less/plugins/payment-gateway-payfabric-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/payment-gateway-payfabric-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/payment-gateway-payfabric/"
     google-query: inurl:"/wp-content/plugins/payment-gateway-payfabric/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,payment-gateway-payfabric,medium
+  tags: cve,wordpress,wp-plugin,payment-gateway-payfabric,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/paytium-2de2a309a48a2066b54fa1a1b79cdf95.yaml b/nuclei-templates/cve-less/plugins/paytium-2de2a309a48a2066b54fa1a1b79cdf95.yaml
index d92f6f55c8..7afc2a4d47 100644
--- a/nuclei-templates/cve-less/plugins/paytium-2de2a309a48a2066b54fa1a1b79cdf95.yaml
+++ b/nuclei-templates/cve-less/plugins/paytium-2de2a309a48a2066b54fa1a1b79cdf95.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytium/"
     google-query: inurl:"/wp-content/plugins/paytium/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,paytium,medium
+  tags: cve,wordpress,wp-plugin,paytium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/paytium-4f11f74ab70050e21f6862beb40d9a96.yaml b/nuclei-templates/cve-less/plugins/paytium-4f11f74ab70050e21f6862beb40d9a96.yaml
index 57d7200b21..46f85e49da 100644
--- a/nuclei-templates/cve-less/plugins/paytium-4f11f74ab70050e21f6862beb40d9a96.yaml
+++ b/nuclei-templates/cve-less/plugins/paytium-4f11f74ab70050e21f6862beb40d9a96.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytium/"
     google-query: inurl:"/wp-content/plugins/paytium/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,paytium,medium
+  tags: cve,wordpress,wp-plugin,paytium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/paytium-62269eb67796cbb2339d6188b5db837c.yaml b/nuclei-templates/cve-less/plugins/paytium-62269eb67796cbb2339d6188b5db837c.yaml
index 84122d7912..7b6f078e65 100644
--- a/nuclei-templates/cve-less/plugins/paytium-62269eb67796cbb2339d6188b5db837c.yaml
+++ b/nuclei-templates/cve-less/plugins/paytium-62269eb67796cbb2339d6188b5db837c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytium/"
     google-query: inurl:"/wp-content/plugins/paytium/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,paytium,medium
+  tags: cve,wordpress,wp-plugin,paytium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/paytium-6717ed512d0f6dcb712096abdaea80dd.yaml b/nuclei-templates/cve-less/plugins/paytium-6717ed512d0f6dcb712096abdaea80dd.yaml
index 50fa4b1dda..a384592a31 100644
--- a/nuclei-templates/cve-less/plugins/paytium-6717ed512d0f6dcb712096abdaea80dd.yaml
+++ b/nuclei-templates/cve-less/plugins/paytium-6717ed512d0f6dcb712096abdaea80dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_mollie_account_details'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytium/"
     google-query: inurl:"/wp-content/plugins/paytium/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,paytium,medium
+  tags: cve,wordpress,wp-plugin,paytium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/paytium-92d0e7bc94b44754e236b3eab5ba21b3.yaml b/nuclei-templates/cve-less/plugins/paytium-92d0e7bc94b44754e236b3eab5ba21b3.yaml
index 302d8c97b6..41a67ee9eb 100644
--- a/nuclei-templates/cve-less/plugins/paytium-92d0e7bc94b44754e236b3eab5ba21b3.yaml
+++ b/nuclei-templates/cve-less/plugins/paytium-92d0e7bc94b44754e236b3eab5ba21b3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytium/"
     google-query: inurl:"/wp-content/plugins/paytium/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,paytium,medium
+  tags: cve,wordpress,wp-plugin,paytium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/paytium-d89f421b57194b2722cbd6095ba6fda5.yaml b/nuclei-templates/cve-less/plugins/paytium-d89f421b57194b2722cbd6095ba6fda5.yaml
index e5b5971d3e..ecd0f30f24 100644
--- a/nuclei-templates/cve-less/plugins/paytium-d89f421b57194b2722cbd6095ba6fda5.yaml
+++ b/nuclei-templates/cve-less/plugins/paytium-d89f421b57194b2722cbd6095ba6fda5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytium <= 3.1.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paytium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_field_data_html()' function in versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytium/"
     google-query: inurl:"/wp-content/plugins/paytium/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,paytium,medium
+  tags: cve,wordpress,wp-plugin,paytium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/paytium-e5b14dd6b8ce0a1e923582746cd9e67d.yaml b/nuclei-templates/cve-less/plugins/paytium-e5b14dd6b8ce0a1e923582746cd9e67d.yaml
index 58d2b67f7d..27a33bd453 100644
--- a/nuclei-templates/cve-less/plugins/paytium-e5b14dd6b8ce0a1e923582746cd9e67d.yaml
+++ b/nuclei-templates/cve-less/plugins/paytium-e5b14dd6b8ce0a1e923582746cd9e67d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/paytium/"
     google-query: inurl:"/wp-content/plugins/paytium/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,paytium,medium
+  tags: cve,wordpress,wp-plugin,paytium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pdf-print-40ad9a6c734da3962dc8243739e3141d.yaml b/nuclei-templates/cve-less/plugins/pdf-print-40ad9a6c734da3962dc8243739e3141d.yaml
index 673eb0b72d..80653c5d05 100644
--- a/nuclei-templates/cve-less/plugins/pdf-print-40ad9a6c734da3962dc8243739e3141d.yaml
+++ b/nuclei-templates/cve-less/plugins/pdf-print-40ad9a6c734da3962dc8243739e3141d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin < 1.7.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdf-print/"
     google-query: inurl:"/wp-content/plugins/pdf-print/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pdf-print,medium
+  tags: cve,wordpress,wp-plugin,pdf-print,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pdw-file-browser-c6589434b15992ea6614e8eb940f49fe.yaml b/nuclei-templates/cve-less/plugins/pdw-file-browser-c6589434b15992ea6614e8eb940f49fe.yaml
index 855f9a3149..d665402693 100644
--- a/nuclei-templates/cve-less/plugins/pdw-file-browser-c6589434b15992ea6614e8eb940f49fe.yaml
+++ b/nuclei-templates/cve-less/plugins/pdw-file-browser-c6589434b15992ea6614e8eb940f49fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PDF File Browser <= 1.3 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The PDF File Browser plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.3 via the qqfile parameter. This allows authenticated attackers to execute code on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pdw-file-browser/"
     google-query: inurl:"/wp-content/plugins/pdw-file-browser/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pdw-file-browser,high
+  tags: cve,wordpress,wp-plugin,pdw-file-browser,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/performance-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/performance-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 136ec6b8a9..6ed3e204d4 100644
--- a/nuclei-templates/cve-less/plugins/performance-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/performance-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/performance-kit/"
     google-query: inurl:"/wp-content/plugins/performance-kit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,performance-kit,medium
+  tags: cve,wordpress,wp-plugin,performance-kit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/persian-woocommerce-sms-f6e0611408f1fa46e8d9b7f9c0374cb8.yaml b/nuclei-templates/cve-less/plugins/persian-woocommerce-sms-f6e0611408f1fa46e8d9b7f9c0374cb8.yaml
index 0fd203c191..1e7b012834 100644
--- a/nuclei-templates/cve-less/plugins/persian-woocommerce-sms-f6e0611408f1fa46e8d9b7f9c0374cb8.yaml
+++ b/nuclei-templates/cve-less/plugins/persian-woocommerce-sms-f6e0611408f1fa46e8d9b7f9c0374cb8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     افزونه پیامک ووکامرس Persian WooCommerce SMS <= 4.4.0 - Cross-Site Scripting and SQL Injection
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to SQL Injection and Cross-Site Scripting via many methods in versions up to and including 4.4.0.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/persian-woocommerce-sms/"
     google-query: inurl:"/wp-content/plugins/persian-woocommerce-sms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,persian-woocommerce-sms,medium
+  tags: cve,wordpress,wp-plugin,persian-woocommerce-sms,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/phone-orders-for-woocommerce-f53b59e3d01b975c6802657d08b4d293.yaml b/nuclei-templates/cve-less/plugins/phone-orders-for-woocommerce-f53b59e3d01b975c6802657d08b4d293.yaml
index 8944b2602e..97d9354d45 100644
--- a/nuclei-templates/cve-less/plugins/phone-orders-for-woocommerce-f53b59e3d01b975c6802657d08b4d293.yaml
+++ b/nuclei-templates/cve-less/plugins/phone-orders-for-woocommerce-f53b59e3d01b975c6802657d08b4d293.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Phone Orders for WooCommerce <= 3.7.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Phone Orders for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing nonce validation on the ajax_gate function which controls many additional functions also missing nonce validation. This makes it possible for unauthenticated attackers to invoke this function and perform actions on behalf of administrators, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/phone-orders-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/phone-orders-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,phone-orders-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,phone-orders-for-woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-02d4095d603887ea90170c039ddd4ef1.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-02d4095d603887ea90170c039ddd4ef1.yaml
index 2808b8be93..c2f958afc1 100644
--- a/nuclei-templates/cve-less/plugins/photo-gallery-02d4095d603887ea90170c039ddd4ef1.yaml
+++ b/nuclei-templates/cve-less/plugins/photo-gallery-02d4095d603887ea90170c039ddd4ef1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.5.68 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photo Gallery by 10Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ bwg_search_X’ parameter in versions up to, and including, 1.5.68 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This vulnerability is separate from CVE-2021-24291.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-03f9356825118ca4016abd782e8ac0fc.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-03f9356825118ca4016abd782e8ac0fc.yaml
index 7456a53032..958cf40534 100644
--- a/nuclei-templates/cve-less/plugins/photo-gallery-03f9356825118ca4016abd782e8ac0fc.yaml
+++ b/nuclei-templates/cve-less/plugins/photo-gallery-03f9356825118ca4016abd782e8ac0fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.6.8 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Gallery by 10Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-3c5bac80199ef30099a13588ec30b8cb.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-3c5bac80199ef30099a13588ec30b8cb.yaml
index 102c6023b4..0152101c9c 100644
--- a/nuclei-templates/cve-less/plugins/photo-gallery-3c5bac80199ef30099a13588ec30b8cb.yaml
+++ b/nuclei-templates/cve-less/plugins/photo-gallery-3c5bac80199ef30099a13588ec30b8cb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.5.78 - Stored Cross-Site Scripting via Uploaded SVG
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.78 due to insufficient sanitization and escaping on SVG uploads. This makes it possible for low-level authenticated attackers, such as authors, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-44b42ab3cc67f2808aca4c4c544fe3ed.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-44b42ab3cc67f2808aca4c4c544fe3ed.yaml
index 285678b1af..ebfa0381bf 100644
--- a/nuclei-templates/cve-less/plugins/photo-gallery-44b42ab3cc67f2808aca4c4c544fe3ed.yaml
+++ b/nuclei-templates/cve-less/plugins/photo-gallery-44b42ab3cc67f2808aca4c4c544fe3ed.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.6.7 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Gallery by 10Web plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 1.6.7  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges, to inject arbitrary web scripts in pages that execute whenever a victim accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-52e7ff3acb78cedfa1cc6fc74cf893bd.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-52e7ff3acb78cedfa1cc6fc74cf893bd.yaml
index 22030dc77d..dbb3a629e4 100644
--- a/nuclei-templates/cve-less/plugins/photo-gallery-52e7ff3acb78cedfa1cc6fc74cf893bd.yaml
+++ b/nuclei-templates/cve-less/plugins/photo-gallery-52e7ff3acb78cedfa1cc6fc74cf893bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web < 1.3.43 - Authenticated Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Photo Gallery by 10Web plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.3.42. This allows administrative-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-78fe6306f76d32a87cb79d1ed7a18344.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-78fe6306f76d32a87cb79d1ed7a18344.yaml
index ace2e55536..ec169d840b 100644
--- a/nuclei-templates/cve-less/plugins/photo-gallery-78fe6306f76d32a87cb79d1ed7a18344.yaml
+++ b/nuclei-templates/cve-less/plugins/photo-gallery-78fe6306f76d32a87cb79d1ed7a18344.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.3.66 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photo Gallery by 10Web plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.3.66 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,photo-gallery,medium
+  tags: cve,wordpress,wp-plugin,photo-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-d2f0c79f766915ada458669bedb0c203.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-d2f0c79f766915ada458669bedb0c203.yaml
index af47b6303a..30e6ae27bb 100644
--- a/nuclei-templates/cve-less/plugins/photo-gallery-d2f0c79f766915ada458669bedb0c203.yaml
+++ b/nuclei-templates/cve-less/plugins/photo-gallery-d2f0c79f766915ada458669bedb0c203.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photo Gallery by 10Web <= 1.3.37 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Photo Gallery by 10Web plugin for WordPress is vulnerable to SQL Injection via the ‘album_id’ parameter in versions up to, and including, 1.3.37 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photo-gallery/"
     google-query: inurl:"/wp-content/plugins/photo-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,photo-gallery,high
+  tags: cve,wordpress,wp-plugin,photo-gallery,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-7aee34ffd65481adae802a1b67540af3.yaml b/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-7aee34ffd65481adae802a1b67540af3.yaml
index dc6ebb5771..b5587f94b4 100644
--- a/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-7aee34ffd65481adae802a1b67540af3.yaml
+++ b/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-7aee34ffd65481adae802a1b67540af3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gallery PhotoBlocks <= 1.2.8 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gallery PhotoBlocks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.2.8 due to missing capability checks on the init() function found in the ~/admin/class-photoblocks-admin.php file. This makes it possible for authenticated users with minimal permissions, such as a subscriber, to delete and clone gallery photoblocks.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photoblocks-grid-gallery/"
     google-query: inurl:"/wp-content/plugins/photoblocks-grid-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,medium
+  tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 37a7473779..48e4317c73 100644
--- a/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photoblocks-grid-gallery/"
     google-query: inurl:"/wp-content/plugins/photoblocks-grid-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,medium
+  tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/photospace-responsive-b4a8b8c1c6aa3303fd49306d6d3da366.yaml b/nuclei-templates/cve-less/plugins/photospace-responsive-b4a8b8c1c6aa3303fd49306d6d3da366.yaml
index e73c9c8b9c..c8a647096a 100644
--- a/nuclei-templates/cve-less/plugins/photospace-responsive-b4a8b8c1c6aa3303fd49306d6d3da366.yaml
+++ b/nuclei-templates/cve-less/plugins/photospace-responsive-b4a8b8c1c6aa3303fd49306d6d3da366.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photospace Responsive <= 1.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photospace Responsive plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/photospace-responsive/"
     google-query: inurl:"/wp-content/plugins/photospace-responsive/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,photospace-responsive,medium
+  tags: cve,wordpress,wp-plugin,photospace-responsive,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/picture-gallery-f15ed32464b8a833a76a0b7a1fe8248d.yaml b/nuclei-templates/cve-less/plugins/picture-gallery-f15ed32464b8a833a76a0b7a1fe8248d.yaml
index 1512dab801..572071c433 100644
--- a/nuclei-templates/cve-less/plugins/picture-gallery-f15ed32464b8a833a76a0b7a1fe8248d.yaml
+++ b/nuclei-templates/cve-less/plugins/picture-gallery-f15ed32464b8a833a76a0b7a1fe8248d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Picture Gallery – Frontend Image Uploads, AJAX Photo List < 1.4.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'p_videowhisper_content_edit' parameter in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/picture-gallery/"
     google-query: inurl:"/wp-content/plugins/picture-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,picture-gallery,medium
+  tags: cve,wordpress,wp-plugin,picture-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pinblocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/pinblocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2e2cc638fb..e6d28239b8 100644
--- a/nuclei-templates/cve-less/plugins/pinblocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/pinblocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pinblocks/"
     google-query: inurl:"/wp-content/plugins/pinblocks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pinblocks,medium
+  tags: cve,wordpress,wp-plugin,pinblocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ping-list-pro-a89413a448da960907f201f2e284d495.yaml b/nuclei-templates/cve-less/plugins/ping-list-pro-a89413a448da960907f201f2e284d495.yaml
index 290f5322cb..76f3c8f802 100644
--- a/nuclei-templates/cve-less/plugins/ping-list-pro-a89413a448da960907f201f2e284d495.yaml
+++ b/nuclei-templates/cve-less/plugins/ping-list-pro-a89413a448da960907f201f2e284d495.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ping List Pro <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ping List Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce protection on the 'Ping_Optimizing' function in versions up to, and including 1.1. This makes it possible for unauthenticated attackers to modify the plugin's settings and potentially inject malicious web scripts via a forged request granted they could trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ping-list-pro/"
     google-query: inurl:"/wp-content/plugins/ping-list-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ping-list-pro,high
+  tags: cve,wordpress,wp-plugin,ping-list-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pinterest-pin-it-button-on-image-hover-and-post-230333f7152338c0e847a31fb3c9a2dd.yaml b/nuclei-templates/cve-less/plugins/pinterest-pin-it-button-on-image-hover-and-post-230333f7152338c0e847a31fb3c9a2dd.yaml
index 2a028bfd47..8c01992146 100644
--- a/nuclei-templates/cve-less/plugins/pinterest-pin-it-button-on-image-hover-and-post-230333f7152338c0e847a31fb3c9a2dd.yaml
+++ b/nuclei-templates/cve-less/plugins/pinterest-pin-it-button-on-image-hover-and-post-230333f7152338c0e847a31fb3c9a2dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weblizar Pin It Button On Image Hover And Post < 3.4 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Weblizar Pin It Button On Image Hover And Post plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'SaveSettings' function in versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pinterest-pin-it-button-on-image-hover-and-post/"
     google-query: inurl:"/wp-content/plugins/pinterest-pin-it-button-on-image-hover-and-post/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pinterest-pin-it-button-on-image-hover-and-post,medium
+  tags: cve,wordpress,wp-plugin,pinterest-pin-it-button-on-image-hover-and-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/plausible-analytics-067e897c25e69073ab36a1703c7f28be.yaml b/nuclei-templates/cve-less/plugins/plausible-analytics-067e897c25e69073ab36a1703c7f28be.yaml
index ea4abbb8e7..b04040787c 100644
--- a/nuclei-templates/cve-less/plugins/plausible-analytics-067e897c25e69073ab36a1703c7f28be.yaml
+++ b/nuclei-templates/cve-less/plugins/plausible-analytics-067e897c25e69073ab36a1703c7f28be.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plausible Analytics <= 1.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Plausible Analytics plugin is vulnerable to unauthorized setting changes in versions up to, and including, 1.2.3 due to an improperly configured capability and nonce check on the save_admin_settings() function. This could be exploited by any authenticated user, including those with minimal capabilities like subscribers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/plausible-analytics/"
     google-query: inurl:"/wp-content/plugins/plausible-analytics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,plausible-analytics,medium
+  tags: cve,wordpress,wp-plugin,plausible-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/player-0dd50401fc253eb4ff30c00f51c39236.yaml b/nuclei-templates/cve-less/plugins/player-0dd50401fc253eb4ff30c00f51c39236.yaml
index 1920a9c87a..d0d55e2995 100644
--- a/nuclei-templates/cve-less/plugins/player-0dd50401fc253eb4ff30c00f51c39236.yaml
+++ b/nuclei-templates/cve-less/plugins/player-0dd50401fc253eb4ff30c00f51c39236.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SpiderVPlayer < 1.5.18 - Multiple Blind Authenticated SQL Injections
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The SpiderVPlayer plugin for WordPress is vulnerable to Multiple Blind Authenticated SQL Injections via the 'order_by' parameter used in various functions in versions before 1.5.18 due to a lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/player/"
     google-query: inurl:"/wp-content/plugins/player/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,player,high
+  tags: cve,wordpress,wp-plugin,player,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/plugin-central-8d3ea868911a052c015f14b1fed79fc4.yaml b/nuclei-templates/cve-less/plugins/plugin-central-8d3ea868911a052c015f14b1fed79fc4.yaml
index 3d6ddf5aa1..b7f2534d92 100644
--- a/nuclei-templates/cve-less/plugins/plugin-central-8d3ea868911a052c015f14b1fed79fc4.yaml
+++ b/nuclei-templates/cve-less/plugins/plugin-central-8d3ea868911a052c015f14b1fed79fc4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plugin Central < 2.5.1 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Plugin Central plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘file' and 'name' parameters in versions before 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/plugin-central/"
     google-query: inurl:"/wp-content/plugins/plugin-central/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,plugin-central,high
+  tags: cve,wordpress,wp-plugin,plugin-central,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pmpro-courses-b95250d725c58e5f77c57b6de18a5532.yaml b/nuclei-templates/cve-less/plugins/pmpro-courses-b95250d725c58e5f77c57b6de18a5532.yaml
index 3a30fdd8c9..90ce1d5a76 100644
--- a/nuclei-templates/cve-less/plugins/pmpro-courses-b95250d725c58e5f77c57b6de18a5532.yaml
+++ b/nuclei-templates/cve-less/plugins/pmpro-courses-b95250d725c58e5f77c57b6de18a5532.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paid Memberships Pro - Courses for Membership Add On <= 1.2.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Paid Memberships Pro - Courses for Membership Add On plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmpro_courses_modules' setting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. This can also be exploited via Cross-Site Request Forgery.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pmpro-courses/"
     google-query: inurl:"/wp-content/plugins/pmpro-courses/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pmpro-courses,medium
+  tags: cve,wordpress,wp-plugin,pmpro-courses,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/podcast-box-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/podcast-box-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4146176b04..5dc078060c 100644
--- a/nuclei-templates/cve-less/plugins/podcast-box-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/podcast-box-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/podcast-box/"
     google-query: inurl:"/wp-content/plugins/podcast-box/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,podcast-box,medium
+  tags: cve,wordpress,wp-plugin,podcast-box,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pods-dd09b82c04b588417962747e8b977772.yaml b/nuclei-templates/cve-less/plugins/pods-dd09b82c04b588417962747e8b977772.yaml
index ff085a041d..c9acdab0f2 100644
--- a/nuclei-templates/cve-less/plugins/pods-dd09b82c04b588417962747e8b977772.yaml
+++ b/nuclei-templates/cve-less/plugins/pods-dd09b82c04b588417962747e8b977772.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pods – Custom Content Types and Fields <= 2.7.28 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pods/"
     google-query: inurl:"/wp-content/plugins/pods/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pods,medium
+  tags: cve,wordpress,wp-plugin,pods,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/polldaddy-7743d4aab2210fca5895ae50928bc6f9.yaml b/nuclei-templates/cve-less/plugins/polldaddy-7743d4aab2210fca5895ae50928bc6f9.yaml
index 4a5f363921..9d7b87fb09 100644
--- a/nuclei-templates/cve-less/plugins/polldaddy-7743d4aab2210fca5895ae50928bc6f9.yaml
+++ b/nuclei-templates/cve-less/plugins/polldaddy-7743d4aab2210fca5895ae50928bc6f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crowdsignal Dashboard < 2.0.21 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Crowdsignal Dashboard – Polls, Surveys & more plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 2.0.21. This is due to missing or incorrect nonce validation in the rating_settings function. This makes it possible for unauthenticated attackers to have an unknown impact via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/polldaddy/"
     google-query: inurl:"/wp-content/plugins/polldaddy/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,polldaddy,high
+  tags: cve,wordpress,wp-plugin,polldaddy,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/polylang-79eabca00926846a970481cb6b7e83aa.yaml b/nuclei-templates/cve-less/plugins/polylang-79eabca00926846a970481cb6b7e83aa.yaml
index 56406c319f..bfec914e0c 100644
--- a/nuclei-templates/cve-less/plugins/polylang-79eabca00926846a970481cb6b7e83aa.yaml
+++ b/nuclei-templates/cve-less/plugins/polylang-79eabca00926846a970481cb6b7e83aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Polylang <= 2.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Polylang plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5. This is due to missing or incorrect nonce validation on the wp_insert_post_data() function. This makes it possible for unauthenticated attackers to duplicate media via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/polylang/"
     google-query: inurl:"/wp-content/plugins/polylang/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,polylang,high
+  tags: cve,wordpress,wp-plugin,polylang,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pootle-page-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/pootle-page-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4b1517d6dd..6d7f8ad0f8 100644
--- a/nuclei-templates/cve-less/plugins/pootle-page-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/pootle-page-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pootle-page-builder/"
     google-query: inurl:"/wp-content/plugins/pootle-page-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pootle-page-builder,medium
+  tags: cve,wordpress,wp-plugin,pootle-page-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pop-over-xyz-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/pop-over-xyz-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9a1235675c..23fa6159c1 100644
--- a/nuclei-templates/cve-less/plugins/pop-over-xyz-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/pop-over-xyz-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pop-over-xyz/"
     google-query: inurl:"/wp-content/plugins/pop-over-xyz/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pop-over-xyz,medium
+  tags: cve,wordpress,wp-plugin,pop-over-xyz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/popup-builder-18e611cf48e8f4ad6e3b9384220c5457.yaml b/nuclei-templates/cve-less/plugins/popup-builder-18e611cf48e8f4ad6e3b9384220c5457.yaml
index 5a8aa3af38..3b6a2e97c5 100644
--- a/nuclei-templates/cve-less/plugins/popup-builder-18e611cf48e8f4ad6e3b9384220c5457.yaml
+++ b/nuclei-templates/cve-less/plugins/popup-builder-18e611cf48e8f4ad6e3b9384220c5457.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Builder <= 3.72 Missing Authorization on AJAX actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup Builder plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 3.71 due to missing capability checks on various actions called via AJAX. This makes it possible for attackers to import subscribers and send newsletters among other actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-builder/"
     google-query: inurl:"/wp-content/plugins/popup-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,popup-builder,medium
+  tags: cve,wordpress,wp-plugin,popup-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/popup-images-e6cb47157cb35f90dcc06e51f4ec2619.yaml b/nuclei-templates/cve-less/plugins/popup-images-e6cb47157cb35f90dcc06e51f4ec2619.yaml
index 27dd6d373e..a0edd66d1c 100644
--- a/nuclei-templates/cve-less/plugins/popup-images-e6cb47157cb35f90dcc06e51f4ec2619.yaml
+++ b/nuclei-templates/cve-less/plugins/popup-images-e6cb47157cb35f90dcc06e51f4ec2619.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Popup Images (Unknown Version) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Popup Images plugin for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/popup-images/"
     google-query: inurl:"/wp-content/plugins/popup-images/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,popup-images,medium
+  tags: cve,wordpress,wp-plugin,popup-images,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/portfolio-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/portfolio-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0c528b7571..cb5fbb02ac 100644
--- a/nuclei-templates/cve-less/plugins/portfolio-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/portfolio-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/portfolio-elementor/"
     google-query: inurl:"/wp-content/plugins/portfolio-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,portfolio-elementor,medium
+  tags: cve,wordpress,wp-plugin,portfolio-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/portfolio-responsive-gallery-70beb78ba7fd734dda35bda551cb0775.yaml b/nuclei-templates/cve-less/plugins/portfolio-responsive-gallery-70beb78ba7fd734dda35bda551cb0775.yaml
index 909a049add..341e12dfc4 100644
--- a/nuclei-templates/cve-less/plugins/portfolio-responsive-gallery-70beb78ba7fd734dda35bda551cb0775.yaml
+++ b/nuclei-templates/cve-less/plugins/portfolio-responsive-gallery-70beb78ba7fd734dda35bda551cb0775.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Portfolio Responsive Gallery <= 1.1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Portfolio Responsive Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/portfolio-responsive-gallery/"
     google-query: inurl:"/wp-content/plugins/portfolio-responsive-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,portfolio-responsive-gallery,medium
+  tags: cve,wordpress,wp-plugin,portfolio-responsive-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-carousel-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/post-carousel-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 99965e539b..7b9e250196 100644
--- a/nuclei-templates/cve-less/plugins/post-carousel-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/post-carousel-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-carousel-divi/"
     google-query: inurl:"/wp-content/plugins/post-carousel-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-carousel-divi,medium
+  tags: cve,wordpress,wp-plugin,post-carousel-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-duplicator-e3c761c4e430d07f3cc55d6f4fc67c86.yaml b/nuclei-templates/cve-less/plugins/post-duplicator-e3c761c4e430d07f3cc55d6f4fc67c86.yaml
index 5580bd1ac4..307d991ed9 100644
--- a/nuclei-templates/cve-less/plugins/post-duplicator-e3c761c4e430d07f3cc55d6f4fc67c86.yaml
+++ b/nuclei-templates/cve-less/plugins/post-duplicator-e3c761c4e430d07f3cc55d6f4fc67c86.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Duplicator <= 2.16 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Duplicator plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.16 due to insufficient input sanitization and output escaping on the 'post-duplicated' parameter. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-duplicator/"
     google-query: inurl:"/wp-content/plugins/post-duplicator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-duplicator,medium
+  tags: cve,wordpress,wp-plugin,post-duplicator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-gallery-1b225faa6149f90c544fb3acb706af2f.yaml b/nuclei-templates/cve-less/plugins/post-gallery-1b225faa6149f90c544fb3acb706af2f.yaml
index 6a90a4ac8e..4ec7b696c6 100644
--- a/nuclei-templates/cve-less/plugins/post-gallery-1b225faa6149f90c544fb3acb706af2f.yaml
+++ b/nuclei-templates/cve-less/plugins/post-gallery-1b225faa6149f90c544fb3acb706af2f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Gallery <= 1.0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘src’ parameter in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-gallery/"
     google-query: inurl:"/wp-content/plugins/post-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-gallery,medium
+  tags: cve,wordpress,wp-plugin,post-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-grid-2709ba16ebba4320ded81fce12f3563d.yaml b/nuclei-templates/cve-less/plugins/post-grid-2709ba16ebba4320ded81fce12f3563d.yaml
index c60b2b86ec..9b1273c962 100644
--- a/nuclei-templates/cve-less/plugins/post-grid-2709ba16ebba4320ded81fce12f3563d.yaml
+++ b/nuclei-templates/cve-less/plugins/post-grid-2709ba16ebba4320ded81fce12f3563d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Grid <= 2.1.12 - Contributor+ SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-grid/"
     google-query: inurl:"/wp-content/plugins/post-grid/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-grid,high
+  tags: cve,wordpress,wp-plugin,post-grid,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-18966e8228314b8165d39d48519f43cc.yaml
index c7ecce9061..439d4e2200 100644
--- a/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-grid-carousel-ultimate/"
     google-query: inurl:"/wp-content/plugins/post-grid-carousel-ultimate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,medium
+  tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-list-designer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/post-list-designer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ffcaac93ed..054d99995b 100644
--- a/nuclei-templates/cve-less/plugins/post-list-designer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/post-list-designer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-list-designer/"
     google-query: inurl:"/wp-content/plugins/post-list-designer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-list-designer,medium
+  tags: cve,wordpress,wp-plugin,post-list-designer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-meta-data-manager-09c17ceea6b1acc60dc27557a0b8ba88.yaml b/nuclei-templates/cve-less/plugins/post-meta-data-manager-09c17ceea6b1acc60dc27557a0b8ba88.yaml
index 9863050300..454c24f631 100644
--- a/nuclei-templates/cve-less/plugins/post-meta-data-manager-09c17ceea6b1acc60dc27557a0b8ba88.yaml
+++ b/nuclei-templates/cve-less/plugins/post-meta-data-manager-09c17ceea6b1acc60dc27557a0b8ba88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Meta Data Manager <= 1.2.0 - Missing Authorization to Post, Term, and User Meta Deletion
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions hooked via nopriv AJAX actions in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete arbitrary user, term, and post meta.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-meta-data-manager/"
     google-query: inurl:"/wp-content/plugins/post-meta-data-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-meta-data-manager,medium
+  tags: cve,wordpress,wp-plugin,post-meta-data-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-slider-and-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/post-slider-and-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index eab3e20b82..04df42fc96 100644
--- a/nuclei-templates/cve-less/plugins/post-slider-and-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/post-slider-and-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-slider-and-carousel/"
     google-query: inurl:"/wp-content/plugins/post-slider-and-carousel/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-slider-and-carousel,medium
+  tags: cve,wordpress,wp-plugin,post-slider-and-carousel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-smtp-5cce32cc2992a89ca752b62e96a78a05.yaml b/nuclei-templates/cve-less/plugins/post-smtp-5cce32cc2992a89ca752b62e96a78a05.yaml
index b961d5b5ff..dda0f43293 100644
--- a/nuclei-templates/cve-less/plugins/post-smtp-5cce32cc2992a89ca752b62e96a78a05.yaml
+++ b/nuclei-templates/cve-less/plugins/post-smtp-5cce32cc2992a89ca752b62e96a78a05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post SMTP <= 2.6.0 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Post SMTP plugin for WordPress is vulnerable to time-based SQL Injection via the log_id parameter in versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-smtp/"
     google-query: inurl:"/wp-content/plugins/post-smtp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-smtp,high
+  tags: cve,wordpress,wp-plugin,post-smtp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-snippets-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/post-snippets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 330b8a57bb..0042f2d8b0 100644
--- a/nuclei-templates/cve-less/plugins/post-snippets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/post-snippets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-snippets/"
     google-query: inurl:"/wp-content/plugins/post-snippets/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-snippets,medium
+  tags: cve,wordpress,wp-plugin,post-snippets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-to-google-my-business-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/post-to-google-my-business-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 94fcd97097..cc0f470cbe 100644
--- a/nuclei-templates/cve-less/plugins/post-to-google-my-business-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/post-to-google-my-business-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-to-google-my-business/"
     google-query: inurl:"/wp-content/plugins/post-to-google-my-business/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-to-google-my-business,medium
+  tags: cve,wordpress,wp-plugin,post-to-google-my-business,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/post-views-741838efe1987dc0902314663618d34f.yaml b/nuclei-templates/cve-less/plugins/post-views-741838efe1987dc0902314663618d34f.yaml
index 79f95faa4c..769f1c38d2 100644
--- a/nuclei-templates/cve-less/plugins/post-views-741838efe1987dc0902314663618d34f.yaml
+++ b/nuclei-templates/cve-less/plugins/post-views-741838efe1987dc0902314663618d34f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Post Views <= 2.6.1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Post Views plugin for WordPress is vulnerable to Cross-Site Scripting via the 'search_input' parameter in versions up to, and including, 2.6.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/post-views/"
     google-query: inurl:"/wp-content/plugins/post-views/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,post-views,medium
+  tags: cve,wordpress,wp-plugin,post-views,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/postcode-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/postcode-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 54d2db611d..37f6a427a7 100644
--- a/nuclei-templates/cve-less/plugins/postcode-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/postcode-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/postcode-redirect/"
     google-query: inurl:"/wp-content/plugins/postcode-redirect/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,postcode-redirect,medium
+  tags: cve,wordpress,wp-plugin,postcode-redirect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/postmagthemes-demo-import-9efe0fb93db4e83b6512c73eb733e094.yaml b/nuclei-templates/cve-less/plugins/postmagthemes-demo-import-9efe0fb93db4e83b6512c73eb733e094.yaml
index f85045131e..3c6cd27126 100644
--- a/nuclei-templates/cve-less/plugins/postmagthemes-demo-import-9efe0fb93db4e83b6512c73eb733e094.yaml
+++ b/nuclei-templates/cve-less/plugins/postmagthemes-demo-import-9efe0fb93db4e83b6512c73eb733e094.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PostmagThemes Demo Import <= 1.0.6 - Authenticated (Admin+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The PostmagThemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 1.0.6. This is due to insufficient file type validation on imported files that makes it possible for high-level authenticated users, such as administrators, to upload arbitrary files onto a vulnerable site's server and gain remote code execution. This would only affect installations where admins have been restricted from uploading/modifying files to a site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/postmagthemes-demo-import/"
     google-query: inurl:"/wp-content/plugins/postmagthemes-demo-import/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,postmagthemes-demo-import,high
+  tags: cve,wordpress,wp-plugin,postmagthemes-demo-import,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/postmatic-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/postmatic-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 50ae7d95fb..ffb6e1550c 100644
--- a/nuclei-templates/cve-less/plugins/postmatic-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/postmatic-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/postmatic/"
     google-query: inurl:"/wp-content/plugins/postmatic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,postmatic,medium
+  tags: cve,wordpress,wp-plugin,postmatic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/power-ups-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/power-ups-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 15a69c65b1..7ef867bac5 100644
--- a/nuclei-templates/cve-less/plugins/power-ups-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/power-ups-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/power-ups-for-elementor/"
     google-query: inurl:"/wp-content/plugins/power-ups-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,power-ups-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,power-ups-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/powerkit-0af70d46a8f7d1d575b47f6ceaa9d723.yaml b/nuclei-templates/cve-less/plugins/powerkit-0af70d46a8f7d1d575b47f6ceaa9d723.yaml
index 2e341ae07f..8b50e9b342 100644
--- a/nuclei-templates/cve-less/plugins/powerkit-0af70d46a8f7d1d575b47f6ceaa9d723.yaml
+++ b/nuclei-templates/cve-less/plugins/powerkit-0af70d46a8f7d1d575b47f6ceaa9d723.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Powerkit < 2.5.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Powerkit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.8 This is due to missing or incorrect nonce validation on an unknown function.  Unauthenticated attackers may be able to conduct unspecified attacks (such as Cross-Site Scripting) via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerkit/"
     google-query: inurl:"/wp-content/plugins/powerkit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,powerkit,high
+  tags: cve,wordpress,wp-plugin,powerkit,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/powerpress-307c020a7d3d97fddb5823725bc2bdc1.yaml b/nuclei-templates/cve-less/plugins/powerpress-307c020a7d3d97fddb5823725bc2bdc1.yaml
index 806af653d6..dbce4dd3d4 100644
--- a/nuclei-templates/cve-less/plugins/powerpress-307c020a7d3d97fddb5823725bc2bdc1.yaml
+++ b/nuclei-templates/cve-less/plugins/powerpress-307c020a7d3d97fddb5823725bc2bdc1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PowerPress <= 10.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Feed[title]'
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Feed[title]’ parameter in versions up to, and including, 10.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powerpress/"
     google-query: inurl:"/wp-content/plugins/powerpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,powerpress,medium
+  tags: cve,wordpress,wp-plugin,powerpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/powies-whois-5aab035ef042ccd7141d869c2750d5bc.yaml b/nuclei-templates/cve-less/plugins/powies-whois-5aab035ef042ccd7141d869c2750d5bc.yaml
index 5aab30089b..c36a676498 100644
--- a/nuclei-templates/cve-less/plugins/powies-whois-5aab035ef042ccd7141d869c2750d5bc.yaml
+++ b/nuclei-templates/cve-less/plugins/powies-whois-5aab035ef042ccd7141d869c2750d5bc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Power's WHOIS Domain Check <= 0.9.31 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Power's WHOIS Domain Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 0.9.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/powies-whois/"
     google-query: inurl:"/wp-content/plugins/powies-whois/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,powies-whois,medium
+  tags: cve,wordpress,wp-plugin,powies-whois,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/predictive-search-6b177b37379772051433776316566ccd.yaml b/nuclei-templates/cve-less/plugins/predictive-search-6b177b37379772051433776316566ccd.yaml
index 5d7473043b..597e9aa13c 100644
--- a/nuclei-templates/cve-less/plugins/predictive-search-6b177b37379772051433776316566ccd.yaml
+++ b/nuclei-templates/cve-less/plugins/predictive-search-6b177b37379772051433776316566ccd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Predictive Search <= 1.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Predictive Search plugin for WordPress is vulnerable to unauthorized modification and disclosure of data due to missing capability checks on the wp_predictive_search_start_sync_ajax,  wp_predictive_search_sync_taxonomy_ajax, wp_predictive_search_sync_relationships_ajax, wp_predictive_search_sync_posts_ajax, wp_predictive_search_manual_sync_error_ajax, and wp_predictive_search_sync_end_ajax functions called via wp_ajax and wp_ajax_nopriv hooks in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to conduct search syncs and read and data returned in the response.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/predictive-search/"
     google-query: inurl:"/wp-content/plugins/predictive-search/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,predictive-search,medium
+  tags: cve,wordpress,wp-plugin,predictive-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/predictive-search-a45e2a89638ef475d44955daca9531ef.yaml b/nuclei-templates/cve-less/plugins/predictive-search-a45e2a89638ef475d44955daca9531ef.yaml
index ede61ac463..32d5c9c6c0 100644
--- a/nuclei-templates/cve-less/plugins/predictive-search-a45e2a89638ef475d44955daca9531ef.yaml
+++ b/nuclei-templates/cve-less/plugins/predictive-search-a45e2a89638ef475d44955daca9531ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Predictive Search <= 1.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Predictive Search plugin for WordPress is vulnerable to unauthorized modification and disclosure of data due to missing capability checks on the wp_predictive_search_rebuild_cat_cache_ajax and wp_predictive_search_build_category_cache_error_ajax functions called via wp_ajax and wp_ajax_nopriv hooks in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to rebuild category cache and view any messages in the error log.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/predictive-search/"
     google-query: inurl:"/wp-content/plugins/predictive-search/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,predictive-search,medium
+  tags: cve,wordpress,wp-plugin,predictive-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/predictive-search-b2c299a9a1dfd6a544071cd299a840b8.yaml b/nuclei-templates/cve-less/plugins/predictive-search-b2c299a9a1dfd6a544071cd299a840b8.yaml
index 25e430dede..1b145d259d 100644
--- a/nuclei-templates/cve-less/plugins/predictive-search-b2c299a9a1dfd6a544071cd299a840b8.yaml
+++ b/nuclei-templates/cve-less/plugins/predictive-search-b2c299a9a1dfd6a544071cd299a840b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Predictive Search <= 1.2.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Predictive Search plugin for WordPress is vulnerable to unauthorized disclosure of data due to a missing capability check on the 'get_exclude_options_ajax' function called via a wp_ajax and wp_ajax_nopriv hook in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to retrieve exclude options for search data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/predictive-search/"
     google-query: inurl:"/wp-content/plugins/predictive-search/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,predictive-search,medium
+  tags: cve,wordpress,wp-plugin,predictive-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/preloader-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/preloader-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a6dc2eda01..93ec16b7a9 100644
--- a/nuclei-templates/cve-less/plugins/preloader-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/preloader-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/preloader-for-divi/"
     google-query: inurl:"/wp-content/plugins/preloader-for-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,preloader-for-divi,medium
+  tags: cve,wordpress,wp-plugin,preloader-for-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-6be8b4c15f4802607f2237b86373c965.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-6be8b4c15f4802607f2237b86373c965.yaml
index 4790754ecb..dfabbdee17 100644
--- a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-6be8b4c15f4802607f2237b86373c965.yaml
+++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-6be8b4c15f4802607f2237b86373c965.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premium-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/premmerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c5afcf980a..a16c0f10d3 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce/"
     google-query: inurl:"/wp-content/plugins/premmerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce,medium
+  tags: cve,wordpress,wp-plugin,premmerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-50f488111dad00bdb113f7022a4a0420.yaml b/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-50f488111dad00bdb113f7022a4a0420.yaml
index 1327acaed8..c16d743292 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-50f488111dad00bdb113f7022a4a0420.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-50f488111dad00bdb113f7022a4a0420.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Premmerce Redirect Manager <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Premmerce Redirect Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.0.12 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-redirect-manager/"
     google-query: inurl:"/wp-content/plugins/premmerce-redirect-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce-redirect-manager,medium
+  tags: cve,wordpress,wp-plugin,premmerce-redirect-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index df702a530c..70e684bd2e 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-redirect-manager/"
     google-query: inurl:"/wp-content/plugins/premmerce-redirect-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce-redirect-manager,medium
+  tags: cve,wordpress,wp-plugin,premmerce-redirect-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-search-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/premmerce-search-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 958c485962..92836246d8 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-search-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-search-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-search/"
     google-query: inurl:"/wp-content/plugins/premmerce-search/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce-search,medium
+  tags: cve,wordpress,wp-plugin,premmerce-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-user-roles-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/premmerce-user-roles-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4fb352e92c..2857a8ff48 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-user-roles-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-user-roles-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-user-roles/"
     google-query: inurl:"/wp-content/plugins/premmerce-user-roles/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce-user-roles,medium
+  tags: cve,wordpress,wp-plugin,premmerce-user-roles,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-brands-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-brands-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 41161ad99f..ec05722587 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-brands-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-brands-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-woocommerce-brands/"
     google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-brands/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-brands,medium
+  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-brands,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-multi-currency-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-multi-currency-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b366ab8095..99936bd38a 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-multi-currency-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-multi-currency-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-woocommerce-multi-currency/"
     google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-multi-currency/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-multi-currency,medium
+  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-multi-currency,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-product-filter-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-product-filter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 289aa168e4..ee83382611 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-product-filter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-product-filter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-woocommerce-product-filter/"
     google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-product-filter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-product-filter,medium
+  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-product-filter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-variation-swatches-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-variation-swatches-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index aa746bf56c..19d98d9607 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-variation-swatches-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-variation-swatches-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-woocommerce-variation-swatches/"
     google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-variation-swatches/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-variation-swatches,medium
+  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-variation-swatches,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-wholesale-pricing-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-wholesale-pricing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e8acca8e70..346ad429d8 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-wholesale-pricing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-wholesale-pricing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-woocommerce-wholesale-pricing/"
     google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-wholesale-pricing/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-wholesale-pricing,medium
+  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-wholesale-pricing,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-wishlist-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-wishlist-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 42a5d07188..4dbfdf0e70 100644
--- a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-wishlist-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-wishlist-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/premmerce-woocommerce-wishlist/"
     google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-wishlist/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-wishlist,medium
+  tags: cve,wordpress,wp-plugin,premmerce-woocommerce-wishlist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pressforward-d0af10e9ac4884ae3c68f9f3c40fdad7.yaml b/nuclei-templates/cve-less/plugins/pressforward-d0af10e9ac4884ae3c68f9f3c40fdad7.yaml
index cfae08b014..8c721fb85a 100644
--- a/nuclei-templates/cve-less/plugins/pressforward-d0af10e9ac4884ae3c68f9f3c40fdad7.yaml
+++ b/nuclei-templates/cve-less/plugins/pressforward-d0af10e9ac4884ae3c68f9f3c40fdad7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PressForward <= 5.2.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The plugin PressForward for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameter in versions up to, and including, 5.2.8 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pressforward/"
     google-query: inurl:"/wp-content/plugins/pressforward/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pressforward,medium
+  tags: cve,wordpress,wp-plugin,pressforward,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pretty-google-calendar-c5888a6adf3b7c4a7f3becae44174450.yaml b/nuclei-templates/cve-less/plugins/pretty-google-calendar-c5888a6adf3b7c4a7f3becae44174450.yaml
index b835d0d0e7..089f88bf29 100644
--- a/nuclei-templates/cve-less/plugins/pretty-google-calendar-c5888a6adf3b7c4a7f3becae44174450.yaml
+++ b/nuclei-templates/cve-less/plugins/pretty-google-calendar-c5888a6adf3b7c4a7f3becae44174450.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pretty Google Calendar <= 1.5.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via pretty_google_calendar shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Pretty Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pretty-google-calendar/"
     google-query: inurl:"/wp-content/plugins/pretty-google-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pretty-google-calendar,medium
+  tags: cve,wordpress,wp-plugin,pretty-google-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/prettyphoto-1c7062bfa495ccd866c7cbbbfe4462e3.yaml b/nuclei-templates/cve-less/plugins/prettyphoto-1c7062bfa495ccd866c7cbbbfe4462e3.yaml
index 07c16112f9..15dc0912bf 100644
--- a/nuclei-templates/cve-less/plugins/prettyphoto-1c7062bfa495ccd866c7cbbbfe4462e3.yaml
+++ b/nuclei-templates/cve-less/plugins/prettyphoto-1c7062bfa495ccd866c7cbbbfe4462e3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress prettyPhoto <= 1.1 - DOM Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The prettyPhoto plugin for WordPress is vulnerable to DOM Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/prettyphoto/"
     google-query: inurl:"/wp-content/plugins/prettyphoto/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,prettyphoto,medium
+  tags: cve,wordpress,wp-plugin,prettyphoto,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/price-bands-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/price-bands-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7fb5415952..325682fa8f 100644
--- a/nuclei-templates/cve-less/plugins/price-bands-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/price-bands-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/price-bands-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/price-bands-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,price-bands-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,price-bands-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-b8b87309673e04154a00de1091b89e07.yaml b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-b8b87309673e04154a00de1091b89e07.yaml
index b0d8cb3869..a494143e56 100644
--- a/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-b8b87309673e04154a00de1091b89e07.yaml
+++ b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-b8b87309673e04154a00de1091b89e07.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pricing Table by Supsystic <= 1.8.8 - Boolean-Based Blind SQL Injections
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Pricing Table by Supsystic plugin for WordPress is vulnerable to boolean-based blind SQL Injection via the ‘sidx’ parameter in versions up to, and including, 1.8.8 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pricing-table-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/pricing-table-by-supsystic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pricing-table-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,pricing-table-by-supsystic,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/primary-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/primary-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9dae53d5f6..fcb05f3584 100644
--- a/nuclei-templates/cve-less/plugins/primary-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/primary-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/primary-addon-for-elementor/"
     google-query: inurl:"/wp-content/plugins/primary-addon-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,primary-addon-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,primary-addon-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/prime-mover-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/prime-mover-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 14a5f51565..469eefd4d9 100644
--- a/nuclei-templates/cve-less/plugins/prime-mover-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/prime-mover-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/prime-mover/"
     google-query: inurl:"/wp-content/plugins/prime-mover/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,prime-mover,medium
+  tags: cve,wordpress,wp-plugin,prime-mover,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/print-google-cloud-print-gcp-woocommerce-c7e173848fb257299994b18731636ed4.yaml b/nuclei-templates/cve-less/plugins/print-google-cloud-print-gcp-woocommerce-c7e173848fb257299994b18731636ed4.yaml
index 66d26ad05d..faba1afe2d 100644
--- a/nuclei-templates/cve-less/plugins/print-google-cloud-print-gcp-woocommerce-c7e173848fb257299994b18731636ed4.yaml
+++ b/nuclei-templates/cve-less/plugins/print-google-cloud-print-gcp-woocommerce-c7e173848fb257299994b18731636ed4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BizPrint <= 4.5.1 - Missing Authorization in showTemplatePreview
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BizPrint plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview function in all versions up to, and including, 4.5.1. This makes it possible for unauthenticated attackers to expose potentially sensitive WooCommerce order data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-google-cloud-print-gcp-woocommerce/"
     google-query: inurl:"/wp-content/plugins/print-google-cloud-print-gcp-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,print-google-cloud-print-gcp-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,print-google-cloud-print-gcp-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/print-my-blog-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/print-my-blog-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2bf21a6305..6e5e92af5e 100644
--- a/nuclei-templates/cve-less/plugins/print-my-blog-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/print-my-blog-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/print-my-blog/"
     google-query: inurl:"/wp-content/plugins/print-my-blog/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,print-my-blog,medium
+  tags: cve,wordpress,wp-plugin,print-my-blog,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pro-links-maintainer-dev-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/pro-links-maintainer-dev-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7a44d6ab31..c00b52dd4b 100644
--- a/nuclei-templates/cve-less/plugins/pro-links-maintainer-dev-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/pro-links-maintainer-dev-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pro-links-maintainer-dev/"
     google-query: inurl:"/wp-content/plugins/pro-links-maintainer-dev/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pro-links-maintainer-dev,medium
+  tags: cve,wordpress,wp-plugin,pro-links-maintainer-dev,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/product-blocks-52b32717fd3d0ae5a10aa7d3c77cb89f.yaml b/nuclei-templates/cve-less/plugins/product-blocks-52b32717fd3d0ae5a10aa7d3c77cb89f.yaml
index 4f9fabc472..7a41307415 100644
--- a/nuclei-templates/cve-less/plugins/product-blocks-52b32717fd3d0ae5a10aa7d3c77cb89f.yaml
+++ b/nuclei-templates/cve-less/plugins/product-blocks-52b32717fd3d0ae5a10aa7d3c77cb89f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ProductX – Gutenberg WooCommerce Blocks – WooCommerce Builder, Wishlist for WooCommerce, Products Comparison, Quick View, Online Store – All in One Solution <= 2.2.5 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     ProductX – Gutenberg WooCommerce Blocks – WooCommerce Builder, Wishlist for WooCommerce, Products Comparison, Quick View, Online Store – All in One Solution in versions up to and including 2.2.5 is vulnerable to Cross-Site Scripting due to insufficient sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-blocks/"
     google-query: inurl:"/wp-content/plugins/product-blocks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,product-blocks,medium
+  tags: cve,wordpress,wp-plugin,product-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/product-filter-for-woocommerce-product-a3db779bffaf01ac0439d97b043e7b9e.yaml b/nuclei-templates/cve-less/plugins/product-filter-for-woocommerce-product-a3db779bffaf01ac0439d97b043e7b9e.yaml
index 9712ed3b00..de64105f52 100644
--- a/nuclei-templates/cve-less/plugins/product-filter-for-woocommerce-product-a3db779bffaf01ac0439d97b043e7b9e.yaml
+++ b/nuclei-templates/cve-less/plugins/product-filter-for-woocommerce-product-a3db779bffaf01ac0439d97b043e7b9e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Product Filter For WooCommerce Product plugin for WordPress is vulnerable to SQL Injection via the `datastring` paramater in versions up to and including 1.3.1. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-filter-for-woocommerce-product/"
     google-query: inurl:"/wp-content/plugins/product-filter-for-woocommerce-product/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,product-filter-for-woocommerce-product,high
+  tags: cve,wordpress,wp-plugin,product-filter-for-woocommerce-product,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/product-image-watermark-for-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/product-image-watermark-for-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 659abeed50..620a21d424 100644
--- a/nuclei-templates/cve-less/plugins/product-image-watermark-for-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/product-image-watermark-for-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/product-image-watermark-for-woo/"
     google-query: inurl:"/wp-content/plugins/product-image-watermark-for-woo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,product-image-watermark-for-woo,medium
+  tags: cve,wordpress,wp-plugin,product-image-watermark-for-woo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/profile-builder-960773bb26ec71f2b5c7ab22a6dcda0e.yaml b/nuclei-templates/cve-less/plugins/profile-builder-960773bb26ec71f2b5c7ab22a6dcda0e.yaml
index 969c3ba28a..29b4509c83 100644
--- a/nuclei-templates/cve-less/plugins/profile-builder-960773bb26ec71f2b5c7ab22a6dcda0e.yaml
+++ b/nuclei-templates/cve-less/plugins/profile-builder-960773bb26ec71f2b5c7ab22a6dcda0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder/Profile Builder Pro <= 3.3.2 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Profile Builder/Profile Builder Pro plugins for WordPress is vulnerable to blind SQL Injection via multiple parameters in versions up to, and including, 3.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder/"
     google-query: inurl:"/wp-content/plugins/profile-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,profile-builder,high
+  tags: cve,wordpress,wp-plugin,profile-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/profile-builder-dc37f981ae3cabe96f1627086e8e54ca.yaml b/nuclei-templates/cve-less/plugins/profile-builder-dc37f981ae3cabe96f1627086e8e54ca.yaml
index 713fb52e68..21d102bed1 100644
--- a/nuclei-templates/cve-less/plugins/profile-builder-dc37f981ae3cabe96f1627086e8e54ca.yaml
+++ b/nuclei-templates/cve-less/plugins/profile-builder-dc37f981ae3cabe96f1627086e8e54ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder < 2.5.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wppb_general_settings[minimum_password_length]’ parameter in versions before 2.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with high privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder/"
     google-query: inurl:"/wp-content/plugins/profile-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,profile-builder,medium
+  tags: cve,wordpress,wp-plugin,profile-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/profile-builder-pro-960773bb26ec71f2b5c7ab22a6dcda0e.yaml b/nuclei-templates/cve-less/plugins/profile-builder-pro-960773bb26ec71f2b5c7ab22a6dcda0e.yaml
index e444ce6c65..6ace5f848e 100644
--- a/nuclei-templates/cve-less/plugins/profile-builder-pro-960773bb26ec71f2b5c7ab22a6dcda0e.yaml
+++ b/nuclei-templates/cve-less/plugins/profile-builder-pro-960773bb26ec71f2b5c7ab22a6dcda0e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Profile Builder/Profile Builder Pro <= 3.3.2 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Profile Builder/Profile Builder Pro plugins for WordPress is vulnerable to blind SQL Injection via multiple parameters in versions up to, and including, 3.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/profile-builder-pro/"
     google-query: inurl:"/wp-content/plugins/profile-builder-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,profile-builder-pro,high
+  tags: cve,wordpress,wp-plugin,profile-builder-pro,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/protect-uploads-dcaafd0f02c38e487ed1a8a26307e284.yaml b/nuclei-templates/cve-less/plugins/protect-uploads-dcaafd0f02c38e487ed1a8a26307e284.yaml
index bb7fe4ccb6..9c0b3f98e5 100644
--- a/nuclei-templates/cve-less/plugins/protect-uploads-dcaafd0f02c38e487ed1a8a26307e284.yaml
+++ b/nuclei-templates/cve-less/plugins/protect-uploads-dcaafd0f02c38e487ed1a8a26307e284.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Protect uploads <= 0.3 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Protect uploads plugin for WordPress failed to use a capability check and leaked the nonce necessary to save changes in the protect-uploads-admin-settings-page.php file. This meant that attackers able to successfully load this file in the context of WordPress, such as through a separate local file inclusion vulnerability, could save changes to the plugin settings. Note that while the file did allow direct access, this was not sufficient to obtain sensitive information or make changes on its own.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/protect-uploads/"
     google-query: inurl:"/wp-content/plugins/protect-uploads/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,protect-uploads,medium
+  tags: cve,wordpress,wp-plugin,protect-uploads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/protect-uploads-with-login-page-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/protect-uploads-with-login-page-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 53590cd8b6..2d11253e85 100644
--- a/nuclei-templates/cve-less/plugins/protect-uploads-with-login-page-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/protect-uploads-with-login-page-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/protect-uploads-with-login-page/"
     google-query: inurl:"/wp-content/plugins/protect-uploads-with-login-page/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,protect-uploads-with-login-page,medium
+  tags: cve,wordpress,wp-plugin,protect-uploads-with-login-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/protect-wp-admin-3008a63f18e7f2e88b5013011c2e866b.yaml b/nuclei-templates/cve-less/plugins/protect-wp-admin-3008a63f18e7f2e88b5013011c2e866b.yaml
index 3897b33b2c..4cfd8deb1d 100644
--- a/nuclei-templates/cve-less/plugins/protect-wp-admin-3008a63f18e7f2e88b5013011c2e866b.yaml
+++ b/nuclei-templates/cve-less/plugins/protect-wp-admin-3008a63f18e7f2e88b5013011c2e866b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Protect WP Admin <= 3.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Protect WP Admin plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/protect-wp-admin/"
     google-query: inurl:"/wp-content/plugins/protect-wp-admin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,protect-wp-admin,medium
+  tags: cve,wordpress,wp-plugin,protect-wp-admin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/protected-page-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/protected-page-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 55300b8676..5bd59eecc6 100644
--- a/nuclei-templates/cve-less/plugins/protected-page-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/protected-page-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/protected-page/"
     google-query: inurl:"/wp-content/plugins/protected-page/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,protected-page,medium
+  tags: cve,wordpress,wp-plugin,protected-page,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/pt-elementor-addons-lite-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/pt-elementor-addons-lite-18966e8228314b8165d39d48519f43cc.yaml
index ec32135c67..e4355a59de 100644
--- a/nuclei-templates/cve-less/plugins/pt-elementor-addons-lite-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/pt-elementor-addons-lite-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/pt-elementor-addons-lite/"
     google-query: inurl:"/wp-content/plugins/pt-elementor-addons-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,pt-elementor-addons-lite,medium
+  tags: cve,wordpress,wp-plugin,pt-elementor-addons-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/publishpress-5eb9664c4cfc97621e70ca6044316a22.yaml b/nuclei-templates/cve-less/plugins/publishpress-5eb9664c4cfc97621e70ca6044316a22.yaml
index b4cfd3e2df..a005544839 100644
--- a/nuclei-templates/cve-less/plugins/publishpress-5eb9664c4cfc97621e70ca6044316a22.yaml
+++ b/nuclei-templates/cve-less/plugins/publishpress-5eb9664c4cfc97621e70ca6044316a22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     PublishPress: Editorial Calendar, Workflow, Comments, Notifications and Statuses <= 3.5.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The PublishPress: Editorial Calendar, Workflow, Comments, Notifications and Statuses plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘order’ and ‘orderby’ parameters in versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/publishpress/"
     google-query: inurl:"/wp-content/plugins/publishpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,publishpress,medium
+  tags: cve,wordpress,wp-plugin,publishpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/push-notification-for-post-and-buddypress-de2d50a00641894476c3c991e151cbfe.yaml b/nuclei-templates/cve-less/plugins/push-notification-for-post-and-buddypress-de2d50a00641894476c3c991e151cbfe.yaml
index 7eb326d615..448c91f12f 100644
--- a/nuclei-templates/cve-less/plugins/push-notification-for-post-and-buddypress-de2d50a00641894476c3c991e151cbfe.yaml
+++ b/nuclei-templates/cve-less/plugins/push-notification-for-post-and-buddypress-de2d50a00641894476c3c991e151cbfe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Push Notification for Post and BuddyPress <= 1.63 - Missing Authorization to Unauthenticated Admin Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the PNFPB_icpushadmincallback_callback function hooked via a nopriv AJAX action in versions up to, and including, 1.63. This makes it possible for unauthenticated attackers to dismiss admin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/push-notification-for-post-and-buddypress/"
     google-query: inurl:"/wp-content/plugins/push-notification-for-post-and-buddypress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,push-notification-for-post-and-buddypress,medium
+  tags: cve,wordpress,wp-plugin,push-notification-for-post-and-buddypress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/q-and-a-8f0eb841fe57a3d4a24e95c0d9fd6f34.yaml b/nuclei-templates/cve-less/plugins/q-and-a-8f0eb841fe57a3d4a24e95c0d9fd6f34.yaml
index 7f186d1767..99ee7079d1 100644
--- a/nuclei-templates/cve-less/plugins/q-and-a-8f0eb841fe57a3d4a24e95c0d9fd6f34.yaml
+++ b/nuclei-templates/cve-less/plugins/q-and-a-8f0eb841fe57a3d4a24e95c0d9fd6f34.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Q and A <= 1.0.6.2 Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Q and A plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.6.2. This is due to missing or incorrect nonce validation on various functions/parameters. This makes it possible for unauthenticated attackers to perform SQLIs and XSSs (vulnerabilities explained in detail in reference) via forged requests granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/q-and-a/"
     google-query: inurl:"/wp-content/plugins/q-and-a/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,q-and-a,high
+  tags: cve,wordpress,wp-plugin,q-and-a,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/qiniu-uploader-de57d40696cbfcd8ffe966c8ed179267.yaml b/nuclei-templates/cve-less/plugins/qiniu-uploader-de57d40696cbfcd8ffe966c8ed179267.yaml
index cabe71f229..22207484ec 100644
--- a/nuclei-templates/cve-less/plugins/qiniu-uploader-de57d40696cbfcd8ffe966c8ed179267.yaml
+++ b/nuclei-templates/cve-less/plugins/qiniu-uploader-de57d40696cbfcd8ffe966c8ed179267.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qiniu Uploader <= 0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Qiniu Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the swfupload.swf file in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qiniu-uploader/"
     google-query: inurl:"/wp-content/plugins/qiniu-uploader/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,qiniu-uploader,medium
+  tags: cve,wordpress,wp-plugin,qiniu-uploader,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/qtranslate-x-92923e233ad137b6c565b0d9cb5490bf.yaml b/nuclei-templates/cve-less/plugins/qtranslate-x-92923e233ad137b6c565b0d9cb5490bf.yaml
index fd2816173c..a1fa104a71 100644
--- a/nuclei-templates/cve-less/plugins/qtranslate-x-92923e233ad137b6c565b0d9cb5490bf.yaml
+++ b/nuclei-templates/cve-less/plugins/qtranslate-x-92923e233ad137b6c565b0d9cb5490bf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     qTranslate X <= 3.4.6.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The qTranslate X plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative capabilities, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qtranslate-x/"
     google-query: inurl:"/wp-content/plugins/qtranslate-x/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,qtranslate-x,medium
+  tags: cve,wordpress,wp-plugin,qtranslate-x,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/qubely-fea58c2fffc9b2ea6b58c47efd69a713.yaml b/nuclei-templates/cve-less/plugins/qubely-fea58c2fffc9b2ea6b58c47efd69a713.yaml
index 6ef1e28998..ed51dcff1c 100644
--- a/nuclei-templates/cve-less/plugins/qubely-fea58c2fffc9b2ea6b58c47efd69a713.yaml
+++ b/nuclei-templates/cve-less/plugins/qubely-fea58c2fffc9b2ea6b58c47efd69a713.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Qubely <= 1.7.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Qubely plugin for WordPress contains a missing authorization weakness that makes it possible for subscriber-level users to update the plugin's settings in versions up to, and including 1.7.8. This is due to missing capability checks on the ajax_update_qubely_options() function called via the wp_ajax_update_qubely_options AJAX action that makes it callable via any authenticated user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qubely/"
     google-query: inurl:"/wp-content/plugins/qubely/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,qubely,medium
+  tags: cve,wordpress,wp-plugin,qubely,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quick-adsense-910562f88b7ea3f43ef082aba4fd2945.yaml b/nuclei-templates/cve-less/plugins/quick-adsense-910562f88b7ea3f43ef082aba4fd2945.yaml
index cf55e07930..fe862ba33b 100644
--- a/nuclei-templates/cve-less/plugins/quick-adsense-910562f88b7ea3f43ef082aba4fd2945.yaml
+++ b/nuclei-templates/cve-less/plugins/quick-adsense-910562f88b7ea3f43ef082aba4fd2945.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Adsense < 2.8.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quick Adsense plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the several functions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset statistics and change plugin options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-adsense/"
     google-query: inurl:"/wp-content/plugins/quick-adsense/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quick-adsense,medium
+  tags: cve,wordpress,wp-plugin,quick-adsense,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quick-affiliate-store-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/quick-affiliate-store-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8b46b3aff7..68761f24d1 100644
--- a/nuclei-templates/cve-less/plugins/quick-affiliate-store-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/quick-affiliate-store-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-affiliate-store/"
     google-query: inurl:"/wp-content/plugins/quick-affiliate-store/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quick-affiliate-store,medium
+  tags: cve,wordpress,wp-plugin,quick-affiliate-store,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quick-contact-form-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/quick-contact-form-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c3fdf686ad..10c382d452 100644
--- a/nuclei-templates/cve-less/plugins/quick-contact-form-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/quick-contact-form-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-contact-form/"
     google-query: inurl:"/wp-content/plugins/quick-contact-form/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quick-contact-form,medium
+  tags: cve,wordpress,wp-plugin,quick-contact-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quick-event-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/quick-event-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 27c36eb9ff..5932551143 100644
--- a/nuclei-templates/cve-less/plugins/quick-event-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/quick-event-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-event-manager/"
     google-query: inurl:"/wp-content/plugins/quick-event-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quick-event-manager,medium
+  tags: cve,wordpress,wp-plugin,quick-event-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quick-paypal-payments-b05b3a24d162881cbb5011a114d7958e.yaml b/nuclei-templates/cve-less/plugins/quick-paypal-payments-b05b3a24d162881cbb5011a114d7958e.yaml
index ede5d296f5..3bb06baa7d 100644
--- a/nuclei-templates/cve-less/plugins/quick-paypal-payments-b05b3a24d162881cbb5011a114d7958e.yaml
+++ b/nuclei-templates/cve-less/plugins/quick-paypal-payments-b05b3a24d162881cbb5011a114d7958e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Paypal Payments < 3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quick Paypal Payments plugin for WordPress is vulnerable to Cross-Site Scripting via the 'reference' and 'amount' parameters in versions before 3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-paypal-payments/"
     google-query: inurl:"/wp-content/plugins/quick-paypal-payments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quick-paypal-payments,medium
+  tags: cve,wordpress,wp-plugin,quick-paypal-payments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quick-paypal-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/quick-paypal-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index dbfaaa53c9..11af7a07a8 100644
--- a/nuclei-templates/cve-less/plugins/quick-paypal-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/quick-paypal-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-paypal-payments/"
     google-query: inurl:"/wp-content/plugins/quick-paypal-payments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quick-paypal-payments,medium
+  tags: cve,wordpress,wp-plugin,quick-paypal-payments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quick-restaurant-menu-be53691c287fd0615412e7fc76d56676.yaml b/nuclei-templates/cve-less/plugins/quick-restaurant-menu-be53691c287fd0615412e7fc76d56676.yaml
index 199042d01c..0b63c82782 100644
--- a/nuclei-templates/cve-less/plugins/quick-restaurant-menu-be53691c287fd0615412e7fc76d56676.yaml
+++ b/nuclei-templates/cve-less/plugins/quick-restaurant-menu-be53691c287fd0615412e7fc76d56676.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quick Restaurant Menu <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in its AJAX actions in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quick-restaurant-menu/"
     google-query: inurl:"/wp-content/plugins/quick-restaurant-menu/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quick-restaurant-menu,medium
+  tags: cve,wordpress,wp-plugin,quick-restaurant-menu,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-0ab1239b54a9d197b2df31bb69f5b07b.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-0ab1239b54a9d197b2df31bb69f5b07b.yaml
index 8c2140b8f2..250f90de59 100644
--- a/nuclei-templates/cve-less/plugins/quiz-master-next-0ab1239b54a9d197b2df31bb69f5b07b.yaml
+++ b/nuclei-templates/cve-less/plugins/quiz-master-next-0ab1239b54a9d197b2df31bb69f5b07b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz and Survey Master <= 6.4.12 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quiz and Survery Master plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the text editor and correct answer parameters in versions up to, and including, 6.4.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-1f3365288c8ad41d2a38dadca302de5e.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-1f3365288c8ad41d2a38dadca302de5e.yaml
index 49d1e2faed..fbc719296d 100644
--- a/nuclei-templates/cve-less/plugins/quiz-master-next-1f3365288c8ad41d2a38dadca302de5e.yaml
+++ b/nuclei-templates/cve-less/plugins/quiz-master-next-1f3365288c8ad41d2a38dadca302de5e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 7.3.10 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.3.10. This is due to missing or incorrect nonce validation on several of its functions. This makes it possible for unauthenticated attackers to clear audit data and perform other actions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,high
+  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-d42a5f37bc2973237f5bd33bf937988e.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-d42a5f37bc2973237f5bd33bf937988e.yaml
index 616dd7626e..ca9385bc84 100644
--- a/nuclei-templates/cve-less/plugins/quiz-master-next-d42a5f37bc2973237f5bd33bf937988e.yaml
+++ b/nuclei-templates/cve-less/plugins/quiz-master-next-d42a5f37bc2973237f5bd33bf937988e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master < 4.4.4 - Multiple SQL Injections
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Quiz And Survey Master plugin for WordPress is vulnerable to Multiple SQL Injections via several parameters in versions before 4.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers of low-privilege to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,high
+  tags: cve,wordpress,wp-plugin,quiz-master-next,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-d5c9a981371783e864a000bed9ff14a0.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-d5c9a981371783e864a000bed9ff14a0.yaml
index e45c0b62e4..3f84d5986b 100644
--- a/nuclei-templates/cve-less/plugins/quiz-master-next-d5c9a981371783e864a000bed9ff14a0.yaml
+++ b/nuclei-templates/cve-less/plugins/quiz-master-next-d5c9a981371783e864a000bed9ff14a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz And Survey Master <= 7.1.18 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Quiz And Survey Master plugin plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 7.1.18 due to insufficient input sanitization and output escaping on the IP value. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-e1a43bd038bea91c9d042110dd2e93ec.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-e1a43bd038bea91c9d042110dd2e93ec.yaml
index bb43735605..9110f27b96 100644
--- a/nuclei-templates/cve-less/plugins/quiz-master-next-e1a43bd038bea91c9d042110dd2e93ec.yaml
+++ b/nuclei-templates/cve-less/plugins/quiz-master-next-e1a43bd038bea91c9d042110dd2e93ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Quiz and Survey Master <= 7.1.13 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/quiz-master-next/"
     google-query: inurl:"/wp-content/plugins/quiz-master-next/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,quiz-master-next,medium
+  tags: cve,wordpress,wp-plugin,quiz-master-next,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/qyrr-code-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/qyrr-code-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2f0cb23737..58c5dba733 100644
--- a/nuclei-templates/cve-less/plugins/qyrr-code-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/qyrr-code-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/qyrr-code/"
     google-query: inurl:"/wp-content/plugins/qyrr-code/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,qyrr-code,medium
+  tags: cve,wordpress,wp-plugin,qyrr-code,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/racar-clear-cart-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/racar-clear-cart-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 257d84ff60..7cea1e46ee 100644
--- a/nuclei-templates/cve-less/plugins/racar-clear-cart-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/racar-clear-cart-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/racar-clear-cart-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/racar-clear-cart-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,racar-clear-cart-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,racar-clear-cart-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/radio-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/radio-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5bcb9b1c54..b6382014ee 100644
--- a/nuclei-templates/cve-less/plugins/radio-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/radio-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/radio-player/"
     google-query: inurl:"/wp-content/plugins/radio-player/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,radio-player,medium
+  tags: cve,wordpress,wp-plugin,radio-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/radio-station-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/radio-station-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5073239710..ee2286c9a8 100644
--- a/nuclei-templates/cve-less/plugins/radio-station-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/radio-station-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/radio-station/"
     google-query: inurl:"/wp-content/plugins/radio-station/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,radio-station,medium
+  tags: cve,wordpress,wp-plugin,radio-station,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rankbear-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/rankbear-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d492e4c74b..e3903816a1 100644
--- a/nuclei-templates/cve-less/plugins/rankbear-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/rankbear-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rankbear/"
     google-query: inurl:"/wp-content/plugins/rankbear/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rankbear,medium
+  tags: cve,wordpress,wp-plugin,rankbear,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rating-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/rating-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 50e9e7da73..4281e0ccf5 100644
--- a/nuclei-templates/cve-less/plugins/rating-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/rating-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rating-widget/"
     google-query: inurl:"/wp-content/plugins/rating-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rating-widget,medium
+  tags: cve,wordpress,wp-plugin,rating-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/real-estate-manager-715775220a5d0726abf3cb0c44398e2b.yaml b/nuclei-templates/cve-less/plugins/real-estate-manager-715775220a5d0726abf3cb0c44398e2b.yaml
index 413da5d24d..0f48c19942 100644
--- a/nuclei-templates/cve-less/plugins/real-estate-manager-715775220a5d0726abf3cb0c44398e2b.yaml
+++ b/nuclei-templates/cve-less/plugins/real-estate-manager-715775220a5d0726abf3cb0c44398e2b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Estate Manager – Property Listing and Agent Management <= 6.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Real Estate Manager – Property Listing and Agent Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘revision’ parameter in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/real-estate-manager/"
     google-query: inurl:"/wp-content/plugins/real-estate-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,real-estate-manager,medium
+  tags: cve,wordpress,wp-plugin,real-estate-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/really-simple-featured-video-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/really-simple-featured-video-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1b092547c3..60edec3e15 100644
--- a/nuclei-templates/cve-less/plugins/really-simple-featured-video-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/really-simple-featured-video-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/really-simple-featured-video/"
     google-query: inurl:"/wp-content/plugins/really-simple-featured-video/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,really-simple-featured-video,medium
+  tags: cve,wordpress,wp-plugin,really-simple-featured-video,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/reamaze-8a160378fcef72b726e178d76f962841.yaml b/nuclei-templates/cve-less/plugins/reamaze-8a160378fcef72b726e178d76f962841.yaml
index 3714b18c16..441b617a15 100644
--- a/nuclei-templates/cve-less/plugins/reamaze-8a160378fcef72b726e178d76f962841.yaml
+++ b/nuclei-templates/cve-less/plugins/reamaze-8a160378fcef72b726e178d76f962841.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Re:amaze Helpdesk & Live Chat <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Re:amaze Helpdesk & Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reamaze/"
     google-query: inurl:"/wp-content/plugins/reamaze/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,reamaze,medium
+  tags: cve,wordpress,wp-plugin,reamaze,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/recently-8309716d7ccc4397ca213e945a98f0a4.yaml b/nuclei-templates/cve-less/plugins/recently-8309716d7ccc4397ca213e945a98f0a4.yaml
index 8a39764dec..c0aba1cb59 100644
--- a/nuclei-templates/cve-less/plugins/recently-8309716d7ccc4397ca213e945a98f0a4.yaml
+++ b/nuclei-templates/cve-less/plugins/recently-8309716d7ccc4397ca213e945a98f0a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Recently <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Recently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘upload_thumb_src’ parameter in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recently/"
     google-query: inurl:"/wp-content/plugins/recently/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,recently,medium
+  tags: cve,wordpress,wp-plugin,recently,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/recurwp-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/recurwp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c65b7b8c1b..babbb00ea8 100644
--- a/nuclei-templates/cve-less/plugins/recurwp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/recurwp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/recurwp/"
     google-query: inurl:"/wp-content/plugins/recurwp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,recurwp,medium
+  tags: cve,wordpress,wp-plugin,recurwp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-00ed26bc99082a5e2bf7869b142812b5.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-00ed26bc99082a5e2bf7869b142812b5.yaml
index 4db83eb783..50eca6f7bc 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-00ed26bc99082a5e2bf7869b142812b5.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-00ed26bc99082a5e2bf7869b142812b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirectRule' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addRedirectRule function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to add redirect rules to a vulnerable site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-08ab49e654c5fb6f0db2079823b53c43.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-08ab49e654c5fb6f0db2079823b53c43.yaml
index 598991fdf2..f7e44be90c 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-08ab49e654c5fb6f0db2079823b53c43.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-08ab49e654c5fb6f0db2079823b53c43.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'redirectionPageContent' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized disclosure of data due to a missing capability check on the redirectionPageContent function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to retrieve existing redirect rules.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-1217e0d32488feda5672b5f2f6f6be10.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-1217e0d32488feda5672b5f2f6f6be10.yaml
index cbd1930611..c44473d72a 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-1217e0d32488feda5672b5f2f6f6be10.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-1217e0d32488feda5672b5f2f6f6be10.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'SaveSettings' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the SaveSettings function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-28a102683d2de6c72760dd7d0e2159c9.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-28a102683d2de6c72760dd7d0e2159c9.yaml
index 1794fca5ab..9afa53faf6 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-28a102683d2de6c72760dd7d0e2159c9.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-28a102683d2de6c72760dd7d0e2159c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'logFilter' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the logFilter function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to filter and view logs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-3d292d211ef84b695362922dc8bdf57d.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-3d292d211ef84b695362922dc8bdf57d.yaml
index fd4a23c7e5..c959b6a2f9 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-3d292d211ef84b695362922dc8bdf57d.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-3d292d211ef84b695362922dc8bdf57d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'instantEditRedirect' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the instantEditRedirect function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify existing redirects on a vulnerable site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-5f79866291aaa54e9869bd9b8bbe5231.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-5f79866291aaa54e9869bd9b8bbe5231.yaml
index d52573d2d3..e5d21a0ff6 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-5f79866291aaa54e9869bd9b8bbe5231.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-5f79866291aaa54e9869bd9b8bbe5231.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'LoadTab' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the LoadTab function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to load tabs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-60528de5f76e38fabee103931a1b735a.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-60528de5f76e38fabee103931a1b735a.yaml
index d7b3892de8..95ea9ffdd8 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-60528de5f76e38fabee103931a1b735a.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-60528de5f76e38fabee103931a1b735a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'logPageContent' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the logPageContent function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to view redirect logs.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-6321b133726d239355f81b9be99d916b.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-6321b133726d239355f81b9be99d916b.yaml
index 8555917967..c62d4e96ff 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-6321b133726d239355f81b9be99d916b.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-6321b133726d239355f81b9be99d916b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'deleteRedirect' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized modification of settings due to a missing capability check on the deleteRedirect function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to delete site redirects.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-8392879a309371134897c994ca4719c8.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-8392879a309371134897c994ca4719c8.yaml
index 2b035bb3a2..17d3408667 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-8392879a309371134897c994ca4719c8.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-8392879a309371134897c994ca4719c8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'selectAll' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the selectAll function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to retrieve specific redirects.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-97d82c7c3e0d924cc99e2436cf7939dd.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-97d82c7c3e0d924cc99e2436cf7939dd.yaml
index f07f1db468..34f90138a6 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-97d82c7c3e0d924cc99e2436cf7939dd.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-97d82c7c3e0d924cc99e2436cf7939dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadSettings' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadSettings function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to load the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-a8b98bbbec0875de2bde4d3647cd15e1.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-a8b98bbbec0875de2bde4d3647cd15e1.yaml
index 9004d81637..35116cf7ae 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-a8b98bbbec0875de2bde4d3647cd15e1.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-a8b98bbbec0875de2bde4d3647cd15e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'bulkDelete' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkDelete function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to bulk delete redirect rules.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-aa77b46ba67be3115863377f556c5a4e.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-aa77b46ba67be3115863377f556c5a4e.yaml
index e3026208dc..4dc0d578f7 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-aa77b46ba67be3115863377f556c5a4e.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-aa77b46ba67be3115863377f556c5a4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadRedirectSettings' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized disclosure of data due to a missing capability check on the loadRedirectSettings function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to load and view redirect settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-cccbe637c2ca5b40eb7fbe65c1b79317.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-cccbe637c2ca5b40eb7fbe65c1b79317.yaml
index 72d1d24d01..3ccc7f0572 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-cccbe637c2ca5b40eb7fbe65c1b79317.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-cccbe637c2ca5b40eb7fbe65c1b79317.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'statusBulkEdit' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the statusBulkEdit function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to edit redirect rule statuses in bulk.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-d5ca64507af2d41a9a4ef9ba365317c0.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-d5ca64507af2d41a9a4ef9ba365317c0.yaml
index 9dbd4b9df9..d08adab82c 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-d5ca64507af2d41a9a4ef9ba365317c0.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-d5ca64507af2d41a9a4ef9ba365317c0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirect' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addRedirect function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to add redirects to a vulnerable site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-d9b1627f6db7a7b3f667f9603a20aaf3.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-d9b1627f6db7a7b3f667f9603a20aaf3.yaml
index f67e636783..912daef9d2 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-d9b1627f6db7a7b3f667f9603a20aaf3.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-d9b1627f6db7a7b3f667f9603a20aaf3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'saveRedirectSettings' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveRedirectSettings function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin's redirect settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-fc35edd680a0ec79497d3d82a4143e86.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-fc35edd680a0ec79497d3d82a4143e86.yaml
index 77128f62ca..f33c3e94d6 100644
--- a/nuclei-templates/cve-less/plugins/redirect-redirection-fc35edd680a0ec79497d3d82a4143e86.yaml
+++ b/nuclei-templates/cve-less/plugins/redirect-redirection-fc35edd680a0ec79497d3d82a4143e86.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirect Redirection <= 1.1.3 - Missing Authorization in 'liveSearch' function
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Redirect Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the liveSearch function called via an AJAX action in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with subscriber-level access, and above, to search redirect rules and settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirect-redirection/"
     google-query: inurl:"/wp-content/plugins/redirect-redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirect-redirection,medium
+  tags: cve,wordpress,wp-plugin,redirect-redirection,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redirection-cb361e2e4a8f09fdba16ef55d82e4742.yaml b/nuclei-templates/cve-less/plugins/redirection-cb361e2e4a8f09fdba16ef55d82e4742.yaml
index 9567b13444..113b1128ab 100644
--- a/nuclei-templates/cve-less/plugins/redirection-cb361e2e4a8f09fdba16ef55d82e4742.yaml
+++ b/nuclei-templates/cve-less/plugins/redirection-cb361e2e4a8f09fdba16ef55d82e4742.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Redirection <= 3.6.3 - Cross-Site Request Forgery to Remote Code Execution
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Redirection plugin suffers from a critical Cross-Site Request Forgery vulnerability that allows remote attackers to create a file on the target server and execute arbitrary code.  The attack requires an administrator visit a malicious website set up by the attacker, but does not require more interaction nor do they have to click on anything on the malicious website in order to trigger the exploit.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redirection/"
     google-query: inurl:"/wp-content/plugins/redirection/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redirection,high
+  tags: cve,wordpress,wp-plugin,redirection,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/redux-framework-fd34b68ddff550331d533d0325717761.yaml b/nuclei-templates/cve-less/plugins/redux-framework-fd34b68ddff550331d533d0325717761.yaml
index 7ae4bda0b8..6fe92d5afb 100644
--- a/nuclei-templates/cve-less/plugins/redux-framework-fd34b68ddff550331d533d0325717761.yaml
+++ b/nuclei-templates/cve-less/plugins/redux-framework-fd34b68ddff550331d533d0325717761.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gutenberg Template and Pattern Library & Redux Framework <= 4.1.20 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Gutenberg Template and Pattern Library & Redux Framework plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.20. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to modify settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/redux-framework/"
     google-query: inurl:"/wp-content/plugins/redux-framework/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,redux-framework,high
+  tags: cve,wordpress,wp-plugin,redux-framework,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/relevanssi-2c5ab69854e1511d339bef7563a27b08.yaml b/nuclei-templates/cve-less/plugins/relevanssi-2c5ab69854e1511d339bef7563a27b08.yaml
index 98d61273db..ea867274e4 100644
--- a/nuclei-templates/cve-less/plugins/relevanssi-2c5ab69854e1511d339bef7563a27b08.yaml
+++ b/nuclei-templates/cve-less/plugins/relevanssi-2c5ab69854e1511d339bef7563a27b08.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevanssi – A Better Search < 4.14.6 & Relevanssi – A Better Search Pro < 2.16.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Relevanssi – A Better Search plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions before 4.14.6 in the free version and 2.16.5 in the PRO version. This makes it possible for authenticated attackers with Subscriber-level roles and above to perform unauthorized AJAX actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/relevanssi/"
     google-query: inurl:"/wp-content/plugins/relevanssi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,relevanssi,medium
+  tags: cve,wordpress,wp-plugin,relevanssi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/relevanssi-2df9887091a9e43477c93a8f95a59867.yaml b/nuclei-templates/cve-less/plugins/relevanssi-2df9887091a9e43477c93a8f95a59867.yaml
index 9ba3d4fc68..d2450f4bda 100644
--- a/nuclei-templates/cve-less/plugins/relevanssi-2df9887091a9e43477c93a8f95a59867.yaml
+++ b/nuclei-templates/cve-less/plugins/relevanssi-2df9887091a9e43477c93a8f95a59867.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevanssi <= 3.6.0 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Relevanssi plugin for WordPress is vulnerable to generic SQL Injection via the ‘relevanssi_weight_’ parameter in versions up to, and including, 3.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/relevanssi/"
     google-query: inurl:"/wp-content/plugins/relevanssi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,relevanssi,high
+  tags: cve,wordpress,wp-plugin,relevanssi,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/relevanssi-premium-2c5ab69854e1511d339bef7563a27b08.yaml b/nuclei-templates/cve-less/plugins/relevanssi-premium-2c5ab69854e1511d339bef7563a27b08.yaml
index e691d515c2..c6becad4ab 100644
--- a/nuclei-templates/cve-less/plugins/relevanssi-premium-2c5ab69854e1511d339bef7563a27b08.yaml
+++ b/nuclei-templates/cve-less/plugins/relevanssi-premium-2c5ab69854e1511d339bef7563a27b08.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Relevanssi – A Better Search < 4.14.6 & Relevanssi – A Better Search Pro < 2.16.5 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Relevanssi – A Better Search plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions before 4.14.6 in the free version and 2.16.5 in the PRO version. This makes it possible for authenticated attackers with Subscriber-level roles and above to perform unauthorized AJAX actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/relevanssi-premium/"
     google-query: inurl:"/wp-content/plugins/relevanssi-premium/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,relevanssi-premium,medium
+  tags: cve,wordpress,wp-plugin,relevanssi-premium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/remote-upload-fc6507793e849585ffa987ba2f9e1c71.yaml b/nuclei-templates/cve-less/plugins/remote-upload-fc6507793e849585ffa987ba2f9e1c71.yaml
index 92f4b4e400..056f2f923f 100644
--- a/nuclei-templates/cve-less/plugins/remote-upload-fc6507793e849585ffa987ba2f9e1c71.yaml
+++ b/nuclei-templates/cve-less/plugins/remote-upload-fc6507793e849585ffa987ba2f9e1c71.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Remote Upload <= 1.2.1 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Remote Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/remote-upload/"
     google-query: inurl:"/wp-content/plugins/remote-upload/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,remote-upload,high
+  tags: cve,wordpress,wp-plugin,remote-upload,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/remove-add-to-cart-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/remove-add-to-cart-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3c78319d92..ca48303add 100644
--- a/nuclei-templates/cve-less/plugins/remove-add-to-cart-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/remove-add-to-cart-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/remove-add-to-cart-woocommerce/"
     google-query: inurl:"/wp-content/plugins/remove-add-to-cart-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,remove-add-to-cart-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,remove-add-to-cart-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rencontre-2f8f397bcad4eb939787697b135e157a.yaml b/nuclei-templates/cve-less/plugins/rencontre-2f8f397bcad4eb939787697b135e157a.yaml
index 93d745507b..773e671150 100644
--- a/nuclei-templates/cve-less/plugins/rencontre-2f8f397bcad4eb939787697b135e157a.yaml
+++ b/nuclei-templates/cve-less/plugins/rencontre-2f8f397bcad4eb939787697b135e157a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rencontre – Dating Site <= 3.1.3  - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rencontre – Dating Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'textmail' and 'textanniv' parameters in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rencontre/"
     google-query: inurl:"/wp-content/plugins/rencontre/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rencontre,medium
+  tags: cve,wordpress,wp-plugin,rencontre,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rencontre-3a45dc282f560e731773a059f5e7ca5d.yaml b/nuclei-templates/cve-less/plugins/rencontre-3a45dc282f560e731773a059f5e7ca5d.yaml
index 4db5e15145..e48e848f67 100644
--- a/nuclei-templates/cve-less/plugins/rencontre-3a45dc282f560e731773a059f5e7ca5d.yaml
+++ b/nuclei-templates/cve-less/plugins/rencontre-3a45dc282f560e731773a059f5e7ca5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rencontre – Dating Site <= 3.2.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Rencontre – Dating Site plugin for WordPress is vulnerable to SQL Injection via the 'activ' parameter in versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative capabilities to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rencontre/"
     google-query: inurl:"/wp-content/plugins/rencontre/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rencontre,high
+  tags: cve,wordpress,wp-plugin,rencontre,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rencontre-5c0349ca079e747f13053866a0f9f7b4.yaml b/nuclei-templates/cve-less/plugins/rencontre-5c0349ca079e747f13053866a0f9f7b4.yaml
index 51846cc54f..3fad165471 100644
--- a/nuclei-templates/cve-less/plugins/rencontre-5c0349ca079e747f13053866a0f9f7b4.yaml
+++ b/nuclei-templates/cve-less/plugins/rencontre-5c0349ca079e747f13053866a0f9f7b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rencontre – Dating Site <= 3.2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Rencontre – Dating Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2. This is due to missing nonce validation on several functions. This makes it possible for unauthenticated attackers to change the settings of the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rencontre/"
     google-query: inurl:"/wp-content/plugins/rencontre/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rencontre,high
+  tags: cve,wordpress,wp-plugin,rencontre,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rencontre-eb6a95dc8c6a4d6036eb6038576d5022.yaml b/nuclei-templates/cve-less/plugins/rencontre-eb6a95dc8c6a4d6036eb6038576d5022.yaml
index c4d5f2f90d..b6598ad32f 100644
--- a/nuclei-templates/cve-less/plugins/rencontre-eb6a95dc8c6a4d6036eb6038576d5022.yaml
+++ b/nuclei-templates/cve-less/plugins/rencontre-eb6a95dc8c6a4d6036eb6038576d5022.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rencontre – Dating Site <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Rencontre – Dating Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘facebook’ parameter in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rencontre/"
     google-query: inurl:"/wp-content/plugins/rencontre/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rencontre,medium
+  tags: cve,wordpress,wp-plugin,rencontre,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/required-taxonomies-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/required-taxonomies-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index dad8433060..527bc914f6 100644
--- a/nuclei-templates/cve-less/plugins/required-taxonomies-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/required-taxonomies-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/required-taxonomies/"
     google-query: inurl:"/wp-content/plugins/required-taxonomies/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,required-taxonomies,medium
+  tags: cve,wordpress,wp-plugin,required-taxonomies,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/reset-course-progress-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/reset-course-progress-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 692604dbca..92ed1b19e3 100644
--- a/nuclei-templates/cve-less/plugins/reset-course-progress-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/reset-course-progress-for-learndash-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reset-course-progress-for-learndash/"
     google-query: inurl:"/wp-content/plugins/reset-course-progress-for-learndash/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,reset-course-progress-for-learndash,medium
+  tags: cve,wordpress,wp-plugin,reset-course-progress-for-learndash,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/resize-image-after-upload-7d8fc6eda80cc32678a794e07adb8263.yaml b/nuclei-templates/cve-less/plugins/resize-image-after-upload-7d8fc6eda80cc32678a794e07adb8263.yaml
index a6ca063b5a..4fdb293bf7 100644
--- a/nuclei-templates/cve-less/plugins/resize-image-after-upload-7d8fc6eda80cc32678a794e07adb8263.yaml
+++ b/nuclei-templates/cve-less/plugins/resize-image-after-upload-7d8fc6eda80cc32678a794e07adb8263.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Resize Image After Upload <= 1.8.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Resize Image After Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.5 due to insufficient nonce validation in the jr_uploadresize_options() function. This makes it possible for unauthenticated attackers to update plugin settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/resize-image-after-upload/"
     google-query: inurl:"/wp-content/plugins/resize-image-after-upload/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,resize-image-after-upload,high
+  tags: cve,wordpress,wp-plugin,resize-image-after-upload,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/responsive-add-ons-c4bc19656917f2d34b4812810b207db1.yaml b/nuclei-templates/cve-less/plugins/responsive-add-ons-c4bc19656917f2d34b4812810b207db1.yaml
index 5877a9f541..d9c4ba5214 100644
--- a/nuclei-templates/cve-less/plugins/responsive-add-ons-c4bc19656917f2d34b4812810b207db1.yaml
+++ b/nuclei-templates/cve-less/plugins/responsive-add-ons-c4bc19656917f2d34b4812810b207db1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Starter Templates – Elementor & WordPress Templates <= 2.6.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Starter Templates – Elementor & WordPress Templates plugin for WordPress is vulnerable to stored cross-site scripting in versions up to, and including, 2.6.8. This allows authenticated users with Administrator-level permissions or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-add-ons/"
     google-query: inurl:"/wp-content/plugins/responsive-add-ons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,responsive-add-ons,medium
+  tags: cve,wordpress,wp-plugin,responsive-add-ons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/responsive-add-ons-e6d62601d9fb0272cdf0ccd211481dcd.yaml b/nuclei-templates/cve-less/plugins/responsive-add-ons-e6d62601d9fb0272cdf0ccd211481dcd.yaml
index 8c1b98378e..11eea12b8e 100644
--- a/nuclei-templates/cve-less/plugins/responsive-add-ons-e6d62601d9fb0272cdf0ccd211481dcd.yaml
+++ b/nuclei-templates/cve-less/plugins/responsive-add-ons-e6d62601d9fb0272cdf0ccd211481dcd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Starter Templates – Elementor & WordPress Templates <= 2.6.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Starter Templates – Elementor & WordPress Templates is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.8. This allows authenticated users with administrator-level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-add-ons/"
     google-query: inurl:"/wp-content/plugins/responsive-add-ons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,responsive-add-ons,medium
+  tags: cve,wordpress,wp-plugin,responsive-add-ons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/responsive-facebook-and-twitter-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/responsive-facebook-and-twitter-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0882208ff3..00ceba8d32 100644
--- a/nuclei-templates/cve-less/plugins/responsive-facebook-and-twitter-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/responsive-facebook-and-twitter-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-facebook-and-twitter-widget/"
     google-query: inurl:"/wp-content/plugins/responsive-facebook-and-twitter-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,responsive-facebook-and-twitter-widget,medium
+  tags: cve,wordpress,wp-plugin,responsive-facebook-and-twitter-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/responsive-lightbox-7b55e5afda1f744808ef7891452f6863.yaml b/nuclei-templates/cve-less/plugins/responsive-lightbox-7b55e5afda1f744808ef7891452f6863.yaml
index 9c594fe4ff..09c8eea8ea 100644
--- a/nuclei-templates/cve-less/plugins/responsive-lightbox-7b55e5afda1f744808ef7891452f6863.yaml
+++ b/nuclei-templates/cve-less/plugins/responsive-lightbox-7b55e5afda1f744808ef7891452f6863.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Lightbox & Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sanitize_field’ function in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on text fields. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-lightbox/"
     google-query: inurl:"/wp-content/plugins/responsive-lightbox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,responsive-lightbox,medium
+  tags: cve,wordpress,wp-plugin,responsive-lightbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/responsive-lightbox2-87b6d9e5131d99ef758c739f3a95c342.yaml b/nuclei-templates/cve-less/plugins/responsive-lightbox2-87b6d9e5131d99ef758c739f3a95c342.yaml
index f300f9b42d..f5097f0983 100644
--- a/nuclei-templates/cve-less/plugins/responsive-lightbox2-87b6d9e5131d99ef758c739f3a95c342.yaml
+++ b/nuclei-templates/cve-less/plugins/responsive-lightbox2-87b6d9e5131d99ef758c739f3a95c342.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Lightbox2 <= 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Responsive Lightbox2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hyperlink’ attribute in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-lightbox2/"
     google-query: inurl:"/wp-content/plugins/responsive-lightbox2/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,responsive-lightbox2,medium
+  tags: cve,wordpress,wp-plugin,responsive-lightbox2,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/responsive-poll-7eb5e40a54b7b7c228b5d29ef47daaf0.yaml b/nuclei-templates/cve-less/plugins/responsive-poll-7eb5e40a54b7b7c228b5d29ef47daaf0.yaml
index 1bdac1ac84..6f3d286d78 100644
--- a/nuclei-templates/cve-less/plugins/responsive-poll-7eb5e40a54b7b7c228b5d29ef47daaf0.yaml
+++ b/nuclei-templates/cve-less/plugins/responsive-poll-7eb5e40a54b7b7c228b5d29ef47daaf0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Poll < 1.7.6 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Responsive Poll plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions before 1.7.6 due to insufficient input sanitization and output escaping and missing nonce validation. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser, granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/responsive-poll/"
     google-query: inurl:"/wp-content/plugins/responsive-poll/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,responsive-poll,high
+  tags: cve,wordpress,wp-plugin,responsive-poll,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rest-routes-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/rest-routes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6a598db9d2..3ec58f683c 100644
--- a/nuclei-templates/cve-less/plugins/rest-routes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/rest-routes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rest-routes/"
     google-query: inurl:"/wp-content/plugins/rest-routes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rest-routes,medium
+  tags: cve,wordpress,wp-plugin,rest-routes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-86b13954ec743e9dcd370ce47777c030.yaml b/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-86b13954ec743e9dcd370ce47777c030.yaml
index b4822335b4..c2769be380 100644
--- a/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-86b13954ec743e9dcd370ce47777c030.yaml
+++ b/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-86b13954ec743e9dcd370ce47777c030.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restaurant & Cafe Addon for Elementor <= 1.5.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the rcafe_bw_settings_save_func(), rctl_bw_toggle_submit_func(), rcafe_uw_settings_save_func(), and rctl_uw_toggle_submit_func() functions all hooked via nopriv AJAX actions in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restaurant-cafe-addon-for-elementor/"
     google-query: inurl:"/wp-content/plugins/restaurant-cafe-addon-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,restaurant-cafe-addon-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,restaurant-cafe-addon-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 40e2f57177..c509bef2e6 100644
--- a/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restaurant-cafe-addon-for-elementor/"
     google-query: inurl:"/wp-content/plugins/restaurant-cafe-addon-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,restaurant-cafe-addon-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,restaurant-cafe-addon-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/restrict-content-69f3351aa6a5162d89a81a8e42b30fee.yaml b/nuclei-templates/cve-less/plugins/restrict-content-69f3351aa6a5162d89a81a8e42b30fee.yaml
index 74836cfadc..52b627beda 100644
--- a/nuclei-templates/cve-less/plugins/restrict-content-69f3351aa6a5162d89a81a8e42b30fee.yaml
+++ b/nuclei-templates/cve-less/plugins/restrict-content-69f3351aa6a5162d89a81a8e42b30fee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Restrict Content <= 3.2.2 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Restrict Content plugin for WordPress is vulnerable to unauthorized notice dismissal due to a missing capability check on the rcp_ajax_dismissed_notice_handler() function in versions up to, and including, 3.2.2. This makes it possible for authenticated attackers with subscriber-level access and above to dismiss plugin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restrict-content/"
     google-query: inurl:"/wp-content/plugins/restrict-content/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,restrict-content,medium
+  tags: cve,wordpress,wp-plugin,restrict-content,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/restrict-user-access-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/restrict-user-access-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 75336c0eeb..4830d03dc9 100644
--- a/nuclei-templates/cve-less/plugins/restrict-user-access-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/restrict-user-access-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restrict-user-access/"
     google-query: inurl:"/wp-content/plugins/restrict-user-access/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,restrict-user-access,medium
+  tags: cve,wordpress,wp-plugin,restrict-user-access,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/restricted-content-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/restricted-content-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 259ed52bef..779fb87625 100644
--- a/nuclei-templates/cve-less/plugins/restricted-content-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/restricted-content-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restricted-content/"
     google-query: inurl:"/wp-content/plugins/restricted-content/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,restricted-content,medium
+  tags: cve,wordpress,wp-plugin,restricted-content,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/restropress-7045891b02879797f89361d3201b5ab1.yaml b/nuclei-templates/cve-less/plugins/restropress-7045891b02879797f89361d3201b5ab1.yaml
index f813b65052..80d80de076 100644
--- a/nuclei-templates/cve-less/plugins/restropress-7045891b02879797f89361d3201b5ab1.yaml
+++ b/nuclei-templates/cve-less/plugins/restropress-7045891b02879797f89361d3201b5ab1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RestroPress <= 2.8.2 - Cross-Site Request Forgery to Cart Manipulation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The RestroPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.2. This is due to missing nonce validation on various AJAX actions. This makes it possible for unauthenticated attackers to modify the contents of other users' carts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restropress/"
     google-query: inurl:"/wp-content/plugins/restropress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,restropress,high
+  tags: cve,wordpress,wp-plugin,restropress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/restropress-a008c3a52fa94300e9ec331bd11a1546.yaml b/nuclei-templates/cve-less/plugins/restropress-a008c3a52fa94300e9ec331bd11a1546.yaml
index 37aa285b5b..0854afde20 100644
--- a/nuclei-templates/cve-less/plugins/restropress-a008c3a52fa94300e9ec331bd11a1546.yaml
+++ b/nuclei-templates/cve-less/plugins/restropress-a008c3a52fa94300e9ec331bd11a1546.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RestroPress <= 2.8.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RestroPress plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 2.8.3. This is due to improper nonce and capability checks in several of the AJAX calls. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to access restricted order information and edit the order status.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/restropress/"
     google-query: inurl:"/wp-content/plugins/restropress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,restropress,medium
+  tags: cve,wordpress,wp-plugin,restropress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/review-buddypress-groups-df796716cdd12b786f639a85872402ce.yaml b/nuclei-templates/cve-less/plugins/review-buddypress-groups-df796716cdd12b786f639a85872402ce.yaml
index 3bae0d3519..91a3e9db76 100644
--- a/nuclei-templates/cve-less/plugins/review-buddypress-groups-df796716cdd12b786f639a85872402ce.yaml
+++ b/nuclei-templates/cve-less/plugins/review-buddypress-groups-df796716cdd12b786f639a85872402ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wbcom Designs – BuddyPress Group Reviews <= 2.8.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wbcom Designs – BuddyPress Group Reviews plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/review-buddypress-groups/"
     google-query: inurl:"/wp-content/plugins/review-buddypress-groups/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,review-buddypress-groups,medium
+  tags: cve,wordpress,wp-plugin,review-buddypress-groups,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/review-engine-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/review-engine-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ac6ec09d08..1fb521745d 100644
--- a/nuclei-templates/cve-less/plugins/review-engine-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/review-engine-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/review-engine/"
     google-query: inurl:"/wp-content/plugins/review-engine/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,review-engine,medium
+  tags: cve,wordpress,wp-plugin,review-engine,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/reviewpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/reviewpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cb3a1b7f43..f7f7e2763b 100644
--- a/nuclei-templates/cve-less/plugins/reviewpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/reviewpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reviewpress/"
     google-query: inurl:"/wp-content/plugins/reviewpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,reviewpress,medium
+  tags: cve,wordpress,wp-plugin,reviewpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/reviewx-d13b6e0194ead1aa761a79dc4de31982.yaml b/nuclei-templates/cve-less/plugins/reviewx-d13b6e0194ead1aa761a79dc4de31982.yaml
index 8c88de2097..216322236a 100644
--- a/nuclei-templates/cve-less/plugins/reviewx-d13b6e0194ead1aa761a79dc4de31982.yaml
+++ b/nuclei-templates/cve-less/plugins/reviewx-d13b6e0194ead1aa761a79dc4de31982.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Reviews Plugin with Multi-criteria Rating by ReviewX < 1.2.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WooCommerce Reviews Plugin with Multi-criteria Rating by ReviewX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.2.9. This is due to missing nonce validation in the ~/app/Controllers/Storefront/ReviewxPublic.php file. This makes it possible for unauthenticated attackers to perform unauthorized AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/reviewx/"
     google-query: inurl:"/wp-content/plugins/reviewx/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,reviewx,high
+  tags: cve,wordpress,wp-plugin,reviewx,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/revolution-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/revolution-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index fc780f2a7d..af19e3845d 100644
--- a/nuclei-templates/cve-less/plugins/revolution-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/revolution-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/revolution-for-elementor/"
     google-query: inurl:"/wp-content/plugins/revolution-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,revolution-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,revolution-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rm-mailchimp-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/rm-mailchimp-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 57511121fc..b05804d5af 100644
--- a/nuclei-templates/cve-less/plugins/rm-mailchimp-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/rm-mailchimp-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rm-mailchimp-manager/"
     google-query: inurl:"/wp-content/plugins/rm-mailchimp-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rm-mailchimp-manager,medium
+  tags: cve,wordpress,wp-plugin,rm-mailchimp-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/robokassa-a1f3ce23c26813a2d0636e6681a66fe2.yaml b/nuclei-templates/cve-less/plugins/robokassa-a1f3ce23c26813a2d0636e6681a66fe2.yaml
index cb55ad8920..42b2ed6535 100644
--- a/nuclei-templates/cve-less/plugins/robokassa-a1f3ce23c26813a2d0636e6681a66fe2.yaml
+++ b/nuclei-templates/cve-less/plugins/robokassa-a1f3ce23c26813a2d0636e6681a66fe2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Robokassa payment gateway for Woocommerce <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Robokassa payment gateway for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/robokassa/"
     google-query: inurl:"/wp-content/plugins/robokassa/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,robokassa,medium
+  tags: cve,wordpress,wp-plugin,robokassa,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rocket-maintenance-mode-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/rocket-maintenance-mode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 41948021f2..0b4703553f 100644
--- a/nuclei-templates/cve-less/plugins/rocket-maintenance-mode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/rocket-maintenance-mode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rocket-maintenance-mode/"
     google-query: inurl:"/wp-content/plugins/rocket-maintenance-mode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rocket-maintenance-mode,medium
+  tags: cve,wordpress,wp-plugin,rocket-maintenance-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/role-scoper-25222fc492113823793e49be1ec42e70.yaml b/nuclei-templates/cve-less/plugins/role-scoper-25222fc492113823793e49be1ec42e70.yaml
index aafdc9a183..60e1cc3840 100644
--- a/nuclei-templates/cve-less/plugins/role-scoper-25222fc492113823793e49be1ec42e70.yaml
+++ b/nuclei-templates/cve-less/plugins/role-scoper-25222fc492113823793e49be1ec42e70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Role Scoper <= 1.3.64 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Role Scoper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.3.64 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/role-scoper/"
     google-query: inurl:"/wp-content/plugins/role-scoper/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,role-scoper,high
+  tags: cve,wordpress,wp-plugin,role-scoper,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-0482c6a15acfe9611a210ed128b0e569.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-0482c6a15acfe9611a210ed128b0e569.yaml
index 9cab3cf542..8b3107c051 100644
--- a/nuclei-templates/cve-less/plugins/royal-elementor-addons-0482c6a15acfe9611a210ed128b0e569.yaml
+++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-0482c6a15acfe9611a210ed128b0e569.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.55. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link. This may lead to template creation and deletion.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,high
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5405e458fa..521de3a0e7 100644
--- a/nuclei-templates/cve-less/plugins/royal-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/royal-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/royal-elementor-addons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,royal-elementor-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rss-includes-pages-e82724cb73e8d739a7e74ba12a2c0b77.yaml b/nuclei-templates/cve-less/plugins/rss-includes-pages-e82724cb73e8d739a7e74ba12a2c0b77.yaml
index 47174770de..e29eb5fb17 100644
--- a/nuclei-templates/cve-less/plugins/rss-includes-pages-e82724cb73e8d739a7e74ba12a2c0b77.yaml
+++ b/nuclei-templates/cve-less/plugins/rss-includes-pages-e82724cb73e8d739a7e74ba12a2c0b77.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSS Includes Pages <= 3.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RSS Includes Pages plugin plugin for WordPress is vulnerable to Cross-Site Scripting via the 'REQUEST_URI' parameter in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rss-includes-pages/"
     google-query: inurl:"/wp-content/plugins/rss-includes-pages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rss-includes-pages,medium
+  tags: cve,wordpress,wp-plugin,rss-includes-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rsvp-72cd99005222b05f8d3ba5703b3d3c18.yaml b/nuclei-templates/cve-less/plugins/rsvp-72cd99005222b05f8d3ba5703b3d3c18.yaml
index 61b04a4f60..d8f798c8b2 100644
--- a/nuclei-templates/cve-less/plugins/rsvp-72cd99005222b05f8d3ba5703b3d3c18.yaml
+++ b/nuclei-templates/cve-less/plugins/rsvp-72cd99005222b05f8d3ba5703b3d3c18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RSVP and Event Management <= 2.7.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RSVP and Event Management plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.7.4  due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rsvp/"
     google-query: inurl:"/wp-content/plugins/rsvp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rsvp,medium
+  tags: cve,wordpress,wp-plugin,rsvp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rt-custom-css-page-and-post-702f90b8bb07e6c13ea1a4bcd70721ac.yaml b/nuclei-templates/cve-less/plugins/rt-custom-css-page-and-post-702f90b8bb07e6c13ea1a4bcd70721ac.yaml
index 961e64e948..5a30c7ce5e 100644
--- a/nuclei-templates/cve-less/plugins/rt-custom-css-page-and-post-702f90b8bb07e6c13ea1a4bcd70721ac.yaml
+++ b/nuclei-templates/cve-less/plugins/rt-custom-css-page-and-post-702f90b8bb07e6c13ea1a4bcd70721ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Royal Custom CSS for Page and Post <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Royal Custom CSS for Page and Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'royal_custom_css' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rt-custom-css-page-and-post/"
     google-query: inurl:"/wp-content/plugins/rt-custom-css-page-and-post/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rt-custom-css-page-and-post,medium
+  tags: cve,wordpress,wp-plugin,rt-custom-css-page-and-post,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rt-easy-builder-advanced-addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/rt-easy-builder-advanced-addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 01fde4f89e..97d0c5b861 100644
--- a/nuclei-templates/cve-less/plugins/rt-easy-builder-advanced-addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/rt-easy-builder-advanced-addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rt-easy-builder-advanced-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,rt-easy-builder-advanced-addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/run-time-image-resizing-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/run-time-image-resizing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 01ee9e6039..1288cf90b6 100644
--- a/nuclei-templates/cve-less/plugins/run-time-image-resizing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/run-time-image-resizing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/run-time-image-resizing/"
     google-query: inurl:"/wp-content/plugins/run-time-image-resizing/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,run-time-image-resizing,medium
+  tags: cve,wordpress,wp-plugin,run-time-image-resizing,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/running-line-b2a2498dae5be84f29d9989669186b97.yaml b/nuclei-templates/cve-less/plugins/running-line-b2a2498dae5be84f29d9989669186b97.yaml
index 4d65bb4ec2..e75ac79fa0 100644
--- a/nuclei-templates/cve-less/plugins/running-line-b2a2498dae5be84f29d9989669186b97.yaml
+++ b/nuclei-templates/cve-less/plugins/running-line-b2a2498dae5be84f29d9989669186b97.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Running Line <= 1.2 - Cross-Site Request Forgery to Settings Update
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Running Line plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2 due to missing nonce validation on the running_line_admin() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and potentially inject malicious web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/running-line/"
     google-query: inurl:"/wp-content/plugins/running-line/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,running-line,high
+  tags: cve,wordpress,wp-plugin,running-line,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rvg-optimize-database-5f21cea7a9aedb5442f3d8dbb7f2496a.yaml b/nuclei-templates/cve-less/plugins/rvg-optimize-database-5f21cea7a9aedb5442f3d8dbb7f2496a.yaml
index 130cc7ab2d..f1fce60468 100644
--- a/nuclei-templates/cve-less/plugins/rvg-optimize-database-5f21cea7a9aedb5442f3d8dbb7f2496a.yaml
+++ b/nuclei-templates/cve-less/plugins/rvg-optimize-database-5f21cea7a9aedb5442f3d8dbb7f2496a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Optimize Database after Deleting Revisions <= 5.0.110 - Missing Authorization via 'odb_csv_download'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Optimize Database after Deleting Revisions plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 5.0.110. This is due to a missing capability check on the 'odb_csv_download' function which is hooked via admin_init. This makes it possible for unauthenticated attackers to trigger a download of the plugin's data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rvg-optimize-database/"
     google-query: inurl:"/wp-content/plugins/rvg-optimize-database/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rvg-optimize-database,medium
+  tags: cve,wordpress,wp-plugin,rvg-optimize-database,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/rw-divi-unite-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/rw-divi-unite-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d092073761..30e4970171 100644
--- a/nuclei-templates/cve-less/plugins/rw-divi-unite-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/rw-divi-unite-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/rw-divi-unite-gallery/"
     google-query: inurl:"/wp-content/plugins/rw-divi-unite-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,rw-divi-unite-gallery,medium
+  tags: cve,wordpress,wp-plugin,rw-divi-unite-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/s3-video-83c44f74fb6f267a714fb43018452c84.yaml b/nuclei-templates/cve-less/plugins/s3-video-83c44f74fb6f267a714fb43018452c84.yaml
index ff0b789a20..7665370bee 100644
--- a/nuclei-templates/cve-less/plugins/s3-video-83c44f74fb6f267a714fb43018452c84.yaml
+++ b/nuclei-templates/cve-less/plugins/s3-video-83c44f74fb6f267a714fb43018452c84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     S3 Video Plugin < 0.98 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The S3 Video Plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 0.98 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/s3-video/"
     google-query: inurl:"/wp-content/plugins/s3-video/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,s3-video,medium
+  tags: cve,wordpress,wp-plugin,s3-video,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/s3-video-98fa09468510e4f3d608da204df8d702.yaml b/nuclei-templates/cve-less/plugins/s3-video-98fa09468510e4f3d608da204df8d702.yaml
index d74924f71a..8a6225323a 100644
--- a/nuclei-templates/cve-less/plugins/s3-video-98fa09468510e4f3d608da204df8d702.yaml
+++ b/nuclei-templates/cve-less/plugins/s3-video-98fa09468510e4f3d608da204df8d702.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VideoJS (Various Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The S3 Video, EasySqueezePage, External "Video for Everybody", Videopack, and 1player plugins for WordPress are vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of VideoJS in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/s3-video/"
     google-query: inurl:"/wp-content/plugins/s3-video/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,s3-video,medium
+  tags: cve,wordpress,wp-plugin,s3-video,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/s3audible-amazon-s3-music-player-73b7b4fd6adbc8f05bd6aa0607d34105.yaml b/nuclei-templates/cve-less/plugins/s3audible-amazon-s3-music-player-73b7b4fd6adbc8f05bd6aa0607d34105.yaml
index fb64ee6bd0..0918e98065 100644
--- a/nuclei-templates/cve-less/plugins/s3audible-amazon-s3-music-player-73b7b4fd6adbc8f05bd6aa0607d34105.yaml
+++ b/nuclei-templates/cve-less/plugins/s3audible-amazon-s3-music-player-73b7b4fd6adbc8f05bd6aa0607d34105.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     S3bubble Amazon S3 Media Streaming <= 3.5.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The S3bubble Amazon S3 Media Streaming plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.5.4 due to inclusion of a vulnerable version of jPlayer. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/s3audible-amazon-s3-music-player/"
     google-query: inurl:"/wp-content/plugins/s3audible-amazon-s3-music-player/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,s3audible-amazon-s3-music-player,medium
+  tags: cve,wordpress,wp-plugin,s3audible-amazon-s3-music-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/safe-svg-de5739613e14a996b46539b30ca9beab.yaml b/nuclei-templates/cve-less/plugins/safe-svg-de5739613e14a996b46539b30ca9beab.yaml
index f1a5e64788..091df77a25 100644
--- a/nuclei-templates/cve-less/plugins/safe-svg-de5739613e14a996b46539b30ca9beab.yaml
+++ b/nuclei-templates/cve-less/plugins/safe-svg-de5739613e14a996b46539b30ca9beab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Safe SVG <= 1.9.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Safe SVG plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/safe-svg/"
     google-query: inurl:"/wp-content/plugins/safe-svg/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,safe-svg,medium
+  tags: cve,wordpress,wp-plugin,safe-svg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index fed2a875a5..c36fb0e5ea 100644
--- a/nuclei-templates/cve-less/plugins/salon-booking-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/salon-booking-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/salon-booking-system/"
     google-query: inurl:"/wp-content/plugins/salon-booking-system/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,salon-booking-system,medium
+  tags: cve,wordpress,wp-plugin,salon-booking-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sam-pro-free-0f6c840a3fb64dbbf3be23d21800f577.yaml b/nuclei-templates/cve-less/plugins/sam-pro-free-0f6c840a3fb64dbbf3be23d21800f577.yaml
index 2e016479ad..6e439105fe 100644
--- a/nuclei-templates/cve-less/plugins/sam-pro-free-0f6c840a3fb64dbbf3be23d21800f577.yaml
+++ b/nuclei-templates/cve-less/plugins/sam-pro-free-0f6c840a3fb64dbbf3be23d21800f577.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SAM Pro (Free Edition) < 1.9.7.69 & Simple Ads Manager <= 2.10.0.130 & SAM Pro Lite < 1.9.0.53 - Local/Remote File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The SAM Pro (Free Edition) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7.68 via the 'wap' parameter. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. In certain configurations, the plugin is also vulnerable to Remote File Inclusion via the same parameter. This allows authenticated attackers to include remote files on the server, resulting in code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sam-pro-free/"
     google-query: inurl:"/wp-content/plugins/sam-pro-free/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sam-pro-free,high
+  tags: cve,wordpress,wp-plugin,sam-pro-free,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sam-pro-lite-0f6c840a3fb64dbbf3be23d21800f577.yaml b/nuclei-templates/cve-less/plugins/sam-pro-lite-0f6c840a3fb64dbbf3be23d21800f577.yaml
index d74ed234e8..c15c6ed0b0 100644
--- a/nuclei-templates/cve-less/plugins/sam-pro-lite-0f6c840a3fb64dbbf3be23d21800f577.yaml
+++ b/nuclei-templates/cve-less/plugins/sam-pro-lite-0f6c840a3fb64dbbf3be23d21800f577.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SAM Pro (Free Edition) < 1.9.7.69 & Simple Ads Manager <= 2.10.0.130 & SAM Pro Lite < 1.9.0.53 - Local/Remote File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The SAM Pro (Free Edition) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7.68 via the 'wap' parameter. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. In certain configurations, the plugin is also vulnerable to Remote File Inclusion via the same parameter. This allows authenticated attackers to include remote files on the server, resulting in code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sam-pro-lite/"
     google-query: inurl:"/wp-content/plugins/sam-pro-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sam-pro-lite,high
+  tags: cve,wordpress,wp-plugin,sam-pro-lite,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sb-uploader-987ba48a8effbae5bcbbbe65d3a7dff9.yaml b/nuclei-templates/cve-less/plugins/sb-uploader-987ba48a8effbae5bcbbbe65d3a7dff9.yaml
index 8b70fe2d56..4882dd977b 100644
--- a/nuclei-templates/cve-less/plugins/sb-uploader-987ba48a8effbae5bcbbbe65d3a7dff9.yaml
+++ b/nuclei-templates/cve-less/plugins/sb-uploader-987ba48a8effbae5bcbbbe65d3a7dff9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SB Uploader <= 4.8 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The SB Uploader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the sb_uploader.php file in versions up to, and including, 4.8. This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sb-uploader/"
     google-query: inurl:"/wp-content/plugins/sb-uploader/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sb-uploader,high
+  tags: cve,wordpress,wp-plugin,sb-uploader,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/scheduled-notification-bar-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/scheduled-notification-bar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3eaaff72c0..4997ca1437 100644
--- a/nuclei-templates/cve-less/plugins/scheduled-notification-bar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/scheduled-notification-bar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scheduled-notification-bar/"
     google-query: inurl:"/wp-content/plugins/scheduled-notification-bar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,scheduled-notification-bar,medium
+  tags: cve,wordpress,wp-plugin,scheduled-notification-bar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/school-management-3f1c3ad85ad1a49bfdfa7d4e3b840987.yaml b/nuclei-templates/cve-less/plugins/school-management-3f1c3ad85ad1a49bfdfa7d4e3b840987.yaml
index 6fbb41795a..5e27836895 100644
--- a/nuclei-templates/cve-less/plugins/school-management-3f1c3ad85ad1a49bfdfa7d4e3b840987.yaml
+++ b/nuclei-templates/cve-less/plugins/school-management-3f1c3ad85ad1a49bfdfa7d4e3b840987.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     School Management System for Wordpress <= 56.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The School Management System for Wordpress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 56.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious code via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/school-management/"
     google-query: inurl:"/wp-content/plugins/school-management/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,school-management,high
+  tags: cve,wordpress,wp-plugin,school-management,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/scrollsequence-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/scrollsequence-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8f9cacc440..eff00c6cdf 100644
--- a/nuclei-templates/cve-less/plugins/scrollsequence-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/scrollsequence-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/scrollsequence/"
     google-query: inurl:"/wp-content/plugins/scrollsequence/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,scrollsequence,medium
+  tags: cve,wordpress,wp-plugin,scrollsequence,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/search-and-share-63d0d67aa5aba2dddaa9648ffc434152.yaml b/nuclei-templates/cve-less/plugins/search-and-share-63d0d67aa5aba2dddaa9648ffc434152.yaml
index 73546d3cbf..3382cdf9dc 100644
--- a/nuclei-templates/cve-less/plugins/search-and-share-63d0d67aa5aba2dddaa9648ffc434152.yaml
+++ b/nuclei-templates/cve-less/plugins/search-and-share-63d0d67aa5aba2dddaa9648ffc434152.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Search and Share <= 0.9.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Search and Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ZeroClipboard.swf’ file in versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/search-and-share/"
     google-query: inurl:"/wp-content/plugins/search-and-share/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,search-and-share,medium
+  tags: cve,wordpress,wp-plugin,search-and-share,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/second-street-promotion-3cb680b76cd76f74dd3e1108311fe7fe.yaml b/nuclei-templates/cve-less/plugins/second-street-promotion-3cb680b76cd76f74dd3e1108311fe7fe.yaml
index b16513ea51..b15b66c8f9 100644
--- a/nuclei-templates/cve-less/plugins/second-street-promotion-3cb680b76cd76f74dd3e1108311fe7fe.yaml
+++ b/nuclei-templates/cve-less/plugins/second-street-promotion-3cb680b76cd76f74dd3e1108311fe7fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Second Street <= 3.1.6 - Stored Cross-Site Scripting via organization_id
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The plugin Second Street for WordPress is vulnerable to Stored Cross-Site Scripting via the organization_id parameter in versions up to and including 3.1.6 due to insufficient output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/second-street-promotion/"
     google-query: inurl:"/wp-content/plugins/second-street-promotion/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,second-street-promotion,medium
+  tags: cve,wordpress,wp-plugin,second-street-promotion,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/secure-ip-logins-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/secure-ip-logins-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3d8eb08597..8f5696f8ed 100644
--- a/nuclei-templates/cve-less/plugins/secure-ip-logins-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/secure-ip-logins-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/secure-ip-logins/"
     google-query: inurl:"/wp-content/plugins/secure-ip-logins/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,secure-ip-logins,medium
+  tags: cve,wordpress,wp-plugin,secure-ip-logins,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/security-ninja-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/security-ninja-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 932352dcc2..5684c3d53c 100644
--- a/nuclei-templates/cve-less/plugins/security-ninja-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/security-ninja-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/security-ninja/"
     google-query: inurl:"/wp-content/plugins/security-ninja/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,security-ninja,medium
+  tags: cve,wordpress,wp-plugin,security-ninja,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/security-safe-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/security-safe-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0df8a4fb72..aaf1de1523 100644
--- a/nuclei-templates/cve-less/plugins/security-safe-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/security-safe-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/security-safe/"
     google-query: inurl:"/wp-content/plugins/security-safe/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,security-safe,medium
+  tags: cve,wordpress,wp-plugin,security-safe,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sell-photo-655bb3b8d4438b69c94c0ae63c754913.yaml b/nuclei-templates/cve-less/plugins/sell-photo-655bb3b8d4438b69c94c0ae63c754913.yaml
index d3196d1486..11cf5dc0eb 100644
--- a/nuclei-templates/cve-less/plugins/sell-photo-655bb3b8d4438b69c94c0ae63c754913.yaml
+++ b/nuclei-templates/cve-less/plugins/sell-photo-655bb3b8d4438b69c94c0ae63c754913.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sell Photo <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Sell Photo plugin for WordPress is vulnerable to Cross-Site Scripting via the 'button_anchor' parameter in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sell-photo/"
     google-query: inurl:"/wp-content/plugins/sell-photo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sell-photo,medium
+  tags: cve,wordpress,wp-plugin,sell-photo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/send-pdf-for-contact-form-7-9b9891b7d15de10b021b57247a686e05.yaml b/nuclei-templates/cve-less/plugins/send-pdf-for-contact-form-7-9b9891b7d15de10b021b57247a686e05.yaml
index 91c063d166..1c0bbe34d2 100644
--- a/nuclei-templates/cve-less/plugins/send-pdf-for-contact-form-7-9b9891b7d15de10b021b57247a686e05.yaml
+++ b/nuclei-templates/cve-less/plugins/send-pdf-for-contact-form-7-9b9891b7d15de10b021b57247a686e05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Send PDF for Contact Form 7 <= 0.9.1 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on multiple parameters. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/send-pdf-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/send-pdf-for-contact-form-7/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,send-pdf-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,send-pdf-for-contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/send-prebuilt-emails-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/send-prebuilt-emails-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0f92f14cd5..947f5ed970 100644
--- a/nuclei-templates/cve-less/plugins/send-prebuilt-emails-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/send-prebuilt-emails-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/send-prebuilt-emails/"
     google-query: inurl:"/wp-content/plugins/send-prebuilt-emails/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,send-prebuilt-emails,medium
+  tags: cve,wordpress,wp-plugin,send-prebuilt-emails,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sendpress-2b3a10a2b0c01a20025a0d9db118f2df.yaml b/nuclei-templates/cve-less/plugins/sendpress-2b3a10a2b0c01a20025a0d9db118f2df.yaml
index 5288b0839a..ed6c6dc137 100644
--- a/nuclei-templates/cve-less/plugins/sendpress-2b3a10a2b0c01a20025a0d9db118f2df.yaml
+++ b/nuclei-templates/cve-less/plugins/sendpress-2b3a10a2b0c01a20025a0d9db118f2df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SendPress Newsletters < 1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SendPress Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'listID' & 'subscriberID’ parameters in versions up to, and including, 1.1.7.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sendpress/"
     google-query: inurl:"/wp-content/plugins/sendpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sendpress,medium
+  tags: cve,wordpress,wp-plugin,sendpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sendpress-446bb803ccb7ab54ba9c587af27ed178.yaml b/nuclei-templates/cve-less/plugins/sendpress-446bb803ccb7ab54ba9c587af27ed178.yaml
index 0cfc0f4ee3..c87c3493ec 100644
--- a/nuclei-templates/cve-less/plugins/sendpress-446bb803ccb7ab54ba9c587af27ed178.yaml
+++ b/nuclei-templates/cve-less/plugins/sendpress-446bb803ccb7ab54ba9c587af27ed178.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SendPress Newsletters < 1.20.7.13 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.20.6.08 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sendpress/"
     google-query: inurl:"/wp-content/plugins/sendpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sendpress,medium
+  tags: cve,wordpress,wp-plugin,sendpress,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/seo-automated-link-building-e894a6552613ace9ff7694fe7f0247a5.yaml b/nuclei-templates/cve-less/plugins/seo-automated-link-building-e894a6552613ace9ff7694fe7f0247a5.yaml
index e5f34c98ae..2a59669118 100644
--- a/nuclei-templates/cve-less/plugins/seo-automated-link-building-e894a6552613ace9ff7694fe7f0247a5.yaml
+++ b/nuclei-templates/cve-less/plugins/seo-automated-link-building-e894a6552613ace9ff7694fe7f0247a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Internal Links Manager <= 2.1.0 - Multiple Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Internal Links Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Internal Title (title)' and 'Link Title (titleattr)' fields in versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-automated-link-building/"
     google-query: inurl:"/wp-content/plugins/seo-automated-link-building/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,seo-automated-link-building,medium
+  tags: cve,wordpress,wp-plugin,seo-automated-link-building,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/seo-booster-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/seo-booster-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 333858d660..f09b66c825 100644
--- a/nuclei-templates/cve-less/plugins/seo-booster-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/seo-booster-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-booster/"
     google-query: inurl:"/wp-content/plugins/seo-booster/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,seo-booster,medium
+  tags: cve,wordpress,wp-plugin,seo-booster,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-10c02e3884689b63f9593289046d6bbb.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-10c02e3884689b63f9593289046d6bbb.yaml
index 7b4136e334..bbc471e7ce 100644
--- a/nuclei-templates/cve-less/plugins/seo-by-rank-math-10c02e3884689b63f9593289046d6bbb.yaml
+++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-10c02e3884689b63f9593289046d6bbb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Rank Math SEO <= 1.0.42.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Rank Math SEO plugin for WordPress is vulnerable to authorization bypass due to missing access controls on its "disable competitor plugins" functionality in versions up to, and including, 1.0.42.1. This makes it possible for subscriber-level attackers to disable other SEO or sitemap plugins on the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-by-rank-math/"
     google-query: inurl:"/wp-content/plugins/seo-by-rank-math/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,seo-by-rank-math,medium
+  tags: cve,wordpress,wp-plugin,seo-by-rank-math,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/seo-checklist-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/seo-checklist-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 76c844452a..ecff21ea33 100644
--- a/nuclei-templates/cve-less/plugins/seo-checklist-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/seo-checklist-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-checklist/"
     google-query: inurl:"/wp-content/plugins/seo-checklist/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,seo-checklist,medium
+  tags: cve,wordpress,wp-plugin,seo-checklist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/seo-site-auditor-agency-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/seo-site-auditor-agency-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 44b72849cf..5ee3957672 100644
--- a/nuclei-templates/cve-less/plugins/seo-site-auditor-agency-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/seo-site-auditor-agency-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-site-auditor-agency/"
     google-query: inurl:"/wp-content/plugins/seo-site-auditor-agency/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,seo-site-auditor-agency,medium
+  tags: cve,wordpress,wp-plugin,seo-site-auditor-agency,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/seo-wizard-c65adcc35ac4040261ad16030af10bc8.yaml b/nuclei-templates/cve-less/plugins/seo-wizard-c65adcc35ac4040261ad16030af10bc8.yaml
index de7fa17c9a..0301110121 100644
--- a/nuclei-templates/cve-less/plugins/seo-wizard-c65adcc35ac4040261ad16030af10bc8.yaml
+++ b/nuclei-templates/cve-less/plugins/seo-wizard-c65adcc35ac4040261ad16030af10bc8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO <= 4.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SEO Wizard for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.2. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to write data to the .htaccess and robots.txt files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seo-wizard/"
     google-query: inurl:"/wp-content/plugins/seo-wizard/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,seo-wizard,high
+  tags: cve,wordpress,wp-plugin,seo-wizard,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/seolinkrotator-99d9f69262b565cb98ac9182ded6ba39.yaml b/nuclei-templates/cve-less/plugins/seolinkrotator-99d9f69262b565cb98ac9182ded6ba39.yaml
index e4f19b7934..614e459f5d 100644
--- a/nuclei-templates/cve-less/plugins/seolinkrotator-99d9f69262b565cb98ac9182ded6ba39.yaml
+++ b/nuclei-templates/cve-less/plugins/seolinkrotator-99d9f69262b565cb98ac9182ded6ba39.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SEO Link Rotator <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SEO Link Rotator plugin for WordPress is vulnerable to Cross-Site Scripting via the 'title' parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/seolinkrotator/"
     google-query: inurl:"/wp-content/plugins/seolinkrotator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,seolinkrotator,medium
+  tags: cve,wordpress,wp-plugin,seolinkrotator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sermon-browser-a799081d34c432defddee7667cec19dc.yaml b/nuclei-templates/cve-less/plugins/sermon-browser-a799081d34c432defddee7667cec19dc.yaml
index 2212d860be..c7bf86e6cd 100644
--- a/nuclei-templates/cve-less/plugins/sermon-browser-a799081d34c432defddee7667cec19dc.yaml
+++ b/nuclei-templates/cve-less/plugins/sermon-browser-a799081d34c432defddee7667cec19dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sermon Browser < 0.43.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sermon Browser plugin for WordPress is vulnerable to Cross-Site Scripting via the 'file_name' parameter in versions before 0.43.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sermon-browser/"
     google-query: inurl:"/wp-content/plugins/sermon-browser/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sermon-browser,medium
+  tags: cve,wordpress,wp-plugin,sermon-browser,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/serp-rank-f8142d6147ba8985e902d3e3c7f8c24d.yaml b/nuclei-templates/cve-less/plugins/serp-rank-f8142d6147ba8985e902d3e3c7f8c24d.yaml
index 2616a49b24..ae797e069b 100644
--- a/nuclei-templates/cve-less/plugins/serp-rank-f8142d6147ba8985e902d3e3c7f8c24d.yaml
+++ b/nuclei-templates/cve-less/plugins/serp-rank-f8142d6147ba8985e902d3e3c7f8c24d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Keyword Rank Tracker <= 1.0.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Keyword Rank Tracker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including 1.0.7. This appears to require authentication to exploit.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/serp-rank/"
     google-query: inurl:"/wp-content/plugins/serp-rank/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,serp-rank,medium
+  tags: cve,wordpress,wp-plugin,serp-rank,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/server-info-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/server-info-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b1f6ffe4f6..829bfbc696 100644
--- a/nuclei-templates/cve-less/plugins/server-info-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/server-info-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/server-info/"
     google-query: inurl:"/wp-content/plugins/server-info/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,server-info,medium
+  tags: cve,wordpress,wp-plugin,server-info,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/setka-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/setka-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 30ac53004b..0e867b6fe4 100644
--- a/nuclei-templates/cve-less/plugins/setka-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/setka-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/setka-editor/"
     google-query: inurl:"/wp-content/plugins/setka-editor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,setka-editor,medium
+  tags: cve,wordpress,wp-plugin,setka-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sexy-author-bio-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/sexy-author-bio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 59a965619f..32dd7548f1 100644
--- a/nuclei-templates/cve-less/plugins/sexy-author-bio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/sexy-author-bio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sexy-author-bio/"
     google-query: inurl:"/wp-content/plugins/sexy-author-bio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sexy-author-bio,medium
+  tags: cve,wordpress,wp-plugin,sexy-author-bio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sg-cachepress-ed44e679b80b227382994fd698507bde.yaml b/nuclei-templates/cve-less/plugins/sg-cachepress-ed44e679b80b227382994fd698507bde.yaml
index eb6bd4f9a7..d9e2852ebe 100644
--- a/nuclei-templates/cve-less/plugins/sg-cachepress-ed44e679b80b227382994fd698507bde.yaml
+++ b/nuclei-templates/cve-less/plugins/sg-cachepress-ed44e679b80b227382994fd698507bde.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SiteGround Optimizer <= 5.0.12 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. This allows attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sg-cachepress/"
     google-query: inurl:"/wp-content/plugins/sg-cachepress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sg-cachepress,critical
+  tags: cve,wordpress,wp-plugin,sg-cachepress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/share-this-image-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/share-this-image-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0add924f85..bf5e0bd59f 100644
--- a/nuclei-templates/cve-less/plugins/share-this-image-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/share-this-image-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/share-this-image/"
     google-query: inurl:"/wp-content/plugins/share-this-image/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,share-this-image,medium
+  tags: cve,wordpress,wp-plugin,share-this-image,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/shared-counts-dd581bb2f106d38c2b413e5d4d1b0414.yaml b/nuclei-templates/cve-less/plugins/shared-counts-dd581bb2f106d38c2b413e5d4d1b0414.yaml
index 6eddbd1fbd..d08229927a 100644
--- a/nuclei-templates/cve-less/plugins/shared-counts-dd581bb2f106d38c2b413e5d4d1b0414.yaml
+++ b/nuclei-templates/cve-less/plugins/shared-counts-dd581bb2f106d38c2b413e5d4d1b0414.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shared Counts – Social Media Share Buttons <= 1.4.1 - Missing Authorization to Arbitrary Email Sending
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shared Counts – Social Media Share Buttons plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the email_ajax function. This makes it possible for unauthenticated attackers to send arbitrary emails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shared-counts/"
     google-query: inurl:"/wp-content/plugins/shared-counts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,shared-counts,medium
+  tags: cve,wordpress,wp-plugin,shared-counts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/shared-files-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/shared-files-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 17c3d415cf..e7dff1f521 100644
--- a/nuclei-templates/cve-less/plugins/shared-files-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/shared-files-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shared-files/"
     google-query: inurl:"/wp-content/plugins/shared-files/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,shared-files,medium
+  tags: cve,wordpress,wp-plugin,shared-files,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sheetpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/sheetpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f5c9ab0a1b..0838734b86 100644
--- a/nuclei-templates/cve-less/plugins/sheetpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/sheetpress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sheetpress/"
     google-query: inurl:"/wp-content/plugins/sheetpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sheetpress,medium
+  tags: cve,wordpress,wp-plugin,sheetpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-18966e8228314b8165d39d48519f43cc.yaml
index 5f1778e9d6..42ecac9a78 100644
--- a/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sheets-to-wp-table-live-sync/"
     google-query: inurl:"/wp-content/plugins/sheets-to-wp-table-live-sync/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sheets-to-wp-table-live-sync,medium
+  tags: cve,wordpress,wp-plugin,sheets-to-wp-table-live-sync,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ship-to-ecourier-43ca0b6b0ea70acc9611835de771b2f8.yaml b/nuclei-templates/cve-less/plugins/ship-to-ecourier-43ca0b6b0ea70acc9611835de771b2f8.yaml
index 200aec0bbf..a12760f48f 100644
--- a/nuclei-templates/cve-less/plugins/ship-to-ecourier-43ca0b6b0ea70acc9611835de771b2f8.yaml
+++ b/nuclei-templates/cve-less/plugins/ship-to-ecourier-43ca0b6b0ea70acc9611835de771b2f8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ship To eCourier <= 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ship To eCourier plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the ste-ecourier-settings function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ship-to-ecourier/"
     google-query: inurl:"/wp-content/plugins/ship-to-ecourier/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ship-to-ecourier,high
+  tags: cve,wordpress,wp-plugin,ship-to-ecourier,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/shop-as-a-customer-for-woocommerce-204abbaf4719b0c465697b2d07725668.yaml b/nuclei-templates/cve-less/plugins/shop-as-a-customer-for-woocommerce-204abbaf4719b0c465697b2d07725668.yaml
index 7d150234e0..5764d99ff0 100644
--- a/nuclei-templates/cve-less/plugins/shop-as-a-customer-for-woocommerce-204abbaf4719b0c465697b2d07725668.yaml
+++ b/nuclei-templates/cve-less/plugins/shop-as-a-customer-for-woocommerce-204abbaf4719b0c465697b2d07725668.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shop as a Customer for WooCommerce <= 1.2.3 - Authenticated (Shop Manager+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with WooCommerce Shop Manager permissions or above, to log in as any user, such as an administrator.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shop-as-a-customer-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/shop-as-a-customer-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,shop-as-a-customer-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,shop-as-a-customer-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/shop-as-a-customer-for-woocommerce-c95fb7e9995eb1cfa4e559bcf8a93b02.yaml b/nuclei-templates/cve-less/plugins/shop-as-a-customer-for-woocommerce-c95fb7e9995eb1cfa4e559bcf8a93b02.yaml
index beb91ba5fe..791d1fc068 100644
--- a/nuclei-templates/cve-less/plugins/shop-as-a-customer-for-woocommerce-c95fb7e9995eb1cfa4e559bcf8a93b02.yaml
+++ b/nuclei-templates/cve-less/plugins/shop-as-a-customer-for-woocommerce-c95fb7e9995eb1cfa4e559bcf8a93b02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shop as a Customer for WooCommerce <= 1.1.7 - Authenticated (Subscriber+) Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to log in as any user, such as an administrator.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shop-as-a-customer-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/shop-as-a-customer-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,shop-as-a-customer-for-woocommerce,high
+  tags: cve,wordpress,wp-plugin,shop-as-a-customer-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/shortcode-for-current-date-237f09cf608b33e2d885ba45327a8a92.yaml b/nuclei-templates/cve-less/plugins/shortcode-for-current-date-237f09cf608b33e2d885ba45327a8a92.yaml
index 160f660bbc..0c510ca530 100644
--- a/nuclei-templates/cve-less/plugins/shortcode-for-current-date-237f09cf608b33e2d885ba45327a8a92.yaml
+++ b/nuclei-templates/cve-less/plugins/shortcode-for-current-date-237f09cf608b33e2d885ba45327a8a92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcode for Current Date <= 2.1.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shortcode for Current Date WordPress plugin is vulnerable to Stored Cross-Site Scripting via Shortcodes due to missing sanitization on attribute values.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-for-current-date/"
     google-query: inurl:"/wp-content/plugins/shortcode-for-current-date/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,shortcode-for-current-date,medium
+  tags: cve,wordpress,wp-plugin,shortcode-for-current-date,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/shortcode-for-current-date-baf7113ec23d15f1819896037517b713.yaml b/nuclei-templates/cve-less/plugins/shortcode-for-current-date-baf7113ec23d15f1819896037517b713.yaml
index 65823136c6..5bd66dda02 100644
--- a/nuclei-templates/cve-less/plugins/shortcode-for-current-date-baf7113ec23d15f1819896037517b713.yaml
+++ b/nuclei-templates/cve-less/plugins/shortcode-for-current-date-baf7113ec23d15f1819896037517b713.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcode For Current Date <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcode For Current Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its attributes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcode-for-current-date/"
     google-query: inurl:"/wp-content/plugins/shortcode-for-current-date/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,shortcode-for-current-date,medium
+  tags: cve,wordpress,wp-plugin,shortcode-for-current-date,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-aad87c0bfd109df2ae9940475ba0f22b.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-aad87c0bfd109df2ae9940475ba0f22b.yaml
index 2a058ab416..2453d6422c 100644
--- a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-aad87c0bfd109df2ae9940475ba0f22b.yaml
+++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-aad87c0bfd109df2ae9940475ba0f22b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes Ultimate <= 5.12.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘settings’ parameter saved via the ajax_add_preset() function in versions up to, and including, 5.12.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-e188a014b244e93ae49b1e82bb73babe.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-e188a014b244e93ae49b1e82bb73babe.yaml
index 1e1bc0f82c..a097fef679 100644
--- a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-e188a014b244e93ae49b1e82bb73babe.yaml
+++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-e188a014b244e93ae49b1e82bb73babe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Shortcodes Plugin — Shortcodes Ultimate <= 4.9.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘code’ parameter in versions up to, and including, 4.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortcodes-ultimate/"
     google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium
+  tags: cve,wordpress,wp-plugin,shortcodes-ultimate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/shorten-url-e61dc6652abcb067051b61e901442c72.yaml b/nuclei-templates/cve-less/plugins/shorten-url-e61dc6652abcb067051b61e901442c72.yaml
index 6c86b4bd8f..d9166af263 100644
--- a/nuclei-templates/cve-less/plugins/shorten-url-e61dc6652abcb067051b61e901442c72.yaml
+++ b/nuclei-templates/cve-less/plugins/shorten-url-e61dc6652abcb067051b61e901442c72.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Short URL <= 1.6.7 - Missing Authorization via multiple AJAX functions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Short URL plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.6.7. This makes it possible for authenticated attackers such as subscribers to validate, reset, and delete links.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shorten-url/"
     google-query: inurl:"/wp-content/plugins/shorten-url/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,shorten-url,medium
+  tags: cve,wordpress,wp-plugin,shorten-url,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/shortpixel-image-optimiser-edd7c00369ad56e0646da80d37cfae3b.yaml b/nuclei-templates/cve-less/plugins/shortpixel-image-optimiser-edd7c00369ad56e0646da80d37cfae3b.yaml
index 6789a63b41..5334bb52aa 100644
--- a/nuclei-templates/cve-less/plugins/shortpixel-image-optimiser-edd7c00369ad56e0646da80d37cfae3b.yaml
+++ b/nuclei-templates/cve-less/plugins/shortpixel-image-optimiser-edd7c00369ad56e0646da80d37cfae3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ShortPixel Image Optimizer <= 5.4.1 - Authenticated(Editor+) PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The ShortPixel Image Optimizer plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 5.4.1 via deserialization of untrusted input in post content. This allows authenticated attackers with editor capabilities or above to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/shortpixel-image-optimiser/"
     google-query: inurl:"/wp-content/plugins/shortpixel-image-optimiser/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,shortpixel-image-optimiser,medium
+  tags: cve,wordpress,wp-plugin,shortpixel-image-optimiser,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/show-hidecollapse-expand-f122002b6d51991b7a2676304d17940e.yaml b/nuclei-templates/cve-less/plugins/show-hidecollapse-expand-f122002b6d51991b7a2676304d17940e.yaml
index d406221dac..1cdeb1afd5 100644
--- a/nuclei-templates/cve-less/plugins/show-hidecollapse-expand-f122002b6d51991b7a2676304d17940e.yaml
+++ b/nuclei-templates/cve-less/plugins/show-hidecollapse-expand-f122002b6d51991b7a2676304d17940e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Show-Hide / Collapse-Expand <= 1.2.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Show-Hide / Collapse-Expand plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the bg_show_hide_save_plugin_settings() function called via and admin_post hook in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers with minimal permissions such as a subscriber to modify the plugin's settings. This can also be exploited via CSRF due to missing nonce protection.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/show-hidecollapse-expand/"
     google-query: inurl:"/wp-content/plugins/show-hidecollapse-expand/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,show-hidecollapse-expand,medium
+  tags: cve,wordpress,wp-plugin,show-hidecollapse-expand,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-admin-language-change-5dcc472de5e4f87aebcc632749f7aaa7.yaml b/nuclei-templates/cve-less/plugins/simple-admin-language-change-5dcc472de5e4f87aebcc632749f7aaa7.yaml
index bc08f9489e..c3fbc2db14 100644
--- a/nuclei-templates/cve-less/plugins/simple-admin-language-change-5dcc472de5e4f87aebcc632749f7aaa7.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-admin-language-change-5dcc472de5e4f87aebcc632749f7aaa7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Admin Language Change <= 2.0.1 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Admin Language Change plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the salc_change_user_locale function in versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the locale of other users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-admin-language-change/"
     google-query: inurl:"/wp-content/plugins/simple-admin-language-change/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-admin-language-change,medium
+  tags: cve,wordpress,wp-plugin,simple-admin-language-change,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-ads-manager-0f6c840a3fb64dbbf3be23d21800f577.yaml b/nuclei-templates/cve-less/plugins/simple-ads-manager-0f6c840a3fb64dbbf3be23d21800f577.yaml
index af11b1f565..8105574d1d 100644
--- a/nuclei-templates/cve-less/plugins/simple-ads-manager-0f6c840a3fb64dbbf3be23d21800f577.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-ads-manager-0f6c840a3fb64dbbf3be23d21800f577.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SAM Pro (Free Edition) < 1.9.7.69 & Simple Ads Manager <= 2.10.0.130 & SAM Pro Lite < 1.9.0.53 - Local/Remote File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The SAM Pro (Free Edition) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7.68 via the 'wap' parameter. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. In certain configurations, the plugin is also vulnerable to Remote File Inclusion via the same parameter. This allows authenticated attackers to include remote files on the server, resulting in code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-ads-manager/"
     google-query: inurl:"/wp-content/plugins/simple-ads-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-ads-manager,high
+  tags: cve,wordpress,wp-plugin,simple-ads-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-custom-website-data-740c2a0d357fce3bff875d5d58b6f9d4.yaml b/nuclei-templates/cve-less/plugins/simple-custom-website-data-740c2a0d357fce3bff875d5d58b6f9d4.yaml
index 83f3f87237..011b00882a 100644
--- a/nuclei-templates/cve-less/plugins/simple-custom-website-data-740c2a0d357fce3bff875d5d58b6f9d4.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-custom-website-data-740c2a0d357fce3bff875d5d58b6f9d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Website Data < 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Custom Website Data plugin for WordPress is vulnerable to Cross-Site Scripting via the 'ref' parameter in versions before 1.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-custom-website-data/"
     google-query: inurl:"/wp-content/plugins/simple-custom-website-data/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-custom-website-data,medium
+  tags: cve,wordpress,wp-plugin,simple-custom-website-data,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-5814be735a5f5cee00bab9378ee0cbea.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-5814be735a5f5cee00bab9378ee0cbea.yaml
index 9154b91ac6..6b55ec75a1 100644
--- a/nuclei-templates/cve-less/plugins/simple-download-monitor-5814be735a5f5cee00bab9378ee0cbea.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-5814be735a5f5cee00bab9378ee0cbea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Download Monitor <= 3.2.8 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Simple Download Monitor plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'sdm_tiny_get_post_ids_ajax_call()' and 'sdm_remove_thumbnail_image_ajax_call()' functions in versions up to, and including, 3.2.8. This makes it possible for unauthorized attackers to access otherwise private files and delete thumbnails.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-download-monitor/"
     google-query: inurl:"/wp-content/plugins/simple-download-monitor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-download-monitor,critical
+  tags: cve,wordpress,wp-plugin,simple-download-monitor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-events-calendar-6cfd85b37acb634912f405192489654f.yaml b/nuclei-templates/cve-less/plugins/simple-events-calendar-6cfd85b37acb634912f405192489654f.yaml
index f1e23f8edf..70abc7544f 100644
--- a/nuclei-templates/cve-less/plugins/simple-events-calendar-6cfd85b37acb634912f405192489654f.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-events-calendar-6cfd85b37acb634912f405192489654f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Events Calendar < 1.3.6 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Simple Events Calendar for WordPress is vulnerable to SQL Injection via the ‘event_id’ parameter in versions before 1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-events-calendar/"
     google-query: inurl:"/wp-content/plugins/simple-events-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-events-calendar,high
+  tags: cve,wordpress,wp-plugin,simple-events-calendar,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-facebook-twitter-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/simple-facebook-twitter-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f3ad0e9e52..68c5470092 100644
--- a/nuclei-templates/cve-less/plugins/simple-facebook-twitter-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-facebook-twitter-widget-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-facebook-twitter-widget/"
     google-query: inurl:"/wp-content/plugins/simple-facebook-twitter-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-facebook-twitter-widget,medium
+  tags: cve,wordpress,wp-plugin,simple-facebook-twitter-widget,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-feature-requests-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/simple-feature-requests-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3fa910e3ce..4b744f282f 100644
--- a/nuclei-templates/cve-less/plugins/simple-feature-requests-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-feature-requests-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-feature-requests/"
     google-query: inurl:"/wp-content/plugins/simple-feature-requests/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-feature-requests,medium
+  tags: cve,wordpress,wp-plugin,simple-feature-requests,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-flash-video-ec78e7994dbd34ffd9cacf3cd9b3ffa4.yaml b/nuclei-templates/cve-less/plugins/simple-flash-video-ec78e7994dbd34ffd9cacf3cd9b3ffa4.yaml
index f4fe308821..8c8ba9ea59 100644
--- a/nuclei-templates/cve-less/plugins/simple-flash-video-ec78e7994dbd34ffd9cacf3cd9b3ffa4.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-flash-video-ec78e7994dbd34ffd9cacf3cd9b3ffa4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Flash Video <= 1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Flash Video plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-flash-video/"
     google-query: inurl:"/wp-content/plugins/simple-flash-video/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-flash-video,medium
+  tags: cve,wordpress,wp-plugin,simple-flash-video,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-membership-db5dfd04511983fc7ceb561728d3d97d.yaml b/nuclei-templates/cve-less/plugins/simple-membership-db5dfd04511983fc7ceb561728d3d97d.yaml
index fe735b0457..407745aab3 100644
--- a/nuclei-templates/cve-less/plugins/simple-membership-db5dfd04511983fc7ceb561728d3d97d.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-membership-db5dfd04511983fc7ceb561728d3d97d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Membership <= 4.0.3 - Authenticated (Admin+) SQL Injections
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Simple Membership plugin for WordPress is vulnerable to time-based SQL Injection via the 's' and 'status' parameters in versions up to, and including, 4.0.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated Admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-membership/"
     google-query: inurl:"/wp-content/plugins/simple-membership/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-membership,high
+  tags: cve,wordpress,wp-plugin,simple-membership,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-personal-message-b85cfdf152cc4ae0e3deb547dc1b6d6a.yaml b/nuclei-templates/cve-less/plugins/simple-personal-message-b85cfdf152cc4ae0e3deb547dc1b6d6a.yaml
index 78dff1f3fc..1272226379 100644
--- a/nuclei-templates/cve-less/plugins/simple-personal-message-b85cfdf152cc4ae0e3deb547dc1b6d6a.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-personal-message-b85cfdf152cc4ae0e3deb547dc1b6d6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Personal Message < 2.0.0 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Simple Personal Message plugin for WordPress is vulnerable to SQL Injection via the ‘message’ parameter in versions up to 2.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with low-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-personal-message/"
     google-query: inurl:"/wp-content/plugins/simple-personal-message/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-personal-message,high
+  tags: cve,wordpress,wp-plugin,simple-personal-message,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-47569f4c91357650e1a29f2c2f2817fe.yaml b/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-47569f4c91357650e1a29f2c2f2817fe.yaml
index 6bf9a367f5..7ab9f3debc 100644
--- a/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-47569f4c91357650e1a29f2c2f2817fe.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-47569f4c91357650e1a29f2c2f2817fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Share Buttons Adder <= 4.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple Share Buttons Adder  plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to execute arbitrary javascript in the context of the Homepage, Pages, Posts, Category/Archive pages and post Excerpt via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-share-buttons-adder/"
     google-query: inurl:"/wp-content/plugins/simple-share-buttons-adder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-share-buttons-adder,high
+  tags: cve,wordpress,wp-plugin,simple-share-buttons-adder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-share-follow-button-ab84cffde93b8e75b3b5fbb96c93d333.yaml b/nuclei-templates/cve-less/plugins/simple-share-follow-button-ab84cffde93b8e75b3b5fbb96c93d333.yaml
index b8257ef430..497a6163cc 100644
--- a/nuclei-templates/cve-less/plugins/simple-share-follow-button-ab84cffde93b8e75b3b5fbb96c93d333.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-share-follow-button-ab84cffde93b8e75b3b5fbb96c93d333.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Share Follow Button <= 1.03 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Share Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.03 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-share-follow-button/"
     google-query: inurl:"/wp-content/plugins/simple-share-follow-button/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-share-follow-button,medium
+  tags: cve,wordpress,wp-plugin,simple-share-follow-button,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-sitemap-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/simple-sitemap-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 31443bb489..3b66c515dc 100644
--- a/nuclei-templates/cve-less/plugins/simple-sitemap-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-sitemap-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-sitemap/"
     google-query: inurl:"/wp-content/plugins/simple-sitemap/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-sitemap,medium
+  tags: cve,wordpress,wp-plugin,simple-sitemap,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-slider-c8de5b2d5272ca0aa0591b883e38753b.yaml b/nuclei-templates/cve-less/plugins/simple-slider-c8de5b2d5272ca0aa0591b883e38753b.yaml
index 7cf54a1354..edafc9d7e7 100644
--- a/nuclei-templates/cve-less/plugins/simple-slider-c8de5b2d5272ca0aa0591b883e38753b.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-slider-c8de5b2d5272ca0aa0591b883e38753b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Slider < 1.1 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions before 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-slider/"
     google-query: inurl:"/wp-content/plugins/simple-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-slider,high
+  tags: cve,wordpress,wp-plugin,simple-slider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-slideshow-manager-a60c5d49ef21710901095695504b7608.yaml b/nuclei-templates/cve-less/plugins/simple-slideshow-manager-a60c5d49ef21710901095695504b7608.yaml
index 9726f65380..bbfce17784 100644
--- a/nuclei-templates/cve-less/plugins/simple-slideshow-manager-a60c5d49ef21710901095695504b7608.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-slideshow-manager-a60c5d49ef21710901095695504b7608.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Slideshow Manager <= 2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simple Slideshow Manager for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on several functions. This makes it possible for unauthenticated attackers to perform several administrative actions like modifying settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-slideshow-manager/"
     google-query: inurl:"/wp-content/plugins/simple-slideshow-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-slideshow-manager,high
+  tags: cve,wordpress,wp-plugin,simple-slideshow-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-social-buttons-40fcf644d2fbb45e473e3839f27d17b7.yaml b/nuclei-templates/cve-less/plugins/simple-social-buttons-40fcf644d2fbb45e473e3839f27d17b7.yaml
index 4e081b74c0..da48101444 100644
--- a/nuclei-templates/cve-less/plugins/simple-social-buttons-40fcf644d2fbb45e473e3839f27d17b7.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-social-buttons-40fcf644d2fbb45e473e3839f27d17b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Social Media Share Buttons 2.0.4 - 2.0.21 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Social Media Share Buttons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the download(), import(), and download_help() functions in versions 2.0.4 - 2.0.21. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to update arbitrary options on the site that can be used to register a new administrative user account.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-social-buttons/"
     google-query: inurl:"/wp-content/plugins/simple-social-buttons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-social-buttons,medium
+  tags: cve,wordpress,wp-plugin,simple-social-buttons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-sponsorships-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/simple-sponsorships-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e62587b66c..c300f007bc 100644
--- a/nuclei-templates/cve-less/plugins/simple-sponsorships-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-sponsorships-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-sponsorships/"
     google-query: inurl:"/wp-content/plugins/simple-sponsorships/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-sponsorships,medium
+  tags: cve,wordpress,wp-plugin,simple-sponsorships,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-telegram-for-wp-0564976f3c6b024a77575f33f874aa48.yaml b/nuclei-templates/cve-less/plugins/simple-telegram-for-wp-0564976f3c6b024a77575f33f874aa48.yaml
index a9734567ad..db2d8a3c9b 100644
--- a/nuclei-templates/cve-less/plugins/simple-telegram-for-wp-0564976f3c6b024a77575f33f874aa48.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-telegram-for-wp-0564976f3c6b024a77575f33f874aa48.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Telegram <= 0.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 0.9.3 due to missing sanitize and escaping on several variables stored via the simpleTelegram_saveSettings() function. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-telegram-for-wp/"
     google-query: inurl:"/wp-content/plugins/simple-telegram-for-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-telegram-for-wp,medium
+  tags: cve,wordpress,wp-plugin,simple-telegram-for-wp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simple-ticker-6007724142dc6c51f92be093926036d0.yaml b/nuclei-templates/cve-less/plugins/simple-ticker-6007724142dc6c51f92be093926036d0.yaml
index e8ec707a3b..60d703a79b 100644
--- a/nuclei-templates/cve-less/plugins/simple-ticker-6007724142dc6c51f92be093926036d0.yaml
+++ b/nuclei-templates/cve-less/plugins/simple-ticker-6007724142dc6c51f92be093926036d0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Ticker <= 3.05 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Simple Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 3.05 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simple-ticker/"
     google-query: inurl:"/wp-content/plugins/simple-ticker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simple-ticker,medium
+  tags: cve,wordpress,wp-plugin,simple-ticker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simply-gallery-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/simply-gallery-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b624522cf2..e707bf9440 100644
--- a/nuclei-templates/cve-less/plugins/simply-gallery-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/simply-gallery-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simply-gallery-block/"
     google-query: inurl:"/wp-content/plugins/simply-gallery-block/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simply-gallery-block,medium
+  tags: cve,wordpress,wp-plugin,simply-gallery-block,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/simply-poll-cf17297c2e5d307d7deaa74f22821404.yaml b/nuclei-templates/cve-less/plugins/simply-poll-cf17297c2e5d307d7deaa74f22821404.yaml
index 73cc911395..b7de34739f 100644
--- a/nuclei-templates/cve-less/plugins/simply-poll-cf17297c2e5d307d7deaa74f22821404.yaml
+++ b/nuclei-templates/cve-less/plugins/simply-poll-cf17297c2e5d307d7deaa74f22821404.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simply Poll <= 1.4.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Simply Poll for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘question’ parameter in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/simply-poll/"
     google-query: inurl:"/wp-content/plugins/simply-poll/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,simply-poll,high
+  tags: cve,wordpress,wp-plugin,simply-poll,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/skt-templates-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/skt-templates-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cd48a3551f..8b8dcc1a28 100644
--- a/nuclei-templates/cve-less/plugins/skt-templates-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/skt-templates-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/skt-templates/"
     google-query: inurl:"/wp-content/plugins/skt-templates/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,skt-templates,medium
+  tags: cve,wordpress,wp-plugin,skt-templates,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sky-login-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/sky-login-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9923581825..4e41063263 100644
--- a/nuclei-templates/cve-less/plugins/sky-login-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/sky-login-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sky-login-redirect/"
     google-query: inurl:"/wp-content/plugins/sky-login-redirect/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sky-login-redirect,medium
+  tags: cve,wordpress,wp-plugin,sky-login-redirect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slicewp-17722d2484373a19ea1df8b15b8f0eea.yaml b/nuclei-templates/cve-less/plugins/slicewp-17722d2484373a19ea1df8b15b8f0eea.yaml
index 3d57c62222..7b57a34941 100644
--- a/nuclei-templates/cve-less/plugins/slicewp-17722d2484373a19ea1df8b15b8f0eea.yaml
+++ b/nuclei-templates/cve-less/plugins/slicewp-17722d2484373a19ea1df8b15b8f0eea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Affiliates Plugin — SliceWP Affiliates <= 1.0.45 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Affiliates Plugin — SliceWP Affiliates for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘converted’ parameter in versions up to, and including, 1.0.45 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slicewp/"
     google-query: inurl:"/wp-content/plugins/slicewp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slicewp,medium
+  tags: cve,wordpress,wp-plugin,slicewp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slidedeck-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/slidedeck-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e4debc9e99..ce0d0b9691 100644
--- a/nuclei-templates/cve-less/plugins/slidedeck-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/slidedeck-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slidedeck/"
     google-query: inurl:"/wp-content/plugins/slidedeck/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slidedeck,medium
+  tags: cve,wordpress,wp-plugin,slidedeck,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slideoptinprox-5b04e98d5ed9360b3ebe4e58880d2319.yaml b/nuclei-templates/cve-less/plugins/slideoptinprox-5b04e98d5ed9360b3ebe4e58880d2319.yaml
index 08b435abb2..be5188c22a 100644
--- a/nuclei-templates/cve-less/plugins/slideoptinprox-5b04e98d5ed9360b3ebe4e58880d2319.yaml
+++ b/nuclei-templates/cve-less/plugins/slideoptinprox-5b04e98d5ed9360b3ebe4e58880d2319.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideoptinprox (Unspecified Version) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slideoptinprox plugin for WordPress is vulnerable to Cross-Site Scripting via the 'id' parameter in the 'ar_submit.php' file due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideoptinprox/"
     google-query: inurl:"/wp-content/plugins/slideoptinprox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slideoptinprox,medium
+  tags: cve,wordpress,wp-plugin,slideoptinprox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slider-factory-b04b6aa85a76ebddc71c9e203d10773d.yaml b/nuclei-templates/cve-less/plugins/slider-factory-b04b6aa85a76ebddc71c9e203d10773d.yaml
index fed3f44a62..d045687ea4 100644
--- a/nuclei-templates/cve-less/plugins/slider-factory-b04b6aa85a76ebddc71c9e203d10773d.yaml
+++ b/nuclei-templates/cve-less/plugins/slider-factory-b04b6aa85a76ebddc71c9e203d10773d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Image Slider, Photo Gallery And Carousel < 1.3.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Responsive Image Slider, Photo Gallery And Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.3.2. This is due to missing or incorrect nonce validation on the sf_clone_slider, sf_save_slider, and sf_remove_slider functions. This makes it possible for unauthenticated attackers to clone, save and/or remove sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-factory/"
     google-query: inurl:"/wp-content/plugins/slider-factory/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slider-factory,high
+  tags: cve,wordpress,wp-plugin,slider-factory,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slider-factory-d5d65492c7b3878ca773e2f63b4a08a2.yaml b/nuclei-templates/cve-less/plugins/slider-factory-d5d65492c7b3878ca773e2f63b4a08a2.yaml
index b08a38848d..1aef193337 100644
--- a/nuclei-templates/cve-less/plugins/slider-factory-d5d65492c7b3878ca773e2f63b4a08a2.yaml
+++ b/nuclei-templates/cve-less/plugins/slider-factory-d5d65492c7b3878ca773e2f63b4a08a2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Responsive Image Slider, Photo Gallery And Carousel plugin for WordPress is vulnerable to arbitrary post access due to a missing capability check on the sf_image_id function in versions before 1.3.6. This makes it possible for authenticated attackers with subscriber-level privileges or above to arbitrarily access posts, including password protected posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-factory/"
     google-query: inurl:"/wp-content/plugins/slider-factory/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slider-factory,medium
+  tags: cve,wordpress,wp-plugin,slider-factory,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slider-image-d1752e9520f041ace82927039ac74f84.yaml b/nuclei-templates/cve-less/plugins/slider-image-d1752e9520f041ace82927039ac74f84.yaml
index b2bcb42928..04e995cdc1 100644
--- a/nuclei-templates/cve-less/plugins/slider-image-d1752e9520f041ace82927039ac74f84.yaml
+++ b/nuclei-templates/cve-less/plugins/slider-image-d1752e9520f041ace82927039ac74f84.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Slider – Image Slider – Slideshow for WordPress <= 2.8.6 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Responsive Slider – Image Slider – Slideshow for WordPress plugin for WordPress is vulnerable to blind SQL Injection via the ‘catid’ parameter in versions up to, and including, 2.8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slider-image/"
     google-query: inurl:"/wp-content/plugins/slider-image/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slider-image,high
+  tags: cve,wordpress,wp-plugin,slider-image,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slideshare-9fb99305b4730cdc01315914158330a9.yaml b/nuclei-templates/cve-less/plugins/slideshare-9fb99305b4730cdc01315914158330a9.yaml
index 5a69c745a6..78c95abb68 100644
--- a/nuclei-templates/cve-less/plugins/slideshare-9fb99305b4730cdc01315914158330a9.yaml
+++ b/nuclei-templates/cve-less/plugins/slideshare-9fb99305b4730cdc01315914158330a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SlideShare for WordPress by Yoast <= 1.9.1 - Admin+ Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SlideShare for WordPress by Yoast plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $id variable in versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative level capabilities, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshare/"
     google-query: inurl:"/wp-content/plugins/slideshare/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slideshare,medium
+  tags: cve,wordpress,wp-plugin,slideshare,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-3930a563943aaf08712d2221306b606c.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-3930a563943aaf08712d2221306b606c.yaml
index a56a96ee6f..acbe4c843f 100644
--- a/nuclei-templates/cve-less/plugins/slideshow-gallery-3930a563943aaf08712d2221306b606c.yaml
+++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-3930a563943aaf08712d2221306b606c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow Gallery <= 1.6.5 - Cross-Site Scripting via method
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slideshow Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'method' parameter in versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slideshow-gallery,medium
+  tags: cve,wordpress,wp-plugin,slideshow-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-44893e4f1aa00774102d61f70312168f.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-44893e4f1aa00774102d61f70312168f.yaml
index ab0a5a6170..e7d79d1d0d 100644
--- a/nuclei-templates/cve-less/plugins/slideshow-gallery-44893e4f1aa00774102d61f70312168f.yaml
+++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-44893e4f1aa00774102d61f70312168f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow Gallery <= 1.5.3.1 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Slideshow Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.3.1. This is due to missing nonce validation on the save slideshow functionality. This makes it possible for unauthenticated attackers to upload arbitrary files, including php files, and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slideshow-gallery,high
+  tags: cve,wordpress,wp-plugin,slideshow-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-4dd9a3ba0bea201c247a65cf330c4a19.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-4dd9a3ba0bea201c247a65cf330c4a19.yaml
index eb79ecd319..27f26f3907 100644
--- a/nuclei-templates/cve-less/plugins/slideshow-gallery-4dd9a3ba0bea201c247a65cf330c4a19.yaml
+++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-4dd9a3ba0bea201c247a65cf330c4a19.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow Gallery <= 1.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slideshow Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘order’ parameter in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slideshow-gallery,medium
+  tags: cve,wordpress,wp-plugin,slideshow-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/slideshow-jquery-image-gallery-f45ce441ba6fd10c3e2bec3c1e3949b8.yaml b/nuclei-templates/cve-less/plugins/slideshow-jquery-image-gallery-f45ce441ba6fd10c3e2bec3c1e3949b8.yaml
index 9d150a9654..7dba98b218 100644
--- a/nuclei-templates/cve-less/plugins/slideshow-jquery-image-gallery-f45ce441ba6fd10c3e2bec3c1e3949b8.yaml
+++ b/nuclei-templates/cve-less/plugins/slideshow-jquery-image-gallery-f45ce441ba6fd10c3e2bec3c1e3949b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slideshow < 2.1.13 - Cross-Site Scripting and Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Slideshow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The plugin is also vulnerable to Sensitive Data Exposure via several functions. This can allow unauthenticated attackers to extract sensitive data including the full file path of the WordPress installation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/slideshow-jquery-image-gallery/"
     google-query: inurl:"/wp-content/plugins/slideshow-jquery-image-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,slideshow-jquery-image-gallery,medium
+  tags: cve,wordpress,wp-plugin,slideshow-jquery-image-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/smart-variations-images-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/smart-variations-images-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2c01816984..438627dfc9 100644
--- a/nuclei-templates/cve-less/plugins/smart-variations-images-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/smart-variations-images-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smart-variations-images/"
     google-query: inurl:"/wp-content/plugins/smart-variations-images/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,smart-variations-images,medium
+  tags: cve,wordpress,wp-plugin,smart-variations-images,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/smartideo-eacbf719bf265fc7ee4ac85dd80a065a.yaml b/nuclei-templates/cve-less/plugins/smartideo-eacbf719bf265fc7ee4ac85dd80a065a.yaml
index 2f0fdda256..7cb5f9c101 100644
--- a/nuclei-templates/cve-less/plugins/smartideo-eacbf719bf265fc7ee4ac85dd80a065a.yaml
+++ b/nuclei-templates/cve-less/plugins/smartideo-eacbf719bf265fc7ee4ac85dd80a065a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SmartIdeo <= 2.7.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SmartIdeo plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 2.7.0, via a settings update functionality. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smartideo/"
     google-query: inurl:"/wp-content/plugins/smartideo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,smartideo,medium
+  tags: cve,wordpress,wp-plugin,smartideo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/smartkit-43e0cd9b2e64838710c022fed726ad02.yaml b/nuclei-templates/cve-less/plugins/smartkit-43e0cd9b2e64838710c022fed726ad02.yaml
index 291b42713e..0b8661725c 100644
--- a/nuclei-templates/cve-less/plugins/smartkit-43e0cd9b2e64838710c022fed726ad02.yaml
+++ b/nuclei-templates/cve-less/plugins/smartkit-43e0cd9b2e64838710c022fed726ad02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smartkit <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Smartkit plugin for WordPress is vulnerable to Cross-Site Request Forgery via the show_smartkit_menu() function in versions up to, and including 1.0. This is due to missing nonce validation and can lead to stored Cross-Site Scripting if an attacker is able to successfully trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smartkit/"
     google-query: inurl:"/wp-content/plugins/smartkit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,smartkit,high
+  tags: cve,wordpress,wp-plugin,smartkit,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/smokesignal-c0dc18b21bfa2b86d77830cf4a915b55.yaml b/nuclei-templates/cve-less/plugins/smokesignal-c0dc18b21bfa2b86d77830cf4a915b55.yaml
index 4016f2b80e..3d15adeeed 100644
--- a/nuclei-templates/cve-less/plugins/smokesignal-c0dc18b21bfa2b86d77830cf4a915b55.yaml
+++ b/nuclei-templates/cve-less/plugins/smokesignal-c0dc18b21bfa2b86d77830cf4a915b55.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smoke Signal < 1.2.7 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Smoke Signal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text’ parameter in versions before 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with low level privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smokesignal/"
     google-query: inurl:"/wp-content/plugins/smokesignal/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,smokesignal,high
+  tags: cve,wordpress,wp-plugin,smokesignal,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/smtp-mail-9b2a41c17f324bc427373274ec0c74e7.yaml b/nuclei-templates/cve-less/plugins/smtp-mail-9b2a41c17f324bc427373274ec0c74e7.yaml
index 363387d0a2..fb8ba8bb36 100644
--- a/nuclei-templates/cve-less/plugins/smtp-mail-9b2a41c17f324bc427373274ec0c74e7.yaml
+++ b/nuclei-templates/cve-less/plugins/smtp-mail-9b2a41c17f324bc427373274ec0c74e7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SMTP Mail <= 1.2.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The SMTP Mail plugin for WordPress is vulnerable to generic SQL Injection via the ‘order’ and ‘orderby’ parameters in versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/smtp-mail/"
     google-query: inurl:"/wp-content/plugins/smtp-mail/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,smtp-mail,high
+  tags: cve,wordpress,wp-plugin,smtp-mail,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/snazzyadmin-wp-admin-theme-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/snazzyadmin-wp-admin-theme-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d4068a897d..b44cf676d9 100644
--- a/nuclei-templates/cve-less/plugins/snazzyadmin-wp-admin-theme-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/snazzyadmin-wp-admin-theme-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/snazzyadmin-wp-admin-theme/"
     google-query: inurl:"/wp-content/plugins/snazzyadmin-wp-admin-theme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,snazzyadmin-wp-admin-theme,medium
+  tags: cve,wordpress,wp-plugin,snazzyadmin-wp-admin-theme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/so-audible-64658b8ae4088e2d2245fcf0b29be320.yaml b/nuclei-templates/cve-less/plugins/so-audible-64658b8ae4088e2d2245fcf0b29be320.yaml
index 21d2bdced2..ae5c04c93a 100644
--- a/nuclei-templates/cve-less/plugins/so-audible-64658b8ae4088e2d2245fcf0b29be320.yaml
+++ b/nuclei-templates/cve-less/plugins/so-audible-64658b8ae4088e2d2245fcf0b29be320.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     So Audible Cloud Music Player <= 0.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The So Audible Cloud Music Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.9 due to inclusion of a vulnerable version of jPlayer. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/so-audible/"
     google-query: inurl:"/wp-content/plugins/so-audible/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,so-audible,medium
+  tags: cve,wordpress,wp-plugin,so-audible,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/social-gallery-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/social-gallery-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index fa158ce441..4e254082fc 100644
--- a/nuclei-templates/cve-less/plugins/social-gallery-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/social-gallery-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-gallery-lite/"
     google-query: inurl:"/wp-content/plugins/social-gallery-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,social-gallery-lite,medium
+  tags: cve,wordpress,wp-plugin,social-gallery-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/social-hashtags-941b5bba10cb296e00cbfe0b3138a5d9.yaml b/nuclei-templates/cve-less/plugins/social-hashtags-941b5bba10cb296e00cbfe0b3138a5d9.yaml
index a5be9fee4b..c9d17ff231 100644
--- a/nuclei-templates/cve-less/plugins/social-hashtags-941b5bba10cb296e00cbfe0b3138a5d9.yaml
+++ b/nuclei-templates/cve-less/plugins/social-hashtags-941b5bba10cb296e00cbfe0b3138a5d9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Hashtags <= 3.0.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Hashtags plugin for WordPress is vulnerable to Cross-Site Scripting via the new post title field in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-hashtags/"
     google-query: inurl:"/wp-content/plugins/social-hashtags/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,social-hashtags,medium
+  tags: cve,wordpress,wp-plugin,social-hashtags,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/social-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/social-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3a85fbea33..fde42e244c 100644
--- a/nuclei-templates/cve-less/plugins/social-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/social-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-kit/"
     google-query: inurl:"/wp-content/plugins/social-kit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,social-kit,medium
+  tags: cve,wordpress,wp-plugin,social-kit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-78405f03bea86dc35a1c5e66198ba314.yaml b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-78405f03bea86dc35a1c5e66198ba314.yaml
index b1f4c02563..747c9ac017 100644
--- a/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-78405f03bea86dc35a1c5e66198ba314.yaml
+++ b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-78405f03bea86dc35a1c5e66198ba314.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NextScripts: Social Networks Auto-Poster <= 4.3.17 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/"
     google-query: inurl:"/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,social-networks-auto-poster-facebook-twitter-g,medium
+  tags: cve,wordpress,wp-plugin,social-networks-auto-poster-facebook-twitter-g,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/social-polls-by-opinionstage-fad318487dd970b284385e44520c85d8.yaml b/nuclei-templates/cve-less/plugins/social-polls-by-opinionstage-fad318487dd970b284385e44520c85d8.yaml
index 9c35e49fa1..bb65a62d8c 100644
--- a/nuclei-templates/cve-less/plugins/social-polls-by-opinionstage-fad318487dd970b284385e44520c85d8.yaml
+++ b/nuclei-templates/cve-less/plugins/social-polls-by-opinionstage-fad318487dd970b284385e44520c85d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.6.24 - Unauthenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 19.6.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-polls-by-opinionstage/"
     google-query: inurl:"/wp-content/plugins/social-polls-by-opinionstage/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,social-polls-by-opinionstage,medium
+  tags: cve,wordpress,wp-plugin,social-polls-by-opinionstage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/social-rocket-219e55994660c3c36e84474ca074be21.yaml b/nuclei-templates/cve-less/plugins/social-rocket-219e55994660c3c36e84474ca074be21.yaml
index 1e06dd774c..1fcca45d14 100644
--- a/nuclei-templates/cve-less/plugins/social-rocket-219e55994660c3c36e84474ca074be21.yaml
+++ b/nuclei-templates/cve-less/plugins/social-rocket-219e55994660c3c36e84474ca074be21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Rocket <= 1.2.9 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Social Rocket plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.9. This is due to missing or incorrect nonce validation on the admin_settings_post_actions() function. This makes it possible for unauthenticated attackers to gain access to otherwise restricted administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-rocket/"
     google-query: inurl:"/wp-content/plugins/social-rocket/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,social-rocket,high
+  tags: cve,wordpress,wp-plugin,social-rocket,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/social-share-button-de24827a638a2efce744c6eade7a73f3.yaml b/nuclei-templates/cve-less/plugins/social-share-button-de24827a638a2efce744c6eade7a73f3.yaml
index 53d4f4065d..f46d2d3712 100644
--- a/nuclei-templates/cve-less/plugins/social-share-button-de24827a638a2efce744c6eade7a73f3.yaml
+++ b/nuclei-templates/cve-less/plugins/social-share-button-de24827a638a2efce744c6eade7a73f3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Share Button <= 2.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ssb_share_content_icon_margin', 'ssb_social_sites_domain', 'ssb_social_sites_domain_url', etc. parameters in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated Admin+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/social-share-button/"
     google-query: inurl:"/wp-content/plugins/social-share-button/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,social-share-button,medium
+  tags: cve,wordpress,wp-plugin,social-share-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/socialgrid-ee08b0491d28739787eab972fee61b21.yaml b/nuclei-templates/cve-less/plugins/socialgrid-ee08b0491d28739787eab972fee61b21.yaml
index be0c9f2ac3..f1cdfb809c 100644
--- a/nuclei-templates/cve-less/plugins/socialgrid-ee08b0491d28739787eab972fee61b21.yaml
+++ b/nuclei-templates/cve-less/plugins/socialgrid-ee08b0491d28739787eab972fee61b21.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SocialGrid <= 2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SocialGrid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘default_services’ parameter in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/socialgrid/"
     google-query: inurl:"/wp-content/plugins/socialgrid/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,socialgrid,medium
+  tags: cve,wordpress,wp-plugin,socialgrid,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/socialmark-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/socialmark-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 80d3c6fb13..fddc04bb28 100644
--- a/nuclei-templates/cve-less/plugins/socialmark-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/socialmark-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/socialmark/"
     google-query: inurl:"/wp-content/plugins/socialmark/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,socialmark,medium
+  tags: cve,wordpress,wp-plugin,socialmark,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/software-license-manager-c95ffe646d0a761b10647658a7c40d15.yaml b/nuclei-templates/cve-less/plugins/software-license-manager-c95ffe646d0a761b10647658a7c40d15.yaml
index 17d9a1b014..696e79a79f 100644
--- a/nuclei-templates/cve-less/plugins/software-license-manager-c95ffe646d0a761b10647658a7c40d15.yaml
+++ b/nuclei-templates/cve-less/plugins/software-license-manager-c95ffe646d0a761b10647658a7c40d15.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Software License Manager <= 4.4.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Software License Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the License Key Prefix setting in versions up to, and including, 4.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/software-license-manager/"
     google-query: inurl:"/wp-content/plugins/software-license-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,software-license-manager,medium
+  tags: cve,wordpress,wp-plugin,software-license-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/soundpress-8f924182750ff29f56bd3ee7a3546db5.yaml b/nuclei-templates/cve-less/plugins/soundpress-8f924182750ff29f56bd3ee7a3546db5.yaml
index ae6d383db6..6d8aec6090 100644
--- a/nuclei-templates/cve-less/plugins/soundpress-8f924182750ff29f56bd3ee7a3546db5.yaml
+++ b/nuclei-templates/cve-less/plugins/soundpress-8f924182750ff29f56bd3ee7a3546db5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SoundPress Plugin <= 2.2.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "SoundPress Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on the $soundcloud_url value. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/soundpress/"
     google-query: inurl:"/wp-content/plugins/soundpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,soundpress,medium
+  tags: cve,wordpress,wp-plugin,soundpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/south-pole-the-offset-movement-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/south-pole-the-offset-movement-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b2ba83be7c..d070ef561a 100644
--- a/nuclei-templates/cve-less/plugins/south-pole-the-offset-movement-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/south-pole-the-offset-movement-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/south-pole-the-offset-movement/"
     google-query: inurl:"/wp-content/plugins/south-pole-the-offset-movement/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,south-pole-the-offset-movement,medium
+  tags: cve,wordpress,wp-plugin,south-pole-the-offset-movement,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-2363aa1bcf8789d416b82d1e475636e8.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-2363aa1bcf8789d416b82d1e475636e8.yaml
index e52b9bbd2d..816e41dd31 100644
--- a/nuclei-templates/cve-less/plugins/sp-client-document-manager-2363aa1bcf8789d416b82d1e475636e8.yaml
+++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-2363aa1bcf8789d416b82d1e475636e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager <= 2.5.9.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SP Project & Document Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.9.5. This is due to missing nonce validation on various functions. This makes it possible for unauthenticated attackers to perform several actions such as modifying plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,high
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-68171971cc36274d03be6fb322c19104.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-68171971cc36274d03be6fb322c19104.yaml
index add14b9fd0..4b1498b21e 100644
--- a/nuclei-templates/cve-less/plugins/sp-client-document-manager-68171971cc36274d03be6fb322c19104.yaml
+++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-68171971cc36274d03be6fb322c19104.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Projects & Document Manager <= 2.5.9.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SP Projects & Document Manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.5.9.5 due to insufficient input sanitization and output escaping on several parameters. This makes it possible for attackers to inject arbitrary web scripts that may execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,medium
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-b4c26568b976acff74ff99cb773e576a.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-b4c26568b976acff74ff99cb773e576a.yaml
index 0cefccc7e4..562e830475 100644
--- a/nuclei-templates/cve-less/plugins/sp-client-document-manager-b4c26568b976acff74ff99cb773e576a.yaml
+++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-b4c26568b976acff74ff99cb773e576a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SP Project & Document Manager <= 4.56 - Cross-Site Request Forgery and Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The SP Project & Document Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.56. This is due to missing or incorrect nonce validation in several functions. Furthermore, in several instances user input is not properly sanitized or escaped. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sp-client-document-manager/"
     google-query: inurl:"/wp-content/plugins/sp-client-document-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sp-client-document-manager,critical
+  tags: cve,wordpress,wp-plugin,sp-client-document-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sparrow-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/sparrow-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 620ec6a586..576ce560ce 100644
--- a/nuclei-templates/cve-less/plugins/sparrow-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/sparrow-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sparrow/"
     google-query: inurl:"/wp-content/plugins/sparrow/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sparrow,medium
+  tags: cve,wordpress,wp-plugin,sparrow,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/speakout-bfb97206bbfb6336668e50882960e16f.yaml b/nuclei-templates/cve-less/plugins/speakout-bfb97206bbfb6336668e50882960e16f.yaml
index 17d7f1f049..789b1f3436 100644
--- a/nuclei-templates/cve-less/plugins/speakout-bfb97206bbfb6336668e50882960e16f.yaml
+++ b/nuclei-templates/cve-less/plugins/speakout-bfb97206bbfb6336668e50882960e16f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SpeakOut! Email Petitions <= 2.13.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SpeakOut! Email Petitions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘searchString’ parameter in versions up to, and including, 2.13.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/speakout/"
     google-query: inurl:"/wp-content/plugins/speakout/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,speakout,medium
+  tags: cve,wordpress,wp-plugin,speakout,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/speedycache-226c23fcac1339a85375c1a4fa7531e2.yaml b/nuclei-templates/cve-less/plugins/speedycache-226c23fcac1339a85375c1a4fa7531e2.yaml
index 7b15546140..16ed3698af 100644
--- a/nuclei-templates/cve-less/plugins/speedycache-226c23fcac1339a85375c1a4fa7531e2.yaml
+++ b/nuclei-templates/cve-less/plugins/speedycache-226c23fcac1339a85375c1a4fa7531e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SpeedyCache <= 1.1.2 - Missing Authorization via speedycache_create_test_cache
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SpeedyCache – Cache, Optimization, Performance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_create_test_cache function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access or higher to create a sample cache.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/speedycache/"
     google-query: inurl:"/wp-content/plugins/speedycache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,speedycache,medium
+  tags: cve,wordpress,wp-plugin,speedycache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/spider-event-calendar-1e97950fcbacf9ecbb58beed5fdc2b28.yaml b/nuclei-templates/cve-less/plugins/spider-event-calendar-1e97950fcbacf9ecbb58beed5fdc2b28.yaml
index 72d528b205..968b63fc7a 100644
--- a/nuclei-templates/cve-less/plugins/spider-event-calendar-1e97950fcbacf9ecbb58beed5fdc2b28.yaml
+++ b/nuclei-templates/cve-less/plugins/spider-event-calendar-1e97950fcbacf9ecbb58beed5fdc2b28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SpiderCalendar <= 1.4.13 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The SpiderCalendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.13. This is due to missing or incorrect nonce validation on the Manage_Spider_Calendar() function. This makes it possible for unauthenticated attackers to make modifications to calendars via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spider-event-calendar/"
     google-query: inurl:"/wp-content/plugins/spider-event-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,spider-event-calendar,high
+  tags: cve,wordpress,wp-plugin,spider-event-calendar,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/spider-facebook-69ea852e8d20e1b9095ff76a5199f22b.yaml b/nuclei-templates/cve-less/plugins/spider-facebook-69ea852e8d20e1b9095ff76a5199f22b.yaml
index 1db7b754be..820f0b2234 100644
--- a/nuclei-templates/cve-less/plugins/spider-facebook-69ea852e8d20e1b9095ff76a5199f22b.yaml
+++ b/nuclei-templates/cve-less/plugins/spider-facebook-69ea852e8d20e1b9095ff76a5199f22b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Facebook <= 1.0.13 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WordPress Facebook plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in versions up to, and including, 1.0.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spider-facebook/"
     google-query: inurl:"/wp-content/plugins/spider-facebook/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,spider-facebook,high
+  tags: cve,wordpress,wp-plugin,spider-facebook,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/spider-facebook-8a173d0b76b8837ebc37d42174f4f25c.yaml b/nuclei-templates/cve-less/plugins/spider-facebook-8a173d0b76b8837ebc37d42174f4f25c.yaml
index 8b1c6e0ea2..e9bcc7cd2b 100644
--- a/nuclei-templates/cve-less/plugins/spider-facebook-8a173d0b76b8837ebc37d42174f4f25c.yaml
+++ b/nuclei-templates/cve-less/plugins/spider-facebook-8a173d0b76b8837ebc37d42174f4f25c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spider Facebook <= 1.0.8 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Spider Facebook plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in versions up to, and including, 1.0.8 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spider-facebook/"
     google-query: inurl:"/wp-content/plugins/spider-facebook/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,spider-facebook,high
+  tags: cve,wordpress,wp-plugin,spider-facebook,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/spotlight-social-photo-feeds-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/spotlight-social-photo-feeds-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e33bf324ce..50d2343986 100644
--- a/nuclei-templates/cve-less/plugins/spotlight-social-photo-feeds-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/spotlight-social-photo-feeds-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spotlight-social-photo-feeds/"
     google-query: inurl:"/wp-content/plugins/spotlight-social-photo-feeds/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,spotlight-social-photo-feeds,medium
+  tags: cve,wordpress,wp-plugin,spotlight-social-photo-feeds,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/spryng-payments-woocommerce-a5194bfa9db34596e371b3fb9a988aa4.yaml b/nuclei-templates/cve-less/plugins/spryng-payments-woocommerce-a5194bfa9db34596e371b3fb9a988aa4.yaml
index 118c9b8e19..6f8a81da11 100644
--- a/nuclei-templates/cve-less/plugins/spryng-payments-woocommerce-a5194bfa9db34596e371b3fb9a988aa4.yaml
+++ b/nuclei-templates/cve-less/plugins/spryng-payments-woocommerce-a5194bfa9db34596e371b3fb9a988aa4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spryng Payments for WooCommerce <= 1.6.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Spryng Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/spryng-payments-woocommerce/"
     google-query: inurl:"/wp-content/plugins/spryng-payments-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,spryng-payments-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,spryng-payments-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sql-reporting-services-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/sql-reporting-services-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 59193fa093..418b93d5d4 100644
--- a/nuclei-templates/cve-less/plugins/sql-reporting-services-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/sql-reporting-services-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sql-reporting-services/"
     google-query: inurl:"/wp-content/plugins/sql-reporting-services/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sql-reporting-services,medium
+  tags: cve,wordpress,wp-plugin,sql-reporting-services,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ssl-atlas-free-ssl-certificate-https-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ssl-atlas-free-ssl-certificate-https-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8e86e2e0c7..8e02b6e124 100644
--- a/nuclei-templates/cve-less/plugins/ssl-atlas-free-ssl-certificate-https-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ssl-atlas-free-ssl-certificate-https-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ssl-atlas-free-ssl-certificate-https-redirect/"
     google-query: inurl:"/wp-content/plugins/ssl-atlas-free-ssl-certificate-https-redirect/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ssl-atlas-free-ssl-certificate-https-redirect,medium
+  tags: cve,wordpress,wp-plugin,ssl-atlas-free-ssl-certificate-https-redirect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ssl-zen-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ssl-zen-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4bf753341c..3fb14ab3e0 100644
--- a/nuclei-templates/cve-less/plugins/ssl-zen-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ssl-zen-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ssl-zen/"
     google-query: inurl:"/wp-content/plugins/ssl-zen/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ssl-zen,medium
+  tags: cve,wordpress,wp-plugin,ssl-zen,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/stackable-ultimate-gutenberg-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/stackable-ultimate-gutenberg-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 10214c4e57..ba42292b36 100644
--- a/nuclei-templates/cve-less/plugins/stackable-ultimate-gutenberg-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/stackable-ultimate-gutenberg-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stackable-ultimate-gutenberg-blocks/"
     google-query: inurl:"/wp-content/plugins/stackable-ultimate-gutenberg-blocks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,stackable-ultimate-gutenberg-blocks,medium
+  tags: cve,wordpress,wp-plugin,stackable-ultimate-gutenberg-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/starfish-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/starfish-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 210b26000a..a168067153 100644
--- a/nuclei-templates/cve-less/plugins/starfish-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/starfish-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/starfish-reviews/"
     google-query: inurl:"/wp-content/plugins/starfish-reviews/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,starfish-reviews,medium
+  tags: cve,wordpress,wp-plugin,starfish-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/starterblocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/starterblocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a585715a2f..8c9690bb6b 100644
--- a/nuclei-templates/cve-less/plugins/starterblocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/starterblocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/starterblocks/"
     google-query: inurl:"/wp-content/plugins/starterblocks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,starterblocks,medium
+  tags: cve,wordpress,wp-plugin,starterblocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/station-pro-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/station-pro-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4cc14ed21f..d088af5008 100644
--- a/nuclei-templates/cve-less/plugins/station-pro-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/station-pro-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/station-pro/"
     google-query: inurl:"/wp-content/plugins/station-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,station-pro,medium
+  tags: cve,wordpress,wp-plugin,station-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/stats-c67af2c20174cb06fdec04d2bad87d02.yaml b/nuclei-templates/cve-less/plugins/stats-c67af2c20174cb06fdec04d2bad87d02.yaml
index bad63c21fa..b7431ce56d 100644
--- a/nuclei-templates/cve-less/plugins/stats-c67af2c20174cb06fdec04d2bad87d02.yaml
+++ b/nuclei-templates/cve-less/plugins/stats-c67af2c20174cb06fdec04d2bad87d02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     stats <= 1.1 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The stats plugin for WordPress is vulnerable to SQL Injection via the $post_ids parameter in versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stats/"
     google-query: inurl:"/wp-content/plugins/stats/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,stats,high
+  tags: cve,wordpress,wp-plugin,stats,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
index 7702587e74..b576678899 100644
--- a/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stax-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/stax-addons-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/stax-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/stax-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 16a50046cb..f963a3f522 100644
--- a/nuclei-templates/cve-less/plugins/stax-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/stax-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stax/"
     google-query: inurl:"/wp-content/plugins/stax/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,stax,medium
+  tags: cve,wordpress,wp-plugin,stax,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/stax-buddy-builder-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/stax-buddy-builder-18966e8228314b8165d39d48519f43cc.yaml
index d4db33dbe1..de9e5e7c36 100644
--- a/nuclei-templates/cve-less/plugins/stax-buddy-builder-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/stax-buddy-builder-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stax-buddy-builder/"
     google-query: inurl:"/wp-content/plugins/stax-buddy-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,stax-buddy-builder,medium
+  tags: cve,wordpress,wp-plugin,stax-buddy-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sticky-add-to-cart-for-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/sticky-add-to-cart-for-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b8718159fc..ae20bc7680 100644
--- a/nuclei-templates/cve-less/plugins/sticky-add-to-cart-for-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/sticky-add-to-cart-for-woo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sticky-add-to-cart-for-woo/"
     google-query: inurl:"/wp-content/plugins/sticky-add-to-cart-for-woo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sticky-add-to-cart-for-woo,medium
+  tags: cve,wordpress,wp-plugin,sticky-add-to-cart-for-woo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/store-locator-le-fc1b2b62341494b2d9cc5ef165563a2a.yaml b/nuclei-templates/cve-less/plugins/store-locator-le-fc1b2b62341494b2d9cc5ef165563a2a.yaml
index a5d725a088..b62ba584c6 100644
--- a/nuclei-templates/cve-less/plugins/store-locator-le-fc1b2b62341494b2d9cc5ef165563a2a.yaml
+++ b/nuclei-templates/cve-less/plugins/store-locator-le-fc1b2b62341494b2d9cc5ef165563a2a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Store Locator Plus <= 4.5.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Store Locator Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘start’ parameter in versions up to, and including, 4.5.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/store-locator-le/"
     google-query: inurl:"/wp-content/plugins/store-locator-le/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,store-locator-le,medium
+  tags: cve,wordpress,wp-plugin,store-locator-le,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/store-toolkit-for-wp-e-commerce-1b9679a4f42d9c30f3b2de1ebd1889b6.yaml b/nuclei-templates/cve-less/plugins/store-toolkit-for-wp-e-commerce-1b9679a4f42d9c30f3b2de1ebd1889b6.yaml
index a800b5d5d0..fda88b7fa3 100644
--- a/nuclei-templates/cve-less/plugins/store-toolkit-for-wp-e-commerce-1b9679a4f42d9c30f3b2de1ebd1889b6.yaml
+++ b/nuclei-templates/cve-less/plugins/store-toolkit-for-wp-e-commerce-1b9679a4f42d9c30f3b2de1ebd1889b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP e-Commerce – Store Toolkit <= 2.0.1 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The WP e-Commerce – Store Toolkit plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the ~/store-toolkit.php file in versions up to, and including 2.0.1. This makes it possible for unauthenticated attackers to perform actions like resetting file download sales in addition to other sensitive administrative actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/store-toolkit-for-wp-e-commerce/"
     google-query: inurl:"/wp-content/plugins/store-toolkit-for-wp-e-commerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,store-toolkit-for-wp-e-commerce,critical
+  tags: cve,wordpress,wp-plugin,store-toolkit-for-wp-e-commerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/story-chief-6329046104e43f1ec0f867ede19cab78.yaml b/nuclei-templates/cve-less/plugins/story-chief-6329046104e43f1ec0f867ede19cab78.yaml
index 0a59435cb9..0c3401c0c3 100644
--- a/nuclei-templates/cve-less/plugins/story-chief-6329046104e43f1ec0f867ede19cab78.yaml
+++ b/nuclei-templates/cve-less/plugins/story-chief-6329046104e43f1ec0f867ede19cab78.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     StoryChief <= 1.0.30 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The plugin does not sanitise and escape its StoryChief Key setting before outputting it in an attribute, leading to an Authenticated Stored Cross-Site Scripting issue
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/story-chief/"
     google-query: inurl:"/wp-content/plugins/story-chief/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,story-chief,medium
+  tags: cve,wordpress,wp-plugin,story-chief,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/streak-crm-for-gmail-integration-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/streak-crm-for-gmail-integration-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d554a87781..5bfc7386a4 100644
--- a/nuclei-templates/cve-less/plugins/streak-crm-for-gmail-integration-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/streak-crm-for-gmail-integration-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/streak-crm-for-gmail-integration-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/streak-crm-for-gmail-integration-for-contact-form-7/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,streak-crm-for-gmail-integration-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,streak-crm-for-gmail-integration-for-contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/streamcast-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/streamcast-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 690710b0e0..fb073edcde 100644
--- a/nuclei-templates/cve-less/plugins/streamcast-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/streamcast-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/streamcast/"
     google-query: inurl:"/wp-content/plugins/streamcast/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,streamcast,medium
+  tags: cve,wordpress,wp-plugin,streamcast,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/streamweasels-twitch-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/streamweasels-twitch-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 81b47a4351..a2d425b706 100644
--- a/nuclei-templates/cve-less/plugins/streamweasels-twitch-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/streamweasels-twitch-integration-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/streamweasels-twitch-integration/"
     google-query: inurl:"/wp-content/plugins/streamweasels-twitch-integration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,streamweasels-twitch-integration,medium
+  tags: cve,wordpress,wp-plugin,streamweasels-twitch-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/stripe-payments-925029dc31c55bdce33ed22d851b35e1.yaml b/nuclei-templates/cve-less/plugins/stripe-payments-925029dc31c55bdce33ed22d851b35e1.yaml
index 9662330bbc..241315af3f 100644
--- a/nuclei-templates/cve-less/plugins/stripe-payments-925029dc31c55bdce33ed22d851b35e1.yaml
+++ b/nuclei-templates/cve-less/plugins/stripe-payments-925029dc31c55bdce33ed22d851b35e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Accept Stripe Payments < 2.0.40 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘currency_code’ parameter in versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stripe-payments/"
     google-query: inurl:"/wp-content/plugins/stripe-payments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,stripe-payments,medium
+  tags: cve,wordpress,wp-plugin,stripe-payments,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/stylish-cost-calculator-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/stylish-cost-calculator-18966e8228314b8165d39d48519f43cc.yaml
index d335cc8764..9f63dffbec 100644
--- a/nuclei-templates/cve-less/plugins/stylish-cost-calculator-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/stylish-cost-calculator-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/stylish-cost-calculator/"
     google-query: inurl:"/wp-content/plugins/stylish-cost-calculator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,stylish-cost-calculator,medium
+  tags: cve,wordpress,wp-plugin,stylish-cost-calculator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/subpages-extended-67118eb3397203867c13f43462b990f9.yaml b/nuclei-templates/cve-less/plugins/subpages-extended-67118eb3397203867c13f43462b990f9.yaml
index a3a8f518f5..f33eb1aac7 100644
--- a/nuclei-templates/cve-less/plugins/subpages-extended-67118eb3397203867c13f43462b990f9.yaml
+++ b/nuclei-templates/cve-less/plugins/subpages-extended-67118eb3397203867c13f43462b990f9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Subpages Extended <= 1.6.6 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Subpages Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subpages_save_postdata’ function in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/subpages-extended/"
     google-query: inurl:"/wp-content/plugins/subpages-extended/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,subpages-extended,medium
+  tags: cve,wordpress,wp-plugin,subpages-extended,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/subscribe2-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/subscribe2-18966e8228314b8165d39d48519f43cc.yaml
index e18a8216db..675f1ca979 100644
--- a/nuclei-templates/cve-less/plugins/subscribe2-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/subscribe2-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/subscribe2/"
     google-query: inurl:"/wp-content/plugins/subscribe2/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,subscribe2,medium
+  tags: cve,wordpress,wp-plugin,subscribe2,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sumo-divi-modules-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/sumo-divi-modules-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0428ae7df6..6edf29babe 100644
--- a/nuclei-templates/cve-less/plugins/sumo-divi-modules-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/sumo-divi-modules-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sumo-divi-modules/"
     google-query: inurl:"/wp-content/plugins/sumo-divi-modules/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sumo-divi-modules,medium
+  tags: cve,wordpress,wp-plugin,sumo-divi-modules,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/super-interactive-maps-100f897c38dafe938e9af02c79c8f1ff.yaml b/nuclei-templates/cve-less/plugins/super-interactive-maps-100f897c38dafe938e9af02c79c8f1ff.yaml
index dfa49376a7..9760d13eb4 100644
--- a/nuclei-templates/cve-less/plugins/super-interactive-maps-100f897c38dafe938e9af02c79c8f1ff.yaml
+++ b/nuclei-templates/cve-less/plugins/super-interactive-maps-100f897c38dafe938e9af02c79c8f1ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Super Store Finder <= 6.1, Super Interactive Maps <= 1.9, Super Logo Showcase <= 2.2  - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Super Store Finder, Super Interactive Maps, and Super Logo Showcase plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation in the /pages/import.php file in versions up to, and including, 6.1, 1.9. and 2.2 respectively. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-interactive-maps/"
     google-query: inurl:"/wp-content/plugins/super-interactive-maps/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,super-interactive-maps,high
+  tags: cve,wordpress,wp-plugin,super-interactive-maps,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/super-progressive-web-apps-da1b2a8c96719ab9e52f2e44ede96439.yaml b/nuclei-templates/cve-less/plugins/super-progressive-web-apps-da1b2a8c96719ab9e52f2e44ede96439.yaml
index 77a4ade32b..1dc83970ed 100644
--- a/nuclei-templates/cve-less/plugins/super-progressive-web-apps-da1b2a8c96719ab9e52f2e44ede96439.yaml
+++ b/nuclei-templates/cve-less/plugins/super-progressive-web-apps-da1b2a8c96719ab9e52f2e44ede96439.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Super Progressive Web Apps <= 2.2.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Super Progressive Web Apps plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the superpwa_send_feedback function in versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to submit feedback to the plugin developers.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-progressive-web-apps/"
     google-query: inurl:"/wp-content/plugins/super-progressive-web-apps/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,super-progressive-web-apps,medium
+  tags: cve,wordpress,wp-plugin,super-progressive-web-apps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/super-socializer-d2b942d377993c80a764418d9e08cf38.yaml b/nuclei-templates/cve-less/plugins/super-socializer-d2b942d377993c80a764418d9e08cf38.yaml
index cfe592c93a..a2f5e6cb3d 100644
--- a/nuclei-templates/cve-less/plugins/super-socializer-d2b942d377993c80a764418d9e08cf38.yaml
+++ b/nuclei-templates/cve-less/plugins/super-socializer-d2b942d377993c80a764418d9e08cf38.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Super Socializer <= 7.13.53 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Super Socializer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins [TheChamp-Counter] and [TheChamp-Sharing] shortcodes in versions up to, and including, 7.13.53 due to insufficient input sanitization and output escaping on the url user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-socializer/"
     google-query: inurl:"/wp-content/plugins/super-socializer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,super-socializer,medium
+  tags: cve,wordpress,wp-plugin,super-socializer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/super-transactional-emails-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/super-transactional-emails-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e1ef372b95..4d0bc7f821 100644
--- a/nuclei-templates/cve-less/plugins/super-transactional-emails-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/super-transactional-emails-for-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-transactional-emails-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/super-transactional-emails-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,super-transactional-emails-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,super-transactional-emails-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/super-video-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/super-video-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b23b824028..7e003431d0 100644
--- a/nuclei-templates/cve-less/plugins/super-video-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/super-video-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/super-video-player/"
     google-query: inurl:"/wp-content/plugins/super-video-player/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,super-video-player,medium
+  tags: cve,wordpress,wp-plugin,super-video-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/superlogoshowcase-wp-100f897c38dafe938e9af02c79c8f1ff.yaml b/nuclei-templates/cve-less/plugins/superlogoshowcase-wp-100f897c38dafe938e9af02c79c8f1ff.yaml
index 95d96adece..ab070f5d57 100644
--- a/nuclei-templates/cve-less/plugins/superlogoshowcase-wp-100f897c38dafe938e9af02c79c8f1ff.yaml
+++ b/nuclei-templates/cve-less/plugins/superlogoshowcase-wp-100f897c38dafe938e9af02c79c8f1ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Super Store Finder <= 6.1, Super Interactive Maps <= 1.9, Super Logo Showcase <= 2.2  - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Super Store Finder, Super Interactive Maps, and Super Logo Showcase plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation in the /pages/import.php file in versions up to, and including, 6.1, 1.9. and 2.2 respectively. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/superlogoshowcase-wp/"
     google-query: inurl:"/wp-content/plugins/superlogoshowcase-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,superlogoshowcase-wp,high
+  tags: cve,wordpress,wp-plugin,superlogoshowcase-wp,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/superstorefinder-wp-100f897c38dafe938e9af02c79c8f1ff.yaml b/nuclei-templates/cve-less/plugins/superstorefinder-wp-100f897c38dafe938e9af02c79c8f1ff.yaml
index c59e72b37c..785f3bc4fb 100644
--- a/nuclei-templates/cve-less/plugins/superstorefinder-wp-100f897c38dafe938e9af02c79c8f1ff.yaml
+++ b/nuclei-templates/cve-less/plugins/superstorefinder-wp-100f897c38dafe938e9af02c79c8f1ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Super Store Finder <= 6.1, Super Interactive Maps <= 1.9, Super Logo Showcase <= 2.2  - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Super Store Finder, Super Interactive Maps, and Super Logo Showcase plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation in the /pages/import.php file in versions up to, and including, 6.1, 1.9. and 2.2 respectively. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/superstorefinder-wp/"
     google-query: inurl:"/wp-content/plugins/superstorefinder-wp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,superstorefinder-wp,high
+  tags: cve,wordpress,wp-plugin,superstorefinder-wp,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/supportboard-4b0cb38b99185f75f96c68ddb4fd5800.yaml b/nuclei-templates/cve-less/plugins/supportboard-4b0cb38b99185f75f96c68ddb4fd5800.yaml
index a5d0468885..9ef5367e91 100644
--- a/nuclei-templates/cve-less/plugins/supportboard-4b0cb38b99185f75f96c68ddb4fd5800.yaml
+++ b/nuclei-templates/cve-less/plugins/supportboard-4b0cb38b99185f75f96c68ddb4fd5800.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Support Board <= 3.4.1 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Support Board plugin for WordPress is vulnerable to generic SQL Injection via several parameters in versions up to, and including, 3.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with a low privilege to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportboard/"
     google-query: inurl:"/wp-content/plugins/supportboard/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,supportboard,high
+  tags: cve,wordpress,wp-plugin,supportboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/supportboard-b10ddb53a1d55359331e1cfb5b98fd64.yaml b/nuclei-templates/cve-less/plugins/supportboard-b10ddb53a1d55359331e1cfb5b98fd64.yaml
index 4909c4b3f7..7650567302 100644
--- a/nuclei-templates/cve-less/plugins/supportboard-b10ddb53a1d55359331e1cfb5b98fd64.yaml
+++ b/nuclei-templates/cve-less/plugins/supportboard-b10ddb53a1d55359331e1cfb5b98fd64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Support Board <= 1.2.8 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Support Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/supportboard/"
     google-query: inurl:"/wp-content/plugins/supportboard/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,supportboard,medium
+  tags: cve,wordpress,wp-plugin,supportboard,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/surbma-gdpr-proof-google-analytics-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/surbma-gdpr-proof-google-analytics-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 40437213fb..d6eb8cdb86 100644
--- a/nuclei-templates/cve-less/plugins/surbma-gdpr-proof-google-analytics-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/surbma-gdpr-proof-google-analytics-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/surbma-gdpr-proof-google-analytics/"
     google-query: inurl:"/wp-content/plugins/surbma-gdpr-proof-google-analytics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,surbma-gdpr-proof-google-analytics,medium
+  tags: cve,wordpress,wp-plugin,surbma-gdpr-proof-google-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/surbma-magyar-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/surbma-magyar-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e43ea5c16f..b4d84f1c54 100644
--- a/nuclei-templates/cve-less/plugins/surbma-magyar-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/surbma-magyar-woocommerce-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/surbma-magyar-woocommerce/"
     google-query: inurl:"/wp-content/plugins/surbma-magyar-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,surbma-magyar-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,surbma-magyar-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/survey-maker-ad612424551c0ee261f169ba5954843e.yaml b/nuclei-templates/cve-less/plugins/survey-maker-ad612424551c0ee261f169ba5954843e.yaml
index 848713376a..cdb3a9a65d 100644
--- a/nuclei-templates/cve-less/plugins/survey-maker-ad612424551c0ee261f169ba5954843e.yaml
+++ b/nuclei-templates/cve-less/plugins/survey-maker-ad612424551c0ee261f169ba5954843e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Survey Maker – Best WordPress Survey Plugin <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Survey Maker – Best WordPress Survey Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings (such as custom CSS) in versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/survey-maker/"
     google-query: inurl:"/wp-content/plugins/survey-maker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,survey-maker,medium
+  tags: cve,wordpress,wp-plugin,survey-maker,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/surveyfunnel-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/surveyfunnel-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 79fb5c3aa7..5c2a168a50 100644
--- a/nuclei-templates/cve-less/plugins/surveyfunnel-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/surveyfunnel-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/surveyfunnel-lite/"
     google-query: inurl:"/wp-content/plugins/surveyfunnel-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,surveyfunnel-lite,medium
+  tags: cve,wordpress,wp-plugin,surveyfunnel-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sv-provenexpert-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/sv-provenexpert-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7f414aa7a5..a7c2ff9a61 100644
--- a/nuclei-templates/cve-less/plugins/sv-provenexpert-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/sv-provenexpert-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sv-provenexpert/"
     google-query: inurl:"/wp-content/plugins/sv-provenexpert/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sv-provenexpert,medium
+  tags: cve,wordpress,wp-plugin,sv-provenexpert,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sv-tracking-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/sv-tracking-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 51ca85b522..fbfe26c650 100644
--- a/nuclei-templates/cve-less/plugins/sv-tracking-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/sv-tracking-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sv-tracking-manager/"
     google-query: inurl:"/wp-content/plugins/sv-tracking-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sv-tracking-manager,medium
+  tags: cve,wordpress,wp-plugin,sv-tracking-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/svg-flags-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/svg-flags-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9a1f520374..bb65c0831e 100644
--- a/nuclei-templates/cve-less/plugins/svg-flags-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/svg-flags-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/svg-flags-lite/"
     google-query: inurl:"/wp-content/plugins/svg-flags-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,svg-flags-lite,medium
+  tags: cve,wordpress,wp-plugin,svg-flags-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/sync-ecommerce-neo-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/sync-ecommerce-neo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 220c3d32c8..698fddccc9 100644
--- a/nuclei-templates/cve-less/plugins/sync-ecommerce-neo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/sync-ecommerce-neo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/sync-ecommerce-neo/"
     google-query: inurl:"/wp-content/plugins/sync-ecommerce-neo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,sync-ecommerce-neo,medium
+  tags: cve,wordpress,wp-plugin,sync-ecommerce-neo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/syncee-for-suppliers-85d0c53e63bad002a594a7c01a2ede3c.yaml b/nuclei-templates/cve-less/plugins/syncee-for-suppliers-85d0c53e63bad002a594a7c01a2ede3c.yaml
index 9b27c1e3f5..25e5ed91a8 100644
--- a/nuclei-templates/cve-less/plugins/syncee-for-suppliers-85d0c53e63bad002a594a7c01a2ede3c.yaml
+++ b/nuclei-templates/cve-less/plugins/syncee-for-suppliers-85d0c53e63bad002a594a7c01a2ede3c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Syncee for Suppliers <= 1.0.5 - Missing Authorization to Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Syncee for Suppliers plugin for WordPress is vulnerable to Missing Authorization to Sensitive Information Disclosure in versions up to, and including, 1.0.5. This is due to a missing capability check on the /wp-json/syncee/supplier/v1/getDataForFrontend REST-API endpoint. This makes it possible for unauthenticated attackers to perform a GET request to that information that discloses information like the site's syncee_access_token_supplier and data_to_syncee_installer_supplier values.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/syncee-for-suppliers/"
     google-query: inurl:"/wp-content/plugins/syncee-for-suppliers/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,syncee-for-suppliers,medium
+  tags: cve,wordpress,wp-plugin,syncee-for-suppliers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/syntaxhighlighter-860aeeaea687dc364b79673a2290695e.yaml b/nuclei-templates/cve-less/plugins/syntaxhighlighter-860aeeaea687dc364b79673a2290695e.yaml
index 62516bd79d..d8392a6abc 100644
--- a/nuclei-templates/cve-less/plugins/syntaxhighlighter-860aeeaea687dc364b79673a2290695e.yaml
+++ b/nuclei-templates/cve-less/plugins/syntaxhighlighter-860aeeaea687dc364b79673a2290695e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SyntaxHighlighter Evolved <= 3.1.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The SyntaxHighlighter Evolved plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/syntaxhighlighter/"
     google-query: inurl:"/wp-content/plugins/syntaxhighlighter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,syntaxhighlighter,medium
+  tags: cve,wordpress,wp-plugin,syntaxhighlighter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/table-generator-fd97a9eb267d56f526d35e401fac2886.yaml b/nuclei-templates/cve-less/plugins/table-generator-fd97a9eb267d56f526d35e401fac2886.yaml
index 10bfc28671..e40759c713 100644
--- a/nuclei-templates/cve-less/plugins/table-generator-fd97a9eb267d56f526d35e401fac2886.yaml
+++ b/nuclei-templates/cve-less/plugins/table-generator-fd97a9eb267d56f526d35e401fac2886.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Table Generator <= 1.3.0 - Missing Authorization to Table Modification
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Table Generator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_requests function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to add/update/delete database tables maintained by the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/table-generator/"
     google-query: inurl:"/wp-content/plugins/table-generator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,table-generator,medium
+  tags: cve,wordpress,wp-plugin,table-generator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/table-of-contents-plus-59af9a4b87c64d3fc5a5f77eb6d682d2.yaml b/nuclei-templates/cve-less/plugins/table-of-contents-plus-59af9a4b87c64d3fc5a5f77eb6d682d2.yaml
index 4cd4c67e4b..b1d37f04de 100644
--- a/nuclei-templates/cve-less/plugins/table-of-contents-plus-59af9a4b87c64d3fc5a5f77eb6d682d2.yaml
+++ b/nuclei-templates/cve-less/plugins/table-of-contents-plus-59af9a4b87c64d3fc5a5f77eb6d682d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Table of Contents Plus <= 2302 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Table of Contents Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2302 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/table-of-contents-plus/"
     google-query: inurl:"/wp-content/plugins/table-of-contents-plus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,table-of-contents-plus,medium
+  tags: cve,wordpress,wp-plugin,table-of-contents-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tablesome-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/tablesome-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 366b4c23c8..65219a8a6b 100644
--- a/nuclei-templates/cve-less/plugins/tablesome-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/tablesome-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tablesome/"
     google-query: inurl:"/wp-content/plugins/tablesome/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tablesome,medium
+  tags: cve,wordpress,wp-plugin,tablesome,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tabs-with-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/tabs-with-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b0d42df7b2..3ded3d614e 100644
--- a/nuclei-templates/cve-less/plugins/tabs-with-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/tabs-with-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tabs-with-posts/"
     google-query: inurl:"/wp-content/plugins/tabs-with-posts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tabs-with-posts,medium
+  tags: cve,wordpress,wp-plugin,tabs-with-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tag-groups-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/tag-groups-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 552f8872bd..f1892db187 100644
--- a/nuclei-templates/cve-less/plugins/tag-groups-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/tag-groups-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tag-groups/"
     google-query: inurl:"/wp-content/plugins/tag-groups/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tag-groups,medium
+  tags: cve,wordpress,wp-plugin,tag-groups,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/task-manager-pro-3c71f53ddfca3bc25fb132db1aac667a.yaml b/nuclei-templates/cve-less/plugins/task-manager-pro-3c71f53ddfca3bc25fb132db1aac667a.yaml
index e5dae32dc1..1bfa161743 100644
--- a/nuclei-templates/cve-less/plugins/task-manager-pro-3c71f53ddfca3bc25fb132db1aac667a.yaml
+++ b/nuclei-templates/cve-less/plugins/task-manager-pro-3c71f53ddfca3bc25fb132db1aac667a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Task Manager Pro <= 1.3.1 - Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Task Manager Pro plugin for WordPress is vulnerable to blind SQL Injection via the 'task' parameter in versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/task-manager-pro/"
     google-query: inurl:"/wp-content/plugins/task-manager-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,task-manager-pro,high
+  tags: cve,wordpress,wp-plugin,task-manager-pro,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/task-manager-pro-4c984e9d1c9a129101e93a0ae80c8a9c.yaml b/nuclei-templates/cve-less/plugins/task-manager-pro-4c984e9d1c9a129101e93a0ae80c8a9c.yaml
index 7b36d04d1b..b18add6886 100644
--- a/nuclei-templates/cve-less/plugins/task-manager-pro-4c984e9d1c9a129101e93a0ae80c8a9c.yaml
+++ b/nuclei-templates/cve-less/plugins/task-manager-pro-4c984e9d1c9a129101e93a0ae80c8a9c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Task Manager Pro <= 1.3.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Task Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Add a comment' section in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/task-manager-pro/"
     google-query: inurl:"/wp-content/plugins/task-manager-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,task-manager-pro,medium
+  tags: cve,wordpress,wp-plugin,task-manager-pro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/taxonomy-terms-order-c638d03db9f642ea8657e9efadb89fe3.yaml b/nuclei-templates/cve-less/plugins/taxonomy-terms-order-c638d03db9f642ea8657e9efadb89fe3.yaml
index 91044d9a9f..3c205103b3 100644
--- a/nuclei-templates/cve-less/plugins/taxonomy-terms-order-c638d03db9f642ea8657e9efadb89fe3.yaml
+++ b/nuclei-templates/cve-less/plugins/taxonomy-terms-order-c638d03db9f642ea8657e9efadb89fe3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Category Order and Taxonomy Terms Order plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2.2 via deserialization of untrusted input from the 'order' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/taxonomy-terms-order/"
     google-query: inurl:"/wp-content/plugins/taxonomy-terms-order/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,taxonomy-terms-order,high
+  tags: cve,wordpress,wp-plugin,taxonomy-terms-order,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/taxonomy-terms-order-f5ae27bdecf9c7ab3666827aa6121937.yaml b/nuclei-templates/cve-less/plugins/taxonomy-terms-order-f5ae27bdecf9c7ab3666827aa6121937.yaml
index 45761a013b..3cecc2d6cf 100644
--- a/nuclei-templates/cve-less/plugins/taxonomy-terms-order-f5ae27bdecf9c7ab3666827aa6121937.yaml
+++ b/nuclei-templates/cve-less/plugins/taxonomy-terms-order-f5ae27bdecf9c7ab3666827aa6121937.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Category Order and Taxonomy Terms Order <1.4.6.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Category Order and Taxonomy Terms Order plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4.6.0 due to insufficient input sanitization and output escaping on the 'post_type' parameter. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/taxonomy-terms-order/"
     google-query: inurl:"/wp-content/plugins/taxonomy-terms-order/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,taxonomy-terms-order,medium
+  tags: cve,wordpress,wp-plugin,taxonomy-terms-order,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-15b5b7552cd59d4fe58cc4180bb081ff.yaml b/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-15b5b7552cd59d4fe58cc4180bb081ff.yaml
index 0e02a3d285..6514de8e05 100644
--- a/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-15b5b7552cd59d4fe58cc4180bb081ff.yaml
+++ b/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-15b5b7552cd59d4fe58cc4180bb081ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.12.23 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to SQL Injection via the filtered_ids parameter in versions up to, and including, 2.12.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tenweb-speed-optimizer/"
     google-query: inurl:"/wp-content/plugins/tenweb-speed-optimizer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tenweb-speed-optimizer,high
+  tags: cve,wordpress,wp-plugin,tenweb-speed-optimizer,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-b27ee90d1fddd4df887e8806bf4e7ee4.yaml b/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-b27ee90d1fddd4df887e8806bf4e7ee4.yaml
index ff476ddf63..581cc08df7 100644
--- a/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-b27ee90d1fddd4df887e8806bf4e7ee4.yaml
+++ b/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-b27ee90d1fddd4df887e8806bf4e7ee4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.8.34 - Missing Authorization to Plugin Deactivation
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The 10Web Booster plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the two_deactivate_plugin function in versions up to, and including, 2.8.34. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to deactivate incompatible plugins.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tenweb-speed-optimizer/"
     google-query: inurl:"/wp-content/plugins/tenweb-speed-optimizer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tenweb-speed-optimizer,medium
+  tags: cve,wordpress,wp-plugin,tenweb-speed-optimizer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/testimonial-free-bc1021396d5f2f9f59d1b9e8308f6b42.yaml b/nuclei-templates/cve-less/plugins/testimonial-free-bc1021396d5f2f9f59d1b9e8308f6b42.yaml
index eac7b09f3b..eb1353cbda 100644
--- a/nuclei-templates/cve-less/plugins/testimonial-free-bc1021396d5f2f9f59d1b9e8308f6b42.yaml
+++ b/nuclei-templates/cve-less/plugins/testimonial-free-bc1021396d5f2f9f59d1b9e8308f6b42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Testimonials <= 2.1.6 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Real Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated low-privileged attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-free/"
     google-query: inurl:"/wp-content/plugins/testimonial-free/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,testimonial-free,medium
+  tags: cve,wordpress,wp-plugin,testimonial-free,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/testimonial-slider-and-showcase-f54e3a0500b97b96852bb8d2c3a17f16.yaml b/nuclei-templates/cve-less/plugins/testimonial-slider-and-showcase-f54e3a0500b97b96852bb8d2c3a17f16.yaml
index fa349d7f8e..5aa11d7adb 100644
--- a/nuclei-templates/cve-less/plugins/testimonial-slider-and-showcase-f54e3a0500b97b96852bb8d2c3a17f16.yaml
+++ b/nuclei-templates/cve-less/plugins/testimonial-slider-and-showcase-f54e3a0500b97b96852bb8d2c3a17f16.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Testimonial Slider <= 2.2.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post_title parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/testimonial-slider-and-showcase/"
     google-query: inurl:"/wp-content/plugins/testimonial-slider-and-showcase/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,testimonial-slider-and-showcase,medium
+  tags: cve,wordpress,wp-plugin,testimonial-slider-and-showcase,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/textme-sms-integration-cc2369bd97072a25359057b15b301ff4.yaml b/nuclei-templates/cve-less/plugins/textme-sms-integration-cc2369bd97072a25359057b15b301ff4.yaml
index 79ef54d4bd..7cbb9473fa 100644
--- a/nuclei-templates/cve-less/plugins/textme-sms-integration-cc2369bd97072a25359057b15b301ff4.yaml
+++ b/nuclei-templates/cve-less/plugins/textme-sms-integration-cc2369bd97072a25359057b15b301ff4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TextMe SMS <= 1.8.8 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The TextMe SMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/textme-sms-integration/"
     google-query: inurl:"/wp-content/plugins/textme-sms-integration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,textme-sms-integration,high
+  tags: cve,wordpress,wp-plugin,textme-sms-integration,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/texty-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/texty-18966e8228314b8165d39d48519f43cc.yaml
index ca3393d650..d0b412c207 100644
--- a/nuclei-templates/cve-less/plugins/texty-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/texty-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/texty/"
     google-query: inurl:"/wp-content/plugins/texty/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,texty,medium
+  tags: cve,wordpress,wp-plugin,texty,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/the-events-calendar-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/the-events-calendar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2f62779ec5..59fa9d3cce 100644
--- a/nuclei-templates/cve-less/plugins/the-events-calendar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/the-events-calendar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/the-events-calendar/"
     google-query: inurl:"/wp-content/plugins/the-events-calendar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,the-events-calendar,medium
+  tags: cve,wordpress,wp-plugin,the-events-calendar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/theme-blvd-layout-builder-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/plugins/theme-blvd-layout-builder-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index 0bb4451d7b..6f2e5b1e9c 100644
--- a/nuclei-templates/cve-less/plugins/theme-blvd-layout-builder-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/plugins/theme-blvd-layout-builder-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-blvd-layout-builder/"
     google-query: inurl:"/wp-content/plugins/theme-blvd-layout-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,theme-blvd-layout-builder,medium
+  tags: cve,wordpress,wp-plugin,theme-blvd-layout-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/theme-blvd-shortcodes-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/plugins/theme-blvd-shortcodes-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index 6e6fa01865..3a9af236b3 100644
--- a/nuclei-templates/cve-less/plugins/theme-blvd-shortcodes-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/plugins/theme-blvd-shortcodes-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-blvd-shortcodes/"
     google-query: inurl:"/wp-content/plugins/theme-blvd-shortcodes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,theme-blvd-shortcodes,medium
+  tags: cve,wordpress,wp-plugin,theme-blvd-shortcodes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/theme-blvd-sliders-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/plugins/theme-blvd-sliders-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index 9c1021de5e..b5d3a7e2c3 100644
--- a/nuclei-templates/cve-less/plugins/theme-blvd-sliders-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/plugins/theme-blvd-sliders-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-blvd-sliders/"
     google-query: inurl:"/wp-content/plugins/theme-blvd-sliders/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,theme-blvd-sliders,medium
+  tags: cve,wordpress,wp-plugin,theme-blvd-sliders,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/theme-blvd-widget-areas-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/plugins/theme-blvd-widget-areas-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index 9465f88662..8ac6063058 100644
--- a/nuclei-templates/cve-less/plugins/theme-blvd-widget-areas-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/plugins/theme-blvd-widget-areas-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-blvd-widget-areas/"
     google-query: inurl:"/wp-content/plugins/theme-blvd-widget-areas/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,theme-blvd-widget-areas,medium
+  tags: cve,wordpress,wp-plugin,theme-blvd-widget-areas,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/theme-editor-eb3be0c0cf31ccd39967171afebb18b6.yaml b/nuclei-templates/cve-less/plugins/theme-editor-eb3be0c0cf31ccd39967171afebb18b6.yaml
index 55ede3d298..3914c06a2a 100644
--- a/nuclei-templates/cve-less/plugins/theme-editor-eb3be0c0cf31ccd39967171afebb18b6.yaml
+++ b/nuclei-templates/cve-less/plugins/theme-editor-eb3be0c0cf31ccd39967171afebb18b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Theme Editor <= 2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the [function-name] function. This makes it possible for unauthenticated attackers to [state the impact of the vulnerability] via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/theme-editor/"
     google-query: inurl:"/wp-content/plugins/theme-editor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,theme-editor,high
+  tags: cve,wordpress,wp-plugin,theme-editor,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/themegrill-demo-importer-96a6eb43348a230ce62c16f4c805f2b0.yaml b/nuclei-templates/cve-less/plugins/themegrill-demo-importer-96a6eb43348a230ce62c16f4c805f2b0.yaml
index ffa5ef9535..56c577b6d7 100644
--- a/nuclei-templates/cve-less/plugins/themegrill-demo-importer-96a6eb43348a230ce62c16f4c805f2b0.yaml
+++ b/nuclei-templates/cve-less/plugins/themegrill-demo-importer-96a6eb43348a230ce62c16f4c805f2b0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/themegrill-demo-importer/"
     google-query: inurl:"/wp-content/plugins/themegrill-demo-importer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,themegrill-demo-importer,critical
+  tags: cve,wordpress,wp-plugin,themegrill-demo-importer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/thinkit-wp-contact-form-3134d0e942033e6ac2b7d54901e657a7.yaml b/nuclei-templates/cve-less/plugins/thinkit-wp-contact-form-3134d0e942033e6ac2b7d54901e657a7.yaml
index db9af7202c..68a6fa9b9a 100644
--- a/nuclei-templates/cve-less/plugins/thinkit-wp-contact-form-3134d0e942033e6ac2b7d54901e657a7.yaml
+++ b/nuclei-templates/cve-less/plugins/thinkit-wp-contact-form-3134d0e942033e6ac2b7d54901e657a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThinkIT WP Contact Form Plugin < 0.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ThinkIT WP Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ID’ parameter in versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thinkit-wp-contact-form/"
     google-query: inurl:"/wp-content/plugins/thinkit-wp-contact-form/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,thinkit-wp-contact-form,medium
+  tags: cve,wordpress,wp-plugin,thinkit-wp-contact-form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/thumbnail-for-excerpts-bab8c0d44e1c325d945380a6221bd569.yaml b/nuclei-templates/cve-less/plugins/thumbnail-for-excerpts-bab8c0d44e1c325d945380a6221bd569.yaml
index 2978142c7c..90d1e92cc2 100644
--- a/nuclei-templates/cve-less/plugins/thumbnail-for-excerpts-bab8c0d44e1c325d945380a6221bd569.yaml
+++ b/nuclei-templates/cve-less/plugins/thumbnail-for-excerpts-bab8c0d44e1c325d945380a6221bd569.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thumbnail For Excerpts <= 2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Thumbnail For Excerpts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1 . This is due to missing or incorrect nonce validation on the tfe_add_admin() function. This makes it possible for unauthenticated attackers to modify the plugin's settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. This vulnerability can also be used to update options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/thumbnail-for-excerpts/"
     google-query: inurl:"/wp-content/plugins/thumbnail-for-excerpts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,thumbnail-for-excerpts,high
+  tags: cve,wordpress,wp-plugin,thumbnail-for-excerpts,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 926aeeca73..a3b753ed87 100644
--- a/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tickera-event-ticketing-system/"
     google-query: inurl:"/wp-content/plugins/tickera-event-ticketing-system/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tickera-event-ticketing-system,medium
+  tags: cve,wordpress,wp-plugin,tickera-event-ticketing-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tidio-live-chat-3713d3bbe5441b73f08676feaf2b85ec.yaml b/nuclei-templates/cve-less/plugins/tidio-live-chat-3713d3bbe5441b73f08676feaf2b85ec.yaml
index 2b09d531b9..885378e6e6 100644
--- a/nuclei-templates/cve-less/plugins/tidio-live-chat-3713d3bbe5441b73f08676feaf2b85ec.yaml
+++ b/nuclei-templates/cve-less/plugins/tidio-live-chat-3713d3bbe5441b73f08676feaf2b85ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tidio Live Chat < 4.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Tidio Live Chat plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.0. This is due to missing or incorrect nonce validation on the toggleAsync(), ajaxSetProjectKeys(), and uninstall() functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, alongside performing other administrative actions, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tidio-live-chat/"
     google-query: inurl:"/wp-content/plugins/tidio-live-chat/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tidio-live-chat,high
+  tags: cve,wordpress,wp-plugin,tidio-live-chat,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tier-pricing-table-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/tier-pricing-table-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e58de4dfbe..bddc7f963c 100644
--- a/nuclei-templates/cve-less/plugins/tier-pricing-table-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/tier-pricing-table-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tier-pricing-table/"
     google-query: inurl:"/wp-content/plugins/tier-pricing-table/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tier-pricing-table,medium
+  tags: cve,wordpress,wp-plugin,tier-pricing-table,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/timelineoptinpro-7246f496264a94e15a1d8c35393cc7dd.yaml b/nuclei-templates/cve-less/plugins/timelineoptinpro-7246f496264a94e15a1d8c35393cc7dd.yaml
index 045e9ee434..6dbe4e8dbf 100644
--- a/nuclei-templates/cve-less/plugins/timelineoptinpro-7246f496264a94e15a1d8c35393cc7dd.yaml
+++ b/nuclei-templates/cve-less/plugins/timelineoptinpro-7246f496264a94e15a1d8c35393cc7dd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     timelineoptinpro Plugin (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The timelineoptinpro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/timelineoptinpro/"
     google-query: inurl:"/wp-content/plugins/timelineoptinpro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,timelineoptinpro,medium
+  tags: cve,wordpress,wp-plugin,timelineoptinpro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tinymce-annotate-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/tinymce-annotate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 40f15a0133..1642cd76d5 100644
--- a/nuclei-templates/cve-less/plugins/tinymce-annotate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/tinymce-annotate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tinymce-annotate/"
     google-query: inurl:"/wp-content/plugins/tinymce-annotate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tinymce-annotate,medium
+  tags: cve,wordpress,wp-plugin,tinymce-annotate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tinymce-thumbnail-gallery-d4668154e14e969595c9de23505f40d2.yaml b/nuclei-templates/cve-less/plugins/tinymce-thumbnail-gallery-d4668154e14e969595c9de23505f40d2.yaml
index 4198121675..6864365ab1 100644
--- a/nuclei-templates/cve-less/plugins/tinymce-thumbnail-gallery-d4668154e14e969595c9de23505f40d2.yaml
+++ b/nuclei-templates/cve-less/plugins/tinymce-thumbnail-gallery-d4668154e14e969595c9de23505f40d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tinymce Thumbnail Gallery <= 1.0.7 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Tinymce Thumbnail Gallery plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.7 via the 'href' parameter found in the ~/php/download-image.php file that can be directly accessed. This makes it possible for unauthenticated attackers to retrieve information from local files such as wp-config.php.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tinymce-thumbnail-gallery/"
     google-query: inurl:"/wp-content/plugins/tinymce-thumbnail-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tinymce-thumbnail-gallery,high
+  tags: cve,wordpress,wp-plugin,tinymce-thumbnail-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/title-field-validation-32a996c823f220857a5611dc8238f0fc.yaml b/nuclei-templates/cve-less/plugins/title-field-validation-32a996c823f220857a5611dc8238f0fc.yaml
index ea53a1d40f..7f9c658130 100644
--- a/nuclei-templates/cve-less/plugins/title-field-validation-32a996c823f220857a5611dc8238f0fc.yaml
+++ b/nuclei-templates/cve-less/plugins/title-field-validation-32a996c823f220857a5611dc8238f0fc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Title Field Validation <= 1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Title Field Validation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to add, edit, and delete validation parameters via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/title-field-validation/"
     google-query: inurl:"/wp-content/plugins/title-field-validation/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,title-field-validation,high
+  tags: cve,wordpress,wp-plugin,title-field-validation,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tk-google-fonts-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/tk-google-fonts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9173b2cd7a..4e0cc92433 100644
--- a/nuclei-templates/cve-less/plugins/tk-google-fonts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/tk-google-fonts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tk-google-fonts/"
     google-query: inurl:"/wp-content/plugins/tk-google-fonts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tk-google-fonts,medium
+  tags: cve,wordpress,wp-plugin,tk-google-fonts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tk-smugmug-slideshow-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/tk-smugmug-slideshow-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6b251dabad..d4501e62ea 100644
--- a/nuclei-templates/cve-less/plugins/tk-smugmug-slideshow-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/tk-smugmug-slideshow-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tk-smugmug-slideshow-shortcode/"
     google-query: inurl:"/wp-content/plugins/tk-smugmug-slideshow-shortcode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tk-smugmug-slideshow-shortcode,medium
+  tags: cve,wordpress,wp-plugin,tk-smugmug-slideshow-shortcode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/top-10-4b2149909b70a0a5dde344497a2540e6.yaml b/nuclei-templates/cve-less/plugins/top-10-4b2149909b70a0a5dde344497a2540e6.yaml
index 6a3c8a61bb..4bf2c55901 100644
--- a/nuclei-templates/cve-less/plugins/top-10-4b2149909b70a0a5dde344497a2540e6.yaml
+++ b/nuclei-templates/cve-less/plugins/top-10-4b2149909b70a0a5dde344497a2540e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Top 10 – Popular posts plugin for WordPress < 2.3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Top 10 – Popular posts plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Scripting via the 'page' parameter in versions before 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/top-10/"
     google-query: inurl:"/wp-content/plugins/top-10/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,top-10,medium
+  tags: cve,wordpress,wp-plugin,top-10,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/top-10-aebc987297daa60ebc9f62d4c873ab22.yaml b/nuclei-templates/cve-less/plugins/top-10-aebc987297daa60ebc9f62d4c873ab22.yaml
index 1554675200..db8dbe9e96 100644
--- a/nuclei-templates/cve-less/plugins/top-10-aebc987297daa60ebc9f62d4c873ab22.yaml
+++ b/nuclei-templates/cve-less/plugins/top-10-aebc987297daa60ebc9f62d4c873ab22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Top 10 – Popular posts plugin for WordPress <= 3.2.4 - Missing Authorization on tptn_chart_data
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Top 10 – Popular posts plugin for WordPress is vulnerable to insufficient access control in the 'tptn_chart_data' AJAX action in versions up to, and including, 3.2.4. This allows authenticated attackers to access chart data granted they can access the admin dashboard and retrieve the nonce used for access control.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/top-10/"
     google-query: inurl:"/wp-content/plugins/top-10/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,top-10,medium
+  tags: cve,wordpress,wp-plugin,top-10,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/top-10-d6080d1f6e6aba862d174924fa49080e.yaml b/nuclei-templates/cve-less/plugins/top-10-d6080d1f6e6aba862d174924fa49080e.yaml
index 697e9ce590..db9ae59d51 100644
--- a/nuclei-templates/cve-less/plugins/top-10-d6080d1f6e6aba862d174924fa49080e.yaml
+++ b/nuclei-templates/cve-less/plugins/top-10-d6080d1f6e6aba862d174924fa49080e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Top 10 – Popular posts plugin for WordPress <= 2.4.3 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Top 10 – Popular posts plugin for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the ‘get_results’ parameter in versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with admin level access to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/top-10/"
     google-query: inurl:"/wp-content/plugins/top-10/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,top-10,high
+  tags: cve,wordpress,wp-plugin,top-10,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tracked-tweets-0d742014c6c6d4f612dc93a0d8ee844f.yaml b/nuclei-templates/cve-less/plugins/tracked-tweets-0d742014c6c6d4f612dc93a0d8ee844f.yaml
index 89b70c3271..e0b40d1c68 100644
--- a/nuclei-templates/cve-less/plugins/tracked-tweets-0d742014c6c6d4f612dc93a0d8ee844f.yaml
+++ b/nuclei-templates/cve-less/plugins/tracked-tweets-0d742014c6c6d4f612dc93a0d8ee844f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tracked Tweets <= 0.2.9 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Tracked Tweets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2.9. This is due to missing or incorrect nonce validation in the ~/tracked-tweets/trackedtweets.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tracked-tweets/"
     google-query: inurl:"/wp-content/plugins/tracked-tweets/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tracked-tweets,high
+  tags: cve,wordpress,wp-plugin,tracked-tweets,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tracking-code-manager-d699893673e058c723134b07631ea093.yaml b/nuclei-templates/cve-less/plugins/tracking-code-manager-d699893673e058c723134b07631ea093.yaml
index 69b8590844..0b193a9e44 100644
--- a/nuclei-templates/cve-less/plugins/tracking-code-manager-d699893673e058c723134b07631ea093.yaml
+++ b/nuclei-templates/cve-less/plugins/tracking-code-manager-d699893673e058c723134b07631ea093.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tracking Code Manager < 1.11.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tracking Code Manager for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tcmp_action’ parameter in versions up to, and including, 1.11.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tracking-code-manager/"
     google-query: inurl:"/wp-content/plugins/tracking-code-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tracking-code-manager,medium
+  tags: cve,wordpress,wp-plugin,tracking-code-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/traderunner-0335e77335774af60e62b59ea8bf3dff.yaml b/nuclei-templates/cve-less/plugins/traderunner-0335e77335774af60e62b59ea8bf3dff.yaml
index 9ef13ad5d1..d8619c6e8a 100644
--- a/nuclei-templates/cve-less/plugins/traderunner-0335e77335774af60e62b59ea8bf3dff.yaml
+++ b/nuclei-templates/cve-less/plugins/traderunner-0335e77335774af60e62b59ea8bf3dff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Trade Runner <= 3.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Trade Runner plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including 3.9. This vulnerability likely requires authentication to exploit.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/traderunner/"
     google-query: inurl:"/wp-content/plugins/traderunner/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,traderunner,medium
+  tags: cve,wordpress,wp-plugin,traderunner,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/traderunner-38e522344d31819f399f7be27a471788.yaml b/nuclei-templates/cve-less/plugins/traderunner-38e522344d31819f399f7be27a471788.yaml
index 43263c133c..e1ee26dd7f 100644
--- a/nuclei-templates/cve-less/plugins/traderunner-38e522344d31819f399f7be27a471788.yaml
+++ b/nuclei-templates/cve-less/plugins/traderunner-38e522344d31819f399f7be27a471788.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Trade Runner <= 3.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Trade Runner  plugin for WordPress is vulnerable to authenticated Stored Cross-Site Scripting in versions up to, and including 3.9. This is due to insufficient output escaping on the $google_ads_account_id variable that is displayed on the front-end on the site. This can only be exploited by site administrators on multi-site installations or installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/traderunner/"
     google-query: inurl:"/wp-content/plugins/traderunner/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,traderunner,medium
+  tags: cve,wordpress,wp-plugin,traderunner,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tranzly-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/tranzly-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 18b4a6cbcc..b570c01827 100644
--- a/nuclei-templates/cve-less/plugins/tranzly-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/tranzly-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tranzly/"
     google-query: inurl:"/wp-content/plugins/tranzly/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tranzly,medium
+  tags: cve,wordpress,wp-plugin,tranzly,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/travel-light-23bff824abe3c334624b92f8ce9d99b5.yaml b/nuclei-templates/cve-less/plugins/travel-light-23bff824abe3c334624b92f8ce9d99b5.yaml
index f3d2b2261f..07df1c1e7b 100644
--- a/nuclei-templates/cve-less/plugins/travel-light-23bff824abe3c334624b92f8ce9d99b5.yaml
+++ b/nuclei-templates/cve-less/plugins/travel-light-23bff824abe3c334624b92f8ce9d99b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Travel Light <= 1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Travel Light for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'booktrip', 'filter_plcbrd_action', 'filter_plcservice_action', 'filter_action' and 'filter_service_action' AJAX actions. This makes it possible for unauthenticated attackers to gain restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/travel-light/"
     google-query: inurl:"/wp-content/plugins/travel-light/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,travel-light,high
+  tags: cve,wordpress,wp-plugin,travel-light,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/travelpayouts-6ab0ff32728ffec64a0e21f4658b6bb5.yaml b/nuclei-templates/cve-less/plugins/travelpayouts-6ab0ff32728ffec64a0e21f4658b6bb5.yaml
index 337a4552f9..78c33bea8e 100644
--- a/nuclei-templates/cve-less/plugins/travelpayouts-6ab0ff32728ffec64a0e21f4658b6bb5.yaml
+++ b/nuclei-templates/cve-less/plugins/travelpayouts-6ab0ff32728ffec64a0e21f4658b6bb5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Travelpayouts <= 1.0.16 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Travelpayouts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.16. This is due to missing or incorrect nonce validation in the outdated Redux Framework. This makes it possible for unauthenticated attackers to gain restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/travelpayouts/"
     google-query: inurl:"/wp-content/plugins/travelpayouts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,travelpayouts,high
+  tags: cve,wordpress,wp-plugin,travelpayouts,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tree-website-map-94fb995c7fcb31381238e0489629c885.yaml b/nuclei-templates/cve-less/plugins/tree-website-map-94fb995c7fcb31381238e0489629c885.yaml
index 025c27a180..50b7716fe9 100644
--- a/nuclei-templates/cve-less/plugins/tree-website-map-94fb995c7fcb31381238e0489629c885.yaml
+++ b/nuclei-templates/cve-less/plugins/tree-website-map-94fb995c7fcb31381238e0489629c885.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tree Sitemap (Pages, Posts & Categories list) <= 2.9 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Tree Sitemap (Pages, Posts & Categories list) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'cp_plugins_do_button_job_later_callback' AJAX action. This makes it possible for unauthenticated attackers to install and activate other plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tree-website-map/"
     google-query: inurl:"/wp-content/plugins/tree-website-map/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tree-website-map,high
+  tags: cve,wordpress,wp-plugin,tree-website-map,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/treepress-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/treepress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7dde6a13aa..28cdd003ca 100644
--- a/nuclei-templates/cve-less/plugins/treepress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/treepress-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/treepress/"
     google-query: inurl:"/wp-content/plugins/treepress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,treepress,medium
+  tags: cve,wordpress,wp-plugin,treepress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tripetto-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/tripetto-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d1a89b7d2b..9e5f040401 100644
--- a/nuclei-templates/cve-less/plugins/tripetto-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/tripetto-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tripetto/"
     google-query: inurl:"/wp-content/plugins/tripetto/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tripetto,medium
+  tags: cve,wordpress,wp-plugin,tripetto,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/trust-payments-gateway-3ds2-54a8519739469e9488888f770d59f330.yaml b/nuclei-templates/cve-less/plugins/trust-payments-gateway-3ds2-54a8519739469e9488888f770d59f330.yaml
index d87d908382..520c440675 100644
--- a/nuclei-templates/cve-less/plugins/trust-payments-gateway-3ds2-54a8519739469e9488888f770d59f330.yaml
+++ b/nuclei-templates/cve-less/plugins/trust-payments-gateway-3ds2-54a8519739469e9488888f770d59f330.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Trust Payments Gateway (3DS2) <= 1.2.0 -  Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Trust Payments Gateway (3DS2) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing nonce validation on the tpgw_refund_purchase() function. This makes it possible for unauthenticated attackers to refund order purchases via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/trust-payments-gateway-3ds2/"
     google-query: inurl:"/wp-content/plugins/trust-payments-gateway-3ds2/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,trust-payments-gateway-3ds2,high
+  tags: cve,wordpress,wp-plugin,trust-payments-gateway-3ds2,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/trust-payments-gateway-3ds2-98fdced366cbe609ca2059360fd4aeb3.yaml b/nuclei-templates/cve-less/plugins/trust-payments-gateway-3ds2-98fdced366cbe609ca2059360fd4aeb3.yaml
index d8e669ba6d..8a2acba84f 100644
--- a/nuclei-templates/cve-less/plugins/trust-payments-gateway-3ds2-98fdced366cbe609ca2059360fd4aeb3.yaml
+++ b/nuclei-templates/cve-less/plugins/trust-payments-gateway-3ds2-98fdced366cbe609ca2059360fd4aeb3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Trust Payments Gateway (3DS2) <= 1.2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Trust Payments Gateway (3DS2) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing nonce validation on several functions like tpgw_create_new_user() and tpgw_update_address_myst(). This makes it possible for unauthenticated attackers to perform several different administrative actions via forged requests granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/trust-payments-gateway-3ds2/"
     google-query: inurl:"/wp-content/plugins/trust-payments-gateway-3ds2/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,trust-payments-gateway-3ds2,high
+  tags: cve,wordpress,wp-plugin,trust-payments-gateway-3ds2,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/trustmate-io-integration-for-woocommerce-6a7609985d974c1a4f6bfca880ceff9a.yaml b/nuclei-templates/cve-less/plugins/trustmate-io-integration-for-woocommerce-6a7609985d974c1a4f6bfca880ceff9a.yaml
index 7507c5c686..16d5083195 100644
--- a/nuclei-templates/cve-less/plugins/trustmate-io-integration-for-woocommerce-6a7609985d974c1a4f6bfca880ceff9a.yaml
+++ b/nuclei-templates/cve-less/plugins/trustmate-io-integration-for-woocommerce-6a7609985d974c1a4f6bfca880ceff9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Blog Option Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TrustMate.io integration for WooCommerce plugin for WordPress is vulnerable to Blog Option Update via the 'save_checkbox' AJAX action in versions up to, and including, 1.8.12. This makes it possible for authenticated Subscriber+ attackers to update the vulnerable site's options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/trustmate-io-integration-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/trustmate-io-integration-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,trustmate-io-integration-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,trustmate-io-integration-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/trustmate-io-integration-for-woocommerce-83fc5c78890dc3902a4d33e267bdeee6.yaml b/nuclei-templates/cve-less/plugins/trustmate-io-integration-for-woocommerce-83fc5c78890dc3902a4d33e267bdeee6.yaml
index 5e2b190a30..4181c59ca2 100644
--- a/nuclei-templates/cve-less/plugins/trustmate-io-integration-for-woocommerce-83fc5c78890dc3902a4d33e267bdeee6.yaml
+++ b/nuclei-templates/cve-less/plugins/trustmate-io-integration-for-woocommerce-83fc5c78890dc3902a4d33e267bdeee6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Settings Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The TrustMate.io integration for WooCommerce plugin for WordPress is vulnerable to Arbitrary Settings Update via the 'save_checkbox' AJAX action in versions up to, and including, 1.8.11. This makes it possible for authenticated Subscriber+ attackers to update otherwise restricted plugin settings and perform a subsequent stored XSS attack within the vulnerable service.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/trustmate-io-integration-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/trustmate-io-integration-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,trustmate-io-integration-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,trustmate-io-integration-for-woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/turbo-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/turbo-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 877a75bc7c..bb482c7861 100644
--- a/nuclei-templates/cve-less/plugins/turbo-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/turbo-widgets-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/turbo-widgets/"
     google-query: inurl:"/wp-content/plugins/turbo-widgets/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,turbo-widgets,medium
+  tags: cve,wordpress,wp-plugin,turbo-widgets,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tutor-c52e67edc9fcaef058b0a6422fbb16e8.yaml b/nuclei-templates/cve-less/plugins/tutor-c52e67edc9fcaef058b0a6422fbb16e8.yaml
index fe5072a803..3121f6927a 100644
--- a/nuclei-templates/cve-less/plugins/tutor-c52e67edc9fcaef058b0a6422fbb16e8.yaml
+++ b/nuclei-templates/cve-less/plugins/tutor-c52e67edc9fcaef058b0a6422fbb16e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tutor LMS <= 1.9.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tutor LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tutor/"
     google-query: inurl:"/wp-content/plugins/tutor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tutor,medium
+  tags: cve,wordpress,wp-plugin,tutor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/twchat-1b6d6a3b10f19ccd74a4ee734a0f0ee6.yaml b/nuclei-templates/cve-less/plugins/twchat-1b6d6a3b10f19ccd74a4ee734a0f0ee6.yaml
index 3b7be4acb3..4a129ef26b 100644
--- a/nuclei-templates/cve-less/plugins/twchat-1b6d6a3b10f19ccd74a4ee734a0f0ee6.yaml
+++ b/nuclei-templates/cve-less/plugins/twchat-1b6d6a3b10f19ccd74a4ee734a0f0ee6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Two Way Chat plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.1.4 due to improper validation and sanitization of user input. This allows authenticated Admin+ attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twchat/"
     google-query: inurl:"/wp-content/plugins/twchat/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,twchat,high
+  tags: cve,wordpress,wp-plugin,twchat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/twchat-f2bbc682244e8a496bf0cb76f67467d1.yaml b/nuclei-templates/cve-less/plugins/twchat-f2bbc682244e8a496bf0cb76f67467d1.yaml
index 2ce209cb0b..738a70a2a5 100644
--- a/nuclei-templates/cve-less/plugins/twchat-f2bbc682244e8a496bf0cb76f67467d1.yaml
+++ b/nuclei-templates/cve-less/plugins/twchat-f2bbc682244e8a496bf0cb76f67467d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Two Way CHAT – Send or receive messages to your user <= 3.1.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Two Way Chat plugin for WordPress is vulnerable to multiple Cross-Site Request Forgery in versions up to, and including, 3.1.5. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to execute otherwise unauthorized administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twchat/"
     google-query: inurl:"/wp-content/plugins/twchat/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,twchat,high
+  tags: cve,wordpress,wp-plugin,twchat,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/tweet-wheel-79a6c6928e7e7b780f5e2d2e60aa16c6.yaml b/nuclei-templates/cve-less/plugins/tweet-wheel-79a6c6928e7e7b780f5e2d2e60aa16c6.yaml
index e715efa3a1..d8ceb36e43 100644
--- a/nuclei-templates/cve-less/plugins/tweet-wheel-79a6c6928e7e7b780f5e2d2e60aa16c6.yaml
+++ b/nuclei-templates/cve-less/plugins/tweet-wheel-79a6c6928e7e7b780f5e2d2e60aa16c6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Tweet Wheel <= 0.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Tweet Wheel plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 0.2. This is due to several functions called via AJAX actions missing proper capability and nonce checks. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to spam Twitter with an arbitrary amount of previously posted tweets among some additional less impactful actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/tweet-wheel/"
     google-query: inurl:"/wp-content/plugins/tweet-wheel/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,tweet-wheel,medium
+  tags: cve,wordpress,wp-plugin,tweet-wheel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/twentyfourth-wp-scraper-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/twentyfourth-wp-scraper-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index bebcdda5a9..300e88a0e1 100644
--- a/nuclei-templates/cve-less/plugins/twentyfourth-wp-scraper-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/twentyfourth-wp-scraper-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twentyfourth-wp-scraper/"
     google-query: inurl:"/wp-content/plugins/twentyfourth-wp-scraper/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,twentyfourth-wp-scraper,medium
+  tags: cve,wordpress,wp-plugin,twentyfourth-wp-scraper,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/twitter-bootstrap-slider-bb937d8b80c96bf28d192769190e5a64.yaml b/nuclei-templates/cve-less/plugins/twitter-bootstrap-slider-bb937d8b80c96bf28d192769190e5a64.yaml
index f0b4753ec1..4dddc85951 100644
--- a/nuclei-templates/cve-less/plugins/twitter-bootstrap-slider-bb937d8b80c96bf28d192769190e5a64.yaml
+++ b/nuclei-templates/cve-less/plugins/twitter-bootstrap-slider-bb937d8b80c96bf28d192769190e5a64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Twitter Bootstrap Slider <= 1.1.3 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Twitter Bootstrap Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twitter-bootstrap-slider/"
     google-query: inurl:"/wp-content/plugins/twitter-bootstrap-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,twitter-bootstrap-slider,medium
+  tags: cve,wordpress,wp-plugin,twitter-bootstrap-slider,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/twitter-cards-meta-dc78477c8100a1cf79517cd718961ced.yaml b/nuclei-templates/cve-less/plugins/twitter-cards-meta-dc78477c8100a1cf79517cd718961ced.yaml
index c53c616c08..0b93981c18 100644
--- a/nuclei-templates/cve-less/plugins/twitter-cards-meta-dc78477c8100a1cf79517cd718961ced.yaml
+++ b/nuclei-templates/cve-less/plugins/twitter-cards-meta-dc78477c8100a1cf79517cd718961ced.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Twitter Cards Meta <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Twitter Cards Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the twitter_card_type metadata added to posts in versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on the user supplied value. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twitter-cards-meta/"
     google-query: inurl:"/wp-content/plugins/twitter-cards-meta/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,twitter-cards-meta,medium
+  tags: cve,wordpress,wp-plugin,twitter-cards-meta,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/twl-easy-call-953b50610487338e685a5cf5fb66996e.yaml b/nuclei-templates/cve-less/plugins/twl-easy-call-953b50610487338e685a5cf5fb66996e.yaml
index 490ba0972b..fb00373e0e 100644
--- a/nuclei-templates/cve-less/plugins/twl-easy-call-953b50610487338e685a5cf5fb66996e.yaml
+++ b/nuclei-templates/cve-less/plugins/twl-easy-call-953b50610487338e685a5cf5fb66996e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Call With Twilio <= 1.0.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Easy Call With Twilio plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to 1.1.0.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/twl-easy-call/"
     google-query: inurl:"/wp-content/plugins/twl-easy-call/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,twl-easy-call,medium
+  tags: cve,wordpress,wp-plugin,twl-easy-call,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/types-0a99c8d6ca146b58134b86cdf1bd1b53.yaml b/nuclei-templates/cve-less/plugins/types-0a99c8d6ca146b58134b86cdf1bd1b53.yaml
index f12696021c..76cb40631b 100644
--- a/nuclei-templates/cve-less/plugins/types-0a99c8d6ca146b58134b86cdf1bd1b53.yaml
+++ b/nuclei-templates/cve-less/plugins/types-0a99c8d6ca146b58134b86cdf1bd1b53.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Toolset Types <= 1.2.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Toolset Types plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/types/"
     google-query: inurl:"/wp-content/plugins/types/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,types,medium
+  tags: cve,wordpress,wp-plugin,types,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ulisting-929d1756f21a22cbefc18ee9e80a95fd.yaml b/nuclei-templates/cve-less/plugins/ulisting-929d1756f21a22cbefc18ee9e80a95fd.yaml
index a64b1eebf2..8241d1bea5 100644
--- a/nuclei-templates/cve-less/plugins/ulisting-929d1756f21a22cbefc18ee9e80a95fd.yaml
+++ b/nuclei-templates/cve-less/plugins/ulisting-929d1756f21a22cbefc18ee9e80a95fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Listing, Classified Ads & Business Directory – uListing <= 2.0.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Listing, Classified Ads & Business Directory – uListing plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.8. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to edit blog settings and post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ulisting/"
     google-query: inurl:"/wp-content/plugins/ulisting/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ulisting,high
+  tags: cve,wordpress,wp-plugin,ulisting,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-d5ab4dadd75fec9af134144e666ff1a3.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-d5ab4dadd75fec9af134144e666ff1a3.yaml
index e040194b8d..83ab76644f 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-d5ab4dadd75fec9af134144e666ff1a3.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-d5ab4dadd75fec9af134144e666ff1a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Beaver Builder – Lite <= 1.24.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-33a470e219d30f02e24dacca366cf3a9.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-33a470e219d30f02e24dacca366cf3a9.yaml
index c6992ac6b6..a8ac40f38f 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-33a470e219d30f02e24dacca366cf3a9.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-33a470e219d30f02e24dacca366cf3a9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including, 1.5.4. This is due to missing capability on the reload_icons function. This makes it possible for authenticated attackers, with subscriber-level access to delete the '_uabb_enabled_icons' plugin option via this function.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-baf6f9647aa6e6045c6bf5dfb25901ae.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-baf6f9647aa6e6045c6bf5dfb25901ae.yaml
index bc2cdf9bea..a7384304b6 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-baf6f9647aa6e6045c6bf5dfb25901ae.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-baf6f9647aa6e6045c6bf5dfb25901ae.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the import_wpforms, import_block, and activate_plugin functions called via AJAX actions in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, such as subscribers, to activate arbitrary plugins and import blocks and forms from WPForms.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-fbe34f85c5c0e3a0ed7be431ce9a9754.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-fbe34f85c5c0e3a0ed7be431ce9a9754.yaml
index 94ad3bc7fc..6a74a25fa4 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-fbe34f85c5c0e3a0ed7be431ce9a9754.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-fbe34f85c5c0e3a0ed7be431ce9a9754.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in template_importer
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Spectra plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 2.6.6 via the template_importer function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/"
     google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,medium
+  tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-auction-06c61feebda6eda56577372883413c6b.yaml b/nuclei-templates/cve-less/plugins/ultimate-auction-06c61feebda6eda56577372883413c6b.yaml
index 6265df4b96..f7e25819b9 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-auction-06c61feebda6eda56577372883413c6b.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-auction-06c61feebda6eda56577372883413c6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate WordPress Auction Plugin < 1.0.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The "Ultimate WordPress Auction Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.0.1. This is due to missing or incorrect nonce validation on the ua_wdm_add_auc function. This makes it possible for unauthenticated attackers to add fake auction bids via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-auction/"
     google-query: inurl:"/wp-content/plugins/ultimate-auction/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-auction,high
+  tags: cve,wordpress,wp-plugin,ultimate-auction,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-auction-2b8dbf4f0e346913342b93011c311311.yaml b/nuclei-templates/cve-less/plugins/ultimate-auction-2b8dbf4f0e346913342b93011c311311.yaml
index 555113caba..8fdc925885 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-auction-2b8dbf4f0e346913342b93011c311311.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-auction-2b8dbf4f0e346913342b93011c311311.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Auction <= 4.0.5 - Cross-Site Request Forgery and Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ultimate Auction plugin for WordPress is vulnerable to Cross-Site Request Forgery and Cross-Site Scripting in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on several functions and missing sanitization and escaping on several parameters. This makes it possible for unauthenticated attackers to gain otherwise unauthorized access and perform subsequent attacks such as XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-auction/"
     google-query: inurl:"/wp-content/plugins/ultimate-auction/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-auction,high
+  tags: cve,wordpress,wp-plugin,ultimate-auction,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ultimate-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 78f29d2fa3..78ab995e6f 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-blocks/"
     google-query: inurl:"/wp-content/plugins/ultimate-blocks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-blocks,medium
+  tags: cve,wordpress,wp-plugin,ultimate-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-bulk-seo-noindex-nofollow-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ultimate-bulk-seo-noindex-nofollow-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f56ddcbcad..c5d2dc70ed 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-bulk-seo-noindex-nofollow-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-bulk-seo-noindex-nofollow-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-bulk-seo-noindex-nofollow/"
     google-query: inurl:"/wp-content/plugins/ultimate-bulk-seo-noindex-nofollow/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-bulk-seo-noindex-nofollow,medium
+  tags: cve,wordpress,wp-plugin,ultimate-bulk-seo-noindex-nofollow,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-carousel-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ultimate-carousel-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d829eef123..404f6dc72e 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-carousel-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-carousel-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-carousel-for-divi/"
     google-query: inurl:"/wp-content/plugins/ultimate-carousel-for-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-carousel-for-divi,medium
+  tags: cve,wordpress,wp-plugin,ultimate-carousel-for-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-form-builder-lite-343d05bc9d208789b5e376940d559b37.yaml b/nuclei-templates/cve-less/plugins/ultimate-form-builder-lite-343d05bc9d208789b5e376940d559b37.yaml
index 4719167c44..9b50495d5b 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-form-builder-lite-343d05bc9d208789b5e376940d559b37.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-form-builder-lite-343d05bc9d208789b5e376940d559b37.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Form Builder Lite <= 1.3.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Form Builder Lite plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on the 'form_id' parameter. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-form-builder-lite/"
     google-query: inurl:"/wp-content/plugins/ultimate-form-builder-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-form-builder-lite,medium
+  tags: cve,wordpress,wp-plugin,ultimate-form-builder-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-gutenberg-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ultimate-gutenberg-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9f1d9d1744..1726d07411 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-gutenberg-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-gutenberg-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-gutenberg/"
     google-query: inurl:"/wp-content/plugins/ultimate-gutenberg/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-gutenberg,medium
+  tags: cve,wordpress,wp-plugin,ultimate-gutenberg,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-instagram-feed-8056d85f33dbcf3eacb36ae8419af314.yaml b/nuclei-templates/cve-less/plugins/ultimate-instagram-feed-8056d85f33dbcf3eacb36ae8419af314.yaml
index b53f302b6e..e72ab9565c 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-instagram-feed-8056d85f33dbcf3eacb36ae8419af314.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-instagram-feed-8056d85f33dbcf3eacb36ae8419af314.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Instagram Feed - WordPress Plugin < 1.3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Instagram Feed - WordPress Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-instagram-feed/"
     google-query: inurl:"/wp-content/plugins/ultimate-instagram-feed/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-instagram-feed,medium
+  tags: cve,wordpress,wp-plugin,ultimate-instagram-feed,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-705a4f41d4e1aa767a8f267fa3454855.yaml b/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-705a4f41d4e1aa767a8f267fa3454855.yaml
index e60b984919..37d0200d89 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-705a4f41d4e1aa767a8f267fa3454855.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-705a4f41d4e1aa767a8f267fa3454855.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Maps by Supsystic <= 1.1.16 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-maps-by-supsystic/"
     google-query: inurl:"/wp-content/plugins/ultimate-maps-by-supsystic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-maps-by-supsystic,high
+  tags: cve,wordpress,wp-plugin,ultimate-maps-by-supsystic,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-0e4c98f58a3149e9a232e9c95d40a56b.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-0e4c98f58a3149e9a232e9c95d40a56b.yaml
index a0ca75f4cd..53ddc8c550 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-member-0e4c98f58a3149e9a232e9c95d40a56b.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-member-0e4c98f58a3149e9a232e9c95d40a56b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.21 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Arbitrary File Upload plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 2.0.21. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-member,high
+  tags: cve,wordpress,wp-plugin,ultimate-member,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-0f6437cf628a3bd90ee26c228a1c0006.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-0f6437cf628a3bd90ee26c228a1c0006.yaml
index 9ec0162965..a8caabc395 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-member-0f6437cf628a3bd90ee26c228a1c0006.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-member-0f6437cf628a3bd90ee26c228a1c0006.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member 1.2.98 - 1.2.997 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in versions 1.2.98 through 1.2.997 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-member,high
+  tags: cve,wordpress,wp-plugin,ultimate-member,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-242a068db50aca331a847418abd23c68.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-242a068db50aca331a847418abd23c68.yaml
index e806f185e7..2639cbd02a 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-member-242a068db50aca331a847418abd23c68.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-member-242a068db50aca331a847418abd23c68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.45 - Low-Privileged Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file's name from a user profile upload in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for low-level authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-255674fc07ae81595ebffe932a85af22.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-255674fc07ae81595ebffe932a85af22.yaml
index f1d857b181..e36ff1a492 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-member-255674fc07ae81595ebffe932a85af22.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-member-255674fc07ae81595ebffe932a85af22.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.45 - Admin+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several of the plugin's form parameter in versions up to, and including,2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level capabilities to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-7333037ca30b5f74ef217bf9466f85b1.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-7333037ca30b5f74ef217bf9466f85b1.yaml
index 4d629bc612..d3c25f9e08 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-member-7333037ca30b5f74ef217bf9466f85b1.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-member-7333037ca30b5f74ef217bf9466f85b1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.4.1 - Username Enumeration
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to Username Enumeration in versions up to, and including, 2.4.1 via the um_get_members ajax action. This allows unauthenticated attackers to obtain a list of users including user names on that site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-member,high
+  tags: cve,wordpress,wp-plugin,ultimate-member,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-7db7009418abd13063c2d118e09483f4.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-7db7009418abd13063c2d118e09483f4.yaml
index b99dabbaea..17a85bae6f 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-member-7db7009418abd13063c2d118e09483f4.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-member-7db7009418abd13063c2d118e09483f4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.4.0 - Subscriber+ Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘website’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks on the username of an affected user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-a52442145dbdbdaec9bfaa19c0573b9d.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-a52442145dbdbdaec9bfaa19c0573b9d.yaml
index 69a804e43f..e3524a0c76 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-member-a52442145dbdbdaec9bfaa19c0573b9d.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-member-a52442145dbdbdaec9bfaa19c0573b9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member < 1.0.84 - Authorization Bypass to Arbitrary File Upload/Delete
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ultimatemember_remove_file() function in versions up to, and including, 1.0.83. This makes it possible for unauthenticated attackers to delete or upload arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-member,critical
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-cb65508cd745e36647cf4ef3930d3944.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-cb65508cd745e36647cf4ef3930d3944.yaml
index 7bc35025b2..5d072dc23e 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-member-cb65508cd745e36647cf4ef3930d3944.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-member-cb65508cd745e36647cf4ef3930d3944.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 1.3.75 - Missing Authorization to Password Reset
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 1.3.75. This makes it possible for unauthenticated attackers to change the passwords of any user within the vulnerabilities scope.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-member,critical
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-e44d6ae66963d07b80fddcfb06cf2f83.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-e44d6ae66963d07b80fddcfb06cf2f83.yaml
index 2ecc3d962a..e008bf2fd0 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-member-e44d6ae66963d07b80fddcfb06cf2f83.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-member-e44d6ae66963d07b80fddcfb06cf2f83.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Member <= 2.0.21 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Member plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.0.21 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-member/"
     google-query: inurl:"/wp-content/plugins/ultimate-member/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-member,medium
+  tags: cve,wordpress,wp-plugin,ultimate-member,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-post-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ultimate-post-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8b0a3f4a86..43743a66ab 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-post-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-post-kit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-post-kit/"
     google-query: inurl:"/wp-content/plugins/ultimate-post-kit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-post-kit,medium
+  tags: cve,wordpress,wp-plugin,ultimate-post-kit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-0aceb6e391e9a8017538f79a192451fd.yaml b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-0aceb6e391e9a8017538f79a192451fd.yaml
index 83ba48b14c..64bead6015 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-0aceb6e391e9a8017538f79a192451fd.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-0aceb6e391e9a8017538f79a192451fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Product Catalog <= 3.8.1 - Missing Authorization to Plugin Settings Update
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate Product Catalog plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the Update_UPCP_Options() function in versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with contributor-level permissions and above, to edit plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-product-catalogue/"
     google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,medium
+  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-7cfd32fcdabda7adb9a40d5e10f1b10f.yaml b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-7cfd32fcdabda7adb9a40d5e10f1b10f.yaml
index 20d6a7b0da..dd20a453d2 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-7cfd32fcdabda7adb9a40d5e10f1b10f.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-7cfd32fcdabda7adb9a40d5e10f1b10f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Product Catalog <= 4.2.21 - Authorization Bypass and Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ultimate Product Catalog plugin for WordPress is vulnerable to authorization bypass and Cross-Site Request Forgery in versions up to, and including 4.2.21 due to missing capability and nonce checking on various functions. This makes it possible for authenticated attackers to perform a wide variety of actions such as updating the plugin's settings and uploading arbitrary files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-product-catalogue/"
     google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,high
+  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-7d8c18514116a3d9cb2fadc12704ae7f.yaml b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-7d8c18514116a3d9cb2fadc12704ae7f.yaml
index 24ef377762..40b93d34bf 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-7d8c18514116a3d9cb2fadc12704ae7f.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-7d8c18514116a3d9cb2fadc12704ae7f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Product Catalog < 4.2.3 - Authenticated SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Ultimate Product Catalog plugin for WordPress is vulnerable to SQL Injection via the ‘CatID’ parameter in versions before 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-product-catalogue/"
     google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,medium
+  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-f9aadb3cdc138771a95f01e67d7ac253.yaml b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-f9aadb3cdc138771a95f01e67d7ac253.yaml
index 9d5b7fa990..b1198fa480 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-f9aadb3cdc138771a95f01e67d7ac253.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-f9aadb3cdc138771a95f01e67d7ac253.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Product Catalog < 2.1.1 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Ultimate Product Catalog plugin for WordPress is vulnerable to generic SQL Injection via the  Catalogue_ID, SubCategory_ID, SingleProduct, & Tag_ID parameters in versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries.  This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-product-catalogue/"
     google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,high
+  tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-profile-builder-2efc0981a055a3e602c4cd88e853b098.yaml b/nuclei-templates/cve-less/plugins/ultimate-profile-builder-2efc0981a055a3e602c4cd88e853b098.yaml
index 2db25d3c4b..e9d27cc5ce 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-profile-builder-2efc0981a055a3e602c4cd88e853b098.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-profile-builder-2efc0981a055a3e602c4cd88e853b098.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Profile Builder < 3.0 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Ultimate Profile Builder plugin for WordPress is vulnerable to  Cross-Site Request Forgery to Cross-Site Scripting via multiple parameters in versions before 3.0 due to insufficient input sanitization and output escaping and missing nonce validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-profile-builder/"
     google-query: inurl:"/wp-content/plugins/ultimate-profile-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-profile-builder,high
+  tags: cve,wordpress,wp-plugin,ultimate-profile-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-baba5d57c66f94a59676f999b229ed40.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-baba5d57c66f94a59676f999b229ed40.yaml
index 8024ff16a7..b88931288f 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-baba5d57c66f94a59676f999b229ed40.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-baba5d57c66f94a59676f999b229ed40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Media Share Buttons & Social Sharing Icons < 1.1.1.12 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions before 1.1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers of low-privilege to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-social-media-icons/"
     google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,medium
+  tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-tinymce-f63b14eb213bbc6239ffa4f4e582cbbd.yaml b/nuclei-templates/cve-less/plugins/ultimate-tinymce-f63b14eb213bbc6239ffa4f4e582cbbd.yaml
index 63b33dd944..c93517e970 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-tinymce-f63b14eb213bbc6239ffa4f4e582cbbd.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-tinymce-f63b14eb213bbc6239ffa4f4e582cbbd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate TinyMCE < 3.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ultimate TinyMCE plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 3.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-tinymce/"
     google-query: inurl:"/wp-content/plugins/ultimate-tinymce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-tinymce,medium
+  tags: cve,wordpress,wp-plugin,ultimate-tinymce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate-widgets-light-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ultimate-widgets-light-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1cd79986c0..b6e75374e7 100644
--- a/nuclei-templates/cve-less/plugins/ultimate-widgets-light-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate-widgets-light-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimate-widgets-light/"
     google-query: inurl:"/wp-content/plugins/ultimate-widgets-light/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimate-widgets-light,medium
+  tags: cve,wordpress,wp-plugin,ultimate-widgets-light,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate_vc_addons-86920ea2244bf931a0a9455591658b64.yaml b/nuclei-templates/cve-less/plugins/ultimate_vc_addons-86920ea2244bf931a0a9455591658b64.yaml
index 3682f16654..4701cfb333 100644
--- a/nuclei-templates/cve-less/plugins/ultimate_vc_addons-86920ea2244bf931a0a9455591658b64.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate_vc_addons-86920ea2244bf931a0a9455591658b64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for WPBakery <= 3.16.11 - Stored Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tab parameter in versions up to, and including 3.16.11 via the update_ultimate_options AJAX action and ultimate_smooth_scroll_options[step] parameter. This makes it possible for low-level authenticated attackers to inject arbitrary web scripts in administrative pages that execute whenever a user accesses the page with the stored web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/Ultimate_VC_Addons/"
     google-query: inurl:"/wp-content/plugins/Ultimate_VC_Addons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,critical
+  tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimate_vc_addons-97e102e48e3400c8c2827b76216fe5ac.yaml b/nuclei-templates/cve-less/plugins/ultimate_vc_addons-97e102e48e3400c8c2827b76216fe5ac.yaml
index 7f3ea205c8..91bd5271ef 100644
--- a/nuclei-templates/cve-less/plugins/ultimate_vc_addons-97e102e48e3400c8c2827b76216fe5ac.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimate_vc_addons-97e102e48e3400c8c2827b76216fe5ac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ultimate Addons for WPBakery <= 3.16.11 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Ultimate Addons for WPBakery up to 3.16.11 was affected by a Cross-Site Scripting vulnerability exploitable by lower level authenticated users.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/Ultimate_VC_Addons/"
     google-query: inurl:"/wp-content/plugins/Ultimate_VC_Addons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,medium
+  tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultimeter-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ultimeter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 283fea686f..0b3779982b 100644
--- a/nuclei-templates/cve-less/plugins/ultimeter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ultimeter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultimeter/"
     google-query: inurl:"/wp-content/plugins/ultimeter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultimeter,medium
+  tags: cve,wordpress,wp-plugin,ultimeter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ultra-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ultra-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 50bcf53b20..6135cb1ab8 100644
--- a/nuclei-templates/cve-less/plugins/ultra-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ultra-elementor-addons-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ultra-elementor-addons/"
     google-query: inurl:"/wp-content/plugins/ultra-elementor-addons/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ultra-elementor-addons,medium
+  tags: cve,wordpress,wp-plugin,ultra-elementor-addons,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-05449252a81a55fa1aedbb41d626d3a8.yaml b/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-05449252a81a55fa1aedbb41d626d3a8.yaml
index df35110c4e..fa76f6ec19 100644
--- a/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-05449252a81a55fa1aedbb41d626d3a8.yaml
+++ b/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-05449252a81a55fa1aedbb41d626d3a8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Uncanny Toolkit for LearnDash <= 3.6.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Uncanny Toolkit for LearnDash plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing  nonce validation on several functions such as the ajax_activate_deactivate_module function. This makes it possible for unauthenticated attackers to change plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uncanny-learndash-toolkit/"
     google-query: inurl:"/wp-content/plugins/uncanny-learndash-toolkit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,uncanny-learndash-toolkit,high
+  tags: cve,wordpress,wp-plugin,uncanny-learndash-toolkit,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/under-construction-page-c8d3a5bffd1b0c28a6e17cfdad5deb52.yaml b/nuclei-templates/cve-less/plugins/under-construction-page-c8d3a5bffd1b0c28a6e17cfdad5deb52.yaml
index 43156b94bb..b313c28816 100644
--- a/nuclei-templates/cve-less/plugins/under-construction-page-c8d3a5bffd1b0c28a6e17cfdad5deb52.yaml
+++ b/nuclei-templates/cve-less/plugins/under-construction-page-c8d3a5bffd1b0c28a6e17cfdad5deb52.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Under Construction <= 3.85 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Under Construction plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.85, that make it possible for attackers with administrative privileges to inject arbitrary web scripts via the social and connect icon fields.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/under-construction-page/"
     google-query: inurl:"/wp-content/plugins/under-construction-page/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,under-construction-page,medium
+  tags: cve,wordpress,wp-plugin,under-construction-page,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/uni-woo-custom-product-options-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/uni-woo-custom-product-options-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0553fdb5e5..fd6141c087 100644
--- a/nuclei-templates/cve-less/plugins/uni-woo-custom-product-options-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/uni-woo-custom-product-options-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/uni-woo-custom-product-options/"
     google-query: inurl:"/wp-content/plugins/uni-woo-custom-product-options/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,uni-woo-custom-product-options,medium
+  tags: cve,wordpress,wp-plugin,uni-woo-custom-product-options,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/universal-star-rating-d853e52fe1d33267e0c81c91100de86c.yaml b/nuclei-templates/cve-less/plugins/universal-star-rating-d853e52fe1d33267e0c81c91100de86c.yaml
index 6d5f22424c..2251dbc267 100644
--- a/nuclei-templates/cve-less/plugins/universal-star-rating-d853e52fe1d33267e0c81c91100de86c.yaml
+++ b/nuclei-templates/cve-less/plugins/universal-star-rating-d853e52fe1d33267e0c81c91100de86c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Universal Star Rating <= 1.10.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Universal Star Rating plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘usrCustomImagesFolder’ parameter in versions up to, and including, 1.10.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/universal-star-rating/"
     google-query: inurl:"/wp-content/plugins/universal-star-rating/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,universal-star-rating,medium
+  tags: cve,wordpress,wp-plugin,universal-star-rating,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/unlimited-elementor-inner-sections-by-boomdevs-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/unlimited-elementor-inner-sections-by-boomdevs-18966e8228314b8165d39d48519f43cc.yaml
index 8f1d5d2ab4..a82727e424 100644
--- a/nuclei-templates/cve-less/plugins/unlimited-elementor-inner-sections-by-boomdevs-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/unlimited-elementor-inner-sections-by-boomdevs-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/"
     google-query: inurl:"/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,unlimited-elementor-inner-sections-by-boomdevs,medium
+  tags: cve,wordpress,wp-plugin,unlimited-elementor-inner-sections-by-boomdevs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 23400dc69f..9de5cfa218 100644
--- a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/"
     google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/unlimited-popups-f4a8622061e5460b0d2e3667b1d15b03.yaml b/nuclei-templates/cve-less/plugins/unlimited-popups-f4a8622061e5460b0d2e3667b1d15b03.yaml
index efebc50536..8db70ac392 100644
--- a/nuclei-templates/cve-less/plugins/unlimited-popups-f4a8622061e5460b0d2e3667b1d15b03.yaml
+++ b/nuclei-templates/cve-less/plugins/unlimited-popups-f4a8622061e5460b0d2e3667b1d15b03.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unlimited Pop-Ups < 1.4.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Unlimited Pop-Ups plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/unlimited-popups/"
     google-query: inurl:"/wp-content/plugins/unlimited-popups/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,unlimited-popups,medium
+  tags: cve,wordpress,wp-plugin,unlimited-popups,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/update-alt-attribute-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/update-alt-attribute-18966e8228314b8165d39d48519f43cc.yaml
index ec85e4359e..94be6078eb 100644
--- a/nuclei-templates/cve-less/plugins/update-alt-attribute-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/update-alt-attribute-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/update-alt-attribute/"
     google-query: inurl:"/wp-content/plugins/update-alt-attribute/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,update-alt-attribute,medium
+  tags: cve,wordpress,wp-plugin,update-alt-attribute,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/updraftplus-1eca727a0c6686a8bab81174d47e18f7.yaml b/nuclei-templates/cve-less/plugins/updraftplus-1eca727a0c6686a8bab81174d47e18f7.yaml
index 5597e806f3..025b1b5cfb 100644
--- a/nuclei-templates/cve-less/plugins/updraftplus-1eca727a0c6686a8bab81174d47e18f7.yaml
+++ b/nuclei-templates/cve-less/plugins/updraftplus-1eca727a0c6686a8bab81174d47e18f7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The UpdraftPlus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.16.56 via the updraft_service settings. This makes it possible for authenticated attackers, with administrator-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/updraftplus/"
     google-query: inurl:"/wp-content/plugins/updraftplus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,updraftplus,high
+  tags: cve,wordpress,wp-plugin,updraftplus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/updraftplus-4bbd3789375ef8b0ef3fbe16cd0df54c.yaml b/nuclei-templates/cve-less/plugins/updraftplus-4bbd3789375ef8b0ef3fbe16cd0df54c.yaml
index 2dc158492c..9b51101baa 100644
--- a/nuclei-templates/cve-less/plugins/updraftplus-4bbd3789375ef8b0ef3fbe16cd0df54c.yaml
+++ b/nuclei-templates/cve-less/plugins/updraftplus-4bbd3789375ef8b0ef3fbe16cd0df54c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UpdraftPlus WordPress Backup <= 1.9.6.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The UpdraftPlus WordPress plugin for WordPress is vulnerable to Cross-Site Scripting via the 'add_query_arg()' and 'remove_query_arg()' functions in versions up to, and including, 1.9.6.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/updraftplus/"
     google-query: inurl:"/wp-content/plugins/updraftplus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,updraftplus,medium
+  tags: cve,wordpress,wp-plugin,updraftplus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/updraftplus-dfc59073972648e0153f8a7cda52c6bd.yaml b/nuclei-templates/cve-less/plugins/updraftplus-dfc59073972648e0153f8a7cda52c6bd.yaml
index cd56b1122f..e3d94b7ae5 100644
--- a/nuclei-templates/cve-less/plugins/updraftplus-dfc59073972648e0153f8a7cda52c6bd.yaml
+++ b/nuclei-templates/cve-less/plugins/updraftplus-dfc59073972648e0153f8a7cda52c6bd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     UpdraftPlus WordPress Backup Plugin <= 1.9.50 - Nonce Leak to Authorization Bypass
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The UpdraftPlus WordPress Backup Plugin for WordPress is vulnerable to nonce leak which leads to authorization bypass in versions up to, and including, 1.9.50. This is due to incorrect use of several 'admin_action_' hooks. This makes it possible for authenticated attackers to arbitrarily upload files, download backups and retrieve secret keys.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/updraftplus/"
     google-query: inurl:"/wp-content/plugins/updraftplus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,updraftplus,critical
+  tags: cve,wordpress,wp-plugin,updraftplus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/upfiv-complete-all-in-one-seo-wizard-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/upfiv-complete-all-in-one-seo-wizard-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a6cd22a5a8..c323606f31 100644
--- a/nuclei-templates/cve-less/plugins/upfiv-complete-all-in-one-seo-wizard-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/upfiv-complete-all-in-one-seo-wizard-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/upfiv-complete-all-in-one-seo-wizard/"
     google-query: inurl:"/wp-content/plugins/upfiv-complete-all-in-one-seo-wizard/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,upfiv-complete-all-in-one-seo-wizard,medium
+  tags: cve,wordpress,wp-plugin,upfiv-complete-all-in-one-seo-wizard,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/url-shortify-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/url-shortify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1d7ab34541..d99b61b07e 100644
--- a/nuclei-templates/cve-less/plugins/url-shortify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/url-shortify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/url-shortify/"
     google-query: inurl:"/wp-content/plugins/url-shortify/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,url-shortify,medium
+  tags: cve,wordpress,wp-plugin,url-shortify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-030644f38346879c8062677144e765a1.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-030644f38346879c8062677144e765a1.yaml
index 21851170b9..a3a0cd2401 100644
--- a/nuclei-templates/cve-less/plugins/usc-e-shop-030644f38346879c8062677144e765a1.yaml
+++ b/nuclei-templates/cve-less/plugins/usc-e-shop-030644f38346879c8062677144e765a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.1.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the 'search[order_column][0]' POST parameter in versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-1e7c916b690d74cb7822c04675caf429.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-1e7c916b690d74cb7822c04675caf429.yaml
index 1ff6b1f4eb..0f5cacc66d 100644
--- a/nuclei-templates/cve-less/plugins/usc-e-shop-1e7c916b690d74cb7822c04675caf429.yaml
+++ b/nuclei-templates/cve-less/plugins/usc-e-shop-1e7c916b690d74cb7822c04675caf429.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.9.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to upload files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Since uploaded files were not verified properly, this could lead to arbitrary file upload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-27b0c9418a17896ce00c7f804b61f8d8.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-27b0c9418a17896ce00c7f804b61f8d8.yaml
index 2dcf63029a..5f46ef6f6c 100644
--- a/nuclei-templates/cve-less/plugins/usc-e-shop-27b0c9418a17896ce00c7f804b61f8d8.yaml
+++ b/nuclei-templates/cve-less/plugins/usc-e-shop-27b0c9418a17896ce00c7f804b61f8d8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-536d118f42dde4ae5564cdbfac7489ee.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-536d118f42dde4ae5564cdbfac7489ee.yaml
index 4e98415fef..55311cf50d 100644
--- a/nuclei-templates/cve-less/plugins/usc-e-shop-536d118f42dde4ae5564cdbfac7489ee.yaml
+++ b/nuclei-templates/cve-less/plugins/usc-e-shop-536d118f42dde4ae5564cdbfac7489ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke them and execute actions on behalf of administrators, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-559ca835d1ba91752b5fda135b9252b7.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-559ca835d1ba91752b5fda135b9252b7.yaml
index f2fec4274d..077db56a70 100644
--- a/nuclei-templates/cve-less/plugins/usc-e-shop-559ca835d1ba91752b5fda135b9252b7.yaml
+++ b/nuclei-templates/cve-less/plugins/usc-e-shop-559ca835d1ba91752b5fda135b9252b7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Welcart e-Commerce <= 2.9.5 - Authenticated (Administrator+) PHP Object Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Welcart e-Commerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 2.9.5 (inclusive) via deserialization of untrusted input in the welcart_confirm_check_ajax function. This makes it possible for administrators to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usc-e-shop/"
     google-query: inurl:"/wp-content/plugins/usc-e-shop/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,usc-e-shop,high
+  tags: cve,wordpress,wp-plugin,usc-e-shop,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/use-any-font-ce93f109973b52b249a7106eb15a123c.yaml b/nuclei-templates/cve-less/plugins/use-any-font-ce93f109973b52b249a7106eb15a123c.yaml
index 72eac90155..896bc59d71 100644
--- a/nuclei-templates/cve-less/plugins/use-any-font-ce93f109973b52b249a7106eb15a123c.yaml
+++ b/nuclei-templates/cve-less/plugins/use-any-font-ce93f109973b52b249a7106eb15a123c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Use Any Font | Custom Font Uploader <= 6.2.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Use Any Font | Custom Font Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as 'font_key' and 'elements' in versions up to, and including, 6.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/use-any-font/"
     google-query: inurl:"/wp-content/plugins/use-any-font/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,use-any-font,medium
+  tags: cve,wordpress,wp-plugin,use-any-font,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-activity-log-60c68d204f0a8a653bebafe6c6059142.yaml b/nuclei-templates/cve-less/plugins/user-activity-log-60c68d204f0a8a653bebafe6c6059142.yaml
index ceb5a12b22..c8633a0b91 100644
--- a/nuclei-templates/cve-less/plugins/user-activity-log-60c68d204f0a8a653bebafe6c6059142.yaml
+++ b/nuclei-templates/cve-less/plugins/user-activity-log-60c68d204f0a8a653bebafe6c6059142.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Activity Log <= 1.6.2 - Unauthenticated SQL Injection via username
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The User Activity Log plugin for WordPress is vulnerable to generic SQL Injection via the username value when logging in in versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the ual_shook_wp_login_failed function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The login_failed_non_existing_user option must be enabled for this to be successful.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-activity-log/"
     google-query: inurl:"/wp-content/plugins/user-activity-log/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-activity-log,high
+  tags: cve,wordpress,wp-plugin,user-activity-log,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-login-history-9be06bea648875a81d4dd1ca47dd3d3b.yaml b/nuclei-templates/cve-less/plugins/user-login-history-9be06bea648875a81d4dd1ca47dd3d3b.yaml
index 214e44debe..9053400a3a 100644
--- a/nuclei-templates/cve-less/plugins/user-login-history-9be06bea648875a81d4dd1ca47dd3d3b.yaml
+++ b/nuclei-templates/cve-less/plugins/user-login-history-9be06bea648875a81d4dd1ca47dd3d3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Login History <= 1.7.0 - SQL Injection via OrderBy
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The User Login History for WordPress is vulnerable to  SQL Injection via the 'orderby' parameter in versions up to, and including, 1.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-login-history/"
     google-query: inurl:"/wp-content/plugins/user-login-history/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-login-history,high
+  tags: cve,wordpress,wp-plugin,user-login-history,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-login-history-d5d36dd3296371bddd49874e159fc4e0.yaml b/nuclei-templates/cve-less/plugins/user-login-history-d5d36dd3296371bddd49874e159fc4e0.yaml
index 609edb6e1c..541384e7df 100644
--- a/nuclei-templates/cve-less/plugins/user-login-history-d5d36dd3296371bddd49874e159fc4e0.yaml
+++ b/nuclei-templates/cve-less/plugins/user-login-history-d5d36dd3296371bddd49874e159fc4e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Login History <= 1.7.0 - SQL Injection via Order By
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The User Login History for WordPress is vulnerable to  SQL Injection via the 'orderby' parameter in versions up to, and including, 1.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-login-history/"
     google-query: inurl:"/wp-content/plugins/user-login-history/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-login-history,high
+  tags: cve,wordpress,wp-plugin,user-login-history,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-menus-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/user-menus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5733aa53a2..5ff942e868 100644
--- a/nuclei-templates/cve-less/plugins/user-menus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/user-menus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-menus/"
     google-query: inurl:"/wp-content/plugins/user-menus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-menus,medium
+  tags: cve,wordpress,wp-plugin,user-menus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-meta-27ff799b988fb677dadaedc3ce5f35d5.yaml b/nuclei-templates/cve-less/plugins/user-meta-27ff799b988fb677dadaedc3ce5f35d5.yaml
index 0f8fcb0741..297f439539 100644
--- a/nuclei-templates/cve-less/plugins/user-meta-27ff799b988fb677dadaedc3ce5f35d5.yaml
+++ b/nuclei-templates/cve-less/plugins/user-meta-27ff799b988fb677dadaedc3ce5f35d5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Meta – User Profile Builder and User management plugin 1.1.1 - Arbitrary File Upload
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The User Meta plugin for wordPress is vulnerable to Arbitrary File Uploads in versions up to, and including 1.1.1, due to insufficient file type validation in the user-meta/framework/helper/uploader.php file. This makes it possible for attackers to upload malicious files and achieve remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-meta/"
     google-query: inurl:"/wp-content/plugins/user-meta/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-meta,medium
+  tags: cve,wordpress,wp-plugin,user-meta,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-meta-manager-2a280bf41720079c39a3d0371323f56e.yaml b/nuclei-templates/cve-less/plugins/user-meta-manager-2a280bf41720079c39a3d0371323f56e.yaml
index 3f4ffb305a..40d683df93 100644
--- a/nuclei-templates/cve-less/plugins/user-meta-manager-2a280bf41720079c39a3d0371323f56e.yaml
+++ b/nuclei-templates/cve-less/plugins/user-meta-manager-2a280bf41720079c39a3d0371323f56e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Meta Manager < 3.4.8 - Missing Authorization to Sensitive Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Meta Manager for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 3.4.7 via several functions called through unprotected AJAX actions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to extract sensitive data including all data in the user meta table.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-meta-manager/"
     google-query: inurl:"/wp-content/plugins/user-meta-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-meta-manager,medium
+  tags: cve,wordpress,wp-plugin,user-meta-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-meta-manager-baba7e4c328e9317fa2b2839a155f748.yaml b/nuclei-templates/cve-less/plugins/user-meta-manager-baba7e4c328e9317fa2b2839a155f748.yaml
index d29197243d..8b81f02e9e 100644
--- a/nuclei-templates/cve-less/plugins/user-meta-manager-baba7e4c328e9317fa2b2839a155f748.yaml
+++ b/nuclei-templates/cve-less/plugins/user-meta-manager-baba7e4c328e9317fa2b2839a155f748.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Meta Manager < 3.4.7 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The User Meta Manager plugin for WordPress is vulnerable to blind SQL Injection via the ‘umm_user’ parameter in versions before 3.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-meta-manager/"
     google-query: inurl:"/wp-content/plugins/user-meta-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-meta-manager,high
+  tags: cve,wordpress,wp-plugin,user-meta-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-notes-e04c0fd89ca49cf41266e90f8d4a7135.yaml b/nuclei-templates/cve-less/plugins/user-notes-e04c0fd89ca49cf41266e90f8d4a7135.yaml
index ec799e7592..f06e0cd671 100644
--- a/nuclei-templates/cve-less/plugins/user-notes-e04c0fd89ca49cf41266e90f8d4a7135.yaml
+++ b/nuclei-templates/cve-less/plugins/user-notes-e04c0fd89ca49cf41266e90f8d4a7135.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Notes <= 1.0.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Notes plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including 1.0.1, due to insufficient input sanitization and output escaping on the 'user_notes_note' parameter. This makes it possible for users with access to add user notes to inject malicious web scripts that could execute whenever a victim accesses a user's profile page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-notes/"
     google-query: inurl:"/wp-content/plugins/user-notes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-notes,medium
+  tags: cve,wordpress,wp-plugin,user-notes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-private-files-2fc467eab8e252aba51501d739ddcb42.yaml b/nuclei-templates/cve-less/plugins/user-private-files-2fc467eab8e252aba51501d739ddcb42.yaml
index 0ed74c18e9..9171184830 100644
--- a/nuclei-templates/cve-less/plugins/user-private-files-2fc467eab8e252aba51501d739ddcb42.yaml
+++ b/nuclei-templates/cve-less/plugins/user-private-files-2fc467eab8e252aba51501d739ddcb42.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Frontend File Manager & Sharing – User Private Files <= 1.1.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Frontend File Manager & Sharing – User Private Files plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.1.1. This is due to missing capability checks and nonce validation on several functions such as dpk_upvf_rmv_file(), dpk_upvf_rmv_access(), and dpk_upvf_update_doc(). This makes it possible for unauthenticated attackers to modify several settings and modify files (via deletion and settings updates).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-private-files/"
     google-query: inurl:"/wp-content/plugins/user-private-files/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-private-files,medium
+  tags: cve,wordpress,wp-plugin,user-private-files,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-registration-d2e28c2323c53d6e9cc43d245f41b33e.yaml b/nuclei-templates/cve-less/plugins/user-registration-d2e28c2323c53d6e9cc43d245f41b33e.yaml
index 5fe50d408a..95c8ba64b3 100644
--- a/nuclei-templates/cve-less/plugins/user-registration-d2e28c2323c53d6e9cc43d245f41b33e.yaml
+++ b/nuclei-templates/cve-less/plugins/user-registration-d2e28c2323c53d6e9cc43d245f41b33e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Registration <= 1.5.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Registration plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping via the 'edit-registration' parameter. This makes it possible for authenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-registration/"
     google-query: inurl:"/wp-content/plugins/user-registration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-registration,medium
+  tags: cve,wordpress,wp-plugin,user-registration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-rights-access-manager-a0b7b51da946e56980c587504bc9c3d1.yaml b/nuclei-templates/cve-less/plugins/user-rights-access-manager-a0b7b51da946e56980c587504bc9c3d1.yaml
index 4c75029293..ce3cb958f2 100644
--- a/nuclei-templates/cve-less/plugins/user-rights-access-manager-a0b7b51da946e56980c587504bc9c3d1.yaml
+++ b/nuclei-templates/cve-less/plugins/user-rights-access-manager-a0b7b51da946e56980c587504bc9c3d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Rights Access Manager <= 1.0.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The User Rights Access Manager plugin for WordPress is vulnerable to unauthorized access in versions up to, and including, 1.0.3. This is due to improper implementation of access controls. This makes it possible for authenticated attackers, with administrator-level permissions and above, to take actions or access information for which privileges were removed via the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-rights-access-manager/"
     google-query: inurl:"/wp-content/plugins/user-rights-access-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-rights-access-manager,medium
+  tags: cve,wordpress,wp-plugin,user-rights-access-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/user-role-editor-19fa35bb35a821be90be40a4df1f6407.yaml b/nuclei-templates/cve-less/plugins/user-role-editor-19fa35bb35a821be90be40a4df1f6407.yaml
index 0c9e3d38d0..567c947b2d 100644
--- a/nuclei-templates/cve-less/plugins/user-role-editor-19fa35bb35a821be90be40a4df1f6407.yaml
+++ b/nuclei-templates/cve-less/plugins/user-role-editor-19fa35bb35a821be90be40a4df1f6407.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     User Role Editor <= 4.24 - Authenticated Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The User Role Editor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'update' function in versions up to, and including, 4.24. This makes it possible for any authenticated attackers to grant themselves the administrator role.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/user-role-editor/"
     google-query: inurl:"/wp-content/plugins/user-role-editor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,user-role-editor,high
+  tags: cve,wordpress,wp-plugin,user-role-editor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/usernoise-b99ce0637c979eb1d01fd84441afddba.yaml b/nuclei-templates/cve-less/plugins/usernoise-b99ce0637c979eb1d01fd84441afddba.yaml
index ba66a868b3..b46c33f258 100644
--- a/nuclei-templates/cve-less/plugins/usernoise-b99ce0637c979eb1d01fd84441afddba.yaml
+++ b/nuclei-templates/cve-less/plugins/usernoise-b99ce0637c979eb1d01fd84441afddba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Usernoise modal feedback / contact form < 3.7.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Usernoise modal feedback / contact form plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 3.7.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/usernoise/"
     google-query: inurl:"/wp-content/plugins/usernoise/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,usernoise,medium
+  tags: cve,wordpress,wp-plugin,usernoise,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/users-ultra-3e0e02d0ef91eed396842fb253ab425c.yaml b/nuclei-templates/cve-less/plugins/users-ultra-3e0e02d0ef91eed396842fb253ab425c.yaml
index 50cd849f28..0fdd497ed5 100644
--- a/nuclei-templates/cve-less/plugins/users-ultra-3e0e02d0ef91eed396842fb253ab425c.yaml
+++ b/nuclei-templates/cve-less/plugins/users-ultra-3e0e02d0ef91eed396842fb253ab425c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.0 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-ultra/"
     google-query: inurl:"/wp-content/plugins/users-ultra/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,users-ultra,high
+  tags: cve,wordpress,wp-plugin,users-ultra,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/users-ultra-741cff403a911873546d8451aea6b8dc.yaml b/nuclei-templates/cve-less/plugins/users-ultra-741cff403a911873546d8451aea6b8dc.yaml
index 7529ee8fde..773b06e300 100644
--- a/nuclei-templates/cve-less/plugins/users-ultra-741cff403a911873546d8451aea6b8dc.yaml
+++ b/nuclei-templates/cve-less/plugins/users-ultra-741cff403a911873546d8451aea6b8dc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.4.36 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin for WordPress is vulnerable to generic SQL Injection via the ‘cate_id’ parameter in versions up to, and including, 1.4.35 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-ultra/"
     google-query: inurl:"/wp-content/plugins/users-ultra/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,users-ultra,high
+  tags: cve,wordpress,wp-plugin,users-ultra,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/users-ultra-d475119af8f003a2c6e0eb9a10044dee.yaml b/nuclei-templates/cve-less/plugins/users-ultra-d475119af8f003a2c6e0eb9a10044dee.yaml
index 304d8349bc..ee0eeea82e 100644
--- a/nuclei-templates/cve-less/plugins/users-ultra-d475119af8f003a2c6e0eb9a10044dee.yaml
+++ b/nuclei-templates/cve-less/plugins/users-ultra-d475119af8f003a2c6e0eb9a10044dee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.4.95 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin" plugin for WordPress is vulnerable to SQL Injection via the ‘$gal_id’ parameter in versions up to, and including, 1.4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/users-ultra/"
     google-query: inurl:"/wp-content/plugins/users-ultra/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,users-ultra,high
+  tags: cve,wordpress,wp-plugin,users-ultra,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vaultpress-a000811d6a7f224f2863a66f08bbbdef.yaml b/nuclei-templates/cve-less/plugins/vaultpress-a000811d6a7f224f2863a66f08bbbdef.yaml
index a3cd67f88f..4395af34e7 100644
--- a/nuclei-templates/cve-less/plugins/vaultpress-a000811d6a7f224f2863a66f08bbbdef.yaml
+++ b/nuclei-templates/cve-less/plugins/vaultpress-a000811d6a7f224f2863a66f08bbbdef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VaultPress <= 1.8.6 - Remote Code Execution
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The VaultPress plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.8.6 via the vaultpress/class.vaultpress-ixr-ssl-client.php file. This allows unauthenticated attackers to execute code on the server. This requires a man in the middle attack to be successful as an attacker needs to obtain the secret key retrieved from https://www.vaultpress.com. The plugin does not force the use of SSL to retrieve this secret key making it readable to attackers analyzing the traffic.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vaultpress/"
     google-query: inurl:"/wp-content/plugins/vaultpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vaultpress,high
+  tags: cve,wordpress,wp-plugin,vaultpress,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vc-addons-by-bit14-64fc1c1aeafb0b67c8b714966bfc2dcb.yaml b/nuclei-templates/cve-less/plugins/vc-addons-by-bit14-64fc1c1aeafb0b67c8b714966bfc2dcb.yaml
index 91182f4a9b..4b704e8418 100644
--- a/nuclei-templates/cve-less/plugins/vc-addons-by-bit14-64fc1c1aeafb0b67c8b714966bfc2dcb.yaml
+++ b/nuclei-templates/cve-less/plugins/vc-addons-by-bit14-64fc1c1aeafb0b67c8b714966bfc2dcb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Web and WooCommerce Addons for WPBakery Builder <= 1.4.4.1 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.4.1 due to missing capability checks on various functions called via AJAX actions. This makes it possible for any authenticated user, such as a subscriber, to execute the AJAX actions and modify the plugins settings along with injecting malicious web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vc-addons-by-bit14/"
     google-query: inurl:"/wp-content/plugins/vc-addons-by-bit14/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vc-addons-by-bit14,medium
+  tags: cve,wordpress,wp-plugin,vc-addons-by-bit14,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vdz-call-back-e460da3b1111d5e40e60d6fa9f63a75a.yaml b/nuclei-templates/cve-less/plugins/vdz-call-back-e460da3b1111d5e40e60d6fa9f63a75a.yaml
index 3121325d07..cc5cb5c1ae 100644
--- a/nuclei-templates/cve-less/plugins/vdz-call-back-e460da3b1111d5e40e60d6fa9f63a75a.yaml
+++ b/nuclei-templates/cve-less/plugins/vdz-call-back-e460da3b1111d5e40e60d6fa9f63a75a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VDZ CallBack Plugin < 1.14.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "VDZ CallBack Plugin" plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 1.14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vdz-call-back/"
     google-query: inurl:"/wp-content/plugins/vdz-call-back/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vdz-call-back,medium
+  tags: cve,wordpress,wp-plugin,vdz-call-back,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vdz-google-analytics-7f3d4ae07c7ffdb4fa4da20576013347.yaml b/nuclei-templates/cve-less/plugins/vdz-google-analytics-7f3d4ae07c7ffdb4fa4da20576013347.yaml
index 1ebbd0f785..c915c46471 100644
--- a/nuclei-templates/cve-less/plugins/vdz-google-analytics-7f3d4ae07c7ffdb4fa4da20576013347.yaml
+++ b/nuclei-templates/cve-less/plugins/vdz-google-analytics-7f3d4ae07c7ffdb4fa4da20576013347.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VDZ Google Analytics or Google Tag Manager < 1.4.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VDZ Google Analytics or Google Tag Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions before 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with admin-level privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vdz-google-analytics/"
     google-query: inurl:"/wp-content/plugins/vdz-google-analytics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vdz-google-analytics,medium
+  tags: cve,wordpress,wp-plugin,vdz-google-analytics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vdz-google-analytics-820c42b11e0167933dfc728bc7134cba.yaml b/nuclei-templates/cve-less/plugins/vdz-google-analytics-820c42b11e0167933dfc728bc7134cba.yaml
index e16d0ec3ec..3840cbf8fd 100644
--- a/nuclei-templates/cve-less/plugins/vdz-google-analytics-820c42b11e0167933dfc728bc7134cba.yaml
+++ b/nuclei-templates/cve-less/plugins/vdz-google-analytics-820c42b11e0167933dfc728bc7134cba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VDZ Google Analytics or Google Tag Manager / GTM <= 1.5.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The VDZ Google Analytics or Google Tag Manager / GTM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Analytics ID settings in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vdz-google-analytics/"
     google-query: inurl:"/wp-content/plugins/vdz-google-analytics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vdz-google-analytics,medium
+  tags: cve,wordpress,wp-plugin,vdz-google-analytics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vdz-verification-1b1edb5a0481b6f1c207bb5bde4a4999.yaml b/nuclei-templates/cve-less/plugins/vdz-verification-1b1edb5a0481b6f1c207bb5bde4a4999.yaml
index ca9153fedc..9ac50c2f72 100644
--- a/nuclei-templates/cve-less/plugins/vdz-verification-1b1edb5a0481b6f1c207bb5bde4a4999.yaml
+++ b/nuclei-templates/cve-less/plugins/vdz-verification-1b1edb5a0481b6f1c207bb5bde4a4999.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VDZ Verification <= 1.3.12 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The VDZ Verification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meta Tag settings in versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated Admin+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vdz-verification/"
     google-query: inurl:"/wp-content/plugins/vdz-verification/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vdz-verification,medium
+  tags: cve,wordpress,wp-plugin,vdz-verification,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/very-simple-quiz-2dc0412984b0bc2f2e238ad04ba47e6a.yaml b/nuclei-templates/cve-less/plugins/very-simple-quiz-2dc0412984b0bc2f2e238ad04ba47e6a.yaml
index 1fe8c8d338..ab9fcf19f8 100644
--- a/nuclei-templates/cve-less/plugins/very-simple-quiz-2dc0412984b0bc2f2e238ad04ba47e6a.yaml
+++ b/nuclei-templates/cve-less/plugins/very-simple-quiz-2dc0412984b0bc2f2e238ad04ba47e6a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Very Simple Quiz <= 1.0.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Very Simple Quiz plugin for WordPress is vulnerable to both Reflected and Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/very-simple-quiz/"
     google-query: inurl:"/wp-content/plugins/very-simple-quiz/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,very-simple-quiz,medium
+  tags: cve,wordpress,wp-plugin,very-simple-quiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-98fa09468510e4f3d608da204df8d702.yaml b/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-98fa09468510e4f3d608da204df8d702.yaml
index 70a4f5938c..af149a555c 100644
--- a/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-98fa09468510e4f3d608da204df8d702.yaml
+++ b/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-98fa09468510e4f3d608da204df8d702.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VideoJS (Various Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The S3 Video, EasySqueezePage, External "Video for Everybody", Videopack, and 1player plugins for WordPress are vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of VideoJS in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-embed-thumbnail-generator/"
     google-query: inurl:"/wp-content/plugins/video-embed-thumbnail-generator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,video-embed-thumbnail-generator,medium
+  tags: cve,wordpress,wp-plugin,video-embed-thumbnail-generator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 698e6b912f..f5a00f5fe0 100644
--- a/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-embed-thumbnail-generator/"
     google-query: inurl:"/wp-content/plugins/video-embed-thumbnail-generator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,video-embed-thumbnail-generator,medium
+  tags: cve,wordpress,wp-plugin,video-embed-thumbnail-generator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/video-synchro-pdf-a674e9a5d2840820506909b7c50b3d92.yaml b/nuclei-templates/cve-less/plugins/video-synchro-pdf-a674e9a5d2840820506909b7c50b3d92.yaml
index 75bf5dc300..14ef07097d 100644
--- a/nuclei-templates/cve-less/plugins/video-synchro-pdf-a674e9a5d2840820506909b7c50b3d92.yaml
+++ b/nuclei-templates/cve-less/plugins/video-synchro-pdf-a674e9a5d2840820506909b7c50b3d92.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Videos sync PDF <= 1.7.4 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Videos sync PDF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with admin-level privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/video-synchro-pdf/"
     google-query: inurl:"/wp-content/plugins/video-synchro-pdf/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,video-synchro-pdf,medium
+  tags: cve,wordpress,wp-plugin,video-synchro-pdf,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/videowhisper-video-conference-integration-eb64a1dd7efbf5edcd293e2db2a6feb2.yaml b/nuclei-templates/cve-less/plugins/videowhisper-video-conference-integration-eb64a1dd7efbf5edcd293e2db2a6feb2.yaml
index 98fa796ebb..6b50b575ce 100644
--- a/nuclei-templates/cve-less/plugins/videowhisper-video-conference-integration-eb64a1dd7efbf5edcd293e2db2a6feb2.yaml
+++ b/nuclei-templates/cve-less/plugins/videowhisper-video-conference-integration-eb64a1dd7efbf5edcd293e2db2a6feb2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Webcam Video Conference <= 3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Webcam Video Conference plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/videowhisper-video-conference-integration/"
     google-query: inurl:"/wp-content/plugins/videowhisper-video-conference-integration/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,videowhisper-video-conference-integration,medium
+  tags: cve,wordpress,wp-plugin,videowhisper-video-conference-integration,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vidseo-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/vidseo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3d31abc59a..4c02bc38bc 100644
--- a/nuclei-templates/cve-less/plugins/vidseo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/vidseo-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vidseo/"
     google-query: inurl:"/wp-content/plugins/vidseo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vidseo,medium
+  tags: cve,wordpress,wp-plugin,vidseo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/visibility-logic-elementor-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/visibility-logic-elementor-18966e8228314b8165d39d48519f43cc.yaml
index ea6578cb19..04cde33721 100644
--- a/nuclei-templates/cve-less/plugins/visibility-logic-elementor-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/visibility-logic-elementor-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visibility-logic-elementor/"
     google-query: inurl:"/wp-content/plugins/visibility-logic-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,visibility-logic-elementor,medium
+  tags: cve,wordpress,wp-plugin,visibility-logic-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/visibility-logic-elementor-3bd671f811e3dbd6eac29209e9039fd8.yaml b/nuclei-templates/cve-less/plugins/visibility-logic-elementor-3bd671f811e3dbd6eac29209e9039fd8.yaml
index b752c55f05..1c250b9793 100644
--- a/nuclei-templates/cve-less/plugins/visibility-logic-elementor-3bd671f811e3dbd6eac29209e9039fd8.yaml
+++ b/nuclei-templates/cve-less/plugins/visibility-logic-elementor-3bd671f811e3dbd6eac29209e9039fd8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visibility Logic for Elementor <= 2.3.4 - Missing Authorization via admin_post 'toggle_option'
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Visibility Logic for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'toggle_option' admin_post function in versions up to, and including, 2.3.4. This makes it possible for authenticated attackers to modify the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visibility-logic-elementor/"
     google-query: inurl:"/wp-content/plugins/visibility-logic-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,visibility-logic-elementor,medium
+  tags: cve,wordpress,wp-plugin,visibility-logic-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/visitor-info-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/visitor-info-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e603f2926e..19dde7a706 100644
--- a/nuclei-templates/cve-less/plugins/visitor-info-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/visitor-info-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visitor-info/"
     google-query: inurl:"/wp-content/plugins/visitor-info/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,visitor-info,medium
+  tags: cve,wordpress,wp-plugin,visitor-info,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/visitor-maps-41e6c56837296bd4311fa3f480bdbffa.yaml b/nuclei-templates/cve-less/plugins/visitor-maps-41e6c56837296bd4311fa3f480bdbffa.yaml
index 7c4358c04c..ab58264239 100644
--- a/nuclei-templates/cve-less/plugins/visitor-maps-41e6c56837296bd4311fa3f480bdbffa.yaml
+++ b/nuclei-templates/cve-less/plugins/visitor-maps-41e6c56837296bd4311fa3f480bdbffa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visitor Maps <= 1.5.8.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Visitor Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'order' and 'sort_by' parameters in versions up to, and including, 1.5.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visitor-maps/"
     google-query: inurl:"/wp-content/plugins/visitor-maps/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,visitor-maps,medium
+  tags: cve,wordpress,wp-plugin,visitor-maps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-57b54adcb0ab1b8bfd870b37f7db6b68.yaml b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-57b54adcb0ab1b8bfd870b37f7db6b68.yaml
index d99c1ce471..cf528d5663 100644
--- a/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-57b54adcb0ab1b8bfd870b37f7db6b68.yaml
+++ b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-57b54adcb0ab1b8bfd870b37f7db6b68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visitor Traffic Real Time Statistics <= 6.7 - Missing Authorization to Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.7. This makes it possible for authenticated attackers to retrieve site statistics.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/"
     google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,medium
+  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-c591eeb2c7d14c7927ba6447beaabc1b.yaml b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-c591eeb2c7d14c7927ba6447beaabc1b.yaml
index da4ad17111..fea4b0364f 100644
--- a/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-c591eeb2c7d14c7927ba6447beaabc1b.yaml
+++ b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-c591eeb2c7d14c7927ba6447beaabc1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visitor Traffic Real Time Statistics <= 2.13 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Visitor Traffic Real Time Statistics Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.13. This is due to missing or incorrect nonce validation on the 'cp_plugins_do_button_job_later_callback' AJAX action. This makes it possible for unauthenticated attackers to install and activate other plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/"
     google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,high
+  tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/visual-form-builder-101912c034e5833d5a8cc53836ca2a9d.yaml b/nuclei-templates/cve-less/plugins/visual-form-builder-101912c034e5833d5a8cc53836ca2a9d.yaml
index fa3d25fca6..153107cc06 100644
--- a/nuclei-templates/cve-less/plugins/visual-form-builder-101912c034e5833d5a8cc53836ca2a9d.yaml
+++ b/nuclei-templates/cve-less/plugins/visual-form-builder-101912c034e5833d5a8cc53836ca2a9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Form Builder <= 2.8.2 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Visual Form Builder plugin for WordPress is vulnerable to generic SQL Injection in versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visual-form-builder/"
     google-query: inurl:"/wp-content/plugins/visual-form-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,visual-form-builder,high
+  tags: cve,wordpress,wp-plugin,visual-form-builder,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/visual-form-builder-666310311f6b757b5edf8f0953dbd9e0.yaml b/nuclei-templates/cve-less/plugins/visual-form-builder-666310311f6b757b5edf8f0953dbd9e0.yaml
index 031dc2400d..47266aaec4 100644
--- a/nuclei-templates/cve-less/plugins/visual-form-builder-666310311f6b757b5edf8f0953dbd9e0.yaml
+++ b/nuclei-templates/cve-less/plugins/visual-form-builder-666310311f6b757b5edf8f0953dbd9e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Visual Form Builder <= 2.8.2 - Cross-Site Request Forgery to SQL Injection
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Visual Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.2. This is due to missing or incorrect nonce validation on the current_filter_action function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/visual-form-builder/"
     google-query: inurl:"/wp-content/plugins/visual-form-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,visual-form-builder,high
+  tags: cve,wordpress,wp-plugin,visual-form-builder,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vit-website-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/vit-website-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index aa48c91694..916af43e04 100644
--- a/nuclei-templates/cve-less/plugins/vit-website-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/vit-website-reviews-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vit-website-reviews/"
     google-query: inurl:"/wp-content/plugins/vit-website-reviews/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vit-website-reviews,medium
+  tags: cve,wordpress,wp-plugin,vit-website-reviews,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vo-locator-the-wp-store-locator-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/vo-locator-the-wp-store-locator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index bd96626343..1f1f44a791 100644
--- a/nuclei-templates/cve-less/plugins/vo-locator-the-wp-store-locator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/vo-locator-the-wp-store-locator-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vo-locator-the-wp-store-locator/"
     google-query: inurl:"/wp-content/plugins/vo-locator-the-wp-store-locator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vo-locator-the-wp-store-locator,medium
+  tags: cve,wordpress,wp-plugin,vo-locator-the-wp-store-locator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vr-calendar-sync-7396a7e456a789122fb4ba49d41fa089.yaml b/nuclei-templates/cve-less/plugins/vr-calendar-sync-7396a7e456a789122fb4ba49d41fa089.yaml
index 79ffffee9c..52056d16b8 100644
--- a/nuclei-templates/cve-less/plugins/vr-calendar-sync-7396a7e456a789122fb4ba49d41fa089.yaml
+++ b/nuclei-templates/cve-less/plugins/vr-calendar-sync-7396a7e456a789122fb4ba49d41fa089.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     VR Calendar <= 2.4.0 - Authenticated (Administrator+) Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The VR Calendar plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.4.0. This makes it possible for administrator-level attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This can also be exploited via CSRF.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vr-calendar-sync/"
     google-query: inurl:"/wp-content/plugins/vr-calendar-sync/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vr-calendar-sync,medium
+  tags: cve,wordpress,wp-plugin,vr-calendar-sync,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/vslider-ae05ec43cb054e1a5de163d4a7addf3a.yaml b/nuclei-templates/cve-less/plugins/vslider-ae05ec43cb054e1a5de163d4a7addf3a.yaml
index 3fbcaaa29e..301f0460e2 100644
--- a/nuclei-templates/cve-less/plugins/vslider-ae05ec43cb054e1a5de163d4a7addf3a.yaml
+++ b/nuclei-templates/cve-less/plugins/vslider-ae05ec43cb054e1a5de163d4a7addf3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     vSlider Multi Image Slider <= 4.1.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The vSlider Multi Image Slider plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to missing capability checks on several functions such as vslider_admin_callback, vslider_images_callback, and vslider_generate_images_callback in versions up to, and including, 4.1.2. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugin's settings, retrieve settings, and manipulate sliders.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/vslider/"
     google-query: inurl:"/wp-content/plugins/vslider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,vslider,medium
+  tags: cve,wordpress,wp-plugin,vslider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-8a10bd5b823c6c28d5929375c43a3ded.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-8a10bd5b823c6c28d5929375c43a3ded.yaml
index 66530fcc1d..a4c2b81150 100644
--- a/nuclei-templates/cve-less/plugins/w3-total-cache-8a10bd5b823c6c28d5929375c43a3ded.yaml
+++ b/nuclei-templates/cve-less/plugins/w3-total-cache-8a10bd5b823c6c28d5929375c43a3ded.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     W3 Total Cache <= 0.9.4.1 - Cross-Site Scripting via request_id
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The W3 Total Cache plugin plugin for WordPress is vulnerable to Cross-Site Scripting via the 'request_id' parameter in versions up to, and including, 0.9.4.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w3-total-cache/"
     google-query: inurl:"/wp-content/plugins/w3-total-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,w3-total-cache,medium
+  tags: cve,wordpress,wp-plugin,w3-total-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-cf834d46bd9b982d7dc5819942daefcd.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-cf834d46bd9b982d7dc5819942daefcd.yaml
index fe2cf12b18..fc5938ad6b 100644
--- a/nuclei-templates/cve-less/plugins/w3-total-cache-cf834d46bd9b982d7dc5819942daefcd.yaml
+++ b/nuclei-templates/cve-less/plugins/w3-total-cache-cf834d46bd9b982d7dc5819942daefcd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     W3 Total Cache <= 0.9.4.1 - Authenticated Arbitrary File Download
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The W3 Total Cache plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 0.9.4.1 This can allow an administrator attacker to extract sensitive data from wp-config.php that could be used to fully take over the site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w3-total-cache/"
     google-query: inurl:"/wp-content/plugins/w3-total-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,w3-total-cache,medium
+  tags: cve,wordpress,wp-plugin,w3-total-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-f9f79bf204290d6d3c8b8009bb85feff.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-f9f79bf204290d6d3c8b8009bb85feff.yaml
index be86b8ea91..498a7cf94a 100644
--- a/nuclei-templates/cve-less/plugins/w3-total-cache-f9f79bf204290d6d3c8b8009bb85feff.yaml
+++ b/nuclei-templates/cve-less/plugins/w3-total-cache-f9f79bf204290d6d3c8b8009bb85feff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The W3 Total Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.9.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w3-total-cache/"
     google-query: inurl:"/wp-content/plugins/w3-total-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,w3-total-cache,high
+  tags: cve,wordpress,wp-plugin,w3-total-cache,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-fa0b9f9e638380f9e9ab2db59f133c49.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-fa0b9f9e638380f9e9ab2db59f133c49.yaml
index b414a3d2f7..2eb0e03c9e 100644
--- a/nuclei-templates/cve-less/plugins/w3-total-cache-fa0b9f9e638380f9e9ab2db59f133c49.yaml
+++ b/nuclei-templates/cve-less/plugins/w3-total-cache-fa0b9f9e638380f9e9ab2db59f133c49.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     W3 Total Cache <= 0.9.4.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The W3 Total Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including, 0.9.4.1. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w3-total-cache/"
     google-query: inurl:"/wp-content/plugins/w3-total-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,w3-total-cache,high
+  tags: cve,wordpress,wp-plugin,w3-total-cache,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/w3s-cf7-zoho-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/w3s-cf7-zoho-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d47c1f62fd..3ba630c327 100644
--- a/nuclei-templates/cve-less/plugins/w3s-cf7-zoho-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/w3s-cf7-zoho-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w3s-cf7-zoho/"
     google-query: inurl:"/wp-content/plugins/w3s-cf7-zoho/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,w3s-cf7-zoho,medium
+  tags: cve,wordpress,wp-plugin,w3s-cf7-zoho,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/w4-post-list-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/w4-post-list-18966e8228314b8165d39d48519f43cc.yaml
index df1316a5a2..9f484e4fe4 100644
--- a/nuclei-templates/cve-less/plugins/w4-post-list-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/w4-post-list-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/w4-post-list/"
     google-query: inurl:"/wp-content/plugins/w4-post-list/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,w4-post-list,medium
+  tags: cve,wordpress,wp-plugin,w4-post-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wadi-survey-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wadi-survey-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ef84792d8c..bf58edcb59 100644
--- a/nuclei-templates/cve-less/plugins/wadi-survey-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wadi-survey-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wadi-survey/"
     google-query: inurl:"/wp-content/plugins/wadi-survey/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wadi-survey,medium
+  tags: cve,wordpress,wp-plugin,wadi-survey,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/walker-core-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/walker-core-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 921d8daa4b..e7023eca5d 100644
--- a/nuclei-templates/cve-less/plugins/walker-core-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/walker-core-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/walker-core/"
     google-query: inurl:"/wp-content/plugins/walker-core/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,walker-core,medium
+  tags: cve,wordpress,wp-plugin,walker-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wangguard-54e8332ab2042b90448af1c552f2e323.yaml b/nuclei-templates/cve-less/plugins/wangguard-54e8332ab2042b90448af1c552f2e323.yaml
index f12a1ede22..ca3ef5ec43 100644
--- a/nuclei-templates/cve-less/plugins/wangguard-54e8332ab2042b90448af1c552f2e323.yaml
+++ b/nuclei-templates/cve-less/plugins/wangguard-54e8332ab2042b90448af1c552f2e323.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WangGuard < 1.7.2 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WangGuard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions before 1.7.2 due to insufficient input sanitization and output escaping on the 'a' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wangguard/"
     google-query: inurl:"/wp-content/plugins/wangguard/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wangguard,high
+  tags: cve,wordpress,wp-plugin,wangguard,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wassup-f20cc872feace3e3660ec95d470c9be3.yaml b/nuclei-templates/cve-less/plugins/wassup-f20cc872feace3e3660ec95d470c9be3.yaml
index d81396c6ea..0ca0414a18 100644
--- a/nuclei-templates/cve-less/plugins/wassup-f20cc872feace3e3660ec95d470c9be3.yaml
+++ b/nuclei-templates/cve-less/plugins/wassup-f20cc872feace3e3660ec95d470c9be3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WassUp Real Time Analytics <= 1.9.4.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WassUp Real Time Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.9.4.4 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wassup/"
     google-query: inurl:"/wp-content/plugins/wassup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wassup,medium
+  tags: cve,wordpress,wp-plugin,wassup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/watu-38df56fa1dc5330e530e8cc53cb9a80a.yaml b/nuclei-templates/cve-less/plugins/watu-38df56fa1dc5330e530e8cc53cb9a80a.yaml
index 209e67c8d6..f2632ab459 100644
--- a/nuclei-templates/cve-less/plugins/watu-38df56fa1dc5330e530e8cc53cb9a80a.yaml
+++ b/nuclei-templates/cve-less/plugins/watu-38df56fa1dc5330e530e8cc53cb9a80a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Watu Quiz 3.1.2.1 - 3.1.2.5 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘quiz’ parameter in versions between and including 3.1.2.1 and 3.1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/watu/"
     google-query: inurl:"/wp-content/plugins/watu/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,watu,high
+  tags: cve,wordpress,wp-plugin,watu,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wc-basic-slider-826769e27edbc5a7e8c99a41d2b44f99.yaml b/nuclei-templates/cve-less/plugins/wc-basic-slider-826769e27edbc5a7e8c99a41d2b44f99.yaml
index a27d8c9e2a..1fca659057 100644
--- a/nuclei-templates/cve-less/plugins/wc-basic-slider-826769e27edbc5a7e8c99a41d2b44f99.yaml
+++ b/nuclei-templates/cve-less/plugins/wc-basic-slider-826769e27edbc5a7e8c99a41d2b44f99.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Unlimited Category slider for WooCommerce <= 2.0.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Unlimited Category slider for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the "cx_nonce" function. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-basic-slider/"
     google-query: inurl:"/wp-content/plugins/wc-basic-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wc-basic-slider,high
+  tags: cve,wordpress,wp-plugin,wc-basic-slider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wc-category-showcase-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wc-category-showcase-18966e8228314b8165d39d48519f43cc.yaml
index f53c3bef39..c3a75ceda5 100644
--- a/nuclei-templates/cve-less/plugins/wc-category-showcase-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wc-category-showcase-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-category-showcase/"
     google-query: inurl:"/wp-content/plugins/wc-category-showcase/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wc-category-showcase,medium
+  tags: cve,wordpress,wp-plugin,wc-category-showcase,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wc-fields-factory-c91fc0c595c28d56281ceceb582f95ca.yaml b/nuclei-templates/cve-less/plugins/wc-fields-factory-c91fc0c595c28d56281ceceb582f95ca.yaml
index 6a71278319..3f1d2899bf 100644
--- a/nuclei-templates/cve-less/plugins/wc-fields-factory-c91fc0c595c28d56281ceceb582f95ca.yaml
+++ b/nuclei-templates/cve-less/plugins/wc-fields-factory-c91fc0c595c28d56281ceceb582f95ca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WC Fields Factory <= 4.1.5 - Authenticated(Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WC Fields Factory plugin for WordPress is vulnerable to SQL Injection via the ‘post’ parameter in versions up to, and including, 4.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level privileges or above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-fields-factory/"
     google-query: inurl:"/wp-content/plugins/wc-fields-factory/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wc-fields-factory,high
+  tags: cve,wordpress,wp-plugin,wc-fields-factory,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wc-place-order-without-payment-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wc-place-order-without-payment-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index be85bd0c15..dbde06418c 100644
--- a/nuclei-templates/cve-less/plugins/wc-place-order-without-payment-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wc-place-order-without-payment-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-place-order-without-payment/"
     google-query: inurl:"/wp-content/plugins/wc-place-order-without-payment/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wc-place-order-without-payment,medium
+  tags: cve,wordpress,wp-plugin,wc-place-order-without-payment,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wc-product-author-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wc-product-author-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index fd602898d1..f0d79b4d1b 100644
--- a/nuclei-templates/cve-less/plugins/wc-product-author-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wc-product-author-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-product-author/"
     google-query: inurl:"/wp-content/plugins/wc-product-author/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wc-product-author,medium
+  tags: cve,wordpress,wp-plugin,wc-product-author,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wc-product-customer-list-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wc-product-customer-list-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ab52ee62e4..621665bd16 100644
--- a/nuclei-templates/cve-less/plugins/wc-product-customer-list-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wc-product-customer-list-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-product-customer-list/"
     google-query: inurl:"/wp-content/plugins/wc-product-customer-list/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wc-product-customer-list,medium
+  tags: cve,wordpress,wp-plugin,wc-product-customer-list,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wc-shortcodes-8911dada79ef696f6a6182ef72e3da28.yaml b/nuclei-templates/cve-less/plugins/wc-shortcodes-8911dada79ef696f6a6182ef72e3da28.yaml
index 2076dffd98..164c7b8bf4 100644
--- a/nuclei-templates/cve-less/plugins/wc-shortcodes-8911dada79ef696f6a6182ef72e3da28.yaml
+++ b/nuclei-templates/cve-less/plugins/wc-shortcodes-8911dada79ef696f6a6182ef72e3da28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shortcodes by Angie Makes < 2.07 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Shortcodes by Angie Makes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wc_button’ parameter in versions before 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers of Contributor-level or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-shortcodes/"
     google-query: inurl:"/wp-content/plugins/wc-shortcodes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wc-shortcodes,high
+  tags: cve,wordpress,wp-plugin,wc-shortcodes,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wc-thanks-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wc-thanks-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cd93e6beb9..55b752ddd5 100644
--- a/nuclei-templates/cve-less/plugins/wc-thanks-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wc-thanks-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-thanks-redirect/"
     google-query: inurl:"/wp-content/plugins/wc-thanks-redirect/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wc-thanks-redirect,medium
+  tags: cve,wordpress,wp-plugin,wc-thanks-redirect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wc-zelle-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wc-zelle-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b0e650f385..70cb65c610 100644
--- a/nuclei-templates/cve-less/plugins/wc-zelle-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wc-zelle-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc-zelle/"
     google-query: inurl:"/wp-content/plugins/wc-zelle/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wc-zelle,medium
+  tags: cve,wordpress,wp-plugin,wc-zelle,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wc4bp-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wc4bp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 90acccabfc..31e79d5bc1 100644
--- a/nuclei-templates/cve-less/plugins/wc4bp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wc4bp-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wc4bp/"
     google-query: inurl:"/wp-content/plugins/wc4bp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wc4bp,medium
+  tags: cve,wordpress,wp-plugin,wc4bp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wcc-seo-keyword-research-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wcc-seo-keyword-research-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 344ef93489..3a642ad1f1 100644
--- a/nuclei-templates/cve-less/plugins/wcc-seo-keyword-research-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wcc-seo-keyword-research-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wcc-seo-keyword-research/"
     google-query: inurl:"/wp-content/plugins/wcc-seo-keyword-research/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wcc-seo-keyword-research,medium
+  tags: cve,wordpress,wp-plugin,wcc-seo-keyword-research,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wd-facebook-feed-692a59847419e00f01e0e2c7d8867aaa.yaml b/nuclei-templates/cve-less/plugins/wd-facebook-feed-692a59847419e00f01e0e2c7d8867aaa.yaml
index c4686b43b9..b687482f57 100644
--- a/nuclei-templates/cve-less/plugins/wd-facebook-feed-692a59847419e00f01e0e2c7d8867aaa.yaml
+++ b/nuclei-templates/cve-less/plugins/wd-facebook-feed-692a59847419e00f01e0e2c7d8867aaa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10WebSocial <= 1.1.26 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 10WebSocial plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 1.1.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wd-facebook-feed/"
     google-query: inurl:"/wp-content/plugins/wd-facebook-feed/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wd-facebook-feed,medium
+  tags: cve,wordpress,wp-plugin,wd-facebook-feed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wd-google-maps-913aecbb55aeada0646124d3b1f7ac2e.yaml b/nuclei-templates/cve-less/plugins/wd-google-maps-913aecbb55aeada0646124d3b1f7ac2e.yaml
index 0290062f3f..0fc679d0b1 100644
--- a/nuclei-templates/cve-less/plugins/wd-google-maps-913aecbb55aeada0646124d3b1f7ac2e.yaml
+++ b/nuclei-templates/cve-less/plugins/wd-google-maps-913aecbb55aeada0646124d3b1f7ac2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     10Web Map Builder for Google Maps <= 1.0.69 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The 10Web Map Builder for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘&map_api_key, &center_address, &center_lat, &center_lng, &zoom_level’ parameters in versions up to, and including, 1.0.69 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was initially reported in 1.0.68 and partially, but not, fully patched, in 1.0.69.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wd-google-maps/"
     google-query: inurl:"/wp-content/plugins/wd-google-maps/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wd-google-maps,medium
+  tags: cve,wordpress,wp-plugin,wd-google-maps,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/web-disrupt-funnelmentals-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/web-disrupt-funnelmentals-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5eaea8aed7..c5d8ee4ab4 100644
--- a/nuclei-templates/cve-less/plugins/web-disrupt-funnelmentals-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/web-disrupt-funnelmentals-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/web-disrupt-funnelmentals/"
     google-query: inurl:"/wp-content/plugins/web-disrupt-funnelmentals/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,web-disrupt-funnelmentals,medium
+  tags: cve,wordpress,wp-plugin,web-disrupt-funnelmentals,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/webappick-pdf-invoice-for-woocommerce-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/webappick-pdf-invoice-for-woocommerce-18966e8228314b8165d39d48519f43cc.yaml
index 3bd49765f2..525aab5a36 100644
--- a/nuclei-templates/cve-less/plugins/webappick-pdf-invoice-for-woocommerce-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/webappick-pdf-invoice-for-woocommerce-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webappick-pdf-invoice-for-woocommerce/"
     google-query: inurl:"/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,webappick-pdf-invoice-for-woocommerce,medium
+  tags: cve,wordpress,wp-plugin,webappick-pdf-invoice-for-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/webba-booking-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/webba-booking-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c7b5150019..e7c91a01b3 100644
--- a/nuclei-templates/cve-less/plugins/webba-booking-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/webba-booking-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webba-booking-lite/"
     google-query: inurl:"/wp-content/plugins/webba-booking-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,webba-booking-lite,medium
+  tags: cve,wordpress,wp-plugin,webba-booking-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/webcam-2way-videochat-e6c1637e24e361150992210212c2ee7c.yaml b/nuclei-templates/cve-less/plugins/webcam-2way-videochat-e6c1637e24e361150992210212c2ee7c.yaml
index 84d413f7d8..c59246af7b 100644
--- a/nuclei-templates/cve-less/plugins/webcam-2way-videochat-e6c1637e24e361150992210212c2ee7c.yaml
+++ b/nuclei-templates/cve-less/plugins/webcam-2way-videochat-e6c1637e24e361150992210212c2ee7c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Webcam 2Way Videochat <= 4.41 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Webcam 2Way Videochat plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webcam-2way-videochat/"
     google-query: inurl:"/wp-content/plugins/webcam-2way-videochat/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,webcam-2way-videochat,medium
+  tags: cve,wordpress,wp-plugin,webcam-2way-videochat,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/weberino-timed-quiz-creator-424714e0619eb7899a426abc7531d5d4.yaml b/nuclei-templates/cve-less/plugins/weberino-timed-quiz-creator-424714e0619eb7899a426abc7531d5d4.yaml
index 4e94bcceed..35b1fe44bd 100644
--- a/nuclei-templates/cve-less/plugins/weberino-timed-quiz-creator-424714e0619eb7899a426abc7531d5d4.yaml
+++ b/nuclei-templates/cve-less/plugins/weberino-timed-quiz-creator-424714e0619eb7899a426abc7531d5d4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Weberino Timed Quiz <= 0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Weberino Timed Quiz plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.6.0 via several parameters when saving a post. This can be exploited by contributor-level users and above.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/weberino-timed-quiz-creator/"
     google-query: inurl:"/wp-content/plugins/weberino-timed-quiz-creator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,weberino-timed-quiz-creator,medium
+  tags: cve,wordpress,wp-plugin,weberino-timed-quiz-creator,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/webinar-and-video-conference-with-jitsi-meet-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/webinar-and-video-conference-with-jitsi-meet-18966e8228314b8165d39d48519f43cc.yaml
index 1396f7e9d2..a83d799667 100644
--- a/nuclei-templates/cve-less/plugins/webinar-and-video-conference-with-jitsi-meet-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/webinar-and-video-conference-with-jitsi-meet-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webinar-and-video-conference-with-jitsi-meet/"
     google-query: inurl:"/wp-content/plugins/webinar-and-video-conference-with-jitsi-meet/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,webinar-and-video-conference-with-jitsi-meet,medium
+  tags: cve,wordpress,wp-plugin,webinar-and-video-conference-with-jitsi-meet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/webinar-ignition-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/webinar-ignition-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d9bc2a47a4..a45e02314d 100644
--- a/nuclei-templates/cve-less/plugins/webinar-ignition-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/webinar-ignition-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/webinar-ignition/"
     google-query: inurl:"/wp-content/plugins/webinar-ignition/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,webinar-ignition,medium
+  tags: cve,wordpress,wp-plugin,webinar-ignition,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wedevs-project-manager-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wedevs-project-manager-18966e8228314b8165d39d48519f43cc.yaml
index bf69330329..7ab4158275 100644
--- a/nuclei-templates/cve-less/plugins/wedevs-project-manager-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wedevs-project-manager-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wedevs-project-manager/"
     google-query: inurl:"/wp-content/plugins/wedevs-project-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wedevs-project-manager,medium
+  tags: cve,wordpress,wp-plugin,wedevs-project-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wedocs-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wedocs-18966e8228314b8165d39d48519f43cc.yaml
index 3facaaeb55..72e5b95588 100644
--- a/nuclei-templates/cve-less/plugins/wedocs-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wedocs-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wedocs/"
     google-query: inurl:"/wp-content/plugins/wedocs/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wedocs,medium
+  tags: cve,wordpress,wp-plugin,wedocs,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wemail-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wemail-18966e8228314b8165d39d48519f43cc.yaml
index 14f9ba80a6..29bc564222 100644
--- a/nuclei-templates/cve-less/plugins/wemail-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wemail-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wemail/"
     google-query: inurl:"/wp-content/plugins/wemail/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wemail,medium
+  tags: cve,wordpress,wp-plugin,wemail,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wepos-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wepos-18966e8228314b8165d39d48519f43cc.yaml
index 6313c28907..20709e9553 100644
--- a/nuclei-templates/cve-less/plugins/wepos-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wepos-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wepos/"
     google-query: inurl:"/wp-content/plugins/wepos/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wepos,medium
+  tags: cve,wordpress,wp-plugin,wepos,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wgauge-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wgauge-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e5aa0b3ccc..3ecec344aa 100644
--- a/nuclei-templates/cve-less/plugins/wgauge-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wgauge-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wgauge/"
     google-query: inurl:"/wp-content/plugins/wgauge/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wgauge,medium
+  tags: cve,wordpress,wp-plugin,wgauge,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/widget-detector-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/widget-detector-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b3004be507..a330cc659f 100644
--- a/nuclei-templates/cve-less/plugins/widget-detector-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/widget-detector-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-detector-elementor/"
     google-query: inurl:"/wp-content/plugins/widget-detector-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,widget-detector-elementor,medium
+  tags: cve,wordpress,wp-plugin,widget-detector-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/widget-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/widget-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ddf15bfa29..99a6552366 100644
--- a/nuclei-templates/cve-less/plugins/widget-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/widget-for-contact-form-7-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-for-contact-form-7/"
     google-query: inurl:"/wp-content/plugins/widget-for-contact-form-7/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,widget-for-contact-form-7,medium
+  tags: cve,wordpress,wp-plugin,widget-for-contact-form-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/widget-for-eventbrite-api-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/widget-for-eventbrite-api-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index bca7acb98c..9367b6ad60 100644
--- a/nuclei-templates/cve-less/plugins/widget-for-eventbrite-api-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/widget-for-eventbrite-api-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-for-eventbrite-api/"
     google-query: inurl:"/wp-content/plugins/widget-for-eventbrite-api/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,widget-for-eventbrite-api,medium
+  tags: cve,wordpress,wp-plugin,widget-for-eventbrite-api,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/widget-google-reviews-648a32c4399962c7e8df779124e03350.yaml b/nuclei-templates/cve-less/plugins/widget-google-reviews-648a32c4399962c7e8df779124e03350.yaml
index 9e6fac9db5..149189ac45 100644
--- a/nuclei-templates/cve-less/plugins/widget-google-reviews-648a32c4399962c7e8df779124e03350.yaml
+++ b/nuclei-templates/cve-less/plugins/widget-google-reviews-648a32c4399962c7e8df779124e03350.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Plugin for Google Reviews <= 2.2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Plugin for Google Reviews for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.2. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to create widgets, via forged request granted they can trick a site user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widget-google-reviews/"
     google-query: inurl:"/wp-content/plugins/widget-google-reviews/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,widget-google-reviews,high
+  tags: cve,wordpress,wp-plugin,widget-google-reviews,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/widgets-on-pages-and-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/widgets-on-pages-and-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 20f764a78d..8e98c38ba6 100644
--- a/nuclei-templates/cve-less/plugins/widgets-on-pages-and-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/widgets-on-pages-and-posts-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widgets-on-pages-and-posts/"
     google-query: inurl:"/wp-content/plugins/widgets-on-pages-and-posts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,widgets-on-pages-and-posts,medium
+  tags: cve,wordpress,wp-plugin,widgets-on-pages-and-posts,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/widgets-on-pages-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/widgets-on-pages-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 496c24122c..988bfc2fa3 100644
--- a/nuclei-templates/cve-less/plugins/widgets-on-pages-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/widgets-on-pages-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/widgets-on-pages/"
     google-query: inurl:"/wp-content/plugins/widgets-on-pages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,widgets-on-pages,medium
+  tags: cve,wordpress,wp-plugin,widgets-on-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wonderm00ns-simple-facebook-open-graph-tags-d2fc1c819ff763ffa1233f51f7546ae8.yaml b/nuclei-templates/cve-less/plugins/wonderm00ns-simple-facebook-open-graph-tags-d2fc1c819ff763ffa1233f51f7546ae8.yaml
index c4daccb208..9de3cc8533 100644
--- a/nuclei-templates/cve-less/plugins/wonderm00ns-simple-facebook-open-graph-tags-d2fc1c819ff763ffa1233f51f7546ae8.yaml
+++ b/nuclei-templates/cve-less/plugins/wonderm00ns-simple-facebook-open-graph-tags-d2fc1c819ff763ffa1233f51f7546ae8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Open Graph and Twitter Card Tags <= 2.2.4.1 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Open Graph and Twitter Card Tags plugin for WordPress is vulnerable to Cross-Site Scripting via the ‘img’ parameter in versions up to, and including, 2.2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wonderm00ns-simple-facebook-open-graph-tags/"
     google-query: inurl:"/wp-content/plugins/wonderm00ns-simple-facebook-open-graph-tags/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wonderm00ns-simple-facebook-open-graph-tags,medium
+  tags: cve,wordpress,wp-plugin,wonderm00ns-simple-facebook-open-graph-tags,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-add-to-quote-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-add-to-quote-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f273cfd7ec..c165abdff5 100644
--- a/nuclei-templates/cve-less/plugins/woo-add-to-quote-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-add-to-quote-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-add-to-quote/"
     google-query: inurl:"/wp-content/plugins/woo-add-to-quote/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-add-to-quote,medium
+  tags: cve,wordpress,wp-plugin,woo-add-to-quote,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-admin-product-notes-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-admin-product-notes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9dfdb52921..fe9bf9da6c 100644
--- a/nuclei-templates/cve-less/plugins/woo-admin-product-notes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-admin-product-notes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-admin-product-notes/"
     google-query: inurl:"/wp-content/plugins/woo-admin-product-notes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-admin-product-notes,medium
+  tags: cve,wordpress,wp-plugin,woo-admin-product-notes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-advanced-product-size-chart-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-advanced-product-size-chart-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a41e0d84c6..b2811d4905 100644
--- a/nuclei-templates/cve-less/plugins/woo-advanced-product-size-chart-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-advanced-product-size-chart-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-advanced-product-size-chart/"
     google-query: inurl:"/wp-content/plugins/woo-advanced-product-size-chart/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-advanced-product-size-chart,medium
+  tags: cve,wordpress,wp-plugin,woo-advanced-product-size-chart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-alidropship-f3d781217508c2a98509cd1c1ad7df6d.yaml b/nuclei-templates/cve-less/plugins/woo-alidropship-f3d781217508c2a98509cd1c1ad7df6d.yaml
index 562d0a7ab7..9c3017cf54 100644
--- a/nuclei-templates/cve-less/plugins/woo-alidropship-f3d781217508c2a98509cd1c1ad7df6d.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-alidropship-f3d781217508c2a98509cd1c1ad7df6d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 - Missing Authorization to Order Information Disclosure
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ALD Dropping and Fulfillment for AliExpress and WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data in versions up to, and including, 1.0.21. This is due to missing capability checks on several functions such as the 'update_ali_order_id', 'ob_get_clean', and 'get_ali_order_detail' functions to name a few. This makes it possible for unauthenticated attackers to retrieve order information or possibly make (minor) changes to an order.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-alidropship/"
     google-query: inurl:"/wp-content/plugins/woo-alidropship/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-alidropship,medium
+  tags: cve,wordpress,wp-plugin,woo-alidropship,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-authorize-net-gateway-aim-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-authorize-net-gateway-aim-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9453433d4d..97c48bd757 100644
--- a/nuclei-templates/cve-less/plugins/woo-authorize-net-gateway-aim-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-authorize-net-gateway-aim-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-authorize-net-gateway-aim/"
     google-query: inurl:"/wp-content/plugins/woo-authorize-net-gateway-aim/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-authorize-net-gateway-aim,medium
+  tags: cve,wordpress,wp-plugin,woo-authorize-net-gateway-aim,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 645bbb5bc3..cae9875460 100644
--- a/nuclei-templates/cve-less/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/"
     google-query: inurl:"/wp-content/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers,medium
+  tags: cve,wordpress,wp-plugin,woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-edit-products-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-edit-products-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 84d235e81c..036a983816 100644
--- a/nuclei-templates/cve-less/plugins/woo-bulk-edit-products-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-bulk-edit-products-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-bulk-edit-products/"
     google-query: inurl:"/wp-content/plugins/woo-bulk-edit-products/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-bulk-edit-products,medium
+  tags: cve,wordpress,wp-plugin,woo-bulk-edit-products,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-category-slider-by-pluginever-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/woo-category-slider-by-pluginever-18966e8228314b8165d39d48519f43cc.yaml
index e5d01fdea4..c586605ff4 100644
--- a/nuclei-templates/cve-less/plugins/woo-category-slider-by-pluginever-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-category-slider-by-pluginever-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-category-slider-by-pluginever/"
     google-query: inurl:"/wp-content/plugins/woo-category-slider-by-pluginever/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-category-slider-by-pluginever,medium
+  tags: cve,wordpress,wp-plugin,woo-category-slider-by-pluginever,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-checkout-for-digital-goods-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-checkout-for-digital-goods-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e59d8ea4f5..55054b2151 100644
--- a/nuclei-templates/cve-less/plugins/woo-checkout-for-digital-goods-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-checkout-for-digital-goods-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-checkout-for-digital-goods/"
     google-query: inurl:"/wp-content/plugins/woo-checkout-for-digital-goods/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-checkout-for-digital-goods,medium
+  tags: cve,wordpress,wp-plugin,woo-checkout-for-digital-goods,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-conditional-discount-rules-for-checkout-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-conditional-discount-rules-for-checkout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5ea74778d3..5aed6af82e 100644
--- a/nuclei-templates/cve-less/plugins/woo-conditional-discount-rules-for-checkout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-conditional-discount-rules-for-checkout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-conditional-discount-rules-for-checkout/"
     google-query: inurl:"/wp-content/plugins/woo-conditional-discount-rules-for-checkout/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-conditional-discount-rules-for-checkout,medium
+  tags: cve,wordpress,wp-plugin,woo-conditional-discount-rules-for-checkout,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-conditional-payment-gateways-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-conditional-payment-gateways-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0548346088..8697b79251 100644
--- a/nuclei-templates/cve-less/plugins/woo-conditional-payment-gateways-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-conditional-payment-gateways-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-conditional-payment-gateways/"
     google-query: inurl:"/wp-content/plugins/woo-conditional-payment-gateways/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-conditional-payment-gateways,medium
+  tags: cve,wordpress,wp-plugin,woo-conditional-payment-gateways,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-conditional-product-fees-for-checkout-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-conditional-product-fees-for-checkout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0a36bce0b3..1c08dd0b7f 100644
--- a/nuclei-templates/cve-less/plugins/woo-conditional-product-fees-for-checkout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-conditional-product-fees-for-checkout-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-conditional-product-fees-for-checkout/"
     google-query: inurl:"/wp-content/plugins/woo-conditional-product-fees-for-checkout/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-conditional-product-fees-for-checkout,medium
+  tags: cve,wordpress,wp-plugin,woo-conditional-product-fees-for-checkout,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-country-restrictions-advanced-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-country-restrictions-advanced-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 21f9c4a85d..8c44e19b23 100644
--- a/nuclei-templates/cve-less/plugins/woo-country-restrictions-advanced-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-country-restrictions-advanced-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-country-restrictions-advanced/"
     google-query: inurl:"/wp-content/plugins/woo-country-restrictions-advanced/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-country-restrictions-advanced,medium
+  tags: cve,wordpress,wp-plugin,woo-country-restrictions-advanced,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-coupon-usage-4ea02dc94cad5b57a77c42e7c7c8d042.yaml b/nuclei-templates/cve-less/plugins/woo-coupon-usage-4ea02dc94cad5b57a77c42e7c7c8d042.yaml
index 50b3008f1b..0b9521bb0c 100644
--- a/nuclei-templates/cve-less/plugins/woo-coupon-usage-4ea02dc94cad5b57a77c42e7c7c8d042.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-coupon-usage-4ea02dc94cad5b57a77c42e7c7c8d042.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Affiliate Plugin – Coupon Affiliates < 4.11.3.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WooCommerce Affiliate Plugin – Coupon Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 4.11.3.4. This is due to missing or incorrect nonce validation on the delete_click_entry function. This makes it possible for unauthenticated attackers to arbitrarily delete referral visits via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-coupon-usage/"
     google-query: inurl:"/wp-content/plugins/woo-coupon-usage/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-coupon-usage,high
+  tags: cve,wordpress,wp-plugin,woo-coupon-usage,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-coupon-usage-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-coupon-usage-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cf0ccde25a..1e5be3b8c2 100644
--- a/nuclei-templates/cve-less/plugins/woo-coupon-usage-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-coupon-usage-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-coupon-usage/"
     google-query: inurl:"/wp-content/plugins/woo-coupon-usage/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-coupon-usage,medium
+  tags: cve,wordpress,wp-plugin,woo-coupon-usage,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-coupons-bulk-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-coupons-bulk-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0e11f4e88f..045619d094 100644
--- a/nuclei-templates/cve-less/plugins/woo-coupons-bulk-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-coupons-bulk-editor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-coupons-bulk-editor/"
     google-query: inurl:"/wp-content/plugins/woo-coupons-bulk-editor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-coupons-bulk-editor,medium
+  tags: cve,wordpress,wp-plugin,woo-coupons-bulk-editor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-custom-checkout-field-5e5aa6772ed81579447472ccdd176622.yaml b/nuclei-templates/cve-less/plugins/woo-custom-checkout-field-5e5aa6772ed81579447472ccdd176622.yaml
index 8b63a9bdc5..f076af51d3 100644
--- a/nuclei-templates/cve-less/plugins/woo-custom-checkout-field-5e5aa6772ed81579447472ccdd176622.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-custom-checkout-field-5e5aa6772ed81579447472ccdd176622.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woo Custom Checkout Field < 1.3.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Woo Custom Checkout Field plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions before 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-custom-checkout-field/"
     google-query: inurl:"/wp-content/plugins/woo-custom-checkout-field/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-custom-checkout-field,medium
+  tags: cve,wordpress,wp-plugin,woo-custom-checkout-field,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-customers-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-customers-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1cfd449c86..b4ca3b23d5 100644
--- a/nuclei-templates/cve-less/plugins/woo-customers-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-customers-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-customers-manager/"
     google-query: inurl:"/wp-content/plugins/woo-customers-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-customers-manager,medium
+  tags: cve,wordpress,wp-plugin,woo-customers-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-customers-order-history-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-customers-order-history-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e7b7f68ba1..e978f360cd 100644
--- a/nuclei-templates/cve-less/plugins/woo-customers-order-history-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-customers-order-history-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-customers-order-history/"
     google-query: inurl:"/wp-content/plugins/woo-customers-order-history/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-customers-order-history,medium
+  tags: cve,wordpress,wp-plugin,woo-customers-order-history,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-customers-spreadsheet-bulk-edit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-customers-spreadsheet-bulk-edit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 24c9e1fe28..3486256f1a 100644
--- a/nuclei-templates/cve-less/plugins/woo-customers-spreadsheet-bulk-edit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-customers-spreadsheet-bulk-edit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-customers-spreadsheet-bulk-edit/"
     google-query: inurl:"/wp-content/plugins/woo-customers-spreadsheet-bulk-edit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-customers-spreadsheet-bulk-edit,medium
+  tags: cve,wordpress,wp-plugin,woo-customers-spreadsheet-bulk-edit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-discount-rules-b3abc33ac5c0eee824c171ffc996d70e.yaml b/nuclei-templates/cve-less/plugins/woo-discount-rules-b3abc33ac5c0eee824c171ffc996d70e.yaml
index b1864f58ae..60ca5d0e3d 100644
--- a/nuclei-templates/cve-less/plugins/woo-discount-rules-b3abc33ac5c0eee824c171ffc996d70e.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-discount-rules-b3abc33ac5c0eee824c171ffc996d70e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Discount Rules for WooCommerce <= 2.0.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-discount-rules/"
     google-query: inurl:"/wp-content/plugins/woo-discount-rules/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-discount-rules,medium
+  tags: cve,wordpress,wp-plugin,woo-discount-rules,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-discount-rules-d3067d7741f8700134e947d8ed10ad79.yaml b/nuclei-templates/cve-less/plugins/woo-discount-rules-d3067d7741f8700134e947d8ed10ad79.yaml
index 21bcca8e8c..614682038c 100644
--- a/nuclei-templates/cve-less/plugins/woo-discount-rules-d3067d7741f8700134e947d8ed10ad79.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-discount-rules-d3067d7741f8700134e947d8ed10ad79.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Discount Rules for WooCommerce <= 2.2.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.2.0 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying discount rules.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-discount-rules/"
     google-query: inurl:"/wp-content/plugins/woo-discount-rules/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-discount-rules,medium
+  tags: cve,wordpress,wp-plugin,woo-discount-rules,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-ecommerce-tracking-for-google-and-facebook-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-ecommerce-tracking-for-google-and-facebook-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index bf95d563b4..0506027ab7 100644
--- a/nuclei-templates/cve-less/plugins/woo-ecommerce-tracking-for-google-and-facebook-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-ecommerce-tracking-for-google-and-facebook-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/"
     google-query: inurl:"/wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-ecommerce-tracking-for-google-and-facebook,medium
+  tags: cve,wordpress,wp-plugin,woo-ecommerce-tracking-for-google-and-facebook,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-extra-cost-67ed94f8d8db54b41e53c8a3a1c3d065.yaml b/nuclei-templates/cve-less/plugins/woo-extra-cost-67ed94f8d8db54b41e53c8a3a1c3d065.yaml
index 1203648812..c0ff8ebdb3 100644
--- a/nuclei-templates/cve-less/plugins/woo-extra-cost-67ed94f8d8db54b41e53c8a3a1c3d065.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-extra-cost-67ed94f8d8db54b41e53c8a3a1c3d065.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Extra Cost <= 2.6 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WooCommerce Extra Cost plugins for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the 'save_extra_cost' method. This makes it possible for unauthenticated attackers to gain restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-extra-cost/"
     google-query: inurl:"/wp-content/plugins/woo-extra-cost/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-extra-cost,high
+  tags: cve,wordpress,wp-plugin,woo-extra-cost,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-extra-flat-rate-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-extra-flat-rate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8aa8b6f5e4..a2fed2c446 100644
--- a/nuclei-templates/cve-less/plugins/woo-extra-flat-rate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-extra-flat-rate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-extra-flat-rate/"
     google-query: inurl:"/wp-content/plugins/woo-extra-flat-rate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-extra-flat-rate,medium
+  tags: cve,wordpress,wp-plugin,woo-extra-flat-rate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-fiscalita-italiana-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-fiscalita-italiana-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index eb8ac521c7..cbb8b3e4ec 100644
--- a/nuclei-templates/cve-less/plugins/woo-fiscalita-italiana-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-fiscalita-italiana-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-fiscalita-italiana/"
     google-query: inurl:"/wp-content/plugins/woo-fiscalita-italiana/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-fiscalita-italiana,medium
+  tags: cve,wordpress,wp-plugin,woo-fiscalita-italiana,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-floating-cart-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-floating-cart-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index fb7957c3fb..e3576feef8 100644
--- a/nuclei-templates/cve-less/plugins/woo-floating-cart-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-floating-cart-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-floating-cart-lite/"
     google-query: inurl:"/wp-content/plugins/woo-floating-cart-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-floating-cart-lite,medium
+  tags: cve,wordpress,wp-plugin,woo-floating-cart-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-gerencianet-official-121f872296f7b7ce0005b54c410bc320.yaml b/nuclei-templates/cve-less/plugins/woo-gerencianet-official-121f872296f7b7ce0005b54c410bc320.yaml
index 5e2f5a29ca..846ef562c4 100644
--- a/nuclei-templates/cve-less/plugins/woo-gerencianet-official-121f872296f7b7ce0005b54c410bc320.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-gerencianet-official-121f872296f7b7ce0005b54c410bc320.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Gerencianet Oficial <= 1.4.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Gerencianet Oficial plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to invoke functions intended for handling payment information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-gerencianet-official/"
     google-query: inurl:"/wp-content/plugins/woo-gerencianet-official/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-gerencianet-official,medium
+  tags: cve,wordpress,wp-plugin,woo-gerencianet-official,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-lucky-wheel-3ef982ad02fa7fc67bd896ba5c9c238f.yaml b/nuclei-templates/cve-less/plugins/woo-lucky-wheel-3ef982ad02fa7fc67bd896ba5c9c238f.yaml
index 6b173f1bd5..16024700e7 100644
--- a/nuclei-templates/cve-less/plugins/woo-lucky-wheel-3ef982ad02fa7fc67bd896ba5c9c238f.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-lucky-wheel-3ef982ad02fa7fc67bd896ba5c9c238f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Lucky Wheel for WooCommerce – Spin a Sale <= 1.0.10 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to Reflected and Stored Cross-Site Scripting via several parameters found in the /admin/admin.php file.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-lucky-wheel/"
     google-query: inurl:"/wp-content/plugins/woo-lucky-wheel/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-lucky-wheel,medium
+  tags: cve,wordpress,wp-plugin,woo-lucky-wheel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-merchantx-775b75e12971ef700fb478179dfd07a1.yaml b/nuclei-templates/cve-less/plugins/woo-merchantx-775b75e12971ef700fb478179dfd07a1.yaml
index 3e0979e97e..f8c00213cd 100644
--- a/nuclei-templates/cve-less/plugins/woo-merchantx-775b75e12971ef700fb478179dfd07a1.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-merchantx-775b75e12971ef700fb478179dfd07a1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woo MerchantX <= 1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Woo MerchantX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'merchantx_stepOne_addBilling', 'merchantx_stepOne' and 'merchantx_deletePaymentMethod' functions. This makes it possible for unauthenticated attackers to gain restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-merchantx/"
     google-query: inurl:"/wp-content/plugins/woo-merchantx/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-merchantx,high
+  tags: cve,wordpress,wp-plugin,woo-merchantx,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-nmi-three-step-3be6a8dd2db55478dab854bd989a4208.yaml b/nuclei-templates/cve-less/plugins/woo-nmi-three-step-3be6a8dd2db55478dab854bd989a4208.yaml
index 59dde0025e..c767a28fb9 100644
--- a/nuclei-templates/cve-less/plugins/woo-nmi-three-step-3be6a8dd2db55478dab854bd989a4208.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-nmi-three-step-3be6a8dd2db55478dab854bd989a4208.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     NMI Gateway For WooCommerce <= 1.6.11 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The NMI Gateway For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the 'bng701_stepOne_addBilling', 'bng701_stepOne' and 'bng701_deletePaymentMethod' functions. This makes it possible for unauthenticated attackers to gain otherwise restricted access to other users' accounts and perform unwanted actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-nmi-three-step/"
     google-query: inurl:"/wp-content/plugins/woo-nmi-three-step/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-nmi-three-step,high
+  tags: cve,wordpress,wp-plugin,woo-nmi-three-step,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-paylate-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-paylate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e13138c672..9057348973 100644
--- a/nuclei-templates/cve-less/plugins/woo-paylate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-paylate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-paylate/"
     google-query: inurl:"/wp-content/plugins/woo-paylate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-paylate,medium
+  tags: cve,wordpress,wp-plugin,woo-paylate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-permalink-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-permalink-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 517431bae7..52c689ec24 100644
--- a/nuclei-templates/cve-less/plugins/woo-permalink-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-permalink-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-permalink-manager/"
     google-query: inurl:"/wp-content/plugins/woo-permalink-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-permalink-manager,medium
+  tags: cve,wordpress,wp-plugin,woo-permalink-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-product-attachment-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-product-attachment-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index eea5b02936..28ee7e179f 100644
--- a/nuclei-templates/cve-less/plugins/woo-product-attachment-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-product-attachment-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-attachment/"
     google-query: inurl:"/wp-content/plugins/woo-product-attachment/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-product-attachment,medium
+  tags: cve,wordpress,wp-plugin,woo-product-attachment,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-18966e8228314b8165d39d48519f43cc.yaml
index 774b327722..651fc19bb0 100644
--- a/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/"
     google-query: inurl:"/wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-product-carousel-slider-and-grid-ultimate,medium
+  tags: cve,wordpress,wp-plugin,woo-product-carousel-slider-and-grid-ultimate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-ace737eb3d27f2ecec85cbe6fb6964e9.yaml b/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-ace737eb3d27f2ecec85cbe6fb6964e9.yaml
index 6998260fab..3d0ba3f93e 100644
--- a/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-ace737eb3d27f2ecec85cbe6fb6964e9.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-ace737eb3d27f2ecec85cbe6fb6964e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Product Carousel, Slider & Grid Ultimate <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce Product Carousel, Slider & Grid Ultimate plugin for WordPress, versions up to and including 1.8.6, is vulnerable to Cross-Site Scripting. The script /includes/carousel.php (as well as other setting-related scripts) does not sanitize user input. This allows a lower-level user (contributor and higher) to insert JavaScript into the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/"
     google-query: inurl:"/wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-product-carousel-slider-and-grid-ultimate,medium
+  tags: cve,wordpress,wp-plugin,woo-product-carousel-slider-and-grid-ultimate,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-product-gallery-slider-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/woo-product-gallery-slider-18966e8228314b8165d39d48519f43cc.yaml
index 39b6e0b5f1..e4ffddcd0d 100644
--- a/nuclei-templates/cve-less/plugins/woo-product-gallery-slider-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-product-gallery-slider-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-gallery-slider/"
     google-query: inurl:"/wp-content/plugins/woo-product-gallery-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-product-gallery-slider,medium
+  tags: cve,wordpress,wp-plugin,woo-product-gallery-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-product-reviews-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-product-reviews-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9fde30d5ec..cfd5c30f1d 100644
--- a/nuclei-templates/cve-less/plugins/woo-product-reviews-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-product-reviews-shortcode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-product-reviews-shortcode/"
     google-query: inurl:"/wp-content/plugins/woo-product-reviews-shortcode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-product-reviews-shortcode,medium
+  tags: cve,wordpress,wp-plugin,woo-product-reviews-shortcode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-products-widgets-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-products-widgets-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 99cf750b14..a74a9e9efb 100644
--- a/nuclei-templates/cve-less/plugins/woo-products-widgets-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-products-widgets-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-products-widgets-for-elementor/"
     google-query: inurl:"/wp-content/plugins/woo-products-widgets-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-products-widgets-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,woo-products-widgets-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-razorpay-d60970bed3416d1d0688f40201a3d447.yaml b/nuclei-templates/cve-less/plugins/woo-razorpay-d60970bed3416d1d0688f40201a3d447.yaml
index 640cf3bd03..28db9c11d4 100644
--- a/nuclei-templates/cve-less/plugins/woo-razorpay-d60970bed3416d1d0688f40201a3d447.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-razorpay-d60970bed3416d1d0688f40201a3d447.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Razorpay for WooCommerce <= 4.5.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification due to a missing capability check on several functions hooked via admin_post in all versions up to, and including, 4.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update, direct, create, and reverse transfers through the plugin.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-razorpay/"
     google-query: inurl:"/wp-content/plugins/woo-razorpay/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-razorpay,medium
+  tags: cve,wordpress,wp-plugin,woo-razorpay,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-reviews-by-wiremo-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/woo-reviews-by-wiremo-18966e8228314b8165d39d48519f43cc.yaml
index 7a1bfa5c3e..3b668908f0 100644
--- a/nuclei-templates/cve-less/plugins/woo-reviews-by-wiremo-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-reviews-by-wiremo-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-reviews-by-wiremo/"
     google-query: inurl:"/wp-content/plugins/woo-reviews-by-wiremo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-reviews-by-wiremo,medium
+  tags: cve,wordpress,wp-plugin,woo-reviews-by-wiremo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-seo-addon-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-seo-addon-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e4ccc0e349..b862d53bad 100644
--- a/nuclei-templates/cve-less/plugins/woo-seo-addon-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-seo-addon-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-seo-addon/"
     google-query: inurl:"/wp-content/plugins/woo-seo-addon/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-seo-addon,medium
+  tags: cve,wordpress,wp-plugin,woo-seo-addon,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-shipping-display-mode-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-shipping-display-mode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3f8c3a384d..491da9a391 100644
--- a/nuclei-templates/cve-less/plugins/woo-shipping-display-mode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-shipping-display-mode-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-shipping-display-mode/"
     google-query: inurl:"/wp-content/plugins/woo-shipping-display-mode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-shipping-display-mode,medium
+  tags: cve,wordpress,wp-plugin,woo-shipping-display-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-swatches-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-swatches-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8328236f5c..bf860fd65b 100644
--- a/nuclei-templates/cve-less/plugins/woo-swatches-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-swatches-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-swatches-manager/"
     google-query: inurl:"/wp-content/plugins/woo-swatches-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-swatches-manager,medium
+  tags: cve,wordpress,wp-plugin,woo-swatches-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-ukrposhta-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-ukrposhta-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a8dfef91e8..6ae8a35d8b 100644
--- a/nuclei-templates/cve-less/plugins/woo-ukrposhta-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-ukrposhta-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-ukrposhta/"
     google-query: inurl:"/wp-content/plugins/woo-ukrposhta/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-ukrposhta,medium
+  tags: cve,wordpress,wp-plugin,woo-ukrposhta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-e718f73216a4ec4310297c0a9de0ac63.yaml b/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-e718f73216a4ec4310297c0a9de0ac63.yaml
index 8da723e7e6..c258459f90 100644
--- a/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-e718f73216a4ec4310297c0a9de0ac63.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-e718f73216a4ec4310297c0a9de0ac63.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woocommerce Vietnam Checkout <= 2.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Woocommerce Vietnam Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-vietnam-checkout/"
     google-query: inurl:"/wp-content/plugins/woo-vietnam-checkout/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-vietnam-checkout,medium
+  tags: cve,wordpress,wp-plugin,woo-vietnam-checkout,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-wholesale-pricing-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woo-wholesale-pricing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d33c2f6016..f75c474d07 100644
--- a/nuclei-templates/cve-less/plugins/woo-wholesale-pricing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-wholesale-pricing-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woo-wholesale-pricing/"
     google-query: inurl:"/wp-content/plugins/woo-wholesale-pricing/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-wholesale-pricing,medium
+  tags: cve,wordpress,wp-plugin,woo-wholesale-pricing,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woo-widget-product-slideshow-2961759aa56e979f7c4730d8320eec28.yaml b/nuclei-templates/cve-less/plugins/woo-widget-product-slideshow-2961759aa56e979f7c4730d8320eec28.yaml
index c5684d59f0..5b4ce1a0f4 100644
--- a/nuclei-templates/cve-less/plugins/woo-widget-product-slideshow-2961759aa56e979f7c4730d8320eec28.yaml
+++ b/nuclei-templates/cve-less/plugins/woo-widget-product-slideshow-2961759aa56e979f7c4730d8320eec28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The following plugins for WordPress are vulnerable to Cross-Site Request Forgery:
                         
@@ -21,7 +21,7 @@ info:
     fofa-query: "wp-content/plugins/woo-widget-product-slideshow/"
     google-query: inurl:"/wp-content/plugins/woo-widget-product-slideshow/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woo-widget-product-slideshow,high
+  tags: cve,wordpress,wp-plugin,woo-widget-product-slideshow,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-57d45ec0a5be7d9e2195cf95b8c7f148.yaml b/nuclei-templates/cve-less/plugins/woocommerce-57d45ec0a5be7d9e2195cf95b8c7f148.yaml
index 30f88ccc48..66b02ffbd5 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-57d45ec0a5be7d9e2195cf95b8c7f148.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-57d45ec0a5be7d9e2195cf95b8c7f148.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 3.5.1 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce plugin for WordPress is vulnerable to Cross-Site Scripting due to sanitization and escaping on an unspecific variable, that makes it possible for attackers to inject arbitrary web scripts into pages. This affects versions up to 3.5.0, and can be exploited by users with write-access API keys.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-754810521866facb83b95cb8c9ef612b.yaml b/nuclei-templates/cve-less/plugins/woocommerce-754810521866facb83b95cb8c9ef612b.yaml
index 6bc794f49c..6c4693f420 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-754810521866facb83b95cb8c9ef612b.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-754810521866facb83b95cb8c9ef612b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 2.0.17 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.0.17 via the 'hide-wc-extensions-message' parameter due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser session.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-774e498835f1c205f8e5e4fbdea2e637.yaml b/nuclei-templates/cve-less/plugins/woocommerce-774e498835f1c205f8e5e4fbdea2e637.yaml
index b82bbc983f..7e767b687d 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-774e498835f1c205f8e5e4fbdea2e637.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-774e498835f1c205f8e5e4fbdea2e637.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <=  2.6.3 - Stored Cross-Site Scripting via REST-API
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image uploader feature powered by the /wc-api/v3/products/categories/ REST-API in versions up to, and including, 2.6.3 due to insufficient filetype validation. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-96783cf4f584cdb85a4c3bf872b8f294.yaml b/nuclei-templates/cve-less/plugins/woocommerce-96783cf4f584cdb85a4c3bf872b8f294.yaml
index 1234cce6b8..00cc26e622 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-96783cf4f584cdb85a4c3bf872b8f294.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-96783cf4f584cdb85a4c3bf872b8f294.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 7.0.0 - Authenticated(Shop Manager+) Sensitive Information Exposure
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.0. This can allow authenticated attackers with Shop Manager privileges or above to extract sensitive user metadata including session tokens.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-e28866aa63369c2f108c411b915f57f5.yaml b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-e28866aa63369c2f108c411b915f57f5.yaml
index c5f3a39e46..57d93d40dc 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-e28866aa63369c2f108c411b915f57f5.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-e28866aa63369c2f108c411b915f57f5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Abandoned Cart Lite for WooCommerce < 1.9 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the ‘orderby’ and 'order' parameters in versions up to, and including, 1.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with editor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-abandoned-cart/"
     google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,high
+  tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-beta-tester-ef09f842dc72675ee253130a4cf363a3.yaml b/nuclei-templates/cve-less/plugins/woocommerce-beta-tester-ef09f842dc72675ee253130a4cf363a3.yaml
index 35691058bc..a02327fa89 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-beta-tester-ef09f842dc72675ee253130a4cf363a3.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-beta-tester-ef09f842dc72675ee253130a4cf363a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Beta Tester < 2.2.4 - Authenticated (Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WooCommerce Beta Tester plugin for WordPress is vulnerable to SQL Injection in versions prior to 2.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator or Shop Manager privileges and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-beta-tester/"
     google-query: inurl:"/wp-content/plugins/woocommerce-beta-tester/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-beta-tester,high
+  tags: cve,wordpress,wp-plugin,woocommerce-beta-tester,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager-ebcec202e20e94c78709b42424b149aa.yaml b/nuclei-templates/cve-less/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager-ebcec202e20e94c78709b42424b149aa.yaml
index 6fe95f07e7..d383ab4841 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager-ebcec202e20e94c78709b42424b149aa.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager-ebcec202e20e94c78709b42424b149aa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     BuddyPress xProfile Checkout Manager for WooCommerce <= 1.3.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The BuddyPress xProfile Checkout Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bf_xprofile_options’ parameter in versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager/"
     google-query: inurl:"/wp-content/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-buddypress-integration-xprofile-checkout-manager,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-buddypress-integration-xprofile-checkout-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-bulk-order-form-24628850cd8464ffd20b56d41e476477.yaml b/nuclei-templates/cve-less/plugins/woocommerce-bulk-order-form-24628850cd8464ffd20b56d41e476477.yaml
index 8cd8cce964..95e6eeba12 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-bulk-order-form-24628850cd8464ffd20b56d41e476477.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-bulk-order-form-24628850cd8464ffd20b56d41e476477.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Bulk Order Form for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-bulk-order-form/"
     google-query: inurl:"/wp-content/plugins/woocommerce-bulk-order-form/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-bulk-order-form,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-bulk-order-form,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-c2df943b1eb079c6b9fb4ba610f1737e.yaml b/nuclei-templates/cve-less/plugins/woocommerce-c2df943b1eb079c6b9fb4ba610f1737e.yaml
index 093572868e..278c31319f 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-c2df943b1eb079c6b9fb4ba610f1737e.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-c2df943b1eb079c6b9fb4ba610f1737e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 3.4.4 - Authenticated PHP Object Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WooCommerce plugin for WordPress is vulnerable to PHP Object Injection by users with access to edit attributes in versions up to, and including 3.4.4.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-f62206ccce82eddd9f38650d3ec27d0d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-f62206ccce82eddd9f38650d3ec27d0d.yaml
index 327d322260..8d50e176f4 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-f62206ccce82eddd9f38650d3ec27d0d.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-f62206ccce82eddd9f38650d3ec27d0d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Product Catalog Mode For Woocommerce <= 5.0.2 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Product Catalog Mode For Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dismiss_mvx_catalog_servive_notice  function in all versions up to 5.0.3 (exclusive). This makes it possible for authenticated attackers, with subscriber access and above, to dismiss admin notifications.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-catalog-enquiry/"
     google-query: inurl:"/wp-content/plugins/woocommerce-catalog-enquiry/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-catalog-enquiry,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-catalog-enquiry,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-compare-products-2961759aa56e979f7c4730d8320eec28.yaml b/nuclei-templates/cve-less/plugins/woocommerce-compare-products-2961759aa56e979f7c4730d8320eec28.yaml
index 9d298890df..83714d3202 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-compare-products-2961759aa56e979f7c4730d8320eec28.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-compare-products-2961759aa56e979f7c4730d8320eec28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The following plugins for WordPress are vulnerable to Cross-Site Request Forgery:
                             
@@ -21,7 +21,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-compare-products/"
     google-query: inurl:"/wp-content/plugins/woocommerce-compare-products/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-compare-products,high
+  tags: cve,wordpress,wp-plugin,woocommerce-compare-products,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-compare-products-b935aac9392ea74d48c16c20e8b0b995.yaml b/nuclei-templates/cve-less/plugins/woocommerce-compare-products-b935aac9392ea74d48c16c20e8b0b995.yaml
index 851b9e322a..2a4962cca3 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-compare-products-b935aac9392ea74d48c16c20e8b0b995.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-compare-products-b935aac9392ea74d48c16c20e8b0b995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The a3 Lazy Load, a3 Portfolio, Contact Us Page – Contact People, Dynamic Product Gallery for WooCommerce, a3 Responsive Slider, and Compare Products for WooCommerce plugins for WordPress are vulnerable to Cross-Site Request Forgery respectively in versions up to, and including, 2.5.0, 3.0.0, 3.6.0, 2.9.0, 2.0.12, 2.8.0. This is due to missing nonce validation on the save_settings function present in all three plugins. This makes it possible for unauthenticated attackers to to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.  
                     
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-compare-products/"
     google-query: inurl:"/wp-content/plugins/woocommerce-compare-products/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-compare-products,high
+  tags: cve,wordpress,wp-plugin,woocommerce-compare-products,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-18966e8228314b8165d39d48519f43cc.yaml
index b266fb8c15..8425b25a45 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-conversion-tracking/"
     google-query: inurl:"/wp-content/plugins/woocommerce-conversion-tracking/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-552bb0df3849cc75dcf6d19f97ba3b05.yaml b/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-552bb0df3849cc75dcf6d19f97ba3b05.yaml
index 56a4087cf4..63e28253c2 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-552bb0df3849cc75dcf6d19f97ba3b05.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-552bb0df3849cc75dcf6d19f97ba3b05.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Conversion Tracking <= 2.0.4 - Cross-Site Request Forgery and Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WooCommerce Conversion Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery and Cross-Site Scripting in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping along with insufficient nonce validation on the wcct_save_settings() function. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser via a forged request.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-conversion-tracking/"
     google-query: inurl:"/wp-content/plugins/woocommerce-conversion-tracking/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,high
+  tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-country-based-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-country-based-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 10c7379cba..ed2cd63c46 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-country-based-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-country-based-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-country-based-payments/"
     google-query: inurl:"/wp-content/plugins/woocommerce-country-based-payments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-country-based-payments,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-country-based-payments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-custom-product-tabs-lite-32cfeb3b1e33f847bf448188352666fd.yaml b/nuclei-templates/cve-less/plugins/woocommerce-custom-product-tabs-lite-32cfeb3b1e33f847bf448188352666fd.yaml
index 2072ffdf46..e09db47803 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-custom-product-tabs-lite-32cfeb3b1e33f847bf448188352666fd.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-custom-product-tabs-lite-32cfeb3b1e33f847bf448188352666fd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Custom Product Tabs Lite for WooCommerce <= 1.7.6 - Authenticated (Store Manager+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Custom Product Tabs Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wc_custom_product_tabs_lite_tab_title' parameter in versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-custom-product-tabs-lite/"
     google-query: inurl:"/wp-content/plugins/woocommerce-custom-product-tabs-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-custom-product-tabs-lite,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-custom-product-tabs-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-367546d5612217d94f1a8cf076937dba.yaml b/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-367546d5612217d94f1a8cf076937dba.yaml
index f74f0274f5..69cbb26ac9 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-367546d5612217d94f1a8cf076937dba.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-367546d5612217d94f1a8cf076937dba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woocommerce Customers Manager <= 26.4 - Authenticated Account Creation and Privilege Escalation
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Woocommerce Customers Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability checks in the user import in versions up to, and including, 26.4. This makes it possible for Subscriber-level attackers to import arbitrary user information to create or update administrative accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-customers-manager/"
     google-query: inurl:"/wp-content/plugins/woocommerce-customers-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,high
+  tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-95abb58d27d0cf8744e0e12e5ec2a346.yaml b/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-95abb58d27d0cf8744e0e12e5ec2a346.yaml
index 3c1266c050..84c8fbd123 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-95abb58d27d0cf8744e0e12e5ec2a346.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-95abb58d27d0cf8744e0e12e5ec2a346.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woocommerce Customers Manager <= 26.5 - Cross-Site Request Forgery to Account Creation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Woocommerce Customers Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 26.5. This makes it possible for unauthenticated attackers to create new accounts via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-customers-manager/"
     google-query: inurl:"/wp-content/plugins/woocommerce-customers-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,high
+  tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-d12b3c547439468c334a187596dd5c5f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-d12b3c547439468c334a187596dd5c5f.yaml
index 26bd78896a..437e95c888 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-d12b3c547439468c334a187596dd5c5f.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-d12b3c547439468c334a187596dd5c5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 3.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WooCommerce plugin for WordPress is vulnerable to Cross-Site Request forgery in versions up to, and including 3.6.4, due to the CSV importer actions missing a nonce validation.  This makes it possible for attackers with at least author privileges to embed script code in a CSV, upload it to the target site, and then trick an administrator into uploading the CSV injected payload to a product description via a forged request all granted they can trick them into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce,high
+  tags: cve,wordpress,wp-plugin,woocommerce,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-dynamic-gallery-2961759aa56e979f7c4730d8320eec28.yaml b/nuclei-templates/cve-less/plugins/woocommerce-dynamic-gallery-2961759aa56e979f7c4730d8320eec28.yaml
index 9c506cde6d..89a0624366 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-dynamic-gallery-2961759aa56e979f7c4730d8320eec28.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-dynamic-gallery-2961759aa56e979f7c4730d8320eec28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The following plugins for WordPress are vulnerable to Cross-Site Request Forgery:
         
@@ -21,7 +21,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-dynamic-gallery/"
     google-query: inurl:"/wp-content/plugins/woocommerce-dynamic-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-dynamic-gallery,high
+  tags: cve,wordpress,wp-plugin,woocommerce-dynamic-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-dynamic-gallery-b935aac9392ea74d48c16c20e8b0b995.yaml b/nuclei-templates/cve-less/plugins/woocommerce-dynamic-gallery-b935aac9392ea74d48c16c20e8b0b995.yaml
index 689ffd660a..50f3ea9631 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-dynamic-gallery-b935aac9392ea74d48c16c20e8b0b995.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-dynamic-gallery-b935aac9392ea74d48c16c20e8b0b995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The a3 Lazy Load, a3 Portfolio, Contact Us Page – Contact People, Dynamic Product Gallery for WooCommerce, a3 Responsive Slider, and Compare Products for WooCommerce plugins for WordPress are vulnerable to Cross-Site Request Forgery respectively in versions up to, and including, 2.5.0, 3.0.0, 3.6.0, 2.9.0, 2.0.12, 2.8.0. This is due to missing nonce validation on the save_settings function present in all three plugins. This makes it possible for unauthenticated attackers to to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.  
         
@@ -19,7 +19,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-dynamic-gallery/"
     google-query: inurl:"/wp-content/plugins/woocommerce-dynamic-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-dynamic-gallery,high
+  tags: cve,wordpress,wp-plugin,woocommerce-dynamic-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-e456b215f29a4067fb78fdf79a4f6d54.yaml b/nuclei-templates/cve-less/plugins/woocommerce-e456b215f29a4067fb78fdf79a4f6d54.yaml
index 969cd5b898..5e387a84ad 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-e456b215f29a4067fb78fdf79a4f6d54.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-e456b215f29a4067fb78fdf79a4f6d54.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce <= 2.6.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image EXIF metadata in versions up to, and including, 2.6.2 due to insufficient validation on image files EXIF content. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce/"
     google-query: inurl:"/wp-content/plugins/woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce,medium
+  tags: cve,wordpress,wp-plugin,woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-es-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-es-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 12469236c9..2bbb6af733 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-es-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-es-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-es/"
     google-query: inurl:"/wp-content/plugins/woocommerce-es/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-es,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-es,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-eu-vat-assistant-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-eu-vat-assistant-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a091bc64ab..4d0684cccd 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-eu-vat-assistant-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-eu-vat-assistant-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-eu-vat-assistant/"
     google-query: inurl:"/wp-content/plugins/woocommerce-eu-vat-assistant/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-eu-vat-assistant,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-eu-vat-assistant,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-exporter-0a7c54bda59de606bfaad194d1e6aebd.yaml b/nuclei-templates/cve-less/plugins/woocommerce-exporter-0a7c54bda59de606bfaad194d1e6aebd.yaml
index 2cfb0387f9..8ea7c62b26 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-exporter-0a7c54bda59de606bfaad194d1e6aebd.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-exporter-0a7c54bda59de606bfaad194d1e6aebd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce – Store Exporter <= 1.7.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce – Store Exporter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the  'export_filename' parameter in versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-exporter/"
     google-query: inurl:"/wp-content/plugins/woocommerce-exporter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-exporter,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-exporter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-extra-charges-to-payment-gateways-b3d7ce698d96885aab2b92e8488d08ec.yaml b/nuclei-templates/cve-less/plugins/woocommerce-extra-charges-to-payment-gateways-b3d7ce698d96885aab2b92e8488d08ec.yaml
index 45fe055f01..f894421d83 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-extra-charges-to-payment-gateways-b3d7ce698d96885aab2b92e8488d08ec.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-extra-charges-to-payment-gateways-b3d7ce698d96885aab2b92e8488d08ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Extra Charges To Payment Gateway For WooCommerce <= 2.0.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Extra Charges To Payment Gateway For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the add_form_fields() method, hooked to the admin_head action in versions up to, and including, 2.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthorized (subscriber-level) attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-extra-charges-to-payment-gateways/"
     google-query: inurl:"/wp-content/plugins/woocommerce-extra-charges-to-payment-gateways/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-extra-charges-to-payment-gateways,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-extra-charges-to-payment-gateways,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-google-adwords-conversion-tracking-tag-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-google-adwords-conversion-tracking-tag-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d1c627f275..a1e4895693 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-google-adwords-conversion-tracking-tag-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-google-adwords-conversion-tracking-tag-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/"
     google-query: inurl:"/wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-google-adwords-conversion-tracking-tag,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-google-adwords-conversion-tracking-tag,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-7ee31b33feb435cadd87c62f79cebfe3.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-7ee31b33feb435cadd87c62f79cebfe3.yaml
index 5ecca536d1..5b5812e681 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-7ee31b33feb435cadd87c62f79cebfe3.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-7ee31b33feb435cadd87c62f79cebfe3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce 7.0.0 - Authenticated (Shop Manager+) Missing Authorization to Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the 'manage_options' function in versions up to, and including, 7.0.0. This makes it possible for authenticated attackers with Shop Manager privileges to update arbitrary site options.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,high
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-ab678c0df2a17e9783905e758a6050b6.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-ab678c0df2a17e9783905e758a6050b6.yaml
index de0ffbfba3..072d74ed84 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-ab678c0df2a17e9783905e758a6050b6.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-ab678c0df2a17e9783905e758a6050b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 5.6.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.6.1. This is due to missing or incorrect nonce validation on several different functions. This makes it possible for unauthenticated attackers to perform several administrative actions like adding VAT rates, saving metaboxes, importing settings and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,high
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-bea7c217c1714d6e73035b13fbfa872c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-bea7c217c1714d6e73035b13fbfa872c.yaml
index 37dc1b8a6c..662f93b0de 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-bea7c217c1714d6e73035b13fbfa872c.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-bea7c217c1714d6e73035b13fbfa872c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce <= 5.6.8 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.6.8. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,high
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-f91c2602522656e11d82af368c387634.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-f91c2602522656e11d82af368c387634.yaml
index df789ec04b..4ea30c1465 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-f91c2602522656e11d82af368c387634.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-f91c2602522656e11d82af368c387634.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Booster for WooCommerce (Free <= 5.6.2 and Premium <= 5.6.0) - Authenticated (Subscriber+) Order Modification
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Booster for WooCommerce plugin for WordPress is vulnerable to order modification due to a missing capability/authorization check in versions up to, and including, 5.6.2 (free) or 5.6.0 (premium). This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify their own orders, which includes the ability to mark them as paid.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-jetpack/"
     google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pay-per-post-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pay-per-post-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b6c5797856..92c8e55225 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-pay-per-post-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-pay-per-post-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-pay-per-post/"
     google-query: inurl:"/wp-content/plugins/woocommerce-pay-per-post/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-pay-per-post,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-pay-per-post,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-payplug-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-payplug-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e93d3dcdca..4388e702d3 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-payplug-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-payplug-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-payplug/"
     google-query: inurl:"/wp-content/plugins/woocommerce-payplug/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-payplug,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-payplug,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-94f5b565df6f54587e7f38dd2d74f17d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-94f5b565df6f54587e7f38dd2d74f17d.yaml
index 56a9d7762a..3d0d4692dd 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-94f5b565df6f54587e7f38dd2d74f17d.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-94f5b565df6f54587e7f38dd2d74f17d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce PDF Invoices & Packing Slips <=  2.14.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce PDF Invoices & Packing Slips plugin for WordPress is vulnerable to Reflected Cross-Site Scripting  in versions up to, and including, 2.14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/"
     google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-predictive-search-f2d13e82f4916c94ee541da275776204.yaml b/nuclei-templates/cve-less/plugins/woocommerce-predictive-search-f2d13e82f4916c94ee541da275776204.yaml
index 745aa75116..304cf1dd0a 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-predictive-search-f2d13e82f4916c94ee541da275776204.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-predictive-search-f2d13e82f4916c94ee541da275776204.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Predictive Search for WooCommerce <= 1.0.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Predictive Search for WooCommerce plugin for WordPress is vulnerable to Cross-Site Scripting via the predictive search box in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-predictive-search/"
     google-query: inurl:"/wp-content/plugins/woocommerce-predictive-search/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-predictive-search,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-predictive-search,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4f45899bfc..722586e76c 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-product-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-product-payments-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-payments/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-payments/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-payments,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-product-payments,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-sort-and-display-2961759aa56e979f7c4730d8320eec28.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-sort-and-display-2961759aa56e979f7c4730d8320eec28.yaml
index 69d5acdd71..710d05d229 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-product-sort-and-display-2961759aa56e979f7c4730d8320eec28.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-product-sort-and-display-2961759aa56e979f7c4730d8320eec28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The following plugins for WordPress are vulnerable to Cross-Site Request Forgery:
                                 
@@ -21,7 +21,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-product-sort-and-display/"
     google-query: inurl:"/wp-content/plugins/woocommerce-product-sort-and-display/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-product-sort-and-display,high
+  tags: cve,wordpress,wp-plugin,woocommerce-product-sort-and-display,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-quick-view-2961759aa56e979f7c4730d8320eec28.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-quick-view-2961759aa56e979f7c4730d8320eec28.yaml
index 4a2d20d04e..dda11af72f 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-products-quick-view-2961759aa56e979f7c4730d8320eec28.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-products-quick-view-2961759aa56e979f7c4730d8320eec28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The following plugins for WordPress are vulnerable to Cross-Site Request Forgery:
                 
@@ -21,7 +21,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-products-quick-view/"
     google-query: inurl:"/wp-content/plugins/woocommerce-products-quick-view/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-products-quick-view,high
+  tags: cve,wordpress,wp-plugin,woocommerce-products-quick-view,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-quick-view-666b088d7e486f0731500dc6b44206fb.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-quick-view-666b088d7e486f0731500dc6b44206fb.yaml
index 93f003c60c..3ebb8cf5bb 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-products-quick-view-666b088d7e486f0731500dc6b44206fb.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-products-quick-view-666b088d7e486f0731500dc6b44206fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Products Quick View for WooCommerce <= 2.2.0 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Products Quick View for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the quick_view_prettyphoto_custom_template_load() and quick_view_custom_template_load() functions called via AJAX actions in versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to load templates and view products.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-products-quick-view/"
     google-query: inurl:"/wp-content/plugins/woocommerce-products-quick-view/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-products-quick-view,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-products-quick-view,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-services-4f8b1165a8fd4674c47b694bb6769361.yaml b/nuclei-templates/cve-less/plugins/woocommerce-services-4f8b1165a8fd4674c47b694bb6769361.yaml
index 7516a01e2b..c120627c33 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-services-4f8b1165a8fd4674c47b694bb6769361.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-services-4f8b1165a8fd4674c47b694bb6769361.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Shipping & Tax <= 2.2.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WooCommerce Shipping & Tax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-services/"
     google-query: inurl:"/wp-content/plugins/woocommerce-services/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-services,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-services,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-shipping-gateway-per-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-shipping-gateway-per-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b883c26d40..fe3d1c3765 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-shipping-gateway-per-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-shipping-gateway-per-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-shipping-gateway-per-product/"
     google-query: inurl:"/wp-content/plugins/woocommerce-shipping-gateway-per-product/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-shipping-gateway-per-product,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-shipping-gateway-per-product,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 59404977b3..a660414157 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-store-toolkit/"
     google-query: inurl:"/wp-content/plugins/woocommerce-store-toolkit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-store-toolkit,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-store-toolkit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-38d794189585526f4580cbcbd32cd51a.yaml b/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-38d794189585526f4580cbcbd32cd51a.yaml
index 8badf3c9fc..91d73c4d65 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-38d794189585526f4580cbcbd32cd51a.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-38d794189585526f4580cbcbd32cd51a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WooCommerce Subscriptions <= 3.0.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WooCommerce Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.2. This is due to incorrect nonce validation on the view-subscription functionality. This makes it possible for unauthenticated attackers to modify any user's subscription status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-subscriptions/"
     google-query: inurl:"/wp-content/plugins/woocommerce-subscriptions/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,high
+  tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-upcoming-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-upcoming-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2447916476..1dbc03a256 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-upcoming-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-upcoming-product-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-upcoming-product/"
     google-query: inurl:"/wp-content/plugins/woocommerce-upcoming-product/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-upcoming-product,medium
+  tags: cve,wordpress,wp-plugin,woocommerce-upcoming-product,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocommerce-wholesale-prices-f863836bfdeb95471721235ad3d4953e.yaml b/nuclei-templates/cve-less/plugins/woocommerce-wholesale-prices-f863836bfdeb95471721235ad3d4953e.yaml
index 8a2a9ec10b..ea7a719f77 100644
--- a/nuclei-templates/cve-less/plugins/woocommerce-wholesale-prices-f863836bfdeb95471721235ad3d4953e.yaml
+++ b/nuclei-templates/cve-less/plugins/woocommerce-wholesale-prices-f863836bfdeb95471721235ad3d4953e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wholesale Suite <= 2.1.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Wholesale Suite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.5. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocommerce-wholesale-prices/"
     google-query: inurl:"/wp-content/plugins/woocommerce-wholesale-prices/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocommerce-wholesale-prices,high
+  tags: cve,wordpress,wp-plugin,woocommerce-wholesale-prices,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woocustomizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woocustomizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6cf1596fc9..a68fc32fff 100644
--- a/nuclei-templates/cve-less/plugins/woocustomizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woocustomizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woocustomizer/"
     google-query: inurl:"/wp-content/plugins/woocustomizer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woocustomizer,medium
+  tags: cve,wordpress,wp-plugin,woocustomizer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woorousell-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woorousell-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 170f30497e..ddc0008b30 100644
--- a/nuclei-templates/cve-less/plugins/woorousell-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woorousell-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woorousell/"
     google-query: inurl:"/wp-content/plugins/woorousell/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woorousell,medium
+  tags: cve,wordpress,wp-plugin,woorousell,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woosquare-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woosquare-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7c438ca044..2ba3e5f4d9 100644
--- a/nuclei-templates/cve-less/plugins/woosquare-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woosquare-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woosquare/"
     google-query: inurl:"/wp-content/plugins/woosquare/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woosquare,medium
+  tags: cve,wordpress,wp-plugin,woosquare,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woostify-sites-library-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/woostify-sites-library-18966e8228314b8165d39d48519f43cc.yaml
index a755483a9a..0884d320b6 100644
--- a/nuclei-templates/cve-less/plugins/woostify-sites-library-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/woostify-sites-library-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woostify-sites-library/"
     google-query: inurl:"/wp-content/plugins/woostify-sites-library/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woostify-sites-library,medium
+  tags: cve,wordpress,wp-plugin,woostify-sites-library,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wootrello-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wootrello-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5265ef268e..c5860197a3 100644
--- a/nuclei-templates/cve-less/plugins/wootrello-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wootrello-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wootrello/"
     google-query: inurl:"/wp-content/plugins/wootrello/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wootrello,medium
+  tags: cve,wordpress,wp-plugin,wootrello,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/woowgallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/woowgallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1fcb1cf1ae..c2fc53e0be 100644
--- a/nuclei-templates/cve-less/plugins/woowgallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/woowgallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/woowgallery/"
     google-query: inurl:"/wp-content/plugins/woowgallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,woowgallery,medium
+  tags: cve,wordpress,wp-plugin,woowgallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wordfence-2fe978140d6bb192dbe8f6347a246620.yaml b/nuclei-templates/cve-less/plugins/wordfence-2fe978140d6bb192dbe8f6347a246620.yaml
index 5dd486580f..1de03e0ca8 100644
--- a/nuclei-templates/cve-less/plugins/wordfence-2fe978140d6bb192dbe8f6347a246620.yaml
+++ b/nuclei-templates/cve-less/plugins/wordfence-2fe978140d6bb192dbe8f6347a246620.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wordfence Security - Firewall & Malware Scan <= 3.3.6 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress plugin Wordfence versions 3.3.6 and older were vulnerable to Cross-Site Scripting via the unlockEmail functionality.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordfence/"
     google-query: inurl:"/wp-content/plugins/wordfence/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wordfence,medium
+  tags: cve,wordpress,wp-plugin,wordfence,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wordpress-countdown-widget-a672faba2cf5fa34711e0d654497c3c5.yaml b/nuclei-templates/cve-less/plugins/wordpress-countdown-widget-a672faba2cf5fa34711e0d654497c3c5.yaml
index e07e2a9e28..3aa67589fe 100644
--- a/nuclei-templates/cve-less/plugins/wordpress-countdown-widget-a672faba2cf5fa34711e0d654497c3c5.yaml
+++ b/nuclei-templates/cve-less/plugins/wordpress-countdown-widget-a672faba2cf5fa34711e0d654497c3c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Countdown Widget <= 3.1.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters when saving overall plugin language settings in versions up to, and including, 3.1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-countdown-widget/"
     google-query: inurl:"/wp-content/plugins/wordpress-countdown-widget/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wordpress-countdown-widget,medium
+  tags: cve,wordpress,wp-plugin,wordpress-countdown-widget,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wordpress-file-monitor-573f32cd1b90d92ebe8ccd29c90cebc9.yaml b/nuclei-templates/cve-less/plugins/wordpress-file-monitor-573f32cd1b90d92ebe8ccd29c90cebc9.yaml
index a0d417f996..299a40d5eb 100644
--- a/nuclei-templates/cve-less/plugins/wordpress-file-monitor-573f32cd1b90d92ebe8ccd29c90cebc9.yaml
+++ b/nuclei-templates/cve-less/plugins/wordpress-file-monitor-573f32cd1b90d92ebe8ccd29c90cebc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Monitor <= 2.3.3 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress File Monitor plugin is vulnerable to Cross-Site Scripting in versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with high privileges to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-file-monitor/"
     google-query: inurl:"/wp-content/plugins/wordpress-file-monitor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wordpress-file-monitor,medium
+  tags: cve,wordpress,wp-plugin,wordpress-file-monitor,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wordpress-firewall-2-82484b577e47d68881c7ffa118db364c.yaml b/nuclei-templates/cve-less/plugins/wordpress-firewall-2-82484b577e47d68881c7ffa118db364c.yaml
index 34fae8c3ce..65fcd78ab6 100644
--- a/nuclei-templates/cve-less/plugins/wordpress-firewall-2-82484b577e47d68881c7ffa118db364c.yaml
+++ b/nuclei-templates/cve-less/plugins/wordpress-firewall-2-82484b577e47d68881c7ffa118db364c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Firewall 2 <= 1.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Firewall 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-firewall-2/"
     google-query: inurl:"/wp-content/plugins/wordpress-firewall-2/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wordpress-firewall-2,medium
+  tags: cve,wordpress,wp-plugin,wordpress-firewall-2,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wordpress-popup-38f6be428d034f5c009a03a3e9513d4f.yaml b/nuclei-templates/cve-less/plugins/wordpress-popup-38f6be428d034f5c009a03a3e9513d4f.yaml
index 7ed54788fa..25eee9c368 100644
--- a/nuclei-templates/cve-less/plugins/wordpress-popup-38f6be428d034f5c009a03a3e9513d4f.yaml
+++ b/nuclei-templates/cve-less/plugins/wordpress-popup-38f6be428d034f5c009a03a3e9513d4f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Hustle <= 7.6.4 = Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Hustle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 7.6.4  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-popup/"
     google-query: inurl:"/wp-content/plugins/wordpress-popup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wordpress-popup,medium
+  tags: cve,wordpress,wp-plugin,wordpress-popup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-729af181e052b537a824f590788c4026.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-729af181e052b537a824f590788c4026.yaml
index 82e60047f5..1a62ba0e61 100644
--- a/nuclei-templates/cve-less/plugins/wordpress-seo-729af181e052b537a824f590788c4026.yaml
+++ b/nuclei-templates/cve-less/plugins/wordpress-seo-729af181e052b537a824f590788c4026.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO <= 1.4.6 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Yoast SEO plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the reset settings function in versions up to, and including, 1.4.6. This makes it possible for unauthorized attackers to reset the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-seo/"
     google-query: inurl:"/wp-content/plugins/wordpress-seo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wordpress-seo,medium
+  tags: cve,wordpress,wp-plugin,wordpress-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-828cafaa2f518b65826b98ac79418f2d.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-828cafaa2f518b65826b98ac79418f2d.yaml
index 97a3dacc41..ad94b2a2f1 100644
--- a/nuclei-templates/cve-less/plugins/wordpress-seo-828cafaa2f518b65826b98ac79418f2d.yaml
+++ b/nuclei-templates/cve-less/plugins/wordpress-seo-828cafaa2f518b65826b98ac79418f2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO <= 3.2.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Yoast SEO plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-seo/"
     google-query: inurl:"/wp-content/plugins/wordpress-seo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wordpress-seo,medium
+  tags: cve,wordpress,wp-plugin,wordpress-seo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-edb5aff062fcd8aac278362a1ce01bce.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-edb5aff062fcd8aac278362a1ce01bce.yaml
index 8a9f9757bd..68888528f3 100644
--- a/nuclei-templates/cve-less/plugins/wordpress-seo-edb5aff062fcd8aac278362a1ce01bce.yaml
+++ b/nuclei-templates/cve-less/plugins/wordpress-seo-edb5aff062fcd8aac278362a1ce01bce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Yoast SEO <= 20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Yoast SEO plugin for WordPress is vulnerable to DOM-based Cross-Site Scripting via individual post SEO details in versions up to, and including, 20.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level requirements and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-seo/"
     google-query: inurl:"/wp-content/plugins/wordpress-seo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wordpress-seo,medium
+  tags: cve,wordpress,wp-plugin,wordpress-seo,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wordpress-social-ring-62254c40802e5286c6fd0b29e99ea8df.yaml b/nuclei-templates/cve-less/plugins/wordpress-social-ring-62254c40802e5286c6fd0b29e99ea8df.yaml
index 83177530e1..df0b12c526 100644
--- a/nuclei-templates/cve-less/plugins/wordpress-social-ring-62254c40802e5286c6fd0b29e99ea8df.yaml
+++ b/nuclei-templates/cve-less/plugins/wordpress-social-ring-62254c40802e5286c6fd0b29e99ea8df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Social Ring (Facebook Like, Google +1, ReTweet, LinkedIn and Pin It) <= 1.1.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Social Ring (Facebook Like, Google +1, ReTweet, LinkedIn and Pin It) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wordpress-social-ring/"
     google-query: inurl:"/wp-content/plugins/wordpress-social-ring/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wordpress-social-ring,medium
+  tags: cve,wordpress,wp-plugin,wordpress-social-ring,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/world-of-warcraft-armory-table-d94ecce4e6207ecfb48491b051e2c22d.yaml b/nuclei-templates/cve-less/plugins/world-of-warcraft-armory-table-d94ecce4e6207ecfb48491b051e2c22d.yaml
index 4d096a03a8..67d8934ca0 100644
--- a/nuclei-templates/cve-less/plugins/world-of-warcraft-armory-table-d94ecce4e6207ecfb48491b051e2c22d.yaml
+++ b/nuclei-templates/cve-less/plugins/world-of-warcraft-armory-table-d94ecce4e6207ecfb48491b051e2c22d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     World of Warcraft – Armory Table < 0.2.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The World of Warcraft – Armory Table plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 0.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/world-of-warcraft-armory-table/"
     google-query: inurl:"/wp-content/plugins/world-of-warcraft-armory-table/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,world-of-warcraft-armory-table,medium
+  tags: cve,wordpress,wp-plugin,world-of-warcraft-armory-table,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/worth-the-read-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/worth-the-read-18966e8228314b8165d39d48519f43cc.yaml
index 67337d6e4b..c3f392b252 100644
--- a/nuclei-templates/cve-less/plugins/worth-the-read-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/worth-the-read-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/worth-the-read/"
     google-query: inurl:"/wp-content/plugins/worth-the-read/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,worth-the-read,medium
+  tags: cve,wordpress,wp-plugin,worth-the-read,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wowrestro-06578949edf7886954089bf5ea02f690.yaml b/nuclei-templates/cve-less/plugins/wowrestro-06578949edf7886954089bf5ea02f690.yaml
index c07c29edc4..3ada88accb 100644
--- a/nuclei-templates/cve-less/plugins/wowrestro-06578949edf7886954089bf5ea02f690.yaml
+++ b/nuclei-templates/cve-less/plugins/wowrestro-06578949edf7886954089bf5ea02f690.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WOWRestro – Online Ordering System For WooCommerce < 1.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WOWRestro – Online Ordering System For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on various AJAX actions. This makes it possible for unauthenticated attackers to gain restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wowrestro/"
     google-query: inurl:"/wp-content/plugins/wowrestro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wowrestro,high
+  tags: cve,wordpress,wp-plugin,wowrestro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-accessibility-ad7eb7a1c6f0dd20fda9c7137924de5c.yaml b/nuclei-templates/cve-less/plugins/wp-accessibility-ad7eb7a1c6f0dd20fda9c7137924de5c.yaml
index 171175eda5..9186174500 100644
--- a/nuclei-templates/cve-less/plugins/wp-accessibility-ad7eb7a1c6f0dd20fda9c7137924de5c.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-accessibility-ad7eb7a1c6f0dd20fda9c7137924de5c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Accessibility < 1.7.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Accessibility plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping with a custom CSS script. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-accessibility/"
     google-query: inurl:"/wp-content/plugins/wp-accessibility/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-accessibility,medium
+  tags: cve,wordpress,wp-plugin,wp-accessibility,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-affiliate-disclosure-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-affiliate-disclosure-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a549143b23..04ea74af89 100644
--- a/nuclei-templates/cve-less/plugins/wp-affiliate-disclosure-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-affiliate-disclosure-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-affiliate-disclosure/"
     google-query: inurl:"/wp-content/plugins/wp-affiliate-disclosure/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-affiliate-disclosure,medium
+  tags: cve,wordpress,wp-plugin,wp-affiliate-disclosure,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-5fbee904a26db0083f1a4d8da7695a16.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-5fbee904a26db0083f1a4d8da7695a16.yaml
index 4bfaeaefd3..03cb3e43d2 100644
--- a/nuclei-templates/cve-less/plugins/wp-all-import-5fbee904a26db0083f1a4d8da7695a16.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-all-import-5fbee904a26db0083f1a4d8da7695a16.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import any XML or CSV File to WordPress <= 3.2.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Import any XML or CSV File to WordPress plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative capabilities and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import/"
     google-query: inurl:"/wp-content/plugins/wp-all-import/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-all-import,high
+  tags: cve,wordpress,wp-plugin,wp-all-import,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-pro-5fbee904a26db0083f1a4d8da7695a16.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-pro-5fbee904a26db0083f1a4d8da7695a16.yaml
index 9551130204..0609efe313 100644
--- a/nuclei-templates/cve-less/plugins/wp-all-import-pro-5fbee904a26db0083f1a4d8da7695a16.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-all-import-pro-5fbee904a26db0083f1a4d8da7695a16.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Import any XML or CSV File to WordPress <= 3.2.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Import any XML or CSV File to WordPress plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrative capabilities and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-all-import-pro/"
     google-query: inurl:"/wp-content/plugins/wp-all-import-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-all-import-pro,high
+  tags: cve,wordpress,wp-plugin,wp-all-import-pro,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-analytify-66b6d0074514ae9bf7d808b0d7b9a6e2.yaml b/nuclei-templates/cve-less/plugins/wp-analytify-66b6d0074514ae9bf7d808b0d7b9a6e2.yaml
index ecc04b32b4..fa6c026301 100644
--- a/nuclei-templates/cve-less/plugins/wp-analytify-66b6d0074514ae9bf7d808b0d7b9a6e2.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-analytify-66b6d0074514ae9bf7d808b0d7b9a6e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Analytify – Google Analytics Dashboard For WordPress <= 4.2.2 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Analytify plugin for WordPress is vulnerable to authorization bypass due to a missing capability and nonce checks on the analytify_delete_cache function in versions up to, and including, 4.2.2 . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the cache of the plugin and also allows unauthenticated attackers to delete the plugin cache via forged request, granted they can trick a subscriber or higher into clicking on a link. Version 4.2.3 adds a nonce check to the function, which addressed the Cross-Site Request Forgery Vulnerability and makes exploitation impractical for lower-level accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-analytify/"
     google-query: inurl:"/wp-content/plugins/wp-analytify/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-analytify,medium
+  tags: cve,wordpress,wp-plugin,wp-analytify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-appbox-7765fb8469b9b88a34d6b432871e62d3.yaml b/nuclei-templates/cve-less/plugins/wp-appbox-7765fb8469b9b88a34d6b432871e62d3.yaml
index dbc49a9cd1..e40b0c39fd 100644
--- a/nuclei-templates/cve-less/plugins/wp-appbox-7765fb8469b9b88a34d6b432871e62d3.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-appbox-7765fb8469b9b88a34d6b432871e62d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Appbox <= 4.3.17 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP-Appbox plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.3.17 via the 'tab' parameter. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-appbox/"
     google-query: inurl:"/wp-content/plugins/wp-appbox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-appbox,high
+  tags: cve,wordpress,wp-plugin,wp-appbox,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-appointment-schedule-booking-system-041adfd3c39d4b3580e02b6803d8c84d.yaml b/nuclei-templates/cve-less/plugins/wp-appointment-schedule-booking-system-041adfd3c39d4b3580e02b6803d8c84d.yaml
index dd0be237da..b73a9d6464 100644
--- a/nuclei-templates/cve-less/plugins/wp-appointment-schedule-booking-system-041adfd3c39d4b3580e02b6803d8c84d.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-appointment-schedule-booking-system-041adfd3c39d4b3580e02b6803d8c84d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Appointment Schedule Booking System <=1.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Appointment Schedule Booking System plugin for is vulnerable to Stored Cross-Site Scripting via the 'cssfix’ parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-appointment-schedule-booking-system/"
     google-query: inurl:"/wp-content/plugins/wp-appointment-schedule-booking-system/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-appointment-schedule-booking-system,medium
+  tags: cve,wordpress,wp-plugin,wp-appointment-schedule-booking-system,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-attest-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-attest-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5649f9210f..c85e6615c4 100644
--- a/nuclei-templates/cve-less/plugins/wp-attest-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-attest-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-attest/"
     google-query: inurl:"/wp-content/plugins/wp-attest/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-attest,medium
+  tags: cve,wordpress,wp-plugin,wp-attest,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-auto-republish-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-auto-republish-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9ab43a7e9f..4406714d80 100644
--- a/nuclei-templates/cve-less/plugins/wp-auto-republish-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-auto-republish-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-auto-republish/"
     google-query: inurl:"/wp-content/plugins/wp-auto-republish/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-auto-republish,medium
+  tags: cve,wordpress,wp-plugin,wp-auto-republish,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-automatic-47dfd7659803e2a498c5473e1e3ec44c.yaml b/nuclei-templates/cve-less/plugins/wp-automatic-47dfd7659803e2a498c5473e1e3ec44c.yaml
index 6356096227..90366550b3 100644
--- a/nuclei-templates/cve-less/plugins/wp-automatic-47dfd7659803e2a498c5473e1e3ec44c.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-automatic-47dfd7659803e2a498c5473e1e3ec44c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Automatic Plugin <= 2.0.3 - Cross-Site Request Forgery to SQL Injection
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The "WordPress Automatic Plugin" plugin for WordPress is vulnerable to generic SQL Injection via the ‘q’ parameter in versions up to, and including, 2.0.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-automatic/"
     google-query: inurl:"/wp-content/plugins/wp-automatic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-automatic,critical
+  tags: cve,wordpress,wp-plugin,wp-automatic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-automedic-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-automedic-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 716d936972..df066a659b 100644
--- a/nuclei-templates/cve-less/plugins/wp-automedic-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-automedic-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-automedic/"
     google-query: inurl:"/wp-content/plugins/wp-automedic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-automedic,medium
+  tags: cve,wordpress,wp-plugin,wp-automedic,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-awesome-faq-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-awesome-faq-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 808d7f599e..0add702b03 100644
--- a/nuclei-templates/cve-less/plugins/wp-awesome-faq-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-awesome-faq-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-awesome-faq/"
     google-query: inurl:"/wp-content/plugins/wp-awesome-faq/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-awesome-faq,medium
+  tags: cve,wordpress,wp-plugin,wp-awesome-faq,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-backitup-bb87858762b8ce23abd3059540eaff9b.yaml b/nuclei-templates/cve-less/plugins/wp-backitup-bb87858762b8ce23abd3059540eaff9b.yaml
index 3f342002b8..63960ac32a 100644
--- a/nuclei-templates/cve-less/plugins/wp-backitup-bb87858762b8ce23abd3059540eaff9b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-backitup-bb87858762b8ce23abd3059540eaff9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Backup and Restore WordPress – Backup Plugin <= 1.9 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to trigger manual backups. The attackers can download these backups via the vulnerability described in CVE-2014-9012.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-backitup/"
     google-query: inurl:"/wp-content/plugins/wp-backitup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-backitup,medium
+  tags: cve,wordpress,wp-plugin,wp-backitup,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-banners-lite-2a0c0ac8cd49182e6cdc6ee30b392712.yaml b/nuclei-templates/cve-less/plugins/wp-banners-lite-2a0c0ac8cd49182e6cdc6ee30b392712.yaml
index bc06ddde27..220cf0f314 100644
--- a/nuclei-templates/cve-less/plugins/wp-banners-lite-2a0c0ac8cd49182e6cdc6ee30b392712.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-banners-lite-2a0c0ac8cd49182e6cdc6ee30b392712.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Banners-Lite 1.29, 1.31, 1.40 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-Banners-Lite plugin for WordPress is vulnerable to Cross-Site Scripting via the 'cid' variable in versions 1.29, 1.31, and 1.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthorized attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-banners-lite/"
     google-query: inurl:"/wp-content/plugins/wp-banners-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-banners-lite,medium
+  tags: cve,wordpress,wp-plugin,wp-banners-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-basic-elements-fc8825d6c61c86ccb18ee45ace94f66b.yaml b/nuclei-templates/cve-less/plugins/wp-basic-elements-fc8825d6c61c86ccb18ee45ace94f66b.yaml
index ca12275ef1..e1e2050543 100644
--- a/nuclei-templates/cve-less/plugins/wp-basic-elements-fc8825d6c61c86ccb18ee45ace94f66b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-basic-elements-fc8825d6c61c86ccb18ee45ace94f66b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Basic Elements <= 5.2.15 - Missing Authorization to Plugin Settings Update via wpbe_save_settings
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Basic Elements plugin for WordPress is vulnerable to modification of data due to a missing capability check on the wpbe_save_settings function in versions up to, and including, 5.2.15. This makes it possible for subscriber-level attackers to update plugin settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-basic-elements/"
     google-query: inurl:"/wp-content/plugins/wp-basic-elements/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-basic-elements,medium
+  tags: cve,wordpress,wp-plugin,wp-basic-elements,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-books-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-books-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index bbbff9fa72..6afad9394a 100644
--- a/nuclei-templates/cve-less/plugins/wp-books-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-books-gallery-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-books-gallery/"
     google-query: inurl:"/wp-content/plugins/wp-books-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-books-gallery,medium
+  tags: cve,wordpress,wp-plugin,wp-books-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-bugbot-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-bugbot-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 244f640d2a..1b7e221c6b 100644
--- a/nuclei-templates/cve-less/plugins/wp-bugbot-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-bugbot-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-bugbot/"
     google-query: inurl:"/wp-content/plugins/wp-bugbot/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-bugbot,medium
+  tags: cve,wordpress,wp-plugin,wp-bugbot,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-cerber-ae6491998df759b28d14cdb429fd6751.yaml b/nuclei-templates/cve-less/plugins/wp-cerber-ae6491998df759b28d14cdb429fd6751.yaml
index d7e55e9284..25ac83611c 100644
--- a/nuclei-templates/cve-less/plugins/wp-cerber-ae6491998df759b28d14cdb429fd6751.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-cerber-ae6491998df759b28d14cdb429fd6751.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Cerber Security <= 9.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the 'add_acl_comment' parameter. This makes it possible for authenticated attackers with administrator-level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cerber/"
     google-query: inurl:"/wp-content/plugins/wp-cerber/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-cerber,medium
+  tags: cve,wordpress,wp-plugin,wp-cerber,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-colorbox-4c3b7c4b9ee3cb503e7f1c307a295ea7.yaml b/nuclei-templates/cve-less/plugins/wp-colorbox-4c3b7c4b9ee3cb503e7f1c307a295ea7.yaml
index fee69c08bf..771adcbde1 100644
--- a/nuclei-templates/cve-less/plugins/wp-colorbox-4c3b7c4b9ee3cb503e7f1c307a295ea7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-colorbox-4c3b7c4b9ee3cb503e7f1c307a295ea7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Colorbox Lightbox Plugin <= 1.1.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Colorbox Lightbox Plugin  for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_locale’ parameter in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers low permission levels to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-colorbox/"
     google-query: inurl:"/wp-content/plugins/wp-colorbox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-colorbox,medium
+  tags: cve,wordpress,wp-plugin,wp-colorbox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-conference-schedule-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-conference-schedule-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 733a2537ef..5b26215147 100644
--- a/nuclei-templates/cve-less/plugins/wp-conference-schedule-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-conference-schedule-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-conference-schedule/"
     google-query: inurl:"/wp-content/plugins/wp-conference-schedule/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-conference-schedule,medium
+  tags: cve,wordpress,wp-plugin,wp-conference-schedule,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-contact-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-contact-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 734c101b7b..41422ecab3 100644
--- a/nuclei-templates/cve-less/plugins/wp-contact-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-contact-slider-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-contact-slider/"
     google-query: inurl:"/wp-content/plugins/wp-contact-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-contact-slider,medium
+  tags: cve,wordpress,wp-plugin,wp-contact-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-content-copy-protector-d40e32a5b0b2b53caa45979ec9bf9c5b.yaml b/nuclei-templates/cve-less/plugins/wp-content-copy-protector-d40e32a5b0b2b53caa45979ec9bf9c5b.yaml
index ea5dde1aee..3b126e84f2 100644
--- a/nuclei-templates/cve-less/plugins/wp-content-copy-protector-d40e32a5b0b2b53caa45979ec9bf9c5b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-content-copy-protector-d40e32a5b0b2b53caa45979ec9bf9c5b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Content Copy Protection & No Right Click <= 3.3 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Content Copy Protection & No Right Click Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3. This is due to missing or incorrect nonce validation on the 'cp_plugins_do_button_job_later_callback' AJAX action. This makes it possible for unauthenticated attackers to install and activate other plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-content-copy-protector/"
     google-query: inurl:"/wp-content/plugins/wp-content-copy-protector/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-content-copy-protector,high
+  tags: cve,wordpress,wp-plugin,wp-content-copy-protector,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-coupons-and-deals-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-coupons-and-deals-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 534b09b0cc..233d95707b 100644
--- a/nuclei-templates/cve-less/plugins/wp-coupons-and-deals-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-coupons-and-deals-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-coupons-and-deals/"
     google-query: inurl:"/wp-content/plugins/wp-coupons-and-deals/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-coupons-and-deals,medium
+  tags: cve,wordpress,wp-plugin,wp-coupons-and-deals,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-courses-33d299e06297ee744f8b2ab0f31bf14e.yaml b/nuclei-templates/cve-less/plugins/wp-courses-33d299e06297ee744f8b2ab0f31bf14e.yaml
index fa76c25887..eb6ebf88d9 100644
--- a/nuclei-templates/cve-less/plugins/wp-courses-33d299e06297ee744f8b2ab0f31bf14e.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-courses-33d299e06297ee744f8b2ab0f31bf14e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Courses LMS <= 3.2.3 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the ~/ajax/ajax-lesson-order.php file hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions such as adding, deleting and renaming lesson modules.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-courses/"
     google-query: inurl:"/wp-content/plugins/wp-courses/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-courses,medium
+  tags: cve,wordpress,wp-plugin,wp-courses,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-courses-97452a6bc86602fd42828322e14bf1a4.yaml b/nuclei-templates/cve-less/plugins/wp-courses-97452a6bc86602fd42828322e14bf1a4.yaml
index 41d626932c..4075c4232c 100644
--- a/nuclei-templates/cve-less/plugins/wp-courses-97452a6bc86602fd42828322e14bf1a4.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-courses-97452a6bc86602fd42828322e14bf1a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Courses LMS <= 3.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability check on the wpc_save_fe_option() function hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be used to achieve privilege escalation on most instances.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-courses/"
     google-query: inurl:"/wp-content/plugins/wp-courses/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-courses,high
+  tags: cve,wordpress,wp-plugin,wp-courses,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-cron-status-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-cron-status-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c0e6d2d8e0..b7c7e5fdc9 100644
--- a/nuclei-templates/cve-less/plugins/wp-cron-status-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-cron-status-checker-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cron-status-checker/"
     google-query: inurl:"/wp-content/plugins/wp-cron-status-checker/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-cron-status-checker,medium
+  tags: cve,wordpress,wp-plugin,wp-cron-status-checker,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-cumulus-df02c18fa8558df79345e6d025074ade.yaml b/nuclei-templates/cve-less/plugins/wp-cumulus-df02c18fa8558df79345e6d025074ade.yaml
index c5eddb78ae..ae79525488 100644
--- a/nuclei-templates/cve-less/plugins/wp-cumulus-df02c18fa8558df79345e6d025074ade.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-cumulus-df02c18fa8558df79345e6d025074ade.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Cumulus <= 1.22 - Cross-Site Scripting via xmlpath
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-Cumulus plugin for WordPress is vulnerable to Cross-Site Scripting via the 'xmlpath' parameter in versions up to, and including, 1.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthorized attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-cumulus/"
     google-query: inurl:"/wp-content/plugins/wp-cumulus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-cumulus,medium
+  tags: cve,wordpress,wp-plugin,wp-cumulus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-dark-mode-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wp-dark-mode-18966e8228314b8165d39d48519f43cc.yaml
index 17c1e46edf..00c9a9e296 100644
--- a/nuclei-templates/cve-less/plugins/wp-dark-mode-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-dark-mode-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dark-mode/"
     google-query: inurl:"/wp-content/plugins/wp-dark-mode/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-dark-mode,medium
+  tags: cve,wordpress,wp-plugin,wp-dark-mode,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-data-access-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-data-access-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 31a787f754..bcacadab98 100644
--- a/nuclei-templates/cve-less/plugins/wp-data-access-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-data-access-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-data-access/"
     google-query: inurl:"/wp-content/plugins/wp-data-access/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-data-access,medium
+  tags: cve,wordpress,wp-plugin,wp-data-access,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-72a1bd2cf4b65d84a10506cf15cba770.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-72a1bd2cf4b65d84a10506cf15cba770.yaml
index 6ff72510e5..969117ad93 100644
--- a/nuclei-templates/cve-less/plugins/wp-database-backup-72a1bd2cf4b65d84a10506cf15cba770.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-database-backup-72a1bd2cf4b65d84a10506cf15cba770.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Database Backup < 3.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Database Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions before 3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-backup/"
     google-query: inurl:"/wp-content/plugins/wp-database-backup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-database-backup,medium
+  tags: cve,wordpress,wp-plugin,wp-database-backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-89f1af83c5f7816ee1b237c0d204c470.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-89f1af83c5f7816ee1b237c0d204c470.yaml
index aa155b99ca..ebecddebb0 100644
--- a/nuclei-templates/cve-less/plugins/wp-database-backup-89f1af83c5f7816ee1b237c0d204c470.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-database-backup-89f1af83c5f7816ee1b237c0d204c470.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Database Backup <= 4.3.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Database Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.5. This is due to missing or incorrect nonce validation on the wp_db_backup_admin_init() function. This makes it possible for unauthenticated attackers to modify backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-backup/"
     google-query: inurl:"/wp-content/plugins/wp-database-backup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-database-backup,high
+  tags: cve,wordpress,wp-plugin,wp-database-backup,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-f1bef4e2b058a613299e0bc52fb82835.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-f1bef4e2b058a613299e0bc52fb82835.yaml
index 01a9e61a0e..9fd9bf1218 100644
--- a/nuclei-templates/cve-less/plugins/wp-database-backup-f1bef4e2b058a613299e0bc52fb82835.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-database-backup-f1bef4e2b058a613299e0bc52fb82835.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Database Backup <= 5.9 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Database Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-database-backup/"
     google-query: inurl:"/wp-content/plugins/wp-database-backup/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-database-backup,medium
+  tags: cve,wordpress,wp-plugin,wp-database-backup,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-debugging-54ecced4ec6b955678ac66c0d0f02ad3.yaml b/nuclei-templates/cve-less/plugins/wp-debugging-54ecced4ec6b955678ac66c0d0f02ad3.yaml
index f4bec6da7f..f72fd91196 100644
--- a/nuclei-templates/cve-less/plugins/wp-debugging-54ecced4ec6b955678ac66c0d0f02ad3.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-debugging-54ecced4ec6b955678ac66c0d0f02ad3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Debugging <= 2.11.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Debugging plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.11.7. This is due to inclusion of a vulnerable version of the wp-dependency-installer library. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-debugging/"
     google-query: inurl:"/wp-content/plugins/wp-debugging/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-debugging,high
+  tags: cve,wordpress,wp-plugin,wp-debugging,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-dev-powers-acf-color-coded-field-types-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-dev-powers-acf-color-coded-field-types-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 492bf667b4..a54141d0c2 100644
--- a/nuclei-templates/cve-less/plugins/wp-dev-powers-acf-color-coded-field-types-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-dev-powers-acf-color-coded-field-types-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dev-powers-acf-color-coded-field-types/"
     google-query: inurl:"/wp-content/plugins/wp-dev-powers-acf-color-coded-field-types/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-dev-powers-acf-color-coded-field-types,medium
+  tags: cve,wordpress,wp-plugin,wp-dev-powers-acf-color-coded-field-types,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-dev-powers-display-screen-dimensions-to-admin-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-dev-powers-display-screen-dimensions-to-admin-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d30c375e12..1298412c64 100644
--- a/nuclei-templates/cve-less/plugins/wp-dev-powers-display-screen-dimensions-to-admin-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-dev-powers-display-screen-dimensions-to-admin-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dev-powers-display-screen-dimensions-to-admin/"
     google-query: inurl:"/wp-content/plugins/wp-dev-powers-display-screen-dimensions-to-admin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-dev-powers-display-screen-dimensions-to-admin,medium
+  tags: cve,wordpress,wp-plugin,wp-dev-powers-display-screen-dimensions-to-admin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-dev-powers-element-selector-jquery-powers-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-dev-powers-element-selector-jquery-powers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7e2a9c22fd..13b543e9b5 100644
--- a/nuclei-templates/cve-less/plugins/wp-dev-powers-element-selector-jquery-powers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-dev-powers-element-selector-jquery-powers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-dev-powers-element-selector-jquery-powers/"
     google-query: inurl:"/wp-content/plugins/wp-dev-powers-element-selector-jquery-powers/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-dev-powers-element-selector-jquery-powers,medium
+  tags: cve,wordpress,wp-plugin,wp-dev-powers-element-selector-jquery-powers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-disable-sitemap-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-disable-sitemap-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1feb79b895..e94019cd60 100644
--- a/nuclei-templates/cve-less/plugins/wp-disable-sitemap-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-disable-sitemap-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-disable-sitemap/"
     google-query: inurl:"/wp-content/plugins/wp-disable-sitemap/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-disable-sitemap,medium
+  tags: cve,wordpress,wp-plugin,wp-disable-sitemap,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-donottrack-6d5c3a6b6510902181c0fc950daad824.yaml b/nuclei-templates/cve-less/plugins/wp-donottrack-6d5c3a6b6510902181c0fc950daad824.yaml
index 5779307b26..df5fee6d9b 100644
--- a/nuclei-templates/cve-less/plugins/wp-donottrack-6d5c3a6b6510902181c0fc950daad824.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-donottrack-6d5c3a6b6510902181c0fc950daad824.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP DoNotTrack <= 0.8.8 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP DoNotTrack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘whitelist’ and 'blacklist' parameters in versions up to, and including, 0.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-donottrack/"
     google-query: inurl:"/wp-content/plugins/wp-donottrack/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-donottrack,medium
+  tags: cve,wordpress,wp-plugin,wp-donottrack,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-e-commerce-47355e6b7ab75ca2f167e153c73e9cb8.yaml b/nuclei-templates/cve-less/plugins/wp-e-commerce-47355e6b7ab75ca2f167e153c73e9cb8.yaml
index 64d74b47c3..a4da33d438 100644
--- a/nuclei-templates/cve-less/plugins/wp-e-commerce-47355e6b7ab75ca2f167e153c73e9cb8.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-e-commerce-47355e6b7ab75ca2f167e153c73e9cb8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP eCommerce <= 3.8.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP eCommerce plugin for WordPress is vulnerable to Cross-Site Scripting via the 'm' parameter in versions up to, and including, 3.8.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-e-commerce/"
     google-query: inurl:"/wp-content/plugins/wp-e-commerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-e-commerce,medium
+  tags: cve,wordpress,wp-plugin,wp-e-commerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-e-commerce-exporter-b87c02ac90f7b6f2632497368ebe2ad8.yaml b/nuclei-templates/cve-less/plugins/wp-e-commerce-exporter-b87c02ac90f7b6f2632497368ebe2ad8.yaml
index edc214e0e5..9f4d0c6280 100644
--- a/nuclei-templates/cve-less/plugins/wp-e-commerce-exporter-b87c02ac90f7b6f2632497368ebe2ad8.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-e-commerce-exporter-b87c02ac90f7b6f2632497368ebe2ad8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP e-Commerce – Store Exporter <= 1.6.6 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The WP e-Commerce – Store Exporter plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpsc_get_action() function in versions up to, and including 1.6.6. This makes it possible for unauthenticated attackers to gain access to restricted actions that allow them to update the plugin settings and dismiss notices among many other actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-e-commerce-exporter/"
     google-query: inurl:"/wp-content/plugins/wp-e-commerce-exporter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-e-commerce-exporter,critical
+  tags: cve,wordpress,wp-plugin,wp-e-commerce-exporter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-e-commerce-f774eebe4f23829fc94b7eafdba5ce4e.yaml b/nuclei-templates/cve-less/plugins/wp-e-commerce-f774eebe4f23829fc94b7eafdba5ce4e.yaml
index 1aea124e5c..fc90e82984 100644
--- a/nuclei-templates/cve-less/plugins/wp-e-commerce-f774eebe4f23829fc94b7eafdba5ce4e.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-e-commerce-f774eebe4f23829fc94b7eafdba5ce4e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP eCommerce < 3.11.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP eCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘sessionid’ parameter in versions up to, and including, 3.11.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-e-commerce/"
     google-query: inurl:"/wp-content/plugins/wp-e-commerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-e-commerce,high
+  tags: cve,wordpress,wp-plugin,wp-e-commerce,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-easy-events-3c60189d6f13a72d771cf945af5deabf.yaml b/nuclei-templates/cve-less/plugins/wp-easy-events-3c60189d6f13a72d771cf945af5deabf.yaml
index d86f0099c9..20a3798e92 100644
--- a/nuclei-templates/cve-less/plugins/wp-easy-events-3c60189d6f13a72d771cf945af5deabf.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-easy-events-3c60189d6f13a72d771cf945af5deabf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Event Management, Events Calendar, RSVP Event Tickets Plugin <= 3.8.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Event Management, Events Calendar, RSVP Event Tickets Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.4 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easy-events/"
     google-query: inurl:"/wp-content/plugins/wp-easy-events/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-easy-events,medium
+  tags: cve,wordpress,wp-plugin,wp-easy-events,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-easy-gallery-0a9f08b24926b461870620f84309d060.yaml b/nuclei-templates/cve-less/plugins/wp-easy-gallery-0a9f08b24926b461870620f84309d060.yaml
index 8b0992a3cf..f6e2f7e6fa 100644
--- a/nuclei-templates/cve-less/plugins/wp-easy-gallery-0a9f08b24926b461870620f84309d060.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-easy-gallery-0a9f08b24926b461870620f84309d060.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Easy Gallery <= 1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Easy Gallery plugin for WordPress is vulnerable to Cross-Site Scripting via the 'select_gallery' and 'galleryId' parameters in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easy-gallery/"
     google-query: inurl:"/wp-content/plugins/wp-easy-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-easy-gallery,medium
+  tags: cve,wordpress,wp-plugin,wp-easy-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-easy-gallery-4b99edd00f6941b4dd18ce780651f43a.yaml b/nuclei-templates/cve-less/plugins/wp-easy-gallery-4b99edd00f6941b4dd18ce780651f43a.yaml
index e7fcd33d8b..ac22b8bf0e 100644
--- a/nuclei-templates/cve-less/plugins/wp-easy-gallery-4b99edd00f6941b4dd18ce780651f43a.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-easy-gallery-4b99edd00f6941b4dd18ce780651f43a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Easy Gallery <= 2.7 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Easy Gallery plugin for WordPress is vulnerable to generic SQL Injection via the 'galleryId' parameter in the 'admin/overview.php' file in versions up to, and including, 2.7 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated Admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easy-gallery/"
     google-query: inurl:"/wp-content/plugins/wp-easy-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-easy-gallery,high
+  tags: cve,wordpress,wp-plugin,wp-easy-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-easy-gallery-53e584ae34c9d1aad8bceb6896eca3e1.yaml b/nuclei-templates/cve-less/plugins/wp-easy-gallery-53e584ae34c9d1aad8bceb6896eca3e1.yaml
index 1bd99b5e9d..ea7b0e381e 100644
--- a/nuclei-templates/cve-less/plugins/wp-easy-gallery-53e584ae34c9d1aad8bceb6896eca3e1.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-easy-gallery-53e584ae34c9d1aad8bceb6896eca3e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Easy Gallery <= 4.1.4 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Easy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_style’ parameter in versions before 4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easy-gallery/"
     google-query: inurl:"/wp-content/plugins/wp-easy-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-easy-gallery,medium
+  tags: cve,wordpress,wp-plugin,wp-easy-gallery,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-easy-gallery-609b7c2d6b7906e24d1cf69e810126a4.yaml b/nuclei-templates/cve-less/plugins/wp-easy-gallery-609b7c2d6b7906e24d1cf69e810126a4.yaml
index b44c04eaa8..67ca880494 100644
--- a/nuclei-templates/cve-less/plugins/wp-easy-gallery-609b7c2d6b7906e24d1cf69e810126a4.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-easy-gallery-609b7c2d6b7906e24d1cf69e810126a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Easy Gallery <= 2.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Easy Gallery for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easy-gallery/"
     google-query: inurl:"/wp-content/plugins/wp-easy-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-easy-gallery,high
+  tags: cve,wordpress,wp-plugin,wp-easy-gallery,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-easy-gallery-f0840392ae02502b377a0491bc44f08d.yaml b/nuclei-templates/cve-less/plugins/wp-easy-gallery-f0840392ae02502b377a0491bc44f08d.yaml
index 3f0c619896..66be634970 100644
--- a/nuclei-templates/cve-less/plugins/wp-easy-gallery-f0840392ae02502b377a0491bc44f08d.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-easy-gallery-f0840392ae02502b377a0491bc44f08d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Easy Gallery <= 2.7 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Easy Gallery plugin for WordPress is vulnerable to generic SQL Injection via the 'galleryId' or 'select_gallery' parameters found in the ‘admin/add-images.php’ file in versions up to, and including, 2.7 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easy-gallery/"
     google-query: inurl:"/wp-content/plugins/wp-easy-gallery/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-easy-gallery,high
+  tags: cve,wordpress,wp-plugin,wp-easy-gallery,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-easy-pay-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-easy-pay-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e557d699eb..042a56c4c2 100644
--- a/nuclei-templates/cve-less/plugins/wp-easy-pay-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-easy-pay-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-easy-pay/"
     google-query: inurl:"/wp-content/plugins/wp-easy-pay/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-easy-pay,medium
+  tags: cve,wordpress,wp-plugin,wp-easy-pay,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-edit-password-protected-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wp-edit-password-protected-18966e8228314b8165d39d48519f43cc.yaml
index 71180c1c31..7f28461d64 100644
--- a/nuclei-templates/cve-less/plugins/wp-edit-password-protected-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-edit-password-protected-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-edit-password-protected/"
     google-query: inurl:"/wp-content/plugins/wp-edit-password-protected/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-edit-password-protected,medium
+  tags: cve,wordpress,wp-plugin,wp-edit-password-protected,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-email-template-2961759aa56e979f7c4730d8320eec28.yaml b/nuclei-templates/cve-less/plugins/wp-email-template-2961759aa56e979f7c4730d8320eec28.yaml
index b496f4fc00..b45d49d2d9 100644
--- a/nuclei-templates/cve-less/plugins/wp-email-template-2961759aa56e979f7c4730d8320eec28.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-email-template-2961759aa56e979f7c4730d8320eec28.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The following plugins for WordPress are vulnerable to Cross-Site Request Forgery:
                                         
@@ -21,7 +21,7 @@ info:
     fofa-query: "wp-content/plugins/wp-email-template/"
     google-query: inurl:"/wp-content/plugins/wp-email-template/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-email-template,high
+  tags: cve,wordpress,wp-plugin,wp-email-template,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-email-users-2c7df8a6a41b0cfad78e17028e8be6b9.yaml b/nuclei-templates/cve-less/plugins/wp-email-users-2c7df8a6a41b0cfad78e17028e8be6b9.yaml
index 2e30430804..4f3db780a3 100644
--- a/nuclei-templates/cve-less/plugins/wp-email-users-2c7df8a6a41b0cfad78e17028e8be6b9.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-email-users-2c7df8a6a41b0cfad78e17028e8be6b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Email Users <= 1.4.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Email Users plugin for WordPress is vulnerable to  SQL Injection via the ‘filetitle’ parameter in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-email-users/"
     google-query: inurl:"/wp-content/plugins/wp-email-users/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-email-users,high
+  tags: cve,wordpress,wp-plugin,wp-email-users,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-emaily-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-emaily-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 49f7152ea3..8dfec88d3f 100644
--- a/nuclei-templates/cve-less/plugins/wp-emaily-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-emaily-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-emaily/"
     google-query: inurl:"/wp-content/plugins/wp-emaily/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-emaily,medium
+  tags: cve,wordpress,wp-plugin,wp-emaily,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-event-partners-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-event-partners-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4f3ed619e7..042ccc3e13 100644
--- a/nuclei-templates/cve-less/plugins/wp-event-partners-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-event-partners-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-event-partners/"
     google-query: inurl:"/wp-content/plugins/wp-event-partners/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-event-partners,medium
+  tags: cve,wordpress,wp-plugin,wp-event-partners,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-events-725f7191ecab88079bfff1263c7f0b6b.yaml b/nuclei-templates/cve-less/plugins/wp-events-725f7191ecab88079bfff1263c7f0b6b.yaml
index 52afd40e62..3b97075607 100644
--- a/nuclei-templates/cve-less/plugins/wp-events-725f7191ecab88079bfff1263c7f0b6b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-events-725f7191ecab88079bfff1263c7f0b6b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Events <= 2.3.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Events plugin for WordPress is vulnerable to generic SQL Injection via the "$_GET[‘edit_event']" parameter in versions up to, and including, 2.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-events/"
     google-query: inurl:"/wp-content/plugins/wp-events/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-events,high
+  tags: cve,wordpress,wp-plugin,wp-events,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-external-links-8503267448a714d1d5d099f1366cd0ea.yaml b/nuclei-templates/cve-less/plugins/wp-external-links-8503267448a714d1d5d099f1366cd0ea.yaml
index 228fc400a2..45aed651dc 100644
--- a/nuclei-templates/cve-less/plugins/wp-external-links-8503267448a714d1d5d099f1366cd0ea.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-external-links-8503267448a714d1d5d099f1366cd0ea.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP External Links < 1.81 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP External Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions before 1.81 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-external-links/"
     google-query: inurl:"/wp-content/plugins/wp-external-links/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-external-links,medium
+  tags: cve,wordpress,wp-plugin,wp-external-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-external-links-acbe4c57371265432a7073cce828c9b8.yaml b/nuclei-templates/cve-less/plugins/wp-external-links-acbe4c57371265432a7073cce828c9b8.yaml
index d62010730a..607168b64b 100644
--- a/nuclei-templates/cve-less/plugins/wp-external-links-acbe4c57371265432a7073cce828c9b8.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-external-links-acbe4c57371265432a7073cce828c9b8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     External Links <= 2.55 - Authenticated (Administrator+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The External Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.55 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-external-links/"
     google-query: inurl:"/wp-content/plugins/wp-external-links/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-external-links,medium
+  tags: cve,wordpress,wp-plugin,wp-external-links,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-facebook-group-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-facebook-group-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index eae24872b2..75330915f3 100644
--- a/nuclei-templates/cve-less/plugins/wp-facebook-group-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-facebook-group-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-facebook-group/"
     google-query: inurl:"/wp-content/plugins/wp-facebook-group/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-facebook-group,medium
+  tags: cve,wordpress,wp-plugin,wp-facebook-group,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-fail2ban-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-fail2ban-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ef8c3d2737..cf9752cd66 100644
--- a/nuclei-templates/cve-less/plugins/wp-fail2ban-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-fail2ban-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fail2ban/"
     google-query: inurl:"/wp-content/plugins/wp-fail2ban/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-fail2ban,medium
+  tags: cve,wordpress,wp-plugin,wp-fail2ban,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-fast-cache-8db2ce4fbc6df6bbc133a98c76aaa326.yaml b/nuclei-templates/cve-less/plugins/wp-fast-cache-8db2ce4fbc6df6bbc133a98c76aaa326.yaml
index 044f9c3506..80ee2eb64d 100644
--- a/nuclei-templates/cve-less/plugins/wp-fast-cache-8db2ce4fbc6df6bbc133a98c76aaa326.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-fast-cache-8db2ce4fbc6df6bbc133a98c76aaa326.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fast Cache <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The WP Fast Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4. This is due to the 'wp_fast_cache_bulk_action_url' variable not being sanitized or escapes. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions and perform subsequent Cross-Site Scripting attacks via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fast-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fast-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-fast-cache,critical
+  tags: cve,wordpress,wp-plugin,wp-fast-cache,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-308394f6b31625a7b3cc64b85e9f4dc2.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-308394f6b31625a7b3cc64b85e9f4dc2.yaml
index fd9bbd63bb..b6f07c895d 100644
--- a/nuclei-templates/cve-less/plugins/wp-fastest-cache-308394f6b31625a7b3cc64b85e9f4dc2.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-308394f6b31625a7b3cc64b85e9f4dc2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 0.8.5.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpfc_save_cdn_integration_ajax_request_callback() function in versions up to, and including, 0.8.5.7. This makes it possible for unauthorized attackers to redirect all CSS file, image, video, etc. requests to a potentially malicious site.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-434e9952fd09ca91a230586603143cbf.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-434e9952fd09ca91a230586603143cbf.yaml
index bf42cd9d34..26b05195d5 100644
--- a/nuclei-templates/cve-less/plugins/wp-fastest-cache-434e9952fd09ca91a230586603143cbf.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-434e9952fd09ca91a230586603143cbf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 0.8.7.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to blind SQL Injection via the ‘$comment_id’ parameter in versions up to, and including, 0.8.7.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for subscriber-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-5f9f7bf290ea80a41025c30b0ffd1db1.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-5f9f7bf290ea80a41025c30b0ffd1db1.yaml
index 96423b51a0..010bd557cb 100644
--- a/nuclei-templates/cve-less/plugins/wp-fastest-cache-5f9f7bf290ea80a41025c30b0ffd1db1.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-5f9f7bf290ea80a41025c30b0ffd1db1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 0.8.5.7 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 0.8.5.7 via the 'id' parameter. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-b07a02f9d4db7fe492ff4a4ebc6a38ba.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-b07a02f9d4db7fe492ff4a4ebc6a38ba.yaml
index 1a490f8b4a..8150b8329f 100644
--- a/nuclei-templates/cve-less/plugins/wp-fastest-cache-b07a02f9d4db7fe492ff4a4ebc6a38ba.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-b07a02f9d4db7fe492ff4a4ebc6a38ba.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-f28e9e3f4825fae9f836906b103e0875.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-f28e9e3f4825fae9f836906b103e0875.yaml
index d53a8e212f..31b6789aa9 100644
--- a/nuclei-templates/cve-less/plugins/wp-fastest-cache-f28e9e3f4825fae9f836906b103e0875.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-f28e9e3f4825fae9f836906b103e0875.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Fastest Cache <= 0.8.5.9 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Fastest Cache plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 0.8.5.9 via the id POST parameter. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is due to an impartial fix of https://ti.wordfence.io/vulnerabilities/3ebe25a7-fa4d-4e3f-b969-2ff3a8388b06.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-fastest-cache/"
     google-query: inurl:"/wp-content/plugins/wp-fastest-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-fastest-cache,high
+  tags: cve,wordpress,wp-plugin,wp-fastest-cache,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-e29d6db8a3a02793b21f4d3bff2f8cc9.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-e29d6db8a3a02793b21f4d3bff2f8cc9.yaml
index f4518d8480..60415934d6 100644
--- a/nuclei-templates/cve-less/plugins/wp-file-manager-e29d6db8a3a02793b21f4d3bff2f8cc9.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-file-manager-e29d6db8a3a02793b21f4d3bff2f8cc9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     File Manager <= 4.8 - Missing Authorization on AJAX Actions
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The File Manager plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various functions hooked via AJAX actions in versions up to, and including, 4.8. This makes it possible for authenticated attackers with subscriber-level permissions and above to delete back-ups and view sensitive information about back-ups.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-manager/"
     google-query: inurl:"/wp-content/plugins/wp-file-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-file-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-file-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-c865a729c4dbcf73f4c0bf83297ccf74.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-c865a729c4dbcf73f4c0bf83297ccf74.yaml
index ea16cb6861..5f68dc6e8b 100644
--- a/nuclei-templates/cve-less/plugins/wp-file-upload-c865a729c4dbcf73f4c0bf83297ccf74.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-file-upload-c865a729c4dbcf73f4c0bf83297ccf74.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress File Upload <= 4.16.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-file-upload/"
     google-query: inurl:"/wp-content/plugins/wp-file-upload/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-file-upload,medium
+  tags: cve,wordpress,wp-plugin,wp-file-upload,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-free-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-free-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 80982dd30b..1ad031d989 100644
--- a/nuclei-templates/cve-less/plugins/wp-free-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-free-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-free-ssl/"
     google-query: inurl:"/wp-content/plugins/wp-free-ssl/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-free-ssl,medium
+  tags: cve,wordpress,wp-plugin,wp-free-ssl,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-front-end-profile-b37c0d0d71a59763b804ee0d533397e0.yaml b/nuclei-templates/cve-less/plugins/wp-front-end-profile-b37c0d0d71a59763b804ee0d533397e0.yaml
index 327cb2f24c..4e98a55165 100644
--- a/nuclei-templates/cve-less/plugins/wp-front-end-profile-b37c0d0d71a59763b804ee0d533397e0.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-front-end-profile-b37c0d0d71a59763b804ee0d533397e0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Frontend Profile <= 1.2.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the wpfep_save_password() function found in the 'wp-frontend-profile/functions/save-fields.php' file. This makes it possible for unauthenticated attackers to change the passwords of other users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-front-end-profile/"
     google-query: inurl:"/wp-content/plugins/wp-front-end-profile/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-front-end-profile,high
+  tags: cve,wordpress,wp-plugin,wp-front-end-profile,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-front-end-profile-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-front-end-profile-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d958a843f5..98f9d8e5b8 100644
--- a/nuclei-templates/cve-less/plugins/wp-front-end-profile-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-front-end-profile-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-front-end-profile/"
     google-query: inurl:"/wp-content/plugins/wp-front-end-profile/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-front-end-profile,medium
+  tags: cve,wordpress,wp-plugin,wp-front-end-profile,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-d47084b590cbc795c568485d3590251a.yaml b/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-d47084b590cbc795c568485d3590251a.yaml
index 94afeb1423..f9aa9c48e4 100644
--- a/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-d47084b590cbc795c568485d3590251a.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-d47084b590cbc795c568485d3590251a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Cookie Information | Free GDPR Consent Solution <= 1.5.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$ipAddress’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-gdpr-compliance/"
     google-query: inurl:"/wp-content/plugins/wp-gdpr-compliance/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-gdpr-compliance,medium
+  tags: cve,wordpress,wp-plugin,wp-gdpr-compliance,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-get-personal-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-get-personal-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0191bf2339..908cfc9f28 100644
--- a/nuclei-templates/cve-less/plugins/wp-get-personal-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-get-personal-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-get-personal-lite/"
     google-query: inurl:"/wp-content/plugins/wp-get-personal-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-get-personal-lite,medium
+  tags: cve,wordpress,wp-plugin,wp-get-personal-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-73f135de232fc553a1861c313e9ab548.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-73f135de232fc553a1861c313e9ab548.yaml
index 38a91b2b8e..63ed673efe 100644
--- a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-73f135de232fc553a1861c313e9ab548.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-73f135de232fc553a1861c313e9ab548.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Map Plugin <= 4.0.9 - Cross-Site Request Forgery to PHP Object Injection
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Google Map Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.0. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-map-plugin/"
     google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,high
+  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-a5532d15dce91adaa57b29acc9d33bb8.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-a5532d15dce91adaa57b29acc9d33bb8.yaml
index f7d15bc5e0..89ead98078 100644
--- a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-a5532d15dce91adaa57b29acc9d33bb8.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-a5532d15dce91adaa57b29acc9d33bb8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Map Plugin < 3.0.0 - Cross-Site Request Forgery to Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Google Map Plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting via several parameters in versions before 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-map-plugin/"
     google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,high
+  tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-5938cf4c59a1d8ebf45c155344fba09e.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-5938cf4c59a1d8ebf45c155344fba09e.yaml
index 22ea6059f7..2ec7cf1b51 100644
--- a/nuclei-templates/cve-less/plugins/wp-google-maps-5938cf4c59a1d8ebf45c155344fba09e.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-google-maps-5938cf4c59a1d8ebf45c155344fba09e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Google Maps <= 6.3.14 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmza_store_locator_query_string’ parameter in versions up to, and including, 6.3.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-maps/"
     google-query: inurl:"/wp-content/plugins/wp-google-maps/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-google-maps,medium
+  tags: cve,wordpress,wp-plugin,wp-google-maps,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-google-street-view-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-google-street-view-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 46206ba09b..bcae3468bc 100644
--- a/nuclei-templates/cve-less/plugins/wp-google-street-view-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-google-street-view-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-google-street-view/"
     google-query: inurl:"/wp-content/plugins/wp-google-street-view/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-google-street-view,medium
+  tags: cve,wordpress,wp-plugin,wp-google-street-view,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-gratify-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-gratify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 86b5b9da50..03c7afef76 100644
--- a/nuclei-templates/cve-less/plugins/wp-gratify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-gratify-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-gratify/"
     google-query: inurl:"/wp-content/plugins/wp-gratify/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-gratify,medium
+  tags: cve,wordpress,wp-plugin,wp-gratify,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-helper-lite-eb9d1a9f33f022abcf9d4898480aa085.yaml b/nuclei-templates/cve-less/plugins/wp-helper-lite-eb9d1a9f33f022abcf9d4898480aa085.yaml
index fd2217058b..92d294db19 100644
--- a/nuclei-templates/cve-less/plugins/wp-helper-lite-eb9d1a9f33f022abcf9d4898480aa085.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-helper-lite-eb9d1a9f33f022abcf9d4898480aa085.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Helper Premium <= 4.2.0 - Authenticated (Contributor+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Helper Premium plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for contributor-level attackers and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-helper-lite/"
     google-query: inurl:"/wp-content/plugins/wp-helper-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-helper-lite,high
+  tags: cve,wordpress,wp-plugin,wp-helper-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-homepage-slideshow-47a30f13a712f0b51de3660787ce6dab.yaml b/nuclei-templates/cve-less/plugins/wp-homepage-slideshow-47a30f13a712f0b51de3660787ce6dab.yaml
index bdf9dfa87e..ad038e170c 100644
--- a/nuclei-templates/cve-less/plugins/wp-homepage-slideshow-47a30f13a712f0b51de3660787ce6dab.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-homepage-slideshow-47a30f13a712f0b51de3660787ce6dab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Homepage SlideShow <= 2.3 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Homepage SlideShow plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-homepage-slideshow/"
     google-query: inurl:"/wp-content/plugins/wp-homepage-slideshow/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-homepage-slideshow,high
+  tags: cve,wordpress,wp-plugin,wp-homepage-slideshow,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-hr-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-hr-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 03ad3fa512..3378799b25 100644
--- a/nuclei-templates/cve-less/plugins/wp-hr-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-hr-manager-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-hr-manager/"
     google-query: inurl:"/wp-content/plugins/wp-hr-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-hr-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-hr-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-image-resizer-8b089becf530f93c37bff15846437ba4.yaml b/nuclei-templates/cve-less/plugins/wp-image-resizer-8b089becf530f93c37bff15846437ba4.yaml
index f48e4a88d4..f49482bd57 100644
--- a/nuclei-templates/cve-less/plugins/wp-image-resizer-8b089becf530f93c37bff15846437ba4.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-image-resizer-8b089becf530f93c37bff15846437ba4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Image Resizer (Unspecified Version) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Image Resizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘src’ parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-image-resizer/"
     google-query: inurl:"/wp-content/plugins/wp-image-resizer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-image-resizer,medium
+  tags: cve,wordpress,wp-plugin,wp-image-resizer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-invoice-e02e4d31cf49a5cf3437bdef98608b60.yaml b/nuclei-templates/cve-less/plugins/wp-invoice-e02e4d31cf49a5cf3437bdef98608b60.yaml
index 6d995de618..80473b6528 100644
--- a/nuclei-templates/cve-less/plugins/wp-invoice-e02e4d31cf49a5cf3437bdef98608b60.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-invoice-e02e4d31cf49a5cf3437bdef98608b60.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Invoice – Web Invoice and Billing <= 4.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP-Invoice – Web Invoice and Billing plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing  nonce validation on the save settings function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-invoice/"
     google-query: inurl:"/wp-content/plugins/wp-invoice/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-invoice,high
+  tags: cve,wordpress,wp-plugin,wp-invoice,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-job-manager-ad1a7b10885844b515902d55c9660f2d.yaml b/nuclei-templates/cve-less/plugins/wp-job-manager-ad1a7b10885844b515902d55c9660f2d.yaml
index 8f75cc2608..ce64634f89 100644
--- a/nuclei-templates/cve-less/plugins/wp-job-manager-ad1a7b10885844b515902d55c9660f2d.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-job-manager-ad1a7b10885844b515902d55c9660f2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Job Manager <= 1.26.1 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Job Manager plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the via the ~/class-wp-job-manager-ajax.php file in versions up to, and including, 1.26.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-job-manager/"
     google-query: inurl:"/wp-content/plugins/wp-job-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-job-manager,high
+  tags: cve,wordpress,wp-plugin,wp-job-manager,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-job-manager-f05562fc94116db3e2f5dd9c7a1bb0d7.yaml b/nuclei-templates/cve-less/plugins/wp-job-manager-f05562fc94116db3e2f5dd9c7a1bb0d7.yaml
index d44dc1e94f..aa7a060c9f 100644
--- a/nuclei-templates/cve-less/plugins/wp-job-manager-f05562fc94116db3e2f5dd9c7a1bb0d7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-job-manager-f05562fc94116db3e2f5dd9c7a1bb0d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Job Manager < 1.23.8 - Multiple Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘create_account_email' and 'create_account_username’ parameters in versions up to, and including, 1.23.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-job-manager/"
     google-query: inurl:"/wp-content/plugins/wp-job-manager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-job-manager,medium
+  tags: cve,wordpress,wp-plugin,wp-job-manager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-jobsearch-06bec6e8b710a7efd7b4113567911744.yaml b/nuclei-templates/cve-less/plugins/wp-jobsearch-06bec6e8b710a7efd7b4113567911744.yaml
index f751f3f8b1..c91b882760 100644
--- a/nuclei-templates/cve-less/plugins/wp-jobsearch-06bec6e8b710a7efd7b4113567911744.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-jobsearch-06bec6e8b710a7efd7b4113567911744.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobSearch WP Job Board <= 1.5.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JobSearch WP Job Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Offered Salary', 'Career Level', 'Experience', 'Gender', 'Industry', 'Qualifications', 'Job Description', 'Full Address' fields found on the new job listing form in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-jobsearch/"
     google-query: inurl:"/wp-content/plugins/wp-jobsearch/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-jobsearch,medium
+  tags: cve,wordpress,wp-plugin,wp-jobsearch,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-jobsearch-0757689ccb9eb2501cdd998e2d1228fe.yaml b/nuclei-templates/cve-less/plugins/wp-jobsearch-0757689ccb9eb2501cdd998e2d1228fe.yaml
index f09deb77e8..71fa6cea4c 100644
--- a/nuclei-templates/cve-less/plugins/wp-jobsearch-0757689ccb9eb2501cdd998e2d1228fe.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-jobsearch-0757689ccb9eb2501cdd998e2d1228fe.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobSearch WP Job Board <= 1.5.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JobSearch WP Job Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Phone', 'Dial Code', 'Founded Since', 'Member Title', 'Designation', 'Experience', 'Facebook URL', 'Google+ URL', 'Twitter URL', 'LinkedIn URL', 'Description', 'Full Address' fields via the user dashboard employer form in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-jobsearch/"
     google-query: inurl:"/wp-content/plugins/wp-jobsearch/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-jobsearch,medium
+  tags: cve,wordpress,wp-plugin,wp-jobsearch,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-jobsearch-493970b9d6651de9fd021a267048266d.yaml b/nuclei-templates/cve-less/plugins/wp-jobsearch-493970b9d6651de9fd021a267048266d.yaml
index ed9bc1174b..ffe9017776 100644
--- a/nuclei-templates/cve-less/plugins/wp-jobsearch-493970b9d6651de9fd021a267048266d.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-jobsearch-493970b9d6651de9fd021a267048266d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobSearch WP Job Board <= 1.5.2 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The JobSearch WP Job Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for high-privilege attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-jobsearch/"
     google-query: inurl:"/wp-content/plugins/wp-jobsearch/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-jobsearch,medium
+  tags: cve,wordpress,wp-plugin,wp-jobsearch,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-jobsearch-e1e8b509fbe86c6565ac6936dc65e181.yaml b/nuclei-templates/cve-less/plugins/wp-jobsearch-e1e8b509fbe86c6565ac6936dc65e181.yaml
index d6f4891d68..1d05424e23 100644
--- a/nuclei-templates/cve-less/plugins/wp-jobsearch-e1e8b509fbe86c6565ac6936dc65e181.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-jobsearch-e1e8b509fbe86c6565ac6936dc65e181.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobSearch WP Job Board <= 1.5.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JobSearch WP Job Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Phone', 'Dial Code', 'Job Title', 'Academic Level', 'Age', 'Salary', 'Gender', 'Industry', 'Full Address' fields via the candidate user profile found on the user dashboard in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-jobsearch/"
     google-query: inurl:"/wp-content/plugins/wp-jobsearch/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-jobsearch,medium
+  tags: cve,wordpress,wp-plugin,wp-jobsearch,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-js-external-link-info-0d9b0b8cf0e1e0917d4472d07a7d609b.yaml b/nuclei-templates/cve-less/plugins/wp-js-external-link-info-0d9b0b8cf0e1e0917d4472d07a7d609b.yaml
index 09d0d3a607..bc23fa8d66 100644
--- a/nuclei-templates/cve-less/plugins/wp-js-external-link-info-0d9b0b8cf0e1e0917d4472d07a7d609b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-js-external-link-info-0d9b0b8cf0e1e0917d4472d07a7d609b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Js External Link Info <= 1.21 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Js External Link Info plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ and ‘blog’ parameters in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-js-external-link-info/"
     google-query: inurl:"/wp-content/plugins/wp-js-external-link-info/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-js-external-link-info,medium
+  tags: cve,wordpress,wp-plugin,wp-js-external-link-info,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-keyword-link-f68af0f4ef5270237a2dac4a79c88b36.yaml b/nuclei-templates/cve-less/plugins/wp-keyword-link-f68af0f4ef5270237a2dac4a79c88b36.yaml
index ffe6735dee..287f359ac4 100644
--- a/nuclei-templates/cve-less/plugins/wp-keyword-link-f68af0f4ef5270237a2dac4a79c88b36.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-keyword-link-f68af0f4ef5270237a2dac4a79c88b36.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Keyword link <= 1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Keyword link plugin for WordPress is vulnerable to Cross-Site Scripting via the 'limit' parameter in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-keyword-link/"
     google-query: inurl:"/wp-content/plugins/wp-keyword-link/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-keyword-link,medium
+  tags: cve,wordpress,wp-plugin,wp-keyword-link,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-last-modified-info-524d5feb3bdf1faf2643f61f231563b9.yaml b/nuclei-templates/cve-less/plugins/wp-last-modified-info-524d5feb3bdf1faf2643f61f231563b9.yaml
index f7e93a6c78..c4152e36e3 100644
--- a/nuclei-templates/cve-less/plugins/wp-last-modified-info-524d5feb3bdf1faf2643f61f231563b9.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-last-modified-info-524d5feb3bdf1faf2643f61f231563b9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Last Modified Info <= 1.6.5 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Custom Message to Display on Posts’ text field in versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for Admin+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-last-modified-info/"
     google-query: inurl:"/wp-content/plugins/wp-last-modified-info/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-last-modified-info,medium
+  tags: cve,wordpress,wp-plugin,wp-last-modified-info,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-lead-stream-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-lead-stream-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 02afdcd1cd..301a8a5226 100644
--- a/nuclei-templates/cve-less/plugins/wp-lead-stream-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-lead-stream-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-lead-stream/"
     google-query: inurl:"/wp-content/plugins/wp-lead-stream/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-lead-stream,medium
+  tags: cve,wordpress,wp-plugin,wp-lead-stream,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-less-to-css-378840583bbe122d719ad92f2c75681f.yaml b/nuclei-templates/cve-less/plugins/wp-less-to-css-378840583bbe122d719ad92f2c75681f.yaml
index 3b4e25a821..57abae2e47 100644
--- a/nuclei-templates/cve-less/plugins/wp-less-to-css-378840583bbe122d719ad92f2c75681f.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-less-to-css-378840583bbe122d719ad92f2c75681f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP LESS to CSS <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP LESS to CSS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-less-to-css/"
     google-query: inurl:"/wp-content/plugins/wp-less-to-css/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-less-to-css,medium
+  tags: cve,wordpress,wp-plugin,wp-less-to-css,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-letsencrypt-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-letsencrypt-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f19dcc406a..96e9a7f5a9 100644
--- a/nuclei-templates/cve-less/plugins/wp-letsencrypt-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-letsencrypt-ssl-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-letsencrypt-ssl/"
     google-query: inurl:"/wp-content/plugins/wp-letsencrypt-ssl/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-letsencrypt-ssl,medium
+  tags: cve,wordpress,wp-plugin,wp-letsencrypt-ssl,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-levoslideshow-5088078af30c234ceab9ea2c99baf901.yaml b/nuclei-templates/cve-less/plugins/wp-levoslideshow-5088078af30c234ceab9ea2c99baf901.yaml
index 2ed848b20e..1e467a3285 100644
--- a/nuclei-templates/cve-less/plugins/wp-levoslideshow-5088078af30c234ceab9ea2c99baf901.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-levoslideshow-5088078af30c234ceab9ea2c99baf901.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Levo Slideshow <= 2.3 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Levo Slideshow plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation via lvo_single_image_uploadrn action in versions up to, and including, 2.3. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-levoslideshow/"
     google-query: inurl:"/wp-content/plugins/wp-levoslideshow/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-levoslideshow,high
+  tags: cve,wordpress,wp-plugin,wp-levoslideshow,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-levoslideshow-99ce085e8b4d878765e949a7f07f6195.yaml b/nuclei-templates/cve-less/plugins/wp-levoslideshow-99ce085e8b4d878765e949a7f07f6195.yaml
index 006a096dbe..3ad4269c33 100644
--- a/nuclei-templates/cve-less/plugins/wp-levoslideshow-99ce085e8b4d878765e949a7f07f6195.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-levoslideshow-99ce085e8b4d878765e949a7f07f6195.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Levo Slideshow <= 2.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Levo Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘image_description’ parameter in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-levoslideshow/"
     google-query: inurl:"/wp-content/plugins/wp-levoslideshow/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-levoslideshow,medium
+  tags: cve,wordpress,wp-plugin,wp-levoslideshow,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-limit-failed-login-attempts-03550082734f798d8bdd156b8cc8a2c2.yaml b/nuclei-templates/cve-less/plugins/wp-limit-failed-login-attempts-03550082734f798d8bdd156b8cc8a2c2.yaml
index 1f2ab3ba85..05071d9a2c 100644
--- a/nuclei-templates/cve-less/plugins/wp-limit-failed-login-attempts-03550082734f798d8bdd156b8cc8a2c2.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-limit-failed-login-attempts-03550082734f798d8bdd156b8cc8a2c2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Limit Login Attempts (Spam Protection) <= 2.9 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'cp_plugins_do_button_job_later_callback' AJAX action. This makes it possible for unauthenticated attackers to install and activate other plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-limit-failed-login-attempts/"
     google-query: inurl:"/wp-content/plugins/wp-limit-failed-login-attempts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-limit-failed-login-attempts,high
+  tags: cve,wordpress,wp-plugin,wp-limit-failed-login-attempts,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-link-bio-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-link-bio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 63cbbb003e..054fbffafd 100644
--- a/nuclei-templates/cve-less/plugins/wp-link-bio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-link-bio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-link-bio/"
     google-query: inurl:"/wp-content/plugins/wp-link-bio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-link-bio,medium
+  tags: cve,wordpress,wp-plugin,wp-link-bio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-software-for-wordpress-614cced2da1395e72b78e478d2060077.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-software-for-wordpress-614cced2da1395e72b78e478d2060077.yaml
index 55106dad16..02ebb94de6 100644
--- a/nuclei-templates/cve-less/plugins/wp-live-chat-software-for-wordpress-614cced2da1395e72b78e478d2060077.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-live-chat-software-for-wordpress-614cced2da1395e72b78e478d2060077.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP LiveChat <= 3.7.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP LiveChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'livechat_email' option in versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-software-for-wordpress/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-software-for-wordpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-software-for-wordpress,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-software-for-wordpress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-1006dbdfc9efb098ea5160eab40a333c.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-1006dbdfc9efb098ea5160eab40a333c.yaml
index 8ce02d8161..f8f4aa932c 100644
--- a/nuclei-templates/cve-less/plugins/wp-live-chat-support-1006dbdfc9efb098ea5160eab40a333c.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-1006dbdfc9efb098ea5160eab40a333c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     3CX Live Chat <= 9.4.2 - Local File Inclusion
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The 3CX Live Chat plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 9.4.2 via the evaluate_php_template() function. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-5b3f76eca7d765ff7782b4367d966247.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-5b3f76eca7d765ff7782b4367d966247.yaml
index e8f2e11edf..91f951b73a 100644
--- a/nuclei-templates/cve-less/plugins/wp-live-chat-support-5b3f76eca7d765ff7782b4367d966247.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-5b3f76eca7d765ff7782b4367d966247.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Live Chat Support <= 8.1.9 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Live Chat Support for WordPress is vulnerable to Stored Cross-Site Scripting via the quick response and post functions in versions up to, and including, 8.1.9 due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-chat-support/"
     google-query: inurl:"/wp-content/plugins/wp-live-chat-support/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-live-chat-support,medium
+  tags: cve,wordpress,wp-plugin,wp-live-chat-support,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-live-tv-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-live-tv-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b1f6436955..4b1ec065b6 100644
--- a/nuclei-templates/cve-less/plugins/wp-live-tv-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-live-tv-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-live-tv/"
     google-query: inurl:"/wp-content/plugins/wp-live-tv/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-live-tv,medium
+  tags: cve,wordpress,wp-plugin,wp-live-tv,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-mail-catcher-e5e442420905170833a6af8d927d5a01.yaml b/nuclei-templates/cve-less/plugins/wp-mail-catcher-e5e442420905170833a6af8d927d5a01.yaml
index 2c2fbb7cd4..2186d1895e 100644
--- a/nuclei-templates/cve-less/plugins/wp-mail-catcher-e5e442420905170833a6af8d927d5a01.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-mail-catcher-e5e442420905170833a6af8d927d5a01.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Mail logging - WP Mail Catcher <= 2.1.3 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Mail logging – WP Mail Catcher plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 2.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-catcher/"
     google-query: inurl:"/wp-content/plugins/wp-mail-catcher/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-mail-catcher,high
+  tags: cve,wordpress,wp-plugin,wp-mail-catcher,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-mail-logging-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wp-mail-logging-18966e8228314b8165d39d48519f43cc.yaml
index a2023673de..9a66640f65 100644
--- a/nuclei-templates/cve-less/plugins/wp-mail-logging-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-mail-logging-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-logging/"
     google-query: inurl:"/wp-content/plugins/wp-mail-logging/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-mail-logging,medium
+  tags: cve,wordpress,wp-plugin,wp-mail-logging,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-mail-logging-d4ae66d5784ee57fd8bb24dc427e9062.yaml b/nuclei-templates/cve-less/plugins/wp-mail-logging-d4ae66d5784ee57fd8bb24dc427e9062.yaml
index 37fe081b94..64d7056184 100644
--- a/nuclei-templates/cve-less/plugins/wp-mail-logging-d4ae66d5784ee57fd8bb24dc427e9062.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-mail-logging-d4ae66d5784ee57fd8bb24dc427e9062.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mail Logging <= 1.8.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extractMessage’ and 'column_default' functions in versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-logging/"
     google-query: inurl:"/wp-content/plugins/wp-mail-logging/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-mail-logging,medium
+  tags: cve,wordpress,wp-plugin,wp-mail-logging,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-mail-logging-e516ec301b4cffad1129ddeea6a2940a.yaml b/nuclei-templates/cve-less/plugins/wp-mail-logging-e516ec301b4cffad1129ddeea6a2940a.yaml
index f36af6299e..92b10299a8 100644
--- a/nuclei-templates/cve-less/plugins/wp-mail-logging-e516ec301b4cffad1129ddeea6a2940a.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-mail-logging-e516ec301b4cffad1129ddeea6a2940a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mail Logging <= 1.11.2 - Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Mail Logging plugin for WordPress is vulnerable to unauthorized notice dismissal due to a missing capability check on the feedback_notice_dismiss() function in versions up to, and including, 1.11.2. This makes it possible for authenticated attackers with subscriber-level access and above to dismiss plugin notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-logging/"
     google-query: inurl:"/wp-content/plugins/wp-mail-logging/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-mail-logging,medium
+  tags: cve,wordpress,wp-plugin,wp-mail-logging,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-mail-smtp-1f2e61c0dd580a01c313ec65237451a6.yaml b/nuclei-templates/cve-less/plugins/wp-mail-smtp-1f2e61c0dd580a01c313ec65237451a6.yaml
index 9d072507f6..fb5e8ed76e 100644
--- a/nuclei-templates/cve-less/plugins/wp-mail-smtp-1f2e61c0dd580a01c313ec65237451a6.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-mail-smtp-1f2e61c0dd580a01c313ec65237451a6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mail SMTP by WPForms <= 1.3.3 - Unspecified Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Mail SMTP by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tab parameter in versions up to, and including 1.3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in administrative pages that execute whenever a user accesses the page with the stored web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mail-smtp/"
     google-query: inurl:"/wp-content/plugins/wp-mail-smtp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-mail-smtp,medium
+  tags: cve,wordpress,wp-plugin,wp-mail-smtp,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-acbdf3cc478f1988c5c3adc520bf6766.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-acbdf3cc478f1988c5c3adc520bf6766.yaml
index e4876bfe16..048a034764 100644
--- a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-acbdf3cc478f1988c5c3adc520bf6766.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-acbdf3cc478f1988c5c3adc520bf6766.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Maintenance Mode & Site Under Construction <= 1.8.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     WP Maintenance Mode & Site Under Construction Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the 'cp_plugins_do_button_job_later_callback' AJAX action. This makes it possible for unauthenticated attackers to install and activate other plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-maintenance-mode-site-under-construction/"
     google-query: inurl:"/wp-content/plugins/wp-maintenance-mode-site-under-construction/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-maintenance-mode-site-under-construction,high
+  tags: cve,wordpress,wp-plugin,wp-maintenance-mode-site-under-construction,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-dc3b48b4dca1bdc6da00b0dd6c2512e9.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-dc3b48b4dca1bdc6da00b0dd6c2512e9.yaml
index 599af16140..d79fe1093b 100644
--- a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-dc3b48b4dca1bdc6da00b0dd6c2512e9.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-dc3b48b4dca1bdc6da00b0dd6c2512e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Conditional Marketing Mailer for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Conditional Marketing Mailer for WooCommerce Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the 'cp_plugins_do_button_job_later_callback' AJAX action. This makes it possible for unauthenticated attackers to install and activate other plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-maintenance-mode-site-under-construction/"
     google-query: inurl:"/wp-content/plugins/wp-maintenance-mode-site-under-construction/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-maintenance-mode-site-under-construction,high
+  tags: cve,wordpress,wp-plugin,wp-maintenance-mode-site-under-construction,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-maximum-upload-file-size-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wp-maximum-upload-file-size-18966e8228314b8165d39d48519f43cc.yaml
index 3dc0e241fa..df3af342f0 100644
--- a/nuclei-templates/cve-less/plugins/wp-maximum-upload-file-size-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-maximum-upload-file-size-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-maximum-upload-file-size/"
     google-query: inurl:"/wp-content/plugins/wp-maximum-upload-file-size/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-maximum-upload-file-size,medium
+  tags: cve,wordpress,wp-plugin,wp-maximum-upload-file-size,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-megamenu-c6355382690553750aa0f80495721ab6.yaml b/nuclei-templates/cve-less/plugins/wp-megamenu-c6355382690553750aa0f80495721ab6.yaml
index 0e01e0beb1..14a476d022 100644
--- a/nuclei-templates/cve-less/plugins/wp-megamenu-c6355382690553750aa0f80495721ab6.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-megamenu-c6355382690553750aa0f80495721ab6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mega Menu <= 1.3.6 - Unauthenticated Settings Update to Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Mega Menu plugin for WordPress is vulnerable to unauthenticated settings updates that can lead to stored cross-site scripting in versions up to, and including 1.3.6 due to a missing capability check and insufficient validation. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-megamenu/"
     google-query: inurl:"/wp-content/plugins/wp-megamenu/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-megamenu,medium
+  tags: cve,wordpress,wp-plugin,wp-megamenu,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-members-927acdfb36c0f4e522e79fd5612163d3.yaml b/nuclei-templates/cve-less/plugins/wp-members-927acdfb36c0f4e522e79fd5612163d3.yaml
index e78fb5b909..3068ed9647 100644
--- a/nuclei-templates/cve-less/plugins/wp-members-927acdfb36c0f4e522e79fd5612163d3.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-members-927acdfb36c0f4e522e79fd5612163d3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Members Membership Plugin <= 2.8.9 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Members plugin for WordPress is vulnerable to Multiple Cross-Site Scripting via several parameters in versions before 2.8.10 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-members/"
     google-query: inurl:"/wp-content/plugins/wp-members/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-members,high
+  tags: cve,wordpress,wp-plugin,wp-members,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-memory-e5755ab6ce28e69bf31d165e7430384a.yaml b/nuclei-templates/cve-less/plugins/wp-memory-e5755ab6ce28e69bf31d165e7430384a.yaml
index 19a2ca719b..dd13a0075b 100644
--- a/nuclei-templates/cve-less/plugins/wp-memory-e5755ab6ce28e69bf31d165e7430384a.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-memory-e5755ab6ce28e69bf31d165e7430384a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin <= 2.43 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Memory Usage, Memory Limit, PHP and Server Memory Health Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.43  due to insufficient input sanitization and output escaping. This makes it possible for attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-memory/"
     google-query: inurl:"/wp-content/plugins/wp-memory/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-memory,medium
+  tags: cve,wordpress,wp-plugin,wp-memory,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-meta-and-date-remover-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-meta-and-date-remover-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0829fd9ddf..555e68de4b 100644
--- a/nuclei-templates/cve-less/plugins/wp-meta-and-date-remover-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-meta-and-date-remover-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-and-date-remover/"
     google-query: inurl:"/wp-content/plugins/wp-meta-and-date-remover/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-meta-and-date-remover,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-and-date-remover,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-320c57cb813e49326995b9fd67784965.yaml b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-320c57cb813e49326995b9fd67784965.yaml
index c216dea43b..49a04cb885 100644
--- a/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-320c57cb813e49326995b9fd67784965.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-320c57cb813e49326995b9fd67784965.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MDTF – Meta Data and Taxonomies Filter <= 1.3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.3.0.1 due to insufficient input sanitization and output escaping on user supplied 'popup_title' attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,medium
+  tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-meteor-e8d8c624f6e6d23d2dff82c9385b3265.yaml b/nuclei-templates/cve-less/plugins/wp-meteor-e8d8c624f6e6d23d2dff82c9385b3265.yaml
index 426fbbcdec..118f780924 100644
--- a/nuclei-templates/cve-less/plugins/wp-meteor-e8d8c624f6e6d23d2dff82c9385b3265.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-meteor-e8d8c624f6e6d23d2dff82c9385b3265.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Meteor Page Speed Optimization Topping <= 3.1.4 -Missing Authorization to Notice Dismissal
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Meteor Page Speed Optimization Topping plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the processAjaxNoticeDismiss function in versions up to, and including, 3.1.4. This makes it possible for authenticated attackers with subscriber level access to dismiss administrative notices.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-meteor/"
     google-query: inurl:"/wp-content/plugins/wp-meteor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-meteor,medium
+  tags: cve,wordpress,wp-plugin,wp-meteor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-miniaudioplayer-4c9bbb5092eaa29d7b825a0537618beb.yaml b/nuclei-templates/cve-less/plugins/wp-miniaudioplayer-4c9bbb5092eaa29d7b825a0537618beb.yaml
index 74c8692a13..709fc56b88 100644
--- a/nuclei-templates/cve-less/plugins/wp-miniaudioplayer-4c9bbb5092eaa29d7b825a0537618beb.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-miniaudioplayer-4c9bbb5092eaa29d7b825a0537618beb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     mb.mb.miniAudioPlayer < 1.4.3 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     Themb.miniAudioPlayer – an HTML5 audio player for your mp3 files plugin for WordPress is vulnerable to Cross-Site Scripting via the 'volume' and 'width' parameters in versions before 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-miniaudioplayer/"
     google-query: inurl:"/wp-content/plugins/wp-miniaudioplayer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-miniaudioplayer,medium
+  tags: cve,wordpress,wp-plugin,wp-miniaudioplayer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-mobile-detector-f753e4eb4ef42bb2c3d71aa325c61612.yaml b/nuclei-templates/cve-less/plugins/wp-mobile-detector-f753e4eb4ef42bb2c3d71aa325c61612.yaml
index a5cf2e057a..2636ce5bb3 100644
--- a/nuclei-templates/cve-less/plugins/wp-mobile-detector-f753e4eb4ef42bb2c3d71aa325c61612.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-mobile-detector-f753e4eb4ef42bb2c3d71aa325c61612.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Mobile Detector <= 3.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Mobile Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘websitez_options’ AJAX action in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mobile-detector/"
     google-query: inurl:"/wp-content/plugins/wp-mobile-detector/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-mobile-detector,medium
+  tags: cve,wordpress,wp-plugin,wp-mobile-detector,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-monalisa-4a1f8595afbd88494aea9ace0d288d1b.yaml b/nuclei-templates/cve-less/plugins/wp-monalisa-4a1f8595afbd88494aea9ace0d288d1b.yaml
index a1d04d4943..03ccd1dfe8 100644
--- a/nuclei-templates/cve-less/plugins/wp-monalisa-4a1f8595afbd88494aea9ace0d288d1b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-monalisa-4a1f8595afbd88494aea9ace0d288d1b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wp-Monalisa <= 6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The wp-Monalisa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its emoticon parameters in versions up to, and including, 6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-monalisa/"
     google-query: inurl:"/wp-content/plugins/wp-monalisa/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-monalisa,medium
+  tags: cve,wordpress,wp-plugin,wp-monalisa,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-mui-mass-user-input-5efd2ce0ed5c8f6b3ada49f2773bc973.yaml b/nuclei-templates/cve-less/plugins/wp-mui-mass-user-input-5efd2ce0ed5c8f6b3ada49f2773bc973.yaml
index 51e6ee5112..d8fadd57c6 100644
--- a/nuclei-templates/cve-less/plugins/wp-mui-mass-user-input-5efd2ce0ed5c8f6b3ada49f2773bc973.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-mui-mass-user-input-5efd2ce0ed5c8f6b3ada49f2773bc973.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-MUI – Mass User Input – Add and Export WP Users Quickly <= 1.8 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-MUI – Mass User Input – Add and Export WP Users Quickly plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various functions found in the ~/core/ajax_handler.php file in versions up to, and including, 1.8. This makes it possible for authenticated attackers with subscriber level permissions and above to perform unauthorized actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-mui-mass-user-input/"
     google-query: inurl:"/wp-content/plugins/wp-mui-mass-user-input/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-mui-mass-user-input,medium
+  tags: cve,wordpress,wp-plugin,wp-mui-mass-user-input,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-multisite-content-copier-600f23cea45d49c9fbecd578c78ad87f.yaml b/nuclei-templates/cve-less/plugins/wp-multisite-content-copier-600f23cea45d49c9fbecd578c78ad87f.yaml
index 29e70521b6..f86755f9e1 100644
--- a/nuclei-templates/cve-less/plugins/wp-multisite-content-copier-600f23cea45d49c9fbecd578c78ad87f.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-multisite-content-copier-600f23cea45d49c9fbecd578c78ad87f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Multisite Content Copier/Updater <= 1.4.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress Multisite Content Copier/Updater plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 1.4.0  due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-multisite-content-copier/"
     google-query: inurl:"/wp-content/plugins/wp-multisite-content-copier/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-multisite-content-copier,medium
+  tags: cve,wordpress,wp-plugin,wp-multisite-content-copier,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-munich-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-munich-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 87bb65b94f..7b5fdd51bc 100644
--- a/nuclei-templates/cve-less/plugins/wp-munich-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-munich-blocks-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-munich-blocks/"
     google-query: inurl:"/wp-content/plugins/wp-munich-blocks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-munich-blocks,medium
+  tags: cve,wordpress,wp-plugin,wp-munich-blocks,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-my-admin-bar-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-my-admin-bar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6943dd834e..2b5c61eea5 100644
--- a/nuclei-templates/cve-less/plugins/wp-my-admin-bar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-my-admin-bar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-my-admin-bar/"
     google-query: inurl:"/wp-content/plugins/wp-my-admin-bar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-my-admin-bar,medium
+  tags: cve,wordpress,wp-plugin,wp-my-admin-bar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-nested-pages-1f2c3201ce6430a901ea9b9ce7fb0cee.yaml b/nuclei-templates/cve-less/plugins/wp-nested-pages-1f2c3201ce6430a901ea9b9ce7fb0cee.yaml
index 970bc6a8f4..87ea24cabe 100644
--- a/nuclei-templates/cve-less/plugins/wp-nested-pages-1f2c3201ce6430a901ea9b9ce7fb0cee.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-nested-pages-1f2c3201ce6430a901ea9b9ce7fb0cee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Nested Pages <= 3.0.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Nested Pages plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to edit other contributors' posts along with modifying the slugs and titles.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-nested-pages/"
     google-query: inurl:"/wp-content/plugins/wp-nested-pages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-nested-pages,medium
+  tags: cve,wordpress,wp-plugin,wp-nested-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-noexternallinks-e9f11c328847b06004cf712b0d79f902.yaml b/nuclei-templates/cve-less/plugins/wp-noexternallinks-e9f11c328847b06004cf712b0d79f902.yaml
index d9570e23c3..b9f0b71779 100644
--- a/nuclei-templates/cve-less/plugins/wp-noexternallinks-e9f11c328847b06004cf712b0d79f902.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-noexternallinks-e9f11c328847b06004cf712b0d79f902.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP No External Links < 3.5.16 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP No External Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions before 3.5.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-noexternallinks/"
     google-query: inurl:"/wp-content/plugins/wp-noexternallinks/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-noexternallinks,high
+  tags: cve,wordpress,wp-plugin,wp-noexternallinks,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-notification-bell-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-notification-bell-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c6208db1e8..6e6ce180b4 100644
--- a/nuclei-templates/cve-less/plugins/wp-notification-bell-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-notification-bell-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-notification-bell/"
     google-query: inurl:"/wp-content/plugins/wp-notification-bell/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-notification-bell,medium
+  tags: cve,wordpress,wp-plugin,wp-notification-bell,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-oer-3eb3affb644d24e715bf8fc2c2551c12.yaml b/nuclei-templates/cve-less/plugins/wp-oer-3eb3affb644d24e715bf8fc2c2551c12.yaml
index d1d34ddc1f..ae8de6af30 100644
--- a/nuclei-templates/cve-less/plugins/wp-oer-3eb3affb644d24e715bf8fc2c2551c12.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-oer-3eb3affb644d24e715bf8fc2c2551c12.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP OER <= 0.9.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP OER plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 0.9.0  due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-oer/"
     google-query: inurl:"/wp-content/plugins/wp-oer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-oer,medium
+  tags: cve,wordpress,wp-plugin,wp-oer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-offers-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-offers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3eec523d48..3f152342f1 100644
--- a/nuclei-templates/cve-less/plugins/wp-offers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-offers-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-offers/"
     google-query: inurl:"/wp-content/plugins/wp-offers/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-offers,medium
+  tags: cve,wordpress,wp-plugin,wp-offers,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-opening-hours-acd8ba84e60cbc0f092ddfff82c451e8.yaml b/nuclei-templates/cve-less/plugins/wp-opening-hours-acd8ba84e60cbc0f092ddfff82c451e8.yaml
index 20225d7c5d..ae3efda145 100644
--- a/nuclei-templates/cve-less/plugins/wp-opening-hours-acd8ba84e60cbc0f092ddfff82c451e8.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-opening-hours-acd8ba84e60cbc0f092ddfff82c451e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Opening Hours <= 2.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Opening Hours plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.3.0, via the "Set Details" meta box. This makes it possible for authenticated attackers with administrator permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-opening-hours/"
     google-query: inurl:"/wp-content/plugins/wp-opening-hours/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-opening-hours,medium
+  tags: cve,wordpress,wp-plugin,wp-opening-hours,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-paypal-f591ec3fd6349f415ea113a1e0a8f96c.yaml b/nuclei-templates/cve-less/plugins/wp-paypal-f591ec3fd6349f415ea113a1e0a8f96c.yaml
index be807df9ee..cab00af277 100644
--- a/nuclei-templates/cve-less/plugins/wp-paypal-f591ec3fd6349f415ea113a1e0a8f96c.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-paypal-f591ec3fd6349f415ea113a1e0a8f96c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP PayPal <= 1.2.3.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP PayPal plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.2.3.8 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-paypal/"
     google-query: inurl:"/wp-content/plugins/wp-paypal/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-paypal,medium
+  tags: cve,wordpress,wp-plugin,wp-paypal,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-persistent-login-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-persistent-login-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c4d8d8efbb..1d62ebca58 100644
--- a/nuclei-templates/cve-less/plugins/wp-persistent-login-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-persistent-login-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-persistent-login/"
     google-query: inurl:"/wp-content/plugins/wp-persistent-login/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-persistent-login,medium
+  tags: cve,wordpress,wp-plugin,wp-persistent-login,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-b6b6c7434231029039b20df85b5959db.yaml b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-b6b6c7434231029039b20df85b5959db.yaml
index c6e425a87d..c729b0b0a7 100644
--- a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-b6b6c7434231029039b20df85b5959db.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-b6b6c7434231029039b20df85b5959db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Photo Album Plus <= 5.4.7 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'zip' parameter in versions up to, and including, 5.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-photo-album-plus/"
     google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-photo-album-plus,medium
+  tags: cve,wordpress,wp-plugin,wp-photo-album-plus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-photo-effects-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-photo-effects-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c2db9a688b..d528242f3c 100644
--- a/nuclei-templates/cve-less/plugins/wp-photo-effects-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-photo-effects-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-photo-effects/"
     google-query: inurl:"/wp-content/plugins/wp-photo-effects/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-photo-effects,medium
+  tags: cve,wordpress,wp-plugin,wp-photo-effects,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-piwik-011e9219619a7fcb5d0b0fb47e00200b.yaml b/nuclei-templates/cve-less/plugins/wp-piwik-011e9219619a7fcb5d0b0fb47e00200b.yaml
index 26a2eabd6d..bd69c20899 100644
--- a/nuclei-templates/cve-less/plugins/wp-piwik-011e9219619a7fcb5d0b0fb47e00200b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-piwik-011e9219619a7fcb5d0b0fb47e00200b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-Matomo Integration (WP-Piwik) <= 1.0.26 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.26. This is due to missing nonce validation on the show() function which makes it possible for unauthenticated attackers to modify an affected sites settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-piwik/"
     google-query: inurl:"/wp-content/plugins/wp-piwik/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-piwik,high
+  tags: cve,wordpress,wp-plugin,wp-piwik,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-plugin-info-card-25b6bae2090d69c4b65ae56919567a18.yaml b/nuclei-templates/cve-less/plugins/wp-plugin-info-card-25b6bae2090d69c4b65ae56919567a18.yaml
index c3a84e6799..2ef476801d 100644
--- a/nuclei-templates/cve-less/plugins/wp-plugin-info-card-25b6bae2090d69c4b65ae56919567a18.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-plugin-info-card-25b6bae2090d69c4b65ae56919567a18.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Plugin Info Card < 2.3.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Plugin Info Card plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘slug’ parameter in versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-plugin-info-card/"
     google-query: inurl:"/wp-content/plugins/wp-plugin-info-card/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-plugin-info-card,medium
+  tags: cve,wordpress,wp-plugin,wp-plugin-info-card,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-post-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-post-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1773301c0e..a4cb96ce15 100644
--- a/nuclei-templates/cve-less/plugins/wp-post-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-post-block-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-post-block/"
     google-query: inurl:"/wp-content/plugins/wp-post-block/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-post-block,medium
+  tags: cve,wordpress,wp-plugin,wp-post-block,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-post-page-clone-2d87c0364307edea9fea6b2a2be6834f.yaml b/nuclei-templates/cve-less/plugins/wp-post-page-clone-2d87c0364307edea9fea6b2a2be6834f.yaml
index 05a7252f28..0b021a6306 100644
--- a/nuclei-templates/cve-less/plugins/wp-post-page-clone-2d87c0364307edea9fea6b2a2be6834f.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-post-page-clone-2d87c0364307edea9fea6b2a2be6834f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Duplicate Page Plugins <= (Various Versions) - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Duplicate Page and Post, WP Post Page Clone and Duplicate Page plugins for WordPress are vulnerable to SQL Injection via the ‘post’ parameter in versions up to, and including, 2.5.6, 1.1, and 3.3 respectively, due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-post-page-clone/"
     google-query: inurl:"/wp-content/plugins/wp-post-page-clone/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-post-page-clone,high
+  tags: cve,wordpress,wp-plugin,wp-post-page-clone,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-post-to-pdf-e97d01552bb2ae8d753dbf0013cb0c0b.yaml b/nuclei-templates/cve-less/plugins/wp-post-to-pdf-e97d01552bb2ae8d753dbf0013cb0c0b.yaml
index 9cbd2ddab2..be9dae9cd1 100644
--- a/nuclei-templates/cve-less/plugins/wp-post-to-pdf-e97d01552bb2ae8d753dbf0013cb0c0b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-post-to-pdf-e97d01552bb2ae8d753dbf0013cb0c0b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Post to PDF <= 2.3.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Post to PDF plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-post-to-pdf/"
     google-query: inurl:"/wp-content/plugins/wp-post-to-pdf/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-post-to-pdf,medium
+  tags: cve,wordpress,wp-plugin,wp-post-to-pdf,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-print-friendly-07ab0ae27a6f3fee8bb775502300d8a3.yaml b/nuclei-templates/cve-less/plugins/wp-print-friendly-07ab0ae27a6f3fee8bb775502300d8a3.yaml
index f44b5f8adb..9720a541c0 100644
--- a/nuclei-templates/cve-less/plugins/wp-print-friendly-07ab0ae27a6f3fee8bb775502300d8a3.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-print-friendly-07ab0ae27a6f3fee8bb775502300d8a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Print Friendly <= 0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Print Friendly plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-print-friendly/"
     google-query: inurl:"/wp-content/plugins/wp-print-friendly/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-print-friendly,medium
+  tags: cve,wordpress,wp-plugin,wp-print-friendly,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-print-friendly-82ee0ecca0569c5ee6149d011bc22c2e.yaml b/nuclei-templates/cve-less/plugins/wp-print-friendly-82ee0ecca0569c5ee6149d011bc22c2e.yaml
index 301c5b7e91..fca46ca2bd 100644
--- a/nuclei-templates/cve-less/plugins/wp-print-friendly-82ee0ecca0569c5ee6149d011bc22c2e.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-print-friendly-82ee0ecca0569c5ee6149d011bc22c2e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Print Friendly <= 0.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Print Friendly plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘add_query_arg’ function in versions up to, and including, 0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-print-friendly/"
     google-query: inurl:"/wp-content/plugins/wp-print-friendly/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-print-friendly,medium
+  tags: cve,wordpress,wp-plugin,wp-print-friendly,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-private-content-plus-d5107af4decc8fb0ccbe36135deb72d1.yaml b/nuclei-templates/cve-less/plugins/wp-private-content-plus-d5107af4decc8fb0ccbe36135deb72d1.yaml
index c410b63540..5d066e4b6d 100644
--- a/nuclei-templates/cve-less/plugins/wp-private-content-plus-d5107af4decc8fb0ccbe36135deb72d1.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-private-content-plus-d5107af4decc8fb0ccbe36135deb72d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Private Content Plus <= 3.4 - Authenticated(Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Private Content Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Admin Settings in versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-private-content-plus/"
     google-query: inurl:"/wp-content/plugins/wp-private-content-plus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-private-content-plus,medium
+  tags: cve,wordpress,wp-plugin,wp-private-content-plus,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-private-messages-dc7758f91293ce9c92573a1104c733de.yaml b/nuclei-templates/cve-less/plugins/wp-private-messages-dc7758f91293ce9c92573a1104c733de.yaml
index 2fe9567550..6d30311e21 100644
--- a/nuclei-templates/cve-less/plugins/wp-private-messages-dc7758f91293ce9c92573a1104c733de.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-private-messages-dc7758f91293ce9c92573a1104c733de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Private Messages <= 1.0.1 - Authenticated SQL Injection
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Private Messages plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-private-messages/"
     google-query: inurl:"/wp-content/plugins/wp-private-messages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-private-messages,medium
+  tags: cve,wordpress,wp-plugin,wp-private-messages,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-radio-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-radio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 878eddc96c..2a95ec1dba 100644
--- a/nuclei-templates/cve-less/plugins/wp-radio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-radio-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-radio/"
     google-query: inurl:"/wp-content/plugins/wp-radio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-radio,medium
+  tags: cve,wordpress,wp-plugin,wp-radio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-relevant-ads-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-relevant-ads-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9cb408fa17..b67b699baf 100644
--- a/nuclei-templates/cve-less/plugins/wp-relevant-ads-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-relevant-ads-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-relevant-ads/"
     google-query: inurl:"/wp-content/plugins/wp-relevant-ads/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-relevant-ads,medium
+  tags: cve,wordpress,wp-plugin,wp-relevant-ads,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-892de5c9148c6f8df52be6ed544382d2.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-892de5c9148c6f8df52be6ed544382d2.yaml
index a8aa7e7f1a..34bd1bc762 100644
--- a/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-892de5c9148c6f8df52be6ed544382d2.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-892de5c9148c6f8df52be6ed544382d2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thumbnail Slider With Lightbox <= 1.0.17 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-responsive-slider-with-lightbox/"
     google-query: inurl:"/wp-content/plugins/wp-responsive-slider-with-lightbox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-responsive-slider-with-lightbox,high
+  tags: cve,wordpress,wp-plugin,wp-responsive-slider-with-lightbox,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-44dea4f7c7575cbbd8f534048f1c0dce.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-44dea4f7c7575cbbd8f534048f1c0dce.yaml
index 79dd795eab..a1865ec658 100644
--- a/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-44dea4f7c7575cbbd8f534048f1c0dce.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-44dea4f7c7575cbbd8f534048f1c0dce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Responsive Thumbnail Slider  < 1.0.1 -  Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for attackers to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-responsive-thumbnail-slider/"
     google-query: inurl:"/wp-content/plugins/wp-responsive-thumbnail-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-responsive-thumbnail-slider,high
+  tags: cve,wordpress,wp-plugin,wp-responsive-thumbnail-slider,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-568c91e024801d5d2e19e257aa73eeab.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-568c91e024801d5d2e19e257aa73eeab.yaml
index f7da293b54..d8a0dc34d8 100644
--- a/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-568c91e024801d5d2e19e257aa73eeab.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-568c91e024801d5d2e19e257aa73eeab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Thumbnail carousel slider < 1.0.1 - Stored Cross-Site Scripting and Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Thumbnail carousel slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting and Cross-Site Request Forgery via the ‘title’ parameter in versions before 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Stored Cross-Site scripting vulnerability requires authentication with admin-level privileges while the Cross-Site Request Forgery does not require any authentication.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-responsive-thumbnail-slider/"
     google-query: inurl:"/wp-content/plugins/wp-responsive-thumbnail-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-responsive-thumbnail-slider,high
+  tags: cve,wordpress,wp-plugin,wp-responsive-thumbnail-slider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-rss-aggregator-49339be9905399af5760c326a04d9feb.yaml b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-49339be9905399af5760c326a04d9feb.yaml
index 8e8d43a443..4367919b06 100644
--- a/nuclei-templates/cve-less/plugins/wp-rss-aggregator-49339be9905399af5760c326a04d9feb.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-49339be9905399af5760c326a04d9feb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More <= 4.6.3 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wprss_check_if_blacklist_delete() function in versions up to, and including, 4.6.3. This makes it possible for unauthenticated attackers to delete arbitrary posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rss-aggregator/"
     google-query: inurl:"/wp-content/plugins/wp-rss-aggregator/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-rss-aggregator,medium
+  tags: cve,wordpress,wp-plugin,wp-rss-aggregator,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-rss-multi-importer-7725287d44cd6757cf277fdd17b26ca6.yaml b/nuclei-templates/cve-less/plugins/wp-rss-multi-importer-7725287d44cd6757cf277fdd17b26ca6.yaml
index 1ef3792fd1..17f7a5e935 100644
--- a/nuclei-templates/cve-less/plugins/wp-rss-multi-importer-7725287d44cd6757cf277fdd17b26ca6.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-rss-multi-importer-7725287d44cd6757cf277fdd17b26ca6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP RSS Multi Importer < 3.14 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP RSS Multi Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 3.14. This is due to missing nonce validation on several GET request functions. This makes it possible for unauthenticated attackers to perform restricted actions, such as arbitrary post deletion, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rss-multi-importer/"
     google-query: inurl:"/wp-content/plugins/wp-rss-multi-importer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-rss-multi-importer,high
+  tags: cve,wordpress,wp-plugin,wp-rss-multi-importer,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-rss-retriever-9183c93b61003074c2d21915934372a5.yaml b/nuclei-templates/cve-less/plugins/wp-rss-retriever-9183c93b61003074c2d21915934372a5.yaml
index a85c0566c1..34371bc79e 100644
--- a/nuclei-templates/cve-less/plugins/wp-rss-retriever-9183c93b61003074c2d21915934372a5.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-rss-retriever-9183c93b61003074c2d21915934372a5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress RSS Feed Retriever <= 1.6.7 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress RSS Feed Retriever plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the rss_retriever_ajax_request() function called via a nopriv AJAX action in versions up to, and including, 1.6.7. This makes it possible for unauthenticated attackers to update the plugin's settings.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-rss-retriever/"
     google-query: inurl:"/wp-content/plugins/wp-rss-retriever/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-rss-retriever,medium
+  tags: cve,wordpress,wp-plugin,wp-rss-retriever,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-scheduled-posts-f11abc39d7b4372ca1d0f7ca1556eb9b.yaml b/nuclei-templates/cve-less/plugins/wp-scheduled-posts-f11abc39d7b4372ca1d0f7ca1556eb9b.yaml
index 2c677d7715..521cfe5e07 100644
--- a/nuclei-templates/cve-less/plugins/wp-scheduled-posts-f11abc39d7b4372ca1d0f7ca1556eb9b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-scheduled-posts-f11abc39d7b4372ca1d0f7ca1556eb9b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     SchedulePress <= 5.0.4 - Insufficient Authorization to Authenticated (Contributor+) Arbitrary Post Modifications
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share plugin for WordPress is vulnerable to unauthorized modification of data due to improper capability checks on several REST API endpoints in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with contributor-level access and above, to edit other's posts and delete other's posts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-scheduled-posts/"
     google-query: inurl:"/wp-content/plugins/wp-scheduled-posts/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-scheduled-posts,medium
+  tags: cve,wordpress,wp-plugin,wp-scheduled-posts,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-school-calendar-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-school-calendar-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e0399f4aea..3677c4d020 100644
--- a/nuclei-templates/cve-less/plugins/wp-school-calendar-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-school-calendar-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-school-calendar-lite/"
     google-query: inurl:"/wp-content/plugins/wp-school-calendar-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-school-calendar-lite,medium
+  tags: cve,wordpress,wp-plugin,wp-school-calendar-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-search-filter-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-search-filter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ac016b55a5..4de8e207fd 100644
--- a/nuclei-templates/cve-less/plugins/wp-search-filter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-search-filter-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-search-filter/"
     google-query: inurl:"/wp-content/plugins/wp-search-filter/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-search-filter,medium
+  tags: cve,wordpress,wp-plugin,wp-search-filter,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-908a2c5a645886182a7c18816c5cda70.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-908a2c5a645886182a7c18816c5cda70.yaml
index aa4178b64a..e2f5f0430f 100644
--- a/nuclei-templates/cve-less/plugins/wp-security-audit-log-908a2c5a645886182a7c18816c5cda70.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-908a2c5a645886182a7c18816c5cda70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Activity Log 1.5 - 2.4.3 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Activity Log plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘notice’ parameter in versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-security-audit-log/"
     google-query: inurl:"/wp-content/plugins/wp-security-audit-log/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-security-audit-log,high
+  tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b8eeb3e993..e8eacfc455 100644
--- a/nuclei-templates/cve-less/plugins/wp-security-audit-log-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-security-audit-log/"
     google-query: inurl:"/wp-content/plugins/wp-security-audit-log/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium
+  tags: cve,wordpress,wp-plugin,wp-security-audit-log,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-security-scan-c9a2376716cf70bca17532d4183c4633.yaml b/nuclei-templates/cve-less/plugins/wp-security-scan-c9a2376716cf70bca17532d4183c4633.yaml
index d0a01dffb0..6f7e14d68a 100644
--- a/nuclei-templates/cve-less/plugins/wp-security-scan-c9a2376716cf70bca17532d4183c4633.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-security-scan-c9a2376716cf70bca17532d4183c4633.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Acunetix WP Security <= 4.0.4 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Acunetix WP Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.4. This is due to missing or incorrect nonce validation in the ~/box-database-backup.php file. This makes it possible for unauthenticated attackers to trigger a database back-up via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-security-scan/"
     google-query: inurl:"/wp-content/plugins/wp-security-scan/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-security-scan,high
+  tags: cve,wordpress,wp-plugin,wp-security-scan,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-seo-keyword-optimizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-seo-keyword-optimizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 134da24e5d..f9f0a1b876 100644
--- a/nuclei-templates/cve-less/plugins/wp-seo-keyword-optimizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-seo-keyword-optimizer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-seo-keyword-optimizer/"
     google-query: inurl:"/wp-content/plugins/wp-seo-keyword-optimizer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-seo-keyword-optimizer,medium
+  tags: cve,wordpress,wp-plugin,wp-seo-keyword-optimizer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d6a41fb5f5..b031d97fcf 100644
--- a/nuclei-templates/cve-less/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages/"
     google-query: inurl:"/wp-content/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages,medium
+  tags: cve,wordpress,wp-plugin,wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-shop-original-a0116eeab00e009fd4fa3d22d8f45407.yaml b/nuclei-templates/cve-less/plugins/wp-shop-original-a0116eeab00e009fd4fa3d22d8f45407.yaml
index 4cf8f2264e..d44df54f29 100644
--- a/nuclei-templates/cve-less/plugins/wp-shop-original-a0116eeab00e009fd4fa3d22d8f45407.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-shop-original-a0116eeab00e009fd4fa3d22d8f45407.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Shop <= 3.4.3.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Shop plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting via the ‘wpshop_email’ parameter in versions up to, and including, 3.4.3.18 due to insufficient input sanitization and output escaping and missing nonce validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-shop-original/"
     google-query: inurl:"/wp-content/plugins/wp-shop-original/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-shop-original,high
+  tags: cve,wordpress,wp-plugin,wp-shop-original,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-simple-login-registration-plugin-3019f115da4ce05058864e5dcdcaacab.yaml b/nuclei-templates/cve-less/plugins/wp-simple-login-registration-plugin-3019f115da4ce05058864e5dcdcaacab.yaml
index 9e26c0e191..cc6f1ef015 100644
--- a/nuclei-templates/cve-less/plugins/wp-simple-login-registration-plugin-3019f115da4ce05058864e5dcdcaacab.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-simple-login-registration-plugin-3019f115da4ce05058864e5dcdcaacab.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Login Registration <= 1.0.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Login Registration plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-simple-login-registration-plugin/"
     google-query: inurl:"/wp-content/plugins/wp-simple-login-registration-plugin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-simple-login-registration-plugin,medium
+  tags: cve,wordpress,wp-plugin,wp-simple-login-registration-plugin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-simple-spreadsheet-fetcher-for-google-0df69cb46add8b6c0a7b0f63ee7a53a7.yaml b/nuclei-templates/cve-less/plugins/wp-simple-spreadsheet-fetcher-for-google-0df69cb46add8b6c0a7b0f63ee7a53a7.yaml
index 8fcb3269a1..7e88592791 100644
--- a/nuclei-templates/cve-less/plugins/wp-simple-spreadsheet-fetcher-for-google-0df69cb46add8b6c0a7b0f63ee7a53a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-simple-spreadsheet-fetcher-for-google-0df69cb46add8b6c0a7b0f63ee7a53a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Simple Spreadsheet Fetcher for Google < 0.3.7 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Simple Spreadsheet Fetcher for Google plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 0.3.7. This is due to missing or incorrect nonce validation on the render_settings function. This makes it possible for unauthenticated attackers to arbitrarily change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-simple-spreadsheet-fetcher-for-google/"
     google-query: inurl:"/wp-content/plugins/wp-simple-spreadsheet-fetcher-for-google/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-simple-spreadsheet-fetcher-for-google,high
+  tags: cve,wordpress,wp-plugin,wp-simple-spreadsheet-fetcher-for-google,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-04e23ac1b6365010d31ca471e4c11f32.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-04e23ac1b6365010d31ca471e4c11f32.yaml
index 9d23ea6b9e..91bafa4601 100644
--- a/nuclei-templates/cve-less/plugins/wp-slimstat-04e23ac1b6365010d31ca471e4c11f32.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-slimstat-04e23ac1b6365010d31ca471e4c11f32.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics <= 4.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Slimstat Analytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.3. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,high
+  tags: cve,wordpress,wp-plugin,wp-slimstat,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-b3e91448e22115e9d095b2a1e488e5df.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-b3e91448e22115e9d095b2a1e488e5df.yaml
index b31f2b983c..b8b5dc183c 100644
--- a/nuclei-templates/cve-less/plugins/wp-slimstat-b3e91448e22115e9d095b2a1e488e5df.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-slimstat-b3e91448e22115e9d095b2a1e488e5df.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Slimstat Analytics plugin for WordPress is vulnerable to blind SQL Injection via the ‘_data’ parameter in versions before 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,high
+  tags: cve,wordpress,wp-plugin,wp-slimstat,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-f8bccfc95e7537d4400b0b6737b24e5f.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-f8bccfc95e7537d4400b0b6737b24e5f.yaml
index 13ca5a89d0..b0a45d4318 100644
--- a/nuclei-templates/cve-less/plugins/wp-slimstat-f8bccfc95e7537d4400b0b6737b24e5f.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-slimstat-f8bccfc95e7537d4400b0b6737b24e5f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in versions up to, and including, 4.9.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level permissions, and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-slimstat/"
     google-query: inurl:"/wp-content/plugins/wp-slimstat/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-slimstat,high
+  tags: cve,wordpress,wp-plugin,wp-slimstat,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-smart-export-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-smart-export-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 04e7b36c72..3dd96733ed 100644
--- a/nuclei-templates/cve-less/plugins/wp-smart-export-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-smart-export-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-smart-export/"
     google-query: inurl:"/wp-content/plugins/wp-smart-export/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-smart-export,medium
+  tags: cve,wordpress,wp-plugin,wp-smart-export,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-sms-7216efc8a277e31e7bc37bcee5ad9a4b.yaml b/nuclei-templates/cve-less/plugins/wp-sms-7216efc8a277e31e7bc37bcee5ad9a4b.yaml
index 43cacdfa55..62abd1d307 100644
--- a/nuclei-templates/cve-less/plugins/wp-sms-7216efc8a277e31e7bc37bcee5ad9a4b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-sms-7216efc8a277e31e7bc37bcee5ad9a4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP SMS <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-sms/"
     google-query: inurl:"/wp-content/plugins/wp-sms/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-sms,medium
+  tags: cve,wordpress,wp-plugin,wp-sms,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-smushit-2b972fb379a3ef9946c652caaa66df2d.yaml b/nuclei-templates/cve-less/plugins/wp-smushit-2b972fb379a3ef9946c652caaa66df2d.yaml
index 269efd3241..7dfba95204 100644
--- a/nuclei-templates/cve-less/plugins/wp-smushit-2b972fb379a3ef9946c652caaa66df2d.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-smushit-2b972fb379a3ef9946c652caaa66df2d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smush – Lazy Load Images, Optimize & Compress Images <= 3.0.0 - Authenticated PHAR Deserialization
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Smush – Lazy Load Images, Optimize & Compress Images plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 3.0.0. This makes it possible for authenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-smushit/"
     google-query: inurl:"/wp-content/plugins/wp-smushit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-smushit,high
+  tags: cve,wordpress,wp-plugin,wp-smushit,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-smushit-3baba46cc5a286838f8fb9a60b0d6094.yaml b/nuclei-templates/cve-less/plugins/wp-smushit-3baba46cc5a286838f8fb9a60b0d6094.yaml
index 9a323fcf42..e0104af910 100644
--- a/nuclei-templates/cve-less/plugins/wp-smushit-3baba46cc5a286838f8fb9a60b0d6094.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-smushit-3baba46cc5a286838f8fb9a60b0d6094.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smush – Lazy Load Images, Optimize & Compress Images <= 2.9.1 - Cross-Site Scripting
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Smush – Lazy Load Images, Optimize & Compress Images plugin for WordPress is vulnerable to Cross-Site Scripting leading  in versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject malicious web scripts into the application.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-smushit/"
     google-query: inurl:"/wp-content/plugins/wp-smushit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-smushit,critical
+  tags: cve,wordpress,wp-plugin,wp-smushit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-special-textboxes-e6b578c644b8dec6cfd9f0e734409896.yaml b/nuclei-templates/cve-less/plugins/wp-special-textboxes-e6b578c644b8dec6cfd9f0e734409896.yaml
index fe602c8b2f..ba1adca6ca 100644
--- a/nuclei-templates/cve-less/plugins/wp-special-textboxes-e6b578c644b8dec6cfd9f0e734409896.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-special-textboxes-e6b578c644b8dec6cfd9f0e734409896.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Special Text Boxes <= 5.9.110 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Special Text Boxes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 5.9.110 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-special-textboxes/"
     google-query: inurl:"/wp-content/plugins/wp-special-textboxes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-special-textboxes,medium
+  tags: cve,wordpress,wp-plugin,wp-special-textboxes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-spid-italia-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-spid-italia-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index d260d5b500..2c6296491c 100644
--- a/nuclei-templates/cve-less/plugins/wp-spid-italia-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-spid-italia-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-spid-italia/"
     google-query: inurl:"/wp-content/plugins/wp-spid-italia/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-spid-italia,medium
+  tags: cve,wordpress,wp-plugin,wp-spid-italia,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-1510080b156a41f0be0cec87e4c71c9d.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-1510080b156a41f0be0cec87e4c71c9d.yaml
index 20526406f3..a7a19cdf07 100644
--- a/nuclei-templates/cve-less/plugins/wp-statistics-1510080b156a41f0be0cec87e4c71c9d.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-statistics-1510080b156a41f0be0cec87e4c71c9d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 13.2.5 - Authenticated (Subscriber+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Statistics plugin for WordPress is vulnerable to time-based blind SQL Injection via the ‘agent’ parameter in versions up to, and including, 13.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-statistics,high
+  tags: cve,wordpress,wp-plugin,wp-statistics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-268f3c8028825c46a53ec35cc9415801.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-268f3c8028825c46a53ec35cc9415801.yaml
index 54242f6a72..5814ace648 100644
--- a/nuclei-templates/cve-less/plugins/wp-statistics-268f3c8028825c46a53ec35cc9415801.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-statistics-268f3c8028825c46a53ec35cc9415801.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 2.2.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Statistics plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-statistics,medium
+  tags: cve,wordpress,wp-plugin,wp-statistics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-6600d372243624aa436749b499ef6260.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-6600d372243624aa436749b499ef6260.yaml
index f7ac597a63..31d2b222b1 100644
--- a/nuclei-templates/cve-less/plugins/wp-statistics-6600d372243624aa436749b499ef6260.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-statistics-6600d372243624aa436749b499ef6260.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics < 9.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Check for online users every:' & 'Coefficient per visitor:' fields in versions before 9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with admin-level privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-statistics,medium
+  tags: cve,wordpress,wp-plugin,wp-statistics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-c6fa1f77c447ad70ead1d031770de1e9.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-c6fa1f77c447ad70ead1d031770de1e9.yaml
index 1b1fa1c53c..66c7a8daf8 100644
--- a/nuclei-templates/cve-less/plugins/wp-statistics-c6fa1f77c447ad70ead1d031770de1e9.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-statistics-c6fa1f77c447ad70ead1d031770de1e9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics <= 9.5.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Statistics plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 9.5.1 due to insufficient input sanitization and output escaping on the top-referrers page. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-statistics,medium
+  tags: cve,wordpress,wp-plugin,wp-statistics,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-e9a7d43315eb08a5c15f9831030945e8.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-e9a7d43315eb08a5c15f9831030945e8.yaml
index e91e180814..19e1c2a555 100644
--- a/nuclei-templates/cve-less/plugins/wp-statistics-e9a7d43315eb08a5c15f9831030945e8.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-statistics-e9a7d43315eb08a5c15f9831030945e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Statistics < 9.4.1 - Authenticated Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP Statistics plugin for WordPress is vulnerable to blind SQL Injection via the ‘page-id’ parameter in versions before 9.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers at the administrator-level role to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-statistics/"
     google-query: inurl:"/wp-content/plugins/wp-statistics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-statistics,high
+  tags: cve,wordpress,wp-plugin,wp-statistics,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-stripe-donation-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-stripe-donation-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e49ee70f53..afc3d55d4e 100644
--- a/nuclei-templates/cve-less/plugins/wp-stripe-donation-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-stripe-donation-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-stripe-donation/"
     google-query: inurl:"/wp-content/plugins/wp-stripe-donation/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-stripe-donation,medium
+  tags: cve,wordpress,wp-plugin,wp-stripe-donation,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-structured-data-schema-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-structured-data-schema-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 160c5d37ce..18851030f5 100644
--- a/nuclei-templates/cve-less/plugins/wp-structured-data-schema-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-structured-data-schema-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-structured-data-schema/"
     google-query: inurl:"/wp-content/plugins/wp-structured-data-schema/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-structured-data-schema,medium
+  tags: cve,wordpress,wp-plugin,wp-structured-data-schema,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-super-cache-0063bb4beaa99595ff7d4e40026fb686.yaml b/nuclei-templates/cve-less/plugins/wp-super-cache-0063bb4beaa99595ff7d4e40026fb686.yaml
index 7cdc7c6965..bfb7f2284d 100644
--- a/nuclei-templates/cve-less/plugins/wp-super-cache-0063bb4beaa99595ff7d4e40026fb686.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-super-cache-0063bb4beaa99595ff7d4e40026fb686.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Super Cache <= 1.4.4 - Authenticated File Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WP Super Cache plugin for WordPress is vulnerable to Authenticated File Deletion in versions up to, and including, 1.4.4. Code that sanitized directory paths when deleting cache files wasn't secure and might allow an attacker to view or delete files named index.html. This makes it possible for authenticated attackers to delete some index files, which can lead to some site accessibility issues and information disclosure.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-super-cache/"
     google-query: inurl:"/wp-content/plugins/wp-super-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-super-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-super-cache,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-super-cache-5536ba6a87acebd391c60f6bc2e48bf9.yaml b/nuclei-templates/cve-less/plugins/wp-super-cache-5536ba6a87acebd391c60f6bc2e48bf9.yaml
index 11ebb0b8c6..36051df3c7 100644
--- a/nuclei-templates/cve-less/plugins/wp-super-cache-5536ba6a87acebd391c60f6bc2e48bf9.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-super-cache-5536ba6a87acebd391c60f6bc2e48bf9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Super Cache <= 1.4.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Super Cashe plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-super-cache/"
     google-query: inurl:"/wp-content/plugins/wp-super-cache/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-super-cache,medium
+  tags: cve,wordpress,wp-plugin,wp-super-cache,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-43205c5c452a1868decf3021c2397818.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-43205c5c452a1868decf3021c2397818.yaml
index 26b10d5581..eb28e2860f 100644
--- a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-43205c5c452a1868decf3021c2397818.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-43205c5c452a1868decf3021c2397818.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Support Plus Responsive Ticket System <= 8.0.7 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Support Plus Responsive Ticket System plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including 8.0.7. This is due to insufficient file type validation on the wpsp_upload_attachment AJAX action which makes it possible for authenticated attackers to upload arbitrary files that could be used to obtain remote code execution.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/"
     google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,high
+  tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-fac707dbaf41d85badb955071bceca40.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-fac707dbaf41d85badb955071bceca40.yaml
index 374bb69ea3..df529248c1 100644
--- a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-fac707dbaf41d85badb955071bceca40.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-fac707dbaf41d85badb955071bceca40.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Support Plus Responsive Ticket System <= 7.1.4 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Support Plus Responsive Ticket System plugin for WordPress is vulnerable to generic SQL Injection via the "$_POST[‘cat_id’]" parameter in versions up to, and including, 7.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/"
     google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,high
+  tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-survey-and-quiz-tool-fe7166fce08ea1c027bfc2808eb6d8de.yaml b/nuclei-templates/cve-less/plugins/wp-survey-and-quiz-tool-fe7166fce08ea1c027bfc2808eb6d8de.yaml
index 4ec13ef9ce..d20129a438 100644
--- a/nuclei-templates/cve-less/plugins/wp-survey-and-quiz-tool-fe7166fce08ea1c027bfc2808eb6d8de.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-survey-and-quiz-tool-fe7166fce08ea1c027bfc2808eb6d8de.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Survey And Quiz Tool <= 2.9.2 - Unauthenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Survey And Quiz Tool plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-survey-and-quiz-tool/"
     google-query: inurl:"/wp-content/plugins/wp-survey-and-quiz-tool/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-survey-and-quiz-tool,medium
+  tags: cve,wordpress,wp-plugin,wp-survey-and-quiz-tool,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-f25290eae54007b679e22d13b90a23ce.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-f25290eae54007b679e22d13b90a23ce.yaml
index 91e44ffdb9..bf0647ef9d 100644
--- a/nuclei-templates/cve-less/plugins/wp-symposium-f25290eae54007b679e22d13b90a23ce.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-symposium-f25290eae54007b679e22d13b90a23ce.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Symposium < 15.8 - Blind SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Symposium plugin for WordPress is vulnerable to blind SQL Injection in versions before 15.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-symposium/"
     google-query: inurl:"/wp-content/plugins/wp-symposium/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-symposium,high
+  tags: cve,wordpress,wp-plugin,wp-symposium,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-pro-22fdef306e2010977a36342bab3a6db5.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-pro-22fdef306e2010977a36342bab3a6db5.yaml
index 269ae72e3f..1f21246837 100644
--- a/nuclei-templates/cve-less/plugins/wp-symposium-pro-22fdef306e2010977a36342bab3a6db5.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-symposium-pro-22fdef306e2010977a36342bab3a6db5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Symposium Pro < 16.01 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP Symposium Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 16.01. This is due to missing or incorrect nonce validation on the edit profile page. This makes it possible for unauthenticated attackers to change a user's password leading to full account takeover via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-symposium-pro/"
     google-query: inurl:"/wp-content/plugins/wp-symposium-pro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-symposium-pro,high
+  tags: cve,wordpress,wp-plugin,wp-symposium-pro,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-table-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-table-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c82e87c55f..2737b6b326 100644
--- a/nuclei-templates/cve-less/plugins/wp-table-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-table-builder-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-table-builder/"
     google-query: inurl:"/wp-content/plugins/wp-table-builder/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-table-builder,medium
+  tags: cve,wordpress,wp-plugin,wp-table-builder,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-ticket-96b4fb44cfb3ecbb2e1732d4d6ba46bb.yaml b/nuclei-templates/cve-less/plugins/wp-ticket-96b4fb44cfb3ecbb2e1732d4d6ba46bb.yaml
index 8a193871a4..ae2ab8f8dc 100644
--- a/nuclei-templates/cve-less/plugins/wp-ticket-96b4fb44cfb3ecbb2e1732d4d6ba46bb.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-ticket-96b4fb44cfb3ecbb2e1732d4d6ba46bb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Customer Service Software & Support Ticket System <= 5.12.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Customer Service Software & Support Ticket System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.12.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ticket/"
     google-query: inurl:"/wp-content/plugins/wp-ticket/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-ticket,medium
+  tags: cve,wordpress,wp-plugin,wp-ticket,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-to-buffer-95f254edf062c496895c196beac952e1.yaml b/nuclei-templates/cve-less/plugins/wp-to-buffer-95f254edf062c496895c196beac952e1.yaml
index 16cdb95741..e56aa4b79f 100644
--- a/nuclei-templates/cve-less/plugins/wp-to-buffer-95f254edf062c496895c196beac952e1.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-to-buffer-95f254edf062c496895c196beac952e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress to Buffer <= 3.8.1 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress to Buffer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-to-buffer/"
     google-query: inurl:"/wp-content/plugins/wp-to-buffer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-to-buffer,medium
+  tags: cve,wordpress,wp-plugin,wp-to-buffer,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-to-hootsuite-ed03689d193897df0f01e218797bc0ef.yaml b/nuclei-templates/cve-less/plugins/wp-to-hootsuite-ed03689d193897df0f01e218797bc0ef.yaml
index e248888912..37c0139117 100644
--- a/nuclei-templates/cve-less/plugins/wp-to-hootsuite-ed03689d193897df0f01e218797bc0ef.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-to-hootsuite-ed03689d193897df0f01e218797bc0ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress to Hootsuite <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WordPress to Hootsuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-to-hootsuite/"
     google-query: inurl:"/wp-content/plugins/wp-to-hootsuite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-to-hootsuite,medium
+  tags: cve,wordpress,wp-plugin,wp-to-hootsuite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-tools-divi-blog-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-tools-divi-blog-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 51fd0d0648..7c0467e0b2 100644
--- a/nuclei-templates/cve-less/plugins/wp-tools-divi-blog-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-tools-divi-blog-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-tools-divi-blog-carousel/"
     google-query: inurl:"/wp-content/plugins/wp-tools-divi-blog-carousel/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-tools-divi-blog-carousel,medium
+  tags: cve,wordpress,wp-plugin,wp-tools-divi-blog-carousel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-tools-divi-product-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-tools-divi-product-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 748d337fea..9ba60bfe73 100644
--- a/nuclei-templates/cve-less/plugins/wp-tools-divi-product-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-tools-divi-product-carousel-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-tools-divi-product-carousel/"
     google-query: inurl:"/wp-content/plugins/wp-tools-divi-product-carousel/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-tools-divi-product-carousel,medium
+  tags: cve,wordpress,wp-plugin,wp-tools-divi-product-carousel,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-tools-gravity-forms-divi-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-tools-gravity-forms-divi-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 3ce0a01bf7..f67b86edb1 100644
--- a/nuclei-templates/cve-less/plugins/wp-tools-gravity-forms-divi-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-tools-gravity-forms-divi-module-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-tools-gravity-forms-divi-module/"
     google-query: inurl:"/wp-content/plugins/wp-tools-gravity-forms-divi-module/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-tools-gravity-forms-divi-module,medium
+  tags: cve,wordpress,wp-plugin,wp-tools-gravity-forms-divi-module,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-top-news-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-top-news-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 643784868c..2e7ea62df8 100644
--- a/nuclei-templates/cve-less/plugins/wp-top-news-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-top-news-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-top-news/"
     google-query: inurl:"/wp-content/plugins/wp-top-news/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-top-news,medium
+  tags: cve,wordpress,wp-plugin,wp-top-news,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-topbar-633e46af2038cc804c4d8333e35d9bb7.yaml b/nuclei-templates/cve-less/plugins/wp-topbar-633e46af2038cc804c4d8333e35d9bb7.yaml
index a8bd57f46d..0f3d88a694 100644
--- a/nuclei-templates/cve-less/plugins/wp-topbar-633e46af2038cc804c4d8333e35d9bb7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-topbar-633e46af2038cc804c4d8333e35d9bb7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP-TopBar <= 3.04 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP-TopBar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of ZeroClipboard in versions up to, and including, 3.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-topbar/"
     google-query: inurl:"/wp-content/plugins/wp-topbar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-topbar,medium
+  tags: cve,wordpress,wp-plugin,wp-topbar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-travel-engine-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-travel-engine-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 526f586cc0..ad31b45f28 100644
--- a/nuclei-templates/cve-less/plugins/wp-travel-engine-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-travel-engine-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-travel-engine/"
     google-query: inurl:"/wp-content/plugins/wp-travel-engine/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-travel-engine,medium
+  tags: cve,wordpress,wp-plugin,wp-travel-engine,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-twilio-core-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-twilio-core-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 984f570528..d732e5dd7a 100644
--- a/nuclei-templates/cve-less/plugins/wp-twilio-core-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-twilio-core-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-twilio-core/"
     google-query: inurl:"/wp-content/plugins/wp-twilio-core/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-twilio-core,medium
+  tags: cve,wordpress,wp-plugin,wp-twilio-core,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-75438814e26aeaea61aafcd29b551852.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-75438814e26aeaea61aafcd29b551852.yaml
index 481dd5e61c..fb32d34ca0 100644
--- a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-75438814e26aeaea61aafcd29b551852.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-75438814e26aeaea61aafcd29b551852.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Ultimate CSV Importer  <= 6.4.0 - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WP Ultimate CSV Importer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip_upload AJAX call in versions up to, and including, 6.4.0. This makes it possible for subscriber-level attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high
+  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-9112916c5852d2f0b814be06e90dc90b.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-9112916c5852d2f0b814be06e90dc90b.yaml
index 31176209b0..2ed3b96e6f 100644
--- a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-9112916c5852d2f0b814be06e90dc90b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-9112916c5852d2f0b814be06e90dc90b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Drag And drop All Import : WP Ultimate CSV Importer < 6.4.1 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Ultimate CSV Importer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions like upload_function(), display_log(), download_log(), display_csv_values(), etc... in versions up to 6.4.1. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to perform many unauthorized actions and retrieve sensitive data.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/"
     google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,medium
+  tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-user-frontend-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wp-user-frontend-18966e8228314b8165d39d48519f43cc.yaml
index f8fc1b01a6..017cabde4f 100644
--- a/nuclei-templates/cve-less/plugins/wp-user-frontend-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-user-frontend-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-frontend/"
     google-query: inurl:"/wp-content/plugins/wp-user-frontend/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-user-frontend,medium
+  tags: cve,wordpress,wp-plugin,wp-user-frontend,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-user-frontend-52f719767f15ee080cb75a30bc027c64.yaml b/nuclei-templates/cve-less/plugins/wp-user-frontend-52f719767f15ee080cb75a30bc027c64.yaml
index 043e9d1c6b..1628b132d1 100644
--- a/nuclei-templates/cve-less/plugins/wp-user-frontend-52f719767f15ee080cb75a30bc027c64.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-user-frontend-52f719767f15ee080cb75a30bc027c64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress < 3.5.25 - Authenticated (Admin+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions before 3.5.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-frontend/"
     google-query: inurl:"/wp-content/plugins/wp-user-frontend/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-user-frontend,high
+  tags: cve,wordpress,wp-plugin,wp-user-frontend,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-user-groups-bf634e73fd86b893cfe39f853485f27b.yaml b/nuclei-templates/cve-less/plugins/wp-user-groups-bf634e73fd86b893cfe39f853485f27b.yaml
index 3cf0c0fe22..9cbc66ba4d 100644
--- a/nuclei-templates/cve-less/plugins/wp-user-groups-bf634e73fd86b893cfe39f853485f27b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-user-groups-bf634e73fd86b893cfe39f853485f27b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP User Groups <= 2.1.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WP User Groups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on the save_terms_for_user and handle_bulk_actions functions. This makes it possible for unauthenticated attackers to perform otherwise restricted administrative actions like putting users into groups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-user-groups/"
     google-query: inurl:"/wp-content/plugins/wp-user-groups/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-user-groups,high
+  tags: cve,wordpress,wp-plugin,wp-user-groups,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-vault-adc5003f671700d129ab7c75b33ee75d.yaml b/nuclei-templates/cve-less/plugins/wp-vault-adc5003f671700d129ab7c75b33ee75d.yaml
index 3255fc46ea..fcdab57b9a 100644
--- a/nuclei-templates/cve-less/plugins/wp-vault-adc5003f671700d129ab7c75b33ee75d.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-vault-adc5003f671700d129ab7c75b33ee75d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Vault <= 0.8.6.6 - Local File Inclusion
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The WP Vault plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 0.8.6.6 via the 'wpv-image' parameter. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-vault/"
     google-query: inurl:"/wp-content/plugins/wp-vault/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-vault,medium
+  tags: cve,wordpress,wp-plugin,wp-vault,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-1c782b4e649e4631f30e49b11990c278.yaml b/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-1c782b4e649e4631f30e49b11990c278.yaml
index 283b7d9a5a..439be740fb 100644
--- a/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-1c782b4e649e4631f30e49b11990c278.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-1c782b4e649e4631f30e49b11990c278.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wordpress vertical image slider plugin < 1.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The "wordpress vertical image slider plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery via several functions in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload malicious files among other actions granted they can trick a site's administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-vertical-image-slider/"
     google-query: inurl:"/wp-content/plugins/wp-vertical-image-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-vertical-image-slider,high
+  tags: cve,wordpress,wp-plugin,wp-vertical-image-slider,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-edc2879e6dbbc4290d65d5576c4e456b.yaml b/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-edc2879e6dbbc4290d65d5576c4e456b.yaml
index 531b44b6f9..318aec04bd 100644
--- a/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-edc2879e6dbbc4290d65d5576c4e456b.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-edc2879e6dbbc4290d65d5576c4e456b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wordpress vertical image slider plugin < 1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘imagetitle’ and ‘imageurl’ parameters in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-vertical-image-slider/"
     google-query: inurl:"/wp-content/plugins/wp-vertical-image-slider/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-vertical-image-slider,medium
+  tags: cve,wordpress,wp-plugin,wp-vertical-image-slider,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-video-lightbox-92e1a581ed538c56c551dca01e319f17.yaml b/nuclei-templates/cve-less/plugins/wp-video-lightbox-92e1a581ed538c56c551dca01e319f17.yaml
index 7d0b02758c..a2d92a457c 100644
--- a/nuclei-templates/cve-less/plugins/wp-video-lightbox-92e1a581ed538c56c551dca01e319f17.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-video-lightbox-92e1a581ed538c56c551dca01e319f17.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Lightbox <= 1.9.5 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Video Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-video-lightbox/"
     google-query: inurl:"/wp-content/plugins/wp-video-lightbox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-video-lightbox,medium
+  tags: cve,wordpress,wp-plugin,wp-video-lightbox,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-visited-countries-reloaded-4a0f27da648b505730f70f317974fdf7.yaml b/nuclei-templates/cve-less/plugins/wp-visited-countries-reloaded-4a0f27da648b505730f70f317974fdf7.yaml
index dd8b0eaf99..38f6f2af9a 100644
--- a/nuclei-templates/cve-less/plugins/wp-visited-countries-reloaded-4a0f27da648b505730f70f317974fdf7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-visited-countries-reloaded-4a0f27da648b505730f70f317974fdf7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Visited Countries Reloaded <= 3.1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP Visited Countries Reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-visited-countries-reloaded/"
     google-query: inurl:"/wp-content/plugins/wp-visited-countries-reloaded/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-visited-countries-reloaded,medium
+  tags: cve,wordpress,wp-plugin,wp-visited-countries-reloaded,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp-woo-commerce-sync-for-g-sheet-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wp-woo-commerce-sync-for-g-sheet-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c40711c077..5c02099d3d 100644
--- a/nuclei-templates/cve-less/plugins/wp-woo-commerce-sync-for-g-sheet-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wp-woo-commerce-sync-for-g-sheet-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp-woo-commerce-sync-for-g-sheet/"
     google-query: inurl:"/wp-content/plugins/wp-woo-commerce-sync-for-g-sheet/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp-woo-commerce-sync-for-g-sheet,medium
+  tags: cve,wordpress,wp-plugin,wp-woo-commerce-sync-for-g-sheet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp24-domain-check-d62c21a080a1bd7668ca5e7c3c2401ec.yaml b/nuclei-templates/cve-less/plugins/wp24-domain-check-d62c21a080a1bd7668ca5e7c3c2401ec.yaml
index 83f041418f..2aa7e7af5a 100644
--- a/nuclei-templates/cve-less/plugins/wp24-domain-check-d62c21a080a1bd7668ca5e7c3c2401ec.yaml
+++ b/nuclei-templates/cve-less/plugins/wp24-domain-check-d62c21a080a1bd7668ca5e7c3c2401ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP24 Domain Check <= 1.6.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WP24 Domain Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp24-domain-check/"
     google-query: inurl:"/wp-content/plugins/wp24-domain-check/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp24-domain-check,medium
+  tags: cve,wordpress,wp-plugin,wp24-domain-check,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp_estimation_form-d691c077b0b5b8af36c29715d058c65d.yaml b/nuclei-templates/cve-less/plugins/wp_estimation_form-d691c077b0b5b8af36c29715d058c65d.yaml
index 64c67c7c8a..1911135b57 100644
--- a/nuclei-templates/cve-less/plugins/wp_estimation_form-d691c077b0b5b8af36c29715d058c65d.yaml
+++ b/nuclei-templates/cve-less/plugins/wp_estimation_form-d691c077b0b5b8af36c29715d058c65d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Additionally, the attacker can also delete files on the server such as database configuration files, subsequently uploading their own database files.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/WP_Estimation_Form/"
     google-query: inurl:"/wp-content/plugins/WP_Estimation_Form/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,WP_Estimation_Form,critical
+  tags: cve,wordpress,wp-plugin,WP_Estimation_Form,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp_rokbox-88e8ba621a8292f361dd4b3feafab680.yaml b/nuclei-templates/cve-less/plugins/wp_rokbox-88e8ba621a8292f361dd4b3feafab680.yaml
index 0be5d0e2d5..102dba556d 100644
--- a/nuclei-templates/cve-less/plugins/wp_rokbox-88e8ba621a8292f361dd4b3feafab680.yaml
+++ b/nuclei-templates/cve-less/plugins/wp_rokbox-88e8ba621a8292f361dd4b3feafab680.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress RokBox <= 2.13 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WordPress RokBox plugin is vulnerable to Cross-Site Scripting via the 'src' and 'abouttext' parameters in the 'thumb.php' and 'jwplayer.swf' files in versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp_rokbox/"
     google-query: inurl:"/wp-content/plugins/wp_rokbox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp_rokbox,medium
+  tags: cve,wordpress,wp-plugin,wp_rokbox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp_rokintroscroller-597c6e67a31af6c6a7a2d601240421fb.yaml b/nuclei-templates/cve-less/plugins/wp_rokintroscroller-597c6e67a31af6c6a7a2d601240421fb.yaml
index ae9eee085a..c64cefdb8c 100644
--- a/nuclei-templates/cve-less/plugins/wp_rokintroscroller-597c6e67a31af6c6a7a2d601240421fb.yaml
+++ b/nuclei-templates/cve-less/plugins/wp_rokintroscroller-597c6e67a31af6c6a7a2d601240421fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RokIntroScroller <= 1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RokIntroScroller plugin for WordPress is vulnerable to Cross-Site Scripting via the 'src' parameter in the 'thumb.php' file in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp_rokintroscroller/"
     google-query: inurl:"/wp-content/plugins/wp_rokintroscroller/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp_rokintroscroller,medium
+  tags: cve,wordpress,wp-plugin,wp_rokintroscroller,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp_roknewspager-fa459b52ecf85365dc55ab67da949392.yaml b/nuclei-templates/cve-less/plugins/wp_roknewspager-fa459b52ecf85365dc55ab67da949392.yaml
index f97819df33..0260cbaf3a 100644
--- a/nuclei-templates/cve-less/plugins/wp_roknewspager-fa459b52ecf85365dc55ab67da949392.yaml
+++ b/nuclei-templates/cve-less/plugins/wp_roknewspager-fa459b52ecf85365dc55ab67da949392.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RokNewsPager <= 1.17 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RokNewsPager plugin for WordPress is vulnerable to Cross-Site Scripting via the 'src' parameter in the 'thumb.php' file in versions up to, and including, 1.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp_roknewspager/"
     google-query: inurl:"/wp-content/plugins/wp_roknewspager/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp_roknewspager,medium
+  tags: cve,wordpress,wp-plugin,wp_roknewspager,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wp_rokstories-bd3c8934fd0962d780c7ee3f1bf2f569.yaml b/nuclei-templates/cve-less/plugins/wp_rokstories-bd3c8934fd0962d780c7ee3f1bf2f569.yaml
index c1a7e55959..b049b09d5f 100644
--- a/nuclei-templates/cve-less/plugins/wp_rokstories-bd3c8934fd0962d780c7ee3f1bf2f569.yaml
+++ b/nuclei-templates/cve-less/plugins/wp_rokstories-bd3c8934fd0962d780c7ee3f1bf2f569.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     RokStories <= 1.25 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The RokStories plugin for WordPress is vulnerable to Cross-Site Scripting via the 'src' parameter in the 'thumb.php' file in versions up to, and including, 1.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wp_rokstories/"
     google-query: inurl:"/wp-content/plugins/wp_rokstories/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wp_rokstories,medium
+  tags: cve,wordpress,wp-plugin,wp_rokstories,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpbits-addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wpbits-addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index adb3a234e5..1b4e227216 100644
--- a/nuclei-templates/cve-less/plugins/wpbits-addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wpbits-addons-for-elementor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpbits-addons-for-elementor/"
     google-query: inurl:"/wp-content/plugins/wpbits-addons-for-elementor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpbits-addons-for-elementor,medium
+  tags: cve,wordpress,wp-plugin,wpbits-addons-for-elementor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpbook-596940e1ffaab74a13bdb327bf203eca.yaml b/nuclei-templates/cve-less/plugins/wpbook-596940e1ffaab74a13bdb327bf203eca.yaml
index 5ec32c0b5b..1759c66d03 100644
--- a/nuclei-templates/cve-less/plugins/wpbook-596940e1ffaab74a13bdb327bf203eca.yaml
+++ b/nuclei-templates/cve-less/plugins/wpbook-596940e1ffaab74a13bdb327bf203eca.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPBook <= 2.7 - Unauthenticated Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WPBook plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7. This is due to missing nonce validation on the wpbook_subpanel() function. This makes it possible for unauthenticated attackers to modify a vulnerable sites Facebook connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpbook/"
     google-query: inurl:"/wp-content/plugins/wpbook/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpbook,high
+  tags: cve,wordpress,wp-plugin,wpbook,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpcf7-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wpcf7-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 44654451b4..64f78ade7a 100644
--- a/nuclei-templates/cve-less/plugins/wpcf7-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wpcf7-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpcf7-redirect/"
     google-query: inurl:"/wp-content/plugins/wpcf7-redirect/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpcf7-redirect,medium
+  tags: cve,wordpress,wp-plugin,wpcf7-redirect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-a97759482458c44cbd86520addf0e715.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-a97759482458c44cbd86520addf0e715.yaml
index 7878c4f8fd..8c75a7d768 100644
--- a/nuclei-templates/cve-less/plugins/wpdiscuz-a97759482458c44cbd86520addf0e715.yaml
+++ b/nuclei-templates/cve-less/plugins/wpdiscuz-a97759482458c44cbd86520addf0e715.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     wpDiscuz <= 7.6.5 - Unauthenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The wpDiscuz plugin for WordPress is vulnerable to SQL Injection via the 'visibleCommentIds' parameter in versions up to, and including, 7.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This requires the 'Live Update' functionality to be enabled for subscriber+ exploitation, and the 'Enable Live Update for Guests' setting enabled for unauthenticated exploitation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpdiscuz/"
     google-query: inurl:"/wp-content/plugins/wpdiscuz/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpdiscuz,high
+  tags: cve,wordpress,wp-plugin,wpdiscuz,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpforms-lite-0425ae56a9fab522c188634fc2eda86f.yaml b/nuclei-templates/cve-less/plugins/wpforms-lite-0425ae56a9fab522c188634fc2eda86f.yaml
index 06f32597b3..750dc44b09 100644
--- a/nuclei-templates/cve-less/plugins/wpforms-lite-0425ae56a9fab522c188634fc2eda86f.yaml
+++ b/nuclei-templates/cve-less/plugins/wpforms-lite-0425ae56a9fab522c188634fc2eda86f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.4.7.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tab parameter in versions up to, and including 1.4.7. This makes it possible for lower-privileged attackers to inject arbitrary web scripts in administrative pages that execute whenever a user accesses the page with the stored web scripts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforms-lite/"
     google-query: inurl:"/wp-content/plugins/wpforms-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpforms-lite,medium
+  tags: cve,wordpress,wp-plugin,wpforms-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpforms-lite-316c95f4f3b5891fdd91af058dfb9524.yaml b/nuclei-templates/cve-less/plugins/wpforms-lite-316c95f4f3b5891fdd91af058dfb9524.yaml
index 123cb0588e..104a6fbb87 100644
--- a/nuclei-templates/cve-less/plugins/wpforms-lite-316c95f4f3b5891fdd91af058dfb9524.yaml
+++ b/nuclei-templates/cve-less/plugins/wpforms-lite-316c95f4f3b5891fdd91af058dfb9524.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by WPForms <= 1.4.8 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Contact Form by WPForms for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforms-lite/"
     google-query: inurl:"/wp-content/plugins/wpforms-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpforms-lite,high
+  tags: cve,wordpress,wp-plugin,wpforms-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpforms-lite-3d5a86cd8278e1869b165a5be40a3baa.yaml b/nuclei-templates/cve-less/plugins/wpforms-lite-3d5a86cd8278e1869b165a5be40a3baa.yaml
index d24187a996..e9835d2301 100644
--- a/nuclei-templates/cve-less/plugins/wpforms-lite-3d5a86cd8278e1869b165a5be40a3baa.yaml
+++ b/nuclei-templates/cve-less/plugins/wpforms-lite-3d5a86cd8278e1869b165a5be40a3baa.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Contact Form by WPForms <= 1.7.5.3 - Authenticated (Administrator+) Arbitrary File Access via Path Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Contact Form by WPForms plugin for WordPress is vulnerable to Directory Traversal via email template paths in versions up to, and including, 1.7.5.3. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpforms-lite/"
     google-query: inurl:"/wp-content/plugins/wpforms-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpforms-lite,medium
+  tags: cve,wordpress,wp-plugin,wpforms-lite,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpfunnels-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wpfunnels-18966e8228314b8165d39d48519f43cc.yaml
index 723d872a02..223c520453 100644
--- a/nuclei-templates/cve-less/plugins/wpfunnels-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wpfunnels-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpfunnels/"
     google-query: inurl:"/wp-content/plugins/wpfunnels/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpfunnels,medium
+  tags: cve,wordpress,wp-plugin,wpfunnels,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpgetapi-4c6d6429665eac8877ce0e75f13992a4.yaml b/nuclei-templates/cve-less/plugins/wpgetapi-4c6d6429665eac8877ce0e75f13992a4.yaml
index 5ab8acc04c..ddc54b08c7 100644
--- a/nuclei-templates/cve-less/plugins/wpgetapi-4c6d6429665eac8877ce0e75f13992a4.yaml
+++ b/nuclei-templates/cve-less/plugins/wpgetapi-4c6d6429665eac8877ce0e75f13992a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPGetAPI 2.1.0 - 2.2.1 - Authenticated (Subscriber+) Arbitrary Options Update
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPGetAPI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_endpoints() function in versions 2.1.0 - 2.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be leveraged for privilege escalation.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpgetapi/"
     google-query: inurl:"/wp-content/plugins/wpgetapi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpgetapi,medium
+  tags: cve,wordpress,wp-plugin,wpgetapi,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpgform-6647340253053f9bdb1fb3f23b4abe85.yaml b/nuclei-templates/cve-less/plugins/wpgform-6647340253053f9bdb1fb3f23b4abe85.yaml
index e992060124..546f5fd20b 100644
--- a/nuclei-templates/cve-less/plugins/wpgform-6647340253053f9bdb1fb3f23b4abe85.yaml
+++ b/nuclei-templates/cve-less/plugins/wpgform-6647340253053f9bdb1fb3f23b4abe85.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Google Forms < 0.85 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Google Forms plugin for WordPress is vulnerable to Cross-Site Scripting via the 'page' parameter in versions before 0.85 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpgform/"
     google-query: inurl:"/wp-content/plugins/wpgform/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpgform,medium
+  tags: cve,wordpress,wp-plugin,wpgform,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpgsi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wpgsi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7cad82446f..64b276f28f 100644
--- a/nuclei-templates/cve-less/plugins/wpgsi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wpgsi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpgsi/"
     google-query: inurl:"/wp-content/plugins/wpgsi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpgsi,medium
+  tags: cve,wordpress,wp-plugin,wpgsi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpgsi-c60ee47fa89a26e43f0b2e6590ebf383.yaml b/nuclei-templates/cve-less/plugins/wpgsi-c60ee47fa89a26e43f0b2e6590ebf383.yaml
index aaaca389dd..ed5f9bc31f 100644
--- a/nuclei-templates/cve-less/plugins/wpgsi-c60ee47fa89a26e43f0b2e6590ebf383.yaml
+++ b/nuclei-templates/cve-less/plugins/wpgsi-c60ee47fa89a26e43f0b2e6590ebf383.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Spreadsheet Integration and Spreadsheet Integration Professional plugins for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation on the 'wpgsi_WorksheetColumnsTitle' function. This makes it possible for unauthenticated attackers to access otherwise restricted admin actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpgsi/"
     google-query: inurl:"/wp-content/plugins/wpgsi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpgsi,high
+  tags: cve,wordpress,wp-plugin,wpgsi,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpgsi-professional-c60ee47fa89a26e43f0b2e6590ebf383.yaml b/nuclei-templates/cve-less/plugins/wpgsi-professional-c60ee47fa89a26e43f0b2e6590ebf383.yaml
index 80ea1ea6c9..99f3cb946a 100644
--- a/nuclei-templates/cve-less/plugins/wpgsi-professional-c60ee47fa89a26e43f0b2e6590ebf383.yaml
+++ b/nuclei-templates/cve-less/plugins/wpgsi-professional-c60ee47fa89a26e43f0b2e6590ebf383.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Spreadsheet Integration and Spreadsheet Integration Professional plugins for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation on the 'wpgsi_WorksheetColumnsTitle' function. This makes it possible for unauthenticated attackers to access otherwise restricted admin actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpgsi-professional/"
     google-query: inurl:"/wp-content/plugins/wpgsi-professional/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpgsi-professional,high
+  tags: cve,wordpress,wp-plugin,wpgsi-professional,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpgt-google-translate-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wpgt-google-translate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index bda7c8cd7d..e383f7da64 100644
--- a/nuclei-templates/cve-less/plugins/wpgt-google-translate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wpgt-google-translate-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpgt-google-translate/"
     google-query: inurl:"/wp-content/plugins/wpgt-google-translate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpgt-google-translate,medium
+  tags: cve,wordpress,wp-plugin,wpgt-google-translate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpheka-request-for-quote-5e98c4735eb20663ca1067da327e8606.yaml b/nuclei-templates/cve-less/plugins/wpheka-request-for-quote-5e98c4735eb20663ca1067da327e8606.yaml
index 39a05d89d0..094d201796 100644
--- a/nuclei-templates/cve-less/plugins/wpheka-request-for-quote-5e98c4735eb20663ca1067da327e8606.yaml
+++ b/nuclei-templates/cve-less/plugins/wpheka-request-for-quote-5e98c4735eb20663ca1067da327e8606.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Request for Quote < 1.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Request for Quote plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.3. This is due to missing or incorrect nonce validation in the action_wpheka_add_to_quote and action_remove_item_from_rfq_list AJAX actions. This makes it possible for unauthenticated attackers to perform restricted administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpheka-request-for-quote/"
     google-query: inurl:"/wp-content/plugins/wpheka-request-for-quote/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpheka-request-for-quote,high
+  tags: cve,wordpress,wp-plugin,wpheka-request-for-quote,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wplocalplus-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wplocalplus-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 73a405bcbb..368895f0b2 100644
--- a/nuclei-templates/cve-less/plugins/wplocalplus-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wplocalplus-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wplocalplus-lite/"
     google-query: inurl:"/wp-content/plugins/wplocalplus-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wplocalplus-lite,medium
+  tags: cve,wordpress,wp-plugin,wplocalplus-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpmailer-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wpmailer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ef1f43ed3d..79b1b1de23 100644
--- a/nuclei-templates/cve-less/plugins/wpmailer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wpmailer-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpmailer/"
     google-query: inurl:"/wp-content/plugins/wpmailer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpmailer,medium
+  tags: cve,wordpress,wp-plugin,wpmailer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpml-b794db11782c303b2a81b056287603af.yaml b/nuclei-templates/cve-less/plugins/wpml-b794db11782c303b2a81b056287603af.yaml
index bdab124e8f..6c4f81c037 100644
--- a/nuclei-templates/cve-less/plugins/wpml-b794db11782c303b2a81b056287603af.yaml
+++ b/nuclei-templates/cve-less/plugins/wpml-b794db11782c303b2a81b056287603af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPML <= 4.6.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPML plugin for WordPress is vulnerable to Cross-Site Scripting in versions prior to 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpml/"
     google-query: inurl:"/wp-content/plugins/wpml/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpml,medium
+  tags: cve,wordpress,wp-plugin,wpml,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpml-string-translation-18e8b80c2622db130ba5596fe32dcfee.yaml b/nuclei-templates/cve-less/plugins/wpml-string-translation-18e8b80c2622db130ba5596fe32dcfee.yaml
index a69dc2a3e9..d9584d23e7 100644
--- a/nuclei-templates/cve-less/plugins/wpml-string-translation-18e8b80c2622db130ba5596fe32dcfee.yaml
+++ b/nuclei-templates/cve-less/plugins/wpml-string-translation-18e8b80c2622db130ba5596fe32dcfee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPML String Translation <= 3.2.5 - Authenticated (Administrator+) SQL Injection via 'context'
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The WPML String Translation plugin for WordPress is vulnerable to SQL Injection via the ‘context’ parameter in versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpml-string-translation/"
     google-query: inurl:"/wp-content/plugins/wpml-string-translation/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpml-string-translation,high
+  tags: cve,wordpress,wp-plugin,wpml-string-translation,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpoptin-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wpoptin-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 262400ff75..f77763bfe7 100644
--- a/nuclei-templates/cve-less/plugins/wpoptin-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wpoptin-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpoptin/"
     google-query: inurl:"/wp-content/plugins/wpoptin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpoptin,medium
+  tags: cve,wordpress,wp-plugin,wpoptin,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wps-bidouille-94445150de831d7b0c3c55471e2a0bcf.yaml b/nuclei-templates/cve-less/plugins/wps-bidouille-94445150de831d7b0c3c55471e2a0bcf.yaml
index f8d0f36c73..5a31697675 100644
--- a/nuclei-templates/cve-less/plugins/wps-bidouille-94445150de831d7b0c3c55471e2a0bcf.yaml
+++ b/nuclei-templates/cve-less/plugins/wps-bidouille-94445150de831d7b0c3c55471e2a0bcf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPS Bidouille <= 1.12.2 - Multiple Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WPS Bidouille plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.2. This is due to missing or incorrect nonce validation on various functions in the '/classes/plugin.php' file. This makes it possible for unauthenticated attackers to access otherwise restricted actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wps-bidouille/"
     google-query: inurl:"/wp-content/plugins/wps-bidouille/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wps-bidouille,high
+  tags: cve,wordpress,wp-plugin,wps-bidouille,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wps-cleaner-7f379444fd295591b6061598a142cc5d.yaml b/nuclei-templates/cve-less/plugins/wps-cleaner-7f379444fd295591b6061598a142cc5d.yaml
index 0399e3c9ba..4fbdd3d5de 100644
--- a/nuclei-templates/cve-less/plugins/wps-cleaner-7f379444fd295591b6061598a142cc5d.yaml
+++ b/nuclei-templates/cve-less/plugins/wps-cleaner-7f379444fd295591b6061598a142cc5d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPS Cleaner <= 1.4.4 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The WPS Cleaner plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.4.4. This is due to missing capability and nonce checks on 7 different functions found in the '/classes/plugin.php' file. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to perform a variety of actions such as deleting arbitrary files, creating zip archives, deleting zip archives, and deleting alerts among some additional actions.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wps-cleaner/"
     google-query: inurl:"/wp-content/plugins/wps-cleaner/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wps-cleaner,medium
+  tags: cve,wordpress,wp-plugin,wps-cleaner,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wps-limit-login-33ba7ead1d6b53a7bacd0ee1d3cec66a.yaml b/nuclei-templates/cve-less/plugins/wps-limit-login-33ba7ead1d6b53a7bacd0ee1d3cec66a.yaml
index fe58718379..ae7bc867a6 100644
--- a/nuclei-templates/cve-less/plugins/wps-limit-login-33ba7ead1d6b53a7bacd0ee1d3cec66a.yaml
+++ b/nuclei-templates/cve-less/plugins/wps-limit-login-33ba7ead1d6b53a7bacd0ee1d3cec66a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPS Limit Login < 1.4.6.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The WPS Limit Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.6. This is due to missing nonce validation on the wpslimitlogin_rated AJAX action. This makes it possible for unauthenticated attackers to perform administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wps-limit-login/"
     google-query: inurl:"/wp-content/plugins/wps-limit-login/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wps-limit-login,high
+  tags: cve,wordpress,wp-plugin,wps-limit-login,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wps-limit-login-e87c9f8090be1d89c33f679b357f6df8.yaml b/nuclei-templates/cve-less/plugins/wps-limit-login-e87c9f8090be1d89c33f679b357f6df8.yaml
index 4a9191928d..41ce4ce332 100644
--- a/nuclei-templates/cve-less/plugins/wps-limit-login-e87c9f8090be1d89c33f679b357f6df8.yaml
+++ b/nuclei-templates/cve-less/plugins/wps-limit-login-e87c9f8090be1d89c33f679b357f6df8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPS Limit Login < 1.4.6.1 - Authorization Bypass via IP Spoofing
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The WPS Limit Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.6. This is due to flawed implementation of the get_address() method. This makes it possible for unauthenticated attackers  to run automated scripts to brute force passwords by changing the supplied IP Address in the HTTP header of the request. .
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wps-limit-login/"
     google-query: inurl:"/wp-content/plugins/wps-limit-login/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wps-limit-login,critical
+  tags: cve,wordpress,wp-plugin,wps-limit-login,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpschoolpress-40c66d343981decaf1c11e2239adae6e.yaml b/nuclei-templates/cve-less/plugins/wpschoolpress-40c66d343981decaf1c11e2239adae6e.yaml
index 76f25bbbdc..0908a37498 100644
--- a/nuclei-templates/cve-less/plugins/wpschoolpress-40c66d343981decaf1c11e2239adae6e.yaml
+++ b/nuclei-templates/cve-less/plugins/wpschoolpress-40c66d343981decaf1c11e2239adae6e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     School Management System – WPSchoolPress < 2.1.10 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘entry_date’ parameter in versions before 2.1.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpschoolpress/"
     google-query: inurl:"/wp-content/plugins/wpschoolpress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpschoolpress,high
+  tags: cve,wordpress,wp-plugin,wpschoolpress,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wptools-masonry-gallery-posts-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wptools-masonry-gallery-posts-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 4e93fca716..222e3e7c9e 100644
--- a/nuclei-templates/cve-less/plugins/wptools-masonry-gallery-posts-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wptools-masonry-gallery-posts-for-divi-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wptools-masonry-gallery-posts-for-divi/"
     google-query: inurl:"/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wptools-masonry-gallery-posts-for-divi,medium
+  tags: cve,wordpress,wp-plugin,wptools-masonry-gallery-posts-for-divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backup-mainwp-3df45b218aba0e53ba0ae72e9699b2ef.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backup-mainwp-3df45b218aba0e53ba0ae72e9699b2ef.yaml
index 3f3a475717..1505c8aad5 100644
--- a/nuclei-templates/cve-less/plugins/wpvivid-backup-mainwp-3df45b218aba0e53ba0ae72e9699b2ef.yaml
+++ b/nuclei-templates/cve-less/plugins/wpvivid-backup-mainwp-3df45b218aba0e53ba0ae72e9699b2ef.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backup-mainwp/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backup-mainwp/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpvivid-backup-mainwp,medium
+  tags: cve,wordpress,wp-plugin,wpvivid-backup-mainwp,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-11e9b1d880ea6b9e7b3f23d21ed1379c.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-11e9b1d880ea6b9e7b3f23d21ed1379c.yaml
index 367ec70b6e..a701bc9f4d 100644
--- a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-11e9b1d880ea6b9e7b3f23d21ed1379c.yaml
+++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-11e9b1d880ea6b9e7b3f23d21ed1379c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WPvivid Backup 0.9.76 - Authenticated (Administrator+) Arbitrary File Deletion
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPvivid Backup plugin for WordPress is vulnerable to Path Traversal in version 0.9.76 due to a newly introduced delete_upload_incomplete_backup AJAX action. This allows administrator-level attackers to delete arbitrary files on the server.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,medium
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-5bf4618f3f911336450f68ac829f8ebb.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-5bf4618f3f911336450f68ac829f8ebb.yaml
index 95c2d5197b..9dcc63a9c1 100644
--- a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-5bf4618f3f911336450f68ac829f8ebb.yaml
+++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-5bf4618f3f911336450f68ac829f8ebb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Migration, Backup, Staging – WPvivid <= 0.9.35 - Authenticated (Subscriber+) Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,high
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-b070ea085481a5d7bd82f5fd3f416fd0.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-b070ea085481a5d7bd82f5fd3f416fd0.yaml
index b4f850a850..dae23e8689 100644
--- a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-b070ea085481a5d7bd82f5fd3f416fd0.yaml
+++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-b070ea085481a5d7bd82f5fd3f416fd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Admin+) Directory Traversal
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The WPvivid plugin for WordPress is vulnerable to directory traversal in versions up to, and including, 0.9.75. This allows authenticated users with administrative privileges to download arbitrary files on the server, including sensitive configuration files, though the file size must be successfully guessed in order to do so.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
     google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,medium
+  tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wpvr-18966e8228314b8165d39d48519f43cc.yaml b/nuclei-templates/cve-less/plugins/wpvr-18966e8228314b8165d39d48519f43cc.yaml
index cd1622f8b7..506bfb4f8a 100644
--- a/nuclei-templates/cve-less/plugins/wpvr-18966e8228314b8165d39d48519f43cc.yaml
+++ b/nuclei-templates/cve-less/plugins/wpvr-18966e8228314b8165d39d48519f43cc.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Appsero <= 1.2.1 - Missing Authorization
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wpvr/"
     google-query: inurl:"/wp-content/plugins/wpvr/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wpvr,medium
+  tags: cve,wordpress,wp-plugin,wpvr,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wr-contactform-cf0536ededa77239ac982d05d856b3db.yaml b/nuclei-templates/cve-less/plugins/wr-contactform-cf0536ededa77239ac982d05d856b3db.yaml
index adf1404e9e..6288b430f0 100644
--- a/nuclei-templates/cve-less/plugins/wr-contactform-cf0536ededa77239ac982d05d856b3db.yaml
+++ b/nuclei-templates/cve-less/plugins/wr-contactform-cf0536ededa77239ac982d05d856b3db.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WR ContactForm < 1.1.10 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The WR ContactForm plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post’ parameter in versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with author-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wr-contactform/"
     google-query: inurl:"/wp-content/plugins/wr-contactform/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wr-contactform,high
+  tags: cve,wordpress,wp-plugin,wr-contactform,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/ws-bootstrap-vc-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/ws-bootstrap-vc-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6c0849cf87..04b5b0eac6 100644
--- a/nuclei-templates/cve-less/plugins/ws-bootstrap-vc-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/ws-bootstrap-vc-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/ws-bootstrap-vc/"
     google-query: inurl:"/wp-content/plugins/ws-bootstrap-vc/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,ws-bootstrap-vc,medium
+  tags: cve,wordpress,wp-plugin,ws-bootstrap-vc,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wupo-group-attributes-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/wupo-group-attributes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 0d1e7ffe1f..b401c9926f 100644
--- a/nuclei-templates/cve-less/plugins/wupo-group-attributes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/wupo-group-attributes-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wupo-group-attributes/"
     google-query: inurl:"/wp-content/plugins/wupo-group-attributes/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wupo-group-attributes,medium
+  tags: cve,wordpress,wp-plugin,wupo-group-attributes,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wysija-newsletters-0dc627cd120008e5a66c81e20ce78b02.yaml b/nuclei-templates/cve-less/plugins/wysija-newsletters-0dc627cd120008e5a66c81e20ce78b02.yaml
index 100f5a88dc..b097f49adc 100644
--- a/nuclei-templates/cve-less/plugins/wysija-newsletters-0dc627cd120008e5a66c81e20ce78b02.yaml
+++ b/nuclei-templates/cve-less/plugins/wysija-newsletters-0dc627cd120008e5a66c81e20ce78b02.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailPoet Newsletters <= 2.7.2 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The MailPoet Newsletters plugin for WordPress is vulnerable to generic SQL Injection in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wysija-newsletters/"
     google-query: inurl:"/wp-content/plugins/wysija-newsletters/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wysija-newsletters,medium
+  tags: cve,wordpress,wp-plugin,wysija-newsletters,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/wysija-newsletters-149048c8f49646b7cbdd6843761e070a.yaml b/nuclei-templates/cve-less/plugins/wysija-newsletters-149048c8f49646b7cbdd6843761e070a.yaml
index c9d2330f1f..9e408ba73d 100644
--- a/nuclei-templates/cve-less/plugins/wysija-newsletters-149048c8f49646b7cbdd6843761e070a.yaml
+++ b/nuclei-templates/cve-less/plugins/wysija-newsletters-149048c8f49646b7cbdd6843761e070a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MailPoet Newsletters (Previous) <= 2.1.6 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wysija Newsletters plugin for WordPress is vulnerable to Cross-Site Scripting via the swfupload.swf applet in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/wysija-newsletters/"
     google-query: inurl:"/wp-content/plugins/wysija-newsletters/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,wysija-newsletters,medium
+  tags: cve,wordpress,wp-plugin,wysija-newsletters,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/xt-woo-ajax-add-to-cart-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/xt-woo-ajax-add-to-cart-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index dbfafa24eb..5bf5a5e9b8 100644
--- a/nuclei-templates/cve-less/plugins/xt-woo-ajax-add-to-cart-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/xt-woo-ajax-add-to-cart-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xt-woo-ajax-add-to-cart/"
     google-query: inurl:"/wp-content/plugins/xt-woo-ajax-add-to-cart/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,xt-woo-ajax-add-to-cart,medium
+  tags: cve,wordpress,wp-plugin,xt-woo-ajax-add-to-cart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/xt-woo-points-rewards-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/xt-woo-points-rewards-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index fa21a000c9..177ec7ebef 100644
--- a/nuclei-templates/cve-less/plugins/xt-woo-points-rewards-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/xt-woo-points-rewards-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xt-woo-points-rewards/"
     google-query: inurl:"/wp-content/plugins/xt-woo-points-rewards/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,xt-woo-points-rewards,medium
+  tags: cve,wordpress,wp-plugin,xt-woo-points-rewards,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/xt-woo-quick-view-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/xt-woo-quick-view-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2a72f94c86..42c5eaf38b 100644
--- a/nuclei-templates/cve-less/plugins/xt-woo-quick-view-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/xt-woo-quick-view-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xt-woo-quick-view-lite/"
     google-query: inurl:"/wp-content/plugins/xt-woo-quick-view-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,xt-woo-quick-view-lite,medium
+  tags: cve,wordpress,wp-plugin,xt-woo-quick-view-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/xt-woo-variation-swatches-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/xt-woo-variation-swatches-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 06a5070a1a..09bee06991 100644
--- a/nuclei-templates/cve-less/plugins/xt-woo-variation-swatches-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/xt-woo-variation-swatches-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/xt-woo-variation-swatches/"
     google-query: inurl:"/wp-content/plugins/xt-woo-variation-swatches/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,xt-woo-variation-swatches,medium
+  tags: cve,wordpress,wp-plugin,xt-woo-variation-swatches,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yandex-money-button-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/yandex-money-button-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 9980e9f25d..c26182ebee 100644
--- a/nuclei-templates/cve-less/plugins/yandex-money-button-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/yandex-money-button-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yandex-money-button/"
     google-query: inurl:"/wp-content/plugins/yandex-money-button/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yandex-money-button,medium
+  tags: cve,wordpress,wp-plugin,yandex-money-button,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yatri-tools-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/yatri-tools-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index df756186c6..8171b540fc 100644
--- a/nuclei-templates/cve-less/plugins/yatri-tools-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/yatri-tools-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yatri-tools/"
     google-query: inurl:"/wp-content/plugins/yatri-tools/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yatri-tools,medium
+  tags: cve,wordpress,wp-plugin,yatri-tools,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-f004ce2a754ccfc5988e2e69aed45af9.yaml b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-f004ce2a754ccfc5988e2e69aed45af9.yaml
index e87d9fd843..b13a2c7ab7 100644
--- a/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-f004ce2a754ccfc5988e2e69aed45af9.yaml
+++ b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-f004ce2a754ccfc5988e2e69aed45af9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YARPP – Yet Another Related Posts Plugin < 4.2.5 - Cross-Site Request Forgery
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The YARPP – Yet Another Related Posts Plugin for WordPress is vulnerable a Cross-Site Request Forgery which can lead to Remote Code Execution in versions up to, and including, 4.2.4 via the yarpp_options.php file. This allows unauthenticated attackers to execute code on the server if they can successfully trick an administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/"
     google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,critical
+  tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yet-another-stars-rating-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 76e177c088..08c2fb5b25 100644
--- a/nuclei-templates/cve-less/plugins/yet-another-stars-rating-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yet-another-stars-rating/"
     google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,medium
+  tags: cve,wordpress,wp-plugin,yet-another-stars-rating,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-92e334f7eff847d619a107f5b6ee2b7d.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-92e334f7eff847d619a107f5b6ee2b7d.yaml
index 98051463e8..7510df3d45 100644
--- a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-92e334f7eff847d619a107f5b6ee2b7d.yaml
+++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-92e334f7eff847d619a107f5b6ee2b7d.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Easy Forms for Mailchimp <= 6.6.2 - Authenticated Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Easy Forms for Mailchimp plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/"
     google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,medium
+  tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-navigation-8e47416ac2dba104b5166ffbff80d7af.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-navigation-8e47416ac2dba104b5166ffbff80d7af.yaml
index 8ae17a4d0a..05bc570b69 100644
--- a/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-navigation-8e47416ac2dba104b5166ffbff80d7af.yaml
+++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-navigation-8e47416ac2dba104b5166ffbff80d7af.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH WooCommerce Ajax Product Filter <= 3.11.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The YITH WooCommerce Ajax Product Filter plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.11.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-woocommerce-ajax-navigation/"
     google-query: inurl:"/wp-content/plugins/yith-woocommerce-ajax-navigation/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-ajax-navigation,medium
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-ajax-navigation,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-e5eb957a437ccd71daf2e9f56a4559b2.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-e5eb957a437ccd71daf2e9f56a4559b2.yaml
index bb243b1a87..1c6d97d0ec 100644
--- a/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-e5eb957a437ccd71daf2e9f56a4559b2.yaml
+++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-e5eb957a437ccd71daf2e9f56a4559b2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH WooCommerce Compare <= 2.0.9 - Unauthenticated PHP Object Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The YITH WooCommerce Compare plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.9 via deserialization of untrusted input from the 'yith_woocompare_list' cookie. This allows unauthenticated attackers to inject a PHP Object. It has been confirmed that this vulnerability allows attackers to execute arbitrary PHP code.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-woocommerce-compare/"
     google-query: inurl:"/wp-content/plugins/yith-woocommerce-compare/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-compare,high
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-compare,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-request-a-quote-cd76dd48c85b587e87acb07c80de397a.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-request-a-quote-cd76dd48c85b587e87acb07c80de397a.yaml
index 2e36ef25cc..2057941a8d 100644
--- a/nuclei-templates/cve-less/plugins/yith-woocommerce-request-a-quote-cd76dd48c85b587e87acb07c80de397a.yaml
+++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-request-a-quote-cd76dd48c85b587e87acb07c80de397a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH Request a Quote for WooCommerce <= 1.6.3 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The YITH Request a Quote for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the several functions. This makes it possible for unauthenticated attackers to add and edit items to a session quote via a forged request granted they can trick a site user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-woocommerce-request-a-quote/"
     google-query: inurl:"/wp-content/plugins/yith-woocommerce-request-a-quote/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-request-a-quote,high
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-request-a-quote,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-wishlist-2ae81b909e77b01f5f9d53fd011b14fb.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-wishlist-2ae81b909e77b01f5f9d53fd011b14fb.yaml
index 423a688ecc..e599c28cc2 100644
--- a/nuclei-templates/cve-less/plugins/yith-woocommerce-wishlist-2ae81b909e77b01f5f9d53fd011b14fb.yaml
+++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-wishlist-2ae81b909e77b01f5f9d53fd011b14fb.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YITH WooCommerce Wishlist <= 2.1.2 - SQL Injection
   author: topscoder
-  severity: medium
+  severity: critical
   description: >
     The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to SQL Injection via the 'limit' variable in versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with subscriber level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yith-woocommerce-wishlist/"
     google-query: inurl:"/wp-content/plugins/yith-woocommerce-wishlist/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yith-woocommerce-wishlist,medium
+  tags: cve,wordpress,wp-plugin,yith-woocommerce-wishlist,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yop-poll-348e9954cde1ddefaa405cdbf442ab7b.yaml b/nuclei-templates/cve-less/plugins/yop-poll-348e9954cde1ddefaa405cdbf442ab7b.yaml
index f53002e7e8..b84b2a62b5 100644
--- a/nuclei-templates/cve-less/plugins/yop-poll-348e9954cde1ddefaa405cdbf442ab7b.yaml
+++ b/nuclei-templates/cve-less/plugins/yop-poll-348e9954cde1ddefaa405cdbf442ab7b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     YOP Poll <= 6.1.4 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The YOP Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yop-poll/"
     google-query: inurl:"/wp-content/plugins/yop-poll/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yop-poll,medium
+  tags: cve,wordpress,wp-plugin,yop-poll,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yotuwp-easy-youtube-embed-50a6dff0cb336807f517358763e4184a.yaml b/nuclei-templates/cve-less/plugins/yotuwp-easy-youtube-embed-50a6dff0cb336807f517358763e4184a.yaml
index 408a15710f..e367884c23 100644
--- a/nuclei-templates/cve-less/plugins/yotuwp-easy-youtube-embed-50a6dff0cb336807f517358763e4184a.yaml
+++ b/nuclei-templates/cve-less/plugins/yotuwp-easy-youtube-embed-50a6dff0cb336807f517358763e4184a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.10 - Authenticated (Admin+) Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     Video Gallery – YouTube Playlist, Channel Gallery by YotuWP is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.10 via the plugin settings. This allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yotuwp-easy-youtube-embed/"
     google-query: inurl:"/wp-content/plugins/yotuwp-easy-youtube-embed/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yotuwp-easy-youtube-embed,medium
+  tags: cve,wordpress,wp-plugin,yotuwp-easy-youtube-embed,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/yt-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/yt-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index cda4d4505c..83cbd6cf6c 100644
--- a/nuclei-templates/cve-less/plugins/yt-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/yt-player-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/yt-player/"
     google-query: inurl:"/wp-content/plugins/yt-player/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,yt-player,medium
+  tags: cve,wordpress,wp-plugin,yt-player,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/zelist-directory-3ecd9d29be301ddeb0777372578c9ed3.yaml b/nuclei-templates/cve-less/plugins/zelist-directory-3ecd9d29be301ddeb0777372578c9ed3.yaml
index 93330d4846..fdb9e8ae58 100644
--- a/nuclei-templates/cve-less/plugins/zelist-directory-3ecd9d29be301ddeb0777372578c9ed3.yaml
+++ b/nuclei-templates/cve-less/plugins/zelist-directory-3ecd9d29be301ddeb0777372578c9ed3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     zeList <= 0.5.11.07 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The zeList plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘zmode’ parameter in versions up to, and including, 0.5.11.07 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zelist-directory/"
     google-query: inurl:"/wp-content/plugins/zelist-directory/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,zelist-directory,medium
+  tags: cve,wordpress,wp-plugin,zelist-directory,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/zengo-custom-thumbnail-image-581a16776001d26901f68412e72a12c5.yaml b/nuclei-templates/cve-less/plugins/zengo-custom-thumbnail-image-581a16776001d26901f68412e72a12c5.yaml
index c38f60737d..efb6a918d6 100644
--- a/nuclei-templates/cve-less/plugins/zengo-custom-thumbnail-image-581a16776001d26901f68412e72a12c5.yaml
+++ b/nuclei-templates/cve-less/plugins/zengo-custom-thumbnail-image-581a16776001d26901f68412e72a12c5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zengo Custom Thumbnail Image Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Zengo Custom Thumbnail Image Gallery plugin for WordPress is vulnerable to Cross-Site Scripting via the shortcode functionality of the plugin in versions up to, and including, 1.0.4. This can be exploited by contributor-level users and above.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zengo-custom-thumbnail-image/"
     google-query: inurl:"/wp-content/plugins/zengo-custom-thumbnail-image/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,zengo-custom-thumbnail-image,medium
+  tags: cve,wordpress,wp-plugin,zengo-custom-thumbnail-image,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/zero-bs-crm-b829e9e3bc2e932b44b01c6e5d51daac.yaml b/nuclei-templates/cve-less/plugins/zero-bs-crm-b829e9e3bc2e932b44b01c6e5d51daac.yaml
index becde7e444..d944baf243 100644
--- a/nuclei-templates/cve-less/plugins/zero-bs-crm-b829e9e3bc2e932b44b01c6e5d51daac.yaml
+++ b/nuclei-templates/cve-less/plugins/zero-bs-crm-b829e9e3bc2e932b44b01c6e5d51daac.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack CRM <= 5.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jetpack CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zero-bs-crm/"
     google-query: inurl:"/wp-content/plugins/zero-bs-crm/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,zero-bs-crm,medium
+  tags: cve,wordpress,wp-plugin,zero-bs-crm,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/zero-bs-crm-e62802506f71c3511e6c8f20c3c5bc64.yaml b/nuclei-templates/cve-less/plugins/zero-bs-crm-e62802506f71c3511e6c8f20c3c5bc64.yaml
index c7e3c0580a..a5e9551992 100644
--- a/nuclei-templates/cve-less/plugins/zero-bs-crm-e62802506f71c3511e6c8f20c3c5bc64.yaml
+++ b/nuclei-templates/cve-less/plugins/zero-bs-crm-e62802506f71c3511e6c8f20c3c5bc64.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetpack CRM <= 5.5.0 - Authenticated (Client+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Jetpack CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the client phone number field in versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with client-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zero-bs-crm/"
     google-query: inurl:"/wp-content/plugins/zero-bs-crm/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,zero-bs-crm,medium
+  tags: cve,wordpress,wp-plugin,zero-bs-crm,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/zero-spam-da9b182fa6fe344911bcf311918bd2c9.yaml b/nuclei-templates/cve-less/plugins/zero-spam-da9b182fa6fe344911bcf311918bd2c9.yaml
index bfc972082a..8b1a59c8f0 100644
--- a/nuclei-templates/cve-less/plugins/zero-spam-da9b182fa6fe344911bcf311918bd2c9.yaml
+++ b/nuclei-templates/cve-less/plugins/zero-spam-da9b182fa6fe344911bcf311918bd2c9.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zero Spam for WordPress <= 5.4.4 - Authenticated(Administrator+) SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     The Zero Spam for WordPress plugin is vulnerable to generic SQL Injection via the 'type', 'country', and 's' parameters in versions up to, and including, 5.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. prepare_items
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zero-spam/"
     google-query: inurl:"/wp-content/plugins/zero-spam/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,zero-spam,high
+  tags: cve,wordpress,wp-plugin,zero-spam,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/zip-codes-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/plugins/zip-codes-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f6ea4a59fa..be8cce891c 100644
--- a/nuclei-templates/cve-less/plugins/zip-codes-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/plugins/zip-codes-redirect-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zip-codes-redirect/"
     google-query: inurl:"/wp-content/plugins/zip-codes-redirect/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,zip-codes-redirect,medium
+  tags: cve,wordpress,wp-plugin,zip-codes-redirect,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/plugins/zlick-paywall-4dd3cd282a5e0a6020901679d8114797.yaml b/nuclei-templates/cve-less/plugins/zlick-paywall-4dd3cd282a5e0a6020901679d8114797.yaml
index f951309b8e..b91b608027 100644
--- a/nuclei-templates/cve-less/plugins/zlick-paywall-4dd3cd282a5e0a6020901679d8114797.yaml
+++ b/nuclei-templates/cve-less/plugins/zlick-paywall-4dd3cd282a5e0a6020901679d8114797.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zlick Paywall < 2.2.2 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Zlick Paywall plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform restricted administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/plugins/zlick-paywall/"
     google-query: inurl:"/wp-content/plugins/zlick-paywall/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-plugin,zlick-paywall,high
+  tags: cve,wordpress,wp-plugin,zlick-paywall,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/5star-a3ed9e76b0fc321cc4d7c1cb9261a2e1.yaml b/nuclei-templates/cve-less/themes/5star-a3ed9e76b0fc321cc4d7c1cb9261a2e1.yaml
index c0708d010d..8f9ee3d5ff 100644
--- a/nuclei-templates/cve-less/themes/5star-a3ed9e76b0fc321cc4d7c1cb9261a2e1.yaml
+++ b/nuclei-templates/cve-less/themes/5star-a3ed9e76b0fc321cc4d7c1cb9261a2e1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     5 Star (Unspecified Version) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The 5 Star theme for WordPress is vulnerable to Arbitrary File Upload via CSRF. This makes it possible for unauthenticated attackers to gain otherwise unauthorized access to actions that will allow for remote file upload.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/5star/"
     google-query: inurl:"/wp-content/themes/5star/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,5star,high
+  tags: cve,wordpress,wp-theme,5star,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/abundance-9c1002d331f3bfe836a243fd7707a431.yaml b/nuclei-templates/cve-less/themes/abundance-9c1002d331f3bfe836a243fd7707a431.yaml
index 9596bb7dcb..d98e835ae1 100644
--- a/nuclei-templates/cve-less/themes/abundance-9c1002d331f3bfe836a243fd7707a431.yaml
+++ b/nuclei-templates/cve-less/themes/abundance-9c1002d331f3bfe836a243fd7707a431.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Abundance (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Abundance theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/abundance/"
     google-query: inurl:"/wp-content/themes/abundance/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,abundance,medium
+  tags: cve,wordpress,wp-theme,abundance,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/accesspress-basic-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/accesspress-basic-b05621ef791a4dad965a137ebf6fa48c.yaml
index c6365d5331..266910ec26 100644
--- a/nuclei-templates/cve-less/themes/accesspress-basic-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/accesspress-basic-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/accesspress-basic/"
     google-query: inurl:"/wp-content/themes/accesspress-basic/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,accesspress-basic,high
+  tags: cve,wordpress,wp-theme,accesspress-basic,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/accesspress-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/accesspress-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index 16fb7e849e..afb23d4021 100644
--- a/nuclei-templates/cve-less/themes/accesspress-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/accesspress-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/accesspress-lite/"
     google-query: inurl:"/wp-content/themes/accesspress-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,accesspress-lite,high
+  tags: cve,wordpress,wp-theme,accesspress-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/accesspress-mag-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/accesspress-mag-b05621ef791a4dad965a137ebf6fa48c.yaml
index 011bc2b9be..a28e535406 100644
--- a/nuclei-templates/cve-less/themes/accesspress-mag-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/accesspress-mag-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/accesspress-mag/"
     google-query: inurl:"/wp-content/themes/accesspress-mag/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,accesspress-mag,high
+  tags: cve,wordpress,wp-theme,accesspress-mag,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/accesspress-parallax-new-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/accesspress-parallax-new-b05621ef791a4dad965a137ebf6fa48c.yaml
index 8fca32d3ab..a8c095c150 100644
--- a/nuclei-templates/cve-less/themes/accesspress-parallax-new-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/accesspress-parallax-new-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/accesspress-parallax-new/"
     google-query: inurl:"/wp-content/themes/accesspress-parallax-new/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,accesspress-parallax-new,high
+  tags: cve,wordpress,wp-theme,accesspress-parallax-new,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/accesspress-root-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/accesspress-root-b05621ef791a4dad965a137ebf6fa48c.yaml
index a4a7ad1da0..244b0f4950 100644
--- a/nuclei-templates/cve-less/themes/accesspress-root-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/accesspress-root-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/accesspress-root/"
     google-query: inurl:"/wp-content/themes/accesspress-root/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,accesspress-root,high
+  tags: cve,wordpress,wp-theme,accesspress-root,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/accesspress-staple-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/accesspress-staple-b05621ef791a4dad965a137ebf6fa48c.yaml
index 3359f472f8..b8814e2c2d 100644
--- a/nuclei-templates/cve-less/themes/accesspress-staple-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/accesspress-staple-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/accesspress-staple/"
     google-query: inurl:"/wp-content/themes/accesspress-staple/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,accesspress-staple,high
+  tags: cve,wordpress,wp-theme,accesspress-staple,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/accesspress-store-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/accesspress-store-b05621ef791a4dad965a137ebf6fa48c.yaml
index 3c9c9068d9..48a94d895d 100644
--- a/nuclei-templates/cve-less/themes/accesspress-store-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/accesspress-store-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/accesspress-store/"
     google-query: inurl:"/wp-content/themes/accesspress-store/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,accesspress-store,high
+  tags: cve,wordpress,wp-theme,accesspress-store,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/agritourismo-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml b/nuclei-templates/cve-less/themes/agritourismo-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
index 0fe50f3b2e..c78ff13689 100644
--- a/nuclei-templates/cve-less/themes/agritourismo-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
+++ b/nuclei-templates/cve-less/themes/agritourismo-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Various Orange themes (Various Unspecified Versions) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Various Orange themes for WordPress are vulnerable to arbitrary file uploads due to a Cross-Site Request Forgery vulnerability in the '/functions/upload-handler.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/agritourismo-theme/"
     google-query: inurl:"/wp-content/themes/agritourismo-theme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,agritourismo-theme,high
+  tags: cve,wordpress,wp-theme,agritourismo-theme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/akita-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/themes/akita-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index e60c38dfa0..15d4b5955c 100644
--- a/nuclei-templates/cve-less/themes/akita-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/themes/akita-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/akita/"
     google-query: inurl:"/wp-content/themes/akita/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,akita,medium
+  tags: cve,wordpress,wp-theme,akita,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/allure-real-estate-theme-for-placester-972c6f275cedbc5b8ff06bc4a592ad76.yaml b/nuclei-templates/cve-less/themes/allure-real-estate-theme-for-placester-972c6f275cedbc5b8ff06bc4a592ad76.yaml
index 7b25715bdb..b1d6980e78 100644
--- a/nuclei-templates/cve-less/themes/allure-real-estate-theme-for-placester-972c6f275cedbc5b8ff06bc4a592ad76.yaml
+++ b/nuclei-templates/cve-less/themes/allure-real-estate-theme-for-placester-972c6f275cedbc5b8ff06bc4a592ad76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Allure Real Estate Theme for Placester <= 0.1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Allure Real Estate Theme for Placester theme for WordPress is vulnerable to Cross-Site Scripting via the 'ZeroClipboard.swf' file in versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/allure-real-estate-theme-for-placester/"
     google-query: inurl:"/wp-content/themes/allure-real-estate-theme-for-placester/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,allure-real-estate-theme-for-placester,medium
+  tags: cve,wordpress,wp-theme,allure-real-estate-theme-for-placester,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/alyeska-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/themes/alyeska-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index 61290e5750..1668ce0c77 100644
--- a/nuclei-templates/cve-less/themes/alyeska-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/themes/alyeska-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/alyeska/"
     google-query: inurl:"/wp-content/themes/alyeska/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,alyeska,medium
+  tags: cve,wordpress,wp-theme,alyeska,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/ambience-0e4a8af0dcec83139d2c5869dc07116c.yaml b/nuclei-templates/cve-less/themes/ambience-0e4a8af0dcec83139d2c5869dc07116c.yaml
index 0711ac2b84..490b758171 100644
--- a/nuclei-templates/cve-less/themes/ambience-0e4a8af0dcec83139d2c5869dc07116c.yaml
+++ b/nuclei-templates/cve-less/themes/ambience-0e4a8af0dcec83139d2c5869dc07116c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Ambience (Unspecified Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Ambience Theme for WordPress is vulnerable to Cross-Site Scripting via the 'src' parameter in the 'thumb.php' file. due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/ambience/"
     google-query: inurl:"/wp-content/themes/ambience/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,ambience,medium
+  tags: cve,wordpress,wp-theme,ambience,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/amela-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/amela-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index a32875fe4a..efda3b2240 100644
--- a/nuclei-templates/cve-less/themes/amela-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/amela-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/amela/"
     google-query: inurl:"/wp-content/themes/amela/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,amela,medium
+  tags: cve,wordpress,wp-theme,amela,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/amplus-da3e281a5f70bba201afb2a0076933cd.yaml b/nuclei-templates/cve-less/themes/amplus-da3e281a5f70bba201afb2a0076933cd.yaml
index 65ef93f3b1..8812ffe125 100644
--- a/nuclei-templates/cve-less/themes/amplus-da3e281a5f70bba201afb2a0076933cd.yaml
+++ b/nuclei-templates/cve-less/themes/amplus-da3e281a5f70bba201afb2a0076933cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Amplus (Unspecified Version) - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Amplus theme for WordPress is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation in the 'upload-handler.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/amplus/"
     google-query: inurl:"/wp-content/themes/amplus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,amplus,high
+  tags: cve,wordpress,wp-theme,amplus,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/aquarella-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/aquarella-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 12749c4c6b..9f385a1ff3 100644
--- a/nuclei-templates/cve-less/themes/aquarella-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/aquarella-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/aquarella-lite/"
     google-query: inurl:"/wp-content/themes/aquarella-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,aquarella-lite,medium
+  tags: cve,wordpress,wp-theme,aquarella-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/arcadian-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/themes/arcadian-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index fe02085d75..1cd512bb1b 100644
--- a/nuclei-templates/cve-less/themes/arcadian-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/themes/arcadian-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/arcadian/"
     google-query: inurl:"/wp-content/themes/arcadian/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,arcadian,medium
+  tags: cve,wordpress,wp-theme,arcadian,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/arendelle-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/arendelle-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 7acca59e31..de4b08792e 100644
--- a/nuclei-templates/cve-less/themes/arendelle-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/arendelle-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/arendelle/"
     google-query: inurl:"/wp-content/themes/arendelle/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,arendelle,medium
+  tags: cve,wordpress,wp-theme,arendelle,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/arrival-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/arrival-b05621ef791a4dad965a137ebf6fa48c.yaml
index 78c70fa575..04323c7dcf 100644
--- a/nuclei-templates/cve-less/themes/arrival-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/arrival-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/arrival/"
     google-query: inurl:"/wp-content/themes/arrival/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,arrival,high
+  tags: cve,wordpress,wp-theme,arrival,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/avada-4a05ae911598dc28de7b72c0be044356.yaml b/nuclei-templates/cve-less/themes/avada-4a05ae911598dc28de7b72c0be044356.yaml
index 2321d22e80..2de3287dfb 100644
--- a/nuclei-templates/cve-less/themes/avada-4a05ae911598dc28de7b72c0be044356.yaml
+++ b/nuclei-templates/cve-less/themes/avada-4a05ae911598dc28de7b72c0be044356.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Avada <= 7.4.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Avada plugin for WordPress is vulnerable to Stored Cross-Site Scripting via improper escaping of HTML form entries in the backend in versions up to, and including, 7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Avada/"
     google-query: inurl:"/wp-content/themes/Avada/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,Avada,medium
+  tags: cve,wordpress,wp-theme,Avada,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/avanix-153b374358a4469baf0dcf3e128485d7.yaml b/nuclei-templates/cve-less/themes/avanix-153b374358a4469baf0dcf3e128485d7.yaml
index e85cdb702f..42887cbdde 100644
--- a/nuclei-templates/cve-less/themes/avanix-153b374358a4469baf0dcf3e128485d7.yaml
+++ b/nuclei-templates/cve-less/themes/avanix-153b374358a4469baf0dcf3e128485d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Imediapixel Themes (Various Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ECOBIZ <= 3.3, Ebiz <= 1.2, Avanix <=  1.2, and Ovum (unknown version) themes for WordPress are vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/avanix/"
     google-query: inurl:"/wp-content/themes/avanix/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,avanix,medium
+  tags: cve,wordpress,wp-theme,avanix,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/bani-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/bani-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c03199f450..122c569058 100644
--- a/nuclei-templates/cve-less/themes/bani-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/bani-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/bani/"
     google-query: inurl:"/wp-content/themes/bani/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,bani,medium
+  tags: cve,wordpress,wp-theme,bani,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/barelycorporate-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/themes/barelycorporate-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index 044e11020f..b68e891497 100644
--- a/nuclei-templates/cve-less/themes/barelycorporate-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/themes/barelycorporate-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/barelycorporate/"
     google-query: inurl:"/wp-content/themes/barelycorporate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,barelycorporate,medium
+  tags: cve,wordpress,wp-theme,barelycorporate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/bingle-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/bingle-b05621ef791a4dad965a137ebf6fa48c.yaml
index 88839b8c22..7c52c2855c 100644
--- a/nuclei-templates/cve-less/themes/bingle-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/bingle-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/bingle/"
     google-query: inurl:"/wp-content/themes/bingle/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,bingle,high
+  tags: cve,wordpress,wp-theme,bingle,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/blaze-902eeda285eff78838cf6ebbc45afd69.yaml b/nuclei-templates/cve-less/themes/blaze-902eeda285eff78838cf6ebbc45afd69.yaml
index d38428646f..5d8d15b378 100644
--- a/nuclei-templates/cve-less/themes/blaze-902eeda285eff78838cf6ebbc45afd69.yaml
+++ b/nuclei-templates/cve-less/themes/blaze-902eeda285eff78838cf6ebbc45afd69.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Blaze Theme (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Blaze Theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/blaze/"
     google-query: inurl:"/wp-content/themes/blaze/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,blaze,medium
+  tags: cve,wordpress,wp-theme,blaze,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/bloger-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/bloger-b05621ef791a4dad965a137ebf6fa48c.yaml
index 606cf748a5..6ef704efff 100644
--- a/nuclei-templates/cve-less/themes/bloger-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/bloger-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/bloger/"
     google-query: inurl:"/wp-content/themes/bloger/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,bloger,high
+  tags: cve,wordpress,wp-theme,bloger,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/bordeaux-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml b/nuclei-templates/cve-less/themes/bordeaux-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
index aa2c04659c..a4f026933d 100644
--- a/nuclei-templates/cve-less/themes/bordeaux-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
+++ b/nuclei-templates/cve-less/themes/bordeaux-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Various Orange themes (Various Unspecified Versions) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Various Orange themes for WordPress are vulnerable to arbitrary file uploads due to a Cross-Site Request Forgery vulnerability in the '/functions/upload-handler.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/bordeaux-theme/"
     google-query: inurl:"/wp-content/themes/bordeaux-theme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,bordeaux-theme,high
+  tags: cve,wordpress,wp-theme,bordeaux-theme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/brand-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/brand-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5cbce76930..fa56ae5c00 100644
--- a/nuclei-templates/cve-less/themes/brand-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/brand-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/brand/"
     google-query: inurl:"/wp-content/themes/brand/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,brand,medium
+  tags: cve,wordpress,wp-theme,brand,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/brightbox-de6a8f71d54a21ca8a8ec790aa7c8445.yaml b/nuclei-templates/cve-less/themes/brightbox-de6a8f71d54a21ca8a8ec790aa7c8445.yaml
index bee67630fc..826f1e50a2 100644
--- a/nuclei-templates/cve-less/themes/brightbox-de6a8f71d54a21ca8a8ec790aa7c8445.yaml
+++ b/nuclei-templates/cve-less/themes/brightbox-de6a8f71d54a21ca8a8ec790aa7c8445.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brightbox <= (Unknown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Brightbox theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. The affected versions are unknown.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/brightbox/"
     google-query: inurl:"/wp-content/themes/brightbox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,brightbox,medium
+  tags: cve,wordpress,wp-theme,brightbox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/brisk-2ab21e22bdca9635ce4e964a4031d548.yaml b/nuclei-templates/cve-less/themes/brisk-2ab21e22bdca9635ce4e964a4031d548.yaml
index dff9bae02e..6bb7387fcc 100644
--- a/nuclei-templates/cve-less/themes/brisk-2ab21e22bdca9635ce4e964a4031d548.yaml
+++ b/nuclei-templates/cve-less/themes/brisk-2ab21e22bdca9635ce4e964a4031d548.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Brisk (Unknown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Brisk Theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/brisk/"
     google-query: inurl:"/wp-content/themes/brisk/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,brisk,medium
+  tags: cve,wordpress,wp-theme,brisk,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/broadcast-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/broadcast-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 20ea051d20..eda11433c2 100644
--- a/nuclei-templates/cve-less/themes/broadcast-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/broadcast-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/broadcast-lite/"
     google-query: inurl:"/wp-content/themes/broadcast-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,broadcast-lite,medium
+  tags: cve,wordpress,wp-theme,broadcast-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/broadscope-30fe39ec377fc6748bfe3566282b5413.yaml b/nuclei-templates/cve-less/themes/broadscope-30fe39ec377fc6748bfe3566282b5413.yaml
index 961e0bdb58..98aefffb2e 100644
--- a/nuclei-templates/cve-less/themes/broadscope-30fe39ec377fc6748bfe3566282b5413.yaml
+++ b/nuclei-templates/cve-less/themes/broadscope-30fe39ec377fc6748bfe3566282b5413.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Broadscope (Unknown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Broadscope theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/broadscope/"
     google-query: inurl:"/wp-content/themes/broadscope/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,broadscope,medium
+  tags: cve,wordpress,wp-theme,broadscope,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/brovy-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/brovy-b05621ef791a4dad965a137ebf6fa48c.yaml
index f69457c628..7f520e2830 100644
--- a/nuclei-templates/cve-less/themes/brovy-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/brovy-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/brovy/"
     google-query: inurl:"/wp-content/themes/brovy/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,brovy,high
+  tags: cve,wordpress,wp-theme,brovy,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/bulteno-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml b/nuclei-templates/cve-less/themes/bulteno-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
index 50e7111dcc..0a703eb7c0 100644
--- a/nuclei-templates/cve-less/themes/bulteno-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
+++ b/nuclei-templates/cve-less/themes/bulteno-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Various Orange themes (Various Unspecified Versions) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Various Orange themes for WordPress are vulnerable to arbitrary file uploads due to a Cross-Site Request Forgery vulnerability in the '/functions/upload-handler.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/bulteno-theme/"
     google-query: inurl:"/wp-content/themes/bulteno-theme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,bulteno-theme,high
+  tags: cve,wordpress,wp-theme,bulteno-theme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/careerfy-0cc827bd1e5b71473ebe52fdbadbc377.yaml b/nuclei-templates/cve-less/themes/careerfy-0cc827bd1e5b71473ebe52fdbadbc377.yaml
index 0ef268d70c..a7476932b4 100644
--- a/nuclei-templates/cve-less/themes/careerfy-0cc827bd1e5b71473ebe52fdbadbc377.yaml
+++ b/nuclei-templates/cve-less/themes/careerfy-0cc827bd1e5b71473ebe52fdbadbc377.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Careerfy - Job Board WordPress Theme <= 3.9.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Careerfy - Job Board WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Member Title', 'Designation', 'Experience', 'Facebook URL', 'Google+ URL', 'Twitter URL', 'LinkedIn URL', 'Description', and 'Full Address' fields in versions up to, and including, 3.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/careerfy/"
     google-query: inurl:"/wp-content/themes/careerfy/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,careerfy,medium
+  tags: cve,wordpress,wp-theme,careerfy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/careerfy-70111aaef33d8dec5c55f5b989914270.yaml b/nuclei-templates/cve-less/themes/careerfy-70111aaef33d8dec5c55f5b989914270.yaml
index 8a26d91cb1..f61037b7ea 100644
--- a/nuclei-templates/cve-less/themes/careerfy-70111aaef33d8dec5c55f5b989914270.yaml
+++ b/nuclei-templates/cve-less/themes/careerfy-70111aaef33d8dec5c55f5b989914270.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Careerfy - Job Board WordPress Theme <= 3.9.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Careerfy - Job Board WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Academic Level', 'Age', 'Salary', 'Gender', 'Industry', and 'Full Address' fields in versions up to, and including, 3.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/careerfy/"
     google-query: inurl:"/wp-content/themes/careerfy/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,careerfy,medium
+  tags: cve,wordpress,wp-theme,careerfy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/careerfy-d814bf89eef506e207923233b9147995.yaml b/nuclei-templates/cve-less/themes/careerfy-d814bf89eef506e207923233b9147995.yaml
index 59924c07ee..de46684ae4 100644
--- a/nuclei-templates/cve-less/themes/careerfy-d814bf89eef506e207923233b9147995.yaml
+++ b/nuclei-templates/cve-less/themes/careerfy-d814bf89eef506e207923233b9147995.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Careerfy - Job Board WordPress Theme <= 3.9.0 - Authenticated Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     The Careerfy - Job Board WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Career Level', 'Experience', 'Gender', 'Industry', 'Qualifications', 'Job Description', and 'Full Address' fields in versions up to, and including, 3.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/careerfy/"
     google-query: inurl:"/wp-content/themes/careerfy/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,careerfy,medium
+  tags: cve,wordpress,wp-theme,careerfy,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/careerfy-f287f6d03ce957fcb674730856528833.yaml b/nuclei-templates/cve-less/themes/careerfy-f287f6d03ce957fcb674730856528833.yaml
index d7288bdc2c..3e9e034093 100644
--- a/nuclei-templates/cve-less/themes/careerfy-f287f6d03ce957fcb674730856528833.yaml
+++ b/nuclei-templates/cve-less/themes/careerfy-f287f6d03ce957fcb674730856528833.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Careerfy <= 4.3.0 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Careerfy for WordPress is vulnerable to Reflected Cross-Site Scripting in versions before 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/careerfy/"
     google-query: inurl:"/wp-content/themes/careerfy/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,careerfy,high
+  tags: cve,wordpress,wp-theme,careerfy,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/careplus-ead8215e6f4d6c583e6aa46b74460457.yaml b/nuclei-templates/cve-less/themes/careplus-ead8215e6f4d6c583e6aa46b74460457.yaml
index eaa5824a0f..a1a4cb1fb5 100644
--- a/nuclei-templates/cve-less/themes/careplus-ead8215e6f4d6c583e6aa46b74460457.yaml
+++ b/nuclei-templates/cve-less/themes/careplus-ead8215e6f4d6c583e6aa46b74460457.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CarePlus - Health & Medical Responsive WordPress Theme <= 1.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CarePlus - Health & Medical Responsive WordPress Theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/careplus/"
     google-query: inurl:"/wp-content/themes/careplus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,careplus,medium
+  tags: cve,wordpress,wp-theme,careplus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/carspot-a1557c2cdb71bc0d86215f36aee8a08b.yaml b/nuclei-templates/cve-less/themes/carspot-a1557c2cdb71bc0d86215f36aee8a08b.yaml
index 268a539d16..9ba422d097 100644
--- a/nuclei-templates/cve-less/themes/carspot-a1557c2cdb71bc0d86215f36aee8a08b.yaml
+++ b/nuclei-templates/cve-less/themes/carspot-a1557c2cdb71bc0d86215f36aee8a08b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     CarSpot – Dealership Wordpress Classified Theme <= 2.2.3 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The CarSpot – Dealership Wordpress Classified Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘admin-ajax.php’ file in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/carspot/"
     google-query: inurl:"/wp-content/themes/carspot/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,carspot,medium
+  tags: cve,wordpress,wp-theme,carspot,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/coalition-fb64a0398d930ef57cb315100ba26973.yaml b/nuclei-templates/cve-less/themes/coalition-fb64a0398d930ef57cb315100ba26973.yaml
index c07785180f..d975a05687 100644
--- a/nuclei-templates/cve-less/themes/coalition-fb64a0398d930ef57cb315100ba26973.yaml
+++ b/nuclei-templates/cve-less/themes/coalition-fb64a0398d930ef57cb315100ba26973.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Coalition (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Coalition theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/coalition/"
     google-query: inurl:"/wp-content/themes/coalition/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,coalition,medium
+  tags: cve,wordpress,wp-theme,coalition,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/commodore-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/themes/commodore-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index 53c60d13da..76c8fa7637 100644
--- a/nuclei-templates/cve-less/themes/commodore-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/themes/commodore-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/commodore/"
     google-query: inurl:"/wp-content/themes/commodore/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,commodore,medium
+  tags: cve,wordpress,wp-theme,commodore,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/construction-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/construction-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index 5de0c4915a..ba3eb6658a 100644
--- a/nuclei-templates/cve-less/themes/construction-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/construction-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/construction-lite/"
     google-query: inurl:"/wp-content/themes/construction-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,construction-lite,high
+  tags: cve,wordpress,wp-theme,construction-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/consultpress-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/consultpress-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6dc678e40d..53bebbe7d8 100644
--- a/nuclei-templates/cve-less/themes/consultpress-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/consultpress-lite-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/consultpress-lite/"
     google-query: inurl:"/wp-content/themes/consultpress-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,consultpress-lite,medium
+  tags: cve,wordpress,wp-theme,consultpress-lite,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/corona-6fd6dbbc58f038d409e478e2b51e5038.yaml b/nuclei-templates/cve-less/themes/corona-6fd6dbbc58f038d409e478e2b51e5038.yaml
index 3698b0d6fe..42fe05698c 100644
--- a/nuclei-templates/cve-less/themes/corona-6fd6dbbc58f038d409e478e2b51e5038.yaml
+++ b/nuclei-templates/cve-less/themes/corona-6fd6dbbc58f038d409e478e2b51e5038.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Corona (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Corona theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/corona/"
     google-query: inurl:"/wp-content/themes/corona/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,corona,medium
+  tags: cve,wordpress,wp-theme,corona,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/covertvideopress-99dafceb50253393d9ffc3281335a6c4.yaml b/nuclei-templates/cve-less/themes/covertvideopress-99dafceb50253393d9ffc3281335a6c4.yaml
index e708e2b8d2..65cdb2bff2 100644
--- a/nuclei-templates/cve-less/themes/covertvideopress-99dafceb50253393d9ffc3281335a6c4.yaml
+++ b/nuclei-templates/cve-less/themes/covertvideopress-99dafceb50253393d9ffc3281335a6c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Covert VideoPress (All Known Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Covert VideoPress Theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of VideoJS in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/covertvideopress/"
     google-query: inurl:"/wp-content/themes/covertvideopress/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,covertvideopress,medium
+  tags: cve,wordpress,wp-theme,covertvideopress,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/crius-d78e7652648c0b8a881a39d5a0a824ec.yaml b/nuclei-templates/cve-less/themes/crius-d78e7652648c0b8a881a39d5a0a824ec.yaml
index 1801209e14..856ce97797 100644
--- a/nuclei-templates/cve-less/themes/crius-d78e7652648c0b8a881a39d5a0a824ec.yaml
+++ b/nuclei-templates/cve-less/themes/crius-d78e7652648c0b8a881a39d5a0a824ec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Crius (All Known Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Covert VideoPress Theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of VideoJS in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/crius/"
     google-query: inurl:"/wp-content/themes/crius/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,crius,medium
+  tags: cve,wordpress,wp-theme,crius,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/cuisine-palace-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/cuisine-palace-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b33ba03803..51f80df7b0 100644
--- a/nuclei-templates/cve-less/themes/cuisine-palace-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/cuisine-palace-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/cuisine-palace/"
     google-query: inurl:"/wp-content/themes/cuisine-palace/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,cuisine-palace,medium
+  tags: cve,wordpress,wp-theme,cuisine-palace,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/curvo-d59f1cca77e5c81eb993686d3bfbe443.yaml b/nuclei-templates/cve-less/themes/curvo-d59f1cca77e5c81eb993686d3bfbe443.yaml
index 85eae2bbd8..5a86687da3 100644
--- a/nuclei-templates/cve-less/themes/curvo-d59f1cca77e5c81eb993686d3bfbe443.yaml
+++ b/nuclei-templates/cve-less/themes/curvo-d59f1cca77e5c81eb993686d3bfbe443.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Curvo Theme (All Known Versions) - Cross-Site Request Forgery and Arbitrary File Upload
   author: topscoder
-  severity: critical
+  severity: medium
   description: >
     The Curvo Theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload-handler.php file in all known versions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/curvo/"
     google-query: inurl:"/wp-content/themes/curvo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,curvo,critical
+  tags: cve,wordpress,wp-theme,curvo,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/dailydeal-52cc2ef9a6c2df75495af02a2e660264.yaml b/nuclei-templates/cve-less/themes/dailydeal-52cc2ef9a6c2df75495af02a2e660264.yaml
index 4a340a6a5b..2f32d7d21b 100644
--- a/nuclei-templates/cve-less/themes/dailydeal-52cc2ef9a6c2df75495af02a2e660264.yaml
+++ b/nuclei-templates/cve-less/themes/dailydeal-52cc2ef9a6c2df75495af02a2e660264.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dailydeal by Templatic < = 3.0.10 - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Dailydeal by Templatic theme for WordPress is vulnerable to arbitrary file uploads via CSRF due to missing or incorrect nonce validation in the 'upload-file.php' file in versions up to, and including, 3.0.10. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/dailydeal/"
     google-query: inurl:"/wp-content/themes/dailydeal/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,dailydeal,high
+  tags: cve,wordpress,wp-theme,dailydeal,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/dailyedition-6bdfdbb30005886703826f665471e962.yaml b/nuclei-templates/cve-less/themes/dailyedition-6bdfdbb30005886703826f665471e962.yaml
index d982e4cff3..c894350700 100644
--- a/nuclei-templates/cve-less/themes/dailyedition-6bdfdbb30005886703826f665471e962.yaml
+++ b/nuclei-templates/cve-less/themes/dailyedition-6bdfdbb30005886703826f665471e962.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Daily Edition <= 1.6.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Daily Edition theme for WordPress is vulnerable to Cross-Site Scripting via the 'id' parameter in versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/dailyedition/"
     google-query: inurl:"/wp-content/themes/dailyedition/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,dailyedition,medium
+  tags: cve,wordpress,wp-theme,dailyedition,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/daisho-6c37ed5f01e697fababa0d98a125cf7e.yaml b/nuclei-templates/cve-less/themes/daisho-6c37ed5f01e697fababa0d98a125cf7e.yaml
index 91d8e7dd48..66aa4bf37e 100644
--- a/nuclei-templates/cve-less/themes/daisho-6c37ed5f01e697fababa0d98a125cf7e.yaml
+++ b/nuclei-templates/cve-less/themes/daisho-6c37ed5f01e697fababa0d98a125cf7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Daisho Theme <= 4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     TheDaisho Theme plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/daisho/"
     google-query: inurl:"/wp-content/themes/daisho/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,daisho,medium
+  tags: cve,wordpress,wp-theme,daisho,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/digital-agency-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/digital-agency-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index 21f9eb9151..69b8a37dde 100644
--- a/nuclei-templates/cve-less/themes/digital-agency-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/digital-agency-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/digital-agency-lite/"
     google-query: inurl:"/wp-content/themes/digital-agency-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,digital-agency-lite,high
+  tags: cve,wordpress,wp-theme,digital-agency-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/dimension-033d028c8d102a833af4770e22a7e5b6.yaml b/nuclei-templates/cve-less/themes/dimension-033d028c8d102a833af4770e22a7e5b6.yaml
index 910eca49c3..f93cbca133 100644
--- a/nuclei-templates/cve-less/themes/dimension-033d028c8d102a833af4770e22a7e5b6.yaml
+++ b/nuclei-templates/cve-less/themes/dimension-033d028c8d102a833af4770e22a7e5b6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Dimension (Unknown Versions) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Dimension theme for WordPress is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation in the 'upload-handler.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/dimension/"
     google-query: inurl:"/wp-content/themes/dimension/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,dimension,high
+  tags: cve,wordpress,wp-theme,dimension,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/divi-aabb704338c74a997901edf2f42d1b76.yaml b/nuclei-templates/cve-less/themes/divi-aabb704338c74a997901edf2f42d1b76.yaml
index 6d7d96cf8f..f9a42e9782 100644
--- a/nuclei-templates/cve-less/themes/divi-aabb704338c74a997901edf2f42d1b76.yaml
+++ b/nuclei-templates/cve-less/themes/divi-aabb704338c74a997901edf2f42d1b76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elegant Themes (Various Versions) - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elegant Themes Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.17.2 in addition to the following themes: Divi <= 3.17.2 and Extra <= 2.17.2 due to insufficient input sanitization and output escaping in the post builder. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Divi/"
     google-query: inurl:"/wp-content/themes/Divi/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,Divi,medium
+  tags: cve,wordpress,wp-theme,Divi,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/doko-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/doko-b05621ef791a4dad965a137ebf6fa48c.yaml
index 918accd0a0..247de5be92 100644
--- a/nuclei-templates/cve-less/themes/doko-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/doko-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/doko/"
     google-query: inurl:"/wp-content/themes/doko/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,doko,high
+  tags: cve,wordpress,wp-theme,doko,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/dt-chocolate-042613decef34429d197e1051e8a6f20.yaml b/nuclei-templates/cve-less/themes/dt-chocolate-042613decef34429d197e1051e8a6f20.yaml
index 792c0ef6d4..c2cefc4f90 100644
--- a/nuclei-templates/cve-less/themes/dt-chocolate-042613decef34429d197e1051e8a6f20.yaml
+++ b/nuclei-templates/cve-less/themes/dt-chocolate-042613decef34429d197e1051e8a6f20.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     DT Chocolate (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The DT Chocolate theme plugin for WordPress is vulnerable to Cross-Site Scripting in all versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/dt-chocolate/"
     google-query: inurl:"/wp-content/themes/dt-chocolate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,dt-chocolate,medium
+  tags: cve,wordpress,wp-theme,dt-chocolate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/dt-chocolate-e1c40eb25b51b97676a5f939865df658.yaml b/nuclei-templates/cve-less/themes/dt-chocolate-e1c40eb25b51b97676a5f939865df658.yaml
index 104db2bd36..a691fd9bf2 100644
--- a/nuclei-templates/cve-less/themes/dt-chocolate-e1c40eb25b51b97676a5f939865df658.yaml
+++ b/nuclei-templates/cve-less/themes/dt-chocolate-e1c40eb25b51b97676a5f939865df658.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Chocolate WP – Responsive Photography Theme (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Chocolate WP – Responsive Photography Theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of TimThumb in all versions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/dt-chocolate/"
     google-query: inurl:"/wp-content/themes/dt-chocolate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,dt-chocolate,medium
+  tags: cve,wordpress,wp-theme,dt-chocolate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/ebiz-153b374358a4469baf0dcf3e128485d7.yaml b/nuclei-templates/cve-less/themes/ebiz-153b374358a4469baf0dcf3e128485d7.yaml
index 5dcf3c6c6e..2349d6151c 100644
--- a/nuclei-templates/cve-less/themes/ebiz-153b374358a4469baf0dcf3e128485d7.yaml
+++ b/nuclei-templates/cve-less/themes/ebiz-153b374358a4469baf0dcf3e128485d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Imediapixel Themes (Various Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ECOBIZ <= 3.3, Ebiz <= 1.2, Avanix <=  1.2, and Ovum (unknown version) themes for WordPress are vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/ebiz/"
     google-query: inurl:"/wp-content/themes/ebiz/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,ebiz,medium
+  tags: cve,wordpress,wp-theme,ebiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/ecobiz-153b374358a4469baf0dcf3e128485d7.yaml b/nuclei-templates/cve-less/themes/ecobiz-153b374358a4469baf0dcf3e128485d7.yaml
index 27805776de..afb71dedc2 100644
--- a/nuclei-templates/cve-less/themes/ecobiz-153b374358a4469baf0dcf3e128485d7.yaml
+++ b/nuclei-templates/cve-less/themes/ecobiz-153b374358a4469baf0dcf3e128485d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Imediapixel Themes (Various Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ECOBIZ <= 3.3, Ebiz <= 1.2, Avanix <=  1.2, and Ovum (unknown version) themes for WordPress are vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/ecobiz/"
     google-query: inurl:"/wp-content/themes/ecobiz/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,ecobiz,medium
+  tags: cve,wordpress,wp-theme,ecobiz,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/edict-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/edict-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index 52a90d9fa2..35dd661dcd 100644
--- a/nuclei-templates/cve-less/themes/edict-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/edict-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/edict-lite/"
     google-query: inurl:"/wp-content/themes/edict-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,edict-lite,high
+  tags: cve,wordpress,wp-theme,edict-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/eight-sec-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/eight-sec-b05621ef791a4dad965a137ebf6fa48c.yaml
index 69ad81abf5..cfc7dcc39a 100644
--- a/nuclei-templates/cve-less/themes/eight-sec-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/eight-sec-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/eight-sec/"
     google-query: inurl:"/wp-content/themes/eight-sec/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,eight-sec,high
+  tags: cve,wordpress,wp-theme,eight-sec,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/eightlaw-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/eightlaw-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index e87556259f..2fa84f48c3 100644
--- a/nuclei-templates/cve-less/themes/eightlaw-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/eightlaw-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/eightlaw-lite/"
     google-query: inurl:"/wp-content/themes/eightlaw-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,eightlaw-lite,high
+  tags: cve,wordpress,wp-theme,eightlaw-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/eightmedi-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/eightmedi-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index cc15f4dd3d..33726c6dc0 100644
--- a/nuclei-templates/cve-less/themes/eightmedi-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/eightmedi-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/eightmedi-lite/"
     google-query: inurl:"/wp-content/themes/eightmedi-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,eightmedi-lite,high
+  tags: cve,wordpress,wp-theme,eightmedi-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/eightstore-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/eightstore-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index 651b51e5b9..90f61c7dc6 100644
--- a/nuclei-templates/cve-less/themes/eightstore-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/eightstore-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/eightstore-lite/"
     google-query: inurl:"/wp-content/themes/eightstore-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,eightstore-lite,high
+  tags: cve,wordpress,wp-theme,eightstore-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/elasta-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/elasta-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2e51254f54..11da85e1c1 100644
--- a/nuclei-templates/cve-less/themes/elasta-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/elasta-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/elasta/"
     google-query: inurl:"/wp-content/themes/elasta/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,elasta,medium
+  tags: cve,wordpress,wp-theme,elasta,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/elation-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/elation-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 5ff42c3c36..dd441af0ad 100644
--- a/nuclei-templates/cve-less/themes/elation-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/elation-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/elation/"
     google-query: inurl:"/wp-content/themes/elation/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,elation,medium
+  tags: cve,wordpress,wp-theme,elation,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/enlighten-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/enlighten-b05621ef791a4dad965a137ebf6fa48c.yaml
index 7d22308400..b444cb561a 100644
--- a/nuclei-templates/cve-less/themes/enlighten-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/enlighten-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/enlighten/"
     google-query: inurl:"/wp-content/themes/enlighten/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,enlighten,high
+  tags: cve,wordpress,wp-theme,enlighten,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/esplanade-a255ef8b2471d464b72404fea528ca4b.yaml b/nuclei-templates/cve-less/themes/esplanade-a255ef8b2471d464b72404fea528ca4b.yaml
index ac05cb51ab..e5de21e09c 100644
--- a/nuclei-templates/cve-less/themes/esplanade-a255ef8b2471d464b72404fea528ca4b.yaml
+++ b/nuclei-templates/cve-less/themes/esplanade-a255ef8b2471d464b72404fea528ca4b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Esplanade < 1.1.5 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Esplanade Theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/esplanade/"
     google-query: inurl:"/wp-content/themes/esplanade/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,esplanade,medium
+  tags: cve,wordpress,wp-theme,esplanade,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/euclid-a6caef4d4eacfb6278b4d425ef54c643.yaml b/nuclei-templates/cve-less/themes/euclid-a6caef4d4eacfb6278b4d425ef54c643.yaml
index f5fa0dcc82..ef4606d942 100644
--- a/nuclei-templates/cve-less/themes/euclid-a6caef4d4eacfb6278b4d425ef54c643.yaml
+++ b/nuclei-templates/cve-less/themes/euclid-a6caef4d4eacfb6278b4d425ef54c643.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Euclid <= All Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Euclid Theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions. This is due to missing or incorrect nonce validation on the upload-handler function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/euclid/"
     google-query: inurl:"/wp-content/themes/euclid/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,euclid,high
+  tags: cve,wordpress,wp-theme,euclid,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/eunice-cca0a1d963a9d045f5815fda1ac1ee73.yaml b/nuclei-templates/cve-less/themes/eunice-cca0a1d963a9d045f5815fda1ac1ee73.yaml
index 480d0fb360..94b81fcbb6 100644
--- a/nuclei-templates/cve-less/themes/eunice-cca0a1d963a9d045f5815fda1ac1ee73.yaml
+++ b/nuclei-templates/cve-less/themes/eunice-cca0a1d963a9d045f5815fda1ac1ee73.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Eunice (All Versions) - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Eunice theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unspecified parameter in all known versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/eunice/"
     google-query: inurl:"/wp-content/themes/eunice/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,eunice,high
+  tags: cve,wordpress,wp-theme,eunice,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/eunoia-457ebe36f8d645741bdfd0b59a49af7e.yaml b/nuclei-templates/cve-less/themes/eunoia-457ebe36f8d645741bdfd0b59a49af7e.yaml
index 53b8e5702a..df8b3f10a6 100644
--- a/nuclei-templates/cve-less/themes/eunoia-457ebe36f8d645741bdfd0b59a49af7e.yaml
+++ b/nuclei-templates/cve-less/themes/eunoia-457ebe36f8d645741bdfd0b59a49af7e.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Eunoia (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Eunoia theme for WordPress is vulnerable to Cross-Site Scripting in all versions due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/eunoia/"
     google-query: inurl:"/wp-content/themes/eunoia/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,eunoia,medium
+  tags: cve,wordpress,wp-theme,eunoia,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/everse-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/everse-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8b242b1fd5..8f9c540ae9 100644
--- a/nuclei-templates/cve-less/themes/everse-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/everse-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/everse/"
     google-query: inurl:"/wp-content/themes/everse/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,everse,medium
+  tags: cve,wordpress,wp-theme,everse,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/explicit-3af6c2ccbc49fd7ac785ee1caf9ff348.yaml b/nuclei-templates/cve-less/themes/explicit-3af6c2ccbc49fd7ac785ee1caf9ff348.yaml
index 4f7bf7ea7b..7f851f689c 100644
--- a/nuclei-templates/cve-less/themes/explicit-3af6c2ccbc49fd7ac785ee1caf9ff348.yaml
+++ b/nuclei-templates/cve-less/themes/explicit-3af6c2ccbc49fd7ac785ee1caf9ff348.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Explicit (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Explicit theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/explicit/"
     google-query: inurl:"/wp-content/themes/explicit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,explicit,medium
+  tags: cve,wordpress,wp-theme,explicit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/expose-f1706f372daa69509bea2f9b5da810d7.yaml b/nuclei-templates/cve-less/themes/expose-f1706f372daa69509bea2f9b5da810d7.yaml
index ecc22f7f3b..ce39f89f04 100644
--- a/nuclei-templates/cve-less/themes/expose-f1706f372daa69509bea2f9b5da810d7.yaml
+++ b/nuclei-templates/cve-less/themes/expose-f1706f372daa69509bea2f9b5da810d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Expose (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Expose theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/expose/"
     google-query: inurl:"/wp-content/themes/expose/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,expose,medium
+  tags: cve,wordpress,wp-theme,expose,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/extra-aabb704338c74a997901edf2f42d1b76.yaml b/nuclei-templates/cve-less/themes/extra-aabb704338c74a997901edf2f42d1b76.yaml
index 36fbd61bd0..55a84a3e2c 100644
--- a/nuclei-templates/cve-less/themes/extra-aabb704338c74a997901edf2f42d1b76.yaml
+++ b/nuclei-templates/cve-less/themes/extra-aabb704338c74a997901edf2f42d1b76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Elegant Themes (Various Versions) - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Elegant Themes Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.17.2 in addition to the following themes: Divi <= 3.17.2 and Extra <= 2.17.2 due to insufficient input sanitization and output escaping in the post builder. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/extra/"
     google-query: inurl:"/wp-content/themes/extra/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,extra,medium
+  tags: cve,wordpress,wp-theme,extra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/felici-83462ab31c23510cbb4ed4293c5a8d88.yaml b/nuclei-templates/cve-less/themes/felici-83462ab31c23510cbb4ed4293c5a8d88.yaml
index a89d7a57db..781e3cfd6f 100644
--- a/nuclei-templates/cve-less/themes/felici-83462ab31c23510cbb4ed4293c5a8d88.yaml
+++ b/nuclei-templates/cve-less/themes/felici-83462ab31c23510cbb4ed4293c5a8d88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Felici Premium Magazine Theme <= 1.7 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Felici Premium Magazine Theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘buttonText’ parameter in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/felici/"
     google-query: inurl:"/wp-content/themes/felici/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,felici,medium
+  tags: cve,wordpress,wp-theme,felici,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/findus-cfc50a0804539ff785925571caba914b.yaml b/nuclei-templates/cve-less/themes/findus-cfc50a0804539ff785925571caba914b.yaml
index 7a28b28505..7ada0c8e28 100644
--- a/nuclei-templates/cve-less/themes/findus-cfc50a0804539ff785925571caba914b.yaml
+++ b/nuclei-templates/cve-less/themes/findus-cfc50a0804539ff785925571caba914b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Findus - Directory Listing WordPress Theme < 1.1.15 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Findus - Directory Listing WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 1.1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/findus/"
     google-query: inurl:"/wp-content/themes/findus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,findus,medium
+  tags: cve,wordpress,wp-theme,findus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/fotography-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/fotography-b05621ef791a4dad965a137ebf6fa48c.yaml
index 3a767e1a91..ed563f4e89 100644
--- a/nuclei-templates/cve-less/themes/fotography-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/fotography-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/fotography/"
     google-query: inurl:"/wp-content/themes/fotography/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,fotography,high
+  tags: cve,wordpress,wp-theme,fotography,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/fruitful-80477eee43f78931347fee8d51f74e47.yaml b/nuclei-templates/cve-less/themes/fruitful-80477eee43f78931347fee8d51f74e47.yaml
index 6c6c4e417b..a30fb24cab 100644
--- a/nuclei-templates/cve-less/themes/fruitful-80477eee43f78931347fee8d51f74e47.yaml
+++ b/nuclei-templates/cve-less/themes/fruitful-80477eee43f78931347fee8d51f74e47.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Fruitful < 3.8.1 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Fruitful theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘author’ parameter in versions before 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/fruitful/"
     google-query: inurl:"/wp-content/themes/fruitful/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,fruitful,high
+  tags: cve,wordpress,wp-theme,fruitful,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/golo-1089e240eda4d80561f1b8e6010e3ce7.yaml b/nuclei-templates/cve-less/themes/golo-1089e240eda4d80561f1b8e6010e3ce7.yaml
index d64446a6d5..3cabf4d505 100644
--- a/nuclei-templates/cve-less/themes/golo-1089e240eda4d80561f1b8e6010e3ce7.yaml
+++ b/nuclei-templates/cve-less/themes/golo-1089e240eda4d80561f1b8e6010e3ce7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Golo - City Travel Guide WordPress Theme < 1.3.3 - Reflected Cross-Site Scripting
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The "Golo - City Travel Guide WordPress Theme" theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in versions before 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/golo/"
     google-query: inurl:"/wp-content/themes/golo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,golo,high
+  tags: cve,wordpress,wp-theme,golo,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/hasium-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/hasium-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index e6bd541a75..52ef84d0ce 100644
--- a/nuclei-templates/cve-less/themes/hasium-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/hasium-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/hasium/"
     google-query: inurl:"/wp-content/themes/hasium/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,hasium,medium
+  tags: cve,wordpress,wp-theme,hasium,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/homevillas-real-estate-437a2bdda5608892f1a5bb69f6ded0f0.yaml b/nuclei-templates/cve-less/themes/homevillas-real-estate-437a2bdda5608892f1a5bb69f6ded0f0.yaml
index d1e0d59083..7a46a71727 100644
--- a/nuclei-templates/cve-less/themes/homevillas-real-estate-437a2bdda5608892f1a5bb69f6ded0f0.yaml
+++ b/nuclei-templates/cve-less/themes/homevillas-real-estate-437a2bdda5608892f1a5bb69f6ded0f0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Home Villas | Real Estate WordPress Theme <= 2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Home Villas | Real Estate WordPress Theme for WordPress is vulnerable to both Reflected and Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.2 (11 March 2020) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The vulnerabilities were patched in version 2.2 (1 September 20).
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/homevillas-real-estate/"
     google-query: inurl:"/wp-content/themes/homevillas-real-estate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,homevillas-real-estate,medium
+  tags: cve,wordpress,wp-theme,homevillas-real-estate,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/jetapo-59597a1103eb0e1b65ccc3450fe7b191.yaml b/nuclei-templates/cve-less/themes/jetapo-59597a1103eb0e1b65ccc3450fe7b191.yaml
index 7f0ef46caa..d91b3ccdda 100644
--- a/nuclei-templates/cve-less/themes/jetapo-59597a1103eb0e1b65ccc3450fe7b191.yaml
+++ b/nuclei-templates/cve-less/themes/jetapo-59597a1103eb0e1b65ccc3450fe7b191.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetapo | Jobboard WordPress Theme and Jetapo | Jobboard WordPress Theme with WooCommerce < 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Jetapo | Jobboard WordPress Theme and Jetapo | Jobboard WordPress Theme with WooCommerce for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘location’ parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/jetapo/"
     google-query: inurl:"/wp-content/themes/jetapo/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,jetapo,medium
+  tags: cve,wordpress,wp-theme,jetapo,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/jetapo-with-woocommerce-59597a1103eb0e1b65ccc3450fe7b191.yaml b/nuclei-templates/cve-less/themes/jetapo-with-woocommerce-59597a1103eb0e1b65ccc3450fe7b191.yaml
index 77e73d5565..6bac5bb3ee 100644
--- a/nuclei-templates/cve-less/themes/jetapo-with-woocommerce-59597a1103eb0e1b65ccc3450fe7b191.yaml
+++ b/nuclei-templates/cve-less/themes/jetapo-with-woocommerce-59597a1103eb0e1b65ccc3450fe7b191.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Jetapo | Jobboard WordPress Theme and Jetapo | Jobboard WordPress Theme with WooCommerce < 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Jetapo | Jobboard WordPress Theme and Jetapo | Jobboard WordPress Theme with WooCommerce for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘location’ parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/jetapo-with-woocommerce/"
     google-query: inurl:"/wp-content/themes/jetapo-with-woocommerce/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,jetapo-with-woocommerce,medium
+  tags: cve,wordpress,wp-theme,jetapo-with-woocommerce,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/jobcareer-24ed2c04cbd73f5247d8f86d829c0936.yaml b/nuclei-templates/cve-less/themes/jobcareer-24ed2c04cbd73f5247d8f86d829c0936.yaml
index 998cf87726..bb68efdb24 100644
--- a/nuclei-templates/cve-less/themes/jobcareer-24ed2c04cbd73f5247d8f86d829c0936.yaml
+++ b/nuclei-templates/cve-less/themes/jobcareer-24ed2c04cbd73f5247d8f86d829c0936.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     JobCareer <= 3.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The JobCareer plugin for WordPress is vulnerable to Cross-Site Scripting via the 'job_title', 'specialisms', and 'location' parameters and address textfield in versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/jobcareer/"
     google-query: inurl:"/wp-content/themes/jobcareer/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,jobcareer,medium
+  tags: cve,wordpress,wp-theme,jobcareer,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/jumpstart-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/themes/jumpstart-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index 5350af127d..160d5180ab 100644
--- a/nuclei-templates/cve-less/themes/jumpstart-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/themes/jumpstart-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/jumpstart/"
     google-query: inurl:"/wp-content/themes/jumpstart/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,jumpstart,medium
+  tags: cve,wordpress,wp-theme,jumpstart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/konzept-0f4251fd59b25576860e082b19c2ffec.yaml b/nuclei-templates/cve-less/themes/konzept-0f4251fd59b25576860e082b19c2ffec.yaml
index e69d44bebc..63d0243f70 100644
--- a/nuclei-templates/cve-less/themes/konzept-0f4251fd59b25576860e082b19c2ffec.yaml
+++ b/nuclei-templates/cve-less/themes/konzept-0f4251fd59b25576860e082b19c2ffec.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Konzept (Unknown Version) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Konzept theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/konzept/"
     google-query: inurl:"/wp-content/themes/konzept/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,konzept,medium
+  tags: cve,wordpress,wp-theme,konzept,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/learnmore-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/learnmore-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index b450802987..9d08d339c7 100644
--- a/nuclei-templates/cve-less/themes/learnmore-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/learnmore-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/learnmore/"
     google-query: inurl:"/wp-content/themes/learnmore/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,learnmore,medium
+  tags: cve,wordpress,wp-theme,learnmore,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/listingpro-a7a54e981c91a31a82ea2b30647ffe08.yaml b/nuclei-templates/cve-less/themes/listingpro-a7a54e981c91a31a82ea2b30647ffe08.yaml
index 504d1a780c..496636dfbc 100644
--- a/nuclei-templates/cve-less/themes/listingpro-a7a54e981c91a31a82ea2b30647ffe08.yaml
+++ b/nuclei-templates/cve-less/themes/listingpro-a7a54e981c91a31a82ea2b30647ffe08.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ListingPro - WordPress Directory & Listing Theme < 2.5.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Cross-Site Scripting via the 'lp_s_loc' parameter in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/listingpro/"
     google-query: inurl:"/wp-content/themes/listingpro/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,listingpro,medium
+  tags: cve,wordpress,wp-theme,listingpro,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/make_a_statement-0cec5a6d0e834430dc98d58d37f70832.yaml b/nuclei-templates/cve-less/themes/make_a_statement-0cec5a6d0e834430dc98d58d37f70832.yaml
index f1747c3e8e..49a9d471c4 100644
--- a/nuclei-templates/cve-less/themes/make_a_statement-0cec5a6d0e834430dc98d58d37f70832.yaml
+++ b/nuclei-templates/cve-less/themes/make_a_statement-0cec5a6d0e834430dc98d58d37f70832.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Make A Statement (All Versions) - Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     The Make A Statement theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload-handler.php' file in all known versions. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/make_a_statement/"
     google-query: inurl:"/wp-content/themes/make_a_statement/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,make_a_statement,high
+  tags: cve,wordpress,wp-theme,make_a_statement,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/meridia-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/meridia-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f89a24513a..a751dba072 100644
--- a/nuclei-templates/cve-less/themes/meridia-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/meridia-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/meridia/"
     google-query: inurl:"/wp-content/themes/meridia/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,meridia,medium
+  tags: cve,wordpress,wp-theme,meridia,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/moneytheme-01c4d40fcdab41e37ee61c249a61b9a0.yaml b/nuclei-templates/cve-less/themes/moneytheme-01c4d40fcdab41e37ee61c249a61b9a0.yaml
index 61ccdaddc9..e5d45b1764 100644
--- a/nuclei-templates/cve-less/themes/moneytheme-01c4d40fcdab41e37ee61c249a61b9a0.yaml
+++ b/nuclei-templates/cve-less/themes/moneytheme-01c4d40fcdab41e37ee61c249a61b9a0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     MoneyTheme (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The MoneyTheme theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/moneytheme/"
     google-query: inurl:"/wp-content/themes/moneytheme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,moneytheme,medium
+  tags: cve,wordpress,wp-theme,moneytheme,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/montezuma-4261580e84ae15728409e95c26688958.yaml b/nuclei-templates/cve-less/themes/montezuma-4261580e84ae15728409e95c26688958.yaml
index 40ec53cae9..c09d087ba9 100644
--- a/nuclei-templates/cve-less/themes/montezuma-4261580e84ae15728409e95c26688958.yaml
+++ b/nuclei-templates/cve-less/themes/montezuma-4261580e84ae15728409e95c26688958.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Montezuma < 1.1.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Montezuma theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the inclusion of a vulnerable version of ZeroClipboard in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/montezuma/"
     google-query: inurl:"/wp-content/themes/montezuma/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,montezuma,medium
+  tags: cve,wordpress,wp-theme,montezuma,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/newspaper-6aa028e953687ecd485553c1a3a1d760.yaml b/nuclei-templates/cve-less/themes/newspaper-6aa028e953687ecd485553c1a3a1d760.yaml
index 55390c90ce..58b3d8df08 100644
--- a/nuclei-templates/cve-less/themes/newspaper-6aa028e953687ecd485553c1a3a1d760.yaml
+++ b/nuclei-templates/cve-less/themes/newspaper-6aa028e953687ecd485553c1a3a1d760.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Newspaper < 9.2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Newspaper theme for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/Newspaper/"
     google-query: inurl:"/wp-content/themes/Newspaper/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,Newspaper,medium
+  tags: cve,wordpress,wp-theme,Newspaper,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/nichebase-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/nichebase-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 8e52dc61c0..71bdecbbaa 100644
--- a/nuclei-templates/cve-less/themes/nichebase-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/nichebase-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/nichebase/"
     google-query: inurl:"/wp-content/themes/nichebase/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,nichebase,medium
+  tags: cve,wordpress,wp-theme,nichebase,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/nokke-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/nokke-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 09b35018c7..991ab13175 100644
--- a/nuclei-templates/cve-less/themes/nokke-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/nokke-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/nokke/"
     google-query: inurl:"/wp-content/themes/nokke/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,nokke,medium
+  tags: cve,wordpress,wp-theme,nokke,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/opstore-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/opstore-b05621ef791a4dad965a137ebf6fa48c.yaml
index 9778f50793..361feaba6f 100644
--- a/nuclei-templates/cve-less/themes/opstore-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/opstore-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/opstore/"
     google-query: inurl:"/wp-content/themes/opstore/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,opstore,high
+  tags: cve,wordpress,wp-theme,opstore,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/ovum-153b374358a4469baf0dcf3e128485d7.yaml b/nuclei-templates/cve-less/themes/ovum-153b374358a4469baf0dcf3e128485d7.yaml
index eecddc050e..f12e4a3607 100644
--- a/nuclei-templates/cve-less/themes/ovum-153b374358a4469baf0dcf3e128485d7.yaml
+++ b/nuclei-templates/cve-less/themes/ovum-153b374358a4469baf0dcf3e128485d7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Imediapixel Themes (Various Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The ECOBIZ <= 3.3, Ebiz <= 1.2, Avanix <=  1.2, and Ovum (unknown version) themes for WordPress are vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/ovum/"
     google-query: inurl:"/wp-content/themes/ovum/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,ovum,medium
+  tags: cve,wordpress,wp-theme,ovum,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/oxygen-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml b/nuclei-templates/cve-less/themes/oxygen-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
index 716bec3ca5..eb54428bc5 100644
--- a/nuclei-templates/cve-less/themes/oxygen-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
+++ b/nuclei-templates/cve-less/themes/oxygen-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Various Orange themes (Various Unspecified Versions) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Various Orange themes for WordPress are vulnerable to arbitrary file uploads due to a Cross-Site Request Forgery vulnerability in the '/functions/upload-handler.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/oxygen-theme/"
     google-query: inurl:"/wp-content/themes/oxygen-theme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,oxygen-theme,high
+  tags: cve,wordpress,wp-theme,oxygen-theme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/pagelines-420826a18f17be957cec476d8ddba661.yaml b/nuclei-templates/cve-less/themes/pagelines-420826a18f17be957cec476d8ddba661.yaml
index 83a7d0c02e..93f8408961 100644
--- a/nuclei-templates/cve-less/themes/pagelines-420826a18f17be957cec476d8ddba661.yaml
+++ b/nuclei-templates/cve-less/themes/pagelines-420826a18f17be957cec476d8ddba661.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Pagelines Theme < 1.4.6 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Pagelines Theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the pagelines_ajax_save_option_callback function in versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to escalate privileges and create administrator accounts.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/pagelines/"
     google-query: inurl:"/wp-content/themes/pagelines/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,pagelines,critical
+  tags: cve,wordpress,wp-theme,pagelines,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/parallaxsome-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/parallaxsome-b05621ef791a4dad965a137ebf6fa48c.yaml
index f410762e3b..9c4ebc4e7a 100644
--- a/nuclei-templates/cve-less/themes/parallaxsome-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/parallaxsome-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/parallaxsome/"
     google-query: inurl:"/wp-content/themes/parallaxsome/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,parallaxsome,high
+  tags: cve,wordpress,wp-theme,parallaxsome,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/paramount-d272edd7bf2202319b532fbee6ccf813.yaml b/nuclei-templates/cve-less/themes/paramount-d272edd7bf2202319b532fbee6ccf813.yaml
index 7bb5636b95..82dbe60082 100644
--- a/nuclei-templates/cve-less/themes/paramount-d272edd7bf2202319b532fbee6ccf813.yaml
+++ b/nuclei-templates/cve-less/themes/paramount-d272edd7bf2202319b532fbee6ccf813.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Paramount (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Paramount theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/paramount/"
     google-query: inurl:"/wp-content/themes/paramount/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,paramount,medium
+  tags: cve,wordpress,wp-theme,paramount,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/photolio-8ef9471efc371c6e5352e86a4f1c97cf.yaml b/nuclei-templates/cve-less/themes/photolio-8ef9471efc371c6e5352e86a4f1c97cf.yaml
index a96b7b7541..59146e8927 100644
--- a/nuclei-templates/cve-less/themes/photolio-8ef9471efc371c6e5352e86a4f1c97cf.yaml
+++ b/nuclei-templates/cve-less/themes/photolio-8ef9471efc371c6e5352e86a4f1c97cf.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Photolio Theme (All Known Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Photolio Theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of jPlayer in all known versions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/photolio/"
     google-query: inurl:"/wp-content/themes/photolio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,photolio,medium
+  tags: cve,wordpress,wp-theme,photolio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/platform-097b177de58f6e0ab66eb9ddb05e4182.yaml b/nuclei-templates/cve-less/themes/platform-097b177de58f6e0ab66eb9ddb05e4182.yaml
index fd435aeb82..484f67c586 100644
--- a/nuclei-templates/cve-less/themes/platform-097b177de58f6e0ab66eb9ddb05e4182.yaml
+++ b/nuclei-templates/cve-less/themes/platform-097b177de58f6e0ab66eb9ddb05e4182.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Platform < 1.4.4 - Missing Authorization
   author: topscoder
-  severity: critical
+  severity: high
   description: >
     The Platform theme for WordPress is vulnerable to authorization bypass due to a missing capability checks on several functions in versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to escalate privileges and perform a full site takeover.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/platform/"
     google-query: inurl:"/wp-content/themes/platform/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,platform,critical
+  tags: cve,wordpress,wp-theme,platform,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/punte-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/punte-b05621ef791a4dad965a137ebf6fa48c.yaml
index 1cec0b2b07..f005ca3f77 100644
--- a/nuclei-templates/cve-less/themes/punte-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/punte-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/punte/"
     google-query: inurl:"/wp-content/themes/punte/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,punte,high
+  tags: cve,wordpress,wp-theme,punte,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/purosa-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/purosa-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 6d74a24272..e1a08e4b9b 100644
--- a/nuclei-templates/cve-less/themes/purosa-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/purosa-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/purosa/"
     google-query: inurl:"/wp-content/themes/purosa/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,purosa,medium
+  tags: cve,wordpress,wp-theme,purosa,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/purus-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/purus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 12d1532007..cd19cb486a 100644
--- a/nuclei-templates/cve-less/themes/purus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/purus-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/purus/"
     google-query: inurl:"/wp-content/themes/purus/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,purus,medium
+  tags: cve,wordpress,wp-theme,purus,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/radial-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml b/nuclei-templates/cve-less/themes/radial-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
index 80df7ad4c3..ea0447df21 100644
--- a/nuclei-templates/cve-less/themes/radial-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
+++ b/nuclei-templates/cve-less/themes/radial-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Various Orange themes (Various Unspecified Versions) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Various Orange themes for WordPress are vulnerable to arbitrary file uploads due to a Cross-Site Request Forgery vulnerability in the '/functions/upload-handler.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/radial-theme/"
     google-query: inurl:"/wp-content/themes/radial-theme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,radial-theme,high
+  tags: cve,wordpress,wp-theme,radial-theme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/rayoflight-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml b/nuclei-templates/cve-less/themes/rayoflight-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
index 094342768d..bb7a51fcd9 100644
--- a/nuclei-templates/cve-less/themes/rayoflight-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
+++ b/nuclei-templates/cve-less/themes/rayoflight-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Various Orange themes (Various Unspecified Versions) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Various Orange themes for WordPress are vulnerable to arbitrary file uploads due to a Cross-Site Request Forgery vulnerability in the '/functions/upload-handler.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/rayoflight-theme/"
     google-query: inurl:"/wp-content/themes/rayoflight-theme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,rayoflight-theme,high
+  tags: cve,wordpress,wp-theme,rayoflight-theme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/realestate-7-7c80a51dbc178dbba0958056b8c3f2e8.yaml b/nuclei-templates/cve-less/themes/realestate-7-7c80a51dbc178dbba0958056b8c3f2e8.yaml
index e6747310f2..c4983faa62 100644
--- a/nuclei-templates/cve-less/themes/realestate-7-7c80a51dbc178dbba0958056b8c3f2e8.yaml
+++ b/nuclei-templates/cve-less/themes/realestate-7-7c80a51dbc178dbba0958056b8c3f2e8.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Estate 7 WordPress Theme < 2.9.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Real Estate 7 WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the template-edit-listing.php and template-submit-listing.php php files in versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/realestate-7/"
     google-query: inurl:"/wp-content/themes/realestate-7/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,realestate-7,medium
+  tags: cve,wordpress,wp-theme,realestate-7,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/realestate-b65ead0bf4d8e59d495a3f91f757b324.yaml b/nuclei-templates/cve-less/themes/realestate-b65ead0bf4d8e59d495a3f91f757b324.yaml
index b5fbf6ac86..01a89a0490 100644
--- a/nuclei-templates/cve-less/themes/realestate-b65ead0bf4d8e59d495a3f91f757b324.yaml
+++ b/nuclei-templates/cve-less/themes/realestate-b65ead0bf4d8e59d495a3f91f757b324.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Real Estate by Templatic (Unknown Version) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Realestate theme for WordPress is vulnerable to arbitrary file uploads via CSRF due to missing or incorrect nonce validation in the 'upload-file.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/realestate/"
     google-query: inurl:"/wp-content/themes/realestate/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,realestate,high
+  tags: cve,wordpress,wp-theme,realestate,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/reality-3985d2776b3f2339d3a1cdb855d509b4.yaml b/nuclei-templates/cve-less/themes/reality-3985d2776b3f2339d3a1cdb855d509b4.yaml
index 0e2063e161..00ab5ef5a8 100644
--- a/nuclei-templates/cve-less/themes/reality-3985d2776b3f2339d3a1cdb855d509b4.yaml
+++ b/nuclei-templates/cve-less/themes/reality-3985d2776b3f2339d3a1cdb855d509b4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Reality <= 2.3.0 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Reality theme for WordPress is vulnerable to Stored Cross-Site Scripting via the property and user pages in versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/reality/"
     google-query: inurl:"/wp-content/themes/reality/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,reality,medium
+  tags: cve,wordpress,wp-theme,reality,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/reganto-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml b/nuclei-templates/cve-less/themes/reganto-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
index 96ade731b7..469c37115f 100644
--- a/nuclei-templates/cve-less/themes/reganto-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
+++ b/nuclei-templates/cve-less/themes/reganto-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Various Orange themes (Various Unspecified Versions) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Various Orange themes for WordPress are vulnerable to arbitrary file uploads due to a Cross-Site Request Forgery vulnerability in the '/functions/upload-handler.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/reganto-theme/"
     google-query: inurl:"/wp-content/themes/reganto-theme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,reganto-theme,high
+  tags: cve,wordpress,wp-theme,reganto-theme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/repagent-288eb500b515d4e74eb8cc4150e440e6.yaml b/nuclei-templates/cve-less/themes/repagent-288eb500b515d4e74eb8cc4150e440e6.yaml
index 12fecda2bd..013caa0b87 100644
--- a/nuclei-templates/cve-less/themes/repagent-288eb500b515d4e74eb8cc4150e440e6.yaml
+++ b/nuclei-templates/cve-less/themes/repagent-288eb500b515d4e74eb8cc4150e440e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Repagent (Unknown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Repagent theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/repagent/"
     google-query: inurl:"/wp-content/themes/repagent/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,repagent,medium
+  tags: cve,wordpress,wp-theme,repagent,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/revolve-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/revolve-b05621ef791a4dad965a137ebf6fa48c.yaml
index 86eacdfc9e..9e25f5fb4e 100644
--- a/nuclei-templates/cve-less/themes/revolve-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/revolve-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/revolve/"
     google-query: inurl:"/wp-content/themes/revolve/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,revolve,high
+  tags: cve,wordpress,wp-theme,revolve,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/ripple-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/ripple-b05621ef791a4dad965a137ebf6fa48c.yaml
index 19f3728193..29d6259811 100644
--- a/nuclei-templates/cve-less/themes/ripple-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/ripple-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/ripple/"
     google-query: inurl:"/wp-content/themes/ripple/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,ripple,high
+  tags: cve,wordpress,wp-theme,ripple,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/rockstar-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml b/nuclei-templates/cve-less/themes/rockstar-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
index 95f09af05c..e7e49e81d4 100644
--- a/nuclei-templates/cve-less/themes/rockstar-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
+++ b/nuclei-templates/cve-less/themes/rockstar-theme-d488c88c43dea5d67f8bd9aa864ebfd0.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Various Orange themes (Various Unspecified Versions) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     Various Orange themes for WordPress are vulnerable to arbitrary file uploads due to a Cross-Site Request Forgery vulnerability in the '/functions/upload-handler.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/rockstar-theme/"
     google-query: inurl:"/wp-content/themes/rockstar-theme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,rockstar-theme,high
+  tags: cve,wordpress,wp-theme,rockstar-theme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/sahifa-8f0fce172385265946ed4e8ec3bfed88.yaml b/nuclei-templates/cve-less/themes/sahifa-8f0fce172385265946ed4e8ec3bfed88.yaml
index 408e2440a8..39fc278b33 100644
--- a/nuclei-templates/cve-less/themes/sahifa-8f0fce172385265946ed4e8ec3bfed88.yaml
+++ b/nuclei-templates/cve-less/themes/sahifa-8f0fce172385265946ed4e8ec3bfed88.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sahifa <= 2.4.0 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Sahifa theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation in the 'mpanel-functions.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/sahifa/"
     google-query: inurl:"/wp-content/themes/sahifa/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,sahifa,high
+  tags: cve,wordpress,wp-theme,sahifa,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/sakala-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/sakala-b05621ef791a4dad965a137ebf6fa48c.yaml
index 4f36b74acd..fb5afe02ec 100644
--- a/nuclei-templates/cve-less/themes/sakala-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/sakala-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/sakala/"
     google-query: inurl:"/wp-content/themes/sakala/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,sakala,high
+  tags: cve,wordpress,wp-theme,sakala,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/salem-25d9dfe9dcb2d90be01a548affeb688f.yaml b/nuclei-templates/cve-less/themes/salem-25d9dfe9dcb2d90be01a548affeb688f.yaml
index cd3cf457a7..48ebcf43fe 100644
--- a/nuclei-templates/cve-less/themes/salem-25d9dfe9dcb2d90be01a548affeb688f.yaml
+++ b/nuclei-templates/cve-less/themes/salem-25d9dfe9dcb2d90be01a548affeb688f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salem Theme <= 1.5.5 - DOM-based Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Salem Theme plugin for WordPress is vulnerable to DOM-based Cross-Site Scripting in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/salem/"
     google-query: inurl:"/wp-content/themes/salem/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,salem,medium
+  tags: cve,wordpress,wp-theme,salem,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/salient-29b864084c574899fcc996f9b322577a.yaml b/nuclei-templates/cve-less/themes/salient-29b864084c574899fcc996f9b322577a.yaml
index 978600a775..81e52da248 100644
--- a/nuclei-templates/cve-less/themes/salient-29b864084c574899fcc996f9b322577a.yaml
+++ b/nuclei-templates/cve-less/themes/salient-29b864084c574899fcc996f9b322577a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Salient < 5.5.53 - DOM Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Salient theme for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/salient/"
     google-query: inurl:"/wp-content/themes/salient/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,salient,medium
+  tags: cve,wordpress,wp-theme,salient,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/scarlet-828e17b05d92c010fb7f9a4a0922569b.yaml b/nuclei-templates/cve-less/themes/scarlet-828e17b05d92c010fb7f9a4a0922569b.yaml
index d00f928cf0..c236dff8f4 100644
--- a/nuclei-templates/cve-less/themes/scarlet-828e17b05d92c010fb7f9a4a0922569b.yaml
+++ b/nuclei-templates/cve-less/themes/scarlet-828e17b05d92c010fb7f9a4a0922569b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Scarlet (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Scarlet theme for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions due to the inclusion of a vulnerable version of ZeroClipboard. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/scarlet/"
     google-query: inurl:"/wp-content/themes/scarlet/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,scarlet,medium
+  tags: cve,wordpress,wp-theme,scarlet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/scrollme-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/scrollme-b05621ef791a4dad965a137ebf6fa48c.yaml
index 85d8d0493a..10d04f53d0 100644
--- a/nuclei-templates/cve-less/themes/scrollme-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/scrollme-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/scrollme/"
     google-query: inurl:"/wp-content/themes/scrollme/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,scrollme,high
+  tags: cve,wordpress,wp-theme,scrollme,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/selio-fbaa72caee7c30faff8212706be987c1.yaml b/nuclei-templates/cve-less/themes/selio-fbaa72caee7c30faff8212706be987c1.yaml
index ad9adfc3b3..0fb25fbcb6 100644
--- a/nuclei-templates/cve-less/themes/selio-fbaa72caee7c30faff8212706be987c1.yaml
+++ b/nuclei-templates/cve-less/themes/selio-fbaa72caee7c30faff8212706be987c1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Selio - Real Estate Directory <= 1.1 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Selio - Real Estate Directory theme for WordPress is vulnerable to Stored Cross-Site Scripting via the message textfield in the 'ENQUIRY FORM'  in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/selio/"
     google-query: inurl:"/wp-content/themes/selio/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,selio,medium
+  tags: cve,wordpress,wp-theme,selio,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/shapeless-6490c018ab51d9b822f80c44c2a4f77f.yaml b/nuclei-templates/cve-less/themes/shapeless-6490c018ab51d9b822f80c44c2a4f77f.yaml
index 0b4e787456..45292ebbaa 100644
--- a/nuclei-templates/cve-less/themes/shapeless-6490c018ab51d9b822f80c44c2a4f77f.yaml
+++ b/nuclei-templates/cve-less/themes/shapeless-6490c018ab51d9b822f80c44c2a4f77f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shapeless <= 1.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shapeless theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/shapeless/"
     google-query: inurl:"/wp-content/themes/shapeless/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,shapeless,medium
+  tags: cve,wordpress,wp-theme,shapeless,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/shoutbox-0dec1530fa29f0f3dd02117fbaf12b9a.yaml b/nuclei-templates/cve-less/themes/shoutbox-0dec1530fa29f0f3dd02117fbaf12b9a.yaml
index da26a47c7c..7303bdf013 100644
--- a/nuclei-templates/cve-less/themes/shoutbox-0dec1530fa29f0f3dd02117fbaf12b9a.yaml
+++ b/nuclei-templates/cve-less/themes/shoutbox-0dec1530fa29f0f3dd02117fbaf12b9a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Shoutbox (Unknown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Shoutbox theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/shoutbox/"
     google-query: inurl:"/wp-content/themes/shoutbox/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,shoutbox,medium
+  tags: cve,wordpress,wp-theme,shoutbox,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/shuban-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/shuban-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c8fac0f6c6..fd4e796451 100644
--- a/nuclei-templates/cve-less/themes/shuban-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/shuban-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/shuban/"
     google-query: inurl:"/wp-content/themes/shuban/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,shuban,medium
+  tags: cve,wordpress,wp-theme,shuban,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/silverorchid-f668ff84aa12e9412717100f16882a82.yaml b/nuclei-templates/cve-less/themes/silverorchid-f668ff84aa12e9412717100f16882a82.yaml
index 5195f3b5d9..17538baa2a 100644
--- a/nuclei-templates/cve-less/themes/silverorchid-f668ff84aa12e9412717100f16882a82.yaml
+++ b/nuclei-templates/cve-less/themes/silverorchid-f668ff84aa12e9412717100f16882a82.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     silverOrchid <= 1.5.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The silverOrchid theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/silverorchid/"
     google-query: inurl:"/wp-content/themes/silverorchid/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,silverorchid,medium
+  tags: cve,wordpress,wp-theme,silverorchid,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/simplebalance-36a65684d72ca90db400bc9a48e4b1a7.yaml b/nuclei-templates/cve-less/themes/simplebalance-36a65684d72ca90db400bc9a48e4b1a7.yaml
index ec3ab6579f..2f84c1d9eb 100644
--- a/nuclei-templates/cve-less/themes/simplebalance-36a65684d72ca90db400bc9a48e4b1a7.yaml
+++ b/nuclei-templates/cve-less/themes/simplebalance-36a65684d72ca90db400bc9a48e4b1a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Simple Balance <= 2.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Simple Balance theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/simplebalance/"
     google-query: inurl:"/wp-content/themes/simplebalance/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,simplebalance,medium
+  tags: cve,wordpress,wp-theme,simplebalance,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/smartstart-9ef0d273482df03c9ba3dcd5e27ac8b5.yaml b/nuclei-templates/cve-less/themes/smartstart-9ef0d273482df03c9ba3dcd5e27ac8b5.yaml
index b40229a01e..374691e72a 100644
--- a/nuclei-templates/cve-less/themes/smartstart-9ef0d273482df03c9ba3dcd5e27ac8b5.yaml
+++ b/nuclei-templates/cve-less/themes/smartstart-9ef0d273482df03c9ba3dcd5e27ac8b5.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Smart Start <= 1.0.8 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Smart Start theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/smartstart/"
     google-query: inurl:"/wp-content/themes/smartstart/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,smartstart,medium
+  tags: cve,wordpress,wp-theme,smartstart,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/source-03c4d8dd500314f942cf4bffdc3e3289.yaml b/nuclei-templates/cve-less/themes/source-03c4d8dd500314f942cf4bffdc3e3289.yaml
index 5af7597a74..a6181d5b31 100644
--- a/nuclei-templates/cve-less/themes/source-03c4d8dd500314f942cf4bffdc3e3289.yaml
+++ b/nuclei-templates/cve-less/themes/source-03c4d8dd500314f942cf4bffdc3e3289.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Source (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Source theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/source/"
     google-query: inurl:"/wp-content/themes/source/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,source,medium
+  tags: cve,wordpress,wp-theme,source,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/sparky-186cdb2704350d8646ad5a58aed89581.yaml b/nuclei-templates/cve-less/themes/sparky-186cdb2704350d8646ad5a58aed89581.yaml
index d1bc25d5cf..078715d7a1 100644
--- a/nuclei-templates/cve-less/themes/sparky-186cdb2704350d8646ad5a58aed89581.yaml
+++ b/nuclei-templates/cve-less/themes/sparky-186cdb2704350d8646ad5a58aed89581.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Sparky <= 1.0 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Sparky theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/sparky/"
     google-query: inurl:"/wp-content/themes/sparky/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,sparky,medium
+  tags: cve,wordpress,wp-theme,sparky,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/specialist-48124923f45f6ff808c33e2b8fa204cd.yaml b/nuclei-templates/cve-less/themes/specialist-48124923f45f6ff808c33e2b8fa204cd.yaml
index 836176a817..50e8ed4534 100644
--- a/nuclei-templates/cve-less/themes/specialist-48124923f45f6ff808c33e2b8fa204cd.yaml
+++ b/nuclei-templates/cve-less/themes/specialist-48124923f45f6ff808c33e2b8fa204cd.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Specialist (Unspecified Version) - Cross-Site Request Forgery to Arbitrary File Upload
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Specialist theme for WordPress is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the upload-file.php file. This makes it possible for unauthenticated attackers to upload arbitrary files which may execute malicious code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/specialist/"
     google-query: inurl:"/wp-content/themes/specialist/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,specialist,high
+  tags: cve,wordpress,wp-theme,specialist,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/speculor-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/speculor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 1967b603d4..c3b500560f 100644
--- a/nuclei-templates/cve-less/themes/speculor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/speculor-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/speculor/"
     google-query: inurl:"/wp-content/themes/speculor/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,speculor,medium
+  tags: cve,wordpress,wp-theme,speculor,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/storevilla-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/storevilla-b05621ef791a4dad965a137ebf6fa48c.yaml
index 5c0ffbd878..83ce1af3bc 100644
--- a/nuclei-templates/cve-less/themes/storevilla-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/storevilla-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/storevilla/"
     google-query: inurl:"/wp-content/themes/storevilla/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,storevilla,high
+  tags: cve,wordpress,wp-theme,storevilla,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/studiozen-0aa9e3593c86e4ffacf4528cd86f4af3.yaml b/nuclei-templates/cve-less/themes/studiozen-0aa9e3593c86e4ffacf4528cd86f4af3.yaml
index 6b27203eaa..33f2512691 100644
--- a/nuclei-templates/cve-less/themes/studiozen-0aa9e3593c86e4ffacf4528cd86f4af3.yaml
+++ b/nuclei-templates/cve-less/themes/studiozen-0aa9e3593c86e4ffacf4528cd86f4af3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     StudioZen Theme (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The StudioZen Theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to inclusion of a vulnerable version of jPlayer in all known versions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/studiozen/"
     google-query: inurl:"/wp-content/themes/studiozen/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,studiozen,medium
+  tags: cve,wordpress,wp-theme,studiozen,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/superlist-887e51b7ac6ae9ebfb1f0b6b57330b90.yaml b/nuclei-templates/cve-less/themes/superlist-887e51b7ac6ae9ebfb1f0b6b57330b90.yaml
index 9ad6e914bf..779976b30c 100644
--- a/nuclei-templates/cve-less/themes/superlist-887e51b7ac6ae9ebfb1f0b6b57330b90.yaml
+++ b/nuclei-templates/cve-less/themes/superlist-887e51b7ac6ae9ebfb1f0b6b57330b90.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Superlist - Directory WordPress Theme | Directory & Listings <= 2.9.2 - Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     TheSuperlist - Directory WordPress Theme | Directory & Listings theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/superlist/"
     google-query: inurl:"/wp-content/themes/superlist/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,superlist,medium
+  tags: cve,wordpress,wp-theme,superlist,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/supreme-directory-e1d105a5373862135dae31af977cf05f.yaml b/nuclei-templates/cve-less/themes/supreme-directory-e1d105a5373862135dae31af977cf05f.yaml
index 4d2f70303a..c5975bc954 100644
--- a/nuclei-templates/cve-less/themes/supreme-directory-e1d105a5373862135dae31af977cf05f.yaml
+++ b/nuclei-templates/cve-less/themes/supreme-directory-e1d105a5373862135dae31af977cf05f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Supreme Directory < 1.1.9 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Supreme Directory plugin for WordPress is vulnerable to Cross-Site Scripting via the 's' parameter in versions before 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/supreme-directory/"
     google-query: inurl:"/wp-content/themes/supreme-directory/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,supreme-directory,medium
+  tags: cve,wordpress,wp-theme,supreme-directory,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/swagger-816c00d91c21f41afdfc82cbe3dd6a68.yaml b/nuclei-templates/cve-less/themes/swagger-816c00d91c21f41afdfc82cbe3dd6a68.yaml
index cfbbd3a01f..b502f49a91 100644
--- a/nuclei-templates/cve-less/themes/swagger-816c00d91c21f41afdfc82cbe3dd6a68.yaml
+++ b/nuclei-templates/cve-less/themes/swagger-816c00d91c21f41afdfc82cbe3dd6a68.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/swagger/"
     google-query: inurl:"/wp-content/themes/swagger/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,swagger,medium
+  tags: cve,wordpress,wp-theme,swagger,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/swing-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/swing-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index f2136eeacf..52971af2b6 100644
--- a/nuclei-templates/cve-less/themes/swing-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/swing-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/swing-lite/"
     google-query: inurl:"/wp-content/themes/swing-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,swing-lite,high
+  tags: cve,wordpress,wp-theme,swing-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/the-launcher-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/the-launcher-b05621ef791a4dad965a137ebf6fa48c.yaml
index fc0a0f46d7..b8657e95fb 100644
--- a/nuclei-templates/cve-less/themes/the-launcher-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/the-launcher-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/the-launcher/"
     google-query: inurl:"/wp-content/themes/the-launcher/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,the-launcher,high
+  tags: cve,wordpress,wp-theme,the-launcher,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/the-monday-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/the-monday-b05621ef791a4dad965a137ebf6fa48c.yaml
index 4cecefa1e2..62d5fe33ed 100644
--- a/nuclei-templates/cve-less/themes/the-monday-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/the-monday-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/the-monday/"
     google-query: inurl:"/wp-content/themes/the-monday/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,the-monday,high
+  tags: cve,wordpress,wp-theme,the-monday,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/the100-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/the100-b05621ef791a4dad965a137ebf6fa48c.yaml
index b77e5b3974..3d3d0127f9 100644
--- a/nuclei-templates/cve-less/themes/the100-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/the100-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/the100/"
     google-query: inurl:"/wp-content/themes/the100/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,the100,high
+  tags: cve,wordpress,wp-theme,the100,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/theagency-18e29f581b2b637530caba059b3180e6.yaml b/nuclei-templates/cve-less/themes/theagency-18e29f581b2b637530caba059b3180e6.yaml
index 3315beb1db..6065f5ac70 100644
--- a/nuclei-templates/cve-less/themes/theagency-18e29f581b2b637530caba059b3180e6.yaml
+++ b/nuclei-templates/cve-less/themes/theagency-18e29f581b2b637530caba059b3180e6.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     TheAgency (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The TheAgency theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/theagency/"
     google-query: inurl:"/wp-content/themes/theagency/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,theagency,medium
+  tags: cve,wordpress,wp-theme,theagency,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/traveler-10e06b5ef925da2edfec94c00c6ef59a.yaml b/nuclei-templates/cve-less/themes/traveler-10e06b5ef925da2edfec94c00c6ef59a.yaml
index 7e37f25580..e62fb48dc8 100644
--- a/nuclei-templates/cve-less/themes/traveler-10e06b5ef925da2edfec94c00c6ef59a.yaml
+++ b/nuclei-templates/cve-less/themes/traveler-10e06b5ef925da2edfec94c00c6ef59a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Travel Booking WordPress Theme < 2.8.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "Travel Booking WordPress Theme" theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘adult_number’ parameter in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/traveler/"
     google-query: inurl:"/wp-content/themes/traveler/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,traveler,medium
+  tags: cve,wordpress,wp-theme,traveler,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/traveler-47edf7b573f3606ae6a648dd78bee5ee.yaml b/nuclei-templates/cve-less/themes/traveler-47edf7b573f3606ae6a648dd78bee5ee.yaml
index 5dabf1c156..69ec0ba17a 100644
--- a/nuclei-templates/cve-less/themes/traveler-47edf7b573f3606ae6a648dd78bee5ee.yaml
+++ b/nuclei-templates/cve-less/themes/traveler-47edf7b573f3606ae6a648dd78bee5ee.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Travel Booking WordPress Theme < 2.7.8.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Travel Booking WordPress Theme for WordPress is vulnerable to both Reflected and Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.7.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link, and for authenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/traveler/"
     google-query: inurl:"/wp-content/themes/traveler/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,traveler,medium
+  tags: cve,wordpress,wp-theme,traveler,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/traveler-4e8adfcb068bf53ba8223d2136f425a4.yaml b/nuclei-templates/cve-less/themes/traveler-4e8adfcb068bf53ba8223d2136f425a4.yaml
index b41a417107..e471dec4e9 100644
--- a/nuclei-templates/cve-less/themes/traveler-4e8adfcb068bf53ba8223d2136f425a4.yaml
+++ b/nuclei-templates/cve-less/themes/traveler-4e8adfcb068bf53ba8223d2136f425a4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Traveler – Travel Booking WordPress Theme < 2.8.4 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Traveler – Travel Booking WordPress Theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘child_number’ parameter in versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/traveler/"
     google-query: inurl:"/wp-content/themes/traveler/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,traveler,medium
+  tags: cve,wordpress,wp-theme,traveler,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/ultra-seven-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/ultra-seven-b05621ef791a4dad965a137ebf6fa48c.yaml
index 430297ba07..9cb26cb786 100644
--- a/nuclei-templates/cve-less/themes/ultra-seven-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/ultra-seven-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/ultra-seven/"
     google-query: inurl:"/wp-content/themes/ultra-seven/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,ultra-seven,high
+  tags: cve,wordpress,wp-theme,ultra-seven,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/unakit-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/unakit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index ec912aa2a3..e9d38c1de4 100644
--- a/nuclei-templates/cve-less/themes/unakit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/unakit-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/unakit/"
     google-query: inurl:"/wp-content/themes/unakit/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,unakit,medium
+  tags: cve,wordpress,wp-theme,unakit,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/uncode-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/uncode-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index 4a9ae7241f..cbb37384b5 100644
--- a/nuclei-templates/cve-less/themes/uncode-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/uncode-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/uncode-lite/"
     google-query: inurl:"/wp-content/themes/uncode-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,uncode-lite,high
+  tags: cve,wordpress,wp-theme,uncode-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/upscale-5e5f5586f8a04fc7c1bb725c8fd2a8ff.yaml b/nuclei-templates/cve-less/themes/upscale-5e5f5586f8a04fc7c1bb725c8fd2a8ff.yaml
index a215921628..443e352714 100644
--- a/nuclei-templates/cve-less/themes/upscale-5e5f5586f8a04fc7c1bb725c8fd2a8ff.yaml
+++ b/nuclei-templates/cve-less/themes/upscale-5e5f5586f8a04fc7c1bb725c8fd2a8ff.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Upscale (Unknown Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The upscale theme for WordPress is vulnerable to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/upscale/"
     google-query: inurl:"/wp-content/themes/upscale/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,upscale,medium
+  tags: cve,wordpress,wp-theme,upscale,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/velvet-cebcf5c5e3b1d8025e7b39f8bd391a13.yaml b/nuclei-templates/cve-less/themes/velvet-cebcf5c5e3b1d8025e7b39f8bd391a13.yaml
index 4044608c83..6fd3481b46 100644
--- a/nuclei-templates/cve-less/themes/velvet-cebcf5c5e3b1d8025e7b39f8bd391a13.yaml
+++ b/nuclei-templates/cve-less/themes/velvet-cebcf5c5e3b1d8025e7b39f8bd391a13.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Velvet Theme (All Versions) - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Velvet Theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/velvet/"
     google-query: inurl:"/wp-content/themes/velvet/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,velvet,medium
+  tags: cve,wordpress,wp-theme,velvet,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/villar-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/villar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 2368173e76..e2feba519e 100644
--- a/nuclei-templates/cve-less/themes/villar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/villar-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/villar/"
     google-query: inurl:"/wp-content/themes/villar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,villar,medium
+  tags: cve,wordpress,wp-theme,villar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/viralike-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/viralike-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index c9d6bebfc9..117a8ac389 100644
--- a/nuclei-templates/cve-less/themes/viralike-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/viralike-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/viralike/"
     google-query: inurl:"/wp-content/themes/viralike/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,viralike,medium
+  tags: cve,wordpress,wp-theme,viralike,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/vmag-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/vmag-b05621ef791a4dad965a137ebf6fa48c.yaml
index 85f7f136ed..465dd77a42 100644
--- a/nuclei-templates/cve-less/themes/vmag-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/vmag-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/vmag/"
     google-query: inurl:"/wp-content/themes/vmag/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,vmag,high
+  tags: cve,wordpress,wp-theme,vmag,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/vmagazine-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/vmagazine-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index 06ad7a78c4..2808286db1 100644
--- a/nuclei-templates/cve-less/themes/vmagazine-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/vmagazine-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/vmagazine-lite/"
     google-query: inurl:"/wp-content/themes/vmagazine-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,vmagazine-lite,high
+  tags: cve,wordpress,wp-theme,vmagazine-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/vmagazine-news-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/vmagazine-news-b05621ef791a4dad965a137ebf6fa48c.yaml
index a60f95e8d5..2856fec522 100644
--- a/nuclei-templates/cve-less/themes/vmagazine-news-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/vmagazine-news-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/vmagazine-news/"
     google-query: inurl:"/wp-content/themes/vmagazine-news/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,vmagazine-news,high
+  tags: cve,wordpress,wp-theme,vmagazine-news,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/wibar-8720a886474e9b973346fa40eca70f76.yaml b/nuclei-templates/cve-less/themes/wibar-8720a886474e9b973346fa40eca70f76.yaml
index bad25ecaa1..3cf5942897 100644
--- a/nuclei-templates/cve-less/themes/wibar-8720a886474e9b973346fa40eca70f76.yaml
+++ b/nuclei-templates/cve-less/themes/wibar-8720a886474e9b973346fa40eca70f76.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Wibar | Wine and Vineyard WooCommerce WordPress Theme < 1.2.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Wibar | Wine and Vineyard WooCommerce WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/wibar/"
     google-query: inurl:"/wp-content/themes/wibar/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,wibar,medium
+  tags: cve,wordpress,wp-theme,wibar,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/woffice-b256df5c032ca82a00290c7b34a523e2.yaml b/nuclei-templates/cve-less/themes/woffice-b256df5c032ca82a00290c7b34a523e2.yaml
index 955b6df880..dd877171f6 100644
--- a/nuclei-templates/cve-less/themes/woffice-b256df5c032ca82a00290c7b34a523e2.yaml
+++ b/nuclei-templates/cve-less/themes/woffice-b256df5c032ca82a00290c7b34a523e2.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woffice CRM <= 4.0.1 - Authorization Bypass
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Woffice CRM theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the wofficeNotificationGet function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to view titles of notifications sent from user to user.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/woffice/"
     google-query: inurl:"/wp-content/themes/woffice/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,woffice,medium
+  tags: cve,wordpress,wp-theme,woffice,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/woostify-5a02b0682e7d4b10352df50fd089e856.yaml b/nuclei-templates/cve-less/themes/woostify-5a02b0682e7d4b10352df50fd089e856.yaml
index 3626f8aa5a..6c5e687a25 100644
--- a/nuclei-templates/cve-less/themes/woostify-5a02b0682e7d4b10352df50fd089e856.yaml
+++ b/nuclei-templates/cve-less/themes/woostify-5a02b0682e7d4b10352df50fd089e856.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Woostify <= 1.9.1 - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     The Woostify Theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to add products and edit product quantities in a cart via a forged request granted they can trick a site user into performing an action such as clicking on a link.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/woostify/"
     google-query: inurl:"/wp-content/themes/woostify/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,woostify,high
+  tags: cve,wordpress,wp-theme,woostify,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/wp-moose-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/wp-moose-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index 36b0cb915d..2ffa9b4cf2 100644
--- a/nuclei-templates/cve-less/themes/wp-moose-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/wp-moose-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/wp-moose/"
     google-query: inurl:"/wp-content/themes/wp-moose/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,wp-moose,medium
+  tags: cve,wordpress,wp-theme,wp-moose,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/wp-sierra-b9563d9e100a8de4aef6c2ddb59436a7.yaml b/nuclei-templates/cve-less/themes/wp-sierra-b9563d9e100a8de4aef6c2ddb59436a7.yaml
index f3ff85fce8..99af544ee5 100644
--- a/nuclei-templates/cve-less/themes/wp-sierra-b9563d9e100a8de4aef6c2ddb59436a7.yaml
+++ b/nuclei-templates/cve-less/themes/wp-sierra-b9563d9e100a8de4aef6c2ddb59436a7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Freemius SDK <= 2.4.2 - Missing Authorization Checks
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/wp-sierra/"
     google-query: inurl:"/wp-content/themes/wp-sierra/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,wp-sierra,medium
+  tags: cve,wordpress,wp-theme,wp-sierra,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/wp-store-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/wp-store-b05621ef791a4dad965a137ebf6fa48c.yaml
index 0e86f2469e..f6419df6d0 100644
--- a/nuclei-templates/cve-less/themes/wp-store-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/wp-store-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/wp-store/"
     google-query: inurl:"/wp-content/themes/wp-store/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,wp-store,high
+  tags: cve,wordpress,wp-theme,wp-store,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/wpparallax-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/wpparallax-b05621ef791a4dad965a137ebf6fa48c.yaml
index 3fd384704d..25c9773da9 100644
--- a/nuclei-templates/cve-less/themes/wpparallax-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/wpparallax-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/wpparallax/"
     google-query: inurl:"/wp-content/themes/wpparallax/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,wpparallax,high
+  tags: cve,wordpress,wp-theme,wpparallax,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/zigcy-baby-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/zigcy-baby-b05621ef791a4dad965a137ebf6fa48c.yaml
index 35d71c8969..8d7aa54c6d 100644
--- a/nuclei-templates/cve-less/themes/zigcy-baby-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/zigcy-baby-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/zigcy-baby/"
     google-query: inurl:"/wp-content/themes/zigcy-baby/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,zigcy-baby,high
+  tags: cve,wordpress,wp-theme,zigcy-baby,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/zigcy-cosmetics-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/zigcy-cosmetics-b05621ef791a4dad965a137ebf6fa48c.yaml
index f1bd81c4cc..864f4cd9da 100644
--- a/nuclei-templates/cve-less/themes/zigcy-cosmetics-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/zigcy-cosmetics-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/zigcy-cosmetics/"
     google-query: inurl:"/wp-content/themes/zigcy-cosmetics/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,zigcy-cosmetics,high
+  tags: cve,wordpress,wp-theme,zigcy-cosmetics,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/zigcy-lite-b05621ef791a4dad965a137ebf6fa48c.yaml b/nuclei-templates/cve-less/themes/zigcy-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
index 8a7c3a7be5..09e98a10c3 100644
--- a/nuclei-templates/cve-less/themes/zigcy-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
+++ b/nuclei-templates/cve-less/themes/zigcy-lite-b05621ef791a4dad965a137ebf6fa48c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to cross-site request forgery via the plugin_activation_callback and plugin_deactivate_callback functions, called via AJAX actions, that were missing capability checks and nonce validation. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins, granted they could trick a site administrator into performing an action such as clicking a link. This could be used to deactivate security plugins and exploit other potential vulnerabilities.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/zigcy-lite/"
     google-query: inurl:"/wp-content/themes/zigcy-lite/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,zigcy-lite,high
+  tags: cve,wordpress,wp-theme,zigcy-lite,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/zoner-4fb619246fc5d2000cab608496d82ce7.yaml b/nuclei-templates/cve-less/themes/zoner-4fb619246fc5d2000cab608496d82ce7.yaml
index eea906e62c..5add84baac 100644
--- a/nuclei-templates/cve-less/themes/zoner-4fb619246fc5d2000cab608496d82ce7.yaml
+++ b/nuclei-templates/cve-less/themes/zoner-4fb619246fc5d2000cab608496d82ce7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zoner - Real Estate <= 4.1 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The Zoner - Real Estate theme for WordPress is vulnerable to Multiple Cross-Site Scripting in versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated and unauthenticated attackers (NOTE: depending on which type of XSS the attacker is performing) to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/zoner/"
     google-query: inurl:"/wp-content/themes/zoner/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,zoner,medium
+  tags: cve,wordpress,wp-theme,zoner,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/themes/zoner-d7ec4a32cfcc6080d759cea90bff42d1.yaml b/nuclei-templates/cve-less/themes/zoner-d7ec4a32cfcc6080d759cea90bff42d1.yaml
index a4f3951951..16eb41ee48 100644
--- a/nuclei-templates/cve-less/themes/zoner-d7ec4a32cfcc6080d759cea90bff42d1.yaml
+++ b/nuclei-templates/cve-less/themes/zoner-d7ec4a32cfcc6080d759cea90bff42d1.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     Zoner - Real Estate WordPress Theme < 4.2 - Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     The "Zoner - Real Estate WordPress Theme" theme for WordPress is vulnerable to Cross-Site Scripting via the 'Address' field in versions before 4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
   reference:
@@ -17,7 +17,7 @@ info:
     fofa-query: "wp-content/themes/zoner/"
     google-query: inurl:"/wp-content/themes/zoner/"
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-theme,zoner,medium
+  tags: cve,wordpress,wp-theme,zoner,high
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-08c53afd34ffbbd3059a2b6b66bcb1c4.yaml b/nuclei-templates/cve-less/unknown/wordpress-08c53afd34ffbbd3059a2b6b66bcb1c4.yaml
index 1130b41fde..f6ee273e79 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-08c53afd34ffbbd3059a2b6b66bcb1c4.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-08c53afd34ffbbd3059a2b6b66bcb1c4.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.0.3 & Gutenberg < 14.3.1 - Authenticated Cross-Site Scripting in Various Blocks
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core in versions up to 6.0.3 and the Gutenberg plugin for WordPress in versions up to 14.3.1 are vulnerable to Stored Cross-Site Scripting due to insufficient output escaping on user supplied input. The RSS widget, Search Block, Featured Image Block, RSS Block, and Navigation Block are all affected components. This makes it possible for authenticated users with access to the block editor to inject malicious web scripts that may execute whenever accessing the page.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-3d37583bb3d8fb0c908af6e42a91b161.yaml b/nuclei-templates/cve-less/unknown/wordpress-3d37583bb3d8fb0c908af6e42a91b161.yaml
index d1b779912e..7caf96982d 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-3d37583bb3d8fb0c908af6e42a91b161.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-3d37583bb3d8fb0c908af6e42a91b161.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.3.2 – Authenticated (Subscriber+) Arbitrary Shortcode Execution via parse-media-shortcode
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core is vulnerable to arbitrary shortcode execution in versions up to, and including, 6.3.1 due to a lack of input validation on the 'shortcode' parameter in the parse_media_shortcode AJAX function. This allows authenticated attackers, with subscriber-level privileges and above, to execute arbitrary shortcodes.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-591e0bc07a94ed14670e3a9711a55f6c.yaml b/nuclei-templates/cve-less/unknown/wordpress-591e0bc07a94ed14670e3a9711a55f6c.yaml
index b990bb1209..53fdad9878 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-591e0bc07a94ed14670e3a9711a55f6c.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-591e0bc07a94ed14670e3a9711a55f6c.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core 6.3 - 6.3.1 - Authenticated(Contributor+) Cross-Site Scripting via Footnotes Block
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core is vulnerable to Stored Cross-Site Scripting via the footnotes block in versions between 6.3 and 6.3.1 due to insufficient input sanitization and output escaping on the footnotes block. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-5bece4b7e128b93c7ba7c67e9587fa70.yaml b/nuclei-templates/cve-less/unknown/wordpress-5bece4b7e128b93c7ba7c67e9587fa70.yaml
index 48e3208332..1ca0bdfff7 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-5bece4b7e128b93c7ba7c67e9587fa70.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-5bece4b7e128b93c7ba7c67e9587fa70.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 3.8.2 - SQL Injection
   author: topscoder
-  severity: high
+  severity: critical
   description: >
     WordPress Core, in versions less than 3.8.2, is vulnerable to SQL Injection via the 'links_recently_updated_time' parameter. This can only be exploited by administrative users and above.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,critical
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-86b363b18abd64f68bd3504e771d1304.yaml b/nuclei-templates/cve-less/unknown/wordpress-86b363b18abd64f68bd3504e771d1304.yaml
index 85d7b2f9ad..ef1ba0935a 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-86b363b18abd64f68bd3504e771d1304.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-86b363b18abd64f68bd3504e771d1304.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core 5.9 - 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core in versions 5.9 - 5.9.1 is vulnerable to Contributor+ stored Cross-Site Scripting via the double JSON encoded payloads set in the 'isGlobalStylesUserThemeJSON' parameter which is updatable via the post editor.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-86d97cfb2c6c1dcbecff85883c6518a3.yaml b/nuclei-templates/cve-less/unknown/wordpress-86d97cfb2c6c1dcbecff85883c6518a3.yaml
index afbd8836b7..13d9f5d8c0 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-86d97cfb2c6c1dcbecff85883c6518a3.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-86d97cfb2c6c1dcbecff85883c6518a3.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Customizer
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core is vulnerable to Stored Cross-Site Scripting via the Customizer in versions up to 6.0.3. This is due to insufficient escaping on the 'Blog Name' value that could be edited and become executable with the right payload while in the theme customizer. This would make it possible for authenticated attacker with access to customize a theme, such as administrators to inject malicious JavaScript into the page.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-8ab2154abe7c34e01ae356ee17e67c3a.yaml b/nuclei-templates/cve-less/unknown/wordpress-8ab2154abe7c34e01ae356ee17e67c3a.yaml
index 9cb2d0f635..4d0f04f96e 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-8ab2154abe7c34e01ae356ee17e67c3a.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-8ab2154abe7c34e01ae356ee17e67c3a.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.0.2 - Authenticated SQL Injection
   author: topscoder
-  severity: high
+  severity: low
   description: >
     WordPress Core, in versions up to 6.0.2, is vulnerable to SQL Injection that can be exploited by authenticated users via the LIMIT parameter passed through the get_bookmarks function. This can be exploited on default WordPress installations by users with high-level privileges, such as an editor or administrator, and it may be possible for this to be exploited by lower-privileged users if a plugin/theme passes an unescaped user supplied LIMIT value from those level users to the get_bookmarks function.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-91b67be1988bc2723c174da3440c9a3b.yaml b/nuclei-templates/cve-less/unknown/wordpress-91b67be1988bc2723c174da3440c9a3b.yaml
index 0d4d90120e..af173d9be1 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-91b67be1988bc2723c174da3440c9a3b.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-91b67be1988bc2723c174da3440c9a3b.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.0.3 - Cross-Site Request Forgery via wp-trackback.php
   author: topscoder
-  severity: high
+  severity: medium
   description: >
     WordPress Core is vulnerable to Cross-Site Request Forgery via wp-trackback.php in versions up to 6.0.3. This is due to the fact that the any request to wp-trackback.php would assume the identity of the user whose cookies are sent with the request. This would make it possible for an unauthenticated user to trigger a trackback assuming the identity of another user, granted they could trick that other user into performing the action. In new versions of WordPress, the identity will always be a non-existent user with the ID of 0, which represents an unauthenticated user.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,high
+  tags: cve,wordpress,wp-core,medium
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-9e82b6889ee804643ded805eecd26873.yaml b/nuclei-templates/cve-less/unknown/wordpress-9e82b6889ee804643ded805eecd26873.yaml
index 76deb8f0e5..1fbb3fb06b 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-9e82b6889ee804643ded805eecd26873.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-9e82b6889ee804643ded805eecd26873.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Embed Discovery
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core is vulnerable to stored Cross-Site Scripting in versions up to, and including, 6.2, due to insufficient validation of the protocol in the response when processing oEmbed discovery. This makes it possible for authenticated attackers with contributor-level and above permissions to use a crafted oEmbed payload at a remote URL to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-b72b325374b1f5f1e06c0d338207c783.yaml b/nuclei-templates/cve-less/unknown/wordpress-b72b325374b1f5f1e06c0d338207c783.yaml
index 42fbc7c847..311311ae96 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-b72b325374b1f5f1e06c0d338207c783.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-b72b325374b1f5f1e06c0d338207c783.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-c9365112ff2c7a32ee6ceb41759e0ba7.yaml b/nuclei-templates/cve-less/unknown/wordpress-c9365112ff2c7a32ee6ceb41759e0ba7.yaml
index f202fb05a2..02bc1e4b7d 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-c9365112ff2c7a32ee6ceb41759e0ba7.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-c9365112ff2c7a32ee6ceb41759e0ba7.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting via Comments
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core is vulnerable to Stored Cross-Site Scripting, exploitable during comment editing, in versions up to 6.0.3. This is due to insufficient escaping and sanitization on the values being stored during a comment update. This makes it possible for authenticated users with high level permissions, such as an editor, to modify post comments to include malicious web scripts that will execute whenever someone accesses the comment.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-ed4cb69f49b56e0f42af418819975107.yaml b/nuclei-templates/cve-less/unknown/wordpress-ed4cb69f49b56e0f42af418819975107.yaml
index 979ede6e53..21f0fa1fc7 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-ed4cb69f49b56e0f42af418819975107.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-ed4cb69f49b56e0f42af418819975107.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.0.3 - Authenticated Information Disclosure via REST-API
   author: topscoder
-  severity: medium
+  severity: low
   description: >
     WordPress Core is vulnerable to information disclosure via the REST-API in versions up to 6.0.3. The REST API endpoint for terms and tags did not perform enough validation on the user requesting information about terms and tags for a given post. This made it possible for users with access to terms and tags, such as a contributor, to determine those details on all posts not belonging to them, even when in a private status. This does not reveal critical information.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,low
 
 http:
   - method: GET
diff --git a/nuclei-templates/cve-less/unknown/wordpress-fffa14ca79a3dd45e05f299cc50d704f.yaml b/nuclei-templates/cve-less/unknown/wordpress-fffa14ca79a3dd45e05f299cc50d704f.yaml
index f9decc5e35..55c615941a 100644
--- a/nuclei-templates/cve-less/unknown/wordpress-fffa14ca79a3dd45e05f299cc50d704f.yaml
+++ b/nuclei-templates/cve-less/unknown/wordpress-fffa14ca79a3dd45e05f299cc50d704f.yaml
@@ -4,7 +4,7 @@ info:
   name: >
     WordPress Core < 6.0.2 - Stored Cross-Site Scripting via Plugin Deactivation and Deletion Errors
   author: topscoder
-  severity: medium
+  severity: high
   description: >
     WordPress Core, in versions up to 6.0.2, is vulnerable to Stored Cross-Site Scripting that can be exploited when malicious content is injected into plugin code that triggers when an error occurs during plugin de-activation or during deletion. This requires an attacker have access to the modify the error message that is displayed either in the plugin's code or via a request parameter, in most cases it is likely to be the latter.
   reference:
@@ -15,7 +15,7 @@ info:
     cve-id: 
   metadata:
     shodan-query: 'vuln:'
-  tags: cve,wordpress,wp-core,medium
+  tags: cve,wordpress,wp-core,high
 
 http:
   - method: GET